From patchwork Sat Sep 24 02:09:59 2016 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: "Gonglei (Arei)" X-Patchwork-Id: 9349011 Return-Path: Received: from mail.wl.linuxfoundation.org (pdx-wl-mail.web.codeaurora.org [172.30.200.125]) by pdx-korg-patchwork.web.codeaurora.org (Postfix) with ESMTP id B10A26077A for ; Sat, 24 Sep 2016 02:16:00 +0000 (UTC) Received: from mail.wl.linuxfoundation.org (localhost [127.0.0.1]) by mail.wl.linuxfoundation.org (Postfix) with ESMTP id 92CF72A1F4 for ; Sat, 24 Sep 2016 02:16:00 +0000 (UTC) Received: by mail.wl.linuxfoundation.org (Postfix, from userid 486) id 804682A201; Sat, 24 Sep 2016 02:16:00 +0000 (UTC) X-Spam-Checker-Version: SpamAssassin 3.3.1 (2010-03-16) on pdx-wl-mail.web.codeaurora.org X-Spam-Level: X-Spam-Status: No, score=-6.9 required=2.0 tests=BAYES_00,RCVD_IN_DNSWL_HI autolearn=ham version=3.3.1 Received: from lists.gnu.org (lists.gnu.org [208.118.235.17]) (using TLSv1 with cipher AES256-SHA (256/256 bits)) (No client certificate requested) by mail.wl.linuxfoundation.org (Postfix) with ESMTPS id 698E82A1F4 for ; Sat, 24 Sep 2016 02:15:51 +0000 (UTC) Received: from localhost ([::1]:54652 helo=lists.gnu.org) by lists.gnu.org with esmtp (Exim 4.71) (envelope-from ) id 1bncVK-0004BI-9o for patchwork-qemu-devel@patchwork.kernel.org; Fri, 23 Sep 2016 22:15:50 -0400 Received: from eggs.gnu.org ([2001:4830:134:3::10]:34696) by lists.gnu.org with esmtp (Exim 4.71) (envelope-from ) id 1bncQ9-0008Ov-IK for qemu-devel@nongnu.org; Fri, 23 Sep 2016 22:10:30 -0400 Received: from Debian-exim by eggs.gnu.org with spam-scanned (Exim 4.71) (envelope-from ) id 1bncQ5-0000DG-Mo for qemu-devel@nongnu.org; Fri, 23 Sep 2016 22:10:29 -0400 Received: from szxga02-in.huawei.com ([119.145.14.65]:57197) by eggs.gnu.org with esmtp (Exim 4.71) (envelope-from ) id 1bncQ4-0000BZ-Ni for qemu-devel@nongnu.org; Fri, 23 Sep 2016 22:10:25 -0400 Received: from 172.24.1.36 (EHLO szxeml430-hub.china.huawei.com) ([172.24.1.36]) by szxrg02-dlp.huawei.com (MOS 4.3.7-GA FastPath queued) with ESMTP id DNP72654; Sat, 24 Sep 2016 10:10:20 +0800 (CST) Received: from localhost (10.177.18.62) by szxeml430-hub.china.huawei.com (10.82.67.185) with Microsoft SMTP Server id 14.3.235.1; Sat, 24 Sep 2016 10:10:05 +0800 From: Gonglei To: Date: Sat, 24 Sep 2016 10:09:59 +0800 Message-ID: <1474683000-346560-3-git-send-email-arei.gonglei@huawei.com> X-Mailer: git-send-email 2.6.3.windows.1 In-Reply-To: <1474683000-346560-1-git-send-email-arei.gonglei@huawei.com> References: <1474683000-346560-1-git-send-email-arei.gonglei@huawei.com> MIME-Version: 1.0 X-Originating-IP: [10.177.18.62] X-CFilter-Loop: Reflected X-Mirapoint-Virus-RAPID-Raw: score=unknown(0), refid=str=0001.0A020205.57E5E08C.00C7, ss=1, re=0.000, recu=0.000, reip=0.000, cl=1, cld=1, fgs=0, ip=0.0.0.0, so=2013-06-18 04:22:30, dmn=2013-03-21 17:37:32 X-Mirapoint-Loop-Id: 40b77893a4aff0917c2fc84c9a69d9f4 X-detected-operating-system: by eggs.gnu.org: GNU/Linux 2.4.x-2.6.x [generic] X-Received-From: 119.145.14.65 Subject: [Qemu-devel] [PATCH v2 2/3] crypto: extend mode as a parameter in qcrypto_cipher_supports() X-BeenThere: qemu-devel@nongnu.org X-Mailman-Version: 2.1.21 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Cc: Gonglei , wu.wubin@huawei.com Errors-To: qemu-devel-bounces+patchwork-qemu-devel=patchwork.kernel.org@nongnu.org Sender: "Qemu-devel" X-Virus-Scanned: ClamAV using ClamSMTP It can't guarantee all cipher modes are supported if one cipher algorithm is supported by a backend. Let's extend qcrypto_cipher_supports() to take both the algorithm and mode as parameters. Signed-off-by: Gonglei --- block/qcow.c | 3 ++- block/qcow2.c | 3 ++- crypto/cipher-builtin.c | 14 +++++++++++++- crypto/cipher-gcrypt.c | 13 ++++++++++++- crypto/cipher-nettle.c | 13 ++++++++++++- include/crypto/cipher.h | 6 ++++-- tests/test-crypto-cipher.c | 2 +- ui/vnc.c | 2 +- 8 files changed, 47 insertions(+), 9 deletions(-) diff --git a/block/qcow.c b/block/qcow.c index 94f01b3..7540f43 100644 --- a/block/qcow.c +++ b/block/qcow.c @@ -153,7 +153,8 @@ static int qcow_open(BlockDriverState *bs, QDict *options, int flags, ret = -EINVAL; goto fail; } - if (!qcrypto_cipher_supports(QCRYPTO_CIPHER_ALG_AES_128)) { + if (!qcrypto_cipher_supports(QCRYPTO_CIPHER_ALG_AES_128, + QCRYPTO_CIPHER_MODE_CBC)) { error_setg(errp, "AES cipher not available"); ret = -EINVAL; goto fail; diff --git a/block/qcow2.c b/block/qcow2.c index 0e53a4d..e11c7c9 100644 --- a/block/qcow2.c +++ b/block/qcow2.c @@ -959,7 +959,8 @@ static int qcow2_open(BlockDriverState *bs, QDict *options, int flags, ret = -EINVAL; goto fail; } - if (!qcrypto_cipher_supports(QCRYPTO_CIPHER_ALG_AES_128)) { + if (!qcrypto_cipher_supports(QCRYPTO_CIPHER_ALG_AES_128, + QCRYPTO_CIPHER_MODE_CBC)) { error_setg(errp, "AES cipher not available"); ret = -EINVAL; goto fail; diff --git a/crypto/cipher-builtin.c b/crypto/cipher-builtin.c index 9d25842..fd59a9e 100644 --- a/crypto/cipher-builtin.c +++ b/crypto/cipher-builtin.c @@ -400,14 +400,26 @@ static int qcrypto_cipher_init_des_rfb(QCryptoCipher *cipher, } -bool qcrypto_cipher_supports(QCryptoCipherAlgorithm alg) +bool qcrypto_cipher_supports(QCryptoCipherAlgorithm alg, + QCryptoCipherMode mode) { switch (alg) { case QCRYPTO_CIPHER_ALG_DES_RFB: case QCRYPTO_CIPHER_ALG_AES_128: case QCRYPTO_CIPHER_ALG_AES_192: case QCRYPTO_CIPHER_ALG_AES_256: + break; + default: + return false; + } + + switch (mode) { + case QCRYPTO_CIPHER_MODE_ECB: + case QCRYPTO_CIPHER_MODE_CBC: + case QCRYPTO_CIPHER_MODE_XTS: return true; + case QCRYPTO_CIPHER_MODE_CTR: + return false; default: return false; } diff --git a/crypto/cipher-gcrypt.c b/crypto/cipher-gcrypt.c index 97b015a..c550db9 100644 --- a/crypto/cipher-gcrypt.c +++ b/crypto/cipher-gcrypt.c @@ -24,7 +24,8 @@ #include -bool qcrypto_cipher_supports(QCryptoCipherAlgorithm alg) +bool qcrypto_cipher_supports(QCryptoCipherAlgorithm alg, + QCryptoCipherMode mode) { switch (alg) { case QCRYPTO_CIPHER_ALG_DES_RFB: @@ -37,6 +38,16 @@ bool qcrypto_cipher_supports(QCryptoCipherAlgorithm alg) case QCRYPTO_CIPHER_ALG_SERPENT_256: case QCRYPTO_CIPHER_ALG_TWOFISH_128: case QCRYPTO_CIPHER_ALG_TWOFISH_256: + break; + default: + return false; + } + + switch (mode) { + case QCRYPTO_CIPHER_MODE_ECB: + case QCRYPTO_CIPHER_MODE_CBC: + case QCRYPTO_CIPHER_MODE_XTS: + case QCRYPTO_CIPHER_MODE_CTR: return true; default: return false; diff --git a/crypto/cipher-nettle.c b/crypto/cipher-nettle.c index 4b673aa..cd094cd 100644 --- a/crypto/cipher-nettle.c +++ b/crypto/cipher-nettle.c @@ -192,7 +192,8 @@ struct QCryptoCipherNettle { size_t blocksize; }; -bool qcrypto_cipher_supports(QCryptoCipherAlgorithm alg) +bool qcrypto_cipher_supports(QCryptoCipherAlgorithm alg, + QCryptoCipherMode mode) { switch (alg) { case QCRYPTO_CIPHER_ALG_DES_RFB: @@ -206,6 +207,16 @@ bool qcrypto_cipher_supports(QCryptoCipherAlgorithm alg) case QCRYPTO_CIPHER_ALG_TWOFISH_128: case QCRYPTO_CIPHER_ALG_TWOFISH_192: case QCRYPTO_CIPHER_ALG_TWOFISH_256: + break; + default: + return false; + } + + switch (mode) { + case QCRYPTO_CIPHER_MODE_ECB: + case QCRYPTO_CIPHER_MODE_CBC: + case QCRYPTO_CIPHER_MODE_XTS: + case QCRYPTO_CIPHER_MODE_CTR: return true; default: return false; diff --git a/include/crypto/cipher.h b/include/crypto/cipher.h index f9015e1..bec9f41 100644 --- a/include/crypto/cipher.h +++ b/include/crypto/cipher.h @@ -85,13 +85,15 @@ struct QCryptoCipher { /** * qcrypto_cipher_supports: * @alg: the cipher algorithm + * @mode: the cipher mode * - * Determine if @alg cipher algorithm is supported by the + * Determine if @alg cipher algorithm in @mode is supported by the * current configured build * * Returns: true if the algorithm is supported, false otherwise */ -bool qcrypto_cipher_supports(QCryptoCipherAlgorithm alg); +bool qcrypto_cipher_supports(QCryptoCipherAlgorithm alg, + QCryptoCipherMode mode); /** * qcrypto_cipher_get_block_len: diff --git a/tests/test-crypto-cipher.c b/tests/test-crypto-cipher.c index 49f8e9d..5d9e535 100644 --- a/tests/test-crypto-cipher.c +++ b/tests/test-crypto-cipher.c @@ -671,7 +671,7 @@ int main(int argc, char **argv) g_assert(qcrypto_init(NULL) == 0); for (i = 0; i < G_N_ELEMENTS(test_data); i++) { - if (qcrypto_cipher_supports(test_data[i].alg)) { + if (qcrypto_cipher_supports(test_data[i].alg, test_data[i].mode)) { g_test_add_data_func(test_data[i].path, &test_data[i], test_cipher); } } diff --git a/ui/vnc.c b/ui/vnc.c index 76a3273..a185d60 100644 --- a/ui/vnc.c +++ b/ui/vnc.c @@ -3650,7 +3650,7 @@ void vnc_display_open(const char *id, Error **errp) goto fail; } if (!qcrypto_cipher_supports( - QCRYPTO_CIPHER_ALG_DES_RFB)) { + QCRYPTO_CIPHER_ALG_DES_RFB, QCRYPTO_CIPHER_MODE_ECB)) { error_setg(errp, "Cipher backend does not support DES RFB algorithm"); goto fail;