2 * GCRYPT crypto backend implementation
4 * Copyright (C) 2010 Red Hat, Inc. All rights reserved.
6 * This program is free software; you can redistribute it and/or
7 * modify it under the terms of the GNU General Public License
8 * version 2 as published by the Free Software Foundation.
10 * This program is distributed in the hope that it will be useful,
11 * but WITHOUT ANY WARRANTY; without even the implied warranty of
12 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
13 * GNU General Public License for more details.
15 * You should have received a copy of the GNU General Public License
16 * along with this program; if not, write to the Free Software
17 * Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA
23 #include "crypto_backend.h"
25 #define GCRYPT_REQ_VERSION "1.1.42"
39 int crypt_backend_init(void)
41 log_dbg("Initialising gcrypt crypto backend.");
42 if (!gcry_control (GCRYCTL_INITIALIZATION_FINISHED_P)) {
43 if (!gcry_check_version (GCRYPT_REQ_VERSION)) {
47 /* FIXME: If gcrypt compiled to support POSIX 1003.1e capabilities,
48 * it drops all privileges during secure memory initialisation.
49 * For now, the only workaround is to disable secure memory in gcrypt.
50 * cryptsetup always need at least cap_sys_admin privilege for dm-ioctl
51 * and it locks its memory space anyway.
54 log_dbg("Initializing crypto backend (secure memory disabled).");
55 gcry_control (GCRYCTL_DISABLE_SECMEM);
58 gcry_control (GCRYCTL_SUSPEND_SECMEM_WARN);
59 gcry_control (GCRYCTL_INIT_SECMEM, 16384, 0);
60 gcry_control (GCRYCTL_RESUME_SECMEM_WARN);
62 gcry_control (GCRYCTL_INITIALIZATION_FINISHED, 0);
68 uint32_t crypt_backend_flags(void)
74 int crypt_hash_size(const char *name)
76 int hash_id = gcry_md_map_name(name);
81 return gcry_md_get_algo_dlen(hash_id);
84 int crypt_hash_init(struct crypt_hash **ctx, const char *name)
88 h = malloc(sizeof(*h));
92 h->hash_id = gcry_md_map_name(name);
98 if (gcry_md_open(&h->hd, h->hash_id, 0)) {
103 h->hash_len = gcry_md_get_algo_dlen(h->hash_id);
108 int crypt_hash_restart(struct crypt_hash *ctx)
110 gcry_md_reset(ctx->hd);
114 int crypt_hash_write(struct crypt_hash *ctx, const char *buffer, size_t length)
116 gcry_md_write(ctx->hd, buffer, length);
120 int crypt_hash_final(struct crypt_hash *ctx, char *buffer, size_t length)
124 if (length > ctx->hash_len)
127 hash = gcry_md_read(ctx->hd, ctx->hash_id);
131 memcpy(buffer, hash, length);
135 int crypt_hash_destroy(struct crypt_hash *ctx)
137 gcry_md_close(ctx->hd);
138 memset(ctx, 0, sizeof(*ctx));
144 int crypt_hmac_size(const char *name)
146 return crypt_hash_size(name);
149 int crypt_hmac_init(struct crypt_hmac **ctx, const char *name,
150 const void *buffer, size_t length)
152 struct crypt_hmac *h;
154 h = malloc(sizeof(*h));
158 h->hash_id = gcry_md_map_name(name);
164 if (gcry_md_open(&h->hd, h->hash_id, GCRY_MD_FLAG_HMAC)) {
169 if (gcry_md_setkey(h->hd, buffer, length)) {
170 gcry_md_close(h->hd);
175 h->hash_len = gcry_md_get_algo_dlen(h->hash_id);
180 int crypt_hmac_restart(struct crypt_hmac *ctx)
182 gcry_md_reset(ctx->hd);
186 int crypt_hmac_write(struct crypt_hmac *ctx, const char *buffer, size_t length)
188 gcry_md_write(ctx->hd, buffer, length);
192 int crypt_hmac_final(struct crypt_hmac *ctx, char *buffer, size_t length)
196 if (length > ctx->hash_len)
199 hash = gcry_md_read(ctx->hd, ctx->hash_id);
203 memcpy(buffer, hash, length);
207 int crypt_hmac_destroy(struct crypt_hmac *ctx)
209 gcry_md_close(ctx->hd);
210 memset(ctx, 0, sizeof(*ctx));