aboutsummaryrefslogtreecommitdiff
path: root/crypto
AgeCommit message (Collapse)AuthorFilesLines
2023-10-03Merge tag 'for-upstream' of https://gitlab.com/bonzini/qemu into stagingStefan Hajnoczi1-1/+2
* fix from optionrom build * fix for KVM on Apple M2 * introduce machine property "audiodev" * ui/vnc: Require audiodev= to enable audio * audio: remove QEMU_AUDIO_* and -audio-help support * audio: forbid using default audiodev backend with -audiodev and -nodefaults * remove compatibility code for old machine types * make-release: do not ship dtc sources * build system cleanups # -----BEGIN PGP SIGNATURE----- # # iQFIBAABCAAyFiEE8TM4V0tmI4mGbHaCv/vSX3jHroMFAmUb0QgUHHBib256aW5p # QHJlZGhhdC5jb20ACgkQv/vSX3jHroOpnAf9EFXfGkXpqQ5Q8ZbVlVc5GQKofMHW # OZwamTBlp/c07+QcQiMxwLhIW0iyDhrfdCjoFSUaTA8O10FM1YrFv4SkUryYb9B3 # bmoTl4NeLvmkxpC47GEeaaBfjyM0G/9Ip9Zsuqx3u+gSzwTbkEstA2u7gcsN0tL9 # VlhMSiV82uHhRC/DJYLxr+8bRYSIm1AeuI8K/O1yags85Kztf3UiQUhePIKLznMH # BdORjD+i46xM1dE8ifpdsunm462cDWz/faAnIH0YVKBlshnQHXKTO+GDA/Fbfl51 # wFfupZXo93wwgawS7elAUzI+gwaKCPRHA8NDcukeO91hTzk6i14y04u5SQ== # =nv64 # -----END PGP SIGNATURE----- # gpg: Signature made Tue 03 Oct 2023 04:30:00 EDT # gpg: using RSA key F13338574B662389866C7682BFFBD25F78C7AE83 # gpg: issuer "pbonzini@redhat.com" # gpg: Good signature from "Paolo Bonzini <bonzini@gnu.org>" [full] # gpg: aka "Paolo Bonzini <pbonzini@redhat.com>" [full] # Primary key fingerprint: 46F5 9FBD 57D6 12E7 BFD4 E2F7 7E15 100C CD36 69B1 # Subkey fingerprint: F133 3857 4B66 2389 866C 7682 BFFB D25F 78C7 AE83 * tag 'for-upstream' of https://gitlab.com/bonzini/qemu: (24 commits) audio: forbid default audiodev backend with -nodefaults audio: propagate Error * out of audio_init vt82c686 machines: Support machine-default audiodev with fallback hw/ppc: Support machine-default audiodev with fallback hw/arm: Support machine-default audiodev with fallback Introduce machine property "audiodev" audio: remove QEMU_AUDIO_* and -audio-help support audio: simplify flow in audio_init audio: commonize voice initialization audio: return Error ** from audio_state_by_name audio: allow returning an error from the driver init audio: Require AudioState in AUD_add_capture ui/vnc: Require audiodev= to enable audio crypto: only include tls-cipher-suites in emulators scsi-disk: ensure that FORMAT UNIT commands are terminated esp: restrict non-DMA transfer length to that of available data esp: use correct type for esp_dma_enable() in sysbus_esp_gpio_demux() Makefile: build plugins before running TCG tests meson: clean up static_library keyword arguments make-release: do not ship dtc sources ... Signed-off-by: Stefan Hajnoczi <stefanha@redhat.com>
2023-10-03crypto: only include tls-cipher-suites in emulatorsPaolo Bonzini1-1/+2
tls-cipher-suites is an object that is used to inject TLS configuration into the guest (via fw_cfg). It is never used for host-side TLS operation, and therefore it need not be available in the tools. Reviewed-by: Daniel P. Berrangé <berrange@redhat.com> Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
2023-09-29crypto: remove shadowed 'ret' variableDaniel P. Berrangé1-1/+0
Both instances of 'ret' are used to store a gnutls API return code. Signed-off-by: Daniel P. Berrangé <berrange@redhat.com> Message-ID: <20230922160644.438631-2-berrange@redhat.com> Reviewed-by: Philippe Mathieu-Daudé <philmd@linaro.org> Signed-off-by: Markus Armbruster <armbru@redhat.com>
2023-09-29crypto/cipher-gnutls.c: Clean up local variable shadowingPhilippe Mathieu-Daudé1-2/+2
Fix: In file included from crypto/cipher.c:140: crypto/cipher-gnutls.c.inc: In function ‘qcrypto_gnutls_cipher_encrypt’: crypto/cipher-gnutls.c.inc:116:17: warning: declaration of ‘err’ shadows a previous local [-Wshadow=compatible-local] 116 | int err = gnutls_cipher_init(&handle, ctx->galg, &gkey, NULL); | ^~~ crypto/cipher-gnutls.c.inc:94:9: note: shadowed declaration is here 94 | int err; | ^~~ --- crypto/cipher-gnutls.c.inc: In function ‘qcrypto_gnutls_cipher_decrypt’: crypto/cipher-gnutls.c.inc:177:17: warning: declaration of ‘err’ shadows a previous local [-Wshadow=compatible-local] 177 | int err = gnutls_cipher_init(&handle, ctx->galg, &gkey, NULL); | ^~~ crypto/cipher-gnutls.c.inc:154:9: note: shadowed declaration is here 154 | int err; | ^~~ Signed-off-by: Philippe Mathieu-Daudé <philmd@linaro.org> Message-ID: <20230904161235.84651-17-philmd@linaro.org> Reviewed-by: Daniel P. Berrangé <berrange@redhat.com> Signed-off-by: Markus Armbruster <armbru@redhat.com>
2023-09-15crypto: Add generic 64-bit carry-less multiply routineRichard Henderson1-0/+17
Reviewed-by: Ard Biesheuvel <ardb@kernel.org> Signed-off-by: Richard Henderson <richard.henderson@linaro.org>
2023-09-15crypto: Add generic 32-bit carry-less multiply routinesRichard Henderson1-0/+13
Reviewed-by: Ard Biesheuvel <ardb@kernel.org> Signed-off-by: Richard Henderson <richard.henderson@linaro.org>
2023-09-15crypto: Add generic 16-bit carry-less multiply routinesRichard Henderson1-0/+21
Reviewed-by: Ard Biesheuvel <ardb@kernel.org> Signed-off-by: Richard Henderson <richard.henderson@linaro.org>
2023-09-15crypto: Add generic 8-bit carry-less multiply routinesRichard Henderson2-3/+66
Reviewed-by: Ard Biesheuvel <ardb@kernel.org> Signed-off-by: Richard Henderson <richard.henderson@linaro.org>
2023-09-11crypto: Add SM4 constant parameter CKMax Chou1-0/+10
Adds sm4_ck constant for use in sm4 cryptography across different targets. Signed-off-by: Max Chou <max.chou@sifive.com> Reviewed-by: Frank Chang <frank.chang@sifive.com> Signed-off-by: Max Chou <max.chou@sifive.com> Message-ID: <20230711165917.2629866-15-max.chou@sifive.com> Signed-off-by: Alistair Francis <alistair.francis@wdc.com>
2023-09-11target/riscv: Use existing lookup tables for MixColumnsArd Biesheuvel1-2/+2
The AES MixColumns and InvMixColumns operations are relatively expensive 4x4 matrix multiplications in GF(2^8), which is why C implementations usually rely on precomputed lookup tables rather than performing the calculations on demand. Given that we already carry those tables in QEMU, we can just grab the right value in the implementation of the RISC-V AES32 instructions. Note that the tables in question are permuted according to the respective Sbox, so we can omit the Sbox lookup as well in this case. Cc: Richard Henderson <richard.henderson@linaro.org> Cc: Philippe Mathieu-Daudé <philmd@linaro.org> Cc: Zewen Ye <lustrew@foxmail.com> Cc: Weiwei Li <liweiwei@iscas.ac.cn> Cc: Junqiang Wang <wangjunqiang@iscas.ac.cn> Signed-off-by: Ard Biesheuvel <ardb@kernel.org> Reviewed-by: Richard Henderson <richard.henderson@linaro.org> Message-ID: <20230731084043.1791984-1-ardb@kernel.org> Signed-off-by: Alistair Francis <alistair.francis@wdc.com>
2023-09-08misc/other: spelling fixesMichael Tokarev4-8/+8
Signed-off-by: Michael Tokarev <mjt@tls.msk.ru> Reviewed-by: Eric Blake <eblake@redhat.com>
2023-08-31bulk: Do not declare function prototypes using 'extern' keywordPhilippe Mathieu-Daudé1-7/+6
By default, C function prototypes declared in headers are visible, so there is no need to declare them as 'extern' functions. Remove this redundancy in a single bulk commit; do not modify: - meson.build (used to check function availability at runtime) - pc-bios/ - libdecnumber/ - tests/ - *.c Signed-off-by: Philippe Mathieu-Daudé <philmd@linaro.org> Reviewed-by: Peter Maydell <peter.maydell@linaro.org> Message-Id: <20230605175647.88395-5-philmd@linaro.org>
2023-07-25crypto: Always initialize splitkeylenAkihiko Odaki1-2/+2
When _FORTIFY_SOURCE=2, glibc version is 2.35, and GCC version is 12.1.0, the compiler complains as follows: In file included from /usr/include/string.h:535, from /home/alarm/q/var/qemu/include/qemu/osdep.h:99, from ../crypto/block-luks.c:21: In function 'memset', inlined from 'qcrypto_block_luks_store_key' at ../crypto/block-luks.c:843:9: /usr/include/bits/string_fortified.h:59:10: error: 'splitkeylen' may be used uninitialized [-Werror=maybe-uninitialized] 59 | return __builtin___memset_chk (__dest, __ch, __len, | ^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ 60 | __glibc_objsize0 (__dest)); | ~~~~~~~~~~~~~~~~~~~~~~~~~~ ../crypto/block-luks.c: In function 'qcrypto_block_luks_store_key': ../crypto/block-luks.c:699:12: note: 'splitkeylen' was declared here 699 | size_t splitkeylen; | ^~~~~~~~~~~ It seems the compiler cannot see that splitkeylen will not be used when splitkey is NULL. Suppress the warning by initializing splitkeylen even when splitkey stays NULL. Signed-off-by: Akihiko Odaki <akihiko.odaki@daynix.com> Signed-off-by: Daniel P. Berrangé <berrange@redhat.com>
2023-07-09crypto: Unexport AES_*_rot, AES_TeN, AES_TdNRichard Henderson1-12/+21
These arrays are no longer used outside of aes.c. Acked-by: Daniel P. Berrangé <berrange@redhat.com> Reviewed-by: Philippe Mathieu-Daudé <philmd@linaro.org> Signed-off-by: Richard Henderson <richard.henderson@linaro.org>
2023-07-09crypto: Remove AES_imcRichard Henderson1-264/+0
This array is no longer used. Acked-by: Daniel P. Berrangé <berrange@redhat.com> Reviewed-by: Philippe Mathieu-Daudé <philmd@linaro.org> Signed-off-by: Richard Henderson <richard.henderson@linaro.org>
2023-07-09crypto: Implement aesdec_IMC with AES_imc_rotRichard Henderson1-21/+21
This method uses one uint32_t * 256 table instead of 4, which means its data cache overhead is less. Acked-by: Daniel P. Berrangé <berrange@redhat.com> Reviewed-by: Philippe Mathieu-Daudé <philmd@linaro.org> Signed-off-by: Richard Henderson <richard.henderson@linaro.org>
2023-07-09crypto: Remove AES_shifts, AES_ishiftsRichard Henderson1-14/+0
These arrays are no longer used, replaced by AES_SH_*, AES_ISH_*. Acked-by: Daniel P. Berrangé <berrange@redhat.com> Reviewed-by: Philippe Mathieu-Daudé <philmd@linaro.org> Signed-off-by: Richard Henderson <richard.henderson@linaro.org>
2023-07-08crypto: Add aesdec_ISB_ISR_AK_IMCRichard Henderson1-0/+14
Add a primitive for InvSubBytes + InvShiftRows + AddRoundKey + InvMixColumns. Acked-by: Daniel P. Berrangé <berrange@redhat.com> Reviewed-by: Philippe Mathieu-Daudé <philmd@linaro.org> Signed-off-by: Richard Henderson <richard.henderson@linaro.org>
2023-07-08crypto: Add aesdec_ISB_ISR_IMC_AKRichard Henderson1-0/+58
Add a primitive for InvSubBytes + InvShiftRows + InvMixColumns + AddRoundKey. Acked-by: Daniel P. Berrangé <berrange@redhat.com> Signed-off-by: Richard Henderson <richard.henderson@linaro.org>
2023-07-08crypto: Add aesenc_SB_SR_MC_AKRichard Henderson1-0/+58
Add a primitive for SubBytes + ShiftRows + MixColumns + AddRoundKey. Acked-by: Daniel P. Berrangé <berrange@redhat.com> Signed-off-by: Richard Henderson <richard.henderson@linaro.org>
2023-07-08crypto: Add aesdec_IMCRichard Henderson1-0/+59
Add a primitive for InvMixColumns. Acked-by: Daniel P. Berrangé <berrange@redhat.com> Signed-off-by: Richard Henderson <richard.henderson@linaro.org>
2023-07-08crypto: Add aesenc_MCRichard Henderson1-0/+61
Add a primitive for MixColumns. Acked-by: Daniel P. Berrangé <berrange@redhat.com> Signed-off-by: Richard Henderson <richard.henderson@linaro.org>
2023-07-08crypto: Add aesdec_ISB_ISR_AKRichard Henderson1-0/+45
Add a primitive for InvSubBytes + InvShiftRows + AddRoundKey. Reviewed-by: Daniel P. Berrangé <berrange@redhat.com> Signed-off-by: Richard Henderson <richard.henderson@linaro.org>
2023-07-08crypto: Add aesenc_SB_SR_AKRichard Henderson1-0/+46
Start adding infrastructure for accelerating guest AES. Begin with a SubBytes + ShiftRows + AddRoundKey primitive. Acked-by: Daniel P. Berrangé <berrange@redhat.com> Signed-off-by: Richard Henderson <richard.henderson@linaro.org>
2023-07-08crypto/aes: Add AES_SH, AES_ISH macrosRichard Henderson1-2/+14
These macros will constant fold and avoid the indirection through memory when fully unrolling some new primitives. Acked-by: Daniel P. Berrangé <berrange@redhat.com> Reviewed-by: Philippe Mathieu-Daudé <philmd@linaro.org> Signed-off-by: Richard Henderson <richard.henderson@linaro.org>
2023-07-08target/arm: Move aesmc and aesimc tables to crypto/aes.cRichard Henderson1-0/+140
We do not currently have a table in crypto/ for just MixColumns. Move both tables for consistency. Acked-by: Daniel P. Berrangé <berrange@redhat.com> Reviewed-by: Philippe Mathieu-Daudé <philmd@linaro.org> Signed-off-by: Richard Henderson <richard.henderson@linaro.org>
2023-03-13win32: replace closesocket() with close() wrapperMarc-André Lureau1-3/+3
Use a close() wrapper instead, so that we don't need to worry about closesocket() vs close() anymore, let's hope. Signed-off-by: Marc-André Lureau <marcandre.lureau@redhat.com> Reviewed-by: Stefan Berger <stefanb@linux.ibm.com> Message-Id: <20230221124802.4103554-17-marcandre.lureau@redhat.com>
2023-02-15crypto: TLS: introduce `check_pending`Antoine Damhet1-0/+14
The new `qcrypto_tls_session_check_pending` function allows the caller to know if data have already been consumed from the backend and is already available. Signed-off-by: Antoine Damhet <antoine.damhet@shadow.tech> Signed-off-by: Daniel P. Berrangé <berrange@redhat.com>
2023-02-08crypto: Clean up includesMarkus Armbruster1-1/+0
This commit was created with scripts/clean-includes. All .c should include qemu/osdep.h first. The script performs three related cleanups: * Ensure .c files include qemu/osdep.h first. * Including it in a .h is redundant, since the .c already includes it. Drop such inclusions. * Likewise, including headers qemu/osdep.h includes is redundant. Drop these, too. Signed-off-by: Markus Armbruster <armbru@redhat.com> Reviewed-by: Philippe Mathieu-Daudé <philmd@linaro.org> Reviewed-by: Michael S. Tsirkin <mst@redhat.com> Message-Id: <20230202133830.2152150-7-armbru@redhat.com>
2023-01-19coroutine: Clean up superfluous inclusion of qemu/coroutine.hMarkus Armbruster2-2/+0
Signed-off-by: Markus Armbruster <armbru@redhat.com> Reviewed-by: Stefan Hajnoczi <stefanha@redhat.com> Message-Id: <20221221131435.3851212-2-armbru@redhat.com>
2022-12-14qapi crypto: Elide redundant has_FOO in generated CMarkus Armbruster1-8/+8
The has_FOO for pointer-valued FOO are redundant, except for arrays. They are also a nuisance to work with. Recent commit "qapi: Start to elide redundant has_FOO in generated C" provided the means to elide them step by step. This is the step for qapi/crypto.json. Said commit explains the transformation in more detail. The invariant violations mentioned there do not occur here. Cc: Daniel P. Berrangé" <berrange@redhat.com> Signed-off-by: Markus Armbruster <armbru@redhat.com> Reviewed-by: Daniel P. Berrangé <berrange@redhat.com> Reviewed-by: Philippe Mathieu-Daudé <philmd@linaro.org> Message-Id: <20221104160712.3005652-13-armbru@redhat.com>
2022-11-02crypto: Support export akcipher to pkcs8Lei He3-1/+70
crypto: support export RSA private keys with PKCS#8 standard. So that users can upload this private key to linux kernel. Signed-off-by: lei he <helei.sig11@bytedance.com> Message-Id: <20221008085030.70212-4-helei.sig11@bytedance.com> Reviewed-by: Michael S. Tsirkin <mst@redhat.com> Signed-off-by: Michael S. Tsirkin <mst@redhat.com> Reviewed-by: Daniel P. Berrangé <berrange@redhat.com>
2022-11-02crypto: Support DER encodingsLei He2-25/+493
Add encoding interfaces for DER encoding: 1. support decoding of 'bit string', 'octet string', 'object id' and 'context specific tag' for DER encoder. 2. implemented a simple DER encoder. 3. add more testsuits for DER encoder. Signed-off-by: lei he <helei.sig11@bytedance.com> Message-Id: <20221008085030.70212-3-helei.sig11@bytedance.com> Reviewed-by: Michael S. Tsirkin <mst@redhat.com> Signed-off-by: Michael S. Tsirkin <mst@redhat.com> Reviewed-by: Daniel P. Berrangé <berrange@redhat.com>
2022-10-27crypto: quote algorithm names in error messagesDaniel P. Berrangé1-3/+3
If given a malformed LUKS header, it is possible that the algorithm names end up being an empty string. This leads to confusing error messages unless quoting is used to highlight where the empty string is subsituted in the error message. Reviewed-by: Richard W.M. Jones <rjones@redhat.com> Signed-off-by: Daniel P. Berrangé <berrange@redhat.com>
2022-10-27crypto: split off helpers for converting LUKS header endianessDaniel P. Berrangé2-32/+53
The unit test suite is shortly going to want to convert header endianness separately from the main I/O functions. Reviewed-by: Richard W.M. Jones <rjones@redhat.com> Signed-off-by: Daniel P. Berrangé <berrange@redhat.com>
2022-10-27crypto: split LUKS header definitions off into fileDaniel P. Berrangé2-93/+138
This will allow unit testing code to use the structs. Reviewed-by: Richard W.M. Jones <rjones@redhat.com> Signed-off-by: Daniel P. Berrangé <berrange@redhat.com>
2022-10-27crypto: check that LUKS PBKDF2 iterations count is non-zeroDaniel P. Berrangé1-0/+11
Both the master key and key slot passphrases are run through the PBKDF2 algorithm. The iterations count is expected to be generally very large (many 10's or 100's of 1000s). It is hard to define a low level cutoff, but we can certainly say that iterations count should be non-zero. A zero count likely indicates an initialization mistake so reject it. Reviewed-by: Richard W.M. Jones <rjones@redhat.com> Signed-off-by: Daniel P. Berrangé <berrange@redhat.com>
2022-10-27crypto: strengthen the check for key slots overlapping with LUKS headerDaniel P. Berrangé1-1/+1
The LUKS header data on disk is a fixed size, however, there's expected to be a gap between the end of the header and the first key slot to get alignment with the 2nd sector on 4k drives. This wasn't originally part of the LUKS spec, but was always part of the reference implementation, so it is worth validating this. Reviewed-by: Richard W.M. Jones <rjones@redhat.com> Signed-off-by: Daniel P. Berrangé <berrange@redhat.com>
2022-10-27crypto: validate that LUKS payload doesn't overlap with headerDaniel P. Berrangé1-0/+7
We already validate that LUKS keyslots don't overlap with the header, or with each other. This closes the remaining hole in validation of LUKS file regions. Reviewed-by: Richard W.M. Jones <rjones@redhat.com> Signed-off-by: Daniel P. Berrangé <berrange@redhat.com>
2022-10-27crypto: enforce that key material doesn't overlap with LUKS headerDaniel P. Berrangé1-0/+8
We already check that key material doesn't overlap between key slots, and that it doesn't overlap with the payload. We didn't check for overlap with the LUKS header. Reviewed-by: Richard W.M. Jones <rjones@redhat.com> Signed-off-by: Daniel P. Berrangé <berrange@redhat.com>
2022-10-27crypto: enforce that LUKS stripes is always a fixed valueDaniel P. Berrangé1-2/+3
Although the LUKS stripes are encoded in the keyslot header and so potentially configurable, in pratice the cryptsetup impl mandates this has the fixed value 4000. To avoid incompatibility apply the same enforcement in QEMU too. This also caps the memory usage for key material when QEMU tries to open a LUKS volume. Reviewed-by: Richard W.M. Jones <rjones@redhat.com> Signed-off-by: Daniel P. Berrangé <berrange@redhat.com>
2022-10-27crypto: sanity check that LUKS header strings are NUL-terminatedDaniel P. Berrangé1-0/+18
The LUKS spec requires that header strings are NUL-terminated, and our code relies on that. Protect against maliciously crafted headers by adding validation. Reviewed-by: Richard W.M. Jones <rjones@redhat.com> Signed-off-by: Daniel P. Berrangé <berrange@redhat.com>
2022-10-27crypto: check for and report errors setting PSK credentialsDaniel P. Berrangé1-3/+13
If setting credentials fails, the handshake will later fail to complete with an obscure error message which is hard to diagnose. Reviewed-by: Bin Meng <bmeng.cn@gmail.com> Tested-by: Bin Meng <bmeng.cn@gmail.com> Signed-off-by: Daniel P. Berrangé <berrange@redhat.com>
2022-10-26crypto/luks: Support creating LUKS image on DarwinJungmin Park1-0/+23
When the user creates a LUKS-encrypted qcow2 image using the qemu-img program, the passphrase is hashed using PBKDF2 with a dynamic number of iterations. The number of iterations is determined by measuring thread cpu time usage, such that it takes approximately 2 seconds to compute the hash. Because Darwin doesn't implement getrusage(RUSAGE_THREAD), we get an error message: > qemu-img: test.qcow2: Unable to calculate thread CPU usage on this platform for this command: > qemu-img create --object secret,id=key,data=1234 -f qcow2 -o 'encrypt.format=luks,encrypt.key-secret=key' test.qcow2 100M This patch implements qcrypto_pbkdf2_get_thread_cpu() for Darwin so that the above command works. Signed-off-by: Jungmin Park <pjm0616@gmail.com> Signed-off-by: Daniel P. Berrangé <berrange@redhat.com>
2022-07-12crypto: Make block callbacks return 0 on successAlberto Faria2-7/+7
They currently return the value of their headerlen/buflen parameter on success. Returning 0 instead makes it clear that short reads/writes are not possible. Signed-off-by: Alberto Faria <afaria@redhat.com> Reviewed-by: Eric Blake <eblake@redhat.com> Reviewed-by: Stefan Hajnoczi <stefanha@redhat.com> Message-Id: <20220609152744.3891847-5-afaria@redhat.com> Reviewed-by: Hanna Reitz <hreitz@redhat.com> Signed-off-by: Hanna Reitz <hreitz@redhat.com>
2022-05-26test/crypto: Add test suite for crypto akcipherLei He1-7/+7
Add unit test and benchmark test for crypto akcipher. Signed-off-by: lei he <helei.sig11@bytedance.com> Signed-off-by: zhenwei pi <pizhenwei@bytedance.com> Signed-off-by: Daniel P. Berrangé <berrange@redhat.com>
2022-05-26crypto: Implement RSA algorithm by gcryptLei He2-1/+598
Added gcryt implementation of RSA algorithm, RSA algorithm implemented by gcrypt has a higher priority than nettle because it supports raw padding. Signed-off-by: lei he <helei.sig11@bytedance.com> Signed-off-by: Daniel P. Berrangé <berrange@redhat.com>
2022-05-26crypto: Implement RSA algorithm by hogweedLei He7-0/+953
Implement RSA algorithm by hogweed from nettle. Thus QEMU supports a 'real' RSA backend to handle request from guest side. It's important to test RSA offload case without OS & hardware requirement. Signed-off-by: lei he <helei.sig11@bytedance.com> Signed-off-by: zhenwei pi <pizhenwei@bytedance.com> Signed-off-by: Daniel P. Berrangé <berrange@redhat.com>
2022-05-26crypto: add ASN.1 DER decoderLei He3-0/+271
Add an ANS.1 DER decoder which is used to parse asymmetric cipher keys Signed-off-by: zhenwei pi <pizhenwei@bytedance.com> Signed-off-by: lei he <helei.sig11@bytedance.com> Signed-off-by: Daniel P. Berrangé <berrange@redhat.com>
2022-05-26crypto: Introduce akcipher crypto classzhenwei pi3-0/+158
Introduce new akcipher crypto class 'QCryptoAkCIpher', which supports basic asymmetric operations: encrypt, decrypt, sign and verify. Suggested by Daniel P. Berrangé, also add autoptr cleanup for the new class. Thanks to Daniel! Co-developed-by: lei he <helei.sig11@bytedance.com> Signed-off-by: lei he <helei.sig11@bytedance.com> Signed-off-by: zhenwei pi <pizhenwei@bytedance.com> Signed-off-by: Daniel P. Berrangé <berrange@redhat.com>