xref: /openbmc/linux/Documentation/crypto/api-samples.rst (revision 7f2e85840871f199057e65232ebde846192ed989)
1Code Examples
2=============
3
4Code Example For Symmetric Key Cipher Operation
5-----------------------------------------------
6
7::
8
9
10    /* tie all data structures together */
11    struct skcipher_def {
12        struct scatterlist sg;
13        struct crypto_skcipher *tfm;
14        struct skcipher_request *req;
15        struct crypto_wait wait;
16    };
17
18    /* Perform cipher operation */
19    static unsigned int test_skcipher_encdec(struct skcipher_def *sk,
20                         int enc)
21    {
22        int rc;
23
24        if (enc)
25            rc = crypto_wait_req(crypto_skcipher_encrypt(sk->req), &sk->wait);
26        else
27            rc = crypto_wait_req(crypto_skcipher_decrypt(sk->req), &sk->wait);
28
29	if (rc)
30		pr_info("skcipher encrypt returned with result %d\n", rc);
31
32        return rc;
33    }
34
35    /* Initialize and trigger cipher operation */
36    static int test_skcipher(void)
37    {
38        struct skcipher_def sk;
39        struct crypto_skcipher *skcipher = NULL;
40        struct skcipher_request *req = NULL;
41        char *scratchpad = NULL;
42        char *ivdata = NULL;
43        unsigned char key[32];
44        int ret = -EFAULT;
45
46        skcipher = crypto_alloc_skcipher("cbc-aes-aesni", 0, 0);
47        if (IS_ERR(skcipher)) {
48            pr_info("could not allocate skcipher handle\n");
49            return PTR_ERR(skcipher);
50        }
51
52        req = skcipher_request_alloc(skcipher, GFP_KERNEL);
53        if (!req) {
54            pr_info("could not allocate skcipher request\n");
55            ret = -ENOMEM;
56            goto out;
57        }
58
59        skcipher_request_set_callback(req, CRYPTO_TFM_REQ_MAY_BACKLOG,
60                          crypto_req_done,
61                          &sk.wait);
62
63        /* AES 256 with random key */
64        get_random_bytes(&key, 32);
65        if (crypto_skcipher_setkey(skcipher, key, 32)) {
66            pr_info("key could not be set\n");
67            ret = -EAGAIN;
68            goto out;
69        }
70
71        /* IV will be random */
72        ivdata = kmalloc(16, GFP_KERNEL);
73        if (!ivdata) {
74            pr_info("could not allocate ivdata\n");
75            goto out;
76        }
77        get_random_bytes(ivdata, 16);
78
79        /* Input data will be random */
80        scratchpad = kmalloc(16, GFP_KERNEL);
81        if (!scratchpad) {
82            pr_info("could not allocate scratchpad\n");
83            goto out;
84        }
85        get_random_bytes(scratchpad, 16);
86
87        sk.tfm = skcipher;
88        sk.req = req;
89
90        /* We encrypt one block */
91        sg_init_one(&sk.sg, scratchpad, 16);
92        skcipher_request_set_crypt(req, &sk.sg, &sk.sg, 16, ivdata);
93        crypto_init_wait(&sk.wait);
94
95        /* encrypt data */
96        ret = test_skcipher_encdec(&sk, 1);
97        if (ret)
98            goto out;
99
100        pr_info("Encryption triggered successfully\n");
101
102    out:
103        if (skcipher)
104            crypto_free_skcipher(skcipher);
105        if (req)
106            skcipher_request_free(req);
107        if (ivdata)
108            kfree(ivdata);
109        if (scratchpad)
110            kfree(scratchpad);
111        return ret;
112    }
113
114
115Code Example For Use of Operational State Memory With SHASH
116-----------------------------------------------------------
117
118::
119
120
121    struct sdesc {
122        struct shash_desc shash;
123        char ctx[];
124    };
125
126    static struct sdesc *init_sdesc(struct crypto_shash *alg)
127    {
128        struct sdesc *sdesc;
129        int size;
130
131        size = sizeof(struct shash_desc) + crypto_shash_descsize(alg);
132        sdesc = kmalloc(size, GFP_KERNEL);
133        if (!sdesc)
134            return ERR_PTR(-ENOMEM);
135        sdesc->shash.tfm = alg;
136        sdesc->shash.flags = 0x0;
137        return sdesc;
138    }
139
140    static int calc_hash(struct crypto_shash *alg,
141                 const unsigned char *data, unsigned int datalen,
142                 unsigned char *digest)
143    {
144        struct sdesc *sdesc;
145        int ret;
146
147        sdesc = init_sdesc(alg);
148        if (IS_ERR(sdesc)) {
149            pr_info("can't alloc sdesc\n");
150            return PTR_ERR(sdesc);
151        }
152
153        ret = crypto_shash_digest(&sdesc->shash, data, datalen, digest);
154        kfree(sdesc);
155        return ret;
156    }
157
158    static int test_hash(const unsigned char *data, unsigned int datalen,
159                 unsigned char *digest)
160    {
161        struct crypto_shash *alg;
162        char *hash_alg_name = "sha1-padlock-nano";
163        int ret;
164
165        alg = crypto_alloc_shash(hash_alg_name, CRYPTO_ALG_TYPE_SHASH, 0);
166        if (IS_ERR(alg)) {
167                pr_info("can't alloc alg %s\n", hash_alg_name);
168                return PTR_ERR(alg);
169        }
170        ret = calc_hash(alg, data, datalen, digest);
171        crypto_free_shash(alg);
172        return ret;
173    }
174
175
176Code Example For Random Number Generator Usage
177----------------------------------------------
178
179::
180
181
182    static int get_random_numbers(u8 *buf, unsigned int len)
183    {
184        struct crypto_rng *rng = NULL;
185        char *drbg = "drbg_nopr_sha256"; /* Hash DRBG with SHA-256, no PR */
186        int ret;
187
188        if (!buf || !len) {
189            pr_debug("No output buffer provided\n");
190            return -EINVAL;
191        }
192
193        rng = crypto_alloc_rng(drbg, 0, 0);
194        if (IS_ERR(rng)) {
195            pr_debug("could not allocate RNG handle for %s\n", drbg);
196            return PTR_ERR(rng);
197        }
198
199        ret = crypto_rng_get_bytes(rng, buf, len);
200        if (ret < 0)
201            pr_debug("generation of random numbers failed\n");
202        else if (ret == 0)
203            pr_debug("RNG returned no data");
204        else
205            pr_debug("RNG returned %d bytes of data\n", ret);
206
207    out:
208        crypto_free_rng(rng);
209        return ret;
210    }
211