From: "Daniel P. Berrangé" <berrange@redhat.com>
To: qemu-devel@nongnu.org
Cc: "Eric Blake" <eblake@redhat.com>,
"Daniel P. Berrangé" <berrange@redhat.com>,
"Gerd Hoffmann" <kraxel@redhat.com>,
"Markus Armbruster" <armbru@redhat.com>
Subject: [PATCH 15/18] crypto: add gnutls hash provider
Date: Tue, 6 Jul 2021 10:59:21 +0100 [thread overview]
Message-ID: <20210706095924.764117-16-berrange@redhat.com> (raw)
In-Reply-To: <20210706095924.764117-1-berrange@redhat.com>
This adds support for using gnutls as a provider of the crypto
hash APIs.
Signed-off-by: Daniel P. Berrangé <berrange@redhat.com>
---
crypto/hash-gnutls.c | 104 +++++++++++++++++++++++++++++++++++++++++++
crypto/meson.build | 2 +
2 files changed, 106 insertions(+)
create mode 100644 crypto/hash-gnutls.c
diff --git a/crypto/hash-gnutls.c b/crypto/hash-gnutls.c
new file mode 100644
index 0000000000..f88db71f00
--- /dev/null
+++ b/crypto/hash-gnutls.c
@@ -0,0 +1,104 @@
+/*
+ * QEMU Crypto hash algorithms
+ *
+ * Copyright (c) 2016 Red Hat, Inc.
+ *
+ * This library is free software; you can redistribute it and/or
+ * modify it under the terms of the GNU Lesser General Public
+ * License as published by the Free Software Foundation; either
+ * version 2.1 of the License, or (at your option) any later version.
+ *
+ * This library is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
+ * Lesser General Public License for more details.
+ *
+ * You should have received a copy of the GNU Lesser General Public
+ * License along with this library; if not, see <http://www.gnu.org/licenses/>.
+ *
+ */
+
+#include "qemu/osdep.h"
+#include <gnutls/crypto.h>
+#include "qapi/error.h"
+#include "crypto/hash.h"
+#include "hashpriv.h"
+
+
+static int qcrypto_hash_alg_map[QCRYPTO_HASH_ALG__MAX] = {
+ [QCRYPTO_HASH_ALG_MD5] = GNUTLS_DIG_MD5,
+ [QCRYPTO_HASH_ALG_SHA1] = GNUTLS_DIG_SHA1,
+ [QCRYPTO_HASH_ALG_SHA224] = GNUTLS_DIG_SHA224,
+ [QCRYPTO_HASH_ALG_SHA256] = GNUTLS_DIG_SHA256,
+ [QCRYPTO_HASH_ALG_SHA384] = GNUTLS_DIG_SHA384,
+ [QCRYPTO_HASH_ALG_SHA512] = GNUTLS_DIG_SHA512,
+ [QCRYPTO_HASH_ALG_RIPEMD160] = GNUTLS_DIG_RMD160,
+};
+
+gboolean qcrypto_hash_supports(QCryptoHashAlgorithm alg)
+{
+ size_t i;
+ const gnutls_digest_algorithm_t *algs;
+ if (alg >= G_N_ELEMENTS(qcrypto_hash_alg_map) ||
+ qcrypto_hash_alg_map[alg] == GNUTLS_DIG_UNKNOWN) {
+ return false;
+ }
+ algs = gnutls_digest_list();
+ for (i = 0; algs[i] != GNUTLS_DIG_UNKNOWN; i++) {
+ if (algs[i] == qcrypto_hash_alg_map[alg]) {
+ return true;
+ }
+ }
+ return false;
+}
+
+
+static int
+qcrypto_gnutls_hash_bytesv(QCryptoHashAlgorithm alg,
+ const struct iovec *iov,
+ size_t niov,
+ uint8_t **result,
+ size_t *resultlen,
+ Error **errp)
+{
+ int i, ret;
+ gnutls_hash_hd_t hash;
+
+ if (!qcrypto_hash_supports(alg)) {
+ error_setg(errp,
+ "Unknown hash algorithm %d",
+ alg);
+ return -1;
+ }
+
+ ret = gnutls_hash_get_len(qcrypto_hash_alg_map[alg]);
+ if (*resultlen == 0) {
+ *resultlen = ret;
+ *result = g_new0(uint8_t, *resultlen);
+ } else if (*resultlen != ret) {
+ error_setg(errp,
+ "Result buffer size %zu is smaller than hash %d",
+ *resultlen, ret);
+ return -1;
+ }
+
+ ret = gnutls_hash_init(&hash, qcrypto_hash_alg_map[alg]);
+ if (ret < 0) {
+ error_setg(errp,
+ "Unable to initialize hash algorithm: %s",
+ gnutls_strerror(ret));
+ return -1;
+ }
+
+ for (i = 0; i < niov; i++) {
+ gnutls_hash(hash, iov[i].iov_base, iov[i].iov_len);
+ }
+
+ gnutls_hash_deinit(hash, *result);
+ return 0;
+}
+
+
+QCryptoHashDriver qcrypto_hash_lib_driver = {
+ .hash_bytesv = qcrypto_gnutls_hash_bytesv,
+};
diff --git a/crypto/meson.build b/crypto/meson.build
index fc8de287e1..d6df83f2ab 100644
--- a/crypto/meson.build
+++ b/crypto/meson.build
@@ -28,6 +28,8 @@ if nettle.found()
endif
elif gcrypt.found()
crypto_ss.add(gcrypt, files('hash-gcrypt.c', 'hmac-gcrypt.c', 'pbkdf-gcrypt.c'))
+elif gnutls_crypto.found()
+ crypto_ss.add(gnutls, files('hash-gnutls.c', 'hmac-glib.c', 'pbkdf-stub.c')
else
crypto_ss.add(files('hash-glib.c', 'hmac-glib.c', 'pbkdf-stub.c'))
endif
--
2.31.1
next prev parent reply other threads:[~2021-07-06 10:12 UTC|newest]
Thread overview: 43+ messages / expand[flat|nested] mbox.gz Atom feed top
2021-07-06 9:59 [PATCH 00/18] crypto: misc cleanup and introduce gnutls backend driver Daniel P. Berrangé
2021-07-06 9:59 ` [PATCH 01/18] crypto: remove conditional around 3DES crypto test cases Daniel P. Berrangé
2021-07-08 18:27 ` Eric Blake
2021-07-06 9:59 ` [PATCH 02/18] crypto: remove obsolete crypto test condition Daniel P. Berrangé
2021-07-08 18:28 ` Eric Blake
2021-07-06 9:59 ` [PATCH 03/18] crypto: skip essiv ivgen tests if AES+ECB isn't available Daniel P. Berrangé
2021-07-08 18:29 ` Eric Blake
2021-07-06 9:59 ` [PATCH 04/18] crypto: use &error_fatal in crypto tests Daniel P. Berrangé
2021-07-08 18:33 ` Eric Blake
2021-07-06 9:59 ` [PATCH 05/18] crypto: fix gcrypt min version 1.8 regression Daniel P. Berrangé
2021-07-08 18:34 ` Eric Blake
2021-07-06 9:59 ` [PATCH 06/18] crypto: drop gcrypt thread initialization code Daniel P. Berrangé
2021-07-08 18:36 ` Eric Blake
2021-07-06 9:59 ` [PATCH 07/18] crypto: drop custom XTS support in gcrypt driver Daniel P. Berrangé
2021-07-08 18:40 ` Eric Blake
2021-07-06 9:59 ` [PATCH 08/18] crypto: add crypto tests for single block DES-ECB and DES-CBC Daniel P. Berrangé
2021-07-08 18:50 ` Eric Blake
2021-07-09 13:53 ` Daniel P. Berrangé
2021-07-06 9:59 ` [PATCH 09/18] crypto: delete built-in DES implementation Daniel P. Berrangé
2021-07-08 18:54 ` Eric Blake
2021-07-06 9:59 ` [PATCH 10/18] crypto: delete built-in XTS cipher mode support Daniel P. Berrangé
2021-07-08 18:56 ` Eric Blake
2021-07-06 9:59 ` [PATCH 11/18] crypto: rename des-rfb cipher to just des Daniel P. Berrangé
2021-07-07 12:47 ` Markus Armbruster
2021-07-07 13:48 ` Daniel P. Berrangé
2021-07-08 14:41 ` Markus Armbruster
2021-07-09 13:59 ` Daniel P. Berrangé
2021-07-08 19:50 ` Eric Blake
2021-07-06 9:59 ` [PATCH 12/18] crypto: flip priority of backends to prefer gcrypt Daniel P. Berrangé
2021-07-08 18:59 ` Eric Blake
2021-07-06 9:59 ` [PATCH 13/18] crypto: introduce build system for gnutls crypto backend Daniel P. Berrangé
2021-07-08 19:03 ` Eric Blake
2021-07-06 9:59 ` [PATCH 14/18] crypto: add gnutls cipher provider Daniel P. Berrangé
2021-07-08 19:13 ` Eric Blake
2021-07-06 9:59 ` Daniel P. Berrangé [this message]
2021-07-08 19:29 ` [PATCH 15/18] crypto: add gnutls hash provider Eric Blake
2021-07-06 9:59 ` [PATCH 16/18] crypto: add gnutls hmac provider Daniel P. Berrangé
2021-07-08 19:35 ` Eric Blake
2021-07-09 14:03 ` Daniel P. Berrangé
2021-07-06 9:59 ` [PATCH 17/18] crypto: add gnutls pbkdf provider Daniel P. Berrangé
2021-07-08 19:43 ` Eric Blake
2021-07-06 9:59 ` [PATCH 18/18] crypto: prefer gnutls as the crypto backend if new enough Daniel P. Berrangé
2021-07-08 19:52 ` Eric Blake
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20210706095924.764117-16-berrange@redhat.com \
--to=berrange@redhat.com \
--cc=armbru@redhat.com \
--cc=eblake@redhat.com \
--cc=kraxel@redhat.com \
--cc=qemu-devel@nongnu.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).