Introduce virCryptoHaveEncrypt and virCryptoEncryptSecret to handle
performing encryption.
virCryptoHaveEncrypt:
Boolean function to determine whether the requested encryption
API is available. It's expected this API will be called prior to
virCryptoEncryptSecret. It will return true/false.
virCryptoEncryptSecret:
Based on the requested encryption type, call the specific encryption
API to encrypt the data.
Currently the only algorithm support is the AES 256 CBC encryption.
Adjust tests for the API's
Signed-off-by: John Ferlan <jferlan(a)redhat.com>
---
configure.ac | 1 +
src/libvirt_private.syms | 2 +
src/util/vircrypto.c | 189 ++++++++++++++++++++++++++++++++++++++++++++++-
src/util/vircrypto.h | 20 ++++-
tests/vircryptotest.c | 86 +++++++++++++++++++++
5 files changed, 296 insertions(+), 2 deletions(-)
diff --git a/configure.ac b/configure.ac
index 378069d..10fbd20 100644
--- a/configure.ac
+++ b/configure.ac
@@ -1261,6 +1261,7 @@ if test "x$with_gnutls" != "xno"; then
]])
AC_CHECK_FUNCS([gnutls_rnd])
+ AC_CHECK_FUNCS([gnutls_cipher_encrypt])
CFLAGS="$old_CFLAGS"
LIBS="$old_LIBS"
diff --git a/src/libvirt_private.syms b/src/libvirt_private.syms
index 868bcfa..ba912d8 100644
--- a/src/libvirt_private.syms
+++ b/src/libvirt_private.syms
@@ -1394,7 +1394,9 @@ virConfWriteMem;
# util/vircrypto.h
+virCryptoEncryptData;
virCryptoHashString;
+virCryptoHaveEncrypt;
# util/virdbus.h
diff --git a/src/util/vircrypto.c b/src/util/vircrypto.c
index 39a479a..05bd167 100644
--- a/src/util/vircrypto.c
+++ b/src/util/vircrypto.c
@@ -1,7 +1,7 @@
/*
* vircrypto.c: cryptographic helper APIs
*
- * Copyright (C) 2014 Red Hat, Inc.
+ * Copyright (C) 2014, 2016 Red Hat, Inc.
*
* This library is free software; you can redistribute it and/or
* modify it under the terms of the GNU Lesser General Public
@@ -21,11 +21,20 @@
#include <config.h>
#include "vircrypto.h"
+#include "virlog.h"
#include "virerror.h"
#include "viralloc.h"
#include "md5.h"
#include "sha256.h"
+#ifdef WITH_GNUTLS
+# include <gnutls/gnutls.h>
+# if HAVE_GNUTLS_CRYPTO_H
+# include <gnutls/crypto.h>
+# endif
+#endif
+
+VIR_LOG_INIT("util.crypto");
#define VIR_FROM_THIS VIR_FROM_CRYPTO
@@ -76,3 +85,181 @@ virCryptoHashString(virCryptoHash hash,
return 0;
}
+
+
+/* virCryptoHaveEncrypt:
+ * @algorithm: Specific encryption algorithm desired
+ *
+ * Expected to be called prior to virCryptoEncryptData in order
+ * to determine whether the requested encryption option is available,
+ * so that "other" alternatives can be taken if the algorithm is
+ * not available.
+ *
+ * Returns true if we can support the encryption.
+ */
+bool
+virCryptoHaveEncrypt(virCryptoEncrypt algorithm)
+{
+ switch (algorithm) {
+
+ case VIR_CRYPTO_ENCRYPT_AES256CBC:
+#ifdef HAVE_GNUTLS_CIPHER_ENCRYPT
+ return true;
+#else
+ return false;
+#endif
+
+ case VIR_CRYPTO_ENCRYPT_NONE:
+ case VIR_CRYPTO_ENCRYPT_LAST:
+ break;
+ };
+
+ return false;
+}
+
+
+/* virCryptoEncryptDataAESgntuls:
+ *
+ * Performs the AES gnutls encryption - parameters essentially the
+ * same as virCryptoEncryptSecret, except the libvirt algorithm is
+ * converted to the gnutls_cipher_algorithm_t
+ *
+ * Same input as virCryptoEncryptData, but ensures encryption key and
+ * initialization vector lengths are correct.
+ *
+ * The data buffer will be cleared as soon as it has been prepared for
+ * encryption.
+ *
+ * Encrypts the @data buffer using the @enckey and if available the @iv
+ *
+ * Returns 0 on success with the ciphertext being filled. It is the
+ * caller's responsibility to clear and free it. Returns -1 on failure
+ * w/ error set.
+ */
+static int
+virCryptoEncryptDataAESgnutls(gnutls_cipher_algorithm_t gnutls_enc_alg,
+ uint8_t *enckey,
+ size_t enckeylen,
+ uint8_t *iv,
+ size_t ivlen,
+ uint8_t *data,
+ size_t datalen,
+ uint8_t **ciphertextret,
+ size_t *ciphertextlenret)
+{
+ int rc;
+ size_t i;
+ gnutls_cipher_hd_t handle = NULL;
+ gnutls_datum_t enc_key;
+ gnutls_datum_t iv_key;
+ uint8_t *ciphertext;
+ size_t ciphertextlen;
+
+ /* Allocate a padded buffer, copy in the data, padding the buffer with
+ * the size of the padding size which is required for decryption, then
+ * clear the data buffer when we're done. */
+ ciphertextlen = VIR_ROUND_UP(datalen, 16);
+ if (VIR_ALLOC_N(ciphertext, ciphertextlen) < 0)
+ return -1;
+ memcpy(ciphertext, data, datalen);
+ for (i = datalen; i < ciphertextlen; i++)
+ ciphertext[i] = ciphertextlen - datalen;
+ memset(data, 0, datalen);
+
+ /* Initialize the gnutls cipher */
+ enc_key.size = enckeylen;
+ enc_key.data = enckey;
+ if (iv) {
+ iv_key.size = ivlen;
+ iv_key.data = iv;
+ }
+ if ((rc = gnutls_cipher_init(&handle, gnutls_enc_alg,
+ &enc_key, &iv_key)) < 0) {
+ virReportError(VIR_ERR_INTERNAL_ERROR,
+ _("failed to initialize cipher: '%s'"),
+ gnutls_strerror(rc));
+ goto error;
+ }
+
+ /* Encrypt the data and free the memory for cipher operations */
+ rc = gnutls_cipher_encrypt(handle, ciphertext, ciphertextlen);
+ gnutls_cipher_deinit(handle);
+ if (rc < 0) {
+ virReportError(VIR_ERR_INTERNAL_ERROR,
+ _("failed to encrypt the data: '%s'"),
+ gnutls_strerror(rc));
+ goto error;
+ }
+
+ *ciphertextret = ciphertext;
+ *ciphertextlenret = ciphertextlen;
+ return 0;
+
+ error:
+ VIR_DISPOSE_N(ciphertext, ciphertextlen);
+ return -1;
+}
+
+
+/* virCryptoEncryptData:
+ * @algorithm: algoritm desired for encryption
+ * @enckey: encryption key
+ * @enckeylen: encription key length
+ * @iv: initialization vector
+ * @ivlen: length of initialization vector
+ * @data: data to encrypt
+ * @datalen: length of data
+ * @ciphertext: stream of bytes allocated to store ciphertext
+ * @ciphertextlen: size of the stream of bytes
+ *
+ * If available, attempt and return the requested encryption type
+ * using the parameters passed.
+ *
+ * Returns 0 on success, -1 on failure with error set
+ */
+int
+virCryptoEncryptData(virCryptoEncrypt algorithm,
+ uint8_t *enckey,
+ size_t enckeylen,
+ uint8_t *iv,
+ size_t ivlen,
+ uint8_t *data,
+ size_t datalen,
+ uint8_t **ciphertext,
+ size_t *ciphertextlen)
+{
+ switch (algorithm) {
+ case VIR_CRYPTO_ENCRYPT_AES256CBC:
+ if (enckeylen != 32) {
+ virReportError(VIR_ERR_INVALID_ARG,
+ _("AES256CBC encryption invalid keylen=%zu"),
+ enckeylen);
+ return -1;
+ }
+
+ if (ivlen != 16) {
+ virReportError(VIR_ERR_INVALID_ARG,
+ _("AES246CBC initialization vector invalid
len=%zu"),
+ ivlen);
+ return -1;
+ }
+
+ /*
+ * Encrypt the data buffer using an encryption key and
+ * initialization vector via the gnutls_cipher_encrypt API
+ * for GNUTLS_CIPHER_AES_256_CBC.
+ */
+ return virCryptoEncryptDataAESgnutls(GNUTLS_CIPHER_AES_256_CBC,
+ enckey, enckeylen, iv, ivlen,
+ data, datalen,
+ ciphertext, ciphertextlen);
+
+ case VIR_CRYPTO_ENCRYPT_NONE:
+ case VIR_CRYPTO_ENCRYPT_LAST:
+ break;
+ }
+
+ virReportError(VIR_ERR_INVALID_ARG,
+ _("algorithm=%d is not supported"), algorithm);
+ return -1;
+}
diff --git a/src/util/vircrypto.h b/src/util/vircrypto.h
index f67d49d..7d0829e 100644
--- a/src/util/vircrypto.h
+++ b/src/util/vircrypto.h
@@ -1,7 +1,7 @@
/*
* vircrypto.h: cryptographic helper APIs
*
- * Copyright (C) 2014 Red Hat, Inc.
+ * Copyright (C) 2014, 2016 Red Hat, Inc.
*
* This library is free software; you can redistribute it and/or
* modify it under the terms of the GNU Lesser General Public
@@ -30,6 +30,14 @@ typedef enum {
VIR_CRYPTO_HASH_LAST
} virCryptoHash;
+
+typedef enum {
+ VIR_CRYPTO_ENCRYPT_NONE = 0,
+ VIR_CRYPTO_ENCRYPT_AES256CBC,
+
+ VIR_CRYPTO_ENCRYPT_LAST
+} virCryptoEncrypt;
+
int
virCryptoHashString(virCryptoHash hash,
const char *input,
@@ -37,4 +45,14 @@ virCryptoHashString(virCryptoHash hash,
ATTRIBUTE_NONNULL(2) ATTRIBUTE_NONNULL(3)
ATTRIBUTE_RETURN_CHECK;
+bool virCryptoHaveEncrypt(virCryptoEncrypt algorithm);
+
+int virCryptoEncryptData(virCryptoEncrypt algorithm,
+ uint8_t *enckey, size_t enckeylen,
+ uint8_t *iv, size_t ivlen,
+ uint8_t *data, size_t datalen,
+ uint8_t **ciphertext, size_t *ciphertextlen)
+ ATTRIBUTE_NONNULL(2) ATTRIBUTE_NONNULL(6)
+ ATTRIBUTE_NONNULL(8) ATTRIBUTE_RETURN_CHECK;
+
#endif /* __VIR_CRYPTO_H__ */
diff --git a/tests/vircryptotest.c b/tests/vircryptotest.c
index bfc47db..038eb7a 100644
--- a/tests/vircryptotest.c
+++ b/tests/vircryptotest.c
@@ -24,6 +24,7 @@
#include "testutils.h"
+#define VIR_FROM_THIS VIR_FROM_NONE
struct testCryptoHashData {
virCryptoHash hash;
@@ -56,10 +57,74 @@ testCryptoHash(const void *opaque)
}
+struct testCryptoEncryptData {
+ virCryptoEncrypt algorithm;
+ uint8_t *input;
+ size_t inputlen;
+ const char *base64;
+};
+
+static int
+testCryptoEncrypt(const void *opaque)
+{
+ const struct testCryptoEncryptData *data = opaque;
+ size_t i;
+ uint8_t *enckey = NULL;
+ size_t enckeylen = 32;
+ uint8_t *iv = NULL;
+ size_t ivlen = 16;
+ uint8_t *ciphertext = NULL;
+ size_t ciphertextlen = 0;
+ char *actual = NULL;
+ int ret = -1;
+
+ if (!virCryptoHaveEncrypt(data->algorithm)) {
+ fprintf(stderr, "Invalid encryption algorithm=%d\n",
data->algorithm);
+ return -1;
+ }
+
+ if (VIR_ALLOC_N(enckey, enckeylen) < 0 ||
+ VIR_ALLOC_N(iv, ivlen) < 0)
+ goto cleanup;
+
+ /* To be replaced by mock if I can get it to work */
+ for (i = 0; i < enckeylen; i++)
+ enckey[i] = i;
+ for (i = 0; i < ivlen; i++)
+ iv[i] = i;
+
+ if (virCryptoEncryptData(data->algorithm, enckey, enckeylen, iv, ivlen,
+ data->input, data->inputlen,
+ &ciphertext, &ciphertextlen) < 0)
+ goto cleanup;
+
+ /* Comparing the encoded ciphertext would be what is desired in
+ * the long run and easier to read/format the expected ciphertext */
+ if (!(actual = virStringEncodeBase64(ciphertext, ciphertextlen)))
+ goto cleanup;
+
+ if (STRNEQ(data->base64, actual)) {
+ fprintf(stderr, "Expected encoded encryption '%s' but got
'%s'\n",
+ data->base64, NULLSTR(actual));
+ goto cleanup;
+ }
+
+ ret = 0;
+ cleanup:
+ VIR_DISPOSE_N(enckey, enckeylen);
+ VIR_DISPOSE_N(iv, ivlen);
+ VIR_DISPOSE_N(ciphertext, ciphertextlen);
+ VIR_FREE(actual);
+
+ return ret;
+}
+
+
static int
mymain(void)
{
int ret = 0;
+ uint8_t secretdata[8];
#define VIR_CRYPTO_HASH(h, i, o) \
do { \
@@ -84,6 +149,27 @@ mymain(void)
VIR_CRYPTO_HASH(VIR_CRYPTO_HASH_MD5, "The quick brown fox",
"a2004f37730b9445670a738fa0fc9ee5");
VIR_CRYPTO_HASH(VIR_CRYPTO_HASH_SHA256, "The quick brown fox",
"5cac4f980fedc3d3f1f99b4be3472c9b30d56523e632d151237ec9309048bda9");
+#undef VIR_CRYPTO_HASH
+
+#define VIR_CRYPTO_ENCRYPT(a, an, i, il, e) \
+ do { \
+ struct testCryptoEncryptData data = { \
+ .algorithm = a, \
+ .input = i, \
+ .inputlen = il, \
+ .base64 = e, \
+ }; \
+ if (virtTestRun("Encrypt " an, testCryptoEncrypt, &data) < 0) \
+ ret = -1; \
+ } while (0)
+
+ memset(&secretdata, 0, 8);
+ memcpy(&secretdata, "letmein", 7);
+
+ VIR_CRYPTO_ENCRYPT(VIR_CRYPTO_ENCRYPT_AES256CBC, "aes265cbc", secretdata,
7, "SI4JuWqmJF8bjD9IJ662eg==");
+
+#undef VIR_CRYPTO_ENCRYPT
+
return ret == 0 ? EXIT_SUCCESS : EXIT_FAILURE;
}
--
2.5.5