~ [ source navigation ] ~ [ diff markup ] ~ [ identifier search ] ~

TOMOYO Linux Cross Reference
Linux/Documentation/crypto/api-samples.rst

Version: ~ [ linux-6.12-rc7 ] ~ [ linux-6.11.7 ] ~ [ linux-6.10.14 ] ~ [ linux-6.9.12 ] ~ [ linux-6.8.12 ] ~ [ linux-6.7.12 ] ~ [ linux-6.6.60 ] ~ [ linux-6.5.13 ] ~ [ linux-6.4.16 ] ~ [ linux-6.3.13 ] ~ [ linux-6.2.16 ] ~ [ linux-6.1.116 ] ~ [ linux-6.0.19 ] ~ [ linux-5.19.17 ] ~ [ linux-5.18.19 ] ~ [ linux-5.17.15 ] ~ [ linux-5.16.20 ] ~ [ linux-5.15.171 ] ~ [ linux-5.14.21 ] ~ [ linux-5.13.19 ] ~ [ linux-5.12.19 ] ~ [ linux-5.11.22 ] ~ [ linux-5.10.229 ] ~ [ linux-5.9.16 ] ~ [ linux-5.8.18 ] ~ [ linux-5.7.19 ] ~ [ linux-5.6.19 ] ~ [ linux-5.5.19 ] ~ [ linux-5.4.285 ] ~ [ linux-5.3.18 ] ~ [ linux-5.2.21 ] ~ [ linux-5.1.21 ] ~ [ linux-5.0.21 ] ~ [ linux-4.20.17 ] ~ [ linux-4.19.323 ] ~ [ linux-4.18.20 ] ~ [ linux-4.17.19 ] ~ [ linux-4.16.18 ] ~ [ linux-4.15.18 ] ~ [ linux-4.14.336 ] ~ [ linux-4.13.16 ] ~ [ linux-4.12.14 ] ~ [ linux-4.11.12 ] ~ [ linux-4.10.17 ] ~ [ linux-4.9.337 ] ~ [ linux-4.4.302 ] ~ [ linux-3.10.108 ] ~ [ linux-2.6.32.71 ] ~ [ linux-2.6.0 ] ~ [ linux-2.4.37.11 ] ~ [ unix-v6-master ] ~ [ ccs-tools-1.8.12 ] ~ [ policy-sample ] ~
Architecture: ~ [ i386 ] ~ [ alpha ] ~ [ m68k ] ~ [ mips ] ~ [ ppc ] ~ [ sparc ] ~ [ sparc64 ] ~

Diff markup

Differences between /Documentation/crypto/api-samples.rst (Version linux-6.12-rc7) and /Documentation/crypto/api-samples.rst (Version linux-5.8.18)


  1 Code Examples                                       1 Code Examples
  2 =============                                       2 =============
  3                                                     3 
  4 Code Example For Symmetric Key Cipher Operatio      4 Code Example For Symmetric Key Cipher Operation
  5 ----------------------------------------------      5 -----------------------------------------------
  6                                                     6 
  7 This code encrypts some data with AES-256-XTS.      7 This code encrypts some data with AES-256-XTS.  For sake of example,
  8 all inputs are random bytes, the encryption is      8 all inputs are random bytes, the encryption is done in-place, and it's
  9 assumed the code is running in a context where      9 assumed the code is running in a context where it can sleep.
 10                                                    10 
 11 ::                                                 11 ::
 12                                                    12 
 13     static int test_skcipher(void)                 13     static int test_skcipher(void)
 14     {                                              14     {
 15             struct crypto_skcipher *tfm = NULL     15             struct crypto_skcipher *tfm = NULL;
 16             struct skcipher_request *req = NUL     16             struct skcipher_request *req = NULL;
 17             u8 *data = NULL;                       17             u8 *data = NULL;
 18             const size_t datasize = 512; /* da     18             const size_t datasize = 512; /* data size in bytes */
 19             struct scatterlist sg;                 19             struct scatterlist sg;
 20             DECLARE_CRYPTO_WAIT(wait);             20             DECLARE_CRYPTO_WAIT(wait);
 21             u8 iv[16];  /* AES-256-XTS takes a     21             u8 iv[16];  /* AES-256-XTS takes a 16-byte IV */
 22             u8 key[64]; /* AES-256-XTS takes a     22             u8 key[64]; /* AES-256-XTS takes a 64-byte key */
 23             int err;                               23             int err;
 24                                                    24 
 25             /*                                     25             /*
 26              * Allocate a tfm (a transformatio     26              * Allocate a tfm (a transformation object) and set the key.
 27              *                                     27              *
 28              * In real-world use, a tfm and ke     28              * In real-world use, a tfm and key are typically used for many
 29              * encryption/decryption operation     29              * encryption/decryption operations.  But in this example, we'll just do a
 30              * single encryption operation wit     30              * single encryption operation with it (which is not very efficient).
 31              */                                    31              */
 32                                                    32 
 33             tfm = crypto_alloc_skcipher("xts(a     33             tfm = crypto_alloc_skcipher("xts(aes)", 0, 0);
 34             if (IS_ERR(tfm)) {                     34             if (IS_ERR(tfm)) {
 35                     pr_err("Error allocating x     35                     pr_err("Error allocating xts(aes) handle: %ld\n", PTR_ERR(tfm));
 36                     return PTR_ERR(tfm);           36                     return PTR_ERR(tfm);
 37             }                                      37             }
 38                                                    38 
 39             get_random_bytes(key, sizeof(key))     39             get_random_bytes(key, sizeof(key));
 40             err = crypto_skcipher_setkey(tfm,      40             err = crypto_skcipher_setkey(tfm, key, sizeof(key));
 41             if (err) {                             41             if (err) {
 42                     pr_err("Error setting key:     42                     pr_err("Error setting key: %d\n", err);
 43                     goto out;                      43                     goto out;
 44             }                                      44             }
 45                                                    45 
 46             /* Allocate a request object */        46             /* Allocate a request object */
 47             req = skcipher_request_alloc(tfm,      47             req = skcipher_request_alloc(tfm, GFP_KERNEL);
 48             if (!req) {                            48             if (!req) {
 49                     err = -ENOMEM;                 49                     err = -ENOMEM;
 50                     goto out;                      50                     goto out;
 51             }                                      51             }
 52                                                    52 
 53             /* Prepare the input data */           53             /* Prepare the input data */
 54             data = kmalloc(datasize, GFP_KERNE     54             data = kmalloc(datasize, GFP_KERNEL);
 55             if (!data) {                           55             if (!data) {
 56                     err = -ENOMEM;                 56                     err = -ENOMEM;
 57                     goto out;                      57                     goto out;
 58             }                                      58             }
 59             get_random_bytes(data, datasize);      59             get_random_bytes(data, datasize);
 60                                                    60 
 61             /* Initialize the IV */                61             /* Initialize the IV */
 62             get_random_bytes(iv, sizeof(iv));      62             get_random_bytes(iv, sizeof(iv));
 63                                                    63 
 64             /*                                     64             /*
 65              * Encrypt the data in-place.          65              * Encrypt the data in-place.
 66              *                                     66              *
 67              * For simplicity, in this example     67              * For simplicity, in this example we wait for the request to complete
 68              * before proceeding, even if the      68              * before proceeding, even if the underlying implementation is asynchronous.
 69              *                                     69              *
 70              * To decrypt instead of encrypt,      70              * To decrypt instead of encrypt, just change crypto_skcipher_encrypt() to
 71              * crypto_skcipher_decrypt().          71              * crypto_skcipher_decrypt().
 72              */                                    72              */
 73             sg_init_one(&sg, data, datasize);      73             sg_init_one(&sg, data, datasize);
 74             skcipher_request_set_callback(req,     74             skcipher_request_set_callback(req, CRYPTO_TFM_REQ_MAY_BACKLOG |
 75                                                    75                                                CRYPTO_TFM_REQ_MAY_SLEEP,
 76                                           cryp     76                                           crypto_req_done, &wait);
 77             skcipher_request_set_crypt(req, &s     77             skcipher_request_set_crypt(req, &sg, &sg, datasize, iv);
 78             err = crypto_wait_req(crypto_skcip     78             err = crypto_wait_req(crypto_skcipher_encrypt(req), &wait);
 79             if (err) {                             79             if (err) {
 80                     pr_err("Error encrypting d     80                     pr_err("Error encrypting data: %d\n", err);
 81                     goto out;                      81                     goto out;
 82             }                                      82             }
 83                                                    83 
 84             pr_debug("Encryption was successfu     84             pr_debug("Encryption was successful\n");
 85     out:                                           85     out:
 86             crypto_free_skcipher(tfm);             86             crypto_free_skcipher(tfm);
 87             skcipher_request_free(req);            87             skcipher_request_free(req);
 88             kfree(data);                           88             kfree(data);
 89             return err;                            89             return err;
 90     }                                              90     }
 91                                                    91 
 92                                                    92 
 93 Code Example For Use of Operational State Memo     93 Code Example For Use of Operational State Memory With SHASH
 94 ----------------------------------------------     94 -----------------------------------------------------------
 95                                                    95 
 96 ::                                                 96 ::
 97                                                    97 
 98                                                    98 
 99     struct sdesc {                                 99     struct sdesc {
100         struct shash_desc shash;                  100         struct shash_desc shash;
101         char ctx[];                               101         char ctx[];
102     };                                            102     };
103                                                   103 
104     static struct sdesc *init_sdesc(struct cry    104     static struct sdesc *init_sdesc(struct crypto_shash *alg)
105     {                                             105     {
106         struct sdesc *sdesc;                      106         struct sdesc *sdesc;
107         int size;                                 107         int size;
108                                                   108 
109         size = sizeof(struct shash_desc) + cry    109         size = sizeof(struct shash_desc) + crypto_shash_descsize(alg);
110         sdesc = kmalloc(size, GFP_KERNEL);        110         sdesc = kmalloc(size, GFP_KERNEL);
111         if (!sdesc)                               111         if (!sdesc)
112             return ERR_PTR(-ENOMEM);              112             return ERR_PTR(-ENOMEM);
113         sdesc->shash.tfm = alg;                   113         sdesc->shash.tfm = alg;
114         return sdesc;                             114         return sdesc;
115     }                                             115     }
116                                                   116 
117     static int calc_hash(struct crypto_shash *    117     static int calc_hash(struct crypto_shash *alg,
118                  const unsigned char *data, un    118                  const unsigned char *data, unsigned int datalen,
119                  unsigned char *digest)           119                  unsigned char *digest)
120     {                                             120     {
121         struct sdesc *sdesc;                      121         struct sdesc *sdesc;
122         int ret;                                  122         int ret;
123                                                   123 
124         sdesc = init_sdesc(alg);                  124         sdesc = init_sdesc(alg);
125         if (IS_ERR(sdesc)) {                      125         if (IS_ERR(sdesc)) {
126             pr_info("can't alloc sdesc\n");       126             pr_info("can't alloc sdesc\n");
127             return PTR_ERR(sdesc);                127             return PTR_ERR(sdesc);
128         }                                         128         }
129                                                   129 
130         ret = crypto_shash_digest(&sdesc->shas    130         ret = crypto_shash_digest(&sdesc->shash, data, datalen, digest);
131         kfree(sdesc);                             131         kfree(sdesc);
132         return ret;                               132         return ret;
133     }                                             133     }
134                                                   134 
135     static int test_hash(const unsigned char *    135     static int test_hash(const unsigned char *data, unsigned int datalen,
136                  unsigned char *digest)           136                  unsigned char *digest)
137     {                                             137     {
138         struct crypto_shash *alg;                 138         struct crypto_shash *alg;
139         char *hash_alg_name = "sha1-padlock-na    139         char *hash_alg_name = "sha1-padlock-nano";
140         int ret;                                  140         int ret;
141                                                   141 
142         alg = crypto_alloc_shash(hash_alg_name    142         alg = crypto_alloc_shash(hash_alg_name, 0, 0);
143         if (IS_ERR(alg)) {                        143         if (IS_ERR(alg)) {
144                 pr_info("can't alloc alg %s\n"    144                 pr_info("can't alloc alg %s\n", hash_alg_name);
145                 return PTR_ERR(alg);              145                 return PTR_ERR(alg);
146         }                                         146         }
147         ret = calc_hash(alg, data, datalen, di    147         ret = calc_hash(alg, data, datalen, digest);
148         crypto_free_shash(alg);                   148         crypto_free_shash(alg);
149         return ret;                               149         return ret;
150     }                                             150     }
151                                                   151 
152                                                   152 
153 Code Example For Random Number Generator Usage    153 Code Example For Random Number Generator Usage
154 ----------------------------------------------    154 ----------------------------------------------
155                                                   155 
156 ::                                                156 ::
157                                                   157 
158                                                   158 
159     static int get_random_numbers(u8 *buf, uns    159     static int get_random_numbers(u8 *buf, unsigned int len)
160     {                                             160     {
161         struct crypto_rng *rng = NULL;            161         struct crypto_rng *rng = NULL;
162         char *drbg = "drbg_nopr_sha256"; /* Ha    162         char *drbg = "drbg_nopr_sha256"; /* Hash DRBG with SHA-256, no PR */
163         int ret;                                  163         int ret;
164                                                   164 
165         if (!buf || !len) {                       165         if (!buf || !len) {
166             pr_debug("No output buffer provide    166             pr_debug("No output buffer provided\n");
167             return -EINVAL;                       167             return -EINVAL;
168         }                                         168         }
169                                                   169 
170         rng = crypto_alloc_rng(drbg, 0, 0);       170         rng = crypto_alloc_rng(drbg, 0, 0);
171         if (IS_ERR(rng)) {                        171         if (IS_ERR(rng)) {
172             pr_debug("could not allocate RNG h    172             pr_debug("could not allocate RNG handle for %s\n", drbg);
173             return PTR_ERR(rng);                  173             return PTR_ERR(rng);
174         }                                         174         }
175                                                   175 
176         ret = crypto_rng_get_bytes(rng, buf, l    176         ret = crypto_rng_get_bytes(rng, buf, len);
177         if (ret < 0)                              177         if (ret < 0)
178             pr_debug("generation of random num    178             pr_debug("generation of random numbers failed\n");
179         else if (ret == 0)                        179         else if (ret == 0)
180             pr_debug("RNG returned no data");     180             pr_debug("RNG returned no data");
181         else                                      181         else
182             pr_debug("RNG returned %d bytes of    182             pr_debug("RNG returned %d bytes of data\n", ret);
183                                                   183 
184     out:                                          184     out:
185         crypto_free_rng(rng);                     185         crypto_free_rng(rng);
186         return ret;                               186         return ret;
187     }                                             187     }
                                                      

~ [ source navigation ] ~ [ diff markup ] ~ [ identifier search ] ~

kernel.org | git.kernel.org | LWN.net | Project Home | SVN repository | Mail admin

Linux® is a registered trademark of Linus Torvalds in the United States and other countries.
TOMOYO® is a registered trademark of NTT DATA CORPORATION.

sflogo.php