~ [ source navigation ] ~ [ diff markup ] ~ [ identifier search ] ~

TOMOYO Linux Cross Reference
Linux/Documentation/crypto/api-samples.rst

Version: ~ [ linux-6.12-rc7 ] ~ [ linux-6.11.7 ] ~ [ linux-6.10.14 ] ~ [ linux-6.9.12 ] ~ [ linux-6.8.12 ] ~ [ linux-6.7.12 ] ~ [ linux-6.6.60 ] ~ [ linux-6.5.13 ] ~ [ linux-6.4.16 ] ~ [ linux-6.3.13 ] ~ [ linux-6.2.16 ] ~ [ linux-6.1.116 ] ~ [ linux-6.0.19 ] ~ [ linux-5.19.17 ] ~ [ linux-5.18.19 ] ~ [ linux-5.17.15 ] ~ [ linux-5.16.20 ] ~ [ linux-5.15.171 ] ~ [ linux-5.14.21 ] ~ [ linux-5.13.19 ] ~ [ linux-5.12.19 ] ~ [ linux-5.11.22 ] ~ [ linux-5.10.229 ] ~ [ linux-5.9.16 ] ~ [ linux-5.8.18 ] ~ [ linux-5.7.19 ] ~ [ linux-5.6.19 ] ~ [ linux-5.5.19 ] ~ [ linux-5.4.285 ] ~ [ linux-5.3.18 ] ~ [ linux-5.2.21 ] ~ [ linux-5.1.21 ] ~ [ linux-5.0.21 ] ~ [ linux-4.20.17 ] ~ [ linux-4.19.323 ] ~ [ linux-4.18.20 ] ~ [ linux-4.17.19 ] ~ [ linux-4.16.18 ] ~ [ linux-4.15.18 ] ~ [ linux-4.14.336 ] ~ [ linux-4.13.16 ] ~ [ linux-4.12.14 ] ~ [ linux-4.11.12 ] ~ [ linux-4.10.17 ] ~ [ linux-4.9.337 ] ~ [ linux-4.4.302 ] ~ [ linux-3.10.108 ] ~ [ linux-2.6.32.71 ] ~ [ linux-2.6.0 ] ~ [ linux-2.4.37.11 ] ~ [ unix-v6-master ] ~ [ ccs-tools-1.8.12 ] ~ [ policy-sample ] ~
Architecture: ~ [ i386 ] ~ [ alpha ] ~ [ m68k ] ~ [ mips ] ~ [ ppc ] ~ [ sparc ] ~ [ sparc64 ] ~

Diff markup

Differences between /Documentation/crypto/api-samples.rst (Version linux-6.12-rc7) and /Documentation/crypto/api-samples.rst (Version linux-4.10.17)


  1 Code Examples                                       1 Code Examples
  2 =============                                       2 =============
  3                                                     3 
  4 Code Example For Symmetric Key Cipher Operatio      4 Code Example For Symmetric Key Cipher Operation
  5 ----------------------------------------------      5 -----------------------------------------------
  6                                                     6 
  7 This code encrypts some data with AES-256-XTS. << 
  8 all inputs are random bytes, the encryption is << 
  9 assumed the code is running in a context where << 
 10                                                << 
 11 ::                                                  7 ::
 12                                                     8 
 13     static int test_skcipher(void)             !!   9 
                                                   >>  10     struct tcrypt_result {
                                                   >>  11         struct completion completion;
                                                   >>  12         int err;
                                                   >>  13     };
                                                   >>  14 
                                                   >>  15     /* tie all data structures together */
                                                   >>  16     struct skcipher_def {
                                                   >>  17         struct scatterlist sg;
                                                   >>  18         struct crypto_skcipher *tfm;
                                                   >>  19         struct skcipher_request *req;
                                                   >>  20         struct tcrypt_result result;
                                                   >>  21     };
                                                   >>  22 
                                                   >>  23     /* Callback function */
                                                   >>  24     static void test_skcipher_cb(struct crypto_async_request *req, int error)
 14     {                                              25     {
 15             struct crypto_skcipher *tfm = NULL !!  26         struct tcrypt_result *result = req->data;
 16             struct skcipher_request *req = NUL << 
 17             u8 *data = NULL;                   << 
 18             const size_t datasize = 512; /* da << 
 19             struct scatterlist sg;             << 
 20             DECLARE_CRYPTO_WAIT(wait);         << 
 21             u8 iv[16];  /* AES-256-XTS takes a << 
 22             u8 key[64]; /* AES-256-XTS takes a << 
 23             int err;                           << 
 24                                                << 
 25             /*                                 << 
 26              * Allocate a tfm (a transformatio << 
 27              *                                 << 
 28              * In real-world use, a tfm and ke << 
 29              * encryption/decryption operation << 
 30              * single encryption operation wit << 
 31              */                                << 
 32                                                << 
 33             tfm = crypto_alloc_skcipher("xts(a << 
 34             if (IS_ERR(tfm)) {                 << 
 35                     pr_err("Error allocating x << 
 36                     return PTR_ERR(tfm);       << 
 37             }                                  << 
 38                                                    27 
 39             get_random_bytes(key, sizeof(key)) !!  28         if (error == -EINPROGRESS)
 40             err = crypto_skcipher_setkey(tfm,  !!  29             return;
 41             if (err) {                         !!  30         result->err = error;
 42                     pr_err("Error setting key: !!  31         complete(&result->completion);
 43                     goto out;                  !!  32         pr_info("Encryption finished successfully\n");
 44             }                                  !!  33     }
 45                                                    34 
 46             /* Allocate a request object */    !!  35     /* Perform cipher operation */
 47             req = skcipher_request_alloc(tfm,  !!  36     static unsigned int test_skcipher_encdec(struct skcipher_def *sk,
 48             if (!req) {                        !!  37                          int enc)
 49                     err = -ENOMEM;             !!  38     {
 50                     goto out;                  !!  39         int rc = 0;
 51             }                                  << 
 52                                                    40 
 53             /* Prepare the input data */       !!  41         if (enc)
 54             data = kmalloc(datasize, GFP_KERNE !!  42             rc = crypto_skcipher_encrypt(sk->req);
 55             if (!data) {                       !!  43         else
 56                     err = -ENOMEM;             !!  44             rc = crypto_skcipher_decrypt(sk->req);
 57                     goto out;                  !!  45 
                                                   >>  46         switch (rc) {
                                                   >>  47         case 0:
                                                   >>  48             break;
                                                   >>  49         case -EINPROGRESS:
                                                   >>  50         case -EBUSY:
                                                   >>  51             rc = wait_for_completion_interruptible(
                                                   >>  52                 &sk->result.completion);
                                                   >>  53             if (!rc && !sk->result.err) {
                                                   >>  54                 reinit_completion(&sk->result.completion);
                                                   >>  55                 break;
 58             }                                      56             }
 59             get_random_bytes(data, datasize);  !!  57         default:
                                                   >>  58             pr_info("skcipher encrypt returned with %d result %d\n",
                                                   >>  59                 rc, sk->result.err);
                                                   >>  60             break;
                                                   >>  61         }
                                                   >>  62         init_completion(&sk->result.completion);
 60                                                    63 
 61             /* Initialize the IV */            !!  64         return rc;
 62             get_random_bytes(iv, sizeof(iv));  !!  65     }
 63                                                    66 
 64             /*                                 !!  67     /* Initialize and trigger cipher operation */
 65              * Encrypt the data in-place.      !!  68     static int test_skcipher(void)
 66              *                                 !!  69     {
 67              * For simplicity, in this example !!  70         struct skcipher_def sk;
 68              * before proceeding, even if the  !!  71         struct crypto_skcipher *skcipher = NULL;
 69              *                                 !!  72         struct skcipher_request *req = NULL;
 70              * To decrypt instead of encrypt,  !!  73         char *scratchpad = NULL;
 71              * crypto_skcipher_decrypt().      !!  74         char *ivdata = NULL;
 72              */                                !!  75         unsigned char key[32];
 73             sg_init_one(&sg, data, datasize);  !!  76         int ret = -EFAULT;
 74             skcipher_request_set_callback(req, !!  77 
 75                                                !!  78         skcipher = crypto_alloc_skcipher("cbc-aes-aesni", 0, 0);
 76                                           cryp !!  79         if (IS_ERR(skcipher)) {
 77             skcipher_request_set_crypt(req, &s !!  80             pr_info("could not allocate skcipher handle\n");
 78             err = crypto_wait_req(crypto_skcip !!  81             return PTR_ERR(skcipher);
 79             if (err) {                         !!  82         }
 80                     pr_err("Error encrypting d !!  83 
 81                     goto out;                  !!  84         req = skcipher_request_alloc(skcipher, GFP_KERNEL);
 82             }                                  !!  85         if (!req) {
                                                   >>  86             pr_info("could not allocate skcipher request\n");
                                                   >>  87             ret = -ENOMEM;
                                                   >>  88             goto out;
                                                   >>  89         }
                                                   >>  90 
                                                   >>  91         skcipher_request_set_callback(req, CRYPTO_TFM_REQ_MAY_BACKLOG,
                                                   >>  92                           test_skcipher_cb,
                                                   >>  93                           &sk.result);
                                                   >>  94 
                                                   >>  95         /* AES 256 with random key */
                                                   >>  96         get_random_bytes(&key, 32);
                                                   >>  97         if (crypto_skcipher_setkey(skcipher, key, 32)) {
                                                   >>  98             pr_info("key could not be set\n");
                                                   >>  99             ret = -EAGAIN;
                                                   >> 100             goto out;
                                                   >> 101         }
                                                   >> 102 
                                                   >> 103         /* IV will be random */
                                                   >> 104         ivdata = kmalloc(16, GFP_KERNEL);
                                                   >> 105         if (!ivdata) {
                                                   >> 106             pr_info("could not allocate ivdata\n");
                                                   >> 107             goto out;
                                                   >> 108         }
                                                   >> 109         get_random_bytes(ivdata, 16);
                                                   >> 110 
                                                   >> 111         /* Input data will be random */
                                                   >> 112         scratchpad = kmalloc(16, GFP_KERNEL);
                                                   >> 113         if (!scratchpad) {
                                                   >> 114             pr_info("could not allocate scratchpad\n");
                                                   >> 115             goto out;
                                                   >> 116         }
                                                   >> 117         get_random_bytes(scratchpad, 16);
                                                   >> 118 
                                                   >> 119         sk.tfm = skcipher;
                                                   >> 120         sk.req = req;
                                                   >> 121 
                                                   >> 122         /* We encrypt one block */
                                                   >> 123         sg_init_one(&sk.sg, scratchpad, 16);
                                                   >> 124         skcipher_request_set_crypt(req, &sk.sg, &sk.sg, 16, ivdata);
                                                   >> 125         init_completion(&sk.result.completion);
                                                   >> 126 
                                                   >> 127         /* encrypt data */
                                                   >> 128         ret = test_skcipher_encdec(&sk, 1);
                                                   >> 129         if (ret)
                                                   >> 130             goto out;
                                                   >> 131 
                                                   >> 132         pr_info("Encryption triggered successfully\n");
 83                                                   133 
 84             pr_debug("Encryption was successfu << 
 85     out:                                          134     out:
 86             crypto_free_skcipher(tfm);         !! 135         if (skcipher)
                                                   >> 136             crypto_free_skcipher(skcipher);
                                                   >> 137         if (req)
 87             skcipher_request_free(req);           138             skcipher_request_free(req);
 88             kfree(data);                       !! 139         if (ivdata)
 89             return err;                        !! 140             kfree(ivdata);
                                                   >> 141         if (scratchpad)
                                                   >> 142             kfree(scratchpad);
                                                   >> 143         return ret;
 90     }                                             144     }
 91                                                   145 
 92                                                   146 
 93 Code Example For Use of Operational State Memo    147 Code Example For Use of Operational State Memory With SHASH
 94 ----------------------------------------------    148 -----------------------------------------------------------
 95                                                   149 
 96 ::                                                150 ::
 97                                                   151 
 98                                                   152 
 99     struct sdesc {                                153     struct sdesc {
100         struct shash_desc shash;                  154         struct shash_desc shash;
101         char ctx[];                               155         char ctx[];
102     };                                            156     };
103                                                   157 
104     static struct sdesc *init_sdesc(struct cry !! 158     static struct sdescinit_sdesc(struct crypto_shash *alg)
105     {                                             159     {
106         struct sdesc *sdesc;                   !! 160         struct sdescsdesc;
107         int size;                                 161         int size;
108                                                   162 
109         size = sizeof(struct shash_desc) + cry    163         size = sizeof(struct shash_desc) + crypto_shash_descsize(alg);
110         sdesc = kmalloc(size, GFP_KERNEL);        164         sdesc = kmalloc(size, GFP_KERNEL);
111         if (!sdesc)                               165         if (!sdesc)
112             return ERR_PTR(-ENOMEM);              166             return ERR_PTR(-ENOMEM);
113         sdesc->shash.tfm = alg;                   167         sdesc->shash.tfm = alg;
                                                   >> 168         sdesc->shash.flags = 0x0;
114         return sdesc;                             169         return sdesc;
115     }                                             170     }
116                                                   171 
117     static int calc_hash(struct crypto_shash * !! 172     static int calc_hash(struct crypto_shashalg,
118                  const unsigned char *data, un !! 173                  const unsigned chardata, unsigned int datalen,
119                  unsigned char *digest)        !! 174                  unsigned chardigest) {
120     {                                          !! 175         struct sdescsdesc;
121         struct sdesc *sdesc;                   << 
122         int ret;                                  176         int ret;
123                                                   177 
124         sdesc = init_sdesc(alg);                  178         sdesc = init_sdesc(alg);
125         if (IS_ERR(sdesc)) {                      179         if (IS_ERR(sdesc)) {
126             pr_info("can't alloc sdesc\n");    !! 180             pr_info("trusted_key: can't alloc %s\n", hash_alg);
127             return PTR_ERR(sdesc);                181             return PTR_ERR(sdesc);
128         }                                         182         }
129                                                   183 
130         ret = crypto_shash_digest(&sdesc->shas    184         ret = crypto_shash_digest(&sdesc->shash, data, datalen, digest);
131         kfree(sdesc);                             185         kfree(sdesc);
132         return ret;                               186         return ret;
133     }                                             187     }
134                                                   188 
135     static int test_hash(const unsigned char * << 
136                  unsigned char *digest)        << 
137     {                                          << 
138         struct crypto_shash *alg;              << 
139         char *hash_alg_name = "sha1-padlock-na << 
140         int ret;                               << 
141                                                << 
142         alg = crypto_alloc_shash(hash_alg_name << 
143         if (IS_ERR(alg)) {                     << 
144                 pr_info("can't alloc alg %s\n" << 
145                 return PTR_ERR(alg);           << 
146         }                                      << 
147         ret = calc_hash(alg, data, datalen, di << 
148         crypto_free_shash(alg);                << 
149         return ret;                            << 
150     }                                          << 
151                                                << 
152                                                   189 
153 Code Example For Random Number Generator Usage    190 Code Example For Random Number Generator Usage
154 ----------------------------------------------    191 ----------------------------------------------
155                                                   192 
156 ::                                                193 ::
157                                                   194 
158                                                   195 
159     static int get_random_numbers(u8 *buf, uns    196     static int get_random_numbers(u8 *buf, unsigned int len)
160     {                                             197     {
161         struct crypto_rng *rng = NULL;         !! 198         struct crypto_rngrng = NULL;
162         char *drbg = "drbg_nopr_sha256"; /* Ha !! 199         chardrbg = "drbg_nopr_sha256"; /* Hash DRBG with SHA-256, no PR */
163         int ret;                                  200         int ret;
164                                                   201 
165         if (!buf || !len) {                       202         if (!buf || !len) {
166             pr_debug("No output buffer provide    203             pr_debug("No output buffer provided\n");
167             return -EINVAL;                       204             return -EINVAL;
168         }                                         205         }
169                                                   206 
170         rng = crypto_alloc_rng(drbg, 0, 0);       207         rng = crypto_alloc_rng(drbg, 0, 0);
171         if (IS_ERR(rng)) {                        208         if (IS_ERR(rng)) {
172             pr_debug("could not allocate RNG h    209             pr_debug("could not allocate RNG handle for %s\n", drbg);
173             return PTR_ERR(rng);               !! 210             return -PTR_ERR(rng);
174         }                                         211         }
175                                                   212 
176         ret = crypto_rng_get_bytes(rng, buf, l    213         ret = crypto_rng_get_bytes(rng, buf, len);
177         if (ret < 0)                              214         if (ret < 0)
178             pr_debug("generation of random num    215             pr_debug("generation of random numbers failed\n");
179         else if (ret == 0)                        216         else if (ret == 0)
180             pr_debug("RNG returned no data");     217             pr_debug("RNG returned no data");
181         else                                      218         else
182             pr_debug("RNG returned %d bytes of    219             pr_debug("RNG returned %d bytes of data\n", ret);
183                                                   220 
184     out:                                          221     out:
185         crypto_free_rng(rng);                     222         crypto_free_rng(rng);
186         return ret;                               223         return ret;
187     }                                             224     }
                                                      

~ [ source navigation ] ~ [ diff markup ] ~ [ identifier search ] ~

kernel.org | git.kernel.org | LWN.net | Project Home | SVN repository | Mail admin

Linux® is a registered trademark of Linus Torvalds in the United States and other countries.
TOMOYO® is a registered trademark of NTT DATA CORPORATION.

sflogo.php