vitalif
/
mirror_qemu
mirror of https://github.com/proxmox/mirror_qemu
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

Merge qcrypto 2016/07/04 v1 

-----BEGIN PGP SIGNATURE-----
 Version: GnuPG v1
 
 iQIcBAABCAAGBQJXeniiAAoJEL6G67QVEE/fnbgQAKzM0WXNtIlpXriL836GnMRT
 BBYrYxMiGxxiLishV9LZ6CRdKiiuqU8OwO7WFtSUeSHhGJeTqR6jMmn1YrdIPe0w
 nMUT8db00uXRze3uHy1Z8omK6FiSlfHDIpk5260y9Ymz5bhRkpwnQoRXdIwGGkKb
 q7pgLwQJ6J+dfJUUAl7kvNrjR8iFc4ISt56mWh2Ven9pq9XapZ2M+xCAKrts4RGq
 FeQcaF0uYbc/cK7E8oypphiLYerIvms7LlTsY+Ywwx5N5AMzZSFCWWCoy0XDb1ny
 89Rmt5ot1YOVsQhITnO0jf7/5BfMmD8nBcPsNEs3FV6DkTPHBsUMIgomNvlHX9Gk
 3nZ1L0ja6e57M9hOyS21NOTc6LCFpyGLR6MuizN42FYmG3aGvYZWoHSRq1swBoBx
 jR1h8j1bPM94sYU+9tdLi4vuuLxVykonLq1kwzIOAg928fzlTxKC/kQyss3NZTD/
 WLg26Nh3+ZkEsw90ng/pCmtlVAPAj4rf+sJ/dG6LIXftE12pRycZovrpMnoAx4f+
 oTFyJvJ/XUalplmwqerhnP6gaRwfSzQrFTh+Yvs/9FVssw/KfJQmupOPeGaEXvlj
 Abq2YUC9hmUz1dUTm6u6WPMgYp813uT+OG8OGJG/I3NAw8OMj2W4lA7zz0ht3WQT
 HUQ2M7Ve8FqBXlnOzrXq
 =eJRO
 -----END PGP SIGNATURE-----

Merge remote-tracking branch 'remotes/berrange/tags/pull-qcrypto-2016-07-04-1' into staging

Merge qcrypto 2016/07/04 v1

# gpg: Signature made Mon 04 Jul 2016 15:54:26 BST
# gpg:                using RSA key 0xBE86EBB415104FDF
# gpg: Good signature from "Daniel P. Berrange <dan@berrange.com>"
# gpg:                 aka "Daniel P. Berrange <berrange@redhat.com>"
# Primary key fingerprint: DAF3 A6FD B26B 6291 2D0E  8E3F BE86 EBB4 1510 4FDF

* remotes/berrange/tags/pull-qcrypto-2016-07-04-1:
  crypto: allow default TLS priority to be chosen at build time
  crypto: add support for TLS priority string override
  crypto: implement sha224, sha384, sha512 and ripemd160 hashes
  crypto: switch hash code to use nettle/gcrypt directly
  crypto: rename OUT to out in xts test to avoid clash on MinGW
  crypto: fix handling of iv generator hash defaults

Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
master
Peter Maydell 2016-07-04 16:28:58 +01:00
parent 3173a1fd54 a1c5e949dd
commit 0d7e96c9b5
16 changed files with 704 additions and 139 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

20
configure vendored
View File

@ -305,8 +305,8 @@ archipelago="no"
gtk=""
gtkabi=""
gtk_gl="no"
tls_priority="NORMAL"
gnutls=""
gnutls_hash=""
gnutls_rnd=""
nettle=""
nettle_kdf="no"
@ -1097,6 +1097,8 @@ for opt do
;;
--enable-gtk) gtk="yes"
;;
--tls-priority=*) tls_priority="$optarg"
;;
--disable-gnutls) gnutls="no"
;;
--enable-gnutls) gnutls="yes"
@ -1308,6 +1310,7 @@ Advanced options (experts only):
--disable-blobs disable installing provided firmware blobs
--with-vss-sdk=SDK-path enable Windows VSS support in QEMU Guest Agent
--with-win-sdk=SDK-path path to Windows Platform SDK (to build VSS .tlb)
--tls-priority default TLS protocol/cipher priority string
Optional features, enabled with --enable-FEATURE and
disabled with --disable-FEATURE, default is enabled if available:
@ -2218,13 +2221,6 @@ if test "$gnutls" != "no"; then
QEMU_CFLAGS="$QEMU_CFLAGS $gnutls_cflags"
gnutls="yes"
# gnutls_hash_init requires >= 2.9.10
if $pkg_config --exists "gnutls >= 2.9.10"; then
gnutls_hash="yes"
else
gnutls_hash="no"
fi
# gnutls_rnd requires >= 2.11.0
if $pkg_config --exists "gnutls >= 2.11.0"; then
gnutls_rnd="yes"
@ -2258,11 +2254,9 @@ if test "$gnutls" != "no"; then
feature_not_found "gnutls" "Install gnutls devel"
else
gnutls="no"
gnutls_hash="no"
gnutls_rnd="no"
fi
else
gnutls_hash="no"
gnutls_rnd="no"
fi
@ -4812,8 +4806,8 @@ echo "SDL support $sdl $(echo_version $sdl $sdlversion)"
echo "GTK support $gtk $(echo_version $gtk $gtk_version)"
echo "GTK GL support $gtk_gl"
echo "VTE support $vte $(echo_version $vte $vteversion)"
echo "TLS priority $tls_priority"
echo "GNUTLS support $gnutls"
echo "GNUTLS hash $gnutls_hash"
echo "GNUTLS rnd $gnutls_rnd"
echo "libgcrypt $gcrypt"
echo "libgcrypt kdf $gcrypt_kdf"
@ -5176,12 +5170,10 @@ if test "$gtk" = "yes" ; then
echo "CONFIG_GTK_GL=y" >> $config_host_mak
fi
fi
echo "CONFIG_TLS_PRIORITY=\"$tls_priority\"" >> $config_host_mak
if test "$gnutls" = "yes" ; then
echo "CONFIG_GNUTLS=y" >> $config_host_mak
fi
if test "$gnutls_hash" = "yes" ; then
echo "CONFIG_GNUTLS_HASH=y" >> $config_host_mak
fi
if test "$gnutls_rnd" = "yes" ; then
echo "CONFIG_GNUTLS_RND=y" >> $config_host_mak
fi

3
crypto/Makefile.objs
View File

@ -1,5 +1,7 @@
crypto-obj-y = init.o
crypto-obj-y += hash.o
crypto-obj-$(CONFIG_NETTLE) += hash-nettle.o
crypto-obj-$(if $(CONFIG_NETTLE),n,$(CONFIG_GCRYPT)) += hash-gcrypt.o
crypto-obj-y += aes.o
crypto-obj-y += desrfb.o
crypto-obj-y += cipher.o
@ -28,3 +30,4 @@ crypto-aes-obj-y = aes.o
stub-obj-y += random-stub.o
stub-obj-y += pbkdf-stub.o
stub-obj-y += hash-stub.o

21
crypto/block-luks.c
View File

@ -776,6 +776,11 @@ qcrypto_block_luks_open(QCryptoBlock *block,
}
if (ivalg == QCRYPTO_IVGEN_ALG_ESSIV) {
if (!ivhash_name) {
ret = -EINVAL;
error_setg(errp, "Missing IV generator hash specification");
goto fail;
}
ivcipheralg = qcrypto_block_luks_essiv_cipher(cipheralg,
ivhash,
&local_err);
@ -785,6 +790,13 @@ qcrypto_block_luks_open(QCryptoBlock *block,
goto fail;
}
} else {
/* Note we parsed the ivhash_name earlier in the cipher_mode
* spec string even with plain/plain64 ivgens, but we
* will ignore it, since it is irrelevant for these ivgens.
* This is for compat with dm-crypt which will silently
* ignore hash names with these ivgens rather than report
* an error about the invalid usage
*/
ivcipheralg = cipheralg;
}
@ -904,6 +916,15 @@ qcrypto_block_luks_create(QCryptoBlock *block,
if (!luks_opts.has_hash_alg) {
luks_opts.hash_alg = QCRYPTO_HASH_ALG_SHA256;
}
if (luks_opts.ivgen_alg == QCRYPTO_IVGEN_ALG_ESSIV) {
if (!luks_opts.has_ivgen_hash_alg) {
luks_opts.ivgen_hash_alg = QCRYPTO_HASH_ALG_SHA256;
luks_opts.has_ivgen_hash_alg = true;
}
}
/* Note we're allowing ivgen_hash_alg to be set even for
* non-essiv iv generators that don't need a hash. It will
* be silently ignored, for compatibility with dm-crypt */
if (!options->u.luks.key_secret) {
error_setg(errp, "Parameter 'key-secret' is required for cipher");

110
crypto/hash-gcrypt.c Normal file
View File

@ -0,0 +1,110 @@
/*
* QEMU Crypto hash algorithms
*
* Copyright (c) 2016 Red Hat, Inc.
*
* This library is free software; you can redistribute it and/or
* modify it under the terms of the GNU Lesser General Public
* License as published by the Free Software Foundation; either
* version 2 of the License, or (at your option) any later version.
*
* This library is distributed in the hope that it will be useful,
* but WITHOUT ANY WARRANTY; without even the implied warranty of
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
* Lesser General Public License for more details.
*
* You should have received a copy of the GNU Lesser General Public
* License along with this library; if not, see <http://www.gnu.org/licenses/>.
*
*/
#include "qemu/osdep.h"
#include "qapi/error.h"
#include "crypto/hash.h"
#include "gcrypt.h"
static int qcrypto_hash_alg_map[QCRYPTO_HASH_ALG__MAX] = {
[QCRYPTO_HASH_ALG_MD5] = GCRY_MD_MD5,
[QCRYPTO_HASH_ALG_SHA1] = GCRY_MD_SHA1,
[QCRYPTO_HASH_ALG_SHA224] = GCRY_MD_SHA224,
[QCRYPTO_HASH_ALG_SHA256] = GCRY_MD_SHA256,
[QCRYPTO_HASH_ALG_SHA384] = GCRY_MD_SHA384,
[QCRYPTO_HASH_ALG_SHA512] = GCRY_MD_SHA512,
[QCRYPTO_HASH_ALG_RIPEMD160] = GCRY_MD_RMD160,
};
gboolean qcrypto_hash_supports(QCryptoHashAlgorithm alg)
{
if (alg < G_N_ELEMENTS(qcrypto_hash_alg_map) &&
qcrypto_hash_alg_map[alg] != GCRY_MD_NONE) {
return true;
}
return false;
}
int qcrypto_hash_bytesv(QCryptoHashAlgorithm alg,
const struct iovec *iov,
size_t niov,
uint8_t **result,
size_t *resultlen,
Error **errp)
{
int i, ret;
gcry_md_hd_t md;
unsigned char *digest;
if (alg >= G_N_ELEMENTS(qcrypto_hash_alg_map) ||
qcrypto_hash_alg_map[alg] == GCRY_MD_NONE) {
error_setg(errp,
"Unknown hash algorithm %d",
alg);
return -1;
}
ret = gcry_md_open(&md, qcrypto_hash_alg_map[alg], 0);
if (ret < 0) {
error_setg(errp,
"Unable to initialize hash algorithm: %s",
gcry_strerror(ret));
return -1;
}
for (i = 0; i < niov; i++) {
gcry_md_write(md, iov[i].iov_base, iov[i].iov_len);
}
ret = gcry_md_get_algo_dlen(qcrypto_hash_alg_map[alg]);
if (ret <= 0) {
error_setg(errp,
"Unable to get hash length: %s",
gcry_strerror(ret));
goto error;
}
if (*resultlen == 0) {
*resultlen = ret;
*result = g_new0(uint8_t, *resultlen);
} else if (*resultlen != ret) {
error_setg(errp,
"Result buffer size %zu is smaller than hash %d",
*resultlen, ret);
goto error;
}
digest = gcry_md_read(md, 0);
if (!digest) {
error_setg(errp,
"No digest produced");
goto error;
}
memcpy(*result, digest, *resultlen);
gcry_md_close(md);
return 0;
error:
gcry_md_close(md);
return -1;
}

155
crypto/hash-nettle.c Normal file
View File

@ -0,0 +1,155 @@
/*
* QEMU Crypto hash algorithms
*
* Copyright (c) 2016 Red Hat, Inc.
*
* This library is free software; you can redistribute it and/or
* modify it under the terms of the GNU Lesser General Public
* License as published by the Free Software Foundation; either
* version 2 of the License, or (at your option) any later version.
*
* This library is distributed in the hope that it will be useful,
* but WITHOUT ANY WARRANTY; without even the implied warranty of
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
* Lesser General Public License for more details.
*
* You should have received a copy of the GNU Lesser General Public
* License along with this library; if not, see <http://www.gnu.org/licenses/>.
*
*/
#include "qemu/osdep.h"
#include "qapi/error.h"
#include "crypto/hash.h"
#include <nettle/md5.h>
#include <nettle/sha.h>
#include <nettle/ripemd160.h>
typedef void (*qcrypto_nettle_init)(void *ctx);
typedef void (*qcrypto_nettle_write)(void *ctx,
unsigned int len,
const uint8_t *buf);
typedef void (*qcrypto_nettle_result)(void *ctx,
unsigned int len,
uint8_t *buf);
union qcrypto_hash_ctx {
struct md5_ctx md5;
struct sha1_ctx sha1;
struct sha224_ctx sha224;
struct sha256_ctx sha256;
struct sha384_ctx sha384;
struct sha512_ctx sha512;
struct ripemd160_ctx ripemd160;
};
struct qcrypto_hash_alg {
qcrypto_nettle_init init;
qcrypto_nettle_write write;
qcrypto_nettle_result result;
size_t len;
} qcrypto_hash_alg_map[] = {
[QCRYPTO_HASH_ALG_MD5] = {
.init = (qcrypto_nettle_init)md5_init,
.write = (qcrypto_nettle_write)md5_update,
.result = (qcrypto_nettle_result)md5_digest,
.len = MD5_DIGEST_SIZE,
},
[QCRYPTO_HASH_ALG_SHA1] = {
.init = (qcrypto_nettle_init)sha1_init,
.write = (qcrypto_nettle_write)sha1_update,
.result = (qcrypto_nettle_result)sha1_digest,
.len = SHA1_DIGEST_SIZE,
},
[QCRYPTO_HASH_ALG_SHA224] = {
.init = (qcrypto_nettle_init)sha224_init,
.write = (qcrypto_nettle_write)sha224_update,
.result = (qcrypto_nettle_result)sha224_digest,
.len = SHA224_DIGEST_SIZE,
},
[QCRYPTO_HASH_ALG_SHA256] = {
.init = (qcrypto_nettle_init)sha256_init,
.write = (qcrypto_nettle_write)sha256_update,
.result = (qcrypto_nettle_result)sha256_digest,
.len = SHA256_DIGEST_SIZE,
},
[QCRYPTO_HASH_ALG_SHA384] = {
.init = (qcrypto_nettle_init)sha384_init,
.write = (qcrypto_nettle_write)sha384_update,
.result = (qcrypto_nettle_result)sha384_digest,
.len = SHA384_DIGEST_SIZE,
},
[QCRYPTO_HASH_ALG_SHA512] = {
.init = (qcrypto_nettle_init)sha512_init,
.write = (qcrypto_nettle_write)sha512_update,
.result = (qcrypto_nettle_result)sha512_digest,
.len = SHA512_DIGEST_SIZE,
},
[QCRYPTO_HASH_ALG_RIPEMD160] = {
.init = (qcrypto_nettle_init)ripemd160_init,
.write = (qcrypto_nettle_write)ripemd160_update,
.result = (qcrypto_nettle_result)ripemd160_digest,
.len = RIPEMD160_DIGEST_SIZE,
},
};
gboolean qcrypto_hash_supports(QCryptoHashAlgorithm alg)
{
if (alg < G_N_ELEMENTS(qcrypto_hash_alg_map) &&
qcrypto_hash_alg_map[alg].init != NULL) {
return true;
}
return false;
}
int qcrypto_hash_bytesv(QCryptoHashAlgorithm alg,
const struct iovec *iov,
size_t niov,
uint8_t **result,
size_t *resultlen,
Error **errp)
{
int i;
union qcrypto_hash_ctx ctx;
if (alg >= G_N_ELEMENTS(qcrypto_hash_alg_map) ||
qcrypto_hash_alg_map[alg].init == NULL) {
error_setg(errp,
"Unknown hash algorithm %d",
alg);
return -1;
}
qcrypto_hash_alg_map[alg].init(&ctx);
for (i = 0; i < niov; i++) {
/* Some versions of nettle have functions
* declared with 'int' instead of 'size_t'
* so to be safe avoid writing more than
* UINT_MAX bytes at a time
*/
size_t len = iov[i].iov_len;
uint8_t *base = iov[i].iov_base;
while (len) {
size_t shortlen = MIN(len, UINT_MAX);
qcrypto_hash_alg_map[alg].write(&ctx, len, base);
len -= shortlen;
base += len;
}
}
if (*resultlen == 0) {
*resultlen = qcrypto_hash_alg_map[alg].len;
*result = g_new0(uint8_t, *resultlen);
} else if (*resultlen != qcrypto_hash_alg_map[alg].len) {
error_setg(errp,
"Result buffer size %zu is smaller than hash %zu",
*resultlen, qcrypto_hash_alg_map[alg].len);
return -1;
}
qcrypto_hash_alg_map[alg].result(&ctx, *resultlen, *result);
return 0;
}

41
crypto/hash-stub.c Normal file
View File

@ -0,0 +1,41 @@
/*
* QEMU Crypto hash algorithms
*
* Copyright (c) 2016 Red Hat, Inc.
*
* This library is free software; you can redistribute it and/or
* modify it under the terms of the GNU Lesser General Public
* License as published by the Free Software Foundation; either
* version 2 of the License, or (at your option) any later version.
*
* This library is distributed in the hope that it will be useful,
* but WITHOUT ANY WARRANTY; without even the implied warranty of
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
* Lesser General Public License for more details.
*
* You should have received a copy of the GNU Lesser General Public
* License along with this library; if not, see <http://www.gnu.org/licenses/>.
*
*/
#include "qemu/osdep.h"
#include "qapi/error.h"
#include "crypto/hash.h"
gboolean qcrypto_hash_supports(QCryptoHashAlgorithm alg G_GNUC_UNUSED)
{
return false;
}
int qcrypto_hash_bytesv(QCryptoHashAlgorithm alg,
const struct iovec *iov G_GNUC_UNUSED,
size_t niov G_GNUC_UNUSED,
uint8_t **result G_GNUC_UNUSED,
size_t *resultlen G_GNUC_UNUSED,
Error **errp)
{
error_setg(errp,
"Hash algorithm %d not supported without GNUTLS",
alg);
return -1;
}

109
crypto/hash.c
View File

@ -22,16 +22,14 @@
#include "qapi/error.h"
#include "crypto/hash.h"
#ifdef CONFIG_GNUTLS_HASH
#include <gnutls/gnutls.h>
#include <gnutls/crypto.h>
#endif
static size_t qcrypto_hash_alg_size[QCRYPTO_HASH_ALG__MAX] = {
[QCRYPTO_HASH_ALG_MD5] = 16,
[QCRYPTO_HASH_ALG_SHA1] = 20,
[QCRYPTO_HASH_ALG_SHA224] = 28,
[QCRYPTO_HASH_ALG_SHA256] = 32,
[QCRYPTO_HASH_ALG_SHA384] = 48,
[QCRYPTO_HASH_ALG_SHA512] = 64,
[QCRYPTO_HASH_ALG_RIPEMD160] = 20,
};
size_t qcrypto_hash_digest_len(QCryptoHashAlgorithm alg)
@ -41,105 +39,6 @@ size_t qcrypto_hash_digest_len(QCryptoHashAlgorithm alg)
}
#ifdef CONFIG_GNUTLS_HASH
static int qcrypto_hash_alg_map[QCRYPTO_HASH_ALG__MAX] = {
[QCRYPTO_HASH_ALG_MD5] = GNUTLS_DIG_MD5,
[QCRYPTO_HASH_ALG_SHA1] = GNUTLS_DIG_SHA1,
[QCRYPTO_HASH_ALG_SHA256] = GNUTLS_DIG_SHA256,
};
gboolean qcrypto_hash_supports(QCryptoHashAlgorithm alg)
{
if (alg < G_N_ELEMENTS(qcrypto_hash_alg_map)) {
return true;
}
return false;
}
int qcrypto_hash_bytesv(QCryptoHashAlgorithm alg,
const struct iovec *iov,
size_t niov,
uint8_t **result,
size_t *resultlen,
Error **errp)
{
int i, ret;
gnutls_hash_hd_t dig;
if (alg >= G_N_ELEMENTS(qcrypto_hash_alg_map)) {
error_setg(errp,
"Unknown hash algorithm %d",
alg);
return -1;
}
ret = gnutls_hash_init(&dig, qcrypto_hash_alg_map[alg]);
if (ret < 0) {
error_setg(errp,
"Unable to initialize hash algorithm: %s",
gnutls_strerror(ret));
return -1;
}
for (i = 0; i < niov; i++) {
ret = gnutls_hash(dig, iov[i].iov_base, iov[i].iov_len);
if (ret < 0) {
error_setg(errp,
"Unable process hash data: %s",
gnutls_strerror(ret));
goto error;
}
}
ret = gnutls_hash_get_len(qcrypto_hash_alg_map[alg]);
if (ret <= 0) {
error_setg(errp,
"Unable to get hash length: %s",
gnutls_strerror(ret));
goto error;
}
if (*resultlen == 0) {
*resultlen = ret;
*result = g_new0(uint8_t, *resultlen);
} else if (*resultlen != ret) {
error_setg(errp,
"Result buffer size %zu is smaller than hash %d",
*resultlen, ret);
goto error;
}
gnutls_hash_deinit(dig, *result);
return 0;
error:
gnutls_hash_deinit(dig, NULL);
return -1;
}
#else /* ! CONFIG_GNUTLS_HASH */
gboolean qcrypto_hash_supports(QCryptoHashAlgorithm alg G_GNUC_UNUSED)
{
return false;
}
int qcrypto_hash_bytesv(QCryptoHashAlgorithm alg,
const struct iovec *iov G_GNUC_UNUSED,
size_t niov G_GNUC_UNUSED,
uint8_t **result G_GNUC_UNUSED,
size_t *resultlen G_GNUC_UNUSED,
Error **errp)
{
error_setg(errp,
"Hash algorithm %d not supported without GNUTLS",
alg);
return -1;
}
#endif /* ! CONFIG_GNUTLS_HASH */
int qcrypto_hash_bytes(QCryptoHashAlgorithm alg,
const char *buf,
size_t len,

26
crypto/tlscreds.c
View File

@ -178,6 +178,27 @@ qcrypto_tls_creds_prop_get_dir(Object *obj,
}
static void
qcrypto_tls_creds_prop_set_priority(Object *obj,
const char *value,
Error **errp G_GNUC_UNUSED)
{
QCryptoTLSCreds *creds = QCRYPTO_TLS_CREDS(obj);
creds->priority = g_strdup(value);
}
static char *
qcrypto_tls_creds_prop_get_priority(Object *obj,
Error **errp G_GNUC_UNUSED)
{
QCryptoTLSCreds *creds = QCRYPTO_TLS_CREDS(obj);
return g_strdup(creds->priority);
}
static void
qcrypto_tls_creds_prop_set_endpoint(Object *obj,
int value,
@ -216,6 +237,10 @@ qcrypto_tls_creds_class_init(ObjectClass *oc, void *data)
qcrypto_tls_creds_prop_get_endpoint,
qcrypto_tls_creds_prop_set_endpoint,
NULL);
object_class_property_add_str(oc, "priority",
qcrypto_tls_creds_prop_get_priority,
qcrypto_tls_creds_prop_set_priority,
NULL);
}
@ -234,6 +259,7 @@ qcrypto_tls_creds_finalize(Object *obj)
QCryptoTLSCreds *creds = QCRYPTO_TLS_CREDS(obj);
g_free(creds->dir);
g_free(creds->priority);
}

26
crypto/tlssession.c
View File

@ -132,14 +132,22 @@ qcrypto_tls_session_new(QCryptoTLSCreds *creds,
if (object_dynamic_cast(OBJECT(creds),
TYPE_QCRYPTO_TLS_CREDS_ANON)) {
QCryptoTLSCredsAnon *acreds = QCRYPTO_TLS_CREDS_ANON(creds);
char *prio;
ret = gnutls_priority_set_direct(session->handle,
"NORMAL:+ANON-DH", NULL);
if (creds->priority != NULL) {
prio = g_strdup_printf("%s:+ANON-DH", creds->priority);
} else {
prio = g_strdup(CONFIG_TLS_PRIORITY ":+ANON-DH");
}
ret = gnutls_priority_set_direct(session->handle, prio, NULL);
if (ret < 0) {
error_setg(errp, "Unable to set TLS session priority: %s",
gnutls_strerror(ret));
error_setg(errp, "Unable to set TLS session priority %s: %s",
prio, gnutls_strerror(ret));
g_free(prio);
goto error;
}
g_free(prio);
if (creds->endpoint == QCRYPTO_TLS_CREDS_ENDPOINT_SERVER) {
ret = gnutls_credentials_set(session->handle,
GNUTLS_CRD_ANON,
@ -157,11 +165,15 @@ qcrypto_tls_session_new(QCryptoTLSCreds *creds,
} else if (object_dynamic_cast(OBJECT(creds),
TYPE_QCRYPTO_TLS_CREDS_X509)) {
QCryptoTLSCredsX509 *tcreds = QCRYPTO_TLS_CREDS_X509(creds);
const char *prio = creds->priority;
if (!prio) {
prio = CONFIG_TLS_PRIORITY;
}
ret = gnutls_set_default_priority(session->handle);
ret = gnutls_priority_set_direct(session->handle, prio, NULL);
if (ret < 0) {
error_setg(errp, "Cannot set default TLS session priority: %s",
gnutls_strerror(ret));
error_setg(errp, "Cannot set default TLS session priority %s: %s",
prio, gnutls_strerror(ret));
goto error;
}
ret = gnutls_credentials_set(session->handle,

1
include/crypto/tlscreds.h
View File

@ -54,6 +54,7 @@ struct QCryptoTLSCreds {
gnutls_dh_params_t dh_params;
#endif
bool verifyPeer;
char *priority;
};

6
qapi/crypto.json
View File

@ -42,12 +42,16 @@
#
# @md5: MD5. Should not be used in any new code, legacy compat only
# @sha1: SHA-1. Should not be used in any new code, legacy compat only
# @sha224: SHA-224. (since 2.7)
# @sha256: SHA-256. Current recommended strong hash.
# @sha384: SHA-384. (since 2.7)
# @sha512: SHA-512. (since 2.7)
# @ripemd160: RIPEMD-160. (since 2.7)
# Since: 2.6
##
{ 'enum': 'QCryptoHashAlgorithm',
'prefix': 'QCRYPTO_HASH_ALG',
'data': ['md5', 'sha1', 'sha256']}
'data': ['md5', 'sha1', 'sha224', 'sha256', 'sha384', 'sha512', 'ripemd160']}
##

2
tests/Makefile.include
View File

@ -86,7 +86,7 @@ check-unit-y += tests/test-qemu-opts$(EXESUF)
gcov-files-test-qemu-opts-y = qom/test-qemu-opts.c
check-unit-y += tests/test-write-threshold$(EXESUF)
gcov-files-test-write-threshold-y = block/write-threshold.c
check-unit-$(CONFIG_GNUTLS_HASH) += tests/test-crypto-hash$(EXESUF)
check-unit-y += tests/test-crypto-hash$(EXESUF)
check-unit-y += tests/test-crypto-cipher$(EXESUF)
check-unit-y += tests/test-crypto-secret$(EXESUF)
check-unit-$(CONFIG_GNUTLS) += tests/test-crypto-tlscredsx509$(EXESUF)

12
tests/qemu-iotests/149
View File

@ -153,6 +153,8 @@ def cryptsetup_format(config):
cipher = config.cipher + "-" + config.mode + "-" + config.ivgen
if config.ivgen_hash is not None:
cipher = cipher + ":" + config.ivgen_hash
elif config.ivgen == "essiv":
cipher = cipher + ":" + "sha256"
args.extend(["--cipher", cipher])
if config.mode == "xts":
args.extend(["--key-size", str(config.keylen * 2)])
@ -479,6 +481,16 @@ configs = [
"6": "slot6",
"7": "slot7",
}),
# Check handling of default hash alg (sha256) with essiv
LUKSConfig("aes-256-cbc-essiv-auto-sha1",
"aes", 256, "cbc", "essiv", None, "sha1"),
# Check that a useless hash provided for 'plain64' iv gen
# is ignored and no error raised
LUKSConfig("aes-256-cbc-plain64-sha256-sha1",
"aes", 256, "cbc", "plain64", "sha256", "sha1"),
]
blacklist = [

240
tests/qemu-iotests/149.out
View File

@ -1878,3 +1878,243 @@ sudo cryptsetup -q -v luksClose qiotest-145-aes-256-xts-plain-sha1-pwallslots
# Delete image
unlink TEST_DIR/luks-aes-256-xts-plain-sha1-pwallslots.img
# ================= dm-crypt aes-256-cbc-essiv-auto-sha1 =================
# Create image
truncate TEST_DIR/luks-aes-256-cbc-essiv-auto-sha1.img --size 4194304MB
# Format image
sudo cryptsetup -q -v luksFormat --cipher aes-cbc-essiv:sha256 --key-size 256 --hash sha1 --key-slot 0 --key-file - TEST_DIR/luks-aes-256-cbc-essiv-auto-sha1.img
# Open dev
sudo cryptsetup -q -v luksOpen TEST_DIR/luks-aes-256-cbc-essiv-auto-sha1.img qiotest-145-aes-256-cbc-essiv-auto-sha1
# Set dev owner
sudo chown UID:GID /dev/mapper/qiotest-145-aes-256-cbc-essiv-auto-sha1
# Write test pattern 0xa7
qemu-io -c write -P 0xa7 100M 10M --image-opts driver=file,filename=/dev/mapper/qiotest-145-aes-256-cbc-essiv-auto-sha1
wrote 10485760/10485760 bytes at offset 104857600
10 MiB, X ops; XX:XX:XX.X (XXX YYY/sec and XXX ops/sec)
# Write test pattern 0x13
qemu-io -c write -P 0x13 3145728M 10M --image-opts driver=file,filename=/dev/mapper/qiotest-145-aes-256-cbc-essiv-auto-sha1
wrote 10485760/10485760 bytes at offset 3298534883328
10 MiB, X ops; XX:XX:XX.X (XXX YYY/sec and XXX ops/sec)
# Close dev
sudo cryptsetup -q -v luksClose qiotest-145-aes-256-cbc-essiv-auto-sha1
# Read test pattern 0xa7
qemu-io -c read -P 0xa7 100M 10M --object secret,id=sec0,data=MTIzNDU2,format=base64 --image-opts driver=luks,key-secret=sec0,file.filename=TEST_DIR/luks-aes-256-cbc-essiv-auto-sha1.img
read 10485760/10485760 bytes at offset 104857600
10 MiB, X ops; XX:XX:XX.X (XXX YYY/sec and XXX ops/sec)
# Read test pattern 0x13
qemu-io -c read -P 0x13 3145728M 10M --object secret,id=sec0,data=MTIzNDU2,format=base64 --image-opts driver=luks,key-secret=sec0,file.filename=TEST_DIR/luks-aes-256-cbc-essiv-auto-sha1.img
read 10485760/10485760 bytes at offset 3298534883328
10 MiB, X ops; XX:XX:XX.X (XXX YYY/sec and XXX ops/sec)
# Write test pattern 0x91
qemu-io -c write -P 0x91 100M 10M --object secret,id=sec0,data=MTIzNDU2,format=base64 --image-opts driver=luks,key-secret=sec0,file.filename=TEST_DIR/luks-aes-256-cbc-essiv-auto-sha1.img
wrote 10485760/10485760 bytes at offset 104857600
10 MiB, X ops; XX:XX:XX.X (XXX YYY/sec and XXX ops/sec)
# Write test pattern 0x5e
qemu-io -c write -P 0x5e 3145728M 10M --object secret,id=sec0,data=MTIzNDU2,format=base64 --image-opts driver=luks,key-secret=sec0,file.filename=TEST_DIR/luks-aes-256-cbc-essiv-auto-sha1.img
wrote 10485760/10485760 bytes at offset 3298534883328
10 MiB, X ops; XX:XX:XX.X (XXX YYY/sec and XXX ops/sec)
# Open dev
sudo cryptsetup -q -v luksOpen TEST_DIR/luks-aes-256-cbc-essiv-auto-sha1.img qiotest-145-aes-256-cbc-essiv-auto-sha1
# Set dev owner
sudo chown UID:GID /dev/mapper/qiotest-145-aes-256-cbc-essiv-auto-sha1
# Read test pattern 0x91
qemu-io -c read -P 0x91 100M 10M --image-opts driver=file,filename=/dev/mapper/qiotest-145-aes-256-cbc-essiv-auto-sha1
read 10485760/10485760 bytes at offset 104857600
10 MiB, X ops; XX:XX:XX.X (XXX YYY/sec and XXX ops/sec)
# Read test pattern 0x5e
qemu-io -c read -P 0x5e 3145728M 10M --image-opts driver=file,filename=/dev/mapper/qiotest-145-aes-256-cbc-essiv-auto-sha1
read 10485760/10485760 bytes at offset 3298534883328
10 MiB, X ops; XX:XX:XX.X (XXX YYY/sec and XXX ops/sec)
# Close dev
sudo cryptsetup -q -v luksClose qiotest-145-aes-256-cbc-essiv-auto-sha1
# Delete image
unlink TEST_DIR/luks-aes-256-cbc-essiv-auto-sha1.img
# ================= qemu-img aes-256-cbc-essiv-auto-sha1 =================
# Create image
qemu-img create -f luks --object secret,id=sec0,data=MTIzNDU2,format=base64 -o key-secret=sec0,cipher-alg=aes-256,cipher-mode=cbc,ivgen-alg=essiv,hash-alg=sha1 TEST_DIR/luks-aes-256-cbc-essiv-auto-sha1.img 4194304M
Formatting 'TEST_DIR/luks-aes-256-cbc-essiv-auto-sha1.img', fmt=luks size=4398046511104 key-secret=sec0 cipher-alg=aes-256 cipher-mode=cbc ivgen-alg=essiv hash-alg=sha1
# Open dev
sudo cryptsetup -q -v luksOpen TEST_DIR/luks-aes-256-cbc-essiv-auto-sha1.img qiotest-145-aes-256-cbc-essiv-auto-sha1
# Set dev owner
sudo chown UID:GID /dev/mapper/qiotest-145-aes-256-cbc-essiv-auto-sha1
# Write test pattern 0xa7
qemu-io -c write -P 0xa7 100M 10M --image-opts driver=file,filename=/dev/mapper/qiotest-145-aes-256-cbc-essiv-auto-sha1
wrote 10485760/10485760 bytes at offset 104857600
10 MiB, X ops; XX:XX:XX.X (XXX YYY/sec and XXX ops/sec)
# Write test pattern 0x13
qemu-io -c write -P 0x13 3145728M 10M --image-opts driver=file,filename=/dev/mapper/qiotest-145-aes-256-cbc-essiv-auto-sha1
wrote 10485760/10485760 bytes at offset 3298534883328
10 MiB, X ops; XX:XX:XX.X (XXX YYY/sec and XXX ops/sec)
# Close dev
sudo cryptsetup -q -v luksClose qiotest-145-aes-256-cbc-essiv-auto-sha1
# Read test pattern 0xa7
qemu-io -c read -P 0xa7 100M 10M --object secret,id=sec0,data=MTIzNDU2,format=base64 --image-opts driver=luks,key-secret=sec0,file.filename=TEST_DIR/luks-aes-256-cbc-essiv-auto-sha1.img
read 10485760/10485760 bytes at offset 104857600
10 MiB, X ops; XX:XX:XX.X (XXX YYY/sec and XXX ops/sec)
# Read test pattern 0x13
qemu-io -c read -P 0x13 3145728M 10M --object secret,id=sec0,data=MTIzNDU2,format=base64 --image-opts driver=luks,key-secret=sec0,file.filename=TEST_DIR/luks-aes-256-cbc-essiv-auto-sha1.img
read 10485760/10485760 bytes at offset 3298534883328
10 MiB, X ops; XX:XX:XX.X (XXX YYY/sec and XXX ops/sec)
# Write test pattern 0x91
qemu-io -c write -P 0x91 100M 10M --object secret,id=sec0,data=MTIzNDU2,format=base64 --image-opts driver=luks,key-secret=sec0,file.filename=TEST_DIR/luks-aes-256-cbc-essiv-auto-sha1.img
wrote 10485760/10485760 bytes at offset 104857600
10 MiB, X ops; XX:XX:XX.X (XXX YYY/sec and XXX ops/sec)
# Write test pattern 0x5e
qemu-io -c write -P 0x5e 3145728M 10M --object secret,id=sec0,data=MTIzNDU2,format=base64 --image-opts driver=luks,key-secret=sec0,file.filename=TEST_DIR/luks-aes-256-cbc-essiv-auto-sha1.img
wrote 10485760/10485760 bytes at offset 3298534883328
10 MiB, X ops; XX:XX:XX.X (XXX YYY/sec and XXX ops/sec)
# Open dev
sudo cryptsetup -q -v luksOpen TEST_DIR/luks-aes-256-cbc-essiv-auto-sha1.img qiotest-145-aes-256-cbc-essiv-auto-sha1
# Set dev owner
sudo chown UID:GID /dev/mapper/qiotest-145-aes-256-cbc-essiv-auto-sha1
# Read test pattern 0x91
qemu-io -c read -P 0x91 100M 10M --image-opts driver=file,filename=/dev/mapper/qiotest-145-aes-256-cbc-essiv-auto-sha1
read 10485760/10485760 bytes at offset 104857600
10 MiB, X ops; XX:XX:XX.X (XXX YYY/sec and XXX ops/sec)
# Read test pattern 0x5e
qemu-io -c read -P 0x5e 3145728M 10M --image-opts driver=file,filename=/dev/mapper/qiotest-145-aes-256-cbc-essiv-auto-sha1
read 10485760/10485760 bytes at offset 3298534883328
10 MiB, X ops; XX:XX:XX.X (XXX YYY/sec and XXX ops/sec)
# Close dev
sudo cryptsetup -q -v luksClose qiotest-145-aes-256-cbc-essiv-auto-sha1
# Delete image
unlink TEST_DIR/luks-aes-256-cbc-essiv-auto-sha1.img
# ================= dm-crypt aes-256-cbc-plain64-sha256-sha1 =================
# Create image
truncate TEST_DIR/luks-aes-256-cbc-plain64-sha256-sha1.img --size 4194304MB
# Format image
sudo cryptsetup -q -v luksFormat --cipher aes-cbc-plain64:sha256 --key-size 256 --hash sha1 --key-slot 0 --key-file - TEST_DIR/luks-aes-256-cbc-plain64-sha256-sha1.img
# Open dev
sudo cryptsetup -q -v luksOpen TEST_DIR/luks-aes-256-cbc-plain64-sha256-sha1.img qiotest-145-aes-256-cbc-plain64-sha256-sha1
# Set dev owner
sudo chown UID:GID /dev/mapper/qiotest-145-aes-256-cbc-plain64-sha256-sha1
# Write test pattern 0xa7
qemu-io -c write -P 0xa7 100M 10M --image-opts driver=file,filename=/dev/mapper/qiotest-145-aes-256-cbc-plain64-sha256-sha1
wrote 10485760/10485760 bytes at offset 104857600
10 MiB, X ops; XX:XX:XX.X (XXX YYY/sec and XXX ops/sec)
# Write test pattern 0x13
qemu-io -c write -P 0x13 3145728M 10M --image-opts driver=file,filename=/dev/mapper/qiotest-145-aes-256-cbc-plain64-sha256-sha1
wrote 10485760/10485760 bytes at offset 3298534883328
10 MiB, X ops; XX:XX:XX.X (XXX YYY/sec and XXX ops/sec)
# Close dev
sudo cryptsetup -q -v luksClose qiotest-145-aes-256-cbc-plain64-sha256-sha1
# Read test pattern 0xa7
qemu-io -c read -P 0xa7 100M 10M --object secret,id=sec0,data=MTIzNDU2,format=base64 --image-opts driver=luks,key-secret=sec0,file.filename=TEST_DIR/luks-aes-256-cbc-plain64-sha256-sha1.img
read 10485760/10485760 bytes at offset 104857600
10 MiB, X ops; XX:XX:XX.X (XXX YYY/sec and XXX ops/sec)
# Read test pattern 0x13
qemu-io -c read -P 0x13 3145728M 10M --object secret,id=sec0,data=MTIzNDU2,format=base64 --image-opts driver=luks,key-secret=sec0,file.filename=TEST_DIR/luks-aes-256-cbc-plain64-sha256-sha1.img
read 10485760/10485760 bytes at offset 3298534883328
10 MiB, X ops; XX:XX:XX.X (XXX YYY/sec and XXX ops/sec)
# Write test pattern 0x91
qemu-io -c write -P 0x91 100M 10M --object secret,id=sec0,data=MTIzNDU2,format=base64 --image-opts driver=luks,key-secret=sec0,file.filename=TEST_DIR/luks-aes-256-cbc-plain64-sha256-sha1.img
wrote 10485760/10485760 bytes at offset 104857600
10 MiB, X ops; XX:XX:XX.X (XXX YYY/sec and XXX ops/sec)
# Write test pattern 0x5e
qemu-io -c write -P 0x5e 3145728M 10M --object secret,id=sec0,data=MTIzNDU2,format=base64 --image-opts driver=luks,key-secret=sec0,file.filename=TEST_DIR/luks-aes-256-cbc-plain64-sha256-sha1.img
wrote 10485760/10485760 bytes at offset 3298534883328
10 MiB, X ops; XX:XX:XX.X (XXX YYY/sec and XXX ops/sec)
# Open dev
sudo cryptsetup -q -v luksOpen TEST_DIR/luks-aes-256-cbc-plain64-sha256-sha1.img qiotest-145-aes-256-cbc-plain64-sha256-sha1
# Set dev owner
sudo chown UID:GID /dev/mapper/qiotest-145-aes-256-cbc-plain64-sha256-sha1
# Read test pattern 0x91
qemu-io -c read -P 0x91 100M 10M --image-opts driver=file,filename=/dev/mapper/qiotest-145-aes-256-cbc-plain64-sha256-sha1
read 10485760/10485760 bytes at offset 104857600
10 MiB, X ops; XX:XX:XX.X (XXX YYY/sec and XXX ops/sec)
# Read test pattern 0x5e
qemu-io -c read -P 0x5e 3145728M 10M --image-opts driver=file,filename=/dev/mapper/qiotest-145-aes-256-cbc-plain64-sha256-sha1
read 10485760/10485760 bytes at offset 3298534883328
10 MiB, X ops; XX:XX:XX.X (XXX YYY/sec and XXX ops/sec)
# Close dev
sudo cryptsetup -q -v luksClose qiotest-145-aes-256-cbc-plain64-sha256-sha1
# Delete image
unlink TEST_DIR/luks-aes-256-cbc-plain64-sha256-sha1.img
# ================= qemu-img aes-256-cbc-plain64-sha256-sha1 =================
# Create image
qemu-img create -f luks --object secret,id=sec0,data=MTIzNDU2,format=base64 -o key-secret=sec0,cipher-alg=aes-256,cipher-mode=cbc,ivgen-alg=plain64,hash-alg=sha1,ivgen-hash-alg=sha256 TEST_DIR/luks-aes-256-cbc-plain64-sha256-sha1.img 4194304M
Formatting 'TEST_DIR/luks-aes-256-cbc-plain64-sha256-sha1.img', fmt=luks size=4398046511104 key-secret=sec0 cipher-alg=aes-256 cipher-mode=cbc ivgen-alg=plain64 ivgen-hash-alg=sha256 hash-alg=sha1
# Open dev
sudo cryptsetup -q -v luksOpen TEST_DIR/luks-aes-256-cbc-plain64-sha256-sha1.img qiotest-145-aes-256-cbc-plain64-sha256-sha1
# Set dev owner
sudo chown UID:GID /dev/mapper/qiotest-145-aes-256-cbc-plain64-sha256-sha1
# Write test pattern 0xa7
qemu-io -c write -P 0xa7 100M 10M --image-opts driver=file,filename=/dev/mapper/qiotest-145-aes-256-cbc-plain64-sha256-sha1
wrote 10485760/10485760 bytes at offset 104857600
10 MiB, X ops; XX:XX:XX.X (XXX YYY/sec and XXX ops/sec)
# Write test pattern 0x13
qemu-io -c write -P 0x13 3145728M 10M --image-opts driver=file,filename=/dev/mapper/qiotest-145-aes-256-cbc-plain64-sha256-sha1
wrote 10485760/10485760 bytes at offset 3298534883328
10 MiB, X ops; XX:XX:XX.X (XXX YYY/sec and XXX ops/sec)
# Close dev
sudo cryptsetup -q -v luksClose qiotest-145-aes-256-cbc-plain64-sha256-sha1
# Read test pattern 0xa7
qemu-io -c read -P 0xa7 100M 10M --object secret,id=sec0,data=MTIzNDU2,format=base64 --image-opts driver=luks,key-secret=sec0,file.filename=TEST_DIR/luks-aes-256-cbc-plain64-sha256-sha1.img
read 10485760/10485760 bytes at offset 104857600
10 MiB, X ops; XX:XX:XX.X (XXX YYY/sec and XXX ops/sec)
# Read test pattern 0x13
qemu-io -c read -P 0x13 3145728M 10M --object secret,id=sec0,data=MTIzNDU2,format=base64 --image-opts driver=luks,key-secret=sec0,file.filename=TEST_DIR/luks-aes-256-cbc-plain64-sha256-sha1.img
read 10485760/10485760 bytes at offset 3298534883328
10 MiB, X ops; XX:XX:XX.X (XXX YYY/sec and XXX ops/sec)
# Write test pattern 0x91
qemu-io -c write -P 0x91 100M 10M --object secret,id=sec0,data=MTIzNDU2,format=base64 --image-opts driver=luks,key-secret=sec0,file.filename=TEST_DIR/luks-aes-256-cbc-plain64-sha256-sha1.img
wrote 10485760/10485760 bytes at offset 104857600
10 MiB, X ops; XX:XX:XX.X (XXX YYY/sec and XXX ops/sec)
# Write test pattern 0x5e
qemu-io -c write -P 0x5e 3145728M 10M --object secret,id=sec0,data=MTIzNDU2,format=base64 --image-opts driver=luks,key-secret=sec0,file.filename=TEST_DIR/luks-aes-256-cbc-plain64-sha256-sha1.img
wrote 10485760/10485760 bytes at offset 3298534883328
10 MiB, X ops; XX:XX:XX.X (XXX YYY/sec and XXX ops/sec)
# Open dev
sudo cryptsetup -q -v luksOpen TEST_DIR/luks-aes-256-cbc-plain64-sha256-sha1.img qiotest-145-aes-256-cbc-plain64-sha256-sha1
# Set dev owner
sudo chown UID:GID /dev/mapper/qiotest-145-aes-256-cbc-plain64-sha256-sha1
# Read test pattern 0x91
qemu-io -c read -P 0x91 100M 10M --image-opts driver=file,filename=/dev/mapper/qiotest-145-aes-256-cbc-plain64-sha256-sha1
read 10485760/10485760 bytes at offset 104857600
10 MiB, X ops; XX:XX:XX.X (XXX YYY/sec and XXX ops/sec)
# Read test pattern 0x5e
qemu-io -c read -P 0x5e 3145728M 10M --image-opts driver=file,filename=/dev/mapper/qiotest-145-aes-256-cbc-plain64-sha256-sha1
read 10485760/10485760 bytes at offset 3298534883328
10 MiB, X ops; XX:XX:XX.X (XXX YYY/sec and XXX ops/sec)
# Close dev
sudo cryptsetup -q -v luksClose qiotest-145-aes-256-cbc-plain64-sha256-sha1
# Delete image
unlink TEST_DIR/luks-aes-256-cbc-plain64-sha256-sha1.img

53
tests/test-crypto-hash.c
View File

@ -30,27 +30,56 @@
#define OUTPUT_MD5 "628d206371563035ab8ef62f492bdec9"
#define OUTPUT_SHA1 "b2e74f26758a3a421e509cee045244b78753cc02"
#define OUTPUT_SHA224 "e2f7415aad33ef79f6516b0986d7175f" \
"9ca3389a85bf6cfed078737b"
#define OUTPUT_SHA256 "bc757abb0436586f392b437e5dd24096" \
"f7f224de6b74d4d86e2abc6121b160d0"
#define OUTPUT_SHA384 "887ce52efb4f46700376356583b7e279" \
"4f612bd024e4495087ddb946c448c69d" \
"56dbf7152a94a5e63a80f3ba9f0eed78"
#define OUTPUT_SHA512 "3a90d79638235ec6c4c11bebd84d83c0" \
"549bc1e84edc4b6ec7086487641256cb" \
"63b54e4cb2d2032b393994aa263c0dbb" \
"e00a9f2fe9ef6037352232a1eec55ee7"
#define OUTPUT_RIPEMD160 "f3d658fad3fdfb2b52c9369cf0d441249ddfa8a0"
#define OUTPUT_MD5_B64 "Yo0gY3FWMDWrjvYvSSveyQ=="
#define OUTPUT_SHA1_B64 "sudPJnWKOkIeUJzuBFJEt4dTzAI="
#define OUTPUT_SHA224_B64 "4vdBWq0z73n2UWsJhtcXX5yjOJqFv2z+0Hhzew=="
#define OUTPUT_SHA256_B64 "vHV6uwQ2WG85K0N+XdJAlvfyJN5rdNTYbiq8YSGxYNA="
#define OUTPUT_SHA384_B64 "iHzlLvtPRnADdjVlg7fieU9hK9Ak5ElQh925RsRI" \
"xp1W2/cVKpSl5jqA87qfDu14"
#define OUTPUT_SHA512_B64 "OpDXljgjXsbEwRvr2E2DwFSbwehO3Etuxwhkh2QS" \
"VstjtU5MstIDKzk5lKomPA274AqfL+nvYDc1IjKh" \
"7sVe5w=="
#define OUTPUT_RIPEMD160_B64 "89ZY+tP9+ytSyTac8NRBJJ3fqKA="
static const char *expected_outputs[] = {
[QCRYPTO_HASH_ALG_MD5] = OUTPUT_MD5,
[QCRYPTO_HASH_ALG_SHA1] = OUTPUT_SHA1,
[QCRYPTO_HASH_ALG_SHA224] = OUTPUT_SHA224,
[QCRYPTO_HASH_ALG_SHA256] = OUTPUT_SHA256,
[QCRYPTO_HASH_ALG_SHA384] = OUTPUT_SHA384,
[QCRYPTO_HASH_ALG_SHA512] = OUTPUT_SHA512,
[QCRYPTO_HASH_ALG_RIPEMD160] = OUTPUT_RIPEMD160,
};
static const char *expected_outputs_b64[] = {
[QCRYPTO_HASH_ALG_MD5] = OUTPUT_MD5_B64,
[QCRYPTO_HASH_ALG_SHA1] = OUTPUT_SHA1_B64,
[QCRYPTO_HASH_ALG_SHA224] = OUTPUT_SHA224_B64,
[QCRYPTO_HASH_ALG_SHA256] = OUTPUT_SHA256_B64,
[QCRYPTO_HASH_ALG_SHA384] = OUTPUT_SHA384_B64,
[QCRYPTO_HASH_ALG_SHA512] = OUTPUT_SHA512_B64,
[QCRYPTO_HASH_ALG_RIPEMD160] = OUTPUT_RIPEMD160_B64,
};
static const int expected_lens[] = {
[QCRYPTO_HASH_ALG_MD5] = 16,
[QCRYPTO_HASH_ALG_SHA1] = 20,
[QCRYPTO_HASH_ALG_SHA224] = 28,
[QCRYPTO_HASH_ALG_SHA256] = 32,
[QCRYPTO_HASH_ALG_SHA384] = 48,
[QCRYPTO_HASH_ALG_SHA512] = 64,
[QCRYPTO_HASH_ALG_RIPEMD160] = 20,
};
static const char hex[] = "0123456789abcdef";
@ -68,6 +97,10 @@ static void test_hash_alloc(void)
int ret;
size_t j;
if (!qcrypto_hash_supports(i)) {
continue;
}
ret = qcrypto_hash_bytes(i,
INPUT_TEXT,
strlen(INPUT_TEXT),
@ -98,6 +131,10 @@ static void test_hash_prealloc(void)
int ret;
size_t j;
if (!qcrypto_hash_supports(i)) {
continue;
}
resultlen = expected_lens[i];
result = g_new0(uint8_t, resultlen);
@ -137,6 +174,10 @@ static void test_hash_iov(void)
int ret;
size_t j;
if (!qcrypto_hash_supports(i)) {
continue;
}
ret = qcrypto_hash_bytesv(i,
iov, 3,
&result,
@ -165,6 +206,10 @@ static void test_hash_digest(void)
char *digest;
size_t digestsize;
if (!qcrypto_hash_supports(i)) {
continue;
}
digestsize = qcrypto_hash_digest_len(i);
g_assert_cmpint(digestsize * 2, ==, strlen(expected_outputs[i]));
@ -175,7 +220,7 @@ static void test_hash_digest(void)
&digest,
NULL);
g_assert(ret == 0);
g_assert(g_str_equal(digest, expected_outputs[i]));
g_assert_cmpstr(digest, ==, expected_outputs[i]);
g_free(digest);
}
}
@ -191,13 +236,17 @@ static void test_hash_base64(void)
int ret;
char *digest;
if (!qcrypto_hash_supports(i)) {
continue;
}
ret = qcrypto_hash_base64(i,
INPUT_TEXT,
strlen(INPUT_TEXT),
&digest,
NULL);
g_assert(ret == 0);
g_assert(g_str_equal(digest, expected_outputs_b64[i]));
g_assert_cmpstr(digest, ==, expected_outputs_b64[i]);
g_free(digest);
}
}

18
tests/test-crypto-xts.c
View File

@ -340,7 +340,7 @@ static void test_xts_aes_decrypt(const void *ctx,
static void test_xts(const void *opaque)
{
const QCryptoXTSTestData *data = opaque;
unsigned char OUT[512], Torg[16], T[16];
unsigned char out[512], Torg[16], T[16];
uint64_t seq;
int j;
unsigned long len;
@ -371,38 +371,38 @@ static void test_xts(const void *opaque)
xts_encrypt(&aesdata, &aestweak,
test_xts_aes_encrypt,
test_xts_aes_decrypt,
T, data->PTLEN, OUT, data->PTX);
T, data->PTLEN, out, data->PTX);
} else {
xts_encrypt(&aesdata, &aestweak,
test_xts_aes_encrypt,
test_xts_aes_decrypt,
T, len, OUT, data->PTX);
T, len, out, data->PTX);
xts_encrypt(&aesdata, &aestweak,
test_xts_aes_encrypt,
test_xts_aes_decrypt,
T, len, &OUT[len], &data->PTX[len]);
T, len, &out[len], &data->PTX[len]);
}
g_assert(memcmp(OUT, data->CTX, data->PTLEN) == 0);
g_assert(memcmp(out, data->CTX, data->PTLEN) == 0);
memcpy(T, Torg, sizeof(T));
if (j == 0) {
xts_decrypt(&aesdata, &aestweak,
test_xts_aes_encrypt,
test_xts_aes_decrypt,
T, data->PTLEN, OUT, data->CTX);
T, data->PTLEN, out, data->CTX);
} else {
xts_decrypt(&aesdata, &aestweak,
test_xts_aes_encrypt,
test_xts_aes_decrypt,
T, len, OUT, data->CTX);
T, len, out, data->CTX);
xts_decrypt(&aesdata, &aestweak,
test_xts_aes_encrypt,
test_xts_aes_decrypt,
T, len, &OUT[len], &data->CTX[len]);
T, len, &out[len], &data->CTX[len]);
}
g_assert(memcmp(OUT, data->PTX, data->PTLEN) == 0);
g_assert(memcmp(out, data->PTX, data->PTLEN) == 0);
}
}