It can't guarantee all cipher modes are supported if one cipher algorithm is supported by a backend. Let's extend qcrypto_cipher_supports() to take both the algorithm and mode as parameters.
Signed-off-by: Gonglei <arei.gong...@huawei.com> --- block/qcow.c | 3 ++- block/qcow2.c | 3 ++- crypto/cipher-builtin.c | 14 +++++++++++++- crypto/cipher-gcrypt.c | 13 ++++++++++++- crypto/cipher-nettle.c | 13 ++++++++++++- include/crypto/cipher.h | 6 ++++-- tests/test-crypto-cipher.c | 2 +- ui/vnc.c | 2 +- 8 files changed, 47 insertions(+), 9 deletions(-) diff --git a/block/qcow.c b/block/qcow.c index 94f01b3..7540f43 100644 --- a/block/qcow.c +++ b/block/qcow.c @@ -153,7 +153,8 @@ static int qcow_open(BlockDriverState *bs, QDict *options, int flags, ret = -EINVAL; goto fail; } - if (!qcrypto_cipher_supports(QCRYPTO_CIPHER_ALG_AES_128)) { + if (!qcrypto_cipher_supports(QCRYPTO_CIPHER_ALG_AES_128, + QCRYPTO_CIPHER_MODE_CBC)) { error_setg(errp, "AES cipher not available"); ret = -EINVAL; goto fail; diff --git a/block/qcow2.c b/block/qcow2.c index 0e53a4d..e11c7c9 100644 --- a/block/qcow2.c +++ b/block/qcow2.c @@ -959,7 +959,8 @@ static int qcow2_open(BlockDriverState *bs, QDict *options, int flags, ret = -EINVAL; goto fail; } - if (!qcrypto_cipher_supports(QCRYPTO_CIPHER_ALG_AES_128)) { + if (!qcrypto_cipher_supports(QCRYPTO_CIPHER_ALG_AES_128, + QCRYPTO_CIPHER_MODE_CBC)) { error_setg(errp, "AES cipher not available"); ret = -EINVAL; goto fail; diff --git a/crypto/cipher-builtin.c b/crypto/cipher-builtin.c index 9d25842..fd59a9e 100644 --- a/crypto/cipher-builtin.c +++ b/crypto/cipher-builtin.c @@ -400,14 +400,26 @@ static int qcrypto_cipher_init_des_rfb(QCryptoCipher *cipher, } -bool qcrypto_cipher_supports(QCryptoCipherAlgorithm alg) +bool qcrypto_cipher_supports(QCryptoCipherAlgorithm alg, + QCryptoCipherMode mode) { switch (alg) { case QCRYPTO_CIPHER_ALG_DES_RFB: case QCRYPTO_CIPHER_ALG_AES_128: case QCRYPTO_CIPHER_ALG_AES_192: case QCRYPTO_CIPHER_ALG_AES_256: + break; + default: + return false; + } + + switch (mode) { + case QCRYPTO_CIPHER_MODE_ECB: + case QCRYPTO_CIPHER_MODE_CBC: + case QCRYPTO_CIPHER_MODE_XTS: return true; + case QCRYPTO_CIPHER_MODE_CTR: + return false; default: return false; } diff --git a/crypto/cipher-gcrypt.c b/crypto/cipher-gcrypt.c index 97b015a..c550db9 100644 --- a/crypto/cipher-gcrypt.c +++ b/crypto/cipher-gcrypt.c @@ -24,7 +24,8 @@ #include <gcrypt.h> -bool qcrypto_cipher_supports(QCryptoCipherAlgorithm alg) +bool qcrypto_cipher_supports(QCryptoCipherAlgorithm alg, + QCryptoCipherMode mode) { switch (alg) { case QCRYPTO_CIPHER_ALG_DES_RFB: @@ -37,6 +38,16 @@ bool qcrypto_cipher_supports(QCryptoCipherAlgorithm alg) case QCRYPTO_CIPHER_ALG_SERPENT_256: case QCRYPTO_CIPHER_ALG_TWOFISH_128: case QCRYPTO_CIPHER_ALG_TWOFISH_256: + break; + default: + return false; + } + + switch (mode) { + case QCRYPTO_CIPHER_MODE_ECB: + case QCRYPTO_CIPHER_MODE_CBC: + case QCRYPTO_CIPHER_MODE_XTS: + case QCRYPTO_CIPHER_MODE_CTR: return true; default: return false; diff --git a/crypto/cipher-nettle.c b/crypto/cipher-nettle.c index 4b673aa..cd094cd 100644 --- a/crypto/cipher-nettle.c +++ b/crypto/cipher-nettle.c @@ -192,7 +192,8 @@ struct QCryptoCipherNettle { size_t blocksize; }; -bool qcrypto_cipher_supports(QCryptoCipherAlgorithm alg) +bool qcrypto_cipher_supports(QCryptoCipherAlgorithm alg, + QCryptoCipherMode mode) { switch (alg) { case QCRYPTO_CIPHER_ALG_DES_RFB: @@ -206,6 +207,16 @@ bool qcrypto_cipher_supports(QCryptoCipherAlgorithm alg) case QCRYPTO_CIPHER_ALG_TWOFISH_128: case QCRYPTO_CIPHER_ALG_TWOFISH_192: case QCRYPTO_CIPHER_ALG_TWOFISH_256: + break; + default: + return false; + } + + switch (mode) { + case QCRYPTO_CIPHER_MODE_ECB: + case QCRYPTO_CIPHER_MODE_CBC: + case QCRYPTO_CIPHER_MODE_XTS: + case QCRYPTO_CIPHER_MODE_CTR: return true; default: return false; diff --git a/include/crypto/cipher.h b/include/crypto/cipher.h index f9015e1..bec9f41 100644 --- a/include/crypto/cipher.h +++ b/include/crypto/cipher.h @@ -85,13 +85,15 @@ struct QCryptoCipher { /** * qcrypto_cipher_supports: * @alg: the cipher algorithm + * @mode: the cipher mode * - * Determine if @alg cipher algorithm is supported by the + * Determine if @alg cipher algorithm in @mode is supported by the * current configured build * * Returns: true if the algorithm is supported, false otherwise */ -bool qcrypto_cipher_supports(QCryptoCipherAlgorithm alg); +bool qcrypto_cipher_supports(QCryptoCipherAlgorithm alg, + QCryptoCipherMode mode); /** * qcrypto_cipher_get_block_len: diff --git a/tests/test-crypto-cipher.c b/tests/test-crypto-cipher.c index 49f8e9d..5d9e535 100644 --- a/tests/test-crypto-cipher.c +++ b/tests/test-crypto-cipher.c @@ -671,7 +671,7 @@ int main(int argc, char **argv) g_assert(qcrypto_init(NULL) == 0); for (i = 0; i < G_N_ELEMENTS(test_data); i++) { - if (qcrypto_cipher_supports(test_data[i].alg)) { + if (qcrypto_cipher_supports(test_data[i].alg, test_data[i].mode)) { g_test_add_data_func(test_data[i].path, &test_data[i], test_cipher); } } diff --git a/ui/vnc.c b/ui/vnc.c index 76a3273..a185d60 100644 --- a/ui/vnc.c +++ b/ui/vnc.c @@ -3650,7 +3650,7 @@ void vnc_display_open(const char *id, Error **errp) goto fail; } if (!qcrypto_cipher_supports( - QCRYPTO_CIPHER_ALG_DES_RFB)) { + QCRYPTO_CIPHER_ALG_DES_RFB, QCRYPTO_CIPHER_MODE_ECB)) { error_setg(errp, "Cipher backend does not support DES RFB algorithm"); goto fail; -- 1.7.12.4