aboutsummaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorLongpeng(Mike) <longpeng2@huawei.com>2016-12-13 18:42:57 +0800
committerDaniel P. Berrange <berrange@redhat.com>2016-12-22 09:24:59 +0000
commit5ce9cfe737cce8240e5c4d1c1fdbf0e05ff3540f (patch)
tree12a1f403591c1781b7bd1fa261ebba96a3dddaf9
parent12a4f2162ad27f0d76fb9187dfc70a94e7bbd319 (diff)
crypto: support HMAC algorithms based on libgcrypt
This patch add HMAC algorithms based on libgcrypt support Signed-off-by: Longpeng(Mike) <longpeng2@huawei.com> Signed-off-by: Daniel P. Berrange <berrange@redhat.com>
-rw-r--r--crypto/hmac-gcrypt.c111
1 files changed, 109 insertions, 2 deletions
diff --git a/crypto/hmac-gcrypt.c b/crypto/hmac-gcrypt.c
index 6e07415f3d..21189e694f 100644
--- a/crypto/hmac-gcrypt.c
+++ b/crypto/hmac-gcrypt.c
@@ -17,8 +17,28 @@
#include "crypto/hmac.h"
#include <gcrypt.h>
+static int qcrypto_hmac_alg_map[QCRYPTO_HASH_ALG__MAX] = {
+ [QCRYPTO_HASH_ALG_MD5] = GCRY_MAC_HMAC_MD5,
+ [QCRYPTO_HASH_ALG_SHA1] = GCRY_MAC_HMAC_SHA1,
+ [QCRYPTO_HASH_ALG_SHA224] = GCRY_MAC_HMAC_SHA224,
+ [QCRYPTO_HASH_ALG_SHA256] = GCRY_MAC_HMAC_SHA256,
+ [QCRYPTO_HASH_ALG_SHA384] = GCRY_MAC_HMAC_SHA384,
+ [QCRYPTO_HASH_ALG_SHA512] = GCRY_MAC_HMAC_SHA512,
+ [QCRYPTO_HASH_ALG_RIPEMD160] = GCRY_MAC_HMAC_RMD160,
+};
+
+typedef struct QCryptoHmacGcrypt QCryptoHmacGcrypt;
+struct QCryptoHmacGcrypt {
+ gcry_mac_hd_t handle;
+};
+
bool qcrypto_hmac_supports(QCryptoHashAlgorithm alg)
{
+ if (alg < G_N_ELEMENTS(qcrypto_hmac_alg_map) &&
+ qcrypto_hmac_alg_map[alg] != GCRY_MAC_NONE) {
+ return true;
+ }
+
return false;
}
@@ -26,12 +46,58 @@ QCryptoHmac *qcrypto_hmac_new(QCryptoHashAlgorithm alg,
const uint8_t *key, size_t nkey,
Error **errp)
{
+ QCryptoHmac *hmac;
+ QCryptoHmacGcrypt *ctx;
+ gcry_error_t err;
+
+ if (!qcrypto_hmac_supports(alg)) {
+ error_setg(errp, "Unsupported hmac algorithm %s",
+ QCryptoHashAlgorithm_lookup[alg]);
+ return NULL;
+ }
+
+ hmac = g_new0(QCryptoHmac, 1);
+ hmac->alg = alg;
+
+ ctx = g_new0(QCryptoHmacGcrypt, 1);
+
+ err = gcry_mac_open(&ctx->handle, qcrypto_hmac_alg_map[alg],
+ GCRY_MAC_FLAG_SECURE, NULL);
+ if (err != 0) {
+ error_setg(errp, "Cannot initialize hmac: %s",
+ gcry_strerror(err));
+ goto error;
+ }
+
+ err = gcry_mac_setkey(ctx->handle, (const void *)key, nkey);
+ if (err != 0) {
+ error_setg(errp, "Cannot set key: %s",
+ gcry_strerror(err));
+ goto error;
+ }
+
+ hmac->opaque = ctx;
+ return hmac;
+
+error:
+ g_free(ctx);
+ g_free(hmac);
return NULL;
}
void qcrypto_hmac_free(QCryptoHmac *hmac)
{
- return;
+ QCryptoHmacGcrypt *ctx;
+
+ if (!hmac) {
+ return;
+ }
+
+ ctx = hmac->opaque;
+ gcry_mac_close(ctx->handle);
+
+ g_free(ctx);
+ g_free(hmac);
}
int qcrypto_hmac_bytesv(QCryptoHmac *hmac,
@@ -41,5 +107,46 @@ int qcrypto_hmac_bytesv(QCryptoHmac *hmac,
size_t *resultlen,
Error **errp)
{
- return -1;
+ QCryptoHmacGcrypt *ctx;
+ gcry_error_t err;
+ uint32_t ret;
+ int i;
+
+ ctx = hmac->opaque;
+
+ for (i = 0; i < niov; i++) {
+ gcry_mac_write(ctx->handle, iov[i].iov_base, iov[i].iov_len);
+ }
+
+ ret = gcry_mac_get_algo_maclen(qcrypto_hmac_alg_map[hmac->alg]);
+ if (ret <= 0) {
+ error_setg(errp, "Unable to get hmac length: %s",
+ gcry_strerror(ret));
+ return -1;
+ }
+
+ if (*resultlen == 0) {
+ *resultlen = ret;
+ *result = g_new0(uint8_t, *resultlen);
+ } else if (*resultlen != ret) {
+ error_setg(errp, "Result buffer size %zu is smaller than hmac %d",
+ *resultlen, ret);
+ return -1;
+ }
+
+ err = gcry_mac_read(ctx->handle, *result, resultlen);
+ if (err != 0) {
+ error_setg(errp, "Cannot get result: %s",
+ gcry_strerror(err));
+ return -1;
+ }
+
+ err = gcry_mac_reset(ctx->handle);
+ if (err != 0) {
+ error_setg(errp, "Cannot reset hmac context: %s",
+ gcry_strerror(err));
+ return -1;
+ }
+
+ return 0;
}