ShuriZma
/
xqemu
mirror of https://github.com/xqemu/xqemu.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

crypto: extend mode as a parameter in qcrypto_cipher_supports() 

It can't guarantee all cipher modes are supported
if one cipher algorithm is supported by a backend.
Let's extend qcrypto_cipher_supports() to take both
the algorithm and mode as parameters.

Signed-off-by: Gonglei <arei.gonglei@huawei.com>
Signed-off-by: Daniel P. Berrange <berrange@redhat.com>
This commit is contained in:
Gonglei 2016-09-26 17:23:21 +08:00 committed by Daniel P. Berrange
parent e8ddc2eae5
commit f844836ddc
8 changed files with 47 additions and 9 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

3
block/qcow.c
View File

@ -153,7 +153,8 @@ static int qcow_open(BlockDriverState *bs, QDict *options, int flags,
ret = -EINVAL; ret = -EINVAL;
goto fail; goto fail;
} }
if (!qcrypto_cipher_supports(QCRYPTO_CIPHER_ALG_AES_128)) { if (!qcrypto_cipher_supports(QCRYPTO_CIPHER_ALG_AES_128,
QCRYPTO_CIPHER_MODE_CBC)) {
error_setg(errp, "AES cipher not available"); error_setg(errp, "AES cipher not available");
ret = -EINVAL; ret = -EINVAL;
goto fail; goto fail;

3
block/qcow2.c
View File

@ -959,7 +959,8 @@ static int qcow2_open(BlockDriverState *bs, QDict *options, int flags,
ret = -EINVAL; ret = -EINVAL;
goto fail; goto fail;
} }
if (!qcrypto_cipher_supports(QCRYPTO_CIPHER_ALG_AES_128)) { if (!qcrypto_cipher_supports(QCRYPTO_CIPHER_ALG_AES_128,
QCRYPTO_CIPHER_MODE_CBC)) {
error_setg(errp, "AES cipher not available"); error_setg(errp, "AES cipher not available");
ret = -EINVAL; ret = -EINVAL;
goto fail; goto fail;

14
crypto/cipher-builtin.c
View File

@ -400,14 +400,26 @@ static int qcrypto_cipher_init_des_rfb(QCryptoCipher *cipher,
} }
bool qcrypto_cipher_supports(QCryptoCipherAlgorithm alg) bool qcrypto_cipher_supports(QCryptoCipherAlgorithm alg,
QCryptoCipherMode mode)
{ {
switch (alg) { switch (alg) {
case QCRYPTO_CIPHER_ALG_DES_RFB: case QCRYPTO_CIPHER_ALG_DES_RFB:
case QCRYPTO_CIPHER_ALG_AES_128: case QCRYPTO_CIPHER_ALG_AES_128:
case QCRYPTO_CIPHER_ALG_AES_192: case QCRYPTO_CIPHER_ALG_AES_192:
case QCRYPTO_CIPHER_ALG_AES_256: case QCRYPTO_CIPHER_ALG_AES_256:
break;
default:
return false;
}
switch (mode) {
case QCRYPTO_CIPHER_MODE_ECB:
case QCRYPTO_CIPHER_MODE_CBC:
case QCRYPTO_CIPHER_MODE_XTS:
return true; return true;
case QCRYPTO_CIPHER_MODE_CTR:
return false;
default: default:
return false; return false;
} }

13
crypto/cipher-gcrypt.c
View File

@ -24,7 +24,8 @@
#include <gcrypt.h> #include <gcrypt.h>
bool qcrypto_cipher_supports(QCryptoCipherAlgorithm alg) bool qcrypto_cipher_supports(QCryptoCipherAlgorithm alg,
QCryptoCipherMode mode)
{ {
switch (alg) { switch (alg) {
case QCRYPTO_CIPHER_ALG_DES_RFB: case QCRYPTO_CIPHER_ALG_DES_RFB:
@ -37,6 +38,16 @@ bool qcrypto_cipher_supports(QCryptoCipherAlgorithm alg)
case QCRYPTO_CIPHER_ALG_SERPENT_256: case QCRYPTO_CIPHER_ALG_SERPENT_256:
case QCRYPTO_CIPHER_ALG_TWOFISH_128: case QCRYPTO_CIPHER_ALG_TWOFISH_128:
case QCRYPTO_CIPHER_ALG_TWOFISH_256: case QCRYPTO_CIPHER_ALG_TWOFISH_256:
break;
default:
return false;
}
switch (mode) {
case QCRYPTO_CIPHER_MODE_ECB:
case QCRYPTO_CIPHER_MODE_CBC:
case QCRYPTO_CIPHER_MODE_XTS:
case QCRYPTO_CIPHER_MODE_CTR:
return true; return true;
default: default:
return false; return false;

13
crypto/cipher-nettle.c
View File

@ -191,7 +191,8 @@ struct QCryptoCipherNettle {
size_t blocksize; size_t blocksize;
}; };
bool qcrypto_cipher_supports(QCryptoCipherAlgorithm alg) bool qcrypto_cipher_supports(QCryptoCipherAlgorithm alg,
QCryptoCipherMode mode)
{ {
switch (alg) { switch (alg) {
case QCRYPTO_CIPHER_ALG_DES_RFB: case QCRYPTO_CIPHER_ALG_DES_RFB:
@ -205,6 +206,16 @@ bool qcrypto_cipher_supports(QCryptoCipherAlgorithm alg)
case QCRYPTO_CIPHER_ALG_TWOFISH_128: case QCRYPTO_CIPHER_ALG_TWOFISH_128:
case QCRYPTO_CIPHER_ALG_TWOFISH_192: case QCRYPTO_CIPHER_ALG_TWOFISH_192:
case QCRYPTO_CIPHER_ALG_TWOFISH_256: case QCRYPTO_CIPHER_ALG_TWOFISH_256:
break;
default:
return false;
}
switch (mode) {
case QCRYPTO_CIPHER_MODE_ECB:
case QCRYPTO_CIPHER_MODE_CBC:
case QCRYPTO_CIPHER_MODE_XTS:
case QCRYPTO_CIPHER_MODE_CTR:
return true; return true;
default: default:
return false; return false;

6
include/crypto/cipher.h
View File

@ -85,13 +85,15 @@ struct QCryptoCipher {
/** /**
* qcrypto_cipher_supports: * qcrypto_cipher_supports:
* @alg: the cipher algorithm * @alg: the cipher algorithm
* @mode: the cipher mode
* *
* Determine if @alg cipher algorithm is supported by the * Determine if @alg cipher algorithm in @mode is supported by the
* current configured build * current configured build
* *
* Returns: true if the algorithm is supported, false otherwise * Returns: true if the algorithm is supported, false otherwise
*/ */
bool qcrypto_cipher_supports(QCryptoCipherAlgorithm alg); bool qcrypto_cipher_supports(QCryptoCipherAlgorithm alg,
QCryptoCipherMode mode);
/** /**
* qcrypto_cipher_get_block_len: * qcrypto_cipher_get_block_len:

2
tests/test-crypto-cipher.c
View File

@ -616,7 +616,7 @@ int main(int argc, char **argv)
g_assert(qcrypto_init(NULL) == 0); g_assert(qcrypto_init(NULL) == 0);
for (i = 0; i < G_N_ELEMENTS(test_data); i++) { for (i = 0; i < G_N_ELEMENTS(test_data); i++) {
if (qcrypto_cipher_supports(test_data[i].alg)) { if (qcrypto_cipher_supports(test_data[i].alg, test_data[i].mode)) {
g_test_add_data_func(test_data[i].path, &test_data[i], test_cipher); g_test_add_data_func(test_data[i].path, &test_data[i], test_cipher);
} }
} }

2
ui/vnc.c
View File

@ -3606,7 +3606,7 @@ void vnc_display_open(const char *id, Error **errp)
goto fail; goto fail;
} }
if (!qcrypto_cipher_supports( if (!qcrypto_cipher_supports(
QCRYPTO_CIPHER_ALG_DES_RFB)) { QCRYPTO_CIPHER_ALG_DES_RFB, QCRYPTO_CIPHER_MODE_ECB)) {
error_setg(errp, error_setg(errp,
"Cipher backend does not support DES RFB algorithm"); "Cipher backend does not support DES RFB algorithm");
goto fail; goto fail;