Hello,
I tried few combinations of algorithms:
1. skcipher = crypto_alloc_skcipher("aes", 0, 0);
could not allocate skcipher handle: -2
lsmod:
aes_i586 20480 0
2. skcipher = crypto_alloc_skcipher("cbc(aes)", 0, 0);
So here all allocations work but,
in test_skcipher_encdec this log:
skcipher encrypt returned with -22 result -224149504
and lsmod:
xcbc 16384 0
So the second algo option at-least makes allocations but in the
encrypt function throws error:
crypto_skcipher_encrypt(sk->req);
Please suggest what may be going wrong.
I am posting my code as well in case I may have made some mistakes in
length of key, iv, input data, output data. etc.
I have not modified the APIs from the sample, only the driver function
test_skcipher.
struct skcipher_def sk;
struct crypto_skcipher *skcipher = NULL;
struct skcipher_request *req = NULL;
char *scratchpad = NULL;
char *ivdata = NULL;
unsigned char key[32];
int ret = -EFAULT;
skcipher = crypto_alloc_skcipher("cbc(aes)", 0, 0);
if(IS_ERR(skcipher)) {
ret = PTR_ERR(skcipher);
pr_err("could not allocate skcipher handle: %d\n", ret);
goto CIPHERFAIL;
}
ret = 0;
req = skcipher_request_alloc(skcipher, GFP_KERNEL);
if(IS_ERR(req)) {
ret = PTR_ERR(req);
pr_err("could not allocate request queue: %d\n", ret);
goto CIPHERFAIL;
}
skcipher_request_set_callback(req, CRYPTO_TFM_REQ_MAY_BACKLOG,
test_skcipher_cb, &sk.result);
//AES 256 with random bytes
get_random_bytes(&key, 32);
if(crypto_skcipher_setkey(skcipher, key, 32)){
pr_err("Key could not be set\n");
goto CIPHERFAIL;
}
//Initialization vector
ivdata = kmalloc(16, GFP_KERNEL);
if (!ivdata) {
pr_err("Could not allocate ivadata\n");
goto CIPHERFAIL;
}
get_random_bytes(ivdata, 16);
// FIll the data you want to encrypt
strcpy(dataptr, "12345678901234567890");
sk.tfm = skcipher;
sk.req = req;
//We encrypt one block of data
sg_init_one(&sk.sg, dataptr, 20);
skcipher_request_set_crypt(req, &sk.sg, &sk.sg, 20, ivdata);
init_completion(&sk.result.completion);
//Encrypt data
ret = test_skcipher_encdec(&sk, 1);
if(ret){
pr_err("Encryption failed...somehow :(: %d\n", ret);
goto CIPHERFAIL;
}
else{
pr_err("Encryption done op: %s\n", dataptr);
return;
}
CIPHERFAIL:
if(!IS_ERR(skcipher)){
pr_err("NO_ERR: Normal skcipher cleaning\n");
crypto_free_skcipher(skcipher);
}
if(!IS_ERR(req)){
pr_err("NO_ERR: REQ: Reached here because something
else failed\n");
skcipher_request_free(req);
}
if(!IS_ERR(ivdata)){
pr_err("NO_ERR: IV: Reched here because something else
failed\n");
kfree(ivdata);
}
if(!IS_ERR(scratchpad)){
pr_err("NO_ERR: scratch: reached here because
something else failed\n");
kfree(scratchpad);
}
Thanks
On Mon, May 2, 2016 at 9:03 PM, Stephan Mueller <[email protected]> wrote:
> Am Montag, 2. Mai 2016, 21:00:25 schrieb Gadre Nayan:
>
> Hi Gadre,
>
>> Hi Stephan,
>>
>> I checked modinfo aesni_intel:
>> filename: /lib/modules/4.5.0/kernel/arch/x86/crypto/aesni-intel.ko
>> alias: crypto-aes
>> alias: aes
>> license: GPL
>> description: Rijndael (AES) Cipher Algorithm, Intel AES-NI
>> instructions optimized
>> alias: crypto-fpu
>> alias: fpu
>> srcversion: 55C6346DCF663DDD74D3F13
>> alias: cpu:type:x86,ven*fam*mod*:feature:*0099*
>> depends: xts,aes-i586,lrw,ablk_helper
>> intree: Y
>> vermagic: 4.5.0 SMP mod_unload modversions 686
>>
>> when I do modprobe crypto-aes,
>> modprobe: ERROR: could not insert 'aesni_intel': No such device
>> modprobe: ERROR: could not insert 'padlock_aes': No such device
>
> Well, maybe your CPU does not have AES-NI?
>
> Besides, why fiddle around with special implementations? Simply use the
> standard names of, say, "aes" and let the kernel crypto API do its magic to
> find the fastest implementation for your system?
>>
>> I have these modules: xts,aes-i586,lrw,ablk_helper loaded as well (
>> the dependencies).
>
> Well, a 32 bit system does not have AES-NI support.
>>
>> I think I am still missing something. Any hardware feature. Or some
>> other module is using some IRQ or region which is not shared.
>>
>> Thanks.
>> Nayan Gadre.
>>
>> On Mon, May 2, 2016 at 11:21 AM, Stephan Mueller <[email protected]>
> wrote:
>> > Am Montag, 2. Mai 2016, 11:14:01 schrieb Gadre Nayan:
>> >
>> > Hi Gadre,
>> >
>> >> Hello,
>> >>
>> >> I have read the crypto library documentation on chronox.de.
>> >>
>> >> I used there sample code for symmetric key cipher operation.
>> >> However in the check:
>> >>
>> >> skcipher = crypto_alloc_skcipher("cbc-aes-aesni", 0, 0);
>> >> if (IS_ERR(skcipher)) {
>> >> pr_info("could not allocate skcipher handle\n");
>> >> return PTR_ERR(skcipher);
>> >> }
>> >>
>> >> I get could not allocate skcipher handle.
>> >>
>> >> I have loaded all possible related modules for crypto:
>> >> lsmod (relevant):
>> >> algif_skcipher 32768 0
>> >> algif_hash 20480 0
>> >> algif_aead 20480 0
>> >> af_alg 24576 3 algif_aead,algif_hash,algif_skcipher
>> >> cryptd
>> >> ablk_helper.
>> >>
>> >> What am I missing here?
>> >>
>> >> Also IS_ERR checks if the skcipher value may be <1000, it may include
>> >> the NULL check right?.
>> >
>> > The allocation of the cipher failed. Please check /proc/crypto whether you
>> > have the cipher registered with the kernel crypto API.
>> >
>> > The module listing does not show the AESNI cipher module.
>> >
>> > Ciao
>> > Stephan
>>
>> --
>> To unsubscribe from this list: send the line "unsubscribe linux-crypto" in
>> the body of a message to [email protected]
>> More majordomo info at http://vger.kernel.org/majordomo-info.html
>
>
> Ciao
> Stephan
--
To unsubscribe from this list: send the line "unsubscribe linux-crypto" in
the body of a message to [email protected]
More majordomo info at http://vger.kernel.org/majordomo-info.html
