Menu

[a0154d]: / sad_gnutls.c  Maximize  Restore  History

Download this file

205 lines (173 with data), 4.2 kB

  1
  2
  3
  4
  5
  6
  7
  8
  9
 10
 11
 12
 13
 14
 15
 16
 17
 18
 19
 20
 21
 22
 23
 24
 25
 26
 27
 28
 29
 30
 31
 32
 33
 34
 35
 36
 37
 38
 39
 40
 41
 42
 43
 44
 45
 46
 47
 48
 49
 50
 51
 52
 53
 54
 55
 56
 57
 58
 59
 60
 61
 62
 63
 64
 65
 66
 67
 68
 69
 70
 71
 72
 73
 74
 75
 76
 77
 78
 79
 80
 81
 82
 83
 84
 85
 86
 87
 88
 89
 90
 91
 92
 93
 94
 95
 96
 97
 98
 99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
/**
* @file sad_gnutls.c
* @brief Security Association Database gnutls functions
* @note Copyright (C) 2024 IBM Corporation, Clay Kaiser <Clay.Kaiser@ibm.com>
* @note SPDX-License-Identifier: GPL-2.0+
*/
#include <gnutls/crypto.h>
#include <stdlib.h>
#include <string.h>
#include <sys/queue.h>
#include "print.h"
#include "sad.h"
#include "sad_private.h"
static int mac_count = -1;
struct mac_data {
gnutls_mac_algorithm_t algorithm;
gnutls_hmac_hd_t handle;
};
static int sad_init_gnutls(void)
{
int err = 0;
if (mac_count >= 0) {
return 0;
}
err = gnutls_global_init();
if (err < 0) {
pr_err("gnutls_global_init() failed: %s",
gnutls_strerror(err));
return -1;
}
mac_count = 0;
return 0;
}
static void sad_deinit_gnutls(void)
{
if (mac_count == 0) {
gnutls_global_deinit();
mac_count = -1;
}
}
struct mac_data *sad_init_mac(integrity_alg_type algorithm,
const unsigned char *key, size_t key_len)
{
int err, length;
gnutls_hmac_hd_t handle;
gnutls_mac_algorithm_t mac_algorithm;
struct mac_data *mac_data;
/* initialize gnutls if not already */
if (mac_count < 0) {
if (sad_init_gnutls() < 0) {
return NULL;
}
}
/* verify key length */
if (key_len == 0) {
pr_err("BUG: key_len is zero");
sad_deinit_gnutls();
return NULL;
}
/* retrieve mac algorithm */
switch (algorithm) {
case HMAC_SHA256_128:
case HMAC_SHA256:
mac_algorithm = GNUTLS_MAC_SHA256;
break;
case CMAC_AES128:
mac_algorithm = GNUTLS_MAC_AES_CMAC_128;
break;
case CMAC_AES256:
mac_algorithm = GNUTLS_MAC_AES_CMAC_256;
break;
default:
pr_err("BUG: unknown algorithm");
sad_deinit_gnutls();
return NULL;
}
/* retrieve mac key length */
length = gnutls_hmac_get_key_size(mac_algorithm);
if (length < 0) {
sad_deinit_gnutls();
return NULL;
}
/* verify key length matches for cmac only */
switch (algorithm) {
case CMAC_AES128:
case CMAC_AES256:
if (key_len != length) {
pr_err("BUG: cipher key_len does not match");
sad_deinit_gnutls();
return NULL;
}
break;
default:
break;
}
/* initialize handle and set key */
err = gnutls_hmac_init(&handle, mac_algorithm, key, key_len);
if (err < 0) {
pr_err("gnutls_hmac_init() failed: %s",
gnutls_strerror(err));
sad_deinit_gnutls();
return NULL;
}
/* initialize mac_data */
mac_data = calloc(1, sizeof(*mac_data));
if (!mac_data) {
sad_deinit_gnutls();
return NULL;
}
mac_data->algorithm = mac_algorithm;
mac_data->handle = handle;
mac_count++;
return mac_data;
}
void sad_deinit_mac(struct mac_data *data)
{
gnutls_hmac_deinit(data->handle, NULL);
free(data);
mac_count--;
sad_deinit_gnutls();
}
static inline int sad_output_mac(struct mac_data *mac_data,
const void *data, size_t data_len,
unsigned char *mac, size_t mac_len)
{
size_t digest_len;
/* confirm mac length is within library support */
digest_len = gnutls_hmac_get_len(mac_data->algorithm);
if (mac_len > digest_len) {
pr_err("BUG: mac_len larger than library support");
return 0;
}
/* confirm mac length is within buffer size */
if (mac_len > MAX_DIGEST_LENGTH) {
pr_err("BUG: mac_len larger than buffer");
return 0;
}
/* update data and retrieve mac */
if (gnutls_hmac(mac_data->handle, data, data_len) < 0) {
gnutls_hmac_output(mac_data->handle, mac);
pr_err("gnutls_hmac() failed");
return 0;
}
gnutls_hmac_output(mac_data->handle, mac);
return 1;
}
int sad_hash(struct mac_data *mac_data,
const void *data, size_t data_len,
unsigned char *mac, size_t mac_len)
{
unsigned char digest_buffer[MAX_DIGEST_LENGTH];
/* update data and output mac */
if (!sad_output_mac(mac_data, data, data_len,
digest_buffer, mac_len)) {
return 0;
}
/* move mac to desired location */
memcpy(mac, digest_buffer, mac_len);
return mac_len;
}
int sad_verify(struct mac_data *mac_data,
const void *data, size_t data_len,
unsigned char *mac, size_t mac_len)
{
unsigned char digest_buffer[MAX_DIGEST_LENGTH];
/* update data and output mac */
if (!sad_output_mac(mac_data, data, data_len,
digest_buffer, mac_len)) {
return -1;
}
/* compare calculated with received */
return gnutls_memcmp(digest_buffer, mac, mac_len);
}
Want the latest updates on software, tech news, and AI?
Get latest updates about software, tech news, and AI from SourceForge directly in your inbox once a month.