| // SPDX-License-Identifier: GPL-2.0+ |
| /* |
| * fs-verity hash algorithms |
| * |
| * Copyright (C) 2018 Google LLC |
| * |
| * Written by Eric Biggers. |
| */ |
| |
| #include <openssl/evp.h> |
| #include <stdlib.h> |
| #include <string.h> |
| |
| #include "fsverity_uapi.h" |
| #include "hash_algs.h" |
| |
| /* ========== libcrypto (OpenSSL) wrappers ========== */ |
| |
| struct openssl_hash_ctx { |
| struct hash_ctx base; /* must be first */ |
| EVP_MD_CTX *md_ctx; |
| const EVP_MD *md; |
| }; |
| |
| static void openssl_digest_init(struct hash_ctx *_ctx) |
| { |
| struct openssl_hash_ctx *ctx = (void *)_ctx; |
| |
| if (EVP_DigestInit_ex(ctx->md_ctx, ctx->md, NULL) != 1) |
| fatal_error("EVP_DigestInit_ex() failed for algorithm '%s'", |
| ctx->base.alg->name); |
| } |
| |
| static void openssl_digest_update(struct hash_ctx *_ctx, |
| const void *data, size_t size) |
| { |
| struct openssl_hash_ctx *ctx = (void *)_ctx; |
| |
| if (EVP_DigestUpdate(ctx->md_ctx, data, size) != 1) |
| fatal_error("EVP_DigestUpdate() failed for algorithm '%s'", |
| ctx->base.alg->name); |
| } |
| |
| static void openssl_digest_final(struct hash_ctx *_ctx, u8 *digest) |
| { |
| struct openssl_hash_ctx *ctx = (void *)_ctx; |
| |
| if (EVP_DigestFinal_ex(ctx->md_ctx, digest, NULL) != 1) |
| fatal_error("EVP_DigestFinal_ex() failed for algorithm '%s'", |
| ctx->base.alg->name); |
| } |
| |
| static void openssl_digest_ctx_free(struct hash_ctx *_ctx) |
| { |
| struct openssl_hash_ctx *ctx = (void *)_ctx; |
| |
| /* |
| * OpenSSL 1.1.0 renamed EVP_MD_CTX_destroy() to EVP_MD_CTX_free() but |
| * kept the old name as a macro. Use the old name for compatibility |
| * with older OpenSSL versions. |
| */ |
| EVP_MD_CTX_destroy(ctx->md_ctx); |
| free(ctx); |
| } |
| |
| static struct hash_ctx * |
| openssl_digest_ctx_create(const struct fsverity_hash_alg *alg, const EVP_MD *md) |
| { |
| struct openssl_hash_ctx *ctx; |
| |
| ctx = xzalloc(sizeof(*ctx)); |
| ctx->base.alg = alg; |
| ctx->base.init = openssl_digest_init; |
| ctx->base.update = openssl_digest_update; |
| ctx->base.final = openssl_digest_final; |
| ctx->base.free = openssl_digest_ctx_free; |
| /* |
| * OpenSSL 1.1.0 renamed EVP_MD_CTX_create() to EVP_MD_CTX_new() but |
| * kept the old name as a macro. Use the old name for compatibility |
| * with older OpenSSL versions. |
| */ |
| ctx->md_ctx = EVP_MD_CTX_create(); |
| if (!ctx->md_ctx) |
| fatal_error("out of memory"); |
| |
| ctx->md = md; |
| ASSERT(EVP_MD_size(md) == alg->digest_size); |
| |
| return &ctx->base; |
| } |
| |
| static struct hash_ctx *create_sha256_ctx(const struct fsverity_hash_alg *alg) |
| { |
| return openssl_digest_ctx_create(alg, EVP_sha256()); |
| } |
| |
| static struct hash_ctx *create_sha512_ctx(const struct fsverity_hash_alg *alg) |
| { |
| return openssl_digest_ctx_create(alg, EVP_sha512()); |
| } |
| |
| /* ========== Hash algorithm definitions ========== */ |
| |
| const struct fsverity_hash_alg fsverity_hash_algs[] = { |
| [FS_VERITY_HASH_ALG_SHA256] = { |
| .name = "sha256", |
| .digest_size = 32, |
| .block_size = 64, |
| .create_ctx = create_sha256_ctx, |
| }, |
| [FS_VERITY_HASH_ALG_SHA512] = { |
| .name = "sha512", |
| .digest_size = 64, |
| .block_size = 128, |
| .create_ctx = create_sha512_ctx, |
| }, |
| }; |
| |
| const struct fsverity_hash_alg *find_hash_alg_by_name(const char *name) |
| { |
| int i; |
| |
| for (i = 0; i < ARRAY_SIZE(fsverity_hash_algs); i++) { |
| if (fsverity_hash_algs[i].name && |
| !strcmp(name, fsverity_hash_algs[i].name)) |
| return &fsverity_hash_algs[i]; |
| } |
| error_msg("unknown hash algorithm: '%s'", name); |
| fputs("Available hash algorithms: ", stderr); |
| show_all_hash_algs(stderr); |
| putc('\n', stderr); |
| return NULL; |
| } |
| |
| const struct fsverity_hash_alg *find_hash_alg_by_num(unsigned int num) |
| { |
| if (num < ARRAY_SIZE(fsverity_hash_algs) && |
| fsverity_hash_algs[num].name) |
| return &fsverity_hash_algs[num]; |
| |
| return NULL; |
| } |
| |
| void show_all_hash_algs(FILE *fp) |
| { |
| int i; |
| const char *sep = ""; |
| |
| for (i = 0; i < ARRAY_SIZE(fsverity_hash_algs); i++) { |
| if (fsverity_hash_algs[i].name) { |
| fprintf(fp, "%s%s", sep, fsverity_hash_algs[i].name); |
| sep = ", "; |
| } |
| } |
| } |
| |
| /* ->init(), ->update(), and ->final() all in one step */ |
| void hash_full(struct hash_ctx *ctx, const void *data, size_t size, u8 *digest) |
| { |
| hash_init(ctx); |
| hash_update(ctx, data, size); |
| hash_final(ctx, digest); |
| } |