qemu/crypto/pbkdf-gcrypt.c
<<
>>
Prefs 
   1/*
   2 * QEMU Crypto PBKDF support (Password-Based Key Derivation Function)
   3 *
   4 * Copyright (c) 2015-2016 Red Hat, Inc.
   5 *
   6 * This library is free software; you can redistribute it and/or
   7 * modify it under the terms of the GNU Lesser General Public
   8 * License as published by the Free Software Foundation; either
   9 * version 2.1 of the License, or (at your option) any later version.
  10 *
  11 * This library is distributed in the hope that it will be useful,
  12 * but WITHOUT ANY WARRANTY; without even the implied warranty of
  13 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU
  14 * Lesser General Public License for more details.
  15 *
  16 * You should have received a copy of the GNU Lesser General Public
  17 * License along with this library; if not, see <http://www.gnu.org/licenses/>.
  18 *
  19 */
  20
  21#include "qemu/osdep.h"
  22#include <gcrypt.h>
  23#include "qapi/error.h"
  24#include "crypto/pbkdf.h"
  25
  26bool qcrypto_pbkdf2_supports(QCryptoHashAlgorithm hash)
  27{
  28    switch (hash) {
  29    case QCRYPTO_HASH_ALG_MD5:
  30    case QCRYPTO_HASH_ALG_SHA1:
  31    case QCRYPTO_HASH_ALG_SHA224:
  32    case QCRYPTO_HASH_ALG_SHA256:
  33    case QCRYPTO_HASH_ALG_SHA384:
  34    case QCRYPTO_HASH_ALG_SHA512:
  35    case QCRYPTO_HASH_ALG_RIPEMD160:
  36        return true;
  37    default:
  38        return false;
  39    }
  40}
  41
  42int qcrypto_pbkdf2(QCryptoHashAlgorithm hash,
  43                   const uint8_t *key, size_t nkey,
  44                   const uint8_t *salt, size_t nsalt,
  45                   uint64_t iterations,
  46                   uint8_t *out, size_t nout,
  47                   Error **errp)
  48{
  49    static const int hash_map[QCRYPTO_HASH_ALG__MAX] = {
  50        [QCRYPTO_HASH_ALG_MD5] = GCRY_MD_MD5,
  51        [QCRYPTO_HASH_ALG_SHA1] = GCRY_MD_SHA1,
  52        [QCRYPTO_HASH_ALG_SHA224] = GCRY_MD_SHA224,
  53        [QCRYPTO_HASH_ALG_SHA256] = GCRY_MD_SHA256,
  54        [QCRYPTO_HASH_ALG_SHA384] = GCRY_MD_SHA384,
  55        [QCRYPTO_HASH_ALG_SHA512] = GCRY_MD_SHA512,
  56        [QCRYPTO_HASH_ALG_RIPEMD160] = GCRY_MD_RMD160,
  57    };
  58    int ret;
  59
  60    if (iterations > ULONG_MAX) {
  61        error_setg_errno(errp, ERANGE,
  62                         "PBKDF iterations %llu must be less than %lu",
  63                         (long long unsigned)iterations, ULONG_MAX);
  64        return -1;
  65    }
  66
  67    if (hash >= G_N_ELEMENTS(hash_map) ||
  68        hash_map[hash] == GCRY_MD_NONE) {
  69        error_setg_errno(errp, ENOSYS,
  70                         "PBKDF does not support hash algorithm %s",
  71                         QCryptoHashAlgorithm_str(hash));
  72        return -1;
  73    }
  74
  75    ret = gcry_kdf_derive(key, nkey, GCRY_KDF_PBKDF2,
  76                          hash_map[hash],
  77                          salt, nsalt, iterations,
  78                          nout, out);
  79    if (ret != 0) {
  80        error_setg(errp, "Cannot derive password: %s",
  81                   gcry_strerror(ret));
  82        return -1;
  83    }
  84
  85    return 0;
  86}
  87
Hosted by Missing Link Electronics. The original LXR software by the LXR community, this experimental version by lxr@linux.no.