qemu-devel
[Top][All Lists]
Advanced
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [PATCH 11/18] crypto: rename des-rfb cipher to just des

From: Markus Armbruster
Subject: Re: [PATCH 11/18] crypto: rename des-rfb cipher to just des
Date: Thu, 08 Jul 2021 16:41:28 +0200
User-agent: Gnus/5.13 (Gnus v5.13) Emacs/27.2 (gnu/linux) 
Daniel P. Berrangé <berrange@redhat.com> writes:

> On Wed, Jul 07, 2021 at 02:47:15PM +0200, Markus Armbruster wrote:
>> Daniel P. Berrangé <berrange@redhat.com> writes:
>> 
>> > Currently the crypto layer exposes support for a 'des-rfb'
>> > algorithm which is just normal single-DES, with the bits
>> > in each key byte reversed. This special key munging is
>> > required by the RFB protocol password authentication
>> > mechanism.
>> >
>> > Since the crypto layer is generic shared code, it makes
>> > more sense to do the key byte munging in the VNC server
>> > code, and expose normal single-DES support.
>> >
>> > Signed-off-by: Daniel P. Berrangé <berrange@redhat.com>
>> > ---
>> 
>> [...]
>> 
>> > diff --git a/qapi/crypto.json b/qapi/crypto.json
>> > index 7116ae9a46..6b3fadabac 100644
>> > --- a/qapi/crypto.json
>> > +++ b/qapi/crypto.json
>> > @@ -66,7 +66,7 @@
>> >  # @aes-128: AES with 128 bit / 16 byte keys
>> >  # @aes-192: AES with 192 bit / 24 byte keys
>> >  # @aes-256: AES with 256 bit / 32 byte keys
>> > -# @des-rfb: RFB specific variant of single DES. Do not use except in VNC.
>> > +# @des: DES with 56 bit / 8 byte keys. Do not use except in VNC.
>> >  # @3des: 3DES(EDE) with 192 bit / 24 byte keys (since 2.9)
>> >  # @cast5-128: Cast5 with 128 bit / 16 byte keys
>> >  # @serpent-128: Serpent with 128 bit / 16 byte keys
>> > @@ -80,7 +80,7 @@
>> >  { 'enum': 'QCryptoCipherAlgorithm',
>> >    'prefix': 'QCRYPTO_CIPHER_ALG',
>> >    'data': ['aes-128', 'aes-192', 'aes-256',
>> > -           'des-rfb', '3des',
>> > +           'des', '3des',
>> >             'cast5-128',
>> >             'serpent-128', 'serpent-192', 'serpent-256',
>> >             'twofish-128', 'twofish-192', 'twofish-256']}
>> 
>> Is enum value "des-rfb" part of any external interface?
>
> Strictly speaking, yes, but in reality it doesn't matter.
>
>
> The only place in QEMU that actually uses DES-RFB is the
> VNC server code. That is an indirect usage when the user
> sets the "password" option flag in QemuOpts. The fact that
> it uses DES-RFB is an internal impl detail.
>
> The one place that does publically expose ability to set a
> field using the QCryptoCipherAlgorithm enum type is the
> LUKS support in the block layer:
>
> { 'struct': 'QCryptoBlockCreateOptionsLUKS',
>   'base': 'QCryptoBlockOptionsLUKS',
>   'data': { '*cipher-alg': 'QCryptoCipherAlgorithm',
>             '*cipher-mode': 'QCryptoCipherMode',
>             '*ivgen-alg': 'QCryptoIVGenAlgorithm',
>             '*ivgen-hash-alg': 'QCryptoHashAlgorithm',
>             '*hash-alg': 'QCryptoHashAlgorithm',
>             '*iter-time': 'int'}}
>
> eg exposed on CLI as:
>
>   $ qemu-img create -f luks -o cipher-alg=NNN foo.luks 1G
>
> or equivalant with QMP blockdev-create
>
> While the QMP schema allows any valid QCryptoCipherAlgorithm
> string to be set, the actual implementation does not.
>
> The crypto/block-luks.c code has a map between cipher algs
> and LUKS format algoritm names:
>
>
> static const QCryptoBlockLUKSCipherNameMap
> qcrypto_block_luks_cipher_name_map[] = {
>     { "aes", qcrypto_block_luks_cipher_size_map_aes },
>     { "cast5", qcrypto_block_luks_cipher_size_map_cast5 },
>     { "serpent", qcrypto_block_luks_cipher_size_map_serpent },
>     { "twofish", qcrypto_block_luks_cipher_size_map_twofish },
> };
>
> If it isn't in that table, it can't be used. IOW, the only
> scenario we're affecting in this rename is one which would
> already result in an error condition
>
> Original behaviour:
>
>  $ qemu-img create -f luks --object secret,id=sec0,data=123 -o 
> cipher-alg=des-rfb,key-secret=sec0 demo.luks 1G
> Formatting 'demo.luks', fmt=luks size=1073741824 key-secret=sec0 
> cipher-alg=des-rfb
> qemu-img: demo.luks: Algorithm 'des-rfb' not supported
>
> New behaviour:
>
> $ qemu-img create -f luks --object secret,id=sec0,data=123 -o 
> cipher-alg=des-rfb,key-secret=sec0 demo.luks 1G
> Formatting 'demo.luks', fmt=luks size=1073741824 key-secret=sec0 
> cipher-alg=des-fish
> qemu-img: demo.luks: Invalid parameter 'des-rfb'
>
> I considered this incompatibility to be acceptable, and thus
> not worth going through a deprecation dance.

Thanks for the explanation.  I agree the deprecation dance is not
necessary here.

Please consider explaining this in your commit message.  Suggest to
append a variation of the tail of your explanation:

  Replacing cipher 'des-rfb' by 'des' looks like an incompatible
  interface change, but it doesn't matter.  While the QMP schema allows
  ...
  qemu-img: demo.luks: Invalid parameter 'des-rfb'

Also consider tweaking the title to

  crypto: Replace 'des-rfb' cipher by 'des'

because it's not actually just a rename.

Reviewed-by: Markus Armbruster <armbru@redhat.com>
reply via email to
[Prev in Thread] Current Thread [Next in Thread]