From: "Daniel P. Berrangé" <berrange@redhat.com>
To: zhenwei pi <pizhenwei@bytedance.com>
Cc: arei.gonglei@huawei.com, mst@redhat.com,
herbert@gondor.apana.org.au, jasowang@redhat.com,
qemu-devel@nongnu.org, virtualization@lists.linux-foundation.org,
linux-crypto@vger.kernel.org, lei he <helei.sig11@bytedance.com>
Subject: Re: [PATCH v3 1/6] virtio-crypto: header update
Date: Wed, 23 Mar 2022 15:38:21 +0000 [thread overview]
Message-ID: <Yjs+7TYdumci1Q9h@redhat.com> (raw)
In-Reply-To: <20220323024912.249789-2-pizhenwei@bytedance.com>
On Wed, Mar 23, 2022 at 10:49:07AM +0800, zhenwei pi wrote:
> Update header from linux, support akcipher service.
I'm assuming this is updated for *non-merged* Linux headers, since
I don't see these changes present in current linux.git
>
> Reviewed-by: Gonglei <arei.gonglei@huawei.com>
> Signed-off-by: lei he <helei.sig11@bytedance.com>
> Signed-off-by: zhenwei pi <pizhenwei@bytedance.com>
> ---
> .../standard-headers/linux/virtio_crypto.h | 82 ++++++++++++++++++-
> 1 file changed, 81 insertions(+), 1 deletion(-)
>
> diff --git a/include/standard-headers/linux/virtio_crypto.h b/include/standard-headers/linux/virtio_crypto.h
> index 5ff0b4ee59..68066dafb6 100644
> --- a/include/standard-headers/linux/virtio_crypto.h
> +++ b/include/standard-headers/linux/virtio_crypto.h
> @@ -37,6 +37,7 @@
> #define VIRTIO_CRYPTO_SERVICE_HASH 1
> #define VIRTIO_CRYPTO_SERVICE_MAC 2
> #define VIRTIO_CRYPTO_SERVICE_AEAD 3
> +#define VIRTIO_CRYPTO_SERVICE_AKCIPHER 4
>
> #define VIRTIO_CRYPTO_OPCODE(service, op) (((service) << 8) | (op))
>
> @@ -57,6 +58,10 @@ struct virtio_crypto_ctrl_header {
> VIRTIO_CRYPTO_OPCODE(VIRTIO_CRYPTO_SERVICE_AEAD, 0x02)
> #define VIRTIO_CRYPTO_AEAD_DESTROY_SESSION \
> VIRTIO_CRYPTO_OPCODE(VIRTIO_CRYPTO_SERVICE_AEAD, 0x03)
> +#define VIRTIO_CRYPTO_AKCIPHER_CREATE_SESSION \
> + VIRTIO_CRYPTO_OPCODE(VIRTIO_CRYPTO_SERVICE_AKCIPHER, 0x04)
> +#define VIRTIO_CRYPTO_AKCIPHER_DESTROY_SESSION \
> + VIRTIO_CRYPTO_OPCODE(VIRTIO_CRYPTO_SERVICE_AKCIPHER, 0x05)
> uint32_t opcode;
> uint32_t algo;
> uint32_t flag;
> @@ -180,6 +185,58 @@ struct virtio_crypto_aead_create_session_req {
> uint8_t padding[32];
> };
>
> +struct virtio_crypto_rsa_session_para {
> +#define VIRTIO_CRYPTO_RSA_RAW_PADDING 0
> +#define VIRTIO_CRYPTO_RSA_PKCS1_PADDING 1
> + uint32_t padding_algo;
> +
> +#define VIRTIO_CRYPTO_RSA_NO_HASH 0
> +#define VIRTIO_CRYPTO_RSA_MD2 1
> +#define VIRTIO_CRYPTO_RSA_MD3 2
> +#define VIRTIO_CRYPTO_RSA_MD4 3
> +#define VIRTIO_CRYPTO_RSA_MD5 4
> +#define VIRTIO_CRYPTO_RSA_SHA1 5
Do we really need to be adding support for all these obsolete
hash functions. Maybe SHA1 is borderline acceptable, but all
those obsolete MD* functions too ??
> +#define VIRTIO_CRYPTO_RSA_SHA256 6
> +#define VIRTIO_CRYPTO_RSA_SHA384 7
> +#define VIRTIO_CRYPTO_RSA_SHA512 8
> +#define VIRTIO_CRYPTO_RSA_SHA224 9
> + uint32_t hash_algo;
> +};
> +
> +struct virtio_crypto_ecdsa_session_para {
> +#define VIRTIO_CRYPTO_CURVE_UNKNOWN 0
> +#define VIRTIO_CRYPTO_CURVE_NIST_P192 1
> +#define VIRTIO_CRYPTO_CURVE_NIST_P224 2
> +#define VIRTIO_CRYPTO_CURVE_NIST_P256 3
> +#define VIRTIO_CRYPTO_CURVE_NIST_P384 4
> +#define VIRTIO_CRYPTO_CURVE_NIST_P521 5
> + uint32_t curve_id;
> + uint32_t padding;
> +};
> +
> +struct virtio_crypto_akcipher_session_para {
> +#define VIRTIO_CRYPTO_NO_AKCIPHER 0
> +#define VIRTIO_CRYPTO_AKCIPHER_RSA 1
> +#define VIRTIO_CRYPTO_AKCIPHER_DSA 2
> +#define VIRTIO_CRYPTO_AKCIPHER_ECDSA 3
Here we have RSA, DSA and ECDSA, but the corresponding QEMU
qapi/crypto.json doesn't define DSA at all. Is that a mistake
on the QEMU side, or is the DSA support redundant ?
> + uint32_t algo;
> +
> +#define VIRTIO_CRYPTO_AKCIPHER_KEY_TYPE_PUBLIC 1
> +#define VIRTIO_CRYPTO_AKCIPHER_KEY_TYPE_PRIVATE 2
> + uint32_t keytype;
> + uint32_t keylen;
> +
> + union {
> + struct virtio_crypto_rsa_session_para rsa;
> + struct virtio_crypto_ecdsa_session_para ecdsa;
> + } u;
> +};
With regards,
Daniel
--
|: https://berrange.com -o- https://www.flickr.com/photos/dberrange :|
|: https://libvirt.org -o- https://fstop138.berrange.com :|
|: https://entangle-photo.org -o- https://www.instagram.com/dberrange :|
WARNING: multiple messages have this Message-ID (diff)
From: "Daniel P. Berrangé" <berrange@redhat.com>
To: zhenwei pi <pizhenwei@bytedance.com>
Cc: herbert@gondor.apana.org.au, mst@redhat.com,
qemu-devel@nongnu.org, virtualization@lists.linux-foundation.org,
linux-crypto@vger.kernel.org, lei he <helei.sig11@bytedance.com>
Subject: Re: [PATCH v3 1/6] virtio-crypto: header update
Date: Wed, 23 Mar 2022 15:38:21 +0000 [thread overview]
Message-ID: <Yjs+7TYdumci1Q9h@redhat.com> (raw)
In-Reply-To: <20220323024912.249789-2-pizhenwei@bytedance.com>
On Wed, Mar 23, 2022 at 10:49:07AM +0800, zhenwei pi wrote:
> Update header from linux, support akcipher service.
I'm assuming this is updated for *non-merged* Linux headers, since
I don't see these changes present in current linux.git
>
> Reviewed-by: Gonglei <arei.gonglei@huawei.com>
> Signed-off-by: lei he <helei.sig11@bytedance.com>
> Signed-off-by: zhenwei pi <pizhenwei@bytedance.com>
> ---
> .../standard-headers/linux/virtio_crypto.h | 82 ++++++++++++++++++-
> 1 file changed, 81 insertions(+), 1 deletion(-)
>
> diff --git a/include/standard-headers/linux/virtio_crypto.h b/include/standard-headers/linux/virtio_crypto.h
> index 5ff0b4ee59..68066dafb6 100644
> --- a/include/standard-headers/linux/virtio_crypto.h
> +++ b/include/standard-headers/linux/virtio_crypto.h
> @@ -37,6 +37,7 @@
> #define VIRTIO_CRYPTO_SERVICE_HASH 1
> #define VIRTIO_CRYPTO_SERVICE_MAC 2
> #define VIRTIO_CRYPTO_SERVICE_AEAD 3
> +#define VIRTIO_CRYPTO_SERVICE_AKCIPHER 4
>
> #define VIRTIO_CRYPTO_OPCODE(service, op) (((service) << 8) | (op))
>
> @@ -57,6 +58,10 @@ struct virtio_crypto_ctrl_header {
> VIRTIO_CRYPTO_OPCODE(VIRTIO_CRYPTO_SERVICE_AEAD, 0x02)
> #define VIRTIO_CRYPTO_AEAD_DESTROY_SESSION \
> VIRTIO_CRYPTO_OPCODE(VIRTIO_CRYPTO_SERVICE_AEAD, 0x03)
> +#define VIRTIO_CRYPTO_AKCIPHER_CREATE_SESSION \
> + VIRTIO_CRYPTO_OPCODE(VIRTIO_CRYPTO_SERVICE_AKCIPHER, 0x04)
> +#define VIRTIO_CRYPTO_AKCIPHER_DESTROY_SESSION \
> + VIRTIO_CRYPTO_OPCODE(VIRTIO_CRYPTO_SERVICE_AKCIPHER, 0x05)
> uint32_t opcode;
> uint32_t algo;
> uint32_t flag;
> @@ -180,6 +185,58 @@ struct virtio_crypto_aead_create_session_req {
> uint8_t padding[32];
> };
>
> +struct virtio_crypto_rsa_session_para {
> +#define VIRTIO_CRYPTO_RSA_RAW_PADDING 0
> +#define VIRTIO_CRYPTO_RSA_PKCS1_PADDING 1
> + uint32_t padding_algo;
> +
> +#define VIRTIO_CRYPTO_RSA_NO_HASH 0
> +#define VIRTIO_CRYPTO_RSA_MD2 1
> +#define VIRTIO_CRYPTO_RSA_MD3 2
> +#define VIRTIO_CRYPTO_RSA_MD4 3
> +#define VIRTIO_CRYPTO_RSA_MD5 4
> +#define VIRTIO_CRYPTO_RSA_SHA1 5
Do we really need to be adding support for all these obsolete
hash functions. Maybe SHA1 is borderline acceptable, but all
those obsolete MD* functions too ??
> +#define VIRTIO_CRYPTO_RSA_SHA256 6
> +#define VIRTIO_CRYPTO_RSA_SHA384 7
> +#define VIRTIO_CRYPTO_RSA_SHA512 8
> +#define VIRTIO_CRYPTO_RSA_SHA224 9
> + uint32_t hash_algo;
> +};
> +
> +struct virtio_crypto_ecdsa_session_para {
> +#define VIRTIO_CRYPTO_CURVE_UNKNOWN 0
> +#define VIRTIO_CRYPTO_CURVE_NIST_P192 1
> +#define VIRTIO_CRYPTO_CURVE_NIST_P224 2
> +#define VIRTIO_CRYPTO_CURVE_NIST_P256 3
> +#define VIRTIO_CRYPTO_CURVE_NIST_P384 4
> +#define VIRTIO_CRYPTO_CURVE_NIST_P521 5
> + uint32_t curve_id;
> + uint32_t padding;
> +};
> +
> +struct virtio_crypto_akcipher_session_para {
> +#define VIRTIO_CRYPTO_NO_AKCIPHER 0
> +#define VIRTIO_CRYPTO_AKCIPHER_RSA 1
> +#define VIRTIO_CRYPTO_AKCIPHER_DSA 2
> +#define VIRTIO_CRYPTO_AKCIPHER_ECDSA 3
Here we have RSA, DSA and ECDSA, but the corresponding QEMU
qapi/crypto.json doesn't define DSA at all. Is that a mistake
on the QEMU side, or is the DSA support redundant ?
> + uint32_t algo;
> +
> +#define VIRTIO_CRYPTO_AKCIPHER_KEY_TYPE_PUBLIC 1
> +#define VIRTIO_CRYPTO_AKCIPHER_KEY_TYPE_PRIVATE 2
> + uint32_t keytype;
> + uint32_t keylen;
> +
> + union {
> + struct virtio_crypto_rsa_session_para rsa;
> + struct virtio_crypto_ecdsa_session_para ecdsa;
> + } u;
> +};
With regards,
Daniel
--
|: https://berrange.com -o- https://www.flickr.com/photos/dberrange :|
|: https://libvirt.org -o- https://fstop138.berrange.com :|
|: https://entangle-photo.org -o- https://www.instagram.com/dberrange :|
_______________________________________________
Virtualization mailing list
Virtualization@lists.linux-foundation.org
https://lists.linuxfoundation.org/mailman/listinfo/virtualization
WARNING: multiple messages have this Message-ID (diff)
From: "Daniel P. Berrangé" <berrange@redhat.com>
To: zhenwei pi <pizhenwei@bytedance.com>
Cc: herbert@gondor.apana.org.au, mst@redhat.com, jasowang@redhat.com,
qemu-devel@nongnu.org, virtualization@lists.linux-foundation.org,
arei.gonglei@huawei.com, linux-crypto@vger.kernel.org,
lei he <helei.sig11@bytedance.com>
Subject: Re: [PATCH v3 1/6] virtio-crypto: header update
Date: Wed, 23 Mar 2022 15:38:21 +0000 [thread overview]
Message-ID: <Yjs+7TYdumci1Q9h@redhat.com> (raw)
In-Reply-To: <20220323024912.249789-2-pizhenwei@bytedance.com>
On Wed, Mar 23, 2022 at 10:49:07AM +0800, zhenwei pi wrote:
> Update header from linux, support akcipher service.
I'm assuming this is updated for *non-merged* Linux headers, since
I don't see these changes present in current linux.git
>
> Reviewed-by: Gonglei <arei.gonglei@huawei.com>
> Signed-off-by: lei he <helei.sig11@bytedance.com>
> Signed-off-by: zhenwei pi <pizhenwei@bytedance.com>
> ---
> .../standard-headers/linux/virtio_crypto.h | 82 ++++++++++++++++++-
> 1 file changed, 81 insertions(+), 1 deletion(-)
>
> diff --git a/include/standard-headers/linux/virtio_crypto.h b/include/standard-headers/linux/virtio_crypto.h
> index 5ff0b4ee59..68066dafb6 100644
> --- a/include/standard-headers/linux/virtio_crypto.h
> +++ b/include/standard-headers/linux/virtio_crypto.h
> @@ -37,6 +37,7 @@
> #define VIRTIO_CRYPTO_SERVICE_HASH 1
> #define VIRTIO_CRYPTO_SERVICE_MAC 2
> #define VIRTIO_CRYPTO_SERVICE_AEAD 3
> +#define VIRTIO_CRYPTO_SERVICE_AKCIPHER 4
>
> #define VIRTIO_CRYPTO_OPCODE(service, op) (((service) << 8) | (op))
>
> @@ -57,6 +58,10 @@ struct virtio_crypto_ctrl_header {
> VIRTIO_CRYPTO_OPCODE(VIRTIO_CRYPTO_SERVICE_AEAD, 0x02)
> #define VIRTIO_CRYPTO_AEAD_DESTROY_SESSION \
> VIRTIO_CRYPTO_OPCODE(VIRTIO_CRYPTO_SERVICE_AEAD, 0x03)
> +#define VIRTIO_CRYPTO_AKCIPHER_CREATE_SESSION \
> + VIRTIO_CRYPTO_OPCODE(VIRTIO_CRYPTO_SERVICE_AKCIPHER, 0x04)
> +#define VIRTIO_CRYPTO_AKCIPHER_DESTROY_SESSION \
> + VIRTIO_CRYPTO_OPCODE(VIRTIO_CRYPTO_SERVICE_AKCIPHER, 0x05)
> uint32_t opcode;
> uint32_t algo;
> uint32_t flag;
> @@ -180,6 +185,58 @@ struct virtio_crypto_aead_create_session_req {
> uint8_t padding[32];
> };
>
> +struct virtio_crypto_rsa_session_para {
> +#define VIRTIO_CRYPTO_RSA_RAW_PADDING 0
> +#define VIRTIO_CRYPTO_RSA_PKCS1_PADDING 1
> + uint32_t padding_algo;
> +
> +#define VIRTIO_CRYPTO_RSA_NO_HASH 0
> +#define VIRTIO_CRYPTO_RSA_MD2 1
> +#define VIRTIO_CRYPTO_RSA_MD3 2
> +#define VIRTIO_CRYPTO_RSA_MD4 3
> +#define VIRTIO_CRYPTO_RSA_MD5 4
> +#define VIRTIO_CRYPTO_RSA_SHA1 5
Do we really need to be adding support for all these obsolete
hash functions. Maybe SHA1 is borderline acceptable, but all
those obsolete MD* functions too ??
> +#define VIRTIO_CRYPTO_RSA_SHA256 6
> +#define VIRTIO_CRYPTO_RSA_SHA384 7
> +#define VIRTIO_CRYPTO_RSA_SHA512 8
> +#define VIRTIO_CRYPTO_RSA_SHA224 9
> + uint32_t hash_algo;
> +};
> +
> +struct virtio_crypto_ecdsa_session_para {
> +#define VIRTIO_CRYPTO_CURVE_UNKNOWN 0
> +#define VIRTIO_CRYPTO_CURVE_NIST_P192 1
> +#define VIRTIO_CRYPTO_CURVE_NIST_P224 2
> +#define VIRTIO_CRYPTO_CURVE_NIST_P256 3
> +#define VIRTIO_CRYPTO_CURVE_NIST_P384 4
> +#define VIRTIO_CRYPTO_CURVE_NIST_P521 5
> + uint32_t curve_id;
> + uint32_t padding;
> +};
> +
> +struct virtio_crypto_akcipher_session_para {
> +#define VIRTIO_CRYPTO_NO_AKCIPHER 0
> +#define VIRTIO_CRYPTO_AKCIPHER_RSA 1
> +#define VIRTIO_CRYPTO_AKCIPHER_DSA 2
> +#define VIRTIO_CRYPTO_AKCIPHER_ECDSA 3
Here we have RSA, DSA and ECDSA, but the corresponding QEMU
qapi/crypto.json doesn't define DSA at all. Is that a mistake
on the QEMU side, or is the DSA support redundant ?
> + uint32_t algo;
> +
> +#define VIRTIO_CRYPTO_AKCIPHER_KEY_TYPE_PUBLIC 1
> +#define VIRTIO_CRYPTO_AKCIPHER_KEY_TYPE_PRIVATE 2
> + uint32_t keytype;
> + uint32_t keylen;
> +
> + union {
> + struct virtio_crypto_rsa_session_para rsa;
> + struct virtio_crypto_ecdsa_session_para ecdsa;
> + } u;
> +};
With regards,
Daniel
--
|: https://berrange.com -o- https://www.flickr.com/photos/dberrange :|
|: https://libvirt.org -o- https://fstop138.berrange.com :|
|: https://entangle-photo.org -o- https://www.instagram.com/dberrange :|
next prev parent reply other threads:[~2022-03-23 15:38 UTC|newest]
Thread overview: 62+ messages / expand[flat|nested] mbox.gz Atom feed top
2022-03-23 2:49 [PATCH v3 0/6] Support akcipher for virtio-crypto zhenwei pi
2022-03-23 2:49 ` zhenwei pi
2022-03-23 2:49 ` zhenwei pi
2022-03-23 2:49 ` [PATCH v3 1/6] virtio-crypto: header update zhenwei pi
2022-03-23 2:49 ` zhenwei pi
2022-03-23 2:49 ` zhenwei pi
2022-03-23 15:38 ` Daniel P. Berrangé [this message]
2022-03-23 15:38 ` Daniel P. Berrangé
2022-03-23 15:38 ` Daniel P. Berrangé
2022-03-23 15:59 ` zhenwei pi
2022-03-23 15:59 ` zhenwei pi
2022-03-23 15:59 ` zhenwei pi
2022-03-23 2:49 ` [PATCH v3 2/6] crypto-akcipher: Introduce akcipher types to qapi zhenwei pi
2022-03-23 2:49 ` zhenwei pi
2022-03-23 2:49 ` zhenwei pi
2022-03-23 13:08 ` Daniel P. Berrangé
2022-03-23 13:08 ` Daniel P. Berrangé
2022-03-23 13:08 ` Daniel P. Berrangé
2022-03-23 15:00 ` Daniel P. Berrangé
2022-03-23 15:00 ` Daniel P. Berrangé
2022-03-23 15:00 ` Daniel P. Berrangé
2022-03-23 2:49 ` [PATCH v3 3/6] crypto: Introduce akcipher crypto class zhenwei pi
2022-03-23 2:49 ` zhenwei pi
2022-03-23 2:49 ` zhenwei pi
2022-03-23 13:33 ` Daniel P. Berrangé
2022-03-23 13:33 ` Daniel P. Berrangé
2022-03-23 13:33 ` Daniel P. Berrangé
2022-03-23 2:49 ` [PATCH v3 4/6] crypto: Implement RSA algorithm by hogweed zhenwei pi
2022-03-23 2:49 ` zhenwei pi
2022-03-23 2:49 ` zhenwei pi
2022-03-23 13:50 ` Daniel P. Berrangé
2022-03-23 13:50 ` Daniel P. Berrangé
2022-03-23 13:50 ` Daniel P. Berrangé
2022-03-28 9:14 ` [External] " 何磊
2022-03-28 9:14 ` 何磊
2022-03-23 2:49 ` [PATCH v3 5/6] tests/crypto: Add test suite for crypto akcipher zhenwei pi
2022-03-23 2:49 ` zhenwei pi
2022-03-23 2:49 ` zhenwei pi
2022-03-23 15:10 ` Daniel P. Berrangé
2022-03-23 15:10 ` Daniel P. Berrangé
2022-03-23 15:10 ` Daniel P. Berrangé
2022-03-23 2:49 ` [PATCH v3 6/6] virtio-crypto: Introduce RSA algorithm zhenwei pi
2022-03-23 2:49 ` zhenwei pi
2022-03-23 2:49 ` zhenwei pi
2022-03-23 5:17 ` [PATCH v3 0/6] Support akcipher for virtio-crypto Eric Biggers
2022-03-23 5:17 ` Eric Biggers
2022-03-23 7:32 ` zhenwei pi
2022-03-23 7:32 ` zhenwei pi
2022-03-23 7:32 ` zhenwei pi
2022-03-23 18:03 ` Eric Biggers
2022-03-23 18:03 ` Eric Biggers
2022-03-24 1:20 ` zhenwei pi
2022-03-24 1:20 ` zhenwei pi
2022-03-24 1:20 ` zhenwei pi
2022-03-23 12:36 ` Philippe Mathieu-Daudé
2022-03-23 12:36 ` Philippe Mathieu-Daudé
2022-03-23 12:36 ` Michael S. Tsirkin
2022-03-23 12:36 ` Michael S. Tsirkin
2022-03-23 12:36 ` Michael S. Tsirkin
2022-03-23 14:37 ` zhenwei pi
2022-03-23 14:37 ` zhenwei pi
2022-03-23 14:37 ` zhenwei pi
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=Yjs+7TYdumci1Q9h@redhat.com \
--to=berrange@redhat.com \
--cc=arei.gonglei@huawei.com \
--cc=helei.sig11@bytedance.com \
--cc=herbert@gondor.apana.org.au \
--cc=jasowang@redhat.com \
--cc=linux-crypto@vger.kernel.org \
--cc=mst@redhat.com \
--cc=pizhenwei@bytedance.com \
--cc=qemu-devel@nongnu.org \
--cc=virtualization@lists.linux-foundation.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.