summaryrefslogtreecommitdiffstats
path: root/ncr-int.h
blob: b7c6ed4b132d03e72d0d2b54db3038161a809147 (plain)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
#ifndef NCR_INT_H
# define NCR_INT_H

#include <linux/idr.h>
#include <linux/mutex.h>
#include "ncr.h"
#include <asm/atomic.h>
#include "cryptodev_int.h"
#include <ncr-pk.h>
#include <ncr-dh.h>

#define KEY_DATA_MAX_SIZE 3*1024
#define NCR_CIPHER_MAX_KEY_LEN 1024

#define err() printk(KERN_DEBUG"ncr: %s: %s: %d\n", __FILE__, __func__, __LINE__)

struct algo_properties_st {
	ncr_algorithm_t algo;
	const char *kstr;
	unsigned needs_iv:1;
	unsigned is_hmac:1;
	unsigned can_sign:1;
	unsigned can_digest:1;
	unsigned can_encrypt:1;
	unsigned can_kx:1; /* key exchange */
	unsigned is_symmetric:1;
	unsigned is_pk:1;
	int digest_size;
	/* NCR_KEY_TYPE_SECRET if for a secret key algorithm or MAC,
	 * NCR_KEY_TYPE_PUBLIC for a public key algorithm.
	 */
	ncr_key_type_t key_type;
};

struct session_item_st {
	const struct algo_properties_st *algorithm;
	ncr_crypto_op_t op;

	/* contexts for various options.
	 * simpler to have them like that than
	 * in a union.
	 */
	struct cipher_data cipher;
	struct ncr_pk_ctx pk;
	struct hash_data hash;

	struct scatterlist *sg;
	struct page **pages;
	unsigned array_size;
	unsigned available_pages;
	struct mutex mem_mutex; /* down when the
		* values above are changed.
		*/

	struct key_item_st* key;

	atomic_t refcnt;
	ncr_session_t desc;
};

struct key_item_st {
	/* This object is also not protected from concurrent access.
	 */
	ncr_key_type_t type;
	unsigned int flags;
	const struct algo_properties_st *algorithm; /* non-NULL for public/private keys */
	uint8_t key_id[MAX_KEY_ID_SIZE];
	size_t key_id_size;

	union {
		struct {
			uint8_t data[NCR_CIPHER_MAX_KEY_LEN];
			size_t size;
		} secret;
		union {
			rsa_key rsa;
			dsa_key dsa;
			dh_key dh;
		} pk;
	} key;

	atomic_t refcnt;
	atomic_t writer;

	/* owner. The one charged with this */
	uid_t uid;
	pid_t pid;

	ncr_key_t desc;
};

/* all the data associated with the open descriptor
 * are here.
 */
struct ncr_lists {
	struct mutex key_idr_mutex;
	struct idr key_idr;

	/* sessions */
	struct mutex session_idr_mutex;
	struct idr session_idr;
};

void* ncr_init_lists(void);
void ncr_deinit_lists(struct ncr_lists *lst);

int ncr_ioctl(struct ncr_lists *lst, unsigned int cmd, unsigned long arg);
long ncr_compat_ioctl(struct ncr_lists *lst, unsigned int cmd,
		      unsigned long arg);

/* key derivation */
int ncr_key_derive(struct ncr_lists *lst, void __user* arg);

void ncr_key_clear(struct key_item_st* item);
void ncr_key_assign_flags(struct key_item_st* item, unsigned int flags);

/* key handling */
int ncr_key_init(struct ncr_lists *lst, void __user* arg);
int ncr_key_deinit(struct ncr_lists *lst, void __user* arg);
int ncr_key_export(struct ncr_lists *lst, void __user* arg);
int ncr_key_import(struct ncr_lists *lst, void __user* arg);
void ncr_key_list_deinit(struct ncr_lists *lst);
int ncr_key_generate(struct ncr_lists *lst, void __user* arg);
int ncr_key_info(struct ncr_lists *lst, void __user* arg);

int ncr_key_generate_pair(struct ncr_lists *lst, void __user* arg);
int ncr_key_get_public(struct ncr_lists *lst, void __user* arg);

int ncr_key_item_get_read(struct key_item_st**st, struct ncr_lists *lst,
	ncr_key_t desc);
/* get key item for writing */
int ncr_key_item_get_write( struct key_item_st** st,
	struct ncr_lists *lst, ncr_key_t desc);
void _ncr_key_item_put( struct key_item_st* item);

typedef enum {
	LIMIT_TYPE_KEY,
	NUM_LIMIT_TYPES
} limits_type_t;

void ncr_limits_remove(uid_t uid, pid_t pid, limits_type_t type);
int ncr_limits_add_and_check(uid_t uid, pid_t pid, limits_type_t type);
void ncr_limits_init(void);
void ncr_limits_deinit(void);

int ncr_key_wrap(struct ncr_lists *lst, void __user* arg);
int ncr_key_unwrap(struct ncr_lists *lst, void __user* arg);
int ncr_key_storage_wrap(struct ncr_lists *lst, void __user* arg);
int ncr_key_storage_unwrap(struct ncr_lists *lst, void __user* arg);

/* sessions */
struct session_item_st* ncr_session_new(struct ncr_lists *lst);
void _ncr_sessions_item_put( struct session_item_st* item);
struct session_item_st* ncr_sessions_item_get(struct ncr_lists *lst, ncr_session_t desc);
void ncr_sessions_list_deinit(struct ncr_lists *lst);

int ncr_session_init(struct ncr_lists* lists, void __user* arg);
int ncr_session_update(struct ncr_lists* lists, void __user* arg);
int ncr_session_final(struct ncr_lists* lists, void __user* arg);
int ncr_session_once(struct ncr_lists* lists, void __user* arg);

/* master key */
extern struct key_item_st master_key;

void ncr_master_key_reset(void);

/* storage */
int key_from_storage_data(struct key_item_st* key, const void* data, size_t data_size);
int key_to_storage_data( uint8_t** data, size_t * data_size, const struct key_item_st *key);


/* misc helper macros */

const struct algo_properties_st *_ncr_algo_to_properties(ncr_algorithm_t algo);
const struct algo_properties_st *ncr_key_params_get_sign_hash(const struct algo_properties_st *algo, struct ncr_key_params_st * params);
int _ncr_key_get_sec_level(struct key_item_st* item);

#endif