~ [ source navigation ] ~ [ diff markup ] ~ [ identifier search ] ~

TOMOYO Linux Cross Reference
Linux/Documentation/crypto/api-samples.rst

Version: ~ [ linux-6.12-rc7 ] ~ [ linux-6.11.7 ] ~ [ linux-6.10.14 ] ~ [ linux-6.9.12 ] ~ [ linux-6.8.12 ] ~ [ linux-6.7.12 ] ~ [ linux-6.6.60 ] ~ [ linux-6.5.13 ] ~ [ linux-6.4.16 ] ~ [ linux-6.3.13 ] ~ [ linux-6.2.16 ] ~ [ linux-6.1.116 ] ~ [ linux-6.0.19 ] ~ [ linux-5.19.17 ] ~ [ linux-5.18.19 ] ~ [ linux-5.17.15 ] ~ [ linux-5.16.20 ] ~ [ linux-5.15.171 ] ~ [ linux-5.14.21 ] ~ [ linux-5.13.19 ] ~ [ linux-5.12.19 ] ~ [ linux-5.11.22 ] ~ [ linux-5.10.229 ] ~ [ linux-5.9.16 ] ~ [ linux-5.8.18 ] ~ [ linux-5.7.19 ] ~ [ linux-5.6.19 ] ~ [ linux-5.5.19 ] ~ [ linux-5.4.285 ] ~ [ linux-5.3.18 ] ~ [ linux-5.2.21 ] ~ [ linux-5.1.21 ] ~ [ linux-5.0.21 ] ~ [ linux-4.20.17 ] ~ [ linux-4.19.323 ] ~ [ linux-4.18.20 ] ~ [ linux-4.17.19 ] ~ [ linux-4.16.18 ] ~ [ linux-4.15.18 ] ~ [ linux-4.14.336 ] ~ [ linux-4.13.16 ] ~ [ linux-4.12.14 ] ~ [ linux-4.11.12 ] ~ [ linux-4.10.17 ] ~ [ linux-4.9.337 ] ~ [ linux-4.4.302 ] ~ [ linux-3.10.108 ] ~ [ linux-2.6.32.71 ] ~ [ linux-2.6.0 ] ~ [ linux-2.4.37.11 ] ~ [ unix-v6-master ] ~ [ ccs-tools-1.8.12 ] ~ [ policy-sample ] ~
Architecture: ~ [ i386 ] ~ [ alpha ] ~ [ m68k ] ~ [ mips ] ~ [ ppc ] ~ [ sparc ] ~ [ sparc64 ] ~ 
  1 Code Examples
  2 =============
  3 
  4 Code Example For Symmetric Key Cipher Operation
  5 -----------------------------------------------
  6 
  7 This code encrypts some data with AES-256-XTS.  For sake of example,
  8 all inputs are random bytes, the encryption is done in-place, and it's
  9 assumed the code is running in a context where it can sleep.
 10 
 11 ::
 12 
 13     static int test_skcipher(void)
 14     {
 15             struct crypto_skcipher *tfm = NULL;
 16             struct skcipher_request *req = NULL;
 17             u8 *data = NULL;
 18             const size_t datasize = 512; /* data size in bytes */
 19             struct scatterlist sg;
 20             DECLARE_CRYPTO_WAIT(wait);
 21             u8 iv[16];  /* AES-256-XTS takes a 16-byte IV */
 22             u8 key[64]; /* AES-256-XTS takes a 64-byte key */
 23             int err;
 24 
 25             /*
 26              * Allocate a tfm (a transformation object) and set the key.
 27              *
 28              * In real-world use, a tfm and key are typically used for many
 29              * encryption/decryption operations.  But in this example, we'll just do a
 30              * single encryption operation with it (which is not very efficient).
 31              */
 32 
 33             tfm = crypto_alloc_skcipher("xts(aes)", 0, 0);
 34             if (IS_ERR(tfm)) {
 35                     pr_err("Error allocating xts(aes) handle: %ld\n", PTR_ERR(tfm));
 36                     return PTR_ERR(tfm);
 37             }
 38 
 39             get_random_bytes(key, sizeof(key));
 40             err = crypto_skcipher_setkey(tfm, key, sizeof(key));
 41             if (err) {
 42                     pr_err("Error setting key: %d\n", err);
 43                     goto out;
 44             }
 45 
 46             /* Allocate a request object */
 47             req = skcipher_request_alloc(tfm, GFP_KERNEL);
 48             if (!req) {
 49                     err = -ENOMEM;
 50                     goto out;
 51             }
 52 
 53             /* Prepare the input data */
 54             data = kmalloc(datasize, GFP_KERNEL);
 55             if (!data) {
 56                     err = -ENOMEM;
 57                     goto out;
 58             }
 59             get_random_bytes(data, datasize);
 60 
 61             /* Initialize the IV */
 62             get_random_bytes(iv, sizeof(iv));
 63 
 64             /*
 65              * Encrypt the data in-place.
 66              *
 67              * For simplicity, in this example we wait for the request to complete
 68              * before proceeding, even if the underlying implementation is asynchronous.
 69              *
 70              * To decrypt instead of encrypt, just change crypto_skcipher_encrypt() to
 71              * crypto_skcipher_decrypt().
 72              */
 73             sg_init_one(&sg, data, datasize);
 74             skcipher_request_set_callback(req, CRYPTO_TFM_REQ_MAY_BACKLOG |
 75                                                CRYPTO_TFM_REQ_MAY_SLEEP,
 76                                           crypto_req_done, &wait);
 77             skcipher_request_set_crypt(req, &sg, &sg, datasize, iv);
 78             err = crypto_wait_req(crypto_skcipher_encrypt(req), &wait);
 79             if (err) {
 80                     pr_err("Error encrypting data: %d\n", err);
 81                     goto out;
 82             }
 83 
 84             pr_debug("Encryption was successful\n");
 85     out:
 86             crypto_free_skcipher(tfm);
 87             skcipher_request_free(req);
 88             kfree(data);
 89             return err;
 90     }
 91 
 92 
 93 Code Example For Use of Operational State Memory With SHASH
 94 -----------------------------------------------------------
 95 
 96 ::
 97 
 98 
 99     struct sdesc {
100         struct shash_desc shash;
101         char ctx[];
102     };
103 
104     static struct sdesc *init_sdesc(struct crypto_shash *alg)
105     {
106         struct sdesc *sdesc;
107         int size;
108 
109         size = sizeof(struct shash_desc) + crypto_shash_descsize(alg);
110         sdesc = kmalloc(size, GFP_KERNEL);
111         if (!sdesc)
112             return ERR_PTR(-ENOMEM);
113         sdesc->shash.tfm = alg;
114         return sdesc;
115     }
116 
117     static int calc_hash(struct crypto_shash *alg,
118                  const unsigned char *data, unsigned int datalen,
119                  unsigned char *digest)
120     {
121         struct sdesc *sdesc;
122         int ret;
123 
124         sdesc = init_sdesc(alg);
125         if (IS_ERR(sdesc)) {
126             pr_info("can't alloc sdesc\n");
127             return PTR_ERR(sdesc);
128         }
129 
130         ret = crypto_shash_digest(&sdesc->shash, data, datalen, digest);
131         kfree(sdesc);
132         return ret;
133     }
134 
135     static int test_hash(const unsigned char *data, unsigned int datalen,
136                  unsigned char *digest)
137     {
138         struct crypto_shash *alg;
139         char *hash_alg_name = "sha1-padlock-nano";
140         int ret;
141 
142         alg = crypto_alloc_shash(hash_alg_name, 0, 0);
143         if (IS_ERR(alg)) {
144                 pr_info("can't alloc alg %s\n", hash_alg_name);
145                 return PTR_ERR(alg);
146         }
147         ret = calc_hash(alg, data, datalen, digest);
148         crypto_free_shash(alg);
149         return ret;
150     }
151 
152 
153 Code Example For Random Number Generator Usage
154 ----------------------------------------------
155 
156 ::
157 
158 
159     static int get_random_numbers(u8 *buf, unsigned int len)
160     {
161         struct crypto_rng *rng = NULL;
162         char *drbg = "drbg_nopr_sha256"; /* Hash DRBG with SHA-256, no PR */
163         int ret;
164 
165         if (!buf || !len) {
166             pr_debug("No output buffer provided\n");
167             return -EINVAL;
168         }
169 
170         rng = crypto_alloc_rng(drbg, 0, 0);
171         if (IS_ERR(rng)) {
172             pr_debug("could not allocate RNG handle for %s\n", drbg);
173             return PTR_ERR(rng);
174         }
175 
176         ret = crypto_rng_get_bytes(rng, buf, len);
177         if (ret < 0)
178             pr_debug("generation of random numbers failed\n");
179         else if (ret == 0)
180             pr_debug("RNG returned no data");
181         else
182             pr_debug("RNG returned %d bytes of data\n", ret);
183 
184     out:
185         crypto_free_rng(rng);
186         return ret;
187     }
~ [ source navigation ] ~ [ diff markup ] ~ [ identifier search ] ~
kernel.org | git.kernel.org | LWN.net | Project Home | SVN repository | Mail admin

Linux® is a registered trademark of Linus Torvalds in the United States and other countries.
TOMOYO® is a registered trademark of NTT DATA CORPORATION.

sflogo.php