Hello,
I have read the crypto library documentation on chronox.de.
I used there sample code for symmetric key cipher operation.
However in the check:
skcipher = crypto_alloc_skcipher("cbc-aes-aesni", 0, 0);
if (IS_ERR(skcipher)) {
pr_info("could not allocate skcipher handle\n");
return PTR_ERR(skcipher);
}
I get could not allocate skcipher handle.
I have loaded all possible related modules for crypto:
lsmod (relevant):
algif_skcipher 32768 0
algif_hash 20480 0
algif_aead 20480 0
af_alg 24576 3 algif_aead,algif_hash,algif_skcipher
cryptd
ablk_helper.
What am I missing here?
Also IS_ERR checks if the skcipher value may be <1000, it may include
the NULL check right?.
Thanks.
Am Montag, 2. Mai 2016, 11:14:01 schrieb Gadre Nayan:
Hi Gadre,
> Hello,
>
> I have read the crypto library documentation on chronox.de.
>
> I used there sample code for symmetric key cipher operation.
> However in the check:
>
> skcipher = crypto_alloc_skcipher("cbc-aes-aesni", 0, 0);
> if (IS_ERR(skcipher)) {
> pr_info("could not allocate skcipher handle\n");
> return PTR_ERR(skcipher);
> }
>
> I get could not allocate skcipher handle.
>
> I have loaded all possible related modules for crypto:
> lsmod (relevant):
> algif_skcipher 32768 0
> algif_hash 20480 0
> algif_aead 20480 0
> af_alg 24576 3 algif_aead,algif_hash,algif_skcipher
> cryptd
> ablk_helper.
>
> What am I missing here?
>
> Also IS_ERR checks if the skcipher value may be <1000, it may include
> the NULL check right?.
The allocation of the cipher failed. Please check /proc/crypto whether you
have the cipher registered with the kernel crypto API.
The module listing does not show the AESNI cipher module.
Ciao
Stephan
Hi Stephan,
I checked modinfo aesni_intel:
filename: /lib/modules/4.5.0/kernel/arch/x86/crypto/aesni-intel.ko
alias: crypto-aes
alias: aes
license: GPL
description: Rijndael (AES) Cipher Algorithm, Intel AES-NI
instructions optimized
alias: crypto-fpu
alias: fpu
srcversion: 55C6346DCF663DDD74D3F13
alias: cpu:type:x86,ven*fam*mod*:feature:*0099*
depends: xts,aes-i586,lrw,ablk_helper
intree: Y
vermagic: 4.5.0 SMP mod_unload modversions 686
when I do modprobe crypto-aes,
modprobe: ERROR: could not insert 'aesni_intel': No such device
modprobe: ERROR: could not insert 'padlock_aes': No such device
I have these modules: xts,aes-i586,lrw,ablk_helper loaded as well (
the dependencies).
I think I am still missing something. Any hardware feature. Or some
other module is using some IRQ or region which is not shared.
Thanks.
Nayan Gadre.
On Mon, May 2, 2016 at 11:21 AM, Stephan Mueller <[email protected]> wrote:
> Am Montag, 2. Mai 2016, 11:14:01 schrieb Gadre Nayan:
>
> Hi Gadre,
>
>> Hello,
>>
>> I have read the crypto library documentation on chronox.de.
>>
>> I used there sample code for symmetric key cipher operation.
>> However in the check:
>>
>> skcipher = crypto_alloc_skcipher("cbc-aes-aesni", 0, 0);
>> if (IS_ERR(skcipher)) {
>> pr_info("could not allocate skcipher handle\n");
>> return PTR_ERR(skcipher);
>> }
>>
>> I get could not allocate skcipher handle.
>>
>> I have loaded all possible related modules for crypto:
>> lsmod (relevant):
>> algif_skcipher 32768 0
>> algif_hash 20480 0
>> algif_aead 20480 0
>> af_alg 24576 3 algif_aead,algif_hash,algif_skcipher
>> cryptd
>> ablk_helper.
>>
>> What am I missing here?
>>
>> Also IS_ERR checks if the skcipher value may be <1000, it may include
>> the NULL check right?.
>
> The allocation of the cipher failed. Please check /proc/crypto whether you
> have the cipher registered with the kernel crypto API.
>
> The module listing does not show the AESNI cipher module.
>
> Ciao
> Stephan
Am Montag, 2. Mai 2016, 21:00:25 schrieb Gadre Nayan:
Hi Gadre,
> Hi Stephan,
>
> I checked modinfo aesni_intel:
> filename: /lib/modules/4.5.0/kernel/arch/x86/crypto/aesni-intel.ko
> alias: crypto-aes
> alias: aes
> license: GPL
> description: Rijndael (AES) Cipher Algorithm, Intel AES-NI
> instructions optimized
> alias: crypto-fpu
> alias: fpu
> srcversion: 55C6346DCF663DDD74D3F13
> alias: cpu:type:x86,ven*fam*mod*:feature:*0099*
> depends: xts,aes-i586,lrw,ablk_helper
> intree: Y
> vermagic: 4.5.0 SMP mod_unload modversions 686
>
> when I do modprobe crypto-aes,
> modprobe: ERROR: could not insert 'aesni_intel': No such device
> modprobe: ERROR: could not insert 'padlock_aes': No such device
Well, maybe your CPU does not have AES-NI?
Besides, why fiddle around with special implementations? Simply use the
standard names of, say, "aes" and let the kernel crypto API do its magic to
find the fastest implementation for your system?
>
> I have these modules: xts,aes-i586,lrw,ablk_helper loaded as well (
> the dependencies).
Well, a 32 bit system does not have AES-NI support.
>
> I think I am still missing something. Any hardware feature. Or some
> other module is using some IRQ or region which is not shared.
>
> Thanks.
> Nayan Gadre.
>
> On Mon, May 2, 2016 at 11:21 AM, Stephan Mueller <[email protected]>
wrote:
> > Am Montag, 2. Mai 2016, 11:14:01 schrieb Gadre Nayan:
> >
> > Hi Gadre,
> >
> >> Hello,
> >>
> >> I have read the crypto library documentation on chronox.de.
> >>
> >> I used there sample code for symmetric key cipher operation.
> >> However in the check:
> >>
> >> skcipher = crypto_alloc_skcipher("cbc-aes-aesni", 0, 0);
> >> if (IS_ERR(skcipher)) {
> >> pr_info("could not allocate skcipher handle\n");
> >> return PTR_ERR(skcipher);
> >> }
> >>
> >> I get could not allocate skcipher handle.
> >>
> >> I have loaded all possible related modules for crypto:
> >> lsmod (relevant):
> >> algif_skcipher 32768 0
> >> algif_hash 20480 0
> >> algif_aead 20480 0
> >> af_alg 24576 3 algif_aead,algif_hash,algif_skcipher
> >> cryptd
> >> ablk_helper.
> >>
> >> What am I missing here?
> >>
> >> Also IS_ERR checks if the skcipher value may be <1000, it may include
> >> the NULL check right?.
> >
> > The allocation of the cipher failed. Please check /proc/crypto whether you
> > have the cipher registered with the kernel crypto API.
> >
> > The module listing does not show the AESNI cipher module.
> >
> > Ciao
> > Stephan
>
> --
> To unsubscribe from this list: send the line "unsubscribe linux-crypto" in
> the body of a message to [email protected]
> More majordomo info at http://vger.kernel.org/majordomo-info.html
Ciao
Stephan
Hello,
I tried few combinations of algorithms:
1. skcipher = crypto_alloc_skcipher("aes", 0, 0);
could not allocate skcipher handle: -2
lsmod:
aes_i586 20480 0
2. skcipher = crypto_alloc_skcipher("cbc(aes)", 0, 0);
So here all allocations work but,
in test_skcipher_encdec this log:
skcipher encrypt returned with -22 result -224149504
and lsmod:
xcbc 16384 0
So the second algo option at-least makes allocations but in the
encrypt function throws error:
crypto_skcipher_encrypt(sk->req);
Please suggest what may be going wrong.
I am posting my code as well in case I may have made some mistakes in
length of key, iv, input data, output data. etc.
I have not modified the APIs from the sample, only the driver function
test_skcipher.
struct skcipher_def sk;
struct crypto_skcipher *skcipher = NULL;
struct skcipher_request *req = NULL;
char *scratchpad = NULL;
char *ivdata = NULL;
unsigned char key[32];
int ret = -EFAULT;
skcipher = crypto_alloc_skcipher("cbc(aes)", 0, 0);
if(IS_ERR(skcipher)) {
ret = PTR_ERR(skcipher);
pr_err("could not allocate skcipher handle: %d\n", ret);
goto CIPHERFAIL;
}
ret = 0;
req = skcipher_request_alloc(skcipher, GFP_KERNEL);
if(IS_ERR(req)) {
ret = PTR_ERR(req);
pr_err("could not allocate request queue: %d\n", ret);
goto CIPHERFAIL;
}
skcipher_request_set_callback(req, CRYPTO_TFM_REQ_MAY_BACKLOG,
test_skcipher_cb, &sk.result);
//AES 256 with random bytes
get_random_bytes(&key, 32);
if(crypto_skcipher_setkey(skcipher, key, 32)){
pr_err("Key could not be set\n");
goto CIPHERFAIL;
}
//Initialization vector
ivdata = kmalloc(16, GFP_KERNEL);
if (!ivdata) {
pr_err("Could not allocate ivadata\n");
goto CIPHERFAIL;
}
get_random_bytes(ivdata, 16);
// FIll the data you want to encrypt
strcpy(dataptr, "12345678901234567890");
sk.tfm = skcipher;
sk.req = req;
//We encrypt one block of data
sg_init_one(&sk.sg, dataptr, 20);
skcipher_request_set_crypt(req, &sk.sg, &sk.sg, 20, ivdata);
init_completion(&sk.result.completion);
//Encrypt data
ret = test_skcipher_encdec(&sk, 1);
if(ret){
pr_err("Encryption failed...somehow :(: %d\n", ret);
goto CIPHERFAIL;
}
else{
pr_err("Encryption done op: %s\n", dataptr);
return;
}
CIPHERFAIL:
if(!IS_ERR(skcipher)){
pr_err("NO_ERR: Normal skcipher cleaning\n");
crypto_free_skcipher(skcipher);
}
if(!IS_ERR(req)){
pr_err("NO_ERR: REQ: Reached here because something
else failed\n");
skcipher_request_free(req);
}
if(!IS_ERR(ivdata)){
pr_err("NO_ERR: IV: Reched here because something else
failed\n");
kfree(ivdata);
}
if(!IS_ERR(scratchpad)){
pr_err("NO_ERR: scratch: reached here because
something else failed\n");
kfree(scratchpad);
}
Thanks
On Mon, May 2, 2016 at 9:03 PM, Stephan Mueller <[email protected]> wrote:
> Am Montag, 2. Mai 2016, 21:00:25 schrieb Gadre Nayan:
>
> Hi Gadre,
>
>> Hi Stephan,
>>
>> I checked modinfo aesni_intel:
>> filename: /lib/modules/4.5.0/kernel/arch/x86/crypto/aesni-intel.ko
>> alias: crypto-aes
>> alias: aes
>> license: GPL
>> description: Rijndael (AES) Cipher Algorithm, Intel AES-NI
>> instructions optimized
>> alias: crypto-fpu
>> alias: fpu
>> srcversion: 55C6346DCF663DDD74D3F13
>> alias: cpu:type:x86,ven*fam*mod*:feature:*0099*
>> depends: xts,aes-i586,lrw,ablk_helper
>> intree: Y
>> vermagic: 4.5.0 SMP mod_unload modversions 686
>>
>> when I do modprobe crypto-aes,
>> modprobe: ERROR: could not insert 'aesni_intel': No such device
>> modprobe: ERROR: could not insert 'padlock_aes': No such device
>
> Well, maybe your CPU does not have AES-NI?
>
> Besides, why fiddle around with special implementations? Simply use the
> standard names of, say, "aes" and let the kernel crypto API do its magic to
> find the fastest implementation for your system?
>>
>> I have these modules: xts,aes-i586,lrw,ablk_helper loaded as well (
>> the dependencies).
>
> Well, a 32 bit system does not have AES-NI support.
>>
>> I think I am still missing something. Any hardware feature. Or some
>> other module is using some IRQ or region which is not shared.
>>
>> Thanks.
>> Nayan Gadre.
>>
>> On Mon, May 2, 2016 at 11:21 AM, Stephan Mueller <[email protected]>
> wrote:
>> > Am Montag, 2. Mai 2016, 11:14:01 schrieb Gadre Nayan:
>> >
>> > Hi Gadre,
>> >
>> >> Hello,
>> >>
>> >> I have read the crypto library documentation on chronox.de.
>> >>
>> >> I used there sample code for symmetric key cipher operation.
>> >> However in the check:
>> >>
>> >> skcipher = crypto_alloc_skcipher("cbc-aes-aesni", 0, 0);
>> >> if (IS_ERR(skcipher)) {
>> >> pr_info("could not allocate skcipher handle\n");
>> >> return PTR_ERR(skcipher);
>> >> }
>> >>
>> >> I get could not allocate skcipher handle.
>> >>
>> >> I have loaded all possible related modules for crypto:
>> >> lsmod (relevant):
>> >> algif_skcipher 32768 0
>> >> algif_hash 20480 0
>> >> algif_aead 20480 0
>> >> af_alg 24576 3 algif_aead,algif_hash,algif_skcipher
>> >> cryptd
>> >> ablk_helper.
>> >>
>> >> What am I missing here?
>> >>
>> >> Also IS_ERR checks if the skcipher value may be <1000, it may include
>> >> the NULL check right?.
>> >
>> > The allocation of the cipher failed. Please check /proc/crypto whether you
>> > have the cipher registered with the kernel crypto API.
>> >
>> > The module listing does not show the AESNI cipher module.
>> >
>> > Ciao
>> > Stephan
>>
>> --
>> To unsubscribe from this list: send the line "unsubscribe linux-crypto" in
>> the body of a message to [email protected]
>> More majordomo info at http://vger.kernel.org/majordomo-info.html
>
>
> Ciao
> Stephan
Am Dienstag, 3. Mai 2016, 10:34:01 schrieb Gadre Nayan:
Hi Gadre,
> Hello,
>
> I tried few combinations of algorithms:
>
> 1. skcipher = crypto_alloc_skcipher("aes", 0, 0);
>
> could not allocate skcipher handle: -2
> lsmod:
> aes_i586 20480 0
Please read the documentation and compare it with /proc/crypto: skcipher does
not work with the raw AES, but only with a block chaining mode as below.
>
> 2. skcipher = crypto_alloc_skcipher("cbc(aes)", 0, 0);
>
> So here all allocations work but,
> in test_skcipher_encdec this log:
> skcipher encrypt returned with -22 result -224149504
Error code is -EINVAL, so you provided wrong data.
>
> and lsmod:
> xcbc 16384 0
Please forget lsmod, /proc/crypto provides you with the information (excluding
the permutations with the available block chaining modes).
>
> So the second algo option at-least makes allocations but in the
> encrypt function throws error:
> crypto_skcipher_encrypt(sk->req);
>
> Please suggest what may be going wrong.
>
> I am posting my code as well in case I may have made some mistakes in
> length of key, iv, input data, output data. etc.
>
> I have not modified the APIs from the sample, only the driver function
> test_skcipher.
>
> struct skcipher_def sk;
> struct crypto_skcipher *skcipher = NULL;
> struct skcipher_request *req = NULL;
> char *scratchpad = NULL;
> char *ivdata = NULL;
> unsigned char key[32];
> int ret = -EFAULT;
>
> skcipher = crypto_alloc_skcipher("cbc(aes)", 0, 0);
try CRYPTO_ALG_ASYNC as the last argument, otherwise you have a sync cipher
that whould not work with the async API.
> if(IS_ERR(skcipher)) {
> ret = PTR_ERR(skcipher);
> pr_err("could not allocate skcipher handle: %d\n", ret);
> goto CIPHERFAIL;
> }
> ret = 0;
> req = skcipher_request_alloc(skcipher, GFP_KERNEL);
> if(IS_ERR(req)) {
> ret = PTR_ERR(req);
> pr_err("could not allocate request queue: %d\n", ret);
> goto CIPHERFAIL;
> }
>
> skcipher_request_set_callback(req, CRYPTO_TFM_REQ_MAY_BACKLOG,
> test_skcipher_cb, &sk.result);
>
> //AES 256 with random bytes
> get_random_bytes(&key, 32);
> if(crypto_skcipher_setkey(skcipher, key, 32)){
> pr_err("Key could not be set\n");
> goto CIPHERFAIL;
> }
>
> //Initialization vector
> ivdata = kmalloc(16, GFP_KERNEL);
> if (!ivdata) {
> pr_err("Could not allocate ivadata\n");
> goto CIPHERFAIL;
> }
> get_random_bytes(ivdata, 16);
>
> // FIll the data you want to encrypt
> strcpy(dataptr, "12345678901234567890");
> sk.tfm = skcipher;
> sk.req = req;
>
> //We encrypt one block of data
> sg_init_one(&sk.sg, dataptr, 20);
> skcipher_request_set_crypt(req, &sk.sg, &sk.sg, 20, ivdata);
> init_completion(&sk.result.completion);
>
> //Encrypt data
> ret = test_skcipher_encdec(&sk, 1);
> if(ret){
> pr_err("Encryption failed...somehow :(: %d\n", ret);
> goto CIPHERFAIL;
> }
> else{
> pr_err("Encryption done op: %s\n", dataptr);
> return;
> }
>
> CIPHERFAIL:
> if(!IS_ERR(skcipher)){
> pr_err("NO_ERR: Normal skcipher cleaning\n");
> crypto_free_skcipher(skcipher);
> }
> if(!IS_ERR(req)){
> pr_err("NO_ERR: REQ: Reached here because something
> else failed\n");
> skcipher_request_free(req);
> }
> if(!IS_ERR(ivdata)){
> pr_err("NO_ERR: IV: Reched here because something else
> failed\n");
> kfree(ivdata);
> }
> if(!IS_ERR(scratchpad)){
> pr_err("NO_ERR: scratch: reached here because
> something else failed\n");
> kfree(scratchpad);
> }
>
> Thanks
>
> On Mon, May 2, 2016 at 9:03 PM, Stephan Mueller <[email protected]> wrote:
> > Am Montag, 2. Mai 2016, 21:00:25 schrieb Gadre Nayan:
> >
> > Hi Gadre,
> >
> >> Hi Stephan,
> >>
> >> I checked modinfo aesni_intel:
> >> filename: /lib/modules/4.5.0/kernel/arch/x86/crypto/aesni-intel.ko
> >> alias: crypto-aes
> >> alias: aes
> >> license: GPL
> >> description: Rijndael (AES) Cipher Algorithm, Intel AES-NI
> >> instructions optimized
> >> alias: crypto-fpu
> >> alias: fpu
> >> srcversion: 55C6346DCF663DDD74D3F13
> >> alias: cpu:type:x86,ven*fam*mod*:feature:*0099*
> >> depends: xts,aes-i586,lrw,ablk_helper
> >> intree: Y
> >> vermagic: 4.5.0 SMP mod_unload modversions 686
> >>
> >> when I do modprobe crypto-aes,
> >> modprobe: ERROR: could not insert 'aesni_intel': No such device
> >> modprobe: ERROR: could not insert 'padlock_aes': No such device
> >
> > Well, maybe your CPU does not have AES-NI?
> >
> > Besides, why fiddle around with special implementations? Simply use the
> > standard names of, say, "aes" and let the kernel crypto API do its magic
> > to
> > find the fastest implementation for your system?
> >
> >> I have these modules: xts,aes-i586,lrw,ablk_helper loaded as well (
> >> the dependencies).
> >
> > Well, a 32 bit system does not have AES-NI support.
> >
> >> I think I am still missing something. Any hardware feature. Or some
> >> other module is using some IRQ or region which is not shared.
> >>
> >> Thanks.
> >> Nayan Gadre.
> >>
> >> On Mon, May 2, 2016 at 11:21 AM, Stephan Mueller <[email protected]>
> >
> > wrote:
> >> > Am Montag, 2. Mai 2016, 11:14:01 schrieb Gadre Nayan:
> >> >
> >> > Hi Gadre,
> >> >
> >> >> Hello,
> >> >>
> >> >> I have read the crypto library documentation on chronox.de.
> >> >>
> >> >> I used there sample code for symmetric key cipher operation.
> >> >> However in the check:
> >> >>
> >> >> skcipher = crypto_alloc_skcipher("cbc-aes-aesni", 0, 0);
> >> >> if (IS_ERR(skcipher)) {
> >> >> pr_info("could not allocate skcipher handle\n");
> >> >> return PTR_ERR(skcipher);
> >> >> }
> >> >>
> >> >> I get could not allocate skcipher handle.
> >> >>
> >> >> I have loaded all possible related modules for crypto:
> >> >> lsmod (relevant):
> >> >> algif_skcipher 32768 0
> >> >> algif_hash 20480 0
> >> >> algif_aead 20480 0
> >> >> af_alg 24576 3 algif_aead,algif_hash,algif_skcipher
> >> >> cryptd
> >> >> ablk_helper.
> >> >>
> >> >> What am I missing here?
> >> >>
> >> >> Also IS_ERR checks if the skcipher value may be <1000, it may include
> >> >> the NULL check right?.
> >> >
> >> > The allocation of the cipher failed. Please check /proc/crypto whether
> >> > you
> >> > have the cipher registered with the kernel crypto API.
> >> >
> >> > The module listing does not show the AESNI cipher module.
> >> >
> >> > Ciao
> >> > Stephan
> >>
> >> --
> >> To unsubscribe from this list: send the line "unsubscribe linux-crypto"
> >> in
> >> the body of a message to [email protected]
> >> More majordomo info at http://vger.kernel.org/majordomo-info.html
> >
> > Ciao
> > Stephan
>
> --
> To unsubscribe from this list: send the line "unsubscribe linux-crypto" in
> the body of a message to [email protected]
> More majordomo info at http://vger.kernel.org/majordomo-info.html
Ciao
Stephan