Merge tag 'pull-qapi-2024-09-10' of https://repo.or.cz/qemu/armbru into staging

QAPI patches patches for 2024-09-10

# -----BEGIN PGP SIGNATURE-----
#
# iQJGBAABCAAwFiEENUvIs9frKmtoZ05fOHC0AOuRhlMFA

Merge tag 'pull-qapi-2024-09-10' of https://repo.or.cz/qemu/armbru into staging

QAPI patches patches for 2024-09-10

# -----BEGIN PGP SIGNATURE-----
#
# iQJGBAABCAAwFiEENUvIs9frKmtoZ05fOHC0AOuRhlMFAmbgS0ASHGFybWJydUBy
# ZWRoYXQuY29tAAoJEDhwtADrkYZTm+sP/1kEuGdbjjVLQC7U+gCClhALpYUtIMHQ
# qNZWmnxFyW9Jx6Lk8+FZBRJegNlmA9AJ2ZzD/2I/WoNtcrNiE53rIRG71Lcy8I6U
# CRjekLPn0jhFuYhmRfwz6ilcLkyMJ15Yi7iG6ssFsO1joBtU5Q1qpzQmFUl9UbV9
# 9iBe7mE99VzNwi3hMELEM9YuSgAs8st4Itnn8SiHkJ3s6hlmF8N4HwNKfQrseGfb
# FuJNN4p8Gcu0aF/dkGE8ADJBvtgzkFnavXt0GQPC7SjGOF7rUXxnUQlszNZM0OcK
# UAfWU06sIyiOholQQt8H8jawT+rGCLomfgPUBVq5K8WByd21IeQeS0upSPeTjxS+
# d/C8wzpcbhdNOECwC/wDtgZHvCC95cHNrxuC4+4/Q1KIVVr+1cWqe8hQzFvm3TIg
# dduEFTQDIxhpE0GO1ZWNf90upzBYBWwIsh4bqsMZS7SpaYIZ6QV45yViZ1w2WfbH
# m3/F34Z3yqgFuZQrZv4OPo7xHK0+y7uZ60RrhSJtE0X080syRJKBbGmNBRidoVyu
# JOONWH44I/XN5enZV8StJnqJr9MCV0DBZUCi9ZhP/kAhBjLc5cQ6NByEa9/rebYX
# 1bLTiA1JDLzDVIan+A8dz0riWmHBvTyBwhLnEXvXb9lcB3ozgHTb7axE5RnZSYLI
# YQgBOBMFuQKM
# =YO/Q
# -----END PGP SIGNATURE-----
# gpg: Signature made Tue 10 Sep 2024 14:36:00 BST
# gpg: using RSA key 354BC8B3D7EB2A6B68674E5F3870B400EB918653
# gpg: issuer "armbru@redhat.com"
# gpg: Good signature from "Markus Armbruster <armbru@redhat.com>" [full]
# gpg: aka "Markus Armbruster <armbru@pond.sub.org>" [full]
# Primary key fingerprint: 354B C8B3 D7EB 2A6B 6867 4E5F 3870 B400 EB91 8653

* tag 'pull-qapi-2024-09-10' of https://repo.or.cz/qemu/armbru:
qapi/vfio: Rename VfioMigrationState to Qapi*, and drop prefix
qapi/cryptodev: Rename QCryptodevBackendAlgType to *Algo, and drop prefix
qapi/cryptodev: Drop unwanted 'prefix'
qapi/crypto: Rename QCryptoAFAlg to QCryptoAFAlgo
qapi/crypto: Rename QCryptoRSAPaddingAlgorithm to *Algo, and drop prefix
qapi/crypto: Rename QCryptoAkCipherAlgorithm to *Algo, and drop prefix
qapi/crypto: Rename QCryptoIVGenAlgorithm to *Algo, and drop prefix
qapi/crypto: Rename QCryptoCipherAlgorithm to *Algo, and drop prefix
qapi/crypto: Rename QCryptoHashAlgorithm to *Algo, and drop prefix
qapi/crypto: Drop unwanted 'prefix'
qapi/machine: Rename CpuS390* to S390Cpu*, and drop 'prefix'
qapi/ui: Drop temporary 'prefix'
qapi/machine: Drop temporary 'prefix'
qapi/ebpf: Drop temporary 'prefix'
qapi/crypto: Drop temporary 'prefix'
qapi/common: Drop temporary 'prefix'
qapi/block-core: Drop temporary 'prefix'
tests/qapi-schema: Drop temporary 'prefix'
qapi: Smarter camel_to_upper() to reduce need for 'prefix'

Signed-off-by: Peter Maydell <peter.maydell@linaro.org>

show more ...

qapi/crypto: Rename QCryptoCipherAlgorithm to *Algo, and drop prefix

QAPI's 'prefix' feature can make the connection between enumeration
type and its constants less than obvious. It's best used wit

qapi/crypto: Rename QCryptoCipherAlgorithm to *Algo, and drop prefix

QAPI's 'prefix' feature can make the connection between enumeration
type and its constants less than obvious. It's best used with
restraint.

QCryptoCipherAlgorithm has a 'prefix' that overrides the generated
enumeration constants' prefix to QCRYPTO_CIPHER_ALG.

We could simply drop 'prefix', but then the prefix becomes
QCRYPTO_CIPHER_ALGORITHM, which is rather long.

We could additionally rename the type to QCryptoCipherAlg, but I think
the abbreviation "alg" is less than clear.

Rename the type to QCryptoCipherAlgo instead. The prefix becomes
QCRYPTO_CIPHER_ALGO.

Signed-off-by: Markus Armbruster <armbru@redhat.com>
Acked-by: Daniel P. Berrangé <berrange@redhat.com>
Message-ID: <20240904111836.3273842-13-armbru@redhat.com>

show more ...

Merge remote-tracking branch 'remotes/berrange-gitlab/tags/crypto-and-more-pull-request' into staging

Merge crypto updates and misc fixes

* Introduce a GNUTLS backend for crypto algorithms
* Chan

Merge remote-tracking branch 'remotes/berrange-gitlab/tags/crypto-and-more-pull-request' into staging

Merge crypto updates and misc fixes

* Introduce a GNUTLS backend for crypto algorithms
* Change crypto library preference gnutls > gcrypt > nettle > built-in
* Remove built-in DES impl
* Remove XTS mode from built-in AES impl
* Fix seccomp rules to allow resource info getters
* Fix migration performance test
* Use GDateTime in io/ and net/rocker/ code
* Improve docs for -smp

# gpg: Signature made Wed 14 Jul 2021 15:08:00 BST
# gpg: using RSA key DAF3A6FDB26B62912D0E8E3FBE86EBB415104FDF
# gpg: Good signature from "Daniel P. Berrange <dan@berrange.com>" [full]
# gpg: aka "Daniel P. Berrange <berrange@redhat.com>" [full]
# Primary key fingerprint: DAF3 A6FD B26B 6291 2D0E 8E3F BE86 EBB4 1510 4FDF

* remotes/berrange-gitlab/tags/crypto-and-more-pull-request: (26 commits)
qemu-options: rewrite help for -smp options
qemu-options: tweak to show that CPU count is optional
qemu-options: re-arrange CPU topology options
docs: fix typo s/Intel/AMD/ in CPU model notes
tests/migration: fix unix socket migration
seccomp: don't block getters for resource control syscalls
io: use GDateTime for formatting timestamp for websock headers
net/rocker: use GDateTime for formatting timestamp in debug messages
crypto: prefer gnutls as the crypto backend if new enough
crypto: add gnutls pbkdf provider
crypto: add gnutls hmac provider
crypto: add gnutls hash provider
crypto: add gnutls cipher provider
crypto: introduce build system for gnutls crypto backend
crypto: flip priority of backends to prefer gcrypt
crypto: replace 'des-rfb' cipher with 'des'
crypto: delete built-in XTS cipher mode support
crypto: delete built-in DES implementation
crypto: add crypto tests for single block DES-ECB and DES-CBC
crypto: drop custom XTS support in gcrypt driver
...

Signed-off-by: Peter Maydell <peter.maydell@linaro.org>

show more ...

crypto: delete built-in XTS cipher mode support

The built-in AES+XTS implementation is used for the LUKS encryption
When building system emulators it is reasonable to expect that an
external crypto

crypto: delete built-in XTS cipher mode support

The built-in AES+XTS implementation is used for the LUKS encryption
When building system emulators it is reasonable to expect that an
external crypto library is being used instead. The performance of the
builtin XTS implementation is terrible as it has no CPU acceleration
support. It is thus not worth keeping a home grown XTS implementation
for the built-in cipher backend.

Reviewed-by: Eric Blake <eblake@redhat.com>
Signed-off-by: Daniel P. Berrangé <berrange@redhat.com>

show more ...

crypto: delete built-in DES implementation

The built-in DES implementation is used for the VNC server password
authentication scheme. When building system emulators it is reasonable
to expect that a

crypto: delete built-in DES implementation

The built-in DES implementation is used for the VNC server password
authentication scheme. When building system emulators it is reasonable
to expect that an external crypto library is being used. It is thus
not worth keeping a home grown DES implementation in tree.

Reviewed-by: Eric Blake <eblake@redhat.com>
Signed-off-by: Daniel P. Berrangé <berrange@redhat.com>

show more ...

Merge remote-tracking branch 'remotes/berrange-gitlab/tags/crypt-perf-pull-request' into staging

Improve performance of crypto cipher subsystem

# gpg: Signature made Thu 10 Sep 2020 11:05:18 BST
#

Merge remote-tracking branch 'remotes/berrange-gitlab/tags/crypt-perf-pull-request' into staging

Improve performance of crypto cipher subsystem

# gpg: Signature made Thu 10 Sep 2020 11:05:18 BST
# gpg: using RSA key DAF3A6FDB26B62912D0E8E3FBE86EBB415104FDF
# gpg: Good signature from "Daniel P. Berrange <dan@berrange.com>" [full]
# gpg: aka "Daniel P. Berrange <berrange@redhat.com>" [full]
# Primary key fingerprint: DAF3 A6FD B26B 6291 2D0E 8E3F BE86 EBB4 1510 4FDF

* remotes/berrange-gitlab/tags/crypt-perf-pull-request:
crypto/gcrypt: Split QCryptoCipherGcrypt into subclasses
crypto/nettle: Split QCryptoCipherNettle into subclasses
crypto/builtin: Split QCryptoCipherBuiltin into subclasses
crypto/builtin: Split and simplify AES_encrypt_cbc
crypto/builtin: Move AES_cbc_encrypt into cipher-builtin.inc.c
crypto/builtin: Merge qcrypto_cipher_aes_{ecb,xts}_{en,de}crypt
crypto/builtin: Remove odd-sized AES block handling
crypto: Constify cipher data tables
crypto: Move cipher->driver init to qcrypto_*_cipher_ctx_new
crypto: Allocate QCryptoCipher with the subclass
crypto: Use the correct const type for driver
crypto: Move QCryptoCipherDriver typedef to crypto/cipher.h
crypto/nettle: Fix xts_encrypt arguments
crypto: Remove redundant includes
crypto: Rename cipher include files to .c.inc
crypto: Assume blocksize is a power of 2
tests: fix output message formatting for crypto benchmarks

Signed-off-by: Peter Maydell <peter.maydell@linaro.org>

show more ...

crypto/builtin: Split QCryptoCipherBuiltin into subclasses

We had a second set of function pointers in QCryptoCipherBuiltin,
which are redundant with QCryptoCipherDriver. Split the AES and
DES impl

crypto/builtin: Split QCryptoCipherBuiltin into subclasses

We had a second set of function pointers in QCryptoCipherBuiltin,
which are redundant with QCryptoCipherDriver. Split the AES and
DES implementations to avoid one level of indirection.

Signed-off-by: Richard Henderson <richard.henderson@linaro.org>
Signed-off-by: Daniel P. Berrangé <berrange@redhat.com>

show more ...

crypto/builtin: Split and simplify AES_encrypt_cbc

Split into encrypt/decrypt functions, dropping the "enc" argument.
Now that the function is private to this file, we know that "len"
is a multiple

crypto/builtin: Split and simplify AES_encrypt_cbc

Split into encrypt/decrypt functions, dropping the "enc" argument.
Now that the function is private to this file, we know that "len"
is a multiple of AES_BLOCK_SIZE. So drop the odd block size code.

Name the functions do_aes_*crypt_cbc to match the *_ecb functions.
Reorder and re-type the arguments to match as well.

Signed-off-by: Richard Henderson <richard.henderson@linaro.org>
Signed-off-by: Daniel P. Berrangé <berrange@redhat.com>

show more ...

crypto/builtin: Move AES_cbc_encrypt into cipher-builtin.inc.c

By making the function private, we will be able to make further
simplifications. Re-indent the migrated code and fix the missing
brace

crypto/builtin: Move AES_cbc_encrypt into cipher-builtin.inc.c

By making the function private, we will be able to make further
simplifications. Re-indent the migrated code and fix the missing
braces for CODING_STYLE.

Reviewed-by: Philippe Mathieu-Daudé <philmd@redhat.com>
Signed-off-by: Richard Henderson <richard.henderson@linaro.org>
Signed-off-by: Daniel P. Berrangé <berrange@redhat.com>

show more ...

crypto/builtin: Merge qcrypto_cipher_aes_{ecb,xts}_{en,de}crypt

There's no real reason we need two separate helper functions here.
Standardize on the function signature required for xts_encrypt.
Ren

crypto/builtin: Merge qcrypto_cipher_aes_{ecb,xts}_{en,de}crypt

There's no real reason we need two separate helper functions here.
Standardize on the function signature required for xts_encrypt.
Rename to do_aes_{en,de}crypt_ecb, since the helper does not
itself do anything with respect to xts.

Reviewed-by: Philippe Mathieu-Daudé <philmd@redhat.com>
Signed-off-by: Richard Henderson <richard.henderson@linaro.org>
Signed-off-by: Daniel P. Berrangé <berrange@redhat.com>

show more ...

crypto/builtin: Remove odd-sized AES block handling

We verified that the data block is properly sized modulo
AES_BLOCK_SIZE within qcrypto_builtin_cipher_{en,de}crypt.
Therefore we will never have t

crypto/builtin: Remove odd-sized AES block handling

We verified that the data block is properly sized modulo
AES_BLOCK_SIZE within qcrypto_builtin_cipher_{en,de}crypt.
Therefore we will never have to handle odd sized blocks.

Signed-off-by: Richard Henderson <richard.henderson@linaro.org>
Signed-off-by: Daniel P. Berrangé <berrange@redhat.com>

show more ...

crypto: Move cipher->driver init to qcrypto_*_cipher_ctx_new

The class vtable should be set by the class initializer.
This will also allow additional subclassing, reducing the
amount of indirection

crypto: Move cipher->driver init to qcrypto_*_cipher_ctx_new

The class vtable should be set by the class initializer.
This will also allow additional subclassing, reducing the
amount of indirection in the hierarchy.

Signed-off-by: Richard Henderson <richard.henderson@linaro.org>
Signed-off-by: Daniel P. Berrangé <berrange@redhat.com>

show more ...

crypto: Allocate QCryptoCipher with the subclass

Merge the allocation of "opaque" into the allocation of "cipher".
This is step one in reducing the indirection in these classes.

Signed-off-by: Rich

crypto: Allocate QCryptoCipher with the subclass

Merge the allocation of "opaque" into the allocation of "cipher".
This is step one in reducing the indirection in these classes.

Signed-off-by: Richard Henderson <richard.henderson@linaro.org>
Signed-off-by: Daniel P. Berrangé <berrange@redhat.com>

show more ...

crypto: Use the correct const type for driver

This allows the in memory structures to be read-only.

Signed-off-by: Richard Henderson <richard.henderson@linaro.org>
Signed-off-by: Daniel P. Berrangé

crypto: Use the correct const type for driver

This allows the in memory structures to be read-only.

Signed-off-by: Richard Henderson <richard.henderson@linaro.org>
Signed-off-by: Daniel P. Berrangé <berrange@redhat.com>

show more ...

crypto: Remove redundant includes

Both qemu/osdep.h and cipherpriv.h have already been
included by the parent cipher.c.

Reviewed-by: Philippe Mathieu-Daudé <philmd@redhat.com>
Signed-off-by: Richar

crypto: Remove redundant includes

Both qemu/osdep.h and cipherpriv.h have already been
included by the parent cipher.c.

Reviewed-by: Philippe Mathieu-Daudé <philmd@redhat.com>
Signed-off-by: Richard Henderson <richard.henderson@linaro.org>
Signed-off-by: Daniel P. Berrangé <berrange@redhat.com>

show more ...

crypto: Rename cipher include files to .c.inc

QEMU standard procedure for included c files is to use *.c.inc.
E.g. there are a different set of checks that are applied.

Reviewed-by: Philippe Mathie

crypto: Rename cipher include files to .c.inc

QEMU standard procedure for included c files is to use *.c.inc.
E.g. there are a different set of checks that are applied.

Reviewed-by: Philippe Mathieu-Daudé <philmd@redhat.com>
Signed-off-by: Richard Henderson <richard.henderson@linaro.org>
Signed-off-by: Daniel P. Berrangé <berrange@redhat.com>

show more ...