7 #include "libcryptsetup.h"
10 #define MAX_DIGESTS 64
11 #define GCRYPT_REQ_VERSION "1.1.42"
15 if (!gcry_control (GCRYCTL_INITIALIZATION_FINISHED_P)) {
16 if (!gcry_check_version (GCRYPT_REQ_VERSION))
19 /* FIXME: If gcrypt compiled to support POSIX 1003.1e capabilities,
20 * it drops all privileges during secure memory initialisation.
21 * For now, the only workaround is to disable secure memory in gcrypt.
22 * cryptsetup always need at least cap_sys_admin privilege for dm-ioctl
23 * and it locks its memory space anyway.
26 log_dbg("Initializing crypto backend (secure memory disabled).");
27 gcry_control (GCRYCTL_DISABLE_SECMEM);
29 log_dbg("Initializing crypto backend (using secure memory).");
30 gcry_control (GCRYCTL_SUSPEND_SECMEM_WARN);
31 gcry_control (GCRYCTL_INIT_SECMEM, 16384, 0);
32 gcry_control (GCRYCTL_RESUME_SECMEM_WARN);
34 gcry_control (GCRYCTL_INITIALIZATION_FINISHED, 0);
40 static int gcrypt_hash(void *data, int size, char *key,
41 int sizep, const char *passphrase)
44 int algo = *((int *)data);
45 int len = gcry_md_get_algo_dlen(algo);
48 if (gcry_md_open(&md, algo, 0))
51 for(round = 0; size; round++) {
52 /* hack from hashalot to avoid null bytes in key */
53 for(i = 0; i < round; i++)
54 gcry_md_write(md, "A", 1);
56 gcry_md_write(md, passphrase, sizep);
60 memcpy(key, gcry_md_read(md, algo), len);
72 static struct hash_type *gcrypt_get_hashes(void)
74 struct hash_type *hashes;
75 int size = MAX_DIGESTS;
80 if (!gcry_check_version(GCRYPT_REQ_VERSION))
83 list = (int *)malloc(sizeof(*list) * size);
87 r = gcry_md_list(list, &size);
93 hashes = malloc(sizeof(*hashes) * (size + 1));
99 for(i = 0; i < size; i++) {
100 hashes[i].name = NULL;
101 hashes[i].private = NULL;
104 for(i = 0; i < size; i++) {
107 hashes[i].name = strdup(gcry_md_algo_name(list[i]));
110 for(p = (char *)hashes[i].name; *p; p++)
112 hashes[i].private = malloc(sizeof(int));
113 if(!hashes[i].private)
115 *((int *)hashes[i].private) = list[i];
116 hashes[i].fn = gcrypt_hash;
118 hashes[i].name = NULL;
119 hashes[i].private = NULL;
128 for(i = 0; i < size; i++) {
129 free(hashes[i].name);
130 free(hashes[i].private);
136 static void gcrypt_free_hashes(struct hash_type *hashes)
138 struct hash_type *hash;
140 for(hash = hashes; hash->name; hash++) {
148 struct hash_backend hash_gcrypt_backend = {
150 .get_hashes = gcrypt_get_hashes,
151 .free_hashes = gcrypt_free_hashes