Revision tags: v9.0.0-rc2, v9.0.0-rc1, v9.0.0-rc0 |
|
#
e503fc55 |
| 11-Mar-2024 |
Daniel P. Berrangé <berrange@redhat.com> |
crypto: query gcrypt for cipher availability
Just because a cipher is defined in the gcrypt header file, does not imply that it can be used. Distros can filter the list of ciphers when building gcry
crypto: query gcrypt for cipher availability
Just because a cipher is defined in the gcrypt header file, does not imply that it can be used. Distros can filter the list of ciphers when building gcrypt. For example, RHEL-9 disables the SM4 cipher. It is also possible that running in FIPS mode might dynamically change what ciphers are available at runtime.
qcrypto_cipher_supports must therefore query gcrypt directly to check for cipher availability.
Reviewed-by: Philippe Mathieu-Daudé <philmd@linaro.org> Reviewed-by: Thomas Huth <thuth@redhat.com> Signed-off-by: Daniel P. Berrangé <berrange@redhat.com>
show more ...
|
#
eac57306 |
| 11-Mar-2024 |
Daniel P. Berrangé <berrange@redhat.com> |
crypto: factor out conversion of QAPI to gcrypt constants
The conversion of cipher mode will shortly be required in more than one place.
Reviewed-by: Philippe Mathieu-Daudé <philmd@linaro.org> Revi
crypto: factor out conversion of QAPI to gcrypt constants
The conversion of cipher mode will shortly be required in more than one place.
Reviewed-by: Philippe Mathieu-Daudé <philmd@linaro.org> Reviewed-by: Thomas Huth <thuth@redhat.com> Signed-off-by: Daniel P. Berrangé <berrange@redhat.com>
show more ...
|
Revision tags: v8.2.2, v7.2.10, v8.2.1, v8.1.5, v7.2.9, v8.1.4, v7.2.8, v8.2.0, v8.2.0-rc4 |
|
#
52ed9f45 |
| 07-Dec-2023 |
Hyman Huang <yong.huang@smartx.com> |
crypto: Introduce SM4 symmetric cipher algorithm
Introduce the SM4 cipher algorithms (OSCCA GB/T 32907-2016).
SM4 (GBT.32907-2016) is a cryptographic standard issued by the Organization of State Co
crypto: Introduce SM4 symmetric cipher algorithm
Introduce the SM4 cipher algorithms (OSCCA GB/T 32907-2016).
SM4 (GBT.32907-2016) is a cryptographic standard issued by the Organization of State Commercial Administration of China (OSCCA) as an authorized cryptographic algorithms for the use within China.
Detect the SM4 cipher algorithms and enable the feature silently if it is available.
Signed-off-by: Hyman Huang <yong.huang@smartx.com> Reviewed-by: Philippe Mathieu-Daudé <philmd@linaro.org> Reviewed-by: Daniel P. Berrangé <berrange@redhat.com> Signed-off-by: Daniel P. Berrangé <berrange@redhat.com>
show more ...
|
Revision tags: v8.2.0-rc3, v8.2.0-rc2, v8.2.0-rc1, v7.2.7, v8.1.3, v8.2.0-rc0, v8.1.2, v8.1.1, v7.2.6, v8.0.5, v8.1.0, v8.1.0-rc4, v8.1.0-rc3, v7.2.5, v8.0.4, v8.1.0-rc2, v8.1.0-rc1, v8.1.0-rc0, v8.0.3, v7.2.4, v8.0.2, v8.0.1, v7.2.3, v7.2.2, v8.0.0, v8.0.0-rc4, v8.0.0-rc3, v7.2.1, v8.0.0-rc2, v8.0.0-rc1, v8.0.0-rc0, v7.2.0, v7.2.0-rc4, v7.2.0-rc3, v7.2.0-rc2, v7.2.0-rc1, v7.2.0-rc0, v7.1.0, v7.1.0-rc4, v7.1.0-rc3, v7.1.0-rc2, v7.1.0-rc1, v7.1.0-rc0, v7.0.0, v7.0.0-rc4, v7.0.0-rc3, v7.0.0-rc2, v7.0.0-rc1, v7.0.0-rc0, v6.1.1, v6.2.0, v6.2.0-rc4, v6.2.0-rc3, v6.2.0-rc2, v6.2.0-rc1, v6.2.0-rc0, v6.0.1, v6.1.0, v6.1.0-rc4, v6.1.0-rc3, v6.1.0-rc2, v6.1.0-rc1, v6.1.0-rc0 |
|
#
83bee4b5 |
| 29-Jun-2021 |
Daniel P. Berrangé <berrange@redhat.com> |
crypto: replace 'des-rfb' cipher with 'des'
Currently the crypto layer exposes support for a 'des-rfb' algorithm which is just normal single-DES, with the bits in each key byte reversed. This specia
crypto: replace 'des-rfb' cipher with 'des'
Currently the crypto layer exposes support for a 'des-rfb' algorithm which is just normal single-DES, with the bits in each key byte reversed. This special key munging is required by the RFB protocol password authentication mechanism.
Since the crypto layer is generic shared code, it makes more sense to do the key byte munging in the VNC server code, and expose normal single-DES support.
Replacing cipher 'des-rfb' by 'des' looks like an incompatible interface change, but it doesn't matter. While the QMP schema allows any QCryptoCipherAlgorithm for the 'cipher-alg' field in QCryptoBlockCreateOptionsLUKS, the code restricts what can be used at runtime. Thus the only effect is a change in error message.
Original behaviour:
$ qemu-img create -f luks --object secret,id=sec0,data=123 -o cipher-alg=des-rfb,key-secret=sec0 demo.luks 1G Formatting 'demo.luks', fmt=luks size=1073741824 key-secret=sec0 cipher-alg=des-rfb qemu-img: demo.luks: Algorithm 'des-rfb' not supported
New behaviour:
$ qemu-img create -f luks --object secret,id=sec0,data=123 -o cipher-alg=des-rfb,key-secret=sec0 demo.luks 1G Formatting 'demo.luks', fmt=luks size=1073741824 key-secret=sec0 cipher-alg=des-fish qemu-img: demo.luks: Invalid parameter 'des-rfb'
Reviewed-by: Markus Armbruster <armbru@redhat.com> Reviewed-by: Eric Blake <eblake@redhat.com> Signed-off-by: Daniel P. Berrangé <berrange@redhat.com>
show more ...
|
#
7b40aa4b |
| 29-Jun-2021 |
Daniel P. Berrangé <berrange@redhat.com> |
crypto: drop custom XTS support in gcrypt driver
The XTS cipher mode was introduced in gcrypt 1.8.0, which matches QEMU's current minimum version.
Reviewed-by: Eric Blake <eblake@redhat.com> Signed
crypto: drop custom XTS support in gcrypt driver
The XTS cipher mode was introduced in gcrypt 1.8.0, which matches QEMU's current minimum version.
Reviewed-by: Eric Blake <eblake@redhat.com> Signed-off-by: Daniel P. Berrangé <berrange@redhat.com>
show more ...
|
Revision tags: v6.0.0, v6.0.0-rc5, v6.0.0-rc4, v6.0.0-rc3, v6.0.0-rc2, v6.0.0-rc1, v6.0.0-rc0, v5.2.0, v5.2.0-rc4, v5.2.0-rc3, v5.2.0-rc2, v5.2.0-rc1, v5.2.0-rc0, v5.0.1 |
|
#
1b010d93 |
| 28-Aug-2020 |
Richard Henderson <richard.henderson@linaro.org> |
crypto/gcrypt: Split QCryptoCipherGcrypt into subclasses
With gcrypt, most of the dispatch happens in the library, so there aren't many classes to create. However, we can still create separate disp
crypto/gcrypt: Split QCryptoCipherGcrypt into subclasses
With gcrypt, most of the dispatch happens in the library, so there aren't many classes to create. However, we can still create separate dispatch for CTR mode, and for CONFIG_QEMU_PRIVATE_XTS, which avoids needing to check for these modes at runtime.
Signed-off-by: Richard Henderson <richard.henderson@linaro.org> Signed-off-by: Daniel P. Berrangé <berrange@redhat.com>
show more ...
|
#
da30cd77 |
| 28-Aug-2020 |
Richard Henderson <richard.henderson@linaro.org> |
crypto: Move cipher->driver init to qcrypto_*_cipher_ctx_new
The class vtable should be set by the class initializer. This will also allow additional subclassing, reducing the amount of indirection
crypto: Move cipher->driver init to qcrypto_*_cipher_ctx_new
The class vtable should be set by the class initializer. This will also allow additional subclassing, reducing the amount of indirection in the hierarchy.
Signed-off-by: Richard Henderson <richard.henderson@linaro.org> Signed-off-by: Daniel P. Berrangé <berrange@redhat.com>
show more ...
|
#
3eedf5cc |
| 28-Aug-2020 |
Richard Henderson <richard.henderson@linaro.org> |
crypto: Allocate QCryptoCipher with the subclass
Merge the allocation of "opaque" into the allocation of "cipher". This is step one in reducing the indirection in these classes.
Signed-off-by: Rich
crypto: Allocate QCryptoCipher with the subclass
Merge the allocation of "opaque" into the allocation of "cipher". This is step one in reducing the indirection in these classes.
Signed-off-by: Richard Henderson <richard.henderson@linaro.org> Signed-off-by: Daniel P. Berrangé <berrange@redhat.com>
show more ...
|
#
7b5dbfb7 |
| 28-Aug-2020 |
Richard Henderson <richard.henderson@linaro.org> |
crypto: Use the correct const type for driver
This allows the in memory structures to be read-only.
Signed-off-by: Richard Henderson <richard.henderson@linaro.org> Signed-off-by: Daniel P. Berrangé
crypto: Use the correct const type for driver
This allows the in memory structures to be read-only.
Signed-off-by: Richard Henderson <richard.henderson@linaro.org> Signed-off-by: Daniel P. Berrangé <berrange@redhat.com>
show more ...
|
#
7d823bf4 |
| 28-Aug-2020 |
Richard Henderson <richard.henderson@linaro.org> |
crypto: Remove redundant includes
Both qemu/osdep.h and cipherpriv.h have already been included by the parent cipher.c.
Reviewed-by: Philippe Mathieu-Daudé <philmd@redhat.com> Signed-off-by: Richar
crypto: Remove redundant includes
Both qemu/osdep.h and cipherpriv.h have already been included by the parent cipher.c.
Reviewed-by: Philippe Mathieu-Daudé <philmd@redhat.com> Signed-off-by: Richard Henderson <richard.henderson@linaro.org> Signed-off-by: Daniel P. Berrangé <berrange@redhat.com>
show more ...
|
#
6d92bdf4 |
| 28-Aug-2020 |
Richard Henderson <richard.henderson@linaro.org> |
crypto: Rename cipher include files to .c.inc
QEMU standard procedure for included c files is to use *.c.inc. E.g. there are a different set of checks that are applied.
Reviewed-by: Philippe Mathie
crypto: Rename cipher include files to .c.inc
QEMU standard procedure for included c files is to use *.c.inc. E.g. there are a different set of checks that are applied.
Reviewed-by: Philippe Mathieu-Daudé <philmd@redhat.com> Signed-off-by: Richard Henderson <richard.henderson@linaro.org> Signed-off-by: Daniel P. Berrangé <berrange@redhat.com>
show more ...
|