aboutsummaryrefslogtreecommitdiff
path: root/crypto
AgeCommit message (Collapse)Author
2021-06-02crypto: drop used conditional checkDaniel P. Berrangé
The condition being tested has never been set since the day the code was first introduced. Reviewed-by: Willian Rampazzo <willianr@redhat.com> Reviewed-by: Richard Henderson <richard.henderson@linaro.org> Signed-off-by: Daniel P. Berrangé <berrange@redhat.com> Message-Id: <20210514120415.1368922-8-berrange@redhat.com> Signed-off-by: Thomas Huth <thuth@redhat.com>
2021-06-02crypto: bump min gcrypt to 1.8.0, dropping RHEL-7 supportDaniel P. Berrangé
It has been over two years since RHEL-8 was released, and thus per the platform build policy, we no longer need to support RHEL-7 as a build target. This lets us increment the minimum required gcrypt version and assume that HMAC is always supported Per repology, current shipping versions are: RHEL-8: 1.8.5 Debian Buster: 1.8.4 openSUSE Leap 15.2: 1.8.2 Ubuntu LTS 18.04: 1.8.1 Ubuntu LTS 20.04: 1.8.5 FreeBSD: 1.9.2 Fedora 33: 1.8.6 Fedora 34: 1.9.3 OpenBSD: 1.9.3 macOS HomeBrew: 1.9.3 Ubuntu LTS 18.04 has the oldest version and so 1.8.0 is the new minimum. Signed-off-by: Daniel P. Berrangé <berrange@redhat.com> Message-Id: <20210514120415.1368922-6-berrange@redhat.com> Reviewed-by: Thomas Huth <thuth@redhat.com> [thuth: rebased to use .gitlab-ci.d/buildtest.yml] Signed-off-by: Thomas Huth <thuth@redhat.com>
2021-06-02crypto: drop back compatibility typedefs for nettleDaniel P. Berrangé
Now that we only support modern nettle, we don't need to have local typedefs to mask the real nettle types. Reviewed-by: Thomas Huth <thuth@redhat.com> Reviewed-by: Richard Henderson <richard.henderson@linaro.org> Signed-off-by: Daniel P. Berrangé <berrange@redhat.com> Message-Id: <20210514120415.1368922-5-berrange@redhat.com> Reviewed-by: Willian Rampazzo <willianr@redhat.com> Signed-off-by: Thomas Huth <thuth@redhat.com>
2021-06-02crypto: bump min nettle to 3.4, dropping RHEL-7 supportDaniel P. Berrangé
It has been over two years since RHEL-8 was released, and thus per the platform build policy, we no longer need to support RHEL-7 as a build target. This lets us increment the minimum required nettle version and drop a lot of backwards compatibility code for 2.x series of nettle. Per repology, current shipping versions are: RHEL-8: 3.4.1 Debian Buster: 3.4.1 openSUSE Leap 15.2: 3.4.1 Ubuntu LTS 18.04: 3.4 Ubuntu LTS 20.04: 3.5.1 FreeBSD: 3.7.2 Fedora 33: 3.5.1 Fedora 34: 3.7.2 OpenBSD: 3.7.2 macOS HomeBrew: 3.7.2 Ubuntu LTS 18.04 has the oldest version and so 3.4 is the new minimum. Signed-off-by: Daniel P. Berrangé <berrange@redhat.com> Message-Id: <20210514120415.1368922-4-berrange@redhat.com> Reviewed-by: Thomas Huth <thuth@redhat.com> Reviewed-by: Willian Rampazzo <willianr@redhat.com> [thuth: rebased to use .gitlab-ci.d/buildtest.yml] Signed-off-by: Thomas Huth <thuth@redhat.com>
2021-06-02docs: fix references to docs/devel/tracing.rstStefano Garzarella
Commit e50caf4a5c ("tracing: convert documentation to rST") converted docs/devel/tracing.txt to docs/devel/tracing.rst. We still have several references to the old file, so let's fix them with the following command: sed -i s/tracing.txt/tracing.rst/ $(git grep -l docs/devel/tracing.txt) Signed-off-by: Stefano Garzarella <sgarzare@redhat.com> Reviewed-by: Philippe Mathieu-Daudé <philmd@redhat.com> Message-Id: <20210517151702.109066-2-sgarzare@redhat.com> Signed-off-by: Thomas Huth <thuth@redhat.com>
2021-03-23crypto: add reload for QCryptoTLSCredsClassZihao Chang
This patch adds reload interface for QCryptoTLSCredsClass and implements the interface for QCryptoTLSCredsX509. Signed-off-by: Zihao Chang <changzihao1@huawei.com> Acked-by: Daniel P. Berrangé <berrange@redhat.com> Message-Id: <20210316075845.1476-2-changzihao1@huawei.com> Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>
2021-01-29crypto: Add spaces around operatorshiliyang
I am reading crypto related code, find some code style problems while using checkpatch.pl to check crypto folder. Fix the error style problems. Signed-off-by: Liyang Shi <shiliyang@huawei.com> Signed-off-by: Daniel P. Berrangé <berrange@redhat.com>
2021-01-29crypto: Fix memory leaks in set_loaded for tls-*Kevin Wolf
If you set the loaded property to true when it was already true, the state is overwritten without freeing the old state first. Change the set_loaded callback so that it always frees the old state (which is a no-op if nothing was loaded) and only then load if requestsd. Signed-off-by: Kevin Wolf <kwolf@redhat.com> Signed-off-by: Daniel P. Berrangé <berrange@redhat.com>
2021-01-29crypto: Forbid broken unloading of secretsKevin Wolf
qcrypto_secret_prop_set_loaded() forgets to reset secret->rawdata after unloading a secret, which will lead to a double free at some point. Because there is no use case for unloading an already loaded secret (apart from deleting the whole secret object) and we know that nobody could use this because it would lead to crashes, let's just forbid the operation instead of fixing the unloading. Eventually, we'll want to get rid of 'loaded' in the external interface, but for the meantime this is more consistent with rng, which has a similar property 'opened' that also can't be reset to false after it became true. Signed-off-by: Kevin Wolf <kwolf@redhat.com> Signed-off-by: Daniel P. Berrangé <berrange@redhat.com>
2021-01-29crypto: Move USER_CREATABLE to secret_common base classKevin Wolf
Instead of duplicating the code for user creatable objects in secret and secret_keyring, move it to the common base clase secret_common. As the base class is abstract, it won't become user creatable itself. Signed-off-by: Kevin Wolf <kwolf@redhat.com> Signed-off-by: Daniel P. Berrangé <berrange@redhat.com>
2021-01-29crypto: Fix some code style problems, add spaces around operatorshiliyang
This patch fixes error style problems found by checkpatch.pl: ERROR: spaces required around that '*' ERROR: space required after that ',' ERROR: spaces required around that '|' Reviewed-by: Philippe Mathieu-Daudé <philmd@redhat.com> Signed-off-by: Liyang Shi <shiliyang@huawei.com> Signed-off-by: Daniel P. Berrangé <berrange@redhat.com>
2021-01-28qapi: Use QAPI_LIST_APPEND in trivial casesEric Blake
The easiest spots to use QAPI_LIST_APPEND are where we already have an obvious pointer to the tail of a list. While at it, consistently use the variable name 'tail' for that purpose. Signed-off-by: Eric Blake <eblake@redhat.com> Reviewed-by: Vladimir Sementsov-Ogievskiy <vsementsov@virtuozzo.com> Reviewed-by: Markus Armbruster <armbru@redhat.com> Message-Id: <20210113221013.390592-5-eblake@redhat.com> Signed-off-by: Markus Armbruster <armbru@redhat.com>
2020-10-12crypto: Move the creation of the library to the main meson.buildPhilippe Mathieu-Daudé
Be consistent creating all the libraries in the main meson.build file. Suggested-by: Paolo Bonzini <pbonzini@redhat.com> Signed-off-by: Philippe Mathieu-Daudé <philmd@redhat.com> Message-Id: <20201006125602.2311423-8-philmd@redhat.com> Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
2020-09-18qom: Remove ParentClassType argument from OBJECT_DECLARE_SIMPLE_TYPEEduardo Habkost
The requirement to specify the parent class type makes the macro harder to use and easy to misuse (silent bugs can be introduced if the wrong struct type is specified). Simplify the macro by just not declaring any class struct, allowing us to remove the class_size field from the TypeInfo variables for those types. Signed-off-by: Eduardo Habkost <ehabkost@redhat.com> Reviewed-by: Philippe Mathieu-Daudé <philmd@redhat.com> Message-Id: <20200916182519.415636-3-ehabkost@redhat.com> Signed-off-by: Eduardo Habkost <ehabkost@redhat.com>
2020-09-10crypto/gcrypt: Split QCryptoCipherGcrypt into subclassesRichard Henderson
With gcrypt, most of the dispatch happens in the library, so there aren't many classes to create. However, we can still create separate dispatch for CTR mode, and for CONFIG_QEMU_PRIVATE_XTS, which avoids needing to check for these modes at runtime. Signed-off-by: Richard Henderson <richard.henderson@linaro.org> Signed-off-by: Daniel P. Berrangé <berrange@redhat.com>
2020-09-10crypto/nettle: Split QCryptoCipherNettle into subclassesRichard Henderson
Use separate classes for each cipher entry point: des_rfb, des3, aes128, aes192, aes256, cast128, serpent, and twofish. Generate wrappers for XTS only for CONFIG_QEMU_PRIVATE_XTS. This eliminates unreachable wrappers for DES_RFB, DES3 and CAST128, which have blocksizes that do not allow XTS mode. Signed-off-by: Richard Henderson <richard.henderson@linaro.org> Signed-off-by: Daniel P. Berrangé <berrange@redhat.com>
2020-09-10crypto/builtin: Split QCryptoCipherBuiltin into subclassesRichard Henderson
We had a second set of function pointers in QCryptoCipherBuiltin, which are redundant with QCryptoCipherDriver. Split the AES and DES implementations to avoid one level of indirection. Signed-off-by: Richard Henderson <richard.henderson@linaro.org> Signed-off-by: Daniel P. Berrangé <berrange@redhat.com>
2020-09-10crypto/builtin: Split and simplify AES_encrypt_cbcRichard Henderson
Split into encrypt/decrypt functions, dropping the "enc" argument. Now that the function is private to this file, we know that "len" is a multiple of AES_BLOCK_SIZE. So drop the odd block size code. Name the functions do_aes_*crypt_cbc to match the *_ecb functions. Reorder and re-type the arguments to match as well. Signed-off-by: Richard Henderson <richard.henderson@linaro.org> Signed-off-by: Daniel P. Berrangé <berrange@redhat.com>
2020-09-10crypto/builtin: Move AES_cbc_encrypt into cipher-builtin.inc.cRichard Henderson
By making the function private, we will be able to make further simplifications. Re-indent the migrated code and fix the missing braces for CODING_STYLE. Reviewed-by: Philippe Mathieu-Daudé <philmd@redhat.com> Signed-off-by: Richard Henderson <richard.henderson@linaro.org> Signed-off-by: Daniel P. Berrangé <berrange@redhat.com>
2020-09-10crypto/builtin: Merge qcrypto_cipher_aes_{ecb,xts}_{en,de}cryptRichard Henderson
There's no real reason we need two separate helper functions here. Standardize on the function signature required for xts_encrypt. Rename to do_aes_{en,de}crypt_ecb, since the helper does not itself do anything with respect to xts. Reviewed-by: Philippe Mathieu-Daudé <philmd@redhat.com> Signed-off-by: Richard Henderson <richard.henderson@linaro.org> Signed-off-by: Daniel P. Berrangé <berrange@redhat.com>
2020-09-10crypto/builtin: Remove odd-sized AES block handlingRichard Henderson
We verified that the data block is properly sized modulo AES_BLOCK_SIZE within qcrypto_builtin_cipher_{en,de}crypt. Therefore we will never have to handle odd sized blocks. Signed-off-by: Richard Henderson <richard.henderson@linaro.org> Signed-off-by: Daniel P. Berrangé <berrange@redhat.com>
2020-09-10crypto: Constify cipher data tablesRichard Henderson
Reviewed-by: Philippe Mathieu-Daudé <philmd@redhat.com> Signed-off-by: Richard Henderson <richard.henderson@linaro.org> Signed-off-by: Daniel P. Berrangé <berrange@redhat.com>
2020-09-10crypto: Move cipher->driver init to qcrypto_*_cipher_ctx_newRichard Henderson
The class vtable should be set by the class initializer. This will also allow additional subclassing, reducing the amount of indirection in the hierarchy. Signed-off-by: Richard Henderson <richard.henderson@linaro.org> Signed-off-by: Daniel P. Berrangé <berrange@redhat.com>
2020-09-10crypto: Allocate QCryptoCipher with the subclassRichard Henderson
Merge the allocation of "opaque" into the allocation of "cipher". This is step one in reducing the indirection in these classes. Signed-off-by: Richard Henderson <richard.henderson@linaro.org> Signed-off-by: Daniel P. Berrangé <berrange@redhat.com>
2020-09-10crypto: Use the correct const type for driverRichard Henderson
This allows the in memory structures to be read-only. Signed-off-by: Richard Henderson <richard.henderson@linaro.org> Signed-off-by: Daniel P. Berrangé <berrange@redhat.com>
2020-09-10crypto: Move QCryptoCipherDriver typedef to crypto/cipher.hRichard Henderson
Allow the use in QCryptoCipher to be properly typed with the opaque struct pointer. Signed-off-by: Richard Henderson <richard.henderson@linaro.org> Signed-off-by: Daniel P. Berrangé <berrange@redhat.com>
2020-09-10crypto/nettle: Fix xts_encrypt argumentsRichard Henderson
The fourth argument to xts_encrypt should be the decrypt callback; we were accidentally passing encrypt twice. Signed-off-by: Richard Henderson <richard.henderson@linaro.org> Signed-off-by: Daniel P. Berrangé <berrange@redhat.com>
2020-09-10crypto: Remove redundant includesRichard Henderson
Both qemu/osdep.h and cipherpriv.h have already been included by the parent cipher.c. Reviewed-by: Philippe Mathieu-Daudé <philmd@redhat.com> Signed-off-by: Richard Henderson <richard.henderson@linaro.org> Signed-off-by: Daniel P. Berrangé <berrange@redhat.com>
2020-09-10crypto: Rename cipher include files to .c.incRichard Henderson
QEMU standard procedure for included c files is to use *.c.inc. E.g. there are a different set of checks that are applied. Reviewed-by: Philippe Mathieu-Daudé <philmd@redhat.com> Signed-off-by: Richard Henderson <richard.henderson@linaro.org> Signed-off-by: Daniel P. Berrangé <berrange@redhat.com>
2020-09-10crypto: Assume blocksize is a power of 2Richard Henderson
The check in the encode/decode path using full division has a noticeable amount of overhead. By asserting the blocksize is a power of 2, we can reduce this check to a mask. Signed-off-by: Richard Henderson <richard.henderson@linaro.org> Signed-off-by: Daniel P. Berrangé <berrange@redhat.com>
2020-09-07crypto: fix build with gcrypt enabledDaniel P. Berrangé
If nettle is disabled and gcrypt enabled, the compiler and linker flags needed for gcrypt are not passed. Gnutls was also not added as a dependancy when gcrypt is enabled. Attempting to add the library dependencies at the same time as the source dependencies is error prone, as there are alot of different rules for picking which sources to use, and some of the source files use code level conditionals intead. It is thus clearer to add the library dependencies separately. Signed-off-by: Daniel P. Berrangé <berrange@redhat.com> Message-Id: <20200901133050.381844-2-berrange@redhat.com> Reviewed-by: Alex Bennée <alex.bennee@linaro.org> Tested-by: Alex Bennée <alex.bennee@linaro.org> Tested-by: Richard Henderson <richard.henderson@linaro.org> Reviewed-by: Richard Henderson <richard.henderson@linaro.org> Signed-off-by: Thomas Huth <thuth@redhat.com>
2020-09-02tls-cipher-suites: Correct instance_sizeEduardo Habkost
We do have a QCryptoTLSCipherSuites struct. It must be used when setting instance_size of the QOM type. Luckily this never caused problems because the QCryptoTLSCipherSuites struct has only a parent_obj field and nothing else. Signed-off-by: Eduardo Habkost <ehabkost@redhat.com> Reviewed-by: Daniel P. Berrangé <berrange@redhat.com> Message-Id: <20200826171005.4055015-5-ehabkost@redhat.com> Signed-off-by: Eduardo Habkost <ehabkost@redhat.com>
2020-08-21meson: convert crypto directory to MesonMarc-André Lureau
Signed-off-by: Marc-André Lureau <marcandre.lureau@redhat.com> Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
2020-08-21libqemuutil, qapi, trace: convert to mesonPaolo Bonzini
This shows how to do some "computations" in meson.build using its array and dictionary data structures, and also a basic usage of the sourceset module for conditional compilation. Notice the new "if have_system" part of util/meson.build, which fixes a bug in the old build system was buggy: util/dbus.c was built even for non-softmmu builds, but the dependency on -lgio was lost when the linking was done through libqemuutil.a. Because all of its users required gio otherwise, the bug was hidden. Meson instead propagates libqemuutil's dependencies down to its users, and shows the problem. Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
2020-08-21trace: switch position of headers to what Meson requiresPaolo Bonzini
Meson doesn't enjoy the same flexibility we have with Make in choosing the include path. In particular the tracing headers are using $(build_root)/$(<D). In order to keep the include directives unchanged, the simplest solution is to generate headers with patterns like "trace/trace-audio.h" and place forwarding headers in the source tree such that for example "audio/trace.h" includes "trace/trace-audio.h". This patch is too ugly to be applied to the Makefiles now. It's only a way to separate the changes to the tracing header files from the Meson rewrite of the tracing logic. Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
2020-07-10qom: Put name parameter before value / visitor parameterMarkus Armbruster
The object_property_set_FOO() setters take property name and value in an unusual order: void object_property_set_FOO(Object *obj, FOO_TYPE value, const char *name, Error **errp) Having to pass value before name feels grating. Swap them. Same for object_property_set(), object_property_get(), and object_property_parse(). Convert callers with this Coccinelle script: @@ identifier fun = { object_property_get, object_property_parse, object_property_set_str, object_property_set_link, object_property_set_bool, object_property_set_int, object_property_set_uint, object_property_set, object_property_set_qobject }; expression obj, v, name, errp; @@ - fun(obj, v, name, errp) + fun(obj, name, v, errp) Chokes on hw/arm/musicpal.c's lcd_refresh() with the unhelpful error message "no position information". Convert that one manually. Fails to convert hw/arm/armsse.c, because Coccinelle gets confused by ARMSSE being used both as typedef and function-like macro there. Convert manually. Fails to convert hw/rx/rx-gdbsim.c, because Coccinelle gets confused by RXCPU being used both as typedef and function-like macro there. Convert manually. The other files using RXCPU that way don't need conversion. Signed-off-by: Markus Armbruster <armbru@redhat.com> Reviewed-by: Eric Blake <eblake@redhat.com> Reviewed-by: Vladimir Sementsov-Ogievskiy <vsementsov@virtuozzo.com> Message-Id: <20200707160613.848843-27-armbru@redhat.com> [Straightforwad conflict with commit 2336172d9b "audio: set default value for pcspk.iobase property" resolved]
2020-07-09Merge remote-tracking branch 'remotes/philmd-gitlab/tags/fw_cfg-20200704' ↵Peter Maydell
into staging firmware (and crypto) patches - add the tls-cipher-suites object, - add the ability to QOM objects to produce data consumable by the fw_cfg device, - let the tls-cipher-suites object implement the FW_CFG_DATA_GENERATOR interface. This is required by EDK2 'HTTPS Boot' feature of OVMF to tell the guest which TLS ciphers it can use. CI jobs results: https://travis-ci.org/github/philmd/qemu/builds/704724619 https://gitlab.com/philmd/qemu/-/pipelines/162938106 https://cirrus-ci.com/build/4682977303068672 # gpg: Signature made Sat 04 Jul 2020 17:37:08 BST # gpg: using RSA key FAABE75E12917221DCFD6BB2E3E32C2CDEADC0DE # gpg: Good signature from "Philippe Mathieu-Daudé (F4BUG) <f4bug@amsat.org>" [full] # Primary key fingerprint: FAAB E75E 1291 7221 DCFD 6BB2 E3E3 2C2C DEAD C0DE * remotes/philmd-gitlab/tags/fw_cfg-20200704: crypto/tls-cipher-suites: Produce fw_cfg consumable blob softmmu/vl: Allow -fw_cfg 'gen_id' option to use the 'etc/' namespace softmmu/vl: Let -fw_cfg option take a 'gen_id' argument hw/nvram/fw_cfg: Add the FW_CFG_DATA_GENERATOR interface crypto: Add tls-cipher-suites object Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
2020-07-06qcrypto/luks: implement encryption key managementMaxim Levitsky
Next few patches will expose that functionality to the user. Signed-off-by: Maxim Levitsky <mlevitsk@redhat.com> Reviewed-by: Daniel P. Berrangé <berrange@redhat.com> Message-Id: <20200608094030.670121-3-mlevitsk@redhat.com> Signed-off-by: Max Reitz <mreitz@redhat.com>
2020-07-06qcrypto/core: add generic infrastructure for crypto options amendmentMaxim Levitsky
This will be used first to implement luks keyslot management. block_crypto_amend_opts_init will be used to convert qemu-img cmdline to QCryptoBlockAmendOptions Signed-off-by: Maxim Levitsky <mlevitsk@redhat.com> Reviewed-by: Daniel P. Berrangé <berrange@redhat.com> Message-Id: <20200608094030.670121-2-mlevitsk@redhat.com> Signed-off-by: Max Reitz <mreitz@redhat.com>
2020-07-03crypto/tls-cipher-suites: Produce fw_cfg consumable blobPhilippe Mathieu-Daudé
Since our format is consumable by the fw_cfg device, we can implement the FW_CFG_DATA_GENERATOR interface. Example of use to dump the cipher suites (if tracing enabled): $ qemu-system-x86_64 -S \ -object tls-cipher-suites,id=mysuite1,priority=@SYSTEM \ -fw_cfg name=etc/path/to/ciphers,gen_id=mysuite1 \ -trace qcrypto\* 1590664444.197123:qcrypto_tls_cipher_suite_priority priority: @SYSTEM 1590664444.197219:qcrypto_tls_cipher_suite_info data=[0x13,0x02] version=TLS1.3 name=TLS_AES_256_GCM_SHA384 1590664444.197228:qcrypto_tls_cipher_suite_info data=[0x13,0x03] version=TLS1.3 name=TLS_CHACHA20_POLY1305_SHA256 1590664444.197233:qcrypto_tls_cipher_suite_info data=[0x13,0x01] version=TLS1.3 name=TLS_AES_128_GCM_SHA256 1590664444.197236:qcrypto_tls_cipher_suite_info data=[0x13,0x04] version=TLS1.3 name=TLS_AES_128_CCM_SHA256 1590664444.197240:qcrypto_tls_cipher_suite_info data=[0xc0,0x30] version=TLS1.2 name=TLS_ECDHE_RSA_AES_256_GCM_SHA384 1590664444.197245:qcrypto_tls_cipher_suite_info data=[0xcc,0xa8] version=TLS1.2 name=TLS_ECDHE_RSA_CHACHA20_POLY1305 1590664444.197250:qcrypto_tls_cipher_suite_info data=[0xc0,0x14] version=TLS1.0 name=TLS_ECDHE_RSA_AES_256_CBC_SHA1 1590664444.197254:qcrypto_tls_cipher_suite_info data=[0xc0,0x2f] version=TLS1.2 name=TLS_ECDHE_RSA_AES_128_GCM_SHA256 1590664444.197258:qcrypto_tls_cipher_suite_info data=[0xc0,0x13] version=TLS1.0 name=TLS_ECDHE_RSA_AES_128_CBC_SHA1 1590664444.197261:qcrypto_tls_cipher_suite_info data=[0xc0,0x2c] version=TLS1.2 name=TLS_ECDHE_ECDSA_AES_256_GCM_SHA384 1590664444.197266:qcrypto_tls_cipher_suite_info data=[0xcc,0xa9] version=TLS1.2 name=TLS_ECDHE_ECDSA_CHACHA20_POLY1305 1590664444.197270:qcrypto_tls_cipher_suite_info data=[0xc0,0xad] version=TLS1.2 name=TLS_ECDHE_ECDSA_AES_256_CCM 1590664444.197274:qcrypto_tls_cipher_suite_info data=[0xc0,0x0a] version=TLS1.0 name=TLS_ECDHE_ECDSA_AES_256_CBC_SHA1 1590664444.197278:qcrypto_tls_cipher_suite_info data=[0xc0,0x2b] version=TLS1.2 name=TLS_ECDHE_ECDSA_AES_128_GCM_SHA256 1590664444.197283:qcrypto_tls_cipher_suite_info data=[0xc0,0xac] version=TLS1.2 name=TLS_ECDHE_ECDSA_AES_128_CCM 1590664444.197287:qcrypto_tls_cipher_suite_info data=[0xc0,0x09] version=TLS1.0 name=TLS_ECDHE_ECDSA_AES_128_CBC_SHA1 1590664444.197291:qcrypto_tls_cipher_suite_info data=[0x00,0x9d] version=TLS1.2 name=TLS_RSA_AES_256_GCM_SHA384 1590664444.197296:qcrypto_tls_cipher_suite_info data=[0xc0,0x9d] version=TLS1.2 name=TLS_RSA_AES_256_CCM 1590664444.197300:qcrypto_tls_cipher_suite_info data=[0x00,0x35] version=TLS1.0 name=TLS_RSA_AES_256_CBC_SHA1 1590664444.197304:qcrypto_tls_cipher_suite_info data=[0x00,0x9c] version=TLS1.2 name=TLS_RSA_AES_128_GCM_SHA256 1590664444.197308:qcrypto_tls_cipher_suite_info data=[0xc0,0x9c] version=TLS1.2 name=TLS_RSA_AES_128_CCM 1590664444.197312:qcrypto_tls_cipher_suite_info data=[0x00,0x2f] version=TLS1.0 name=TLS_RSA_AES_128_CBC_SHA1 1590664444.197316:qcrypto_tls_cipher_suite_info data=[0x00,0x9f] version=TLS1.2 name=TLS_DHE_RSA_AES_256_GCM_SHA384 1590664444.197320:qcrypto_tls_cipher_suite_info data=[0xcc,0xaa] version=TLS1.2 name=TLS_DHE_RSA_CHACHA20_POLY1305 1590664444.197325:qcrypto_tls_cipher_suite_info data=[0xc0,0x9f] version=TLS1.2 name=TLS_DHE_RSA_AES_256_CCM 1590664444.197329:qcrypto_tls_cipher_suite_info data=[0x00,0x39] version=TLS1.0 name=TLS_DHE_RSA_AES_256_CBC_SHA1 1590664444.197333:qcrypto_tls_cipher_suite_info data=[0x00,0x9e] version=TLS1.2 name=TLS_DHE_RSA_AES_128_GCM_SHA256 1590664444.197337:qcrypto_tls_cipher_suite_info data=[0xc0,0x9e] version=TLS1.2 name=TLS_DHE_RSA_AES_128_CCM 1590664444.197341:qcrypto_tls_cipher_suite_info data=[0x00,0x33] version=TLS1.0 name=TLS_DHE_RSA_AES_128_CBC_SHA1 1590664444.197345:qcrypto_tls_cipher_suite_count count: 29 Signed-off-by: Philippe Mathieu-Daudé <philmd@redhat.com> Reviewed-by: Daniel P. Berrangé <berrange@redhat.com> Acked-by: Laszlo Ersek <lersek@redhat.com> Message-Id: <20200623172726.21040-6-philmd@redhat.com>
2020-07-03crypto: Add tls-cipher-suites objectPhilippe Mathieu-Daudé
On the host OS, various aspects of TLS operation are configurable. In particular it is possible for the sysadmin to control the TLS cipher/protocol algorithms that applications are permitted to use. * Any given crypto library has a built-in default priority list defined by the distro maintainer of the library package (or by upstream). * The "crypto-policies" RPM (or equivalent host OS package) provides a config file such as "/etc/crypto-policies/config", where the sysadmin can set a high level (library-independent) policy. The "update-crypto-policies --set" command (or equivalent) is used to translate the global policy to individual library representations, producing files such as "/etc/crypto-policies/back-ends/*.config". The generated files, if present, are loaded by the various crypto libraries to override their own built-in defaults. For example, the GNUTLS library may read "/etc/crypto-policies/back-ends/gnutls.config". * A management application (or the QEMU user) may overide the system-wide crypto-policies config via their own config, if they need to diverge from the former. Thus the priority order is "QEMU user config" > "crypto-policies system config" > "library built-in config". Introduce the "tls-cipher-suites" object for exposing the ordered list of permitted TLS cipher suites from the host side to the guest firmware, via fw_cfg. The list is represented as an array of bytes. The priority at which the host-side policy is retrieved is given by the "priority" property of the new object type. For example, "priority=@SYSTEM" may be used to refer to "/etc/crypto-policies/back-ends/gnutls.config" (given that QEMU uses GNUTLS). The firmware uses the IANA_TLS_CIPHER array for configuring guest-side TLS, for example in UEFI HTTPS Boot. [Description from Daniel P. Berrangé, edited by Laszlo Ersek.] Signed-off-by: Philippe Mathieu-Daudé <philmd@redhat.com> Reviewed-by: Daniel P. Berrangé <berrange@redhat.com> Acked-by: Laszlo Ersek <lersek@redhat.com> Message-Id: <20200623172726.21040-2-philmd@redhat.com>
2020-06-15crypto: Remove use of GCRYPT_VERSION macro.Richard W.M. Jones
According to the gcrypt documentation it's intended that gcry_check_version() is called with the minimum version of gcrypt needed by the program, not the version from the <gcrypt.h> header file that happened to be installed when qemu was compiled. Indeed the gcrypt.h header says that you shouldn't use the GCRYPT_VERSION macro. This causes the following failure: qemu-img: Unable to initialize gcrypt if a slightly older version of libgcrypt is installed with a newer qemu, even though the slightly older version works fine. This can happen with RPM packaging which uses symbol versioning to determine automatically which libgcrypt is required by qemu, which caused the following bug in RHEL 8: https://bugzilla.redhat.com/show_bug.cgi?id=1840485 qemu actually requires libgcrypt >= 1.5.0, so we might put the string "1.5.0" here. However since 1.5.0 was released in 2011, it hardly seems we need to check that. So I replaced GCRYPT_VERSION with NULL. Perhaps in future if we move to requiring a newer version of gcrypt we could put a literal string here. Signed-off-by: Richard W.M. Jones <rjones@redhat.com> Signed-off-by: Daniel P. Berrangé <berrange@redhat.com>
2020-06-15crypto/linux_keyring: add 'secret_keyring' secret object.Alexey Krasikov
Add the ability for the secret object to obtain secret data from the Linux in-kernel key managment and retention facility, as an extra option to the existing ones: reading from a file or passing directly as a string. The secret is identified by the key serial number. The upper layers need to instantiate the key and make sure the QEMU process has access permissions to read it. Signed-off-by: Alexey Krasikov <alex-krasikov@yandex-team.ru> - Fixed up detection logic default behaviour in configure Signed-off-by: Daniel P. Berrangé <berrange@redhat.com>
2020-06-15crypto/secret: move main logic from 'secret' to 'secret_common'.Alexey Krasikov
Create base class 'common secret'. Move common data and logic from 'secret' to 'common_secret' class. This allowed adding abstraction layer for easier adding new 'secret' objects in future. Convert 'secret' class to child from basic 'secret_common' with 'data' and 'file' properties. Signed-off-by: Alexey Krasikov <alex-krasikov@yandex-team.ru> Signed-off-by: Daniel P. Berrangé <berrange@redhat.com>
2020-06-15crypto: add "none" random providerMarek Marczykowski-Górecki
In case of not using random-number needing feature, it makes sense to skip RNG init too. This is especially helpful when QEMU is sandboxed in Stubdomain under Xen, where there is very little entropy so initial getrandom() call delays the startup several seconds. In that setup, no random bytes are needed at all. Signed-off-by: Marek Marczykowski-Górecki <marmarek@invisiblethingslab.com> Signed-off-by: Daniel P. Berrangé <berrange@redhat.com>
2020-05-15qom: Drop parameter @errp of object_property_add() & friendsMarkus Armbruster
The only way object_property_add() can fail is when a property with the same name already exists. Since our property names are all hardcoded, failure is a programming error, and the appropriate way to handle it is passing &error_abort. Same for its variants, except for object_property_add_child(), which additionally fails when the child already has a parent. Parentage is also under program control, so this is a programming error, too. We have a bit over 500 callers. Almost half of them pass &error_abort, slightly fewer ignore errors, one test case handles errors, and the remaining few callers pass them to their own callers. The previous few commits demonstrated once again that ignoring programming errors is a bad idea. Of the few ones that pass on errors, several violate the Error API. The Error ** argument must be NULL, &error_abort, &error_fatal, or a pointer to a variable containing NULL. Passing an argument of the latter kind twice without clearing it in between is wrong: if the first call sets an error, it no longer points to NULL for the second call. ich9_pm_add_properties(), sparc32_ledma_realize(), sparc32_dma_realize(), xilinx_axidma_realize(), xilinx_enet_realize() are wrong that way. When the one appropriate choice of argument is &error_abort, letting users pick the argument is a bad idea. Drop parameter @errp and assert the preconditions instead. There's one exception to "duplicate property name is a programming error": the way object_property_add() implements the magic (and undocumented) "automatic arrayification". Don't drop @errp there. Instead, rename object_property_add() to object_property_try_add(), and add the obvious wrapper object_property_add(). Signed-off-by: Markus Armbruster <armbru@redhat.com> Reviewed-by: Eric Blake <eblake@redhat.com> Reviewed-by: Paolo Bonzini <pbonzini@redhat.com> Message-Id: <20200505152926.18877-15-armbru@redhat.com> [Two semantic rebase conflicts resolved]
2020-05-07crypto: Redundant type conversion for AES_KEY pointerChen Qun
We can delete the redundant type conversion if we set the the AES_KEY parameter with 'const' in qcrypto_cipher_aes_ecb_(en|de)crypt() function. Reported-by: Euler Robot <euler.robot@huawei.com> Signed-off-by: Chen Qun <kuhn.chenqun@huawei.com> Signed-off-by: Daniel P. Berrangé <berrange@redhat.com>
2020-05-07crypto/secret: fix inconsequential errors.Alexey Krasikov
Change condition from QCRYPTO_SECRET_FORMAT_RAW to QCRYPTO_SECRET_FORMAT_BASE64 in if-operator, because this is potential error if you add another format value. Reviewed-by: Philippe Mathieu-Daudé <philmd@redhat.com> Signed-off-by: Alexey Krasikov <alex-krasikov@yandex-team.ru> Signed-off-by: Daniel P. Berrangé <berrange@redhat.com>
2020-05-07crypto: fix getter of a QCryptoSecret's propertyTong Ho
This fixes the condition-check done by the "loaded" property getter, such that the property returns true even when the secret is loaded by the 'file' option. Signed-off-by: Tong Ho <tong.ho@xilinx.com> Signed-off-by: Daniel P. Berrangé <berrange@redhat.com>
2020-03-11luks: extract qcrypto_block_calculate_payload_offset()Stefan Hajnoczi
The qcow2 .bdrv_measure() code calculates the crypto payload offset. This logic really belongs in crypto/block.c where it can be reused by other image formats. The "luks" block driver will need this same logic in order to implement .bdrv_measure(), so extract the qcrypto_block_calculate_payload_offset() function now. Signed-off-by: Stefan Hajnoczi <stefanha@redhat.com> Reviewed-by: Max Reitz <mreitz@redhat.com> Message-Id: <20200221112522.1497712-2-stefanha@redhat.com> Signed-off-by: Max Reitz <mreitz@redhat.com>