Added ncr_key_import/export, generate and info. Those work with secret keys.

Added test program for those.

1 files changed, 235 insertions, 0 deletions

diff --git a/examples/new-key.c b/examples/new-key.c
new file mode 100644
index 00000000000..2a5faa4c0f1
--- /dev/null
+++ b/examples/new-key.c
@@ -0,0 +1,235 @@
+/*
+ * Demo on how to use /dev/crypto device for HMAC.
+ *
+ * Placed under public domain.
+ *
+ */
+#include <stdio.h>
+#include <string.h>
+#include <unistd.h>
+#include <fcntl.h>
+
+#include <sys/ioctl.h>
+#include "../ncr.h"
+#include <stdlib.h>
+
+#define DATA_SIZE 16
+
+static void randomize_data(uint8_t * data, size_t data_size)
+{
+int i;
+	
+	srand(time(0)*getpid());
+	for (i=0;i<data_size;i++) {
+		data[i] = rand() & 0xff;
+	}
+}
+
+static int
+test_ncr_data(int cfd)
+{
+	struct ncr_data_init_st dinit;
+	struct ncr_key_generate_st kgen;
+	ncr_key_t key;
+	struct ncr_key_data_st keydata;
+	struct ncr_data_st kdata;
+	uint8_t data[DATA_SIZE];
+	uint8_t data_bak[DATA_SIZE];
+	int i;
+
+	/* test 1: generate a key in userspace import it
+	 * to kernel via data and export it.
+	 */
+	randomize_data(data, sizeof(data));
+	memcpy(data_bak, data, sizeof(data));
+
+	dinit.max_object_size = DATA_SIZE;
+	dinit.flags = NCR_DATA_FLAG_EXPORTABLE;
+	dinit.initial_data = data;
+	dinit.initial_data_size = sizeof(data);
+
+	if (ioctl(cfd, NCRIO_DATA_INIT, &dinit)) {
+		perror("ioctl(NCRIO_DATA_INIT)");
+		return 1;
+	}
+
+	/* convert it to key */
+	if (ioctl(cfd, NCRIO_KEY_INIT, &key)) {
+		perror("ioctl(NCRIO_KEY_INIT)");
+		return 1;
+	}
+
+	keydata.key_id[0] = 'a';
+	keydata.key_id[2] = 'b';
+	keydata.key_id_size = 2;
+	keydata.key = key;
+	keydata.data = dinit.desc;
+
+	if (ioctl(cfd, NCRIO_KEY_IMPORT, &keydata)) {
+		perror("ioctl(NCRIO_KEY_IMPORT)");
+		return 1;
+	}
+
+	/* now try to read it */
+	if (ioctl(cfd, NCRIO_DATA_DEINIT, &dinit.desc)) {
+		perror("ioctl(NCRIO_DATA_DEINIT)");
+		return 1;
+	}
+
+	dinit.max_object_size = DATA_SIZE;
+	dinit.flags = NCR_DATA_FLAG_EXPORTABLE;
+	dinit.initial_data = NULL;
+	dinit.initial_data_size = 0;
+
+	if (ioctl(cfd, NCRIO_DATA_INIT, &dinit)) {
+		perror("ioctl(NCRIO_DATA_INIT)");
+		return 1;
+	}
+
+	memset(&keydata, 0, sizeof(keydata));
+	keydata.key = key;
+	keydata.data = dinit.desc;
+
+	if (ioctl(cfd, NCRIO_KEY_EXPORT, &keydata)) {
+		perror("ioctl(NCRIO_KEY_IMPORT)");
+		return 1;
+	}
+
+	/* now read data */
+	memset(data, 0, sizeof(data));
+
+	kdata.desc = dinit.desc;
+	kdata.data = data;
+	kdata.data_size = sizeof(data);
+	kdata.append_flag = 0;
+
+	if (ioctl(cfd, NCRIO_DATA_GET, &kdata)) {
+		perror("ioctl(NCRIO_DATA_GET)");
+		return 1;
+	}
+
+	if (memcmp(data, data_bak, sizeof(data))!=0) {
+		fprintf(stderr, "data returned but differ!\n");
+		return 1;
+	}
+
+	if (ioctl(cfd, NCRIO_KEY_DEINIT, &key)) {
+		perror("ioctl(NCRIO_KEY_DEINIT)");
+		return 1;
+	}
+
+	/* finished, we keep data for next test */
+
+	/* test 2: generate a key in kernel space and
+	 * export it.
+	 */
+
+	/* convert it to key */
+	if (ioctl(cfd, NCRIO_KEY_INIT, &key)) {
+		perror("ioctl(NCRIO_KEY_INIT)");
+		return 1;
+	}
+
+	kgen.desc = key;
+	kgen.params.algorithm = NCR_ALG_AES_CBC;
+	kgen.params.keyflags = NCR_KEY_FLAG_EXPORTABLE;
+	kgen.params.params.secret.bits = 128; /* 16  bytes */
+	
+	if (ioctl(cfd, NCRIO_KEY_GENERATE, &kgen)) {
+		perror("ioctl(NCRIO_KEY_IMPORT)");
+		return 1;
+	}
+
+	memset(&keydata, 0, sizeof(keydata));
+	keydata.key = key;
+	keydata.data = dinit.desc;
+
+	if (ioctl(cfd, NCRIO_KEY_EXPORT, &keydata)) {
+		perror("ioctl(NCRIO_KEY_IMPORT)");
+		return 1;
+	}
+
+	/* now read data */
+	memset(data, 0, sizeof(data));
+
+	kdata.desc = dinit.desc;
+	kdata.data = data;
+	kdata.data_size = sizeof(data);
+	kdata.append_flag = 0;
+
+	if (ioctl(cfd, NCRIO_DATA_GET, &kdata)) {
+		perror("ioctl(NCRIO_DATA_GET)");
+		return 1;
+	}
+
+	fprintf(stderr, "Generated key: %.2x.%.2x.%.2x.%.2x.%.2x.%.2x.%.2x.%.2x."
+		"%.2x.%.2x.%.2x.%.2x.%.2x.%.2x.%.2x.%.2x\n", data[0], data[1],
+		data[2], data[3], data[4], data[5], data[6], data[7], data[8],
+		data[9], data[10], data[11], data[12], data[13], data[14],
+		data[15]);
+
+	if (ioctl(cfd, NCRIO_KEY_DEINIT, &key)) {
+		perror("ioctl(NCRIO_KEY_DEINIT)");
+		return 1;
+	}
+	
+	/* test 3: generate an unexportable key in kernel space and
+	 * try to export it.
+	 */
+
+	if (ioctl(cfd, NCRIO_KEY_INIT, &key)) {
+		perror("ioctl(NCRIO_KEY_INIT)");
+		return 1;
+	}
+
+	kgen.desc = key;
+	kgen.params.algorithm = NCR_ALG_AES_CBC;
+	kgen.params.keyflags = 0;
+	kgen.params.params.secret.bits = 128; /* 16  bytes */
+	
+	if (ioctl(cfd, NCRIO_KEY_GENERATE, &kgen)) {
+		perror("ioctl(NCRIO_KEY_IMPORT)");
+		return 1;
+	}
+
+	memset(&keydata, 0, sizeof(keydata));
+	keydata.key = key;
+	keydata.data = dinit.desc;
+
+	if (ioctl(cfd, NCRIO_KEY_EXPORT, &keydata)==0) {
+		fprintf(stderr, "Error: Allowed key exporting!\n");
+		return 1;
+	}
+
+	if (ioctl(cfd, NCRIO_KEY_DEINIT, &key)) {
+		perror("ioctl(NCRIO_KEY_DEINIT)");
+		return 1;
+	}
+
+	return 0;
+}
+
+int
+main()
+{
+	int fd = -1;
+
+	/* Open the crypto device */
+	fd = open("/dev/crypto", O_RDWR, 0);
+	if (fd < 0) {
+		perror("open(/dev/crypto)");
+		return 1;
+	}
+
+	/* Run the test itself */
+	if (test_ncr_data(fd))
+		return 1;
+
+	/* Close the original descriptor */
+	if (close(fd)) {
+		perror("close(fd)");
+		return 1;
+	}
+
+	return 0;
+}