Merge qcrypto-next 2016/07/21 v1
-----BEGIN PGP SIGNATURE----- Version: GnuPG v1 iQIcBAABCAAGBQJXkJ7oAAoJEL6G67QVEE/fB1QQAIc984Q+Oaszm9BTjCeVhu+S rHJzzQGj8DAzDXpWC/JsVp0us7LhrMGSxAFWjwv9WGozDEYBGPhwch1wey/PkPUk 0toqAOrzDltFrU/dKnQPIkKZ7oQ9zCJY2HxhxiOdVwhrLwvTSUOB8BwLOqnN4/j7 NJq60x7JwBIuV6br5XcvQtGJEWimPtfev0b+aRg79lrBcxFZmvpnvEBco4inc/A7 UMNGTVHH9cS56s6WVU6JkK/gAdE3Ax3qTYDwQtiKYth97S1xtgvf0R0YmW2fCLri ylz+yLfciCqzNnvsB/zrodLiCABVN8SszvdkU7CngE8bKF5yLR7WjoziCw2pkwS9 iFzPG3cC2rr9alMRfEORUU18UZnm8fr7HcV9PgFmwvgZgKQdOuMZR0TVZ8aAHikF CuCCVP91fWC5qDEivxsKLjx0rFrjmQHKbC/0BbtMS2QmSnL+o84DrEt+S4eagW1X 8C2/jzWTPTLKoSEcDe5Ecv1B8PoC+4QMgsHyYs3OmZ60I7uhibEQWif8VZ3ZVR6T 9K8bEVhiE8fla729ZBgHDxa5mHt1lgTmOJXNKI+ZC8seAvw06SYxJGFjNK0a2IWI kxdXCIEoz/3OBJS+MWXjB4wdpMfz+8cHbaldOMgutmAJ41jRa1Hmn18gZC+9bzDb vCZogzXDVUAOvP5tcVPJ =TwN9 -----END PGP SIGNATURE----- Merge remote-tracking branch 'remotes/berrange/tags/pull-qcrypto-2016-07-21-1' into staging Merge qcrypto-next 2016/07/21 v1 # gpg: Signature made Thu 21 Jul 2016 11:07:36 BST # gpg: using RSA key 0xBE86EBB415104FDF # gpg: Good signature from "Daniel P. Berrange <dan@berrange.com>" # gpg: aka "Daniel P. Berrange <berrange@redhat.com>" # Primary key fingerprint: DAF3 A6FD B26B 6291 2D0E 8E3F BE86 EBB4 1510 4FDF * remotes/berrange/tags/pull-qcrypto-2016-07-21-1: crypto: don't open-code qcrypto_hash_supports crypto: use glib as fallback for hash algorithm crypto: use /dev/[u]random as a final fallback random source Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
This commit is contained in:
commit
7239247a2b
@ -2,6 +2,7 @@ crypto-obj-y = init.o
|
||||
crypto-obj-y += hash.o
|
||||
crypto-obj-$(CONFIG_NETTLE) += hash-nettle.o
|
||||
crypto-obj-$(if $(CONFIG_NETTLE),n,$(CONFIG_GCRYPT)) += hash-gcrypt.o
|
||||
crypto-obj-$(if $(CONFIG_NETTLE),n,$(if $(CONFIG_GCRYPT),n,y)) += hash-glib.o
|
||||
crypto-obj-y += aes.o
|
||||
crypto-obj-y += desrfb.o
|
||||
crypto-obj-y += cipher.o
|
||||
@ -12,6 +13,7 @@ crypto-obj-y += tlssession.o
|
||||
crypto-obj-y += secret.o
|
||||
crypto-obj-$(CONFIG_GCRYPT) += random-gcrypt.o
|
||||
crypto-obj-$(if $(CONFIG_GCRYPT),n,$(CONFIG_GNUTLS_RND)) += random-gnutls.o
|
||||
crypto-obj-$(if $(CONFIG_GCRYPT),n,$(if $(CONFIG_GNUTLS_RND),n,y)) += random-platform.o
|
||||
crypto-obj-y += pbkdf.o
|
||||
crypto-obj-$(CONFIG_NETTLE_KDF) += pbkdf-nettle.o
|
||||
crypto-obj-$(if $(CONFIG_NETTLE_KDF),n,$(CONFIG_GCRYPT_KDF)) += pbkdf-gcrypt.o
|
||||
@ -28,6 +30,4 @@ crypto-obj-y += block-luks.o
|
||||
# Let the userspace emulators avoid linking gnutls/etc
|
||||
crypto-aes-obj-y = aes.o
|
||||
|
||||
stub-obj-y += random-stub.o
|
||||
stub-obj-y += pbkdf-stub.o
|
||||
stub-obj-y += hash-stub.o
|
||||
|
@ -55,8 +55,7 @@ int qcrypto_hash_bytesv(QCryptoHashAlgorithm alg,
|
||||
gcry_md_hd_t md;
|
||||
unsigned char *digest;
|
||||
|
||||
if (alg >= G_N_ELEMENTS(qcrypto_hash_alg_map) ||
|
||||
qcrypto_hash_alg_map[alg] == GCRY_MD_NONE) {
|
||||
if (!qcrypto_hash_supports(alg)) {
|
||||
error_setg(errp,
|
||||
"Unknown hash algorithm %d",
|
||||
alg);
|
||||
|
97
crypto/hash-glib.c
Normal file
97
crypto/hash-glib.c
Normal file
@ -0,0 +1,97 @@
|
||||
/*
|
||||
* QEMU Crypto hash algorithms
|
||||
*
|
||||
* Copyright (c) 2016 Red Hat, Inc.
|
||||
*
|
||||
* This library is free software; you can redistribute it and/or
|
||||
* modify it under the terms of the GNU Lesser General Public
|
||||
* License as published by the Free Software Foundation; either
|
||||
* version 2 of the License, or (at your option) any later version.
|
||||
*
|
||||
* This library is distributed in the hope that it will be useful,
|
||||
* but WITHOUT ANY WARRANTY; without even the implied warranty of
|
||||
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
|
||||
* Lesser General Public License for more details.
|
||||
*
|
||||
* You should have received a copy of the GNU Lesser General Public
|
||||
* License along with this library; if not, see <http://www.gnu.org/licenses/>.
|
||||
*
|
||||
*/
|
||||
|
||||
#include "qemu/osdep.h"
|
||||
#include "qapi/error.h"
|
||||
#include "crypto/hash.h"
|
||||
|
||||
|
||||
static int qcrypto_hash_alg_map[QCRYPTO_HASH_ALG__MAX] = {
|
||||
[QCRYPTO_HASH_ALG_MD5] = G_CHECKSUM_MD5,
|
||||
[QCRYPTO_HASH_ALG_SHA1] = G_CHECKSUM_SHA1,
|
||||
[QCRYPTO_HASH_ALG_SHA224] = -1,
|
||||
[QCRYPTO_HASH_ALG_SHA256] = G_CHECKSUM_SHA256,
|
||||
[QCRYPTO_HASH_ALG_SHA384] = -1,
|
||||
#if GLIB_CHECK_VERSION(2, 36, 0)
|
||||
[QCRYPTO_HASH_ALG_SHA512] = G_CHECKSUM_SHA512,
|
||||
#else
|
||||
[QCRYPTO_HASH_ALG_SHA512] = -1,
|
||||
#endif
|
||||
[QCRYPTO_HASH_ALG_RIPEMD160] = -1,
|
||||
};
|
||||
|
||||
gboolean qcrypto_hash_supports(QCryptoHashAlgorithm alg)
|
||||
{
|
||||
if (alg < G_N_ELEMENTS(qcrypto_hash_alg_map) &&
|
||||
qcrypto_hash_alg_map[alg] != -1) {
|
||||
return true;
|
||||
}
|
||||
return false;
|
||||
}
|
||||
|
||||
|
||||
int qcrypto_hash_bytesv(QCryptoHashAlgorithm alg,
|
||||
const struct iovec *iov,
|
||||
size_t niov,
|
||||
uint8_t **result,
|
||||
size_t *resultlen,
|
||||
Error **errp)
|
||||
{
|
||||
int i, ret;
|
||||
GChecksum *cs;
|
||||
|
||||
if (!qcrypto_hash_supports(alg)) {
|
||||
error_setg(errp,
|
||||
"Unknown hash algorithm %d",
|
||||
alg);
|
||||
return -1;
|
||||
}
|
||||
|
||||
cs = g_checksum_new(qcrypto_hash_alg_map[alg]);
|
||||
|
||||
for (i = 0; i < niov; i++) {
|
||||
g_checksum_update(cs, iov[i].iov_base, iov[i].iov_len);
|
||||
}
|
||||
|
||||
ret = g_checksum_type_get_length(qcrypto_hash_alg_map[alg]);
|
||||
if (ret < 0) {
|
||||
error_setg(errp, "%s",
|
||||
"Unable to get hash length");
|
||||
goto error;
|
||||
}
|
||||
if (*resultlen == 0) {
|
||||
*resultlen = ret;
|
||||
*result = g_new0(uint8_t, *resultlen);
|
||||
} else if (*resultlen != ret) {
|
||||
error_setg(errp,
|
||||
"Result buffer size %zu is smaller than hash %d",
|
||||
*resultlen, ret);
|
||||
goto error;
|
||||
}
|
||||
|
||||
g_checksum_get_digest(cs, *result, resultlen);
|
||||
|
||||
g_checksum_free(cs);
|
||||
return 0;
|
||||
|
||||
error:
|
||||
g_checksum_free(cs);
|
||||
return -1;
|
||||
}
|
@ -113,8 +113,7 @@ int qcrypto_hash_bytesv(QCryptoHashAlgorithm alg,
|
||||
int i;
|
||||
union qcrypto_hash_ctx ctx;
|
||||
|
||||
if (alg >= G_N_ELEMENTS(qcrypto_hash_alg_map) ||
|
||||
qcrypto_hash_alg_map[alg].init == NULL) {
|
||||
if (!qcrypto_hash_supports(alg)) {
|
||||
error_setg(errp,
|
||||
"Unknown hash algorithm %d",
|
||||
alg);
|
||||
|
@ -1,41 +0,0 @@
|
||||
/*
|
||||
* QEMU Crypto hash algorithms
|
||||
*
|
||||
* Copyright (c) 2016 Red Hat, Inc.
|
||||
*
|
||||
* This library is free software; you can redistribute it and/or
|
||||
* modify it under the terms of the GNU Lesser General Public
|
||||
* License as published by the Free Software Foundation; either
|
||||
* version 2 of the License, or (at your option) any later version.
|
||||
*
|
||||
* This library is distributed in the hope that it will be useful,
|
||||
* but WITHOUT ANY WARRANTY; without even the implied warranty of
|
||||
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
|
||||
* Lesser General Public License for more details.
|
||||
*
|
||||
* You should have received a copy of the GNU Lesser General Public
|
||||
* License along with this library; if not, see <http://www.gnu.org/licenses/>.
|
||||
*
|
||||
*/
|
||||
|
||||
#include "qemu/osdep.h"
|
||||
#include "qapi/error.h"
|
||||
#include "crypto/hash.h"
|
||||
|
||||
gboolean qcrypto_hash_supports(QCryptoHashAlgorithm alg G_GNUC_UNUSED)
|
||||
{
|
||||
return false;
|
||||
}
|
||||
|
||||
int qcrypto_hash_bytesv(QCryptoHashAlgorithm alg,
|
||||
const struct iovec *iov G_GNUC_UNUSED,
|
||||
size_t niov G_GNUC_UNUSED,
|
||||
uint8_t **result G_GNUC_UNUSED,
|
||||
size_t *resultlen G_GNUC_UNUSED,
|
||||
Error **errp)
|
||||
{
|
||||
error_setg(errp,
|
||||
"Hash algorithm %d not supported without GNUTLS",
|
||||
alg);
|
||||
return -1;
|
||||
}
|
@ -26,6 +26,39 @@ int qcrypto_random_bytes(uint8_t *buf G_GNUC_UNUSED,
|
||||
size_t buflen G_GNUC_UNUSED,
|
||||
Error **errp)
|
||||
{
|
||||
error_setg(errp, "No random byte source provided in this build");
|
||||
return -1;
|
||||
int fd;
|
||||
int ret = -1;
|
||||
int got;
|
||||
|
||||
/* TBD perhaps also add support for BSD getentropy / Linux
|
||||
* getrandom syscalls directly */
|
||||
fd = open("/dev/urandom", O_RDONLY);
|
||||
if (fd == -1 && errno == ENOENT) {
|
||||
fd = open("/dev/random", O_RDONLY);
|
||||
}
|
||||
|
||||
if (fd < 0) {
|
||||
error_setg(errp, "No /dev/urandom or /dev/random found");
|
||||
return -1;
|
||||
}
|
||||
|
||||
while (buflen > 0) {
|
||||
got = read(fd, buf, buflen);
|
||||
if (got < 0) {
|
||||
error_setg_errno(errp, errno,
|
||||
"Unable to read random bytes");
|
||||
goto cleanup;
|
||||
} else if (!got) {
|
||||
error_setg(errp,
|
||||
"Unexpected EOF reading random bytes");
|
||||
goto cleanup;
|
||||
}
|
||||
buflen -= got;
|
||||
buf += got;
|
||||
}
|
||||
|
||||
ret = 0;
|
||||
cleanup:
|
||||
close(fd);
|
||||
return ret;
|
||||
}
|
Loading…
Reference in New Issue
Block a user