From 2194982a6602203f7aae3c1bc4dccfa469c34e1a Mon Sep 17 00:00:00 2001
From: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date: Sat, 20 Feb 2010 10:54:35 +0100
Subject: Examples were moved to examples/ directory.

---
 .gitignore        |   2 +
 Makefile          |  11 +--
 example-cipher.c  | 229 ------------------------------------------------------
 example-hmac.c    | 208 -------------------------------------------------
 examples/Makefile |   9 +++
 examples/cipher.c | 229 ++++++++++++++++++++++++++++++++++++++++++++++++++++++
 examples/hmac.c   | 208 +++++++++++++++++++++++++++++++++++++++++++++++++
 7 files changed, 451 insertions(+), 445 deletions(-)
 delete mode 100644 example-cipher.c
 delete mode 100644 example-hmac.c
 create mode 100644 examples/Makefile
 create mode 100644 examples/cipher.c
 create mode 100644 examples/hmac.c

diff --git a/.gitignore b/.gitignore
index 103bb25..3621fff 100644
--- a/.gitignore
+++ b/.gitignore
@@ -7,3 +7,5 @@ Module.symvers
 *.o
 *.mod.c
 modules.order
+examples/cipher
+examples/hmac
diff --git a/Makefile b/Makefile
index 5a8eb2b..faab5f7 100644
--- a/Makefile
+++ b/Makefile
@@ -1,4 +1,4 @@
-KERNEL_DIR := /lib/modules/$(shell uname -r)/build
+KERNEL_DIR = /lib/modules/$(shell uname -r)/build
 
 cryptodev-objs = cryptodev_main.o cryptodev_cipher.o
 
@@ -16,10 +16,5 @@ clean:
 	make -C $(KERNEL_DIR) SUBDIRS=`pwd` clean
 	rm -f $(hostprogs)
 
-hostprogs := example-cipher example-hmac
-example-cipher-objs := example-cipher.o
-example-hmac-objs := example-hmac.o
-
-check: $(hostprogs)
-	./example-cipher
-	./example-hmac
+check:
+	KERNEL_DIR=$(KERNEL_DIR) make -C examples check
diff --git a/example-cipher.c b/example-cipher.c
deleted file mode 100644
index d7982ae..0000000
--- a/example-cipher.c
+++ /dev/null
@@ -1,229 +0,0 @@
-/*
- * Demo on how to use /dev/crypto device for ciphering.
- *
- * Placed under public domain.
- *
- */
-#include <stdio.h>
-#include <string.h>
-#include <unistd.h>
-#include <fcntl.h>
-
-#include <sys/ioctl.h>
-#include <crypto/cryptodev.h>
-
-#define	DATA_SIZE	4096
-#define	BLOCK_SIZE	16
-#define	KEY_SIZE	16
-
-static int
-test_crypto(int cfd)
-{
-	char plaintext[DATA_SIZE];
-	char ciphertext[DATA_SIZE];
-	char iv[BLOCK_SIZE];
-	char key[KEY_SIZE];
-
-	struct session_op sess;
-	struct crypt_op cryp;
-
-	memset(&sess, 0, sizeof(sess));
-	memset(&cryp, 0, sizeof(cryp));
-
-	memset(plaintext, 0x15,  sizeof(plaintext));
-	memset(key, 0x33,  sizeof(key));
-	memset(iv, 0x03,  sizeof(iv));
-
-	/* Get crypto session for AES128 */
-	sess.cipher = CRYPTO_AES_CBC;
-	sess.keylen = KEY_SIZE;
-	sess.key = key;
-	if (ioctl(cfd, CIOCGSESSION, &sess)) {
-		perror("ioctl(CIOCGSESSION)");
-		return 1;
-	}
-
-	/* Encrypt data.in to data.encrypted */
-	cryp.ses = sess.ses;
-	cryp.len = sizeof(plaintext);
-	cryp.src = plaintext;
-	cryp.dst = ciphertext;
-	cryp.iv = iv;
-	cryp.op = COP_ENCRYPT;
-	if (ioctl(cfd, CIOCCRYPT, &cryp)) {
-		perror("ioctl(CIOCCRYPT)");
-		return 1;
-	}
-
-	if (ioctl(cfd, CIOCGSESSION, &sess)) {
-		perror("ioctl(CIOCGSESSION)");
-		return 1;
-	}
-	
-	/* Decrypt data.encrypted to data.decrypted */
-	cryp.ses = sess.ses;
-	cryp.len = sizeof(plaintext);
-	cryp.src = ciphertext;
-	cryp.dst = ciphertext;
-	cryp.iv = iv;
-	cryp.op = COP_DECRYPT;
-	if (ioctl(cfd, CIOCCRYPT, &cryp)) {
-		perror("ioctl(CIOCCRYPT)");
-		return 1;
-	}
-
-	/* Verify the result */
-	if (memcmp(plaintext, ciphertext, sizeof(plaintext)) != 0) {
-		fprintf(stderr,
-			"FAIL: Decrypted data are different from the input data.\n");
-		return 1;
-	} else
-		printf("Test passed\n");
-
-	/* Finish crypto session */
-	if (ioctl(cfd, CIOCFSESSION, &sess.ses)) {
-		perror("ioctl(CIOCFSESSION)");
-		return 1;
-	}
-
-	return 0;
-}
-
-static int test_aes(int cfd)
-{
-	char plaintext1[BLOCK_SIZE];
-	char ciphertext1[BLOCK_SIZE] = { 0xdf, 0x55, 0x6a, 0x33, 0x43, 0x8d, 0xb8, 0x7b, 0xc4, 0x1b, 0x17, 0x52, 0xc5, 0x5e, 0x5e, 0x49 };
-	char iv1[BLOCK_SIZE];
-	char key1[KEY_SIZE] = { 0xff, 0xff, 0xc0, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00 };
-	char plaintext2[BLOCK_SIZE] = { 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xc0, 0x00 };
-	char ciphertext2[BLOCK_SIZE] = { 0xb7, 0x97, 0x2b, 0x39, 0x41, 0xc4, 0x4b, 0x90, 0xaf, 0xa7, 0xb2, 0x64, 0xbf, 0xba, 0x73, 0x87 };
-	char iv2[BLOCK_SIZE];
-	char key2[KEY_SIZE];
-
-	struct session_op sess;
-	struct crypt_op cryp;
-
-	memset(&sess, 0, sizeof(sess));
-	memset(&cryp, 0, sizeof(cryp));
-
-	memset(plaintext1, 0x0, sizeof(plaintext1));
-	memset(iv1, 0x0, sizeof(iv1));
-	
-	/* Get crypto session for AES128 */
-	sess.cipher = CRYPTO_AES_CBC;
-	sess.keylen = KEY_SIZE;
-	sess.key = key1;
-	if (ioctl(cfd, CIOCGSESSION, &sess)) {
-		perror("ioctl(CIOCGSESSION)");
-		return 1;
-	}
-
-	/* Encrypt data.in to data.encrypted */
-	cryp.ses = sess.ses;
-	cryp.len = sizeof(plaintext1);
-	cryp.src = plaintext1;
-	cryp.dst = plaintext1;
-	cryp.iv = iv1;
-	cryp.op = COP_ENCRYPT;
-	if (ioctl(cfd, CIOCCRYPT, &cryp)) {
-		perror("ioctl(CIOCCRYPT)");
-		return 1;
-	}
-
-	/* Verify the result */
-	if (memcmp(plaintext1, ciphertext1, sizeof(plaintext1)) != 0) {
-		fprintf(stderr,
-			"FAIL: Decrypted data are different from the input data.\n");
-		return 1;
-	}
-
-	/* Test 2 */
-
-	memset(key2, 0x0, sizeof(key2));
-	memset(iv2, 0x0, sizeof(iv2));
-	
-	/* Get crypto session for AES128 */
-	sess.cipher = CRYPTO_AES_CBC;
-	sess.keylen = KEY_SIZE;
-	sess.key = key2;
-	if (ioctl(cfd, CIOCGSESSION, &sess)) {
-		perror("ioctl(CIOCGSESSION)");
-		return 1;
-	}
-
-	/* Encrypt data.in to data.encrypted */
-	cryp.ses = sess.ses;
-	cryp.len = sizeof(plaintext2);
-	cryp.src = plaintext2;
-	cryp.dst = plaintext2;
-	cryp.iv = iv2;
-	cryp.op = COP_ENCRYPT;
-	if (ioctl(cfd, CIOCCRYPT, &cryp)) {
-		perror("ioctl(CIOCCRYPT)");
-		return 1;
-	}
-
-	/* Verify the result */
-	if (memcmp(plaintext2, ciphertext2, sizeof(plaintext2)) != 0) {
-		fprintf(stderr,
-			"FAIL: Decrypted data are different from the input data.\n");
-		return 1;
-	}
-
-	printf("AES Test passed\n");
-
-	/* Finish crypto session */
-	if (ioctl(cfd, CIOCFSESSION, &sess.ses)) {
-		perror("ioctl(CIOCFSESSION)");
-		return 1;
-	}
-
-	return 0;
-}
-
-int
-main()
-{
-	int fd = -1, cfd = -1;
-
-	/* Open the crypto device */
-	fd = open("/dev/crypto", O_RDWR, 0);
-	if (fd < 0) {
-		perror("open(/dev/crypto)");
-		return 1;
-	}
-
-	/* Clone file descriptor */
-	if (ioctl(fd, CRIOGET, &cfd)) {
-		perror("ioctl(CRIOGET)");
-		return 1;
-	}
-
-	/* Set close-on-exec (not really neede here) */
-	if (fcntl(cfd, F_SETFD, 1) == -1) {
-		perror("fcntl(F_SETFD)");
-		return 1;
-	}
-
-	/* Run the test itself */
-	if (test_aes(cfd))
-		return 1;
-
-	if (test_crypto(cfd))
-		return 1;
-
-	/* Close cloned descriptor */
-	if (close(cfd)) {
-		perror("close(cfd)");
-		return 1;
-	}
-
-	/* Close the original descriptor */
-	if (close(fd)) {
-		perror("close(fd)");
-		return 1;
-	}
-
-	return 0;
-}
-
diff --git a/example-hmac.c b/example-hmac.c
deleted file mode 100644
index e652c1e..0000000
--- a/example-hmac.c
+++ /dev/null
@@ -1,208 +0,0 @@
-/*
- * Demo on how to use /dev/crypto device for HMAC.
- *
- * Placed under public domain.
- *
- */
-#include <stdio.h>
-#include <string.h>
-#include <unistd.h>
-#include <fcntl.h>
-
-#include <sys/ioctl.h>
-#include <crypto/cryptodev.h>
-
-#define	DATA_SIZE	4096
-#define	BLOCK_SIZE	16
-#define	KEY_SIZE	16
-
-static int
-test_crypto(int cfd)
-{
-	struct {
-		uint8_t	in[DATA_SIZE],
-			encrypted[DATA_SIZE],
-			decrypted[DATA_SIZE],
-			iv[BLOCK_SIZE],
-			key[KEY_SIZE];
-	} data;
-	struct session_op sess;
-	struct crypt_op cryp;
-	uint8_t mac[HASH_MAX_LEN];
-	uint8_t oldmac[HASH_MAX_LEN];
-	uint8_t md5_hmac_out[] = "\x75\x0c\x78\x3e\x6a\xb0\xb5\x03\xea\xa8\x6e\x31\x0a\x5d\xb7\x38";
-	uint8_t sha1_out[] = "\x8f\x82\x03\x94\xf9\x53\x35\x18\x20\x45\xda\x24\xf3\x4d\xe5\x2b\xf8\xbc\x34\x32";
-	int i;
-
-	memset(&sess, 0, sizeof(sess));
-	memset(&cryp, 0, sizeof(cryp));
-
-	/* Use the garbage that is on the stack :-) */
-	/* memset(&data, 0, sizeof(data)); */
-
-	/* SHA1 plain test */
-	memset(mac, 0, sizeof(mac));
-
-	sess.cipher = 0;
-	sess.mac = CRYPTO_SHA1;
-	if (ioctl(cfd, CIOCGSESSION, &sess)) {
-		perror("ioctl(CIOCGSESSION)");
-		return 1;
-	}
-
-	cryp.ses = sess.ses;
-	cryp.len = sizeof("what do ya want for nothing?")-1;
-	cryp.src = "what do ya want for nothing?";
-	cryp.mac = mac;
-	cryp.op = COP_ENCRYPT;
-	if (ioctl(cfd, CIOCCRYPT, &cryp)) {
-		perror("ioctl(CIOCCRYPT)");
-		return 1;
-	}
-
-	if (memcmp(mac, sha1_out, 20)!=0) {
-		printf("mac: ");
-		for (i=0;i<SHA1_HASH_LEN;i++) {
-			printf("%.2x", (uint8_t)mac[i]);
-		}
-		puts("\n");
-		fprintf(stderr, "HASH test 1: failed\n");
-	} else {
-		fprintf(stderr, "HASH test 1: passed\n");
-	}
-
-	/* MD5-HMAC test */
-	memset(mac, 0, sizeof(mac));
-
-	sess.cipher = 0;
-	sess.mackey = (uint8_t*)"Jefe";
-	sess.mackeylen = 4;
-	sess.mac = CRYPTO_MD5_HMAC;
-	if (ioctl(cfd, CIOCGSESSION, &sess)) {
-		perror("ioctl(CIOCGSESSION)");
-		return 1;
-	}
-
-	cryp.ses = sess.ses;
-	cryp.len = sizeof("what do ya want for nothing?")-1;
-	cryp.src = "what do ya want for nothing?";
-	cryp.mac = mac;
-	cryp.op = COP_ENCRYPT;
-	if (ioctl(cfd, CIOCCRYPT, &cryp)) {
-		perror("ioctl(CIOCCRYPT)");
-		return 1;
-	}
-
-	if (memcmp(mac, md5_hmac_out, 16)!=0) {
-		printf("mac: ");
-		for (i=0;i<SHA1_HASH_LEN;i++) {
-			printf("%.2x", (uint8_t)mac[i]);
-		}
-		puts("\n");
-		fprintf(stderr, "HMAC test 1: failed\n");
-	} else {
-		fprintf(stderr, "HMAC test 1: passed\n");
-	}
-
-	/* Hash and encryption in one step test */
-	sess.cipher = CRYPTO_AES_CBC;
-	sess.mac = CRYPTO_SHA1_HMAC;
-	sess.keylen = KEY_SIZE;
-	sess.key = data.key;
-	sess.mackeylen = 16;
-	sess.mackey = (uint8_t*)"\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b";
-	if (ioctl(cfd, CIOCGSESSION, &sess)) {
-		perror("ioctl(CIOCGSESSION)");
-		return 1;
-	}
-
-	/* Encrypt data.in to data.encrypted */
-	cryp.ses = sess.ses;
-	cryp.len = sizeof(data.in);
-	cryp.src = data.in;
-	cryp.dst = data.encrypted;
-	cryp.iv = data.iv;
-	cryp.mac = mac;
-	cryp.op = COP_ENCRYPT;
-	if (ioctl(cfd, CIOCCRYPT, &cryp)) {
-		perror("ioctl(CIOCCRYPT)");
-		return 1;
-	}
-	
-	memcpy(oldmac, mac, sizeof(mac));
-	
-	/* Decrypt data.encrypted to data.decrypted */
-	cryp.src = data.encrypted;
-	cryp.dst = data.decrypted;
-	cryp.op = COP_DECRYPT;
-	if (ioctl(cfd, CIOCCRYPT, &cryp)) {
-		perror("ioctl(CIOCCRYPT)");
-		return 1;
-	}
-
-	/* Verify the result */
-	if (memcmp(data.in, data.decrypted, sizeof(data.in)) != 0) {
-		fprintf(stderr,
-			"FAIL: Decrypted data are different from the input data.\n");
-		return 1;
-	} else
-		printf("Crypt Test: passed\n");
-
-	if (memcmp(mac, oldmac, 20) != 0) {
-		fprintf(stderr,
-			"FAIL: Hash in decrypted data different than in encrypted.\n");
-		return 1;
-	} else
-		printf("HMAC Test 2: passed\n");
-
-	/* Finish crypto session */
-	if (ioctl(cfd, CIOCFSESSION, &sess.ses)) {
-		perror("ioctl(CIOCFSESSION)");
-		return 1;
-	}
-
-	return 0;
-}
-
-int
-main()
-{
-	int fd = -1, cfd = -1;
-
-	/* Open the crypto device */
-	fd = open("/dev/crypto", O_RDWR, 0);
-	if (fd < 0) {
-		perror("open(/dev/crypto)");
-		return 1;
-	}
-
-	/* Clone file descriptor */
-	if (ioctl(fd, CRIOGET, &cfd)) {
-		perror("ioctl(CRIOGET)");
-		return 1;
-	}
-
-	/* Set close-on-exec (not really neede here) */
-	if (fcntl(cfd, F_SETFD, 1) == -1) {
-		perror("fcntl(F_SETFD)");
-		return 1;
-	}
-
-	/* Run the test itself */
-	if (test_crypto(cfd))
-		return 1;
-
-	/* Close cloned descriptor */
-	if (close(cfd)) {
-		perror("close(cfd)");
-		return 1;
-	}
-
-	/* Close the original descriptor */
-	if (close(fd)) {
-		perror("close(fd)");
-		return 1;
-	}
-
-	return 0;
-}
diff --git a/examples/Makefile b/examples/Makefile
new file mode 100644
index 0000000..eb50a5f
--- /dev/null
+++ b/examples/Makefile
@@ -0,0 +1,9 @@
+KERNEL_DIR ?= /lib/modules/$(shell uname -r)/build
+
+hostprogs := cipher hmac
+example-cipher-objs := cipher.o
+example-hmac-objs := hmac.o
+
+check: $(hostprogs)
+	./cipher
+	./hmac
diff --git a/examples/cipher.c b/examples/cipher.c
new file mode 100644
index 0000000..d7982ae
--- /dev/null
+++ b/examples/cipher.c
@@ -0,0 +1,229 @@
+/*
+ * Demo on how to use /dev/crypto device for ciphering.
+ *
+ * Placed under public domain.
+ *
+ */
+#include <stdio.h>
+#include <string.h>
+#include <unistd.h>
+#include <fcntl.h>
+
+#include <sys/ioctl.h>
+#include <crypto/cryptodev.h>
+
+#define	DATA_SIZE	4096
+#define	BLOCK_SIZE	16
+#define	KEY_SIZE	16
+
+static int
+test_crypto(int cfd)
+{
+	char plaintext[DATA_SIZE];
+	char ciphertext[DATA_SIZE];
+	char iv[BLOCK_SIZE];
+	char key[KEY_SIZE];
+
+	struct session_op sess;
+	struct crypt_op cryp;
+
+	memset(&sess, 0, sizeof(sess));
+	memset(&cryp, 0, sizeof(cryp));
+
+	memset(plaintext, 0x15,  sizeof(plaintext));
+	memset(key, 0x33,  sizeof(key));
+	memset(iv, 0x03,  sizeof(iv));
+
+	/* Get crypto session for AES128 */
+	sess.cipher = CRYPTO_AES_CBC;
+	sess.keylen = KEY_SIZE;
+	sess.key = key;
+	if (ioctl(cfd, CIOCGSESSION, &sess)) {
+		perror("ioctl(CIOCGSESSION)");
+		return 1;
+	}
+
+	/* Encrypt data.in to data.encrypted */
+	cryp.ses = sess.ses;
+	cryp.len = sizeof(plaintext);
+	cryp.src = plaintext;
+	cryp.dst = ciphertext;
+	cryp.iv = iv;
+	cryp.op = COP_ENCRYPT;
+	if (ioctl(cfd, CIOCCRYPT, &cryp)) {
+		perror("ioctl(CIOCCRYPT)");
+		return 1;
+	}
+
+	if (ioctl(cfd, CIOCGSESSION, &sess)) {
+		perror("ioctl(CIOCGSESSION)");
+		return 1;
+	}
+	
+	/* Decrypt data.encrypted to data.decrypted */
+	cryp.ses = sess.ses;
+	cryp.len = sizeof(plaintext);
+	cryp.src = ciphertext;
+	cryp.dst = ciphertext;
+	cryp.iv = iv;
+	cryp.op = COP_DECRYPT;
+	if (ioctl(cfd, CIOCCRYPT, &cryp)) {
+		perror("ioctl(CIOCCRYPT)");
+		return 1;
+	}
+
+	/* Verify the result */
+	if (memcmp(plaintext, ciphertext, sizeof(plaintext)) != 0) {
+		fprintf(stderr,
+			"FAIL: Decrypted data are different from the input data.\n");
+		return 1;
+	} else
+		printf("Test passed\n");
+
+	/* Finish crypto session */
+	if (ioctl(cfd, CIOCFSESSION, &sess.ses)) {
+		perror("ioctl(CIOCFSESSION)");
+		return 1;
+	}
+
+	return 0;
+}
+
+static int test_aes(int cfd)
+{
+	char plaintext1[BLOCK_SIZE];
+	char ciphertext1[BLOCK_SIZE] = { 0xdf, 0x55, 0x6a, 0x33, 0x43, 0x8d, 0xb8, 0x7b, 0xc4, 0x1b, 0x17, 0x52, 0xc5, 0x5e, 0x5e, 0x49 };
+	char iv1[BLOCK_SIZE];
+	char key1[KEY_SIZE] = { 0xff, 0xff, 0xc0, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00 };
+	char plaintext2[BLOCK_SIZE] = { 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xc0, 0x00 };
+	char ciphertext2[BLOCK_SIZE] = { 0xb7, 0x97, 0x2b, 0x39, 0x41, 0xc4, 0x4b, 0x90, 0xaf, 0xa7, 0xb2, 0x64, 0xbf, 0xba, 0x73, 0x87 };
+	char iv2[BLOCK_SIZE];
+	char key2[KEY_SIZE];
+
+	struct session_op sess;
+	struct crypt_op cryp;
+
+	memset(&sess, 0, sizeof(sess));
+	memset(&cryp, 0, sizeof(cryp));
+
+	memset(plaintext1, 0x0, sizeof(plaintext1));
+	memset(iv1, 0x0, sizeof(iv1));
+	
+	/* Get crypto session for AES128 */
+	sess.cipher = CRYPTO_AES_CBC;
+	sess.keylen = KEY_SIZE;
+	sess.key = key1;
+	if (ioctl(cfd, CIOCGSESSION, &sess)) {
+		perror("ioctl(CIOCGSESSION)");
+		return 1;
+	}
+
+	/* Encrypt data.in to data.encrypted */
+	cryp.ses = sess.ses;
+	cryp.len = sizeof(plaintext1);
+	cryp.src = plaintext1;
+	cryp.dst = plaintext1;
+	cryp.iv = iv1;
+	cryp.op = COP_ENCRYPT;
+	if (ioctl(cfd, CIOCCRYPT, &cryp)) {
+		perror("ioctl(CIOCCRYPT)");
+		return 1;
+	}
+
+	/* Verify the result */
+	if (memcmp(plaintext1, ciphertext1, sizeof(plaintext1)) != 0) {
+		fprintf(stderr,
+			"FAIL: Decrypted data are different from the input data.\n");
+		return 1;
+	}
+
+	/* Test 2 */
+
+	memset(key2, 0x0, sizeof(key2));
+	memset(iv2, 0x0, sizeof(iv2));
+	
+	/* Get crypto session for AES128 */
+	sess.cipher = CRYPTO_AES_CBC;
+	sess.keylen = KEY_SIZE;
+	sess.key = key2;
+	if (ioctl(cfd, CIOCGSESSION, &sess)) {
+		perror("ioctl(CIOCGSESSION)");
+		return 1;
+	}
+
+	/* Encrypt data.in to data.encrypted */
+	cryp.ses = sess.ses;
+	cryp.len = sizeof(plaintext2);
+	cryp.src = plaintext2;
+	cryp.dst = plaintext2;
+	cryp.iv = iv2;
+	cryp.op = COP_ENCRYPT;
+	if (ioctl(cfd, CIOCCRYPT, &cryp)) {
+		perror("ioctl(CIOCCRYPT)");
+		return 1;
+	}
+
+	/* Verify the result */
+	if (memcmp(plaintext2, ciphertext2, sizeof(plaintext2)) != 0) {
+		fprintf(stderr,
+			"FAIL: Decrypted data are different from the input data.\n");
+		return 1;
+	}
+
+	printf("AES Test passed\n");
+
+	/* Finish crypto session */
+	if (ioctl(cfd, CIOCFSESSION, &sess.ses)) {
+		perror("ioctl(CIOCFSESSION)");
+		return 1;
+	}
+
+	return 0;
+}
+
+int
+main()
+{
+	int fd = -1, cfd = -1;
+
+	/* Open the crypto device */
+	fd = open("/dev/crypto", O_RDWR, 0);
+	if (fd < 0) {
+		perror("open(/dev/crypto)");
+		return 1;
+	}
+
+	/* Clone file descriptor */
+	if (ioctl(fd, CRIOGET, &cfd)) {
+		perror("ioctl(CRIOGET)");
+		return 1;
+	}
+
+	/* Set close-on-exec (not really neede here) */
+	if (fcntl(cfd, F_SETFD, 1) == -1) {
+		perror("fcntl(F_SETFD)");
+		return 1;
+	}
+
+	/* Run the test itself */
+	if (test_aes(cfd))
+		return 1;
+
+	if (test_crypto(cfd))
+		return 1;
+
+	/* Close cloned descriptor */
+	if (close(cfd)) {
+		perror("close(cfd)");
+		return 1;
+	}
+
+	/* Close the original descriptor */
+	if (close(fd)) {
+		perror("close(fd)");
+		return 1;
+	}
+
+	return 0;
+}
+
diff --git a/examples/hmac.c b/examples/hmac.c
new file mode 100644
index 0000000..e652c1e
--- /dev/null
+++ b/examples/hmac.c
@@ -0,0 +1,208 @@
+/*
+ * Demo on how to use /dev/crypto device for HMAC.
+ *
+ * Placed under public domain.
+ *
+ */
+#include <stdio.h>
+#include <string.h>
+#include <unistd.h>
+#include <fcntl.h>
+
+#include <sys/ioctl.h>
+#include <crypto/cryptodev.h>
+
+#define	DATA_SIZE	4096
+#define	BLOCK_SIZE	16
+#define	KEY_SIZE	16
+
+static int
+test_crypto(int cfd)
+{
+	struct {
+		uint8_t	in[DATA_SIZE],
+			encrypted[DATA_SIZE],
+			decrypted[DATA_SIZE],
+			iv[BLOCK_SIZE],
+			key[KEY_SIZE];
+	} data;
+	struct session_op sess;
+	struct crypt_op cryp;
+	uint8_t mac[HASH_MAX_LEN];
+	uint8_t oldmac[HASH_MAX_LEN];
+	uint8_t md5_hmac_out[] = "\x75\x0c\x78\x3e\x6a\xb0\xb5\x03\xea\xa8\x6e\x31\x0a\x5d\xb7\x38";
+	uint8_t sha1_out[] = "\x8f\x82\x03\x94\xf9\x53\x35\x18\x20\x45\xda\x24\xf3\x4d\xe5\x2b\xf8\xbc\x34\x32";
+	int i;
+
+	memset(&sess, 0, sizeof(sess));
+	memset(&cryp, 0, sizeof(cryp));
+
+	/* Use the garbage that is on the stack :-) */
+	/* memset(&data, 0, sizeof(data)); */
+
+	/* SHA1 plain test */
+	memset(mac, 0, sizeof(mac));
+
+	sess.cipher = 0;
+	sess.mac = CRYPTO_SHA1;
+	if (ioctl(cfd, CIOCGSESSION, &sess)) {
+		perror("ioctl(CIOCGSESSION)");
+		return 1;
+	}
+
+	cryp.ses = sess.ses;
+	cryp.len = sizeof("what do ya want for nothing?")-1;
+	cryp.src = "what do ya want for nothing?";
+	cryp.mac = mac;
+	cryp.op = COP_ENCRYPT;
+	if (ioctl(cfd, CIOCCRYPT, &cryp)) {
+		perror("ioctl(CIOCCRYPT)");
+		return 1;
+	}
+
+	if (memcmp(mac, sha1_out, 20)!=0) {
+		printf("mac: ");
+		for (i=0;i<SHA1_HASH_LEN;i++) {
+			printf("%.2x", (uint8_t)mac[i]);
+		}
+		puts("\n");
+		fprintf(stderr, "HASH test 1: failed\n");
+	} else {
+		fprintf(stderr, "HASH test 1: passed\n");
+	}
+
+	/* MD5-HMAC test */
+	memset(mac, 0, sizeof(mac));
+
+	sess.cipher = 0;
+	sess.mackey = (uint8_t*)"Jefe";
+	sess.mackeylen = 4;
+	sess.mac = CRYPTO_MD5_HMAC;
+	if (ioctl(cfd, CIOCGSESSION, &sess)) {
+		perror("ioctl(CIOCGSESSION)");
+		return 1;
+	}
+
+	cryp.ses = sess.ses;
+	cryp.len = sizeof("what do ya want for nothing?")-1;
+	cryp.src = "what do ya want for nothing?";
+	cryp.mac = mac;
+	cryp.op = COP_ENCRYPT;
+	if (ioctl(cfd, CIOCCRYPT, &cryp)) {
+		perror("ioctl(CIOCCRYPT)");
+		return 1;
+	}
+
+	if (memcmp(mac, md5_hmac_out, 16)!=0) {
+		printf("mac: ");
+		for (i=0;i<SHA1_HASH_LEN;i++) {
+			printf("%.2x", (uint8_t)mac[i]);
+		}
+		puts("\n");
+		fprintf(stderr, "HMAC test 1: failed\n");
+	} else {
+		fprintf(stderr, "HMAC test 1: passed\n");
+	}
+
+	/* Hash and encryption in one step test */
+	sess.cipher = CRYPTO_AES_CBC;
+	sess.mac = CRYPTO_SHA1_HMAC;
+	sess.keylen = KEY_SIZE;
+	sess.key = data.key;
+	sess.mackeylen = 16;
+	sess.mackey = (uint8_t*)"\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b";
+	if (ioctl(cfd, CIOCGSESSION, &sess)) {
+		perror("ioctl(CIOCGSESSION)");
+		return 1;
+	}
+
+	/* Encrypt data.in to data.encrypted */
+	cryp.ses = sess.ses;
+	cryp.len = sizeof(data.in);
+	cryp.src = data.in;
+	cryp.dst = data.encrypted;
+	cryp.iv = data.iv;
+	cryp.mac = mac;
+	cryp.op = COP_ENCRYPT;
+	if (ioctl(cfd, CIOCCRYPT, &cryp)) {
+		perror("ioctl(CIOCCRYPT)");
+		return 1;
+	}
+	
+	memcpy(oldmac, mac, sizeof(mac));
+	
+	/* Decrypt data.encrypted to data.decrypted */
+	cryp.src = data.encrypted;
+	cryp.dst = data.decrypted;
+	cryp.op = COP_DECRYPT;
+	if (ioctl(cfd, CIOCCRYPT, &cryp)) {
+		perror("ioctl(CIOCCRYPT)");
+		return 1;
+	}
+
+	/* Verify the result */
+	if (memcmp(data.in, data.decrypted, sizeof(data.in)) != 0) {
+		fprintf(stderr,
+			"FAIL: Decrypted data are different from the input data.\n");
+		return 1;
+	} else
+		printf("Crypt Test: passed\n");
+
+	if (memcmp(mac, oldmac, 20) != 0) {
+		fprintf(stderr,
+			"FAIL: Hash in decrypted data different than in encrypted.\n");
+		return 1;
+	} else
+		printf("HMAC Test 2: passed\n");
+
+	/* Finish crypto session */
+	if (ioctl(cfd, CIOCFSESSION, &sess.ses)) {
+		perror("ioctl(CIOCFSESSION)");
+		return 1;
+	}
+
+	return 0;
+}
+
+int
+main()
+{
+	int fd = -1, cfd = -1;
+
+	/* Open the crypto device */
+	fd = open("/dev/crypto", O_RDWR, 0);
+	if (fd < 0) {
+		perror("open(/dev/crypto)");
+		return 1;
+	}
+
+	/* Clone file descriptor */
+	if (ioctl(fd, CRIOGET, &cfd)) {
+		perror("ioctl(CRIOGET)");
+		return 1;
+	}
+
+	/* Set close-on-exec (not really neede here) */
+	if (fcntl(cfd, F_SETFD, 1) == -1) {
+		perror("fcntl(F_SETFD)");
+		return 1;
+	}
+
+	/* Run the test itself */
+	if (test_crypto(cfd))
+		return 1;
+
+	/* Close cloned descriptor */
+	if (close(cfd)) {
+		perror("close(cfd)");
+		return 1;
+	}
+
+	/* Close the original descriptor */
+	if (close(fd)) {
+		perror("close(fd)");
+		return 1;
+	}
+
+	return 0;
+}
-- 
cgit