jump to navigation

linux kernel source tracing (crypto) part 2 March 28, 2007

Posted by TSAI HONG-BIN in Linux.

If you remember, back in the trace of function __crypto_alloc_tfm() in api.c, a new instance of struct crypto_tfm is created, and the parameter alg is assigned to tfm->__crt_alg. And if we further review the struct of crypto_tfm, you can see that through this interface, the cryptographic algorithm is separated from transform. Crypto_tfm is an integrated interface that encapsulates algorithm and one of the cryptographic transforms. See the definition below.

struct crypto_tfm {

u32 crt_flags;

union {
struct blkcipher_tfm blkcipher;
struct cipher_tfm cipher;
struct hash_tfm hash;
struct compress_tfm compress;
} crt_u;

struct crypto_alg *__crt_alg;

void *__crt_ctx[] CRYPTO_MINALIGN_ATTR;

For different cryptographic target (cipher, hash … blah), several different transforms are defined. At current stage, we don’t have to dig-in here. So, back to tcrypt.c. We’re now sure what the variable tfm here stands for, but how about the next? See

struct blkcipher_desc desc;

desc.tfm = tfm;
desc.flags = 0;

Oops, what’s blkcipher_desc? don’t panic, it’s main part is crypto_blkcipher, which could be seen as an alias of crypto_tfm. The following loop is not scaring either, it just starts to run the test cases. No matter how many times this loop is executed, all we have to do is look into the loop body. Because that’s somewhere the encryption/decryption is done. First it clears and sets a WEAK_KEY flag for test purpose. The flags are defined in ~linux/include/linux/crypto.h

* Transform masks and values (for crt_flags).
#define CRYPTO_TFM_MODE_MASK 0x000000ff
#define CRYPTO_TFM_REQ_MASK 0x000fff00
#define CRYPTO_TFM_RES_MASK 0xfff00000

#define CRYPTO_TFM_MODE_ECB 0x00000001
#define CRYPTO_TFM_MODE_CBC 0x00000002
#define CRYPTO_TFM_MODE_CFB 0x00000004
#define CRYPTO_TFM_MODE_CTR 0x00000008

#define CRYPTO_TFM_REQ_WEAK_KEY 0x00000100
#define CRYPTO_TFM_REQ_MAY_SLEEP 0x00000200
#define CRYPTO_TFM_RES_WEAK_KEY 0x00100000
#define CRYPTO_TFM_RES_BAD_KEY_LEN 0x00200000
#define CRYPTO_TFM_RES_BAD_KEY_SCHED 0x00400000
#define CRYPTO_TFM_RES_BAD_BLOCK_LEN 0x00800000
#define CRYPTO_TFM_RES_BAD_FLAGS 0x01000000

Then, crypto_blkcipher_setkey(). Each cryptographic algorithm has different design of key scheduling, so this routine is essential. However, if you follow the crypto_blkcipher_setkey(), you’ll again find that this function is merely an interface for running crypto_blkcipher_crt(tfm)->setkey(). What is crypto_blkcipher_crt!? Its return data type is blkcipher_tfm (recall the definition of crypto_tfm). So, now we know that by calling crypto_blkcipher_setkey() in tcrypt.c, it calls the setkey() routine in ~linux/crypto/blkcipher.c. Yes, likewise, you can find the definitions of operations of hash_tfm and cipher_tfm in ~linux/crypto/hash.c and ~linux/crypto/cipher.c. If you want to dig in these transforms, you may want to start from crypto_init_cipher_ops(), crypto_init_blkcipher_ops(), or crypto_init_hash_ops().




No comments yet — be the first.

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out /  Change )

Google photo

You are commenting using your Google account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s

%d bloggers like this: