mirror of
https://gitlab.com/cryptsetup/cryptsetup.git
synced 2025-12-11 10:50:01 +01:00
Add Blake2b and Blake2s hash support for crypto backend.
We support most recent crypto algorithms, so this is only addition of the Blake hash family. Kernel and gcrypt crypto backend supports all variants, OpenSSL only Blake2b-512 and Blake2s-256. There is no useable support for NSS and Nettle yet. Crypto backend supports kernel notation e.g. "blake2b-512" that is translated to the library backend names.
This commit is contained in:
Milan Broz
@@ -51,6 +51,11 @@ struct crypt_cipher {
|
||||
} u;
|
||||
};
|
||||
|
||||
struct hash_alg {
|
||||
const char *name;
|
||||
const char *gcrypt_name;
|
||||
};
|
||||
|
||||
/*
|
||||
* Test for wrong Whirlpool variant,
|
||||
* Ref: https://lists.gnupg.org/pipermail/gcrypt-devel/2014-January/002889.html
|
||||
@@ -150,10 +155,24 @@ uint32_t crypt_backend_flags(void)
|
||||
static const char *crypt_hash_compat_name(const char *name, unsigned int *flags)
|
||||
{
|
||||
const char *hash_name = name;
|
||||
int i;
|
||||
static struct hash_alg hash_algs[] = {
|
||||
{ "blake2b-160", "blake2b_160" },
|
||||
{ "blake2b-256", "blake2b_256" },
|
||||
{ "blake2b-384", "blake2b_384" },
|
||||
{ "blake2b-512", "blake2b_512" },
|
||||
{ "blake2s-128", "blake2s_128" },
|
||||
{ "blake2s-160", "blake2s_160" },
|
||||
{ "blake2s-224", "blake2s_224" },
|
||||
{ "blake2s-256", "blake2s_256" },
|
||||
{ NULL, NULL, }};
|
||||
|
||||
if (!name)
|
||||
return NULL;
|
||||
|
||||
/* "whirlpool_gcryptbug" is out shortcut to flawed whirlpool
|
||||
* in libgcrypt < 1.6.0 */
|
||||
if (name && !strcasecmp(name, "whirlpool_gcryptbug")) {
|
||||
if (!strcasecmp(name, "whirlpool_gcryptbug")) {
|
||||
#if GCRYPT_VERSION_NUMBER >= 0x010601
|
||||
if (flags)
|
||||
*flags |= GCRY_MD_FLAG_BUGEMU1;
|
||||
@@ -161,6 +180,15 @@ static const char *crypt_hash_compat_name(const char *name, unsigned int *flags)
|
||||
hash_name = "whirlpool";
|
||||
}
|
||||
|
||||
i = 0;
|
||||
while (hash_algs[i].name) {
|
||||
if (!strcasecmp(name, hash_algs[i].name)) {
|
||||
hash_name = hash_algs[i].gcrypt_name;
|
||||
break;
|
||||
}
|
||||
i++;
|
||||
}
|
||||
|
||||
return hash_name;
|
||||
}
|
||||
|
||||
|
||||
@@ -61,6 +61,14 @@ static struct hash_alg hash_algs[] = {
|
||||
{ "stribog256","streebog256", 32, 64 },
|
||||
{ "stribog512","streebog512", 64, 64 },
|
||||
{ "sm3", "sm3", 32, 64 },
|
||||
{ "blake2b-160","blake2b-160",20, 128 },
|
||||
{ "blake2b-256","blake2b-256",32, 128 },
|
||||
{ "blake2b-384","blake2b-384",48, 128 },
|
||||
{ "blake2b-512","blake2b-512",64, 128 },
|
||||
{ "blake2s-128","blake2s-128",16, 64 },
|
||||
{ "blake2s-160","blake2s-160",20, 64 },
|
||||
{ "blake2s-224","blake2s-224",28, 64 },
|
||||
{ "blake2s-256","blake2s-256",32, 64 },
|
||||
{ NULL, NULL, 0, 0 }
|
||||
};
|
||||
|
||||
|
||||
@@ -63,6 +63,11 @@ struct crypt_cipher {
|
||||
} u;
|
||||
};
|
||||
|
||||
struct hash_alg {
|
||||
const char *name;
|
||||
const char *openssl_name;
|
||||
};
|
||||
|
||||
/*
|
||||
* Compatible wrappers for OpenSSL < 1.1.0 and LibreSSL < 2.7.0
|
||||
*/
|
||||
@@ -147,11 +152,36 @@ const char *crypt_backend_version(void)
|
||||
return openssl_backend_version();
|
||||
}
|
||||
|
||||
static const char *crypt_hash_compat_name(const char *name)
|
||||
{
|
||||
const char *hash_name = name;
|
||||
int i;
|
||||
static struct hash_alg hash_algs[] = {
|
||||
{ "blake2b-512", "blake2b512" },
|
||||
{ "blake2s-256", "blake2s256" },
|
||||
{ NULL, NULL, }};
|
||||
|
||||
if (!name)
|
||||
return NULL;
|
||||
|
||||
i = 0;
|
||||
while (hash_algs[i].name) {
|
||||
if (!strcasecmp(name, hash_algs[i].name)) {
|
||||
hash_name = hash_algs[i].openssl_name;
|
||||
break;
|
||||
}
|
||||
i++;
|
||||
}
|
||||
|
||||
return hash_name;
|
||||
}
|
||||
|
||||
/* HASH */
|
||||
int crypt_hash_size(const char *name)
|
||||
{
|
||||
const EVP_MD *hash_id = EVP_get_digestbyname(name);
|
||||
const EVP_MD *hash_id;
|
||||
|
||||
hash_id = EVP_get_digestbyname(crypt_hash_compat_name(name));
|
||||
if (!hash_id)
|
||||
return -EINVAL;
|
||||
|
||||
@@ -172,7 +202,7 @@ int crypt_hash_init(struct crypt_hash **ctx, const char *name)
|
||||
return -ENOMEM;
|
||||
}
|
||||
|
||||
h->hash_id = EVP_get_digestbyname(name);
|
||||
h->hash_id = EVP_get_digestbyname(crypt_hash_compat_name(name));
|
||||
if (!h->hash_id) {
|
||||
EVP_MD_CTX_free(h->md);
|
||||
free(h);
|
||||
@@ -257,7 +287,7 @@ int crypt_hmac_init(struct crypt_hmac **ctx, const char *name,
|
||||
return -ENOMEM;
|
||||
}
|
||||
|
||||
h->hash_id = EVP_get_digestbyname(name);
|
||||
h->hash_id = EVP_get_digestbyname(crypt_hash_compat_name(name));
|
||||
if (!h->hash_id) {
|
||||
HMAC_CTX_free(h->md);
|
||||
free(h);
|
||||
@@ -334,7 +364,7 @@ int crypt_pbkdf(const char *kdf, const char *hash,
|
||||
return -EINVAL;
|
||||
|
||||
if (!strcmp(kdf, "pbkdf2")) {
|
||||
hash_id = EVP_get_digestbyname(hash);
|
||||
hash_id = EVP_get_digestbyname(crypt_hash_compat_name(hash));
|
||||
if (!hash_id)
|
||||
return -EINVAL;
|
||||
|
||||
|
||||
Reference in New Issue
Block a user