Am Dienstag, 3. Mai 2016, 10:34:01 schrieb Gadre Nayan:
Hi Gadre,
> Hello,
>
> I tried few combinations of algorithms:
>
> 1. skcipher = crypto_alloc_skcipher("aes", 0, 0);
>
> could not allocate skcipher handle: -2
> lsmod:
> aes_i586 20480 0
Please read the documentation and compare it with /proc/crypto: skcipher does
not work with the raw AES, but only with a block chaining mode as below.
>
> 2. skcipher = crypto_alloc_skcipher("cbc(aes)", 0, 0);
>
> So here all allocations work but,
> in test_skcipher_encdec this log:
> skcipher encrypt returned with -22 result -224149504
Error code is -EINVAL, so you provided wrong data.
>
> and lsmod:
> xcbc 16384 0
Please forget lsmod, /proc/crypto provides you with the information (excluding
the permutations with the available block chaining modes).
>
> So the second algo option at-least makes allocations but in the
> encrypt function throws error:
> crypto_skcipher_encrypt(sk->req);
>
> Please suggest what may be going wrong.
>
> I am posting my code as well in case I may have made some mistakes in
> length of key, iv, input data, output data. etc.
>
> I have not modified the APIs from the sample, only the driver function
> test_skcipher.
>
> struct skcipher_def sk;
> struct crypto_skcipher *skcipher = NULL;
> struct skcipher_request *req = NULL;
> char *scratchpad = NULL;
> char *ivdata = NULL;
> unsigned char key[32];
> int ret = -EFAULT;
>
> skcipher = crypto_alloc_skcipher("cbc(aes)", 0, 0);
try CRYPTO_ALG_ASYNC as the last argument, otherwise you have a sync cipher
that whould not work with the async API.
> if(IS_ERR(skcipher)) {
> ret = PTR_ERR(skcipher);
> pr_err("could not allocate skcipher handle: %d\n", ret);
> goto CIPHERFAIL;
> }
> ret = 0;
> req = skcipher_request_alloc(skcipher, GFP_KERNEL);
> if(IS_ERR(req)) {
> ret = PTR_ERR(req);
> pr_err("could not allocate request queue: %d\n", ret);
> goto CIPHERFAIL;
> }
>
> skcipher_request_set_callback(req, CRYPTO_TFM_REQ_MAY_BACKLOG,
> test_skcipher_cb, &sk.result);
>
> //AES 256 with random bytes
> get_random_bytes(&key, 32);
> if(crypto_skcipher_setkey(skcipher, key, 32)){
> pr_err("Key could not be set\n");
> goto CIPHERFAIL;
> }
>
> //Initialization vector
> ivdata = kmalloc(16, GFP_KERNEL);
> if (!ivdata) {
> pr_err("Could not allocate ivadata\n");
> goto CIPHERFAIL;
> }
> get_random_bytes(ivdata, 16);
>
> // FIll the data you want to encrypt
> strcpy(dataptr, "12345678901234567890");
> sk.tfm = skcipher;
> sk.req = req;
>
> //We encrypt one block of data
> sg_init_one(&sk.sg, dataptr, 20);
> skcipher_request_set_crypt(req, &sk.sg, &sk.sg, 20, ivdata);
> init_completion(&sk.result.completion);
>
> //Encrypt data
> ret = test_skcipher_encdec(&sk, 1);
> if(ret){
> pr_err("Encryption failed...somehow :(: %d\n", ret);
> goto CIPHERFAIL;
> }
> else{
> pr_err("Encryption done op: %s\n", dataptr);
> return;
> }
>
> CIPHERFAIL:
> if(!IS_ERR(skcipher)){
> pr_err("NO_ERR: Normal skcipher cleaning\n");
> crypto_free_skcipher(skcipher);
> }
> if(!IS_ERR(req)){
> pr_err("NO_ERR: REQ: Reached here because something
> else failed\n");
> skcipher_request_free(req);
> }
> if(!IS_ERR(ivdata)){
> pr_err("NO_ERR: IV: Reched here because something else
> failed\n");
> kfree(ivdata);
> }
> if(!IS_ERR(scratchpad)){
> pr_err("NO_ERR: scratch: reached here because
> something else failed\n");
> kfree(scratchpad);
> }
>
> Thanks
>
> On Mon, May 2, 2016 at 9:03 PM, Stephan Mueller <smueller@xxxxxxxxxx> wrote:
> > Am Montag, 2. Mai 2016, 21:00:25 schrieb Gadre Nayan:
> >
> > Hi Gadre,
> >
> >> Hi Stephan,
> >>
> >> I checked modinfo aesni_intel:
> >> filename: /lib/modules/4.5.0/kernel/arch/x86/crypto/aesni-intel.ko
> >> alias: crypto-aes
> >> alias: aes
> >> license: GPL
> >> description: Rijndael (AES) Cipher Algorithm, Intel AES-NI
> >> instructions optimized
> >> alias: crypto-fpu
> >> alias: fpu
> >> srcversion: 55C6346DCF663DDD74D3F13
> >> alias: cpu:type:x86,ven*fam*mod*:feature:*0099*
> >> depends: xts,aes-i586,lrw,ablk_helper
> >> intree: Y
> >> vermagic: 4.5.0 SMP mod_unload modversions 686
> >>
> >> when I do modprobe crypto-aes,
> >> modprobe: ERROR: could not insert 'aesni_intel': No such device
> >> modprobe: ERROR: could not insert 'padlock_aes': No such device
> >
> > Well, maybe your CPU does not have AES-NI?
> >
> > Besides, why fiddle around with special implementations? Simply use the
> > standard names of, say, "aes" and let the kernel crypto API do its magic
> > to
> > find the fastest implementation for your system?
> >
> >> I have these modules: xts,aes-i586,lrw,ablk_helper loaded as well (
> >> the dependencies).
> >
> > Well, a 32 bit system does not have AES-NI support.
> >
> >> I think I am still missing something. Any hardware feature. Or some
> >> other module is using some IRQ or region which is not shared.
> >>
> >> Thanks.
> >> Nayan Gadre.
> >>
> >> On Mon, May 2, 2016 at 11:21 AM, Stephan Mueller <smueller@xxxxxxxxxx>
> >
> > wrote:
> >> > Am Montag, 2. Mai 2016, 11:14:01 schrieb Gadre Nayan:
> >> >
> >> > Hi Gadre,
> >> >
> >> >> Hello,
> >> >>
> >> >> I have read the crypto library documentation on chronox.de.
> >> >>
> >> >> I used there sample code for symmetric key cipher operation.
> >> >> However in the check:
> >> >>
> >> >> skcipher = crypto_alloc_skcipher("cbc-aes-aesni", 0, 0);
> >> >> if (IS_ERR(skcipher)) {
> >> >> pr_info("could not allocate skcipher handle\n");
> >> >> return PTR_ERR(skcipher);
> >> >> }
> >> >>
> >> >> I get could not allocate skcipher handle.
> >> >>
> >> >> I have loaded all possible related modules for crypto:
> >> >> lsmod (relevant):
> >> >> algif_skcipher 32768 0
> >> >> algif_hash 20480 0
> >> >> algif_aead 20480 0
> >> >> af_alg 24576 3 algif_aead,algif_hash,algif_skcipher
> >> >> cryptd
> >> >> ablk_helper.
> >> >>
> >> >> What am I missing here?
> >> >>
> >> >> Also IS_ERR checks if the skcipher value may be <1000, it may include
> >> >> the NULL check right?.
> >> >
> >> > The allocation of the cipher failed. Please check /proc/crypto whether
> >> > you
> >> > have the cipher registered with the kernel crypto API.
> >> >
> >> > The module listing does not show the AESNI cipher module.
> >> >
> >> > Ciao
> >> > Stephan
> >>
> >> --
> >> To unsubscribe from this list: send the line "unsubscribe linux-crypto"
> >> in
> >> the body of a message to majordomo@xxxxxxxxxxxxxxx
> >> More majordomo info at http://vger.kernel.org/majordomo-info.html
> >
> > Ciao
> > Stephan
>
> --
> To unsubscribe from this list: send the line "unsubscribe linux-crypto" in
> the body of a message to majordomo@xxxxxxxxxxxxxxx
> More majordomo info at http://vger.kernel.org/majordomo-info.html
Ciao
Stephan
--
To unsubscribe from this list: send the line "unsubscribe linux-crypto" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at http://vger.kernel.org/majordomo-info.html
