Combined tests.

author: Nikos Mavrogiannopoulos <nmav@gnutls.org> 2010-05-31 16:35:55 +0200
committer: Nikos Mavrogiannopoulos <nmav@gnutls.org> 2010-06-17 20:47:38 +0200
commit: 7439ac15620fd5718c457c2825e40830365667ad (patch)
tree: d0b7d270591bd8b45a15e5c9c97763e8de923dcf /examples
parent: b4c1ecb3c841e0d7f7453a93c30a5619b7f3ce4c (diff)
download: kernel-crypto-7439ac15620fd5718c457c2825e40830365667ad.tar.gz
kernel-crypto-7439ac15620fd5718c457c2825e40830365667ad.tar.xz
kernel-crypto-7439ac15620fd5718c457c2825e40830365667ad.zip
3 files changed, 259 insertions, 251 deletions
diff --git a/examples/Makefile b/examples/Makefile
index a3fe416b756..3190c4ade56 100644
--- a/examples/Makefile
+++ b/examples/Makefile
@@ -1,16 +1,14 @@
 KERNEL_DIR ?= /lib/modules/$(shell uname -r)/build
 
-hostprogs := cipher hmac new new-key
+hostprogs := cipher hmac new
 example-cipher-objs := cipher.o
 example-hmac-objs := hmac.o
 new-objs := new.o
-new-key-objs := new-key.c
 
 check: $(hostprogs)
-	./new-key
 	./new
 	./cipher
 	./hmac
 
 clean:
-	rm -f *.o *~ hmac cipher new new-key
+	rm -f *.o *~ hmac cipher new
diff --git a/examples/new-key.c b/examples/new-key.c
deleted file mode 100644
index 2a5faa4c0f1..00000000000
--- a/examples/new-key.c
+++ /dev/null
@@ -1,235 +0,0 @@
-/*
- * Demo on how to use /dev/crypto device for HMAC.
- *
- * Placed under public domain.
- *
- */
-#include <stdio.h>
-#include <string.h>
-#include <unistd.h>
-#include <fcntl.h>
-
-#include <sys/ioctl.h>
-#include "../ncr.h"
-#include <stdlib.h>
-
-#define DATA_SIZE 16
-
-static void randomize_data(uint8_t * data, size_t data_size)
-{
-int i;
-	
-	srand(time(0)*getpid());
-	for (i=0;i<data_size;i++) {
-		data[i] = rand() & 0xff;
-	}
-}
-
-static int
-test_ncr_data(int cfd)
-{
-	struct ncr_data_init_st dinit;
-	struct ncr_key_generate_st kgen;
-	ncr_key_t key;
-	struct ncr_key_data_st keydata;
-	struct ncr_data_st kdata;
-	uint8_t data[DATA_SIZE];
-	uint8_t data_bak[DATA_SIZE];
-	int i;
-
-	/* test 1: generate a key in userspace import it
-	 * to kernel via data and export it.
-	 */
-	randomize_data(data, sizeof(data));
-	memcpy(data_bak, data, sizeof(data));
-
-	dinit.max_object_size = DATA_SIZE;
-	dinit.flags = NCR_DATA_FLAG_EXPORTABLE;
-	dinit.initial_data = data;
-	dinit.initial_data_size = sizeof(data);
-
-	if (ioctl(cfd, NCRIO_DATA_INIT, &dinit)) {
-		perror("ioctl(NCRIO_DATA_INIT)");
-		return 1;
-	}
-
-	/* convert it to key */
-	if (ioctl(cfd, NCRIO_KEY_INIT, &key)) {
-		perror("ioctl(NCRIO_KEY_INIT)");
-		return 1;
-	}
-
-	keydata.key_id[0] = 'a';
-	keydata.key_id[2] = 'b';
-	keydata.key_id_size = 2;
-	keydata.key = key;
-	keydata.data = dinit.desc;
-
-	if (ioctl(cfd, NCRIO_KEY_IMPORT, &keydata)) {
-		perror("ioctl(NCRIO_KEY_IMPORT)");
-		return 1;
-	}
-
-	/* now try to read it */
-	if (ioctl(cfd, NCRIO_DATA_DEINIT, &dinit.desc)) {
-		perror("ioctl(NCRIO_DATA_DEINIT)");
-		return 1;
-	}
-
-	dinit.max_object_size = DATA_SIZE;
-	dinit.flags = NCR_DATA_FLAG_EXPORTABLE;
-	dinit.initial_data = NULL;
-	dinit.initial_data_size = 0;
-
-	if (ioctl(cfd, NCRIO_DATA_INIT, &dinit)) {
-		perror("ioctl(NCRIO_DATA_INIT)");
-		return 1;
-	}
-
-	memset(&keydata, 0, sizeof(keydata));
-	keydata.key = key;
-	keydata.data = dinit.desc;
-
-	if (ioctl(cfd, NCRIO_KEY_EXPORT, &keydata)) {
-		perror("ioctl(NCRIO_KEY_IMPORT)");
-		return 1;
-	}
-
-	/* now read data */
-	memset(data, 0, sizeof(data));
-
-	kdata.desc = dinit.desc;
-	kdata.data = data;
-	kdata.data_size = sizeof(data);
-	kdata.append_flag = 0;
-
-	if (ioctl(cfd, NCRIO_DATA_GET, &kdata)) {
-		perror("ioctl(NCRIO_DATA_GET)");
-		return 1;
-	}
-
-	if (memcmp(data, data_bak, sizeof(data))!=0) {
-		fprintf(stderr, "data returned but differ!\n");
-		return 1;
-	}
-
-	if (ioctl(cfd, NCRIO_KEY_DEINIT, &key)) {
-		perror("ioctl(NCRIO_KEY_DEINIT)");
-		return 1;
-	}
-
-	/* finished, we keep data for next test */
-
-	/* test 2: generate a key in kernel space and
-	 * export it.
-	 */
-
-	/* convert it to key */
-	if (ioctl(cfd, NCRIO_KEY_INIT, &key)) {
-		perror("ioctl(NCRIO_KEY_INIT)");
-		return 1;
-	}
-
-	kgen.desc = key;
-	kgen.params.algorithm = NCR_ALG_AES_CBC;
-	kgen.params.keyflags = NCR_KEY_FLAG_EXPORTABLE;
-	kgen.params.params.secret.bits = 128; /* 16  bytes */
-	
-	if (ioctl(cfd, NCRIO_KEY_GENERATE, &kgen)) {
-		perror("ioctl(NCRIO_KEY_IMPORT)");
-		return 1;
-	}
-
-	memset(&keydata, 0, sizeof(keydata));
-	keydata.key = key;
-	keydata.data = dinit.desc;
-
-	if (ioctl(cfd, NCRIO_KEY_EXPORT, &keydata)) {
-		perror("ioctl(NCRIO_KEY_IMPORT)");
-		return 1;
-	}
-
-	/* now read data */
-	memset(data, 0, sizeof(data));
-
-	kdata.desc = dinit.desc;
-	kdata.data = data;
-	kdata.data_size = sizeof(data);
-	kdata.append_flag = 0;
-
-	if (ioctl(cfd, NCRIO_DATA_GET, &kdata)) {
-		perror("ioctl(NCRIO_DATA_GET)");
-		return 1;
-	}
-
-	fprintf(stderr, "Generated key: %.2x.%.2x.%.2x.%.2x.%.2x.%.2x.%.2x.%.2x."
-		"%.2x.%.2x.%.2x.%.2x.%.2x.%.2x.%.2x.%.2x\n", data[0], data[1],
-		data[2], data[3], data[4], data[5], data[6], data[7], data[8],
-		data[9], data[10], data[11], data[12], data[13], data[14],
-		data[15]);
-
-	if (ioctl(cfd, NCRIO_KEY_DEINIT, &key)) {
-		perror("ioctl(NCRIO_KEY_DEINIT)");
-		return 1;
-	}
-	
-	/* test 3: generate an unexportable key in kernel space and
-	 * try to export it.
-	 */
-
-	if (ioctl(cfd, NCRIO_KEY_INIT, &key)) {
-		perror("ioctl(NCRIO_KEY_INIT)");
-		return 1;
-	}
-
-	kgen.desc = key;
-	kgen.params.algorithm = NCR_ALG_AES_CBC;
-	kgen.params.keyflags = 0;
-	kgen.params.params.secret.bits = 128; /* 16  bytes */
-	
-	if (ioctl(cfd, NCRIO_KEY_GENERATE, &kgen)) {
-		perror("ioctl(NCRIO_KEY_IMPORT)");
-		return 1;
-	}
-
-	memset(&keydata, 0, sizeof(keydata));
-	keydata.key = key;
-	keydata.data = dinit.desc;
-
-	if (ioctl(cfd, NCRIO_KEY_EXPORT, &keydata)==0) {
-		fprintf(stderr, "Error: Allowed key exporting!\n");
-		return 1;
-	}
-
-	if (ioctl(cfd, NCRIO_KEY_DEINIT, &key)) {
-		perror("ioctl(NCRIO_KEY_DEINIT)");
-		return 1;
-	}
-
-	return 0;
-}
-
-int
-main()
-{
-	int fd = -1;
-
-	/* Open the crypto device */
-	fd = open("/dev/crypto", O_RDWR, 0);
-	if (fd < 0) {
-		perror("open(/dev/crypto)");
-		return 1;
-	}
-
-	/* Run the test itself */
-	if (test_ncr_data(fd))
-		return 1;
-
-	/* Close the original descriptor */
-	if (close(fd)) {
-		perror("close(fd)");
-		return 1;
-	}
-
-	return 0;
-}
diff --git a/examples/new.c b/examples/new.c
index afe9cf0feb1..32e17dcfc51 100644
--- a/examples/new.c
+++ b/examples/new.c
@@ -8,7 +8,7 @@
 #include <string.h>
 #include <unistd.h>
 #include <fcntl.h>
-
+#include <time.h>
 #include <sys/ioctl.h>
 #include "../ncr.h"
 #include <stdlib.h>
@@ -25,8 +25,234 @@ int i;
 	}
 }
 
+#define KEY_DATA_SIZE 16
 static int
-test_ncr_data(int cfd)
+test_ncr_key(int cfd)
+{
+	struct ncr_data_init_st dinit;
+	struct ncr_key_generate_st kgen;
+	ncr_key_t key;
+	struct ncr_key_data_st keydata;
+	struct ncr_data_st kdata;
+	uint8_t data[KEY_DATA_SIZE];
+	uint8_t data_bak[KEY_DATA_SIZE];
+
+	fprintf(stdout, "Tests on Keys:\n");
+
+	/* test 1: generate a key in userspace import it
+	 * to kernel via data and export it.
+	 */
+
+	fprintf(stdout, "\tKey generation...\n");
+
+	randomize_data(data, sizeof(data));
+	memcpy(data_bak, data, sizeof(data));
+
+	dinit.max_object_size = KEY_DATA_SIZE;
+	dinit.flags = NCR_DATA_FLAG_EXPORTABLE;
+	dinit.initial_data = data;
+	dinit.initial_data_size = sizeof(data);
+
+	if (ioctl(cfd, NCRIO_DATA_INIT, &dinit)) {
+		fprintf(stderr, "Error: %s:%d\n", __func__, __LINE__);
+		perror("ioctl(NCRIO_DATA_INIT)");
+		return 1;
+	}
+
+	/* convert it to key */
+	if (ioctl(cfd, NCRIO_KEY_INIT, &key)) {
+		perror("ioctl(NCRIO_KEY_INIT)");
+		return 1;
+	}
+
+	keydata.key_id[0] = 'a';
+	keydata.key_id[2] = 'b';
+	keydata.key_id_size = 2;
+	keydata.type = NCR_KEY_TYPE_SECRET;
+	keydata.algorithm = NCR_ALG_AES_CBC;
+	keydata.flags = NCR_KEY_FLAG_EXPORTABLE;
+	
+	keydata.key = key;
+	keydata.data = dinit.desc;
+
+	if (ioctl(cfd, NCRIO_KEY_IMPORT, &keydata)) {
+		fprintf(stderr, "Error: %s:%d\n", __func__, __LINE__);
+		perror("ioctl(NCRIO_KEY_IMPORT)");
+		return 1;
+	}
+
+	/* now try to read it */
+	fprintf(stdout, "\tKey export...\n");
+	if (ioctl(cfd, NCRIO_DATA_DEINIT, &dinit.desc)) {
+		fprintf(stderr, "Error: %s:%d\n", __func__, __LINE__);
+		perror("ioctl(NCRIO_DATA_DEINIT)");
+		return 1;
+	}
+
+	dinit.max_object_size = DATA_SIZE;
+	dinit.flags = NCR_DATA_FLAG_EXPORTABLE;
+	dinit.initial_data = NULL;
+	dinit.initial_data_size = 0;
+
+	if (ioctl(cfd, NCRIO_DATA_INIT, &dinit)) {
+		fprintf(stderr, "Error: %s:%d\n", __func__, __LINE__);
+		perror("ioctl(NCRIO_DATA_INIT)");
+		return 1;
+	}
+
+	memset(&keydata, 0, sizeof(keydata));
+	keydata.key = key;
+	keydata.data = dinit.desc;
+
+	if (ioctl(cfd, NCRIO_KEY_EXPORT, &keydata)) {
+		fprintf(stderr, "Error: %s:%d\n", __func__, __LINE__);
+		perror("ioctl(NCRIO_KEY_IMPORT)");
+		return 1;
+	}
+
+	/* now read data */
+	memset(data, 0, sizeof(data));
+
+	kdata.desc = dinit.desc;
+	kdata.data = data;
+	kdata.data_size = sizeof(data);
+	kdata.append_flag = 0;
+
+	if (ioctl(cfd, NCRIO_DATA_GET, &kdata)) {
+		fprintf(stderr, "Error: %s:%d\n", __func__, __LINE__);
+		perror("ioctl(NCRIO_DATA_GET)");
+		return 1;
+	}
+
+	if (memcmp(data, data_bak, sizeof(data))!=0) {
+		fprintf(stderr, "Error: %s:%d\n", __func__, __LINE__);
+		fprintf(stderr, "data returned but differ!\n");
+		return 1;
+	}
+
+	if (ioctl(cfd, NCRIO_KEY_DEINIT, &key)) {
+		perror("ioctl(NCRIO_KEY_DEINIT)");
+		return 1;
+	}
+
+	/* finished, we keep data for next test */
+
+	/* test 2: generate a key in kernel space and
+	 * export it.
+	 */
+
+	fprintf(stdout, "\tKey import...\n");
+	/* convert it to key */
+	if (ioctl(cfd, NCRIO_KEY_INIT, &key)) {
+		fprintf(stderr, "Error: %s:%d\n", __func__, __LINE__);
+		perror("ioctl(NCRIO_KEY_INIT)");
+		return 1;
+	}
+
+	kgen.desc = key;
+	kgen.params.algorithm = NCR_ALG_AES_CBC;
+	kgen.params.keyflags = NCR_KEY_FLAG_EXPORTABLE;
+	kgen.params.params.secret.bits = 128; /* 16  bytes */
+	
+	if (ioctl(cfd, NCRIO_KEY_GENERATE, &kgen)) {
+		fprintf(stderr, "Error: %s:%d\n", __func__, __LINE__);
+		perror("ioctl(NCRIO_KEY_IMPORT)");
+		return 1;
+	}
+
+	memset(&keydata, 0, sizeof(keydata));
+	keydata.key = key;
+	keydata.data = dinit.desc;
+
+	if (ioctl(cfd, NCRIO_KEY_EXPORT, &keydata)) {
+		fprintf(stderr, "Error: %s:%d\n", __func__, __LINE__);
+		perror("ioctl(NCRIO_KEY_IMPORT)");
+		return 1;
+	}
+
+	/* now read data */
+	memset(data, 0, sizeof(data));
+
+	kdata.desc = dinit.desc;
+	kdata.data = data;
+	kdata.data_size = sizeof(data);
+	kdata.append_flag = 0;
+
+	if (ioctl(cfd, NCRIO_DATA_GET, &kdata)) {
+		fprintf(stderr, "Error: %s:%d\n", __func__, __LINE__);
+		perror("ioctl(NCRIO_DATA_GET)");
+		return 1;
+	}
+
+#if 0
+	fprintf(stderr, "Generated key: %.2x.%.2x.%.2x.%.2x.%.2x.%.2x.%.2x.%.2x."
+		"%.2x.%.2x.%.2x.%.2x.%.2x.%.2x.%.2x.%.2x\n", data[0], data[1],
+		data[2], data[3], data[4], data[5], data[6], data[7], data[8],
+		data[9], data[10], data[11], data[12], data[13], data[14],
+		data[15]);
+#endif
+
+	if (ioctl(cfd, NCRIO_KEY_DEINIT, &key)) {
+		fprintf(stderr, "Error: %s:%d\n", __func__, __LINE__);
+		perror("ioctl(NCRIO_KEY_DEINIT)");
+		return 1;
+	}
+	
+	/* test 3: generate an unexportable key in kernel space and
+	 * try to export it.
+	 */
+	fprintf(stdout, "\tKey protection of non-exportable keys...\n");
+	if (ioctl(cfd, NCRIO_KEY_INIT, &key)) {
+		fprintf(stderr, "Error: %s:%d\n", __func__, __LINE__);
+		perror("ioctl(NCRIO_KEY_INIT)");
+		return 1;
+	}
+
+	kgen.desc = key;
+	kgen.params.algorithm = NCR_ALG_AES_CBC;
+	kgen.params.keyflags = 0;
+	kgen.params.params.secret.bits = 128; /* 16  bytes */
+	
+	if (ioctl(cfd, NCRIO_KEY_GENERATE, &kgen)) {
+		perror("ioctl(NCRIO_KEY_IMPORT)");
+		return 1;
+	}
+
+	memset(&keydata, 0, sizeof(keydata));
+	keydata.key = key;
+	keydata.data = dinit.desc;
+
+	if (ioctl(cfd, NCRIO_KEY_EXPORT, &keydata)) {
+		fprintf(stderr, "Error: %s:%d\n", __func__, __LINE__);
+		perror("ioctl(NCRIO_KEY_EXPORT)");
+		return 1;
+	}
+
+	/* try to get the output data - should fail */
+	memset(data, 0, sizeof(data));
+
+	kdata.desc = dinit.desc;
+	kdata.data = data;
+	kdata.data_size = sizeof(data);
+	kdata.append_flag = 0;
+
+	if (ioctl(cfd, NCRIO_DATA_GET, &kdata)==0) {
+		fprintf(stderr, "Error: %s:%d\n", __func__, __LINE__);
+		fprintf(stderr, "Data were exported, but shouldn't be!\n");
+		return 1;
+	}
+
+	if (ioctl(cfd, NCRIO_KEY_DEINIT, &key)) {
+		fprintf(stderr, "Error: %s:%d\n", __func__, __LINE__);
+		perror("ioctl(NCRIO_KEY_DEINIT)");
+		return 1;
+	}
+
+	return 0;
+}
+
+
+static int test_ncr_data(int cfd)
 {
 	struct ncr_data_init_st init;
 	struct ncr_data_st kdata;
@@ -34,6 +260,8 @@ test_ncr_data(int cfd)
 	uint8_t data_bak[DATA_SIZE];
 	int i;
 
+	fprintf(stdout, "Tests on Data:\n");
+	
 	randomize_data(data, sizeof(data));
 	memcpy(data_bak, data, sizeof(data));
 
@@ -47,7 +275,7 @@ test_ncr_data(int cfd)
 		return 1;
 	}
 	
-	fprintf(stderr, "Imported data\n");
+	fprintf(stdout, "\tData Import...\n");
 
 	memset(data, 0, sizeof(data));
 
@@ -66,7 +294,7 @@ test_ncr_data(int cfd)
 		return 1;
 	}
 
-	fprintf(stderr, "Verified imported data integrity\n");
+	fprintf(stdout, "\tData Export...\n");
 
 	/* test set */
 	memset(data, 0xf1, sizeof(data));
@@ -81,8 +309,6 @@ test_ncr_data(int cfd)
 		return 1;
 	}
 
-	fprintf(stderr, "Imported new data\n");
-
 	/* test get after set */
 	memset(data, 0, sizeof(data));
 
@@ -102,14 +328,14 @@ test_ncr_data(int cfd)
 			return 1;
 		}
 	}
-	fprintf(stderr, "Verified new data\n");
+	fprintf(stdout, "\t2nd Data Import/Export...\n");
 
 	if (ioctl(cfd, NCRIO_DATA_DEINIT, &kdata.desc)) {
 		perror("ioctl(NCRIO_DATA_DEINIT)");
 		return 1;
 	}
 
-	fprintf(stderr, "Initializing unexportable data\n");
+	fprintf(stdout, "\tProtection of non-exportable data...\n");
 	randomize_data(data, sizeof(data));
 
 	init.max_object_size = DATA_SIZE;
@@ -127,13 +353,12 @@ test_ncr_data(int cfd)
 	kdata.data_size = sizeof(data);
 	kdata.append_flag = 0;
 
-	if (ioctl(cfd, NCRIO_DATA_GET, &kdata)) {
-		fprintf(stderr, "Verified that unexportable data cannot be exported\n");
-	} else {
+	if (ioctl(cfd, NCRIO_DATA_GET, &kdata)==0) {
 		fprintf(stderr, "Unexportable data were exported!?\n");
 		return 1;
 	}
 
+	fprintf(stdout, "\tLimits on maximum allowed data...\n");
 	for (i=0;i<256;i++ ) {
 		init.max_object_size = DATA_SIZE;
 		init.flags = 0;
@@ -141,10 +366,12 @@ test_ncr_data(int cfd)
 		init.initial_data_size = sizeof(data);
 
 		if (ioctl(cfd, NCRIO_DATA_INIT, &init)) {
-			fprintf(stderr, "Reached maximum limit at: %d data items\n", i);
+			//fprintf(stderr, "Reached maximum limit at: %d data items\n", i);
 			break;
 		}
 	}
+	
+	/* shouldn't run any other tests after that */
 
 	return 0;
 }
@@ -171,5 +398,23 @@ main()
 		return 1;
 	}
 
+	/* actually test if the initial close
+	 * will really delete all used lists */
+
+	fd = open("/dev/crypto", O_RDWR, 0);
+	if (fd < 0) {
+		perror("open(/dev/crypto)");
+		return 1;
+	}
+
+	if (test_ncr_key(fd))
+		return 1;
+
+	/* Close the original descriptor */
+	if (close(fd)) {
+		perror("close(fd)");
+		return 1;
+	}
+
 	return 0;
 }
author	Nikos Mavrogiannopoulos <nmav@gnutls.org>	2010-05-31 16:35:55 +0200
committer	Nikos Mavrogiannopoulos <nmav@gnutls.org>	2010-06-17 20:47:38 +0200
commit	7439ac15620fd5718c457c2825e40830365667ad (patch)
tree	d0b7d270591bd8b45a15e5c9c97763e8de923dcf /examples
parent	b4c1ecb3c841e0d7f7453a93c30a5619b7f3ce4c (diff)
download	kernel-crypto-7439ac15620fd5718c457c2825e40830365667ad.tar.gz kernel-crypto-7439ac15620fd5718c457c2825e40830365667ad.tar.xz kernel-crypto-7439ac15620fd5718c457c2825e40830365667ad.zip