[v5,05/16] crypto/hash-nettle: Implement new hash API

Message ID	20241008075724.2772149-6-clg@redhat.com (mailing list archive)
State	New
Headers	show Return-Path: <qemu-devel-bounces+qemu-devel=archiver.kernel.org@nongnu.org> From: =?utf-8?q?C=C3=A9dric_Le_Goater?= <clg@redhat.com> To: qemu-devel@nongnu.org, berrange@redhat.com Cc: kris.conklin@seagate.com, jonathan.henze@seagate.com, evan.burgess@seagate.com, peter.maydell@linaro.org, Alejandro Zeise <alejandro.zeise@seagate.com>, =?utf-8?q?C=C3=A9dric_Le_Goa?= =?utf-8?q?ter?= <clg@redhat.com> Subject: [PATCH v5 05/16] crypto/hash-nettle: Implement new hash API Date: Tue, 8 Oct 2024 09:57:12 +0200 Message-ID: <20241008075724.2772149-6-clg@redhat.com> In-Reply-To: <20241008075724.2772149-1-clg@redhat.com> References: <20241008075724.2772149-1-clg@redhat.com> MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Received-SPF: pass client-ip=170.10.133.124; envelope-from=clg@redhat.com; helo=us-smtp-delivery-124.mimecast.com X-Spam_score_int: -21 X-Spam_score: -2.2 X-Spam_bar: -- X-Spam_report: (-2.2 / 5.0 requ) BAYES_00=-1.9, DKIMWL_WL_HIGH=-0.153, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, RCVD_IN_DNSWL_NONE=-0.0001, RCVD_IN_MSPIKE_H3=0.001, RCVD_IN_MSPIKE_WL=0.001, RCVD_IN_VALIDITY_CERTIFIED_BLOCKED=0.001, RCVD_IN_VALIDITY_RPBL_BLOCKED=0.001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001 autolearn=ham autolearn_force=no X-Spam_action: no action Precedence: list Errors-To: qemu-devel-bounces+qemu-devel=archiver.kernel.org@nongnu.org Sender: qemu-devel-bounces+qemu-devel=archiver.kernel.org@nongnu.org
Series	hw/misc/aspeed_hace: Fix SG Accumulative Hash Calculations \| expand [v5,00/16] hw/misc/aspeed_hace: Fix SG Accumulative Hash Calculations [v5,01/16] crypto: accumulative hashing API [v5,02/16] crypto/hash-glib: Implement new hash API [v5,03/16] crypto/hash-gcrypt: Implement new hash API [v5,04/16] crypto/hash-gnutls: Implement new hash API [v5,05/16] crypto/hash-nettle: Implement new hash API [v5,06/16] util/iov: Introduce iov_send_recv_with_flags() [v5,07/16] crypto/hash-afalg: Implement new hash API [v5,08/16] crypto/hash: Implement and use new hash API [v5,09/16] tests/unit/test-crypto-hash: accumulative hashing [v5,10/16] crypto/hash-glib: Remove old hash API functions [v5,11/16] crypto/hash-gcrypt: Remove old hash API functions [v5,12/16] crypto/hash-gnutls: Remove old hash API functions [v5,13/16] crypto/hash-nettle: Remove old hash API functions [v5,14/16] crypto/hash-afalg: Remove old hash API functions [v5,15/16] crypto/hashpriv: Remove old hash API function [v5,16/16] hw/misc/aspeed_hace: Fix SG Accumulative hashing

Message ID

20241008075724.2772149-6-clg@redhat.com (mailing list archive)

State

New

Headers

From: =?utf-8?q?C=C3=A9dric_Le_Goater?= <clg@redhat.com>
To: qemu-devel@nongnu.org,
	berrange@redhat.com
Cc: kris.conklin@seagate.com, jonathan.henze@seagate.com,
 evan.burgess@seagate.com, peter.maydell@linaro.org,
 Alejandro Zeise <alejandro.zeise@seagate.com>, =?utf-8?q?C=C3=A9dric_Le_Goa?=
	=?utf-8?q?ter?= <clg@redhat.com>
Subject: [PATCH v5 05/16] crypto/hash-nettle: Implement new hash API
Date: Tue,  8 Oct 2024 09:57:12 +0200
Message-ID: <20241008075724.2772149-6-clg@redhat.com>
In-Reply-To: <20241008075724.2772149-1-clg@redhat.com>
References: <20241008075724.2772149-1-clg@redhat.com>
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit
Received-SPF: pass client-ip=170.10.133.124; envelope-from=clg@redhat.com;
 helo=us-smtp-delivery-124.mimecast.com
X-Spam_score_int: -21
X-Spam_score: -2.2
X-Spam_bar: --
X-Spam_report: (-2.2 / 5.0 requ) BAYES_00=-1.9, DKIMWL_WL_HIGH=-0.153,
 DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1,
 RCVD_IN_DNSWL_NONE=-0.0001, RCVD_IN_MSPIKE_H3=0.001, RCVD_IN_MSPIKE_WL=0.001,
 RCVD_IN_VALIDITY_CERTIFIED_BLOCKED=0.001,
 RCVD_IN_VALIDITY_RPBL_BLOCKED=0.001,
 SPF_HELO_NONE=0.001, SPF_PASS=-0.001 autolearn=ham autolearn_force=no
X-Spam_action: no action
X-BeenThere: qemu-devel@nongnu.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: <qemu-devel.nongnu.org>
List-Unsubscribe: <https://lists.nongnu.org/mailman/options/qemu-devel>,
 <mailto:qemu-devel-request@nongnu.org?subject=unsubscribe>
List-Archive: <https://lists.nongnu.org/archive/html/qemu-devel>
List-Post: <mailto:qemu-devel@nongnu.org>
List-Help: <mailto:qemu-devel-request@nongnu.org?subject=help>
List-Subscribe: <https://lists.nongnu.org/mailman/listinfo/qemu-devel>,
 <mailto:qemu-devel-request@nongnu.org?subject=subscribe>
Errors-To: qemu-devel-bounces+qemu-devel=archiver.kernel.org@nongnu.org
Sender: qemu-devel-bounces+qemu-devel=archiver.kernel.org@nongnu.org

Series

hw/misc/aspeed_hace: Fix SG Accumulative Hash Calculations | expand

Commit Message

Cédric Le Goater Oct. 8, 2024, 7:57 a.m. UTC

From: Alejandro Zeise <alejandro.zeise@seagate.com>

Implements the new hashing API in the nettle hash driver.
Supports creating/destroying a context, updating the context
with input data and obtaining an output hash.

Signed-off-by: Alejandro Zeise <alejandro.zeise@seagate.com>
[ clg: - Dropped qcrypto_hash_supports() in qcrypto_nettle_hash_new() ]
Signed-off-by: Cédric Le Goater <clg@redhat.com>
---
 crypto/hash-nettle.c | 70 ++++++++++++++++++++++++++++++++++++++++++++
 1 file changed, 70 insertions(+)

Comments

Daniel P. Berrangé Oct. 10, 2024, 10:49 a.m. UTC | #1

On Tue, Oct 08, 2024 at 09:57:12AM +0200, Cédric Le Goater wrote:
> From: Alejandro Zeise <alejandro.zeise@seagate.com>
> 
> Implements the new hashing API in the nettle hash driver.
> Supports creating/destroying a context, updating the context
> with input data and obtaining an output hash.
> 
> Signed-off-by: Alejandro Zeise <alejandro.zeise@seagate.com>
> [ clg: - Dropped qcrypto_hash_supports() in qcrypto_nettle_hash_new() ]
> Signed-off-by: Cédric Le Goater <clg@redhat.com>
> ---
>  crypto/hash-nettle.c | 70 ++++++++++++++++++++++++++++++++++++++++++++
>  1 file changed, 70 insertions(+)

Reviewed-by: Daniel P. Berrangé <berrange@redhat.com>

> 
> diff --git a/crypto/hash-nettle.c b/crypto/hash-nettle.c
> index 8b08a9c67531..07e18ce26cba 100644
> --- a/crypto/hash-nettle.c
> +++ b/crypto/hash-nettle.c

> +static
> +int qcrypto_nettle_hash_update(QCryptoHash *hash,
> +                               const struct iovec *iov,
> +                               size_t niov,
> +                               Error **errp)
> +{
> +    union qcrypto_hash_ctx *ctx = hash->opaque;
> +
> +    for (int i = 0; i < niov; i++) {
> +        /*
> +         * Some versions of nettle have functions
> +         * declared with 'int' instead of 'size_t'
> +         * so to be safe avoid writing more than
> +         * UINT_MAX bytes at a time
> +         */

This is copying the pre-existing code, and I've just
realized this is now obsolete. We bumped min nettle
to 3.4 ages ago and >= 3.0 is using size_t, so we can
simplify now.

No need to change this though. I'll do that as a 
distinct patch to make it a visible change.

> +        size_t len = iov[i].iov_len;
> +        uint8_t *base = iov[i].iov_base;
> +        while (len) {
> +            size_t shortlen = MIN(len, UINT_MAX);
> +            qcrypto_hash_alg_map[hash->alg].write(ctx, len, base);
> +            len -= shortlen;
> +            base += len;
> +        }
> +    }
> +
> +    return 0;
> +}

With regards,
Daniel

Daniel P. Berrangé Oct. 10, 2024, 11:43 a.m. UTC | #2

On Thu, Oct 10, 2024 at 11:49:22AM +0100, Daniel P. Berrangé wrote:
> On Tue, Oct 08, 2024 at 09:57:12AM +0200, Cédric Le Goater wrote:
> > From: Alejandro Zeise <alejandro.zeise@seagate.com>
> > 
> > Implements the new hashing API in the nettle hash driver.
> > Supports creating/destroying a context, updating the context
> > with input data and obtaining an output hash.
> > 
> > Signed-off-by: Alejandro Zeise <alejandro.zeise@seagate.com>
> > [ clg: - Dropped qcrypto_hash_supports() in qcrypto_nettle_hash_new() ]
> > Signed-off-by: Cédric Le Goater <clg@redhat.com>
> > ---
> >  crypto/hash-nettle.c | 70 ++++++++++++++++++++++++++++++++++++++++++++
> >  1 file changed, 70 insertions(+)
> 
> Reviewed-by: Daniel P. Berrangé <berrange@redhat.com>
> 
> > 
> > diff --git a/crypto/hash-nettle.c b/crypto/hash-nettle.c
> > index 8b08a9c67531..07e18ce26cba 100644
> > --- a/crypto/hash-nettle.c
> > +++ b/crypto/hash-nettle.c
> 
> > +static
> > +int qcrypto_nettle_hash_update(QCryptoHash *hash,
> > +                               const struct iovec *iov,
> > +                               size_t niov,
> > +                               Error **errp)
> > +{
> > +    union qcrypto_hash_ctx *ctx = hash->opaque;
> > +
> > +    for (int i = 0; i < niov; i++) {
> > +        /*
> > +         * Some versions of nettle have functions
> > +         * declared with 'int' instead of 'size_t'
> > +         * so to be safe avoid writing more than
> > +         * UINT_MAX bytes at a time
> > +         */
> 
> This is copying the pre-existing code, and I've just
> realized this is now obsolete. We bumped min nettle
> to 3.4 ages ago and >= 3.0 is using size_t, so we can
> simplify now.
> 
> No need to change this though. I'll do that as a 
> distinct patch to make it a visible change.
> 
> > +        size_t len = iov[i].iov_len;
> > +        uint8_t *base = iov[i].iov_base;
> > +        while (len) {
> > +            size_t shortlen = MIN(len, UINT_MAX);
> > +            qcrypto_hash_alg_map[hash->alg].write(ctx, len, base);
> > +            len -= shortlen;
> > +            base += len;
> > +        }
> > +    }
> > +
> > +    return 0;
> > +}

I'm going to add the following patch on the end of your series:

commit 638ae66c176f8077ccaac10028812e177224a99f
Author: Daniel P. Berrangé <berrange@redhat.com>
Date:   Thu Oct 10 12:40:49 2024 +0100

    crypto: drop obsolete back compat logic for old nettle
    
    The nettle 2.x series declared all the hash functions with 'int' for
    the data size. Since we dropped support for anything older than 3.4
    we can assume nettle is using 'size_t' and thus avoid the back compat
    looping logic.
    
    Signed-off-by: Daniel P. Berrangé <berrange@redhat.com>

diff --git a/crypto/hash-nettle.c b/crypto/hash-nettle.c
index 570ce8a645..3b847aa60e 100644
--- a/crypto/hash-nettle.c
+++ b/crypto/hash-nettle.c
@@ -135,20 +135,9 @@ int qcrypto_nettle_hash_update(QCryptoHash *hash,
     union qcrypto_hash_ctx *ctx = hash->opaque;
 
     for (int i = 0; i < niov; i++) {
-        /*
-         * Some versions of nettle have functions
-         * declared with 'int' instead of 'size_t'
-         * so to be safe avoid writing more than
-         * UINT_MAX bytes at a time
-         */
-        size_t len = iov[i].iov_len;
-        uint8_t *base = iov[i].iov_base;
-        while (len) {
-            size_t shortlen = MIN(len, UINT_MAX);
-            qcrypto_hash_alg_map[hash->alg].write(ctx, len, base);
-            len -= shortlen;
-            base += len;
-        }
+        qcrypto_hash_alg_map[hash->alg].write(ctx,
+                                              iov[i].iov_len,
+                                              iov[i].iov_base);
     }
 
     return 0;



With regards,
Daniel

Cédric Le Goater Oct. 10, 2024, 12:01 p.m. UTC | #3

On 10/10/24 13:43, Daniel P. Berrangé wrote:
> On Thu, Oct 10, 2024 at 11:49:22AM +0100, Daniel P. Berrangé wrote:
>> On Tue, Oct 08, 2024 at 09:57:12AM +0200, Cédric Le Goater wrote:
>>> From: Alejandro Zeise <alejandro.zeise@seagate.com>
>>>
>>> Implements the new hashing API in the nettle hash driver.
>>> Supports creating/destroying a context, updating the context
>>> with input data and obtaining an output hash.
>>>
>>> Signed-off-by: Alejandro Zeise <alejandro.zeise@seagate.com>
>>> [ clg: - Dropped qcrypto_hash_supports() in qcrypto_nettle_hash_new() ]
>>> Signed-off-by: Cédric Le Goater <clg@redhat.com>
>>> ---
>>>   crypto/hash-nettle.c | 70 ++++++++++++++++++++++++++++++++++++++++++++
>>>   1 file changed, 70 insertions(+)
>>
>> Reviewed-by: Daniel P. Berrangé <berrange@redhat.com>
>>
>>>
>>> diff --git a/crypto/hash-nettle.c b/crypto/hash-nettle.c
>>> index 8b08a9c67531..07e18ce26cba 100644
>>> --- a/crypto/hash-nettle.c
>>> +++ b/crypto/hash-nettle.c
>>
>>> +static
>>> +int qcrypto_nettle_hash_update(QCryptoHash *hash,
>>> +                               const struct iovec *iov,
>>> +                               size_t niov,
>>> +                               Error **errp)
>>> +{
>>> +    union qcrypto_hash_ctx *ctx = hash->opaque;
>>> +
>>> +    for (int i = 0; i < niov; i++) {
>>> +        /*
>>> +         * Some versions of nettle have functions
>>> +         * declared with 'int' instead of 'size_t'
>>> +         * so to be safe avoid writing more than
>>> +         * UINT_MAX bytes at a time
>>> +         */
>>
>> This is copying the pre-existing code, and I've just
>> realized this is now obsolete. We bumped min nettle
>> to 3.4 ages ago and >= 3.0 is using size_t, so we can
>> simplify now.
>>
>> No need to change this though. I'll do that as a
>> distinct patch to make it a visible change.
>>
>>> +        size_t len = iov[i].iov_len;
>>> +        uint8_t *base = iov[i].iov_base;
>>> +        while (len) {
>>> +            size_t shortlen = MIN(len, UINT_MAX);
>>> +            qcrypto_hash_alg_map[hash->alg].write(ctx, len, base);
>>> +            len -= shortlen;
>>> +            base += len;
>>> +        }
>>> +    }
>>> +
>>> +    return 0;
>>> +}
> 
> I'm going to add the following patch on the end of your series:
> 
> commit 638ae66c176f8077ccaac10028812e177224a99f
> Author: Daniel P. Berrangé <berrange@redhat.com>
> Date:   Thu Oct 10 12:40:49 2024 +0100
> 
>      crypto: drop obsolete back compat logic for old nettle
>      
>      The nettle 2.x series declared all the hash functions with 'int' for
>      the data size. Since we dropped support for anything older than 3.4
>      we can assume nettle is using 'size_t' and thus avoid the back compat
>      looping logic.
>      
>      Signed-off-by: Daniel P. Berrangé <berrange@redhat.com>
> 
> diff --git a/crypto/hash-nettle.c b/crypto/hash-nettle.c
> index 570ce8a645..3b847aa60e 100644
> --- a/crypto/hash-nettle.c
> +++ b/crypto/hash-nettle.c
> @@ -135,20 +135,9 @@ int qcrypto_nettle_hash_update(QCryptoHash *hash,
>       union qcrypto_hash_ctx *ctx = hash->opaque;
>   
>       for (int i = 0; i < niov; i++) {
> -        /*
> -         * Some versions of nettle have functions
> -         * declared with 'int' instead of 'size_t'
> -         * so to be safe avoid writing more than
> -         * UINT_MAX bytes at a time
> -         */
> -        size_t len = iov[i].iov_len;
> -        uint8_t *base = iov[i].iov_base;
> -        while (len) {
> -            size_t shortlen = MIN(len, UINT_MAX);
> -            qcrypto_hash_alg_map[hash->alg].write(ctx, len, base);
> -            len -= shortlen;
> -            base += len;
> -        }
> +        qcrypto_hash_alg_map[hash->alg].write(ctx,
> +                                              iov[i].iov_len,
> +                                              iov[i].iov_base);
>       }
>   
>       return 0;



Reviewed-by: Cédric Le Goater <clg@redhat.com>

Thanks,

C.

diff --git a/crypto/hash-nettle.c b/crypto/hash-nettle.c
index 8b08a9c67531..07e18ce26cba 100644
--- a/crypto/hash-nettle.c
+++ b/crypto/hash-nettle.c
@@ -1,6 +1,7 @@ 
 /*
  * QEMU Crypto hash algorithms
  *
+ * Copyright (c) 2024 Seagate Technology LLC and/or its Affiliates
  * Copyright (c) 2016 Red Hat, Inc.
  *
  * This library is free software; you can redistribute it and/or
@@ -155,7 +156,76 @@  qcrypto_nettle_hash_bytesv(QCryptoHashAlgo alg,
     return 0;
 }
 
+static
+QCryptoHash *qcrypto_nettle_hash_new(QCryptoHashAlgo alg, Error **errp)
+{
+    QCryptoHash *hash;
+
+    hash = g_new(QCryptoHash, 1);
+    hash->alg = alg;
+    hash->opaque = g_new(union qcrypto_hash_ctx, 1);
+
+    qcrypto_hash_alg_map[alg].init(hash->opaque);
+    return hash;
+}
+
+static
+void qcrypto_nettle_hash_free(QCryptoHash *hash)
+{
+    union qcrypto_hash_ctx *ctx = hash->opaque;
+
+    g_free(ctx);
+    g_free(hash);
+}
+
+static
+int qcrypto_nettle_hash_update(QCryptoHash *hash,
+                               const struct iovec *iov,
+                               size_t niov,
+                               Error **errp)
+{
+    union qcrypto_hash_ctx *ctx = hash->opaque;
+
+    for (int i = 0; i < niov; i++) {
+        /*
+         * Some versions of nettle have functions
+         * declared with 'int' instead of 'size_t'
+         * so to be safe avoid writing more than
+         * UINT_MAX bytes at a time
+         */
+        size_t len = iov[i].iov_len;
+        uint8_t *base = iov[i].iov_base;
+        while (len) {
+            size_t shortlen = MIN(len, UINT_MAX);
+            qcrypto_hash_alg_map[hash->alg].write(ctx, len, base);
+            len -= shortlen;
+            base += len;
+        }
+    }
+
+    return 0;
+}
+
+static
+int qcrypto_nettle_hash_finalize(QCryptoHash *hash,
+                                 uint8_t **result,
+                                 size_t *result_len,
+                                 Error **errp)
+{
+    union qcrypto_hash_ctx *ctx = hash->opaque;
+
+    *result_len = qcrypto_hash_alg_map[hash->alg].len;
+    *result = g_new(uint8_t, *result_len);
+
+    qcrypto_hash_alg_map[hash->alg].result(ctx, *result_len, *result);
+
+    return 0;
+}
 
 QCryptoHashDriver qcrypto_hash_lib_driver = {
     .hash_bytesv = qcrypto_nettle_hash_bytesv,
+    .hash_new      = qcrypto_nettle_hash_new,
+    .hash_update   = qcrypto_nettle_hash_update,
+    .hash_finalize = qcrypto_nettle_hash_finalize,
+    .hash_free     = qcrypto_nettle_hash_free,
 };

[v5,05/16] crypto/hash-nettle: Implement new hash API

Commit Message

Comments

Patch