[v4,03/15] crypto/hash-gcrypt: Implement new hash API

Commit Message

Alejandro Zeise Aug. 7, 2024, 7:51 p.m. UTC

Implements the new hashing API in the gcrypt hash driver.
Supports creating/destroying a context, updating the context
with input data and obtaining an output hash.

Signed-off-by: Alejandro Zeise <alejandro.zeise@seagate.com>
---
 crypto/hash-gcrypt.c | 79 ++++++++++++++++++++++++++++++++++++++++++++
 1 file changed, 79 insertions(+)

Comments

Daniel P. Berrangé Aug. 8, 2024, 5 p.m. UTC | #1

On Wed, Aug 07, 2024 at 07:51:10PM +0000, Alejandro Zeise wrote:
> Implements the new hashing API in the gcrypt hash driver.
> Supports creating/destroying a context, updating the context
> with input data and obtaining an output hash.
> 
> Signed-off-by: Alejandro Zeise <alejandro.zeise@seagate.com>
> ---
>  crypto/hash-gcrypt.c | 79 ++++++++++++++++++++++++++++++++++++++++++++
>  1 file changed, 79 insertions(+)
> 
> diff --git a/crypto/hash-gcrypt.c b/crypto/hash-gcrypt.c
> index 829e48258d..e05511cafa 100644
> --- a/crypto/hash-gcrypt.c
> +++ b/crypto/hash-gcrypt.c
> @@ -1,6 +1,7 @@
>  /*
>   * QEMU Crypto hash algorithms
>   *
> + * Copyright (c) 2024 Seagate Technology LLC and/or its Affiliates
>   * Copyright (c) 2016 Red Hat, Inc.
>   *
>   * This library is free software; you can redistribute it and/or
> @@ -110,7 +111,85 @@ qcrypto_gcrypt_hash_bytesv(QCryptoHashAlgorithm alg,
>      return -1;
>  }
>  
> +static
> +QCryptoHash *qcrypto_gcrypt_hash_new(QCryptoHashAlgorithm alg, Error **errp)
> +{
> +    QCryptoHash *hash = NULL;
> +
> +    if (!qcrypto_hash_supports(alg)) {
> +        error_setg(errp,
> +                   "Unknown hash algorithm %d",
> +                   alg);
> +    } else {
> +        hash = g_new(QCryptoHash, 1);
> +        hash->alg = alg;
> +        hash->opaque = g_new(gcry_md_hd_t, 1);
> +
> +        gcry_md_open((gcry_md_hd_t *) hash->opaque, qcrypto_hash_alg_map[alg], 0);
> +    }
> +
> +    return hash;
> +}
> +
> +static
> +void qcrypto_gcrypt_hash_free(QCryptoHash *hash)
> +{
> +    gcry_md_hd_t *ctx = hash->opaque;
> +
> +    if (ctx) {
> +        gcry_md_close(*ctx);
> +        g_free(ctx);
> +    }
> +
> +    g_free(hash);
> +}
> +
> +
> +static
> +int qcrypto_gcrypt_hash_update(QCryptoHash *hash,
> +                               const struct iovec *iov,
> +                               size_t niov,
> +                               Error **errp)
> +{
> +    gcry_md_hd_t *ctx = hash->opaque;
> +
> +    for (int i = 0; i < niov; i++) {
> +        gcry_md_write(*ctx, iov[i].iov_base, iov[i].iov_len);
> +    }
> +
> +    return 0;
> +}
> +
> +static
> +int qcrypto_gcrypt_hash_finalize(QCryptoHash *hash,
> +                                 uint8_t **result,
> +                                 size_t *result_len,
> +                                 Error **errp)
> +{
> +    unsigned char *digest;
> +    int ret = 0;
> +    gcry_md_hd_t *ctx = hash->opaque;
> +
> +    *result_len = gcry_md_get_algo_dlen(qcrypto_hash_alg_map[hash->alg]);
> +    if (*result_len == 0) {
> +        error_setg(errp, "%s",
> +                   "Unable to get hash length");
> +        ret = -1;

Same note about doing an immediate 'return -1' in error paths,
to avoid extra else clauses.

> +    } else {
> +        *result = g_new(uint8_t, *result_len);
> +
> +        /* Digest is freed by gcry_md_close(), copy it */
> +        digest = gcry_md_read(*ctx, 0);
> +        memcpy(*result, digest, *result_len);
> +    }
> +
> +    return ret;
> +}
>  
>  QCryptoHashDriver qcrypto_hash_lib_driver = {
>      .hash_bytesv = qcrypto_gcrypt_hash_bytesv,
> +    .hash_new      = qcrypto_gcrypt_hash_new,
> +    .hash_update   = qcrypto_gcrypt_hash_update,
> +    .hash_finalize = qcrypto_gcrypt_hash_finalize,
> +    .hash_free     = qcrypto_gcrypt_hash_free,
>  };
> -- 
> 2.34.1
> 

With regards,
Daniel

Daniel P. Berrangé Aug. 8, 2024, 5:05 p.m. UTC | #2

On Wed, Aug 07, 2024 at 07:51:10PM +0000, Alejandro Zeise wrote:
> Implements the new hashing API in the gcrypt hash driver.
> Supports creating/destroying a context, updating the context
> with input data and obtaining an output hash.
> 
> Signed-off-by: Alejandro Zeise <alejandro.zeise@seagate.com>
> ---
>  crypto/hash-gcrypt.c | 79 ++++++++++++++++++++++++++++++++++++++++++++
>  1 file changed, 79 insertions(+)
> 
> diff --git a/crypto/hash-gcrypt.c b/crypto/hash-gcrypt.c
> index 829e48258d..e05511cafa 100644
> --- a/crypto/hash-gcrypt.c
> +++ b/crypto/hash-gcrypt.c
> @@ -1,6 +1,7 @@
>  /*
>   * QEMU Crypto hash algorithms
>   *
> + * Copyright (c) 2024 Seagate Technology LLC and/or its Affiliates
>   * Copyright (c) 2016 Red Hat, Inc.
>   *
>   * This library is free software; you can redistribute it and/or
> @@ -110,7 +111,85 @@ qcrypto_gcrypt_hash_bytesv(QCryptoHashAlgorithm alg,
>      return -1;
>  }
>  
> +static
> +QCryptoHash *qcrypto_gcrypt_hash_new(QCryptoHashAlgorithm alg, Error **errp)
> +{
> +    QCryptoHash *hash = NULL;
> +
> +    if (!qcrypto_hash_supports(alg)) {
> +        error_setg(errp,
> +                   "Unknown hash algorithm %d",
> +                   alg);
> +    } else {
> +        hash = g_new(QCryptoHash, 1);
> +        hash->alg = alg;
> +        hash->opaque = g_new(gcry_md_hd_t, 1);
> +
> +        gcry_md_open((gcry_md_hd_t *) hash->opaque, qcrypto_hash_alg_map[alg], 0);
> +    }
> +
> +    return hash;
> +}
> +
> +static
> +void qcrypto_gcrypt_hash_free(QCryptoHash *hash)
> +{
> +    gcry_md_hd_t *ctx = hash->opaque;
> +
> +    if (ctx) {
> +        gcry_md_close(*ctx);
> +        g_free(ctx);
> +    }
> +
> +    g_free(hash);
> +}
> +
> +
> +static
> +int qcrypto_gcrypt_hash_update(QCryptoHash *hash,
> +                               const struct iovec *iov,
> +                               size_t niov,
> +                               Error **errp)
> +{
> +    gcry_md_hd_t *ctx = hash->opaque;
> +
> +    for (int i = 0; i < niov; i++) {
> +        gcry_md_write(*ctx, iov[i].iov_base, iov[i].iov_len);

  int ret = gcry_md_write(*ctx, iov[i].iov_base, iov[i].iov_len);
  if (ret != 0) {
      error_setg(....)
      return -1;
  }


With regards,
Daniel

Daniel P. Berrangé Aug. 8, 2024, 5:10 p.m. UTC | #3

On Wed, Aug 07, 2024 at 07:51:10PM +0000, Alejandro Zeise wrote:
> Implements the new hashing API in the gcrypt hash driver.
> Supports creating/destroying a context, updating the context
> with input data and obtaining an output hash.
> 
> Signed-off-by: Alejandro Zeise <alejandro.zeise@seagate.com>
> ---
>  crypto/hash-gcrypt.c | 79 ++++++++++++++++++++++++++++++++++++++++++++
>  1 file changed, 79 insertions(+)
> 
> diff --git a/crypto/hash-gcrypt.c b/crypto/hash-gcrypt.c
> index 829e48258d..e05511cafa 100644
> --- a/crypto/hash-gcrypt.c
> +++ b/crypto/hash-gcrypt.c
> @@ -1,6 +1,7 @@
>  /*
>   * QEMU Crypto hash algorithms
>   *
> + * Copyright (c) 2024 Seagate Technology LLC and/or its Affiliates
>   * Copyright (c) 2016 Red Hat, Inc.
>   *
>   * This library is free software; you can redistribute it and/or
> @@ -110,7 +111,85 @@ qcrypto_gcrypt_hash_bytesv(QCryptoHashAlgorithm alg,
>      return -1;
>  }
>  
> +static
> +QCryptoHash *qcrypto_gcrypt_hash_new(QCryptoHashAlgorithm alg, Error **errp)
> +{
> +    QCryptoHash *hash = NULL;
> +
> +    if (!qcrypto_hash_supports(alg)) {
> +        error_setg(errp,
> +                   "Unknown hash algorithm %d",
> +                   alg);
> +    } else {
> +        hash = g_new(QCryptoHash, 1);
> +        hash->alg = alg;
> +        hash->opaque = g_new(gcry_md_hd_t, 1);
> +
> +        gcry_md_open((gcry_md_hd_t *) hash->opaque, qcrypto_hash_alg_map[alg], 0);

Need to check for error from gcry_md_open and report it, and
free hash & hash->opaque

> +    }
> +
> +    return hash;
> +}

With regards,
Daniel

Alejandro Zeise Aug. 8, 2024, 6:24 p.m. UTC | #4

> On Wed, Aug 07, 2024 at 07:51:10PM +0000, Alejandro Zeise wrote:
> > Implements the new hashing API in the gcrypt hash driver.
> > Supports creating/destroying a context, updating the context with 
> > input data and obtaining an output hash.
> >
> > Signed-off-by: Alejandro Zeise <alejandro.zeise@seagate.com>
> > ---
> >  crypto/hash-gcrypt.c | 79 
> > ++++++++++++++++++++++++++++++++++++++++++++
> >  1 file changed, 79 insertions(+)
> >
> > diff --git a/crypto/hash-gcrypt.c b/crypto/hash-gcrypt.c index 
> > 829e48258d..e05511cafa 100644
> > --- a/crypto/hash-gcrypt.c
> > +++ b/crypto/hash-gcrypt.c
> > @@ -1,6 +1,7 @@
> >  /*
> >   * QEMU Crypto hash algorithms
> >   *
> > + * Copyright (c) 2024 Seagate Technology LLC and/or its Affiliates
> >   * Copyright (c) 2016 Red Hat, Inc.
> >   *
> >   * This library is free software; you can redistribute it and/or @@ 
> > -110,7 +111,85 @@ qcrypto_gcrypt_hash_bytesv(QCryptoHashAlgorithm alg,
> >      return -1;
> >  }
> >
> > +static
> > +QCryptoHash *qcrypto_gcrypt_hash_new(QCryptoHashAlgorithm alg, Error 
> > +**errp) {
> > +    QCryptoHash *hash = NULL;
> > +
> > +    if (!qcrypto_hash_supports(alg)) {
> > +        error_setg(errp,
> > +                   "Unknown hash algorithm %d",
> > +                   alg);
> > +    } else {
> > +        hash = g_new(QCryptoHash, 1);
> > +        hash->alg = alg;
> > +        hash->opaque = g_new(gcry_md_hd_t, 1);
> > +
> > +        gcry_md_open((gcry_md_hd_t *) hash->opaque, qcrypto_hash_alg_map[alg], 0);
> > +    }
> > +
> > +    return hash;
> > +}
> > +
> > +static
> > +void qcrypto_gcrypt_hash_free(QCryptoHash *hash) {
> > +    gcry_md_hd_t *ctx = hash->opaque;
> > +
> > +    if (ctx) {
> > +        gcry_md_close(*ctx);
> > +        g_free(ctx);
> > +    }
> > +
> > +    g_free(hash);
> > +}
> > +
> > +
> > +static
> > +int qcrypto_gcrypt_hash_update(QCryptoHash *hash,
> > +                               const struct iovec *iov,
> > +                               size_t niov,
> > +                               Error **errp) {
> > +    gcry_md_hd_t *ctx = hash->opaque;
> > +
> > +    for (int i = 0; i < niov; i++) {
> > +        gcry_md_write(*ctx, iov[i].iov_base, iov[i].iov_len);
>
>   int ret = gcry_md_write(*ctx, iov[i].iov_base, iov[i].iov_len);
>   if (ret != 0) {
>       error_setg(....)
>       return -1;
>   }
>
>
> With regards,
> Daniel

gcry_md_write() is declared as void which is why I had no error variable present.

Thanks,
Alejandro

Daniel P. Berrangé Aug. 9, 2024, 8:37 a.m. UTC | #5

On Thu, Aug 08, 2024 at 06:24:10PM +0000, Alejandro Zeise wrote:
> > On Wed, Aug 07, 2024 at 07:51:10PM +0000, Alejandro Zeise wrote:
> > > Implements the new hashing API in the gcrypt hash driver.
> > > Supports creating/destroying a context, updating the context with 
> > > input data and obtaining an output hash.
> > >
> > > Signed-off-by: Alejandro Zeise <alejandro.zeise@seagate.com>
> > > ---
> > >  crypto/hash-gcrypt.c | 79 
> > > ++++++++++++++++++++++++++++++++++++++++++++
> > >  1 file changed, 79 insertions(+)
> > >
> > > diff --git a/crypto/hash-gcrypt.c b/crypto/hash-gcrypt.c index 
> > > 829e48258d..e05511cafa 100644
> > > --- a/crypto/hash-gcrypt.c
> > > +++ b/crypto/hash-gcrypt.c
> > > @@ -1,6 +1,7 @@
> > >  /*
> > >   * QEMU Crypto hash algorithms
> > >   *
> > > + * Copyright (c) 2024 Seagate Technology LLC and/or its Affiliates
> > >   * Copyright (c) 2016 Red Hat, Inc.
> > >   *
> > >   * This library is free software; you can redistribute it and/or @@ 
> > > -110,7 +111,85 @@ qcrypto_gcrypt_hash_bytesv(QCryptoHashAlgorithm alg,
> > >      return -1;
> > >  }
> > >
> > > +static
> > > +QCryptoHash *qcrypto_gcrypt_hash_new(QCryptoHashAlgorithm alg, Error 
> > > +**errp) {
> > > +    QCryptoHash *hash = NULL;
> > > +
> > > +    if (!qcrypto_hash_supports(alg)) {
> > > +        error_setg(errp,
> > > +                   "Unknown hash algorithm %d",
> > > +                   alg);
> > > +    } else {
> > > +        hash = g_new(QCryptoHash, 1);
> > > +        hash->alg = alg;
> > > +        hash->opaque = g_new(gcry_md_hd_t, 1);
> > > +
> > > +        gcry_md_open((gcry_md_hd_t *) hash->opaque, qcrypto_hash_alg_map[alg], 0);
> > > +    }
> > > +
> > > +    return hash;
> > > +}
> > > +
> > > +static
> > > +void qcrypto_gcrypt_hash_free(QCryptoHash *hash) {
> > > +    gcry_md_hd_t *ctx = hash->opaque;
> > > +
> > > +    if (ctx) {
> > > +        gcry_md_close(*ctx);
> > > +        g_free(ctx);
> > > +    }
> > > +
> > > +    g_free(hash);
> > > +}
> > > +
> > > +
> > > +static
> > > +int qcrypto_gcrypt_hash_update(QCryptoHash *hash,
> > > +                               const struct iovec *iov,
> > > +                               size_t niov,
> > > +                               Error **errp) {
> > > +    gcry_md_hd_t *ctx = hash->opaque;
> > > +
> > > +    for (int i = 0; i < niov; i++) {
> > > +        gcry_md_write(*ctx, iov[i].iov_base, iov[i].iov_len);
> >
> >   int ret = gcry_md_write(*ctx, iov[i].iov_base, iov[i].iov_len);
> >   if (ret != 0) {
> >       error_setg(....)
> >       return -1;
> >   }
> >
> >
> > With regards,
> > Daniel
> 
> gcry_md_write() is declared as void which is why I had no error variable present.

Opps, yes, I'm getting confused with the other APIs.


With regards,
Daniel

Patch

diff --git a/crypto/hash-gcrypt.c b/crypto/hash-gcrypt.c
index 829e48258d..e05511cafa 100644
--- a/crypto/hash-gcrypt.c
+++ b/crypto/hash-gcrypt.c
@@ -1,6 +1,7 @@ 
 /*
  * QEMU Crypto hash algorithms
  *
+ * Copyright (c) 2024 Seagate Technology LLC and/or its Affiliates
  * Copyright (c) 2016 Red Hat, Inc.
  *
  * This library is free software; you can redistribute it and/or
@@ -110,7 +111,85 @@  qcrypto_gcrypt_hash_bytesv(QCryptoHashAlgorithm alg,
     return -1;
 }
 
+static
+QCryptoHash *qcrypto_gcrypt_hash_new(QCryptoHashAlgorithm alg, Error **errp)
+{
+    QCryptoHash *hash = NULL;
+
+    if (!qcrypto_hash_supports(alg)) {
+        error_setg(errp,
+                   "Unknown hash algorithm %d",
+                   alg);
+    } else {
+        hash = g_new(QCryptoHash, 1);
+        hash->alg = alg;
+        hash->opaque = g_new(gcry_md_hd_t, 1);
+
+        gcry_md_open((gcry_md_hd_t *) hash->opaque, qcrypto_hash_alg_map[alg], 0);
+    }
+
+    return hash;
+}
+
+static
+void qcrypto_gcrypt_hash_free(QCryptoHash *hash)
+{
+    gcry_md_hd_t *ctx = hash->opaque;
+
+    if (ctx) {
+        gcry_md_close(*ctx);
+        g_free(ctx);
+    }
+
+    g_free(hash);
+}
+
+
+static
+int qcrypto_gcrypt_hash_update(QCryptoHash *hash,
+                               const struct iovec *iov,
+                               size_t niov,
+                               Error **errp)
+{
+    gcry_md_hd_t *ctx = hash->opaque;
+
+    for (int i = 0; i < niov; i++) {
+        gcry_md_write(*ctx, iov[i].iov_base, iov[i].iov_len);
+    }
+
+    return 0;
+}
+
+static
+int qcrypto_gcrypt_hash_finalize(QCryptoHash *hash,
+                                 uint8_t **result,
+                                 size_t *result_len,
+                                 Error **errp)
+{
+    unsigned char *digest;
+    int ret = 0;
+    gcry_md_hd_t *ctx = hash->opaque;
+
+    *result_len = gcry_md_get_algo_dlen(qcrypto_hash_alg_map[hash->alg]);
+    if (*result_len == 0) {
+        error_setg(errp, "%s",
+                   "Unable to get hash length");
+        ret = -1;
+    } else {
+        *result = g_new(uint8_t, *result_len);
+
+        /* Digest is freed by gcry_md_close(), copy it */
+        digest = gcry_md_read(*ctx, 0);
+        memcpy(*result, digest, *result_len);
+    }
+
+    return ret;
+}
 
 QCryptoHashDriver qcrypto_hash_lib_driver = {
     .hash_bytesv = qcrypto_gcrypt_hash_bytesv,
+    .hash_new      = qcrypto_gcrypt_hash_new,
+    .hash_update   = qcrypto_gcrypt_hash_update,
+    .hash_finalize = qcrypto_gcrypt_hash_finalize,
+    .hash_free     = qcrypto_gcrypt_hash_free,
 };