"Fossies" - the Fresh Open Source Software Archive 
Member "cryptsetup-2.4.3/lib/crypto_backend/crypto_nettle.c" (13 Jan 2022, 11131 Bytes) of package /linux/misc/cryptsetup-2.4.3.tar.xz:
As a special service "Fossies" has tried to format the requested source page into HTML format using (guessed) C and C++ source code syntax highlighting (style:
standard) with prefixed line numbers and
code folding option.
Alternatively you can here
view or
download the uninterpreted source code file.
For more information about "crypto_nettle.c" see the
Fossies "Dox" file reference documentation and the last
Fossies "Diffs" side-by-side code changes report:
2.4.0_vs_2.4.1.
1 /*
2 * Nettle crypto backend implementation
3 *
4 * Copyright (C) 2011-2021 Red Hat, Inc. All rights reserved.
5 * Copyright (C) 2011-2021 Milan Broz
6 *
7 * This file is free software; you can redistribute it and/or
8 * modify it under the terms of the GNU Lesser General Public
9 * License as published by the Free Software Foundation; either
10 * version 2.1 of the License, or (at your option) any later version.
11 *
12 * This file is distributed in the hope that it will be useful,
13 * but WITHOUT ANY WARRANTY; without even the implied warranty of
14 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
15 * Lesser General Public License for more details.
16 *
17 * You should have received a copy of the GNU Lesser General Public
18 * License along with this file; if not, write to the Free Software
19 * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
20 */
21
22 #include <stdlib.h>
23 #include <string.h>
24 #include <errno.h>
25 #include <nettle/sha.h>
26 #include <nettle/sha3.h>
27 #include <nettle/hmac.h>
28 #include <nettle/pbkdf2.h>
29 #include "crypto_backend_internal.h"
30
31 #if HAVE_NETTLE_VERSION_H
32 #include <nettle/version.h>
33 #define VSTR(s) STR(s)
34 #define STR(s) #s
35 static const char *version = "Nettle "VSTR(NETTLE_VERSION_MAJOR)"."VSTR(NETTLE_VERSION_MINOR);
36 #else
37 static const char *version = "Nettle";
38 #endif
39
40 typedef void (*init_func) (void *);
41 typedef void (*update_func) (void *, size_t, const uint8_t *);
42 typedef void (*digest_func) (void *, size_t, uint8_t *);
43 typedef void (*set_key_func) (void *, size_t, const uint8_t *);
44
45 struct hash_alg {
46 const char *name;
47 int length;
48 init_func init;
49 update_func update;
50 digest_func digest;
51 update_func hmac_update;
52 digest_func hmac_digest;
53 set_key_func hmac_set_key;
54 };
55
56 /* Missing HMAC wrappers in Nettle */
57 #define HMAC_FCE(xxx) \
58 struct xhmac_##xxx##_ctx HMAC_CTX(struct xxx##_ctx); \
59 static void xhmac_##xxx##_set_key(struct xhmac_##xxx##_ctx *ctx, \
60 size_t key_length, const uint8_t *key) \
61 {HMAC_SET_KEY(ctx, &nettle_##xxx, key_length, key);} \
62 static void xhmac_##xxx##_update(struct xhmac_##xxx##_ctx *ctx, \
63 size_t length, const uint8_t *data) \
64 {xxx##_update(&ctx->state, length, data);} \
65 static void xhmac_##xxx##_digest(struct xhmac_##xxx##_ctx *ctx, \
66 size_t length, uint8_t *digest) \
67 {HMAC_DIGEST(ctx, &nettle_##xxx, length, digest);}
68
69 HMAC_FCE(sha3_224);
70 HMAC_FCE(sha3_256);
71 HMAC_FCE(sha3_384);
72 HMAC_FCE(sha3_512);
73
74 static struct hash_alg hash_algs[] = {
75 { "sha1", SHA1_DIGEST_SIZE,
76 (init_func) sha1_init,
77 (update_func) sha1_update,
78 (digest_func) sha1_digest,
79 (update_func) hmac_sha1_update,
80 (digest_func) hmac_sha1_digest,
81 (set_key_func) hmac_sha1_set_key,
82 },
83 { "sha224", SHA224_DIGEST_SIZE,
84 (init_func) sha224_init,
85 (update_func) sha224_update,
86 (digest_func) sha224_digest,
87 (update_func) hmac_sha224_update,
88 (digest_func) hmac_sha224_digest,
89 (set_key_func) hmac_sha224_set_key,
90 },
91 { "sha256", SHA256_DIGEST_SIZE,
92 (init_func) sha256_init,
93 (update_func) sha256_update,
94 (digest_func) sha256_digest,
95 (update_func) hmac_sha256_update,
96 (digest_func) hmac_sha256_digest,
97 (set_key_func) hmac_sha256_set_key,
98 },
99 { "sha384", SHA384_DIGEST_SIZE,
100 (init_func) sha384_init,
101 (update_func) sha384_update,
102 (digest_func) sha384_digest,
103 (update_func) hmac_sha384_update,
104 (digest_func) hmac_sha384_digest,
105 (set_key_func) hmac_sha384_set_key,
106 },
107 { "sha512", SHA512_DIGEST_SIZE,
108 (init_func) sha512_init,
109 (update_func) sha512_update,
110 (digest_func) sha512_digest,
111 (update_func) hmac_sha512_update,
112 (digest_func) hmac_sha512_digest,
113 (set_key_func) hmac_sha512_set_key,
114 },
115 { "ripemd160", RIPEMD160_DIGEST_SIZE,
116 (init_func) ripemd160_init,
117 (update_func) ripemd160_update,
118 (digest_func) ripemd160_digest,
119 (update_func) hmac_ripemd160_update,
120 (digest_func) hmac_ripemd160_digest,
121 (set_key_func) hmac_ripemd160_set_key,
122 },
123 /* Nettle prior to version 3.2 has incompatible SHA3 implementation */
124 #if NETTLE_SHA3_FIPS202
125 { "sha3-224", SHA3_224_DIGEST_SIZE,
126 (init_func) sha3_224_init,
127 (update_func) sha3_224_update,
128 (digest_func) sha3_224_digest,
129 (update_func) xhmac_sha3_224_update,
130 (digest_func) xhmac_sha3_224_digest,
131 (set_key_func) xhmac_sha3_224_set_key,
132 },
133 { "sha3-256", SHA3_256_DIGEST_SIZE,
134 (init_func) sha3_256_init,
135 (update_func) sha3_256_update,
136 (digest_func) sha3_256_digest,
137 (update_func) xhmac_sha3_256_update,
138 (digest_func) xhmac_sha3_256_digest,
139 (set_key_func) xhmac_sha3_256_set_key,
140 },
141 { "sha3-384", SHA3_384_DIGEST_SIZE,
142 (init_func) sha3_384_init,
143 (update_func) sha3_384_update,
144 (digest_func) sha3_384_digest,
145 (update_func) xhmac_sha3_384_update,
146 (digest_func) xhmac_sha3_384_digest,
147 (set_key_func) xhmac_sha3_384_set_key,
148 },
149 { "sha3-512", SHA3_512_DIGEST_SIZE,
150 (init_func) sha3_512_init,
151 (update_func) sha3_512_update,
152 (digest_func) sha3_512_digest,
153 (update_func) xhmac_sha3_512_update,
154 (digest_func) xhmac_sha3_512_digest,
155 (set_key_func) xhmac_sha3_512_set_key,
156 },
157 #endif
158 { NULL, 0, NULL, NULL, NULL, NULL, NULL, NULL, }
159 };
160
161 struct crypt_hash {
162 const struct hash_alg *hash;
163 union {
164 struct sha1_ctx sha1;
165 struct sha224_ctx sha224;
166 struct sha256_ctx sha256;
167 struct sha384_ctx sha384;
168 struct sha512_ctx sha512;
169 struct ripemd160_ctx ripemd160;
170 struct sha3_224_ctx sha3_224;
171 struct sha3_256_ctx sha3_256;
172 struct sha3_384_ctx sha3_384;
173 struct sha3_512_ctx sha3_512;
174 } nettle_ctx;
175 };
176
177 struct crypt_hmac {
178 const struct hash_alg *hash;
179 union {
180 struct hmac_sha1_ctx sha1;
181 struct hmac_sha224_ctx sha224;
182 struct hmac_sha256_ctx sha256;
183 struct hmac_sha384_ctx sha384;
184 struct hmac_sha512_ctx sha512;
185 struct hmac_ripemd160_ctx ripemd160;
186 struct xhmac_sha3_224_ctx sha3_224;
187 struct xhmac_sha3_256_ctx sha3_256;
188 struct xhmac_sha3_384_ctx sha3_384;
189 struct xhmac_sha3_512_ctx sha3_512;
190 } nettle_ctx;
191 size_t key_length;
192 uint8_t *key;
193 };
194
195 struct crypt_cipher {
196 struct crypt_cipher_kernel ck;
197 };
198
199 uint32_t crypt_backend_flags(void)
200 {
201 return 0;
202 }
203
204 static struct hash_alg *_get_alg(const char *name)
205 {
206 int i = 0;
207
208 while (name && hash_algs[i].name) {
209 if (!strcmp(name, hash_algs[i].name))
210 return &hash_algs[i];
211 i++;
212 }
213 return NULL;
214 }
215
216 int crypt_backend_init(bool fips __attribute__((unused)))
217 {
218 return 0;
219 }
220
221 void crypt_backend_destroy(void)
222 {
223 return;
224 }
225
226 const char *crypt_backend_version(void)
227 {
228 return version;
229 }
230
231 /* HASH */
232 int crypt_hash_size(const char *name)
233 {
234 struct hash_alg *ha = _get_alg(name);
235
236 return ha ? ha->length : -EINVAL;
237 }
238
239 int crypt_hash_init(struct crypt_hash **ctx, const char *name)
240 {
241 struct crypt_hash *h;
242
243 h = malloc(sizeof(*h));
244 if (!h)
245 return -ENOMEM;
246
247 h->hash = _get_alg(name);
248 if (!h->hash) {
249 free(h);
250 return -EINVAL;
251 }
252
253 h->hash->init(&h->nettle_ctx);
254
255 *ctx = h;
256 return 0;
257 }
258
259 static void crypt_hash_restart(struct crypt_hash *ctx)
260 {
261 ctx->hash->init(&ctx->nettle_ctx);
262 }
263
264 int crypt_hash_write(struct crypt_hash *ctx, const char *buffer, size_t length)
265 {
266 ctx->hash->update(&ctx->nettle_ctx, length, (const uint8_t*)buffer);
267 return 0;
268 }
269
270 int crypt_hash_final(struct crypt_hash *ctx, char *buffer, size_t length)
271 {
272 if (length > (size_t)ctx->hash->length)
273 return -EINVAL;
274
275 ctx->hash->digest(&ctx->nettle_ctx, length, (uint8_t *)buffer);
276 crypt_hash_restart(ctx);
277 return 0;
278 }
279
280 void crypt_hash_destroy(struct crypt_hash *ctx)
281 {
282 memset(ctx, 0, sizeof(*ctx));
283 free(ctx);
284 }
285
286 /* HMAC */
287 int crypt_hmac_size(const char *name)
288 {
289 return crypt_hash_size(name);
290 }
291
292 int crypt_hmac_init(struct crypt_hmac **ctx, const char *name,
293 const void *key, size_t key_length)
294 {
295 struct crypt_hmac *h;
296
297 h = malloc(sizeof(*h));
298 if (!h)
299 return -ENOMEM;
300 memset(ctx, 0, sizeof(*ctx));
301
302
303 h->hash = _get_alg(name);
304 if (!h->hash) {
305 free(h);
306 return -EINVAL;
307 }
308
309 h->key = malloc(key_length);
310 if (!h->key) {
311 free(h);
312 return -ENOMEM;
313 }
314
315 memcpy(h->key, key, key_length);
316 h->key_length = key_length;
317
318 h->hash->init(&h->nettle_ctx);
319 h->hash->hmac_set_key(&h->nettle_ctx, h->key_length, h->key);
320
321 *ctx = h;
322 return 0;
323 }
324
325 static void crypt_hmac_restart(struct crypt_hmac *ctx)
326 {
327 ctx->hash->hmac_set_key(&ctx->nettle_ctx, ctx->key_length, ctx->key);
328 }
329
330 int crypt_hmac_write(struct crypt_hmac *ctx, const char *buffer, size_t length)
331 {
332 ctx->hash->hmac_update(&ctx->nettle_ctx, length, (const uint8_t *)buffer);
333 return 0;
334 }
335
336 int crypt_hmac_final(struct crypt_hmac *ctx, char *buffer, size_t length)
337 {
338 if (length > (size_t)ctx->hash->length)
339 return -EINVAL;
340
341 ctx->hash->hmac_digest(&ctx->nettle_ctx, length, (uint8_t *)buffer);
342 crypt_hmac_restart(ctx);
343 return 0;
344 }
345
346 void crypt_hmac_destroy(struct crypt_hmac *ctx)
347 {
348 memset(ctx->key, 0, ctx->key_length);
349 free(ctx->key);
350 memset(ctx, 0, sizeof(*ctx));
351 free(ctx);
352 }
353
354 /* RNG - N/A */
355 int crypt_backend_rng(char *buffer __attribute__((unused)),
356 size_t length __attribute__((unused)),
357 int quality __attribute__((unused)),
358 int fips __attribute__((unused)))
359 {
360 return -EINVAL;
361 }
362
363 /* PBKDF */
364 int crypt_pbkdf(const char *kdf, const char *hash,
365 const char *password, size_t password_length,
366 const char *salt, size_t salt_length,
367 char *key, size_t key_length,
368 uint32_t iterations, uint32_t memory, uint32_t parallel)
369 {
370 struct crypt_hmac *h;
371 int r;
372
373 if (!kdf)
374 return -EINVAL;
375
376 if (!strcmp(kdf, "pbkdf2")) {
377 r = crypt_hmac_init(&h, hash, password, password_length);
378 if (r < 0)
379 return r;
380
381 nettle_pbkdf2(&h->nettle_ctx, h->hash->hmac_update,
382 h->hash->hmac_digest, h->hash->length, iterations,
383 salt_length, (const uint8_t *)salt, key_length,
384 (uint8_t *)key);
385 crypt_hmac_destroy(h);
386 return 0;
387 } else if (!strncmp(kdf, "argon2", 6)) {
388 return argon2(kdf, password, password_length, salt, salt_length,
389 key, key_length, iterations, memory, parallel);
390 }
391
392 return -EINVAL;
393 }
394
395 /* Block ciphers */
396 int crypt_cipher_init(struct crypt_cipher **ctx, const char *name,
397 const char *mode, const void *key, size_t key_length)
398 {
399 struct crypt_cipher *h;
400 int r;
401
402 h = malloc(sizeof(*h));
403 if (!h)
404 return -ENOMEM;
405
406 r = crypt_cipher_init_kernel(&h->ck, name, mode, key, key_length);
407 if (r < 0) {
408 free(h);
409 return r;
410 }
411
412 *ctx = h;
413 return 0;
414 }
415
416 void crypt_cipher_destroy(struct crypt_cipher *ctx)
417 {
418 crypt_cipher_destroy_kernel(&ctx->ck);
419 free(ctx);
420 }
421
422 int crypt_cipher_encrypt(struct crypt_cipher *ctx,
423 const char *in, char *out, size_t length,
424 const char *iv, size_t iv_length)
425 {
426 return crypt_cipher_encrypt_kernel(&ctx->ck, in, out, length, iv, iv_length);
427 }
428
429 int crypt_cipher_decrypt(struct crypt_cipher *ctx,
430 const char *in, char *out, size_t length,
431 const char *iv, size_t iv_length)
432 {
433 return crypt_cipher_decrypt_kernel(&ctx->ck, in, out, length, iv, iv_length);
434 }
435
436 bool crypt_cipher_kernel_only(struct crypt_cipher *ctx __attribute__((unused)))
437 {
438 return true;
439 }
440
441 int crypt_bitlk_decrypt_key(const void *key, size_t key_length,
442 const char *in, char *out, size_t length,
443 const char *iv, size_t iv_length,
444 const char *tag, size_t tag_length)
445 {
446 return crypt_bitlk_decrypt_key_kernel(key, key_length, in, out, length,
447 iv, iv_length, tag, tag_length);
448 }