[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: [External] [PATCH v5 5/9] crypto: Implement RSA algorithm by hogweed
From: |
Daniel P . Berrangé |
Subject: |
Re: [External] [PATCH v5 5/9] crypto: Implement RSA algorithm by hogweed |
Date: |
Fri, 13 May 2022 13:29:13 +0100 |
User-agent: |
Mutt/2.2.1 (2022-02-19) |
On Fri, May 13, 2022 at 08:26:14PM +0800, 何磊 wrote:
>
>
> > On May 13, 2022, at 6:55 PM, Daniel P. Berrangé <berrange@redhat.com> wrote:
> >
> > On Thu, Apr 28, 2022 at 09:59:39PM +0800, zhenwei pi wrote:
> >> From: Lei He <helei.sig11@bytedance.com>
> >>
> >> Implement RSA algorithm by hogweed from nettle. Thus QEMU supports
> >> a 'real' RSA backend to handle request from guest side. It's
> >> important to test RSA offload case without OS & hardware requirement.
> >>
> >> Signed-off-by: lei he <helei.sig11@bytedance.com>
> >> Signed-off-by: zhenwei pi <pizhenwei@bytedance.com>
> >> ---
> >> crypto/akcipher-nettle.c.inc | 432 +++++++++++++++++++++++++++++++++++
> >> crypto/akcipher.c | 4 +
> >> crypto/meson.build | 4 +
> >> crypto/rsakey-builtin.c.inc | 209 +++++++++++++++++
> >> crypto/rsakey-nettle.c.inc | 154 +++++++++++++
> >> crypto/rsakey.c | 44 ++++
> >> crypto/rsakey.h | 94 ++++++++
> >> meson.build | 11 +
> >> 8 files changed, 952 insertions(+)
> >> create mode 100644 crypto/akcipher-nettle.c.inc
> >> create mode 100644 crypto/rsakey-builtin.c.inc
> >> create mode 100644 crypto/rsakey-nettle.c.inc
> >> create mode 100644 crypto/rsakey.c
> >> create mode 100644 crypto/rsakey.h
> >> +static int qcrypto_nettle_rsa_decrypt(QCryptoAkCipher *akcipher,
> >> + const void *enc, size_t enc_len,
> >> + void *data, size_t data_len,
> >> + Error **errp)
> >> +{
> >> + QCryptoNettleRSA *rsa = (QCryptoNettleRSA *)akcipher;
> >> + mpz_t c;
> >> + int ret = -1;
> >> + if (enc_len > rsa->priv.size) {
> >> + error_setg(errp, "Invalid buffer size");
> >> + return ret;
> >> + }
> >
> > Again please report the invalid & expected sizes in the message
> >
> > We don't need to validate 'data_len' in the decrypt case,
> > as you did in encrypt ?
>
> In the decrypt case, it is difficult (and unnecessary) to check 'data_len'
> before
> we completing the decryption action. If the plaintext buffer is too small,
> following ‘rsa_decrypt’ will return an error, and it should be valid to pass
> a very
> large buffer.
>
> According to the pkcs#1 stardard, the length of ciphertext should always equal
> to key size, and the length of plaintext can be any value in range [1,
> key_size - 11]:
>
> https://datatracker.ietf.org/doc/html/rfc2437#section-7.2
Ok, thanks for explaining.
With regards,
Daniel
--
|: https://berrange.com -o- https://www.flickr.com/photos/dberrange :|
|: https://libvirt.org -o- https://fstop138.berrange.com :|
|: https://entangle-photo.org -o- https://www.instagram.com/dberrange :|