diff options
-rw-r--r-- | Makefile.objs | 2 | ||||
-rwxr-xr-x | configure | 14 | ||||
-rw-r--r-- | crypto/Makefile.objs | 4 | ||||
-rw-r--r-- | crypto/random-gcrypt.c | 33 | ||||
-rw-r--r-- | crypto/random-gnutls.c | 43 | ||||
-rw-r--r-- | crypto/random-stub.c | 31 | ||||
-rw-r--r-- | include/crypto/random.h | 44 |
7 files changed, 170 insertions, 1 deletions
diff --git a/Makefile.objs b/Makefile.objs index fbcaa7471f..8f705f6202 100644 --- a/Makefile.objs +++ b/Makefile.objs @@ -1,6 +1,6 @@ ####################################################################### # Common libraries for tools and emulators -stub-obj-y = stubs/ +stub-obj-y = stubs/ crypto/ util-obj-y = util/ qobject/ qapi/ util-obj-y += qmp-introspect.o qapi-types.o qapi-visit.o qapi-event.o @@ -306,6 +306,7 @@ gtkabi="" gtk_gl="no" gnutls="" gnutls_hash="" +gnutls_rnd="" nettle="" gcrypt="" vte="" @@ -2201,6 +2202,13 @@ if test "$gnutls" != "no"; then gnutls_hash="no" fi + # gnutls_rnd requires >= 2.11.0 + if $pkg_config --exists "gnutls >= 2.11.0"; then + gnutls_rnd="yes" + else + gnutls_rnd="no" + fi + if $pkg_config --exists 'gnutls >= 3.0'; then gnutls_gcrypt=no gnutls_nettle=yes @@ -2228,9 +2236,11 @@ if test "$gnutls" != "no"; then else gnutls="no" gnutls_hash="no" + gnutls_rnd="no" fi else gnutls_hash="no" + gnutls_rnd="no" fi @@ -4714,6 +4724,7 @@ echo "GTK support $gtk" echo "GTK GL support $gtk_gl" echo "GNUTLS support $gnutls" echo "GNUTLS hash $gnutls_hash" +echo "GNUTLS rnd $gnutls_rnd" echo "libgcrypt $gcrypt" if test "$nettle" = "yes"; then echo "nettle $nettle ($nettle_version)" @@ -5092,6 +5103,9 @@ fi if test "$gnutls_hash" = "yes" ; then echo "CONFIG_GNUTLS_HASH=y" >> $config_host_mak fi +if test "$gnutls_rnd" = "yes" ; then + echo "CONFIG_GNUTLS_RND=y" >> $config_host_mak +fi if test "$gcrypt" = "yes" ; then echo "CONFIG_GCRYPT=y" >> $config_host_mak fi diff --git a/crypto/Makefile.objs b/crypto/Makefile.objs index a3135f1ddf..967418c67a 100644 --- a/crypto/Makefile.objs +++ b/crypto/Makefile.objs @@ -8,6 +8,10 @@ crypto-obj-y += tlscredsanon.o crypto-obj-y += tlscredsx509.o crypto-obj-y += tlssession.o crypto-obj-y += secret.o +crypto-obj-$(CONFIG_GCRYPT) += random-gcrypt.o +crypto-obj-$(if $(CONFIG_GCRYPT),n,$(CONFIG_GNUTLS_RND)) += random-gnutls.o # Let the userspace emulators avoid linking gnutls/etc crypto-aes-obj-y = aes.o + +stub-obj-y += random-stub.o diff --git a/crypto/random-gcrypt.c b/crypto/random-gcrypt.c new file mode 100644 index 0000000000..0de9a096df --- /dev/null +++ b/crypto/random-gcrypt.c @@ -0,0 +1,33 @@ +/* + * QEMU Crypto random number provider + * + * Copyright (c) 2015-2016 Red Hat, Inc. + * + * This library is free software; you can redistribute it and/or + * modify it under the terms of the GNU Lesser General Public + * License as published by the Free Software Foundation; either + * version 2 of the License, or (at your option) any later version. + * + * This library is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU + * Lesser General Public License for more details. + * + * You should have received a copy of the GNU Lesser General Public + * License along with this library; if not, see <http://www.gnu.org/licenses/>. + * + */ + +#include "qemu/osdep.h" + +#include "crypto/random.h" + +#include <gcrypt.h> + +int qcrypto_random_bytes(uint8_t *buf, + size_t buflen, + Error **errp G_GNUC_UNUSED) +{ + gcry_randomize(buf, buflen, GCRY_STRONG_RANDOM); + return 0; +} diff --git a/crypto/random-gnutls.c b/crypto/random-gnutls.c new file mode 100644 index 0000000000..04b45a8f8f --- /dev/null +++ b/crypto/random-gnutls.c @@ -0,0 +1,43 @@ +/* + * QEMU Crypto random number provider + * + * Copyright (c) 2015-2016 Red Hat, Inc. + * + * This library is free software; you can redistribute it and/or + * modify it under the terms of the GNU Lesser General Public + * License as published by the Free Software Foundation; either + * version 2 of the License, or (at your option) any later version. + * + * This library is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU + * Lesser General Public License for more details. + * + * You should have received a copy of the GNU Lesser General Public + * License along with this library; if not, see <http://www.gnu.org/licenses/>. + * + */ + +#include "qemu/osdep.h" + +#include "crypto/random.h" + +#include <gnutls/gnutls.h> +#include <gnutls/crypto.h> + +int qcrypto_random_bytes(uint8_t *buf, + size_t buflen, + Error **errp) +{ + int ret; + + ret = gnutls_rnd(GNUTLS_RND_RANDOM, buf, buflen); + + if (ret < 0) { + error_setg(errp, "Cannot get random bytes: %s", + gnutls_strerror(ret)); + return -1; + } + + return 0; +} diff --git a/crypto/random-stub.c b/crypto/random-stub.c new file mode 100644 index 0000000000..63bbf41473 --- /dev/null +++ b/crypto/random-stub.c @@ -0,0 +1,31 @@ +/* + * QEMU Crypto random number provider + * + * Copyright (c) 2015-2016 Red Hat, Inc. + * + * This library is free software; you can redistribute it and/or + * modify it under the terms of the GNU Lesser General Public + * License as published by the Free Software Foundation; either + * version 2 of the License, or (at your option) any later version. + * + * This library is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU + * Lesser General Public License for more details. + * + * You should have received a copy of the GNU Lesser General Public + * License along with this library; if not, see <http://www.gnu.org/licenses/>. + * + */ + +#include "qemu/osdep.h" + +#include "crypto/random.h" + +int qcrypto_random_bytes(uint8_t *buf G_GNUC_UNUSED, + size_t buflen G_GNUC_UNUSED, + Error **errp) +{ + error_setg(errp, "No random byte source provided in this build"); + return -1; +} diff --git a/include/crypto/random.h b/include/crypto/random.h new file mode 100644 index 0000000000..b3021c4ce6 --- /dev/null +++ b/include/crypto/random.h @@ -0,0 +1,44 @@ +/* + * QEMU Crypto random number provider + * + * Copyright (c) 2015-2016 Red Hat, Inc. + * + * This library is free software; you can redistribute it and/or + * modify it under the terms of the GNU Lesser General Public + * License as published by the Free Software Foundation; either + * version 2 of the License, or (at your option) any later version. + * + * This library is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU + * Lesser General Public License for more details. + * + * You should have received a copy of the GNU Lesser General Public + * License along with this library; if not, see <http://www.gnu.org/licenses/>. + * + */ + +#ifndef QCRYPTO_RANDOM_H__ +#define QCRYPTO_RANDOM_H__ + +#include "qemu-common.h" +#include "qapi/error.h" + + +/** + * qcrypto_random_bytes: + * @buf: the buffer to fill + * @buflen: length of @buf in bytes + * @errp: pointer to a NULL-initialized error object + * + * Fill @buf with @buflen bytes of cryptographically strong + * random data + * + * Returns 0 on sucess, -1 on error + */ +int qcrypto_random_bytes(uint8_t *buf, + size_t buflen, + Error **errp); + + +#endif /* QCRYPTO_RANDOM_H__ */ |