• zhenwei pi's avatar
    virtio-crypto: implement RSA algorithm · 59ca6c93
    zhenwei pi authored
    Support rsa & pkcs1pad(rsa,sha1) with priority 150.
    
    Test with QEMU built-in backend, it works fine.
    1, The self-test framework of crypto layer works fine in guest kernel
    2, Test with Linux guest(with asym support), the following script
    test(note that pkey_XXX is supported only in a newer version of keyutils):
      - both public key & private key
      - create/close session
      - encrypt/decrypt/sign/verify basic driver operation
      - also test with kernel crypto layer(pkey add/query)
    
    All the cases work fine.
    
    rm -rf *.der *.pem *.pfx
    modprobe pkcs8_key_parser # if CONFIG_PKCS8_PRIVATE_KEY_PARSER=m
    rm -rf /tmp/data
    dd if=/dev/random of=/tmp/data count=1 bs=226
    
    openssl req -nodes -x509 -newkey rsa:2048 -keyout key.pem -out cert.pem -subj "/C=CN/ST=BJ/L=HD/O=qemu/OU=dev/CN=qemu/emailAddress=qemu@qemu.org"
    openssl pkcs8 -in key.pem -topk8 -nocrypt -outform DER -out key.der
    openssl x509 -in cert.pem -inform PEM -outform DER -out cert.der
    
    PRIV_KEY_ID=`cat key.der | keyctl padd asymmetric test_priv_key @s`
    echo "priv key id = "$PRIV_KEY_ID
    PUB_KEY_ID=`cat cert.der | keyctl padd asymmetric test_pub_key @s`
    echo "pub key id = "$PUB_KEY_ID
    
    keyctl pkey_query $PRIV_KEY_ID 0
    keyctl pkey_query $PUB_KEY_ID 0
    
    echo "Enc with priv key..."
    keyctl pkey_encrypt $PRIV_KEY_ID 0 /tmp/data enc=pkcs1 >/tmp/enc.priv
    echo "Dec with pub key..."
    keyctl pkey_decrypt $PRIV_KEY_ID 0 /tmp/enc.priv enc=pkcs1 >/tmp/dec
    cmp /tmp/data /tmp/dec
    
    echo "Sign with priv key..."
    keyctl pkey_sign $PRIV_KEY_ID 0 /tmp/data enc=pkcs1 hash=sha1 > /tmp/sig
    echo "Verify with pub key..."
    keyctl pkey_verify $PRIV_KEY_ID 0 /tmp/data /tmp/sig enc=pkcs1 hash=sha1
    
    echo "Enc with pub key..."
    keyctl pkey_encrypt $PUB_KEY_ID 0 /tmp/data enc=pkcs1 >/tmp/enc.pub
    echo "Dec with priv key..."
    keyctl pkey_decrypt $PRIV_KEY_ID 0 /tmp/enc.pub enc=pkcs1 >/tmp/dec
    cmp /tmp/data /tmp/dec
    
    echo "Verify with pub key..."
    keyctl pkey_verify $PUB_KEY_ID 0 /tmp/data /tmp/sig enc=pkcs1 hash=sha1
    
    [1 compiling warning during development]
    Reported-by: default avatarkernel test robot <lkp@intel.com>
    Co-developed-by: default avatarlei he <helei.sig11@bytedance.com>
    Signed-off-by: default avatarlei he <helei.sig11@bytedance.com>
    Signed-off-by: default avatarzhenwei pi <pizhenwei@bytedance.com>
    Link: https://lore.kernel.org/r/20220302033917.1295334-4-pizhenwei@bytedance.comReviewed-by: default avatarGonglei <arei.gonglei@huawei.com>
    Signed-off-by: Nathan Chancellor <nathan@kernel.org> #Kconfig tweaks
    Link: https://lore.kernel.org/r/20220308205309.2192502-1-nathan@kernel.orgSigned-off-by: default avatarMichael S. Tsirkin <mst@redhat.com>
    59ca6c93
virtio_crypto_mgr.c 8.35 KB