From nobody Tue Feb 10 23:52:55 2026 Delivered-To: importer@patchew.org Received-SPF: pass (zohomail.com: domain of lists.libvirt.org designates 8.43.85.245 as permitted sender) client-ip=8.43.85.245; envelope-from=devel-bounces@lists.libvirt.org; helo=lists.libvirt.org; Authentication-Results: mx.zohomail.com; dkim=fail; spf=pass (zohomail.com: domain of lists.libvirt.org designates 8.43.85.245 as permitted sender) smtp.mailfrom=devel-bounces@lists.libvirt.org; dmarc=pass(p=reject dis=none) header.from=lists.libvirt.org ARC-Seal: i=1; a=rsa-sha256; t=1770711282; cv=none; d=zohomail.com; s=zohoarc; b=fB2DfFE8JrqpBn1CXu7bZz3LqQxUAhOZqdbQKFlNst2SOVB8KBK+jsfYC8JR1ZFIpxGmHTyiFMepX+DxqdLBDG1/GIUCOlbKHKi1Bf2B22oAEBN/dl9CPWJRFbf0KvSQsVWoymDBX42pg2FBnMO0Tu3tDscs3apD4tzTwHaqw0w= ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=zohomail.com; s=zohoarc; t=1770711282; h=Content-Type:Content-Transfer-Encoding:Cc:Cc:Date:Date:From:From:In-Reply-To:List-Subscribe:List-Post:List-Owner:List-Id:List-Archive:List-Help:List-Unsubscribe:MIME-Version:Message-ID:Reply-To:Reply-To:References:Subject:Subject:To:To:Message-Id; bh=bgNp1ECUBLvQo36J/DBZcMqZSPBkwyBvfAi64UTxOEU=; b=GMaOxzsquxTfpxY5ciRT7DYQma09vY71OcnP9pqELU2DHGk/XvqODI+e7BOYXudNS8f2LhDUYnrObRGELcijhsq2Lv/3jcWnLV79ZKv5ya68fwgeR1q4N/oHUNgQUpTQ8BsWrVUlEYc1KNgpUitwNP6AHAq9ofuVmiHQ8UMv8CU= ARC-Authentication-Results: i=1; mx.zohomail.com; dkim=fail; spf=pass (zohomail.com: domain of lists.libvirt.org designates 8.43.85.245 as permitted sender) smtp.mailfrom=devel-bounces@lists.libvirt.org; dmarc=pass header.from= (p=reject dis=none) Return-Path: Received: from lists.libvirt.org (lists.libvirt.org [8.43.85.245]) by mx.zohomail.com with SMTPS id 1770711282598275.4329203920779; Tue, 10 Feb 2026 00:14:42 -0800 (PST) Received: by lists.libvirt.org (Postfix, from userid 993) id 67FFE43ED9; Tue, 10 Feb 2026 03:14:41 -0500 (EST) Received: from [172.19.199.6] (lists.libvirt.org [8.43.85.245]) by lists.libvirt.org (Postfix) with ESMTP id B72CD44110; Tue, 10 Feb 2026 03:11:27 -0500 (EST) Received: by lists.libvirt.org (Postfix, from userid 993) id E331E3F357; Tue, 10 Feb 2026 03:00:26 -0500 (EST) Received: from us-smtp-delivery-124.mimecast.com (us-smtp-delivery-124.mimecast.com [170.10.133.124]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (3072 bits) server-digest SHA256) (No client certificate requested) by lists.libvirt.org (Postfix) with ESMTPS id 833803F2B4 for ; Tue, 10 Feb 2026 03:00:22 -0500 (EST) Received: from mail-pl1-f197.google.com (mail-pl1-f197.google.com [209.85.214.197]) by relay.mimecast.com with ESMTP with STARTTLS (version=TLSv1.3, cipher=TLS_AES_256_GCM_SHA384) id us-mta-258-wjV8SCGNPISosLbZKM4MUw-1; Tue, 10 Feb 2026 03:00:20 -0500 Received: by mail-pl1-f197.google.com with SMTP id d9443c01a7336-2ab0b2e804cso7519395ad.3 for ; Tue, 10 Feb 2026 00:00:20 -0800 (PST) Received: from armenon-kvm.armenon-thinkpadp16vgen1.bengluru.csb ([49.36.106.198]) by smtp.gmail.com with ESMTPSA id d9443c01a7336-2aadc397d8dsm98273835ad.1.2026.02.10.00.00.16 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Tue, 10 Feb 2026 00:00:17 -0800 (PST) X-Spam-Checker-Version: SpamAssassin 4.0.1 (2024-03-26) on lists.libvirt.org X-Spam-Level: X-Spam-Status: No, score=-5.0 required=5.0 tests=BAYES_00,DKIM_INVALID, DKIM_SIGNED,MAILING_LIST_MULTI,RCVD_IN_DNSWL_MED, RCVD_IN_VALIDITY_CERTIFIED_BLOCKED,RCVD_IN_VALIDITY_RPBL_BLOCKED, RCVD_IN_VALIDITY_SAFE_BLOCKED,SPF_PASS autolearn=unavailable autolearn_force=no version=4.0.1 DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=redhat.com; s=mimecast20190719; t=1770710422; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:cc:mime-version:mime-version:content-type:content-type: content-transfer-encoding:content-transfer-encoding: in-reply-to:in-reply-to:references:references; bh=bgNp1ECUBLvQo36J/DBZcMqZSPBkwyBvfAi64UTxOEU=; b=QbuGHZc67FvCsSYPsPq8IpLZ48Ku6pn+fgDtsH+OiCtOcU5/l9grYBdQ9FzBDyO3elrL0E 7125KR3ktqoQmmxzv6CwHy7rTbVfHPeheeUwJZrPd/vjzNQQJwOamRTPxv2wQz95gSi0e2 Ecfi2G6NBCNFGoM9vf4YB1X6svfbMnA= X-MC-Unique: wjV8SCGNPISosLbZKM4MUw-1 X-Mimecast-MFC-AGG-ID: wjV8SCGNPISosLbZKM4MUw_1770710419 X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1770710419; x=1771315219; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:cc:to:from:x-gm-gg:x-gm-message-state:from :to:cc:subject:date:message-id:reply-to; bh=bgNp1ECUBLvQo36J/DBZcMqZSPBkwyBvfAi64UTxOEU=; b=YGDHLWEu73BDTD7dVU3Q/lTY6byCZNmMwkK3kqgUSy/wYWOjNZv3os9iPJrHlkC7eb 205Kmjuuhx8y6o0bfumlVRyJQC20KJbvBpBcv3BLYX8TG2+2jD+KGU67IrwelySqMd/+ I84WOljRzdA+EodLbSSaHSMXJzmVlUugC6QcDtPF1Zm1aoaqA9nHgrNX5QxZ+PhsCsPv az5fyPjGC49wGNWl8Ft6Q6vn/7B+JkJlSzl6/6J3h2VYVR1lyobcQKe16Tq8SA2DelrO NHrwAOiCeb7DYSpYeZ6Msv2C9Fs/X4qY6OUtLN2eYwCPWCpmOfqag0PuyIRWHp9wwyU1 kH7A== X-Gm-Message-State: AOJu0Ywh31LB1eFTFHqdSD9khgXPaviz++KSivVk5mtcEI8FUaJISm2H DC884AoLSbnnn/z5kb04FGBOdlAmiOIWG+NQUoMe+njdLu9MR+7zW8oXntfMO8ARGhp/OIdsoyk j6U5gxfRLYvL1hrvtyPOEQVSWbbMDeYDRmNYBdA4m0bUsW6N7HMFKhrpOuctltVh2cw3SDWpfDg kdYKY5PMcTBJIR6N1eWNMvhEXUV0RwGvNJM9YxrjNDFw== X-Gm-Gg: AZuq6aKaPP3mEZiPQMIppS+s7BybIEmkP7jaqDDDiArwCFXTrgofOI0IdStqocQ0FZQ Jfd1+8RjMuYxHxwz3eZWdHLSZ/Z3NeP/ob7lnv4ZYlW5S74hUeu6EuulBoJNLf9NSo3bq2LGx3c Qti1pt2GjrQbJgL6cG3F0bWt6lY9XYE2k1+eEDW1z6vzPOA7GLRTuPCRd4HUh7kdWA4ptqYvvXE KIQ4T1g0ld4VZLQzGylusgmzQLXd4zRjBZ6GeAwVX+yxWoTKLpupm+Y3tFp5eHOdMWl0qWr53yA X22+ET5dYsijuwfi7PBSaFdEtlbWK/1zZHf+LFq5i22sqdNfOZ9mAQs2qBJCA/GvHUMNH0nppKb l4auTm3C1mRS5kxSyBwU3dEY+bnMg0bmATgLGYGnbDVkReKO+n85NQFxJzdromp+o8oDElg== X-Received: by 2002:a17:903:234b:b0:2aa:d7a7:8084 with SMTP id d9443c01a7336-2aad7a7836amr77374265ad.6.1770710418800; Tue, 10 Feb 2026 00:00:18 -0800 (PST) X-Received: by 2002:a17:903:234b:b0:2aa:d7a7:8084 with SMTP id d9443c01a7336-2aad7a7836amr77373625ad.6.1770710418136; Tue, 10 Feb 2026 00:00:18 -0800 (PST) To: devel@lists.libvirt.org Subject: [PATCH v5 1/6] util: Add support for GnuTLS decryption Date: Tue, 10 Feb 2026 13:30:07 +0530 Message-ID: <20260210080012.17753-2-armenon@redhat.com> X-Mailer: git-send-email 2.51.1 In-Reply-To: <20260210080012.17753-1-armenon@redhat.com> References: <20260210080012.17753-1-armenon@redhat.com> MIME-Version: 1.0 X-Mimecast-Spam-Score: 0 X-Mimecast-MFC-PROC-ID: 3WkFS-9s_QUQtz58ZiPNOrht46wywKZDpVHMErcumnw_1770710419 X-Mimecast-Originator: redhat.com Content-Transfer-Encoding: quoted-printable Message-ID-Hash: YQ2J6V4FAJIVXC6AE55LWLIPRCZ6A2KE X-Message-ID-Hash: YQ2J6V4FAJIVXC6AE55LWLIPRCZ6A2KE X-MailFrom: armenon@redhat.com X-Mailman-Rule-Misses: dmarc-mitigation; no-senders; approved; loop; banned-address; header-match-devel.lists.libvirt.org-0; emergency; member-moderation; nonmember-moderation; administrivia; implicit-dest; max-recipients; max-size; news-moderation; no-subject; digests; suspicious-header CC: Arun Menon X-Mailman-Version: 3.3.10 Precedence: list List-Id: Development discussions about the libvirt library & tools Archived-At: <> List-Archive: List-Help: List-Owner: List-Post: List-Subscribe: List-Unsubscribe: From: Arun Menon via Devel Reply-To: Arun Menon X-ZohoMail-DKIM: fail (Header signature does not verify) X-ZM-MESSAGEID: 1770711292486158500 Content-Type: text/plain; charset="utf-8"; x-default="true" Adds `virCryptoDecryptDataAESgnutls` and `virCryptoDecryptData` as wrapper functions for GnuTLS decryption. These functions are the inverse of the existing GnuTLS encryption wrappers. This commit also includes a corresponding test case to validate data decryp= tion. Signed-off-by: Arun Menon Reviewed-by: Peter Krempa --- src/libvirt_private.syms | 1 + src/util/vircrypto.c | 126 ++++++++++++++++++++++++++++++++++++++- src/util/vircrypto.h | 8 +++ tests/vircryptotest.c | 65 ++++++++++++++++++++ 4 files changed, 199 insertions(+), 1 deletion(-) diff --git a/src/libvirt_private.syms b/src/libvirt_private.syms index d81b30f0b6..40af831070 100644 --- a/src/libvirt_private.syms +++ b/src/libvirt_private.syms @@ -2248,6 +2248,7 @@ virConfWriteMem; =20 =20 # util/vircrypto.h +virCryptoDecryptData; virCryptoEncryptData; virCryptoHashBuf; virCryptoHashString; diff --git a/src/util/vircrypto.c b/src/util/vircrypto.c index 3ce23264ca..00f723bb75 100644 --- a/src/util/vircrypto.c +++ b/src/util/vircrypto.c @@ -98,7 +98,7 @@ virCryptoHashString(virCryptoHash hash, } =20 =20 -/* virCryptoEncryptDataAESgntuls: +/* virCryptoEncryptDataAESgnutls: * * Performs the AES gnutls encryption * @@ -233,3 +233,127 @@ virCryptoEncryptData(virCryptoCipher algorithm, _("algorithm=3D%1$d is not supported"), algorithm); return -1; } + +/* virCryptoDecryptDataAESgnutls: + * + * Performs the AES gnutls decryption + * + * Same input as virCryptoDecryptData, except the algorithm is replaced + * by the specific gnutls algorithm. + * + * Decrypts the @data buffer using the @deckey and if available the @iv + * + * Returns 0 on success with the plaintext being filled. It is the + * caller's responsibility to clear and free it. Returns -1 on failure + * w/ error set. + */ +static int +virCryptoDecryptDataAESgnutls(gnutls_cipher_algorithm_t gnutls_dec_alg, + uint8_t *deckey, + size_t deckeylen, + uint8_t *iv, + size_t ivlen, + uint8_t *data, + size_t datalen, + uint8_t **plaintextret, + size_t *plaintextlenret) +{ + int rc; + uint8_t padding_length; + gnutls_cipher_hd_t handle =3D NULL; + gnutls_datum_t dec_key =3D { .data =3D deckey, .size =3D deckeylen }; + gnutls_datum_t iv_buf =3D { .data =3D iv, .size =3D ivlen }; + g_autofree uint8_t *plaintext =3D NULL; + size_t plaintextlen; + + if ((rc =3D gnutls_cipher_init(&handle, gnutls_dec_alg, + &dec_key, &iv_buf)) < 0) { + virReportError(VIR_ERR_INTERNAL_ERROR, + _("failed to initialize cipher: '%1$s'"), + gnutls_strerror(rc)); + return -1; + } + + plaintext =3D g_memdup2(data, datalen); + plaintextlen =3D datalen; + if (plaintextlen =3D=3D 0) { + virReportError(VIR_ERR_INTERNAL_ERROR, "%s", + _("decrypted data has zero length")); + goto error; + } + rc =3D gnutls_cipher_decrypt(handle, plaintext, plaintextlen); + gnutls_cipher_deinit(handle); + if (rc < 0) { + virReportError(VIR_ERR_INTERNAL_ERROR, + _("failed to decrypt the data: '%1$s'"), + gnutls_strerror(rc)); + goto error; + } + /* Before encryption, padding is added to the data. + * The last byte indicates the padding length, because in PKCS#7, all + * padding bytes are set to the padding length value. + */ + padding_length =3D plaintext[plaintextlen - 1]; + if (padding_length > plaintextlen) { + virReportError(VIR_ERR_INVALID_SECRET, "%s", + _("decrypted data has invalid padding")); + goto error; + } + *plaintextlenret =3D plaintextlen - padding_length; + *plaintextret =3D g_steal_pointer(&plaintext); + return 0; + error: + virSecureErase(plaintext, plaintextlen); + return -1; +} + +/* virCryptoDecryptData: + * @algorithm: algorithm desired for decryption + * @deckey: decryption key + * @deckeylen: decryption key length + * @iv: initialization vector + * @ivlen: length of initialization vector + * @data: data to decrypt + * @datalen: length of data + * @plaintext: stream of bytes allocated to store plaintext + * @plaintextlen: size of the stream of bytes + * Returns 0 on success, -1 on failure with error set + */ +int +virCryptoDecryptData(virCryptoCipher algorithm, + uint8_t *deckey, + size_t deckeylen, + uint8_t *iv, + size_t ivlen, + uint8_t *data, + size_t datalen, + uint8_t **plaintext, + size_t *plaintextlen) +{ + switch (algorithm) { + case VIR_CRYPTO_CIPHER_AES256CBC: + if (deckeylen !=3D 32) { + virReportError(VIR_ERR_INVALID_ARG, + _("AES256CBC decryption invalid keylen=3D%1$zu= "), + deckeylen); + return -1; + } + if (ivlen !=3D 16) { + virReportError(VIR_ERR_INVALID_ARG, + _("AES256CBC initialization vector invalid len= =3D%1$zu"), + ivlen); + return -1; + } + return virCryptoDecryptDataAESgnutls(GNUTLS_CIPHER_AES_256_CBC, + deckey, deckeylen, iv, ivlen, + data, datalen, + plaintext, plaintextlen); + case VIR_CRYPTO_CIPHER_NONE: + case VIR_CRYPTO_CIPHER_LAST: + break; + } + + virReportError(VIR_ERR_INVALID_ARG, + _("algorithm=3D%1$d is not supported"), algorithm); + return -1; +} diff --git a/src/util/vircrypto.h b/src/util/vircrypto.h index 5f079ac335..2e8557839d 100644 --- a/src/util/vircrypto.h +++ b/src/util/vircrypto.h @@ -61,3 +61,11 @@ int virCryptoEncryptData(virCryptoCipher algorithm, uint8_t **ciphertext, size_t *ciphertextlen) ATTRIBUTE_NONNULL(2) ATTRIBUTE_NONNULL(6) ATTRIBUTE_NONNULL(8) ATTRIBUTE_NONNULL(9) G_GNUC_WARN_UNUSED_RESULT; + +int virCryptoDecryptData(virCryptoCipher algorithm, + uint8_t *deckey, size_t deckeylen, + uint8_t *iv, size_t ivlen, + uint8_t *data, size_t datalen, + uint8_t **plaintext, size_t *plaintextlen) + ATTRIBUTE_NONNULL(2) ATTRIBUTE_NONNULL(6) + ATTRIBUTE_NONNULL(8) ATTRIBUTE_NONNULL(9) G_GNUC_WARN_UNUSED_RESULT; diff --git a/tests/vircryptotest.c b/tests/vircryptotest.c index 9ffe70756e..864fa8838d 100644 --- a/tests/vircryptotest.c +++ b/tests/vircryptotest.c @@ -62,6 +62,14 @@ struct testCryptoEncryptData { size_t ciphertextlen; }; =20 +struct testCryptoDecryptData { + virCryptoCipher algorithm; + uint8_t *input; + size_t inputlen; + uint8_t *plaintext; + size_t plaintextlen; +}; + static int testCryptoEncrypt(const void *opaque) { @@ -101,6 +109,44 @@ testCryptoEncrypt(const void *opaque) return 0; } =20 +static int +testCryptoDecrypt(const void *opaque) +{ + const struct testCryptoDecryptData *data =3D opaque; + g_autofree uint8_t *deckey =3D NULL; + size_t deckeylen =3D 32; + g_autofree uint8_t *iv =3D NULL; + size_t ivlen =3D 16; + g_autofree uint8_t *plaintext =3D NULL; + size_t plaintextlen =3D 0; + + deckey =3D g_new0(uint8_t, deckeylen); + iv =3D g_new0(uint8_t, ivlen); + + if (virRandomBytes(deckey, deckeylen) < 0 || + virRandomBytes(iv, ivlen) < 0) { + fprintf(stderr, "Failed to generate random bytes\n"); + return -1; + } + + if (virCryptoDecryptData(data->algorithm, deckey, deckeylen, iv, ivlen, + data->input, data->inputlen, + &plaintext, &plaintextlen) < 0) + return -1; + + if (data->plaintextlen !=3D plaintextlen) { + fprintf(stderr, "Expected plaintexlen(%zu) doesn't match (%zu)\n", + data->plaintextlen, plaintextlen); + return -1; + } + + if (memcmp(data->plaintext, plaintext, plaintextlen)) { + fprintf(stderr, "Expected plaintext doesn't match\n"); + return -1; + } + + return 0; +} =20 static int mymain(void) @@ -155,7 +201,26 @@ mymain(void) =20 #undef VIR_CRYPTO_ENCRYPT =20 +#define VIR_CRYPTO_DECRYPT(a, n, i, il, c, cl) \ + do { \ + struct testCryptoDecryptData data =3D { \ + .algorithm =3D a, \ + .input =3D i, \ + .inputlen =3D il, \ + .plaintext =3D c, \ + .plaintextlen =3D cl, \ + }; \ + if (virTestRun("Decrypt " n, testCryptoDecrypt, &data) < 0) \ + ret =3D -1; \ + } while (0) + + VIR_CRYPTO_DECRYPT(VIR_CRYPTO_CIPHER_AES256CBC, "aes256cbc", + expected_ciphertext, 16, secretdata, 7); + +#undef VIR_CRYPTO_DECRYPT + return ret =3D=3D 0 ? EXIT_SUCCESS : EXIT_FAILURE; + } =20 /* Forces usage of not so random virRandomBytes */ --=20 2.51.1