Hello, I tried few combinations of algorithms: 1. skcipher = crypto_alloc_skcipher("aes", 0, 0); could not allocate skcipher handle: -2 lsmod: aes_i586 20480 0 2. skcipher = crypto_alloc_skcipher("cbc(aes)", 0, 0); So here all allocations work but, in test_skcipher_encdec this log: skcipher encrypt returned with -22 result -224149504 and lsmod: xcbc 16384 0 So the second algo option at-least makes allocations but in the encrypt function throws error: crypto_skcipher_encrypt(sk->req); Please suggest what may be going wrong. I am posting my code as well in case I may have made some mistakes in length of key, iv, input data, output data. etc. I have not modified the APIs from the sample, only the driver function test_skcipher. struct skcipher_def sk; struct crypto_skcipher *skcipher = NULL; struct skcipher_request *req = NULL; char *scratchpad = NULL; char *ivdata = NULL; unsigned char key[32]; int ret = -EFAULT; skcipher = crypto_alloc_skcipher("cbc(aes)", 0, 0); if(IS_ERR(skcipher)) { ret = PTR_ERR(skcipher); pr_err("could not allocate skcipher handle: %d\n", ret); goto CIPHERFAIL; } ret = 0; req = skcipher_request_alloc(skcipher, GFP_KERNEL); if(IS_ERR(req)) { ret = PTR_ERR(req); pr_err("could not allocate request queue: %d\n", ret); goto CIPHERFAIL; } skcipher_request_set_callback(req, CRYPTO_TFM_REQ_MAY_BACKLOG, test_skcipher_cb, &sk.result); //AES 256 with random bytes get_random_bytes(&key, 32); if(crypto_skcipher_setkey(skcipher, key, 32)){ pr_err("Key could not be set\n"); goto CIPHERFAIL; } //Initialization vector ivdata = kmalloc(16, GFP_KERNEL); if (!ivdata) { pr_err("Could not allocate ivadata\n"); goto CIPHERFAIL; } get_random_bytes(ivdata, 16); // FIll the data you want to encrypt strcpy(dataptr, "12345678901234567890"); sk.tfm = skcipher; sk.req = req; //We encrypt one block of data sg_init_one(&sk.sg, dataptr, 20); skcipher_request_set_crypt(req, &sk.sg, &sk.sg, 20, ivdata); init_completion(&sk.result.completion); //Encrypt data ret = test_skcipher_encdec(&sk, 1); if(ret){ pr_err("Encryption failed...somehow :(: %d\n", ret); goto CIPHERFAIL; } else{ pr_err("Encryption done op: %s\n", dataptr); return; } CIPHERFAIL: if(!IS_ERR(skcipher)){ pr_err("NO_ERR: Normal skcipher cleaning\n"); crypto_free_skcipher(skcipher); } if(!IS_ERR(req)){ pr_err("NO_ERR: REQ: Reached here because something else failed\n"); skcipher_request_free(req); } if(!IS_ERR(ivdata)){ pr_err("NO_ERR: IV: Reched here because something else failed\n"); kfree(ivdata); } if(!IS_ERR(scratchpad)){ pr_err("NO_ERR: scratch: reached here because something else failed\n"); kfree(scratchpad); } Thanks On Mon, May 2, 2016 at 9:03 PM, Stephan Mueller <smueller@xxxxxxxxxx> wrote: > Am Montag, 2. Mai 2016, 21:00:25 schrieb Gadre Nayan: > > Hi Gadre, > >> Hi Stephan, >> >> I checked modinfo aesni_intel: >> filename: /lib/modules/4.5.0/kernel/arch/x86/crypto/aesni-intel.ko >> alias: crypto-aes >> alias: aes >> license: GPL >> description: Rijndael (AES) Cipher Algorithm, Intel AES-NI >> instructions optimized >> alias: crypto-fpu >> alias: fpu >> srcversion: 55C6346DCF663DDD74D3F13 >> alias: cpu:type:x86,ven*fam*mod*:feature:*0099* >> depends: xts,aes-i586,lrw,ablk_helper >> intree: Y >> vermagic: 4.5.0 SMP mod_unload modversions 686 >> >> when I do modprobe crypto-aes, >> modprobe: ERROR: could not insert 'aesni_intel': No such device >> modprobe: ERROR: could not insert 'padlock_aes': No such device > > Well, maybe your CPU does not have AES-NI? > > Besides, why fiddle around with special implementations? Simply use the > standard names of, say, "aes" and let the kernel crypto API do its magic to > find the fastest implementation for your system? >> >> I have these modules: xts,aes-i586,lrw,ablk_helper loaded as well ( >> the dependencies). > > Well, a 32 bit system does not have AES-NI support. >> >> I think I am still missing something. Any hardware feature. Or some >> other module is using some IRQ or region which is not shared. >> >> Thanks. >> Nayan Gadre. >> >> On Mon, May 2, 2016 at 11:21 AM, Stephan Mueller <smueller@xxxxxxxxxx> > wrote: >> > Am Montag, 2. Mai 2016, 11:14:01 schrieb Gadre Nayan: >> > >> > Hi Gadre, >> > >> >> Hello, >> >> >> >> I have read the crypto library documentation on chronox.de. >> >> >> >> I used there sample code for symmetric key cipher operation. >> >> However in the check: >> >> >> >> skcipher = crypto_alloc_skcipher("cbc-aes-aesni", 0, 0); >> >> if (IS_ERR(skcipher)) { >> >> pr_info("could not allocate skcipher handle\n"); >> >> return PTR_ERR(skcipher); >> >> } >> >> >> >> I get could not allocate skcipher handle. >> >> >> >> I have loaded all possible related modules for crypto: >> >> lsmod (relevant): >> >> algif_skcipher 32768 0 >> >> algif_hash 20480 0 >> >> algif_aead 20480 0 >> >> af_alg 24576 3 algif_aead,algif_hash,algif_skcipher >> >> cryptd >> >> ablk_helper. >> >> >> >> What am I missing here? >> >> >> >> Also IS_ERR checks if the skcipher value may be <1000, it may include >> >> the NULL check right?. >> > >> > The allocation of the cipher failed. Please check /proc/crypto whether you >> > have the cipher registered with the kernel crypto API. >> > >> > The module listing does not show the AESNI cipher module. >> > >> > Ciao >> > Stephan >> >> -- >> To unsubscribe from this list: send the line "unsubscribe linux-crypto" in >> the body of a message to majordomo@xxxxxxxxxxxxxxx >> More majordomo info at http://vger.kernel.org/majordomo-info.html > > > Ciao > Stephan -- To unsubscribe from this list: send the line "unsubscribe linux-crypto" in the body of a message to majordomo@xxxxxxxxxxxxxxx More majordomo info at http://vger.kernel.org/majordomo-info.html