Re: [PATCH v3 02/28] crypto/x509-utils: Add helper functions for certificate store

Tue, 17 Jun 2025 08:37:33 -0700 


On 6/17/25 6:58 AM, Markus Armbruster wrote:
> Zhuoying Cai <zy...@linux.ibm.com> writes:
> 
>> Add helper functions for x509 certificate which will be used in the next
>> patch for the certificate store.
>>
>> Signed-off-by: Zhuoying Cai <zy...@linux.ibm.com>
> 
> [...]
> 
>> diff --git a/qapi/crypto.json b/qapi/crypto.json
>> index c9d967d782..af487dcecd 100644
>> --- a/qapi/crypto.json
>> +++ b/qapi/crypto.json
>> @@ -612,3 +612,83 @@
>>    'base': { 'alg': 'QCryptoAkCipherAlgo' },
>>    'discriminator': 'alg',
>>    'data': { 'rsa': 'QCryptoAkCipherOptionsRSA' }}
>> +
>> +##
>> +# @QCryptoKeyidFlags:
>> +#
>> +# The supported flags for the key ID
>> +#
>> +# @sha1: SHA-1
>> +#
>> +# @sha256: SHA-256
>> +#
>> +# @sha512: SHA-512
>> +#
>> +# @best-known: BEST-KNOWN
>> +#
>> +# Since: 10.1
>> +##
>> +{ 'enum': 'QCryptoKeyidFlags',
>> +  'data': ['sha1', 'sha256', 'sha512', 'best-known']}
>> +
>> +##
>> +# @QCryptoCertFmt:
> 
> For better or worse, we tend not to abbreviate things in QAPI schema
> names: QCryptoCertFormat.
> 
>> +#
>> +# The supported certificate encoding formats
>> +#
>> +# @der: DER
>> +#
>> +# @pem: PEM
>> +#
>> +# Since: 10.1
>> +##
>> +{ 'enum': 'QCryptoCertFmt',
>> +  'data': ['der', 'pem']}
>> +
>> +##
>> +# @QCryptoSigAlgo:
>> +#
>> +# Algorithms for digital signature
>> +#
>> +# @unknown: UNKNOWN
>> +#
>> +# @rsa-sha1: RSA-SHA1 or RSA-SHA
>> +#
>> +# @dsa-sha1: DSA-SHA1 or DSA-SHA
>> +#
>> +# @rsa-md5: RSA-MD5
>> +#
>> +# @rsa-md2: RSA-MD2
>> +#
>> +# @rsa-rmd160: RSA-RMD160
>> +#
>> +# @rsa-sha256: RSA-SHA256
>> +#
>> +# @rsa-sha384: RSA-SHA384
>> +#
>> +# @rsa-sha512: RSA-SHA512
>> +#
>> +# @rsa-sha224: RSA-SHA224
>> +#
>> +# @dsa-sha224: DSA-SHA224
>> +#
>> +# @dsa-sha256: DSA-SHA256
>> +#
>> +# @ecdsa-sha1: ECDSA-SHA1
>> +#
>> +# @ecdsa-sha224: ECDSA-SHA224
>> +#
>> +# @ecdsa-sha256: ECDSA-SHA256
>> +#
>> +# @ecdsa-sha384: ECDSA-SHA384
>> +#
>> +# @ecdsa-sha512: ECDSA-SHA512
>> +#
>> +# Since: 10.1
>> +##
>> +{ 'enum': 'QCryptoSigAlgo',
>> +  'data': ['unknown', 'rsa-sha1', 'dsa-sha1',
>> +           'rsa-md5', 'rsa-md2', 'rsa-rmd160',
>> +           'rsa-sha256', 'rsa-sha384', 'rsa-sha512', 'rsa-sha224',
>> +           'dsa-sha224', 'dsa-sha256',
>> +           'ecdsa-sha1', 'ecdsa-sha224', 'ecdsa-sha256', 'ecdsa-sha384', 
>> 'ecdsa-sha512']}
> 
> Ignorant question: why are these QAPI enums?
> 
> If they need to be QAPI enums, then I'll have some requests on the doc
> comments.
> 

Hi, thanks for the feedback.

The helper functions in x509-utils.c either take QAPI enum values as
parameters or return them. These enums are used later within QEMU.

























					Reply via email to