CODEWITHSUNDEEP
ckernelkernel-modulecryptoapi
Roman
Roman

Reputation: 53

Linux Kernel Crypto API

I''m try to make simple kernel module with using Linux Kernel Crypto API.
I've got the example from https://www.kernel.org/doc/html/v4.17/crypto/api-samples.html (Code Example For Symmetric Key Cipher Operation )

My problem is variable "scratchpad" (Input date) is the same value before and after launching it.
Also bracnh is never used:

if (rc)
        pr_info("skcipher encrypt returned with result %d\n", rc);

I'm sure doing something wrong?

Upvotes: 1

Views: 1474

Answers (1)

seldak
seldak

Reputation: 291

Regarding the first part of the question:

My problem is variable "scratchpad" (Input date) is the same value before and after launching it.

Since you are attempting to cipher in-place by passing the same scatter/gather list as a destination, this is a problem. They should not be the same.

To debug, you can:

  1. Try other algorithms. I see from your /proc/crypto file that you have __cbc-aes-aesni. You may want to try that and others, to test the logic of your module.
  2. Try cryptodev from userspace (/dev/crypto). It makes debugging much easier, by using cryptodev tests and examining dmesg. Adding enable_stats=1 to module options also helps. When your application is stable on userspace, it's up to you to go back to the kernel.

For the second part:

Also bracnh is never used:

if (rc)
       pr_info("skcipher encrypt returned with result %d\n", rc);

I would say this is not a problem.

Following the code sequence (referencing same kernel version v4.17 as your documentation link):

  1. crypto_wait_req takes an error code, in our case passed by crypto_skcipher_encrypt(). Unless the error is -EBUSY or -EINPROGRESS, this error code is returned to rc, and zero is perfectly normal.
  2. In turn, crypto_skcipher_encrypt returns 0 if the cipher operation was successful; < 0 if an error occurred. Since you've set a key, 0 should be returned.
  3. I'll reference Intel's __cbc-aes-aesni as the driver. Checking cbc_encrypt(), you can see zero is the return value on success, as evidenced in the return value of skcipher_walk_done() in successful state.

Thus it is expected behaviour on successful operation that the branch is not called.

Upvotes: 0

Related Questions