diff options
Diffstat (limited to 'userspace')
-rw-r--r-- | userspace/Makefile | 12 | ||||
-rw-r--r-- | userspace/ncrypto.h | 141 | ||||
-rw-r--r-- | userspace/setkey.c | 87 |
3 files changed, 0 insertions, 240 deletions
diff --git a/userspace/Makefile b/userspace/Makefile deleted file mode 100644 index fddefb30e86..00000000000 --- a/userspace/Makefile +++ /dev/null @@ -1,12 +0,0 @@ -CC = gcc -CFLAGS = -Wall -g -O2 - -progs := ncr-setkey - -all: $(progs) - -ncr-setkey: setkey.c - $(CC) $(CFLAGS) $< -o $@ - -clean: - rm -f *.o *~ ncr-setkey diff --git a/userspace/ncrypto.h b/userspace/ncrypto.h deleted file mode 100644 index 546b6ba6640..00000000000 --- a/userspace/ncrypto.h +++ /dev/null @@ -1,141 +0,0 @@ -#include <crypto/ncr.h> - -int ncr_global_init(unsigned int flags); /* open device */ -void ncr_global_deinit(void); /* close device */ - - -/* parameters for key generation - */ -int ncr_generate_params_init(ncr_generate_params_t*); /* userspace */ -void ncr_generate_params_deinit(ncr_generate_params_t); /* userspace */ - -/* common for ciphers and public key algorithms */ -void ncr_generate_params_set_algorithm(ncr_generate_params_t, ncr_algorithm_t); /* userspace */ - -/* public key algorithms */ -void ncr_generate_params_set_bits(ncr_generate_params_t, unsigned int bits); /* RSA+DSA */ -int ncr_generate_params_set_rsa_e(ncr_generate_params_t, void* e, unsigned int e_size); /* RSA */ - -/* parameters for encryption/decryption/derivation - */ -int ncr_params_init(ncr_params_t*); /* userspace */ -void ncr_params_deinit(ncr_params_t); /* userspace */ - -int ncr_params_set_cipher_iv(ncr_params_t, void* iv, unsigned int iv_size); /* userspace */ - -int ncr_params_set_dh_key(ncr_params_t, ncr_key_t dh_priv); /* DH */ - - -/* data flags are of NCR_DATA_FLAG_* type */ - -int ncr_data_init(ncr_data_t *, size_t max_object_size, unsigned int dataflags); /* ioctl DATA_INIT */ -size_t ncr_data_get_size(ncr_data_t); /* ioctl DATA_GET */ -int ncr_data_get_data(ncr_data_t, void* data_ptr, size_t *data_size); /* ioctl DATA_GET */ -int ncr_data_set_data(ncr_data_t, void* data_ptr, size_t data_size); /* ioctl DATA_SET */ -int ncr_data_append_data(ncr_data_t, void* data_ptr, size_t data_size); /* ioctl DATA_SET */ -void ncr_data_deinit(ncr_data_t); /* ioctl DATA_DEINIT */ - -/* key flags are NCR_KEY_FLAG_* */ - -int ncr_key_init(ncr_key_t* key); /* ioctl KEY_INIT */ -int ncr_key_generate(ncr_key_t key, ncr_algorithm_t algorithm, unsigned int bits, unsigned int keyflags); /* ioctl KEY_GENERATE */ -int ncr_key_generate_pair(ncr_key_t public_key, ncr_key_t private_key, ncr_generate_params_t params, unsigned int keyflags); /* ioctl KEY_GENERATE_PAIR */ -int ncr_key_derive(ncr_key_t newkey, ncr_params_t params, unsigned int keyflags, ncr_key_t data); /* ioctl KEY_DERIVE */ -unsigned int ncr_key_get_flags(ncr_key_t key); /* ioctl KEY_GET_INFO */ -ncr_key_type_t ncr_key_get_type(ncr_key_t key); /* ioctl KEY_GET_INFO */ -int ncr_key_export(ncr_key_t key, ncr_data_t obj); /* ioctl KEY_EXPORT */ -int ncr_key_import(ncr_key_t key, ncr_data_t obj); /* ioctl KEY_IMPORT */ -int ncr_key_get_id(ncr_key_t, void* id, size_t* id_size); /* KEY_GET_INFO */ -void ncr_key_deinit(ncr_key_t); /* ioctl KEY_DEINIT */ - -typedef enum { - NCR_RSA_MODULUS, - NCR_RSA_EXPONENT, - NCR_DSA_P, - NCR_DSA_Q, - NCR_DSA_Y, -} ncr_public_param_t; - -int ncr_key_get_public_param(ncr_key_t key, ncr_public_param_t, void* output, size_t* output_size); - -/* store keys */ -int ncr_storage_store(const char* label, mode_t mode, ncr_key_t key); /* ioctl STORE_STORE */ -int ncr_storage_mkstemp(char* template, mode_t mode, ncr_key_t key);/* ioctl STORE_MKSTEMP */ -ncr_key_t ncr_storage_load(const char* label); /* ioctl STORE_LOAD */ - -int ncr_storage_chmod(const char* label, mode_t newmode); /* ioctl STORE_CHMOD */ -int ncr_storage_chown(const char* label, uid_t owner, gid_t grp); /* ioctl STORE_CHOWN */ -int ncr_storage_remove(const char* label); /* ioctl STORE_REMOVE */ - -typedef struct {} * ncr_metadata_t; - -int ncr_metadata_init(ncr_metadata_t* metadata); /* userspace */ -void ncr_metadata_deinit(ncr_metadata_t metadata);/* userspace */ - -/* read info from metadata */ -const char* ncr_metadata_get_label(ncr_metadata_t); /* userspace */ -ncr_key_type_t ncr_metadata_get_type(ncr_metadata_t); /* userspace */ - -/* id of the key. For public/private key pairs it should be the same */ -int ncr_metadata_get_id(ncr_metadata_t, void* id, size_t* id_size); /* userspace */ -/* this has meaning only if type is public or private key */ -ncr_algorithm_t ncr_metadata_get_algorithm(ncr_metadata_t); /* userspace */ - -uid_t ncr_metadata_get_uid(ncr_metadata_t); /* userspace */ -gid_t ncr_metadata_get_gid(ncr_metadata_t); /* userspace */ -mode_t ncr_metadata_get_mode(ncr_metadata_t); /*userspace */ - -/* load metadata for particular file */ -int ncr_metadata_load(const char* label, ncr_metadata_t metadata); /* ioctl STORE_METADATA_GET_INFO */ - -/* traverse all storage entries */ -int ncr_storage_traverse_init(ncr_traverse_t* tr); /* ioctl STORE_METADATA_TRAVERSE_INIT */ -int ncr_storage_traverse_next(ncr_traverse_t, ncr_metadata_t metadata); /* ioctl STORE_METADATA_TRAVERSE_NEXT */ -void ncr_storage_traverse_deinit(ncr_traverse_t); /* ioctl STORE_METADATA_TRAVERSE_DEINIT */ - -/* wrap unwrap */ -int ncr_key_wrap(ncr_key_t wrapping_key, ncr_params_t params, ncr_key_t key, void* output_data, size_t output_data_size); /* ioctl KEY_WRAP */ -int ncr_key_unwrap(ncr_key_t*key, ncr_key_t wrapping_key, ncr_params_t params, unsigned int keyflags, void* input_data, size_t input_data_size); /* ioctl KEY_UNWRAP */ - -/* operations to objects result in objects that have the same properties as the original - * object. I.e. encrypting a secret key under an object will not allow you to export it. - */ - -int ncr_session_copy(ncr_session_t* copy, ncr_session_t source); /* ioctl SESSION_COPY */ - -/* encryption functions */ -int ncr_encrypt_init(ncr_session_t* session, ncr_key_t key, ncr_params_t params); /* ioctl SESSION_INIT */ -int ncr_encrypt_once(ncr_key_t key, ncr_params_t params, const ncr_data_t plaintext, ncr_data_t ciphertext); /*userspace */ -int ncr_encrypt_update(ncr_session_t session, const ncr_data_t plaintext, ncr_data_t ciphertext); /* ioctl SESSION_UPDATE */ -int ncr_encrypt_final(ncr_session_t session, ncr_data_t obj); /* ioctl SESSION_FINAL */ - -/* decryption functions */ -int ncr_decrypt_init(ncr_session_t* session, ncr_key_t key, ncr_params_t params); -int ncr_decrypt_once(ncr_key_t key, ncr_params_t params, const ncr_data_t ciphertext, ncr_data_t plaintext); -int ncr_decrypt_update(ncr_session_t session, const ncr_data_t ciphertext, ncr_data_t plaintext); -int ncr_decrypt_final(ncr_session_t session, ncr_data_t obj); - -/* PK hash functions */ -int ncr_digest_init(ncr_session_t* session, ncr_params_t params); -int ncr_digest_once(ncr_key_t key, ncr_params_t params, const ncr_data_t plaintext, ncr_data_t hash); -int ncr_digest_update(ncr_session_t session, const ncr_data_t plaintext); -int ncr_digest_final(ncr_session_t session, ncr_data_t hash); - -/* PK SIGN and MAC functions */ -int ncr_sign_init(ncr_session_t* session, ncr_key_t key, ncr_params_t params); -int ncr_sign_once(ncr_key_t key, ncr_params_t params, const ncr_data_t plaintext, ncr_data_t signature); -int ncr_sign_update(ncr_session_t session, const ncr_data_t plaintext); -int ncr_sign_final(ncr_session_t session, ncr_data_t signature); - -/* Verify PK signature or MAC signature */ -int ncr_verify_init(ncr_session_t* session, ncr_key_t key, ncr_params_t params); -int ncr_verify_once(ncr_key_t key, ncr_params_t params, const ncr_data_t plaintext, const ncr_data_t signature); -int ncr_verify_update(ncr_session_t session, const ncr_data_t plaintext); -int ncr_verify_final(ncr_session_t session, const ncr_data_t signature); - -/* Everything looks straight forward except for authentication - * algorithms such as Diffie Hellman. This should be done as in PKCS #11 - * as: - * ncr_key_generate_pair(our_pubkey, our_privkey) - * ncr_key_derive(shared_key, params -contain our privkey-, flags_for_new_key, peer_pubkey); - */ diff --git a/userspace/setkey.c b/userspace/setkey.c deleted file mode 100644 index 10e22b9cab6..00000000000 --- a/userspace/setkey.c +++ /dev/null @@ -1,87 +0,0 @@ -/* - * Demo on how to use /dev/crypto device for HMAC. - * - * Placed under public domain. - * - */ -#include <stdint.h> -#include <stdio.h> -#include <string.h> -#include <unistd.h> -#include <fcntl.h> -#include <time.h> -#include <sys/ioctl.h> -#include <sys/types.h> -#include <sys/stat.h> -#include "../ncr.h" -#include <stdlib.h> -#include <sys/types.h> -#include <sys/stat.h> -#include <unistd.h> - -int main(int argc, char** argv) -{ - int fd = -1; - FILE* fp; - struct ncr_master_key_set key; - int size, ret; - struct stat st; - uint8_t rawkey[32]; - - if (argc != 2) { - fprintf(stderr, "Usage: setkey [filename]\n"); - exit(1); - } - - /* check permissions */ - ret = stat(argv[1], &st); - if (ret < 0) { - fprintf(stderr, "Cannot find key: %s\n", argv[1]); - exit(1); - } - - if (st.st_mode & S_IROTH || st.st_mode & S_IRGRP || st.st_uid != 0) { - fprintf(stderr, "Key file must belong to root and must be readable by him only.\n"); - exit(1); - } - - /* read key */ - - memset(&key, 0, sizeof(key)); - fp = fopen(argv[1], "r"); - if (fp == NULL) { - fprintf(stderr, "Cannot read %s\n", argv[1]); - exit(1); - } - - size = fread(rawkey, 1, sizeof(rawkey), fp); - if (size < 16) { - fprintf(stderr, "Illegal key!\n"); - exit(1); - } - fclose(fp); - key.key = rawkey; - key.key_size = size; - - /* Open the crypto device */ - fd = open("/dev/crypto", O_RDWR, 0); - if (fd < 0) { - perror("open(/dev/crypto)"); - return 1; - } - - /* encrypt */ - - if (ioctl(fd, NCRIO_MASTER_KEY_SET, &key)) { - fprintf(stderr, "Error: %s:%d\n", __func__, __LINE__); - perror("ioctl(NCRIO_MASTER_KEY_SET)"); - return 1; - } - /* Close the original descriptor */ - if (close(fd)) { - perror("close(fd)"); - return 1; - } - - return 0; -} |