static int hash(const char *hash_name, size_t key_size, char *key, size_t passphrase_size, const char *passphrase) { struct crypt_hash *md = NULL; size_t len; int round, i, r = 0; if (crypt_hash_init(&md, hash_name)) return -ENOENT; len = crypt_hash_size(hash_name); for(round = 0; key_size && !r; round++) { /* hack from hashalot to avoid null bytes in key */ for(i = 0; i < round; i++) if (crypt_hash_write(md, "A", 1)) r = 1; if (crypt_hash_write(md, passphrase, passphrase_size)) r = 1; if (len > key_size) len = key_size; if (crypt_hash_final(md, key, len)) r = 1; key += len; key_size -= len; } crypt_hash_destroy(md); return r; }
/* * Test for wrong Whirlpool variant, * Ref: http://lists.gnupg.org/pipermail/gcrypt-devel/2014-January/002889.html */ static void crypt_hash_test_whirlpool_bug(void) { struct crypt_hash *h; char buf[2] = "\0\0", hash_out1[64], hash_out2[64]; int r; if (crypto_backend_whirlpool_bug >= 0) return; crypto_backend_whirlpool_bug = 0; if (crypt_hash_init(&h, "whirlpool")) return; /* One shot */ if ((r = crypt_hash_write(h, &buf[0], 2)) || (r = crypt_hash_final(h, hash_out1, 64))) { crypt_hash_destroy(h); return; } /* Split buf (crypt_hash_final resets hash state) */ if ((r = crypt_hash_write(h, &buf[0], 1)) || (r = crypt_hash_write(h, &buf[1], 1)) || (r = crypt_hash_final(h, hash_out2, 64))) { crypt_hash_destroy(h); return; } crypt_hash_destroy(h); if (memcmp(hash_out1, hash_out2, 64)) crypto_backend_whirlpool_bug = 1; }
static int verify_hash_block(const char *hash_name, int version, char *hash, size_t hash_size, const char *data, size_t data_size, const char *salt, size_t salt_size) { struct crypt_hash *ctx = NULL; int r; if (crypt_hash_init(&ctx, hash_name)) return -EINVAL; if (version == 1 && (r = crypt_hash_write(ctx, salt, salt_size))) goto out; if ((r = crypt_hash_write(ctx, data, data_size))) goto out; if (version == 0 && (r = crypt_hash_write(ctx, salt, salt_size))) goto out; r = crypt_hash_final(ctx, hash, hash_size); out: crypt_hash_destroy(ctx); return r; }
static int hash_buf(const char *src, char *dst, uint32_t iv, size_t len, const char *hash_name) { struct crypt_hash *hd = NULL; char *iv_char = (char *)&iv; int r; iv = htonl(iv); if (crypt_hash_init(&hd, hash_name)) return -EINVAL; if ((r = crypt_hash_write(hd, iv_char, sizeof(uint32_t)))) goto out; if ((r = crypt_hash_write(hd, src, len))) goto out; r = crypt_hash_final(hd, dst, len); out: crypt_hash_destroy(hd); return r; }
/* * Calculate hash (checksum) of |LUKS2_bin|LUKS2_JSON_area| from in-memory structs. * LUKS2 on-disk header contains uniques salt both for primary and secondary header. * Checksum is always calculated with zeroed checksum field in binary header. */ static int hdr_checksum_calculate(const char *alg, struct luks2_hdr_disk *hdr_disk, const char *json_area, size_t json_len) { struct crypt_hash *hd = NULL; int hash_size, r; hash_size = crypt_hash_size(alg); if (hash_size <= 0 || crypt_hash_init(&hd, alg)) return -EINVAL; /* Binary header, csum zeroed. */ r = crypt_hash_write(hd, (char*)hdr_disk, LUKS2_HDR_BIN_LEN); /* JSON area (including unused space) */ if (!r) r = crypt_hash_write(hd, json_area, json_len); if (!r) r = crypt_hash_final(hd, (char*)hdr_disk->csum, (size_t)hash_size); crypt_hash_destroy(hd); return r; }
static int hash_key(const char *src, size_t src_len, char *dst, size_t dst_len, const char *hash_name) { struct crypt_hash *hd = NULL; int r; if (crypt_hash_init(&hd, hash_name)) return -EINVAL; r = crypt_hash_write(hd, src, src_len); if (!r) r = crypt_hash_final(hd, dst, dst_len); crypt_hash_destroy(hd); return r; }