2 * Nettle crypto backend implementation
4 * Copyright (C) 2011-2012 Red Hat, Inc. All rights reserved.
5 * Copyright (C) 2011-2014, Milan Broz
7 * This file is free software; you can redistribute it and/or
8 * modify it under the terms of the GNU Lesser General Public
9 * License as published by the Free Software Foundation; either
10 * version 2.1 of the License, or (at your option) any later version.
12 * This file is distributed in the hope that it will be useful,
13 * but WITHOUT ANY WARRANTY; without even the implied warranty of
14 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
15 * Lesser General Public License for more details.
17 * You should have received a copy of the GNU Lesser General Public
18 * License along with this file; if not, write to the Free Software
19 * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
25 #include <nettle/sha.h>
26 #include <nettle/hmac.h>
27 #include <nettle/pbkdf2.h>
28 #include "crypto_backend.h"
30 static char *version = "Nettle";
32 typedef void (*init_func) (void *);
33 typedef void (*update_func) (void *, unsigned, const uint8_t *);
34 typedef void (*digest_func) (void *, unsigned, uint8_t *);
35 typedef void (*set_key_func) (void *, unsigned, const uint8_t *);
43 update_func hmac_update;
44 digest_func hmac_digest;
45 set_key_func hmac_set_key;
48 static struct hash_alg hash_algs[] = {
49 { "sha1", SHA1_DIGEST_SIZE,
50 (init_func) sha1_init,
51 (update_func) sha1_update,
52 (digest_func) sha1_digest,
53 (update_func) hmac_sha1_update,
54 (digest_func) hmac_sha1_digest,
55 (set_key_func) hmac_sha1_set_key,
57 { "sha224", SHA224_DIGEST_SIZE,
58 (init_func) sha224_init,
59 (update_func) sha224_update,
60 (digest_func) sha224_digest,
61 (update_func) hmac_sha224_update,
62 (digest_func) hmac_sha224_digest,
63 (set_key_func) hmac_sha224_set_key,
65 { "sha256", SHA256_DIGEST_SIZE,
66 (init_func) sha256_init,
67 (update_func) sha256_update,
68 (digest_func) sha256_digest,
69 (update_func) hmac_sha256_update,
70 (digest_func) hmac_sha256_digest,
71 (set_key_func) hmac_sha256_set_key,
73 { "sha384", SHA384_DIGEST_SIZE,
74 (init_func) sha384_init,
75 (update_func) sha384_update,
76 (digest_func) sha384_digest,
77 (update_func) hmac_sha384_update,
78 (digest_func) hmac_sha384_digest,
79 (set_key_func) hmac_sha384_set_key,
81 { "sha512", SHA512_DIGEST_SIZE,
82 (init_func) sha512_init,
83 (update_func) sha512_update,
84 (digest_func) sha512_digest,
85 (update_func) hmac_sha512_update,
86 (digest_func) hmac_sha512_digest,
87 (set_key_func) hmac_sha512_set_key,
89 { "ripemd160", RIPEMD160_DIGEST_SIZE,
90 (init_func) ripemd160_init,
91 (update_func) ripemd160_update,
92 (digest_func) ripemd160_digest,
93 (update_func) hmac_ripemd160_update,
94 (digest_func) hmac_ripemd160_digest,
95 (set_key_func) hmac_ripemd160_set_key,
97 { NULL, 0, NULL, NULL, NULL, NULL, NULL, NULL, }
101 const struct hash_alg *hash;
103 struct sha1_ctx sha1;
104 struct sha224_ctx sha224;
105 struct sha256_ctx sha256;
106 struct sha384_ctx sha384;
107 struct sha512_ctx sha512;
112 const struct hash_alg *hash;
114 struct hmac_sha1_ctx sha1;
115 struct hmac_sha224_ctx sha224;
116 struct hmac_sha256_ctx sha256;
117 struct hmac_sha384_ctx sha384;
118 struct hmac_sha512_ctx sha512;
124 uint32_t crypt_backend_flags(void)
129 static struct hash_alg *_get_alg(const char *name)
133 while (name && hash_algs[i].name) {
134 if (!strcmp(name, hash_algs[i].name))
135 return &hash_algs[i];
141 int crypt_backend_init(struct crypt_device *ctx)
146 const char *crypt_backend_version(void)
152 int crypt_hash_size(const char *name)
154 struct hash_alg *ha = _get_alg(name);
156 return ha ? ha->length : -EINVAL;
159 int crypt_hash_init(struct crypt_hash **ctx, const char *name)
161 struct crypt_hash *h;
163 h = malloc(sizeof(*h));
167 h->hash = _get_alg(name);
173 h->hash->init(&h->nettle_ctx);
179 static void crypt_hash_restart(struct crypt_hash *ctx)
181 ctx->hash->init(&ctx->nettle_ctx);
184 int crypt_hash_write(struct crypt_hash *ctx, const char *buffer, size_t length)
186 ctx->hash->update(&ctx->nettle_ctx, length, (const uint8_t*)buffer);
190 int crypt_hash_final(struct crypt_hash *ctx, char *buffer, size_t length)
192 if (length > (size_t)ctx->hash->length)
195 ctx->hash->digest(&ctx->nettle_ctx, length, (uint8_t *)buffer);
196 crypt_hash_restart(ctx);
200 int crypt_hash_destroy(struct crypt_hash *ctx)
202 memset(ctx, 0, sizeof(*ctx));
208 int crypt_hmac_size(const char *name)
210 return crypt_hash_size(name);
213 int crypt_hmac_init(struct crypt_hmac **ctx, const char *name,
214 const void *buffer, size_t length)
216 struct crypt_hmac *h;
218 h = malloc(sizeof(*h));
221 memset(ctx, 0, sizeof(*ctx));
224 h->hash = _get_alg(name);
228 h->key = malloc(length);
232 memcpy(h->key, buffer, length);
233 h->key_length = length;
235 h->hash->init(&h->nettle_ctx);
236 h->hash->hmac_set_key(&h->nettle_ctx, h->key_length, h->key);
245 static void crypt_hmac_restart(struct crypt_hmac *ctx)
247 ctx->hash->hmac_set_key(&ctx->nettle_ctx, ctx->key_length, ctx->key);
250 int crypt_hmac_write(struct crypt_hmac *ctx, const char *buffer, size_t length)
252 ctx->hash->hmac_update(&ctx->nettle_ctx, length, (const uint8_t *)buffer);
256 int crypt_hmac_final(struct crypt_hmac *ctx, char *buffer, size_t length)
258 if (length > (size_t)ctx->hash->length)
261 ctx->hash->hmac_digest(&ctx->nettle_ctx, length, (uint8_t *)buffer);
262 crypt_hmac_restart(ctx);
266 int crypt_hmac_destroy(struct crypt_hmac *ctx)
268 memset(ctx->key, 0, ctx->key_length);
270 memset(ctx, 0, sizeof(*ctx));
276 int crypt_backend_rng(char *buffer, size_t length, int quality, int fips)
282 int crypt_pbkdf(const char *kdf, const char *hash,
283 const char *password, size_t password_length,
284 const char *salt, size_t salt_length,
285 char *key, size_t key_length,
286 unsigned int iterations)
288 struct crypt_hmac *h;
291 if (!kdf || strncmp(kdf, "pbkdf2", 6))
294 r = crypt_hmac_init(&h, hash, password, password_length);
298 nettle_pbkdf2(&h->nettle_ctx, h->hash->nettle_hmac_update,
299 h->hash->nettle_hmac_digest, h->hash->length, iterations,
300 salt_length, (const uint8_t *)salt, key_length,
302 crypt_hmac_destroy(h);