2 * GCRYPT crypto backend implementation
4 * Copyright (C) 2010-2012, Red Hat, Inc. All rights reserved.
6 * This program is free software; you can redistribute it and/or
7 * modify it under the terms of the GNU General Public License
8 * version 2 as published by the Free Software Foundation.
10 * This program is distributed in the hope that it will be useful,
11 * but WITHOUT ANY WARRANTY; without even the implied warranty of
12 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
13 * GNU General Public License for more details.
15 * You should have received a copy of the GNU General Public License
16 * along with this program; if not, write to the Free Software
17 * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
24 #include "crypto_backend.h"
26 #define GCRYPT_REQ_VERSION "1.1.42"
28 static int crypto_backend_initialised = 0;
42 int crypt_backend_init(struct crypt_device *ctx __attribute__((unused)))
44 if (crypto_backend_initialised)
47 log_dbg("Initialising gcrypt crypto backend.");
48 if (!gcry_control (GCRYCTL_INITIALIZATION_FINISHED_P)) {
49 if (!gcry_check_version (GCRYPT_REQ_VERSION)) {
53 /* FIXME: If gcrypt compiled to support POSIX 1003.1e capabilities,
54 * it drops all privileges during secure memory initialisation.
55 * For now, the only workaround is to disable secure memory in gcrypt.
56 * cryptsetup always need at least cap_sys_admin privilege for dm-ioctl
57 * and it locks its memory space anyway.
60 log_dbg("Initializing crypto backend (secure memory disabled).");
61 gcry_control (GCRYCTL_DISABLE_SECMEM);
64 gcry_control (GCRYCTL_SUSPEND_SECMEM_WARN);
65 gcry_control (GCRYCTL_INIT_SECMEM, 16384, 0);
66 gcry_control (GCRYCTL_RESUME_SECMEM_WARN);
68 gcry_control (GCRYCTL_INITIALIZATION_FINISHED, 0);
71 crypto_backend_initialised = 1;
75 uint32_t crypt_backend_flags(void)
81 int crypt_hash_size(const char *name)
85 assert(crypto_backend_initialised);
87 hash_id = gcry_md_map_name(name);
91 return gcry_md_get_algo_dlen(hash_id);
94 int crypt_hash_init(struct crypt_hash **ctx, const char *name)
98 assert(crypto_backend_initialised);
100 h = malloc(sizeof(*h));
104 h->hash_id = gcry_md_map_name(name);
110 if (gcry_md_open(&h->hd, h->hash_id, 0)) {
115 h->hash_len = gcry_md_get_algo_dlen(h->hash_id);
120 static void crypt_hash_restart(struct crypt_hash *ctx)
122 gcry_md_reset(ctx->hd);
125 int crypt_hash_write(struct crypt_hash *ctx, const char *buffer, size_t length)
127 gcry_md_write(ctx->hd, buffer, length);
131 int crypt_hash_final(struct crypt_hash *ctx, char *buffer, size_t length)
135 if (length > (size_t)ctx->hash_len)
138 hash = gcry_md_read(ctx->hd, ctx->hash_id);
142 memcpy(buffer, hash, length);
143 crypt_hash_restart(ctx);
148 int crypt_hash_destroy(struct crypt_hash *ctx)
150 gcry_md_close(ctx->hd);
151 memset(ctx, 0, sizeof(*ctx));
157 int crypt_hmac_size(const char *name)
159 return crypt_hash_size(name);
162 int crypt_hmac_init(struct crypt_hmac **ctx, const char *name,
163 const void *buffer, size_t length)
165 struct crypt_hmac *h;
167 assert(crypto_backend_initialised);
169 h = malloc(sizeof(*h));
173 h->hash_id = gcry_md_map_name(name);
179 if (gcry_md_open(&h->hd, h->hash_id, GCRY_MD_FLAG_HMAC)) {
184 if (gcry_md_setkey(h->hd, buffer, length)) {
185 gcry_md_close(h->hd);
190 h->hash_len = gcry_md_get_algo_dlen(h->hash_id);
195 static void crypt_hmac_restart(struct crypt_hmac *ctx)
197 gcry_md_reset(ctx->hd);
200 int crypt_hmac_write(struct crypt_hmac *ctx, const char *buffer, size_t length)
202 gcry_md_write(ctx->hd, buffer, length);
206 int crypt_hmac_final(struct crypt_hmac *ctx, char *buffer, size_t length)
210 if (length > (size_t)ctx->hash_len)
213 hash = gcry_md_read(ctx->hd, ctx->hash_id);
217 memcpy(buffer, hash, length);
218 crypt_hmac_restart(ctx);
223 int crypt_hmac_destroy(struct crypt_hmac *ctx)
225 gcry_md_close(ctx->hd);
226 memset(ctx, 0, sizeof(*ctx));