diff mbox

[for-2.9,v3,4/6] crypto: support HMAC algorithms based on glibc

Message ID 1481612513-28556-5-git-send-email-longpeng2@huawei.com
State New
Headers show

Commit Message

Longpeng (Mike, Cloud Infrastructure Service Product Dept.) Dec. 13, 2016, 7:01 a.m. UTC 
This patch add glibc-backed HMAC algorithms support

Signed-off-by: Longpeng(Mike) <longpeng2@huawei.com>
---
 crypto/hmac-glib.c | 99 ++++++++++++++++++++++++++++++++++++++++++++++++++++--
 1 file changed, 97 insertions(+), 2 deletions(-)

Comments

Daniel P. Berrangé Dec. 13, 2016, 9:34 a.m. UTC | #1 
On Tue, Dec 13, 2016 at 03:01:51PM +0800, Longpeng(Mike) wrote:
> This patch add glibc-backed HMAC algorithms support

s/glibc/glib/  and also in $SUBJECT

> diff --git a/crypto/hmac-glib.c b/crypto/hmac-glib.c
> index 3e2a933..f07c841 100644
> --- a/crypto/hmac-glib.c
> +++ b/crypto/hmac-glib.c
> @@ -16,8 +16,40 @@
>  #include "qapi/error.h"
>  #include "crypto/hmac.h"
>  
> +static int qcrypto_hmac_alg_map[QCRYPTO_HASH_ALG__MAX] = {
> +/* Support for HMAC Algos has been added in GLib 2.30 */
> +#if GLIB_CHECK_VERSION(2, 30, 0)
> +    [QCRYPTO_HASH_ALG_MD5] = G_CHECKSUM_MD5,
> +    [QCRYPTO_HASH_ALG_SHA1] = G_CHECKSUM_SHA1,
> +    [QCRYPTO_HASH_ALG_SHA256] = G_CHECKSUM_SHA256,
> +#else
> +    [QCRYPTO_HASH_ALG_MD5] = -1,
> +    [QCRYPTO_HASH_ALG_SHA1] = -1,
> +    [QCRYPTO_HASH_ALG_SHA256] = -1,
> +#endif
> +/* Support for HMAC SHA-512 in GLib 2.42 */
> +#if GLIB_CHECK_VERSION(2, 42, 0)
> +    [QCRYPTO_HASH_ALG_SHA512] = G_CHECKSUM_SHA512,
> +#else
> +    [QCRYPTO_HASH_ALG_SHA512] = -1,
> +#endif
> +    [QCRYPTO_HASH_ALG_SHA224] = -1,
> +    [QCRYPTO_HASH_ALG_SHA384] = -1,
> +    [QCRYPTO_HASH_ALG_RIPEMD160] = -1,
> +};

As mentioned in reply to the build failure - the 2.30.0 check
will have to surround the entire file...

> +
> +typedef struct QCryptoHmacGlib QCryptoHmacGlib;
> +struct QCryptoHmacGlib {
> +    GHmac *ghmac;

...otherwise this triggers failure due to missing typedefs.


Regards,
Daniel
diff mbox

Patch

diff --git a/crypto/hmac-glib.c b/crypto/hmac-glib.c
index 3e2a933..f07c841 100644
--- a/crypto/hmac-glib.c
+++ b/crypto/hmac-glib.c
@@ -16,8 +16,40 @@ 
 #include "qapi/error.h"
 #include "crypto/hmac.h"
 
+static int qcrypto_hmac_alg_map[QCRYPTO_HASH_ALG__MAX] = {
+/* Support for HMAC Algos has been added in GLib 2.30 */
+#if GLIB_CHECK_VERSION(2, 30, 0)
+    [QCRYPTO_HASH_ALG_MD5] = G_CHECKSUM_MD5,
+    [QCRYPTO_HASH_ALG_SHA1] = G_CHECKSUM_SHA1,
+    [QCRYPTO_HASH_ALG_SHA256] = G_CHECKSUM_SHA256,
+#else
+    [QCRYPTO_HASH_ALG_MD5] = -1,
+    [QCRYPTO_HASH_ALG_SHA1] = -1,
+    [QCRYPTO_HASH_ALG_SHA256] = -1,
+#endif
+/* Support for HMAC SHA-512 in GLib 2.42 */
+#if GLIB_CHECK_VERSION(2, 42, 0)
+    [QCRYPTO_HASH_ALG_SHA512] = G_CHECKSUM_SHA512,
+#else
+    [QCRYPTO_HASH_ALG_SHA512] = -1,
+#endif
+    [QCRYPTO_HASH_ALG_SHA224] = -1,
+    [QCRYPTO_HASH_ALG_SHA384] = -1,
+    [QCRYPTO_HASH_ALG_RIPEMD160] = -1,
+};
+
+typedef struct QCryptoHmacGlib QCryptoHmacGlib;
+struct QCryptoHmacGlib {
+    GHmac *ghmac;
+};
+
 bool qcrypto_hmac_supports(QCryptoHashAlgorithm alg)
 {
+    if (alg < G_N_ELEMENTS(qcrypto_hmac_alg_map) &&
+        qcrypto_hmac_alg_map[alg] != -1) {
+        return true;
+    }
+
     return false;
 }
 
@@ -25,12 +57,49 @@  QCryptoHmac *qcrypto_hmac_new(QCryptoHashAlgorithm alg,
                               const uint8_t *key, size_t nkey,
                               Error **errp)
 {
+    QCryptoHmac *hmac;
+    QCryptoHmacGlib *ctx;
+
+    if (!qcrypto_hmac_supports(alg)) {
+        error_setg(errp, "Unsupported hmac algorithm %s",
+                   QCryptoHashAlgorithm_lookup[alg]);
+        return NULL;
+    }
+
+    hmac = g_new0(QCryptoHmac, 1);
+    hmac->alg = alg;
+
+    ctx = g_new0(QCryptoHmacGlib, 1);
+
+    ctx->ghmac = g_hmac_new(qcrypto_hmac_alg_map[alg],
+                            (const uint8_t *)key, nkey);
+    if (!ctx->ghmac) {
+        error_setg(errp, "Cannot initialize hmac and set key");
+        goto error;
+    }
+
+    hmac->opaque = ctx;
+    return hmac;
+
+error:
+    g_free(ctx);
+    g_free(hmac);
     return NULL;
 }
 
 void qcrypto_hmac_free(QCryptoHmac *hmac)
 {
-    return;
+    QCryptoHmacGlib *ctx;
+
+    if (!hmac) {
+        return;
+    }
+
+    ctx = hmac->opaque;
+    g_hmac_unref(ctx->ghmac);
+
+    g_free(ctx);
+    g_free(hmac);
 }
 
 int qcrypto_hmac_bytesv(QCryptoHmac *hmac,
@@ -40,5 +109,31 @@  int qcrypto_hmac_bytesv(QCryptoHmac *hmac,
                         size_t *resultlen,
                         Error **errp)
 {
-    return -1;
+    QCryptoHmacGlib *ctx;
+    int i, ret;
+
+    ctx = hmac->opaque;
+
+    for (i = 0; i < niov; i++) {
+        g_hmac_update(ctx->ghmac, iov[i].iov_base, iov[i].iov_len);
+    }
+
+    ret = g_checksum_type_get_length(qcrypto_hmac_alg_map[hmac->alg]);
+    if (ret < 0) {
+        error_setg(errp, "Unable to get hmac length");
+        return -1;
+    }
+
+    if (*resultlen == 0) {
+        *resultlen = ret;
+        *result = g_new0(uint8_t, *resultlen);
+    } else if (*resultlen != ret) {
+        error_setg(errp, "Result buffer size %zu is smaller than hmac %d",
+                   *resultlen, ret);
+        return -1;
+    }
+
+    g_hmac_get_digest(ctx->ghmac, *result, resultlen);
+
+    return 0;
 }