19a85ca05SDaniel P. Berrangé /*
29a85ca05SDaniel P. Berrangé * QEMU Crypto hash algorithms
39a85ca05SDaniel P. Berrangé *
4f4f3d666SAlejandro Zeise * Copyright (c) 2024 Seagate Technology LLC and/or its Affiliates
59a85ca05SDaniel P. Berrangé * Copyright (c) 2021 Red Hat, Inc.
69a85ca05SDaniel P. Berrangé *
79a85ca05SDaniel P. Berrangé * This library is free software; you can redistribute it and/or
89a85ca05SDaniel P. Berrangé * modify it under the terms of the GNU Lesser General Public
99a85ca05SDaniel P. Berrangé * License as published by the Free Software Foundation; either
109a85ca05SDaniel P. Berrangé * version 2.1 of the License, or (at your option) any later version.
119a85ca05SDaniel P. Berrangé *
129a85ca05SDaniel P. Berrangé * This library is distributed in the hope that it will be useful,
139a85ca05SDaniel P. Berrangé * but WITHOUT ANY WARRANTY; without even the implied warranty of
149a85ca05SDaniel P. Berrangé * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
159a85ca05SDaniel P. Berrangé * Lesser General Public License for more details.
169a85ca05SDaniel P. Berrangé *
179a85ca05SDaniel P. Berrangé * You should have received a copy of the GNU Lesser General Public
189a85ca05SDaniel P. Berrangé * License along with this library; if not, see <http://www.gnu.org/licenses/>.
199a85ca05SDaniel P. Berrangé *
209a85ca05SDaniel P. Berrangé */
219a85ca05SDaniel P. Berrangé
229a85ca05SDaniel P. Berrangé #include "qemu/osdep.h"
239a85ca05SDaniel P. Berrangé #include <gnutls/crypto.h>
249a85ca05SDaniel P. Berrangé #include "qapi/error.h"
259a85ca05SDaniel P. Berrangé #include "crypto/hash.h"
269a85ca05SDaniel P. Berrangé #include "hashpriv.h"
279a85ca05SDaniel P. Berrangé
289a85ca05SDaniel P. Berrangé
29ef834aa2SMarkus Armbruster static int qcrypto_hash_alg_map[QCRYPTO_HASH_ALGO__MAX] = {
30ef834aa2SMarkus Armbruster [QCRYPTO_HASH_ALGO_MD5] = GNUTLS_DIG_MD5,
31ef834aa2SMarkus Armbruster [QCRYPTO_HASH_ALGO_SHA1] = GNUTLS_DIG_SHA1,
32ef834aa2SMarkus Armbruster [QCRYPTO_HASH_ALGO_SHA224] = GNUTLS_DIG_SHA224,
33ef834aa2SMarkus Armbruster [QCRYPTO_HASH_ALGO_SHA256] = GNUTLS_DIG_SHA256,
34ef834aa2SMarkus Armbruster [QCRYPTO_HASH_ALGO_SHA384] = GNUTLS_DIG_SHA384,
35ef834aa2SMarkus Armbruster [QCRYPTO_HASH_ALGO_SHA512] = GNUTLS_DIG_SHA512,
36ef834aa2SMarkus Armbruster [QCRYPTO_HASH_ALGO_RIPEMD160] = GNUTLS_DIG_RMD160,
379a85ca05SDaniel P. Berrangé };
389a85ca05SDaniel P. Berrangé
qcrypto_hash_supports(QCryptoHashAlgo alg)39ef834aa2SMarkus Armbruster gboolean qcrypto_hash_supports(QCryptoHashAlgo alg)
409a85ca05SDaniel P. Berrangé {
419a85ca05SDaniel P. Berrangé size_t i;
429a85ca05SDaniel P. Berrangé const gnutls_digest_algorithm_t *algs;
439a85ca05SDaniel P. Berrangé if (alg >= G_N_ELEMENTS(qcrypto_hash_alg_map) ||
449a85ca05SDaniel P. Berrangé qcrypto_hash_alg_map[alg] == GNUTLS_DIG_UNKNOWN) {
459a85ca05SDaniel P. Berrangé return false;
469a85ca05SDaniel P. Berrangé }
479a85ca05SDaniel P. Berrangé algs = gnutls_digest_list();
489a85ca05SDaniel P. Berrangé for (i = 0; algs[i] != GNUTLS_DIG_UNKNOWN; i++) {
499a85ca05SDaniel P. Berrangé if (algs[i] == qcrypto_hash_alg_map[alg]) {
509a85ca05SDaniel P. Berrangé return true;
519a85ca05SDaniel P. Berrangé }
529a85ca05SDaniel P. Berrangé }
539a85ca05SDaniel P. Berrangé return false;
549a85ca05SDaniel P. Berrangé }
559a85ca05SDaniel P. Berrangé
56f4f3d666SAlejandro Zeise static
qcrypto_gnutls_hash_new(QCryptoHashAlgo alg,Error ** errp)57f4f3d666SAlejandro Zeise QCryptoHash *qcrypto_gnutls_hash_new(QCryptoHashAlgo alg, Error **errp)
58f4f3d666SAlejandro Zeise {
59f4f3d666SAlejandro Zeise QCryptoHash *hash;
60f4f3d666SAlejandro Zeise int ret;
61f4f3d666SAlejandro Zeise
62f4f3d666SAlejandro Zeise hash = g_new(QCryptoHash, 1);
63f4f3d666SAlejandro Zeise hash->alg = alg;
64f4f3d666SAlejandro Zeise hash->opaque = g_new(gnutls_hash_hd_t, 1);
65f4f3d666SAlejandro Zeise
66f4f3d666SAlejandro Zeise ret = gnutls_hash_init(hash->opaque, qcrypto_hash_alg_map[alg]);
67f4f3d666SAlejandro Zeise if (ret < 0) {
68f4f3d666SAlejandro Zeise error_setg(errp,
69f4f3d666SAlejandro Zeise "Unable to initialize hash algorithm: %s",
70f4f3d666SAlejandro Zeise gnutls_strerror(ret));
71f4f3d666SAlejandro Zeise g_free(hash->opaque);
72f4f3d666SAlejandro Zeise g_free(hash);
73f4f3d666SAlejandro Zeise return NULL;
74f4f3d666SAlejandro Zeise }
75f4f3d666SAlejandro Zeise
76f4f3d666SAlejandro Zeise return hash;
77f4f3d666SAlejandro Zeise }
78f4f3d666SAlejandro Zeise
79f4f3d666SAlejandro Zeise static
qcrypto_gnutls_hash_free(QCryptoHash * hash)80f4f3d666SAlejandro Zeise void qcrypto_gnutls_hash_free(QCryptoHash *hash)
81f4f3d666SAlejandro Zeise {
82f4f3d666SAlejandro Zeise gnutls_hash_hd_t *ctx = hash->opaque;
83f4f3d666SAlejandro Zeise
84f4f3d666SAlejandro Zeise gnutls_hash_deinit(*ctx, NULL);
85f4f3d666SAlejandro Zeise g_free(ctx);
86f4f3d666SAlejandro Zeise g_free(hash);
87f4f3d666SAlejandro Zeise }
88f4f3d666SAlejandro Zeise
89f4f3d666SAlejandro Zeise
90f4f3d666SAlejandro Zeise static
qcrypto_gnutls_hash_update(QCryptoHash * hash,const struct iovec * iov,size_t niov,Error ** errp)91f4f3d666SAlejandro Zeise int qcrypto_gnutls_hash_update(QCryptoHash *hash,
92f4f3d666SAlejandro Zeise const struct iovec *iov,
93f4f3d666SAlejandro Zeise size_t niov,
94f4f3d666SAlejandro Zeise Error **errp)
95f4f3d666SAlejandro Zeise {
96f4f3d666SAlejandro Zeise int ret = 0;
97f4f3d666SAlejandro Zeise gnutls_hash_hd_t *ctx = hash->opaque;
98f4f3d666SAlejandro Zeise
99f4f3d666SAlejandro Zeise for (int i = 0; i < niov; i++) {
100f4f3d666SAlejandro Zeise ret = gnutls_hash(*ctx, iov[i].iov_base, iov[i].iov_len);
101f4f3d666SAlejandro Zeise if (ret != 0) {
102f4f3d666SAlejandro Zeise error_setg(errp, "Failed to hash data: %s",
103f4f3d666SAlejandro Zeise gnutls_strerror(ret));
104f4f3d666SAlejandro Zeise return -1;
105f4f3d666SAlejandro Zeise }
106f4f3d666SAlejandro Zeise }
107f4f3d666SAlejandro Zeise
108f4f3d666SAlejandro Zeise return 0;
109f4f3d666SAlejandro Zeise }
110f4f3d666SAlejandro Zeise
111f4f3d666SAlejandro Zeise static
qcrypto_gnutls_hash_finalize(QCryptoHash * hash,uint8_t ** result,size_t * result_len,Error ** errp)112f4f3d666SAlejandro Zeise int qcrypto_gnutls_hash_finalize(QCryptoHash *hash,
113f4f3d666SAlejandro Zeise uint8_t **result,
114f4f3d666SAlejandro Zeise size_t *result_len,
115f4f3d666SAlejandro Zeise Error **errp)
116f4f3d666SAlejandro Zeise {
117f4f3d666SAlejandro Zeise gnutls_hash_hd_t *ctx = hash->opaque;
118*dde538c9SDaniel P. Berrangé int ret;
119f4f3d666SAlejandro Zeise
120*dde538c9SDaniel P. Berrangé ret = gnutls_hash_get_len(qcrypto_hash_alg_map[hash->alg]);
121*dde538c9SDaniel P. Berrangé if (ret == 0) {
122f4f3d666SAlejandro Zeise error_setg(errp, "Unable to get hash length");
123f4f3d666SAlejandro Zeise return -1;
124f4f3d666SAlejandro Zeise }
125f4f3d666SAlejandro Zeise
126*dde538c9SDaniel P. Berrangé if (*result_len == 0) {
127*dde538c9SDaniel P. Berrangé *result_len = ret;
128f4f3d666SAlejandro Zeise *result = g_new(uint8_t, *result_len);
129*dde538c9SDaniel P. Berrangé } else if (*result_len != ret) {
130*dde538c9SDaniel P. Berrangé error_setg(errp,
131*dde538c9SDaniel P. Berrangé "Result buffer size %zu is smaller than hash %d",
132*dde538c9SDaniel P. Berrangé *result_len, ret);
133*dde538c9SDaniel P. Berrangé return -1;
134*dde538c9SDaniel P. Berrangé }
135*dde538c9SDaniel P. Berrangé
136f4f3d666SAlejandro Zeise gnutls_hash_output(*ctx, *result);
137f4f3d666SAlejandro Zeise return 0;
138f4f3d666SAlejandro Zeise }
1399a85ca05SDaniel P. Berrangé
1409a85ca05SDaniel P. Berrangé QCryptoHashDriver qcrypto_hash_lib_driver = {
141f4f3d666SAlejandro Zeise .hash_new = qcrypto_gnutls_hash_new,
142f4f3d666SAlejandro Zeise .hash_update = qcrypto_gnutls_hash_update,
143f4f3d666SAlejandro Zeise .hash_finalize = qcrypto_gnutls_hash_finalize,
144f4f3d666SAlejandro Zeise .hash_free = qcrypto_gnutls_hash_free,
1459a85ca05SDaniel P. Berrangé };
146