How to use kernel crypto

How to use kernel crypto

[Freeman Zhang]

Hi list,

Recently I'm learning to use kernel crypto. I find some examples but
they are out of date.
I manage to write a test program, trying to use aes to encrypt 'buf'
,but something goes wrong:

struct scatterlist sg;
struct crypto_blkcipher *tfm;
struct blkcipher_desc desc;
unsigned char buf[10];
char *key = "00112233445566778899aabbccddeeff";
int keylen = 16;

memset(buf, 'A', 10);
tfm = crypto_alloc_blkcipher("ecb(aes)", 0, CRYPTO_ALG_ASYNC);
crypto_blkcipher_setkey(tfm,key,keylen);
desc.tfm = tfm;
desc.flags = 1;
sg_init_one(&sg, buf, 10);
crypto_blkcipher_encrypt(&desc, &sg, &sg, 10);
sg_set_buf(&sg, buf,10);
hexdump(buf,10);

The result of hexdump(buf) shows that 'buf' stay unchanged. What should
I do to encrypt the buffer?


All the best!
Freeman Zhang

How to use kernel crypto

[michi1 at michaelblizek.twilightparadox.com]

Hi!

On 21:28 Sat 14 Jun     , Freeman Zhang wrote:
> Hi list,
> 
> Recently I'm learning to use kernel crypto. I find some examples but
> they are out of date.
> I manage to write a test program, trying to use aes to encrypt 'buf'
> ,but something goes wrong:
> 
> struct scatterlist sg;
> struct crypto_blkcipher *tfm;
> struct blkcipher_desc desc;
> unsigned char buf[10];
> char *key = "00112233445566778899aabbccddeeff";
> int keylen = 16;
> 
> memset(buf, 'A', 10);
> tfm = crypto_alloc_blkcipher("ecb(aes)", 0, CRYPTO_ALG_ASYNC);
> crypto_blkcipher_setkey(tfm,key,keylen);
> desc.tfm = tfm;
> desc.flags = 1;
> sg_init_one(&sg, buf, 10);
> crypto_blkcipher_encrypt(&desc, &sg, &sg, 10);
> sg_set_buf(&sg, buf,10);
> hexdump(buf,10);
> 
> The result of hexdump(buf) shows that 'buf' stay unchanged. What should
> I do to encrypt the buffer?

Crypto works differently that you probably think it does.

First of all, NEVER NEVER NEVER NEVER NEVER NEVER NEVER use ecb mode. Open
wikipedia to see why. This is one of the most basic mistakes you can make.

The reason why the you see plaintext is probably because the buffer size is
not a multiple of you aes block size (16 bytes). But I must admit that leaving
the data unencrypted instead of e.g. zeroing it does not sound like a good api
design to me...

	-Michi
-- 
programing a layer 3+4 network protocol for mesh networks
see http://michaelblizek.twilightparadox.com

How to use kernel crypto

[Freeman Zhang]

Hi Michi,

On 14:42 Sun 15 June, michi1 at michaelblizek.twilightparadox.com wrote:
> Hi!
>
> On 21:28 Sat 14 Jun     , Freeman Zhang wrote:
>> Hi list,
>>
>> Recently I'm learning to use kernel crypto. I find some examples but
>> they are out of date.
>> I manage to write a test program, trying to use aes to encrypt 'buf'
>> ,but something goes wrong:
>>
>> struct scatterlist sg;
>> struct crypto_blkcipher *tfm;
>> struct blkcipher_desc desc;
>> unsigned char buf[10];
>> char *key = "00112233445566778899aabbccddeeff";
>> int keylen = 16;
>>
>> memset(buf, 'A', 10);
>> tfm = crypto_alloc_blkcipher("ecb(aes)", 0, CRYPTO_ALG_ASYNC);
>> crypto_blkcipher_setkey(tfm,key,keylen);
>> desc.tfm = tfm;
>> desc.flags = 1;
>> sg_init_one(&sg, buf, 10);
>> crypto_blkcipher_encrypt(&desc, &sg, &sg, 10);
>> sg_set_buf(&sg, buf,10);
>> hexdump(buf,10);
>>
>> The result of hexdump(buf) shows that 'buf' stay unchanged. What should
>> I do to encrypt the buffer?
> Crypto works differently that you probably think it does.
>
> First of all, NEVER NEVER NEVER NEVER NEVER NEVER NEVER use ecb mode. Open
> wikipedia to see why. This is one of the most basic mistakes you can make.
No one have told me that. I just pick up one mode randomly. Thanks for
the information.
> The reason why the you see plaintext is probably because the buffer size is
> not a multiple of you aes block size (16 bytes). 
Yes, you're right. I'm glad that there is no more plaintext when I
simply modified the buffer size to 16.
> But I must admit that leaving
> the data unencrypted instead of e.g. zeroing it does not sound like a good api
> design to me...
>
> 	-Michi
I've checked something about ecb mode and cbc mode.  I'm confused by the
iv. Is iv only for cbc mode?
How can I set up and initiate iv in the kernel? I don't know where to
find an example about this, just try-and-error.


Much thanks !

Freeman
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://lists.kernelnewbies.org/pipermail/kernelnewbies/attachments/20140615/49cdfce5/attachment.html 

How to use kernel crypto

[michi1 at michaelblizek.twilightparadox.com]

Hi!

On 21:53 Sun 15 Jun     , Freeman Zhang wrote:
> Hi Michi,
> 
> On 14:42 Sun 15 June, michi1 at michaelblizek.twilightparadox.com wrote:
...
> iv. Is iv only for cbc mode?

No, it is required for all modes.

> How can I set up and initiate iv in the kernel? I don't know where to
> find an example about this, just try-and-error.

http://en.wikipedia.org/wiki/Initialization_vector

Setting up the iv is a critical part for your security. You should know what
you are doing.

	-Michi
-- 
programing a layer 3+4 network protocol for mesh networks
see http://michaelblizek.twilightparadox.com