xref: /openbmc/qemu/crypto/hmac-gcrypt.c (revision 88dd060d)
1 /*
2  * QEMU Crypto hmac algorithms (based on libgcrypt)
3  *
4  * Copyright (c) 2016 HUAWEI TECHNOLOGIES CO., LTD.
5  *
6  * Authors:
7  *    Longpeng(Mike) <longpeng2@huawei.com>
8  *
9  * This work is licensed under the terms of the GNU GPL, version 2 or
10  * (at your option) any later version.  See the COPYING file in the
11  * top-level directory.
12  *
13  */
14 
15 #include "qemu/osdep.h"
16 #include "qapi/error.h"
17 #include "crypto/hmac.h"
18 #include "hmacpriv.h"
19 #include <gcrypt.h>
20 
21 static int qcrypto_hmac_alg_map[QCRYPTO_HASH_ALGO__MAX] = {
22     [QCRYPTO_HASH_ALGO_MD5] = GCRY_MAC_HMAC_MD5,
23     [QCRYPTO_HASH_ALGO_SHA1] = GCRY_MAC_HMAC_SHA1,
24     [QCRYPTO_HASH_ALGO_SHA224] = GCRY_MAC_HMAC_SHA224,
25     [QCRYPTO_HASH_ALGO_SHA256] = GCRY_MAC_HMAC_SHA256,
26     [QCRYPTO_HASH_ALGO_SHA384] = GCRY_MAC_HMAC_SHA384,
27     [QCRYPTO_HASH_ALGO_SHA512] = GCRY_MAC_HMAC_SHA512,
28     [QCRYPTO_HASH_ALGO_RIPEMD160] = GCRY_MAC_HMAC_RMD160,
29 #ifdef CONFIG_CRYPTO_SM3
30     [QCRYPTO_HASH_ALGO_SM3] = GCRY_MAC_HMAC_SM3,
31 #endif
32 };
33 
34 typedef struct QCryptoHmacGcrypt QCryptoHmacGcrypt;
35 struct QCryptoHmacGcrypt {
36     gcry_mac_hd_t handle;
37 };
38 
39 bool qcrypto_hmac_supports(QCryptoHashAlgo alg)
40 {
41     if (alg < G_N_ELEMENTS(qcrypto_hmac_alg_map) &&
42         qcrypto_hmac_alg_map[alg] != GCRY_MAC_NONE) {
43         return gcry_mac_test_algo(qcrypto_hmac_alg_map[alg]) == 0;
44     }
45 
46     return false;
47 }
48 
49 void *qcrypto_hmac_ctx_new(QCryptoHashAlgo alg,
50                            const uint8_t *key, size_t nkey,
51                            Error **errp)
52 {
53     QCryptoHmacGcrypt *ctx;
54     gcry_error_t err;
55 
56     if (!qcrypto_hmac_supports(alg)) {
57         error_setg(errp, "Unsupported hmac algorithm %s",
58                    QCryptoHashAlgo_str(alg));
59         return NULL;
60     }
61 
62     ctx = g_new0(QCryptoHmacGcrypt, 1);
63 
64     err = gcry_mac_open(&ctx->handle, qcrypto_hmac_alg_map[alg],
65                         GCRY_MAC_FLAG_SECURE, NULL);
66     if (err != 0) {
67         error_setg(errp, "Cannot initialize hmac: %s",
68                    gcry_strerror(err));
69         goto error;
70     }
71 
72     err = gcry_mac_setkey(ctx->handle, (const void *)key, nkey);
73     if (err != 0) {
74         error_setg(errp, "Cannot set key: %s",
75                    gcry_strerror(err));
76         gcry_mac_close(ctx->handle);
77         goto error;
78     }
79 
80     return ctx;
81 
82 error:
83     g_free(ctx);
84     return NULL;
85 }
86 
87 static void
88 qcrypto_gcrypt_hmac_ctx_free(QCryptoHmac *hmac)
89 {
90     QCryptoHmacGcrypt *ctx;
91 
92     ctx = hmac->opaque;
93     gcry_mac_close(ctx->handle);
94 
95     g_free(ctx);
96 }
97 
98 static int
99 qcrypto_gcrypt_hmac_bytesv(QCryptoHmac *hmac,
100                            const struct iovec *iov,
101                            size_t niov,
102                            uint8_t **result,
103                            size_t *resultlen,
104                            Error **errp)
105 {
106     QCryptoHmacGcrypt *ctx;
107     gcry_error_t err;
108     uint32_t ret;
109     int i;
110 
111     ctx = hmac->opaque;
112 
113     for (i = 0; i < niov; i++) {
114         gcry_mac_write(ctx->handle, iov[i].iov_base, iov[i].iov_len);
115     }
116 
117     ret = gcry_mac_get_algo_maclen(qcrypto_hmac_alg_map[hmac->alg]);
118     if (ret <= 0) {
119         error_setg(errp, "Unable to get hmac length: %s",
120                    gcry_strerror(ret));
121         return -1;
122     }
123 
124     if (*resultlen == 0) {
125         *resultlen = ret;
126         *result = g_new0(uint8_t, *resultlen);
127     } else if (*resultlen != ret) {
128         error_setg(errp, "Result buffer size %zu is smaller than hmac %d",
129                    *resultlen, ret);
130         return -1;
131     }
132 
133     err = gcry_mac_read(ctx->handle, *result, resultlen);
134     if (err != 0) {
135         error_setg(errp, "Cannot get result: %s",
136                    gcry_strerror(err));
137         return -1;
138     }
139 
140     err = gcry_mac_reset(ctx->handle);
141     if (err != 0) {
142         error_setg(errp, "Cannot reset hmac context: %s",
143                    gcry_strerror(err));
144         return -1;
145     }
146 
147     return 0;
148 }
149 
150 QCryptoHmacDriver qcrypto_hmac_lib_driver = {
151     .hmac_bytesv = qcrypto_gcrypt_hmac_bytesv,
152     .hmac_free = qcrypto_gcrypt_hmac_ctx_free,
153 };
154