1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
|
// SPDX-License-Identifier: GPL-2.0-or-later
/*
* Copyright 2019 Google LLC
*/
/**
* @file tst_af_alg.h
*
* Library for accessing kernel crypto algorithms via AF_ALG.
*
* See https://www.kernel.org/doc/html/latest/crypto/userspace-if.html
* for more information about AF_ALG.
*/
#ifndef TST_AF_ALG_H
#define TST_AF_ALG_H
#include "lapi/if_alg.h"
#include <stdbool.h>
/**
* Create an AF_ALG algorithm socket.
*
* This creates an AF_ALG algorithm socket that is initially not bound to any
* particular algorithm. On failure, tst_brk() is called with TCONF if the
* kernel doesn't support AF_ALG, otherwise TBROK.
*
* @return a new AF_ALG algorithm socket
*/
int tst_alg_create(void);
/**
* Bind an AF_ALG algorithm socket to an algorithm.
*
* @param algfd An AF_ALG algorithm socket
* @param addr A structure which specifies the algorithm to use
*
* On failure, tst_brk() is called with TCONF if the kernel doesn't support the
* specified algorithm, otherwise TBROK.
*/
void tst_alg_bind_addr(int algfd, const struct sockaddr_alg *addr);
/**
* Bind an AF_ALG algorithm socket to an algorithm.
*
* @param algfd An AF_ALG algorithm socket
* @param algtype The type of algorithm, such as "hash" or "skcipher"
* @param algname The name of the algorithm, such as "sha256" or "xts(aes)"
*
* Like tst_alg_bind_addr(), except this just takes in the algorithm type and
* name. The 'feat' and 'mask' fields are left 0.
*
* On failure, tst_brk() is called with TCONF if the kernel doesn't support the
* specified algorithm, otherwise TBROK.
*/
void tst_alg_bind(int algfd, const char *algtype, const char *algname);
/**
* Check for the availability of an algorithm.
*
* @param algtype The type of algorithm, such as "hash" or "skcipher"
* @param algname The name of the algorithm, such as "sha256" or "xts(aes)"
*
* Return true if the algorithm is available, or false if unavailable.
* If another error occurs, tst_brk() is called with TBROK.
*/
bool tst_have_alg(const char *algtype, const char *algname);
/**
* Require the availability of an algorithm.
*
* @param algtype The type of algorithm, such as "hash" or "skcipher"
* @param algname The name of the algorithm, such as "sha256" or "xts(aes)"
*
* If the algorithm is unavailable, tst_brk() is called with TCONF.
* If another error occurs, tst_brk() is called with TBROK.
*/
void tst_require_alg(const char *algtype, const char *algname);
/**
* Assign a cryptographic key to an AF_ALG algorithm socket.
*
* @param algfd An AF_ALG algorithm socket
* @param key Pointer to the key. If NULL, a random key is generated.
* @param keylen Length of the key in bytes
*
* On failure, tst_brk() is called with TBROK.
*/
void tst_alg_setkey(int algfd, const uint8_t *key, unsigned int keylen);
/**
* Create an AF_ALG request socket for the given algorithm socket.
*
* @param algfd An AF_ALG algorithm socket
*
* This creates a request socket for the given algorithm socket, which must be
* bound to an algorithm. The same algorithm socket can have many request
* sockets used concurrently to perform independent cryptographic operations,
* e.g. hashing or encryption/decryption. But the key, if any, that has been
* assigned to the algorithm is shared by all request sockets.
*
* On failure, tst_brk() is called with TBROK.
*
* @return a new AF_ALG request socket
*/
int tst_alg_accept(int algfd);
/**
* Set up an AF_ALG algorithm socket for the given algorithm w/ given key.
*
* @param algtype The type of algorithm, such as "hash" or "skcipher"
* @param algname The name of the algorithm, such as "sha256" or "xts(aes)"
* @param key The key to use (optional)
* @param keylen The length of the key in bytes (optional)
*
* This is a helper function which creates an AF_ALG algorithm socket, binds it
* to the specified algorithm, and optionally sets a key. If keylen is 0 then
* no key is set; otherwise if key is NULL a key of the given length is randomly
* generated and set; otherwise the given key is set.
*
* @return the AF_ALG algorithm socket that was set up
*/
int tst_alg_setup(const char *algtype, const char *algname,
const uint8_t *key, unsigned int keylen);
/**
* Set up an AF_ALG request socket for the given algorithm w/ given key.
*
* This is like tst_alg_setup(), except this returns a request fd instead of the
* alg fd. The alg fd is closed, so it doesn't need to be kept track of.
*
* @return the AF_ALG request socket that was set up
*/
int tst_alg_setup_reqfd(const char *algtype, const char *algname,
const uint8_t *key, unsigned int keylen);
#endif /* TST_AF_ALG_H */
|
