使用Linux Crypto API进行AES加密

huangapple go评论106阅读模式
英文:

Use of the Linux Crypto API for AES Encryption

问题

我在使用USB Armory Mk-II的Linux Crypto API(用户空间接口)时遇到了一些问题。我成功进行了哈希计算,但无法进行AES加密或解密操作。

我正在编写一个Go代码,将使用API进行AES加密/解密。我参考了以下代码来帮助我:https://github.com/f-secure-foundry/mxs-dcp/blob/master/dcp_tool.go。一切都已安装好,以下是我的加密函数的一部分:

fd, _ := unix.Socket(unix.AF_ALG, unix.SOCK_SEQPACKET, 0)
addr := &unix.SockaddrALG{Type: "skcipher", Name: "ecb-aes-dcp"}
unix.Bind(fd, addr)

KEY := "\x2b\x7e\x15\x16\x28\xae\xd2\xa6\xab\xf7\x15\x88\x09\xcf\x4f\x3c"

err = syscall.SetsockoptString(fd, unix.SOL_ALG, unix.ALG_SET_KEY, KEY)

if err != nil {
    return
}

//unix.ALG_OP_ENCRYPT = 0x1
// from https://pkg.go.dev/golang.org/x/sys/unix#pkg-constants

//ENCRYPT := "\x00"
err = syscall.SetsockoptInt(fd, unix.SOL_ALG, unix.ALG_SET_OP, unix.ALG_OP_ENCRYPT)

if err != nil {
    return
}

代码在syscall.SetsockoptInt处停止运行,错误信息是"protocol not available"。

我不知道这是从哪里来的,Linux crypto API文档(https://www.kernel.org/doc/html/v4.19/crypto/index.html)对我没有太大帮助。如果我理解正确,我需要进行系统调用来告诉我要进行加密操作(unix.ALG_SET_OP, unix.ALG_OP_ENCRYPT)。但这并没有起作用。

有人知道为什么吗?

英文:

I have some issues in using the Linux Crypto API (User Space Interface) of the USB Armory Mk-II. I successfully made hash calculation but not aes encryption or decryption operations.

I am writing a go code that will use the API for AES encryption/decryption. I'm taking example on the following code to help me: https://github.com/f-secure-foundry/mxs-dcp/blob/master/dcp_tool.go. Everything is installed and Here is a part of my encryption function:

    fd, _ := unix.Socket(unix.AF_ALG, unix.SOCK_SEQPACKET, 0)
    addr := &unix.SockaddrALG{Type: "skcipher", Name: "ecb-aes-dcp"}
    unix.Bind(fd, addr)

    KEY := "\x2b\x7e\x15\x16\x28\xae\xd2\xa6\xab\xf7\x15\x88\x09\xcf\x4f\x3c"

    err = syscall.SetsockoptString(fd, unix.SOL_ALG, unix.ALG_SET_KEY, KEY)

    if err != nil {
            return
    }

    //unix.ALG_OP_ENCRYPT = 0x1
    // from https://pkg.go.dev/golang.org/x/sys/unix#pkg-constants

    //ENCRYPT := "\x00"
    err = syscall.SetsockoptInt(fd, unix.SOL_ALG, unix.ALG_SET_OP, unix.ALG_OP_ENCRYPT)

    if err != nil {
            return
    }

The code stop running at syscall.SetsockoptInt and the error is "protocol not available".

I don't know where this come from and the Linux crypto API documentation (https://www.kernel.org/doc/html/v4.19/crypto/index.html) doesn't really help me. If I understand it, I have to make a syscall to tell I want encryption operation (unix.ALG_SET_OP, unix.ALG_OP_ENCRYPT). But this doesn't work.

Does someone have an idea why?

答案1

得分: 1

实际上,你需要将操作标志与数据一起发送。在这段代码中https://github.com/f-secure-foundry/mxs-dcp/blob/master/dcp_tool.go,你使用TEST_KEY对一个分散器进行加密(aes cbc)来生成派生密钥。函数DCPDeriveKey首先会打开套接字,然后绑定并设置密钥。在由函数cryptoAPI进行的加密之前,我们必须向内核发送SYSACCEPT标志。函数cryptoAPI将发送操作标志和数据到内核,并读取内核的响应。

英文:

Actually, you have to send the operation flag with the data. In this code https://github.com/f-secure-foundry/mxs-dcp/blob/master/dcp_tool.go, you generate a derived key by encryption (aes cbc) of a diversifier with the TEST_KEY. The function DCPDeriveKey will first open the socket then bind it and set the key. Before encryption, made by the function cryptoAPI, we have to send the SYSACCEPT flag to the kernel. The function cryptoAPI will send the operation flag and the data to the kernel and read the answer of the kernel.

huangapple
  • 本文由 发表于 2021年8月26日 19:51:50
  • 转载请务必保留本文链接:https://go.coder-hub.com/68938027.html
匿名

发表评论

匿名网友

:?: :razz: :sad: :evil: :!: :smile: :oops: :grin: :eek: :shock: :???: :cool: :lol: :mad: :twisted: :roll: :wink: :idea: :arrow: :neutral: :cry: :mrgreen:

确定