On Wed, Mar 23, 2022 at 10:49:08AM +0800, zhenwei pi wrote:
> From: Lei He <helei.sig11@xxxxxxxxxxxxx>
>
> Introduce akcipher types, also include RSA & ECDSA related types.
>
> Signed-off-by: Lei He <helei.sig11@xxxxxxxxxxxxx>
> Signed-off-by: zhenwei pi <pizhenwei@xxxxxxxxxxxxx>
> ---
> qapi/crypto.json | 86 ++++++++++++++++++++++++++++++++++++++++++++++++
> 1 file changed, 86 insertions(+)
>
> diff --git a/qapi/crypto.json b/qapi/crypto.json
> index 1ec54c15ca..d44c38e3b1 100644
> --- a/qapi/crypto.json
> +++ b/qapi/crypto.json
> @@ -540,3 +540,89 @@
> 'data': { '*loaded': { 'type': 'bool', 'features': ['deprecated'] },
> '*sanity-check': 'bool',
> '*passwordid': 'str' } }
> +##
> +# @QCryptoAkcipherAlgorithm:
Should be named QCryptoAkCipherAlgorithm
> +#
> +# The supported algorithms for asymmetric encryption ciphers
> +#
> +# @rsa: RSA algorithm
> +# @ecdsa: ECDSA algorithm
> +#
> +# Since: 7.0
> +##
> +{ 'enum': 'QCryptoAkcipherAlgorithm',
> + 'prefix': 'QCRYPTO_AKCIPHER_ALG',
> + 'data': ['rsa', 'ecdsa']}
> +
> +##
> +# @QCryptoAkcipherKeyType:
Should be named QCryptoAkCipherKeyType
> +#
> +# The type of asymmetric keys.
> +#
> +# Since: 7.0
> +##
> +{ 'enum': 'QCryptoAkcipherKeyType',
> + 'prefix': 'QCRYPTO_AKCIPHER_KEY_TYPE',
> + 'data': ['public', 'private']}
> +
> +##
> +# @QCryptoRsaHashAlgorithm:
> +#
> +# The hash algorithm for RSA pkcs1 padding algothrim
> +#
> +# Since: 7.0
> +##
> +{ 'enum': 'QCryptoRsaHashAlgorithm',
> + 'prefix': 'QCRYPTO_RSA_HASH_ALG',
> + 'data': [ 'md2', 'md3', 'md4', 'md5', 'sha1', 'sha256', 'sha384', 'sha512', 'sha224' ]}
We already have QCryptoHashAlgorithm and I don't see the
benefit in duplicating it here.
We don't have md2, md3, and md4 in QCryptoHashAlgorithm, but
that doesn't look like a real negative as I can't imagine
those should be used today.
> +##
> +# @QCryptoRsaPaddingAlgorithm:
> +#
> +# The padding algorithm for RSA.
> +#
> +# @raw: no padding used
> +# @pkcs1: pkcs1#v1.5
> +#
> +# Since: 7.0
> +##
> +{ 'enum': 'QCryptoRsaPaddingAlgorithm',
> + 'prefix': 'QCRYPTO_RSA_PADDING_ALG',
> + 'data': ['raw', 'pkcs1']}
> +
> +##
> +# @QCryptoCurveId:
Should be named QCryptoCurveID
> +#
> +# The well-known curves, referenced from https://csrc.nist.gov/csrc/media/publications/fips/186/3/archive/2009-06-25/documents/fips_186-3.pdf
> +#
> +# Since: 7.0
> +##
> +{ 'enum': 'QCryptoCurveId',
> + 'prefix': 'QCRYPTO_CURVE_ID',
> + 'data': ['nist-p192', 'nist-p224', 'nist-p256', 'nist-p384', 'nist-p521']}
> +
> +##
> +# @QCryptoRsaOptions:
This should be named QCryptoAkCipherOptionsRSA
> +#
> +# Specific parameters for RSA algorithm.
> +#
> +# @hash-algo: QCryptoRsaHashAlgorithm
> +# @padding-algo: QCryptoRsaPaddingAlgorithm
> +#
> +# Since: 7.0
> +##
> +{ 'struct': 'QCryptoRsaOptions',
> + 'data': { 'hash-algo':'QCryptoRsaHashAlgorithm',
> + 'padding-algo': 'QCryptoRsaPaddingAlgorithm'}}
Our naming convention is 'XXX-alg' rather than 'XXX-algo'.
> +
> +##
> +# @QCryptoEcdsaOptions:
This should be named QCryptoAkCipherOptionsECDSA
> +#
> +# Specific parameter for ECDSA algorithm.
> +#
> +# @curve-id: QCryptoCurveId
> +#
> +# Since: 7.0
> +##
> +{ 'struct': 'QCryptoEcdsaOptions',
> + 'data': { 'curve-id': 'QCryptoCurveId' }}
Having these two structs standalone looks wrong to me. I suspect that
callers will need to be able to conditionally pass in either one, and
so require the API to use a discriminated union
{ 'union': 'QCryptoAkCipherOptions'
'base': { 'algorithm': 'QCryptoAkCipherAlgorithm' },
'discriminator': 'algorithm',
'data': { 'rsa': 'QCryptoAkCipherOptionsRSA' ,
'ecdsa': 'QCryptoAkCipherOptionsECDSA' } }
With regards,
Daniel
--
|: https://berrange.com -o- https://www.flickr.com/photos/dberrange :|
|: https://libvirt.org -o- https://fstop138.berrange.com :|
|: https://entangle-photo.org -o- https://www.instagram.com/dberrange :|
_______________________________________________
Virtualization mailing list
Virtualization@xxxxxxxxxxxxxxxxxxxxxxxxxx
https://lists.linuxfoundation.org/mailman/listinfo/virtualization
