-
Notifications
You must be signed in to change notification settings - Fork 69
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
setsockopt() fails with EBUSY error #84
Comments
Am Montag, 18. November 2019, 22:21:18 CET schrieb amritha:
Hi amritha,
Stephan,
I'm trying to do some CAVP testing to validate the kernel crypto.
I'm NOT using the new ACVP tool, but the old method where we have the ".req"
files. My code has 2 parts:
- Server - it performs all the reading, writing and formatting of the
request and response files. Each test instance is read from req file and
passed over socket to client to compute results
- Client - it contains the
functions that execute the cryptographic algorithms (calls kernel crypto
APIs)
The server and client communicate via a socket.
I was successfully able to build libkcapi and integrate the
libkcapi.so.1.1.5 with my client code.
Sample input file:
```
[ENCRYPT]
COUNT = 0
KEY = 0000000000000000000000000000000000000000000000000000000000000000
PLAINTEXT = 014730f80ac625fe84f026c60bfd547d
CIPHERTEXT = 5c9d844ed46f9885085e5d6a4f94c7d7
COUNT = 1
KEY = 0000000000000000000000000000000000000000000000000000000000000000
PLAINTEXT = 0b24af36193ce4665f2825d7b4749c98
CIPHERTEXT = 55555555555555555555555555555555
```
First test instance (COUNT = 0) works as expected. The inputs are sent from
server to client for computation and client sends the output to server. The
server then writes the "CIPHERTEXT" to response file. But for next
instance, the client fails with "ERROR: Device or resource busy".
Are there any extra measures I need to be taking?
I guess you doing setkey several times on the same cipher handle? If so, this
is not supported by the kernel. You need to init() a new cipher handle for
that.
Ciao
Stephan
|
@smuellerDD : Thanks for the response. Right now the code I've is shown below:
Just want to be sure if I go re-writing the whole thing. |
Am Freitag, 22. November 2019, 16:15:00 CET schrieb amritha:
Hi amritha,
@smuellerDD : Thanks for the response.
So I'm guessing to initialize I've to use kcapi_cipher_init() followed by
kcapi_cipher_setkey() and then kcapi_cipher_encrypt()??
Yes.
Right now the code I've is shown below:
```
struct cmsghdr *cmsg;
struct msghdr msg = {};
struct af_alg_iv *iv;
rv = setsockopt(tfmfd, SOL_ALG, ALG_SET_KEY, params->key,
params->keyLength);
msg.msg_control = cbuf;
msg.msg_controllen = sizeof(cbuf);
cmsg = CMSG_FIRSTHDR(&msg);
cmsg->cmsg_level = SOL_ALG;
cmsg->cmsg_type = ALG_SET_OP;
cmsg->cmsg_len = CMSG_LEN(4);
*(__u32 *)CMSG_DATA(cmsg) = ALG_OP_ENCRYPT;
cmsg = CMSG_NXTHDR(&msg, cmsg);
cmsg->cmsg_level = SOL_ALG;
cmsg->cmsg_type = ALG_SET_IV;
cmsg->cmsg_len = CMSG_LEN(20);
iv = (void *)CMSG_DATA(cmsg);
iv->ivlen = 16;
iov.iov_base = buf;
iov.iov_len = params->dataLength;
msg.msg_iov = &iov;
msg.msg_iovlen = 1;
sendmsg(opfd, &msg, 0);
rv = read(opfd, buf, params->dataLength);
```
Just want to be sure if I go re-writing the whole thing.
That looks good, but doing another setsockopt(ALG_SET_KEY) will fail following
the read.
So you need to get a new tfmfd to set a new key.
Ciao
Stephan
|
@smuellerDD : Thanks for the suggestion, that fixed my problem! |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Stephan,
I'm trying to do some CAVP testing to validate the kernel crypto.
I'm NOT using the new ACVP tool, but the old method where we have the ".req" files.
My code has 2 parts:
The server and client communicate via a socket.
I was successfully able to build libkcapi and integrate the libkcapi.so.1.1.5 with my client code.
Sample input file:
First test instance (COUNT = 0) works as expected. The inputs are sent from server to client for computation and client sends the output to server. The server then writes the "CIPHERTEXT" to response file. But for next instance, the client fails with "ERROR: Device or resource busy".
Are there any extra measures I need to be taking?
The text was updated successfully, but these errors were encountered: