Merge qcrypto 2016/09/12 v1
-----BEGIN PGP SIGNATURE----- iQIcBAABCAAGBQJX1os8AAoJEL6G67QVEE/fp+wP/jif//hLmY8hA0lFMzNRrpbf wofUbnMnuTjh5s9fgE82BhmyahQutC6IOYu/TqX5mZd+NbQgdh/sxnii9n6rLFxJ jXxfPVQ6r8n/73Nza7zU9J+sUFWd6vV352tfcbxc1X2AWltxgXAYY+Y0NqAtdeip qlMXyaZg6ZQzOEradrt5o4hcKnvDzOpV3/Xn2Ci1G72suUU7dXth6fYBpxB5WqRK JrgN22tDl3Xn5Ly7CxlBoQdQ0VgMQC/Wm1SKwxnNkEpQ7WKbmIqUxchjahug1BsA bSHGmlYzOD+MQGLN4qUYlMEA8FQqdzHmVZn98usnXM43YxT6oZJx9ZH0xO9tfV4V tzhx0jstNTO90mcxa3RYN24tbPDnxz/raFjlRjW6bvrPLb16QdpEczzkC1Cpz9E2 /r/3IF5ZNrH8QV/jCc+FFI3oL+83y7vVcsd71KreddEJLXt2PBs2qXnw1lE7i78e qciHr92ggNpu1+su4zcgtSiiX+5kwxwovTe8MhaHw7vykH8yc8xhEYzKQa7tI75h jRJKWQK2Qo4dDCFRLC4kOzVsqk9lgU8AkJ/TUS57Ug5BVoNGCM/vmmrG6ZBTaWPp gL08He2/Px0dn/wCydbuFe2ZnDk/ROPOJ/jKn5WgJdiAtA9LULPDdI6bljZxXHjc O30NO6NLhENXLyE6GJDj =x7IS -----END PGP SIGNATURE----- Merge remote-tracking branch 'remotes/berrange/tags/pull-qcrypto-2016-09-12-1' into staging Merge qcrypto 2016/09/12 v1 # gpg: Signature made Mon 12 Sep 2016 12:02:20 BST # gpg: using RSA key 0xBE86EBB415104FDF # gpg: Good signature from "Daniel P. Berrange <dan@berrange.com>" # gpg: aka "Daniel P. Berrange <berrange@redhat.com>" # Primary key fingerprint: DAF3 A6FD B26B 6291 2D0E 8E3F BE86 EBB4 1510 4FDF * remotes/berrange/tags/pull-qcrypto-2016-09-12-1: crypto: report enum strings instead of values in errors crypto: fix building complaint crypto: ensure XTS is only used with ciphers with 16 byte blocks Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
This commit is contained in:
Peter Maydell
commit
d4c61988b8
@ -59,7 +59,8 @@ QCryptoBlock *qcrypto_block_open(QCryptoBlockOpenOptions *options,
|
|||||||
|
|
||||||
if (options->format >= G_N_ELEMENTS(qcrypto_block_drivers) ||
|
if (options->format >= G_N_ELEMENTS(qcrypto_block_drivers) ||
|
||||||
!qcrypto_block_drivers[options->format]) {
|
!qcrypto_block_drivers[options->format]) {
|
||||||
error_setg(errp, "Unsupported block driver %d", options->format);
|
error_setg(errp, "Unsupported block driver %s",
|
||||||
|
QCryptoBlockFormat_lookup[options->format]);
|
||||||
g_free(block);
|
g_free(block);
|
||||||
return NULL;
|
return NULL;
|
||||||
}
|
}
|
||||||
@ -88,7 +89,8 @@ QCryptoBlock *qcrypto_block_create(QCryptoBlockCreateOptions *options,
|
|||||||
|
|
||||||
if (options->format >= G_N_ELEMENTS(qcrypto_block_drivers) ||
|
if (options->format >= G_N_ELEMENTS(qcrypto_block_drivers) ||
|
||||||
!qcrypto_block_drivers[options->format]) {
|
!qcrypto_block_drivers[options->format]) {
|
||||||
error_setg(errp, "Unsupported block driver %d", options->format);
|
error_setg(errp, "Unsupported block driver %s",
|
||||||
|
QCryptoBlockFormat_lookup[options->format]);
|
||||||
g_free(block);
|
g_free(block);
|
||||||
return NULL;
|
return NULL;
|
||||||
}
|
}
|
||||||
|
|||||||
@ -244,7 +244,8 @@ static int qcrypto_cipher_init_aes(QCryptoCipher *cipher,
|
|||||||
if (cipher->mode != QCRYPTO_CIPHER_MODE_CBC &&
|
if (cipher->mode != QCRYPTO_CIPHER_MODE_CBC &&
|
||||||
cipher->mode != QCRYPTO_CIPHER_MODE_ECB &&
|
cipher->mode != QCRYPTO_CIPHER_MODE_ECB &&
|
||||||
cipher->mode != QCRYPTO_CIPHER_MODE_XTS) {
|
cipher->mode != QCRYPTO_CIPHER_MODE_XTS) {
|
||||||
error_setg(errp, "Unsupported cipher mode %d", cipher->mode);
|
error_setg(errp, "Unsupported cipher mode %s",
|
||||||
|
QCryptoCipherMode_lookup[cipher->mode]);
|
||||||
return -1;
|
return -1;
|
||||||
}
|
}
|
||||||
|
|
||||||
@ -376,7 +377,8 @@ static int qcrypto_cipher_init_des_rfb(QCryptoCipher *cipher,
|
|||||||
QCryptoCipherBuiltin *ctxt;
|
QCryptoCipherBuiltin *ctxt;
|
||||||
|
|
||||||
if (cipher->mode != QCRYPTO_CIPHER_MODE_ECB) {
|
if (cipher->mode != QCRYPTO_CIPHER_MODE_ECB) {
|
||||||
error_setg(errp, "Unsupported cipher mode %d", cipher->mode);
|
error_setg(errp, "Unsupported cipher mode %s",
|
||||||
|
QCryptoCipherMode_lookup[cipher->mode]);
|
||||||
return -1;
|
return -1;
|
||||||
}
|
}
|
||||||
|
|
||||||
@ -442,7 +444,8 @@ QCryptoCipher *qcrypto_cipher_new(QCryptoCipherAlgorithm alg,
|
|||||||
break;
|
break;
|
||||||
default:
|
default:
|
||||||
error_setg(errp,
|
error_setg(errp,
|
||||||
"Unsupported cipher algorithm %d", cipher->alg);
|
"Unsupported cipher algorithm %s",
|
||||||
|
QCryptoCipherAlgorithm_lookup[cipher->alg]);
|
||||||
goto error;
|
goto error;
|
||||||
}
|
}
|
||||||
|
|
||||||
|
|||||||
@ -70,7 +70,8 @@ QCryptoCipher *qcrypto_cipher_new(QCryptoCipherAlgorithm alg,
|
|||||||
gcrymode = GCRY_CIPHER_MODE_CBC;
|
gcrymode = GCRY_CIPHER_MODE_CBC;
|
||||||
break;
|
break;
|
||||||
default:
|
default:
|
||||||
error_setg(errp, "Unsupported cipher mode %d", mode);
|
error_setg(errp, "Unsupported cipher mode %s",
|
||||||
|
QCryptoCipherMode_lookup[mode]);
|
||||||
return NULL;
|
return NULL;
|
||||||
}
|
}
|
||||||
|
|
||||||
@ -120,7 +121,8 @@ QCryptoCipher *qcrypto_cipher_new(QCryptoCipherAlgorithm alg,
|
|||||||
break;
|
break;
|
||||||
|
|
||||||
default:
|
default:
|
||||||
error_setg(errp, "Unsupported cipher algorithm %d", alg);
|
error_setg(errp, "Unsupported cipher algorithm %s",
|
||||||
|
QCryptoCipherAlgorithm_lookup[alg]);
|
||||||
return NULL;
|
return NULL;
|
||||||
}
|
}
|
||||||
|
|
||||||
@ -192,6 +194,12 @@ QCryptoCipher *qcrypto_cipher_new(QCryptoCipherAlgorithm alg,
|
|||||||
}
|
}
|
||||||
|
|
||||||
if (cipher->mode == QCRYPTO_CIPHER_MODE_XTS) {
|
if (cipher->mode == QCRYPTO_CIPHER_MODE_XTS) {
|
||||||
|
if (ctx->blocksize != XTS_BLOCK_SIZE) {
|
||||||
|
error_setg(errp,
|
||||||
|
"Cipher block size %zu must equal XTS block size %d",
|
||||||
|
ctx->blocksize, XTS_BLOCK_SIZE);
|
||||||
|
goto error;
|
||||||
|
}
|
||||||
ctx->iv = g_new0(uint8_t, ctx->blocksize);
|
ctx->iv = g_new0(uint8_t, ctx->blocksize);
|
||||||
}
|
}
|
||||||
|
|
||||||
|
|||||||
@ -227,7 +227,8 @@ QCryptoCipher *qcrypto_cipher_new(QCryptoCipherAlgorithm alg,
|
|||||||
case QCRYPTO_CIPHER_MODE_XTS:
|
case QCRYPTO_CIPHER_MODE_XTS:
|
||||||
break;
|
break;
|
||||||
default:
|
default:
|
||||||
error_setg(errp, "Unsupported cipher mode %d", mode);
|
error_setg(errp, "Unsupported cipher mode %s",
|
||||||
|
QCryptoCipherMode_lookup[mode]);
|
||||||
return NULL;
|
return NULL;
|
||||||
}
|
}
|
||||||
|
|
||||||
@ -357,7 +358,15 @@ QCryptoCipher *qcrypto_cipher_new(QCryptoCipherAlgorithm alg,
|
|||||||
break;
|
break;
|
||||||
|
|
||||||
default:
|
default:
|
||||||
error_setg(errp, "Unsupported cipher algorithm %d", alg);
|
error_setg(errp, "Unsupported cipher algorithm %s",
|
||||||
|
QCryptoCipherAlgorithm_lookup[alg]);
|
||||||
|
goto error;
|
||||||
|
}
|
||||||
|
|
||||||
|
if (mode == QCRYPTO_CIPHER_MODE_XTS &&
|
||||||
|
ctx->blocksize != XTS_BLOCK_SIZE) {
|
||||||
|
error_setg(errp, "Cipher block size %zu must equal XTS block size %d",
|
||||||
|
ctx->blocksize, XTS_BLOCK_SIZE);
|
||||||
goto error;
|
goto error;
|
||||||
}
|
}
|
||||||
|
|
||||||
@ -422,8 +431,8 @@ int qcrypto_cipher_encrypt(QCryptoCipher *cipher,
|
|||||||
break;
|
break;
|
||||||
|
|
||||||
default:
|
default:
|
||||||
error_setg(errp, "Unsupported cipher algorithm %d",
|
error_setg(errp, "Unsupported cipher mode %s",
|
||||||
cipher->alg);
|
QCryptoCipherMode_lookup[cipher->mode]);
|
||||||
return -1;
|
return -1;
|
||||||
}
|
}
|
||||||
return 0;
|
return 0;
|
||||||
@ -456,19 +465,14 @@ int qcrypto_cipher_decrypt(QCryptoCipher *cipher,
|
|||||||
break;
|
break;
|
||||||
|
|
||||||
case QCRYPTO_CIPHER_MODE_XTS:
|
case QCRYPTO_CIPHER_MODE_XTS:
|
||||||
if (ctx->blocksize != XTS_BLOCK_SIZE) {
|
|
||||||
error_setg(errp, "Block size must be %d not %zu",
|
|
||||||
XTS_BLOCK_SIZE, ctx->blocksize);
|
|
||||||
return -1;
|
|
||||||
}
|
|
||||||
xts_decrypt(ctx->ctx, ctx->ctx_tweak,
|
xts_decrypt(ctx->ctx, ctx->ctx_tweak,
|
||||||
ctx->alg_encrypt_wrapper, ctx->alg_decrypt_wrapper,
|
ctx->alg_encrypt_wrapper, ctx->alg_decrypt_wrapper,
|
||||||
ctx->iv, len, out, in);
|
ctx->iv, len, out, in);
|
||||||
break;
|
break;
|
||||||
|
|
||||||
default:
|
default:
|
||||||
error_setg(errp, "Unsupported cipher algorithm %d",
|
error_setg(errp, "Unsupported cipher mode %s",
|
||||||
cipher->alg);
|
QCryptoCipherMode_lookup[cipher->mode]);
|
||||||
return -1;
|
return -1;
|
||||||
}
|
}
|
||||||
return 0;
|
return 0;
|
||||||
|
|||||||
@ -59,8 +59,7 @@
|
|||||||
|
|
||||||
#if (defined(CONFIG_GCRYPT) && \
|
#if (defined(CONFIG_GCRYPT) && \
|
||||||
(!defined(CONFIG_GNUTLS) || \
|
(!defined(CONFIG_GNUTLS) || \
|
||||||
!defined(GNUTLS_VERSION_NUMBER) || \
|
(LIBGNUTLS_VERSION_NUMBER < 0x020c00)) && \
|
||||||
(GNUTLS_VERSION_NUMBER < 0x020c00)) && \
|
|
||||||
(!defined(GCRYPT_VERSION_NUMBER) || \
|
(!defined(GCRYPT_VERSION_NUMBER) || \
|
||||||
(GCRYPT_VERSION_NUMBER < 0x010600)))
|
(GCRYPT_VERSION_NUMBER < 0x010600)))
|
||||||
#define QCRYPTO_INIT_GCRYPT_THREADS
|
#define QCRYPTO_INIT_GCRYPT_THREADS
|
||||||
|
|||||||
@ -615,7 +615,7 @@ qcrypto_tls_creds_x509_load(QCryptoTLSCredsX509 *creds,
|
|||||||
}
|
}
|
||||||
|
|
||||||
if (cert != NULL && key != NULL) {
|
if (cert != NULL && key != NULL) {
|
||||||
#if GNUTLS_VERSION_NUMBER >= 0x030111
|
#if LIBGNUTLS_VERSION_NUMBER >= 0x030111
|
||||||
char *password = NULL;
|
char *password = NULL;
|
||||||
if (creds->passwordid) {
|
if (creds->passwordid) {
|
||||||
password = qcrypto_secret_lookup_as_utf8(creds->passwordid,
|
password = qcrypto_secret_lookup_as_utf8(creds->passwordid,
|
||||||
@ -630,7 +630,7 @@ qcrypto_tls_creds_x509_load(QCryptoTLSCredsX509 *creds,
|
|||||||
password,
|
password,
|
||||||
0);
|
0);
|
||||||
g_free(password);
|
g_free(password);
|
||||||
#else /* GNUTLS_VERSION_NUMBER < 0x030111 */
|
#else /* LIBGNUTLS_VERSION_NUMBER < 0x030111 */
|
||||||
if (creds->passwordid) {
|
if (creds->passwordid) {
|
||||||
error_setg(errp, "PKCS8 decryption requires GNUTLS >= 3.1.11");
|
error_setg(errp, "PKCS8 decryption requires GNUTLS >= 3.1.11");
|
||||||
goto cleanup;
|
goto cleanup;
|
||||||
@ -638,7 +638,7 @@ qcrypto_tls_creds_x509_load(QCryptoTLSCredsX509 *creds,
|
|||||||
ret = gnutls_certificate_set_x509_key_file(creds->data,
|
ret = gnutls_certificate_set_x509_key_file(creds->data,
|
||||||
cert, key,
|
cert, key,
|
||||||
GNUTLS_X509_FMT_PEM);
|
GNUTLS_X509_FMT_PEM);
|
||||||
#endif /* GNUTLS_VERSION_NUMBER < 0x030111 */
|
#endif
|
||||||
if (ret < 0) {
|
if (ret < 0) {
|
||||||
error_setg(errp, "Cannot load certificate '%s' & key '%s': %s",
|
error_setg(errp, "Cannot load certificate '%s' & key '%s': %s",
|
||||||
cert, key, gnutls_strerror(ret));
|
cert, key, gnutls_strerror(ret));
|
||||||
|
|||||||
@ -26,7 +26,6 @@
|
|||||||
|
|
||||||
#if !(defined WIN32) && \
|
#if !(defined WIN32) && \
|
||||||
defined(CONFIG_TASN1) && \
|
defined(CONFIG_TASN1) && \
|
||||||
defined(LIBGNUTLS_VERSION_NUMBER) && \
|
|
||||||
(LIBGNUTLS_VERSION_NUMBER >= 0x020600)
|
(LIBGNUTLS_VERSION_NUMBER >= 0x020600)
|
||||||
# define QCRYPTO_HAVE_TLS_TEST_SUPPORT
|
# define QCRYPTO_HAVE_TLS_TEST_SUPPORT
|
||||||
#endif
|
#endif
|
||||||
|
|||||||
@ -370,6 +370,17 @@ static QCryptoCipherTestData test_data[] = {
|
|||||||
"eb4a427d1923ce3ff262735779a418f2"
|
"eb4a427d1923ce3ff262735779a418f2"
|
||||||
"0a282df920147beabe421ee5319d0568",
|
"0a282df920147beabe421ee5319d0568",
|
||||||
},
|
},
|
||||||
|
{
|
||||||
|
/* Bad config - cast5-128 has 8 byte block size
|
||||||
|
* which is incompatible with XTS
|
||||||
|
*/
|
||||||
|
.path = "/crypto/cipher/cast5-xts-128",
|
||||||
|
.alg = QCRYPTO_CIPHER_ALG_CAST5_128,
|
||||||
|
.mode = QCRYPTO_CIPHER_MODE_XTS,
|
||||||
|
.key =
|
||||||
|
"27182818284590452353602874713526"
|
||||||
|
"31415926535897932384626433832795",
|
||||||
|
}
|
||||||
};
|
};
|
||||||
|
|
||||||
|
|
||||||
@ -432,15 +443,23 @@ static void test_cipher(const void *opaque)
|
|||||||
const QCryptoCipherTestData *data = opaque;
|
const QCryptoCipherTestData *data = opaque;
|
||||||
|
|
||||||
QCryptoCipher *cipher;
|
QCryptoCipher *cipher;
|
||||||
uint8_t *key, *iv, *ciphertext, *plaintext, *outtext;
|
uint8_t *key, *iv = NULL, *ciphertext = NULL,
|
||||||
size_t nkey, niv, nciphertext, nplaintext;
|
*plaintext = NULL, *outtext = NULL;
|
||||||
char *outtexthex;
|
size_t nkey, niv = 0, nciphertext = 0, nplaintext = 0;
|
||||||
|
char *outtexthex = NULL;
|
||||||
size_t ivsize, keysize, blocksize;
|
size_t ivsize, keysize, blocksize;
|
||||||
|
Error *err = NULL;
|
||||||
|
|
||||||
nkey = unhex_string(data->key, &key);
|
nkey = unhex_string(data->key, &key);
|
||||||
niv = unhex_string(data->iv, &iv);
|
if (data->iv) {
|
||||||
nciphertext = unhex_string(data->ciphertext, &ciphertext);
|
niv = unhex_string(data->iv, &iv);
|
||||||
nplaintext = unhex_string(data->plaintext, &plaintext);
|
}
|
||||||
|
if (data->ciphertext) {
|
||||||
|
nciphertext = unhex_string(data->ciphertext, &ciphertext);
|
||||||
|
}
|
||||||
|
if (data->plaintext) {
|
||||||
|
nplaintext = unhex_string(data->plaintext, &plaintext);
|
||||||
|
}
|
||||||
|
|
||||||
g_assert(nciphertext == nplaintext);
|
g_assert(nciphertext == nplaintext);
|
||||||
|
|
||||||
@ -449,8 +468,15 @@ static void test_cipher(const void *opaque)
|
|||||||
cipher = qcrypto_cipher_new(
|
cipher = qcrypto_cipher_new(
|
||||||
data->alg, data->mode,
|
data->alg, data->mode,
|
||||||
key, nkey,
|
key, nkey,
|
||||||
&error_abort);
|
&err);
|
||||||
g_assert(cipher != NULL);
|
if (data->plaintext) {
|
||||||
|
g_assert(err == NULL);
|
||||||
|
g_assert(cipher != NULL);
|
||||||
|
} else {
|
||||||
|
error_free_or_abort(&err);
|
||||||
|
g_assert(cipher == NULL);
|
||||||
|
goto cleanup;
|
||||||
|
}
|
||||||
|
|
||||||
keysize = qcrypto_cipher_get_key_len(data->alg);
|
keysize = qcrypto_cipher_get_key_len(data->alg);
|
||||||
blocksize = qcrypto_cipher_get_block_len(data->alg);
|
blocksize = qcrypto_cipher_get_block_len(data->alg);
|
||||||
@ -498,6 +524,7 @@ static void test_cipher(const void *opaque)
|
|||||||
|
|
||||||
g_assert_cmpstr(outtexthex, ==, data->plaintext);
|
g_assert_cmpstr(outtexthex, ==, data->plaintext);
|
||||||
|
|
||||||
|
cleanup:
|
||||||
g_free(outtext);
|
g_free(outtext);
|
||||||
g_free(outtexthex);
|
g_free(outtexthex);
|
||||||
g_free(key);
|
g_free(key);
|
||||||
|
|||||||
Loading…
x
Reference in New Issue
Block a user