diff options
author | zhenwei pi <pizhenwei@bytedance.com> | 2023-03-01 18:58:41 +0800 |
---|---|---|
committer | Michael S. Tsirkin <mst@redhat.com> | 2023-03-07 12:38:59 -0500 |
commit | abca0fc329a89c1a497974db50f284a37c32f2f5 (patch) | |
tree | b25b81f79be3888b0536e01404ec2bf009eb0628 /backends | |
parent | 5dcb0198109429c9f54adce939ad825eabe857b4 (diff) |
cryptodev-builtin: Detect akcipher capability
Rather than exposing akcipher service/RSA algorithm to virtio crypto
device unconditionally, detect akcipher capability from akcipher
crypto framework. This avoids unsuccessful requests.
Reviewed-by: Daniel P. Berrangé <berrange@redhat.com>
Signed-off-by: zhenwei pi <pizhenwei@bytedance.com>
Message-Id: <20230301105847.253084-7-pizhenwei@bytedance.com>
Reviewed-by: Michael S. Tsirkin <mst@redhat.com>
Signed-off-by: Michael S. Tsirkin <mst@redhat.com>
Diffstat (limited to 'backends')
-rw-r--r-- | backends/cryptodev-builtin.c | 18 |
1 files changed, 15 insertions, 3 deletions
diff --git a/backends/cryptodev-builtin.c b/backends/cryptodev-builtin.c index c0fbb650d7..c45b5906c5 100644 --- a/backends/cryptodev-builtin.c +++ b/backends/cryptodev-builtin.c @@ -59,6 +59,19 @@ struct CryptoDevBackendBuiltin { CryptoDevBackendBuiltinSession *sessions[MAX_NUM_SESSIONS]; }; +static void cryptodev_builtin_init_akcipher(CryptoDevBackend *backend) +{ + QCryptoAkCipherOptions opts; + + opts.alg = QCRYPTO_AKCIPHER_ALG_RSA; + opts.u.rsa.padding_alg = QCRYPTO_RSA_PADDING_ALG_RAW; + if (qcrypto_akcipher_supports(&opts)) { + backend->conf.crypto_services |= + (1u << QCRYPTODEV_BACKEND_SERVICE_AKCIPHER); + backend->conf.akcipher_algo = 1u << VIRTIO_CRYPTO_AKCIPHER_RSA; + } +} + static void cryptodev_builtin_init( CryptoDevBackend *backend, Error **errp) { @@ -81,11 +94,9 @@ static void cryptodev_builtin_init( backend->conf.crypto_services = 1u << QCRYPTODEV_BACKEND_SERVICE_CIPHER | 1u << QCRYPTODEV_BACKEND_SERVICE_HASH | - 1u << QCRYPTODEV_BACKEND_SERVICE_MAC | - 1u << QCRYPTODEV_BACKEND_SERVICE_AKCIPHER; + 1u << QCRYPTODEV_BACKEND_SERVICE_MAC; backend->conf.cipher_algo_l = 1u << VIRTIO_CRYPTO_CIPHER_AES_CBC; backend->conf.hash_algo = 1u << VIRTIO_CRYPTO_HASH_SHA1; - backend->conf.akcipher_algo = 1u << VIRTIO_CRYPTO_AKCIPHER_RSA; /* * Set the Maximum length of crypto request. * Why this value? Just avoid to overflow when @@ -94,6 +105,7 @@ static void cryptodev_builtin_init( backend->conf.max_size = LONG_MAX - sizeof(CryptoDevBackendOpInfo); backend->conf.max_cipher_key_len = CRYPTODEV_BUITLIN_MAX_CIPHER_KEY_LEN; backend->conf.max_auth_key_len = CRYPTODEV_BUITLIN_MAX_AUTH_KEY_LEN; + cryptodev_builtin_init_akcipher(backend); cryptodev_backend_set_ready(backend, true); } |