]>
Commit | Line | Data |
---|---|---|
3b72c814 SM |
1 | Code Examples |
2 | ============= | |
3 | ||
4 | Code Example For Symmetric Key Cipher Operation | |
5 | ----------------------------------------------- | |
6 | ||
7 | :: | |
8 | ||
9 | ||
10 | struct tcrypt_result { | |
11 | struct completion completion; | |
12 | int err; | |
13 | }; | |
14 | ||
15 | /* tie all data structures together */ | |
16 | struct skcipher_def { | |
17 | struct scatterlist sg; | |
18 | struct crypto_skcipher *tfm; | |
19 | struct skcipher_request *req; | |
20 | struct tcrypt_result result; | |
21 | }; | |
22 | ||
23 | /* Callback function */ | |
24 | static void test_skcipher_cb(struct crypto_async_request *req, int error) | |
25 | { | |
26 | struct tcrypt_result *result = req->data; | |
27 | ||
28 | if (error == -EINPROGRESS) | |
29 | return; | |
30 | result->err = error; | |
31 | complete(&result->completion); | |
32 | pr_info("Encryption finished successfully\n"); | |
33 | } | |
34 | ||
35 | /* Perform cipher operation */ | |
36 | static unsigned int test_skcipher_encdec(struct skcipher_def *sk, | |
37 | int enc) | |
38 | { | |
39 | int rc = 0; | |
40 | ||
41 | if (enc) | |
42 | rc = crypto_skcipher_encrypt(sk->req); | |
43 | else | |
44 | rc = crypto_skcipher_decrypt(sk->req); | |
45 | ||
46 | switch (rc) { | |
47 | case 0: | |
48 | break; | |
49 | case -EINPROGRESS: | |
50 | case -EBUSY: | |
51 | rc = wait_for_completion_interruptible( | |
52 | &sk->result.completion); | |
53 | if (!rc && !sk->result.err) { | |
54 | reinit_completion(&sk->result.completion); | |
55 | break; | |
56 | } | |
57 | default: | |
58 | pr_info("skcipher encrypt returned with %d result %d\n", | |
59 | rc, sk->result.err); | |
60 | break; | |
61 | } | |
62 | init_completion(&sk->result.completion); | |
63 | ||
64 | return rc; | |
65 | } | |
66 | ||
67 | /* Initialize and trigger cipher operation */ | |
68 | static int test_skcipher(void) | |
69 | { | |
70 | struct skcipher_def sk; | |
71 | struct crypto_skcipher *skcipher = NULL; | |
72 | struct skcipher_request *req = NULL; | |
73 | char *scratchpad = NULL; | |
74 | char *ivdata = NULL; | |
75 | unsigned char key[32]; | |
76 | int ret = -EFAULT; | |
77 | ||
78 | skcipher = crypto_alloc_skcipher("cbc-aes-aesni", 0, 0); | |
79 | if (IS_ERR(skcipher)) { | |
80 | pr_info("could not allocate skcipher handle\n"); | |
81 | return PTR_ERR(skcipher); | |
82 | } | |
83 | ||
84 | req = skcipher_request_alloc(skcipher, GFP_KERNEL); | |
85 | if (!req) { | |
86 | pr_info("could not allocate skcipher request\n"); | |
87 | ret = -ENOMEM; | |
88 | goto out; | |
89 | } | |
90 | ||
91 | skcipher_request_set_callback(req, CRYPTO_TFM_REQ_MAY_BACKLOG, | |
92 | test_skcipher_cb, | |
93 | &sk.result); | |
94 | ||
95 | /* AES 256 with random key */ | |
96 | get_random_bytes(&key, 32); | |
97 | if (crypto_skcipher_setkey(skcipher, key, 32)) { | |
98 | pr_info("key could not be set\n"); | |
99 | ret = -EAGAIN; | |
100 | goto out; | |
101 | } | |
102 | ||
103 | /* IV will be random */ | |
104 | ivdata = kmalloc(16, GFP_KERNEL); | |
105 | if (!ivdata) { | |
106 | pr_info("could not allocate ivdata\n"); | |
107 | goto out; | |
108 | } | |
109 | get_random_bytes(ivdata, 16); | |
110 | ||
111 | /* Input data will be random */ | |
112 | scratchpad = kmalloc(16, GFP_KERNEL); | |
113 | if (!scratchpad) { | |
114 | pr_info("could not allocate scratchpad\n"); | |
115 | goto out; | |
116 | } | |
117 | get_random_bytes(scratchpad, 16); | |
118 | ||
119 | sk.tfm = skcipher; | |
120 | sk.req = req; | |
121 | ||
122 | /* We encrypt one block */ | |
123 | sg_init_one(&sk.sg, scratchpad, 16); | |
124 | skcipher_request_set_crypt(req, &sk.sg, &sk.sg, 16, ivdata); | |
125 | init_completion(&sk.result.completion); | |
126 | ||
127 | /* encrypt data */ | |
128 | ret = test_skcipher_encdec(&sk, 1); | |
129 | if (ret) | |
130 | goto out; | |
131 | ||
132 | pr_info("Encryption triggered successfully\n"); | |
133 | ||
134 | out: | |
135 | if (skcipher) | |
136 | crypto_free_skcipher(skcipher); | |
137 | if (req) | |
138 | skcipher_request_free(req); | |
139 | if (ivdata) | |
140 | kfree(ivdata); | |
141 | if (scratchpad) | |
142 | kfree(scratchpad); | |
143 | return ret; | |
144 | } | |
145 | ||
146 | ||
147 | Code Example For Use of Operational State Memory With SHASH | |
148 | ----------------------------------------------------------- | |
149 | ||
150 | :: | |
151 | ||
152 | ||
153 | struct sdesc { | |
154 | struct shash_desc shash; | |
155 | char ctx[]; | |
156 | }; | |
157 | ||
158 | static struct sdescinit_sdesc(struct crypto_shash *alg) | |
159 | { | |
160 | struct sdescsdesc; | |
161 | int size; | |
162 | ||
163 | size = sizeof(struct shash_desc) + crypto_shash_descsize(alg); | |
164 | sdesc = kmalloc(size, GFP_KERNEL); | |
165 | if (!sdesc) | |
166 | return ERR_PTR(-ENOMEM); | |
167 | sdesc->shash.tfm = alg; | |
168 | sdesc->shash.flags = 0x0; | |
169 | return sdesc; | |
170 | } | |
171 | ||
172 | static int calc_hash(struct crypto_shashalg, | |
173 | const unsigned chardata, unsigned int datalen, | |
174 | unsigned chardigest) { | |
175 | struct sdescsdesc; | |
176 | int ret; | |
177 | ||
178 | sdesc = init_sdesc(alg); | |
179 | if (IS_ERR(sdesc)) { | |
180 | pr_info("trusted_key: can't alloc %s\n", hash_alg); | |
181 | return PTR_ERR(sdesc); | |
182 | } | |
183 | ||
184 | ret = crypto_shash_digest(&sdesc->shash, data, datalen, digest); | |
185 | kfree(sdesc); | |
186 | return ret; | |
187 | } | |
188 | ||
189 | ||
190 | Code Example For Random Number Generator Usage | |
191 | ---------------------------------------------- | |
192 | ||
193 | :: | |
194 | ||
195 | ||
196 | static int get_random_numbers(u8 *buf, unsigned int len) | |
197 | { | |
198 | struct crypto_rngrng = NULL; | |
199 | chardrbg = "drbg_nopr_sha256"; /* Hash DRBG with SHA-256, no PR */ | |
200 | int ret; | |
201 | ||
202 | if (!buf || !len) { | |
203 | pr_debug("No output buffer provided\n"); | |
204 | return -EINVAL; | |
205 | } | |
206 | ||
207 | rng = crypto_alloc_rng(drbg, 0, 0); | |
208 | if (IS_ERR(rng)) { | |
209 | pr_debug("could not allocate RNG handle for %s\n", drbg); | |
210 | return -PTR_ERR(rng); | |
211 | } | |
212 | ||
213 | ret = crypto_rng_get_bytes(rng, buf, len); | |
214 | if (ret < 0) | |
215 | pr_debug("generation of random numbers failed\n"); | |
216 | else if (ret == 0) | |
217 | pr_debug("RNG returned no data"); | |
218 | else | |
219 | pr_debug("RNG returned %d bytes of data\n", ret); | |
220 | ||
221 | out: | |
222 | crypto_free_rng(rng); | |
223 | return ret; | |
224 | } |