Linux/Documentation/crypto/api-samples.rst

Version: ~ [ linux-6.12-rc7 ] ~ [ linux-6.11.7 ] ~ [ linux-6.10.14 ] ~ [ linux-6.9.12 ] ~ [ linux-6.8.12 ] ~ [ linux-6.7.12 ] ~ [ linux-6.6.60 ] ~ [ linux-6.5.13 ] ~ [ linux-6.4.16 ] ~ [ linux-6.3.13 ] ~ [ linux-6.2.16 ] ~ [ linux-6.1.116 ] ~ [ linux-6.0.19 ] ~ [ linux-5.19.17 ] ~ [ linux-5.18.19 ] ~ [ linux-5.17.15 ] ~ [ linux-5.16.20 ] ~ [ linux-5.15.171 ] ~ [ linux-5.14.21 ] ~ [ linux-5.13.19 ] ~ [ linux-5.12.19 ] ~ [ linux-5.11.22 ] ~ [ linux-5.10.229 ] ~ [ linux-5.9.16 ] ~ [ linux-5.8.18 ] ~ [ linux-5.7.19 ] ~ [ linux-5.6.19 ] ~ [ linux-5.5.19 ] ~ [ linux-5.4.285 ] ~ [ linux-5.3.18 ] ~ [ linux-5.2.21 ] ~ [ linux-5.1.21 ] ~ [ linux-5.0.21 ] ~ [ linux-4.20.17 ] ~ [ linux-4.19.323 ] ~ [ linux-4.18.20 ] ~ [ linux-4.17.19 ] ~ [ linux-4.16.18 ] ~ [ linux-4.15.18 ] ~ [ linux-4.14.336 ] ~ [ linux-4.13.16 ] ~ [ linux-4.12.14 ] ~ [ linux-4.11.12 ] ~ [ linux-4.10.17 ] ~ [ linux-4.9.337 ] ~ [ linux-4.4.302 ] ~ [ linux-3.10.108 ] ~ [ linux-2.6.32.71 ] ~ [ linux-2.6.0 ] ~ [ linux-2.4.37.11 ] ~ [ unix-v6-master ] ~ [ ccs-tools-1.8.12 ] ~ [ policy-sample ] ~
Architecture: ~ [ i386 ] ~ [ alpha ] ~ [ m68k ] ~ [ mips ] ~ [ ppc ] ~ [ sparc ] ~ [ sparc64 ] ~

Diff markup

1 Code Examples 1 Code Examples 2 ============= 2 ============= 3 3 4 Code Example For Symmetric Key Cipher Operatio 4 Code Example For Symmetric Key Cipher Operation 5 ---------------------------------------------- 5 ----------------------------------------------- 6 6 7 This code encrypts some data with AES-256-XTS. 7 This code encrypts some data with AES-256-XTS. For sake of example, 8 all inputs are random bytes, the encryption is 8 all inputs are random bytes, the encryption is done in-place, and it's 9 assumed the code is running in a context where 9 assumed the code is running in a context where it can sleep. 10 10 11 :: 11 :: 12 12 13 static int test_skcipher(void) 13 static int test_skcipher(void) 14 { 14 { 15 struct crypto_skcipher *tfm = NULL 15 struct crypto_skcipher *tfm = NULL; 16 struct skcipher_request *req = NUL 16 struct skcipher_request *req = NULL; 17 u8 *data = NULL; 17 u8 *data = NULL; 18 const size_t datasize = 512; /* da 18 const size_t datasize = 512; /* data size in bytes */ 19 struct scatterlist sg; 19 struct scatterlist sg; 20 DECLARE_CRYPTO_WAIT(wait); 20 DECLARE_CRYPTO_WAIT(wait); 21 u8 iv[16]; /* AES-256-XTS takes a 21 u8 iv[16]; /* AES-256-XTS takes a 16-byte IV */ 22 u8 key[64]; /* AES-256-XTS takes a 22 u8 key[64]; /* AES-256-XTS takes a 64-byte key */ 23 int err; 23 int err; 24 24 25 /* 25 /* 26 * Allocate a tfm (a transformatio 26 * Allocate a tfm (a transformation object) and set the key. 27 * 27 * 28 * In real-world use, a tfm and ke 28 * In real-world use, a tfm and key are typically used for many 29 * encryption/decryption operation 29 * encryption/decryption operations. But in this example, we'll just do a 30 * single encryption operation wit 30 * single encryption operation with it (which is not very efficient). 31 */ 31 */ 32 32 33 tfm = crypto_alloc_skcipher("xts(a 33 tfm = crypto_alloc_skcipher("xts(aes)", 0, 0); 34 if (IS_ERR(tfm)) { 34 if (IS_ERR(tfm)) { 35 pr_err("Error allocating x 35 pr_err("Error allocating xts(aes) handle: %ld\n", PTR_ERR(tfm)); 36 return PTR_ERR(tfm); 36 return PTR_ERR(tfm); 37 } 37 } 38 38 39 get_random_bytes(key, sizeof(key)) 39 get_random_bytes(key, sizeof(key)); 40 err = crypto_skcipher_setkey(tfm, 40 err = crypto_skcipher_setkey(tfm, key, sizeof(key)); 41 if (err) { 41 if (err) { 42 pr_err("Error setting key: 42 pr_err("Error setting key: %d\n", err); 43 goto out; 43 goto out; 44 } 44 } 45 45 46 /* Allocate a request object */ 46 /* Allocate a request object */ 47 req = skcipher_request_alloc(tfm, 47 req = skcipher_request_alloc(tfm, GFP_KERNEL); 48 if (!req) { 48 if (!req) { 49 err = -ENOMEM; 49 err = -ENOMEM; 50 goto out; 50 goto out; 51 } 51 } 52 52 53 /* Prepare the input data */ 53 /* Prepare the input data */ 54 data = kmalloc(datasize, GFP_KERNE 54 data = kmalloc(datasize, GFP_KERNEL); 55 if (!data) { 55 if (!data) { 56 err = -ENOMEM; 56 err = -ENOMEM; 57 goto out; 57 goto out; 58 } 58 } 59 get_random_bytes(data, datasize); 59 get_random_bytes(data, datasize); 60 60 61 /* Initialize the IV */ 61 /* Initialize the IV */ 62 get_random_bytes(iv, sizeof(iv)); 62 get_random_bytes(iv, sizeof(iv)); 63 63 64 /* 64 /* 65 * Encrypt the data in-place. 65 * Encrypt the data in-place. 66 * 66 * 67 * For simplicity, in this example 67 * For simplicity, in this example we wait for the request to complete 68 * before proceeding, even if the 68 * before proceeding, even if the underlying implementation is asynchronous. 69 * 69 * 70 * To decrypt instead of encrypt, 70 * To decrypt instead of encrypt, just change crypto_skcipher_encrypt() to 71 * crypto_skcipher_decrypt(). 71 * crypto_skcipher_decrypt(). 72 */ 72 */ 73 sg_init_one(&sg, data, datasize); 73 sg_init_one(&sg, data, datasize); 74 skcipher_request_set_callback(req, 74 skcipher_request_set_callback(req, CRYPTO_TFM_REQ_MAY_BACKLOG | 75 75 CRYPTO_TFM_REQ_MAY_SLEEP, 76 cryp 76 crypto_req_done, &wait); 77 skcipher_request_set_crypt(req, &s 77 skcipher_request_set_crypt(req, &sg, &sg, datasize, iv); 78 err = crypto_wait_req(crypto_skcip 78 err = crypto_wait_req(crypto_skcipher_encrypt(req), &wait); 79 if (err) { 79 if (err) { 80 pr_err("Error encrypting d 80 pr_err("Error encrypting data: %d\n", err); 81 goto out; 81 goto out; 82 } 82 } 83 83 84 pr_debug("Encryption was successfu 84 pr_debug("Encryption was successful\n"); 85 out: 85 out: 86 crypto_free_skcipher(tfm); 86 crypto_free_skcipher(tfm); 87 skcipher_request_free(req); 87 skcipher_request_free(req); 88 kfree(data); 88 kfree(data); 89 return err; 89 return err; 90 } 90 } 91 91 92 92 93 Code Example For Use of Operational State Memo 93 Code Example For Use of Operational State Memory With SHASH 94 ---------------------------------------------- 94 ----------------------------------------------------------- 95 95 96 :: 96 :: 97 97 98 98 99 struct sdesc { 99 struct sdesc { 100 struct shash_desc shash; 100 struct shash_desc shash; 101 char ctx[]; 101 char ctx[]; 102 }; 102 }; 103 103 104 static struct sdesc *init_sdesc(struct cry 104 static struct sdesc *init_sdesc(struct crypto_shash *alg) 105 { 105 { 106 struct sdesc *sdesc; 106 struct sdesc *sdesc; 107 int size; 107 int size; 108 108 109 size = sizeof(struct shash_desc) + cry 109 size = sizeof(struct shash_desc) + crypto_shash_descsize(alg); 110 sdesc = kmalloc(size, GFP_KERNEL); 110 sdesc = kmalloc(size, GFP_KERNEL); 111 if (!sdesc) 111 if (!sdesc) 112 return ERR_PTR(-ENOMEM); 112 return ERR_PTR(-ENOMEM); 113 sdesc->shash.tfm = alg; 113 sdesc->shash.tfm = alg; 114 return sdesc; 114 return sdesc; 115 } 115 } 116 116 117 static int calc_hash(struct crypto_shash * 117 static int calc_hash(struct crypto_shash *alg, 118 const unsigned char *data, un 118 const unsigned char *data, unsigned int datalen, 119 unsigned char *digest) 119 unsigned char *digest) 120 { 120 { 121 struct sdesc *sdesc; 121 struct sdesc *sdesc; 122 int ret; 122 int ret; 123 123 124 sdesc = init_sdesc(alg); 124 sdesc = init_sdesc(alg); 125 if (IS_ERR(sdesc)) { 125 if (IS_ERR(sdesc)) { 126 pr_info("can't alloc sdesc\n"); 126 pr_info("can't alloc sdesc\n"); 127 return PTR_ERR(sdesc); 127 return PTR_ERR(sdesc); 128 } 128 } 129 129 130 ret = crypto_shash_digest(&sdesc->shas 130 ret = crypto_shash_digest(&sdesc->shash, data, datalen, digest); 131 kfree(sdesc); 131 kfree(sdesc); 132 return ret; 132 return ret; 133 } 133 } 134 134 135 static int test_hash(const unsigned char * 135 static int test_hash(const unsigned char *data, unsigned int datalen, 136 unsigned char *digest) 136 unsigned char *digest) 137 { 137 { 138 struct crypto_shash *alg; 138 struct crypto_shash *alg; 139 char *hash_alg_name = "sha1-padlock-na 139 char *hash_alg_name = "sha1-padlock-nano"; 140 int ret; 140 int ret; 141 141 142 alg = crypto_alloc_shash(hash_alg_name 142 alg = crypto_alloc_shash(hash_alg_name, 0, 0); 143 if (IS_ERR(alg)) { 143 if (IS_ERR(alg)) { 144 pr_info("can't alloc alg %s\n" 144 pr_info("can't alloc alg %s\n", hash_alg_name); 145 return PTR_ERR(alg); 145 return PTR_ERR(alg); 146 } 146 } 147 ret = calc_hash(alg, data, datalen, di 147 ret = calc_hash(alg, data, datalen, digest); 148 crypto_free_shash(alg); 148 crypto_free_shash(alg); 149 return ret; 149 return ret; 150 } 150 } 151 151 152 152 153 Code Example For Random Number Generator Usage 153 Code Example For Random Number Generator Usage 154 ---------------------------------------------- 154 ---------------------------------------------- 155 155 156 :: 156 :: 157 157 158 158 159 static int get_random_numbers(u8 *buf, uns 159 static int get_random_numbers(u8 *buf, unsigned int len) 160 { 160 { 161 struct crypto_rng *rng = NULL; 161 struct crypto_rng *rng = NULL; 162 char *drbg = "drbg_nopr_sha256"; /* Ha 162 char *drbg = "drbg_nopr_sha256"; /* Hash DRBG with SHA-256, no PR */ 163 int ret; 163 int ret; 164 164 165 if (!buf || !len) { 165 if (!buf || !len) { 166 pr_debug("No output buffer provide 166 pr_debug("No output buffer provided\n"); 167 return -EINVAL; 167 return -EINVAL; 168 } 168 } 169 169 170 rng = crypto_alloc_rng(drbg, 0, 0); 170 rng = crypto_alloc_rng(drbg, 0, 0); 171 if (IS_ERR(rng)) { 171 if (IS_ERR(rng)) { 172 pr_debug("could not allocate RNG h 172 pr_debug("could not allocate RNG handle for %s\n", drbg); 173 return PTR_ERR(rng); 173 return PTR_ERR(rng); 174 } 174 } 175 175 176 ret = crypto_rng_get_bytes(rng, buf, l 176 ret = crypto_rng_get_bytes(rng, buf, len); 177 if (ret < 0) 177 if (ret < 0) 178 pr_debug("generation of random num 178 pr_debug("generation of random numbers failed\n"); 179 else if (ret == 0) 179 else if (ret == 0) 180 pr_debug("RNG returned no data"); 180 pr_debug("RNG returned no data"); 181 else 181 else 182 pr_debug("RNG returned %d bytes of 182 pr_debug("RNG returned %d bytes of data\n", ret); 183 183 184 out: 184 out: 185 crypto_free_rng(rng); 185 crypto_free_rng(rng); 186 return ret; 186 return ret; 187 } 187 }

Linux® is a registered trademark of Linus Torvalds in the United States and other countries.
TOMOYO® is a registered trademark of NTT DATA CORPORATION.

TOMOYO Linux Cross Reference
Linux/Documentation/crypto/api-samples.rst

Diff markup

Differences between /Documentation/crypto/api-samples.rst (Version linux-6.12-rc7) and /Documentation/crypto/api-samples.rst (Version linux-5.3.18)

TOMOYO Linux Cross Reference Linux/Documentation/crypto/api-samples.rst

Diff markup

Differences between /Documentation/crypto/api-samples.rst (Version linux-6.12-rc7) and /Documentation/crypto/api-samples.rst (Version linux-5.3.18)

TOMOYO Linux Cross Reference
Linux/Documentation/crypto/api-samples.rst