From: htmldeveloper@gmail.com (Peter Teoh)
To: kernelnewbies@lists.kernelnewbies.org
Subject: How to use the cryptographic API (e.g. md5 checksum)?
Date: Sat, 28 May 2011 10:42:13 +0800 [thread overview]
Message-ID: <BANLkTik=i2HgXMg6g8KyiEfsg48NXue8FQ@mail.gmail.com> (raw)
In-Reply-To: <BANLkTimGdkt1-VjPumXMaY5wk6rbKQJKeQ@mail.gmail.com>
this opensource application (in windows) does meet your requirements:
http://www.codeproject.com/KB/cpp/VerifyIntegrity.aspx
On Sat, May 28, 2011 at 10:22 AM, Peter Teoh <htmldeveloper@gmail.com> wrote:
> On Sat, May 28, 2011 at 6:03 AM, Arvid Brodin <arvid.brodin@enea.com> wrote:
>> Peter Teoh wrote:
>>> On Tue, May 24, 2011 at 6:43 AM, Arvid Brodin <arvid.brodin@enea.com> wrote:
>>>> Hi,
>>>>
>>>> I want to perform an md5 checksum on a process' text segment (I create a file
>>>> /proc/<pid>/text_checksum that, when read, should give the md5sum).
>>>>
>>>> The crypto api documentation (Documentation/crypto/api-intro.txt) seems to be
>>>> quite lacking. The only example is:
>>>>
>>>> ? ? ? ?tfm = crypto_alloc_hash("md5", 0, CRYPTO_ALG_ASYNC);
>>>> ? ? ? ?if (IS_ERR(tfm))
>>>> ? ? ? ? ? ? ? ?fail();
>>>>
>>>> ? ? ? ?/* ... set up the scatterlists ... */
>>>>
>>>> ? ? ? ?desc.tfm = tfm;
>>>> ? ? ? ?desc.flags = 0;
>>>>
>>>> ? ? ? ?if (crypto_hash_digest(&desc, sg, 2, result))
>>>> ? ? ? ? ? ? ? ?fail();
>>>>
>>>> ? ? ? ?crypto_free_hash(tfm);
>>>>
>>>> Looking at some existing code, I see usage of crypto_hash_init(),
>>>> crypto_hash_final(), desc.flag set to CRYPTO_TFM_REQ_MAY_SLEEP,
>>>> ... (e.g. in fs/ecryptfs/crypto.c). Does anybody know what they do? Do I need
>>>
>>> http://www.redhat.com/archives/dm-devel/2005-August/msg00058.html
>>
>> Thanks, that explains the CRYPTO_TFM_REQ_MAY_SLEEP flag!
>>
>>
>>>> to, or should I, use them? The functions are are declared in include/linux/crypto.h
>>>> as some kind of wrapper functions, but lack documentation. Also, Google has not
>>>> been my friend here.
>>>
>>> http://www.linuxjournal.com/article/6451?page=0,0
>>
>>
>> This link is one I've found before, and it really does not explain anything
>> about the usage of crypto_hash_{digest,init,update,final}() as far as I can
>> see. So I'm still looking for help on this!
>>
>>
>> Thanks,
>> Arvid Brodin
>> Enea Services Stockholm AB
>>
>
> As these function are just wrapper over the real crypto API, they have
> nothing to do with md5.
>
> It is not explained....I guess it is because they are self-explanatory
> (eg "crypto_hash_digest()" is calculating digest from the hash etc).
> I guess reading more crypto concept will help.
>
> look into the crypto/tcrypt.c:do_test() - where usage of different
> crypto scheme is shown (md5, sha1 etc).
>
> read wiki:
>
> http://en.wikipedia.org/wiki/MD5
>
> and u know that the input is 16 bytes, which is what the
> crypto/md5.c:md5_transform() is calculating:
>
> static void md5_transform(u32 *hash, u32 const *in)
>
> and understanding the above will finally help u to understand
> md5_update(): which is calling md5_transform() repeatedly for each
> block. ? This also help to explain crypto_hash_update().
>
> In its complete usage:
>
> ? ? ? ?for (start = jiffies, end = start + sec * HZ, bcount = 0;
> ? ? ? ? ? ? time_before(jiffies, end); bcount++) {
> ? ? ? ? ? ? ? ?ret = crypto_hash_init(desc);
> ? ? ? ? ? ? ? ?if (ret)
> ? ? ? ? ? ? ? ? ? ? ? ?return ret;
> ? ? ? ? ? ? ? ?for (pcount = 0; pcount < blen; pcount += plen) {
> ? ? ? ? ? ? ? ? ? ? ? ?ret = crypto_hash_update(desc, sg, plen);
> ? ? ? ? ? ? ? ? ? ? ? ?if (ret)
> ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ?return ret;
> ? ? ? ? ? ? ? ?}
> ? ? ? ? ? ? ? ?/* we assume there is enough space in 'out' for the result */
> ? ? ? ? ? ? ? ?ret = crypto_hash_final(desc, out);
> ? ? ? ? ? ? ? ?if (ret)
> ? ? ? ? ? ? ? ? ? ? ? ?return ret;
> ? ? ? ?}
>
> plen will correspond to the page by page of your text segment. (not
> including the descriptor allocation part)
>
> and another complete example of using all the API is in
> test_hash_speed(): hash is allocated, calculated and finally freed.
>
> I think more important is the method of the idea - not all the pages
> of the text segment are loaded into the memory, and if u attempt to
> access it in userspace, u will trigger a pagefault to load the text
> segment into memory. ? but if u attempt to access it in kernel mode
> while it is not available.....hmmmmm......more info will be available
> after debugging....
>
> See page 24 of the following document:
>
> EXECUTABLE WHITELISTS AND PROCESS AUTHENTICATION FOR PROTECTION
>
> http://citeseerx.ist.psu.edu/viewdoc/download?doi=10.1.1.129.5235&rep=rep1&type=pdf
>
> --
> Regards,
> Peter Teoh
>
--
Regards,
Peter Teoh
prev parent reply other threads:[~2011-05-28 2:42 UTC|newest]
Thread overview: 4+ messages / expand[flat|nested] mbox.gz Atom feed top
2011-05-23 22:43 How to use the cryptographic API (e.g. md5 checksum)? Arvid Brodin
[not found] ` <BANLkTikOxAvGQFiXxGXsDQvpHefO1EtVMA@mail.gmail.com>
2011-05-27 22:03 ` Arvid Brodin
2011-05-28 2:22 ` Peter Teoh
2011-05-28 2:42 ` Peter Teoh [this message]
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to='BANLkTik=i2HgXMg6g8KyiEfsg48NXue8FQ@mail.gmail.com' \
--to=htmldeveloper@gmail.com \
--cc=kernelnewbies@lists.kernelnewbies.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).