e09d1c27 | 25-May-2022 |
Lei He <helei.sig11@bytedance.com> |
crypto: Implement RSA algorithm by gcrypt
Added gcryt implementation of RSA algorithm, RSA algorithm implemented by gcrypt has a higher priority than nettle because it supports raw padding.
Signed-
crypto: Implement RSA algorithm by gcrypt
Added gcryt implementation of RSA algorithm, RSA algorithm implemented by gcrypt has a higher priority than nettle because it supports raw padding.
Signed-off-by: lei he <helei.sig11@bytedance.com> Signed-off-by: Daniel P. Berrangé <berrange@redhat.com>
show more ...
|
8c1d3dc7 | 25-Jun-2021 |
Daniel P. Berrangé <berrange@redhat.com> |
crypto: add gnutls pbkdf provider
This adds support for using gnutls as a provider of the crypto pbkdf APIs.
Reviewed-by: Eric Blake <eblake@redhat.com> Signed-off-by: Daniel P. Berrangé <berrange@
crypto: add gnutls pbkdf provider
This adds support for using gnutls as a provider of the crypto pbkdf APIs.
Reviewed-by: Eric Blake <eblake@redhat.com> Signed-off-by: Daniel P. Berrangé <berrange@redhat.com>
show more ...
|
678307b6 | 25-Jun-2021 |
Daniel P. Berrangé <berrange@redhat.com> |
crypto: add gnutls hmac provider
This adds support for using gnutls as a provider of the crypto hmac APIs.
Reviewed-by: Eric Blake <eblake@redhat.com> Signed-off-by: Daniel P. Berrangé <berrange@re
crypto: add gnutls hmac provider
This adds support for using gnutls as a provider of the crypto hmac APIs.
Reviewed-by: Eric Blake <eblake@redhat.com> Signed-off-by: Daniel P. Berrangé <berrange@redhat.com>
show more ...
|
9a85ca05 | 25-Jun-2021 |
Daniel P. Berrangé <berrange@redhat.com> |
crypto: add gnutls hash provider
This adds support for using gnutls as a provider of the crypto hash APIs.
Reviewed-by: Eric Blake <eblake@redhat.com> Signed-off-by: Daniel P. Berrangé <berrange@re
crypto: add gnutls hash provider
This adds support for using gnutls as a provider of the crypto hash APIs.
Reviewed-by: Eric Blake <eblake@redhat.com> Signed-off-by: Daniel P. Berrangé <berrange@redhat.com>
show more ...
|
3d2b61ff | 29-Jun-2021 |
Daniel P. Berrangé <berrange@redhat.com> |
crypto: add gnutls cipher provider
Add an implementation of the QEMU cipher APIs to the gnutls crypto backend. XTS support is only available for gnutls version >= 3.6.8. Since ECB mode is not expose
crypto: add gnutls cipher provider
Add an implementation of the QEMU cipher APIs to the gnutls crypto backend. XTS support is only available for gnutls version >= 3.6.8. Since ECB mode is not exposed by gnutls APIs, we can't use the private XTS code for compatibility.
Reviewed-by: Eric Blake <eblake@redhat.com> Signed-off-by: Daniel P. Berrangé <berrange@redhat.com>
show more ...
|
cc4c7c73 | 30-Jun-2021 |
Daniel P. Berrangé <berrange@redhat.com> |
crypto: introduce build system for gnutls crypto backend
This introduces the build logic needed to decide whether we can use gnutls as a crypto driver backend. The actual implementations will be int
crypto: introduce build system for gnutls crypto backend
This introduces the build logic needed to decide whether we can use gnutls as a crypto driver backend. The actual implementations will be introduced in following patches. We only wish to use gnutls if it has version 3.6.14 or newer, because that is what finally brings HW accelerated AES-XTS mode for x86_64.
Reviewed-by: Eric Blake <eblake@redhat.com> Signed-off-by: Daniel P. Berrangé <berrange@redhat.com>
show more ...
|
83bee4b5 | 29-Jun-2021 |
Daniel P. Berrangé <berrange@redhat.com> |
crypto: replace 'des-rfb' cipher with 'des'
Currently the crypto layer exposes support for a 'des-rfb' algorithm which is just normal single-DES, with the bits in each key byte reversed. This specia
crypto: replace 'des-rfb' cipher with 'des'
Currently the crypto layer exposes support for a 'des-rfb' algorithm which is just normal single-DES, with the bits in each key byte reversed. This special key munging is required by the RFB protocol password authentication mechanism.
Since the crypto layer is generic shared code, it makes more sense to do the key byte munging in the VNC server code, and expose normal single-DES support.
Replacing cipher 'des-rfb' by 'des' looks like an incompatible interface change, but it doesn't matter. While the QMP schema allows any QCryptoCipherAlgorithm for the 'cipher-alg' field in QCryptoBlockCreateOptionsLUKS, the code restricts what can be used at runtime. Thus the only effect is a change in error message.
Original behaviour:
$ qemu-img create -f luks --object secret,id=sec0,data=123 -o cipher-alg=des-rfb,key-secret=sec0 demo.luks 1G Formatting 'demo.luks', fmt=luks size=1073741824 key-secret=sec0 cipher-alg=des-rfb qemu-img: demo.luks: Algorithm 'des-rfb' not supported
New behaviour:
$ qemu-img create -f luks --object secret,id=sec0,data=123 -o cipher-alg=des-rfb,key-secret=sec0 demo.luks 1G Formatting 'demo.luks', fmt=luks size=1073741824 key-secret=sec0 cipher-alg=des-fish qemu-img: demo.luks: Invalid parameter 'des-rfb'
Reviewed-by: Markus Armbruster <armbru@redhat.com> Reviewed-by: Eric Blake <eblake@redhat.com> Signed-off-by: Daniel P. Berrangé <berrange@redhat.com>
show more ...
|
68014044 | 02-Jul-2021 |
Daniel P. Berrangé <berrange@redhat.com> |
crypto: delete built-in XTS cipher mode support
The built-in AES+XTS implementation is used for the LUKS encryption When building system emulators it is reasonable to expect that an external crypto
crypto: delete built-in XTS cipher mode support
The built-in AES+XTS implementation is used for the LUKS encryption When building system emulators it is reasonable to expect that an external crypto library is being used instead. The performance of the builtin XTS implementation is terrible as it has no CPU acceleration support. It is thus not worth keeping a home grown XTS implementation for the built-in cipher backend.
Reviewed-by: Eric Blake <eblake@redhat.com> Signed-off-by: Daniel P. Berrangé <berrange@redhat.com>
show more ...
|
21407ddf | 02-Jul-2021 |
Daniel P. Berrangé <berrange@redhat.com> |
crypto: delete built-in DES implementation
The built-in DES implementation is used for the VNC server password authentication scheme. When building system emulators it is reasonable to expect that a
crypto: delete built-in DES implementation
The built-in DES implementation is used for the VNC server password authentication scheme. When building system emulators it is reasonable to expect that an external crypto library is being used. It is thus not worth keeping a home grown DES implementation in tree.
Reviewed-by: Eric Blake <eblake@redhat.com> Signed-off-by: Daniel P. Berrangé <berrange@redhat.com>
show more ...
|
7b40aa4b | 29-Jun-2021 |
Daniel P. Berrangé <berrange@redhat.com> |
crypto: drop custom XTS support in gcrypt driver
The XTS cipher mode was introduced in gcrypt 1.8.0, which matches QEMU's current minimum version.
Reviewed-by: Eric Blake <eblake@redhat.com> Signed
crypto: drop custom XTS support in gcrypt driver
The XTS cipher mode was introduced in gcrypt 1.8.0, which matches QEMU's current minimum version.
Reviewed-by: Eric Blake <eblake@redhat.com> Signed-off-by: Daniel P. Berrangé <berrange@redhat.com>
show more ...
|