From: michi1@michaelblizek.twilightparadox.com (michi1 at michaelblizek.twilightparadox.com)
To: kernelnewbies@lists.kernelnewbies.org
Subject: How to use kernel crypto
Date: Sun, 15 Jun 2014 08:42:08 +0200 [thread overview]
Message-ID: <20140615064208.GA4444@grml> (raw)
In-Reply-To: <539C4E12.6000809@gmail.com>
Hi!
On 21:28 Sat 14 Jun , Freeman Zhang wrote:
> Hi list,
>
> Recently I'm learning to use kernel crypto. I find some examples but
> they are out of date.
> I manage to write a test program, trying to use aes to encrypt 'buf'
> ,but something goes wrong:
>
> struct scatterlist sg;
> struct crypto_blkcipher *tfm;
> struct blkcipher_desc desc;
> unsigned char buf[10];
> char *key = "00112233445566778899aabbccddeeff";
> int keylen = 16;
>
> memset(buf, 'A', 10);
> tfm = crypto_alloc_blkcipher("ecb(aes)", 0, CRYPTO_ALG_ASYNC);
> crypto_blkcipher_setkey(tfm,key,keylen);
> desc.tfm = tfm;
> desc.flags = 1;
> sg_init_one(&sg, buf, 10);
> crypto_blkcipher_encrypt(&desc, &sg, &sg, 10);
> sg_set_buf(&sg, buf,10);
> hexdump(buf,10);
>
> The result of hexdump(buf) shows that 'buf' stay unchanged. What should
> I do to encrypt the buffer?
Crypto works differently that you probably think it does.
First of all, NEVER NEVER NEVER NEVER NEVER NEVER NEVER use ecb mode. Open
wikipedia to see why. This is one of the most basic mistakes you can make.
The reason why the you see plaintext is probably because the buffer size is
not a multiple of you aes block size (16 bytes). But I must admit that leaving
the data unencrypted instead of e.g. zeroing it does not sound like a good api
design to me...
-Michi
--
programing a layer 3+4 network protocol for mesh networks
see http://michaelblizek.twilightparadox.com
next prev parent reply other threads:[~2014-06-15 6:42 UTC|newest]
Thread overview: 4+ messages / expand[flat|nested] mbox.gz Atom feed top
2014-06-14 13:28 How to use kernel crypto Freeman Zhang
2014-06-15 6:42 ` michi1 at michaelblizek.twilightparadox.com [this message]
2014-06-15 13:53 ` Freeman Zhang
2014-06-15 16:58 ` michi1 at michaelblizek.twilightparadox.com
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20140615064208.GA4444@grml \
--to=michi1@michaelblizek.twilightparadox.com \
--cc=kernelnewbies@lists.kernelnewbies.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).