+
+static int pbkdf2(const char *hash,
+ const char *password, size_t password_length,
+ const char *salt, size_t salt_length,
+ char *key, size_t key_length,
+ uint32_t iterations)
+{
+ const char *hash_name = crypt_hash_compat_name(hash, NULL);
+
+#if USE_INTERNAL_PBKDF2
+ return pkcs5_pbkdf2(hash_name, password, password_length, salt, salt_length,
+ iterations, key_length, key, 0);
+#else /* USE_INTERNAL_PBKDF2 */
+ int hash_id = gcry_md_map_name(hash_name);
+
+ if (!hash_id)
+ return -EINVAL;
+
+ if (gcry_kdf_derive(password, password_length, GCRY_KDF_PBKDF2, hash_id,
+ salt, salt_length, iterations, key_length, key))
+ return -EINVAL;
+
+ return 0;
+#endif /* USE_INTERNAL_PBKDF2 */
+}
+
+/* PBKDF */
+int crypt_pbkdf(const char *kdf, const char *hash,
+ const char *password, size_t password_length,
+ const char *salt, size_t salt_length,
+ char *key, size_t key_length,
+ uint32_t iterations, uint32_t memory, uint32_t parallel)
+{
+ if (!kdf)
+ return -EINVAL;
+
+ if (!strcmp(kdf, "pbkdf2"))
+ return pbkdf2(hash, password, password_length, salt, salt_length,
+ key, key_length, iterations);
+ else if (!strncmp(kdf, "argon2", 6))
+ return argon2(kdf, password, password_length, salt, salt_length,
+ key, key_length, iterations, memory, parallel);
+ return -EINVAL;
+}
+
+/* Block ciphers */
+static int _cipher_init(gcry_cipher_hd_t *hd, const char *name,
+ const char *mode, const void *buffer, size_t length)
+{
+ int cipher_id, mode_id;
+
+ cipher_id = gcry_cipher_map_name(name);
+ if (cipher_id == GCRY_CIPHER_MODE_NONE)
+ return -ENOENT;
+
+ if (!strcmp(mode, "ecb"))
+ mode_id = GCRY_CIPHER_MODE_ECB;
+ else if (!strcmp(mode, "cbc"))
+ mode_id = GCRY_CIPHER_MODE_CBC;
+#if HAVE_DECL_GCRY_CIPHER_MODE_XTS
+ else if (!strcmp(mode, "xts"))
+ mode_id = GCRY_CIPHER_MODE_XTS;
+#endif
+ else
+ return -ENOENT;
+
+ if (gcry_cipher_open(hd, cipher_id, mode_id, 0))
+ return -EINVAL;
+
+ if (gcry_cipher_setkey(*hd, buffer, length)) {
+ gcry_cipher_close(*hd);
+ return -EINVAL;
+ }
+
+ return 0;
+}
+
+int crypt_cipher_init(struct crypt_cipher **ctx, const char *name,
+ const char *mode, const void *key, size_t key_length)
+{
+ struct crypt_cipher *h;
+ int r;
+
+ h = malloc(sizeof(*h));
+ if (!h)
+ return -ENOMEM;
+
+ if (!_cipher_init(&h->u.hd, name, mode, key, key_length)) {
+ h->use_kernel = false;
+ *ctx = h;
+ return 0;
+ }
+
+ r = crypt_cipher_init_kernel(&h->u.kernel, name, mode, key, key_length);
+ if (r < 0) {
+ free(h);
+ return r;
+ }
+
+ h->use_kernel = true;
+ *ctx = h;
+ return 0;
+}
+
+void crypt_cipher_destroy(struct crypt_cipher *ctx)
+{
+ if (ctx->use_kernel)
+ crypt_cipher_destroy_kernel(&ctx->u.kernel);
+ else
+ gcry_cipher_close(ctx->u.hd);
+ free(ctx);
+}
+
+int crypt_cipher_encrypt(struct crypt_cipher *ctx,
+ const char *in, char *out, size_t length,
+ const char *iv, size_t iv_length)
+{
+ if (ctx->use_kernel)
+ return crypt_cipher_encrypt_kernel(&ctx->u.kernel, in, out, length, iv, iv_length);
+
+ if (iv && gcry_cipher_setiv(ctx->u.hd, iv, iv_length))
+ return -EINVAL;
+
+ if (gcry_cipher_encrypt(ctx->u.hd, out, length, in, length))
+ return -EINVAL;
+
+ return 0;
+}
+
+int crypt_cipher_decrypt(struct crypt_cipher *ctx,
+ const char *in, char *out, size_t length,
+ const char *iv, size_t iv_length)
+{
+ if (ctx->use_kernel)
+ return crypt_cipher_decrypt_kernel(&ctx->u.kernel, in, out, length, iv, iv_length);
+
+ if (iv && gcry_cipher_setiv(ctx->u.hd, iv, iv_length))
+ return -EINVAL;
+
+ if (gcry_cipher_decrypt(ctx->u.hd, out, length, in, length))
+ return -EINVAL;
+
+ return 0;
+}
+
+bool crypt_cipher_kernel_only(struct crypt_cipher *ctx)
+{
+ return ctx->use_kernel;
+}
+
+int crypt_bitlk_decrypt_key(const void *key, size_t key_length,
+ const char *in, char *out, size_t length,
+ const char *iv, size_t iv_length,
+ const char *tag, size_t tag_length)
+{
+#ifdef GCRY_CCM_BLOCK_LEN
+ gcry_cipher_hd_t hd;
+ uint64_t l[3];
+ int r = -EINVAL;
+
+ if (gcry_cipher_open(&hd, GCRY_CIPHER_AES256, GCRY_CIPHER_MODE_CCM, 0))
+ return -EINVAL;
+
+ if (gcry_cipher_setkey(hd, key, key_length))
+ goto out;
+
+ if (gcry_cipher_setiv(hd, iv, iv_length))
+ goto out;
+
+ l[0] = length;
+ l[1] = 0;
+ l[2] = tag_length;
+ if (gcry_cipher_ctl(hd, GCRYCTL_SET_CCM_LENGTHS, l, sizeof(l)))
+ goto out;
+
+ if (gcry_cipher_decrypt(hd, out, length, in, length))
+ goto out;
+
+ if (gcry_cipher_checktag(hd, tag, tag_length))
+ goto out;
+
+ r = 0;
+out:
+ gcry_cipher_close(hd);
+ return r;
+#else
+ return -ENOTSUP;
+#endif
+}