2 * NSS crypto backend implementation
4 * Copyright (C) 2010-2012, Red Hat, Inc. All rights reserved.
6 * This program is free software; you can redistribute it and/or
7 * modify it under the terms of the GNU General Public License
8 * version 2 as published by the Free Software Foundation.
10 * This program is distributed in the hope that it will be useful,
11 * but WITHOUT ANY WARRANTY; without even the implied warranty of
12 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
13 * GNU General Public License for more details.
15 * You should have received a copy of the GNU General Public License
16 * along with this program; if not, write to the Free Software
17 * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
24 #include "crypto_backend.h"
26 static int crypto_backend_initialised = 0;
31 CK_MECHANISM_TYPE ck_type;
35 static struct hash_alg hash_algs[] = {
36 { "sha1", SEC_OID_SHA1, CKM_SHA_1_HMAC, 20 },
37 { "sha256", SEC_OID_SHA256, CKM_SHA256_HMAC, 32 },
38 { "sha384", SEC_OID_SHA384, CKM_SHA384_HMAC, 48 },
39 { "sha512", SEC_OID_SHA512, CKM_SHA512_HMAC, 64 },
40 // { "ripemd160", SEC_OID_RIPEMD160, CKM_RIPEMD160_HMAC, 20 },
46 const struct hash_alg *hash;
53 const struct hash_alg *hash;
56 static struct hash_alg *_get_alg(const char *name)
60 while (name && hash_algs[i].name) {
61 if (!strcmp(name, hash_algs[i].name))
68 int crypt_backend_init(struct crypt_device *ctx)
70 if (crypto_backend_initialised)
73 log_dbg("Initialising NSS crypto backend.");
74 if (NSS_NoDB_Init(".") != SECSuccess)
77 crypto_backend_initialised = 1;
81 uint32_t crypt_backend_flags(void)
87 int crypt_hash_size(const char *name)
89 struct hash_alg *ha = _get_alg(name);
91 return ha ? ha->length : -EINVAL;
94 int crypt_hash_init(struct crypt_hash **ctx, const char *name)
98 h = malloc(sizeof(*h));
102 h->hash = _get_alg(name);
108 h->md = PK11_CreateDigestContext(h->hash->oid);
114 if (PK11_DigestBegin(h->md) != SECSuccess) {
115 PK11_DestroyContext(h->md, PR_TRUE);
124 static int crypt_hash_restart(struct crypt_hash *ctx)
126 if (PK11_DigestBegin(ctx->md) != SECSuccess)
132 int crypt_hash_write(struct crypt_hash *ctx, const char *buffer, size_t length)
134 if (PK11_DigestOp(ctx->md, CONST_CAST(unsigned char *)buffer, length) != SECSuccess)
140 int crypt_hash_final(struct crypt_hash *ctx, char *buffer, size_t length)
142 unsigned char tmp[64];
143 unsigned int tmp_len;
145 if (length > (size_t)ctx->hash->length)
148 if (PK11_DigestFinal(ctx->md, tmp, &tmp_len, length) != SECSuccess)
151 memcpy(buffer, tmp, length);
152 memset(tmp, 0, sizeof(tmp));
154 if (tmp_len < length)
157 if (crypt_hash_restart(ctx))
163 int crypt_hash_destroy(struct crypt_hash *ctx)
165 PK11_DestroyContext(ctx->md, PR_TRUE);
166 memset(ctx, 0, sizeof(*ctx));
172 int crypt_hmac_size(const char *name)
174 return crypt_hash_size(name);
177 int crypt_hmac_init(struct crypt_hmac **ctx, const char *name,
178 const void *buffer, size_t length)
180 struct crypt_hmac *h;
184 keyItem.type = siBuffer;
185 keyItem.data = CONST_CAST(unsigned char *)buffer;
186 keyItem.len = (int)length;
188 noParams.type = siBuffer;
192 h = malloc(sizeof(*h));
195 memset(ctx, 0, sizeof(*ctx));
198 h->hash = _get_alg(name);
202 h->slot = PK11_GetInternalKeySlot();
206 h->key = PK11_ImportSymKey(h->slot, h->hash->ck_type, PK11_OriginUnwrap,
207 CKA_SIGN, &keyItem, NULL);
211 h->md = PK11_CreateContextBySymKey(h->hash->ck_type, CKA_SIGN, h->key,
216 if (PK11_DigestBegin(h->md) != SECSuccess)
222 crypt_hmac_destroy(h);
226 static int crypt_hmac_restart(struct crypt_hmac *ctx)
228 if (PK11_DigestBegin(ctx->md) != SECSuccess)
234 int crypt_hmac_write(struct crypt_hmac *ctx, const char *buffer, size_t length)
236 if (PK11_DigestOp(ctx->md, CONST_CAST(unsigned char *)buffer, length) != SECSuccess)
242 int crypt_hmac_final(struct crypt_hmac *ctx, char *buffer, size_t length)
244 unsigned char tmp[64];
245 unsigned int tmp_len;
247 if (length > (size_t)ctx->hash->length)
250 if (PK11_DigestFinal(ctx->md, tmp, &tmp_len, length) != SECSuccess)
253 memcpy(buffer, tmp, length);
254 memset(tmp, 0, sizeof(tmp));
256 if (tmp_len < length)
259 if (crypt_hmac_restart(ctx))
265 int crypt_hmac_destroy(struct crypt_hmac *ctx)
268 PK11_FreeSymKey(ctx->key);
270 PK11_FreeSlot(ctx->slot);
272 PK11_DestroyContext(ctx->md, PR_TRUE);
273 memset(ctx, 0, sizeof(*ctx));