"Fossies" - the Fresh Open Source Software Archive

Member "cryptsetup-2.4.3/lib/crypto_backend/crypto_nettle.c" (13 Jan 2022, 11131 Bytes) of package /linux/misc/cryptsetup-2.4.3.tar.xz:


As a special service "Fossies" has tried to format the requested source page into HTML format using (guessed) C and C++ source code syntax highlighting (style: standard) with prefixed line numbers and code folding option. Alternatively you can here view or download the uninterpreted source code file. For more information about "crypto_nettle.c" see the Fossies "Dox" file reference documentation and the last Fossies "Diffs" side-by-side code changes report: 2.4.0_vs_2.4.1.

    1 /*
    2  * Nettle crypto backend implementation
    3  *
    4  * Copyright (C) 2011-2021 Red Hat, Inc. All rights reserved.
    5  * Copyright (C) 2011-2021 Milan Broz
    6  *
    7  * This file is free software; you can redistribute it and/or
    8  * modify it under the terms of the GNU Lesser General Public
    9  * License as published by the Free Software Foundation; either
   10  * version 2.1 of the License, or (at your option) any later version.
   11  *
   12  * This file is distributed in the hope that it will be useful,
   13  * but WITHOUT ANY WARRANTY; without even the implied warranty of
   14  * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU
   15  * Lesser General Public License for more details.
   16  *
   17  * You should have received a copy of the GNU Lesser General Public
   18  * License along with this file; if not, write to the Free Software
   19  * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
   20  */
   21 
   22 #include <stdlib.h>
   23 #include <string.h>
   24 #include <errno.h>
   25 #include <nettle/sha.h>
   26 #include <nettle/sha3.h>
   27 #include <nettle/hmac.h>
   28 #include <nettle/pbkdf2.h>
   29 #include "crypto_backend_internal.h"
   30 
   31 #if HAVE_NETTLE_VERSION_H
   32 #include <nettle/version.h>
   33 #define VSTR(s) STR(s)
   34 #define STR(s) #s
   35 static const char *version = "Nettle "VSTR(NETTLE_VERSION_MAJOR)"."VSTR(NETTLE_VERSION_MINOR);
   36 #else
   37 static const char *version = "Nettle";
   38 #endif
   39 
   40 typedef void (*init_func) (void *);
   41 typedef void (*update_func) (void *, size_t, const uint8_t *);
   42 typedef void (*digest_func) (void *, size_t, uint8_t *);
   43 typedef void (*set_key_func) (void *, size_t, const uint8_t *);
   44 
   45 struct hash_alg {
   46     const char *name;
   47     int length;
   48     init_func init;
   49     update_func update;
   50     digest_func digest;
   51     update_func hmac_update;
   52     digest_func hmac_digest;
   53     set_key_func hmac_set_key;
   54 };
   55 
   56 /* Missing HMAC wrappers in Nettle */
   57 #define HMAC_FCE(xxx) \
   58 struct xhmac_##xxx##_ctx HMAC_CTX(struct xxx##_ctx); \
   59 static void xhmac_##xxx##_set_key(struct xhmac_##xxx##_ctx *ctx, \
   60 size_t key_length, const uint8_t *key) \
   61 {HMAC_SET_KEY(ctx, &nettle_##xxx, key_length, key);} \
   62 static void xhmac_##xxx##_update(struct xhmac_##xxx##_ctx *ctx, \
   63 size_t length, const uint8_t *data) \
   64 {xxx##_update(&ctx->state, length, data);} \
   65 static void xhmac_##xxx##_digest(struct xhmac_##xxx##_ctx *ctx, \
   66 size_t length, uint8_t *digest) \
   67 {HMAC_DIGEST(ctx, &nettle_##xxx, length, digest);}
   68 
   69 HMAC_FCE(sha3_224);
   70 HMAC_FCE(sha3_256);
   71 HMAC_FCE(sha3_384);
   72 HMAC_FCE(sha3_512);
   73 
   74 static struct hash_alg hash_algs[] = {
   75     { "sha1", SHA1_DIGEST_SIZE,
   76         (init_func) sha1_init,
   77         (update_func) sha1_update,
   78         (digest_func) sha1_digest,
   79         (update_func) hmac_sha1_update,
   80         (digest_func) hmac_sha1_digest,
   81         (set_key_func) hmac_sha1_set_key,
   82     },
   83     { "sha224", SHA224_DIGEST_SIZE,
   84         (init_func) sha224_init,
   85         (update_func) sha224_update,
   86         (digest_func) sha224_digest,
   87         (update_func) hmac_sha224_update,
   88         (digest_func) hmac_sha224_digest,
   89         (set_key_func) hmac_sha224_set_key,
   90     },
   91     { "sha256", SHA256_DIGEST_SIZE,
   92         (init_func) sha256_init,
   93         (update_func) sha256_update,
   94         (digest_func) sha256_digest,
   95         (update_func) hmac_sha256_update,
   96         (digest_func) hmac_sha256_digest,
   97         (set_key_func) hmac_sha256_set_key,
   98     },
   99     { "sha384", SHA384_DIGEST_SIZE,
  100         (init_func) sha384_init,
  101         (update_func) sha384_update,
  102         (digest_func) sha384_digest,
  103         (update_func) hmac_sha384_update,
  104         (digest_func) hmac_sha384_digest,
  105         (set_key_func) hmac_sha384_set_key,
  106     },
  107     { "sha512", SHA512_DIGEST_SIZE,
  108         (init_func) sha512_init,
  109         (update_func) sha512_update,
  110         (digest_func) sha512_digest,
  111         (update_func) hmac_sha512_update,
  112         (digest_func) hmac_sha512_digest,
  113         (set_key_func) hmac_sha512_set_key,
  114     },
  115     { "ripemd160", RIPEMD160_DIGEST_SIZE,
  116         (init_func) ripemd160_init,
  117         (update_func) ripemd160_update,
  118         (digest_func) ripemd160_digest,
  119         (update_func) hmac_ripemd160_update,
  120         (digest_func) hmac_ripemd160_digest,
  121         (set_key_func) hmac_ripemd160_set_key,
  122     },
  123 /* Nettle prior to version 3.2 has incompatible SHA3 implementation */
  124 #if NETTLE_SHA3_FIPS202
  125     { "sha3-224", SHA3_224_DIGEST_SIZE,
  126         (init_func) sha3_224_init,
  127         (update_func) sha3_224_update,
  128         (digest_func) sha3_224_digest,
  129         (update_func) xhmac_sha3_224_update,
  130         (digest_func) xhmac_sha3_224_digest,
  131         (set_key_func) xhmac_sha3_224_set_key,
  132     },
  133     { "sha3-256", SHA3_256_DIGEST_SIZE,
  134         (init_func) sha3_256_init,
  135         (update_func) sha3_256_update,
  136         (digest_func) sha3_256_digest,
  137         (update_func) xhmac_sha3_256_update,
  138         (digest_func) xhmac_sha3_256_digest,
  139         (set_key_func) xhmac_sha3_256_set_key,
  140     },
  141     { "sha3-384", SHA3_384_DIGEST_SIZE,
  142         (init_func) sha3_384_init,
  143         (update_func) sha3_384_update,
  144         (digest_func) sha3_384_digest,
  145         (update_func) xhmac_sha3_384_update,
  146         (digest_func) xhmac_sha3_384_digest,
  147         (set_key_func) xhmac_sha3_384_set_key,
  148     },
  149     { "sha3-512", SHA3_512_DIGEST_SIZE,
  150         (init_func) sha3_512_init,
  151         (update_func) sha3_512_update,
  152         (digest_func) sha3_512_digest,
  153         (update_func) xhmac_sha3_512_update,
  154         (digest_func) xhmac_sha3_512_digest,
  155         (set_key_func) xhmac_sha3_512_set_key,
  156     },
  157 #endif
  158     { NULL, 0, NULL, NULL, NULL, NULL, NULL, NULL, }
  159 };
  160 
  161 struct crypt_hash {
  162     const struct hash_alg *hash;
  163     union {
  164         struct sha1_ctx sha1;
  165         struct sha224_ctx sha224;
  166         struct sha256_ctx sha256;
  167         struct sha384_ctx sha384;
  168         struct sha512_ctx sha512;
  169         struct ripemd160_ctx ripemd160;
  170         struct sha3_224_ctx sha3_224;
  171         struct sha3_256_ctx sha3_256;
  172         struct sha3_384_ctx sha3_384;
  173         struct sha3_512_ctx sha3_512;
  174     } nettle_ctx;
  175 };
  176 
  177 struct crypt_hmac {
  178     const struct hash_alg *hash;
  179     union {
  180         struct hmac_sha1_ctx sha1;
  181         struct hmac_sha224_ctx sha224;
  182         struct hmac_sha256_ctx sha256;
  183         struct hmac_sha384_ctx sha384;
  184         struct hmac_sha512_ctx sha512;
  185         struct hmac_ripemd160_ctx ripemd160;
  186         struct xhmac_sha3_224_ctx sha3_224;
  187         struct xhmac_sha3_256_ctx sha3_256;
  188         struct xhmac_sha3_384_ctx sha3_384;
  189         struct xhmac_sha3_512_ctx sha3_512;
  190     } nettle_ctx;
  191     size_t key_length;
  192     uint8_t *key;
  193 };
  194 
  195 struct crypt_cipher {
  196     struct crypt_cipher_kernel ck;
  197 };
  198 
  199 uint32_t crypt_backend_flags(void)
  200 {
  201     return 0;
  202 }
  203 
  204 static struct hash_alg *_get_alg(const char *name)
  205 {
  206     int i = 0;
  207 
  208     while (name && hash_algs[i].name) {
  209         if (!strcmp(name, hash_algs[i].name))
  210             return &hash_algs[i];
  211         i++;
  212     }
  213     return NULL;
  214 }
  215 
  216 int crypt_backend_init(bool fips __attribute__((unused)))
  217 {
  218     return 0;
  219 }
  220 
  221 void crypt_backend_destroy(void)
  222 {
  223     return;
  224 }
  225 
  226 const char *crypt_backend_version(void)
  227 {
  228     return version;
  229 }
  230 
  231 /* HASH */
  232 int crypt_hash_size(const char *name)
  233 {
  234     struct hash_alg *ha = _get_alg(name);
  235 
  236     return ha ? ha->length : -EINVAL;
  237 }
  238 
  239 int crypt_hash_init(struct crypt_hash **ctx, const char *name)
  240 {
  241     struct crypt_hash *h;
  242 
  243     h = malloc(sizeof(*h));
  244     if (!h)
  245         return -ENOMEM;
  246 
  247     h->hash = _get_alg(name);
  248     if (!h->hash) {
  249         free(h);
  250         return -EINVAL;
  251     }
  252 
  253     h->hash->init(&h->nettle_ctx);
  254 
  255     *ctx = h;
  256     return 0;
  257 }
  258 
  259 static void crypt_hash_restart(struct crypt_hash *ctx)
  260 {
  261     ctx->hash->init(&ctx->nettle_ctx);
  262 }
  263 
  264 int crypt_hash_write(struct crypt_hash *ctx, const char *buffer, size_t length)
  265 {
  266     ctx->hash->update(&ctx->nettle_ctx, length, (const uint8_t*)buffer);
  267     return 0;
  268 }
  269 
  270 int crypt_hash_final(struct crypt_hash *ctx, char *buffer, size_t length)
  271 {
  272     if (length > (size_t)ctx->hash->length)
  273         return -EINVAL;
  274 
  275     ctx->hash->digest(&ctx->nettle_ctx, length, (uint8_t *)buffer);
  276     crypt_hash_restart(ctx);
  277     return 0;
  278 }
  279 
  280 void crypt_hash_destroy(struct crypt_hash *ctx)
  281 {
  282     memset(ctx, 0, sizeof(*ctx));
  283     free(ctx);
  284 }
  285 
  286 /* HMAC */
  287 int crypt_hmac_size(const char *name)
  288 {
  289     return crypt_hash_size(name);
  290 }
  291 
  292 int crypt_hmac_init(struct crypt_hmac **ctx, const char *name,
  293             const void *key, size_t key_length)
  294 {
  295     struct crypt_hmac *h;
  296 
  297     h = malloc(sizeof(*h));
  298     if (!h)
  299         return -ENOMEM;
  300     memset(ctx, 0, sizeof(*ctx));
  301 
  302 
  303     h->hash = _get_alg(name);
  304     if (!h->hash) {
  305         free(h);
  306         return -EINVAL;
  307     }
  308 
  309     h->key = malloc(key_length);
  310     if (!h->key) {
  311         free(h);
  312         return -ENOMEM;
  313     }
  314 
  315     memcpy(h->key, key, key_length);
  316     h->key_length = key_length;
  317 
  318     h->hash->init(&h->nettle_ctx);
  319     h->hash->hmac_set_key(&h->nettle_ctx, h->key_length, h->key);
  320 
  321     *ctx = h;
  322     return 0;
  323 }
  324 
  325 static void crypt_hmac_restart(struct crypt_hmac *ctx)
  326 {
  327     ctx->hash->hmac_set_key(&ctx->nettle_ctx, ctx->key_length, ctx->key);
  328 }
  329 
  330 int crypt_hmac_write(struct crypt_hmac *ctx, const char *buffer, size_t length)
  331 {
  332     ctx->hash->hmac_update(&ctx->nettle_ctx, length, (const uint8_t *)buffer);
  333     return 0;
  334 }
  335 
  336 int crypt_hmac_final(struct crypt_hmac *ctx, char *buffer, size_t length)
  337 {
  338     if (length > (size_t)ctx->hash->length)
  339         return -EINVAL;
  340 
  341     ctx->hash->hmac_digest(&ctx->nettle_ctx, length, (uint8_t *)buffer);
  342     crypt_hmac_restart(ctx);
  343     return 0;
  344 }
  345 
  346 void crypt_hmac_destroy(struct crypt_hmac *ctx)
  347 {
  348     memset(ctx->key, 0, ctx->key_length);
  349     free(ctx->key);
  350     memset(ctx, 0, sizeof(*ctx));
  351     free(ctx);
  352 }
  353 
  354 /* RNG - N/A */
  355 int crypt_backend_rng(char *buffer __attribute__((unused)),
  356               size_t length __attribute__((unused)),
  357               int quality __attribute__((unused)),
  358               int fips __attribute__((unused)))
  359 {
  360     return -EINVAL;
  361 }
  362 
  363 /* PBKDF */
  364 int crypt_pbkdf(const char *kdf, const char *hash,
  365         const char *password, size_t password_length,
  366         const char *salt, size_t salt_length,
  367         char *key, size_t key_length,
  368         uint32_t iterations, uint32_t memory, uint32_t parallel)
  369 {
  370     struct crypt_hmac *h;
  371     int r;
  372 
  373     if (!kdf)
  374         return -EINVAL;
  375 
  376     if (!strcmp(kdf, "pbkdf2")) {
  377         r = crypt_hmac_init(&h, hash, password, password_length);
  378         if (r < 0)
  379             return r;
  380 
  381         nettle_pbkdf2(&h->nettle_ctx, h->hash->hmac_update,
  382                   h->hash->hmac_digest, h->hash->length, iterations,
  383                   salt_length, (const uint8_t *)salt, key_length,
  384                   (uint8_t *)key);
  385         crypt_hmac_destroy(h);
  386         return 0;
  387     } else if (!strncmp(kdf, "argon2", 6)) {
  388         return argon2(kdf, password, password_length, salt, salt_length,
  389                   key, key_length, iterations, memory, parallel);
  390     }
  391 
  392     return -EINVAL;
  393 }
  394 
  395 /* Block ciphers */
  396 int crypt_cipher_init(struct crypt_cipher **ctx, const char *name,
  397             const char *mode, const void *key, size_t key_length)
  398 {
  399     struct crypt_cipher *h;
  400     int r;
  401 
  402     h = malloc(sizeof(*h));
  403     if (!h)
  404         return -ENOMEM;
  405 
  406     r = crypt_cipher_init_kernel(&h->ck, name, mode, key, key_length);
  407     if (r < 0) {
  408         free(h);
  409         return r;
  410     }
  411 
  412     *ctx = h;
  413     return 0;
  414 }
  415 
  416 void crypt_cipher_destroy(struct crypt_cipher *ctx)
  417 {
  418     crypt_cipher_destroy_kernel(&ctx->ck);
  419     free(ctx);
  420 }
  421 
  422 int crypt_cipher_encrypt(struct crypt_cipher *ctx,
  423              const char *in, char *out, size_t length,
  424              const char *iv, size_t iv_length)
  425 {
  426     return crypt_cipher_encrypt_kernel(&ctx->ck, in, out, length, iv, iv_length);
  427 }
  428 
  429 int crypt_cipher_decrypt(struct crypt_cipher *ctx,
  430              const char *in, char *out, size_t length,
  431              const char *iv, size_t iv_length)
  432 {
  433     return crypt_cipher_decrypt_kernel(&ctx->ck, in, out, length, iv, iv_length);
  434 }
  435 
  436 bool crypt_cipher_kernel_only(struct crypt_cipher *ctx __attribute__((unused)))
  437 {
  438     return true;
  439 }
  440 
  441 int crypt_bitlk_decrypt_key(const void *key, size_t key_length,
  442                 const char *in, char *out, size_t length,
  443                 const char *iv, size_t iv_length,
  444                 const char *tag, size_t tag_length)
  445 {
  446     return crypt_bitlk_decrypt_key_kernel(key, key_length, in, out, length,
  447                           iv, iv_length, tag, tag_length);
  448 }