Received: by 2002:a6b:500f:0:0:0:0:0 with SMTP id e15csp558928iob; Fri, 13 May 2022 07:36:52 -0700 (PDT) X-Google-Smtp-Source: ABdhPJzMzF+6DmZ/gU9w9sMZJzkARya0f7n40rqWhISSja1Fd8yrI0anvwNNVNxWT8a/S+9Ankct X-Received: by 2002:a05:6402:5253:b0:427:ed62:bb8b with SMTP id t19-20020a056402525300b00427ed62bb8bmr40232230edd.65.1652452611894; Fri, 13 May 2022 07:36:51 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1652452611; cv=none; d=google.com; s=arc-20160816; b=QXscq90g3xh7epiCEbAdxWmyVBv/MAGrmXcXsM779hf1UFNrFBGIo2RF2a0sgmhXnT LqpRm53J2TRR77O4sd+nJ587Kvvkh5I1Qp8x6pEbqGiXA6RI6ympst9s78ygoutnH0t+ 5JbBbOY/qA8fk8MfCRbQQJyp98Vc7JAKKsGLohGILMuCP8+yI3ig/9CI4vRlC2/D5mMH hCeqBBuVpgil9RewEsMbipbiHlxvi82naex84IRfpwRQaiei4gnQE/GGS9av+xWVWv8e dz9UXqsR5BJcvjMwPLTvDneM3bEOYK0ivCyvXizUeRh6LDVOg1KgjK2Rh1p+HS7nq6zV ZeIA== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:user-agent:in-reply-to:content-transfer-encoding :content-disposition:mime-version:references:reply-to:message-id :subject:cc:to:from:date:dkim-signature; bh=5KwufUflIN0+si5g5sPE5FPx8DWaH5QC9MTJ9abHStk=; b=S8XHK51Su2uAe0r56xp7TcuYm7CjjAViRKgQSFv4ZbC4zSqBn4fIG1nwqlS2pREUDq KZBJAyUvp9zYfmOsWmUUU/8/KLT2kgwYuyYzgi1nCgZl5vVm/tCkeS4qyKKfFsltAVrj BEGnJtc9s3McZ3Z8OQnp9KZnlmwyS1w8MA4mm2BhgWxn2K4q+AoTmSDW/uwZFLtB1mDT Vu1e0A3xJp/F8jgXxyFSxVmV0m7QdFnWwqH3Cw8/ZDhk0yb3OXM2BLSN/GgTWNEE92Q9 NjgCc+XVce1PTT1wGtoKxazFTYrzivUjR6MTjxMMskluqrSJzP8JD8TmitK5J8UWKKFG Q5Vg== ARC-Authentication-Results: i=1; mx.google.com; dkim=pass header.i=@redhat.com header.s=mimecast20190719 header.b=SxO8NglY; spf=pass (google.com: domain of linux-crypto-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) smtp.mailfrom=linux-crypto-owner@vger.kernel.org; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=redhat.com Return-Path: Received: from out1.vger.email (out1.vger.email. [2620:137:e000::1:20]) by mx.google.com with ESMTP id sh41-20020a1709076ea900b006f4dcbbc558si2280677ejc.257.2022.05.13.07.36.25; Fri, 13 May 2022 07:36:51 -0700 (PDT) Received-SPF: pass (google.com: domain of linux-crypto-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) client-ip=2620:137:e000::1:20; Authentication-Results: mx.google.com; dkim=pass header.i=@redhat.com header.s=mimecast20190719 header.b=SxO8NglY; spf=pass (google.com: domain of linux-crypto-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) smtp.mailfrom=linux-crypto-owner@vger.kernel.org; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=redhat.com Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1354888AbiEMM3Z (ORCPT + 99 others); Fri, 13 May 2022 08:29:25 -0400 Received: from lindbergh.monkeyblade.net ([23.128.96.19]:43054 "EHLO lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S232861AbiEMM3Y (ORCPT ); Fri, 13 May 2022 08:29:24 -0400 Received: from us-smtp-delivery-124.mimecast.com (us-smtp-delivery-124.mimecast.com [170.10.129.124]) by lindbergh.monkeyblade.net (Postfix) with ESMTP id 9D0F14249A for ; Fri, 13 May 2022 05:29:23 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=redhat.com; s=mimecast20190719; t=1652444962; h=from:from:reply-to:reply-to:subject:subject:date:date: message-id:message-id:to:to:cc:cc:mime-version:mime-version: content-type:content-type: content-transfer-encoding:content-transfer-encoding: in-reply-to:in-reply-to:references:references; bh=5KwufUflIN0+si5g5sPE5FPx8DWaH5QC9MTJ9abHStk=; b=SxO8NglYj7UZWX7PZf69tMp5jxpfjRvs8/aMEx//WXfz+2t0kLHnXKJKLQCnXs9E/RP1xo fu9h9mRl23t9n7fIdd2aKhiW4NtqtlRZAT3Ncr8pKK0+MDKG9/DDulU5Ek8KM+a/7Tx728 ZwDULd5byqaXjuzjPub3HHaebsZl1NY= Received: from mimecast-mx02.redhat.com (mx3-rdu2.redhat.com [66.187.233.73]) by relay.mimecast.com with ESMTP with STARTTLS (version=TLSv1.2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id us-mta-203-iVsCinzTPRipcbI6YnuQgg-1; Fri, 13 May 2022 08:29:19 -0400 X-MC-Unique: iVsCinzTPRipcbI6YnuQgg-1 Received: from smtp.corp.redhat.com (int-mx08.intmail.prod.int.rdu2.redhat.com [10.11.54.8]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by mimecast-mx02.redhat.com (Postfix) with ESMTPS id EC60D1C05AF5; Fri, 13 May 2022 12:29:18 +0000 (UTC) Received: from redhat.com (unknown [10.33.36.124]) by smtp.corp.redhat.com (Postfix) with ESMTPS id 5F969C33AE5; Fri, 13 May 2022 12:29:16 +0000 (UTC) Date: Fri, 13 May 2022 13:29:13 +0100 From: Daniel =?utf-8?B?UC4gQmVycmFuZ8Op?= To: =?utf-8?B?5L2V56OK?= Cc: zhenwei pi , "S. Tsirkin, Michael" , arei.gonglei@huawei.com, qemu-devel@nongnu.org, virtualization@lists.linux-foundation.org, linux-crypto@vger.kernel.org, jasowang@redhat.com, cohuck@redhat.com Subject: Re: [External] [PATCH v5 5/9] crypto: Implement RSA algorithm by hogweed Message-ID: Reply-To: Daniel =?utf-8?B?UC4gQmVycmFuZ8Op?= References: <20220428135943.178254-1-pizhenwei@bytedance.com> <20220428135943.178254-6-pizhenwei@bytedance.com> <90F3B18B-9B7E-423C-A909-45D4527A6B3C@bytedance.com> MIME-Version: 1.0 Content-Type: text/plain; charset=utf-8 Content-Disposition: inline Content-Transfer-Encoding: 8bit In-Reply-To: <90F3B18B-9B7E-423C-A909-45D4527A6B3C@bytedance.com> User-Agent: Mutt/2.2.1 (2022-02-19) X-Scanned-By: MIMEDefang 2.85 on 10.11.54.8 X-Spam-Status: No, score=-3.4 required=5.0 tests=BAYES_00,DKIMWL_WL_HIGH, DKIM_SIGNED,DKIM_VALID,DKIM_VALID_AU,DKIM_VALID_EF,RCVD_IN_DNSWL_LOW, SPF_HELO_NONE,SPF_NONE,T_SCC_BODY_TEXT_LINE autolearn=ham autolearn_force=no version=3.4.6 X-Spam-Checker-Version: SpamAssassin 3.4.6 (2021-04-09) on lindbergh.monkeyblade.net Precedence: bulk List-ID: X-Mailing-List: linux-crypto@vger.kernel.org On Fri, May 13, 2022 at 08:26:14PM +0800, 何磊 wrote: > > > > On May 13, 2022, at 6:55 PM, Daniel P. Berrangé wrote: > > > > On Thu, Apr 28, 2022 at 09:59:39PM +0800, zhenwei pi wrote: > >> From: Lei He > >> > >> Implement RSA algorithm by hogweed from nettle. Thus QEMU supports > >> a 'real' RSA backend to handle request from guest side. It's > >> important to test RSA offload case without OS & hardware requirement. > >> > >> Signed-off-by: lei he > >> Signed-off-by: zhenwei pi > >> --- > >> crypto/akcipher-nettle.c.inc | 432 +++++++++++++++++++++++++++++++++++ > >> crypto/akcipher.c | 4 + > >> crypto/meson.build | 4 + > >> crypto/rsakey-builtin.c.inc | 209 +++++++++++++++++ > >> crypto/rsakey-nettle.c.inc | 154 +++++++++++++ > >> crypto/rsakey.c | 44 ++++ > >> crypto/rsakey.h | 94 ++++++++ > >> meson.build | 11 + > >> 8 files changed, 952 insertions(+) > >> create mode 100644 crypto/akcipher-nettle.c.inc > >> create mode 100644 crypto/rsakey-builtin.c.inc > >> create mode 100644 crypto/rsakey-nettle.c.inc > >> create mode 100644 crypto/rsakey.c > >> create mode 100644 crypto/rsakey.h > >> +static int qcrypto_nettle_rsa_decrypt(QCryptoAkCipher *akcipher, > >> + const void *enc, size_t enc_len, > >> + void *data, size_t data_len, > >> + Error **errp) > >> +{ > >> + QCryptoNettleRSA *rsa = (QCryptoNettleRSA *)akcipher; > >> + mpz_t c; > >> + int ret = -1; > >> + if (enc_len > rsa->priv.size) { > >> + error_setg(errp, "Invalid buffer size"); > >> + return ret; > >> + } > > > > Again please report the invalid & expected sizes in the message > > > > We don't need to validate 'data_len' in the decrypt case, > > as you did in encrypt ? > > In the decrypt case, it is difficult (and unnecessary) to check 'data_len' before > we completing the decryption action. If the plaintext buffer is too small, > following ‘rsa_decrypt’ will return an error, and it should be valid to pass a very > large buffer. > > According to the pkcs#1 stardard, the length of ciphertext should always equal > to key size, and the length of plaintext can be any value in range [1, key_size - 11]: > > https://datatracker.ietf.org/doc/html/rfc2437#section-7.2 Ok, thanks for explaining. With regards, Daniel -- |: https://berrange.com -o- https://www.flickr.com/photos/dberrange :| |: https://libvirt.org -o- https://fstop138.berrange.com :| |: https://entangle-photo.org -o- https://www.instagram.com/dberrange :|