Linux Audio

Check our new training course

Loading...
Note: File does not exist in v4.6.
  1Code Examples
  2=============
  3
  4Code Example For Symmetric Key Cipher Operation
  5-----------------------------------------------
  6
  7This code encrypts some data with AES-256-XTS.  For sake of example,
  8all inputs are random bytes, the encryption is done in-place, and it's
  9assumed the code is running in a context where it can sleep.
 10
 11::
 12
 13    static int test_skcipher(void)
 14    {
 15            struct crypto_skcipher *tfm = NULL;
 16            struct skcipher_request *req = NULL;
 17            u8 *data = NULL;
 18            const size_t datasize = 512; /* data size in bytes */
 19            struct scatterlist sg;
 20            DECLARE_CRYPTO_WAIT(wait);
 21            u8 iv[16];  /* AES-256-XTS takes a 16-byte IV */
 22            u8 key[64]; /* AES-256-XTS takes a 64-byte key */
 23            int err;
 24
 25            /*
 26             * Allocate a tfm (a transformation object) and set the key.
 27             *
 28             * In real-world use, a tfm and key are typically used for many
 29             * encryption/decryption operations.  But in this example, we'll just do a
 30             * single encryption operation with it (which is not very efficient).
 31             */
 32
 33            tfm = crypto_alloc_skcipher("xts(aes)", 0, 0);
 34            if (IS_ERR(tfm)) {
 35                    pr_err("Error allocating xts(aes) handle: %ld\n", PTR_ERR(tfm));
 36                    return PTR_ERR(tfm);
 37            }
 38
 39            get_random_bytes(key, sizeof(key));
 40            err = crypto_skcipher_setkey(tfm, key, sizeof(key));
 41            if (err) {
 42                    pr_err("Error setting key: %d\n", err);
 43                    goto out;
 44            }
 45
 46            /* Allocate a request object */
 47            req = skcipher_request_alloc(tfm, GFP_KERNEL);
 48            if (!req) {
 49                    err = -ENOMEM;
 50                    goto out;
 51            }
 52
 53            /* Prepare the input data */
 54            data = kmalloc(datasize, GFP_KERNEL);
 55            if (!data) {
 56                    err = -ENOMEM;
 57                    goto out;
 58            }
 59            get_random_bytes(data, datasize);
 60
 61            /* Initialize the IV */
 62            get_random_bytes(iv, sizeof(iv));
 63
 64            /*
 65             * Encrypt the data in-place.
 66             *
 67             * For simplicity, in this example we wait for the request to complete
 68             * before proceeding, even if the underlying implementation is asynchronous.
 69             *
 70             * To decrypt instead of encrypt, just change crypto_skcipher_encrypt() to
 71             * crypto_skcipher_decrypt().
 72             */
 73            sg_init_one(&sg, data, datasize);
 74            skcipher_request_set_callback(req, CRYPTO_TFM_REQ_MAY_BACKLOG |
 75                                               CRYPTO_TFM_REQ_MAY_SLEEP,
 76                                          crypto_req_done, &wait);
 77            skcipher_request_set_crypt(req, &sg, &sg, datasize, iv);
 78            err = crypto_wait_req(crypto_skcipher_encrypt(req), &wait);
 79            if (err) {
 80                    pr_err("Error encrypting data: %d\n", err);
 81                    goto out;
 82            }
 83
 84            pr_debug("Encryption was successful\n");
 85    out:
 86            crypto_free_skcipher(tfm);
 87            skcipher_request_free(req);
 88            kfree(data);
 89            return err;
 90    }
 91
 92
 93Code Example For Use of Operational State Memory With SHASH
 94-----------------------------------------------------------
 95
 96::
 97
 98
 99    struct sdesc {
100        struct shash_desc shash;
101        char ctx[];
102    };
103
104    static struct sdesc *init_sdesc(struct crypto_shash *alg)
105    {
106        struct sdesc *sdesc;
107        int size;
108
109        size = sizeof(struct shash_desc) + crypto_shash_descsize(alg);
110        sdesc = kmalloc(size, GFP_KERNEL);
111        if (!sdesc)
112            return ERR_PTR(-ENOMEM);
113        sdesc->shash.tfm = alg;
114        return sdesc;
115    }
116
117    static int calc_hash(struct crypto_shash *alg,
118                 const unsigned char *data, unsigned int datalen,
119                 unsigned char *digest)
120    {
121        struct sdesc *sdesc;
122        int ret;
123
124        sdesc = init_sdesc(alg);
125        if (IS_ERR(sdesc)) {
126            pr_info("can't alloc sdesc\n");
127            return PTR_ERR(sdesc);
128        }
129
130        ret = crypto_shash_digest(&sdesc->shash, data, datalen, digest);
131        kfree(sdesc);
132        return ret;
133    }
134
135    static int test_hash(const unsigned char *data, unsigned int datalen,
136                 unsigned char *digest)
137    {
138        struct crypto_shash *alg;
139        char *hash_alg_name = "sha1-padlock-nano";
140        int ret;
141
142        alg = crypto_alloc_shash(hash_alg_name, 0, 0);
143        if (IS_ERR(alg)) {
144                pr_info("can't alloc alg %s\n", hash_alg_name);
145                return PTR_ERR(alg);
146        }
147        ret = calc_hash(alg, data, datalen, digest);
148        crypto_free_shash(alg);
149        return ret;
150    }
151
152
153Code Example For Random Number Generator Usage
154----------------------------------------------
155
156::
157
158
159    static int get_random_numbers(u8 *buf, unsigned int len)
160    {
161        struct crypto_rng *rng = NULL;
162        char *drbg = "drbg_nopr_sha256"; /* Hash DRBG with SHA-256, no PR */
163        int ret;
164
165        if (!buf || !len) {
166            pr_debug("No output buffer provided\n");
167            return -EINVAL;
168        }
169
170        rng = crypto_alloc_rng(drbg, 0, 0);
171        if (IS_ERR(rng)) {
172            pr_debug("could not allocate RNG handle for %s\n", drbg);
173            return PTR_ERR(rng);
174        }
175
176        ret = crypto_rng_get_bytes(rng, buf, len);
177        if (ret < 0)
178            pr_debug("generation of random numbers failed\n");
179        else if (ret == 0)
180            pr_debug("RNG returned no data");
181        else
182            pr_debug("RNG returned %d bytes of data\n", ret);
183
184    out:
185        crypto_free_rng(rng);
186        return ret;
187    }