ShuriZma
/
xemu
mirror of https://github.com/xemu-project/xemu.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

Misc crypto subsystem fixes 

* Improve error message for large files when creating LUKS volumes
 * Expand crypto hash benchmark coverage
 * Misc code refactoring with no functional change
 -----BEGIN PGP SIGNATURE-----
 
 iQIzBAABCAAdFiEE2vOm/bJrYpEtDo4/vobrtBUQT98FAl6z944ACgkQvobrtBUQ
 T9/uvRAAkjPDe9ZG4u1VR3ObBzrzRiIAJFLKNNuh2Yo+bRtJO01Jw7pQcfO07Av7
 KJDkbZEXyHw4ckzbYGUp5M21CzxE/gFdDBn2qKssHC2mtMiVHkN9gObZSaab6euZ
 CCPIk5//IjTUArBL7ReIUL8KX/iKy4DhVsSWFODtp8ISlhdGeqkgmQ2oWBy9BAUR
 P9Vg6a0DUaRRwk1KSK1CCO0F59IKLh6yNRemqguz+g1Celk+rMOdEhqC4w7GiPzy
 w6LiYlg7+BZrVpZHzZmOWQTloXGyqhftznLQ7tJqKzHIKOJ8jQGYO0YCcS+JCZ2s
 acJMjk2yyM38wavhgaieHGx/Wpl5rZtCAM7SzKYjAyXzUaL6fHhi81oz23inz7jx
 nvR2WUDA0QBY8mvMzRTEy6DyreMpE9NGjKPrT6ozDkiCkQu8yVkRrtUfFYDyy52B
 B4k2ML9frJzHFXj+v26fZaz42o9vplYCZMuQ4+Fh5knCXxU+AEuUw7MWDpSQrOc6
 rpuy89G41uk6zZbfI5YdrGcJgxJ0UYk/tyR3/OPvqURvzlAdn+RjAZsPYc6P1Tdd
 A7wcMi6Tf9TezQxFsPNpB7khFKEvUFOhIWcXXJ5BHL9QAJInBrGURp1A16LyJigD
 kdwxC0XpB3JqLPnnm6j+TghcUuH9pWhMqxrYpwOrOCyczrXgZdQ=
 =r3dr
 -----END PGP SIGNATURE-----

Merge remote-tracking branch 'remotes/berrange/tags/qcrypto-next-pull-request' into staging

Misc crypto subsystem fixes

* Improve error message for large files when creating LUKS volumes
* Expand crypto hash benchmark coverage
* Misc code refactoring with no functional change

# gpg: Signature made Thu 07 May 2020 12:57:02 BST
# gpg:                using RSA key DAF3A6FDB26B62912D0E8E3FBE86EBB415104FDF
# gpg: Good signature from "Daniel P. Berrange <dan@berrange.com>" [full]
# gpg:                 aka "Daniel P. Berrange <berrange@redhat.com>" [full]
# Primary key fingerprint: DAF3 A6FD B26B 6291 2D0E  8E3F BE86 EBB4 1510 4FDF

* remotes/berrange/tags/qcrypto-next-pull-request:
  crypto: extend hash benchmark to cover more algorithms
  block: luks: better error message when creating too large files
  crypto: Redundant type conversion for AES_KEY pointer
  crypto/secret: fix inconsequential errors.
  crypto: fix getter of a QCryptoSecret's property

Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
This commit is contained in:
Peter Maydell 2020-05-07 14:30:12 +01:00
parent b894c6ed4a 6022e15d14
commit 3c7adbc67d
4 changed files with 87 additions and 26 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

25
block/crypto.c
View File

@ -104,18 +104,35 @@ static ssize_t block_crypto_init_func(QCryptoBlock *block,
Error **errp)
{
struct BlockCryptoCreateData *data = opaque;
Error *local_error = NULL;
int ret;
if (data->size > INT64_MAX || headerlen > INT64_MAX - data->size) {
error_setg(errp, "The requested file size is too large");
return -EFBIG;
ret = -EFBIG;
goto error;
}
/* User provided size should reflect amount of space made
* available to the guest, so we must take account of that
* which will be used by the crypto header
*/
return blk_truncate(data->blk, data->size + headerlen, false,
data->prealloc, 0, errp);
ret = blk_truncate(data->blk, data->size + headerlen, false,
data->prealloc, 0, &local_error);
if (ret >= 0) {
return ret;
}
error:
if (ret == -EFBIG) {
/* Replace the error message with a better one */
error_free(local_error);
error_setg(errp, "The requested file size is too large");
} else {
error_propagate(errp, local_error);
}
return ret;
}

10
crypto/cipher-builtin.c
View File

@ -74,7 +74,7 @@ static void qcrypto_cipher_free_aes(QCryptoCipher *cipher)
}
static void qcrypto_cipher_aes_ecb_encrypt(AES_KEY *key,
static void qcrypto_cipher_aes_ecb_encrypt(const AES_KEY *key,
const void *in,
void *out,
size_t len)
@ -100,7 +100,7 @@ static void qcrypto_cipher_aes_ecb_encrypt(AES_KEY *key,
}
static void qcrypto_cipher_aes_ecb_decrypt(AES_KEY *key,
static void qcrypto_cipher_aes_ecb_decrypt(const AES_KEY *key,
const void *in,
void *out,
size_t len)
@ -133,8 +133,7 @@ static void qcrypto_cipher_aes_xts_encrypt(const void *ctx,
{
const QCryptoCipherBuiltinAESContext *aesctx = ctx;
qcrypto_cipher_aes_ecb_encrypt((AES_KEY *)&aesctx->enc,
src, dst, length);
qcrypto_cipher_aes_ecb_encrypt(&aesctx->enc, src, dst, length);
}
@ -145,8 +144,7 @@ static void qcrypto_cipher_aes_xts_decrypt(const void *ctx,
{
const QCryptoCipherBuiltinAESContext *aesctx = ctx;
qcrypto_cipher_aes_ecb_decrypt((AES_KEY *)&aesctx->dec,
src, dst, length);
qcrypto_cipher_aes_ecb_decrypt(&aesctx->dec, src, dst, length);
}

5
crypto/secret.c
View File

@ -204,7 +204,7 @@ qcrypto_secret_prop_set_loaded(Object *obj,
input = output;
inputlen = outputlen;
} else {
if (secret->format != QCRYPTO_SECRET_FORMAT_RAW) {
if (secret->format == QCRYPTO_SECRET_FORMAT_BASE64) {
qcrypto_secret_decode(input, inputlen,
&output, &outputlen, &local_err);
g_free(input);
@ -221,6 +221,7 @@ qcrypto_secret_prop_set_loaded(Object *obj,
secret->rawlen = inputlen;
} else {
g_free(secret->rawdata);
secret->rawdata = NULL;
secret->rawlen = 0;
}
}
@ -231,7 +232,7 @@ qcrypto_secret_prop_get_loaded(Object *obj,
Error **errp G_GNUC_UNUSED)
{
QCryptoSecret *secret = QCRYPTO_SECRET(obj);
return secret->data != NULL;
return secret->rawdata != NULL;
}

73
tests/benchmark-crypto-hash.c
View File

@ -15,9 +15,14 @@
#include "crypto/init.h"
#include "crypto/hash.h"
typedef struct QCryptoHashOpts {
size_t chunk_size;
QCryptoHashAlgorithm alg;
} QCryptoHashOpts;
static void test_hash_speed(const void *opaque)
{
size_t chunk_size = (size_t)opaque;
const QCryptoHashOpts *opts = opaque;
uint8_t *in = NULL, *out = NULL;
size_t out_len = 0;
const size_t total = 2 * GiB;
@ -25,26 +30,24 @@ static void test_hash_speed(const void *opaque)
struct iovec iov;
int ret;
in = g_new0(uint8_t, chunk_size);
memset(in, g_test_rand_int(), chunk_size);
in = g_new0(uint8_t, opts->chunk_size);
memset(in, g_test_rand_int(), opts->chunk_size);
iov.iov_base = (char *)in;
iov.iov_len = chunk_size;
iov.iov_len = opts->chunk_size;
g_test_timer_start();
remain = total;
while (remain) {
ret = qcrypto_hash_bytesv(QCRYPTO_HASH_ALG_SHA256,
ret = qcrypto_hash_bytesv(opts->alg,
&iov, 1, &out, &out_len,
NULL);
g_assert(ret == 0);
remain -= chunk_size;
remain -= opts->chunk_size;
}
g_test_timer_elapsed();
g_print("sha256: ");
g_print("Hash %zu GB chunk size %zu bytes ", total / GiB, chunk_size);
g_print("%.2f MB/sec ", (double)total / MiB / g_test_timer_last());
g_free(out);
@ -53,17 +56,59 @@ static void test_hash_speed(const void *opaque)
int main(int argc, char **argv)
{
size_t i;
char name[64];
g_test_init(&argc, &argv, NULL);
g_assert(qcrypto_init(NULL) == 0);
for (i = 512; i <= 64 * KiB; i *= 2) {
memset(name, 0 , sizeof(name));
snprintf(name, sizeof(name), "/crypto/hash/speed-%zu", i);
g_test_add_data_func(name, (void *)i, test_hash_speed);
}
#define TEST_ONE(a, c) \
QCryptoHashOpts opts ## a ## c = { \
.alg = QCRYPTO_HASH_ALG_ ## a, .chunk_size = c, \
}; \
memset(name, 0 , sizeof(name)); \
snprintf(name, sizeof(name), \
"/crypto/benchmark/hash/%s/bufsize-%d", \
QCryptoHashAlgorithm_str(QCRYPTO_HASH_ALG_ ## a), \
c); \
if (qcrypto_hash_supports(QCRYPTO_HASH_ALG_ ## a)) \
g_test_add_data_func(name, \
&opts ## a ## c, \
test_hash_speed);
TEST_ONE(MD5, 512);
TEST_ONE(MD5, 1024);
TEST_ONE(MD5, 4096);
TEST_ONE(MD5, 16384);
TEST_ONE(SHA1, 512);
TEST_ONE(SHA1, 1024);
TEST_ONE(SHA1, 4096);
TEST_ONE(SHA1, 16384);
TEST_ONE(SHA224, 512);
TEST_ONE(SHA224, 1024);
TEST_ONE(SHA224, 4096);
TEST_ONE(SHA224, 16384);
TEST_ONE(SHA384, 512);
TEST_ONE(SHA384, 1024);
TEST_ONE(SHA384, 4096);
TEST_ONE(SHA384, 16384);
TEST_ONE(SHA256, 512);
TEST_ONE(SHA256, 1024);
TEST_ONE(SHA256, 4096);
TEST_ONE(SHA256, 16384);
TEST_ONE(SHA512, 512);
TEST_ONE(SHA512, 1024);
TEST_ONE(SHA512, 4096);
TEST_ONE(SHA512, 16384);
TEST_ONE(RIPEMD160, 512);
TEST_ONE(RIPEMD160, 1024);
TEST_ONE(RIPEMD160, 4096);
TEST_ONE(RIPEMD160, 16384);
return g_test_run();
}