Documentation/crypto/api-samples.rst - linux - Git at Google

 Code Examples
 =============

 Code Example For Symmetric Key Cipher Operation
 -----------------------------------------------

 ::


     struct tcrypt_result {
         struct completion completion;
         int err;
     };

     /* tie all data structures together */
     struct skcipher_def {
         struct scatterlist sg;
         struct crypto_skcipher *tfm;
         struct skcipher_request *req;
         struct tcrypt_result result;
     };

     /* Callback function */
     static void test_skcipher_cb(struct crypto_async_request *req, int error)
     {
         struct tcrypt_result *result = req->data;

         if (error == -EINPROGRESS)
             return;
         result->err = error;
         complete(&result->completion);
         pr_info("Encryption finished successfully\n");
     }

     /* Perform cipher operation */
     static unsigned int test_skcipher_encdec(struct skcipher_def *sk,
                          int enc)
     {
         int rc = 0;

         if (enc)
             rc = crypto_skcipher_encrypt(sk->req);
         else
             rc = crypto_skcipher_decrypt(sk->req);

         switch (rc) {
         case 0:
             break;
         case -EINPROGRESS:
         case -EBUSY:
             rc = wait_for_completion_interruptible(
                 &sk->result.completion);
             if (!rc && !sk->result.err) {
                 reinit_completion(&sk->result.completion);
                 break;
             }
         default:
             pr_info("skcipher encrypt returned with %d result %d\n",
                 rc, sk->result.err);
             break;
         }
         init_completion(&sk->result.completion);

         return rc;
     }

     /* Initialize and trigger cipher operation */
     static int test_skcipher(void)
     {
         struct skcipher_def sk;
         struct crypto_skcipher *skcipher = NULL;
         struct skcipher_request *req = NULL;
         char *scratchpad = NULL;
         char *ivdata = NULL;
         unsigned char key[32];
         int ret = -EFAULT;

         skcipher = crypto_alloc_skcipher("cbc-aes-aesni", 0, 0);
         if (IS_ERR(skcipher)) {
             pr_info("could not allocate skcipher handle\n");
             return PTR_ERR(skcipher);
         }

         req = skcipher_request_alloc(skcipher, GFP_KERNEL);
         if (!req) {
             pr_info("could not allocate skcipher request\n");
             ret = -ENOMEM;
             goto out;
         }

         skcipher_request_set_callback(req, CRYPTO_TFM_REQ_MAY_BACKLOG,
                           test_skcipher_cb,
                           &sk.result);

         /* AES 256 with random key */
         get_random_bytes(&key, 32);
         if (crypto_skcipher_setkey(skcipher, key, 32)) {
             pr_info("key could not be set\n");
             ret = -EAGAIN;
             goto out;
         }

         /* IV will be random */
         ivdata = kmalloc(16, GFP_KERNEL);
         if (!ivdata) {
             pr_info("could not allocate ivdata\n");
             goto out;
         }
         get_random_bytes(ivdata, 16);

         /* Input data will be random */
         scratchpad = kmalloc(16, GFP_KERNEL);
         if (!scratchpad) {
             pr_info("could not allocate scratchpad\n");
             goto out;
         }
         get_random_bytes(scratchpad, 16);

         sk.tfm = skcipher;
         sk.req = req;

         /* We encrypt one block */
         sg_init_one(&sk.sg, scratchpad, 16);
         skcipher_request_set_crypt(req, &sk.sg, &sk.sg, 16, ivdata);
         init_completion(&sk.result.completion);

         /* encrypt data */
         ret = test_skcipher_encdec(&sk, 1);
         if (ret)
             goto out;

         pr_info("Encryption triggered successfully\n");

     out:
         if (skcipher)
             crypto_free_skcipher(skcipher);
         if (req)
             skcipher_request_free(req);
         if (ivdata)
             kfree(ivdata);
         if (scratchpad)
             kfree(scratchpad);
         return ret;
     }


 Code Example For Use of Operational State Memory With SHASH
 -----------------------------------------------------------

 ::


     struct sdesc {
         struct shash_desc shash;
         char ctx[];
     };

     static struct sdescinit_sdesc(struct crypto_shash *alg)
     {
         struct sdescsdesc;
         int size;

         size = sizeof(struct shash_desc) + crypto_shash_descsize(alg);
         sdesc = kmalloc(size, GFP_KERNEL);
         if (!sdesc)
             return ERR_PTR(-ENOMEM);
         sdesc->shash.tfm = alg;
         sdesc->shash.flags = 0x0;
         return sdesc;
     }

     static int calc_hash(struct crypto_shashalg,
                  const unsigned chardata, unsigned int datalen,
                  unsigned chardigest) {
         struct sdescsdesc;
         int ret;

         sdesc = init_sdesc(alg);
         if (IS_ERR(sdesc)) {
             pr_info("trusted_key: can't alloc %s\n", hash_alg);
             return PTR_ERR(sdesc);
         }

         ret = crypto_shash_digest(&sdesc->shash, data, datalen, digest);
         kfree(sdesc);
         return ret;
     }


 Code Example For Random Number Generator Usage
 ----------------------------------------------

 ::


     static int get_random_numbers(u8 *buf, unsigned int len)
     {
         struct crypto_rngrng = NULL;
         chardrbg = "drbg_nopr_sha256"; /* Hash DRBG with SHA-256, no PR */
         int ret;

         if (!buf || !len) {
             pr_debug("No output buffer provided\n");
             return -EINVAL;
         }

         rng = crypto_alloc_rng(drbg, 0, 0);
         if (IS_ERR(rng)) {
             pr_debug("could not allocate RNG handle for %s\n", drbg);
             return -PTR_ERR(rng);
         }

         ret = crypto_rng_get_bytes(rng, buf, len);
         if (ret < 0)
             pr_debug("generation of random numbers failed\n");
         else if (ret == 0)
             pr_debug("RNG returned no data");
         else
             pr_debug("RNG returned %d bytes of data\n", ret);

     out:
         crypto_free_rng(rng);
         return ret;
     }
	Code Examples
	=============

	Code Example For Symmetric Key Cipher Operation
	-----------------------------------------------

	::


	struct tcrypt_result {
	struct completion completion;
	int err;
	};

	/* tie all data structures together */
	struct skcipher_def {
	struct scatterlist sg;
	struct crypto_skcipher *tfm;
	struct skcipher_request *req;
	struct tcrypt_result result;
	};

	/* Callback function */
	static void test_skcipher_cb(struct crypto_async_request *req, int error)
	{
	struct tcrypt_result *result = req->data;

	if (error == -EINPROGRESS)
	return;
	result->err = error;
	complete(&result->completion);
	pr_info("Encryption finished successfully\n");
	}

	/* Perform cipher operation */
	static unsigned int test_skcipher_encdec(struct skcipher_def *sk,
	int enc)
	{
	int rc = 0;

	if (enc)
	rc = crypto_skcipher_encrypt(sk->req);
	else
	rc = crypto_skcipher_decrypt(sk->req);

	switch (rc) {
	case 0:
	break;
	case -EINPROGRESS:
	case -EBUSY:
	rc = wait_for_completion_interruptible(
	&sk->result.completion);
	if (!rc && !sk->result.err) {
	reinit_completion(&sk->result.completion);
	break;
	}
	default:
	pr_info("skcipher encrypt returned with %d result %d\n",
	rc, sk->result.err);
	break;
	}
	init_completion(&sk->result.completion);

	return rc;
	}

	/* Initialize and trigger cipher operation */
	static int test_skcipher(void)
	{
	struct skcipher_def sk;
	struct crypto_skcipher *skcipher = NULL;
	struct skcipher_request *req = NULL;
	char *scratchpad = NULL;
	char *ivdata = NULL;
	unsigned char key[32];
	int ret = -EFAULT;

	skcipher = crypto_alloc_skcipher("cbc-aes-aesni", 0, 0);
	if (IS_ERR(skcipher)) {
	pr_info("could not allocate skcipher handle\n");
	return PTR_ERR(skcipher);
	}

	req = skcipher_request_alloc(skcipher, GFP_KERNEL);
	if (!req) {
	pr_info("could not allocate skcipher request\n");
	ret = -ENOMEM;
	goto out;
	}

	skcipher_request_set_callback(req, CRYPTO_TFM_REQ_MAY_BACKLOG,
	test_skcipher_cb,
	&sk.result);

	/* AES 256 with random key */
	get_random_bytes(&key, 32);
	if (crypto_skcipher_setkey(skcipher, key, 32)) {
	pr_info("key could not be set\n");
	ret = -EAGAIN;
	goto out;
	}

	/* IV will be random */
	ivdata = kmalloc(16, GFP_KERNEL);
	if (!ivdata) {
	pr_info("could not allocate ivdata\n");
	goto out;
	}
	get_random_bytes(ivdata, 16);

	/* Input data will be random */
	scratchpad = kmalloc(16, GFP_KERNEL);
	if (!scratchpad) {
	pr_info("could not allocate scratchpad\n");
	goto out;
	}
	get_random_bytes(scratchpad, 16);

	sk.tfm = skcipher;
	sk.req = req;

	/* We encrypt one block */
	sg_init_one(&sk.sg, scratchpad, 16);
	skcipher_request_set_crypt(req, &sk.sg, &sk.sg, 16, ivdata);
	init_completion(&sk.result.completion);

	/* encrypt data */
	ret = test_skcipher_encdec(&sk, 1);
	if (ret)
	goto out;

	pr_info("Encryption triggered successfully\n");

	out:
	if (skcipher)
	crypto_free_skcipher(skcipher);
	if (req)
	skcipher_request_free(req);
	if (ivdata)
	kfree(ivdata);
	if (scratchpad)
	kfree(scratchpad);
	return ret;
	}


	Code Example For Use of Operational State Memory With SHASH
	-----------------------------------------------------------

	::


	struct sdesc {
	struct shash_desc shash;
	char ctx[];
	};

	static struct sdescinit_sdesc(struct crypto_shash *alg)
	{
	struct sdescsdesc;
	int size;

	size = sizeof(struct shash_desc) + crypto_shash_descsize(alg);
	sdesc = kmalloc(size, GFP_KERNEL);
	if (!sdesc)
	return ERR_PTR(-ENOMEM);
	sdesc->shash.tfm = alg;
	sdesc->shash.flags = 0x0;
	return sdesc;
	}

	static int calc_hash(struct crypto_shashalg,
	const unsigned chardata, unsigned int datalen,
	unsigned chardigest) {
	struct sdescsdesc;
	int ret;

	sdesc = init_sdesc(alg);
	if (IS_ERR(sdesc)) {
	pr_info("trusted_key: can't alloc %s\n", hash_alg);
	return PTR_ERR(sdesc);
	}

	ret = crypto_shash_digest(&sdesc->shash, data, datalen, digest);
	kfree(sdesc);
	return ret;
	}


	Code Example For Random Number Generator Usage
	----------------------------------------------

	::


	static int get_random_numbers(u8 *buf, unsigned int len)
	{
	struct crypto_rngrng = NULL;
	chardrbg = "drbg_nopr_sha256"; /* Hash DRBG with SHA-256, no PR */
	int ret;

	if (!buf \|\| !len) {
	pr_debug("No output buffer provided\n");
	return -EINVAL;
	}

	rng = crypto_alloc_rng(drbg, 0, 0);
	if (IS_ERR(rng)) {
	pr_debug("could not allocate RNG handle for %s\n", drbg);
	return -PTR_ERR(rng);
	}

	ret = crypto_rng_get_bytes(rng, buf, len);
	if (ret < 0)
	pr_debug("generation of random numbers failed\n");
	else if (ret == 0)
	pr_debug("RNG returned no data");
	else
	pr_debug("RNG returned %d bytes of data\n", ret);

	out:
	crypto_free_rng(rng);
	return ret;
	}