motorhead/qemu
1
0
Fork 0
mirror of https://github.com/Motorhead1991/qemu.git synced 2025-07-26 20:03:54 -06:00
Code Issues Projects Releases Packages Wiki Activity Actions
qemu/crypto
History
Daniel P. Berrangé 5a56f60d7c crypto: fully drop built-in cipher provider 
When originally creating the internal crypto cipher APIs, they were
wired up to use the built-in D3DES and AES implementations, as a way
to gracefully transition to the new APIs without introducing an
immediate hard dep on any external crypto libraries for the VNC
password auth (D3DES) or the qcow2 encryption (AES).

In the 6.1.0 release we dropped the built-in D3DES impl, and also
the XTS mode for the AES impl, leaving only AES with ECB/CBC modes.
The rational was that with the system emulators, it is expected that
3rd party crypto libraries will be available.

The qcow2 LUKS impl is preferred to the legacy raw AES impl, and by
default that requires AES in XTS mode, limiting the usefulness of
the built-in cipher provider.

The built-in AES impl has known timing attacks and is only suitable
for use cases where a security boundary is already not expected to
be provided (TCG).

Providing a built-in cipher impl thus potentially misleads users,
should they configure a QEMU without any crypto library, and try
to use it with the LUKS backend, even if that requires a non-default
configuration choice.

Complete what we started in 6.1.0 and purge the remaining AES
support.

Use of either gnutls, nettle, or libcrypt is now mandatory for any
cipher support, except for TCG impls.

Reviewed-by: Richard Henderson <richard.henderson@linaro.org>
Reviewed-by: Alex Bennée <alex.bennee@linaro.org>
Signed-off-by: Daniel P. Berrangé <berrange@redhat.com>
2025-05-22 11:24:25 +01:00
..
aes.c target/riscv: Use existing lookup tables for MixColumns 2023-09-11 11:45:54 +10:00
afalg.c qapi/crypto: Rename QCryptoAFAlg to QCryptoAFAlgo 2024-09-10 14:03:30 +02:00
afalgpriv.h qapi/crypto: Rename QCryptoAFAlg to QCryptoAFAlgo 2024-09-10 14:03:30 +02:00
afsplit.c qapi/crypto: Rename QCryptoHashAlgorithm to *Algo, and drop prefix 2024-09-10 14:02:16 +02:00
akcipher-gcrypt.c.inc include: Rename sysemu/ -> system/ 2024-12-20 17:44:56 +01:00
akcipher-nettle.c.inc include: Rename sysemu/ -> system/ 2024-12-20 17:44:56 +01:00
akcipher.c qapi/crypto: Rename QCryptoAkCipherAlgorithm to *Algo, and drop prefix 2024-09-10 14:03:30 +02:00
akcipherpriv.h qapi/crypto: Rename QCryptoAkCipherAlgorithm to *Algo, and drop prefix 2024-09-10 14:03:30 +02:00
block-luks-priv.h crypto: Clean up includes 2023-02-08 07:16:23 +01:00
block-luks.c qapi/crypto: Rename QCryptoIVGenAlgorithm to *Algo, and drop prefix 2024-09-10 14:03:30 +02:00
block-luks.h crypto: Fix LGPL information in the file headers 2019-07-19 14:21:25 +01:00
block-qcow.c qapi/crypto: Rename QCryptoIVGenAlgorithm to *Algo, and drop prefix 2024-09-10 14:03:30 +02:00
block-qcow.h crypto: Fix LGPL information in the file headers 2019-07-19 14:21:25 +01:00
block.c qapi/crypto: Rename QCryptoCipherAlgorithm to *Algo, and drop prefix 2024-09-10 14:03:30 +02:00
blockpriv.h qapi/crypto: Rename QCryptoCipherAlgorithm to *Algo, and drop prefix 2024-09-10 14:03:30 +02:00
cipher-afalg.c qapi/crypto: Rename QCryptoAFAlg to QCryptoAFAlgo 2024-09-10 14:03:30 +02:00
cipher-gcrypt.c.inc qapi/crypto: Rename QCryptoCipherAlgorithm to *Algo, and drop prefix 2024-09-10 14:03:30 +02:00
cipher-gnutls.c.inc qapi/crypto: Rename QCryptoCipherAlgorithm to *Algo, and drop prefix 2024-09-10 14:03:30 +02:00
cipher-nettle.c.inc qapi/crypto: Rename QCryptoCipherAlgorithm to *Algo, and drop prefix 2024-09-10 14:03:30 +02:00
cipher-stub.c.inc crypto: fully drop built-in cipher provider 2025-05-22 11:24:25 +01:00
cipher.c crypto: fully drop built-in cipher provider 2025-05-22 11:24:25 +01:00
cipherpriv.h qapi/crypto: Rename QCryptoCipherAlgorithm to *Algo, and drop prefix 2024-09-10 14:03:30 +02:00
clmul.c crypto: Add generic 64-bit carry-less multiply routine 2023-09-15 13:57:00 +00:00
der.c crypto: Remove unused DER string functions 2024-10-22 11:44:23 +01:00
der.h crypto: Remove unused DER string functions 2024-10-22 11:44:23 +01:00
hash-afalg.c overall: Remove unnecessary g_strdup_printf() calls 2025-02-14 08:49:06 +03:00
hash-gcrypt.c crypto: perform runtime check for hash/hmac support in gcrypt 2024-11-05 18:37:18 +00:00
hash-glib.c crypto/hash: avoid overwriting user supplied result pointer 2024-10-22 11:44:23 +01:00
hash-gnutls.c crypto/hash: avoid overwriting user supplied result pointer 2024-10-22 11:44:23 +01:00
hash-nettle.c crypto: Introduce SM3 hash hmac pbkdf algorithm 2024-11-05 18:37:18 +00:00
hash.c crypto: Introduce SM3 hash hmac pbkdf algorithm 2024-11-05 18:37:18 +00:00
hashpriv.h crypto/hashpriv: Remove old hash API function 2024-10-10 12:34:11 +01:00
hmac-gcrypt.c crypto: perform runtime check for hash/hmac support in gcrypt 2024-11-05 18:37:18 +00:00
hmac-glib.c qapi/crypto: Rename QCryptoHashAlgorithm to *Algo, and drop prefix 2024-09-10 14:02:16 +02:00
hmac-gnutls.c qapi/crypto: Rename QCryptoHashAlgorithm to *Algo, and drop prefix 2024-09-10 14:02:16 +02:00
hmac-nettle.c crypto: Introduce SM3 hash hmac pbkdf algorithm 2024-11-05 18:37:18 +00:00
hmac.c qapi/crypto: Rename QCryptoHashAlgorithm to *Algo, and drop prefix 2024-09-10 14:02:16 +02:00
hmacpriv.h qapi/crypto: Rename QCryptoAFAlg to QCryptoAFAlgo 2024-09-10 14:03:30 +02:00
init.c crypto: drop gnutls debug logging support 2024-07-24 10:39:10 +01:00
ivgen-essiv.c crypto: Fix LGPL information in the file headers 2019-07-19 14:21:25 +01:00
ivgen-essiv.h crypto: Fix LGPL information in the file headers 2019-07-19 14:21:25 +01:00
ivgen-plain.c crypto: Fix LGPL information in the file headers 2019-07-19 14:21:25 +01:00
ivgen-plain.h Clean up ill-advised or unusual header guards 2022-05-11 16:50:01 +02:00
ivgen-plain64.c crypto: Fix LGPL information in the file headers 2019-07-19 14:21:25 +01:00
ivgen-plain64.h crypto: Fix LGPL information in the file headers 2019-07-19 14:21:25 +01:00
ivgen.c qapi/crypto: Rename QCryptoIVGenAlgorithm to *Algo, and drop prefix 2024-09-10 14:03:30 +02:00
ivgenpriv.h qapi/crypto: Rename QCryptoIVGenAlgorithm to *Algo, and drop prefix 2024-09-10 14:03:30 +02:00
meson.build crypto: Introduce x509 utils 2024-09-09 15:13:38 +01:00
pbkdf-gcrypt.c crypto: Introduce SM3 hash hmac pbkdf algorithm 2024-11-05 18:37:18 +00:00
pbkdf-gnutls.c qapi/crypto: Rename QCryptoHashAlgorithm to *Algo, and drop prefix 2024-09-10 14:02:16 +02:00
pbkdf-nettle.c crypto: Introduce SM3 hash hmac pbkdf algorithm 2024-11-05 18:37:18 +00:00
pbkdf-stub.c qapi/crypto: Rename QCryptoHashAlgorithm to *Algo, and drop prefix 2024-09-10 14:02:16 +02:00
pbkdf.c crypto: fix bogus error benchmarking pbkdf on fast machines 2025-01-22 08:28:49 +01:00
random-gcrypt.c crypto: Fix LGPL information in the file headers 2019-07-19 14:21:25 +01:00
random-gnutls.c crypto: Fix LGPL information in the file headers 2019-07-19 14:21:25 +01:00
random-none.c crypto: add "none" random provider 2020-06-15 11:33:50 +01:00
random-platform.c crypto: Fix LGPL information in the file headers 2019-07-19 14:21:25 +01:00
rsakey-builtin.c.inc qapi/crypto: Drop unwanted 'prefix' 2024-09-10 13:22:47 +02:00
rsakey-nettle.c.inc qapi/crypto: Drop unwanted 'prefix' 2024-09-10 13:22:47 +02:00
rsakey.c crypto: Support export akcipher to pkcs8 2022-11-02 06:56:32 -04:00
rsakey.h crypto: Support export akcipher to pkcs8 2022-11-02 06:56:32 -04:00
secret.c qom: Have class_init() take a const data argument 2025-04-25 17:00:41 +02:00
secret_common.c qom: Make InterfaceInfo[] uses const 2025-04-25 17:00:41 +02:00
secret_keyring.c qom: Have class_init() take a const data argument 2025-04-25 17:00:41 +02:00
sm4.c crypto: Add SM4 constant parameter CK 2023-09-11 11:45:55 +10:00
tls-cipher-suites.c qom: Make InterfaceInfo[] uses const 2025-04-25 17:00:41 +02:00
tlscreds.c qom: Have class_init() take a const data argument 2025-04-25 17:00:41 +02:00
tlscredsanon.c qom: Make InterfaceInfo[] uses const 2025-04-25 17:00:41 +02:00
tlscredspriv.h crypto: Make QCryptoTLSCreds* structures private 2021-06-29 18:30:24 +01:00
tlscredspsk.c qom: Make InterfaceInfo[] uses const 2025-04-25 17:00:41 +02:00
tlscredsx509.c qom: Make InterfaceInfo[] uses const 2025-04-25 17:00:41 +02:00
tlssession.c crypto: Remove qcrypto_tls_session_get_handshake_status 2025-02-14 15:19:03 -03:00
trace-events docs: fix references to docs/devel/tracing.rst 2021-06-02 06:51:09 +02:00
trace.h trace: switch position of headers to what Meson requires 2020-08-21 06:18:24 -04:00
x509-utils.c qapi/crypto: Rename QCryptoHashAlgorithm to *Algo, and drop prefix 2024-09-10 14:02:16 +02:00
xts.c crypto: Fix LGPL information in the file headers 2019-07-19 14:21:25 +01:00