1 Code Examples 1 Code Examples 2 ============= 2 ============= 3 3 4 Code Example For Symmetric Key Cipher Operatio 4 Code Example For Symmetric Key Cipher Operation 5 ---------------------------------------------- 5 ----------------------------------------------- 6 6 7 This code encrypts some data with AES-256-XTS. << 8 all inputs are random bytes, the encryption is << 9 assumed the code is running in a context where << 10 << 11 :: 7 :: 12 8 >> 9 >> 10 /* tie all data structures together */ >> 11 struct skcipher_def { >> 12 struct scatterlist sg; >> 13 struct crypto_skcipher *tfm; >> 14 struct skcipher_request *req; >> 15 struct crypto_wait wait; >> 16 }; >> 17 >> 18 /* Perform cipher operation */ >> 19 static unsigned int test_skcipher_encdec(struct skcipher_def *sk, >> 20 int enc) >> 21 { >> 22 int rc; >> 23 >> 24 if (enc) >> 25 rc = crypto_wait_req(crypto_skcipher_encrypt(sk->req), &sk->wait); >> 26 else >> 27 rc = crypto_wait_req(crypto_skcipher_decrypt(sk->req), &sk->wait); >> 28 >> 29 if (rc) >> 30 pr_info("skcipher encrypt returned with result %d\n", rc); >> 31 >> 32 return rc; >> 33 } >> 34 >> 35 /* Initialize and trigger cipher operation */ 13 static int test_skcipher(void) 36 static int test_skcipher(void) 14 { 37 { 15 struct crypto_skcipher *tfm = NULL !! 38 struct skcipher_def sk; 16 struct skcipher_request *req = NUL !! 39 struct crypto_skcipher *skcipher = NULL; 17 u8 *data = NULL; !! 40 struct skcipher_request *req = NULL; 18 const size_t datasize = 512; /* da !! 41 char *scratchpad = NULL; 19 struct scatterlist sg; !! 42 char *ivdata = NULL; 20 DECLARE_CRYPTO_WAIT(wait); !! 43 unsigned char key[32]; 21 u8 iv[16]; /* AES-256-XTS takes a !! 44 int ret = -EFAULT; 22 u8 key[64]; /* AES-256-XTS takes a !! 45 23 int err; !! 46 skcipher = crypto_alloc_skcipher("cbc-aes-aesni", 0, 0); 24 !! 47 if (IS_ERR(skcipher)) { 25 /* !! 48 pr_info("could not allocate skcipher handle\n"); 26 * Allocate a tfm (a transformatio !! 49 return PTR_ERR(skcipher); 27 * !! 50 } 28 * In real-world use, a tfm and ke !! 51 29 * encryption/decryption operation !! 52 req = skcipher_request_alloc(skcipher, GFP_KERNEL); 30 * single encryption operation wit !! 53 if (!req) { 31 */ !! 54 pr_info("could not allocate skcipher request\n"); 32 !! 55 ret = -ENOMEM; 33 tfm = crypto_alloc_skcipher("xts(a !! 56 goto out; 34 if (IS_ERR(tfm)) { !! 57 } 35 pr_err("Error allocating x !! 58 36 return PTR_ERR(tfm); !! 59 skcipher_request_set_callback(req, CRYPTO_TFM_REQ_MAY_BACKLOG, 37 } !! 60 crypto_req_done, 38 !! 61 &sk.wait); 39 get_random_bytes(key, sizeof(key)) !! 62 40 err = crypto_skcipher_setkey(tfm, !! 63 /* AES 256 with random key */ 41 if (err) { !! 64 get_random_bytes(&key, 32); 42 pr_err("Error setting key: !! 65 if (crypto_skcipher_setkey(skcipher, key, 32)) { 43 goto out; !! 66 pr_info("key could not be set\n"); 44 } !! 67 ret = -EAGAIN; 45 !! 68 goto out; 46 /* Allocate a request object */ !! 69 } 47 req = skcipher_request_alloc(tfm, !! 70 48 if (!req) { !! 71 /* IV will be random */ 49 err = -ENOMEM; !! 72 ivdata = kmalloc(16, GFP_KERNEL); 50 goto out; !! 73 if (!ivdata) { 51 } !! 74 pr_info("could not allocate ivdata\n"); 52 !! 75 goto out; 53 /* Prepare the input data */ !! 76 } 54 data = kmalloc(datasize, GFP_KERNE !! 77 get_random_bytes(ivdata, 16); 55 if (!data) { !! 78 56 err = -ENOMEM; !! 79 /* Input data will be random */ 57 goto out; !! 80 scratchpad = kmalloc(16, GFP_KERNEL); 58 } !! 81 if (!scratchpad) { 59 get_random_bytes(data, datasize); !! 82 pr_info("could not allocate scratchpad\n"); 60 !! 83 goto out; 61 /* Initialize the IV */ !! 84 } 62 get_random_bytes(iv, sizeof(iv)); !! 85 get_random_bytes(scratchpad, 16); 63 !! 86 64 /* !! 87 sk.tfm = skcipher; 65 * Encrypt the data in-place. !! 88 sk.req = req; 66 * !! 89 67 * For simplicity, in this example !! 90 /* We encrypt one block */ 68 * before proceeding, even if the !! 91 sg_init_one(&sk.sg, scratchpad, 16); 69 * !! 92 skcipher_request_set_crypt(req, &sk.sg, &sk.sg, 16, ivdata); 70 * To decrypt instead of encrypt, !! 93 crypto_init_wait(&sk.wait); 71 * crypto_skcipher_decrypt(). !! 94 72 */ !! 95 /* encrypt data */ 73 sg_init_one(&sg, data, datasize); !! 96 ret = test_skcipher_encdec(&sk, 1); 74 skcipher_request_set_callback(req, !! 97 if (ret) 75 !! 98 goto out; 76 cryp !! 99 77 skcipher_request_set_crypt(req, &s !! 100 pr_info("Encryption triggered successfully\n"); 78 err = crypto_wait_req(crypto_skcip << 79 if (err) { << 80 pr_err("Error encrypting d << 81 goto out; << 82 } << 83 101 84 pr_debug("Encryption was successfu << 85 out: 102 out: 86 crypto_free_skcipher(tfm); !! 103 if (skcipher) >> 104 crypto_free_skcipher(skcipher); >> 105 if (req) 87 skcipher_request_free(req); 106 skcipher_request_free(req); 88 kfree(data); !! 107 if (ivdata) 89 return err; !! 108 kfree(ivdata); >> 109 if (scratchpad) >> 110 kfree(scratchpad); >> 111 return ret; 90 } 112 } 91 113 92 114 93 Code Example For Use of Operational State Memo 115 Code Example For Use of Operational State Memory With SHASH 94 ---------------------------------------------- 116 ----------------------------------------------------------- 95 117 96 :: 118 :: 97 119 98 120 99 struct sdesc { 121 struct sdesc { 100 struct shash_desc shash; 122 struct shash_desc shash; 101 char ctx[]; 123 char ctx[]; 102 }; 124 }; 103 125 104 static struct sdesc *init_sdesc(struct cry 126 static struct sdesc *init_sdesc(struct crypto_shash *alg) 105 { 127 { 106 struct sdesc *sdesc; 128 struct sdesc *sdesc; 107 int size; 129 int size; 108 130 109 size = sizeof(struct shash_desc) + cry 131 size = sizeof(struct shash_desc) + crypto_shash_descsize(alg); 110 sdesc = kmalloc(size, GFP_KERNEL); 132 sdesc = kmalloc(size, GFP_KERNEL); 111 if (!sdesc) 133 if (!sdesc) 112 return ERR_PTR(-ENOMEM); 134 return ERR_PTR(-ENOMEM); 113 sdesc->shash.tfm = alg; 135 sdesc->shash.tfm = alg; >> 136 sdesc->shash.flags = 0x0; 114 return sdesc; 137 return sdesc; 115 } 138 } 116 139 117 static int calc_hash(struct crypto_shash * 140 static int calc_hash(struct crypto_shash *alg, 118 const unsigned char *data, un 141 const unsigned char *data, unsigned int datalen, 119 unsigned char *digest) 142 unsigned char *digest) 120 { 143 { 121 struct sdesc *sdesc; 144 struct sdesc *sdesc; 122 int ret; 145 int ret; 123 146 124 sdesc = init_sdesc(alg); 147 sdesc = init_sdesc(alg); 125 if (IS_ERR(sdesc)) { 148 if (IS_ERR(sdesc)) { 126 pr_info("can't alloc sdesc\n"); 149 pr_info("can't alloc sdesc\n"); 127 return PTR_ERR(sdesc); 150 return PTR_ERR(sdesc); 128 } 151 } 129 152 130 ret = crypto_shash_digest(&sdesc->shas 153 ret = crypto_shash_digest(&sdesc->shash, data, datalen, digest); 131 kfree(sdesc); 154 kfree(sdesc); 132 return ret; 155 return ret; 133 } 156 } 134 157 135 static int test_hash(const unsigned char * 158 static int test_hash(const unsigned char *data, unsigned int datalen, 136 unsigned char *digest) 159 unsigned char *digest) 137 { 160 { 138 struct crypto_shash *alg; 161 struct crypto_shash *alg; 139 char *hash_alg_name = "sha1-padlock-na 162 char *hash_alg_name = "sha1-padlock-nano"; 140 int ret; 163 int ret; 141 164 142 alg = crypto_alloc_shash(hash_alg_name 165 alg = crypto_alloc_shash(hash_alg_name, 0, 0); 143 if (IS_ERR(alg)) { 166 if (IS_ERR(alg)) { 144 pr_info("can't alloc alg %s\n" 167 pr_info("can't alloc alg %s\n", hash_alg_name); 145 return PTR_ERR(alg); 168 return PTR_ERR(alg); 146 } 169 } 147 ret = calc_hash(alg, data, datalen, di 170 ret = calc_hash(alg, data, datalen, digest); 148 crypto_free_shash(alg); 171 crypto_free_shash(alg); 149 return ret; 172 return ret; 150 } 173 } 151 174 152 175 153 Code Example For Random Number Generator Usage 176 Code Example For Random Number Generator Usage 154 ---------------------------------------------- 177 ---------------------------------------------- 155 178 156 :: 179 :: 157 180 158 181 159 static int get_random_numbers(u8 *buf, uns 182 static int get_random_numbers(u8 *buf, unsigned int len) 160 { 183 { 161 struct crypto_rng *rng = NULL; 184 struct crypto_rng *rng = NULL; 162 char *drbg = "drbg_nopr_sha256"; /* Ha 185 char *drbg = "drbg_nopr_sha256"; /* Hash DRBG with SHA-256, no PR */ 163 int ret; 186 int ret; 164 187 165 if (!buf || !len) { 188 if (!buf || !len) { 166 pr_debug("No output buffer provide 189 pr_debug("No output buffer provided\n"); 167 return -EINVAL; 190 return -EINVAL; 168 } 191 } 169 192 170 rng = crypto_alloc_rng(drbg, 0, 0); 193 rng = crypto_alloc_rng(drbg, 0, 0); 171 if (IS_ERR(rng)) { 194 if (IS_ERR(rng)) { 172 pr_debug("could not allocate RNG h 195 pr_debug("could not allocate RNG handle for %s\n", drbg); 173 return PTR_ERR(rng); 196 return PTR_ERR(rng); 174 } 197 } 175 198 176 ret = crypto_rng_get_bytes(rng, buf, l 199 ret = crypto_rng_get_bytes(rng, buf, len); 177 if (ret < 0) 200 if (ret < 0) 178 pr_debug("generation of random num 201 pr_debug("generation of random numbers failed\n"); 179 else if (ret == 0) 202 else if (ret == 0) 180 pr_debug("RNG returned no data"); 203 pr_debug("RNG returned no data"); 181 else 204 else 182 pr_debug("RNG returned %d bytes of 205 pr_debug("RNG returned %d bytes of data\n", ret); 183 206 184 out: 207 out: 185 crypto_free_rng(rng); 208 crypto_free_rng(rng); 186 return ret; 209 return ret; 187 } 210 }
Linux® is a registered trademark of Linus Torvalds in the United States and other countries.
TOMOYO® is a registered trademark of NTT DATA CORPORATION.