From nobody Mon May 20 02:35:13 2024 Delivered-To: importer@patchew.org Authentication-Results: mx.zohomail.com; dkim=fail; spf=pass (zohomail.com: domain of gnu.org designates 209.51.188.17 as permitted sender) smtp.mailfrom=qemu-devel-bounces+importer=patchew.org@nongnu.org; dmarc=fail(p=none dis=none) header.from=redhat.com Return-Path: Received: from lists.gnu.org (lists.gnu.org [209.51.188.17]) by mx.zohomail.com with SMTPS id 1626271901599380.2953350442325; Wed, 14 Jul 2021 07:11:41 -0700 (PDT) Received: from localhost ([::1]:56684 helo=lists1p.gnu.org) by lists.gnu.org with esmtp (Exim 4.90_1) (envelope-from ) id 1m3fbw-0004nJ-DP for importer@patchew.org; Wed, 14 Jul 2021 10:11:40 -0400 Received: from eggs.gnu.org ([2001:470:142:3::10]:37522) by lists.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.90_1) (envelope-from ) id 1m3fZh-0001ln-0F for qemu-devel@nongnu.org; Wed, 14 Jul 2021 10:09:21 -0400 Received: from us-smtp-delivery-124.mimecast.com ([170.10.133.124]:29966) by eggs.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.90_1) (envelope-from ) id 1m3fZe-0006Un-FI for qemu-devel@nongnu.org; Wed, 14 Jul 2021 10:09:20 -0400 Received: from mimecast-mx01.redhat.com (mimecast-mx01.redhat.com [209.132.183.4]) (Using TLS) by relay.mimecast.com with ESMTP id us-mta-124-DauYFDnEP5yapwfl3GVQRQ-1; Wed, 14 Jul 2021 10:09:14 -0400 Received: from smtp.corp.redhat.com (int-mx01.intmail.prod.int.phx2.redhat.com [10.5.11.11]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by mimecast-mx01.redhat.com (Postfix) with ESMTPS id A19B21835AC9; Wed, 14 Jul 2021 14:09:13 +0000 (UTC) Received: from localhost.localdomain.com (ovpn-114-160.ams2.redhat.com [10.36.114.160]) by smtp.corp.redhat.com (Postfix) with ESMTP id 2145B2C016; Wed, 14 Jul 2021 14:09:10 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=redhat.com; s=mimecast20190719; t=1626271757; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:cc:mime-version:mime-version:content-type:content-type: content-transfer-encoding:content-transfer-encoding: in-reply-to:in-reply-to:references:references; bh=J/QssY+FhIEYHDs8mgNs2jmJcHzN/OKRRUeoPy0iiAY=; b=WgUL2c/aYPHBhjuLNltFrt20GucakV1Y+9LcW81E0aIJ30qBOLalTD5ds3ZcqI613HPSb5 KqHRSH92dxR/M3EHYN/wt93PdZVndOV2jHtYtLVr98DOg+DwboMBbyKwMV+y2TQiqYmWqn 9L+ltAIUkm7XHHt1Y/0mQQ0jkbLzG6E= X-MC-Unique: DauYFDnEP5yapwfl3GVQRQ-1 From: =?UTF-8?q?Daniel=20P=2E=20Berrang=C3=A9?= To: qemu-devel@nongnu.org Subject: [PULL 01/26] crypto: remove conditional around 3DES crypto test cases Date: Wed, 14 Jul 2021 15:08:33 +0100 Message-Id: <20210714140858.2247409-2-berrange@redhat.com> In-Reply-To: <20210714140858.2247409-1-berrange@redhat.com> References: <20210714140858.2247409-1-berrange@redhat.com> MIME-Version: 1.0 X-Scanned-By: MIMEDefang 2.79 on 10.5.11.11 Authentication-Results: relay.mimecast.com; auth=pass smtp.auth=CUSA124A263 smtp.mailfrom=berrange@redhat.com X-Mimecast-Spam-Score: 0 X-Mimecast-Originator: redhat.com Content-Type: text/plain; charset="utf-8" Content-Transfer-Encoding: quoted-printable Received-SPF: pass (zohomail.com: domain of gnu.org designates 209.51.188.17 as permitted sender) client-ip=209.51.188.17; envelope-from=qemu-devel-bounces+importer=patchew.org@nongnu.org; helo=lists.gnu.org; Received-SPF: pass client-ip=170.10.133.124; envelope-from=berrange@redhat.com; helo=us-smtp-delivery-124.mimecast.com X-Spam_score_int: -34 X-Spam_score: -3.5 X-Spam_bar: --- X-Spam_report: (-3.5 / 5.0 requ) BAYES_00=-1.9, DKIMWL_WL_HIGH=-0.699, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, RCVD_IN_DNSWL_LOW=-0.7, RCVD_IN_MSPIKE_H4=0.001, RCVD_IN_MSPIKE_WL=0.001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001 autolearn=ham autolearn_force=no X-Spam_action: no action X-BeenThere: qemu-devel@nongnu.org X-Mailman-Version: 2.1.23 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Cc: Eduardo Otubo , =?UTF-8?q?Daniel=20P=2E=20Berrang=C3=A9?= , Eduardo Habkost , Juan Quintela , Jason Wang , Richard Henderson , "Dr. David Alan Gilbert" , Markus Armbruster , Jiri Pirko , Gerd Hoffmann , Paolo Bonzini , Eric Blake Errors-To: qemu-devel-bounces+importer=patchew.org@nongnu.org Sender: "Qemu-devel" X-ZohoMail-DKIM: fail (Header signature does not verify) X-ZM-MESSAGEID: 1626272023215100001 The main method checks whether the cipher choice is supported at runtime, so there is no need for compile time conditions. Reviewed-by: Eric Blake Signed-off-by: Daniel P. Berrang=C3=A9 --- tests/unit/test-crypto-cipher.c | 2 -- 1 file changed, 2 deletions(-) diff --git a/tests/unit/test-crypto-cipher.c b/tests/unit/test-crypto-ciphe= r.c index 280319a223..fd0a8de34c 100644 --- a/tests/unit/test-crypto-cipher.c +++ b/tests/unit/test-crypto-cipher.c @@ -165,7 +165,6 @@ static QCryptoCipherTestData test_data[] =3D { "ffd29f1bb5596ad94ea2d8e6196b7f09" "30d8ed0bf2773af36dd82a6280c20926", }, -#if defined(CONFIG_NETTLE) || defined(CONFIG_GCRYPT) { /* Borrowed from linux-kernel crypto/testmgr.h */ .path =3D "/crypto/cipher/3des-cbc", @@ -283,7 +282,6 @@ static QCryptoCipherTestData test_data[] =3D { "407772c2ea0e3a7846b991b6e73d5142" "fd51b0c62c6313785ceefccfc4700034", }, -#endif { /* RFC 2144, Appendix B.1 */ .path =3D "/crypto/cipher/cast5-128", --=20 2.31.1 From nobody Mon May 20 02:35:13 2024 Delivered-To: importer@patchew.org Authentication-Results: mx.zohomail.com; dkim=fail; spf=pass (zohomail.com: domain of gnu.org designates 209.51.188.17 as permitted sender) smtp.mailfrom=qemu-devel-bounces+importer=patchew.org@nongnu.org; dmarc=fail(p=none dis=none) header.from=redhat.com Return-Path: Received: from lists.gnu.org (lists.gnu.org [209.51.188.17]) by mx.zohomail.com with SMTPS id 1626271898909705.9926729666953; Wed, 14 Jul 2021 07:11:38 -0700 (PDT) Received: from localhost ([::1]:56476 helo=lists1p.gnu.org) by lists.gnu.org with esmtp (Exim 4.90_1) (envelope-from ) id 1m3fbt-0004di-S9 for importer@patchew.org; Wed, 14 Jul 2021 10:11:37 -0400 Received: from eggs.gnu.org ([2001:470:142:3::10]:37532) by lists.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.90_1) (envelope-from ) id 1m3fZh-0001mv-NP for qemu-devel@nongnu.org; Wed, 14 Jul 2021 10:09:21 -0400 Received: from us-smtp-delivery-124.mimecast.com ([216.205.24.124]:20212) by eggs.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.90_1) (envelope-from ) id 1m3fZg-0006VU-4f for qemu-devel@nongnu.org; Wed, 14 Jul 2021 10:09:21 -0400 Received: from mimecast-mx01.redhat.com (mimecast-mx01.redhat.com [209.132.183.4]) (Using TLS) by relay.mimecast.com with ESMTP id us-mta-545-j9MtCLOuMJ-gYbLguIT9Xw-1; Wed, 14 Jul 2021 10:09:18 -0400 Received: from smtp.corp.redhat.com (int-mx01.intmail.prod.int.phx2.redhat.com [10.5.11.11]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by mimecast-mx01.redhat.com (Postfix) with ESMTPS id 15C8B804140; Wed, 14 Jul 2021 14:09:17 +0000 (UTC) Received: from localhost.localdomain.com (ovpn-114-160.ams2.redhat.com [10.36.114.160]) by smtp.corp.redhat.com (Postfix) with ESMTP id EB9ED69CB4; Wed, 14 Jul 2021 14:09:13 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=redhat.com; s=mimecast20190719; t=1626271759; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:cc:mime-version:mime-version:content-type:content-type: content-transfer-encoding:content-transfer-encoding: in-reply-to:in-reply-to:references:references; bh=2pEfCj7tJ6O3ajy12njk3cgZ4W3wxtHAU7diBNQpVqo=; b=eCYWzm3OdMSGPvvXC2e9QJJsmeVAe9AcDOh7ut7d0D6TY5aY9ErFgUTCC3cc3vFpzpEMqS vnYgnh5Wv0hB+6JyOsOiNi+93646bdCswM3slQWYFDT7cyn++Mf6BD55TSE6Mohevd42iS FiiJaX49J6u/g1gLKvBRM7cpqVLzy9M= X-MC-Unique: j9MtCLOuMJ-gYbLguIT9Xw-1 From: =?UTF-8?q?Daniel=20P=2E=20Berrang=C3=A9?= To: qemu-devel@nongnu.org Subject: [PULL 02/26] crypto: remove obsolete crypto test condition Date: Wed, 14 Jul 2021 15:08:34 +0100 Message-Id: <20210714140858.2247409-3-berrange@redhat.com> In-Reply-To: <20210714140858.2247409-1-berrange@redhat.com> References: <20210714140858.2247409-1-berrange@redhat.com> MIME-Version: 1.0 X-Scanned-By: MIMEDefang 2.79 on 10.5.11.11 Authentication-Results: relay.mimecast.com; auth=pass smtp.auth=CUSA124A263 smtp.mailfrom=berrange@redhat.com X-Mimecast-Spam-Score: 0 X-Mimecast-Originator: redhat.com Content-Type: text/plain; charset="utf-8" Content-Transfer-Encoding: quoted-printable Received-SPF: pass (zohomail.com: domain of gnu.org designates 209.51.188.17 as permitted sender) client-ip=209.51.188.17; envelope-from=qemu-devel-bounces+importer=patchew.org@nongnu.org; helo=lists.gnu.org; Received-SPF: pass client-ip=216.205.24.124; envelope-from=berrange@redhat.com; helo=us-smtp-delivery-124.mimecast.com X-Spam_score_int: -34 X-Spam_score: -3.5 X-Spam_bar: --- X-Spam_report: (-3.5 / 5.0 requ) BAYES_00=-1.9, DKIMWL_WL_HIGH=-0.699, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, RCVD_IN_DNSWL_LOW=-0.7, RCVD_IN_MSPIKE_H4=0.001, RCVD_IN_MSPIKE_WL=0.001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001 autolearn=ham autolearn_force=no X-Spam_action: no action X-BeenThere: qemu-devel@nongnu.org X-Mailman-Version: 2.1.23 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Cc: Eduardo Otubo , =?UTF-8?q?Daniel=20P=2E=20Berrang=C3=A9?= , Eduardo Habkost , Juan Quintela , Jason Wang , Richard Henderson , "Dr. David Alan Gilbert" , Markus Armbruster , Jiri Pirko , Gerd Hoffmann , Paolo Bonzini , Eric Blake Errors-To: qemu-devel-bounces+importer=patchew.org@nongnu.org Sender: "Qemu-devel" X-ZohoMail-DKIM: fail (Header signature does not verify) X-ZM-MESSAGEID: 1626272019864100001 Since we now require gcrypt >=3D 1.8.0, there is no need to exclude the pbkdf test case. Reviewed-by: Eric Blake Signed-off-by: Daniel P. Berrang=C3=A9 --- tests/unit/test-crypto-pbkdf.c | 5 +---- 1 file changed, 1 insertion(+), 4 deletions(-) diff --git a/tests/unit/test-crypto-pbkdf.c b/tests/unit/test-crypto-pbkdf.c index c50fd639d2..43c417f6b4 100644 --- a/tests/unit/test-crypto-pbkdf.c +++ b/tests/unit/test-crypto-pbkdf.c @@ -229,10 +229,8 @@ static QCryptoPbkdfTestData test_data[] =3D { }, =20 /* non-RFC misc test data */ -#ifdef CONFIG_NETTLE { - /* empty password test. - * Broken with libgcrypt <=3D 1.5.0, hence CONFIG_NETTLE */ + /* empty password test. */ .path =3D "/crypto/pbkdf/nonrfc/sha1/iter2", .hash =3D QCRYPTO_HASH_ALG_SHA1, .iterations =3D 2, @@ -244,7 +242,6 @@ static QCryptoPbkdfTestData test_data[] =3D { "\xbf\x03\xe1\x1c\x71\xca\x79\x4e\x07\x97", .nout =3D 20 }, -#endif { /* Password exceeds block size test */ .path =3D "/crypto/pbkdf/nonrfc/sha256/iter1200", --=20 2.31.1 From nobody Mon May 20 02:35:13 2024 Delivered-To: importer@patchew.org Authentication-Results: mx.zohomail.com; dkim=fail; spf=pass (zohomail.com: domain of gnu.org designates 209.51.188.17 as permitted sender) smtp.mailfrom=qemu-devel-bounces+importer=patchew.org@nongnu.org; dmarc=fail(p=none dis=none) header.from=redhat.com Return-Path: Received: from lists.gnu.org (lists.gnu.org [209.51.188.17]) by mx.zohomail.com with SMTPS id 1626272077834717.4765600770945; Wed, 14 Jul 2021 07:14:37 -0700 (PDT) Received: from localhost ([::1]:36904 helo=lists1p.gnu.org) by lists.gnu.org with esmtp (Exim 4.90_1) (envelope-from ) id 1m3fem-00022H-Mc for importer@patchew.org; Wed, 14 Jul 2021 10:14:36 -0400 Received: from eggs.gnu.org ([2001:470:142:3::10]:37548) by lists.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.90_1) (envelope-from ) id 1m3fZk-0001vA-7b for qemu-devel@nongnu.org; Wed, 14 Jul 2021 10:09:24 -0400 Received: from us-smtp-delivery-124.mimecast.com ([170.10.133.124]:52456) by eggs.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.90_1) (envelope-from ) id 1m3fZi-0006Xl-Me for qemu-devel@nongnu.org; Wed, 14 Jul 2021 10:09:23 -0400 Received: from mimecast-mx01.redhat.com (mimecast-mx01.redhat.com [209.132.183.4]) (Using TLS) by relay.mimecast.com with ESMTP id us-mta-218-njDFEMXVMlq4CDC-pN6psw-1; Wed, 14 Jul 2021 10:09:21 -0400 Received: from smtp.corp.redhat.com (int-mx01.intmail.prod.int.phx2.redhat.com [10.5.11.11]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by mimecast-mx01.redhat.com (Postfix) with ESMTPS id 28FDB10C1ADC; Wed, 14 Jul 2021 14:09:20 +0000 (UTC) Received: from localhost.localdomain.com (ovpn-114-160.ams2.redhat.com [10.36.114.160]) by smtp.corp.redhat.com (Postfix) with ESMTP id 62F8269CB4; Wed, 14 Jul 2021 14:09:17 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=redhat.com; s=mimecast20190719; t=1626271762; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:cc:mime-version:mime-version:content-type:content-type: content-transfer-encoding:content-transfer-encoding: in-reply-to:in-reply-to:references:references; bh=lIAbQ3KrD6G+4SachCT7rsnMB5ST91SX/LJCO+y76Xc=; b=T4qlwdV5+VkVxu6VkiooEKHgVxAgM2mU9EvLlW/GDI+LMearDpCPgwn7L5DdflrqAatopt wXvbPT2EWjBj51fO+F3OcCmxq2b6rndZiEXwd+8PLjkCnRVcDemp9U0XTy6MLnMUCKgiLj eqrdlB1LHoabdb0sP/Z5TmHhXYgBHso= X-MC-Unique: njDFEMXVMlq4CDC-pN6psw-1 From: =?UTF-8?q?Daniel=20P=2E=20Berrang=C3=A9?= To: qemu-devel@nongnu.org Subject: [PULL 03/26] crypto: skip essiv ivgen tests if AES+ECB isn't available Date: Wed, 14 Jul 2021 15:08:35 +0100 Message-Id: <20210714140858.2247409-4-berrange@redhat.com> In-Reply-To: <20210714140858.2247409-1-berrange@redhat.com> References: <20210714140858.2247409-1-berrange@redhat.com> MIME-Version: 1.0 X-Scanned-By: MIMEDefang 2.79 on 10.5.11.11 Authentication-Results: relay.mimecast.com; auth=pass smtp.auth=CUSA124A263 smtp.mailfrom=berrange@redhat.com X-Mimecast-Spam-Score: 0 X-Mimecast-Originator: redhat.com Content-Type: text/plain; charset="utf-8" Content-Transfer-Encoding: quoted-printable Received-SPF: pass (zohomail.com: domain of gnu.org designates 209.51.188.17 as permitted sender) client-ip=209.51.188.17; envelope-from=qemu-devel-bounces+importer=patchew.org@nongnu.org; helo=lists.gnu.org; Received-SPF: pass client-ip=170.10.133.124; envelope-from=berrange@redhat.com; helo=us-smtp-delivery-124.mimecast.com X-Spam_score_int: -34 X-Spam_score: -3.5 X-Spam_bar: --- X-Spam_report: (-3.5 / 5.0 requ) BAYES_00=-1.9, DKIMWL_WL_HIGH=-0.699, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, RCVD_IN_DNSWL_LOW=-0.7, RCVD_IN_MSPIKE_H4=0.001, RCVD_IN_MSPIKE_WL=0.001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001 autolearn=ham autolearn_force=no X-Spam_action: no action X-BeenThere: qemu-devel@nongnu.org X-Mailman-Version: 2.1.23 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Cc: Eduardo Otubo , =?UTF-8?q?Daniel=20P=2E=20Berrang=C3=A9?= , Eduardo Habkost , Juan Quintela , Jason Wang , Richard Henderson , "Dr. David Alan Gilbert" , Markus Armbruster , Jiri Pirko , Gerd Hoffmann , Paolo Bonzini , Eric Blake Errors-To: qemu-devel-bounces+importer=patchew.org@nongnu.org Sender: "Qemu-devel" X-ZohoMail-DKIM: fail (Header signature does not verify) X-ZM-MESSAGEID: 1626272199298100007 Reviewed-by: Eric Blake Signed-off-by: Daniel P. Berrang=C3=A9 --- tests/unit/test-crypto-ivgen.c | 14 +++++++++----- 1 file changed, 9 insertions(+), 5 deletions(-) diff --git a/tests/unit/test-crypto-ivgen.c b/tests/unit/test-crypto-ivgen.c index f581e6aba7..29630ed348 100644 --- a/tests/unit/test-crypto-ivgen.c +++ b/tests/unit/test-crypto-ivgen.c @@ -136,8 +136,15 @@ struct QCryptoIVGenTestData { static void test_ivgen(const void *opaque) { const struct QCryptoIVGenTestData *data =3D opaque; - uint8_t *iv =3D g_new0(uint8_t, data->niv); - QCryptoIVGen *ivgen =3D qcrypto_ivgen_new( + g_autofree uint8_t *iv =3D g_new0(uint8_t, data->niv); + g_autoptr(QCryptoIVGen) ivgen =3D NULL; + + if (!qcrypto_cipher_supports(data->cipheralg, + QCRYPTO_CIPHER_MODE_ECB)) { + return; + } + + ivgen =3D qcrypto_ivgen_new( data->ivalg, data->cipheralg, data->hashalg, @@ -152,9 +159,6 @@ static void test_ivgen(const void *opaque) &error_abort); =20 g_assert(memcmp(iv, data->iv, data->niv) =3D=3D 0); - - qcrypto_ivgen_free(ivgen); - g_free(iv); } =20 int main(int argc, char **argv) --=20 2.31.1 From nobody Mon May 20 02:35:13 2024 Delivered-To: importer@patchew.org Authentication-Results: mx.zohomail.com; dkim=fail; spf=pass (zohomail.com: domain of gnu.org designates 209.51.188.17 as permitted sender) smtp.mailfrom=qemu-devel-bounces+importer=patchew.org@nongnu.org; dmarc=fail(p=none dis=none) header.from=redhat.com Return-Path: Received: from lists.gnu.org (lists.gnu.org [209.51.188.17]) by mx.zohomail.com with SMTPS id 1626272346822191.08942561490016; Wed, 14 Jul 2021 07:19:06 -0700 (PDT) Received: from localhost ([::1]:51890 helo=lists1p.gnu.org) by lists.gnu.org with esmtp (Exim 4.90_1) (envelope-from ) id 1m3fj7-0003aB-Nf for importer@patchew.org; Wed, 14 Jul 2021 10:19:05 -0400 Received: from eggs.gnu.org ([2001:470:142:3::10]:37628) by lists.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.90_1) (envelope-from ) id 1m3fZu-0002KE-Tw for qemu-devel@nongnu.org; Wed, 14 Jul 2021 10:09:35 -0400 Received: from us-smtp-delivery-124.mimecast.com ([216.205.24.124]:40068) by eggs.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.90_1) (envelope-from ) id 1m3fZt-0006dt-1T for qemu-devel@nongnu.org; Wed, 14 Jul 2021 10:09:34 -0400 Received: from mimecast-mx01.redhat.com (mimecast-mx01.redhat.com [209.132.183.4]) (Using TLS) by relay.mimecast.com with ESMTP id us-mta-249-1W2E2xXyM868gqTCAp6Dyw-1; Wed, 14 Jul 2021 10:09:31 -0400 Received: from smtp.corp.redhat.com (int-mx01.intmail.prod.int.phx2.redhat.com [10.5.11.11]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by mimecast-mx01.redhat.com (Postfix) with ESMTPS id 4004D100C628; Wed, 14 Jul 2021 14:09:30 +0000 (UTC) Received: from localhost.localdomain.com (ovpn-114-160.ams2.redhat.com [10.36.114.160]) by smtp.corp.redhat.com (Postfix) with ESMTP id 7170218A50; Wed, 14 Jul 2021 14:09:20 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=redhat.com; s=mimecast20190719; t=1626271772; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:cc:mime-version:mime-version:content-type:content-type: content-transfer-encoding:content-transfer-encoding: in-reply-to:in-reply-to:references:references; bh=EiIpk5ZxdF0TwzFxs03/LOtIdn6zVA3nCPYm54XOxdY=; b=aO0Bu9e4W3YJk5qZwK+1sJU+KCrkLHcLVG36yKZMZAr3WbGqlQkZcpGaqiD27WvrxvKxJ/ jlfeYI8SkVEZizXGRLXBbwbFJkDrbL4xUTnwNiwU1AY5oEKDGkrEtEGemOyPG3LVh8q8ll tniqInJ/e9DTQMpJUAJgwH7gEZ/jPSM= X-MC-Unique: 1W2E2xXyM868gqTCAp6Dyw-1 From: =?UTF-8?q?Daniel=20P=2E=20Berrang=C3=A9?= To: qemu-devel@nongnu.org Subject: [PULL 04/26] crypto: use &error_fatal in crypto tests Date: Wed, 14 Jul 2021 15:08:36 +0100 Message-Id: <20210714140858.2247409-5-berrange@redhat.com> In-Reply-To: <20210714140858.2247409-1-berrange@redhat.com> References: <20210714140858.2247409-1-berrange@redhat.com> MIME-Version: 1.0 X-Scanned-By: MIMEDefang 2.79 on 10.5.11.11 Authentication-Results: relay.mimecast.com; auth=pass smtp.auth=CUSA124A263 smtp.mailfrom=berrange@redhat.com X-Mimecast-Spam-Score: 0 X-Mimecast-Originator: redhat.com Content-Type: text/plain; charset="utf-8" Content-Transfer-Encoding: quoted-printable Received-SPF: pass (zohomail.com: domain of gnu.org designates 209.51.188.17 as permitted sender) client-ip=209.51.188.17; envelope-from=qemu-devel-bounces+importer=patchew.org@nongnu.org; helo=lists.gnu.org; Received-SPF: pass client-ip=216.205.24.124; envelope-from=berrange@redhat.com; helo=us-smtp-delivery-124.mimecast.com X-Spam_score_int: -34 X-Spam_score: -3.5 X-Spam_bar: --- X-Spam_report: (-3.5 / 5.0 requ) BAYES_00=-1.9, DKIMWL_WL_HIGH=-0.699, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, RCVD_IN_DNSWL_LOW=-0.7, RCVD_IN_MSPIKE_H4=0.001, RCVD_IN_MSPIKE_WL=0.001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001 autolearn=ham autolearn_force=no X-Spam_action: no action X-BeenThere: qemu-devel@nongnu.org X-Mailman-Version: 2.1.23 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Cc: Eduardo Otubo , =?UTF-8?q?Daniel=20P=2E=20Berrang=C3=A9?= , Eduardo Habkost , Juan Quintela , Jason Wang , Richard Henderson , "Dr. David Alan Gilbert" , Markus Armbruster , Jiri Pirko , Gerd Hoffmann , Paolo Bonzini , Eric Blake Errors-To: qemu-devel-bounces+importer=patchew.org@nongnu.org Sender: "Qemu-devel" X-ZohoMail-DKIM: fail (Header signature does not verify) X-ZM-MESSAGEID: 1626272409382100001 Using error_fatal provides better diagnostics when tests failed, than using asserts, because we see the text of the error message. Reviewed-by: Eric Blake Signed-off-by: Daniel P. Berrang=C3=A9 --- tests/unit/test-crypto-hash.c | 13 +++++++------ tests/unit/test-crypto-hmac.c | 28 ++++++++-------------------- 2 files changed, 15 insertions(+), 26 deletions(-) diff --git a/tests/unit/test-crypto-hash.c b/tests/unit/test-crypto-hash.c index ce7d0ab9b5..1f4abb822b 100644 --- a/tests/unit/test-crypto-hash.c +++ b/tests/unit/test-crypto-hash.c @@ -104,7 +104,7 @@ static void test_hash_alloc(void) strlen(INPUT_TEXT), &result, &resultlen, - NULL); + &error_fatal); g_assert(ret =3D=3D 0); g_assert(resultlen =3D=3D expected_lens[i]); =20 @@ -139,7 +139,7 @@ static void test_hash_prealloc(void) strlen(INPUT_TEXT), &result, &resultlen, - NULL); + &error_fatal); g_assert(ret =3D=3D 0); =20 g_assert(resultlen =3D=3D expected_lens[i]); @@ -176,7 +176,7 @@ static void test_hash_iov(void) iov, 3, &result, &resultlen, - NULL); + &error_fatal); g_assert(ret =3D=3D 0); g_assert(resultlen =3D=3D expected_lens[i]); for (j =3D 0; j < resultlen; j++) { @@ -210,7 +210,7 @@ static void test_hash_digest(void) INPUT_TEXT, strlen(INPUT_TEXT), &digest, - NULL); + &error_fatal); g_assert(ret =3D=3D 0); g_assert_cmpstr(digest, =3D=3D, expected_outputs[i]); g_free(digest); @@ -234,7 +234,7 @@ static void test_hash_base64(void) INPUT_TEXT, strlen(INPUT_TEXT), &digest, - NULL); + &error_fatal); g_assert(ret =3D=3D 0); g_assert_cmpstr(digest, =3D=3D, expected_outputs_b64[i]); g_free(digest); @@ -243,7 +243,8 @@ static void test_hash_base64(void) =20 int main(int argc, char **argv) { - g_assert(qcrypto_init(NULL) =3D=3D 0); + int ret =3D qcrypto_init(&error_fatal); + g_assert(ret =3D=3D 0); =20 g_test_init(&argc, &argv, NULL); g_test_add_func("/crypto/hash/iov", test_hash_iov); diff --git a/tests/unit/test-crypto-hmac.c b/tests/unit/test-crypto-hmac.c index ee55382a3c..23eb724d94 100644 --- a/tests/unit/test-crypto-hmac.c +++ b/tests/unit/test-crypto-hmac.c @@ -89,7 +89,6 @@ static void test_hmac_alloc(void) QCryptoHmac *hmac =3D NULL; uint8_t *result =3D NULL; size_t resultlen =3D 0; - Error *err =3D NULL; const char *exp_output =3D NULL; int ret; size_t j; @@ -101,14 +100,12 @@ static void test_hmac_alloc(void) exp_output =3D data->hex_digest; =20 hmac =3D qcrypto_hmac_new(data->alg, (const uint8_t *)KEY, - strlen(KEY), &err); - g_assert(err =3D=3D NULL); + strlen(KEY), &error_fatal); g_assert(hmac !=3D NULL); =20 ret =3D qcrypto_hmac_bytes(hmac, (const char *)INPUT_TEXT, strlen(INPUT_TEXT), &result, - &resultlen, &err); - g_assert(err =3D=3D NULL); + &resultlen, &error_fatal); g_assert(ret =3D=3D 0); =20 for (j =3D 0; j < resultlen; j++) { @@ -131,7 +128,6 @@ static void test_hmac_prealloc(void) QCryptoHmac *hmac =3D NULL; uint8_t *result =3D NULL; size_t resultlen =3D 0; - Error *err =3D NULL; const char *exp_output =3D NULL; int ret; size_t j; @@ -146,14 +142,12 @@ static void test_hmac_prealloc(void) result =3D g_new0(uint8_t, resultlen); =20 hmac =3D qcrypto_hmac_new(data->alg, (const uint8_t *)KEY, - strlen(KEY), &err); - g_assert(err =3D=3D NULL); + strlen(KEY), &error_fatal); g_assert(hmac !=3D NULL); =20 ret =3D qcrypto_hmac_bytes(hmac, (const char *)INPUT_TEXT, strlen(INPUT_TEXT), &result, - &resultlen, &err); - g_assert(err =3D=3D NULL); + &resultlen, &error_fatal); g_assert(ret =3D=3D 0); =20 exp_output =3D data->hex_digest; @@ -177,7 +171,6 @@ static void test_hmac_iov(void) QCryptoHmac *hmac =3D NULL; uint8_t *result =3D NULL; size_t resultlen =3D 0; - Error *err =3D NULL; const char *exp_output =3D NULL; int ret; size_t j; @@ -194,13 +187,11 @@ static void test_hmac_iov(void) exp_output =3D data->hex_digest; =20 hmac =3D qcrypto_hmac_new(data->alg, (const uint8_t *)KEY, - strlen(KEY), &err); - g_assert(err =3D=3D NULL); + strlen(KEY), &error_fatal); g_assert(hmac !=3D NULL); =20 ret =3D qcrypto_hmac_bytesv(hmac, iov, 3, &result, - &resultlen, &err); - g_assert(err =3D=3D NULL); + &resultlen, &error_fatal); g_assert(ret =3D=3D 0); =20 for (j =3D 0; j < resultlen; j++) { @@ -222,7 +213,6 @@ static void test_hmac_digest(void) QCryptoHmacTestData *data =3D &test_data[i]; QCryptoHmac *hmac =3D NULL; uint8_t *result =3D NULL; - Error *err =3D NULL; const char *exp_output =3D NULL; int ret; =20 @@ -233,14 +223,12 @@ static void test_hmac_digest(void) exp_output =3D data->hex_digest; =20 hmac =3D qcrypto_hmac_new(data->alg, (const uint8_t *)KEY, - strlen(KEY), &err); - g_assert(err =3D=3D NULL); + strlen(KEY), &error_fatal); g_assert(hmac !=3D NULL); =20 ret =3D qcrypto_hmac_digest(hmac, (const char *)INPUT_TEXT, strlen(INPUT_TEXT), (char **)&result, - &err); - g_assert(err =3D=3D NULL); + &error_fatal); g_assert(ret =3D=3D 0); =20 g_assert_cmpstr((const char *)result, =3D=3D, exp_output); --=20 2.31.1 From nobody Mon May 20 02:35:13 2024 Delivered-To: importer@patchew.org Authentication-Results: mx.zohomail.com; dkim=fail; spf=pass (zohomail.com: domain of gnu.org designates 209.51.188.17 as permitted sender) smtp.mailfrom=qemu-devel-bounces+importer=patchew.org@nongnu.org; dmarc=fail(p=none dis=none) header.from=redhat.com Return-Path: Received: from lists.gnu.org (lists.gnu.org [209.51.188.17]) by mx.zohomail.com with SMTPS id 1626272076069105.08385202738214; Wed, 14 Jul 2021 07:14:36 -0700 (PDT) Received: from localhost ([::1]:36744 helo=lists1p.gnu.org) by lists.gnu.org with esmtp (Exim 4.90_1) (envelope-from ) id 1m3fek-0001vi-Tf for importer@patchew.org; Wed, 14 Jul 2021 10:14:34 -0400 Received: from eggs.gnu.org ([2001:470:142:3::10]:37670) by lists.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.90_1) (envelope-from ) id 1m3fZy-0002Tw-38 for qemu-devel@nongnu.org; Wed, 14 Jul 2021 10:09:38 -0400 Received: from us-smtp-delivery-124.mimecast.com ([216.205.24.124]:23066) by eggs.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.90_1) (envelope-from ) id 1m3fZw-0006fg-CE for qemu-devel@nongnu.org; Wed, 14 Jul 2021 10:09:37 -0400 Received: from mimecast-mx01.redhat.com (mimecast-mx01.redhat.com [209.132.183.4]) (Using TLS) by relay.mimecast.com with ESMTP id us-mta-229-43aUkieDMdG7aNRQnQbPPw-1; Wed, 14 Jul 2021 10:09:34 -0400 Received: from smtp.corp.redhat.com (int-mx01.intmail.prod.int.phx2.redhat.com [10.5.11.11]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by mimecast-mx01.redhat.com (Postfix) with ESMTPS id 2F7AF100C620; Wed, 14 Jul 2021 14:09:33 +0000 (UTC) Received: from localhost.localdomain.com (ovpn-114-160.ams2.redhat.com [10.36.114.160]) by smtp.corp.redhat.com (Postfix) with ESMTP id 86CF319C87; Wed, 14 Jul 2021 14:09:30 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=redhat.com; s=mimecast20190719; t=1626271775; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:cc:mime-version:mime-version:content-type:content-type: content-transfer-encoding:content-transfer-encoding: in-reply-to:in-reply-to:references:references; bh=8dJ/tLYHi9UB3LRgaug2qiIHxgx4VPxVzHrYqnFVxV8=; b=CtlhXtOUOMn6jk5WFyI7YXhF2Bu8xwCitzLG1OFIrRZ2HHBpJ5vUCJLrVpHzshWtLemSq5 SRTQfiPuDiIckhlAEzS9MFmdotxbyyF7HS1NKJ3GXwW7f0LaWwKCtZljxTJWAYEfZpLVsL VSgJasTa3XvG0fNyfHR445WKo2IRwCE= X-MC-Unique: 43aUkieDMdG7aNRQnQbPPw-1 From: =?UTF-8?q?Daniel=20P=2E=20Berrang=C3=A9?= To: qemu-devel@nongnu.org Subject: [PULL 05/26] crypto: fix gcrypt min version 1.8 regression Date: Wed, 14 Jul 2021 15:08:37 +0100 Message-Id: <20210714140858.2247409-6-berrange@redhat.com> In-Reply-To: <20210714140858.2247409-1-berrange@redhat.com> References: <20210714140858.2247409-1-berrange@redhat.com> MIME-Version: 1.0 X-Scanned-By: MIMEDefang 2.79 on 10.5.11.11 Authentication-Results: relay.mimecast.com; auth=pass smtp.auth=CUSA124A263 smtp.mailfrom=berrange@redhat.com X-Mimecast-Spam-Score: 0 X-Mimecast-Originator: redhat.com Content-Type: text/plain; charset="utf-8" Content-Transfer-Encoding: quoted-printable Received-SPF: pass (zohomail.com: domain of gnu.org designates 209.51.188.17 as permitted sender) client-ip=209.51.188.17; envelope-from=qemu-devel-bounces+importer=patchew.org@nongnu.org; helo=lists.gnu.org; Received-SPF: pass client-ip=216.205.24.124; envelope-from=berrange@redhat.com; helo=us-smtp-delivery-124.mimecast.com X-Spam_score_int: -34 X-Spam_score: -3.5 X-Spam_bar: --- X-Spam_report: (-3.5 / 5.0 requ) BAYES_00=-1.9, DKIMWL_WL_HIGH=-0.699, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, RCVD_IN_DNSWL_LOW=-0.7, RCVD_IN_MSPIKE_H4=0.001, RCVD_IN_MSPIKE_WL=0.001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001 autolearn=ham autolearn_force=no X-Spam_action: no action X-BeenThere: qemu-devel@nongnu.org X-Mailman-Version: 2.1.23 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Cc: Eduardo Otubo , =?UTF-8?q?Daniel=20P=2E=20Berrang=C3=A9?= , Eduardo Habkost , Juan Quintela , Jason Wang , Richard Henderson , "Dr. David Alan Gilbert" , Markus Armbruster , Jiri Pirko , Gerd Hoffmann , Paolo Bonzini , Eric Blake Errors-To: qemu-devel-bounces+importer=patchew.org@nongnu.org Sender: "Qemu-devel" X-ZohoMail-DKIM: fail (Header signature does not verify) X-ZM-MESSAGEID: 1626272198882100005 The min gcrypt was bumped: commit b33a84632a3759c00320fd80923aa963c11207fc Author: Daniel P. Berrang=C3=A9 Date: Fri May 14 13:04:08 2021 +0100 crypto: bump min gcrypt to 1.8.0, dropping RHEL-7 support but this was accidentally lost in conflict resolution for commit 5761251138cb69c310e9df7dfc82c4c6fd2444e4 Author: Paolo Bonzini Date: Thu Jun 3 11:15:26 2021 +0200 configure, meson: convert crypto detection to meson Reviewed-by: Eric Blake Signed-off-by: Daniel P. Berrang=C3=A9 --- meson.build | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/meson.build b/meson.build index b0e2b9a8a0..e7de68d795 100644 --- a/meson.build +++ b/meson.build @@ -839,7 +839,7 @@ elif (not get_option('nettle').auto() or have_system) a= nd not get_option('gcrypt endif endif if (not get_option('gcrypt').auto() or have_system) and not nettle.found() - gcrypt =3D dependency('libgcrypt', version: '>=3D1.5', + gcrypt =3D dependency('libgcrypt', version: '>=3D1.8', method: 'config-tool', required: get_option('gcrypt'), kwargs: static_kwargs) --=20 2.31.1 From nobody Mon May 20 02:35:13 2024 Delivered-To: importer@patchew.org Authentication-Results: mx.zohomail.com; dkim=fail; spf=pass (zohomail.com: domain of gnu.org designates 209.51.188.17 as permitted sender) smtp.mailfrom=qemu-devel-bounces+importer=patchew.org@nongnu.org; dmarc=fail(p=none dis=none) header.from=redhat.com Return-Path: Received: from lists.gnu.org (lists.gnu.org [209.51.188.17]) by mx.zohomail.com with SMTPS id 1626272485765481.71582472366083; Wed, 14 Jul 2021 07:21:25 -0700 (PDT) Received: from localhost ([::1]:60560 helo=lists1p.gnu.org) by lists.gnu.org with esmtp (Exim 4.90_1) (envelope-from ) id 1m3flM-0000wL-JI for importer@patchew.org; Wed, 14 Jul 2021 10:21:24 -0400 Received: from eggs.gnu.org ([2001:470:142:3::10]:37712) by lists.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.90_1) (envelope-from ) id 1m3fa3-0002co-Fc for qemu-devel@nongnu.org; Wed, 14 Jul 2021 10:09:43 -0400 Received: from us-smtp-delivery-124.mimecast.com ([216.205.24.124]:45699) by eggs.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.90_1) (envelope-from ) id 1m3fZz-0006hc-2A for qemu-devel@nongnu.org; Wed, 14 Jul 2021 10:09:43 -0400 Received: from mimecast-mx01.redhat.com (mimecast-mx01.redhat.com [209.132.183.4]) (Using TLS) by relay.mimecast.com with ESMTP id us-mta-561-LLxZukxeNeaZ56grPDzaiA-1; Wed, 14 Jul 2021 10:09:37 -0400 Received: from smtp.corp.redhat.com (int-mx01.intmail.prod.int.phx2.redhat.com [10.5.11.11]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by mimecast-mx01.redhat.com (Postfix) with ESMTPS id 3694FA40C1; Wed, 14 Jul 2021 14:09:36 +0000 (UTC) Received: from localhost.localdomain.com (ovpn-114-160.ams2.redhat.com [10.36.114.160]) by smtp.corp.redhat.com (Postfix) with ESMTP id 7C15969CB4; Wed, 14 Jul 2021 14:09:33 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=redhat.com; s=mimecast20190719; t=1626271778; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:cc:mime-version:mime-version:content-type:content-type: content-transfer-encoding:content-transfer-encoding: in-reply-to:in-reply-to:references:references; bh=L8BSeZLjpWBMuCHAN/znjs+zucu9uxIXQbcDw3HobHU=; b=g3XAr+oVub90/5mI4PKlYF7ozDm/GfvqZRps+F0FRwc1OuUWRCcHj8/qvwuwnFQt0ff5r5 JA9tJSKMg8RZwDsfEgUOy3nONjKqR6X4FJejjvuazT0CkwMvyIa9d4xQvbdDvmqaNC8Pvq b6plrRafF7ntT5b1d4vGxdIMLJXH/W4= X-MC-Unique: LLxZukxeNeaZ56grPDzaiA-1 From: =?UTF-8?q?Daniel=20P=2E=20Berrang=C3=A9?= To: qemu-devel@nongnu.org Subject: [PULL 06/26] crypto: drop gcrypt thread initialization code Date: Wed, 14 Jul 2021 15:08:38 +0100 Message-Id: <20210714140858.2247409-7-berrange@redhat.com> In-Reply-To: <20210714140858.2247409-1-berrange@redhat.com> References: <20210714140858.2247409-1-berrange@redhat.com> MIME-Version: 1.0 X-Scanned-By: MIMEDefang 2.79 on 10.5.11.11 Authentication-Results: relay.mimecast.com; auth=pass smtp.auth=CUSA124A263 smtp.mailfrom=berrange@redhat.com X-Mimecast-Spam-Score: 0 X-Mimecast-Originator: redhat.com Content-Type: text/plain; charset="utf-8" Content-Transfer-Encoding: quoted-printable Received-SPF: pass (zohomail.com: domain of gnu.org designates 209.51.188.17 as permitted sender) client-ip=209.51.188.17; envelope-from=qemu-devel-bounces+importer=patchew.org@nongnu.org; helo=lists.gnu.org; Received-SPF: pass client-ip=216.205.24.124; envelope-from=berrange@redhat.com; helo=us-smtp-delivery-124.mimecast.com X-Spam_score_int: -34 X-Spam_score: -3.5 X-Spam_bar: --- X-Spam_report: (-3.5 / 5.0 requ) BAYES_00=-1.9, DKIMWL_WL_HIGH=-0.699, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, RCVD_IN_DNSWL_LOW=-0.7, RCVD_IN_MSPIKE_H4=0.001, RCVD_IN_MSPIKE_WL=0.001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001 autolearn=ham autolearn_force=no X-Spam_action: no action X-BeenThere: qemu-devel@nongnu.org X-Mailman-Version: 2.1.23 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Cc: Eduardo Otubo , =?UTF-8?q?Daniel=20P=2E=20Berrang=C3=A9?= , Eduardo Habkost , Juan Quintela , Jason Wang , Richard Henderson , "Dr. David Alan Gilbert" , Markus Armbruster , Jiri Pirko , Gerd Hoffmann , Paolo Bonzini , Eric Blake Errors-To: qemu-devel-bounces+importer=patchew.org@nongnu.org Sender: "Qemu-devel" X-ZohoMail-DKIM: fail (Header signature does not verify) X-ZM-MESSAGEID: 1626272486844100001 This is only required on gcrypt < 1.6.0, and is thus obsolete since commit b33a84632a3759c00320fd80923aa963c11207fc Author: Daniel P. Berrang=C3=A9 Date: Fri May 14 13:04:08 2021 +0100 crypto: bump min gcrypt to 1.8.0, dropping RHEL-7 support Reviewed-by: Eric Blake Signed-off-by: Daniel P. Berrang=C3=A9 --- crypto/init.c | 62 --------------------------------------------------- 1 file changed, 62 deletions(-) diff --git a/crypto/init.c b/crypto/init.c index ea233b9192..fb7f1bff10 100644 --- a/crypto/init.c +++ b/crypto/init.c @@ -35,21 +35,6 @@ #include "crypto/random.h" =20 /* #define DEBUG_GNUTLS */ - -/* - * We need to init gcrypt threading if - * - * - gcrypt < 1.6.0 - * - */ - -#if (defined(CONFIG_GCRYPT) && \ - (GCRYPT_VERSION_NUMBER < 0x010600)) -#define QCRYPTO_INIT_GCRYPT_THREADS -#else -#undef QCRYPTO_INIT_GCRYPT_THREADS -#endif - #ifdef DEBUG_GNUTLS static void qcrypto_gnutls_log(int level, const char *str) { @@ -57,55 +42,8 @@ static void qcrypto_gnutls_log(int level, const char *st= r) } #endif =20 -#ifdef QCRYPTO_INIT_GCRYPT_THREADS -static int qcrypto_gcrypt_mutex_init(void **priv) -{ = \ - QemuMutex *lock =3D NULL; - lock =3D g_new0(QemuMutex, 1); - qemu_mutex_init(lock); - *priv =3D lock; - return 0; -} - -static int qcrypto_gcrypt_mutex_destroy(void **priv) -{ - QemuMutex *lock =3D *priv; - qemu_mutex_destroy(lock); - g_free(lock); - return 0; -} - -static int qcrypto_gcrypt_mutex_lock(void **priv) -{ - QemuMutex *lock =3D *priv; - qemu_mutex_lock(lock); - return 0; -} - -static int qcrypto_gcrypt_mutex_unlock(void **priv) -{ - QemuMutex *lock =3D *priv; - qemu_mutex_unlock(lock); - return 0; -} - -static struct gcry_thread_cbs qcrypto_gcrypt_thread_impl =3D { - (GCRY_THREAD_OPTION_PTHREAD | (GCRY_THREAD_OPTION_VERSION << 8)), - NULL, - qcrypto_gcrypt_mutex_init, - qcrypto_gcrypt_mutex_destroy, - qcrypto_gcrypt_mutex_lock, - qcrypto_gcrypt_mutex_unlock, - NULL, NULL, NULL, NULL, NULL, NULL, NULL, NULL -}; -#endif /* QCRYPTO_INIT_GCRYPT */ - int qcrypto_init(Error **errp) { -#ifdef QCRYPTO_INIT_GCRYPT_THREADS - gcry_control(GCRYCTL_SET_THREAD_CBS, &qcrypto_gcrypt_thread_impl); -#endif /* QCRYPTO_INIT_GCRYPT_THREADS */ - #ifdef CONFIG_GNUTLS int ret; ret =3D gnutls_global_init(); --=20 2.31.1 From nobody Mon May 20 02:35:13 2024 Delivered-To: importer@patchew.org Authentication-Results: mx.zohomail.com; dkim=fail; spf=pass (zohomail.com: domain of gnu.org designates 209.51.188.17 as permitted sender) smtp.mailfrom=qemu-devel-bounces+importer=patchew.org@nongnu.org; dmarc=fail(p=none dis=none) header.from=redhat.com Return-Path: Received: from lists.gnu.org (lists.gnu.org [209.51.188.17]) by mx.zohomail.com with SMTPS id 1626272025034742.3346144524035; Wed, 14 Jul 2021 07:13:45 -0700 (PDT) Received: from localhost ([::1]:34366 helo=lists1p.gnu.org) by lists.gnu.org with esmtp (Exim 4.90_1) (envelope-from ) id 1m3fdv-0000K7-Qr for importer@patchew.org; Wed, 14 Jul 2021 10:13:43 -0400 Received: from eggs.gnu.org ([2001:470:142:3::10]:37750) by lists.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.90_1) (envelope-from ) id 1m3fa5-0002ki-QA for qemu-devel@nongnu.org; Wed, 14 Jul 2021 10:09:45 -0400 Received: from us-smtp-delivery-124.mimecast.com ([170.10.133.124]:51994) by eggs.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.90_1) (envelope-from ) id 1m3fa3-0006jd-5g for qemu-devel@nongnu.org; Wed, 14 Jul 2021 10:09:45 -0400 Received: from mimecast-mx01.redhat.com (mimecast-mx01.redhat.com [209.132.183.4]) (Using TLS) by relay.mimecast.com with ESMTP id us-mta-66-_Na8GD7EPwW9rnFA5yth8w-1; Wed, 14 Jul 2021 10:09:40 -0400 Received: from smtp.corp.redhat.com (int-mx01.intmail.prod.int.phx2.redhat.com [10.5.11.11]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by mimecast-mx01.redhat.com (Postfix) with ESMTPS id D643C1835AC2; Wed, 14 Jul 2021 14:09:39 +0000 (UTC) Received: from localhost.localdomain.com (ovpn-114-160.ams2.redhat.com [10.36.114.160]) by smtp.corp.redhat.com (Postfix) with ESMTP id 6CA8219C87; Wed, 14 Jul 2021 14:09:36 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=redhat.com; s=mimecast20190719; t=1626271782; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:cc:mime-version:mime-version:content-type:content-type: content-transfer-encoding:content-transfer-encoding: in-reply-to:in-reply-to:references:references; bh=yHfMrtKP8qsKhWs9RV7wgA0BFU6cKeAAq4UM1pnDqgU=; b=XopIDgUdiJzdL2iIkA2NFkMSdng54lAZUzwcsr7m5YMkTR3NWoNsSeMKgZQ3pRrbx4Elwb R30rd8kSZKlFQUp7K/6cDvORPXVCqM0/j3yLrE0RNuIQmZpCsgsdCcTXNNYHf+arcyzWpt 99tztRdugPhBiTHVhOEoTosTgkOEPag= X-MC-Unique: _Na8GD7EPwW9rnFA5yth8w-1 From: =?UTF-8?q?Daniel=20P=2E=20Berrang=C3=A9?= To: qemu-devel@nongnu.org Subject: [PULL 07/26] crypto: drop custom XTS support in gcrypt driver Date: Wed, 14 Jul 2021 15:08:39 +0100 Message-Id: <20210714140858.2247409-8-berrange@redhat.com> In-Reply-To: <20210714140858.2247409-1-berrange@redhat.com> References: <20210714140858.2247409-1-berrange@redhat.com> MIME-Version: 1.0 X-Scanned-By: MIMEDefang 2.79 on 10.5.11.11 Authentication-Results: relay.mimecast.com; auth=pass smtp.auth=CUSA124A263 smtp.mailfrom=berrange@redhat.com X-Mimecast-Spam-Score: 0 X-Mimecast-Originator: redhat.com Content-Type: text/plain; charset="utf-8" Content-Transfer-Encoding: quoted-printable Received-SPF: pass (zohomail.com: domain of gnu.org designates 209.51.188.17 as permitted sender) client-ip=209.51.188.17; envelope-from=qemu-devel-bounces+importer=patchew.org@nongnu.org; helo=lists.gnu.org; Received-SPF: pass client-ip=170.10.133.124; envelope-from=berrange@redhat.com; helo=us-smtp-delivery-124.mimecast.com X-Spam_score_int: -34 X-Spam_score: -3.5 X-Spam_bar: --- X-Spam_report: (-3.5 / 5.0 requ) BAYES_00=-1.9, DKIMWL_WL_HIGH=-0.699, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, RCVD_IN_DNSWL_LOW=-0.7, RCVD_IN_MSPIKE_H4=0.001, RCVD_IN_MSPIKE_WL=0.001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001 autolearn=ham autolearn_force=no X-Spam_action: no action X-BeenThere: qemu-devel@nongnu.org X-Mailman-Version: 2.1.23 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Cc: Eduardo Otubo , =?UTF-8?q?Daniel=20P=2E=20Berrang=C3=A9?= , Eduardo Habkost , Juan Quintela , Jason Wang , Richard Henderson , "Dr. David Alan Gilbert" , Markus Armbruster , Jiri Pirko , Gerd Hoffmann , Paolo Bonzini , Eric Blake Errors-To: qemu-devel-bounces+importer=patchew.org@nongnu.org Sender: "Qemu-devel" X-ZohoMail-DKIM: fail (Header signature does not verify) X-ZM-MESSAGEID: 1626272147542100001 The XTS cipher mode was introduced in gcrypt 1.8.0, which matches QEMU's current minimum version. Reviewed-by: Eric Blake Signed-off-by: Daniel P. Berrang=C3=A9 --- crypto/cipher-gcrypt.c.inc | 127 ------------------------------------- meson.build | 14 +--- 2 files changed, 1 insertion(+), 140 deletions(-) diff --git a/crypto/cipher-gcrypt.c.inc b/crypto/cipher-gcrypt.c.inc index 42d4137534..3aab08a1a9 100644 --- a/crypto/cipher-gcrypt.c.inc +++ b/crypto/cipher-gcrypt.c.inc @@ -18,10 +18,6 @@ * */ =20 -#ifdef CONFIG_QEMU_PRIVATE_XTS -#include "crypto/xts.h" -#endif - #include =20 bool qcrypto_cipher_supports(QCryptoCipherAlgorithm alg, @@ -59,10 +55,6 @@ typedef struct QCryptoCipherGcrypt { QCryptoCipher base; gcry_cipher_hd_t handle; size_t blocksize; -#ifdef CONFIG_QEMU_PRIVATE_XTS - gcry_cipher_hd_t tweakhandle; - uint8_t iv[XTS_BLOCK_SIZE]; -#endif } QCryptoCipherGcrypt; =20 =20 @@ -178,90 +170,6 @@ static const struct QCryptoCipherDriver qcrypto_gcrypt= _ctr_driver =3D { .cipher_free =3D qcrypto_gcrypt_ctx_free, }; =20 -#ifdef CONFIG_QEMU_PRIVATE_XTS -static void qcrypto_gcrypt_xts_ctx_free(QCryptoCipher *cipher) -{ - QCryptoCipherGcrypt *ctx =3D container_of(cipher, QCryptoCipherGcrypt,= base); - - gcry_cipher_close(ctx->tweakhandle); - qcrypto_gcrypt_ctx_free(cipher); -} - -static void qcrypto_gcrypt_xts_wrape(const void *ctx, size_t length, - uint8_t *dst, const uint8_t *src) -{ - gcry_error_t err; - err =3D gcry_cipher_encrypt((gcry_cipher_hd_t)ctx, dst, length, src, l= ength); - g_assert(err =3D=3D 0); -} - -static void qcrypto_gcrypt_xts_wrapd(const void *ctx, size_t length, - uint8_t *dst, const uint8_t *src) -{ - gcry_error_t err; - err =3D gcry_cipher_decrypt((gcry_cipher_hd_t)ctx, dst, length, src, l= ength); - g_assert(err =3D=3D 0); -} - -static int qcrypto_gcrypt_xts_encrypt(QCryptoCipher *cipher, const void *i= n, - void *out, size_t len, Error **errp) -{ - QCryptoCipherGcrypt *ctx =3D container_of(cipher, QCryptoCipherGcrypt,= base); - - if (len & (ctx->blocksize - 1)) { - error_setg(errp, "Length %zu must be a multiple of block size %zu", - len, ctx->blocksize); - return -1; - } - - xts_encrypt(ctx->handle, ctx->tweakhandle, - qcrypto_gcrypt_xts_wrape, qcrypto_gcrypt_xts_wrapd, - ctx->iv, len, out, in); - return 0; -} - -static int qcrypto_gcrypt_xts_decrypt(QCryptoCipher *cipher, const void *i= n, - void *out, size_t len, Error **errp) -{ - QCryptoCipherGcrypt *ctx =3D container_of(cipher, QCryptoCipherGcrypt,= base); - - if (len & (ctx->blocksize - 1)) { - error_setg(errp, "Length %zu must be a multiple of block size %zu", - len, ctx->blocksize); - return -1; - } - - xts_decrypt(ctx->handle, ctx->tweakhandle, - qcrypto_gcrypt_xts_wrape, qcrypto_gcrypt_xts_wrapd, - ctx->iv, len, out, in); - return 0; -} - -static int qcrypto_gcrypt_xts_setiv(QCryptoCipher *cipher, - const uint8_t *iv, size_t niv, - Error **errp) -{ - QCryptoCipherGcrypt *ctx =3D container_of(cipher, QCryptoCipherGcrypt,= base); - - if (niv !=3D ctx->blocksize) { - error_setg(errp, "Expected IV size %zu not %zu", - ctx->blocksize, niv); - return -1; - } - - memcpy(ctx->iv, iv, niv); - return 0; -} - -static const struct QCryptoCipherDriver qcrypto_gcrypt_xts_driver =3D { - .cipher_encrypt =3D qcrypto_gcrypt_xts_encrypt, - .cipher_decrypt =3D qcrypto_gcrypt_xts_decrypt, - .cipher_setiv =3D qcrypto_gcrypt_xts_setiv, - .cipher_free =3D qcrypto_gcrypt_xts_ctx_free, -}; -#endif /* CONFIG_QEMU_PRIVATE_XTS */ - - static QCryptoCipher *qcrypto_cipher_ctx_new(QCryptoCipherAlgorithm alg, QCryptoCipherMode mode, const uint8_t *key, @@ -323,12 +231,7 @@ static QCryptoCipher *qcrypto_cipher_ctx_new(QCryptoCi= pherAlgorithm alg, gcrymode =3D GCRY_CIPHER_MODE_ECB; break; case QCRYPTO_CIPHER_MODE_XTS: -#ifdef CONFIG_QEMU_PRIVATE_XTS - drv =3D &qcrypto_gcrypt_xts_driver; - gcrymode =3D GCRY_CIPHER_MODE_ECB; -#else gcrymode =3D GCRY_CIPHER_MODE_XTS; -#endif break; case QCRYPTO_CIPHER_MODE_CBC: gcrymode =3D GCRY_CIPHER_MODE_CBC; @@ -354,23 +257,6 @@ static QCryptoCipher *qcrypto_cipher_ctx_new(QCryptoCi= pherAlgorithm alg, } ctx->blocksize =3D gcry_cipher_get_algo_blklen(gcryalg); =20 -#ifdef CONFIG_QEMU_PRIVATE_XTS - if (mode =3D=3D QCRYPTO_CIPHER_MODE_XTS) { - if (ctx->blocksize !=3D XTS_BLOCK_SIZE) { - error_setg(errp, - "Cipher block size %zu must equal XTS block size %d= ", - ctx->blocksize, XTS_BLOCK_SIZE); - goto error; - } - err =3D gcry_cipher_open(&ctx->tweakhandle, gcryalg, gcrymode, 0); - if (err !=3D 0) { - error_setg(errp, "Cannot initialize cipher: %s", - gcry_strerror(err)); - goto error; - } - } -#endif - if (alg =3D=3D QCRYPTO_CIPHER_ALG_DES_RFB) { /* We're using standard DES cipher from gcrypt, so we need * to munge the key so that the results are the same as the @@ -380,16 +266,6 @@ static QCryptoCipher *qcrypto_cipher_ctx_new(QCryptoCi= pherAlgorithm alg, err =3D gcry_cipher_setkey(ctx->handle, rfbkey, nkey); g_free(rfbkey); } else { -#ifdef CONFIG_QEMU_PRIVATE_XTS - if (mode =3D=3D QCRYPTO_CIPHER_MODE_XTS) { - nkey /=3D 2; - err =3D gcry_cipher_setkey(ctx->tweakhandle, key + nkey, nkey); - if (err !=3D 0) { - error_setg(errp, "Cannot set key: %s", gcry_strerror(err)); - goto error; - } - } -#endif err =3D gcry_cipher_setkey(ctx->handle, key, nkey); } if (err !=3D 0) { @@ -400,9 +276,6 @@ static QCryptoCipher *qcrypto_cipher_ctx_new(QCryptoCip= herAlgorithm alg, return &ctx->base; =20 error: -#ifdef CONFIG_QEMU_PRIVATE_XTS - gcry_cipher_close(ctx->tweakhandle); -#endif gcry_cipher_close(ctx->handle); g_free(ctx); return NULL; diff --git a/meson.build b/meson.build index e7de68d795..a96c8b858c 100644 --- a/meson.build +++ b/meson.build @@ -843,16 +843,7 @@ if (not get_option('gcrypt').auto() or have_system) an= d not nettle.found() method: 'config-tool', required: get_option('gcrypt'), kwargs: static_kwargs) - if gcrypt.found() and cc.compiles(''' - #include - int main(void) { - gcry_cipher_hd_t handle; - gcry_cipher_open(&handle, GCRY_CIPHER_AES, GCRY_CIPHER_MODE_XTS, 0); - return 0; - } - ''', dependencies: gcrypt) - xts =3D 'gcrypt' - endif + xts =3D 'gcrypt' # Debian has removed -lgpg-error from libgcrypt-config # as it "spreads unnecessary dependencies" which in # turn breaks static builds... @@ -2970,9 +2961,6 @@ summary_info +=3D {'TLS priority': config_host['= CONFIG_TLS_PRIORITY']} summary_info +=3D {'GNUTLS support': gnutls.found()} # TODO: add back version summary_info +=3D {'libgcrypt': gcrypt.found()} -if gcrypt.found() - summary_info +=3D {' XTS': xts !=3D 'private'} -endif # TODO: add back version summary_info +=3D {'nettle': nettle.found()} if nettle.found() --=20 2.31.1 From nobody Mon May 20 02:35:13 2024 Delivered-To: importer@patchew.org Authentication-Results: mx.zohomail.com; dkim=fail; spf=pass (zohomail.com: domain of gnu.org designates 209.51.188.17 as permitted sender) smtp.mailfrom=qemu-devel-bounces+importer=patchew.org@nongnu.org; dmarc=fail(p=none dis=none) header.from=redhat.com Return-Path: Received: from lists.gnu.org (lists.gnu.org [209.51.188.17]) by mx.zohomail.com with SMTPS id 1626272097830347.3125824466124; Wed, 14 Jul 2021 07:14:57 -0700 (PDT) Received: from localhost ([::1]:38836 helo=lists1p.gnu.org) by lists.gnu.org with esmtp (Exim 4.90_1) (envelope-from ) id 1m3ff6-0003J8-O1 for importer@patchew.org; Wed, 14 Jul 2021 10:14:56 -0400 Received: from eggs.gnu.org ([2001:470:142:3::10]:37784) by lists.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.90_1) (envelope-from ) id 1m3faG-0003Ag-2J for qemu-devel@nongnu.org; Wed, 14 Jul 2021 10:09:56 -0400 Received: from us-smtp-delivery-124.mimecast.com ([216.205.24.124]:46749) by eggs.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.90_1) (envelope-from ) id 1m3faD-0006rc-Tm for qemu-devel@nongnu.org; Wed, 14 Jul 2021 10:09:55 -0400 Received: from mimecast-mx01.redhat.com (mimecast-mx01.redhat.com [209.132.183.4]) (Using TLS) by relay.mimecast.com with ESMTP id us-mta-505-QD23vXSGP1S0JfB0BGxiYA-1; Wed, 14 Jul 2021 10:09:51 -0400 Received: from smtp.corp.redhat.com (int-mx01.intmail.prod.int.phx2.redhat.com [10.5.11.11]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by mimecast-mx01.redhat.com (Postfix) with ESMTPS id 29D4F1023F40; Wed, 14 Jul 2021 14:09:50 +0000 (UTC) Received: from localhost.localdomain.com (ovpn-114-160.ams2.redhat.com [10.36.114.160]) by smtp.corp.redhat.com (Postfix) with ESMTP id 4112A60583; Wed, 14 Jul 2021 14:09:40 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=redhat.com; s=mimecast20190719; t=1626271793; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:cc:mime-version:mime-version:content-type:content-type: content-transfer-encoding:content-transfer-encoding: in-reply-to:in-reply-to:references:references; bh=yuijaGsrrKHF5U6H3x1r7TRHe5ZdnYoXcJTuAQYTGKI=; b=Ie7ojZDjdN0pVYjNyhGziYAED73ufMXHmpdavLYkb1AaD+EcnvkuZ4ipazC2+h3mXPE7JO bS4bivc/NzAXWD/LHcK/nkVSIjT2xFf78PfjGza5f0hwyYx69wx+5I2RJDQ9/IhI+0QQdX jllYuXILtlxKcxSpRKHpq/OxWBoL2W8= X-MC-Unique: QD23vXSGP1S0JfB0BGxiYA-1 From: =?UTF-8?q?Daniel=20P=2E=20Berrang=C3=A9?= To: qemu-devel@nongnu.org Subject: [PULL 08/26] crypto: add crypto tests for single block DES-ECB and DES-CBC Date: Wed, 14 Jul 2021 15:08:40 +0100 Message-Id: <20210714140858.2247409-9-berrange@redhat.com> In-Reply-To: <20210714140858.2247409-1-berrange@redhat.com> References: <20210714140858.2247409-1-berrange@redhat.com> MIME-Version: 1.0 X-Scanned-By: MIMEDefang 2.79 on 10.5.11.11 Authentication-Results: relay.mimecast.com; auth=pass smtp.auth=CUSA124A263 smtp.mailfrom=berrange@redhat.com X-Mimecast-Spam-Score: 0 X-Mimecast-Originator: redhat.com Content-Type: text/plain; charset="utf-8" Content-Transfer-Encoding: quoted-printable Received-SPF: pass (zohomail.com: domain of gnu.org designates 209.51.188.17 as permitted sender) client-ip=209.51.188.17; envelope-from=qemu-devel-bounces+importer=patchew.org@nongnu.org; helo=lists.gnu.org; Received-SPF: pass client-ip=216.205.24.124; envelope-from=berrange@redhat.com; helo=us-smtp-delivery-124.mimecast.com X-Spam_score_int: -34 X-Spam_score: -3.5 X-Spam_bar: --- X-Spam_report: (-3.5 / 5.0 requ) BAYES_00=-1.9, DKIMWL_WL_HIGH=-0.699, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, RCVD_IN_DNSWL_LOW=-0.7, RCVD_IN_MSPIKE_H4=0.001, RCVD_IN_MSPIKE_WL=0.001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001 autolearn=ham autolearn_force=no X-Spam_action: no action X-BeenThere: qemu-devel@nongnu.org X-Mailman-Version: 2.1.23 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Cc: Eduardo Otubo , =?UTF-8?q?Daniel=20P=2E=20Berrang=C3=A9?= , Eduardo Habkost , Juan Quintela , Jason Wang , Richard Henderson , "Dr. David Alan Gilbert" , Markus Armbruster , Jiri Pirko , Gerd Hoffmann , Paolo Bonzini , Eric Blake Errors-To: qemu-devel-bounces+importer=patchew.org@nongnu.org Sender: "Qemu-devel" X-ZohoMail-DKIM: fail (Header signature does not verify) X-ZM-MESSAGEID: 1626272218767100001 The GNUTLS crypto provider doesn't support DES-ECB, only DES-CBC. We can use the latter to simulate the former, if we encrypt only 1 block (8 bytes) of data at a time, using an all-zeros IV. This is a very inefficient way to use the QCryptoCipher APIs, but since the VNC authentication challenge is only 16 bytes, this is acceptable. No other part of QEMU should be using DES. This test case demonstrates the equivalence of ECB and CBC for the single-block case. Signed-off-by: Daniel P. Berrang=C3=A9 --- tests/unit/test-crypto-cipher.c | 23 +++++++++++++++++++++++ 1 file changed, 23 insertions(+) diff --git a/tests/unit/test-crypto-cipher.c b/tests/unit/test-crypto-ciphe= r.c index fd0a8de34c..7dca7b26e4 100644 --- a/tests/unit/test-crypto-cipher.c +++ b/tests/unit/test-crypto-cipher.c @@ -149,6 +149,29 @@ static QCryptoCipherTestData test_data[] =3D { "39f23369a9d9bacfa530e26304231461" "b2eb05e2c39be9fcda6c19078c6a9d1b", }, + { + /* + * Testing 'password' as plaintext fits + * in single AES block, and gives identical + * ciphertext in ECB and CBC modes + */ + .path =3D "/crypto/cipher/des-rfb-ecb-56-one-block", + .alg =3D QCRYPTO_CIPHER_ALG_DES_RFB, + .mode =3D QCRYPTO_CIPHER_MODE_ECB, + .key =3D "0123456789abcdef", + .plaintext =3D "70617373776f7264", + .ciphertext =3D "73fa80b66134e403", + }, + { + /* See previous comment */ + .path =3D "/crypto/cipher/des-rfb-cbc-56-one-block", + .alg =3D QCRYPTO_CIPHER_ALG_DES_RFB, + .mode =3D QCRYPTO_CIPHER_MODE_CBC, + .key =3D "0123456789abcdef", + .iv =3D "0000000000000000", + .plaintext =3D "70617373776f7264", + .ciphertext =3D "73fa80b66134e403", + }, { .path =3D "/crypto/cipher/des-rfb-ecb-56", .alg =3D QCRYPTO_CIPHER_ALG_DES_RFB, --=20 2.31.1 From nobody Mon May 20 02:35:13 2024 Delivered-To: importer@patchew.org Authentication-Results: mx.zohomail.com; dkim=fail; spf=pass (zohomail.com: domain of gnu.org designates 209.51.188.17 as permitted sender) smtp.mailfrom=qemu-devel-bounces+importer=patchew.org@nongnu.org; dmarc=fail(p=none dis=none) header.from=redhat.com Return-Path: Received: from lists.gnu.org (lists.gnu.org [209.51.188.17]) by mx.zohomail.com with SMTPS id 1626272630432434.0686132246245; Wed, 14 Jul 2021 07:23:50 -0700 (PDT) Received: from localhost ([::1]:41134 helo=lists1p.gnu.org) by lists.gnu.org with esmtp (Exim 4.90_1) (envelope-from ) id 1m3fnh-0006uI-6G for importer@patchew.org; Wed, 14 Jul 2021 10:23:49 -0400 Received: from eggs.gnu.org ([2001:470:142:3::10]:37816) by lists.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.90_1) (envelope-from ) id 1m3faJ-0003Nk-QK for qemu-devel@nongnu.org; Wed, 14 Jul 2021 10:09:59 -0400 Received: from us-smtp-delivery-124.mimecast.com ([170.10.133.124]:59941) by eggs.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.90_1) (envelope-from ) id 1m3faG-0006tN-PW for qemu-devel@nongnu.org; Wed, 14 Jul 2021 10:09:59 -0400 Received: from mimecast-mx01.redhat.com (mimecast-mx01.redhat.com [209.132.183.4]) (Using TLS) by relay.mimecast.com with ESMTP id us-mta-386-74DbIpDsNBqExSCsNpzTxA-1; Wed, 14 Jul 2021 10:09:55 -0400 Received: from smtp.corp.redhat.com (int-mx01.intmail.prod.int.phx2.redhat.com [10.5.11.11]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by mimecast-mx01.redhat.com (Postfix) with ESMTPS id C48B3801107; Wed, 14 Jul 2021 14:09:53 +0000 (UTC) Received: from localhost.localdomain.com (ovpn-114-160.ams2.redhat.com [10.36.114.160]) by smtp.corp.redhat.com (Postfix) with ESMTP id 7BA5069CB4; Wed, 14 Jul 2021 14:09:50 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=redhat.com; s=mimecast20190719; t=1626271796; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:cc:mime-version:mime-version:content-type:content-type: content-transfer-encoding:content-transfer-encoding: in-reply-to:in-reply-to:references:references; bh=bUDXNZeHtEXlluYMrjWRSW7Mg/H+OplDoGzEFHmRrbk=; b=EjlXKVdAdN2DUGAAM/hBmcfSCSF34/mtAHptk4qWIvVw+AFAtJyOz1mImb4w8CY7tK8rRe 5PXlwCcj1oVlXJHygGbMhvfVxf4akGnTItqwxVpx5fVF9rlxJMKCRvP495Zxe33tKA/y8Y qNtLEusIT7DyCuEAYqyIO05N9AuUm2c= X-MC-Unique: 74DbIpDsNBqExSCsNpzTxA-1 From: =?UTF-8?q?Daniel=20P=2E=20Berrang=C3=A9?= To: qemu-devel@nongnu.org Subject: [PULL 09/26] crypto: delete built-in DES implementation Date: Wed, 14 Jul 2021 15:08:41 +0100 Message-Id: <20210714140858.2247409-10-berrange@redhat.com> In-Reply-To: <20210714140858.2247409-1-berrange@redhat.com> References: <20210714140858.2247409-1-berrange@redhat.com> MIME-Version: 1.0 X-Scanned-By: MIMEDefang 2.79 on 10.5.11.11 Authentication-Results: relay.mimecast.com; auth=pass smtp.auth=CUSA124A263 smtp.mailfrom=berrange@redhat.com X-Mimecast-Spam-Score: 0 X-Mimecast-Originator: redhat.com Content-Type: text/plain; charset="utf-8" Content-Transfer-Encoding: quoted-printable Received-SPF: pass (zohomail.com: domain of gnu.org designates 209.51.188.17 as permitted sender) client-ip=209.51.188.17; envelope-from=qemu-devel-bounces+importer=patchew.org@nongnu.org; helo=lists.gnu.org; Received-SPF: pass client-ip=170.10.133.124; envelope-from=berrange@redhat.com; helo=us-smtp-delivery-124.mimecast.com X-Spam_score_int: -34 X-Spam_score: -3.5 X-Spam_bar: --- X-Spam_report: (-3.5 / 5.0 requ) BAYES_00=-1.9, DKIMWL_WL_HIGH=-0.699, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, RCVD_IN_DNSWL_LOW=-0.7, RCVD_IN_MSPIKE_H4=0.001, RCVD_IN_MSPIKE_WL=0.001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001 autolearn=ham autolearn_force=no X-Spam_action: no action X-BeenThere: qemu-devel@nongnu.org X-Mailman-Version: 2.1.23 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Cc: Eduardo Otubo , =?UTF-8?q?Daniel=20P=2E=20Berrang=C3=A9?= , Eduardo Habkost , Juan Quintela , Jason Wang , Richard Henderson , "Dr. David Alan Gilbert" , Markus Armbruster , Jiri Pirko , Gerd Hoffmann , Paolo Bonzini , Eric Blake Errors-To: qemu-devel-bounces+importer=patchew.org@nongnu.org Sender: "Qemu-devel" X-ZohoMail-DKIM: fail (Header signature does not verify) X-ZM-MESSAGEID: 1626272631899100001 The built-in DES implementation is used for the VNC server password authentication scheme. When building system emulators it is reasonable to expect that an external crypto library is being used. It is thus not worth keeping a home grown DES implementation in tree. Reviewed-by: Eric Blake Signed-off-by: Daniel P. Berrang=C3=A9 --- crypto/cipher-builtin.c.inc | 72 ------- crypto/desrfb.c | 416 ------------------------------------ crypto/meson.build | 1 - 3 files changed, 489 deletions(-) delete mode 100644 crypto/desrfb.c diff --git a/crypto/cipher-builtin.c.inc b/crypto/cipher-builtin.c.inc index 7597cf4a10..70743f253c 100644 --- a/crypto/cipher-builtin.c.inc +++ b/crypto/cipher-builtin.c.inc @@ -19,7 +19,6 @@ */ =20 #include "crypto/aes.h" -#include "crypto/desrfb.h" #include "crypto/xts.h" =20 typedef struct QCryptoCipherBuiltinAESContext QCryptoCipherBuiltinAESConte= xt; @@ -265,69 +264,10 @@ static const struct QCryptoCipherDriver qcrypto_ciphe= r_aes_driver_xts =3D { }; =20 =20 -typedef struct QCryptoCipherBuiltinDESRFB QCryptoCipherBuiltinDESRFB; -struct QCryptoCipherBuiltinDESRFB { - QCryptoCipher base; - - /* C.f. alg_key_len[QCRYPTO_CIPHER_ALG_DES_RFB] */ - uint8_t key[8]; -}; - -static int qcrypto_cipher_encrypt_des_rfb(QCryptoCipher *cipher, - const void *in, void *out, - size_t len, Error **errp) -{ - QCryptoCipherBuiltinDESRFB *ctx - =3D container_of(cipher, QCryptoCipherBuiltinDESRFB, base); - size_t i; - - if (!qcrypto_length_check(len, 8, errp)) { - return -1; - } - - deskey(ctx->key, EN0); - - for (i =3D 0; i < len; i +=3D 8) { - des((void *)in + i, out + i); - } - - return 0; -} - -static int qcrypto_cipher_decrypt_des_rfb(QCryptoCipher *cipher, - const void *in, void *out, - size_t len, Error **errp) -{ - QCryptoCipherBuiltinDESRFB *ctx - =3D container_of(cipher, QCryptoCipherBuiltinDESRFB, base); - size_t i; - - if (!qcrypto_length_check(len, 8, errp)) { - return -1; - } - - deskey(ctx->key, DE1); - - for (i =3D 0; i < len; i +=3D 8) { - des((void *)in + i, out + i); - } - - return 0; -} - -static const struct QCryptoCipherDriver qcrypto_cipher_des_rfb_driver =3D { - .cipher_encrypt =3D qcrypto_cipher_encrypt_des_rfb, - .cipher_decrypt =3D qcrypto_cipher_decrypt_des_rfb, - .cipher_setiv =3D qcrypto_cipher_no_setiv, - .cipher_free =3D qcrypto_cipher_ctx_free, -}; - bool qcrypto_cipher_supports(QCryptoCipherAlgorithm alg, QCryptoCipherMode mode) { switch (alg) { - case QCRYPTO_CIPHER_ALG_DES_RFB: - return mode =3D=3D QCRYPTO_CIPHER_MODE_ECB; case QCRYPTO_CIPHER_ALG_AES_128: case QCRYPTO_CIPHER_ALG_AES_192: case QCRYPTO_CIPHER_ALG_AES_256: @@ -356,18 +296,6 @@ static QCryptoCipher *qcrypto_cipher_ctx_new(QCryptoCi= pherAlgorithm alg, } =20 switch (alg) { - case QCRYPTO_CIPHER_ALG_DES_RFB: - if (mode =3D=3D QCRYPTO_CIPHER_MODE_ECB) { - QCryptoCipherBuiltinDESRFB *ctx; - - ctx =3D g_new0(QCryptoCipherBuiltinDESRFB, 1); - ctx->base.driver =3D &qcrypto_cipher_des_rfb_driver; - memcpy(ctx->key, key, sizeof(ctx->key)); - - return &ctx->base; - } - goto bad_mode; - case QCRYPTO_CIPHER_ALG_AES_128: case QCRYPTO_CIPHER_ALG_AES_192: case QCRYPTO_CIPHER_ALG_AES_256: diff --git a/crypto/desrfb.c b/crypto/desrfb.c deleted file mode 100644 index b2a105ebbc..0000000000 --- a/crypto/desrfb.c +++ /dev/null @@ -1,416 +0,0 @@ -/* - * This is D3DES (V5.09) by Richard Outerbridge with the double and - * triple-length support removed for use in VNC. Also the bytebit[] array - * has been reversed so that the most significant bit in each byte of the - * key is ignored, not the least significant. - * - * These changes are: - * Copyright (C) 1999 AT&T Laboratories Cambridge. All Rights Reserved. - * - * This software is distributed in the hope that it will be useful, - * but WITHOUT ANY WARRANTY; without even the implied warranty of - * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. - */ - -/* D3DES (V5.09) - - * - * A portable, public domain, version of the Data Encryption Standard. - * - * Written with Symantec's THINK (Lightspeed) C by Richard Outerbridge. - * Thanks to: Dan Hoey for his excellent Initial and Inverse permutation - * code; Jim Gillogly & Phil Karn for the DES key schedule code; Dennis - * Ferguson, Eric Young and Dana How for comparing notes; and Ray Lau, - * for humouring me on. - * - * Copyright (c) 1988,1989,1990,1991,1992 by Richard Outerbridge. - * (GEnie : OUTER; CIS : [71755,204]) Graven Imagery, 1992. - */ - -#include "qemu/osdep.h" -#include "crypto/desrfb.h" - -static void scrunch(unsigned char *, unsigned long *); -static void unscrun(unsigned long *, unsigned char *); -static void desfunc(unsigned long *, unsigned long *); -static void cookey(unsigned long *); - -static unsigned long KnL[32] =3D { 0L }; - -static const unsigned short bytebit[8] =3D { - 01, 02, 04, 010, 020, 040, 0100, 0200 }; - -static const unsigned long bigbyte[24] =3D { - 0x800000L, 0x400000L, 0x200000L, 0x100000L, - 0x80000L, 0x40000L, 0x20000L, 0x10000L, - 0x8000L, 0x4000L, 0x2000L, 0x1000L, - 0x800L, 0x400L, 0x200L, 0x100L, - 0x80L, 0x40L, 0x20L, 0x10L, - 0x8L, 0x4L, 0x2L, 0x1L }; - -/* Use the key schedule specified in the Standard (ANSI X3.92-1981). */ - -static const unsigned char pc1[56] =3D { - 56, 48, 40, 32, 24, 16, 8, 0, 57, 49, 41, 33, 25, 17, - 9, 1, 58, 50, 42, 34, 26, 18, 10, 2, 59, 51, 43, 35, - 62, 54, 46, 38, 30, 22, 14, 6, 61, 53, 45, 37, 29, 21, - 13, 5, 60, 52, 44, 36, 28, 20, 12, 4, 27, 19, 11, 3 }; - -static const unsigned char totrot[16] =3D { - 1, 2, 4, 6, 8, 10, 12, 14, 15, 17, 19, 21, 23, 25, 27, 28 }; - -static const unsigned char pc2[48] =3D { - 13, 16, 10, 23, 0, 4, 2, 27, 14, 5, 20, 9, - 22, 18, 11, 3, 25, 7, 15, 6, 26, 19, 12, 1, - 40, 51, 30, 36, 46, 54, 29, 39, 50, 44, 32, 47, - 43, 48, 38, 55, 33, 52, 45, 41, 49, 35, 28, 31 }; - -/* Thanks to James Gillogly & Phil Karn! */ -void deskey(unsigned char *key, int edf) -{ - register int i, j, l, m, n; - unsigned char pc1m[56], pcr[56]; - unsigned long kn[32]; - - for ( j =3D 0; j < 56; j++ ) { - l =3D pc1[j]; - m =3D l & 07; - pc1m[j] =3D (key[l >> 3] & bytebit[m]) ? 1 : 0; - } - for( i =3D 0; i < 16; i++ ) { - if( edf =3D=3D DE1 ) m =3D (15 - i) << 1; - else m =3D i << 1; - n =3D m + 1; - kn[m] =3D kn[n] =3D 0L; - for( j =3D 0; j < 28; j++ ) { - l =3D j + totrot[i]; - if( l < 28 ) pcr[j] =3D pc1m[l]; - else pcr[j] =3D pc1m[l - 28]; - } - for( j =3D 28; j < 56; j++ ) { - l =3D j + totrot[i]; - if( l < 56 ) pcr[j] =3D pc1m[l]; - else pcr[j] =3D pc1m[l - 28]; - } - for( j =3D 0; j < 24; j++ ) { - if( pcr[pc2[j]] ) kn[m] |=3D bigbyte[j]; - if( pcr[pc2[j + 24]] ) kn[n] |=3D bigbyte[j]; - } - } - cookey(kn); - return; - } - -static void cookey(register unsigned long *raw1) -{ - register unsigned long *cook, *raw0; - unsigned long dough[32]; - register int i; - - cook =3D dough; - for( i =3D 0; i < 16; i++, raw1++ ) { - raw0 =3D raw1++; - *cook =3D (*raw0 & 0x00fc0000L) << 6; - *cook |=3D (*raw0 & 0x00000fc0L) << 10; - *cook |=3D (*raw1 & 0x00fc0000L) >> 10; - *cook++ |=3D (*raw1 & 0x00000fc0L) >> 6; - *cook =3D (*raw0 & 0x0003f000L) << 12; - *cook |=3D (*raw0 & 0x0000003fL) << 16; - *cook |=3D (*raw1 & 0x0003f000L) >> 4; - *cook++ |=3D (*raw1 & 0x0000003fL); - } - usekey(dough); - return; - } - -void usekey(register unsigned long *from) -{ - register unsigned long *to, *endp; - - to =3D KnL, endp =3D &KnL[32]; - while( to < endp ) *to++ =3D *from++; - return; - } - -void des(unsigned char *inblock, unsigned char *outblock) -{ - unsigned long work[2]; - - scrunch(inblock, work); - desfunc(work, KnL); - unscrun(work, outblock); - return; - } - -static void scrunch(register unsigned char *outof, register unsigned long = *into) -{ - *into =3D (*outof++ & 0xffL) << 24; - *into |=3D (*outof++ & 0xffL) << 16; - *into |=3D (*outof++ & 0xffL) << 8; - *into++ |=3D (*outof++ & 0xffL); - *into =3D (*outof++ & 0xffL) << 24; - *into |=3D (*outof++ & 0xffL) << 16; - *into |=3D (*outof++ & 0xffL) << 8; - *into |=3D (*outof & 0xffL); - return; - } - -static void unscrun(register unsigned long *outof, register unsigned char = *into) -{ - *into++ =3D (unsigned char)((*outof >> 24) & 0xffL); - *into++ =3D (unsigned char)((*outof >> 16) & 0xffL); - *into++ =3D (unsigned char)((*outof >> 8) & 0xffL); - *into++ =3D (unsigned char)(*outof++ & 0xffL); - *into++ =3D (unsigned char)((*outof >> 24) & 0xffL); - *into++ =3D (unsigned char)((*outof >> 16) & 0xffL); - *into++ =3D (unsigned char)((*outof >> 8) & 0xffL); - *into =3D (unsigned char)(*outof & 0xffL); - return; - } - -static const unsigned long SP1[64] =3D { - 0x01010400L, 0x00000000L, 0x00010000L, 0x01010404L, - 0x01010004L, 0x00010404L, 0x00000004L, 0x00010000L, - 0x00000400L, 0x01010400L, 0x01010404L, 0x00000400L, - 0x01000404L, 0x01010004L, 0x01000000L, 0x00000004L, - 0x00000404L, 0x01000400L, 0x01000400L, 0x00010400L, - 0x00010400L, 0x01010000L, 0x01010000L, 0x01000404L, - 0x00010004L, 0x01000004L, 0x01000004L, 0x00010004L, - 0x00000000L, 0x00000404L, 0x00010404L, 0x01000000L, - 0x00010000L, 0x01010404L, 0x00000004L, 0x01010000L, - 0x01010400L, 0x01000000L, 0x01000000L, 0x00000400L, - 0x01010004L, 0x00010000L, 0x00010400L, 0x01000004L, - 0x00000400L, 0x00000004L, 0x01000404L, 0x00010404L, - 0x01010404L, 0x00010004L, 0x01010000L, 0x01000404L, - 0x01000004L, 0x00000404L, 0x00010404L, 0x01010400L, - 0x00000404L, 0x01000400L, 0x01000400L, 0x00000000L, - 0x00010004L, 0x00010400L, 0x00000000L, 0x01010004L }; - -static const unsigned long SP2[64] =3D { - 0x80108020L, 0x80008000L, 0x00008000L, 0x00108020L, - 0x00100000L, 0x00000020L, 0x80100020L, 0x80008020L, - 0x80000020L, 0x80108020L, 0x80108000L, 0x80000000L, - 0x80008000L, 0x00100000L, 0x00000020L, 0x80100020L, - 0x00108000L, 0x00100020L, 0x80008020L, 0x00000000L, - 0x80000000L, 0x00008000L, 0x00108020L, 0x80100000L, - 0x00100020L, 0x80000020L, 0x00000000L, 0x00108000L, - 0x00008020L, 0x80108000L, 0x80100000L, 0x00008020L, - 0x00000000L, 0x00108020L, 0x80100020L, 0x00100000L, - 0x80008020L, 0x80100000L, 0x80108000L, 0x00008000L, - 0x80100000L, 0x80008000L, 0x00000020L, 0x80108020L, - 0x00108020L, 0x00000020L, 0x00008000L, 0x80000000L, - 0x00008020L, 0x80108000L, 0x00100000L, 0x80000020L, - 0x00100020L, 0x80008020L, 0x80000020L, 0x00100020L, - 0x00108000L, 0x00000000L, 0x80008000L, 0x00008020L, - 0x80000000L, 0x80100020L, 0x80108020L, 0x00108000L }; - -static const unsigned long SP3[64] =3D { - 0x00000208L, 0x08020200L, 0x00000000L, 0x08020008L, - 0x08000200L, 0x00000000L, 0x00020208L, 0x08000200L, - 0x00020008L, 0x08000008L, 0x08000008L, 0x00020000L, - 0x08020208L, 0x00020008L, 0x08020000L, 0x00000208L, - 0x08000000L, 0x00000008L, 0x08020200L, 0x00000200L, - 0x00020200L, 0x08020000L, 0x08020008L, 0x00020208L, - 0x08000208L, 0x00020200L, 0x00020000L, 0x08000208L, - 0x00000008L, 0x08020208L, 0x00000200L, 0x08000000L, - 0x08020200L, 0x08000000L, 0x00020008L, 0x00000208L, - 0x00020000L, 0x08020200L, 0x08000200L, 0x00000000L, - 0x00000200L, 0x00020008L, 0x08020208L, 0x08000200L, - 0x08000008L, 0x00000200L, 0x00000000L, 0x08020008L, - 0x08000208L, 0x00020000L, 0x08000000L, 0x08020208L, - 0x00000008L, 0x00020208L, 0x00020200L, 0x08000008L, - 0x08020000L, 0x08000208L, 0x00000208L, 0x08020000L, - 0x00020208L, 0x00000008L, 0x08020008L, 0x00020200L }; - -static const unsigned long SP4[64] =3D { - 0x00802001L, 0x00002081L, 0x00002081L, 0x00000080L, - 0x00802080L, 0x00800081L, 0x00800001L, 0x00002001L, - 0x00000000L, 0x00802000L, 0x00802000L, 0x00802081L, - 0x00000081L, 0x00000000L, 0x00800080L, 0x00800001L, - 0x00000001L, 0x00002000L, 0x00800000L, 0x00802001L, - 0x00000080L, 0x00800000L, 0x00002001L, 0x00002080L, - 0x00800081L, 0x00000001L, 0x00002080L, 0x00800080L, - 0x00002000L, 0x00802080L, 0x00802081L, 0x00000081L, - 0x00800080L, 0x00800001L, 0x00802000L, 0x00802081L, - 0x00000081L, 0x00000000L, 0x00000000L, 0x00802000L, - 0x00002080L, 0x00800080L, 0x00800081L, 0x00000001L, - 0x00802001L, 0x00002081L, 0x00002081L, 0x00000080L, - 0x00802081L, 0x00000081L, 0x00000001L, 0x00002000L, - 0x00800001L, 0x00002001L, 0x00802080L, 0x00800081L, - 0x00002001L, 0x00002080L, 0x00800000L, 0x00802001L, - 0x00000080L, 0x00800000L, 0x00002000L, 0x00802080L }; - -static const unsigned long SP5[64] =3D { - 0x00000100L, 0x02080100L, 0x02080000L, 0x42000100L, - 0x00080000L, 0x00000100L, 0x40000000L, 0x02080000L, - 0x40080100L, 0x00080000L, 0x02000100L, 0x40080100L, - 0x42000100L, 0x42080000L, 0x00080100L, 0x40000000L, - 0x02000000L, 0x40080000L, 0x40080000L, 0x00000000L, - 0x40000100L, 0x42080100L, 0x42080100L, 0x02000100L, - 0x42080000L, 0x40000100L, 0x00000000L, 0x42000000L, - 0x02080100L, 0x02000000L, 0x42000000L, 0x00080100L, - 0x00080000L, 0x42000100L, 0x00000100L, 0x02000000L, - 0x40000000L, 0x02080000L, 0x42000100L, 0x40080100L, - 0x02000100L, 0x40000000L, 0x42080000L, 0x02080100L, - 0x40080100L, 0x00000100L, 0x02000000L, 0x42080000L, - 0x42080100L, 0x00080100L, 0x42000000L, 0x42080100L, - 0x02080000L, 0x00000000L, 0x40080000L, 0x42000000L, - 0x00080100L, 0x02000100L, 0x40000100L, 0x00080000L, - 0x00000000L, 0x40080000L, 0x02080100L, 0x40000100L }; - -static const unsigned long SP6[64] =3D { - 0x20000010L, 0x20400000L, 0x00004000L, 0x20404010L, - 0x20400000L, 0x00000010L, 0x20404010L, 0x00400000L, - 0x20004000L, 0x00404010L, 0x00400000L, 0x20000010L, - 0x00400010L, 0x20004000L, 0x20000000L, 0x00004010L, - 0x00000000L, 0x00400010L, 0x20004010L, 0x00004000L, - 0x00404000L, 0x20004010L, 0x00000010L, 0x20400010L, - 0x20400010L, 0x00000000L, 0x00404010L, 0x20404000L, - 0x00004010L, 0x00404000L, 0x20404000L, 0x20000000L, - 0x20004000L, 0x00000010L, 0x20400010L, 0x00404000L, - 0x20404010L, 0x00400000L, 0x00004010L, 0x20000010L, - 0x00400000L, 0x20004000L, 0x20000000L, 0x00004010L, - 0x20000010L, 0x20404010L, 0x00404000L, 0x20400000L, - 0x00404010L, 0x20404000L, 0x00000000L, 0x20400010L, - 0x00000010L, 0x00004000L, 0x20400000L, 0x00404010L, - 0x00004000L, 0x00400010L, 0x20004010L, 0x00000000L, - 0x20404000L, 0x20000000L, 0x00400010L, 0x20004010L }; - -static const unsigned long SP7[64] =3D { - 0x00200000L, 0x04200002L, 0x04000802L, 0x00000000L, - 0x00000800L, 0x04000802L, 0x00200802L, 0x04200800L, - 0x04200802L, 0x00200000L, 0x00000000L, 0x04000002L, - 0x00000002L, 0x04000000L, 0x04200002L, 0x00000802L, - 0x04000800L, 0x00200802L, 0x00200002L, 0x04000800L, - 0x04000002L, 0x04200000L, 0x04200800L, 0x00200002L, - 0x04200000L, 0x00000800L, 0x00000802L, 0x04200802L, - 0x00200800L, 0x00000002L, 0x04000000L, 0x00200800L, - 0x04000000L, 0x00200800L, 0x00200000L, 0x04000802L, - 0x04000802L, 0x04200002L, 0x04200002L, 0x00000002L, - 0x00200002L, 0x04000000L, 0x04000800L, 0x00200000L, - 0x04200800L, 0x00000802L, 0x00200802L, 0x04200800L, - 0x00000802L, 0x04000002L, 0x04200802L, 0x04200000L, - 0x00200800L, 0x00000000L, 0x00000002L, 0x04200802L, - 0x00000000L, 0x00200802L, 0x04200000L, 0x00000800L, - 0x04000002L, 0x04000800L, 0x00000800L, 0x00200002L }; - -static const unsigned long SP8[64] =3D { - 0x10001040L, 0x00001000L, 0x00040000L, 0x10041040L, - 0x10000000L, 0x10001040L, 0x00000040L, 0x10000000L, - 0x00040040L, 0x10040000L, 0x10041040L, 0x00041000L, - 0x10041000L, 0x00041040L, 0x00001000L, 0x00000040L, - 0x10040000L, 0x10000040L, 0x10001000L, 0x00001040L, - 0x00041000L, 0x00040040L, 0x10040040L, 0x10041000L, - 0x00001040L, 0x00000000L, 0x00000000L, 0x10040040L, - 0x10000040L, 0x10001000L, 0x00041040L, 0x00040000L, - 0x00041040L, 0x00040000L, 0x10041000L, 0x00001000L, - 0x00000040L, 0x10040040L, 0x00001000L, 0x00041040L, - 0x10001000L, 0x00000040L, 0x10000040L, 0x10040000L, - 0x10040040L, 0x10000000L, 0x00040000L, 0x10001040L, - 0x00000000L, 0x10041040L, 0x00040040L, 0x10000040L, - 0x10040000L, 0x10001000L, 0x10001040L, 0x00000000L, - 0x10041040L, 0x00041000L, 0x00041000L, 0x00001040L, - 0x00001040L, 0x00040040L, 0x10000000L, 0x10041000L }; - -static void desfunc(register unsigned long *block, register unsigned long = *keys) -{ - register unsigned long fval, work, right, leftt; - register int round; - - leftt =3D block[0]; - right =3D block[1]; - work =3D ((leftt >> 4) ^ right) & 0x0f0f0f0fL; - right ^=3D work; - leftt ^=3D (work << 4); - work =3D ((leftt >> 16) ^ right) & 0x0000ffffL; - right ^=3D work; - leftt ^=3D (work << 16); - work =3D ((right >> 2) ^ leftt) & 0x33333333L; - leftt ^=3D work; - right ^=3D (work << 2); - work =3D ((right >> 8) ^ leftt) & 0x00ff00ffL; - leftt ^=3D work; - right ^=3D (work << 8); - right =3D ((right << 1) | ((right >> 31) & 1L)) & 0xffffffffL; - work =3D (leftt ^ right) & 0xaaaaaaaaL; - leftt ^=3D work; - right ^=3D work; - leftt =3D ((leftt << 1) | ((leftt >> 31) & 1L)) & 0xffffffffL; - - for( round =3D 0; round < 8; round++ ) { - work =3D (right << 28) | (right >> 4); - work ^=3D *keys++; - fval =3D SP7[ work & 0x3fL]; - fval |=3D SP5[(work >> 8) & 0x3fL]; - fval |=3D SP3[(work >> 16) & 0x3fL]; - fval |=3D SP1[(work >> 24) & 0x3fL]; - work =3D right ^ *keys++; - fval |=3D SP8[ work & 0x3fL]; - fval |=3D SP6[(work >> 8) & 0x3fL]; - fval |=3D SP4[(work >> 16) & 0x3fL]; - fval |=3D SP2[(work >> 24) & 0x3fL]; - leftt ^=3D fval; - work =3D (leftt << 28) | (leftt >> 4); - work ^=3D *keys++; - fval =3D SP7[ work & 0x3fL]; - fval |=3D SP5[(work >> 8) & 0x3fL]; - fval |=3D SP3[(work >> 16) & 0x3fL]; - fval |=3D SP1[(work >> 24) & 0x3fL]; - work =3D leftt ^ *keys++; - fval |=3D SP8[ work & 0x3fL]; - fval |=3D SP6[(work >> 8) & 0x3fL]; - fval |=3D SP4[(work >> 16) & 0x3fL]; - fval |=3D SP2[(work >> 24) & 0x3fL]; - right ^=3D fval; - } - - right =3D (right << 31) | (right >> 1); - work =3D (leftt ^ right) & 0xaaaaaaaaL; - leftt ^=3D work; - right ^=3D work; - leftt =3D (leftt << 31) | (leftt >> 1); - work =3D ((leftt >> 8) ^ right) & 0x00ff00ffL; - right ^=3D work; - leftt ^=3D (work << 8); - work =3D ((leftt >> 2) ^ right) & 0x33333333L; - right ^=3D work; - leftt ^=3D (work << 2); - work =3D ((right >> 16) ^ leftt) & 0x0000ffffL; - leftt ^=3D work; - right ^=3D (work << 16); - work =3D ((right >> 4) ^ leftt) & 0x0f0f0f0fL; - leftt ^=3D work; - right ^=3D (work << 4); - *block++ =3D right; - *block =3D leftt; - return; - } - -/* Validation sets: - * - * Single-length key, single-length plaintext - - * Key : 0123 4567 89ab cdef - * Plain : 0123 4567 89ab cde7 - * Cipher : c957 4425 6a5e d31d - * - * Double-length key, single-length plaintext - - * Key : 0123 4567 89ab cdef fedc ba98 7654 3210 - * Plain : 0123 4567 89ab cde7 - * Cipher : 7f1d 0a77 826b 8aff - * - * Double-length key, double-length plaintext - - * Key : 0123 4567 89ab cdef fedc ba98 7654 3210 - * Plain : 0123 4567 89ab cdef 0123 4567 89ab cdff - * Cipher : 27a0 8440 406a df60 278f 47cf 42d6 15d7 - * - * Triple-length key, single-length plaintext - - * Key : 0123 4567 89ab cdef fedc ba98 7654 3210 89ab cdef 0123 4567 - * Plain : 0123 4567 89ab cde7 - * Cipher : de0b 7c06 ae5e 0ed5 - * - * Triple-length key, double-length plaintext - - * Key : 0123 4567 89ab cdef fedc ba98 7654 3210 89ab cdef 0123 4567 - * Plain : 0123 4567 89ab cdef 0123 4567 89ab cdff - * Cipher : ad0d 1b30 ac17 cf07 0ed1 1c63 81e4 4de5 - * - * d3des V5.0a rwo 9208.07 18:44 Graven Imagery - **********************************************************************/ diff --git a/crypto/meson.build b/crypto/meson.build index 7cbf1a6ba7..b384ca8b57 100644 --- a/crypto/meson.build +++ b/crypto/meson.build @@ -5,7 +5,6 @@ crypto_ss.add(files( 'block-qcow.c', 'block.c', 'cipher.c', - 'desrfb.c', 'hash.c', 'hmac.c', 'ivgen-essiv.c', --=20 2.31.1 From nobody Mon May 20 02:35:13 2024 Delivered-To: importer@patchew.org Authentication-Results: mx.zohomail.com; dkim=fail; spf=pass (zohomail.com: domain of gnu.org designates 209.51.188.17 as permitted sender) smtp.mailfrom=qemu-devel-bounces+importer=patchew.org@nongnu.org; dmarc=fail(p=none dis=none) header.from=redhat.com Return-Path: Received: from lists.gnu.org (lists.gnu.org [209.51.188.17]) by mx.zohomail.com with SMTPS id 1626272241488100.48178282913716; Wed, 14 Jul 2021 07:17:21 -0700 (PDT) Received: from localhost ([::1]:45244 helo=lists1p.gnu.org) by lists.gnu.org with esmtp (Exim 4.90_1) (envelope-from ) id 1m3fhP-0007XQ-94 for importer@patchew.org; Wed, 14 Jul 2021 10:17:19 -0400 Received: from eggs.gnu.org ([2001:470:142:3::10]:37872) by lists.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.90_1) (envelope-from ) id 1m3faN-0003V8-0e for qemu-devel@nongnu.org; Wed, 14 Jul 2021 10:10:03 -0400 Received: from us-smtp-delivery-124.mimecast.com ([216.205.24.124]:26274) by eggs.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.90_1) (envelope-from ) id 1m3faK-0006vj-3W for qemu-devel@nongnu.org; Wed, 14 Jul 2021 10:10:02 -0400 Received: from mimecast-mx01.redhat.com (mimecast-mx01.redhat.com [209.132.183.4]) (Using TLS) by relay.mimecast.com with ESMTP id us-mta-71-QTLYpB22OrS41f4x08cbqw-1; Wed, 14 Jul 2021 10:09:58 -0400 Received: from smtp.corp.redhat.com (int-mx01.intmail.prod.int.phx2.redhat.com [10.5.11.11]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by mimecast-mx01.redhat.com (Postfix) with ESMTPS id 1394F804144; Wed, 14 Jul 2021 14:09:57 +0000 (UTC) Received: from localhost.localdomain.com (ovpn-114-160.ams2.redhat.com [10.36.114.160]) by smtp.corp.redhat.com (Postfix) with ESMTP id 48CAD69CB4; Wed, 14 Jul 2021 14:09:54 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=redhat.com; s=mimecast20190719; t=1626271799; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:cc:mime-version:mime-version:content-type:content-type: content-transfer-encoding:content-transfer-encoding: in-reply-to:in-reply-to:references:references; bh=B1Wq8HxVURS9jmIQccCvK7NmEc6zsZtIpHC7fJgIgEk=; b=DPMwUlZcTJo6jp8duDFfsFruQk9qIn7z+DWiwvGjB8F5RPncB/GOj59RWMMlxBshJqXbDj KzkCLkBc4/59d0jP9JXLoq8Dsd9GGXBOAy3HTZmnWIo61bVStC5ExGjEAAgikmx1sjaqDo FyXhcQxaW3nZpR9CFHHsGciFtno6dd0= X-MC-Unique: QTLYpB22OrS41f4x08cbqw-1 From: =?UTF-8?q?Daniel=20P=2E=20Berrang=C3=A9?= To: qemu-devel@nongnu.org Subject: [PULL 10/26] crypto: delete built-in XTS cipher mode support Date: Wed, 14 Jul 2021 15:08:42 +0100 Message-Id: <20210714140858.2247409-11-berrange@redhat.com> In-Reply-To: <20210714140858.2247409-1-berrange@redhat.com> References: <20210714140858.2247409-1-berrange@redhat.com> MIME-Version: 1.0 X-Scanned-By: MIMEDefang 2.79 on 10.5.11.11 Authentication-Results: relay.mimecast.com; auth=pass smtp.auth=CUSA124A263 smtp.mailfrom=berrange@redhat.com X-Mimecast-Spam-Score: 0 X-Mimecast-Originator: redhat.com Content-Type: text/plain; charset="utf-8" Content-Transfer-Encoding: quoted-printable Received-SPF: pass (zohomail.com: domain of gnu.org designates 209.51.188.17 as permitted sender) client-ip=209.51.188.17; envelope-from=qemu-devel-bounces+importer=patchew.org@nongnu.org; helo=lists.gnu.org; Received-SPF: pass client-ip=216.205.24.124; envelope-from=berrange@redhat.com; helo=us-smtp-delivery-124.mimecast.com X-Spam_score_int: -34 X-Spam_score: -3.5 X-Spam_bar: --- X-Spam_report: (-3.5 / 5.0 requ) BAYES_00=-1.9, DKIMWL_WL_HIGH=-0.699, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, RCVD_IN_DNSWL_LOW=-0.7, RCVD_IN_MSPIKE_H4=0.001, RCVD_IN_MSPIKE_WL=0.001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001 autolearn=ham autolearn_force=no X-Spam_action: no action X-BeenThere: qemu-devel@nongnu.org X-Mailman-Version: 2.1.23 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Cc: Eduardo Otubo , =?UTF-8?q?Daniel=20P=2E=20Berrang=C3=A9?= , Eduardo Habkost , Juan Quintela , Jason Wang , Richard Henderson , "Dr. David Alan Gilbert" , Markus Armbruster , Jiri Pirko , Gerd Hoffmann , Paolo Bonzini , Eric Blake Errors-To: qemu-devel-bounces+importer=patchew.org@nongnu.org Sender: "Qemu-devel" X-ZohoMail-DKIM: fail (Header signature does not verify) X-ZM-MESSAGEID: 1626272344884100001 The built-in AES+XTS implementation is used for the LUKS encryption When building system emulators it is reasonable to expect that an external crypto library is being used instead. The performance of the builtin XTS implementation is terrible as it has no CPU acceleration support. It is thus not worth keeping a home grown XTS implementation for the built-in cipher backend. Reviewed-by: Eric Blake Signed-off-by: Daniel P. Berrang=C3=A9 --- crypto/cipher-builtin.c.inc | 60 ------------------------------------- crypto/meson.build | 6 ++-- meson.build | 7 ++--- 3 files changed, 6 insertions(+), 67 deletions(-) diff --git a/crypto/cipher-builtin.c.inc b/crypto/cipher-builtin.c.inc index 70743f253c..b409089095 100644 --- a/crypto/cipher-builtin.c.inc +++ b/crypto/cipher-builtin.c.inc @@ -19,7 +19,6 @@ */ =20 #include "crypto/aes.h" -#include "crypto/xts.h" =20 typedef struct QCryptoCipherBuiltinAESContext QCryptoCipherBuiltinAESConte= xt; struct QCryptoCipherBuiltinAESContext { @@ -31,7 +30,6 @@ typedef struct QCryptoCipherBuiltinAES QCryptoCipherBuilt= inAES; struct QCryptoCipherBuiltinAES { QCryptoCipher base; QCryptoCipherBuiltinAESContext key; - QCryptoCipherBuiltinAESContext key_tweak; uint8_t iv[AES_BLOCK_SIZE]; }; =20 @@ -193,39 +191,6 @@ static int qcrypto_cipher_aes_decrypt_cbc(QCryptoCiphe= r *cipher, return 0; } =20 -static int qcrypto_cipher_aes_encrypt_xts(QCryptoCipher *cipher, - const void *in, void *out, - size_t len, Error **errp) -{ - QCryptoCipherBuiltinAES *ctx - =3D container_of(cipher, QCryptoCipherBuiltinAES, base); - - if (!qcrypto_length_check(len, AES_BLOCK_SIZE, errp)) { - return -1; - } - xts_encrypt(&ctx->key, &ctx->key_tweak, - do_aes_encrypt_ecb, do_aes_decrypt_ecb, - ctx->iv, len, out, in); - return 0; -} - -static int qcrypto_cipher_aes_decrypt_xts(QCryptoCipher *cipher, - const void *in, void *out, - size_t len, Error **errp) -{ - QCryptoCipherBuiltinAES *ctx - =3D container_of(cipher, QCryptoCipherBuiltinAES, base); - - if (!qcrypto_length_check(len, AES_BLOCK_SIZE, errp)) { - return -1; - } - xts_decrypt(&ctx->key, &ctx->key_tweak, - do_aes_encrypt_ecb, do_aes_decrypt_ecb, - ctx->iv, len, out, in); - return 0; -} - - static int qcrypto_cipher_aes_setiv(QCryptoCipher *cipher, const uint8_t *= iv, size_t niv, Error **errp) { @@ -256,14 +221,6 @@ static const struct QCryptoCipherDriver qcrypto_cipher= _aes_driver_cbc =3D { .cipher_free =3D qcrypto_cipher_ctx_free, }; =20 -static const struct QCryptoCipherDriver qcrypto_cipher_aes_driver_xts =3D { - .cipher_encrypt =3D qcrypto_cipher_aes_encrypt_xts, - .cipher_decrypt =3D qcrypto_cipher_aes_decrypt_xts, - .cipher_setiv =3D qcrypto_cipher_aes_setiv, - .cipher_free =3D qcrypto_cipher_ctx_free, -}; - - bool qcrypto_cipher_supports(QCryptoCipherAlgorithm alg, QCryptoCipherMode mode) { @@ -274,7 +231,6 @@ bool qcrypto_cipher_supports(QCryptoCipherAlgorithm alg, switch (mode) { case QCRYPTO_CIPHER_MODE_ECB: case QCRYPTO_CIPHER_MODE_CBC: - case QCRYPTO_CIPHER_MODE_XTS: return true; default: return false; @@ -310,9 +266,6 @@ static QCryptoCipher *qcrypto_cipher_ctx_new(QCryptoCip= herAlgorithm alg, case QCRYPTO_CIPHER_MODE_CBC: drv =3D &qcrypto_cipher_aes_driver_cbc; break; - case QCRYPTO_CIPHER_MODE_XTS: - drv =3D &qcrypto_cipher_aes_driver_xts; - break; default: goto bad_mode; } @@ -320,19 +273,6 @@ static QCryptoCipher *qcrypto_cipher_ctx_new(QCryptoCi= pherAlgorithm alg, ctx =3D g_new0(QCryptoCipherBuiltinAES, 1); ctx->base.driver =3D drv; =20 - if (mode =3D=3D QCRYPTO_CIPHER_MODE_XTS) { - nkey /=3D 2; - if (AES_set_encrypt_key(key + nkey, nkey * 8, - &ctx->key_tweak.enc)) { - error_setg(errp, "Failed to set encryption key"); - goto error; - } - if (AES_set_decrypt_key(key + nkey, nkey * 8, - &ctx->key_tweak.dec)) { - error_setg(errp, "Failed to set decryption key"); - goto error; - } - } if (AES_set_encrypt_key(key, nkey * 8, &ctx->key.enc)) { error_setg(errp, "Failed to set encryption key"); goto error; diff --git a/crypto/meson.build b/crypto/meson.build index b384ca8b57..fc8de287e1 100644 --- a/crypto/meson.build +++ b/crypto/meson.build @@ -23,14 +23,14 @@ crypto_ss.add(files( =20 if nettle.found() crypto_ss.add(nettle, files('hash-nettle.c', 'hmac-nettle.c', 'pbkdf-net= tle.c')) + if xts =3D=3D 'private' + crypto_ss.add(files('xts.c')) + endif elif gcrypt.found() crypto_ss.add(gcrypt, files('hash-gcrypt.c', 'hmac-gcrypt.c', 'pbkdf-gcr= ypt.c')) else crypto_ss.add(files('hash-glib.c', 'hmac-glib.c', 'pbkdf-stub.c')) endif -if xts =3D=3D 'private' - crypto_ss.add(files('xts.c')) -endif =20 crypto_ss.add(when: 'CONFIG_SECRET_KEYRING', if_true: files('secret_keyrin= g.c')) crypto_ss.add(when: 'CONFIG_AF_ALG', if_true: files('afalg.c', 'cipher-afa= lg.c', 'hash-afalg.c')) diff --git a/meson.build b/meson.build index a96c8b858c..8f899e1e9b 100644 --- a/meson.build +++ b/meson.build @@ -826,7 +826,7 @@ endif # Nettle has priority over gcrypt gcrypt =3D not_found nettle =3D not_found -xts =3D 'private' +xts =3D 'none' if get_option('nettle').enabled() and get_option('gcrypt').enabled() error('Only one of gcrypt & nettle can be enabled') elif (not get_option('nettle').auto() or have_system) and not get_option('= gcrypt').enabled() @@ -834,8 +834,8 @@ elif (not get_option('nettle').auto() or have_system) a= nd not get_option('gcrypt method: 'pkg-config', required: get_option('nettle'), kwargs: static_kwargs) - if nettle.found() and cc.has_header('nettle/xts.h', dependencies: nettle) - xts =3D 'nettle' + if nettle.found() and not cc.has_header('nettle/xts.h', dependencies: ne= ttle) + xts =3D 'private' endif endif if (not get_option('gcrypt').auto() or have_system) and not nettle.found() @@ -843,7 +843,6 @@ if (not get_option('gcrypt').auto() or have_system) and= not nettle.found() method: 'config-tool', required: get_option('gcrypt'), kwargs: static_kwargs) - xts =3D 'gcrypt' # Debian has removed -lgpg-error from libgcrypt-config # as it "spreads unnecessary dependencies" which in # turn breaks static builds... --=20 2.31.1 From nobody Mon May 20 02:35:13 2024 Delivered-To: importer@patchew.org Authentication-Results: mx.zohomail.com; dkim=fail; spf=pass (zohomail.com: domain of gnu.org designates 209.51.188.17 as permitted sender) smtp.mailfrom=qemu-devel-bounces+importer=patchew.org@nongnu.org; dmarc=fail(p=none dis=none) header.from=redhat.com Return-Path: Received: from lists.gnu.org (lists.gnu.org [209.51.188.17]) by mx.zohomail.com with SMTPS id 1626272337949380.6762877786076; Wed, 14 Jul 2021 07:18:57 -0700 (PDT) Received: from localhost ([::1]:51618 helo=lists1p.gnu.org) by lists.gnu.org with esmtp (Exim 4.90_1) (envelope-from ) id 1m3fiy-0003PV-OZ for importer@patchew.org; Wed, 14 Jul 2021 10:18:56 -0400 Received: from eggs.gnu.org ([2001:470:142:3::10]:38090) by lists.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.90_1) (envelope-from ) id 1m3fbE-0004Jo-Pg for qemu-devel@nongnu.org; Wed, 14 Jul 2021 10:11:00 -0400 Received: from us-smtp-delivery-124.mimecast.com ([170.10.133.124]:34415) by eggs.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.90_1) (envelope-from ) id 1m3fbC-0007Wy-Ls for qemu-devel@nongnu.org; Wed, 14 Jul 2021 10:10:56 -0400 Received: from mimecast-mx01.redhat.com (mimecast-mx01.redhat.com [209.132.183.4]) (Using TLS) by relay.mimecast.com with ESMTP id us-mta-596-tS4IrqLIMDWhsfvbPqYalg-1; Wed, 14 Jul 2021 10:10:52 -0400 Received: from smtp.corp.redhat.com (int-mx01.intmail.prod.int.phx2.redhat.com [10.5.11.11]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by mimecast-mx01.redhat.com (Postfix) with ESMTPS id 3241D18414A3; Wed, 14 Jul 2021 14:10:51 +0000 (UTC) Received: from localhost.localdomain.com (ovpn-114-160.ams2.redhat.com [10.36.114.160]) by smtp.corp.redhat.com (Postfix) with ESMTP id 65DCF60BD8; Wed, 14 Jul 2021 14:09:57 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=redhat.com; s=mimecast20190719; t=1626271854; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:cc:mime-version:mime-version:content-type:content-type: content-transfer-encoding:content-transfer-encoding: in-reply-to:in-reply-to:references:references; bh=jyOfMpJe/cklIsOWv8Yc9KTvoBTX99ducAH/uYjKO4U=; b=X/WxDFihJ2UNa6U0TQJV8NOp4SodVd+6cs5H/XTGnKzrfI+usyJ3AuBZ97nm0mSvf7jiaq UecDxyo7xtmIpJvabXV4jS2gEuqu9HxOvGD3L1YYrG5blgsu0puTD7pvhCDu7z2fRTYzLA beyAop9FVIAw9ELU0FwFDiUWcbI1Iso= X-MC-Unique: tS4IrqLIMDWhsfvbPqYalg-1 From: =?UTF-8?q?Daniel=20P=2E=20Berrang=C3=A9?= To: qemu-devel@nongnu.org Subject: [PULL 11/26] crypto: replace 'des-rfb' cipher with 'des' Date: Wed, 14 Jul 2021 15:08:43 +0100 Message-Id: <20210714140858.2247409-12-berrange@redhat.com> In-Reply-To: <20210714140858.2247409-1-berrange@redhat.com> References: <20210714140858.2247409-1-berrange@redhat.com> MIME-Version: 1.0 X-Scanned-By: MIMEDefang 2.79 on 10.5.11.11 Authentication-Results: relay.mimecast.com; auth=pass smtp.auth=CUSA124A263 smtp.mailfrom=berrange@redhat.com X-Mimecast-Spam-Score: 0 X-Mimecast-Originator: redhat.com Content-Type: text/plain; charset="utf-8" Content-Transfer-Encoding: quoted-printable Received-SPF: pass (zohomail.com: domain of gnu.org designates 209.51.188.17 as permitted sender) client-ip=209.51.188.17; envelope-from=qemu-devel-bounces+importer=patchew.org@nongnu.org; helo=lists.gnu.org; Received-SPF: pass client-ip=170.10.133.124; envelope-from=berrange@redhat.com; helo=us-smtp-delivery-124.mimecast.com X-Spam_score_int: -34 X-Spam_score: -3.5 X-Spam_bar: --- X-Spam_report: (-3.5 / 5.0 requ) BAYES_00=-1.9, DKIMWL_WL_HIGH=-0.699, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, RCVD_IN_DNSWL_LOW=-0.7, RCVD_IN_MSPIKE_H4=0.001, RCVD_IN_MSPIKE_WL=0.001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001 autolearn=ham autolearn_force=no X-Spam_action: no action X-BeenThere: qemu-devel@nongnu.org X-Mailman-Version: 2.1.23 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Cc: Eduardo Otubo , =?UTF-8?q?Daniel=20P=2E=20Berrang=C3=A9?= , Eduardo Habkost , Juan Quintela , Jason Wang , Richard Henderson , "Dr. David Alan Gilbert" , Markus Armbruster , Jiri Pirko , Gerd Hoffmann , Paolo Bonzini , Eric Blake Errors-To: qemu-devel-bounces+importer=patchew.org@nongnu.org Sender: "Qemu-devel" X-ZohoMail-DKIM: fail (Header signature does not verify) X-ZM-MESSAGEID: 1626272404083100001 Currently the crypto layer exposes support for a 'des-rfb' algorithm which is just normal single-DES, with the bits in each key byte reversed. This special key munging is required by the RFB protocol password authentication mechanism. Since the crypto layer is generic shared code, it makes more sense to do the key byte munging in the VNC server code, and expose normal single-DES support. Replacing cipher 'des-rfb' by 'des' looks like an incompatible interface change, but it doesn't matter. While the QMP schema allows any QCryptoCipherAlgorithm for the 'cipher-alg' field in QCryptoBlockCreateOptionsLUKS, the code restricts what can be used at runtime. Thus the only effect is a change in error message. Original behaviour: $ qemu-img create -f luks --object secret,id=3Dsec0,data=3D123 -o cipher-a= lg=3Ddes-rfb,key-secret=3Dsec0 demo.luks 1G Formatting 'demo.luks', fmt=3Dluks size=3D1073741824 key-secret=3Dsec0 cip= her-alg=3Ddes-rfb qemu-img: demo.luks: Algorithm 'des-rfb' not supported New behaviour: $ qemu-img create -f luks --object secret,id=3Dsec0,data=3D123 -o cipher-a= lg=3Ddes-rfb,key-secret=3Dsec0 demo.luks 1G Formatting 'demo.luks', fmt=3Dluks size=3D1073741824 key-secret=3Dsec0 cip= her-alg=3Ddes-fish qemu-img: demo.luks: Invalid parameter 'des-rfb' Reviewed-by: Markus Armbruster Reviewed-by: Eric Blake Signed-off-by: Daniel P. Berrang=C3=A9 --- crypto/cipher-gcrypt.c.inc | 16 +++------------- crypto/cipher-nettle.c.inc | 26 +++++++++++--------------- crypto/cipher.c | 28 +++++----------------------- qapi/crypto.json | 4 ++-- tests/unit/test-crypto-cipher.c | 18 +++++++++--------- ui/vnc.c | 20 +++++++++++++++++--- 6 files changed, 47 insertions(+), 65 deletions(-) diff --git a/crypto/cipher-gcrypt.c.inc b/crypto/cipher-gcrypt.c.inc index 3aab08a1a9..a6a0117717 100644 --- a/crypto/cipher-gcrypt.c.inc +++ b/crypto/cipher-gcrypt.c.inc @@ -24,7 +24,7 @@ bool qcrypto_cipher_supports(QCryptoCipherAlgorithm alg, QCryptoCipherMode mode) { switch (alg) { - case QCRYPTO_CIPHER_ALG_DES_RFB: + case QCRYPTO_CIPHER_ALG_DES: case QCRYPTO_CIPHER_ALG_3DES: case QCRYPTO_CIPHER_ALG_AES_128: case QCRYPTO_CIPHER_ALG_AES_192: @@ -186,7 +186,7 @@ static QCryptoCipher *qcrypto_cipher_ctx_new(QCryptoCip= herAlgorithm alg, } =20 switch (alg) { - case QCRYPTO_CIPHER_ALG_DES_RFB: + case QCRYPTO_CIPHER_ALG_DES: gcryalg =3D GCRY_CIPHER_DES; break; case QCRYPTO_CIPHER_ALG_3DES: @@ -257,17 +257,7 @@ static QCryptoCipher *qcrypto_cipher_ctx_new(QCryptoCi= pherAlgorithm alg, } ctx->blocksize =3D gcry_cipher_get_algo_blklen(gcryalg); =20 - if (alg =3D=3D QCRYPTO_CIPHER_ALG_DES_RFB) { - /* We're using standard DES cipher from gcrypt, so we need - * to munge the key so that the results are the same as the - * bizarre RFB variant of DES :-) - */ - uint8_t *rfbkey =3D qcrypto_cipher_munge_des_rfb_key(key, nkey); - err =3D gcry_cipher_setkey(ctx->handle, rfbkey, nkey); - g_free(rfbkey); - } else { - err =3D gcry_cipher_setkey(ctx->handle, key, nkey); - } + err =3D gcry_cipher_setkey(ctx->handle, key, nkey); if (err !=3D 0) { error_setg(errp, "Cannot set key: %s", gcry_strerror(err)); goto error; diff --git a/crypto/cipher-nettle.c.inc b/crypto/cipher-nettle.c.inc index fc6f40c026..24cc61f87b 100644 --- a/crypto/cipher-nettle.c.inc +++ b/crypto/cipher-nettle.c.inc @@ -235,11 +235,11 @@ static const struct QCryptoCipherDriver NAME##_driver= _xts =3D { \ DEFINE_XTS(NAME, TYPE, BLEN, ENCRYPT, DECRYPT) =20 =20 -typedef struct QCryptoNettleDESRFB { +typedef struct QCryptoNettleDES { QCryptoCipher base; struct des_ctx key; uint8_t iv[DES_BLOCK_SIZE]; -} QCryptoNettleDESRFB; +} QCryptoNettleDES; =20 static void des_encrypt_native(const void *ctx, size_t length, uint8_t *dst, const uint8_t *src) @@ -253,7 +253,7 @@ static void des_decrypt_native(const void *ctx, size_t = length, des_decrypt(ctx, length, dst, src); } =20 -DEFINE_ECB_CBC_CTR(qcrypto_nettle_des_rfb, QCryptoNettleDESRFB, +DEFINE_ECB_CBC_CTR(qcrypto_nettle_des, QCryptoNettleDES, DES_BLOCK_SIZE, des_encrypt_native, des_decrypt_native) =20 =20 @@ -431,7 +431,7 @@ bool qcrypto_cipher_supports(QCryptoCipherAlgorithm alg, QCryptoCipherMode mode) { switch (alg) { - case QCRYPTO_CIPHER_ALG_DES_RFB: + case QCRYPTO_CIPHER_ALG_DES: case QCRYPTO_CIPHER_ALG_3DES: case QCRYPTO_CIPHER_ALG_AES_128: case QCRYPTO_CIPHER_ALG_AES_192: @@ -480,32 +480,28 @@ static QCryptoCipher *qcrypto_cipher_ctx_new(QCryptoC= ipherAlgorithm alg, } =20 switch (alg) { - case QCRYPTO_CIPHER_ALG_DES_RFB: + case QCRYPTO_CIPHER_ALG_DES: { - QCryptoNettleDESRFB *ctx; + QCryptoNettleDES *ctx; const QCryptoCipherDriver *drv; - uint8_t *rfbkey; =20 switch (mode) { case QCRYPTO_CIPHER_MODE_ECB: - drv =3D &qcrypto_nettle_des_rfb_driver_ecb; + drv =3D &qcrypto_nettle_des_driver_ecb; break; case QCRYPTO_CIPHER_MODE_CBC: - drv =3D &qcrypto_nettle_des_rfb_driver_cbc; + drv =3D &qcrypto_nettle_des_driver_cbc; break; case QCRYPTO_CIPHER_MODE_CTR: - drv =3D &qcrypto_nettle_des_rfb_driver_ctr; + drv =3D &qcrypto_nettle_des_driver_ctr; break; default: goto bad_cipher_mode; } =20 - ctx =3D g_new0(QCryptoNettleDESRFB, 1); + ctx =3D g_new0(QCryptoNettleDES, 1); ctx->base.driver =3D drv; - - rfbkey =3D qcrypto_cipher_munge_des_rfb_key(key, nkey); - des_set_key(&ctx->key, rfbkey); - g_free(rfbkey); + des_set_key(&ctx->key, key); =20 return &ctx->base; } diff --git a/crypto/cipher.c b/crypto/cipher.c index 068b2fb867..1f5528be49 100644 --- a/crypto/cipher.c +++ b/crypto/cipher.c @@ -29,7 +29,7 @@ static const size_t alg_key_len[QCRYPTO_CIPHER_ALG__MAX] = =3D { [QCRYPTO_CIPHER_ALG_AES_128] =3D 16, [QCRYPTO_CIPHER_ALG_AES_192] =3D 24, [QCRYPTO_CIPHER_ALG_AES_256] =3D 32, - [QCRYPTO_CIPHER_ALG_DES_RFB] =3D 8, + [QCRYPTO_CIPHER_ALG_DES] =3D 8, [QCRYPTO_CIPHER_ALG_3DES] =3D 24, [QCRYPTO_CIPHER_ALG_CAST5_128] =3D 16, [QCRYPTO_CIPHER_ALG_SERPENT_128] =3D 16, @@ -44,7 +44,7 @@ static const size_t alg_block_len[QCRYPTO_CIPHER_ALG__MAX= ] =3D { [QCRYPTO_CIPHER_ALG_AES_128] =3D 16, [QCRYPTO_CIPHER_ALG_AES_192] =3D 16, [QCRYPTO_CIPHER_ALG_AES_256] =3D 16, - [QCRYPTO_CIPHER_ALG_DES_RFB] =3D 8, + [QCRYPTO_CIPHER_ALG_DES] =3D 8, [QCRYPTO_CIPHER_ALG_3DES] =3D 8, [QCRYPTO_CIPHER_ALG_CAST5_128] =3D 8, [QCRYPTO_CIPHER_ALG_SERPENT_128] =3D 16, @@ -107,9 +107,9 @@ qcrypto_cipher_validate_key_length(QCryptoCipherAlgorit= hm alg, } =20 if (mode =3D=3D QCRYPTO_CIPHER_MODE_XTS) { - if (alg =3D=3D QCRYPTO_CIPHER_ALG_DES_RFB - || alg =3D=3D QCRYPTO_CIPHER_ALG_3DES) { - error_setg(errp, "XTS mode not compatible with DES-RFB/3DES"); + if (alg =3D=3D QCRYPTO_CIPHER_ALG_DES || + alg =3D=3D QCRYPTO_CIPHER_ALG_3DES) { + error_setg(errp, "XTS mode not compatible with DES/3DES"); return false; } if (nkey % 2) { @@ -132,24 +132,6 @@ qcrypto_cipher_validate_key_length(QCryptoCipherAlgori= thm alg, return true; } =20 -#if defined(CONFIG_GCRYPT) || defined(CONFIG_NETTLE) -static uint8_t * -qcrypto_cipher_munge_des_rfb_key(const uint8_t *key, - size_t nkey) -{ - uint8_t *ret =3D g_new0(uint8_t, nkey); - size_t i; - for (i =3D 0; i < nkey; i++) { - uint8_t r =3D key[i]; - r =3D (r & 0xf0) >> 4 | (r & 0x0f) << 4; - r =3D (r & 0xcc) >> 2 | (r & 0x33) << 2; - r =3D (r & 0xaa) >> 1 | (r & 0x55) << 1; - ret[i] =3D r; - } - return ret; -} -#endif /* CONFIG_GCRYPT || CONFIG_NETTLE */ - #ifdef CONFIG_GCRYPT #include "cipher-gcrypt.c.inc" #elif defined CONFIG_NETTLE diff --git a/qapi/crypto.json b/qapi/crypto.json index 7116ae9a46..1ec54c15ca 100644 --- a/qapi/crypto.json +++ b/qapi/crypto.json @@ -66,7 +66,7 @@ # @aes-128: AES with 128 bit / 16 byte keys # @aes-192: AES with 192 bit / 24 byte keys # @aes-256: AES with 256 bit / 32 byte keys -# @des-rfb: RFB specific variant of single DES. Do not use except in VNC. +# @des: DES with 56 bit / 8 byte keys. Do not use except in VNC. (since 6.= 1) # @3des: 3DES(EDE) with 192 bit / 24 byte keys (since 2.9) # @cast5-128: Cast5 with 128 bit / 16 byte keys # @serpent-128: Serpent with 128 bit / 16 byte keys @@ -80,7 +80,7 @@ { 'enum': 'QCryptoCipherAlgorithm', 'prefix': 'QCRYPTO_CIPHER_ALG', 'data': ['aes-128', 'aes-192', 'aes-256', - 'des-rfb', '3des', + 'des', '3des', 'cast5-128', 'serpent-128', 'serpent-192', 'serpent-256', 'twofish-128', 'twofish-192', 'twofish-256']} diff --git a/tests/unit/test-crypto-cipher.c b/tests/unit/test-crypto-ciphe= r.c index 7dca7b26e4..d9d9d078ff 100644 --- a/tests/unit/test-crypto-cipher.c +++ b/tests/unit/test-crypto-cipher.c @@ -155,28 +155,28 @@ static QCryptoCipherTestData test_data[] =3D { * in single AES block, and gives identical * ciphertext in ECB and CBC modes */ - .path =3D "/crypto/cipher/des-rfb-ecb-56-one-block", - .alg =3D QCRYPTO_CIPHER_ALG_DES_RFB, + .path =3D "/crypto/cipher/des-ecb-56-one-block", + .alg =3D QCRYPTO_CIPHER_ALG_DES, .mode =3D QCRYPTO_CIPHER_MODE_ECB, - .key =3D "0123456789abcdef", + .key =3D "80c4a2e691d5b3f7", .plaintext =3D "70617373776f7264", .ciphertext =3D "73fa80b66134e403", }, { /* See previous comment */ - .path =3D "/crypto/cipher/des-rfb-cbc-56-one-block", - .alg =3D QCRYPTO_CIPHER_ALG_DES_RFB, + .path =3D "/crypto/cipher/des-cbc-56-one-block", + .alg =3D QCRYPTO_CIPHER_ALG_DES, .mode =3D QCRYPTO_CIPHER_MODE_CBC, - .key =3D "0123456789abcdef", + .key =3D "80c4a2e691d5b3f7", .iv =3D "0000000000000000", .plaintext =3D "70617373776f7264", .ciphertext =3D "73fa80b66134e403", }, { - .path =3D "/crypto/cipher/des-rfb-ecb-56", - .alg =3D QCRYPTO_CIPHER_ALG_DES_RFB, + .path =3D "/crypto/cipher/des-ecb-56", + .alg =3D QCRYPTO_CIPHER_ALG_DES, .mode =3D QCRYPTO_CIPHER_MODE_ECB, - .key =3D "0123456789abcdef", + .key =3D "80c4a2e691d5b3f7", .plaintext =3D "6bc1bee22e409f96e93d7e117393172a" "ae2d8a571e03ac9c9eb76fac45af8e51" diff --git a/ui/vnc.c b/ui/vnc.c index 0e5fcb278f..af02522e84 100644 --- a/ui/vnc.c +++ b/ui/vnc.c @@ -2733,6 +2733,19 @@ static void authentication_failed(VncState *vs) vnc_client_error(vs); } =20 +static void +vnc_munge_des_rfb_key(unsigned char *key, size_t nkey) +{ + size_t i; + for (i =3D 0; i < nkey; i++) { + uint8_t r =3D key[i]; + r =3D (r & 0xf0) >> 4 | (r & 0x0f) << 4; + r =3D (r & 0xcc) >> 2 | (r & 0x33) << 2; + r =3D (r & 0xaa) >> 1 | (r & 0x55) << 1; + key[i] =3D r; + } +} + static int protocol_client_auth_vnc(VncState *vs, uint8_t *data, size_t le= n) { unsigned char response[VNC_AUTH_CHALLENGE_SIZE]; @@ -2757,9 +2770,10 @@ static int protocol_client_auth_vnc(VncState *vs, ui= nt8_t *data, size_t len) pwlen =3D strlen(vs->vd->password); for (i=3D0; ivd->password[i] : 0; + vnc_munge_des_rfb_key(key, sizeof(key)); =20 cipher =3D qcrypto_cipher_new( - QCRYPTO_CIPHER_ALG_DES_RFB, + QCRYPTO_CIPHER_ALG_DES, QCRYPTO_CIPHER_MODE_ECB, key, G_N_ELEMENTS(key), &err); @@ -4045,9 +4059,9 @@ void vnc_display_open(const char *id, Error **errp) goto fail; } if (!qcrypto_cipher_supports( - QCRYPTO_CIPHER_ALG_DES_RFB, QCRYPTO_CIPHER_MODE_ECB)) { + QCRYPTO_CIPHER_ALG_DES, QCRYPTO_CIPHER_MODE_ECB)) { error_setg(errp, - "Cipher backend does not support DES RFB algorithm"= ); + "Cipher backend does not support DES algorithm"); goto fail; } } --=20 2.31.1 From nobody Mon May 20 02:35:13 2024 Delivered-To: importer@patchew.org Authentication-Results: mx.zohomail.com; dkim=fail; spf=pass (zohomail.com: domain of gnu.org designates 209.51.188.17 as permitted sender) smtp.mailfrom=qemu-devel-bounces+importer=patchew.org@nongnu.org; dmarc=fail(p=none dis=none) header.from=redhat.com Return-Path: Received: from lists.gnu.org (lists.gnu.org [209.51.188.17]) by mx.zohomail.com with SMTPS id 162627228918324.008750288415968; Wed, 14 Jul 2021 07:18:09 -0700 (PDT) Received: from localhost ([::1]:47622 helo=lists1p.gnu.org) by lists.gnu.org with esmtp (Exim 4.90_1) (envelope-from ) id 1m3fiC-0000nf-54 for importer@patchew.org; Wed, 14 Jul 2021 10:18:08 -0400 Received: from eggs.gnu.org ([2001:470:142:3::10]:38186) by lists.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.90_1) (envelope-from ) id 1m3fbc-0005ER-Al for qemu-devel@nongnu.org; Wed, 14 Jul 2021 10:11:23 -0400 Received: from us-smtp-delivery-124.mimecast.com ([216.205.24.124]:20373) by eggs.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.90_1) (envelope-from ) id 1m3fba-0007pp-HU for qemu-devel@nongnu.org; Wed, 14 Jul 2021 10:11:20 -0400 Received: from mimecast-mx01.redhat.com (mimecast-mx01.redhat.com [209.132.183.4]) (Using TLS) by relay.mimecast.com with ESMTP id us-mta-13-Nj3X5rbdOzCAendYo_LgUg-1; Wed, 14 Jul 2021 10:11:14 -0400 Received: from smtp.corp.redhat.com (int-mx01.intmail.prod.int.phx2.redhat.com [10.5.11.11]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by mimecast-mx01.redhat.com (Postfix) with ESMTPS id A7888100C66C; Wed, 14 Jul 2021 14:11:13 +0000 (UTC) Received: from localhost.localdomain.com (ovpn-114-160.ams2.redhat.com [10.36.114.160]) by smtp.corp.redhat.com (Postfix) with ESMTP id 8335F60BD8; Wed, 14 Jul 2021 14:10:51 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=redhat.com; s=mimecast20190719; t=1626271877; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:cc:mime-version:mime-version:content-type:content-type: content-transfer-encoding:content-transfer-encoding: in-reply-to:in-reply-to:references:references; bh=r+pd+Yz9mU3XdBnwWyCMV3biIWlp9UfjIKGBhiXFN6o=; b=Gd58YhB3vUmMtrpijyb460ZSqXcSKrXIXurNevWg7be8WnvRj5pktNDcbCYqYdQm7O6grB eiEx5vbOJ0b7zFvb75Vq2z4roImzebw8P/LP7Xh4vfwDsWJ4GQOWjK3gjv41TN+VQdhIYM 0tDV6iWtutIAuW5hjYTZbcsg1+3ddI0= X-MC-Unique: Nj3X5rbdOzCAendYo_LgUg-1 From: =?UTF-8?q?Daniel=20P=2E=20Berrang=C3=A9?= To: qemu-devel@nongnu.org Subject: [PULL 12/26] crypto: flip priority of backends to prefer gcrypt Date: Wed, 14 Jul 2021 15:08:44 +0100 Message-Id: <20210714140858.2247409-13-berrange@redhat.com> In-Reply-To: <20210714140858.2247409-1-berrange@redhat.com> References: <20210714140858.2247409-1-berrange@redhat.com> MIME-Version: 1.0 X-Scanned-By: MIMEDefang 2.79 on 10.5.11.11 Authentication-Results: relay.mimecast.com; auth=pass smtp.auth=CUSA124A263 smtp.mailfrom=berrange@redhat.com X-Mimecast-Spam-Score: 0 X-Mimecast-Originator: redhat.com Content-Type: text/plain; charset="utf-8" Content-Transfer-Encoding: quoted-printable Received-SPF: pass (zohomail.com: domain of gnu.org designates 209.51.188.17 as permitted sender) client-ip=209.51.188.17; envelope-from=qemu-devel-bounces+importer=patchew.org@nongnu.org; helo=lists.gnu.org; Received-SPF: pass client-ip=216.205.24.124; envelope-from=berrange@redhat.com; helo=us-smtp-delivery-124.mimecast.com X-Spam_score_int: -34 X-Spam_score: -3.5 X-Spam_bar: --- X-Spam_report: (-3.5 / 5.0 requ) BAYES_00=-1.9, DKIMWL_WL_HIGH=-0.699, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, RCVD_IN_DNSWL_LOW=-0.7, RCVD_IN_MSPIKE_H4=0.001, RCVD_IN_MSPIKE_WL=0.001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001 autolearn=ham autolearn_force=no X-Spam_action: no action X-BeenThere: qemu-devel@nongnu.org X-Mailman-Version: 2.1.23 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Cc: Eduardo Otubo , =?UTF-8?q?Daniel=20P=2E=20Berrang=C3=A9?= , Eduardo Habkost , Juan Quintela , Jason Wang , Richard Henderson , "Dr. David Alan Gilbert" , Markus Armbruster , Jiri Pirko , Gerd Hoffmann , Paolo Bonzini , Eric Blake Errors-To: qemu-devel-bounces+importer=patchew.org@nongnu.org Sender: "Qemu-devel" X-ZohoMail-DKIM: fail (Header signature does not verify) X-ZM-MESSAGEID: 1626272374468100003 Originally we preferred to use nettle over gcrypt because gnutls already links to nettle and thus it minimizes the dependencies. In retrospect this was the wrong criteria to optimize for. Currently shipping versions of gcrypt have cipher impls that are massively faster than those in nettle and this is way more important. The nettle library is also not capable of enforcing FIPS compliance, since it considers that out of scope. It merely aims to provide general purpose impls of algorithms, and usage policy is left upto the layer above, such as GNUTLS. Reviewed-by: Eric Blake Signed-off-by: Daniel P. Berrang=C3=A9 --- meson.build | 22 +++++++++++----------- 1 file changed, 11 insertions(+), 11 deletions(-) diff --git a/meson.build b/meson.build index 8f899e1e9b..c3a6096820 100644 --- a/meson.build +++ b/meson.build @@ -823,22 +823,13 @@ if not get_option('gnutls').auto() or have_system kwargs: static_kwargs) endif =20 -# Nettle has priority over gcrypt +# Gcrypt has priority over nettle gcrypt =3D not_found nettle =3D not_found xts =3D 'none' if get_option('nettle').enabled() and get_option('gcrypt').enabled() error('Only one of gcrypt & nettle can be enabled') -elif (not get_option('nettle').auto() or have_system) and not get_option('= gcrypt').enabled() - nettle =3D dependency('nettle', version: '>=3D3.4', - method: 'pkg-config', - required: get_option('nettle'), - kwargs: static_kwargs) - if nettle.found() and not cc.has_header('nettle/xts.h', dependencies: ne= ttle) - xts =3D 'private' - endif -endif -if (not get_option('gcrypt').auto() or have_system) and not nettle.found() +elif (not get_option('gcrypt').auto() or have_system) and not get_option('= nettle').enabled() gcrypt =3D dependency('libgcrypt', version: '>=3D1.8', method: 'config-tool', required: get_option('gcrypt'), @@ -852,6 +843,15 @@ if (not get_option('gcrypt').auto() or have_system) an= d not nettle.found() cc.find_library('gpg-error', required: true, kwargs: static_kwargs)]) endif endif +if (not get_option('nettle').auto() or have_system) and not gcrypt.found() + nettle =3D dependency('nettle', version: '>=3D3.4', + method: 'pkg-config', + required: get_option('nettle'), + kwargs: static_kwargs) + if nettle.found() and not cc.has_header('nettle/xts.h', dependencies: ne= ttle) + xts =3D 'private' + endif +endif =20 gtk =3D not_found gtkx11 =3D not_found --=20 2.31.1 From nobody Mon May 20 02:35:13 2024 Delivered-To: importer@patchew.org Authentication-Results: mx.zohomail.com; dkim=fail; spf=pass (zohomail.com: domain of gnu.org designates 209.51.188.17 as permitted sender) smtp.mailfrom=qemu-devel-bounces+importer=patchew.org@nongnu.org; dmarc=fail(p=none dis=none) header.from=redhat.com Return-Path: Received: from lists.gnu.org (lists.gnu.org [209.51.188.17]) by mx.zohomail.com with SMTPS id 1626272430185546.3274935227952; Wed, 14 Jul 2021 07:20:30 -0700 (PDT) Received: from localhost ([::1]:57000 helo=lists1p.gnu.org) by lists.gnu.org with esmtp (Exim 4.90_1) (envelope-from ) id 1m3fkT-0006wl-1Z for importer@patchew.org; Wed, 14 Jul 2021 10:20:29 -0400 Received: from eggs.gnu.org ([2001:470:142:3::10]:38194) by lists.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.90_1) (envelope-from ) id 1m3fbd-0005EU-Ac for qemu-devel@nongnu.org; Wed, 14 Jul 2021 10:11:23 -0400 Received: from us-smtp-delivery-124.mimecast.com ([216.205.24.124]:48703) by eggs.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.90_1) (envelope-from ) id 1m3fbb-0007qS-GU for qemu-devel@nongnu.org; Wed, 14 Jul 2021 10:11:21 -0400 Received: from mimecast-mx01.redhat.com (mimecast-mx01.redhat.com [209.132.183.4]) (Using TLS) by relay.mimecast.com with ESMTP id us-mta-201-ni-xKy5FNoyFn000Qoxeow-1; Wed, 14 Jul 2021 10:11:17 -0400 Received: from smtp.corp.redhat.com (int-mx01.intmail.prod.int.phx2.redhat.com [10.5.11.11]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by mimecast-mx01.redhat.com (Postfix) with ESMTPS id B703A80414F; Wed, 14 Jul 2021 14:11:16 +0000 (UTC) Received: from localhost.localdomain.com (ovpn-114-160.ams2.redhat.com [10.36.114.160]) by smtp.corp.redhat.com (Postfix) with ESMTP id EFFBF69CB4; Wed, 14 Jul 2021 14:11:13 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=redhat.com; s=mimecast20190719; t=1626271878; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:cc:mime-version:mime-version:content-type:content-type: content-transfer-encoding:content-transfer-encoding: in-reply-to:in-reply-to:references:references; bh=3jvJxLVPOjgZBs7yViAVbmQJP/bO3HTWMU4E8VUz+NA=; b=XGChxLxmmGSQGREk9VJyTYf6fZIv6EyWrxNVYcVOmn38By7iiXxBDMKfe/kJKRgnJvf9ss k0Y8p2QgBxfHeGyNNWTaOb+ExGm4YM5c2YjH6ErsnGNvApbhf5zajSso+S9hyV+TojrSPH FImMpztOxMezFDMEK1F3KR22bfDLf0A= X-MC-Unique: ni-xKy5FNoyFn000Qoxeow-1 From: =?UTF-8?q?Daniel=20P=2E=20Berrang=C3=A9?= To: qemu-devel@nongnu.org Subject: [PULL 13/26] crypto: introduce build system for gnutls crypto backend Date: Wed, 14 Jul 2021 15:08:45 +0100 Message-Id: <20210714140858.2247409-14-berrange@redhat.com> In-Reply-To: <20210714140858.2247409-1-berrange@redhat.com> References: <20210714140858.2247409-1-berrange@redhat.com> MIME-Version: 1.0 X-Scanned-By: MIMEDefang 2.79 on 10.5.11.11 Authentication-Results: relay.mimecast.com; auth=pass smtp.auth=CUSA124A263 smtp.mailfrom=berrange@redhat.com X-Mimecast-Spam-Score: 0 X-Mimecast-Originator: redhat.com Content-Type: text/plain; charset="utf-8" Content-Transfer-Encoding: quoted-printable Received-SPF: pass (zohomail.com: domain of gnu.org designates 209.51.188.17 as permitted sender) client-ip=209.51.188.17; envelope-from=qemu-devel-bounces+importer=patchew.org@nongnu.org; helo=lists.gnu.org; Received-SPF: pass client-ip=216.205.24.124; envelope-from=berrange@redhat.com; helo=us-smtp-delivery-124.mimecast.com X-Spam_score_int: -34 X-Spam_score: -3.5 X-Spam_bar: --- X-Spam_report: (-3.5 / 5.0 requ) BAYES_00=-1.9, DKIMWL_WL_HIGH=-0.699, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, RCVD_IN_DNSWL_LOW=-0.7, RCVD_IN_MSPIKE_H4=0.001, RCVD_IN_MSPIKE_WL=0.001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001 autolearn=ham autolearn_force=no X-Spam_action: no action X-BeenThere: qemu-devel@nongnu.org X-Mailman-Version: 2.1.23 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Cc: Eduardo Otubo , =?UTF-8?q?Daniel=20P=2E=20Berrang=C3=A9?= , Eduardo Habkost , Juan Quintela , Jason Wang , Richard Henderson , "Dr. David Alan Gilbert" , Markus Armbruster , Jiri Pirko , Gerd Hoffmann , Paolo Bonzini , Eric Blake Errors-To: qemu-devel-bounces+importer=patchew.org@nongnu.org Sender: "Qemu-devel" X-ZohoMail-DKIM: fail (Header signature does not verify) X-ZM-MESSAGEID: 1626272453818100001 This introduces the build logic needed to decide whether we can use gnutls as a crypto driver backend. The actual implementations will be introduced in following patches. We only wish to use gnutls if it has version 3.6.14 or newer, because that is what finally brings HW accelerated AES-XTS mode for x86_64. Reviewed-by: Eric Blake Signed-off-by: Daniel P. Berrang=C3=A9 --- crypto/meson.build | 3 +++ meson.build | 36 ++++++++++++++++++++++++++++++++---- 2 files changed, 35 insertions(+), 4 deletions(-) diff --git a/crypto/meson.build b/crypto/meson.build index fc8de287e1..f3bab7c067 100644 --- a/crypto/meson.build +++ b/crypto/meson.build @@ -38,6 +38,9 @@ crypto_ss.add(when: gnutls, if_true: files('tls-cipher-su= ites.c')) =20 util_ss.add(files('aes.c')) util_ss.add(files('init.c')) +if gnutls.found() + util_ss.add(gnutls) +endif =20 if gcrypt.found() util_ss.add(gcrypt, files('random-gcrypt.c')) diff --git a/meson.build b/meson.build index c3a6096820..38b89d424b 100644 --- a/meson.build +++ b/meson.build @@ -816,11 +816,34 @@ if 'CONFIG_OPENGL' in config_host endif =20 gnutls =3D not_found +gnutls_crypto =3D not_found if not get_option('gnutls').auto() or have_system - gnutls =3D dependency('gnutls', version: '>=3D3.5.18', - method: 'pkg-config', - required: get_option('gnutls'), - kwargs: static_kwargs) + # For general TLS support our min gnutls matches + # that implied by our platform support matrix + # + # For the crypto backends, we look for a newer + # gnutls: + # + # Version 3.6.8 is needed to get XTS + # Version 3.6.13 is needed to get PBKDF + # Version 3.6.14 is needed to get HW accelerated XTS + # + # If newer enough gnutls isn't available, we can + # still use a different crypto backend to satisfy + # the platform support requirements + gnutls_crypto =3D dependency('gnutls', version: '>=3D3.6.14', + method: 'pkg-config', + required: false, + kwargs: static_kwargs) + if gnutls_crypto.found() + gnutls =3D gnutls_crypto + else + # Our min version if all we need is TLS + gnutls =3D dependency('gnutls', version: '>=3D3.5.18', + method: 'pkg-config', + required: get_option('gnutls'), + kwargs: static_kwargs) + endif endif =20 # Gcrypt has priority over nettle @@ -852,6 +875,9 @@ if (not get_option('nettle').auto() or have_system) and= not gcrypt.found() xts =3D 'private' endif endif +if gcrypt.found() or nettle.found() + gnutls_crypto =3D not_found +endif =20 gtk =3D not_found gtkx11 =3D not_found @@ -1236,6 +1262,7 @@ config_host_data.set('CONFIG_XKBCOMMON', xkbcommon.fo= und()) config_host_data.set('CONFIG_KEYUTILS', keyutils.found()) config_host_data.set('CONFIG_GETTID', has_gettid) config_host_data.set('CONFIG_GNUTLS', gnutls.found()) +config_host_data.set('CONFIG_GNUTLS_CRYPTO', gnutls_crypto.found()) config_host_data.set('CONFIG_GCRYPT', gcrypt.found()) config_host_data.set('CONFIG_NETTLE', nettle.found()) config_host_data.set('CONFIG_QEMU_PRIVATE_XTS', xts =3D=3D 'private') @@ -2958,6 +2985,7 @@ summary(summary_info, bool_yn: true, section: 'Block = layer support') summary_info =3D {} summary_info +=3D {'TLS priority': config_host['CONFIG_TLS_PRIORITY']} summary_info +=3D {'GNUTLS support': gnutls.found()} +summary_info +=3D {'GNUTLS crypto': gnutls_crypto.found()} # TODO: add back version summary_info +=3D {'libgcrypt': gcrypt.found()} # TODO: add back version --=20 2.31.1 From nobody Mon May 20 02:35:13 2024 Delivered-To: importer@patchew.org Authentication-Results: mx.zohomail.com; dkim=fail; spf=pass (zohomail.com: domain of gnu.org designates 209.51.188.17 as permitted sender) smtp.mailfrom=qemu-devel-bounces+importer=patchew.org@nongnu.org; dmarc=fail(p=none dis=none) header.from=redhat.com Return-Path: Received: from lists.gnu.org (lists.gnu.org [209.51.188.17]) by mx.zohomail.com with SMTPS id 1626272485555784.3897008537195; Wed, 14 Jul 2021 07:21:25 -0700 (PDT) Received: from localhost ([::1]:60448 helo=lists1p.gnu.org) by lists.gnu.org with esmtp (Exim 4.90_1) (envelope-from ) id 1m3flL-0000rn-H8 for importer@patchew.org; Wed, 14 Jul 2021 10:21:23 -0400 Received: from eggs.gnu.org ([2001:470:142:3::10]:38218) by lists.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.90_1) (envelope-from ) id 1m3fbh-0005O6-VA for qemu-devel@nongnu.org; Wed, 14 Jul 2021 10:11:25 -0400 Received: from us-smtp-delivery-124.mimecast.com ([216.205.24.124]:31527) by eggs.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.90_1) (envelope-from ) id 1m3fbf-0007t2-HD for qemu-devel@nongnu.org; Wed, 14 Jul 2021 10:11:25 -0400 Received: from mimecast-mx01.redhat.com (mimecast-mx01.redhat.com [209.132.183.4]) (Using TLS) by relay.mimecast.com with ESMTP id us-mta-591-o9vbbwDsOiO161KfZ9ijHg-1; Wed, 14 Jul 2021 10:11:21 -0400 Received: from smtp.corp.redhat.com (int-mx01.intmail.prod.int.phx2.redhat.com [10.5.11.11]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by mimecast-mx01.redhat.com (Postfix) with ESMTPS id 257DD100C666; Wed, 14 Jul 2021 14:11:20 +0000 (UTC) Received: from localhost.localdomain.com (ovpn-114-160.ams2.redhat.com [10.36.114.160]) by smtp.corp.redhat.com (Postfix) with ESMTP id 158536E0B6; Wed, 14 Jul 2021 14:11:16 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=redhat.com; s=mimecast20190719; t=1626271882; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:cc:mime-version:mime-version:content-type:content-type: content-transfer-encoding:content-transfer-encoding: in-reply-to:in-reply-to:references:references; bh=HuqRPOdiPzzVxp2zTLu951xPsYkhJLAuLHMA6xoe4XE=; b=CP1p+AAiOt+tOnWo9iioIyRD3Bb6jAYoOPwxQNdp6hvVG4XGV91LrqpRFPgO28K2rR1p2o dw8Gf75/zqZOjQ9MVBtseaq7udGgE69918xpRCf1d9QCbYpkjZfuy8V3rkHiGZ1qmUDtA3 F9eHXh+8mVttHh/X6d0xPgXWCUVEZyU= X-MC-Unique: o9vbbwDsOiO161KfZ9ijHg-1 From: =?UTF-8?q?Daniel=20P=2E=20Berrang=C3=A9?= To: qemu-devel@nongnu.org Subject: [PULL 14/26] crypto: add gnutls cipher provider Date: Wed, 14 Jul 2021 15:08:46 +0100 Message-Id: <20210714140858.2247409-15-berrange@redhat.com> In-Reply-To: <20210714140858.2247409-1-berrange@redhat.com> References: <20210714140858.2247409-1-berrange@redhat.com> MIME-Version: 1.0 X-Scanned-By: MIMEDefang 2.79 on 10.5.11.11 Authentication-Results: relay.mimecast.com; auth=pass smtp.auth=CUSA124A263 smtp.mailfrom=berrange@redhat.com X-Mimecast-Spam-Score: 0 X-Mimecast-Originator: redhat.com Content-Type: text/plain; charset="utf-8" Content-Transfer-Encoding: quoted-printable Received-SPF: pass (zohomail.com: domain of gnu.org designates 209.51.188.17 as permitted sender) client-ip=209.51.188.17; envelope-from=qemu-devel-bounces+importer=patchew.org@nongnu.org; helo=lists.gnu.org; Received-SPF: pass client-ip=216.205.24.124; envelope-from=berrange@redhat.com; helo=us-smtp-delivery-124.mimecast.com X-Spam_score_int: -34 X-Spam_score: -3.5 X-Spam_bar: --- X-Spam_report: (-3.5 / 5.0 requ) BAYES_00=-1.9, DKIMWL_WL_HIGH=-0.699, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, RCVD_IN_DNSWL_LOW=-0.7, RCVD_IN_MSPIKE_H4=0.001, RCVD_IN_MSPIKE_WL=0.001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001 autolearn=ham autolearn_force=no X-Spam_action: no action X-BeenThere: qemu-devel@nongnu.org X-Mailman-Version: 2.1.23 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Cc: Eduardo Otubo , =?UTF-8?q?Daniel=20P=2E=20Berrang=C3=A9?= , Eduardo Habkost , Juan Quintela , Jason Wang , Richard Henderson , "Dr. David Alan Gilbert" , Markus Armbruster , Jiri Pirko , Gerd Hoffmann , Paolo Bonzini , Eric Blake Errors-To: qemu-devel-bounces+importer=patchew.org@nongnu.org Sender: "Qemu-devel" X-ZohoMail-DKIM: fail (Header signature does not verify) X-ZM-MESSAGEID: 1626272486867100002 Add an implementation of the QEMU cipher APIs to the gnutls crypto backend. XTS support is only available for gnutls version >=3D 3.6.8. Since ECB mode is not exposed by gnutls APIs, we can't use the private XTS code for compatibility. Reviewed-by: Eric Blake Signed-off-by: Daniel P. Berrang=C3=A9 --- crypto/cipher-gnutls.c.inc | 335 +++++++++++++++++++++++++++++++++++++ crypto/cipher.c | 2 + 2 files changed, 337 insertions(+) create mode 100644 crypto/cipher-gnutls.c.inc diff --git a/crypto/cipher-gnutls.c.inc b/crypto/cipher-gnutls.c.inc new file mode 100644 index 0000000000..501e4e07a5 --- /dev/null +++ b/crypto/cipher-gnutls.c.inc @@ -0,0 +1,335 @@ +/* + * QEMU Crypto cipher gnutls algorithms + * + * Copyright (c) 2021 Red Hat, Inc. + * + * This library is free software; you can redistribute it and/or + * modify it under the terms of the GNU Lesser General Public + * License as published by the Free Software Foundation; either + * version 2.1 of the License, or (at your option) any later version. + * + * This library is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU + * Lesser General Public License for more details. + * + * You should have received a copy of the GNU Lesser General Public + * License along with this library; if not, see . + * + */ + +#include "qemu/osdep.h" +#include "cipherpriv.h" + +#include + +#if GNUTLS_VERSION_NUMBER >=3D 0x030608 +#define QEMU_GNUTLS_XTS +#endif + +bool qcrypto_cipher_supports(QCryptoCipherAlgorithm alg, + QCryptoCipherMode mode) +{ + + switch (mode) { + case QCRYPTO_CIPHER_MODE_ECB: + case QCRYPTO_CIPHER_MODE_CBC: + switch (alg) { + case QCRYPTO_CIPHER_ALG_AES_128: + case QCRYPTO_CIPHER_ALG_AES_192: + case QCRYPTO_CIPHER_ALG_AES_256: + case QCRYPTO_CIPHER_ALG_DES: + case QCRYPTO_CIPHER_ALG_3DES: + return true; + default: + return false; + } +#ifdef QEMU_GNUTLS_XTS + case QCRYPTO_CIPHER_MODE_XTS: + switch (alg) { + case QCRYPTO_CIPHER_ALG_AES_128: + case QCRYPTO_CIPHER_ALG_AES_256: + return true; + default: + return false; + } +#endif + default: + return false; + } +} + +typedef struct QCryptoCipherGnutls QCryptoCipherGnutls; +struct QCryptoCipherGnutls { + QCryptoCipher base; + gnutls_cipher_hd_t handle; /* XTS & CBC mode */ + gnutls_cipher_algorithm_t galg; /* ECB mode */ + guint8 *key; /* ECB mode */ + size_t nkey; /* ECB mode */ + size_t blocksize; +}; + + +static void +qcrypto_gnutls_cipher_free(QCryptoCipher *cipher) +{ + QCryptoCipherGnutls *ctx =3D container_of(cipher, QCryptoCipherGnutls,= base); + + g_free(ctx->key); + if (ctx->handle) { + gnutls_cipher_deinit(ctx->handle); + } + g_free(ctx); +} + + +static int +qcrypto_gnutls_cipher_encrypt(QCryptoCipher *cipher, + const void *in, + void *out, + size_t len, + Error **errp) +{ + QCryptoCipherGnutls *ctx =3D container_of(cipher, QCryptoCipherGnutls,= base); + int err; + + if (len % ctx->blocksize) { + error_setg(errp, "Length %zu must be a multiple of block size %zu", + len, ctx->blocksize); + return -1; + } + + if (ctx->handle) { /* CBC / XTS mode */ + err =3D gnutls_cipher_encrypt2(ctx->handle, + in, len, + out, len); + if (err !=3D 0) { + error_setg(errp, "Cannot encrypt data: %s", + gnutls_strerror(err)); + return -1; + } + } else { /* ECB mode very inefficiently faked with CBC */ + g_autofree unsigned char *iv =3D g_new0(unsigned char, ctx->blocks= ize); + while (len) { + gnutls_cipher_hd_t handle; + gnutls_datum_t gkey =3D { (unsigned char *)ctx->key, ctx->nkey= }; + int err =3D gnutls_cipher_init(&handle, ctx->galg, &gkey, NULL= ); + if (err !=3D 0) { + error_setg(errp, "Cannot initialize cipher: %s", + gnutls_strerror(err)); + return -1; + } + + gnutls_cipher_set_iv(handle, iv, ctx->blocksize); + + err =3D gnutls_cipher_encrypt2(handle, + in, ctx->blocksize, + out, ctx->blocksize); + if (err !=3D 0) { + gnutls_cipher_deinit(handle); + error_setg(errp, "Cannot encrypt data: %s", + gnutls_strerror(err)); + return -1; + } + gnutls_cipher_deinit(handle); + + len -=3D ctx->blocksize; + in +=3D ctx->blocksize; + out +=3D ctx->blocksize; + } + } + + return 0; +} + + +static int +qcrypto_gnutls_cipher_decrypt(QCryptoCipher *cipher, + const void *in, + void *out, + size_t len, + Error **errp) +{ + QCryptoCipherGnutls *ctx =3D container_of(cipher, QCryptoCipherGnutls,= base); + int err; + + if (len % ctx->blocksize) { + error_setg(errp, "Length %zu must be a multiple of block size %zu", + len, ctx->blocksize); + return -1; + } + + if (ctx->handle) { /* CBC / XTS mode */ + err =3D gnutls_cipher_decrypt2(ctx->handle, + in, len, + out, len); + + if (err !=3D 0) { + error_setg(errp, "Cannot decrypt data: %s", + gnutls_strerror(err)); + return -1; + } + } else { /* ECB mode very inefficiently faked with CBC */ + g_autofree unsigned char *iv =3D g_new0(unsigned char, ctx->blocks= ize); + while (len) { + gnutls_cipher_hd_t handle; + gnutls_datum_t gkey =3D { (unsigned char *)ctx->key, ctx->nkey= }; + int err =3D gnutls_cipher_init(&handle, ctx->galg, &gkey, NULL= ); + if (err !=3D 0) { + error_setg(errp, "Cannot initialize cipher: %s", + gnutls_strerror(err)); + return -1; + } + + gnutls_cipher_set_iv(handle, iv, ctx->blocksize); + + err =3D gnutls_cipher_decrypt2(handle, + in, ctx->blocksize, + out, ctx->blocksize); + if (err !=3D 0) { + gnutls_cipher_deinit(handle); + error_setg(errp, "Cannot encrypt data: %s", + gnutls_strerror(err)); + return -1; + } + gnutls_cipher_deinit(handle); + + len -=3D ctx->blocksize; + in +=3D ctx->blocksize; + out +=3D ctx->blocksize; + } + } + + return 0; +} + +static int +qcrypto_gnutls_cipher_setiv(QCryptoCipher *cipher, + const uint8_t *iv, size_t niv, + Error **errp) +{ + QCryptoCipherGnutls *ctx =3D container_of(cipher, QCryptoCipherGnutls,= base); + + if (niv !=3D ctx->blocksize) { + error_setg(errp, "Expected IV size %zu not %zu", + ctx->blocksize, niv); + return -1; + } + + gnutls_cipher_set_iv(ctx->handle, (unsigned char *)iv, niv); + + return 0; +} + + +static struct QCryptoCipherDriver gnutls_driver =3D { + .cipher_encrypt =3D qcrypto_gnutls_cipher_encrypt, + .cipher_decrypt =3D qcrypto_gnutls_cipher_decrypt, + .cipher_setiv =3D qcrypto_gnutls_cipher_setiv, + .cipher_free =3D qcrypto_gnutls_cipher_free, +}; + +static QCryptoCipher *qcrypto_cipher_ctx_new(QCryptoCipherAlgorithm alg, + QCryptoCipherMode mode, + const uint8_t *key, + size_t nkey, + Error **errp) +{ + QCryptoCipherGnutls *ctx; + gnutls_datum_t gkey =3D { (unsigned char *)key, nkey }; + gnutls_cipher_algorithm_t galg =3D GNUTLS_CIPHER_UNKNOWN; + int err; + + switch (mode) { +#ifdef QEMU_GNUTLS_XTS + case QCRYPTO_CIPHER_MODE_XTS: + switch (alg) { + case QCRYPTO_CIPHER_ALG_AES_128: + galg =3D GNUTLS_CIPHER_AES_128_XTS; + break; + case QCRYPTO_CIPHER_ALG_AES_256: + galg =3D GNUTLS_CIPHER_AES_256_XTS; + break; + default: + break; + } + break; +#endif + + case QCRYPTO_CIPHER_MODE_ECB: + case QCRYPTO_CIPHER_MODE_CBC: + switch (alg) { + case QCRYPTO_CIPHER_ALG_AES_128: + galg =3D GNUTLS_CIPHER_AES_128_CBC; + break; + case QCRYPTO_CIPHER_ALG_AES_192: + galg =3D GNUTLS_CIPHER_AES_192_CBC; + break; + case QCRYPTO_CIPHER_ALG_AES_256: + galg =3D GNUTLS_CIPHER_AES_256_CBC; + break; + case QCRYPTO_CIPHER_ALG_DES: + galg =3D GNUTLS_CIPHER_DES_CBC; + break; + case QCRYPTO_CIPHER_ALG_3DES: + galg =3D GNUTLS_CIPHER_3DES_CBC; + break; + default: + break; + } + break; + default: + break; + } + + if (galg =3D=3D GNUTLS_CIPHER_UNKNOWN) { + error_setg(errp, "Unsupported cipher algorithm %s with %s mode", + QCryptoCipherAlgorithm_str(alg), + QCryptoCipherMode_str(mode)); + return NULL; + } + + if (!qcrypto_cipher_validate_key_length(alg, mode, nkey, errp)) { + return NULL; + } + + ctx =3D g_new0(QCryptoCipherGnutls, 1); + ctx->base.driver =3D &gnutls_driver; + + if (mode =3D=3D QCRYPTO_CIPHER_MODE_ECB) { + ctx->key =3D g_new0(guint8, nkey); + memcpy(ctx->key, key, nkey); + ctx->nkey =3D nkey; + ctx->galg =3D galg; + } else { + err =3D gnutls_cipher_init(&ctx->handle, galg, &gkey, NULL); + if (err !=3D 0) { + error_setg(errp, "Cannot initialize cipher: %s", + gnutls_strerror(err)); + goto error; + } + } + + if (alg =3D=3D QCRYPTO_CIPHER_ALG_DES || + alg =3D=3D QCRYPTO_CIPHER_ALG_3DES) + ctx->blocksize =3D 8; + else + ctx->blocksize =3D 16; + + /* + * Our API contract for requires iv to be optional + * but nettle gets unhappy when called by gnutls + * in this case, so we just force set a default + * all-zeros IV, to match behaviour of other backends. + */ + if (mode !=3D QCRYPTO_CIPHER_MODE_ECB) { + g_autofree unsigned char *iv =3D g_new0(unsigned char, ctx->blocks= ize); + gnutls_cipher_set_iv(ctx->handle, iv, ctx->blocksize); + } + + return &ctx->base; + + error: + qcrypto_gnutls_cipher_free(&ctx->base); + return NULL; +} diff --git a/crypto/cipher.c b/crypto/cipher.c index 1f5528be49..74b09a5b26 100644 --- a/crypto/cipher.c +++ b/crypto/cipher.c @@ -136,6 +136,8 @@ qcrypto_cipher_validate_key_length(QCryptoCipherAlgorit= hm alg, #include "cipher-gcrypt.c.inc" #elif defined CONFIG_NETTLE #include "cipher-nettle.c.inc" +#elif defined CONFIG_GNUTLS_CRYPTO +#include "cipher-gnutls.c.inc" #else #include "cipher-builtin.c.inc" #endif --=20 2.31.1 From nobody Mon May 20 02:35:13 2024 Delivered-To: importer@patchew.org Authentication-Results: mx.zohomail.com; dkim=fail; spf=pass (zohomail.com: domain of gnu.org designates 209.51.188.17 as permitted sender) smtp.mailfrom=qemu-devel-bounces+importer=patchew.org@nongnu.org; dmarc=fail(p=none dis=none) header.from=redhat.com Return-Path: Received: from lists.gnu.org (lists.gnu.org [209.51.188.17]) by mx.zohomail.com with SMTPS id 1626272582329786.1150026298944; Wed, 14 Jul 2021 07:23:02 -0700 (PDT) Received: from localhost ([::1]:37412 helo=lists1p.gnu.org) by lists.gnu.org with esmtp (Exim 4.90_1) (envelope-from ) id 1m3fmv-0004OG-1M for importer@patchew.org; Wed, 14 Jul 2021 10:23:01 -0400 Received: from eggs.gnu.org ([2001:470:142:3::10]:38250) by lists.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.90_1) (envelope-from ) id 1m3fbn-0005iE-Ld for qemu-devel@nongnu.org; Wed, 14 Jul 2021 10:11:34 -0400 Received: from us-smtp-delivery-124.mimecast.com ([170.10.133.124]:41807) by eggs.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.90_1) (envelope-from ) id 1m3fbl-0007x3-Rm for qemu-devel@nongnu.org; Wed, 14 Jul 2021 10:11:31 -0400 Received: from mimecast-mx01.redhat.com (mimecast-mx01.redhat.com [209.132.183.4]) (Using TLS) by relay.mimecast.com with ESMTP id us-mta-588--3bhyInmM6aXc5_2nOQt0w-1; Wed, 14 Jul 2021 10:11:27 -0400 Received: from smtp.corp.redhat.com (int-mx01.intmail.prod.int.phx2.redhat.com [10.5.11.11]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by mimecast-mx01.redhat.com (Postfix) with ESMTPS id D38C4804155; Wed, 14 Jul 2021 14:11:26 +0000 (UTC) Received: from localhost.localdomain.com (ovpn-114-160.ams2.redhat.com [10.36.114.160]) by smtp.corp.redhat.com (Postfix) with ESMTP id 7953669CB4; Wed, 14 Jul 2021 14:11:20 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=redhat.com; s=mimecast20190719; t=1626271889; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:cc:mime-version:mime-version:content-type:content-type: content-transfer-encoding:content-transfer-encoding: in-reply-to:in-reply-to:references:references; bh=SpT7DdRHg+ZpmSdb3BoQ52os2tuXylz98H/dphyyv80=; b=Ncw67sGB7brAbnzuYwiq3TvK7yekgk938zjOsN/WSSTE+gll0bv4eklZYSSQRN9nqBPZQ0 jSsLlD/LGst0901f02Mp+ew66Yqa+0GNY/RWmj+qPhiBmEYY0Kp3RpZIYixqEu40bcG0e7 pCnUZSC+LoFLBxC8M9/39Jm5MuNtswE= X-MC-Unique: -3bhyInmM6aXc5_2nOQt0w-1 From: =?UTF-8?q?Daniel=20P=2E=20Berrang=C3=A9?= To: qemu-devel@nongnu.org Subject: [PULL 15/26] crypto: add gnutls hash provider Date: Wed, 14 Jul 2021 15:08:47 +0100 Message-Id: <20210714140858.2247409-16-berrange@redhat.com> In-Reply-To: <20210714140858.2247409-1-berrange@redhat.com> References: <20210714140858.2247409-1-berrange@redhat.com> MIME-Version: 1.0 X-Scanned-By: MIMEDefang 2.79 on 10.5.11.11 Authentication-Results: relay.mimecast.com; auth=pass smtp.auth=CUSA124A263 smtp.mailfrom=berrange@redhat.com X-Mimecast-Spam-Score: 0 X-Mimecast-Originator: redhat.com Content-Type: text/plain; charset="utf-8" Content-Transfer-Encoding: quoted-printable Received-SPF: pass (zohomail.com: domain of gnu.org designates 209.51.188.17 as permitted sender) client-ip=209.51.188.17; envelope-from=qemu-devel-bounces+importer=patchew.org@nongnu.org; helo=lists.gnu.org; Received-SPF: pass client-ip=170.10.133.124; envelope-from=berrange@redhat.com; helo=us-smtp-delivery-124.mimecast.com X-Spam_score_int: -34 X-Spam_score: -3.5 X-Spam_bar: --- X-Spam_report: (-3.5 / 5.0 requ) BAYES_00=-1.9, DKIMWL_WL_HIGH=-0.699, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, RCVD_IN_DNSWL_LOW=-0.7, RCVD_IN_MSPIKE_H4=0.001, RCVD_IN_MSPIKE_WL=0.001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001 autolearn=ham autolearn_force=no X-Spam_action: no action X-BeenThere: qemu-devel@nongnu.org X-Mailman-Version: 2.1.23 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Cc: Eduardo Otubo , =?UTF-8?q?Daniel=20P=2E=20Berrang=C3=A9?= , Eduardo Habkost , Juan Quintela , Jason Wang , Richard Henderson , "Dr. David Alan Gilbert" , Markus Armbruster , Jiri Pirko , Gerd Hoffmann , Paolo Bonzini , Eric Blake Errors-To: qemu-devel-bounces+importer=patchew.org@nongnu.org Sender: "Qemu-devel" X-ZohoMail-DKIM: fail (Header signature does not verify) X-ZM-MESSAGEID: 1626272584074100001 This adds support for using gnutls as a provider of the crypto hash APIs. Reviewed-by: Eric Blake Signed-off-by: Daniel P. Berrang=C3=A9 --- crypto/hash-gnutls.c | 104 +++++++++++++++++++++++++++++++++++++++++++ crypto/meson.build | 2 + 2 files changed, 106 insertions(+) create mode 100644 crypto/hash-gnutls.c diff --git a/crypto/hash-gnutls.c b/crypto/hash-gnutls.c new file mode 100644 index 0000000000..17911ac5d1 --- /dev/null +++ b/crypto/hash-gnutls.c @@ -0,0 +1,104 @@ +/* + * QEMU Crypto hash algorithms + * + * Copyright (c) 2021 Red Hat, Inc. + * + * This library is free software; you can redistribute it and/or + * modify it under the terms of the GNU Lesser General Public + * License as published by the Free Software Foundation; either + * version 2.1 of the License, or (at your option) any later version. + * + * This library is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU + * Lesser General Public License for more details. + * + * You should have received a copy of the GNU Lesser General Public + * License along with this library; if not, see . + * + */ + +#include "qemu/osdep.h" +#include +#include "qapi/error.h" +#include "crypto/hash.h" +#include "hashpriv.h" + + +static int qcrypto_hash_alg_map[QCRYPTO_HASH_ALG__MAX] =3D { + [QCRYPTO_HASH_ALG_MD5] =3D GNUTLS_DIG_MD5, + [QCRYPTO_HASH_ALG_SHA1] =3D GNUTLS_DIG_SHA1, + [QCRYPTO_HASH_ALG_SHA224] =3D GNUTLS_DIG_SHA224, + [QCRYPTO_HASH_ALG_SHA256] =3D GNUTLS_DIG_SHA256, + [QCRYPTO_HASH_ALG_SHA384] =3D GNUTLS_DIG_SHA384, + [QCRYPTO_HASH_ALG_SHA512] =3D GNUTLS_DIG_SHA512, + [QCRYPTO_HASH_ALG_RIPEMD160] =3D GNUTLS_DIG_RMD160, +}; + +gboolean qcrypto_hash_supports(QCryptoHashAlgorithm alg) +{ + size_t i; + const gnutls_digest_algorithm_t *algs; + if (alg >=3D G_N_ELEMENTS(qcrypto_hash_alg_map) || + qcrypto_hash_alg_map[alg] =3D=3D GNUTLS_DIG_UNKNOWN) { + return false; + } + algs =3D gnutls_digest_list(); + for (i =3D 0; algs[i] !=3D GNUTLS_DIG_UNKNOWN; i++) { + if (algs[i] =3D=3D qcrypto_hash_alg_map[alg]) { + return true; + } + } + return false; +} + + +static int +qcrypto_gnutls_hash_bytesv(QCryptoHashAlgorithm alg, + const struct iovec *iov, + size_t niov, + uint8_t **result, + size_t *resultlen, + Error **errp) +{ + int i, ret; + gnutls_hash_hd_t hash; + + if (!qcrypto_hash_supports(alg)) { + error_setg(errp, + "Unknown hash algorithm %d", + alg); + return -1; + } + + ret =3D gnutls_hash_get_len(qcrypto_hash_alg_map[alg]); + if (*resultlen =3D=3D 0) { + *resultlen =3D ret; + *result =3D g_new0(uint8_t, *resultlen); + } else if (*resultlen !=3D ret) { + error_setg(errp, + "Result buffer size %zu is smaller than hash %d", + *resultlen, ret); + return -1; + } + + ret =3D gnutls_hash_init(&hash, qcrypto_hash_alg_map[alg]); + if (ret < 0) { + error_setg(errp, + "Unable to initialize hash algorithm: %s", + gnutls_strerror(ret)); + return -1; + } + + for (i =3D 0; i < niov; i++) { + gnutls_hash(hash, iov[i].iov_base, iov[i].iov_len); + } + + gnutls_hash_deinit(hash, *result); + return 0; +} + + +QCryptoHashDriver qcrypto_hash_lib_driver =3D { + .hash_bytesv =3D qcrypto_gnutls_hash_bytesv, +}; diff --git a/crypto/meson.build b/crypto/meson.build index f3bab7c067..e2f25810fc 100644 --- a/crypto/meson.build +++ b/crypto/meson.build @@ -28,6 +28,8 @@ if nettle.found() endif elif gcrypt.found() crypto_ss.add(gcrypt, files('hash-gcrypt.c', 'hmac-gcrypt.c', 'pbkdf-gcr= ypt.c')) +elif gnutls_crypto.found() + crypto_ss.add(gnutls, files('hash-gnutls.c', 'hmac-glib.c', 'pbkdf-stub.= c') else crypto_ss.add(files('hash-glib.c', 'hmac-glib.c', 'pbkdf-stub.c')) endif --=20 2.31.1 From nobody Mon May 20 02:35:13 2024 Delivered-To: importer@patchew.org Authentication-Results: mx.zohomail.com; dkim=fail; spf=pass (zohomail.com: domain of gnu.org designates 209.51.188.17 as permitted sender) smtp.mailfrom=qemu-devel-bounces+importer=patchew.org@nongnu.org; dmarc=fail(p=none dis=none) header.from=redhat.com Return-Path: Received: from lists.gnu.org (lists.gnu.org [209.51.188.17]) by mx.zohomail.com with SMTPS id 1626272777243160.56834724026362; Wed, 14 Jul 2021 07:26:17 -0700 (PDT) Received: from localhost ([::1]:49114 helo=lists1p.gnu.org) by lists.gnu.org with esmtp (Exim 4.90_1) (envelope-from ) id 1m3fq2-0003oc-OZ for importer@patchew.org; Wed, 14 Jul 2021 10:26:15 -0400 Received: from eggs.gnu.org ([2001:470:142:3::10]:38262) by lists.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.90_1) (envelope-from ) id 1m3fbt-0005vv-V5 for qemu-devel@nongnu.org; Wed, 14 Jul 2021 10:11:37 -0400 Received: from us-smtp-delivery-124.mimecast.com ([216.205.24.124]:45865) by eggs.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.90_1) (envelope-from ) id 1m3fbs-00080o-9m for qemu-devel@nongnu.org; Wed, 14 Jul 2021 10:11:37 -0400 Received: from mimecast-mx01.redhat.com (mimecast-mx01.redhat.com [209.132.183.4]) (Using TLS) by relay.mimecast.com with ESMTP id us-mta-35-xxU-mtrpMo-SRpq1P69QHw-1; Wed, 14 Jul 2021 10:11:34 -0400 Received: from smtp.corp.redhat.com (int-mx01.intmail.prod.int.phx2.redhat.com [10.5.11.11]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by mimecast-mx01.redhat.com (Postfix) with ESMTPS id 852CDA40C0; Wed, 14 Jul 2021 14:11:33 +0000 (UTC) Received: from localhost.localdomain.com (ovpn-114-160.ams2.redhat.com [10.36.114.160]) by smtp.corp.redhat.com (Postfix) with ESMTP id 2B1E519C87; Wed, 14 Jul 2021 14:11:27 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=redhat.com; s=mimecast20190719; t=1626271895; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:cc:mime-version:mime-version:content-type:content-type: content-transfer-encoding:content-transfer-encoding: in-reply-to:in-reply-to:references:references; bh=u1M14to1iIlvhotd+JFzyhYmdK5dpNpLufoi7VNVtrY=; b=i6fyTXbvUI+MAVub6KDBXlvCwkB+t8JYcnfvZlVqPIx/Ohg9TCTsXsxlQNCt0rNDT0iWjR 6NgStmoyokJ6hrFMIQsoCx1XS2ThxOpnJ8e2Z06wUAW9IaZyIZs/qHbcxJZK8U+rhAc4pU ZhNL+rEKTiPN8IRg0dQmaxZrpSvSUuA= X-MC-Unique: xxU-mtrpMo-SRpq1P69QHw-1 From: =?UTF-8?q?Daniel=20P=2E=20Berrang=C3=A9?= To: qemu-devel@nongnu.org Subject: [PULL 16/26] crypto: add gnutls hmac provider Date: Wed, 14 Jul 2021 15:08:48 +0100 Message-Id: <20210714140858.2247409-17-berrange@redhat.com> In-Reply-To: <20210714140858.2247409-1-berrange@redhat.com> References: <20210714140858.2247409-1-berrange@redhat.com> MIME-Version: 1.0 X-Scanned-By: MIMEDefang 2.79 on 10.5.11.11 Authentication-Results: relay.mimecast.com; auth=pass smtp.auth=CUSA124A263 smtp.mailfrom=berrange@redhat.com X-Mimecast-Spam-Score: 0 X-Mimecast-Originator: redhat.com Content-Type: text/plain; charset="utf-8" Content-Transfer-Encoding: quoted-printable Received-SPF: pass (zohomail.com: domain of gnu.org designates 209.51.188.17 as permitted sender) client-ip=209.51.188.17; envelope-from=qemu-devel-bounces+importer=patchew.org@nongnu.org; helo=lists.gnu.org; Received-SPF: pass client-ip=216.205.24.124; envelope-from=berrange@redhat.com; helo=us-smtp-delivery-124.mimecast.com X-Spam_score_int: -34 X-Spam_score: -3.5 X-Spam_bar: --- X-Spam_report: (-3.5 / 5.0 requ) BAYES_00=-1.9, DKIMWL_WL_HIGH=-0.699, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, RCVD_IN_DNSWL_LOW=-0.7, RCVD_IN_MSPIKE_H4=0.001, RCVD_IN_MSPIKE_WL=0.001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001 autolearn=ham autolearn_force=no X-Spam_action: no action X-BeenThere: qemu-devel@nongnu.org X-Mailman-Version: 2.1.23 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Cc: Eduardo Otubo , =?UTF-8?q?Daniel=20P=2E=20Berrang=C3=A9?= , Eduardo Habkost , Juan Quintela , Jason Wang , Richard Henderson , "Dr. David Alan Gilbert" , Markus Armbruster , Jiri Pirko , Gerd Hoffmann , Paolo Bonzini , Eric Blake Errors-To: qemu-devel-bounces+importer=patchew.org@nongnu.org Sender: "Qemu-devel" X-ZohoMail-DKIM: fail (Header signature does not verify) X-ZM-MESSAGEID: 1626272778691100001 This adds support for using gnutls as a provider of the crypto hmac APIs. Reviewed-by: Eric Blake Signed-off-by: Daniel P. Berrang=C3=A9 --- crypto/hmac-gnutls.c | 139 +++++++++++++++++++++++++++++++++++++++++++ 1 file changed, 139 insertions(+) create mode 100644 crypto/hmac-gnutls.c diff --git a/crypto/hmac-gnutls.c b/crypto/hmac-gnutls.c new file mode 100644 index 0000000000..24db383322 --- /dev/null +++ b/crypto/hmac-gnutls.c @@ -0,0 +1,139 @@ +/* + * QEMU Crypto hmac algorithms + * + * Copyright (c) 2021 Red Hat, Inc. + * + * Derived from hmac-gcrypt.c: + * + * Copyright (c) 2016 HUAWEI TECHNOLOGIES CO., LTD. + * + * This work is licensed under the terms of the GNU GPL, version 2 or + * (at your option) any later version. See the COPYING file in the + * top-level directory. + * + */ + +#include "qemu/osdep.h" +#include + +#include "qapi/error.h" +#include "crypto/hmac.h" +#include "hmacpriv.h" + +static int qcrypto_hmac_alg_map[QCRYPTO_HASH_ALG__MAX] =3D { + [QCRYPTO_HASH_ALG_MD5] =3D GNUTLS_MAC_MD5, + [QCRYPTO_HASH_ALG_SHA1] =3D GNUTLS_MAC_SHA1, + [QCRYPTO_HASH_ALG_SHA224] =3D GNUTLS_MAC_SHA224, + [QCRYPTO_HASH_ALG_SHA256] =3D GNUTLS_MAC_SHA256, + [QCRYPTO_HASH_ALG_SHA384] =3D GNUTLS_MAC_SHA384, + [QCRYPTO_HASH_ALG_SHA512] =3D GNUTLS_MAC_SHA512, + [QCRYPTO_HASH_ALG_RIPEMD160] =3D GNUTLS_MAC_RMD160, +}; + +typedef struct QCryptoHmacGnutls QCryptoHmacGnutls; +struct QCryptoHmacGnutls { + gnutls_hmac_hd_t handle; +}; + +bool qcrypto_hmac_supports(QCryptoHashAlgorithm alg) +{ + size_t i; + const gnutls_digest_algorithm_t *algs; + if (alg >=3D G_N_ELEMENTS(qcrypto_hmac_alg_map) || + qcrypto_hmac_alg_map[alg] =3D=3D GNUTLS_DIG_UNKNOWN) { + return false; + } + algs =3D gnutls_digest_list(); + for (i =3D 0; algs[i] !=3D GNUTLS_DIG_UNKNOWN; i++) { + if (algs[i] =3D=3D qcrypto_hmac_alg_map[alg]) { + return true; + } + } + return false; +} + +void *qcrypto_hmac_ctx_new(QCryptoHashAlgorithm alg, + const uint8_t *key, size_t nkey, + Error **errp) +{ + QCryptoHmacGnutls *ctx; + int err; + + if (!qcrypto_hmac_supports(alg)) { + error_setg(errp, "Unsupported hmac algorithm %s", + QCryptoHashAlgorithm_str(alg)); + return NULL; + } + + ctx =3D g_new0(QCryptoHmacGnutls, 1); + + err =3D gnutls_hmac_init(&ctx->handle, + qcrypto_hmac_alg_map[alg], + (const void *)key, nkey); + if (err !=3D 0) { + error_setg(errp, "Cannot initialize hmac: %s", + gnutls_strerror(err)); + goto error; + } + + return ctx; + +error: + g_free(ctx); + return NULL; +} + +static void +qcrypto_gnutls_hmac_ctx_free(QCryptoHmac *hmac) +{ + QCryptoHmacGnutls *ctx; + + ctx =3D hmac->opaque; + gnutls_hmac_deinit(ctx->handle, NULL); + + g_free(ctx); +} + +static int +qcrypto_gnutls_hmac_bytesv(QCryptoHmac *hmac, + const struct iovec *iov, + size_t niov, + uint8_t **result, + size_t *resultlen, + Error **errp) +{ + QCryptoHmacGnutls *ctx; + uint32_t ret; + int i; + + ctx =3D hmac->opaque; + + for (i =3D 0; i < niov; i++) { + gnutls_hmac(ctx->handle, iov[i].iov_base, iov[i].iov_len); + } + + ret =3D gnutls_hmac_get_len(qcrypto_hmac_alg_map[hmac->alg]); + if (ret <=3D 0) { + error_setg(errp, "Unable to get hmac length: %s", + gnutls_strerror(ret)); + return -1; + } + + if (*resultlen =3D=3D 0) { + *resultlen =3D ret; + *result =3D g_new0(uint8_t, *resultlen); + } else if (*resultlen !=3D ret) { + error_setg(errp, "Result buffer size %zu is smaller than hmac %d", + *resultlen, ret); + return -1; + } + + gnutls_hmac_output(ctx->handle, *result); + + return 0; +} + +QCryptoHmacDriver qcrypto_hmac_lib_driver =3D { + .hmac_bytesv =3D qcrypto_gnutls_hmac_bytesv, + .hmac_free =3D qcrypto_gnutls_hmac_ctx_free, +}; --=20 2.31.1 From nobody Mon May 20 02:35:13 2024 Delivered-To: importer@patchew.org Authentication-Results: mx.zohomail.com; dkim=fail; spf=pass (zohomail.com: domain of gnu.org designates 209.51.188.17 as permitted sender) smtp.mailfrom=qemu-devel-bounces+importer=patchew.org@nongnu.org; dmarc=fail(p=none dis=none) header.from=redhat.com Return-Path: Received: from lists.gnu.org (lists.gnu.org [209.51.188.17]) by mx.zohomail.com with SMTPS id 1626272413426276.5672575767943; Wed, 14 Jul 2021 07:20:13 -0700 (PDT) Received: from localhost ([::1]:56138 helo=lists1p.gnu.org) by lists.gnu.org with esmtp (Exim 4.90_1) (envelope-from ) id 1m3fkC-0006Oz-6F for importer@patchew.org; Wed, 14 Jul 2021 10:20:12 -0400 Received: from eggs.gnu.org ([2001:470:142:3::10]:38308) by lists.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.90_1) (envelope-from ) id 1m3fby-0006Fd-VV for qemu-devel@nongnu.org; Wed, 14 Jul 2021 10:11:42 -0400 Received: from us-smtp-delivery-124.mimecast.com ([170.10.133.124]:37503) by eggs.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.90_1) (envelope-from ) id 1m3fbx-00083Q-4I for qemu-devel@nongnu.org; Wed, 14 Jul 2021 10:11:42 -0400 Received: from mimecast-mx01.redhat.com (mimecast-mx01.redhat.com [209.132.183.4]) (Using TLS) by relay.mimecast.com with ESMTP id us-mta-114-mLcGeqFKOI2YgbZ40MxttQ-1; Wed, 14 Jul 2021 10:11:38 -0400 Received: from smtp.corp.redhat.com (int-mx01.intmail.prod.int.phx2.redhat.com [10.5.11.11]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by mimecast-mx01.redhat.com (Postfix) with ESMTPS id 969421030C25; Wed, 14 Jul 2021 14:11:36 +0000 (UTC) Received: from localhost.localdomain.com (ovpn-114-160.ams2.redhat.com [10.36.114.160]) by smtp.corp.redhat.com (Postfix) with ESMTP id E533F69CB4; Wed, 14 Jul 2021 14:11:33 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=redhat.com; s=mimecast20190719; t=1626271900; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:cc:mime-version:mime-version:content-type:content-type: content-transfer-encoding:content-transfer-encoding: in-reply-to:in-reply-to:references:references; bh=YjrIXH/H450LNv8nZolKqhxP5e7A1CQjlY9lYhADSCk=; b=hlngJsQO5D/iRKyY04g4al9MleijCt72wFcukjCrxXytoIh8VMjJo9V8Xtyd5CAdPaAWY8 5vwARUFk1kD0gAh8yjatdUIuNpVM4nfI3TexMGaawG2TA+R6YUmNfoHoN+zgUF2Il+mVmc uLq+u5z37qqPcuuCLCmwkhyE16A1My0= X-MC-Unique: mLcGeqFKOI2YgbZ40MxttQ-1 From: =?UTF-8?q?Daniel=20P=2E=20Berrang=C3=A9?= To: qemu-devel@nongnu.org Subject: [PULL 17/26] crypto: add gnutls pbkdf provider Date: Wed, 14 Jul 2021 15:08:49 +0100 Message-Id: <20210714140858.2247409-18-berrange@redhat.com> In-Reply-To: <20210714140858.2247409-1-berrange@redhat.com> References: <20210714140858.2247409-1-berrange@redhat.com> MIME-Version: 1.0 X-Scanned-By: MIMEDefang 2.79 on 10.5.11.11 Authentication-Results: relay.mimecast.com; auth=pass smtp.auth=CUSA124A263 smtp.mailfrom=berrange@redhat.com X-Mimecast-Spam-Score: 0 X-Mimecast-Originator: redhat.com Content-Type: text/plain; charset="utf-8" Content-Transfer-Encoding: quoted-printable Received-SPF: pass (zohomail.com: domain of gnu.org designates 209.51.188.17 as permitted sender) client-ip=209.51.188.17; envelope-from=qemu-devel-bounces+importer=patchew.org@nongnu.org; helo=lists.gnu.org; Received-SPF: pass client-ip=170.10.133.124; envelope-from=berrange@redhat.com; helo=us-smtp-delivery-124.mimecast.com X-Spam_score_int: -34 X-Spam_score: -3.5 X-Spam_bar: --- X-Spam_report: (-3.5 / 5.0 requ) BAYES_00=-1.9, DKIMWL_WL_HIGH=-0.699, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, RCVD_IN_DNSWL_LOW=-0.7, RCVD_IN_MSPIKE_H4=0.001, RCVD_IN_MSPIKE_WL=0.001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001 autolearn=ham autolearn_force=no X-Spam_action: no action X-BeenThere: qemu-devel@nongnu.org X-Mailman-Version: 2.1.23 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Cc: Eduardo Otubo , =?UTF-8?q?Daniel=20P=2E=20Berrang=C3=A9?= , Eduardo Habkost , Juan Quintela , Jason Wang , Richard Henderson , "Dr. David Alan Gilbert" , Markus Armbruster , Jiri Pirko , Gerd Hoffmann , Paolo Bonzini , Eric Blake Errors-To: qemu-devel-bounces+importer=patchew.org@nongnu.org Sender: "Qemu-devel" X-ZohoMail-DKIM: fail (Header signature does not verify) X-ZM-MESSAGEID: 1626272444479100003 This adds support for using gnutls as a provider of the crypto pbkdf APIs. Reviewed-by: Eric Blake Signed-off-by: Daniel P. Berrang=C3=A9 --- crypto/meson.build | 2 +- crypto/pbkdf-gnutls.c | 90 +++++++++++++++++++++++++++++++++++++++++++ 2 files changed, 91 insertions(+), 1 deletion(-) create mode 100644 crypto/pbkdf-gnutls.c diff --git a/crypto/meson.build b/crypto/meson.build index e2f25810fc..95a6a83504 100644 --- a/crypto/meson.build +++ b/crypto/meson.build @@ -29,7 +29,7 @@ if nettle.found() elif gcrypt.found() crypto_ss.add(gcrypt, files('hash-gcrypt.c', 'hmac-gcrypt.c', 'pbkdf-gcr= ypt.c')) elif gnutls_crypto.found() - crypto_ss.add(gnutls, files('hash-gnutls.c', 'hmac-glib.c', 'pbkdf-stub.= c') + crypto_ss.add(gnutls, files('hash-gnutls.c', 'hmac-gnutls.c', 'pbkdf-gnu= tls.c')) else crypto_ss.add(files('hash-glib.c', 'hmac-glib.c', 'pbkdf-stub.c')) endif diff --git a/crypto/pbkdf-gnutls.c b/crypto/pbkdf-gnutls.c new file mode 100644 index 0000000000..2dfbbd382c --- /dev/null +++ b/crypto/pbkdf-gnutls.c @@ -0,0 +1,90 @@ +/* + * QEMU Crypto PBKDF support (Password-Based Key Derivation Function) + * + * Copyright (c) 2021 Red Hat, Inc. + * + * This library is free software; you can redistribute it and/or + * modify it under the terms of the GNU Lesser General Public + * License as published by the Free Software Foundation; either + * version 2.1 of the License, or (at your option) any later version. + * + * This library is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU + * Lesser General Public License for more details. + * + * You should have received a copy of the GNU Lesser General Public + * License along with this library; if not, see . + * + */ + +#include "qemu/osdep.h" +#include +#include "qapi/error.h" +#include "crypto/pbkdf.h" + +bool qcrypto_pbkdf2_supports(QCryptoHashAlgorithm hash) +{ + switch (hash) { + case QCRYPTO_HASH_ALG_MD5: + case QCRYPTO_HASH_ALG_SHA1: + case QCRYPTO_HASH_ALG_SHA224: + case QCRYPTO_HASH_ALG_SHA256: + case QCRYPTO_HASH_ALG_SHA384: + case QCRYPTO_HASH_ALG_SHA512: + case QCRYPTO_HASH_ALG_RIPEMD160: + return true; + default: + return false; + } +} + +int qcrypto_pbkdf2(QCryptoHashAlgorithm hash, + const uint8_t *key, size_t nkey, + const uint8_t *salt, size_t nsalt, + uint64_t iterations, + uint8_t *out, size_t nout, + Error **errp) +{ + static const int hash_map[QCRYPTO_HASH_ALG__MAX] =3D { + [QCRYPTO_HASH_ALG_MD5] =3D GNUTLS_DIG_MD5, + [QCRYPTO_HASH_ALG_SHA1] =3D GNUTLS_DIG_SHA1, + [QCRYPTO_HASH_ALG_SHA224] =3D GNUTLS_DIG_SHA224, + [QCRYPTO_HASH_ALG_SHA256] =3D GNUTLS_DIG_SHA256, + [QCRYPTO_HASH_ALG_SHA384] =3D GNUTLS_DIG_SHA384, + [QCRYPTO_HASH_ALG_SHA512] =3D GNUTLS_DIG_SHA512, + [QCRYPTO_HASH_ALG_RIPEMD160] =3D GNUTLS_DIG_RMD160, + }; + int ret; + const gnutls_datum_t gkey =3D { (unsigned char *)key, nkey }; + const gnutls_datum_t gsalt =3D { (unsigned char *)salt, nsalt }; + + if (iterations > ULONG_MAX) { + error_setg_errno(errp, ERANGE, + "PBKDF iterations %llu must be less than %lu", + (long long unsigned)iterations, ULONG_MAX); + return -1; + } + + if (hash >=3D G_N_ELEMENTS(hash_map) || + hash_map[hash] =3D=3D GNUTLS_DIG_UNKNOWN) { + error_setg_errno(errp, ENOSYS, + "PBKDF does not support hash algorithm %s", + QCryptoHashAlgorithm_str(hash)); + return -1; + } + + ret =3D gnutls_pbkdf2(hash_map[hash], + &gkey, + &gsalt, + iterations, + out, + nout); + if (ret !=3D 0) { + error_setg(errp, "Cannot derive password: %s", + gnutls_strerror(ret)); + return -1; + } + + return 0; +} --=20 2.31.1 From nobody Mon May 20 02:35:13 2024 Delivered-To: importer@patchew.org Authentication-Results: mx.zohomail.com; dkim=fail; spf=pass (zohomail.com: domain of gnu.org designates 209.51.188.17 as permitted sender) smtp.mailfrom=qemu-devel-bounces+importer=patchew.org@nongnu.org; dmarc=fail(p=none dis=none) header.from=redhat.com Return-Path: Received: from lists.gnu.org (lists.gnu.org [209.51.188.17]) by mx.zohomail.com with SMTPS id 1626272567426273.616154495406; Wed, 14 Jul 2021 07:22:47 -0700 (PDT) Received: from localhost ([::1]:36440 helo=lists1p.gnu.org) by lists.gnu.org with esmtp (Exim 4.90_1) (envelope-from ) id 1m3fme-0003iy-Qw for importer@patchew.org; Wed, 14 Jul 2021 10:22:44 -0400 Received: from eggs.gnu.org ([2001:470:142:3::10]:38332) by lists.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.90_1) (envelope-from ) id 1m3fc0-0006L5-KF for qemu-devel@nongnu.org; Wed, 14 Jul 2021 10:11:49 -0400 Received: from us-smtp-delivery-124.mimecast.com ([216.205.24.124]:42143) by eggs.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.90_1) (envelope-from ) id 1m3fby-000850-Sd for qemu-devel@nongnu.org; Wed, 14 Jul 2021 10:11:44 -0400 Received: from mimecast-mx01.redhat.com (mimecast-mx01.redhat.com [209.132.183.4]) (Using TLS) by relay.mimecast.com with ESMTP id us-mta-183-3V1W-hzlMjiw-wGHLjWkjg-1; Wed, 14 Jul 2021 10:11:41 -0400 Received: from smtp.corp.redhat.com (int-mx01.intmail.prod.int.phx2.redhat.com [10.5.11.11]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by mimecast-mx01.redhat.com (Postfix) with ESMTPS id C5E52801107; Wed, 14 Jul 2021 14:11:39 +0000 (UTC) Received: from localhost.localdomain.com (ovpn-114-160.ams2.redhat.com [10.36.114.160]) by smtp.corp.redhat.com (Postfix) with ESMTP id 0F47119C87; Wed, 14 Jul 2021 14:11:36 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=redhat.com; s=mimecast20190719; t=1626271902; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:cc:mime-version:mime-version:content-type:content-type: content-transfer-encoding:content-transfer-encoding: in-reply-to:in-reply-to:references:references; bh=WT58hfnJPQ97fLMWEePiYCIq7+Ssr6Qi361i1cpWZo4=; b=ffjQgT55tmJwa0DarAZUu/2GABxxkBrDztcnamBugEO/2VHishQEyLI8zejs69BHYR86xY 9F73SbY97a/LZI3ghHFJdQOH5tuhWxh9nO1aw5P7LzsPyxNAOsjHpdnj80IZOOVyV4q/bh bX4iMq8hDQO6NFl/OOWHQh0kFBzX1Cg= X-MC-Unique: 3V1W-hzlMjiw-wGHLjWkjg-1 From: =?UTF-8?q?Daniel=20P=2E=20Berrang=C3=A9?= To: qemu-devel@nongnu.org Subject: [PULL 18/26] crypto: prefer gnutls as the crypto backend if new enough Date: Wed, 14 Jul 2021 15:08:50 +0100 Message-Id: <20210714140858.2247409-19-berrange@redhat.com> In-Reply-To: <20210714140858.2247409-1-berrange@redhat.com> References: <20210714140858.2247409-1-berrange@redhat.com> MIME-Version: 1.0 X-Scanned-By: MIMEDefang 2.79 on 10.5.11.11 Authentication-Results: relay.mimecast.com; auth=pass smtp.auth=CUSA124A263 smtp.mailfrom=berrange@redhat.com X-Mimecast-Spam-Score: 0 X-Mimecast-Originator: redhat.com Content-Type: text/plain; charset="utf-8" Content-Transfer-Encoding: quoted-printable Received-SPF: pass (zohomail.com: domain of gnu.org designates 209.51.188.17 as permitted sender) client-ip=209.51.188.17; envelope-from=qemu-devel-bounces+importer=patchew.org@nongnu.org; helo=lists.gnu.org; Received-SPF: pass client-ip=216.205.24.124; envelope-from=berrange@redhat.com; helo=us-smtp-delivery-124.mimecast.com X-Spam_score_int: -34 X-Spam_score: -3.5 X-Spam_bar: --- X-Spam_report: (-3.5 / 5.0 requ) BAYES_00=-1.9, DKIMWL_WL_HIGH=-0.699, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, RCVD_IN_DNSWL_LOW=-0.7, RCVD_IN_MSPIKE_H4=0.001, RCVD_IN_MSPIKE_WL=0.001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001 autolearn=ham autolearn_force=no X-Spam_action: no action X-BeenThere: qemu-devel@nongnu.org X-Mailman-Version: 2.1.23 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Cc: Eduardo Otubo , =?UTF-8?q?Daniel=20P=2E=20Berrang=C3=A9?= , Eduardo Habkost , Juan Quintela , Jason Wang , Richard Henderson , "Dr. David Alan Gilbert" , Markus Armbruster , Jiri Pirko , Gerd Hoffmann , Paolo Bonzini , Eric Blake Errors-To: qemu-devel-bounces+importer=patchew.org@nongnu.org Sender: "Qemu-devel" X-ZohoMail-DKIM: fail (Header signature does not verify) X-ZM-MESSAGEID: 1626272568303100001 If we have gnutls >=3D 3.6.13, then it has enough functionality and performance that we can use it as the preferred crypto backend. Reviewed-by: Eric Blake Signed-off-by: Daniel P. Berrang=C3=A9 --- meson.build | 59 +++++++++++++++++++++++++++++++---------------------- 1 file changed, 35 insertions(+), 24 deletions(-) diff --git a/meson.build b/meson.build index 38b89d424b..073269c59f 100644 --- a/meson.build +++ b/meson.build @@ -846,39 +846,50 @@ if not get_option('gnutls').auto() or have_system endif endif =20 -# Gcrypt has priority over nettle +# We prefer use of gnutls for crypto, unless the options +# explicitly asked for nettle or gcrypt. +# +# If gnutls isn't available for crypto, then we'll prefer +# gcrypt over nettle for performance reasons. gcrypt =3D not_found nettle =3D not_found xts =3D 'none' + if get_option('nettle').enabled() and get_option('gcrypt').enabled() error('Only one of gcrypt & nettle can be enabled') -elif (not get_option('gcrypt').auto() or have_system) and not get_option('= nettle').enabled() - gcrypt =3D dependency('libgcrypt', version: '>=3D1.8', - method: 'config-tool', - required: get_option('gcrypt'), - kwargs: static_kwargs) - # Debian has removed -lgpg-error from libgcrypt-config - # as it "spreads unnecessary dependencies" which in - # turn breaks static builds... - if gcrypt.found() and enable_static - gcrypt =3D declare_dependency(dependencies: [ - gcrypt, - cc.find_library('gpg-error', required: true, kwargs: static_kwargs)]) - endif -endif -if (not get_option('nettle').auto() or have_system) and not gcrypt.found() - nettle =3D dependency('nettle', version: '>=3D3.4', - method: 'pkg-config', - required: get_option('nettle'), - kwargs: static_kwargs) - if nettle.found() and not cc.has_header('nettle/xts.h', dependencies: ne= ttle) - xts =3D 'private' - endif endif -if gcrypt.found() or nettle.found() + +# Explicit nettle/gcrypt request, so ignore gnutls for crypto +if get_option('nettle').enabled() or get_option('gcrypt').enabled() gnutls_crypto =3D not_found endif =20 +if not gnutls_crypto.found() + if (not get_option('gcrypt').auto() or have_system) and not get_option('= nettle').enabled() + gcrypt =3D dependency('libgcrypt', version: '>=3D1.8', + method: 'config-tool', + required: get_option('gcrypt'), + kwargs: static_kwargs) + # Debian has removed -lgpg-error from libgcrypt-config + # as it "spreads unnecessary dependencies" which in + # turn breaks static builds... + if gcrypt.found() and enable_static + gcrypt =3D declare_dependency(dependencies: [ + gcrypt, + cc.find_library('gpg-error', required: true, kwargs: static_kwargs= )]) + endif + endif + if (not get_option('nettle').auto() or have_system) and not gcrypt.found= () + nettle =3D dependency('nettle', version: '>=3D3.4', + method: 'pkg-config', + required: get_option('nettle'), + kwargs: static_kwargs) + if nettle.found() and not cc.has_header('nettle/xts.h', dependencies: = nettle) + xts =3D 'private' + endif + endif +endif + gtk =3D not_found gtkx11 =3D not_found vte =3D not_found --=20 2.31.1 From nobody Mon May 20 02:35:13 2024 Delivered-To: importer@patchew.org Authentication-Results: mx.zohomail.com; dkim=fail; spf=pass (zohomail.com: domain of gnu.org designates 209.51.188.17 as permitted sender) smtp.mailfrom=qemu-devel-bounces+importer=patchew.org@nongnu.org; dmarc=fail(p=none dis=none) header.from=redhat.com Return-Path: Received: from lists.gnu.org (lists.gnu.org [209.51.188.17]) by mx.zohomail.com with SMTPS id 1626272699401328.36849706481405; Wed, 14 Jul 2021 07:24:59 -0700 (PDT) Received: from localhost ([::1]:45132 helo=lists1p.gnu.org) by lists.gnu.org with esmtp (Exim 4.90_1) (envelope-from ) id 1m3foo-0001CN-CM for importer@patchew.org; Wed, 14 Jul 2021 10:24:58 -0400 Received: from eggs.gnu.org ([2001:470:142:3::10]:38378) by lists.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.90_1) (envelope-from ) id 1m3fc8-0006Qu-VW for qemu-devel@nongnu.org; Wed, 14 Jul 2021 10:11:53 -0400 Received: from us-smtp-delivery-124.mimecast.com ([170.10.133.124]:54271) by eggs.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.90_1) (envelope-from ) id 1m3fc6-0008Ba-KU for qemu-devel@nongnu.org; Wed, 14 Jul 2021 10:11:52 -0400 Received: from mimecast-mx01.redhat.com (mimecast-mx01.redhat.com [209.132.183.4]) (Using TLS) by relay.mimecast.com with ESMTP id us-mta-366-QWZlXEoZM2e3z4VPiAkcOA-1; Wed, 14 Jul 2021 10:11:48 -0400 Received: from smtp.corp.redhat.com (int-mx01.intmail.prod.int.phx2.redhat.com [10.5.11.11]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by mimecast-mx01.redhat.com (Postfix) with ESMTPS id 658A7189CD21; Wed, 14 Jul 2021 14:11:46 +0000 (UTC) Received: from localhost.localdomain.com (ovpn-114-160.ams2.redhat.com [10.36.114.160]) by smtp.corp.redhat.com (Postfix) with ESMTP id 2B74C19C87; Wed, 14 Jul 2021 14:11:39 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=redhat.com; s=mimecast20190719; t=1626271910; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:cc:mime-version:mime-version:content-type:content-type: content-transfer-encoding:content-transfer-encoding: in-reply-to:in-reply-to:references:references; bh=yeSMvZXdNsNQu3ORIpYf/cckmfR6IMoBFlCMlPz5uTY=; b=Z3FHh8ULT9e/Ub5lYuurpvsSPCatBqVgyAeVvjN52JV70FhMmB//sr576DbHMq+azE78E0 HJiuCxRPyWHHz12Vqs/59Qgpdf/R2iFIlSl33h4tbGZBwpJ2OC+Ba34aGTScYYLcF/lSzm IeltoNfKvMntcyQyhdtobl7pgNMBwRg= X-MC-Unique: QWZlXEoZM2e3z4VPiAkcOA-1 From: =?UTF-8?q?Daniel=20P=2E=20Berrang=C3=A9?= To: qemu-devel@nongnu.org Subject: [PULL 19/26] net/rocker: use GDateTime for formatting timestamp in debug messages Date: Wed, 14 Jul 2021 15:08:51 +0100 Message-Id: <20210714140858.2247409-20-berrange@redhat.com> In-Reply-To: <20210714140858.2247409-1-berrange@redhat.com> References: <20210714140858.2247409-1-berrange@redhat.com> MIME-Version: 1.0 X-Scanned-By: MIMEDefang 2.79 on 10.5.11.11 Authentication-Results: relay.mimecast.com; auth=pass smtp.auth=CUSA124A263 smtp.mailfrom=berrange@redhat.com X-Mimecast-Spam-Score: 0 X-Mimecast-Originator: redhat.com Content-Type: text/plain; charset="utf-8" Content-Transfer-Encoding: quoted-printable Received-SPF: pass (zohomail.com: domain of gnu.org designates 209.51.188.17 as permitted sender) client-ip=209.51.188.17; envelope-from=qemu-devel-bounces+importer=patchew.org@nongnu.org; helo=lists.gnu.org; Received-SPF: pass client-ip=170.10.133.124; envelope-from=berrange@redhat.com; helo=us-smtp-delivery-124.mimecast.com X-Spam_score_int: -34 X-Spam_score: -3.5 X-Spam_bar: --- X-Spam_report: (-3.5 / 5.0 requ) BAYES_00=-1.9, DKIMWL_WL_HIGH=-0.699, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, RCVD_IN_DNSWL_LOW=-0.7, RCVD_IN_MSPIKE_H4=0.001, RCVD_IN_MSPIKE_WL=0.001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001 autolearn=ham autolearn_force=no X-Spam_action: no action X-BeenThere: qemu-devel@nongnu.org X-Mailman-Version: 2.1.23 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Cc: Eduardo Otubo , =?UTF-8?q?Daniel=20P=2E=20Berrang=C3=A9?= , Eduardo Habkost , Juan Quintela , Jason Wang , Richard Henderson , "Dr. David Alan Gilbert" , Markus Armbruster , Jiri Pirko , Gerd Hoffmann , Paolo Bonzini , Eric Blake Errors-To: qemu-devel-bounces+importer=patchew.org@nongnu.org Sender: "Qemu-devel" X-ZohoMail-DKIM: fail (Header signature does not verify) X-ZM-MESSAGEID: 1626272700846100001 The GDateTime APIs provided by GLib avoid portability pitfalls, such as some platforms where 'struct timeval.tv_sec' field is still 'long' instead of 'time_t'. When combined with automatic cleanup, GDateTime often results in simpler code too. Reviewed-by: Juan Quintela Signed-off-by: Daniel P. Berrang=C3=A9 --- hw/net/rocker/rocker.h | 11 +++-------- 1 file changed, 3 insertions(+), 8 deletions(-) diff --git a/hw/net/rocker/rocker.h b/hw/net/rocker/rocker.h index 941c932265..412fa44d01 100644 --- a/hw/net/rocker/rocker.h +++ b/hw/net/rocker/rocker.h @@ -25,14 +25,9 @@ #if defined(DEBUG_ROCKER) # define DPRINTF(fmt, ...) \ do { \ - struct timeval tv; \ - char timestr[64]; \ - time_t now; \ - gettimeofday(&tv, NULL); \ - now =3D tv.tv_sec; \ - strftime(timestr, sizeof(timestr), "%T", localtime(&now)); \ - fprintf(stderr, "%s.%06ld ", timestr, tv.tv_usec); \ - fprintf(stderr, "ROCKER: " fmt, ## __VA_ARGS__); \ + g_autoptr(GDateTime) now =3D g_date_time_new_now_local(); \ + g_autofree char *nowstr =3D g_date_time_format(now, "%T.%f");\ + fprintf(stderr, "%s ROCKER: " fmt, nowstr, ## __VA_ARGS__);\ } while (0) #else static inline GCC_FMT_ATTR(1, 2) int DPRINTF(const char *fmt, ...) --=20 2.31.1 From nobody Mon May 20 02:35:13 2024 Delivered-To: importer@patchew.org Authentication-Results: mx.zohomail.com; dkim=fail; spf=pass (zohomail.com: domain of gnu.org designates 209.51.188.17 as permitted sender) smtp.mailfrom=qemu-devel-bounces+importer=patchew.org@nongnu.org; dmarc=fail(p=none dis=none) header.from=redhat.com Return-Path: Received: from lists.gnu.org (lists.gnu.org [209.51.188.17]) by mx.zohomail.com with SMTPS id 1626272708765703.483102469674; Wed, 14 Jul 2021 07:25:08 -0700 (PDT) Received: from localhost ([::1]:46002 helo=lists1p.gnu.org) by lists.gnu.org with esmtp (Exim 4.90_1) (envelope-from ) id 1m3fox-0001l6-Db for importer@patchew.org; Wed, 14 Jul 2021 10:25:07 -0400 Received: from eggs.gnu.org ([2001:470:142:3::10]:38420) by lists.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.90_1) (envelope-from ) id 1m3fcE-0006Rh-EG for qemu-devel@nongnu.org; Wed, 14 Jul 2021 10:11:58 -0400 Received: from us-smtp-delivery-124.mimecast.com ([216.205.24.124]:47912) by eggs.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.90_1) (envelope-from ) id 1m3fcB-0008Fl-VQ for qemu-devel@nongnu.org; Wed, 14 Jul 2021 10:11:57 -0400 Received: from mimecast-mx01.redhat.com (mimecast-mx01.redhat.com [209.132.183.4]) (Using TLS) by relay.mimecast.com with ESMTP id us-mta-587-0t4A1lXGNMmoMeyRklh1YA-1; Wed, 14 Jul 2021 10:11:54 -0400 Received: from smtp.corp.redhat.com (int-mx01.intmail.prod.int.phx2.redhat.com [10.5.11.11]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by mimecast-mx01.redhat.com (Postfix) with ESMTPS id 335B610C1ADC; Wed, 14 Jul 2021 14:11:53 +0000 (UTC) Received: from localhost.localdomain.com (ovpn-114-160.ams2.redhat.com [10.36.114.160]) by smtp.corp.redhat.com (Postfix) with ESMTP id AB04B19C87; Wed, 14 Jul 2021 14:11:46 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=redhat.com; s=mimecast20190719; t=1626271915; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:cc:mime-version:mime-version:content-type:content-type: content-transfer-encoding:content-transfer-encoding: in-reply-to:in-reply-to:references:references; bh=xp2o5PD1UTe8LJyY+jf30tqjE2o/ydPUbEBr1Unv9MY=; b=WB8Q3sCAuv3UeBbFujDpNn21bxdGHx838tUfIgzaMTQ9cOu4QifVAsWR/DQsj8KR+o5Sxt +GpLgbM79zrj9YLSx/t5lzuSgwrMYsTIaRnBWqEg3WyTcr6YiEbpLo8x2/XtlauovmtLwq KYah2I2WDxmWxqztbQhYxdIr51XSn/c= X-MC-Unique: 0t4A1lXGNMmoMeyRklh1YA-1 From: =?UTF-8?q?Daniel=20P=2E=20Berrang=C3=A9?= To: qemu-devel@nongnu.org Subject: [PULL 20/26] io: use GDateTime for formatting timestamp for websock headers Date: Wed, 14 Jul 2021 15:08:52 +0100 Message-Id: <20210714140858.2247409-21-berrange@redhat.com> In-Reply-To: <20210714140858.2247409-1-berrange@redhat.com> References: <20210714140858.2247409-1-berrange@redhat.com> MIME-Version: 1.0 X-Scanned-By: MIMEDefang 2.79 on 10.5.11.11 Authentication-Results: relay.mimecast.com; auth=pass smtp.auth=CUSA124A263 smtp.mailfrom=berrange@redhat.com X-Mimecast-Spam-Score: 0 X-Mimecast-Originator: redhat.com Content-Type: text/plain; charset="utf-8" Content-Transfer-Encoding: quoted-printable Received-SPF: pass (zohomail.com: domain of gnu.org designates 209.51.188.17 as permitted sender) client-ip=209.51.188.17; envelope-from=qemu-devel-bounces+importer=patchew.org@nongnu.org; helo=lists.gnu.org; Received-SPF: pass client-ip=216.205.24.124; envelope-from=berrange@redhat.com; helo=us-smtp-delivery-124.mimecast.com X-Spam_score_int: -34 X-Spam_score: -3.5 X-Spam_bar: --- X-Spam_report: (-3.5 / 5.0 requ) BAYES_00=-1.9, DKIMWL_WL_HIGH=-0.699, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, RCVD_IN_DNSWL_LOW=-0.7, RCVD_IN_MSPIKE_H4=0.001, RCVD_IN_MSPIKE_WL=0.001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001 autolearn=ham autolearn_force=no X-Spam_action: no action X-BeenThere: qemu-devel@nongnu.org X-Mailman-Version: 2.1.23 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Cc: Eduardo Otubo , =?UTF-8?q?Daniel=20P=2E=20Berrang=C3=A9?= , Eduardo Habkost , Juan Quintela , Jason Wang , Richard Henderson , "Dr. David Alan Gilbert" , Markus Armbruster , Jiri Pirko , Gerd Hoffmann , Paolo Bonzini , Eric Blake Errors-To: qemu-devel-bounces+importer=patchew.org@nongnu.org Sender: "Qemu-devel" X-ZohoMail-DKIM: fail (Header signature does not verify) X-ZM-MESSAGEID: 1626272710193100001 The GDateTime APIs provided by GLib avoid portability pitfalls, such as some platforms where 'struct timeval.tv_sec' field is still 'long' instead of 'time_t'. When combined with automatic cleanup, GDateTime often results in simpler code too. Reviewed-by: Dr. David Alan Gilbert Signed-off-by: Daniel P. Berrang=C3=A9 --- io/channel-websock.c | 10 ++-------- 1 file changed, 2 insertions(+), 8 deletions(-) diff --git a/io/channel-websock.c b/io/channel-websock.c index 03c1f7cb62..70889bb54d 100644 --- a/io/channel-websock.c +++ b/io/channel-websock.c @@ -177,15 +177,9 @@ qio_channel_websock_handshake_send_res(QIOChannelWebso= ck *ioc, =20 static gchar *qio_channel_websock_date_str(void) { - struct tm tm; - time_t now =3D time(NULL); - char datebuf[128]; + g_autoptr(GDateTime) now =3D g_date_time_new_now_utc(); =20 - gmtime_r(&now, &tm); - - strftime(datebuf, sizeof(datebuf), "%a, %d %b %Y %H:%M:%S GMT", &tm); - - return g_strdup(datebuf); + return g_date_time_format(now, "%a, %d %b %Y %H:%M:%S GMT"); } =20 static void qio_channel_websock_handshake_send_res_err(QIOChannelWebsock *= ioc, --=20 2.31.1 From nobody Mon May 20 02:35:13 2024 Delivered-To: importer@patchew.org Authentication-Results: mx.zohomail.com; dkim=fail; spf=pass (zohomail.com: domain of gnu.org designates 209.51.188.17 as permitted sender) smtp.mailfrom=qemu-devel-bounces+importer=patchew.org@nongnu.org; dmarc=fail(p=none dis=none) header.from=redhat.com Return-Path: Received: from lists.gnu.org (lists.gnu.org [209.51.188.17]) by mx.zohomail.com with SMTPS id 16262726232597.61786001219275; Wed, 14 Jul 2021 07:23:43 -0700 (PDT) Received: from localhost ([::1]:41018 helo=lists1p.gnu.org) by lists.gnu.org with esmtp (Exim 4.90_1) (envelope-from ) id 1m3fna-0006q6-4v for importer@patchew.org; Wed, 14 Jul 2021 10:23:42 -0400 Received: from eggs.gnu.org ([2001:470:142:3::10]:38462) by lists.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.90_1) (envelope-from ) id 1m3fcI-0006Vq-7f for qemu-devel@nongnu.org; Wed, 14 Jul 2021 10:12:02 -0400 Received: from us-smtp-delivery-124.mimecast.com ([216.205.24.124]:20554) by eggs.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.90_1) (envelope-from ) id 1m3fcG-0008I7-Gy for qemu-devel@nongnu.org; Wed, 14 Jul 2021 10:12:02 -0400 Received: from mimecast-mx01.redhat.com (mimecast-mx01.redhat.com [209.132.183.4]) (Using TLS) by relay.mimecast.com with ESMTP id us-mta-399-uZj6S0gkPteTh5oPu0Dkdw-1; Wed, 14 Jul 2021 10:11:57 -0400 Received: from smtp.corp.redhat.com (int-mx01.intmail.prod.int.phx2.redhat.com [10.5.11.11]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by mimecast-mx01.redhat.com (Postfix) with ESMTPS id 76A4F189CD1F; Wed, 14 Jul 2021 14:11:56 +0000 (UTC) Received: from localhost.localdomain.com (ovpn-114-160.ams2.redhat.com [10.36.114.160]) by smtp.corp.redhat.com (Postfix) with ESMTP id 7CCC818A50; Wed, 14 Jul 2021 14:11:53 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=redhat.com; s=mimecast20190719; t=1626271919; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:cc:mime-version:mime-version:content-type:content-type: content-transfer-encoding:content-transfer-encoding: in-reply-to:in-reply-to:references:references; bh=wn/r2MCwAdAEySOeEd0ft8OGoQnq/WsyyRSmoWbCYFs=; b=D0rvcZuNtnzMxEinQD9W/E7f9Z43Bb6gq/fcKWRVATh6gSZuD3WwwRYsEJMysxme0u/NBy y+Jx1qscgBHt/QIfPO0frJL31x6XlnN4O+bATPj2UHQCbL5/qj9iCCid1ObbPXVYSgU2E9 MLsxmZGQAkyz0RYHaLFIST6N6s/kAgA= X-MC-Unique: uZj6S0gkPteTh5oPu0Dkdw-1 From: =?UTF-8?q?Daniel=20P=2E=20Berrang=C3=A9?= To: qemu-devel@nongnu.org Subject: [PULL 21/26] seccomp: don't block getters for resource control syscalls Date: Wed, 14 Jul 2021 15:08:53 +0100 Message-Id: <20210714140858.2247409-22-berrange@redhat.com> In-Reply-To: <20210714140858.2247409-1-berrange@redhat.com> References: <20210714140858.2247409-1-berrange@redhat.com> MIME-Version: 1.0 X-Scanned-By: MIMEDefang 2.79 on 10.5.11.11 Authentication-Results: relay.mimecast.com; auth=pass smtp.auth=CUSA124A263 smtp.mailfrom=berrange@redhat.com X-Mimecast-Spam-Score: 0 X-Mimecast-Originator: redhat.com Content-Type: text/plain; charset="utf-8" Content-Transfer-Encoding: quoted-printable Received-SPF: pass (zohomail.com: domain of gnu.org designates 209.51.188.17 as permitted sender) client-ip=209.51.188.17; envelope-from=qemu-devel-bounces+importer=patchew.org@nongnu.org; helo=lists.gnu.org; Received-SPF: pass client-ip=216.205.24.124; envelope-from=berrange@redhat.com; helo=us-smtp-delivery-124.mimecast.com X-Spam_score_int: -34 X-Spam_score: -3.5 X-Spam_bar: --- X-Spam_report: (-3.5 / 5.0 requ) BAYES_00=-1.9, DKIMWL_WL_HIGH=-0.699, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, RCVD_IN_DNSWL_LOW=-0.7, RCVD_IN_MSPIKE_H4=0.001, RCVD_IN_MSPIKE_WL=0.001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001 autolearn=ham autolearn_force=no X-Spam_action: no action X-BeenThere: qemu-devel@nongnu.org X-Mailman-Version: 2.1.23 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Cc: Eduardo Otubo , =?UTF-8?q?Daniel=20P=2E=20Berrang=C3=A9?= , Eduardo Habkost , Juan Quintela , Jason Wang , Richard Henderson , "Dr. David Alan Gilbert" , Markus Armbruster , Jiri Pirko , Gerd Hoffmann , Paolo Bonzini , Eric Blake Errors-To: qemu-devel-bounces+importer=patchew.org@nongnu.org Sender: "Qemu-devel" X-ZohoMail-DKIM: fail (Header signature does not verify) X-ZM-MESSAGEID: 1626272625404100001 Recent GLibC calls sched_getaffinity in code paths related to malloc and when QEMU blocks access, it sends it off into a bad codepath resulting in stack exhaustion[1]. The GLibC bug is being fixed[2], but none the less, GLibC has valid reasons to want to use sched_getaffinity. It is not unreasonable for code to want to run many resource syscalls for information gathering, so it is a bit too harsh for QEMU to block them. [1] https://bugzilla.redhat.com/show_bug.cgi?id=3D1975693 [2] https://sourceware.org/pipermail/libc-alpha/2021-June/128271.html Reviewed-by: Dr. David Alan Gilbert Acked-by: Eduardo Otubo Signed-off-by: Daniel P. Berrang=C3=A9 --- softmmu/qemu-seccomp.c | 6 ------ 1 file changed, 6 deletions(-) diff --git a/softmmu/qemu-seccomp.c b/softmmu/qemu-seccomp.c index 9c29d9cf00..f50026778c 100644 --- a/softmmu/qemu-seccomp.c +++ b/softmmu/qemu-seccomp.c @@ -97,17 +97,11 @@ static const struct QemuSeccompSyscall denylist[] =3D { { SCMP_SYS(vfork), QEMU_SECCOMP_SET_SPAWN }, { SCMP_SYS(execve), QEMU_SECCOMP_SET_SPAWN }, /* resource control */ - { SCMP_SYS(getpriority), QEMU_SECCOMP_SET_RESOURCECTL }, { SCMP_SYS(setpriority), QEMU_SECCOMP_SET_RESOURCECTL }, { SCMP_SYS(sched_setparam), QEMU_SECCOMP_SET_RESOURCECTL }, - { SCMP_SYS(sched_getparam), QEMU_SECCOMP_SET_RESOURCECTL }, { SCMP_SYS(sched_setscheduler), QEMU_SECCOMP_SET_RESOURCECTL, ARRAY_SIZE(sched_setscheduler_arg), sched_setscheduler_arg }, - { SCMP_SYS(sched_getscheduler), QEMU_SECCOMP_SET_RESOURCECTL }, { SCMP_SYS(sched_setaffinity), QEMU_SECCOMP_SET_RESOURCECTL }, - { SCMP_SYS(sched_getaffinity), QEMU_SECCOMP_SET_RESOURCECTL }, - { SCMP_SYS(sched_get_priority_max), QEMU_SECCOMP_SET_RESOURCECTL }, - { SCMP_SYS(sched_get_priority_min), QEMU_SECCOMP_SET_RESOURCECTL }, }; =20 static inline __attribute__((unused)) int --=20 2.31.1 From nobody Mon May 20 02:35:13 2024 Delivered-To: importer@patchew.org Authentication-Results: mx.zohomail.com; dkim=fail; spf=pass (zohomail.com: domain of gnu.org designates 209.51.188.17 as permitted sender) smtp.mailfrom=qemu-devel-bounces+importer=patchew.org@nongnu.org; dmarc=fail(p=none dis=none) header.from=redhat.com Return-Path: Received: from lists.gnu.org (lists.gnu.org [209.51.188.17]) by mx.zohomail.com with SMTPS id 1626272881788724.2238050577953; Wed, 14 Jul 2021 07:28:01 -0700 (PDT) Received: from localhost ([::1]:55556 helo=lists1p.gnu.org) by lists.gnu.org with esmtp (Exim 4.90_1) (envelope-from ) id 1m3frk-00088J-Ny for importer@patchew.org; Wed, 14 Jul 2021 10:28:00 -0400 Received: from eggs.gnu.org ([2001:470:142:3::10]:38620) by lists.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.90_1) (envelope-from ) id 1m3fcb-0006jt-Ur for qemu-devel@nongnu.org; Wed, 14 Jul 2021 10:12:21 -0400 Received: from us-smtp-delivery-124.mimecast.com ([216.205.24.124]:60252) by eggs.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.90_1) (envelope-from ) id 1m3fcZ-00008Q-RQ for qemu-devel@nongnu.org; Wed, 14 Jul 2021 10:12:21 -0400 Received: from mimecast-mx01.redhat.com (mimecast-mx01.redhat.com [209.132.183.4]) (Using TLS) by relay.mimecast.com with ESMTP id us-mta-25-rmaOks0vM_qoWqw7u8yqmg-1; Wed, 14 Jul 2021 10:12:17 -0400 Received: from smtp.corp.redhat.com (int-mx01.intmail.prod.int.phx2.redhat.com [10.5.11.11]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by mimecast-mx01.redhat.com (Postfix) with ESMTPS id 61CCC10C1ADC; Wed, 14 Jul 2021 14:12:15 +0000 (UTC) Received: from localhost.localdomain.com (ovpn-114-160.ams2.redhat.com [10.36.114.160]) by smtp.corp.redhat.com (Postfix) with ESMTP id D6E9560583; Wed, 14 Jul 2021 14:11:56 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=redhat.com; s=mimecast20190719; t=1626271939; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:cc:mime-version:mime-version:content-type:content-type: content-transfer-encoding:content-transfer-encoding: in-reply-to:in-reply-to:references:references; bh=gX70GM7iPcVN2VHP2PayfpuVvJsvGiDLRcAOQ0HBm3E=; b=Rz9wyGAQl/nBjP9VdsKGJkoizo36N0mMjcbrTGXYsAD+XsYOTWT6Pm6s8qtas2o+0KLddg aX8sGogvcWOqn3zIrVFtYMhrP3DjCqReqnoTvAwn9dJboexQPuMkXaOPe0A471yCFiIUsV uWxdstY0ABO3pEyHb2rE6eR0UwqTexI= X-MC-Unique: rmaOks0vM_qoWqw7u8yqmg-1 From: =?UTF-8?q?Daniel=20P=2E=20Berrang=C3=A9?= To: qemu-devel@nongnu.org Subject: [PULL 22/26] tests/migration: fix unix socket migration Date: Wed, 14 Jul 2021 15:08:54 +0100 Message-Id: <20210714140858.2247409-23-berrange@redhat.com> In-Reply-To: <20210714140858.2247409-1-berrange@redhat.com> References: <20210714140858.2247409-1-berrange@redhat.com> MIME-Version: 1.0 X-Scanned-By: MIMEDefang 2.79 on 10.5.11.11 Authentication-Results: relay.mimecast.com; auth=pass smtp.auth=CUSA124A263 smtp.mailfrom=berrange@redhat.com X-Mimecast-Spam-Score: 0 X-Mimecast-Originator: redhat.com Content-Type: text/plain; charset="utf-8" Content-Transfer-Encoding: quoted-printable Received-SPF: pass (zohomail.com: domain of gnu.org designates 209.51.188.17 as permitted sender) client-ip=209.51.188.17; envelope-from=qemu-devel-bounces+importer=patchew.org@nongnu.org; helo=lists.gnu.org; Received-SPF: pass client-ip=216.205.24.124; envelope-from=berrange@redhat.com; helo=us-smtp-delivery-124.mimecast.com X-Spam_score_int: -34 X-Spam_score: -3.5 X-Spam_bar: --- X-Spam_report: (-3.5 / 5.0 requ) BAYES_00=-1.9, DKIMWL_WL_HIGH=-0.699, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, RCVD_IN_DNSWL_LOW=-0.7, RCVD_IN_MSPIKE_H4=0.001, RCVD_IN_MSPIKE_WL=0.001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001 autolearn=ham autolearn_force=no X-Spam_action: no action X-BeenThere: qemu-devel@nongnu.org X-Mailman-Version: 2.1.23 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Cc: Eduardo Otubo , =?UTF-8?q?Daniel=20P=2E=20Berrang=C3=A9?= , Eduardo Habkost , Juan Quintela , Hyman , Jason Wang , =?UTF-8?q?Philippe=20Mathieu-Daud=C3=A9?= , Richard Henderson , "Dr. David Alan Gilbert" , Wainer dos Santos Moschetta , Markus Armbruster , Jiri Pirko , Gerd Hoffmann , Paolo Bonzini , Eric Blake Errors-To: qemu-devel-bounces+importer=patchew.org@nongnu.org Sender: "Qemu-devel" X-ZohoMail-DKIM: fail (Header signature does not verify) X-ZM-MESSAGEID: 1626272883882100001 From: Hyman The test aborts and error message as the following be throwed: "No such file or directory: '/var/tmp/qemu-migrate-{pid}.migrate", when the unix socket migration test nearly done. The reason is qemu removes the unix socket file after migration before guestperf.py script do it. So pre-check if the socket file exists when removing it to prevent the guestperf program from aborting. See also commit f9cc00346d3 ("tests/migration: fix unix socket batch migration"). Reviewed-by: Philippe Mathieu-Daud=C3=A9 Reviewed-by: Wainer dos Santos Moschetta Signed-off-by: Hyman Signed-off-by: Daniel P. Berrang=C3=A9 --- tests/migration/guestperf/engine.py | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/tests/migration/guestperf/engine.py b/tests/migration/guestper= f/engine.py index 7c991c4407..87a6ab2009 100644 --- a/tests/migration/guestperf/engine.py +++ b/tests/migration/guestperf/engine.py @@ -423,7 +423,7 @@ def run(self, hardware, scenario, result_dir=3Dos.getcw= d()): progress_history =3D ret[0] qemu_timings =3D ret[1] vcpu_timings =3D ret[2] - if uri[0:5] =3D=3D "unix:": + if uri[0:5] =3D=3D "unix:" and os.path.exists(uri[5:]): os.remove(uri[5:]) =20 if os.path.exists(srcmonaddr): --=20 2.31.1 From nobody Mon May 20 02:35:13 2024 Delivered-To: importer@patchew.org Authentication-Results: mx.zohomail.com; dkim=fail; spf=pass (zohomail.com: domain of gnu.org designates 209.51.188.17 as permitted sender) smtp.mailfrom=qemu-devel-bounces+importer=patchew.org@nongnu.org; dmarc=fail(p=none dis=none) header.from=redhat.com Return-Path: Received: from lists.gnu.org (lists.gnu.org [209.51.188.17]) by mx.zohomail.com with SMTPS id 1626272970859765.7773950682491; Wed, 14 Jul 2021 07:29:30 -0700 (PDT) Received: from localhost ([::1]:60942 helo=lists1p.gnu.org) by lists.gnu.org with esmtp (Exim 4.90_1) (envelope-from ) id 1m3ftB-0003HT-SY for importer@patchew.org; Wed, 14 Jul 2021 10:29:29 -0400 Received: from eggs.gnu.org ([2001:470:142:3::10]:38706) by lists.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.90_1) (envelope-from ) id 1m3fd1-0007kZ-W8 for qemu-devel@nongnu.org; Wed, 14 Jul 2021 10:12:48 -0400 Received: from us-smtp-delivery-124.mimecast.com ([170.10.133.124]:59476) by eggs.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.90_1) (envelope-from ) id 1m3fcz-0000RE-S6 for qemu-devel@nongnu.org; Wed, 14 Jul 2021 10:12:47 -0400 Received: from mimecast-mx01.redhat.com (mimecast-mx01.redhat.com [209.132.183.4]) (Using TLS) by relay.mimecast.com with ESMTP id us-mta-6-I0J78eKpMDOTHw4UfTyQzw-1; Wed, 14 Jul 2021 10:12:38 -0400 Received: from smtp.corp.redhat.com (int-mx01.intmail.prod.int.phx2.redhat.com [10.5.11.11]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by mimecast-mx01.redhat.com (Postfix) with ESMTPS id 5D73D19253E8; Wed, 14 Jul 2021 14:12:37 +0000 (UTC) Received: from localhost.localdomain.com (ovpn-114-160.ams2.redhat.com [10.36.114.160]) by smtp.corp.redhat.com (Postfix) with ESMTP id AF1627886E; Wed, 14 Jul 2021 14:12:15 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=redhat.com; s=mimecast20190719; t=1626271964; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:cc:mime-version:mime-version:content-type:content-type: content-transfer-encoding:content-transfer-encoding: in-reply-to:in-reply-to:references:references; bh=7rSYjURVWewlE3OCK3v+KJ+KW+b6/zcZjOpyUv8XYCY=; b=HexPJQ0z0uuLZz0GvyYoV5vmyhA9f2/A+p0dslXF/DzOSkfEXIFtEjYC6/e0lKGQEquAQ4 eWIEZAnvC6MMtzCQ8lpimKNg1iEN924O5qrqyi8jP2w9EdYTsf1MgVtuQLpRHWwFCVtBDe 7dWHD/9JUDUb1Xtcex8qNkmfqplVEwU= X-MC-Unique: I0J78eKpMDOTHw4UfTyQzw-1 From: =?UTF-8?q?Daniel=20P=2E=20Berrang=C3=A9?= To: qemu-devel@nongnu.org Subject: [PULL 23/26] docs: fix typo s/Intel/AMD/ in CPU model notes Date: Wed, 14 Jul 2021 15:08:55 +0100 Message-Id: <20210714140858.2247409-24-berrange@redhat.com> In-Reply-To: <20210714140858.2247409-1-berrange@redhat.com> References: <20210714140858.2247409-1-berrange@redhat.com> MIME-Version: 1.0 X-Scanned-By: MIMEDefang 2.79 on 10.5.11.11 Authentication-Results: relay.mimecast.com; auth=pass smtp.auth=CUSA124A263 smtp.mailfrom=berrange@redhat.com X-Mimecast-Spam-Score: 0 X-Mimecast-Originator: redhat.com Content-Type: text/plain; charset="utf-8" Content-Transfer-Encoding: quoted-printable Received-SPF: pass (zohomail.com: domain of gnu.org designates 209.51.188.17 as permitted sender) client-ip=209.51.188.17; envelope-from=qemu-devel-bounces+importer=patchew.org@nongnu.org; helo=lists.gnu.org; Received-SPF: pass client-ip=170.10.133.124; envelope-from=berrange@redhat.com; helo=us-smtp-delivery-124.mimecast.com X-Spam_score_int: -34 X-Spam_score: -3.5 X-Spam_bar: --- X-Spam_report: (-3.5 / 5.0 requ) BAYES_00=-1.9, DKIMWL_WL_HIGH=-0.699, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, RCVD_IN_DNSWL_LOW=-0.7, RCVD_IN_MSPIKE_H4=0.001, RCVD_IN_MSPIKE_WL=0.001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001 autolearn=ham autolearn_force=no X-Spam_action: no action X-BeenThere: qemu-devel@nongnu.org X-Mailman-Version: 2.1.23 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Cc: Eduardo Otubo , Andrew Jones , =?UTF-8?q?Daniel=20P=2E=20Berrang=C3=A9?= , Eduardo Habkost , Juan Quintela , Jason Wang , Richard Henderson , "Dr. David Alan Gilbert" , Markus Armbruster , Yanan Wang , Jiri Pirko , Gerd Hoffmann , Pankaj Gupta , Paolo Bonzini , Eric Blake Errors-To: qemu-devel-bounces+importer=patchew.org@nongnu.org Sender: "Qemu-devel" X-ZohoMail-DKIM: fail (Header signature does not verify) X-ZM-MESSAGEID: 1626272971905100001 Reviewed-by: Pankaj Gupta Reviewed-by: Andrew Jones Reviewed-by: Yanan Wang Signed-off-by: Daniel P. Berrang=C3=A9 --- docs/system/cpu-models-x86.rst.inc | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/docs/system/cpu-models-x86.rst.inc b/docs/system/cpu-models-x8= 6.rst.inc index f40ee03ecc..9119f5dff5 100644 --- a/docs/system/cpu-models-x86.rst.inc +++ b/docs/system/cpu-models-x86.rst.inc @@ -227,7 +227,7 @@ features are included if using "Host passthrough" or "H= ost model". Preferred CPU models for AMD x86 hosts ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ =20 -The following CPU models are preferred for use on Intel hosts. +The following CPU models are preferred for use on AMD hosts. Administrators / applications are recommended to use the CPU model that matches the generation of the host CPUs in use. In a deployment with a mixture of host CPU models between machines, if live migration --=20 2.31.1 From nobody Mon May 20 02:35:13 2024 Delivered-To: importer@patchew.org Authentication-Results: mx.zohomail.com; dkim=fail; spf=pass (zohomail.com: domain of gnu.org designates 209.51.188.17 as permitted sender) smtp.mailfrom=qemu-devel-bounces+importer=patchew.org@nongnu.org; dmarc=fail(p=none dis=none) header.from=redhat.com Return-Path: Received: from lists.gnu.org (lists.gnu.org [209.51.188.17]) by mx.zohomail.com with SMTPS id 1626272821177718.9025295952567; Wed, 14 Jul 2021 07:27:01 -0700 (PDT) Received: from localhost ([::1]:51896 helo=lists1p.gnu.org) by lists.gnu.org with esmtp (Exim 4.90_1) (envelope-from ) id 1m3fql-0005iw-R3 for importer@patchew.org; Wed, 14 Jul 2021 10:26:59 -0400 Received: from eggs.gnu.org ([2001:470:142:3::10]:38752) by lists.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.90_1) (envelope-from ) id 1m3fdJ-0008MJ-RO for qemu-devel@nongnu.org; Wed, 14 Jul 2021 10:13:05 -0400 Received: from us-smtp-delivery-124.mimecast.com ([170.10.133.124]:27158) by eggs.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.90_1) (envelope-from ) id 1m3fdI-0000gP-6F for qemu-devel@nongnu.org; Wed, 14 Jul 2021 10:13:05 -0400 Received: from mimecast-mx01.redhat.com (mimecast-mx01.redhat.com [209.132.183.4]) (Using TLS) by relay.mimecast.com with ESMTP id us-mta-384-HnRrZ8S8PwimPcIrVwiIoQ-1; Wed, 14 Jul 2021 10:13:02 -0400 Received: from smtp.corp.redhat.com (int-mx01.intmail.prod.int.phx2.redhat.com [10.5.11.11]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by mimecast-mx01.redhat.com (Postfix) with ESMTPS id 9A9A18CC6CC; Wed, 14 Jul 2021 14:12:41 +0000 (UTC) Received: from localhost.localdomain.com (ovpn-114-160.ams2.redhat.com [10.36.114.160]) by smtp.corp.redhat.com (Postfix) with ESMTP id 8918F60BD8; Wed, 14 Jul 2021 14:12:37 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=redhat.com; s=mimecast20190719; t=1626271983; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:cc:mime-version:mime-version:content-type:content-type: content-transfer-encoding:content-transfer-encoding: in-reply-to:in-reply-to:references:references; bh=cYaiWavoDZ1mye4xbq0plCXmTwxL/De12p7dKToB2XU=; b=OF4xcGnumdZu0Tgu7qE3D3Ci3RbXEnRuvaSsgqJ6DMBeOHwjb24Lp8tnBZVQkFMKmU9pp2 XaIiB3UgI0n2dBtV9VQcmBKgscUBBfHwVylbJSxnkysgtk9HC2lr1dbbTYm3hdIk1rOWW4 Lyvb4RYjeWgfaewGmBY28fB5dlnaSgU= X-MC-Unique: HnRrZ8S8PwimPcIrVwiIoQ-1 From: =?UTF-8?q?Daniel=20P=2E=20Berrang=C3=A9?= To: qemu-devel@nongnu.org Subject: [PULL 24/26] qemu-options: re-arrange CPU topology options Date: Wed, 14 Jul 2021 15:08:56 +0100 Message-Id: <20210714140858.2247409-25-berrange@redhat.com> In-Reply-To: <20210714140858.2247409-1-berrange@redhat.com> References: <20210714140858.2247409-1-berrange@redhat.com> MIME-Version: 1.0 X-Scanned-By: MIMEDefang 2.79 on 10.5.11.11 Authentication-Results: relay.mimecast.com; auth=pass smtp.auth=CUSA124A263 smtp.mailfrom=berrange@redhat.com X-Mimecast-Spam-Score: 0 X-Mimecast-Originator: redhat.com Content-Type: text/plain; charset="utf-8" Content-Transfer-Encoding: quoted-printable Received-SPF: pass (zohomail.com: domain of gnu.org designates 209.51.188.17 as permitted sender) client-ip=209.51.188.17; envelope-from=qemu-devel-bounces+importer=patchew.org@nongnu.org; helo=lists.gnu.org; Received-SPF: pass client-ip=170.10.133.124; envelope-from=berrange@redhat.com; helo=us-smtp-delivery-124.mimecast.com X-Spam_score_int: -34 X-Spam_score: -3.5 X-Spam_bar: --- X-Spam_report: (-3.5 / 5.0 requ) BAYES_00=-1.9, DKIMWL_WL_HIGH=-0.699, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, RCVD_IN_DNSWL_LOW=-0.7, RCVD_IN_MSPIKE_H4=0.001, RCVD_IN_MSPIKE_WL=0.001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001 autolearn=ham autolearn_force=no X-Spam_action: no action X-BeenThere: qemu-devel@nongnu.org X-Mailman-Version: 2.1.23 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Cc: Eduardo Otubo , Andrew Jones , =?UTF-8?q?Daniel=20P=2E=20Berrang=C3=A9?= , Eduardo Habkost , Juan Quintela , Jason Wang , Richard Henderson , "Dr. David Alan Gilbert" , Markus Armbruster , Yanan Wang , Jiri Pirko , Gerd Hoffmann , Pankaj Gupta , Paolo Bonzini , Eric Blake Errors-To: qemu-devel-bounces+importer=patchew.org@nongnu.org Sender: "Qemu-devel" X-ZohoMail-DKIM: fail (Header signature does not verify) X-ZM-MESSAGEID: 1626272821882100001 The list of CPU topology options are presented in a fairly arbitrary order currently. Re-arrange them so that they're ordered from largest to smallest unit Reviewed-by: Pankaj Gupta Reviewed-by: Andrew Jones Reviewed-by: Yanan Wang Signed-off-by: Daniel P. Berrang=C3=A9 --- qemu-options.hx | 12 ++++++------ 1 file changed, 6 insertions(+), 6 deletions(-) diff --git a/qemu-options.hx b/qemu-options.hx index 8965dabc83..6b72617844 100644 --- a/qemu-options.hx +++ b/qemu-options.hx @@ -196,17 +196,17 @@ SRST ERST =20 DEF("smp", HAS_ARG, QEMU_OPTION_smp, - "-smp [cpus=3D]n[,maxcpus=3Dcpus][,cores=3Dcores][,threads=3Dthreads][= ,dies=3Ddies][,sockets=3Dsockets]\n" + "-smp [cpus=3D]n[,maxcpus=3Dcpus][,sockets=3Dsockets][,dies=3Ddies][,c= ores=3Dcores][,threads=3Dthreads]\n" " set the number of CPUs to 'n' [default=3D1]\n" - " maxcpus=3D maximum number of total cpus, including\n" + " maxcpus=3D maximum number of total CPUs, including\n" " offline CPUs for hotplug, etc\n" - " cores=3D number of CPU cores on one socket (for PC, i= t's on one die)\n" - " threads=3D number of threads on one CPU core\n" + " sockets=3D number of discrete sockets in the system\n" " dies=3D number of CPU dies on one socket (for PC only= )\n" - " sockets=3D number of discrete sockets in the system\n= ", + " cores=3D number of CPU cores on one socket (for PC, i= t's on one die)\n" + " threads=3D number of threads on one CPU core\n", QEMU_ARCH_ALL) SRST -``-smp [cpus=3D]n[,cores=3Dcores][,threads=3Dthreads][,dies=3Ddies][,socke= ts=3Dsockets][,maxcpus=3Dmaxcpus]`` +``-smp [cpus=3D]n[,maxcpus=3Dmaxcpus][,sockets=3Dsockets][,dies=3Ddies][,c= ores=3Dcores][,threads=3Dthreads]`` Simulate an SMP system with n CPUs. On the PC target, up to 255 CPUs are supported. On Sparc32 target, Linux limits the number of usable CPUs to 4. For the PC target, the number of cores per die, the --=20 2.31.1 From nobody Mon May 20 02:35:13 2024 Delivered-To: importer@patchew.org Authentication-Results: mx.zohomail.com; dkim=fail; spf=pass (zohomail.com: domain of gnu.org designates 209.51.188.17 as permitted sender) smtp.mailfrom=qemu-devel-bounces+importer=patchew.org@nongnu.org; dmarc=fail(p=none dis=none) header.from=redhat.com Return-Path: Received: from lists.gnu.org (lists.gnu.org [209.51.188.17]) by mx.zohomail.com with SMTPS id 1626272916375105.82215063699277; Wed, 14 Jul 2021 07:28:36 -0700 (PDT) Received: from localhost ([::1]:58304 helo=lists1p.gnu.org) by lists.gnu.org with esmtp (Exim 4.90_1) (envelope-from ) id 1m3fsJ-0001WE-AJ for importer@patchew.org; Wed, 14 Jul 2021 10:28:35 -0400 Received: from eggs.gnu.org ([2001:470:142:3::10]:38848) by lists.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.90_1) (envelope-from ) id 1m3fda-0000hI-Bg for qemu-devel@nongnu.org; Wed, 14 Jul 2021 10:13:22 -0400 Received: from us-smtp-delivery-124.mimecast.com ([170.10.133.124]:54189) by eggs.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.90_1) (envelope-from ) id 1m3fdY-0000sA-L3 for qemu-devel@nongnu.org; Wed, 14 Jul 2021 10:13:22 -0400 Received: from mimecast-mx01.redhat.com (mimecast-mx01.redhat.com [209.132.183.4]) (Using TLS) by relay.mimecast.com with ESMTP id us-mta-186-f6DRdVwLMr-GZzdFfgtx5g-1; Wed, 14 Jul 2021 10:13:16 -0400 Received: from smtp.corp.redhat.com (int-mx01.intmail.prod.int.phx2.redhat.com [10.5.11.11]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by mimecast-mx01.redhat.com (Postfix) with ESMTPS id CDADBA1F08; Wed, 14 Jul 2021 14:12:45 +0000 (UTC) Received: from localhost.localdomain.com (ovpn-114-160.ams2.redhat.com [10.36.114.160]) by smtp.corp.redhat.com (Postfix) with ESMTP id 06C4560583; Wed, 14 Jul 2021 14:12:41 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=redhat.com; s=mimecast20190719; t=1626272000; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:cc:mime-version:mime-version:content-type:content-type: content-transfer-encoding:content-transfer-encoding: in-reply-to:in-reply-to:references:references; bh=dYBFIJbACkdoIWBUg4FYLh5Rs0+VHgH96MP7a2AMJsk=; b=CgxQ2TDOgcxpZ/CyJifb6CQ1T+W4Mn/S+jl7mx19j6Y4+UMX5RcZMeNjwFmqLjyvUYyp4y IFwujO2gV7cJD345jYB+tRIy7pXw6/Z9Va5f1DYRdwj/G8mqR8+jB5La+txA7x7ik8JYGf Oocy/pta1LUz0PSWhVRGyVZFUS7iXCk= X-MC-Unique: f6DRdVwLMr-GZzdFfgtx5g-1 From: =?UTF-8?q?Daniel=20P=2E=20Berrang=C3=A9?= To: qemu-devel@nongnu.org Subject: [PULL 25/26] qemu-options: tweak to show that CPU count is optional Date: Wed, 14 Jul 2021 15:08:57 +0100 Message-Id: <20210714140858.2247409-26-berrange@redhat.com> In-Reply-To: <20210714140858.2247409-1-berrange@redhat.com> References: <20210714140858.2247409-1-berrange@redhat.com> MIME-Version: 1.0 X-Scanned-By: MIMEDefang 2.79 on 10.5.11.11 Authentication-Results: relay.mimecast.com; auth=pass smtp.auth=CUSA124A263 smtp.mailfrom=berrange@redhat.com X-Mimecast-Spam-Score: 0 X-Mimecast-Originator: redhat.com Content-Type: text/plain; charset="utf-8" Content-Transfer-Encoding: quoted-printable Received-SPF: pass (zohomail.com: domain of gnu.org designates 209.51.188.17 as permitted sender) client-ip=209.51.188.17; envelope-from=qemu-devel-bounces+importer=patchew.org@nongnu.org; helo=lists.gnu.org; Received-SPF: pass client-ip=170.10.133.124; envelope-from=berrange@redhat.com; helo=us-smtp-delivery-124.mimecast.com X-Spam_score_int: -34 X-Spam_score: -3.5 X-Spam_bar: --- X-Spam_report: (-3.5 / 5.0 requ) BAYES_00=-1.9, DKIMWL_WL_HIGH=-0.699, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, RCVD_IN_DNSWL_LOW=-0.7, RCVD_IN_MSPIKE_H4=0.001, RCVD_IN_MSPIKE_WL=0.001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001 autolearn=ham autolearn_force=no X-Spam_action: no action X-BeenThere: qemu-devel@nongnu.org X-Mailman-Version: 2.1.23 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Cc: Eduardo Otubo , Andrew Jones , =?UTF-8?q?Daniel=20P=2E=20Berrang=C3=A9?= , Eduardo Habkost , Juan Quintela , Jason Wang , Richard Henderson , "Dr. David Alan Gilbert" , Markus Armbruster , Yanan Wang , Jiri Pirko , Gerd Hoffmann , Pankaj Gupta , Paolo Bonzini , Eric Blake Errors-To: qemu-devel-bounces+importer=patchew.org@nongnu.org Sender: "Qemu-devel" X-ZohoMail-DKIM: fail (Header signature does not verify) X-ZM-MESSAGEID: 1626272917877100001 The initial CPU count number is not required, if any of the topology options are given, since it can be computed. Reviewed-by: Pankaj Gupta Reviewed-by: Andrew Jones Reviewed-by: Yanan Wang Signed-off-by: Daniel P. Berrang=C3=A9 --- qemu-options.hx | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/qemu-options.hx b/qemu-options.hx index 6b72617844..14ff35dd4e 100644 --- a/qemu-options.hx +++ b/qemu-options.hx @@ -196,7 +196,7 @@ SRST ERST =20 DEF("smp", HAS_ARG, QEMU_OPTION_smp, - "-smp [cpus=3D]n[,maxcpus=3Dcpus][,sockets=3Dsockets][,dies=3Ddies][,c= ores=3Dcores][,threads=3Dthreads]\n" + "-smp [[cpus=3D]n][,maxcpus=3Dcpus][,sockets=3Dsockets][,dies=3Ddies][= ,cores=3Dcores][,threads=3Dthreads]\n" " set the number of CPUs to 'n' [default=3D1]\n" " maxcpus=3D maximum number of total CPUs, including\n" " offline CPUs for hotplug, etc\n" @@ -206,7 +206,7 @@ DEF("smp", HAS_ARG, QEMU_OPTION_smp, " threads=3D number of threads on one CPU core\n", QEMU_ARCH_ALL) SRST -``-smp [cpus=3D]n[,maxcpus=3Dmaxcpus][,sockets=3Dsockets][,dies=3Ddies][,c= ores=3Dcores][,threads=3Dthreads]`` +``-smp [[cpus=3D]n][,maxcpus=3Dmaxcpus][,sockets=3Dsockets][,dies=3Ddies][= ,cores=3Dcores][,threads=3Dthreads]`` Simulate an SMP system with n CPUs. On the PC target, up to 255 CPUs are supported. On Sparc32 target, Linux limits the number of usable CPUs to 4. For the PC target, the number of cores per die, the --=20 2.31.1 From nobody Mon May 20 02:35:13 2024 Delivered-To: importer@patchew.org Authentication-Results: mx.zohomail.com; dkim=fail; spf=pass (zohomail.com: domain of gnu.org designates 209.51.188.17 as permitted sender) smtp.mailfrom=qemu-devel-bounces+importer=patchew.org@nongnu.org; dmarc=fail(p=none dis=none) header.from=redhat.com Return-Path: Received: from lists.gnu.org (lists.gnu.org [209.51.188.17]) by mx.zohomail.com with SMTPS id 1626272828871668.5167619099453; Wed, 14 Jul 2021 07:27:08 -0700 (PDT) Received: from localhost ([::1]:52514 helo=lists1p.gnu.org) by lists.gnu.org with esmtp (Exim 4.90_1) (envelope-from ) id 1m3fqt-00068V-QQ for importer@patchew.org; Wed, 14 Jul 2021 10:27:07 -0400 Received: from eggs.gnu.org ([2001:470:142:3::10]:38918) by lists.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.90_1) (envelope-from ) id 1m3fdp-0001DW-V4 for qemu-devel@nongnu.org; Wed, 14 Jul 2021 10:13:37 -0400 Received: from us-smtp-delivery-124.mimecast.com ([216.205.24.124]:41238) by eggs.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.90_1) (envelope-from ) id 1m3fdm-00012J-Tx for qemu-devel@nongnu.org; Wed, 14 Jul 2021 10:13:37 -0400 Received: from mimecast-mx01.redhat.com (mimecast-mx01.redhat.com [209.132.183.4]) (Using TLS) by relay.mimecast.com with ESMTP id us-mta-241-xwzUvY9NPf6FW8wcK-SX4A-1; Wed, 14 Jul 2021 10:13:32 -0400 Received: from smtp.corp.redhat.com (int-mx01.intmail.prod.int.phx2.redhat.com [10.5.11.11]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by mimecast-mx01.redhat.com (Postfix) with ESMTPS id 4EEAC8CE4A8; Wed, 14 Jul 2021 14:12:49 +0000 (UTC) Received: from localhost.localdomain.com (ovpn-114-160.ams2.redhat.com [10.36.114.160]) by smtp.corp.redhat.com (Postfix) with ESMTP id 51A2E69CB4; Wed, 14 Jul 2021 14:12:46 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=redhat.com; s=mimecast20190719; t=1626272014; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:cc:mime-version:mime-version:content-type:content-type: content-transfer-encoding:content-transfer-encoding: in-reply-to:in-reply-to:references:references; bh=wwTF4pLPQDzIxRPMede2nLTlrrmx85HvFIv+DrT1nCA=; b=T5SR/0kPPCs3UsuhUFUsZc19/s0RaRThWsgIF4z/WGnb3JSaTQswX0h0v8xpJMY4jcTc3Z Vko0ZOYcYbJ1P1Xrmqf1dMi1TZUu4gl6HTNkLO/iIl7MXe5aG2hrsW1aP0UG++jUDm5wQg +siNLmHZa+5hR3CTUccdCZb7teaji3o= X-MC-Unique: xwzUvY9NPf6FW8wcK-SX4A-1 From: =?UTF-8?q?Daniel=20P=2E=20Berrang=C3=A9?= To: qemu-devel@nongnu.org Subject: [PULL 26/26] qemu-options: rewrite help for -smp options Date: Wed, 14 Jul 2021 15:08:58 +0100 Message-Id: <20210714140858.2247409-27-berrange@redhat.com> In-Reply-To: <20210714140858.2247409-1-berrange@redhat.com> References: <20210714140858.2247409-1-berrange@redhat.com> MIME-Version: 1.0 X-Scanned-By: MIMEDefang 2.79 on 10.5.11.11 Authentication-Results: relay.mimecast.com; auth=pass smtp.auth=CUSA124A263 smtp.mailfrom=berrange@redhat.com X-Mimecast-Spam-Score: 0 X-Mimecast-Originator: redhat.com Content-Type: text/plain; charset="utf-8" Content-Transfer-Encoding: quoted-printable Received-SPF: pass (zohomail.com: domain of gnu.org designates 209.51.188.17 as permitted sender) client-ip=209.51.188.17; envelope-from=qemu-devel-bounces+importer=patchew.org@nongnu.org; helo=lists.gnu.org; Received-SPF: pass client-ip=216.205.24.124; envelope-from=berrange@redhat.com; helo=us-smtp-delivery-124.mimecast.com X-Spam_score_int: -34 X-Spam_score: -3.5 X-Spam_bar: --- X-Spam_report: (-3.5 / 5.0 requ) BAYES_00=-1.9, DKIMWL_WL_HIGH=-0.699, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, RCVD_IN_DNSWL_LOW=-0.7, RCVD_IN_MSPIKE_H4=0.001, RCVD_IN_MSPIKE_WL=0.001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001 autolearn=ham autolearn_force=no X-Spam_action: no action X-BeenThere: qemu-devel@nongnu.org X-Mailman-Version: 2.1.23 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Cc: Eduardo Otubo , Andrew Jones , =?UTF-8?q?Daniel=20P=2E=20Berrang=C3=A9?= , Eduardo Habkost , Juan Quintela , Jason Wang , Richard Henderson , "Dr. David Alan Gilbert" , Markus Armbruster , Jiri Pirko , Gerd Hoffmann , Pankaj Gupta , Paolo Bonzini , Eric Blake Errors-To: qemu-devel-bounces+importer=patchew.org@nongnu.org Sender: "Qemu-devel" X-ZohoMail-DKIM: fail (Header signature does not verify) X-ZM-MESSAGEID: 1626272830904100003 The -smp option help is peculiarly specific about mentioning the CPU upper limits, but these are wrong. The "PC" target has varying max CPU counts depending on the machine type picked. Notes about guest OS limits are inappropriate for QEMU docs. There are way too many machine types for it to be practical to mention actual limits, and some limits are even modified by downstream distribtions. Thus it is better to remove the specific limits entirely. The CPU topology reporting is also not neccessarily specific to the PC platform and descriptions around the rules of usage are somewhat terse. Expand this information with some examples to show effects of defaulting. Reviewed-by: Pankaj Gupta Reviewed-by: Andrew Jones Signed-off-by: Daniel P. Berrang=C3=A9 --- qemu-options.hx | 29 +++++++++++++++++++++-------- 1 file changed, 21 insertions(+), 8 deletions(-) diff --git a/qemu-options.hx b/qemu-options.hx index 14ff35dd4e..214c477dcc 100644 --- a/qemu-options.hx +++ b/qemu-options.hx @@ -207,14 +207,27 @@ DEF("smp", HAS_ARG, QEMU_OPTION_smp, QEMU_ARCH_ALL) SRST ``-smp [[cpus=3D]n][,maxcpus=3Dmaxcpus][,sockets=3Dsockets][,dies=3Ddies][= ,cores=3Dcores][,threads=3Dthreads]`` - Simulate an SMP system with n CPUs. On the PC target, up to 255 CPUs - are supported. On Sparc32 target, Linux limits the number of usable - CPUs to 4. For the PC target, the number of cores per die, the - number of threads per cores, the number of dies per packages and the - total number of sockets can be specified. Missing values will be - computed. If any on the three values is given, the total number of - CPUs n can be omitted. maxcpus specifies the maximum number of - hotpluggable CPUs. + Simulate a SMP system with '\ ``n``\ ' CPUs initially present on + the machine type board. On boards supporting CPU hotplug, the optional + '\ ``maxcpus``\ ' parameter can be set to enable further CPUs to be + added at runtime. If omitted the maximum number of CPUs will be + set to match the initial CPU count. Both parameters are subject to + an upper limit that is determined by the specific machine type chosen. + + To control reporting of CPU topology information, the number of socket= s, + dies per socket, cores per die, and threads per core can be specified. + The sum `` sockets * cores * dies * threads `` must be equal to the + maximum CPU count. CPU targets may only support a subset of the topolo= gy + parameters. Where a CPU target does not support use of a particular + topology parameter, its value should be assumed to be 1 for the purpose + of computing the CPU maximum count. + + Either the initial CPU count, or at least one of the topology paramete= rs + must be specified. Values for any omitted parameters will be computed + from those which are given. Historically preference was given to the + coarsest topology parameters when computing missing values (ie sockets + preferred over cores, which were preferred over threads), however, this + behaviour is considered liable to change. ERST =20 DEF("numa", HAS_ARG, QEMU_OPTION_numa, --=20 2.31.1