From: "Daniel P. Berrangé" <berrange@redhat.com>
To: Markus Armbruster <armbru@redhat.com>
Cc: Zhuoying Cai <zycai@linux.ibm.com>,
thuth@redhat.com, richard.henderson@linaro.org, david@redhat.com,
pbonzini@redhat.com, walling@linux.ibm.com,
jjherne@linux.ibm.com, jrossi@linux.ibm.com, pasic@linux.ibm.com,
borntraeger@linux.ibm.com, farman@linux.ibm.com,
iii@linux.ibm.com, eblake@redhat.com, qemu-s390x@nongnu.org,
qemu-devel@nongnu.org
Subject: Re: [PATCH v3 02/28] crypto/x509-utils: Add helper functions for certificate store
Date: Mon, 23 Jun 2025 09:00:51 +0100 [thread overview]
Message-ID: <aFkJszNVDFYwHDSU@redhat.com> (raw)
In-Reply-To: <87ikkndlvv.fsf@pond.sub.org>
On Mon, Jun 23, 2025 at 08:15:16AM +0200, Markus Armbruster wrote:
> Zhuoying Cai <zycai@linux.ibm.com> writes:
>
> > On 6/18/25 1:57 AM, Markus Armbruster wrote:
> >> Zhuoying Cai <zycai@linux.ibm.com> writes:
> >>
> >>> On 6/17/25 6:58 AM, Markus Armbruster wrote:
> >>>> Zhuoying Cai <zycai@linux.ibm.com> writes:
> >>>>
> >>>>> Add helper functions for x509 certificate which will be used in the next
> >>>>> patch for the certificate store.
> >>>>>
> >>>>> Signed-off-by: Zhuoying Cai <zycai@linux.ibm.com>
> >>
> >> [...]
> >>
> >>>> Ignorant question: why are these QAPI enums?
> >>>>
> >>>> If they need to be QAPI enums, then I'll have some requests on the doc
> >>>> comments.
> >>>>
> >>>
> >>> Hi, thanks for the feedback.
> >>>
> >>> The helper functions in x509-utils.c either take QAPI enum values as
> >>> parameters or return them. These enums are used later within QEMU.
> >>
> >> Let's look at the first one I found:
> >>
> >> int qcrypto_check_x509_cert_fmt(uint8_t *cert, size_t size,
> >> QCryptoCertFmt fmt, Error **errp)
> >> {
> >> int rc;
> >> int ret = -1;
> >> gnutls_x509_crt_t crt;
> >> gnutls_datum_t datum = {.data = cert, .size = size};
> >>
> >> if (fmt >= G_N_ELEMENTS(qcrypto_to_gnutls_cert_fmt_map)) {
> >> error_setg(errp, "Unknown certificate format");
> >> return ret;
> >> }
> >>
> >> if (gnutls_x509_crt_init(&crt) < 0) {
> >> error_setg(errp, "Failed to initialize certificate");
> >> return ret;
> >> }
> >>
> >> rc = gnutls_x509_crt_import(crt, &datum, qcrypto_to_gnutls_cert_fmt_map[fmt]);
> >> if (rc == GNUTLS_E_ASN1_TAG_ERROR) {
> >> goto cleanup;
> >> }
> >>
> >> ret = 0;
> >>
> >> cleanup:
> >> gnutls_x509_crt_deinit(crt);
> >> return ret;
> >> }
> >>
> >> All it does with its @fmt argument is map it to the matching
> >> GNUTLS_X509_FMT_*.
> >>
> >> There's just one caller, init_cert_x509_der() in hw/s390x/cert-store.c:
> >>
> >> is_der = qcrypto_check_x509_cert_fmt((uint8_t *)raw, size,
> >> QCRYPTO_CERT_FMT_DER, &err);
> >>
> >> QCRYPTO_CERT_FMT_DER gets mapped to GNUTLS_X509_FMT_DER. Why not pass
> >> that directly? We don't need enum QCryptoCertFmt then.
> >>
> >
> > I received feedback on a previous patch series that directly using
> > GNUTLS in QEMU code is discouraged, except for under the crypto/
> > directory. Internal APIs should be defined to access GNUTLS
> > functionality instead.
> >
> >> If we need enum QCryptoCertFmt for some reason I can't see, why does it
> >> have to be a QAPI type? Why not a plain C enum?
> >
> > While implementing the new helper functions, I referred to
> > qcrypto_get_x509_cert_fingerprint() in crypto/x509-utils.c, which takes
> > QCryptoHashAlgo as a parameter. Following this, I added corresponding
> > QCRYPTO enums to map to GNUTLS enums.
> >
> > If using plain C enums is preferred, I can update the code accordingly
> > in the next version.
>
> Use plain C enums when practical.
>
> Reasons for making a type a QAPI type include:
>
> * Some QAPI command or event needs it.
>
> * Something (typically QOM property accessors) needs the generated
> visitor.
>
> * For enums: something could use the generated QEnumLookup / ENUM_str()
> macro.
Any time a method only accepts a subset of enum values, and needs to report
an error message, it should always use ENUM_str in the error message, rather
than the raw int value, to make the error message human friendly and invariant
to enum ordering. IOW, ENUM_str should be relatively frequently used/needed.
With regards,
Daniel
--
|: https://berrange.com -o- https://www.flickr.com/photos/dberrange :|
|: https://libvirt.org -o- https://fstop138.berrange.com :|
|: https://entangle-photo.org -o- https://www.instagram.com/dberrange :|
next prev parent reply other threads:[~2025-06-23 8:02 UTC|newest]
Thread overview: 51+ messages / expand[flat|nested] mbox.gz Atom feed top
2025-06-04 21:56 [PATCH v3 00/28] Secure IPL Support for SCSI Scheme of virtio-blk/virtio-scsi Devices Zhuoying Cai
2025-06-04 21:56 ` [PATCH v3 01/28] Add boot-certificates to s390-ccw-virtio machine type option Zhuoying Cai
2025-06-06 14:00 ` Daniel P. Berrangé
2025-06-20 15:45 ` Zhuoying Cai
2025-06-24 15:03 ` Jared Rossi
2025-06-30 19:31 ` Zhuoying Cai
2025-06-04 21:56 ` [PATCH v3 02/28] crypto/x509-utils: Add helper functions for certificate store Zhuoying Cai
2025-06-06 10:03 ` Daniel P. Berrangé
2025-06-06 10:14 ` Daniel P. Berrangé
2025-06-17 10:58 ` Markus Armbruster
2025-06-17 14:57 ` Zhuoying Cai
2025-06-18 5:57 ` Markus Armbruster
2025-06-18 15:34 ` Zhuoying Cai
2025-06-23 6:15 ` Markus Armbruster
2025-06-23 8:00 ` Daniel P. Berrangé [this message]
2025-06-23 9:22 ` Markus Armbruster
2025-06-04 21:56 ` [PATCH v3 03/28] hw/s390x/ipl: Create " Zhuoying Cai
2025-06-06 10:31 ` Daniel P. Berrangé
2025-06-30 19:56 ` Zhuoying Cai
2025-06-04 21:56 ` [PATCH v3 04/28] s390x: Guest support for Certificate Store Facility (CS) Zhuoying Cai
2025-06-04 21:56 ` [PATCH v3 05/28] s390x/diag: Introduce DIAG 320 for certificate store facility Zhuoying Cai
2025-06-04 21:56 ` [PATCH v3 06/28] s390x/diag: Refactor address validation check from diag308_parm_check Zhuoying Cai
2025-06-04 21:56 ` [PATCH v3 07/28] s390x/diag: Implement DIAG 320 subcode 1 Zhuoying Cai
2025-06-04 21:56 ` [PATCH v3 08/28] crypto/x509-utils: Add helper functions for DIAG 320 subcode 2 Zhuoying Cai
2025-06-06 10:40 ` Daniel P. Berrangé
2025-06-06 10:43 ` Daniel P. Berrangé
2025-06-04 21:56 ` [PATCH v3 09/28] s390x/diag: Implement " Zhuoying Cai
2025-06-06 10:51 ` Daniel P. Berrangé
2025-06-04 21:56 ` [PATCH v3 10/28] s390x/diag: Introduce DIAG 508 for secure IPL operations Zhuoying Cai
2025-06-04 21:56 ` [PATCH v3 11/28] crypto: Add helper functions for DIAG 508 subcode 1 Zhuoying Cai
2025-06-06 10:56 ` Daniel P. Berrangé
2025-06-04 21:56 ` [PATCH v3 12/28] s390x/diag: Implement DIAG 508 subcode 1 for signature verification Zhuoying Cai
2025-06-06 10:58 ` Daniel P. Berrangé
2025-06-04 21:56 ` [PATCH v3 13/28] pc-bios/s390-ccw: Introduce IPL Information Report Block (IIRB) Zhuoying Cai
2025-06-04 21:56 ` [PATCH v3 14/28] pc-bios/s390-ccw: Define memory for IPLB and convert IPLB to pointers Zhuoying Cai
2025-06-04 21:56 ` [PATCH v3 15/28] hw/s390x/ipl: Add IPIB flags to IPL Parameter Block Zhuoying Cai
2025-06-04 21:56 ` [PATCH v3 16/28] hw/s390x/ipl: Set iplb->len to maximum length of " Zhuoying Cai
2025-06-04 21:56 ` [PATCH v3 17/28] s390x: Guest support for Secure-IPL Facility Zhuoying Cai
2025-06-04 21:56 ` [PATCH v3 18/28] pc-bios/s390-ccw: Refactor zipl_run() Zhuoying Cai
2025-06-04 21:56 ` [PATCH v3 19/28] pc-bios/s390-ccw: Refactor zipl_load_segment function Zhuoying Cai
2025-06-04 21:56 ` [PATCH v3 20/28] pc-bios/s390-ccw: Add signature verification for secure IPL in audit mode Zhuoying Cai
2025-06-04 21:56 ` [PATCH v3 21/28] s390x: Guest support for Secure-IPL Code Loading Attributes Facility (SCLAF) Zhuoying Cai
2025-06-04 21:56 ` [PATCH v3 22/28] pc-bios/s390-ccw: Add additional security checks for secure boot Zhuoying Cai
2025-06-04 21:56 ` [PATCH v3 23/28] Add secure-boot to s390-ccw-virtio machine type option Zhuoying Cai
2025-06-04 21:56 ` [PATCH v3 24/28] hw/s390x/ipl: Set IPIB flags for secure IPL Zhuoying Cai
2025-06-04 21:56 ` [PATCH v3 25/28] pc-bios/s390-ccw: Handle true secure IPL mode Zhuoying Cai
2025-06-04 21:56 ` [PATCH v3 26/28] pc-bios/s390-ccw: Handle secure boot with multiple boot devices Zhuoying Cai
2025-06-04 21:56 ` [PATCH v3 27/28] hw/s390x/ipl: Handle secure boot without specifying a boot device Zhuoying Cai
2025-06-04 21:56 ` [PATCH v3 28/28] docs: Add secure IPL documentation Zhuoying Cai
2025-06-06 11:04 ` Daniel P. Berrangé
2025-06-17 21:29 ` Collin Walling
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=aFkJszNVDFYwHDSU@redhat.com \
--to=berrange@redhat.com \
--cc=armbru@redhat.com \
--cc=borntraeger@linux.ibm.com \
--cc=david@redhat.com \
--cc=eblake@redhat.com \
--cc=farman@linux.ibm.com \
--cc=iii@linux.ibm.com \
--cc=jjherne@linux.ibm.com \
--cc=jrossi@linux.ibm.com \
--cc=pasic@linux.ibm.com \
--cc=pbonzini@redhat.com \
--cc=qemu-devel@nongnu.org \
--cc=qemu-s390x@nongnu.org \
--cc=richard.henderson@linaro.org \
--cc=thuth@redhat.com \
--cc=walling@linux.ibm.com \
--cc=zycai@linux.ibm.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).