Move fips check to libcryptsetup.
Clean up internal.h use.
#include <stdlib.h>
#include <errno.h>
+#include "libcryptsetup.h"
#include "internal.h"
-#include "crypto_backend.h"
static int hash(const char *hash_name, size_t key_size, char *key,
size_t passphrase_size, const char *passphrase)
#ifndef _CRYPTO_BACKEND_H
#define _CRYPTO_BACKEND_H
-#include "libcryptsetup.h"
-#include "internal.h"
+#include <stdint.h>
+#include "config.h"
+struct crypt_device;
struct crypt_hash;
struct crypt_hmac;
#define CRYPT_BACKEND_KERNEL (1 << 0) /* Crypto uses kernel part, for benchmark */
uint32_t crypt_backend_flags(void);
+const char *crypt_backend_version(void);
/* HASH */
int crypt_hash_size(const char *name);
int crypt_hmac_destroy(struct crypt_hmac *ctx);
/* RNG (must be usable in FIPS mode) */
+enum { CRYPT_RND_NORMAL = 0, CRYPT_RND_KEY = 1, CRYPT_RND_SALT = 2 };
int crypt_backend_fips_rng(char *buffer, size_t length, int quality);
#endif /* _CRYPTO_BACKEND_H */
*/
#include <string.h>
+#include <stdio.h>
#include <errno.h>
#include <assert.h>
#include <gcrypt.h>
#include "crypto_backend.h"
static int crypto_backend_initialised = 0;
+static int crypto_backend_secmem = 1;
+static char version[64];
struct crypt_hash {
gcry_md_hd_t hd;
if (crypto_backend_initialised)
return 0;
- log_dbg("Initialising gcrypt crypto backend.");
- crypt_fips_libcryptsetup_check(ctx);
if (!gcry_control (GCRYCTL_INITIALIZATION_FINISHED_P)) {
if (!gcry_check_version (GCRYPT_REQ_VERSION)) {
return -ENOSYS;
* and it locks its memory space anyway.
*/
#if 0
- log_dbg("Initializing crypto backend (secure memory disabled).");
gcry_control (GCRYCTL_DISABLE_SECMEM);
+ crypto_backend_secmem = 0;
#else
gcry_control (GCRYCTL_SUSPEND_SECMEM_WARN);
gcry_control (GCRYCTL_INITIALIZATION_FINISHED, 0);
}
+ snprintf(version, 64, "gcrypt %s%s",
+ gcry_check_version(NULL),
+ crypto_backend_secmem ? "" : ", secmem disabled");
crypto_backend_initialised = 1;
return 0;
}
+const char *crypt_backend_version(void)
+{
+ return crypto_backend_initialised ? version : "";
+}
+
uint32_t crypt_backend_flags(void)
{
return 0;
#endif
static int crypto_backend_initialised = 0;
+static char version[64];
struct hash_alg {
const char *name;
int crypt_backend_init(struct crypt_device *ctx)
{
struct utsname uts;
-
struct sockaddr_alg sa = {
.salg_family = AF_ALG,
.salg_type = "hash",
if (crypto_backend_initialised)
return 0;
- log_dbg("Initialising kernel crypto API backend.");
-
if (uname(&uts) == -1 || strcmp(uts.sysname, "Linux"))
return -EINVAL;
- log_dbg("Kernel version %s %s.", uts.sysname, uts.release);
if (_socket_init(&sa, &tfmfd, &opfd) < 0)
return -EINVAL;
close(tfmfd);
close(opfd);
+ snprintf(version, sizeof(version), "%s %s kernel cryptoAPI",
+ uts.sysname, uts.release);
+
crypto_backend_initialised = 1;
return 0;
}
return CRYPT_BACKEND_KERNEL;
}
+const char *crypt_backend_version(void)
+{
+ return crypto_backend_initialised ? version : "";
+}
+
static struct hash_alg *_get_alg(const char *name)
{
int i = 0;
#include <nettle/hmac.h>
#include "crypto_backend.h"
+static char *version = "Nettle";
+
typedef void (*init_func) (void *);
typedef void (*update_func) (void *, unsigned, const uint8_t *);
typedef void (*digest_func) (void *, unsigned, uint8_t *);
int crypt_backend_init(struct crypt_device *ctx)
{
- log_dbg("Initialising Nettle crypto backend.");
return 0;
}
+const char *crypt_backend_version(void)
+{
+ return version;
+}
+
/* HASH */
int crypt_hash_size(const char *name)
{
#include <pk11pub.h>
#include "crypto_backend.h"
+#define CONST_CAST(x) (x)(uintptr_t)
+
static int crypto_backend_initialised = 0;
+static char version[64];
+
struct hash_alg {
const char *name;
if (crypto_backend_initialised)
return 0;
- log_dbg("Initialising NSS crypto backend.");
if (NSS_NoDB_Init(".") != SECSuccess)
return -EINVAL;
+ snprintf(version, 64, "NSS %s", NSS_GetVersion());
crypto_backend_initialised = 1;
return 0;
}
return 0;
}
+const char *crypt_backend_version(void)
+{
+ return crypto_backend_initialised ? version : "";
+}
+
/* HASH */
int crypt_hash_size(const char *name)
{
return 0;
OpenSSL_add_all_digests();
- log_dbg("OpenSSL crypto backend initialized.");
crypto_backend_initialised = 1;
return 0;
return 0;
}
+const char *crypt_backend_version(void)
+{
+ return SSLeay_version(SSLEAY_VERSION);
+}
+
/* HASH */
int crypt_hash_size(const char *name)
{
#include "utils_loop.h"
#include "utils_dm.h"
#include "utils_fips.h"
+#include "crypto_backend.h"
/* to silent gcc -Wcast-qual for const cast */
#define CONST_CAST(x) (x)(uintptr_t)
unsigned long *alignment_offset, /* bytes */
unsigned long default_alignment);
-enum { CRYPT_RND_NORMAL = 0, CRYPT_RND_KEY = 1, CRYPT_RND_SALT = 2 };
int crypt_random_init(struct crypt_device *ctx);
int crypt_random_get(struct crypt_device *ctx, char *buf, size_t len, int quality);
void crypt_random_exit(void);
#include <stdlib.h>
#include <string.h>
-#include "crypto_backend.h"
+#include "libcryptsetup.h"
#include "loopaes.h"
+#include "internal.h"
static const char *get_hash(unsigned int key_size)
{
#include <string.h>
#include <netinet/in.h>
#include <errno.h>
-#include "crypto_backend.h"
#include "internal.h"
#include "af.h"
#include "libcryptsetup.h"
#include "internal.h"
-#include "crypto_backend.h"
static int random_initialised = 0;
#include "luks.h"
#include "loopaes.h"
#include "internal.h"
-#include "crypto_backend.h"
struct crypt_device {
char *type;
{
int r;
+ crypt_fips_libcryptsetup_check(ctx);
+
r = crypt_random_init(ctx);
if (r < 0) {
log_err(ctx, _("Cannot initialize crypto RNG backend.\n"));
if (r < 0)
log_err(ctx, _("Cannot initialize crypto backend.\n"));
+ log_dbg("Crypto backend (%s) initialized.", crypt_backend_version());
return r;
}