On Fri, Jun 10, 2022 at 05:55:16PM +0200, Philippe Mathieu-Daudé wrote: > On 10/6/22 09:59, Michael S. Tsirkin wrote: > > From: zhenwei pi <pizhen...@bytedance.com> > > > > There are two parts in this patch: > > 1, support akcipher service by cryptodev-builtin driver > > 2, virtio-crypto driver supports akcipher service > > > > In principle, we should separate this into two patches, to avoid > > compiling error, merge them into one. > > > > Then virtio-crypto gets request from guest side, and forwards the > > request to builtin driver to handle it. > > > > Test with a guest linux: > > 1, The self-test framework of crypto layer works fine in guest kernel > > 2, Test with Linux guest(with asym support), the following script > > test(note that pkey_XXX is supported only in a newer version of keyutils): > > - both public key & private key > > - create/close session > > - encrypt/decrypt/sign/verify basic driver operation > > - also test with kernel crypto layer(pkey add/query) > > > > All the cases work fine. > > > > Run script in guest: > > rm -rf *.der *.pem *.pfx > > modprobe pkcs8_key_parser # if CONFIG_PKCS8_PRIVATE_KEY_PARSER=m > > rm -rf /tmp/data > > dd if=/dev/random of=/tmp/data count=1 bs=20 > > > > openssl req -nodes -x509 -newkey rsa:2048 -keyout key.pem -out cert.pem > > -subj "/C=CN/ST=BJ/L=HD/O=qemu/OU=dev/CN=qemu/emailAddress=q...@qemu.org" > > openssl pkcs8 -in key.pem -topk8 -nocrypt -outform DER -out key.der > > openssl x509 -in cert.pem -inform PEM -outform DER -out cert.der > > > > PRIV_KEY_ID=`cat key.der | keyctl padd asymmetric test_priv_key @s` > > echo "priv key id = "$PRIV_KEY_ID > > PUB_KEY_ID=`cat cert.der | keyctl padd asymmetric test_pub_key @s` > > echo "pub key id = "$PUB_KEY_ID > > > > keyctl pkey_query $PRIV_KEY_ID 0 > > keyctl pkey_query $PUB_KEY_ID 0 > > > > echo "Enc with priv key..." > > keyctl pkey_encrypt $PRIV_KEY_ID 0 /tmp/data enc=pkcs1 >/tmp/enc.priv > > echo "Dec with pub key..." > > keyctl pkey_decrypt $PRIV_KEY_ID 0 /tmp/enc.priv enc=pkcs1 >/tmp/dec > > cmp /tmp/data /tmp/dec > > > > echo "Sign with priv key..." > > keyctl pkey_sign $PRIV_KEY_ID 0 /tmp/data enc=pkcs1 hash=sha1 > /tmp/sig > > echo "Verify with pub key..." > > keyctl pkey_verify $PRIV_KEY_ID 0 /tmp/data /tmp/sig enc=pkcs1 hash=sha1 > > > > echo "Enc with pub key..." > > keyctl pkey_encrypt $PUB_KEY_ID 0 /tmp/data enc=pkcs1 >/tmp/enc.pub > > echo "Dec with priv key..." > > keyctl pkey_decrypt $PRIV_KEY_ID 0 /tmp/enc.pub enc=pkcs1 >/tmp/dec > > cmp /tmp/data /tmp/dec > > > > echo "Verify with pub key..." > > keyctl pkey_verify $PUB_KEY_ID 0 /tmp/data /tmp/sig enc=pkcs1 hash=sha1 > > > > Signed-off-by: zhenwei pi <pizhen...@bytedance.com> > > Signed-off-by: lei he <helei.si...@bytedance.com > > Message-Id: <20220527084734.2649594-2-pizhen...@bytedance.com> > > Reviewed-by: Gonglei <arei.gong...@huawei.com> > > Reviewed-by: Michael S. Tsirkin <m...@redhat.com> > > Signed-off-by: Michael S. Tsirkin <m...@redhat.com> > > --- > > include/hw/virtio/virtio-crypto.h | 5 +- > > include/sysemu/cryptodev.h | 83 ++++++-- > > backends/cryptodev-builtin.c | 274 +++++++++++++++++++++---- > > backends/cryptodev-vhost-user.c | 34 +++- > > backends/cryptodev.c | 32 ++- > > hw/virtio/virtio-crypto.c | 319 ++++++++++++++++++++++++------ > > 6 files changed, 605 insertions(+), 142 deletions(-) > > > +static int cryptodev_builtin_set_rsa_options( > > + int virtio_padding_algo, > > + int virtio_hash_algo, > > + QCryptoAkCipherOptionsRSA *opt, > > + Error **errp) > > +{ > > + if (virtio_padding_algo == VIRTIO_CRYPTO_RSA_PKCS1_PADDING) { > > + opt->padding_alg = QCRYPTO_RSA_PADDING_ALG_PKCS1; > > + opt->hash_alg = > > + cryptodev_builtin_get_rsa_hash_algo(virtio_hash_algo, errp); > > + if (opt->hash_alg < 0) { > > + return -1; > > + } > > + return 0; > > + } > > + > > + if (virtio_padding_algo == VIRTIO_CRYPTO_RSA_RAW_PADDING) { > > + opt->padding_alg = QCRYPTO_RSA_PADDING_ALG_RAW; > > + return 0; > > + } > > + > > + error_setg(errp, "Unsupported rsa padding algo: %d", > > virtio_padding_algo); > > + return -1; > > +} > > Build failure: > > ../backends/cryptodev-builtin.c:187:27: error: result of comparison of > unsigned enum expression < 0 is always false > [-Werror,-Wtautological-unsigned-enum-zero-compare] > if (opt->hash_alg < 0) { > ~~~~~~~~~~~~~ ^ ~
I dropped this patch now. New tag: 06cb5c82ebf5fd0f7b3c3de24d650e1259ca6ce4 hw/vhost-user-scsi|blk: set `supports_config` flag correctly -- MST