2 * NSS crypto backend implementation
4 * Copyright (C) 2010-2012, Red Hat, Inc. All rights reserved.
5 * Copyright (C) 2010-2012, Milan Broz
7 * This program is free software; you can redistribute it and/or
8 * modify it under the terms of the GNU General Public License
9 * version 2 as published by the Free Software Foundation.
11 * This program is distributed in the hope that it will be useful,
12 * but WITHOUT ANY WARRANTY; without even the implied warranty of
13 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
14 * GNU General Public License for more details.
16 * You should have received a copy of the GNU General Public License
17 * along with this program; if not, write to the Free Software
18 * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
25 #include "crypto_backend.h"
27 #define CONST_CAST(x) (x)(uintptr_t)
29 static int crypto_backend_initialised = 0;
30 static char version[64];
35 CK_MECHANISM_TYPE ck_type;
39 static struct hash_alg hash_algs[] = {
40 { "sha1", SEC_OID_SHA1, CKM_SHA_1_HMAC, 20 },
41 { "sha256", SEC_OID_SHA256, CKM_SHA256_HMAC, 32 },
42 { "sha384", SEC_OID_SHA384, CKM_SHA384_HMAC, 48 },
43 { "sha512", SEC_OID_SHA512, CKM_SHA512_HMAC, 64 },
44 // { "ripemd160", SEC_OID_RIPEMD160, CKM_RIPEMD160_HMAC, 20 },
50 const struct hash_alg *hash;
57 const struct hash_alg *hash;
60 static struct hash_alg *_get_alg(const char *name)
64 while (name && hash_algs[i].name) {
65 if (!strcmp(name, hash_algs[i].name))
72 int crypt_backend_init(struct crypt_device *ctx)
74 if (crypto_backend_initialised)
77 if (NSS_NoDB_Init(".") != SECSuccess)
80 #if HAVE_DECL_NSS_GETVERSION
81 snprintf(version, 64, "NSS %s", NSS_GetVersion());
83 snprintf(version, 64, "NSS");
85 crypto_backend_initialised = 1;
89 uint32_t crypt_backend_flags(void)
94 const char *crypt_backend_version(void)
96 return crypto_backend_initialised ? version : "";
100 int crypt_hash_size(const char *name)
102 struct hash_alg *ha = _get_alg(name);
104 return ha ? ha->length : -EINVAL;
107 int crypt_hash_init(struct crypt_hash **ctx, const char *name)
109 struct crypt_hash *h;
111 h = malloc(sizeof(*h));
115 h->hash = _get_alg(name);
121 h->md = PK11_CreateDigestContext(h->hash->oid);
127 if (PK11_DigestBegin(h->md) != SECSuccess) {
128 PK11_DestroyContext(h->md, PR_TRUE);
137 static int crypt_hash_restart(struct crypt_hash *ctx)
139 if (PK11_DigestBegin(ctx->md) != SECSuccess)
145 int crypt_hash_write(struct crypt_hash *ctx, const char *buffer, size_t length)
147 if (PK11_DigestOp(ctx->md, CONST_CAST(unsigned char *)buffer, length) != SECSuccess)
153 int crypt_hash_final(struct crypt_hash *ctx, char *buffer, size_t length)
155 unsigned char tmp[64];
156 unsigned int tmp_len;
158 if (length > (size_t)ctx->hash->length)
161 if (PK11_DigestFinal(ctx->md, tmp, &tmp_len, length) != SECSuccess)
164 memcpy(buffer, tmp, length);
165 memset(tmp, 0, sizeof(tmp));
167 if (tmp_len < length)
170 if (crypt_hash_restart(ctx))
176 int crypt_hash_destroy(struct crypt_hash *ctx)
178 PK11_DestroyContext(ctx->md, PR_TRUE);
179 memset(ctx, 0, sizeof(*ctx));
185 int crypt_hmac_size(const char *name)
187 return crypt_hash_size(name);
190 int crypt_hmac_init(struct crypt_hmac **ctx, const char *name,
191 const void *buffer, size_t length)
193 struct crypt_hmac *h;
197 keyItem.type = siBuffer;
198 keyItem.data = CONST_CAST(unsigned char *)buffer;
199 keyItem.len = (int)length;
201 noParams.type = siBuffer;
205 h = malloc(sizeof(*h));
208 memset(ctx, 0, sizeof(*ctx));
211 h->hash = _get_alg(name);
215 h->slot = PK11_GetInternalKeySlot();
219 h->key = PK11_ImportSymKey(h->slot, h->hash->ck_type, PK11_OriginUnwrap,
220 CKA_SIGN, &keyItem, NULL);
224 h->md = PK11_CreateContextBySymKey(h->hash->ck_type, CKA_SIGN, h->key,
229 if (PK11_DigestBegin(h->md) != SECSuccess)
235 crypt_hmac_destroy(h);
239 static int crypt_hmac_restart(struct crypt_hmac *ctx)
241 if (PK11_DigestBegin(ctx->md) != SECSuccess)
247 int crypt_hmac_write(struct crypt_hmac *ctx, const char *buffer, size_t length)
249 if (PK11_DigestOp(ctx->md, CONST_CAST(unsigned char *)buffer, length) != SECSuccess)
255 int crypt_hmac_final(struct crypt_hmac *ctx, char *buffer, size_t length)
257 unsigned char tmp[64];
258 unsigned int tmp_len;
260 if (length > (size_t)ctx->hash->length)
263 if (PK11_DigestFinal(ctx->md, tmp, &tmp_len, length) != SECSuccess)
266 memcpy(buffer, tmp, length);
267 memset(tmp, 0, sizeof(tmp));
269 if (tmp_len < length)
272 if (crypt_hmac_restart(ctx))
278 int crypt_hmac_destroy(struct crypt_hmac *ctx)
281 PK11_FreeSymKey(ctx->key);
283 PK11_FreeSlot(ctx->slot);
285 PK11_DestroyContext(ctx->md, PR_TRUE);
286 memset(ctx, 0, sizeof(*ctx));
292 int crypt_backend_rng(char *buffer, size_t length, int quality, int fips)
297 if (PK11_GenerateRandom((unsigned char *)buffer, length) != SECSuccess)
304 int crypt_pbkdf(const char *kdf, const char *hash,
305 const char *password, size_t password_length,
306 const char *salt, size_t salt_length,
307 char *key, size_t key_length,
308 unsigned int iterations)
310 if (!kdf || strncmp(kdf, "pbkdf2", 6))
313 return pkcs5_pbkdf2(hash, password, password_length, salt, salt_length,
314 iterations, key_length, key);