[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
[Qemu-devel] [PULL v1 1/6] crypto: extend mode as a parameter in qcrypto
From: |
Daniel P. Berrange |
Subject: |
[Qemu-devel] [PULL v1 1/6] crypto: extend mode as a parameter in qcrypto_cipher_supports() |
Date: |
Wed, 19 Oct 2016 11:02:43 +0100 |
From: Gonglei <address@hidden>
It can't guarantee all cipher modes are supported
if one cipher algorithm is supported by a backend.
Let's extend qcrypto_cipher_supports() to take both
the algorithm and mode as parameters.
Signed-off-by: Gonglei <address@hidden>
Signed-off-by: Daniel P. Berrange <address@hidden>
---
block/qcow.c | 3 ++-
block/qcow2.c | 3 ++-
crypto/cipher-builtin.c | 14 +++++++++++++-
crypto/cipher-gcrypt.c | 13 ++++++++++++-
crypto/cipher-nettle.c | 13 ++++++++++++-
include/crypto/cipher.h | 6 ++++--
tests/test-crypto-cipher.c | 2 +-
ui/vnc.c | 2 +-
8 files changed, 47 insertions(+), 9 deletions(-)
diff --git a/block/qcow.c b/block/qcow.c
index 94f01b3..7540f43 100644
--- a/block/qcow.c
+++ b/block/qcow.c
@@ -153,7 +153,8 @@ static int qcow_open(BlockDriverState *bs, QDict *options,
int flags,
ret = -EINVAL;
goto fail;
}
- if (!qcrypto_cipher_supports(QCRYPTO_CIPHER_ALG_AES_128)) {
+ if (!qcrypto_cipher_supports(QCRYPTO_CIPHER_ALG_AES_128,
+ QCRYPTO_CIPHER_MODE_CBC)) {
error_setg(errp, "AES cipher not available");
ret = -EINVAL;
goto fail;
diff --git a/block/qcow2.c b/block/qcow2.c
index 0e53a4d..e11c7c9 100644
--- a/block/qcow2.c
+++ b/block/qcow2.c
@@ -959,7 +959,8 @@ static int qcow2_open(BlockDriverState *bs, QDict *options,
int flags,
ret = -EINVAL;
goto fail;
}
- if (!qcrypto_cipher_supports(QCRYPTO_CIPHER_ALG_AES_128)) {
+ if (!qcrypto_cipher_supports(QCRYPTO_CIPHER_ALG_AES_128,
+ QCRYPTO_CIPHER_MODE_CBC)) {
error_setg(errp, "AES cipher not available");
ret = -EINVAL;
goto fail;
diff --git a/crypto/cipher-builtin.c b/crypto/cipher-builtin.c
index 9d25842..fd59a9e 100644
--- a/crypto/cipher-builtin.c
+++ b/crypto/cipher-builtin.c
@@ -400,14 +400,26 @@ static int qcrypto_cipher_init_des_rfb(QCryptoCipher
*cipher,
}
-bool qcrypto_cipher_supports(QCryptoCipherAlgorithm alg)
+bool qcrypto_cipher_supports(QCryptoCipherAlgorithm alg,
+ QCryptoCipherMode mode)
{
switch (alg) {
case QCRYPTO_CIPHER_ALG_DES_RFB:
case QCRYPTO_CIPHER_ALG_AES_128:
case QCRYPTO_CIPHER_ALG_AES_192:
case QCRYPTO_CIPHER_ALG_AES_256:
+ break;
+ default:
+ return false;
+ }
+
+ switch (mode) {
+ case QCRYPTO_CIPHER_MODE_ECB:
+ case QCRYPTO_CIPHER_MODE_CBC:
+ case QCRYPTO_CIPHER_MODE_XTS:
return true;
+ case QCRYPTO_CIPHER_MODE_CTR:
+ return false;
default:
return false;
}
diff --git a/crypto/cipher-gcrypt.c b/crypto/cipher-gcrypt.c
index da3f4c7..05026c0 100644
--- a/crypto/cipher-gcrypt.c
+++ b/crypto/cipher-gcrypt.c
@@ -24,7 +24,8 @@
#include <gcrypt.h>
-bool qcrypto_cipher_supports(QCryptoCipherAlgorithm alg)
+bool qcrypto_cipher_supports(QCryptoCipherAlgorithm alg,
+ QCryptoCipherMode mode)
{
switch (alg) {
case QCRYPTO_CIPHER_ALG_DES_RFB:
@@ -37,6 +38,16 @@ bool qcrypto_cipher_supports(QCryptoCipherAlgorithm alg)
case QCRYPTO_CIPHER_ALG_SERPENT_256:
case QCRYPTO_CIPHER_ALG_TWOFISH_128:
case QCRYPTO_CIPHER_ALG_TWOFISH_256:
+ break;
+ default:
+ return false;
+ }
+
+ switch (mode) {
+ case QCRYPTO_CIPHER_MODE_ECB:
+ case QCRYPTO_CIPHER_MODE_CBC:
+ case QCRYPTO_CIPHER_MODE_XTS:
+ case QCRYPTO_CIPHER_MODE_CTR:
return true;
default:
return false;
diff --git a/crypto/cipher-nettle.c b/crypto/cipher-nettle.c
index 879d831..72d1069 100644
--- a/crypto/cipher-nettle.c
+++ b/crypto/cipher-nettle.c
@@ -191,7 +191,8 @@ struct QCryptoCipherNettle {
size_t blocksize;
};
-bool qcrypto_cipher_supports(QCryptoCipherAlgorithm alg)
+bool qcrypto_cipher_supports(QCryptoCipherAlgorithm alg,
+ QCryptoCipherMode mode)
{
switch (alg) {
case QCRYPTO_CIPHER_ALG_DES_RFB:
@@ -205,6 +206,16 @@ bool qcrypto_cipher_supports(QCryptoCipherAlgorithm alg)
case QCRYPTO_CIPHER_ALG_TWOFISH_128:
case QCRYPTO_CIPHER_ALG_TWOFISH_192:
case QCRYPTO_CIPHER_ALG_TWOFISH_256:
+ break;
+ default:
+ return false;
+ }
+
+ switch (mode) {
+ case QCRYPTO_CIPHER_MODE_ECB:
+ case QCRYPTO_CIPHER_MODE_CBC:
+ case QCRYPTO_CIPHER_MODE_XTS:
+ case QCRYPTO_CIPHER_MODE_CTR:
return true;
default:
return false;
diff --git a/include/crypto/cipher.h b/include/crypto/cipher.h
index 376654d..97638e7 100644
--- a/include/crypto/cipher.h
+++ b/include/crypto/cipher.h
@@ -85,13 +85,15 @@ struct QCryptoCipher {
/**
* qcrypto_cipher_supports:
* @alg: the cipher algorithm
+ * @mode: the cipher mode
*
- * Determine if @alg cipher algorithm is supported by the
+ * Determine if @alg cipher algorithm in @mode is supported by the
* current configured build
*
* Returns: true if the algorithm is supported, false otherwise
*/
-bool qcrypto_cipher_supports(QCryptoCipherAlgorithm alg);
+bool qcrypto_cipher_supports(QCryptoCipherAlgorithm alg,
+ QCryptoCipherMode mode);
/**
* qcrypto_cipher_get_block_len:
diff --git a/tests/test-crypto-cipher.c b/tests/test-crypto-cipher.c
index b89dfa2..8492978 100644
--- a/tests/test-crypto-cipher.c
+++ b/tests/test-crypto-cipher.c
@@ -616,7 +616,7 @@ int main(int argc, char **argv)
g_assert(qcrypto_init(NULL) == 0);
for (i = 0; i < G_N_ELEMENTS(test_data); i++) {
- if (qcrypto_cipher_supports(test_data[i].alg)) {
+ if (qcrypto_cipher_supports(test_data[i].alg, test_data[i].mode)) {
g_test_add_data_func(test_data[i].path, &test_data[i],
test_cipher);
}
}
diff --git a/ui/vnc.c b/ui/vnc.c
index c1e98fb..1bedc95 100644
--- a/ui/vnc.c
+++ b/ui/vnc.c
@@ -3606,7 +3606,7 @@ void vnc_display_open(const char *id, Error **errp)
goto fail;
}
if (!qcrypto_cipher_supports(
- QCRYPTO_CIPHER_ALG_DES_RFB)) {
+ QCRYPTO_CIPHER_ALG_DES_RFB, QCRYPTO_CIPHER_MODE_ECB)) {
error_setg(errp,
"Cipher backend does not support DES RFB algorithm");
goto fail;
--
2.7.4
- [Qemu-devel] [PULL v1 0/6] Merge qcrypto 2016/10/19, Daniel P. Berrange, 2016/10/19
- [Qemu-devel] [PULL v1 1/6] crypto: extend mode as a parameter in qcrypto_cipher_supports(),
Daniel P. Berrange <=
- [Qemu-devel] [PULL v1 3/6] crypto: add mode check in qcrypto_cipher_new() for cipher-builtin, Daniel P. Berrange, 2016/10/19
- [Qemu-devel] [PULL v1 2/6] crypto: add CTR mode support, Daniel P. Berrange, 2016/10/19
- [Qemu-devel] [PULL v1 4/6] qtest: fix make check complaint in crypto module, Daniel P. Berrange, 2016/10/19
- [Qemu-devel] [PULL v1 6/6] crypto: fix initialization of gcrypt threading, Daniel P. Berrange, 2016/10/19
- [Qemu-devel] [PULL v1 5/6] crypto: fix initialization of crypto in tests, Daniel P. Berrange, 2016/10/19
- Re: [Qemu-devel] [PULL v1 0/6] Merge qcrypto 2016/10/19, Daniel P. Berrange, 2016/10/20