diff options
author | Gonglei <arei.gonglei@huawei.com> | 2016-09-26 17:23:21 +0800 |
---|---|---|
committer | Daniel P. Berrange <berrange@redhat.com> | 2016-10-19 10:09:24 +0100 |
commit | f844836ddccf3dbcba142128da5dd8ee618f3e91 (patch) | |
tree | 91556d3ea8b8236cf10d16681dacf2d95dfb4232 | |
parent | e8ddc2eae5ccc41f0815e5c43e70cb04a7e67e2e (diff) | |
download | qemu-f844836ddccf3dbcba142128da5dd8ee618f3e91.tar.gz qemu-f844836ddccf3dbcba142128da5dd8ee618f3e91.tar.bz2 qemu-f844836ddccf3dbcba142128da5dd8ee618f3e91.zip |
crypto: extend mode as a parameter in qcrypto_cipher_supports()
It can't guarantee all cipher modes are supported
if one cipher algorithm is supported by a backend.
Let's extend qcrypto_cipher_supports() to take both
the algorithm and mode as parameters.
Signed-off-by: Gonglei <arei.gonglei@huawei.com>
Signed-off-by: Daniel P. Berrange <berrange@redhat.com>
-rw-r--r-- | block/qcow.c | 3 | ||||
-rw-r--r-- | block/qcow2.c | 3 | ||||
-rw-r--r-- | crypto/cipher-builtin.c | 14 | ||||
-rw-r--r-- | crypto/cipher-gcrypt.c | 13 | ||||
-rw-r--r-- | crypto/cipher-nettle.c | 13 | ||||
-rw-r--r-- | include/crypto/cipher.h | 6 | ||||
-rw-r--r-- | tests/test-crypto-cipher.c | 2 | ||||
-rw-r--r-- | ui/vnc.c | 2 |
8 files changed, 47 insertions, 9 deletions
diff --git a/block/qcow.c b/block/qcow.c index 94f01b3d0c..7540f43f46 100644 --- a/block/qcow.c +++ b/block/qcow.c @@ -153,7 +153,8 @@ static int qcow_open(BlockDriverState *bs, QDict *options, int flags, ret = -EINVAL; goto fail; } - if (!qcrypto_cipher_supports(QCRYPTO_CIPHER_ALG_AES_128)) { + if (!qcrypto_cipher_supports(QCRYPTO_CIPHER_ALG_AES_128, + QCRYPTO_CIPHER_MODE_CBC)) { error_setg(errp, "AES cipher not available"); ret = -EINVAL; goto fail; diff --git a/block/qcow2.c b/block/qcow2.c index 0e53a4d666..e11c7c9d16 100644 --- a/block/qcow2.c +++ b/block/qcow2.c @@ -959,7 +959,8 @@ static int qcow2_open(BlockDriverState *bs, QDict *options, int flags, ret = -EINVAL; goto fail; } - if (!qcrypto_cipher_supports(QCRYPTO_CIPHER_ALG_AES_128)) { + if (!qcrypto_cipher_supports(QCRYPTO_CIPHER_ALG_AES_128, + QCRYPTO_CIPHER_MODE_CBC)) { error_setg(errp, "AES cipher not available"); ret = -EINVAL; goto fail; diff --git a/crypto/cipher-builtin.c b/crypto/cipher-builtin.c index 9d258428b0..fd59a9e461 100644 --- a/crypto/cipher-builtin.c +++ b/crypto/cipher-builtin.c @@ -400,14 +400,26 @@ static int qcrypto_cipher_init_des_rfb(QCryptoCipher *cipher, } -bool qcrypto_cipher_supports(QCryptoCipherAlgorithm alg) +bool qcrypto_cipher_supports(QCryptoCipherAlgorithm alg, + QCryptoCipherMode mode) { switch (alg) { case QCRYPTO_CIPHER_ALG_DES_RFB: case QCRYPTO_CIPHER_ALG_AES_128: case QCRYPTO_CIPHER_ALG_AES_192: case QCRYPTO_CIPHER_ALG_AES_256: + break; + default: + return false; + } + + switch (mode) { + case QCRYPTO_CIPHER_MODE_ECB: + case QCRYPTO_CIPHER_MODE_CBC: + case QCRYPTO_CIPHER_MODE_XTS: return true; + case QCRYPTO_CIPHER_MODE_CTR: + return false; default: return false; } diff --git a/crypto/cipher-gcrypt.c b/crypto/cipher-gcrypt.c index da3f4c74db..05026c0a0e 100644 --- a/crypto/cipher-gcrypt.c +++ b/crypto/cipher-gcrypt.c @@ -24,7 +24,8 @@ #include <gcrypt.h> -bool qcrypto_cipher_supports(QCryptoCipherAlgorithm alg) +bool qcrypto_cipher_supports(QCryptoCipherAlgorithm alg, + QCryptoCipherMode mode) { switch (alg) { case QCRYPTO_CIPHER_ALG_DES_RFB: @@ -37,6 +38,16 @@ bool qcrypto_cipher_supports(QCryptoCipherAlgorithm alg) case QCRYPTO_CIPHER_ALG_SERPENT_256: case QCRYPTO_CIPHER_ALG_TWOFISH_128: case QCRYPTO_CIPHER_ALG_TWOFISH_256: + break; + default: + return false; + } + + switch (mode) { + case QCRYPTO_CIPHER_MODE_ECB: + case QCRYPTO_CIPHER_MODE_CBC: + case QCRYPTO_CIPHER_MODE_XTS: + case QCRYPTO_CIPHER_MODE_CTR: return true; default: return false; diff --git a/crypto/cipher-nettle.c b/crypto/cipher-nettle.c index 879d831694..72d106922d 100644 --- a/crypto/cipher-nettle.c +++ b/crypto/cipher-nettle.c @@ -191,7 +191,8 @@ struct QCryptoCipherNettle { size_t blocksize; }; -bool qcrypto_cipher_supports(QCryptoCipherAlgorithm alg) +bool qcrypto_cipher_supports(QCryptoCipherAlgorithm alg, + QCryptoCipherMode mode) { switch (alg) { case QCRYPTO_CIPHER_ALG_DES_RFB: @@ -205,6 +206,16 @@ bool qcrypto_cipher_supports(QCryptoCipherAlgorithm alg) case QCRYPTO_CIPHER_ALG_TWOFISH_128: case QCRYPTO_CIPHER_ALG_TWOFISH_192: case QCRYPTO_CIPHER_ALG_TWOFISH_256: + break; + default: + return false; + } + + switch (mode) { + case QCRYPTO_CIPHER_MODE_ECB: + case QCRYPTO_CIPHER_MODE_CBC: + case QCRYPTO_CIPHER_MODE_XTS: + case QCRYPTO_CIPHER_MODE_CTR: return true; default: return false; diff --git a/include/crypto/cipher.h b/include/crypto/cipher.h index 376654dcdd..97638e7bbf 100644 --- a/include/crypto/cipher.h +++ b/include/crypto/cipher.h @@ -85,13 +85,15 @@ struct QCryptoCipher { /** * qcrypto_cipher_supports: * @alg: the cipher algorithm + * @mode: the cipher mode * - * Determine if @alg cipher algorithm is supported by the + * Determine if @alg cipher algorithm in @mode is supported by the * current configured build * * Returns: true if the algorithm is supported, false otherwise */ -bool qcrypto_cipher_supports(QCryptoCipherAlgorithm alg); +bool qcrypto_cipher_supports(QCryptoCipherAlgorithm alg, + QCryptoCipherMode mode); /** * qcrypto_cipher_get_block_len: diff --git a/tests/test-crypto-cipher.c b/tests/test-crypto-cipher.c index b89dfa2b65..84929789d9 100644 --- a/tests/test-crypto-cipher.c +++ b/tests/test-crypto-cipher.c @@ -616,7 +616,7 @@ int main(int argc, char **argv) g_assert(qcrypto_init(NULL) == 0); for (i = 0; i < G_N_ELEMENTS(test_data); i++) { - if (qcrypto_cipher_supports(test_data[i].alg)) { + if (qcrypto_cipher_supports(test_data[i].alg, test_data[i].mode)) { g_test_add_data_func(test_data[i].path, &test_data[i], test_cipher); } } @@ -3606,7 +3606,7 @@ void vnc_display_open(const char *id, Error **errp) goto fail; } if (!qcrypto_cipher_supports( - QCRYPTO_CIPHER_ALG_DES_RFB)) { + QCRYPTO_CIPHER_ALG_DES_RFB, QCRYPTO_CIPHER_MODE_ECB)) { error_setg(errp, "Cipher backend does not support DES RFB algorithm"); goto fail; |