2 * QEMU crypto secret support
4 * Copyright (c) 2015 Red Hat, Inc.
6 * This library is free software; you can redistribute it and/or
7 * modify it under the terms of the GNU Lesser General Public
8 * License as published by the Free Software Foundation; either
9 * version 2.1 of the License, or (at your option) any later version.
11 * This library is distributed in the hope that it will be useful,
12 * but WITHOUT ANY WARRANTY; without even the implied warranty of
13 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
14 * Lesser General Public License for more details.
16 * You should have received a copy of the GNU Lesser General Public
17 * License along with this library; if not, see <http://www.gnu.org/licenses/>.
21 #include "qemu/osdep.h"
22 #include "crypto/secret_common.h"
23 #include "crypto/cipher.h"
24 #include "qapi/error.h"
25 #include "qom/object_interfaces.h"
26 #include "qemu/base64.h"
27 #include "qemu/module.h"
31 static void qcrypto_secret_decrypt(QCryptoSecretCommon *secret,
38 g_autofree uint8_t *iv = NULL;
39 g_autofree uint8_t *key = NULL;
40 g_autofree uint8_t *ciphertext = NULL;
41 size_t keylen, ciphertextlen, ivlen;
42 g_autoptr(QCryptoCipher) aes = NULL;
43 g_autofree uint8_t *plaintext = NULL;
48 if (qcrypto_secret_lookup(secret->keyid,
55 error_setg(errp, "Key should be 32 bytes in length");
60 error_setg(errp, "IV is required to decrypt secret");
64 iv = qbase64_decode(secret->iv, -1, &ivlen, errp);
69 error_setg(errp, "IV should be 16 bytes in length not %zu",
74 aes = qcrypto_cipher_new(QCRYPTO_CIPHER_ALG_AES_256,
75 QCRYPTO_CIPHER_MODE_CBC,
82 if (qcrypto_cipher_setiv(aes, iv, ivlen, errp) < 0) {
86 if (secret->format == QCRYPTO_SECRET_FORMAT_BASE64) {
87 ciphertext = qbase64_decode((const gchar *)input,
94 plaintext = g_new0(uint8_t, ciphertextlen + 1);
96 ciphertextlen = inputlen;
97 plaintext = g_new0(uint8_t, inputlen + 1);
99 if (qcrypto_cipher_decrypt(aes,
100 ciphertext ? ciphertext : input,
107 if (plaintext[ciphertextlen - 1] > 16 ||
108 plaintext[ciphertextlen - 1] > ciphertextlen) {
109 error_setg(errp, "Incorrect number of padding bytes (%d) "
110 "found on decrypted data",
111 (int)plaintext[ciphertextlen - 1]);
116 * Even though plaintext may contain arbitrary NUL
117 * ensure it is explicitly NUL terminated.
119 ciphertextlen -= plaintext[ciphertextlen - 1];
120 plaintext[ciphertextlen] = '\0';
122 *output = g_steal_pointer(&plaintext);
123 *outputlen = ciphertextlen;
127 static void qcrypto_secret_decode(const uint8_t *input,
133 *output = qbase64_decode((const gchar *)input,
141 qcrypto_secret_prop_set_loaded(Object *obj,
145 QCryptoSecretCommon *secret = QCRYPTO_SECRET_COMMON(obj);
146 QCryptoSecretCommonClass *sec_class
147 = QCRYPTO_SECRET_COMMON_GET_CLASS(obj);
150 Error *local_err = NULL;
151 uint8_t *input = NULL;
153 uint8_t *output = NULL;
154 size_t outputlen = 0;
156 if (sec_class->load_data) {
157 sec_class->load_data(secret, &input, &inputlen, &local_err);
159 error_propagate(errp, local_err);
163 error_setg(errp, "%s provides no 'load_data' method'",
164 object_get_typename(obj));
169 qcrypto_secret_decrypt(secret, input, inputlen,
170 &output, &outputlen, &local_err);
173 error_propagate(errp, local_err);
177 inputlen = outputlen;
179 if (secret->format == QCRYPTO_SECRET_FORMAT_BASE64) {
180 qcrypto_secret_decode(input, inputlen,
181 &output, &outputlen, &local_err);
184 error_propagate(errp, local_err);
188 inputlen = outputlen;
192 secret->rawdata = input;
193 secret->rawlen = inputlen;
194 } else if (secret->rawdata) {
195 error_setg(errp, "Cannot unload secret");
202 qcrypto_secret_prop_get_loaded(Object *obj,
203 Error **errp G_GNUC_UNUSED)
205 QCryptoSecretCommon *secret = QCRYPTO_SECRET_COMMON(obj);
206 return secret->rawdata != NULL;
211 qcrypto_secret_prop_set_format(Object *obj,
213 Error **errp G_GNUC_UNUSED)
215 QCryptoSecretCommon *creds = QCRYPTO_SECRET_COMMON(obj);
216 creds->format = value;
221 qcrypto_secret_prop_get_format(Object *obj,
222 Error **errp G_GNUC_UNUSED)
224 QCryptoSecretCommon *creds = QCRYPTO_SECRET_COMMON(obj);
225 return creds->format;
230 qcrypto_secret_prop_set_iv(Object *obj,
234 QCryptoSecretCommon *secret = QCRYPTO_SECRET_COMMON(obj);
237 secret->iv = g_strdup(value);
242 qcrypto_secret_prop_get_iv(Object *obj,
245 QCryptoSecretCommon *secret = QCRYPTO_SECRET_COMMON(obj);
246 return g_strdup(secret->iv);
251 qcrypto_secret_prop_set_keyid(Object *obj,
255 QCryptoSecretCommon *secret = QCRYPTO_SECRET_COMMON(obj);
257 g_free(secret->keyid);
258 secret->keyid = g_strdup(value);
263 qcrypto_secret_prop_get_keyid(Object *obj,
266 QCryptoSecretCommon *secret = QCRYPTO_SECRET_COMMON(obj);
267 return g_strdup(secret->keyid);
272 qcrypto_secret_complete(UserCreatable *uc, Error **errp)
274 object_property_set_bool(OBJECT(uc), "loaded", true, errp);
279 qcrypto_secret_finalize(Object *obj)
281 QCryptoSecretCommon *secret = QCRYPTO_SECRET_COMMON(obj);
284 g_free(secret->keyid);
285 g_free(secret->rawdata);
289 qcrypto_secret_class_init(ObjectClass *oc, void *data)
291 UserCreatableClass *ucc = USER_CREATABLE_CLASS(oc);
293 ucc->complete = qcrypto_secret_complete;
295 object_class_property_add_bool(oc, "loaded",
296 qcrypto_secret_prop_get_loaded,
297 qcrypto_secret_prop_set_loaded);
298 object_class_property_add_enum(oc, "format",
299 "QCryptoSecretFormat",
300 &QCryptoSecretFormat_lookup,
301 qcrypto_secret_prop_get_format,
302 qcrypto_secret_prop_set_format);
303 object_class_property_add_str(oc, "keyid",
304 qcrypto_secret_prop_get_keyid,
305 qcrypto_secret_prop_set_keyid);
306 object_class_property_add_str(oc, "iv",
307 qcrypto_secret_prop_get_iv,
308 qcrypto_secret_prop_set_iv);
312 int qcrypto_secret_lookup(const char *secretid,
318 QCryptoSecretCommon *secret;
320 obj = object_resolve_path_component(
321 object_get_objects_root(), secretid);
323 error_setg(errp, "No secret with id '%s'", secretid);
327 secret = (QCryptoSecretCommon *)
328 object_dynamic_cast(obj,
329 TYPE_QCRYPTO_SECRET_COMMON);
331 error_setg(errp, "Object with id '%s' is not a secret",
336 if (!secret->rawdata) {
337 error_setg(errp, "Secret with id '%s' has no data",
342 *data = g_new0(uint8_t, secret->rawlen + 1);
343 memcpy(*data, secret->rawdata, secret->rawlen);
344 (*data)[secret->rawlen] = '\0';
345 *datalen = secret->rawlen;
351 char *qcrypto_secret_lookup_as_utf8(const char *secretid,
357 if (qcrypto_secret_lookup(secretid,
364 if (!g_utf8_validate((const gchar *)data, datalen, NULL)) {
366 "Data from secret %s is not valid UTF-8",
376 char *qcrypto_secret_lookup_as_base64(const char *secretid,
383 if (qcrypto_secret_lookup(secretid,
390 ret = g_base64_encode(data, datalen);
396 static const TypeInfo qcrypto_secret_info = {
397 .parent = TYPE_OBJECT,
398 .name = TYPE_QCRYPTO_SECRET_COMMON,
399 .instance_size = sizeof(QCryptoSecretCommon),
400 .instance_finalize = qcrypto_secret_finalize,
401 .class_size = sizeof(QCryptoSecretCommonClass),
402 .class_init = qcrypto_secret_class_init,
404 .interfaces = (InterfaceInfo[]) {
405 { TYPE_USER_CREATABLE },
412 qcrypto_secret_register_types(void)
414 type_register_static(&qcrypto_secret_info);
418 type_init(qcrypto_secret_register_types);