How to use the cryptographic API (e.g. md5 checksum)?

How to use the cryptographic API (e.g. md5 checksum)?

[Arvid Brodin]

Hi,

I want to perform an md5 checksum on a process' text segment (I create a file
/proc/<pid>/text_checksum that, when read, should give the md5sum).

The crypto api documentation (Documentation/crypto/api-intro.txt) seems to be
quite lacking. The only example is:

	tfm = crypto_alloc_hash("md5", 0, CRYPTO_ALG_ASYNC);
	if (IS_ERR(tfm))
		fail();
                
        /* ... set up the scatterlists ... */

	desc.tfm = tfm;
	desc.flags = 0;
        
	if (crypto_hash_digest(&desc, sg, 2, result))
		fail();
        
	crypto_free_hash(tfm);

Looking at some existing code, I see usage of crypto_hash_init(),
crypto_hash_final(), desc.flag set to CRYPTO_TFM_REQ_MAY_SLEEP,
... (e.g. in fs/ecryptfs/crypto.c). Does anybody know what they do? Do I need
to, or should I, use them? The functions are are declared in include/linux/crypto.h
as some kind of wrapper functions, but lack documentation. Also, Google has not
been my friend here.

Thanks,
Arvid Brodin
Enea Services Stockholm AB

How to use the cryptographic API (e.g. md5 checksum)?

[Arvid Brodin]

Peter Teoh wrote:
> On Tue, May 24, 2011 at 6:43 AM, Arvid Brodin <arvid.brodin@enea.com> wrote:
>> Hi,
>>
>> I want to perform an md5 checksum on a process' text segment (I create a file
>> /proc/<pid>/text_checksum that, when read, should give the md5sum).
>>
>> The crypto api documentation (Documentation/crypto/api-intro.txt) seems to be
>> quite lacking. The only example is:
>>
>>        tfm = crypto_alloc_hash("md5", 0, CRYPTO_ALG_ASYNC);
>>        if (IS_ERR(tfm))
>>                fail();
>>
>>        /* ... set up the scatterlists ... */
>>
>>        desc.tfm = tfm;
>>        desc.flags = 0;
>>
>>        if (crypto_hash_digest(&desc, sg, 2, result))
>>                fail();
>>
>>        crypto_free_hash(tfm);
>>
>> Looking at some existing code, I see usage of crypto_hash_init(),
>> crypto_hash_final(), desc.flag set to CRYPTO_TFM_REQ_MAY_SLEEP,
>> ... (e.g. in fs/ecryptfs/crypto.c). Does anybody know what they do? Do I need
> 
> http://www.redhat.com/archives/dm-devel/2005-August/msg00058.html

Thanks, that explains the CRYPTO_TFM_REQ_MAY_SLEEP flag!


>> to, or should I, use them? The functions are are declared in include/linux/crypto.h
>> as some kind of wrapper functions, but lack documentation. Also, Google has not
>> been my friend here.
> 
> http://www.linuxjournal.com/article/6451?page=0,0


This link is one I've found before, and it really does not explain anything 
about the usage of crypto_hash_{digest,init,update,final}() as far as I can
see. So I'm still looking for help on this!


Thanks,
Arvid Brodin
Enea Services Stockholm AB

How to use the cryptographic API (e.g. md5 checksum)?

[Peter Teoh]

On Sat, May 28, 2011 at 6:03 AM, Arvid Brodin <arvid.brodin@enea.com> wrote:
> Peter Teoh wrote:
>> On Tue, May 24, 2011 at 6:43 AM, Arvid Brodin <arvid.brodin@enea.com> wrote:
>>> Hi,
>>>
>>> I want to perform an md5 checksum on a process' text segment (I create a file
>>> /proc/<pid>/text_checksum that, when read, should give the md5sum).
>>>
>>> The crypto api documentation (Documentation/crypto/api-intro.txt) seems to be
>>> quite lacking. The only example is:
>>>
>>> ? ? ? ?tfm = crypto_alloc_hash("md5", 0, CRYPTO_ALG_ASYNC);
>>> ? ? ? ?if (IS_ERR(tfm))
>>> ? ? ? ? ? ? ? ?fail();
>>>
>>> ? ? ? ?/* ... set up the scatterlists ... */
>>>
>>> ? ? ? ?desc.tfm = tfm;
>>> ? ? ? ?desc.flags = 0;
>>>
>>> ? ? ? ?if (crypto_hash_digest(&desc, sg, 2, result))
>>> ? ? ? ? ? ? ? ?fail();
>>>
>>> ? ? ? ?crypto_free_hash(tfm);
>>>
>>> Looking at some existing code, I see usage of crypto_hash_init(),
>>> crypto_hash_final(), desc.flag set to CRYPTO_TFM_REQ_MAY_SLEEP,
>>> ... (e.g. in fs/ecryptfs/crypto.c). Does anybody know what they do? Do I need
>>
>> http://www.redhat.com/archives/dm-devel/2005-August/msg00058.html
>
> Thanks, that explains the CRYPTO_TFM_REQ_MAY_SLEEP flag!
>
>
>>> to, or should I, use them? The functions are are declared in include/linux/crypto.h
>>> as some kind of wrapper functions, but lack documentation. Also, Google has not
>>> been my friend here.
>>
>> http://www.linuxjournal.com/article/6451?page=0,0
>
>
> This link is one I've found before, and it really does not explain anything
> about the usage of crypto_hash_{digest,init,update,final}() as far as I can
> see. So I'm still looking for help on this!
>
>
> Thanks,
> Arvid Brodin
> Enea Services Stockholm AB
>

As these function are just wrapper over the real crypto API, they have
nothing to do with md5.

It is not explained....I guess it is because they are self-explanatory
(eg "crypto_hash_digest()" is calculating digest from the hash etc).
I guess reading more crypto concept will help.

look into the crypto/tcrypt.c:do_test() - where usage of different
crypto scheme is shown (md5, sha1 etc).

read wiki:

http://en.wikipedia.org/wiki/MD5

and u know that the input is 16 bytes, which is what the
crypto/md5.c:md5_transform() is calculating:

static void md5_transform(u32 *hash, u32 const *in)

and understanding the above will finally help u to understand
md5_update(): which is calling md5_transform() repeatedly for each
block.   This also help to explain crypto_hash_update().

In its complete usage:

        for (start = jiffies, end = start + sec * HZ, bcount = 0;
             time_before(jiffies, end); bcount++) {
                ret = crypto_hash_init(desc);
                if (ret)
                        return ret;
                for (pcount = 0; pcount < blen; pcount += plen) {
                        ret = crypto_hash_update(desc, sg, plen);
                        if (ret)
                                return ret;
                }
                /* we assume there is enough space in 'out' for the result */
                ret = crypto_hash_final(desc, out);
                if (ret)
                        return ret;
        }

plen will correspond to the page by page of your text segment. (not
including the descriptor allocation part)

and another complete example of using all the API is in
test_hash_speed(): hash is allocated, calculated and finally freed.

I think more important is the method of the idea - not all the pages
of the text segment are loaded into the memory, and if u attempt to
access it in userspace, u will trigger a pagefault to load the text
segment into memory.   but if u attempt to access it in kernel mode
while it is not available.....hmmmmm......more info will be available
after debugging....

See page 24 of the following document:

EXECUTABLE WHITELISTS AND PROCESS AUTHENTICATION FOR PROTECTION

http://citeseerx.ist.psu.edu/viewdoc/download?doi=10.1.1.129.5235&rep=rep1&type=pdf

-- 
Regards,
Peter Teoh

How to use the cryptographic API (e.g. md5 checksum)?

[Peter Teoh]

this opensource application (in windows) does meet your requirements:

http://www.codeproject.com/KB/cpp/VerifyIntegrity.aspx

On Sat, May 28, 2011 at 10:22 AM, Peter Teoh <htmldeveloper@gmail.com> wrote:
> On Sat, May 28, 2011 at 6:03 AM, Arvid Brodin <arvid.brodin@enea.com> wrote:
>> Peter Teoh wrote:
>>> On Tue, May 24, 2011 at 6:43 AM, Arvid Brodin <arvid.brodin@enea.com> wrote:
>>>> Hi,
>>>>
>>>> I want to perform an md5 checksum on a process' text segment (I create a file
>>>> /proc/<pid>/text_checksum that, when read, should give the md5sum).
>>>>
>>>> The crypto api documentation (Documentation/crypto/api-intro.txt) seems to be
>>>> quite lacking. The only example is:
>>>>
>>>> ? ? ? ?tfm = crypto_alloc_hash("md5", 0, CRYPTO_ALG_ASYNC);
>>>> ? ? ? ?if (IS_ERR(tfm))
>>>> ? ? ? ? ? ? ? ?fail();
>>>>
>>>> ? ? ? ?/* ... set up the scatterlists ... */
>>>>
>>>> ? ? ? ?desc.tfm = tfm;
>>>> ? ? ? ?desc.flags = 0;
>>>>
>>>> ? ? ? ?if (crypto_hash_digest(&desc, sg, 2, result))
>>>> ? ? ? ? ? ? ? ?fail();
>>>>
>>>> ? ? ? ?crypto_free_hash(tfm);
>>>>
>>>> Looking at some existing code, I see usage of crypto_hash_init(),
>>>> crypto_hash_final(), desc.flag set to CRYPTO_TFM_REQ_MAY_SLEEP,
>>>> ... (e.g. in fs/ecryptfs/crypto.c). Does anybody know what they do? Do I need
>>>
>>> http://www.redhat.com/archives/dm-devel/2005-August/msg00058.html
>>
>> Thanks, that explains the CRYPTO_TFM_REQ_MAY_SLEEP flag!
>>
>>
>>>> to, or should I, use them? The functions are are declared in include/linux/crypto.h
>>>> as some kind of wrapper functions, but lack documentation. Also, Google has not
>>>> been my friend here.
>>>
>>> http://www.linuxjournal.com/article/6451?page=0,0
>>
>>
>> This link is one I've found before, and it really does not explain anything
>> about the usage of crypto_hash_{digest,init,update,final}() as far as I can
>> see. So I'm still looking for help on this!
>>
>>
>> Thanks,
>> Arvid Brodin
>> Enea Services Stockholm AB
>>
>
> As these function are just wrapper over the real crypto API, they have
> nothing to do with md5.
>
> It is not explained....I guess it is because they are self-explanatory
> (eg "crypto_hash_digest()" is calculating digest from the hash etc).
> I guess reading more crypto concept will help.
>
> look into the crypto/tcrypt.c:do_test() - where usage of different
> crypto scheme is shown (md5, sha1 etc).
>
> read wiki:
>
> http://en.wikipedia.org/wiki/MD5
>
> and u know that the input is 16 bytes, which is what the
> crypto/md5.c:md5_transform() is calculating:
>
> static void md5_transform(u32 *hash, u32 const *in)
>
> and understanding the above will finally help u to understand
> md5_update(): which is calling md5_transform() repeatedly for each
> block. ? This also help to explain crypto_hash_update().
>
> In its complete usage:
>
> ? ? ? ?for (start = jiffies, end = start + sec * HZ, bcount = 0;
> ? ? ? ? ? ? time_before(jiffies, end); bcount++) {
> ? ? ? ? ? ? ? ?ret = crypto_hash_init(desc);
> ? ? ? ? ? ? ? ?if (ret)
> ? ? ? ? ? ? ? ? ? ? ? ?return ret;
> ? ? ? ? ? ? ? ?for (pcount = 0; pcount < blen; pcount += plen) {
> ? ? ? ? ? ? ? ? ? ? ? ?ret = crypto_hash_update(desc, sg, plen);
> ? ? ? ? ? ? ? ? ? ? ? ?if (ret)
> ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ?return ret;
> ? ? ? ? ? ? ? ?}
> ? ? ? ? ? ? ? ?/* we assume there is enough space in 'out' for the result */
> ? ? ? ? ? ? ? ?ret = crypto_hash_final(desc, out);
> ? ? ? ? ? ? ? ?if (ret)
> ? ? ? ? ? ? ? ? ? ? ? ?return ret;
> ? ? ? ?}
>
> plen will correspond to the page by page of your text segment. (not
> including the descriptor allocation part)
>
> and another complete example of using all the API is in
> test_hash_speed(): hash is allocated, calculated and finally freed.
>
> I think more important is the method of the idea - not all the pages
> of the text segment are loaded into the memory, and if u attempt to
> access it in userspace, u will trigger a pagefault to load the text
> segment into memory. ? but if u attempt to access it in kernel mode
> while it is not available.....hmmmmm......more info will be available
> after debugging....
>
> See page 24 of the following document:
>
> EXECUTABLE WHITELISTS AND PROCESS AUTHENTICATION FOR PROTECTION
>
> http://citeseerx.ist.psu.edu/viewdoc/download?doi=10.1.1.129.5235&rep=rep1&type=pdf
>
> --
> Regards,
> Peter Teoh
>



-- 
Regards,
Peter Teoh