2 * Linux kernel userspace API crypto backend implementation
4 * Copyright (C) 2010-2012, Red Hat, Inc. All rights reserved.
5 * Copyright (C) 2010-2012, Milan Broz
7 * This file is free software; you can redistribute it and/or
8 * modify it under the terms of the GNU Lesser General Public
9 * License as published by the Free Software Foundation; either
10 * version 2.1 of the License, or (at your option) any later version.
12 * This file is distributed in the hope that it will be useful,
13 * but WITHOUT ANY WARRANTY; without even the implied warranty of
14 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
15 * Lesser General Public License for more details.
17 * You should have received a copy of the GNU Lesser General Public
18 * License along with this file; if not, write to the Free Software
19 * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
27 #include <sys/socket.h>
28 #include <sys/utsname.h>
29 #include <linux/if_alg.h>
30 #include "crypto_backend.h"
32 /* FIXME: remove later */
40 static int crypto_backend_initialised = 0;
41 static char version[64];
45 const char *kernel_name;
49 static struct hash_alg hash_algs[] = {
50 { "sha1", "sha1", 20 },
51 { "sha256", "sha256", 32 },
52 { "sha512", "sha512", 64 },
53 { "ripemd160", "rmd160", 20 },
54 { "whirlpool", "wp512", 64 },
70 /* Defined in crypt_kernel_ciphers.c */
71 extern int crypt_kernel_socket_init(struct sockaddr_alg *sa, int *tfmfd, int *opfd);
73 int crypt_backend_init(struct crypt_device *ctx)
76 struct sockaddr_alg sa = {
77 .salg_family = AF_ALG,
81 int tfmfd = -1, opfd = -1;
83 if (crypto_backend_initialised)
86 if (uname(&uts) == -1 || strcmp(uts.sysname, "Linux"))
89 if (crypt_kernel_socket_init(&sa, &tfmfd, &opfd) < 0)
95 snprintf(version, sizeof(version), "%s %s kernel cryptoAPI",
96 uts.sysname, uts.release);
98 crypto_backend_initialised = 1;
102 uint32_t crypt_backend_flags(void)
104 return CRYPT_BACKEND_KERNEL;
107 const char *crypt_backend_version(void)
109 return crypto_backend_initialised ? version : "";
112 static struct hash_alg *_get_alg(const char *name)
116 while (name && hash_algs[i].name) {
117 if (!strcmp(name, hash_algs[i].name))
118 return &hash_algs[i];
125 int crypt_hash_size(const char *name)
127 struct hash_alg *ha = _get_alg(name);
129 return ha ? ha->length : -EINVAL;
132 int crypt_hash_init(struct crypt_hash **ctx, const char *name)
134 struct crypt_hash *h;
136 struct sockaddr_alg sa = {
137 .salg_family = AF_ALG,
141 h = malloc(sizeof(*h));
150 h->hash_len = ha->length;
152 strncpy((char *)sa.salg_name, ha->kernel_name, sizeof(sa.salg_name));
154 if (crypt_kernel_socket_init(&sa, &h->tfmfd, &h->opfd) < 0) {
163 int crypt_hash_write(struct crypt_hash *ctx, const char *buffer, size_t length)
167 r = send(ctx->opfd, buffer, length, MSG_MORE);
168 if (r < 0 || (size_t)r < length)
174 int crypt_hash_final(struct crypt_hash *ctx, char *buffer, size_t length)
178 if (length > (size_t)ctx->hash_len)
181 r = read(ctx->opfd, buffer, length);
188 int crypt_hash_destroy(struct crypt_hash *ctx)
190 if (ctx->tfmfd != -1)
194 memset(ctx, 0, sizeof(*ctx));
200 int crypt_hmac_size(const char *name)
202 return crypt_hash_size(name);
205 int crypt_hmac_init(struct crypt_hmac **ctx, const char *name,
206 const void *buffer, size_t length)
208 struct crypt_hmac *h;
210 struct sockaddr_alg sa = {
211 .salg_family = AF_ALG,
215 h = malloc(sizeof(*h));
224 h->hash_len = ha->length;
226 snprintf((char *)sa.salg_name, sizeof(sa.salg_name),
227 "hmac(%s)", ha->kernel_name);
229 if (crypt_kernel_socket_init(&sa, &h->tfmfd, &h->opfd) < 0) {
234 if (setsockopt(h->tfmfd, SOL_ALG, ALG_SET_KEY, buffer, length) == -1) {
235 crypt_hmac_destroy(h);
243 int crypt_hmac_write(struct crypt_hmac *ctx, const char *buffer, size_t length)
247 r = send(ctx->opfd, buffer, length, MSG_MORE);
248 if (r < 0 || (size_t)r < length)
254 int crypt_hmac_final(struct crypt_hmac *ctx, char *buffer, size_t length)
258 if (length > (size_t)ctx->hash_len)
261 r = read(ctx->opfd, buffer, length);
268 int crypt_hmac_destroy(struct crypt_hmac *ctx)
270 if (ctx->tfmfd != -1)
274 memset(ctx, 0, sizeof(*ctx));
280 int crypt_backend_rng(char *buffer, size_t length, int quality, int fips)
286 int crypt_pbkdf(const char *kdf, const char *hash,
287 const char *password, size_t password_length,
288 const char *salt, size_t salt_length,
289 char *key, size_t key_length,
290 unsigned int iterations)
292 if (!kdf || strncmp(kdf, "pbkdf2", 6))
295 return pkcs5_pbkdf2(hash, password, password_length, salt, salt_length,
296 iterations, key_length, key);