英文:
Use of the Linux Crypto API for AES Encryption
问题
我在使用USB Armory Mk-II的Linux Crypto API(用户空间接口)时遇到了一些问题。我成功进行了哈希计算,但无法进行AES加密或解密操作。
我正在编写一个Go代码,将使用API进行AES加密/解密。我参考了以下代码来帮助我:https://github.com/f-secure-foundry/mxs-dcp/blob/master/dcp_tool.go。一切都已安装好,以下是我的加密函数的一部分:
fd, _ := unix.Socket(unix.AF_ALG, unix.SOCK_SEQPACKET, 0)
addr := &unix.SockaddrALG{Type: "skcipher", Name: "ecb-aes-dcp"}
unix.Bind(fd, addr)
KEY := "\x2b\x7e\x15\x16\x28\xae\xd2\xa6\xab\xf7\x15\x88\x09\xcf\x4f\x3c"
err = syscall.SetsockoptString(fd, unix.SOL_ALG, unix.ALG_SET_KEY, KEY)
if err != nil {
return
}
//unix.ALG_OP_ENCRYPT = 0x1
// from https://pkg.go.dev/golang.org/x/sys/unix#pkg-constants
//ENCRYPT := "\x00"
err = syscall.SetsockoptInt(fd, unix.SOL_ALG, unix.ALG_SET_OP, unix.ALG_OP_ENCRYPT)
if err != nil {
return
}
代码在syscall.SetsockoptInt
处停止运行,错误信息是"protocol not available"。
我不知道这是从哪里来的,Linux crypto API文档(https://www.kernel.org/doc/html/v4.19/crypto/index.html)对我没有太大帮助。如果我理解正确,我需要进行系统调用来告诉我要进行加密操作(unix.ALG_SET_OP
, unix.ALG_OP_ENCRYPT
)。但这并没有起作用。
有人知道为什么吗?
英文:
I have some issues in using the Linux Crypto API (User Space Interface) of the USB Armory Mk-II. I successfully made hash calculation but not aes encryption or decryption operations.
I am writing a go code that will use the API for AES encryption/decryption. I'm taking example on the following code to help me: https://github.com/f-secure-foundry/mxs-dcp/blob/master/dcp_tool.go. Everything is installed and Here is a part of my encryption function:
fd, _ := unix.Socket(unix.AF_ALG, unix.SOCK_SEQPACKET, 0)
addr := &unix.SockaddrALG{Type: "skcipher", Name: "ecb-aes-dcp"}
unix.Bind(fd, addr)
KEY := "\x2b\x7e\x15\x16\x28\xae\xd2\xa6\xab\xf7\x15\x88\x09\xcf\x4f\x3c"
err = syscall.SetsockoptString(fd, unix.SOL_ALG, unix.ALG_SET_KEY, KEY)
if err != nil {
return
}
//unix.ALG_OP_ENCRYPT = 0x1
// from https://pkg.go.dev/golang.org/x/sys/unix#pkg-constants
//ENCRYPT := "\x00"
err = syscall.SetsockoptInt(fd, unix.SOL_ALG, unix.ALG_SET_OP, unix.ALG_OP_ENCRYPT)
if err != nil {
return
}
The code stop running at syscall.SetsockoptInt
and the error is "protocol not available".
I don't know where this come from and the Linux crypto API documentation (https://www.kernel.org/doc/html/v4.19/crypto/index.html) doesn't really help me. If I understand it, I have to make a syscall to tell I want encryption operation (unix.ALG_SET_OP
, unix.ALG_OP_ENCRYPT
). But this doesn't work.
Does someone have an idea why?
答案1
得分: 1
实际上,你需要将操作标志与数据一起发送。在这段代码中https://github.com/f-secure-foundry/mxs-dcp/blob/master/dcp_tool.go,你使用TEST_KEY对一个分散器进行加密(aes cbc)来生成派生密钥。函数DCPDeriveKey
首先会打开套接字,然后绑定并设置密钥。在由函数cryptoAPI
进行的加密之前,我们必须向内核发送SYSACCEPT
标志。函数cryptoAPI
将发送操作标志和数据到内核,并读取内核的响应。
英文:
Actually, you have to send the operation flag with the data. In this code https://github.com/f-secure-foundry/mxs-dcp/blob/master/dcp_tool.go, you generate a derived key by encryption (aes cbc) of a diversifier with the TEST_KEY. The function DCPDeriveKey
will first open the socket then bind it and set the key. Before encryption, made by the function cryptoAPI
, we have to send the SYSACCEPT
flag to the kernel. The function cryptoAPI
will send the operation flag and the data to the kernel and read the answer of the kernel.
通过集体智慧和协作来改善编程学习和解决问题的方式。致力于成为全球开发者共同参与的知识库,让每个人都能够通过互相帮助和分享经验来进步。
评论