1 Code Examples 1 Code Examples
2 ============= 2 =============
3 3
4 Code Example For Symmetric Key Cipher Operatio 4 Code Example For Symmetric Key Cipher Operation
5 ---------------------------------------------- 5 -----------------------------------------------
6 6
7 This code encrypts some data with AES-256-XTS. <<
8 all inputs are random bytes, the encryption is <<
9 assumed the code is running in a context where <<
10 <<
11 :: 7 ::
12 8
>> 9
>> 10 /* tie all data structures together */
>> 11 struct skcipher_def {
>> 12 struct scatterlist sg;
>> 13 struct crypto_skcipher *tfm;
>> 14 struct skcipher_request *req;
>> 15 struct crypto_wait wait;
>> 16 };
>> 17
>> 18 /* Perform cipher operation */
>> 19 static unsigned int test_skcipher_encdec(struct skcipher_def *sk,
>> 20 int enc)
>> 21 {
>> 22 int rc;
>> 23
>> 24 if (enc)
>> 25 rc = crypto_wait_req(crypto_skcipher_encrypt(sk->req), &sk->wait);
>> 26 else
>> 27 rc = crypto_wait_req(crypto_skcipher_decrypt(sk->req), &sk->wait);
>> 28
>> 29 if (rc)
>> 30 pr_info("skcipher encrypt returned with result %d\n", rc);
>> 31
>> 32 return rc;
>> 33 }
>> 34
>> 35 /* Initialize and trigger cipher operation */
13 static int test_skcipher(void) 36 static int test_skcipher(void)
14 { 37 {
15 struct crypto_skcipher *tfm = NULL !! 38 struct skcipher_def sk;
16 struct skcipher_request *req = NUL !! 39 struct crypto_skcipher *skcipher = NULL;
17 u8 *data = NULL; !! 40 struct skcipher_request *req = NULL;
18 const size_t datasize = 512; /* da !! 41 char *scratchpad = NULL;
19 struct scatterlist sg; !! 42 char *ivdata = NULL;
20 DECLARE_CRYPTO_WAIT(wait); !! 43 unsigned char key[32];
21 u8 iv[16]; /* AES-256-XTS takes a !! 44 int ret = -EFAULT;
22 u8 key[64]; /* AES-256-XTS takes a !! 45
23 int err; !! 46 skcipher = crypto_alloc_skcipher("cbc-aes-aesni", 0, 0);
24 !! 47 if (IS_ERR(skcipher)) {
25 /* !! 48 pr_info("could not allocate skcipher handle\n");
26 * Allocate a tfm (a transformatio !! 49 return PTR_ERR(skcipher);
27 * !! 50 }
28 * In real-world use, a tfm and ke !! 51
29 * encryption/decryption operation !! 52 req = skcipher_request_alloc(skcipher, GFP_KERNEL);
30 * single encryption operation wit !! 53 if (!req) {
31 */ !! 54 pr_info("could not allocate skcipher request\n");
32 !! 55 ret = -ENOMEM;
33 tfm = crypto_alloc_skcipher("xts(a !! 56 goto out;
34 if (IS_ERR(tfm)) { !! 57 }
35 pr_err("Error allocating x !! 58
36 return PTR_ERR(tfm); !! 59 skcipher_request_set_callback(req, CRYPTO_TFM_REQ_MAY_BACKLOG,
37 } !! 60 crypto_req_done,
38 !! 61 &sk.wait);
39 get_random_bytes(key, sizeof(key)) !! 62
40 err = crypto_skcipher_setkey(tfm, !! 63 /* AES 256 with random key */
41 if (err) { !! 64 get_random_bytes(&key, 32);
42 pr_err("Error setting key: !! 65 if (crypto_skcipher_setkey(skcipher, key, 32)) {
43 goto out; !! 66 pr_info("key could not be set\n");
44 } !! 67 ret = -EAGAIN;
45 !! 68 goto out;
46 /* Allocate a request object */ !! 69 }
47 req = skcipher_request_alloc(tfm, !! 70
48 if (!req) { !! 71 /* IV will be random */
49 err = -ENOMEM; !! 72 ivdata = kmalloc(16, GFP_KERNEL);
50 goto out; !! 73 if (!ivdata) {
51 } !! 74 pr_info("could not allocate ivdata\n");
52 !! 75 goto out;
53 /* Prepare the input data */ !! 76 }
54 data = kmalloc(datasize, GFP_KERNE !! 77 get_random_bytes(ivdata, 16);
55 if (!data) { !! 78
56 err = -ENOMEM; !! 79 /* Input data will be random */
57 goto out; !! 80 scratchpad = kmalloc(16, GFP_KERNEL);
58 } !! 81 if (!scratchpad) {
59 get_random_bytes(data, datasize); !! 82 pr_info("could not allocate scratchpad\n");
60 !! 83 goto out;
61 /* Initialize the IV */ !! 84 }
62 get_random_bytes(iv, sizeof(iv)); !! 85 get_random_bytes(scratchpad, 16);
63 !! 86
64 /* !! 87 sk.tfm = skcipher;
65 * Encrypt the data in-place. !! 88 sk.req = req;
66 * !! 89
67 * For simplicity, in this example !! 90 /* We encrypt one block */
68 * before proceeding, even if the !! 91 sg_init_one(&sk.sg, scratchpad, 16);
69 * !! 92 skcipher_request_set_crypt(req, &sk.sg, &sk.sg, 16, ivdata);
70 * To decrypt instead of encrypt, !! 93 crypto_init_wait(&sk.wait);
71 * crypto_skcipher_decrypt(). !! 94
72 */ !! 95 /* encrypt data */
73 sg_init_one(&sg, data, datasize); !! 96 ret = test_skcipher_encdec(&sk, 1);
74 skcipher_request_set_callback(req, !! 97 if (ret)
75 !! 98 goto out;
76 cryp !! 99
77 skcipher_request_set_crypt(req, &s !! 100 pr_info("Encryption triggered successfully\n");
78 err = crypto_wait_req(crypto_skcip <<
79 if (err) { <<
80 pr_err("Error encrypting d <<
81 goto out; <<
82 } <<
83 101
84 pr_debug("Encryption was successfu <<
85 out: 102 out:
86 crypto_free_skcipher(tfm); !! 103 if (skcipher)
>> 104 crypto_free_skcipher(skcipher);
>> 105 if (req)
87 skcipher_request_free(req); 106 skcipher_request_free(req);
88 kfree(data); !! 107 if (ivdata)
89 return err; !! 108 kfree(ivdata);
>> 109 if (scratchpad)
>> 110 kfree(scratchpad);
>> 111 return ret;
90 } 112 }
91 113
92 114
93 Code Example For Use of Operational State Memo 115 Code Example For Use of Operational State Memory With SHASH
94 ---------------------------------------------- 116 -----------------------------------------------------------
95 117
96 :: 118 ::
97 119
98 120
99 struct sdesc { 121 struct sdesc {
100 struct shash_desc shash; 122 struct shash_desc shash;
101 char ctx[]; 123 char ctx[];
102 }; 124 };
103 125
104 static struct sdesc *init_sdesc(struct cry 126 static struct sdesc *init_sdesc(struct crypto_shash *alg)
105 { 127 {
106 struct sdesc *sdesc; 128 struct sdesc *sdesc;
107 int size; 129 int size;
108 130
109 size = sizeof(struct shash_desc) + cry 131 size = sizeof(struct shash_desc) + crypto_shash_descsize(alg);
110 sdesc = kmalloc(size, GFP_KERNEL); 132 sdesc = kmalloc(size, GFP_KERNEL);
111 if (!sdesc) 133 if (!sdesc)
112 return ERR_PTR(-ENOMEM); 134 return ERR_PTR(-ENOMEM);
113 sdesc->shash.tfm = alg; 135 sdesc->shash.tfm = alg;
>> 136 sdesc->shash.flags = 0x0;
114 return sdesc; 137 return sdesc;
115 } 138 }
116 139
117 static int calc_hash(struct crypto_shash * 140 static int calc_hash(struct crypto_shash *alg,
118 const unsigned char *data, un 141 const unsigned char *data, unsigned int datalen,
119 unsigned char *digest) 142 unsigned char *digest)
120 { 143 {
121 struct sdesc *sdesc; 144 struct sdesc *sdesc;
122 int ret; 145 int ret;
123 146
124 sdesc = init_sdesc(alg); 147 sdesc = init_sdesc(alg);
125 if (IS_ERR(sdesc)) { 148 if (IS_ERR(sdesc)) {
126 pr_info("can't alloc sdesc\n"); 149 pr_info("can't alloc sdesc\n");
127 return PTR_ERR(sdesc); 150 return PTR_ERR(sdesc);
128 } 151 }
129 152
130 ret = crypto_shash_digest(&sdesc->shas 153 ret = crypto_shash_digest(&sdesc->shash, data, datalen, digest);
131 kfree(sdesc); 154 kfree(sdesc);
132 return ret; 155 return ret;
133 } 156 }
134 157
135 static int test_hash(const unsigned char * 158 static int test_hash(const unsigned char *data, unsigned int datalen,
136 unsigned char *digest) 159 unsigned char *digest)
137 { 160 {
138 struct crypto_shash *alg; 161 struct crypto_shash *alg;
139 char *hash_alg_name = "sha1-padlock-na 162 char *hash_alg_name = "sha1-padlock-nano";
140 int ret; 163 int ret;
141 164
142 alg = crypto_alloc_shash(hash_alg_name !! 165 alg = crypto_alloc_shash(hash_alg_name, CRYPTO_ALG_TYPE_SHASH, 0);
143 if (IS_ERR(alg)) { 166 if (IS_ERR(alg)) {
144 pr_info("can't alloc alg %s\n" 167 pr_info("can't alloc alg %s\n", hash_alg_name);
145 return PTR_ERR(alg); 168 return PTR_ERR(alg);
146 } 169 }
147 ret = calc_hash(alg, data, datalen, di 170 ret = calc_hash(alg, data, datalen, digest);
148 crypto_free_shash(alg); 171 crypto_free_shash(alg);
149 return ret; 172 return ret;
150 } 173 }
151 174
152 175
153 Code Example For Random Number Generator Usage 176 Code Example For Random Number Generator Usage
154 ---------------------------------------------- 177 ----------------------------------------------
155 178
156 :: 179 ::
157 180
158 181
159 static int get_random_numbers(u8 *buf, uns 182 static int get_random_numbers(u8 *buf, unsigned int len)
160 { 183 {
161 struct crypto_rng *rng = NULL; 184 struct crypto_rng *rng = NULL;
162 char *drbg = "drbg_nopr_sha256"; /* Ha 185 char *drbg = "drbg_nopr_sha256"; /* Hash DRBG with SHA-256, no PR */
163 int ret; 186 int ret;
164 187
165 if (!buf || !len) { 188 if (!buf || !len) {
166 pr_debug("No output buffer provide 189 pr_debug("No output buffer provided\n");
167 return -EINVAL; 190 return -EINVAL;
168 } 191 }
169 192
170 rng = crypto_alloc_rng(drbg, 0, 0); 193 rng = crypto_alloc_rng(drbg, 0, 0);
171 if (IS_ERR(rng)) { 194 if (IS_ERR(rng)) {
172 pr_debug("could not allocate RNG h 195 pr_debug("could not allocate RNG handle for %s\n", drbg);
173 return PTR_ERR(rng); 196 return PTR_ERR(rng);
174 } 197 }
175 198
176 ret = crypto_rng_get_bytes(rng, buf, l 199 ret = crypto_rng_get_bytes(rng, buf, len);
177 if (ret < 0) 200 if (ret < 0)
178 pr_debug("generation of random num 201 pr_debug("generation of random numbers failed\n");
179 else if (ret == 0) 202 else if (ret == 0)
180 pr_debug("RNG returned no data"); 203 pr_debug("RNG returned no data");
181 else 204 else
182 pr_debug("RNG returned %d bytes of 205 pr_debug("RNG returned %d bytes of data\n", ret);
183 206
184 out: 207 out:
185 crypto_free_rng(rng); 208 crypto_free_rng(rng);
186 return ret; 209 return ret;
187 } 210 }
Linux® is a registered trademark of Linus Torvalds in the United States and other countries.
TOMOYO® is a registered trademark of NTT DATA CORPORATION.