678307b605
This adds support for using gnutls as a provider of the crypto hmac APIs. Reviewed-by: Eric Blake <eblake@redhat.com> Signed-off-by: Daniel P. Berrangé <berrange@redhat.com>
140 lines
3.5 KiB
C
140 lines
3.5 KiB
C
/*
|
|
* QEMU Crypto hmac algorithms
|
|
*
|
|
* Copyright (c) 2021 Red Hat, Inc.
|
|
*
|
|
* Derived from hmac-gcrypt.c:
|
|
*
|
|
* Copyright (c) 2016 HUAWEI TECHNOLOGIES CO., LTD.
|
|
*
|
|
* This work is licensed under the terms of the GNU GPL, version 2 or
|
|
* (at your option) any later version. See the COPYING file in the
|
|
* top-level directory.
|
|
*
|
|
*/
|
|
|
|
#include "qemu/osdep.h"
|
|
#include <gnutls/crypto.h>
|
|
|
|
#include "qapi/error.h"
|
|
#include "crypto/hmac.h"
|
|
#include "hmacpriv.h"
|
|
|
|
static int qcrypto_hmac_alg_map[QCRYPTO_HASH_ALG__MAX] = {
|
|
[QCRYPTO_HASH_ALG_MD5] = GNUTLS_MAC_MD5,
|
|
[QCRYPTO_HASH_ALG_SHA1] = GNUTLS_MAC_SHA1,
|
|
[QCRYPTO_HASH_ALG_SHA224] = GNUTLS_MAC_SHA224,
|
|
[QCRYPTO_HASH_ALG_SHA256] = GNUTLS_MAC_SHA256,
|
|
[QCRYPTO_HASH_ALG_SHA384] = GNUTLS_MAC_SHA384,
|
|
[QCRYPTO_HASH_ALG_SHA512] = GNUTLS_MAC_SHA512,
|
|
[QCRYPTO_HASH_ALG_RIPEMD160] = GNUTLS_MAC_RMD160,
|
|
};
|
|
|
|
typedef struct QCryptoHmacGnutls QCryptoHmacGnutls;
|
|
struct QCryptoHmacGnutls {
|
|
gnutls_hmac_hd_t handle;
|
|
};
|
|
|
|
bool qcrypto_hmac_supports(QCryptoHashAlgorithm alg)
|
|
{
|
|
size_t i;
|
|
const gnutls_digest_algorithm_t *algs;
|
|
if (alg >= G_N_ELEMENTS(qcrypto_hmac_alg_map) ||
|
|
qcrypto_hmac_alg_map[alg] == GNUTLS_DIG_UNKNOWN) {
|
|
return false;
|
|
}
|
|
algs = gnutls_digest_list();
|
|
for (i = 0; algs[i] != GNUTLS_DIG_UNKNOWN; i++) {
|
|
if (algs[i] == qcrypto_hmac_alg_map[alg]) {
|
|
return true;
|
|
}
|
|
}
|
|
return false;
|
|
}
|
|
|
|
void *qcrypto_hmac_ctx_new(QCryptoHashAlgorithm alg,
|
|
const uint8_t *key, size_t nkey,
|
|
Error **errp)
|
|
{
|
|
QCryptoHmacGnutls *ctx;
|
|
int err;
|
|
|
|
if (!qcrypto_hmac_supports(alg)) {
|
|
error_setg(errp, "Unsupported hmac algorithm %s",
|
|
QCryptoHashAlgorithm_str(alg));
|
|
return NULL;
|
|
}
|
|
|
|
ctx = g_new0(QCryptoHmacGnutls, 1);
|
|
|
|
err = gnutls_hmac_init(&ctx->handle,
|
|
qcrypto_hmac_alg_map[alg],
|
|
(const void *)key, nkey);
|
|
if (err != 0) {
|
|
error_setg(errp, "Cannot initialize hmac: %s",
|
|
gnutls_strerror(err));
|
|
goto error;
|
|
}
|
|
|
|
return ctx;
|
|
|
|
error:
|
|
g_free(ctx);
|
|
return NULL;
|
|
}
|
|
|
|
static void
|
|
qcrypto_gnutls_hmac_ctx_free(QCryptoHmac *hmac)
|
|
{
|
|
QCryptoHmacGnutls *ctx;
|
|
|
|
ctx = hmac->opaque;
|
|
gnutls_hmac_deinit(ctx->handle, NULL);
|
|
|
|
g_free(ctx);
|
|
}
|
|
|
|
static int
|
|
qcrypto_gnutls_hmac_bytesv(QCryptoHmac *hmac,
|
|
const struct iovec *iov,
|
|
size_t niov,
|
|
uint8_t **result,
|
|
size_t *resultlen,
|
|
Error **errp)
|
|
{
|
|
QCryptoHmacGnutls *ctx;
|
|
uint32_t ret;
|
|
int i;
|
|
|
|
ctx = hmac->opaque;
|
|
|
|
for (i = 0; i < niov; i++) {
|
|
gnutls_hmac(ctx->handle, iov[i].iov_base, iov[i].iov_len);
|
|
}
|
|
|
|
ret = gnutls_hmac_get_len(qcrypto_hmac_alg_map[hmac->alg]);
|
|
if (ret <= 0) {
|
|
error_setg(errp, "Unable to get hmac length: %s",
|
|
gnutls_strerror(ret));
|
|
return -1;
|
|
}
|
|
|
|
if (*resultlen == 0) {
|
|
*resultlen = ret;
|
|
*result = g_new0(uint8_t, *resultlen);
|
|
} else if (*resultlen != ret) {
|
|
error_setg(errp, "Result buffer size %zu is smaller than hmac %d",
|
|
*resultlen, ret);
|
|
return -1;
|
|
}
|
|
|
|
gnutls_hmac_output(ctx->handle, *result);
|
|
|
|
return 0;
|
|
}
|
|
|
|
QCryptoHmacDriver qcrypto_hmac_lib_driver = {
|
|
.hmac_bytesv = qcrypto_gnutls_hmac_bytesv,
|
|
.hmac_free = qcrypto_gnutls_hmac_ctx_free,
|
|
};
|