Commit 38a762fe authored by Peter Maydell's avatar Peter Maydell
Browse files

Merge remote-tracking branch 'remotes/berrange/tags/pull-crypto-fixes-2015-12-23-1' into staging 



Merge misc crypto changes & fixes

# gpg: Signature made Wed 23 Dec 2015 11:11:54 GMT using RSA key ID 15104FDF
# gpg: Good signature from "Daniel P. Berrange <dan@berrange.com>"
# gpg:                 aka "Daniel P. Berrange <berrange@redhat.com>"

* remotes/berrange/tags/pull-crypto-fixes-2015-12-23-1:
  crypto: fix transposed arguments in cipher error message
  crypto: ensure qapi/crypto.json is listed in qapi-modules
  crypto: move QCryptoCipherAlgorithm/Mode enum definitions into QAPI
  crypto: move QCryptoHashAlgorithm enum definition into QAPI
  crypto: add ability to query hash digest len
  crypto: add additional query accessors for cipher instances

Signed-off-by: default avatarPeter Maydell <peter.maydell@linaro.org>
parents 8b4f9031 50de6261

Makefile

+2 −1
Original line number Diff line number Diff line
@@ -271,7 +271,8 @@ $(SRC_PATH)/qga/qapi-schema.json $(SRC_PATH)/scripts/qapi-commands.py $(qapi-py) 


qapi-modules = $(SRC_PATH)/qapi-schema.json $(SRC_PATH)/qapi/common.json \

               $(SRC_PATH)/qapi/block.json $(SRC_PATH)/qapi/block-core.json \

               $(SRC_PATH)/qapi/event.json $(SRC_PATH)/qapi/introspect.json

               $(SRC_PATH)/qapi/event.json $(SRC_PATH)/qapi/introspect.json \

               $(SRC_PATH)/qapi/crypto.json



qapi-types.c qapi-types.h :\

$(qapi-modules) $(SRC_PATH)/scripts/qapi-types.py $(qapi-py)

crypto/cipher.c

+51 −3
Original line number Diff line number Diff line
@@ -21,19 +21,67 @@ 
#include "crypto/cipher.h"





static size_t alg_key_len[QCRYPTO_CIPHER_ALG_LAST] = {

static size_t alg_key_len[QCRYPTO_CIPHER_ALG__MAX] = {

    [QCRYPTO_CIPHER_ALG_AES_128] = 16,

    [QCRYPTO_CIPHER_ALG_AES_192] = 24,

    [QCRYPTO_CIPHER_ALG_AES_256] = 32,

    [QCRYPTO_CIPHER_ALG_DES_RFB] = 8,

};



static size_t alg_block_len[QCRYPTO_CIPHER_ALG__MAX] = {

    [QCRYPTO_CIPHER_ALG_AES_128] = 16,

    [QCRYPTO_CIPHER_ALG_AES_192] = 16,

    [QCRYPTO_CIPHER_ALG_AES_256] = 16,

    [QCRYPTO_CIPHER_ALG_DES_RFB] = 8,

};



static bool mode_need_iv[QCRYPTO_CIPHER_MODE__MAX] = {

    [QCRYPTO_CIPHER_MODE_ECB] = false,

    [QCRYPTO_CIPHER_MODE_CBC] = true,

};





size_t qcrypto_cipher_get_block_len(QCryptoCipherAlgorithm alg)

{

    if (alg >= G_N_ELEMENTS(alg_key_len)) {

        return 0;

    }

    return alg_block_len[alg];

}





size_t qcrypto_cipher_get_key_len(QCryptoCipherAlgorithm alg)

{

    if (alg >= G_N_ELEMENTS(alg_key_len)) {

        return 0;

    }

    return alg_key_len[alg];

}





size_t qcrypto_cipher_get_iv_len(QCryptoCipherAlgorithm alg,

                                 QCryptoCipherMode mode)

{

    if (alg >= G_N_ELEMENTS(alg_block_len)) {

        return 0;

    }

    if (mode >= G_N_ELEMENTS(mode_need_iv)) {

        return 0;

    }



    if (mode_need_iv[mode]) {

        return alg_block_len[alg];

    }

    return 0;

}





static bool

qcrypto_cipher_validate_key_length(QCryptoCipherAlgorithm alg,

                                   size_t nkey,

                                   Error **errp)

{

    if ((unsigned)alg >= QCRYPTO_CIPHER_ALG_LAST) {

    if ((unsigned)alg >= QCRYPTO_CIPHER_ALG__MAX) {

        error_setg(errp, "Cipher algorithm %d out of range",

                   alg);

        return false;
@@ -41,7 +89,7 @@ qcrypto_cipher_validate_key_length(QCryptoCipherAlgorithm alg, 


    if (alg_key_len[alg] != nkey) {

        error_setg(errp, "Cipher key length %zu should be %zu",

                   alg_key_len[alg], nkey);

                   nkey, alg_key_len[alg]);

        return false;

    }

    return true;

crypto/hash.c

+16 −1
Original line number Diff line number Diff line
@@ -24,12 +24,18 @@ 
#include <gnutls/gnutls.h>

#include <gnutls/crypto.h>



static int qcrypto_hash_alg_map[QCRYPTO_HASH_ALG_LAST] = {

static int qcrypto_hash_alg_map[QCRYPTO_HASH_ALG__MAX] = {

    [QCRYPTO_HASH_ALG_MD5] = GNUTLS_DIG_MD5,

    [QCRYPTO_HASH_ALG_SHA1] = GNUTLS_DIG_SHA1,

    [QCRYPTO_HASH_ALG_SHA256] = GNUTLS_DIG_SHA256,

};



static size_t qcrypto_hash_alg_size[QCRYPTO_HASH_ALG__MAX] = {

    [QCRYPTO_HASH_ALG_MD5] = 16,

    [QCRYPTO_HASH_ALG_SHA1] = 20,

    [QCRYPTO_HASH_ALG_SHA256] = 32,

};



gboolean qcrypto_hash_supports(QCryptoHashAlgorithm alg)

{

    if (alg < G_N_ELEMENTS(qcrypto_hash_alg_map)) {
@@ -38,6 +44,15 @@ gboolean qcrypto_hash_supports(QCryptoHashAlgorithm alg) 
    return false;

}



size_t qcrypto_hash_digest_len(QCryptoHashAlgorithm alg)

{

    if (alg >= G_N_ELEMENTS(qcrypto_hash_alg_size)) {

        return 0;

    }

    return qcrypto_hash_alg_size[alg];

}





int qcrypto_hash_bytesv(QCryptoHashAlgorithm alg,

                        const struct iovec *iov,

                        size_t niov,

include/crypto/cipher.h

+39 −15
Original line number Diff line number Diff line
@@ -26,21 +26,8 @@ 


typedef struct QCryptoCipher QCryptoCipher;



typedef enum {

    QCRYPTO_CIPHER_ALG_AES_128,

    QCRYPTO_CIPHER_ALG_AES_192,

    QCRYPTO_CIPHER_ALG_AES_256,

    QCRYPTO_CIPHER_ALG_DES_RFB, /* A stupid variant on DES for VNC */



    QCRYPTO_CIPHER_ALG_LAST

} QCryptoCipherAlgorithm;



typedef enum {

    QCRYPTO_CIPHER_MODE_ECB,

    QCRYPTO_CIPHER_MODE_CBC,



    QCRYPTO_CIPHER_MODE_LAST

} QCryptoCipherMode;

/* See also "QCryptoCipherAlgorithm" and "QCryptoCipherMode"

 * enums defined in qapi/crypto.json */



/**

 * QCryptoCipher:
@@ -107,6 +94,43 @@ struct QCryptoCipher { 
 */

bool qcrypto_cipher_supports(QCryptoCipherAlgorithm alg);



/**

 * qcrypto_cipher_get_block_len:

 * @alg: the cipher algorithm

 *

 * Get the required data block size in bytes. When

 * encrypting data, it must be a multiple of the

 * block size.

 *

 * Returns: the block size in bytes

 */

size_t qcrypto_cipher_get_block_len(QCryptoCipherAlgorithm alg);





/**

 * qcrypto_cipher_get_key_len:

 * @alg: the cipher algorithm

 *

 * Get the required key size in bytes.

 *

 * Returns: the key size in bytes

 */

size_t qcrypto_cipher_get_key_len(QCryptoCipherAlgorithm alg);





/**

 * qcrypto_cipher_get_iv_len:

 * @alg: the cipher algorithm

 * @mode: the cipher mode

 *

 * Get the required initialization vector size

 * in bytes, if one is required.

 *

 * Returns: the IV size in bytes, or 0 if no IV is permitted

 */

size_t qcrypto_cipher_get_iv_len(QCryptoCipherAlgorithm alg,

                                 QCryptoCipherMode mode);





/**

 * qcrypto_cipher_new:

include/crypto/hash.h

+12 −8
Original line number Diff line number Diff line
@@ -24,14 +24,7 @@ 
#include "qemu-common.h"

#include "qapi/error.h"



typedef enum {

    QCRYPTO_HASH_ALG_MD5,

    QCRYPTO_HASH_ALG_SHA1,

    QCRYPTO_HASH_ALG_SHA256,



    QCRYPTO_HASH_ALG_LAST

} QCryptoHashAlgorithm;



/* See also "QCryptoHashAlgorithm" defined in qapi/crypto.json */



/**

 * qcrypto_hash_supports:
@@ -44,6 +37,17 @@ typedef enum { 
 */

gboolean qcrypto_hash_supports(QCryptoHashAlgorithm alg);





/**

 * qcrypto_hash_digest_len:

 * @alg: the hash algorithm

 *

 * Determine the size of the hash digest in bytes

 *

 * Returns: the digest length in bytes

 */

size_t qcrypto_hash_digest_len(QCryptoHashAlgorithm alg);



/**

 * qcrypto_hash_bytesv:

 * @alg: the hash algorithm