Commit 3c7adbc6 authored by Peter Maydell's avatar Peter Maydell
Browse files

Merge remote-tracking branch 'remotes/berrange/tags/qcrypto-next-pull-request' into staging 



Misc crypto subsystem fixes

* Improve error message for large files when creating LUKS volumes
* Expand crypto hash benchmark coverage
* Misc code refactoring with no functional change

# gpg: Signature made Thu 07 May 2020 12:57:02 BST
# gpg:                using RSA key DAF3A6FDB26B62912D0E8E3FBE86EBB415104FDF
# gpg: Good signature from "Daniel P. Berrange <dan@berrange.com>" [full]
# gpg:                 aka "Daniel P. Berrange <berrange@redhat.com>" [full]
# Primary key fingerprint: DAF3 A6FD B26B 6291 2D0E  8E3F BE86 EBB4 1510 4FDF

* remotes/berrange/tags/qcrypto-next-pull-request:
  crypto: extend hash benchmark to cover more algorithms
  block: luks: better error message when creating too large files
  crypto: Redundant type conversion for AES_KEY pointer
  crypto/secret: fix inconsequential errors.
  crypto: fix getter of a QCryptoSecret's property

Signed-off-by: default avatarPeter Maydell <peter.maydell@linaro.org>
parents b894c6ed 6022e15d

block/crypto.c

+21 −4
Original line number Diff line number Diff line
@@ -104,18 +104,35 @@ static ssize_t block_crypto_init_func(QCryptoBlock *block, 
                                      Error **errp)

{

    struct BlockCryptoCreateData *data = opaque;

    Error *local_error = NULL;

    int ret;



    if (data->size > INT64_MAX || headerlen > INT64_MAX - data->size) {

        error_setg(errp, "The requested file size is too large");

        return -EFBIG;

        ret = -EFBIG;

        goto error;

    }



    /* User provided size should reflect amount of space made

     * available to the guest, so we must take account of that

     * which will be used by the crypto header

     */

    return blk_truncate(data->blk, data->size + headerlen, false,

                        data->prealloc, 0, errp);

    ret = blk_truncate(data->blk, data->size + headerlen, false,

                       data->prealloc, 0, &local_error);



    if (ret >= 0) {

        return ret;

    }



error:

    if (ret == -EFBIG) {

        /* Replace the error message with a better one */

        error_free(local_error);

        error_setg(errp, "The requested file size is too large");

    } else {

        error_propagate(errp, local_error);

    }



    return ret;

}

crypto/cipher-builtin.c

+4 −6
Original line number Diff line number Diff line
@@ -74,7 +74,7 @@ static void qcrypto_cipher_free_aes(QCryptoCipher *cipher) 
}





static void qcrypto_cipher_aes_ecb_encrypt(AES_KEY *key,

static void qcrypto_cipher_aes_ecb_encrypt(const AES_KEY *key,

                                           const void *in,

                                           void *out,

                                           size_t len)
@@ -100,7 +100,7 @@ static void qcrypto_cipher_aes_ecb_encrypt(AES_KEY *key, 
}





static void qcrypto_cipher_aes_ecb_decrypt(AES_KEY *key,

static void qcrypto_cipher_aes_ecb_decrypt(const AES_KEY *key,

                                           const void *in,

                                           void *out,

                                           size_t len)
@@ -133,8 +133,7 @@ static void qcrypto_cipher_aes_xts_encrypt(const void *ctx, 
{

    const QCryptoCipherBuiltinAESContext *aesctx = ctx;



    qcrypto_cipher_aes_ecb_encrypt((AES_KEY *)&aesctx->enc,

                                   src, dst, length);

    qcrypto_cipher_aes_ecb_encrypt(&aesctx->enc, src, dst, length);

}
@@ -145,8 +144,7 @@ static void qcrypto_cipher_aes_xts_decrypt(const void *ctx, 
{

    const QCryptoCipherBuiltinAESContext *aesctx = ctx;



    qcrypto_cipher_aes_ecb_decrypt((AES_KEY *)&aesctx->dec,

                                   src, dst, length);

    qcrypto_cipher_aes_ecb_decrypt(&aesctx->dec, src, dst, length);

}

crypto/secret.c

+3 −2
Original line number Diff line number Diff line
@@ -204,7 +204,7 @@ qcrypto_secret_prop_set_loaded(Object *obj, 
            input = output;

            inputlen = outputlen;

        } else {

            if (secret->format != QCRYPTO_SECRET_FORMAT_RAW) {

            if (secret->format == QCRYPTO_SECRET_FORMAT_BASE64) {

                qcrypto_secret_decode(input, inputlen,

                                      &output, &outputlen, &local_err);

                g_free(input);
@@ -221,6 +221,7 @@ qcrypto_secret_prop_set_loaded(Object *obj, 
        secret->rawlen = inputlen;

    } else {

        g_free(secret->rawdata);

        secret->rawdata = NULL;

        secret->rawlen = 0;

    }

}
@@ -231,7 +232,7 @@ qcrypto_secret_prop_get_loaded(Object *obj, 
                               Error **errp G_GNUC_UNUSED)

{

    QCryptoSecret *secret = QCRYPTO_SECRET(obj);

    return secret->data != NULL;

    return secret->rawdata != NULL;

}

tests/benchmark-crypto-hash.c

+59 −14
Original line number Diff line number Diff line
@@ -15,9 +15,14 @@ 
#include "crypto/init.h"

#include "crypto/hash.h"



typedef struct QCryptoHashOpts {

    size_t chunk_size;

    QCryptoHashAlgorithm alg;

} QCryptoHashOpts;



static void test_hash_speed(const void *opaque)

{

    size_t chunk_size = (size_t)opaque;

    const QCryptoHashOpts *opts = opaque;

    uint8_t *in = NULL, *out = NULL;

    size_t out_len = 0;

    const size_t total = 2 * GiB;
@@ -25,26 +30,24 @@ static void test_hash_speed(const void *opaque) 
    struct iovec iov;

    int ret;



    in = g_new0(uint8_t, chunk_size);

    memset(in, g_test_rand_int(), chunk_size);

    in = g_new0(uint8_t, opts->chunk_size);

    memset(in, g_test_rand_int(), opts->chunk_size);



    iov.iov_base = (char *)in;

    iov.iov_len = chunk_size;

    iov.iov_len = opts->chunk_size;



    g_test_timer_start();

    remain = total;

    while (remain) {

        ret = qcrypto_hash_bytesv(QCRYPTO_HASH_ALG_SHA256,

        ret = qcrypto_hash_bytesv(opts->alg,

                                  &iov, 1, &out, &out_len,

                                  NULL);

        g_assert(ret == 0);



        remain -= chunk_size;

        remain -= opts->chunk_size;

    }

    g_test_timer_elapsed();



    g_print("sha256: ");

    g_print("Hash %zu GB chunk size %zu bytes ", total / GiB, chunk_size);

    g_print("%.2f MB/sec ", (double)total / MiB / g_test_timer_last());



    g_free(out);
@@ -53,17 +56,59 @@ static void test_hash_speed(const void *opaque) 


int main(int argc, char **argv)

{

    size_t i;

    char name[64];



    g_test_init(&argc, &argv, NULL);

    g_assert(qcrypto_init(NULL) == 0);



    for (i = 512; i <= 64 * KiB; i *= 2) {

        memset(name, 0 , sizeof(name));

        snprintf(name, sizeof(name), "/crypto/hash/speed-%zu", i);

        g_test_add_data_func(name, (void *)i, test_hash_speed);

    }

#define TEST_ONE(a, c)                                          \

    QCryptoHashOpts opts ## a ## c = {                          \

        .alg = QCRYPTO_HASH_ALG_ ## a, .chunk_size = c,         \

    };                                                          \

    memset(name, 0 , sizeof(name));                             \

    snprintf(name, sizeof(name),                                \

             "/crypto/benchmark/hash/%s/bufsize-%d",            \

             QCryptoHashAlgorithm_str(QCRYPTO_HASH_ALG_ ## a),  \

             c);                                                \

    if (qcrypto_hash_supports(QCRYPTO_HASH_ALG_ ## a))          \

        g_test_add_data_func(name,                              \

                             &opts ## a ## c,                   \

                             test_hash_speed);



    TEST_ONE(MD5, 512);

    TEST_ONE(MD5, 1024);

    TEST_ONE(MD5, 4096);

    TEST_ONE(MD5, 16384);



    TEST_ONE(SHA1, 512);

    TEST_ONE(SHA1, 1024);

    TEST_ONE(SHA1, 4096);

    TEST_ONE(SHA1, 16384);



    TEST_ONE(SHA224, 512);

    TEST_ONE(SHA224, 1024);

    TEST_ONE(SHA224, 4096);

    TEST_ONE(SHA224, 16384);



    TEST_ONE(SHA384, 512);

    TEST_ONE(SHA384, 1024);

    TEST_ONE(SHA384, 4096);

    TEST_ONE(SHA384, 16384);



    TEST_ONE(SHA256, 512);

    TEST_ONE(SHA256, 1024);

    TEST_ONE(SHA256, 4096);

    TEST_ONE(SHA256, 16384);



    TEST_ONE(SHA512, 512);

    TEST_ONE(SHA512, 1024);

    TEST_ONE(SHA512, 4096);

    TEST_ONE(SHA512, 16384);



    TEST_ONE(RIPEMD160, 512);

    TEST_ONE(RIPEMD160, 1024);

    TEST_ONE(RIPEMD160, 4096);

    TEST_ONE(RIPEMD160, 16384);



    return g_test_run();

}