From patchwork Tue Apr 25 17:28:07 2017 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Geert Martin Ijewski X-Patchwork-Id: 9698851 Return-Path: Received: from mail.wl.linuxfoundation.org (pdx-wl-mail.web.codeaurora.org [172.30.200.125]) by pdx-korg-patchwork.web.codeaurora.org (Postfix) with ESMTP id 11A726020A for ; Tue, 25 Apr 2017 17:31:10 +0000 (UTC) Received: from mail.wl.linuxfoundation.org (localhost [127.0.0.1]) by mail.wl.linuxfoundation.org (Postfix) with ESMTP id F06BD2866A for ; Tue, 25 Apr 2017 17:31:09 +0000 (UTC) Received: by mail.wl.linuxfoundation.org (Postfix, from userid 486) id E34B628681; Tue, 25 Apr 2017 17:31:09 +0000 (UTC) X-Spam-Checker-Version: SpamAssassin 3.3.1 (2010-03-16) on pdx-wl-mail.web.codeaurora.org X-Spam-Level: X-Spam-Status: No, score=-6.9 required=2.0 tests=BAYES_00,FREEMAIL_FROM, RCVD_IN_DNSWL_HI autolearn=ham version=3.3.1 Received: from lists.gnu.org (lists.gnu.org [208.118.235.17]) (using TLSv1 with cipher AES256-SHA (256/256 bits)) (No client certificate requested) by mail.wl.linuxfoundation.org (Postfix) with ESMTPS id 6A00A2866A for ; Tue, 25 Apr 2017 17:31:09 +0000 (UTC) Received: from localhost ([::1]:50676 helo=lists.gnu.org) by lists.gnu.org with esmtp (Exim 4.71) (envelope-from ) id 1d34Iu-0007Ct-Mk for patchwork-qemu-devel@patchwork.kernel.org; Tue, 25 Apr 2017 13:31:08 -0400 Received: from eggs.gnu.org ([2001:4830:134:3::10]:60617) by lists.gnu.org with esmtp (Exim 4.71) (envelope-from ) id 1d34H4-0006Mp-Lu for qemu-devel@nongnu.org; Tue, 25 Apr 2017 13:29:15 -0400 Received: from Debian-exim by eggs.gnu.org with spam-scanned (Exim 4.71) (envelope-from ) id 1d34Gz-0000Kn-O7 for qemu-devel@nongnu.org; Tue, 25 Apr 2017 13:29:14 -0400 Received: from mout.web.de ([217.72.192.78]:52588) by eggs.gnu.org with esmtps (TLS1.0:DHE_RSA_AES_128_CBC_SHA1:16) (Exim 4.71) (envelope-from ) id 1d34Gz-0000K2-CL for qemu-devel@nongnu.org; Tue, 25 Apr 2017 13:29:09 -0400 Received: from [192.168.2.125] ([217.94.8.34]) by smtp.web.de (mrweb102 [213.165.67.124]) with ESMTPSA (Nemesis) id 0MRUBA-1caa6G0Zei-00Sj3f; Tue, 25 Apr 2017 19:29:00 +0200 To: QEMU Developers , "Daniel P. Berrange" , Peter Maydell , eblake@redhat.com From: Geert Martin Ijewski Message-ID: Date: Tue, 25 Apr 2017 19:28:07 +0200 User-Agent: Mozilla/5.0 (Windows NT 10.0; WOW64; rv:45.0) Gecko/20100101 Thunderbird/45.8.0 MIME-Version: 1.0 X-Provags-ID: V03:K0:dnCx+6P0vWORlFHiJ9/Tj2TE5q9YP34XF+37sD7cKZ/1QVXls+y RRrITES01PlKZ5KaxwGfAiN2b07nq27HS7ekRhrE7ORL8Uh2IJQy66QIf0HrnBrFiehVKNk DqLaygGsTO4HIYujfY1pXXYpV6m9h8qRImo3POV0zaRfHJALr9srG97YQUZmKT0spn7VoyJ QpvHAv/iyRJ4lZERApL3g== X-UI-Out-Filterresults: notjunk:1; V01:K0:xshFGgV86a4=:Of9rC2CQ8YEzpW9nLeZzpD /jGgAb3s44DjXYqEaPZuOy2EYzHCWST2SabtxZeVoUYYYWyC7dZXVOwVhNPW9myiLr4m+wuRq ekT8jZ0qFCEveWDPUGFgEMANMmx9ni9tZYvf/tbLnehuMbwYeAI7TwRAEQKD6DlQxcq0MSZwo 60FttG3HEEoJN68Tf9ow2gfTgvcPZcDXrdAkeWf/feDH+uFsf8Gwsyx1JDVnNTDUr8jY94Sr1 ZS2lbPS/BBreNA+CFJx14bL3zXr6K6jMJ4tbi82TYVArQUzKeDSq61ZG+7K7D1gPQyj38Fzf6 LLBZkuk76zLhLix67xRdB93PtsSusbSs0optxYLHKtIOI7v8flKSc4k/uHwByVLC4t6JWVitW Tro4MH8sXcgo1EMUW2u+HVh1kEFTyYDkUU+WvyL87UHGIDVdjTZxt69PB2dyG27FdO4Wq38RG zAQK8oG/kwHXyt4Qv8ggnGSZLOXTHHiJfHbCwz4l1PgaDZLzbXDAWvLJJZuILzwIaMKwaRZnF IN6tQz2Gc8aF6axKG70kQtAAsg8BUI6Na8i29qsyjdKxjnj33KsXa8wMAhFlK3GI3rCVpgLUn f8Ikxe5mYq5kwi7k5rYhO6PeeCSQdK02pohKn/J+FSEes8vgTzEYGPEVprI/lQ9Q257vxgUir d4LNro2Gk0WSGu70FlGwf8atP7uJt9b3M+9+pZiXKfNiSo8VVli4iOU0Gk6V22rXA47DKZG6k mUQy2xsL9btHVjVaRNM2NyIbRXxOjilA/j/aroF4lYSYgHbn5YQhIS4tENedYdeMCOTpomyPc YnDq0Zg X-detected-operating-system: by eggs.gnu.org: GNU/Linux 2.2.x-3.x [generic] [fuzzy] X-Received-From: 217.72.192.78 Subject: [Qemu-devel] [PATCH v3] crypto: qcrypto_random_bytes() now works on windows w/o any other crypto lib X-BeenThere: qemu-devel@nongnu.org X-Mailman-Version: 2.1.21 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: qemu-devel-bounces+patchwork-qemu-devel=patchwork.kernel.org@nongnu.org Sender: "Qemu-devel" X-Virus-Scanned: ClamAV using ClamSMTP If no crypto library is included in the build, QEMU uses qcrypto_random_bytes() to generate random data. That function tried to open /dev/urandom or /dev/random and if openeing neither file worked it errored out. Those files obviously do not exist on windows, so there the code uses CryptGenRandom(). Furthermore there was some refactoring and a new function qcrypto_random_init() was introduced. If a proper crypto library (gnutls or libgcrypt) is included in the build, this function does nothing. If neither is included it initalizes the (platform specific) handles that are used by qcrypto_random_bytes(). Either: * a handle to /dev/urandom | /dev/random on unix like systems * a handle to a cryptographic service provider on windows Signed-off-by: Geert Martin Ijewski Reviewed-by: Daniel P. Berrange --- crypto/init.c | 6 ++++++ crypto/random-gcrypt.c | 2 ++ crypto/random-gnutls.c | 3 +++ crypto/random-platform.c | 45 +++++++++++++++++++++++++++++++++++++-------- include/crypto/random.h | 9 +++++++++ 5 files changed, 57 insertions(+), 8 deletions(-) diff --git a/crypto/init.c b/crypto/init.c index f65207e..f131c42 100644 --- a/crypto/init.c +++ b/crypto/init.c @@ -32,6 +32,8 @@ #include #endif +#include "crypto/random.h" + /* #define DEBUG_GNUTLS */ /* @@ -146,5 +148,9 @@ int qcrypto_init(Error **errp) gcry_control(GCRYCTL_INITIALIZATION_FINISHED, 0); #endif + if (qcrypto_random_init(errp) < 0) { + return -1; + } + return 0; } diff --git a/crypto/random-gcrypt.c b/crypto/random-gcrypt.c index 0de9a09..2446142 100644 --- a/crypto/random-gcrypt.c +++ b/crypto/random-gcrypt.c @@ -31,3 +31,5 @@ int qcrypto_random_bytes(uint8_t *buf, gcry_randomize(buf, buflen, GCRY_STRONG_RANDOM); return 0; } + +int qcrpto_random_init(Error **errp G_GNUC_UNUSED) { return 0; } diff --git a/crypto/random-gnutls.c b/crypto/random-gnutls.c index 04b45a8..d80c786 100644 --- a/crypto/random-gnutls.c +++ b/crypto/random-gnutls.c @@ -41,3 +41,6 @@ int qcrypto_random_bytes(uint8_t *buf, return 0; } + + +int qcrpto_random_init(Error **errp G_GNUC_UNUSED) { return 0; } diff --git a/crypto/random-platform.c b/crypto/random-platform.c index 82b755a..c613b23 100644 --- a/crypto/random-platform.c +++ b/crypto/random-platform.c @@ -22,14 +22,23 @@ #include "crypto/random.h" -int qcrypto_random_bytes(uint8_t *buf G_GNUC_UNUSED, - size_t buflen G_GNUC_UNUSED, - Error **errp) -{ - int fd; - int ret = -1; - int got; +#ifdef _WIN32 +#include +static HCRYPTPROV hCryptProv; +#else +static int fd; /* a file handle to either /dev/urandom or /dev/random */ +#endif +int qcrypto_random_init(Error **errp) +{ +#ifdef _WIN32 + if (!CryptAcquireContext(&hCryptProv, NULL, NULL, PROV_RSA_FULL, + CRYPT_SILENT | CRYPT_VERIFYCONTEXT)) { + error_setg_win32(errp, GetLastError(), + "Unable to create cryptographic provider"); + return -1; + } +#else /* TBD perhaps also add support for BSD getentropy / Linux * getrandom syscalls directly */ fd = open("/dev/urandom", O_RDONLY); @@ -41,6 +50,18 @@ int qcrypto_random_bytes(uint8_t *buf G_GNUC_UNUSED, error_setg(errp, "No /dev/urandom or /dev/random found"); return -1; } +#endif + + return 0; +} + +int qcrypto_random_bytes(uint8_t *buf G_GNUC_UNUSED, + size_t buflen G_GNUC_UNUSED, + Error **errp) +{ +#ifndef _WIN32 + int ret = -1; + int got; while (buflen > 0) { got = read(fd, buf, buflen); @@ -59,6 +80,14 @@ int qcrypto_random_bytes(uint8_t *buf G_GNUC_UNUSED, ret = 0; cleanup: - close(fd); return ret; +#else + if (!CryptGenRandom(hCryptProv, buflen, buf)) { + error_setg_win32(errp, GetLastError(), + "Unable to read random bytes"); + return -1; + } + + return 0; +#endif } diff --git a/include/crypto/random.h b/include/crypto/random.h index a101353..82a3209 100644 --- a/include/crypto/random.h +++ b/include/crypto/random.h @@ -40,5 +40,14 @@ int qcrypto_random_bytes(uint8_t *buf, size_t buflen, Error **errp); +/** + * qcrypto_random_init: + * @errp: pointer to a NULL-initialized error object + * + * Initalizes the handles used by qcrypto_random_bytes + * + * Returns 0 on success, -1 on error + */ +int qcrypto_random_init(Error **errp); #endif /* QCRYPTO_RANDOM_H */