[v2,19/58] qom: implement property helper for sha384

Message ID	20230818095041.1973309-20-xiaoyao.li@intel.com (mailing list archive)
State	New, archived
Headers	show Return-Path: <kvm-owner@vger.kernel.org> From: Xiaoyao Li <xiaoyao.li@intel.com> To: Paolo Bonzini <pbonzini@redhat.com>, Richard Henderson <richard.henderson@linaro.org>, "Michael S. Tsirkin" <mst@redhat.com>, Marcel Apfelbaum <marcel.apfelbaum@gmail.com>, Igor Mammedov <imammedo@redhat.com>, Ani Sinha <anisinha@redhat.com>, Peter Xu <peterx@redhat.com>, David Hildenbrand <david@redhat.com>, =?utf-8?q?Philippe_Mathieu-Daud=C3=A9?= <philmd@linaro.org>, =?utf-8?q?Dani?= =?utf-8?q?el_P=2E_Berrang=C3=A9?= <berrange@redhat.com>, Cornelia Huck <cohuck@redhat.com>, Eric Blake <eblake@redhat.com>, Markus Armbruster <armbru@redhat.com>, Marcelo Tosatti <mtosatti@redhat.com>, Gerd Hoffmann <kraxel@redhat.com> Cc: qemu-devel@nongnu.org, kvm@vger.kernel.org, Eduardo Habkost <eduardo@habkost.net>, Laszlo Ersek <lersek@redhat.com>, xiaoyao.li@intel.com, Isaku Yamahata <isaku.yamahata@gmail.com>, erdemaktas@google.com, Chenyi Qiang <chenyi.qiang@intel.com> Subject: [PATCH v2 19/58] qom: implement property helper for sha384 Date: Fri, 18 Aug 2023 05:50:02 -0400 Message-Id: <20230818095041.1973309-20-xiaoyao.li@intel.com> In-Reply-To: <20230818095041.1973309-1-xiaoyao.li@intel.com> References: <20230818095041.1973309-1-xiaoyao.li@intel.com> MIME-Version: 1.0 Content-Transfer-Encoding: 8bit Precedence: bulk
Series	TDX QEMU support \| expand [v2,00/58] TDX QEMU support [v2,01/58] * HACK * linux-headers: Update headers to pull in TDX API changes [v2,02/58] i386: Introduce tdx-guest object [v2,03/58] target/i386: Parse TDX vm type [v2,04/58] target/i386: Introduce kvm_confidential_guest_init() [v2,05/58] i386/tdx: Implement tdx_kvm_init() to initialize TDX VM context [v2,06/58] i386/tdx: Get tdx_capabilities via KVM_TDX_CAPABILITIES [v2,07/58] i386/tdx: Introduce is_tdx_vm() helper and cache tdx_guest object [v2,08/58] i386/tdx: Adjust the supported CPUID based on TDX restrictions [v2,09/58] i386/tdx: Update tdx_cpuid_lookup[].tdx_fixed0/1 by tdx_caps.cpuid_config[] [v2,10/58] i386/tdx: Integrate tdx_caps->xfam_fixed0/1 into tdx_cpuid_lookup [v2,11/58] i386/tdx: Integrate tdx_caps->attrs_fixed0/1 to tdx_cpuid_lookup [v2,12/58] i386/kvm: Move architectural CPUID leaf generation to separate helper [v2,13/58] kvm: Introduce kvm_arch_pre_create_vcpu() [v2,14/58] i386/tdx: Initialize TDX before creating TD vcpus [v2,15/58] i386/tdx: Add property sept-ve-disable for tdx-guest object [v2,16/58] i386/tdx: Make sept_ve_disable set by default [v2,17/58] i386/tdx: Wire CPU features up with attributes of TD guest [v2,18/58] i386/tdx: Validate TD attributes [v2,19/58] qom: implement property helper for sha384 [v2,20/58] i386/tdx: Allows mrconfigid/mrowner/mrownerconfig for TDX_INIT_VM [v2,21/58] i386/tdx: Implement user specified tsc frequency [v2,22/58] i386/tdx: Set kvm_readonly_mem_enabled to false for TDX VM [v2,23/58] i386/tdx: Make memory type private by default [v2,24/58] i386/tdx: Create kvm gmem for TD [v2,25/58] kvm/tdx: Don't complain when converting vMMIO region to shared [v2,26/58] kvm/tdx: Ignore memory conversion to shared of unassigned region [v2,27/58] i386/tdvf: Introduce function to parse TDVF metadata [v2,28/58] i386/tdx: Parse TDVF metadata for TDX VM [v2,29/58] i386/tdx: Skip BIOS shadowing setup [v2,30/58] i386/tdx: Don't initialize pc.rom for TDX VMs [v2,31/58] i386/tdx: Track mem_ptr for each firmware entry of TDVF [v2,32/58] i386/tdx: Track RAM entries for TDX VM [v2,33/58] headers: Add definitions from UEFI spec for volumes, resources, etc... [v2,34/58] i386/tdx: Setup the TD HOB list [v2,35/58] i386/tdx: Add TDVF memory via KVM_TDX_INIT_MEM_REGION [v2,36/58] memory: Introduce memory_region_init_ram_gmem() [v2,37/58] i386/tdx: register TDVF as private memory [v2,38/58] i386/tdx: Call KVM_TDX_INIT_VCPU to initialize TDX vcpu [v2,39/58] i386/tdx: Finalize TDX VM [v2,40/58] i386/tdx: handle TDG.VP.VMCALL<SetupEventNotifyInterrupt> [v2,41/58] i386/tdx: handle TDG.VP.VMCALL<GetQuote> [v2,42/58] i386/tdx: register the fd read callback with the main loop to read the quote data [v2,43/58] i386/tdx: setup a timer for the qio channel [v2,44/58] i386/tdx: handle TDG.VP.VMCALL<MapGPA> hypercall [v2,45/58] i386/tdx: Limit the range size for MapGPA [v2,46/58] i386/tdx: Handle TDG.VP.VMCALL<REPORT_FATAL_ERROR> [v2,47/58] i386/tdx: Wire REPORT_FATAL_ERROR with GuestPanic facility [v2,48/58] i386/tdx: Disable SMM for TDX VMs [v2,49/58] i386/tdx: Disable PIC for TDX VMs [v2,50/58] i386/tdx: Don't allow system reset for TDX VMs [v2,51/58] i386/tdx: LMCE is not supported for TDX [v2,52/58] hw/i386: add eoi_intercept_unsupported member to X86MachineState [v2,53/58] hw/i386: add option to forcibly report edge trigger in acpi tables [v2,54/58] i386/tdx: Don't synchronize guest tsc for TDs [v2,55/58] i386/tdx: Only configure MSR_IA32_UCODE_REV in kvm_init_msrs() for TDs [v2,56/58] i386/tdx: Skip kvm_put_apicbase() for TDs [v2,57/58] i386/tdx: Don't get/put guest state for TDX VMs [v2,58/58] docs: Add TDX documentation

Message ID

20230818095041.1973309-20-xiaoyao.li@intel.com (mailing list archive)

State

New, archived

Headers

From: Xiaoyao Li <xiaoyao.li@intel.com>
To: Paolo Bonzini <pbonzini@redhat.com>,
 Richard Henderson <richard.henderson@linaro.org>,
 "Michael S. Tsirkin" <mst@redhat.com>,
 Marcel Apfelbaum <marcel.apfelbaum@gmail.com>,
 Igor Mammedov <imammedo@redhat.com>, Ani Sinha <anisinha@redhat.com>,
 Peter Xu <peterx@redhat.com>, David Hildenbrand <david@redhat.com>,
	=?utf-8?q?Philippe_Mathieu-Daud=C3=A9?= <philmd@linaro.org>, =?utf-8?q?Dani?=
	=?utf-8?q?el_P=2E_Berrang=C3=A9?= <berrange@redhat.com>,
 Cornelia Huck <cohuck@redhat.com>, Eric Blake <eblake@redhat.com>,
 Markus Armbruster <armbru@redhat.com>, Marcelo Tosatti <mtosatti@redhat.com>,
 Gerd Hoffmann <kraxel@redhat.com>
Cc: qemu-devel@nongnu.org, kvm@vger.kernel.org,
        Eduardo Habkost <eduardo@habkost.net>,
        Laszlo Ersek <lersek@redhat.com>, xiaoyao.li@intel.com,
        Isaku Yamahata <isaku.yamahata@gmail.com>,
        erdemaktas@google.com, Chenyi Qiang <chenyi.qiang@intel.com>
Subject: [PATCH v2 19/58] qom: implement property helper for sha384
Date: Fri, 18 Aug 2023 05:50:02 -0400
Message-Id: <20230818095041.1973309-20-xiaoyao.li@intel.com>
In-Reply-To: <20230818095041.1973309-1-xiaoyao.li@intel.com>
References: <20230818095041.1973309-1-xiaoyao.li@intel.com>
MIME-Version: 1.0
Content-Transfer-Encoding: 8bit
Precedence: bulk

Series

TDX QEMU support | expand

Commit Message

Xiaoyao Li Aug. 18, 2023, 9:50 a.m. UTC

From: Isaku Yamahata <isaku.yamahata@intel.com>

Implement property_add_sha384() which converts hex string <-> uint8_t[48]
It will be used for TDX which uses sha384 for measurement.

Signed-off-by: Isaku Yamahata <isaku.yamahata@intel.com>
Signed-off-by: Xiaoyao Li <xiaoyao.li@intel.com>
---
 include/qom/object.h | 17 ++++++++++
 qom/object.c         | 76 ++++++++++++++++++++++++++++++++++++++++++++
 2 files changed, 93 insertions(+)

Comments

Daniel P. Berrangé Aug. 21, 2023, 9:25 a.m. UTC | #1

On Fri, Aug 18, 2023 at 05:50:02AM -0400, Xiaoyao Li wrote:
> From: Isaku Yamahata <isaku.yamahata@intel.com>
> 
> Implement property_add_sha384() which converts hex string <-> uint8_t[48]
> It will be used for TDX which uses sha384 for measurement.

I think it is likely a better idea to use base64 for the encoding
the binary hash - we use base64 for all the sev-guest properties
that were binary data.

At which points the property set/get logic is much simpler as it
is just needing a call to  g_base64_encode / g_base64_decode and
length validation for the decode case.

> 
> Signed-off-by: Isaku Yamahata <isaku.yamahata@intel.com>
> Signed-off-by: Xiaoyao Li <xiaoyao.li@intel.com>
> ---
>  include/qom/object.h | 17 ++++++++++
>  qom/object.c         | 76 ++++++++++++++++++++++++++++++++++++++++++++
>  2 files changed, 93 insertions(+)
> 
> diff --git a/include/qom/object.h b/include/qom/object.h
> index ef7258a5e149..70399a5b1940 100644
> --- a/include/qom/object.h
> +++ b/include/qom/object.h
> @@ -1887,6 +1887,23 @@ ObjectProperty *object_property_add_alias(Object *obj, const char *name,
>  ObjectProperty *object_property_add_const_link(Object *obj, const char *name,
>                                                 Object *target);
>  
> +
> +/**
> + * object_property_add_sha384:
> + * @obj: the object to add a property to
> + * @name: the name of the property
> + * @v: pointer to value
> + * @flags: bitwise-or'd ObjectPropertyFlags
> + *
> + * Add an sha384 property in memory.  This function will add a
> + * property of type 'sha384'.
> + *
> + * Returns: The newly added property on success, or %NULL on failure.
> + */
> +ObjectProperty * object_property_add_sha384(Object *obj, const char *name,
> +                                            const uint8_t *v,
> +                                            ObjectPropertyFlags flags);
> +
>  /**
>   * object_property_set_description:
>   * @obj: the object owning the property
> diff --git a/qom/object.c b/qom/object.c
> index e25f1e96db1e..e71ce46ed576 100644
> --- a/qom/object.c
> +++ b/qom/object.c
> @@ -15,6 +15,7 @@
>  #include "qapi/error.h"
>  #include "qom/object.h"
>  #include "qom/object_interfaces.h"
> +#include "qemu/ctype.h"
>  #include "qemu/cutils.h"
>  #include "qemu/memalign.h"
>  #include "qapi/visitor.h"
> @@ -2781,6 +2782,81 @@ object_property_add_alias(Object *obj, const char *name,
>      return op;
>  }
>  
> +#define SHA384_DIGEST_SIZE      48
> +static void property_get_sha384(Object *obj, Visitor *v, const char *name,
> +                                void *opaque, Error **errp)
> +{
> +    uint8_t *value = (uint8_t *)opaque;
> +    char str[SHA384_DIGEST_SIZE * 2 + 1];
> +    char *str_ = (char*)str;
> +    size_t i;
> +
> +    for (i = 0; i < SHA384_DIGEST_SIZE; i++) {
> +        char *buf;
> +        buf = &str[i * 2];
> +
> +        sprintf(buf, "%02hhx", value[i]);
> +    }
> +    str[SHA384_DIGEST_SIZE * 2] = '\0';
> +
> +    visit_type_str(v, name, &str_, errp);
> +}
> +
> +static void property_set_sha384(Object *obj, Visitor *v, const char *name,
> +                                    void *opaque, Error **errp)
> +{
> +    uint8_t *value = (uint8_t *)opaque;
> +    char* str;
> +    size_t len;
> +    size_t i;
> +
> +    if (!visit_type_str(v, name, &str, errp)) {
> +        goto err;
> +    }
> +
> +    len = strlen(str);
> +    if (len != SHA384_DIGEST_SIZE * 2) {
> +        error_setg(errp, "invalid length for sha348 hex string %s. "
> +                   "it must be 48 * 2 hex", name);
> +        goto err;
> +    }
> +
> +    for (i = 0; i < SHA384_DIGEST_SIZE; i++) {
> +        if (!qemu_isxdigit(str[i * 2]) || !qemu_isxdigit(str[i * 2 + 1])) {
> +            error_setg(errp, "invalid char for sha318 hex string %s at %c%c",
> +                       name, str[i * 2], str[i * 2 + 1]);
> +            goto err;
> +        }
> +
> +        if (sscanf(str + i * 2, "%02hhx", &value[i]) != 1) {
> +            error_setg(errp, "invalid format for sha318 hex string %s", name);
> +            goto err;
> +        }
> +    }
> +
> +err:
> +    g_free(str);
> +}
> +
> +ObjectProperty *
> +object_property_add_sha384(Object *obj, const char *name,
> +                           const uint8_t *v, ObjectPropertyFlags flags)
> +{
> +    ObjectPropertyAccessor *getter = NULL;
> +    ObjectPropertyAccessor *setter = NULL;
> +
> +    if ((flags & OBJ_PROP_FLAG_READ) == OBJ_PROP_FLAG_READ) {
> +        getter = property_get_sha384;
> +    }
> +
> +    if ((flags & OBJ_PROP_FLAG_WRITE) == OBJ_PROP_FLAG_WRITE) {
> +        setter = property_set_sha384;
> +    }
> +
> +    return object_property_add(obj, name, "sha384",
> +                               getter, setter, NULL, (void *)v);
> +}
> +
>  void object_property_set_description(Object *obj, const char *name,
>                                       const char *description)
>  {
> -- 
> 2.34.1
> 

With regards,
Daniel

Isaku Yamahata Aug. 21, 2023, 11:28 p.m. UTC | #2

On Mon, Aug 21, 2023 at 10:25:35AM +0100,
"Daniel P. Berrangé" <berrange@redhat.com> wrote:

> On Fri, Aug 18, 2023 at 05:50:02AM -0400, Xiaoyao Li wrote:
> > From: Isaku Yamahata <isaku.yamahata@intel.com>
> > 
> > Implement property_add_sha384() which converts hex string <-> uint8_t[48]
> > It will be used for TDX which uses sha384 for measurement.
> 
> I think it is likely a better idea to use base64 for the encoding
> the binary hash - we use base64 for all the sev-guest properties
> that were binary data.
> 
> At which points the property set/get logic is much simpler as it
> is just needing a call to  g_base64_encode / g_base64_decode and
> length validation for the decode case.

Hex string is poplar to show hash value, isn't it?  Anyway it's easy for human
operator, shell scripts, libvirt or whatever to convert those representations
with utility commands like base64 or xxd, or library call.  Either way would
work.

diff --git a/include/qom/object.h b/include/qom/object.h
index ef7258a5e149..70399a5b1940 100644
--- a/include/qom/object.h
+++ b/include/qom/object.h
@@ -1887,6 +1887,23 @@  ObjectProperty *object_property_add_alias(Object *obj, const char *name,
 ObjectProperty *object_property_add_const_link(Object *obj, const char *name,
                                                Object *target);
 
+
+/**
+ * object_property_add_sha384:
+ * @obj: the object to add a property to
+ * @name: the name of the property
+ * @v: pointer to value
+ * @flags: bitwise-or'd ObjectPropertyFlags
+ *
+ * Add an sha384 property in memory.  This function will add a
+ * property of type 'sha384'.
+ *
+ * Returns: The newly added property on success, or %NULL on failure.
+ */
+ObjectProperty * object_property_add_sha384(Object *obj, const char *name,
+                                            const uint8_t *v,
+                                            ObjectPropertyFlags flags);
+
 /**
  * object_property_set_description:
  * @obj: the object owning the property
diff --git a/qom/object.c b/qom/object.c
index e25f1e96db1e..e71ce46ed576 100644
--- a/qom/object.c
+++ b/qom/object.c
@@ -15,6 +15,7 @@ 
 #include "qapi/error.h"
 #include "qom/object.h"
 #include "qom/object_interfaces.h"
+#include "qemu/ctype.h"
 #include "qemu/cutils.h"
 #include "qemu/memalign.h"
 #include "qapi/visitor.h"
@@ -2781,6 +2782,81 @@  object_property_add_alias(Object *obj, const char *name,
     return op;
 }
 
+#define SHA384_DIGEST_SIZE      48
+static void property_get_sha384(Object *obj, Visitor *v, const char *name,
+                                void *opaque, Error **errp)
+{
+    uint8_t *value = (uint8_t *)opaque;
+    char str[SHA384_DIGEST_SIZE * 2 + 1];
+    char *str_ = (char*)str;
+    size_t i;
+
+    for (i = 0; i < SHA384_DIGEST_SIZE; i++) {
+        char *buf;
+        buf = &str[i * 2];
+
+        sprintf(buf, "%02hhx", value[i]);
+    }
+    str[SHA384_DIGEST_SIZE * 2] = '\0';
+
+    visit_type_str(v, name, &str_, errp);
+}
+
+static void property_set_sha384(Object *obj, Visitor *v, const char *name,
+                                    void *opaque, Error **errp)
+{
+    uint8_t *value = (uint8_t *)opaque;
+    char* str;
+    size_t len;
+    size_t i;
+
+    if (!visit_type_str(v, name, &str, errp)) {
+        goto err;
+    }
+
+    len = strlen(str);
+    if (len != SHA384_DIGEST_SIZE * 2) {
+        error_setg(errp, "invalid length for sha348 hex string %s. "
+                   "it must be 48 * 2 hex", name);
+        goto err;
+    }
+
+    for (i = 0; i < SHA384_DIGEST_SIZE; i++) {
+        if (!qemu_isxdigit(str[i * 2]) || !qemu_isxdigit(str[i * 2 + 1])) {
+            error_setg(errp, "invalid char for sha318 hex string %s at %c%c",
+                       name, str[i * 2], str[i * 2 + 1]);
+            goto err;
+        }
+
+        if (sscanf(str + i * 2, "%02hhx", &value[i]) != 1) {
+            error_setg(errp, "invalid format for sha318 hex string %s", name);
+            goto err;
+        }
+    }
+
+err:
+    g_free(str);
+}
+
+ObjectProperty *
+object_property_add_sha384(Object *obj, const char *name,
+                           const uint8_t *v, ObjectPropertyFlags flags)
+{
+    ObjectPropertyAccessor *getter = NULL;
+    ObjectPropertyAccessor *setter = NULL;
+
+    if ((flags & OBJ_PROP_FLAG_READ) == OBJ_PROP_FLAG_READ) {
+        getter = property_get_sha384;
+    }
+
+    if ((flags & OBJ_PROP_FLAG_WRITE) == OBJ_PROP_FLAG_WRITE) {
+        setter = property_set_sha384;
+    }
+
+    return object_property_add(obj, name, "sha384",
+                               getter, setter, NULL, (void *)v);
+}
+
 void object_property_set_description(Object *obj, const char *name,
                                      const char *description)
 {

[v2,19/58] qom: implement property helper for sha384

Commit Message

Comments

Patch