>我注意到linux内核加密子系统中有一个测试模块(tcrypt.c)。我能够将此模块用于任何基准标记场景,例如使用以下命令"modprobe tcrypt sec=1 mode=200"
但是我无法使用如下所示的相同方法来测试各个算法
"模控密码模式=10
"它抛出一个错误"alg:skcipher:无法加载 ctr(aes): -22 的转换"
当模式值为 0 时,它会执行以测试每个算法,直到模式值达到 200,几乎每个场景都会失败,并且对于哈希/HMAC 等各个算法都会出现类似类型的错误。
请问任何人都可以告诉我如何解决这个问题?
溴,& Sanumala
希望这有所帮助。
加载转换取决于当前的内核版本。Tcrypt尝试了原版内核源代码中可用的算法的所有组合。据我所知,您没有可用于AES的CTR模式。您可能需要构建自定义内核。
http://lxr.free-electrons.com/source/crypto/tcrypt.c#L434
tcrypt.c在最新的内核中已过时。请确保您的内核能够使用 cyrpto,即 /proc/crypto
name : __ctr(aes)
driver : cryptd(__ctr-aes-ce)
module : kernel
name : __cts(cbc(aes))
driver : cryptd(__cts-cbc-aes-ce)
module : kernel
name : __xts(aes)
driver : cryptd(__xts-aes-ce)
module : kernel
name : __cbc(aes)
driver : cryptd(__cbc-aes-ce)
module : kernel
name : __ecb(aes)
driver : cryptd(__ecb-aes-ce)
module : kernel
name : jitterentropy_rng
driver : jitterentropy_rng
module : kernel
name : aes
driver : aes-arm64
module : kernel
name : sha224
driver : sha224-arm64-neon
module : kernel
name : sha256
driver : sha256-arm64-neon
module : kernel
name : sha224
driver : sha224-arm64
module : kernel
name : sha256
driver : sha256-arm64
module : kernel
name : xts(aes)
driver : xts-aes-ce
module : kernel
name : ctr(aes)
driver : ctr-aes-ce
module : kernel
name : cts(cbc(aes))
driver : cts-cbc-aes-ce
module : kernel
name : cbc(aes)
driver : cbc-aes-ce
module : kernel
name : ecb(aes)
driver : ecb-aes-ce
module : kernel
name : cbcmac(aes)
driver : cbcmac-aes-ce
module : kernel
name : xcbc(aes)
driver : xcbc-aes-ce
module : kernel
name : cmac(aes)
driver : cmac-aes-ce
module : kernel
name : __xts(aes)
driver : __xts-aes-ce
module : kernel
name : ctr(aes)
driver : ctr-aes-ce
module : kernel
name : __ctr(aes)
driver : __ctr-aes-ce
module : kernel
name : __cts(cbc(aes))
driver : __cts-cbc-aes-ce
module : kernel
name : __cbc(aes)
driver : __cbc-aes-ce
module : kernel
name : __ecb(aes)
driver : __ecb-aes-ce
module : kernel
name : ccm(aes)
driver : ccm-aes-ce
module : kernel
name : aes
driver : aes-ce
module : kernel
name : gcm(aes)
driver : gcm-aes-ce
module : kernel
name : ghash
driver : ghash-ce
module : kernel
name : ghash
driver : ghash-neon
module : kernel
name : sha256
driver : sha256-ce
module : kernel
name : sha224
driver : sha224-ce
module : kernel
name : sha1
driver : sha1-ce
module : kernel
name : stdrng
driver : drbg_nopr_hmac_sha256
module : kernel
name : stdrng
driver : drbg_nopr_hmac_sha512
module : kernel
name : stdrng
driver : drbg_nopr_hmac_sha384
module : kernel
name : stdrng
driver : drbg_nopr_hmac_sha1
module : kernel
name : stdrng
driver : drbg_pr_hmac_sha256
module : kernel
name : stdrng
driver : drbg_pr_hmac_sha512
module : kernel
name : stdrng
driver : drbg_pr_hmac_sha384
module : kernel
name : stdrng
driver : drbg_pr_hmac_sha1
module : kernel
name : stdrng
driver : ansi_cprng
module : kernel
name : crct10dif
driver : crct10dif-generic
module : kernel
name : crc32c
driver : crc32c-generic
module : kernel
name : zlib-deflate
driver : zlib-deflate-scomp
module : kernel
name : deflate
driver : deflate-scomp
module : kernel
name : deflate
driver : deflate-generic
module : kernel
name : aes
driver : aes-generic
module : kernel
name : sha224
driver : sha224-generic
module : kernel
name : sha256
driver : sha256-generic
module : kernel
name : sha1
driver : sha1-generic
module : kernel
name : ecb(cipher_null)
driver : ecb-cipher_null
module : kernel
name : digest_null
driver : digest_null-generic
module : kernel
name : compress_null
driver : compress_null-generic
module : kernel
name : cipher_null
driver : cipher_null-generic
module : kernel
name : rsa
driver : rsa-generic
module : kernel
name : dh
driver : dh-generic
module : kernel
以ecb(aes)为例,
#include <asm/uaccess.h>
#include <asm/smp.h>
#include <crypto/skcipher.h>
#include <crypto/akcipher.h>
#include <crypto/acompress.h>
#include <crypto/rng.h>
#include <crypto/drbg.h>
#include <crypto/kpp.h>
#include <crypto/internal/simd.h>
#include <crypto/aead.h>
#include <crypto/hash.h>
#include <linux/crypto.h>
#include <linux/debugfs.h>
#include <linux/delay.h>
#include <linux/err.h>
#include <linux/fs.h>
#include <linux/fips.h>
#include <linux/kernel.h>
#include <linux/kthread.h>
#include <linux/module.h>
#include <linux/sched.h>
#include <linux/scatterlist.h>
#include <linux/time.h>
#include <linux/vmalloc.h>
#include <linux/zlib.h>
#include <linux/once.h>
#include <linux/random.h>
#include <linux/slab.h>
#include <linux/string.h>
/* tie all data structures together */
struct skcipher_def {
struct scatterlist sg;
struct crypto_skcipher *tfm;
struct skcipher_request *req;
struct crypto_wait wait;
};
/* Perform cipher operation */
static unsigned int test_skcipher_encdec(struct skcipher_def *sk,
int enc)
{
int rc;
if (enc)
rc = crypto_wait_req(crypto_skcipher_encrypt(sk->req), &sk->wait);
else
rc = crypto_wait_req(crypto_skcipher_decrypt(sk->req), &sk->wait);
if (rc)
pr_info("skcipher encrypt returned with result %dn", rc);
return rc;
}
/* Initialize and trigger cipher operation */
static int test_skcipher(void)
{
struct skcipher_def sk;
struct crypto_skcipher *skcipher = NULL;
struct skcipher_request *req = NULL;
char *scratchpad = NULL;
char *ivdata = NULL;
unsigned char key[32];
int ret = -EFAULT;
skcipher = crypto_alloc_skcipher("ecb-aes-ce", 0, 0);
if (IS_ERR(skcipher)) {
pr_info("could not allocate skcipher handlen");
return PTR_ERR(skcipher);
}
req = skcipher_request_alloc(skcipher, GFP_KERNEL);
if (!req) {
pr_info("could not allocate skcipher requestn");
ret = -ENOMEM;
goto out;
}
skcipher_request_set_callback(req, CRYPTO_TFM_REQ_MAY_BACKLOG,
crypto_req_done,
&sk.wait);
/* AES 256 with random key */
get_random_bytes(&key, 32);
if (crypto_skcipher_setkey(skcipher, key, 32)) {
pr_info("key could not be setn");
ret = -EAGAIN;
goto out;
}
/* IV will be random */
ivdata = kmalloc(16, GFP_KERNEL);
if (!ivdata) {
pr_info("could not allocate ivdatan");
goto out;
}
get_random_bytes(ivdata, 16);
/* Input data will be random */
scratchpad = kmalloc(16, GFP_KERNEL);
if (!scratchpad) {
pr_info("could not allocate scratchpadn");
goto out;
}
get_random_bytes(scratchpad, 16);
sk.tfm = skcipher;
sk.req = req;
/* We encrypt one block */
sg_init_one(&sk.sg, scratchpad, 16);
skcipher_request_set_crypt(req, &sk.sg, &sk.sg, 16, ivdata);
crypto_init_wait(&sk.wait);
/* encrypt data */
ret = test_skcipher_encdec(&sk, 1);
if (ret)
goto out;
pr_info("Encryption triggered successfullyn");
out:
if (skcipher)
crypto_free_skcipher(skcipher);
if (req)
skcipher_request_free(req);
if (ivdata)
kfree(ivdata);
if (scratchpad)
kfree(scratchpad);
return ret;
}
static int __init test_init(void)
{
printk("info: init testn");
test_skcipher();
return 0;
}
static void __exit test_exit(void)
{
printk("info: exit testn");
}
module_init(test_init);
module_exit(test_exit);
MODULE_LICENSE("GPL v2");
MODULE_AUTHOR("author@author.com");
之所以使用skcipher,是因为算法 ECB 在此内核中绑定到此类型。