[PATCH v5 00/16] hw/misc/aspeed_hace: Fix SG Accumulative Hash Calculations

[PATCH v5 00/16] hw/misc/aspeed_hace: Fix SG Accumulative Hash Calculations

[Cédric Le Goater]

Hello,

This is a resping of Alejandro's series fixing SG Accumulative Hash
Calculations. See [1] for more details. 

The goal of this patch series is to fix accumulative hashing support
in the Aspeed HACE module. The issue that stemmed this patch was a
failure to boot an OpenBMC image using the "ast2600-evb" machine. The
U-boot 2019.04 loader failed to verify image hashes.

These incorrect image hashes given by the HACE to the U-boot guest are
due to an oversight in the HACE module. Previously when operating in
scatter-gather accumulative mode, the HACE would cache the address
provided by the guest which contained the source data. However, there
was no deep copy, so when HACE generated the digest upon the reception
of the final accumulative chunk the digest was incorrect, as the
addresses provided had their regions overwritten by that time.

This fix consists of two main steps:
* Add an accumulative hashing function to the qcrypto library
* Modify the HACE module to use the accumulative hashing functions

All the crypto library backends (nettle, gnutls, etc.) support
accumulative hashing, so it was trivial to create wrappers for those
functions.

Changes in v5 (clg):

 - Changed documentation "non-zero on error" -> "-1 on error" 
 - Dropped qcrypto_hash_supports() in qcrypto_glib_hash_new()
 - Removed superfluous cast (GChecksum *) in qcrypto_glib_hash_free()
 - Reworked qcrypto_glib_hash_finalize() 
 - Dropped qcrypto_hash_supports() in qcrypto_gcrypt_hash_new()
 - Reworked qcrypto_gcrypt_hash_finalize()
 - Handled gcry_md_open() errors in qcrypto_gcrypt_hash_new()
 - Dropped qcrypto_hash_supports() in qcrypto_gnutls_hash_new()
 - Reworked qcrypto_gnutls_hash_finalize()
 - Handled gnutls_hash_init() errors in qcrypto_gnutls_hash_new()
 - Replaced gnutls_hash_deinit() by gnutls_hash_output() in
   qcrypto_gnutls_hash_finalize()
 - Freed resources with gnutls_hash_deinit() in qcrypto_gnutls_hash_free() 
 - Dropped qcrypto_hash_supports() in qcrypto_nettle_hash_new() 
 - Split iov changes from original patch
 - Handled qcrypto_afalg_hash_ctx_new() errors in qcrypto_afalg_hash_new()
 - Freed alg_name in qcrypto_afalg_hash_new()
 - Reworked qcrypto_afalg_recv_from_kernel()
 - Split iov changes from original patch 
 - Reworked qcrypto_hash_bytesv() error handling
 - Used hash->driver int qcrypto_hash_new(), qcrypto_hash_free() qcrypto_hash_updatev()
 - Introduced qcrypto_hash_supports() check in  qcrypto_hash_new()
 - Introduced g_autofree variables in qcrypto_hash_finalize_digest()
   and qcrypto_hash_finalize_base64()
 - Re-arrranged code in qcrypto_hash_digestv() and qcrypto_hash_digest()
 - Improved test_hash_accumulate() with g_autofree variables 
 - Fixed spelling in commit log 
 - Checkpatch fixes 

Changes in V4:
* Restructured patches so unit tests pass for each independently.
* Freeing hash context is now a void function.
* Added autoptr cleanup function definition for qcrypto_hash_free.
* Separated qcrypto_hash_update into qcrypto_hash_update and
  qcrypto_hash_updatev.
* Changed public hash functions to use afalg implementation correctly if support
  is enabled.
* Fixed accumulative hashing in afalg driver (pass MSG_MORE socket flag).

Changes in V3:
* Reworked crypto hash API with comments from Daniel
  * Creation/Deletion of contexts, updating, and finalizing
  * Modified existing API functions to use the new 4 main core functions
  * Added test for accumulative hashing
  * Added afalg driver implementation
* Fixed bug in HACE module where hash context fails to allocate,
  causing the HACE internal state to be incorrect and segfault.

Changes in V2:
* Fixed error checking bug in libgcrypt crypto backend of
  accumulate_bytesv

Alejandro Zeise (16):
  crypto: accumulative hashing API
  crypto/hash-glib: Implement new hash API
  crypto/hash-gcrypt: Implement new hash API
  crypto/hash-gnutls: Implement new hash API
  crypto/hash-nettle: Implement new hash API
  util/iov: Introduce iov_send_recv_with_flags()
  crypto/hash-afalg: Implement new hash API
  crypto/hash: Implement and use new hash API
  tests/unit/test-crypto-hash: accumulative hashing
  crypto/hash-glib: Remove old hash API functions
  crypto/hash-gcrypt: Remove old hash API functions
  crypto/hash-gnutls: Remove old hash API functions
  crypto/hash-nettle: Remove old hash API functions
  crypto/hash-afalg: Remove old hash API functions
  crypto/hashpriv: Remove old hash API function
  hw/misc/aspeed_hace: Fix SG Accumulative hashing

 crypto/hashpriv.h             |  13 ++-
 include/crypto/hash.h         | 119 ++++++++++++++++++++++++
 include/hw/misc/aspeed_hace.h |   4 +
 include/qemu/iov.h            |  27 ++++++
 crypto/hash-afalg.c           | 167 ++++++++++++++++++++++++----------
 crypto/hash-gcrypt.c          | 112 +++++++++++++----------
 crypto/hash-glib.c            |  92 +++++++++++--------
 crypto/hash-gnutls.c          |  97 +++++++++++++-------
 crypto/hash-nettle.c          |  81 ++++++++++-------
 crypto/hash.c                 | 161 ++++++++++++++++++++++++++------
 hw/misc/aspeed_hace.c         |  96 ++++++++++---------
 tests/unit/test-crypto-hash.c |  46 ++++++++++
 util/iov.c                    |  25 +++--
 13 files changed, 756 insertions(+), 284 deletions(-)

-- 
2.46.2

[PATCH v5 01/16] crypto: accumulative hashing API

[Cédric Le Goater]

From: Alejandro Zeise <alejandro.zeise@seagate.com>

Changes the hash API to support accumulative hashing.
Hash objects are created with "qcrypto_hash_new",
updated with data with "qcrypto_hash_update", and
the hash obtained with "qcrypto_hash_finalize".

These changes bring the hashing API more in line with the
hmac API.

Signed-off-by: Alejandro Zeise <alejandro.zeise@seagate.com>
[ clg: - Changed documentation "non-zero on error" -> "-1 on error" ]
Signed-off-by: Cédric Le Goater <clg@redhat.com>
---
 crypto/hashpriv.h     |  13 +++++
 include/crypto/hash.h | 119 ++++++++++++++++++++++++++++++++++++++++++
 2 files changed, 132 insertions(+)

diff --git a/crypto/hashpriv.h b/crypto/hashpriv.h
index 47daec3f7aed..dcb3ba6cfba0 100644
--- a/crypto/hashpriv.h
+++ b/crypto/hashpriv.h
@@ -1,6 +1,7 @@
 /*
  * QEMU Crypto hash driver supports
  *
+ * Copyright (c) 2024 Seagate Technology LLC and/or its Affiliates
  * Copyright (c) 2017 HUAWEI TECHNOLOGIES CO., LTD.
  *
  * Authors:
@@ -15,6 +16,8 @@
 #ifndef QCRYPTO_HASHPRIV_H
 #define QCRYPTO_HASHPRIV_H
 
+#include "crypto/hash.h"
+
 typedef struct QCryptoHashDriver QCryptoHashDriver;
 
 struct QCryptoHashDriver {
@@ -24,6 +27,16 @@ struct QCryptoHashDriver {
                        uint8_t **result,
                        size_t *resultlen,
                        Error **errp);
+    QCryptoHash *(*hash_new)(QCryptoHashAlgo alg, Error **errp);
+    int (*hash_update)(QCryptoHash *hash,
+                       const struct iovec *iov,
+                       size_t niov,
+                       Error **errp);
+    int (*hash_finalize)(QCryptoHash *hash,
+                         uint8_t **result,
+                         size_t *resultlen,
+                         Error **errp);
+    void (*hash_free)(QCryptoHash *hash);
 };
 
 extern QCryptoHashDriver qcrypto_hash_lib_driver;
diff --git a/include/crypto/hash.h b/include/crypto/hash.h
index 6038a52d0e49..b791ca92a430 100644
--- a/include/crypto/hash.h
+++ b/include/crypto/hash.h
@@ -1,6 +1,7 @@
 /*
  * QEMU Crypto hash algorithms
  *
+ * Copyright (c) 2024 Seagate Technology LLC and/or its Affiliates
  * Copyright (c) 2015 Red Hat, Inc.
  *
  * This library is free software; you can redistribute it and/or
@@ -33,6 +34,13 @@
 
 /* See also "QCryptoHashAlgo" defined in qapi/crypto.json */
 
+typedef struct QCryptoHash QCryptoHash;
+struct QCryptoHash {
+    QCryptoHashAlgo alg;
+    void *opaque;
+    void *driver;
+};
+
 /**
  * qcrypto_hash_supports:
  * @alg: the hash algorithm
@@ -128,6 +136,117 @@ int qcrypto_hash_digestv(QCryptoHashAlgo alg,
                          char **digest,
                          Error **errp);
 
+/**
+ * qcrypto_hash_updatev:
+ * @hash: hash object from qcrypto_hash_new
+ * @iov: the array of memory regions to hash
+ * @niov: the length of @iov
+ * @errp: pointer to a NULL-initialized error object
+ *
+ * Updates the given hash object with all the memory regions
+ * present in @iov.
+ *
+ * Returns: 0 on success, -1 on error
+ */
+int qcrypto_hash_updatev(QCryptoHash *hash,
+                         const struct iovec *iov,
+                         size_t niov,
+                         Error **errp);
+/**
+ * qcrypto_hash_update:
+ * @hash: hash object from qcrypto_hash_new
+ * @buf: the memory region to hash
+ * @len: the length of @buf
+ * @errp: pointer to a NULL-initialized error object
+ *
+ * Updates the given hash object with the data from
+ * the given buffer.
+ *
+ * Returns: 0 on success, -1 on error
+ */
+int qcrypto_hash_update(QCryptoHash *hash,
+                        const char *buf,
+                        size_t len,
+                        Error **errp);
+
+/**
+ * qcrypto_hash_finalize_digest:
+ * @hash: the hash object to finalize
+ * @digest: pointer to hold output hash
+ * @errp: pointer to a NULL-initialized error object
+ *
+ * Computes the hash from the given hash object. Hash object
+ * is expected to have its data updated from the qcrypto_hash_update function.
+ * The @digest pointer will be filled with the printable hex digest of the
+ * computed hash, which will be terminated by '\0'. The memory pointer
+ * in @digest must be released with a call to g_free() when
+ * no longer required.
+ *
+ * Returns: 0 on success, -1 on error
+ */
+int qcrypto_hash_finalize_digest(QCryptoHash *hash,
+                                 char **digest,
+                                 Error **errp);
+
+/**
+ * qcrypto_hash_finalize_base64:
+ * @hash_ctx: hash object to finalize
+ * @base64: pointer to store the hash result in
+ * @errp: pointer to a NULL-initialized error object
+ *
+ * Computes the hash from the given hash object. Hash object
+ * is expected to have it's data updated from the qcrypto_hash_update function.
+ * The @base64 pointer will be filled with the base64 encoding of the computed
+ * hash, which will be terminated by '\0'. The memory pointer in @base64
+ * must be released with a call to g_free() when no longer required.
+ *
+ * Returns: 0 on success, -1 on error
+ */
+int qcrypto_hash_finalize_base64(QCryptoHash *hash,
+                                 char **base64,
+                                 Error **errp);
+
+/**
+ * qcrypto_hash_finalize_bytes:
+ * @hash_ctx: hash object to finalize
+ * @result: pointer to store the hash result in
+ * @result_len: Pointer to store the length of the result in
+ * @errp: pointer to a NULL-initialized error object
+ *
+ * Computes the hash from the given hash object. Hash object
+ * is expected to have it's data updated from the qcrypto_hash_update function.
+ * The memory pointer in @result must be released with a call to g_free()
+ * when no longer required.
+ *
+ * Returns: 0 on success, -1 on error
+ */
+int qcrypto_hash_finalize_bytes(QCryptoHash *hash,
+                                uint8_t **result,
+                                size_t *result_len,
+                                Error **errp);
+
+/**
+ * qcrypto_hash_new:
+ * @alg: the hash algorithm
+ * @errp: pointer to a NULL-initialized error object
+ *
+ * Creates a new hashing context for the chosen algorithm for
+ * usage with qcrypto_hash_update.
+ *
+ * Returns: New hash object with the given algorithm, or NULL on error.
+ */
+QCryptoHash *qcrypto_hash_new(QCryptoHashAlgo alg, Error **errp);
+
+/**
+ * qcrypto_hash_free:
+ * @hash: hash object to free
+ *
+ * Frees a hashing context for the chosen algorithm.
+ */
+void qcrypto_hash_free(QCryptoHash *hash);
+
+G_DEFINE_AUTOPTR_CLEANUP_FUNC(QCryptoHash, qcrypto_hash_free)
+
 /**
  * qcrypto_hash_digest:
  * @alg: the hash algorithm
-- 
2.46.2

Re: [PATCH v5 01/16] crypto: accumulative hashing API

[Daniel P. Berrangé]

On Tue, Oct 08, 2024 at 09:57:08AM +0200, Cédric Le Goater wrote:
> From: Alejandro Zeise <alejandro.zeise@seagate.com>
> 
> Changes the hash API to support accumulative hashing.
> Hash objects are created with "qcrypto_hash_new",
> updated with data with "qcrypto_hash_update", and
> the hash obtained with "qcrypto_hash_finalize".
> 
> These changes bring the hashing API more in line with the
> hmac API.
> 
> Signed-off-by: Alejandro Zeise <alejandro.zeise@seagate.com>
> [ clg: - Changed documentation "non-zero on error" -> "-1 on error" ]
> Signed-off-by: Cédric Le Goater <clg@redhat.com>
> ---
>  crypto/hashpriv.h     |  13 +++++
>  include/crypto/hash.h | 119 ++++++++++++++++++++++++++++++++++++++++++
>  2 files changed, 132 insertions(+)

Reviewed-by: Daniel P. Berrangé <berrange@redhat.com>


With regards,
Daniel
-- 
|: https://berrange.com      -o-    https://www.flickr.com/photos/dberrange :|
|: https://libvirt.org         -o-            https://fstop138.berrange.com :|
|: https://entangle-photo.org    -o-    https://www.instagram.com/dberrange :|

[PATCH v5 02/16] crypto/hash-glib: Implement new hash API

[Cédric Le Goater]

From: Alejandro Zeise <alejandro.zeise@seagate.com>

Implements the new hashing API in the GLib hash driver.
Supports creating/destroying a context, updating the context
with input data and obtaining an output hash.

Signed-off-by: Alejandro Zeise <alejandro.zeise@seagate.com>
[ clg: - Dropped qcrypto_hash_supports() in qcrypto_glib_hash_new()
       - Removed superfluous cast (GChecksum *) in qcrypto_glib_hash_free()
       - Reworked qcrypto_glib_hash_finalize() ]
Signed-off-by: Cédric Le Goater <clg@redhat.com>
---
 crypto/hash-glib.c | 67 ++++++++++++++++++++++++++++++++++++++++++++++
 1 file changed, 67 insertions(+)

diff --git a/crypto/hash-glib.c b/crypto/hash-glib.c
index a5a2949333ae..783283facc18 100644
--- a/crypto/hash-glib.c
+++ b/crypto/hash-glib.c
@@ -1,6 +1,7 @@
 /*
  * QEMU Crypto hash algorithms
  *
+ * Copyright (c) 2024 Seagate Technology LLC and/or its Affiliates
  * Copyright (c) 2016 Red Hat, Inc.
  *
  * This library is free software; you can redistribute it and/or
@@ -95,6 +96,72 @@ qcrypto_glib_hash_bytesv(QCryptoHashAlgo alg,
 }
 
 
+static
+QCryptoHash *qcrypto_glib_hash_new(QCryptoHashAlgo alg,
+                                   Error **errp)
+{
+    QCryptoHash *hash;
+
+    hash = g_new(QCryptoHash, 1);
+    hash->alg = alg;
+    hash->opaque = g_checksum_new(qcrypto_hash_alg_map[alg]);
+
+    return hash;
+}
+
+static
+void qcrypto_glib_hash_free(QCryptoHash *hash)
+{
+    if (hash->opaque) {
+        g_checksum_free(hash->opaque);
+    }
+
+    g_free(hash);
+}
+
+
+static
+int qcrypto_glib_hash_update(QCryptoHash *hash,
+                             const struct iovec *iov,
+                             size_t niov,
+                             Error **errp)
+{
+    GChecksum *ctx = hash->opaque;
+
+    for (int i = 0; i < niov; i++) {
+        g_checksum_update(ctx, iov[i].iov_base, iov[i].iov_len);
+    }
+
+    return 0;
+}
+
+static
+int qcrypto_glib_hash_finalize(QCryptoHash *hash,
+                               uint8_t **result,
+                               size_t *result_len,
+                               Error **errp)
+{
+    int ret;
+    GChecksum *ctx = hash->opaque;
+
+    ret = g_checksum_type_get_length(qcrypto_hash_alg_map[hash->alg]);
+    if (ret < 0) {
+        error_setg(errp, "Unable to get hash length");
+        *result_len = 0;
+        return -1;
+    }
+
+    *result_len = ret;
+    *result = g_new(uint8_t, *result_len);
+
+    g_checksum_get_digest(ctx, *result, result_len);
+    return 0;
+}
+
 QCryptoHashDriver qcrypto_hash_lib_driver = {
     .hash_bytesv = qcrypto_glib_hash_bytesv,
+    .hash_new      = qcrypto_glib_hash_new,
+    .hash_update   = qcrypto_glib_hash_update,
+    .hash_finalize = qcrypto_glib_hash_finalize,
+    .hash_free     = qcrypto_glib_hash_free,
 };
-- 
2.46.2

Re: [PATCH v5 02/16] crypto/hash-glib: Implement new hash API

[Daniel P. Berrangé]

On Tue, Oct 08, 2024 at 09:57:09AM +0200, Cédric Le Goater wrote:
> From: Alejandro Zeise <alejandro.zeise@seagate.com>
> 
> Implements the new hashing API in the GLib hash driver.
> Supports creating/destroying a context, updating the context
> with input data and obtaining an output hash.
> 
> Signed-off-by: Alejandro Zeise <alejandro.zeise@seagate.com>
> [ clg: - Dropped qcrypto_hash_supports() in qcrypto_glib_hash_new()
>        - Removed superfluous cast (GChecksum *) in qcrypto_glib_hash_free()
>        - Reworked qcrypto_glib_hash_finalize() ]
> Signed-off-by: Cédric Le Goater <clg@redhat.com>
> ---
>  crypto/hash-glib.c | 67 ++++++++++++++++++++++++++++++++++++++++++++++
>  1 file changed, 67 insertions(+)

Reviewed-by: Daniel P. Berrangé <berrange@redhat.com>


With regards,
Daniel
-- 
|: https://berrange.com      -o-    https://www.flickr.com/photos/dberrange :|
|: https://libvirt.org         -o-            https://fstop138.berrange.com :|
|: https://entangle-photo.org    -o-    https://www.instagram.com/dberrange :|

[PATCH v5 03/16] crypto/hash-gcrypt: Implement new hash API

[Cédric Le Goater]

From: Alejandro Zeise <alejandro.zeise@seagate.com>

Implements the new hashing API in the gcrypt hash driver.
Supports creating/destroying a context, updating the context
with input data and obtaining an output hash.

Signed-off-by: Alejandro Zeise <alejandro.zeise@seagate.com>
[ clg: - Dropped qcrypto_hash_supports() in qcrypto_gcrypt_hash_new()
       - Reworked qcrypto_gcrypt_hash_finalize()
       - Handled gcry_md_open() errors in qcrypto_gcrypt_hash_new()
       - Checkpatch fixes ]
Signed-off-by: Cédric Le Goater <clg@redhat.com>
---
 crypto/hash-gcrypt.c | 79 ++++++++++++++++++++++++++++++++++++++++++++
 1 file changed, 79 insertions(+)

diff --git a/crypto/hash-gcrypt.c b/crypto/hash-gcrypt.c
index 0973cc0d93c1..cb2cb37f25ed 100644
--- a/crypto/hash-gcrypt.c
+++ b/crypto/hash-gcrypt.c
@@ -1,6 +1,7 @@
 /*
  * QEMU Crypto hash algorithms
  *
+ * Copyright (c) 2024 Seagate Technology LLC and/or its Affiliates
  * Copyright (c) 2016 Red Hat, Inc.
  *
  * This library is free software; you can redistribute it and/or
@@ -110,7 +111,85 @@ qcrypto_gcrypt_hash_bytesv(QCryptoHashAlgo alg,
     return -1;
 }
 
+static
+QCryptoHash *qcrypto_gcrypt_hash_new(QCryptoHashAlgo alg, Error **errp)
+{
+    QCryptoHash *hash;
+    int ret;
+
+    hash = g_new(QCryptoHash, 1);
+    hash->alg = alg;
+    hash->opaque = g_new(gcry_md_hd_t, 1);
+
+    ret = gcry_md_open((gcry_md_hd_t *) hash->opaque,
+                       qcrypto_hash_alg_map[alg], 0);
+    if (ret < 0) {
+        error_setg(errp,
+                   "Unable to initialize hash algorithm: %s",
+                   gcry_strerror(ret));
+        g_free(hash->opaque);
+        g_free(hash);
+        return NULL;
+    }
+    return hash;
+}
+
+static
+void qcrypto_gcrypt_hash_free(QCryptoHash *hash)
+{
+    gcry_md_hd_t *ctx = hash->opaque;
+
+    if (ctx) {
+        gcry_md_close(*ctx);
+        g_free(ctx);
+    }
+
+    g_free(hash);
+}
+
+
+static
+int qcrypto_gcrypt_hash_update(QCryptoHash *hash,
+                               const struct iovec *iov,
+                               size_t niov,
+                               Error **errp)
+{
+    gcry_md_hd_t *ctx = hash->opaque;
+
+    for (int i = 0; i < niov; i++) {
+        gcry_md_write(*ctx, iov[i].iov_base, iov[i].iov_len);
+    }
+
+    return 0;
+}
+
+static
+int qcrypto_gcrypt_hash_finalize(QCryptoHash *hash,
+                                 uint8_t **result,
+                                 size_t *result_len,
+                                 Error **errp)
+{
+    unsigned char *digest;
+    gcry_md_hd_t *ctx = hash->opaque;
+
+    *result_len = gcry_md_get_algo_dlen(qcrypto_hash_alg_map[hash->alg]);
+    if (*result_len == 0) {
+        error_setg(errp, "Unable to get hash length");
+        return -1;
+    }
+
+    *result = g_new(uint8_t, *result_len);
+
+    /* Digest is freed by gcry_md_close(), copy it */
+    digest = gcry_md_read(*ctx, 0);
+    memcpy(*result, digest, *result_len);
+    return 0;
+}
 
 QCryptoHashDriver qcrypto_hash_lib_driver = {
     .hash_bytesv = qcrypto_gcrypt_hash_bytesv,
+    .hash_new      = qcrypto_gcrypt_hash_new,
+    .hash_update   = qcrypto_gcrypt_hash_update,
+    .hash_finalize = qcrypto_gcrypt_hash_finalize,
+    .hash_free     = qcrypto_gcrypt_hash_free,
 };
-- 
2.46.2

Re: [PATCH v5 03/16] crypto/hash-gcrypt: Implement new hash API

[Daniel P. Berrangé]

On Tue, Oct 08, 2024 at 09:57:10AM +0200, Cédric Le Goater wrote:
> From: Alejandro Zeise <alejandro.zeise@seagate.com>
> 
> Implements the new hashing API in the gcrypt hash driver.
> Supports creating/destroying a context, updating the context
> with input data and obtaining an output hash.
> 
> Signed-off-by: Alejandro Zeise <alejandro.zeise@seagate.com>
> [ clg: - Dropped qcrypto_hash_supports() in qcrypto_gcrypt_hash_new()
>        - Reworked qcrypto_gcrypt_hash_finalize()
>        - Handled gcry_md_open() errors in qcrypto_gcrypt_hash_new()
>        - Checkpatch fixes ]
> Signed-off-by: Cédric Le Goater <clg@redhat.com>
> ---
>  crypto/hash-gcrypt.c | 79 ++++++++++++++++++++++++++++++++++++++++++++
>  1 file changed, 79 insertions(+)

Reviewed-by: Daniel P. Berrangé <berrange@redhat.com>


With regards,
Daniel
-- 
|: https://berrange.com      -o-    https://www.flickr.com/photos/dberrange :|
|: https://libvirt.org         -o-            https://fstop138.berrange.com :|
|: https://entangle-photo.org    -o-    https://www.instagram.com/dberrange :|

[PATCH v5 04/16] crypto/hash-gnutls: Implement new hash API

[Cédric Le Goater]

From: Alejandro Zeise <alejandro.zeise@seagate.com>

Implements the new hashing API in the gnutls hash driver.
Supports creating/destroying a context, updating the context
with input data and obtaining an output hash.

Signed-off-by: Alejandro Zeise <alejandro.zeise@seagate.com>
[ clg: - Dropped qcrypto_hash_supports() in qcrypto_gnutls_hash_new()
       - Reworked qcrypto_gnutls_hash_finalize()
       - Handled gnutls_hash_init() errors in qcrypto_gnutls_hash_new()
       - Replaced gnutls_hash_deinit() by gnutls_hash_output() in
         qcrypto_gnutls_hash_finalize()
       - Freed resources with gnutls_hash_deinit() in
         qcrypto_gnutls_hash_free() ]
Signed-off-by: Cédric Le Goater <clg@redhat.com>
---
 crypto/hash-gnutls.c | 78 ++++++++++++++++++++++++++++++++++++++++++++
 1 file changed, 78 insertions(+)

diff --git a/crypto/hash-gnutls.c b/crypto/hash-gnutls.c
index 0636c0727a93..8b0327be82cf 100644
--- a/crypto/hash-gnutls.c
+++ b/crypto/hash-gnutls.c
@@ -1,6 +1,7 @@
 /*
  * QEMU Crypto hash algorithms
  *
+ * Copyright (c) 2024 Seagate Technology LLC and/or its Affiliates
  * Copyright (c) 2021 Red Hat, Inc.
  *
  * This library is free software; you can redistribute it and/or
@@ -98,7 +99,84 @@ qcrypto_gnutls_hash_bytesv(QCryptoHashAlgo alg,
     return 0;
 }
 
+static
+QCryptoHash *qcrypto_gnutls_hash_new(QCryptoHashAlgo alg, Error **errp)
+{
+    QCryptoHash *hash;
+    int ret;
+
+    hash = g_new(QCryptoHash, 1);
+    hash->alg = alg;
+    hash->opaque = g_new(gnutls_hash_hd_t, 1);
+
+    ret = gnutls_hash_init(hash->opaque, qcrypto_hash_alg_map[alg]);
+    if (ret < 0) {
+        error_setg(errp,
+                   "Unable to initialize hash algorithm: %s",
+                   gnutls_strerror(ret));
+        g_free(hash->opaque);
+        g_free(hash);
+        return NULL;
+    }
+
+    return hash;
+}
+
+static
+void qcrypto_gnutls_hash_free(QCryptoHash *hash)
+{
+    gnutls_hash_hd_t *ctx = hash->opaque;
+
+    gnutls_hash_deinit(*ctx, NULL);
+    g_free(ctx);
+    g_free(hash);
+}
+
+
+static
+int qcrypto_gnutls_hash_update(QCryptoHash *hash,
+                               const struct iovec *iov,
+                               size_t niov,
+                               Error **errp)
+{
+    int ret = 0;
+    gnutls_hash_hd_t *ctx = hash->opaque;
+
+    for (int i = 0; i < niov; i++) {
+        ret = gnutls_hash(*ctx, iov[i].iov_base, iov[i].iov_len);
+        if (ret != 0) {
+            error_setg(errp, "Failed to hash data: %s",
+                       gnutls_strerror(ret));
+            return -1;
+        }
+    }
+
+    return 0;
+}
+
+static
+int qcrypto_gnutls_hash_finalize(QCryptoHash *hash,
+                                 uint8_t **result,
+                                 size_t *result_len,
+                                 Error **errp)
+{
+    gnutls_hash_hd_t *ctx = hash->opaque;
+
+    *result_len = gnutls_hash_get_len(qcrypto_hash_alg_map[hash->alg]);
+    if (*result_len == 0) {
+        error_setg(errp, "Unable to get hash length");
+        return -1;
+    }
+
+    *result = g_new(uint8_t, *result_len);
+    gnutls_hash_output(*ctx, *result);
+    return 0;
+}
 
 QCryptoHashDriver qcrypto_hash_lib_driver = {
     .hash_bytesv = qcrypto_gnutls_hash_bytesv,
+    .hash_new      = qcrypto_gnutls_hash_new,
+    .hash_update   = qcrypto_gnutls_hash_update,
+    .hash_finalize = qcrypto_gnutls_hash_finalize,
+    .hash_free     = qcrypto_gnutls_hash_free,
 };
-- 
2.46.2

Re: [PATCH v5 04/16] crypto/hash-gnutls: Implement new hash API

[Daniel P. Berrangé]

On Tue, Oct 08, 2024 at 09:57:11AM +0200, Cédric Le Goater wrote:
> From: Alejandro Zeise <alejandro.zeise@seagate.com>
> 
> Implements the new hashing API in the gnutls hash driver.
> Supports creating/destroying a context, updating the context
> with input data and obtaining an output hash.
> 
> Signed-off-by: Alejandro Zeise <alejandro.zeise@seagate.com>
> [ clg: - Dropped qcrypto_hash_supports() in qcrypto_gnutls_hash_new()
>        - Reworked qcrypto_gnutls_hash_finalize()
>        - Handled gnutls_hash_init() errors in qcrypto_gnutls_hash_new()
>        - Replaced gnutls_hash_deinit() by gnutls_hash_output() in
>          qcrypto_gnutls_hash_finalize()
>        - Freed resources with gnutls_hash_deinit() in
>          qcrypto_gnutls_hash_free() ]
> Signed-off-by: Cédric Le Goater <clg@redhat.com>
> ---
>  crypto/hash-gnutls.c | 78 ++++++++++++++++++++++++++++++++++++++++++++
>  1 file changed, 78 insertions(+)

Reviewed-by: Daniel P. Berrangé <berrange@redhat.com>


With regards,
Daniel
-- 
|: https://berrange.com      -o-    https://www.flickr.com/photos/dberrange :|
|: https://libvirt.org         -o-            https://fstop138.berrange.com :|
|: https://entangle-photo.org    -o-    https://www.instagram.com/dberrange :|

[PATCH v5 05/16] crypto/hash-nettle: Implement new hash API

[Cédric Le Goater]

From: Alejandro Zeise <alejandro.zeise@seagate.com>

Implements the new hashing API in the nettle hash driver.
Supports creating/destroying a context, updating the context
with input data and obtaining an output hash.

Signed-off-by: Alejandro Zeise <alejandro.zeise@seagate.com>
[ clg: - Dropped qcrypto_hash_supports() in qcrypto_nettle_hash_new() ]
Signed-off-by: Cédric Le Goater <clg@redhat.com>
---
 crypto/hash-nettle.c | 70 ++++++++++++++++++++++++++++++++++++++++++++
 1 file changed, 70 insertions(+)

diff --git a/crypto/hash-nettle.c b/crypto/hash-nettle.c
index 8b08a9c67531..07e18ce26cba 100644
--- a/crypto/hash-nettle.c
+++ b/crypto/hash-nettle.c
@@ -1,6 +1,7 @@
 /*
  * QEMU Crypto hash algorithms
  *
+ * Copyright (c) 2024 Seagate Technology LLC and/or its Affiliates
  * Copyright (c) 2016 Red Hat, Inc.
  *
  * This library is free software; you can redistribute it and/or
@@ -155,7 +156,76 @@ qcrypto_nettle_hash_bytesv(QCryptoHashAlgo alg,
     return 0;
 }
 
+static
+QCryptoHash *qcrypto_nettle_hash_new(QCryptoHashAlgo alg, Error **errp)
+{
+    QCryptoHash *hash;
+
+    hash = g_new(QCryptoHash, 1);
+    hash->alg = alg;
+    hash->opaque = g_new(union qcrypto_hash_ctx, 1);
+
+    qcrypto_hash_alg_map[alg].init(hash->opaque);
+    return hash;
+}
+
+static
+void qcrypto_nettle_hash_free(QCryptoHash *hash)
+{
+    union qcrypto_hash_ctx *ctx = hash->opaque;
+
+    g_free(ctx);
+    g_free(hash);
+}
+
+static
+int qcrypto_nettle_hash_update(QCryptoHash *hash,
+                               const struct iovec *iov,
+                               size_t niov,
+                               Error **errp)
+{
+    union qcrypto_hash_ctx *ctx = hash->opaque;
+
+    for (int i = 0; i < niov; i++) {
+        /*
+         * Some versions of nettle have functions
+         * declared with 'int' instead of 'size_t'
+         * so to be safe avoid writing more than
+         * UINT_MAX bytes at a time
+         */
+        size_t len = iov[i].iov_len;
+        uint8_t *base = iov[i].iov_base;
+        while (len) {
+            size_t shortlen = MIN(len, UINT_MAX);
+            qcrypto_hash_alg_map[hash->alg].write(ctx, len, base);
+            len -= shortlen;
+            base += len;
+        }
+    }
+
+    return 0;
+}
+
+static
+int qcrypto_nettle_hash_finalize(QCryptoHash *hash,
+                                 uint8_t **result,
+                                 size_t *result_len,
+                                 Error **errp)
+{
+    union qcrypto_hash_ctx *ctx = hash->opaque;
+
+    *result_len = qcrypto_hash_alg_map[hash->alg].len;
+    *result = g_new(uint8_t, *result_len);
+
+    qcrypto_hash_alg_map[hash->alg].result(ctx, *result_len, *result);
+
+    return 0;
+}
 
 QCryptoHashDriver qcrypto_hash_lib_driver = {
     .hash_bytesv = qcrypto_nettle_hash_bytesv,
+    .hash_new      = qcrypto_nettle_hash_new,
+    .hash_update   = qcrypto_nettle_hash_update,
+    .hash_finalize = qcrypto_nettle_hash_finalize,
+    .hash_free     = qcrypto_nettle_hash_free,
 };
-- 
2.46.2

Re: [PATCH v5 05/16] crypto/hash-nettle: Implement new hash API

[Daniel P. Berrangé]

On Tue, Oct 08, 2024 at 09:57:12AM +0200, Cédric Le Goater wrote:
> From: Alejandro Zeise <alejandro.zeise@seagate.com>
> 
> Implements the new hashing API in the nettle hash driver.
> Supports creating/destroying a context, updating the context
> with input data and obtaining an output hash.
> 
> Signed-off-by: Alejandro Zeise <alejandro.zeise@seagate.com>
> [ clg: - Dropped qcrypto_hash_supports() in qcrypto_nettle_hash_new() ]
> Signed-off-by: Cédric Le Goater <clg@redhat.com>
> ---
>  crypto/hash-nettle.c | 70 ++++++++++++++++++++++++++++++++++++++++++++
>  1 file changed, 70 insertions(+)

Reviewed-by: Daniel P. Berrangé <berrange@redhat.com>

> 
> diff --git a/crypto/hash-nettle.c b/crypto/hash-nettle.c
> index 8b08a9c67531..07e18ce26cba 100644
> --- a/crypto/hash-nettle.c
> +++ b/crypto/hash-nettle.c

> +static
> +int qcrypto_nettle_hash_update(QCryptoHash *hash,
> +                               const struct iovec *iov,
> +                               size_t niov,
> +                               Error **errp)
> +{
> +    union qcrypto_hash_ctx *ctx = hash->opaque;
> +
> +    for (int i = 0; i < niov; i++) {
> +        /*
> +         * Some versions of nettle have functions
> +         * declared with 'int' instead of 'size_t'
> +         * so to be safe avoid writing more than
> +         * UINT_MAX bytes at a time
> +         */

This is copying the pre-existing code, and I've just
realized this is now obsolete. We bumped min nettle
to 3.4 ages ago and >= 3.0 is using size_t, so we can
simplify now.

No need to change this though. I'll do that as a 
distinct patch to make it a visible change.

> +        size_t len = iov[i].iov_len;
> +        uint8_t *base = iov[i].iov_base;
> +        while (len) {
> +            size_t shortlen = MIN(len, UINT_MAX);
> +            qcrypto_hash_alg_map[hash->alg].write(ctx, len, base);
> +            len -= shortlen;
> +            base += len;
> +        }
> +    }
> +
> +    return 0;
> +}

With regards,
Daniel
-- 
|: https://berrange.com      -o-    https://www.flickr.com/photos/dberrange :|
|: https://libvirt.org         -o-            https://fstop138.berrange.com :|
|: https://entangle-photo.org    -o-    https://www.instagram.com/dberrange :|

Re: [PATCH v5 05/16] crypto/hash-nettle: Implement new hash API

[Daniel P. Berrangé]

On Thu, Oct 10, 2024 at 11:49:22AM +0100, Daniel P. Berrangé wrote:
> On Tue, Oct 08, 2024 at 09:57:12AM +0200, Cédric Le Goater wrote:
> > From: Alejandro Zeise <alejandro.zeise@seagate.com>
> > 
> > Implements the new hashing API in the nettle hash driver.
> > Supports creating/destroying a context, updating the context
> > with input data and obtaining an output hash.
> > 
> > Signed-off-by: Alejandro Zeise <alejandro.zeise@seagate.com>
> > [ clg: - Dropped qcrypto_hash_supports() in qcrypto_nettle_hash_new() ]
> > Signed-off-by: Cédric Le Goater <clg@redhat.com>
> > ---
> >  crypto/hash-nettle.c | 70 ++++++++++++++++++++++++++++++++++++++++++++
> >  1 file changed, 70 insertions(+)
> 
> Reviewed-by: Daniel P. Berrangé <berrange@redhat.com>
> 
> > 
> > diff --git a/crypto/hash-nettle.c b/crypto/hash-nettle.c
> > index 8b08a9c67531..07e18ce26cba 100644
> > --- a/crypto/hash-nettle.c
> > +++ b/crypto/hash-nettle.c
> 
> > +static
> > +int qcrypto_nettle_hash_update(QCryptoHash *hash,
> > +                               const struct iovec *iov,
> > +                               size_t niov,
> > +                               Error **errp)
> > +{
> > +    union qcrypto_hash_ctx *ctx = hash->opaque;
> > +
> > +    for (int i = 0; i < niov; i++) {
> > +        /*
> > +         * Some versions of nettle have functions
> > +         * declared with 'int' instead of 'size_t'
> > +         * so to be safe avoid writing more than
> > +         * UINT_MAX bytes at a time
> > +         */
> 
> This is copying the pre-existing code, and I've just
> realized this is now obsolete. We bumped min nettle
> to 3.4 ages ago and >= 3.0 is using size_t, so we can
> simplify now.
> 
> No need to change this though. I'll do that as a 
> distinct patch to make it a visible change.
> 
> > +        size_t len = iov[i].iov_len;
> > +        uint8_t *base = iov[i].iov_base;
> > +        while (len) {
> > +            size_t shortlen = MIN(len, UINT_MAX);
> > +            qcrypto_hash_alg_map[hash->alg].write(ctx, len, base);
> > +            len -= shortlen;
> > +            base += len;
> > +        }
> > +    }
> > +
> > +    return 0;
> > +}

I'm going to add the following patch on the end of your series:

commit 638ae66c176f8077ccaac10028812e177224a99f
Author: Daniel P. Berrangé <berrange@redhat.com>
Date:   Thu Oct 10 12:40:49 2024 +0100

    crypto: drop obsolete back compat logic for old nettle
    
    The nettle 2.x series declared all the hash functions with 'int' for
    the data size. Since we dropped support for anything older than 3.4
    we can assume nettle is using 'size_t' and thus avoid the back compat
    looping logic.
    
    Signed-off-by: Daniel P. Berrangé <berrange@redhat.com>

diff --git a/crypto/hash-nettle.c b/crypto/hash-nettle.c
index 570ce8a645..3b847aa60e 100644
--- a/crypto/hash-nettle.c
+++ b/crypto/hash-nettle.c
@@ -135,20 +135,9 @@ int qcrypto_nettle_hash_update(QCryptoHash *hash,
     union qcrypto_hash_ctx *ctx = hash->opaque;
 
     for (int i = 0; i < niov; i++) {
-        /*
-         * Some versions of nettle have functions
-         * declared with 'int' instead of 'size_t'
-         * so to be safe avoid writing more than
-         * UINT_MAX bytes at a time
-         */
-        size_t len = iov[i].iov_len;
-        uint8_t *base = iov[i].iov_base;
-        while (len) {
-            size_t shortlen = MIN(len, UINT_MAX);
-            qcrypto_hash_alg_map[hash->alg].write(ctx, len, base);
-            len -= shortlen;
-            base += len;
-        }
+        qcrypto_hash_alg_map[hash->alg].write(ctx,
+                                              iov[i].iov_len,
+                                              iov[i].iov_base);
     }
 
     return 0;



With regards,
Daniel
-- 
|: https://berrange.com      -o-    https://www.flickr.com/photos/dberrange :|
|: https://libvirt.org         -o-            https://fstop138.berrange.com :|
|: https://entangle-photo.org    -o-    https://www.instagram.com/dberrange :|

Re: [PATCH v5 05/16] crypto/hash-nettle: Implement new hash API

[Cédric Le Goater]

On 10/10/24 13:43, Daniel P. Berrangé wrote:
> On Thu, Oct 10, 2024 at 11:49:22AM +0100, Daniel P. Berrangé wrote:
>> On Tue, Oct 08, 2024 at 09:57:12AM +0200, Cédric Le Goater wrote:
>>> From: Alejandro Zeise <alejandro.zeise@seagate.com>
>>>
>>> Implements the new hashing API in the nettle hash driver.
>>> Supports creating/destroying a context, updating the context
>>> with input data and obtaining an output hash.
>>>
>>> Signed-off-by: Alejandro Zeise <alejandro.zeise@seagate.com>
>>> [ clg: - Dropped qcrypto_hash_supports() in qcrypto_nettle_hash_new() ]
>>> Signed-off-by: Cédric Le Goater <clg@redhat.com>
>>> ---
>>>   crypto/hash-nettle.c | 70 ++++++++++++++++++++++++++++++++++++++++++++
>>>   1 file changed, 70 insertions(+)
>>
>> Reviewed-by: Daniel P. Berrangé <berrange@redhat.com>
>>
>>>
>>> diff --git a/crypto/hash-nettle.c b/crypto/hash-nettle.c
>>> index 8b08a9c67531..07e18ce26cba 100644
>>> --- a/crypto/hash-nettle.c
>>> +++ b/crypto/hash-nettle.c
>>
>>> +static
>>> +int qcrypto_nettle_hash_update(QCryptoHash *hash,
>>> +                               const struct iovec *iov,
>>> +                               size_t niov,
>>> +                               Error **errp)
>>> +{
>>> +    union qcrypto_hash_ctx *ctx = hash->opaque;
>>> +
>>> +    for (int i = 0; i < niov; i++) {
>>> +        /*
>>> +         * Some versions of nettle have functions
>>> +         * declared with 'int' instead of 'size_t'
>>> +         * so to be safe avoid writing more than
>>> +         * UINT_MAX bytes at a time
>>> +         */
>>
>> This is copying the pre-existing code, and I've just
>> realized this is now obsolete. We bumped min nettle
>> to 3.4 ages ago and >= 3.0 is using size_t, so we can
>> simplify now.
>>
>> No need to change this though. I'll do that as a
>> distinct patch to make it a visible change.
>>
>>> +        size_t len = iov[i].iov_len;
>>> +        uint8_t *base = iov[i].iov_base;
>>> +        while (len) {
>>> +            size_t shortlen = MIN(len, UINT_MAX);
>>> +            qcrypto_hash_alg_map[hash->alg].write(ctx, len, base);
>>> +            len -= shortlen;
>>> +            base += len;
>>> +        }
>>> +    }
>>> +
>>> +    return 0;
>>> +}
> 
> I'm going to add the following patch on the end of your series:
> 
> commit 638ae66c176f8077ccaac10028812e177224a99f
> Author: Daniel P. Berrangé <berrange@redhat.com>
> Date:   Thu Oct 10 12:40:49 2024 +0100
> 
>      crypto: drop obsolete back compat logic for old nettle
>      
>      The nettle 2.x series declared all the hash functions with 'int' for
>      the data size. Since we dropped support for anything older than 3.4
>      we can assume nettle is using 'size_t' and thus avoid the back compat
>      looping logic.
>      
>      Signed-off-by: Daniel P. Berrangé <berrange@redhat.com>
> 
> diff --git a/crypto/hash-nettle.c b/crypto/hash-nettle.c
> index 570ce8a645..3b847aa60e 100644
> --- a/crypto/hash-nettle.c
> +++ b/crypto/hash-nettle.c
> @@ -135,20 +135,9 @@ int qcrypto_nettle_hash_update(QCryptoHash *hash,
>       union qcrypto_hash_ctx *ctx = hash->opaque;
>   
>       for (int i = 0; i < niov; i++) {
> -        /*
> -         * Some versions of nettle have functions
> -         * declared with 'int' instead of 'size_t'
> -         * so to be safe avoid writing more than
> -         * UINT_MAX bytes at a time
> -         */
> -        size_t len = iov[i].iov_len;
> -        uint8_t *base = iov[i].iov_base;
> -        while (len) {
> -            size_t shortlen = MIN(len, UINT_MAX);
> -            qcrypto_hash_alg_map[hash->alg].write(ctx, len, base);
> -            len -= shortlen;
> -            base += len;
> -        }
> +        qcrypto_hash_alg_map[hash->alg].write(ctx,
> +                                              iov[i].iov_len,
> +                                              iov[i].iov_base);
>       }
>   
>       return 0;



Reviewed-by: Cédric Le Goater <clg@redhat.com>

Thanks,

C.

[PATCH v5 06/16] util/iov: Introduce iov_send_recv_with_flags()

[Cédric Le Goater]

From: Alejandro Zeise <alejandro.zeise@seagate.com>

In order to support a new update function, a flag needs to be passed
to the kernel via the socket send call (MSG_MORE) to notify it that
more data is to be expected to calculate the hash correctly.

Add a new iov helper for this purpose.

Signed-off-by: Alejandro Zeise <alejandro.zeise@seagate.com>
[ clg: - Split iov changes from original patch
       - Checkpatch fixes ]
Signed-off-by: Cédric Le Goater <clg@redhat.com>
---
 include/qemu/iov.h | 27 +++++++++++++++++++++++++++
 util/iov.c         | 25 ++++++++++++++++++-------
 2 files changed, 45 insertions(+), 7 deletions(-)

diff --git a/include/qemu/iov.h b/include/qemu/iov.h
index 63a1c01965d1..44f9db5cee97 100644
--- a/include/qemu/iov.h
+++ b/include/qemu/iov.h
@@ -1,6 +1,7 @@
 /*
  * Helpers for using (partial) iovecs.
  *
+ * Copyright (c) 2024 Seagate Technology LLC and/or its Affiliates
  * Copyright (C) 2010 Red Hat, Inc.
  *
  * Author(s):
@@ -75,6 +76,32 @@ iov_to_buf(const struct iovec *iov, const unsigned int iov_cnt,
 size_t iov_memset(const struct iovec *iov, const unsigned int iov_cnt,
                   size_t offset, int fillc, size_t bytes);
 
+/*
+ * Send/recv data from/to iovec buffers directly, with the provided
+ * socket flags.
+ *
+ * `offset' bytes in the beginning of iovec buffer are skipped and
+ * next `bytes' bytes are used, which must be within data of iovec.
+ *
+ *   r = iov_send_recv_with_flags(sockfd, sockflags, iov, iovcnt,
+ *                                offset, bytes, true);
+ *
+ * is logically equivalent to
+ *
+ *   char *buf = malloc(bytes);
+ *   iov_to_buf(iov, iovcnt, offset, buf, bytes);
+ *   r = send(sockfd, buf, bytes, sockflags);
+ *   free(buf);
+ *
+ * For iov_send_recv_with_flags() _whole_ area being sent or received
+ * should be within the iovec, not only beginning of it.
+ */
+ssize_t iov_send_recv_with_flags(int sockfd, int sockflags,
+                                 const struct iovec *iov,
+                                 unsigned iov_cnt, size_t offset,
+                                 size_t bytes,
+                                 bool do_send);
+
 /*
  * Send/recv data from/to iovec buffers directly
  *
diff --git a/util/iov.c b/util/iov.c
index 7e73948f5e3d..7777116123d0 100644
--- a/util/iov.c
+++ b/util/iov.c
@@ -3,6 +3,7 @@
  *
  * Copyright IBM, Corp. 2007, 2008
  * Copyright (C) 2010 Red Hat, Inc.
+ * Copyright (c) 2024 Seagate Technology LLC and/or its Affiliates
  *
  * Author(s):
  *  Anthony Liguori <aliguori@us.ibm.com>
@@ -92,7 +93,8 @@ size_t iov_size(const struct iovec *iov, const unsigned int iov_cnt)
 
 /* helper function for iov_send_recv() */
 static ssize_t
-do_send_recv(int sockfd, struct iovec *iov, unsigned iov_cnt, bool do_send)
+do_send_recv(int sockfd, int flags, struct iovec *iov, unsigned iov_cnt,
+             bool do_send)
 {
 #ifdef CONFIG_POSIX
     ssize_t ret;
@@ -102,8 +104,8 @@ do_send_recv(int sockfd, struct iovec *iov, unsigned iov_cnt, bool do_send)
     msg.msg_iovlen = iov_cnt;
     do {
         ret = do_send
-            ? sendmsg(sockfd, &msg, 0)
-            : recvmsg(sockfd, &msg, 0);
+            ? sendmsg(sockfd, &msg, flags)
+            : recvmsg(sockfd, &msg, flags);
     } while (ret < 0 && errno == EINTR);
     return ret;
 #else
@@ -114,8 +116,8 @@ do_send_recv(int sockfd, struct iovec *iov, unsigned iov_cnt, bool do_send)
     ssize_t off = 0;
     while (i < iov_cnt) {
         ssize_t r = do_send
-            ? send(sockfd, iov[i].iov_base + off, iov[i].iov_len - off, 0)
-            : recv(sockfd, iov[i].iov_base + off, iov[i].iov_len - off, 0);
+            ? send(sockfd, iov[i].iov_base + off, iov[i].iov_len - off, flags)
+            : recv(sockfd, iov[i].iov_base + off, iov[i].iov_len - off, flags);
         if (r > 0) {
             ret += r;
             off += r;
@@ -144,6 +146,15 @@ do_send_recv(int sockfd, struct iovec *iov, unsigned iov_cnt, bool do_send)
 ssize_t iov_send_recv(int sockfd, const struct iovec *_iov, unsigned iov_cnt,
                       size_t offset, size_t bytes,
                       bool do_send)
+{
+    return iov_send_recv_with_flags(sockfd, 0, _iov, iov_cnt, offset, bytes,
+                                    do_send);
+}
+
+ssize_t iov_send_recv_with_flags(int sockfd, int sockflags,
+                                 const struct iovec *_iov,
+                                 unsigned iov_cnt, size_t offset,
+                                 size_t bytes, bool do_send)
 {
     ssize_t total = 0;
     ssize_t ret;
@@ -192,11 +203,11 @@ ssize_t iov_send_recv(int sockfd, const struct iovec *_iov, unsigned iov_cnt,
             assert(iov[niov].iov_len > tail);
             orig_len = iov[niov].iov_len;
             iov[niov++].iov_len = tail;
-            ret = do_send_recv(sockfd, iov, niov, do_send);
+            ret = do_send_recv(sockfd, sockflags, iov, niov, do_send);
             /* Undo the changes above before checking for errors */
             iov[niov-1].iov_len = orig_len;
         } else {
-            ret = do_send_recv(sockfd, iov, niov, do_send);
+            ret = do_send_recv(sockfd, sockflags, iov, niov, do_send);
         }
         if (offset) {
             iov[0].iov_base -= offset;
-- 
2.46.2

Re: [PATCH v5 06/16] util/iov: Introduce iov_send_recv_with_flags()

[Daniel P. Berrangé]

On Tue, Oct 08, 2024 at 09:57:13AM +0200, Cédric Le Goater wrote:
> From: Alejandro Zeise <alejandro.zeise@seagate.com>
> 
> In order to support a new update function, a flag needs to be passed
> to the kernel via the socket send call (MSG_MORE) to notify it that
> more data is to be expected to calculate the hash correctly.
> 
> Add a new iov helper for this purpose.
> 
> Signed-off-by: Alejandro Zeise <alejandro.zeise@seagate.com>
> [ clg: - Split iov changes from original patch
>        - Checkpatch fixes ]
> Signed-off-by: Cédric Le Goater <clg@redhat.com>
> ---
>  include/qemu/iov.h | 27 +++++++++++++++++++++++++++
>  util/iov.c         | 25 ++++++++++++++++++-------
>  2 files changed, 45 insertions(+), 7 deletions(-)

Reviewed-by: Daniel P. Berrangé <berrange@redhat.com>



With regards,
Daniel
-- 
|: https://berrange.com      -o-    https://www.flickr.com/photos/dberrange :|
|: https://libvirt.org         -o-            https://fstop138.berrange.com :|
|: https://entangle-photo.org    -o-    https://www.instagram.com/dberrange :|

[PATCH v5 07/16] crypto/hash-afalg: Implement new hash API

[Cédric Le Goater]

From: Alejandro Zeise <alejandro.zeise@seagate.com>

Updates the afalg hash driver to support the new accumulative
hashing changes as part of the patch series.

Implements opening/closing of contexts, updating hash data
and finalizing the hash digest.

In order to support the update function, a flag needs to be passed
to the kernel via the socket send call (MSG_MORE) to notify it that more
data is to be expected to calculate the hash correctly.
As a result, a new function was added to the iov helper utils to allow
passing a flag to the socket send call.

Signed-off-by: Alejandro Zeise <alejandro.zeise@seagate.com>
[ clg: - Handled qcrypto_afalg_hash_ctx_new() errors in
         qcrypto_afalg_hash_new()
       - Freed alg_name in qcrypto_afalg_hash_new()
       - Reworked qcrypto_afalg_recv_from_kernel()
       - Split iov changes from original patch ]
Signed-off-by: Cédric Le Goater <clg@redhat.com>
---
 crypto/hash-afalg.c | 127 ++++++++++++++++++++++++++++++++++++++++++++
 1 file changed, 127 insertions(+)

diff --git a/crypto/hash-afalg.c b/crypto/hash-afalg.c
index 28ab899b18f6..5fbbee288e9b 100644
--- a/crypto/hash-afalg.c
+++ b/crypto/hash-afalg.c
@@ -1,6 +1,7 @@
 /*
  * QEMU Crypto af_alg-backend hash/hmac support
  *
+ * Copyright (c) 2024 Seagate Technology LLC and/or its Affiliates
  * Copyright (c) 2017 HUAWEI TECHNOLOGIES CO., LTD.
  *
  * Authors:
@@ -113,6 +114,128 @@ qcrypto_afalg_hmac_ctx_new(QCryptoHashAlgo alg,
     return qcrypto_afalg_hash_hmac_ctx_new(alg, key, nkey, true, errp);
 }
 
+static
+QCryptoHash *qcrypto_afalg_hash_new(QCryptoHashAlgo alg, Error **errp)
+{
+    /* Check if hash algorithm is supported */
+    char *alg_name = qcrypto_afalg_hash_format_name(alg, false, NULL);
+    QCryptoHash *hash;
+
+    if (alg_name == NULL) {
+        error_setg(errp, "Unknown hash algorithm %d", alg);
+        return NULL;
+    }
+
+    g_free(alg_name);
+
+    hash = g_new(QCryptoHash, 1);
+    hash->alg = alg;
+    hash->opaque = qcrypto_afalg_hash_ctx_new(alg, errp);
+    if (!hash->opaque) {
+        free(hash);
+        return NULL;
+    }
+
+    return hash;
+}
+
+static
+void qcrypto_afalg_hash_free(QCryptoHash *hash)
+{
+    QCryptoAFAlg *ctx = hash->opaque;
+
+    if (ctx) {
+        qcrypto_afalg_comm_free(ctx);
+    }
+
+    g_free(hash);
+}
+
+/**
+ * Send data to the kernel's crypto core.
+ *
+ * The more_data parameter is used to notify the crypto engine
+ * that this is an "update" operation, and that more data will
+ * be provided to calculate the final hash.
+ */
+static
+int qcrypto_afalg_send_to_kernel(QCryptoAFAlg *afalg,
+                                 const struct iovec *iov,
+                                 size_t niov,
+                                 bool more_data,
+                                 Error **errp)
+{
+    int ret = 0;
+    int flags = (more_data ? MSG_MORE : 0);
+
+    /* send data to kernel's crypto core */
+    ret = iov_send_recv_with_flags(afalg->opfd, flags, iov, niov,
+                                   0, iov_size(iov, niov), true);
+    if (ret < 0) {
+        error_setg_errno(errp, errno, "Send data to afalg-core failed");
+        ret = -1;
+    } else {
+        /* No error, so return 0 */
+        ret = 0;
+    }
+
+    return ret;
+}
+
+static
+int qcrypto_afalg_recv_from_kernel(QCryptoAFAlg *afalg,
+                                   QCryptoHashAlgo alg,
+                                   uint8_t **result,
+                                   size_t *result_len,
+                                   Error **errp)
+{
+    struct iovec outv;
+    int ret;
+    const int expected_len = qcrypto_hash_digest_len(alg);
+
+    if (*result_len == 0) {
+        *result_len = expected_len;
+        *result = g_new0(uint8_t, *result_len);
+    } else if (*result_len != expected_len) {
+        error_setg(errp,
+                   "Result buffer size %zu is not match hash %d",
+                   *result_len, expected_len);
+        return -1;
+    }
+
+    /* hash && get result */
+    outv.iov_base = *result;
+    outv.iov_len = *result_len;
+    ret = iov_send_recv(afalg->opfd, &outv, 1,
+                        0, iov_size(&outv, 1), false);
+    if (ret < 0) {
+        error_setg_errno(errp, errno, "Recv result from afalg-core failed");
+        return -1;
+    }
+
+    return 0;
+}
+
+static
+int qcrypto_afalg_hash_update(QCryptoHash *hash,
+                              const struct iovec *iov,
+                              size_t niov,
+                              Error **errp)
+{
+    return qcrypto_afalg_send_to_kernel((QCryptoAFAlg *) hash->opaque,
+                                        iov, niov, true, errp);
+}
+
+static
+int qcrypto_afalg_hash_finalize(QCryptoHash *hash,
+                                 uint8_t **result,
+                                 size_t *result_len,
+                                 Error **errp)
+{
+    return qcrypto_afalg_recv_from_kernel((QCryptoAFAlg *) hash->opaque,
+                                          hash->alg, result, result_len, errp);
+}
+
 static int
 qcrypto_afalg_hash_hmac_bytesv(QCryptoAFAlgo *hmac,
                                QCryptoHashAlgo alg,
@@ -205,6 +328,10 @@ static void qcrypto_afalg_hmac_ctx_free(QCryptoHmac *hmac)
 
 QCryptoHashDriver qcrypto_hash_afalg_driver = {
     .hash_bytesv = qcrypto_afalg_hash_bytesv,
+    .hash_new      = qcrypto_afalg_hash_new,
+    .hash_free     = qcrypto_afalg_hash_free,
+    .hash_update   = qcrypto_afalg_hash_update,
+    .hash_finalize = qcrypto_afalg_hash_finalize
 };
 
 QCryptoHmacDriver qcrypto_hmac_afalg_driver = {
-- 
2.46.2

Re: [PATCH v5 07/16] crypto/hash-afalg: Implement new hash API

[Daniel P. Berrangé]

On Tue, Oct 08, 2024 at 09:57:14AM +0200, Cédric Le Goater wrote:
> From: Alejandro Zeise <alejandro.zeise@seagate.com>
> 
> Updates the afalg hash driver to support the new accumulative
> hashing changes as part of the patch series.
> 
> Implements opening/closing of contexts, updating hash data
> and finalizing the hash digest.
> 
> In order to support the update function, a flag needs to be passed
> to the kernel via the socket send call (MSG_MORE) to notify it that more
> data is to be expected to calculate the hash correctly.
> As a result, a new function was added to the iov helper utils to allow
> passing a flag to the socket send call.
> 
> Signed-off-by: Alejandro Zeise <alejandro.zeise@seagate.com>
> [ clg: - Handled qcrypto_afalg_hash_ctx_new() errors in
>          qcrypto_afalg_hash_new()
>        - Freed alg_name in qcrypto_afalg_hash_new()
>        - Reworked qcrypto_afalg_recv_from_kernel()
>        - Split iov changes from original patch ]
> Signed-off-by: Cédric Le Goater <clg@redhat.com>
> ---
>  crypto/hash-afalg.c | 127 ++++++++++++++++++++++++++++++++++++++++++++
>  1 file changed, 127 insertions(+)

Reviewed-by: Daniel P. Berrangé <berrange@redhat.com>


With regards,
Daniel
-- 
|: https://berrange.com      -o-    https://www.flickr.com/photos/dberrange :|
|: https://libvirt.org         -o-            https://fstop138.berrange.com :|
|: https://entangle-photo.org    -o-    https://www.instagram.com/dberrange :|

[PATCH v5 08/16] crypto/hash: Implement and use new hash API

[Cédric Le Goater]

From: Alejandro Zeise <alejandro.zeise@seagate.com>

Changes the public hash API implementation to support accumulative hashing.

Implementations for the public functions are added to call the new
driver functions that implement context creation, updating,
finalization, and destruction.

Additionally changes the "shortcut" functions to use these 4 new core
functions.

Signed-off-by: Alejandro Zeise <alejandro.zeise@seagate.com>
[ clg: - Reworked qcrypto_hash_bytesv() error handling
       - Used hash->driver int qcrypto_hash_new(), qcrypto_hash_free()
         qcrypto_hash_updatev()
       - Introduced qcrypto_hash_supports() check in
         qcrypto_hash_new()
       - Introduced g_autofree variables in qcrypto_hash_finalize_digest()
         and qcrypto_hash_finalize_base64()
       - Re-arrranged code in qcrypto_hash_digestv() and
         qcrypto_hash_digest()
       - Checkpatch fixes ]
Signed-off-by: Cédric Le Goater <clg@redhat.com>
---
 crypto/hash.c | 161 ++++++++++++++++++++++++++++++++++++++++----------
 1 file changed, 131 insertions(+), 30 deletions(-)

diff --git a/crypto/hash.c b/crypto/hash.c
index 4a265582b80a..0c8548c5683c 100644
--- a/crypto/hash.c
+++ b/crypto/hash.c
@@ -1,6 +1,7 @@
 /*
  * QEMU Crypto hash algorithms
  *
+ * Copyright (c) 2024 Seagate Technology LLC and/or its Affiliates
  * Copyright (c) 2015 Red Hat, Inc.
  *
  * This library is free software; you can redistribute it and/or
@@ -19,6 +20,8 @@
  */
 
 #include "qemu/osdep.h"
+#include "qapi/error.h"
+#include "qapi-types-crypto.h"
 #include "crypto/hash.h"
 #include "hashpriv.h"
 
@@ -45,23 +48,18 @@ int qcrypto_hash_bytesv(QCryptoHashAlgo alg,
                         size_t *resultlen,
                         Error **errp)
 {
-#ifdef CONFIG_AF_ALG
-    int ret;
-    /*
-     * TODO:
-     * Maybe we should treat some afalg errors as fatal
-     */
-    ret = qcrypto_hash_afalg_driver.hash_bytesv(alg, iov, niov,
-                                                result, resultlen,
-                                                NULL);
-    if (ret == 0) {
-        return ret;
+    g_autoptr(QCryptoHash) ctx = qcrypto_hash_new(alg, errp);
+
+    if (!ctx) {
+        return -1;
+    }
+
+    if (qcrypto_hash_updatev(ctx, iov, niov, errp) < 0 ||
+        qcrypto_hash_finalize_bytes(ctx, result, resultlen, errp) < 0) {
+        return -1;
     }
-#endif
 
-    return qcrypto_hash_lib_driver.hash_bytesv(alg, iov, niov,
-                                               result, resultlen,
-                                               errp);
+    return 0;
 }
 
 
@@ -77,29 +75,130 @@ int qcrypto_hash_bytes(QCryptoHashAlgo alg,
     return qcrypto_hash_bytesv(alg, &iov, 1, result, resultlen, errp);
 }
 
+int qcrypto_hash_updatev(QCryptoHash *hash,
+                         const struct iovec *iov,
+                         size_t niov,
+                         Error **errp)
+{
+    QCryptoHashDriver *drv = hash->driver;
+
+    return drv->hash_update(hash, iov, niov, errp);
+}
+
+int qcrypto_hash_update(QCryptoHash *hash,
+                        const char *buf,
+                        size_t len,
+                        Error **errp)
+{
+    struct iovec iov = { .iov_base = (char *)buf, .iov_len = len };
+
+    return qcrypto_hash_updatev(hash, &iov, 1, errp);
+}
+
+QCryptoHash *qcrypto_hash_new(QCryptoHashAlgo alg, Error **errp)
+{
+    QCryptoHash *hash = NULL;
+
+    if (!qcrypto_hash_supports(alg)) {
+        error_setg(errp, "Unsupported hash algorithm %s",
+                   QCryptoHashAlgo_str(alg));
+        return NULL;
+   }
+
+#ifdef CONFIG_AF_ALG
+    hash = qcrypto_hash_afalg_driver.hash_new(alg, NULL);
+    if (hash) {
+        hash->driver = &qcrypto_hash_afalg_driver;
+        return hash;
+    }
+#endif
+
+    hash = qcrypto_hash_lib_driver.hash_new(alg, errp);
+    if (!hash) {
+        return NULL;
+    }
+
+    hash->driver = &qcrypto_hash_lib_driver;
+    return hash;
+}
+
+void qcrypto_hash_free(QCryptoHash *hash)
+{
+   QCryptoHashDriver *drv;
+
+    if (hash) {
+        drv = hash->driver;
+        drv->hash_free(hash);
+    }
+}
+
+int qcrypto_hash_finalize_bytes(QCryptoHash *hash,
+                                uint8_t **result,
+                                size_t *result_len,
+                                Error **errp)
+{
+    QCryptoHashDriver *drv = hash->driver;
+
+    return drv->hash_finalize(hash, result, result_len, errp);
+}
+
 static const char hex[] = "0123456789abcdef";
 
+int qcrypto_hash_finalize_digest(QCryptoHash *hash,
+                                 char **digest,
+                                 Error **errp)
+{
+    int ret;
+    g_autofree uint8_t *result = NULL;
+    size_t resultlen = 0;
+    size_t i;
+
+    ret = qcrypto_hash_finalize_bytes(hash, &result, &resultlen, errp);
+    if (ret == 0) {
+        *digest = g_new0(char, (resultlen * 2) + 1);
+        for (i = 0 ; i < resultlen ; i++) {
+            (*digest)[(i * 2)] = hex[(result[i] >> 4) & 0xf];
+            (*digest)[(i * 2) + 1] = hex[result[i] & 0xf];
+        }
+        (*digest)[resultlen * 2] = '\0';
+    }
+
+    return ret;
+}
+
+int qcrypto_hash_finalize_base64(QCryptoHash *hash,
+                                 char **base64,
+                                 Error **errp)
+{
+    int ret;
+    g_autofree uint8_t *result = NULL;
+    size_t resultlen = 0;
+
+    ret = qcrypto_hash_finalize_bytes(hash, &result, &resultlen, errp);
+    if (ret == 0) {
+        *base64 = g_base64_encode(result, resultlen);
+    }
+
+    return ret;
+}
+
 int qcrypto_hash_digestv(QCryptoHashAlgo alg,
                          const struct iovec *iov,
                          size_t niov,
                          char **digest,
                          Error **errp)
 {
-    uint8_t *result = NULL;
-    size_t resultlen = 0;
-    size_t i;
+    g_autoptr(QCryptoHash) ctx = qcrypto_hash_new(alg, errp);
 
-    if (qcrypto_hash_bytesv(alg, iov, niov, &result, &resultlen, errp) < 0) {
+    if (!ctx) {
         return -1;
     }
 
-    *digest = g_new0(char, (resultlen * 2) + 1);
-    for (i = 0 ; i < resultlen ; i++) {
-        (*digest)[(i * 2)] = hex[(result[i] >> 4) & 0xf];
-        (*digest)[(i * 2) + 1] = hex[result[i] & 0xf];
+    if (qcrypto_hash_updatev(ctx, iov, niov, errp) < 0 ||
+        qcrypto_hash_finalize_digest(ctx, digest, errp) < 0) {
+        return -1;
     }
-    (*digest)[resultlen * 2] = '\0';
-    g_free(result);
+
     return 0;
 }
 
@@ -120,15 +219,17 @@ int qcrypto_hash_base64v(QCryptoHashAlgo alg,
                          char **base64,
                          Error **errp)
 {
-    uint8_t *result = NULL;
-    size_t resultlen = 0;
+    g_autoptr(QCryptoHash) ctx = qcrypto_hash_new(alg, errp);
+
+    if (!ctx) {
+        return -1;
+    }
 
-    if (qcrypto_hash_bytesv(alg, iov, niov, &result, &resultlen, errp) < 0) {
+    if (qcrypto_hash_updatev(ctx, iov, niov, errp) < 0 ||
+        qcrypto_hash_finalize_base64(ctx, base64, errp) < 0) {
         return -1;
     }
 
-    *base64 = g_base64_encode(result, resultlen);
-    g_free(result);
     return 0;
 }
 
-- 
2.46.2

Re: [PATCH v5 08/16] crypto/hash: Implement and use new hash API

[Daniel P. Berrangé]

On Tue, Oct 08, 2024 at 09:57:15AM +0200, Cédric Le Goater wrote:
> From: Alejandro Zeise <alejandro.zeise@seagate.com>
> 
> Changes the public hash API implementation to support accumulative hashing.
> 
> Implementations for the public functions are added to call the new
> driver functions that implement context creation, updating,
> finalization, and destruction.
> 
> Additionally changes the "shortcut" functions to use these 4 new core
> functions.
> 
> Signed-off-by: Alejandro Zeise <alejandro.zeise@seagate.com>
> [ clg: - Reworked qcrypto_hash_bytesv() error handling
>        - Used hash->driver int qcrypto_hash_new(), qcrypto_hash_free()
>          qcrypto_hash_updatev()
>        - Introduced qcrypto_hash_supports() check in
>          qcrypto_hash_new()
>        - Introduced g_autofree variables in qcrypto_hash_finalize_digest()
>          and qcrypto_hash_finalize_base64()
>        - Re-arrranged code in qcrypto_hash_digestv() and
>          qcrypto_hash_digest()
>        - Checkpatch fixes ]
> Signed-off-by: Cédric Le Goater <clg@redhat.com>
> ---
>  crypto/hash.c | 161 ++++++++++++++++++++++++++++++++++++++++----------
>  1 file changed, 131 insertions(+), 30 deletions(-)

Reviewed-by: Daniel P. Berrangé <berrange@redhat.com>


With regards,
Daniel
-- 
|: https://berrange.com      -o-    https://www.flickr.com/photos/dberrange :|
|: https://libvirt.org         -o-            https://fstop138.berrange.com :|
|: https://entangle-photo.org    -o-    https://www.instagram.com/dberrange :|

[PATCH v5 09/16] tests/unit/test-crypto-hash: accumulative hashing

[Cédric Le Goater]

From: Alejandro Zeise <alejandro.zeise@seagate.com>

Added an accumulative hashing test. Checks for functionality of
the new hash create, update, finalize and free functions.

Signed-off-by: Alejandro Zeise <alejandro.zeise@seagate.com>
[ clg: - Improved test_hash_accumulate() with g_autofree variables ]
Signed-off-by: Cédric Le Goater <clg@redhat.com>
---
 tests/unit/test-crypto-hash.c | 46 +++++++++++++++++++++++++++++++++++
 1 file changed, 46 insertions(+)

diff --git a/tests/unit/test-crypto-hash.c b/tests/unit/test-crypto-hash.c
index 124d204485d8..e5829ca766dc 100644
--- a/tests/unit/test-crypto-hash.c
+++ b/tests/unit/test-crypto-hash.c
@@ -1,6 +1,7 @@
 /*
  * QEMU Crypto hash algorithms
  *
+ * Copyright (c) 2024 Seagate Technology LLC and/or its Affiliates
  * Copyright (c) 2015 Red Hat, Inc.
  *
  * This library is free software; you can redistribute it and/or
@@ -241,6 +242,50 @@ static void test_hash_base64(void)
     }
 }
 
+static void test_hash_accumulate(void)
+{
+    size_t i;
+
+    for (i = 0; i < G_N_ELEMENTS(expected_outputs) ; i++) {
+        g_autoptr(QCryptoHash) hash = NULL;
+        struct iovec iov[] = {
+            { .iov_base = (char *)INPUT_TEXT1, .iov_len = strlen(INPUT_TEXT1) },
+            { .iov_base = (char *)INPUT_TEXT2, .iov_len = strlen(INPUT_TEXT2) },
+            { .iov_base = (char *)INPUT_TEXT3, .iov_len = strlen(INPUT_TEXT3) },
+        };
+        g_autofree uint8_t *result = NULL;
+        size_t resultlen = 0;
+        int ret;
+        size_t j;
+
+        if (!qcrypto_hash_supports(i)) {
+            continue;
+        }
+
+        hash = qcrypto_hash_new(i, &error_fatal);
+        g_assert(hash != NULL);
+
+        /* Add each iovec to the hash context separately */
+        for (j = 0; j < G_N_ELEMENTS(iov); j++) {
+            ret = qcrypto_hash_updatev(hash,
+                                      &iov[j], 1,
+                                      &error_fatal);
+
+            g_assert(ret == 0);
+        }
+
+        ret = qcrypto_hash_finalize_bytes(hash, &result, &resultlen,
+                                          &error_fatal);
+
+        g_assert(ret == 0);
+        g_assert(resultlen == expected_lens[i]);
+        for (j = 0; j < resultlen; j++) {
+            g_assert(expected_outputs[i][j * 2] == hex[(result[j] >> 4) & 0xf]);
+            g_assert(expected_outputs[i][j * 2 + 1] == hex[result[j] & 0xf]);
+        }
+    }
+}
+
 int main(int argc, char **argv)
 {
     int ret = qcrypto_init(&error_fatal);
@@ -252,5 +297,6 @@ int main(int argc, char **argv)
     g_test_add_func("/crypto/hash/prealloc", test_hash_prealloc);
     g_test_add_func("/crypto/hash/digest", test_hash_digest);
     g_test_add_func("/crypto/hash/base64", test_hash_base64);
+    g_test_add_func("/crypto/hash/accumulate", test_hash_accumulate);
     return g_test_run();
 }
-- 
2.46.2

Re: [PATCH v5 09/16] tests/unit/test-crypto-hash: accumulative hashing

[Daniel P. Berrangé]

On Tue, Oct 08, 2024 at 09:57:16AM +0200, Cédric Le Goater wrote:
> From: Alejandro Zeise <alejandro.zeise@seagate.com>
> 
> Added an accumulative hashing test. Checks for functionality of
> the new hash create, update, finalize and free functions.
> 
> Signed-off-by: Alejandro Zeise <alejandro.zeise@seagate.com>
> [ clg: - Improved test_hash_accumulate() with g_autofree variables ]
> Signed-off-by: Cédric Le Goater <clg@redhat.com>
> ---
>  tests/unit/test-crypto-hash.c | 46 +++++++++++++++++++++++++++++++++++
>  1 file changed, 46 insertions(+)

Reviewed-by: Daniel P. Berrangé <berrange@redhat.com>


With regards,
Daniel
-- 
|: https://berrange.com      -o-    https://www.flickr.com/photos/dberrange :|
|: https://libvirt.org         -o-            https://fstop138.berrange.com :|
|: https://entangle-photo.org    -o-    https://www.instagram.com/dberrange :|

[PATCH v5 10/16] crypto/hash-glib: Remove old hash API functions

[Cédric Le Goater]

From: Alejandro Zeise <alejandro.zeise@seagate.com>

Removes old hash implement-ion in the GLib hash driver.

Signed-off-by: Alejandro Zeise <alejandro.zeise@seagate.com>
Reviewed-by: Daniel P. Berrangé <berrange@redhat.com>
[ clg: - Fixed spelling in commit log ]
Signed-off-by: Cédric Le Goater <clg@redhat.com>
---
 crypto/hash-glib.c | 53 ----------------------------------------------
 1 file changed, 53 deletions(-)

diff --git a/crypto/hash-glib.c b/crypto/hash-glib.c
index 783283facc18..02a6ec1edf9f 100644
--- a/crypto/hash-glib.c
+++ b/crypto/hash-glib.c
@@ -44,58 +44,6 @@ gboolean qcrypto_hash_supports(QCryptoHashAlgo alg)
     return false;
 }
 
-
-static int
-qcrypto_glib_hash_bytesv(QCryptoHashAlgo alg,
-                         const struct iovec *iov,
-                         size_t niov,
-                         uint8_t **result,
-                         size_t *resultlen,
-                         Error **errp)
-{
-    int i, ret;
-    GChecksum *cs;
-
-    if (!qcrypto_hash_supports(alg)) {
-        error_setg(errp,
-                   "Unknown hash algorithm %d",
-                   alg);
-        return -1;
-    }
-
-    cs = g_checksum_new(qcrypto_hash_alg_map[alg]);
-
-    for (i = 0; i < niov; i++) {
-        g_checksum_update(cs, iov[i].iov_base, iov[i].iov_len);
-    }
-
-    ret = g_checksum_type_get_length(qcrypto_hash_alg_map[alg]);
-    if (ret < 0) {
-        error_setg(errp, "%s",
-                   "Unable to get hash length");
-        goto error;
-    }
-    if (*resultlen == 0) {
-        *resultlen = ret;
-        *result = g_new0(uint8_t, *resultlen);
-    } else if (*resultlen != ret) {
-        error_setg(errp,
-                   "Result buffer size %zu is smaller than hash %d",
-                   *resultlen, ret);
-        goto error;
-    }
-
-    g_checksum_get_digest(cs, *result, resultlen);
-
-    g_checksum_free(cs);
-    return 0;
-
- error:
-    g_checksum_free(cs);
-    return -1;
-}
-
-
 static
 QCryptoHash *qcrypto_glib_hash_new(QCryptoHashAlgo alg,
                                    Error **errp)
@@ -159,7 +107,6 @@ int qcrypto_glib_hash_finalize(QCryptoHash *hash,
 }
 
 QCryptoHashDriver qcrypto_hash_lib_driver = {
-    .hash_bytesv = qcrypto_glib_hash_bytesv,
     .hash_new      = qcrypto_glib_hash_new,
     .hash_update   = qcrypto_glib_hash_update,
     .hash_finalize = qcrypto_glib_hash_finalize,
-- 
2.46.2

[PATCH v5 11/16] crypto/hash-gcrypt: Remove old hash API functions

[Cédric Le Goater]

From: Alejandro Zeise <alejandro.zeise@seagate.com>

Removes old hash implementation in the gcrypt hash driver.

Signed-off-by: Alejandro Zeise <alejandro.zeise@seagate.com>
Reviewed-by: Daniel P. Berrangé <berrange@redhat.com>
[ clg: - Fixed spelling in commit log ]
Signed-off-by: Cédric Le Goater <clg@redhat.com>
---
 crypto/hash-gcrypt.c | 67 --------------------------------------------
 1 file changed, 67 deletions(-)

diff --git a/crypto/hash-gcrypt.c b/crypto/hash-gcrypt.c
index cb2cb37f25ed..ccc3cce3f8ab 100644
--- a/crypto/hash-gcrypt.c
+++ b/crypto/hash-gcrypt.c
@@ -45,72 +45,6 @@ gboolean qcrypto_hash_supports(QCryptoHashAlgo alg)
     return false;
 }
 
-
-static int
-qcrypto_gcrypt_hash_bytesv(QCryptoHashAlgo alg,
-                           const struct iovec *iov,
-                           size_t niov,
-                           uint8_t **result,
-                           size_t *resultlen,
-                           Error **errp)
-{
-    int i, ret;
-    gcry_md_hd_t md;
-    unsigned char *digest;
-
-    if (!qcrypto_hash_supports(alg)) {
-        error_setg(errp,
-                   "Unknown hash algorithm %d",
-                   alg);
-        return -1;
-    }
-
-    ret = gcry_md_open(&md, qcrypto_hash_alg_map[alg], 0);
-
-    if (ret < 0) {
-        error_setg(errp,
-                   "Unable to initialize hash algorithm: %s",
-                   gcry_strerror(ret));
-        return -1;
-    }
-
-    for (i = 0; i < niov; i++) {
-        gcry_md_write(md, iov[i].iov_base, iov[i].iov_len);
-    }
-
-    ret = gcry_md_get_algo_dlen(qcrypto_hash_alg_map[alg]);
-    if (ret <= 0) {
-        error_setg(errp,
-                   "Unable to get hash length: %s",
-                   gcry_strerror(ret));
-        goto error;
-    }
-    if (*resultlen == 0) {
-        *resultlen = ret;
-        *result = g_new0(uint8_t, *resultlen);
-    } else if (*resultlen != ret) {
-        error_setg(errp,
-                   "Result buffer size %zu is smaller than hash %d",
-                   *resultlen, ret);
-        goto error;
-    }
-
-    digest = gcry_md_read(md, 0);
-    if (!digest) {
-        error_setg(errp,
-                   "No digest produced");
-        goto error;
-    }
-    memcpy(*result, digest, *resultlen);
-
-    gcry_md_close(md);
-    return 0;
-
- error:
-    gcry_md_close(md);
-    return -1;
-}
-
 static
 QCryptoHash *qcrypto_gcrypt_hash_new(QCryptoHashAlgo alg, Error **errp)
 {
@@ -187,7 +121,6 @@ int qcrypto_gcrypt_hash_finalize(QCryptoHash *hash,
 }
 
 QCryptoHashDriver qcrypto_hash_lib_driver = {
-    .hash_bytesv = qcrypto_gcrypt_hash_bytesv,
     .hash_new      = qcrypto_gcrypt_hash_new,
     .hash_update   = qcrypto_gcrypt_hash_update,
     .hash_finalize = qcrypto_gcrypt_hash_finalize,
-- 
2.46.2

[PATCH v5 12/16] crypto/hash-gnutls: Remove old hash API functions

[Cédric Le Goater]

From: Alejandro Zeise <alejandro.zeise@seagate.com>

Removes old hash implementation in the gnutls hash driver.

Signed-off-by: Alejandro Zeise <alejandro.zeise@seagate.com>
Reviewed-by: Daniel P. Berrangé <berrange@redhat.com>
[ clg: - Fixed spelling in commit log ]
Signed-off-by: Cédric Le Goater <clg@redhat.com>
---
 crypto/hash-gnutls.c | 47 --------------------------------------------
 1 file changed, 47 deletions(-)

diff --git a/crypto/hash-gnutls.c b/crypto/hash-gnutls.c
index 8b0327be82cf..34a63994c9ff 100644
--- a/crypto/hash-gnutls.c
+++ b/crypto/hash-gnutls.c
@@ -53,52 +53,6 @@ gboolean qcrypto_hash_supports(QCryptoHashAlgo alg)
     return false;
 }
 
-
-static int
-qcrypto_gnutls_hash_bytesv(QCryptoHashAlgo alg,
-                           const struct iovec *iov,
-                           size_t niov,
-                           uint8_t **result,
-                           size_t *resultlen,
-                           Error **errp)
-{
-    int i, ret;
-    gnutls_hash_hd_t hash;
-
-    if (!qcrypto_hash_supports(alg)) {
-        error_setg(errp,
-                   "Unknown hash algorithm %d",
-                   alg);
-        return -1;
-    }
-
-    ret = gnutls_hash_get_len(qcrypto_hash_alg_map[alg]);
-    if (*resultlen == 0) {
-        *resultlen = ret;
-        *result = g_new0(uint8_t, *resultlen);
-    } else if (*resultlen != ret) {
-        error_setg(errp,
-                   "Result buffer size %zu is smaller than hash %d",
-                   *resultlen, ret);
-        return -1;
-    }
-
-    ret = gnutls_hash_init(&hash, qcrypto_hash_alg_map[alg]);
-    if (ret < 0) {
-        error_setg(errp,
-                   "Unable to initialize hash algorithm: %s",
-                   gnutls_strerror(ret));
-        return -1;
-    }
-
-    for (i = 0; i < niov; i++) {
-        gnutls_hash(hash, iov[i].iov_base, iov[i].iov_len);
-    }
-
-    gnutls_hash_deinit(hash, *result);
-    return 0;
-}
-
 static
 QCryptoHash *qcrypto_gnutls_hash_new(QCryptoHashAlgo alg, Error **errp)
 {
@@ -174,7 +128,6 @@ int qcrypto_gnutls_hash_finalize(QCryptoHash *hash,
 }
 
 QCryptoHashDriver qcrypto_hash_lib_driver = {
-    .hash_bytesv = qcrypto_gnutls_hash_bytesv,
     .hash_new      = qcrypto_gnutls_hash_new,
     .hash_update   = qcrypto_gnutls_hash_update,
     .hash_finalize = qcrypto_gnutls_hash_finalize,
-- 
2.46.2

[PATCH v5 13/16] crypto/hash-nettle: Remove old hash API functions

[Cédric Le Goater]

From: Alejandro Zeise <alejandro.zeise@seagate.com>

Removes old hash implementation in the nettle hash driver.

Signed-off-by: Alejandro Zeise <alejandro.zeise@seagate.com>
Reviewed-by: Daniel P. Berrangé <berrange@redhat.com>
[ clg: - Fixed spelling in commit log ]
Signed-off-by: Cédric Le Goater <clg@redhat.com>
---
 crypto/hash-nettle.c | 53 --------------------------------------------
 1 file changed, 53 deletions(-)

diff --git a/crypto/hash-nettle.c b/crypto/hash-nettle.c
index 07e18ce26cba..570ce8a6456b 100644
--- a/crypto/hash-nettle.c
+++ b/crypto/hash-nettle.c
@@ -104,58 +104,6 @@ gboolean qcrypto_hash_supports(QCryptoHashAlgo alg)
     return false;
 }
 
-
-static int
-qcrypto_nettle_hash_bytesv(QCryptoHashAlgo alg,
-                           const struct iovec *iov,
-                           size_t niov,
-                           uint8_t **result,
-                           size_t *resultlen,
-                           Error **errp)
-{
-    size_t i;
-    union qcrypto_hash_ctx ctx;
-
-    if (!qcrypto_hash_supports(alg)) {
-        error_setg(errp,
-                   "Unknown hash algorithm %d",
-                   alg);
-        return -1;
-    }
-
-    qcrypto_hash_alg_map[alg].init(&ctx);
-
-    for (i = 0; i < niov; i++) {
-        /* Some versions of nettle have functions
-         * declared with 'int' instead of 'size_t'
-         * so to be safe avoid writing more than
-         * UINT_MAX bytes at a time
-         */
-        size_t len = iov[i].iov_len;
-        uint8_t *base = iov[i].iov_base;
-        while (len) {
-            size_t shortlen = MIN(len, UINT_MAX);
-            qcrypto_hash_alg_map[alg].write(&ctx, len, base);
-            len -= shortlen;
-            base += len;
-        }
-    }
-
-    if (*resultlen == 0) {
-        *resultlen = qcrypto_hash_alg_map[alg].len;
-        *result = g_new0(uint8_t, *resultlen);
-    } else if (*resultlen != qcrypto_hash_alg_map[alg].len) {
-        error_setg(errp,
-                   "Result buffer size %zu is smaller than hash %zu",
-                   *resultlen, qcrypto_hash_alg_map[alg].len);
-        return -1;
-    }
-
-    qcrypto_hash_alg_map[alg].result(&ctx, *resultlen, *result);
-
-    return 0;
-}
-
 static
 QCryptoHash *qcrypto_nettle_hash_new(QCryptoHashAlgo alg, Error **errp)
 {
@@ -223,7 +171,6 @@ int qcrypto_nettle_hash_finalize(QCryptoHash *hash,
 }
 
 QCryptoHashDriver qcrypto_hash_lib_driver = {
-    .hash_bytesv = qcrypto_nettle_hash_bytesv,
     .hash_new      = qcrypto_nettle_hash_new,
     .hash_update   = qcrypto_nettle_hash_update,
     .hash_finalize = qcrypto_nettle_hash_finalize,
-- 
2.46.2

[PATCH v5 14/16] crypto/hash-afalg: Remove old hash API functions

[Cédric Le Goater]

From: Alejandro Zeise <alejandro.zeise@seagate.com>

Removes the old hash API functions in the afalg driver,
and modifies the hmac function to use the new helper functions.

Signed-off-by: Alejandro Zeise <alejandro.zeise@seagate.com>
Reviewed-by: Daniel P. Berrangé <berrange@redhat.com>
[ clg: - Checkpatch fixes ]
Signed-off-by: Cédric Le Goater <clg@redhat.com>
---
 crypto/hash-afalg.c | 60 +++------------------------------------------
 1 file changed, 4 insertions(+), 56 deletions(-)

diff --git a/crypto/hash-afalg.c b/crypto/hash-afalg.c
index 5fbbee288e9b..06e1e4699c27 100644
--- a/crypto/hash-afalg.c
+++ b/crypto/hash-afalg.c
@@ -244,68 +244,17 @@ qcrypto_afalg_hash_hmac_bytesv(QCryptoAFAlgo *hmac,
                                size_t *resultlen,
                                Error **errp)
 {
-    QCryptoAFAlgo *afalg;
-    struct iovec outv;
     int ret = 0;
-    bool is_hmac = (hmac != NULL) ? true : false;
-    const int expect_len = qcrypto_hash_digest_len(alg);
-
-    if (*resultlen == 0) {
-        *resultlen = expect_len;
-        *result = g_new0(uint8_t, *resultlen);
-    } else if (*resultlen != expect_len) {
-        error_setg(errp,
-                   "Result buffer size %zu is not match hash %d",
-                   *resultlen, expect_len);
-        return -1;
-    }
-
-    if (is_hmac) {
-        afalg = hmac;
-    } else {
-        afalg = qcrypto_afalg_hash_ctx_new(alg, errp);
-        if (!afalg) {
-            return -1;
-        }
-    }
-
-    /* send data to kernel's crypto core */
-    ret = iov_send_recv(afalg->opfd, iov, niov,
-                        0, iov_size(iov, niov), true);
-    if (ret < 0) {
-        error_setg_errno(errp, errno, "Send data to afalg-core failed");
-        goto out;
-    }
 
-    /* hash && get result */
-    outv.iov_base = *result;
-    outv.iov_len = *resultlen;
-    ret = iov_send_recv(afalg->opfd, &outv, 1,
-                        0, iov_size(&outv, 1), false);
-    if (ret < 0) {
-        error_setg_errno(errp, errno, "Recv result from afalg-core failed");
-    } else {
-        ret = 0;
+    ret = qcrypto_afalg_send_to_kernel(hmac, iov, niov, false, errp);
+    if (ret == 0) {
+        ret = qcrypto_afalg_recv_from_kernel(hmac, alg, result,
+                                             resultlen, errp);
     }
 
-out:
-    if (!is_hmac) {
-        qcrypto_afalg_comm_free(afalg);
-    }
     return ret;
 }
 
-static int
-qcrypto_afalg_hash_bytesv(QCryptoHashAlgo alg,
-                          const struct iovec *iov,
-                          size_t niov, uint8_t **result,
-                          size_t *resultlen,
-                          Error **errp)
-{
-    return qcrypto_afalg_hash_hmac_bytesv(NULL, alg, iov, niov, result,
-                                          resultlen, errp);
-}
-
 static int
 qcrypto_afalg_hmac_bytesv(QCryptoHmac *hmac,
                           const struct iovec *iov,
@@ -327,7 +276,6 @@ static void qcrypto_afalg_hmac_ctx_free(QCryptoHmac *hmac)
 }
 
 QCryptoHashDriver qcrypto_hash_afalg_driver = {
-    .hash_bytesv = qcrypto_afalg_hash_bytesv,
     .hash_new      = qcrypto_afalg_hash_new,
     .hash_free     = qcrypto_afalg_hash_free,
     .hash_update   = qcrypto_afalg_hash_update,
-- 
2.46.2

[PATCH v5 15/16] crypto/hashpriv: Remove old hash API function

[Cédric Le Goater]

From: Alejandro Zeise <alejandro.zeise@seagate.com>

Remove old hash_bytesv function, as it was replaced by the 4
new functions.

Signed-off-by: Alejandro Zeise <alejandro.zeise@seagate.com>
Reviewed-by: Daniel P. Berrangé <berrange@redhat.com>
---
 crypto/hashpriv.h | 6 ------
 1 file changed, 6 deletions(-)

diff --git a/crypto/hashpriv.h b/crypto/hashpriv.h
index dcb3ba6cfba0..83b9256886e5 100644
--- a/crypto/hashpriv.h
+++ b/crypto/hashpriv.h
@@ -21,12 +21,6 @@
 typedef struct QCryptoHashDriver QCryptoHashDriver;
 
 struct QCryptoHashDriver {
-    int (*hash_bytesv)(QCryptoHashAlgo alg,
-                       const struct iovec *iov,
-                       size_t niov,
-                       uint8_t **result,
-                       size_t *resultlen,
-                       Error **errp);
     QCryptoHash *(*hash_new)(QCryptoHashAlgo alg, Error **errp);
     int (*hash_update)(QCryptoHash *hash,
                        const struct iovec *iov,
-- 
2.46.2

[PATCH v5 16/16] hw/misc/aspeed_hace: Fix SG Accumulative hashing

[Cédric Le Goater]

From: Alejandro Zeise <alejandro.zeise@seagate.com>

Make the Aspeed HACE module use the new qcrypto accumulative hashing functions
when in scatter-gather accumulative mode. A hash context will maintain a
"running-hash" as each scatter-gather chunk is received.

Previously each scatter-gather "chunk" was cached
so the hash could be computed once the final chunk was received.
However, the cache was a shallow copy, so once the guest overwrote the
memory provided to HACE the final hash would not be correct.

Possibly related to: https://gitlab.com/qemu-project/qemu/-/issues/1121
Buglink: https://github.com/openbmc/qemu/issues/36

Signed-off-by: Alejandro Zeise <alejandro.zeise@seagate.com>
[ clg: - Checkpatch fixes ]
Signed-off-by: Cédric Le Goater <clg@redhat.com>
---
 include/hw/misc/aspeed_hace.h |  4 ++
 hw/misc/aspeed_hace.c         | 96 +++++++++++++++++++----------------
 2 files changed, 56 insertions(+), 44 deletions(-)

diff --git a/include/hw/misc/aspeed_hace.h b/include/hw/misc/aspeed_hace.h
index ecb1b67de816..4af99191955a 100644
--- a/include/hw/misc/aspeed_hace.h
+++ b/include/hw/misc/aspeed_hace.h
@@ -1,6 +1,7 @@
 /*
  * ASPEED Hash and Crypto Engine
  *
+ * Copyright (c) 2024 Seagate Technology LLC and/or its Affiliates
  * Copyright (C) 2021 IBM Corp.
  *
  * SPDX-License-Identifier: GPL-2.0-or-later
@@ -10,6 +11,7 @@
 #define ASPEED_HACE_H
 
 #include "hw/sysbus.h"
+#include "crypto/hash.h"
 
 #define TYPE_ASPEED_HACE "aspeed.hace"
 #define TYPE_ASPEED_AST2400_HACE TYPE_ASPEED_HACE "-ast2400"
@@ -35,6 +37,8 @@ struct AspeedHACEState {
 
     MemoryRegion *dram_mr;
     AddressSpace dram_as;
+
+    QCryptoHash *hash_ctx;
 };
 
 
diff --git a/hw/misc/aspeed_hace.c b/hw/misc/aspeed_hace.c
index b6f43f65b29a..8c88a1dc1ca0 100644
--- a/hw/misc/aspeed_hace.c
+++ b/hw/misc/aspeed_hace.c
@@ -1,6 +1,7 @@
 /*
  * ASPEED Hash and Crypto Engine
  *
+ * Copyright (c) 2024 Seagate Technology LLC and/or its Affiliates
  * Copyright (C) 2021 IBM Corp.
  *
  * Joel Stanley <joel@jms.id.au>
@@ -151,50 +152,28 @@ static int reconstruct_iov(AspeedHACEState *s, struct iovec *iov, int id,
     return iov_count;
 }
 
-/**
- * Generate iov for accumulative mode.
- *
- * @param s             aspeed hace state object
- * @param iov           iov of the current request
- * @param id            index of the current iov
- * @param req_len       length of the current request
- *
- * @return count of iov
- */
-static int gen_acc_mode_iov(AspeedHACEState *s, struct iovec *iov, int id,
-                            hwaddr *req_len)
-{
-    uint32_t pad_offset;
-    uint32_t total_msg_len;
-    s->total_req_len += *req_len;
-
-    if (has_padding(s, &iov[id], *req_len, &total_msg_len, &pad_offset)) {
-        if (s->iov_count) {
-            return reconstruct_iov(s, iov, id, &pad_offset);
-        }
-
-        *req_len -= s->total_req_len - total_msg_len;
-        s->total_req_len = 0;
-        iov[id].iov_len = *req_len;
-    } else {
-        s->iov_cache[s->iov_count].iov_base = iov->iov_base;
-        s->iov_cache[s->iov_count].iov_len = *req_len;
-        ++s->iov_count;
-    }
-
-    return id + 1;
-}
-
 static void do_hash_operation(AspeedHACEState *s, int algo, bool sg_mode,
                               bool acc_mode)
 {
     struct iovec iov[ASPEED_HACE_MAX_SG];
+    uint32_t total_msg_len;
+    uint32_t pad_offset;
     g_autofree uint8_t *digest_buf = NULL;
     size_t digest_len = 0;
-    int niov = 0;
+    bool sg_acc_mode_final_request = false;
     int i;
     void *haddr;
 
+    if (acc_mode && s->hash_ctx == NULL) {
+        s->hash_ctx = qcrypto_hash_new(algo, NULL);
+        if (s->hash_ctx == NULL) {
+            qemu_log_mask(LOG_GUEST_ERROR,
+                          "%s: qcrypto failed to create hash context\n",
+                          __func__);
+            return;
+        }
+    }
+
     if (sg_mode) {
         uint32_t len = 0;
 
@@ -226,8 +205,16 @@ static void do_hash_operation(AspeedHACEState *s, int algo, bool sg_mode,
             }
             iov[i].iov_base = haddr;
             if (acc_mode) {
-                niov = gen_acc_mode_iov(s, iov, i, &plen);
-
+                s->total_req_len += plen;
+
+                if (has_padding(s, &iov[i], plen, &total_msg_len,
+                                &pad_offset)) {
+                    /* Padding being present indicates the final request */
+                    sg_acc_mode_final_request = true;
+                    iov[i].iov_len = pad_offset;
+                } else {
+                    iov[i].iov_len = plen;
+                }
             } else {
                 iov[i].iov_len = plen;
             }
@@ -252,20 +239,36 @@ static void do_hash_operation(AspeedHACEState *s, int algo, bool sg_mode,
              * required to check whether cache is empty. If no, we should
              * combine cached iov and the current iov.
              */
-            uint32_t total_msg_len;
-            uint32_t pad_offset;
             s->total_req_len += len;
             if (has_padding(s, iov, len, &total_msg_len, &pad_offset)) {
-                niov = reconstruct_iov(s, iov, 0, &pad_offset);
+                i = reconstruct_iov(s, iov, 0, &pad_offset);
             }
         }
     }
 
-    if (niov) {
-        i = niov;
-    }
+    if (acc_mode) {
+        if (qcrypto_hash_updatev(s->hash_ctx, iov, i, NULL) < 0) {
+            qemu_log_mask(LOG_GUEST_ERROR,
+                          "%s: qcrypto hash update failed\n", __func__);
+            return;
+        }
+
+        if (sg_acc_mode_final_request) {
+            if (qcrypto_hash_finalize_bytes(s->hash_ctx, &digest_buf,
+                                            &digest_len, NULL)) {
+                qemu_log_mask(LOG_GUEST_ERROR,
+                              "%s: qcrypto failed to finalize hash\n",
+                              __func__);
+            }
 
-    if (qcrypto_hash_bytesv(algo, iov, i, &digest_buf, &digest_len, NULL) < 0) {
+            qcrypto_hash_free(s->hash_ctx);
+
+            s->hash_ctx = NULL;
+            s->iov_count = 0;
+            s->total_req_len = 0;
+        }
+    } else if (qcrypto_hash_bytesv(algo, iov, i, &digest_buf,
+                                   &digest_len, NULL) < 0) {
         qemu_log_mask(LOG_GUEST_ERROR, "%s: qcrypto failed\n", __func__);
         return;
     }
@@ -397,6 +400,11 @@ static void aspeed_hace_reset(DeviceState *dev)
 {
     struct AspeedHACEState *s = ASPEED_HACE(dev);
 
+    if (s->hash_ctx != NULL) {
+        qcrypto_hash_free(s->hash_ctx);
+        s->hash_ctx = NULL;
+    }
+
     memset(s->regs, 0, sizeof(s->regs));
     s->iov_count = 0;
     s->total_req_len = 0;
-- 
2.46.2

Re: [PATCH v5 16/16] hw/misc/aspeed_hace: Fix SG Accumulative hashing

[Daniel P. Berrangé]

On Tue, Oct 08, 2024 at 09:57:23AM +0200, Cédric Le Goater wrote:
> From: Alejandro Zeise <alejandro.zeise@seagate.com>
> 
> Make the Aspeed HACE module use the new qcrypto accumulative hashing functions
> when in scatter-gather accumulative mode. A hash context will maintain a
> "running-hash" as each scatter-gather chunk is received.
> 
> Previously each scatter-gather "chunk" was cached
> so the hash could be computed once the final chunk was received.
> However, the cache was a shallow copy, so once the guest overwrote the
> memory provided to HACE the final hash would not be correct.
> 
> Possibly related to: https://gitlab.com/qemu-project/qemu/-/issues/1121
> Buglink: https://github.com/openbmc/qemu/issues/36
> 
> Signed-off-by: Alejandro Zeise <alejandro.zeise@seagate.com>
> [ clg: - Checkpatch fixes ]
> Signed-off-by: Cédric Le Goater <clg@redhat.com>
> ---
>  include/hw/misc/aspeed_hace.h |  4 ++
>  hw/misc/aspeed_hace.c         | 96 +++++++++++++++++++----------------
>  2 files changed, 56 insertions(+), 44 deletions(-)
> 

>  static void do_hash_operation(AspeedHACEState *s, int algo, bool sg_mode,
>                                bool acc_mode)
>  {
>      struct iovec iov[ASPEED_HACE_MAX_SG];
> +    uint32_t total_msg_len;
> +    uint32_t pad_offset;
>      g_autofree uint8_t *digest_buf = NULL;
>      size_t digest_len = 0;
> -    int niov = 0;
> +    bool sg_acc_mode_final_request = false;
>      int i;
>      void *haddr;
>  
> +    if (acc_mode && s->hash_ctx == NULL) {

  Error local_err = NULL;

> +        s->hash_ctx = qcrypto_hash_new(algo, NULL);

  &local_err;

> +        if (s->hash_ctx == NULL) {
> +            qemu_log_mask(LOG_GUEST_ERROR,
> +                          "%s: qcrypto failed to create hash context\n",
> +                          __func__);

Add error_get_pretty() output to the message so we get useful
information reported, and then error_free,.

> +            return;
> +        }
> +    }
> +
>      if (sg_mode) {
>          uint32_t len = 0;
>  


> -    if (niov) {
> -        i = niov;
> -    }
> +    if (acc_mode) {
> +        if (qcrypto_hash_updatev(s->hash_ctx, iov, i, NULL) < 0) {
> +            qemu_log_mask(LOG_GUEST_ERROR,
> +                          "%s: qcrypto hash update failed\n", __func__);
> +            return;
> +        }
> +
> +        if (sg_acc_mode_final_request) {
> +            if (qcrypto_hash_finalize_bytes(s->hash_ctx, &digest_buf,
> +                                            &digest_len, NULL)) {
> +                qemu_log_mask(LOG_GUEST_ERROR,
> +                              "%s: qcrypto failed to finalize hash\n",
> +                              __func__);
> +            }
>  
> -    if (qcrypto_hash_bytesv(algo, iov, i, &digest_buf, &digest_len, NULL) < 0) {
> +            qcrypto_hash_free(s->hash_ctx);
> +
> +            s->hash_ctx = NULL;
> +            s->iov_count = 0;
> +            s->total_req_len = 0;
> +        }
> +    } else if (qcrypto_hash_bytesv(algo, iov, i, &digest_buf,
> +                                   &digest_len, NULL) < 0) {
>          qemu_log_mask(LOG_GUEST_ERROR, "%s: qcrypto failed\n", __func__);
>          return;
>      }

Same comment about passing an Error object to all these methods
and logging the useful error message.



With regards,
Daniel
-- 
|: https://berrange.com      -o-    https://www.flickr.com/photos/dberrange :|
|: https://libvirt.org         -o-            https://fstop138.berrange.com :|
|: https://entangle-photo.org    -o-    https://www.instagram.com/dberrange :|

Re: [PATCH v5 00/16] hw/misc/aspeed_hace: Fix SG Accumulative Hash Calculations

[Cédric Le Goater]

On 10/8/24 09:57, Cédric Le Goater wrote:
> Hello,
> 
> This is a resping of Alejandro's series fixing SG Accumulative Hash
> Calculations. See [1] for more details.

arf.

[1] https://lore.kernel.org/all/20240807195122.2827364-1-alejandro.zeise@seagate.com/

C.

> 
> The goal of this patch series is to fix accumulative hashing support
> in the Aspeed HACE module. The issue that stemmed this patch was a
> failure to boot an OpenBMC image using the "ast2600-evb" machine. The
> U-boot 2019.04 loader failed to verify image hashes.
> 
> These incorrect image hashes given by the HACE to the U-boot guest are
> due to an oversight in the HACE module. Previously when operating in
> scatter-gather accumulative mode, the HACE would cache the address
> provided by the guest which contained the source data. However, there
> was no deep copy, so when HACE generated the digest upon the reception
> of the final accumulative chunk the digest was incorrect, as the
> addresses provided had their regions overwritten by that time.
> 
> This fix consists of two main steps:
> * Add an accumulative hashing function to the qcrypto library
> * Modify the HACE module to use the accumulative hashing functions
> 
> All the crypto library backends (nettle, gnutls, etc.) support
> accumulative hashing, so it was trivial to create wrappers for those
> functions.
> 
> Changes in v5 (clg):
> 
>   - Changed documentation "non-zero on error" -> "-1 on error"
>   - Dropped qcrypto_hash_supports() in qcrypto_glib_hash_new()
>   - Removed superfluous cast (GChecksum *) in qcrypto_glib_hash_free()
>   - Reworked qcrypto_glib_hash_finalize()
>   - Dropped qcrypto_hash_supports() in qcrypto_gcrypt_hash_new()
>   - Reworked qcrypto_gcrypt_hash_finalize()
>   - Handled gcry_md_open() errors in qcrypto_gcrypt_hash_new()
>   - Dropped qcrypto_hash_supports() in qcrypto_gnutls_hash_new()
>   - Reworked qcrypto_gnutls_hash_finalize()
>   - Handled gnutls_hash_init() errors in qcrypto_gnutls_hash_new()
>   - Replaced gnutls_hash_deinit() by gnutls_hash_output() in
>     qcrypto_gnutls_hash_finalize()
>   - Freed resources with gnutls_hash_deinit() in qcrypto_gnutls_hash_free()
>   - Dropped qcrypto_hash_supports() in qcrypto_nettle_hash_new()
>   - Split iov changes from original patch
>   - Handled qcrypto_afalg_hash_ctx_new() errors in qcrypto_afalg_hash_new()
>   - Freed alg_name in qcrypto_afalg_hash_new()
>   - Reworked qcrypto_afalg_recv_from_kernel()
>   - Split iov changes from original patch
>   - Reworked qcrypto_hash_bytesv() error handling
>   - Used hash->driver int qcrypto_hash_new(), qcrypto_hash_free() qcrypto_hash_updatev()
>   - Introduced qcrypto_hash_supports() check in  qcrypto_hash_new()
>   - Introduced g_autofree variables in qcrypto_hash_finalize_digest()
>     and qcrypto_hash_finalize_base64()
>   - Re-arrranged code in qcrypto_hash_digestv() and qcrypto_hash_digest()
>   - Improved test_hash_accumulate() with g_autofree variables
>   - Fixed spelling in commit log
>   - Checkpatch fixes
> 
> Changes in V4:
> * Restructured patches so unit tests pass for each independently.
> * Freeing hash context is now a void function.
> * Added autoptr cleanup function definition for qcrypto_hash_free.
> * Separated qcrypto_hash_update into qcrypto_hash_update and
>    qcrypto_hash_updatev.
> * Changed public hash functions to use afalg implementation correctly if support
>    is enabled.
> * Fixed accumulative hashing in afalg driver (pass MSG_MORE socket flag).
> 
> Changes in V3:
> * Reworked crypto hash API with comments from Daniel
>    * Creation/Deletion of contexts, updating, and finalizing
>    * Modified existing API functions to use the new 4 main core functions
>    * Added test for accumulative hashing
>    * Added afalg driver implementation
> * Fixed bug in HACE module where hash context fails to allocate,
>    causing the HACE internal state to be incorrect and segfault.
> 
> Changes in V2:
> * Fixed error checking bug in libgcrypt crypto backend of
>    accumulate_bytesv
> 
> Alejandro Zeise (16):
>    crypto: accumulative hashing API
>    crypto/hash-glib: Implement new hash API
>    crypto/hash-gcrypt: Implement new hash API
>    crypto/hash-gnutls: Implement new hash API
>    crypto/hash-nettle: Implement new hash API
>    util/iov: Introduce iov_send_recv_with_flags()
>    crypto/hash-afalg: Implement new hash API
>    crypto/hash: Implement and use new hash API
>    tests/unit/test-crypto-hash: accumulative hashing
>    crypto/hash-glib: Remove old hash API functions
>    crypto/hash-gcrypt: Remove old hash API functions
>    crypto/hash-gnutls: Remove old hash API functions
>    crypto/hash-nettle: Remove old hash API functions
>    crypto/hash-afalg: Remove old hash API functions
>    crypto/hashpriv: Remove old hash API function
>    hw/misc/aspeed_hace: Fix SG Accumulative hashing
> 
>   crypto/hashpriv.h             |  13 ++-
>   include/crypto/hash.h         | 119 ++++++++++++++++++++++++
>   include/hw/misc/aspeed_hace.h |   4 +
>   include/qemu/iov.h            |  27 ++++++
>   crypto/hash-afalg.c           | 167 ++++++++++++++++++++++++----------
>   crypto/hash-gcrypt.c          | 112 +++++++++++++----------
>   crypto/hash-glib.c            |  92 +++++++++++--------
>   crypto/hash-gnutls.c          |  97 +++++++++++++-------
>   crypto/hash-nettle.c          |  81 ++++++++++-------
>   crypto/hash.c                 | 161 ++++++++++++++++++++++++++------
>   hw/misc/aspeed_hace.c         |  96 ++++++++++---------
>   tests/unit/test-crypto-hash.c |  46 ++++++++++
>   util/iov.c                    |  25 +++--
>   13 files changed, 756 insertions(+), 284 deletions(-)
> 

Re: [PATCH v5 00/16] hw/misc/aspeed_hace: Fix SG Accumulative Hash Calculations

[Daniel P. Berrangé]

On Tue, Oct 08, 2024 at 09:57:07AM +0200, Cédric Le Goater wrote:
> Hello,
> 
> This is a resping of Alejandro's series fixing SG Accumulative Hash
> Calculations. See [1] for more details. 
> 
> The goal of this patch series is to fix accumulative hashing support
> in the Aspeed HACE module. The issue that stemmed this patch was a
> failure to boot an OpenBMC image using the "ast2600-evb" machine. The
> U-boot 2019.04 loader failed to verify image hashes.
> 
> These incorrect image hashes given by the HACE to the U-boot guest are
> due to an oversight in the HACE module. Previously when operating in
> scatter-gather accumulative mode, the HACE would cache the address
> provided by the guest which contained the source data. However, there
> was no deep copy, so when HACE generated the digest upon the reception
> of the final accumulative chunk the digest was incorrect, as the
> addresses provided had their regions overwritten by that time.
> 
> This fix consists of two main steps:
> * Add an accumulative hashing function to the qcrypto library
> * Modify the HACE module to use the accumulative hashing functions
> 
> All the crypto library backends (nettle, gnutls, etc.) support
> accumulative hashing, so it was trivial to create wrappers for those
> functions.

I'll queue all except patch 16, and send a PULL request
for it, and let you handle the last patch.


With regards,
Daniel
-- 
|: https://berrange.com      -o-    https://www.flickr.com/photos/dberrange :|
|: https://libvirt.org         -o-            https://fstop138.berrange.com :|
|: https://entangle-photo.org    -o-    https://www.instagram.com/dberrange :|

Re: [PATCH v5 00/16] hw/misc/aspeed_hace: Fix SG Accumulative Hash Calculations

[Cédric Le Goater]

On 10/10/24 13:28, Daniel P. Berrangé wrote:
> On Tue, Oct 08, 2024 at 09:57:07AM +0200, Cédric Le Goater wrote:
>> Hello,
>>
>> This is a resping of Alejandro's series fixing SG Accumulative Hash
>> Calculations. See [1] for more details.
>>
>> The goal of this patch series is to fix accumulative hashing support
>> in the Aspeed HACE module. The issue that stemmed this patch was a
>> failure to boot an OpenBMC image using the "ast2600-evb" machine. The
>> U-boot 2019.04 loader failed to verify image hashes.
>>
>> These incorrect image hashes given by the HACE to the U-boot guest are
>> due to an oversight in the HACE module. Previously when operating in
>> scatter-gather accumulative mode, the HACE would cache the address
>> provided by the guest which contained the source data. However, there
>> was no deep copy, so when HACE generated the digest upon the reception
>> of the final accumulative chunk the digest was incorrect, as the
>> addresses provided had their regions overwritten by that time.
>>
>> This fix consists of two main steps:
>> * Add an accumulative hashing function to the qcrypto library
>> * Modify the HACE module to use the accumulative hashing functions
>>
>> All the crypto library backends (nettle, gnutls, etc.) support
>> accumulative hashing, so it was trivial to create wrappers for those
>> functions.
> 
> I'll queue all except patch 16, and send a PULL request
> for it, and let you handle the last patch.

yes. Thanks for the comments,

C.