From: "Daniel P. Berrangé" <berrange@redhat.com>
To: zhenwei pi <pizhenwei@bytedance.com>
Cc: arei.gonglei@huawei.com, mst@redhat.com,
herbert@gondor.apana.org.au, jasowang@redhat.com,
qemu-devel@nongnu.org, virtualization@lists.linux-foundation.org,
linux-crypto@vger.kernel.org, lei he <helei.sig11@bytedance.com>
Subject: Re: [PATCH v3 3/6] crypto: Introduce akcipher crypto class
Date: Wed, 23 Mar 2022 13:33:19 +0000 [thread overview]
Message-ID: <Yjshn2T0n0hyuup5@redhat.com> (raw)
In-Reply-To: <20220323024912.249789-4-pizhenwei@bytedance.com>
On Wed, Mar 23, 2022 at 10:49:09AM +0800, zhenwei pi wrote:
> Support basic asymmetric operations: encrypt, decrypt, sign and
> verify.
>
> Co-developed-by: lei he <helei.sig11@bytedance.com>
> Signed-off-by: lei he <helei.sig11@bytedance.com>
> Signed-off-by: zhenwei pi <pizhenwei@bytedance.com>
> ---
> crypto/akcipher.c | 78 +++++++++++++++++++++
> crypto/meson.build | 1 +
> include/crypto/akcipher.h | 139 ++++++++++++++++++++++++++++++++++++++
> 3 files changed, 218 insertions(+)
> create mode 100644 crypto/akcipher.c
> create mode 100644 include/crypto/akcipher.h
>
> diff --git a/crypto/akcipher.c b/crypto/akcipher.c
> new file mode 100644
> index 0000000000..1e52f2fd76
> --- /dev/null
> +++ b/crypto/akcipher.c
> @@ -0,0 +1,78 @@
> +/*
> + * QEMU Crypto akcipher algorithms
> + *
> + * Copyright (c) 2022 Bytedance
> + * Author: zhenwei pi <pizhenwei@bytedance.com>
> + *
> + * This library is free software; you can redistribute it and/or
> + * modify it under the terms of the GNU Lesser General Public
> + * License as published by the Free Software Foundation; either
> + * version 2.1 of the License, or (at your option) any later version.
> + *
> + * This library is distributed in the hope that it will be useful,
> + * but WITHOUT ANY WARRANTY; without even the implied warranty of
> + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
> + * Lesser General Public License for more details.
> + *
> + * You should have received a copy of the GNU Lesser General Public
> + * License along with this library; if not, see <http://www.gnu.org/licenses/>.
> + *
> + */
> +
> +#include "qemu/osdep.h"
> +#include "qemu/host-utils.h"
> +#include "qapi/error.h"
> +#include "crypto/akcipher.h"
> +
> +QCryptoAkcipher *qcrypto_akcipher_new(QCryptoAkcipherAlgorithm alg,
> + QCryptoAkcipherKeyType type,
> + const uint8_t *key, size_t keylen,
> + void *para, Error **errp)
> +{
> + QCryptoAkcipher *akcipher = NULL;
> +
> + return akcipher;
> +}
> +
> +int qcrypto_akcipher_encrypt(QCryptoAkcipher *akcipher,
> + const void *data, size_t data_len,
> + void *enc, size_t enc_len, Error **errp)
> +{
> + const QCryptoAkcipherDriver *drv = akcipher->driver;
> +
> + return drv->encrypt(akcipher, data, data_len, enc, enc_len, errp);
> +}
> +
> +int qcrypto_akcipher_decrypt(struct QCryptoAkcipher *akcipher,
> + const void *enc, size_t enc_len,
> + void *data, size_t data_len, Error **errp)
> +{
> + const QCryptoAkcipherDriver *drv = akcipher->driver;
> +
> + return drv->decrypt(akcipher, enc, enc_len, data, data_len, errp);
> +}
> +
> +int qcrypto_akcipher_sign(struct QCryptoAkcipher *akcipher,
> + const void *data, size_t data_len,
> + void *sig, size_t sig_len, Error **errp)
> +{
> + const QCryptoAkcipherDriver *drv = akcipher->driver;
> +
> + return drv->sign(akcipher, data, data_len, sig, sig_len, errp);
> +}
> +
> +int qcrypto_akcipher_verify(struct QCryptoAkcipher *akcipher,
> + const void *sig, size_t sig_len,
> + const void *data, size_t data_len, Error **errp)
> +{
> + const QCryptoAkcipherDriver *drv = akcipher->driver;
> +
> + return drv->verify(akcipher, sig, sig_len, data, data_len, errp);
> +}
> +
> +int qcrypto_akcipher_free(struct QCryptoAkcipher *akcipher, Error **errp)
> +{
> + const QCryptoAkcipherDriver *drv = akcipher->driver;
> +
> + return drv->free(akcipher, errp);
> +}
> diff --git a/crypto/meson.build b/crypto/meson.build
> index 19c44bea89..c32b57aeda 100644
> --- a/crypto/meson.build
> +++ b/crypto/meson.build
> @@ -19,6 +19,7 @@ crypto_ss.add(files(
> 'tlscredspsk.c',
> 'tlscredsx509.c',
> 'tlssession.c',
> + 'akcipher.c',
> ))
>
> if nettle.found()
> diff --git a/include/crypto/akcipher.h b/include/crypto/akcipher.h
> new file mode 100644
> index 0000000000..03cc3bf46b
> --- /dev/null
> +++ b/include/crypto/akcipher.h
> @@ -0,0 +1,139 @@
> +/*
> + * QEMU Crypto asymmetric algorithms
> + *
> + * Copyright (c) 2022 Bytedance
> + * Author: zhenwei pi <pizhenwei@bytedance.com>
> + *
> + * This library is free software; you can redistribute it and/or
> + * modify it under the terms of the GNU Lesser General Public
> + * License as published by the Free Software Foundation; either
> + * version 2.1 of the License, or (at your option) any later version.
> + *
> + * This library is distributed in the hope that it will be useful,
> + * but WITHOUT ANY WARRANTY; without even the implied warranty of
> + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
> + * Lesser General Public License for more details.
> + *
> + * You should have received a copy of the GNU Lesser General Public
> + * License along with this library; if not, see <http://www.gnu.org/licenses/>.
> + *
> + */
> +
> +#ifndef QCRYPTO_AKCIPHER_H
> +#define QCRYPTO_AKCIPHER_H
> +
> +#include "qemu/typedefs.h"
> +#include "qapi/qapi-types-crypto.h"
> +
> +typedef struct QCryptoAkcipher QCryptoAkcipher;
> +typedef struct QCryptoAkcipherDriver QCryptoAkcipherDriver;
> +
> +struct QCryptoAkcipherDriver {
> + int (*encrypt)(struct QCryptoAkcipher *akcipher,
> + const void *data, size_t data_len,
> + void *enc, size_t enc_len, Error **errp);
> + int (*decrypt)(struct QCryptoAkcipher *akcipher,
> + const void *enc, size_t enc_len,
> + void *data, size_t data_len, Error **errp);
> + int (*sign)(struct QCryptoAkcipher *akcipher,
> + const void *data, size_t data_len,
> + void *sig, size_t sig_len, Error **errp);
> + int (*verify)(struct QCryptoAkcipher *akcipher,
> + const void *sig, size_t sig_len,
> + const void *data, size_t data_len, Error **errp);
> + int (*free)(struct QCryptoAkcipher *akcipher, Error **errp);
> +};
> +
> +struct QCryptoAkcipher {
> + QCryptoAkcipherAlgorithm alg;
> + QCryptoAkcipherKeyType type;
> + uint8_t *key;
> + size_t keylen;
> + int max_plaintext_len;
> + int max_ciphertext_len;
> + int max_signature_len;
> + int max_dgst_len;
> + QCryptoAkcipherDriver *driver;
> +};
These two structs should be treated as private impl details for
the crypto subsystem, so they should not be exposed in the public
include/crypto/akcipher.h
There needs to be a crypto/akcipherpriv.h file, as we've done with
other APIs in crypto/*priv.h
Also, as with the QAPI def, I'd suggest QCryptoAkCipher as the
capitalization for all the structs.
> +
> +QCryptoAkcipher *qcrypto_akcipher_new(QCryptoAkcipherAlgorithm alg,
> + QCryptoAkcipherKeyType type,
> + const uint8_t *key, size_t keylen,
> + void *para, Error **errp);
'void *para' looks pretty dubious. I suspect this is where
it needs to be using the discriminated union for the options.
ie
QCryptoAkcipher *qcrypto_akcipher_new(QCryptoAkCipherOptions opts,
QCryptoAkcipherKeyType type,
const uint8_t *key, size_t keylen,
Error **errp);
> +
> +/**
> + * qcrypto_akcipher_encrypt:
> + * @akcipher: akcipher used to do encryption
> + * @data: plaintext pending to be encrypted
> + * @data_len: length of the plaintext, MUST less or equal
> + * akcipher->max_plaintext_len
> + * @enc: buffer to store the ciphertext
> + * @enc_len: the length of ciphertext buffer, usually equals to
> + * akcipher->max_ciphertext_len
> + * @errp: error pointer
> + *
> + * Encrypt data and write ciphertext into enc
> + *
> + * Returns: length of ciphertext if encrypt succeed, otherwise -1 is returned
> + */
> +int qcrypto_akcipher_encrypt(QCryptoAkcipher *akcipher,
> + const void *data, size_t data_len,
> + void *enc, size_t enc_len, Error **errp);
I'd prefer to keep naming matching qcrypto_cipher_encrypt ie
int qcrypto_akcipher_encrypt(QCryptoAkcipher *akcipher,
const void *in, size_t in_len,
void *out, size_t out_len,
Error **errp);
If thue caller njeeds to know about max_ciphertext_len, then we'll
need a API to query that, since the struct should be private.
> +/**
> + * qcrypto_akcipher_sign:
> + * @akcipher: akcipher used to generate signature
> + * @data: data to be signed
> + * @data_len: the length of data
> + * @sig: buffer to store the signature
> + * @sig_len: length of the signature buffer, usually equals to
> + * akcipher->max_signature_len
> + * @errp: error pointer
> + *
> + * Generate signature for data using akcipher
> + *
> + * Returns: length of signature if succeed, otherwise -1 is returned
> + */
> +int qcrypto_akcipher_sign(struct QCryptoAkcipher *akcipher,
Using 'struct' is redundant - use the typedef.
> + const void *data, size_t data_len,
> + void *sig, size_t sig_len, Error **errp);
> +
> +/**
> + * qcrypto_akcipher_verify:
> + * @akcipher: akcipher used to do verifycation
> + * @sig: pointer to the signature
> + * @sig_len: length of the signature
> + * @data: pointer to original data
> + * @data_len: the length of data
> + * @errp: error pointer
> + *
> + * Verify the signature and the data match or not
> + *
> + * Returns: 0 for succeed, otherwise -1 is returned
> + */
> +int qcrypto_akcipher_verify(struct QCryptoAkcipher *akcipher,
Using 'struct' is redundant - use the typedef.
> + const void *sig, size_t sig_len,
> + const void *data, size_t data_len, Error **errp);
> +
> +int qcrypto_akcipher_free(struct QCryptoAkcipher *akcipher, Error **errp);
Using 'struct' is redundant - use the typedef.
With regards,
Daniel
--
|: https://berrange.com -o- https://www.flickr.com/photos/dberrange :|
|: https://libvirt.org -o- https://fstop138.berrange.com :|
|: https://entangle-photo.org -o- https://www.instagram.com/dberrange :|
WARNING: multiple messages have this Message-ID (diff)
From: "Daniel P. Berrangé" <berrange@redhat.com>
To: zhenwei pi <pizhenwei@bytedance.com>
Cc: herbert@gondor.apana.org.au, mst@redhat.com,
qemu-devel@nongnu.org, virtualization@lists.linux-foundation.org,
linux-crypto@vger.kernel.org, lei he <helei.sig11@bytedance.com>
Subject: Re: [PATCH v3 3/6] crypto: Introduce akcipher crypto class
Date: Wed, 23 Mar 2022 13:33:19 +0000 [thread overview]
Message-ID: <Yjshn2T0n0hyuup5@redhat.com> (raw)
In-Reply-To: <20220323024912.249789-4-pizhenwei@bytedance.com>
On Wed, Mar 23, 2022 at 10:49:09AM +0800, zhenwei pi wrote:
> Support basic asymmetric operations: encrypt, decrypt, sign and
> verify.
>
> Co-developed-by: lei he <helei.sig11@bytedance.com>
> Signed-off-by: lei he <helei.sig11@bytedance.com>
> Signed-off-by: zhenwei pi <pizhenwei@bytedance.com>
> ---
> crypto/akcipher.c | 78 +++++++++++++++++++++
> crypto/meson.build | 1 +
> include/crypto/akcipher.h | 139 ++++++++++++++++++++++++++++++++++++++
> 3 files changed, 218 insertions(+)
> create mode 100644 crypto/akcipher.c
> create mode 100644 include/crypto/akcipher.h
>
> diff --git a/crypto/akcipher.c b/crypto/akcipher.c
> new file mode 100644
> index 0000000000..1e52f2fd76
> --- /dev/null
> +++ b/crypto/akcipher.c
> @@ -0,0 +1,78 @@
> +/*
> + * QEMU Crypto akcipher algorithms
> + *
> + * Copyright (c) 2022 Bytedance
> + * Author: zhenwei pi <pizhenwei@bytedance.com>
> + *
> + * This library is free software; you can redistribute it and/or
> + * modify it under the terms of the GNU Lesser General Public
> + * License as published by the Free Software Foundation; either
> + * version 2.1 of the License, or (at your option) any later version.
> + *
> + * This library is distributed in the hope that it will be useful,
> + * but WITHOUT ANY WARRANTY; without even the implied warranty of
> + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
> + * Lesser General Public License for more details.
> + *
> + * You should have received a copy of the GNU Lesser General Public
> + * License along with this library; if not, see <http://www.gnu.org/licenses/>.
> + *
> + */
> +
> +#include "qemu/osdep.h"
> +#include "qemu/host-utils.h"
> +#include "qapi/error.h"
> +#include "crypto/akcipher.h"
> +
> +QCryptoAkcipher *qcrypto_akcipher_new(QCryptoAkcipherAlgorithm alg,
> + QCryptoAkcipherKeyType type,
> + const uint8_t *key, size_t keylen,
> + void *para, Error **errp)
> +{
> + QCryptoAkcipher *akcipher = NULL;
> +
> + return akcipher;
> +}
> +
> +int qcrypto_akcipher_encrypt(QCryptoAkcipher *akcipher,
> + const void *data, size_t data_len,
> + void *enc, size_t enc_len, Error **errp)
> +{
> + const QCryptoAkcipherDriver *drv = akcipher->driver;
> +
> + return drv->encrypt(akcipher, data, data_len, enc, enc_len, errp);
> +}
> +
> +int qcrypto_akcipher_decrypt(struct QCryptoAkcipher *akcipher,
> + const void *enc, size_t enc_len,
> + void *data, size_t data_len, Error **errp)
> +{
> + const QCryptoAkcipherDriver *drv = akcipher->driver;
> +
> + return drv->decrypt(akcipher, enc, enc_len, data, data_len, errp);
> +}
> +
> +int qcrypto_akcipher_sign(struct QCryptoAkcipher *akcipher,
> + const void *data, size_t data_len,
> + void *sig, size_t sig_len, Error **errp)
> +{
> + const QCryptoAkcipherDriver *drv = akcipher->driver;
> +
> + return drv->sign(akcipher, data, data_len, sig, sig_len, errp);
> +}
> +
> +int qcrypto_akcipher_verify(struct QCryptoAkcipher *akcipher,
> + const void *sig, size_t sig_len,
> + const void *data, size_t data_len, Error **errp)
> +{
> + const QCryptoAkcipherDriver *drv = akcipher->driver;
> +
> + return drv->verify(akcipher, sig, sig_len, data, data_len, errp);
> +}
> +
> +int qcrypto_akcipher_free(struct QCryptoAkcipher *akcipher, Error **errp)
> +{
> + const QCryptoAkcipherDriver *drv = akcipher->driver;
> +
> + return drv->free(akcipher, errp);
> +}
> diff --git a/crypto/meson.build b/crypto/meson.build
> index 19c44bea89..c32b57aeda 100644
> --- a/crypto/meson.build
> +++ b/crypto/meson.build
> @@ -19,6 +19,7 @@ crypto_ss.add(files(
> 'tlscredspsk.c',
> 'tlscredsx509.c',
> 'tlssession.c',
> + 'akcipher.c',
> ))
>
> if nettle.found()
> diff --git a/include/crypto/akcipher.h b/include/crypto/akcipher.h
> new file mode 100644
> index 0000000000..03cc3bf46b
> --- /dev/null
> +++ b/include/crypto/akcipher.h
> @@ -0,0 +1,139 @@
> +/*
> + * QEMU Crypto asymmetric algorithms
> + *
> + * Copyright (c) 2022 Bytedance
> + * Author: zhenwei pi <pizhenwei@bytedance.com>
> + *
> + * This library is free software; you can redistribute it and/or
> + * modify it under the terms of the GNU Lesser General Public
> + * License as published by the Free Software Foundation; either
> + * version 2.1 of the License, or (at your option) any later version.
> + *
> + * This library is distributed in the hope that it will be useful,
> + * but WITHOUT ANY WARRANTY; without even the implied warranty of
> + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
> + * Lesser General Public License for more details.
> + *
> + * You should have received a copy of the GNU Lesser General Public
> + * License along with this library; if not, see <http://www.gnu.org/licenses/>.
> + *
> + */
> +
> +#ifndef QCRYPTO_AKCIPHER_H
> +#define QCRYPTO_AKCIPHER_H
> +
> +#include "qemu/typedefs.h"
> +#include "qapi/qapi-types-crypto.h"
> +
> +typedef struct QCryptoAkcipher QCryptoAkcipher;
> +typedef struct QCryptoAkcipherDriver QCryptoAkcipherDriver;
> +
> +struct QCryptoAkcipherDriver {
> + int (*encrypt)(struct QCryptoAkcipher *akcipher,
> + const void *data, size_t data_len,
> + void *enc, size_t enc_len, Error **errp);
> + int (*decrypt)(struct QCryptoAkcipher *akcipher,
> + const void *enc, size_t enc_len,
> + void *data, size_t data_len, Error **errp);
> + int (*sign)(struct QCryptoAkcipher *akcipher,
> + const void *data, size_t data_len,
> + void *sig, size_t sig_len, Error **errp);
> + int (*verify)(struct QCryptoAkcipher *akcipher,
> + const void *sig, size_t sig_len,
> + const void *data, size_t data_len, Error **errp);
> + int (*free)(struct QCryptoAkcipher *akcipher, Error **errp);
> +};
> +
> +struct QCryptoAkcipher {
> + QCryptoAkcipherAlgorithm alg;
> + QCryptoAkcipherKeyType type;
> + uint8_t *key;
> + size_t keylen;
> + int max_plaintext_len;
> + int max_ciphertext_len;
> + int max_signature_len;
> + int max_dgst_len;
> + QCryptoAkcipherDriver *driver;
> +};
These two structs should be treated as private impl details for
the crypto subsystem, so they should not be exposed in the public
include/crypto/akcipher.h
There needs to be a crypto/akcipherpriv.h file, as we've done with
other APIs in crypto/*priv.h
Also, as with the QAPI def, I'd suggest QCryptoAkCipher as the
capitalization for all the structs.
> +
> +QCryptoAkcipher *qcrypto_akcipher_new(QCryptoAkcipherAlgorithm alg,
> + QCryptoAkcipherKeyType type,
> + const uint8_t *key, size_t keylen,
> + void *para, Error **errp);
'void *para' looks pretty dubious. I suspect this is where
it needs to be using the discriminated union for the options.
ie
QCryptoAkcipher *qcrypto_akcipher_new(QCryptoAkCipherOptions opts,
QCryptoAkcipherKeyType type,
const uint8_t *key, size_t keylen,
Error **errp);
> +
> +/**
> + * qcrypto_akcipher_encrypt:
> + * @akcipher: akcipher used to do encryption
> + * @data: plaintext pending to be encrypted
> + * @data_len: length of the plaintext, MUST less or equal
> + * akcipher->max_plaintext_len
> + * @enc: buffer to store the ciphertext
> + * @enc_len: the length of ciphertext buffer, usually equals to
> + * akcipher->max_ciphertext_len
> + * @errp: error pointer
> + *
> + * Encrypt data and write ciphertext into enc
> + *
> + * Returns: length of ciphertext if encrypt succeed, otherwise -1 is returned
> + */
> +int qcrypto_akcipher_encrypt(QCryptoAkcipher *akcipher,
> + const void *data, size_t data_len,
> + void *enc, size_t enc_len, Error **errp);
I'd prefer to keep naming matching qcrypto_cipher_encrypt ie
int qcrypto_akcipher_encrypt(QCryptoAkcipher *akcipher,
const void *in, size_t in_len,
void *out, size_t out_len,
Error **errp);
If thue caller njeeds to know about max_ciphertext_len, then we'll
need a API to query that, since the struct should be private.
> +/**
> + * qcrypto_akcipher_sign:
> + * @akcipher: akcipher used to generate signature
> + * @data: data to be signed
> + * @data_len: the length of data
> + * @sig: buffer to store the signature
> + * @sig_len: length of the signature buffer, usually equals to
> + * akcipher->max_signature_len
> + * @errp: error pointer
> + *
> + * Generate signature for data using akcipher
> + *
> + * Returns: length of signature if succeed, otherwise -1 is returned
> + */
> +int qcrypto_akcipher_sign(struct QCryptoAkcipher *akcipher,
Using 'struct' is redundant - use the typedef.
> + const void *data, size_t data_len,
> + void *sig, size_t sig_len, Error **errp);
> +
> +/**
> + * qcrypto_akcipher_verify:
> + * @akcipher: akcipher used to do verifycation
> + * @sig: pointer to the signature
> + * @sig_len: length of the signature
> + * @data: pointer to original data
> + * @data_len: the length of data
> + * @errp: error pointer
> + *
> + * Verify the signature and the data match or not
> + *
> + * Returns: 0 for succeed, otherwise -1 is returned
> + */
> +int qcrypto_akcipher_verify(struct QCryptoAkcipher *akcipher,
Using 'struct' is redundant - use the typedef.
> + const void *sig, size_t sig_len,
> + const void *data, size_t data_len, Error **errp);
> +
> +int qcrypto_akcipher_free(struct QCryptoAkcipher *akcipher, Error **errp);
Using 'struct' is redundant - use the typedef.
With regards,
Daniel
--
|: https://berrange.com -o- https://www.flickr.com/photos/dberrange :|
|: https://libvirt.org -o- https://fstop138.berrange.com :|
|: https://entangle-photo.org -o- https://www.instagram.com/dberrange :|
_______________________________________________
Virtualization mailing list
Virtualization@lists.linux-foundation.org
https://lists.linuxfoundation.org/mailman/listinfo/virtualization
WARNING: multiple messages have this Message-ID (diff)
From: "Daniel P. Berrangé" <berrange@redhat.com>
To: zhenwei pi <pizhenwei@bytedance.com>
Cc: herbert@gondor.apana.org.au, mst@redhat.com, jasowang@redhat.com,
qemu-devel@nongnu.org, virtualization@lists.linux-foundation.org,
arei.gonglei@huawei.com, linux-crypto@vger.kernel.org,
lei he <helei.sig11@bytedance.com>
Subject: Re: [PATCH v3 3/6] crypto: Introduce akcipher crypto class
Date: Wed, 23 Mar 2022 13:33:19 +0000 [thread overview]
Message-ID: <Yjshn2T0n0hyuup5@redhat.com> (raw)
In-Reply-To: <20220323024912.249789-4-pizhenwei@bytedance.com>
On Wed, Mar 23, 2022 at 10:49:09AM +0800, zhenwei pi wrote:
> Support basic asymmetric operations: encrypt, decrypt, sign and
> verify.
>
> Co-developed-by: lei he <helei.sig11@bytedance.com>
> Signed-off-by: lei he <helei.sig11@bytedance.com>
> Signed-off-by: zhenwei pi <pizhenwei@bytedance.com>
> ---
> crypto/akcipher.c | 78 +++++++++++++++++++++
> crypto/meson.build | 1 +
> include/crypto/akcipher.h | 139 ++++++++++++++++++++++++++++++++++++++
> 3 files changed, 218 insertions(+)
> create mode 100644 crypto/akcipher.c
> create mode 100644 include/crypto/akcipher.h
>
> diff --git a/crypto/akcipher.c b/crypto/akcipher.c
> new file mode 100644
> index 0000000000..1e52f2fd76
> --- /dev/null
> +++ b/crypto/akcipher.c
> @@ -0,0 +1,78 @@
> +/*
> + * QEMU Crypto akcipher algorithms
> + *
> + * Copyright (c) 2022 Bytedance
> + * Author: zhenwei pi <pizhenwei@bytedance.com>
> + *
> + * This library is free software; you can redistribute it and/or
> + * modify it under the terms of the GNU Lesser General Public
> + * License as published by the Free Software Foundation; either
> + * version 2.1 of the License, or (at your option) any later version.
> + *
> + * This library is distributed in the hope that it will be useful,
> + * but WITHOUT ANY WARRANTY; without even the implied warranty of
> + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
> + * Lesser General Public License for more details.
> + *
> + * You should have received a copy of the GNU Lesser General Public
> + * License along with this library; if not, see <http://www.gnu.org/licenses/>.
> + *
> + */
> +
> +#include "qemu/osdep.h"
> +#include "qemu/host-utils.h"
> +#include "qapi/error.h"
> +#include "crypto/akcipher.h"
> +
> +QCryptoAkcipher *qcrypto_akcipher_new(QCryptoAkcipherAlgorithm alg,
> + QCryptoAkcipherKeyType type,
> + const uint8_t *key, size_t keylen,
> + void *para, Error **errp)
> +{
> + QCryptoAkcipher *akcipher = NULL;
> +
> + return akcipher;
> +}
> +
> +int qcrypto_akcipher_encrypt(QCryptoAkcipher *akcipher,
> + const void *data, size_t data_len,
> + void *enc, size_t enc_len, Error **errp)
> +{
> + const QCryptoAkcipherDriver *drv = akcipher->driver;
> +
> + return drv->encrypt(akcipher, data, data_len, enc, enc_len, errp);
> +}
> +
> +int qcrypto_akcipher_decrypt(struct QCryptoAkcipher *akcipher,
> + const void *enc, size_t enc_len,
> + void *data, size_t data_len, Error **errp)
> +{
> + const QCryptoAkcipherDriver *drv = akcipher->driver;
> +
> + return drv->decrypt(akcipher, enc, enc_len, data, data_len, errp);
> +}
> +
> +int qcrypto_akcipher_sign(struct QCryptoAkcipher *akcipher,
> + const void *data, size_t data_len,
> + void *sig, size_t sig_len, Error **errp)
> +{
> + const QCryptoAkcipherDriver *drv = akcipher->driver;
> +
> + return drv->sign(akcipher, data, data_len, sig, sig_len, errp);
> +}
> +
> +int qcrypto_akcipher_verify(struct QCryptoAkcipher *akcipher,
> + const void *sig, size_t sig_len,
> + const void *data, size_t data_len, Error **errp)
> +{
> + const QCryptoAkcipherDriver *drv = akcipher->driver;
> +
> + return drv->verify(akcipher, sig, sig_len, data, data_len, errp);
> +}
> +
> +int qcrypto_akcipher_free(struct QCryptoAkcipher *akcipher, Error **errp)
> +{
> + const QCryptoAkcipherDriver *drv = akcipher->driver;
> +
> + return drv->free(akcipher, errp);
> +}
> diff --git a/crypto/meson.build b/crypto/meson.build
> index 19c44bea89..c32b57aeda 100644
> --- a/crypto/meson.build
> +++ b/crypto/meson.build
> @@ -19,6 +19,7 @@ crypto_ss.add(files(
> 'tlscredspsk.c',
> 'tlscredsx509.c',
> 'tlssession.c',
> + 'akcipher.c',
> ))
>
> if nettle.found()
> diff --git a/include/crypto/akcipher.h b/include/crypto/akcipher.h
> new file mode 100644
> index 0000000000..03cc3bf46b
> --- /dev/null
> +++ b/include/crypto/akcipher.h
> @@ -0,0 +1,139 @@
> +/*
> + * QEMU Crypto asymmetric algorithms
> + *
> + * Copyright (c) 2022 Bytedance
> + * Author: zhenwei pi <pizhenwei@bytedance.com>
> + *
> + * This library is free software; you can redistribute it and/or
> + * modify it under the terms of the GNU Lesser General Public
> + * License as published by the Free Software Foundation; either
> + * version 2.1 of the License, or (at your option) any later version.
> + *
> + * This library is distributed in the hope that it will be useful,
> + * but WITHOUT ANY WARRANTY; without even the implied warranty of
> + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
> + * Lesser General Public License for more details.
> + *
> + * You should have received a copy of the GNU Lesser General Public
> + * License along with this library; if not, see <http://www.gnu.org/licenses/>.
> + *
> + */
> +
> +#ifndef QCRYPTO_AKCIPHER_H
> +#define QCRYPTO_AKCIPHER_H
> +
> +#include "qemu/typedefs.h"
> +#include "qapi/qapi-types-crypto.h"
> +
> +typedef struct QCryptoAkcipher QCryptoAkcipher;
> +typedef struct QCryptoAkcipherDriver QCryptoAkcipherDriver;
> +
> +struct QCryptoAkcipherDriver {
> + int (*encrypt)(struct QCryptoAkcipher *akcipher,
> + const void *data, size_t data_len,
> + void *enc, size_t enc_len, Error **errp);
> + int (*decrypt)(struct QCryptoAkcipher *akcipher,
> + const void *enc, size_t enc_len,
> + void *data, size_t data_len, Error **errp);
> + int (*sign)(struct QCryptoAkcipher *akcipher,
> + const void *data, size_t data_len,
> + void *sig, size_t sig_len, Error **errp);
> + int (*verify)(struct QCryptoAkcipher *akcipher,
> + const void *sig, size_t sig_len,
> + const void *data, size_t data_len, Error **errp);
> + int (*free)(struct QCryptoAkcipher *akcipher, Error **errp);
> +};
> +
> +struct QCryptoAkcipher {
> + QCryptoAkcipherAlgorithm alg;
> + QCryptoAkcipherKeyType type;
> + uint8_t *key;
> + size_t keylen;
> + int max_plaintext_len;
> + int max_ciphertext_len;
> + int max_signature_len;
> + int max_dgst_len;
> + QCryptoAkcipherDriver *driver;
> +};
These two structs should be treated as private impl details for
the crypto subsystem, so they should not be exposed in the public
include/crypto/akcipher.h
There needs to be a crypto/akcipherpriv.h file, as we've done with
other APIs in crypto/*priv.h
Also, as with the QAPI def, I'd suggest QCryptoAkCipher as the
capitalization for all the structs.
> +
> +QCryptoAkcipher *qcrypto_akcipher_new(QCryptoAkcipherAlgorithm alg,
> + QCryptoAkcipherKeyType type,
> + const uint8_t *key, size_t keylen,
> + void *para, Error **errp);
'void *para' looks pretty dubious. I suspect this is where
it needs to be using the discriminated union for the options.
ie
QCryptoAkcipher *qcrypto_akcipher_new(QCryptoAkCipherOptions opts,
QCryptoAkcipherKeyType type,
const uint8_t *key, size_t keylen,
Error **errp);
> +
> +/**
> + * qcrypto_akcipher_encrypt:
> + * @akcipher: akcipher used to do encryption
> + * @data: plaintext pending to be encrypted
> + * @data_len: length of the plaintext, MUST less or equal
> + * akcipher->max_plaintext_len
> + * @enc: buffer to store the ciphertext
> + * @enc_len: the length of ciphertext buffer, usually equals to
> + * akcipher->max_ciphertext_len
> + * @errp: error pointer
> + *
> + * Encrypt data and write ciphertext into enc
> + *
> + * Returns: length of ciphertext if encrypt succeed, otherwise -1 is returned
> + */
> +int qcrypto_akcipher_encrypt(QCryptoAkcipher *akcipher,
> + const void *data, size_t data_len,
> + void *enc, size_t enc_len, Error **errp);
I'd prefer to keep naming matching qcrypto_cipher_encrypt ie
int qcrypto_akcipher_encrypt(QCryptoAkcipher *akcipher,
const void *in, size_t in_len,
void *out, size_t out_len,
Error **errp);
If thue caller njeeds to know about max_ciphertext_len, then we'll
need a API to query that, since the struct should be private.
> +/**
> + * qcrypto_akcipher_sign:
> + * @akcipher: akcipher used to generate signature
> + * @data: data to be signed
> + * @data_len: the length of data
> + * @sig: buffer to store the signature
> + * @sig_len: length of the signature buffer, usually equals to
> + * akcipher->max_signature_len
> + * @errp: error pointer
> + *
> + * Generate signature for data using akcipher
> + *
> + * Returns: length of signature if succeed, otherwise -1 is returned
> + */
> +int qcrypto_akcipher_sign(struct QCryptoAkcipher *akcipher,
Using 'struct' is redundant - use the typedef.
> + const void *data, size_t data_len,
> + void *sig, size_t sig_len, Error **errp);
> +
> +/**
> + * qcrypto_akcipher_verify:
> + * @akcipher: akcipher used to do verifycation
> + * @sig: pointer to the signature
> + * @sig_len: length of the signature
> + * @data: pointer to original data
> + * @data_len: the length of data
> + * @errp: error pointer
> + *
> + * Verify the signature and the data match or not
> + *
> + * Returns: 0 for succeed, otherwise -1 is returned
> + */
> +int qcrypto_akcipher_verify(struct QCryptoAkcipher *akcipher,
Using 'struct' is redundant - use the typedef.
> + const void *sig, size_t sig_len,
> + const void *data, size_t data_len, Error **errp);
> +
> +int qcrypto_akcipher_free(struct QCryptoAkcipher *akcipher, Error **errp);
Using 'struct' is redundant - use the typedef.
With regards,
Daniel
--
|: https://berrange.com -o- https://www.flickr.com/photos/dberrange :|
|: https://libvirt.org -o- https://fstop138.berrange.com :|
|: https://entangle-photo.org -o- https://www.instagram.com/dberrange :|
next prev parent reply other threads:[~2022-03-23 13:33 UTC|newest]
Thread overview: 62+ messages / expand[flat|nested] mbox.gz Atom feed top
2022-03-23 2:49 [PATCH v3 0/6] Support akcipher for virtio-crypto zhenwei pi
2022-03-23 2:49 ` zhenwei pi
2022-03-23 2:49 ` zhenwei pi
2022-03-23 2:49 ` [PATCH v3 1/6] virtio-crypto: header update zhenwei pi
2022-03-23 2:49 ` zhenwei pi
2022-03-23 2:49 ` zhenwei pi
2022-03-23 15:38 ` Daniel P. Berrangé
2022-03-23 15:38 ` Daniel P. Berrangé
2022-03-23 15:38 ` Daniel P. Berrangé
2022-03-23 15:59 ` zhenwei pi
2022-03-23 15:59 ` zhenwei pi
2022-03-23 15:59 ` zhenwei pi
2022-03-23 2:49 ` [PATCH v3 2/6] crypto-akcipher: Introduce akcipher types to qapi zhenwei pi
2022-03-23 2:49 ` zhenwei pi
2022-03-23 2:49 ` zhenwei pi
2022-03-23 13:08 ` Daniel P. Berrangé
2022-03-23 13:08 ` Daniel P. Berrangé
2022-03-23 13:08 ` Daniel P. Berrangé
2022-03-23 15:00 ` Daniel P. Berrangé
2022-03-23 15:00 ` Daniel P. Berrangé
2022-03-23 15:00 ` Daniel P. Berrangé
2022-03-23 2:49 ` [PATCH v3 3/6] crypto: Introduce akcipher crypto class zhenwei pi
2022-03-23 2:49 ` zhenwei pi
2022-03-23 2:49 ` zhenwei pi
2022-03-23 13:33 ` Daniel P. Berrangé [this message]
2022-03-23 13:33 ` Daniel P. Berrangé
2022-03-23 13:33 ` Daniel P. Berrangé
2022-03-23 2:49 ` [PATCH v3 4/6] crypto: Implement RSA algorithm by hogweed zhenwei pi
2022-03-23 2:49 ` zhenwei pi
2022-03-23 2:49 ` zhenwei pi
2022-03-23 13:50 ` Daniel P. Berrangé
2022-03-23 13:50 ` Daniel P. Berrangé
2022-03-23 13:50 ` Daniel P. Berrangé
2022-03-28 9:14 ` [External] " 何磊
2022-03-28 9:14 ` 何磊
2022-03-23 2:49 ` [PATCH v3 5/6] tests/crypto: Add test suite for crypto akcipher zhenwei pi
2022-03-23 2:49 ` zhenwei pi
2022-03-23 2:49 ` zhenwei pi
2022-03-23 15:10 ` Daniel P. Berrangé
2022-03-23 15:10 ` Daniel P. Berrangé
2022-03-23 15:10 ` Daniel P. Berrangé
2022-03-23 2:49 ` [PATCH v3 6/6] virtio-crypto: Introduce RSA algorithm zhenwei pi
2022-03-23 2:49 ` zhenwei pi
2022-03-23 2:49 ` zhenwei pi
2022-03-23 5:17 ` [PATCH v3 0/6] Support akcipher for virtio-crypto Eric Biggers
2022-03-23 5:17 ` Eric Biggers
2022-03-23 7:32 ` zhenwei pi
2022-03-23 7:32 ` zhenwei pi
2022-03-23 7:32 ` zhenwei pi
2022-03-23 18:03 ` Eric Biggers
2022-03-23 18:03 ` Eric Biggers
2022-03-24 1:20 ` zhenwei pi
2022-03-24 1:20 ` zhenwei pi
2022-03-24 1:20 ` zhenwei pi
2022-03-23 12:36 ` Philippe Mathieu-Daudé
2022-03-23 12:36 ` Philippe Mathieu-Daudé
2022-03-23 12:36 ` Michael S. Tsirkin
2022-03-23 12:36 ` Michael S. Tsirkin
2022-03-23 12:36 ` Michael S. Tsirkin
2022-03-23 14:37 ` zhenwei pi
2022-03-23 14:37 ` zhenwei pi
2022-03-23 14:37 ` zhenwei pi
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=Yjshn2T0n0hyuup5@redhat.com \
--to=berrange@redhat.com \
--cc=arei.gonglei@huawei.com \
--cc=helei.sig11@bytedance.com \
--cc=herbert@gondor.apana.org.au \
--cc=jasowang@redhat.com \
--cc=linux-crypto@vger.kernel.org \
--cc=mst@redhat.com \
--cc=pizhenwei@bytedance.com \
--cc=qemu-devel@nongnu.org \
--cc=virtualization@lists.linux-foundation.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.