1Code Examples 2============= 3 4Code Example For Symmetric Key Cipher Operation 5----------------------------------------------- 6 7:: 8 9 10 struct tcrypt_result { 11 struct completion completion; 12 int err; 13 }; 14 15 /* tie all data structures together */ 16 struct skcipher_def { 17 struct scatterlist sg; 18 struct crypto_skcipher *tfm; 19 struct skcipher_request *req; 20 struct tcrypt_result result; 21 }; 22 23 /* Callback function */ 24 static void test_skcipher_cb(struct crypto_async_request *req, int error) 25 { 26 struct tcrypt_result *result = req->data; 27 28 if (error == -EINPROGRESS) 29 return; 30 result->err = error; 31 complete(&result->completion); 32 pr_info("Encryption finished successfully\n"); 33 } 34 35 /* Perform cipher operation */ 36 static unsigned int test_skcipher_encdec(struct skcipher_def *sk, 37 int enc) 38 { 39 int rc = 0; 40 41 if (enc) 42 rc = crypto_skcipher_encrypt(sk->req); 43 else 44 rc = crypto_skcipher_decrypt(sk->req); 45 46 switch (rc) { 47 case 0: 48 break; 49 case -EINPROGRESS: 50 case -EBUSY: 51 rc = wait_for_completion_interruptible( 52 &sk->result.completion); 53 if (!rc && !sk->result.err) { 54 reinit_completion(&sk->result.completion); 55 break; 56 } 57 default: 58 pr_info("skcipher encrypt returned with %d result %d\n", 59 rc, sk->result.err); 60 break; 61 } 62 init_completion(&sk->result.completion); 63 64 return rc; 65 } 66 67 /* Initialize and trigger cipher operation */ 68 static int test_skcipher(void) 69 { 70 struct skcipher_def sk; 71 struct crypto_skcipher *skcipher = NULL; 72 struct skcipher_request *req = NULL; 73 char *scratchpad = NULL; 74 char *ivdata = NULL; 75 unsigned char key[32]; 76 int ret = -EFAULT; 77 78 skcipher = crypto_alloc_skcipher("cbc-aes-aesni", 0, 0); 79 if (IS_ERR(skcipher)) { 80 pr_info("could not allocate skcipher handle\n"); 81 return PTR_ERR(skcipher); 82 } 83 84 req = skcipher_request_alloc(skcipher, GFP_KERNEL); 85 if (!req) { 86 pr_info("could not allocate skcipher request\n"); 87 ret = -ENOMEM; 88 goto out; 89 } 90 91 skcipher_request_set_callback(req, CRYPTO_TFM_REQ_MAY_BACKLOG, 92 test_skcipher_cb, 93 &sk.result); 94 95 /* AES 256 with random key */ 96 get_random_bytes(&key, 32); 97 if (crypto_skcipher_setkey(skcipher, key, 32)) { 98 pr_info("key could not be set\n"); 99 ret = -EAGAIN; 100 goto out; 101 } 102 103 /* IV will be random */ 104 ivdata = kmalloc(16, GFP_KERNEL); 105 if (!ivdata) { 106 pr_info("could not allocate ivdata\n"); 107 goto out; 108 } 109 get_random_bytes(ivdata, 16); 110 111 /* Input data will be random */ 112 scratchpad = kmalloc(16, GFP_KERNEL); 113 if (!scratchpad) { 114 pr_info("could not allocate scratchpad\n"); 115 goto out; 116 } 117 get_random_bytes(scratchpad, 16); 118 119 sk.tfm = skcipher; 120 sk.req = req; 121 122 /* We encrypt one block */ 123 sg_init_one(&sk.sg, scratchpad, 16); 124 skcipher_request_set_crypt(req, &sk.sg, &sk.sg, 16, ivdata); 125 init_completion(&sk.result.completion); 126 127 /* encrypt data */ 128 ret = test_skcipher_encdec(&sk, 1); 129 if (ret) 130 goto out; 131 132 pr_info("Encryption triggered successfully\n"); 133 134 out: 135 if (skcipher) 136 crypto_free_skcipher(skcipher); 137 if (req) 138 skcipher_request_free(req); 139 if (ivdata) 140 kfree(ivdata); 141 if (scratchpad) 142 kfree(scratchpad); 143 return ret; 144 } 145 146 147Code Example For Use of Operational State Memory With SHASH 148----------------------------------------------------------- 149 150:: 151 152 153 struct sdesc { 154 struct shash_desc shash; 155 char ctx[]; 156 }; 157 158 static struct sdescinit_sdesc(struct crypto_shash *alg) 159 { 160 struct sdescsdesc; 161 int size; 162 163 size = sizeof(struct shash_desc) + crypto_shash_descsize(alg); 164 sdesc = kmalloc(size, GFP_KERNEL); 165 if (!sdesc) 166 return ERR_PTR(-ENOMEM); 167 sdesc->shash.tfm = alg; 168 sdesc->shash.flags = 0x0; 169 return sdesc; 170 } 171 172 static int calc_hash(struct crypto_shashalg, 173 const unsigned chardata, unsigned int datalen, 174 unsigned chardigest) { 175 struct sdescsdesc; 176 int ret; 177 178 sdesc = init_sdesc(alg); 179 if (IS_ERR(sdesc)) { 180 pr_info("trusted_key: can't alloc %s\n", hash_alg); 181 return PTR_ERR(sdesc); 182 } 183 184 ret = crypto_shash_digest(&sdesc->shash, data, datalen, digest); 185 kfree(sdesc); 186 return ret; 187 } 188 189 190Code Example For Random Number Generator Usage 191---------------------------------------------- 192 193:: 194 195 196 static int get_random_numbers(u8 *buf, unsigned int len) 197 { 198 struct crypto_rngrng = NULL; 199 chardrbg = "drbg_nopr_sha256"; /* Hash DRBG with SHA-256, no PR */ 200 int ret; 201 202 if (!buf || !len) { 203 pr_debug("No output buffer provided\n"); 204 return -EINVAL; 205 } 206 207 rng = crypto_alloc_rng(drbg, 0, 0); 208 if (IS_ERR(rng)) { 209 pr_debug("could not allocate RNG handle for %s\n", drbg); 210 return -PTR_ERR(rng); 211 } 212 213 ret = crypto_rng_get_bytes(rng, buf, len); 214 if (ret < 0) 215 pr_debug("generation of random numbers failed\n"); 216 else if (ret == 0) 217 pr_debug("RNG returned no data"); 218 else 219 pr_debug("RNG returned %d bytes of data\n", ret); 220 221 out: 222 crypto_free_rng(rng); 223 return ret; 224 } 225