2 * GCRYPT crypto backend implementation
4 * Copyright (C) 2010-2012, Red Hat, Inc. All rights reserved.
6 * This program is free software; you can redistribute it and/or
7 * modify it under the terms of the GNU General Public License
8 * version 2 as published by the Free Software Foundation.
10 * This program is distributed in the hope that it will be useful,
11 * but WITHOUT ANY WARRANTY; without even the implied warranty of
12 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
13 * GNU General Public License for more details.
15 * You should have received a copy of the GNU General Public License
16 * along with this program; if not, write to the Free Software
17 * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
24 #include "crypto_backend.h"
26 static int crypto_backend_initialised = 0;
40 int crypt_backend_init(struct crypt_device *ctx)
42 if (crypto_backend_initialised)
45 log_dbg("Initialising gcrypt crypto backend.");
46 crypt_fips_libcryptsetup_check(ctx);
47 if (!gcry_control (GCRYCTL_INITIALIZATION_FINISHED_P)) {
48 if (!gcry_check_version (GCRYPT_REQ_VERSION)) {
52 /* FIXME: If gcrypt compiled to support POSIX 1003.1e capabilities,
53 * it drops all privileges during secure memory initialisation.
54 * For now, the only workaround is to disable secure memory in gcrypt.
55 * cryptsetup always need at least cap_sys_admin privilege for dm-ioctl
56 * and it locks its memory space anyway.
59 log_dbg("Initializing crypto backend (secure memory disabled).");
60 gcry_control (GCRYCTL_DISABLE_SECMEM);
63 gcry_control (GCRYCTL_SUSPEND_SECMEM_WARN);
64 gcry_control (GCRYCTL_INIT_SECMEM, 16384, 0);
65 gcry_control (GCRYCTL_RESUME_SECMEM_WARN);
67 gcry_control (GCRYCTL_INITIALIZATION_FINISHED, 0);
70 crypto_backend_initialised = 1;
74 uint32_t crypt_backend_flags(void)
80 int crypt_hash_size(const char *name)
84 assert(crypto_backend_initialised);
86 hash_id = gcry_md_map_name(name);
90 return gcry_md_get_algo_dlen(hash_id);
93 int crypt_hash_init(struct crypt_hash **ctx, const char *name)
97 assert(crypto_backend_initialised);
99 h = malloc(sizeof(*h));
103 h->hash_id = gcry_md_map_name(name);
109 if (gcry_md_open(&h->hd, h->hash_id, 0)) {
114 h->hash_len = gcry_md_get_algo_dlen(h->hash_id);
119 static void crypt_hash_restart(struct crypt_hash *ctx)
121 gcry_md_reset(ctx->hd);
124 int crypt_hash_write(struct crypt_hash *ctx, const char *buffer, size_t length)
126 gcry_md_write(ctx->hd, buffer, length);
130 int crypt_hash_final(struct crypt_hash *ctx, char *buffer, size_t length)
134 if (length > (size_t)ctx->hash_len)
137 hash = gcry_md_read(ctx->hd, ctx->hash_id);
141 memcpy(buffer, hash, length);
142 crypt_hash_restart(ctx);
147 int crypt_hash_destroy(struct crypt_hash *ctx)
149 gcry_md_close(ctx->hd);
150 memset(ctx, 0, sizeof(*ctx));
156 int crypt_hmac_size(const char *name)
158 return crypt_hash_size(name);
161 int crypt_hmac_init(struct crypt_hmac **ctx, const char *name,
162 const void *buffer, size_t length)
164 struct crypt_hmac *h;
166 assert(crypto_backend_initialised);
168 h = malloc(sizeof(*h));
172 h->hash_id = gcry_md_map_name(name);
178 if (gcry_md_open(&h->hd, h->hash_id, GCRY_MD_FLAG_HMAC)) {
183 if (gcry_md_setkey(h->hd, buffer, length)) {
184 gcry_md_close(h->hd);
189 h->hash_len = gcry_md_get_algo_dlen(h->hash_id);
194 static void crypt_hmac_restart(struct crypt_hmac *ctx)
196 gcry_md_reset(ctx->hd);
199 int crypt_hmac_write(struct crypt_hmac *ctx, const char *buffer, size_t length)
201 gcry_md_write(ctx->hd, buffer, length);
205 int crypt_hmac_final(struct crypt_hmac *ctx, char *buffer, size_t length)
209 if (length > (size_t)ctx->hash_len)
212 hash = gcry_md_read(ctx->hd, ctx->hash_id);
216 memcpy(buffer, hash, length);
217 crypt_hmac_restart(ctx);
222 int crypt_hmac_destroy(struct crypt_hmac *ctx)
224 gcry_md_close(ctx->hd);
225 memset(ctx, 0, sizeof(*ctx));