diff options
| author | Eric Biggers | 2019-06-03 07:44:08 +0200 |
|---|---|---|
| committer | Herbert Xu | 2019-06-13 08:31:40 +0200 |
| commit | 03d66cfa2ad62cd0bb4c9aabc5a28d56af41f0cb (patch) | |
| tree | a3bac569e53865cc51f34c3d1b7cdb2e2c1d135c /crypto | |
| parent | crypto: testmgr - add some more preemption points (diff) | |
| download | kernel-qcow2-linux-03d66cfa2ad62cd0bb4c9aabc5a28d56af41f0cb.tar.gz kernel-qcow2-linux-03d66cfa2ad62cd0bb4c9aabc5a28d56af41f0cb.tar.xz kernel-qcow2-linux-03d66cfa2ad62cd0bb4c9aabc5a28d56af41f0cb.zip | |
crypto: doc - improve the skcipher API example code
Rewrite the skcipher API example, changing it to encrypt a buffer with
AES-256-XTS. This addresses various problems with the previous example:
- It requests a specific driver "cbc-aes-aesni", which is unusual.
Normally users ask for "cbc(aes)", not a specific driver.
- It encrypts only a single AES block. For the reader, that doesn't
clearly distinguish the "skcipher" API from the "cipher" API.
- Showing how to encrypt something with bare CBC is arguably a poor
choice of example, as it doesn't follow modern crypto trends. Now,
usually authenticated encryption is recommended, in which case the
user would use the AEAD API, not skcipher. Disk encryption is still a
legitimate use for skcipher, but for that usually XTS is recommended.
- Many other bugs and poor coding practices, such as not setting
CRYPTO_TFM_REQ_MAY_SLEEP, unnecessarily allocating a heap buffer for
the IV, unnecessary NULL checks, using a pointless wrapper struct, and
forgetting to set an error code in one case.
Signed-off-by: Eric Biggers <ebiggers@google.com>
Acked-by: Ard Biesheuvel <ard.biesheuvel@linaro.org>
Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
Diffstat (limited to 'crypto')
0 files changed, 0 insertions, 0 deletions