+error_report("cryptodev: Unexpected sym operation");
> +return -VIRTIO_CRYPTO_NOTSUPP;
> +}
> switch (op_info->op_code) {
> case VIRTIO_CRYPTO_CIPHER_ENCRYPT:
> CryptodevSymStatIncEncrypt(backend, len);
> --
> 2.34.1
>
Reviewed-by: Lei He
Best regards,
Lei He
--
helei.si...@bytedance.com
- Avoid using g_autoptr to free memory that not allocated
in the same function.
- Fix memory-leak when 'virtio_crypto_handle_request' returns
no-zero value.
- When error occurred, always pass negative status to function
'vritio_crypto_req_complete'.
Lei He (2):
cryptodev: av
- Fix memory-leak when 'virtio_crypto_handle_request' returns non-zero
value.
- When error occurred, always pass negative status to function
'virtio_crypto_req_complete'.
Signed-off-by: Lei He
---
hw/virtio/virtio-crypto.c | 9 ++---
1 file changed, 6 insertions(+),
Avoid using g_autoptr to free memory that not allocated in the same
function, just use g_free instead.
Signed-off-by: Lei He
---
hw/virtio/virtio-crypto.c | 16 +---
1 file changed, 9 insertions(+), 7 deletions(-)
diff --git a/hw/virtio/virtio-crypto.c b/hw/virtio/virtio-crypto.c
On 2022/11/2 03:51, Michael S. Tsirkin wrote:
On Tue, Nov 01, 2022 at 06:37:26AM -0400, Michael S. Tsirkin wrote:
On Sat, Oct 08, 2022 at 04:50:27PM +0800, Lei He wrote:
virtio-crypto: Modify the current interface of virtio-crypto
device to support asynchronous mode.
Signed-off-by: lei he
cryptodev: Added a new type of backend named lkcf-backend for
cryptodev. This backend upload asymmetric keys to linux kernel,
and let kernel do the accelerations if possible.
The lkcf stands for Linux Kernel Cryptography Framework.
Signed-off-by: lei he
Reviewed-by: Michael S. Tsirkin
end for cryptodev.
I tested the backend with a QAT card, the qps of RSA-2048-decryption
is about 25k/s, and the main-loop becomes the bottleneck. The qps
using OpenSSL directly is about 6k/s (with 6 vCPUs). We will support
IO-thread for cryptodev in another series later.
Lei He (4):
virtio
crypto: support export RSA private keys with PKCS#8 standard.
So that users can upload this private key to linux kernel.
Signed-off-by: lei he
Reviewed-by: Michael S. Tsirkin
Reviewed-by: Daniel P. Berrangé
---
crypto/akcipher.c | 18 ++
crypto/rsakey.c | 42
Add encoding interfaces for DER encoding:
1. support decoding of 'bit string', 'octet string', 'object id'
and 'context specific tag' for DER encoder.
2. implemented a simple DER encoder.
3. add more testsuits for DER encoder.
Signed-off-by: lei he
Revi
virtio-crypto: Modify the current interface of virtio-crypto
device to support asynchronous mode.
Signed-off-by: lei he
Reviewed-by: Michael S. Tsirkin
---
backends/cryptodev-builtin.c| 69 ++---
backends/cryptodev-vhost-user.c | 51 --
backends/cryptodev.c| 44
On 2022/11/2 03:51, Michael S. Tsirkin wrote:
On Tue, Nov 01, 2022 at 06:37:26AM -0400, Michael S. Tsirkin wrote:
On Sat, Oct 08, 2022 at 04:50:27PM +0800, Lei He wrote:
virtio-crypto: Modify the current interface of virtio-crypto
device to support asynchronous mode.
Signed-off-by: lei he
On 2022/10/8 16:50, Lei He wrote:
v1 --> v2:
- Fix compile errors when neither 'nettle' nor 'gcrypt' are enabled.
- Trivial changes to error codes when neither 'nettle' nor 'gcrypt' are
enabled.
Hi, lei:
Daniel has reviewed the crypto part of th
On 2022/10/7 22:25, Michael S. Tsirkin wrote:
On Mon, Sep 19, 2022 at 11:53:16AM +0800, Lei He wrote:
This patch adds a new backend called LKCF to cryptodev, LKCF stands
for Linux Kernel Cryptography Framework. If a cryptographic
accelerator that supports LKCF is installed on the the host (you
crypto: support export RSA private keys with PKCS#8 standard.
So that users can upload this private key to linux kernel.
Signed-off-by: lei he
---
crypto/akcipher.c | 18 ++
crypto/rsakey.c | 42 ++
crypto/rsakey.h
virtio-crypto: Modify the current interface of virtio-crypto
device to support asynchronous mode.
Signed-off-by: lei he
---
backends/cryptodev-builtin.c| 69 ++---
backends/cryptodev-vhost-user.c | 51 +--
backends/cryptodev.c| 44 +++---
hw/virtio/virtio-crypto.c
cryptodev: Added a new type of backend named lkcf-backend for
cryptodev. This backend upload asymmetric keys to linux kernel,
and let kernel do the accelerations if possible.
The lkcf stands for Linux Kernel Cryptography Framework.
Signed-off-by: lei he
---
backends/cryptodev-lkcf.c | 645
Add encoding interfaces for DER encoding:
1. support decoding of 'bit string', 'octet string', 'object id'
and 'context specific tag' for DER encoder.
2. implemented a simple DER encoder.
3. add more testsuits for DER encoder.
Signed-off-by: lei he
ew backend for cryptodev.
I tested the backend with a QAT card, the qps of RSA-2048-decryption
is about 25k/s, and the main-loop becomes the bottleneck. The qps
using OpenSSL directly is about 6k/s (with 6 vCPUs). We will support
IO-thread for cryptodev in another series later.
Lei He (
On 2022/9/19 11:53, Lei He wrote:
This patch adds a new backend called LKCF to cryptodev, LKCF stands
for Linux Kernel Cryptography Framework. If a cryptographic
accelerator that supports LKCF is installed on the the host (you can
see which algorithms are supported in host's LKCF by exec
crypto: support export RSA private keys with PKCS#8 standard.
So that users can upload this private key to linux kernel.
Signed-off-by: lei he
---
crypto/akcipher.c | 17 +
crypto/rsakey.c | 42 ++
crypto/rsakey.h
cryptodev: Added a new type of backend named lkcf-backend for
cryptodev. This backend upload asymmetric keys to linux kernel,
and let kernel do the accelerations if possible.
The lkcf stands for Linux Kernel Cryptography Framework.
Signed-off-by: lei he
---
backends/cryptodev-lkcf.c | 640
virtio-crypto: Modify the current interface of virtio-crypto
device to support asynchronous mode.
Signed-off-by: lei he
---
backends/cryptodev-builtin.c| 69 ++---
backends/cryptodev-vhost-user.c | 51 +--
backends/cryptodev.c| 44 +++---
hw/virtio/virtio-crypto.c
Add encoding interfaces for DER encoding:
1. support decoding of 'bit string', 'octet string', 'object id'
and 'context specific tag' for DER encoder.
2. implemented a simple DER encoder.
3. add more testsuits for DER encoder.
Signed-off-by: lei he
6 vCPUs). We will support
IO-thread for cryptodev in another series later.
Lei He (4):
virtio-crypto: Support asynchronous mode
crypto: Support DER encodings
crypto: Support export akcipher to pkcs8
cryptodev: Add a lkcf-backend for cryptodev
backends/cryptodev-builtin.c| 69 +++--
virtio-crypto: Modify the current interface of virtio-crypto
device to support asynchronous mode.
Signed-off-by: lei he
---
backends/cryptodev-builtin.c| 69 ++---
backends/cryptodev-vhost-user.c | 51 +--
backends/cryptodev.c| 44 +++---
hw/virtio/virtio-crypto.c
> On Jun 22, 2022, at 5:15 PM, Lei He wrote:
>
> This patch introduced ECDSA algorithm for crypto.
>
> V1 -> V2:
> - The reserved function prefix '_' is no longer used.
> - When parsing ECDSA key: 1) set errp as early as possible,
> 2) use g_autopt
Implement ECDSA algorithm by hogweed and nettle.
Signed-off-by: lei he
Reviewed-by: Daniel P. Berrangé
---
crypto/akcipher-nettle.c.inc | 282 +++
1 file changed, 282 insertions(+)
diff --git a/crypto/akcipher-nettle.c.inc b/crypto/akcipher-nettle.c.inc
Add ECDSA key parser and ECDSA signature parser.
Signed-off-by: lei he
---
crypto/ecdsakey-builtin.c.inc | 248 ++
crypto/ecdsakey.c | 118
crypto/ecdsakey.h | 66 +++
crypto/meson.build
encoding the signature now.
- Minor tweaks to code style and typo fix.
V1:
- make the built-in ASN.1 decoder support more ASN.1 types.
- support ECDSA key and signature parsing.
- implement the ECDSA algorithm using nettle and gcrypt respectively.
Lei He (7):
crypto: Introduce ECDSA algorithm
Introduce ECDSA related structures to qapi-crypto.
Signed-off-by: lei he
Reviewed-by: Philippe Mathieu-Daudé
Reviewed-by: Daniel P. Berrangé
---
qapi/crypto.json | 28 ++--
1 file changed, 26 insertions(+), 2 deletions(-)
diff --git a/qapi/crypto.json b/qapi
Implement ECDSA algorithm by gcrypt
Signed-off-by: lei he
Reviewed-by: Daniel P. Berrangé
---
crypto/akcipher-gcrypt.c.inc | 409 +++
1 file changed, 409 insertions(+)
diff --git a/crypto/akcipher-gcrypt.c.inc b/crypto/akcipher-gcrypt.c.inc
index
1. add test suite for ecdsa algorithm.
2. use qcrypto_akcihper_max_xxx_len to help create buffers in
Signed-off-by: lei he
Reviewed-by: Daniel P. Berrangé
---
tests/unit/test-crypto-akcipher.c | 338 --
1 file changed, 323 insertions(+), 15 deletions
Move 'include "qemu/osdep.h"' from rsakey.h to rsakey.c.
Signed-off-by: lei he
Reviewed-by: Philippe Mathieu-Daudé
Reviewed-by: Daniel P. Berrangé
---
crypto/rsakey.c | 1 +
crypto/rsakey.h | 1 -
2 files changed, 1 insertion(+), 1 deletion(-)
diff --git a/crypto/rsakey
1. support decoding of 'bit string','octet string',
'object id', and 'context specific tag' for DER decoder.
2. support encoding of int and sequence for DER decoder.
3. add test suites for the above changes.
Signed-off-by: lei he
Reviewed-b
Implement ECDSA algorithm by hogweed and nettle.
Signed-off-by: lei he
---
crypto/akcipher-nettle.c.inc | 268 +++
1 file changed, 268 insertions(+)
diff --git a/crypto/akcipher-nettle.c.inc b/crypto/akcipher-nettle.c.inc
index 02699e6e6d..94d6e0b629
1. add test suite for ecdsa algorithm.
2. use qcrypto_akcihper_max_xxx_len to help create buffers in
test code.
Signed-off-by: lei he
---
tests/unit/test-crypto-akcipher.c | 227 +++---
1 file changed, 212 insertions(+), 15 deletions(-)
diff --git a/tests/unit
Move 'include "qemu/osdep.h"' from rsakey.h to rsakey.c.
Signed-off-by: lei he
---
crypto/rsakey.c | 1 +
crypto/rsakey.h | 1 -
2 files changed, 1 insertion(+), 1 deletion(-)
diff --git a/crypto/rsakey.c b/crypto/rsakey.c
index cc40e072f0..dcdbd9ec57 100644
--- a/crypto/r
1. support decoding of 'bit string','octet string',
'object id', and 'context specific tag' for DER decoder.
2. support encoding of int and sequence for DER decoder.
3. add test suites for the above changes.
Signed-off-by: lei he
Add ECDSA key parser and ECDSA signautre parser.
Signed-off-by: lei he
---
crypto/ecdsakey-builtin.c.inc | 248 ++
crypto/ecdsakey.c | 118
crypto/ecdsakey.h | 66 +++
crypto/meson.build
Implement ECDSA algorithm by gcrypt
Signed-off-by: lei he
---
crypto/akcipher-gcrypt.c.inc | 400 +++
1 file changed, 400 insertions(+)
diff --git a/crypto/akcipher-gcrypt.c.inc b/crypto/akcipher-gcrypt.c.inc
index abb1fb272e..24377bbec6 100644
--- a
Introduce ECDSA related structures to qapi-crypto.
Signed-off-by: lei he
---
qapi/crypto.json | 28 ++--
1 file changed, 26 insertions(+), 2 deletions(-)
diff --git a/qapi/crypto.json b/qapi/crypto.json
index 653e6e3f3d..c2fcdaa13a 100644
--- a/qapi/crypto.json
+++ b
This patch introduced ECDSA algorithm for crypto:
1. make the built-in ASN.1 decoder support more ASN.1 types.
2. support ECDSA key and signature parsing.
3. implement the ECDSA algorithm using nettle and gcrypt respectively.
Lei He (7):
crypto: Introduce ECDSA algorithm API
crypto: Support
UB_KEY_ID 0 /tmp/data enc=pkcs1 >/tmp/enc.pub
echo "Dec with priv key..."
keyctl pkey_decrypt $PRIV_KEY_ID 0 /tmp/enc.pub enc=pkcs1 >/tmp/dec
cmp /tmp/data /tmp/dec
echo "Verify with pub key..."
keyctl pkey_verify $PUB_KEY_ID 0 /tmp/data /tmp/sig en
Add unit test and benchmark test for crypto akcipher.
Signed-off-by: lei he
Signed-off-by: zhenwei pi
Reviewed-by: Daniel P. Berrangé
---
crypto/akcipher-nettle.c.inc| 14 +-
tests/bench/benchmark-crypto-akcipher.c | 137 ++
tests/bench/meson.build | 1
Added gcryt implementation of RSA algorithm, RSA algorithm
implemented by gcrypt has a higher priority than nettle because
it supports raw padding.
Signed-off-by: lei he
---
crypto/akcipher-gcrypt.c.inc | 595 +++
crypto/akcipher.c| 4 +-
2
As Daniel suggested, Add tests suite for rsakey, as a way to prove
that we can handle DER errors correctly.
Signed-off-by: lei he
Reviewed-by: Daniel P. Berrangé
---
tests/unit/test-crypto-akcipher.c | 285 +-
1 file changed, 282 insertions(+), 3 deletions
Add an ANS.1 DER decoder which is used to parse asymmetric
cipher keys
Signed-off-by: zhenwei pi
Signed-off-by: lei he
---
crypto/der.c | 189
crypto/der.h | 81
crypto/meson.build | 1 +
tests/unit
Implement RSA algorithm by hogweed from nettle. Thus QEMU supports
a 'real' RSA backend to handle request from guest side. It's
important to test RSA offload case without OS & hardware requirement.
Signed-off-by: lei he
Signed-off-by: zhenwei pi
---
crypto/akcipher
Introduce akcipher types, also include RSA related types.
Reviewed-by: Daniel P. Berrangé
Signed-off-by: Lei He
Signed-off-by: zhenwei pi
---
qapi/crypto.json | 64
1 file changed, 64 insertions(+)
diff --git a/qapi/crypto.json b/qapi
From: zhenwei pi
Update header from linux, support akcipher service.
Reviewed-by: Daniel P. Berrangé
Reviewed-by: Gonglei
Signed-off-by: lei he
Signed-off-by: zhenwei pi
---
include/standard-headers/linux/virtio_crypto.h | 82 +-
1 file changed, 81 insertions(+), 1
- Introduce akcipher class.
- Introduce ASN1 decoder into QEMU.
- Implement RSA backend by nettle/hogweed.
Lei He (6):
qapi: crypto-akcipher: Introduce akcipher types to qapi
crypto: add ASN.1 DER decoder
crypto: Implement RSA algorithm by hogweed
crypto: Implement RSA algorithm by gcrypt
From: zhenwei pi
Introduce new akcipher crypto class 'QCryptoAkCIpher', which supports
basic asymmetric operations: encrypt, decrypt, sign and verify.
Suggested by Daniel P. Berrangé, also add autoptr cleanup for the new
class. Thanks to Daniel!
Co-developed-by: lei he
Signed-off-
g_date_time_new_now_utc() instead, and add a check for NULL result.
Signed-off-by: Lei He
---
util/error-report.c | 11 ---
1 file changed, 8 insertions(+), 3 deletions(-)
diff --git a/util/error-report.c b/util/error-report.c
index dbadaf206d..d3c150661d 100644
--- a/util/error-report.c
+++ b/util
53 matches
Mail list logo
