From: "Daniel P. Berrangé" <berrange@redhat.com>
To: zhenwei pi <pizhenwei@bytedance.com>
Cc: arei.gonglei@huawei.com, mst@redhat.com,
herbert@gondor.apana.org.au, jasowang@redhat.com,
qemu-devel@nongnu.org, virtualization@lists.linux-foundation.org,
linux-crypto@vger.kernel.org, Lei He <helei.sig11@bytedance.com>
Subject: Re: [PATCH v3 2/6] crypto-akcipher: Introduce akcipher types to qapi
Date: Wed, 23 Mar 2022 13:08:16 +0000 [thread overview]
Message-ID: <YjsbwNhayhkVJ9G0@redhat.com> (raw)
In-Reply-To: <20220323024912.249789-3-pizhenwei@bytedance.com>
On Wed, Mar 23, 2022 at 10:49:08AM +0800, zhenwei pi wrote:
> From: Lei He <helei.sig11@bytedance.com>
>
> Introduce akcipher types, also include RSA & ECDSA related types.
>
> Signed-off-by: Lei He <helei.sig11@bytedance.com>
> Signed-off-by: zhenwei pi <pizhenwei@bytedance.com>
> ---
> qapi/crypto.json | 86 ++++++++++++++++++++++++++++++++++++++++++++++++
> 1 file changed, 86 insertions(+)
>
> diff --git a/qapi/crypto.json b/qapi/crypto.json
> index 1ec54c15ca..d44c38e3b1 100644
> --- a/qapi/crypto.json
> +++ b/qapi/crypto.json
> @@ -540,3 +540,89 @@
> 'data': { '*loaded': { 'type': 'bool', 'features': ['deprecated'] },
> '*sanity-check': 'bool',
> '*passwordid': 'str' } }
> +##
> +# @QCryptoAkcipherAlgorithm:
Should be named QCryptoAkCipherAlgorithm
> +#
> +# The supported algorithms for asymmetric encryption ciphers
> +#
> +# @rsa: RSA algorithm
> +# @ecdsa: ECDSA algorithm
> +#
> +# Since: 7.0
> +##
> +{ 'enum': 'QCryptoAkcipherAlgorithm',
> + 'prefix': 'QCRYPTO_AKCIPHER_ALG',
> + 'data': ['rsa', 'ecdsa']}
> +
> +##
> +# @QCryptoAkcipherKeyType:
Should be named QCryptoAkCipherKeyType
> +#
> +# The type of asymmetric keys.
> +#
> +# Since: 7.0
> +##
> +{ 'enum': 'QCryptoAkcipherKeyType',
> + 'prefix': 'QCRYPTO_AKCIPHER_KEY_TYPE',
> + 'data': ['public', 'private']}
> +
> +##
> +# @QCryptoRsaHashAlgorithm:
> +#
> +# The hash algorithm for RSA pkcs1 padding algothrim
> +#
> +# Since: 7.0
> +##
> +{ 'enum': 'QCryptoRsaHashAlgorithm',
> + 'prefix': 'QCRYPTO_RSA_HASH_ALG',
> + 'data': [ 'md2', 'md3', 'md4', 'md5', 'sha1', 'sha256', 'sha384', 'sha512', 'sha224' ]}
We already have QCryptoHashAlgorithm and I don't see the
benefit in duplicating it here.
We don't have md2, md3, and md4 in QCryptoHashAlgorithm, but
that doesn't look like a real negative as I can't imagine
those should be used today.
> +##
> +# @QCryptoRsaPaddingAlgorithm:
> +#
> +# The padding algorithm for RSA.
> +#
> +# @raw: no padding used
> +# @pkcs1: pkcs1#v1.5
> +#
> +# Since: 7.0
> +##
> +{ 'enum': 'QCryptoRsaPaddingAlgorithm',
> + 'prefix': 'QCRYPTO_RSA_PADDING_ALG',
> + 'data': ['raw', 'pkcs1']}
> +
> +##
> +# @QCryptoCurveId:
Should be named QCryptoCurveID
> +#
> +# The well-known curves, referenced from https://csrc.nist.gov/csrc/media/publications/fips/186/3/archive/2009-06-25/documents/fips_186-3.pdf
> +#
> +# Since: 7.0
> +##
> +{ 'enum': 'QCryptoCurveId',
> + 'prefix': 'QCRYPTO_CURVE_ID',
> + 'data': ['nist-p192', 'nist-p224', 'nist-p256', 'nist-p384', 'nist-p521']}
> +
> +##
> +# @QCryptoRsaOptions:
This should be named QCryptoAkCipherOptionsRSA
> +#
> +# Specific parameters for RSA algorithm.
> +#
> +# @hash-algo: QCryptoRsaHashAlgorithm
> +# @padding-algo: QCryptoRsaPaddingAlgorithm
> +#
> +# Since: 7.0
> +##
> +{ 'struct': 'QCryptoRsaOptions',
> + 'data': { 'hash-algo':'QCryptoRsaHashAlgorithm',
> + 'padding-algo': 'QCryptoRsaPaddingAlgorithm'}}
Our naming convention is 'XXX-alg' rather than 'XXX-algo'.
> +
> +##
> +# @QCryptoEcdsaOptions:
This should be named QCryptoAkCipherOptionsECDSA
> +#
> +# Specific parameter for ECDSA algorithm.
> +#
> +# @curve-id: QCryptoCurveId
> +#
> +# Since: 7.0
> +##
> +{ 'struct': 'QCryptoEcdsaOptions',
> + 'data': { 'curve-id': 'QCryptoCurveId' }}
Having these two structs standalone looks wrong to me. I suspect that
callers will need to be able to conditionally pass in either one, and
so require the API to use a discriminated union
{ 'union': 'QCryptoAkCipherOptions'
'base': { 'algorithm': 'QCryptoAkCipherAlgorithm' },
'discriminator': 'algorithm',
'data': { 'rsa': 'QCryptoAkCipherOptionsRSA' ,
'ecdsa': 'QCryptoAkCipherOptionsECDSA' } }
With regards,
Daniel
--
|: https://berrange.com -o- https://www.flickr.com/photos/dberrange :|
|: https://libvirt.org -o- https://fstop138.berrange.com :|
|: https://entangle-photo.org -o- https://www.instagram.com/dberrange :|
WARNING: multiple messages have this Message-ID (diff)
From: "Daniel P. Berrangé" <berrange@redhat.com>
To: zhenwei pi <pizhenwei@bytedance.com>
Cc: herbert@gondor.apana.org.au, mst@redhat.com,
qemu-devel@nongnu.org, virtualization@lists.linux-foundation.org,
linux-crypto@vger.kernel.org, Lei He <helei.sig11@bytedance.com>
Subject: Re: [PATCH v3 2/6] crypto-akcipher: Introduce akcipher types to qapi
Date: Wed, 23 Mar 2022 13:08:16 +0000 [thread overview]
Message-ID: <YjsbwNhayhkVJ9G0@redhat.com> (raw)
In-Reply-To: <20220323024912.249789-3-pizhenwei@bytedance.com>
On Wed, Mar 23, 2022 at 10:49:08AM +0800, zhenwei pi wrote:
> From: Lei He <helei.sig11@bytedance.com>
>
> Introduce akcipher types, also include RSA & ECDSA related types.
>
> Signed-off-by: Lei He <helei.sig11@bytedance.com>
> Signed-off-by: zhenwei pi <pizhenwei@bytedance.com>
> ---
> qapi/crypto.json | 86 ++++++++++++++++++++++++++++++++++++++++++++++++
> 1 file changed, 86 insertions(+)
>
> diff --git a/qapi/crypto.json b/qapi/crypto.json
> index 1ec54c15ca..d44c38e3b1 100644
> --- a/qapi/crypto.json
> +++ b/qapi/crypto.json
> @@ -540,3 +540,89 @@
> 'data': { '*loaded': { 'type': 'bool', 'features': ['deprecated'] },
> '*sanity-check': 'bool',
> '*passwordid': 'str' } }
> +##
> +# @QCryptoAkcipherAlgorithm:
Should be named QCryptoAkCipherAlgorithm
> +#
> +# The supported algorithms for asymmetric encryption ciphers
> +#
> +# @rsa: RSA algorithm
> +# @ecdsa: ECDSA algorithm
> +#
> +# Since: 7.0
> +##
> +{ 'enum': 'QCryptoAkcipherAlgorithm',
> + 'prefix': 'QCRYPTO_AKCIPHER_ALG',
> + 'data': ['rsa', 'ecdsa']}
> +
> +##
> +# @QCryptoAkcipherKeyType:
Should be named QCryptoAkCipherKeyType
> +#
> +# The type of asymmetric keys.
> +#
> +# Since: 7.0
> +##
> +{ 'enum': 'QCryptoAkcipherKeyType',
> + 'prefix': 'QCRYPTO_AKCIPHER_KEY_TYPE',
> + 'data': ['public', 'private']}
> +
> +##
> +# @QCryptoRsaHashAlgorithm:
> +#
> +# The hash algorithm for RSA pkcs1 padding algothrim
> +#
> +# Since: 7.0
> +##
> +{ 'enum': 'QCryptoRsaHashAlgorithm',
> + 'prefix': 'QCRYPTO_RSA_HASH_ALG',
> + 'data': [ 'md2', 'md3', 'md4', 'md5', 'sha1', 'sha256', 'sha384', 'sha512', 'sha224' ]}
We already have QCryptoHashAlgorithm and I don't see the
benefit in duplicating it here.
We don't have md2, md3, and md4 in QCryptoHashAlgorithm, but
that doesn't look like a real negative as I can't imagine
those should be used today.
> +##
> +# @QCryptoRsaPaddingAlgorithm:
> +#
> +# The padding algorithm for RSA.
> +#
> +# @raw: no padding used
> +# @pkcs1: pkcs1#v1.5
> +#
> +# Since: 7.0
> +##
> +{ 'enum': 'QCryptoRsaPaddingAlgorithm',
> + 'prefix': 'QCRYPTO_RSA_PADDING_ALG',
> + 'data': ['raw', 'pkcs1']}
> +
> +##
> +# @QCryptoCurveId:
Should be named QCryptoCurveID
> +#
> +# The well-known curves, referenced from https://csrc.nist.gov/csrc/media/publications/fips/186/3/archive/2009-06-25/documents/fips_186-3.pdf
> +#
> +# Since: 7.0
> +##
> +{ 'enum': 'QCryptoCurveId',
> + 'prefix': 'QCRYPTO_CURVE_ID',
> + 'data': ['nist-p192', 'nist-p224', 'nist-p256', 'nist-p384', 'nist-p521']}
> +
> +##
> +# @QCryptoRsaOptions:
This should be named QCryptoAkCipherOptionsRSA
> +#
> +# Specific parameters for RSA algorithm.
> +#
> +# @hash-algo: QCryptoRsaHashAlgorithm
> +# @padding-algo: QCryptoRsaPaddingAlgorithm
> +#
> +# Since: 7.0
> +##
> +{ 'struct': 'QCryptoRsaOptions',
> + 'data': { 'hash-algo':'QCryptoRsaHashAlgorithm',
> + 'padding-algo': 'QCryptoRsaPaddingAlgorithm'}}
Our naming convention is 'XXX-alg' rather than 'XXX-algo'.
> +
> +##
> +# @QCryptoEcdsaOptions:
This should be named QCryptoAkCipherOptionsECDSA
> +#
> +# Specific parameter for ECDSA algorithm.
> +#
> +# @curve-id: QCryptoCurveId
> +#
> +# Since: 7.0
> +##
> +{ 'struct': 'QCryptoEcdsaOptions',
> + 'data': { 'curve-id': 'QCryptoCurveId' }}
Having these two structs standalone looks wrong to me. I suspect that
callers will need to be able to conditionally pass in either one, and
so require the API to use a discriminated union
{ 'union': 'QCryptoAkCipherOptions'
'base': { 'algorithm': 'QCryptoAkCipherAlgorithm' },
'discriminator': 'algorithm',
'data': { 'rsa': 'QCryptoAkCipherOptionsRSA' ,
'ecdsa': 'QCryptoAkCipherOptionsECDSA' } }
With regards,
Daniel
--
|: https://berrange.com -o- https://www.flickr.com/photos/dberrange :|
|: https://libvirt.org -o- https://fstop138.berrange.com :|
|: https://entangle-photo.org -o- https://www.instagram.com/dberrange :|
_______________________________________________
Virtualization mailing list
Virtualization@lists.linux-foundation.org
https://lists.linuxfoundation.org/mailman/listinfo/virtualization
WARNING: multiple messages have this Message-ID (diff)
From: "Daniel P. Berrangé" <berrange@redhat.com>
To: zhenwei pi <pizhenwei@bytedance.com>
Cc: herbert@gondor.apana.org.au, mst@redhat.com, jasowang@redhat.com,
qemu-devel@nongnu.org, virtualization@lists.linux-foundation.org,
arei.gonglei@huawei.com, linux-crypto@vger.kernel.org,
Lei He <helei.sig11@bytedance.com>
Subject: Re: [PATCH v3 2/6] crypto-akcipher: Introduce akcipher types to qapi
Date: Wed, 23 Mar 2022 13:08:16 +0000 [thread overview]
Message-ID: <YjsbwNhayhkVJ9G0@redhat.com> (raw)
In-Reply-To: <20220323024912.249789-3-pizhenwei@bytedance.com>
On Wed, Mar 23, 2022 at 10:49:08AM +0800, zhenwei pi wrote:
> From: Lei He <helei.sig11@bytedance.com>
>
> Introduce akcipher types, also include RSA & ECDSA related types.
>
> Signed-off-by: Lei He <helei.sig11@bytedance.com>
> Signed-off-by: zhenwei pi <pizhenwei@bytedance.com>
> ---
> qapi/crypto.json | 86 ++++++++++++++++++++++++++++++++++++++++++++++++
> 1 file changed, 86 insertions(+)
>
> diff --git a/qapi/crypto.json b/qapi/crypto.json
> index 1ec54c15ca..d44c38e3b1 100644
> --- a/qapi/crypto.json
> +++ b/qapi/crypto.json
> @@ -540,3 +540,89 @@
> 'data': { '*loaded': { 'type': 'bool', 'features': ['deprecated'] },
> '*sanity-check': 'bool',
> '*passwordid': 'str' } }
> +##
> +# @QCryptoAkcipherAlgorithm:
Should be named QCryptoAkCipherAlgorithm
> +#
> +# The supported algorithms for asymmetric encryption ciphers
> +#
> +# @rsa: RSA algorithm
> +# @ecdsa: ECDSA algorithm
> +#
> +# Since: 7.0
> +##
> +{ 'enum': 'QCryptoAkcipherAlgorithm',
> + 'prefix': 'QCRYPTO_AKCIPHER_ALG',
> + 'data': ['rsa', 'ecdsa']}
> +
> +##
> +# @QCryptoAkcipherKeyType:
Should be named QCryptoAkCipherKeyType
> +#
> +# The type of asymmetric keys.
> +#
> +# Since: 7.0
> +##
> +{ 'enum': 'QCryptoAkcipherKeyType',
> + 'prefix': 'QCRYPTO_AKCIPHER_KEY_TYPE',
> + 'data': ['public', 'private']}
> +
> +##
> +# @QCryptoRsaHashAlgorithm:
> +#
> +# The hash algorithm for RSA pkcs1 padding algothrim
> +#
> +# Since: 7.0
> +##
> +{ 'enum': 'QCryptoRsaHashAlgorithm',
> + 'prefix': 'QCRYPTO_RSA_HASH_ALG',
> + 'data': [ 'md2', 'md3', 'md4', 'md5', 'sha1', 'sha256', 'sha384', 'sha512', 'sha224' ]}
We already have QCryptoHashAlgorithm and I don't see the
benefit in duplicating it here.
We don't have md2, md3, and md4 in QCryptoHashAlgorithm, but
that doesn't look like a real negative as I can't imagine
those should be used today.
> +##
> +# @QCryptoRsaPaddingAlgorithm:
> +#
> +# The padding algorithm for RSA.
> +#
> +# @raw: no padding used
> +# @pkcs1: pkcs1#v1.5
> +#
> +# Since: 7.0
> +##
> +{ 'enum': 'QCryptoRsaPaddingAlgorithm',
> + 'prefix': 'QCRYPTO_RSA_PADDING_ALG',
> + 'data': ['raw', 'pkcs1']}
> +
> +##
> +# @QCryptoCurveId:
Should be named QCryptoCurveID
> +#
> +# The well-known curves, referenced from https://csrc.nist.gov/csrc/media/publications/fips/186/3/archive/2009-06-25/documents/fips_186-3.pdf
> +#
> +# Since: 7.0
> +##
> +{ 'enum': 'QCryptoCurveId',
> + 'prefix': 'QCRYPTO_CURVE_ID',
> + 'data': ['nist-p192', 'nist-p224', 'nist-p256', 'nist-p384', 'nist-p521']}
> +
> +##
> +# @QCryptoRsaOptions:
This should be named QCryptoAkCipherOptionsRSA
> +#
> +# Specific parameters for RSA algorithm.
> +#
> +# @hash-algo: QCryptoRsaHashAlgorithm
> +# @padding-algo: QCryptoRsaPaddingAlgorithm
> +#
> +# Since: 7.0
> +##
> +{ 'struct': 'QCryptoRsaOptions',
> + 'data': { 'hash-algo':'QCryptoRsaHashAlgorithm',
> + 'padding-algo': 'QCryptoRsaPaddingAlgorithm'}}
Our naming convention is 'XXX-alg' rather than 'XXX-algo'.
> +
> +##
> +# @QCryptoEcdsaOptions:
This should be named QCryptoAkCipherOptionsECDSA
> +#
> +# Specific parameter for ECDSA algorithm.
> +#
> +# @curve-id: QCryptoCurveId
> +#
> +# Since: 7.0
> +##
> +{ 'struct': 'QCryptoEcdsaOptions',
> + 'data': { 'curve-id': 'QCryptoCurveId' }}
Having these two structs standalone looks wrong to me. I suspect that
callers will need to be able to conditionally pass in either one, and
so require the API to use a discriminated union
{ 'union': 'QCryptoAkCipherOptions'
'base': { 'algorithm': 'QCryptoAkCipherAlgorithm' },
'discriminator': 'algorithm',
'data': { 'rsa': 'QCryptoAkCipherOptionsRSA' ,
'ecdsa': 'QCryptoAkCipherOptionsECDSA' } }
With regards,
Daniel
--
|: https://berrange.com -o- https://www.flickr.com/photos/dberrange :|
|: https://libvirt.org -o- https://fstop138.berrange.com :|
|: https://entangle-photo.org -o- https://www.instagram.com/dberrange :|
next prev parent reply other threads:[~2022-03-23 13:08 UTC|newest]
Thread overview: 62+ messages / expand[flat|nested] mbox.gz Atom feed top
2022-03-23 2:49 [PATCH v3 0/6] Support akcipher for virtio-crypto zhenwei pi
2022-03-23 2:49 ` zhenwei pi
2022-03-23 2:49 ` zhenwei pi
2022-03-23 2:49 ` [PATCH v3 1/6] virtio-crypto: header update zhenwei pi
2022-03-23 2:49 ` zhenwei pi
2022-03-23 2:49 ` zhenwei pi
2022-03-23 15:38 ` Daniel P. Berrangé
2022-03-23 15:38 ` Daniel P. Berrangé
2022-03-23 15:38 ` Daniel P. Berrangé
2022-03-23 15:59 ` zhenwei pi
2022-03-23 15:59 ` zhenwei pi
2022-03-23 15:59 ` zhenwei pi
2022-03-23 2:49 ` [PATCH v3 2/6] crypto-akcipher: Introduce akcipher types to qapi zhenwei pi
2022-03-23 2:49 ` zhenwei pi
2022-03-23 2:49 ` zhenwei pi
2022-03-23 13:08 ` Daniel P. Berrangé [this message]
2022-03-23 13:08 ` Daniel P. Berrangé
2022-03-23 13:08 ` Daniel P. Berrangé
2022-03-23 15:00 ` Daniel P. Berrangé
2022-03-23 15:00 ` Daniel P. Berrangé
2022-03-23 15:00 ` Daniel P. Berrangé
2022-03-23 2:49 ` [PATCH v3 3/6] crypto: Introduce akcipher crypto class zhenwei pi
2022-03-23 2:49 ` zhenwei pi
2022-03-23 2:49 ` zhenwei pi
2022-03-23 13:33 ` Daniel P. Berrangé
2022-03-23 13:33 ` Daniel P. Berrangé
2022-03-23 13:33 ` Daniel P. Berrangé
2022-03-23 2:49 ` [PATCH v3 4/6] crypto: Implement RSA algorithm by hogweed zhenwei pi
2022-03-23 2:49 ` zhenwei pi
2022-03-23 2:49 ` zhenwei pi
2022-03-23 13:50 ` Daniel P. Berrangé
2022-03-23 13:50 ` Daniel P. Berrangé
2022-03-23 13:50 ` Daniel P. Berrangé
2022-03-28 9:14 ` [External] " 何磊
2022-03-28 9:14 ` 何磊
2022-03-23 2:49 ` [PATCH v3 5/6] tests/crypto: Add test suite for crypto akcipher zhenwei pi
2022-03-23 2:49 ` zhenwei pi
2022-03-23 2:49 ` zhenwei pi
2022-03-23 15:10 ` Daniel P. Berrangé
2022-03-23 15:10 ` Daniel P. Berrangé
2022-03-23 15:10 ` Daniel P. Berrangé
2022-03-23 2:49 ` [PATCH v3 6/6] virtio-crypto: Introduce RSA algorithm zhenwei pi
2022-03-23 2:49 ` zhenwei pi
2022-03-23 2:49 ` zhenwei pi
2022-03-23 5:17 ` [PATCH v3 0/6] Support akcipher for virtio-crypto Eric Biggers
2022-03-23 5:17 ` Eric Biggers
2022-03-23 7:32 ` zhenwei pi
2022-03-23 7:32 ` zhenwei pi
2022-03-23 7:32 ` zhenwei pi
2022-03-23 18:03 ` Eric Biggers
2022-03-23 18:03 ` Eric Biggers
2022-03-24 1:20 ` zhenwei pi
2022-03-24 1:20 ` zhenwei pi
2022-03-24 1:20 ` zhenwei pi
2022-03-23 12:36 ` Philippe Mathieu-Daudé
2022-03-23 12:36 ` Philippe Mathieu-Daudé
2022-03-23 12:36 ` Michael S. Tsirkin
2022-03-23 12:36 ` Michael S. Tsirkin
2022-03-23 12:36 ` Michael S. Tsirkin
2022-03-23 14:37 ` zhenwei pi
2022-03-23 14:37 ` zhenwei pi
2022-03-23 14:37 ` zhenwei pi
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=YjsbwNhayhkVJ9G0@redhat.com \
--to=berrange@redhat.com \
--cc=arei.gonglei@huawei.com \
--cc=helei.sig11@bytedance.com \
--cc=herbert@gondor.apana.org.au \
--cc=jasowang@redhat.com \
--cc=linux-crypto@vger.kernel.org \
--cc=mst@redhat.com \
--cc=pizhenwei@bytedance.com \
--cc=qemu-devel@nongnu.org \
--cc=virtualization@lists.linux-foundation.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.