qemu-devel
[Top][All Lists]
Advanced
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [PULL 5/5] crypto/tls-cipher-suites: Produce fw_cfg consumable blob

From: Laszlo Ersek
Subject: Re: [PULL 5/5] crypto/tls-cipher-suites: Produce fw_cfg consumable blob
Date: Thu, 1 Oct 2020 09:18:06 +0200 
On 09/29/20 17:46, Kevin Wolf wrote:
> Am 04.07.2020 um 18:39 hat Philippe Mathieu-Daudé geschrieben:
>> Since our format is consumable by the fw_cfg device,
>> we can implement the FW_CFG_DATA_GENERATOR interface.
>>
>> Example of use to dump the cipher suites (if tracing enabled):
>>
>>   $ qemu-system-x86_64 -S \
>>     -object tls-cipher-suites,id=mysuite1,priority=@SYSTEM \
>>     -fw_cfg name=etc/path/to/ciphers,gen_id=mysuite1 \
>>     -trace qcrypto\*
>>   1590664444.197123:qcrypto_tls_cipher_suite_priority priority: @SYSTEM
>>   1590664444.197219:qcrypto_tls_cipher_suite_info data=[0x13,0x02] 
>> version=TLS1.3 name=TLS_AES_256_GCM_SHA384
>>   1590664444.197228:qcrypto_tls_cipher_suite_info data=[0x13,0x03] 
>> version=TLS1.3 name=TLS_CHACHA20_POLY1305_SHA256
>>   1590664444.197233:qcrypto_tls_cipher_suite_info data=[0x13,0x01] 
>> version=TLS1.3 name=TLS_AES_128_GCM_SHA256
>>   1590664444.197236:qcrypto_tls_cipher_suite_info data=[0x13,0x04] 
>> version=TLS1.3 name=TLS_AES_128_CCM_SHA256
>>   1590664444.197240:qcrypto_tls_cipher_suite_info data=[0xc0,0x30] 
>> version=TLS1.2 name=TLS_ECDHE_RSA_AES_256_GCM_SHA384
>>   1590664444.197245:qcrypto_tls_cipher_suite_info data=[0xcc,0xa8] 
>> version=TLS1.2 name=TLS_ECDHE_RSA_CHACHA20_POLY1305
>>   1590664444.197250:qcrypto_tls_cipher_suite_info data=[0xc0,0x14] 
>> version=TLS1.0 name=TLS_ECDHE_RSA_AES_256_CBC_SHA1
>>   1590664444.197254:qcrypto_tls_cipher_suite_info data=[0xc0,0x2f] 
>> version=TLS1.2 name=TLS_ECDHE_RSA_AES_128_GCM_SHA256
>>   1590664444.197258:qcrypto_tls_cipher_suite_info data=[0xc0,0x13] 
>> version=TLS1.0 name=TLS_ECDHE_RSA_AES_128_CBC_SHA1
>>   1590664444.197261:qcrypto_tls_cipher_suite_info data=[0xc0,0x2c] 
>> version=TLS1.2 name=TLS_ECDHE_ECDSA_AES_256_GCM_SHA384
>>   1590664444.197266:qcrypto_tls_cipher_suite_info data=[0xcc,0xa9] 
>> version=TLS1.2 name=TLS_ECDHE_ECDSA_CHACHA20_POLY1305
>>   1590664444.197270:qcrypto_tls_cipher_suite_info data=[0xc0,0xad] 
>> version=TLS1.2 name=TLS_ECDHE_ECDSA_AES_256_CCM
>>   1590664444.197274:qcrypto_tls_cipher_suite_info data=[0xc0,0x0a] 
>> version=TLS1.0 name=TLS_ECDHE_ECDSA_AES_256_CBC_SHA1
>>   1590664444.197278:qcrypto_tls_cipher_suite_info data=[0xc0,0x2b] 
>> version=TLS1.2 name=TLS_ECDHE_ECDSA_AES_128_GCM_SHA256
>>   1590664444.197283:qcrypto_tls_cipher_suite_info data=[0xc0,0xac] 
>> version=TLS1.2 name=TLS_ECDHE_ECDSA_AES_128_CCM
>>   1590664444.197287:qcrypto_tls_cipher_suite_info data=[0xc0,0x09] 
>> version=TLS1.0 name=TLS_ECDHE_ECDSA_AES_128_CBC_SHA1
>>   1590664444.197291:qcrypto_tls_cipher_suite_info data=[0x00,0x9d] 
>> version=TLS1.2 name=TLS_RSA_AES_256_GCM_SHA384
>>   1590664444.197296:qcrypto_tls_cipher_suite_info data=[0xc0,0x9d] 
>> version=TLS1.2 name=TLS_RSA_AES_256_CCM
>>   1590664444.197300:qcrypto_tls_cipher_suite_info data=[0x00,0x35] 
>> version=TLS1.0 name=TLS_RSA_AES_256_CBC_SHA1
>>   1590664444.197304:qcrypto_tls_cipher_suite_info data=[0x00,0x9c] 
>> version=TLS1.2 name=TLS_RSA_AES_128_GCM_SHA256
>>   1590664444.197308:qcrypto_tls_cipher_suite_info data=[0xc0,0x9c] 
>> version=TLS1.2 name=TLS_RSA_AES_128_CCM
>>   1590664444.197312:qcrypto_tls_cipher_suite_info data=[0x00,0x2f] 
>> version=TLS1.0 name=TLS_RSA_AES_128_CBC_SHA1
>>   1590664444.197316:qcrypto_tls_cipher_suite_info data=[0x00,0x9f] 
>> version=TLS1.2 name=TLS_DHE_RSA_AES_256_GCM_SHA384
>>   1590664444.197320:qcrypto_tls_cipher_suite_info data=[0xcc,0xaa] 
>> version=TLS1.2 name=TLS_DHE_RSA_CHACHA20_POLY1305
>>   1590664444.197325:qcrypto_tls_cipher_suite_info data=[0xc0,0x9f] 
>> version=TLS1.2 name=TLS_DHE_RSA_AES_256_CCM
>>   1590664444.197329:qcrypto_tls_cipher_suite_info data=[0x00,0x39] 
>> version=TLS1.0 name=TLS_DHE_RSA_AES_256_CBC_SHA1
>>   1590664444.197333:qcrypto_tls_cipher_suite_info data=[0x00,0x9e] 
>> version=TLS1.2 name=TLS_DHE_RSA_AES_128_GCM_SHA256
>>   1590664444.197337:qcrypto_tls_cipher_suite_info data=[0xc0,0x9e] 
>> version=TLS1.2 name=TLS_DHE_RSA_AES_128_CCM
>>   1590664444.197341:qcrypto_tls_cipher_suite_info data=[0x00,0x33] 
>> version=TLS1.0 name=TLS_DHE_RSA_AES_128_CBC_SHA1
>>   1590664444.197345:qcrypto_tls_cipher_suite_count count: 29
>>
>> Signed-off-by: Philippe Mathieu-Daudé <philmd@redhat.com>
>> Reviewed-by: Daniel P. Berrangé <berrange@redhat.com>
>> Acked-by: Laszlo Ersek <lersek@redhat.com>
>> Message-Id: <20200623172726.21040-6-philmd@redhat.com>
> 
> I noticed only now that this breaks '--object help' in
> qemu-storage-daemon:
> 
> $ qemu-storage-daemon --object help
> List of user creatable objects:
> qemu-storage-daemon: missing interface 'fw_cfg-data-generator' for object 
> 'tls-creds'
> Aborted (core dumped)
> 
> The reason is that we don't (and can't) link hw/nvram/fw_cfg.c into the
> storage daemon because it requires other system emulator stuff.

Ouch. I've been completely oblivious to "--object help" and how it
affects qemu-storage-daemon. Sorry about that.

Could you please include a backtrace about the abort()?

Grepping for the error message, I can find type_initialize() in
"qom/object.c", but my knowledge about QOM internals is practically nil.

The error message seems bogus FWIW -- why would
TYPE_FW_CFG_DATA_GENERATOR_INTERFACE be *required* from "tls-creds"?

TYPE_FW_CFG_DATA_GENERATOR_INTERFACE is implemented by
"tls-cipher-suites", and required by "-fw_cfg name=...,gen_id=...". If
that -fw_cfg switch is not used, then why would anything look for the
TYPE_FW_CFG_DATA_GENERATOR_INTERFACE interface? Especially under the
tls-creds object?

Thanks,
Laszlo
reply via email to
[Prev in Thread] Current Thread [Next in Thread]