2
* QEMU Crypto PBKDF support (Password-Based Key Derivation Function)
4
* Copyright (c) 2015-2016 Red Hat, Inc.
6
* This library is free software; you can redistribute it and/or
7
* modify it under the terms of the GNU Lesser General Public
8
* License as published by the Free Software Foundation; either
9
* version 2.1 of the License, or (at your option) any later version.
11
* This library is distributed in the hope that it will be useful,
12
* but WITHOUT ANY WARRANTY; without even the implied warranty of
13
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
14
* Lesser General Public License for more details.
16
* You should have received a copy of the GNU Lesser General Public
17
* License along with this library; if not, see <http://www.gnu.org/licenses/>.
21
#include "qemu/osdep.h"
23
#include "qapi/error.h"
24
#include "crypto/pbkdf.h"
26
bool qcrypto_pbkdf2_supports(QCryptoHashAlgorithm hash)
29
case QCRYPTO_HASH_ALG_MD5:
30
case QCRYPTO_HASH_ALG_SHA1:
31
case QCRYPTO_HASH_ALG_SHA224:
32
case QCRYPTO_HASH_ALG_SHA256:
33
case QCRYPTO_HASH_ALG_SHA384:
34
case QCRYPTO_HASH_ALG_SHA512:
35
case QCRYPTO_HASH_ALG_RIPEMD160:
42
int qcrypto_pbkdf2(QCryptoHashAlgorithm hash,
43
const uint8_t *key, size_t nkey,
44
const uint8_t *salt, size_t nsalt,
46
uint8_t *out, size_t nout,
49
static const int hash_map[QCRYPTO_HASH_ALG__MAX] = {
50
[QCRYPTO_HASH_ALG_MD5] = GCRY_MD_MD5,
51
[QCRYPTO_HASH_ALG_SHA1] = GCRY_MD_SHA1,
52
[QCRYPTO_HASH_ALG_SHA224] = GCRY_MD_SHA224,
53
[QCRYPTO_HASH_ALG_SHA256] = GCRY_MD_SHA256,
54
[QCRYPTO_HASH_ALG_SHA384] = GCRY_MD_SHA384,
55
[QCRYPTO_HASH_ALG_SHA512] = GCRY_MD_SHA512,
56
[QCRYPTO_HASH_ALG_RIPEMD160] = GCRY_MD_RMD160,
60
if (iterations > ULONG_MAX) {
61
error_setg_errno(errp, ERANGE,
62
"PBKDF iterations %llu must be less than %lu",
63
(long long unsigned)iterations, ULONG_MAX);
67
if (hash >= G_N_ELEMENTS(hash_map) ||
68
hash_map[hash] == GCRY_MD_NONE) {
69
error_setg_errno(errp, ENOSYS,
70
"PBKDF does not support hash algorithm %s",
71
QCryptoHashAlgorithm_str(hash));
75
ret = gcry_kdf_derive(key, nkey, GCRY_KDF_PBKDF2,
77
salt, nsalt, iterations,
80
error_setg(errp, "Cannot derive password: %s",