Commit c76904ef authored by Peter Maydell's avatar Peter Maydell
Browse files

Merge remote-tracking branch 'remotes/berrange/tags/pull-qcrypto-2016-12-21-2' into staging 



Merge qcrypto 2016/12/21 v2

# gpg: Signature made Thu 22 Dec 2016 10:46:17 GMT
# gpg:                using RSA key 0xBE86EBB415104FDF
# gpg: Good signature from "Daniel P. Berrange <dan@berrange.com>"
# gpg:                 aka "Daniel P. Berrange <berrange@redhat.com>"
# Primary key fingerprint: DAF3 A6FD B26B 6291 2D0E  8E3F BE86 EBB4 1510 4FDF

* remotes/berrange/tags/pull-qcrypto-2016-12-21-2:
  crypto: add HMAC algorithms testcases
  crypto: support HMAC algorithms based on nettle
  crypto: support HMAC algorithms based on glib
  crypto: support HMAC algorithms based on libgcrypt
  crypto: add HMAC algorithms framework
  configure: add CONFIG_GCRYPT_HMAC item
  crypto: add 3des-ede support when using libgcrypt/nettle
  cipher: fix leak on initialization error

Signed-off-by: default avatarPeter Maydell <peter.maydell@linaro.org>
parents 225adf16 4fd460bf

configure

+17 −0
Original line number Diff line number Diff line
@@ -313,6 +313,7 @@ gnutls_rnd="" 
nettle=""

nettle_kdf="no"

gcrypt=""

gcrypt_hmac="no"

gcrypt_kdf="no"

vte=""

virglrenderer=""
@@ -2417,6 +2418,19 @@ EOF 
        if compile_prog "$gcrypt_cflags" "$gcrypt_libs" ; then

            gcrypt_kdf=yes

        fi



        cat > $TMPC << EOF

#include <gcrypt.h>

int main(void) {

  gcry_mac_hd_t handle;

  gcry_mac_open(&handle, GCRY_MAC_HMAC_MD5,

                GCRY_MAC_FLAG_SECURE, NULL);

  return 0;

}

EOF

        if compile_prog "$gcrypt_cflags" "$gcrypt_libs" ; then

            gcrypt_hmac=yes

        fi

    else

        if test "$gcrypt" = "yes"; then

            feature_not_found "gcrypt" "Install gcrypt devel"
@@ -5387,6 +5401,9 @@ if test "$gnutls_rnd" = "yes" ; then 
fi

if test "$gcrypt" = "yes" ; then

  echo "CONFIG_GCRYPT=y" >> $config_host_mak

  if test "$gcrypt_hmac" = "yes" ; then

    echo "CONFIG_GCRYPT_HMAC=y" >> $config_host_mak

  fi

  if test "$gcrypt_kdf" = "yes" ; then

    echo "CONFIG_GCRYPT_KDF=y" >> $config_host_mak

  fi

crypto/Makefile.objs

+4 −0
Original line number Diff line number Diff line
@@ -3,6 +3,10 @@ crypto-obj-y += hash.o 
crypto-obj-$(CONFIG_NETTLE) += hash-nettle.o

crypto-obj-$(if $(CONFIG_NETTLE),n,$(CONFIG_GCRYPT)) += hash-gcrypt.o

crypto-obj-$(if $(CONFIG_NETTLE),n,$(if $(CONFIG_GCRYPT),n,y)) += hash-glib.o

crypto-obj-y += hmac.o

crypto-obj-$(CONFIG_NETTLE) += hmac-nettle.o

crypto-obj-$(CONFIG_GCRYPT_HMAC) += hmac-gcrypt.o

crypto-obj-$(if $(CONFIG_NETTLE),n,$(if $(CONFIG_GCRYPT_HMAC),n,y)) += hmac-glib.o

crypto-obj-y += aes.o

crypto-obj-y += desrfb.o

crypto-obj-y += cipher.o

crypto/cipher-gcrypt.c

+6 −0
Original line number Diff line number Diff line
@@ -29,6 +29,7 @@ bool qcrypto_cipher_supports(QCryptoCipherAlgorithm alg, 
{

    switch (alg) {

    case QCRYPTO_CIPHER_ALG_DES_RFB:

    case QCRYPTO_CIPHER_ALG_3DES:

    case QCRYPTO_CIPHER_ALG_AES_128:

    case QCRYPTO_CIPHER_ALG_AES_192:

    case QCRYPTO_CIPHER_ALG_AES_256:
@@ -99,6 +100,10 @@ QCryptoCipher *qcrypto_cipher_new(QCryptoCipherAlgorithm alg, 
        gcryalg = GCRY_CIPHER_DES;

        break;



    case QCRYPTO_CIPHER_ALG_3DES:

        gcryalg = GCRY_CIPHER_3DES;

        break;



    case QCRYPTO_CIPHER_ALG_AES_128:

        gcryalg = GCRY_CIPHER_AES128;

        break;
@@ -200,6 +205,7 @@ QCryptoCipher *qcrypto_cipher_new(QCryptoCipherAlgorithm alg, 
        case QCRYPTO_CIPHER_ALG_TWOFISH_256:

            ctx->blocksize = 16;

            break;

        case QCRYPTO_CIPHER_ALG_3DES:

        case QCRYPTO_CIPHER_ALG_CAST5_128:

            ctx->blocksize = 8;

            break;

crypto/cipher-nettle.c

+39 −3
Original line number Diff line number Diff line
@@ -78,6 +78,18 @@ static void des_decrypt_native(cipher_ctx_t ctx, cipher_length_t length, 
    des_decrypt(ctx, length, dst, src);

}



static void des3_encrypt_native(cipher_ctx_t ctx, cipher_length_t length,

                                uint8_t *dst, const uint8_t *src)

{

    des3_encrypt(ctx, length, dst, src);

}



static void des3_decrypt_native(cipher_ctx_t ctx, cipher_length_t length,

                                uint8_t *dst, const uint8_t *src)

{

    des3_decrypt(ctx, length, dst, src);

}



static void cast128_encrypt_native(cipher_ctx_t ctx, cipher_length_t length,

                                   uint8_t *dst, const uint8_t *src)

{
@@ -140,6 +152,18 @@ static void des_decrypt_wrapper(const void *ctx, size_t length, 
    des_decrypt(ctx, length, dst, src);

}



static void des3_encrypt_wrapper(const void *ctx, size_t length,

                                uint8_t *dst, const uint8_t *src)

{

    des3_encrypt(ctx, length, dst, src);

}



static void des3_decrypt_wrapper(const void *ctx, size_t length,

                                uint8_t *dst, const uint8_t *src)

{

    des3_decrypt(ctx, length, dst, src);

}



static void cast128_encrypt_wrapper(const void *ctx, size_t length,

                                    uint8_t *dst, const uint8_t *src)

{
@@ -197,6 +221,7 @@ bool qcrypto_cipher_supports(QCryptoCipherAlgorithm alg, 
{

    switch (alg) {

    case QCRYPTO_CIPHER_ALG_DES_RFB:

    case QCRYPTO_CIPHER_ALG_3DES:

    case QCRYPTO_CIPHER_ALG_AES_128:

    case QCRYPTO_CIPHER_ALG_AES_192:

    case QCRYPTO_CIPHER_ALG_AES_256:
@@ -254,6 +279,7 @@ QCryptoCipher *qcrypto_cipher_new(QCryptoCipherAlgorithm alg, 
    cipher->mode = mode;



    ctx = g_new0(QCryptoCipherNettle, 1);

    cipher->opaque = ctx;



    switch (alg) {

    case QCRYPTO_CIPHER_ALG_DES_RFB:
@@ -270,6 +296,18 @@ QCryptoCipher *qcrypto_cipher_new(QCryptoCipherAlgorithm alg, 
        ctx->blocksize = DES_BLOCK_SIZE;

        break;



    case QCRYPTO_CIPHER_ALG_3DES:

        ctx->ctx = g_new0(struct des3_ctx, 1);

        des3_set_key(ctx->ctx, key);



        ctx->alg_encrypt_native = des3_encrypt_native;

        ctx->alg_decrypt_native = des3_decrypt_native;

        ctx->alg_encrypt_wrapper = des3_encrypt_wrapper;

        ctx->alg_decrypt_wrapper = des3_decrypt_wrapper;



        ctx->blocksize = DES3_BLOCK_SIZE;

        break;



    case QCRYPTO_CIPHER_ALG_AES_128:

    case QCRYPTO_CIPHER_ALG_AES_192:

    case QCRYPTO_CIPHER_ALG_AES_256:
@@ -384,13 +422,11 @@ QCryptoCipher *qcrypto_cipher_new(QCryptoCipherAlgorithm alg, 
    }



    ctx->iv = g_new0(uint8_t, ctx->blocksize);

    cipher->opaque = ctx;



    return cipher;



 error:

    g_free(cipher);

    g_free(ctx);

    qcrypto_cipher_free(cipher);

    return NULL;

}

crypto/cipher.c

+5 −2
Original line number Diff line number Diff line
@@ -28,6 +28,7 @@ static size_t alg_key_len[QCRYPTO_CIPHER_ALG__MAX] = { 
    [QCRYPTO_CIPHER_ALG_AES_192] = 24,

    [QCRYPTO_CIPHER_ALG_AES_256] = 32,

    [QCRYPTO_CIPHER_ALG_DES_RFB] = 8,

    [QCRYPTO_CIPHER_ALG_3DES] = 24,

    [QCRYPTO_CIPHER_ALG_CAST5_128] = 16,

    [QCRYPTO_CIPHER_ALG_SERPENT_128] = 16,

    [QCRYPTO_CIPHER_ALG_SERPENT_192] = 24,
@@ -42,6 +43,7 @@ static size_t alg_block_len[QCRYPTO_CIPHER_ALG__MAX] = { 
    [QCRYPTO_CIPHER_ALG_AES_192] = 16,

    [QCRYPTO_CIPHER_ALG_AES_256] = 16,

    [QCRYPTO_CIPHER_ALG_DES_RFB] = 8,

    [QCRYPTO_CIPHER_ALG_3DES] = 8,

    [QCRYPTO_CIPHER_ALG_CAST5_128] = 8,

    [QCRYPTO_CIPHER_ALG_SERPENT_128] = 16,

    [QCRYPTO_CIPHER_ALG_SERPENT_192] = 16,
@@ -107,8 +109,9 @@ qcrypto_cipher_validate_key_length(QCryptoCipherAlgorithm alg, 
    }



    if (mode == QCRYPTO_CIPHER_MODE_XTS) {

        if (alg == QCRYPTO_CIPHER_ALG_DES_RFB) {

            error_setg(errp, "XTS mode not compatible with DES-RFB");

        if (alg == QCRYPTO_CIPHER_ALG_DES_RFB

                || alg == QCRYPTO_CIPHER_ALG_3DES) {

            error_setg(errp, "XTS mode not compatible with DES-RFB/3DES");

            return false;

        }

        if (nkey % 2) {