From mboxrd@z Thu Jan  1 00:00:00 1970
From: freeman.zhang1992@gmail.com (Freeman Zhang)
Date: Sun, 15 Jun 2014 21:53:54 +0800
Subject: How to use kernel crypto
In-Reply-To: <20140615064208.GA4444@grml>
References: <539C4E12.6000809@gmail.com> <20140615064208.GA4444@grml>
Message-ID: <539DA572.9070900@gmail.com>
To: kernelnewbies@lists.kernelnewbies.org
List-Id: kernelnewbies.lists.kernelnewbies.org

Hi Michi,

On 14:42 Sun 15 June, michi1 at michaelblizek.twilightparadox.com wrote:
> Hi!
>
> On 21:28 Sat 14 Jun     , Freeman Zhang wrote:
>> Hi list,
>>
>> Recently I'm learning to use kernel crypto. I find some examples but
>> they are out of date.
>> I manage to write a test program, trying to use aes to encrypt 'buf'
>> ,but something goes wrong:
>>
>> struct scatterlist sg;
>> struct crypto_blkcipher *tfm;
>> struct blkcipher_desc desc;
>> unsigned char buf[10];
>> char *key = "00112233445566778899aabbccddeeff";
>> int keylen = 16;
>>
>> memset(buf, 'A', 10);
>> tfm = crypto_alloc_blkcipher("ecb(aes)", 0, CRYPTO_ALG_ASYNC);
>> crypto_blkcipher_setkey(tfm,key,keylen);
>> desc.tfm = tfm;
>> desc.flags = 1;
>> sg_init_one(&sg, buf, 10);
>> crypto_blkcipher_encrypt(&desc, &sg, &sg, 10);
>> sg_set_buf(&sg, buf,10);
>> hexdump(buf,10);
>>
>> The result of hexdump(buf) shows that 'buf' stay unchanged. What should
>> I do to encrypt the buffer?
> Crypto works differently that you probably think it does.
>
> First of all, NEVER NEVER NEVER NEVER NEVER NEVER NEVER use ecb mode. Open
> wikipedia to see why. This is one of the most basic mistakes you can make.
No one have told me that. I just pick up one mode randomly. Thanks for
the information.
> The reason why the you see plaintext is probably because the buffer size is
> not a multiple of you aes block size (16 bytes). 
Yes, you're right. I'm glad that there is no more plaintext when I
simply modified the buffer size to 16.
> But I must admit that leaving
> the data unencrypted instead of e.g. zeroing it does not sound like a good api
> design to me...
>
> 	-Michi
I've checked something about ecb mode and cbc mode.  I'm confused by the
iv. Is iv only for cbc mode?
How can I set up and initiate iv in the kernel? I don't know where to
find an example about this, just try-and-error.


Much thanks !

Freeman
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://lists.kernelnewbies.org/pipermail/kernelnewbies/attachments/20140615/49cdfce5/attachment.html