From: "Daniel P. Berrangé" <berrange@redhat.com>
To: Hyman Huang <yong.huang@smartx.com>
Cc: qemu-devel <qemu-devel@nongnu.org>,
"Paolo Bonzini" <pbonzini@redhat.com>,
"Marc-André Lureau" <marcandre.lureau@redhat.com>,
"Thomas Huth" <thuth@redhat.com>,
"Philippe Mathieu-Daudé" <philmd@linaro.org>,
"Eric Blake" <eblake@redhat.com>,
"Markus Armbruster" <armbru@redhat.com>
Subject: Re: [PATCH v3] crypto: Introduce SM4 symmetric cipher algorithm
Date: Wed, 6 Dec 2023 17:41:03 +0000 [thread overview]
Message-ID: <ZXCyL9TDaQXXwaoT@redhat.com> (raw)
In-Reply-To: <3c9608d818225af1e20478f98501594a5fea9353.1701270110.git.yong.huang@smartx.com>
On Wed, Nov 29, 2023 at 11:17:49PM +0800, Hyman Huang wrote:
> Introduce the SM4 cipher algorithms (OSCCA GB/T 32907-2016).
>
> SM4 (GBT.32907-2016) is a cryptographic standard issued by the
> Organization of State Commercial Administration of China (OSCCA)
> as an authorized cryptographic algorithms for the use within China.
>
> Use the crypto-sm4 meson build option to explicitly control the
> feature, which would be detected by default.
>
> Signed-off-by: Hyman Huang <yong.huang@smartx.com>
> ---
> crypto/block-luks.c | 11 ++++++++
> crypto/cipher-gcrypt.c.inc | 8 ++++++
> crypto/cipher-nettle.c.inc | 49 +++++++++++++++++++++++++++++++++
> crypto/cipher.c | 6 ++++
> meson.build | 42 ++++++++++++++++++++++++++++
> meson_options.txt | 2 ++
> qapi/crypto.json | 5 +++-
> scripts/meson-buildoptions.sh | 3 ++
> tests/unit/test-crypto-cipher.c | 13 +++++++++
> 9 files changed, 138 insertions(+), 1 deletion(-)
>
> diff --git a/meson.build b/meson.build
> index ec01f8b138..765f9c9f50 100644
> --- a/meson.build
> +++ b/meson.build
> @@ -1480,6 +1480,7 @@ endif
> gcrypt = not_found
> nettle = not_found
> hogweed = not_found
> +crypto_sm4 = not_found
> xts = 'none'
>
> if get_option('nettle').enabled() and get_option('gcrypt').enabled()
> @@ -1505,6 +1506,28 @@ if not gnutls_crypto.found()
> cc.find_library('gpg-error', required: true)],
> version: gcrypt.version())
> endif
> + crypto_sm4 = gcrypt
> + # SM4 ALG is available in libgcrypt >= 1.9
> + if gcrypt.found() and not cc.links('''
> + #include <gcrypt.h>
> + int main(void) {
> + gcry_cipher_hd_t handler;
> + gcry_cipher_open(&handler, GCRY_CIPHER_SM4, GCRY_CIPHER_MODE_ECB, 0);
> + return 0;
> + }''', dependencies: gcrypt)
> + crypto_sm4 = not_found
> + if get_option('crypto_sm4').enabled()
> + error('could not link sm4')
> + else
> + warning('could not link sm4, disabling')
> + endif
IMHO we don't need to have an option for 'crypto_sm4', just
silently disable it if not present in the host provideed
library.
> + endif
> + if crypto_sm4.found() and get_option('prefer_static')
> + crypto_sm4 = declare_dependency(dependencies: [
> + gcrypt,
> + cc.find_library('gpg-error', required: true)],
> + version: gcrypt.version())
> + endif
This last if/endif block is redundant. We already have earlier
logic that detects gpg-error, and we never use the 'crypto_sm4'
object after this point anyway
> endif
> if (not get_option('nettle').auto() or have_system) and not gcrypt.found()
> nettle = dependency('nettle', version: '>=3.4',
> @@ -1513,6 +1536,23 @@ if not gnutls_crypto.found()
> if nettle.found() and not cc.has_header('nettle/xts.h', dependencies: nettle)
> xts = 'private'
> endif
> + crypto_sm4 = nettle
> + # SM4 ALG is available in nettle >= 3.9
> + if nettle.found() and not cc.links('''
> + #include <nettle/sm4.h>
> + int main(void) {
> + struct sm4_ctx ctx;
> + unsigned char key[16] = {0};
> + sm4_set_encrypt_key(&ctx, key);
> + return 0;
> + }''', dependencies: nettle)
> + crypto_sm4 = not_found
> + if get_option('crypto_sm4').enabled()
> + error('could not link sm4')
> + else
> + warning('could not link sm4, disabling')
> + endif
Likewise no need for an option, just silently disable it.
> + endif
> endif
> endif
>
> @@ -2199,6 +2239,7 @@ config_host_data.set('CONFIG_GNUTLS_CRYPTO', gnutls_crypto.found())
> config_host_data.set('CONFIG_TASN1', tasn1.found())
> config_host_data.set('CONFIG_GCRYPT', gcrypt.found())
> config_host_data.set('CONFIG_NETTLE', nettle.found())
> +config_host_data.set('CONFIG_CRYPTO_SM4', crypto_sm4.found())
> config_host_data.set('CONFIG_HOGWEED', hogweed.found())
> config_host_data.set('CONFIG_QEMU_PRIVATE_XTS', xts == 'private')
> config_host_data.set('CONFIG_MALLOC_TRIM', has_malloc_trim)
> @@ -4273,6 +4314,7 @@ summary_info += {'nettle': nettle}
> if nettle.found()
> summary_info += {' XTS': xts != 'private'}
> endif
> +summary_info += {'SM4 ALG support': crypto_sm4}
> summary_info += {'AF_ALG support': have_afalg}
> summary_info += {'rng-none': get_option('rng_none')}
> summary_info += {'Linux keyring': have_keyring}
> diff --git a/meson_options.txt b/meson_options.txt
> index c9baeda639..db8de4ec5b 100644
> --- a/meson_options.txt
> +++ b/meson_options.txt
> @@ -172,6 +172,8 @@ option('nettle', type : 'feature', value : 'auto',
> description: 'nettle cryptography support')
> option('gcrypt', type : 'feature', value : 'auto',
> description: 'libgcrypt cryptography support')
> +option('crypto_sm4', type : 'feature', value : 'auto',
> + description: 'SM4 symmetric cipher algorithm support')
Drop this.
> option('crypto_afalg', type : 'feature', value : 'disabled',
> description: 'Linux AF_ALG crypto backend driver')
> option('libdaxctl', type : 'feature', value : 'auto',
> diff --git a/scripts/meson-buildoptions.sh b/scripts/meson-buildoptions.sh
> index 680fa3f581..f189f34829 100644
> --- a/scripts/meson-buildoptions.sh
> +++ b/scripts/meson-buildoptions.sh
> @@ -106,6 +106,7 @@ meson_options_help() {
> printf "%s\n" ' colo-proxy colo-proxy support'
> printf "%s\n" ' coreaudio CoreAudio sound support'
> printf "%s\n" ' crypto-afalg Linux AF_ALG crypto backend driver'
> + printf "%s\n" ' crypto-sm4 SM4 symmetric cipher algorithm support'
> printf "%s\n" ' curl CURL block device driver'
> printf "%s\n" ' curses curses UI'
> printf "%s\n" ' dbus-display -display dbus support'
> @@ -282,6 +283,8 @@ _meson_option_parse() {
> --disable-coroutine-pool) printf "%s" -Dcoroutine_pool=false ;;
> --enable-crypto-afalg) printf "%s" -Dcrypto_afalg=enabled ;;
> --disable-crypto-afalg) printf "%s" -Dcrypto_afalg=disabled ;;
> + --enable-crypto-sm4) printf "%s" -Dcrypto_sm4=enabled ;;
> + --disable-crypto-sm4) printf "%s" -Dcrypto_sm4=disabled ;;
> --enable-curl) printf "%s" -Dcurl=enabled ;;
> --disable-curl) printf "%s" -Dcurl=disabled ;;
> --enable-curses) printf "%s" -Dcurses=enabled ;;
This can go away too
With regards,
Daniel
--
|: https://berrange.com -o- https://www.flickr.com/photos/dberrange :|
|: https://libvirt.org -o- https://fstop138.berrange.com :|
|: https://entangle-photo.org -o- https://www.instagram.com/dberrange :|
next prev parent reply other threads:[~2023-12-06 17:42 UTC|newest]
Thread overview: 4+ messages / expand[flat|nested] mbox.gz Atom feed top
2023-11-29 15:17 [PATCH v3] crypto: Introduce SM4 symmetric cipher algorithm Hyman Huang
2023-11-29 18:12 ` Philippe Mathieu-Daudé
2023-12-06 17:41 ` Daniel P. Berrangé [this message]
2023-12-07 6:47 ` Yong Huang
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=ZXCyL9TDaQXXwaoT@redhat.com \
--to=berrange@redhat.com \
--cc=armbru@redhat.com \
--cc=eblake@redhat.com \
--cc=marcandre.lureau@redhat.com \
--cc=pbonzini@redhat.com \
--cc=philmd@linaro.org \
--cc=qemu-devel@nongnu.org \
--cc=thuth@redhat.com \
--cc=yong.huang@smartx.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).