Add helper APIs for generating cryptographic hashes

GNULIB provides APIs for calculating md5 and sha256 hashes, but these APIs only return you raw byte arrays. Most users in libvirt want the hash in printable string format. Add some helper APIs in util/vircrypto.{c,h} for doing this. Signed-off-by: Daniel P. Berrange <berrange@redhat.com>
2014-03-05 12:34:10 +00:00 · 2014-03-05 12:34:10 +00:00 · 3a7fe8d508
parent 9b9d7704b5
commit 3a7fe8d508
9 changed files with 222 additions and 0 deletions
--- a/include/libvirt/virterror.h
+++ b/include/libvirt/virterror.h
@ -121,6 +121,7 @@ typedef enum {
    VIR_FROM_ACCESS = 55,       /* Error from access control manager */
    VIR_FROM_SYSTEMD = 56,      /* Error from systemd code */
    VIR_FROM_BHYVE = 57,        /* Error from bhyve driver */
+    VIR_FROM_CRYPTO = 58,       /* Error from crypto code */

 # ifdef VIR_ENUM_SENTINELS
    VIR_ERR_DOMAIN_LAST
--- a/po/POTFILES.in
+++ b/po/POTFILES.in
@ -158,6 +158,7 @@ src/util/vircgroup.c
 src/util/virclosecallbacks.c
 src/util/vircommand.c
 src/util/virconf.c
+src/util/vircrypto.c
 src/util/virdbus.c
 src/util/virdnsmasq.c
 src/util/vireventpoll.c
--- a/src/Makefile.am
+++ b/src/Makefile.am
@ -93,6 +93,7 @@ UTIL_SOURCES =							\
 		util/virclosecallbacks.c util/virclosecallbacks.h		\
 		util/vircommand.c util/vircommand.h		\
 		util/virconf.c util/virconf.h			\
+		util/vircrypto.c util/vircrypto.h		\
 		util/virdbus.c util/virdbus.h util/virdbuspriv.h	\
 		util/virdnsmasq.c util/virdnsmasq.h		\
 		util/virebtables.c util/virebtables.h		\
--- a/src/libvirt_private.syms
+++ b/src/libvirt_private.syms
@ -1149,6 +1149,10 @@ virConfWriteFile;
 virConfWriteMem;


+# util/vircrypto.h
+virCryptoHashString;
+
+
 # util/virdbus.h
 virDBusCallMethod;
 virDBusCloseSystemBus;
--- a/src/util/vircrypto.c
+++ b/src/util/vircrypto.c
@ -0,0 +1,79 @@
+/*
+ * vircrypto.c: cryptographic helper APIs
+ *
+ * Copyright (C) 2014 Red Hat, Inc.
+ *
+ * This library is free software; you can redistribute it and/or
+ * modify it under the terms of the GNU Lesser General Public
+ * License as published by the Free Software Foundation; either
+ * version 2.1 of the License, or (at your option) any later version.
+ *
+ * This library is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU
+ * Lesser General Public License for more details.
+ *
+ * You should have received a copy of the GNU Lesser General Public
+ * License along with this library.  If not, see
+ * <http://www.gnu.org/licenses/>.
+ */
+
+#include <config.h>
+
+#include "vircrypto.h"
+#include "virerror.h"
+#include "viralloc.h"
+
+#include "md5.h"
+#include "sha256.h"
+
+#define VIR_FROM_THIS VIR_FROM_CRYPTO
+
+static const char hex[] = "0123456789abcdef";
+
+struct virHashInfo {
+    void *(*func)(const char *buf, size_t len, void *res);
+    size_t hashlen;
+} hashinfo[] = {
+    { md5_buffer, MD5_DIGEST_SIZE },
+    { sha256_buffer, SHA256_DIGEST_SIZE },
+};
+
+#define VIR_CRYPTO_LARGEST_DIGEST_SIZE SHA256_DIGEST_SIZE
+
+verify(ARRAY_CARDINALITY(hashinfo) == VIR_CRYPTO_HASH_LAST);
+
+int
+virCryptoHashString(virCryptoHash hash,
+                    const char *input,
+                    char **output)
+{
+    unsigned char buf[VIR_CRYPTO_LARGEST_DIGEST_SIZE];
+    size_t hashstrlen;
+    size_t i;
+
+    if (hash >= VIR_CRYPTO_HASH_LAST) {
+        virReportError(VIR_ERR_INVALID_ARG,
+                       _("Unknown crypto hash %d"), hash);
+        return -1;
+    }
+
+    hashstrlen = (hashinfo[hash].hashlen * 2) + 1;
+
+    if (!(hashinfo[hash].func(input, strlen(input), buf))) {
+        virReportError(VIR_ERR_INTERNAL_ERROR, "%s",
+                       _("Unable to compute hash of data"));
+        return -1;
+    }
+
+    if (VIR_ALLOC_N(*output, hashstrlen) < 0)
+        return -1;
+
+    for (i = 0; i < hashinfo[hash].hashlen; i++) {
+        (*output)[i * 2] = hex[(buf[i] >> 4) & 0xf];
+        (*output)[(i * 2) + 1] = hex[buf[i] & 0xf];
+    }
+    (*output)[hashstrlen] = '\0';
+
+    return 0;
+}
--- a/src/util/vircrypto.h
+++ b/src/util/vircrypto.h
@ -0,0 +1,40 @@
+/*
+ * vircrypto.h: cryptographic helper APIs
+ *
+ * Copyright (C) 2014 Red Hat, Inc.
+ *
+ * This library is free software; you can redistribute it and/or
+ * modify it under the terms of the GNU Lesser General Public
+ * License as published by the Free Software Foundation; either
+ * version 2.1 of the License, or (at your option) any later version.
+ *
+ * This library is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU
+ * Lesser General Public License for more details.
+ *
+ * You should have received a copy of the GNU Lesser General Public
+ * License along with this library.  If not, see
+ * <http://www.gnu.org/licenses/>.
+ */
+
+#ifndef __VIR_CRYPTO_H__
+# define __VIR_CRYPTO_H__
+
+# include "internal.h"
+
+typedef enum {
+    VIR_CRYPTO_HASH_MD5, /* Don't use this except for historic compat */
+    VIR_CRYPTO_HASH_SHA256,
+
+    VIR_CRYPTO_HASH_LAST
+} virCryptoHash;
+
+int
+virCryptoHashString(virCryptoHash hash,
+                    const char *input,
+                    char **output)
+    ATTRIBUTE_NONNULL(2) ATTRIBUTE_NONNULL(3)
+    ATTRIBUTE_RETURN_CHECK;
+
+#endif /* __VIR_CRYPTO_H__ */
--- a/src/util/virerror.c
+++ b/src/util/virerror.c
@ -125,6 +125,7 @@ VIR_ENUM_IMPL(virErrorDomain, VIR_ERR_DOMAIN_LAST,
              "Access Manager", /* 55 */
              "Systemd",
              "Bhyve",
+              "Crypto",
    )


--- a/tests/Makefile.am
+++ b/tests/Makefile.am
@ -135,6 +135,7 @@ test_programs = virshtest sockettest \
 	virauthconfigtest \
 	virbitmaptest \
 	vircgrouptest \
+	vircryptotest \
 	virpcitest \
 	virendiantest \
 	virfiletest \
@ -816,6 +817,10 @@ vircgroupmock_la_CFLAGS = $(AM_CFLAGS)
 vircgroupmock_la_LDFLAGS = -module -avoid-version \
        -rpath /evil/libtool/hack/to/force/shared/lib/creation

+vircryptotest_SOURCES = \
+	vircryptotest.c testutils.h testutils.c
+vircryptotest_LDADD = $(LDADDS)
+
 virpcitest_SOURCES = \
 	virpcitest.c testutils.h testutils.c
 virpcitest_LDADD = $(LDADDS)
--- a/tests/vircryptotest.c
+++ b/tests/vircryptotest.c
@ -0,0 +1,90 @@
+/*
+ * vircryptotest.c: cryptographic helper test suite
+ *
+ * Copyright (C) 2014 Red Hat, Inc.
+ *
+ * This library is free software; you can redistribute it and/or
+ * modify it under the terms of the GNU Lesser General Public
+ * License as published by the Free Software Foundation; either
+ * version 2.1 of the License, or (at your option) any later version.
+ *
+ * This library is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU
+ * Lesser General Public License for more details.
+ *
+ * You should have received a copy of the GNU Lesser General Public
+ * License along with this library.  If not, see
+ * <http://www.gnu.org/licenses/>.
+ */
+
+#include <config.h>
+
+#include "vircrypto.h"
+
+#include "testutils.h"
+
+
+struct testCryptoHashData {
+    virCryptoHash hash;
+    const char *input;
+    const char *output;
+};
+
+static int
+testCryptoHash(const void *opaque)
+{
+    const struct testCryptoHashData *data = opaque;
+    char *actual = NULL;
+    int ret = -1;
+
+    if (virCryptoHashString(data->hash, data->input, &actual) < 0) {
+        fprintf(stderr, "Failed to generate crypto hash\n");
+        goto cleanup;
+    }
+
+    if (STRNEQ_NULLABLE(data->output, actual)) {
+        fprintf(stderr, "Expected hash '%s' but got '%s'\n",
+                data->output, NULLSTR(actual));
+        goto cleanup;
+    }
+
+    ret = 0;
+ cleanup:
+    VIR_FREE(actual);
+    return ret;
+}
+
+
+static int
+mymain(void)
+{
+    int ret = 0;
+
+#define VIR_CRYPTO_HASH(h, i, o)                \
+    do {                                        \
+        struct testCryptoHashData data = {      \
+            .hash = h,                          \
+            .input = i,                         \
+            .output = o,                        \
+        };                                      \
+        if (virtTestRun("Hash " i, testCryptoHash, &data) < 0) \
+            ret = -1;                                          \
+    } while (0)
+
+    VIR_CRYPTO_HASH(VIR_CRYPTO_HASH_MD5, "", "d41d8cd98f00b204e9800998ecf8427e");
+    VIR_CRYPTO_HASH(VIR_CRYPTO_HASH_SHA256, "", "e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855");
+
+    VIR_CRYPTO_HASH(VIR_CRYPTO_HASH_MD5, " ", "7215ee9c7d9dc229d2921a40e899ec5f");
+    VIR_CRYPTO_HASH(VIR_CRYPTO_HASH_SHA256, " ", "36a9e7f1c95b82ffb99743e0c5c4ce95d83c9a430aac59f84ef3cbfab6145068");
+
+    VIR_CRYPTO_HASH(VIR_CRYPTO_HASH_MD5, "\n", "68b329da9893e34099c7d8ad5cb9c940");
+    VIR_CRYPTO_HASH(VIR_CRYPTO_HASH_SHA256, "\n", "01ba4719c80b6fe911b091a7c05124b64eeece964e09c058ef8f9805daca546b");
+
+    VIR_CRYPTO_HASH(VIR_CRYPTO_HASH_MD5, "The quick brown fox", "a2004f37730b9445670a738fa0fc9ee5");
+    VIR_CRYPTO_HASH(VIR_CRYPTO_HASH_SHA256, "The quick brown fox", "5cac4f980fedc3d3f1f99b4be3472c9b30d56523e632d151237ec9309048bda9");
+
+    return ret == 0 ? EXIT_SUCCESS : EXIT_FAILURE;
+}
+
+VIRT_TEST_MAIN(mymain)