diff mbox

[for-2.9,1/3] crypto: add standard des support

Message ID 1480928380-161760-2-git-send-email-longpeng2@huawei.com
State New
Headers show

Commit Message

Longpeng (Mike, Cloud Infrastructure Service Product Dept.) Dec. 5, 2016, 8:59 a.m. UTC 
This patch add standart DES support.

Signed-off-by: Longpeng(Mike) <longpeng2@huawei.com>
---
 crypto/cipher-gcrypt.c |  3 +++
 crypto/cipher-nettle.c | 13 ++++++++++---
 crypto/cipher.c        |  5 ++++-
 qapi/crypto.json       |  2 +-
 4 files changed, 18 insertions(+), 5 deletions(-)

Comments

Daniel P. Berrangé Dec. 5, 2016, 9:18 a.m. UTC | #1 
On Mon, Dec 05, 2016 at 04:59:38PM +0800, Longpeng(Mike) wrote:
> This patch add standart DES support.
> 
> Signed-off-by: Longpeng(Mike) <longpeng2@huawei.com>
> ---
>  crypto/cipher-gcrypt.c |  3 +++
>  crypto/cipher-nettle.c | 13 ++++++++++---
>  crypto/cipher.c        |  5 ++++-
>  qapi/crypto.json       |  2 +-
>  4 files changed, 18 insertions(+), 5 deletions(-)
> 
> diff --git a/crypto/cipher-gcrypt.c b/crypto/cipher-gcrypt.c
> index c550db9..7ca049c 100644
> --- a/crypto/cipher-gcrypt.c
> +++ b/crypto/cipher-gcrypt.c
> @@ -28,6 +28,7 @@ bool qcrypto_cipher_supports(QCryptoCipherAlgorithm alg,
>                               QCryptoCipherMode mode)
>  {
>      switch (alg) {
> +    case QCRYPTO_CIPHER_ALG_DES:
>      case QCRYPTO_CIPHER_ALG_DES_RFB:
>      case QCRYPTO_CIPHER_ALG_AES_128:
>      case QCRYPTO_CIPHER_ALG_AES_192:
> @@ -95,6 +96,7 @@ QCryptoCipher *qcrypto_cipher_new(QCryptoCipherAlgorithm alg,
>      }
>  
>      switch (alg) {
> +    case QCRYPTO_CIPHER_ALG_DES:
>      case QCRYPTO_CIPHER_ALG_DES_RFB:
>          gcryalg = GCRY_CIPHER_DES;
>          break;
> @@ -200,6 +202,7 @@ QCryptoCipher *qcrypto_cipher_new(QCryptoCipherAlgorithm alg,
>          case QCRYPTO_CIPHER_ALG_TWOFISH_256:
>              ctx->blocksize = 16;
>              break;
> +        case QCRYPTO_CIPHER_ALG_DES:
>          case QCRYPTO_CIPHER_ALG_CAST5_128:
>              ctx->blocksize = 8;
>              break;
> diff --git a/crypto/cipher-nettle.c b/crypto/cipher-nettle.c
> index cd094cd..81cc634 100644
> --- a/crypto/cipher-nettle.c
> +++ b/crypto/cipher-nettle.c
> @@ -196,6 +196,7 @@ bool qcrypto_cipher_supports(QCryptoCipherAlgorithm alg,
>                               QCryptoCipherMode mode)
>  {
>      switch (alg) {
> +    case QCRYPTO_CIPHER_ALG_DES:
>      case QCRYPTO_CIPHER_ALG_DES_RFB:
>      case QCRYPTO_CIPHER_ALG_AES_128:
>      case QCRYPTO_CIPHER_ALG_AES_192:
> @@ -256,11 +257,17 @@ QCryptoCipher *qcrypto_cipher_new(QCryptoCipherAlgorithm alg,
>      ctx = g_new0(QCryptoCipherNettle, 1);
>  
>      switch (alg) {
> +    case QCRYPTO_CIPHER_ALG_DES:
>      case QCRYPTO_CIPHER_ALG_DES_RFB:
>          ctx->ctx = g_new0(struct des_ctx, 1);
> -        rfbkey = qcrypto_cipher_munge_des_rfb_key(key, nkey);
> -        des_set_key(ctx->ctx, rfbkey);
> -        g_free(rfbkey);
> +
> +        if (alg == QCRYPTO_CIPHER_ALG_DES_RFB) {
> +            rfbkey = qcrypto_cipher_munge_des_rfb_key(key, nkey);
> +            des_set_key(ctx->ctx, rfbkey);
> +            g_free(rfbkey);
> +        } else {
> +            des_set_key(ctx->ctx, key);
> +        }
>  
>          ctx->alg_encrypt_native = des_encrypt_native;
>          ctx->alg_decrypt_native = des_decrypt_native;
> diff --git a/crypto/cipher.c b/crypto/cipher.c
> index a9bca41..00d9682 100644
> --- a/crypto/cipher.c
> +++ b/crypto/cipher.c
> @@ -27,6 +27,7 @@ static size_t alg_key_len[QCRYPTO_CIPHER_ALG__MAX] = {
>      [QCRYPTO_CIPHER_ALG_AES_128] = 16,
>      [QCRYPTO_CIPHER_ALG_AES_192] = 24,
>      [QCRYPTO_CIPHER_ALG_AES_256] = 32,
> +    [QCRYPTO_CIPHER_ALG_DES] = 8,
>      [QCRYPTO_CIPHER_ALG_DES_RFB] = 8,
>      [QCRYPTO_CIPHER_ALG_CAST5_128] = 16,
>      [QCRYPTO_CIPHER_ALG_SERPENT_128] = 16,
> @@ -41,6 +42,7 @@ static size_t alg_block_len[QCRYPTO_CIPHER_ALG__MAX] = {
>      [QCRYPTO_CIPHER_ALG_AES_128] = 16,
>      [QCRYPTO_CIPHER_ALG_AES_192] = 16,
>      [QCRYPTO_CIPHER_ALG_AES_256] = 16,
> +    [QCRYPTO_CIPHER_ALG_DES] = 8,
>      [QCRYPTO_CIPHER_ALG_DES_RFB] = 8,
>      [QCRYPTO_CIPHER_ALG_CAST5_128] = 8,
>      [QCRYPTO_CIPHER_ALG_SERPENT_128] = 16,
> @@ -107,7 +109,8 @@ qcrypto_cipher_validate_key_length(QCryptoCipherAlgorithm alg,
>      }
>  
>      if (mode == QCRYPTO_CIPHER_MODE_XTS) {
> -        if (alg == QCRYPTO_CIPHER_ALG_DES_RFB) {
> +        if (alg == QCRYPTO_CIPHER_ALG_DES_RFB
> +            || alg == QCRYPTO_CIPHER_ALG_DES) {
>              error_setg(errp, "XTS mode not compatible with DES-RFB");
>              return false;
>          }
> diff --git a/qapi/crypto.json b/qapi/crypto.json
> index 5c9d7d4..d403ab9 100644
> --- a/qapi/crypto.json
> +++ b/qapi/crypto.json
> @@ -75,7 +75,7 @@
>  { 'enum': 'QCryptoCipherAlgorithm',
>    'prefix': 'QCRYPTO_CIPHER_ALG',
>    'data': ['aes-128', 'aes-192', 'aes-256',
> -           'des-rfb',
> +           'des-rfb', 'des',

Can we call this '3des' to make it clear that this is Triple-DES and not
the single-DES (which des-rfb is)

>             'cast5-128',
>             'serpent-128', 'serpent-192', 'serpent-256',
>             'twofish-128', 'twofish-192', 'twofish-256']}

Regards,
Daniel
Gonglei (Arei) Dec. 5, 2016, 9:29 a.m. UTC | #2 
>

> >      switch (alg) {

> > +    case QCRYPTO_CIPHER_ALG_DES:

> >      case QCRYPTO_CIPHER_ALG_DES_RFB:

> >      case QCRYPTO_CIPHER_ALG_AES_128:

> >      case QCRYPTO_CIPHER_ALG_AES_192:

> > @@ -256,11 +257,17 @@ QCryptoCipher

> *qcrypto_cipher_new(QCryptoCipherAlgorithm alg,

> >      ctx = g_new0(QCryptoCipherNettle, 1);

> >

> >      switch (alg) {

> > +    case QCRYPTO_CIPHER_ALG_DES:

> >      case QCRYPTO_CIPHER_ALG_DES_RFB:

> >          ctx->ctx = g_new0(struct des_ctx, 1);

> > -        rfbkey = qcrypto_cipher_munge_des_rfb_key(key, nkey);

> > -        des_set_key(ctx->ctx, rfbkey);

> > -        g_free(rfbkey);

> > +

> > +        if (alg == QCRYPTO_CIPHER_ALG_DES_RFB) {

> > +            rfbkey = qcrypto_cipher_munge_des_rfb_key(key, nkey);

> > +            des_set_key(ctx->ctx, rfbkey);

> > +            g_free(rfbkey);

> > +        } else {

> > +            des_set_key(ctx->ctx, key);

> > +        }

> >

> >          ctx->alg_encrypt_native = des_encrypt_native;

> >          ctx->alg_decrypt_native = des_decrypt_native;

> > diff --git a/crypto/cipher.c b/crypto/cipher.c

> > index a9bca41..00d9682 100644

> > --- a/crypto/cipher.c

> > +++ b/crypto/cipher.c

> > @@ -27,6 +27,7 @@ static size_t

> alg_key_len[QCRYPTO_CIPHER_ALG__MAX] = {

> >      [QCRYPTO_CIPHER_ALG_AES_128] = 16,

> >      [QCRYPTO_CIPHER_ALG_AES_192] = 24,

> >      [QCRYPTO_CIPHER_ALG_AES_256] = 32,

> > +    [QCRYPTO_CIPHER_ALG_DES] = 8,

> >      [QCRYPTO_CIPHER_ALG_DES_RFB] = 8,

> >      [QCRYPTO_CIPHER_ALG_CAST5_128] = 16,

> >      [QCRYPTO_CIPHER_ALG_SERPENT_128] = 16,

> > @@ -41,6 +42,7 @@ static size_t

> alg_block_len[QCRYPTO_CIPHER_ALG__MAX] = {

> >      [QCRYPTO_CIPHER_ALG_AES_128] = 16,

> >      [QCRYPTO_CIPHER_ALG_AES_192] = 16,

> >      [QCRYPTO_CIPHER_ALG_AES_256] = 16,

> > +    [QCRYPTO_CIPHER_ALG_DES] = 8,

> >      [QCRYPTO_CIPHER_ALG_DES_RFB] = 8,

> >      [QCRYPTO_CIPHER_ALG_CAST5_128] = 8,

> >      [QCRYPTO_CIPHER_ALG_SERPENT_128] = 16,

> > @@ -107,7 +109,8 @@

> qcrypto_cipher_validate_key_length(QCryptoCipherAlgorithm alg,

> >      }

> >

> >      if (mode == QCRYPTO_CIPHER_MODE_XTS) {

> > -        if (alg == QCRYPTO_CIPHER_ALG_DES_RFB) {

> > +        if (alg == QCRYPTO_CIPHER_ALG_DES_RFB

> > +            || alg == QCRYPTO_CIPHER_ALG_DES) {

> >              error_setg(errp, "XTS mode not compatible with DES-RFB");

> >              return false;

> >          }

> > diff --git a/qapi/crypto.json b/qapi/crypto.json

> > index 5c9d7d4..d403ab9 100644

> > --- a/qapi/crypto.json

> > +++ b/qapi/crypto.json

> > @@ -75,7 +75,7 @@

> >  { 'enum': 'QCryptoCipherAlgorithm',

> >    'prefix': 'QCRYPTO_CIPHER_ALG',

> >    'data': ['aes-128', 'aes-192', 'aes-256',

> > -           'des-rfb',

> > +           'des-rfb', 'des',

> 

> Can we call this '3des' to make it clear that this is Triple-DES and not

> the single-DES (which des-rfb is)

> 

Actually the current des is not triple-DES, just the single-DES, and des-rfb in QEMU is just a variant of
single DES, which change the standard key by calling qcrypto_cipher_munge_des_rfb_key().

I think we can add the 3des support as well in the next step.

The current single-DES in the patch set is ok to me. :)

Regards,
-Gonglei
Longpeng (Mike, Cloud Infrastructure Service Product Dept.) Dec. 5, 2016, 11:11 a.m. UTC | #3 
Hi Daniel,

On 2016/12/5 17:18, Daniel P. Berrange wrote:

> On Mon, Dec 05, 2016 at 04:59:38PM +0800, Longpeng(Mike) wrote:
......
>> diff --git a/qapi/crypto.json b/qapi/crypto.json
>> index 5c9d7d4..d403ab9 100644
>> --- a/qapi/crypto.json
>> +++ b/qapi/crypto.json
>> @@ -75,7 +75,7 @@
>>  { 'enum': 'QCryptoCipherAlgorithm',
>>    'prefix': 'QCRYPTO_CIPHER_ALG',
>>    'data': ['aes-128', 'aes-192', 'aes-256',
>> -           'des-rfb',
>> +           'des-rfb', 'des',
> 
> Can we call this '3des' to make it clear that this is Triple-DES and not
> the single-DES (which des-rfb is)
> 

As the comment in qapi/crypto.json said:
@des-rfb: RFB specific variant of single DES.

This patch just add the standard single-DES support, not the triple-DES, so I
think maybe "des" is suitable.

And we will add "3des" in the near-future.

>>             'cast5-128',
>>             'serpent-128', 'serpent-192', 'serpent-256',
>>             'twofish-128', 'twofish-192', 'twofish-256']}
> 
> Regards,
> Daniel
Daniel P. Berrangé Dec. 5, 2016, 11:18 a.m. UTC | #4 
On Mon, Dec 05, 2016 at 07:11:37PM +0800, Longpeng (Mike) wrote:
> Hi Daniel,
> 
> On 2016/12/5 17:18, Daniel P. Berrange wrote:
> 
> > On Mon, Dec 05, 2016 at 04:59:38PM +0800, Longpeng(Mike) wrote:
> ......
> >> diff --git a/qapi/crypto.json b/qapi/crypto.json
> >> index 5c9d7d4..d403ab9 100644
> >> --- a/qapi/crypto.json
> >> +++ b/qapi/crypto.json
> >> @@ -75,7 +75,7 @@
> >>  { 'enum': 'QCryptoCipherAlgorithm',
> >>    'prefix': 'QCRYPTO_CIPHER_ALG',
> >>    'data': ['aes-128', 'aes-192', 'aes-256',
> >> -           'des-rfb',
> >> +           'des-rfb', 'des',
> > 
> > Can we call this '3des' to make it clear that this is Triple-DES and not
> > the single-DES (which des-rfb is)
> > 
> 
> As the comment in qapi/crypto.json said:
> @des-rfb: RFB specific variant of single DES.
> 
> This patch just add the standard single-DES support, not the triple-DES, so I
> think maybe "des" is suitable.

Oh I missed that - QEMU should not support single-DES at all for
cryptodev IMHO. Single DES has been cryptographically broken/useless
for *decades* - way back in 1999, the EFF built a machine that could
brute force single-DES in a mere 56 hours.

Triple-DES is the bare minimum that's acceptable and even that
should only be for legacy usage which can't use a more modern
cipher like AES

Regards,
Daniel
Daniel P. Berrangé Dec. 5, 2016, 4:59 p.m. UTC | #5 
On Mon, Dec 05, 2016 at 09:29:59AM +0000, Gonglei (Arei) wrote:
> >
> > >      switch (alg) {
> > > +    case QCRYPTO_CIPHER_ALG_DES:
> > >      case QCRYPTO_CIPHER_ALG_DES_RFB:
> > >      case QCRYPTO_CIPHER_ALG_AES_128:
> > >      case QCRYPTO_CIPHER_ALG_AES_192:
> > > @@ -256,11 +257,17 @@ QCryptoCipher
> > *qcrypto_cipher_new(QCryptoCipherAlgorithm alg,
> > >      ctx = g_new0(QCryptoCipherNettle, 1);
> > >
> > >      switch (alg) {
> > > +    case QCRYPTO_CIPHER_ALG_DES:
> > >      case QCRYPTO_CIPHER_ALG_DES_RFB:
> > >          ctx->ctx = g_new0(struct des_ctx, 1);
> > > -        rfbkey = qcrypto_cipher_munge_des_rfb_key(key, nkey);
> > > -        des_set_key(ctx->ctx, rfbkey);
> > > -        g_free(rfbkey);
> > > +
> > > +        if (alg == QCRYPTO_CIPHER_ALG_DES_RFB) {
> > > +            rfbkey = qcrypto_cipher_munge_des_rfb_key(key, nkey);
> > > +            des_set_key(ctx->ctx, rfbkey);
> > > +            g_free(rfbkey);
> > > +        } else {
> > > +            des_set_key(ctx->ctx, key);
> > > +        }
> > >
> > >          ctx->alg_encrypt_native = des_encrypt_native;
> > >          ctx->alg_decrypt_native = des_decrypt_native;
> > > diff --git a/crypto/cipher.c b/crypto/cipher.c
> > > index a9bca41..00d9682 100644
> > > --- a/crypto/cipher.c
> > > +++ b/crypto/cipher.c
> > > @@ -27,6 +27,7 @@ static size_t
> > alg_key_len[QCRYPTO_CIPHER_ALG__MAX] = {
> > >      [QCRYPTO_CIPHER_ALG_AES_128] = 16,
> > >      [QCRYPTO_CIPHER_ALG_AES_192] = 24,
> > >      [QCRYPTO_CIPHER_ALG_AES_256] = 32,
> > > +    [QCRYPTO_CIPHER_ALG_DES] = 8,
> > >      [QCRYPTO_CIPHER_ALG_DES_RFB] = 8,
> > >      [QCRYPTO_CIPHER_ALG_CAST5_128] = 16,
> > >      [QCRYPTO_CIPHER_ALG_SERPENT_128] = 16,
> > > @@ -41,6 +42,7 @@ static size_t
> > alg_block_len[QCRYPTO_CIPHER_ALG__MAX] = {
> > >      [QCRYPTO_CIPHER_ALG_AES_128] = 16,
> > >      [QCRYPTO_CIPHER_ALG_AES_192] = 16,
> > >      [QCRYPTO_CIPHER_ALG_AES_256] = 16,
> > > +    [QCRYPTO_CIPHER_ALG_DES] = 8,
> > >      [QCRYPTO_CIPHER_ALG_DES_RFB] = 8,
> > >      [QCRYPTO_CIPHER_ALG_CAST5_128] = 8,
> > >      [QCRYPTO_CIPHER_ALG_SERPENT_128] = 16,
> > > @@ -107,7 +109,8 @@
> > qcrypto_cipher_validate_key_length(QCryptoCipherAlgorithm alg,
> > >      }
> > >
> > >      if (mode == QCRYPTO_CIPHER_MODE_XTS) {
> > > -        if (alg == QCRYPTO_CIPHER_ALG_DES_RFB) {
> > > +        if (alg == QCRYPTO_CIPHER_ALG_DES_RFB
> > > +            || alg == QCRYPTO_CIPHER_ALG_DES) {
> > >              error_setg(errp, "XTS mode not compatible with DES-RFB");
> > >              return false;
> > >          }
> > > diff --git a/qapi/crypto.json b/qapi/crypto.json
> > > index 5c9d7d4..d403ab9 100644
> > > --- a/qapi/crypto.json
> > > +++ b/qapi/crypto.json
> > > @@ -75,7 +75,7 @@
> > >  { 'enum': 'QCryptoCipherAlgorithm',
> > >    'prefix': 'QCRYPTO_CIPHER_ALG',
> > >    'data': ['aes-128', 'aes-192', 'aes-256',
> > > -           'des-rfb',
> > > +           'des-rfb', 'des',
> > 
> > Can we call this '3des' to make it clear that this is Triple-DES and not
> > the single-DES (which des-rfb is)
> > 
> Actually the current des is not triple-DES, just the single-DES, and des-rfb in QEMU is just a variant of
> single DES, which change the standard key by calling qcrypto_cipher_munge_des_rfb_key().
> 
> I think we can add the 3des support as well in the next step.
> 
> The current single-DES in the patch set is ok to me. :)

Per my othre reply in this thread, I don't think we should be supporting
single-DES at all in QEMU / cryptodev. So IMHO, the correct fix is to
remove the single-DES support from cryptodev entirely

Regards,
Daniel
Eric Blake Dec. 5, 2016, 7:15 p.m. UTC | #6 
On 12/05/2016 02:59 AM, Longpeng(Mike) wrote:
> This patch add standart DES support.

s/standart/standard/

> 
> Signed-off-by: Longpeng(Mike) <longpeng2@huawei.com>
> ---

> +++ b/qapi/crypto.json
> @@ -75,7 +75,7 @@
>  { 'enum': 'QCryptoCipherAlgorithm',
>    'prefix': 'QCRYPTO_CIPHER_ALG',
>    'data': ['aes-128', 'aes-192', 'aes-256',
> -           'des-rfb',
> +           'des-rfb', 'des',

Missing documentation that includes a (since 2.9) blurb

>             'cast5-128',
>             'serpent-128', 'serpent-192', 'serpent-256',
>             'twofish-128', 'twofish-192', 'twofish-256']}
>
Gonglei (Arei) Dec. 6, 2016, 1:23 a.m. UTC | #7 
>

> From: Daniel P. Berrange [mailto:berrange@redhat.com]

> Sent: Tuesday, December 06, 2016 12:59 AM

> To: Gonglei (Arei)

> Cc: longpeng; eblake@redhat.com; armbru@redhat.com;

> qemu-devel@nongnu.org; Wubin (H); Zhoujian (jay, Euler)

> Subject: Re: [PATCH for-2.9 1/3] crypto: add standard des support

> 

> On Mon, Dec 05, 2016 at 09:29:59AM +0000, Gonglei (Arei) wrote:

> > >

> > > >      switch (alg) {

> > > > +    case QCRYPTO_CIPHER_ALG_DES:

> > > >      case QCRYPTO_CIPHER_ALG_DES_RFB:

> > > >      case QCRYPTO_CIPHER_ALG_AES_128:

> > > >      case QCRYPTO_CIPHER_ALG_AES_192:

> > > > @@ -256,11 +257,17 @@ QCryptoCipher

> > > *qcrypto_cipher_new(QCryptoCipherAlgorithm alg,

> > > >      ctx = g_new0(QCryptoCipherNettle, 1);

> > > >

> > > >      switch (alg) {

> > > > +    case QCRYPTO_CIPHER_ALG_DES:

> > > >      case QCRYPTO_CIPHER_ALG_DES_RFB:

> > > >          ctx->ctx = g_new0(struct des_ctx, 1);

> > > > -        rfbkey = qcrypto_cipher_munge_des_rfb_key(key, nkey);

> > > > -        des_set_key(ctx->ctx, rfbkey);

> > > > -        g_free(rfbkey);

> > > > +

> > > > +        if (alg == QCRYPTO_CIPHER_ALG_DES_RFB) {

> > > > +            rfbkey = qcrypto_cipher_munge_des_rfb_key(key, nkey);

> > > > +            des_set_key(ctx->ctx, rfbkey);

> > > > +            g_free(rfbkey);

> > > > +        } else {

> > > > +            des_set_key(ctx->ctx, key);

> > > > +        }

> > > >

> > > >          ctx->alg_encrypt_native = des_encrypt_native;

> > > >          ctx->alg_decrypt_native = des_decrypt_native;

> > > > diff --git a/crypto/cipher.c b/crypto/cipher.c

> > > > index a9bca41..00d9682 100644

> > > > --- a/crypto/cipher.c

> > > > +++ b/crypto/cipher.c

> > > > @@ -27,6 +27,7 @@ static size_t

> > > alg_key_len[QCRYPTO_CIPHER_ALG__MAX] = {

> > > >      [QCRYPTO_CIPHER_ALG_AES_128] = 16,

> > > >      [QCRYPTO_CIPHER_ALG_AES_192] = 24,

> > > >      [QCRYPTO_CIPHER_ALG_AES_256] = 32,

> > > > +    [QCRYPTO_CIPHER_ALG_DES] = 8,

> > > >      [QCRYPTO_CIPHER_ALG_DES_RFB] = 8,

> > > >      [QCRYPTO_CIPHER_ALG_CAST5_128] = 16,

> > > >      [QCRYPTO_CIPHER_ALG_SERPENT_128] = 16,

> > > > @@ -41,6 +42,7 @@ static size_t

> > > alg_block_len[QCRYPTO_CIPHER_ALG__MAX] = {

> > > >      [QCRYPTO_CIPHER_ALG_AES_128] = 16,

> > > >      [QCRYPTO_CIPHER_ALG_AES_192] = 16,

> > > >      [QCRYPTO_CIPHER_ALG_AES_256] = 16,

> > > > +    [QCRYPTO_CIPHER_ALG_DES] = 8,

> > > >      [QCRYPTO_CIPHER_ALG_DES_RFB] = 8,

> > > >      [QCRYPTO_CIPHER_ALG_CAST5_128] = 8,

> > > >      [QCRYPTO_CIPHER_ALG_SERPENT_128] = 16,

> > > > @@ -107,7 +109,8 @@

> > > qcrypto_cipher_validate_key_length(QCryptoCipherAlgorithm alg,

> > > >      }

> > > >

> > > >      if (mode == QCRYPTO_CIPHER_MODE_XTS) {

> > > > -        if (alg == QCRYPTO_CIPHER_ALG_DES_RFB) {

> > > > +        if (alg == QCRYPTO_CIPHER_ALG_DES_RFB

> > > > +            || alg == QCRYPTO_CIPHER_ALG_DES) {

> > > >              error_setg(errp, "XTS mode not compatible with

> DES-RFB");

> > > >              return false;

> > > >          }

> > > > diff --git a/qapi/crypto.json b/qapi/crypto.json

> > > > index 5c9d7d4..d403ab9 100644

> > > > --- a/qapi/crypto.json

> > > > +++ b/qapi/crypto.json

> > > > @@ -75,7 +75,7 @@

> > > >  { 'enum': 'QCryptoCipherAlgorithm',

> > > >    'prefix': 'QCRYPTO_CIPHER_ALG',

> > > >    'data': ['aes-128', 'aes-192', 'aes-256',

> > > > -           'des-rfb',

> > > > +           'des-rfb', 'des',

> > >

> > > Can we call this '3des' to make it clear that this is Triple-DES and not

> > > the single-DES (which des-rfb is)

> > >

> > Actually the current des is not triple-DES, just the single-DES, and des-rfb in

> QEMU is just a variant of

> > single DES, which change the standard key by calling

> qcrypto_cipher_munge_des_rfb_key().

> >

> > I think we can add the 3des support as well in the next step.

> >

> > The current single-DES in the patch set is ok to me. :)

> 

> Per my othre reply in this thread,


I saw that, thanks for your information, Daniel.

> I don't think we should be supporting

> single-DES at all in QEMU / cryptodev. So IMHO, the correct fix is to

> remove the single-DES support from cryptodev entirely

> 

The cryptodev-builtin is one kind of cryptodev backends. It provides the
real crypto capability for virtio crypto device.
 
I don't think we should artificially remove one algorithm support if
the frontend driver (users) wants to use it, though the algorithm is
unsafe.

Of course, if the QEMU crypto API doesn't provide single-DES support,
we should remove it from the cryptodev-builtin backend as well. ;)

Regards,
-Gonglei
Daniel P. Berrangé Dec. 6, 2016, 9:21 a.m. UTC | #8 
On Tue, Dec 06, 2016 at 01:23:31AM +0000, Gonglei (Arei) wrote:
> >
> > From: Daniel P. Berrange [mailto:berrange@redhat.com]
> > Sent: Tuesday, December 06, 2016 12:59 AM
> > To: Gonglei (Arei)
> > Cc: longpeng; eblake@redhat.com; armbru@redhat.com;
> > qemu-devel@nongnu.org; Wubin (H); Zhoujian (jay, Euler)
> > Subject: Re: [PATCH for-2.9 1/3] crypto: add standard des support
> > 
> > On Mon, Dec 05, 2016 at 09:29:59AM +0000, Gonglei (Arei) wrote:
> > > >
> > > > >      switch (alg) {
> > > > > +    case QCRYPTO_CIPHER_ALG_DES:
> > > > >      case QCRYPTO_CIPHER_ALG_DES_RFB:
> > > > >      case QCRYPTO_CIPHER_ALG_AES_128:
> > > > >      case QCRYPTO_CIPHER_ALG_AES_192:
> > > > > @@ -256,11 +257,17 @@ QCryptoCipher
> > > > *qcrypto_cipher_new(QCryptoCipherAlgorithm alg,
> > > > >      ctx = g_new0(QCryptoCipherNettle, 1);
> > > > >
> > > > >      switch (alg) {
> > > > > +    case QCRYPTO_CIPHER_ALG_DES:
> > > > >      case QCRYPTO_CIPHER_ALG_DES_RFB:
> > > > >          ctx->ctx = g_new0(struct des_ctx, 1);
> > > > > -        rfbkey = qcrypto_cipher_munge_des_rfb_key(key, nkey);
> > > > > -        des_set_key(ctx->ctx, rfbkey);
> > > > > -        g_free(rfbkey);
> > > > > +
> > > > > +        if (alg == QCRYPTO_CIPHER_ALG_DES_RFB) {
> > > > > +            rfbkey = qcrypto_cipher_munge_des_rfb_key(key, nkey);
> > > > > +            des_set_key(ctx->ctx, rfbkey);
> > > > > +            g_free(rfbkey);
> > > > > +        } else {
> > > > > +            des_set_key(ctx->ctx, key);
> > > > > +        }
> > > > >
> > > > >          ctx->alg_encrypt_native = des_encrypt_native;
> > > > >          ctx->alg_decrypt_native = des_decrypt_native;
> > > > > diff --git a/crypto/cipher.c b/crypto/cipher.c
> > > > > index a9bca41..00d9682 100644
> > > > > --- a/crypto/cipher.c
> > > > > +++ b/crypto/cipher.c
> > > > > @@ -27,6 +27,7 @@ static size_t
> > > > alg_key_len[QCRYPTO_CIPHER_ALG__MAX] = {
> > > > >      [QCRYPTO_CIPHER_ALG_AES_128] = 16,
> > > > >      [QCRYPTO_CIPHER_ALG_AES_192] = 24,
> > > > >      [QCRYPTO_CIPHER_ALG_AES_256] = 32,
> > > > > +    [QCRYPTO_CIPHER_ALG_DES] = 8,
> > > > >      [QCRYPTO_CIPHER_ALG_DES_RFB] = 8,
> > > > >      [QCRYPTO_CIPHER_ALG_CAST5_128] = 16,
> > > > >      [QCRYPTO_CIPHER_ALG_SERPENT_128] = 16,
> > > > > @@ -41,6 +42,7 @@ static size_t
> > > > alg_block_len[QCRYPTO_CIPHER_ALG__MAX] = {
> > > > >      [QCRYPTO_CIPHER_ALG_AES_128] = 16,
> > > > >      [QCRYPTO_CIPHER_ALG_AES_192] = 16,
> > > > >      [QCRYPTO_CIPHER_ALG_AES_256] = 16,
> > > > > +    [QCRYPTO_CIPHER_ALG_DES] = 8,
> > > > >      [QCRYPTO_CIPHER_ALG_DES_RFB] = 8,
> > > > >      [QCRYPTO_CIPHER_ALG_CAST5_128] = 8,
> > > > >      [QCRYPTO_CIPHER_ALG_SERPENT_128] = 16,
> > > > > @@ -107,7 +109,8 @@
> > > > qcrypto_cipher_validate_key_length(QCryptoCipherAlgorithm alg,
> > > > >      }
> > > > >
> > > > >      if (mode == QCRYPTO_CIPHER_MODE_XTS) {
> > > > > -        if (alg == QCRYPTO_CIPHER_ALG_DES_RFB) {
> > > > > +        if (alg == QCRYPTO_CIPHER_ALG_DES_RFB
> > > > > +            || alg == QCRYPTO_CIPHER_ALG_DES) {
> > > > >              error_setg(errp, "XTS mode not compatible with
> > DES-RFB");
> > > > >              return false;
> > > > >          }
> > > > > diff --git a/qapi/crypto.json b/qapi/crypto.json
> > > > > index 5c9d7d4..d403ab9 100644
> > > > > --- a/qapi/crypto.json
> > > > > +++ b/qapi/crypto.json
> > > > > @@ -75,7 +75,7 @@
> > > > >  { 'enum': 'QCryptoCipherAlgorithm',
> > > > >    'prefix': 'QCRYPTO_CIPHER_ALG',
> > > > >    'data': ['aes-128', 'aes-192', 'aes-256',
> > > > > -           'des-rfb',
> > > > > +           'des-rfb', 'des',
> > > >
> > > > Can we call this '3des' to make it clear that this is Triple-DES and not
> > > > the single-DES (which des-rfb is)
> > > >
> > > Actually the current des is not triple-DES, just the single-DES, and des-rfb in
> > QEMU is just a variant of
> > > single DES, which change the standard key by calling
> > qcrypto_cipher_munge_des_rfb_key().
> > >
> > > I think we can add the 3des support as well in the next step.
> > >
> > > The current single-DES in the patch set is ok to me. :)
> > 
> > Per my othre reply in this thread,
> 
> I saw that, thanks for your information, Daniel.
> 
> > I don't think we should be supporting
> > single-DES at all in QEMU / cryptodev. So IMHO, the correct fix is to
> > remove the single-DES support from cryptodev entirely
> > 
> The cryptodev-builtin is one kind of cryptodev backends. It provides the
> real crypto capability for virtio crypto device.
>  
> I don't think we should artificially remove one algorithm support if
> the frontend driver (users) wants to use it, though the algorithm is
> unsafe.

IIUC the cryptodev hardware is ultimately about allowing the guest
to offload crypto operations to the host, potentialy using hardware
acceleration. If the cryptodev backend doesn't support a particular
algorithm, the guest is still capable of using its own built-in
support for that algorithm. I see no compelling reason to provide
host offload / acceleration for single-DES. Just kill this obsolete
algorithm from cryptodev and in the unlikely event that a guest
really does want single-DES it can use its built-in impl instead.

Regards,
Daniel
Gonglei (Arei) Dec. 6, 2016, 9:28 a.m. UTC | #9 
>

> > > > > >          }

> > > > > > diff --git a/qapi/crypto.json b/qapi/crypto.json

> > > > > > index 5c9d7d4..d403ab9 100644

> > > > > > --- a/qapi/crypto.json

> > > > > > +++ b/qapi/crypto.json

> > > > > > @@ -75,7 +75,7 @@

> > > > > >  { 'enum': 'QCryptoCipherAlgorithm',

> > > > > >    'prefix': 'QCRYPTO_CIPHER_ALG',

> > > > > >    'data': ['aes-128', 'aes-192', 'aes-256',

> > > > > > -           'des-rfb',

> > > > > > +           'des-rfb', 'des',

> > > > >

> > > > > Can we call this '3des' to make it clear that this is Triple-DES and not

> > > > > the single-DES (which des-rfb is)

> > > > >

> > > > Actually the current des is not triple-DES, just the single-DES, and des-rfb

> in

> > > QEMU is just a variant of

> > > > single DES, which change the standard key by calling

> > > qcrypto_cipher_munge_des_rfb_key().

> > > >

> > > > I think we can add the 3des support as well in the next step.

> > > >

> > > > The current single-DES in the patch set is ok to me. :)

> > >

> > > Per my othre reply in this thread,

> >

> > I saw that, thanks for your information, Daniel.

> >

> > > I don't think we should be supporting

> > > single-DES at all in QEMU / cryptodev. So IMHO, the correct fix is to

> > > remove the single-DES support from cryptodev entirely

> > >

> > The cryptodev-builtin is one kind of cryptodev backends. It provides the

> > real crypto capability for virtio crypto device.

> >

> > I don't think we should artificially remove one algorithm support if

> > the frontend driver (users) wants to use it, though the algorithm is

> > unsafe.

> 

> IIUC the cryptodev hardware is ultimately about allowing the guest

> to offload crypto operations to the host, potentialy using hardware

> acceleration. If the cryptodev backend doesn't support a particular

> algorithm, the guest is still capable of using its own built-in

> support for that algorithm. I see no compelling reason to provide

> host offload / acceleration for single-DES. Just kill this obsolete

> algorithm from cryptodev and in the unlikely event that a guest

> really does want single-DES it can use its built-in impl instead.

> 

Make sense. And I don't want to support single-DES in the virtio-crypto
frontend driver as well. The guest will use the software realization.

Thanks,
-Gonglei
Longpeng (Mike, Cloud Infrastructure Service Product Dept.) Dec. 7, 2016, 12:58 a.m. UTC | #10 
Hi Eric,

On 2016/12/6 3:15, Eric Blake wrote:

> On 12/05/2016 02:59 AM, Longpeng(Mike) wrote:
>> This patch add standart DES support.
> 
> s/standart/standard/
> 
>>
>> Signed-off-by: Longpeng(Mike) <longpeng2@huawei.com>
>> ---
> 
>> +++ b/qapi/crypto.json
>> @@ -75,7 +75,7 @@
>>  { 'enum': 'QCryptoCipherAlgorithm',
>>    'prefix': 'QCRYPTO_CIPHER_ALG',
>>    'data': ['aes-128', 'aes-192', 'aes-256',
>> -           'des-rfb',
>> +           'des-rfb', 'des',
> 
> Missing documentation that includes a (since 2.9) blurb
> 

Thanks, but I decide to disable standard single-DES in cryptodev, as suggested
by Daniel.

>>             'cast5-128',
>>             'serpent-128', 'serpent-192', 'serpent-256',
>>             'twofish-128', 'twofish-192', 'twofish-256']}
>>
>
diff mbox

Patch

diff --git a/crypto/cipher-gcrypt.c b/crypto/cipher-gcrypt.c
index c550db9..7ca049c 100644
--- a/crypto/cipher-gcrypt.c
+++ b/crypto/cipher-gcrypt.c
@@ -28,6 +28,7 @@  bool qcrypto_cipher_supports(QCryptoCipherAlgorithm alg,
                              QCryptoCipherMode mode)
 {
     switch (alg) {
+    case QCRYPTO_CIPHER_ALG_DES:
     case QCRYPTO_CIPHER_ALG_DES_RFB:
     case QCRYPTO_CIPHER_ALG_AES_128:
     case QCRYPTO_CIPHER_ALG_AES_192:
@@ -95,6 +96,7 @@  QCryptoCipher *qcrypto_cipher_new(QCryptoCipherAlgorithm alg,
     }
 
     switch (alg) {
+    case QCRYPTO_CIPHER_ALG_DES:
     case QCRYPTO_CIPHER_ALG_DES_RFB:
         gcryalg = GCRY_CIPHER_DES;
         break;
@@ -200,6 +202,7 @@  QCryptoCipher *qcrypto_cipher_new(QCryptoCipherAlgorithm alg,
         case QCRYPTO_CIPHER_ALG_TWOFISH_256:
             ctx->blocksize = 16;
             break;
+        case QCRYPTO_CIPHER_ALG_DES:
         case QCRYPTO_CIPHER_ALG_CAST5_128:
             ctx->blocksize = 8;
             break;
diff --git a/crypto/cipher-nettle.c b/crypto/cipher-nettle.c
index cd094cd..81cc634 100644
--- a/crypto/cipher-nettle.c
+++ b/crypto/cipher-nettle.c
@@ -196,6 +196,7 @@  bool qcrypto_cipher_supports(QCryptoCipherAlgorithm alg,
                              QCryptoCipherMode mode)
 {
     switch (alg) {
+    case QCRYPTO_CIPHER_ALG_DES:
     case QCRYPTO_CIPHER_ALG_DES_RFB:
     case QCRYPTO_CIPHER_ALG_AES_128:
     case QCRYPTO_CIPHER_ALG_AES_192:
@@ -256,11 +257,17 @@  QCryptoCipher *qcrypto_cipher_new(QCryptoCipherAlgorithm alg,
     ctx = g_new0(QCryptoCipherNettle, 1);
 
     switch (alg) {
+    case QCRYPTO_CIPHER_ALG_DES:
     case QCRYPTO_CIPHER_ALG_DES_RFB:
         ctx->ctx = g_new0(struct des_ctx, 1);
-        rfbkey = qcrypto_cipher_munge_des_rfb_key(key, nkey);
-        des_set_key(ctx->ctx, rfbkey);
-        g_free(rfbkey);
+
+        if (alg == QCRYPTO_CIPHER_ALG_DES_RFB) {
+            rfbkey = qcrypto_cipher_munge_des_rfb_key(key, nkey);
+            des_set_key(ctx->ctx, rfbkey);
+            g_free(rfbkey);
+        } else {
+            des_set_key(ctx->ctx, key);
+        }
 
         ctx->alg_encrypt_native = des_encrypt_native;
         ctx->alg_decrypt_native = des_decrypt_native;
diff --git a/crypto/cipher.c b/crypto/cipher.c
index a9bca41..00d9682 100644
--- a/crypto/cipher.c
+++ b/crypto/cipher.c
@@ -27,6 +27,7 @@  static size_t alg_key_len[QCRYPTO_CIPHER_ALG__MAX] = {
     [QCRYPTO_CIPHER_ALG_AES_128] = 16,
     [QCRYPTO_CIPHER_ALG_AES_192] = 24,
     [QCRYPTO_CIPHER_ALG_AES_256] = 32,
+    [QCRYPTO_CIPHER_ALG_DES] = 8,
     [QCRYPTO_CIPHER_ALG_DES_RFB] = 8,
     [QCRYPTO_CIPHER_ALG_CAST5_128] = 16,
     [QCRYPTO_CIPHER_ALG_SERPENT_128] = 16,
@@ -41,6 +42,7 @@  static size_t alg_block_len[QCRYPTO_CIPHER_ALG__MAX] = {
     [QCRYPTO_CIPHER_ALG_AES_128] = 16,
     [QCRYPTO_CIPHER_ALG_AES_192] = 16,
     [QCRYPTO_CIPHER_ALG_AES_256] = 16,
+    [QCRYPTO_CIPHER_ALG_DES] = 8,
     [QCRYPTO_CIPHER_ALG_DES_RFB] = 8,
     [QCRYPTO_CIPHER_ALG_CAST5_128] = 8,
     [QCRYPTO_CIPHER_ALG_SERPENT_128] = 16,
@@ -107,7 +109,8 @@  qcrypto_cipher_validate_key_length(QCryptoCipherAlgorithm alg,
     }
 
     if (mode == QCRYPTO_CIPHER_MODE_XTS) {
-        if (alg == QCRYPTO_CIPHER_ALG_DES_RFB) {
+        if (alg == QCRYPTO_CIPHER_ALG_DES_RFB
+            || alg == QCRYPTO_CIPHER_ALG_DES) {
             error_setg(errp, "XTS mode not compatible with DES-RFB");
             return false;
         }
diff --git a/qapi/crypto.json b/qapi/crypto.json
index 5c9d7d4..d403ab9 100644
--- a/qapi/crypto.json
+++ b/qapi/crypto.json
@@ -75,7 +75,7 @@ 
 { 'enum': 'QCryptoCipherAlgorithm',
   'prefix': 'QCRYPTO_CIPHER_ALG',
   'data': ['aes-128', 'aes-192', 'aes-256',
-           'des-rfb',
+           'des-rfb', 'des',
            'cast5-128',
            'serpent-128', 'serpent-192', 'serpent-256',
            'twofish-128', 'twofish-192', 'twofish-256']}