qemu-devel
[Top][All Lists]
Advanced
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [PATCH v2 1/2] crypto: add support for accumulative hashing

From: Daniel P . Berrangé
Subject: Re: [PATCH v2 1/2] crypto: add support for accumulative hashing
Date: Tue, 30 Jul 2024 17:34:00 +0100
User-agent: Mutt/2.2.12 (2023-09-09) 
On Tue, Jul 30, 2024 at 05:58:38PM +0200, Cédric Le Goater wrote:
> On 7/29/24 21:00, Alejandro Zeise wrote:
> > This change adds an accumulative hashing function
> > (qcrypto_hash_accumulate_bytesv) and implementation
> > for each of the crypto library backends that QEMU supports.
> > 
> > The QCrypto API did not support hashing in an accumulative mode.
> > As such, hardware hash modules (like the HACE from Aspeed's SoCs) are
> > unable to perform such operations correctly when the guest requires it.
> > 
> > The creation and freeing of each library's context is abstracted by
> > the qcrypto_hash_accumulate_new_ctx and qcrypto_hash_accumulate_free_ctx
> > functions.
> > 
> > Changes in V2:
> > * Fixed error checking bug in libgcrypt backend
> > 
> > Signed-off-by: Alejandro Zeise <alejandro.zeise@seagate.com>
> > ---
> >   crypto/hash-gcrypt.c  | 105 ++++++++++++++++++++++++++++++++++++++++++
> >   crypto/hash-glib.c    |  89 +++++++++++++++++++++++++++++++++++
> >   crypto/hash-gnutls.c  |  82 +++++++++++++++++++++++++++++++++
> >   crypto/hash-nettle.c  |  93 +++++++++++++++++++++++++++++++++++++
> >   crypto/hash.c         |  42 +++++++++++++++++
> >   crypto/hashpriv.h     |  11 +++++
> >   include/crypto/hash.h |  65 ++++++++++++++++++++++++++
> >   7 files changed, 487 insertions(+)

> > diff --git a/include/crypto/hash.h b/include/crypto/hash.h
> > index 54d87aa2a1..fb8ae2d099 100644
> > --- a/include/crypto/hash.h
> > +++ b/include/crypto/hash.h
> > @@ -1,6 +1,7 @@
> >   /*
> >    * QEMU Crypto hash algorithms
> >    *
> > + * Copyright (c) 2024 Seagate Technology LLC and/or its Affiliates
> >    * Copyright (c) 2015 Red Hat, Inc.
> >    *
> >    * This library is free software; you can redistribute it and/or
> > @@ -25,6 +26,8 @@
> >   /* See also "QCryptoHashAlgorithm" defined in qapi/crypto.json */
> > +typedef void qcrypto_hash_accumulate_ctx_t;
> 
> 
> QCryptoHmac defines a similar API. I would do the same for the hash
> accumulative mode. See hmac files.

Yes, ideally the hmac APIs would match the hash APIs.

That said, the changes I've just requested are already a
large amount of work, so I'm not going to demand that
the hmac.c code is also changed.

Alejandro: if have you time to update hmac.c that would
be awesome, but consider it optional.

With regards,
Daniel
-- 
|: https://berrange.com      -o-    https://www.flickr.com/photos/dberrange :|
|: https://libvirt.org         -o-            https://fstop138.berrange.com :|
|: https://entangle-photo.org    -o-    https://www.instagram.com/dberrange :|
reply via email to
[Prev in Thread] Current Thread [Next in Thread]