From nobody Sat Apr 20 03:09:53 2024 Delivered-To: importer@patchew.org Authentication-Results: mx.zohomail.com; dkim=pass; spf=pass (zohomail.com: domain of gnu.org designates 209.51.188.17 as permitted sender) smtp.mailfrom=qemu-devel-bounces+importer=patchew.org@nongnu.org; dmarc=fail(p=none dis=none) header.from=bytedance.com ARC-Seal: i=1; a=rsa-sha256; t=1652490500; cv=none; d=zohomail.com; s=zohoarc; b=kk9t23bp5JCMAMsr0LJdTcfyjlwp4AOUcHyqNATlN1c6B5lUy1v9SZxiHoDMmQhHFzM/BviAZcoTJCbgYBo48akB8xZYAwZTH0+uhOCo5QmbE/sQ+GFJEPis43RP4IGf9Z9plSnFfHvfN1BjOJCYdRqYK8/8f447y1fclvzpjGM= ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=zohomail.com; s=zohoarc; t=1652490500; h=Content-Type:Content-Transfer-Encoding:Cc:Date:From:In-Reply-To:List-Subscribe:List-Post:List-Id:List-Archive:List-Help:List-Unsubscribe:MIME-Version:Message-ID:References:Sender:Subject:To; bh=iIJSWXum182XvEL2ia4jQ4QciU62+avYX3pAPB8sVlc=; b=WwRvudKhnKva96Sqr064O3JSR35WFxkI1izYrwvsElcWIrQv5RJUuvc1ESYjot2UF1hyp1MgINqSGp0kvxdGTqJgFhaJbNVO5woliI8j8BKErx7Xnh43YVXzRPzi6pJD0NghLLkjbTIqMBKk68XyoAvSDAz4jOfv9R1VWnV4fTg= ARC-Authentication-Results: i=1; mx.zohomail.com; dkim=pass; spf=pass (zohomail.com: domain of gnu.org designates 209.51.188.17 as permitted sender) smtp.mailfrom=qemu-devel-bounces+importer=patchew.org@nongnu.org; dmarc=fail header.from= (p=none dis=none) Return-Path: Received: from lists.gnu.org (lists.gnu.org [209.51.188.17]) by mx.zohomail.com with SMTPS id 1652490500843991.0146981283854; Fri, 13 May 2022 18:08:20 -0700 (PDT) Received: from localhost ([::1]:50870 helo=lists1p.gnu.org) by lists.gnu.org with esmtp (Exim 4.90_1) (envelope-from ) id 1npgGZ-0002x5-Nu for importer@patchew.org; Fri, 13 May 2022 21:08:19 -0400 Received: from eggs.gnu.org ([2001:470:142:3::10]:41658) by lists.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.90_1) (envelope-from ) id 1npg87-0001co-8v for qemu-devel@nongnu.org; Fri, 13 May 2022 20:59:35 -0400 Received: from mail-pf1-x430.google.com ([2607:f8b0:4864:20::430]:35376) by eggs.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_128_GCM_SHA256:128) (Exim 4.90_1) (envelope-from ) id 1npg81-0008Pa-Ua for qemu-devel@nongnu.org; Fri, 13 May 2022 20:59:32 -0400 Received: by mail-pf1-x430.google.com with SMTP id c14so9098771pfn.2 for ; Fri, 13 May 2022 17:59:22 -0700 (PDT) Received: from always-x1.www.tendawifi.com ([139.177.225.239]) by smtp.gmail.com with ESMTPSA id t24-20020a170902b21800b0015e8d4eb1dbsm2466125plr.37.2022.05.13.17.59.17 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Fri, 13 May 2022 17:59:20 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=bytedance-com.20210112.gappssmtp.com; s=20210112; h=from:to:cc:subject:date:message-id:in-reply-to:references :mime-version:content-transfer-encoding; bh=iIJSWXum182XvEL2ia4jQ4QciU62+avYX3pAPB8sVlc=; b=IryO49kj83IsngKODwb2QQE43kbM6CxwrtkR5hv5k75x61n3rnyay1Z8WWQ6mZmlM1 wHCl8m1PqSne67EvD6W0i75wypL6EPCIXTG2nEUWefDBT0lvrOoJupW/Juqwv+rJ9i0B yU4kjssNc5iZQL1eUwTRkGPvIjH/fMU7QHLSPh2IRH0LCmCTZ3WapcSapn2mR7EHT0yt VXfmQ4N/OvsJI+cm/9/KFWrp9dQHAMoS7UYWYru106IeCZ1GMnMnXPAo/RQjjbLYgpzx 9i47IHuP2Znoc4jZgjNAqOZlCGs7miKawn6roR5q2d5yGv+pY+VaUwyE1SHpOeu/S+0/ mMWg== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20210112; h=x-gm-message-state:from:to:cc:subject:date:message-id:in-reply-to :references:mime-version:content-transfer-encoding; bh=iIJSWXum182XvEL2ia4jQ4QciU62+avYX3pAPB8sVlc=; b=FJTmFy2lNsgMyzk+A8vzNZUPVroflb04MRuaHkMg7gjJ+x4/CjrlLgKveAnPJyjh5P vFFmNxX4hSg7YXK+BWbAnt3S54OIjgYQJBvw+POc24Jp/O1WEIPxuD+1UiUE9xv6nuhm PBvzN8swxaUFxnk0kTX53wJuvFms5yQBHfluPsafL5IoTeGHhqIhj7H1E2wpnBMI9wS8 68/TwvsyDSpINnd8SIo0SgOYV9aVuOCKJrzN6MMWJSy/Vgdtnui05eQVlNkgnou1WaXs F4Xn4on+2xeP/J1mCJin/Qlm++B2flmQLSibXHdTUkiT9x44gHNYpsRPRo7KkkVGQokp 1gbg== X-Gm-Message-State: AOAM531y7we5L0yX78yOAR6mJSZ6koVxbncUKZQaF8/JUQTvgGHPjXJs rk7YmDBWJN2bJbA+4KRgpcZQFw== X-Google-Smtp-Source: ABdhPJyQy0hm4e6qkkbTmYRLJcEYNki8m5v6GckSrokR5ARC1yQJD3M7q2U8kcjyXWa5PpG+NFNn4w== X-Received: by 2002:a05:6a00:a1e:b0:50d:bb0c:2e27 with SMTP id p30-20020a056a000a1e00b0050dbb0c2e27mr6878561pfh.49.1652489961560; Fri, 13 May 2022 17:59:21 -0700 (PDT) From: zhenwei pi To: mst@redhat.com, arei.gonglei@huawei.com, berrange@redhat.com Cc: qemu-devel@nongnu.org, virtualization@lists.linux-foundation.org, linux-crypto@vger.kernel.org, helei.sig11@bytedance.com, jasowang@redhat.com, pizhenwei@bytedance.com, cohuck@redhat.com Subject: [PATCH v6 1/9] virtio-crypto: header update Date: Sat, 14 May 2022 08:54:56 +0800 Message-Id: <20220514005504.1042884-2-pizhenwei@bytedance.com> X-Mailer: git-send-email 2.25.1 In-Reply-To: <20220514005504.1042884-1-pizhenwei@bytedance.com> References: <20220514005504.1042884-1-pizhenwei@bytedance.com> MIME-Version: 1.0 Content-Type: text/plain; charset="utf-8" Content-Transfer-Encoding: quoted-printable Received-SPF: pass (zohomail.com: domain of gnu.org designates 209.51.188.17 as permitted sender) client-ip=209.51.188.17; envelope-from=qemu-devel-bounces+importer=patchew.org@nongnu.org; helo=lists.gnu.org; Received-SPF: pass client-ip=2607:f8b0:4864:20::430; envelope-from=pizhenwei@bytedance.com; helo=mail-pf1-x430.google.com X-Spam_score_int: -18 X-Spam_score: -1.9 X-Spam_bar: - X-Spam_report: (-1.9 / 5.0 requ) BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, RCVD_IN_DNSWL_NONE=-0.0001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001, T_SCC_BODY_TEXT_LINE=-0.01 autolearn=ham autolearn_force=no X-Spam_action: no action X-BeenThere: qemu-devel@nongnu.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: qemu-devel-bounces+importer=patchew.org@nongnu.org Sender: "Qemu-devel" X-ZohoMail-DKIM: pass (identity @bytedance-com.20210112.gappssmtp.com) X-ZM-MESSAGEID: 1652490502530100001 Update header from linux, support akcipher service. Reviewed-by: Daniel P. Berrang=C3=A9 Reviewed-by: Gonglei Signed-off-by: lei he Signed-off-by: zhenwei pi --- .../standard-headers/linux/virtio_crypto.h | 82 ++++++++++++++++++- 1 file changed, 81 insertions(+), 1 deletion(-) diff --git a/include/standard-headers/linux/virtio_crypto.h b/include/stand= ard-headers/linux/virtio_crypto.h index 5ff0b4ee59..68066dafb6 100644 --- a/include/standard-headers/linux/virtio_crypto.h +++ b/include/standard-headers/linux/virtio_crypto.h @@ -37,6 +37,7 @@ #define VIRTIO_CRYPTO_SERVICE_HASH 1 #define VIRTIO_CRYPTO_SERVICE_MAC 2 #define VIRTIO_CRYPTO_SERVICE_AEAD 3 +#define VIRTIO_CRYPTO_SERVICE_AKCIPHER 4 =20 #define VIRTIO_CRYPTO_OPCODE(service, op) (((service) << 8) | (op)) =20 @@ -57,6 +58,10 @@ struct virtio_crypto_ctrl_header { VIRTIO_CRYPTO_OPCODE(VIRTIO_CRYPTO_SERVICE_AEAD, 0x02) #define VIRTIO_CRYPTO_AEAD_DESTROY_SESSION \ VIRTIO_CRYPTO_OPCODE(VIRTIO_CRYPTO_SERVICE_AEAD, 0x03) +#define VIRTIO_CRYPTO_AKCIPHER_CREATE_SESSION \ + VIRTIO_CRYPTO_OPCODE(VIRTIO_CRYPTO_SERVICE_AKCIPHER, 0x04) +#define VIRTIO_CRYPTO_AKCIPHER_DESTROY_SESSION \ + VIRTIO_CRYPTO_OPCODE(VIRTIO_CRYPTO_SERVICE_AKCIPHER, 0x05) uint32_t opcode; uint32_t algo; uint32_t flag; @@ -180,6 +185,58 @@ struct virtio_crypto_aead_create_session_req { uint8_t padding[32]; }; =20 +struct virtio_crypto_rsa_session_para { +#define VIRTIO_CRYPTO_RSA_RAW_PADDING 0 +#define VIRTIO_CRYPTO_RSA_PKCS1_PADDING 1 + uint32_t padding_algo; + +#define VIRTIO_CRYPTO_RSA_NO_HASH 0 +#define VIRTIO_CRYPTO_RSA_MD2 1 +#define VIRTIO_CRYPTO_RSA_MD3 2 +#define VIRTIO_CRYPTO_RSA_MD4 3 +#define VIRTIO_CRYPTO_RSA_MD5 4 +#define VIRTIO_CRYPTO_RSA_SHA1 5 +#define VIRTIO_CRYPTO_RSA_SHA256 6 +#define VIRTIO_CRYPTO_RSA_SHA384 7 +#define VIRTIO_CRYPTO_RSA_SHA512 8 +#define VIRTIO_CRYPTO_RSA_SHA224 9 + uint32_t hash_algo; +}; + +struct virtio_crypto_ecdsa_session_para { +#define VIRTIO_CRYPTO_CURVE_UNKNOWN 0 +#define VIRTIO_CRYPTO_CURVE_NIST_P192 1 +#define VIRTIO_CRYPTO_CURVE_NIST_P224 2 +#define VIRTIO_CRYPTO_CURVE_NIST_P256 3 +#define VIRTIO_CRYPTO_CURVE_NIST_P384 4 +#define VIRTIO_CRYPTO_CURVE_NIST_P521 5 + uint32_t curve_id; + uint32_t padding; +}; + +struct virtio_crypto_akcipher_session_para { +#define VIRTIO_CRYPTO_NO_AKCIPHER 0 +#define VIRTIO_CRYPTO_AKCIPHER_RSA 1 +#define VIRTIO_CRYPTO_AKCIPHER_DSA 2 +#define VIRTIO_CRYPTO_AKCIPHER_ECDSA 3 + uint32_t algo; + +#define VIRTIO_CRYPTO_AKCIPHER_KEY_TYPE_PUBLIC 1 +#define VIRTIO_CRYPTO_AKCIPHER_KEY_TYPE_PRIVATE 2 + uint32_t keytype; + uint32_t keylen; + + union { + struct virtio_crypto_rsa_session_para rsa; + struct virtio_crypto_ecdsa_session_para ecdsa; + } u; +}; + +struct virtio_crypto_akcipher_create_session_req { + struct virtio_crypto_akcipher_session_para para; + uint8_t padding[36]; +}; + struct virtio_crypto_alg_chain_session_para { #define VIRTIO_CRYPTO_SYM_ALG_CHAIN_ORDER_HASH_THEN_CIPHER 1 #define VIRTIO_CRYPTO_SYM_ALG_CHAIN_ORDER_CIPHER_THEN_HASH 2 @@ -247,6 +304,8 @@ struct virtio_crypto_op_ctrl_req { mac_create_session; struct virtio_crypto_aead_create_session_req aead_create_session; + struct virtio_crypto_akcipher_create_session_req + akcipher_create_session; struct virtio_crypto_destroy_session_req destroy_session; uint8_t padding[56]; @@ -266,6 +325,14 @@ struct virtio_crypto_op_header { VIRTIO_CRYPTO_OPCODE(VIRTIO_CRYPTO_SERVICE_AEAD, 0x00) #define VIRTIO_CRYPTO_AEAD_DECRYPT \ VIRTIO_CRYPTO_OPCODE(VIRTIO_CRYPTO_SERVICE_AEAD, 0x01) +#define VIRTIO_CRYPTO_AKCIPHER_ENCRYPT \ + VIRTIO_CRYPTO_OPCODE(VIRTIO_CRYPTO_SERVICE_AKCIPHER, 0x00) +#define VIRTIO_CRYPTO_AKCIPHER_DECRYPT \ + VIRTIO_CRYPTO_OPCODE(VIRTIO_CRYPTO_SERVICE_AKCIPHER, 0x01) +#define VIRTIO_CRYPTO_AKCIPHER_SIGN \ + VIRTIO_CRYPTO_OPCODE(VIRTIO_CRYPTO_SERVICE_AKCIPHER, 0x02) +#define VIRTIO_CRYPTO_AKCIPHER_VERIFY \ + VIRTIO_CRYPTO_OPCODE(VIRTIO_CRYPTO_SERVICE_AKCIPHER, 0x03) uint32_t opcode; /* algo should be service-specific algorithms */ uint32_t algo; @@ -390,6 +457,16 @@ struct virtio_crypto_aead_data_req { uint8_t padding[32]; }; =20 +struct virtio_crypto_akcipher_para { + uint32_t src_data_len; + uint32_t dst_data_len; +}; + +struct virtio_crypto_akcipher_data_req { + struct virtio_crypto_akcipher_para para; + uint8_t padding[40]; +}; + /* The request of the data virtqueue's packet */ struct virtio_crypto_op_data_req { struct virtio_crypto_op_header header; @@ -399,6 +476,7 @@ struct virtio_crypto_op_data_req { struct virtio_crypto_hash_data_req hash_req; struct virtio_crypto_mac_data_req mac_req; struct virtio_crypto_aead_data_req aead_req; + struct virtio_crypto_akcipher_data_req akcipher_req; uint8_t padding[48]; } u; }; @@ -408,6 +486,8 @@ struct virtio_crypto_op_data_req { #define VIRTIO_CRYPTO_BADMSG 2 #define VIRTIO_CRYPTO_NOTSUPP 3 #define VIRTIO_CRYPTO_INVSESS 4 /* Invalid session id */ +#define VIRTIO_CRYPTO_NOSPC 5 /* no free session ID */ +#define VIRTIO_CRYPTO_KEY_REJECTED 6 /* Signature verification failed */ =20 /* The accelerator hardware is ready */ #define VIRTIO_CRYPTO_S_HW_READY (1 << 0) @@ -438,7 +518,7 @@ struct virtio_crypto_config { uint32_t max_cipher_key_len; /* Maximum length of authenticated key */ uint32_t max_auth_key_len; - uint32_t reserve; + uint32_t akcipher_algo; /* Maximum size of each crypto request's content */ uint64_t max_size; }; --=20 2.20.1 From nobody Sat Apr 20 03:09:53 2024 Delivered-To: importer@patchew.org Authentication-Results: mx.zohomail.com; dkim=pass; spf=pass (zohomail.com: domain of gnu.org designates 209.51.188.17 as permitted sender) smtp.mailfrom=qemu-devel-bounces+importer=patchew.org@nongnu.org; dmarc=fail(p=none dis=none) header.from=bytedance.com ARC-Seal: i=1; a=rsa-sha256; t=1652490232; cv=none; d=zohomail.com; s=zohoarc; b=N8tBjC45xWT8ZeWj/IDe3LFrmqlJ4k96mbaW8UA2ZmyD7Rrdu2MHM5T2M7EvfYbCg6mbQLnlf+RvdAVJGaXIyo6UBMtjyqbgVpMKQgsZS4BS5jjLjr1CYOSodPem12pYN3szvYCQO5R6A0hyxrOVmDyn/w8ZeCpsRqwCWqHJipU= ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=zohomail.com; s=zohoarc; t=1652490232; h=Content-Type:Content-Transfer-Encoding:Cc:Date:From:In-Reply-To:List-Subscribe:List-Post:List-Id:List-Archive:List-Help:List-Unsubscribe:MIME-Version:Message-ID:References:Sender:Subject:To; bh=ebyq3t0cku0JBJko0+i5+pZ5xMWPYwbiZj5xlzmmt5U=; b=LU73MsDQfATdOzt3OhXgwlu/inBuIi4m1rqdFWFGTQys7snysF6+NUqmBdTApQd7yfVSl8MOyw/Q0dYo/bN/EdJ0oCCf6vBSlbhEWP8QQ5NGl+rrrpAw8erMDP9b9mWOvXm/90D2jdfjqwffkzsNhHHdPI3Uhl8C+nyrcijg8Eg= ARC-Authentication-Results: i=1; mx.zohomail.com; dkim=pass; spf=pass (zohomail.com: domain of gnu.org designates 209.51.188.17 as permitted sender) smtp.mailfrom=qemu-devel-bounces+importer=patchew.org@nongnu.org; dmarc=fail header.from= (p=none dis=none) Return-Path: Received: from lists.gnu.org (lists.gnu.org [209.51.188.17]) by mx.zohomail.com with SMTPS id 16524902326711015.6034750177791; Fri, 13 May 2022 18:03:52 -0700 (PDT) Received: from localhost ([::1]:42552 helo=lists1p.gnu.org) by lists.gnu.org with esmtp (Exim 4.90_1) (envelope-from ) id 1npgCF-0004dN-KC for importer@patchew.org; Fri, 13 May 2022 21:03:51 -0400 Received: from eggs.gnu.org ([2001:470:142:3::10]:41690) by lists.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.90_1) (envelope-from ) id 1npg87-0001ex-9W for qemu-devel@nongnu.org; Fri, 13 May 2022 20:59:35 -0400 Received: from mail-pj1-x1029.google.com ([2607:f8b0:4864:20::1029]:36480) by eggs.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_128_GCM_SHA256:128) (Exim 4.90_1) (envelope-from ) id 1npg82-0008Pj-BA for qemu-devel@nongnu.org; Fri, 13 May 2022 20:59:33 -0400 Received: by mail-pj1-x1029.google.com with SMTP id gj17-20020a17090b109100b001d8b390f77bso12258541pjb.1 for ; Fri, 13 May 2022 17:59:27 -0700 (PDT) Received: from always-x1.www.tendawifi.com ([139.177.225.239]) by smtp.gmail.com with ESMTPSA id t24-20020a170902b21800b0015e8d4eb1dbsm2466125plr.37.2022.05.13.17.59.21 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Fri, 13 May 2022 17:59:25 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=bytedance-com.20210112.gappssmtp.com; s=20210112; h=from:to:cc:subject:date:message-id:in-reply-to:references :mime-version:content-transfer-encoding; bh=ebyq3t0cku0JBJko0+i5+pZ5xMWPYwbiZj5xlzmmt5U=; b=MBM+xEUOV19dRN+3DfVQA7Wlr9RpJkVWY8j/eTWiojTA5dkgFe6+3neEqo7JubjKtV XvfkYqNg+NUWejB12xLuq45dBG/PbfdWWZQEf2YAOR0Pbekpj6/4D+RYIBkPT9FzuvA+ gioijVsC0q1qEHfBkG5Tm2YnZXs26WH8kaZ4FlR0Yx2UnlQKH5o2kGS4J5jEzkDXDIXw xGCs+y+KcEdCFBkPdwpi4jPB7bmAFvrddCAvr6c3E5lxWG7Tj9FzCigYamlC2kK9xFpx 6bWy/h0SVYsROsoEw+LtVwJ1//xKFkQM4l0cQhmpvPGCZMf+5EUVBhuKoqD3Tce/zpLb Kqow== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20210112; h=x-gm-message-state:from:to:cc:subject:date:message-id:in-reply-to :references:mime-version:content-transfer-encoding; bh=ebyq3t0cku0JBJko0+i5+pZ5xMWPYwbiZj5xlzmmt5U=; b=oGaU0xkdNAcYUNOHVwayBFpEyX7w8IOQxFno6iMeHLLAwViGbuiocDRFLCccEZsOi1 KbfCWXrH07/r3CzTAAYiV+qKBqfVpvI3k3M2nWHVnsMSRdZ/moYwZuihpAhEY1FU10Ri Q3r6BQRq0AlmdXns3pcn8o7rTB1ONMd/2v5icctJpJZNOsx1CVj6ZvaSD7TTG9hR+Lc3 02HN/aWsisHjVQmSleaiBs5C2Pq5a0TGN9dKL+obZan8PqHMkMWL8FRbKImrswK7mcxx DtmrUngUpKvJCKMUmIAQ0BfVZGfuYQMf7am5SgsiUk3mDJh40H/sQ9dBvl0wR3GtbYQd ajSg== X-Gm-Message-State: AOAM5338bc6Mlfb5ShNIeDU2isVOxuEHIwiTkIuppIexwWrp/p1TUxL8 uphwSuyMrJdJoLPsW18lKdJv7Q== X-Google-Smtp-Source: ABdhPJzdAV0iF8UJoVcS0p3PX/NAJVEJigVxH/GqJRP+2QqddMhi0uaS33V2DwRh1MiMUMiE9fnl8A== X-Received: by 2002:a17:90a:ee96:b0:1dc:6680:6f2d with SMTP id i22-20020a17090aee9600b001dc66806f2dmr7516683pjz.174.1652489966136; Fri, 13 May 2022 17:59:26 -0700 (PDT) From: zhenwei pi To: mst@redhat.com, arei.gonglei@huawei.com, berrange@redhat.com Cc: qemu-devel@nongnu.org, virtualization@lists.linux-foundation.org, linux-crypto@vger.kernel.org, helei.sig11@bytedance.com, jasowang@redhat.com, pizhenwei@bytedance.com, cohuck@redhat.com Subject: [PATCH v6 2/9] qapi: crypto-akcipher: Introduce akcipher types to qapi Date: Sat, 14 May 2022 08:54:57 +0800 Message-Id: <20220514005504.1042884-3-pizhenwei@bytedance.com> X-Mailer: git-send-email 2.25.1 In-Reply-To: <20220514005504.1042884-1-pizhenwei@bytedance.com> References: <20220514005504.1042884-1-pizhenwei@bytedance.com> MIME-Version: 1.0 Content-Type: text/plain; charset="utf-8" Content-Transfer-Encoding: quoted-printable Received-SPF: pass (zohomail.com: domain of gnu.org designates 209.51.188.17 as permitted sender) client-ip=209.51.188.17; envelope-from=qemu-devel-bounces+importer=patchew.org@nongnu.org; helo=lists.gnu.org; Received-SPF: pass client-ip=2607:f8b0:4864:20::1029; envelope-from=pizhenwei@bytedance.com; helo=mail-pj1-x1029.google.com X-Spam_score_int: -18 X-Spam_score: -1.9 X-Spam_bar: - X-Spam_report: (-1.9 / 5.0 requ) BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, RCVD_IN_DNSWL_NONE=-0.0001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001, T_SCC_BODY_TEXT_LINE=-0.01 autolearn=ham autolearn_force=no X-Spam_action: no action X-BeenThere: qemu-devel@nongnu.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: qemu-devel-bounces+importer=patchew.org@nongnu.org Sender: "Qemu-devel" X-ZohoMail-DKIM: pass (identity @bytedance-com.20210112.gappssmtp.com) X-ZM-MESSAGEID: 1652490233012100003 From: Lei He Introduce akcipher types, also include RSA related types. Reviewed-by: Daniel P. Berrang=C3=A9 Signed-off-by: Lei He Signed-off-by: zhenwei pi --- qapi/crypto.json | 64 ++++++++++++++++++++++++++++++++++++++++++++++++ 1 file changed, 64 insertions(+) diff --git a/qapi/crypto.json b/qapi/crypto.json index 1ec54c15ca..f7bb9a42d0 100644 --- a/qapi/crypto.json +++ b/qapi/crypto.json @@ -540,3 +540,67 @@ 'data': { '*loaded': { 'type': 'bool', 'features': ['deprecated'] }, '*sanity-check': 'bool', '*passwordid': 'str' } } +## +# @QCryptoAkCipherAlgorithm: +# +# The supported algorithms for asymmetric encryption ciphers +# +# @rsa: RSA algorithm +# +# Since: 7.1 +## +{ 'enum': 'QCryptoAkCipherAlgorithm', + 'prefix': 'QCRYPTO_AKCIPHER_ALG', + 'data': ['rsa']} + +## +# @QCryptoAkCipherKeyType: +# +# The type of asymmetric keys. +# +# Since: 7.1 +## +{ 'enum': 'QCryptoAkCipherKeyType', + 'prefix': 'QCRYPTO_AKCIPHER_KEY_TYPE', + 'data': ['public', 'private']} + +## +# @QCryptoRSAPaddingAlgorithm: +# +# The padding algorithm for RSA. +# +# @raw: no padding used +# @pkcs1: pkcs1#v1.5 +# +# Since: 7.1 +## +{ 'enum': 'QCryptoRSAPaddingAlgorithm', + 'prefix': 'QCRYPTO_RSA_PADDING_ALG', + 'data': ['raw', 'pkcs1']} + +## +# @QCryptoAkCipherOptionsRSA: +# +# Specific parameters for RSA algorithm. +# +# @hash-alg: QCryptoHashAlgorithm +# @padding-alg: QCryptoRSAPaddingAlgorithm +# +# Since: 7.1 +## +{ 'struct': 'QCryptoAkCipherOptionsRSA', + 'data': { 'hash-alg':'QCryptoHashAlgorithm', + 'padding-alg': 'QCryptoRSAPaddingAlgorithm'}} + +## +# @QCryptoAkCipherOptions: +# +# The options that are available for all asymmetric key algorithms +# when creating a new QCryptoAkCipher. +# +# Since: 7.1 +## +{ 'union': 'QCryptoAkCipherOptions', + 'base': { 'alg': 'QCryptoAkCipherAlgorithm' }, + 'discriminator': 'alg', + 'data': { 'rsa': 'QCryptoAkCipherOptionsRSA' }} --=20 2.20.1 From nobody Sat Apr 20 03:09:53 2024 Delivered-To: importer@patchew.org Authentication-Results: mx.zohomail.com; dkim=pass; spf=pass (zohomail.com: domain of gnu.org designates 209.51.188.17 as permitted sender) smtp.mailfrom=qemu-devel-bounces+importer=patchew.org@nongnu.org; dmarc=fail(p=none dis=none) header.from=bytedance.com ARC-Seal: i=1; a=rsa-sha256; t=1652490228; cv=none; d=zohomail.com; s=zohoarc; b=miJzjzjPEigRZoxnFOMzhVy5hN09vbm/yBox5fBOBYDzdKIqMStVAOwlizjOqLDp5vQ+KS9t9L0E4izf0BKd5Rn/a+SO2lJEnko8KTexM7YJaKkBtl+Pl8xYbpYEzKi9+NzOnzn4UyfccUbi6SBfByuJRad/LjYw3zXQRum+0Ck= ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=zohomail.com; s=zohoarc; t=1652490228; h=Content-Type:Content-Transfer-Encoding:Cc:Date:From:In-Reply-To:List-Subscribe:List-Post:List-Id:List-Archive:List-Help:List-Unsubscribe:MIME-Version:Message-ID:References:Sender:Subject:To; bh=vSIFGjN5WMf5RIbOuFdLG91fbEmgBEZsTgGM0sq1eLA=; b=ZYG3SKoMNrcoBn+QDjEePhzcaJYRdR4bXwc6eIyCNIbXlnZlx92Z2hEU6YVoeHHJZeAvabzjQAQNpB0aWoS8ACeeRFQVw7gRnU+0ckiQbp3UGZa8ShJsFx6O32mzmwuJRgr24TXMTVfKsbTXsypWdImTo5l98rTiaO5mouu06s8= ARC-Authentication-Results: i=1; mx.zohomail.com; dkim=pass; spf=pass (zohomail.com: domain of gnu.org designates 209.51.188.17 as permitted sender) smtp.mailfrom=qemu-devel-bounces+importer=patchew.org@nongnu.org; dmarc=fail header.from= (p=none dis=none) Return-Path: Received: from lists.gnu.org (lists.gnu.org [209.51.188.17]) by mx.zohomail.com with SMTPS id 1652490228564964.0019998890347; Fri, 13 May 2022 18:03:48 -0700 (PDT) Received: from localhost ([::1]:42304 helo=lists1p.gnu.org) by lists.gnu.org with esmtp (Exim 4.90_1) (envelope-from ) id 1npgCA-0004T5-0J for importer@patchew.org; Fri, 13 May 2022 21:03:46 -0400 Received: from eggs.gnu.org ([2001:470:142:3::10]:41692) by lists.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.90_1) (envelope-from ) id 1npg87-0001fr-8v for qemu-devel@nongnu.org; Fri, 13 May 2022 20:59:35 -0400 Received: from mail-pf1-x429.google.com ([2607:f8b0:4864:20::429]:34747) by eggs.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_128_GCM_SHA256:128) (Exim 4.90_1) (envelope-from ) id 1npg83-0008Pt-WF for qemu-devel@nongnu.org; Fri, 13 May 2022 20:59:34 -0400 Received: by mail-pf1-x429.google.com with SMTP id a11so9103086pff.1 for ; Fri, 13 May 2022 17:59:31 -0700 (PDT) Received: from always-x1.www.tendawifi.com ([139.177.225.239]) by smtp.gmail.com with ESMTPSA id t24-20020a170902b21800b0015e8d4eb1dbsm2466125plr.37.2022.05.13.17.59.26 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Fri, 13 May 2022 17:59:30 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=bytedance-com.20210112.gappssmtp.com; s=20210112; h=from:to:cc:subject:date:message-id:in-reply-to:references :mime-version:content-transfer-encoding; bh=vSIFGjN5WMf5RIbOuFdLG91fbEmgBEZsTgGM0sq1eLA=; b=6ypSnRWgcrm2SX6Tztd9NYYZ1wuZ9h+XMkL2y5BIjZRJ1FpWlqZaiTDQp2Pp4YPA6A /CX4rDyiBcZGaYlHm0JcJBRvBg9vmUEibFk7jS1BhigpMSbGoAEpYYD/0y8qQ0EaDvcS CI6MsUBJTGzl6SjEWFntRHDllM3SgY7+Dib5fzr9+Olchk3ySEGy/62JSVjr6ak0S6ib FtURdzer9OzWeEjyy0AZJMB6Or4q2XVrsh376Ojv6obyuJSSFsDZumF6XGB7B6L+PMzT sctUa+Lyfg48uXx90IHi+PDfUXY62Au/3dYL4t9onAxFCJFKKT1FPBir0DCHZsg2YYYp ElLw== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20210112; h=x-gm-message-state:from:to:cc:subject:date:message-id:in-reply-to :references:mime-version:content-transfer-encoding; bh=vSIFGjN5WMf5RIbOuFdLG91fbEmgBEZsTgGM0sq1eLA=; b=eHuy79YwYyTRjg8TPjOOYFcBD2lLkS9CFQ6fY9C5BhrL7J3j/jmokLU9HNub8fxvdD 7PuQ0ZJZjedpsJrgJfnL7yfO0wVKDpico44xj1L/XcDi1YHpHKlzQkxAGqiXnKUG5c2Q HOGtEQbjclt8sqYkvsJO4T9pskscooq5Ftk7zQbr4YHLCQNrhabLd9R2x/BShtRavSk8 ylxfWSIwMRd9Fp+M537btO7r1LwVq8mjmcPMvrSPENacaY9c/HrtoKuftD0b3JbfG+Uv XQhxI4Yo0+EmrZPEme6TUIR5zht1r8HxqTR4kqYfJMcg84bSf+OePVckUnPTqMU7Cfy2 4r0A== X-Gm-Message-State: AOAM531CiS+wdxCrDL3KPbWOQb2kB4mwTK7bQSHDvrAm/tyFS2mQdE2u pRY32csJwAemAavW/VvzfVzU+w== X-Google-Smtp-Source: ABdhPJzY2P/lXNZPDiTcZXhQ44HJWV27pcq/OHuPw+No73Bt2BhohM8yucf/AyLOoOjT2OBHdEBFxg== X-Received: by 2002:a62:1547:0:b0:50e:d9b:ddf with SMTP id 68-20020a621547000000b0050e0d9b0ddfmr7039703pfv.46.1652489970637; Fri, 13 May 2022 17:59:30 -0700 (PDT) From: zhenwei pi To: mst@redhat.com, arei.gonglei@huawei.com, berrange@redhat.com Cc: qemu-devel@nongnu.org, virtualization@lists.linux-foundation.org, linux-crypto@vger.kernel.org, helei.sig11@bytedance.com, jasowang@redhat.com, pizhenwei@bytedance.com, cohuck@redhat.com Subject: [PATCH v6 3/9] crypto: Introduce akcipher crypto class Date: Sat, 14 May 2022 08:54:58 +0800 Message-Id: <20220514005504.1042884-4-pizhenwei@bytedance.com> X-Mailer: git-send-email 2.25.1 In-Reply-To: <20220514005504.1042884-1-pizhenwei@bytedance.com> References: <20220514005504.1042884-1-pizhenwei@bytedance.com> MIME-Version: 1.0 Content-Type: text/plain; charset="utf-8" Content-Transfer-Encoding: quoted-printable Received-SPF: pass (zohomail.com: domain of gnu.org designates 209.51.188.17 as permitted sender) client-ip=209.51.188.17; envelope-from=qemu-devel-bounces+importer=patchew.org@nongnu.org; helo=lists.gnu.org; Received-SPF: pass client-ip=2607:f8b0:4864:20::429; envelope-from=pizhenwei@bytedance.com; helo=mail-pf1-x429.google.com X-Spam_score_int: -18 X-Spam_score: -1.9 X-Spam_bar: - X-Spam_report: (-1.9 / 5.0 requ) BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, RCVD_IN_DNSWL_NONE=-0.0001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001, T_SCC_BODY_TEXT_LINE=-0.01 autolearn=ham autolearn_force=no X-Spam_action: no action X-BeenThere: qemu-devel@nongnu.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: qemu-devel-bounces+importer=patchew.org@nongnu.org Sender: "Qemu-devel" X-ZohoMail-DKIM: pass (identity @bytedance-com.20210112.gappssmtp.com) X-ZM-MESSAGEID: 1652490232359100001 Introduce new akcipher crypto class 'QCryptoAkCIpher', which supports basic asymmetric operations: encrypt, decrypt, sign and verify. Suggested by Daniel P. Berrang=C3=A9, also add autoptr cleanup for the new class. Thanks to Daniel! Co-developed-by: lei he Signed-off-by: lei he Signed-off-by: zhenwei pi Reviewed-by: Daniel P. Berrang=C3=A9 --- crypto/akcipher.c | 102 ++++++++++++++++++++++++ crypto/akcipherpriv.h | 55 +++++++++++++ crypto/meson.build | 1 + include/crypto/akcipher.h | 158 ++++++++++++++++++++++++++++++++++++++ 4 files changed, 316 insertions(+) create mode 100644 crypto/akcipher.c create mode 100644 crypto/akcipherpriv.h create mode 100644 include/crypto/akcipher.h diff --git a/crypto/akcipher.c b/crypto/akcipher.c new file mode 100644 index 0000000000..ab28bf415b --- /dev/null +++ b/crypto/akcipher.c @@ -0,0 +1,102 @@ +/* + * QEMU Crypto akcipher algorithms + * + * Copyright (c) 2022 Bytedance + * Author: zhenwei pi + * + * This library is free software; you can redistribute it and/or + * modify it under the terms of the GNU Lesser General Public + * License as published by the Free Software Foundation; either + * version 2.1 of the License, or (at your option) any later version. + * + * This library is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU + * Lesser General Public License for more details. + * + * You should have received a copy of the GNU Lesser General Public + * License along with this library; if not, see . + * + */ + +#include "qemu/osdep.h" +#include "crypto/akcipher.h" +#include "akcipherpriv.h" + +QCryptoAkCipher *qcrypto_akcipher_new(const QCryptoAkCipherOptions *opts, + QCryptoAkCipherKeyType type, + const uint8_t *key, size_t keylen, + Error **errp) +{ + QCryptoAkCipher *akcipher =3D NULL; + + return akcipher; +} + +bool qcrypto_akcipher_supports(QCryptoAkCipherOptions *opts) +{ + return false; +} + +int qcrypto_akcipher_encrypt(QCryptoAkCipher *akcipher, + const void *in, size_t in_len, + void *out, size_t out_len, Error **errp) +{ + const QCryptoAkCipherDriver *drv =3D akcipher->driver; + + return drv->encrypt(akcipher, in, in_len, out, out_len, errp); +} + +int qcrypto_akcipher_decrypt(QCryptoAkCipher *akcipher, + const void *in, size_t in_len, + void *out, size_t out_len, Error **errp) +{ + const QCryptoAkCipherDriver *drv =3D akcipher->driver; + + return drv->decrypt(akcipher, in, in_len, out, out_len, errp); +} + +int qcrypto_akcipher_sign(QCryptoAkCipher *akcipher, + const void *in, size_t in_len, + void *out, size_t out_len, Error **errp) +{ + const QCryptoAkCipherDriver *drv =3D akcipher->driver; + + return drv->sign(akcipher, in, in_len, out, out_len, errp); +} + +int qcrypto_akcipher_verify(QCryptoAkCipher *akcipher, + const void *in, size_t in_len, + const void *in2, size_t in2_len, Error **errp) +{ + const QCryptoAkCipherDriver *drv =3D akcipher->driver; + + return drv->verify(akcipher, in, in_len, in2, in2_len, errp); +} + +int qcrypto_akcipher_max_plaintext_len(QCryptoAkCipher *akcipher) +{ + return akcipher->max_plaintext_len; +} + +int qcrypto_akcipher_max_ciphertext_len(QCryptoAkCipher *akcipher) +{ + return akcipher->max_ciphertext_len; +} + +int qcrypto_akcipher_max_signature_len(QCryptoAkCipher *akcipher) +{ + return akcipher->max_signature_len; +} + +int qcrypto_akcipher_max_dgst_len(QCryptoAkCipher *akcipher) +{ + return akcipher->max_dgst_len; +} + +void qcrypto_akcipher_free(QCryptoAkCipher *akcipher) +{ + const QCryptoAkCipherDriver *drv =3D akcipher->driver; + + drv->free(akcipher); +} diff --git a/crypto/akcipherpriv.h b/crypto/akcipherpriv.h new file mode 100644 index 0000000000..739f639bcf --- /dev/null +++ b/crypto/akcipherpriv.h @@ -0,0 +1,55 @@ +/* + * QEMU Crypto asymmetric algorithms + * + * Copyright (c) 2022 Bytedance + * Author: zhenwei pi + * + * This library is free software; you can redistribute it and/or + * modify it under the terms of the GNU Lesser General Public + * License as published by the Free Software Foundation; either + * version 2.1 of the License, or (at your option) any later version. + * + * This library is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU + * Lesser General Public License for more details. + * + * You should have received a copy of the GNU Lesser General Public + * License along with this library; if not, see . + * + */ + +#ifndef QCRYPTO_AKCIPHERPRIV_H +#define QCRYPTO_AKCIPHERPRIV_H + +#include "qapi/qapi-types-crypto.h" + +typedef struct QCryptoAkCipherDriver QCryptoAkCipherDriver; + +struct QCryptoAkCipher { + QCryptoAkCipherAlgorithm alg; + QCryptoAkCipherKeyType type; + int max_plaintext_len; + int max_ciphertext_len; + int max_signature_len; + int max_dgst_len; + QCryptoAkCipherDriver *driver; +}; + +struct QCryptoAkCipherDriver { + int (*encrypt)(QCryptoAkCipher *akcipher, + const void *in, size_t in_len, + void *out, size_t out_len, Error **errp); + int (*decrypt)(QCryptoAkCipher *akcipher, + const void *out, size_t out_len, + void *in, size_t in_len, Error **errp); + int (*sign)(QCryptoAkCipher *akcipher, + const void *in, size_t in_len, + void *out, size_t out_len, Error **errp); + int (*verify)(QCryptoAkCipher *akcipher, + const void *in, size_t in_len, + const void *in2, size_t in2_len, Error **errp); + void (*free)(QCryptoAkCipher *akcipher); +}; + +#endif /* QCRYPTO_AKCIPHER_H */ diff --git a/crypto/meson.build b/crypto/meson.build index 685fb37097..313f935f27 100644 --- a/crypto/meson.build +++ b/crypto/meson.build @@ -1,6 +1,7 @@ crypto_ss.add(genh) crypto_ss.add(files( 'afsplit.c', + 'akcipher.c', 'block-luks.c', 'block-qcow.c', 'block.c', diff --git a/include/crypto/akcipher.h b/include/crypto/akcipher.h new file mode 100644 index 0000000000..51f5fa2774 --- /dev/null +++ b/include/crypto/akcipher.h @@ -0,0 +1,158 @@ +/* + * QEMU Crypto asymmetric algorithms + * + * Copyright (c) 2022 Bytedance + * Author: zhenwei pi + * + * This library is free software; you can redistribute it and/or + * modify it under the terms of the GNU Lesser General Public + * License as published by the Free Software Foundation; either + * version 2.1 of the License, or (at your option) any later version. + * + * This library is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU + * Lesser General Public License for more details. + * + * You should have received a copy of the GNU Lesser General Public + * License along with this library; if not, see . + * + */ + +#ifndef QCRYPTO_AKCIPHER_H +#define QCRYPTO_AKCIPHER_H + +#include "qapi/qapi-types-crypto.h" + +typedef struct QCryptoAkCipher QCryptoAkCipher; + +/** + * qcrypto_akcipher_supports: + * @opts: the asymmetric key algorithm and related options + * + * Determine if asymmetric key cipher decribed with @opts is + * supported by the current configured build + * + * Returns: true if it is supported, false otherwise. + */ +bool qcrypto_akcipher_supports(QCryptoAkCipherOptions *opts); + +/** + * qcrypto_akcipher_new: + * @opts: specify the algorithm and the related arguments + * @type: private or public key type + * @key: buffer to store the key + * @key_len: the length of key buffer + * @errp: error pointer + * + * Create akcipher context + * + * Returns: On success, a new QCryptoAkCipher initialized with @opt + * is created and returned, otherwise NULL is returned. + */ + +QCryptoAkCipher *qcrypto_akcipher_new(const QCryptoAkCipherOptions *opts, + QCryptoAkCipherKeyType type, + const uint8_t *key, size_t key_len, + Error **errp); + +/** + * qcrypto_akcipher_encrypt: + * @akcipher: akcipher context + * @in: plaintext pending to be encrypted + * @in_len: length of plaintext, less or equal to the size reported + * by a call to qcrypto_akcipher_max_plaintext_len() + * @out: buffer to store the ciphertext + * @out_len: length of ciphertext, less or equal to the size reported + * by a call to qcrypto_akcipher_max_ciphertext_len() + * @errp: error pointer + * + * Encrypt @in and write ciphertext into @out + * + * Returns: length of ciphertext if encrypt succeed, + * otherwise -1 is returned + */ +int qcrypto_akcipher_encrypt(QCryptoAkCipher *akcipher, + const void *in, size_t in_len, + void *out, size_t out_len, Error **errp); + +/** + * qcrypto_akcipher_decrypt: + * @akcipher: akcipher context + * @in: ciphertext to be decrypted + * @in_len: the length of ciphertext, less or equal to the size reported + * by a call to qcrypto_akcipher_max_ciphertext_len() + * @out: buffer to store the plaintext + * @out_len: length of the plaintext buffer, less or equal to the size + * reported by a call to qcrypto_akcipher_max_plaintext_len() + * @errp: error pointer + * + * Decrypt @in and write plaintext into @out + * + * Returns: length of plaintext if decrypt succeed, + * otherwise -1 is returned + */ +int qcrypto_akcipher_decrypt(QCryptoAkCipher *akcipher, + const void *in, size_t in_len, + void *out, size_t out_len, Error **errp); + +/** + * qcrypto_akcipher_sign: + * @akcipher: akcipher context + * @in: data to be signed + * @in_len: the length of data, less or equal to the size reported + * by a call to qcrypto_akcipher_max_dgst_len() + * @out: buffer to store the signature + * @out_len: length of the signature buffer, less or equal to the size + * by a call to qcrypto_akcipher_max_signature_len() + * @errp: error pointer + * + * Generate signature for @in, write into @out + * + * Returns: length of signature if succeed, + * otherwise -1 is returned + */ +int qcrypto_akcipher_sign(QCryptoAkCipher *akcipher, + const void *in, size_t in_len, + void *out, size_t out_len, Error **errp); + +/** + * qcrypto_akcipher_verify: + * @akcipher: akcipher context + * @in: pointer to the signature + * @in_len: length of signature, ess or equal to the size reported + * by a call to qcrypto_akcipher_max_signature_len() + * @in2: pointer to original data + * @in2_len: the length of original data, less or equal to the size + * by a call to qcrypto_akcipher_max_dgst_len() + * @errp: error pointer + * + * Verify @in and @in2 match or not + * + * Returns: 0 for succeed, + * otherwise -1 is returned + */ +int qcrypto_akcipher_verify(QCryptoAkCipher *akcipher, + const void *in, size_t in_len, + const void *in2, size_t in2_len, Error **errp); + +int qcrypto_akcipher_max_plaintext_len(QCryptoAkCipher *akcipher); + +int qcrypto_akcipher_max_ciphertext_len(QCryptoAkCipher *akcipher); + +int qcrypto_akcipher_max_signature_len(QCryptoAkCipher *akcipher); + +int qcrypto_akcipher_max_dgst_len(QCryptoAkCipher *akcipher); + +/** + * qcrypto_akcipher_free: + * @akcipher: akcipher context + * + * Free the akcipher context + * + */ +void qcrypto_akcipher_free(QCryptoAkCipher *akcipher); + +G_DEFINE_AUTOPTR_CLEANUP_FUNC(QCryptoAkCipher, qcrypto_akcipher_free) + +#endif /* QCRYPTO_AKCIPHER_H */ --=20 2.20.1 From nobody Sat Apr 20 03:09:53 2024 Delivered-To: importer@patchew.org Authentication-Results: mx.zohomail.com; dkim=pass; spf=pass (zohomail.com: domain of gnu.org designates 209.51.188.17 as permitted sender) smtp.mailfrom=qemu-devel-bounces+importer=patchew.org@nongnu.org; dmarc=fail(p=none dis=none) header.from=bytedance.com ARC-Seal: i=1; a=rsa-sha256; t=1652490249; cv=none; d=zohomail.com; s=zohoarc; b=AH5jSiHJ7QBczzArZIi6PeK/PwdkoEmgwvnLNmzXHSHCRykSwwjq4YGBB4fID1Br/X/a2EZgjNIyXWpp9L5VpjzRQQ8PhQQQMBJChleioJVQdMIdvvx2+m0NqUMjRnMFt+b+AabliVGUTkYklqxUMnE2osFihK9qkDfX32OyMEA= ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=zohomail.com; s=zohoarc; t=1652490249; h=Content-Transfer-Encoding:Cc:Date:From:In-Reply-To:List-Subscribe:List-Post:List-Id:List-Archive:List-Help:List-Unsubscribe:MIME-Version:Message-ID:References:Sender:Subject:To; bh=4wKHvsZdlcUOAB8OYLSmGi+FUUX/vTDariGg8ZGhdrA=; b=Dvsp4mh3kk6F0aKUcaBbd2TYeKyUXzbHuB/Coc+feX6F8wuPoeYzXHd8UChOnbsMpkhXXkRh0TCvOQFXlEwWFRcC9WG1zE+UDIyfNXqOkFEwHH5i9A8SWjHN0fODTZfFKo8mD+bvh+Qsq1VEv5PzkQZ7PVLYrW+fCrCAZ/o9HBU= ARC-Authentication-Results: i=1; mx.zohomail.com; dkim=pass; spf=pass (zohomail.com: domain of gnu.org designates 209.51.188.17 as permitted sender) smtp.mailfrom=qemu-devel-bounces+importer=patchew.org@nongnu.org; dmarc=fail header.from= (p=none dis=none) Return-Path: Received: from lists.gnu.org (lists.gnu.org [209.51.188.17]) by mx.zohomail.com with SMTPS id 1652490249042980.0954867023418; Fri, 13 May 2022 18:04:09 -0700 (PDT) Received: from localhost ([::1]:42782 helo=lists1p.gnu.org) by lists.gnu.org with esmtp (Exim 4.90_1) (envelope-from ) id 1npgCV-0004o6-C6 for importer@patchew.org; Fri, 13 May 2022 21:04:07 -0400 Received: from eggs.gnu.org ([2001:470:142:3::10]:41730) by lists.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.90_1) (envelope-from ) id 1npg8E-0001oj-VN for qemu-devel@nongnu.org; Fri, 13 May 2022 20:59:46 -0400 Received: from mail-pf1-x432.google.com ([2607:f8b0:4864:20::432]:40535) by eggs.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_128_GCM_SHA256:128) (Exim 4.90_1) (envelope-from ) id 1npg89-0008Rj-34 for qemu-devel@nongnu.org; Fri, 13 May 2022 20:59:39 -0400 Received: by mail-pf1-x432.google.com with SMTP id i24so9076145pfa.7 for ; Fri, 13 May 2022 17:59:36 -0700 (PDT) Received: from always-x1.www.tendawifi.com ([139.177.225.239]) by smtp.gmail.com with ESMTPSA id t24-20020a170902b21800b0015e8d4eb1dbsm2466125plr.37.2022.05.13.17.59.31 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Fri, 13 May 2022 17:59:35 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=bytedance-com.20210112.gappssmtp.com; s=20210112; h=from:to:cc:subject:date:message-id:in-reply-to:references :mime-version:content-transfer-encoding; bh=4wKHvsZdlcUOAB8OYLSmGi+FUUX/vTDariGg8ZGhdrA=; b=DFk1fb3ZwxVODS5cwFG83yUCW4af3Gl53t1Rbo19vYBXWhNJCnigVBnXJ4aW1yq4Rx JaQC1x1Xn6vQapfwQyPfpP46Q6N/chd6uGHU86XDJHXtNq0DXqSz3pzzDeTqqjs51Ryz N0Wqfhy7uxve9nIfsanHfJkkDuWieL9F9MvCCLyIav5fKlRv2AcXVqHcThB7Vxs6HD+9 +CwOGGlF8IPbx+zxkNzKkLvVoiEp82NGFy6GwoxMjWwnbIyJ1IdCAD5tHrnumwbEwsEE 7CHRsD2jOHPYCg19Q5fnk3VdbEi0Rv6J8BXGJV37fUkyCF3RklFj40vTR4T6bKji8PIa dNTA== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20210112; h=x-gm-message-state:from:to:cc:subject:date:message-id:in-reply-to :references:mime-version:content-transfer-encoding; bh=4wKHvsZdlcUOAB8OYLSmGi+FUUX/vTDariGg8ZGhdrA=; b=CbX3RBGbPizl3/TXOzkHw/FIfo0erDndXzdnlYaEvjrkQAJb8XPpIM2c43PbUAEBGr qeo9kslg51l2WnhnuE4DHnn6PDdx5L+h4k5wBSj/3NkXvOrVbOFxX4XwWhl6B+JCOj9a i3IemHmt9oRis5/jjpmvuzIE+vynHBbW8zBnAsyBALahtNrm54rG5Si9FqVOLytceCCK MfJLuLjjTBlUe6YXfnbI6nDQlSoLAWgnRt7IGgb0B02pzGlcJiGzjwQ+ixbRxhl9WeLL vS1lRQb3/vQoOvTdTV99KQkvCeberExPhOjfexjnk5ZtCAxnnTayilZln6TjhEEAYMw5 tPtQ== X-Gm-Message-State: AOAM533c5Yy0d5f0AFDV2i350Pqhjshrz599beqAH4acq6rlXBteZEUk 8SmwcuupmD4Wd4H6Pkdut4+q4A== X-Google-Smtp-Source: ABdhPJyH4xv4tV756D/j9qjUY6ouuY49Z5kmA0lIlmrIXXSYzIl7HQICnfM3TQoK+Sz4aAIJglav3A== X-Received: by 2002:a63:fa4b:0:b0:3db:b85:c080 with SMTP id g11-20020a63fa4b000000b003db0b85c080mr6073805pgk.465.1652489975590; Fri, 13 May 2022 17:59:35 -0700 (PDT) From: zhenwei pi To: mst@redhat.com, arei.gonglei@huawei.com, berrange@redhat.com Cc: qemu-devel@nongnu.org, virtualization@lists.linux-foundation.org, linux-crypto@vger.kernel.org, helei.sig11@bytedance.com, jasowang@redhat.com, pizhenwei@bytedance.com, cohuck@redhat.com Subject: [PATCH v6 4/9] crypto: add ASN.1 DER decoder Date: Sat, 14 May 2022 08:54:59 +0800 Message-Id: <20220514005504.1042884-5-pizhenwei@bytedance.com> X-Mailer: git-send-email 2.25.1 In-Reply-To: <20220514005504.1042884-1-pizhenwei@bytedance.com> References: <20220514005504.1042884-1-pizhenwei@bytedance.com> MIME-Version: 1.0 Content-Transfer-Encoding: quoted-printable Received-SPF: pass (zohomail.com: domain of gnu.org designates 209.51.188.17 as permitted sender) client-ip=209.51.188.17; envelope-from=qemu-devel-bounces+importer=patchew.org@nongnu.org; helo=lists.gnu.org; Received-SPF: pass client-ip=2607:f8b0:4864:20::432; envelope-from=pizhenwei@bytedance.com; helo=mail-pf1-x432.google.com X-Spam_score_int: -18 X-Spam_score: -1.9 X-Spam_bar: - X-Spam_report: (-1.9 / 5.0 requ) BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, RCVD_IN_DNSWL_NONE=-0.0001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001, T_SCC_BODY_TEXT_LINE=-0.01 autolearn=ham autolearn_force=no X-Spam_action: no action X-BeenThere: qemu-devel@nongnu.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: qemu-devel-bounces+importer=patchew.org@nongnu.org Sender: "Qemu-devel" X-ZohoMail-DKIM: pass (identity @bytedance-com.20210112.gappssmtp.com) X-ZM-MESSAGEID: 1652490251350100001 Content-Type: text/plain; charset="utf-8" From: Lei He Add an ANS.1 DER decoder which is used to parse asymmetric cipher keys Signed-off-by: zhenwei pi Signed-off-by: lei he --- crypto/der.c | 189 +++++++++++++++++++++++ crypto/der.h | 81 ++++++++++ crypto/meson.build | 1 + tests/unit/meson.build | 1 + tests/unit/test-crypto-der.c | 290 +++++++++++++++++++++++++++++++++++ 5 files changed, 562 insertions(+) create mode 100644 crypto/der.c create mode 100644 crypto/der.h create mode 100644 tests/unit/test-crypto-der.c diff --git a/crypto/der.c b/crypto/der.c new file mode 100644 index 0000000000..721bbb3317 --- /dev/null +++ b/crypto/der.c @@ -0,0 +1,189 @@ +/* + * QEMU Crypto ASN.1 DER decoder + * + * Copyright (c) 2022 Bytedance + * Author: lei he + * + * This library is free software; you can redistribute it and/or + * modify it under the terms of the GNU Lesser General Public + * License as published by the Free Software Foundation; either + * version 2.1 of the License, or (at your option) any later version. + * + * This library is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU + * Lesser General Public License for more details. + * + * You should have received a copy of the GNU Lesser General Public + * License along with this library; if not, see . + * + */ + +#include "qemu/osdep.h" +#include "crypto/der.h" + +enum QCryptoDERTypeTag { + QCRYPTO_DER_TYPE_TAG_BOOL =3D 0x1, + QCRYPTO_DER_TYPE_TAG_INT =3D 0x2, + QCRYPTO_DER_TYPE_TAG_BIT_STR =3D 0x3, + QCRYPTO_DER_TYPE_TAG_OCT_STR =3D 0x4, + QCRYPTO_DER_TYPE_TAG_OCT_NULL =3D 0x5, + QCRYPTO_DER_TYPE_TAG_OCT_OID =3D 0x6, + QCRYPTO_DER_TYPE_TAG_SEQ =3D 0x10, + QCRYPTO_DER_TYPE_TAG_SET =3D 0x11, +}; + +#define QCRYPTO_DER_CONSTRUCTED_MASK 0x20 +#define QCRYPTO_DER_SHORT_LEN_MASK 0x80 + +static uint8_t qcrypto_der_peek_byte(const uint8_t **data, size_t *dlen) +{ + return **data; +} + +static void qcrypto_der_cut_nbytes(const uint8_t **data, + size_t *dlen, + size_t nbytes) +{ + *data +=3D nbytes; + *dlen -=3D nbytes; +} + +static uint8_t qcrypto_der_cut_byte(const uint8_t **data, size_t *dlen) +{ + uint8_t val =3D qcrypto_der_peek_byte(data, dlen); + + qcrypto_der_cut_nbytes(data, dlen, 1); + + return val; +} + +static int qcrypto_der_invoke_callback(QCryptoDERDecodeCb cb, void *ctx, + const uint8_t *value, size_t vlen, + Error **errp) +{ + if (!cb) { + return 0; + } + + return cb(ctx, value, vlen, errp); +} + +static int qcrypto_der_extract_definite_data(const uint8_t **data, size_t = *dlen, + QCryptoDERDecodeCb cb, void *= ctx, + Error **errp) +{ + const uint8_t *value; + size_t vlen =3D 0; + uint8_t byte_count =3D qcrypto_der_cut_byte(data, dlen); + + /* short format of definite-length */ + if (!(byte_count & QCRYPTO_DER_SHORT_LEN_MASK)) { + if (byte_count > *dlen) { + error_setg(errp, "Invalid content length: %u", byte_count); + return -1; + } + + value =3D *data; + vlen =3D byte_count; + qcrypto_der_cut_nbytes(data, dlen, vlen); + + if (qcrypto_der_invoke_callback(cb, ctx, value, vlen, errp) !=3D 0= ) { + return -1; + } + return vlen; + } + + /* Ignore highest bit */ + byte_count &=3D ~QCRYPTO_DER_SHORT_LEN_MASK; + + /* + * size_t is enough to store the value of length, although the DER + * encoding standard supports larger length. + */ + if (byte_count > sizeof(size_t)) { + error_setg(errp, "Invalid byte count of content length: %u", + byte_count); + return -1; + } + + if (byte_count > *dlen) { + error_setg(errp, "Invalid content length: %u", byte_count); + return -1; + } + while (byte_count--) { + vlen <<=3D 8; + vlen +=3D qcrypto_der_cut_byte(data, dlen); + } + + if (vlen > *dlen) { + error_setg(errp, "Invalid content length: %lu", vlen); + return -1; + } + + value =3D *data; + qcrypto_der_cut_nbytes(data, dlen, vlen); + + if (qcrypto_der_invoke_callback(cb, ctx, value, vlen, errp) !=3D 0) { + return -1; + } + return vlen; +} + +static int qcrypto_der_extract_data(const uint8_t **data, size_t *dlen, + QCryptoDERDecodeCb cb, void *ctx, + Error **errp) +{ + uint8_t val; + if (*dlen < 1) { + error_setg(errp, "Need more data"); + return -1; + } + val =3D qcrypto_der_peek_byte(data, dlen); + + /* must use definite length format */ + if (val =3D=3D QCRYPTO_DER_SHORT_LEN_MASK) { + error_setg(errp, "Only definite length format is allowed"); + return -1; + } + + return qcrypto_der_extract_definite_data(data, dlen, cb, ctx, errp); +} + +int qcrypto_der_decode_int(const uint8_t **data, size_t *dlen, + QCryptoDERDecodeCb cb, void *ctx, Error **errp) +{ + uint8_t tag; + if (*dlen < 1) { + error_setg(errp, "Need more data"); + return -1; + } + tag =3D qcrypto_der_cut_byte(data, dlen); + + /* INTEGER must encoded in primitive-form */ + if (tag !=3D QCRYPTO_DER_TYPE_TAG_INT) { + error_setg(errp, "Invalid integer type tag: %u", tag); + return -1; + } + + return qcrypto_der_extract_data(data, dlen, cb, ctx, errp); +} + +int qcrypto_der_decode_seq(const uint8_t **data, size_t *dlen, + QCryptoDERDecodeCb cb, void *ctx, Error **errp) +{ + uint8_t tag; + if (*dlen < 1) { + error_setg(errp, "Need more data"); + return -1; + } + tag =3D qcrypto_der_cut_byte(data, dlen); + + /* SEQUENCE must use constructed form */ + if (tag !=3D (QCRYPTO_DER_TYPE_TAG_SEQ | QCRYPTO_DER_CONSTRUCTED_MASK)= ) { + error_setg(errp, "Invalid type sequence tag: %u", tag); + return -1; + } + + return qcrypto_der_extract_data(data, dlen, cb, ctx, errp); +} diff --git a/crypto/der.h b/crypto/der.h new file mode 100644 index 0000000000..e3d3aeacdc --- /dev/null +++ b/crypto/der.h @@ -0,0 +1,81 @@ +/* + * Copyright (c) 2022 Bytedance + * Author: lei he + * + * This library is free software; you can redistribute it and/or + * modify it under the terms of the GNU Lesser General Public + * License as published by the Free Software Foundation; either + * version 2.1 of the License, or (at your option) any later version. + * + * This library is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU + * Lesser General Public License for more details. + * + * You should have received a copy of the GNU Lesser General Public + * License along with this library; if not, see . + * + */ + +#ifndef QCRYPTO_ASN1_DECODER_H +#define QCRYPTO_ASN1_DECODER_H + +#include "qapi/error.h" + +/* Simple decoder used to parse DER encoded rsa keys. */ + +/** + * @opaque: user context. + * @value: the starting address of |value| part of 'Tag-Length-Value' pat= tern. + * @vlen: length of the |value|. + * Returns: 0 for success, any other value is considered an error. + */ +typedef int (*QCryptoDERDecodeCb) (void *opaque, const uint8_t *value, + size_t vlen, Error **errp); + +/** + * qcrypto_der_decode_int: + * @data: pointer to address of input data + * @dlen: pointer to length of input data + * @cb: callback invoked when decode succeed, if cb equals NULL, no + * callback will be invoked + * @opaque: parameter passed to cb + * + * Decode integer from DER-encoded data. + * + * Returns: On success, *data points to rest data, and *dlen + * will be set to the rest length of data, if cb is not NULL, must + * return 0 to make decode success, at last, the length of the data + * part of the decoded INTEGER will be returned. Otherwise, -1 is + * returned. + */ +int qcrypto_der_decode_int(const uint8_t **data, + size_t *dlen, + QCryptoDERDecodeCb cb, + void *opaque, + Error **errp); + +/** + * qcrypto_der_decode_seq: + * + * Decode sequence from DER-encoded data, similar with der_decode_int. + * + * @data: pointer to address of input data + * @dlen: pointer to length of input data + * @cb: callback invoked when decode succeed, if cb equals NULL, no + * callback will be invoked + * @opaque: parameter passed to cb + * + * Returns: On success, *data points to rest data, and *dlen + * will be set to the rest length of data, if cb is not NULL, must + * return 0 to make decode success, at last, the length of the data + * part of the decoded SEQUENCE will be returned. Otherwise, -1 is + * returned. + */ +int qcrypto_der_decode_seq(const uint8_t **data, + size_t *dlen, + QCryptoDERDecodeCb cb, + void *opaque, + Error **errp); + +#endif /* QCRYPTO_ASN1_DECODER_H */ diff --git a/crypto/meson.build b/crypto/meson.build index 313f935f27..b8152ae7cb 100644 --- a/crypto/meson.build +++ b/crypto/meson.build @@ -6,6 +6,7 @@ crypto_ss.add(files( 'block-qcow.c', 'block.c', 'cipher.c', + 'der.c', 'hash.c', 'hmac.c', 'ivgen-essiv.c', diff --git a/tests/unit/meson.build b/tests/unit/meson.build index 264f2bc0c8..a8af85128d 100644 --- a/tests/unit/meson.build +++ b/tests/unit/meson.build @@ -47,6 +47,7 @@ tests =3D { 'ptimer-test': ['ptimer-test-stubs.c', meson.project_source_root() / 'hw= /core/ptimer.c'], 'test-qapi-util': [], 'test-smp-parse': [qom, meson.project_source_root() / 'hw/core/machine-s= mp.c'], + 'test-crypto-der': [crypto], } =20 if have_system or have_tools diff --git a/tests/unit/test-crypto-der.c b/tests/unit/test-crypto-der.c new file mode 100644 index 0000000000..aed0f28d68 --- /dev/null +++ b/tests/unit/test-crypto-der.c @@ -0,0 +1,290 @@ +/* + * QEMU Crypto akcipher algorithms + * + * Copyright (c) 2022 Bytedance + * Author: lei he + * + * This library is free software; you can redistribute it and/or + * modify it under the terms of the GNU Lesser General Public + * License as published by the Free Software Foundation; either + * version 2.1 of the License, or (at your option) any later version. + * + * This library is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU + * Lesser General Public License for more details. + * + * You should have received a copy of the GNU Lesser General Public + * License along with this library; if not, see . + * + */ + +#include "qemu/osdep.h" +#include "crypto/der.h" + +/* rsa(512) private key, generated by openssl */ +static const uint8_t test_rsa512_priv_key[] =3D + "\x30\x82\x01\x39" /* SEQUENCE, offset: 0, length: 313 */ + "\x02\x01\x00" /* INTEGER, offset: 4, length: 1 */ + "\x02\x41" /* INTEGER, offset: 7, length: 65 */ + "\x00\xb9\xe1\x22\xdb\x56\x2f\xb6\xf7\xf0\x0a\x87\x43\x07\x12\xdb" + "\x6d\xb6\x2b\x41\x8d\x2c\x3c\xa5\xdd\x78\x9a\x8f\xab\x8e\xf2\x4a" + "\xc8\x34\x0c\x12\x4f\x11\x90\xc6\xc2\xa5\xd0\xcd\xfb\xfc\x2c\x95" + "\x56\x82\xdf\x39\xf3\x3b\x1d\x62\x26\x97\xb7\x93\x25\xc7\xec\x7e" + "\xf7" + "\x02\x03\x01\x00\x01" /* INTEGER, offset: 74, length: 3 */ + "\x02\x40" /* INTEGER, offset: 79, length: 64 */ + "\x1e\x80\xfe\xda\x65\xdb\x70\xb8\x61\x91\x28\xbf\x6c\x32\xc1\x05" + "\xd1\x26\x6a\x1c\x83\xcc\xf4\x1f\x53\x42\x72\x1f\x62\x57\x0a\xc4" + "\x66\x76\x30\x87\xb9\xb1\xb9\x6a\x63\xfd\x8f\x3e\xfc\x35\x3f\xd6" + "\x2e\x6c\xc8\x70\x8a\x17\xc1\x28\x6a\xfe\x51\x56\xb3\x92\x6f\x09" + "\x02\x21" /* INTEGER, offset: 145, length: 33 */ + "\x00\xe3\x2e\x2d\x8d\xba\x1c\x34\x4c\x49\x9f\xc1\xa6\xdd\xd7\x13" + "\x8d\x05\x48\xdd\xff\x5c\x30\xbc\x6b\xc4\x18\x9d\xfc\xa2\xd0\x9b" + "\x4d" + "\x02\x21" /* INTEGER, offset: 180, length: 33 */ + "\x00\xd1\x75\xaf\x4b\xc6\x1a\xb0\x98\x14\x42\xae\x33\xf3\x44\xde" + "\x21\xcb\x04\xda\xfb\x1e\x35\x92\xcd\x69\xc0\x83\x06\x83\x8e\x39" + "\x53" + "\x02\x20" /* INTEGER, offset: 215, length: 32 */ + "\x68\x8d\x2a\xf7\xcb\xcc\x09\x21\x86\xcc\x98\x21\xc4\x7c\xa4\x09" + "\xc5\x81\xd8\x71\x1a\x2b\x6f\xbb\xa4\xde\xb3\x6e\xbe\x3b\x85\x0d" + "\x02\x20" /* INTEGER, offset: 249, length: 32 */ + "\x64\x06\x0e\xef\xe0\x6a\x5e\x6a\x41\x42\x96\x6d\xb8\x7d\xea\x95" + "\xb8\x9d\x58\xf5\x12\x38\x03\x22\x94\x9d\x99\xf4\x42\x5e\x68\x81" + "\x02\x20" /* INTEGER, offset: 283, length: 32 */ + "\x7f\x1d\x87\xe8\x55\x30\x75\xc7\x29\xec\xc9\x65\x76\x5a\x6a\xa3" + "\x4a\x6e\xe1\x26\x65\xd1\x76\xd5\xb9\xd1\x8b\xa8\x73\xe2\x6a\x9e"; + +static const uint8_t test_rsa2048_priv_key[] =3D + "\x30\x82\x04\xa6" /* SEQUENCE, offset: 0, length 1190 */ + "\x02\x01\x00" /* INTEGER, offset: 4, length: 1 */ + "\x02\x82\x01\x01" /* INTEGER, offset: 7, length: 257 */ + "\x00\xd1\x48\xc2\xc1\x1d\x4f\x94\xf2\xbb\x9b\xe2\x2d\xe1\xea\x4c" + "\xce\x41\x72\xe3\x41\x7e\x9d\x91\x85\xa3\x4e\xe1\x2c\xf6\x52\x6d" + "\xf9\x84\x64\xdf\x87\x28\x4a\xc9\x9d\x78\x93\x47\xc8\xd9\x66\x2e" + "\xf4\xc6\xf0\x32\x15\x1a\xe8\xaf\x5a\xca\x3a\xd3\x3e\xf6\xde\x86" + "\xdd\x9b\xa6\x4d\x74\x58\xf0\x11\x7f\x66\xd5\x1c\xd8\xde\xa3\xf8" + "\xa3\xfc\x33\x55\x89\xa9\xc3\xea\x5b\x2e\x31\x06\xf8\xcb\x9e\x6e" + "\xb2\x68\x0d\xe6\xc3\x5c\x2d\xf8\xa2\xbd\x00\x1a\xf6\xb6\xdd\x14" + "\x8d\x11\x6d\x2d\xc6\x0c\x09\xe6\xf6\xb9\x8b\x87\x4c\x9f\x4d\x63" + "\xd3\x94\xf4\x32\xca\xcf\x5e\xbf\xe2\x7f\x73\x5a\x65\xec\x82\x0d" + "\x7f\x30\x25\x03\xd4\x3a\xff\xa2\xe8\xd6\xb5\x1f\x4f\x36\x64\x61" + "\xc3\x5f\xb2\x9e\x0c\x53\x04\x19\x34\x99\xe8\xe3\xe6\xd3\x2f\x45" + "\x58\x8e\x5d\x54\x5a\xa0\xc0\x5e\x51\x9b\x22\x15\xec\x26\x6f\x72" + "\x68\xe9\xbf\x5d\x1d\xb5\xd9\xe4\x81\x1a\x92\x66\xa8\xcb\x73\x46" + "\xab\x96\x7b\xf8\x9c\xf5\xb5\x9e\x2b\x13\x71\xe0\x01\x0c\x59\x1b" + "\x63\x9f\xb7\xd1\xcd\x47\x8e\xc7\x3a\xbe\xcb\x47\xa7\x23\x43\xa7" + "\x7d\xbd\x2c\x4e\x22\x37\xcc\xf9\x1b\x1b\xbb\xed\xec\xf0\x47\x92" + "\x43" + "\x02\x03\x01\x00\x01" /* INTEGER, offset 268, length 3 */ + "\x02\x82\x01\x01" /* INTEGER, offset 273, length 257 */ + "\x00\x8d\x21\x97\x0c\x29\x9a\xf8\x23\xf4\x76\x3b\xc1\x9b\x3e\xa8" + "\x8a\xd2\xc2\x0a\x14\xa9\xb0\xd2\x68\x9f\x67\x5b\x1c\x3a\x03\xfe" + "\x5b\xac\x77\x65\xf1\xbc\x2f\x2a\xe5\x01\x61\xb8\x9f\xee\x53\x25" + "\x49\x36\x3a\xd6\x5b\x3b\x29\x3c\xcf\x69\xde\xdf\x83\xef\x70\xc2" + "\xdc\x00\xd1\xd6\x1b\xa6\xba\x45\xe2\x77\x53\x31\xbf\xe1\xec\x0b" + "\x89\x72\x52\x9f\xd5\x54\xe1\x64\x52\x16\xc5\x43\x21\x56\x16\xc2" + "\x29\x97\x58\x00\x8d\x2f\xc5\x64\x8d\x42\x0d\x27\x21\xc6\xd1\x31" + "\xc1\xab\xc5\xc7\x7f\x6d\xb0\xe3\xca\xef\xf6\xf2\xc7\xae\x09\xbf" + "\x4d\xc0\x4e\x90\x2c\x28\xb9\xcc\x22\x74\xf2\xd5\xff\x4d\x86\xf6" + "\xec\x45\x1f\xbf\x25\x4c\x30\x26\x76\x4f\x09\x13\x83\xef\x35\x73" + "\xa3\xa2\xb1\x40\xcf\x07\x7a\x83\xae\xea\x00\xea\x74\xc7\x54\x6a" + "\x88\x19\xed\x35\xd3\x7e\x5e\xac\x51\xc1\x1e\x5e\x2c\x57\x72\x20" + "\x10\x6a\x0c\x47\xe1\xf0\x36\x70\xd2\xa7\x57\x64\x47\x46\x9f\xca" + "\x23\x8a\x48\x50\x1d\x33\x6a\x86\x46\x69\xed\x54\x65\x6b\x9e\xab" + "\x1f\x84\x87\xf4\x92\x8a\x6c\x44\x20\xaa\x8d\xd8\x50\xde\x45\x74" + "\xe0\xa8\xc7\xb9\x38\x74\x24\x51\x33\xf0\x39\x54\x6c\x11\xae\xc2" + "\x29" + "\x02\x81\x81" /* INTEGER, offset 534, length 129 */ + "\x00\xe8\x26\xd1\xf9\xa0\xd3\x0e\x3f\x2f\x89\x9b\x94\x16\x12\xd1" + "\xae\x3c\x53\x9c\xcf\xc6\xf7\x03\xf5\xdf\x39\xdc\x25\x5d\xcb\xb8" + "\xb9\x74\x3e\x3b\x36\xf6\xa0\x8d\xb1\x0e\xd8\xfe\x8c\xcd\x01\x13" + "\x77\x73\x08\x0f\x32\xbd\xe6\x95\xdc\xd0\x14\x7d\x44\xdc\x3e\xd9" + "\xaa\x8a\x32\xe6\x0e\x76\xb6\x05\xc5\x6b\x87\x78\x9a\x32\xe2\xf8" + "\x78\xba\x58\x75\x58\xd5\x26\x9d\x9a\x0f\xb6\xca\xb5\x27\xd8\x58" + "\xae\x3f\x49\x54\xd2\x2b\xac\x28\x39\x88\x31\x42\x12\x08\xea\x0b" + "\x39\x58\xae\xf3\x82\xa0\xe2\x75\x7c\x96\xa9\xb8\x57\x29\x6d\xd7" + "\x37" + "\x02\x81\x81" /* INTEGER, offset 666, length 129 */ + "\x00\xe6\xc8\x91\x50\x49\x97\x56\x70\x6e\x25\xf5\x77\x25\xa5\x41" + "\xfe\xd7\x25\x1b\xc1\x4a\xff\x37\x44\x2b\x46\xa0\xdf\xe8\x02\x09" + "\xdd\xa8\x41\xa1\x12\x84\x3c\xf8\xc2\x13\x3e\xb8\x4b\x22\x01\xac" + "\xa6\x09\xb2\xe9\xcd\xc8\x51\xee\xde\xa3\x1e\x6b\xfe\xb1\xf8\xb6" + "\x9e\x48\x36\x62\x0b\x05\xfa\x38\xc1\x06\x04\x58\x95\x4d\x25\x13" + "\x6d\x0b\x12\x0b\xc9\x6d\x59\xfc\x33\x03\x36\x01\x12\x09\x72\x74" + "\x5e\x98\x65\x66\x2f\x3a\xde\xd8\xd4\xee\x6f\x82\xe6\x36\x49\x12" + "\x6a\x94\x28\xe9\x28\x9e\xef\x29\xdc\xdf\xab\x94\x65\x02\x4e\x4b" + "\x55" + "\x02\x81\x81" /* INTEGER, offset 798, length 129 */ + "\x00\xc9\xda\xb7\x48\x6e\x66\x15\x45\x2b\x78\x63\x26\x67\xeb\x05" + "\x16\x92\xad\xc0\xf3\x88\xf4\xcf\x24\xc2\x6b\xf4\xd7\x28\xaf\x32" + "\x77\x4e\x73\xad\xd9\x24\xa8\x85\x8b\x26\x75\xd7\x1f\x66\x41\x41" + "\x43\xe3\x69\x66\x8d\xa0\x41\x16\x9d\x60\xef\xef\xdc\x28\x05\x1e" + "\x0e\x03\x0c\x2e\xac\xf4\xdb\x60\x39\x40\x3e\x12\xc7\x40\xe7\xc9" + "\x54\x6f\xf2\xea\x55\xcb\x40\x40\x58\xec\xc0\xeb\x90\x88\x8c\xbc" + "\xcf\x05\x88\x25\x90\x79\x18\xc0\x01\x06\x42\x8e\x48\x50\x27\xf0" + "\x8a\x74\x69\xea\xa1\xf2\x71\xf5\xe5\xd6\xba\xcb\xe6\x3d\xc7\x9c" + "\x11" + "\x02\x81\x81" /* INTEGER, offset 930, length 129 */ + "\x00\xc9\xf5\x04\xad\x34\xe9\x39\xdc\x83\x97\xb6\x3a\x40\xf8\x60" + "\x4b\x69\xec\xf0\x5f\xf3\x88\x69\xcd\xbe\xed\x3c\xc5\x14\x5c\x0c" + "\x54\x2b\xf4\xda\xc6\xc0\x70\x36\xe4\x67\x41\x00\xb7\xc7\x17\x9e" + "\x05\x63\x01\x6d\x77\x06\x71\x24\xcf\x32\x01\xe2\x51\xed\x5e\x90" + "\x38\xed\x4a\xa1\xfb\xb1\x8c\x69\xf4\x08\x96\xef\x0a\x20\x8b\x6c" + "\x77\x85\x33\x92\x9a\xff\x95\xba\x8c\xcd\xa7\x89\xc2\x46\x00\x21" + "\xf3\xd1\xfb\x12\x34\x0c\x99\x8d\x38\xb1\x3b\x66\x5a\x9d\x70\xce" + "\xab\xf3\xe1\xe5\x40\x05\xed\x97\x3d\xd1\x82\x6e\x07\x02\xc0\x8f" + "\x4d" + "\x02\x81\x81" /* INTEGER, offset 1062, length 129 */ + "\x00\xe4\x96\x79\xa8\x6a\x70\xdd\x67\x42\xff\x15\x11\x9e\x01\x71" + "\xac\xf1\x70\x7d\x87\xe2\x6e\x0c\x4d\xbb\x21\x15\xbb\xa7\x4e\x0c" + "\x09\x7e\x82\xca\x91\xbe\xd0\xdd\x9c\x8c\xb0\x77\x64\x30\x1b\x7e" + "\xbb\x69\xcb\x4c\xde\xd6\x6a\xb9\x72\x15\x79\xdc\x05\x99\x69\x8b" + "\x24\xa1\xad\x13\x35\x31\xc0\x0b\xf1\xd2\x06\x7c\x94\x1a\x21\x2f" + "\x02\xb9\xf0\xd0\xbb\xf7\xb7\x78\xf9\x3d\x76\x60\xd6\x6b\x5f\x35" + "\x88\x14\x33\xe6\xbc\xca\x6b\x88\x90\x57\x3b\x0c\xa3\x6e\x47\xdf" + "\x4e\x2f\x4c\xf9\xab\x97\x38\xe4\x20\x32\x32\x96\xc8\x9e\x79\xd3" + "\x12"; + +#define MAX_CHECKER_COUNT 32 + +typedef struct QCryptoAns1DecoderResultChecker QCryptoAns1DecoderResultChe= cker; +struct QCryptoAns1DecoderResultChecker { + int (*action) (const uint8_t **data, size_t *dlen, + QCryptoDERDecodeCb cb, void *opaque, Error **errp); + QCryptoDERDecodeCb cb; + const uint8_t *exp_value; + size_t exp_vlen; +}; + +typedef struct QCryptoAns1DecoderTestData QCryptoAns1DecoderTestData; +struct QCryptoAns1DecoderTestData { + const char *path; + const uint8_t *test_data; + size_t test_data_len; + QCryptoAns1DecoderResultChecker checker[MAX_CHECKER_COUNT]; +}; + +typedef struct QCryptoAns1DecoderTestContext QCryptoAns1DecoderTestContext; +struct QCryptoAns1DecoderTestContext { + const uint8_t *data; + size_t dlen; +}; + +static int checker_callback(void *opaque, const uint8_t *value, + size_t vlen, Error **errp) +{ + QCryptoAns1DecoderResultChecker *checker =3D + (QCryptoAns1DecoderResultChecker *)opaque; + + g_assert(value =3D=3D checker->exp_value); + g_assert(vlen =3D=3D checker->exp_vlen); + return 0; +} + +static void test_ans1(const void *opaque) +{ + const QCryptoAns1DecoderTestData *test_data =3D + (QCryptoAns1DecoderTestData *)opaque; + QCryptoAns1DecoderTestContext ctx[MAX_CHECKER_COUNT]; + int seq_depth =3D 0, checker_idx =3D 0; + ctx[seq_depth].data =3D test_data->test_data; + ctx[seq_depth].dlen =3D test_data->test_data_len; + bool all_checker_completed =3D false; + + do { + const QCryptoAns1DecoderResultChecker *checker =3D + &test_data->checker[checker_idx++]; + QCryptoAns1DecoderTestContext *c =3D &ctx[seq_depth]; + if (!checker->action) { + all_checker_completed =3D true; + break; + } + g_assert(checker->action(&c->data, &c->dlen, checker_callback, + (void *)checker, &error_abort) + =3D=3D checker->exp_vlen); + if (checker->action =3D=3D qcrypto_der_decode_seq) { + ++seq_depth; + ctx[seq_depth].data =3D checker->exp_value; + ctx[seq_depth].dlen =3D checker->exp_vlen; + } + while (seq_depth !=3D 0 && ctx[seq_depth].dlen =3D=3D 0) { + --seq_depth; + } + + } while (true); + g_assert(seq_depth =3D=3D 0); + g_assert(ctx[seq_depth].dlen =3D=3D 0); + g_assert(all_checker_completed); +} + +static QCryptoAns1DecoderTestData test_data[] =3D { +{ + .path =3D "/crypto/der/parse-rsa512-priv-key", + .test_data =3D test_rsa512_priv_key, + .test_data_len =3D sizeof(test_rsa512_priv_key) - 1, + .checker =3D { + { qcrypto_der_decode_seq, checker_callback, + test_rsa512_priv_key + 4, 313 }, + { qcrypto_der_decode_int, checker_callback, + test_rsa512_priv_key + 4 + 2, 1 }, + { qcrypto_der_decode_int, checker_callback, + test_rsa512_priv_key + 7 + 2, 65 }, + { qcrypto_der_decode_int, checker_callback, + test_rsa512_priv_key + 74 + 2, 3 }, + { qcrypto_der_decode_int, checker_callback, + test_rsa512_priv_key + 79 + 2, 64 }, + { qcrypto_der_decode_int, checker_callback, + test_rsa512_priv_key + 145 + 2, 33 }, + { qcrypto_der_decode_int, checker_callback, + test_rsa512_priv_key + 180 + 2, 33 }, + { qcrypto_der_decode_int, checker_callback, + test_rsa512_priv_key + 215 + 2, 32 }, + { qcrypto_der_decode_int, checker_callback, + test_rsa512_priv_key + 249 + 2, 32 }, + { qcrypto_der_decode_int, checker_callback, + test_rsa512_priv_key + 283 + 2, 32 }, + }, +}, +{ + .path =3D "/crypto/der/parse-rsa2048-priv-key", + .test_data =3D test_rsa2048_priv_key, + .test_data_len =3D sizeof(test_rsa2048_priv_key) - 1, + .checker =3D { + { qcrypto_der_decode_seq, checker_callback, + test_rsa2048_priv_key + 4, 1190 }, + { qcrypto_der_decode_int, checker_callback, + test_rsa2048_priv_key + 4 + 2, 1 }, + { qcrypto_der_decode_int, checker_callback, + test_rsa2048_priv_key + 7 + 4, 257 }, + { qcrypto_der_decode_int, checker_callback, + test_rsa2048_priv_key + 268 + 2, 3 }, + { qcrypto_der_decode_int, checker_callback, + test_rsa2048_priv_key + 273 + 4, 257 }, + { qcrypto_der_decode_int, checker_callback, + test_rsa2048_priv_key + 534 + 3, 129 }, + { qcrypto_der_decode_int, checker_callback, + test_rsa2048_priv_key + 666 + 3, 129 }, + { qcrypto_der_decode_int, checker_callback, + test_rsa2048_priv_key + 798 + 3, 129 }, + { qcrypto_der_decode_int, checker_callback, + test_rsa2048_priv_key + 930 + 3, 129 }, + { qcrypto_der_decode_int, checker_callback, + test_rsa2048_priv_key + 1062 + 3, 129 }, + }, +}, + +}; + +int main(int argc, char **argv) +{ + size_t i; + g_test_init(&argc, &argv, NULL); + + for (i =3D 0; i < G_N_ELEMENTS(test_data); i++) { + g_test_add_data_func(test_data[i].path, &test_data[i], test_ans1); + } + + return g_test_run(); +} --=20 2.20.1 From nobody Sat Apr 20 03:09:53 2024 Delivered-To: importer@patchew.org Authentication-Results: mx.zohomail.com; dkim=pass; spf=pass (zohomail.com: domain of gnu.org designates 209.51.188.17 as permitted sender) smtp.mailfrom=qemu-devel-bounces+importer=patchew.org@nongnu.org; dmarc=fail(p=none dis=none) header.from=bytedance.com ARC-Seal: i=1; a=rsa-sha256; t=1652490775; cv=none; d=zohomail.com; s=zohoarc; b=kfGhUWncHO0jtevuwXsvTUJApELLxMOEvC9SNNWd4TzsZjWniJjrsLpP96hLXDIk7DrS1BLfajkAV1dgWOkG7ylFwXUcOZ1UIIwCTjC0X3FQfeEwwck366QZKGNEkYRN+z4Bx0eWzoH/0GXoMRUEddAN7ADAZl75SDgNoOLZJ8c= ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=zohomail.com; s=zohoarc; t=1652490775; h=Content-Transfer-Encoding:Cc:Date:From:In-Reply-To:List-Subscribe:List-Post:List-Id:List-Archive:List-Help:List-Unsubscribe:MIME-Version:Message-ID:References:Sender:Subject:To; bh=wHp6x+RgUf91v2PU6qOPT3X3oTasdELFvgG0EyiPvfA=; b=jFaRFlcYq6kQ4Naae/pO/RVVgtdw9MRo6O2uzcg4GE6uylvoyxhfbKALS3VO2h1zBQwZUiOdcXLQZJupUTKy8AYRf5DOSix22elBBP49QYHMOKXKDNbvgXYJsXcNB+iFrFM8Tc64pD78k0RJWz+6i6+UDzb7bOtmQA7N0JpihvE= ARC-Authentication-Results: i=1; mx.zohomail.com; dkim=pass; spf=pass (zohomail.com: domain of gnu.org designates 209.51.188.17 as permitted sender) smtp.mailfrom=qemu-devel-bounces+importer=patchew.org@nongnu.org; dmarc=fail header.from= (p=none dis=none) Return-Path: Received: from lists.gnu.org (lists.gnu.org [209.51.188.17]) by mx.zohomail.com with SMTPS id 1652490775142420.3728910010059; Fri, 13 May 2022 18:12:55 -0700 (PDT) Received: from localhost ([::1]:58810 helo=lists1p.gnu.org) by lists.gnu.org with esmtp (Exim 4.90_1) (envelope-from ) id 1npgKz-0000Z1-GS for importer@patchew.org; Fri, 13 May 2022 21:12:53 -0400 Received: from eggs.gnu.org ([2001:470:142:3::10]:41754) by lists.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.90_1) (envelope-from ) id 1npg8H-0001r8-VO for qemu-devel@nongnu.org; Fri, 13 May 2022 20:59:46 -0400 Received: from mail-pf1-x42e.google.com ([2607:f8b0:4864:20::42e]:46060) by eggs.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_128_GCM_SHA256:128) (Exim 4.90_1) (envelope-from ) id 1npg8E-0008SU-FS for qemu-devel@nongnu.org; Fri, 13 May 2022 20:59:45 -0400 Received: by mail-pf1-x42e.google.com with SMTP id y41so9059009pfw.12 for ; Fri, 13 May 2022 17:59:41 -0700 (PDT) Received: from always-x1.www.tendawifi.com ([139.177.225.239]) by smtp.gmail.com with ESMTPSA id t24-20020a170902b21800b0015e8d4eb1dbsm2466125plr.37.2022.05.13.17.59.36 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Fri, 13 May 2022 17:59:39 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=bytedance-com.20210112.gappssmtp.com; s=20210112; h=from:to:cc:subject:date:message-id:in-reply-to:references :mime-version:content-transfer-encoding; bh=wHp6x+RgUf91v2PU6qOPT3X3oTasdELFvgG0EyiPvfA=; b=QnRRCJuXB+5/Xgvqohh6L6EEKjByUBV25iI52o8QhBW6HKcANQ8kQqDeLHCOCQX6Mj +/Xn0GdlyyPXfR3Fplggv1WLo1Z4f8dqrPqAZp0N1UA8TSdlidtgEFCcoMK3S8zNsvVz 9CnhdbWbwIoJaWFAT1lY4Uzr/vKoE0+1jb4KbI7OWQtVUZMI4aGrsiHaTIlRG+Qm0TDD FVxKPx0jjZ7BIoRwrFWh0cGQvHpVFFdotRrugReUNUZO7IjVV3TsM5sIVLav5PC6Lf1P Agj+bDRq89WYulgK+Wl/7ZVbYl3CPVSNCC7YeHL3IZub6F22e3+AWmpiZTu6MazQEJ+z 5fxA== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20210112; h=x-gm-message-state:from:to:cc:subject:date:message-id:in-reply-to :references:mime-version:content-transfer-encoding; bh=wHp6x+RgUf91v2PU6qOPT3X3oTasdELFvgG0EyiPvfA=; b=Bep6fhPornZxzT7ArvlR336F4i6aZSuGbq+9nhFyvib0KtIdQ1ygPQF716FHIVhUDx RFCjxgZ4u3hYtao92nXE1RctuYeaXAfNn55fVFLPElhmzASM+CfBomi24Y2L88SxQt+p vRwsP3OAj+gyGATOv9WF8mxhsmmTuATSgVmQRPKiaHbwIaDD8YHjffaQNYsA3ZRMNhTQ Ui75y6PGyy4pE57nZ0ezEEMZXUQ28WThGghwLt0n5SGgmte+PiDVHtty0KF16k3vCIRW AmRK7uYOH3s13rgId/MHTTOHclKlbGHI6Oq0MM8foM0aijKyDtVv0EQhju04aMZyUM// z1eg== X-Gm-Message-State: AOAM533bT1ui0qH9iPLxZOIMYrxvAPYt15NhhnRKV9JKuwJzyM5jgv45 NcRkUD569Z9eLiLy+F++Ytc4wA== X-Google-Smtp-Source: ABdhPJxSk257YKPMX0Axk2NrCj4EnFXO3vLtWNu4sDlBhEoqXZDuWspCKJDLZfQdsuNgYo1LIL6efQ== X-Received: by 2002:a63:8442:0:b0:3c6:4271:cad with SMTP id k63-20020a638442000000b003c642710cadmr6133198pgd.275.1652489979985; Fri, 13 May 2022 17:59:39 -0700 (PDT) From: zhenwei pi To: mst@redhat.com, arei.gonglei@huawei.com, berrange@redhat.com Cc: qemu-devel@nongnu.org, virtualization@lists.linux-foundation.org, linux-crypto@vger.kernel.org, helei.sig11@bytedance.com, jasowang@redhat.com, pizhenwei@bytedance.com, cohuck@redhat.com Subject: [PATCH v6 5/9] crypto: Implement RSA algorithm by hogweed Date: Sat, 14 May 2022 08:55:00 +0800 Message-Id: <20220514005504.1042884-6-pizhenwei@bytedance.com> X-Mailer: git-send-email 2.25.1 In-Reply-To: <20220514005504.1042884-1-pizhenwei@bytedance.com> References: <20220514005504.1042884-1-pizhenwei@bytedance.com> MIME-Version: 1.0 Content-Transfer-Encoding: quoted-printable Received-SPF: pass (zohomail.com: domain of gnu.org designates 209.51.188.17 as permitted sender) client-ip=209.51.188.17; envelope-from=qemu-devel-bounces+importer=patchew.org@nongnu.org; helo=lists.gnu.org; Received-SPF: pass client-ip=2607:f8b0:4864:20::42e; envelope-from=pizhenwei@bytedance.com; helo=mail-pf1-x42e.google.com X-Spam_score_int: -18 X-Spam_score: -1.9 X-Spam_bar: - X-Spam_report: (-1.9 / 5.0 requ) BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, RCVD_IN_DNSWL_NONE=-0.0001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001, T_SCC_BODY_TEXT_LINE=-0.01 autolearn=ham autolearn_force=no X-Spam_action: no action X-BeenThere: qemu-devel@nongnu.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: qemu-devel-bounces+importer=patchew.org@nongnu.org Sender: "Qemu-devel" X-ZohoMail-DKIM: pass (identity @bytedance-com.20210112.gappssmtp.com) X-ZM-MESSAGEID: 1652490775937100001 Content-Type: text/plain; charset="utf-8" From: Lei He Implement RSA algorithm by hogweed from nettle. Thus QEMU supports a 'real' RSA backend to handle request from guest side. It's important to test RSA offload case without OS & hardware requirement. Signed-off-by: lei he Signed-off-by: zhenwei pi --- crypto/akcipher-nettle.c.inc | 451 +++++++++++++++++++++++++++++++++++ crypto/akcipher.c | 4 + crypto/meson.build | 4 + crypto/rsakey-builtin.c.inc | 200 ++++++++++++++++ crypto/rsakey-nettle.c.inc | 158 ++++++++++++ crypto/rsakey.c | 44 ++++ crypto/rsakey.h | 94 ++++++++ meson.build | 11 + 8 files changed, 966 insertions(+) create mode 100644 crypto/akcipher-nettle.c.inc create mode 100644 crypto/rsakey-builtin.c.inc create mode 100644 crypto/rsakey-nettle.c.inc create mode 100644 crypto/rsakey.c create mode 100644 crypto/rsakey.h diff --git a/crypto/akcipher-nettle.c.inc b/crypto/akcipher-nettle.c.inc new file mode 100644 index 0000000000..0796bddcaa --- /dev/null +++ b/crypto/akcipher-nettle.c.inc @@ -0,0 +1,451 @@ +/* + * QEMU Crypto akcipher algorithms + * + * Copyright (c) 2022 Bytedance + * Author: lei he + * + * This library is free software; you can redistribute it and/or + * modify it under the terms of the GNU Lesser General Public + * License as published by the Free Software Foundation; either + * version 2.1 of the License, or (at your option) any later version. + * + * This library is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU + * Lesser General Public License for more details. + * + * You should have received a copy of the GNU Lesser General Public + * License along with this library; if not, see . + * + */ + +#include + +#include "qemu/osdep.h" +#include "qemu/host-utils.h" +#include "crypto/akcipher.h" +#include "crypto/random.h" +#include "qapi/error.h" +#include "sysemu/cryptodev.h" +#include "rsakey.h" + +typedef struct QCryptoNettleRSA { + QCryptoAkCipher akcipher; + struct rsa_public_key pub; + struct rsa_private_key priv; + QCryptoRSAPaddingAlgorithm padding_alg; + QCryptoHashAlgorithm hash_alg; +} QCryptoNettleRSA; + +static void qcrypto_nettle_rsa_free(QCryptoAkCipher *akcipher) +{ + QCryptoNettleRSA *rsa =3D (QCryptoNettleRSA *)akcipher; + if (!rsa) { + return; + } + + rsa_public_key_clear(&rsa->pub); + rsa_private_key_clear(&rsa->priv); + g_free(rsa); +} + +static QCryptoAkCipher *qcrypto_nettle_rsa_new( + const QCryptoAkCipherOptionsRSA *opt, + QCryptoAkCipherKeyType type, + const uint8_t *key, size_t keylen, + Error **errp); + +QCryptoAkCipher *qcrypto_akcipher_new(const QCryptoAkCipherOptions *opts, + QCryptoAkCipherKeyType type, + const uint8_t *key, size_t keylen, + Error **errp) +{ + switch (opts->alg) { + case QCRYPTO_AKCIPHER_ALG_RSA: + return qcrypto_nettle_rsa_new(&opts->u.rsa, type, key, keylen, err= p); + + default: + error_setg(errp, "Unsupported algorithm: %u", opts->alg); + return NULL; + } + + return NULL; +} + +static void qcrypto_nettle_rsa_set_akcipher_size(QCryptoAkCipher *akcipher, + int key_size) +{ + akcipher->max_plaintext_len =3D key_size; + akcipher->max_ciphertext_len =3D key_size; + akcipher->max_signature_len =3D key_size; + akcipher->max_dgst_len =3D key_size; +} + +static int qcrypt_nettle_parse_rsa_private_key(QCryptoNettleRSA *rsa, + const uint8_t *key, + size_t keylen, + Error **errp) +{ + g_autoptr(QCryptoAkCipherRSAKey) rsa_key =3D qcrypto_akcipher_rsakey_p= arse( + QCRYPTO_AKCIPHER_KEY_TYPE_PRIVATE, key, keylen, errp); + + if (!rsa_key) { + return -1; + } + + nettle_mpz_init_set_str_256_u(rsa->pub.n, rsa_key->n.len, rsa_key->n.d= ata); + nettle_mpz_init_set_str_256_u(rsa->pub.e, rsa_key->e.len, rsa_key->e.d= ata); + nettle_mpz_init_set_str_256_u(rsa->priv.d, rsa_key->d.len, rsa_key->d.= data); + nettle_mpz_init_set_str_256_u(rsa->priv.p, rsa_key->p.len, rsa_key->p.= data); + nettle_mpz_init_set_str_256_u(rsa->priv.q, rsa_key->q.len, rsa_key->q.= data); + nettle_mpz_init_set_str_256_u(rsa->priv.a, rsa_key->dp.len, + rsa_key->dp.data); + nettle_mpz_init_set_str_256_u(rsa->priv.b, rsa_key->dq.len, + rsa_key->dq.data); + nettle_mpz_init_set_str_256_u(rsa->priv.c, rsa_key->u.len, rsa_key->u.= data); + + if (!rsa_public_key_prepare(&rsa->pub)) { + error_setg(errp, "Failed to check RSA key"); + return -1; + } + + /** + * Since in the kernel's unit test, the p, q, a, b, c of some + * private keys is 0, only the simplest length check is done here + */ + if (rsa_key->p.len > 1 && + rsa_key->q.len > 1 && + rsa_key->dp.len > 1 && + rsa_key->dq.len > 1 && + rsa_key->u.len > 1) { + if (!rsa_private_key_prepare(&rsa->priv)) { + error_setg(errp, "Failed to check RSA key"); + return -1; + } + } else { + rsa->priv.size =3D rsa->pub.size; + } + qcrypto_nettle_rsa_set_akcipher_size( + (QCryptoAkCipher *)rsa, rsa->priv.size); + + return 0; +} + +static int qcrypt_nettle_parse_rsa_public_key(QCryptoNettleRSA *rsa, + const uint8_t *key, + size_t keylen, + Error **errp) +{ + g_autoptr(QCryptoAkCipherRSAKey) rsa_key =3D qcrypto_akcipher_rsakey_p= arse( + QCRYPTO_AKCIPHER_KEY_TYPE_PUBLIC, key, keylen, errp); + + if (!rsa_key) { + return -1; + } + nettle_mpz_init_set_str_256_u(rsa->pub.n, rsa_key->n.len, rsa_key->n.d= ata); + nettle_mpz_init_set_str_256_u(rsa->pub.e, rsa_key->e.len, rsa_key->e.d= ata); + + if (!rsa_public_key_prepare(&rsa->pub)) { + error_setg(errp, "Failed to check RSA key"); + return -1; + } + qcrypto_nettle_rsa_set_akcipher_size( + (QCryptoAkCipher *)rsa, rsa->pub.size); + + return 0; +} + +static void wrap_nettle_random_func(void *ctx, size_t len, uint8_t *out) +{ + qcrypto_random_bytes(out, len, &error_abort); +} + +static int qcrypto_nettle_rsa_encrypt(QCryptoAkCipher *akcipher, + const void *data, size_t data_len, + void *enc, size_t enc_len, + Error **errp) +{ + + QCryptoNettleRSA *rsa =3D (QCryptoNettleRSA *)akcipher; + mpz_t c; + int ret =3D -1; + + if (data_len > rsa->pub.size) { + error_setg(errp, "Plaintext length should be less than key size: %= lu", + rsa->pub.size); + return ret; + } + + if (enc_len < rsa->pub.size) { + error_setg(errp, "Ciphertext buffer length cannot less than " + "key size: %lu", rsa->pub.size); + return ret; + } + + /* Nettle do not support RSA encryption without any padding */ + switch (rsa->padding_alg) { + case QCRYPTO_RSA_PADDING_ALG_RAW: + error_setg(errp, "RSA with raw padding is not supported"); + break; + + case QCRYPTO_RSA_PADDING_ALG_PKCS1: + mpz_init(c); + if (rsa_encrypt(&rsa->pub, NULL, wrap_nettle_random_func, + data_len, (uint8_t *)data, c) !=3D 1) { + error_setg(errp, "Failed to encrypt"); + } else { + nettle_mpz_get_str_256(enc_len, (uint8_t *)enc, c); + ret =3D nettle_mpz_sizeinbase_256_u(c); + } + mpz_clear(c); + break; + + default: + error_setg(errp, "Unknown padding"); + } + + return ret; +} + +static int qcrypto_nettle_rsa_decrypt(QCryptoAkCipher *akcipher, + const void *enc, size_t enc_len, + void *data, size_t data_len, + Error **errp) +{ + QCryptoNettleRSA *rsa =3D (QCryptoNettleRSA *)akcipher; + mpz_t c; + int ret =3D -1; + + if (enc_len > rsa->priv.size) { + error_setg(errp, "Ciphertext length is greater than key size: %lu", + rsa->priv.size); + return ret; + } + + switch (rsa->padding_alg) { + case QCRYPTO_RSA_PADDING_ALG_RAW: + error_setg(errp, "RSA with raw padding is not supported"); + break; + + case QCRYPTO_RSA_PADDING_ALG_PKCS1: + nettle_mpz_init_set_str_256_u(c, enc_len, enc); + if (!rsa_decrypt(&rsa->priv, &data_len, (uint8_t *)data, c)) { + error_setg(errp, "Failed to decrypt"); + } else { + ret =3D data_len; + } + + mpz_clear(c); + break; + + default: + error_setg(errp, "Unknown padding algorithm: %d", rsa->padding_alg= ); + } + + return ret; +} + +static int qcrypto_nettle_rsa_sign(QCryptoAkCipher *akcipher, + const void *data, size_t data_len, + void *sig, size_t sig_len, Error **errp) +{ + QCryptoNettleRSA *rsa =3D (QCryptoNettleRSA *)akcipher; + int ret =3D -1, rv; + mpz_t s; + + /** + * The RSA algorithm cannot be used for signature/verification + * without padding. + */ + if (rsa->padding_alg =3D=3D QCRYPTO_RSA_PADDING_ALG_RAW) { + error_setg(errp, "Try to make signature without padding"); + return ret; + } + + if (data_len > rsa->priv.size) { + error_setg(errp, "Data length is greater than key size: %lu", + rsa->priv.size); + return ret; + } + + if (sig_len < rsa->priv.size) { + error_setg(errp, "Signature buffer length cannot less than " + "key size: %lu", rsa->priv.size); + return ret; + } + + mpz_init(s); + switch (rsa->hash_alg) { + case QCRYPTO_HASH_ALG_MD5: + rv =3D rsa_md5_sign_digest(&rsa->priv, data, s); + break; + + case QCRYPTO_HASH_ALG_SHA1: + rv =3D rsa_sha1_sign_digest(&rsa->priv, data, s); + break; + + case QCRYPTO_HASH_ALG_SHA256: + rv =3D rsa_sha256_sign_digest(&rsa->priv, data, s); + break; + + case QCRYPTO_HASH_ALG_SHA512: + rv =3D rsa_sha512_sign_digest(&rsa->priv, data, s); + break; + + default: + error_setg(errp, "Unknown hash algorithm: %d", rsa->hash_alg); + goto cleanup; + } + + if (rv !=3D 1) { + error_setg(errp, "Failed to make signature"); + goto cleanup; + } + nettle_mpz_get_str_256(sig_len, (uint8_t *)sig, s); + ret =3D nettle_mpz_sizeinbase_256_u(s); + +cleanup: + mpz_clear(s); + + return ret; +} + +static int qcrypto_nettle_rsa_verify(QCryptoAkCipher *akcipher, + const void *sig, size_t sig_len, + const void *data, size_t data_len, + Error **errp) +{ + QCryptoNettleRSA *rsa =3D (QCryptoNettleRSA *)akcipher; + + int ret =3D -1, rv; + mpz_t s; + + /** + * The RSA algorithm cannot be used for signature/verification + * without padding. + */ + if (rsa->padding_alg =3D=3D QCRYPTO_RSA_PADDING_ALG_RAW) { + error_setg(errp, "Try to verify signature without padding"); + return ret; + } + if (data_len > rsa->pub.size) { + error_setg(errp, "Data length is greater than key size: %lu", + rsa->pub.size); + return ret; + } + if (sig_len < rsa->pub.size) { + error_setg(errp, "Signature length is greater than key size: %lu", + rsa->pub.size); + return ret; + } + + nettle_mpz_init_set_str_256_u(s, sig_len, sig); + switch (rsa->hash_alg) { + case QCRYPTO_HASH_ALG_MD5: + rv =3D rsa_md5_verify_digest(&rsa->pub, data, s); + break; + + case QCRYPTO_HASH_ALG_SHA1: + rv =3D rsa_sha1_verify_digest(&rsa->pub, data, s); + break; + + case QCRYPTO_HASH_ALG_SHA256: + rv =3D rsa_sha256_verify_digest(&rsa->pub, data, s); + break; + + case QCRYPTO_HASH_ALG_SHA512: + rv =3D rsa_sha512_verify_digest(&rsa->pub, data, s); + break; + + default: + error_setg(errp, "Unsupported hash algorithm: %d", rsa->hash_alg); + goto cleanup; + } + + if (rv !=3D 1) { + error_setg(errp, "Failed to verify signature"); + goto cleanup; + } + ret =3D 0; + +cleanup: + mpz_clear(s); + + return ret; +} + +QCryptoAkCipherDriver nettle_rsa =3D { + .encrypt =3D qcrypto_nettle_rsa_encrypt, + .decrypt =3D qcrypto_nettle_rsa_decrypt, + .sign =3D qcrypto_nettle_rsa_sign, + .verify =3D qcrypto_nettle_rsa_verify, + .free =3D qcrypto_nettle_rsa_free, +}; + +static QCryptoAkCipher *qcrypto_nettle_rsa_new( + const QCryptoAkCipherOptionsRSA *opt, + QCryptoAkCipherKeyType type, + const uint8_t *key, size_t keylen, + Error **errp) +{ + QCryptoNettleRSA *rsa =3D g_new0(QCryptoNettleRSA, 1); + + rsa->padding_alg =3D opt->padding_alg; + rsa->hash_alg =3D opt->hash_alg; + rsa->akcipher.driver =3D &nettle_rsa; + rsa_public_key_init(&rsa->pub); + rsa_private_key_init(&rsa->priv); + + switch (type) { + case QCRYPTO_AKCIPHER_KEY_TYPE_PRIVATE: + if (qcrypt_nettle_parse_rsa_private_key(rsa, key, keylen, errp) != =3D 0) { + goto error; + } + break; + + case QCRYPTO_AKCIPHER_KEY_TYPE_PUBLIC: + if (qcrypt_nettle_parse_rsa_public_key(rsa, key, keylen, errp) != =3D 0) { + goto error; + } + break; + + default: + error_setg(errp, "Unknown akcipher key type %d", type); + goto error; + } + + return (QCryptoAkCipher *)rsa; + +error: + qcrypto_nettle_rsa_free((QCryptoAkCipher *)rsa); + return NULL; +} + + +bool qcrypto_akcipher_supports(QCryptoAkCipherOptions *opts) +{ + switch (opts->alg) { + case QCRYPTO_AKCIPHER_ALG_RSA: + switch (opts->u.rsa.padding_alg) { + case QCRYPTO_RSA_PADDING_ALG_PKCS1: + switch (opts->u.rsa.hash_alg) { + case QCRYPTO_HASH_ALG_MD5: + case QCRYPTO_HASH_ALG_SHA1: + case QCRYPTO_HASH_ALG_SHA256: + case QCRYPTO_HASH_ALG_SHA512: + return true; + + default: + return false; + } + + case QCRYPTO_RSA_PADDING_ALG_RAW: + default: + return false; + } + break; + + default: + return false; + } +} diff --git a/crypto/akcipher.c b/crypto/akcipher.c index ab28bf415b..f287083f92 100644 --- a/crypto/akcipher.c +++ b/crypto/akcipher.c @@ -23,6 +23,9 @@ #include "crypto/akcipher.h" #include "akcipherpriv.h" =20 +#if defined(CONFIG_NETTLE) && defined(CONFIG_HOGWEED) +#include "akcipher-nettle.c.inc" +#else QCryptoAkCipher *qcrypto_akcipher_new(const QCryptoAkCipherOptions *opts, QCryptoAkCipherKeyType type, const uint8_t *key, size_t keylen, @@ -37,6 +40,7 @@ bool qcrypto_akcipher_supports(QCryptoAkCipherOptions *op= ts) { return false; } +#endif =20 int qcrypto_akcipher_encrypt(QCryptoAkCipher *akcipher, const void *in, size_t in_len, diff --git a/crypto/meson.build b/crypto/meson.build index b8152ae7cb..5f03a30d34 100644 --- a/crypto/meson.build +++ b/crypto/meson.build @@ -21,10 +21,14 @@ crypto_ss.add(files( 'tlscredspsk.c', 'tlscredsx509.c', 'tlssession.c', + 'rsakey.c', )) =20 if nettle.found() crypto_ss.add(nettle, files('hash-nettle.c', 'hmac-nettle.c', 'pbkdf-net= tle.c')) + if hogweed.found() + crypto_ss.add(gmp, hogweed) + endif if xts =3D=3D 'private' crypto_ss.add(files('xts.c')) endif diff --git a/crypto/rsakey-builtin.c.inc b/crypto/rsakey-builtin.c.inc new file mode 100644 index 0000000000..aeeacc8f9b --- /dev/null +++ b/crypto/rsakey-builtin.c.inc @@ -0,0 +1,200 @@ +/* + * QEMU Crypto akcipher algorithms + * + * Copyright (c) 2022 Bytedance + * Author: lei he + * + * This library is free software; you can redistribute it and/or + * modify it under the terms of the GNU Lesser General Public + * License as published by the Free Software Foundation; either + * version 2.1 of the License, or (at your option) any later version. + * + * This library is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU + * Lesser General Public License for more details. + * + * You should have received a copy of the GNU Lesser General Public + * License along with this library; if not, see . + * + */ + +#include "der.h" +#include "rsakey.h" + +static int extract_mpi(void *ctx, const uint8_t *value, + size_t vlen, Error **errp) +{ + QCryptoAkCipherMPI *mpi =3D (QCryptoAkCipherMPI *)ctx; + if (vlen =3D=3D 0) { + error_setg(errp, "Empty mpi field"); + return -1; + } + mpi->data =3D g_memdup2(value, vlen); + mpi->len =3D vlen; + return 0; +} + +static int extract_version(void *ctx, const uint8_t *value, + size_t vlen, Error **errp) +{ + uint8_t *version =3D (uint8_t *)ctx; + if (vlen !=3D 1 || *value > 1) { + error_setg(errp, "Invalid rsakey version"); + return -1; + } + *version =3D *value; + return 0; +} + +static int extract_seq_content(void *ctx, const uint8_t *value, + size_t vlen, Error **errp) +{ + const uint8_t **content =3D (const uint8_t **)ctx; + if (vlen =3D=3D 0) { + error_setg(errp, "Empty sequence"); + return -1; + } + *content =3D value; + return 0; +} + +/** + * + * RsaPubKey ::=3D SEQUENCE { + * n INTEGER + * e INTEGER + * } + */ +static QCryptoAkCipherRSAKey *qcrypto_builtin_rsa_public_key_parse( + const uint8_t *key, size_t keylen, Error **errp) +{ + QCryptoAkCipherRSAKey *rsa =3D g_new0(QCryptoAkCipherRSAKey, 1); + const uint8_t *seq; + size_t seq_length; + int decode_ret; + + decode_ret =3D qcrypto_der_decode_seq(&key, &keylen, + extract_seq_content, &seq, errp); + if (decode_ret < 0 || keylen !=3D 0) { + goto error; + } + seq_length =3D decode_ret; + + if (qcrypto_der_decode_int(&seq, &seq_length, extract_mpi, + &rsa->n, errp) < 0 || + qcrypto_der_decode_int(&seq, &seq_length, extract_mpi, + &rsa->e, errp) < 0) { + goto error; + } + if (seq_length !=3D 0) { + goto error; + } + + return rsa; + +error: + if (errp && !*errp) { + error_setg(errp, "Invalid RSA public key"); + } + qcrypto_akcipher_rsakey_free(rsa); + return NULL; +} + +/** + * RsaPrivKey ::=3D SEQUENCE { + * version INTEGER + * n INTEGER + * e INTEGER + * d INTEGER + * p INTEGER + * q INTEGER + * dp INTEGER + * dq INTEGER + * u INTEGER + * otherPrimeInfos OtherPrimeInfos OPTIONAL + * } + */ +static QCryptoAkCipherRSAKey *qcrypto_builtin_rsa_private_key_parse( + const uint8_t *key, size_t keylen, Error **errp) +{ + QCryptoAkCipherRSAKey *rsa =3D g_new0(QCryptoAkCipherRSAKey, 1); + uint8_t version; + const uint8_t *seq; + int decode_ret; + size_t seq_length; + + decode_ret =3D qcrypto_der_decode_seq(&key, &keylen, extract_seq_conte= nt, + &seq, errp); + if (decode_ret < 0 || keylen !=3D 0) { + goto error; + } + seq_length =3D decode_ret; + + decode_ret =3D qcrypto_der_decode_int(&seq, &seq_length, extract_versi= on, + &version, errp); + + if (qcrypto_der_decode_int(&seq, &seq_length, extract_mpi, + &rsa->n, errp) < 0 || + qcrypto_der_decode_int(&seq, &seq_length, extract_mpi, + &rsa->e, errp) < 0 || + qcrypto_der_decode_int(&seq, &seq_length, extract_mpi, + &rsa->d, errp) < 0 || + qcrypto_der_decode_int(&seq, &seq_length, extract_mpi, &rsa->p, + errp) < 0 || + qcrypto_der_decode_int(&seq, &seq_length, extract_mpi, &rsa->q, + errp) < 0 || + qcrypto_der_decode_int(&seq, &seq_length, extract_mpi, &rsa->dp, + errp) < 0 || + qcrypto_der_decode_int(&seq, &seq_length, extract_mpi, &rsa->dq, + errp) < 0 || + qcrypto_der_decode_int(&seq, &seq_length, extract_mpi, &rsa->u, + errp) < 0) { + goto error; + } + + /** + * According to the standard, otherPrimeInfos must be present for vers= ion 1. + * There is no strict verification here, this is to be compatible with + * the unit test of the kernel. TODO: remove this until linux kernel's + * unit-test is fixed. + */ + if (version =3D=3D 1 && seq_length !=3D 0) { + if (qcrypto_der_decode_seq(&seq, &seq_length, NULL, NULL, errp) < = 0) { + goto error; + } + if (seq_length !=3D 0) { + goto error; + } + return rsa; + } + if (seq_length !=3D 0) { + goto error; + } + + return rsa; + +error: + if (errp && !*errp) { + error_setg(errp, "Invalid RSA private key"); + } + qcrypto_akcipher_rsakey_free(rsa); + return NULL; +} + +QCryptoAkCipherRSAKey *qcrypto_akcipher_rsakey_parse( + QCryptoAkCipherKeyType type, const uint8_t *key, + size_t keylen, Error **errp) +{ + switch (type) { + case QCRYPTO_AKCIPHER_KEY_TYPE_PRIVATE: + return qcrypto_builtin_rsa_private_key_parse(key, keylen, errp); + + case QCRYPTO_AKCIPHER_KEY_TYPE_PUBLIC: + return qcrypto_builtin_rsa_public_key_parse(key, keylen, errp); + + default: + error_setg(errp, "Unknown key type: %d", type); + return NULL; + } +} diff --git a/crypto/rsakey-nettle.c.inc b/crypto/rsakey-nettle.c.inc new file mode 100644 index 0000000000..cc49872e78 --- /dev/null +++ b/crypto/rsakey-nettle.c.inc @@ -0,0 +1,158 @@ +/* + * QEMU Crypto akcipher algorithms + * + * Copyright (c) 2022 Bytedance + * Author: lei he + * + * This library is free software; you can redistribute it and/or + * modify it under the terms of the GNU Lesser General Public + * License as published by the Free Software Foundation; either + * version 2.1 of the License, or (at your option) any later version. + * + * This library is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU + * Lesser General Public License for more details. + * + * You should have received a copy of the GNU Lesser General Public + * License along with this library; if not, see . + * + */ + +#include + +#include "qemu/osdep.h" +#include "qapi/error.h" +#include "rsakey.h" + +static bool DumpMPI(struct asn1_der_iterator *i, QCryptoAkCipherMPI *mpi) +{ + mpi->data =3D g_memdup2(i->data, i->length); + mpi->len =3D i->length; + return true; +} + +static bool GetMPI(struct asn1_der_iterator *i, QCryptoAkCipherMPI *mpi) +{ + if (asn1_der_iterator_next(i) !=3D ASN1_ITERATOR_PRIMITIVE || + i->type !=3D ASN1_INTEGER) { + return false; + } + return DumpMPI(i, mpi); +} + +/** + * RsaPrivKey ::=3D SEQUENCE { + * version INTEGER + * n INTEGER + * e INTEGER + * d INTEGER + * p INTEGER + * q INTEGER + * dp INTEGER + * dq INTEGER + * u INTEGER + * otherPrimeInfos OtherPrimeInfos OPTIONAL + * } + */ +static QCryptoAkCipherRSAKey *qcrypto_nettle_rsa_private_key_parse( + const uint8_t *key, size_t keylen, Error **errp) +{ + QCryptoAkCipherRSAKey *rsa =3D g_new0(QCryptoAkCipherRSAKey, 1); + struct asn1_der_iterator i; + uint32_t version; + int tag; + + /* Parse entire struct */ + if (asn1_der_iterator_first(&i, keylen, key) !=3D ASN1_ITERATOR_CONSTR= UCTED || + i.type !=3D ASN1_SEQUENCE || + asn1_der_decode_constructed_last(&i) !=3D ASN1_ITERATOR_PRIMITIVE = || + i.type !=3D ASN1_INTEGER || + !asn1_der_get_uint32(&i, &version) || + version > 1 || + !GetMPI(&i, &rsa->n) || + !GetMPI(&i, &rsa->e) || + !GetMPI(&i, &rsa->d) || + !GetMPI(&i, &rsa->p) || + !GetMPI(&i, &rsa->q) || + !GetMPI(&i, &rsa->dp) || + !GetMPI(&i, &rsa->dq) || + !GetMPI(&i, &rsa->u)) { + goto error; + } + + if (version =3D=3D 1) { + tag =3D asn1_der_iterator_next(&i); + /** + * According to the standard otherPrimeInfos must be present for + * version 1. There is no strict verification here, this is to be + * compatible with the unit test of the kernel. TODO: remove this + * until linux-kernel's unit-test is fixed; + */ + if (tag =3D=3D ASN1_ITERATOR_END) { + return rsa; + } + if (tag !=3D ASN1_ITERATOR_CONSTRUCTED || + i.type !=3D ASN1_SEQUENCE) { + goto error; + } + } + + if (asn1_der_iterator_next(&i) !=3D ASN1_ITERATOR_END) { + goto error; + } + + return rsa; + +error: + error_setg(errp, "Failed to parse RSA private key"); + qcrypto_akcipher_rsakey_free(rsa); + return NULL; +} + +/** + * RsaPubKey ::=3D SEQUENCE { + * n INTEGER + * e INTEGER + * } + */ +static QCryptoAkCipherRSAKey *qcrypto_nettle_rsa_public_key_parse( + const uint8_t *key, size_t keylen, Error **errp) +{ + + QCryptoAkCipherRSAKey *rsa =3D g_new0(QCryptoAkCipherRSAKey, 1); + struct asn1_der_iterator i; + + if (asn1_der_iterator_first(&i, keylen, key) !=3D ASN1_ITERATOR_CONSTR= UCTED || + i.type !=3D ASN1_SEQUENCE || + asn1_der_decode_constructed_last(&i) !=3D ASN1_ITERATOR_PRIMITIVE = || + !DumpMPI(&i, &rsa->n) || + !GetMPI(&i, &rsa->e) || + asn1_der_iterator_next(&i) !=3D ASN1_ITERATOR_END) { + goto error; + } + + return rsa; + +error: + error_setg(errp, "Failed to parse RSA public key"); + qcrypto_akcipher_rsakey_free(rsa); + return NULL; +} + +QCryptoAkCipherRSAKey *qcrypto_akcipher_rsakey_parse( + QCryptoAkCipherKeyType type, const uint8_t *key, + size_t keylen, Error **errp) +{ + switch (type) { + case QCRYPTO_AKCIPHER_KEY_TYPE_PRIVATE: + return qcrypto_nettle_rsa_private_key_parse(key, keylen, errp); + + case QCRYPTO_AKCIPHER_KEY_TYPE_PUBLIC: + return qcrypto_nettle_rsa_public_key_parse(key, keylen, errp); + + default: + error_setg(errp, "Unknown key type: %d", type); + return NULL; + } +} diff --git a/crypto/rsakey.c b/crypto/rsakey.c new file mode 100644 index 0000000000..cc40e072f0 --- /dev/null +++ b/crypto/rsakey.c @@ -0,0 +1,44 @@ +/* + * QEMU Crypto RSA key parser + * + * Copyright (c) 2022 Bytedance + * Author: lei he + * + * This library is free software; you can redistribute it and/or + * modify it under the terms of the GNU Lesser General Public + * License as published by the Free Software Foundation; either + * version 2.1 of the License, or (at your option) any later version. + * + * This library is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU + * Lesser General Public License for more details. + * + * You should have received a copy of the GNU Lesser General Public + * License along with this library; if not, see . + * + */ + +#include "rsakey.h" + +void qcrypto_akcipher_rsakey_free(QCryptoAkCipherRSAKey *rsa_key) +{ + if (!rsa_key) { + return; + } + g_free(rsa_key->n.data); + g_free(rsa_key->e.data); + g_free(rsa_key->d.data); + g_free(rsa_key->p.data); + g_free(rsa_key->q.data); + g_free(rsa_key->dp.data); + g_free(rsa_key->dq.data); + g_free(rsa_key->u.data); + g_free(rsa_key); +} + +#if defined(CONFIG_NETTLE) && defined(CONFIG_HOGWEED) +#include "rsakey-nettle.c.inc" +#else +#include "rsakey-builtin.c.inc" +#endif diff --git a/crypto/rsakey.h b/crypto/rsakey.h new file mode 100644 index 0000000000..17bb22333d --- /dev/null +++ b/crypto/rsakey.h @@ -0,0 +1,94 @@ +/* + * QEMU Crypto RSA key parser + * + * Copyright (c) 2022 Bytedance + * Author: lei he + * + * This library is free software; you can redistribute it and/or + * modify it under the terms of the GNU Lesser General Public + * License as published by the Free Software Foundation; either + * version 2.1 of the License, or (at your option) any later version. + * + * This library is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU + * Lesser General Public License for more details. + * + * You should have received a copy of the GNU Lesser General Public + * License along with this library; if not, see . + * + */ + +#ifndef QCRYPTO_RSAKEY_H +#define QCRYPTO_RSAKEY_H + +#include + +#include "qemu/osdep.h" +#include "qemu/host-utils.h" +#include "crypto/akcipher.h" + +typedef struct QCryptoAkCipherRSAKey QCryptoAkCipherRSAKey; +typedef struct QCryptoAkCipherMPI QCryptoAkCipherMPI; + +/** + * Multiple precious integer, encoded as two' complement, + * copied directly from DER encoded ASN.1 structures. + */ +struct QCryptoAkCipherMPI { + uint8_t *data; + size_t len; +}; + +/* See rfc2437: https://datatracker.ietf.org/doc/html/rfc2437 */ +struct QCryptoAkCipherRSAKey { + /* The modulus */ + QCryptoAkCipherMPI n; + /* The public exponent */ + QCryptoAkCipherMPI e; + /* The private exponent */ + QCryptoAkCipherMPI d; + /* The first factor */ + QCryptoAkCipherMPI p; + /* The second factor */ + QCryptoAkCipherMPI q; + /* The first factor's exponent */ + QCryptoAkCipherMPI dp; + /* The second factor's exponent */ + QCryptoAkCipherMPI dq; + /* The CRT coefficient */ + QCryptoAkCipherMPI u; +}; + +/** + * Parse DER encoded ASN.1 RSA keys, expected ASN.1 schemas: + * RsaPrivKey ::=3D SEQUENCE { + * version INTEGER + * n INTEGER + * e INTEGER + * d INTEGER + * p INTEGER + * q INTEGER + * dp INTEGER + * dq INTEGER + * u INTEGER + * otherPrimeInfos OtherPrimeInfos OPTIONAL + * } + * + * RsaPubKey ::=3D SEQUENCE { + * n INTEGER + * e INTEGER + * } + * + * Returns: On success QCryptoAkCipherRSAKey is returned, otherwise return= s NULL + */ +QCryptoAkCipherRSAKey *qcrypto_akcipher_rsakey_parse( + QCryptoAkCipherKeyType type, + const uint8_t *key, size_t keylen, Error **errp); + +void qcrypto_akcipher_rsakey_free(QCryptoAkCipherRSAKey *key); + +G_DEFINE_AUTOPTR_CLEANUP_FUNC(QCryptoAkCipherRSAKey, + qcrypto_akcipher_rsakey_free); + +#endif diff --git a/meson.build b/meson.build index 40132b4804..68bd083189 100644 --- a/meson.build +++ b/meson.build @@ -1098,6 +1098,7 @@ endif # gcrypt over nettle for performance reasons. gcrypt =3D not_found nettle =3D not_found +hogweed =3D not_found xts =3D 'none' =20 if get_option('nettle').enabled() and get_option('gcrypt').enabled() @@ -1135,6 +1136,15 @@ if not gnutls_crypto.found() endif endif =20 +gmp =3D dependency('gmp', required: false, method: 'pkg-config', kwargs: s= tatic_kwargs) +if nettle.found() and gmp.found() + hogweed =3D dependency('hogweed', version: '>=3D3.4', + method: 'pkg-config', + required: get_option('nettle'), + kwargs: static_kwargs) +endif + + gtk =3D not_found gtkx11 =3D not_found vte =3D not_found @@ -1744,6 +1754,7 @@ config_host_data.set('CONFIG_GNUTLS', gnutls.found()) config_host_data.set('CONFIG_GNUTLS_CRYPTO', gnutls_crypto.found()) config_host_data.set('CONFIG_GCRYPT', gcrypt.found()) config_host_data.set('CONFIG_NETTLE', nettle.found()) +config_host_data.set('CONFIG_HOGWEED', hogweed.found()) config_host_data.set('CONFIG_QEMU_PRIVATE_XTS', xts =3D=3D 'private') config_host_data.set('CONFIG_MALLOC_TRIM', has_malloc_trim) config_host_data.set('CONFIG_STATX', has_statx) --=20 2.20.1 From nobody Sat Apr 20 03:09:53 2024 Delivered-To: importer@patchew.org Authentication-Results: mx.zohomail.com; dkim=pass; spf=pass (zohomail.com: domain of gnu.org designates 209.51.188.17 as permitted sender) smtp.mailfrom=qemu-devel-bounces+importer=patchew.org@nongnu.org; dmarc=fail(p=none dis=none) header.from=bytedance.com ARC-Seal: i=1; a=rsa-sha256; t=1652490510; cv=none; d=zohomail.com; s=zohoarc; b=Q2wZNOzHEhffGtyPQfCyONhGz5jkibHp9uTKsBOzt/3JM5JwUpymTyE6R355TrRDgMSU+VuaUU/HAyJlnJH+kuy5btPMp2ftZJVQtaqbWgvg49QSPzAOmmFRq9urDm7UBJcTaBrctutoeAX+9Y5iXJEOI8Be2E6VkXCohLhKEBo= ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=zohomail.com; s=zohoarc; t=1652490510; h=Content-Transfer-Encoding:Cc:Date:From:In-Reply-To:List-Subscribe:List-Post:List-Id:List-Archive:List-Help:List-Unsubscribe:MIME-Version:Message-ID:References:Sender:Subject:To; bh=h34AXTj+8XUDrvB6MUnog+G/Mps9P+4k/0m79B0Juyk=; b=C8F0DF5IvHzJJqaJWaNiV4RA/cgfVdA3gDn6y/nksd0MZv62BzUsBqK3tdhiUrNIDeKAY4LeUuRB8HqJnLe4jUAn1CpDICg3EvNKAOW7OWweH7d09eButWhpSMgmW90EGl2mRIozX4tp1yTaKsC+7zBJ9OVp166Tcxs+PJ8ZPn0= ARC-Authentication-Results: i=1; mx.zohomail.com; dkim=pass; spf=pass (zohomail.com: domain of gnu.org designates 209.51.188.17 as permitted sender) smtp.mailfrom=qemu-devel-bounces+importer=patchew.org@nongnu.org; dmarc=fail header.from= (p=none dis=none) Return-Path: Received: from lists.gnu.org (lists.gnu.org [209.51.188.17]) by mx.zohomail.com with SMTPS id 1652490510416267.07543835443596; Fri, 13 May 2022 18:08:30 -0700 (PDT) Received: from localhost ([::1]:51508 helo=lists1p.gnu.org) by lists.gnu.org with esmtp (Exim 4.90_1) (envelope-from ) id 1npgGj-0003NU-9R for importer@patchew.org; Fri, 13 May 2022 21:08:29 -0400 Received: from eggs.gnu.org ([2001:470:142:3::10]:41776) by lists.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.90_1) (envelope-from ) id 1npg8K-0001xB-ES for qemu-devel@nongnu.org; Fri, 13 May 2022 20:59:48 -0400 Received: from mail-pj1-x1030.google.com ([2607:f8b0:4864:20::1030]:34235) by eggs.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_128_GCM_SHA256:128) (Exim 4.90_1) (envelope-from ) id 1npg8H-0008Sz-PV for qemu-devel@nongnu.org; Fri, 13 May 2022 20:59:48 -0400 Received: by mail-pj1-x1030.google.com with SMTP id qe3-20020a17090b4f8300b001dc24e4da73so8861004pjb.1 for ; Fri, 13 May 2022 17:59:45 -0700 (PDT) Received: from always-x1.www.tendawifi.com ([139.177.225.239]) by smtp.gmail.com with ESMTPSA id t24-20020a170902b21800b0015e8d4eb1dbsm2466125plr.37.2022.05.13.17.59.40 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Fri, 13 May 2022 17:59:43 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=bytedance-com.20210112.gappssmtp.com; s=20210112; h=from:to:cc:subject:date:message-id:in-reply-to:references :mime-version:content-transfer-encoding; bh=h34AXTj+8XUDrvB6MUnog+G/Mps9P+4k/0m79B0Juyk=; b=Gv8pKSglvH5a5FyHPh8FedxfR6/+yWjEuWXTKSfYfNg5JZAi2NN5VMWPt4ee4FBj43 av3hOrGGfGYZeKR0cSeHUGAzFxhHVDvGn7VJnVKyEd/tAfOgYY63AoSqajftZsDvKHKT AHqwj+nV4qxyu1kWDY9II5KJU9FV2sTw+a23bn+zzUJnoygWPNw8Pj2642AkzYb+a7/E ZI3mWepUwMMlk0A9UZyBeH9arseKMJCfrdq4l7NekWWGSaVm2EHrJG7yL2+fyNfCXKA8 MjKSXi+OHGbJS/huFNMr2xnwAPHWwxsK+2LMd7I+So07VyYnwXzwqajt37mVd97Ku2Ty lOkA== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20210112; h=x-gm-message-state:from:to:cc:subject:date:message-id:in-reply-to :references:mime-version:content-transfer-encoding; bh=h34AXTj+8XUDrvB6MUnog+G/Mps9P+4k/0m79B0Juyk=; b=bEML4mdggeiNdZ85OBCUdInxmAGBBbsAby5tm6kjdxbdvQWVJhuImRXK/L6qFDTt8k YHOnBuk3w/jSuHUcFkx3tp12If+c9bw7a7aLRsEKOk5gdhW4yTJwe4DVShza7BzZ+u46 +YH/ggOSS/0AmFpb4JNlx0jw2Nu+JEHY+SjIhEogrPXmbJjxdV2CKOGeWNPsA/gkwsS3 Dm1tXBmkAScMgMhIJDpdDHEuYeivk5lh+lvQ9g2p/Zkn9zbwIAG4TWz9nfzzDmwNMkuf tRsgDSjrMqf6iey9C1UiYk4ExCQ+X7hnfSAznQ6fOowYzAE7UHNaoXf+R/Yly0fpyYvo LDxQ== X-Gm-Message-State: AOAM532ERdSVSCB/cuSKJPFRQDxwIAAC+9PgyozyJvq+OXx773BfUTqR DerZJELN2ZOe8YveQ5Gq85AjEg== X-Google-Smtp-Source: ABdhPJwKNXpv6ys3t5ZQgXZ8kQmZngYVkPBd0w14p7J13IRwVJ7tkyZpsqTNpeBcIB0d7P5ySKz9+g== X-Received: by 2002:a17:902:f650:b0:15f:3a10:a020 with SMTP id m16-20020a170902f65000b0015f3a10a020mr7187672plg.61.1652489984280; Fri, 13 May 2022 17:59:44 -0700 (PDT) From: zhenwei pi To: mst@redhat.com, arei.gonglei@huawei.com, berrange@redhat.com Cc: qemu-devel@nongnu.org, virtualization@lists.linux-foundation.org, linux-crypto@vger.kernel.org, helei.sig11@bytedance.com, jasowang@redhat.com, pizhenwei@bytedance.com, cohuck@redhat.com Subject: [PATCH v6 6/9] crypto: Implement RSA algorithm by gcrypt Date: Sat, 14 May 2022 08:55:01 +0800 Message-Id: <20220514005504.1042884-7-pizhenwei@bytedance.com> X-Mailer: git-send-email 2.25.1 In-Reply-To: <20220514005504.1042884-1-pizhenwei@bytedance.com> References: <20220514005504.1042884-1-pizhenwei@bytedance.com> MIME-Version: 1.0 Content-Transfer-Encoding: quoted-printable Received-SPF: pass (zohomail.com: domain of gnu.org designates 209.51.188.17 as permitted sender) client-ip=209.51.188.17; envelope-from=qemu-devel-bounces+importer=patchew.org@nongnu.org; helo=lists.gnu.org; Received-SPF: pass client-ip=2607:f8b0:4864:20::1030; envelope-from=pizhenwei@bytedance.com; helo=mail-pj1-x1030.google.com X-Spam_score_int: -18 X-Spam_score: -1.9 X-Spam_bar: - X-Spam_report: (-1.9 / 5.0 requ) BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, RCVD_IN_DNSWL_NONE=-0.0001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001, T_SCC_BODY_TEXT_LINE=-0.01 autolearn=ham autolearn_force=no X-Spam_action: no action X-BeenThere: qemu-devel@nongnu.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: qemu-devel-bounces+importer=patchew.org@nongnu.org Sender: "Qemu-devel" X-ZohoMail-DKIM: pass (identity @bytedance-com.20210112.gappssmtp.com) X-ZM-MESSAGEID: 1652490512323100003 Content-Type: text/plain; charset="utf-8" From: Lei He Added gcryt implementation of RSA algorithm, RSA algorithm implemented by gcrypt has a higher priority than nettle because it supports raw padding. Signed-off-by: zhenwei pi Signed-off-by: lei he --- crypto/akcipher-gcrypt.c.inc | 597 +++++++++++++++++++++++++++++++++++ crypto/akcipher.c | 4 +- 2 files changed, 600 insertions(+), 1 deletion(-) create mode 100644 crypto/akcipher-gcrypt.c.inc diff --git a/crypto/akcipher-gcrypt.c.inc b/crypto/akcipher-gcrypt.c.inc new file mode 100644 index 0000000000..6c5daa301e --- /dev/null +++ b/crypto/akcipher-gcrypt.c.inc @@ -0,0 +1,597 @@ +/* + * QEMU Crypto akcipher algorithms + * + * Copyright (c) 2022 Bytedance + * Author: lei he + * + * This library is free software; you can redistribute it and/or + * modify it under the terms of the GNU Lesser General Public + * License as published by the Free Software Foundation; either + * version 2.1 of the License, or (at your option) any later version. + * + * This library is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU + * Lesser General Public License for more details. + * + * You should have received a copy of the GNU Lesser General Public + * License along with this library; if not, see . + * + */ + +#include + +#include "qemu/osdep.h" +#include "qemu/host-utils.h" +#include "crypto/akcipher.h" +#include "crypto/random.h" +#include "qapi/error.h" +#include "sysemu/cryptodev.h" +#include "rsakey.h" + +typedef struct QCryptoGcryptRSA { + QCryptoAkCipher akcipher; + gcry_sexp_t key; + QCryptoRSAPaddingAlgorithm padding_alg; + QCryptoHashAlgorithm hash_alg; +} QCryptoGcryptRSA; + +static void qcrypto_gcrypt_rsa_free(QCryptoAkCipher *akcipher) +{ + QCryptoGcryptRSA *rsa =3D (QCryptoGcryptRSA *)akcipher; + if (!rsa) { + return; + } + + gcry_sexp_release(rsa->key); + g_free(rsa); +} + +static QCryptoGcryptRSA *qcrypto_gcrypt_rsa_new( + const QCryptoAkCipherOptionsRSA *opt, + QCryptoAkCipherKeyType type, + const uint8_t *key, size_t keylen, + Error **errp); + +QCryptoAkCipher *qcrypto_akcipher_new(const QCryptoAkCipherOptions *opts, + QCryptoAkCipherKeyType type, + const uint8_t *key, size_t keylen, + Error **errp) +{ + switch (opts->alg) { + case QCRYPTO_AKCIPHER_ALG_RSA: + return (QCryptoAkCipher *)qcrypto_gcrypt_rsa_new( + &opts->u.rsa, type, key, keylen, errp); + + default: + error_setg(errp, "Unsupported algorithm: %u", opts->alg); + return NULL; + } + + return NULL; +} + +static void qcrypto_gcrypt_set_rsa_size(QCryptoAkCipher *akcipher, gcry_mp= i_t n) +{ + size_t key_size =3D (gcry_mpi_get_nbits(n) + 7) / 8; + akcipher->max_plaintext_len =3D key_size; + akcipher->max_ciphertext_len =3D key_size; + akcipher->max_dgst_len =3D key_size; + akcipher->max_signature_len =3D key_size; +} + +static int qcrypto_gcrypt_parse_rsa_private_key( + QCryptoGcryptRSA *rsa, + const uint8_t *key, size_t keylen, Error **errp) +{ + g_autoptr(QCryptoAkCipherRSAKey) rsa_key =3D qcrypto_akcipher_rsakey_p= arse( + QCRYPTO_AKCIPHER_KEY_TYPE_PRIVATE, key, keylen, errp); + gcry_mpi_t n =3D NULL, e =3D NULL, d =3D NULL, p =3D NULL, q =3D NULL,= u =3D NULL; + bool compute_mul_inv =3D false; + int ret =3D -1; + gcry_error_t err; + + if (!rsa_key) { + return ret; + } + + err =3D gcry_mpi_scan(&n, GCRYMPI_FMT_STD, + rsa_key->n.data, rsa_key->n.len, NULL); + if (gcry_err_code(err) !=3D 0) { + error_setg(errp, "Failed to parse RSA parameter n: %s/%s", + gcry_strsource(err), gcry_strerror(err)); + goto cleanup; + } + + err =3D gcry_mpi_scan(&e, GCRYMPI_FMT_STD, + rsa_key->e.data, rsa_key->e.len, NULL); + if (gcry_err_code(err) !=3D 0) { + error_setg(errp, "Failed to parse RSA parameter e: %s/%s", + gcry_strsource(err), gcry_strerror(err)); + goto cleanup; + } + + err =3D gcry_mpi_scan(&d, GCRYMPI_FMT_STD, + rsa_key->d.data, rsa_key->d.len, NULL); + if (gcry_err_code(err) !=3D 0) { + error_setg(errp, "Failed to parse RSA parameter d: %s/%s", + gcry_strsource(err), gcry_strerror(err)); + goto cleanup; + } + + err =3D gcry_mpi_scan(&p, GCRYMPI_FMT_STD, + rsa_key->p.data, rsa_key->p.len, NULL); + if (gcry_err_code(err) !=3D 0) { + error_setg(errp, "Failed to parse RSA parameter p: %s/%s", + gcry_strsource(err), gcry_strerror(err)); + goto cleanup; + } + + err =3D gcry_mpi_scan(&q, GCRYMPI_FMT_STD, + rsa_key->q.data, rsa_key->q.len, NULL); + if (gcry_err_code(err) !=3D 0) { + error_setg(errp, "Failed to parse RSA parameter q: %s/%s", + gcry_strsource(err), gcry_strerror(err)); + goto cleanup; + } + + if (gcry_mpi_cmp_ui(p, 0) > 0 && gcry_mpi_cmp_ui(q, 0) > 0) { + compute_mul_inv =3D true; + + u =3D gcry_mpi_new(0); + if (gcry_mpi_cmp(p, q) > 0) { + gcry_mpi_swap(p, q); + } + gcry_mpi_invm(u, p, q); + } + + if (compute_mul_inv) { + err =3D gcry_sexp_build(&rsa->key, NULL, + "(private-key (rsa (n %m) (e %m) (d %m) (p %m) (q %m) (u %m)))= ", + n, e, d, p, q, u); + } else { + err =3D gcry_sexp_build(&rsa->key, NULL, + "(private-key (rsa (n %m) (e %m) (d %m)))", n, e, d); + } + if (gcry_err_code(err) !=3D 0) { + error_setg(errp, "Failed to build RSA private key: %s/%s", + gcry_strsource(err), gcry_strerror(err)); + goto cleanup; + } + qcrypto_gcrypt_set_rsa_size((QCryptoAkCipher *)rsa, n); + ret =3D 0; + +cleanup: + gcry_mpi_release(n); + gcry_mpi_release(e); + gcry_mpi_release(d); + gcry_mpi_release(p); + gcry_mpi_release(q); + gcry_mpi_release(u); + return ret; +} + +static int qcrypto_gcrypt_parse_rsa_public_key(QCryptoGcryptRSA *rsa, + const uint8_t *key, + size_t keylen, + Error **errp) +{ + + g_autoptr(QCryptoAkCipherRSAKey) rsa_key =3D qcrypto_akcipher_rsakey_p= arse( + QCRYPTO_AKCIPHER_KEY_TYPE_PUBLIC, key, keylen, errp); + gcry_mpi_t n =3D NULL, e =3D NULL; + int ret =3D -1; + gcry_error_t err; + + if (!rsa_key) { + return ret; + } + + err =3D gcry_mpi_scan(&n, GCRYMPI_FMT_STD, + rsa_key->n.data, rsa_key->n.len, NULL); + if (gcry_err_code(err) !=3D 0) { + error_setg(errp, "Failed to parse RSA parameter n: %s/%s", + gcry_strsource(err), gcry_strerror(err)); + goto cleanup; + } + + err =3D gcry_mpi_scan(&e, GCRYMPI_FMT_STD, + rsa_key->e.data, rsa_key->e.len, NULL); + if (gcry_err_code(err) !=3D 0) { + error_setg(errp, "Failed to parse RSA parameter e: %s/%s", + gcry_strsource(err), gcry_strerror(err)); + goto cleanup; + } + + err =3D gcry_sexp_build(&rsa->key, NULL, + "(public-key (rsa (n %m) (e %m)))", n, e); + if (gcry_err_code(err) !=3D 0) { + error_setg(errp, "Failed to build RSA public key: %s/%s", + gcry_strsource(err), gcry_strerror(err)); + goto cleanup; + } + qcrypto_gcrypt_set_rsa_size((QCryptoAkCipher *)rsa, n); + ret =3D 0; + +cleanup: + gcry_mpi_release(n); + gcry_mpi_release(e); + return ret; +} + +static int qcrypto_gcrypt_rsa_encrypt(QCryptoAkCipher *akcipher, + const void *in, size_t in_len, + void *out, size_t out_len, + Error **errp) +{ + QCryptoGcryptRSA *rsa =3D (QCryptoGcryptRSA *)akcipher; + int ret =3D -1; + gcry_sexp_t data_sexp =3D NULL, cipher_sexp =3D NULL; + gcry_sexp_t cipher_sexp_item =3D NULL; + gcry_mpi_t cipher_mpi =3D NULL; + const char *result; + gcry_error_t err; + size_t actual_len; + + if (in_len > akcipher->max_plaintext_len) { + error_setg(errp, "Plaintext length is greater than key size: %d", + akcipher->max_plaintext_len); + return ret; + } + + err =3D gcry_sexp_build(&data_sexp, NULL, + "(data (flags %s) (value %b))", + QCryptoRSAPaddingAlgorithm_str(rsa->padding_alg), + in_len, in); + if (gcry_err_code(err) !=3D 0) { + error_setg(errp, "Failed to build plaintext: %s/%s", + gcry_strsource(err), gcry_strerror(err)); + goto cleanup; + } + + err =3D gcry_pk_encrypt(&cipher_sexp, data_sexp, rsa->key); + if (gcry_err_code(err) !=3D 0) { + error_setg(errp, "Failed to encrypt: %s/%s", + gcry_strsource(err), gcry_strerror(err)); + goto cleanup; + } + + /* S-expression of cipher: (enc-val (rsa (a a-mpi))) */ + cipher_sexp_item =3D gcry_sexp_find_token(cipher_sexp, "a", 0); + if (!cipher_sexp_item || gcry_sexp_length(cipher_sexp_item) !=3D 2) { + error_setg(errp, "Invalid ciphertext result"); + goto cleanup; + } + + if (rsa->padding_alg =3D=3D QCRYPTO_RSA_PADDING_ALG_RAW) { + cipher_mpi =3D gcry_sexp_nth_mpi(cipher_sexp_item, 1, GCRYMPI_FMT_= USG); + if (!cipher_mpi) { + error_setg(errp, "Invalid ciphertext result"); + goto cleanup; + } + err =3D gcry_mpi_print(GCRYMPI_FMT_USG, out, out_len, + &actual_len, cipher_mpi); + if (gcry_err_code(err) !=3D 0) { + error_setg(errp, "Failed to print MPI: %s/%s", + gcry_strsource(err), gcry_strerror(err)); + goto cleanup; + } + + if (actual_len > out_len) { + error_setg(errp, "Ciphertext buffer length is too small"); + goto cleanup; + } + + /* We always padding leading-zeros for RSA-RAW */ + if (actual_len < out_len) { + memmove((uint8_t *)out + (out_len - actual_len), out, actual_l= en); + memset(out, 0, out_len - actual_len); + } + ret =3D out_len; + + } else { + result =3D gcry_sexp_nth_data(cipher_sexp_item, 1, &actual_len); + if (!result) { + error_setg(errp, "Invalid ciphertext result"); + goto cleanup; + } + if (actual_len > out_len) { + error_setg(errp, "Ciphertext buffer length is too small"); + goto cleanup; + } + memcpy(out, result, actual_len); + ret =3D actual_len; + } + +cleanup: + gcry_sexp_release(data_sexp); + gcry_sexp_release(cipher_sexp); + gcry_sexp_release(cipher_sexp_item); + gcry_mpi_release(cipher_mpi); + return ret; +} + +static int qcrypto_gcrypt_rsa_decrypt(QCryptoAkCipher *akcipher, + const void *in, size_t in_len, + void *out, size_t out_len, + Error **errp) +{ + QCryptoGcryptRSA *rsa =3D (QCryptoGcryptRSA *)akcipher; + int ret =3D -1; + gcry_sexp_t data_sexp =3D NULL, cipher_sexp =3D NULL; + gcry_mpi_t data_mpi =3D NULL; + gcry_error_t err; + size_t actual_len; + const char *result; + + if (in_len > akcipher->max_ciphertext_len) { + error_setg(errp, "Ciphertext length is greater than key size: %d", + akcipher->max_ciphertext_len); + return ret; + } + + err =3D gcry_sexp_build(&cipher_sexp, NULL, + "(enc-val (flags %s) (rsa (a %b) ))", + QCryptoRSAPaddingAlgorithm_str(rsa->padding_alg), + in_len, in); + if (gcry_err_code(err) !=3D 0) { + error_setg(errp, "Failed to build ciphertext: %s/%s", + gcry_strsource(err), gcry_strerror(err)); + goto cleanup; + } + + err =3D gcry_pk_decrypt(&data_sexp, cipher_sexp, rsa->key); + if (gcry_err_code(err) !=3D 0) { + error_setg(errp, "Failed to decrypt: %s/%s", + gcry_strsource(err), gcry_strerror(err)); + goto cleanup; + } + + /* S-expression of plaintext: (value plaintext) */ + if (rsa->padding_alg =3D=3D QCRYPTO_RSA_PADDING_ALG_RAW) { + data_mpi =3D gcry_sexp_nth_mpi(data_sexp, 1, GCRYMPI_FMT_USG); + if (!data_mpi) { + error_setg(errp, "Invalid plaintext result"); + goto cleanup; + } + err =3D gcry_mpi_print(GCRYMPI_FMT_USG, out, out_len, + &actual_len, data_mpi); + if (gcry_err_code(err) !=3D 0) { + error_setg(errp, "Failed to print MPI: %s/%s", + gcry_strsource(err), gcry_strerror(err)); + goto cleanup; + } + if (actual_len > out_len) { + error_setg(errp, "Plaintext buffer length is too small"); + goto cleanup; + } + /* We always padding leading-zeros for RSA-RAW */ + if (actual_len < out_len) { + memmove((uint8_t *)out + (out_len - actual_len), out, actual_l= en); + memset(out, 0, out_len - actual_len); + } + ret =3D out_len; + } else { + result =3D gcry_sexp_nth_data(data_sexp, 1, &actual_len); + if (!result) { + error_setg(errp, "Invalid plaintext result"); + goto cleanup; + } + if (actual_len > out_len) { + error_setg(errp, "Plaintext buffer length is too small"); + goto cleanup; + } + memcpy(out, result, actual_len); + ret =3D actual_len; + } + +cleanup: + gcry_sexp_release(cipher_sexp); + gcry_sexp_release(data_sexp); + gcry_mpi_release(data_mpi); + return ret; +} + +static int qcrypto_gcrypt_rsa_sign(QCryptoAkCipher *akcipher, + const void *in, size_t in_len, + void *out, size_t out_len, Error **errp) +{ + QCryptoGcryptRSA *rsa =3D (QCryptoGcryptRSA *)akcipher; + int ret =3D -1; + gcry_sexp_t dgst_sexp =3D NULL, sig_sexp =3D NULL; + gcry_sexp_t sig_sexp_item =3D NULL; + const char *result; + gcry_error_t err; + size_t actual_len; + + if (in_len > akcipher->max_dgst_len) { + error_setg(errp, "Data length is greater than key size: %d", + akcipher->max_dgst_len); + return ret; + } + + if (rsa->padding_alg !=3D QCRYPTO_RSA_PADDING_ALG_PKCS1) { + error_setg(errp, "Invalid padding %u", rsa->padding_alg); + return ret; + } + + err =3D gcry_sexp_build(&dgst_sexp, NULL, + "(data (flags pkcs1) (hash %s %b))", + QCryptoHashAlgorithm_str(rsa->hash_alg), + in_len, in); + if (gcry_err_code(err) !=3D 0) { + error_setg(errp, "Failed to build dgst: %s/%s", + gcry_strsource(err), gcry_strerror(err)); + goto cleanup; + } + + err =3D gcry_pk_sign(&sig_sexp, dgst_sexp, rsa->key); + if (gcry_err_code(err) !=3D 0) { + error_setg(errp, "Failed to make signature: %s/%s", + gcry_strsource(err), gcry_strerror(err)); + goto cleanup; + } + + /* S-expression of signature: (sig-val (rsa (s s-mpi))) */ + sig_sexp_item =3D gcry_sexp_find_token(sig_sexp, "s", 0); + if (!sig_sexp_item || gcry_sexp_length(sig_sexp_item) !=3D 2) { + error_setg(errp, "Invalid signature result"); + goto cleanup; + } + + result =3D gcry_sexp_nth_data(sig_sexp_item, 1, &actual_len); + if (!result) { + error_setg(errp, "Invalid signature result"); + goto cleanup; + } + + if (actual_len > out_len) { + error_setg(errp, "Signature buffer length is too small"); + goto cleanup; + } + memcpy(out, result, actual_len); + ret =3D actual_len; + +cleanup: + gcry_sexp_release(dgst_sexp); + gcry_sexp_release(sig_sexp); + gcry_sexp_release(sig_sexp_item); + + return ret; +} + +static int qcrypto_gcrypt_rsa_verify(QCryptoAkCipher *akcipher, + const void *in, size_t in_len, + const void *in2, size_t in2_len, + Error **errp) +{ + QCryptoGcryptRSA *rsa =3D (QCryptoGcryptRSA *)akcipher; + int ret =3D -1; + gcry_sexp_t sig_sexp =3D NULL, dgst_sexp =3D NULL; + gcry_error_t err; + + if (in_len > akcipher->max_signature_len) { + error_setg(errp, "Signature length is greater than key size: %d", + akcipher->max_signature_len); + return ret; + } + + if (in2_len > akcipher->max_dgst_len) { + error_setg(errp, "Data length is greater than key size: %d", + akcipher->max_dgst_len); + return ret; + } + + if (rsa->padding_alg !=3D QCRYPTO_RSA_PADDING_ALG_PKCS1) { + error_setg(errp, "Invalid padding %u", rsa->padding_alg); + return ret; + } + + err =3D gcry_sexp_build(&sig_sexp, NULL, + "(sig-val (rsa (s %b)))", in_len, in); + if (gcry_err_code(err) !=3D 0) { + error_setg(errp, "Failed to build signature: %s/%s", + gcry_strsource(err), gcry_strerror(err)); + goto cleanup; + } + + err =3D gcry_sexp_build(&dgst_sexp, NULL, + "(data (flags pkcs1) (hash %s %b))", + QCryptoHashAlgorithm_str(rsa->hash_alg), + in2_len, in2); + if (gcry_err_code(err) !=3D 0) { + error_setg(errp, "Failed to build dgst: %s/%s", + gcry_strsource(err), gcry_strerror(err)); + goto cleanup; + } + + err =3D gcry_pk_verify(sig_sexp, dgst_sexp, rsa->key); + if (gcry_err_code(err) !=3D 0) { + error_setg(errp, "Failed to verify signature: %s/%s", + gcry_strsource(err), gcry_strerror(err)); + goto cleanup; + } + ret =3D 0; + +cleanup: + gcry_sexp_release(dgst_sexp); + gcry_sexp_release(sig_sexp); + + return ret; +} + +QCryptoAkCipherDriver gcrypt_rsa =3D { + .encrypt =3D qcrypto_gcrypt_rsa_encrypt, + .decrypt =3D qcrypto_gcrypt_rsa_decrypt, + .sign =3D qcrypto_gcrypt_rsa_sign, + .verify =3D qcrypto_gcrypt_rsa_verify, + .free =3D qcrypto_gcrypt_rsa_free, +}; + +static QCryptoGcryptRSA *qcrypto_gcrypt_rsa_new( + const QCryptoAkCipherOptionsRSA *opt, + QCryptoAkCipherKeyType type, + const uint8_t *key, size_t keylen, + Error **errp) +{ + QCryptoGcryptRSA *rsa =3D g_new0(QCryptoGcryptRSA, 1); + rsa->padding_alg =3D opt->padding_alg; + rsa->hash_alg =3D opt->hash_alg; + rsa->akcipher.driver =3D &gcrypt_rsa; + + switch (type) { + case QCRYPTO_AKCIPHER_KEY_TYPE_PRIVATE: + if (qcrypto_gcrypt_parse_rsa_private_key(rsa, key, keylen, errp) != =3D 0) { + error_setg(errp, "Failed to parse rsa private key"); + goto error; + } + break; + + case QCRYPTO_AKCIPHER_KEY_TYPE_PUBLIC: + if (qcrypto_gcrypt_parse_rsa_public_key(rsa, key, keylen, errp) != =3D 0) { + error_setg(errp, "Failed to parse rsa public rsa key"); + goto error; + } + break; + + default: + error_setg(errp, "Unknown akcipher key type %d", type); + goto error; + } + + return rsa; + +error: + qcrypto_gcrypt_rsa_free((QCryptoAkCipher *)rsa); + return NULL; +} + + +bool qcrypto_akcipher_supports(QCryptoAkCipherOptions *opts) +{ + switch (opts->alg) { + case QCRYPTO_AKCIPHER_ALG_RSA: + switch (opts->u.rsa.padding_alg) { + case QCRYPTO_RSA_PADDING_ALG_RAW: + return true; + + case QCRYPTO_RSA_PADDING_ALG_PKCS1: + switch (opts->u.rsa.hash_alg) { + case QCRYPTO_HASH_ALG_MD5: + case QCRYPTO_HASH_ALG_SHA1: + case QCRYPTO_HASH_ALG_SHA256: + case QCRYPTO_HASH_ALG_SHA512: + return true; + + default: + return false; + } + + default: + return false; + } + + default: + return true; + } +} diff --git a/crypto/akcipher.c b/crypto/akcipher.c index f287083f92..ad88379c1e 100644 --- a/crypto/akcipher.c +++ b/crypto/akcipher.c @@ -23,7 +23,9 @@ #include "crypto/akcipher.h" #include "akcipherpriv.h" =20 -#if defined(CONFIG_NETTLE) && defined(CONFIG_HOGWEED) +#if defined(CONFIG_GCRYPT) +#include "akcipher-gcrypt.c.inc" +#elif defined(CONFIG_NETTLE) && defined(CONFIG_HOGWEED) #include "akcipher-nettle.c.inc" #else QCryptoAkCipher *qcrypto_akcipher_new(const QCryptoAkCipherOptions *opts, --=20 2.20.1 From nobody Sat Apr 20 03:09:53 2024 Delivered-To: importer@patchew.org Authentication-Results: mx.zohomail.com; dkim=pass; spf=pass (zohomail.com: domain of gnu.org designates 209.51.188.17 as permitted sender) smtp.mailfrom=qemu-devel-bounces+importer=patchew.org@nongnu.org; dmarc=fail(p=none dis=none) header.from=bytedance.com ARC-Seal: i=1; a=rsa-sha256; t=1652490509; cv=none; d=zohomail.com; s=zohoarc; b=MI17/A/Al9BD83ddNQ5EUdC7XnT+28R+WvJSD7+viLyHHp+U8UwbvUczp8K3twytkeovu1VBYuGECK04SlGgp5urY1Lyl+OnaJ48VBcGZrSVprbuUpOwVaeXDt8qw6QtXQLtTSGFl84m2SRpDLW0pDCLAADZjleCzN9GY4Kf8Nk= ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=zohomail.com; s=zohoarc; t=1652490509; h=Content-Type:Content-Transfer-Encoding:Cc:Date:From:In-Reply-To:List-Subscribe:List-Post:List-Id:List-Archive:List-Help:List-Unsubscribe:MIME-Version:Message-ID:References:Sender:Subject:To; bh=HOe8OKHjGjgPipHcmR/wxbQN3SkgDrKMtAbPYd9GV+w=; b=XdZGQ7wbemhv85ssUN+RrdbqyypklSjYJ/QR/xUMq9PndR7RWG/0riCZmEHAb0qWkCzsdILlZQMpTxcICTaDTN6aduJhOiB2aHMDxQK88RYoumOmzpu5m+Sa9lOg5Ib30A7b49591LkX6YfQyJprOvJ2z9GyHl7g+G5cZlnfhi8= ARC-Authentication-Results: i=1; mx.zohomail.com; dkim=pass; spf=pass (zohomail.com: domain of gnu.org designates 209.51.188.17 as permitted sender) smtp.mailfrom=qemu-devel-bounces+importer=patchew.org@nongnu.org; dmarc=fail header.from= (p=none dis=none) Return-Path: Received: from lists.gnu.org (lists.gnu.org [209.51.188.17]) by mx.zohomail.com with SMTPS id 1652490509332925.3424770530626; Fri, 13 May 2022 18:08:29 -0700 (PDT) Received: from localhost ([::1]:51284 helo=lists1p.gnu.org) by lists.gnu.org with esmtp (Exim 4.90_1) (envelope-from ) id 1npgGh-0003EF-LT for importer@patchew.org; Fri, 13 May 2022 21:08:27 -0400 Received: from eggs.gnu.org ([2001:470:142:3::10]:41802) by lists.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.90_1) (envelope-from ) id 1npg8R-0002DJ-Vu for qemu-devel@nongnu.org; Fri, 13 May 2022 20:59:59 -0400 Received: from mail-pj1-x102e.google.com ([2607:f8b0:4864:20::102e]:50866) by eggs.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_128_GCM_SHA256:128) (Exim 4.90_1) (envelope-from ) id 1npg8N-0008TS-9x for qemu-devel@nongnu.org; Fri, 13 May 2022 20:59:55 -0400 Received: by mail-pj1-x102e.google.com with SMTP id iq10so9495015pjb.0 for ; Fri, 13 May 2022 17:59:50 -0700 (PDT) Received: from always-x1.www.tendawifi.com ([139.177.225.239]) by smtp.gmail.com with ESMTPSA id t24-20020a170902b21800b0015e8d4eb1dbsm2466125plr.37.2022.05.13.17.59.44 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Fri, 13 May 2022 17:59:48 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=bytedance-com.20210112.gappssmtp.com; s=20210112; h=from:to:cc:subject:date:message-id:in-reply-to:references :mime-version:content-transfer-encoding; bh=HOe8OKHjGjgPipHcmR/wxbQN3SkgDrKMtAbPYd9GV+w=; b=HwzUT3y+ysp7SPjqrm2c+6/Zsi0wNe1HWeML3gsK6LJfIuDdKmTgjYTRFeR0qmFOSS 80s0mJecgKt+2wfG9QM4tFkMowwvnr/W/rGlg2J6Ndiy7kl/yjarlMfLtdX+C6USVJ6s fvGRpMa0tlRh4diokGmBSh70a7PhOosZd5lKPKdwVIWj4c1aB3Y45V7+JNb7LSEbHtIW EfAz+ZTIrnvs8TZeRaI/tC5mDEbGuaSsePKuvw1CTCDp8DiK8IoOkc8UXrUyCTGULWK9 epIe3U5EEM4ZplsrMKzthrG1ylIqVG48zPlpxXI+8JRNd2mZ8aXSHg03dWCxEiRKfPMM lrRQ== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20210112; h=x-gm-message-state:from:to:cc:subject:date:message-id:in-reply-to :references:mime-version:content-transfer-encoding; bh=HOe8OKHjGjgPipHcmR/wxbQN3SkgDrKMtAbPYd9GV+w=; b=eLnT3rh2DaxWQxJqBbw5f7HKC+Ky0W1ar+aqSpE5yA/LReo9ZN/g1BNQ12ujxOfVOu 5E27al13xVkSmQNA51vDJLss24hjUs8quF3gKp0JBkya/zCQd0LL3R6h/BIVrLv5OtTC Lub5xGSqxONtWZMNeZvJhpH+KQVBrUB8RBXO44UgBX7c7Qs7uYYgcDi12xDFAVx909Ep SaiyuS+wMeGDakCy5erxgJ7/+b0+REtJQXbKKj+D0nwYabKKBed1IGjeKNM+DWaKth8A C3NcELuzznqq6MxJ9T95NnX7+0pz/MJixoygCndsHh/BMJLiAqaI97t3ZB1LyVo8G00t VfMg== X-Gm-Message-State: AOAM533Rjum+88xypHwSPxlfB+/RK7RhA2kp+A5BYX9U8A3mOGLVqOE2 FsK7PPo8xyXNC21LfAMJTray0A== X-Google-Smtp-Source: ABdhPJzAk3kGQ47kkxExJmyrv4nBMmRITRAUz+A+U11BqrgKh9DadPjHre5lwJ2U0H0QWSaM2SZZ0A== X-Received: by 2002:a17:90b:1d10:b0:1dc:dea8:d2ad with SMTP id on16-20020a17090b1d1000b001dcdea8d2admr18842038pjb.174.1652489989164; Fri, 13 May 2022 17:59:49 -0700 (PDT) From: zhenwei pi To: mst@redhat.com, arei.gonglei@huawei.com, berrange@redhat.com Cc: qemu-devel@nongnu.org, virtualization@lists.linux-foundation.org, linux-crypto@vger.kernel.org, helei.sig11@bytedance.com, jasowang@redhat.com, pizhenwei@bytedance.com, cohuck@redhat.com Subject: [PATCH v6 7/9] test/crypto: Add test suite for crypto akcipher Date: Sat, 14 May 2022 08:55:02 +0800 Message-Id: <20220514005504.1042884-8-pizhenwei@bytedance.com> X-Mailer: git-send-email 2.25.1 In-Reply-To: <20220514005504.1042884-1-pizhenwei@bytedance.com> References: <20220514005504.1042884-1-pizhenwei@bytedance.com> MIME-Version: 1.0 Content-Type: text/plain; charset="utf-8" Content-Transfer-Encoding: quoted-printable Received-SPF: pass (zohomail.com: domain of gnu.org designates 209.51.188.17 as permitted sender) client-ip=209.51.188.17; envelope-from=qemu-devel-bounces+importer=patchew.org@nongnu.org; helo=lists.gnu.org; Received-SPF: pass client-ip=2607:f8b0:4864:20::102e; envelope-from=pizhenwei@bytedance.com; helo=mail-pj1-x102e.google.com X-Spam_score_int: -18 X-Spam_score: -1.9 X-Spam_bar: - X-Spam_report: (-1.9 / 5.0 requ) BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, RCVD_IN_DNSWL_NONE=-0.0001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001, T_SCC_BODY_TEXT_LINE=-0.01 autolearn=ham autolearn_force=no X-Spam_action: no action X-BeenThere: qemu-devel@nongnu.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: qemu-devel-bounces+importer=patchew.org@nongnu.org Sender: "Qemu-devel" X-ZohoMail-DKIM: pass (identity @bytedance-com.20210112.gappssmtp.com) X-ZM-MESSAGEID: 1652490510416100001 From: Lei He Add unit test and benchmark test for crypto akcipher. Signed-off-by: lei he Signed-off-by: zhenwei pi Reviewed-by: Daniel P. Berrang=C3=A9 --- tests/bench/benchmark-crypto-akcipher.c | 157 ++++++ tests/bench/meson.build | 1 + tests/bench/test_akcipher_keys.inc | 537 ++++++++++++++++++ tests/unit/meson.build | 1 + tests/unit/test-crypto-akcipher.c | 711 ++++++++++++++++++++++++ 5 files changed, 1407 insertions(+) create mode 100644 tests/bench/benchmark-crypto-akcipher.c create mode 100644 tests/bench/test_akcipher_keys.inc create mode 100644 tests/unit/test-crypto-akcipher.c diff --git a/tests/bench/benchmark-crypto-akcipher.c b/tests/bench/benchmar= k-crypto-akcipher.c new file mode 100644 index 0000000000..c6c80c0be1 --- /dev/null +++ b/tests/bench/benchmark-crypto-akcipher.c @@ -0,0 +1,157 @@ +/* + * QEMU Crypto akcipher speed benchmark + * + * Copyright (c) 2022 Bytedance + * + * Authors: + * lei he + * + * This work is licensed under the terms of the GNU GPL, version 2 or + * (at your option) any later version. See the COPYING file in the + * top-level directory. + */ + +#include "qemu/osdep.h" +#include "crypto/init.h" +#include "crypto/akcipher.h" +#include "standard-headers/linux/virtio_crypto.h" + +#include "test_akcipher_keys.inc" + +static bool keep_running; + +static void alarm_handler(int sig) +{ + keep_running =3D false; +} + +static QCryptoAkCipher *create_rsa_akcipher(const uint8_t *priv_key, + size_t keylen, + QCryptoRSAPaddingAlgorithm pad= ding, + QCryptoHashAlgorithm hash) +{ + QCryptoAkCipherOptions opt; + QCryptoAkCipher *rsa; + + opt.alg =3D QCRYPTO_AKCIPHER_ALG_RSA; + opt.u.rsa.padding_alg =3D padding; + opt.u.rsa.hash_alg =3D hash; + rsa =3D qcrypto_akcipher_new(&opt, QCRYPTO_AKCIPHER_KEY_TYPE_PRIVATE, + priv_key, keylen, &error_abort); + return rsa; +} + +static void test_rsa_speed(const uint8_t *priv_key, size_t keylen, + size_t key_size) +{ +#define BYTE 8 +#define SHA1_DGST_LEN 20 +#define DURATION_SECONDS 10 +#define PADDING QCRYPTO_RSA_PADDING_ALG_PKCS1 +#define HASH QCRYPTO_HASH_ALG_SHA1 + + g_autoptr(QCryptoAkCipher) rsa =3D + create_rsa_akcipher(priv_key, keylen, PADDING, HASH); + g_autofree uint8_t *dgst =3D NULL; + g_autofree uint8_t *signature =3D NULL; + size_t count; + + dgst =3D g_new0(uint8_t, SHA1_DGST_LEN); + memset(dgst, g_test_rand_int(), SHA1_DGST_LEN); + signature =3D g_new0(uint8_t, key_size / BYTE); + + g_test_message("benchmark rsa%lu (%s-%s) sign in %d seconds", key_size, + QCryptoRSAPaddingAlgorithm_str(PADDING), + QCryptoHashAlgorithm_str(HASH), + DURATION_SECONDS); + alarm(DURATION_SECONDS); + g_test_timer_start(); + for (keep_running =3D true, count =3D 0; keep_running; ++count) { + g_assert(qcrypto_akcipher_sign(rsa, dgst, SHA1_DGST_LEN, + signature, key_size / BYTE, + &error_abort) > 0); + } + g_test_timer_elapsed(); + g_test_message("rsa%lu (%s-%s) sign %lu times in %.2f seconds," + " %.2f times/sec ", + key_size, QCryptoRSAPaddingAlgorithm_str(PADDING), + QCryptoHashAlgorithm_str(HASH), + count, g_test_timer_last(), + (double)count / g_test_timer_last()); + + g_test_message("benchmark rsa%lu (%s-%s) verify in %d seconds", key_si= ze, + QCryptoRSAPaddingAlgorithm_str(PADDING), + QCryptoHashAlgorithm_str(HASH), + DURATION_SECONDS); + alarm(DURATION_SECONDS); + g_test_timer_start(); + for (keep_running =3D true, count =3D 0; keep_running; ++count) { + g_assert(qcrypto_akcipher_verify(rsa, signature, key_size / BYTE, + dgst, SHA1_DGST_LEN, + &error_abort) =3D=3D 0); + } + g_test_timer_elapsed(); + g_test_message("rsa%lu (%s-%s) verify %lu times in %.2f seconds," + " %.2f times/sec ", + key_size, QCryptoRSAPaddingAlgorithm_str(PADDING), + QCryptoHashAlgorithm_str(HASH), + count, g_test_timer_last(), + (double)count / g_test_timer_last()); +} + +static void test_rsa_1024_speed(const void *opaque) +{ + size_t key_size =3D (size_t)opaque; + test_rsa_speed(rsa1024_priv_key, sizeof(rsa1024_priv_key), key_size); +} + +static void test_rsa_2048_speed(const void *opaque) +{ + size_t key_size =3D (size_t)opaque; + test_rsa_speed(rsa2048_priv_key, sizeof(rsa2048_priv_key), key_size); +} + +static void test_rsa_4096_speed(const void *opaque) +{ + size_t key_size =3D (size_t)opaque; + test_rsa_speed(rsa4096_priv_key, sizeof(rsa4096_priv_key), key_size); +} + +int main(int argc, char **argv) +{ + char *alg =3D NULL; + char *size =3D NULL; + g_test_init(&argc, &argv, NULL); + g_assert(qcrypto_init(NULL) =3D=3D 0); + struct sigaction new_action, old_action; + + new_action.sa_handler =3D alarm_handler; + + /* Set up the structure to specify the new action. */ + sigemptyset(&new_action.sa_mask); + new_action.sa_flags =3D 0; + sigaction(SIGALRM, NULL, &old_action); + g_assert(old_action.sa_handler !=3D SIG_IGN); + sigaction(SIGALRM, &new_action, NULL); + +#define ADD_TEST(asym_alg, keysize) \ + if ((!alg || g_str_equal(alg, #asym_alg)) && \ + (!size || g_str_equal(size, #keysize))) \ + g_test_add_data_func( \ + "/crypto/akcipher/" #asym_alg "-" #keysize, \ + (void *)keysize, \ + test_ ## asym_alg ## _ ## keysize ## _speed) + + if (argc >=3D 2) { + alg =3D argv[1]; + } + if (argc >=3D 3) { + size =3D argv[2]; + } + + ADD_TEST(rsa, 1024); + ADD_TEST(rsa, 2048); + ADD_TEST(rsa, 4096); + + return g_test_run(); +} diff --git a/tests/bench/meson.build b/tests/bench/meson.build index 00b3c209dc..279a8fcc33 100644 --- a/tests/bench/meson.build +++ b/tests/bench/meson.build @@ -20,6 +20,7 @@ if have_block 'benchmark-crypto-hash': [crypto], 'benchmark-crypto-hmac': [crypto], 'benchmark-crypto-cipher': [crypto], + 'benchmark-crypto-akcipher': [crypto], } endif =20 diff --git a/tests/bench/test_akcipher_keys.inc b/tests/bench/test_akcipher= _keys.inc new file mode 100644 index 0000000000..df3eccb45e --- /dev/null +++ b/tests/bench/test_akcipher_keys.inc @@ -0,0 +1,537 @@ +/* + * Copyright (c) 2022 Bytedance, and/or its affiliates + * + * This work is licensed under the terms of the GNU GPL, version 2 or late= r. + * See the COPYING file in the top-level directory. + * + * Author: lei he + */ + +/* RSA test keys, generated by OpenSSL */ +static const uint8_t rsa1024_priv_key[] =3D { + 0x30, 0x82, 0x02, 0x5c, 0x02, 0x01, 0x00, 0x02, + 0x81, 0x81, 0x00, 0xe6, 0x4d, 0x76, 0x4f, 0xb2, + 0x97, 0x09, 0xad, 0x9d, 0x17, 0x33, 0xf2, 0x30, + 0x42, 0x83, 0xa9, 0xcb, 0x49, 0xa4, 0x2e, 0x59, + 0x5e, 0x75, 0x51, 0xd1, 0xac, 0xc8, 0x86, 0x3e, + 0xdb, 0x72, 0x2e, 0xb2, 0xf7, 0xc3, 0x5b, 0xc7, + 0xea, 0xed, 0x30, 0xd1, 0xf7, 0x37, 0xee, 0x9d, + 0x36, 0x59, 0x6f, 0xf8, 0xce, 0xc0, 0x5c, 0x82, + 0x80, 0x37, 0x83, 0xd7, 0x45, 0x6a, 0xe9, 0xea, + 0xc5, 0x3a, 0x59, 0x6b, 0x34, 0x31, 0x44, 0x00, + 0x74, 0xa7, 0x29, 0xab, 0x79, 0x4a, 0xbd, 0xe8, + 0x25, 0x35, 0x01, 0x11, 0x40, 0xbf, 0x31, 0xbd, + 0xd3, 0xe0, 0x68, 0x1e, 0xd5, 0x5b, 0x2f, 0xe9, + 0x20, 0xf2, 0x9f, 0x46, 0x35, 0x30, 0xa8, 0xf1, + 0xfe, 0xef, 0xd8, 0x76, 0x23, 0x46, 0x34, 0x70, + 0xa1, 0xce, 0xc6, 0x65, 0x6d, 0xb0, 0x94, 0x7e, + 0xe5, 0x92, 0x45, 0x7b, 0xaa, 0xbb, 0x95, 0x97, + 0x77, 0xcd, 0xd3, 0x02, 0x03, 0x01, 0x00, 0x01, + 0x02, 0x81, 0x80, 0x30, 0x6a, 0xc4, 0x9e, 0xc8, + 0xba, 0xfc, 0x2b, 0xe5, 0xc4, 0xc5, 0x04, 0xfb, + 0xa4, 0x60, 0x2d, 0xc8, 0x31, 0x39, 0x35, 0x0d, + 0x50, 0xd0, 0x75, 0x5d, 0x11, 0x68, 0x2e, 0xe0, + 0xf4, 0x1d, 0xb3, 0x37, 0xa8, 0xe3, 0x07, 0x5e, + 0xa6, 0x43, 0x2b, 0x6a, 0x59, 0x01, 0x07, 0x47, + 0x41, 0xef, 0xd7, 0x9c, 0x85, 0x4a, 0xe7, 0xa7, + 0xff, 0xf0, 0xab, 0xe5, 0x0c, 0x11, 0x08, 0x10, + 0x75, 0x5a, 0x68, 0xa0, 0x08, 0x03, 0xc9, 0x40, + 0x79, 0x67, 0x1d, 0x65, 0x89, 0x2d, 0x08, 0xf9, + 0xb5, 0x1b, 0x7d, 0xd2, 0x41, 0x3b, 0x33, 0xf2, + 0x47, 0x2f, 0x9c, 0x0b, 0xd5, 0xaf, 0xcb, 0xdb, + 0xbb, 0x37, 0x63, 0x03, 0xf8, 0xe7, 0x2e, 0xc7, + 0x3c, 0x86, 0x9f, 0xc2, 0x9b, 0xb4, 0x70, 0x6a, + 0x4d, 0x7c, 0xe4, 0x1b, 0x3a, 0xa9, 0xae, 0xd7, + 0xce, 0x7f, 0x56, 0xc2, 0x73, 0x5e, 0x58, 0x63, + 0xd5, 0x86, 0x41, 0x02, 0x41, 0x00, 0xf6, 0x56, + 0x69, 0xec, 0xef, 0x65, 0x95, 0xdc, 0x25, 0x47, + 0xe0, 0x6f, 0xb0, 0x4f, 0x79, 0x77, 0x0a, 0x5e, + 0x46, 0xcb, 0xbd, 0x0b, 0x71, 0x51, 0x2a, 0xa4, + 0x65, 0x29, 0x18, 0xc6, 0x30, 0xa0, 0x95, 0x4c, + 0x4b, 0xbe, 0x8c, 0x40, 0xe3, 0x9c, 0x23, 0x02, + 0x14, 0x43, 0xe9, 0x64, 0xea, 0xe3, 0xa8, 0xe2, + 0x1a, 0xd5, 0xf9, 0x5c, 0xe0, 0x36, 0x2c, 0x97, + 0xda, 0xd5, 0xc7, 0x46, 0xce, 0x11, 0x02, 0x41, + 0x00, 0xef, 0x56, 0x08, 0xb8, 0x29, 0xa5, 0xa6, + 0x7c, 0xf7, 0x5f, 0xb4, 0xf5, 0x63, 0xe7, 0xeb, + 0x45, 0xfd, 0x89, 0xaa, 0x94, 0xa6, 0x3d, 0x0b, + 0xd9, 0x04, 0x6f, 0x78, 0xe0, 0xbb, 0xa2, 0xd4, + 0x29, 0x83, 0x17, 0x95, 0x6f, 0x50, 0x3d, 0x40, + 0x5d, 0xe5, 0x24, 0xda, 0xc2, 0x23, 0x50, 0x86, + 0xa8, 0x34, 0xc8, 0x6f, 0xec, 0x7f, 0xb6, 0x45, + 0x3a, 0xdd, 0x78, 0x9b, 0xee, 0xa1, 0xe4, 0x09, + 0xa3, 0x02, 0x40, 0x5c, 0xd6, 0x66, 0x67, 0x58, + 0x35, 0xc5, 0xcb, 0xc8, 0xf5, 0x14, 0xbd, 0xa3, + 0x09, 0xe0, 0xb2, 0x1f, 0x63, 0x36, 0x75, 0x34, + 0x52, 0xea, 0xaa, 0xf7, 0x52, 0x2b, 0x99, 0xd8, + 0x6f, 0x61, 0x06, 0x34, 0x1e, 0x23, 0xf1, 0xb5, + 0x34, 0x03, 0x53, 0xe5, 0xd1, 0xb3, 0xc7, 0x80, + 0x5f, 0x7b, 0x32, 0xbf, 0x84, 0x2f, 0x2e, 0xf3, + 0x22, 0xb0, 0x91, 0x5a, 0x2f, 0x04, 0xd7, 0x4a, + 0x9a, 0x01, 0xb1, 0x02, 0x40, 0x34, 0x0b, 0x26, + 0x4c, 0x3d, 0xaa, 0x2a, 0xc0, 0xe3, 0xdd, 0xe8, + 0xf0, 0xaf, 0x6f, 0xe0, 0x06, 0x51, 0x32, 0x9d, + 0x68, 0x43, 0x99, 0xe4, 0xb8, 0xa5, 0x31, 0x44, + 0x3c, 0xc2, 0x30, 0x8f, 0x28, 0x13, 0xbc, 0x8e, + 0x1f, 0x2d, 0x78, 0x94, 0x45, 0x96, 0xad, 0x63, + 0xf0, 0x71, 0x53, 0x72, 0x64, 0xa3, 0x4d, 0xae, + 0xa0, 0xe3, 0xc8, 0x93, 0xd7, 0x50, 0x0f, 0x89, + 0x00, 0xe4, 0x2d, 0x3d, 0x37, 0x02, 0x41, 0x00, + 0xbe, 0xa6, 0x08, 0xe0, 0xc8, 0x15, 0x2a, 0x47, + 0xcb, 0xd5, 0xec, 0x93, 0xd3, 0xaa, 0x12, 0x82, + 0xaf, 0xac, 0x51, 0x5a, 0x5b, 0xa7, 0x93, 0x4b, + 0xb9, 0xab, 0x00, 0xfa, 0x5a, 0xea, 0x34, 0xe4, + 0x80, 0xf1, 0x44, 0x6a, 0x65, 0xe4, 0x33, 0x99, + 0xfb, 0x54, 0xd7, 0x89, 0x5a, 0x1b, 0xd6, 0x2b, + 0xcc, 0x6e, 0x4b, 0x19, 0xa0, 0x6d, 0x93, 0x9f, + 0xc3, 0x91, 0x7a, 0xa5, 0xd8, 0x59, 0x0e, 0x9e, +}; + +static const uint8_t rsa2048_priv_key[] =3D { + 0x30, 0x82, 0x04, 0xa4, 0x02, 0x01, 0x00, 0x02, + 0x82, 0x01, 0x01, 0x00, 0xbd, 0x9c, 0x83, 0x6b, + 0x0e, 0x8e, 0xcf, 0xfa, 0xaa, 0x4f, 0x6a, 0xf4, + 0xe3, 0x52, 0x0f, 0xa5, 0xd0, 0xbe, 0x5e, 0x7f, + 0x08, 0x24, 0xba, 0x87, 0x46, 0xfb, 0x28, 0x93, + 0xe5, 0xe5, 0x81, 0x42, 0xc0, 0xf9, 0x17, 0xc7, + 0x81, 0x01, 0xf4, 0x18, 0x6a, 0x17, 0xf5, 0x57, + 0x20, 0x37, 0xcf, 0xf9, 0x74, 0x5e, 0xe1, 0x48, + 0x6a, 0x71, 0x0a, 0x0f, 0x79, 0x72, 0x2b, 0x46, + 0x10, 0x53, 0xdc, 0x14, 0x43, 0xbd, 0xbc, 0x6d, + 0x15, 0x6f, 0x15, 0x4e, 0xf0, 0x0d, 0x89, 0x39, + 0x02, 0xc3, 0x68, 0x5c, 0xa8, 0xfc, 0xed, 0x64, + 0x9d, 0x98, 0xb7, 0xcd, 0x83, 0x66, 0x93, 0xc3, + 0xd9, 0x57, 0xa0, 0x21, 0x93, 0xad, 0x5c, 0x75, + 0x69, 0x88, 0x9e, 0x81, 0xdc, 0x7f, 0x1d, 0xd5, + 0xbd, 0x1c, 0xc1, 0x30, 0x56, 0xa5, 0xda, 0x99, + 0x46, 0xa6, 0x6d, 0x0e, 0x6f, 0x5e, 0x51, 0x34, + 0x49, 0x73, 0xc3, 0x67, 0x49, 0x7e, 0x21, 0x2a, + 0x20, 0xa7, 0x2b, 0x92, 0x73, 0x1d, 0xa5, 0x25, + 0x2a, 0xd0, 0x3a, 0x89, 0x75, 0xb2, 0xbb, 0x19, + 0x37, 0x78, 0x48, 0xd2, 0xf2, 0x2a, 0x6d, 0x9e, + 0xc6, 0x26, 0xca, 0x46, 0x8c, 0xf1, 0x42, 0x2a, + 0x31, 0xb2, 0xfc, 0xe7, 0x55, 0x51, 0xff, 0x07, + 0x13, 0x5b, 0x36, 0x59, 0x2b, 0x43, 0x30, 0x4b, + 0x05, 0x5c, 0xd2, 0x45, 0xa0, 0xa0, 0x7c, 0x17, + 0x5b, 0x07, 0xbb, 0x5d, 0x83, 0x80, 0x92, 0x6d, + 0x87, 0x1a, 0x43, 0xac, 0xc7, 0x6b, 0x8d, 0x11, + 0x60, 0x27, 0xd2, 0xdf, 0xdb, 0x71, 0x02, 0x55, + 0x6e, 0xb5, 0xca, 0x4d, 0xda, 0x59, 0x0d, 0xb8, + 0x8c, 0xcd, 0xd3, 0x0e, 0x55, 0xa0, 0xa4, 0x8d, + 0xa0, 0x14, 0x10, 0x48, 0x42, 0x35, 0x56, 0x08, + 0xf7, 0x29, 0x5f, 0xa2, 0xea, 0xa4, 0x5e, 0x8e, + 0x99, 0x56, 0xaa, 0x5a, 0x8c, 0x23, 0x8f, 0x35, + 0x22, 0x8a, 0xff, 0xed, 0x02, 0x03, 0x01, 0x00, + 0x01, 0x02, 0x82, 0x01, 0x00, 0x4e, 0x4a, 0xf3, + 0x44, 0xe0, 0x64, 0xfd, 0xe1, 0xde, 0x33, 0x1e, + 0xd1, 0xf1, 0x8f, 0x6f, 0xe0, 0xa2, 0xfa, 0x08, + 0x60, 0xe1, 0xc6, 0xf0, 0xb2, 0x6d, 0x0f, 0xc6, + 0x28, 0x93, 0xb4, 0x19, 0x94, 0xab, 0xc3, 0xef, + 0x1a, 0xb4, 0xdd, 0x4e, 0xa2, 0x4a, 0x24, 0x8c, + 0x6c, 0xa6, 0x64, 0x05, 0x5f, 0x56, 0xba, 0xda, + 0xc1, 0x21, 0x1a, 0x7d, 0xf1, 0xf7, 0xce, 0xb9, + 0xa9, 0x9b, 0x92, 0x54, 0xfc, 0x95, 0x20, 0x22, + 0x4e, 0xd4, 0x9b, 0xe2, 0xab, 0x8e, 0x99, 0xb8, + 0x40, 0xaf, 0x30, 0x6a, 0xc6, 0x60, 0x0c, 0xd8, + 0x25, 0x44, 0xa1, 0xcb, 0xbb, 0x73, 0x77, 0x86, + 0xaa, 0x46, 0xf3, 0x54, 0xae, 0xa8, 0xa0, 0xdb, + 0xdd, 0xab, 0x6e, 0xfb, 0x2c, 0x5a, 0x14, 0xaf, + 0x08, 0x13, 0xa7, 0x6c, 0xe9, 0xfd, 0xcd, 0x4c, + 0x1f, 0x20, 0x3a, 0x16, 0x2b, 0xf0, 0xb6, 0x7c, + 0x47, 0x5f, 0xd1, 0x0a, 0x2c, 0xc4, 0xa5, 0x68, + 0xd0, 0x43, 0x75, 0x6b, 0x65, 0xaa, 0x32, 0xc6, + 0x99, 0x06, 0xcb, 0x8f, 0xe6, 0x8d, 0xce, 0xbf, + 0x4d, 0x0d, 0x7b, 0x22, 0x2a, 0x8a, 0xcb, 0x7d, + 0x7f, 0x16, 0x48, 0x85, 0xf1, 0x86, 0xcb, 0x54, + 0xb9, 0x39, 0xd4, 0xbc, 0xe3, 0x2d, 0x27, 0x59, + 0xf6, 0x81, 0x5e, 0x94, 0x45, 0xdf, 0xb9, 0x22, + 0xaf, 0x64, 0x0d, 0x14, 0xec, 0x8c, 0xeb, 0x71, + 0xac, 0xee, 0x09, 0x4c, 0xbf, 0x34, 0xf9, 0xf4, + 0x66, 0x77, 0x36, 0x3b, 0x41, 0x74, 0x01, 0x4f, + 0xfc, 0x56, 0x83, 0xba, 0x14, 0xb0, 0x2f, 0xdd, + 0x4d, 0xb9, 0x3f, 0xdf, 0x71, 0xbe, 0x7b, 0xba, + 0x66, 0xc8, 0xc5, 0x42, 0xc9, 0xba, 0x18, 0x63, + 0x45, 0x07, 0x2f, 0x84, 0x3e, 0xc3, 0xfb, 0x47, + 0xda, 0xd4, 0x1d, 0x0e, 0x9d, 0x96, 0xc0, 0xea, + 0xee, 0x45, 0x2f, 0xe1, 0x62, 0x23, 0xee, 0xef, + 0x3d, 0x5e, 0x55, 0xa1, 0x0d, 0x02, 0x81, 0x81, + 0x00, 0xeb, 0x76, 0x88, 0xd3, 0xae, 0x3f, 0x1d, + 0xf2, 0x49, 0xe0, 0x37, 0x49, 0x83, 0x82, 0x6c, + 0xf7, 0xf1, 0x17, 0x30, 0x75, 0x2e, 0x89, 0x06, + 0x88, 0x56, 0x32, 0xf6, 0xfa, 0x58, 0xcb, 0x3c, + 0x98, 0x67, 0xc3, 0xde, 0x10, 0x82, 0xe5, 0xfa, + 0xfa, 0x52, 0x47, 0x8d, 0xd7, 0x00, 0xc6, 0xcb, + 0xf7, 0xf6, 0x57, 0x9b, 0x6e, 0x0c, 0xac, 0xe8, + 0x3b, 0xd1, 0xde, 0xb5, 0x34, 0xaf, 0x8b, 0x2a, + 0xb0, 0x2d, 0x01, 0xeb, 0x7c, 0xa0, 0x42, 0x26, + 0xbb, 0x2b, 0x43, 0x0e, 0x1d, 0xe2, 0x4e, 0xc9, + 0xc1, 0x0a, 0x67, 0x1d, 0xfc, 0x83, 0x25, 0xce, + 0xb2, 0x18, 0xd9, 0x0d, 0x70, 0xf5, 0xa3, 0x5a, + 0x9c, 0x99, 0xdd, 0x47, 0xa1, 0x57, 0xe7, 0x20, + 0xde, 0xa1, 0x29, 0x8d, 0x96, 0x62, 0xf9, 0x26, + 0x95, 0x51, 0xa6, 0xe7, 0x09, 0x8b, 0xba, 0x16, + 0x8b, 0x19, 0x5b, 0xf9, 0x27, 0x0d, 0xc5, 0xd6, + 0x5f, 0x02, 0x81, 0x81, 0x00, 0xce, 0x26, 0x31, + 0xb5, 0x43, 0x53, 0x95, 0x39, 0xdd, 0x01, 0x98, + 0x8b, 0x3d, 0x27, 0xeb, 0x0b, 0x87, 0x1c, 0x95, + 0xfc, 0x3e, 0x36, 0x51, 0x31, 0xb5, 0xea, 0x59, + 0x56, 0xc0, 0x97, 0x62, 0xf0, 0x63, 0x2b, 0xb6, + 0x30, 0x9b, 0xdf, 0x19, 0x10, 0xe9, 0xa0, 0x3d, + 0xea, 0x54, 0x5a, 0xe6, 0xc6, 0x9e, 0x7e, 0xb5, + 0xf0, 0xb0, 0x54, 0xef, 0xc3, 0xe1, 0x47, 0xa6, + 0x95, 0xc7, 0xe4, 0xa3, 0x4a, 0x30, 0x68, 0x24, + 0x98, 0x7d, 0xc1, 0x34, 0xa9, 0xcb, 0xbc, 0x3c, + 0x08, 0x9c, 0x7d, 0x0c, 0xa2, 0xb7, 0x60, 0xaa, + 0x38, 0x08, 0x16, 0xa6, 0x7f, 0xdb, 0xd2, 0xb1, + 0x67, 0xe7, 0x93, 0x8e, 0xbb, 0x7e, 0xb9, 0xb5, + 0xd0, 0xd0, 0x9f, 0x7b, 0xcc, 0x46, 0xe6, 0x74, + 0x78, 0x1a, 0x96, 0xd6, 0xd7, 0x74, 0x34, 0x54, + 0x3b, 0x54, 0x55, 0x7f, 0x89, 0x81, 0xbc, 0x40, + 0x55, 0x87, 0x24, 0x95, 0x33, 0x02, 0x81, 0x81, + 0x00, 0xb0, 0x18, 0x5d, 0x2a, 0x1a, 0x95, 0x9f, + 0x9a, 0xd5, 0x3f, 0x37, 0x79, 0xe6, 0x3d, 0x83, + 0xab, 0x46, 0x86, 0x36, 0x3a, 0x5d, 0x0c, 0x23, + 0x73, 0x91, 0x2b, 0xda, 0x63, 0xce, 0x46, 0x68, + 0xd1, 0xfe, 0x40, 0x90, 0xf2, 0x3e, 0x43, 0x2b, + 0x19, 0x4c, 0xb1, 0xb0, 0xd5, 0x8c, 0x02, 0x21, + 0x07, 0x18, 0x17, 0xda, 0xe9, 0x49, 0xd7, 0x82, + 0x73, 0x42, 0x78, 0xd1, 0x82, 0x4e, 0x8a, 0xc0, + 0xe9, 0x33, 0x2f, 0xcd, 0x62, 0xce, 0x23, 0xca, + 0xfd, 0x8d, 0xd4, 0x3f, 0x59, 0x80, 0x27, 0xb6, + 0x61, 0x85, 0x9b, 0x2a, 0xe4, 0xef, 0x5c, 0x36, + 0x22, 0x21, 0xcd, 0x2a, 0x6d, 0x41, 0x77, 0xe2, + 0xcb, 0x5d, 0x93, 0x0d, 0x00, 0x10, 0x52, 0x8d, + 0xd5, 0x92, 0x28, 0x16, 0x78, 0xd3, 0x1a, 0x4c, + 0x8d, 0xbd, 0x9c, 0x1a, 0x0b, 0x9c, 0x91, 0x16, + 0x4c, 0xff, 0x31, 0x36, 0xbb, 0xcb, 0x64, 0x1a, + 0xf7, 0x02, 0x81, 0x80, 0x32, 0x65, 0x09, 0xdf, + 0xca, 0xee, 0xa2, 0xdb, 0x3b, 0x58, 0xc9, 0x86, + 0xb8, 0x53, 0x8a, 0xd5, 0x0d, 0x99, 0x82, 0x5c, + 0xe0, 0x84, 0x7c, 0xc2, 0xcf, 0x3a, 0xd3, 0xce, + 0x2e, 0x54, 0x93, 0xbe, 0x3a, 0x30, 0x14, 0x60, + 0xbb, 0xaa, 0x05, 0x41, 0xaa, 0x2b, 0x1f, 0x17, + 0xaa, 0xb9, 0x72, 0x12, 0xf9, 0xe9, 0xf5, 0xe6, + 0x39, 0xe4, 0xf9, 0x9c, 0x03, 0xf5, 0x75, 0x16, + 0xc6, 0x7f, 0xf1, 0x1f, 0x10, 0xc8, 0x54, 0xb1, + 0xe6, 0x84, 0x15, 0xb0, 0xb0, 0x7a, 0x7a, 0x9e, + 0x8c, 0x4a, 0xd1, 0x8c, 0xf1, 0x91, 0x32, 0xeb, + 0x71, 0xa6, 0xbf, 0xdb, 0x1f, 0xcc, 0xd8, 0xcb, + 0x92, 0xc3, 0xf2, 0xaf, 0x89, 0x22, 0x32, 0xfd, + 0x32, 0x12, 0xda, 0xbb, 0xac, 0x55, 0x68, 0x01, + 0x78, 0x56, 0x89, 0x7c, 0xb0, 0x0e, 0x9e, 0xcc, + 0xc6, 0x28, 0x04, 0x7e, 0x83, 0xf5, 0x96, 0x30, + 0x92, 0x51, 0xf2, 0x1b, 0x02, 0x81, 0x81, 0x00, + 0x83, 0x6d, 0xd1, 0x98, 0x90, 0x41, 0x8c, 0xa7, + 0x92, 0x83, 0xac, 0x89, 0x05, 0x0c, 0x79, 0x67, + 0x90, 0xb6, 0xa1, 0xf3, 0x2f, 0xca, 0xf0, 0x15, + 0xe0, 0x30, 0x58, 0xe9, 0x4f, 0xcb, 0x4c, 0x56, + 0x56, 0x56, 0x14, 0x3f, 0x1b, 0x79, 0xb6, 0xef, + 0x57, 0x4b, 0x28, 0xbd, 0xb0, 0xe6, 0x0c, 0x49, + 0x4b, 0xbe, 0xe1, 0x57, 0x28, 0x2a, 0x23, 0x5e, + 0xc4, 0xa2, 0x19, 0x4b, 0x00, 0x67, 0x78, 0xd9, + 0x26, 0x6e, 0x17, 0x25, 0xce, 0xe4, 0xfd, 0xde, + 0x86, 0xa8, 0x5a, 0x67, 0x47, 0x6b, 0x15, 0x09, + 0xe1, 0xec, 0x8e, 0x62, 0x98, 0x91, 0x6f, 0xc0, + 0x98, 0x0c, 0x70, 0x0e, 0x7d, 0xbe, 0x63, 0xbd, + 0x12, 0x5a, 0x98, 0x1c, 0xe3, 0x0c, 0xfb, 0xc7, + 0xfb, 0x1b, 0xbd, 0x02, 0x87, 0xcc, 0x0c, 0xbb, + 0xc2, 0xd4, 0xb6, 0xc1, 0xa1, 0x23, 0xd3, 0x1e, + 0x21, 0x6f, 0x48, 0xba, 0x0e, 0x2e, 0xc7, 0x42 +}; + +static const uint8_t rsa4096_priv_key[] =3D { + 0x30, 0x82, 0x09, 0x29, 0x02, 0x01, 0x00, 0x02, + 0x82, 0x02, 0x01, 0x00, 0xcc, 0x30, 0xc6, 0x90, + 0x49, 0x2b, 0x86, 0xe7, 0x7a, 0xa5, 0x7a, 0x9a, + 0x4f, 0xee, 0x0e, 0xa1, 0x5c, 0x43, 0x64, 0xd0, + 0x76, 0xe1, 0xfd, 0x0b, 0xfd, 0x43, 0x7a, 0x65, + 0xe6, 0x20, 0xbd, 0xf2, 0x0e, 0xbe, 0x76, 0x54, + 0xae, 0x37, 0xbe, 0xa0, 0x02, 0x96, 0xae, 0x8d, + 0x8a, 0xae, 0x3b, 0x88, 0xbb, 0x67, 0xce, 0x7c, + 0x20, 0xbf, 0x14, 0xc3, 0x71, 0x51, 0x87, 0x03, + 0x34, 0xaa, 0x3c, 0x09, 0xff, 0xe9, 0xeb, 0xb7, + 0x85, 0x5c, 0xbb, 0x8d, 0xce, 0x8e, 0x3f, 0xd1, + 0x16, 0x30, 0x00, 0x32, 0x2f, 0x25, 0x8d, 0xef, + 0x71, 0xd9, 0xea, 0x6b, 0x45, 0x53, 0x49, 0xc3, + 0x09, 0x4f, 0xb0, 0xa8, 0xa5, 0x89, 0x76, 0x59, + 0x31, 0xa5, 0xf1, 0x5c, 0x42, 0x54, 0x57, 0x70, + 0x57, 0xad, 0xd8, 0xeb, 0x89, 0xa6, 0x87, 0xa2, + 0x6c, 0x95, 0x58, 0x8f, 0xb6, 0x82, 0xc7, 0xde, + 0xc2, 0x3a, 0xdc, 0x5b, 0xe8, 0x02, 0xcc, 0x26, + 0x4b, 0x01, 0xaa, 0xe6, 0xf3, 0x66, 0x4d, 0x90, + 0x85, 0xde, 0xf4, 0x5d, 0x80, 0x98, 0xc6, 0x65, + 0xcf, 0x44, 0x4c, 0xde, 0xb5, 0x4a, 0xfc, 0xda, + 0x0a, 0x0a, 0x10, 0x26, 0xa3, 0xcb, 0x9d, 0xe4, + 0x8d, 0xab, 0x2c, 0x04, 0xfd, 0xaa, 0xfc, 0x3b, + 0xac, 0x4e, 0x56, 0xb8, 0x4c, 0x9f, 0x22, 0x49, + 0xcb, 0x76, 0x45, 0x24, 0x36, 0x2d, 0xbb, 0xe6, + 0x7e, 0xa9, 0x93, 0x13, 0x96, 0x1e, 0xfc, 0x4b, + 0x75, 0xd4, 0x54, 0xc8, 0x8c, 0x55, 0xe6, 0x3f, + 0x09, 0x5a, 0x03, 0x74, 0x7c, 0x8a, 0xc8, 0xe7, + 0x49, 0x0b, 0x86, 0x7c, 0x97, 0xa0, 0xf2, 0x0d, + 0xf1, 0x5c, 0x0e, 0x7a, 0xc0, 0x3f, 0x78, 0x2d, + 0x9b, 0xe2, 0x26, 0xa0, 0x89, 0x49, 0x0c, 0xad, + 0x79, 0xa6, 0x82, 0x98, 0xa6, 0xb7, 0x74, 0xb4, + 0x45, 0xc8, 0xed, 0xea, 0x81, 0xcd, 0xf0, 0x3b, + 0x8e, 0x24, 0xfb, 0x0c, 0xd0, 0x3a, 0x14, 0xb9, + 0xb4, 0x3b, 0x69, 0xd9, 0xf2, 0x42, 0x6e, 0x7f, + 0x6f, 0x5e, 0xb1, 0x52, 0x5b, 0xaa, 0xef, 0xae, + 0x1e, 0x34, 0xca, 0xed, 0x0a, 0x8d, 0x56, 0xd6, + 0xdd, 0xd4, 0x2c, 0x54, 0x7a, 0x57, 0xca, 0x7e, + 0x4a, 0x11, 0xde, 0x48, 0xdf, 0x2b, 0x09, 0x97, + 0x39, 0x24, 0xce, 0x45, 0xe0, 0x75, 0xb1, 0x19, + 0x42, 0xdb, 0x63, 0x40, 0x9b, 0xb9, 0x95, 0x96, + 0x78, 0x91, 0xd5, 0x19, 0x12, 0xab, 0xef, 0x55, + 0x6f, 0x0d, 0x65, 0xc0, 0x8f, 0x62, 0x99, 0x78, + 0xc0, 0xe0, 0xe1, 0x33, 0xc7, 0x68, 0xff, 0x29, + 0x66, 0x22, 0x3a, 0x6f, 0xa0, 0xf8, 0x5c, 0x68, + 0x9b, 0xa9, 0x05, 0xad, 0x6b, 0x1d, 0xae, 0xc1, + 0x30, 0xbb, 0xfe, 0xb7, 0x31, 0x85, 0x0d, 0xd1, + 0xd5, 0xfc, 0x43, 0x1e, 0xb3, 0x61, 0x6f, 0xc4, + 0x75, 0xed, 0x76, 0x9d, 0x13, 0xb3, 0x61, 0x57, + 0xc8, 0x33, 0x0d, 0x77, 0x84, 0xf0, 0xc7, 0x62, + 0xb9, 0x9e, 0xd5, 0x01, 0xfa, 0x87, 0x4a, 0xf5, + 0xd7, 0x4f, 0x5d, 0xae, 0xe7, 0x08, 0xd2, 0x5a, + 0x65, 0x30, 0xc9, 0xf0, 0x0a, 0x11, 0xf1, 0x2a, + 0xd3, 0x43, 0x43, 0xca, 0x05, 0x90, 0x85, 0xf4, + 0xbc, 0x37, 0x49, 0x40, 0x45, 0x35, 0xd3, 0x56, + 0x06, 0x4c, 0x63, 0x93, 0x07, 0x14, 0x8b, 0xd3, + 0x12, 0xd0, 0xe5, 0x00, 0x48, 0x76, 0xd2, 0xdf, + 0x7c, 0xea, 0xc7, 0xff, 0xf0, 0x88, 0xd5, 0xa4, + 0x61, 0x7d, 0x79, 0xc2, 0xda, 0x53, 0x24, 0xdc, + 0x20, 0xae, 0xe6, 0x08, 0x65, 0xef, 0xc9, 0x0d, + 0x7d, 0x66, 0x6d, 0x1b, 0x1c, 0x5d, 0x46, 0xe1, + 0x26, 0x8a, 0x29, 0x77, 0x76, 0x19, 0xe5, 0x19, + 0x2a, 0x75, 0x21, 0xf1, 0x92, 0x8a, 0x9c, 0x7b, + 0xe8, 0x0b, 0x38, 0xc1, 0xbf, 0x76, 0x22, 0x45, + 0x4a, 0xd3, 0x43, 0xc3, 0x8c, 0x74, 0xd8, 0xd8, + 0xec, 0x3e, 0x14, 0xdf, 0x02, 0x03, 0x01, 0x00, + 0x01, 0x02, 0x82, 0x02, 0x01, 0x00, 0x9e, 0x13, + 0x64, 0xa5, 0x6e, 0xff, 0xf3, 0x80, 0x60, 0xc2, + 0x9b, 0x17, 0xbb, 0xa9, 0x60, 0x4a, 0x2b, 0x53, + 0x41, 0x48, 0xe1, 0xc0, 0x32, 0x56, 0x85, 0xcb, + 0x27, 0x86, 0x9b, 0x91, 0xdd, 0x7a, 0xf7, 0x4f, + 0x1b, 0xec, 0x92, 0xb3, 0x35, 0x30, 0x4a, 0xd0, + 0xbc, 0x71, 0x77, 0x5b, 0x4b, 0x5b, 0x9f, 0x39, + 0xcd, 0xf0, 0xea, 0xa9, 0x03, 0x3a, 0x0b, 0x10, + 0x42, 0xa5, 0x88, 0xb0, 0x01, 0xaa, 0xfc, 0x23, + 0xec, 0x08, 0x37, 0x86, 0x82, 0xec, 0x55, 0x6c, + 0x6a, 0x9b, 0x43, 0xc2, 0x05, 0x64, 0xd4, 0x7b, + 0x0e, 0x56, 0xc0, 0x9d, 0x23, 0x8d, 0xc8, 0x2d, + 0xa2, 0x7d, 0x0b, 0x48, 0x56, 0x4b, 0x39, 0x5c, + 0x21, 0xf3, 0x0b, 0x2c, 0x9c, 0x9d, 0xff, 0xfb, + 0xab, 0x75, 0x9d, 0x6b, 0x48, 0xf3, 0x8f, 0xad, + 0x0c, 0x74, 0x01, 0xfb, 0xdc, 0x83, 0xe5, 0x97, + 0x79, 0x84, 0x4a, 0x79, 0xa6, 0xfe, 0xbf, 0xae, + 0xea, 0xbc, 0xfa, 0x74, 0x60, 0x0a, 0x4b, 0x84, + 0x77, 0xa7, 0xda, 0xfb, 0xaf, 0xd2, 0x73, 0x2b, + 0xd2, 0xec, 0x1e, 0x79, 0x91, 0xc9, 0x18, 0x30, + 0xe5, 0x6f, 0x27, 0x36, 0x83, 0x2a, 0x66, 0xc3, + 0xcb, 0x88, 0x94, 0xe4, 0x5f, 0x3f, 0xbd, 0xe2, + 0x11, 0x43, 0x61, 0x31, 0x84, 0x91, 0x49, 0x40, + 0x29, 0x1b, 0x58, 0x18, 0x47, 0x8e, 0xb1, 0x22, + 0xd6, 0xc4, 0xaa, 0x6a, 0x3d, 0x22, 0x7c, 0xa5, + 0xa0, 0x4c, 0x0a, 0xfc, 0x46, 0x66, 0xbb, 0xbe, + 0x04, 0x71, 0xe8, 0x9b, 0x76, 0xf1, 0x47, 0x39, + 0x6a, 0x2f, 0x23, 0xad, 0x78, 0x80, 0x1c, 0x22, + 0xcd, 0x41, 0x5e, 0x09, 0x16, 0x6c, 0x91, 0x48, + 0x91, 0x91, 0x3d, 0x8c, 0xe6, 0xba, 0x81, 0x8d, + 0xbb, 0xf2, 0xd0, 0xaa, 0xc7, 0x8f, 0xc6, 0x01, + 0x60, 0xa7, 0xef, 0x1e, 0x8e, 0x91, 0x6d, 0xcc, + 0x30, 0x9e, 0xea, 0x7c, 0x56, 0x9d, 0x42, 0xcf, + 0x44, 0x85, 0x52, 0xa8, 0xf2, 0x36, 0x9c, 0x46, + 0xfa, 0x9d, 0xd3, 0x4e, 0x13, 0x46, 0x81, 0xce, + 0x99, 0xc9, 0x58, 0x47, 0xe4, 0xeb, 0x27, 0x56, + 0x29, 0x61, 0x0f, 0xb5, 0xcb, 0xf3, 0x48, 0x58, + 0x8f, 0xbc, 0xaf, 0x0a, 0xbf, 0x40, 0xd1, 0xf6, + 0x4f, 0xd2, 0x89, 0x4a, 0xff, 0x6f, 0x54, 0x70, + 0x49, 0x42, 0xf6, 0xf8, 0x0e, 0x4f, 0xa5, 0xf6, + 0x8b, 0x49, 0x80, 0xd4, 0xf5, 0x03, 0xf8, 0x65, + 0xe7, 0x1f, 0x0a, 0xc0, 0x8f, 0xd3, 0x7a, 0x70, + 0xca, 0x67, 0xaf, 0x71, 0xfd, 0x4b, 0xe1, 0x17, + 0x76, 0x74, 0x2e, 0x12, 0x7b, 0xad, 0x4b, 0xbb, + 0xd2, 0x64, 0xd0, 0xa9, 0xf9, 0x79, 0xa9, 0xa6, + 0x03, 0xd2, 0xc2, 0x8f, 0x47, 0x59, 0x1b, 0x7c, + 0xe3, 0xce, 0x92, 0xb2, 0xac, 0x3e, 0xee, 0x12, + 0x43, 0x5f, 0x23, 0xec, 0xf1, 0xd3, 0xf2, 0x21, + 0x22, 0xe8, 0x7e, 0x7f, 0xa4, 0x93, 0x8e, 0x78, + 0x69, 0x69, 0xa0, 0xc9, 0xce, 0x86, 0x36, 0x13, + 0x10, 0x21, 0xc4, 0x7a, 0x52, 0xcf, 0x53, 0xd9, + 0x9b, 0x58, 0xe6, 0x2d, 0xeb, 0x60, 0xe3, 0x75, + 0x1a, 0x22, 0xf6, 0x3c, 0x54, 0x6b, 0xfa, 0xa1, + 0x5d, 0xf6, 0x38, 0xf0, 0xd4, 0x26, 0x2d, 0x7d, + 0x74, 0x99, 0x6a, 0x13, 0x8a, 0x07, 0x9f, 0x07, + 0xc5, 0xf4, 0xa8, 0x20, 0x11, 0xa9, 0x76, 0x11, + 0xe4, 0x48, 0xae, 0xa4, 0x8a, 0xa1, 0xbf, 0x1f, + 0xba, 0x37, 0x50, 0x53, 0x43, 0x91, 0x45, 0x88, + 0x03, 0x52, 0xba, 0xac, 0xc8, 0xe3, 0xe1, 0xba, + 0x63, 0x24, 0x72, 0xbe, 0x1d, 0x01, 0x1f, 0x6c, + 0x34, 0x10, 0xb8, 0x56, 0x4a, 0x67, 0x28, 0x4b, + 0x7a, 0x2b, 0x31, 0x29, 0x47, 0xda, 0xdf, 0x53, + 0x88, 0x79, 0x22, 0x31, 0x15, 0x56, 0xe3, 0xa0, + 0x79, 0x75, 0x94, 0x90, 0xb2, 0xe8, 0x4b, 0xca, + 0x82, 0x6d, 0x3c, 0x69, 0x43, 0x01, 0x02, 0x82, + 0x01, 0x01, 0x00, 0xe7, 0x8b, 0xd6, 0x1a, 0xe8, + 0x00, 0xed, 0x9d, 0x7c, 0x5a, 0x32, 0x10, 0xc1, + 0x53, 0x50, 0xbe, 0x27, 0x1d, 0xef, 0x69, 0x73, + 0xa2, 0x8f, 0x95, 0x96, 0x86, 0xfe, 0xfb, 0x82, + 0xdb, 0xea, 0x7d, 0x73, 0x5a, 0x2b, 0xe7, 0x4b, + 0xd5, 0x8f, 0x4f, 0xaf, 0x85, 0x1d, 0x15, 0x1a, + 0x58, 0x5f, 0x41, 0x79, 0x70, 0x5c, 0x8f, 0xa9, + 0x8e, 0x23, 0x31, 0xa7, 0x6d, 0x99, 0x0c, 0xf0, + 0x51, 0xbf, 0xbb, 0xd3, 0xe3, 0xa3, 0x34, 0xf0, + 0x1d, 0x7f, 0x4a, 0xb7, 0x8f, 0xf6, 0x0a, 0x49, + 0x65, 0xaf, 0x35, 0x7b, 0x02, 0x2e, 0x69, 0x49, + 0x95, 0xb5, 0x20, 0x70, 0xb2, 0x98, 0x54, 0x9b, + 0x8e, 0x4f, 0x48, 0xa8, 0xfa, 0x7e, 0xc7, 0x0a, + 0xae, 0x84, 0xe1, 0xba, 0x85, 0x98, 0x96, 0x8a, + 0x7c, 0xdd, 0xcc, 0xcd, 0xd8, 0x5b, 0x50, 0x60, + 0x88, 0x2d, 0xb6, 0x3e, 0xb8, 0xc2, 0xae, 0xa5, + 0x62, 0x10, 0xcd, 0xdc, 0xae, 0x86, 0xfe, 0x31, + 0x8b, 0xf7, 0xee, 0x1a, 0x35, 0x46, 0x83, 0xee, + 0x5f, 0x55, 0x9a, 0xc2, 0xca, 0x53, 0xb7, 0x2c, + 0xbf, 0x03, 0x8a, 0x78, 0xcc, 0x1d, 0x96, 0x7b, + 0xac, 0x00, 0x62, 0x1e, 0xbd, 0x6f, 0x0b, 0xa5, + 0xec, 0xf3, 0x02, 0x47, 0x47, 0x1e, 0x3d, 0xf6, + 0x78, 0x42, 0xe4, 0xcd, 0xf8, 0x14, 0xa3, 0x7d, + 0xd5, 0x2f, 0x6e, 0xcc, 0x1a, 0x9e, 0xe7, 0xcf, + 0x48, 0xb9, 0x80, 0xb8, 0xba, 0xaa, 0x7b, 0xae, + 0x65, 0x74, 0x09, 0x7b, 0x43, 0x26, 0x31, 0xa2, + 0x95, 0x43, 0x69, 0xd0, 0xb7, 0x95, 0xe4, 0x76, + 0x2c, 0x42, 0x19, 0x47, 0x4f, 0x63, 0x35, 0x9c, + 0xa2, 0x1a, 0xce, 0x28, 0xdf, 0x76, 0x98, 0x1d, + 0xd4, 0x2e, 0xf6, 0x3a, 0xc8, 0x3e, 0xc7, 0xaf, + 0xf7, 0x38, 0x3f, 0x83, 0x3a, 0xcb, 0xae, 0x41, + 0x75, 0x46, 0x63, 0xaa, 0x45, 0xb1, 0x2c, 0xd9, + 0x9f, 0x17, 0x37, 0x02, 0x82, 0x01, 0x01, 0x00, + 0xe1, 0xc1, 0x57, 0x4d, 0x0f, 0xa5, 0xea, 0x1d, + 0x39, 0x9c, 0xe0, 0xf0, 0x6d, 0x13, 0x7f, 0x79, + 0xdc, 0x72, 0x61, 0xc0, 0x7f, 0x88, 0xf6, 0x38, + 0x4f, 0x49, 0x06, 0x1e, 0xb8, 0x6c, 0x21, 0x04, + 0x60, 0x76, 0x5a, 0x6d, 0x04, 0xd1, 0x6d, 0xac, + 0x7c, 0x25, 0x4f, 0x32, 0xcb, 0xbc, 0xf8, 0x4a, + 0x22, 0x8f, 0xf5, 0x41, 0xfd, 0x1c, 0x76, 0x30, + 0xc2, 0x5f, 0x99, 0x13, 0x5c, 0x57, 0x0f, 0xfd, + 0xac, 0x0b, 0x10, 0x9a, 0x4f, 0x78, 0x0a, 0x86, + 0xe8, 0x07, 0x40, 0x40, 0x13, 0xba, 0x96, 0x07, + 0xd5, 0x39, 0x91, 0x51, 0x3e, 0x80, 0xd8, 0xa0, + 0x1f, 0xff, 0xdc, 0x9e, 0x09, 0x3b, 0xae, 0x38, + 0xa9, 0xc2, 0x14, 0x7b, 0xee, 0xd2, 0x69, 0x3d, + 0xd6, 0x26, 0x74, 0x72, 0x7b, 0x86, 0xd4, 0x13, + 0x5b, 0xb8, 0x76, 0x4b, 0x08, 0xfb, 0x93, 0xfa, + 0x44, 0xaf, 0x98, 0x3b, 0xfa, 0xd0, 0x2a, 0x04, + 0x8b, 0xb3, 0x3c, 0x6d, 0x32, 0xf7, 0x18, 0x6a, + 0x51, 0x0e, 0x40, 0x90, 0xce, 0x8e, 0xdf, 0xe8, + 0x07, 0x4c, 0x0f, 0xc7, 0xc8, 0xc2, 0x18, 0x58, + 0x6a, 0x01, 0xc8, 0x27, 0xd6, 0x43, 0x2a, 0xfb, + 0xa5, 0x34, 0x01, 0x3c, 0x72, 0xb1, 0x48, 0xce, + 0x2b, 0x9b, 0xb4, 0x69, 0xd9, 0x82, 0xf8, 0xbe, + 0x29, 0x88, 0x75, 0x96, 0xd8, 0xef, 0x78, 0x2a, + 0x07, 0x90, 0xa0, 0x56, 0x33, 0x42, 0x05, 0x19, + 0xb0, 0x69, 0x34, 0xf9, 0x03, 0xc5, 0xa8, 0x0d, + 0x72, 0xa2, 0x27, 0xb4, 0x45, 0x6d, 0xd2, 0x01, + 0x6c, 0xf1, 0x74, 0x51, 0x0a, 0x9a, 0xe2, 0xc1, + 0x96, 0x80, 0x30, 0x0e, 0xc6, 0xa9, 0x79, 0xf7, + 0x6f, 0xaf, 0xf6, 0xe8, 0x2a, 0xcc, 0xbd, 0xad, + 0x8f, 0xe0, 0x32, 0x87, 0x85, 0x49, 0x68, 0x88, + 0x15, 0x5c, 0xdb, 0x48, 0x40, 0xa2, 0xfa, 0x42, + 0xe8, 0x4e, 0x3e, 0xe2, 0x3f, 0xe0, 0xf3, 0x99, + 0x02, 0x82, 0x01, 0x00, 0x08, 0x39, 0x97, 0x69, + 0x6d, 0x44, 0x5b, 0x2c, 0x74, 0xf6, 0x5f, 0x40, + 0xe9, 0x1d, 0x24, 0x89, 0x1c, 0xaa, 0x9b, 0x8e, + 0x8b, 0x65, 0x02, 0xe4, 0xb5, 0x6c, 0x26, 0x32, + 0x98, 0xfb, 0x66, 0xe0, 0xfd, 0xef, 0xfe, 0x0f, + 0x41, 0x4a, 0x5c, 0xc4, 0xdf, 0xdf, 0x42, 0xa1, + 0x35, 0x46, 0x5e, 0x5b, 0xdd, 0x0c, 0x78, 0xbd, + 0x41, 0xb0, 0xa2, 0xdf, 0x68, 0xab, 0x23, 0xfc, + 0xa9, 0xac, 0xbd, 0xba, 0xd6, 0x54, 0x07, 0xc0, + 0x21, 0xa7, 0x6a, 0x96, 0x24, 0xdf, 0x20, 0x46, + 0x4d, 0x45, 0x27, 0x6c, 0x26, 0xea, 0x74, 0xeb, + 0x98, 0x89, 0x90, 0xdd, 0x8e, 0x23, 0x49, 0xf5, + 0xf7, 0x70, 0x9e, 0xb0, 0x5e, 0x10, 0x47, 0xe0, + 0x9a, 0x28, 0x88, 0xdf, 0xdb, 0xd8, 0x53, 0x0b, + 0x45, 0xf0, 0x19, 0x90, 0xe4, 0xdf, 0x02, 0x9f, + 0x60, 0x4e, 0x76, 0x11, 0x3b, 0x39, 0x24, 0xf1, + 0x3f, 0x3e, 0xb4, 0x8a, 0x1b, 0x84, 0xb7, 0x96, + 0xdf, 0xfb, 0xb0, 0xda, 0xec, 0x63, 0x68, 0x15, + 0xd7, 0xa9, 0xdb, 0x48, 0x9c, 0x12, 0xc3, 0xd6, + 0x85, 0xe8, 0x63, 0x1f, 0xd0, 0x1a, 0xb0, 0x12, + 0x60, 0x62, 0x43, 0xc1, 0x38, 0x86, 0x52, 0x23, + 0x7f, 0xc9, 0x62, 0xf8, 0x79, 0xbf, 0xb4, 0xfb, + 0x4e, 0x7e, 0x07, 0x22, 0x49, 0x8e, 0xbe, 0x6c, + 0xf0, 0x53, 0x5a, 0x53, 0xfd, 0x3c, 0x14, 0xd8, + 0xf7, 0x2c, 0x06, 0x2a, 0xe4, 0x64, 0xfd, 0x19, + 0x57, 0xa0, 0x92, 0xf6, 0xa3, 0x42, 0x47, 0x61, + 0x0b, 0xfd, 0x71, 0x5f, 0x98, 0xe2, 0x6c, 0x98, + 0xa8, 0xf9, 0xf9, 0x7f, 0x1c, 0x61, 0x5d, 0x8c, + 0xd1, 0xfb, 0x90, 0x28, 0x32, 0x9b, 0x7d, 0x82, + 0xf9, 0xcc, 0x47, 0xbe, 0xc7, 0x67, 0xc5, 0x93, + 0x22, 0x55, 0x0d, 0xd2, 0x73, 0xbe, 0xea, 0xed, + 0x4d, 0xb5, 0xf4, 0xc2, 0x25, 0x92, 0x44, 0x30, + 0xeb, 0xaa, 0x13, 0x11, 0x02, 0x82, 0x01, 0x01, + 0x00, 0x82, 0x42, 0x02, 0x53, 0x4e, 0x72, 0x16, + 0xf1, 0x21, 0xea, 0xe8, 0xc7, 0x10, 0xc8, 0xad, + 0x46, 0xec, 0xf1, 0x7a, 0x81, 0x8d, 0x94, 0xc3, + 0x2c, 0x9e, 0x62, 0xae, 0x0b, 0x4f, 0xb1, 0xe4, + 0x23, 0x18, 0x5d, 0x71, 0xb3, 0x71, 0x92, 0x3d, + 0x4b, 0xc6, 0x9d, 0xe8, 0x62, 0x90, 0xb7, 0xca, + 0x33, 0x4c, 0x59, 0xef, 0xd3, 0x51, 0x6d, 0xf8, + 0xac, 0x0d, 0x9b, 0x07, 0x41, 0xea, 0x87, 0xb9, + 0x8c, 0x4e, 0x96, 0x5b, 0xd0, 0x0d, 0x86, 0x5f, + 0xdc, 0x93, 0x48, 0x8b, 0xc3, 0xed, 0x1e, 0x3d, + 0xae, 0xeb, 0x52, 0xba, 0x0c, 0x3c, 0x9a, 0x2f, + 0x63, 0xc4, 0xd2, 0xe6, 0xc2, 0xb0, 0xe5, 0x24, + 0x93, 0x41, 0x2f, 0xe0, 0x8d, 0xd9, 0xb0, 0xc2, + 0x54, 0x91, 0x99, 0xc2, 0x9a, 0xc3, 0xb7, 0x79, + 0xea, 0x69, 0x83, 0xb7, 0x8d, 0x77, 0xf3, 0x60, + 0xe0, 0x88, 0x7d, 0x20, 0xc3, 0x8a, 0xe6, 0x4d, + 0x38, 0x2e, 0x3b, 0x0e, 0xe4, 0x9b, 0x01, 0x83, + 0xae, 0xe4, 0x71, 0xea, 0xc3, 0x22, 0xcb, 0xc1, + 0x59, 0xa9, 0xcc, 0x33, 0x56, 0xbc, 0xf9, 0x70, + 0xfe, 0xa2, 0xbb, 0xc0, 0x77, 0x6b, 0xe3, 0x79, + 0x8b, 0x95, 0x38, 0xba, 0x75, 0xdc, 0x5f, 0x7a, + 0x78, 0xab, 0x24, 0xbe, 0x26, 0x4d, 0x00, 0x8a, + 0xf1, 0x7e, 0x19, 0x64, 0x6f, 0xd3, 0x5f, 0xe8, + 0xdf, 0xa7, 0x59, 0xc5, 0x89, 0xb7, 0x2d, 0xa2, + 0xaf, 0xbd, 0xe0, 0x16, 0x56, 0x8f, 0xdc, 0x9e, + 0x28, 0x94, 0x3a, 0x07, 0xda, 0xb6, 0x2c, 0xb5, + 0x7d, 0x69, 0x14, 0xb0, 0x5e, 0x8a, 0x55, 0xef, + 0xfc, 0x6f, 0x10, 0x2b, 0xaa, 0x7a, 0xea, 0x12, + 0x9b, 0xb8, 0x6f, 0xb9, 0x71, 0x20, 0x30, 0xde, + 0x48, 0xa4, 0xb9, 0x61, 0xae, 0x5c, 0x33, 0x8d, + 0x02, 0xe8, 0x00, 0x99, 0xed, 0xc8, 0x8d, 0xc1, + 0x04, 0x95, 0xf1, 0x7f, 0xcb, 0x1f, 0xbc, 0x76, + 0x11, 0x02, 0x82, 0x01, 0x00, 0x2d, 0x0c, 0xa9, + 0x8f, 0x11, 0xc2, 0xf3, 0x02, 0xc8, 0xf2, 0x55, + 0xc5, 0x6d, 0x25, 0x88, 0xba, 0x59, 0xf6, 0xd1, + 0xdb, 0x94, 0x2f, 0x0b, 0x65, 0x2c, 0xad, 0x54, + 0xe0, 0x2b, 0xe6, 0xa3, 0x49, 0xa2, 0xb3, 0xca, + 0xd7, 0xec, 0x27, 0x32, 0xbb, 0xa4, 0x16, 0x90, + 0xbb, 0x67, 0xad, 0x1b, 0xb9, 0x0f, 0x78, 0xcb, + 0xad, 0x5c, 0xc3, 0x66, 0xd6, 0xbb, 0x97, 0x28, + 0x01, 0x31, 0xf9, 0x0f, 0x71, 0x2a, 0xb9, 0x5b, + 0xea, 0x34, 0x49, 0x9c, 0x6b, 0x13, 0x40, 0x65, + 0xbd, 0x18, 0x0a, 0x14, 0xf9, 0x33, 0x47, 0xe8, + 0x9f, 0x64, 0x0e, 0x24, 0xf6, 0xbb, 0x90, 0x23, + 0x66, 0x01, 0xa6, 0xa4, 0xa9, 0x7f, 0x64, 0x51, + 0xa3, 0x8a, 0x73, 0xc1, 0x80, 0xaf, 0x7a, 0x49, + 0x75, 0x5d, 0x56, 0x1c, 0xaa, 0x3f, 0x64, 0xa9, + 0x96, 0xfd, 0xb0, 0x90, 0xc5, 0xe0, 0x3d, 0x36, + 0x05, 0xad, 0xad, 0x84, 0x93, 0x84, 0xab, 0x1b, + 0x34, 0x57, 0x39, 0xae, 0x0e, 0x80, 0x0f, 0x4a, + 0x9b, 0x32, 0x56, 0xbd, 0x30, 0xeb, 0xd1, 0xc8, + 0xc4, 0x9f, 0x9c, 0x07, 0xb6, 0x05, 0xb1, 0x21, + 0x7f, 0x69, 0x92, 0x9f, 0xb7, 0x68, 0xe7, 0xde, + 0xb7, 0xbc, 0xb4, 0x89, 0x5b, 0x1c, 0x1b, 0x48, + 0xd1, 0x44, 0x6e, 0xd7, 0x6b, 0xe2, 0xa1, 0xf4, + 0xbf, 0x17, 0xb4, 0x43, 0x70, 0x26, 0xd4, 0xb9, + 0xf5, 0x19, 0x09, 0x08, 0xe9, 0xa3, 0x49, 0x7d, + 0x2f, 0xdc, 0xe8, 0x75, 0x79, 0xa1, 0xc1, 0x70, + 0x1b, 0x60, 0x97, 0xaf, 0x0c, 0x56, 0x68, 0xac, + 0x0e, 0x53, 0xbe, 0x56, 0xf4, 0xc3, 0xb1, 0xfb, + 0xfb, 0xff, 0x73, 0x5b, 0xa7, 0xf6, 0x99, 0x0e, + 0x14, 0x5a, 0x5f, 0x9d, 0xbd, 0x8e, 0x94, 0xec, + 0x8b, 0x38, 0x72, 0xbc, 0x8b, 0xca, 0x32, 0xa8, + 0x39, 0x43, 0xb1, 0x1d, 0x43, 0x29, 0xbe, 0x60, + 0xdb, 0x91, 0x6c, 0x9c, 0x06, +}; diff --git a/tests/unit/meson.build b/tests/unit/meson.build index a8af85128d..80ca622680 100644 --- a/tests/unit/meson.build +++ b/tests/unit/meson.build @@ -78,6 +78,7 @@ if have_block 'test-crypto-hash': [crypto], 'test-crypto-hmac': [crypto], 'test-crypto-cipher': [crypto], + 'test-crypto-akcipher': [crypto], 'test-crypto-secret': [crypto, keyutils], 'test-authz-simple': [authz], 'test-authz-list': [authz], diff --git a/tests/unit/test-crypto-akcipher.c b/tests/unit/test-crypto-akc= ipher.c new file mode 100644 index 0000000000..b5be563884 --- /dev/null +++ b/tests/unit/test-crypto-akcipher.c @@ -0,0 +1,711 @@ +/* + * QEMU Crypto cipher algorithms + * + * Copyright (c) 2022 Bytedance + * Author: lei he + * + * This library is free software; you can redistribute it and/or + * modify it under the terms of the GNU Lesser General Public + * License as published by the Free Software Foundation; either + * version 2.1 of the License, or (at your option) any later version. + * + * This library is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU + * Lesser General Public License for more details. + * + * You should have received a copy of the GNU Lesser General Public + * License along with this library; if not, see . + * + */ + +#include "qemu/osdep.h" + +#include "crypto/init.h" +#include "crypto/akcipher.h" +#include "qapi/error.h" + +static const uint8_t rsa1024_private_key[] =3D { + 0x30, 0x82, 0x02, 0x5c, 0x02, 0x01, 0x00, 0x02, + 0x81, 0x81, 0x00, 0xe6, 0x4d, 0x76, 0x4f, 0xb2, + 0x97, 0x09, 0xad, 0x9d, 0x17, 0x33, 0xf2, 0x30, + 0x42, 0x83, 0xa9, 0xcb, 0x49, 0xa4, 0x2e, 0x59, + 0x5e, 0x75, 0x51, 0xd1, 0xac, 0xc8, 0x86, 0x3e, + 0xdb, 0x72, 0x2e, 0xb2, 0xf7, 0xc3, 0x5b, 0xc7, + 0xea, 0xed, 0x30, 0xd1, 0xf7, 0x37, 0xee, 0x9d, + 0x36, 0x59, 0x6f, 0xf8, 0xce, 0xc0, 0x5c, 0x82, + 0x80, 0x37, 0x83, 0xd7, 0x45, 0x6a, 0xe9, 0xea, + 0xc5, 0x3a, 0x59, 0x6b, 0x34, 0x31, 0x44, 0x00, + 0x74, 0xa7, 0x29, 0xab, 0x79, 0x4a, 0xbd, 0xe8, + 0x25, 0x35, 0x01, 0x11, 0x40, 0xbf, 0x31, 0xbd, + 0xd3, 0xe0, 0x68, 0x1e, 0xd5, 0x5b, 0x2f, 0xe9, + 0x20, 0xf2, 0x9f, 0x46, 0x35, 0x30, 0xa8, 0xf1, + 0xfe, 0xef, 0xd8, 0x76, 0x23, 0x46, 0x34, 0x70, + 0xa1, 0xce, 0xc6, 0x65, 0x6d, 0xb0, 0x94, 0x7e, + 0xe5, 0x92, 0x45, 0x7b, 0xaa, 0xbb, 0x95, 0x97, + 0x77, 0xcd, 0xd3, 0x02, 0x03, 0x01, 0x00, 0x01, + 0x02, 0x81, 0x80, 0x30, 0x6a, 0xc4, 0x9e, 0xc8, + 0xba, 0xfc, 0x2b, 0xe5, 0xc4, 0xc5, 0x04, 0xfb, + 0xa4, 0x60, 0x2d, 0xc8, 0x31, 0x39, 0x35, 0x0d, + 0x50, 0xd0, 0x75, 0x5d, 0x11, 0x68, 0x2e, 0xe0, + 0xf4, 0x1d, 0xb3, 0x37, 0xa8, 0xe3, 0x07, 0x5e, + 0xa6, 0x43, 0x2b, 0x6a, 0x59, 0x01, 0x07, 0x47, + 0x41, 0xef, 0xd7, 0x9c, 0x85, 0x4a, 0xe7, 0xa7, + 0xff, 0xf0, 0xab, 0xe5, 0x0c, 0x11, 0x08, 0x10, + 0x75, 0x5a, 0x68, 0xa0, 0x08, 0x03, 0xc9, 0x40, + 0x79, 0x67, 0x1d, 0x65, 0x89, 0x2d, 0x08, 0xf9, + 0xb5, 0x1b, 0x7d, 0xd2, 0x41, 0x3b, 0x33, 0xf2, + 0x47, 0x2f, 0x9c, 0x0b, 0xd5, 0xaf, 0xcb, 0xdb, + 0xbb, 0x37, 0x63, 0x03, 0xf8, 0xe7, 0x2e, 0xc7, + 0x3c, 0x86, 0x9f, 0xc2, 0x9b, 0xb4, 0x70, 0x6a, + 0x4d, 0x7c, 0xe4, 0x1b, 0x3a, 0xa9, 0xae, 0xd7, + 0xce, 0x7f, 0x56, 0xc2, 0x73, 0x5e, 0x58, 0x63, + 0xd5, 0x86, 0x41, 0x02, 0x41, 0x00, 0xf6, 0x56, + 0x69, 0xec, 0xef, 0x65, 0x95, 0xdc, 0x25, 0x47, + 0xe0, 0x6f, 0xb0, 0x4f, 0x79, 0x77, 0x0a, 0x5e, + 0x46, 0xcb, 0xbd, 0x0b, 0x71, 0x51, 0x2a, 0xa4, + 0x65, 0x29, 0x18, 0xc6, 0x30, 0xa0, 0x95, 0x4c, + 0x4b, 0xbe, 0x8c, 0x40, 0xe3, 0x9c, 0x23, 0x02, + 0x14, 0x43, 0xe9, 0x64, 0xea, 0xe3, 0xa8, 0xe2, + 0x1a, 0xd5, 0xf9, 0x5c, 0xe0, 0x36, 0x2c, 0x97, + 0xda, 0xd5, 0xc7, 0x46, 0xce, 0x11, 0x02, 0x41, + 0x00, 0xef, 0x56, 0x08, 0xb8, 0x29, 0xa5, 0xa6, + 0x7c, 0xf7, 0x5f, 0xb4, 0xf5, 0x63, 0xe7, 0xeb, + 0x45, 0xfd, 0x89, 0xaa, 0x94, 0xa6, 0x3d, 0x0b, + 0xd9, 0x04, 0x6f, 0x78, 0xe0, 0xbb, 0xa2, 0xd4, + 0x29, 0x83, 0x17, 0x95, 0x6f, 0x50, 0x3d, 0x40, + 0x5d, 0xe5, 0x24, 0xda, 0xc2, 0x23, 0x50, 0x86, + 0xa8, 0x34, 0xc8, 0x6f, 0xec, 0x7f, 0xb6, 0x45, + 0x3a, 0xdd, 0x78, 0x9b, 0xee, 0xa1, 0xe4, 0x09, + 0xa3, 0x02, 0x40, 0x5c, 0xd6, 0x66, 0x67, 0x58, + 0x35, 0xc5, 0xcb, 0xc8, 0xf5, 0x14, 0xbd, 0xa3, + 0x09, 0xe0, 0xb2, 0x1f, 0x63, 0x36, 0x75, 0x34, + 0x52, 0xea, 0xaa, 0xf7, 0x52, 0x2b, 0x99, 0xd8, + 0x6f, 0x61, 0x06, 0x34, 0x1e, 0x23, 0xf1, 0xb5, + 0x34, 0x03, 0x53, 0xe5, 0xd1, 0xb3, 0xc7, 0x80, + 0x5f, 0x7b, 0x32, 0xbf, 0x84, 0x2f, 0x2e, 0xf3, + 0x22, 0xb0, 0x91, 0x5a, 0x2f, 0x04, 0xd7, 0x4a, + 0x9a, 0x01, 0xb1, 0x02, 0x40, 0x34, 0x0b, 0x26, + 0x4c, 0x3d, 0xaa, 0x2a, 0xc0, 0xe3, 0xdd, 0xe8, + 0xf0, 0xaf, 0x6f, 0xe0, 0x06, 0x51, 0x32, 0x9d, + 0x68, 0x43, 0x99, 0xe4, 0xb8, 0xa5, 0x31, 0x44, + 0x3c, 0xc2, 0x30, 0x8f, 0x28, 0x13, 0xbc, 0x8e, + 0x1f, 0x2d, 0x78, 0x94, 0x45, 0x96, 0xad, 0x63, + 0xf0, 0x71, 0x53, 0x72, 0x64, 0xa3, 0x4d, 0xae, + 0xa0, 0xe3, 0xc8, 0x93, 0xd7, 0x50, 0x0f, 0x89, + 0x00, 0xe4, 0x2d, 0x3d, 0x37, 0x02, 0x41, 0x00, + 0xbe, 0xa6, 0x08, 0xe0, 0xc8, 0x15, 0x2a, 0x47, + 0xcb, 0xd5, 0xec, 0x93, 0xd3, 0xaa, 0x12, 0x82, + 0xaf, 0xac, 0x51, 0x5a, 0x5b, 0xa7, 0x93, 0x4b, + 0xb9, 0xab, 0x00, 0xfa, 0x5a, 0xea, 0x34, 0xe4, + 0x80, 0xf1, 0x44, 0x6a, 0x65, 0xe4, 0x33, 0x99, + 0xfb, 0x54, 0xd7, 0x89, 0x5a, 0x1b, 0xd6, 0x2b, + 0xcc, 0x6e, 0x4b, 0x19, 0xa0, 0x6d, 0x93, 0x9f, + 0xc3, 0x91, 0x7a, 0xa5, 0xd8, 0x59, 0x0e, 0x9e, +}; + +static const uint8_t rsa1024_public_key[] =3D { + 0x30, 0x81, 0x89, 0x02, 0x81, 0x81, 0x00, 0xe6, + 0x4d, 0x76, 0x4f, 0xb2, 0x97, 0x09, 0xad, 0x9d, + 0x17, 0x33, 0xf2, 0x30, 0x42, 0x83, 0xa9, 0xcb, + 0x49, 0xa4, 0x2e, 0x59, 0x5e, 0x75, 0x51, 0xd1, + 0xac, 0xc8, 0x86, 0x3e, 0xdb, 0x72, 0x2e, 0xb2, + 0xf7, 0xc3, 0x5b, 0xc7, 0xea, 0xed, 0x30, 0xd1, + 0xf7, 0x37, 0xee, 0x9d, 0x36, 0x59, 0x6f, 0xf8, + 0xce, 0xc0, 0x5c, 0x82, 0x80, 0x37, 0x83, 0xd7, + 0x45, 0x6a, 0xe9, 0xea, 0xc5, 0x3a, 0x59, 0x6b, + 0x34, 0x31, 0x44, 0x00, 0x74, 0xa7, 0x29, 0xab, + 0x79, 0x4a, 0xbd, 0xe8, 0x25, 0x35, 0x01, 0x11, + 0x40, 0xbf, 0x31, 0xbd, 0xd3, 0xe0, 0x68, 0x1e, + 0xd5, 0x5b, 0x2f, 0xe9, 0x20, 0xf2, 0x9f, 0x46, + 0x35, 0x30, 0xa8, 0xf1, 0xfe, 0xef, 0xd8, 0x76, + 0x23, 0x46, 0x34, 0x70, 0xa1, 0xce, 0xc6, 0x65, + 0x6d, 0xb0, 0x94, 0x7e, 0xe5, 0x92, 0x45, 0x7b, + 0xaa, 0xbb, 0x95, 0x97, 0x77, 0xcd, 0xd3, 0x02, + 0x03, 0x01, 0x00, 0x01, +}; + +static const uint8_t rsa2048_private_key[] =3D { + 0x30, 0x82, 0x04, 0xa4, 0x02, 0x01, 0x00, 0x02, + 0x82, 0x01, 0x01, 0x00, 0xbd, 0x9c, 0x83, 0x6b, + 0x0e, 0x8e, 0xcf, 0xfa, 0xaa, 0x4f, 0x6a, 0xf4, + 0xe3, 0x52, 0x0f, 0xa5, 0xd0, 0xbe, 0x5e, 0x7f, + 0x08, 0x24, 0xba, 0x87, 0x46, 0xfb, 0x28, 0x93, + 0xe5, 0xe5, 0x81, 0x42, 0xc0, 0xf9, 0x17, 0xc7, + 0x81, 0x01, 0xf4, 0x18, 0x6a, 0x17, 0xf5, 0x57, + 0x20, 0x37, 0xcf, 0xf9, 0x74, 0x5e, 0xe1, 0x48, + 0x6a, 0x71, 0x0a, 0x0f, 0x79, 0x72, 0x2b, 0x46, + 0x10, 0x53, 0xdc, 0x14, 0x43, 0xbd, 0xbc, 0x6d, + 0x15, 0x6f, 0x15, 0x4e, 0xf0, 0x0d, 0x89, 0x39, + 0x02, 0xc3, 0x68, 0x5c, 0xa8, 0xfc, 0xed, 0x64, + 0x9d, 0x98, 0xb7, 0xcd, 0x83, 0x66, 0x93, 0xc3, + 0xd9, 0x57, 0xa0, 0x21, 0x93, 0xad, 0x5c, 0x75, + 0x69, 0x88, 0x9e, 0x81, 0xdc, 0x7f, 0x1d, 0xd5, + 0xbd, 0x1c, 0xc1, 0x30, 0x56, 0xa5, 0xda, 0x99, + 0x46, 0xa6, 0x6d, 0x0e, 0x6f, 0x5e, 0x51, 0x34, + 0x49, 0x73, 0xc3, 0x67, 0x49, 0x7e, 0x21, 0x2a, + 0x20, 0xa7, 0x2b, 0x92, 0x73, 0x1d, 0xa5, 0x25, + 0x2a, 0xd0, 0x3a, 0x89, 0x75, 0xb2, 0xbb, 0x19, + 0x37, 0x78, 0x48, 0xd2, 0xf2, 0x2a, 0x6d, 0x9e, + 0xc6, 0x26, 0xca, 0x46, 0x8c, 0xf1, 0x42, 0x2a, + 0x31, 0xb2, 0xfc, 0xe7, 0x55, 0x51, 0xff, 0x07, + 0x13, 0x5b, 0x36, 0x59, 0x2b, 0x43, 0x30, 0x4b, + 0x05, 0x5c, 0xd2, 0x45, 0xa0, 0xa0, 0x7c, 0x17, + 0x5b, 0x07, 0xbb, 0x5d, 0x83, 0x80, 0x92, 0x6d, + 0x87, 0x1a, 0x43, 0xac, 0xc7, 0x6b, 0x8d, 0x11, + 0x60, 0x27, 0xd2, 0xdf, 0xdb, 0x71, 0x02, 0x55, + 0x6e, 0xb5, 0xca, 0x4d, 0xda, 0x59, 0x0d, 0xb8, + 0x8c, 0xcd, 0xd3, 0x0e, 0x55, 0xa0, 0xa4, 0x8d, + 0xa0, 0x14, 0x10, 0x48, 0x42, 0x35, 0x56, 0x08, + 0xf7, 0x29, 0x5f, 0xa2, 0xea, 0xa4, 0x5e, 0x8e, + 0x99, 0x56, 0xaa, 0x5a, 0x8c, 0x23, 0x8f, 0x35, + 0x22, 0x8a, 0xff, 0xed, 0x02, 0x03, 0x01, 0x00, + 0x01, 0x02, 0x82, 0x01, 0x00, 0x4e, 0x4a, 0xf3, + 0x44, 0xe0, 0x64, 0xfd, 0xe1, 0xde, 0x33, 0x1e, + 0xd1, 0xf1, 0x8f, 0x6f, 0xe0, 0xa2, 0xfa, 0x08, + 0x60, 0xe1, 0xc6, 0xf0, 0xb2, 0x6d, 0x0f, 0xc6, + 0x28, 0x93, 0xb4, 0x19, 0x94, 0xab, 0xc3, 0xef, + 0x1a, 0xb4, 0xdd, 0x4e, 0xa2, 0x4a, 0x24, 0x8c, + 0x6c, 0xa6, 0x64, 0x05, 0x5f, 0x56, 0xba, 0xda, + 0xc1, 0x21, 0x1a, 0x7d, 0xf1, 0xf7, 0xce, 0xb9, + 0xa9, 0x9b, 0x92, 0x54, 0xfc, 0x95, 0x20, 0x22, + 0x4e, 0xd4, 0x9b, 0xe2, 0xab, 0x8e, 0x99, 0xb8, + 0x40, 0xaf, 0x30, 0x6a, 0xc6, 0x60, 0x0c, 0xd8, + 0x25, 0x44, 0xa1, 0xcb, 0xbb, 0x73, 0x77, 0x86, + 0xaa, 0x46, 0xf3, 0x54, 0xae, 0xa8, 0xa0, 0xdb, + 0xdd, 0xab, 0x6e, 0xfb, 0x2c, 0x5a, 0x14, 0xaf, + 0x08, 0x13, 0xa7, 0x6c, 0xe9, 0xfd, 0xcd, 0x4c, + 0x1f, 0x20, 0x3a, 0x16, 0x2b, 0xf0, 0xb6, 0x7c, + 0x47, 0x5f, 0xd1, 0x0a, 0x2c, 0xc4, 0xa5, 0x68, + 0xd0, 0x43, 0x75, 0x6b, 0x65, 0xaa, 0x32, 0xc6, + 0x99, 0x06, 0xcb, 0x8f, 0xe6, 0x8d, 0xce, 0xbf, + 0x4d, 0x0d, 0x7b, 0x22, 0x2a, 0x8a, 0xcb, 0x7d, + 0x7f, 0x16, 0x48, 0x85, 0xf1, 0x86, 0xcb, 0x54, + 0xb9, 0x39, 0xd4, 0xbc, 0xe3, 0x2d, 0x27, 0x59, + 0xf6, 0x81, 0x5e, 0x94, 0x45, 0xdf, 0xb9, 0x22, + 0xaf, 0x64, 0x0d, 0x14, 0xec, 0x8c, 0xeb, 0x71, + 0xac, 0xee, 0x09, 0x4c, 0xbf, 0x34, 0xf9, 0xf4, + 0x66, 0x77, 0x36, 0x3b, 0x41, 0x74, 0x01, 0x4f, + 0xfc, 0x56, 0x83, 0xba, 0x14, 0xb0, 0x2f, 0xdd, + 0x4d, 0xb9, 0x3f, 0xdf, 0x71, 0xbe, 0x7b, 0xba, + 0x66, 0xc8, 0xc5, 0x42, 0xc9, 0xba, 0x18, 0x63, + 0x45, 0x07, 0x2f, 0x84, 0x3e, 0xc3, 0xfb, 0x47, + 0xda, 0xd4, 0x1d, 0x0e, 0x9d, 0x96, 0xc0, 0xea, + 0xee, 0x45, 0x2f, 0xe1, 0x62, 0x23, 0xee, 0xef, + 0x3d, 0x5e, 0x55, 0xa1, 0x0d, 0x02, 0x81, 0x81, + 0x00, 0xeb, 0x76, 0x88, 0xd3, 0xae, 0x3f, 0x1d, + 0xf2, 0x49, 0xe0, 0x37, 0x49, 0x83, 0x82, 0x6c, + 0xf7, 0xf1, 0x17, 0x30, 0x75, 0x2e, 0x89, 0x06, + 0x88, 0x56, 0x32, 0xf6, 0xfa, 0x58, 0xcb, 0x3c, + 0x98, 0x67, 0xc3, 0xde, 0x10, 0x82, 0xe5, 0xfa, + 0xfa, 0x52, 0x47, 0x8d, 0xd7, 0x00, 0xc6, 0xcb, + 0xf7, 0xf6, 0x57, 0x9b, 0x6e, 0x0c, 0xac, 0xe8, + 0x3b, 0xd1, 0xde, 0xb5, 0x34, 0xaf, 0x8b, 0x2a, + 0xb0, 0x2d, 0x01, 0xeb, 0x7c, 0xa0, 0x42, 0x26, + 0xbb, 0x2b, 0x43, 0x0e, 0x1d, 0xe2, 0x4e, 0xc9, + 0xc1, 0x0a, 0x67, 0x1d, 0xfc, 0x83, 0x25, 0xce, + 0xb2, 0x18, 0xd9, 0x0d, 0x70, 0xf5, 0xa3, 0x5a, + 0x9c, 0x99, 0xdd, 0x47, 0xa1, 0x57, 0xe7, 0x20, + 0xde, 0xa1, 0x29, 0x8d, 0x96, 0x62, 0xf9, 0x26, + 0x95, 0x51, 0xa6, 0xe7, 0x09, 0x8b, 0xba, 0x16, + 0x8b, 0x19, 0x5b, 0xf9, 0x27, 0x0d, 0xc5, 0xd6, + 0x5f, 0x02, 0x81, 0x81, 0x00, 0xce, 0x26, 0x31, + 0xb5, 0x43, 0x53, 0x95, 0x39, 0xdd, 0x01, 0x98, + 0x8b, 0x3d, 0x27, 0xeb, 0x0b, 0x87, 0x1c, 0x95, + 0xfc, 0x3e, 0x36, 0x51, 0x31, 0xb5, 0xea, 0x59, + 0x56, 0xc0, 0x97, 0x62, 0xf0, 0x63, 0x2b, 0xb6, + 0x30, 0x9b, 0xdf, 0x19, 0x10, 0xe9, 0xa0, 0x3d, + 0xea, 0x54, 0x5a, 0xe6, 0xc6, 0x9e, 0x7e, 0xb5, + 0xf0, 0xb0, 0x54, 0xef, 0xc3, 0xe1, 0x47, 0xa6, + 0x95, 0xc7, 0xe4, 0xa3, 0x4a, 0x30, 0x68, 0x24, + 0x98, 0x7d, 0xc1, 0x34, 0xa9, 0xcb, 0xbc, 0x3c, + 0x08, 0x9c, 0x7d, 0x0c, 0xa2, 0xb7, 0x60, 0xaa, + 0x38, 0x08, 0x16, 0xa6, 0x7f, 0xdb, 0xd2, 0xb1, + 0x67, 0xe7, 0x93, 0x8e, 0xbb, 0x7e, 0xb9, 0xb5, + 0xd0, 0xd0, 0x9f, 0x7b, 0xcc, 0x46, 0xe6, 0x74, + 0x78, 0x1a, 0x96, 0xd6, 0xd7, 0x74, 0x34, 0x54, + 0x3b, 0x54, 0x55, 0x7f, 0x89, 0x81, 0xbc, 0x40, + 0x55, 0x87, 0x24, 0x95, 0x33, 0x02, 0x81, 0x81, + 0x00, 0xb0, 0x18, 0x5d, 0x2a, 0x1a, 0x95, 0x9f, + 0x9a, 0xd5, 0x3f, 0x37, 0x79, 0xe6, 0x3d, 0x83, + 0xab, 0x46, 0x86, 0x36, 0x3a, 0x5d, 0x0c, 0x23, + 0x73, 0x91, 0x2b, 0xda, 0x63, 0xce, 0x46, 0x68, + 0xd1, 0xfe, 0x40, 0x90, 0xf2, 0x3e, 0x43, 0x2b, + 0x19, 0x4c, 0xb1, 0xb0, 0xd5, 0x8c, 0x02, 0x21, + 0x07, 0x18, 0x17, 0xda, 0xe9, 0x49, 0xd7, 0x82, + 0x73, 0x42, 0x78, 0xd1, 0x82, 0x4e, 0x8a, 0xc0, + 0xe9, 0x33, 0x2f, 0xcd, 0x62, 0xce, 0x23, 0xca, + 0xfd, 0x8d, 0xd4, 0x3f, 0x59, 0x80, 0x27, 0xb6, + 0x61, 0x85, 0x9b, 0x2a, 0xe4, 0xef, 0x5c, 0x36, + 0x22, 0x21, 0xcd, 0x2a, 0x6d, 0x41, 0x77, 0xe2, + 0xcb, 0x5d, 0x93, 0x0d, 0x00, 0x10, 0x52, 0x8d, + 0xd5, 0x92, 0x28, 0x16, 0x78, 0xd3, 0x1a, 0x4c, + 0x8d, 0xbd, 0x9c, 0x1a, 0x0b, 0x9c, 0x91, 0x16, + 0x4c, 0xff, 0x31, 0x36, 0xbb, 0xcb, 0x64, 0x1a, + 0xf7, 0x02, 0x81, 0x80, 0x32, 0x65, 0x09, 0xdf, + 0xca, 0xee, 0xa2, 0xdb, 0x3b, 0x58, 0xc9, 0x86, + 0xb8, 0x53, 0x8a, 0xd5, 0x0d, 0x99, 0x82, 0x5c, + 0xe0, 0x84, 0x7c, 0xc2, 0xcf, 0x3a, 0xd3, 0xce, + 0x2e, 0x54, 0x93, 0xbe, 0x3a, 0x30, 0x14, 0x60, + 0xbb, 0xaa, 0x05, 0x41, 0xaa, 0x2b, 0x1f, 0x17, + 0xaa, 0xb9, 0x72, 0x12, 0xf9, 0xe9, 0xf5, 0xe6, + 0x39, 0xe4, 0xf9, 0x9c, 0x03, 0xf5, 0x75, 0x16, + 0xc6, 0x7f, 0xf1, 0x1f, 0x10, 0xc8, 0x54, 0xb1, + 0xe6, 0x84, 0x15, 0xb0, 0xb0, 0x7a, 0x7a, 0x9e, + 0x8c, 0x4a, 0xd1, 0x8c, 0xf1, 0x91, 0x32, 0xeb, + 0x71, 0xa6, 0xbf, 0xdb, 0x1f, 0xcc, 0xd8, 0xcb, + 0x92, 0xc3, 0xf2, 0xaf, 0x89, 0x22, 0x32, 0xfd, + 0x32, 0x12, 0xda, 0xbb, 0xac, 0x55, 0x68, 0x01, + 0x78, 0x56, 0x89, 0x7c, 0xb0, 0x0e, 0x9e, 0xcc, + 0xc6, 0x28, 0x04, 0x7e, 0x83, 0xf5, 0x96, 0x30, + 0x92, 0x51, 0xf2, 0x1b, 0x02, 0x81, 0x81, 0x00, + 0x83, 0x6d, 0xd1, 0x98, 0x90, 0x41, 0x8c, 0xa7, + 0x92, 0x83, 0xac, 0x89, 0x05, 0x0c, 0x79, 0x67, + 0x90, 0xb6, 0xa1, 0xf3, 0x2f, 0xca, 0xf0, 0x15, + 0xe0, 0x30, 0x58, 0xe9, 0x4f, 0xcb, 0x4c, 0x56, + 0x56, 0x56, 0x14, 0x3f, 0x1b, 0x79, 0xb6, 0xef, + 0x57, 0x4b, 0x28, 0xbd, 0xb0, 0xe6, 0x0c, 0x49, + 0x4b, 0xbe, 0xe1, 0x57, 0x28, 0x2a, 0x23, 0x5e, + 0xc4, 0xa2, 0x19, 0x4b, 0x00, 0x67, 0x78, 0xd9, + 0x26, 0x6e, 0x17, 0x25, 0xce, 0xe4, 0xfd, 0xde, + 0x86, 0xa8, 0x5a, 0x67, 0x47, 0x6b, 0x15, 0x09, + 0xe1, 0xec, 0x8e, 0x62, 0x98, 0x91, 0x6f, 0xc0, + 0x98, 0x0c, 0x70, 0x0e, 0x7d, 0xbe, 0x63, 0xbd, + 0x12, 0x5a, 0x98, 0x1c, 0xe3, 0x0c, 0xfb, 0xc7, + 0xfb, 0x1b, 0xbd, 0x02, 0x87, 0xcc, 0x0c, 0xbb, + 0xc2, 0xd4, 0xb6, 0xc1, 0xa1, 0x23, 0xd3, 0x1e, + 0x21, 0x6f, 0x48, 0xba, 0x0e, 0x2e, 0xc7, 0x42 +}; + +static const uint8_t rsa2048_public_key[] =3D { + 0x30, 0x82, 0x01, 0x0a, 0x02, 0x82, 0x01, 0x01, + 0x00, 0xbd, 0x9c, 0x83, 0x6b, 0x0e, 0x8e, 0xcf, + 0xfa, 0xaa, 0x4f, 0x6a, 0xf4, 0xe3, 0x52, 0x0f, + 0xa5, 0xd0, 0xbe, 0x5e, 0x7f, 0x08, 0x24, 0xba, + 0x87, 0x46, 0xfb, 0x28, 0x93, 0xe5, 0xe5, 0x81, + 0x42, 0xc0, 0xf9, 0x17, 0xc7, 0x81, 0x01, 0xf4, + 0x18, 0x6a, 0x17, 0xf5, 0x57, 0x20, 0x37, 0xcf, + 0xf9, 0x74, 0x5e, 0xe1, 0x48, 0x6a, 0x71, 0x0a, + 0x0f, 0x79, 0x72, 0x2b, 0x46, 0x10, 0x53, 0xdc, + 0x14, 0x43, 0xbd, 0xbc, 0x6d, 0x15, 0x6f, 0x15, + 0x4e, 0xf0, 0x0d, 0x89, 0x39, 0x02, 0xc3, 0x68, + 0x5c, 0xa8, 0xfc, 0xed, 0x64, 0x9d, 0x98, 0xb7, + 0xcd, 0x83, 0x66, 0x93, 0xc3, 0xd9, 0x57, 0xa0, + 0x21, 0x93, 0xad, 0x5c, 0x75, 0x69, 0x88, 0x9e, + 0x81, 0xdc, 0x7f, 0x1d, 0xd5, 0xbd, 0x1c, 0xc1, + 0x30, 0x56, 0xa5, 0xda, 0x99, 0x46, 0xa6, 0x6d, + 0x0e, 0x6f, 0x5e, 0x51, 0x34, 0x49, 0x73, 0xc3, + 0x67, 0x49, 0x7e, 0x21, 0x2a, 0x20, 0xa7, 0x2b, + 0x92, 0x73, 0x1d, 0xa5, 0x25, 0x2a, 0xd0, 0x3a, + 0x89, 0x75, 0xb2, 0xbb, 0x19, 0x37, 0x78, 0x48, + 0xd2, 0xf2, 0x2a, 0x6d, 0x9e, 0xc6, 0x26, 0xca, + 0x46, 0x8c, 0xf1, 0x42, 0x2a, 0x31, 0xb2, 0xfc, + 0xe7, 0x55, 0x51, 0xff, 0x07, 0x13, 0x5b, 0x36, + 0x59, 0x2b, 0x43, 0x30, 0x4b, 0x05, 0x5c, 0xd2, + 0x45, 0xa0, 0xa0, 0x7c, 0x17, 0x5b, 0x07, 0xbb, + 0x5d, 0x83, 0x80, 0x92, 0x6d, 0x87, 0x1a, 0x43, + 0xac, 0xc7, 0x6b, 0x8d, 0x11, 0x60, 0x27, 0xd2, + 0xdf, 0xdb, 0x71, 0x02, 0x55, 0x6e, 0xb5, 0xca, + 0x4d, 0xda, 0x59, 0x0d, 0xb8, 0x8c, 0xcd, 0xd3, + 0x0e, 0x55, 0xa0, 0xa4, 0x8d, 0xa0, 0x14, 0x10, + 0x48, 0x42, 0x35, 0x56, 0x08, 0xf7, 0x29, 0x5f, + 0xa2, 0xea, 0xa4, 0x5e, 0x8e, 0x99, 0x56, 0xaa, + 0x5a, 0x8c, 0x23, 0x8f, 0x35, 0x22, 0x8a, 0xff, + 0xed, 0x02, 0x03, 0x01, 0x00, 0x01 +}; + +static const uint8_t test_sha1_dgst[] =3D { + 0x3c, 0x05, 0x19, 0x34, 0x29, 0x19, 0xc7, 0xe0, + 0x87, 0xb6, 0x24, 0xf9, 0x58, 0xac, 0xa4, 0xd4, + 0xb2, 0xd9, 0x03, 0x9e, +}; + +static const uint8_t exp_signature_rsa2048_pkcs1[] =3D { + 0x4e, 0x82, 0x56, 0x4c, 0x84, 0x66, 0xca, 0x1e, + 0xc6, 0x92, 0x46, 0x20, 0x02, 0x6b, 0x64, 0x46, + 0x15, 0x6b, 0x24, 0xf2, 0xbb, 0xfa, 0x44, 0x3c, + 0xaf, 0x42, 0xc8, 0x41, 0xfd, 0xce, 0xed, 0x95, + 0x34, 0xaf, 0x25, 0x09, 0xd1, 0x06, 0x94, 0xaa, + 0x52, 0xd4, 0x29, 0xc8, 0x52, 0x34, 0x67, 0x59, + 0x4f, 0x5a, 0xfd, 0x23, 0x30, 0x5e, 0xc7, 0x1e, + 0xa6, 0xe0, 0x1b, 0x23, 0xca, 0x82, 0x47, 0x9a, + 0x2e, 0x2c, 0x66, 0x45, 0x5a, 0x12, 0xa9, 0x15, + 0xbf, 0xd6, 0xd6, 0xfa, 0x8d, 0x60, 0x99, 0x89, + 0x91, 0x39, 0x06, 0xb7, 0xd3, 0x9a, 0xef, 0x15, + 0x7b, 0x95, 0x87, 0x77, 0x2c, 0x41, 0xd4, 0x71, + 0xd5, 0xdf, 0x22, 0x7b, 0x01, 0xe2, 0xc1, 0xfb, + 0xb9, 0x4e, 0x0c, 0x9b, 0xd5, 0x04, 0xed, 0x2b, + 0x7e, 0x73, 0x53, 0xaa, 0x33, 0x89, 0x9d, 0x95, + 0x28, 0x8f, 0x8b, 0x80, 0x34, 0x7a, 0xea, 0xe3, + 0x66, 0x8a, 0xa8, 0xad, 0xed, 0x91, 0x43, 0xdd, + 0x77, 0xe5, 0xd7, 0x16, 0xda, 0xa8, 0x00, 0x29, + 0x3f, 0x9f, 0xe0, 0x1d, 0x42, 0x9d, 0x35, 0x5d, + 0x0f, 0xf3, 0x90, 0x27, 0x3a, 0x8c, 0x46, 0x13, + 0x53, 0x3e, 0x3b, 0x38, 0x77, 0xf8, 0x57, 0x61, + 0xbc, 0xc4, 0x54, 0x68, 0x48, 0xae, 0x58, 0x03, + 0x33, 0x94, 0x3f, 0x18, 0x1e, 0xb3, 0x3f, 0x79, + 0xa7, 0x26, 0x92, 0x5d, 0x32, 0x2a, 0xdb, 0xe6, + 0x3a, 0xe8, 0xd7, 0xaa, 0x91, 0xfe, 0x9f, 0x06, + 0x26, 0x68, 0x8c, 0x27, 0x31, 0xb0, 0x04, 0x9e, + 0x94, 0x79, 0x63, 0xa1, 0xc7, 0xe8, 0x5b, 0x8c, + 0xd3, 0xf1, 0x88, 0x58, 0x31, 0x2f, 0x4e, 0x11, + 0x00, 0xfe, 0x29, 0xad, 0x2c, 0xa9, 0x8e, 0x63, + 0xd8, 0x7d, 0xc5, 0xa1, 0x71, 0xfa, 0x08, 0x29, + 0xea, 0xd6, 0x6c, 0x53, 0x00, 0x52, 0xa0, 0xed, + 0x6b, 0x7c, 0x67, 0x50, 0x71, 0x2d, 0x96, 0x7a, +}; + +static const uint8_t exp_signature_rsa1024_pkcs1[] =3D { + 0x6b, 0x5b, 0xbb, 0x3b, 0x1f, 0x08, 0xd8, 0xc0, + 0x4a, 0xf1, 0x5a, 0x12, 0xc2, 0x39, 0x14, 0x65, + 0x4f, 0xda, 0x79, 0x67, 0xf2, 0x89, 0x25, 0xad, + 0x9e, 0x7e, 0xba, 0xa8, 0x34, 0x15, 0x03, 0xdd, + 0x80, 0x6b, 0x01, 0xd7, 0x4a, 0xf3, 0xd6, 0xef, + 0x1e, 0x48, 0xf3, 0xbc, 0x75, 0x1a, 0xc4, 0x2c, + 0x90, 0x15, 0x9f, 0x21, 0x24, 0x98, 0x21, 0xef, + 0x6d, 0x3b, 0xf3, 0x82, 0x8f, 0x8d, 0xd8, 0x48, + 0x37, 0x16, 0x19, 0x8e, 0x3c, 0x64, 0xa0, 0x9e, + 0xf7, 0x0c, 0xd9, 0x5c, 0xc6, 0x13, 0xc4, 0x5f, + 0xf8, 0xf3, 0x59, 0x5b, 0xd0, 0x33, 0x95, 0x98, + 0xde, 0x67, 0x25, 0x58, 0x46, 0xba, 0xee, 0x0f, + 0x47, 0x7a, 0x7f, 0xd0, 0xe4, 0x77, 0x09, 0x17, + 0xe9, 0x81, 0x6e, 0x2d, 0x33, 0x9b, 0x13, 0x0b, + 0xc9, 0xb2, 0x0c, 0x2c, 0xb5, 0xdf, 0x52, 0x8f, + 0xab, 0x0d, 0xc6, 0x59, 0x1d, 0xc7, 0x33, 0x7b, +}; + +static const uint8_t test_plaintext[] =3D { + 0x00, 0x44, 0xbc, 0x6f, 0x77, 0xfb, 0xe2, 0xa4, + 0x98, 0x9e, 0xf5, 0x33, 0xa0, 0xbd, 0x81, 0xb9, + 0xf1, 0x44, 0x7f, 0x79, 0x89, 0x23, 0xe5, 0x46, + 0x66, 0x9f, 0x98, 0x95, 0x6f, 0x56, 0x78, 0xf6, + 0xf5, 0xac, 0x9c, 0xda, 0xc2, 0x79, 0x59, 0xf0, + 0x1b, 0x03, 0xfa, 0x46, 0x1c, 0x1f, 0x18, 0x07, + 0xce, 0xad, 0xed, 0x3d, 0x11, 0xf9, 0x1b, 0x26, + 0x4a, 0x97, 0x28, 0x71, 0x5f, 0x2c, 0x5e, 0x58, + 0xf0, 0xd6, 0xbf, 0xa4, 0x12, 0xd0, 0x1d, 0x07, + 0xcb, 0x73, 0x66, 0xb6, 0xa4, 0x09, 0xaf, 0x5d, + 0xe9, 0x14, 0x14, 0xaf, 0x69, 0xd6, 0xee, 0x0a, + 0xfc, 0xca, 0xac, 0x94, 0x47, 0xd5, 0x9d, 0x5b, + 0x2b, 0xfb, 0xce, 0x9d, 0x04, 0xc1, 0xaf, 0xa5, + 0xa1, 0x8d, 0xa9, 0x48, 0xa8, 0x65, 0xe6, 0x9f, + 0x74, 0x78, 0x16, 0x32, 0x93, 0xb5, 0x21, 0xb9, + 0x9f, 0x3f, 0xc1, 0xe5, 0xa2, 0x50, 0x8b, 0x12, + 0xfb, 0x3e, 0xb0, 0x8a, 0x00, 0xc7, 0x20, 0x56, + 0xb3, 0xb1, 0x29, 0x95, 0x89, 0xd6, 0x50, 0xf5, + 0x37, 0x38, 0x8e, 0x12, 0xf1, 0xba, 0x82, 0x37, + 0x34, 0x68, 0x4b, 0xe8, 0xe3, 0x11, 0x1c, 0x46, + 0xf9, 0x63, 0x3a, 0xd6, 0xf3, 0x3f, 0x55, 0xa6, + 0xbd, 0x89, 0xf1, 0x2d, 0x38, 0x91, 0x7c, 0xc2, + 0x4d, 0xf1, 0x69, 0x82, 0x6d, 0x71, 0x77, 0xf4, + 0xfc, 0x43, 0x20, 0x6f, 0x43, 0xb9, 0x43, 0xd1, + 0x65, 0xbd, 0xca, 0xb1, 0x43, 0x87, 0xf8, 0xc8, + 0x76, 0x21, 0xa9, 0xeb, 0x3e, 0x9a, 0xef, 0xc9, + 0x0e, 0x79, 0xbc, 0xf0, 0xf8, 0xc8, 0xe2, 0xbc, + 0x33, 0x35, 0x3e, 0xfc, 0xf9, 0x44, 0x69, 0x06, + 0x7c, 0x7f, 0x5d, 0xa2, 0x9e, 0xab, 0xc2, 0x82, + 0xa0, 0xfb, 0xc5, 0x79, 0x57, 0x8c, 0xf1, 0x1c, + 0x51, 0x64, 0x4c, 0x56, 0x08, 0x80, 0x32, 0xf4, + 0x97, 0x8f, 0x6f, 0xb2, 0x16, 0xa6, 0x9d, 0x71, +}; + +static const uint8_t exp_ciphertext_rsa1024_raw[] =3D { + 0x01, 0xa0, 0xc2, 0x94, 0x9f, 0xd6, 0xbe, 0x8d, + 0xe9, 0x24, 0xaa, 0x9c, 0x67, 0xd7, 0xe3, 0x04, + 0x34, 0xbf, 0xd3, 0x27, 0xa1, 0x43, 0xeb, 0x60, + 0x6b, 0x5b, 0x64, 0x15, 0x55, 0x16, 0x98, 0x35, + 0xc2, 0x59, 0xa7, 0xf7, 0x24, 0xf7, 0x05, 0xb9, + 0xe8, 0x56, 0x6f, 0xf2, 0x7d, 0x8b, 0x3c, 0xcb, + 0xa6, 0xc2, 0xac, 0x0c, 0x37, 0x8c, 0x70, 0x70, + 0x55, 0x05, 0x07, 0x0d, 0x63, 0x6b, 0x7d, 0x5f, + 0xae, 0x03, 0x1e, 0x55, 0x05, 0xbb, 0xa8, 0xe7, + 0xff, 0xa0, 0x8c, 0x5b, 0x6b, 0x01, 0x48, 0x2e, + 0x4f, 0x7f, 0xe2, 0x74, 0xc6, 0x32, 0xa7, 0x2d, + 0xdb, 0x91, 0x9b, 0x67, 0x4d, 0x71, 0xf9, 0x8c, + 0x42, 0x43, 0x75, 0x4e, 0xd0, 0x0e, 0x7c, 0xa0, + 0x97, 0x1a, 0x5f, 0x8e, 0x6f, 0xe4, 0xfa, 0x16, + 0x1d, 0x59, 0x0e, 0x0b, 0x11, 0x12, 0xa3, 0x0c, + 0xa6, 0x55, 0xe6, 0xdb, 0xa7, 0x71, 0xa6, 0xff, +}; + +static const uint8_t exp_ciphertext_rsa1024_pkcs1[] =3D { + 0x93, 0x78, 0x6a, 0x76, 0xb8, 0x94, 0xea, 0xe4, + 0x32, 0x79, 0x01, 0x8b, 0xc1, 0xcb, 0x2e, 0x2d, + 0xfe, 0xdc, 0x9b, 0xe3, 0xe9, 0x23, 0xe4, 0x0a, + 0xb0, 0x6b, 0x9f, 0x6b, 0x62, 0xf5, 0x3d, 0xf0, + 0x78, 0x84, 0x77, 0x21, 0xad, 0x0b, 0x30, 0x30, + 0x94, 0xe2, 0x18, 0xc4, 0x9b, 0x12, 0x06, 0xc8, + 0xaa, 0xf7, 0x30, 0xe4, 0xc8, 0x64, 0xe7, 0x51, + 0xf1, 0x6a, 0xe1, 0xa2, 0x58, 0x7a, 0x02, 0x9c, + 0x8e, 0xf0, 0x2d, 0x25, 0x6b, 0xb7, 0x25, 0x5e, + 0x05, 0xaf, 0x38, 0xb2, 0x69, 0x5e, 0x6c, 0x75, + 0x6e, 0x27, 0xba, 0x5d, 0x7d, 0x35, 0x72, 0xb7, + 0x25, 0xd4, 0xaa, 0xb2, 0x4b, 0x9e, 0x6b, 0x82, + 0xb2, 0x32, 0xe2, 0x13, 0x1d, 0x00, 0x21, 0x08, + 0xae, 0x14, 0xbb, 0xc0, 0x40, 0xb7, 0x0d, 0xd5, + 0x0e, 0x4d, 0x6d, 0x9a, 0x70, 0x86, 0xe9, 0xfc, + 0x67, 0x2b, 0xa4, 0x11, 0x45, 0xb6, 0xc4, 0x2f, +}; + +static const uint8_t exp_ciphertext_rsa2048_raw[] =3D { + 0x09, 0x7b, 0x9e, 0x7c, 0x10, 0x1f, 0x73, 0xb4, + 0x5f, 0xdb, 0x4f, 0x05, 0xe7, 0xfc, 0x9e, 0x35, + 0x48, 0xd8, 0xc8, 0xf5, 0xac, 0x6d, 0xb4, 0xb0, + 0xd4, 0xf7, 0x69, 0x0f, 0x30, 0x78, 0xbb, 0x55, + 0x67, 0x66, 0x66, 0x05, 0xf4, 0x77, 0xe2, 0x30, + 0xa5, 0x94, 0x10, 0xa3, 0xcb, 0xee, 0x13, 0x9f, + 0x47, 0x1b, 0x2e, 0xf9, 0xfd, 0x94, 0x09, 0xbd, + 0x26, 0x6e, 0x84, 0xc7, 0x5c, 0x42, 0x20, 0x76, + 0x72, 0x83, 0x75, 0x68, 0xa4, 0x18, 0x2d, 0x76, + 0x62, 0xc3, 0xab, 0xc0, 0xc9, 0x36, 0x59, 0xe0, + 0xa9, 0x70, 0x1f, 0xff, 0x97, 0x07, 0x0d, 0x88, + 0xc2, 0xd8, 0x51, 0x35, 0xf7, 0xb0, 0x50, 0xe4, + 0x9f, 0x3d, 0xd4, 0x71, 0x8b, 0x40, 0x89, 0x71, + 0x6c, 0xd8, 0xc2, 0x63, 0xb6, 0x3a, 0xce, 0xb1, + 0x32, 0xf1, 0xc6, 0x11, 0x31, 0x25, 0x48, 0xcf, + 0xeb, 0xbc, 0xd3, 0x9b, 0xc5, 0xbd, 0xd2, 0x57, + 0x73, 0x9b, 0x20, 0xb8, 0xdf, 0xbe, 0xb8, 0x40, + 0xb6, 0xac, 0x24, 0xdb, 0x94, 0x6a, 0x93, 0x43, + 0x4a, 0xa8, 0xa3, 0xcf, 0xd5, 0x61, 0x1b, 0x46, + 0x1d, 0x6f, 0x57, 0xec, 0xa6, 0xd0, 0x44, 0x05, + 0x48, 0xb8, 0x90, 0x80, 0x23, 0x8e, 0x5f, 0xb0, + 0x4b, 0x6f, 0xe3, 0xf9, 0xb0, 0x04, 0x60, 0xae, + 0x80, 0xcf, 0xa5, 0x5c, 0x11, 0xe4, 0xce, 0x57, + 0x5b, 0xbb, 0xde, 0x92, 0xfc, 0xe7, 0x3f, 0xe0, + 0xfc, 0x06, 0xc8, 0xf3, 0x8c, 0xac, 0x86, 0x09, + 0x31, 0xe5, 0x7e, 0xfb, 0x5d, 0xa7, 0x57, 0xf8, + 0x1d, 0x23, 0x9d, 0xa3, 0xeb, 0x53, 0x28, 0xde, + 0xbf, 0x53, 0xef, 0x35, 0x3c, 0x7e, 0x3c, 0x1b, + 0x76, 0x9d, 0x09, 0x25, 0x43, 0xd4, 0x8b, 0xca, + 0xda, 0x45, 0x5b, 0xdc, 0x9f, 0x57, 0x5a, 0x30, + 0x2e, 0xe9, 0x73, 0x68, 0x28, 0xfa, 0x40, 0xb0, + 0x7c, 0x31, 0xd7, 0x8b, 0x4e, 0x99, 0x94, 0xf1, +}; + +static const uint8_t exp_ciphertext_rsa2048_pkcs1[] =3D { + 0xa5, 0x19, 0x19, 0x34, 0xad, 0xf6, 0xd2, 0xbe, + 0xed, 0x8f, 0xe5, 0xfe, 0xa2, 0xa5, 0x20, 0x08, + 0x15, 0x53, 0x7c, 0x68, 0x28, 0xae, 0x07, 0xb2, + 0x4c, 0x5d, 0xee, 0xc1, 0xc6, 0xdc, 0xd6, 0x8b, + 0xc6, 0xba, 0x46, 0xe1, 0x16, 0xa9, 0x04, 0x72, + 0xdf, 0x8f, 0x1e, 0x97, 0x2a, 0x55, 0xe7, 0xac, + 0x08, 0x0d, 0x61, 0xe8, 0x64, 0x8b, 0x6f, 0x96, + 0x0e, 0xbb, 0x8a, 0x30, 0xb3, 0x73, 0x28, 0x61, + 0x16, 0x89, 0x90, 0x88, 0x8e, 0xda, 0x22, 0xe6, + 0x42, 0x16, 0xc7, 0xe8, 0x30, 0x0d, 0x7f, 0x44, + 0x1e, 0xef, 0xe6, 0xdb, 0x78, 0x54, 0x89, 0xa5, + 0x60, 0x67, 0xb3, 0x35, 0x2d, 0x79, 0x49, 0xcf, + 0xe6, 0x8f, 0xf3, 0x64, 0x52, 0x1c, 0x6c, 0x43, + 0x7e, 0xb0, 0xde, 0x55, 0xdf, 0xbe, 0xb7, 0xb1, + 0xdb, 0x02, 0xee, 0x76, 0x96, 0xcc, 0x0b, 0x97, + 0x8c, 0x23, 0xaa, 0x7d, 0x4c, 0x47, 0x28, 0x41, + 0x7a, 0x20, 0x39, 0x1f, 0x64, 0x0b, 0xf1, 0x74, + 0xf1, 0x29, 0xda, 0xe9, 0x3a, 0x36, 0xa6, 0x88, + 0xb8, 0xc0, 0x21, 0xb8, 0x9b, 0x5d, 0x90, 0x85, + 0xa3, 0x30, 0x61, 0x17, 0x8c, 0x74, 0x63, 0xd5, + 0x0f, 0x95, 0xdc, 0xc8, 0x4f, 0xa7, 0x24, 0x55, + 0x40, 0xe2, 0x84, 0x57, 0x65, 0x06, 0x11, 0x30, + 0x2b, 0x9e, 0x32, 0x95, 0x39, 0xf2, 0x1a, 0x3f, + 0xab, 0xcd, 0x7b, 0x7f, 0x9c, 0xf0, 0x00, 0x50, + 0x7c, 0xf4, 0xbe, 0xcb, 0x80, 0xea, 0x66, 0xba, + 0x0e, 0x7b, 0x46, 0x0b, 0x25, 0xe0, 0xc1, 0x03, + 0x29, 0x11, 0x2d, 0x69, 0x4f, 0x21, 0xa2, 0x58, + 0x37, 0x4b, 0x84, 0x15, 0xb3, 0x65, 0x3a, 0xac, + 0xd4, 0xd0, 0xf6, 0xdf, 0x4b, 0x82, 0xca, 0x9e, + 0xbb, 0xbe, 0x3c, 0x4d, 0xd5, 0xbf, 0x00, 0xd6, + 0x12, 0x48, 0x72, 0x0b, 0xc7, 0xf8, 0xe1, 0xcd, + 0xd0, 0x28, 0x03, 0x19, 0xa6, 0x06, 0x13, 0x45, +}; + +typedef struct QCryptoAkCipherTestData QCryptoAkCipherTestData; +struct QCryptoAkCipherTestData { + const char *path; + QCryptoAkCipherOptions opt; + + const uint8_t *priv_key; + size_t priv_key_len; + const uint8_t *pub_key; + size_t pub_key_len; + + const uint8_t *plaintext; + size_t plen; + const uint8_t *ciphertext; + size_t clen; + const uint8_t *dgst; + size_t dlen; + const uint8_t *signature; + size_t slen; +}; + +static QCryptoAkCipherTestData test_data[] =3D { + /* rsa1024 with raw padding */ + { + .path =3D "/crypto/akcipher/rsa1024-raw", + .opt =3D { + .alg =3D QCRYPTO_AKCIPHER_ALG_RSA, + .u.rsa =3D { + .padding_alg =3D QCRYPTO_RSA_PADDING_ALG_RAW, + }, + }, + .pub_key =3D rsa1024_public_key, + .pub_key_len =3D sizeof(rsa1024_public_key), + .priv_key =3D rsa1024_private_key, + .priv_key_len =3D sizeof(rsa1024_private_key), + + .plaintext =3D test_plaintext, + .plen =3D 128, + .ciphertext =3D exp_ciphertext_rsa1024_raw, + .clen =3D sizeof(exp_ciphertext_rsa1024_raw), + }, + + /* rsa1024 with pkcs1 padding */ + { + .path =3D "/crypto/akcipher/rsa1024-pkcs1", + .opt =3D { + .alg =3D QCRYPTO_AKCIPHER_ALG_RSA, + .u.rsa =3D { + .padding_alg =3D QCRYPTO_RSA_PADDING_ALG_PKCS1, + .hash_alg =3D QCRYPTO_HASH_ALG_SHA1, + }, + }, + .pub_key =3D rsa1024_public_key, + .pub_key_len =3D sizeof(rsa1024_public_key), + .priv_key =3D rsa1024_private_key, + .priv_key_len =3D sizeof(rsa1024_private_key), + + .plaintext =3D test_plaintext, + .plen =3D 64, + .ciphertext =3D exp_ciphertext_rsa1024_pkcs1, + .clen =3D sizeof(exp_ciphertext_rsa1024_pkcs1), + .dgst =3D test_sha1_dgst, + .dlen =3D sizeof(test_sha1_dgst), + .signature =3D exp_signature_rsa1024_pkcs1, + .slen =3D sizeof(exp_signature_rsa1024_pkcs1), + }, + + /* rsa2048 with raw padding */ + { + .path =3D "/crypto/akcipher/rsa2048-raw", + .opt =3D { + .alg =3D QCRYPTO_AKCIPHER_ALG_RSA, + .u.rsa =3D { + .padding_alg =3D QCRYPTO_RSA_PADDING_ALG_RAW, + }, + }, + .pub_key =3D rsa2048_public_key, + .pub_key_len =3D sizeof(rsa2048_public_key), + .priv_key =3D rsa2048_private_key, + .priv_key_len =3D sizeof(rsa2048_private_key), + + .plaintext =3D test_plaintext, + .plen =3D 256, + .ciphertext =3D exp_ciphertext_rsa2048_raw, + .clen =3D sizeof(exp_ciphertext_rsa2048_raw), + }, + + /* rsa2048 with pkcs1 padding */ + { + .path =3D "/crypto/akcipher/rsa2048-pkcs1", + .opt =3D { + .alg =3D QCRYPTO_AKCIPHER_ALG_RSA, + .u.rsa =3D { + .padding_alg =3D QCRYPTO_RSA_PADDING_ALG_PKCS1, + .hash_alg =3D QCRYPTO_HASH_ALG_SHA1, + }, + }, + .pub_key =3D rsa2048_public_key, + .pub_key_len =3D sizeof(rsa2048_public_key), + .priv_key =3D rsa2048_private_key, + .priv_key_len =3D sizeof(rsa2048_private_key), + + .plaintext =3D test_plaintext, + .plen =3D 128, + .ciphertext =3D exp_ciphertext_rsa2048_pkcs1, + .clen =3D sizeof(exp_ciphertext_rsa2048_pkcs1), + .dgst =3D test_sha1_dgst, + .dlen =3D sizeof(test_sha1_dgst), + .signature =3D exp_signature_rsa2048_pkcs1, + .slen =3D sizeof(exp_signature_rsa2048_pkcs1), + }, + +}; + +static void test_akcipher(const void *opaque) +{ + const QCryptoAkCipherTestData *data =3D opaque; + g_autofree uint8_t *plaintext =3D NULL; + g_autofree uint8_t *ciphertext =3D NULL; + g_autofree uint8_t *signature =3D NULL; + QCryptoAkCipher *pub_key, *priv_key; + + if (!qcrypto_akcipher_supports((QCryptoAkCipherOptions *)&data->opt)) { + return; + } + pub_key =3D qcrypto_akcipher_new(&data->opt, + QCRYPTO_AKCIPHER_KEY_TYPE_PUBLIC, + data->pub_key, data->pub_key_len, + &error_abort); + g_assert(pub_key !=3D NULL); + priv_key =3D qcrypto_akcipher_new(&data->opt, + QCRYPTO_AKCIPHER_KEY_TYPE_PRIVATE, + data->priv_key, data->priv_key_len, + &error_abort); + g_assert(priv_key !=3D NULL); + + if (data->plaintext !=3D NULL) { + + ciphertext =3D g_new0(uint8_t, data->clen); + g_assert(qcrypto_akcipher_encrypt(pub_key, data->plaintext, data->= plen, + ciphertext, data->clen, + &error_abort) > 0); + + /** + * In the asymmetric encryption algorithms, the ciphertext generat= ed + * each time may be different, here only compare the decrypted + * plaintext + */ + plaintext =3D g_new0(uint8_t, data->clen); + g_assert(qcrypto_akcipher_decrypt(priv_key, ciphertext, + data->clen, plaintext, + data->plen, + &error_abort) =3D=3D data->plen); + g_assert(!memcmp(plaintext, data->plaintext, data->plen)); + } + + if (data->signature !=3D NULL) { + signature =3D g_new(uint8_t, data->slen); + g_assert(qcrypto_akcipher_sign(priv_key, data->dgst, data->dlen, + signature, data->slen, + &error_abort) > 0); + /** + * The signature generated each time may be different, here only c= heck + * the verification. + */ + g_assert(qcrypto_akcipher_verify(pub_key, data->signature, data->s= len, + data->dgst, data->dlen, + &error_abort) =3D=3D 0); + g_assert(qcrypto_akcipher_verify(pub_key, signature, data->slen, + data->dgst, data->dlen, + &error_abort) =3D=3D 0); + ++signature[0]; + /* Here error should be ignored */ + g_assert(qcrypto_akcipher_verify(pub_key, signature, data->slen, + data->dgst, data->dlen, NULL) != =3D 0); + } + + qcrypto_akcipher_free(pub_key); + qcrypto_akcipher_free(priv_key); +} + +int main(int argc, char **argv) +{ + size_t i; + g_test_init(&argc, &argv, NULL); + g_assert(qcrypto_init(NULL) =3D=3D 0); + + for (i =3D 0; i < G_N_ELEMENTS(test_data); i++) { + g_test_add_data_func(test_data[i].path, &test_data[i], test_akciph= er); + } + + return g_test_run(); +} --=20 2.20.1 From nobody Sat Apr 20 03:09:53 2024 Delivered-To: importer@patchew.org Authentication-Results: mx.zohomail.com; dkim=pass; spf=pass (zohomail.com: domain of gnu.org designates 209.51.188.17 as permitted sender) smtp.mailfrom=qemu-devel-bounces+importer=patchew.org@nongnu.org; dmarc=fail(p=none dis=none) header.from=bytedance.com ARC-Seal: i=1; a=rsa-sha256; t=1652490544; cv=none; d=zohomail.com; s=zohoarc; b=S3lqox6gLAF4suPyXurX893o8l1u3/r525hpq9FUJr/ZBdpiA3VjG2ujmOEJx3x9ulbGmSP+ybJJrc8FdGGkBjc01+jUgT5EEz1eZjMv86aP213xoCFL8WBqRxbZvAHAodcgTuL5UVnrqq/7lcnEsBGEEhBeNRdwfrsKgdI5/ZU= ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=zohomail.com; s=zohoarc; t=1652490544; h=Content-Type:Content-Transfer-Encoding:Cc:Date:From:In-Reply-To:List-Subscribe:List-Post:List-Id:List-Archive:List-Help:List-Unsubscribe:MIME-Version:Message-ID:References:Sender:Subject:To; bh=PSxLrZH+hc3CYhkDYxfByo2A7hNKKgQ9HR81Av48tec=; b=K7KzuTMPo6Tzub+oLOBH6oXXhBqXgYNGDqASyd9mtUwJ+TahO437Hz/TNg7XBdFrC5p7qP76VA56WJnzzl0ARG13RyKDlTpqVKobrWw8l01dfGhuXYlhWrFG4hhAcquXSO03y2qYBzaSNpSVO/o5mrZWWA87YPICw0MBoy2aG8s= ARC-Authentication-Results: i=1; mx.zohomail.com; dkim=pass; spf=pass (zohomail.com: domain of gnu.org designates 209.51.188.17 as permitted sender) smtp.mailfrom=qemu-devel-bounces+importer=patchew.org@nongnu.org; dmarc=fail header.from= (p=none dis=none) Return-Path: Received: from lists.gnu.org (lists.gnu.org [209.51.188.17]) by mx.zohomail.com with SMTPS id 1652490544100812.6377910239311; Fri, 13 May 2022 18:09:04 -0700 (PDT) Received: from localhost ([::1]:53016 helo=lists1p.gnu.org) by lists.gnu.org with esmtp (Exim 4.90_1) (envelope-from ) id 1npgHG-0004Oi-UZ for importer@patchew.org; Fri, 13 May 2022 21:09:03 -0400 Received: from eggs.gnu.org ([2001:470:142:3::10]:41812) by lists.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.90_1) (envelope-from ) id 1npg8T-0002Dj-4z for qemu-devel@nongnu.org; Fri, 13 May 2022 20:59:59 -0400 Received: from mail-pf1-x434.google.com ([2607:f8b0:4864:20::434]:38853) by eggs.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_128_GCM_SHA256:128) (Exim 4.90_1) (envelope-from ) id 1npg8R-0008Tb-1f for qemu-devel@nongnu.org; Fri, 13 May 2022 20:59:56 -0400 Received: by mail-pf1-x434.google.com with SMTP id k16so2324982pff.5 for ; Fri, 13 May 2022 17:59:54 -0700 (PDT) Received: from always-x1.www.tendawifi.com ([139.177.225.239]) by smtp.gmail.com with ESMTPSA id t24-20020a170902b21800b0015e8d4eb1dbsm2466125plr.37.2022.05.13.17.59.49 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Fri, 13 May 2022 17:59:52 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=bytedance-com.20210112.gappssmtp.com; s=20210112; h=from:to:cc:subject:date:message-id:in-reply-to:references :mime-version:content-transfer-encoding; bh=PSxLrZH+hc3CYhkDYxfByo2A7hNKKgQ9HR81Av48tec=; b=jOZUlETZH5l3+AD7kz+Vb+1pUlWxlU/Mpwp0Ld3SV7OiX4YijJ6BlLR6u2YjqShbrt Oz24gRV3ZscQwh2vF301qEWXL5kXjfqWWfF4Jk/0sn4PwFwDp2/MpXsomEJq5fyYT2Pb PWdMAc0D3SwBhzJPdN2NPG/ZI0qJ4dsQl/toO4AAgEVn4WR/vW0ZkrtlhDjqUuKoGGlw GHmt7d+DxMBbRXHNKr+JqkDW+8fhSu4Iy8T1pjbCI65zNJ7dOfXtcQ2T8OnfZniPD2OT aKnZUrEibULlU3R+exeAxfAz89MY7WzLEgazB+BXDORqv3P30uycQrDNaJoSh+RBrkXf Mx8Q== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20210112; h=x-gm-message-state:from:to:cc:subject:date:message-id:in-reply-to :references:mime-version:content-transfer-encoding; bh=PSxLrZH+hc3CYhkDYxfByo2A7hNKKgQ9HR81Av48tec=; b=f8qqoU/eEvZQbj+k8gGBZk39UQo8z7BdxtHmzucCHlocKbCKoCl5Izk3N7oB7hlNrp fDp50IEa7PaUPfe2x0dUgnEzMDx1fPwUx7+c5v+P4fwZOlhxC1iSFDlGtXNHb5NU9ExJ 50h0J+4M1r7lOh3zj/EpEuYvmTBy2IpTaKove4mFNhjiM9scNzDNLPl1V7PhLntqRqxP 1PGM8+8qzdhtCjmkscgg0yvSPigo41jHK3/8NRMANCxuPTdL7hjcjsQWk+bQqo4urO1J P7rOPEClTXwvRR8hTPqAUYAhVbPxv1SIPmEg9qMj8pnzl3HVd6Qw3wu+m8FanymwnrY0 kN3A== X-Gm-Message-State: AOAM531aYvHFAr0dFRRrAA2G1/VHpcCcL79VS9eQ5auWbY8KCYI+w3NF Uy+u7U0yu8Y/5XHkTiI2ed7suw== X-Google-Smtp-Source: ABdhPJwFmzugwEvsIsh3jYonaXN8NBJb0BAw1y9+0Gw7QzkFBAhj0M/o4HTmRemabB+8CiJ83o5asA== X-Received: by 2002:a65:4cce:0:b0:3c2:6d66:f141 with SMTP id n14-20020a654cce000000b003c26d66f141mr6226159pgt.173.1652489993584; Fri, 13 May 2022 17:59:53 -0700 (PDT) From: zhenwei pi To: mst@redhat.com, arei.gonglei@huawei.com, berrange@redhat.com Cc: qemu-devel@nongnu.org, virtualization@lists.linux-foundation.org, linux-crypto@vger.kernel.org, helei.sig11@bytedance.com, jasowang@redhat.com, pizhenwei@bytedance.com, cohuck@redhat.com Subject: [PATCH v6 8/9] tests/crypto: Add test suite for RSA keys Date: Sat, 14 May 2022 08:55:03 +0800 Message-Id: <20220514005504.1042884-9-pizhenwei@bytedance.com> X-Mailer: git-send-email 2.25.1 In-Reply-To: <20220514005504.1042884-1-pizhenwei@bytedance.com> References: <20220514005504.1042884-1-pizhenwei@bytedance.com> MIME-Version: 1.0 Content-Type: text/plain; charset="utf-8" Content-Transfer-Encoding: quoted-printable Received-SPF: pass (zohomail.com: domain of gnu.org designates 209.51.188.17 as permitted sender) client-ip=209.51.188.17; envelope-from=qemu-devel-bounces+importer=patchew.org@nongnu.org; helo=lists.gnu.org; Received-SPF: pass client-ip=2607:f8b0:4864:20::434; envelope-from=pizhenwei@bytedance.com; helo=mail-pf1-x434.google.com X-Spam_score_int: -18 X-Spam_score: -1.9 X-Spam_bar: - X-Spam_report: (-1.9 / 5.0 requ) BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, RCVD_IN_DNSWL_NONE=-0.0001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001, T_SCC_BODY_TEXT_LINE=-0.01 autolearn=ham autolearn_force=no X-Spam_action: no action X-BeenThere: qemu-devel@nongnu.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: qemu-devel-bounces+importer=patchew.org@nongnu.org Sender: "Qemu-devel" X-ZohoMail-DKIM: pass (identity @bytedance-com.20210112.gappssmtp.com) X-ZM-MESSAGEID: 1652490544559100001 From: Lei He As Daniel suggested, Add tests suite for rsakey, as a way to prove that we can handle DER errors correctly. Signed-off-by: zhenwei pi Signed-off-by: lei he Reviewed-by: Daniel P. Berrang=C3=A9 --- tests/unit/test-crypto-akcipher.c | 285 +++++++++++++++++++++++++++++- 1 file changed, 282 insertions(+), 3 deletions(-) diff --git a/tests/unit/test-crypto-akcipher.c b/tests/unit/test-crypto-akc= ipher.c index b5be563884..4f1f4214dd 100644 --- a/tests/unit/test-crypto-akcipher.c +++ b/tests/unit/test-crypto-akcipher.c @@ -517,6 +517,158 @@ static const uint8_t exp_ciphertext_rsa2048_pkcs1[] = =3D { 0xd0, 0x28, 0x03, 0x19, 0xa6, 0x06, 0x13, 0x45, }; =20 +static const uint8_t rsa_private_key_lack_element[] =3D { + /* RSAPrivateKey, offset: 0, length: 176 */ + 0x30, 0x81, 0xb0, + /* version, offset: 4, length: 1 */ + 0x02, 0x01, 0x00, + /* n, offset: 7, length: 65 */ + 0x02, 0x41, + 0x00, 0xb9, 0xe1, 0x22, 0xdb, 0x56, 0x2f, 0xb6, + 0xf7, 0xf0, 0x0a, 0x87, 0x43, 0x07, 0x12, 0xdb, + 0x6d, 0xb6, 0x2b, 0x41, 0x8d, 0x2c, 0x3c, 0xa5, + 0xdd, 0x78, 0x9a, 0x8f, 0xab, 0x8e, 0xf2, 0x4a, + 0xc8, 0x34, 0x0c, 0x12, 0x4f, 0x11, 0x90, 0xc6, + 0xc2, 0xa5, 0xd0, 0xcd, 0xfb, 0xfc, 0x2c, 0x95, + 0x56, 0x82, 0xdf, 0x39, 0xf3, 0x3b, 0x1d, 0x62, + 0x26, 0x97, 0xb7, 0x93, 0x25, 0xc7, 0xec, 0x7e, + 0xf7, + /* e, offset: 74, length: 3 */ + 0x02, 0x03, 0x01, 0x00, 0x01, + /* d, offset: 79, length: 64 */ + 0x02, 0x40, + 0x1e, 0x80, 0xfe, 0xda, 0x65, 0xdb, 0x70, 0xb8, + 0x61, 0x91, 0x28, 0xbf, 0x6c, 0x32, 0xc1, 0x05, + 0xd1, 0x26, 0x6a, 0x1c, 0x83, 0xcc, 0xf4, 0x1f, + 0x53, 0x42, 0x72, 0x1f, 0x62, 0x57, 0x0a, 0xc4, + 0x66, 0x76, 0x30, 0x87, 0xb9, 0xb1, 0xb9, 0x6a, + 0x63, 0xfd, 0x8f, 0x3e, 0xfc, 0x35, 0x3f, 0xd6, + 0x2e, 0x6c, 0xc8, 0x70, 0x8a, 0x17, 0xc1, 0x28, + 0x6a, 0xfe, 0x51, 0x56, 0xb3, 0x92, 0x6f, 0x09, + /* p, offset: 145, length: 33 */ + 0x02, 0x21, + 0x00, 0xe3, 0x2e, 0x2d, 0x8d, 0xba, 0x1c, 0x34, + 0x4c, 0x49, 0x9f, 0xc1, 0xa6, 0xdd, 0xd7, 0x13, + 0x8d, 0x05, 0x48, 0xdd, 0xff, 0x5c, 0x30, 0xbc, + 0x6b, 0xc4, 0x18, 0x9d, 0xfc, 0xa2, 0xd0, 0x9b, + 0x4d, + /* q, offset: 180, length: 33 */ + 0x02, 0x21, + 0x00, 0xd1, 0x75, 0xaf, 0x4b, 0xc6, 0x1a, 0xb0, + 0x98, 0x14, 0x42, 0xae, 0x33, 0xf3, 0x44, 0xde, + 0x21, 0xcb, 0x04, 0xda, 0xfb, 0x1e, 0x35, 0x92, + 0xcd, 0x69, 0xc0, 0x83, 0x06, 0x83, 0x8e, 0x39, + 0x53, + /* lack element: dp, dq, u */ +}; + +static const uint8_t rsa_public_key_lack_element[] =3D { + /* RSAPublicKey, offset: 0, length: 67 */ + 0x30, 0x81, 0x43, + /* n, offset: 7, length: 65 */ + 0x02, 0x41, + 0x00, 0xb9, 0xe1, 0x22, 0xdb, 0x56, 0x2f, 0xb6, + 0xf7, 0xf0, 0x0a, 0x87, 0x43, 0x07, 0x12, 0xdb, + 0x6d, 0xb6, 0x2b, 0x41, 0x8d, 0x2c, 0x3c, 0xa5, + 0xdd, 0x78, 0x9a, 0x8f, 0xab, 0x8e, 0xf2, 0x4a, + 0xc8, 0x34, 0x0c, 0x12, 0x4f, 0x11, 0x90, 0xc6, + 0xc2, 0xa5, 0xd0, 0xcd, 0xfb, 0xfc, 0x2c, 0x95, + 0x56, 0x82, 0xdf, 0x39, 0xf3, 0x3b, 0x1d, 0x62, + 0x26, 0x97, 0xb7, 0x93, 0x25, 0xc7, 0xec, 0x7e, + 0xf7, + /* lack element: e */ +}; + +static const uint8_t rsa_public_key_empty_element[] =3D { + /* RSAPublicKey, offset: 0, length: 69 */ + 0x30, 0x81, 0x45, + /* n, offset: 7, length: 65 */ + 0x02, 0x41, + 0x00, 0xb9, 0xe1, 0x22, 0xdb, 0x56, 0x2f, 0xb6, + 0xf7, 0xf0, 0x0a, 0x87, 0x43, 0x07, 0x12, 0xdb, + 0x6d, 0xb6, 0x2b, 0x41, 0x8d, 0x2c, 0x3c, 0xa5, + 0xdd, 0x78, 0x9a, 0x8f, 0xab, 0x8e, 0xf2, 0x4a, + 0xc8, 0x34, 0x0c, 0x12, 0x4f, 0x11, 0x90, 0xc6, + 0xc2, 0xa5, 0xd0, 0xcd, 0xfb, 0xfc, 0x2c, 0x95, + 0x56, 0x82, 0xdf, 0x39, 0xf3, 0x3b, 0x1d, 0x62, + 0x26, 0x97, 0xb7, 0x93, 0x25, 0xc7, 0xec, 0x7e, + 0xf7, + /* e: empty element */ + 0x02, 0x00, +}; + +static const uint8_t rsa_private_key_empty_element[] =3D { + /* RSAPrivateKey, offset: 0, length: 19 */ + 0x30, 0x81, 0x13, + /* version, offset: 4, length: 1 */ + 0x02, 0x01, 0x00, + /* n: empty element */ + 0x02, 0x00, + /* e: empty element */ + 0x02, 0x00, + /* d: empty element */ + 0x02, 0x00, + /* p: empty element */ + 0x02, 0x00, + /* q: empty element */ + 0x02, 0x00, + /* dp: empty element */ + 0x02, 0x00, + /* dq: empty element */ + 0x02, 0x00, + /* u: empty element */ + 0x02, 0x00, +}; + +static const uint8_t rsa_public_key_invalid_length_val[] =3D { + /* RSAPublicKey, INVALID length: 313 */ + 0x30, 0x82, 0x01, 0x39, + /* n, offset: 7, length: 65 */ + 0x02, 0x41, + 0x00, 0xb9, 0xe1, 0x22, 0xdb, 0x56, 0x2f, 0xb6, + 0xf7, 0xf0, 0x0a, 0x87, 0x43, 0x07, 0x12, 0xdb, + 0x6d, 0xb6, 0x2b, 0x41, 0x8d, 0x2c, 0x3c, 0xa5, + 0xdd, 0x78, 0x9a, 0x8f, 0xab, 0x8e, 0xf2, 0x4a, + 0xc8, 0x34, 0x0c, 0x12, 0x4f, 0x11, 0x90, 0xc6, + 0xc2, 0xa5, 0xd0, 0xcd, 0xfb, 0xfc, 0x2c, 0x95, + 0x56, 0x82, 0xdf, 0x39, 0xf3, 0x3b, 0x1d, 0x62, + 0x26, 0x97, 0xb7, 0x93, 0x25, 0xc7, 0xec, 0x7e, + 0xf7, + /* e, */ + 0x02, 0x03, 0x01, 0x00, 0x01, /* INTEGER, offset: 74, length: 3 */ +}; + +static const uint8_t rsa_public_key_extra_elem[] =3D { + /* RSAPublicKey, length: 80 */ + 0x30, 0x81, 0x50, + /* n, offset: 7, length: 65 */ + 0x02, 0x41, + 0x00, 0xb9, 0xe1, 0x22, 0xdb, 0x56, 0x2f, 0xb6, + 0xf7, 0xf0, 0x0a, 0x87, 0x43, 0x07, 0x12, 0xdb, + 0x6d, 0xb6, 0x2b, 0x41, 0x8d, 0x2c, 0x3c, 0xa5, + 0xdd, 0x78, 0x9a, 0x8f, 0xab, 0x8e, 0xf2, 0x4a, + 0xc8, 0x34, 0x0c, 0x12, 0x4f, 0x11, 0x90, 0xc6, + 0xc2, 0xa5, 0xd0, 0xcd, 0xfb, 0xfc, 0x2c, 0x95, + 0x56, 0x82, 0xdf, 0x39, 0xf3, 0x3b, 0x1d, 0x62, + 0x26, 0x97, 0xb7, 0x93, 0x25, 0xc7, 0xec, 0x7e, + 0xf7, + /* e, offset: 74, length: 3 */ + 0x02, 0x03, 0x01, 0x00, 0x01, + /* Additional integer field, length 3 */ + 0x02, 0x06, 0xe1, 0x22, 0xdb, 0xe1, 0x22, 0xdb, +}; + +typedef struct QCryptoRSAKeyTestData QCryptoRSAKeyTestData; +struct QCryptoRSAKeyTestData { + const char *path; + QCryptoAkCipherKeyType key_type; + QCryptoAkCipherOptions opt; + const uint8_t *key; + size_t keylen; + bool is_valid_key; + size_t exp_key_len; +}; + typedef struct QCryptoAkCipherTestData QCryptoAkCipherTestData; struct QCryptoAkCipherTestData { const char *path; @@ -537,7 +689,98 @@ struct QCryptoAkCipherTestData { size_t slen; }; =20 -static QCryptoAkCipherTestData test_data[] =3D { +static QCryptoRSAKeyTestData rsakey_test_data[] =3D { + { + .path =3D "/crypto/akcipher/rsakey-1024-public", + .key_type =3D QCRYPTO_AKCIPHER_KEY_TYPE_PUBLIC, + .key =3D rsa1024_public_key, + .keylen =3D sizeof(rsa1024_public_key), + .is_valid_key =3D true, + .exp_key_len =3D 128, + }, + { + .path =3D "/crypto/akcipher/rsakey-1024-private", + .key_type =3D QCRYPTO_AKCIPHER_KEY_TYPE_PRIVATE, + .key =3D rsa1024_private_key, + .keylen =3D sizeof(rsa1024_private_key), + .is_valid_key =3D true, + .exp_key_len =3D 128, + }, + { + .path =3D "/crypto/akcipher/rsakey-2048-public", + .key_type =3D QCRYPTO_AKCIPHER_KEY_TYPE_PUBLIC, + .key =3D rsa2048_public_key, + .keylen =3D sizeof(rsa2048_public_key), + .is_valid_key =3D true, + .exp_key_len =3D 256, + }, + { + .path =3D "/crypto/akcipher/rsakey-2048-private", + .key_type =3D QCRYPTO_AKCIPHER_KEY_TYPE_PRIVATE, + .key =3D rsa2048_private_key, + .keylen =3D sizeof(rsa2048_private_key), + .is_valid_key =3D true, + .exp_key_len =3D 256, + }, + { + .path =3D "/crypto/akcipher/rsakey-public-lack-elem", + .key_type =3D QCRYPTO_AKCIPHER_KEY_TYPE_PUBLIC, + .key =3D rsa_public_key_lack_element, + .keylen =3D sizeof(rsa_public_key_lack_element), + .is_valid_key =3D false, + }, + { + .path =3D "/crypto/akcipher/rsakey-private-lack-elem", + .key_type =3D QCRYPTO_AKCIPHER_KEY_TYPE_PRIVATE, + .key =3D rsa_private_key_lack_element, + .keylen =3D sizeof(rsa_private_key_lack_element), + .is_valid_key =3D false, + }, + { + .path =3D "/crypto/akcipher/rsakey-public-empty-elem", + .key_type =3D QCRYPTO_AKCIPHER_KEY_TYPE_PUBLIC, + .key =3D rsa_public_key_empty_element, + .keylen =3D sizeof(rsa_public_key_empty_element), + .is_valid_key =3D false, + }, + { + .path =3D "/crypto/akcipher/rsakey-private-empty-elem", + .key_type =3D QCRYPTO_AKCIPHER_KEY_TYPE_PRIVATE, + .key =3D rsa_private_key_empty_element, + .keylen =3D sizeof(rsa_private_key_empty_element), + .is_valid_key =3D false, + }, + { + .path =3D "/crypto/akcipher/rsakey-public-empty-key", + .key_type =3D QCRYPTO_AKCIPHER_KEY_TYPE_PUBLIC, + .key =3D NULL, + .keylen =3D 0, + .is_valid_key =3D false, + }, + { + .path =3D "/crypto/akcipher/rsakey-private-empty-key", + .key_type =3D QCRYPTO_AKCIPHER_KEY_TYPE_PRIVATE, + .key =3D NULL, + .keylen =3D 0, + .is_valid_key =3D false, + }, + { + .path =3D "/crypto/akcipher/rsakey-public-invalid-length-val", + .key_type =3D QCRYPTO_AKCIPHER_KEY_TYPE_PUBLIC, + .key =3D rsa_public_key_invalid_length_val, + .keylen =3D sizeof(rsa_public_key_invalid_length_val), + .is_valid_key =3D false, + }, + { + .path =3D "/crypto/akcipher/rsakey-public-extra-elem", + .key_type =3D QCRYPTO_AKCIPHER_KEY_TYPE_PUBLIC, + .key =3D rsa_public_key_extra_elem, + .keylen =3D sizeof(rsa_public_key_extra_elem), + .is_valid_key =3D false, + }, +}; + +static QCryptoAkCipherTestData akcipher_test_data[] =3D { /* rsa1024 with raw padding */ { .path =3D "/crypto/akcipher/rsa1024-raw", @@ -697,14 +940,50 @@ static void test_akcipher(const void *opaque) qcrypto_akcipher_free(priv_key); } =20 +static void test_rsakey(const void *opaque) +{ + const QCryptoRSAKeyTestData *data =3D (const QCryptoRSAKeyTestData *)o= paque; + QCryptoAkCipherOptions opt =3D { + .alg =3D QCRYPTO_AKCIPHER_ALG_RSA, + .u.rsa =3D { + .padding_alg =3D QCRYPTO_RSA_PADDING_ALG_PKCS1, + .hash_alg =3D QCRYPTO_HASH_ALG_SHA1, + } + }; + g_autoptr(QCryptoAkCipher) key =3D qcrypto_akcipher_new( + &opt, data->key_type, data->key, data->keylen, NULL); + + if (!qcrypto_akcipher_supports(&opt)) { + return; + } + + if (!data->is_valid_key) { + g_assert(key =3D=3D NULL); + return; + } + + g_assert(key !=3D NULL); + g_assert(qcrypto_akcipher_max_ciphertext_len(key) =3D=3D data->exp_key= _len); + g_assert(qcrypto_akcipher_max_plaintext_len(key) =3D=3D data->exp_key_= len); + g_assert(qcrypto_akcipher_max_signature_len(key) =3D=3D data->exp_key_= len); + g_assert(qcrypto_akcipher_max_dgst_len(key) =3D=3D data->exp_key_len); +} + int main(int argc, char **argv) { size_t i; g_test_init(&argc, &argv, NULL); g_assert(qcrypto_init(NULL) =3D=3D 0); =20 - for (i =3D 0; i < G_N_ELEMENTS(test_data); i++) { - g_test_add_data_func(test_data[i].path, &test_data[i], test_akciph= er); + for (i =3D 0; i < G_N_ELEMENTS(akcipher_test_data); i++) { + g_test_add_data_func(akcipher_test_data[i].path, + &akcipher_test_data[i], + test_akcipher); + } + for (i =3D 0; i < G_N_ELEMENTS(rsakey_test_data); i++) { + g_test_add_data_func(rsakey_test_data[i].path, + &rsakey_test_data[i], + test_rsakey); } =20 return g_test_run(); --=20 2.20.1 From nobody Sat Apr 20 03:09:53 2024 Delivered-To: importer@patchew.org Authentication-Results: mx.zohomail.com; dkim=pass; spf=pass (zohomail.com: domain of gnu.org designates 209.51.188.17 as permitted sender) smtp.mailfrom=qemu-devel-bounces+importer=patchew.org@nongnu.org; dmarc=fail(p=none dis=none) header.from=bytedance.com ARC-Seal: i=1; a=rsa-sha256; t=1652490920; cv=none; d=zohomail.com; s=zohoarc; b=fmFcoEkhISIs4JAyGZ/nOQklehKrv23GCTSNwQVG++XDV1SZ2sOMw1I09ZQlpr0U+ExxGD54hU3tPMhIWFzPE/otyMdCyTQTGtRyXh7AfqZrdhMj7ThNdWJJcP8/qrOQVCx5+BVvoZM8eOzDZ64mHdVp2/hojZCYIzVooHW1U0k= ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=zohomail.com; s=zohoarc; t=1652490920; h=Content-Transfer-Encoding:Cc:Date:From:In-Reply-To:List-Subscribe:List-Post:List-Id:List-Archive:List-Help:List-Unsubscribe:MIME-Version:Message-ID:References:Sender:Subject:To; bh=sNR0XFHg8nOFyD/okexidlo28c+xwasNHBdex9dNqEc=; b=DyoGLdkVNbzegog01dLKPp3LWY2PoW8NjbK6IKoTofC6vq0CLFiBo8Ds7foVk5ce/+FZxmOZ3Cb70VSkDIpDjq5AsmpMpIrcidwUhJ+WV7r/Iz1vDlrJ8KmiIFfCggpuKw7k7hr8/Y66COwo5gm+oYV/T9oRdZhdTQ8tRg50M9E= ARC-Authentication-Results: i=1; mx.zohomail.com; dkim=pass; spf=pass (zohomail.com: domain of gnu.org designates 209.51.188.17 as permitted sender) smtp.mailfrom=qemu-devel-bounces+importer=patchew.org@nongnu.org; dmarc=fail header.from= (p=none dis=none) Return-Path: Received: from lists.gnu.org (lists.gnu.org [209.51.188.17]) by mx.zohomail.com with SMTPS id 1652490920692306.05650553324335; Fri, 13 May 2022 18:15:20 -0700 (PDT) Received: from localhost ([::1]:35110 helo=lists1p.gnu.org) by lists.gnu.org with esmtp (Exim 4.90_1) (envelope-from ) id 1npgNL-0003jm-5N for importer@patchew.org; Fri, 13 May 2022 21:15:19 -0400 Received: from eggs.gnu.org ([2001:470:142:3::10]:41828) by lists.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.90_1) (envelope-from ) id 1npg8Z-0002G7-Bo for qemu-devel@nongnu.org; Fri, 13 May 2022 21:00:03 -0400 Received: from mail-pg1-x52a.google.com ([2607:f8b0:4864:20::52a]:39532) by eggs.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_128_GCM_SHA256:128) (Exim 4.90_1) (envelope-from ) id 1npg8V-0008UF-CP for qemu-devel@nongnu.org; Fri, 13 May 2022 21:00:03 -0400 Received: by mail-pg1-x52a.google.com with SMTP id a19so8753591pgw.6 for ; Fri, 13 May 2022 17:59:59 -0700 (PDT) Received: from always-x1.www.tendawifi.com ([139.177.225.239]) by smtp.gmail.com with ESMTPSA id t24-20020a170902b21800b0015e8d4eb1dbsm2466125plr.37.2022.05.13.17.59.53 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Fri, 13 May 2022 17:59:57 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=bytedance-com.20210112.gappssmtp.com; s=20210112; h=from:to:cc:subject:date:message-id:in-reply-to:references :mime-version:content-transfer-encoding; bh=sNR0XFHg8nOFyD/okexidlo28c+xwasNHBdex9dNqEc=; b=ghAPw6csOqoMUjvek1KjGaMpvQUdedSCIQTRFk4Wz7R8mpIlvTX5+QM6Yur20vdBPO ZgWHGI3mixK/nBZGsmKwN21iBreLZ0nw9iob87VV7XLGoXqg++O3wE2aNLEOQBfRE5ZC 4yKVTCk9lC2bZIQle+VVP0u1IiOHScYpoO1JepkKn7YNTcHv9E5qIYPMTvzU3JEFvetH iYGqU5y5QtrkK7/edgRKDZUk6l7whRUZwNJdZkq9DoqHo5nyarVBWgHmidiMb7dvVLyb 7G4iX6zS+14mUUm8tk7DcXCbj9qBlIDzaM66Y/dvU+stJ9a2U3W3bCjtSJmA/6r5NKBb caOQ== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20210112; h=x-gm-message-state:from:to:cc:subject:date:message-id:in-reply-to :references:mime-version:content-transfer-encoding; bh=sNR0XFHg8nOFyD/okexidlo28c+xwasNHBdex9dNqEc=; b=hhcztSJQNTm9zOoTyVB+3qRIoM6tlHs+iH8lwUCcrtjocAnF7KqqU+Djrf3b4/AWvm TQRQFh3IoRoxuLNIHh7gtVPutFTc24sNBqmSrHxLyRouQVPrheBUdNTT4dRSWnGwMA6I FbaO77DVFWIpKKL7F4jv/Q64rCwK/juH4yK9ejl5hLAjrV/6Fs6gADl3lby2ciGLXaQj VqqPLNT5SIdvFikBa/Xf8Z15yVx1PxAyum52OjtuM2nfLX2aCyW4i5nWugocQ2Y6CPsW A8SOxksaenjLxROi381Tpj7gCACYSgRWaYMQrJTSFXtCdTzeBuJYJ9NeGP8OiIYQEKu/ 6z3Q== X-Gm-Message-State: AOAM533KGMsvuXRWneR9wP/fGHQTPzV2R6eTOaxthmlD82eWc8CzPnzt Ts7TsEmHI5AlaNjnjhb8UWzMwA== X-Google-Smtp-Source: ABdhPJyuzZlhqmytOT0oyd9JSr/jrs0W8THeZOBij389VycNh6FHIiSCpYBdg98ZRaShSsn34IL+7g== X-Received: by 2002:aa7:8215:0:b0:4f7:125a:c88c with SMTP id k21-20020aa78215000000b004f7125ac88cmr6969579pfi.70.1652489997907; Fri, 13 May 2022 17:59:57 -0700 (PDT) From: zhenwei pi To: mst@redhat.com, arei.gonglei@huawei.com, berrange@redhat.com Cc: qemu-devel@nongnu.org, virtualization@lists.linux-foundation.org, linux-crypto@vger.kernel.org, helei.sig11@bytedance.com, jasowang@redhat.com, pizhenwei@bytedance.com, cohuck@redhat.com Subject: [PATCH v6 9/9] crypto: Introduce RSA algorithm Date: Sat, 14 May 2022 08:55:04 +0800 Message-Id: <20220514005504.1042884-10-pizhenwei@bytedance.com> X-Mailer: git-send-email 2.25.1 In-Reply-To: <20220514005504.1042884-1-pizhenwei@bytedance.com> References: <20220514005504.1042884-1-pizhenwei@bytedance.com> MIME-Version: 1.0 Content-Transfer-Encoding: quoted-printable Received-SPF: pass (zohomail.com: domain of gnu.org designates 209.51.188.17 as permitted sender) client-ip=209.51.188.17; envelope-from=qemu-devel-bounces+importer=patchew.org@nongnu.org; helo=lists.gnu.org; Received-SPF: pass client-ip=2607:f8b0:4864:20::52a; envelope-from=pizhenwei@bytedance.com; helo=mail-pg1-x52a.google.com X-Spam_score_int: -18 X-Spam_score: -1.9 X-Spam_bar: - X-Spam_report: (-1.9 / 5.0 requ) BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, RCVD_IN_DNSWL_NONE=-0.0001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001, T_SCC_BODY_TEXT_LINE=-0.01 autolearn=ham autolearn_force=no X-Spam_action: no action X-BeenThere: qemu-devel@nongnu.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: qemu-devel-bounces+importer=patchew.org@nongnu.org Sender: "Qemu-devel" X-ZohoMail-DKIM: pass (identity @bytedance-com.20210112.gappssmtp.com) X-ZM-MESSAGEID: 1652490923195100001 Content-Type: text/plain; charset="utf-8" There are two parts in this patch: 1, support akcipher service by cryptodev-builtin driver 2, virtio-crypto driver supports akcipher service In principle, we should separate this into two patches, to avoid compiling error, merge them into one. Then virtio-crypto gets request from guest side, and forwards the request to builtin driver to handle it. Test with a guest linux: 1, The self-test framework of crypto layer works fine in guest kernel 2, Test with Linux guest(with asym support), the following script test(note that pkey_XXX is supported only in a newer version of keyutils): - both public key & private key - create/close session - encrypt/decrypt/sign/verify basic driver operation - also test with kernel crypto layer(pkey add/query) All the cases work fine. Run script in guest: rm -rf *.der *.pem *.pfx modprobe pkcs8_key_parser # if CONFIG_PKCS8_PRIVATE_KEY_PARSER=3Dm rm -rf /tmp/data dd if=3D/dev/random of=3D/tmp/data count=3D1 bs=3D20 openssl req -nodes -x509 -newkey rsa:2048 -keyout key.pem -out cert.pem -su= bj "/C=3DCN/ST=3DBJ/L=3DHD/O=3Dqemu/OU=3Ddev/CN=3Dqemu/emailAddress=3Dqemu@= qemu.org" openssl pkcs8 -in key.pem -topk8 -nocrypt -outform DER -out key.der openssl x509 -in cert.pem -inform PEM -outform DER -out cert.der PRIV_KEY_ID=3D`cat key.der | keyctl padd asymmetric test_priv_key @s` echo "priv key id =3D "$PRIV_KEY_ID PUB_KEY_ID=3D`cat cert.der | keyctl padd asymmetric test_pub_key @s` echo "pub key id =3D "$PUB_KEY_ID keyctl pkey_query $PRIV_KEY_ID 0 keyctl pkey_query $PUB_KEY_ID 0 echo "Enc with priv key..." keyctl pkey_encrypt $PRIV_KEY_ID 0 /tmp/data enc=3Dpkcs1 >/tmp/enc.priv echo "Dec with pub key..." keyctl pkey_decrypt $PRIV_KEY_ID 0 /tmp/enc.priv enc=3Dpkcs1 >/tmp/dec cmp /tmp/data /tmp/dec echo "Sign with priv key..." keyctl pkey_sign $PRIV_KEY_ID 0 /tmp/data enc=3Dpkcs1 hash=3Dsha1 > /tmp/sig echo "Verify with pub key..." keyctl pkey_verify $PRIV_KEY_ID 0 /tmp/data /tmp/sig enc=3Dpkcs1 hash=3Dsha1 echo "Enc with pub key..." keyctl pkey_encrypt $PUB_KEY_ID 0 /tmp/data enc=3Dpkcs1 >/tmp/enc.pub echo "Dec with priv key..." keyctl pkey_decrypt $PRIV_KEY_ID 0 /tmp/enc.pub enc=3Dpkcs1 >/tmp/dec cmp /tmp/data /tmp/dec echo "Verify with pub key..." keyctl pkey_verify $PUB_KEY_ID 0 /tmp/data /tmp/sig enc=3Dpkcs1 hash=3Dsha1 Signed-off-by: zhenwei pi Signed-off-by: lei he conf.crypto_services =3D 1u << VIRTIO_CRYPTO_SERVICE_CIPHER | 1u << VIRTIO_CRYPTO_SERVICE_HASH | - 1u << VIRTIO_CRYPTO_SERVICE_MAC; + 1u << VIRTIO_CRYPTO_SERVICE_MAC | + 1u << VIRTIO_CRYPTO_SERVICE_AKCIPHER; backend->conf.cipher_algo_l =3D 1u << VIRTIO_CRYPTO_CIPHER_AES_CBC; backend->conf.hash_algo =3D 1u << VIRTIO_CRYPTO_HASH_SHA1; + backend->conf.akcipher_algo =3D 1u << VIRTIO_CRYPTO_AKCIPHER_RSA; /* * Set the Maximum length of crypto request. * Why this value? Just avoid to overflow when * memory allocation for each crypto request. */ - backend->conf.max_size =3D LONG_MAX - sizeof(CryptoDevBackendSymOpInfo= ); + backend->conf.max_size =3D LONG_MAX - sizeof(CryptoDevBackendOpInfo); backend->conf.max_cipher_key_len =3D CRYPTODEV_BUITLIN_MAX_CIPHER_KEY_= LEN; backend->conf.max_auth_key_len =3D CRYPTODEV_BUITLIN_MAX_AUTH_KEY_LEN; =20 @@ -148,6 +152,53 @@ err: return -1; } =20 +static int cryptodev_builtin_get_rsa_hash_algo( + int virtio_rsa_hash, Error **errp) +{ + switch (virtio_rsa_hash) { + case VIRTIO_CRYPTO_RSA_MD5: + return QCRYPTO_HASH_ALG_MD5; + + case VIRTIO_CRYPTO_RSA_SHA1: + return QCRYPTO_HASH_ALG_SHA1; + + case VIRTIO_CRYPTO_RSA_SHA256: + return QCRYPTO_HASH_ALG_SHA256; + + case VIRTIO_CRYPTO_RSA_SHA512: + return QCRYPTO_HASH_ALG_SHA512; + + default: + error_setg(errp, "Unsupported rsa hash algo: %d", virtio_rsa_hash); + return -1; + } +} + +static int cryptodev_builtin_set_rsa_options( + int virtio_padding_algo, + int virtio_hash_algo, + QCryptoAkCipherOptionsRSA *opt, + Error **errp) +{ + if (virtio_padding_algo =3D=3D VIRTIO_CRYPTO_RSA_PKCS1_PADDING) { + opt->padding_alg =3D QCRYPTO_RSA_PADDING_ALG_PKCS1; + opt->hash_alg =3D + cryptodev_builtin_get_rsa_hash_algo(virtio_hash_algo, errp); + if (opt->hash_alg < 0) { + return -1; + } + return 0; + } + + if (virtio_padding_algo =3D=3D VIRTIO_CRYPTO_RSA_RAW_PADDING) { + opt->padding_alg =3D QCRYPTO_RSA_PADDING_ALG_RAW; + return 0; + } + + error_setg(errp, "Unsupported rsa padding algo: %d", virtio_padding_al= go); + return -1; +} + static int cryptodev_builtin_create_cipher_session( CryptoDevBackendBuiltin *builtin, CryptoDevBackendSymSessionInfo *sess_info, @@ -240,26 +291,89 @@ static int cryptodev_builtin_create_cipher_session( return index; } =20 -static int64_t cryptodev_builtin_sym_create_session( +static int cryptodev_builtin_create_akcipher_session( + CryptoDevBackendBuiltin *builtin, + CryptoDevBackendAsymSessionInfo *sess_info, + Error **errp) +{ + CryptoDevBackendBuiltinSession *sess; + QCryptoAkCipher *akcipher; + int index; + QCryptoAkCipherKeyType type; + QCryptoAkCipherOptions opts; + + switch (sess_info->algo) { + case VIRTIO_CRYPTO_AKCIPHER_RSA: + opts.alg =3D QCRYPTO_AKCIPHER_ALG_RSA; + if (cryptodev_builtin_set_rsa_options(sess_info->u.rsa.padding_alg= o, + sess_info->u.rsa.hash_algo, &opts.u.rsa, errp) !=3D 0) { + return -1; + } + break; + + /* TODO support DSA&ECDSA until qemu crypto framework support these */ + + default: + error_setg(errp, "Unsupported akcipher alg %u", sess_info->algo); + return -1; + } + + switch (sess_info->keytype) { + case VIRTIO_CRYPTO_AKCIPHER_KEY_TYPE_PUBLIC: + type =3D QCRYPTO_AKCIPHER_KEY_TYPE_PUBLIC; + break; + + case VIRTIO_CRYPTO_AKCIPHER_KEY_TYPE_PRIVATE: + type =3D QCRYPTO_AKCIPHER_KEY_TYPE_PRIVATE; + break; + + default: + error_setg(errp, "Unsupported akcipher keytype %u", sess_info->key= type); + return -1; + } + + index =3D cryptodev_builtin_get_unused_session_index(builtin); + if (index < 0) { + error_setg(errp, "Total number of sessions created exceeds %u", + MAX_NUM_SESSIONS); + return -1; + } + + akcipher =3D qcrypto_akcipher_new(&opts, type, sess_info->key, + sess_info->keylen, errp); + if (!akcipher) { + return -1; + } + + sess =3D g_new0(CryptoDevBackendBuiltinSession, 1); + sess->akcipher =3D akcipher; + + builtin->sessions[index] =3D sess; + + return index; +} + +static int64_t cryptodev_builtin_create_session( CryptoDevBackend *backend, - CryptoDevBackendSymSessionInfo *sess_info, + CryptoDevBackendSessionInfo *sess_info, uint32_t queue_index, Error **errp) { CryptoDevBackendBuiltin *builtin =3D CRYPTODEV_BACKEND_BUILTIN(backend); - int64_t session_id =3D -1; - int ret; + CryptoDevBackendSymSessionInfo *sym_sess_info; + CryptoDevBackendAsymSessionInfo *asym_sess_info; =20 switch (sess_info->op_code) { case VIRTIO_CRYPTO_CIPHER_CREATE_SESSION: - ret =3D cryptodev_builtin_create_cipher_session( - builtin, sess_info, errp); - if (ret < 0) { - return ret; - } else { - session_id =3D ret; - } - break; + sym_sess_info =3D &sess_info->u.sym_sess_info; + return cryptodev_builtin_create_cipher_session( + builtin, sym_sess_info, errp); + + case VIRTIO_CRYPTO_AKCIPHER_CREATE_SESSION: + asym_sess_info =3D &sess_info->u.asym_sess_info; + return cryptodev_builtin_create_akcipher_session( + builtin, asym_sess_info, errp); + case VIRTIO_CRYPTO_HASH_CREATE_SESSION: case VIRTIO_CRYPTO_MAC_CREATE_SESSION: default: @@ -268,50 +382,44 @@ static int64_t cryptodev_builtin_sym_create_session( return -1; } =20 - return session_id; + return -1; } =20 -static int cryptodev_builtin_sym_close_session( +static int cryptodev_builtin_close_session( CryptoDevBackend *backend, uint64_t session_id, uint32_t queue_index, Error **errp) { CryptoDevBackendBuiltin *builtin =3D CRYPTODEV_BACKEND_BUILTIN(backend); + CryptoDevBackendBuiltinSession *session; =20 assert(session_id < MAX_NUM_SESSIONS && builtin->sessions[session_id]); =20 - qcrypto_cipher_free(builtin->sessions[session_id]->cipher); - g_free(builtin->sessions[session_id]); + session =3D builtin->sessions[session_id]; + if (session->cipher) { + qcrypto_cipher_free(session->cipher); + } else if (session->akcipher) { + qcrypto_akcipher_free(session->akcipher); + } + + g_free(session); builtin->sessions[session_id] =3D NULL; return 0; } =20 static int cryptodev_builtin_sym_operation( - CryptoDevBackend *backend, - CryptoDevBackendSymOpInfo *op_info, - uint32_t queue_index, Error **errp) + CryptoDevBackendBuiltinSession *sess, + CryptoDevBackendSymOpInfo *op_info, Error **errp) { - CryptoDevBackendBuiltin *builtin =3D - CRYPTODEV_BACKEND_BUILTIN(backend); - CryptoDevBackendBuiltinSession *sess; int ret; =20 - if (op_info->session_id >=3D MAX_NUM_SESSIONS || - builtin->sessions[op_info->session_id] =3D=3D NULL) { - error_setg(errp, "Cannot find a valid session id: %" PRIu64 "", - op_info->session_id); - return -VIRTIO_CRYPTO_INVSESS; - } - if (op_info->op_type =3D=3D VIRTIO_CRYPTO_SYM_OP_ALGORITHM_CHAINING) { error_setg(errp, "Algorithm chain is unsupported for cryptdoev-builtin"); return -VIRTIO_CRYPTO_NOTSUPP; } =20 - sess =3D builtin->sessions[op_info->session_id]; - if (op_info->iv_len > 0) { ret =3D qcrypto_cipher_setiv(sess->cipher, op_info->iv, op_info->iv_len, errp); @@ -333,9 +441,95 @@ static int cryptodev_builtin_sym_operation( return -VIRTIO_CRYPTO_ERR; } } + + return VIRTIO_CRYPTO_OK; +} + +static int cryptodev_builtin_asym_operation( + CryptoDevBackendBuiltinSession *sess, uint32_t op_code, + CryptoDevBackendAsymOpInfo *op_info, Error **errp) +{ + int ret; + + switch (op_code) { + case VIRTIO_CRYPTO_AKCIPHER_ENCRYPT: + ret =3D qcrypto_akcipher_encrypt(sess->akcipher, + op_info->src, op_info->src_len, + op_info->dst, op_info->dst_len, err= p); + break; + + case VIRTIO_CRYPTO_AKCIPHER_DECRYPT: + ret =3D qcrypto_akcipher_decrypt(sess->akcipher, + op_info->src, op_info->src_len, + op_info->dst, op_info->dst_len, err= p); + break; + + case VIRTIO_CRYPTO_AKCIPHER_SIGN: + ret =3D qcrypto_akcipher_sign(sess->akcipher, + op_info->src, op_info->src_len, + op_info->dst, op_info->dst_len, errp); + break; + + case VIRTIO_CRYPTO_AKCIPHER_VERIFY: + ret =3D qcrypto_akcipher_verify(sess->akcipher, + op_info->src, op_info->src_len, + op_info->dst, op_info->dst_len, errp= ); + break; + + default: + return -VIRTIO_CRYPTO_ERR; + } + + if (ret < 0) { + if (op_code =3D=3D VIRTIO_CRYPTO_AKCIPHER_VERIFY) { + return -VIRTIO_CRYPTO_KEY_REJECTED; + } + return -VIRTIO_CRYPTO_ERR; + } + + /* Buffer is too short */ + if (unlikely(ret > op_info->dst_len)) { + return -VIRTIO_CRYPTO_ERR; + } + + op_info->dst_len =3D ret; + return VIRTIO_CRYPTO_OK; } =20 +static int cryptodev_builtin_operation( + CryptoDevBackend *backend, + CryptoDevBackendOpInfo *op_info, + uint32_t queue_index, Error **errp) +{ + CryptoDevBackendBuiltin *builtin =3D + CRYPTODEV_BACKEND_BUILTIN(backend); + CryptoDevBackendBuiltinSession *sess; + CryptoDevBackendSymOpInfo *sym_op_info; + CryptoDevBackendAsymOpInfo *asym_op_info; + enum CryptoDevBackendAlgType algtype =3D op_info->algtype; + int ret =3D -VIRTIO_CRYPTO_ERR; + + if (op_info->session_id >=3D MAX_NUM_SESSIONS || + builtin->sessions[op_info->session_id] =3D=3D NULL) { + error_setg(errp, "Cannot find a valid session id: %" PRIu64 "", + op_info->session_id); + return -VIRTIO_CRYPTO_INVSESS; + } + + sess =3D builtin->sessions[op_info->session_id]; + if (algtype =3D=3D CRYPTODEV_BACKEND_ALG_SYM) { + sym_op_info =3D op_info->u.sym_op_info; + ret =3D cryptodev_builtin_sym_operation(sess, sym_op_info, errp); + } else if (algtype =3D=3D CRYPTODEV_BACKEND_ALG_ASYM) { + asym_op_info =3D op_info->u.asym_op_info; + ret =3D cryptodev_builtin_asym_operation(sess, op_info->op_code, + asym_op_info, errp); + } + + return ret; +} + static void cryptodev_builtin_cleanup( CryptoDevBackend *backend, Error **errp) @@ -348,7 +542,7 @@ static void cryptodev_builtin_cleanup( =20 for (i =3D 0; i < MAX_NUM_SESSIONS; i++) { if (builtin->sessions[i] !=3D NULL) { - cryptodev_builtin_sym_close_session(backend, i, 0, &error_abor= t); + cryptodev_builtin_close_session(backend, i, 0, &error_abort); } } =20 @@ -370,9 +564,9 @@ cryptodev_builtin_class_init(ObjectClass *oc, void *dat= a) =20 bc->init =3D cryptodev_builtin_init; bc->cleanup =3D cryptodev_builtin_cleanup; - bc->create_session =3D cryptodev_builtin_sym_create_session; - bc->close_session =3D cryptodev_builtin_sym_close_session; - bc->do_sym_op =3D cryptodev_builtin_sym_operation; + bc->create_session =3D cryptodev_builtin_create_session; + bc->close_session =3D cryptodev_builtin_close_session; + bc->do_op =3D cryptodev_builtin_operation; } =20 static const TypeInfo cryptodev_builtin_info =3D { diff --git a/backends/cryptodev-vhost-user.c b/backends/cryptodev-vhost-use= r.c index bedb452474..5443a59153 100644 --- a/backends/cryptodev-vhost-user.c +++ b/backends/cryptodev-vhost-user.c @@ -259,7 +259,33 @@ static int64_t cryptodev_vhost_user_sym_create_session( return -1; } =20 -static int cryptodev_vhost_user_sym_close_session( +static int64_t cryptodev_vhost_user_create_session( + CryptoDevBackend *backend, + CryptoDevBackendSessionInfo *sess_info, + uint32_t queue_index, Error **errp) +{ + uint32_t op_code =3D sess_info->op_code; + CryptoDevBackendSymSessionInfo *sym_sess_info; + + switch (op_code) { + case VIRTIO_CRYPTO_CIPHER_CREATE_SESSION: + case VIRTIO_CRYPTO_HASH_CREATE_SESSION: + case VIRTIO_CRYPTO_MAC_CREATE_SESSION: + case VIRTIO_CRYPTO_AEAD_CREATE_SESSION: + sym_sess_info =3D &sess_info->u.sym_sess_info; + return cryptodev_vhost_user_sym_create_session(backend, sym_sess_i= nfo, + queue_index, errp); + default: + error_setg(errp, "Unsupported opcode :%" PRIu32 "", + sess_info->op_code); + return -1; + + } + + return -1; +} + +static int cryptodev_vhost_user_close_session( CryptoDevBackend *backend, uint64_t session_id, uint32_t queue_index, Error **errp) @@ -351,9 +377,9 @@ cryptodev_vhost_user_class_init(ObjectClass *oc, void *= data) =20 bc->init =3D cryptodev_vhost_user_init; bc->cleanup =3D cryptodev_vhost_user_cleanup; - bc->create_session =3D cryptodev_vhost_user_sym_create_session; - bc->close_session =3D cryptodev_vhost_user_sym_close_session; - bc->do_sym_op =3D NULL; + bc->create_session =3D cryptodev_vhost_user_create_session; + bc->close_session =3D cryptodev_vhost_user_close_session; + bc->do_op =3D NULL; =20 object_class_property_add_str(oc, "chardev", cryptodev_vhost_user_get_chardev, diff --git a/backends/cryptodev.c b/backends/cryptodev.c index 2b105e433c..33eb4e1a70 100644 --- a/backends/cryptodev.c +++ b/backends/cryptodev.c @@ -72,9 +72,9 @@ void cryptodev_backend_cleanup( } } =20 -int64_t cryptodev_backend_sym_create_session( +int64_t cryptodev_backend_create_session( CryptoDevBackend *backend, - CryptoDevBackendSymSessionInfo *sess_info, + CryptoDevBackendSessionInfo *sess_info, uint32_t queue_index, Error **errp) { CryptoDevBackendClass *bc =3D @@ -87,7 +87,7 @@ int64_t cryptodev_backend_sym_create_session( return -1; } =20 -int cryptodev_backend_sym_close_session( +int cryptodev_backend_close_session( CryptoDevBackend *backend, uint64_t session_id, uint32_t queue_index, Error **errp) @@ -102,16 +102,16 @@ int cryptodev_backend_sym_close_session( return -1; } =20 -static int cryptodev_backend_sym_operation( +static int cryptodev_backend_operation( CryptoDevBackend *backend, - CryptoDevBackendSymOpInfo *op_info, + CryptoDevBackendOpInfo *op_info, uint32_t queue_index, Error **errp) { CryptoDevBackendClass *bc =3D CRYPTODEV_BACKEND_GET_CLASS(backend); =20 - if (bc->do_sym_op) { - return bc->do_sym_op(backend, op_info, queue_index, errp); + if (bc->do_op) { + return bc->do_op(backend, op_info, queue_index, errp); } =20 return -VIRTIO_CRYPTO_ERR; @@ -123,20 +123,18 @@ int cryptodev_backend_crypto_operation( uint32_t queue_index, Error **errp) { VirtIOCryptoReq *req =3D opaque; + CryptoDevBackendOpInfo *op_info =3D &req->op_info; + enum CryptoDevBackendAlgType algtype =3D req->flags; =20 - if (req->flags =3D=3D CRYPTODEV_BACKEND_ALG_SYM) { - CryptoDevBackendSymOpInfo *op_info; - op_info =3D req->u.sym_op_info; - - return cryptodev_backend_sym_operation(backend, - op_info, queue_index, errp); - } else { + if ((algtype !=3D CRYPTODEV_BACKEND_ALG_SYM) + && (algtype !=3D CRYPTODEV_BACKEND_ALG_ASYM)) { error_setg(errp, "Unsupported cryptodev alg type: %" PRIu32 "", - req->flags); - return -VIRTIO_CRYPTO_NOTSUPP; + algtype); + + return -VIRTIO_CRYPTO_NOTSUPP; } =20 - return -VIRTIO_CRYPTO_ERR; + return cryptodev_backend_operation(backend, op_info, queue_index, errp= ); } =20 static void diff --git a/hw/virtio/virtio-crypto.c b/hw/virtio/virtio-crypto.c index dcd80b904d..a98105d9e9 100644 --- a/hw/virtio/virtio-crypto.c +++ b/hw/virtio/virtio-crypto.c @@ -83,7 +83,8 @@ virtio_crypto_create_sym_session(VirtIOCrypto *vcrypto, struct iovec *iov, unsigned int out_num) { VirtIODevice *vdev =3D VIRTIO_DEVICE(vcrypto); - CryptoDevBackendSymSessionInfo info; + CryptoDevBackendSessionInfo info; + CryptoDevBackendSymSessionInfo *sym_info; int64_t session_id; int queue_index; uint32_t op_type; @@ -92,11 +93,13 @@ virtio_crypto_create_sym_session(VirtIOCrypto *vcrypto, =20 memset(&info, 0, sizeof(info)); op_type =3D ldl_le_p(&sess_req->op_type); - info.op_type =3D op_type; info.op_code =3D opcode; =20 + sym_info =3D &info.u.sym_sess_info; + sym_info->op_type =3D op_type; + if (op_type =3D=3D VIRTIO_CRYPTO_SYM_OP_CIPHER) { - ret =3D virtio_crypto_cipher_session_helper(vdev, &info, + ret =3D virtio_crypto_cipher_session_helper(vdev, sym_info, &sess_req->u.cipher.para, &iov, &out_num); if (ret < 0) { @@ -105,47 +108,47 @@ virtio_crypto_create_sym_session(VirtIOCrypto *vcrypt= o, } else if (op_type =3D=3D VIRTIO_CRYPTO_SYM_OP_ALGORITHM_CHAINING) { size_t s; /* cipher part */ - ret =3D virtio_crypto_cipher_session_helper(vdev, &info, + ret =3D virtio_crypto_cipher_session_helper(vdev, sym_info, &sess_req->u.chain.para.cipher_param, &iov, &out_num); if (ret < 0) { goto err; } /* hash part */ - info.alg_chain_order =3D ldl_le_p( + sym_info->alg_chain_order =3D ldl_le_p( &sess_req->u.chain.para.alg_chain_ord= er); - info.add_len =3D ldl_le_p(&sess_req->u.chain.para.aad_len); - info.hash_mode =3D ldl_le_p(&sess_req->u.chain.para.hash_mode); - if (info.hash_mode =3D=3D VIRTIO_CRYPTO_SYM_HASH_MODE_AUTH) { - info.hash_alg =3D ldl_le_p(&sess_req->u.chain.para.u.mac_param= .algo); - info.auth_key_len =3D ldl_le_p( + sym_info->add_len =3D ldl_le_p(&sess_req->u.chain.para.aad_len); + sym_info->hash_mode =3D ldl_le_p(&sess_req->u.chain.para.hash_mode= ); + if (sym_info->hash_mode =3D=3D VIRTIO_CRYPTO_SYM_HASH_MODE_AUTH) { + sym_info->hash_alg =3D + ldl_le_p(&sess_req->u.chain.para.u.mac_param.algo); + sym_info->auth_key_len =3D ldl_le_p( &sess_req->u.chain.para.u.mac_param.auth_key_= len); - info.hash_result_len =3D ldl_le_p( + sym_info->hash_result_len =3D ldl_le_p( &sess_req->u.chain.para.u.mac_param.hash_result= _len); - if (info.auth_key_len > vcrypto->conf.max_auth_key_len) { + if (sym_info->auth_key_len > vcrypto->conf.max_auth_key_len) { error_report("virtio-crypto length of auth key is too big:= %u", - info.auth_key_len); + sym_info->auth_key_len); ret =3D -VIRTIO_CRYPTO_ERR; goto err; } /* get auth key */ - if (info.auth_key_len > 0) { - DPRINTF("auth_keylen=3D%" PRIu32 "\n", info.auth_key_len); - info.auth_key =3D g_malloc(info.auth_key_len); - s =3D iov_to_buf(iov, out_num, 0, info.auth_key, - info.auth_key_len); - if (unlikely(s !=3D info.auth_key_len)) { + if (sym_info->auth_key_len > 0) { + sym_info->auth_key =3D g_malloc(sym_info->auth_key_len); + s =3D iov_to_buf(iov, out_num, 0, sym_info->auth_key, + sym_info->auth_key_len); + if (unlikely(s !=3D sym_info->auth_key_len)) { virtio_error(vdev, "virtio-crypto authenticated key incorrect"); ret =3D -EFAULT; goto err; } - iov_discard_front(&iov, &out_num, info.auth_key_len); + iov_discard_front(&iov, &out_num, sym_info->auth_key_len); } - } else if (info.hash_mode =3D=3D VIRTIO_CRYPTO_SYM_HASH_MODE_PLAIN= ) { - info.hash_alg =3D ldl_le_p( + } else if (sym_info->hash_mode =3D=3D VIRTIO_CRYPTO_SYM_HASH_MODE_= PLAIN) { + sym_info->hash_alg =3D ldl_le_p( &sess_req->u.chain.para.u.hash_param.algo); - info.hash_result_len =3D ldl_le_p( + sym_info->hash_result_len =3D ldl_le_p( &sess_req->u.chain.para.u.hash_param.hash_result_l= en); } else { /* VIRTIO_CRYPTO_SYM_HASH_MODE_NESTED */ @@ -161,13 +164,10 @@ virtio_crypto_create_sym_session(VirtIOCrypto *vcrypt= o, } =20 queue_index =3D virtio_crypto_vq2q(queue_id); - session_id =3D cryptodev_backend_sym_create_session( + session_id =3D cryptodev_backend_create_session( vcrypto->cryptodev, &info, queue_index, &local_err); if (session_id >=3D 0) { - DPRINTF("create session_id=3D%" PRIu64 " successfully\n", - session_id); - ret =3D session_id; } else { if (local_err) { @@ -177,11 +177,78 @@ virtio_crypto_create_sym_session(VirtIOCrypto *vcrypt= o, } =20 err: - g_free(info.cipher_key); - g_free(info.auth_key); + g_free(sym_info->cipher_key); + g_free(sym_info->auth_key); return ret; } =20 +static int64_t +virtio_crypto_create_asym_session(VirtIOCrypto *vcrypto, + struct virtio_crypto_akcipher_create_session_req *sess_req, + uint32_t queue_id, uint32_t opcode, + struct iovec *iov, unsigned int out_num) +{ + VirtIODevice *vdev =3D VIRTIO_DEVICE(vcrypto); + CryptoDevBackendSessionInfo info =3D {0}; + CryptoDevBackendAsymSessionInfo *asym_info; + int64_t session_id; + int queue_index; + uint32_t algo, keytype, keylen; + g_autofree uint8_t *key =3D NULL; + Error *local_err =3D NULL; + + algo =3D ldl_le_p(&sess_req->para.algo); + keytype =3D ldl_le_p(&sess_req->para.keytype); + keylen =3D ldl_le_p(&sess_req->para.keylen); + + if ((keytype !=3D VIRTIO_CRYPTO_AKCIPHER_KEY_TYPE_PUBLIC) + && (keytype !=3D VIRTIO_CRYPTO_AKCIPHER_KEY_TYPE_PRIVATE)) { + error_report("unsupported asym keytype: %d", keytype); + return -VIRTIO_CRYPTO_NOTSUPP; + } + + if (keylen) { + key =3D g_malloc(keylen); + if (iov_to_buf(iov, out_num, 0, key, keylen) !=3D keylen) { + virtio_error(vdev, "virtio-crypto asym key incorrect"); + return -EFAULT; + } + iov_discard_front(&iov, &out_num, keylen); + } + + info.op_code =3D opcode; + asym_info =3D &info.u.asym_sess_info; + asym_info->algo =3D algo; + asym_info->keytype =3D keytype; + asym_info->keylen =3D keylen; + asym_info->key =3D key; + switch (asym_info->algo) { + case VIRTIO_CRYPTO_AKCIPHER_RSA: + asym_info->u.rsa.padding_algo =3D + ldl_le_p(&sess_req->para.u.rsa.padding_algo); + asym_info->u.rsa.hash_algo =3D + ldl_le_p(&sess_req->para.u.rsa.hash_algo); + break; + + /* TODO DSA&ECDSA handling */ + + default: + return -VIRTIO_CRYPTO_ERR; + } + + queue_index =3D virtio_crypto_vq2q(queue_id); + session_id =3D cryptodev_backend_create_session(vcrypto->cryptodev, &i= nfo, + queue_index, &local_err); + if (session_id < 0) { + if (local_err) { + error_report_err(local_err); + } + return -VIRTIO_CRYPTO_ERR; + } + + return session_id; +} + static uint8_t virtio_crypto_handle_close_session(VirtIOCrypto *vcrypto, struct virtio_crypto_destroy_session_req *close_sess_req, @@ -195,7 +262,7 @@ virtio_crypto_handle_close_session(VirtIOCrypto *vcrypt= o, session_id =3D ldq_le_p(&close_sess_req->session_id); DPRINTF("close session, id=3D%" PRIu64 "\n", session_id); =20 - ret =3D cryptodev_backend_sym_close_session( + ret =3D cryptodev_backend_close_session( vcrypto->cryptodev, session_id, queue_id, &local_err); if (ret =3D=3D 0) { status =3D VIRTIO_CRYPTO_OK; @@ -260,13 +327,22 @@ static void virtio_crypto_handle_ctrl(VirtIODevice *v= dev, VirtQueue *vq) opcode =3D ldl_le_p(&ctrl.header.opcode); queue_id =3D ldl_le_p(&ctrl.header.queue_id); =20 + memset(&input, 0, sizeof(input)); switch (opcode) { case VIRTIO_CRYPTO_CIPHER_CREATE_SESSION: - memset(&input, 0, sizeof(input)); session_id =3D virtio_crypto_create_sym_session(vcrypto, &ctrl.u.sym_create_session, queue_id, opcode, out_iov, out_num); + goto check_session; + + case VIRTIO_CRYPTO_AKCIPHER_CREATE_SESSION: + session_id =3D virtio_crypto_create_asym_session(vcrypto, + &ctrl.u.akcipher_create_session, + queue_id, opcode, + out_iov, out_num); + +check_session: /* Serious errors, need to reset virtio crypto device */ if (session_id =3D=3D -EFAULT) { virtqueue_detach_element(vq, elem, 0); @@ -290,10 +366,12 @@ static void virtio_crypto_handle_ctrl(VirtIODevice *v= dev, VirtQueue *vq) virtqueue_push(vq, elem, sizeof(input)); virtio_notify(vdev, vq); break; + case VIRTIO_CRYPTO_CIPHER_DESTROY_SESSION: case VIRTIO_CRYPTO_HASH_DESTROY_SESSION: case VIRTIO_CRYPTO_MAC_DESTROY_SESSION: case VIRTIO_CRYPTO_AEAD_DESTROY_SESSION: + case VIRTIO_CRYPTO_AKCIPHER_DESTROY_SESSION: status =3D virtio_crypto_handle_close_session(vcrypto, &ctrl.u.destroy_session, queue_id); /* The status only occupy one byte, we can directly use it */ @@ -311,7 +389,6 @@ static void virtio_crypto_handle_ctrl(VirtIODevice *vde= v, VirtQueue *vq) case VIRTIO_CRYPTO_AEAD_CREATE_SESSION: default: error_report("virtio-crypto unsupported ctrl opcode: %d", opco= de); - memset(&input, 0, sizeof(input)); stl_le_p(&input.status, VIRTIO_CRYPTO_NOTSUPP); s =3D iov_from_buf(in_iov, in_num, 0, &input, sizeof(input)); if (unlikely(s !=3D sizeof(input))) { @@ -339,28 +416,39 @@ static void virtio_crypto_init_request(VirtIOCrypto *= vcrypto, VirtQueue *vq, req->in_num =3D 0; req->in_len =3D 0; req->flags =3D CRYPTODEV_BACKEND_ALG__MAX; - req->u.sym_op_info =3D NULL; + memset(&req->op_info, 0x00, sizeof(req->op_info)); } =20 static void virtio_crypto_free_request(VirtIOCryptoReq *req) { - if (req) { - if (req->flags =3D=3D CRYPTODEV_BACKEND_ALG_SYM) { - size_t max_len; - CryptoDevBackendSymOpInfo *op_info =3D req->u.sym_op_info; - - max_len =3D op_info->iv_len + - op_info->aad_len + - op_info->src_len + - op_info->dst_len + - op_info->digest_result_len; - - /* Zeroize and free request data structure */ - memset(op_info, 0, sizeof(*op_info) + max_len); + if (!req) { + return; + } + + if (req->flags =3D=3D CRYPTODEV_BACKEND_ALG_SYM) { + size_t max_len; + CryptoDevBackendSymOpInfo *op_info =3D req->op_info.u.sym_op_info; + + max_len =3D op_info->iv_len + + op_info->aad_len + + op_info->src_len + + op_info->dst_len + + op_info->digest_result_len; + + /* Zeroize and free request data structure */ + memset(op_info, 0, sizeof(*op_info) + max_len); + g_free(op_info); + } else if (req->flags =3D=3D CRYPTODEV_BACKEND_ALG_ASYM) { + CryptoDevBackendAsymOpInfo *op_info =3D req->op_info.u.asym_op_inf= o; + if (op_info) { + g_free(op_info->src); + g_free(op_info->dst); + memset(op_info, 0, sizeof(*op_info)); g_free(op_info); } - g_free(req); } + + g_free(req); } =20 static void @@ -397,6 +485,35 @@ virtio_crypto_sym_input_data_helper(VirtIODevice *vdev, } } =20 +static void +virtio_crypto_akcipher_input_data_helper(VirtIODevice *vdev, + VirtIOCryptoReq *req, int32_t status, + CryptoDevBackendAsymOpInfo *asym_op_info) +{ + size_t s, len; + + if (status !=3D VIRTIO_CRYPTO_OK) { + return; + } + + len =3D asym_op_info->dst_len; + if (!len) { + return; + } + + s =3D iov_from_buf(req->in_iov, req->in_num, 0, asym_op_info->dst, len= ); + if (s !=3D len) { + virtio_error(vdev, "virtio-crypto asym dest data incorrect"); + return; + } + + iov_discard_front(&req->in_iov, &req->in_num, len); + + /* For akcipher, dst_len may be changed after operation */ + req->in_len =3D sizeof(struct virtio_crypto_inhdr) + asym_op_info->dst= _len; +} + + static void virtio_crypto_req_complete(VirtIOCryptoReq *req, uint8_t statu= s) { VirtIOCrypto *vcrypto =3D req->vcrypto; @@ -404,7 +521,10 @@ static void virtio_crypto_req_complete(VirtIOCryptoReq= *req, uint8_t status) =20 if (req->flags =3D=3D CRYPTODEV_BACKEND_ALG_SYM) { virtio_crypto_sym_input_data_helper(vdev, req, status, - req->u.sym_op_info); + req->op_info.u.sym_op_info); + } else if (req->flags =3D=3D CRYPTODEV_BACKEND_ALG_ASYM) { + virtio_crypto_akcipher_input_data_helper(vdev, req, status, + req->op_info.u.asym_op_info); } stb_p(&req->in->status, status); virtqueue_push(req->vq, &req->elem, req->in_len); @@ -543,41 +663,100 @@ err: static int virtio_crypto_handle_sym_req(VirtIOCrypto *vcrypto, struct virtio_crypto_sym_data_req *req, - CryptoDevBackendSymOpInfo **sym_op_info, + CryptoDevBackendOpInfo *op_info, struct iovec *iov, unsigned int out_num) { VirtIODevice *vdev =3D VIRTIO_DEVICE(vcrypto); + CryptoDevBackendSymOpInfo *sym_op_info; uint32_t op_type; - CryptoDevBackendSymOpInfo *op_info; =20 op_type =3D ldl_le_p(&req->op_type); - if (op_type =3D=3D VIRTIO_CRYPTO_SYM_OP_CIPHER) { - op_info =3D virtio_crypto_sym_op_helper(vdev, &req->u.cipher.para, + sym_op_info =3D virtio_crypto_sym_op_helper(vdev, &req->u.cipher.p= ara, NULL, iov, out_num); - if (!op_info) { + if (!sym_op_info) { return -EFAULT; } - op_info->op_type =3D op_type; } else if (op_type =3D=3D VIRTIO_CRYPTO_SYM_OP_ALGORITHM_CHAINING) { - op_info =3D virtio_crypto_sym_op_helper(vdev, NULL, + sym_op_info =3D virtio_crypto_sym_op_helper(vdev, NULL, &req->u.chain.para, iov, out_num); - if (!op_info) { + if (!sym_op_info) { return -EFAULT; } - op_info->op_type =3D op_type; } else { /* VIRTIO_CRYPTO_SYM_OP_NONE */ error_report("virtio-crypto unsupported cipher type"); return -VIRTIO_CRYPTO_NOTSUPP; } =20 - *sym_op_info =3D op_info; + sym_op_info->op_type =3D op_type; + op_info->u.sym_op_info =3D sym_op_info; =20 return 0; } =20 +static int +virtio_crypto_handle_asym_req(VirtIOCrypto *vcrypto, + struct virtio_crypto_akcipher_data_req *req, + CryptoDevBackendOpInfo *op_info, + struct iovec *iov, unsigned int out_num) +{ + VirtIODevice *vdev =3D VIRTIO_DEVICE(vcrypto); + CryptoDevBackendAsymOpInfo *asym_op_info; + uint32_t src_len; + uint32_t dst_len; + uint32_t len; + uint8_t *src =3D NULL; + uint8_t *dst =3D NULL; + + asym_op_info =3D g_malloc0(sizeof(CryptoDevBackendAsymOpInfo)); + src_len =3D ldl_le_p(&req->para.src_data_len); + dst_len =3D ldl_le_p(&req->para.dst_data_len); + + if (src_len > 0) { + src =3D g_malloc0(src_len); + len =3D iov_to_buf(iov, out_num, 0, src, src_len); + if (unlikely(len !=3D src_len)) { + virtio_error(vdev, "virtio-crypto asym src data incorrect" + "expected %u, actual %u", src_len, len); + goto err; + } + + iov_discard_front(&iov, &out_num, src_len); + } + + if (dst_len > 0) { + dst =3D g_malloc0(dst_len); + + if (op_info->op_code =3D=3D VIRTIO_CRYPTO_AKCIPHER_VERIFY) { + len =3D iov_to_buf(iov, out_num, 0, dst, dst_len); + if (unlikely(len !=3D dst_len)) { + virtio_error(vdev, "virtio-crypto asym dst data incorrect" + "expected %u, actual %u", dst_len, len); + goto err; + } + + iov_discard_front(&iov, &out_num, dst_len); + } + } + + asym_op_info->src_len =3D src_len; + asym_op_info->dst_len =3D dst_len; + asym_op_info->src =3D src; + asym_op_info->dst =3D dst; + op_info->u.asym_op_info =3D asym_op_info; + + return 0; + + err: + g_free(asym_op_info); + g_free(src); + g_free(dst); + + return -EFAULT; +} + static int virtio_crypto_handle_request(VirtIOCryptoReq *request) { @@ -595,8 +774,7 @@ virtio_crypto_handle_request(VirtIOCryptoReq *request) unsigned out_num; uint32_t opcode; uint8_t status =3D VIRTIO_CRYPTO_ERR; - uint64_t session_id; - CryptoDevBackendSymOpInfo *sym_op_info =3D NULL; + CryptoDevBackendOpInfo *op_info =3D &request->op_info; Error *local_err =3D NULL; =20 if (elem->out_num < 1 || elem->in_num < 1) { @@ -639,15 +817,28 @@ virtio_crypto_handle_request(VirtIOCryptoReq *request) request->in_iov =3D in_iov; =20 opcode =3D ldl_le_p(&req.header.opcode); - session_id =3D ldq_le_p(&req.header.session_id); + op_info->session_id =3D ldq_le_p(&req.header.session_id); + op_info->op_code =3D opcode; =20 switch (opcode) { case VIRTIO_CRYPTO_CIPHER_ENCRYPT: case VIRTIO_CRYPTO_CIPHER_DECRYPT: + op_info->algtype =3D request->flags =3D CRYPTODEV_BACKEND_ALG_SYM; ret =3D virtio_crypto_handle_sym_req(vcrypto, - &req.u.sym_req, - &sym_op_info, + &req.u.sym_req, op_info, + out_iov, out_num); + goto check_result; + + case VIRTIO_CRYPTO_AKCIPHER_ENCRYPT: + case VIRTIO_CRYPTO_AKCIPHER_DECRYPT: + case VIRTIO_CRYPTO_AKCIPHER_SIGN: + case VIRTIO_CRYPTO_AKCIPHER_VERIFY: + op_info->algtype =3D request->flags =3D CRYPTODEV_BACKEND_ALG_ASYM; + ret =3D virtio_crypto_handle_asym_req(vcrypto, + &req.u.akcipher_req, op_info, out_iov, out_num); + +check_result: /* Serious errors, need to reset virtio crypto device */ if (ret =3D=3D -EFAULT) { return -1; @@ -655,11 +846,8 @@ virtio_crypto_handle_request(VirtIOCryptoReq *request) virtio_crypto_req_complete(request, VIRTIO_CRYPTO_NOTSUPP); virtio_crypto_free_request(request); } else { - sym_op_info->session_id =3D session_id; =20 /* Set request's parameter */ - request->flags =3D CRYPTODEV_BACKEND_ALG_SYM; - request->u.sym_op_info =3D sym_op_info; ret =3D cryptodev_backend_crypto_operation(vcrypto->cryptodev, request, queue_index, &local_err); if (ret < 0) { @@ -674,6 +862,7 @@ virtio_crypto_handle_request(VirtIOCryptoReq *request) virtio_crypto_free_request(request); } break; + case VIRTIO_CRYPTO_HASH: case VIRTIO_CRYPTO_MAC: case VIRTIO_CRYPTO_AEAD_ENCRYPT: @@ -779,6 +968,7 @@ static void virtio_crypto_init_config(VirtIODevice *vde= v) vcrypto->conf.mac_algo_l =3D vcrypto->conf.cryptodev->conf.mac_algo_l; vcrypto->conf.mac_algo_h =3D vcrypto->conf.cryptodev->conf.mac_algo_h; vcrypto->conf.aead_algo =3D vcrypto->conf.cryptodev->conf.aead_algo; + vcrypto->conf.akcipher_algo =3D vcrypto->conf.cryptodev->conf.akcipher= _algo; vcrypto->conf.max_cipher_key_len =3D vcrypto->conf.cryptodev->conf.max_cipher_key_len; vcrypto->conf.max_auth_key_len =3D @@ -891,6 +1081,7 @@ static void virtio_crypto_get_config(VirtIODevice *vde= v, uint8_t *config) stl_le_p(&crypto_cfg.max_cipher_key_len, c->conf.max_cipher_key_len); stl_le_p(&crypto_cfg.max_auth_key_len, c->conf.max_auth_key_len); stq_le_p(&crypto_cfg.max_size, c->conf.max_size); + stl_le_p(&crypto_cfg.akcipher_algo, c->conf.akcipher_algo); =20 memcpy(config, &crypto_cfg, c->config_size); } diff --git a/include/hw/virtio/virtio-crypto.h b/include/hw/virtio/virtio-c= rypto.h index a2228d7b2e..348749f5d5 100644 --- a/include/hw/virtio/virtio-crypto.h +++ b/include/hw/virtio/virtio-crypto.h @@ -50,6 +50,7 @@ typedef struct VirtIOCryptoConf { uint32_t mac_algo_l; uint32_t mac_algo_h; uint32_t aead_algo; + uint32_t akcipher_algo; =20 /* Maximum length of cipher key */ uint32_t max_cipher_key_len; @@ -71,9 +72,7 @@ typedef struct VirtIOCryptoReq { size_t in_len; VirtQueue *vq; struct VirtIOCrypto *vcrypto; - union { - CryptoDevBackendSymOpInfo *sym_op_info; - } u; + CryptoDevBackendOpInfo op_info; } VirtIOCryptoReq; =20 typedef struct VirtIOCryptoQueue { diff --git a/include/sysemu/cryptodev.h b/include/sysemu/cryptodev.h index f4d4057d4d..37c3a360fd 100644 --- a/include/sysemu/cryptodev.h +++ b/include/sysemu/cryptodev.h @@ -50,13 +50,13 @@ typedef struct CryptoDevBackendClient =20 enum CryptoDevBackendAlgType { CRYPTODEV_BACKEND_ALG_SYM, + CRYPTODEV_BACKEND_ALG_ASYM, CRYPTODEV_BACKEND_ALG__MAX, }; =20 /** * CryptoDevBackendSymSessionInfo: * - * @op_code: operation code (refer to virtio_crypto.h) * @cipher_alg: algorithm type of CIPHER * @key_len: byte length of cipher key * @hash_alg: algorithm type of HASH/MAC @@ -74,7 +74,6 @@ enum CryptoDevBackendAlgType { */ typedef struct CryptoDevBackendSymSessionInfo { /* corresponding with virtio crypto spec */ - uint32_t op_code; uint32_t cipher_alg; uint32_t key_len; uint32_t hash_alg; @@ -89,11 +88,36 @@ typedef struct CryptoDevBackendSymSessionInfo { uint8_t *auth_key; } CryptoDevBackendSymSessionInfo; =20 +/** + * CryptoDevBackendAsymSessionInfo: + */ +typedef struct CryptoDevBackendRsaPara { + uint32_t padding_algo; + uint32_t hash_algo; +} CryptoDevBackendRsaPara; + +typedef struct CryptoDevBackendAsymSessionInfo { + /* corresponding with virtio crypto spec */ + uint32_t algo; + uint32_t keytype; + uint32_t keylen; + uint8_t *key; + union { + CryptoDevBackendRsaPara rsa; + } u; +} CryptoDevBackendAsymSessionInfo; + +typedef struct CryptoDevBackendSessionInfo { + uint32_t op_code; + union { + CryptoDevBackendSymSessionInfo sym_sess_info; + CryptoDevBackendAsymSessionInfo asym_sess_info; + } u; +} CryptoDevBackendSessionInfo; + /** * CryptoDevBackendSymOpInfo: * - * @session_id: session index which was previously - * created by cryptodev_backend_sym_create_session() * @aad_len: byte length of additional authenticated data * @iv_len: byte length of initialization vector or counter * @src_len: byte length of source data @@ -119,7 +143,6 @@ typedef struct CryptoDevBackendSymSessionInfo { * */ typedef struct CryptoDevBackendSymOpInfo { - uint64_t session_id; uint32_t aad_len; uint32_t iv_len; uint32_t src_len; @@ -138,6 +161,33 @@ typedef struct CryptoDevBackendSymOpInfo { uint8_t data[]; } CryptoDevBackendSymOpInfo; =20 + +/** + * CryptoDevBackendAsymOpInfo: + * + * @src_len: byte length of source data + * @dst_len: byte length of destination data + * @src: point to the source data + * @dst: point to the destination data + * + */ +typedef struct CryptoDevBackendAsymOpInfo { + uint32_t src_len; + uint32_t dst_len; + uint8_t *src; + uint8_t *dst; +} CryptoDevBackendAsymOpInfo; + +typedef struct CryptoDevBackendOpInfo { + enum CryptoDevBackendAlgType algtype; + uint32_t op_code; + uint64_t session_id; + union { + CryptoDevBackendSymOpInfo *sym_op_info; + CryptoDevBackendAsymOpInfo *asym_op_info; + } u; +} CryptoDevBackendOpInfo; + struct CryptoDevBackendClass { ObjectClass parent_class; =20 @@ -145,13 +195,13 @@ struct CryptoDevBackendClass { void (*cleanup)(CryptoDevBackend *backend, Error **errp); =20 int64_t (*create_session)(CryptoDevBackend *backend, - CryptoDevBackendSymSessionInfo *sess_info, + CryptoDevBackendSessionInfo *sess_info, uint32_t queue_index, Error **errp); int (*close_session)(CryptoDevBackend *backend, uint64_t session_id, uint32_t queue_index, Error **errp); - int (*do_sym_op)(CryptoDevBackend *backend, - CryptoDevBackendSymOpInfo *op_info, + int (*do_op)(CryptoDevBackend *backend, + CryptoDevBackendOpInfo *op_info, uint32_t queue_index, Error **errp); }; =20 @@ -190,6 +240,7 @@ struct CryptoDevBackendConf { uint32_t mac_algo_l; uint32_t mac_algo_h; uint32_t aead_algo; + uint32_t akcipher_algo; /* Maximum length of cipher key */ uint32_t max_cipher_key_len; /* Maximum length of authenticated key */ @@ -247,34 +298,34 @@ void cryptodev_backend_cleanup( Error **errp); =20 /** - * cryptodev_backend_sym_create_session: + * cryptodev_backend_create_session: * @backend: the cryptodev backend object * @sess_info: parameters needed by session creating * @queue_index: queue index of cryptodev backend client * @errp: pointer to a NULL-initialized error object * - * Create a session for symmetric algorithms + * Create a session for symmetric/symmetric algorithms * * Returns: session id on success, or -1 on error */ -int64_t cryptodev_backend_sym_create_session( +int64_t cryptodev_backend_create_session( CryptoDevBackend *backend, - CryptoDevBackendSymSessionInfo *sess_info, + CryptoDevBackendSessionInfo *sess_info, uint32_t queue_index, Error **errp); =20 /** - * cryptodev_backend_sym_close_session: + * cryptodev_backend_close_session: * @backend: the cryptodev backend object * @session_id: the session id * @queue_index: queue index of cryptodev backend client * @errp: pointer to a NULL-initialized error object * - * Close a session for symmetric algorithms which was previously - * created by cryptodev_backend_sym_create_session() + * Close a session for which was previously + * created by cryptodev_backend_create_session() * * Returns: 0 on success, or Negative on error */ -int cryptodev_backend_sym_close_session( +int cryptodev_backend_close_session( CryptoDevBackend *backend, uint64_t session_id, uint32_t queue_index, Error **errp); --=20 2.20.1