From nobody Mon Feb 9 04:46:33 2026 Delivered-To: importer@patchew.org Authentication-Results: mx.zohomail.com; dkim=fail; spf=pass (zohomail.com: domain of gnu.org designates 209.51.188.17 as permitted sender) smtp.mailfrom=qemu-devel-bounces+importer=patchew.org@nongnu.org; dmarc=fail(p=none dis=none) header.from=redhat.com Return-Path: Received: from lists.gnu.org (lists.gnu.org [209.51.188.17]) by mx.zohomail.com with SMTPS id 1626096864565706.5609688782325; Mon, 12 Jul 2021 06:34:24 -0700 (PDT) Received: from localhost ([::1]:42942 helo=lists1p.gnu.org) by lists.gnu.org with esmtp (Exim 4.90_1) (envelope-from ) id 1m2w4l-0003p6-HW for importer@patchew.org; Mon, 12 Jul 2021 09:34:23 -0400 Received: from eggs.gnu.org ([2001:470:142:3::10]:47324) by lists.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.90_1) (envelope-from ) id 1m2vdD-0005cm-1y for qemu-devel@nongnu.org; Mon, 12 Jul 2021 09:05:55 -0400 Received: from us-smtp-delivery-124.mimecast.com ([216.205.24.124]:47052) by eggs.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.90_1) (envelope-from ) id 1m2vdB-0006jv-6h for qemu-devel@nongnu.org; Mon, 12 Jul 2021 09:05:54 -0400 Received: from mimecast-mx01.redhat.com (mimecast-mx01.redhat.com [209.132.183.4]) (Using TLS) by relay.mimecast.com with ESMTP id us-mta-19-ZUFaPSdbO1qwC5K5XA50yA-1; Mon, 12 Jul 2021 09:05:51 -0400 Received: from smtp.corp.redhat.com (int-mx06.intmail.prod.int.phx2.redhat.com [10.5.11.16]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by mimecast-mx01.redhat.com (Postfix) with ESMTPS id 7338E801107; Mon, 12 Jul 2021 13:05:49 +0000 (UTC) Received: from localhost.localdomain.com (ovpn-114-105.ams2.redhat.com [10.36.114.105]) by smtp.corp.redhat.com (Postfix) with ESMTP id 740375C1D1; Mon, 12 Jul 2021 13:05:36 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=redhat.com; s=mimecast20190719; t=1626095152; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:cc:mime-version:mime-version:content-type:content-type: content-transfer-encoding:content-transfer-encoding: in-reply-to:in-reply-to:references:references; bh=u1M14to1iIlvhotd+JFzyhYmdK5dpNpLufoi7VNVtrY=; b=UjkVuWBCPrdb3lQw3s2ZDt9dvH/ueY1VRvp6LJybRAGE8/BlgS7Dvk23B45iOtVb6Og4ue Zqk4QHGi/9AWr1vMmUIS8Ex6uXM7PP9j2F1HTiZ6Lbh58wrWow1/U3pWrqXbILxKNAW8xq fK8pu0nzBFAQPOWet7Z1EpKYgYp3xIY= X-MC-Unique: ZUFaPSdbO1qwC5K5XA50yA-1 From: =?UTF-8?q?Daniel=20P=2E=20Berrang=C3=A9?= To: qemu-devel@nongnu.org Subject: [PULL 16/22] crypto: add gnutls hmac provider Date: Mon, 12 Jul 2021 14:02:17 +0100 Message-Id: <20210712130223.1825930-17-berrange@redhat.com> In-Reply-To: <20210712130223.1825930-1-berrange@redhat.com> References: <20210712130223.1825930-1-berrange@redhat.com> MIME-Version: 1.0 X-Scanned-By: MIMEDefang 2.79 on 10.5.11.16 Authentication-Results: relay.mimecast.com; auth=pass smtp.auth=CUSA124A263 smtp.mailfrom=berrange@redhat.com X-Mimecast-Spam-Score: 0 X-Mimecast-Originator: redhat.com Content-Type: text/plain; charset="utf-8" Content-Transfer-Encoding: quoted-printable Received-SPF: pass (zohomail.com: domain of gnu.org designates 209.51.188.17 as permitted sender) client-ip=209.51.188.17; envelope-from=qemu-devel-bounces+importer=patchew.org@nongnu.org; helo=lists.gnu.org; Received-SPF: pass client-ip=216.205.24.124; envelope-from=berrange@redhat.com; helo=us-smtp-delivery-124.mimecast.com X-Spam_score_int: -34 X-Spam_score: -3.5 X-Spam_bar: --- X-Spam_report: (-3.5 / 5.0 requ) BAYES_00=-1.9, DKIMWL_WL_HIGH=-0.699, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, RCVD_IN_DNSWL_LOW=-0.7, RCVD_IN_MSPIKE_H4=0.001, RCVD_IN_MSPIKE_WL=0.001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001 autolearn=ham autolearn_force=no X-Spam_action: no action X-BeenThere: qemu-devel@nongnu.org X-Mailman-Version: 2.1.23 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Cc: Eduardo Otubo , =?UTF-8?q?Daniel=20P=2E=20Berrang=C3=A9?= , Juan Quintela , Jason Wang , "Dr. David Alan Gilbert" , Markus Armbruster , Gerd Hoffmann , Jiri Pirko , Eric Blake Errors-To: qemu-devel-bounces+importer=patchew.org@nongnu.org Sender: "Qemu-devel" X-ZohoMail-DKIM: fail (Header signature does not verify) X-ZM-MESSAGEID: 1626096865368100001 This adds support for using gnutls as a provider of the crypto hmac APIs. Reviewed-by: Eric Blake Signed-off-by: Daniel P. Berrang=C3=A9 --- crypto/hmac-gnutls.c | 139 +++++++++++++++++++++++++++++++++++++++++++ 1 file changed, 139 insertions(+) create mode 100644 crypto/hmac-gnutls.c diff --git a/crypto/hmac-gnutls.c b/crypto/hmac-gnutls.c new file mode 100644 index 0000000000..24db383322 --- /dev/null +++ b/crypto/hmac-gnutls.c @@ -0,0 +1,139 @@ +/* + * QEMU Crypto hmac algorithms + * + * Copyright (c) 2021 Red Hat, Inc. + * + * Derived from hmac-gcrypt.c: + * + * Copyright (c) 2016 HUAWEI TECHNOLOGIES CO., LTD. + * + * This work is licensed under the terms of the GNU GPL, version 2 or + * (at your option) any later version. See the COPYING file in the + * top-level directory. + * + */ + +#include "qemu/osdep.h" +#include + +#include "qapi/error.h" +#include "crypto/hmac.h" +#include "hmacpriv.h" + +static int qcrypto_hmac_alg_map[QCRYPTO_HASH_ALG__MAX] =3D { + [QCRYPTO_HASH_ALG_MD5] =3D GNUTLS_MAC_MD5, + [QCRYPTO_HASH_ALG_SHA1] =3D GNUTLS_MAC_SHA1, + [QCRYPTO_HASH_ALG_SHA224] =3D GNUTLS_MAC_SHA224, + [QCRYPTO_HASH_ALG_SHA256] =3D GNUTLS_MAC_SHA256, + [QCRYPTO_HASH_ALG_SHA384] =3D GNUTLS_MAC_SHA384, + [QCRYPTO_HASH_ALG_SHA512] =3D GNUTLS_MAC_SHA512, + [QCRYPTO_HASH_ALG_RIPEMD160] =3D GNUTLS_MAC_RMD160, +}; + +typedef struct QCryptoHmacGnutls QCryptoHmacGnutls; +struct QCryptoHmacGnutls { + gnutls_hmac_hd_t handle; +}; + +bool qcrypto_hmac_supports(QCryptoHashAlgorithm alg) +{ + size_t i; + const gnutls_digest_algorithm_t *algs; + if (alg >=3D G_N_ELEMENTS(qcrypto_hmac_alg_map) || + qcrypto_hmac_alg_map[alg] =3D=3D GNUTLS_DIG_UNKNOWN) { + return false; + } + algs =3D gnutls_digest_list(); + for (i =3D 0; algs[i] !=3D GNUTLS_DIG_UNKNOWN; i++) { + if (algs[i] =3D=3D qcrypto_hmac_alg_map[alg]) { + return true; + } + } + return false; +} + +void *qcrypto_hmac_ctx_new(QCryptoHashAlgorithm alg, + const uint8_t *key, size_t nkey, + Error **errp) +{ + QCryptoHmacGnutls *ctx; + int err; + + if (!qcrypto_hmac_supports(alg)) { + error_setg(errp, "Unsupported hmac algorithm %s", + QCryptoHashAlgorithm_str(alg)); + return NULL; + } + + ctx =3D g_new0(QCryptoHmacGnutls, 1); + + err =3D gnutls_hmac_init(&ctx->handle, + qcrypto_hmac_alg_map[alg], + (const void *)key, nkey); + if (err !=3D 0) { + error_setg(errp, "Cannot initialize hmac: %s", + gnutls_strerror(err)); + goto error; + } + + return ctx; + +error: + g_free(ctx); + return NULL; +} + +static void +qcrypto_gnutls_hmac_ctx_free(QCryptoHmac *hmac) +{ + QCryptoHmacGnutls *ctx; + + ctx =3D hmac->opaque; + gnutls_hmac_deinit(ctx->handle, NULL); + + g_free(ctx); +} + +static int +qcrypto_gnutls_hmac_bytesv(QCryptoHmac *hmac, + const struct iovec *iov, + size_t niov, + uint8_t **result, + size_t *resultlen, + Error **errp) +{ + QCryptoHmacGnutls *ctx; + uint32_t ret; + int i; + + ctx =3D hmac->opaque; + + for (i =3D 0; i < niov; i++) { + gnutls_hmac(ctx->handle, iov[i].iov_base, iov[i].iov_len); + } + + ret =3D gnutls_hmac_get_len(qcrypto_hmac_alg_map[hmac->alg]); + if (ret <=3D 0) { + error_setg(errp, "Unable to get hmac length: %s", + gnutls_strerror(ret)); + return -1; + } + + if (*resultlen =3D=3D 0) { + *resultlen =3D ret; + *result =3D g_new0(uint8_t, *resultlen); + } else if (*resultlen !=3D ret) { + error_setg(errp, "Result buffer size %zu is smaller than hmac %d", + *resultlen, ret); + return -1; + } + + gnutls_hmac_output(ctx->handle, *result); + + return 0; +} + +QCryptoHmacDriver qcrypto_hmac_lib_driver =3D { + .hmac_bytesv =3D qcrypto_gnutls_hmac_bytesv, + .hmac_free =3D qcrypto_gnutls_hmac_ctx_free, +}; --=20 2.31.1