From: freeman.zhang1992@gmail.com (Freeman Zhang)
To: kernelnewbies@lists.kernelnewbies.org
Subject: How to use kernel crypto
Date: Sun, 15 Jun 2014 21:53:54 +0800 [thread overview]
Message-ID: <539DA572.9070900@gmail.com> (raw)
In-Reply-To: <20140615064208.GA4444@grml>
Hi Michi,
On 14:42 Sun 15 June, michi1 at michaelblizek.twilightparadox.com wrote:
> Hi!
>
> On 21:28 Sat 14 Jun , Freeman Zhang wrote:
>> Hi list,
>>
>> Recently I'm learning to use kernel crypto. I find some examples but
>> they are out of date.
>> I manage to write a test program, trying to use aes to encrypt 'buf'
>> ,but something goes wrong:
>>
>> struct scatterlist sg;
>> struct crypto_blkcipher *tfm;
>> struct blkcipher_desc desc;
>> unsigned char buf[10];
>> char *key = "00112233445566778899aabbccddeeff";
>> int keylen = 16;
>>
>> memset(buf, 'A', 10);
>> tfm = crypto_alloc_blkcipher("ecb(aes)", 0, CRYPTO_ALG_ASYNC);
>> crypto_blkcipher_setkey(tfm,key,keylen);
>> desc.tfm = tfm;
>> desc.flags = 1;
>> sg_init_one(&sg, buf, 10);
>> crypto_blkcipher_encrypt(&desc, &sg, &sg, 10);
>> sg_set_buf(&sg, buf,10);
>> hexdump(buf,10);
>>
>> The result of hexdump(buf) shows that 'buf' stay unchanged. What should
>> I do to encrypt the buffer?
> Crypto works differently that you probably think it does.
>
> First of all, NEVER NEVER NEVER NEVER NEVER NEVER NEVER use ecb mode. Open
> wikipedia to see why. This is one of the most basic mistakes you can make.
No one have told me that. I just pick up one mode randomly. Thanks for
the information.
> The reason why the you see plaintext is probably because the buffer size is
> not a multiple of you aes block size (16 bytes).
Yes, you're right. I'm glad that there is no more plaintext when I
simply modified the buffer size to 16.
> But I must admit that leaving
> the data unencrypted instead of e.g. zeroing it does not sound like a good api
> design to me...
>
> -Michi
I've checked something about ecb mode and cbc mode. I'm confused by the
iv. Is iv only for cbc mode?
How can I set up and initiate iv in the kernel? I don't know where to
find an example about this, just try-and-error.
Much thanks !
Freeman
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://lists.kernelnewbies.org/pipermail/kernelnewbies/attachments/20140615/49cdfce5/attachment.html
next prev parent reply other threads:[~2014-06-15 13:53 UTC|newest]
Thread overview: 4+ messages / expand[flat|nested] mbox.gz Atom feed top
2014-06-14 13:28 How to use kernel crypto Freeman Zhang
2014-06-15 6:42 ` michi1 at michaelblizek.twilightparadox.com
2014-06-15 13:53 ` Freeman Zhang [this message]
2014-06-15 16:58 ` michi1 at michaelblizek.twilightparadox.com
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=539DA572.9070900@gmail.com \
--to=freeman.zhang1992@gmail.com \
--cc=kernelnewbies@lists.kernelnewbies.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).