diff --git a/block/qcow.c b/block/qcow.c index 94f01b3d0c873c1c7652f32fbff7d2080a4e2283..7540f43f46236c127fe27d308bbe8148e53de14a 100644 --- a/block/qcow.c +++ b/block/qcow.c @@ -153,7 +153,8 @@ static int qcow_open(BlockDriverState *bs, QDict *options, int flags, ret = -EINVAL; goto fail; } - if (!qcrypto_cipher_supports(QCRYPTO_CIPHER_ALG_AES_128)) { + if (!qcrypto_cipher_supports(QCRYPTO_CIPHER_ALG_AES_128, + QCRYPTO_CIPHER_MODE_CBC)) { error_setg(errp, "AES cipher not available"); ret = -EINVAL; goto fail; diff --git a/block/qcow2.c b/block/qcow2.c index 0e53a4d666070a3635a5c8fcd63928fbaa6f4e50..e11c7c9d1608ac3cb6f3cacd21d13ab9f9c1bd75 100644 --- a/block/qcow2.c +++ b/block/qcow2.c @@ -959,7 +959,8 @@ static int qcow2_open(BlockDriverState *bs, QDict *options, int flags, ret = -EINVAL; goto fail; } - if (!qcrypto_cipher_supports(QCRYPTO_CIPHER_ALG_AES_128)) { + if (!qcrypto_cipher_supports(QCRYPTO_CIPHER_ALG_AES_128, + QCRYPTO_CIPHER_MODE_CBC)) { error_setg(errp, "AES cipher not available"); ret = -EINVAL; goto fail; diff --git a/crypto/cipher-builtin.c b/crypto/cipher-builtin.c index 9d258428b03682a554c91951df76c52a9122f1f5..fd59a9e4618167e40260b35556f382afdc0b3369 100644 --- a/crypto/cipher-builtin.c +++ b/crypto/cipher-builtin.c @@ -400,14 +400,26 @@ static int qcrypto_cipher_init_des_rfb(QCryptoCipher *cipher, } -bool qcrypto_cipher_supports(QCryptoCipherAlgorithm alg) +bool qcrypto_cipher_supports(QCryptoCipherAlgorithm alg, + QCryptoCipherMode mode) { switch (alg) { case QCRYPTO_CIPHER_ALG_DES_RFB: case QCRYPTO_CIPHER_ALG_AES_128: case QCRYPTO_CIPHER_ALG_AES_192: case QCRYPTO_CIPHER_ALG_AES_256: + break; + default: + return false; + } + + switch (mode) { + case QCRYPTO_CIPHER_MODE_ECB: + case QCRYPTO_CIPHER_MODE_CBC: + case QCRYPTO_CIPHER_MODE_XTS: return true; + case QCRYPTO_CIPHER_MODE_CTR: + return false; default: return false; } diff --git a/crypto/cipher-gcrypt.c b/crypto/cipher-gcrypt.c index da3f4c74dbf2106303b453a523b57f55762f61bc..05026c0a0e24eff9958c280c6eed749465999dcc 100644 --- a/crypto/cipher-gcrypt.c +++ b/crypto/cipher-gcrypt.c @@ -24,7 +24,8 @@ #include -bool qcrypto_cipher_supports(QCryptoCipherAlgorithm alg) +bool qcrypto_cipher_supports(QCryptoCipherAlgorithm alg, + QCryptoCipherMode mode) { switch (alg) { case QCRYPTO_CIPHER_ALG_DES_RFB: @@ -37,6 +38,16 @@ bool qcrypto_cipher_supports(QCryptoCipherAlgorithm alg) case QCRYPTO_CIPHER_ALG_SERPENT_256: case QCRYPTO_CIPHER_ALG_TWOFISH_128: case QCRYPTO_CIPHER_ALG_TWOFISH_256: + break; + default: + return false; + } + + switch (mode) { + case QCRYPTO_CIPHER_MODE_ECB: + case QCRYPTO_CIPHER_MODE_CBC: + case QCRYPTO_CIPHER_MODE_XTS: + case QCRYPTO_CIPHER_MODE_CTR: return true; default: return false; diff --git a/crypto/cipher-nettle.c b/crypto/cipher-nettle.c index 879d831694c65038026901d51377fd7f658e148c..72d106922d06f328be6f4549978a0ccdb039a4d0 100644 --- a/crypto/cipher-nettle.c +++ b/crypto/cipher-nettle.c @@ -191,7 +191,8 @@ struct QCryptoCipherNettle { size_t blocksize; }; -bool qcrypto_cipher_supports(QCryptoCipherAlgorithm alg) +bool qcrypto_cipher_supports(QCryptoCipherAlgorithm alg, + QCryptoCipherMode mode) { switch (alg) { case QCRYPTO_CIPHER_ALG_DES_RFB: @@ -205,6 +206,16 @@ bool qcrypto_cipher_supports(QCryptoCipherAlgorithm alg) case QCRYPTO_CIPHER_ALG_TWOFISH_128: case QCRYPTO_CIPHER_ALG_TWOFISH_192: case QCRYPTO_CIPHER_ALG_TWOFISH_256: + break; + default: + return false; + } + + switch (mode) { + case QCRYPTO_CIPHER_MODE_ECB: + case QCRYPTO_CIPHER_MODE_CBC: + case QCRYPTO_CIPHER_MODE_XTS: + case QCRYPTO_CIPHER_MODE_CTR: return true; default: return false; diff --git a/include/crypto/cipher.h b/include/crypto/cipher.h index 376654dcdd8d784edf384a196462f0843b683a08..97638e7bbf4d469d565e58fe44dd074fe25e48cd 100644 --- a/include/crypto/cipher.h +++ b/include/crypto/cipher.h @@ -85,13 +85,15 @@ struct QCryptoCipher { /** * qcrypto_cipher_supports: * @alg: the cipher algorithm + * @mode: the cipher mode * - * Determine if @alg cipher algorithm is supported by the + * Determine if @alg cipher algorithm in @mode is supported by the * current configured build * * Returns: true if the algorithm is supported, false otherwise */ -bool qcrypto_cipher_supports(QCryptoCipherAlgorithm alg); +bool qcrypto_cipher_supports(QCryptoCipherAlgorithm alg, + QCryptoCipherMode mode); /** * qcrypto_cipher_get_block_len: diff --git a/tests/test-crypto-cipher.c b/tests/test-crypto-cipher.c index b89dfa2b6599c44e80aa6e6e2b8d8aa46bd5d792..84929789d9bef44b8ec81249af23d9f0576e1f66 100644 --- a/tests/test-crypto-cipher.c +++ b/tests/test-crypto-cipher.c @@ -616,7 +616,7 @@ int main(int argc, char **argv) g_assert(qcrypto_init(NULL) == 0); for (i = 0; i < G_N_ELEMENTS(test_data); i++) { - if (qcrypto_cipher_supports(test_data[i].alg)) { + if (qcrypto_cipher_supports(test_data[i].alg, test_data[i].mode)) { g_test_add_data_func(test_data[i].path, &test_data[i], test_cipher); } } diff --git a/ui/vnc.c b/ui/vnc.c index c1e98fb6bfb1fb38eb4d4a3a2ec3f869f535196e..1bedc95b57056d84d8f30cc7ee8b44a93c2eb448 100644 --- a/ui/vnc.c +++ b/ui/vnc.c @@ -3606,7 +3606,7 @@ void vnc_display_open(const char *id, Error **errp) goto fail; } if (!qcrypto_cipher_supports( - QCRYPTO_CIPHER_ALG_DES_RFB)) { + QCRYPTO_CIPHER_ALG_DES_RFB, QCRYPTO_CIPHER_MODE_ECB)) { error_setg(errp, "Cipher backend does not support DES RFB algorithm"); goto fail;