diff mbox

[6/6] crypto: support more hash algorithms for pbkdf

Message ID 1473352047-908-7-git-send-email-berrange@redhat.com (mailing list archive)
State New, archived
Headers show

Commit Message

Daniel P. Berrangé Sept. 8, 2016, 4:27 p.m. UTC
Currently pbkdf is only supported with SHA1 and SHA256. Expand
this to support all algorithms known to QEMU.

Signed-off-by: Daniel P. Berrange <berrange@redhat.com>
---
 crypto/pbkdf-gcrypt.c     | 12 +++++++++-
 crypto/pbkdf-nettle.c     | 61 ++++++++++++++++++++++++++++++++++++++++-------
 tests/test-crypto-pbkdf.c | 53 +++++++++++++++++++++++++++++++++++++++-
 3 files changed, 115 insertions(+), 11 deletions(-)

Comments

Eric Blake Sept. 8, 2016, 5:57 p.m. UTC | #1
On 09/08/2016 11:27 AM, Daniel P. Berrange wrote:
> Currently pbkdf is only supported with SHA1 and SHA256. Expand
> this to support all algorithms known to QEMU.
> 
> Signed-off-by: Daniel P. Berrange <berrange@redhat.com>
> ---
>  crypto/pbkdf-gcrypt.c     | 12 +++++++++-
>  crypto/pbkdf-nettle.c     | 61 ++++++++++++++++++++++++++++++++++++++++-------
>  tests/test-crypto-pbkdf.c | 53 +++++++++++++++++++++++++++++++++++++++-
>  3 files changed, 115 insertions(+), 11 deletions(-)
> 

>  
>      if (hash >= G_N_ELEMENTS(hash_map) ||
>          hash_map[hash] == GCRY_MD_NONE) {
> -        error_setg(errp, "Unexpected hash algorithm %d", hash);
> +        error_setg_errno(errp, ENOSYS,
> +                         "PBKDF does not support hash algorithm %s",
> +                         QCryptoHashAlgorithm_lookup[hash]);

Can this access beyond bounds if hash > G_N_ELEMENTS(hash_map)?


> +++ b/crypto/pbkdf-nettle.c

>  
>      default:
>          error_setg_errno(errp, ENOSYS,
> -                         "PBKDF does not support hash algorithm %d", hash);
> +                         "PBKDF does not support hash algorithm %s",
> +                         QCryptoHashAlgorithm_lookup[hash]);

and again
Daniel P. Berrangé Sept. 9, 2016, 9:31 a.m. UTC | #2
On Thu, Sep 08, 2016 at 12:57:38PM -0500, Eric Blake wrote:
> On 09/08/2016 11:27 AM, Daniel P. Berrange wrote:
> > Currently pbkdf is only supported with SHA1 and SHA256. Expand
> > this to support all algorithms known to QEMU.
> > 
> > Signed-off-by: Daniel P. Berrange <berrange@redhat.com>
> > ---
> >  crypto/pbkdf-gcrypt.c     | 12 +++++++++-
> >  crypto/pbkdf-nettle.c     | 61 ++++++++++++++++++++++++++++++++++++++++-------
> >  tests/test-crypto-pbkdf.c | 53 +++++++++++++++++++++++++++++++++++++++-
> >  3 files changed, 115 insertions(+), 11 deletions(-)
> > 
> 
> >  
> >      if (hash >= G_N_ELEMENTS(hash_map) ||
> >          hash_map[hash] == GCRY_MD_NONE) {
> > -        error_setg(errp, "Unexpected hash algorithm %d", hash);
> > +        error_setg_errno(errp, ENOSYS,
> > +                         "PBKDF does not support hash algorithm %s",
> > +                         QCryptoHashAlgorithm_lookup[hash]);
> 
> Can this access beyond bounds if hash > G_N_ELEMENTS(hash_map)?

I'm relying on fact that 'hash' came from QAPIs string -> enum
convertor - nothing in QEMU lets users provide raw integer enum
values - so will be guaranteed to be a valid enum value.

> > +++ b/crypto/pbkdf-nettle.c
> 
> >  
> >      default:
> >          error_setg_errno(errp, ENOSYS,
> > -                         "PBKDF does not support hash algorithm %d", hash);
> > +                         "PBKDF does not support hash algorithm %s",
> > +                         QCryptoHashAlgorithm_lookup[hash]);
> 
> and again


Regards,
Daniel
diff mbox

Patch

diff --git a/crypto/pbkdf-gcrypt.c b/crypto/pbkdf-gcrypt.c
index 34af3a9..2d35262 100644
--- a/crypto/pbkdf-gcrypt.c
+++ b/crypto/pbkdf-gcrypt.c
@@ -28,7 +28,11 @@  bool qcrypto_pbkdf2_supports(QCryptoHashAlgorithm hash)
     switch (hash) {
     case QCRYPTO_HASH_ALG_MD5:
     case QCRYPTO_HASH_ALG_SHA1:
+    case QCRYPTO_HASH_ALG_SHA224:
     case QCRYPTO_HASH_ALG_SHA256:
+    case QCRYPTO_HASH_ALG_SHA384:
+    case QCRYPTO_HASH_ALG_SHA512:
+    case QCRYPTO_HASH_ALG_RIPEMD160:
         return true;
     default:
         return false;
@@ -45,13 +49,19 @@  int qcrypto_pbkdf2(QCryptoHashAlgorithm hash,
     static const int hash_map[QCRYPTO_HASH_ALG__MAX] = {
         [QCRYPTO_HASH_ALG_MD5] = GCRY_MD_MD5,
         [QCRYPTO_HASH_ALG_SHA1] = GCRY_MD_SHA1,
+        [QCRYPTO_HASH_ALG_SHA224] = GCRY_MD_SHA224,
         [QCRYPTO_HASH_ALG_SHA256] = GCRY_MD_SHA256,
+        [QCRYPTO_HASH_ALG_SHA384] = GCRY_MD_SHA384,
+        [QCRYPTO_HASH_ALG_SHA512] = GCRY_MD_SHA512,
+        [QCRYPTO_HASH_ALG_RIPEMD160] = GCRY_MD_RMD160,
     };
     int ret;
 
     if (hash >= G_N_ELEMENTS(hash_map) ||
         hash_map[hash] == GCRY_MD_NONE) {
-        error_setg(errp, "Unexpected hash algorithm %d", hash);
+        error_setg_errno(errp, ENOSYS,
+                         "PBKDF does not support hash algorithm %s",
+                         QCryptoHashAlgorithm_lookup[hash]);
         return -1;
     }
 
diff --git a/crypto/pbkdf-nettle.c b/crypto/pbkdf-nettle.c
index d681a60..f9ca79f 100644
--- a/crypto/pbkdf-nettle.c
+++ b/crypto/pbkdf-nettle.c
@@ -20,6 +20,7 @@ 
 
 #include "qemu/osdep.h"
 #include <nettle/pbkdf2.h>
+#include <nettle/hmac.h>
 #include "qapi/error.h"
 #include "crypto/pbkdf.h"
 
@@ -28,7 +29,11 @@  bool qcrypto_pbkdf2_supports(QCryptoHashAlgorithm hash)
 {
     switch (hash) {
     case QCRYPTO_HASH_ALG_SHA1:
+    case QCRYPTO_HASH_ALG_SHA224:
     case QCRYPTO_HASH_ALG_SHA256:
+    case QCRYPTO_HASH_ALG_SHA384:
+    case QCRYPTO_HASH_ALG_SHA512:
+    case QCRYPTO_HASH_ALG_RIPEMD160:
         return true;
     default:
         return false;
@@ -42,24 +47,62 @@  int qcrypto_pbkdf2(QCryptoHashAlgorithm hash,
                    uint8_t *out, size_t nout,
                    Error **errp)
 {
+    union {
+        struct hmac_md5_ctx md5;
+        struct hmac_sha1_ctx sha1;
+        struct hmac_sha224_ctx sha224;
+        struct hmac_sha256_ctx sha256;
+        struct hmac_sha384_ctx sha384;
+        struct hmac_sha512_ctx sha512;
+        struct hmac_ripemd160_ctx ripemd160;
+    } ctx;
     switch (hash) {
+    case QCRYPTO_HASH_ALG_MD5:
+        hmac_md5_set_key(&ctx.md5, nkey, key);
+        PBKDF2(&ctx.md5, hmac_md5_update, hmac_md5_digest,
+               MD5_DIGEST_SIZE, iterations, nsalt, salt, nout, out);
+        break;
+
     case QCRYPTO_HASH_ALG_SHA1:
-        pbkdf2_hmac_sha1(nkey, key,
-                         iterations,
-                         nsalt, salt,
-                         nout, out);
+        hmac_sha1_set_key(&ctx.sha1, nkey, key);
+        PBKDF2(&ctx.sha1, hmac_sha1_update, hmac_sha1_digest,
+               SHA1_DIGEST_SIZE, iterations, nsalt, salt, nout, out);
+        break;
+
+    case QCRYPTO_HASH_ALG_SHA224:
+        hmac_sha224_set_key(&ctx.sha224, nkey, key);
+        PBKDF2(&ctx.sha224, hmac_sha224_update, hmac_sha224_digest,
+               SHA224_DIGEST_SIZE, iterations, nsalt, salt, nout, out);
         break;
 
     case QCRYPTO_HASH_ALG_SHA256:
-        pbkdf2_hmac_sha256(nkey, key,
-                           iterations,
-                           nsalt, salt,
-                           nout, out);
+        hmac_sha256_set_key(&ctx.sha256, nkey, key);
+        PBKDF2(&ctx.sha256, hmac_sha256_update, hmac_sha256_digest,
+               SHA256_DIGEST_SIZE, iterations, nsalt, salt, nout, out);
+        break;
+
+    case QCRYPTO_HASH_ALG_SHA384:
+        hmac_sha384_set_key(&ctx.sha384, nkey, key);
+        PBKDF2(&ctx.sha384, hmac_sha384_update, hmac_sha384_digest,
+               SHA384_DIGEST_SIZE, iterations, nsalt, salt, nout, out);
+        break;
+
+    case QCRYPTO_HASH_ALG_SHA512:
+        hmac_sha512_set_key(&ctx.sha512, nkey, key);
+        PBKDF2(&ctx.sha512, hmac_sha512_update, hmac_sha512_digest,
+               SHA512_DIGEST_SIZE, iterations, nsalt, salt, nout, out);
+        break;
+
+    case QCRYPTO_HASH_ALG_RIPEMD160:
+        hmac_ripemd160_set_key(&ctx.ripemd160, nkey, key);
+        PBKDF2(&ctx.ripemd160, hmac_ripemd160_update, hmac_ripemd160_digest,
+               RIPEMD160_DIGEST_SIZE, iterations, nsalt, salt, nout, out);
         break;
 
     default:
         error_setg_errno(errp, ENOSYS,
-                         "PBKDF does not support hash algorithm %d", hash);
+                         "PBKDF does not support hash algorithm %s",
+                         QCryptoHashAlgorithm_lookup[hash]);
         return -1;
     }
     return 0;
diff --git a/tests/test-crypto-pbkdf.c b/tests/test-crypto-pbkdf.c
index a651dc5..d937aff 100644
--- a/tests/test-crypto-pbkdf.c
+++ b/tests/test-crypto-pbkdf.c
@@ -261,7 +261,6 @@  static QCryptoPbkdfTestData test_data[] = {
                "\xcc\x4a\x5e\x6d\xca\x04\xec\x58",
         .nout = 32
     },
-#if 0
     {
         .path = "/crypto/pbkdf/nonrfc/sha512/iter1200",
         .hash = QCRYPTO_HASH_ALG_SHA512,
@@ -280,6 +279,58 @@  static QCryptoPbkdfTestData test_data[] = {
         .nout = 32
     },
     {
+        .path = "/crypto/pbkdf/nonrfc/sha224/iter1200",
+        .hash = QCRYPTO_HASH_ALG_SHA224,
+        .iterations = 1200,
+        .key = "XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX"
+               "XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX"
+               "XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX"
+               "XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX",
+        .nkey = 129,
+        .salt = "pass phrase exceeds block size",
+        .nsalt = 30,
+        .out = "\x13\x3b\x88\x0c\x0e\x52\xa2\x41"
+               "\x49\x33\x35\xa6\xc3\x83\xae\x23"
+               "\xf6\x77\x43\x9e\x5b\x30\x92\x3e"
+               "\x4a\x3a\xaa\x24\x69\x3c\xed\x20",
+        .nout = 32
+    },
+    {
+        .path = "/crypto/pbkdf/nonrfc/sha384/iter1200",
+        .hash = QCRYPTO_HASH_ALG_SHA384,
+        .iterations = 1200,
+        .key = "XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX"
+               "XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX"
+               "XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX"
+               "XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX",
+        .nkey = 129,
+        .salt = "pass phrase exceeds block size",
+        .nsalt = 30,
+        .out = "\xfe\xe3\xe1\x84\xc9\x25\x3e\x10"
+               "\x47\xc8\x7d\x53\xc6\xa5\xe3\x77"
+               "\x29\x41\x76\xbd\x4b\xe3\x9b\xac"
+               "\x05\x6c\x11\xdd\x17\xc5\x93\x80",
+        .nout = 32
+    },
+    {
+        .path = "/crypto/pbkdf/nonrfc/ripemd160/iter1200",
+        .hash = QCRYPTO_HASH_ALG_RIPEMD160,
+        .iterations = 1200,
+        .key = "XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX"
+               "XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX"
+               "XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX"
+               "XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX",
+        .nkey = 129,
+        .salt = "pass phrase exceeds block size",
+        .nsalt = 30,
+        .out = "\xd6\xcb\xd8\xa7\xdb\x0c\xa2\x2a"
+               "\x23\x5e\x47\xaf\xdb\xda\xa8\xef"
+               "\xe4\x01\x0d\x6f\xb5\x33\xc8\xbd"
+               "\xce\xbf\x91\x14\x8b\x5c\x48\x41",
+        .nout = 32
+    },
+#if 0
+    {
         .path = "/crypto/pbkdf/nonrfc/whirlpool/iter1200",
         .hash = QCRYPTO_HASH_ALG_WHIRLPOOL,
         .iterations = 1200,