From nobody Fri Nov 21 10:09:39 2025
Delivered-To: importer@patchew.org
Received-SPF: pass (zohomail.com: domain of lists.libvirt.org designates
 8.43.85.245 as permitted sender) client-ip=8.43.85.245;
 envelope-from=devel-bounces@lists.libvirt.org; helo=lists.libvirt.org;
Authentication-Results: mx.zohomail.com;
	dkim=fail;
	spf=pass (zohomail.com: domain of lists.libvirt.org designates 8.43.85.245 as
 permitted sender)  smtp.mailfrom=devel-bounces@lists.libvirt.org;
	dmarc=pass(p=reject dis=none)  header.from=lists.libvirt.org
ARC-Seal: i=1; a=rsa-sha256; t=1763041115; cv=none;
	d=zohomail.com; s=zohoarc;
	b=LBrIaLE9gYyxFG23ZpSdhlHbz1JpX0wku820g655jpZhxiPMZFYcvGfi7xitcpX/UTC8jdP4oaqqoAq/kw3hPUHLPLRN5fpJk6qOUIYvucnyrYkcTPCnV99VHQDQDohIrT7z2MkWr9tAXovA+3J0+y+oyCqIVXkK5iXvgolh6YI=
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=zohomail.com;
 s=zohoarc;
	t=1763041115;
 h=Content-Type:Content-Transfer-Encoding:Cc:Cc:Date:Date:From:From:In-Reply-To:List-Subscribe:List-Post:List-Owner:List-Id:List-Archive:List-Help:List-Unsubscribe:MIME-Version:Message-ID:Reply-To:Reply-To:References:Subject:Subject:To:To:Message-Id;
	bh=b7J/Q7xo4r7mDsz2T7s1WApqmEwhBBYU9WSa5sQwhRo=;
	b=oF2aWmg1Do5Rdm0xnjYan+sBdqUK5TNcdBqGC45tHbYV0Yjczx2ZZOkHJ3p0JCbo8YRsWZjXDJl/bQXDEfGL7oasmaqxLFO8jj6cm8BOI3gtJM3HdlDWG80QhkUuZ0Qc/0ASe9NBbbW6Gjf4leG14kkuxrzhMbmDrX7Qb1D38S8=
ARC-Authentication-Results: i=1; mx.zohomail.com;
	dkim=fail;
	spf=pass (zohomail.com: domain of lists.libvirt.org designates 8.43.85.245 as
 permitted sender)  smtp.mailfrom=devel-bounces@lists.libvirt.org;
	dmarc=pass header.from=<devel@lists.libvirt.org> (p=reject dis=none)
Return-Path: <devel-bounces@lists.libvirt.org>
Received: from lists.libvirt.org (lists.libvirt.org [8.43.85.245]) by
 mx.zohomail.com
	with SMTPS id 1763041115387393.0080828614423;
 Thu, 13 Nov 2025 05:38:35 -0800 (PST)
Received: by lists.libvirt.org (Postfix, from userid 993)
	id 561E84454D; Thu, 13 Nov 2025 08:38:34 -0500 (EST)
Received: from [172.19.199.29] (lists.libvirt.org [8.43.85.245])
	by lists.libvirt.org (Postfix) with ESMTP id 829B944566;
	Thu, 13 Nov 2025 08:36:50 -0500 (EST)
Received: by lists.libvirt.org (Postfix, from userid 993)
	id C8CE0441B0; Thu, 13 Nov 2025 08:32:43 -0500 (EST)
Received: from us-smtp-delivery-124.mimecast.com
 (us-smtp-delivery-124.mimecast.com [170.10.129.124])
	(using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits)
	 key-exchange X25519 server-signature RSA-PSS (3072 bits) server-digest
 SHA256)
	(No client certificate requested)
	by lists.libvirt.org (Postfix) with ESMTPS id CC3AD44185
	for <devel@lists.libvirt.org>; Thu, 13 Nov 2025 08:32:42 -0500 (EST)
Received: from mail-pl1-f198.google.com (mail-pl1-f198.google.com
 [209.85.214.198]) by relay.mimecast.com with ESMTP with STARTTLS
 (version=TLSv1.3, cipher=TLS_AES_256_GCM_SHA384) id
 us-mta-101-5W-xG4_fOheVw8zBeFgYAQ-1; Thu, 13 Nov 2025 08:32:41 -0500
Received: by mail-pl1-f198.google.com with SMTP id
 d9443c01a7336-29848363458so19654575ad.2
        for <devel@lists.libvirt.org>; Thu, 13 Nov 2025 05:32:40 -0800 (PST)
Received: from armenon-kvm.armenon-thinkpadp16vgen1.bengluru.csb
 ([49.36.110.242])
        by smtp.gmail.com with ESMTPSA id
 d2e1a72fcca58-7b927151380sm2373676b3a.38.2025.11.13.05.32.37
        (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256);
        Thu, 13 Nov 2025 05:32:38 -0800 (PST)
X-Spam-Checker-Version: SpamAssassin 4.0.1 (2024-03-26) on lists.libvirt.org
X-Spam-Level: 
X-Spam-Status: No, score=-5.0 required=5.0 tests=BAYES_00,DKIM_INVALID,
	DKIM_SIGNED,MAILING_LIST_MULTI,RCVD_IN_DNSWL_MED,
	RCVD_IN_VALIDITY_CERTIFIED_BLOCKED,RCVD_IN_VALIDITY_RPBL_BLOCKED,
	RCVD_IN_VALIDITY_SAFE_BLOCKED,SPF_PASS autolearn=unavailable
	autolearn_force=no version=4.0.1
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=redhat.com;
	s=mimecast20190719; t=1763040762;
	h=from:from:reply-to:subject:subject:date:date:message-id:message-id:
	 to:to:cc:cc:mime-version:mime-version:content-type:content-type:
	 content-transfer-encoding:content-transfer-encoding:
	 in-reply-to:in-reply-to:references:references;
	bh=b7J/Q7xo4r7mDsz2T7s1WApqmEwhBBYU9WSa5sQwhRo=;
	b=UUnk9LaJUW7tmV52arpKE98jZjZr9DlMj9uSxrX2vAXv6MuZfFkD/XJeNVOoUuxBVCQB18
	9OHD4PZ4RMvr3NEvC4iwhohNTkEX7tJIbh0tBeMfvs1jnsysTXMoWI0Dx50n224gbMtwiF
	Gx2XC8BpS5wEISeP259eM1Gxs9JMbT0=
X-MC-Unique: 5W-xG4_fOheVw8zBeFgYAQ-1
X-Mimecast-MFC-AGG-ID: 5W-xG4_fOheVw8zBeFgYAQ_1763040760
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
        d=1e100.net; s=20230601; t=1763040760; x=1763645560;
        h=content-transfer-encoding:mime-version:references:in-reply-to
         :message-id:date:subject:cc:to:from:x-gm-gg:x-gm-message-state:from
         :to:cc:subject:date:message-id:reply-to;
        bh=b7J/Q7xo4r7mDsz2T7s1WApqmEwhBBYU9WSa5sQwhRo=;
        b=lGcyl8Uh2ECzLOzqaGmb91jNfYhHnxbRHICiaiI1tqXTJr5+ju7p4gd8M83ug39qaW
         Zwp0LLfkkWJbCpw9UO7wMsOPUss+Jjcss0uacLRne455YYCaUU7vuoCCMptOlPQV1tro
         PbmnL6AJ5YTQg8NtKpUqs5mXY5gcgY9U55VB6RBeQEduRCjL+WvrseflxdMwMT9Bzdvk
         B8gAvI3spwgKcw9TakAJb1z/lNXrw9NwYr/SxH1zJdQdBGEjQpatKJG23MSZkPngHvof
         hneibCMY11wEV6u6sxyfDSSEjjITE6E+IK9B/5a4lfPH4d5XrEYo6F8N0tunmJ53KWmu
         N3ng==
X-Gm-Message-State: AOJu0Yz2bTmHjHzzabjt6zWbyZAflFzocQFRSkWStVYTo87AYu2NO8Ms
	xY+fn8XlLH1Piz3EDsHJA3H1lRGaGijYp0y5A5tShN8RGjZXFSjZ62ji7+BufyA0B/co4+GPiLe
	F3WSme+4NnGY5xyeCpX6hb2YohTQsHFUtKIJzzh1/5g7eXQG5z7sqOQY7bgRRUBCzYIw3j0uoQn
	u3m1JRWdiVWcyw6BQcHG2axaDRZNJBs60FT1iNNpxgqg==
X-Gm-Gg: ASbGnctSG6vPW2rHOeSqRTHJLwJ3r3R2oqPsaCEUMldMUFkQNlzTb8XZIkkoC0p3VIZ
	nGwS+Y9DCyrJ27wxRjjkpyMPOsw0AzImHTVGC5L6XAWgFjWudjwrWWOkK1HvtumeAlVY1O8DhOY
	wulwzADN4tqYObkFSN7huzazEWK2CVKZ5XM4hmI+VSfY4FN5DDITEPsZH9EHIol7fpALJM7QMQ2
	xZhdGczYVHKCwhSO4BvjAeuiU/2pWY0o036qrsZwczK8JPiPc5dC6OVYXsVNEbVs9/6vs6C+2zQ
	83nmBIWarfwalM7edb1xdjRs3y4Q8KLyxhTnH0fDhcjhTQEdV6TOaQsz/D137DbWgACt31apjI/
	qsTfmqQkhVwSViFdRu0GnYNMturPTPXioDx9akv/hRFJBn2g=
X-Received: by 2002:a17:902:ce06:b0:290:ac36:2ed6 with SMTP id
 d9443c01a7336-2984ed929eamr82261615ad.14.1763040759605;
        Thu, 13 Nov 2025 05:32:39 -0800 (PST)
X-Google-Smtp-Source: 
 AGHT+IHOkPs2cxStZ8w+RNR460k6ifvAmPGs2QVetWFJBnm2fCJlF/TCmQ3B/+PfBWXi5ZqgA6pzjw==
X-Received: by 2002:a17:902:ce06:b0:290:ac36:2ed6 with SMTP id
 d9443c01a7336-2984ed929eamr82261135ad.14.1763040758979;
        Thu, 13 Nov 2025 05:32:38 -0800 (PST)
To: devel@lists.libvirt.org
Subject: [RFC 1/4] util: Add support for GnuTLS decryption
Date: Thu, 13 Nov 2025 19:02:20 +0530
Message-ID: <20251113133223.32729-2-armenon@redhat.com>
X-Mailer: git-send-email 2.51.1
In-Reply-To: <20251113133223.32729-1-armenon@redhat.com>
References: <20251113133223.32729-1-armenon@redhat.com>
MIME-Version: 1.0
X-Mimecast-Spam-Score: 0
X-Mimecast-MFC-PROC-ID: KTRziX0oNdycSxXSRF0rO9BC10zIM8jzkZiJCmPKgt0_1763040760
X-Mimecast-Originator: redhat.com
Content-Transfer-Encoding: quoted-printable
Message-ID-Hash: 5OD6HAND5YF54P22G62ZWSMVIUVGVLZU
X-Message-ID-Hash: 5OD6HAND5YF54P22G62ZWSMVIUVGVLZU
X-MailFrom: armenon@redhat.com
X-Mailman-Rule-Misses: dmarc-mitigation; no-senders; approved; loop;
 banned-address; header-match-devel.lists.libvirt.org-0; emergency;
 member-moderation; nonmember-moderation; administrivia; implicit-dest;
 max-recipients; max-size; news-moderation; no-subject; digests;
 suspicious-header
CC: Arun Menon <armenon@redhat.com>,
 =?UTF-8?q?Michal=20Pr=C3=ADvozn=C3=ADk?= <mprivozn@redhat.com>
X-Mailman-Version: 3.3.10
Precedence: list
List-Id: Development discussions about the libvirt library & tools
 <devel.lists.libvirt.org>
Archived-At: 
 <https://lists.libvirt.org/archives/list/devel@lists.libvirt.org/message/5OD6HAND5YF54P22G62ZWSMVIUVGVLZU/>
List-Archive: 
 <https://lists.libvirt.org/archives/list/devel@lists.libvirt.org/>
List-Help: <mailto:devel-request@lists.libvirt.org?subject=help>
List-Owner: <mailto:devel-owner@lists.libvirt.org>
List-Post: <mailto:devel@lists.libvirt.org>
List-Subscribe: <mailto:devel-join@lists.libvirt.org>
List-Unsubscribe: <mailto:devel-leave@lists.libvirt.org>
From: Arun Menon via Devel <devel@lists.libvirt.org>
Reply-To: Arun Menon <armenon@redhat.com>
X-ZohoMail-DKIM: fail (Header signature does not verify)
X-ZM-MESSAGEID: 1763041128524153000
Content-Type: text/plain; charset="utf-8"; x-default="true"

Adds `virCryptoDecryptDataAESgnutls` and `virCryptoDecryptData`
as wrapper functions for GnuTLS decryption.

These functions are the inverse of the existing GnuTLS encryption wrappers.
This commit also includes a corresponding test case to validate data decryp=
tion.

Signed-off-by: Arun Menon <armenon@redhat.com>
---
 src/libvirt_private.syms |   1 +
 src/util/vircrypto.c     | 130 ++++++++++++++++++++++++++++++++++++++-
 src/util/vircrypto.h     |   8 +++
 tests/vircryptotest.c    |  65 ++++++++++++++++++++
 4 files changed, 202 insertions(+), 2 deletions(-)

diff --git a/src/libvirt_private.syms b/src/libvirt_private.syms
index fb482fff40..fc5fdb00f4 100644
--- a/src/libvirt_private.syms
+++ b/src/libvirt_private.syms
@@ -2252,6 +2252,7 @@ virConfWriteMem;
=20
=20
 # util/vircrypto.h
+virCryptoDecryptData;
 virCryptoEncryptData;
 virCryptoHashBuf;
 virCryptoHashString;
diff --git a/src/util/vircrypto.c b/src/util/vircrypto.c
index 3ce23264ca..e0d2b794a1 100644
--- a/src/util/vircrypto.c
+++ b/src/util/vircrypto.c
@@ -98,7 +98,7 @@ virCryptoHashString(virCryptoHash hash,
 }
=20
=20
-/* virCryptoEncryptDataAESgntuls:
+/* virCryptoEncryptDataAESgnutls:
  *
  * Performs the AES gnutls encryption
  *
@@ -200,7 +200,7 @@ virCryptoEncryptData(virCryptoCipher algorithm,
 {
     switch (algorithm) {
     case VIR_CRYPTO_CIPHER_AES256CBC:
-        if (enckeylen !=3D 32) {
+        if (enckeylen < 32) {
             virReportError(VIR_ERR_INVALID_ARG,
                            _("AES256CBC encryption invalid keylen=3D%1$zu"=
),
                            enckeylen);
@@ -233,3 +233,129 @@ virCryptoEncryptData(virCryptoCipher algorithm,
                    _("algorithm=3D%1$d is not supported"), algorithm);
     return -1;
 }
+
+/* virCryptoDecryptDataAESgnutls:
+ *
+ * Performs the AES gnutls decryption
+ *
+ * Same input as virCryptoDecryptData, except the algorithm is replaced
+ * by the specific gnutls algorithm.
+ *
+ * Decrypts the @data buffer using the @deckey and if available the @iv
+ *
+ * Returns 0 on success with the plaintext being filled. It is the
+ * caller's responsibility to clear and free it. Returns -1 on failure
+ * w/ error set.
+ */
+static int
+virCryptoDecryptDataAESgnutls(gnutls_cipher_algorithm_t gnutls_dec_alg,
+                              uint8_t *deckey,
+                              size_t deckeylen,
+                              uint8_t *iv,
+                              size_t ivlen,
+                              uint8_t *data,
+                              size_t datalen,
+                              uint8_t **plaintextret,
+                              size_t *plaintextlenret)
+{
+    int rc;
+    size_t i;
+    gnutls_cipher_hd_t handle =3D NULL;
+    gnutls_datum_t dec_key =3D { .data =3D deckey, .size =3D deckeylen };
+    gnutls_datum_t iv_buf =3D { .data =3D iv, .size =3D ivlen };
+    g_autofree uint8_t *plaintext =3D NULL;
+    size_t plaintextlen;
+
+    if ((rc =3D gnutls_cipher_init(&handle, gnutls_dec_alg,
+                                 &dec_key, &iv_buf)) < 0) {
+        virReportError(VIR_ERR_INTERNAL_ERROR,
+                       _("failed to initialize cipher: '%1$s'"),
+                       gnutls_strerror(rc));
+        return -1;
+    }
+
+    plaintext =3D g_memdup2(data, datalen);
+    plaintextlen =3D datalen;
+
+    rc =3D gnutls_cipher_decrypt(handle, plaintext, plaintextlen);
+    gnutls_cipher_deinit(handle);
+    if (rc < 0) {
+        virSecureErase(plaintext, plaintextlen);
+        virReportError(VIR_ERR_INTERNAL_ERROR,
+                       _("failed to decrypt the data: '%1$s'"),
+                       gnutls_strerror(rc));
+        return -1;
+    }
+    if (plaintextlen =3D=3D 0) {
+        virSecureErase(plaintext, plaintextlen);
+        virReportError(VIR_ERR_INTERNAL_ERROR, "%s",
+                       _("decrypted data has zero length"));
+        return -1;
+    }
+    i =3D plaintext[plaintextlen - 1];
+    if (i > plaintextlen) {
+        virSecureErase(plaintext, plaintextlen);
+        virReportError(VIR_ERR_INTERNAL_ERROR, "%s",
+                       _("decrypted data has invalid padding"));
+        return -1;
+    }
+    *plaintextlenret =3D plaintextlen - i;
+    *plaintextret =3D g_steal_pointer(&plaintext);
+    return 0;
+}
+
+/* virCryptoDecryptData:
+    * @algorithm: algorithm desired for decryption
+    * @deckey: decryption key
+    * @deckeylen: decryption key length
+    * @iv: initialization vector
+    * @ivlen: length of initialization vector
+    * @data: data to decrypt
+    * @datalen: length of data
+    * @plaintext: stream of bytes allocated to store plaintext
+    * @plaintextlen: size of the stream of bytes
+    * Returns 0 on success, -1 on failure with error set
+    */
+int
+virCryptoDecryptData(virCryptoCipher algorithm,
+                     uint8_t *deckey,
+                     size_t deckeylen,
+                     uint8_t *iv,
+                     size_t ivlen,
+                     uint8_t *data,
+                     size_t datalen,
+                     uint8_t **plaintext,
+                     size_t *plaintextlen)
+{
+    switch (algorithm) {
+    case VIR_CRYPTO_CIPHER_AES256CBC:
+        if (deckeylen < 32) {
+            virReportError(VIR_ERR_INVALID_ARG,
+                            _("AES256CBC decryption invalid keylen=3D%1$zu=
"),
+                            deckeylen);
+            return -1;
+        }
+        if (ivlen !=3D 16) {
+            virReportError(VIR_ERR_INVALID_ARG,
+                            _("AES256CBC initialization vector invalid len=
=3D%1$zu"),
+                            ivlen);
+            return -1;
+        }
+        /*
+         * Decrypt the data buffer using a decryption key and
+         * initialization vector via the gnutls_cipher_decrypt API
+         * for GNUTLS_CIPHER_AES_256_CBC.
+         */
+        return virCryptoDecryptDataAESgnutls(GNUTLS_CIPHER_AES_256_CBC,
+                                             deckey, deckeylen, iv, ivlen,
+                                             data, datalen,
+                                             plaintext, plaintextlen);
+    case VIR_CRYPTO_CIPHER_NONE:
+    case VIR_CRYPTO_CIPHER_LAST:
+        break;
+    }
+
+    virReportError(VIR_ERR_INVALID_ARG,
+                    _("algorithm=3D%1$d is not supported"), algorithm);
+    return -1;
+}
diff --git a/src/util/vircrypto.h b/src/util/vircrypto.h
index 5f079ac335..2e8557839d 100644
--- a/src/util/vircrypto.h
+++ b/src/util/vircrypto.h
@@ -61,3 +61,11 @@ int virCryptoEncryptData(virCryptoCipher algorithm,
                          uint8_t **ciphertext, size_t *ciphertextlen)
     ATTRIBUTE_NONNULL(2) ATTRIBUTE_NONNULL(6)
     ATTRIBUTE_NONNULL(8) ATTRIBUTE_NONNULL(9) G_GNUC_WARN_UNUSED_RESULT;
+
+int virCryptoDecryptData(virCryptoCipher algorithm,
+                         uint8_t *deckey, size_t deckeylen,
+                         uint8_t *iv, size_t ivlen,
+                         uint8_t *data, size_t datalen,
+                         uint8_t **plaintext, size_t *plaintextlen)
+    ATTRIBUTE_NONNULL(2) ATTRIBUTE_NONNULL(6)
+    ATTRIBUTE_NONNULL(8) ATTRIBUTE_NONNULL(9) G_GNUC_WARN_UNUSED_RESULT;
diff --git a/tests/vircryptotest.c b/tests/vircryptotest.c
index 9ffe70756e..864fa8838d 100644
--- a/tests/vircryptotest.c
+++ b/tests/vircryptotest.c
@@ -62,6 +62,14 @@ struct testCryptoEncryptData {
     size_t ciphertextlen;
 };
=20
+struct testCryptoDecryptData {
+    virCryptoCipher algorithm;
+    uint8_t *input;
+    size_t inputlen;
+    uint8_t *plaintext;
+    size_t plaintextlen;
+};
+
 static int
 testCryptoEncrypt(const void *opaque)
 {
@@ -101,6 +109,44 @@ testCryptoEncrypt(const void *opaque)
     return 0;
 }
=20
+static int
+testCryptoDecrypt(const void *opaque)
+{
+    const struct testCryptoDecryptData *data =3D opaque;
+    g_autofree uint8_t *deckey =3D NULL;
+    size_t deckeylen =3D 32;
+    g_autofree uint8_t *iv =3D NULL;
+    size_t ivlen =3D 16;
+    g_autofree uint8_t *plaintext =3D NULL;
+    size_t plaintextlen =3D 0;
+
+    deckey =3D g_new0(uint8_t, deckeylen);
+    iv =3D g_new0(uint8_t, ivlen);
+
+    if (virRandomBytes(deckey, deckeylen) < 0 ||
+        virRandomBytes(iv, ivlen) < 0) {
+        fprintf(stderr, "Failed to generate random bytes\n");
+        return -1;
+    }
+
+    if (virCryptoDecryptData(data->algorithm, deckey, deckeylen, iv, ivlen,
+                             data->input, data->inputlen,
+                             &plaintext, &plaintextlen) < 0)
+        return -1;
+
+    if (data->plaintextlen !=3D plaintextlen) {
+        fprintf(stderr, "Expected plaintexlen(%zu) doesn't match (%zu)\n",
+                data->plaintextlen, plaintextlen);
+        return -1;
+    }
+
+    if (memcmp(data->plaintext, plaintext, plaintextlen)) {
+        fprintf(stderr, "Expected plaintext doesn't match\n");
+        return -1;
+    }
+
+    return 0;
+}
=20
 static int
 mymain(void)
@@ -155,7 +201,26 @@ mymain(void)
=20
 #undef VIR_CRYPTO_ENCRYPT
=20
+#define VIR_CRYPTO_DECRYPT(a, n, i, il, c, cl) \
+    do { \
+        struct testCryptoDecryptData data =3D { \
+            .algorithm =3D a, \
+            .input =3D i, \
+            .inputlen =3D il, \
+            .plaintext =3D c, \
+            .plaintextlen =3D cl, \
+        }; \
+        if (virTestRun("Decrypt " n, testCryptoDecrypt, &data) < 0) \
+            ret =3D -1; \
+    } while (0)
+
+    VIR_CRYPTO_DECRYPT(VIR_CRYPTO_CIPHER_AES256CBC, "aes256cbc",
+                       expected_ciphertext, 16, secretdata, 7);
+
+#undef VIR_CRYPTO_DECRYPT
+
     return ret =3D=3D 0 ? EXIT_SUCCESS : EXIT_FAILURE;
+
 }
=20
 /* Forces usage of not so random virRandomBytes */
--=20
2.51.1