On Tue, Jul 30, 2024 at 05:58:38PM +0200, Cédric Le Goater wrote: > On 7/29/24 21:00, Alejandro Zeise wrote: > > This change adds an accumulative hashing function > > (qcrypto_hash_accumulate_bytesv) and implementation > > for each of the crypto library backends that QEMU supports. > > > > The QCrypto API did not support hashing in an accumulative mode. > > As such, hardware hash modules (like the HACE from Aspeed's SoCs) are > > unable to perform such operations correctly when the guest requires it. > > > > The creation and freeing of each library's context is abstracted by > > the qcrypto_hash_accumulate_new_ctx and qcrypto_hash_accumulate_free_ctx > > functions. > > > > Changes in V2: > > * Fixed error checking bug in libgcrypt backend > > > > Signed-off-by: Alejandro Zeise <alejandro.ze...@seagate.com> > > --- > > crypto/hash-gcrypt.c | 105 ++++++++++++++++++++++++++++++++++++++++++ > > crypto/hash-glib.c | 89 +++++++++++++++++++++++++++++++++++ > > crypto/hash-gnutls.c | 82 +++++++++++++++++++++++++++++++++ > > crypto/hash-nettle.c | 93 +++++++++++++++++++++++++++++++++++++ > > crypto/hash.c | 42 +++++++++++++++++ > > crypto/hashpriv.h | 11 +++++ > > include/crypto/hash.h | 65 ++++++++++++++++++++++++++ > > 7 files changed, 487 insertions(+)
> > diff --git a/include/crypto/hash.h b/include/crypto/hash.h > > index 54d87aa2a1..fb8ae2d099 100644 > > --- a/include/crypto/hash.h > > +++ b/include/crypto/hash.h > > @@ -1,6 +1,7 @@ > > /* > > * QEMU Crypto hash algorithms > > * > > + * Copyright (c) 2024 Seagate Technology LLC and/or its Affiliates > > * Copyright (c) 2015 Red Hat, Inc. > > * > > * This library is free software; you can redistribute it and/or > > @@ -25,6 +26,8 @@ > > /* See also "QCryptoHashAlgorithm" defined in qapi/crypto.json */ > > +typedef void qcrypto_hash_accumulate_ctx_t; > > > QCryptoHmac defines a similar API. I would do the same for the hash > accumulative mode. See hmac files. Yes, ideally the hmac APIs would match the hash APIs. That said, the changes I've just requested are already a large amount of work, so I'm not going to demand that the hmac.c code is also changed. Alejandro: if have you time to update hmac.c that would be awesome, but consider it optional. With regards, Daniel -- |: https://berrange.com -o- https://www.flickr.com/photos/dberrange :| |: https://libvirt.org -o- https://fstop138.berrange.com :| |: https://entangle-photo.org -o- https://www.instagram.com/dberrange :|
