From nobody Fri Nov 21 10:13:44 2025 Delivered-To: importer@patchew.org Received-SPF: pass (zohomail.com: domain of lists.libvirt.org designates 8.43.85.245 as permitted sender) client-ip=8.43.85.245; envelope-from=devel-bounces@lists.libvirt.org; helo=lists.libvirt.org; Authentication-Results: mx.zohomail.com; dkim=fail; spf=pass (zohomail.com: domain of lists.libvirt.org designates 8.43.85.245 as permitted sender) smtp.mailfrom=devel-bounces@lists.libvirt.org; dmarc=pass(p=reject dis=none) header.from=lists.libvirt.org ARC-Seal: i=1; a=rsa-sha256; t=1763657997; cv=none; d=zohomail.com; s=zohoarc; b=YJW1qH1MgEn7vnE5dEWMJ/+chFP+avcqOVmWr2EYF8uPrqlCZTU3HU0W8ImNwOayA/3OJ11l8jl1DnQ32VrVY987VCRmKHe+0TQKuCMicKrGNzZ7pt0Ij5T0tgQU46vaTS+hJeO/Hx79PxXTVvEDIvUqMXVJeK6uZjOfBWtn9Vc= ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=zohomail.com; s=zohoarc; t=1763657997; h=Content-Type:Content-Transfer-Encoding:Cc:Cc:Date:Date:From:From:In-Reply-To:List-Subscribe:List-Post:List-Owner:List-Id:List-Archive:List-Help:List-Unsubscribe:MIME-Version:Message-ID:Reply-To:Reply-To:References:Subject:Subject:To:To:Message-Id; bh=J80UWdiWpVPOd9ikjKg6QVTpkk3ymUbrzbxgP34aO7M=; b=Y502/ZSwoNDrw4flCcnanWWybMF0D9EeyM7q783xhbP2KWZJ7nZjJQjzOMejkSCOF6Bm5gQcMvlNdXEbmx1e2rwZhbx2bUA9Z1UZZ/LCi0TK629Rc0Z6V3aZQqjOGt0as+IoFNps7MkN6jhsfzHdjWfgsHN0fOqpx9oIuF9zua4= ARC-Authentication-Results: i=1; mx.zohomail.com; dkim=fail; spf=pass (zohomail.com: domain of lists.libvirt.org designates 8.43.85.245 as permitted sender) smtp.mailfrom=devel-bounces@lists.libvirt.org; dmarc=pass header.from= (p=reject dis=none) Return-Path: Received: from lists.libvirt.org (lists.libvirt.org [8.43.85.245]) by mx.zohomail.com with SMTPS id 1763657997506619.7126018838964; Thu, 20 Nov 2025 08:59:57 -0800 (PST) Received: by lists.libvirt.org (Postfix, from userid 993) id B8778440B0; Thu, 20 Nov 2025 11:59:56 -0500 (EST) Received: from [172.19.199.53] (lists.libvirt.org [8.43.85.245]) by lists.libvirt.org (Postfix) with ESMTP id EC6024420D; Thu, 20 Nov 2025 11:57:16 -0500 (EST) Received: by lists.libvirt.org (Postfix, from userid 993) id 485F641BD5; Thu, 20 Nov 2025 11:53:58 -0500 (EST) Received: from us-smtp-delivery-124.mimecast.com (us-smtp-delivery-124.mimecast.com [170.10.133.124]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (3072 bits) server-digest SHA256) (No client certificate requested) by lists.libvirt.org (Postfix) with ESMTPS id A379E41ADD for ; Thu, 20 Nov 2025 11:53:56 -0500 (EST) Received: from mail-pl1-f200.google.com (mail-pl1-f200.google.com [209.85.214.200]) by relay.mimecast.com with ESMTP with STARTTLS (version=TLSv1.3, cipher=TLS_AES_256_GCM_SHA384) id us-mta-264-Be_YQc2NMc2TAjagZtnK3w-1; Thu, 20 Nov 2025 11:53:55 -0500 Received: by mail-pl1-f200.google.com with SMTP id d9443c01a7336-29806c42760so47603345ad.2 for ; Thu, 20 Nov 2025 08:53:54 -0800 (PST) Received: from armenon-kvm.armenon-thinkpadp16vgen1.bengluru.csb ([49.36.104.36]) by smtp.gmail.com with ESMTPSA id 98e67ed59e1d1-34727bcaf5asm2887551a91.4.2025.11.20.08.53.51 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Thu, 20 Nov 2025 08:53:52 -0800 (PST) X-Spam-Checker-Version: SpamAssassin 4.0.1 (2024-03-26) on lists.libvirt.org X-Spam-Level: X-Spam-Status: No, score=-5.0 required=5.0 tests=BAYES_00,DKIM_INVALID, DKIM_SIGNED,MAILING_LIST_MULTI,RCVD_IN_DNSWL_MED, RCVD_IN_VALIDITY_CERTIFIED_BLOCKED,RCVD_IN_VALIDITY_RPBL_BLOCKED, RCVD_IN_VALIDITY_SAFE_BLOCKED,SPF_PASS autolearn=unavailable autolearn_force=no version=4.0.1 DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=redhat.com; s=mimecast20190719; t=1763657636; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:cc:mime-version:mime-version:content-type:content-type: content-transfer-encoding:content-transfer-encoding: in-reply-to:in-reply-to:references:references; bh=J80UWdiWpVPOd9ikjKg6QVTpkk3ymUbrzbxgP34aO7M=; b=UpfbG/hvgpk8EeYiQhRgt1MSRvaX3pMp0GvttmZA32UbCHJp6QvwQW0S8uc09dljdGiFia GU76rchW3DDhQwvA63yeZYM9oesPJH/POB554dPpbxS8PET6mwdptJatdu62+DttQ5u3Wu 3vt7e4OSZ+oBp2G1CyIutANTlLWTQf4= X-MC-Unique: Be_YQc2NMc2TAjagZtnK3w-1 X-Mimecast-MFC-AGG-ID: Be_YQc2NMc2TAjagZtnK3w_1763657634 X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1763657634; x=1764262434; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:cc:to:from:x-gm-gg:x-gm-message-state:from :to:cc:subject:date:message-id:reply-to; bh=J80UWdiWpVPOd9ikjKg6QVTpkk3ymUbrzbxgP34aO7M=; b=PMXy9NzwjLCsqtDPDCJCvdlrAcFgUyX7rUbtVt/g4eq2MuqVhii+bQKp0efWZbQpkd edYMlZ0ECpKs5DyrOm3a+RLLT7s57IkF31ZXNN5ra0LwF0WNnUKeZAm9JsNdIqucO9pd n3Puip+y0FuBv32zFEaH+jEEzRMn2mw1VyxBIdRNNriZUhgEKnFaRPdA+ts6CB5GcvUM YhwwBslGoLQ+66RosWXs0y8Z1vUnDb231ICtUPk2HF2QMNCaoOcukmNWnJcIvMuukuPN eld43qEwuDjKJXYtRe7B7jap/wnqQrwD6a+OhuUANdWlaZSrsH1NM8pDlLBTJYuLhC4m A1CQ== X-Gm-Message-State: AOJu0YxSnGNWYLGyp6OqGLr3A3Q2zQB56CTjcC9kdKrKqqE57T/AA3W0 3IpV43I6n/kr9zTdTkNzLSYuWTcblvj/ZFxTQKyvzbhG2K9MHy8I76nlx4ZySCMTz2BrrgCwWwR UFpSRKf+45guKLhHBZ/73ZeLgMGPbky5I5meP2ABYe4rjuGm9KCPcUIV8bdN+ZSl5CrkzZxyZ6S AzcMFeI6hZmk0CwZENA6f8hRClO6IJb/XIueslHolCVQ== X-Gm-Gg: ASbGnctZUVWxm/Xo5XUHJIBrcI/YLbJ5XG3OiNT+Xj8/kgEAg/zI8xBlSjenZ/822Bb tKPGVfuQj7dEP5YU3fmhQg4iTjg9dB0n/losrDa0PzYfNUY9jVc+Khj6c21PUnLaqCoZzM2/TpM w805hsY+h6vDLDnb3KJjDyX40AKGFMIl6qvEmlWZa2MbypQ8mKEGTxKwc5cUyO33cc9abMOfF0K 6koBVl+jXoS5yNf9lBLOd7Kx7BRWO+hWdcfAq13ieAmafWtat/etZViS06O6n240WJZ4IyT8R7J 1saOdemlrW57ye4stjt/odV5fXx2+kjKQyjBF9lv5RlWeezK44DGn6RxKGhyBfmuiwSAaXS2REJ SsYoxnd7GsTC7ozLh4AIURjA6bivYE/lAg8kL0R5mPll7gmLFaN0u3EXz X-Received: by 2002:a17:903:1248:b0:298:1156:acd5 with SMTP id d9443c01a7336-29b5b0f6739mr54266065ad.39.1763657633750; Thu, 20 Nov 2025 08:53:53 -0800 (PST) X-Google-Smtp-Source: AGHT+IEcGiIn6E+NdPLSywku425y+FQMzalMz8cNtAqaYf/pBctuvNTkUvLSrSCGIFQ6o3c8BMj1zQ== X-Received: by 2002:a17:903:1248:b0:298:1156:acd5 with SMTP id d9443c01a7336-29b5b0f6739mr54265745ad.39.1763657633237; Thu, 20 Nov 2025 08:53:53 -0800 (PST) To: devel@lists.libvirt.org Subject: [RFC v2 1/5] util: Add support for GnuTLS decryption Date: Thu, 20 Nov 2025 22:23:42 +0530 Message-ID: <20251120165346.161124-2-armenon@redhat.com> X-Mailer: git-send-email 2.51.1 In-Reply-To: <20251120165346.161124-1-armenon@redhat.com> References: <20251120165346.161124-1-armenon@redhat.com> MIME-Version: 1.0 X-Mimecast-Spam-Score: 0 X-Mimecast-MFC-PROC-ID: vH5uA01mb6xFbm5MD6Meq64w4UW3NC-9vofz_6DRN64_1763657634 X-Mimecast-Originator: redhat.com Content-Transfer-Encoding: quoted-printable Message-ID-Hash: UU4XBOPM3AQUOQBKWNOBXNANY4BUA2MG X-Message-ID-Hash: UU4XBOPM3AQUOQBKWNOBXNANY4BUA2MG X-MailFrom: armenon@redhat.com X-Mailman-Rule-Misses: dmarc-mitigation; no-senders; approved; loop; banned-address; header-match-devel.lists.libvirt.org-0; emergency; member-moderation; nonmember-moderation; administrivia; implicit-dest; max-recipients; max-size; news-moderation; no-subject; digests; suspicious-header CC: Arun Menon X-Mailman-Version: 3.3.10 Precedence: list List-Id: Development discussions about the libvirt library & tools Archived-At: List-Archive: List-Help: List-Owner: List-Post: List-Subscribe: List-Unsubscribe: From: Arun Menon via Devel Reply-To: Arun Menon X-ZohoMail-DKIM: fail (Header signature does not verify) X-ZM-MESSAGEID: 1763658009405018900 Content-Type: text/plain; charset="utf-8"; x-default="true" Adds `virCryptoDecryptDataAESgnutls` and `virCryptoDecryptData` as wrapper functions for GnuTLS decryption. These functions are the inverse of the existing GnuTLS encryption wrappers. This commit also includes a corresponding test case to validate data decryp= tion. Signed-off-by: Arun Menon --- src/libvirt_private.syms | 1 + src/util/vircrypto.c | 128 ++++++++++++++++++++++++++++++++++++++- src/util/vircrypto.h | 8 +++ tests/vircryptotest.c | 65 ++++++++++++++++++++ 4 files changed, 201 insertions(+), 1 deletion(-) diff --git a/src/libvirt_private.syms b/src/libvirt_private.syms index fb482fff40..fc5fdb00f4 100644 --- a/src/libvirt_private.syms +++ b/src/libvirt_private.syms @@ -2252,6 +2252,7 @@ virConfWriteMem; =20 =20 # util/vircrypto.h +virCryptoDecryptData; virCryptoEncryptData; virCryptoHashBuf; virCryptoHashString; diff --git a/src/util/vircrypto.c b/src/util/vircrypto.c index 3ce23264ca..fedb39b167 100644 --- a/src/util/vircrypto.c +++ b/src/util/vircrypto.c @@ -98,7 +98,7 @@ virCryptoHashString(virCryptoHash hash, } =20 =20 -/* virCryptoEncryptDataAESgntuls: +/* virCryptoEncryptDataAESgnutls: * * Performs the AES gnutls encryption * @@ -233,3 +233,129 @@ virCryptoEncryptData(virCryptoCipher algorithm, _("algorithm=3D%1$d is not supported"), algorithm); return -1; } + +/* virCryptoDecryptDataAESgnutls: + * + * Performs the AES gnutls decryption + * + * Same input as virCryptoDecryptData, except the algorithm is replaced + * by the specific gnutls algorithm. + * + * Decrypts the @data buffer using the @deckey and if available the @iv + * + * Returns 0 on success with the plaintext being filled. It is the + * caller's responsibility to clear and free it. Returns -1 on failure + * w/ error set. + */ +static int +virCryptoDecryptDataAESgnutls(gnutls_cipher_algorithm_t gnutls_dec_alg, + uint8_t *deckey, + size_t deckeylen, + uint8_t *iv, + size_t ivlen, + uint8_t *data, + size_t datalen, + uint8_t **plaintextret, + size_t *plaintextlenret) +{ + int rc; + size_t i; + gnutls_cipher_hd_t handle =3D NULL; + gnutls_datum_t dec_key =3D { .data =3D deckey, .size =3D deckeylen }; + gnutls_datum_t iv_buf =3D { .data =3D iv, .size =3D ivlen }; + g_autofree uint8_t *plaintext =3D NULL; + size_t plaintextlen; + + if ((rc =3D gnutls_cipher_init(&handle, gnutls_dec_alg, + &dec_key, &iv_buf)) < 0) { + virReportError(VIR_ERR_INTERNAL_ERROR, + _("failed to initialize cipher: '%1$s'"), + gnutls_strerror(rc)); + return -1; + } + + plaintext =3D g_memdup2(data, datalen); + plaintextlen =3D datalen; + + rc =3D gnutls_cipher_decrypt(handle, plaintext, plaintextlen); + gnutls_cipher_deinit(handle); + if (rc < 0) { + virReportError(VIR_ERR_INTERNAL_ERROR, + _("failed to decrypt the data: '%1$s'"), + gnutls_strerror(rc)); + goto error; + } + if (plaintextlen =3D=3D 0) { + virReportError(VIR_ERR_INTERNAL_ERROR, "%s", + _("decrypted data has zero length")); + goto error; + } + i =3D plaintext[plaintextlen - 1]; + if (i > plaintextlen) { + virReportError(VIR_ERR_INTERNAL_ERROR, "%s", + _("decrypted data has invalid padding")); + goto error; + } + *plaintextlenret =3D plaintextlen - i; + *plaintextret =3D g_steal_pointer(&plaintext); + return 0; + error: + virSecureErase(plaintext, plaintextlen); + return -1; +} + +/* virCryptoDecryptData: + * @algorithm: algorithm desired for decryption + * @deckey: decryption key + * @deckeylen: decryption key length + * @iv: initialization vector + * @ivlen: length of initialization vector + * @data: data to decrypt + * @datalen: length of data + * @plaintext: stream of bytes allocated to store plaintext + * @plaintextlen: size of the stream of bytes + * Returns 0 on success, -1 on failure with error set + */ +int +virCryptoDecryptData(virCryptoCipher algorithm, + uint8_t *deckey, + size_t deckeylen, + uint8_t *iv, + size_t ivlen, + uint8_t *data, + size_t datalen, + uint8_t **plaintext, + size_t *plaintextlen) +{ + switch (algorithm) { + case VIR_CRYPTO_CIPHER_AES256CBC: + if (deckeylen !=3D 32) { + virReportError(VIR_ERR_INVALID_ARG, + _("AES256CBC decryption invalid keylen=3D%1$zu= "), + deckeylen); + return -1; + } + if (ivlen !=3D 16) { + virReportError(VIR_ERR_INVALID_ARG, + _("AES256CBC initialization vector invalid len= =3D%1$zu"), + ivlen); + return -1; + } + /* + * Decrypt the data buffer using a decryption key and + * initialization vector via the gnutls_cipher_decrypt API + * for GNUTLS_CIPHER_AES_256_CBC. + */ + return virCryptoDecryptDataAESgnutls(GNUTLS_CIPHER_AES_256_CBC, + deckey, deckeylen, iv, ivlen, + data, datalen, + plaintext, plaintextlen); + case VIR_CRYPTO_CIPHER_NONE: + case VIR_CRYPTO_CIPHER_LAST: + break; + } + + virReportError(VIR_ERR_INVALID_ARG, + _("algorithm=3D%1$d is not supported"), algorithm); + return -1; +} diff --git a/src/util/vircrypto.h b/src/util/vircrypto.h index 5f079ac335..2e8557839d 100644 --- a/src/util/vircrypto.h +++ b/src/util/vircrypto.h @@ -61,3 +61,11 @@ int virCryptoEncryptData(virCryptoCipher algorithm, uint8_t **ciphertext, size_t *ciphertextlen) ATTRIBUTE_NONNULL(2) ATTRIBUTE_NONNULL(6) ATTRIBUTE_NONNULL(8) ATTRIBUTE_NONNULL(9) G_GNUC_WARN_UNUSED_RESULT; + +int virCryptoDecryptData(virCryptoCipher algorithm, + uint8_t *deckey, size_t deckeylen, + uint8_t *iv, size_t ivlen, + uint8_t *data, size_t datalen, + uint8_t **plaintext, size_t *plaintextlen) + ATTRIBUTE_NONNULL(2) ATTRIBUTE_NONNULL(6) + ATTRIBUTE_NONNULL(8) ATTRIBUTE_NONNULL(9) G_GNUC_WARN_UNUSED_RESULT; diff --git a/tests/vircryptotest.c b/tests/vircryptotest.c index 9ffe70756e..864fa8838d 100644 --- a/tests/vircryptotest.c +++ b/tests/vircryptotest.c @@ -62,6 +62,14 @@ struct testCryptoEncryptData { size_t ciphertextlen; }; =20 +struct testCryptoDecryptData { + virCryptoCipher algorithm; + uint8_t *input; + size_t inputlen; + uint8_t *plaintext; + size_t plaintextlen; +}; + static int testCryptoEncrypt(const void *opaque) { @@ -101,6 +109,44 @@ testCryptoEncrypt(const void *opaque) return 0; } =20 +static int +testCryptoDecrypt(const void *opaque) +{ + const struct testCryptoDecryptData *data =3D opaque; + g_autofree uint8_t *deckey =3D NULL; + size_t deckeylen =3D 32; + g_autofree uint8_t *iv =3D NULL; + size_t ivlen =3D 16; + g_autofree uint8_t *plaintext =3D NULL; + size_t plaintextlen =3D 0; + + deckey =3D g_new0(uint8_t, deckeylen); + iv =3D g_new0(uint8_t, ivlen); + + if (virRandomBytes(deckey, deckeylen) < 0 || + virRandomBytes(iv, ivlen) < 0) { + fprintf(stderr, "Failed to generate random bytes\n"); + return -1; + } + + if (virCryptoDecryptData(data->algorithm, deckey, deckeylen, iv, ivlen, + data->input, data->inputlen, + &plaintext, &plaintextlen) < 0) + return -1; + + if (data->plaintextlen !=3D plaintextlen) { + fprintf(stderr, "Expected plaintexlen(%zu) doesn't match (%zu)\n", + data->plaintextlen, plaintextlen); + return -1; + } + + if (memcmp(data->plaintext, plaintext, plaintextlen)) { + fprintf(stderr, "Expected plaintext doesn't match\n"); + return -1; + } + + return 0; +} =20 static int mymain(void) @@ -155,7 +201,26 @@ mymain(void) =20 #undef VIR_CRYPTO_ENCRYPT =20 +#define VIR_CRYPTO_DECRYPT(a, n, i, il, c, cl) \ + do { \ + struct testCryptoDecryptData data =3D { \ + .algorithm =3D a, \ + .input =3D i, \ + .inputlen =3D il, \ + .plaintext =3D c, \ + .plaintextlen =3D cl, \ + }; \ + if (virTestRun("Decrypt " n, testCryptoDecrypt, &data) < 0) \ + ret =3D -1; \ + } while (0) + + VIR_CRYPTO_DECRYPT(VIR_CRYPTO_CIPHER_AES256CBC, "aes256cbc", + expected_ciphertext, 16, secretdata, 7); + +#undef VIR_CRYPTO_DECRYPT + return ret =3D=3D 0 ? EXIT_SUCCESS : EXIT_FAILURE; + } =20 /* Forces usage of not so random virRandomBytes */ --=20 2.51.1