diff options
author | Longpeng(Mike) <longpeng2@huawei.com> | 2016-12-13 18:42:59 +0800 |
---|---|---|
committer | Daniel P. Berrange <berrange@redhat.com> | 2016-12-22 09:24:59 +0000 |
commit | f4d7674722d121fa7d4ed7cbee2c3ba9b3e71824 (patch) | |
tree | 3f4f7fc39a93d6bd58e9d93af4f0da7bdb93e423 | |
parent | e11680524afc6fb5b38e2a9e2e55c3c313ab8f97 (diff) |
crypto: support HMAC algorithms based on nettle
This patch add nettle-backed HMAC algorithms support
Signed-off-by: Longpeng(Mike) <longpeng2@huawei.com>
Signed-off-by: Daniel P. Berrange <berrange@redhat.com>
-rw-r--r-- | crypto/hmac-nettle.c | 136 |
1 files changed, 133 insertions, 3 deletions
diff --git a/crypto/hmac-nettle.c b/crypto/hmac-nettle.c index 95f3dcc61c..4a9e6b2c7d 100644 --- a/crypto/hmac-nettle.c +++ b/crypto/hmac-nettle.c @@ -17,8 +17,83 @@ #include "crypto/hmac.h" #include <nettle/hmac.h> +typedef void (*qcrypto_nettle_hmac_setkey)(void *ctx, + size_t key_length, const uint8_t *key); + +typedef void (*qcrypto_nettle_hmac_update)(void *ctx, + size_t length, const uint8_t *data); + +typedef void (*qcrypto_nettle_hmac_digest)(void *ctx, + size_t length, uint8_t *digest); + +typedef struct QCryptoHmacNettle QCryptoHmacNettle; +struct QCryptoHmacNettle { + union qcrypto_nettle_hmac_ctx { + struct hmac_md5_ctx md5_ctx; + struct hmac_sha1_ctx sha1_ctx; + struct hmac_sha256_ctx sha256_ctx; /* equals hmac_sha224_ctx */ + struct hmac_sha512_ctx sha512_ctx; /* equals hmac_sha384_ctx */ + struct hmac_ripemd160_ctx ripemd160_ctx; + } u; +}; + +struct qcrypto_nettle_hmac_alg { + qcrypto_nettle_hmac_setkey setkey; + qcrypto_nettle_hmac_update update; + qcrypto_nettle_hmac_digest digest; + size_t len; +} qcrypto_hmac_alg_map[QCRYPTO_HASH_ALG__MAX] = { + [QCRYPTO_HASH_ALG_MD5] = { + .setkey = (qcrypto_nettle_hmac_setkey)hmac_md5_set_key, + .update = (qcrypto_nettle_hmac_update)hmac_md5_update, + .digest = (qcrypto_nettle_hmac_digest)hmac_md5_digest, + .len = MD5_DIGEST_SIZE, + }, + [QCRYPTO_HASH_ALG_SHA1] = { + .setkey = (qcrypto_nettle_hmac_setkey)hmac_sha1_set_key, + .update = (qcrypto_nettle_hmac_update)hmac_sha1_update, + .digest = (qcrypto_nettle_hmac_digest)hmac_sha1_digest, + .len = SHA1_DIGEST_SIZE, + }, + [QCRYPTO_HASH_ALG_SHA224] = { + .setkey = (qcrypto_nettle_hmac_setkey)hmac_sha224_set_key, + .update = (qcrypto_nettle_hmac_update)hmac_sha224_update, + .digest = (qcrypto_nettle_hmac_digest)hmac_sha224_digest, + .len = SHA224_DIGEST_SIZE, + }, + [QCRYPTO_HASH_ALG_SHA256] = { + .setkey = (qcrypto_nettle_hmac_setkey)hmac_sha256_set_key, + .update = (qcrypto_nettle_hmac_update)hmac_sha256_update, + .digest = (qcrypto_nettle_hmac_digest)hmac_sha256_digest, + .len = SHA256_DIGEST_SIZE, + }, + [QCRYPTO_HASH_ALG_SHA384] = { + .setkey = (qcrypto_nettle_hmac_setkey)hmac_sha384_set_key, + .update = (qcrypto_nettle_hmac_update)hmac_sha384_update, + .digest = (qcrypto_nettle_hmac_digest)hmac_sha384_digest, + .len = SHA384_DIGEST_SIZE, + }, + [QCRYPTO_HASH_ALG_SHA512] = { + .setkey = (qcrypto_nettle_hmac_setkey)hmac_sha512_set_key, + .update = (qcrypto_nettle_hmac_update)hmac_sha512_update, + .digest = (qcrypto_nettle_hmac_digest)hmac_sha512_digest, + .len = SHA512_DIGEST_SIZE, + }, + [QCRYPTO_HASH_ALG_RIPEMD160] = { + .setkey = (qcrypto_nettle_hmac_setkey)hmac_ripemd160_set_key, + .update = (qcrypto_nettle_hmac_update)hmac_ripemd160_update, + .digest = (qcrypto_nettle_hmac_digest)hmac_ripemd160_digest, + .len = RIPEMD160_DIGEST_SIZE, + }, +}; + bool qcrypto_hmac_supports(QCryptoHashAlgorithm alg) { + if (alg < G_N_ELEMENTS(qcrypto_hmac_alg_map) && + qcrypto_hmac_alg_map[alg].setkey != NULL) { + return true; + } + return false; } @@ -26,12 +101,39 @@ QCryptoHmac *qcrypto_hmac_new(QCryptoHashAlgorithm alg, const uint8_t *key, size_t nkey, Error **errp) { - return NULL; + QCryptoHmac *hmac; + QCryptoHmacNettle *ctx; + + if (!qcrypto_hmac_supports(alg)) { + error_setg(errp, "Unsupported hmac algorithm %s", + QCryptoHashAlgorithm_lookup[alg]); + return NULL; + } + + hmac = g_new0(QCryptoHmac, 1); + hmac->alg = alg; + + ctx = g_new0(QCryptoHmacNettle, 1); + + qcrypto_hmac_alg_map[alg].setkey(&ctx->u, nkey, key); + + hmac->opaque = ctx; + + return hmac; } void qcrypto_hmac_free(QCryptoHmac *hmac) { - return; + QCryptoHmacNettle *ctx; + + if (!hmac) { + return; + } + + ctx = hmac->opaque; + + g_free(ctx); + g_free(hmac); } int qcrypto_hmac_bytesv(QCryptoHmac *hmac, @@ -41,5 +143,33 @@ int qcrypto_hmac_bytesv(QCryptoHmac *hmac, size_t *resultlen, Error **errp) { - return -1; + QCryptoHmacNettle *ctx; + int i; + + ctx = (QCryptoHmacNettle *)hmac->opaque; + + for (i = 0; i < niov; ++i) { + size_t len = iov[i].iov_len; + uint8_t *base = iov[i].iov_base; + while (len) { + size_t shortlen = MIN(len, UINT_MAX); + qcrypto_hmac_alg_map[hmac->alg].update(&ctx->u, len, base); + len -= shortlen; + base += len; + } + } + + if (*resultlen == 0) { + *resultlen = qcrypto_hmac_alg_map[hmac->alg].len; + *result = g_new0(uint8_t, *resultlen); + } else if (*resultlen != qcrypto_hmac_alg_map[hmac->alg].len) { + error_setg(errp, + "Result buffer size %zu is smaller than hash %zu", + *resultlen, qcrypto_hmac_alg_map[hmac->alg].len); + return -1; + } + + qcrypto_hmac_alg_map[hmac->alg].digest(&ctx->u, *resultlen, *result); + + return 0; } |