I am trying to do aes encryption in kernel space (2.6.34), and below is my sample code module with the error obtained. I am unable to resolve this "crypto_alloc_base" issue.
Any help will be appreciated.
#include <linux/module.h>
#include <linux/kernel.h>
#include <linux/crypto.h>
int init_module(void)
{
struct crypto_cipher *tfm;
const u8 key[16]= "my key";
u8 in[20] ="I Love India";
u8 encrypted[200];
u8 decrypted[200];
printk(KERN_INFO ">>>>>>>>aesModule Insmoded>>>>>>>>\n");
printk(KERN_INFO ">>>>>>>>Plain:%s \n",in);
tfm = crypto_alloc_cipher("aes", 0, 16);
//if (!IS_ERR(tfm))
crypto_cipher_setkey(tfm, key, ALG_CCMP_KEY_LEN);
crypto_cipher_encrypt_one(tfm, encrypted, in);
printk(KERN_INFO ">>>>Encrypted :%s \n",encrypted);
crypto_cipher_decrypt_one(tfm, decrypted, encrypted);
printk(KERN_INFO ">>>>Decrypted :%s \n ",decrypted);
return 0;
}
void cleanup_module(void)
{
printk(KERN_INFO ">>>>>>>>aesModule Removed>>>>>>>>\n");
}
#insmod aesTest.ko
aesTest: Unknown symbol crypto_alloc_base
insmod: error inserting 'aesTest.ko': -1 Unknown symbol in module
With Thanks,
Barun Parichha
I resolved this issue by adding below code to the end of the module.
MODULE_LICENSE("GPL");
MODULE_DESCRIPTION("Barun code for aes encryption test");
MODULE_AUTHOR("Barun Parichha<barun.parichha#gmail.com>");
MODULE_ALIAS("test");
Reason for this error:
http://docs.blackfin.uclinux.org/kernel/generated/kernel-hacking/ch09s02.html
symbols exported with EXPORT_SYMBOL(), can only be seen by modules with a MODULE_LICENSE() that specifies a GPL compatible license.
Regards,
Barun Parichha
Related
I am trying to create a slice for variable addr from this sample program:
#include <stdio.h>
#include <stdlib.h>
#include <net/ethernet.h>
#include <netinet/ip.h>
#define PKT_LEN 8192
int main (int argc, char *argv[]) {
char *pkt = (char *)malloc(PKT_LEN);
uint32_t addr;
int unrelated_var;
struct ethhdr *ehdr = (struct ethhdr *)pkt;
struct iphdr *ihdr = (struct iphdr *)(pkt + sizeof(struct ethhdr));
addr = ihdr->saddr;
return 0;
}
Here is the command I have used to print the slice in the terminal:
frama-c iphdr_issue.c -cpp-extra-args="-I/usr/include, -I/usr/include/x86_64-linux-gnu/" -kernel-msg-key pp -slice-value addr -then-on 'Slicing export' -print
It is generating following output with the mentioned error:
[kernel:pp]
preprocessing with "gcc -E -C -I. -I/users/ashfaqur/.opam/system/share/frama-c/libc -D__FRAMAC__ -D__FC_MACHDEP_X86_32 -I/usr/include -I/usr/include/x86_64-linux-gnu/ -dD -nostdinc -m32 iphdr_issue.c"
[kernel] Parsing iphdr_issue.c (with preprocessing)
[kernel] iphdr_issue.c:16: User Error:
Cannot find field saddr in type struct iphdr
14 struct iphdr *ihdr = (struct iphdr *)(pkt + sizeof(struct ethhdr));
15
16 addr = ihdr->saddr;
^^^^^^^^^^^^^^^^^^^^^^^
17
18 return 0;
[kernel] User Error: stopping on file "iphdr_issue.c" that has errors.
[kernel] Frama-C aborted: invalid user input.
How can I solve this issue?
If you want to use your system's standard headers instead of Frama-C's ones (beware however that there's absolutely no guarantee that Frama-C will be able to parse them, especially the ones that are heavily architecture-dependent), the solution is not to use -cpp-extra-args, but -no-frama-c-stdlib, as in:
frama-c iphdr_issue.c -no-frama-c-stdlib -slice-value addr test.c -then-on "Slicing export" -print
Incidentally, the example you provided gives an empty slice:
/* Generated by Frama-C */
void main(void)
{
return;
}
because Eva complains that you are trying from the uninitialized location ihdr->saddr (presumably because the example is correctly reduced to highlight the parsing error, but a bit too small for slicing to be meaningful).
After reading https://www.quora.com/How-can-I-bypass-the-OS-buffering-during-I-O-in-Linux I want to try to access data on the serial port with the O_DIRECT option, but the only way I can seem to do that is by adding the GNU_SOURCE define but when I tried to execute the program, nothing at all is printed on the screen.
If I remove "#define _GNU_SOURCE" and compile, then the system gives me an error on O_DIRECT.
If I remove the define and the O_DIRECT flag, then incorrect (possibly outdated) data is always read, but the data is printed on the screen.
I still want to use the O_DIRECT flag and be able to see the data, so I feel I need an alternative command to printf and friends, but I don't know how to continue.
I attached the code below:
#define _GNU_SOURCE
#include <stdio.h>
#include <stdlib.h>
#include <fcntl.h>
#include <time.h>
#include <unistd.h>
#include <termios.h>
#define TIMEOUT 5
int main(){
char inb[3]; //our byte buffer
int nread=0; //number bytes read from port
int n; //counter
int iosz=128; //Lets get 128 bytes
int fd=open("/dev/ttyS0", O_NOCTTY | O_RDONLY | O_SYNC | O_DIRECT); //Open port
tcflush(fd,TCIOFLUSH);
for(n=0;n<iosz;n++){
int s=time(NULL); //Start timer for 5 seconds
while (time(NULL)-s < TIMEOUT && nread < 1){
inb[0]='A'; //Fill buffer with bad data
inb[1]='B';
inb[2]='C';
nread=read(fd,(char*)inb,1); //Read ONE byte
tcflush(fd,TCIOFLUSH);
if (nread < 0 || time(NULL)-s >= TIMEOUT){
close(fd); //Exit if read error or timeout
return -1;
}
}
printf("%x:%d ",inb[0] & 0xFF,nread); //Print byte as we receive it
}
close(fd); //program ends so close and exit
printf("\n"); //Print byte as we receive it
return 0;
}
First off, I'm no expert on this topic, just curious about it, so take this answer with a pinch of salt.
I don't know if what you're trying to do here (if I'm not looking at it the wrong way it seems to be to bypass the kernel and read directly from the port to userspace) was ever a possibility (you can find some examples, like this one but I could not find anything properly documented) but with recent kernels you should be getting an error running your code, but you're not catching it.
If you add these lines after declaring your port:
...
int fd=open("/dev/ttyS0", O_NOCTTY | O_RDONLY | O_SYNC | O_DIRECT );
if (fd == -1) {
fprintf(stderr, "Error %d opening SERIALPORT : %s\n", errno, strerror(errno));
return 1;
}
tcflush(fd,TCIOFLUSH);
....
When you try to run you'll get: Error 22 opening SERIALPORT : Invalid argument
In my humble and limited understanding, you should be able to get the same effect changing the settings on termios to raw, something like this should do:
struct termios t;
tcgetattr(fd, &t); /* get current port state */
cfmakeraw(&t); /* set port state to raw */
tcsetattr(fd, TCSAFLUSH, &t); /* set updated port state */
There are many good sources for termios, but the only place I could find taht also refers to O_DIRECT (for files) is this one.
Is there a way to do a single read() in non-blocking mode on a pipe/terminal/etc, the way I can do it on a socket with recv(MSG_DONTWAIT)?
The reason I need that is because I cannot find any guarantee that a read() on a file-descriptor returned as ready for reading by select() or poll() will not block.
I know can make the file descriptor non-blocking with fcntl(fd, F_SETFL, fcntl(fd, F_GETFL) | O_NONBLOCK) but this will change the mode on that file descriptor globally, not just in the calling thread/process. For example:
% perl -MFcntl=F_SETFL,F_GETFL,O_NONBLOCK -e 'fcntl STDIN, F_SETFL, fcntl(STDIN, F_GETFL, 0) | O_NONBLOCK; select undef, undef, undef, undef'
^Z # put it in the background
% cat
cat: -: Resource temporarily unavailable
This will also make the fd non blocking for both reading and writing, which may confuse the hell out of another process doing the opposite on the same fd, as in:
non_blocking_read | filter | blocking_write
One way I think of is to save the file status flags on starting up and SIGCONT, and restore them on exiting and on SIGTSTP (just the way it's done with the termios settings), but this is very limited, race-prone, and will leave a mess behind in the case where the program exited abnormally.
Putting a save/restore with fcntl() before/after each read() also feels ugly and dumb, and may have other issues too. The same with an ioctl(FIONREAD) just before the read (which I'm not even sure it will work reliably with any fd; assurances in that direction will be welcome, though).
I would be happy even with system specific (eg. linux or bsd-only) solutions.
For reference, here is a discussion about fixing it in linux; the idea didn't seem to get anywhere, though.
A Linux only solution would be to reopen the file descriptor via
"/dev/stdin"|"/dev/tty"|"/dev/fd/$fd".
C example:
#include <stdlib.h>
#include <unistd.h>
#include <fcntl.h>
#include <unistd.h>
#include <stdio.h>
int main()
{
int fd;
char buf[8];
int flags;
if(0>(fd=open("/dev/stdin", O_RDONLY))) return 1;
if(0>(flags = fcntl(fd,F_GETFL))) return 1;
if(0>(flags = fcntl(fd,F_SETFL,flags|O_NONBLOCK))) return 1;
sleep(3);
puts("reading");
ssize_t nr = read(fd, buf, sizeof(buf));
printf("read=%zd\n", nr);
return 0;
}
Unlike a duplicated file descriptor, a reopened filedescriptor will have independent file status flags.
I was wondering if there is a way to copy a packet using iptables/netfilter, change it and deliver both to the application.
Basically, I want to capture a packet from a flow and redirect it to some queue, then I want to copy it, issue the verdict for it(I know how to do this part in C),then I need to change something in the copied version, AND issue the verdict for that "modified" packet too.
Basically I want the app to receive both the unmodified and the modified version.
Is this possible?
Thanks in advance for any help.
Your mission can be achieved with libipq library. The tutorial in following like focus on copying & modifying a packet in userspace.
http://citeseerx.ist.psu.edu/viewdoc/download?doi=10.1.1.205.2605&rep=rep1&type=pdf
You need to know C to work on it. Alternatively "Scapy" - a python based packet maipulation tool can be used.
#include <linux/netfilter.h>
#include <libipq.h>
/*
* Used to open packet ; Insert a iptables rule to get packet here
* iptables -I 1 [INPUT|OUTPUT|FORWARD] <packet header match> -j QUEUE
*/
#include <linux/netfilter.h>
#include <libipq.h>
#include <stdio.h>
#define BUFSIZE 2048
static void die(struct ipq_handle *h)
{
ipq_destroy_handle(h);
exit(1);
}
int main(int argc, char **argv)
{
int status;
unsigned char buf[BUFSIZE];
struct ipq_handle *h;
h = ipq_create_handle(0, NFPROTO_IPV4);
if (!h)
die(h);
status = ipq_set_mode(h, IPQ_COPY_PACKET, BUFSIZE);
if (status < 0)
die(h);
do{
status = ipq_read(h, buf, BUFSIZE, 0);
if (status < 0)
die(h);
if (ipq_message_type(buf) == IPQM_PACKET){
ipq_packet_msg_t *m = ipq_get_packet(buf);
status = ipq_set_verdict(h, m->packet_id, NF_ACCEPT, 0, NULL);
}
} while (1);
ipq_destroy_handle(h);
return 0;
}
I am trying to use only aes in my program. I have copied the files
config.h
aes.h
havege.h
to the folder polarssl. But when I run the program
#include <stdio.h>
#include <stdlib.h>
#include <string.h>
#include "polarssl/aes.h"
#include "polarssl/havege.h"
int main()
{
char buff[2][64] = {"ABCDEFGHIJKLMN", ""};
havege_state hs;
int retval;
unsigned char IV[16];
unsigned char IV2[16];
unsigned char key[32];
aes_context enc_ctx;
aes_context dec_ctx;
havege_init(&hs);
havege_random(&hs, IV, 16);
havege_random(&hs, key, 32);
strncpy(IV, IV2, 16); //copy IV
aes_setkey_enc(&enc_ctx, key, 256);
aes_setkey_dec(&dec_ctx, key, 256);
//encrypt
aes_crypt_cbc(&enc_ctx, AES_ENCRYPT, 64, IV, buff[0], buff[1]);
printf("Before encrypt:%s\n", buff[0]);
//decrypt
aes_crypt_cbc(&dec_ctx, AES_DECRYPT, 64, IV2, buff[1],buff[0]);
printf("After decrypt:%s\n", buff[0]);
return 0;
}
I am getting the error
In function `main':
ex.c:(.text+0x68): undefined reference to `havege_init'
ex.c:(.text+0x86): undefined reference to `havege_random'
ex.c:(.text+0xa4): undefined reference to `havege_random'
ex.c:(.text+0xe0): undefined reference to `aes_setkey_enc'
ex.c:(.text+0xfe): undefined reference to `aes_setkey_dec'
ex.c:(.text+0x133): undefined reference to `aes_crypt_cbc'
ex.c:(.text+0x17e): undefined reference to `aes_crypt_cbc'
collect2: error: ld returned 1 exit status
Next to the header files, you will also need the .c files! (aes.c, havege.c) and compile those in your code.
On the implementation side:
* Are you sure you want to use HAVEGE? There are lots of doubts on its effectiveness (depending on the system you run on), the standardized CTR-DRBG seems to be a much better choice..
I think your error has something to do with linking to the Aes and Havege files. Your compiler is not recognizing them!
Are they in the same folder as your main? If they are in the same folder, then remove the "polarssl/" from the headerfile name at the top.
Or maybe, when compiling be sure to include aes.c and aes.h too. I found that I was getting the same error due to this. I was only including aes.h in compiling.
Example
$terminal: gcc main.c aes.h aes.c -o encrypt
Just wondering?
If you want to use only aes, why are you trying to use havege.h?