summaryrefslogtreecommitdiff
path: root/crypto
AgeCommit message (Collapse)AuthorFilesLines
2018-12-12crypto: support multiple threads accessing one QCryptoBlockVladimir Sementsov-Ogievskiy4-41/+163
The two thing that should be handled are cipher and ivgen. For ivgen the solution is just mutex, as iv calculations should not be long in comparison with encryption/decryption. And for cipher let's just keep per-thread ciphers. Signed-off-by: Vladimir Sementsov-Ogievskiy <vsementsov@virtuozzo.com> Reviewed-by: Alberto Garcia <berto@igalia.com> Signed-off-by: Daniel P. Berrangé <berrange@redhat.com>
2018-12-12crypto/block: introduce qcrypto_block_*crypt_helper functionsVladimir Sementsov-Ogievskiy4-16/+54
Introduce QCryptoBlock-based functions and use them where possible. This is needed to implement thread-safe encrypt/decrypt operations. Signed-off-by: Vladimir Sementsov-Ogievskiy <vsementsov@virtuozzo.com> Reviewed-by: Alberto Garcia <berto@igalia.com> Signed-off-by: Daniel P. Berrangé <berrange@redhat.com>
2018-12-12crypto/block: rename qcrypto_block_*crypt_helperVladimir Sementsov-Ogievskiy4-81/+83
Rename qcrypto_block_*crypt_helper to qcrypto_block_cipher_*crypt_helper, as it's not about QCryptoBlock. This is needed to introduce qcrypto_block_*crypt_helper in the next commit, which will have QCryptoBlock pointer and than will be able to use additional fields of it, which in turn will be used to implement thread-safe QCryptoBlock operations. Signed-off-by: Vladimir Sementsov-Ogievskiy <vsementsov@virtuozzo.com> Reviewed-by: Alberto Garcia <berto@igalia.com> Signed-off-by: Daniel P. Berrangé <berrange@redhat.com>
2018-12-12crypto/block: refactor qcrypto_block_*crypt_helper functionsVladimir Sementsov-Ogievskiy1-50/+31
qcrypto_block_encrypt_helper and qcrypto_block_decrypt_helper are almost identical, let's reduce code duplication and simplify further improvements. Signed-off-by: Vladimir Sementsov-Ogievskiy <vsementsov@virtuozzo.com> Reviewed-by: Alberto Garcia <berto@igalia.com> Signed-off-by: Daniel P. Berrangé <berrange@redhat.com>
2018-12-12crypto/block-luks: fix memory leak in qcrypto_block_luks_createVladimir Sementsov-Ogievskiy1-0/+3
Free block->cipher and block->ivgen on error path. Signed-off-by: Vladimir Sementsov-Ogievskiy <vsementsov@virtuozzo.com> Reviewed-by: Alberto Garcia <berto@igalia.com> Signed-off-by: Daniel P. Berrangé <berrange@redhat.com>
2018-11-19io: return 0 for EOF in TLS session read after shutdownDaniel P. Berrangé1-0/+3
GNUTLS takes a paranoid approach when seeing 0 bytes returned by the underlying OS read() function. It will consider this an error and return GNUTLS_E_PREMATURE_TERMINATION instead of propagating the 0 return value. It expects apps to arrange for clean termination at the protocol level and not rely on seeing EOF from a read call to detect shutdown. This is to harden apps against a malicious 3rd party causing termination of the sockets layer. This is unhelpful for the QEMU NBD code which does have a clean protocol level shutdown, but still relies on seeing 0 from the I/O channel read in the coroutine handling incoming replies. The upshot is that when using a plain NBD connection shutdown is silent, but when using TLS, the client spams the console with Cannot read from TLS channel: Broken pipe The NBD connection has, however, called qio_channel_shutdown() at this point to indicate that it is done with I/O. This gives the opportunity to optimize the code such that when the channel has been shutdown in the read direction, the error code GNUTLS_E_PREMATURE_TERMINATION gets turned into a '0' return instead of an error. Signed-off-by: Daniel P. Berrangé <berrange@redhat.com> Message-Id: <20181119134228.11031-1-berrange@redhat.com> Reviewed-by: Eric Blake <eblake@redhat.com> Signed-off-by: Eric Blake <eblake@redhat.com>
2018-11-05crypto: initialize sector size even when opening with no IO flagDaniel P. Berrangé1-0/+2
The qcow2 block driver expects to see a valid sector size even when it has opened the crypto layer with QCRYPTO_BLOCK_OPEN_NO_IO. Signed-off-by: Daniel P. Berrangé <berrange@redhat.com> Reviewed-by: Alberto Garcia <berto@igalia.com> Signed-off-by: Kevin Wolf <kwolf@redhat.com>
2018-10-24crypto: annotate xts_tweak_encdec as inlineableDaniel P. Berrangé1-5/+5
Encouraging the compiler to inline xts_tweak_encdec increases the performance for xts-aes-128 when built with gcrypt: Encrypt: 545 MB/s -> 580 MB/s Decrypt: 568 MB/s -> 602 MB/s Reviewed-by: Alberto Garcia <berto@igalia.com> Signed-off-by: Daniel P. Berrangé <berrange@redhat.com>
2018-10-24crypto: convert xts_mult_x to use xts_uint128 typeDaniel P. Berrangé1-12/+28
Using 64-bit arithmetic increases the performance for xts-aes-128 when built with gcrypt: Encrypt: 355 MB/s -> 545 MB/s Decrypt: 362 MB/s -> 568 MB/s Reviewed-by: Alberto Garcia <berto@igalia.com> Signed-off-by: Daniel P. Berrangé <berrange@redhat.com>
2018-10-24crypto: convert xts_tweak_encdec to use xts_uint128 typeDaniel P. Berrangé1-26/+58
Using 64-bit arithmetic increases the performance for xts-aes-128 when built with gcrypt: Encrypt: 272 MB/s -> 355 MB/s Decrypt: 275 MB/s -> 362 MB/s Reviewed-by: Alberto Garcia <berto@igalia.com> Signed-off-by: Daniel P. Berrangé <berrange@redhat.com>
2018-10-24crypto: introduce a xts_uint128 data typeDaniel P. Berrangé1-20/+26
The new type is designed to allow use of 64-bit arithmetic instead of operating 1-byte at a time. The following patches will use this to improve performance. Reviewed-by: Alberto Garcia <berto@igalia.com> Signed-off-by: Daniel P. Berrangé <berrange@redhat.com>
2018-10-24crypto: remove code duplication in tweak encrypt/decryptDaniel P. Berrangé1-49/+15
The tweak encrypt/decrypt functions are identical except for the comments, so can be merged. Profiling data shows that the compiler is in fact already merging the two merges in the object files. Reviewed-by: Marc-André Lureau <marcandre.lureau@redhat.com> Reviewed-by: Alberto Garcia <berto@igalia.com> Signed-off-by: Daniel P. Berrangé <berrange@redhat.com>
2018-10-19crypto: require nettle >= 2.7.1 for building QEMUDaniel P. Berrangé1-2/+2
nettle 2.7.1 was released in 2013 and all the distros that are build target platforms for QEMU [1] include it: RHEL-7: 2.7.1 Debian (Stretch): 3.3 Debian (Jessie): 2.7.1 OpenBSD (ports): 3.4 FreeBSD (ports): 3.4 OpenSUSE Leap 15: 3.4 Ubuntu (Xenial): 3.2 macOS (Homebrew): 3.4 Based on this, it is reasonable to require nettle >= 2.7.1 in QEMU which allows for some conditional version checks in the code to be removed. [1] https://qemu.weilnetz.de/doc/qemu-doc.html#Supported-build-platforms Reviewed-by: Eric Blake <eblake@redhat.com> Signed-off-by: Daniel P. Berrangé <berrange@redhat.com>
2018-10-19crypto: require libgcrypt >= 1.5.0 for building QEMUDaniel P. Berrangé2-3/+2
libgcrypt 1.5.0 was released in 2011 and all the distros that are build target platforms for QEMU [1] include it: RHEL-7: 1.5.3 Debian (Stretch): 1.7.6 Debian (Jessie): 1.6.3 OpenBSD (ports): 1.8.2 FreeBSD (ports): 1.8.3 OpenSUSE Leap 15: 1.8.2 Ubuntu (Xenial): 1.6.5 macOS (Homebrew): 1.8.3 Based on this, it is reasonable to require libgcrypt >= 1.5.0 in QEMU which allows for some conditional version checks in the code to be removed. [1] https://qemu.weilnetz.de/doc/qemu-doc.html#Supported-build-platforms Reviewed-by: Eric Blake <eblake@redhat.com> Signed-off-by: Daniel P. Berrangé <berrange@redhat.com>
2018-10-19crypto: require gnutls >= 3.1.18 for building QEMUDaniel P. Berrangé4-49/+4
gnutls 3.0.0 was released in 2011 and all the distros that are build target platforms for QEMU [1] include it: RHEL-7: 3.1.18 Debian (Stretch): 3.5.8 Debian (Jessie): 3.3.8 OpenBSD (ports): 3.5.18 FreeBSD (ports): 3.5.18 OpenSUSE Leap 15: 3.6.2 Ubuntu (Xenial): 3.4.10 macOS (Homebrew): 3.5.19 Based on this, it is reasonable to require gnutls >= 3.1.18 in QEMU which allows for all conditional version checks in the code to be removed. [1] https://qemu.weilnetz.de/doc/qemu-doc.html#Supported-build-platforms Reviewed-by: Eric Blake <eblake@redhat.com> Signed-off-by: Daniel P. Berrangé <berrange@redhat.com>
2018-07-03crypto: Implement TLS Pre-Shared Keys (PSK).Richard W.M. Jones4-2/+366
Pre-Shared Keys (PSK) is a simpler mechanism for enabling TLS connections than using certificates. It requires only a simple secret key: $ mkdir -m 0700 /tmp/keys $ psktool -u rjones -p /tmp/keys/keys.psk $ cat /tmp/keys/keys.psk rjones:d543770c15ad93d76443fb56f501a31969235f47e999720ae8d2336f6a13fcbc The key can be secretly shared between clients and servers. Clients must specify the directory containing the "keys.psk" file and a username (defaults to "qemu"). Servers must specify only the directory. Example NBD client: $ qemu-img info \ --object tls-creds-psk,id=tls0,dir=/tmp/keys,username=rjones,endpoint=client \ --image-opts \ file.driver=nbd,file.host=localhost,file.port=10809,file.tls-creds=tls0,file.export=/ Example NBD server using qemu-nbd: $ qemu-nbd -t -x / \ --object tls-creds-psk,id=tls0,endpoint=server,dir=/tmp/keys \ --tls-creds tls0 \ image.qcow2 Example NBD server using nbdkit: $ nbdkit -n -e / -fv \ --tls=on --tls-psk=/tmp/keys/keys.psk \ file file=disk.img Signed-off-by: Richard W.M. Jones <rjones@redhat.com> Signed-off-by: Daniel P. Berrangé <berrange@redhat.com>
2018-06-29glib: bump min required glib library version to 2.40Daniel P. Berrangé2-40/+0
Per supported platforms doc[1], the various min glib on relevant distros is: RHEL-7: 2.50.3 Debian (Stretch): 2.50.3 Debian (Jessie): 2.42.1 OpenBSD (Ports): 2.54.3 FreeBSD (Ports): 2.50.3 OpenSUSE Leap 15: 2.54.3 SLE12-SP2: 2.48.2 Ubuntu (Xenial): 2.48.0 macOS (Homebrew): 2.56.0 This suggests that a minimum glib of 2.42 is a reasonable target. The GLibC compile farm, however, uses Ubuntu 14.04 (Trusty) which only has glib 2.40.0, and this is needed for testing during merge. Thus an exception is made to the documented platform support policy to allow for all three current LTS releases to be supported. Docker jobs that not longer satisfy this new min version are removed. [1] https://qemu.weilnetz.de/doc/qemu-doc.html#Supported-build-platforms Reviewed-by: Thomas Huth <thuth@redhat.com> Signed-off-by: Daniel P. Berrangé <berrange@redhat.com>
2018-06-01crypto: use local path for local headersMichael S. Tsirkin16-23/+23
When pulling in headers that are in the same directory as the C file (as opposed to one in include/), we should use its relative path, without a directory. Signed-off-by: Michael S. Tsirkin <mst@redhat.com> Reviewed-by: Philippe Mathieu-Daudé <f4bug@amsat.org> Tested-by: Philippe Mathieu-Daudé <f4bug@amsat.org> Acked-by: Daniel P. Berrangé <berrange@redhat.com>
2018-03-02Include less of the generated modular QAPI headersMarkus Armbruster1-1/+1
In my "build everything" tree, a change to the types in qapi-schema.json triggers a recompile of about 4800 out of 5100 objects. The previous commit split up qmp-commands.h, qmp-event.h, qmp-visit.h, qapi-types.h. Each of these headers still includes all its shards. Reduce compile time by including just the shards we actually need. To illustrate the benefits: adding a type to qapi/migration.json now recompiles some 2300 instead of 4800 objects. The next commit will improve it further. Signed-off-by: Markus Armbruster <armbru@redhat.com> Message-Id: <20180211093607.27351-24-armbru@redhat.com> Reviewed-by: Eric Blake <eblake@redhat.com> Reviewed-by: Marc-André Lureau <marcandre.lureau@redhat.com> [eblake: rebase to master] Signed-off-by: Eric Blake <eblake@redhat.com>
2018-02-09Include qapi/error.h exactly where neededMarkus Armbruster7-5/+2
This cleanup makes the number of objects depending on qapi/error.h drop from 1910 (out of 4743) to 1612 in my "build everything" tree. While there, separate #include from file comment with a blank line, and drop a useless comment on why qemu/osdep.h is included first. Reviewed-by: Eric Blake <eblake@redhat.com> Reviewed-by: Philippe Mathieu-Daudé <f4bug@amsat.org> Signed-off-by: Markus Armbruster <armbru@redhat.com> Message-Id: <20180201111846.21846-5-armbru@redhat.com> [Semantic conflict with commit 34e304e975 resolved, OSX breakage fixed]
2018-01-16crypto: fix stack-buffer-overflow errorMarc-André Lureau1-1/+1
ASAN complains about: ==8856==ERROR: AddressSanitizer: stack-buffer-overflow on address 0x7ffd8a1fe168 at pc 0x561136cb4451 bp 0x7ffd8a1fe130 sp 0x7ffd8a1fd8e0 READ of size 16 at 0x7ffd8a1fe168 thread T0 #0 0x561136cb4450 in __asan_memcpy (/home/elmarco/src/qq/build/tests/test-crypto-ivgen+0x110450) #1 0x561136d2a6a7 in qcrypto_ivgen_essiv_calculate /home/elmarco/src/qq/crypto/ivgen-essiv.c:83:5 #2 0x561136d29af8 in qcrypto_ivgen_calculate /home/elmarco/src/qq/crypto/ivgen.c:72:12 #3 0x561136d07c8e in test_ivgen /home/elmarco/src/qq/tests/test-crypto-ivgen.c:148:5 #4 0x7f77772c3b04 in test_case_run /home/elmarco/src/gnome/glib/builddir/../glib/gtestutils.c:2237 #5 0x7f77772c3ec4 in g_test_run_suite_internal /home/elmarco/src/gnome/glib/builddir/../glib/gtestutils.c:2321 #6 0x7f77772c3f6d in g_test_run_suite_internal /home/elmarco/src/gnome/glib/builddir/../glib/gtestutils.c:2333 #7 0x7f77772c3f6d in g_test_run_suite_internal /home/elmarco/src/gnome/glib/builddir/../glib/gtestutils.c:2333 #8 0x7f77772c3f6d in g_test_run_suite_internal /home/elmarco/src/gnome/glib/builddir/../glib/gtestutils.c:2333 #9 0x7f77772c4184 in g_test_run_suite /home/elmarco/src/gnome/glib/builddir/../glib/gtestutils.c:2408 #10 0x7f77772c2e0d in g_test_run /home/elmarco/src/gnome/glib/builddir/../glib/gtestutils.c:1674 #11 0x561136d0799b in main /home/elmarco/src/qq/tests/test-crypto-ivgen.c:173:12 #12 0x7f77756e6039 in __libc_start_main (/lib64/libc.so.6+0x21039) #13 0x561136c13d89 in _start (/home/elmarco/src/qq/build/tests/test-crypto-ivgen+0x6fd89) Address 0x7ffd8a1fe168 is located in stack of thread T0 at offset 40 in frame #0 0x561136d2a40f in qcrypto_ivgen_essiv_calculate /home/elmarco/src/qq/crypto/ivgen-essiv.c:76 This frame has 1 object(s): [32, 40) 'sector.addr' <== Memory access at offset 40 overflows this variable HINT: this may be a false positive if your program uses some custom stack unwind mechanism or swapcontext (longjmp and C++ exceptions *are* supported) SUMMARY: AddressSanitizer: stack-buffer-overflow (/home/elmarco/src/qq/build/tests/test-crypto-ivgen+0x110450) in __asan_memcpy Shadow bytes around the buggy address: 0x100031437bd0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 0x100031437be0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 0x100031437bf0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 0x100031437c00: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 0x100031437c10: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 =>0x100031437c20: 00 00 00 00 00 00 00 00 f1 f1 f1 f1 00[f3]f3 f3 0x100031437c30: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 0x100031437c40: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 0x100031437c50: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 0x100031437c60: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 0x100031437c70: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 Shadow byte legend (one shadow byte represents 8 application bytes): Addressable: 00 Partially addressable: 01 02 03 04 05 06 07 Heap left redzone: fa Freed heap region: fd Stack left redzone: f1 Stack mid redzone: f2 Stack right redzone: f3 Stack after return: f5 Stack use after scope: f8 Global redzone: f9 Global init order: f6 Poisoned by user: f7 Container overflow: fc Array cookie: ac Intra object redzone: bb ASan internal: fe Left alloca redzone: ca Right alloca redzone: cb It looks like the rest of the code copes with ndata being larger than sizeof(sector), so limit the memcpy() range. Signed-off-by: Marc-André Lureau <marcandre.lureau@redhat.com> Reviewed-by: Daniel P. Berrange <berrange@redhat.com> Message-Id: <20180104160523.22995-13-marcandre.lureau@redhat.com> Tested-by: Thomas Huth <thuth@redhat.com> Reviewed-by: Thomas Huth <thuth@redhat.com> Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
2017-11-08crypto: afalg: fix a NULL pointer dereferenceLongpeng3-15/+7
Test-crypto-hash calls qcrypto_hash_bytesv/digest/base64 with errp=NULL, this will cause a NULL pointer dereference if afalg_driver doesn't support requested algos: ret = qcrypto_hash_afalg_driver.hash_bytesv(alg, iov, niov, result, resultlen, errp); if (ret == 0) { return ret; } error_free(*errp); // <--- here Because the error message is thrown away immediately, we should just pass NULL to hash_bytesv(). There is also the same problem in afalg-backend cipher & hmac, let's fix them together. Reviewed-by: Eric Blake <eblake@redhat.com> Reported-by: Paolo Bonzini <pbonzini@redhat.com> Signed-off-by: Longpeng <longpeng2@huawei.com> Signed-off-by: Daniel P. Berrange <berrange@redhat.com>
2017-10-06block: convert qcrypto_block_encrypt|decrypt to take bytes offsetDaniel P. Berrange4-16/+32
Instead of sector offset, take the bytes offset when encrypting or decrypting data. Signed-off-by: Daniel P. Berrange <berrange@redhat.com> Message-id: 20170927125340.12360-6-berrange@redhat.com Reviewed-by: Eric Blake <eblake@redhat.com> Reviewed-by: Max Reitz <mreitz@redhat.com> Signed-off-by: Max Reitz <mreitz@redhat.com>
2017-10-06crypto: expose encryption sector size in APIsDaniel P. Berrange4-2/+12
While current encryption schemes all have a fixed sector size of 512 bytes, this is not guaranteed to be the case in future. Expose the sector size in the APIs so the block layer can remove assumptions about fixed 512 byte sectors. Reviewed-by: Max Reitz <mreitz@redhat.com> Reviewed-by: Eric Blake <eblake@redhat.com> Signed-off-by: Daniel P. Berrange <berrange@redhat.com> Message-id: 20170927125340.12360-3-berrange@redhat.com Signed-off-by: Max Reitz <mreitz@redhat.com>
2017-09-04qapi: Change data type of the FOO_lookup generated for enum FOOMarc-André Lureau3-6/+6
Currently, a FOO_lookup is an array of strings terminated by a NULL sentinel. A future patch will generate enums with "holes". NULL-termination will cease to work then. To prepare for that, store the length in the FOO_lookup by wrapping it in a struct and adding a member for the length. The sentinel will be dropped next. Signed-off-by: Marc-André Lureau <marcandre.lureau@redhat.com> Message-Id: <20170822132255.23945-13-marcandre.lureau@redhat.com> [Basically redone] Signed-off-by: Markus Armbruster <armbru@redhat.com> Message-Id: <1503564371-26090-16-git-send-email-armbru@redhat.com> [Rebased]
2017-09-04qapi: Mechanically convert FOO_lookup[...] to FOO_str(...)Markus Armbruster11-24/+24
Signed-off-by: Markus Armbruster <armbru@redhat.com> Message-Id: <1503564371-26090-14-git-send-email-armbru@redhat.com> Reviewed-by: Marc-André Lureau <marcandre.lureau@redhat.com>
2017-09-04qapi: Generate FOO_str() macro for QAPI enum FOOMarkus Armbruster1-1/+0
The next commit will put it to use. May look pointless now, but we're going to change the FOO_lookup's type, and then it'll help. Signed-off-by: Markus Armbruster <armbru@redhat.com> Message-Id: <1503564371-26090-13-git-send-email-armbru@redhat.com> Reviewed-by: Marc-André Lureau <marcandre.lureau@redhat.com>
2017-09-04crypto: Use qapi_enum_parse() in qcrypto_block_luks_name_lookup()Markus Armbruster1-12/+7
Cc: "Daniel P. Berrange" <berrange@redhat.com> Signed-off-by: Markus Armbruster <armbru@redhat.com> Message-Id: <1503564371-26090-10-git-send-email-armbru@redhat.com> Reviewed-by: Marc-André Lureau <marcandre.lureau@redhat.com> Acked-by: Daniel P. Berrange <berrange@redhat.com>
2017-07-31docs: fix broken paths to docs/devel/tracing.txtPhilippe Mathieu-Daudé1-1/+1
With the move of some docs/ to docs/devel/ on ac06724a71, no references were updated. Signed-off-by: Philippe Mathieu-Daudé <f4bug@amsat.org> Reviewed-by: Stefan Hajnoczi <stefanha@redhat.com> Signed-off-by: Michael Tokarev <mjt@tls.msk.ru>
2017-07-19crypto: hmac: add af_alg-backend hmac supportLongpeng(Mike)3-17/+121
Adds afalg-backend hmac support: introduces some private APIs firstly, and then intergrates them into qcrypto_hmac_afalg_driver. Signed-off-by: Longpeng(Mike) <longpeng2@huawei.com> Signed-off-by: Daniel P. Berrange <berrange@redhat.com>
2017-07-19crypto: hash: add afalg-backend hash supportLongpeng(Mike)5-0/+163
Adds afalg-backend hash support: introduces some private APIs firstly, and then intergrates them into qcrypto_hash_afalg_driver. Signed-off-by: Longpeng(Mike) <longpeng2@huawei.com> Signed-off-by: Daniel P. Berrange <berrange@redhat.com>
2017-07-19crypto: cipher: add afalg-backend cipher supportLongpeng(Mike)5-4/+271
Adds afalg-backend cipher support: introduces some private APIs firstly, and then intergrates them into qcrypto_cipher_afalg_driver. Signed-off-by: Longpeng(Mike) <longpeng2@huawei.com> Signed-off-by: Daniel P. Berrange <berrange@redhat.com>
2017-07-19crypto: introduce some common functions for af_alg backendLongpeng(Mike)3-0/+171
The AF_ALG socket family is the userspace interface for linux crypto API, this patch adds af_alg family support and some common functions for af_alg backend. It'll be used by afalg-backend crypto latter. Signed-off-by: Longpeng(Mike) <longpeng2@huawei.com> Maintainer: modified to report an error if AF_ALG is requested but cannot be supported Signed-off-by: Daniel P. Berrange <berrange@redhat.com>
2017-07-19crypto: hmac: add hmac driver frameworkLongpeng(Mike)5-114/+144
1) makes the public APIs in hmac-nettle/gcrypt/glib static, and rename them with "nettle/gcrypt/glib" prefix. 2) introduces hmac framework, including QCryptoHmacDriver and new public APIs. Signed-off-by: Longpeng(Mike) <longpeng2@huawei.com> Signed-off-by: Daniel P. Berrange <berrange@redhat.com>
2017-07-19crypto: hmac: introduce qcrypto_hmac_ctx_new for glib-backendLongpeng(Mike)1-10/+24
Extracts qcrypto_hmac_ctx_new() from qcrypto_hmac_new() for glib-backend impls. Reviewed-by: Gonglei <arei.gonglei@huawei.com> Signed-off-by: Longpeng(Mike) <longpeng2@huawei.com> Signed-off-by: Daniel P. Berrange <berrange@redhat.com>
2017-07-19crypto: hmac: introduce qcrypto_hmac_ctx_new for nettle-backendLongpeng(Mike)1-10/+24
Extracts qcrypto_hmac_ctx_new() from qcrypto_hmac_new() for nettle-backend impls. Reviewed-by: Gonglei <arei.gonglei@huawei.com> Signed-off-by: Longpeng(Mike) <longpeng2@huawei.com> Signed-off-by: Daniel P. Berrange <berrange@redhat.com>
2017-07-19crypto: hmac: introduce qcrypto_hmac_ctx_new for gcrypt-backendLongpeng(Mike)1-10/+25
1) Fix a handle-leak problem in qcrypto_hmac_new(), didn't free ctx->handle if gcry_mac_setkey fails. 2) Extracts qcrypto_hmac_ctx_new() from qcrypto_hmac_new() for gcrypt-backend impls. Reviewed-by: Gonglei <arei.gonglei@huawei.com> Signed-off-by: Longpeng(Mike) <longpeng2@huawei.com> Signed-off-by: Daniel P. Berrange <berrange@redhat.com>
2017-07-19crypto: hmac: move crypto/hmac.h into include/crypto/Longpeng(Mike)1-166/+0
Moves crypto/hmac.h into include/crypto/, likes cipher.h and hash.h Reviewed-by: Philippe Mathieu-Daudé <f4bug@amsat.org> Reviewed-by: Gonglei <arei.gonglei@huawei.com> Signed-off-by: Longpeng(Mike) <longpeng2@huawei.com> Signed-off-by: Daniel P. Berrange <berrange@redhat.com>
2017-07-19crypto: hash: add hash driver frameworkLongpeng(Mike)5-18/+83
1) makes the public APIs in hash-nettle/gcrypt/glib static, and rename them with "nettle/gcrypt/glib" prefix. 2) introduces hash framework, including QCryptoHashDriver and new public APIs. Reviewed-by: Gonglei <arei.gonglei@huawei.com> Signed-off-by: Longpeng(Mike) <longpeng2@huawei.com> Signed-off-by: Daniel P. Berrange <berrange@redhat.com>
2017-07-19crypto: cipher: add cipher driver frameworkLongpeng(Mike)5-123/+189
1) makes the public APIs in cipher-nettle/gcrypt/builtin static, and rename them with "nettle/gcrypt/builtin" prefix. 2) introduces cipher framework, including QCryptoCipherDriver and new public APIs. Reviewed-by: Gonglei <arei.gonglei@huawei.com> Signed-off-by: Longpeng(Mike) <longpeng2@huawei.com> Signed-off-by: Daniel P. Berrange <berrange@redhat.com>
2017-07-19crypto: cipher: introduce qcrypto_cipher_ctx_new for builtin-backendLongpeng(Mike)1-46/+55
Extracts qcrypto_cipher_ctx_new() from qcrypto_cipher_new() for builtin-backend impls. Reviewed-by: Gonglei <arei.gonglei@huawei.com> Signed-off-by: Longpeng(Mike) <longpeng2@huawei.com> Signed-off-by: Daniel P. Berrange <berrange@redhat.com>
2017-07-19crypto: cipher: introduce qcrypto_cipher_ctx_new for nettle-backendLongpeng(Mike)1-12/+29
Extracts qcrypto_cipher_ctx_new() from qcrypto_cipher_new() for nettle-backend impls. Reviewed-by: Gonglei <arei.gonglei@huawei.com> Signed-off-by: Longpeng(Mike) <longpeng2@huawei.com> Signed-off-by: Daniel P. Berrange <berrange@redhat.com>
2017-07-19crypto: cipher: introduce qcrypto_cipher_ctx_new for gcrypt-backendLongpeng(Mike)1-17/+33
Extracts qcrypto_cipher_ctx_new() from qcrypto_cipher_new() for gcrypt-backend impls. Reviewed-by: Gonglei <arei.gonglei@huawei.com> Signed-off-by: Longpeng(Mike) <longpeng2@huawei.com> Signed-off-by: Daniel P. Berrange <berrange@redhat.com>
2017-07-19crypto: cipher: introduce context free functionLongpeng(Mike)2-17/+32
Refactors the qcrypto_cipher_free(), splits it into two parts. One is gcrypt/nettle__cipher_free_ctx() to free the special context. This makes code more clear, what's more, it would be used by the later patch. Reviewed-by: Gonglei <arei.gonglei@huawei.com> Signed-off-by: Longpeng(Mike) <longpeng2@huawei.com> Signed-off-by: Daniel P. Berrange <berrange@redhat.com>
2017-07-11block: pass option prefix down to crypto layerDaniel P. Berrange4-6/+18
While the crypto layer uses a fixed option name "key-secret", the upper block layer may have a prefix on the options. e.g. "encrypt.key-secret", in order to avoid clashes between crypto option names & other block option names. To ensure the crypto layer can report accurate error messages, we must tell it what option name prefix was used. Reviewed-by: Alberto Garcia <berto@igalia.com> Reviewed-by: Max Reitz <mreitz@redhat.com> Signed-off-by: Daniel P. Berrange <berrange@redhat.com> Message-id: 20170623162419.26068-19-berrange@redhat.com Signed-off-by: Max Reitz <mreitz@redhat.com>
2017-05-16fix mingw build failureGerd Hoffmann1-1/+1
Signed-off-by: Gerd Hoffmann <kraxel@redhat.com> Reviewed-by: Stefan Weil <sw@weilnetz.de> Reviewed-by: Daniel P. Berrange <berrange@redhat.com> Message-id: 20170516052439.16214-1-kraxel@redhat.com Signed-off-by: Stefan Hajnoczi <stefanha@redhat.com>
2017-05-09crypto: qcrypto_random_bytes() now works on windows w/o any other crypto libsGeert Martin Ijewski4-8/+48
If no crypto library is included in the build, QEMU uses qcrypto_random_bytes() to generate random data. That function tried to open /dev/urandom or /dev/random and if opening both files failed it errored out. Those files obviously do not exist on windows, so there the code uses CryptGenRandom(). Furthermore there was some refactoring and a new function qcrypto_random_init() was introduced. If a proper crypto library (gnutls or libgcrypt) is included in the build, this function does nothing. If neither is included it initializes the (platform specific) handles that are used by qcrypto_random_bytes(). Either: * a handle to /dev/urandom | /dev/random on unix like systems * a handle to a cryptographic service provider on windows Signed-off-by: Geert Martin Ijewski <gm.ijewski@web.de> Signed-off-by: Daniel P. Berrange <berrange@redhat.com>
2017-05-09crypto: move 'opaque' parameter to (nearly) the end of parameter listDaniel P. Berrange1-5/+8
Previous commit moved 'opaque' to be the 2nd parameter in the list: commit 375092332eeaa6e47561ce47fd36144cdaf964d0 Author: Fam Zheng <famz@redhat.com> Date: Fri Apr 21 20:27:02 2017 +0800 crypto: Make errp the last parameter of functions Move opaque to 2nd instead of the 2nd to last, so that compilers help check with the conversion. this puts it back to the 2nd to last position. Reviewed-by: Eric Blake <eblake@redhat.com> Reviewed-by: Fam Zheng <famz@redhat.com> Signed-off-by: Daniel P. Berrange <berrange@redhat.com>
2017-04-24crypto: Make errp the last parameter of functionsFam Zheng1-12/+9
Move opaque to 2nd instead of the 2nd to last, so that compilers help check with the conversion. Signed-off-by: Fam Zheng <famz@redhat.com> Message-Id: <20170421122710.15373-7-famz@redhat.com> Reviewed-by: Markus Armbruster <armbru@redhat.com> Reviewed-by: Eric Blake <eblake@redhat.com> [Commit message typo corrected] Signed-off-by: Markus Armbruster <armbru@redhat.com>
2017-02-27crypto: assert cipher algorithm is always validPrasad J Pandit1-6/+2
Crypto routines 'qcrypto_cipher_get_block_len' and 'qcrypto_cipher_get_key_len' return non-zero cipher block and key lengths from static arrays 'alg_block_len[]' and 'alg_key_len[]' respectively. Returning 'zero(0)' value from either of them would likely lead to an error condition. Signed-off-by: Prasad J Pandit <pjp@fedoraproject.org> Signed-off-by: Daniel P. Berrange <berrange@redhat.com>