diff options
author | NIIBE Yutaka <gniibe@fsij.org> | 2022-01-26 00:22:50 +0900 |
---|---|---|
committer | NIIBE Yutaka <gniibe@fsij.org> | 2022-01-26 00:22:50 +0900 |
commit | bafdb90d97b65db541ea917088ca956e6a364f6b (patch) | |
tree | b2041913245036b27a31212f292f3c6d0e94851b /src | |
parent | 3d353782d84b9720262d7b05adfae3aef7ff843b (diff) | |
download | libgcrypt-bafdb90d97b65db541ea917088ca956e6a364f6b.tar.gz |
cipher: Add new API for modern KDF function.
* cipher/kdf.c (hash, argon2_genh0_first_blocks): New for Argon2.
(argon2_init, argon2_ctl, argon2_iterator): Likewise.
(argon2_compute_row, argon2_final, argon2_close): Likewise.
(argon2_open): Likewise.
(balloon_open): New for Balloon.
(_gcry_kdf_open, _gcry_kdf_ctl, _gcry_kdf_iterator): Add new API.
(_gcry_kdf_compute_row, _gcry_kdf_final, _gcry_kdf_close): Likewise.
* src/gcrypt-int.h: Add declarations for new API.
* src/gcrypt.h.in: Likewise.
(enum gcry_kdf_algos): Add GCRY_KDF_ARGON2 and GCRY_KDF_BALLOON.
(enum gcry_kdf_subalgo_argon2): Add GCRY_KDF_ARGON2D,
GCRY_KDF_ARGON2I, and GCRY_KDF_ARGON2ID.
* src/libgcrypt.def, src/libgcrypt.vers: Update.
* src/visibility.h: Likewise.
* src/visibility.c: Add new API.
* tests/Makefile.am (t_kdf_LDADD, t_kdf_CFLAGS): Enable use of pthread.
* tests/t-kdf.c (check_argon2): New, not enabled yet.
--
New API has been added, decoupling thread support. Implementation of
Argon2 is on-going. Test is not enabled yet.
GnuPG-bug-id: 5797
Signed-off-by: NIIBE Yutaka <gniibe@fsij.org>
Diffstat (limited to 'src')
-rw-r--r-- | src/gcrypt-int.h | 19 | ||||
-rw-r--r-- | src/gcrypt.h.in | 31 | ||||
-rw-r--r-- | src/libgcrypt.def | 7 | ||||
-rw-r--r-- | src/libgcrypt.vers | 3 | ||||
-rw-r--r-- | src/visibility.c | 55 | ||||
-rw-r--r-- | src/visibility.h | 12 |
6 files changed, 118 insertions, 9 deletions
diff --git a/src/gcrypt-int.h b/src/gcrypt-int.h index 62e8b699..af7e2e26 100644 --- a/src/gcrypt-int.h +++ b/src/gcrypt-int.h @@ -140,9 +140,9 @@ gpg_err_code_t _gcry_md_extract (gcry_md_hd_t hd, int algo, void *buffer, void _gcry_md_hash_buffer (int algo, void *digest, const void *buffer, size_t length); gpg_err_code_t _gcry_md_hash_buffers_extract (int algo, unsigned int flags, - void *digest, int digestlen, - const gcry_buffer_t *iov, - int iovcnt); + void *digest, int digestlen, + const gcry_buffer_t *iov, + int iovcnt); gpg_err_code_t _gcry_md_hash_buffers (int algo, unsigned int flags, void *digest, const gcry_buffer_t *iov, int iovcnt); @@ -207,6 +207,19 @@ gpg_err_code_t _gcry_kdf_derive (const void *passphrase, size_t passphraselen, unsigned long iterations, size_t keysize, void *keybuffer); +gpg_err_code_t _gcry_kdf_open (gcry_kdf_hd_t *hd, int algo, int subalgo, + const unsigned long *param, unsigned int paramlen, + const void *passphrase, size_t passphraselen, + const void *salt, size_t saltlen, + const void *key, size_t keylen, + const void *ad, size_t adlen); +gpg_err_code_t _gcry_kdf_ctl (gcry_kdf_hd_t h, int cmd, void *buffer, + size_t buflen); +gpg_err_code_t _gcry_kdf_iterator (gcry_kdf_hd_t h, int *action, void **arg_p); +gpg_err_code_t _gcry_kdf_compute_row (gcry_kdf_hd_t h, void *arg); +gpg_err_code_t _gcry_kdf_final (gcry_kdf_hd_t h, size_t resultlen, void *result); +void _gcry_kdf_close (gcry_kdf_hd_t h); + gpg_err_code_t _gcry_prime_generate (gcry_mpi_t *prime, unsigned int prime_bits, diff --git a/src/gcrypt.h.in b/src/gcrypt.h.in index 6376b446..ea771db7 100644 --- a/src/gcrypt.h.in +++ b/src/gcrypt.h.in @@ -118,7 +118,7 @@ extern "C" { #ifdef _GCRYPT_IN_LIBGCRYPT #define _GCRY_ATTR_INTERNAL #else -#define _GCRY_ATTR_INTERNAL _GCRY_GCC_ATTR_DEPRECATED +#define _GCRY_ATTR_INTERNAL _GCRY_GCC_ATTR_DEPRECATED #endif /* Wrappers for the libgpg-error library. */ @@ -383,7 +383,7 @@ gcry_error_t gcry_sexp_build (gcry_sexp_t *retsexp, size_t *erroff, /* Like gcry_sexp_build, but uses an array instead of variable function arguments. */ gcry_error_t gcry_sexp_build_array (gcry_sexp_t *retsexp, size_t *erroff, - const char *format, void **arg_list); + const char *format, void **arg_list); /* Release the S-expression object SEXP */ void gcry_sexp_release (gcry_sexp_t sexp); @@ -1591,7 +1591,16 @@ enum gcry_kdf_algos GCRY_KDF_ITERSALTED_S2K = 19, GCRY_KDF_PBKDF1 = 33, GCRY_KDF_PBKDF2 = 34, - GCRY_KDF_SCRYPT = 48 + GCRY_KDF_SCRYPT = 48, + GCRY_KDF_ARGON2 = 64, + GCRY_KDF_BALLOON = 65 + }; + +enum gcry_kdf_subalgo_argon2 + { + GCRY_KDF_ARGON2D = 0, + GCRY_KDF_ARGON2I = 1, + GCRY_KDF_ARGON2ID = 2 }; /* Derive a key from a passphrase. */ @@ -1601,8 +1610,20 @@ gpg_error_t gcry_kdf_derive (const void *passphrase, size_t passphraselen, unsigned long iterations, size_t keysize, void *keybuffer); - - +/* Another API to derive a key from a passphrase. */ +typedef struct gcry_kdf_handle *gcry_kdf_hd_t; +gcry_error_t gcry_kdf_open (gcry_kdf_hd_t *hd, int algo, int subalgo, + const unsigned long *param, unsigned int paramlen, + const void *passphrase, size_t passphraselen, + const void *salt, size_t saltlen, + const void *key, size_t keylen, + const void *ad, size_t adlen); +gcry_error_t gcry_kdf_ctl (gcry_kdf_hd_t h, int cmd, void *buffer, + size_t buflen); +gcry_error_t gcry_kdf_iterator (gcry_kdf_hd_t h, int *action_p, void **arg_p); +gcry_error_t gcry_kdf_compute_row (gcry_kdf_hd_t h, void *arg); +gcry_error_t gcry_kdf_final (gcry_kdf_hd_t h, size_t resultlen, void *result); +void gcry_kdf_close (gcry_kdf_hd_t h); /************************************ * * diff --git a/src/libgcrypt.def b/src/libgcrypt.def index bd2f076b..1996481f 100644 --- a/src/libgcrypt.def +++ b/src/libgcrypt.def @@ -293,4 +293,11 @@ EXPORTS gcry_pk_hash_verify @256 gcry_pk_random_override_new @257 + gcry_kdf_open @258 + gcry_kdf_ctl @259 + gcry_kdf_iterator @260 + gcry_kdf_compute_row @261 + gcry_kdf_final @262 + gcry_kdf_close @263 + ;; end of file with public symbols for Windows. diff --git a/src/libgcrypt.vers b/src/libgcrypt.vers index 8fd89779..2b81caea 100644 --- a/src/libgcrypt.vers +++ b/src/libgcrypt.vers @@ -123,6 +123,9 @@ GCRYPT_1.6 { gcry_ctx_release; gcry_pk_hash_sign; gcry_pk_hash_verify; gcry_pk_random_override_new; + + gcry_kdf_open; gcry_kdf_ctl; gcry_kdf_iterator; + gcry_kdf_compute_row; gcry_kdf_final; gcry_kdf_close; local: *; diff --git a/src/visibility.c b/src/visibility.c index 563d3f3b..d7f71254 100644 --- a/src/visibility.c +++ b/src/visibility.c @@ -923,7 +923,7 @@ gcry_mac_get_algo_keylen (int algo) gcry_error_t gcry_mac_open (gcry_mac_hd_t *handle, int algo, unsigned int flags, - gcry_ctx_t ctx) + gcry_ctx_t ctx) { if (!fips_is_operational ()) { @@ -1359,6 +1359,59 @@ gcry_kdf_derive (const void *passphrase, size_t passphraselen, keysize, keybuffer)); } +gpg_error_t +gcry_kdf_open (gcry_kdf_hd_t *hd, int algo, int subalgo, + const unsigned long *param, unsigned int paramlen, + const void *passphrase, size_t passphraselen, + const void *salt, size_t saltlen, + const void *key, size_t keylen, + const void *ad, size_t adlen) +{ + if (!fips_is_operational ()) + return gpg_error (fips_not_operational ()); + return gpg_error (_gcry_kdf_open (hd, algo, subalgo, param, paramlen, + passphrase, passphraselen, salt, saltlen, + key, keylen, ad, adlen)); +} + +gcry_error_t +gcry_kdf_ctl (gcry_kdf_hd_t h, int cmd, void *buffer, size_t buflen) +{ + if (!fips_is_operational ()) + return gpg_error (fips_not_operational ()); + return gpg_error (_gcry_kdf_ctl (h, cmd, buffer, buflen)); +} + +gcry_error_t +gcry_kdf_iterator (gcry_kdf_hd_t h, int *action, void **arg_p) +{ + if (!fips_is_operational ()) + return gpg_error (fips_not_operational ()); + return gpg_error (_gcry_kdf_iterator (h, action, arg_p)); +} + +gcry_error_t +gcry_kdf_compute_row (gcry_kdf_hd_t h, void *arg) +{ + if (!fips_is_operational ()) + return gpg_error (fips_not_operational ()); + return gpg_error (_gcry_kdf_compute_row (h, arg)); +} + +gcry_error_t +gcry_kdf_final (gcry_kdf_hd_t h, size_t resultlen, void *result) +{ + if (!fips_is_operational ()) + return gpg_error (fips_not_operational ()); + return gpg_error (_gcry_kdf_final (h, resultlen, result)); +} + +void +gcry_kdf_close (gcry_kdf_hd_t h) +{ + _gcry_kdf_close (h); +} + void gcry_randomize (void *buffer, size_t length, enum gcry_random_level level) { diff --git a/src/visibility.h b/src/visibility.h index b48182d0..625d6f2b 100644 --- a/src/visibility.h +++ b/src/visibility.h @@ -172,6 +172,12 @@ MARK_VISIBLEX (gcry_pk_hash_verify) MARK_VISIBLEX (gcry_pk_random_override_new) MARK_VISIBLEX (gcry_kdf_derive) +MARK_VISIBLEX (gcry_kdf_open) +MARK_VISIBLEX (gcry_kdf_ctl) +MARK_VISIBLEX (gcry_kdf_iterator) +MARK_VISIBLEX (gcry_kdf_compute_row) +MARK_VISIBLEX (gcry_kdf_final) +MARK_VISIBLEX (gcry_kdf_close) MARK_VISIBLEX (gcry_prime_check) MARK_VISIBLEX (gcry_prime_generate) @@ -412,6 +418,12 @@ MARK_VISIBLEX (_gcry_mpi_get_const) #define gcry_mac_ctl _gcry_USE_THE_UNDERSCORED_FUNCTION #define gcry_kdf_derive _gcry_USE_THE_UNDERSCORED_FUNCTION +#define gcry_kdf_open _gcry_USE_THE_UNDERSCORED_FUNCTION +#define gcry_kdf_ctl _gcry_USE_THE_UNDERSCORED_FUNCTION +#define gcry_kdf_iterator _gcry_USE_THE_UNDERSCORED_FUNCTION +#define gcry_kdf_compute_row _gcry_USE_THE_UNDERSCORED_FUNCTION +#define gcry_kdf_final _gcry_USE_THE_UNDERSCORED_FUNCTION +#define gcry_kdf_close _gcry_USE_THE_UNDERSCORED_FUNCTION #define gcry_prime_check _gcry_USE_THE_UNDERSCORED_FUNCTION #define gcry_prime_generate _gcry_USE_THE_UNDERSCORED_FUNCTION |