Commit Graph

6 Commits

Author SHA1 Message Date
Peter Maydell
42f7a448db crypto: Clean up includes
Clean up includes so that osdep.h is included first and headers
which it implies are not included manually.

This commit was created with scripts/clean-includes.

Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
Message-id: 1453832250-766-3-git-send-email-peter.maydell@linaro.org
2016-01-29 15:07:22 +00:00
Daniel P. Berrange
3a661f1eab crypto: add sanity checking of plaintext/ciphertext length
When encrypting/decrypting data, the plaintext/ciphertext
buffers are required to be a multiple of the cipher block
size. If this is not done, nettle will abort and gcrypt
will report an error. To get consistent behaviour add
explicit checks upfront for the buffer sizes.

Signed-off-by: Daniel P. Berrange <berrange@redhat.com>
2015-10-22 19:03:08 +01:00
Daniel P. Berrange
eb2a770b17 crypto: don't let builtin aes crash if no IV is provided
If no IV is provided, then use a default IV of all-zeros
instead of crashing. This gives parity with gcrypt and
nettle backends.

Signed-off-by: Daniel P. Berrange <berrange@redhat.com>
2015-10-22 19:03:08 +01:00
Daniel P. Berrange
6775e2c429 crypto: fix built-in AES decrypt function
The qcrypto_cipher_decrypt_aes method was using the wrong
key material, and passing the wrong mode. This caused it
to incorrectly decrypt ciphertext.

Signed-off-by: Daniel P. Berrange <berrange@redhat.com>
Message-Id: <1437740634-6261-1-git-send-email-berrange@redhat.com>
Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
2015-07-27 12:22:01 +02:00
Paolo Bonzini
4f4f6976d8 crypto: fix builtin qcrypto_cipher_free
This was dereferencing a pointer before checking if it was NULL.

Reported-by: Christian Borntraeger <borntraeger@de.ibm.com>
Reported-by: Aurelien Jarno <aurelien@aurel32.net>
Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
2015-07-09 16:53:45 +02:00
Daniel P. Berrange
ca38a4cc9e crypto: introduce generic cipher API & built-in implementation
Introduce a generic cipher API and an implementation of it that
supports only the built-in AES and DES-RFB algorithms.

The test suite checks the supported algorithms + modes to
validate that every backend implementation is actually correctly
complying with the specs.

Signed-off-by: Daniel P. Berrange <berrange@redhat.com>
Message-Id: <1435770638-25715-5-git-send-email-berrange@redhat.com>
Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
2015-07-08 13:11:01 +02:00