1Code Examples 2============= 3 4Code Example For Symmetric Key Cipher Operation 5----------------------------------------------- 6 7:: 8 9 10 struct tcrypt_result { 11 struct completion completion; 12 int err; 13 }; 14 15 /* tie all data structures together */ 16 struct skcipher_def { 17 struct scatterlist sg; 18 struct crypto_skcipher *tfm; 19 struct skcipher_request *req; 20 struct tcrypt_result result; 21 }; 22 23 /* Callback function */ 24 static void test_skcipher_cb(struct crypto_async_request *req, int error) 25 { 26 struct tcrypt_result *result = req->data; 27 28 if (error == -EINPROGRESS) 29 return; 30 result->err = error; 31 complete(&result->completion); 32 pr_info("Encryption finished successfully\n"); 33 } 34 35 /* Perform cipher operation */ 36 static unsigned int test_skcipher_encdec(struct skcipher_def *sk, 37 int enc) 38 { 39 int rc = 0; 40 41 if (enc) 42 rc = crypto_skcipher_encrypt(sk->req); 43 else 44 rc = crypto_skcipher_decrypt(sk->req); 45 46 switch (rc) { 47 case 0: 48 break; 49 case -EINPROGRESS: 50 case -EBUSY: 51 rc = wait_for_completion_interruptible( 52 &sk->result.completion); 53 if (!rc && !sk->result.err) { 54 reinit_completion(&sk->result.completion); 55 break; 56 } 57 default: 58 pr_info("skcipher encrypt returned with %d result %d\n", 59 rc, sk->result.err); 60 break; 61 } 62 init_completion(&sk->result.completion); 63 64 return rc; 65 } 66 67 /* Initialize and trigger cipher operation */ 68 static int test_skcipher(void) 69 { 70 struct skcipher_def sk; 71 struct crypto_skcipher *skcipher = NULL; 72 struct skcipher_request *req = NULL; 73 char *scratchpad = NULL; 74 char *ivdata = NULL; 75 unsigned char key[32]; 76 int ret = -EFAULT; 77 78 skcipher = crypto_alloc_skcipher("cbc-aes-aesni", 0, 0); 79 if (IS_ERR(skcipher)) { 80 pr_info("could not allocate skcipher handle\n"); 81 return PTR_ERR(skcipher); 82 } 83 84 req = skcipher_request_alloc(skcipher, GFP_KERNEL); 85 if (!req) { 86 pr_info("could not allocate skcipher request\n"); 87 ret = -ENOMEM; 88 goto out; 89 } 90 91 skcipher_request_set_callback(req, CRYPTO_TFM_REQ_MAY_BACKLOG, 92 test_skcipher_cb, 93 &sk.result); 94 95 /* AES 256 with random key */ 96 get_random_bytes(&key, 32); 97 if (crypto_skcipher_setkey(skcipher, key, 32)) { 98 pr_info("key could not be set\n"); 99 ret = -EAGAIN; 100 goto out; 101 } 102 103 /* IV will be random */ 104 ivdata = kmalloc(16, GFP_KERNEL); 105 if (!ivdata) { 106 pr_info("could not allocate ivdata\n"); 107 goto out; 108 } 109 get_random_bytes(ivdata, 16); 110 111 /* Input data will be random */ 112 scratchpad = kmalloc(16, GFP_KERNEL); 113 if (!scratchpad) { 114 pr_info("could not allocate scratchpad\n"); 115 goto out; 116 } 117 get_random_bytes(scratchpad, 16); 118 119 sk.tfm = skcipher; 120 sk.req = req; 121 122 /* We encrypt one block */ 123 sg_init_one(&sk.sg, scratchpad, 16); 124 skcipher_request_set_crypt(req, &sk.sg, &sk.sg, 16, ivdata); 125 init_completion(&sk.result.completion); 126 127 /* encrypt data */ 128 ret = test_skcipher_encdec(&sk, 1); 129 if (ret) 130 goto out; 131 132 pr_info("Encryption triggered successfully\n"); 133 134 out: 135 if (skcipher) 136 crypto_free_skcipher(skcipher); 137 if (req) 138 skcipher_request_free(req); 139 if (ivdata) 140 kfree(ivdata); 141 if (scratchpad) 142 kfree(scratchpad); 143 return ret; 144 } 145 146 147Code Example For Use of Operational State Memory With SHASH 148----------------------------------------------------------- 149 150:: 151 152 153 struct sdesc { 154 struct shash_desc shash; 155 char ctx[]; 156 }; 157 158 static struct sdesc *init_sdesc(struct crypto_shash *alg) 159 { 160 struct sdesc *sdesc; 161 int size; 162 163 size = sizeof(struct shash_desc) + crypto_shash_descsize(alg); 164 sdesc = kmalloc(size, GFP_KERNEL); 165 if (!sdesc) 166 return ERR_PTR(-ENOMEM); 167 sdesc->shash.tfm = alg; 168 sdesc->shash.flags = 0x0; 169 return sdesc; 170 } 171 172 static int calc_hash(struct crypto_shash *alg, 173 const unsigned char *data, unsigned int datalen, 174 unsigned char *digest) 175 { 176 struct sdesc *sdesc; 177 int ret; 178 179 sdesc = init_sdesc(alg); 180 if (IS_ERR(sdesc)) { 181 pr_info("can't alloc sdesc\n"); 182 return PTR_ERR(sdesc); 183 } 184 185 ret = crypto_shash_digest(&sdesc->shash, data, datalen, digest); 186 kfree(sdesc); 187 return ret; 188 } 189 190 static int test_hash(const unsigned char *data, unsigned int datalen, 191 unsigned char *digest) 192 { 193 struct crypto_shash *alg; 194 char *hash_alg_name = "sha1-padlock-nano"; 195 int ret; 196 197 alg = crypto_alloc_shash(hash_alg_name, CRYPTO_ALG_TYPE_SHASH, 0); 198 if (IS_ERR(alg)) { 199 pr_info("can't alloc alg %s\n", hash_alg_name); 200 return PTR_ERR(alg); 201 } 202 ret = calc_hash(alg, data, datalen, digest); 203 crypto_free_shash(alg); 204 return ret; 205 } 206 207 208Code Example For Random Number Generator Usage 209---------------------------------------------- 210 211:: 212 213 214 static int get_random_numbers(u8 *buf, unsigned int len) 215 { 216 struct crypto_rng *rng = NULL; 217 char *drbg = "drbg_nopr_sha256"; /* Hash DRBG with SHA-256, no PR */ 218 int ret; 219 220 if (!buf || !len) { 221 pr_debug("No output buffer provided\n"); 222 return -EINVAL; 223 } 224 225 rng = crypto_alloc_rng(drbg, 0, 0); 226 if (IS_ERR(rng)) { 227 pr_debug("could not allocate RNG handle for %s\n", drbg); 228 return PTR_ERR(rng); 229 } 230 231 ret = crypto_rng_get_bytes(rng, buf, len); 232 if (ret < 0) 233 pr_debug("generation of random numbers failed\n"); 234 else if (ret == 0) 235 pr_debug("RNG returned no data"); 236 else 237 pr_debug("RNG returned %d bytes of data\n", ret); 238 239 out: 240 crypto_free_rng(rng); 241 return ret; 242 } 243