diff options
author | Peter Maydell <peter.maydell@linaro.org> | 2016-07-21 11:48:49 +0100 |
---|---|---|
committer | Peter Maydell <peter.maydell@linaro.org> | 2016-07-21 11:48:49 +0100 |
commit | 7239247a2ba2fd1c269edda3b6fd816c5fd51baf (patch) | |
tree | 49f4b26b7975d3d24c5ed6ffbe901b23c4913f49 | |
parent | 61ead113ae53a4dae63b5377ace1300cb8705682 (diff) | |
parent | 760328971218bace4ab14b01f619825607fab9c3 (diff) | |
download | qemu-7239247a2ba2fd1c269edda3b6fd816c5fd51baf.zip qemu-7239247a2ba2fd1c269edda3b6fd816c5fd51baf.tar.gz qemu-7239247a2ba2fd1c269edda3b6fd816c5fd51baf.tar.bz2 |
Merge remote-tracking branch 'remotes/berrange/tags/pull-qcrypto-2016-07-21-1' into staging
Merge qcrypto-next 2016/07/21 v1
# gpg: Signature made Thu 21 Jul 2016 11:07:36 BST
# gpg: using RSA key 0xBE86EBB415104FDF
# gpg: Good signature from "Daniel P. Berrange <dan@berrange.com>"
# gpg: aka "Daniel P. Berrange <berrange@redhat.com>"
# Primary key fingerprint: DAF3 A6FD B26B 6291 2D0E 8E3F BE86 EBB4 1510 4FDF
* remotes/berrange/tags/pull-qcrypto-2016-07-21-1:
crypto: don't open-code qcrypto_hash_supports
crypto: use glib as fallback for hash algorithm
crypto: use /dev/[u]random as a final fallback random source
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
-rw-r--r-- | crypto/Makefile.objs | 4 | ||||
-rw-r--r-- | crypto/hash-gcrypt.c | 3 | ||||
-rw-r--r-- | crypto/hash-glib.c | 97 | ||||
-rw-r--r-- | crypto/hash-nettle.c | 3 | ||||
-rw-r--r-- | crypto/hash-stub.c | 41 | ||||
-rw-r--r-- | crypto/random-platform.c (renamed from crypto/random-stub.c) | 37 |
6 files changed, 136 insertions, 49 deletions
diff --git a/crypto/Makefile.objs b/crypto/Makefile.objs index 1f86f4f..a36d2d9 100644 --- a/crypto/Makefile.objs +++ b/crypto/Makefile.objs @@ -2,6 +2,7 @@ crypto-obj-y = init.o crypto-obj-y += hash.o crypto-obj-$(CONFIG_NETTLE) += hash-nettle.o crypto-obj-$(if $(CONFIG_NETTLE),n,$(CONFIG_GCRYPT)) += hash-gcrypt.o +crypto-obj-$(if $(CONFIG_NETTLE),n,$(if $(CONFIG_GCRYPT),n,y)) += hash-glib.o crypto-obj-y += aes.o crypto-obj-y += desrfb.o crypto-obj-y += cipher.o @@ -12,6 +13,7 @@ crypto-obj-y += tlssession.o crypto-obj-y += secret.o crypto-obj-$(CONFIG_GCRYPT) += random-gcrypt.o crypto-obj-$(if $(CONFIG_GCRYPT),n,$(CONFIG_GNUTLS_RND)) += random-gnutls.o +crypto-obj-$(if $(CONFIG_GCRYPT),n,$(if $(CONFIG_GNUTLS_RND),n,y)) += random-platform.o crypto-obj-y += pbkdf.o crypto-obj-$(CONFIG_NETTLE_KDF) += pbkdf-nettle.o crypto-obj-$(if $(CONFIG_NETTLE_KDF),n,$(CONFIG_GCRYPT_KDF)) += pbkdf-gcrypt.o @@ -28,6 +30,4 @@ crypto-obj-y += block-luks.o # Let the userspace emulators avoid linking gnutls/etc crypto-aes-obj-y = aes.o -stub-obj-y += random-stub.o stub-obj-y += pbkdf-stub.o -stub-obj-y += hash-stub.o diff --git a/crypto/hash-gcrypt.c b/crypto/hash-gcrypt.c index ed6f842..7690690 100644 --- a/crypto/hash-gcrypt.c +++ b/crypto/hash-gcrypt.c @@ -55,8 +55,7 @@ int qcrypto_hash_bytesv(QCryptoHashAlgorithm alg, gcry_md_hd_t md; unsigned char *digest; - if (alg >= G_N_ELEMENTS(qcrypto_hash_alg_map) || - qcrypto_hash_alg_map[alg] == GCRY_MD_NONE) { + if (!qcrypto_hash_supports(alg)) { error_setg(errp, "Unknown hash algorithm %d", alg); diff --git a/crypto/hash-glib.c b/crypto/hash-glib.c new file mode 100644 index 0000000..ec99ac9 --- /dev/null +++ b/crypto/hash-glib.c @@ -0,0 +1,97 @@ +/* + * QEMU Crypto hash algorithms + * + * Copyright (c) 2016 Red Hat, Inc. + * + * This library is free software; you can redistribute it and/or + * modify it under the terms of the GNU Lesser General Public + * License as published by the Free Software Foundation; either + * version 2 of the License, or (at your option) any later version. + * + * This library is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU + * Lesser General Public License for more details. + * + * You should have received a copy of the GNU Lesser General Public + * License along with this library; if not, see <http://www.gnu.org/licenses/>. + * + */ + +#include "qemu/osdep.h" +#include "qapi/error.h" +#include "crypto/hash.h" + + +static int qcrypto_hash_alg_map[QCRYPTO_HASH_ALG__MAX] = { + [QCRYPTO_HASH_ALG_MD5] = G_CHECKSUM_MD5, + [QCRYPTO_HASH_ALG_SHA1] = G_CHECKSUM_SHA1, + [QCRYPTO_HASH_ALG_SHA224] = -1, + [QCRYPTO_HASH_ALG_SHA256] = G_CHECKSUM_SHA256, + [QCRYPTO_HASH_ALG_SHA384] = -1, +#if GLIB_CHECK_VERSION(2, 36, 0) + [QCRYPTO_HASH_ALG_SHA512] = G_CHECKSUM_SHA512, +#else + [QCRYPTO_HASH_ALG_SHA512] = -1, +#endif + [QCRYPTO_HASH_ALG_RIPEMD160] = -1, +}; + +gboolean qcrypto_hash_supports(QCryptoHashAlgorithm alg) +{ + if (alg < G_N_ELEMENTS(qcrypto_hash_alg_map) && + qcrypto_hash_alg_map[alg] != -1) { + return true; + } + return false; +} + + +int qcrypto_hash_bytesv(QCryptoHashAlgorithm alg, + const struct iovec *iov, + size_t niov, + uint8_t **result, + size_t *resultlen, + Error **errp) +{ + int i, ret; + GChecksum *cs; + + if (!qcrypto_hash_supports(alg)) { + error_setg(errp, + "Unknown hash algorithm %d", + alg); + return -1; + } + + cs = g_checksum_new(qcrypto_hash_alg_map[alg]); + + for (i = 0; i < niov; i++) { + g_checksum_update(cs, iov[i].iov_base, iov[i].iov_len); + } + + ret = g_checksum_type_get_length(qcrypto_hash_alg_map[alg]); + if (ret < 0) { + error_setg(errp, "%s", + "Unable to get hash length"); + goto error; + } + if (*resultlen == 0) { + *resultlen = ret; + *result = g_new0(uint8_t, *resultlen); + } else if (*resultlen != ret) { + error_setg(errp, + "Result buffer size %zu is smaller than hash %d", + *resultlen, ret); + goto error; + } + + g_checksum_get_digest(cs, *result, resultlen); + + g_checksum_free(cs); + return 0; + + error: + g_checksum_free(cs); + return -1; +} diff --git a/crypto/hash-nettle.c b/crypto/hash-nettle.c index 4c6f50b..6a206dc 100644 --- a/crypto/hash-nettle.c +++ b/crypto/hash-nettle.c @@ -113,8 +113,7 @@ int qcrypto_hash_bytesv(QCryptoHashAlgorithm alg, int i; union qcrypto_hash_ctx ctx; - if (alg >= G_N_ELEMENTS(qcrypto_hash_alg_map) || - qcrypto_hash_alg_map[alg].init == NULL) { + if (!qcrypto_hash_supports(alg)) { error_setg(errp, "Unknown hash algorithm %d", alg); diff --git a/crypto/hash-stub.c b/crypto/hash-stub.c deleted file mode 100644 index 8a9b8d4..0000000 --- a/crypto/hash-stub.c +++ /dev/null @@ -1,41 +0,0 @@ -/* - * QEMU Crypto hash algorithms - * - * Copyright (c) 2016 Red Hat, Inc. - * - * This library is free software; you can redistribute it and/or - * modify it under the terms of the GNU Lesser General Public - * License as published by the Free Software Foundation; either - * version 2 of the License, or (at your option) any later version. - * - * This library is distributed in the hope that it will be useful, - * but WITHOUT ANY WARRANTY; without even the implied warranty of - * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU - * Lesser General Public License for more details. - * - * You should have received a copy of the GNU Lesser General Public - * License along with this library; if not, see <http://www.gnu.org/licenses/>. - * - */ - -#include "qemu/osdep.h" -#include "qapi/error.h" -#include "crypto/hash.h" - -gboolean qcrypto_hash_supports(QCryptoHashAlgorithm alg G_GNUC_UNUSED) -{ - return false; -} - -int qcrypto_hash_bytesv(QCryptoHashAlgorithm alg, - const struct iovec *iov G_GNUC_UNUSED, - size_t niov G_GNUC_UNUSED, - uint8_t **result G_GNUC_UNUSED, - size_t *resultlen G_GNUC_UNUSED, - Error **errp) -{ - error_setg(errp, - "Hash algorithm %d not supported without GNUTLS", - alg); - return -1; -} diff --git a/crypto/random-stub.c b/crypto/random-platform.c index 63bbf41..82b755a 100644 --- a/crypto/random-stub.c +++ b/crypto/random-platform.c @@ -26,6 +26,39 @@ int qcrypto_random_bytes(uint8_t *buf G_GNUC_UNUSED, size_t buflen G_GNUC_UNUSED, Error **errp) { - error_setg(errp, "No random byte source provided in this build"); - return -1; + int fd; + int ret = -1; + int got; + + /* TBD perhaps also add support for BSD getentropy / Linux + * getrandom syscalls directly */ + fd = open("/dev/urandom", O_RDONLY); + if (fd == -1 && errno == ENOENT) { + fd = open("/dev/random", O_RDONLY); + } + + if (fd < 0) { + error_setg(errp, "No /dev/urandom or /dev/random found"); + return -1; + } + + while (buflen > 0) { + got = read(fd, buf, buflen); + if (got < 0) { + error_setg_errno(errp, errno, + "Unable to read random bytes"); + goto cleanup; + } else if (!got) { + error_setg(errp, + "Unexpected EOF reading random bytes"); + goto cleanup; + } + buflen -= got; + buf += got; + } + + ret = 0; + cleanup: + close(fd); + return ret; } |