* [Qemu-devel] [PATCH v6 00/18] crypto: add afalg-backend support
@ 2017-07-14 18:03 longpeng.mike
2017-07-14 18:03 ` [Qemu-devel] [PATCH v6 01/18] crypto: cipher: introduce context free function longpeng.mike
` (18 more replies)
0 siblings, 19 replies; 21+ messages in thread
From: longpeng.mike @ 2017-07-14 18:03 UTC (permalink / raw)
To: berrange; +Cc: qemu-devel, arei.gonglei, weidong.huang, Longpeng(Mike)
From: "Longpeng(Mike)" <longpeng2@huawei.com>
The AF_ALG socket family is the userspace interface for linux
crypto API, users can use it to access hardware accelerators.
This patchset adds a afalg-backend for qemu crypto subsystem. QEMU
would try to use afalg-backend first if configures '--enable-crypto
-afalg' and hostos support AF_ALG.
I measured the performance about the afalg-backend impls, I tested
how many data could be encrypted in 5 seconds.
NOTE: In some scenarios library-backend using CPU insns for crypto
would be faster.
test-environment: Intel(R) Core(TM) i5-6500 CPU @ 3.20GHz
*sha256*
chunk_size(bytes) MB/sec(afalg:sha256-ssse3) MB/sec(nettle)
512 93.03 185.87
1024 146.32 201.78
2048 213.32 210.93
4096 275.48 215.26
8192 321.77 217.49
16384 349.60 219.26
32768 363.59 219.73
65536 375.79 219.99
*hmac(sha256)*
chunk_size(bytes) MB/sec(afalg:sha256-ssse3) MB/sec(nettle)
512 71.26 165.55
1024 117.43 189.15
2048 180.96 203.24
4096 247.60 211.38
8192 301.99 215.65
16384 340.79 218.22
32768 365.51 219.49
65536 377.92 220.24
*cbc(aes128)*
chunk_size(bytes) MB/sec(afalg:cbc-aes-aesni) MB/sec(nettle)
512 371.76 188.41
1024 559.86 189.64
2048 768.66 192.11
4096 939.15 192.40
8192 1029.48 192.49
16384 1072.79 190.52
32768 1109.38 190.41
65536 1102.38 190.40
---
Changes since v5:
- use afalg-backend first only when configured with
'--enable-crypto-afalg' and AF_ALG is supportted.
[Daniel]
Changes since v4:
- remove 'name' field in 'struct CryptoAFAlg'. [Daniel]
- add error handling for read() returning less than requested. [Daniel]
- use iov_send_recv to recv msg in hash-afalg.c. [Daniel]
- refactor hmac benchmark as suggestion. [Daniel]
Changes since v3:
- add "Reviewed-by: Daniel P. Berrange <address@hidden>" in
commit messages of PATCH 1/2/3/4/5/7/8/9/10/11.
- PATCH 12: use strlen() instead of qemu_strnlen() in
qcrypto_afalg_build_saddr(). [Daniel]
- PATCH 12: rather than indenting the entire method, just return immediately
if afalg=NULL. [Daniel]
- PATCH 13: use g_strdup_printf() instead of g_new0+snprintf() and remove
redundant bounds check in qcrypto_afalg_cipher_format_name().
[Daniel]
- PATCH 13: s/except_niv/expect_niv s/origin_contorllen/origin_controllen.
[Daniel]
- PATCH 13: use '%zu' to print 'size_t' in qcrypto_afalg_cipher_setiv().
[Daniel]
- PATCH 13: remove qcrypto_cipher_using_afalg_drv(). [Daniel]
- PATCH 13: refactor the qcrypto_cipher_new() as Daniel's suggestion.
[Daniel]
- PATCH 13: correct the ->cmsg initialization int
qcrypto_afalg_cipher_ctx_new() to
avoid different behaviour in test_cipher_null_iv(). [Daniel]
- PATCH 14: use g_strdup_printf() instead of g_new0+snprintf() and remove
edundant bounds check in qcrypto_afalg_hash_format_name().
[Daniel]
- PATCH 14: s/except_len/expect_len. [Daniel]
- PATCH 14: free 'errp' if afalg_driver.hash_bytesv() failed. [Daniel]
- PATCH 14: maybe some afalg errors should be treated as fatal, but we
have no idea yet, so add a "TODO" comment.
- PATCH 15: refactor the qcrypto_hmac_new() as Daniel's suggestion. [Daniel]
Changes since v2:
- init sockaddr_alg object when it's defined. [Gonglei]
- fix some superfluous initialization. [Gonglei]
- s/opeartion/operation/g in crypto/afalgpriv.h. [Gonglei]
- check 'niv' in qcrypto_afalg_cipher_setiv. [Gonglei]
Changes since v1:
- use "make check-speed" to testing the performance. [Daniel]
- put private definations into crypto/***priv.h. [Daniel]
- remove afalg socket from qapi-schema, put them into crypto/. [Daniel]
- some Error report change. [Daniel]
- s/QCryptoAfalg/QCryptoAFAlg. [Daniel]
- use snprintf with bounds checking instead of sprintf. [Daniel]
- use "qcrypto_afalg_" prefix and "qcrypto_nettle(gcrypt,glib,builtin)_"
prefix. [Daniel]
- add testing results in cover-letter. [Gonglei]
---
Longpeng(Mike) (18):
crypto: cipher: introduce context free function
crypto: cipher: introduce qcrypto_cipher_ctx_new for gcrypt-backend
crypto: cipher: introduce qcrypto_cipher_ctx_new for nettle-backend
crypto: cipher: introduce qcrypto_cipher_ctx_new for builtin-backend
crypto: cipher: add cipher driver framework
crypto: hash: add hash driver framework
crypto: hmac: move crypto/hmac.h into include/crypto/
crypto: hmac: introduce qcrypto_hmac_ctx_new for gcrypt-backend
crypto: hmac: introduce qcrypto_hmac_ctx_new for nettle-backend
crypto: hmac: introduce qcrypto_hmac_ctx_new for glib-backend
crypto: hmac: add hmac driver framework
crypto: introduce some common functions for af_alg backend
crypto: cipher: add afalg-backend cipher support
crypto: hash: add afalg-backend hash support
crypto: hmac: add af_alg-backend hmac support
tests: crypto: add cipher speed benchmark support
tests: crypto: add hash speed benchmark support
tests: crypto: add hmac speed benchmark support
configure | 30 ++++++
crypto/Makefile.objs | 3 +
crypto/afalg.c | 116 +++++++++++++++++++++
crypto/afalgpriv.h | 64 ++++++++++++
crypto/cipher-afalg.c | 226 ++++++++++++++++++++++++++++++++++++++++
crypto/cipher-builtin.c | 125 +++++++++++-----------
crypto/cipher-gcrypt.c | 105 ++++++++++---------
crypto/cipher-nettle.c | 84 ++++++++-------
crypto/cipher.c | 80 ++++++++++++++
crypto/cipherpriv.h | 56 ++++++++++
crypto/hash-afalg.c | 214 +++++++++++++++++++++++++++++++++++++
crypto/hash-gcrypt.c | 19 ++--
crypto/hash-glib.c | 19 ++--
crypto/hash-nettle.c | 19 ++--
crypto/hash.c | 30 ++++++
crypto/hashpriv.h | 39 +++++++
crypto/hmac-gcrypt.c | 42 ++++----
crypto/hmac-glib.c | 63 ++++++-----
crypto/hmac-nettle.c | 42 ++++----
crypto/hmac.c | 58 +++++++++++
crypto/hmac.h | 166 -----------------------------
crypto/hmacpriv.h | 48 +++++++++
include/crypto/cipher.h | 1 +
include/crypto/hmac.h | 167 +++++++++++++++++++++++++++++
tests/Makefile.include | 13 ++-
tests/benchmark-crypto-cipher.c | 88 ++++++++++++++++
tests/benchmark-crypto-hash.c | 67 ++++++++++++
tests/benchmark-crypto-hmac.c | 82 +++++++++++++++
28 files changed, 1655 insertions(+), 411 deletions(-)
create mode 100644 crypto/afalg.c
create mode 100644 crypto/afalgpriv.h
create mode 100644 crypto/cipher-afalg.c
create mode 100644 crypto/cipherpriv.h
create mode 100644 crypto/hash-afalg.c
create mode 100644 crypto/hashpriv.h
delete mode 100644 crypto/hmac.h
create mode 100644 crypto/hmacpriv.h
create mode 100644 include/crypto/hmac.h
create mode 100644 tests/benchmark-crypto-cipher.c
create mode 100644 tests/benchmark-crypto-hash.c
create mode 100644 tests/benchmark-crypto-hmac.c
--
1.8.3.1
^ permalink raw reply [flat|nested] 21+ messages in thread
* [Qemu-devel] [PATCH v6 01/18] crypto: cipher: introduce context free function
2017-07-14 18:03 [Qemu-devel] [PATCH v6 00/18] crypto: add afalg-backend support longpeng.mike
@ 2017-07-14 18:03 ` longpeng.mike
2017-07-14 18:03 ` [Qemu-devel] [PATCH v6 02/18] crypto: cipher: introduce qcrypto_cipher_ctx_new for gcrypt-backend longpeng.mike
` (17 subsequent siblings)
18 siblings, 0 replies; 21+ messages in thread
From: longpeng.mike @ 2017-07-14 18:03 UTC (permalink / raw)
To: berrange; +Cc: qemu-devel, arei.gonglei, weidong.huang, Longpeng(Mike)
From: "Longpeng(Mike)" <longpeng2@huawei.com>
Refactors the qcrypto_cipher_free(), splits it into two parts. One
is gcrypt/nettle__cipher_free_ctx() to free the special context.
This makes code more clear, what's more, it would be used by the
later patch.
Reviewed-by: Daniel P. Berrange <berrange@redhat.com>
Reviewed-by: Gonglei <arei.gonglei@huawei.com>
Signed-off-by: Longpeng(Mike) <longpeng2@huawei.com>
---
crypto/cipher-gcrypt.c | 31 ++++++++++++++++++-------------
crypto/cipher-nettle.c | 18 ++++++++++++++----
2 files changed, 32 insertions(+), 17 deletions(-)
diff --git a/crypto/cipher-gcrypt.c b/crypto/cipher-gcrypt.c
index 6487eca..0ecffa2 100644
--- a/crypto/cipher-gcrypt.c
+++ b/crypto/cipher-gcrypt.c
@@ -64,6 +64,22 @@ struct QCryptoCipherGcrypt {
uint8_t *iv;
};
+static void gcrypt_cipher_free_ctx(QCryptoCipherGcrypt *ctx,
+ QCryptoCipherMode mode)
+{
+ if (!ctx) {
+ return;
+ }
+
+ gcry_cipher_close(ctx->handle);
+ if (mode == QCRYPTO_CIPHER_MODE_XTS) {
+ gcry_cipher_close(ctx->tweakhandle);
+ }
+ g_free(ctx->iv);
+ g_free(ctx);
+}
+
+
QCryptoCipher *qcrypto_cipher_new(QCryptoCipherAlgorithm alg,
QCryptoCipherMode mode,
const uint8_t *key, size_t nkey,
@@ -228,11 +244,7 @@ QCryptoCipher *qcrypto_cipher_new(QCryptoCipherAlgorithm alg,
return cipher;
error:
- gcry_cipher_close(ctx->handle);
- if (cipher->mode == QCRYPTO_CIPHER_MODE_XTS) {
- gcry_cipher_close(ctx->tweakhandle);
- }
- g_free(ctx);
+ gcrypt_cipher_free_ctx(ctx, mode);
g_free(cipher);
return NULL;
}
@@ -240,17 +252,10 @@ QCryptoCipher *qcrypto_cipher_new(QCryptoCipherAlgorithm alg,
void qcrypto_cipher_free(QCryptoCipher *cipher)
{
- QCryptoCipherGcrypt *ctx;
if (!cipher) {
return;
}
- ctx = cipher->opaque;
- gcry_cipher_close(ctx->handle);
- if (cipher->mode == QCRYPTO_CIPHER_MODE_XTS) {
- gcry_cipher_close(ctx->tweakhandle);
- }
- g_free(ctx->iv);
- g_free(ctx);
+ gcrypt_cipher_free_ctx(cipher->opaque, cipher->mode);
g_free(cipher);
}
diff --git a/crypto/cipher-nettle.c b/crypto/cipher-nettle.c
index dfc9030..e04e3a1 100644
--- a/crypto/cipher-nettle.c
+++ b/crypto/cipher-nettle.c
@@ -249,6 +249,19 @@ bool qcrypto_cipher_supports(QCryptoCipherAlgorithm alg,
}
+static void nettle_cipher_free_ctx(QCryptoCipherNettle *ctx)
+{
+ if (!ctx) {
+ return;
+ }
+
+ g_free(ctx->iv);
+ g_free(ctx->ctx);
+ g_free(ctx->ctx_tweak);
+ g_free(ctx);
+}
+
+
QCryptoCipher *qcrypto_cipher_new(QCryptoCipherAlgorithm alg,
QCryptoCipherMode mode,
const uint8_t *key, size_t nkey,
@@ -440,10 +453,7 @@ void qcrypto_cipher_free(QCryptoCipher *cipher)
}
ctx = cipher->opaque;
- g_free(ctx->iv);
- g_free(ctx->ctx);
- g_free(ctx->ctx_tweak);
- g_free(ctx);
+ nettle_cipher_free_ctx(ctx);
g_free(cipher);
}
--
1.8.3.1
^ permalink raw reply related [flat|nested] 21+ messages in thread
* [Qemu-devel] [PATCH v6 02/18] crypto: cipher: introduce qcrypto_cipher_ctx_new for gcrypt-backend
2017-07-14 18:03 [Qemu-devel] [PATCH v6 00/18] crypto: add afalg-backend support longpeng.mike
2017-07-14 18:03 ` [Qemu-devel] [PATCH v6 01/18] crypto: cipher: introduce context free function longpeng.mike
@ 2017-07-14 18:03 ` longpeng.mike
2017-07-14 18:03 ` [Qemu-devel] [PATCH v6 03/18] crypto: cipher: introduce qcrypto_cipher_ctx_new for nettle-backend longpeng.mike
` (16 subsequent siblings)
18 siblings, 0 replies; 21+ messages in thread
From: longpeng.mike @ 2017-07-14 18:03 UTC (permalink / raw)
To: berrange; +Cc: qemu-devel, arei.gonglei, weidong.huang, Longpeng(Mike)
From: "Longpeng(Mike)" <longpeng2@huawei.com>
Extracts qcrypto_cipher_ctx_new() from qcrypto_cipher_new() for
gcrypt-backend impls.
Reviewed-by: Daniel P. Berrange <berrange@redhat.com>
Reviewed-by: Gonglei <arei.gonglei@huawei.com>
Signed-off-by: Longpeng(Mike) <longpeng2@huawei.com>
---
crypto/cipher-gcrypt.c | 50 +++++++++++++++++++++++++++++++++-----------------
1 file changed, 33 insertions(+), 17 deletions(-)
diff --git a/crypto/cipher-gcrypt.c b/crypto/cipher-gcrypt.c
index 0ecffa2..4939386 100644
--- a/crypto/cipher-gcrypt.c
+++ b/crypto/cipher-gcrypt.c
@@ -80,12 +80,12 @@ static void gcrypt_cipher_free_ctx(QCryptoCipherGcrypt *ctx,
}
-QCryptoCipher *qcrypto_cipher_new(QCryptoCipherAlgorithm alg,
- QCryptoCipherMode mode,
- const uint8_t *key, size_t nkey,
- Error **errp)
+static QCryptoCipherGcrypt *qcrypto_cipher_ctx_new(QCryptoCipherAlgorithm alg,
+ QCryptoCipherMode mode,
+ const uint8_t *key,
+ size_t nkey,
+ Error **errp)
{
- QCryptoCipher *cipher;
QCryptoCipherGcrypt *ctx;
gcry_error_t err;
int gcryalg, gcrymode;
@@ -162,10 +162,6 @@ QCryptoCipher *qcrypto_cipher_new(QCryptoCipherAlgorithm alg,
return NULL;
}
- cipher = g_new0(QCryptoCipher, 1);
- cipher->alg = alg;
- cipher->mode = mode;
-
ctx = g_new0(QCryptoCipherGcrypt, 1);
err = gcry_cipher_open(&ctx->handle, gcryalg, gcrymode, 0);
@@ -174,7 +170,7 @@ QCryptoCipher *qcrypto_cipher_new(QCryptoCipherAlgorithm alg,
gcry_strerror(err));
goto error;
}
- if (cipher->mode == QCRYPTO_CIPHER_MODE_XTS) {
+ if (mode == QCRYPTO_CIPHER_MODE_XTS) {
err = gcry_cipher_open(&ctx->tweakhandle, gcryalg, gcrymode, 0);
if (err != 0) {
error_setg(errp, "Cannot initialize cipher: %s",
@@ -183,7 +179,7 @@ QCryptoCipher *qcrypto_cipher_new(QCryptoCipherAlgorithm alg,
}
}
- if (cipher->alg == QCRYPTO_CIPHER_ALG_DES_RFB) {
+ if (alg == QCRYPTO_CIPHER_ALG_DES_RFB) {
/* We're using standard DES cipher from gcrypt, so we need
* to munge the key so that the results are the same as the
* bizarre RFB variant of DES :-)
@@ -193,7 +189,7 @@ QCryptoCipher *qcrypto_cipher_new(QCryptoCipherAlgorithm alg,
g_free(rfbkey);
ctx->blocksize = 8;
} else {
- if (cipher->mode == QCRYPTO_CIPHER_MODE_XTS) {
+ if (mode == QCRYPTO_CIPHER_MODE_XTS) {
nkey /= 2;
err = gcry_cipher_setkey(ctx->handle, key, nkey);
if (err != 0) {
@@ -210,7 +206,7 @@ QCryptoCipher *qcrypto_cipher_new(QCryptoCipherAlgorithm alg,
gcry_strerror(err));
goto error;
}
- switch (cipher->alg) {
+ switch (alg) {
case QCRYPTO_CIPHER_ALG_AES_128:
case QCRYPTO_CIPHER_ALG_AES_192:
case QCRYPTO_CIPHER_ALG_AES_256:
@@ -230,7 +226,7 @@ QCryptoCipher *qcrypto_cipher_new(QCryptoCipherAlgorithm alg,
}
}
- if (cipher->mode == QCRYPTO_CIPHER_MODE_XTS) {
+ if (mode == QCRYPTO_CIPHER_MODE_XTS) {
if (ctx->blocksize != XTS_BLOCK_SIZE) {
error_setg(errp,
"Cipher block size %zu must equal XTS block size %d",
@@ -240,12 +236,10 @@ QCryptoCipher *qcrypto_cipher_new(QCryptoCipherAlgorithm alg,
ctx->iv = g_new0(uint8_t, ctx->blocksize);
}
- cipher->opaque = ctx;
- return cipher;
+ return ctx;
error:
gcrypt_cipher_free_ctx(ctx, mode);
- g_free(cipher);
return NULL;
}
@@ -385,3 +379,25 @@ int qcrypto_cipher_setiv(QCryptoCipher *cipher,
return 0;
}
+
+
+QCryptoCipher *qcrypto_cipher_new(QCryptoCipherAlgorithm alg,
+ QCryptoCipherMode mode,
+ const uint8_t *key, size_t nkey,
+ Error **errp)
+{
+ QCryptoCipher *cipher;
+ QCryptoCipherGcrypt *ctx;
+
+ ctx = qcrypto_cipher_ctx_new(alg, mode, key, nkey, errp);
+ if (!ctx) {
+ return NULL;
+ }
+
+ cipher = g_new0(QCryptoCipher, 1);
+ cipher->alg = alg;
+ cipher->mode = mode;
+ cipher->opaque = ctx;
+
+ return cipher;
+}
--
1.8.3.1
^ permalink raw reply related [flat|nested] 21+ messages in thread
* [Qemu-devel] [PATCH v6 03/18] crypto: cipher: introduce qcrypto_cipher_ctx_new for nettle-backend
2017-07-14 18:03 [Qemu-devel] [PATCH v6 00/18] crypto: add afalg-backend support longpeng.mike
2017-07-14 18:03 ` [Qemu-devel] [PATCH v6 01/18] crypto: cipher: introduce context free function longpeng.mike
2017-07-14 18:03 ` [Qemu-devel] [PATCH v6 02/18] crypto: cipher: introduce qcrypto_cipher_ctx_new for gcrypt-backend longpeng.mike
@ 2017-07-14 18:03 ` longpeng.mike
2017-07-14 18:03 ` [Qemu-devel] [PATCH v6 04/18] crypto: cipher: introduce qcrypto_cipher_ctx_new for builtin-backend longpeng.mike
` (15 subsequent siblings)
18 siblings, 0 replies; 21+ messages in thread
From: longpeng.mike @ 2017-07-14 18:03 UTC (permalink / raw)
To: berrange; +Cc: qemu-devel, arei.gonglei, weidong.huang, Longpeng(Mike)
From: "Longpeng(Mike)" <longpeng2@huawei.com>
Extracts qcrypto_cipher_ctx_new() from qcrypto_cipher_new() for
nettle-backend impls.
Reviewed-by: Daniel P. Berrange <berrange@redhat.com>
Reviewed-by: Gonglei <arei.gonglei@huawei.com>
Signed-off-by: Longpeng(Mike) <longpeng2@huawei.com>
---
crypto/cipher-nettle.c | 41 +++++++++++++++++++++++++++++------------
1 file changed, 29 insertions(+), 12 deletions(-)
diff --git a/crypto/cipher-nettle.c b/crypto/cipher-nettle.c
index e04e3a1..e6d6e6c 100644
--- a/crypto/cipher-nettle.c
+++ b/crypto/cipher-nettle.c
@@ -262,12 +262,12 @@ static void nettle_cipher_free_ctx(QCryptoCipherNettle *ctx)
}
-QCryptoCipher *qcrypto_cipher_new(QCryptoCipherAlgorithm alg,
- QCryptoCipherMode mode,
- const uint8_t *key, size_t nkey,
- Error **errp)
+static QCryptoCipherNettle *qcrypto_cipher_ctx_new(QCryptoCipherAlgorithm alg,
+ QCryptoCipherMode mode,
+ const uint8_t *key,
+ size_t nkey,
+ Error **errp)
{
- QCryptoCipher *cipher;
QCryptoCipherNettle *ctx;
uint8_t *rfbkey;
@@ -287,12 +287,7 @@ QCryptoCipher *qcrypto_cipher_new(QCryptoCipherAlgorithm alg,
return NULL;
}
- cipher = g_new0(QCryptoCipher, 1);
- cipher->alg = alg;
- cipher->mode = mode;
-
ctx = g_new0(QCryptoCipherNettle, 1);
- cipher->opaque = ctx;
switch (alg) {
case QCRYPTO_CIPHER_ALG_DES_RFB:
@@ -436,10 +431,10 @@ QCryptoCipher *qcrypto_cipher_new(QCryptoCipherAlgorithm alg,
ctx->iv = g_new0(uint8_t, ctx->blocksize);
- return cipher;
+ return ctx;
error:
- qcrypto_cipher_free(cipher);
+ nettle_cipher_free_ctx(ctx);
return NULL;
}
@@ -561,3 +556,25 @@ int qcrypto_cipher_setiv(QCryptoCipher *cipher,
memcpy(ctx->iv, iv, niv);
return 0;
}
+
+
+QCryptoCipher *qcrypto_cipher_new(QCryptoCipherAlgorithm alg,
+ QCryptoCipherMode mode,
+ const uint8_t *key, size_t nkey,
+ Error **errp)
+{
+ QCryptoCipher *cipher;
+ QCryptoCipherNettle *ctx;
+
+ ctx = qcrypto_cipher_ctx_new(alg, mode, key, nkey, errp);
+ if (!ctx) {
+ return NULL;
+ }
+
+ cipher = g_new0(QCryptoCipher, 1);
+ cipher->alg = alg;
+ cipher->mode = mode;
+ cipher->opaque = ctx;
+
+ return cipher;
+}
--
1.8.3.1
^ permalink raw reply related [flat|nested] 21+ messages in thread
* [Qemu-devel] [PATCH v6 04/18] crypto: cipher: introduce qcrypto_cipher_ctx_new for builtin-backend
2017-07-14 18:03 [Qemu-devel] [PATCH v6 00/18] crypto: add afalg-backend support longpeng.mike
` (2 preceding siblings ...)
2017-07-14 18:03 ` [Qemu-devel] [PATCH v6 03/18] crypto: cipher: introduce qcrypto_cipher_ctx_new for nettle-backend longpeng.mike
@ 2017-07-14 18:03 ` longpeng.mike
2017-07-14 18:03 ` [Qemu-devel] [PATCH v6 05/18] crypto: cipher: add cipher driver framework longpeng.mike
` (14 subsequent siblings)
18 siblings, 0 replies; 21+ messages in thread
From: longpeng.mike @ 2017-07-14 18:03 UTC (permalink / raw)
To: berrange; +Cc: qemu-devel, arei.gonglei, weidong.huang, Longpeng(Mike)
From: "Longpeng(Mike)" <longpeng2@huawei.com>
Extracts qcrypto_cipher_ctx_new() from qcrypto_cipher_new() for
builtin-backend impls.
Reviewed-by: Daniel P. Berrange <berrange@redhat.com>
Reviewed-by: Gonglei <arei.gonglei@huawei.com>
Signed-off-by: Longpeng(Mike) <longpeng2@huawei.com>
---
crypto/cipher-builtin.c | 101 ++++++++++++++++++++++++++----------------------
1 file changed, 55 insertions(+), 46 deletions(-)
diff --git a/crypto/cipher-builtin.c b/crypto/cipher-builtin.c
index b4bc2b9..4ecd15e 100644
--- a/crypto/cipher-builtin.c
+++ b/crypto/cipher-builtin.c
@@ -235,23 +235,24 @@ static int qcrypto_cipher_setiv_aes(QCryptoCipher *cipher,
-static int qcrypto_cipher_init_aes(QCryptoCipher *cipher,
- const uint8_t *key, size_t nkey,
- Error **errp)
+static QCryptoCipherBuiltin *
+qcrypto_cipher_init_aes(QCryptoCipherMode mode,
+ const uint8_t *key, size_t nkey,
+ Error **errp)
{
QCryptoCipherBuiltin *ctxt;
- if (cipher->mode != QCRYPTO_CIPHER_MODE_CBC &&
- cipher->mode != QCRYPTO_CIPHER_MODE_ECB &&
- cipher->mode != QCRYPTO_CIPHER_MODE_XTS) {
+ if (mode != QCRYPTO_CIPHER_MODE_CBC &&
+ mode != QCRYPTO_CIPHER_MODE_ECB &&
+ mode != QCRYPTO_CIPHER_MODE_XTS) {
error_setg(errp, "Unsupported cipher mode %s",
- QCryptoCipherMode_lookup[cipher->mode]);
- return -1;
+ QCryptoCipherMode_lookup[mode]);
+ return NULL;
}
ctxt = g_new0(QCryptoCipherBuiltin, 1);
- if (cipher->mode == QCRYPTO_CIPHER_MODE_XTS) {
+ if (mode == QCRYPTO_CIPHER_MODE_XTS) {
if (AES_set_encrypt_key(key, nkey * 4, &ctxt->state.aes.key.enc) != 0) {
error_setg(errp, "Failed to set encryption key");
goto error;
@@ -291,13 +292,11 @@ static int qcrypto_cipher_init_aes(QCryptoCipher *cipher,
ctxt->encrypt = qcrypto_cipher_encrypt_aes;
ctxt->decrypt = qcrypto_cipher_decrypt_aes;
- cipher->opaque = ctxt;
-
- return 0;
+ return ctxt;
error:
g_free(ctxt);
- return -1;
+ return NULL;
}
@@ -370,16 +369,17 @@ static int qcrypto_cipher_setiv_des_rfb(QCryptoCipher *cipher,
}
-static int qcrypto_cipher_init_des_rfb(QCryptoCipher *cipher,
- const uint8_t *key, size_t nkey,
- Error **errp)
+static QCryptoCipherBuiltin *
+qcrypto_cipher_init_des_rfb(QCryptoCipherMode mode,
+ const uint8_t *key, size_t nkey,
+ Error **errp)
{
QCryptoCipherBuiltin *ctxt;
- if (cipher->mode != QCRYPTO_CIPHER_MODE_ECB) {
+ if (mode != QCRYPTO_CIPHER_MODE_ECB) {
error_setg(errp, "Unsupported cipher mode %s",
- QCryptoCipherMode_lookup[cipher->mode]);
- return -1;
+ QCryptoCipherMode_lookup[mode]);
+ return NULL;
}
ctxt = g_new0(QCryptoCipherBuiltin, 1);
@@ -394,9 +394,7 @@ static int qcrypto_cipher_init_des_rfb(QCryptoCipher *cipher,
ctxt->encrypt = qcrypto_cipher_encrypt_des_rfb;
ctxt->decrypt = qcrypto_cipher_decrypt_des_rfb;
- cipher->opaque = ctxt;
-
- return 0;
+ return ctxt;
}
@@ -426,12 +424,13 @@ bool qcrypto_cipher_supports(QCryptoCipherAlgorithm alg,
}
-QCryptoCipher *qcrypto_cipher_new(QCryptoCipherAlgorithm alg,
- QCryptoCipherMode mode,
- const uint8_t *key, size_t nkey,
- Error **errp)
+static QCryptoCipherBuiltin *qcrypto_cipher_ctx_new(QCryptoCipherAlgorithm alg,
+ QCryptoCipherMode mode,
+ const uint8_t *key,
+ size_t nkey,
+ Error **errp)
{
- QCryptoCipher *cipher;
+ QCryptoCipherBuiltin *ctxt;
switch (mode) {
case QCRYPTO_CIPHER_MODE_ECB:
@@ -444,39 +443,27 @@ QCryptoCipher *qcrypto_cipher_new(QCryptoCipherAlgorithm alg,
return NULL;
}
- cipher = g_new0(QCryptoCipher, 1);
- cipher->alg = alg;
- cipher->mode = mode;
-
if (!qcrypto_cipher_validate_key_length(alg, mode, nkey, errp)) {
- goto error;
+ return NULL;
}
- switch (cipher->alg) {
+ switch (alg) {
case QCRYPTO_CIPHER_ALG_DES_RFB:
- if (qcrypto_cipher_init_des_rfb(cipher, key, nkey, errp) < 0) {
- goto error;
- }
+ ctxt = qcrypto_cipher_init_des_rfb(mode, key, nkey, errp);
break;
case QCRYPTO_CIPHER_ALG_AES_128:
case QCRYPTO_CIPHER_ALG_AES_192:
case QCRYPTO_CIPHER_ALG_AES_256:
- if (qcrypto_cipher_init_aes(cipher, key, nkey, errp) < 0) {
- goto error;
- }
+ ctxt = qcrypto_cipher_init_aes(mode, key, nkey, errp);
break;
default:
error_setg(errp,
"Unsupported cipher algorithm %s",
- QCryptoCipherAlgorithm_lookup[cipher->alg]);
- goto error;
+ QCryptoCipherAlgorithm_lookup[alg]);
+ return NULL;
}
- return cipher;
-
- error:
- g_free(cipher);
- return NULL;
+ return ctxt;
}
void qcrypto_cipher_free(QCryptoCipher *cipher)
@@ -537,3 +524,25 @@ int qcrypto_cipher_setiv(QCryptoCipher *cipher,
return ctxt->setiv(cipher, iv, niv, errp);
}
+
+
+QCryptoCipher *qcrypto_cipher_new(QCryptoCipherAlgorithm alg,
+ QCryptoCipherMode mode,
+ const uint8_t *key, size_t nkey,
+ Error **errp)
+{
+ QCryptoCipher *cipher;
+ QCryptoCipherBuiltin *ctxt;
+
+ ctxt = qcrypto_cipher_ctx_new(alg, mode, key, nkey, errp);
+ if (!ctxt) {
+ return NULL;
+ }
+
+ cipher = g_new0(QCryptoCipher, 1);
+ cipher->alg = alg;
+ cipher->mode = mode;
+ cipher->opaque = ctxt;
+
+ return cipher;
+}
--
1.8.3.1
^ permalink raw reply related [flat|nested] 21+ messages in thread
* [Qemu-devel] [PATCH v6 05/18] crypto: cipher: add cipher driver framework
2017-07-14 18:03 [Qemu-devel] [PATCH v6 00/18] crypto: add afalg-backend support longpeng.mike
` (3 preceding siblings ...)
2017-07-14 18:03 ` [Qemu-devel] [PATCH v6 04/18] crypto: cipher: introduce qcrypto_cipher_ctx_new for builtin-backend longpeng.mike
@ 2017-07-14 18:03 ` longpeng.mike
2017-07-14 18:03 ` [Qemu-devel] [PATCH v6 06/18] crypto: hash: add hash " longpeng.mike
` (13 subsequent siblings)
18 siblings, 0 replies; 21+ messages in thread
From: longpeng.mike @ 2017-07-14 18:03 UTC (permalink / raw)
To: berrange; +Cc: qemu-devel, arei.gonglei, weidong.huang, Longpeng(Mike)
From: "Longpeng(Mike)" <longpeng2@huawei.com>
1) makes the public APIs in cipher-nettle/gcrypt/builtin static,
and rename them with "nettle/gcrypt/builtin" prefix.
2) introduces cipher framework, including QCryptoCipherDriver
and new public APIs.
Reviewed-by: Daniel P. Berrange <berrange@redhat.com>
Reviewed-by: Gonglei <arei.gonglei@huawei.com>
Signed-off-by: Longpeng(Mike) <longpeng2@huawei.com>
---
crypto/cipher-builtin.c | 64 +++++++++++++++++--------------------------
crypto/cipher-gcrypt.c | 72 +++++++++++++++++++++----------------------------
crypto/cipher-nettle.c | 71 ++++++++++++++++++++----------------------------
crypto/cipher.c | 65 ++++++++++++++++++++++++++++++++++++++++++++
crypto/cipherpriv.h | 40 +++++++++++++++++++++++++++
include/crypto/cipher.h | 1 +
6 files changed, 190 insertions(+), 123 deletions(-)
create mode 100644 crypto/cipherpriv.h
diff --git a/crypto/cipher-builtin.c b/crypto/cipher-builtin.c
index 4ecd15e..16a36d4 100644
--- a/crypto/cipher-builtin.c
+++ b/crypto/cipher-builtin.c
@@ -22,6 +22,7 @@
#include "crypto/aes.h"
#include "crypto/desrfb.h"
#include "crypto/xts.h"
+#include "cipherpriv.h"
typedef struct QCryptoCipherBuiltinAESContext QCryptoCipherBuiltinAESContext;
struct QCryptoCipherBuiltinAESContext {
@@ -466,25 +467,22 @@ static QCryptoCipherBuiltin *qcrypto_cipher_ctx_new(QCryptoCipherAlgorithm alg,
return ctxt;
}
-void qcrypto_cipher_free(QCryptoCipher *cipher)
+static void
+qcrypto_builtin_cipher_ctx_free(QCryptoCipher *cipher)
{
QCryptoCipherBuiltin *ctxt;
- if (!cipher) {
- return;
- }
-
ctxt = cipher->opaque;
ctxt->free(cipher);
- g_free(cipher);
}
-int qcrypto_cipher_encrypt(QCryptoCipher *cipher,
- const void *in,
- void *out,
- size_t len,
- Error **errp)
+static int
+qcrypto_builtin_cipher_encrypt(QCryptoCipher *cipher,
+ const void *in,
+ void *out,
+ size_t len,
+ Error **errp)
{
QCryptoCipherBuiltin *ctxt = cipher->opaque;
@@ -498,11 +496,12 @@ int qcrypto_cipher_encrypt(QCryptoCipher *cipher,
}
-int qcrypto_cipher_decrypt(QCryptoCipher *cipher,
- const void *in,
- void *out,
- size_t len,
- Error **errp)
+static int
+qcrypto_builtin_cipher_decrypt(QCryptoCipher *cipher,
+ const void *in,
+ void *out,
+ size_t len,
+ Error **errp)
{
QCryptoCipherBuiltin *ctxt = cipher->opaque;
@@ -516,9 +515,10 @@ int qcrypto_cipher_decrypt(QCryptoCipher *cipher,
}
-int qcrypto_cipher_setiv(QCryptoCipher *cipher,
- const uint8_t *iv, size_t niv,
- Error **errp)
+static int
+qcrypto_builtin_cipher_setiv(QCryptoCipher *cipher,
+ const uint8_t *iv, size_t niv,
+ Error **errp)
{
QCryptoCipherBuiltin *ctxt = cipher->opaque;
@@ -526,23 +526,9 @@ int qcrypto_cipher_setiv(QCryptoCipher *cipher,
}
-QCryptoCipher *qcrypto_cipher_new(QCryptoCipherAlgorithm alg,
- QCryptoCipherMode mode,
- const uint8_t *key, size_t nkey,
- Error **errp)
-{
- QCryptoCipher *cipher;
- QCryptoCipherBuiltin *ctxt;
-
- ctxt = qcrypto_cipher_ctx_new(alg, mode, key, nkey, errp);
- if (!ctxt) {
- return NULL;
- }
-
- cipher = g_new0(QCryptoCipher, 1);
- cipher->alg = alg;
- cipher->mode = mode;
- cipher->opaque = ctxt;
-
- return cipher;
-}
+static struct QCryptoCipherDriver qcrypto_cipher_lib_driver = {
+ .cipher_encrypt = qcrypto_builtin_cipher_encrypt,
+ .cipher_decrypt = qcrypto_builtin_cipher_decrypt,
+ .cipher_setiv = qcrypto_builtin_cipher_setiv,
+ .cipher_free = qcrypto_builtin_cipher_ctx_free,
+};
diff --git a/crypto/cipher-gcrypt.c b/crypto/cipher-gcrypt.c
index 4939386..0489147 100644
--- a/crypto/cipher-gcrypt.c
+++ b/crypto/cipher-gcrypt.c
@@ -20,6 +20,7 @@
#include "qemu/osdep.h"
#include "crypto/xts.h"
+#include "cipherpriv.h"
#include <gcrypt.h>
@@ -64,8 +65,9 @@ struct QCryptoCipherGcrypt {
uint8_t *iv;
};
-static void gcrypt_cipher_free_ctx(QCryptoCipherGcrypt *ctx,
- QCryptoCipherMode mode)
+static void
+qcrypto_gcrypt_cipher_free_ctx(QCryptoCipherGcrypt *ctx,
+ QCryptoCipherMode mode)
{
if (!ctx) {
return;
@@ -239,18 +241,15 @@ static QCryptoCipherGcrypt *qcrypto_cipher_ctx_new(QCryptoCipherAlgorithm alg,
return ctx;
error:
- gcrypt_cipher_free_ctx(ctx, mode);
+ qcrypto_gcrypt_cipher_free_ctx(ctx, mode);
return NULL;
}
-void qcrypto_cipher_free(QCryptoCipher *cipher)
+static void
+qcrypto_gcrypt_cipher_ctx_free(QCryptoCipher *cipher)
{
- if (!cipher) {
- return;
- }
- gcrypt_cipher_free_ctx(cipher->opaque, cipher->mode);
- g_free(cipher);
+ qcrypto_gcrypt_cipher_free_ctx(cipher->opaque, cipher->mode);
}
@@ -274,11 +273,12 @@ static void qcrypto_gcrypt_xts_decrypt(const void *ctx,
g_assert(err == 0);
}
-int qcrypto_cipher_encrypt(QCryptoCipher *cipher,
- const void *in,
- void *out,
- size_t len,
- Error **errp)
+static int
+qcrypto_gcrypt_cipher_encrypt(QCryptoCipher *cipher,
+ const void *in,
+ void *out,
+ size_t len,
+ Error **errp)
{
QCryptoCipherGcrypt *ctx = cipher->opaque;
gcry_error_t err;
@@ -309,11 +309,12 @@ int qcrypto_cipher_encrypt(QCryptoCipher *cipher,
}
-int qcrypto_cipher_decrypt(QCryptoCipher *cipher,
- const void *in,
- void *out,
- size_t len,
- Error **errp)
+static int
+qcrypto_gcrypt_cipher_decrypt(QCryptoCipher *cipher,
+ const void *in,
+ void *out,
+ size_t len,
+ Error **errp)
{
QCryptoCipherGcrypt *ctx = cipher->opaque;
gcry_error_t err;
@@ -343,9 +344,10 @@ int qcrypto_cipher_decrypt(QCryptoCipher *cipher,
return 0;
}
-int qcrypto_cipher_setiv(QCryptoCipher *cipher,
- const uint8_t *iv, size_t niv,
- Error **errp)
+static int
+qcrypto_gcrypt_cipher_setiv(QCryptoCipher *cipher,
+ const uint8_t *iv, size_t niv,
+ Error **errp)
{
QCryptoCipherGcrypt *ctx = cipher->opaque;
gcry_error_t err;
@@ -381,23 +383,9 @@ int qcrypto_cipher_setiv(QCryptoCipher *cipher,
}
-QCryptoCipher *qcrypto_cipher_new(QCryptoCipherAlgorithm alg,
- QCryptoCipherMode mode,
- const uint8_t *key, size_t nkey,
- Error **errp)
-{
- QCryptoCipher *cipher;
- QCryptoCipherGcrypt *ctx;
-
- ctx = qcrypto_cipher_ctx_new(alg, mode, key, nkey, errp);
- if (!ctx) {
- return NULL;
- }
-
- cipher = g_new0(QCryptoCipher, 1);
- cipher->alg = alg;
- cipher->mode = mode;
- cipher->opaque = ctx;
-
- return cipher;
-}
+static struct QCryptoCipherDriver qcrypto_cipher_lib_driver = {
+ .cipher_encrypt = qcrypto_gcrypt_cipher_encrypt,
+ .cipher_decrypt = qcrypto_gcrypt_cipher_decrypt,
+ .cipher_setiv = qcrypto_gcrypt_cipher_setiv,
+ .cipher_free = qcrypto_gcrypt_cipher_ctx_free,
+};
diff --git a/crypto/cipher-nettle.c b/crypto/cipher-nettle.c
index e6d6e6c..c51f119 100644
--- a/crypto/cipher-nettle.c
+++ b/crypto/cipher-nettle.c
@@ -20,6 +20,7 @@
#include "qemu/osdep.h"
#include "crypto/xts.h"
+#include "cipherpriv.h"
#include <nettle/nettle-types.h>
#include <nettle/aes.h>
@@ -249,7 +250,8 @@ bool qcrypto_cipher_supports(QCryptoCipherAlgorithm alg,
}
-static void nettle_cipher_free_ctx(QCryptoCipherNettle *ctx)
+static void
+qcrypto_nettle_cipher_free_ctx(QCryptoCipherNettle *ctx)
{
if (!ctx) {
return;
@@ -434,30 +436,27 @@ static QCryptoCipherNettle *qcrypto_cipher_ctx_new(QCryptoCipherAlgorithm alg,
return ctx;
error:
- nettle_cipher_free_ctx(ctx);
+ qcrypto_nettle_cipher_free_ctx(ctx);
return NULL;
}
-void qcrypto_cipher_free(QCryptoCipher *cipher)
+static void
+qcrypto_nettle_cipher_ctx_free(QCryptoCipher *cipher)
{
QCryptoCipherNettle *ctx;
- if (!cipher) {
- return;
- }
-
ctx = cipher->opaque;
- nettle_cipher_free_ctx(ctx);
- g_free(cipher);
+ qcrypto_nettle_cipher_free_ctx(ctx);
}
-int qcrypto_cipher_encrypt(QCryptoCipher *cipher,
- const void *in,
- void *out,
- size_t len,
- Error **errp)
+static int
+qcrypto_nettle_cipher_encrypt(QCryptoCipher *cipher,
+ const void *in,
+ void *out,
+ size_t len,
+ Error **errp)
{
QCryptoCipherNettle *ctx = cipher->opaque;
@@ -499,11 +498,12 @@ int qcrypto_cipher_encrypt(QCryptoCipher *cipher,
}
-int qcrypto_cipher_decrypt(QCryptoCipher *cipher,
- const void *in,
- void *out,
- size_t len,
- Error **errp)
+static int
+qcrypto_nettle_cipher_decrypt(QCryptoCipher *cipher,
+ const void *in,
+ void *out,
+ size_t len,
+ Error **errp)
{
QCryptoCipherNettle *ctx = cipher->opaque;
@@ -543,9 +543,10 @@ int qcrypto_cipher_decrypt(QCryptoCipher *cipher,
return 0;
}
-int qcrypto_cipher_setiv(QCryptoCipher *cipher,
- const uint8_t *iv, size_t niv,
- Error **errp)
+static int
+qcrypto_nettle_cipher_setiv(QCryptoCipher *cipher,
+ const uint8_t *iv, size_t niv,
+ Error **errp)
{
QCryptoCipherNettle *ctx = cipher->opaque;
if (niv != ctx->blocksize) {
@@ -558,23 +559,9 @@ int qcrypto_cipher_setiv(QCryptoCipher *cipher,
}
-QCryptoCipher *qcrypto_cipher_new(QCryptoCipherAlgorithm alg,
- QCryptoCipherMode mode,
- const uint8_t *key, size_t nkey,
- Error **errp)
-{
- QCryptoCipher *cipher;
- QCryptoCipherNettle *ctx;
-
- ctx = qcrypto_cipher_ctx_new(alg, mode, key, nkey, errp);
- if (!ctx) {
- return NULL;
- }
-
- cipher = g_new0(QCryptoCipher, 1);
- cipher->alg = alg;
- cipher->mode = mode;
- cipher->opaque = ctx;
-
- return cipher;
-}
+static struct QCryptoCipherDriver qcrypto_cipher_lib_driver = {
+ .cipher_encrypt = qcrypto_nettle_cipher_encrypt,
+ .cipher_decrypt = qcrypto_nettle_cipher_decrypt,
+ .cipher_setiv = qcrypto_nettle_cipher_setiv,
+ .cipher_free = qcrypto_nettle_cipher_ctx_free,
+};
diff --git a/crypto/cipher.c b/crypto/cipher.c
index 5a96489..0a3d2e5 100644
--- a/crypto/cipher.c
+++ b/crypto/cipher.c
@@ -21,6 +21,7 @@
#include "qemu/osdep.h"
#include "qapi/error.h"
#include "crypto/cipher.h"
+#include "cipherpriv.h"
static size_t alg_key_len[QCRYPTO_CIPHER_ALG__MAX] = {
@@ -155,3 +156,67 @@ qcrypto_cipher_munge_des_rfb_key(const uint8_t *key,
#else
#include "crypto/cipher-builtin.c"
#endif
+
+QCryptoCipher *qcrypto_cipher_new(QCryptoCipherAlgorithm alg,
+ QCryptoCipherMode mode,
+ const uint8_t *key, size_t nkey,
+ Error **errp)
+{
+ QCryptoCipher *cipher;
+ void *ctx;
+
+ ctx = qcrypto_cipher_ctx_new(alg, mode, key, nkey, errp);
+ if (!ctx) {
+ return NULL;
+ }
+
+ cipher = g_new0(QCryptoCipher, 1);
+ cipher->alg = alg;
+ cipher->mode = mode;
+ cipher->opaque = ctx;
+ cipher->driver = (void *)&qcrypto_cipher_lib_driver;
+
+ return cipher;
+}
+
+
+int qcrypto_cipher_encrypt(QCryptoCipher *cipher,
+ const void *in,
+ void *out,
+ size_t len,
+ Error **errp)
+{
+ QCryptoCipherDriver *drv = cipher->driver;
+ return drv->cipher_encrypt(cipher, in, out, len, errp);
+}
+
+
+int qcrypto_cipher_decrypt(QCryptoCipher *cipher,
+ const void *in,
+ void *out,
+ size_t len,
+ Error **errp)
+{
+ QCryptoCipherDriver *drv = cipher->driver;
+ return drv->cipher_decrypt(cipher, in, out, len, errp);
+}
+
+
+int qcrypto_cipher_setiv(QCryptoCipher *cipher,
+ const uint8_t *iv, size_t niv,
+ Error **errp)
+{
+ QCryptoCipherDriver *drv = cipher->driver;
+ return drv->cipher_setiv(cipher, iv, niv, errp);
+}
+
+
+void qcrypto_cipher_free(QCryptoCipher *cipher)
+{
+ QCryptoCipherDriver *drv;
+ if (cipher) {
+ drv = cipher->driver;
+ drv->cipher_free(cipher);
+ g_free(cipher);
+ }
+}
diff --git a/crypto/cipherpriv.h b/crypto/cipherpriv.h
new file mode 100644
index 0000000..4af5e85
--- /dev/null
+++ b/crypto/cipherpriv.h
@@ -0,0 +1,40 @@
+/*
+ * QEMU Crypto cipher driver supports
+ *
+ * Copyright (c) 2017 HUAWEI TECHNOLOGIES CO., LTD.
+ *
+ * Authors:
+ * Longpeng(Mike) <longpeng2@huawei.com>
+ *
+ * This work is licensed under the terms of the GNU GPL, version 2 or
+ * (at your option) any later version. See the COPYING file in the
+ * top-level directory.
+ *
+ */
+
+#ifndef QCRYPTO_CIPHERPRIV_H
+#define QCRYPTO_CIPHERPRIV_H
+
+typedef struct QCryptoCipherDriver QCryptoCipherDriver;
+
+struct QCryptoCipherDriver {
+ int (*cipher_encrypt)(QCryptoCipher *cipher,
+ const void *in,
+ void *out,
+ size_t len,
+ Error **errp);
+
+ int (*cipher_decrypt)(QCryptoCipher *cipher,
+ const void *in,
+ void *out,
+ size_t len,
+ Error **errp);
+
+ int (*cipher_setiv)(QCryptoCipher *cipher,
+ const uint8_t *iv, size_t niv,
+ Error **errp);
+
+ void (*cipher_free)(QCryptoCipher *cipher);
+};
+
+#endif
diff --git a/include/crypto/cipher.h b/include/crypto/cipher.h
index bec9f41..984fb82 100644
--- a/include/crypto/cipher.h
+++ b/include/crypto/cipher.h
@@ -80,6 +80,7 @@ struct QCryptoCipher {
QCryptoCipherAlgorithm alg;
QCryptoCipherMode mode;
void *opaque;
+ void *driver;
};
/**
--
1.8.3.1
^ permalink raw reply related [flat|nested] 21+ messages in thread
* [Qemu-devel] [PATCH v6 06/18] crypto: hash: add hash driver framework
2017-07-14 18:03 [Qemu-devel] [PATCH v6 00/18] crypto: add afalg-backend support longpeng.mike
` (4 preceding siblings ...)
2017-07-14 18:03 ` [Qemu-devel] [PATCH v6 05/18] crypto: cipher: add cipher driver framework longpeng.mike
@ 2017-07-14 18:03 ` longpeng.mike
2017-07-14 18:04 ` [Qemu-devel] [PATCH v6 07/18] crypto: hmac: move crypto/hmac.h into include/crypto/ longpeng.mike
` (12 subsequent siblings)
18 siblings, 0 replies; 21+ messages in thread
From: longpeng.mike @ 2017-07-14 18:03 UTC (permalink / raw)
To: berrange; +Cc: qemu-devel, arei.gonglei, weidong.huang, Longpeng(Mike)
From: "Longpeng(Mike)" <longpeng2@huawei.com>
1) makes the public APIs in hash-nettle/gcrypt/glib static,
and rename them with "nettle/gcrypt/glib" prefix.
2) introduces hash framework, including QCryptoHashDriver
and new public APIs.
Reviewed-by: Daniel P. Berrange <berrange@redhat.com>
Reviewed-by: Gonglei <arei.gonglei@huawei.com>
Signed-off-by: Longpeng(Mike) <longpeng2@huawei.com>
---
crypto/hash-gcrypt.c | 19 +++++++++++++------
crypto/hash-glib.c | 19 +++++++++++++------
crypto/hash-nettle.c | 19 +++++++++++++------
crypto/hash.c | 13 +++++++++++++
crypto/hashpriv.h | 31 +++++++++++++++++++++++++++++++
5 files changed, 83 insertions(+), 18 deletions(-)
create mode 100644 crypto/hashpriv.h
diff --git a/crypto/hash-gcrypt.c b/crypto/hash-gcrypt.c
index 7690690..972beaa 100644
--- a/crypto/hash-gcrypt.c
+++ b/crypto/hash-gcrypt.c
@@ -22,6 +22,7 @@
#include <gcrypt.h>
#include "qapi/error.h"
#include "crypto/hash.h"
+#include "hashpriv.h"
static int qcrypto_hash_alg_map[QCRYPTO_HASH_ALG__MAX] = {
@@ -44,12 +45,13 @@ gboolean qcrypto_hash_supports(QCryptoHashAlgorithm alg)
}
-int qcrypto_hash_bytesv(QCryptoHashAlgorithm alg,
- const struct iovec *iov,
- size_t niov,
- uint8_t **result,
- size_t *resultlen,
- Error **errp)
+static int
+qcrypto_gcrypt_hash_bytesv(QCryptoHashAlgorithm alg,
+ const struct iovec *iov,
+ size_t niov,
+ uint8_t **result,
+ size_t *resultlen,
+ Error **errp)
{
int i, ret;
gcry_md_hd_t md;
@@ -107,3 +109,8 @@ int qcrypto_hash_bytesv(QCryptoHashAlgorithm alg,
gcry_md_close(md);
return -1;
}
+
+
+QCryptoHashDriver qcrypto_hash_lib_driver = {
+ .hash_bytesv = qcrypto_gcrypt_hash_bytesv,
+};
diff --git a/crypto/hash-glib.c b/crypto/hash-glib.c
index ec99ac9..a5871cc 100644
--- a/crypto/hash-glib.c
+++ b/crypto/hash-glib.c
@@ -21,6 +21,7 @@
#include "qemu/osdep.h"
#include "qapi/error.h"
#include "crypto/hash.h"
+#include "hashpriv.h"
static int qcrypto_hash_alg_map[QCRYPTO_HASH_ALG__MAX] = {
@@ -47,12 +48,13 @@ gboolean qcrypto_hash_supports(QCryptoHashAlgorithm alg)
}
-int qcrypto_hash_bytesv(QCryptoHashAlgorithm alg,
- const struct iovec *iov,
- size_t niov,
- uint8_t **result,
- size_t *resultlen,
- Error **errp)
+static int
+qcrypto_glib_hash_bytesv(QCryptoHashAlgorithm alg,
+ const struct iovec *iov,
+ size_t niov,
+ uint8_t **result,
+ size_t *resultlen,
+ Error **errp)
{
int i, ret;
GChecksum *cs;
@@ -95,3 +97,8 @@ int qcrypto_hash_bytesv(QCryptoHashAlgorithm alg,
g_checksum_free(cs);
return -1;
}
+
+
+QCryptoHashDriver qcrypto_hash_lib_driver = {
+ .hash_bytesv = qcrypto_glib_hash_bytesv,
+};
diff --git a/crypto/hash-nettle.c b/crypto/hash-nettle.c
index 6a206dc..96f186f 100644
--- a/crypto/hash-nettle.c
+++ b/crypto/hash-nettle.c
@@ -21,6 +21,7 @@
#include "qemu/osdep.h"
#include "qapi/error.h"
#include "crypto/hash.h"
+#include "hashpriv.h"
#include <nettle/md5.h>
#include <nettle/sha.h>
#include <nettle/ripemd160.h>
@@ -103,12 +104,13 @@ gboolean qcrypto_hash_supports(QCryptoHashAlgorithm alg)
}
-int qcrypto_hash_bytesv(QCryptoHashAlgorithm alg,
- const struct iovec *iov,
- size_t niov,
- uint8_t **result,
- size_t *resultlen,
- Error **errp)
+static int
+qcrypto_nettle_hash_bytesv(QCryptoHashAlgorithm alg,
+ const struct iovec *iov,
+ size_t niov,
+ uint8_t **result,
+ size_t *resultlen,
+ Error **errp)
{
int i;
union qcrypto_hash_ctx ctx;
@@ -152,3 +154,8 @@ int qcrypto_hash_bytesv(QCryptoHashAlgorithm alg,
return 0;
}
+
+
+QCryptoHashDriver qcrypto_hash_lib_driver = {
+ .hash_bytesv = qcrypto_nettle_hash_bytesv,
+};
diff --git a/crypto/hash.c b/crypto/hash.c
index 0f1ceac..c43fd87 100644
--- a/crypto/hash.c
+++ b/crypto/hash.c
@@ -21,6 +21,7 @@
#include "qemu/osdep.h"
#include "qapi/error.h"
#include "crypto/hash.h"
+#include "hashpriv.h"
static size_t qcrypto_hash_alg_size[QCRYPTO_HASH_ALG__MAX] = {
[QCRYPTO_HASH_ALG_MD5] = 16,
@@ -38,6 +39,18 @@ size_t qcrypto_hash_digest_len(QCryptoHashAlgorithm alg)
return qcrypto_hash_alg_size[alg];
}
+int qcrypto_hash_bytesv(QCryptoHashAlgorithm alg,
+ const struct iovec *iov,
+ size_t niov,
+ uint8_t **result,
+ size_t *resultlen,
+ Error **errp)
+{
+ return qcrypto_hash_lib_driver.hash_bytesv(alg, iov, niov,
+ result, resultlen,
+ errp);
+}
+
int qcrypto_hash_bytes(QCryptoHashAlgorithm alg,
const char *buf,
diff --git a/crypto/hashpriv.h b/crypto/hashpriv.h
new file mode 100644
index 0000000..5e505e0
--- /dev/null
+++ b/crypto/hashpriv.h
@@ -0,0 +1,31 @@
+/*
+ * QEMU Crypto hash driver supports
+ *
+ * Copyright (c) 2017 HUAWEI TECHNOLOGIES CO., LTD.
+ *
+ * Authors:
+ * Longpeng(Mike) <longpeng2@huawei.com>
+ *
+ * This work is licensed under the terms of the GNU GPL, version 2 or
+ * (at your option) any later version. See the COPYING file in the
+ * top-level directory.
+ *
+ */
+
+#ifndef QCRYPTO_HASHPRIV_H
+#define QCRYPTO_HASHPRIV_H
+
+typedef struct QCryptoHashDriver QCryptoHashDriver;
+
+struct QCryptoHashDriver {
+ int (*hash_bytesv)(QCryptoHashAlgorithm alg,
+ const struct iovec *iov,
+ size_t niov,
+ uint8_t **result,
+ size_t *resultlen,
+ Error **errp);
+};
+
+extern QCryptoHashDriver qcrypto_hash_lib_driver;
+
+#endif
--
1.8.3.1
^ permalink raw reply related [flat|nested] 21+ messages in thread
* [Qemu-devel] [PATCH v6 07/18] crypto: hmac: move crypto/hmac.h into include/crypto/
2017-07-14 18:03 [Qemu-devel] [PATCH v6 00/18] crypto: add afalg-backend support longpeng.mike
` (5 preceding siblings ...)
2017-07-14 18:03 ` [Qemu-devel] [PATCH v6 06/18] crypto: hash: add hash " longpeng.mike
@ 2017-07-14 18:04 ` longpeng.mike
2017-07-14 18:04 ` [Qemu-devel] [PATCH v6 08/18] crypto: hmac: introduce qcrypto_hmac_ctx_new for gcrypt-backend longpeng.mike
` (11 subsequent siblings)
18 siblings, 0 replies; 21+ messages in thread
From: longpeng.mike @ 2017-07-14 18:04 UTC (permalink / raw)
To: berrange; +Cc: qemu-devel, arei.gonglei, weidong.huang, Longpeng(Mike)
From: "Longpeng(Mike)" <longpeng2@huawei.com>
Moves crypto/hmac.h into include/crypto/, likes cipher.h and hash.h
Reviewed-by: Daniel P. Berrange <berrange@redhat.com>
Reviewed-by: Philippe Mathieu-Daudé <f4bug@amsat.org>
Reviewed-by: Gonglei <arei.gonglei@huawei.com>
Signed-off-by: Longpeng(Mike) <longpeng2@huawei.com>
---
crypto/hmac.h | 166 --------------------------------------------------
include/crypto/hmac.h | 166 ++++++++++++++++++++++++++++++++++++++++++++++++++
2 files changed, 166 insertions(+), 166 deletions(-)
delete mode 100644 crypto/hmac.h
create mode 100644 include/crypto/hmac.h
diff --git a/crypto/hmac.h b/crypto/hmac.h
deleted file mode 100644
index 0d3acd7..0000000
--- a/crypto/hmac.h
+++ /dev/null
@@ -1,166 +0,0 @@
-/*
- * QEMU Crypto hmac algorithms
- *
- * Copyright (c) 2016 HUAWEI TECHNOLOGIES CO., LTD.
- *
- * This work is licensed under the terms of the GNU GPL, version 2 or
- * (at your option) any later version. See the COPYING file in the
- * top-level directory.
- *
- */
-
-#ifndef QCRYPTO_HMAC_H
-#define QCRYPTO_HMAC_H
-
-#include "qapi-types.h"
-
-typedef struct QCryptoHmac QCryptoHmac;
-struct QCryptoHmac {
- QCryptoHashAlgorithm alg;
- void *opaque;
-};
-
-/**
- * qcrypto_hmac_supports:
- * @alg: the hmac algorithm
- *
- * Determine if @alg hmac algorithm is supported by
- * the current configured build
- *
- * Returns:
- * true if the algorithm is supported, false otherwise
- */
-bool qcrypto_hmac_supports(QCryptoHashAlgorithm alg);
-
-/**
- * qcrypto_hmac_new:
- * @alg: the hmac algorithm
- * @key: the key bytes
- * @nkey: the length of @key
- * @errp: pointer to a NULL-initialized error object
- *
- * Creates a new hmac object with the algorithm @alg
- *
- * The @key parameter provides the bytes representing
- * the secret key to use. The @nkey parameter specifies
- * the length of @key in bytes
- *
- * Note: must use qcrypto_hmac_free() to release the
- * returned hmac object when no longer required
- *
- * Returns:
- * a new hmac object, or NULL on error
- */
-QCryptoHmac *qcrypto_hmac_new(QCryptoHashAlgorithm alg,
- const uint8_t *key, size_t nkey,
- Error **errp);
-
-/**
- * qcrypto_hmac_free:
- * @hmac: the hmac object
- *
- * Release the memory associated with @hmac that was
- * previously allocated by qcrypto_hmac_new()
- */
-void qcrypto_hmac_free(QCryptoHmac *hmac);
-
-/**
- * qcrypto_hmac_bytesv:
- * @hmac: the hmac object
- * @iov: the array of memory regions to hmac
- * @niov: the length of @iov
- * @result: pointer to hold output hmac
- * @resultlen: pointer to hold length of @result
- * @errp: pointer to a NULL-initialized error object
- *
- * Computes the hmac across all the memory regions
- * present in @iov. The @result pointer will be
- * filled with raw bytes representing the computed
- * hmac, which will have length @resultlen. The
- * memory pointer in @result must be released
- * with a call to g_free() when no longer required.
- *
- * Returns:
- * 0 on success, -1 on error
- */
-int qcrypto_hmac_bytesv(QCryptoHmac *hmac,
- const struct iovec *iov,
- size_t niov,
- uint8_t **result,
- size_t *resultlen,
- Error **errp);
-
-/**
- * qcrypto_hmac_bytes:
- * @hmac: the hmac object
- * @buf: the memory region to hmac
- * @len: the length of @buf
- * @result: pointer to hold output hmac
- * @resultlen: pointer to hold length of @result
- * @errp: pointer to a NULL-initialized error object
- *
- * Computes the hmac across all the memory region
- * @buf of length @len. The @result pointer will be
- * filled with raw bytes representing the computed
- * hmac, which will have length @resultlen. The
- * memory pointer in @result must be released
- * with a call to g_free() when no longer required.
- *
- * Returns:
- * 0 on success, -1 on error
- */
-int qcrypto_hmac_bytes(QCryptoHmac *hmac,
- const char *buf,
- size_t len,
- uint8_t **result,
- size_t *resultlen,
- Error **errp);
-
-/**
- * qcrypto_hmac_digestv:
- * @hmac: the hmac object
- * @iov: the array of memory regions to hmac
- * @niov: the length of @iov
- * @digest: pointer to hold output hmac
- * @errp: pointer to a NULL-initialized error object
- *
- * Computes the hmac across all the memory regions
- * present in @iov. The @digest pointer will be
- * filled with the printable hex digest of the computed
- * hmac, which will be terminated by '\0'. The
- * memory pointer in @digest must be released
- * with a call to g_free() when no longer required.
- *
- * Returns:
- * 0 on success, -1 on error
- */
-int qcrypto_hmac_digestv(QCryptoHmac *hmac,
- const struct iovec *iov,
- size_t niov,
- char **digest,
- Error **errp);
-
-/**
- * qcrypto_hmac_digest:
- * @hmac: the hmac object
- * @buf: the memory region to hmac
- * @len: the length of @buf
- * @digest: pointer to hold output hmac
- * @errp: pointer to a NULL-initialized error object
- *
- * Computes the hmac across all the memory region
- * @buf of length @len. The @digest pointer will be
- * filled with the printable hex digest of the computed
- * hmac, which will be terminated by '\0'. The
- * memory pointer in @digest must be released
- * with a call to g_free() when no longer required.
- *
- * Returns: 0 on success, -1 on error
- */
-int qcrypto_hmac_digest(QCryptoHmac *hmac,
- const char *buf,
- size_t len,
- char **digest,
- Error **errp);
-
-#endif
diff --git a/include/crypto/hmac.h b/include/crypto/hmac.h
new file mode 100644
index 0000000..0d3acd7
--- /dev/null
+++ b/include/crypto/hmac.h
@@ -0,0 +1,166 @@
+/*
+ * QEMU Crypto hmac algorithms
+ *
+ * Copyright (c) 2016 HUAWEI TECHNOLOGIES CO., LTD.
+ *
+ * This work is licensed under the terms of the GNU GPL, version 2 or
+ * (at your option) any later version. See the COPYING file in the
+ * top-level directory.
+ *
+ */
+
+#ifndef QCRYPTO_HMAC_H
+#define QCRYPTO_HMAC_H
+
+#include "qapi-types.h"
+
+typedef struct QCryptoHmac QCryptoHmac;
+struct QCryptoHmac {
+ QCryptoHashAlgorithm alg;
+ void *opaque;
+};
+
+/**
+ * qcrypto_hmac_supports:
+ * @alg: the hmac algorithm
+ *
+ * Determine if @alg hmac algorithm is supported by
+ * the current configured build
+ *
+ * Returns:
+ * true if the algorithm is supported, false otherwise
+ */
+bool qcrypto_hmac_supports(QCryptoHashAlgorithm alg);
+
+/**
+ * qcrypto_hmac_new:
+ * @alg: the hmac algorithm
+ * @key: the key bytes
+ * @nkey: the length of @key
+ * @errp: pointer to a NULL-initialized error object
+ *
+ * Creates a new hmac object with the algorithm @alg
+ *
+ * The @key parameter provides the bytes representing
+ * the secret key to use. The @nkey parameter specifies
+ * the length of @key in bytes
+ *
+ * Note: must use qcrypto_hmac_free() to release the
+ * returned hmac object when no longer required
+ *
+ * Returns:
+ * a new hmac object, or NULL on error
+ */
+QCryptoHmac *qcrypto_hmac_new(QCryptoHashAlgorithm alg,
+ const uint8_t *key, size_t nkey,
+ Error **errp);
+
+/**
+ * qcrypto_hmac_free:
+ * @hmac: the hmac object
+ *
+ * Release the memory associated with @hmac that was
+ * previously allocated by qcrypto_hmac_new()
+ */
+void qcrypto_hmac_free(QCryptoHmac *hmac);
+
+/**
+ * qcrypto_hmac_bytesv:
+ * @hmac: the hmac object
+ * @iov: the array of memory regions to hmac
+ * @niov: the length of @iov
+ * @result: pointer to hold output hmac
+ * @resultlen: pointer to hold length of @result
+ * @errp: pointer to a NULL-initialized error object
+ *
+ * Computes the hmac across all the memory regions
+ * present in @iov. The @result pointer will be
+ * filled with raw bytes representing the computed
+ * hmac, which will have length @resultlen. The
+ * memory pointer in @result must be released
+ * with a call to g_free() when no longer required.
+ *
+ * Returns:
+ * 0 on success, -1 on error
+ */
+int qcrypto_hmac_bytesv(QCryptoHmac *hmac,
+ const struct iovec *iov,
+ size_t niov,
+ uint8_t **result,
+ size_t *resultlen,
+ Error **errp);
+
+/**
+ * qcrypto_hmac_bytes:
+ * @hmac: the hmac object
+ * @buf: the memory region to hmac
+ * @len: the length of @buf
+ * @result: pointer to hold output hmac
+ * @resultlen: pointer to hold length of @result
+ * @errp: pointer to a NULL-initialized error object
+ *
+ * Computes the hmac across all the memory region
+ * @buf of length @len. The @result pointer will be
+ * filled with raw bytes representing the computed
+ * hmac, which will have length @resultlen. The
+ * memory pointer in @result must be released
+ * with a call to g_free() when no longer required.
+ *
+ * Returns:
+ * 0 on success, -1 on error
+ */
+int qcrypto_hmac_bytes(QCryptoHmac *hmac,
+ const char *buf,
+ size_t len,
+ uint8_t **result,
+ size_t *resultlen,
+ Error **errp);
+
+/**
+ * qcrypto_hmac_digestv:
+ * @hmac: the hmac object
+ * @iov: the array of memory regions to hmac
+ * @niov: the length of @iov
+ * @digest: pointer to hold output hmac
+ * @errp: pointer to a NULL-initialized error object
+ *
+ * Computes the hmac across all the memory regions
+ * present in @iov. The @digest pointer will be
+ * filled with the printable hex digest of the computed
+ * hmac, which will be terminated by '\0'. The
+ * memory pointer in @digest must be released
+ * with a call to g_free() when no longer required.
+ *
+ * Returns:
+ * 0 on success, -1 on error
+ */
+int qcrypto_hmac_digestv(QCryptoHmac *hmac,
+ const struct iovec *iov,
+ size_t niov,
+ char **digest,
+ Error **errp);
+
+/**
+ * qcrypto_hmac_digest:
+ * @hmac: the hmac object
+ * @buf: the memory region to hmac
+ * @len: the length of @buf
+ * @digest: pointer to hold output hmac
+ * @errp: pointer to a NULL-initialized error object
+ *
+ * Computes the hmac across all the memory region
+ * @buf of length @len. The @digest pointer will be
+ * filled with the printable hex digest of the computed
+ * hmac, which will be terminated by '\0'. The
+ * memory pointer in @digest must be released
+ * with a call to g_free() when no longer required.
+ *
+ * Returns: 0 on success, -1 on error
+ */
+int qcrypto_hmac_digest(QCryptoHmac *hmac,
+ const char *buf,
+ size_t len,
+ char **digest,
+ Error **errp);
+
+#endif
--
1.8.3.1
^ permalink raw reply related [flat|nested] 21+ messages in thread
* [Qemu-devel] [PATCH v6 08/18] crypto: hmac: introduce qcrypto_hmac_ctx_new for gcrypt-backend
2017-07-14 18:03 [Qemu-devel] [PATCH v6 00/18] crypto: add afalg-backend support longpeng.mike
` (6 preceding siblings ...)
2017-07-14 18:04 ` [Qemu-devel] [PATCH v6 07/18] crypto: hmac: move crypto/hmac.h into include/crypto/ longpeng.mike
@ 2017-07-14 18:04 ` longpeng.mike
2017-07-14 18:04 ` [Qemu-devel] [PATCH v6 09/18] crypto: hmac: introduce qcrypto_hmac_ctx_new for nettle-backend longpeng.mike
` (10 subsequent siblings)
18 siblings, 0 replies; 21+ messages in thread
From: longpeng.mike @ 2017-07-14 18:04 UTC (permalink / raw)
To: berrange; +Cc: qemu-devel, arei.gonglei, weidong.huang, Longpeng(Mike)
From: "Longpeng(Mike)" <longpeng2@huawei.com>
1) Fix a handle-leak problem in qcrypto_hmac_new(), didn't free
ctx->handle if gcry_mac_setkey fails.
2) Extracts qcrypto_hmac_ctx_new() from qcrypto_hmac_new() for
gcrypt-backend impls.
Reviewed-by: Daniel P. Berrange <berrange@redhat.com>
Reviewed-by: Gonglei <arei.gonglei@huawei.com>
Signed-off-by: Longpeng(Mike) <longpeng2@huawei.com>
---
crypto/hmac-gcrypt.c | 35 +++++++++++++++++++++++++----------
1 file changed, 25 insertions(+), 10 deletions(-)
diff --git a/crypto/hmac-gcrypt.c b/crypto/hmac-gcrypt.c
index 21189e6..372ad7f 100644
--- a/crypto/hmac-gcrypt.c
+++ b/crypto/hmac-gcrypt.c
@@ -42,11 +42,11 @@ bool qcrypto_hmac_supports(QCryptoHashAlgorithm alg)
return false;
}
-QCryptoHmac *qcrypto_hmac_new(QCryptoHashAlgorithm alg,
- const uint8_t *key, size_t nkey,
- Error **errp)
+static QCryptoHmacGcrypt *
+qcrypto_hmac_ctx_new(QCryptoHashAlgorithm alg,
+ const uint8_t *key, size_t nkey,
+ Error **errp)
{
- QCryptoHmac *hmac;
QCryptoHmacGcrypt *ctx;
gcry_error_t err;
@@ -56,9 +56,6 @@ QCryptoHmac *qcrypto_hmac_new(QCryptoHashAlgorithm alg,
return NULL;
}
- hmac = g_new0(QCryptoHmac, 1);
- hmac->alg = alg;
-
ctx = g_new0(QCryptoHmacGcrypt, 1);
err = gcry_mac_open(&ctx->handle, qcrypto_hmac_alg_map[alg],
@@ -73,15 +70,14 @@ QCryptoHmac *qcrypto_hmac_new(QCryptoHashAlgorithm alg,
if (err != 0) {
error_setg(errp, "Cannot set key: %s",
gcry_strerror(err));
+ gcry_mac_close(ctx->handle);
goto error;
}
- hmac->opaque = ctx;
- return hmac;
+ return ctx;
error:
g_free(ctx);
- g_free(hmac);
return NULL;
}
@@ -150,3 +146,22 @@ int qcrypto_hmac_bytesv(QCryptoHmac *hmac,
return 0;
}
+
+QCryptoHmac *qcrypto_hmac_new(QCryptoHashAlgorithm alg,
+ const uint8_t *key, size_t nkey,
+ Error **errp)
+{
+ QCryptoHmac *hmac;
+ QCryptoHmacGcrypt *ctx;
+
+ ctx = qcrypto_hmac_ctx_new(alg, key, nkey, errp);
+ if (!ctx) {
+ return NULL;
+ }
+
+ hmac = g_new0(QCryptoHmac, 1);
+ hmac->alg = alg;
+ hmac->opaque = ctx;
+
+ return hmac;
+}
--
1.8.3.1
^ permalink raw reply related [flat|nested] 21+ messages in thread
* [Qemu-devel] [PATCH v6 09/18] crypto: hmac: introduce qcrypto_hmac_ctx_new for nettle-backend
2017-07-14 18:03 [Qemu-devel] [PATCH v6 00/18] crypto: add afalg-backend support longpeng.mike
` (7 preceding siblings ...)
2017-07-14 18:04 ` [Qemu-devel] [PATCH v6 08/18] crypto: hmac: introduce qcrypto_hmac_ctx_new for gcrypt-backend longpeng.mike
@ 2017-07-14 18:04 ` longpeng.mike
2017-07-14 18:04 ` [Qemu-devel] [PATCH v6 10/18] crypto: hmac: introduce qcrypto_hmac_ctx_new for glib-backend longpeng.mike
` (9 subsequent siblings)
18 siblings, 0 replies; 21+ messages in thread
From: longpeng.mike @ 2017-07-14 18:04 UTC (permalink / raw)
To: berrange; +Cc: qemu-devel, arei.gonglei, weidong.huang, Longpeng(Mike)
From: "Longpeng(Mike)" <longpeng2@huawei.com>
Extracts qcrypto_hmac_ctx_new() from qcrypto_hmac_new() for
nettle-backend impls.
Reviewed-by: Daniel P. Berrange <berrange@redhat.com>
Reviewed-by: Gonglei <arei.gonglei@huawei.com>
Signed-off-by: Longpeng(Mike) <longpeng2@huawei.com>
---
crypto/hmac-nettle.c | 34 ++++++++++++++++++++++++----------
1 file changed, 24 insertions(+), 10 deletions(-)
diff --git a/crypto/hmac-nettle.c b/crypto/hmac-nettle.c
index 4a9e6b2..000dfd9 100644
--- a/crypto/hmac-nettle.c
+++ b/crypto/hmac-nettle.c
@@ -97,11 +97,11 @@ bool qcrypto_hmac_supports(QCryptoHashAlgorithm alg)
return false;
}
-QCryptoHmac *qcrypto_hmac_new(QCryptoHashAlgorithm alg,
- const uint8_t *key, size_t nkey,
- Error **errp)
+static QCryptoHmacNettle *
+qcrypto_hmac_ctx_new(QCryptoHashAlgorithm alg,
+ const uint8_t *key, size_t nkey,
+ Error **errp)
{
- QCryptoHmac *hmac;
QCryptoHmacNettle *ctx;
if (!qcrypto_hmac_supports(alg)) {
@@ -110,16 +110,11 @@ QCryptoHmac *qcrypto_hmac_new(QCryptoHashAlgorithm alg,
return NULL;
}
- hmac = g_new0(QCryptoHmac, 1);
- hmac->alg = alg;
-
ctx = g_new0(QCryptoHmacNettle, 1);
qcrypto_hmac_alg_map[alg].setkey(&ctx->u, nkey, key);
- hmac->opaque = ctx;
-
- return hmac;
+ return ctx;
}
void qcrypto_hmac_free(QCryptoHmac *hmac)
@@ -173,3 +168,22 @@ int qcrypto_hmac_bytesv(QCryptoHmac *hmac,
return 0;
}
+
+QCryptoHmac *qcrypto_hmac_new(QCryptoHashAlgorithm alg,
+ const uint8_t *key, size_t nkey,
+ Error **errp)
+{
+ QCryptoHmac *hmac;
+ QCryptoHmacNettle *ctx;
+
+ ctx = qcrypto_hmac_ctx_new(alg, key, nkey, errp);
+ if (!ctx) {
+ return NULL;
+ }
+
+ hmac = g_new0(QCryptoHmac, 1);
+ hmac->alg = alg;
+ hmac->opaque = ctx;
+
+ return hmac;
+}
--
1.8.3.1
^ permalink raw reply related [flat|nested] 21+ messages in thread
* [Qemu-devel] [PATCH v6 10/18] crypto: hmac: introduce qcrypto_hmac_ctx_new for glib-backend
2017-07-14 18:03 [Qemu-devel] [PATCH v6 00/18] crypto: add afalg-backend support longpeng.mike
` (8 preceding siblings ...)
2017-07-14 18:04 ` [Qemu-devel] [PATCH v6 09/18] crypto: hmac: introduce qcrypto_hmac_ctx_new for nettle-backend longpeng.mike
@ 2017-07-14 18:04 ` longpeng.mike
2017-07-14 18:04 ` [Qemu-devel] [PATCH v6 11/18] crypto: hmac: add hmac driver framework longpeng.mike
` (8 subsequent siblings)
18 siblings, 0 replies; 21+ messages in thread
From: longpeng.mike @ 2017-07-14 18:04 UTC (permalink / raw)
To: berrange; +Cc: qemu-devel, arei.gonglei, weidong.huang, Longpeng(Mike)
From: "Longpeng(Mike)" <longpeng2@huawei.com>
Extracts qcrypto_hmac_ctx_new() from qcrypto_hmac_new() for
glib-backend impls.
Reviewed-by: Daniel P. Berrange <berrange@redhat.com>
Reviewed-by: Gonglei <arei.gonglei@huawei.com>
Signed-off-by: Longpeng(Mike) <longpeng2@huawei.com>
---
crypto/hmac-glib.c | 34 ++++++++++++++++++++++++----------
1 file changed, 24 insertions(+), 10 deletions(-)
diff --git a/crypto/hmac-glib.c b/crypto/hmac-glib.c
index 08a1fdd..f0ccfd6 100644
--- a/crypto/hmac-glib.c
+++ b/crypto/hmac-glib.c
@@ -49,11 +49,11 @@ bool qcrypto_hmac_supports(QCryptoHashAlgorithm alg)
return false;
}
-QCryptoHmac *qcrypto_hmac_new(QCryptoHashAlgorithm alg,
- const uint8_t *key, size_t nkey,
- Error **errp)
+static QCryptoHmacGlib *
+qcrypto_hmac_ctx_new(QCryptoHashAlgorithm alg,
+ const uint8_t *key, size_t nkey,
+ Error **errp)
{
- QCryptoHmac *hmac;
QCryptoHmacGlib *ctx;
if (!qcrypto_hmac_supports(alg)) {
@@ -62,9 +62,6 @@ QCryptoHmac *qcrypto_hmac_new(QCryptoHashAlgorithm alg,
return NULL;
}
- hmac = g_new0(QCryptoHmac, 1);
- hmac->alg = alg;
-
ctx = g_new0(QCryptoHmacGlib, 1);
ctx->ghmac = g_hmac_new(qcrypto_hmac_alg_map[alg],
@@ -74,12 +71,10 @@ QCryptoHmac *qcrypto_hmac_new(QCryptoHashAlgorithm alg,
goto error;
}
- hmac->opaque = ctx;
- return hmac;
+ return ctx;
error:
g_free(ctx);
- g_free(hmac);
return NULL;
}
@@ -134,6 +129,25 @@ int qcrypto_hmac_bytesv(QCryptoHmac *hmac,
return 0;
}
+QCryptoHmac *qcrypto_hmac_new(QCryptoHashAlgorithm alg,
+ const uint8_t *key, size_t nkey,
+ Error **errp)
+{
+ QCryptoHmac *hmac;
+ QCryptoHmacGlib *ctx;
+
+ ctx = qcrypto_hmac_ctx_new(alg, key, nkey, errp);
+ if (!ctx) {
+ return NULL;
+ }
+
+ hmac = g_new0(QCryptoHmac, 1);
+ hmac->alg = alg;
+ hmac->opaque = ctx;
+
+ return hmac;
+}
+
#else
bool qcrypto_hmac_supports(QCryptoHashAlgorithm alg)
--
1.8.3.1
^ permalink raw reply related [flat|nested] 21+ messages in thread
* [Qemu-devel] [PATCH v6 11/18] crypto: hmac: add hmac driver framework
2017-07-14 18:03 [Qemu-devel] [PATCH v6 00/18] crypto: add afalg-backend support longpeng.mike
` (9 preceding siblings ...)
2017-07-14 18:04 ` [Qemu-devel] [PATCH v6 10/18] crypto: hmac: introduce qcrypto_hmac_ctx_new for glib-backend longpeng.mike
@ 2017-07-14 18:04 ` longpeng.mike
2017-07-14 18:04 ` [Qemu-devel] [PATCH v6 12/18] crypto: introduce some common functions for af_alg backend longpeng.mike
` (7 subsequent siblings)
18 siblings, 0 replies; 21+ messages in thread
From: longpeng.mike @ 2017-07-14 18:04 UTC (permalink / raw)
To: berrange; +Cc: qemu-devel, arei.gonglei, weidong.huang, Longpeng(Mike)
From: "Longpeng(Mike)" <longpeng2@huawei.com>
1) makes the public APIs in hmac-nettle/gcrypt/glib static,
and rename them with "nettle/gcrypt/glib" prefix.
2) introduces hmac framework, including QCryptoHmacDriver
and new public APIs.
Reviewed-by: Daniel P. Berrange <berrange@redhat.com>
Signed-off-by: Longpeng(Mike) <longpeng2@huawei.com>
---
crypto/hmac-gcrypt.c | 51 ++++++++++++-----------------------
crypto/hmac-glib.c | 75 +++++++++++++++++++++------------------------------
crypto/hmac-nettle.c | 52 ++++++++++++-----------------------
crypto/hmac.c | 44 ++++++++++++++++++++++++++++++
crypto/hmacpriv.h | 36 +++++++++++++++++++++++++
include/crypto/hmac.h | 1 +
6 files changed, 145 insertions(+), 114 deletions(-)
create mode 100644 crypto/hmacpriv.h
diff --git a/crypto/hmac-gcrypt.c b/crypto/hmac-gcrypt.c
index 372ad7f..76ca61b 100644
--- a/crypto/hmac-gcrypt.c
+++ b/crypto/hmac-gcrypt.c
@@ -15,6 +15,7 @@
#include "qemu/osdep.h"
#include "qapi/error.h"
#include "crypto/hmac.h"
+#include "hmacpriv.h"
#include <gcrypt.h>
static int qcrypto_hmac_alg_map[QCRYPTO_HASH_ALG__MAX] = {
@@ -42,10 +43,9 @@ bool qcrypto_hmac_supports(QCryptoHashAlgorithm alg)
return false;
}
-static QCryptoHmacGcrypt *
-qcrypto_hmac_ctx_new(QCryptoHashAlgorithm alg,
- const uint8_t *key, size_t nkey,
- Error **errp)
+void *qcrypto_hmac_ctx_new(QCryptoHashAlgorithm alg,
+ const uint8_t *key, size_t nkey,
+ Error **errp)
{
QCryptoHmacGcrypt *ctx;
gcry_error_t err;
@@ -81,27 +81,24 @@ error:
return NULL;
}
-void qcrypto_hmac_free(QCryptoHmac *hmac)
+static void
+qcrypto_gcrypt_hmac_ctx_free(QCryptoHmac *hmac)
{
QCryptoHmacGcrypt *ctx;
- if (!hmac) {
- return;
- }
-
ctx = hmac->opaque;
gcry_mac_close(ctx->handle);
g_free(ctx);
- g_free(hmac);
}
-int qcrypto_hmac_bytesv(QCryptoHmac *hmac,
- const struct iovec *iov,
- size_t niov,
- uint8_t **result,
- size_t *resultlen,
- Error **errp)
+static int
+qcrypto_gcrypt_hmac_bytesv(QCryptoHmac *hmac,
+ const struct iovec *iov,
+ size_t niov,
+ uint8_t **result,
+ size_t *resultlen,
+ Error **errp)
{
QCryptoHmacGcrypt *ctx;
gcry_error_t err;
@@ -147,21 +144,7 @@ int qcrypto_hmac_bytesv(QCryptoHmac *hmac,
return 0;
}
-QCryptoHmac *qcrypto_hmac_new(QCryptoHashAlgorithm alg,
- const uint8_t *key, size_t nkey,
- Error **errp)
-{
- QCryptoHmac *hmac;
- QCryptoHmacGcrypt *ctx;
-
- ctx = qcrypto_hmac_ctx_new(alg, key, nkey, errp);
- if (!ctx) {
- return NULL;
- }
-
- hmac = g_new0(QCryptoHmac, 1);
- hmac->alg = alg;
- hmac->opaque = ctx;
-
- return hmac;
-}
+QCryptoHmacDriver qcrypto_hmac_lib_driver = {
+ .hmac_bytesv = qcrypto_gcrypt_hmac_bytesv,
+ .hmac_free = qcrypto_gcrypt_hmac_ctx_free,
+};
diff --git a/crypto/hmac-glib.c b/crypto/hmac-glib.c
index f0ccfd6..8cf6b22 100644
--- a/crypto/hmac-glib.c
+++ b/crypto/hmac-glib.c
@@ -15,6 +15,7 @@
#include "qemu/osdep.h"
#include "qapi/error.h"
#include "crypto/hmac.h"
+#include "hmacpriv.h"
/* Support for HMAC Algos has been added in GLib 2.30 */
#if GLIB_CHECK_VERSION(2, 30, 0)
@@ -49,10 +50,9 @@ bool qcrypto_hmac_supports(QCryptoHashAlgorithm alg)
return false;
}
-static QCryptoHmacGlib *
-qcrypto_hmac_ctx_new(QCryptoHashAlgorithm alg,
- const uint8_t *key, size_t nkey,
- Error **errp)
+void *qcrypto_hmac_ctx_new(QCryptoHashAlgorithm alg,
+ const uint8_t *key, size_t nkey,
+ Error **errp)
{
QCryptoHmacGlib *ctx;
@@ -78,27 +78,24 @@ error:
return NULL;
}
-void qcrypto_hmac_free(QCryptoHmac *hmac)
+static void
+qcrypto_glib_hmac_ctx_free(QCryptoHmac *hmac)
{
QCryptoHmacGlib *ctx;
- if (!hmac) {
- return;
- }
-
ctx = hmac->opaque;
g_hmac_unref(ctx->ghmac);
g_free(ctx);
- g_free(hmac);
}
-int qcrypto_hmac_bytesv(QCryptoHmac *hmac,
- const struct iovec *iov,
- size_t niov,
- uint8_t **result,
- size_t *resultlen,
- Error **errp)
+static int
+qcrypto_glib_hmac_bytesv(QCryptoHmac *hmac,
+ const struct iovec *iov,
+ size_t niov,
+ uint8_t **result,
+ size_t *resultlen,
+ Error **errp)
{
QCryptoHmacGlib *ctx;
int i, ret;
@@ -129,25 +126,6 @@ int qcrypto_hmac_bytesv(QCryptoHmac *hmac,
return 0;
}
-QCryptoHmac *qcrypto_hmac_new(QCryptoHashAlgorithm alg,
- const uint8_t *key, size_t nkey,
- Error **errp)
-{
- QCryptoHmac *hmac;
- QCryptoHmacGlib *ctx;
-
- ctx = qcrypto_hmac_ctx_new(alg, key, nkey, errp);
- if (!ctx) {
- return NULL;
- }
-
- hmac = g_new0(QCryptoHmac, 1);
- hmac->alg = alg;
- hmac->opaque = ctx;
-
- return hmac;
-}
-
#else
bool qcrypto_hmac_supports(QCryptoHashAlgorithm alg)
@@ -155,26 +133,33 @@ bool qcrypto_hmac_supports(QCryptoHashAlgorithm alg)
return false;
}
-QCryptoHmac *qcrypto_hmac_new(QCryptoHashAlgorithm alg,
- const uint8_t *key, size_t nkey,
- Error **errp)
+void *qcrypto_hmac_ctx_new(QCryptoHashAlgorithm alg,
+ const uint8_t *key, size_t nkey,
+ Error **errp)
{
return NULL;
}
-void qcrypto_hmac_free(QCryptoHmac *hmac)
+static void
+qcrypto_glib_hmac_ctx_free(QCryptoHmac *hmac)
{
return;
}
-int qcrypto_hmac_bytesv(QCryptoHmac *hmac,
- const struct iovec *iov,
- size_t niov,
- uint8_t **result,
- size_t *resultlen,
- Error **errp)
+static int
+qcrypto_glib_hmac_bytesv(QCryptoHmac *hmac,
+ const struct iovec *iov,
+ size_t niov,
+ uint8_t **result,
+ size_t *resultlen,
+ Error **errp)
{
return -1;
}
#endif
+
+QCryptoHmacDriver qcrypto_hmac_lib_driver = {
+ .hmac_bytesv = qcrypto_glib_hmac_bytesv,
+ .hmac_free = qcrypto_glib_hmac_ctx_free,
+};
diff --git a/crypto/hmac-nettle.c b/crypto/hmac-nettle.c
index 000dfd9..1d5a915 100644
--- a/crypto/hmac-nettle.c
+++ b/crypto/hmac-nettle.c
@@ -15,6 +15,7 @@
#include "qemu/osdep.h"
#include "qapi/error.h"
#include "crypto/hmac.h"
+#include "hmacpriv.h"
#include <nettle/hmac.h>
typedef void (*qcrypto_nettle_hmac_setkey)(void *ctx,
@@ -97,10 +98,9 @@ bool qcrypto_hmac_supports(QCryptoHashAlgorithm alg)
return false;
}
-static QCryptoHmacNettle *
-qcrypto_hmac_ctx_new(QCryptoHashAlgorithm alg,
- const uint8_t *key, size_t nkey,
- Error **errp)
+void *qcrypto_hmac_ctx_new(QCryptoHashAlgorithm alg,
+ const uint8_t *key, size_t nkey,
+ Error **errp)
{
QCryptoHmacNettle *ctx;
@@ -117,26 +117,22 @@ qcrypto_hmac_ctx_new(QCryptoHashAlgorithm alg,
return ctx;
}
-void qcrypto_hmac_free(QCryptoHmac *hmac)
+static void
+qcrypto_nettle_hmac_ctx_free(QCryptoHmac *hmac)
{
QCryptoHmacNettle *ctx;
- if (!hmac) {
- return;
- }
-
ctx = hmac->opaque;
-
g_free(ctx);
- g_free(hmac);
}
-int qcrypto_hmac_bytesv(QCryptoHmac *hmac,
- const struct iovec *iov,
- size_t niov,
- uint8_t **result,
- size_t *resultlen,
- Error **errp)
+static int
+qcrypto_nettle_hmac_bytesv(QCryptoHmac *hmac,
+ const struct iovec *iov,
+ size_t niov,
+ uint8_t **result,
+ size_t *resultlen,
+ Error **errp)
{
QCryptoHmacNettle *ctx;
int i;
@@ -169,21 +165,7 @@ int qcrypto_hmac_bytesv(QCryptoHmac *hmac,
return 0;
}
-QCryptoHmac *qcrypto_hmac_new(QCryptoHashAlgorithm alg,
- const uint8_t *key, size_t nkey,
- Error **errp)
-{
- QCryptoHmac *hmac;
- QCryptoHmacNettle *ctx;
-
- ctx = qcrypto_hmac_ctx_new(alg, key, nkey, errp);
- if (!ctx) {
- return NULL;
- }
-
- hmac = g_new0(QCryptoHmac, 1);
- hmac->alg = alg;
- hmac->opaque = ctx;
-
- return hmac;
-}
+QCryptoHmacDriver qcrypto_hmac_lib_driver = {
+ .hmac_bytesv = qcrypto_nettle_hmac_bytesv,
+ .hmac_free = qcrypto_nettle_hmac_ctx_free,
+};
diff --git a/crypto/hmac.c b/crypto/hmac.c
index 5750405..a4690e3 100644
--- a/crypto/hmac.c
+++ b/crypto/hmac.c
@@ -12,9 +12,22 @@
#include "qemu/osdep.h"
#include "qapi/error.h"
#include "crypto/hmac.h"
+#include "hmacpriv.h"
static const char hex[] = "0123456789abcdef";
+int qcrypto_hmac_bytesv(QCryptoHmac *hmac,
+ const struct iovec *iov,
+ size_t niov,
+ uint8_t **result,
+ size_t *resultlen,
+ Error **errp)
+{
+ QCryptoHmacDriver *drv = hmac->driver;
+
+ return drv->hmac_bytesv(hmac, iov, niov, result, resultlen, errp);
+}
+
int qcrypto_hmac_bytes(QCryptoHmac *hmac,
const char *buf,
size_t len,
@@ -70,3 +83,34 @@ int qcrypto_hmac_digest(QCryptoHmac *hmac,
return qcrypto_hmac_digestv(hmac, &iov, 1, digest, errp);
}
+
+QCryptoHmac *qcrypto_hmac_new(QCryptoHashAlgorithm alg,
+ const uint8_t *key, size_t nkey,
+ Error **errp)
+{
+ QCryptoHmac *hmac;
+ void *ctx;
+
+ ctx = qcrypto_hmac_ctx_new(alg, key, nkey, errp);
+ if (!ctx) {
+ return NULL;
+ }
+
+ hmac = g_new0(QCryptoHmac, 1);
+ hmac->alg = alg;
+ hmac->opaque = ctx;
+ hmac->driver = (void *)&qcrypto_hmac_lib_driver;
+
+ return hmac;
+}
+
+void qcrypto_hmac_free(QCryptoHmac *hmac)
+{
+ QCryptoHmacDriver *drv;
+
+ if (hmac) {
+ drv = hmac->driver;
+ drv->hmac_free(hmac);
+ g_free(hmac);
+ }
+}
diff --git a/crypto/hmacpriv.h b/crypto/hmacpriv.h
new file mode 100644
index 0000000..2be389a
--- /dev/null
+++ b/crypto/hmacpriv.h
@@ -0,0 +1,36 @@
+/*
+ * QEMU Crypto hmac driver supports
+ *
+ * Copyright (c) 2017 HUAWEI TECHNOLOGIES CO., LTD.
+ *
+ * Authors:
+ * Longpeng(Mike) <longpeng2@huawei.com>
+ *
+ * This work is licensed under the terms of the GNU GPL, version 2 or
+ * (at your option) any later version. See the COPYING file in the
+ * top-level directory.
+ *
+ */
+
+#ifndef QCRYPTO_HMACPRIV_H
+#define QCRYPTO_HMACPRIV_H
+
+typedef struct QCryptoHmacDriver QCryptoHmacDriver;
+
+struct QCryptoHmacDriver {
+ int (*hmac_bytesv)(QCryptoHmac *hmac,
+ const struct iovec *iov,
+ size_t niov,
+ uint8_t **result,
+ size_t *resultlen,
+ Error **errp);
+
+ void (*hmac_free)(QCryptoHmac *hmac);
+};
+
+extern void *qcrypto_hmac_ctx_new(QCryptoHashAlgorithm alg,
+ const uint8_t *key, size_t nkey,
+ Error **errp);
+extern QCryptoHmacDriver qcrypto_hmac_lib_driver;
+
+#endif
diff --git a/include/crypto/hmac.h b/include/crypto/hmac.h
index 0d3acd7..5e88905 100644
--- a/include/crypto/hmac.h
+++ b/include/crypto/hmac.h
@@ -18,6 +18,7 @@ typedef struct QCryptoHmac QCryptoHmac;
struct QCryptoHmac {
QCryptoHashAlgorithm alg;
void *opaque;
+ void *driver;
};
/**
--
1.8.3.1
^ permalink raw reply related [flat|nested] 21+ messages in thread
* [Qemu-devel] [PATCH v6 12/18] crypto: introduce some common functions for af_alg backend
2017-07-14 18:03 [Qemu-devel] [PATCH v6 00/18] crypto: add afalg-backend support longpeng.mike
` (10 preceding siblings ...)
2017-07-14 18:04 ` [Qemu-devel] [PATCH v6 11/18] crypto: hmac: add hmac driver framework longpeng.mike
@ 2017-07-14 18:04 ` longpeng.mike
2017-07-18 9:49 ` Daniel P. Berrange
2017-07-14 18:04 ` [Qemu-devel] [PATCH v6 13/18] crypto: cipher: add afalg-backend cipher support longpeng.mike
` (6 subsequent siblings)
18 siblings, 1 reply; 21+ messages in thread
From: longpeng.mike @ 2017-07-14 18:04 UTC (permalink / raw)
To: berrange; +Cc: qemu-devel, arei.gonglei, weidong.huang, Longpeng(Mike)
From: "Longpeng(Mike)" <longpeng2@huawei.com>
The AF_ALG socket family is the userspace interface for linux
crypto API, this patch adds af_alg family support and some common
functions for af_alg backend. It'll be used by afalg-backend crypto
latter.
Signed-off-by: Longpeng(Mike) <longpeng2@huawei.com>
---
configure | 30 +++++++++++++
crypto/Makefile.objs | 1 +
crypto/afalg.c | 116 +++++++++++++++++++++++++++++++++++++++++++++++++++
crypto/afalgpriv.h | 54 ++++++++++++++++++++++++
4 files changed, 201 insertions(+)
create mode 100644 crypto/afalg.c
create mode 100644 crypto/afalgpriv.h
diff --git a/configure b/configure
index 902653a..4beab2a 100755
--- a/configure
+++ b/configure
@@ -375,6 +375,7 @@ libnfs=""
coroutine=""
coroutine_pool=""
debug_stack_usage="no"
+crypto_afalg="no"
seccomp=""
glusterfs=""
glusterfs_xlator_opt="no"
@@ -1124,6 +1125,8 @@ for opt do
;;
--enable-debug-stack-usage) debug_stack_usage="yes"
;;
+ --enable-crypto-afalg) crypto_afalg="yes"
+ ;;
--disable-docs) docs="no"
;;
--enable-docs) docs="yes"
@@ -1443,6 +1446,8 @@ Advanced options (experts only):
xen pv domain builder
--enable-debug-stack-usage
track the maximum stack usage of stacks created by qemu_alloc_stack
+ --enable-crypto-afalg
+ enable afalg-backend crypto and try to use it first.
Optional features, enabled with --enable-FEATURE and
disabled with --disable-FEATURE, default is enabled if available:
@@ -4834,6 +4839,24 @@ if compile_prog "" "" ; then
have_af_vsock=yes
fi
+##########################################
+# check for usable AF_ALG environment
+hava_af_alg=no
+cat > $TMPC << EOF
+#include <errno.h>
+#include <sys/types.h>
+#include <sys/socket.h>
+#include <linux/if_alg.h>
+int main(void) {
+ int sock;
+ sock = socket(AF_ALG, SOCK_SEQPACKET, 0);
+ return sock;
+}
+EOF
+if compile_prog "" "" ; then
+ have_afalg=yes
+fi
+
#################################################
# Sparc implicitly links with --relax, which is
# incompatible with -r, so --no-relax should be
@@ -5300,6 +5323,7 @@ echo "seccomp support $seccomp"
echo "coroutine backend $coroutine"
echo "coroutine pool $coroutine_pool"
echo "debug stack usage $debug_stack_usage"
+echo "crypto afalg $crypto_afalg"
echo "GlusterFS support $glusterfs"
echo "gcov $gcov_tool"
echo "gcov enabled $gcov"
@@ -5811,6 +5835,12 @@ if test "$debug_stack_usage" = "yes" ; then
echo "CONFIG_DEBUG_STACK_USAGE=y" >> $config_host_mak
fi
+if test "$crypto_afalg" = "yes" ; then
+ if test "$have_afalg" = "yes" ; then
+ echo "CONFIG_AF_ALG=y" >> $config_host_mak
+ fi
+fi
+
if test "$open_by_handle_at" = "yes" ; then
echo "CONFIG_OPEN_BY_HANDLE=y" >> $config_host_mak
fi
diff --git a/crypto/Makefile.objs b/crypto/Makefile.objs
index 1f749f2..2be5a3a 100644
--- a/crypto/Makefile.objs
+++ b/crypto/Makefile.objs
@@ -10,6 +10,7 @@ crypto-obj-$(if $(CONFIG_NETTLE),n,$(if $(CONFIG_GCRYPT_HMAC),n,y)) += hmac-glib
crypto-obj-y += aes.o
crypto-obj-y += desrfb.o
crypto-obj-y += cipher.o
+crypto-obj-$(CONFIG_AF_ALG) += afalg.o
crypto-obj-y += tlscreds.o
crypto-obj-y += tlscredsanon.o
crypto-obj-y += tlscredsx509.o
diff --git a/crypto/afalg.c b/crypto/afalg.c
new file mode 100644
index 0000000..10046bb
--- /dev/null
+++ b/crypto/afalg.c
@@ -0,0 +1,116 @@
+/*
+ * QEMU Crypto af_alg support
+ *
+ * Copyright (c) 2017 HUAWEI TECHNOLOGIES CO., LTD.
+ *
+ * Authors:
+ * Longpeng(Mike) <longpeng2@huawei.com>
+ *
+ * This work is licensed under the terms of the GNU GPL, version 2 or
+ * (at your option) any later version. See the COPYING file in the
+ * top-level directory.
+ */
+#include "qemu/osdep.h"
+#include "qemu/cutils.h"
+#include "qemu/sockets.h"
+#include "qapi/error.h"
+#include "afalgpriv.h"
+
+static bool
+qcrypto_afalg_build_saddr(const char *type, const char *name,
+ struct sockaddr_alg *salg, Error **errp)
+{
+ salg->salg_family = AF_ALG;
+
+ if (strnlen(type, SALG_TYPE_LEN_MAX) >= SALG_TYPE_LEN_MAX) {
+ error_setg(errp, "Afalg type(%s) is larger than %d bytes",
+ type, SALG_TYPE_LEN_MAX);
+ return false;
+ }
+
+ if (strnlen(name, SALG_NAME_LEN_MAX) >= SALG_NAME_LEN_MAX) {
+ error_setg(errp, "Afalg name(%s) is larger than %d bytes",
+ name, SALG_NAME_LEN_MAX);
+ return false;
+ }
+
+ pstrcpy((char *)salg->salg_type, SALG_TYPE_LEN_MAX, type);
+ pstrcpy((char *)salg->salg_name, SALG_NAME_LEN_MAX, name);
+
+ return true;
+}
+
+static int
+qcrypto_afalg_socket_bind(const char *type, const char *name,
+ Error **errp)
+{
+ int sbind;
+ struct sockaddr_alg salg = {0};
+
+ if (!qcrypto_afalg_build_saddr(type, name, &salg, errp)) {
+ return -1;
+ }
+
+ sbind = qemu_socket(AF_ALG, SOCK_SEQPACKET, 0);
+ if (sbind < 0) {
+ error_setg_errno(errp, errno, "Failed to create socket");
+ return -1;
+ }
+
+ if (bind(sbind, (const struct sockaddr *)&salg, sizeof(salg)) != 0) {
+ error_setg_errno(errp, errno, "Failed to bind socket");
+ closesocket(sbind);
+ return -1;
+ }
+
+ return sbind;
+}
+
+QCryptoAFAlg *
+qcrypto_afalg_comm_alloc(const char *type, const char *name,
+ Error **errp)
+{
+ QCryptoAFAlg *afalg;
+
+ afalg = g_new0(QCryptoAFAlg, 1);
+ /* initilize crypto API socket */
+ afalg->opfd = -1;
+ afalg->tfmfd = qcrypto_afalg_socket_bind(type, name, errp);
+ if (afalg->tfmfd == -1) {
+ goto error;
+ }
+
+ afalg->opfd = qemu_accept(afalg->tfmfd, NULL, 0);
+ if (afalg->opfd == -1) {
+ error_setg_errno(errp, errno, "Failed to accept socket");
+ goto error;
+ }
+
+ return afalg;
+
+error:
+ qcrypto_afalg_comm_free(afalg);
+ return NULL;
+}
+
+void qcrypto_afalg_comm_free(QCryptoAFAlg *afalg)
+{
+ if (!afalg) {
+ return;
+ }
+
+ if (afalg->msg) {
+ g_free(afalg->msg->msg_control);
+ g_free(afalg->msg);
+ }
+
+ if (afalg->tfmfd != -1) {
+ closesocket(afalg->tfmfd);
+ }
+
+ if (afalg->opfd != -1) {
+ closesocket(afalg->opfd);
+ }
+
+ g_free(afalg);
+}
diff --git a/crypto/afalgpriv.h b/crypto/afalgpriv.h
new file mode 100644
index 0000000..76118cf
--- /dev/null
+++ b/crypto/afalgpriv.h
@@ -0,0 +1,54 @@
+/*
+ * QEMU Crypto af_alg support
+ *
+ * Copyright (c) 2017 HUAWEI TECHNOLOGIES CO., LTD.
+ *
+ * Authors:
+ * Longpeng(Mike) <longpeng2@huawei.com>
+ *
+ * This work is licensed under the terms of the GNU GPL, version 2 or
+ * (at your option) any later version. See the COPYING file in the
+ * top-level directory.
+ */
+
+#ifndef QCRYPTO_AFALGPRIV_H
+#define QCRYPTO_AFALGPRIV_H
+
+#include <linux/if_alg.h>
+
+#define SALG_TYPE_LEN_MAX 14
+#define SALG_NAME_LEN_MAX 64
+
+typedef struct QCryptoAFAlg QCryptoAFAlg;
+
+struct QCryptoAFAlg {
+ int tfmfd;
+ int opfd;
+ struct msghdr *msg;
+ struct cmsghdr *cmsg;
+};
+
+/**
+ * qcrypto_afalg_comm_alloc:
+ * @type: the type of crypto operation
+ * @name: the name of crypto operation
+ *
+ * Allocate a QCryptoAFAlg object and bind itself to
+ * a AF_ALG socket.
+ *
+ * Returns:
+ * a new QCryptoAFAlg object, or NULL in error.
+ */
+QCryptoAFAlg *
+qcrypto_afalg_comm_alloc(const char *type, const char *name,
+ Error **errp);
+
+/**
+ * afalg_comm_free:
+ * @afalg: the QCryptoAFAlg object
+ *
+ * Free the @afalg.
+ */
+void qcrypto_afalg_comm_free(QCryptoAFAlg *afalg);
+
+#endif
--
1.8.3.1
^ permalink raw reply related [flat|nested] 21+ messages in thread
* [Qemu-devel] [PATCH v6 13/18] crypto: cipher: add afalg-backend cipher support
2017-07-14 18:03 [Qemu-devel] [PATCH v6 00/18] crypto: add afalg-backend support longpeng.mike
` (11 preceding siblings ...)
2017-07-14 18:04 ` [Qemu-devel] [PATCH v6 12/18] crypto: introduce some common functions for af_alg backend longpeng.mike
@ 2017-07-14 18:04 ` longpeng.mike
2017-07-14 18:04 ` [Qemu-devel] [PATCH v6 14/18] crypto: hash: add afalg-backend hash support longpeng.mike
` (5 subsequent siblings)
18 siblings, 0 replies; 21+ messages in thread
From: longpeng.mike @ 2017-07-14 18:04 UTC (permalink / raw)
To: berrange; +Cc: qemu-devel, arei.gonglei, weidong.huang, Longpeng(Mike)
From: "Longpeng(Mike)" <longpeng2@huawei.com>
Adds afalg-backend cipher support: introduces some private APIs
firstly, and then intergrates them into qcrypto_cipher_afalg_driver.
Signed-off-by: Longpeng(Mike) <longpeng2@huawei.com>
---
crypto/Makefile.objs | 1 +
crypto/afalgpriv.h | 9 ++
crypto/cipher-afalg.c | 226 ++++++++++++++++++++++++++++++++++++++++++++++++++
crypto/cipher.c | 23 ++++-
crypto/cipherpriv.h | 16 ++++
5 files changed, 271 insertions(+), 4 deletions(-)
create mode 100644 crypto/cipher-afalg.c
diff --git a/crypto/Makefile.objs b/crypto/Makefile.objs
index 2be5a3a..d2e8fa8 100644
--- a/crypto/Makefile.objs
+++ b/crypto/Makefile.objs
@@ -11,6 +11,7 @@ crypto-obj-y += aes.o
crypto-obj-y += desrfb.o
crypto-obj-y += cipher.o
crypto-obj-$(CONFIG_AF_ALG) += afalg.o
+crypto-obj-$(CONFIG_AF_ALG) += cipher-afalg.o
crypto-obj-y += tlscreds.o
crypto-obj-y += tlscredsanon.o
crypto-obj-y += tlscredsx509.o
diff --git a/crypto/afalgpriv.h b/crypto/afalgpriv.h
index 76118cf..d0941d4 100644
--- a/crypto/afalgpriv.h
+++ b/crypto/afalgpriv.h
@@ -19,6 +19,15 @@
#define SALG_TYPE_LEN_MAX 14
#define SALG_NAME_LEN_MAX 64
+#ifndef SOL_ALG
+#define SOL_ALG 279
+#endif
+
+#define AFALG_TYPE_CIPHER "skcipher"
+
+#define ALG_OPTYPE_LEN 4
+#define ALG_MSGIV_LEN(len) (sizeof(struct af_alg_iv) + (len))
+
typedef struct QCryptoAFAlg QCryptoAFAlg;
struct QCryptoAFAlg {
diff --git a/crypto/cipher-afalg.c b/crypto/cipher-afalg.c
new file mode 100644
index 0000000..01343b2
--- /dev/null
+++ b/crypto/cipher-afalg.c
@@ -0,0 +1,226 @@
+/*
+ * QEMU Crypto af_alg-backend cipher support
+ *
+ * Copyright (c) 2017 HUAWEI TECHNOLOGIES CO., LTD.
+ *
+ * Authors:
+ * Longpeng(Mike) <longpeng2@huawei.com>
+ *
+ * This work is licensed under the terms of the GNU GPL, version 2 or
+ * (at your option) any later version. See the COPYING file in the
+ * top-level directory.
+ */
+#include "qemu/osdep.h"
+#include "qemu/sockets.h"
+#include "qemu-common.h"
+#include "qapi/error.h"
+#include "crypto/cipher.h"
+#include "cipherpriv.h"
+
+
+static char *
+qcrypto_afalg_cipher_format_name(QCryptoCipherAlgorithm alg,
+ QCryptoCipherMode mode,
+ Error **errp)
+{
+ char *name;
+ const char *alg_name;
+ const char *mode_name;
+
+ switch (alg) {
+ case QCRYPTO_CIPHER_ALG_AES_128:
+ case QCRYPTO_CIPHER_ALG_AES_192:
+ case QCRYPTO_CIPHER_ALG_AES_256:
+ alg_name = "aes";
+ break;
+ case QCRYPTO_CIPHER_ALG_CAST5_128:
+ alg_name = "cast5";
+ break;
+ case QCRYPTO_CIPHER_ALG_SERPENT_128:
+ case QCRYPTO_CIPHER_ALG_SERPENT_192:
+ case QCRYPTO_CIPHER_ALG_SERPENT_256:
+ alg_name = "serpent";
+ break;
+ case QCRYPTO_CIPHER_ALG_TWOFISH_128:
+ case QCRYPTO_CIPHER_ALG_TWOFISH_192:
+ case QCRYPTO_CIPHER_ALG_TWOFISH_256:
+ alg_name = "twofish";
+ break;
+
+ default:
+ error_setg(errp, "Unsupported cipher algorithm %d", alg);
+ return NULL;
+ }
+
+ mode_name = QCryptoCipherMode_lookup[mode];
+ name = g_strdup_printf("%s(%s)", mode_name, alg_name);
+
+ return name;
+}
+
+QCryptoAFAlg *
+qcrypto_afalg_cipher_ctx_new(QCryptoCipherAlgorithm alg,
+ QCryptoCipherMode mode,
+ const uint8_t *key,
+ size_t nkey, Error **errp)
+{
+ QCryptoAFAlg *afalg;
+ size_t expect_niv;
+ char *name;
+
+ name = qcrypto_afalg_cipher_format_name(alg, mode, errp);
+ if (!name) {
+ return NULL;
+ }
+
+ afalg = qcrypto_afalg_comm_alloc(AFALG_TYPE_CIPHER, name, errp);
+ if (!afalg) {
+ g_free(name);
+ return NULL;
+ }
+
+ g_free(name);
+
+ /* setkey */
+ if (qemu_setsockopt(afalg->tfmfd, SOL_ALG, ALG_SET_KEY, key,
+ nkey) != 0) {
+ error_setg_errno(errp, errno, "Set key failed");
+ qcrypto_afalg_comm_free(afalg);
+ return NULL;
+ }
+
+ /* prepare msg header */
+ afalg->msg = g_new0(struct msghdr, 1);
+ afalg->msg->msg_controllen += CMSG_SPACE(ALG_OPTYPE_LEN);
+ expect_niv = qcrypto_cipher_get_iv_len(alg, mode);
+ if (expect_niv) {
+ afalg->msg->msg_controllen += CMSG_SPACE(ALG_MSGIV_LEN(expect_niv));
+ }
+ afalg->msg->msg_control = g_new0(uint8_t, afalg->msg->msg_controllen);
+
+ /* We use 1st msghdr for crypto-info and 2nd msghdr for IV-info */
+ afalg->cmsg = CMSG_FIRSTHDR(afalg->msg);
+ afalg->cmsg->cmsg_type = ALG_SET_OP;
+ afalg->cmsg->cmsg_len = CMSG_SPACE(ALG_OPTYPE_LEN);
+ if (expect_niv) {
+ afalg->cmsg = CMSG_NXTHDR(afalg->msg, afalg->cmsg);
+ afalg->cmsg->cmsg_type = ALG_SET_IV;
+ afalg->cmsg->cmsg_len = CMSG_SPACE(ALG_MSGIV_LEN(expect_niv));
+ }
+ afalg->cmsg = CMSG_FIRSTHDR(afalg->msg);
+
+ return afalg;
+}
+
+static int
+qcrypto_afalg_cipher_setiv(QCryptoCipher *cipher,
+ const uint8_t *iv,
+ size_t niv, Error **errp)
+{
+ struct af_alg_iv *alg_iv;
+ size_t expect_niv;
+ QCryptoAFAlg *afalg = cipher->opaque;
+
+ expect_niv = qcrypto_cipher_get_iv_len(cipher->alg, cipher->mode);
+ if (niv != expect_niv) {
+ error_setg(errp, "Set IV len(%zu) not match expected(%zu)",
+ niv, expect_niv);
+ return -1;
+ }
+
+ /* move ->cmsg to next msghdr, for IV-info */
+ afalg->cmsg = CMSG_NXTHDR(afalg->msg, afalg->cmsg);
+
+ /* build setiv msg */
+ afalg->cmsg->cmsg_level = SOL_ALG;
+ alg_iv = (struct af_alg_iv *)CMSG_DATA(afalg->cmsg);
+ alg_iv->ivlen = niv;
+ memcpy(alg_iv->iv, iv, niv);
+
+ return 0;
+}
+
+static int
+qcrypto_afalg_cipher_op(QCryptoAFAlg *afalg,
+ const void *in, void *out,
+ size_t len, bool do_encrypt,
+ Error **errp)
+{
+ uint32_t *type = NULL;
+ struct iovec iov;
+ size_t ret, rlen, done = 0;
+ uint32_t origin_controllen;
+
+ origin_controllen = afalg->msg->msg_controllen;
+ /* movev ->cmsg to first header, for crypto-info */
+ afalg->cmsg = CMSG_FIRSTHDR(afalg->msg);
+
+ /* build encrypt msg */
+ afalg->cmsg->cmsg_level = SOL_ALG;
+ afalg->msg->msg_iov = &iov;
+ afalg->msg->msg_iovlen = 1;
+ type = (uint32_t *)CMSG_DATA(afalg->cmsg);
+ if (do_encrypt) {
+ *type = ALG_OP_ENCRYPT;
+ } else {
+ *type = ALG_OP_DECRYPT;
+ }
+
+ do {
+ iov.iov_base = (void *)in + done;
+ iov.iov_len = len - done;
+
+ /* send info to AF_ALG core */
+ ret = sendmsg(afalg->opfd, afalg->msg, 0);
+ if (ret == -1) {
+ error_setg_errno(errp, errno, "Send data to AF_ALG core failed");
+ return -1;
+ }
+
+ /* encrypto && get result */
+ rlen = read(afalg->opfd, out, ret);
+ if (rlen == -1) {
+ error_setg_errno(errp, errno, "Get result from AF_ALG core failed");
+ return -1;
+ }
+ assert(rlen == ret);
+
+ /* do not update IV for following chunks */
+ afalg->msg->msg_controllen = 0;
+ done += ret;
+ } while (done < len);
+
+ afalg->msg->msg_controllen = origin_controllen;
+
+ return 0;
+}
+
+static int
+qcrypto_afalg_cipher_encrypt(QCryptoCipher *cipher,
+ const void *in, void *out,
+ size_t len, Error **errp)
+{
+ return qcrypto_afalg_cipher_op(cipher->opaque, in, out,
+ len, true, errp);
+}
+
+static int
+qcrypto_afalg_cipher_decrypt(QCryptoCipher *cipher,
+ const void *in, void *out,
+ size_t len, Error **errp)
+{
+ return qcrypto_afalg_cipher_op(cipher->opaque, in, out,
+ len, false, errp);
+}
+
+static void qcrypto_afalg_comm_ctx_free(QCryptoCipher *cipher)
+{
+ qcrypto_afalg_comm_free(cipher->opaque);
+}
+
+struct QCryptoCipherDriver qcrypto_cipher_afalg_driver = {
+ .cipher_encrypt = qcrypto_afalg_cipher_encrypt,
+ .cipher_decrypt = qcrypto_afalg_cipher_decrypt,
+ .cipher_setiv = qcrypto_afalg_cipher_setiv,
+ .cipher_free = qcrypto_afalg_comm_ctx_free,
+};
diff --git a/crypto/cipher.c b/crypto/cipher.c
index 0a3d2e5..a487270 100644
--- a/crypto/cipher.c
+++ b/crypto/cipher.c
@@ -163,18 +163,33 @@ QCryptoCipher *qcrypto_cipher_new(QCryptoCipherAlgorithm alg,
Error **errp)
{
QCryptoCipher *cipher;
- void *ctx;
+ void *ctx = NULL;
+ Error *err2 = NULL;
+ QCryptoCipherDriver *drv;
+
+#ifdef CONFIG_AF_ALG
+ ctx = qcrypto_afalg_cipher_ctx_new(alg, mode, key, nkey, &err2);
+ if (ctx) {
+ drv = &qcrypto_cipher_afalg_driver;
+ }
+#endif
- ctx = qcrypto_cipher_ctx_new(alg, mode, key, nkey, errp);
if (!ctx) {
- return NULL;
+ ctx = qcrypto_cipher_ctx_new(alg, mode, key, nkey, errp);
+ if (!ctx) {
+ error_free(err2);
+ return NULL;
+ }
+
+ drv = &qcrypto_cipher_lib_driver;
+ error_free(err2);
}
cipher = g_new0(QCryptoCipher, 1);
cipher->alg = alg;
cipher->mode = mode;
cipher->opaque = ctx;
- cipher->driver = (void *)&qcrypto_cipher_lib_driver;
+ cipher->driver = (void *)drv;
return cipher;
}
diff --git a/crypto/cipherpriv.h b/crypto/cipherpriv.h
index 4af5e85..77da4c2 100644
--- a/crypto/cipherpriv.h
+++ b/crypto/cipherpriv.h
@@ -15,6 +15,8 @@
#ifndef QCRYPTO_CIPHERPRIV_H
#define QCRYPTO_CIPHERPRIV_H
+#include "qapi-types.h"
+
typedef struct QCryptoCipherDriver QCryptoCipherDriver;
struct QCryptoCipherDriver {
@@ -37,4 +39,18 @@ struct QCryptoCipherDriver {
void (*cipher_free)(QCryptoCipher *cipher);
};
+#ifdef CONFIG_AF_ALG
+
+#include "afalgpriv.h"
+
+extern QCryptoAFAlg *
+qcrypto_afalg_cipher_ctx_new(QCryptoCipherAlgorithm alg,
+ QCryptoCipherMode mode,
+ const uint8_t *key,
+ size_t nkey, Error **errp);
+
+extern struct QCryptoCipherDriver qcrypto_cipher_afalg_driver;
+
+#endif
+
#endif
--
1.8.3.1
^ permalink raw reply related [flat|nested] 21+ messages in thread
* [Qemu-devel] [PATCH v6 14/18] crypto: hash: add afalg-backend hash support
2017-07-14 18:03 [Qemu-devel] [PATCH v6 00/18] crypto: add afalg-backend support longpeng.mike
` (12 preceding siblings ...)
2017-07-14 18:04 ` [Qemu-devel] [PATCH v6 13/18] crypto: cipher: add afalg-backend cipher support longpeng.mike
@ 2017-07-14 18:04 ` longpeng.mike
2017-07-14 18:04 ` [Qemu-devel] [PATCH v6 15/18] crypto: hmac: add af_alg-backend hmac support longpeng.mike
` (4 subsequent siblings)
18 siblings, 0 replies; 21+ messages in thread
From: longpeng.mike @ 2017-07-14 18:04 UTC (permalink / raw)
To: berrange; +Cc: qemu-devel, arei.gonglei, weidong.huang, Longpeng(Mike)
From: "Longpeng(Mike)" <longpeng2@huawei.com>
Adds afalg-backend hash support: introduces some private APIs
firstly, and then intergrates them into qcrypto_hash_afalg_driver.
Signed-off-by: Longpeng(Mike) <longpeng2@huawei.com>
---
crypto/Makefile.objs | 1 +
crypto/afalgpriv.h | 1 +
crypto/hash-afalg.c | 136 +++++++++++++++++++++++++++++++++++++++++++++++++++
crypto/hash.c | 17 +++++++
crypto/hashpriv.h | 8 +++
5 files changed, 163 insertions(+)
create mode 100644 crypto/hash-afalg.c
diff --git a/crypto/Makefile.objs b/crypto/Makefile.objs
index d2e8fa8..2b99e08 100644
--- a/crypto/Makefile.objs
+++ b/crypto/Makefile.objs
@@ -12,6 +12,7 @@ crypto-obj-y += desrfb.o
crypto-obj-y += cipher.o
crypto-obj-$(CONFIG_AF_ALG) += afalg.o
crypto-obj-$(CONFIG_AF_ALG) += cipher-afalg.o
+crypto-obj-$(CONFIG_AF_ALG) += hash-afalg.o
crypto-obj-y += tlscreds.o
crypto-obj-y += tlscredsanon.o
crypto-obj-y += tlscredsx509.o
diff --git a/crypto/afalgpriv.h b/crypto/afalgpriv.h
index d0941d4..f6550b5 100644
--- a/crypto/afalgpriv.h
+++ b/crypto/afalgpriv.h
@@ -24,6 +24,7 @@
#endif
#define AFALG_TYPE_CIPHER "skcipher"
+#define AFALG_TYPE_HASH "hash"
#define ALG_OPTYPE_LEN 4
#define ALG_MSGIV_LEN(len) (sizeof(struct af_alg_iv) + (len))
diff --git a/crypto/hash-afalg.c b/crypto/hash-afalg.c
new file mode 100644
index 0000000..70ab414
--- /dev/null
+++ b/crypto/hash-afalg.c
@@ -0,0 +1,136 @@
+/*
+ * QEMU Crypto af_alg-backend hash support
+ *
+ * Copyright (c) 2017 HUAWEI TECHNOLOGIES CO., LTD.
+ *
+ * Authors:
+ * Longpeng(Mike) <longpeng2@huawei.com>
+ *
+ * This work is licensed under the terms of the GNU GPL, version 2 or
+ * (at your option) any later version. See the COPYING file in the
+ * top-level directory.
+ */
+#include "qemu/osdep.h"
+#include "qemu/iov.h"
+#include "qemu/sockets.h"
+#include "qemu-common.h"
+#include "qapi/error.h"
+#include "crypto/hash.h"
+#include "hashpriv.h"
+
+static char *
+qcrypto_afalg_hash_format_name(QCryptoHashAlgorithm alg,
+ Error **errp)
+{
+ char *name;
+ const char *alg_name;
+
+ switch (alg) {
+ case QCRYPTO_HASH_ALG_MD5:
+ alg_name = "md5";
+ break;
+ case QCRYPTO_HASH_ALG_SHA1:
+ alg_name = "sha1";
+ break;
+ case QCRYPTO_HASH_ALG_SHA224:
+ alg_name = "sha224";
+ break;
+ case QCRYPTO_HASH_ALG_SHA256:
+ alg_name = "sha256";
+ break;
+ case QCRYPTO_HASH_ALG_SHA384:
+ alg_name = "sha384";
+ break;
+ case QCRYPTO_HASH_ALG_SHA512:
+ alg_name = "sha512";
+ break;
+ case QCRYPTO_HASH_ALG_RIPEMD160:
+ alg_name = "rmd160";
+ break;
+
+ default:
+ error_setg(errp, "Unsupported hash algorithm %d", alg);
+ return NULL;
+ }
+
+ name = g_strdup_printf("%s", alg_name);
+
+ return name;
+}
+
+static QCryptoAFAlg *
+qcrypto_afalg_hash_ctx_new(QCryptoHashAlgorithm alg, Error **errp)
+{
+ QCryptoAFAlg *afalg;
+ char *name;
+
+ name = qcrypto_afalg_hash_format_name(alg, errp);
+ if (!name) {
+ return NULL;
+ }
+
+ afalg = qcrypto_afalg_comm_alloc(AFALG_TYPE_HASH, name, errp);
+ if (!afalg) {
+ g_free(name);
+ return NULL;
+ }
+
+ g_free(name);
+
+ return afalg;
+}
+
+static int
+qcrypto_afalg_hash_bytesv(QCryptoHashAlgorithm alg,
+ const struct iovec *iov,
+ size_t niov, uint8_t **result,
+ size_t *resultlen,
+ Error **errp)
+{
+ QCryptoAFAlg *afalg;
+ struct iovec outv;
+ int ret = 0;
+ const int expect_len = qcrypto_hash_digest_len(alg);
+
+ if (*resultlen == 0) {
+ *resultlen = expect_len;
+ *result = g_new0(uint8_t, *resultlen);
+ } else if (*resultlen != expect_len) {
+ error_setg(errp,
+ "Result buffer size %zu is not match hash %d",
+ *resultlen, expect_len);
+ return -1;
+ }
+
+ afalg = qcrypto_afalg_hash_ctx_new(alg, errp);
+ if (!afalg) {
+ return -1;
+ }
+
+ /* send data to kernel's crypto core */
+ ret = iov_send_recv(afalg->opfd, iov, niov,
+ 0, iov_size(iov, niov), true);
+ if (ret < 0) {
+ error_setg_errno(errp, errno, "Send data to afalg-core failed");
+ goto out;
+ }
+
+ /* hash && get result */
+ outv.iov_base = *result;
+ outv.iov_len = *resultlen;
+ ret = iov_send_recv(afalg->opfd, &outv, 1,
+ 0, iov_size(&outv, 1), false);
+ if (ret < 0) {
+ error_setg_errno(errp, errno, "Recv result from afalg-core failed");
+ } else {
+ ret = 0;
+ }
+
+out:
+ qcrypto_afalg_comm_free(afalg);
+ return ret;
+}
+
+QCryptoHashDriver qcrypto_hash_afalg_driver = {
+ .hash_bytesv = qcrypto_afalg_hash_bytesv,
+};
diff --git a/crypto/hash.c b/crypto/hash.c
index c43fd87..ac59c63 100644
--- a/crypto/hash.c
+++ b/crypto/hash.c
@@ -46,6 +46,23 @@ int qcrypto_hash_bytesv(QCryptoHashAlgorithm alg,
size_t *resultlen,
Error **errp)
{
+#ifdef CONFIG_AF_ALG
+ int ret;
+
+ ret = qcrypto_hash_afalg_driver.hash_bytesv(alg, iov, niov,
+ result, resultlen,
+ errp);
+ if (ret == 0) {
+ return ret;
+ }
+
+ /*
+ * TODO:
+ * Maybe we should treat some afalg errors as fatal
+ */
+ error_free(*errp);
+#endif
+
return qcrypto_hash_lib_driver.hash_bytesv(alg, iov, niov,
result, resultlen,
errp);
diff --git a/crypto/hashpriv.h b/crypto/hashpriv.h
index 5e505e0..cee26cc 100644
--- a/crypto/hashpriv.h
+++ b/crypto/hashpriv.h
@@ -28,4 +28,12 @@ struct QCryptoHashDriver {
extern QCryptoHashDriver qcrypto_hash_lib_driver;
+#ifdef CONFIG_AF_ALG
+
+#include "afalgpriv.h"
+
+extern QCryptoHashDriver qcrypto_hash_afalg_driver;
+
+#endif
+
#endif
--
1.8.3.1
^ permalink raw reply related [flat|nested] 21+ messages in thread
* [Qemu-devel] [PATCH v6 15/18] crypto: hmac: add af_alg-backend hmac support
2017-07-14 18:03 [Qemu-devel] [PATCH v6 00/18] crypto: add afalg-backend support longpeng.mike
` (13 preceding siblings ...)
2017-07-14 18:04 ` [Qemu-devel] [PATCH v6 14/18] crypto: hash: add afalg-backend hash support longpeng.mike
@ 2017-07-14 18:04 ` longpeng.mike
2017-07-14 18:04 ` [Qemu-devel] [PATCH v6 16/18] tests: crypto: add cipher speed benchmark support longpeng.mike
` (3 subsequent siblings)
18 siblings, 0 replies; 21+ messages in thread
From: longpeng.mike @ 2017-07-14 18:04 UTC (permalink / raw)
To: berrange; +Cc: qemu-devel, arei.gonglei, weidong.huang, Longpeng(Mike)
From: "Longpeng(Mike)" <longpeng2@huawei.com>
Adds afalg-backend hmac support: introduces some private APIs
firstly, and then intergrates them into qcrypto_hmac_afalg_driver.
Signed-off-by: Longpeng(Mike) <longpeng2@huawei.com>
---
crypto/hash-afalg.c | 104 +++++++++++++++++++++++++++++++++++++++++++++-------
crypto/hmac.c | 22 +++++++++--
crypto/hmacpriv.h | 12 ++++++
3 files changed, 121 insertions(+), 17 deletions(-)
diff --git a/crypto/hash-afalg.c b/crypto/hash-afalg.c
index 70ab414..cf34c69 100644
--- a/crypto/hash-afalg.c
+++ b/crypto/hash-afalg.c
@@ -1,5 +1,5 @@
/*
- * QEMU Crypto af_alg-backend hash support
+ * QEMU Crypto af_alg-backend hash/hmac support
*
* Copyright (c) 2017 HUAWEI TECHNOLOGIES CO., LTD.
*
@@ -16,10 +16,13 @@
#include "qemu-common.h"
#include "qapi/error.h"
#include "crypto/hash.h"
+#include "crypto/hmac.h"
#include "hashpriv.h"
+#include "hmacpriv.h"
static char *
qcrypto_afalg_hash_format_name(QCryptoHashAlgorithm alg,
+ bool is_hmac,
Error **errp)
{
char *name;
@@ -53,18 +56,24 @@ qcrypto_afalg_hash_format_name(QCryptoHashAlgorithm alg,
return NULL;
}
- name = g_strdup_printf("%s", alg_name);
+ if (is_hmac) {
+ name = g_strdup_printf("hmac(%s)", alg_name);
+ } else {
+ name = g_strdup_printf("%s", alg_name);
+ }
return name;
}
static QCryptoAFAlg *
-qcrypto_afalg_hash_ctx_new(QCryptoHashAlgorithm alg, Error **errp)
+qcrypto_afalg_hash_hmac_ctx_new(QCryptoHashAlgorithm alg,
+ const uint8_t *key, size_t nkey,
+ bool is_hmac, Error **errp)
{
QCryptoAFAlg *afalg;
char *name;
- name = qcrypto_afalg_hash_format_name(alg, errp);
+ name = qcrypto_afalg_hash_format_name(alg, is_hmac, errp);
if (!name) {
return NULL;
}
@@ -77,19 +86,46 @@ qcrypto_afalg_hash_ctx_new(QCryptoHashAlgorithm alg, Error **errp)
g_free(name);
+ /* HMAC needs setkey */
+ if (is_hmac) {
+ if (qemu_setsockopt(afalg->tfmfd, SOL_ALG, ALG_SET_KEY,
+ key, nkey) != 0) {
+ error_setg_errno(errp, errno, "Set hmac key failed");
+ qcrypto_afalg_comm_free(afalg);
+ return NULL;
+ }
+ }
+
return afalg;
}
+static QCryptoAFAlg *
+qcrypto_afalg_hash_ctx_new(QCryptoHashAlgorithm alg,
+ Error **errp)
+{
+ return qcrypto_afalg_hash_hmac_ctx_new(alg, NULL, 0, false, errp);
+}
+
+QCryptoAFAlg *
+qcrypto_afalg_hmac_ctx_new(QCryptoHashAlgorithm alg,
+ const uint8_t *key, size_t nkey,
+ Error **errp)
+{
+ return qcrypto_afalg_hash_hmac_ctx_new(alg, key, nkey, true, errp);
+}
+
static int
-qcrypto_afalg_hash_bytesv(QCryptoHashAlgorithm alg,
- const struct iovec *iov,
- size_t niov, uint8_t **result,
- size_t *resultlen,
- Error **errp)
+qcrypto_afalg_hash_hmac_bytesv(QCryptoAFAlg *hmac,
+ QCryptoHashAlgorithm alg,
+ const struct iovec *iov,
+ size_t niov, uint8_t **result,
+ size_t *resultlen,
+ Error **errp)
{
QCryptoAFAlg *afalg;
struct iovec outv;
int ret = 0;
+ bool is_hmac = (hmac != NULL) ? true : false;
const int expect_len = qcrypto_hash_digest_len(alg);
if (*resultlen == 0) {
@@ -102,9 +138,13 @@ qcrypto_afalg_hash_bytesv(QCryptoHashAlgorithm alg,
return -1;
}
- afalg = qcrypto_afalg_hash_ctx_new(alg, errp);
- if (!afalg) {
- return -1;
+ if (is_hmac) {
+ afalg = hmac;
+ } else {
+ afalg = qcrypto_afalg_hash_ctx_new(alg, errp);
+ if (!afalg) {
+ return -1;
+ }
}
/* send data to kernel's crypto core */
@@ -127,10 +167,48 @@ qcrypto_afalg_hash_bytesv(QCryptoHashAlgorithm alg,
}
out:
- qcrypto_afalg_comm_free(afalg);
+ if (!is_hmac) {
+ qcrypto_afalg_comm_free(afalg);
+ }
return ret;
}
+static int
+qcrypto_afalg_hash_bytesv(QCryptoHashAlgorithm alg,
+ const struct iovec *iov,
+ size_t niov, uint8_t **result,
+ size_t *resultlen,
+ Error **errp)
+{
+ return qcrypto_afalg_hash_hmac_bytesv(NULL, alg, iov, niov, result,
+ resultlen, errp);
+}
+
+static int
+qcrypto_afalg_hmac_bytesv(QCryptoHmac *hmac,
+ const struct iovec *iov,
+ size_t niov, uint8_t **result,
+ size_t *resultlen,
+ Error **errp)
+{
+ return qcrypto_afalg_hash_hmac_bytesv(hmac->opaque, hmac->alg,
+ iov, niov, result, resultlen,
+ errp);
+}
+
+static void qcrypto_afalg_hmac_ctx_free(QCryptoHmac *hmac)
+{
+ QCryptoAFAlg *afalg;
+
+ afalg = hmac->opaque;
+ qcrypto_afalg_comm_free(afalg);
+}
+
QCryptoHashDriver qcrypto_hash_afalg_driver = {
.hash_bytesv = qcrypto_afalg_hash_bytesv,
};
+
+QCryptoHmacDriver qcrypto_hmac_afalg_driver = {
+ .hmac_bytesv = qcrypto_afalg_hmac_bytesv,
+ .hmac_free = qcrypto_afalg_hmac_ctx_free,
+};
diff --git a/crypto/hmac.c b/crypto/hmac.c
index a4690e3..37e2af2 100644
--- a/crypto/hmac.c
+++ b/crypto/hmac.c
@@ -89,17 +89,31 @@ QCryptoHmac *qcrypto_hmac_new(QCryptoHashAlgorithm alg,
Error **errp)
{
QCryptoHmac *hmac;
- void *ctx;
+ void *ctx = NULL;
+ Error *err2 = NULL;
+ QCryptoHmacDriver *drv;
+
+#ifdef CONFIG_AF_ALG
+ ctx = qcrypto_afalg_hmac_ctx_new(alg, key, nkey, &err2);
+ if (ctx) {
+ drv = &qcrypto_hmac_afalg_driver;
+ }
+#endif
- ctx = qcrypto_hmac_ctx_new(alg, key, nkey, errp);
if (!ctx) {
- return NULL;
+ ctx = qcrypto_hmac_ctx_new(alg, key, nkey, errp);
+ if (!ctx) {
+ return NULL;
+ }
+
+ drv = &qcrypto_hmac_lib_driver;
+ error_free(err2);
}
hmac = g_new0(QCryptoHmac, 1);
hmac->alg = alg;
hmac->opaque = ctx;
- hmac->driver = (void *)&qcrypto_hmac_lib_driver;
+ hmac->driver = (void *)drv;
return hmac;
}
diff --git a/crypto/hmacpriv.h b/crypto/hmacpriv.h
index 2be389a..4387ca2 100644
--- a/crypto/hmacpriv.h
+++ b/crypto/hmacpriv.h
@@ -33,4 +33,16 @@ extern void *qcrypto_hmac_ctx_new(QCryptoHashAlgorithm alg,
Error **errp);
extern QCryptoHmacDriver qcrypto_hmac_lib_driver;
+#ifdef CONFIG_AF_ALG
+
+#include "afalgpriv.h"
+
+extern QCryptoAFAlg *
+qcrypto_afalg_hmac_ctx_new(QCryptoHashAlgorithm alg,
+ const uint8_t *key, size_t nkey,
+ Error **errp);
+extern QCryptoHmacDriver qcrypto_hmac_afalg_driver;
+
+#endif
+
#endif
--
1.8.3.1
^ permalink raw reply related [flat|nested] 21+ messages in thread
* [Qemu-devel] [PATCH v6 16/18] tests: crypto: add cipher speed benchmark support
2017-07-14 18:03 [Qemu-devel] [PATCH v6 00/18] crypto: add afalg-backend support longpeng.mike
` (14 preceding siblings ...)
2017-07-14 18:04 ` [Qemu-devel] [PATCH v6 15/18] crypto: hmac: add af_alg-backend hmac support longpeng.mike
@ 2017-07-14 18:04 ` longpeng.mike
2017-07-14 18:04 ` [Qemu-devel] [PATCH v6 17/18] tests: crypto: add hash " longpeng.mike
` (2 subsequent siblings)
18 siblings, 0 replies; 21+ messages in thread
From: longpeng.mike @ 2017-07-14 18:04 UTC (permalink / raw)
To: berrange; +Cc: qemu-devel, arei.gonglei, weidong.huang, Longpeng(Mike)
From: "Longpeng(Mike)" <longpeng2@huawei.com>
Now we have two qcrypto backends, libiary-backend and afalg-backend,
but which one is faster? This patch add a cipher speed benchmark, it
helps us to measure the performance by using "make check-speed" or
using "./tests/benchmark-crypto-cipher" directly.
Signed-off-by: Longpeng(Mike) <longpeng2@huawei.com>
---
tests/Makefile.include | 9 ++++-
tests/benchmark-crypto-cipher.c | 88 +++++++++++++++++++++++++++++++++++++++++
2 files changed, 95 insertions(+), 2 deletions(-)
create mode 100644 tests/benchmark-crypto-cipher.c
diff --git a/tests/Makefile.include b/tests/Makefile.include
index 42e17e2..2f34c60 100644
--- a/tests/Makefile.include
+++ b/tests/Makefile.include
@@ -99,6 +99,7 @@ gcov-files-test-write-threshold-y = block/write-threshold.c
check-unit-y += tests/test-crypto-hash$(EXESUF)
check-unit-y += tests/test-crypto-hmac$(EXESUF)
check-unit-y += tests/test-crypto-cipher$(EXESUF)
+check-speed-y += tests/benchmark-crypto-cipher$(EXESUF)
check-unit-y += tests/test-crypto-secret$(EXESUF)
check-unit-$(CONFIG_GNUTLS) += tests/test-crypto-tlscredsx509$(EXESUF)
check-unit-$(CONFIG_GNUTLS) += tests/test-crypto-tlssession$(EXESUF)
@@ -532,6 +533,7 @@ test-qom-obj-y = $(qom-obj-y) $(test-util-obj-y)
test-qapi-obj-y = tests/test-qapi-visit.o tests/test-qapi-types.o \
tests/test-qapi-event.o tests/test-qmp-introspect.o \
$(test-qom-obj-y)
+benchmark-crypto-obj-y = $(crypto-obj-y) $(test-qom-obj-y)
test-crypto-obj-y = $(crypto-obj-y) $(test-qom-obj-y)
test-io-obj-y = $(io-obj-y) $(test-crypto-obj-y)
test-block-obj-y = $(block-obj-y) $(test-io-obj-y) tests/iothread.o
@@ -635,6 +637,7 @@ tests/test-bitcnt$(EXESUF): tests/test-bitcnt.o $(test-util-obj-y)
tests/test-crypto-hash$(EXESUF): tests/test-crypto-hash.o $(test-crypto-obj-y)
tests/test-crypto-hmac$(EXESUF): tests/test-crypto-hmac.o $(test-crypto-obj-y)
tests/test-crypto-cipher$(EXESUF): tests/test-crypto-cipher.o $(test-crypto-obj-y)
+tests/benchmark-crypto-cipher$(EXESUF): tests/benchmark-crypto-cipher.o $(test-crypto-obj-y)
tests/test-crypto-secret$(EXESUF): tests/test-crypto-secret.o $(test-crypto-obj-y)
tests/test-crypto-xts$(EXESUF): tests/test-crypto-xts.o $(test-crypto-obj-y)
@@ -803,6 +806,7 @@ check-help:
@echo " make check-qtest-TARGET Run qtest tests for given target"
@echo " make check-qtest Run qtest tests"
@echo " make check-unit Run qobject tests"
+ @echo " make check-speed Run qobject speed tests"
@echo " make check-qapi-schema Run QAPI schema tests"
@echo " make check-block Run block tests"
@echo " make check-report.html Generates an HTML test report"
@@ -833,8 +837,8 @@ $(patsubst %, check-qtest-%, $(QTEST_TARGETS)): check-qtest-%: $(check-qtest-y)
$(GCOV) $(GCOV_OPTIONS) $$f -o `dirname $$f`; \
done,)
-.PHONY: $(patsubst %, check-%, $(check-unit-y))
-$(patsubst %, check-%, $(check-unit-y)): check-%: %
+.PHONY: $(patsubst %, check-%, $(check-unit-y) $(check-speed-y))
+$(patsubst %, check-%, $(check-unit-y) $(check-speed-y)): check-%: %
$(if $(CONFIG_GCOV),@rm -f *.gcda */*.gcda */*/*.gcda */*/*/*.gcda,)
$(call quiet-command, \
MALLOC_PERTURB_=$${MALLOC_PERTURB_:-$$((RANDOM % 255 + 1))} \
@@ -893,6 +897,7 @@ check-tests/qapi-schema/doc-good.texi: tests/qapi-schema/doc-good.test.texi
check-qapi-schema: $(patsubst %,check-%, $(check-qapi-schema-y)) check-tests/qapi-schema/doc-good.texi
check-qtest: $(patsubst %,check-qtest-%, $(QTEST_TARGETS))
check-unit: $(patsubst %,check-%, $(check-unit-y))
+check-speed: $(patsubst %,check-%, $(check-speed-y))
check-block: $(patsubst %,check-%, $(check-block-y))
check: check-qapi-schema check-unit check-qtest
check-clean:
diff --git a/tests/benchmark-crypto-cipher.c b/tests/benchmark-crypto-cipher.c
new file mode 100644
index 0000000..c6a4092
--- /dev/null
+++ b/tests/benchmark-crypto-cipher.c
@@ -0,0 +1,88 @@
+/*
+ * QEMU Crypto cipher speed benchmark
+ *
+ * Copyright (c) 2017 HUAWEI TECHNOLOGIES CO., LTD.
+ *
+ * Authors:
+ * Longpeng(Mike) <longpeng2@huawei.com>
+ *
+ * This work is licensed under the terms of the GNU GPL, version 2 or
+ * (at your option) any later version. See the COPYING file in the
+ * top-level directory.
+ */
+#include "qemu/osdep.h"
+#include "crypto/init.h"
+#include "crypto/cipher.h"
+
+static void test_cipher_speed(const void *opaque)
+{
+ QCryptoCipher *cipher;
+ Error *err = NULL;
+ double total = 0.0;
+ size_t chunk_size = (size_t)opaque;
+ uint8_t *key = NULL, *iv = NULL;
+ uint8_t *plaintext = NULL, *ciphertext = NULL;
+ size_t nkey = qcrypto_cipher_get_key_len(QCRYPTO_CIPHER_ALG_AES_128);
+ size_t niv = qcrypto_cipher_get_iv_len(QCRYPTO_CIPHER_ALG_AES_128,
+ QCRYPTO_CIPHER_MODE_CBC);
+
+ key = g_new0(uint8_t, nkey);
+ memset(key, g_test_rand_int(), nkey);
+
+ iv = g_new0(uint8_t, niv);
+ memset(iv, g_test_rand_int(), niv);
+
+ ciphertext = g_new0(uint8_t, chunk_size);
+
+ plaintext = g_new0(uint8_t, chunk_size);
+ memset(plaintext, g_test_rand_int(), chunk_size);
+
+ cipher = qcrypto_cipher_new(QCRYPTO_CIPHER_ALG_AES_128,
+ QCRYPTO_CIPHER_MODE_CBC,
+ key, nkey, &err);
+ g_assert(cipher != NULL);
+
+ g_assert(qcrypto_cipher_setiv(cipher,
+ iv, niv,
+ &err) == 0);
+
+ g_test_timer_start();
+ do {
+ g_assert(qcrypto_cipher_encrypt(cipher,
+ plaintext,
+ ciphertext,
+ chunk_size,
+ &err) == 0);
+ total += chunk_size;
+ } while (g_test_timer_elapsed() < 5.0);
+
+ total /= 1024 * 1024; /* to MB */
+
+ g_print("cbc(aes128): ");
+ g_print("Testing chunk_size %ld bytes ", chunk_size);
+ g_print("done: %.2f MB in %.2f secs: ", total, g_test_timer_last());
+ g_print("%.2f MB/sec\n", total / g_test_timer_last());
+
+ qcrypto_cipher_free(cipher);
+ g_free(plaintext);
+ g_free(ciphertext);
+ g_free(iv);
+ g_free(key);
+}
+
+int main(int argc, char **argv)
+{
+ size_t i;
+ char name[64];
+
+ g_test_init(&argc, &argv, NULL);
+ g_assert(qcrypto_init(NULL) == 0);
+
+ for (i = 512; i <= (64 * 1204); i *= 2) {
+ memset(name, 0 , sizeof(name));
+ snprintf(name, sizeof(name), "/crypto/cipher/speed-%lu", i);
+ g_test_add_data_func(name, (void *)i, test_cipher_speed);
+ }
+
+ return g_test_run();
+}
--
1.8.3.1
^ permalink raw reply related [flat|nested] 21+ messages in thread
* [Qemu-devel] [PATCH v6 17/18] tests: crypto: add hash speed benchmark support
2017-07-14 18:03 [Qemu-devel] [PATCH v6 00/18] crypto: add afalg-backend support longpeng.mike
` (15 preceding siblings ...)
2017-07-14 18:04 ` [Qemu-devel] [PATCH v6 16/18] tests: crypto: add cipher speed benchmark support longpeng.mike
@ 2017-07-14 18:04 ` longpeng.mike
2017-07-14 18:04 ` [Qemu-devel] [PATCH v6 18/18] tests: crypto: add hmac " longpeng.mike
2017-07-18 9:55 ` [Qemu-devel] [PATCH v6 00/18] crypto: add afalg-backend support Daniel P. Berrange
18 siblings, 0 replies; 21+ messages in thread
From: longpeng.mike @ 2017-07-14 18:04 UTC (permalink / raw)
To: berrange; +Cc: qemu-devel, arei.gonglei, weidong.huang, Longpeng(Mike)
From: "Longpeng(Mike)" <longpeng2@huawei.com>
This patch add a hash speed benchmark, it helps us to
measure the performance by using "make check-speed" or
using "./tests/benchmark-crypto-hash" directly.
Signed-off-by: Longpeng(Mike) <longpeng2@huawei.com>
---
tests/Makefile.include | 2 ++
tests/benchmark-crypto-hash.c | 67 +++++++++++++++++++++++++++++++++++++++++++
2 files changed, 69 insertions(+)
create mode 100644 tests/benchmark-crypto-hash.c
diff --git a/tests/Makefile.include b/tests/Makefile.include
index 2f34c60..c5a67a3 100644
--- a/tests/Makefile.include
+++ b/tests/Makefile.include
@@ -97,6 +97,7 @@ gcov-files-test-keyval-y = util/keyval.c
check-unit-y += tests/test-write-threshold$(EXESUF)
gcov-files-test-write-threshold-y = block/write-threshold.c
check-unit-y += tests/test-crypto-hash$(EXESUF)
+check-speed-y += tests/benchmark-crypto-hash$(EXESUF)
check-unit-y += tests/test-crypto-hmac$(EXESUF)
check-unit-y += tests/test-crypto-cipher$(EXESUF)
check-speed-y += tests/benchmark-crypto-cipher$(EXESUF)
@@ -635,6 +636,7 @@ tests/test-mul64$(EXESUF): tests/test-mul64.o $(test-util-obj-y)
tests/test-bitops$(EXESUF): tests/test-bitops.o $(test-util-obj-y)
tests/test-bitcnt$(EXESUF): tests/test-bitcnt.o $(test-util-obj-y)
tests/test-crypto-hash$(EXESUF): tests/test-crypto-hash.o $(test-crypto-obj-y)
+tests/benchmark-crypto-hash$(EXESUF): tests/benchmark-crypto-hash.o $(test-crypto-obj-y)
tests/test-crypto-hmac$(EXESUF): tests/test-crypto-hmac.o $(test-crypto-obj-y)
tests/test-crypto-cipher$(EXESUF): tests/test-crypto-cipher.o $(test-crypto-obj-y)
tests/benchmark-crypto-cipher$(EXESUF): tests/benchmark-crypto-cipher.o $(test-crypto-obj-y)
diff --git a/tests/benchmark-crypto-hash.c b/tests/benchmark-crypto-hash.c
new file mode 100644
index 0000000..6769d2a
--- /dev/null
+++ b/tests/benchmark-crypto-hash.c
@@ -0,0 +1,67 @@
+/*
+ * QEMU Crypto hash speed benchmark
+ *
+ * Copyright (c) 2017 HUAWEI TECHNOLOGIES CO., LTD.
+ *
+ * Authors:
+ * Longpeng(Mike) <longpeng2@huawei.com>
+ *
+ * This work is licensed under the terms of the GNU GPL, version 2 or
+ * (at your option) any later version. See the COPYING file in the
+ * top-level directory.
+ */
+#include "qemu/osdep.h"
+#include "crypto/init.h"
+#include "crypto/hash.h"
+
+static void test_hash_speed(const void *opaque)
+{
+ size_t chunk_size = (size_t)opaque;
+ uint8_t *in = NULL, *out = NULL;
+ size_t out_len = 0;
+ double total = 0.0;
+ struct iovec iov;
+ int ret;
+
+ in = g_new0(uint8_t, chunk_size);
+ memset(in, g_test_rand_int(), chunk_size);
+
+ iov.iov_base = (char *)in;
+ iov.iov_len = chunk_size;
+
+ g_test_timer_start();
+ do {
+ ret = qcrypto_hash_bytesv(QCRYPTO_HASH_ALG_SHA256,
+ &iov, 1, &out, &out_len,
+ NULL);
+ g_assert(ret == 0);
+
+ total += chunk_size;
+ } while (g_test_timer_elapsed() < 5.0);
+
+ total /= 1024 * 1024; /* to MB */
+ g_print("sha256: ");
+ g_print("Testing chunk_size %ld bytes ", chunk_size);
+ g_print("done: %.2f MB in %.2f secs: ", total, g_test_timer_last());
+ g_print("%.2f MB/sec\n", total / g_test_timer_last());
+
+ g_free(out);
+ g_free(in);
+}
+
+int main(int argc, char **argv)
+{
+ size_t i;
+ char name[64];
+
+ g_test_init(&argc, &argv, NULL);
+ g_assert(qcrypto_init(NULL) == 0);
+
+ for (i = 512; i <= (64 * 1204); i *= 2) {
+ memset(name, 0 , sizeof(name));
+ snprintf(name, sizeof(name), "/crypto/hash/speed-%lu", i);
+ g_test_add_data_func(name, (void *)i, test_hash_speed);
+ }
+
+ return g_test_run();
+}
--
1.8.3.1
^ permalink raw reply related [flat|nested] 21+ messages in thread
* [Qemu-devel] [PATCH v6 18/18] tests: crypto: add hmac speed benchmark support
2017-07-14 18:03 [Qemu-devel] [PATCH v6 00/18] crypto: add afalg-backend support longpeng.mike
` (16 preceding siblings ...)
2017-07-14 18:04 ` [Qemu-devel] [PATCH v6 17/18] tests: crypto: add hash " longpeng.mike
@ 2017-07-14 18:04 ` longpeng.mike
2017-07-18 9:55 ` [Qemu-devel] [PATCH v6 00/18] crypto: add afalg-backend support Daniel P. Berrange
18 siblings, 0 replies; 21+ messages in thread
From: longpeng.mike @ 2017-07-14 18:04 UTC (permalink / raw)
To: berrange; +Cc: qemu-devel, arei.gonglei, weidong.huang, Longpeng(Mike)
From: "Longpeng(Mike)" <longpeng2@huawei.com>
This patch add a hmac speed benchmark, it helps us to
measure the performance by using "make check-speed" or
using "./tests/benchmark-crypto-hmac" directly.
Signed-off-by: Longpeng(Mike) <longpeng2@huawei.com>
---
tests/Makefile.include | 2 ++
tests/benchmark-crypto-hmac.c | 82 +++++++++++++++++++++++++++++++++++++++++++
2 files changed, 84 insertions(+)
create mode 100644 tests/benchmark-crypto-hmac.c
diff --git a/tests/Makefile.include b/tests/Makefile.include
index c5a67a3..18f9359 100644
--- a/tests/Makefile.include
+++ b/tests/Makefile.include
@@ -99,6 +99,7 @@ gcov-files-test-write-threshold-y = block/write-threshold.c
check-unit-y += tests/test-crypto-hash$(EXESUF)
check-speed-y += tests/benchmark-crypto-hash$(EXESUF)
check-unit-y += tests/test-crypto-hmac$(EXESUF)
+check-speed-y += tests/benchmark-crypto-hmac$(EXESUF)
check-unit-y += tests/test-crypto-cipher$(EXESUF)
check-speed-y += tests/benchmark-crypto-cipher$(EXESUF)
check-unit-y += tests/test-crypto-secret$(EXESUF)
@@ -638,6 +639,7 @@ tests/test-bitcnt$(EXESUF): tests/test-bitcnt.o $(test-util-obj-y)
tests/test-crypto-hash$(EXESUF): tests/test-crypto-hash.o $(test-crypto-obj-y)
tests/benchmark-crypto-hash$(EXESUF): tests/benchmark-crypto-hash.o $(test-crypto-obj-y)
tests/test-crypto-hmac$(EXESUF): tests/test-crypto-hmac.o $(test-crypto-obj-y)
+tests/benchmark-crypto-hmac$(EXESUF): tests/benchmark-crypto-hmac.o $(test-crypto-obj-y)
tests/test-crypto-cipher$(EXESUF): tests/test-crypto-cipher.o $(test-crypto-obj-y)
tests/benchmark-crypto-cipher$(EXESUF): tests/benchmark-crypto-cipher.o $(test-crypto-obj-y)
tests/test-crypto-secret$(EXESUF): tests/test-crypto-secret.o $(test-crypto-obj-y)
diff --git a/tests/benchmark-crypto-hmac.c b/tests/benchmark-crypto-hmac.c
new file mode 100644
index 0000000..72408be
--- /dev/null
+++ b/tests/benchmark-crypto-hmac.c
@@ -0,0 +1,82 @@
+/*
+ * QEMU Crypto hmac speed benchmark
+ *
+ * Copyright (c) 2017 HUAWEI TECHNOLOGIES CO., LTD.
+ *
+ * Authors:
+ * Longpeng(Mike) <longpeng2@huawei.com>
+ *
+ * This work is licensed under the terms of the GNU GPL, version 2 or
+ * (at your option) any later version. See the COPYING file in the
+ * top-level directory.
+ */
+#include "qemu/osdep.h"
+#include "crypto/init.h"
+#include "crypto/hmac.h"
+
+#define KEY "monkey monkey monkey monkey"
+
+static void test_hmac_speed(const void *opaque)
+{
+ size_t chunk_size = (size_t)opaque;
+ QCryptoHmac *hmac = NULL;
+ uint8_t *in = NULL, *out = NULL;
+ size_t out_len = 0;
+ double total = 0.0;
+ struct iovec iov;
+ Error *err = NULL;
+ int ret;
+
+ if (!qcrypto_hmac_supports(QCRYPTO_HASH_ALG_SHA256)) {
+ return;
+ }
+
+ in = g_new0(uint8_t, chunk_size);
+ memset(in, g_test_rand_int(), chunk_size);
+
+ iov.iov_base = (char *)in;
+ iov.iov_len = chunk_size;
+
+ g_test_timer_start();
+ do {
+ hmac = qcrypto_hmac_new(QCRYPTO_HASH_ALG_SHA256,
+ (const uint8_t *)KEY, strlen(KEY), &err);
+ g_assert(err == NULL);
+ g_assert(hmac != NULL);
+
+ ret = qcrypto_hmac_bytesv(hmac, &iov, 1, &out, &out_len, &err);
+ g_assert(ret == 0);
+ g_assert(err == NULL);
+
+ qcrypto_hmac_free(hmac);
+
+ total += chunk_size;
+ } while (g_test_timer_elapsed() < 5.0);
+
+ total /= 1024 * 1024; /* to MB */
+
+ g_print("hmac(sha256): ");
+ g_print("Testing chunk_size %ld bytes ", chunk_size);
+ g_print("done: %.2f MB in %.2f secs: ", total, g_test_timer_last());
+ g_print("%.2f MB/sec\n", total / g_test_timer_last());
+
+ g_free(out);
+ g_free(in);
+}
+
+int main(int argc, char **argv)
+{
+ size_t i;
+ char name[64];
+
+ g_test_init(&argc, &argv, NULL);
+ g_assert(qcrypto_init(NULL) == 0);
+
+ for (i = 512; i <= (64 * 1204); i *= 2) {
+ memset(name, 0 , sizeof(name));
+ snprintf(name, sizeof(name), "/crypto/hmac/speed-%lu", i);
+ g_test_add_data_func(name, (void *)i, test_hmac_speed);
+ }
+
+ return g_test_run();
+}
--
1.8.3.1
^ permalink raw reply related [flat|nested] 21+ messages in thread
* Re: [Qemu-devel] [PATCH v6 12/18] crypto: introduce some common functions for af_alg backend
2017-07-14 18:04 ` [Qemu-devel] [PATCH v6 12/18] crypto: introduce some common functions for af_alg backend longpeng.mike
@ 2017-07-18 9:49 ` Daniel P. Berrange
0 siblings, 0 replies; 21+ messages in thread
From: Daniel P. Berrange @ 2017-07-18 9:49 UTC (permalink / raw)
To: longpeng.mike; +Cc: qemu-devel, arei.gonglei, weidong.huang, Longpeng(Mike)
On Fri, Jul 14, 2017 at 02:04:05PM -0400, longpeng.mike@gmail.com wrote:
> From: "Longpeng(Mike)" <longpeng2@huawei.com>
>
> The AF_ALG socket family is the userspace interface for linux
> crypto API, this patch adds af_alg family support and some common
> functions for af_alg backend. It'll be used by afalg-backend crypto
> latter.
>
> Signed-off-by: Longpeng(Mike) <longpeng2@huawei.com>
> ---
> configure | 30 +++++++++++++
> crypto/Makefile.objs | 1 +
> crypto/afalg.c | 116 +++++++++++++++++++++++++++++++++++++++++++++++++++
> crypto/afalgpriv.h | 54 ++++++++++++++++++++++++
> 4 files changed, 201 insertions(+)
> create mode 100644 crypto/afalg.c
> create mode 100644 crypto/afalgpriv.h
>
> diff --git a/configure b/configure
> index 902653a..4beab2a 100755
> --- a/configure
> +++ b/configure
> @@ -375,6 +375,7 @@ libnfs=""
> coroutine=""
> coroutine_pool=""
> debug_stack_usage="no"
> +crypto_afalg="no"
> seccomp=""
> glusterfs=""
> glusterfs_xlator_opt="no"
> @@ -1124,6 +1125,8 @@ for opt do
> ;;
> --enable-debug-stack-usage) debug_stack_usage="yes"
> ;;
> + --enable-crypto-afalg) crypto_afalg="yes"
> + ;;
We should have an --disable flag too for consistency, even though it is
the default currently.
> --disable-docs) docs="no"
> ;;
> --enable-docs) docs="yes"
> @@ -1443,6 +1446,8 @@ Advanced options (experts only):
> xen pv domain builder
> --enable-debug-stack-usage
> track the maximum stack usage of stacks created by qemu_alloc_stack
> + --enable-crypto-afalg
> + enable afalg-backend crypto and try to use it first.
>
> Optional features, enabled with --enable-FEATURE and
> disabled with --disable-FEATURE, default is enabled if available:
> @@ -4834,6 +4839,24 @@ if compile_prog "" "" ; then
> have_af_vsock=yes
> fi
>
> +##########################################
> +# check for usable AF_ALG environment
> +hava_af_alg=no
typo s/af_alg/afalg/
> +cat > $TMPC << EOF
> +#include <errno.h>
> +#include <sys/types.h>
> +#include <sys/socket.h>
> +#include <linux/if_alg.h>
> +int main(void) {
> + int sock;
> + sock = socket(AF_ALG, SOCK_SEQPACKET, 0);
> + return sock;
> +}
> +EOF
> +if compile_prog "" "" ; then
> + have_afalg=yes
> +fi
If the user requests afalg and the compile test fails, we should
report an error.
> +
> #################################################
> # Sparc implicitly links with --relax, which is
> # incompatible with -r, so --no-relax should be
> @@ -5300,6 +5323,7 @@ echo "seccomp support $seccomp"
> echo "coroutine backend $coroutine"
> echo "coroutine pool $coroutine_pool"
> echo "debug stack usage $debug_stack_usage"
> +echo "crypto afalg $crypto_afalg"
> echo "GlusterFS support $glusterfs"
> echo "gcov $gcov_tool"
> echo "gcov enabled $gcov"
> @@ -5811,6 +5835,12 @@ if test "$debug_stack_usage" = "yes" ; then
> echo "CONFIG_DEBUG_STACK_USAGE=y" >> $config_host_mak
> fi
>
> +if test "$crypto_afalg" = "yes" ; then
> + if test "$have_afalg" = "yes" ; then
The check for have_afalg=yes is redundant if we report an error
earlier
> + echo "CONFIG_AF_ALG=y" >> $config_host_mak
> + fi
> +fi
> +
> if test "$open_by_handle_at" = "yes" ; then
> echo "CONFIG_OPEN_BY_HANDLE=y" >> $config_host_mak
> fi
These are minor points, so I'm going to squash the following into your
change when merging:
diff --git a/configure b/configure
index 83e6f9772f..9237b50b99 100755
--- a/configure
+++ b/configure
@@ -1127,6 +1127,8 @@ for opt do
;;
--enable-crypto-afalg) crypto_afalg="yes"
;;
+ --disable-crypto-afalg) crypto_afalg="no"
+ ;;
--disable-docs) docs="no"
;;
--enable-docs) docs="yes"
@@ -1446,8 +1448,6 @@ Advanced options (experts only):
xen pv domain builder
--enable-debug-stack-usage
track the maximum stack usage of stacks created by qemu_alloc_stack
- --enable-crypto-afalg
- enable afalg-backend crypto and try to use it first.
Optional features, enabled with --enable-FEATURE and
disabled with --disable-FEATURE, default is enabled if available:
@@ -1523,6 +1523,7 @@ disabled with --disable-FEATURE, default is enabled if available:
qom-cast-debug cast debugging support
tools build qemu-io, qemu-nbd and qemu-image tools
vxhs Veritas HyperScale vDisk backend support
+ crypto-afalg Linux AF_ALG crypto backend driver
NOTE: The object files are built at the place where configure is launched
EOF
@@ -4841,7 +4842,7 @@ fi
##########################################
# check for usable AF_ALG environment
-hava_af_alg=no
+hava_afalg=no
cat > $TMPC << EOF
#include <errno.h>
#include <sys/types.h>
@@ -4856,6 +4857,14 @@ EOF
if compile_prog "" "" ; then
have_afalg=yes
fi
+if test "$crypto_afalg" = "yes"
+then
+ if test "$have_afalg" != "yes"
+ then
+ error_exit "AF_ALG requested but could not be detected"
+ fi
+fi
+
#################################################
# Sparc implicitly links with --relax, which is
@@ -5836,9 +5845,7 @@ if test "$debug_stack_usage" = "yes" ; then
fi
if test "$crypto_afalg" = "yes" ; then
- if test "$have_afalg" = "yes" ; then
- echo "CONFIG_AF_ALG=y" >> $config_host_mak
- fi
+ echo "CONFIG_AF_ALG=y" >> $config_host_mak
fi
if test "$open_by_handle_at" = "yes" ; then
Regards,
Daniel
--
|: https://berrange.com -o- https://www.flickr.com/photos/dberrange :|
|: https://libvirt.org -o- https://fstop138.berrange.com :|
|: https://entangle-photo.org -o- https://www.instagram.com/dberrange :|
^ permalink raw reply related [flat|nested] 21+ messages in thread
* Re: [Qemu-devel] [PATCH v6 00/18] crypto: add afalg-backend support
2017-07-14 18:03 [Qemu-devel] [PATCH v6 00/18] crypto: add afalg-backend support longpeng.mike
` (17 preceding siblings ...)
2017-07-14 18:04 ` [Qemu-devel] [PATCH v6 18/18] tests: crypto: add hmac " longpeng.mike
@ 2017-07-18 9:55 ` Daniel P. Berrange
18 siblings, 0 replies; 21+ messages in thread
From: Daniel P. Berrange @ 2017-07-18 9:55 UTC (permalink / raw)
To: longpeng.mike; +Cc: qemu-devel, arei.gonglei, weidong.huang, Longpeng(Mike)
On Fri, Jul 14, 2017 at 02:03:53PM -0400, longpeng.mike@gmail.com wrote:
> From: "Longpeng(Mike)" <longpeng2@huawei.com>
>
> The AF_ALG socket family is the userspace interface for linux
> crypto API, users can use it to access hardware accelerators.
>
> This patchset adds a afalg-backend for qemu crypto subsystem. QEMU
> would try to use afalg-backend first if configures '--enable-crypto
> -afalg' and hostos support AF_ALG.
>
> I measured the performance about the afalg-backend impls, I tested
> how many data could be encrypted in 5 seconds.
>
> NOTE: In some scenarios library-backend using CPU insns for crypto
> would be faster.
>
> test-environment: Intel(R) Core(TM) i5-6500 CPU @ 3.20GHz
>
> *sha256*
> chunk_size(bytes) MB/sec(afalg:sha256-ssse3) MB/sec(nettle)
> 512 93.03 185.87
> 1024 146.32 201.78
> 2048 213.32 210.93
> 4096 275.48 215.26
> 8192 321.77 217.49
> 16384 349.60 219.26
> 32768 363.59 219.73
> 65536 375.79 219.99
>
> *hmac(sha256)*
> chunk_size(bytes) MB/sec(afalg:sha256-ssse3) MB/sec(nettle)
> 512 71.26 165.55
> 1024 117.43 189.15
> 2048 180.96 203.24
> 4096 247.60 211.38
> 8192 301.99 215.65
> 16384 340.79 218.22
> 32768 365.51 219.49
> 65536 377.92 220.24
>
> *cbc(aes128)*
> chunk_size(bytes) MB/sec(afalg:cbc-aes-aesni) MB/sec(nettle)
> 512 371.76 188.41
> 1024 559.86 189.64
> 2048 768.66 192.11
> 4096 939.15 192.40
> 8192 1029.48 192.49
> 16384 1072.79 190.52
> 32768 1109.38 190.41
> 65536 1102.38 190.40
>
> ---
> Changes since v5:
> - use afalg-backend first only when configured with
> '--enable-crypto-afalg' and AF_ALG is supportted.
> [Daniel]
>
> Changes since v4:
> - remove 'name' field in 'struct CryptoAFAlg'. [Daniel]
> - add error handling for read() returning less than requested. [Daniel]
> - use iov_send_recv to recv msg in hash-afalg.c. [Daniel]
> - refactor hmac benchmark as suggestion. [Daniel]
>
> Changes since v3:
> - add "Reviewed-by: Daniel P. Berrange <address@hidden>" in
> commit messages of PATCH 1/2/3/4/5/7/8/9/10/11.
> - PATCH 12: use strlen() instead of qemu_strnlen() in
> qcrypto_afalg_build_saddr(). [Daniel]
> - PATCH 12: rather than indenting the entire method, just return immediately
> if afalg=NULL. [Daniel]
> - PATCH 13: use g_strdup_printf() instead of g_new0+snprintf() and remove
> redundant bounds check in qcrypto_afalg_cipher_format_name().
> [Daniel]
> - PATCH 13: s/except_niv/expect_niv s/origin_contorllen/origin_controllen.
> [Daniel]
> - PATCH 13: use '%zu' to print 'size_t' in qcrypto_afalg_cipher_setiv().
> [Daniel]
> - PATCH 13: remove qcrypto_cipher_using_afalg_drv(). [Daniel]
> - PATCH 13: refactor the qcrypto_cipher_new() as Daniel's suggestion.
> [Daniel]
> - PATCH 13: correct the ->cmsg initialization int
> qcrypto_afalg_cipher_ctx_new() to
> avoid different behaviour in test_cipher_null_iv(). [Daniel]
> - PATCH 14: use g_strdup_printf() instead of g_new0+snprintf() and remove
> edundant bounds check in qcrypto_afalg_hash_format_name().
> [Daniel]
> - PATCH 14: s/except_len/expect_len. [Daniel]
> - PATCH 14: free 'errp' if afalg_driver.hash_bytesv() failed. [Daniel]
> - PATCH 14: maybe some afalg errors should be treated as fatal, but we
> have no idea yet, so add a "TODO" comment.
> - PATCH 15: refactor the qcrypto_hmac_new() as Daniel's suggestion. [Daniel]
>
> Changes since v2:
> - init sockaddr_alg object when it's defined. [Gonglei]
> - fix some superfluous initialization. [Gonglei]
> - s/opeartion/operation/g in crypto/afalgpriv.h. [Gonglei]
> - check 'niv' in qcrypto_afalg_cipher_setiv. [Gonglei]
>
> Changes since v1:
> - use "make check-speed" to testing the performance. [Daniel]
> - put private definations into crypto/***priv.h. [Daniel]
> - remove afalg socket from qapi-schema, put them into crypto/. [Daniel]
> - some Error report change. [Daniel]
> - s/QCryptoAfalg/QCryptoAFAlg. [Daniel]
> - use snprintf with bounds checking instead of sprintf. [Daniel]
> - use "qcrypto_afalg_" prefix and "qcrypto_nettle(gcrypt,glib,builtin)_"
> prefix. [Daniel]
> - add testing results in cover-letter. [Gonglei]
>
> ---
> Longpeng(Mike) (18):
> crypto: cipher: introduce context free function
> crypto: cipher: introduce qcrypto_cipher_ctx_new for gcrypt-backend
> crypto: cipher: introduce qcrypto_cipher_ctx_new for nettle-backend
> crypto: cipher: introduce qcrypto_cipher_ctx_new for builtin-backend
> crypto: cipher: add cipher driver framework
> crypto: hash: add hash driver framework
> crypto: hmac: move crypto/hmac.h into include/crypto/
> crypto: hmac: introduce qcrypto_hmac_ctx_new for gcrypt-backend
> crypto: hmac: introduce qcrypto_hmac_ctx_new for nettle-backend
> crypto: hmac: introduce qcrypto_hmac_ctx_new for glib-backend
> crypto: hmac: add hmac driver framework
> crypto: introduce some common functions for af_alg backend
> crypto: cipher: add afalg-backend cipher support
> crypto: hash: add afalg-backend hash support
> crypto: hmac: add af_alg-backend hmac support
> tests: crypto: add cipher speed benchmark support
> tests: crypto: add hash speed benchmark support
> tests: crypto: add hmac speed benchmark support
>
> configure | 30 ++++++
> crypto/Makefile.objs | 3 +
> crypto/afalg.c | 116 +++++++++++++++++++++
> crypto/afalgpriv.h | 64 ++++++++++++
> crypto/cipher-afalg.c | 226 ++++++++++++++++++++++++++++++++++++++++
> crypto/cipher-builtin.c | 125 +++++++++++-----------
> crypto/cipher-gcrypt.c | 105 ++++++++++---------
> crypto/cipher-nettle.c | 84 ++++++++-------
> crypto/cipher.c | 80 ++++++++++++++
> crypto/cipherpriv.h | 56 ++++++++++
> crypto/hash-afalg.c | 214 +++++++++++++++++++++++++++++++++++++
> crypto/hash-gcrypt.c | 19 ++--
> crypto/hash-glib.c | 19 ++--
> crypto/hash-nettle.c | 19 ++--
> crypto/hash.c | 30 ++++++
> crypto/hashpriv.h | 39 +++++++
> crypto/hmac-gcrypt.c | 42 ++++----
> crypto/hmac-glib.c | 63 ++++++-----
> crypto/hmac-nettle.c | 42 ++++----
> crypto/hmac.c | 58 +++++++++++
> crypto/hmac.h | 166 -----------------------------
> crypto/hmacpriv.h | 48 +++++++++
> include/crypto/cipher.h | 1 +
> include/crypto/hmac.h | 167 +++++++++++++++++++++++++++++
> tests/Makefile.include | 13 ++-
> tests/benchmark-crypto-cipher.c | 88 ++++++++++++++++
> tests/benchmark-crypto-hash.c | 67 ++++++++++++
> tests/benchmark-crypto-hmac.c | 82 +++++++++++++++
> 28 files changed, 1655 insertions(+), 411 deletions(-)
> create mode 100644 crypto/afalg.c
> create mode 100644 crypto/afalgpriv.h
> create mode 100644 crypto/cipher-afalg.c
> create mode 100644 crypto/cipherpriv.h
> create mode 100644 crypto/hash-afalg.c
> create mode 100644 crypto/hashpriv.h
> delete mode 100644 crypto/hmac.h
> create mode 100644 crypto/hmacpriv.h
> create mode 100644 include/crypto/hmac.h
> create mode 100644 tests/benchmark-crypto-cipher.c
> create mode 100644 tests/benchmark-crypto-hash.c
> create mode 100644 tests/benchmark-crypto-hmac.c
Queued for merge.
Thanks for your contribution to QEMU
Regards,
Daniel
--
|: https://berrange.com -o- https://www.flickr.com/photos/dberrange :|
|: https://libvirt.org -o- https://fstop138.berrange.com :|
|: https://entangle-photo.org -o- https://www.instagram.com/dberrange :|
^ permalink raw reply [flat|nested] 21+ messages in thread
end of thread, other threads:[~2017-07-18 9:55 UTC | newest]
Thread overview: 21+ messages (download: mbox.gz follow: Atom feed
-- links below jump to the message on this page --
2017-07-14 18:03 [Qemu-devel] [PATCH v6 00/18] crypto: add afalg-backend support longpeng.mike
2017-07-14 18:03 ` [Qemu-devel] [PATCH v6 01/18] crypto: cipher: introduce context free function longpeng.mike
2017-07-14 18:03 ` [Qemu-devel] [PATCH v6 02/18] crypto: cipher: introduce qcrypto_cipher_ctx_new for gcrypt-backend longpeng.mike
2017-07-14 18:03 ` [Qemu-devel] [PATCH v6 03/18] crypto: cipher: introduce qcrypto_cipher_ctx_new for nettle-backend longpeng.mike
2017-07-14 18:03 ` [Qemu-devel] [PATCH v6 04/18] crypto: cipher: introduce qcrypto_cipher_ctx_new for builtin-backend longpeng.mike
2017-07-14 18:03 ` [Qemu-devel] [PATCH v6 05/18] crypto: cipher: add cipher driver framework longpeng.mike
2017-07-14 18:03 ` [Qemu-devel] [PATCH v6 06/18] crypto: hash: add hash " longpeng.mike
2017-07-14 18:04 ` [Qemu-devel] [PATCH v6 07/18] crypto: hmac: move crypto/hmac.h into include/crypto/ longpeng.mike
2017-07-14 18:04 ` [Qemu-devel] [PATCH v6 08/18] crypto: hmac: introduce qcrypto_hmac_ctx_new for gcrypt-backend longpeng.mike
2017-07-14 18:04 ` [Qemu-devel] [PATCH v6 09/18] crypto: hmac: introduce qcrypto_hmac_ctx_new for nettle-backend longpeng.mike
2017-07-14 18:04 ` [Qemu-devel] [PATCH v6 10/18] crypto: hmac: introduce qcrypto_hmac_ctx_new for glib-backend longpeng.mike
2017-07-14 18:04 ` [Qemu-devel] [PATCH v6 11/18] crypto: hmac: add hmac driver framework longpeng.mike
2017-07-14 18:04 ` [Qemu-devel] [PATCH v6 12/18] crypto: introduce some common functions for af_alg backend longpeng.mike
2017-07-18 9:49 ` Daniel P. Berrange
2017-07-14 18:04 ` [Qemu-devel] [PATCH v6 13/18] crypto: cipher: add afalg-backend cipher support longpeng.mike
2017-07-14 18:04 ` [Qemu-devel] [PATCH v6 14/18] crypto: hash: add afalg-backend hash support longpeng.mike
2017-07-14 18:04 ` [Qemu-devel] [PATCH v6 15/18] crypto: hmac: add af_alg-backend hmac support longpeng.mike
2017-07-14 18:04 ` [Qemu-devel] [PATCH v6 16/18] tests: crypto: add cipher speed benchmark support longpeng.mike
2017-07-14 18:04 ` [Qemu-devel] [PATCH v6 17/18] tests: crypto: add hash " longpeng.mike
2017-07-14 18:04 ` [Qemu-devel] [PATCH v6 18/18] tests: crypto: add hmac " longpeng.mike
2017-07-18 9:55 ` [Qemu-devel] [PATCH v6 00/18] crypto: add afalg-backend support Daniel P. Berrange
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).