diff mbox

[v2,02/17] crypto: add cryptographic random byte source

Message ID 1453311539-1193-3-git-send-email-berrange@redhat.com
State New
Headers show

Commit Message

Daniel P. Berrangé Jan. 20, 2016, 5:38 p.m. UTC
There are three backend impls provided. The preferred
is gnutls, which is backed by nettle in modern distros.
The gcrypt impl is provided for cases where QEMU build
against gnutls is disabled, but crypto is still desired.
No nettle impl is provided, since it is non-trivial to
use the nettle APIs for random numbers. Users of nettle
should ensure gnutls is enabled for QEMU.

Signed-off-by: Daniel P. Berrange <berrange@redhat.com>
---
 Makefile.objs           |  2 +-
 crypto/Makefile.objs    |  4 ++++
 crypto/random-gcrypt.c  | 33 +++++++++++++++++++++++++++++++++
 crypto/random-gnutls.c  | 43 +++++++++++++++++++++++++++++++++++++++++++
 crypto/random-stub.c    | 31 +++++++++++++++++++++++++++++++
 include/crypto/random.h | 43 +++++++++++++++++++++++++++++++++++++++++++
 6 files changed, 155 insertions(+), 1 deletion(-)
 create mode 100644 crypto/random-gcrypt.c
 create mode 100644 crypto/random-gnutls.c
 create mode 100644 crypto/random-stub.c
 create mode 100644 include/crypto/random.h

Comments

Fam Zheng Jan. 21, 2016, 6:12 a.m. UTC | #1
On Wed, 01/20 17:38, Daniel P. Berrange wrote:
> +int qcrypto_random_bytes(uint8_t *buf G_GNUC_UNUSED,
> +                         size_t buflen G_GNUC_UNUSED,
> +                         Error **errp)
> +{
> +    error_setg(errp, "No random byte source provided in this build");
> +    return -1;

Curious, why does a random(3) or /dev/random implementation fall short to
error?

Regardlessly,

Reviewed-by: Fam Zheng <famz@redhat.com>
Daniel P. Berrangé Jan. 21, 2016, 8:59 a.m. UTC | #2
On Thu, Jan 21, 2016 at 02:12:06PM +0800, Fam Zheng wrote:
> On Wed, 01/20 17:38, Daniel P. Berrange wrote:
> > +int qcrypto_random_bytes(uint8_t *buf G_GNUC_UNUSED,
> > +                         size_t buflen G_GNUC_UNUSED,
> > +                         Error **errp)
> > +{
> > +    error_setg(errp, "No random byte source provided in this build");
> > +    return -1;
> 
> Curious, why does a random(3) or /dev/random implementation fall short to
> error?

random(3) does not provide crytographically strong random numbers.

/dev/random would be suitable, but if we read that directly we would
deplete entropy very quickly.

The gnutls backends will use /dev/random in combination with a
cryptographically secure generator to provide high entropy
numbers, at a high data rate.

Regards,
Daniel
Eric Blake Feb. 4, 2016, 5:44 p.m. UTC | #3
On 01/20/2016 10:38 AM, Daniel P. Berrange wrote:
> There are three backend impls provided. The preferred
> is gnutls, which is backed by nettle in modern distros.
> The gcrypt impl is provided for cases where QEMU build
> against gnutls is disabled, but crypto is still desired.
> No nettle impl is provided, since it is non-trivial to
> use the nettle APIs for random numbers. Users of nettle
> should ensure gnutls is enabled for QEMU.
> 
> Signed-off-by: Daniel P. Berrange <berrange@redhat.com>
> ---

> +++ b/crypto/Makefile.objs
> @@ -8,6 +8,10 @@ crypto-obj-y += tlscredsanon.o
>  crypto-obj-y += tlscredsx509.o
>  crypto-obj-y += tlssession.o
>  crypto-obj-y += secret.o
> +crypto-obj-$(if $(CONFIG_GNUTLS),n,$(CONFIG_GCRYPT)) += random-gcrypt.o
> +crypto-obj-$(CONFIG_GNUTLS) += random-gnutls.o
>  
>  # Let the userspace emulators avoid linking gnutls/etc
>  crypto-aes-obj-y = aes.o
> +
> +stub-obj-y += random-stub.o
> \ No newline at end of file

You'll want to fix that newline.

> +++ b/crypto/random-gcrypt.c

> +
> +#include <config-host.h>

Now that we are starting to include "qemu/osdep.h" first everywhere,
you'll want to pick that up on rebase.

> +++ b/include/crypto/random.h

> +
> +/**
> + * qcrypto_random_bytes:
> + * @buf: the buffer to fill
> + * @buflen: length of @buf in bytes
> + * @errp: pointer to a NULL-initialized error object
> + *
> + * Fill @buf with @buflen bytes of random data

s/of/of cryptographically strong/

> + *
> + * Returns 0 on sucess, -1 on error
> + */
> +int qcrypto_random_bytes(uint8_t *buf,
> +                         size_t buflen,
> +                         Error **errp);
> +

With those tweaks,
Reviewed-by: Eric Blake <eblake@redhat.com>
diff mbox

Patch

diff --git a/Makefile.objs b/Makefile.objs
index 06b95c7..8b52f33 100644
--- a/Makefile.objs
+++ b/Makefile.objs
@@ -1,6 +1,6 @@ 
 #######################################################################
 # Common libraries for tools and emulators
-stub-obj-y = stubs/
+stub-obj-y = stubs/ crypto/
 util-obj-y = util/ qobject/ qapi/
 util-obj-y += qmp-introspect.o qapi-types.o qapi-visit.o qapi-event.o
 
diff --git a/crypto/Makefile.objs b/crypto/Makefile.objs
index a3135f1..1802ff5 100644
--- a/crypto/Makefile.objs
+++ b/crypto/Makefile.objs
@@ -8,6 +8,10 @@  crypto-obj-y += tlscredsanon.o
 crypto-obj-y += tlscredsx509.o
 crypto-obj-y += tlssession.o
 crypto-obj-y += secret.o
+crypto-obj-$(if $(CONFIG_GNUTLS),n,$(CONFIG_GCRYPT)) += random-gcrypt.o
+crypto-obj-$(CONFIG_GNUTLS) += random-gnutls.o
 
 # Let the userspace emulators avoid linking gnutls/etc
 crypto-aes-obj-y = aes.o
+
+stub-obj-y += random-stub.o
\ No newline at end of file
diff --git a/crypto/random-gcrypt.c b/crypto/random-gcrypt.c
new file mode 100644
index 0000000..a2d77db
--- /dev/null
+++ b/crypto/random-gcrypt.c
@@ -0,0 +1,33 @@ 
+/*
+ * QEMU Crypto random number provider
+ *
+ * Copyright (c) 2015-2016 Red Hat, Inc.
+ *
+ * This library is free software; you can redistribute it and/or
+ * modify it under the terms of the GNU Lesser General Public
+ * License as published by the Free Software Foundation; either
+ * version 2 of the License, or (at your option) any later version.
+ *
+ * This library is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU
+ * Lesser General Public License for more details.
+ *
+ * You should have received a copy of the GNU Lesser General Public
+ * License along with this library; if not, see <http://www.gnu.org/licenses/>.
+ *
+ */
+
+#include <config-host.h>
+
+#include "crypto/random.h"
+
+#include <gcrypt.h>
+
+int qcrypto_random_bytes(uint8_t *buf,
+                         size_t buflen,
+                         Error **errp G_GNUC_UNUSED)
+{
+    gcry_randomize(buf, buflen, GCRY_STRONG_RANDOM);
+    return 0;
+}
diff --git a/crypto/random-gnutls.c b/crypto/random-gnutls.c
new file mode 100644
index 0000000..f45c295
--- /dev/null
+++ b/crypto/random-gnutls.c
@@ -0,0 +1,43 @@ 
+/*
+ * QEMU Crypto random number provider
+ *
+ * Copyright (c) 2015-2016 Red Hat, Inc.
+ *
+ * This library is free software; you can redistribute it and/or
+ * modify it under the terms of the GNU Lesser General Public
+ * License as published by the Free Software Foundation; either
+ * version 2 of the License, or (at your option) any later version.
+ *
+ * This library is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU
+ * Lesser General Public License for more details.
+ *
+ * You should have received a copy of the GNU Lesser General Public
+ * License along with this library; if not, see <http://www.gnu.org/licenses/>.
+ *
+ */
+
+#include <config-host.h>
+
+#include "crypto/random.h"
+
+#include <gnutls/gnutls.h>
+#include <gnutls/crypto.h>
+
+int qcrypto_random_bytes(uint8_t *buf,
+                         size_t buflen,
+                         Error **errp)
+{
+    int ret;
+
+    ret = gnutls_rnd(GNUTLS_RND_RANDOM, buf, buflen);
+
+    if (ret < 0) {
+        error_setg(errp, "Cannot get random bytes: %s",
+                   gnutls_strerror(ret));
+        return -1;
+    }
+
+    return 0;
+}
diff --git a/crypto/random-stub.c b/crypto/random-stub.c
new file mode 100644
index 0000000..5c2a4e1
--- /dev/null
+++ b/crypto/random-stub.c
@@ -0,0 +1,31 @@ 
+/*
+ * QEMU Crypto random number provider
+ *
+ * Copyright (c) 2015-2016 Red Hat, Inc.
+ *
+ * This library is free software; you can redistribute it and/or
+ * modify it under the terms of the GNU Lesser General Public
+ * License as published by the Free Software Foundation; either
+ * version 2 of the License, or (at your option) any later version.
+ *
+ * This library is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU
+ * Lesser General Public License for more details.
+ *
+ * You should have received a copy of the GNU Lesser General Public
+ * License along with this library; if not, see <http://www.gnu.org/licenses/>.
+ *
+ */
+
+#include <config-host.h>
+
+#include "crypto/random.h"
+
+int qcrypto_random_bytes(uint8_t *buf G_GNUC_UNUSED,
+                         size_t buflen G_GNUC_UNUSED,
+                         Error **errp)
+{
+    error_setg(errp, "No random byte source provided in this build");
+    return -1;
+}
diff --git a/include/crypto/random.h b/include/crypto/random.h
new file mode 100644
index 0000000..743f5a0
--- /dev/null
+++ b/include/crypto/random.h
@@ -0,0 +1,43 @@ 
+/*
+ * QEMU Crypto random number provider
+ *
+ * Copyright (c) 2015-2016 Red Hat, Inc.
+ *
+ * This library is free software; you can redistribute it and/or
+ * modify it under the terms of the GNU Lesser General Public
+ * License as published by the Free Software Foundation; either
+ * version 2 of the License, or (at your option) any later version.
+ *
+ * This library is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU
+ * Lesser General Public License for more details.
+ *
+ * You should have received a copy of the GNU Lesser General Public
+ * License along with this library; if not, see <http://www.gnu.org/licenses/>.
+ *
+ */
+
+#ifndef QCRYPTO_RANDOM_H__
+#define QCRYPTO_RANDOM_H__
+
+#include "qemu-common.h"
+#include "qapi/error.h"
+
+
+/**
+ * qcrypto_random_bytes:
+ * @buf: the buffer to fill
+ * @buflen: length of @buf in bytes
+ * @errp: pointer to a NULL-initialized error object
+ *
+ * Fill @buf with @buflen bytes of random data
+ *
+ * Returns 0 on sucess, -1 on error
+ */
+int qcrypto_random_bytes(uint8_t *buf,
+                         size_t buflen,
+                         Error **errp);
+
+
+#endif /* QCRYPTO_RANDOM_H__ */