mirrors/qemu
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity
e532cd0485
qemu/include/sysemu
History
zhenwei pi 0e660a6f90 crypto: Introduce RSA algorithm 
There are two parts in this patch:
1, support akcipher service by cryptodev-builtin driver
2, virtio-crypto driver supports akcipher service

In principle, we should separate this into two patches, to avoid
compiling error, merge them into one.

Then virtio-crypto gets request from guest side, and forwards the
request to builtin driver to handle it.

Test with a guest linux:
1, The self-test framework of crypto layer works fine in guest kernel
2, Test with Linux guest(with asym support), the following script
test(note that pkey_XXX is supported only in a newer version of keyutils):
  - both public key & private key
  - create/close session
  - encrypt/decrypt/sign/verify basic driver operation
  - also test with kernel crypto layer(pkey add/query)

All the cases work fine.

Run script in guest:
rm -rf *.der *.pem *.pfx
modprobe pkcs8_key_parser # if CONFIG_PKCS8_PRIVATE_KEY_PARSER=m
rm -rf /tmp/data
dd if=/dev/random of=/tmp/data count=1 bs=20

openssl req -nodes -x509 -newkey rsa:2048 -keyout key.pem -out cert.pem -subj "/C=CN/ST=BJ/L=HD/O=qemu/OU=dev/CN=qemu/emailAddress=qemu@qemu.org"
openssl pkcs8 -in key.pem -topk8 -nocrypt -outform DER -out key.der
openssl x509 -in cert.pem -inform PEM -outform DER -out cert.der

PRIV_KEY_ID=`cat key.der | keyctl padd asymmetric test_priv_key @s`
echo "priv key id = "$PRIV_KEY_ID
PUB_KEY_ID=`cat cert.der | keyctl padd asymmetric test_pub_key @s`
echo "pub key id = "$PUB_KEY_ID

keyctl pkey_query $PRIV_KEY_ID 0
keyctl pkey_query $PUB_KEY_ID 0

echo "Enc with priv key..."
keyctl pkey_encrypt $PRIV_KEY_ID 0 /tmp/data enc=pkcs1 >/tmp/enc.priv
echo "Dec with pub key..."
keyctl pkey_decrypt $PRIV_KEY_ID 0 /tmp/enc.priv enc=pkcs1 >/tmp/dec
cmp /tmp/data /tmp/dec

echo "Sign with priv key..."
keyctl pkey_sign $PRIV_KEY_ID 0 /tmp/data enc=pkcs1 hash=sha1 > /tmp/sig
echo "Verify with pub key..."
keyctl pkey_verify $PRIV_KEY_ID 0 /tmp/data /tmp/sig enc=pkcs1 hash=sha1

echo "Enc with pub key..."
keyctl pkey_encrypt $PUB_KEY_ID 0 /tmp/data enc=pkcs1 >/tmp/enc.pub
echo "Dec with priv key..."
keyctl pkey_decrypt $PRIV_KEY_ID 0 /tmp/enc.pub enc=pkcs1 >/tmp/dec
cmp /tmp/data /tmp/dec

echo "Verify with pub key..."
keyctl pkey_verify $PUB_KEY_ID 0 /tmp/data /tmp/sig enc=pkcs1 hash=sha1

Reviewed-by: Gonglei <arei.gonglei@huawei.com>
Signed-off-by: lei he <helei.sig11@bytedance.com
Signed-off-by: zhenwei pi <pizhenwei@bytedance.com>
Message-Id: <20220611064243.24535-2-pizhenwei@bytedance.com>
Reviewed-by: Michael S. Tsirkin <mst@redhat.com>
Signed-off-by: Michael S. Tsirkin <mst@redhat.com>
2022-06-16 12:54:58 -04:00
..
accel-ops.h whpx: Added support for breakpoints and stepping 2022-04-06 14:31:55 +02:00
arch_init.h hw/loongarch: Add support loongson3 virt machine type. 2022-06-06 18:09:03 +00:00
balloon.h qapi: Restrict balloon-related commands to machine code 2020-09-29 15:41:35 +02:00
block-backend-common.h block-backend-common.h: split function pointers in BlockDevOps 2022-03-04 18:18:26 +01:00
block-backend-global-state.h Clean up header guards that don't match their file name 2022-05-11 16:49:06 +02:00
block-backend-io.h IO_CODE and IO_OR_GS_CODE for block-backend I/O API 2022-03-04 18:18:25 +01:00
block-backend.h include/sysemu/block-backend: split header into I/O and global state (GS) API 2022-03-04 18:18:25 +01:00
blockdev.h include/sysemu/blockdev.h: global state API 2022-03-04 18:18:25 +01:00
cpu-throttle.h cpu-throttle: new module, extracted from cpus.c 2020-07-10 18:04:49 -04:00
cpu-timers.h replay: notify vCPU when BH is scheduled 2022-06-06 09:26:53 +02:00
cpus.h softmmu: List CPU types again 2022-03-16 08:43:10 +01:00
cryptodev-vhost-user.h cryptodev: Fix Lesser GPL version number 2020-10-27 16:48:49 +01:00
cryptodev-vhost.h cryptodev: Fix Lesser GPL version number 2020-10-27 16:48:49 +01:00
cryptodev.h crypto: Introduce RSA algorithm 2022-06-16 12:54:58 -04:00
device_tree.h device_tree: Add qemu_fdt_add_path 2021-10-20 18:17:54 -07:00
dma.h hw/dma: Let dma_buf_read() / dma_buf_write() propagate MemTxResult 2022-01-18 12:56:29 +01:00
dump-arch.h dump: allow target to set the physical base 2016-01-15 14:40:25 +00:00
dump.h dump: Add more offset variables 2022-04-22 13:36:04 +04:00
event-loop-base.h util/event-loop-base: Introduce options to set the thread pool size 2022-05-09 10:43:23 +01:00
hax.h accel/hax: Introduce CONFIG_HAX_IS_POSSIBLE 2022-03-06 13:15:42 +01:00
hostmem.h hostmem: Wire up RAM_NORESERVE via "reserve" property 2021-06-15 20:27:38 +02:00
hvf_int.h arm/hvf: Add a WFI handler 2021-09-21 16:28:26 +01:00
hvf.h include/sysemu: Poison all accelerator CONFIG switches in common code 2021-05-14 12:31:44 +02:00
hw_accel.h accel: Introduce AccelOpsClass::cpus_are_resettable() 2022-03-06 13:15:42 +01:00
iothread.h Introduce event-loop-base abstract class 2022-05-09 10:43:23 +01:00
kvm_int.h memory: Name all the memory listeners 2021-09-30 15:30:24 +02:00
kvm.h kvm/msi: do explicit commit when adding msi routes 2022-03-15 11:26:20 +01:00
memory_mapping.h sysemu/memory_mapping: Become target-agnostic 2022-03-06 13:15:42 +01:00
numa.h numa: drop support for '-numa node' (without memory specified) 2020-09-30 19:09:20 +02:00
nvmm.h Only check CONFIG_NVMM when NEED_CPU_H is defined 2021-09-13 13:56:26 +02:00
os-posix.h block: move fcntl_setfl() 2022-05-03 15:17:53 +04:00
os-win32.h sysemu/os-win32: Test for and use _lock_file/_unlock_file 2022-04-20 10:51:11 -07:00
qtest.h cpu-timers, icount: new modules 2020-10-05 16:41:22 +02:00
replay.h replay: rewrite async event handling 2022-06-06 09:26:53 +02:00
reset.h hw: move reset handlers from vl.c to hw/core 2017-01-16 17:52:35 +01:00
rng-random.h Use OBJECT_DECLARE_SIMPLE_TYPE when possible 2020-09-18 14:12:32 -04:00
rng.h qom: Remove module_obj_name parameter from OBJECT_DECLARE* macros 2020-09-18 14:12:32 -04:00
rtc.h rtc: Move RTC function prototypes to their own header 2022-01-28 14:29:46 +00:00
runstate-action.h vl: Add option to avoid stopping VM upon guest panic 2020-12-15 12:51:58 -05:00
runstate.h whpx: Added support for breakpoints and stepping 2022-04-06 14:31:55 +02:00
seccomp.h sandbox: disable -sandbox if CONFIG_SECCOMP undefined 2018-06-01 13:44:15 +02:00
sysemu.h ui: Switch "-display sdl" to use the QAPI parser 2022-06-03 08:03:28 +02:00
tcg.h accel/tcg: Merge tcg_exec_init into tcg_init_machine 2021-06-11 09:26:28 -07:00
tpm_backend.h sysemu: Make TPM structures inaccessible if CONFIG_TPM is not defined 2021-06-15 10:55:12 -04:00
tpm_util.h tpm: Fix Lesser GPL version number 2020-11-15 16:44:18 +01:00
tpm.h sysemu: tpm: Add a stub function for TPM_IS_CRB 2022-05-06 09:06:50 -06:00
vhost-user-backend.h qom: Remove module_obj_name parameter from OBJECT_DECLARE* macros 2020-09-18 14:12:32 -04:00
watchdog.h watchdog: remove select_watchdog_action 2021-11-02 15:57:27 +01:00
whpx.h include/sysemu: Poison all accelerator CONFIG switches in common code 2021-05-14 12:31:44 +02:00
xen-mapcache.h include: Make headers more self-contained 2019-08-16 13:31:51 +02:00
xen.h sysemu/xen: Add missing 'exec/cpu-common.h' header for ram_addr_t type 2020-09-30 19:11:36 +02:00