aboutsummaryrefslogtreecommitdiff
path: root/crypto
AgeCommit message (Collapse)Author
2024-10-22crypto/hash-afalg: Fix broken buildMarkus Armbruster
Fux build broken by semantic conflict with commit 8f525028bc6 (qapi/crypto: Rename QCryptoAFAlg to QCryptoAFAlgo). Fixes: 90c3dc60735a (crypto/hash-afalg: Implement new hash API) Signed-off-by: Markus Armbruster <armbru@redhat.com> Signed-off-by: Daniel P. Berrangé <berrange@redhat.com>
2024-10-22crypto/hash: avoid overwriting user supplied result pointerDaniel P. Berrangé
If the user provides a pre-allocated buffer for the hash result, we must use that rather than re-allocating a new buffer. Reported-by: Dorjoy Chowdhury <dorjoychy111@gmail.com> Signed-off-by: Daniel P. Berrangé <berrange@redhat.com>
2024-10-22crypto: Remove unused DER string functionsDr. David Alan Gilbert
qcrypto_der_encode_octet_str_begin and _end have been unused since they were added in 3b34ccad66 ("crypto: Support DER encodings") Remove them. Signed-off-by: Dr. David Alan Gilbert <dave@treblig.org> Reviewed-by: Daniel P. Berrangé <berrange@redhat.com> Signed-off-by: Daniel P. Berrangé <berrange@redhat.com>
2024-10-10crypto: drop obsolete back compat logic for old nettleDaniel P. Berrangé
The nettle 2.x series declared all the hash functions with 'int' for the data size. Since we dropped support for anything older than 3.4 we can assume nettle is using 'size_t' and thus avoid the back compat looping logic. Reviewed-by: Cédric Le Goater <clg@redhat.com> Signed-off-by: Daniel P. Berrangé <berrange@redhat.com>
2024-10-10crypto/hashpriv: Remove old hash API functionAlejandro Zeise
Remove old hash_bytesv function, as it was replaced by the 4 new functions. Signed-off-by: Alejandro Zeise <alejandro.zeise@seagate.com> Reviewed-by: Daniel P. Berrangé <berrange@redhat.com> Signed-off-by: Daniel P. Berrangé <berrange@redhat.com>
2024-10-10crypto/hash-afalg: Remove old hash API functionsAlejandro Zeise
Removes the old hash API functions in the afalg driver, and modifies the hmac function to use the new helper functions. Signed-off-by: Alejandro Zeise <alejandro.zeise@seagate.com> Reviewed-by: Daniel P. Berrangé <berrange@redhat.com> [ clg: - Checkpatch fixes ] Signed-off-by: Cédric Le Goater <clg@redhat.com> Reviewed-by: Daniel P. Berrangé <berrange@redhat.com> Signed-off-by: Daniel P. Berrangé <berrange@redhat.com>
2024-10-10crypto/hash-nettle: Remove old hash API functionsAlejandro Zeise
Removes old hash implementation in the nettle hash driver. Signed-off-by: Alejandro Zeise <alejandro.zeise@seagate.com> Reviewed-by: Daniel P. Berrangé <berrange@redhat.com> [ clg: - Fixed spelling in commit log ] Signed-off-by: Cédric Le Goater <clg@redhat.com> Reviewed-by: Daniel P. Berrangé <berrange@redhat.com> Signed-off-by: Daniel P. Berrangé <berrange@redhat.com>
2024-10-10crypto/hash-gnutls: Remove old hash API functionsAlejandro Zeise
Removes old hash implementation in the gnutls hash driver. Signed-off-by: Alejandro Zeise <alejandro.zeise@seagate.com> Reviewed-by: Daniel P. Berrangé <berrange@redhat.com> [ clg: - Fixed spelling in commit log ] Signed-off-by: Cédric Le Goater <clg@redhat.com> Reviewed-by: Daniel P. Berrangé <berrange@redhat.com> Signed-off-by: Daniel P. Berrangé <berrange@redhat.com>
2024-10-10crypto/hash-gcrypt: Remove old hash API functionsAlejandro Zeise
Removes old hash implementation in the gcrypt hash driver. Signed-off-by: Alejandro Zeise <alejandro.zeise@seagate.com> Reviewed-by: Daniel P. Berrangé <berrange@redhat.com> [ clg: - Fixed spelling in commit log ] Signed-off-by: Cédric Le Goater <clg@redhat.com> Reviewed-by: Daniel P. Berrangé <berrange@redhat.com> Signed-off-by: Daniel P. Berrangé <berrange@redhat.com>
2024-10-10crypto/hash-glib: Remove old hash API functionsAlejandro Zeise
Removes old hash implement-ion in the GLib hash driver. Signed-off-by: Alejandro Zeise <alejandro.zeise@seagate.com> Reviewed-by: Daniel P. Berrangé <berrange@redhat.com> [ clg: - Fixed spelling in commit log ] Signed-off-by: Cédric Le Goater <clg@redhat.com> Reviewed-by: Daniel P. Berrangé <berrange@redhat.com> Signed-off-by: Daniel P. Berrangé <berrange@redhat.com>
2024-10-10crypto/hash: Implement and use new hash APIAlejandro Zeise
Changes the public hash API implementation to support accumulative hashing. Implementations for the public functions are added to call the new driver functions that implement context creation, updating, finalization, and destruction. Additionally changes the "shortcut" functions to use these 4 new core functions. Signed-off-by: Alejandro Zeise <alejandro.zeise@seagate.com> [ clg: - Reworked qcrypto_hash_bytesv() error handling - Used hash->driver int qcrypto_hash_new(), qcrypto_hash_free() qcrypto_hash_updatev() - Introduced qcrypto_hash_supports() check in qcrypto_hash_new() - Introduced g_autofree variables in qcrypto_hash_finalize_digest() and qcrypto_hash_finalize_base64() - Re-arrranged code in qcrypto_hash_digestv() and qcrypto_hash_digest() - Checkpatch fixes ] Signed-off-by: Cédric Le Goater <clg@redhat.com> Reviewed-by: Daniel P. Berrangé <berrange@redhat.com> Signed-off-by: Daniel P. Berrangé <berrange@redhat.com>
2024-10-10crypto/hash-afalg: Implement new hash APIAlejandro Zeise
Updates the afalg hash driver to support the new accumulative hashing changes as part of the patch series. Implements opening/closing of contexts, updating hash data and finalizing the hash digest. In order to support the update function, a flag needs to be passed to the kernel via the socket send call (MSG_MORE) to notify it that more data is to be expected to calculate the hash correctly. As a result, a new function was added to the iov helper utils to allow passing a flag to the socket send call. Signed-off-by: Alejandro Zeise <alejandro.zeise@seagate.com> [ clg: - Handled qcrypto_afalg_hash_ctx_new() errors in qcrypto_afalg_hash_new() - Freed alg_name in qcrypto_afalg_hash_new() - Reworked qcrypto_afalg_recv_from_kernel() - Split iov changes from original patch ] Signed-off-by: Cédric Le Goater <clg@redhat.com> Reviewed-by: Daniel P. Berrangé <berrange@redhat.com> Signed-off-by: Daniel P. Berrangé <berrange@redhat.com>
2024-10-10crypto/hash-nettle: Implement new hash APIAlejandro Zeise
Implements the new hashing API in the nettle hash driver. Supports creating/destroying a context, updating the context with input data and obtaining an output hash. Signed-off-by: Alejandro Zeise <alejandro.zeise@seagate.com> [ clg: - Dropped qcrypto_hash_supports() in qcrypto_nettle_hash_new() ] Signed-off-by: Cédric Le Goater <clg@redhat.com> Reviewed-by: Daniel P. Berrangé <berrange@redhat.com> Signed-off-by: Daniel P. Berrangé <berrange@redhat.com>
2024-10-10crypto/hash-gnutls: Implement new hash APIAlejandro Zeise
Implements the new hashing API in the gnutls hash driver. Supports creating/destroying a context, updating the context with input data and obtaining an output hash. Signed-off-by: Alejandro Zeise <alejandro.zeise@seagate.com> [ clg: - Dropped qcrypto_hash_supports() in qcrypto_gnutls_hash_new() - Reworked qcrypto_gnutls_hash_finalize() - Handled gnutls_hash_init() errors in qcrypto_gnutls_hash_new() - Replaced gnutls_hash_deinit() by gnutls_hash_output() in qcrypto_gnutls_hash_finalize() - Freed resources with gnutls_hash_deinit() in qcrypto_gnutls_hash_free() ] Signed-off-by: Cédric Le Goater <clg@redhat.com> Reviewed-by: Daniel P. Berrangé <berrange@redhat.com> Signed-off-by: Daniel P. Berrangé <berrange@redhat.com>
2024-10-10crypto/hash-gcrypt: Implement new hash APIAlejandro Zeise
Implements the new hashing API in the gcrypt hash driver. Supports creating/destroying a context, updating the context with input data and obtaining an output hash. Signed-off-by: Alejandro Zeise <alejandro.zeise@seagate.com> [ clg: - Dropped qcrypto_hash_supports() in qcrypto_gcrypt_hash_new() - Reworked qcrypto_gcrypt_hash_finalize() - Handled gcry_md_open() errors in qcrypto_gcrypt_hash_new() - Checkpatch fixes ] Signed-off-by: Cédric Le Goater <clg@redhat.com> Reviewed-by: Daniel P. Berrangé <berrange@redhat.com> Signed-off-by: Daniel P. Berrangé <berrange@redhat.com>
2024-10-10crypto/hash-glib: Implement new hash APIAlejandro Zeise
Implements the new hashing API in the GLib hash driver. Supports creating/destroying a context, updating the context with input data and obtaining an output hash. Signed-off-by: Alejandro Zeise <alejandro.zeise@seagate.com> [ clg: - Dropped qcrypto_hash_supports() in qcrypto_glib_hash_new() - Removed superfluous cast (GChecksum *) in qcrypto_glib_hash_free() - Reworked qcrypto_glib_hash_finalize() ] Signed-off-by: Cédric Le Goater <clg@redhat.com> Reviewed-by: Daniel P. Berrangé <berrange@redhat.com> Signed-off-by: Daniel P. Berrangé <berrange@redhat.com>
2024-10-10crypto: accumulative hashing APIAlejandro Zeise
Changes the hash API to support accumulative hashing. Hash objects are created with "qcrypto_hash_new", updated with data with "qcrypto_hash_update", and the hash obtained with "qcrypto_hash_finalize". These changes bring the hashing API more in line with the hmac API. Signed-off-by: Alejandro Zeise <alejandro.zeise@seagate.com> [ clg: - Changed documentation "non-zero on error" -> "-1 on error" ] Signed-off-by: Cédric Le Goater <clg@redhat.com> Reviewed-by: Daniel P. Berrangé <berrange@redhat.com> Signed-off-by: Daniel P. Berrangé <berrange@redhat.com>
2024-09-10qapi/crypto: Rename QCryptoAFAlg to QCryptoAFAlgoMarkus Armbruster
For consistency with other types names *Algo. Signed-off-by: Markus Armbruster <armbru@redhat.com> Acked-by: Daniel P. Berrangé <berrange@redhat.com> Message-ID: <20240904111836.3273842-17-armbru@redhat.com>
2024-09-10qapi/crypto: Rename QCryptoRSAPaddingAlgorithm to *Algo, and drop prefixMarkus Armbruster
QAPI's 'prefix' feature can make the connection between enumeration type and its constants less than obvious. It's best used with restraint. QCryptoRSAPaddingAlgorithm has a 'prefix' that overrides the generated enumeration constants' prefix to QCRYPTO_RSA_PADDING_ALG. We could simply drop 'prefix', but then the prefix becomes QCRYPTO_RSA_PADDING_ALGORITHM, which is rather long. We could additionally rename the type to QCryptoRSAPaddingAlg, but I think the abbreviation "alg" is less than clear. Rename the type to QCryptoRSAPaddingAlgo instead. The prefix becomes QCRYPTO_RSA_PADDING_ALGO. Signed-off-by: Markus Armbruster <armbru@redhat.com> Acked-by: Daniel P. Berrangé <berrange@redhat.com> Message-ID: <20240904111836.3273842-16-armbru@redhat.com>
2024-09-10qapi/crypto: Rename QCryptoAkCipherAlgorithm to *Algo, and drop prefixMarkus Armbruster
QAPI's 'prefix' feature can make the connection between enumeration type and its constants less than obvious. It's best used with restraint. QCryptoAkCipherAlgorithm has a 'prefix' that overrides the generated enumeration constants' prefix to QCRYPTO_AKCIPHER_ALG. We could simply drop 'prefix', but then the prefix becomes QCRYPTO_AK_CIPHER_ALGORITHM, which is rather long. We could additionally rename the type to QCryptoAkCipherAlg, but I think the abbreviation "alg" is less than clear. Rename the type to QCryptoAkCipherAlgo instead. The prefix becomes QCRYPTO_AK_CIPHER_ALGO. Signed-off-by: Markus Armbruster <armbru@redhat.com> Acked-by: Daniel P. Berrangé <berrange@redhat.com> Message-ID: <20240904111836.3273842-15-armbru@redhat.com>
2024-09-10qapi/crypto: Rename QCryptoIVGenAlgorithm to *Algo, and drop prefixMarkus Armbruster
QAPI's 'prefix' feature can make the connection between enumeration type and its constants less than obvious. It's best used with restraint. QCryptoIVGenAlgorithm has a 'prefix' that overrides the generated enumeration constants' prefix to QCRYPTO_IVGEN_ALG. We could simply drop 'prefix', but then the prefix becomes QCRYPTO_IV_GEN_ALGORITHM, which is rather long. We could additionally rename the type to QCryptoIVGenAlg, but I think the abbreviation "alg" is less than clear. Rename the type to QCryptoIVGenAlgo instead. The prefix becomes QCRYPTO_IV_GEN_ALGO. Signed-off-by: Markus Armbruster <armbru@redhat.com> Acked-by: Daniel P. Berrangé <berrange@redhat.com> Message-ID: <20240904111836.3273842-14-armbru@redhat.com>
2024-09-10qapi/crypto: Rename QCryptoCipherAlgorithm to *Algo, and drop prefixMarkus Armbruster
QAPI's 'prefix' feature can make the connection between enumeration type and its constants less than obvious. It's best used with restraint. QCryptoCipherAlgorithm has a 'prefix' that overrides the generated enumeration constants' prefix to QCRYPTO_CIPHER_ALG. We could simply drop 'prefix', but then the prefix becomes QCRYPTO_CIPHER_ALGORITHM, which is rather long. We could additionally rename the type to QCryptoCipherAlg, but I think the abbreviation "alg" is less than clear. Rename the type to QCryptoCipherAlgo instead. The prefix becomes QCRYPTO_CIPHER_ALGO. Signed-off-by: Markus Armbruster <armbru@redhat.com> Acked-by: Daniel P. Berrangé <berrange@redhat.com> Message-ID: <20240904111836.3273842-13-armbru@redhat.com>
2024-09-10qapi/crypto: Rename QCryptoHashAlgorithm to *Algo, and drop prefixMarkus Armbruster
QAPI's 'prefix' feature can make the connection between enumeration type and its constants less than obvious. It's best used with restraint. QCryptoHashAlgorithm has a 'prefix' that overrides the generated enumeration constants' prefix to QCRYPTO_HASH_ALG. We could simply drop 'prefix', but then the prefix becomes QCRYPTO_HASH_ALGORITHM, which is rather long. We could additionally rename the type to QCryptoHashAlg, but I think the abbreviation "alg" is less than clear. Rename the type to QCryptoHashAlgo instead. The prefix becomes to QCRYPTO_HASH_ALGO. Signed-off-by: Markus Armbruster <armbru@redhat.com> Acked-by: Daniel P. Berrangé <berrange@redhat.com> Message-ID: <20240904111836.3273842-12-armbru@redhat.com> [Conflicts with merge commit 7bbadc60b58b resolved]
2024-09-10qapi/crypto: Drop unwanted 'prefix'Markus Armbruster
QAPI's 'prefix' feature can make the connection between enumeration type and its constants less than obvious. It's best used with restraint. QCryptoAkCipherKeyType has a 'prefix' that overrides the generated enumeration constants' prefix to QCRYPTO_AKCIPHER_KEY_TYPE. Drop it. The prefix becomes QCRYPTO_AK_CIPHER_KEY_TYPE. Signed-off-by: Markus Armbruster <armbru@redhat.com> Acked-by: Daniel P. Berrangé <berrange@redhat.com> Message-ID: <20240904111836.3273842-11-armbru@redhat.com>
2024-09-10qapi/crypto: Drop temporary 'prefix'Markus Armbruster
Recent commit "qapi: Smarter camel_to_upper() to reduce need for 'prefix'" added two temporary 'prefix' to delay changing the generated code. Revert them. This improves QCryptoBlockFormat's generated enumeration constant prefix from Q_CRYPTO_BLOCK_FORMAT to QCRYPTO_BLOCK_FORMAT, and QCryptoBlockLUKSKeyslotState's from Q_CRYPTO_BLOCKLUKS_KEYSLOT_STATE to QCRYPTO_BLOCK_LUKS_KEYSLOT_STATE. Signed-off-by: Markus Armbruster <armbru@redhat.com> Acked-by: Daniel P. Berrangé <berrange@redhat.com> Message-ID: <20240904111836.3273842-6-armbru@redhat.com>
2024-09-09crypto: Introduce x509 utilsDorjoy Chowdhury
An utility function for getting fingerprint from X.509 certificate has been introduced. Implementation only provided using gnutls. Signed-off-by: Dorjoy Chowdhury <dorjoychy111@gmail.com> [DB: fixed missing gnutls_x509_crt_deinit in success path] Reviewed-by: Philippe Mathieu-Daudé <philmd@linaro.org> Signed-off-by: Daniel P. Berrangé <berrange@redhat.com>
2024-09-09crypto: Support SHA384 hash when using glibDorjoy Chowdhury
QEMU requires minimum glib version 2.66.0 as per the root meson.build file and per glib documentation[1] G_CHECKSUM_SHA384 is available since 2.51. [1] https://docs.gtk.org/glib/enum.ChecksumType.html Reviewed-by: Daniel P. Berrangé <berrange@redhat.com> Signed-off-by: Dorjoy Chowdhury <dorjoychy111@gmail.com> Signed-off-by: Daniel P. Berrangé <berrange@redhat.com>
2024-09-09crypto: Define macros for hash algorithm digest lengthsDorjoy Chowdhury
Reviewed-by: Daniel P. Berrangé <berrange@redhat.com> Signed-off-by: Dorjoy Chowdhury <dorjoychy111@gmail.com> Signed-off-by: Daniel P. Berrangé <berrange@redhat.com>
2024-09-09crypto: use consistent error reporting pattern for unsupported cipher modesDaniel P. Berrangé
Not all paths in qcrypto_cipher_ctx_new() were correctly distinguishing between valid user input for cipher mode (which should report a user facing error), vs program logic errors (which should assert). Reported-by: Peter Maydell <peter.maydell@linaro.org> Signed-off-by: Daniel P. Berrangé <berrange@redhat.com>
2024-09-09crypto: avoid leak of ctx when bad cipher mode is givenDaniel P. Berrangé
Fixes: Coverity CID 1546884 Reviewed-by: Peter Maydell <peter.maydell@linaro.org> Reviewed-by: Philippe Mathieu-Daudé <philmd@linaro.org> Signed-off-by: Daniel P. Berrangé <berrange@redhat.com>
2024-09-09crypto: check gnutls & gcrypt support the requested pbkdf hashDaniel P. Berrangé
Both gnutls and gcrypt can be configured to exclude support for certain algorithms via a runtime check against system crypto policies. Thus it is not sufficient to have a compile time test for hash support in their pbkdf implementations. Reviewed-by: Philippe Mathieu-Daudé <philmd@linaro.org> Signed-off-by: Daniel P. Berrangé <berrange@redhat.com>
2024-09-09crypto: run qcrypto_pbkdf2_count_iters in a new threadTiago Pasqualini
CPU time accounting in the kernel has been demonstrated to have a sawtooth pattern[1][2]. This can cause the getrusage system call to not be as accurate as we are expecting, which can cause this calculation to stall. The kernel discussions shows that this inaccuracy happens when CPU time gets big enough, so this patch changes qcrypto_pbkdf2_count_iters to run in a fresh thread to avoid this inaccuracy. It also adds a sanity check to fail the process if CPU time is not accounted. [1] https://lore.kernel.org/lkml/159231011694.16989.16351419333851309713.tip-bot2@tip-bot2/ [2] https://lore.kernel.org/lkml/20221226031010.4079885-1-maxing.lan@bytedance.com/t/#m1c7f2fdc0ea742776a70fd1aa2a2e414c437f534 Resolves: #2398 Signed-off-by: Tiago Pasqualini <tiago.pasqualini@canonical.com> Signed-off-by: Daniel P. Berrangé <berrange@redhat.com>
2024-08-20crypto/tlscredspsk: Free username on finalizePeter Maydell
When the creds->username property is set we allocate memory for it in qcrypto_tls_creds_psk_prop_set_username(), but we never free this when the QCryptoTLSCredsPSK is destroyed. Free the memory in finalize. This fixes a LeakSanitizer complaint in migration-test: $ (cd build/asan; ASAN_OPTIONS="fast_unwind_on_malloc=0" QTEST_QEMU_BINARY=./qemu-system-x86_64 ./tests/qtest/migration-test --tap -k -p /x86_64/migration/precopy/unix/tls/psk) ================================================================= ==3867512==ERROR: LeakSanitizer: detected memory leaks Direct leak of 5 byte(s) in 1 object(s) allocated from: #0 0x5624e5c99dee in malloc (/mnt/nvmedisk/linaro/qemu-from-laptop/qemu/build/asan/qemu-system-x86_64+0x218edee) (BuildId: a9e623fa1009a9435c0142c037cd7b8c1ad04ce3) #1 0x7fb199ae9738 in g_malloc debian/build/deb/../../../glib/gmem.c:128:13 #2 0x7fb199afe583 in g_strdup debian/build/deb/../../../glib/gstrfuncs.c:361:17 #3 0x5624e82ea919 in qcrypto_tls_creds_psk_prop_set_username /mnt/nvmedisk/linaro/qemu-from-laptop/qemu/build/asan/../../crypto/tlscredspsk.c:255:23 #4 0x5624e812c6b5 in property_set_str /mnt/nvmedisk/linaro/qemu-from-laptop/qemu/build/asan/../../qom/object.c:2277:5 #5 0x5624e8125ce5 in object_property_set /mnt/nvmedisk/linaro/qemu-from-laptop/qemu/build/asan/../../qom/object.c:1463:5 #6 0x5624e8136e7c in object_set_properties_from_qdict /mnt/nvmedisk/linaro/qemu-from-laptop/qemu/build/asan/../../qom/object_interfaces.c:55:14 #7 0x5624e81372d2 in user_creatable_add_type /mnt/nvmedisk/linaro/qemu-from-laptop/qemu/build/asan/../../qom/object_interfaces.c:112:5 #8 0x5624e8137964 in user_creatable_add_qapi /mnt/nvmedisk/linaro/qemu-from-laptop/qemu/build/asan/../../qom/object_interfaces.c:157:11 #9 0x5624e891ba3c in qmp_object_add /mnt/nvmedisk/linaro/qemu-from-laptop/qemu/build/asan/../../qom/qom-qmp-cmds.c:227:5 #10 0x5624e8af9118 in qmp_marshal_object_add /mnt/nvmedisk/linaro/qemu-from-laptop/qemu/build/asan/qapi/qapi-commands-qom.c:337:5 #11 0x5624e8bd1d49 in do_qmp_dispatch_bh /mnt/nvmedisk/linaro/qemu-from-laptop/qemu/build/asan/../../qapi/qmp-dispatch.c:128:5 #12 0x5624e8cb2531 in aio_bh_call /mnt/nvmedisk/linaro/qemu-from-laptop/qemu/build/asan/../../util/async.c:171:5 #13 0x5624e8cb340c in aio_bh_poll /mnt/nvmedisk/linaro/qemu-from-laptop/qemu/build/asan/../../util/async.c:218:13 #14 0x5624e8c0be98 in aio_dispatch /mnt/nvmedisk/linaro/qemu-from-laptop/qemu/build/asan/../../util/aio-posix.c:423:5 #15 0x5624e8cba3ce in aio_ctx_dispatch /mnt/nvmedisk/linaro/qemu-from-laptop/qemu/build/asan/../../util/async.c:360:5 #16 0x7fb199ae0d3a in g_main_dispatch debian/build/deb/../../../glib/gmain.c:3419:28 #17 0x7fb199ae0d3a in g_main_context_dispatch debian/build/deb/../../../glib/gmain.c:4137:7 #18 0x5624e8cbe1d9 in glib_pollfds_poll /mnt/nvmedisk/linaro/qemu-from-laptop/qemu/build/asan/../../util/main-loop.c:287:9 #19 0x5624e8cbcb13 in os_host_main_loop_wait /mnt/nvmedisk/linaro/qemu-from-laptop/qemu/build/asan/../../util/main-loop.c:310:5 #20 0x5624e8cbc6dc in main_loop_wait /mnt/nvmedisk/linaro/qemu-from-laptop/qemu/build/asan/../../util/main-loop.c:589:11 #21 0x5624e6f3f917 in qemu_main_loop /mnt/nvmedisk/linaro/qemu-from-laptop/qemu/build/asan/../../system/runstate.c:801:9 #22 0x5624e893379c in qemu_default_main /mnt/nvmedisk/linaro/qemu-from-laptop/qemu/build/asan/../../system/main.c:37:14 #23 0x5624e89337e7 in main /mnt/nvmedisk/linaro/qemu-from-laptop/qemu/build/asan/../../system/main.c:48:12 #24 0x7fb197972d8f in __libc_start_call_main csu/../sysdeps/nptl/libc_start_call_main.h:58:16 #25 0x7fb197972e3f in __libc_start_main csu/../csu/libc-start.c:392:3 #26 0x5624e5c16fa4 in _start (/mnt/nvmedisk/linaro/qemu-from-laptop/qemu/build/asan/qemu-system-x86_64+0x210bfa4) (BuildId: a9e623fa1009a9435c0142c037cd7b8c1ad04ce3) SUMMARY: AddressSanitizer: 5 byte(s) leaked in 1 allocation(s). Cc: qemu-stable@nongnu.org Signed-off-by: Peter Maydell <peter.maydell@linaro.org> Reviewed-by: Daniel P. Berrangé <berrange@redhat.com> Message-ID: <20240819145021.38524-1-peter.maydell@linaro.org> Signed-off-by: Philippe Mathieu-Daudé <philmd@linaro.org>
2024-07-24crypto: propagate errors from TLS session I/O callbacksDaniel P. Berrangé
GNUTLS doesn't know how to perform I/O on anything other than plain FDs, so the TLS session provides it with some I/O callbacks. The GNUTLS API design requires these callbacks to return a unix errno value, which means we're currently loosing the useful QEMU "Error" object. This changes the I/O callbacks in QEMU to stash the "Error" object in the QCryptoTLSSession class, and fetch it when seeing an I/O error returned from GNUTLS, thus preserving useful error messages. Reviewed-by: Philippe Mathieu-Daudé <philmd@linaro.org> Signed-off-by: Daniel P. Berrangé <berrange@redhat.com>
2024-07-24crypto: push error reporting into TLS session I/O APIsDaniel P. Berrangé
The current TLS session I/O APIs just return a synthetic errno value on error, which has been translated from a gnutls error value. This looses a large amount of valuable information that distinguishes different scenarios. Pushing population of the "Error *errp" object into the TLS session I/O APIs gives more detailed error information. Reviewed-by: Philippe Mathieu-Daudé <philmd@linaro.org> Signed-off-by: Daniel P. Berrangé <berrange@redhat.com>
2024-07-24crypto: drop gnutls debug logging supportDaniel P. Berrangé
GNUTLS already supports dynamically enabling its logging at runtime by setting the env var 'GNUTLS_DEBUG_LEVEL=10', so there is no need to re-invent this logic in QEMU in a way that requires a re-compile. Reviewed-by: Philippe Mathieu-Daudé <philmd@linaro.org> Signed-off-by: Daniel P. Berrangé <berrange@redhat.com>
2024-07-23crypto/block-luks: make range overlap check more readableYao Xingtao
use ranges_overlap() instead of open-coding the overlap check to improve the readability of the code. Signed-off-by: Yao Xingtao <yaoxt.fnst@fujitsu.com> Reviewed-by: Philippe Mathieu-Daudé <philmd@linaro.org> Tested-by: Philippe Mathieu-Daudé <philmd@linaro.org> Reviewed-by: Daniel P. Berrangé <berrange@redhat.com> Message-ID: <20240722040742.11513-12-yaoxt.fnst@fujitsu.com> Signed-off-by: Philippe Mathieu-Daudé <philmd@linaro.org>
2024-06-10crypto/block: drop qcrypto_block_open() n_threads argumentStefan Hajnoczi
The n_threads argument is no longer used since the previous commit. Remove it. Signed-off-by: Stefan Hajnoczi <stefanha@redhat.com> Message-ID: <20240527155851.892885-3-stefanha@redhat.com> Reviewed-by: Kevin Wolf <kwolf@redhat.com> Acked-by: Daniel P. Berrangé <berrange@redhat.com> Signed-off-by: Kevin Wolf <kwolf@redhat.com>
2024-06-10block/crypto: create ciphers on demandStefan Hajnoczi
Ciphers are pre-allocated by qcrypto_block_init_cipher() depending on the given number of threads. The -device virtio-blk-pci,iothread-vq-mapping= feature allows users to assign multiple IOThreads to a virtio-blk device, but the association between the virtio-blk device and the block driver happens after the block driver is already open. When the number of threads given to qcrypto_block_init_cipher() is smaller than the actual number of threads at runtime, the block->n_free_ciphers > 0 assertion in qcrypto_block_pop_cipher() can fail. Get rid of qcrypto_block_init_cipher() n_thread's argument and allocate ciphers on demand. Reported-by: Qing Wang <qinwang@redhat.com> Buglink: https://issues.redhat.com/browse/RHEL-36159 Signed-off-by: Stefan Hajnoczi <stefanha@redhat.com> Message-ID: <20240527155851.892885-2-stefanha@redhat.com> Reviewed-by: Kevin Wolf <kwolf@redhat.com> Acked-by: Daniel P. Berrangé <berrange@redhat.com> Signed-off-by: Kevin Wolf <kwolf@redhat.com>
2024-03-19crypto: query gcrypt for cipher availabilityDaniel P. Berrangé
Just because a cipher is defined in the gcrypt header file, does not imply that it can be used. Distros can filter the list of ciphers when building gcrypt. For example, RHEL-9 disables the SM4 cipher. It is also possible that running in FIPS mode might dynamically change what ciphers are available at runtime. qcrypto_cipher_supports must therefore query gcrypt directly to check for cipher availability. Reviewed-by: Philippe Mathieu-Daudé <philmd@linaro.org> Reviewed-by: Thomas Huth <thuth@redhat.com> Signed-off-by: Daniel P. Berrangé <berrange@redhat.com>
2024-03-19crypto: factor out conversion of QAPI to gcrypt constantsDaniel P. Berrangé
The conversion of cipher mode will shortly be required in more than one place. Reviewed-by: Philippe Mathieu-Daudé <philmd@linaro.org> Reviewed-by: Thomas Huth <thuth@redhat.com> Signed-off-by: Daniel P. Berrangé <berrange@redhat.com>
2024-02-09crypto: Introduce 'detached-header' field in QCryptoBlockInfoLUKSHyman Huang
When querying the LUKS disk with the qemu-img tool or other APIs, add information about whether the LUKS header is detached. Additionally, update the test case with the appropriate modification. Signed-off-by: Hyman Huang <yong.huang@smartx.com> Reviewed-by: Daniel P. Berrangé <berrange@redhat.com> Signed-off-by: Daniel P. Berrangé <berrange@redhat.com>
2024-02-09crypto: Modify the qcrypto_block_create to support creation flagsHyman Huang
Expand the signature of qcrypto_block_create to enable the formation of LUKS volumes with detachable headers. To accomplish that, introduce QCryptoBlockCreateFlags to instruct the creation process to set the payload_offset_sector to 0. Signed-off-by: Hyman Huang <yong.huang@smartx.com> Reviewed-by: Daniel P. Berrangé <berrange@redhat.com> Signed-off-by: Daniel P. Berrangé <berrange@redhat.com>
2024-02-09crypto: Support LUKS volume with detached headerHyman Huang
By enhancing the LUKS driver, it is possible to implement the LUKS volume with a detached header. Normally a LUKS volume has a layout: disk: | header | key material | disk payload data | With a detached LUKS header, you need 2 disks so getting: disk1: | header | key material | disk2: | disk payload data | There are a variety of benefits to doing this: * Secrecy - the disk2 cannot be identified as containing LUKS volume since there's no header * Control - if access to the disk1 is restricted, then even if someone has access to disk2 they can't unlock it. Might be useful if you have disks on NFS but want to restrict which host can launch a VM instance from it, by dynamically providing access to the header to a designated host * Flexibility - your application data volume may be a given size and it is inconvenient to resize it to add encryption.You can store the LUKS header separately and use the existing storage volume for payload * Recovery - corruption of a bit in the header may make the entire payload inaccessible. It might be convenient to take backups of the header. If your primary disk header becomes corrupt, you can unlock the data still by pointing to the backup detached header Take the raw-format image as an example to introduce the usage of the LUKS volume with a detached header: 1. prepare detached LUKS header images $ dd if=/dev/zero of=test-header.img bs=1M count=32 $ dd if=/dev/zero of=test-payload.img bs=1M count=1000 $ cryptsetup luksFormat --header test-header.img test-payload.img > --force-password --type luks1 2. block-add a protocol blockdev node of payload image $ virsh qemu-monitor-command vm '{"execute":"blockdev-add", > "arguments":{"node-name":"libvirt-1-storage", "driver":"file", > "filename":"test-payload.img"}}' 3. block-add a protocol blockdev node of LUKS header as above. $ virsh qemu-monitor-command vm '{"execute":"blockdev-add", > "arguments":{"node-name":"libvirt-2-storage", "driver":"file", > "filename": "test-header.img" }}' 4. object-add the secret for decrypting the cipher stored in LUKS header above $ virsh qemu-monitor-command vm '{"execute":"object-add", > "arguments":{"qom-type":"secret", "id": > "libvirt-2-storage-secret0", "data":"abc123"}}' 5. block-add the raw-drived blockdev format node $ virsh qemu-monitor-command vm '{"execute":"blockdev-add", > "arguments":{"node-name":"libvirt-1-format", "driver":"raw", > "file":"libvirt-1-storage"}}' 6. block-add the luks-drived blockdev to link the raw disk with the LUKS header by specifying the field "header" $ virsh qemu-monitor-command vm '{"execute":"blockdev-add", > "arguments":{"node-name":"libvirt-2-format", "driver":"luks", > "file":"libvirt-1-format", "header":"libvirt-2-storage", > "key-secret":"libvirt-2-format-secret0"}}' 7. hot-plug the virtio-blk device finally $ virsh qemu-monitor-command vm '{"execute":"device_add", > "arguments": {"num-queues":"1", "driver":"virtio-blk-pci", > "drive": "libvirt-2-format", "id":"virtio-disk2"}}' Starting a VM with a LUKS volume with detached header is somewhat similar to hot-plug in that both maintaining the same json command while the starting VM changes the "blockdev-add/device_add" parameters to "blockdev/device". Signed-off-by: Hyman Huang <yong.huang@smartx.com> Reviewed-by: Daniel P. Berrangé <berrange@redhat.com> Signed-off-by: Daniel P. Berrangé <berrange@redhat.com>
2024-02-09crypto: Introduce SM4 symmetric cipher algorithmHyman Huang
Introduce the SM4 cipher algorithms (OSCCA GB/T 32907-2016). SM4 (GBT.32907-2016) is a cryptographic standard issued by the Organization of State Commercial Administration of China (OSCCA) as an authorized cryptographic algorithms for the use within China. Detect the SM4 cipher algorithms and enable the feature silently if it is available. Signed-off-by: Hyman Huang <yong.huang@smartx.com> Reviewed-by: Philippe Mathieu-Daudé <philmd@linaro.org> Reviewed-by: Daniel P. Berrangé <berrange@redhat.com> Signed-off-by: Daniel P. Berrangé <berrange@redhat.com>
2023-11-07crypto/rsakey-builtin.c.inc: Clean up two error pathsMarkus Armbruster
When qcrypto_builtin_rsa_public_key_parse() is about to fail, but no error has been set, it makes one up. Actually, there's just one way to fail without setting an error. Set it there instead. Same for qcrypto_builtin_rsa_private_key_parse(). Signed-off-by: Markus Armbruster <armbru@redhat.com> Signed-off-by: Daniel P. Berrangé <berrange@redhat.com>
2023-10-03Merge tag 'for-upstream' of https://gitlab.com/bonzini/qemu into stagingStefan Hajnoczi
* fix from optionrom build * fix for KVM on Apple M2 * introduce machine property "audiodev" * ui/vnc: Require audiodev= to enable audio * audio: remove QEMU_AUDIO_* and -audio-help support * audio: forbid using default audiodev backend with -audiodev and -nodefaults * remove compatibility code for old machine types * make-release: do not ship dtc sources * build system cleanups # -----BEGIN PGP SIGNATURE----- # # iQFIBAABCAAyFiEE8TM4V0tmI4mGbHaCv/vSX3jHroMFAmUb0QgUHHBib256aW5p # QHJlZGhhdC5jb20ACgkQv/vSX3jHroOpnAf9EFXfGkXpqQ5Q8ZbVlVc5GQKofMHW # OZwamTBlp/c07+QcQiMxwLhIW0iyDhrfdCjoFSUaTA8O10FM1YrFv4SkUryYb9B3 # bmoTl4NeLvmkxpC47GEeaaBfjyM0G/9Ip9Zsuqx3u+gSzwTbkEstA2u7gcsN0tL9 # VlhMSiV82uHhRC/DJYLxr+8bRYSIm1AeuI8K/O1yags85Kztf3UiQUhePIKLznMH # BdORjD+i46xM1dE8ifpdsunm462cDWz/faAnIH0YVKBlshnQHXKTO+GDA/Fbfl51 # wFfupZXo93wwgawS7elAUzI+gwaKCPRHA8NDcukeO91hTzk6i14y04u5SQ== # =nv64 # -----END PGP SIGNATURE----- # gpg: Signature made Tue 03 Oct 2023 04:30:00 EDT # gpg: using RSA key F13338574B662389866C7682BFFBD25F78C7AE83 # gpg: issuer "pbonzini@redhat.com" # gpg: Good signature from "Paolo Bonzini <bonzini@gnu.org>" [full] # gpg: aka "Paolo Bonzini <pbonzini@redhat.com>" [full] # Primary key fingerprint: 46F5 9FBD 57D6 12E7 BFD4 E2F7 7E15 100C CD36 69B1 # Subkey fingerprint: F133 3857 4B66 2389 866C 7682 BFFB D25F 78C7 AE83 * tag 'for-upstream' of https://gitlab.com/bonzini/qemu: (24 commits) audio: forbid default audiodev backend with -nodefaults audio: propagate Error * out of audio_init vt82c686 machines: Support machine-default audiodev with fallback hw/ppc: Support machine-default audiodev with fallback hw/arm: Support machine-default audiodev with fallback Introduce machine property "audiodev" audio: remove QEMU_AUDIO_* and -audio-help support audio: simplify flow in audio_init audio: commonize voice initialization audio: return Error ** from audio_state_by_name audio: allow returning an error from the driver init audio: Require AudioState in AUD_add_capture ui/vnc: Require audiodev= to enable audio crypto: only include tls-cipher-suites in emulators scsi-disk: ensure that FORMAT UNIT commands are terminated esp: restrict non-DMA transfer length to that of available data esp: use correct type for esp_dma_enable() in sysbus_esp_gpio_demux() Makefile: build plugins before running TCG tests meson: clean up static_library keyword arguments make-release: do not ship dtc sources ... Signed-off-by: Stefan Hajnoczi <stefanha@redhat.com>
2023-10-03crypto: only include tls-cipher-suites in emulatorsPaolo Bonzini
tls-cipher-suites is an object that is used to inject TLS configuration into the guest (via fw_cfg). It is never used for host-side TLS operation, and therefore it need not be available in the tools. Reviewed-by: Daniel P. Berrangé <berrange@redhat.com> Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
2023-09-29crypto: remove shadowed 'ret' variableDaniel P. Berrangé
Both instances of 'ret' are used to store a gnutls API return code. Signed-off-by: Daniel P. Berrangé <berrange@redhat.com> Message-ID: <20230922160644.438631-2-berrange@redhat.com> Reviewed-by: Philippe Mathieu-Daudé <philmd@linaro.org> Signed-off-by: Markus Armbruster <armbru@redhat.com>
2023-09-29crypto/cipher-gnutls.c: Clean up local variable shadowingPhilippe Mathieu-Daudé
Fix: In file included from crypto/cipher.c:140: crypto/cipher-gnutls.c.inc: In function ‘qcrypto_gnutls_cipher_encrypt’: crypto/cipher-gnutls.c.inc:116:17: warning: declaration of ‘err’ shadows a previous local [-Wshadow=compatible-local] 116 | int err = gnutls_cipher_init(&handle, ctx->galg, &gkey, NULL); | ^~~ crypto/cipher-gnutls.c.inc:94:9: note: shadowed declaration is here 94 | int err; | ^~~ --- crypto/cipher-gnutls.c.inc: In function ‘qcrypto_gnutls_cipher_decrypt’: crypto/cipher-gnutls.c.inc:177:17: warning: declaration of ‘err’ shadows a previous local [-Wshadow=compatible-local] 177 | int err = gnutls_cipher_init(&handle, ctx->galg, &gkey, NULL); | ^~~ crypto/cipher-gnutls.c.inc:154:9: note: shadowed declaration is here 154 | int err; | ^~~ Signed-off-by: Philippe Mathieu-Daudé <philmd@linaro.org> Message-ID: <20230904161235.84651-17-philmd@linaro.org> Reviewed-by: Daniel P. Berrangé <berrange@redhat.com> Signed-off-by: Markus Armbruster <armbru@redhat.com>