RE: RFC: Crypto API User-interface

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



Hi,

http://lwn.net/Articles/410848/
The following code is taken from the above page:

int main(void)
{
int opfd;
int tfmfd;
struct sockaddr_alg sa = {
.salg_family = AF_ALG,
.salg_type = "skcipher",
.salg_name = "cbc(aes)"
};
struct msghdr msg = {};
struct cmsghdr *cmsg;
char cbuf[CMSG_SPACE(4) + CMSG_SPACE(20)];
char buf[16];
struct af_alg_iv *iv;
struct iovec iov;
int i;
tfmfd = socket(AF_ALG, SOCK_SEQPACKET, 0);

bind(tfmfd, (struct sockaddr *)&sa, sizeof(sa));

setsockopt(tfmfd, SOL_ALG, ALG_SET_KEY,
  "\x06\xa9\x21\x40\x36\xb8\xa1\x5b"
  "\x51\x2e\x03\xd5\x34\x12\x00\x06", 16);

opfd = accept(tfmfd, NULL, 0);

msg.msg_control = cbuf;
msg.msg_controllen = sizeof(cbuf);

cmsg = CMSG_FIRSTHDR(&msg);
cmsg->cmsg_level = SOL_ALG;
cmsg->cmsg_type = ALG_SET_OP;
cmsg->cmsg_len = CMSG_LEN(4);
*(__u32 *)CMSG_DATA(cmsg) = ALG_OP_ENCRYPT;

cmsg = CMSG_NXTHDR(&msg, cmsg);
cmsg->cmsg_level = SOL_ALG;
cmsg->cmsg_type = ALG_SET_IV;
cmsg->cmsg_len = CMSG_LEN(20);
iv = (void *)CMSG_DATA(cmsg);
iv->ivlen = 16;
memcpy(iv->iv, "\x3d\xaf\xba\x42\x9d\x9e\xb4\x30"
      "\xb4\x22\xda\x80\x2c\x9f\xac\x41", 16);

iov.iov_base = "Single block msg";
iov.iov_len = 16;

msg.msg_iov = &iov;
msg.msg_iovlen = 1;

sendmsg(opfd, &msg, 0);
read(opfd, buf, 16);

for (i = 0; i < 16; i++) {
printf("%02x", (unsigned char)buf[i]);
}
printf("\n");
close(opfd);
close(tfmfd);

return 0;
}


Here the following small change is needed for this program to work:
memset(cbuf, 0, CMSG_SPACE(4) + CMSG_SPACE(20));
This memset is required otherwise the CMSG_NXTHDR  may return a NULL
causing a seg fault in the following line:
cmsg->cmsg_level = SOL_ALG;

I have tried this on 3.3.4-5.fc17.x86_64.

Posting this as it may help people who want to use/refer this example code.

However, can somebody please point me to some more examples which use
af_alg socket (without Openssl! as the af_alg engine for openssl
(http://src.carnivore.it/users/common/af_alg/) is incomplete
supporting only aes-cbc,sha1,sha2 only as of today. No other aes
variants supported in af_alg engine.)

I am particulart wanting to know how I can compute hmac and aes-xts or
ctr modes with af_alg without having to go via openssl.

~Jitendra
--
To unsubscribe from this list: send the line "unsubscribe linux-crypto" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at  http://vger.kernel.org/majordomo-info.html




[Index of Archives]     [Kernel]     [Gnu Classpath]     [Gnu Crypto]     [DM Crypt]     [Netfilter]     [Bugtraq]

  Powered by Linux