From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org X-Spam-Level: X-Spam-Status: No, score=-13.6 required=3.0 tests=BAYES_00,DKIM_INVALID, DKIM_SIGNED,HEADER_FROM_DIFFERENT_DOMAINS,INCLUDES_CR_TRAILER,INCLUDES_PATCH, MAILING_LIST_MULTI,SPF_HELO_NONE,SPF_PASS autolearn=ham autolearn_force=no version=3.4.0 Received: from mail.kernel.org (mail.kernel.org [198.145.29.99]) by smtp.lore.kernel.org (Postfix) with ESMTP id 2561BC07E9A for ; Wed, 14 Jul 2021 14:18:50 +0000 (UTC) Received: from lists.gnu.org (lists.gnu.org [209.51.188.17]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by mail.kernel.org (Postfix) with ESMTPS id B999461183 for ; Wed, 14 Jul 2021 14:18:49 +0000 (UTC) DMARC-Filter: OpenDMARC Filter v1.3.2 mail.kernel.org B999461183 Authentication-Results: mail.kernel.org; dmarc=fail (p=none dis=none) header.from=redhat.com Authentication-Results: mail.kernel.org; spf=pass smtp.mailfrom=qemu-devel-bounces+qemu-devel=archiver.kernel.org@nongnu.org Received: from localhost ([::1]:51618 helo=lists1p.gnu.org) by lists.gnu.org with esmtp (Exim 4.90_1) (envelope-from ) id 1m3fiq-0003PV-Ty for qemu-devel@archiver.kernel.org; Wed, 14 Jul 2021 10:18:48 -0400 Received: from eggs.gnu.org ([2001:470:142:3::10]:38090) by lists.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.90_1) (envelope-from ) id 1m3fbE-0004Jo-Pg for qemu-devel@nongnu.org; Wed, 14 Jul 2021 10:11:00 -0400 Received: from us-smtp-delivery-124.mimecast.com ([170.10.133.124]:34415) by eggs.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.90_1) (envelope-from ) id 1m3fbC-0007Wy-Ls for qemu-devel@nongnu.org; Wed, 14 Jul 2021 10:10:56 -0400 DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=redhat.com; s=mimecast20190719; t=1626271854; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:cc:mime-version:mime-version:content-type:content-type: content-transfer-encoding:content-transfer-encoding: in-reply-to:in-reply-to:references:references; bh=jyOfMpJe/cklIsOWv8Yc9KTvoBTX99ducAH/uYjKO4U=; b=X/WxDFihJ2UNa6U0TQJV8NOp4SodVd+6cs5H/XTGnKzrfI+usyJ3AuBZ97nm0mSvf7jiaq UecDxyo7xtmIpJvabXV4jS2gEuqu9HxOvGD3L1YYrG5blgsu0puTD7pvhCDu7z2fRTYzLA beyAop9FVIAw9ELU0FwFDiUWcbI1Iso= Received: from mimecast-mx01.redhat.com (mimecast-mx01.redhat.com [209.132.183.4]) (Using TLS) by relay.mimecast.com with ESMTP id us-mta-596-tS4IrqLIMDWhsfvbPqYalg-1; Wed, 14 Jul 2021 10:10:52 -0400 X-MC-Unique: tS4IrqLIMDWhsfvbPqYalg-1 Received: from smtp.corp.redhat.com (int-mx01.intmail.prod.int.phx2.redhat.com [10.5.11.11]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by mimecast-mx01.redhat.com (Postfix) with ESMTPS id 3241D18414A3; Wed, 14 Jul 2021 14:10:51 +0000 (UTC) Received: from localhost.localdomain.com (ovpn-114-160.ams2.redhat.com [10.36.114.160]) by smtp.corp.redhat.com (Postfix) with ESMTP id 65DCF60BD8; Wed, 14 Jul 2021 14:09:57 +0000 (UTC) From: =?UTF-8?q?Daniel=20P=2E=20Berrang=C3=A9?= To: qemu-devel@nongnu.org Subject: [PULL 11/26] crypto: replace 'des-rfb' cipher with 'des' Date: Wed, 14 Jul 2021 15:08:43 +0100 Message-Id: <20210714140858.2247409-12-berrange@redhat.com> In-Reply-To: <20210714140858.2247409-1-berrange@redhat.com> References: <20210714140858.2247409-1-berrange@redhat.com> MIME-Version: 1.0 X-Scanned-By: MIMEDefang 2.79 on 10.5.11.11 Authentication-Results: relay.mimecast.com; auth=pass smtp.auth=CUSA124A263 smtp.mailfrom=berrange@redhat.com X-Mimecast-Spam-Score: 0 X-Mimecast-Originator: redhat.com Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Received-SPF: pass client-ip=170.10.133.124; envelope-from=berrange@redhat.com; helo=us-smtp-delivery-124.mimecast.com X-Spam_score_int: -34 X-Spam_score: -3.5 X-Spam_bar: --- X-Spam_report: (-3.5 / 5.0 requ) BAYES_00=-1.9, DKIMWL_WL_HIGH=-0.699, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, RCVD_IN_DNSWL_LOW=-0.7, RCVD_IN_MSPIKE_H4=0.001, RCVD_IN_MSPIKE_WL=0.001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001 autolearn=ham autolearn_force=no X-Spam_action: no action X-BeenThere: qemu-devel@nongnu.org X-Mailman-Version: 2.1.23 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Cc: Eduardo Otubo , =?UTF-8?q?Daniel=20P=2E=20Berrang=C3=A9?= , Eduardo Habkost , Juan Quintela , Jason Wang , Richard Henderson , "Dr. David Alan Gilbert" , Markus Armbruster , Jiri Pirko , Gerd Hoffmann , Paolo Bonzini , Eric Blake Errors-To: qemu-devel-bounces+qemu-devel=archiver.kernel.org@nongnu.org Sender: "Qemu-devel" Currently the crypto layer exposes support for a 'des-rfb' algorithm which is just normal single-DES, with the bits in each key byte reversed. This special key munging is required by the RFB protocol password authentication mechanism. Since the crypto layer is generic shared code, it makes more sense to do the key byte munging in the VNC server code, and expose normal single-DES support. Replacing cipher 'des-rfb' by 'des' looks like an incompatible interface change, but it doesn't matter. While the QMP schema allows any QCryptoCipherAlgorithm for the 'cipher-alg' field in QCryptoBlockCreateOptionsLUKS, the code restricts what can be used at runtime. Thus the only effect is a change in error message. Original behaviour: $ qemu-img create -f luks --object secret,id=sec0,data=123 -o cipher-alg=des-rfb,key-secret=sec0 demo.luks 1G Formatting 'demo.luks', fmt=luks size=1073741824 key-secret=sec0 cipher-alg=des-rfb qemu-img: demo.luks: Algorithm 'des-rfb' not supported New behaviour: $ qemu-img create -f luks --object secret,id=sec0,data=123 -o cipher-alg=des-rfb,key-secret=sec0 demo.luks 1G Formatting 'demo.luks', fmt=luks size=1073741824 key-secret=sec0 cipher-alg=des-fish qemu-img: demo.luks: Invalid parameter 'des-rfb' Reviewed-by: Markus Armbruster Reviewed-by: Eric Blake Signed-off-by: Daniel P. Berrangé --- crypto/cipher-gcrypt.c.inc | 16 +++------------- crypto/cipher-nettle.c.inc | 26 +++++++++++--------------- crypto/cipher.c | 28 +++++----------------------- qapi/crypto.json | 4 ++-- tests/unit/test-crypto-cipher.c | 18 +++++++++--------- ui/vnc.c | 20 +++++++++++++++++--- 6 files changed, 47 insertions(+), 65 deletions(-) diff --git a/crypto/cipher-gcrypt.c.inc b/crypto/cipher-gcrypt.c.inc index 3aab08a1a9..a6a0117717 100644 --- a/crypto/cipher-gcrypt.c.inc +++ b/crypto/cipher-gcrypt.c.inc @@ -24,7 +24,7 @@ bool qcrypto_cipher_supports(QCryptoCipherAlgorithm alg, QCryptoCipherMode mode) { switch (alg) { - case QCRYPTO_CIPHER_ALG_DES_RFB: + case QCRYPTO_CIPHER_ALG_DES: case QCRYPTO_CIPHER_ALG_3DES: case QCRYPTO_CIPHER_ALG_AES_128: case QCRYPTO_CIPHER_ALG_AES_192: @@ -186,7 +186,7 @@ static QCryptoCipher *qcrypto_cipher_ctx_new(QCryptoCipherAlgorithm alg, } switch (alg) { - case QCRYPTO_CIPHER_ALG_DES_RFB: + case QCRYPTO_CIPHER_ALG_DES: gcryalg = GCRY_CIPHER_DES; break; case QCRYPTO_CIPHER_ALG_3DES: @@ -257,17 +257,7 @@ static QCryptoCipher *qcrypto_cipher_ctx_new(QCryptoCipherAlgorithm alg, } ctx->blocksize = gcry_cipher_get_algo_blklen(gcryalg); - if (alg == QCRYPTO_CIPHER_ALG_DES_RFB) { - /* We're using standard DES cipher from gcrypt, so we need - * to munge the key so that the results are the same as the - * bizarre RFB variant of DES :-) - */ - uint8_t *rfbkey = qcrypto_cipher_munge_des_rfb_key(key, nkey); - err = gcry_cipher_setkey(ctx->handle, rfbkey, nkey); - g_free(rfbkey); - } else { - err = gcry_cipher_setkey(ctx->handle, key, nkey); - } + err = gcry_cipher_setkey(ctx->handle, key, nkey); if (err != 0) { error_setg(errp, "Cannot set key: %s", gcry_strerror(err)); goto error; diff --git a/crypto/cipher-nettle.c.inc b/crypto/cipher-nettle.c.inc index fc6f40c026..24cc61f87b 100644 --- a/crypto/cipher-nettle.c.inc +++ b/crypto/cipher-nettle.c.inc @@ -235,11 +235,11 @@ static const struct QCryptoCipherDriver NAME##_driver_xts = { \ DEFINE_XTS(NAME, TYPE, BLEN, ENCRYPT, DECRYPT) -typedef struct QCryptoNettleDESRFB { +typedef struct QCryptoNettleDES { QCryptoCipher base; struct des_ctx key; uint8_t iv[DES_BLOCK_SIZE]; -} QCryptoNettleDESRFB; +} QCryptoNettleDES; static void des_encrypt_native(const void *ctx, size_t length, uint8_t *dst, const uint8_t *src) @@ -253,7 +253,7 @@ static void des_decrypt_native(const void *ctx, size_t length, des_decrypt(ctx, length, dst, src); } -DEFINE_ECB_CBC_CTR(qcrypto_nettle_des_rfb, QCryptoNettleDESRFB, +DEFINE_ECB_CBC_CTR(qcrypto_nettle_des, QCryptoNettleDES, DES_BLOCK_SIZE, des_encrypt_native, des_decrypt_native) @@ -431,7 +431,7 @@ bool qcrypto_cipher_supports(QCryptoCipherAlgorithm alg, QCryptoCipherMode mode) { switch (alg) { - case QCRYPTO_CIPHER_ALG_DES_RFB: + case QCRYPTO_CIPHER_ALG_DES: case QCRYPTO_CIPHER_ALG_3DES: case QCRYPTO_CIPHER_ALG_AES_128: case QCRYPTO_CIPHER_ALG_AES_192: @@ -480,32 +480,28 @@ static QCryptoCipher *qcrypto_cipher_ctx_new(QCryptoCipherAlgorithm alg, } switch (alg) { - case QCRYPTO_CIPHER_ALG_DES_RFB: + case QCRYPTO_CIPHER_ALG_DES: { - QCryptoNettleDESRFB *ctx; + QCryptoNettleDES *ctx; const QCryptoCipherDriver *drv; - uint8_t *rfbkey; switch (mode) { case QCRYPTO_CIPHER_MODE_ECB: - drv = &qcrypto_nettle_des_rfb_driver_ecb; + drv = &qcrypto_nettle_des_driver_ecb; break; case QCRYPTO_CIPHER_MODE_CBC: - drv = &qcrypto_nettle_des_rfb_driver_cbc; + drv = &qcrypto_nettle_des_driver_cbc; break; case QCRYPTO_CIPHER_MODE_CTR: - drv = &qcrypto_nettle_des_rfb_driver_ctr; + drv = &qcrypto_nettle_des_driver_ctr; break; default: goto bad_cipher_mode; } - ctx = g_new0(QCryptoNettleDESRFB, 1); + ctx = g_new0(QCryptoNettleDES, 1); ctx->base.driver = drv; - - rfbkey = qcrypto_cipher_munge_des_rfb_key(key, nkey); - des_set_key(&ctx->key, rfbkey); - g_free(rfbkey); + des_set_key(&ctx->key, key); return &ctx->base; } diff --git a/crypto/cipher.c b/crypto/cipher.c index 068b2fb867..1f5528be49 100644 --- a/crypto/cipher.c +++ b/crypto/cipher.c @@ -29,7 +29,7 @@ static const size_t alg_key_len[QCRYPTO_CIPHER_ALG__MAX] = { [QCRYPTO_CIPHER_ALG_AES_128] = 16, [QCRYPTO_CIPHER_ALG_AES_192] = 24, [QCRYPTO_CIPHER_ALG_AES_256] = 32, - [QCRYPTO_CIPHER_ALG_DES_RFB] = 8, + [QCRYPTO_CIPHER_ALG_DES] = 8, [QCRYPTO_CIPHER_ALG_3DES] = 24, [QCRYPTO_CIPHER_ALG_CAST5_128] = 16, [QCRYPTO_CIPHER_ALG_SERPENT_128] = 16, @@ -44,7 +44,7 @@ static const size_t alg_block_len[QCRYPTO_CIPHER_ALG__MAX] = { [QCRYPTO_CIPHER_ALG_AES_128] = 16, [QCRYPTO_CIPHER_ALG_AES_192] = 16, [QCRYPTO_CIPHER_ALG_AES_256] = 16, - [QCRYPTO_CIPHER_ALG_DES_RFB] = 8, + [QCRYPTO_CIPHER_ALG_DES] = 8, [QCRYPTO_CIPHER_ALG_3DES] = 8, [QCRYPTO_CIPHER_ALG_CAST5_128] = 8, [QCRYPTO_CIPHER_ALG_SERPENT_128] = 16, @@ -107,9 +107,9 @@ qcrypto_cipher_validate_key_length(QCryptoCipherAlgorithm alg, } if (mode == QCRYPTO_CIPHER_MODE_XTS) { - if (alg == QCRYPTO_CIPHER_ALG_DES_RFB - || alg == QCRYPTO_CIPHER_ALG_3DES) { - error_setg(errp, "XTS mode not compatible with DES-RFB/3DES"); + if (alg == QCRYPTO_CIPHER_ALG_DES || + alg == QCRYPTO_CIPHER_ALG_3DES) { + error_setg(errp, "XTS mode not compatible with DES/3DES"); return false; } if (nkey % 2) { @@ -132,24 +132,6 @@ qcrypto_cipher_validate_key_length(QCryptoCipherAlgorithm alg, return true; } -#if defined(CONFIG_GCRYPT) || defined(CONFIG_NETTLE) -static uint8_t * -qcrypto_cipher_munge_des_rfb_key(const uint8_t *key, - size_t nkey) -{ - uint8_t *ret = g_new0(uint8_t, nkey); - size_t i; - for (i = 0; i < nkey; i++) { - uint8_t r = key[i]; - r = (r & 0xf0) >> 4 | (r & 0x0f) << 4; - r = (r & 0xcc) >> 2 | (r & 0x33) << 2; - r = (r & 0xaa) >> 1 | (r & 0x55) << 1; - ret[i] = r; - } - return ret; -} -#endif /* CONFIG_GCRYPT || CONFIG_NETTLE */ - #ifdef CONFIG_GCRYPT #include "cipher-gcrypt.c.inc" #elif defined CONFIG_NETTLE diff --git a/qapi/crypto.json b/qapi/crypto.json index 7116ae9a46..1ec54c15ca 100644 --- a/qapi/crypto.json +++ b/qapi/crypto.json @@ -66,7 +66,7 @@ # @aes-128: AES with 128 bit / 16 byte keys # @aes-192: AES with 192 bit / 24 byte keys # @aes-256: AES with 256 bit / 32 byte keys -# @des-rfb: RFB specific variant of single DES. Do not use except in VNC. +# @des: DES with 56 bit / 8 byte keys. Do not use except in VNC. (since 6.1) # @3des: 3DES(EDE) with 192 bit / 24 byte keys (since 2.9) # @cast5-128: Cast5 with 128 bit / 16 byte keys # @serpent-128: Serpent with 128 bit / 16 byte keys @@ -80,7 +80,7 @@ { 'enum': 'QCryptoCipherAlgorithm', 'prefix': 'QCRYPTO_CIPHER_ALG', 'data': ['aes-128', 'aes-192', 'aes-256', - 'des-rfb', '3des', + 'des', '3des', 'cast5-128', 'serpent-128', 'serpent-192', 'serpent-256', 'twofish-128', 'twofish-192', 'twofish-256']} diff --git a/tests/unit/test-crypto-cipher.c b/tests/unit/test-crypto-cipher.c index 7dca7b26e4..d9d9d078ff 100644 --- a/tests/unit/test-crypto-cipher.c +++ b/tests/unit/test-crypto-cipher.c @@ -155,28 +155,28 @@ static QCryptoCipherTestData test_data[] = { * in single AES block, and gives identical * ciphertext in ECB and CBC modes */ - .path = "/crypto/cipher/des-rfb-ecb-56-one-block", - .alg = QCRYPTO_CIPHER_ALG_DES_RFB, + .path = "/crypto/cipher/des-ecb-56-one-block", + .alg = QCRYPTO_CIPHER_ALG_DES, .mode = QCRYPTO_CIPHER_MODE_ECB, - .key = "0123456789abcdef", + .key = "80c4a2e691d5b3f7", .plaintext = "70617373776f7264", .ciphertext = "73fa80b66134e403", }, { /* See previous comment */ - .path = "/crypto/cipher/des-rfb-cbc-56-one-block", - .alg = QCRYPTO_CIPHER_ALG_DES_RFB, + .path = "/crypto/cipher/des-cbc-56-one-block", + .alg = QCRYPTO_CIPHER_ALG_DES, .mode = QCRYPTO_CIPHER_MODE_CBC, - .key = "0123456789abcdef", + .key = "80c4a2e691d5b3f7", .iv = "0000000000000000", .plaintext = "70617373776f7264", .ciphertext = "73fa80b66134e403", }, { - .path = "/crypto/cipher/des-rfb-ecb-56", - .alg = QCRYPTO_CIPHER_ALG_DES_RFB, + .path = "/crypto/cipher/des-ecb-56", + .alg = QCRYPTO_CIPHER_ALG_DES, .mode = QCRYPTO_CIPHER_MODE_ECB, - .key = "0123456789abcdef", + .key = "80c4a2e691d5b3f7", .plaintext = "6bc1bee22e409f96e93d7e117393172a" "ae2d8a571e03ac9c9eb76fac45af8e51" diff --git a/ui/vnc.c b/ui/vnc.c index 0e5fcb278f..af02522e84 100644 --- a/ui/vnc.c +++ b/ui/vnc.c @@ -2733,6 +2733,19 @@ static void authentication_failed(VncState *vs) vnc_client_error(vs); } +static void +vnc_munge_des_rfb_key(unsigned char *key, size_t nkey) +{ + size_t i; + for (i = 0; i < nkey; i++) { + uint8_t r = key[i]; + r = (r & 0xf0) >> 4 | (r & 0x0f) << 4; + r = (r & 0xcc) >> 2 | (r & 0x33) << 2; + r = (r & 0xaa) >> 1 | (r & 0x55) << 1; + key[i] = r; + } +} + static int protocol_client_auth_vnc(VncState *vs, uint8_t *data, size_t len) { unsigned char response[VNC_AUTH_CHALLENGE_SIZE]; @@ -2757,9 +2770,10 @@ static int protocol_client_auth_vnc(VncState *vs, uint8_t *data, size_t len) pwlen = strlen(vs->vd->password); for (i=0; ivd->password[i] : 0; + vnc_munge_des_rfb_key(key, sizeof(key)); cipher = qcrypto_cipher_new( - QCRYPTO_CIPHER_ALG_DES_RFB, + QCRYPTO_CIPHER_ALG_DES, QCRYPTO_CIPHER_MODE_ECB, key, G_N_ELEMENTS(key), &err); @@ -4045,9 +4059,9 @@ void vnc_display_open(const char *id, Error **errp) goto fail; } if (!qcrypto_cipher_supports( - QCRYPTO_CIPHER_ALG_DES_RFB, QCRYPTO_CIPHER_MODE_ECB)) { + QCRYPTO_CIPHER_ALG_DES, QCRYPTO_CIPHER_MODE_ECB)) { error_setg(errp, - "Cipher backend does not support DES RFB algorithm"); + "Cipher backend does not support DES algorithm"); goto fail; } } -- 2.31.1