aboutsummaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorPeter Maydell <peter.maydell@linaro.org>2016-07-21 11:48:49 +0100
committerPeter Maydell <peter.maydell@linaro.org>2016-07-21 11:48:49 +0100
commit7239247a2ba2fd1c269edda3b6fd816c5fd51baf (patch)
tree49f4b26b7975d3d24c5ed6ffbe901b23c4913f49
parent61ead113ae53a4dae63b5377ace1300cb8705682 (diff)
parent760328971218bace4ab14b01f619825607fab9c3 (diff)
downloadqemu-7239247a2ba2fd1c269edda3b6fd816c5fd51baf.zip
qemu-7239247a2ba2fd1c269edda3b6fd816c5fd51baf.tar.gz
qemu-7239247a2ba2fd1c269edda3b6fd816c5fd51baf.tar.bz2
Merge remote-tracking branch 'remotes/berrange/tags/pull-qcrypto-2016-07-21-1' into staging
Merge qcrypto-next 2016/07/21 v1 # gpg: Signature made Thu 21 Jul 2016 11:07:36 BST # gpg: using RSA key 0xBE86EBB415104FDF # gpg: Good signature from "Daniel P. Berrange <dan@berrange.com>" # gpg: aka "Daniel P. Berrange <berrange@redhat.com>" # Primary key fingerprint: DAF3 A6FD B26B 6291 2D0E 8E3F BE86 EBB4 1510 4FDF * remotes/berrange/tags/pull-qcrypto-2016-07-21-1: crypto: don't open-code qcrypto_hash_supports crypto: use glib as fallback for hash algorithm crypto: use /dev/[u]random as a final fallback random source Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
-rw-r--r--crypto/Makefile.objs4
-rw-r--r--crypto/hash-gcrypt.c3
-rw-r--r--crypto/hash-glib.c97
-rw-r--r--crypto/hash-nettle.c3
-rw-r--r--crypto/hash-stub.c41
-rw-r--r--crypto/random-platform.c (renamed from crypto/random-stub.c)37
6 files changed, 136 insertions, 49 deletions
diff --git a/crypto/Makefile.objs b/crypto/Makefile.objs
index 1f86f4f..a36d2d9 100644
--- a/crypto/Makefile.objs
+++ b/crypto/Makefile.objs
@@ -2,6 +2,7 @@ crypto-obj-y = init.o
crypto-obj-y += hash.o
crypto-obj-$(CONFIG_NETTLE) += hash-nettle.o
crypto-obj-$(if $(CONFIG_NETTLE),n,$(CONFIG_GCRYPT)) += hash-gcrypt.o
+crypto-obj-$(if $(CONFIG_NETTLE),n,$(if $(CONFIG_GCRYPT),n,y)) += hash-glib.o
crypto-obj-y += aes.o
crypto-obj-y += desrfb.o
crypto-obj-y += cipher.o
@@ -12,6 +13,7 @@ crypto-obj-y += tlssession.o
crypto-obj-y += secret.o
crypto-obj-$(CONFIG_GCRYPT) += random-gcrypt.o
crypto-obj-$(if $(CONFIG_GCRYPT),n,$(CONFIG_GNUTLS_RND)) += random-gnutls.o
+crypto-obj-$(if $(CONFIG_GCRYPT),n,$(if $(CONFIG_GNUTLS_RND),n,y)) += random-platform.o
crypto-obj-y += pbkdf.o
crypto-obj-$(CONFIG_NETTLE_KDF) += pbkdf-nettle.o
crypto-obj-$(if $(CONFIG_NETTLE_KDF),n,$(CONFIG_GCRYPT_KDF)) += pbkdf-gcrypt.o
@@ -28,6 +30,4 @@ crypto-obj-y += block-luks.o
# Let the userspace emulators avoid linking gnutls/etc
crypto-aes-obj-y = aes.o
-stub-obj-y += random-stub.o
stub-obj-y += pbkdf-stub.o
-stub-obj-y += hash-stub.o
diff --git a/crypto/hash-gcrypt.c b/crypto/hash-gcrypt.c
index ed6f842..7690690 100644
--- a/crypto/hash-gcrypt.c
+++ b/crypto/hash-gcrypt.c
@@ -55,8 +55,7 @@ int qcrypto_hash_bytesv(QCryptoHashAlgorithm alg,
gcry_md_hd_t md;
unsigned char *digest;
- if (alg >= G_N_ELEMENTS(qcrypto_hash_alg_map) ||
- qcrypto_hash_alg_map[alg] == GCRY_MD_NONE) {
+ if (!qcrypto_hash_supports(alg)) {
error_setg(errp,
"Unknown hash algorithm %d",
alg);
diff --git a/crypto/hash-glib.c b/crypto/hash-glib.c
new file mode 100644
index 0000000..ec99ac9
--- /dev/null
+++ b/crypto/hash-glib.c
@@ -0,0 +1,97 @@
+/*
+ * QEMU Crypto hash algorithms
+ *
+ * Copyright (c) 2016 Red Hat, Inc.
+ *
+ * This library is free software; you can redistribute it and/or
+ * modify it under the terms of the GNU Lesser General Public
+ * License as published by the Free Software Foundation; either
+ * version 2 of the License, or (at your option) any later version.
+ *
+ * This library is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
+ * Lesser General Public License for more details.
+ *
+ * You should have received a copy of the GNU Lesser General Public
+ * License along with this library; if not, see <http://www.gnu.org/licenses/>.
+ *
+ */
+
+#include "qemu/osdep.h"
+#include "qapi/error.h"
+#include "crypto/hash.h"
+
+
+static int qcrypto_hash_alg_map[QCRYPTO_HASH_ALG__MAX] = {
+ [QCRYPTO_HASH_ALG_MD5] = G_CHECKSUM_MD5,
+ [QCRYPTO_HASH_ALG_SHA1] = G_CHECKSUM_SHA1,
+ [QCRYPTO_HASH_ALG_SHA224] = -1,
+ [QCRYPTO_HASH_ALG_SHA256] = G_CHECKSUM_SHA256,
+ [QCRYPTO_HASH_ALG_SHA384] = -1,
+#if GLIB_CHECK_VERSION(2, 36, 0)
+ [QCRYPTO_HASH_ALG_SHA512] = G_CHECKSUM_SHA512,
+#else
+ [QCRYPTO_HASH_ALG_SHA512] = -1,
+#endif
+ [QCRYPTO_HASH_ALG_RIPEMD160] = -1,
+};
+
+gboolean qcrypto_hash_supports(QCryptoHashAlgorithm alg)
+{
+ if (alg < G_N_ELEMENTS(qcrypto_hash_alg_map) &&
+ qcrypto_hash_alg_map[alg] != -1) {
+ return true;
+ }
+ return false;
+}
+
+
+int qcrypto_hash_bytesv(QCryptoHashAlgorithm alg,
+ const struct iovec *iov,
+ size_t niov,
+ uint8_t **result,
+ size_t *resultlen,
+ Error **errp)
+{
+ int i, ret;
+ GChecksum *cs;
+
+ if (!qcrypto_hash_supports(alg)) {
+ error_setg(errp,
+ "Unknown hash algorithm %d",
+ alg);
+ return -1;
+ }
+
+ cs = g_checksum_new(qcrypto_hash_alg_map[alg]);
+
+ for (i = 0; i < niov; i++) {
+ g_checksum_update(cs, iov[i].iov_base, iov[i].iov_len);
+ }
+
+ ret = g_checksum_type_get_length(qcrypto_hash_alg_map[alg]);
+ if (ret < 0) {
+ error_setg(errp, "%s",
+ "Unable to get hash length");
+ goto error;
+ }
+ if (*resultlen == 0) {
+ *resultlen = ret;
+ *result = g_new0(uint8_t, *resultlen);
+ } else if (*resultlen != ret) {
+ error_setg(errp,
+ "Result buffer size %zu is smaller than hash %d",
+ *resultlen, ret);
+ goto error;
+ }
+
+ g_checksum_get_digest(cs, *result, resultlen);
+
+ g_checksum_free(cs);
+ return 0;
+
+ error:
+ g_checksum_free(cs);
+ return -1;
+}
diff --git a/crypto/hash-nettle.c b/crypto/hash-nettle.c
index 4c6f50b..6a206dc 100644
--- a/crypto/hash-nettle.c
+++ b/crypto/hash-nettle.c
@@ -113,8 +113,7 @@ int qcrypto_hash_bytesv(QCryptoHashAlgorithm alg,
int i;
union qcrypto_hash_ctx ctx;
- if (alg >= G_N_ELEMENTS(qcrypto_hash_alg_map) ||
- qcrypto_hash_alg_map[alg].init == NULL) {
+ if (!qcrypto_hash_supports(alg)) {
error_setg(errp,
"Unknown hash algorithm %d",
alg);
diff --git a/crypto/hash-stub.c b/crypto/hash-stub.c
deleted file mode 100644
index 8a9b8d4..0000000
--- a/crypto/hash-stub.c
+++ /dev/null
@@ -1,41 +0,0 @@
-/*
- * QEMU Crypto hash algorithms
- *
- * Copyright (c) 2016 Red Hat, Inc.
- *
- * This library is free software; you can redistribute it and/or
- * modify it under the terms of the GNU Lesser General Public
- * License as published by the Free Software Foundation; either
- * version 2 of the License, or (at your option) any later version.
- *
- * This library is distributed in the hope that it will be useful,
- * but WITHOUT ANY WARRANTY; without even the implied warranty of
- * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
- * Lesser General Public License for more details.
- *
- * You should have received a copy of the GNU Lesser General Public
- * License along with this library; if not, see <http://www.gnu.org/licenses/>.
- *
- */
-
-#include "qemu/osdep.h"
-#include "qapi/error.h"
-#include "crypto/hash.h"
-
-gboolean qcrypto_hash_supports(QCryptoHashAlgorithm alg G_GNUC_UNUSED)
-{
- return false;
-}
-
-int qcrypto_hash_bytesv(QCryptoHashAlgorithm alg,
- const struct iovec *iov G_GNUC_UNUSED,
- size_t niov G_GNUC_UNUSED,
- uint8_t **result G_GNUC_UNUSED,
- size_t *resultlen G_GNUC_UNUSED,
- Error **errp)
-{
- error_setg(errp,
- "Hash algorithm %d not supported without GNUTLS",
- alg);
- return -1;
-}
diff --git a/crypto/random-stub.c b/crypto/random-platform.c
index 63bbf41..82b755a 100644
--- a/crypto/random-stub.c
+++ b/crypto/random-platform.c
@@ -26,6 +26,39 @@ int qcrypto_random_bytes(uint8_t *buf G_GNUC_UNUSED,
size_t buflen G_GNUC_UNUSED,
Error **errp)
{
- error_setg(errp, "No random byte source provided in this build");
- return -1;
+ int fd;
+ int ret = -1;
+ int got;
+
+ /* TBD perhaps also add support for BSD getentropy / Linux
+ * getrandom syscalls directly */
+ fd = open("/dev/urandom", O_RDONLY);
+ if (fd == -1 && errno == ENOENT) {
+ fd = open("/dev/random", O_RDONLY);
+ }
+
+ if (fd < 0) {
+ error_setg(errp, "No /dev/urandom or /dev/random found");
+ return -1;
+ }
+
+ while (buflen > 0) {
+ got = read(fd, buf, buflen);
+ if (got < 0) {
+ error_setg_errno(errp, errno,
+ "Unable to read random bytes");
+ goto cleanup;
+ } else if (!got) {
+ error_setg(errp,
+ "Unexpected EOF reading random bytes");
+ goto cleanup;
+ }
+ buflen -= got;
+ buf += got;
+ }
+
+ ret = 0;
+ cleanup:
+ close(fd);
+ return ret;
}