Commit 2165477c authored by Daniel P. Berrange's avatar Daniel P. Berrange

crypto: use glib as fallback for hash algorithm

GLib >= 2.16 provides GChecksum API which is good enough
for md5, sha1, sha256 and sha512. Use this as a final
fallback if neither nettle or gcrypt are available. This
lets us remove the stub hash impl, and so callers can
be sure those 4 algs are always available at compile
time. They may still be disabled at runtime, so a check
for qcrypto_hash_supports() is still best practice to
report good error messages.
Signed-off-by: 's avatarDaniel P. Berrange <berrange@redhat.com>
parent f3c8355c
......@@ -2,6 +2,7 @@ crypto-obj-y = init.o
crypto-obj-y += hash.o
crypto-obj-$(CONFIG_NETTLE) += hash-nettle.o
crypto-obj-$(if $(CONFIG_NETTLE),n,$(CONFIG_GCRYPT)) += hash-gcrypt.o
crypto-obj-$(if $(CONFIG_NETTLE),n,$(if $(CONFIG_GCRYPT),n,y)) += hash-glib.o
crypto-obj-y += aes.o
crypto-obj-y += desrfb.o
crypto-obj-y += cipher.o
......@@ -30,4 +31,3 @@ crypto-obj-y += block-luks.o
crypto-aes-obj-y = aes.o
stub-obj-y += pbkdf-stub.o
stub-obj-y += hash-stub.o
......@@ -22,20 +22,77 @@
#include "qapi/error.h"
#include "crypto/hash.h"
gboolean qcrypto_hash_supports(QCryptoHashAlgorithm alg G_GNUC_UNUSED)
static int qcrypto_hash_alg_map[QCRYPTO_HASH_ALG__MAX] = {
[QCRYPTO_HASH_ALG_MD5] = G_CHECKSUM_MD5,
[QCRYPTO_HASH_ALG_SHA1] = G_CHECKSUM_SHA1,
[QCRYPTO_HASH_ALG_SHA224] = -1,
[QCRYPTO_HASH_ALG_SHA256] = G_CHECKSUM_SHA256,
[QCRYPTO_HASH_ALG_SHA384] = -1,
#if GLIB_CHECK_VERSION(2, 36, 0)
[QCRYPTO_HASH_ALG_SHA512] = G_CHECKSUM_SHA512,
#else
[QCRYPTO_HASH_ALG_SHA512] = -1,
#endif
[QCRYPTO_HASH_ALG_RIPEMD160] = -1,
};
gboolean qcrypto_hash_supports(QCryptoHashAlgorithm alg)
{
if (alg < G_N_ELEMENTS(qcrypto_hash_alg_map) &&
qcrypto_hash_alg_map[alg] != -1) {
return true;
}
return false;
}
int qcrypto_hash_bytesv(QCryptoHashAlgorithm alg,
const struct iovec *iov G_GNUC_UNUSED,
size_t niov G_GNUC_UNUSED,
uint8_t **result G_GNUC_UNUSED,
size_t *resultlen G_GNUC_UNUSED,
const struct iovec *iov,
size_t niov,
uint8_t **result,
size_t *resultlen,
Error **errp)
{
error_setg(errp,
"Hash algorithm %d not supported without GNUTLS",
alg);
int i, ret;
GChecksum *cs;
if (alg >= G_N_ELEMENTS(qcrypto_hash_alg_map) ||
qcrypto_hash_alg_map[alg] == -1) {
error_setg(errp,
"Unknown hash algorithm %d",
alg);
return -1;
}
cs = g_checksum_new(qcrypto_hash_alg_map[alg]);
for (i = 0; i < niov; i++) {
g_checksum_update(cs, iov[i].iov_base, iov[i].iov_len);
}
ret = g_checksum_type_get_length(qcrypto_hash_alg_map[alg]);
if (ret < 0) {
error_setg(errp, "%s",
"Unable to get hash length");
goto error;
}
if (*resultlen == 0) {
*resultlen = ret;
*result = g_new0(uint8_t, *resultlen);
} else if (*resultlen != ret) {
error_setg(errp,
"Result buffer size %zu is smaller than hash %d",
*resultlen, ret);
goto error;
}
g_checksum_get_digest(cs, *result, resultlen);
g_checksum_free(cs);
return 0;
error:
g_checksum_free(cs);
return -1;
}
Markdown is supported
0% or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment