Misc crypto subsystem fixes

* Improve error message for large files when creating LUKS volumes * Expand crypto hash benchmark coverage * Misc code refactoring with no functional change -----BEGIN PGP SIGNATURE----- iQIzBAABCAAdFiEE2vOm/bJrYpEtDo4/vobrtBUQT98FAl6z944ACgkQvobrtBUQ T9/uvRAAkjPDe9ZG4u1VR3ObBzrzRiIAJFLKNNuh2Yo+bRtJO01Jw7pQcfO07Av7 KJDkbZEXyHw4ckzbYGUp5M21CzxE/gFdDBn2qKssHC2mtMiVHkN9gObZSaab6euZ CCPIk5//IjTUArBL7ReIUL8KX/iKy4DhVsSWFODtp8ISlhdGeqkgmQ2oWBy9BAUR P9Vg6a0DUaRRwk1KSK1CCO0F59IKLh6yNRemqguz+g1Celk+rMOdEhqC4w7GiPzy w6LiYlg7+BZrVpZHzZmOWQTloXGyqhftznLQ7tJqKzHIKOJ8jQGYO0YCcS+JCZ2s acJMjk2yyM38wavhgaieHGx/Wpl5rZtCAM7SzKYjAyXzUaL6fHhi81oz23inz7jx nvR2WUDA0QBY8mvMzRTEy6DyreMpE9NGjKPrT6ozDkiCkQu8yVkRrtUfFYDyy52B B4k2ML9frJzHFXj+v26fZaz42o9vplYCZMuQ4+Fh5knCXxU+AEuUw7MWDpSQrOc6 rpuy89G41uk6zZbfI5YdrGcJgxJ0UYk/tyR3/OPvqURvzlAdn+RjAZsPYc6P1Tdd A7wcMi6Tf9TezQxFsPNpB7khFKEvUFOhIWcXXJ5BHL9QAJInBrGURp1A16LyJigD kdwxC0XpB3JqLPnnm6j+TghcUuH9pWhMqxrYpwOrOCyczrXgZdQ= =r3dr -----END PGP SIGNATURE----- Merge remote-tracking branch 'remotes/berrange/tags/qcrypto-next-pull-request' into staging Misc crypto subsystem fixes * Improve error message for large files when creating LUKS volumes * Expand crypto hash benchmark coverage * Misc code refactoring with no functional change # gpg: Signature made Thu 07 May 2020 12:57:02 BST # gpg: using RSA key DAF3A6FDB26B62912D0E8E3FBE86EBB415104FDF # gpg: Good signature from "Daniel P. Berrange <dan@berrange.com>" [full] # gpg: aka "Daniel P. Berrange <berrange@redhat.com>" [full] # Primary key fingerprint: DAF3 A6FD B26B 6291 2D0E 8E3F BE86 EBB4 1510 4FDF * remotes/berrange/tags/qcrypto-next-pull-request: crypto: extend hash benchmark to cover more algorithms block: luks: better error message when creating too large files crypto: Redundant type conversion for AES_KEY pointer crypto/secret: fix inconsequential errors. crypto: fix getter of a QCryptoSecret's property Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
2020-05-07 14:30:12 +01:00 · 2020-05-07 14:30:12 +01:00 · 3c7adbc67d
commit 3c7adbc67d
parent b894c6ed4a 6022e15d14
4 changed files with 87 additions and 26 deletions
--- a/block/crypto.c
+++ b/block/crypto.c
@ -104,18 +104,35 @@ static ssize_t block_crypto_init_func(QCryptoBlock *block,
                                      Error **errp)
 {
    struct BlockCryptoCreateData *data = opaque;
    Error *local_error = NULL;
    int ret;
    if (data->size > INT64_MAX || headerlen > INT64_MAX - data->size) {
-        error_setg(errp, "The requested file size is too large");
+        ret = -EFBIG;
-        return -EFBIG;
+        goto error;
    }
    /* User provided size should reflect amount of space made
     * available to the guest, so we must take account of that
     * which will be used by the crypto header
     */
-    return blk_truncate(data->blk, data->size + headerlen, false,
+    ret = blk_truncate(data->blk, data->size + headerlen, false,
-                        data->prealloc, 0, errp);
+                       data->prealloc, 0, &local_error);
    if (ret >= 0) {
        return ret;
    }
 error:
    if (ret == -EFBIG) {
        /* Replace the error message with a better one */
        error_free(local_error);
        error_setg(errp, "The requested file size is too large");
    } else {
        error_propagate(errp, local_error);
    }
    return ret;
 }
--- a/crypto/cipher-builtin.c
+++ b/crypto/cipher-builtin.c
@ -74,7 +74,7 @@ static void qcrypto_cipher_free_aes(QCryptoCipher *cipher)
 }
-static void qcrypto_cipher_aes_ecb_encrypt(AES_KEY *key,
+static void qcrypto_cipher_aes_ecb_encrypt(const AES_KEY *key,
                                           const void *in,
                                           void *out,
                                           size_t len)
@ -100,7 +100,7 @@ static void qcrypto_cipher_aes_ecb_encrypt(AES_KEY *key,
 }
-static void qcrypto_cipher_aes_ecb_decrypt(AES_KEY *key,
+static void qcrypto_cipher_aes_ecb_decrypt(const AES_KEY *key,
                                           const void *in,
                                           void *out,
                                           size_t len)
@ -133,8 +133,7 @@ static void qcrypto_cipher_aes_xts_encrypt(const void *ctx,
 {
    const QCryptoCipherBuiltinAESContext *aesctx = ctx;
-    qcrypto_cipher_aes_ecb_encrypt((AES_KEY *)&aesctx->enc,
+    qcrypto_cipher_aes_ecb_encrypt(&aesctx->enc, src, dst, length);
                                   src, dst, length);
 }
@ -145,8 +144,7 @@ static void qcrypto_cipher_aes_xts_decrypt(const void *ctx,
 {
    const QCryptoCipherBuiltinAESContext *aesctx = ctx;
-    qcrypto_cipher_aes_ecb_decrypt((AES_KEY *)&aesctx->dec,
+    qcrypto_cipher_aes_ecb_decrypt(&aesctx->dec, src, dst, length);
                                   src, dst, length);
 }
--- a/crypto/secret.c
+++ b/crypto/secret.c
@ -204,7 +204,7 @@ qcrypto_secret_prop_set_loaded(Object *obj,
            input = output;
            inputlen = outputlen;
        } else {
-            if (secret->format != QCRYPTO_SECRET_FORMAT_RAW) {
+            if (secret->format == QCRYPTO_SECRET_FORMAT_BASE64) {
                qcrypto_secret_decode(input, inputlen,
                                      &output, &outputlen, &local_err);
                g_free(input);
@ -221,6 +221,7 @@ qcrypto_secret_prop_set_loaded(Object *obj,
        secret->rawlen = inputlen;
    } else {
        g_free(secret->rawdata);
        secret->rawdata = NULL;
        secret->rawlen = 0;
    }
 }
@ -231,7 +232,7 @@ qcrypto_secret_prop_get_loaded(Object *obj,
                               Error **errp G_GNUC_UNUSED)
 {
    QCryptoSecret *secret = QCRYPTO_SECRET(obj);
-    return secret->data != NULL;
+    return secret->rawdata != NULL;
 }
--- a/tests/benchmark-crypto-hash.c
+++ b/tests/benchmark-crypto-hash.c
@ -15,9 +15,14 @@
 #include "crypto/init.h"
 #include "crypto/hash.h"
 typedef struct QCryptoHashOpts {
    size_t chunk_size;
    QCryptoHashAlgorithm alg;
 } QCryptoHashOpts;
 static void test_hash_speed(const void *opaque)
 {
-    size_t chunk_size = (size_t)opaque;
+    const QCryptoHashOpts *opts = opaque;
    uint8_t *in = NULL, *out = NULL;
    size_t out_len = 0;
    const size_t total = 2 * GiB;
@ -25,26 +30,24 @@ static void test_hash_speed(const void *opaque)
    struct iovec iov;
    int ret;
-    in = g_new0(uint8_t, chunk_size);
+    in = g_new0(uint8_t, opts->chunk_size);
-    memset(in, g_test_rand_int(), chunk_size);
+    memset(in, g_test_rand_int(), opts->chunk_size);
    iov.iov_base = (char *)in;
-    iov.iov_len = chunk_size;
+    iov.iov_len = opts->chunk_size;
    g_test_timer_start();
    remain = total;
    while (remain) {
-        ret = qcrypto_hash_bytesv(QCRYPTO_HASH_ALG_SHA256,
+        ret = qcrypto_hash_bytesv(opts->alg,
                                  &iov, 1, &out, &out_len,
                                  NULL);
        g_assert(ret == 0);
-        remain -= chunk_size;
+        remain -= opts->chunk_size;
    }
    g_test_timer_elapsed();
    g_print("sha256: ");
    g_print("Hash %zu GB chunk size %zu bytes ", total / GiB, chunk_size);
    g_print("%.2f MB/sec ", (double)total / MiB / g_test_timer_last());
    g_free(out);
@ -53,17 +56,59 @@ static void test_hash_speed(const void *opaque)
 int main(int argc, char **argv)
 {
    size_t i;
    char name[64];
    g_test_init(&argc, &argv, NULL);
    g_assert(qcrypto_init(NULL) == 0);
-    for (i = 512; i <= 64 * KiB; i *= 2) {
+#define TEST_ONE(a, c)                                          \
-        memset(name, 0 , sizeof(name));
+    QCryptoHashOpts opts ## a ## c = {                          \
-        snprintf(name, sizeof(name), "/crypto/hash/speed-%zu", i);
+        .alg = QCRYPTO_HASH_ALG_ ## a, .chunk_size = c,         \
-        g_test_add_data_func(name, (void *)i, test_hash_speed);
+    };                                                          \
-    }
+    memset(name, 0 , sizeof(name));                             \
    snprintf(name, sizeof(name),                                \
             "/crypto/benchmark/hash/%s/bufsize-%d",            \
             QCryptoHashAlgorithm_str(QCRYPTO_HASH_ALG_ ## a),  \
             c);                                                \
    if (qcrypto_hash_supports(QCRYPTO_HASH_ALG_ ## a))          \
        g_test_add_data_func(name,                              \
                             &opts ## a ## c,                   \
                             test_hash_speed);
    TEST_ONE(MD5, 512);
    TEST_ONE(MD5, 1024);
    TEST_ONE(MD5, 4096);
    TEST_ONE(MD5, 16384);
    TEST_ONE(SHA1, 512);
    TEST_ONE(SHA1, 1024);
    TEST_ONE(SHA1, 4096);
    TEST_ONE(SHA1, 16384);
    TEST_ONE(SHA224, 512);
    TEST_ONE(SHA224, 1024);
    TEST_ONE(SHA224, 4096);
    TEST_ONE(SHA224, 16384);
    TEST_ONE(SHA384, 512);
    TEST_ONE(SHA384, 1024);
    TEST_ONE(SHA384, 4096);
    TEST_ONE(SHA384, 16384);
    TEST_ONE(SHA256, 512);
    TEST_ONE(SHA256, 1024);
    TEST_ONE(SHA256, 4096);
    TEST_ONE(SHA256, 16384);
    TEST_ONE(SHA512, 512);
    TEST_ONE(SHA512, 1024);
    TEST_ONE(SHA512, 4096);
    TEST_ONE(SHA512, 16384);
    TEST_ONE(RIPEMD160, 512);
    TEST_ONE(RIPEMD160, 1024);
    TEST_ONE(RIPEMD160, 4096);
    TEST_ONE(RIPEMD160, 16384);
    return g_test_run();
 }