7 #include "libcryptsetup.h"
10 #define MAX_DIGESTS 64
11 #define GCRYPT_REQ_VERSION "1.1.42"
15 if (!gcry_control (GCRYCTL_INITIALIZATION_FINISHED_P
)) {
16 if (!gcry_check_version (GCRYPT_REQ_VERSION
))
19 /* FIXME: If gcrypt compiled to support POSIX 1003.1e capabilities,
20 * it drops all privileges during secure memory initialisation.
21 * For now, the only workaround is to disable secure memory in gcrypt.
22 * cryptsetup always need at least cap_sys_admin privilege for dm-ioctl
23 * and it locks its memory space anyway.
26 log_dbg("Initializing crypto backend (secure memory disabled).");
27 gcry_control (GCRYCTL_DISABLE_SECMEM
);
29 log_dbg("Initializing crypto backend (using secure memory).");
30 gcry_control (GCRYCTL_SUSPEND_SECMEM_WARN
);
31 gcry_control (GCRYCTL_INIT_SECMEM
, 16384, 0);
32 gcry_control (GCRYCTL_RESUME_SECMEM_WARN
);
34 gcry_control (GCRYCTL_INITIALIZATION_FINISHED
, 0);
40 static int gcrypt_hash(void *data
, int size
, char *key
,
41 int sizep
, const char *passphrase
)
44 int algo
= *((int *)data
);
45 int len
= gcry_md_get_algo_dlen(algo
);
48 if (gcry_md_open(&md
, algo
, 0))
51 for(round
= 0; size
; round
++) {
52 /* hack from hashalot to avoid null bytes in key */
53 for(i
= 0; i
< round
; i
++)
54 gcry_md_write(md
, "A", 1);
56 gcry_md_write(md
, passphrase
, sizep
);
60 memcpy(key
, gcry_md_read(md
, algo
), len
);
72 static struct hash_type
*gcrypt_get_hashes(void)
74 struct hash_type
*hashes
;
75 int size
= MAX_DIGESTS
;
80 if (!gcry_check_version(GCRYPT_REQ_VERSION
))
83 list
= (int *)malloc(sizeof(*list
) * size
);
87 r
= gcry_md_list(list
, &size
);
93 hashes
= malloc(sizeof(*hashes
) * (size
+ 1));
99 for(i
= 0; i
< size
; i
++) {
100 hashes
[i
].name
= NULL
;
101 hashes
[i
].private = NULL
;
104 for(i
= 0; i
< size
; i
++) {
107 hashes
[i
].name
= strdup(gcry_md_algo_name(list
[i
]));
110 for(p
= (char *)hashes
[i
].name
; *p
; p
++)
112 hashes
[i
].private = malloc(sizeof(int));
113 if(!hashes
[i
].private)
115 *((int *)hashes
[i
].private) = list
[i
];
116 hashes
[i
].fn
= gcrypt_hash
;
118 hashes
[i
].name
= NULL
;
119 hashes
[i
].private = NULL
;
128 for(i
= 0; i
< size
; i
++) {
129 free(hashes
[i
].name
);
130 free(hashes
[i
].private);
136 static void gcrypt_free_hashes(struct hash_type
*hashes
)
138 struct hash_type
*hash
;
140 for(hash
= hashes
; hash
->name
; hash
++) {
148 struct hash_backend hash_gcrypt_backend
= {
150 .get_hashes
= gcrypt_get_hashes
,
151 .free_hashes
= gcrypt_free_hashes