Merge qcrypto 2016/07/04 v1
-----BEGIN PGP SIGNATURE----- Version: GnuPG v1 iQIcBAABCAAGBQJXeniiAAoJEL6G67QVEE/fnbgQAKzM0WXNtIlpXriL836GnMRT BBYrYxMiGxxiLishV9LZ6CRdKiiuqU8OwO7WFtSUeSHhGJeTqR6jMmn1YrdIPe0w nMUT8db00uXRze3uHy1Z8omK6FiSlfHDIpk5260y9Ymz5bhRkpwnQoRXdIwGGkKb q7pgLwQJ6J+dfJUUAl7kvNrjR8iFc4ISt56mWh2Ven9pq9XapZ2M+xCAKrts4RGq FeQcaF0uYbc/cK7E8oypphiLYerIvms7LlTsY+Ywwx5N5AMzZSFCWWCoy0XDb1ny 89Rmt5ot1YOVsQhITnO0jf7/5BfMmD8nBcPsNEs3FV6DkTPHBsUMIgomNvlHX9Gk 3nZ1L0ja6e57M9hOyS21NOTc6LCFpyGLR6MuizN42FYmG3aGvYZWoHSRq1swBoBx jR1h8j1bPM94sYU+9tdLi4vuuLxVykonLq1kwzIOAg928fzlTxKC/kQyss3NZTD/ WLg26Nh3+ZkEsw90ng/pCmtlVAPAj4rf+sJ/dG6LIXftE12pRycZovrpMnoAx4f+ oTFyJvJ/XUalplmwqerhnP6gaRwfSzQrFTh+Yvs/9FVssw/KfJQmupOPeGaEXvlj Abq2YUC9hmUz1dUTm6u6WPMgYp813uT+OG8OGJG/I3NAw8OMj2W4lA7zz0ht3WQT HUQ2M7Ve8FqBXlnOzrXq =eJRO -----END PGP SIGNATURE----- Merge remote-tracking branch 'remotes/berrange/tags/pull-qcrypto-2016-07-04-1' into staging Merge qcrypto 2016/07/04 v1 # gpg: Signature made Mon 04 Jul 2016 15:54:26 BST # gpg: using RSA key 0xBE86EBB415104FDF # gpg: Good signature from "Daniel P. Berrange <dan@berrange.com>" # gpg: aka "Daniel P. Berrange <berrange@redhat.com>" # Primary key fingerprint: DAF3 A6FD B26B 6291 2D0E 8E3F BE86 EBB4 1510 4FDF * remotes/berrange/tags/pull-qcrypto-2016-07-04-1: crypto: allow default TLS priority to be chosen at build time crypto: add support for TLS priority string override crypto: implement sha224, sha384, sha512 and ripemd160 hashes crypto: switch hash code to use nettle/gcrypt directly crypto: rename OUT to out in xts test to avoid clash on MinGW crypto: fix handling of iv generator hash defaults Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
This commit is contained in:
commit
0d7e96c9b5
20
configure
vendored
20
configure
vendored
@ -305,8 +305,8 @@ archipelago="no"
|
||||
gtk=""
|
||||
gtkabi=""
|
||||
gtk_gl="no"
|
||||
tls_priority="NORMAL"
|
||||
gnutls=""
|
||||
gnutls_hash=""
|
||||
gnutls_rnd=""
|
||||
nettle=""
|
||||
nettle_kdf="no"
|
||||
@ -1097,6 +1097,8 @@ for opt do
|
||||
;;
|
||||
--enable-gtk) gtk="yes"
|
||||
;;
|
||||
--tls-priority=*) tls_priority="$optarg"
|
||||
;;
|
||||
--disable-gnutls) gnutls="no"
|
||||
;;
|
||||
--enable-gnutls) gnutls="yes"
|
||||
@ -1308,6 +1310,7 @@ Advanced options (experts only):
|
||||
--disable-blobs disable installing provided firmware blobs
|
||||
--with-vss-sdk=SDK-path enable Windows VSS support in QEMU Guest Agent
|
||||
--with-win-sdk=SDK-path path to Windows Platform SDK (to build VSS .tlb)
|
||||
--tls-priority default TLS protocol/cipher priority string
|
||||
|
||||
Optional features, enabled with --enable-FEATURE and
|
||||
disabled with --disable-FEATURE, default is enabled if available:
|
||||
@ -2218,13 +2221,6 @@ if test "$gnutls" != "no"; then
|
||||
QEMU_CFLAGS="$QEMU_CFLAGS $gnutls_cflags"
|
||||
gnutls="yes"
|
||||
|
||||
# gnutls_hash_init requires >= 2.9.10
|
||||
if $pkg_config --exists "gnutls >= 2.9.10"; then
|
||||
gnutls_hash="yes"
|
||||
else
|
||||
gnutls_hash="no"
|
||||
fi
|
||||
|
||||
# gnutls_rnd requires >= 2.11.0
|
||||
if $pkg_config --exists "gnutls >= 2.11.0"; then
|
||||
gnutls_rnd="yes"
|
||||
@ -2258,11 +2254,9 @@ if test "$gnutls" != "no"; then
|
||||
feature_not_found "gnutls" "Install gnutls devel"
|
||||
else
|
||||
gnutls="no"
|
||||
gnutls_hash="no"
|
||||
gnutls_rnd="no"
|
||||
fi
|
||||
else
|
||||
gnutls_hash="no"
|
||||
gnutls_rnd="no"
|
||||
fi
|
||||
|
||||
@ -4812,8 +4806,8 @@ echo "SDL support $sdl $(echo_version $sdl $sdlversion)"
|
||||
echo "GTK support $gtk $(echo_version $gtk $gtk_version)"
|
||||
echo "GTK GL support $gtk_gl"
|
||||
echo "VTE support $vte $(echo_version $vte $vteversion)"
|
||||
echo "TLS priority $tls_priority"
|
||||
echo "GNUTLS support $gnutls"
|
||||
echo "GNUTLS hash $gnutls_hash"
|
||||
echo "GNUTLS rnd $gnutls_rnd"
|
||||
echo "libgcrypt $gcrypt"
|
||||
echo "libgcrypt kdf $gcrypt_kdf"
|
||||
@ -5176,12 +5170,10 @@ if test "$gtk" = "yes" ; then
|
||||
echo "CONFIG_GTK_GL=y" >> $config_host_mak
|
||||
fi
|
||||
fi
|
||||
echo "CONFIG_TLS_PRIORITY=\"$tls_priority\"" >> $config_host_mak
|
||||
if test "$gnutls" = "yes" ; then
|
||||
echo "CONFIG_GNUTLS=y" >> $config_host_mak
|
||||
fi
|
||||
if test "$gnutls_hash" = "yes" ; then
|
||||
echo "CONFIG_GNUTLS_HASH=y" >> $config_host_mak
|
||||
fi
|
||||
if test "$gnutls_rnd" = "yes" ; then
|
||||
echo "CONFIG_GNUTLS_RND=y" >> $config_host_mak
|
||||
fi
|
||||
|
@ -1,5 +1,7 @@
|
||||
crypto-obj-y = init.o
|
||||
crypto-obj-y += hash.o
|
||||
crypto-obj-$(CONFIG_NETTLE) += hash-nettle.o
|
||||
crypto-obj-$(if $(CONFIG_NETTLE),n,$(CONFIG_GCRYPT)) += hash-gcrypt.o
|
||||
crypto-obj-y += aes.o
|
||||
crypto-obj-y += desrfb.o
|
||||
crypto-obj-y += cipher.o
|
||||
@ -28,3 +30,4 @@ crypto-aes-obj-y = aes.o
|
||||
|
||||
stub-obj-y += random-stub.o
|
||||
stub-obj-y += pbkdf-stub.o
|
||||
stub-obj-y += hash-stub.o
|
||||
|
@ -776,6 +776,11 @@ qcrypto_block_luks_open(QCryptoBlock *block,
|
||||
}
|
||||
|
||||
if (ivalg == QCRYPTO_IVGEN_ALG_ESSIV) {
|
||||
if (!ivhash_name) {
|
||||
ret = -EINVAL;
|
||||
error_setg(errp, "Missing IV generator hash specification");
|
||||
goto fail;
|
||||
}
|
||||
ivcipheralg = qcrypto_block_luks_essiv_cipher(cipheralg,
|
||||
ivhash,
|
||||
&local_err);
|
||||
@ -785,6 +790,13 @@ qcrypto_block_luks_open(QCryptoBlock *block,
|
||||
goto fail;
|
||||
}
|
||||
} else {
|
||||
/* Note we parsed the ivhash_name earlier in the cipher_mode
|
||||
* spec string even with plain/plain64 ivgens, but we
|
||||
* will ignore it, since it is irrelevant for these ivgens.
|
||||
* This is for compat with dm-crypt which will silently
|
||||
* ignore hash names with these ivgens rather than report
|
||||
* an error about the invalid usage
|
||||
*/
|
||||
ivcipheralg = cipheralg;
|
||||
}
|
||||
|
||||
@ -904,6 +916,15 @@ qcrypto_block_luks_create(QCryptoBlock *block,
|
||||
if (!luks_opts.has_hash_alg) {
|
||||
luks_opts.hash_alg = QCRYPTO_HASH_ALG_SHA256;
|
||||
}
|
||||
if (luks_opts.ivgen_alg == QCRYPTO_IVGEN_ALG_ESSIV) {
|
||||
if (!luks_opts.has_ivgen_hash_alg) {
|
||||
luks_opts.ivgen_hash_alg = QCRYPTO_HASH_ALG_SHA256;
|
||||
luks_opts.has_ivgen_hash_alg = true;
|
||||
}
|
||||
}
|
||||
/* Note we're allowing ivgen_hash_alg to be set even for
|
||||
* non-essiv iv generators that don't need a hash. It will
|
||||
* be silently ignored, for compatibility with dm-crypt */
|
||||
|
||||
if (!options->u.luks.key_secret) {
|
||||
error_setg(errp, "Parameter 'key-secret' is required for cipher");
|
||||
|
110
crypto/hash-gcrypt.c
Normal file
110
crypto/hash-gcrypt.c
Normal file
@ -0,0 +1,110 @@
|
||||
/*
|
||||
* QEMU Crypto hash algorithms
|
||||
*
|
||||
* Copyright (c) 2016 Red Hat, Inc.
|
||||
*
|
||||
* This library is free software; you can redistribute it and/or
|
||||
* modify it under the terms of the GNU Lesser General Public
|
||||
* License as published by the Free Software Foundation; either
|
||||
* version 2 of the License, or (at your option) any later version.
|
||||
*
|
||||
* This library is distributed in the hope that it will be useful,
|
||||
* but WITHOUT ANY WARRANTY; without even the implied warranty of
|
||||
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
|
||||
* Lesser General Public License for more details.
|
||||
*
|
||||
* You should have received a copy of the GNU Lesser General Public
|
||||
* License along with this library; if not, see <http://www.gnu.org/licenses/>.
|
||||
*
|
||||
*/
|
||||
|
||||
#include "qemu/osdep.h"
|
||||
#include "qapi/error.h"
|
||||
#include "crypto/hash.h"
|
||||
#include "gcrypt.h"
|
||||
|
||||
|
||||
static int qcrypto_hash_alg_map[QCRYPTO_HASH_ALG__MAX] = {
|
||||
[QCRYPTO_HASH_ALG_MD5] = GCRY_MD_MD5,
|
||||
[QCRYPTO_HASH_ALG_SHA1] = GCRY_MD_SHA1,
|
||||
[QCRYPTO_HASH_ALG_SHA224] = GCRY_MD_SHA224,
|
||||
[QCRYPTO_HASH_ALG_SHA256] = GCRY_MD_SHA256,
|
||||
[QCRYPTO_HASH_ALG_SHA384] = GCRY_MD_SHA384,
|
||||
[QCRYPTO_HASH_ALG_SHA512] = GCRY_MD_SHA512,
|
||||
[QCRYPTO_HASH_ALG_RIPEMD160] = GCRY_MD_RMD160,
|
||||
};
|
||||
|
||||
gboolean qcrypto_hash_supports(QCryptoHashAlgorithm alg)
|
||||
{
|
||||
if (alg < G_N_ELEMENTS(qcrypto_hash_alg_map) &&
|
||||
qcrypto_hash_alg_map[alg] != GCRY_MD_NONE) {
|
||||
return true;
|
||||
}
|
||||
return false;
|
||||
}
|
||||
|
||||
|
||||
int qcrypto_hash_bytesv(QCryptoHashAlgorithm alg,
|
||||
const struct iovec *iov,
|
||||
size_t niov,
|
||||
uint8_t **result,
|
||||
size_t *resultlen,
|
||||
Error **errp)
|
||||
{
|
||||
int i, ret;
|
||||
gcry_md_hd_t md;
|
||||
unsigned char *digest;
|
||||
|
||||
if (alg >= G_N_ELEMENTS(qcrypto_hash_alg_map) ||
|
||||
qcrypto_hash_alg_map[alg] == GCRY_MD_NONE) {
|
||||
error_setg(errp,
|
||||
"Unknown hash algorithm %d",
|
||||
alg);
|
||||
return -1;
|
||||
}
|
||||
|
||||
ret = gcry_md_open(&md, qcrypto_hash_alg_map[alg], 0);
|
||||
|
||||
if (ret < 0) {
|
||||
error_setg(errp,
|
||||
"Unable to initialize hash algorithm: %s",
|
||||
gcry_strerror(ret));
|
||||
return -1;
|
||||
}
|
||||
|
||||
for (i = 0; i < niov; i++) {
|
||||
gcry_md_write(md, iov[i].iov_base, iov[i].iov_len);
|
||||
}
|
||||
|
||||
ret = gcry_md_get_algo_dlen(qcrypto_hash_alg_map[alg]);
|
||||
if (ret <= 0) {
|
||||
error_setg(errp,
|
||||
"Unable to get hash length: %s",
|
||||
gcry_strerror(ret));
|
||||
goto error;
|
||||
}
|
||||
if (*resultlen == 0) {
|
||||
*resultlen = ret;
|
||||
*result = g_new0(uint8_t, *resultlen);
|
||||
} else if (*resultlen != ret) {
|
||||
error_setg(errp,
|
||||
"Result buffer size %zu is smaller than hash %d",
|
||||
*resultlen, ret);
|
||||
goto error;
|
||||
}
|
||||
|
||||
digest = gcry_md_read(md, 0);
|
||||
if (!digest) {
|
||||
error_setg(errp,
|
||||
"No digest produced");
|
||||
goto error;
|
||||
}
|
||||
memcpy(*result, digest, *resultlen);
|
||||
|
||||
gcry_md_close(md);
|
||||
return 0;
|
||||
|
||||
error:
|
||||
gcry_md_close(md);
|
||||
return -1;
|
||||
}
|
155
crypto/hash-nettle.c
Normal file
155
crypto/hash-nettle.c
Normal file
@ -0,0 +1,155 @@
|
||||
/*
|
||||
* QEMU Crypto hash algorithms
|
||||
*
|
||||
* Copyright (c) 2016 Red Hat, Inc.
|
||||
*
|
||||
* This library is free software; you can redistribute it and/or
|
||||
* modify it under the terms of the GNU Lesser General Public
|
||||
* License as published by the Free Software Foundation; either
|
||||
* version 2 of the License, or (at your option) any later version.
|
||||
*
|
||||
* This library is distributed in the hope that it will be useful,
|
||||
* but WITHOUT ANY WARRANTY; without even the implied warranty of
|
||||
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
|
||||
* Lesser General Public License for more details.
|
||||
*
|
||||
* You should have received a copy of the GNU Lesser General Public
|
||||
* License along with this library; if not, see <http://www.gnu.org/licenses/>.
|
||||
*
|
||||
*/
|
||||
|
||||
#include "qemu/osdep.h"
|
||||
#include "qapi/error.h"
|
||||
#include "crypto/hash.h"
|
||||
#include <nettle/md5.h>
|
||||
#include <nettle/sha.h>
|
||||
#include <nettle/ripemd160.h>
|
||||
|
||||
typedef void (*qcrypto_nettle_init)(void *ctx);
|
||||
typedef void (*qcrypto_nettle_write)(void *ctx,
|
||||
unsigned int len,
|
||||
const uint8_t *buf);
|
||||
typedef void (*qcrypto_nettle_result)(void *ctx,
|
||||
unsigned int len,
|
||||
uint8_t *buf);
|
||||
|
||||
union qcrypto_hash_ctx {
|
||||
struct md5_ctx md5;
|
||||
struct sha1_ctx sha1;
|
||||
struct sha224_ctx sha224;
|
||||
struct sha256_ctx sha256;
|
||||
struct sha384_ctx sha384;
|
||||
struct sha512_ctx sha512;
|
||||
struct ripemd160_ctx ripemd160;
|
||||
};
|
||||
|
||||
struct qcrypto_hash_alg {
|
||||
qcrypto_nettle_init init;
|
||||
qcrypto_nettle_write write;
|
||||
qcrypto_nettle_result result;
|
||||
size_t len;
|
||||
} qcrypto_hash_alg_map[] = {
|
||||
[QCRYPTO_HASH_ALG_MD5] = {
|
||||
.init = (qcrypto_nettle_init)md5_init,
|
||||
.write = (qcrypto_nettle_write)md5_update,
|
||||
.result = (qcrypto_nettle_result)md5_digest,
|
||||
.len = MD5_DIGEST_SIZE,
|
||||
},
|
||||
[QCRYPTO_HASH_ALG_SHA1] = {
|
||||
.init = (qcrypto_nettle_init)sha1_init,
|
||||
.write = (qcrypto_nettle_write)sha1_update,
|
||||
.result = (qcrypto_nettle_result)sha1_digest,
|
||||
.len = SHA1_DIGEST_SIZE,
|
||||
},
|
||||
[QCRYPTO_HASH_ALG_SHA224] = {
|
||||
.init = (qcrypto_nettle_init)sha224_init,
|
||||
.write = (qcrypto_nettle_write)sha224_update,
|
||||
.result = (qcrypto_nettle_result)sha224_digest,
|
||||
.len = SHA224_DIGEST_SIZE,
|
||||
},
|
||||
[QCRYPTO_HASH_ALG_SHA256] = {
|
||||
.init = (qcrypto_nettle_init)sha256_init,
|
||||
.write = (qcrypto_nettle_write)sha256_update,
|
||||
.result = (qcrypto_nettle_result)sha256_digest,
|
||||
.len = SHA256_DIGEST_SIZE,
|
||||
},
|
||||
[QCRYPTO_HASH_ALG_SHA384] = {
|
||||
.init = (qcrypto_nettle_init)sha384_init,
|
||||
.write = (qcrypto_nettle_write)sha384_update,
|
||||
.result = (qcrypto_nettle_result)sha384_digest,
|
||||
.len = SHA384_DIGEST_SIZE,
|
||||
},
|
||||
[QCRYPTO_HASH_ALG_SHA512] = {
|
||||
.init = (qcrypto_nettle_init)sha512_init,
|
||||
.write = (qcrypto_nettle_write)sha512_update,
|
||||
.result = (qcrypto_nettle_result)sha512_digest,
|
||||
.len = SHA512_DIGEST_SIZE,
|
||||
},
|
||||
[QCRYPTO_HASH_ALG_RIPEMD160] = {
|
||||
.init = (qcrypto_nettle_init)ripemd160_init,
|
||||
.write = (qcrypto_nettle_write)ripemd160_update,
|
||||
.result = (qcrypto_nettle_result)ripemd160_digest,
|
||||
.len = RIPEMD160_DIGEST_SIZE,
|
||||
},
|
||||
};
|
||||
|
||||
gboolean qcrypto_hash_supports(QCryptoHashAlgorithm alg)
|
||||
{
|
||||
if (alg < G_N_ELEMENTS(qcrypto_hash_alg_map) &&
|
||||
qcrypto_hash_alg_map[alg].init != NULL) {
|
||||
return true;
|
||||
}
|
||||
return false;
|
||||
}
|
||||
|
||||
|
||||
int qcrypto_hash_bytesv(QCryptoHashAlgorithm alg,
|
||||
const struct iovec *iov,
|
||||
size_t niov,
|
||||
uint8_t **result,
|
||||
size_t *resultlen,
|
||||
Error **errp)
|
||||
{
|
||||
int i;
|
||||
union qcrypto_hash_ctx ctx;
|
||||
|
||||
if (alg >= G_N_ELEMENTS(qcrypto_hash_alg_map) ||
|
||||
qcrypto_hash_alg_map[alg].init == NULL) {
|
||||
error_setg(errp,
|
||||
"Unknown hash algorithm %d",
|
||||
alg);
|
||||
return -1;
|
||||
}
|
||||
|
||||
qcrypto_hash_alg_map[alg].init(&ctx);
|
||||
|
||||
for (i = 0; i < niov; i++) {
|
||||
/* Some versions of nettle have functions
|
||||
* declared with 'int' instead of 'size_t'
|
||||
* so to be safe avoid writing more than
|
||||
* UINT_MAX bytes at a time
|
||||
*/
|
||||
size_t len = iov[i].iov_len;
|
||||
uint8_t *base = iov[i].iov_base;
|
||||
while (len) {
|
||||
size_t shortlen = MIN(len, UINT_MAX);
|
||||
qcrypto_hash_alg_map[alg].write(&ctx, len, base);
|
||||
len -= shortlen;
|
||||
base += len;
|
||||
}
|
||||
}
|
||||
|
||||
if (*resultlen == 0) {
|
||||
*resultlen = qcrypto_hash_alg_map[alg].len;
|
||||
*result = g_new0(uint8_t, *resultlen);
|
||||
} else if (*resultlen != qcrypto_hash_alg_map[alg].len) {
|
||||
error_setg(errp,
|
||||
"Result buffer size %zu is smaller than hash %zu",
|
||||
*resultlen, qcrypto_hash_alg_map[alg].len);
|
||||
return -1;
|
||||
}
|
||||
|
||||
qcrypto_hash_alg_map[alg].result(&ctx, *resultlen, *result);
|
||||
|
||||
return 0;
|
||||
}
|
41
crypto/hash-stub.c
Normal file
41
crypto/hash-stub.c
Normal file
@ -0,0 +1,41 @@
|
||||
/*
|
||||
* QEMU Crypto hash algorithms
|
||||
*
|
||||
* Copyright (c) 2016 Red Hat, Inc.
|
||||
*
|
||||
* This library is free software; you can redistribute it and/or
|
||||
* modify it under the terms of the GNU Lesser General Public
|
||||
* License as published by the Free Software Foundation; either
|
||||
* version 2 of the License, or (at your option) any later version.
|
||||
*
|
||||
* This library is distributed in the hope that it will be useful,
|
||||
* but WITHOUT ANY WARRANTY; without even the implied warranty of
|
||||
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
|
||||
* Lesser General Public License for more details.
|
||||
*
|
||||
* You should have received a copy of the GNU Lesser General Public
|
||||
* License along with this library; if not, see <http://www.gnu.org/licenses/>.
|
||||
*
|
||||
*/
|
||||
|
||||
#include "qemu/osdep.h"
|
||||
#include "qapi/error.h"
|
||||
#include "crypto/hash.h"
|
||||
|
||||
gboolean qcrypto_hash_supports(QCryptoHashAlgorithm alg G_GNUC_UNUSED)
|
||||
{
|
||||
return false;
|
||||
}
|
||||
|
||||
int qcrypto_hash_bytesv(QCryptoHashAlgorithm alg,
|
||||
const struct iovec *iov G_GNUC_UNUSED,
|
||||
size_t niov G_GNUC_UNUSED,
|
||||
uint8_t **result G_GNUC_UNUSED,
|
||||
size_t *resultlen G_GNUC_UNUSED,
|
||||
Error **errp)
|
||||
{
|
||||
error_setg(errp,
|
||||
"Hash algorithm %d not supported without GNUTLS",
|
||||
alg);
|
||||
return -1;
|
||||
}
|
109
crypto/hash.c
109
crypto/hash.c
@ -22,16 +22,14 @@
|
||||
#include "qapi/error.h"
|
||||
#include "crypto/hash.h"
|
||||
|
||||
#ifdef CONFIG_GNUTLS_HASH
|
||||
#include <gnutls/gnutls.h>
|
||||
#include <gnutls/crypto.h>
|
||||
#endif
|
||||
|
||||
|
||||
static size_t qcrypto_hash_alg_size[QCRYPTO_HASH_ALG__MAX] = {
|
||||
[QCRYPTO_HASH_ALG_MD5] = 16,
|
||||
[QCRYPTO_HASH_ALG_SHA1] = 20,
|
||||
[QCRYPTO_HASH_ALG_SHA224] = 28,
|
||||
[QCRYPTO_HASH_ALG_SHA256] = 32,
|
||||
[QCRYPTO_HASH_ALG_SHA384] = 48,
|
||||
[QCRYPTO_HASH_ALG_SHA512] = 64,
|
||||
[QCRYPTO_HASH_ALG_RIPEMD160] = 20,
|
||||
};
|
||||
|
||||
size_t qcrypto_hash_digest_len(QCryptoHashAlgorithm alg)
|
||||
@ -41,105 +39,6 @@ size_t qcrypto_hash_digest_len(QCryptoHashAlgorithm alg)
|
||||
}
|
||||
|
||||
|
||||
#ifdef CONFIG_GNUTLS_HASH
|
||||
static int qcrypto_hash_alg_map[QCRYPTO_HASH_ALG__MAX] = {
|
||||
[QCRYPTO_HASH_ALG_MD5] = GNUTLS_DIG_MD5,
|
||||
[QCRYPTO_HASH_ALG_SHA1] = GNUTLS_DIG_SHA1,
|
||||
[QCRYPTO_HASH_ALG_SHA256] = GNUTLS_DIG_SHA256,
|
||||
};
|
||||
|
||||
gboolean qcrypto_hash_supports(QCryptoHashAlgorithm alg)
|
||||
{
|
||||
if (alg < G_N_ELEMENTS(qcrypto_hash_alg_map)) {
|
||||
return true;
|
||||
}
|
||||
return false;
|
||||
}
|
||||
|
||||
|
||||
int qcrypto_hash_bytesv(QCryptoHashAlgorithm alg,
|
||||
const struct iovec *iov,
|
||||
size_t niov,
|
||||
uint8_t **result,
|
||||
size_t *resultlen,
|
||||
Error **errp)
|
||||
{
|
||||
int i, ret;
|
||||
gnutls_hash_hd_t dig;
|
||||
|
||||
if (alg >= G_N_ELEMENTS(qcrypto_hash_alg_map)) {
|
||||
error_setg(errp,
|
||||
"Unknown hash algorithm %d",
|
||||
alg);
|
||||
return -1;
|
||||
}
|
||||
|
||||
ret = gnutls_hash_init(&dig, qcrypto_hash_alg_map[alg]);
|
||||
|
||||
if (ret < 0) {
|
||||
error_setg(errp,
|
||||
"Unable to initialize hash algorithm: %s",
|
||||
gnutls_strerror(ret));
|
||||
return -1;
|
||||
}
|
||||
|
||||
for (i = 0; i < niov; i++) {
|
||||
ret = gnutls_hash(dig, iov[i].iov_base, iov[i].iov_len);
|
||||
if (ret < 0) {
|
||||
error_setg(errp,
|
||||
"Unable process hash data: %s",
|
||||
gnutls_strerror(ret));
|
||||
goto error;
|
||||
}
|
||||
}
|
||||
|
||||
ret = gnutls_hash_get_len(qcrypto_hash_alg_map[alg]);
|
||||
if (ret <= 0) {
|
||||
error_setg(errp,
|
||||
"Unable to get hash length: %s",
|
||||
gnutls_strerror(ret));
|
||||
goto error;
|
||||
}
|
||||
if (*resultlen == 0) {
|
||||
*resultlen = ret;
|
||||
*result = g_new0(uint8_t, *resultlen);
|
||||
} else if (*resultlen != ret) {
|
||||
error_setg(errp,
|
||||
"Result buffer size %zu is smaller than hash %d",
|
||||
*resultlen, ret);
|
||||
goto error;
|
||||
}
|
||||
|
||||
gnutls_hash_deinit(dig, *result);
|
||||
return 0;
|
||||
|
||||
error:
|
||||
gnutls_hash_deinit(dig, NULL);
|
||||
return -1;
|
||||
}
|
||||
|
||||
#else /* ! CONFIG_GNUTLS_HASH */
|
||||
|
||||
gboolean qcrypto_hash_supports(QCryptoHashAlgorithm alg G_GNUC_UNUSED)
|
||||
{
|
||||
return false;
|
||||
}
|
||||
|
||||
int qcrypto_hash_bytesv(QCryptoHashAlgorithm alg,
|
||||
const struct iovec *iov G_GNUC_UNUSED,
|
||||
size_t niov G_GNUC_UNUSED,
|
||||
uint8_t **result G_GNUC_UNUSED,
|
||||
size_t *resultlen G_GNUC_UNUSED,
|
||||
Error **errp)
|
||||
{
|
||||
error_setg(errp,
|
||||
"Hash algorithm %d not supported without GNUTLS",
|
||||
alg);
|
||||
return -1;
|
||||
}
|
||||
|
||||
#endif /* ! CONFIG_GNUTLS_HASH */
|
||||
|
||||
int qcrypto_hash_bytes(QCryptoHashAlgorithm alg,
|
||||
const char *buf,
|
||||
size_t len,
|
||||
|
@ -178,6 +178,27 @@ qcrypto_tls_creds_prop_get_dir(Object *obj,
|
||||
}
|
||||
|
||||
|
||||
static void
|
||||
qcrypto_tls_creds_prop_set_priority(Object *obj,
|
||||
const char *value,
|
||||
Error **errp G_GNUC_UNUSED)
|
||||
{
|
||||
QCryptoTLSCreds *creds = QCRYPTO_TLS_CREDS(obj);
|
||||
|
||||
creds->priority = g_strdup(value);
|
||||
}
|
||||
|
||||
|
||||
static char *
|
||||
qcrypto_tls_creds_prop_get_priority(Object *obj,
|
||||
Error **errp G_GNUC_UNUSED)
|
||||
{
|
||||
QCryptoTLSCreds *creds = QCRYPTO_TLS_CREDS(obj);
|
||||
|
||||
return g_strdup(creds->priority);
|
||||
}
|
||||
|
||||
|
||||
static void
|
||||
qcrypto_tls_creds_prop_set_endpoint(Object *obj,
|
||||
int value,
|
||||
@ -216,6 +237,10 @@ qcrypto_tls_creds_class_init(ObjectClass *oc, void *data)
|
||||
qcrypto_tls_creds_prop_get_endpoint,
|
||||
qcrypto_tls_creds_prop_set_endpoint,
|
||||
NULL);
|
||||
object_class_property_add_str(oc, "priority",
|
||||
qcrypto_tls_creds_prop_get_priority,
|
||||
qcrypto_tls_creds_prop_set_priority,
|
||||
NULL);
|
||||
}
|
||||
|
||||
|
||||
@ -234,6 +259,7 @@ qcrypto_tls_creds_finalize(Object *obj)
|
||||
QCryptoTLSCreds *creds = QCRYPTO_TLS_CREDS(obj);
|
||||
|
||||
g_free(creds->dir);
|
||||
g_free(creds->priority);
|
||||
}
|
||||
|
||||
|
||||
|
@ -132,14 +132,22 @@ qcrypto_tls_session_new(QCryptoTLSCreds *creds,
|
||||
if (object_dynamic_cast(OBJECT(creds),
|
||||
TYPE_QCRYPTO_TLS_CREDS_ANON)) {
|
||||
QCryptoTLSCredsAnon *acreds = QCRYPTO_TLS_CREDS_ANON(creds);
|
||||
char *prio;
|
||||
|
||||
ret = gnutls_priority_set_direct(session->handle,
|
||||
"NORMAL:+ANON-DH", NULL);
|
||||
if (creds->priority != NULL) {
|
||||
prio = g_strdup_printf("%s:+ANON-DH", creds->priority);
|
||||
} else {
|
||||
prio = g_strdup(CONFIG_TLS_PRIORITY ":+ANON-DH");
|
||||
}
|
||||
|
||||
ret = gnutls_priority_set_direct(session->handle, prio, NULL);
|
||||
if (ret < 0) {
|
||||
error_setg(errp, "Unable to set TLS session priority: %s",
|
||||
gnutls_strerror(ret));
|
||||
error_setg(errp, "Unable to set TLS session priority %s: %s",
|
||||
prio, gnutls_strerror(ret));
|
||||
g_free(prio);
|
||||
goto error;
|
||||
}
|
||||
g_free(prio);
|
||||
if (creds->endpoint == QCRYPTO_TLS_CREDS_ENDPOINT_SERVER) {
|
||||
ret = gnutls_credentials_set(session->handle,
|
||||
GNUTLS_CRD_ANON,
|
||||
@ -157,11 +165,15 @@ qcrypto_tls_session_new(QCryptoTLSCreds *creds,
|
||||
} else if (object_dynamic_cast(OBJECT(creds),
|
||||
TYPE_QCRYPTO_TLS_CREDS_X509)) {
|
||||
QCryptoTLSCredsX509 *tcreds = QCRYPTO_TLS_CREDS_X509(creds);
|
||||
const char *prio = creds->priority;
|
||||
if (!prio) {
|
||||
prio = CONFIG_TLS_PRIORITY;
|
||||
}
|
||||
|
||||
ret = gnutls_set_default_priority(session->handle);
|
||||
ret = gnutls_priority_set_direct(session->handle, prio, NULL);
|
||||
if (ret < 0) {
|
||||
error_setg(errp, "Cannot set default TLS session priority: %s",
|
||||
gnutls_strerror(ret));
|
||||
error_setg(errp, "Cannot set default TLS session priority %s: %s",
|
||||
prio, gnutls_strerror(ret));
|
||||
goto error;
|
||||
}
|
||||
ret = gnutls_credentials_set(session->handle,
|
||||
|
@ -54,6 +54,7 @@ struct QCryptoTLSCreds {
|
||||
gnutls_dh_params_t dh_params;
|
||||
#endif
|
||||
bool verifyPeer;
|
||||
char *priority;
|
||||
};
|
||||
|
||||
|
||||
|
@ -42,12 +42,16 @@
|
||||
#
|
||||
# @md5: MD5. Should not be used in any new code, legacy compat only
|
||||
# @sha1: SHA-1. Should not be used in any new code, legacy compat only
|
||||
# @sha224: SHA-224. (since 2.7)
|
||||
# @sha256: SHA-256. Current recommended strong hash.
|
||||
# @sha384: SHA-384. (since 2.7)
|
||||
# @sha512: SHA-512. (since 2.7)
|
||||
# @ripemd160: RIPEMD-160. (since 2.7)
|
||||
# Since: 2.6
|
||||
##
|
||||
{ 'enum': 'QCryptoHashAlgorithm',
|
||||
'prefix': 'QCRYPTO_HASH_ALG',
|
||||
'data': ['md5', 'sha1', 'sha256']}
|
||||
'data': ['md5', 'sha1', 'sha224', 'sha256', 'sha384', 'sha512', 'ripemd160']}
|
||||
|
||||
|
||||
##
|
||||
|
@ -86,7 +86,7 @@ check-unit-y += tests/test-qemu-opts$(EXESUF)
|
||||
gcov-files-test-qemu-opts-y = qom/test-qemu-opts.c
|
||||
check-unit-y += tests/test-write-threshold$(EXESUF)
|
||||
gcov-files-test-write-threshold-y = block/write-threshold.c
|
||||
check-unit-$(CONFIG_GNUTLS_HASH) += tests/test-crypto-hash$(EXESUF)
|
||||
check-unit-y += tests/test-crypto-hash$(EXESUF)
|
||||
check-unit-y += tests/test-crypto-cipher$(EXESUF)
|
||||
check-unit-y += tests/test-crypto-secret$(EXESUF)
|
||||
check-unit-$(CONFIG_GNUTLS) += tests/test-crypto-tlscredsx509$(EXESUF)
|
||||
|
@ -153,6 +153,8 @@ def cryptsetup_format(config):
|
||||
cipher = config.cipher + "-" + config.mode + "-" + config.ivgen
|
||||
if config.ivgen_hash is not None:
|
||||
cipher = cipher + ":" + config.ivgen_hash
|
||||
elif config.ivgen == "essiv":
|
||||
cipher = cipher + ":" + "sha256"
|
||||
args.extend(["--cipher", cipher])
|
||||
if config.mode == "xts":
|
||||
args.extend(["--key-size", str(config.keylen * 2)])
|
||||
@ -479,6 +481,16 @@ configs = [
|
||||
"6": "slot6",
|
||||
"7": "slot7",
|
||||
}),
|
||||
|
||||
# Check handling of default hash alg (sha256) with essiv
|
||||
LUKSConfig("aes-256-cbc-essiv-auto-sha1",
|
||||
"aes", 256, "cbc", "essiv", None, "sha1"),
|
||||
|
||||
# Check that a useless hash provided for 'plain64' iv gen
|
||||
# is ignored and no error raised
|
||||
LUKSConfig("aes-256-cbc-plain64-sha256-sha1",
|
||||
"aes", 256, "cbc", "plain64", "sha256", "sha1"),
|
||||
|
||||
]
|
||||
|
||||
blacklist = [
|
||||
|
@ -1878,3 +1878,243 @@ sudo cryptsetup -q -v luksClose qiotest-145-aes-256-xts-plain-sha1-pwallslots
|
||||
# Delete image
|
||||
unlink TEST_DIR/luks-aes-256-xts-plain-sha1-pwallslots.img
|
||||
|
||||
# ================= dm-crypt aes-256-cbc-essiv-auto-sha1 =================
|
||||
# Create image
|
||||
truncate TEST_DIR/luks-aes-256-cbc-essiv-auto-sha1.img --size 4194304MB
|
||||
# Format image
|
||||
sudo cryptsetup -q -v luksFormat --cipher aes-cbc-essiv:sha256 --key-size 256 --hash sha1 --key-slot 0 --key-file - TEST_DIR/luks-aes-256-cbc-essiv-auto-sha1.img
|
||||
# Open dev
|
||||
sudo cryptsetup -q -v luksOpen TEST_DIR/luks-aes-256-cbc-essiv-auto-sha1.img qiotest-145-aes-256-cbc-essiv-auto-sha1
|
||||
# Set dev owner
|
||||
sudo chown UID:GID /dev/mapper/qiotest-145-aes-256-cbc-essiv-auto-sha1
|
||||
# Write test pattern 0xa7
|
||||
qemu-io -c write -P 0xa7 100M 10M --image-opts driver=file,filename=/dev/mapper/qiotest-145-aes-256-cbc-essiv-auto-sha1
|
||||
wrote 10485760/10485760 bytes at offset 104857600
|
||||
10 MiB, X ops; XX:XX:XX.X (XXX YYY/sec and XXX ops/sec)
|
||||
|
||||
# Write test pattern 0x13
|
||||
qemu-io -c write -P 0x13 3145728M 10M --image-opts driver=file,filename=/dev/mapper/qiotest-145-aes-256-cbc-essiv-auto-sha1
|
||||
wrote 10485760/10485760 bytes at offset 3298534883328
|
||||
10 MiB, X ops; XX:XX:XX.X (XXX YYY/sec and XXX ops/sec)
|
||||
|
||||
# Close dev
|
||||
sudo cryptsetup -q -v luksClose qiotest-145-aes-256-cbc-essiv-auto-sha1
|
||||
# Read test pattern 0xa7
|
||||
qemu-io -c read -P 0xa7 100M 10M --object secret,id=sec0,data=MTIzNDU2,format=base64 --image-opts driver=luks,key-secret=sec0,file.filename=TEST_DIR/luks-aes-256-cbc-essiv-auto-sha1.img
|
||||
read 10485760/10485760 bytes at offset 104857600
|
||||
10 MiB, X ops; XX:XX:XX.X (XXX YYY/sec and XXX ops/sec)
|
||||
|
||||
# Read test pattern 0x13
|
||||
qemu-io -c read -P 0x13 3145728M 10M --object secret,id=sec0,data=MTIzNDU2,format=base64 --image-opts driver=luks,key-secret=sec0,file.filename=TEST_DIR/luks-aes-256-cbc-essiv-auto-sha1.img
|
||||
read 10485760/10485760 bytes at offset 3298534883328
|
||||
10 MiB, X ops; XX:XX:XX.X (XXX YYY/sec and XXX ops/sec)
|
||||
|
||||
# Write test pattern 0x91
|
||||
qemu-io -c write -P 0x91 100M 10M --object secret,id=sec0,data=MTIzNDU2,format=base64 --image-opts driver=luks,key-secret=sec0,file.filename=TEST_DIR/luks-aes-256-cbc-essiv-auto-sha1.img
|
||||
wrote 10485760/10485760 bytes at offset 104857600
|
||||
10 MiB, X ops; XX:XX:XX.X (XXX YYY/sec and XXX ops/sec)
|
||||
|
||||
# Write test pattern 0x5e
|
||||
qemu-io -c write -P 0x5e 3145728M 10M --object secret,id=sec0,data=MTIzNDU2,format=base64 --image-opts driver=luks,key-secret=sec0,file.filename=TEST_DIR/luks-aes-256-cbc-essiv-auto-sha1.img
|
||||
wrote 10485760/10485760 bytes at offset 3298534883328
|
||||
10 MiB, X ops; XX:XX:XX.X (XXX YYY/sec and XXX ops/sec)
|
||||
|
||||
# Open dev
|
||||
sudo cryptsetup -q -v luksOpen TEST_DIR/luks-aes-256-cbc-essiv-auto-sha1.img qiotest-145-aes-256-cbc-essiv-auto-sha1
|
||||
# Set dev owner
|
||||
sudo chown UID:GID /dev/mapper/qiotest-145-aes-256-cbc-essiv-auto-sha1
|
||||
# Read test pattern 0x91
|
||||
qemu-io -c read -P 0x91 100M 10M --image-opts driver=file,filename=/dev/mapper/qiotest-145-aes-256-cbc-essiv-auto-sha1
|
||||
read 10485760/10485760 bytes at offset 104857600
|
||||
10 MiB, X ops; XX:XX:XX.X (XXX YYY/sec and XXX ops/sec)
|
||||
|
||||
# Read test pattern 0x5e
|
||||
qemu-io -c read -P 0x5e 3145728M 10M --image-opts driver=file,filename=/dev/mapper/qiotest-145-aes-256-cbc-essiv-auto-sha1
|
||||
read 10485760/10485760 bytes at offset 3298534883328
|
||||
10 MiB, X ops; XX:XX:XX.X (XXX YYY/sec and XXX ops/sec)
|
||||
|
||||
# Close dev
|
||||
sudo cryptsetup -q -v luksClose qiotest-145-aes-256-cbc-essiv-auto-sha1
|
||||
# Delete image
|
||||
unlink TEST_DIR/luks-aes-256-cbc-essiv-auto-sha1.img
|
||||
|
||||
# ================= qemu-img aes-256-cbc-essiv-auto-sha1 =================
|
||||
# Create image
|
||||
qemu-img create -f luks --object secret,id=sec0,data=MTIzNDU2,format=base64 -o key-secret=sec0,cipher-alg=aes-256,cipher-mode=cbc,ivgen-alg=essiv,hash-alg=sha1 TEST_DIR/luks-aes-256-cbc-essiv-auto-sha1.img 4194304M
|
||||
Formatting 'TEST_DIR/luks-aes-256-cbc-essiv-auto-sha1.img', fmt=luks size=4398046511104 key-secret=sec0 cipher-alg=aes-256 cipher-mode=cbc ivgen-alg=essiv hash-alg=sha1
|
||||
|
||||
# Open dev
|
||||
sudo cryptsetup -q -v luksOpen TEST_DIR/luks-aes-256-cbc-essiv-auto-sha1.img qiotest-145-aes-256-cbc-essiv-auto-sha1
|
||||
# Set dev owner
|
||||
sudo chown UID:GID /dev/mapper/qiotest-145-aes-256-cbc-essiv-auto-sha1
|
||||
# Write test pattern 0xa7
|
||||
qemu-io -c write -P 0xa7 100M 10M --image-opts driver=file,filename=/dev/mapper/qiotest-145-aes-256-cbc-essiv-auto-sha1
|
||||
wrote 10485760/10485760 bytes at offset 104857600
|
||||
10 MiB, X ops; XX:XX:XX.X (XXX YYY/sec and XXX ops/sec)
|
||||
|
||||
# Write test pattern 0x13
|
||||
qemu-io -c write -P 0x13 3145728M 10M --image-opts driver=file,filename=/dev/mapper/qiotest-145-aes-256-cbc-essiv-auto-sha1
|
||||
wrote 10485760/10485760 bytes at offset 3298534883328
|
||||
10 MiB, X ops; XX:XX:XX.X (XXX YYY/sec and XXX ops/sec)
|
||||
|
||||
# Close dev
|
||||
sudo cryptsetup -q -v luksClose qiotest-145-aes-256-cbc-essiv-auto-sha1
|
||||
# Read test pattern 0xa7
|
||||
qemu-io -c read -P 0xa7 100M 10M --object secret,id=sec0,data=MTIzNDU2,format=base64 --image-opts driver=luks,key-secret=sec0,file.filename=TEST_DIR/luks-aes-256-cbc-essiv-auto-sha1.img
|
||||
read 10485760/10485760 bytes at offset 104857600
|
||||
10 MiB, X ops; XX:XX:XX.X (XXX YYY/sec and XXX ops/sec)
|
||||
|
||||
# Read test pattern 0x13
|
||||
qemu-io -c read -P 0x13 3145728M 10M --object secret,id=sec0,data=MTIzNDU2,format=base64 --image-opts driver=luks,key-secret=sec0,file.filename=TEST_DIR/luks-aes-256-cbc-essiv-auto-sha1.img
|
||||
read 10485760/10485760 bytes at offset 3298534883328
|
||||
10 MiB, X ops; XX:XX:XX.X (XXX YYY/sec and XXX ops/sec)
|
||||
|
||||
# Write test pattern 0x91
|
||||
qemu-io -c write -P 0x91 100M 10M --object secret,id=sec0,data=MTIzNDU2,format=base64 --image-opts driver=luks,key-secret=sec0,file.filename=TEST_DIR/luks-aes-256-cbc-essiv-auto-sha1.img
|
||||
wrote 10485760/10485760 bytes at offset 104857600
|
||||
10 MiB, X ops; XX:XX:XX.X (XXX YYY/sec and XXX ops/sec)
|
||||
|
||||
# Write test pattern 0x5e
|
||||
qemu-io -c write -P 0x5e 3145728M 10M --object secret,id=sec0,data=MTIzNDU2,format=base64 --image-opts driver=luks,key-secret=sec0,file.filename=TEST_DIR/luks-aes-256-cbc-essiv-auto-sha1.img
|
||||
wrote 10485760/10485760 bytes at offset 3298534883328
|
||||
10 MiB, X ops; XX:XX:XX.X (XXX YYY/sec and XXX ops/sec)
|
||||
|
||||
# Open dev
|
||||
sudo cryptsetup -q -v luksOpen TEST_DIR/luks-aes-256-cbc-essiv-auto-sha1.img qiotest-145-aes-256-cbc-essiv-auto-sha1
|
||||
# Set dev owner
|
||||
sudo chown UID:GID /dev/mapper/qiotest-145-aes-256-cbc-essiv-auto-sha1
|
||||
# Read test pattern 0x91
|
||||
qemu-io -c read -P 0x91 100M 10M --image-opts driver=file,filename=/dev/mapper/qiotest-145-aes-256-cbc-essiv-auto-sha1
|
||||
read 10485760/10485760 bytes at offset 104857600
|
||||
10 MiB, X ops; XX:XX:XX.X (XXX YYY/sec and XXX ops/sec)
|
||||
|
||||
# Read test pattern 0x5e
|
||||
qemu-io -c read -P 0x5e 3145728M 10M --image-opts driver=file,filename=/dev/mapper/qiotest-145-aes-256-cbc-essiv-auto-sha1
|
||||
read 10485760/10485760 bytes at offset 3298534883328
|
||||
10 MiB, X ops; XX:XX:XX.X (XXX YYY/sec and XXX ops/sec)
|
||||
|
||||
# Close dev
|
||||
sudo cryptsetup -q -v luksClose qiotest-145-aes-256-cbc-essiv-auto-sha1
|
||||
# Delete image
|
||||
unlink TEST_DIR/luks-aes-256-cbc-essiv-auto-sha1.img
|
||||
|
||||
# ================= dm-crypt aes-256-cbc-plain64-sha256-sha1 =================
|
||||
# Create image
|
||||
truncate TEST_DIR/luks-aes-256-cbc-plain64-sha256-sha1.img --size 4194304MB
|
||||
# Format image
|
||||
sudo cryptsetup -q -v luksFormat --cipher aes-cbc-plain64:sha256 --key-size 256 --hash sha1 --key-slot 0 --key-file - TEST_DIR/luks-aes-256-cbc-plain64-sha256-sha1.img
|
||||
# Open dev
|
||||
sudo cryptsetup -q -v luksOpen TEST_DIR/luks-aes-256-cbc-plain64-sha256-sha1.img qiotest-145-aes-256-cbc-plain64-sha256-sha1
|
||||
# Set dev owner
|
||||
sudo chown UID:GID /dev/mapper/qiotest-145-aes-256-cbc-plain64-sha256-sha1
|
||||
# Write test pattern 0xa7
|
||||
qemu-io -c write -P 0xa7 100M 10M --image-opts driver=file,filename=/dev/mapper/qiotest-145-aes-256-cbc-plain64-sha256-sha1
|
||||
wrote 10485760/10485760 bytes at offset 104857600
|
||||
10 MiB, X ops; XX:XX:XX.X (XXX YYY/sec and XXX ops/sec)
|
||||
|
||||
# Write test pattern 0x13
|
||||
qemu-io -c write -P 0x13 3145728M 10M --image-opts driver=file,filename=/dev/mapper/qiotest-145-aes-256-cbc-plain64-sha256-sha1
|
||||
wrote 10485760/10485760 bytes at offset 3298534883328
|
||||
10 MiB, X ops; XX:XX:XX.X (XXX YYY/sec and XXX ops/sec)
|
||||
|
||||
# Close dev
|
||||
sudo cryptsetup -q -v luksClose qiotest-145-aes-256-cbc-plain64-sha256-sha1
|
||||
# Read test pattern 0xa7
|
||||
qemu-io -c read -P 0xa7 100M 10M --object secret,id=sec0,data=MTIzNDU2,format=base64 --image-opts driver=luks,key-secret=sec0,file.filename=TEST_DIR/luks-aes-256-cbc-plain64-sha256-sha1.img
|
||||
read 10485760/10485760 bytes at offset 104857600
|
||||
10 MiB, X ops; XX:XX:XX.X (XXX YYY/sec and XXX ops/sec)
|
||||
|
||||
# Read test pattern 0x13
|
||||
qemu-io -c read -P 0x13 3145728M 10M --object secret,id=sec0,data=MTIzNDU2,format=base64 --image-opts driver=luks,key-secret=sec0,file.filename=TEST_DIR/luks-aes-256-cbc-plain64-sha256-sha1.img
|
||||
read 10485760/10485760 bytes at offset 3298534883328
|
||||
10 MiB, X ops; XX:XX:XX.X (XXX YYY/sec and XXX ops/sec)
|
||||
|
||||
# Write test pattern 0x91
|
||||
qemu-io -c write -P 0x91 100M 10M --object secret,id=sec0,data=MTIzNDU2,format=base64 --image-opts driver=luks,key-secret=sec0,file.filename=TEST_DIR/luks-aes-256-cbc-plain64-sha256-sha1.img
|
||||
wrote 10485760/10485760 bytes at offset 104857600
|
||||
10 MiB, X ops; XX:XX:XX.X (XXX YYY/sec and XXX ops/sec)
|
||||
|
||||
# Write test pattern 0x5e
|
||||
qemu-io -c write -P 0x5e 3145728M 10M --object secret,id=sec0,data=MTIzNDU2,format=base64 --image-opts driver=luks,key-secret=sec0,file.filename=TEST_DIR/luks-aes-256-cbc-plain64-sha256-sha1.img
|
||||
wrote 10485760/10485760 bytes at offset 3298534883328
|
||||
10 MiB, X ops; XX:XX:XX.X (XXX YYY/sec and XXX ops/sec)
|
||||
|
||||
# Open dev
|
||||
sudo cryptsetup -q -v luksOpen TEST_DIR/luks-aes-256-cbc-plain64-sha256-sha1.img qiotest-145-aes-256-cbc-plain64-sha256-sha1
|
||||
# Set dev owner
|
||||
sudo chown UID:GID /dev/mapper/qiotest-145-aes-256-cbc-plain64-sha256-sha1
|
||||
# Read test pattern 0x91
|
||||
qemu-io -c read -P 0x91 100M 10M --image-opts driver=file,filename=/dev/mapper/qiotest-145-aes-256-cbc-plain64-sha256-sha1
|
||||
read 10485760/10485760 bytes at offset 104857600
|
||||
10 MiB, X ops; XX:XX:XX.X (XXX YYY/sec and XXX ops/sec)
|
||||
|
||||
# Read test pattern 0x5e
|
||||
qemu-io -c read -P 0x5e 3145728M 10M --image-opts driver=file,filename=/dev/mapper/qiotest-145-aes-256-cbc-plain64-sha256-sha1
|
||||
read 10485760/10485760 bytes at offset 3298534883328
|
||||
10 MiB, X ops; XX:XX:XX.X (XXX YYY/sec and XXX ops/sec)
|
||||
|
||||
# Close dev
|
||||
sudo cryptsetup -q -v luksClose qiotest-145-aes-256-cbc-plain64-sha256-sha1
|
||||
# Delete image
|
||||
unlink TEST_DIR/luks-aes-256-cbc-plain64-sha256-sha1.img
|
||||
|
||||
# ================= qemu-img aes-256-cbc-plain64-sha256-sha1 =================
|
||||
# Create image
|
||||
qemu-img create -f luks --object secret,id=sec0,data=MTIzNDU2,format=base64 -o key-secret=sec0,cipher-alg=aes-256,cipher-mode=cbc,ivgen-alg=plain64,hash-alg=sha1,ivgen-hash-alg=sha256 TEST_DIR/luks-aes-256-cbc-plain64-sha256-sha1.img 4194304M
|
||||
Formatting 'TEST_DIR/luks-aes-256-cbc-plain64-sha256-sha1.img', fmt=luks size=4398046511104 key-secret=sec0 cipher-alg=aes-256 cipher-mode=cbc ivgen-alg=plain64 ivgen-hash-alg=sha256 hash-alg=sha1
|
||||
|
||||
# Open dev
|
||||
sudo cryptsetup -q -v luksOpen TEST_DIR/luks-aes-256-cbc-plain64-sha256-sha1.img qiotest-145-aes-256-cbc-plain64-sha256-sha1
|
||||
# Set dev owner
|
||||
sudo chown UID:GID /dev/mapper/qiotest-145-aes-256-cbc-plain64-sha256-sha1
|
||||
# Write test pattern 0xa7
|
||||
qemu-io -c write -P 0xa7 100M 10M --image-opts driver=file,filename=/dev/mapper/qiotest-145-aes-256-cbc-plain64-sha256-sha1
|
||||
wrote 10485760/10485760 bytes at offset 104857600
|
||||
10 MiB, X ops; XX:XX:XX.X (XXX YYY/sec and XXX ops/sec)
|
||||
|
||||
# Write test pattern 0x13
|
||||
qemu-io -c write -P 0x13 3145728M 10M --image-opts driver=file,filename=/dev/mapper/qiotest-145-aes-256-cbc-plain64-sha256-sha1
|
||||
wrote 10485760/10485760 bytes at offset 3298534883328
|
||||
10 MiB, X ops; XX:XX:XX.X (XXX YYY/sec and XXX ops/sec)
|
||||
|
||||
# Close dev
|
||||
sudo cryptsetup -q -v luksClose qiotest-145-aes-256-cbc-plain64-sha256-sha1
|
||||
# Read test pattern 0xa7
|
||||
qemu-io -c read -P 0xa7 100M 10M --object secret,id=sec0,data=MTIzNDU2,format=base64 --image-opts driver=luks,key-secret=sec0,file.filename=TEST_DIR/luks-aes-256-cbc-plain64-sha256-sha1.img
|
||||
read 10485760/10485760 bytes at offset 104857600
|
||||
10 MiB, X ops; XX:XX:XX.X (XXX YYY/sec and XXX ops/sec)
|
||||
|
||||
# Read test pattern 0x13
|
||||
qemu-io -c read -P 0x13 3145728M 10M --object secret,id=sec0,data=MTIzNDU2,format=base64 --image-opts driver=luks,key-secret=sec0,file.filename=TEST_DIR/luks-aes-256-cbc-plain64-sha256-sha1.img
|
||||
read 10485760/10485760 bytes at offset 3298534883328
|
||||
10 MiB, X ops; XX:XX:XX.X (XXX YYY/sec and XXX ops/sec)
|
||||
|
||||
# Write test pattern 0x91
|
||||
qemu-io -c write -P 0x91 100M 10M --object secret,id=sec0,data=MTIzNDU2,format=base64 --image-opts driver=luks,key-secret=sec0,file.filename=TEST_DIR/luks-aes-256-cbc-plain64-sha256-sha1.img
|
||||
wrote 10485760/10485760 bytes at offset 104857600
|
||||
10 MiB, X ops; XX:XX:XX.X (XXX YYY/sec and XXX ops/sec)
|
||||
|
||||
# Write test pattern 0x5e
|
||||
qemu-io -c write -P 0x5e 3145728M 10M --object secret,id=sec0,data=MTIzNDU2,format=base64 --image-opts driver=luks,key-secret=sec0,file.filename=TEST_DIR/luks-aes-256-cbc-plain64-sha256-sha1.img
|
||||
wrote 10485760/10485760 bytes at offset 3298534883328
|
||||
10 MiB, X ops; XX:XX:XX.X (XXX YYY/sec and XXX ops/sec)
|
||||
|
||||
# Open dev
|
||||
sudo cryptsetup -q -v luksOpen TEST_DIR/luks-aes-256-cbc-plain64-sha256-sha1.img qiotest-145-aes-256-cbc-plain64-sha256-sha1
|
||||
# Set dev owner
|
||||
sudo chown UID:GID /dev/mapper/qiotest-145-aes-256-cbc-plain64-sha256-sha1
|
||||
# Read test pattern 0x91
|
||||
qemu-io -c read -P 0x91 100M 10M --image-opts driver=file,filename=/dev/mapper/qiotest-145-aes-256-cbc-plain64-sha256-sha1
|
||||
read 10485760/10485760 bytes at offset 104857600
|
||||
10 MiB, X ops; XX:XX:XX.X (XXX YYY/sec and XXX ops/sec)
|
||||
|
||||
# Read test pattern 0x5e
|
||||
qemu-io -c read -P 0x5e 3145728M 10M --image-opts driver=file,filename=/dev/mapper/qiotest-145-aes-256-cbc-plain64-sha256-sha1
|
||||
read 10485760/10485760 bytes at offset 3298534883328
|
||||
10 MiB, X ops; XX:XX:XX.X (XXX YYY/sec and XXX ops/sec)
|
||||
|
||||
# Close dev
|
||||
sudo cryptsetup -q -v luksClose qiotest-145-aes-256-cbc-plain64-sha256-sha1
|
||||
# Delete image
|
||||
unlink TEST_DIR/luks-aes-256-cbc-plain64-sha256-sha1.img
|
||||
|
||||
|
@ -30,27 +30,56 @@
|
||||
|
||||
#define OUTPUT_MD5 "628d206371563035ab8ef62f492bdec9"
|
||||
#define OUTPUT_SHA1 "b2e74f26758a3a421e509cee045244b78753cc02"
|
||||
#define OUTPUT_SHA224 "e2f7415aad33ef79f6516b0986d7175f" \
|
||||
"9ca3389a85bf6cfed078737b"
|
||||
#define OUTPUT_SHA256 "bc757abb0436586f392b437e5dd24096" \
|
||||
"f7f224de6b74d4d86e2abc6121b160d0"
|
||||
#define OUTPUT_SHA384 "887ce52efb4f46700376356583b7e279" \
|
||||
"4f612bd024e4495087ddb946c448c69d" \
|
||||
"56dbf7152a94a5e63a80f3ba9f0eed78"
|
||||
#define OUTPUT_SHA512 "3a90d79638235ec6c4c11bebd84d83c0" \
|
||||
"549bc1e84edc4b6ec7086487641256cb" \
|
||||
"63b54e4cb2d2032b393994aa263c0dbb" \
|
||||
"e00a9f2fe9ef6037352232a1eec55ee7"
|
||||
#define OUTPUT_RIPEMD160 "f3d658fad3fdfb2b52c9369cf0d441249ddfa8a0"
|
||||
|
||||
#define OUTPUT_MD5_B64 "Yo0gY3FWMDWrjvYvSSveyQ=="
|
||||
#define OUTPUT_SHA1_B64 "sudPJnWKOkIeUJzuBFJEt4dTzAI="
|
||||
#define OUTPUT_SHA224_B64 "4vdBWq0z73n2UWsJhtcXX5yjOJqFv2z+0Hhzew=="
|
||||
#define OUTPUT_SHA256_B64 "vHV6uwQ2WG85K0N+XdJAlvfyJN5rdNTYbiq8YSGxYNA="
|
||||
#define OUTPUT_SHA384_B64 "iHzlLvtPRnADdjVlg7fieU9hK9Ak5ElQh925RsRI" \
|
||||
"xp1W2/cVKpSl5jqA87qfDu14"
|
||||
#define OUTPUT_SHA512_B64 "OpDXljgjXsbEwRvr2E2DwFSbwehO3Etuxwhkh2QS" \
|
||||
"VstjtU5MstIDKzk5lKomPA274AqfL+nvYDc1IjKh" \
|
||||
"7sVe5w=="
|
||||
#define OUTPUT_RIPEMD160_B64 "89ZY+tP9+ytSyTac8NRBJJ3fqKA="
|
||||
|
||||
static const char *expected_outputs[] = {
|
||||
[QCRYPTO_HASH_ALG_MD5] = OUTPUT_MD5,
|
||||
[QCRYPTO_HASH_ALG_SHA1] = OUTPUT_SHA1,
|
||||
[QCRYPTO_HASH_ALG_SHA224] = OUTPUT_SHA224,
|
||||
[QCRYPTO_HASH_ALG_SHA256] = OUTPUT_SHA256,
|
||||
[QCRYPTO_HASH_ALG_SHA384] = OUTPUT_SHA384,
|
||||
[QCRYPTO_HASH_ALG_SHA512] = OUTPUT_SHA512,
|
||||
[QCRYPTO_HASH_ALG_RIPEMD160] = OUTPUT_RIPEMD160,
|
||||
};
|
||||
static const char *expected_outputs_b64[] = {
|
||||
[QCRYPTO_HASH_ALG_MD5] = OUTPUT_MD5_B64,
|
||||
[QCRYPTO_HASH_ALG_SHA1] = OUTPUT_SHA1_B64,
|
||||
[QCRYPTO_HASH_ALG_SHA224] = OUTPUT_SHA224_B64,
|
||||
[QCRYPTO_HASH_ALG_SHA256] = OUTPUT_SHA256_B64,
|
||||
[QCRYPTO_HASH_ALG_SHA384] = OUTPUT_SHA384_B64,
|
||||
[QCRYPTO_HASH_ALG_SHA512] = OUTPUT_SHA512_B64,
|
||||
[QCRYPTO_HASH_ALG_RIPEMD160] = OUTPUT_RIPEMD160_B64,
|
||||
};
|
||||
static const int expected_lens[] = {
|
||||
[QCRYPTO_HASH_ALG_MD5] = 16,
|
||||
[QCRYPTO_HASH_ALG_SHA1] = 20,
|
||||
[QCRYPTO_HASH_ALG_SHA224] = 28,
|
||||
[QCRYPTO_HASH_ALG_SHA256] = 32,
|
||||
[QCRYPTO_HASH_ALG_SHA384] = 48,
|
||||
[QCRYPTO_HASH_ALG_SHA512] = 64,
|
||||
[QCRYPTO_HASH_ALG_RIPEMD160] = 20,
|
||||
};
|
||||
|
||||
static const char hex[] = "0123456789abcdef";
|
||||
@ -68,6 +97,10 @@ static void test_hash_alloc(void)
|
||||
int ret;
|
||||
size_t j;
|
||||
|
||||
if (!qcrypto_hash_supports(i)) {
|
||||
continue;
|
||||
}
|
||||
|
||||
ret = qcrypto_hash_bytes(i,
|
||||
INPUT_TEXT,
|
||||
strlen(INPUT_TEXT),
|
||||
@ -98,6 +131,10 @@ static void test_hash_prealloc(void)
|
||||
int ret;
|
||||
size_t j;
|
||||
|
||||
if (!qcrypto_hash_supports(i)) {
|
||||
continue;
|
||||
}
|
||||
|
||||
resultlen = expected_lens[i];
|
||||
result = g_new0(uint8_t, resultlen);
|
||||
|
||||
@ -137,6 +174,10 @@ static void test_hash_iov(void)
|
||||
int ret;
|
||||
size_t j;
|
||||
|
||||
if (!qcrypto_hash_supports(i)) {
|
||||
continue;
|
||||
}
|
||||
|
||||
ret = qcrypto_hash_bytesv(i,
|
||||
iov, 3,
|
||||
&result,
|
||||
@ -165,6 +206,10 @@ static void test_hash_digest(void)
|
||||
char *digest;
|
||||
size_t digestsize;
|
||||
|
||||
if (!qcrypto_hash_supports(i)) {
|
||||
continue;
|
||||
}
|
||||
|
||||
digestsize = qcrypto_hash_digest_len(i);
|
||||
|
||||
g_assert_cmpint(digestsize * 2, ==, strlen(expected_outputs[i]));
|
||||
@ -175,7 +220,7 @@ static void test_hash_digest(void)
|
||||
&digest,
|
||||
NULL);
|
||||
g_assert(ret == 0);
|
||||
g_assert(g_str_equal(digest, expected_outputs[i]));
|
||||
g_assert_cmpstr(digest, ==, expected_outputs[i]);
|
||||
g_free(digest);
|
||||
}
|
||||
}
|
||||
@ -191,13 +236,17 @@ static void test_hash_base64(void)
|
||||
int ret;
|
||||
char *digest;
|
||||
|
||||
if (!qcrypto_hash_supports(i)) {
|
||||
continue;
|
||||
}
|
||||
|
||||
ret = qcrypto_hash_base64(i,
|
||||
INPUT_TEXT,
|
||||
strlen(INPUT_TEXT),
|
||||
&digest,
|
||||
NULL);
|
||||
g_assert(ret == 0);
|
||||
g_assert(g_str_equal(digest, expected_outputs_b64[i]));
|
||||
g_assert_cmpstr(digest, ==, expected_outputs_b64[i]);
|
||||
g_free(digest);
|
||||
}
|
||||
}
|
||||
|
@ -340,7 +340,7 @@ static void test_xts_aes_decrypt(const void *ctx,
|
||||
static void test_xts(const void *opaque)
|
||||
{
|
||||
const QCryptoXTSTestData *data = opaque;
|
||||
unsigned char OUT[512], Torg[16], T[16];
|
||||
unsigned char out[512], Torg[16], T[16];
|
||||
uint64_t seq;
|
||||
int j;
|
||||
unsigned long len;
|
||||
@ -371,38 +371,38 @@ static void test_xts(const void *opaque)
|
||||
xts_encrypt(&aesdata, &aestweak,
|
||||
test_xts_aes_encrypt,
|
||||
test_xts_aes_decrypt,
|
||||
T, data->PTLEN, OUT, data->PTX);
|
||||
T, data->PTLEN, out, data->PTX);
|
||||
} else {
|
||||
xts_encrypt(&aesdata, &aestweak,
|
||||
test_xts_aes_encrypt,
|
||||
test_xts_aes_decrypt,
|
||||
T, len, OUT, data->PTX);
|
||||
T, len, out, data->PTX);
|
||||
xts_encrypt(&aesdata, &aestweak,
|
||||
test_xts_aes_encrypt,
|
||||
test_xts_aes_decrypt,
|
||||
T, len, &OUT[len], &data->PTX[len]);
|
||||
T, len, &out[len], &data->PTX[len]);
|
||||
}
|
||||
|
||||
g_assert(memcmp(OUT, data->CTX, data->PTLEN) == 0);
|
||||
g_assert(memcmp(out, data->CTX, data->PTLEN) == 0);
|
||||
|
||||
memcpy(T, Torg, sizeof(T));
|
||||
if (j == 0) {
|
||||
xts_decrypt(&aesdata, &aestweak,
|
||||
test_xts_aes_encrypt,
|
||||
test_xts_aes_decrypt,
|
||||
T, data->PTLEN, OUT, data->CTX);
|
||||
T, data->PTLEN, out, data->CTX);
|
||||
} else {
|
||||
xts_decrypt(&aesdata, &aestweak,
|
||||
test_xts_aes_encrypt,
|
||||
test_xts_aes_decrypt,
|
||||
T, len, OUT, data->CTX);
|
||||
T, len, out, data->CTX);
|
||||
xts_decrypt(&aesdata, &aestweak,
|
||||
test_xts_aes_encrypt,
|
||||
test_xts_aes_decrypt,
|
||||
T, len, &OUT[len], &data->CTX[len]);
|
||||
T, len, &out[len], &data->CTX[len]);
|
||||
}
|
||||
|
||||
g_assert(memcmp(OUT, data->PTX, data->PTLEN) == 0);
|
||||
g_assert(memcmp(out, data->PTX, data->PTLEN) == 0);
|
||||
}
|
||||
}
|
||||
|
||||
|
Loading…
Reference in New Issue
Block a user