[RFC PATCH 1/2] rust: crypto: add library AES-128 / SHA-256 / HMAC-SHA256 bindings
From: Mike Lothian
Date: Wed Jun 17 2026 - 11:14:53 EST
Add a small `kernel::crypto` module exposing the kernel's synchronous
library crypto (lib/crypto) to Rust: SHA-256, HMAC-SHA256 and single-block
AES-128 ECB. These are one-shot, allocation-free and run in the calling
context, suitable for in-kernel Rust users that need a hash or a block
cipher without the full asynchronous crypto API.
SHA-256 (`sha256()`) and HMAC-SHA256 (`hmac_sha256_usingrawkey()`) are
plain exported functions and are bound directly via bindgen, so their
header `<crypto/sha2.h>` is added to bindings_helper.h. AES single-block
encryption goes through a `rust_helper_` shim because `aes_encrypt()` takes
a transparent union (`aes_encrypt_arg`) that bindgen cannot express; the
shim also zeroes the expanded key schedule before returning.
The Rust API: `crypto::sha256(&[u8]) -> [u8; 32]`,
`crypto::hmac_sha256(key, data) -> [u8; 32]`, and the `crypto::Aes128`
type, created with `Aes128::new(key)` and used via
`encrypt_block(&[u8; 16]) -> Result<[u8; 16]>`.
Signed-off-by: Mike Lothian <mike@xxxxxxxxxxxxxx>
Assisted-by: Claude:claude-opus-4-8 [Claude-Code]
---
rust/bindings/bindings_helper.h | 2 +
rust/helpers/crypto.c | 25 +++++++++++
rust/helpers/helpers.c | 1 +
rust/kernel/crypto.rs | 77 +++++++++++++++++++++++++++++++++
rust/kernel/lib.rs | 1 +
5 files changed, 106 insertions(+)
create mode 100644 rust/helpers/crypto.c
create mode 100644 rust/kernel/crypto.rs
diff --git a/rust/bindings/bindings_helper.h b/rust/bindings/bindings_helper.h
index 1124785e210b..14671e1825bb 100644
--- a/rust/bindings/bindings_helper.h
+++ b/rust/bindings/bindings_helper.h
@@ -28,6 +28,8 @@
*/
#include <linux/hrtimer_types.h>
+#include <crypto/sha2.h>
+
#include <linux/acpi.h>
#include <linux/gpu_buddy.h>
#include <drm/drm_device.h>
diff --git a/rust/helpers/crypto.c b/rust/helpers/crypto.c
new file mode 100644
index 000000000000..dc9614f6fc8e
--- /dev/null
+++ b/rust/helpers/crypto.c
@@ -0,0 +1,25 @@
+// SPDX-License-Identifier: GPL-2.0
+
+#include <crypto/aes.h>
+#include <linux/string.h>
+
+/*
+ * AES-128 single-block ECB encryption: out = AES(key, in).
+ *
+ * A helper because aes_encrypt() takes a transparent union (aes_encrypt_arg)
+ * that bindgen cannot express. SHA-256 and HMAC-SHA256 are plain extern
+ * functions and are bound directly.
+ */
+__rust_helper int
+rust_helper_aes128_encrypt_block(const u8 *key, const u8 *in, u8 *out)
+{
+ struct aes_enckey enckey;
+ int ret;
+
+ ret = aes_prepareenckey(&enckey, key, AES_KEYSIZE_128);
+ if (ret)
+ return ret;
+ aes_encrypt(&enckey, out, in);
+ memzero_explicit(&enckey, sizeof(enckey));
+ return 0;
+}
diff --git a/rust/helpers/helpers.c b/rust/helpers/helpers.c
index 4488a87223b9..45e67929251e 100644
--- a/rust/helpers/helpers.c
+++ b/rust/helpers/helpers.c
@@ -55,6 +55,7 @@
#include "cpufreq.c"
#include "cpumask.c"
#include "cred.c"
+#include "crypto.c"
#include "device.c"
#include "dma.c"
#include "dma-resv.c"
diff --git a/rust/kernel/crypto.rs b/rust/kernel/crypto.rs
new file mode 100644
index 000000000000..c8f2cb994cfd
--- /dev/null
+++ b/rust/kernel/crypto.rs
@@ -0,0 +1,77 @@
+// SPDX-License-Identifier: GPL-2.0
+
+//! Safe wrappers over the kernel's synchronous library crypto.
+//!
+//! Exposes the one-shot `lib/crypto` primitives — AES-128 single-block ECB,
+//! SHA-256 and HMAC-SHA256 — for use from Rust. They run synchronously in the
+//! calling context with no allocation; the hashes are infallible.
+//!
+//! C headers: [`include/crypto/aes.h`](srctree/include/crypto/aes.h),
+//! [`include/crypto/sha2.h`](srctree/include/crypto/sha2.h).
+
+use crate::{bindings, error::to_result, prelude::*};
+
+/// Size of a SHA-256 / HMAC-SHA256 digest, in bytes.
+pub const SHA256_DIGEST_SIZE: usize = 32;
+/// AES-128 block and key size, in bytes.
+pub const AES128_BLOCK_SIZE: usize = 16;
+
+/// Returns the SHA-256 digest of `data`.
+pub fn sha256(data: &[u8]) -> [u8; SHA256_DIGEST_SIZE] {
+ let mut out = [0u8; SHA256_DIGEST_SIZE];
+ // SAFETY: `data` is valid for `data.len()` reads and `out` is a valid
+ // `SHA256_DIGEST_SIZE`-byte output buffer, as `sha256()` requires.
+ unsafe { bindings::sha256(data.as_ptr(), data.len(), out.as_mut_ptr()) };
+ out
+}
+
+/// Returns `HMAC-SHA256(key, data)`.
+pub fn hmac_sha256(key: &[u8], data: &[u8]) -> [u8; SHA256_DIGEST_SIZE] {
+ let mut out = [0u8; SHA256_DIGEST_SIZE];
+ // SAFETY: `key` and `data` are valid for their respective lengths and `out`
+ // is a valid `SHA256_DIGEST_SIZE`-byte output buffer, as required.
+ unsafe {
+ bindings::hmac_sha256_usingrawkey(
+ key.as_ptr(),
+ key.len(),
+ data.as_ptr(),
+ data.len(),
+ out.as_mut_ptr(),
+ )
+ };
+ out
+}
+
+/// An AES-128 key usable for single-block ECB encryption.
+///
+/// # Examples
+///
+/// ```
+/// use kernel::crypto::Aes128;
+/// let cipher = Aes128::new([0u8; 16]);
+/// let _ct = cipher.encrypt_block(&[0u8; 16])?;
+/// # Ok::<(), Error>(())
+/// ```
+pub struct Aes128([u8; AES128_BLOCK_SIZE]);
+
+impl Aes128 {
+ /// Creates an AES-128 key from 16 raw key bytes.
+ pub fn new(key: [u8; AES128_BLOCK_SIZE]) -> Self {
+ Self(key)
+ }
+
+ /// Encrypts one 16-byte block: returns `AES-128-ECB(key, block)`.
+ pub fn encrypt_block(
+ &self,
+ block: &[u8; AES128_BLOCK_SIZE],
+ ) -> Result<[u8; AES128_BLOCK_SIZE]> {
+ let mut out = [0u8; AES128_BLOCK_SIZE];
+ // SAFETY: `self.0`, `block` and `out` are all valid 16-byte buffers, as
+ // the helper requires.
+ let ret = unsafe {
+ bindings::aes128_encrypt_block(self.0.as_ptr(), block.as_ptr(), out.as_mut_ptr())
+ };
+ to_result(ret)?;
+ Ok(out)
+ }
+}
diff --git a/rust/kernel/lib.rs b/rust/kernel/lib.rs
index b72b2fbe046d..3448fa3a0e9e 100644
--- a/rust/kernel/lib.rs
+++ b/rust/kernel/lib.rs
@@ -58,6 +58,7 @@
pub mod cpufreq;
pub mod cpumask;
pub mod cred;
+pub mod crypto;
pub mod debugfs;
pub mod device;
pub mod device_id;
--
2.54.0