2 * GCRYPT crypto backend implementation
4 * Copyright (C) 2010 Red Hat, Inc. All rights reserved.
6 * This program is free software; you can redistribute it and/or
7 * modify it under the terms of the GNU General Public License
8 * version 2 as published by the Free Software Foundation.
10 * This program is distributed in the hope that it will be useful,
11 * but WITHOUT ANY WARRANTY; without even the implied warranty of
12 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
13 * GNU General Public License for more details.
15 * You should have received a copy of the GNU General Public License
16 * along with this program; if not, write to the Free Software
17 * Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA
24 #include "crypto_backend.h"
26 #define GCRYPT_REQ_VERSION "1.1.42"
28 static int crypto_backend_initialised = 0;
42 int crypt_backend_init(void)
44 if (crypto_backend_initialised)
47 log_dbg("Initialising gcrypt crypto backend.");
48 if (!gcry_control (GCRYCTL_INITIALIZATION_FINISHED_P)) {
49 if (!gcry_check_version (GCRYPT_REQ_VERSION)) {
53 /* FIXME: If gcrypt compiled to support POSIX 1003.1e capabilities,
54 * it drops all privileges during secure memory initialisation.
55 * For now, the only workaround is to disable secure memory in gcrypt.
56 * cryptsetup always need at least cap_sys_admin privilege for dm-ioctl
57 * and it locks its memory space anyway.
60 log_dbg("Initializing crypto backend (secure memory disabled).");
61 gcry_control (GCRYCTL_DISABLE_SECMEM);
64 gcry_control (GCRYCTL_SUSPEND_SECMEM_WARN);
65 gcry_control (GCRYCTL_INIT_SECMEM, 16384, 0);
66 gcry_control (GCRYCTL_RESUME_SECMEM_WARN);
68 gcry_control (GCRYCTL_INITIALIZATION_FINISHED, 0);
71 crypto_backend_initialised = 1;
75 uint32_t crypt_backend_flags(void)
81 int crypt_hash_size(const char *name)
85 assert(crypto_backend_initialised);
87 hash_id = gcry_md_map_name(name);
91 return gcry_md_get_algo_dlen(hash_id);
94 int crypt_hash_init(struct crypt_hash **ctx, const char *name)
98 assert(crypto_backend_initialised);
100 h = malloc(sizeof(*h));
104 h->hash_id = gcry_md_map_name(name);
110 if (gcry_md_open(&h->hd, h->hash_id, 0)) {
115 h->hash_len = gcry_md_get_algo_dlen(h->hash_id);
120 int crypt_hash_restart(struct crypt_hash *ctx)
122 gcry_md_reset(ctx->hd);
126 int crypt_hash_write(struct crypt_hash *ctx, const char *buffer, size_t length)
128 gcry_md_write(ctx->hd, buffer, length);
132 int crypt_hash_final(struct crypt_hash *ctx, char *buffer, size_t length)
136 if (length > ctx->hash_len)
139 hash = gcry_md_read(ctx->hd, ctx->hash_id);
143 memcpy(buffer, hash, length);
147 int crypt_hash_destroy(struct crypt_hash *ctx)
149 gcry_md_close(ctx->hd);
150 memset(ctx, 0, sizeof(*ctx));
156 int crypt_hmac_size(const char *name)
158 return crypt_hash_size(name);
161 int crypt_hmac_init(struct crypt_hmac **ctx, const char *name,
162 const void *buffer, size_t length)
164 struct crypt_hmac *h;
166 assert(crypto_backend_initialised);
168 h = malloc(sizeof(*h));
172 h->hash_id = gcry_md_map_name(name);
178 if (gcry_md_open(&h->hd, h->hash_id, GCRY_MD_FLAG_HMAC)) {
183 if (gcry_md_setkey(h->hd, buffer, length)) {
184 gcry_md_close(h->hd);
189 h->hash_len = gcry_md_get_algo_dlen(h->hash_id);
194 int crypt_hmac_restart(struct crypt_hmac *ctx)
196 gcry_md_reset(ctx->hd);
200 int crypt_hmac_write(struct crypt_hmac *ctx, const char *buffer, size_t length)
202 gcry_md_write(ctx->hd, buffer, length);
206 int crypt_hmac_final(struct crypt_hmac *ctx, char *buffer, size_t length)
210 if (length > ctx->hash_len)
213 hash = gcry_md_read(ctx->hd, ctx->hash_id);
217 memcpy(buffer, hash, length);
221 int crypt_hmac_destroy(struct crypt_hmac *ctx)
223 gcry_md_close(ctx->hd);
224 memset(ctx, 0, sizeof(*ctx));