summaryrefslogtreecommitdiffstats
path: root/crypto
Commit message (Collapse)AuthorAgeFilesLines
...
* qcrypto-luks: more rigorous header checkingMaxim Levitsky2019-09-261-0/+52
| | | | | | | | | | | Check that keyslots don't overlap with the data, and check that keyslots don't overlap with each other. (this is done using naive O(n^2) nested loops, but since there are just 8 keyslots, this doesn't really matter. Signed-off-by: Maxim Levitsky <mlevitsk@redhat.com> Reviewed-by: Daniel P. Berrangé <berrange@redhat.com> Signed-off-by: Daniel P. Berrangé <berrange@redhat.com>
* qcrypto-luks: simplify the math used for keyslot locationsMaxim Levitsky2019-09-261-23/+40
| | | | | | Signed-off-by: Maxim Levitsky <mlevitsk@redhat.com> Reviewed-by: Daniel P. Berrangé <berrange@redhat.com> Signed-off-by: Daniel P. Berrangé <berrange@redhat.com>
* qcrypto-luks: extract store key functionMaxim Levitsky2019-09-261-123/+181
| | | | | | | | | This function will be used later to store new keys to the luks metadata Signed-off-by: Maxim Levitsky <mlevitsk@redhat.com> Reviewed-by: Daniel P. Berrangé <berrange@redhat.com> Signed-off-by: Daniel P. Berrangé <berrange@redhat.com>
* qcrypto-luks: extract check and parse headerMaxim Levitsky2019-09-261-98/+125
| | | | | | | | | This is just to make qcrypto_block_luks_open more reasonable in size. Signed-off-by: Maxim Levitsky <mlevitsk@redhat.com> Reviewed-by: Daniel P. Berrangé <berrange@redhat.com> Signed-off-by: Daniel P. Berrangé <berrange@redhat.com>
* qcrypto-luks: extract store and load headerMaxim Levitsky2019-09-261-62/+93
| | | | | | Signed-off-by: Maxim Levitsky <mlevitsk@redhat.com> Reviewed-by: Daniel P. Berrangé <berrange@redhat.com> Signed-off-by: Daniel P. Berrangé <berrange@redhat.com>
* qcrypto-luks: purge unused error codes from open callbackMaxim Levitsky2019-09-261-32/+13Star
| | | | | | | | These values are not used by generic crypto code anyway Signed-off-by: Maxim Levitsky <mlevitsk@redhat.com> Reviewed-by: Daniel P. Berrangé <berrange@redhat.com> Signed-off-by: Daniel P. Berrangé <berrange@redhat.com>
* qcrypto-luks: use the parsed encryption settings in QCryptoBlockLUKSMaxim Levitsky2019-09-261-90/+79Star
| | | | | | | | | | | | Prior to that patch, the parsed encryption settings were already stored into the QCryptoBlockLUKS but not used anywhere but in qcrypto_block_luks_get_info Using them simplifies the code Signed-off-by: Maxim Levitsky <mlevitsk@redhat.com> Reviewed-by: Daniel P. Berrangé <berrange@redhat.com> Signed-off-by: Daniel P. Berrangé <berrange@redhat.com>
* qcrypto-luks: pass keyslot index rather that pointer to the keyslotMaxim Levitsky2019-09-261-3/+3
| | | | | | | | Another minor refactoring Signed-off-by: Maxim Levitsky <mlevitsk@redhat.com> Reviewed-by: Daniel P. Berrangé <berrange@redhat.com> Signed-off-by: Daniel P. Berrangé <berrange@redhat.com>
* qcrypto-luks: simplify masterkey and masterkey lengthMaxim Levitsky2019-09-261-23/+21Star
| | | | | | | | | Let the caller allocate masterkey Always use master key len from the header Signed-off-by: Maxim Levitsky <mlevitsk@redhat.com> Reviewed-by: Daniel P. Berrangé <berrange@redhat.com> Signed-off-by: Daniel P. Berrangé <berrange@redhat.com>
* qcrypto-luks: don't overwrite cipher_mode in headerMaxim Levitsky2019-09-261-3/+6
| | | | | | | | | This way we can store the header we loaded, which will be used in key management code Signed-off-by: Maxim Levitsky <mlevitsk@redhat.com> Reviewed-by: Daniel P. Berrangé <berrange@redhat.com> Signed-off-by: Daniel P. Berrangé <berrange@redhat.com>
* qcrypto-luks: rename some fields in QCryptoBlockLUKSHeaderMaxim Levitsky2019-09-261-44/+47
| | | | | | | | | | * key_bytes -> master_key_len * payload_offset = payload_offset_sector (to emphasise that this isn't byte offset) * key_offset -> key_offset_sector - same as above for luks slots Signed-off-by: Maxim Levitsky <mlevitsk@redhat.com> Reviewed-by: Daniel P. Berrangé <berrange@redhat.com> Signed-off-by: Daniel P. Berrangé <berrange@redhat.com>
* crypto: use auto cleanup for many stack variablesDaniel P. Berrangé2019-08-228-133/+65Star
| | | | | | | | | Simplify cleanup paths by using glib's auto cleanup macros for stack variables, allowing several goto jumps / labels to be eliminated. Reviewed-by: Marc-André Lureau <marcandre.lureau@redhat.com> Reviewed-by: Stefan Hajnoczi <stefanha@redhat.com> Signed-off-by: Daniel P. Berrangé <berrange@redhat.com>
* glib: bump min required glib library version to 2.48Daniel P. Berrangé2019-08-221-5/+0Star
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Per supported platforms doc[1], the various min glib on relevant distros is: RHEL-8: 2.56.1 RHEL-7: 2.50.3 Debian (Buster): 2.58.3 Debian (Stretch): 2.50.3 OpenBSD (Ports): 2.58.3 FreeBSD (Ports): 2.56.3 OpenSUSE Leap 15: 2.54.3 SLE12-SP2: 2.48.2 Ubuntu (Xenial): 2.48.0 macOS (Homebrew): 2.56.0 This suggests that a minimum glib of 2.48 is a reasonable target. Compared to the previous version bump in commit e7b3af81597db1a6b55f2c15d030d703c6b2c6ac Author: Daniel P. Berrangé <berrange@redhat.com> Date: Fri May 4 15:34:46 2018 +0100 glib: bump min required glib library version to 2.40 This will result in us dropping support for Debian Jessie and Ubuntu 14.04. As per the commit message 14.04 was already outside our list of supported build platforms and an exception was only made because one of the build hosts used during merge testing was stuck on 14.04. Debian Jessie is justified to drop because we only aim to support at most 2 major versions of Debian at any time. This means Buster and Stretch at this time. The g_strv_contains compat code is dropped as this API is present since 2.44 The g_assert_cmpmem compat code is dropped as this API is present since 2.46 [1] https://qemu.weilnetz.de/doc/qemu-doc.html#Supported-build-platforms Reviewed-by: Marc-André Lureau <marcandre.lureau@redhat.com> Reviewed-by: Stefan Hajnoczi <stefanha@redhat.com> Signed-off-by: Daniel P. Berrangé <berrange@redhat.com>
* crypto: Fix LGPL information in the file headersThomas Huth2019-07-1938-38/+38
| | | | | | | | | It's either "GNU *Library* General Public License version 2" or "GNU Lesser General Public License version *2.1*", but there was no "version 2.0" of the "Lesser" license. So assume that version 2.1 is meant here. Signed-off-by: Thomas Huth <thuth@redhat.com> Signed-off-by: Daniel P. Berrangé <berrange@redhat.com>
* crypto: fix function signatures for nettle 2.7 vs 3Daniel P. Berrangé2019-07-192-7/+22
| | | | | | | | | | | | | Nettle version 2.7.x used 'unsigned int' instead of 'size_t' for length parameters in functions. Use a local typedef so that we can build with the correct signature depending on nettle version, as we already do in the cipher code. Reported-by: Amol Surati <suratiamol@gmail.com> Reviewed-by: Alex Bennée <alex.bennee@linaro.org> Tested-by: Alex Bennée <alex.bennee@linaro.org> Reviewed-by: Philippe Mathieu-Daudé <philmd@redhat.com> Signed-off-by: Daniel P. Berrangé <berrange@redhat.com>
* crypto: switch to modern nettle AES APIsDaniel P. Berrangé2019-07-191-35/+183
| | | | | | | | | | | | | The aes_ctx struct and aes_* functions have been deprecated in nettle 3.5, in favour of keysize specific functions which were introduced first in nettle 3.0. Switch QEMU code to use the new APIs and add some backcompat defines such that it still builds on nettle 2.7 Reviewed-by: Alex Bennée <alex.bennee@linaro.org> Tested-by: Alex Bennée <alex.bennee@linaro.org> Signed-off-by: Daniel P. Berrangé <berrange@redhat.com>
* Normalize position of header guardMarkus Armbruster2019-06-123-13/+10Star
| | | | | | | | | | | | | | | | | | | | | | | | | | | This is the common header guard idiom: /* * File comment */ #ifndef GUARD_SYMBOL_H #define GUARD_SYMBOL_H ... actual contents ... #endif A few of our headers have some #include before the guard. target/tilegx/spr_def_64.h has #ifndef __DOXYGEN__ outside the guard. A few more have the #define elsewhere. Change them to match the common idiom. For spr_def_64.h, that means dropping #ifndef __DOXYGEN__. While there, rename guard symbols to make scripts/clean-header-guards.pl happy. Signed-off-by: Markus Armbruster <armbru@redhat.com> Message-Id: <20190604181618.19980-2-armbru@redhat.com> [Rebased with conflicts resolved automatically]
* Include qemu-common.h exactly where neededMarkus Armbruster2019-06-121-1/+0Star
| | | | | | | | | | | | | | | | No header includes qemu-common.h after this commit, as prescribed by qemu-common.h's file comment. Signed-off-by: Markus Armbruster <armbru@redhat.com> Message-Id: <20190523143508.25387-5-armbru@redhat.com> [Rebased with conflicts resolved automatically, except for include/hw/arm/xlnx-zynqmp.h hw/arm/nrf51_soc.c hw/arm/msf2-soc.c block/qcow2-refcount.c block/qcow2-cluster.c block/qcow2-cache.c target/arm/cpu.h target/lm32/cpu.h target/m68k/cpu.h target/mips/cpu.h target/moxie/cpu.h target/nios2/cpu.h target/openrisc/cpu.h target/riscv/cpu.h target/tilegx/cpu.h target/tricore/cpu.h target/unicore32/cpu.h target/xtensa/cpu.h; bsd-user/main.c and net/tap-bsd.c fixed up]
* Include qemu/module.h where needed, drop it from qemu-common.hMarkus Armbruster2019-06-125-0/+5
| | | | | | | | | Signed-off-by: Markus Armbruster <armbru@redhat.com> Message-Id: <20190523143508.25387-4-armbru@redhat.com> [Rebased with conflicts resolved automatically, except for hw/usb/dev-hub.c hw/misc/exynos4210_rng.c hw/misc/bcm2835_rng.c hw/misc/aspeed_scu.c hw/display/virtio-vga.c hw/arm/stm32f205_soc.c; ui/cocoa.m fixed up]
* crypto: Change the qcrypto_random_bytes buffer type to void*Richard Henderson2019-05-223-4/+4
| | | | | | | | | | Using uint8_t* merely requires useless casts for use with other types to be filled with randomness. Reviewed-by: Laurent Vivier <lvivier@redhat.com> Reviewed-by: Philippe Mathieu-Daudé <philmd@redhat.com> Reviewed-by: Daniel P. Berrangé <berrange@redhat.com> Signed-off-by: Richard Henderson <richard.henderson@linaro.org>
* crypto: Use getrandom for qcrypto_random_bytesRichard Henderson2019-05-221-5/+32
| | | | | | | | Prefer it to direct use of /dev/urandom. Reviewed-by: Laurent Vivier <lvivier@redhat.com> Reviewed-by: Daniel P. Berrangé <berrange@redhat.com> Signed-off-by: Richard Henderson <richard.henderson@linaro.org>
* crypto: Use O_CLOEXEC in qcrypto_random_initRichard Henderson2019-05-221-2/+2
| | | | | | | | | Avoids leaking the /dev/urandom fd into any child processes. Reviewed-by: Laurent Vivier <lvivier@redhat.com> Reviewed-by: Philippe Mathieu-Daudé <philmd@redhat.com> Reviewed-by: Daniel P. Berrangé <berrange@redhat.com> Signed-off-by: Richard Henderson <richard.henderson@linaro.org>
* crypto: Do not fail for EINTR during qcrypto_random_bytesRichard Henderson2019-05-221-21/+15Star
| | | | | | | | | | | | We can always get EINTR for read; /dev/urandom is no exception. Rearrange the order of tests for likelihood; allow degenerate buflen==0 case to perform a no-op zero-length read. This means that the normal success path is a straight line with a single test for success. Reviewed-by: Laurent Vivier <lvivier@redhat.com> Reviewed-by: Daniel P. Berrangé <berrange@redhat.com> Signed-off-by: Richard Henderson <richard.henderson@linaro.org>
* crypto: Reverse code blocks in random-platform.cRichard Henderson2019-05-221-18/+17Star
| | | | | | | | | | Use #ifdef _WIN32 instead of #ifndef _WIN32. This will make other tests easier to sequence. Reviewed-by: Laurent Vivier <lvivier@redhat.com> Reviewed-by: Philippe Mathieu-Daudé <philmd@redhat.com> Reviewed-by: Daniel P. Berrangé <berrange@redhat.com> Signed-off-by: Richard Henderson <richard.henderson@linaro.org>
* build: Link user-only with crypto random number objectsRichard Henderson2019-05-221-5/+6
| | | | | | | | | | | | | For user-only, we require only the random number bits of the crypto subsystem. Rename crypto-aes-obj-y to crypto-user-obj-y, and add the random number objects, plus init.o to handle any extra stuff the crypto library requires. Move the crypto libraries from libs_softmmu and libs_tools to LIBS, so that they are universally used. Reviewed-by: Daniel P. Berrangé <berrange@redhat.com> Signed-off-by: Richard Henderson <richard.henderson@linaro.org>
* trace-events: Shorten file names in commentsMarkus Armbruster2019-03-221-5/+5
| | | | | | | | | | | | | | | We spell out sub/dir/ in sub/dir/trace-events' comments pointing to source files. That's because when trace-events got split up, the comments were moved verbatim. Delete the sub/dir/ part from these comments. Gets rid of several misspellings. Signed-off-by: Markus Armbruster <armbru@redhat.com> Reviewed-by: Philippe Mathieu-Daudé <philmd@redhat.com> Message-id: 20190314180929.27722-3-armbru@redhat.com Message-Id: <20190314180929.27722-3-armbru@redhat.com> Signed-off-by: Stefan Hajnoczi <stefanha@redhat.com>
* crypto/block: remove redundant struct packing to fix build with gcc 9Greg Kurz2019-03-211-2/+2
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | Build fails with gcc 9: crypto/block-luks.c:689:18: error: taking address of packed member of ‘struct QCryptoBlockLUKSHeader’ may result in an unaligned pointer value [-Werror=address-of-packed-member] 689 | be32_to_cpus(&luks->header.payload_offset); | ^~~~~~~~~~~~~~~~~~~~~~~~~~~~ crypto/block-luks.c:690:18: error: taking address of packed member of ‘struct QCryptoBlockLUKSHeader’ may result in an unaligned pointer value [-Werror=address-of-packed-member] 690 | be32_to_cpus(&luks->header.key_bytes); | ^~~~~~~~~~~~~~~~~~~~~~~ crypto/block-luks.c:691:18: error: taking address of packed member of ‘struct QCryptoBlockLUKSHeader’ may result in an unaligned pointer value [-Werror=address-of-packed-member] 691 | be32_to_cpus(&luks->header.master_key_iterations); | ^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ... a bunch of similar errors... crypto/block-luks.c:1288:22: error: taking address of packed member of ‘struct QCryptoBlockLUKSKeySlot’ may result in an unaligned pointer value [-Werror=address-of-packed-member] 1288 | be32_to_cpus(&luks->header.key_slots[i].stripes); | ^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ cc1: all warnings being treated as errors All members of the QCryptoBlockLUKSKeySlot and QCryptoBlockLUKSHeader are naturally aligned and we already check at build time there isn't any unwanted padding. Drop the QEMU_PACKED attribute. Reviewed-by: Eric Blake <eblake@redhat.com> Signed-off-by: Greg Kurz <groug@kaod.org> Signed-off-by: Daniel P. Berrangé <berrange@redhat.com>
* authz: delete existing ACL implementationDaniel P. Berrange2019-02-262-19/+18Star
| | | | | | | | | | | | | | | | The 'qemu_acl' type was a previous non-QOM based attempt to provide an authorization facility in QEMU. Because it is non-QOM based it cannot be created via the command line and requires special monitor commands to manipulate it. The new QAuthZ subclasses provide a superset of the functionality in qemu_acl, so the latter can now be deleted. The HMP 'acl_*' monitor commands are converted to use the new QAuthZSimple data type instead in order to provide temporary backwards compatibility. Reviewed-by: Philippe Mathieu-Daudé <philmd@redhat.com> Tested-by: Philippe Mathieu-Daudé <philmd@redhat.com> Signed-off-by: Daniel P. Berrange <berrange@redhat.com>
* crypto: finish removing TABsPaolo Bonzini2019-02-052-504/+504
| | | | | Suggested-by: Daniel P. Berrange <berrange@redhat.com> Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
* Don't talk about the LGPL if the file is licensed under the GPLThomas Huth2019-01-301-6/+5Star
| | | | | | | | | | | | Some files claim that the code is licensed under the GPL, but then suddenly suggest that the user should have a look at the LGPL. That's of course non-sense, replace it with the correct GPL wording instead. Signed-off-by: Thomas Huth <thuth@redhat.com> Message-Id: <1548255083-8190-1-git-send-email-thuth@redhat.com> Reviewed-by: Laurent Vivier <laurent@vivier.eu> Signed-off-by: Laurent Vivier <laurent@vivier.eu>
* remove space-tab sequencesPaolo Bonzini2019-01-111-14/+14
| | | | | | | | | | | There are not many, and they are all simple mistakes that ended up being committed. Remove them. Signed-off-by: Paolo Bonzini <pbonzini@redhat.com> Message-Id: <20181213223737.11793-2-pbonzini@redhat.com> Reviewed-by: Wainer dos Santos Moschetta <wainersm@redhat.com> Acked-by: Richard Henderson <richard.henderson@linaro.org> Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
* crypto: support multiple threads accessing one QCryptoBlockVladimir Sementsov-Ogievskiy2018-12-124-41/+163
| | | | | | | | | | | The two thing that should be handled are cipher and ivgen. For ivgen the solution is just mutex, as iv calculations should not be long in comparison with encryption/decryption. And for cipher let's just keep per-thread ciphers. Signed-off-by: Vladimir Sementsov-Ogievskiy <vsementsov@virtuozzo.com> Reviewed-by: Alberto Garcia <berto@igalia.com> Signed-off-by: Daniel P. Berrangé <berrange@redhat.com>
* crypto/block: introduce qcrypto_block_*crypt_helper functionsVladimir Sementsov-Ogievskiy2018-12-124-16/+54
| | | | | | | | | Introduce QCryptoBlock-based functions and use them where possible. This is needed to implement thread-safe encrypt/decrypt operations. Signed-off-by: Vladimir Sementsov-Ogievskiy <vsementsov@virtuozzo.com> Reviewed-by: Alberto Garcia <berto@igalia.com> Signed-off-by: Daniel P. Berrangé <berrange@redhat.com>
* crypto/block: rename qcrypto_block_*crypt_helperVladimir Sementsov-Ogievskiy2018-12-124-81/+83
| | | | | | | | | | | | | Rename qcrypto_block_*crypt_helper to qcrypto_block_cipher_*crypt_helper, as it's not about QCryptoBlock. This is needed to introduce qcrypto_block_*crypt_helper in the next commit, which will have QCryptoBlock pointer and than will be able to use additional fields of it, which in turn will be used to implement thread-safe QCryptoBlock operations. Signed-off-by: Vladimir Sementsov-Ogievskiy <vsementsov@virtuozzo.com> Reviewed-by: Alberto Garcia <berto@igalia.com> Signed-off-by: Daniel P. Berrangé <berrange@redhat.com>
* crypto/block: refactor qcrypto_block_*crypt_helper functionsVladimir Sementsov-Ogievskiy2018-12-121-50/+31Star
| | | | | | | | | | qcrypto_block_encrypt_helper and qcrypto_block_decrypt_helper are almost identical, let's reduce code duplication and simplify further improvements. Signed-off-by: Vladimir Sementsov-Ogievskiy <vsementsov@virtuozzo.com> Reviewed-by: Alberto Garcia <berto@igalia.com> Signed-off-by: Daniel P. Berrangé <berrange@redhat.com>
* crypto/block-luks: fix memory leak in qcrypto_block_luks_createVladimir Sementsov-Ogievskiy2018-12-121-0/+3
| | | | | | | | Free block->cipher and block->ivgen on error path. Signed-off-by: Vladimir Sementsov-Ogievskiy <vsementsov@virtuozzo.com> Reviewed-by: Alberto Garcia <berto@igalia.com> Signed-off-by: Daniel P. Berrangé <berrange@redhat.com>
* io: return 0 for EOF in TLS session read after shutdownDaniel P. Berrangé2018-11-191-0/+3
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | GNUTLS takes a paranoid approach when seeing 0 bytes returned by the underlying OS read() function. It will consider this an error and return GNUTLS_E_PREMATURE_TERMINATION instead of propagating the 0 return value. It expects apps to arrange for clean termination at the protocol level and not rely on seeing EOF from a read call to detect shutdown. This is to harden apps against a malicious 3rd party causing termination of the sockets layer. This is unhelpful for the QEMU NBD code which does have a clean protocol level shutdown, but still relies on seeing 0 from the I/O channel read in the coroutine handling incoming replies. The upshot is that when using a plain NBD connection shutdown is silent, but when using TLS, the client spams the console with Cannot read from TLS channel: Broken pipe The NBD connection has, however, called qio_channel_shutdown() at this point to indicate that it is done with I/O. This gives the opportunity to optimize the code such that when the channel has been shutdown in the read direction, the error code GNUTLS_E_PREMATURE_TERMINATION gets turned into a '0' return instead of an error. Signed-off-by: Daniel P. Berrangé <berrange@redhat.com> Message-Id: <20181119134228.11031-1-berrange@redhat.com> Reviewed-by: Eric Blake <eblake@redhat.com> Signed-off-by: Eric Blake <eblake@redhat.com>
* crypto: initialize sector size even when opening with no IO flagDaniel P. Berrangé2018-11-051-0/+2
| | | | | | | | | The qcow2 block driver expects to see a valid sector size even when it has opened the crypto layer with QCRYPTO_BLOCK_OPEN_NO_IO. Signed-off-by: Daniel P. Berrangé <berrange@redhat.com> Reviewed-by: Alberto Garcia <berto@igalia.com> Signed-off-by: Kevin Wolf <kwolf@redhat.com>
* crypto: annotate xts_tweak_encdec as inlineableDaniel P. Berrangé2018-10-241-5/+5
| | | | | | | | | | | Encouraging the compiler to inline xts_tweak_encdec increases the performance for xts-aes-128 when built with gcrypt: Encrypt: 545 MB/s -> 580 MB/s Decrypt: 568 MB/s -> 602 MB/s Reviewed-by: Alberto Garcia <berto@igalia.com> Signed-off-by: Daniel P. Berrangé <berrange@redhat.com>
* crypto: convert xts_mult_x to use xts_uint128 typeDaniel P. Berrangé2018-10-241-12/+28
| | | | | | | | | | | Using 64-bit arithmetic increases the performance for xts-aes-128 when built with gcrypt: Encrypt: 355 MB/s -> 545 MB/s Decrypt: 362 MB/s -> 568 MB/s Reviewed-by: Alberto Garcia <berto@igalia.com> Signed-off-by: Daniel P. Berrangé <berrange@redhat.com>
* crypto: convert xts_tweak_encdec to use xts_uint128 typeDaniel P. Berrangé2018-10-241-26/+58
| | | | | | | | | | | Using 64-bit arithmetic increases the performance for xts-aes-128 when built with gcrypt: Encrypt: 272 MB/s -> 355 MB/s Decrypt: 275 MB/s -> 362 MB/s Reviewed-by: Alberto Garcia <berto@igalia.com> Signed-off-by: Daniel P. Berrangé <berrange@redhat.com>
* crypto: introduce a xts_uint128 data typeDaniel P. Berrangé2018-10-241-20/+26
| | | | | | | | | The new type is designed to allow use of 64-bit arithmetic instead of operating 1-byte at a time. The following patches will use this to improve performance. Reviewed-by: Alberto Garcia <berto@igalia.com> Signed-off-by: Daniel P. Berrangé <berrange@redhat.com>
* crypto: remove code duplication in tweak encrypt/decryptDaniel P. Berrangé2018-10-241-49/+15Star
| | | | | | | | | | The tweak encrypt/decrypt functions are identical except for the comments, so can be merged. Profiling data shows that the compiler is in fact already merging the two merges in the object files. Reviewed-by: Marc-André Lureau <marcandre.lureau@redhat.com> Reviewed-by: Alberto Garcia <berto@igalia.com> Signed-off-by: Daniel P. Berrangé <berrange@redhat.com>
* crypto: require nettle >= 2.7.1 for building QEMUDaniel P. Berrangé2018-10-191-2/+2
| | | | | | | | | | | | | | | | | | | | | | | nettle 2.7.1 was released in 2013 and all the distros that are build target platforms for QEMU [1] include it: RHEL-7: 2.7.1 Debian (Stretch): 3.3 Debian (Jessie): 2.7.1 OpenBSD (ports): 3.4 FreeBSD (ports): 3.4 OpenSUSE Leap 15: 3.4 Ubuntu (Xenial): 3.2 macOS (Homebrew): 3.4 Based on this, it is reasonable to require nettle >= 2.7.1 in QEMU which allows for some conditional version checks in the code to be removed. [1] https://qemu.weilnetz.de/doc/qemu-doc.html#Supported-build-platforms Reviewed-by: Eric Blake <eblake@redhat.com> Signed-off-by: Daniel P. Berrangé <berrange@redhat.com>
* crypto: require libgcrypt >= 1.5.0 for building QEMUDaniel P. Berrangé2018-10-192-3/+2Star
| | | | | | | | | | | | | | | | | | | | | | | libgcrypt 1.5.0 was released in 2011 and all the distros that are build target platforms for QEMU [1] include it: RHEL-7: 1.5.3 Debian (Stretch): 1.7.6 Debian (Jessie): 1.6.3 OpenBSD (ports): 1.8.2 FreeBSD (ports): 1.8.3 OpenSUSE Leap 15: 1.8.2 Ubuntu (Xenial): 1.6.5 macOS (Homebrew): 1.8.3 Based on this, it is reasonable to require libgcrypt >= 1.5.0 in QEMU which allows for some conditional version checks in the code to be removed. [1] https://qemu.weilnetz.de/doc/qemu-doc.html#Supported-build-platforms Reviewed-by: Eric Blake <eblake@redhat.com> Signed-off-by: Daniel P. Berrangé <berrange@redhat.com>
* crypto: require gnutls >= 3.1.18 for building QEMUDaniel P. Berrangé2018-10-194-49/+4Star
| | | | | | | | | | | | | | | | | | | | | | | gnutls 3.0.0 was released in 2011 and all the distros that are build target platforms for QEMU [1] include it: RHEL-7: 3.1.18 Debian (Stretch): 3.5.8 Debian (Jessie): 3.3.8 OpenBSD (ports): 3.5.18 FreeBSD (ports): 3.5.18 OpenSUSE Leap 15: 3.6.2 Ubuntu (Xenial): 3.4.10 macOS (Homebrew): 3.5.19 Based on this, it is reasonable to require gnutls >= 3.1.18 in QEMU which allows for all conditional version checks in the code to be removed. [1] https://qemu.weilnetz.de/doc/qemu-doc.html#Supported-build-platforms Reviewed-by: Eric Blake <eblake@redhat.com> Signed-off-by: Daniel P. Berrangé <berrange@redhat.com>
* crypto: Implement TLS Pre-Shared Keys (PSK).Richard W.M. Jones2018-07-034-2/+366
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Pre-Shared Keys (PSK) is a simpler mechanism for enabling TLS connections than using certificates. It requires only a simple secret key: $ mkdir -m 0700 /tmp/keys $ psktool -u rjones -p /tmp/keys/keys.psk $ cat /tmp/keys/keys.psk rjones:d543770c15ad93d76443fb56f501a31969235f47e999720ae8d2336f6a13fcbc The key can be secretly shared between clients and servers. Clients must specify the directory containing the "keys.psk" file and a username (defaults to "qemu"). Servers must specify only the directory. Example NBD client: $ qemu-img info \ --object tls-creds-psk,id=tls0,dir=/tmp/keys,username=rjones,endpoint=client \ --image-opts \ file.driver=nbd,file.host=localhost,file.port=10809,file.tls-creds=tls0,file.export=/ Example NBD server using qemu-nbd: $ qemu-nbd -t -x / \ --object tls-creds-psk,id=tls0,endpoint=server,dir=/tmp/keys \ --tls-creds tls0 \ image.qcow2 Example NBD server using nbdkit: $ nbdkit -n -e / -fv \ --tls=on --tls-psk=/tmp/keys/keys.psk \ file file=disk.img Signed-off-by: Richard W.M. Jones <rjones@redhat.com> Signed-off-by: Daniel P. Berrangé <berrange@redhat.com>
* glib: bump min required glib library version to 2.40Daniel P. Berrangé2018-06-292-40/+0Star
| | | | | | | | | | | | | | | | | | | | | | | | | | | | Per supported platforms doc[1], the various min glib on relevant distros is: RHEL-7: 2.50.3 Debian (Stretch): 2.50.3 Debian (Jessie): 2.42.1 OpenBSD (Ports): 2.54.3 FreeBSD (Ports): 2.50.3 OpenSUSE Leap 15: 2.54.3 SLE12-SP2: 2.48.2 Ubuntu (Xenial): 2.48.0 macOS (Homebrew): 2.56.0 This suggests that a minimum glib of 2.42 is a reasonable target. The GLibC compile farm, however, uses Ubuntu 14.04 (Trusty) which only has glib 2.40.0, and this is needed for testing during merge. Thus an exception is made to the documented platform support policy to allow for all three current LTS releases to be supported. Docker jobs that not longer satisfy this new min version are removed. [1] https://qemu.weilnetz.de/doc/qemu-doc.html#Supported-build-platforms Reviewed-by: Thomas Huth <thuth@redhat.com> Signed-off-by: Daniel P. Berrangé <berrange@redhat.com>
* crypto: use local path for local headersMichael S. Tsirkin2018-06-0116-23/+23
| | | | | | | | | | | When pulling in headers that are in the same directory as the C file (as opposed to one in include/), we should use its relative path, without a directory. Signed-off-by: Michael S. Tsirkin <mst@redhat.com> Reviewed-by: Philippe Mathieu-Daudé <f4bug@amsat.org> Tested-by: Philippe Mathieu-Daudé <f4bug@amsat.org> Acked-by: Daniel P. Berrangé <berrange@redhat.com>
* Include less of the generated modular QAPI headersMarkus Armbruster2018-03-021-1/+1
| | | | | | | | | | | | | | | | | | | | | In my "build everything" tree, a change to the types in qapi-schema.json triggers a recompile of about 4800 out of 5100 objects. The previous commit split up qmp-commands.h, qmp-event.h, qmp-visit.h, qapi-types.h. Each of these headers still includes all its shards. Reduce compile time by including just the shards we actually need. To illustrate the benefits: adding a type to qapi/migration.json now recompiles some 2300 instead of 4800 objects. The next commit will improve it further. Signed-off-by: Markus Armbruster <armbru@redhat.com> Message-Id: <20180211093607.27351-24-armbru@redhat.com> Reviewed-by: Eric Blake <eblake@redhat.com> Reviewed-by: Marc-André Lureau <marcandre.lureau@redhat.com> [eblake: rebase to master] Signed-off-by: Eric Blake <eblake@redhat.com>