ホーム エクスプローラ ヘルプ
登録 サインイン
jeremy
/
lkmpg
同期ミラー https://github.com/sysprog21/lkmpg
1
0
フォーク 0
ファイル 課題 0 Wiki
ソースを参照

Remove the crypto section due to poor maintenance

The past content in the crypto section lacks informative descriptions,
and there should be a proper procedure to demonstrate how Linux
cryptography works. Due to poor maintenance, let's drop the section.
Jim Huang 1 年間 前
1d38d2ed19
コミット
f5893d8140
4 ファイル変更0 行追加306 行削除
分割表示 差分情報を表示
  1. 0 2
      examples/Makefile
  2. 0 68
      examples/cryptosha256.c
  3. 0 199
      examples/cryptosk.c
  4. 0 37
      lkmpg.tex

+ 0 - 2
examples/Makefile
ファイルの表示 

@@ -18,8 +18,6 @@ obj-m += sched.o
 
 obj-m += chardev2.o
 
 obj-m += syscall-steal.o
 
 obj-m += intrpt.o
 
-obj-m += cryptosha256.o
 
-obj-m += cryptosk.o
 
 obj-m += completions.o
 
 obj-m += example_tasklet.o
 
 obj-m += devicemodel.o

+ 0 - 68
examples/cryptosha256.c
ファイルの表示 

@@ -1,68 +0,0 @@
 
-/*
 
- * cryptosha256.c
 
- */
 
-#include <crypto/internal/hash.h>
 
-#include <linux/module.h>
 
-
 
-#define SHA256_LENGTH 32
 
-
 
-static void show_hash_result(char *plaintext, char *hash_sha256)
 
-{
 
-    int i;
 
-    char str[SHA256_LENGTH * 2 + 1];
 
-
 
-    pr_info("sha256 test for string: \"%s\"\n", plaintext);
 
-    for (i = 0; i < SHA256_LENGTH; i++)
 
-        sprintf(&str[i * 2], "%02x", (unsigned char)hash_sha256[i]);
 
-    str[i * 2] = 0;
 
-    pr_info("%s\n", str);
 
-}
 
-
 
-static int __init cryptosha256_init(void)
 
-{
 
-    char *plaintext = "This is a test";
 
-    char hash_sha256[SHA256_LENGTH];
 
-    struct crypto_shash *sha256;
 
-    struct shash_desc *shash;
 
-
 
-    sha256 = crypto_alloc_shash("sha256", 0, 0);
 
-    if (IS_ERR(sha256)) {
 
-        pr_err(
 
-            "%s(): Failed to allocate sha256 algorithm, enable CONFIG_CRYPTO_SHA256 and try again.\n",
 
-            __func__);
 
-        return -1;
 
-    }
 
-
 
-    shash = kmalloc(sizeof(struct shash_desc) + crypto_shash_descsize(sha256),
 
-                    GFP_KERNEL);
 
-    if (!shash)
 
-        return -ENOMEM;
 
-
 
-    shash->tfm = sha256;
 
-
 
-    if (crypto_shash_init(shash))
 
-        return -1;
 
-
 
-    if (crypto_shash_update(shash, plaintext, strlen(plaintext)))
 
-        return -1;
 
-
 
-    if (crypto_shash_final(shash, hash_sha256))
 
-        return -1;
 
-
 
-    kfree(shash);
 
-    crypto_free_shash(sha256);
 
-
 
-    show_hash_result(plaintext, hash_sha256);
 
-
 
-    return 0;
 
-}
 
-
 
-static void __exit cryptosha256_exit(void)
 
-{
 
-}
 
-
 
-module_init(cryptosha256_init);
 
-module_exit(cryptosha256_exit);
 
-
 
-MODULE_DESCRIPTION("sha256 hash test");
 
-MODULE_LICENSE("GPL");

+ 0 - 199
examples/cryptosk.c
ファイルの表示 

@@ -1,199 +0,0 @@
 
-/*
 
- * cryptosk.c
 
- */
 
-#include <crypto/internal/skcipher.h>
 
-#include <linux/crypto.h>
 
-#include <linux/module.h>
 
-#include <linux/random.h>
 
-#include <linux/scatterlist.h>
 
-
 
-#define SYMMETRIC_KEY_LENGTH 32
 
-#define CIPHER_BLOCK_SIZE 16
 
-
 
-struct tcrypt_result {
 
-    struct completion completion;
 
-    int err;
 
-};
 
-
 
-struct skcipher_def {
 
-    struct scatterlist sg;
 
-    struct crypto_skcipher *tfm;
 
-    struct skcipher_request *req;
 
-    struct tcrypt_result result;
 
-    char *scratchpad;
 
-    char *ciphertext;
 
-    char *ivdata;
 
-};
 
-
 
-static struct skcipher_def sk;
 
-
 
-static void test_skcipher_finish(struct skcipher_def *sk)
 
-{
 
-    if (sk->tfm)
 
-        crypto_free_skcipher(sk->tfm);
 
-    if (sk->req)
 
-        skcipher_request_free(sk->req);
 
-    if (sk->ivdata)
 
-        kfree(sk->ivdata);
 
-    if (sk->scratchpad)
 
-        kfree(sk->scratchpad);
 
-    if (sk->ciphertext)
 
-        kfree(sk->ciphertext);
 
-}
 
-
 
-static int test_skcipher_result(struct skcipher_def *sk, int rc)
 
-{
 
-    switch (rc) {
 
-    case 0:
 
-        break;
 
-    case -EINPROGRESS:
 
-    case -EBUSY:
 
-        rc = wait_for_completion_interruptible(&sk->result.completion);
 
-        if (!rc && !sk->result.err) {
 
-            reinit_completion(&sk->result.completion);
 
-            break;
 
-        }
 
-        pr_info("skcipher encrypt returned with %d result %d\n", rc,
 
-                sk->result.err);
 
-        break;
 
-    default:
 
-        pr_info("skcipher encrypt returned with %d result %d\n", rc,
 
-                sk->result.err);
 
-        break;
 
-    }
 
-
 
-    init_completion(&sk->result.completion);
 
-
 
-    return rc;
 
-}
 
-
 
-static void test_skcipher_callback(struct crypto_async_request *req, int error)
 
-{
 
-    struct tcrypt_result *result = req->data;
 
-
 
-    if (error == -EINPROGRESS)
 
-        return;
 
-
 
-    result->err = error;
 
-    complete(&result->completion);
 
-    pr_info("Encryption finished successfully\n");
 
-
 
-    /* decrypt data */
 
-#if 0
 
-    memset((void*)sk.scratchpad, '-', CIPHER_BLOCK_SIZE);
 
-    ret = crypto_skcipher_decrypt(sk.req);
 
-    ret = test_skcipher_result(&sk, ret);
 
-    if (ret)
 
-        return;
 
-
 
-    sg_copy_from_buffer(&sk.sg, 1, sk.scratchpad, CIPHER_BLOCK_SIZE);
 
-    sk.scratchpad[CIPHER_BLOCK_SIZE-1] = 0;
 
-
 
-    pr_info("Decryption request successful\n");
 
-    pr_info("Decrypted: %s\n", sk.scratchpad);
 
-#endif
 
-}
 
-
 
-static int test_skcipher_encrypt(char *plaintext, char *password,
 
-                                 struct skcipher_def *sk)
 
-{
 
-    int ret = -EFAULT;
 
-    unsigned char key[SYMMETRIC_KEY_LENGTH];
 
-
 
-    if (!sk->tfm) {
 
-        sk->tfm = crypto_alloc_skcipher("cbc-aes-aesni", 0, 0);
 
-        if (IS_ERR(sk->tfm)) {
 
-            pr_info("could not allocate skcipher handle\n");
 
-            return PTR_ERR(sk->tfm);
 
-        }
 
-    }
 
-
 
-    if (!sk->req) {
 
-        sk->req = skcipher_request_alloc(sk->tfm, GFP_KERNEL);
 
-        if (!sk->req) {
 
-            pr_info("could not allocate skcipher request\n");
 
-            ret = -ENOMEM;
 
-            goto out;
 
-        }
 
-    }
 
-
 
-    skcipher_request_set_callback(sk->req, CRYPTO_TFM_REQ_MAY_BACKLOG,
 
-                                  test_skcipher_callback, &sk->result);
 
-
 
-    /* clear the key */
 
-    memset((void *)key, '\0', SYMMETRIC_KEY_LENGTH);
 
-
 
-    /* Use the world's favourite password */
 
-    sprintf((char *)key, "%s", password);
 
-
 
-    /* AES 256 with given symmetric key */
 
-    if (crypto_skcipher_setkey(sk->tfm, key, SYMMETRIC_KEY_LENGTH)) {
 
-        pr_info("key could not be set\n");
 
-        ret = -EAGAIN;
 
-        goto out;
 
-    }
 
-    pr_info("Symmetric key: %s\n", key);
 
-    pr_info("Plaintext: %s\n", plaintext);
 
-
 
-    if (!sk->ivdata) {
 
-        /* see https://en.wikipedia.org/wiki/Initialization_vector */
 
-        sk->ivdata = kmalloc(CIPHER_BLOCK_SIZE, GFP_KERNEL);
 
-        if (!sk->ivdata) {
 
-            pr_info("could not allocate ivdata\n");
 
-            goto out;
 
-        }
 
-        get_random_bytes(sk->ivdata, CIPHER_BLOCK_SIZE);
 
-    }
 
-
 
-    if (!sk->scratchpad) {
 
-        /* The text to be encrypted */
 
-        sk->scratchpad = kmalloc(CIPHER_BLOCK_SIZE, GFP_KERNEL);
 
-        if (!sk->scratchpad) {
 
-            pr_info("could not allocate scratchpad\n");
 
-            goto out;
 
-        }
 
-    }
 
-    sprintf((char *)sk->scratchpad, "%s", plaintext);
 
-
 
-    sg_init_one(&sk->sg, sk->scratchpad, CIPHER_BLOCK_SIZE);
 
-    skcipher_request_set_crypt(sk->req, &sk->sg, &sk->sg, CIPHER_BLOCK_SIZE,
 
-                               sk->ivdata);
 
-    init_completion(&sk->result.completion);
 
-
 
-    /* encrypt data */
 
-    ret = crypto_skcipher_encrypt(sk->req);
 
-    ret = test_skcipher_result(sk, ret);
 
-    if (ret)
 
-        goto out;
 
-
 
-    pr_info("Encryption request successful\n");
 
-
 
-out:
 
-    return ret;
 
-}
 
-
 
-static int __init cryptoapi_init(void)
 
-{
 
-    /* The world's favorite password */
 
-    char *password = "password123";
 
-
 
-    sk.tfm = NULL;
 
-    sk.req = NULL;
 
-    sk.scratchpad = NULL;
 
-    sk.ciphertext = NULL;
 
-    sk.ivdata = NULL;
 
-
 
-    test_skcipher_encrypt("Testing", password, &sk);
 
-    return 0;
 
-}
 
-
 
-static void __exit cryptoapi_exit(void)
 
-{
 
-    test_skcipher_finish(&sk);
 
-}
 
-
 
-module_init(cryptoapi_init);
 
-module_exit(cryptoapi_exit);
 
-
 
-MODULE_DESCRIPTION("Symmetric key encryption example");
 
-MODULE_LICENSE("GPL");

+ 0 - 37
lkmpg.tex
ファイルの表示 

@@ -1910,43 +1910,6 @@ The example below modifies the previous example to also run an additional task w
 
 
 \samplec{examples/bottomhalf.c}
 
 
-\section{Crypto}
 
-\label{sec:crypto}
 
-At the dawn of the internet, everybody trusted everybody completely\ldots{}but that did not work out so well.
 
-When this guide was originally written, it was a more innocent era in which almost nobody actually gave a damn about crypto - least of all kernel developers.
 
-That is certainly no longer the case now.
 
-To handle crypto stuff, the kernel has its own API enabling common methods of encryption, decryption and your favourite hash functions.
 
-
 
-\subsection{Hash functions}
 
-\label{sec:hashfunc}
 
-
 
-Calculating and checking the hashes of things is a common operation.
 
-Here is a demonstration of how to calculate a sha256 hash within a kernel module.
 
-To provide the sha256 algorithm support, make sure \cpp|CONFIG_CRYPTO_SHA256| is enabled in kernel.
 
-
 
-\samplec{examples/cryptosha256.c}
 
-
 
-Install the module:
 
-
 
-\begin{codebash}
 
-sudo insmod cryptosha256.ko
 
-sudo dmesg
 
-\end{codebash}
 
-
 
-And you should see that the hash was calculated for the test string.
 
-
 
-Finally, remove the test module:
 
-
 
-\begin{codebash}
 
-sudo rmmod cryptosha256
 
-\end{codebash}
 
-
 
-\subsection{Symmetric key encryption}
 
-\label{sec:org2fab20b}
 
-Here is an example of symmetrically encrypting a string using the AES algorithm and a password.
 
-
 
-\samplec{examples/cryptosk.c}
 
-
 
 \section{Virtual Input Device Driver}
 
 \label{sec:vinput}
 
 The input device driver is a module that provides a way to communicate with the interaction device via the event.