aboutsummaryrefslogtreecommitdiff
path: root/crypto/cipher-nettle.c.inc
AgeCommit message (Collapse)AuthorFilesLines
2021-07-14crypto: replace 'des-rfb' cipher with 'des'Daniel P. Berrangé1-15/+11
Currently the crypto layer exposes support for a 'des-rfb' algorithm which is just normal single-DES, with the bits in each key byte reversed. This special key munging is required by the RFB protocol password authentication mechanism. Since the crypto layer is generic shared code, it makes more sense to do the key byte munging in the VNC server code, and expose normal single-DES support. Replacing cipher 'des-rfb' by 'des' looks like an incompatible interface change, but it doesn't matter. While the QMP schema allows any QCryptoCipherAlgorithm for the 'cipher-alg' field in QCryptoBlockCreateOptionsLUKS, the code restricts what can be used at runtime. Thus the only effect is a change in error message. Original behaviour: $ qemu-img create -f luks --object secret,id=sec0,data=123 -o cipher-alg=des-rfb,key-secret=sec0 demo.luks 1G Formatting 'demo.luks', fmt=luks size=1073741824 key-secret=sec0 cipher-alg=des-rfb qemu-img: demo.luks: Algorithm 'des-rfb' not supported New behaviour: $ qemu-img create -f luks --object secret,id=sec0,data=123 -o cipher-alg=des-rfb,key-secret=sec0 demo.luks 1G Formatting 'demo.luks', fmt=luks size=1073741824 key-secret=sec0 cipher-alg=des-fish qemu-img: demo.luks: Invalid parameter 'des-rfb' Reviewed-by: Markus Armbruster <armbru@redhat.com> Reviewed-by: Eric Blake <eblake@redhat.com> Signed-off-by: Daniel P. Berrangé <berrange@redhat.com>
2021-06-02crypto: drop back compatibility typedefs for nettleDaniel P. Berrangé1-35/+25
Now that we only support modern nettle, we don't need to have local typedefs to mask the real nettle types. Reviewed-by: Thomas Huth <thuth@redhat.com> Reviewed-by: Richard Henderson <richard.henderson@linaro.org> Signed-off-by: Daniel P. Berrangé <berrange@redhat.com> Message-Id: <20210514120415.1368922-5-berrange@redhat.com> Reviewed-by: Willian Rampazzo <willianr@redhat.com> Signed-off-by: Thomas Huth <thuth@redhat.com>
2021-06-02crypto: bump min nettle to 3.4, dropping RHEL-7 supportDaniel P. Berrangé1-31/+0
It has been over two years since RHEL-8 was released, and thus per the platform build policy, we no longer need to support RHEL-7 as a build target. This lets us increment the minimum required nettle version and drop a lot of backwards compatibility code for 2.x series of nettle. Per repology, current shipping versions are: RHEL-8: 3.4.1 Debian Buster: 3.4.1 openSUSE Leap 15.2: 3.4.1 Ubuntu LTS 18.04: 3.4 Ubuntu LTS 20.04: 3.5.1 FreeBSD: 3.7.2 Fedora 33: 3.5.1 Fedora 34: 3.7.2 OpenBSD: 3.7.2 macOS HomeBrew: 3.7.2 Ubuntu LTS 18.04 has the oldest version and so 3.4 is the new minimum. Signed-off-by: Daniel P. Berrangé <berrange@redhat.com> Message-Id: <20210514120415.1368922-4-berrange@redhat.com> Reviewed-by: Thomas Huth <thuth@redhat.com> Reviewed-by: Willian Rampazzo <willianr@redhat.com> [thuth: rebased to use .gitlab-ci.d/buildtest.yml] Signed-off-by: Thomas Huth <thuth@redhat.com>
2020-09-10crypto/nettle: Split QCryptoCipherNettle into subclassesRichard Henderson1-488/+511
Use separate classes for each cipher entry point: des_rfb, des3, aes128, aes192, aes256, cast128, serpent, and twofish. Generate wrappers for XTS only for CONFIG_QEMU_PRIVATE_XTS. This eliminates unreachable wrappers for DES_RFB, DES3 and CAST128, which have blocksizes that do not allow XTS mode. Signed-off-by: Richard Henderson <richard.henderson@linaro.org> Signed-off-by: Daniel P. Berrangé <berrange@redhat.com>
2020-09-10crypto: Move cipher->driver init to qcrypto_*_cipher_ctx_newRichard Henderson1-0/+3
The class vtable should be set by the class initializer. This will also allow additional subclassing, reducing the amount of indirection in the hierarchy. Signed-off-by: Richard Henderson <richard.henderson@linaro.org> Signed-off-by: Daniel P. Berrangé <berrange@redhat.com>
2020-09-10crypto: Allocate QCryptoCipher with the subclassRichard Henderson1-11/+13
Merge the allocation of "opaque" into the allocation of "cipher". This is step one in reducing the indirection in these classes. Signed-off-by: Richard Henderson <richard.henderson@linaro.org> Signed-off-by: Daniel P. Berrangé <berrange@redhat.com>
2020-09-10crypto: Use the correct const type for driverRichard Henderson1-1/+1
This allows the in memory structures to be read-only. Signed-off-by: Richard Henderson <richard.henderson@linaro.org> Signed-off-by: Daniel P. Berrangé <berrange@redhat.com>
2020-09-10crypto/nettle: Fix xts_encrypt argumentsRichard Henderson1-1/+1
The fourth argument to xts_encrypt should be the decrypt callback; we were accidentally passing encrypt twice. Signed-off-by: Richard Henderson <richard.henderson@linaro.org> Signed-off-by: Daniel P. Berrangé <berrange@redhat.com>
2020-09-10crypto: Remove redundant includesRichard Henderson1-2/+0
Both qemu/osdep.h and cipherpriv.h have already been included by the parent cipher.c. Reviewed-by: Philippe Mathieu-Daudé <philmd@redhat.com> Signed-off-by: Richard Henderson <richard.henderson@linaro.org> Signed-off-by: Daniel P. Berrangé <berrange@redhat.com>
2020-09-10crypto: Rename cipher include files to .c.incRichard Henderson1-0/+734
QEMU standard procedure for included c files is to use *.c.inc. E.g. there are a different set of checks that are applied. Reviewed-by: Philippe Mathieu-Daudé <philmd@redhat.com> Signed-off-by: Richard Henderson <richard.henderson@linaro.org> Signed-off-by: Daniel P. Berrangé <berrange@redhat.com>