Merge branch 'standalone-rename' into userspace-crypto

Conflicts:
	.gitignore
	crypto/userspace/Makefile
	crypto/userspace/cryptodev_int.h
	crypto/userspace/ncr-key-wrap.c
	crypto/userspace/ncr-key.c
	crypto/userspace/ncr-pk.c
	crypto/userspace/ncr-sessions.c
	crypto/userspace/ncr.c
	include/linux/cryptodev.h

3 files changed, 180 insertions, 361 deletions

diff --git a/include/linux/Kbuild b/include/linux/Kbuild
index f35589a2ab5..41790cd58dd 100644
--- a/include/linux/Kbuild
+++ b/include/linux/Kbuild
@@ -51,7 +51,6 @@ header-y += comstats.h
 header-y += const.h
 header-y += cgroupstats.h
 header-y += cramfs_fs.h
-header-y += cryptodev.h
 header-y += cycx_cfm.h
 header-y += dcbnl.h
 header-y += dlmconstants.h
diff --git a/include/linux/cryptodev.h b/include/linux/cryptodev.h
deleted file mode 100644
index a916177eaa7..00000000000
--- a/include/linux/cryptodev.h
+++ /dev/null
@@ -1,151 +0,0 @@
-/* This is a source compatible implementation with the original API of 
- * cryptodev by Angelos D. Keromytis, found at openbsd cryptodev.h.
- * Placed under public domain */
-
-#ifndef _LINUX_CRYPTODEV_H
-#define _LINUX_CRYPTODEV_H
-
-#include <linux/types.h>
-
-/* API extensions for linux */
-#define CRYPTO_HMAC_MAX_KEY_LEN		512
-#define CRYPTO_CIPHER_MAX_KEY_LEN	64
-
-/* All the supported algorithms
- */
-typedef enum {
-	CRYPTO_DES_CBC=1,
-	CRYPTO_3DES_CBC=2,
-	CRYPTO_BLF_CBC=3,
-	CRYPTO_CAST_CBC=4,
-	CRYPTO_SKIPJACK_CBC=5,
-	CRYPTO_MD5_HMAC=6,
-	CRYPTO_SHA1_HMAC=7,
-	CRYPTO_RIPEMD160_HMAC=8,
-	CRYPTO_MD5_KPDK=9,
-	CRYPTO_SHA1_KPDK=10,
-	CRYPTO_RIJNDAEL128_CBC=11,
-	CRYPTO_AES_CBC=CRYPTO_RIJNDAEL128_CBC,
-	CRYPTO_ARC4=12,
-	CRYPTO_MD5=13,
-	CRYPTO_SHA1=14,
-	CRYPTO_DEFLATE_COMP=15,
-	CRYPTO_NULL=16,
-	CRYPTO_LZS_COMP=17,
-	CRYPTO_SHA2_256_HMAC=18,
-	CRYPTO_SHA2_384_HMAC=19,
-	CRYPTO_SHA2_512_HMAC=20,
-	CRYPTO_AES_CTR=21,
-	CRYPTO_AES_XTS=22,
-
-	CRYPTO_CAMELLIA_CBC=101,
-	CRYPTO_RIPEMD160,
-	CRYPTO_SHA2_256,
-	CRYPTO_SHA2_384,
-	CRYPTO_SHA2_512,
-	CRYPTO_ALGORITHM_ALL, /* Keep updated - see below */
-} cryptodev_crypto_op_t;
-#define	CRYPTO_ALGORITHM_MAX	(CRYPTO_ALGORITHM_ALL - 1)
-
-/* Values for ciphers */
-#define DES_BLOCK_LEN		8
-#define DES3_BLOCK_LEN		8
-#define RIJNDAEL128_BLOCK_LEN	16
-#define AES_BLOCK_LEN		RIJNDAEL128_BLOCK_LEN
-#define CAMELLIA_BLOCK_LEN
-#define BLOWFISH_BLOCK_LEN	8
-#define SKIPJACK_BLOCK_LEN	8
-#define CAST128_BLOCK_LEN	8
-
-/* the maximum of the above */
-#define EALG_MAX_BLOCK_LEN	16
-
-/* Values for hashes/MAC */
-#define AALG_MAX_RESULT_LEN		64
-
-/* input of CIOCGSESSION */
-struct session_op {
-	/* Specify either cipher or mac
-	 */
-	__u32	cipher;		/* cryptodev_crypto_op_t */
-	__u32	mac;		/* cryptodev_crypto_op_t */
-
-	__u32	keylen;
-	__u8	__user *key;
-	__u32	mackeylen;
-	__u8	__user *mackey;
-
-	__u32	ses;		/* session identifier */
-};
-
-#define	COP_ENCRYPT	0
-#define COP_DECRYPT	1
-
-/* input of CIOCCRYPT */
- struct crypt_op {
-	__u32	ses;		/* session identifier */
-	__u16	op;		/* COP_ENCRYPT or COP_DECRYPT */
-	__u16	flags;		/* no usage so far, use 0 */
-	__u32	len;		/* length of source data */
-	__u8	__user *src;		/* source data */
-	__u8	__user *dst;		/* pointer to output data */
-	__u8	__user *mac;		/* pointer to output data for hash/MAC operations */
-	__u8	__user *iv;		/* initialization vector for encryption operations */
-};
-
-/* Stuff for bignum arithmetic and public key
- * cryptography - not supported yet by linux
- * cryptodev.
- */
-
-#define	CRYPTO_ALG_FLAG_SUPPORTED	1
-#define	CRYPTO_ALG_FLAG_RNG_ENABLE	2
-#define	CRYPTO_ALG_FLAG_DSA_SHA		4
-
-struct crparam {
-	__u8*	crp_p;
-	__u32	crp_nbits;
-};
-
-#define CRK_MAXPARAM	8
-
-/* input of CIOCKEY */
-struct crypt_kop {
-	__u32	crk_op;		/* cryptodev_crk_ot_t */
-	__u32	crk_status;
-	__u16	crk_iparams;
-	__u16	crk_oparams;
-	__u32	crk_pad1;
-	struct crparam	crk_param[CRK_MAXPARAM];
-};
-
-typedef enum {
-	CRK_MOD_EXP=0,
-	CRK_MOD_EXP_CRT=1,
-	CRK_DSA_SIGN=2,
-	CRK_DSA_VERIFY=3,
-	CRK_DH_COMPUTE_KEY=4,
-	CRK_ALGORITHM_ALL
-} cryptodev_crk_op_t;
-
-#define CRK_ALGORITHM_MAX	CRK_ALGORITHM_ALL-1
-
-/* features to be queried with CIOCASYMFEAT ioctl
- */
-#define CRF_MOD_EXP		(1 << CRK_MOD_EXP)
-#define CRF_MOD_EXP_CRT		(1 << CRK_MOD_EXP_CRT)
-#define CRF_DSA_SIGN		(1 << CRK_DSA_SIGN)
-#define CRF_DSA_VERIFY		(1 << CRK_DSA_VERIFY)
-#define CRF_DH_COMPUTE_KEY	(1 << CRK_DH_COMPUTE_KEY)
-
-
-/* ioctl's. Compatible with old linux cryptodev.h
- */
-#define CRIOGET         _IOWR('c', 101, __u32)
-#define CIOCGSESSION    _IOWR('c', 102, struct session_op)
-#define CIOCFSESSION    _IOW('c', 103, __u32)
-#define CIOCCRYPT       _IOWR('c', 104, struct crypt_op)
-#define CIOCKEY         _IOWR('c', 105, struct crypt_kop)
-#define CIOCASYMFEAT    _IOR('c', 106, __u32)
-
-#endif /* _LINUX_CRYPTODEV_H */
diff --git a/include/linux/ncr.h b/include/linux/ncr.h
index 9c1f33a24b4..4f4d8a957ac 100644
--- a/include/linux/ncr.h
+++ b/include/linux/ncr.h
@@ -3,46 +3,75 @@
 
 #include <linux/types.h>
 
+/* Serves to make sure the structure is suitably aligned to continue with
+   a struct nlattr without external padding.
+
+   4 is NLA_ALIGNTO from <linux/netlink.h>, but if we
+   included <linux/netlink.h>, the user would have to include <sys/socket.h>
+   as well for no obvious reason.  "4" is fixed by ABI. */
+#define __NL_ATTRIBUTES char __align[] __attribute__((aligned(4)))
+
+/* In all ioctls, input_size specifies size of the ncr_* structure and the
+   following attributes.
+
+   output_size specifies space available for returning output, including the
+   initial ncr_* structure, and is updated by the ioctl() with the space
+   actually used.
+
+   There are two special cases: input_size 0 means not attributes are supplied,
+   and is treated equivalent to sizeof(struct ncr_*).  output_size 0 means no
+   space for output attributes is available, and is not updated. */
+
+/* FIXME: better names for algorithm parameters? */
+/* FIXME: Split key generation/derivation attributes to decrease the number
+   of attributes used for the frequent operations? */
+enum {
+	NCR_ATTR_UNSPEC,	      /* 0 is special in lib/nlattr.c. */
+	NCR_ATTR_ALGORITHM,	      /* NLA_NUL_STRING */
+	NCR_ATTR_DERIVATION_ALGORITHM, /* NLA_NUL_STRING - NCR_DERIVE_* */
+	NCR_ATTR_SIGNATURE_HASH_ALGORITHM, /* NLA_NUL_STRING */
+	NCR_ATTR_WRAPPING_ALGORITHM,  /* NLA_NUL_STRING - NCR_WALG_* */
+	NCR_ATTR_UPDATE_INPUT_DATA,   /* NLA_BINARY - ncr_session_input_data */
+	/* NLA_BINARY - ncr_session_output_buffer */
+	NCR_ATTR_UPDATE_OUTPUT_BUFFER,
+	NCR_ATTR_UPDATE_INPUT_KEY_AS_DATA, /* NLA_U32 - ncr_key_t */
+	NCR_ATTR_FINAL_INPUT_DATA,    /* NLA_BINARY - ncr_session_input_data */
+	/* NLA_BINARY - ncr_session_output_buffer */
+	NCR_ATTR_FINAL_OUTPUT_BUFFER,
+	NCR_ATTR_KEY,	              /* NLA_U32 - ncr_key_t */
+	NCR_ATTR_KEY_FLAGS,	      /* NLA_U32 - NCR_KEY_FLAG_* */
+	NCR_ATTR_KEY_ID,	      /* NLA_BINARY */
+	NCR_ATTR_KEY_TYPE,	      /* NLA_U32 - ncr_key_type_t */
+	NCR_ATTR_IV,		      /* NLA_BINARY */
+	NCR_ATTR_SECRET_KEY_BITS,     /* NLA_U32 */
+	NCR_ATTR_RSA_MODULUS_BITS,    /* NLA_U32 */
+	NCR_ATTR_RSA_E,		      /* NLA_BINARY */
+	NCR_ATTR_RSA_ENCODING_METHOD, /* NLA_U32 - ncr_rsa_type_t */
+	NCR_ATTR_RSA_OAEP_HASH_ALGORITHM, /* NLA_NUL_STRING */
+	NCR_ATTR_RSA_PSS_SALT_LENGTH, /* NLA_U32 */
+	NCR_ATTR_DSA_P_BITS,	      /* NLA_U32 */
+	NCR_ATTR_DSA_Q_BITS,	      /* NLA_U32 */
+	NCR_ATTR_DH_PRIME,	      /* NLA_BINARY */
+	NCR_ATTR_DH_BASE,	      /* NLA_BINARY */
+	NCR_ATTR_DH_PUBLIC,	      /* NLA_BINARY */
+	NCR_ATTR_WANTED_ATTRS,	      /* NLA_BINARY - array of u16 IDs */
+	NCR_ATTR_SESSION_CLONE_FROM,  /* NLA_U32 - ncr_session_t */
+
+	/* Add new attributes here */
+
+	NCR_ATTR_END__,
+	NCR_ATTR_MAX = NCR_ATTR_END__ - 1
+};
+
 #define NCR_CIPHER_MAX_BLOCK_LEN 32
 #define NCR_HASH_MAX_OUTPUT_SIZE  64
 
-typedef enum {
-	NCR_ALG_NONE,
-	NCR_ALG_NULL,
-	NCR_ALG_3DES_CBC,
-	NCR_ALG_AES_CBC,
-	NCR_ALG_CAMELLIA_CBC,
-	NCR_ALG_ARCFOUR,
-	NCR_ALG_AES_ECB,
-	NCR_ALG_CAMELLIA_ECB,
-	NCR_ALG_AES_CTR,
-	NCR_ALG_CAMELLIA_CTR,
-
-	NCR_ALG_SHA1=40,
-	NCR_ALG_MD5,
-	NCR_ALG_SHA2_224,
-	NCR_ALG_SHA2_256,
-	NCR_ALG_SHA2_384,
-	NCR_ALG_SHA2_512,
-
-	NCR_ALG_HMAC_SHA1=80,
-	NCR_ALG_HMAC_MD5,
-	NCR_ALG_HMAC_SHA2_224,
-	NCR_ALG_HMAC_SHA2_256,
-	NCR_ALG_HMAC_SHA2_384,
-	NCR_ALG_HMAC_SHA2_512,
-
-	NCR_ALG_RSA=140,
-	NCR_ALG_DSA,
-	NCR_ALG_DH, /* DH as in PKCS #3 */
-} ncr_algorithm_t;
-
-
+/* Better names wanted */
+#define NCR_ALG_DSA_TRANSPARENT_HASH "__dsa_transparent_hash"
+#define NCR_ALG_RSA_TRANSPARENT_HASH "__rsa_transparent_hash"
 
-typedef enum {
-	NCR_WALG_AES_RFC3394, /* for secret keys only */
-	NCR_WALG_AES_RFC5649, /* can wrap arbitrary key */
-} ncr_wrap_algorithm_t;
+#define NCR_WALG_AES_RFC3394 "walg-aes-rfc3394" /* for secret keys only */
+#define NCR_WALG_AES_RFC5649 "walg-aes-rfc5649" /* can wrap arbitrary key */
 
 typedef enum {
 	NCR_KEY_TYPE_INVALID,
@@ -54,7 +83,7 @@ typedef enum {
 /* Key handling
  */
 
-typedef int ncr_key_t;
+typedef __s32 ncr_key_t;
 
 #define NCR_KEY_INVALID ((ncr_key_t)-1)
 
@@ -67,46 +96,25 @@ typedef int ncr_key_t;
  */
 #define NCR_KEY_FLAG_DECRYPT (1<<2)
 #define NCR_KEY_FLAG_SIGN (1<<3)
+#define NCR_KEY_FLAG_ENCRYPT (1<<4)
+#define NCR_KEY_FLAG_VERIFY (1<<5)
+/* These flags can only be set by administrator, to prevent
+ * adversaries exporting wrappable keys with random ones.
+ */
+#define NCR_KEY_FLAG_WRAPPING (1<<6)
+#define NCR_KEY_FLAG_UNWRAPPING (1<<7)
 
-struct ncr_key_generate_params_st {
-	ncr_algorithm_t algorithm; /* just a cipher algorithm when
-	* generating secret keys
-	*/
-
-	unsigned int keyflags;
-	union {
-		struct {
-			unsigned int bits;
-		} secret;
-		struct {
-			unsigned int bits;
-			unsigned long e; /* use zero for default */
-		} rsa;		
-		struct {
-			/* For DSS standard allowed values
-			 * are:            p:1024 q: 160
-			 *                 p:2048 q: 224
-			 *                 p:2048 q: 256
-			 *                 p:3072 q: 256
-			 */
-			unsigned int p_bits;
-			unsigned int q_bits;
-		} dsa;
-		struct {
-			__u8 __user *p; /* prime */
-			__kernel_size_t p_size;
-			__u8 __user *g; /* generator */
-			__kernel_size_t g_size;
-		} dh;
-	} params;
+struct ncr_key_generate {
+	__u32 input_size, output_size;
+	ncr_key_t key;
+	__NL_ATTRIBUTES;
 };
 
-/* used in generation
- */
-struct ncr_key_generate_st {
-	ncr_key_t desc;
-	ncr_key_t desc2; /* public key when called with GENERATE_PAIR */
-	struct ncr_key_generate_params_st params;
+struct ncr_key_generate_pair {
+	__u32 input_size, output_size;
+	ncr_key_t private_key;
+	ncr_key_t public_key;
+	__NL_ATTRIBUTES;
 };
 
 typedef enum {
@@ -115,127 +123,109 @@ typedef enum {
 	RSA_PKCS1_PSS, /* for signatures only */
 } ncr_rsa_type_t;
 
-/* used in derivation/encryption
- */
-struct ncr_key_params_st {
-	/* this structure always corresponds to a key. Hence the
-	 * parameters of the union selected are based on the corresponding
-	 * key */
-	union {
-		struct {
-			__u8 iv[NCR_CIPHER_MAX_BLOCK_LEN];
-			__kernel_size_t iv_size;
-		} cipher;
-		struct {
-			__u8 __user *pub;
-			__kernel_size_t pub_size;
-		} dh;
-		struct {
-			ncr_rsa_type_t type;
-			ncr_algorithm_t oaep_hash; /* for OAEP */
-			ncr_algorithm_t sign_hash; /* for signatures */
-			unsigned int pss_salt; /* PSS signatures */
-		} rsa;
-		struct {
-			ncr_algorithm_t sign_hash; /* for signatures */
-		} dsa;
-	} params;
-};
-
-typedef enum {
-	NCR_DERIVE_DH=1,
-} ncr_derive_t;
+#define NCR_DERIVE_DH "dh"
 
-struct ncr_key_derivation_params_st {
-	ncr_derive_t derive; /* the derivation algorithm */
 
-	ncr_key_t newkey;
-	unsigned int keyflags; /* for new key */
-	
-	ncr_key_t key;
-	struct ncr_key_params_st params;
+struct ncr_key_derive {
+	__u32 input_size, output_size;
+	ncr_key_t input_key;
+	ncr_key_t new_key;
+	__NL_ATTRIBUTES;
 };
 
 #define MAX_KEY_ID_SIZE 20
 
-struct ncr_key_info_st {
-	ncr_key_t key; /* input */
-
-	unsigned int flags;
-	ncr_key_type_t type;
-	ncr_algorithm_t algorithm; /* valid for public/private keys */
-
-	__u8 key_id[MAX_KEY_ID_SIZE];
-	__kernel_size_t key_id_size;
+struct ncr_key_get_info {
+	__u32 input_size, output_size;
+	ncr_key_t key;
+	__NL_ATTRIBUTES;
 };
 
-struct ncr_key_data_st {
+struct ncr_key_import {
+	__u32 input_size, output_size;
 	ncr_key_t key;
+	const void __user *data;
+	__u32 data_size;
+	__NL_ATTRIBUTES;
+};
 
-	void __user *idata;
-	__kernel_size_t idata_size; /* rw in get */
-
-	/* in case of import this will be used as key id */
-	__u8 key_id[MAX_KEY_ID_SIZE];
-	__kernel_size_t key_id_size;
-	ncr_key_type_t type;
-	unsigned int flags;
-	ncr_algorithm_t algorithm; /* valid for public/private keys */
+struct ncr_key_export {
+	__u32 input_size, output_size;
+	ncr_key_t key;
+	void __user *buffer;
+	int buffer_size;
+	__NL_ATTRIBUTES;
 };
 
-#define NCRIO_KEY_INIT			_IOW ('c', 204, ncr_key_t)
+#define NCRIO_KEY_INIT _IO('c', 0xC0)
 /* generate a secret key */
-#define NCRIO_KEY_GENERATE     	_IOR ('c', 205, struct ncr_key_generate_st)
+#define NCRIO_KEY_GENERATE _IOWR('c', 0xC1, struct ncr_key_generate)
 /* generate a public key pair */
-#define NCRIO_KEY_GENERATE_PAIR _IOR ('c', 206, struct ncr_key_generate_st)
+#define NCRIO_KEY_GENERATE_PAIR _IOWR('c', 0xC2, struct ncr_key_generate_pair)
 /* derive a new key from an old one */
-#define NCRIO_KEY_DERIVE        _IOR ('c', 207, struct ncr_key_derivation_params_st)
+#define NCRIO_KEY_DERIVE _IOWR('c', 0xC3, struct ncr_key_derive)
 /* return information on a key */
-#define NCRIO_KEY_GET_INFO      _IOWR('c', 208, struct ncr_key_info_st)
+#define NCRIO_KEY_GET_INFO _IOWR('c', 0xC4, struct ncr_key_get_info)
 /* export a secret key */
-#define NCRIO_KEY_EXPORT       	_IOWR('c', 209, struct ncr_key_data_st)
+#define NCRIO_KEY_EXPORT _IOWR('c', 0xC5, struct ncr_key_export)
 /* import a secret key */
-#define NCRIO_KEY_IMPORT       	_IOWR('c', 210, struct ncr_key_data_st)
+#define NCRIO_KEY_IMPORT _IOWR('c', 0xC6, struct ncr_key_import)
 
-#define NCRIO_KEY_DEINIT       _IOR ('c', 215, ncr_key_t)
+#define NCRIO_KEY_DEINIT _IOW('c', 0xC7, ncr_key_t)
 
 /* Key wrap ioctls
  */
-struct ncr_key_wrap_st {
-	ncr_wrap_algorithm_t algorithm;
-	ncr_key_t keytowrap;
-
-	ncr_key_t key;
-	struct ncr_key_params_st params;
+struct ncr_key_wrap {
+	__u32 input_size, output_size;
+	ncr_key_t wrapping_key;
+	ncr_key_t source_key;
+	void __user *buffer;
+	int buffer_size;
+	__NL_ATTRIBUTES;
+};
 
-	void __user * io; /* encrypted keytowrap */
-	/* this will be updated by the actual size on wrap */
-	__kernel_size_t io_size;
+struct ncr_key_unwrap {
+	__u32 input_size, output_size;
+	ncr_key_t wrapping_key;
+	ncr_key_t dest_key;
+	const void __user *data;
+	__u32 data_size;
+	__NL_ATTRIBUTES;
 };
 
-#define NCRIO_KEY_WRAP        _IOWR ('c', 250, struct ncr_key_wrap_st)
-#define NCRIO_KEY_UNWRAP        _IOR ('c', 251, struct ncr_key_wrap_st)
+#define NCRIO_KEY_WRAP _IOWR('c', 0xC8, struct ncr_key_wrap)
+#define NCRIO_KEY_UNWRAP _IOWR('c', 0xC9, struct ncr_key_unwrap)
 
 /* Internal ops  */
-struct ncr_master_key_st {
-	__u8 __user * key;
-	__u16 key_size;
+struct ncr_master_key_set {
+	__u32 input_size, output_size;
+	const void __user *key;
+	__u32 key_size;
+	__NL_ATTRIBUTES;
 };
 
-#define NCRIO_MASTER_KEY_SET        _IOR ('c', 260, struct ncr_master_key_st)
+#define NCRIO_MASTER_KEY_SET _IOWR('c', 0xCA, struct ncr_master_key_set)
 
 /* These are similar to key_wrap and unwrap except that will store some extra
  * fields to be able to recover a key */
-struct ncr_key_storage_wrap_st {
-	ncr_key_t keytowrap;
+struct ncr_key_storage_wrap {
+	__u32 input_size, output_size;
+	ncr_key_t key;
+	void __user *buffer;
+	int buffer_size;
+	__NL_ATTRIBUTES;
+};
 
-	void __user * io; /* encrypted keytowrap */
-	/* this will be updated by the actual size on wrap */
-	__kernel_size_t io_size;
+struct ncr_key_storage_unwrap {
+	__u32 input_size, output_size;
+	ncr_key_t key;
+	const void __user *data;
+	__u32 data_size;
+	__NL_ATTRIBUTES;
 };
 
-#define NCRIO_KEY_STORAGE_WRAP        _IOWR ('c', 261, struct ncr_key_storage_wrap_st)
-#define NCRIO_KEY_STORAGE_UNWRAP        _IOR ('c', 262, struct ncr_key_storage_wrap_st)
+#define NCRIO_KEY_STORAGE_WRAP _IOWR('c', 0xCB, struct ncr_key_storage_wrap)
+#define NCRIO_KEY_STORAGE_UNWRAP _IOWR('c', 0xCC, struct ncr_key_storage_wrap)
 
 /* Crypto Operations ioctls
  */
@@ -247,68 +237,49 @@ typedef enum {
 	NCR_OP_VERIFY,
 } ncr_crypto_op_t;
 
-typedef int ncr_session_t;
+typedef __s32 ncr_session_t;
 #define NCR_SESSION_INVALID ((ncr_session_t)-1)
 
-/* input of CIOCGSESSION */
-struct ncr_session_st {
-	/* input */
-	ncr_algorithm_t algorithm;
-
-	ncr_key_t key;
-	struct ncr_key_params_st params;
-	ncr_crypto_op_t op;
-
-	/* output */
-	ncr_session_t	ses;		/* session identifier */
+struct ncr_session_input_data {
+	const void __user *data;
+	__kernel_size_t data_size;
 };
 
-typedef enum {
-	NCR_SUCCESS = 0,
-	NCR_ERROR_GENERIC = -1,
-	NCR_VERIFICATION_FAILED = -2,
-} ncr_error_t;
+struct ncr_session_output_buffer {
+	void __user *buffer;
+	__kernel_size_t buffer_size;
+	__kernel_size_t __user *result_size_ptr;
+};
 
-typedef enum {
-	NCR_KEY_DATA,
-	NCR_DIRECT_DATA,
-} ncr_data_type_t;
+struct ncr_session_init {
+	__u32 input_size, output_size;
+	__u32 op;		/* ncr_crypto_op_t */
+	__NL_ATTRIBUTES;
+};
 
-struct ncr_session_op_st {
-	/* input */
+struct ncr_session_update {
+	__u32 input_size, output_size;
 	ncr_session_t ses;
+	__NL_ATTRIBUTES;
+};
 
-	union {
-		struct {
-			ncr_key_t input;
-			void __user * output;  /* when verifying signature this is
-					* the place of the signature.
-					*/
-			__kernel_size_t output_size;
-		} kdata; /* NCR_KEY_DATA */
-		struct {
-			void __user * input;
-			__kernel_size_t input_size;
-			void __user * output;
-			__kernel_size_t output_size;
-		} udata; /* NCR_DIRECT_DATA */
-	} data;
-	ncr_data_type_t type;
-
-	/* output of verification */
-	ncr_error_t err;
+struct ncr_session_final {
+	__u32 input_size, output_size;
+	ncr_session_t ses;
+	__NL_ATTRIBUTES;
 };
 
-struct ncr_session_once_op_st {
-	struct ncr_session_st init;
-	struct ncr_session_op_st op;
+struct ncr_session_once {
+	__u32 input_size, output_size;
+	ncr_crypto_op_t op;
+	__NL_ATTRIBUTES;
 };
 
-#define NCRIO_SESSION_INIT        _IOR ('c', 300, struct ncr_session_st)
-#define NCRIO_SESSION_UPDATE        _IOWR ('c', 301, struct ncr_session_op_st)
-#define NCRIO_SESSION_FINAL        _IOWR ('c', 302, struct ncr_session_op_st)
+#define NCRIO_SESSION_INIT _IOWR('c', 0xD0, struct ncr_session_init)
+#define NCRIO_SESSION_UPDATE _IOWR('c', 0xD1, struct ncr_session_update)
+#define NCRIO_SESSION_FINAL _IOWR('c', 0xD2, struct ncr_session_final)
 
 /* everything in one call */
-#define NCRIO_SESSION_ONCE        _IOWR ('c', 303, struct ncr_session_once_op_st)
+#define NCRIO_SESSION_ONCE _IOWR('c', 0xD3, struct ncr_session_once)
 
 #endif