summary refs log tree commit diff stats
path: root/crypto/cipher.c
diff options
context:
space:
mode:
authorPeter Maydell <peter.maydell@linaro.org>2021-07-15 19:06:08 +0100
committerPeter Maydell <peter.maydell@linaro.org>2021-07-15 19:06:08 +0100
commitd4127349e316b5c78645f95dba5922196ac4cc23 (patch)
tree158fb3e1701cce7a7334970dad8fa085d3fd1c30 /crypto/cipher.c
parent438951e8839c66a0d0f65011a7a4ff6bd50efad6 (diff)
parent80d78357495837f1f0e53fbb6bca5fb793631d94 (diff)
downloadfocaccia-qemu-d4127349e316b5c78645f95dba5922196ac4cc23.tar.gz
focaccia-qemu-d4127349e316b5c78645f95dba5922196ac4cc23.zip
Merge remote-tracking branch 'remotes/berrange-gitlab/tags/crypto-and-more-pull-request' into staging
Merge crypto updates and misc fixes

 * Introduce a GNUTLS backend for crypto algorithms
 * Change crypto library preference gnutls > gcrypt > nettle > built-in
 * Remove built-in DES impl
 * Remove XTS mode from built-in AES impl
 * Fix seccomp rules to allow resource info getters
 * Fix migration performance test
 * Use GDateTime in io/ and net/rocker/ code
 * Improve docs for -smp

# gpg: Signature made Wed 14 Jul 2021 15:08:00 BST
# gpg:                using RSA key DAF3A6FDB26B62912D0E8E3FBE86EBB415104FDF
# gpg: Good signature from "Daniel P. Berrange <dan@berrange.com>" [full]
# gpg:                 aka "Daniel P. Berrange <berrange@redhat.com>" [full]
# Primary key fingerprint: DAF3 A6FD B26B 6291 2D0E  8E3F BE86 EBB4 1510 4FDF

* remotes/berrange-gitlab/tags/crypto-and-more-pull-request: (26 commits)
  qemu-options: rewrite help for -smp options
  qemu-options: tweak to show that CPU count is optional
  qemu-options: re-arrange CPU topology options
  docs: fix typo s/Intel/AMD/ in CPU model notes
  tests/migration: fix unix socket migration
  seccomp: don't block getters for resource control syscalls
  io: use GDateTime for formatting timestamp for websock headers
  net/rocker: use GDateTime for formatting timestamp in debug messages
  crypto: prefer gnutls as the crypto backend if new enough
  crypto: add gnutls pbkdf provider
  crypto: add gnutls hmac provider
  crypto: add gnutls hash provider
  crypto: add gnutls cipher provider
  crypto: introduce build system for gnutls crypto backend
  crypto: flip priority of backends to prefer gcrypt
  crypto: replace 'des-rfb' cipher with 'des'
  crypto: delete built-in XTS cipher mode support
  crypto: delete built-in DES implementation
  crypto: add crypto tests for single block DES-ECB and DES-CBC
  crypto: drop custom XTS support in gcrypt driver
  ...

Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
Diffstat (limited to 'crypto/cipher.c')
-rw-r--r--crypto/cipher.c30
1 files changed, 7 insertions, 23 deletions
diff --git a/crypto/cipher.c b/crypto/cipher.c
index 068b2fb867..74b09a5b26 100644
--- a/crypto/cipher.c
+++ b/crypto/cipher.c
@@ -29,7 +29,7 @@ static const size_t alg_key_len[QCRYPTO_CIPHER_ALG__MAX] = {
     [QCRYPTO_CIPHER_ALG_AES_128] = 16,
     [QCRYPTO_CIPHER_ALG_AES_192] = 24,
     [QCRYPTO_CIPHER_ALG_AES_256] = 32,
-    [QCRYPTO_CIPHER_ALG_DES_RFB] = 8,
+    [QCRYPTO_CIPHER_ALG_DES] = 8,
     [QCRYPTO_CIPHER_ALG_3DES] = 24,
     [QCRYPTO_CIPHER_ALG_CAST5_128] = 16,
     [QCRYPTO_CIPHER_ALG_SERPENT_128] = 16,
@@ -44,7 +44,7 @@ static const size_t alg_block_len[QCRYPTO_CIPHER_ALG__MAX] = {
     [QCRYPTO_CIPHER_ALG_AES_128] = 16,
     [QCRYPTO_CIPHER_ALG_AES_192] = 16,
     [QCRYPTO_CIPHER_ALG_AES_256] = 16,
-    [QCRYPTO_CIPHER_ALG_DES_RFB] = 8,
+    [QCRYPTO_CIPHER_ALG_DES] = 8,
     [QCRYPTO_CIPHER_ALG_3DES] = 8,
     [QCRYPTO_CIPHER_ALG_CAST5_128] = 8,
     [QCRYPTO_CIPHER_ALG_SERPENT_128] = 16,
@@ -107,9 +107,9 @@ qcrypto_cipher_validate_key_length(QCryptoCipherAlgorithm alg,
     }
 
     if (mode == QCRYPTO_CIPHER_MODE_XTS) {
-        if (alg == QCRYPTO_CIPHER_ALG_DES_RFB
-                || alg == QCRYPTO_CIPHER_ALG_3DES) {
-            error_setg(errp, "XTS mode not compatible with DES-RFB/3DES");
+        if (alg == QCRYPTO_CIPHER_ALG_DES ||
+            alg == QCRYPTO_CIPHER_ALG_3DES) {
+            error_setg(errp, "XTS mode not compatible with DES/3DES");
             return false;
         }
         if (nkey % 2) {
@@ -132,28 +132,12 @@ qcrypto_cipher_validate_key_length(QCryptoCipherAlgorithm alg,
     return true;
 }
 
-#if defined(CONFIG_GCRYPT) || defined(CONFIG_NETTLE)
-static uint8_t *
-qcrypto_cipher_munge_des_rfb_key(const uint8_t *key,
-                                 size_t nkey)
-{
-    uint8_t *ret = g_new0(uint8_t, nkey);
-    size_t i;
-    for (i = 0; i < nkey; i++) {
-        uint8_t r = key[i];
-        r = (r & 0xf0) >> 4 | (r & 0x0f) << 4;
-        r = (r & 0xcc) >> 2 | (r & 0x33) << 2;
-        r = (r & 0xaa) >> 1 | (r & 0x55) << 1;
-        ret[i] = r;
-    }
-    return ret;
-}
-#endif /* CONFIG_GCRYPT || CONFIG_NETTLE */
-
 #ifdef CONFIG_GCRYPT
 #include "cipher-gcrypt.c.inc"
 #elif defined CONFIG_NETTLE
 #include "cipher-nettle.c.inc"
+#elif defined CONFIG_GNUTLS_CRYPTO
+#include "cipher-gnutls.c.inc"
 #else
 #include "cipher-builtin.c.inc"
 #endif