Re: [PULL 5/5] crypto/tls-cipher-suites: Produce fw_cfg consumable blob
Am 04.07.2020 um 18:39 hat Philippe Mathieu-Daudé geschrieben: > Since our format is consumable by the fw_cfg device, > we can implement the FW_CFG_DATA_GENERATOR interface. > > Example of use to dump the cipher suites (if tracing enabled): > > $ qemu-system-x86_64 -S \ > -object tls-cipher-suites,id=mysuite1,priority=@SYSTEM \ > -fw_cfg name=etc/path/to/ciphers,gen_id=mysuite1 \ > -trace qcrypto\* > 159066.197123:qcrypto_tls_cipher_suite_priority priority: @SYSTEM > 159066.197219:qcrypto_tls_cipher_suite_info data=[0x13,0x02] > version=TLS1.3 name=TLS_AES_256_GCM_SHA384 > 159066.197228:qcrypto_tls_cipher_suite_info data=[0x13,0x03] > version=TLS1.3 name=TLS_CHACHA20_POLY1305_SHA256 > 159066.197233:qcrypto_tls_cipher_suite_info data=[0x13,0x01] > version=TLS1.3 name=TLS_AES_128_GCM_SHA256 > 159066.197236:qcrypto_tls_cipher_suite_info data=[0x13,0x04] > version=TLS1.3 name=TLS_AES_128_CCM_SHA256 > 159066.197240:qcrypto_tls_cipher_suite_info data=[0xc0,0x30] > version=TLS1.2 name=TLS_ECDHE_RSA_AES_256_GCM_SHA384 > 159066.197245:qcrypto_tls_cipher_suite_info data=[0xcc,0xa8] > version=TLS1.2 name=TLS_ECDHE_RSA_CHACHA20_POLY1305 > 159066.197250:qcrypto_tls_cipher_suite_info data=[0xc0,0x14] > version=TLS1.0 name=TLS_ECDHE_RSA_AES_256_CBC_SHA1 > 159066.197254:qcrypto_tls_cipher_suite_info data=[0xc0,0x2f] > version=TLS1.2 name=TLS_ECDHE_RSA_AES_128_GCM_SHA256 > 159066.197258:qcrypto_tls_cipher_suite_info data=[0xc0,0x13] > version=TLS1.0 name=TLS_ECDHE_RSA_AES_128_CBC_SHA1 > 159066.197261:qcrypto_tls_cipher_suite_info data=[0xc0,0x2c] > version=TLS1.2 name=TLS_ECDHE_ECDSA_AES_256_GCM_SHA384 > 159066.197266:qcrypto_tls_cipher_suite_info data=[0xcc,0xa9] > version=TLS1.2 name=TLS_ECDHE_ECDSA_CHACHA20_POLY1305 > 159066.197270:qcrypto_tls_cipher_suite_info data=[0xc0,0xad] > version=TLS1.2 name=TLS_ECDHE_ECDSA_AES_256_CCM > 159066.197274:qcrypto_tls_cipher_suite_info data=[0xc0,0x0a] > version=TLS1.0 name=TLS_ECDHE_ECDSA_AES_256_CBC_SHA1 > 159066.197278:qcrypto_tls_cipher_suite_info data=[0xc0,0x2b] > version=TLS1.2 name=TLS_ECDHE_ECDSA_AES_128_GCM_SHA256 > 159066.197283:qcrypto_tls_cipher_suite_info data=[0xc0,0xac] > version=TLS1.2 name=TLS_ECDHE_ECDSA_AES_128_CCM > 159066.197287:qcrypto_tls_cipher_suite_info data=[0xc0,0x09] > version=TLS1.0 name=TLS_ECDHE_ECDSA_AES_128_CBC_SHA1 > 159066.197291:qcrypto_tls_cipher_suite_info data=[0x00,0x9d] > version=TLS1.2 name=TLS_RSA_AES_256_GCM_SHA384 > 159066.197296:qcrypto_tls_cipher_suite_info data=[0xc0,0x9d] > version=TLS1.2 name=TLS_RSA_AES_256_CCM > 159066.197300:qcrypto_tls_cipher_suite_info data=[0x00,0x35] > version=TLS1.0 name=TLS_RSA_AES_256_CBC_SHA1 > 159066.197304:qcrypto_tls_cipher_suite_info data=[0x00,0x9c] > version=TLS1.2 name=TLS_RSA_AES_128_GCM_SHA256 > 159066.197308:qcrypto_tls_cipher_suite_info data=[0xc0,0x9c] > version=TLS1.2 name=TLS_RSA_AES_128_CCM > 159066.197312:qcrypto_tls_cipher_suite_info data=[0x00,0x2f] > version=TLS1.0 name=TLS_RSA_AES_128_CBC_SHA1 > 159066.197316:qcrypto_tls_cipher_suite_info data=[0x00,0x9f] > version=TLS1.2 name=TLS_DHE_RSA_AES_256_GCM_SHA384 > 159066.197320:qcrypto_tls_cipher_suite_info data=[0xcc,0xaa] > version=TLS1.2 name=TLS_DHE_RSA_CHACHA20_POLY1305 > 159066.197325:qcrypto_tls_cipher_suite_info data=[0xc0,0x9f] > version=TLS1.2 name=TLS_DHE_RSA_AES_256_CCM > 159066.197329:qcrypto_tls_cipher_suite_info data=[0x00,0x39] > version=TLS1.0 name=TLS_DHE_RSA_AES_256_CBC_SHA1 > 159066.197333:qcrypto_tls_cipher_suite_info data=[0x00,0x9e] > version=TLS1.2 name=TLS_DHE_RSA_AES_128_GCM_SHA256 > 159066.197337:qcrypto_tls_cipher_suite_info data=[0xc0,0x9e] > version=TLS1.2 name=TLS_DHE_RSA_AES_128_CCM > 159066.197341:qcrypto_tls_cipher_suite_info data=[0x00,0x33] > version=TLS1.0 name=TLS_DHE_RSA_AES_128_CBC_SHA1 > 159066.197345:qcrypto_tls_cipher_suite_count count: 29 > > Signed-off-by: Philippe Mathieu-Daudé > Reviewed-by: Daniel P. Berrangé > Acked-by: Laszlo Ersek > Message-Id: <20200623172726.21040-6-phi...@redhat.com> I noticed only now that this breaks '--object help' in qemu-storage-daemon: $ qemu-storage-daemon --object help List of user creatable objects: qemu-storage-daemon: missing interface 'fw_cfg-data-generator' for object 'tls-creds' Aborted (core dumped) The reason is that we don't (and can't) link hw/nvram/fw_cfg.c into the storage daemon because it requires other system emulator stuff. Kevin
Re: [PULL 5/5] crypto/tls-cipher-suites: Produce fw_cfg consumable blob
On 09/29/20 17:46, Kevin Wolf wrote: > Am 04.07.2020 um 18:39 hat Philippe Mathieu-Daudé geschrieben: >> Since our format is consumable by the fw_cfg device, >> we can implement the FW_CFG_DATA_GENERATOR interface. >> >> Example of use to dump the cipher suites (if tracing enabled): >> >> $ qemu-system-x86_64 -S \ >> -object tls-cipher-suites,id=mysuite1,priority=@SYSTEM \ >> -fw_cfg name=etc/path/to/ciphers,gen_id=mysuite1 \ >> -trace qcrypto\* >> 159066.197123:qcrypto_tls_cipher_suite_priority priority: @SYSTEM >> 159066.197219:qcrypto_tls_cipher_suite_info data=[0x13,0x02] >> version=TLS1.3 name=TLS_AES_256_GCM_SHA384 >> 159066.197228:qcrypto_tls_cipher_suite_info data=[0x13,0x03] >> version=TLS1.3 name=TLS_CHACHA20_POLY1305_SHA256 >> 159066.197233:qcrypto_tls_cipher_suite_info data=[0x13,0x01] >> version=TLS1.3 name=TLS_AES_128_GCM_SHA256 >> 159066.197236:qcrypto_tls_cipher_suite_info data=[0x13,0x04] >> version=TLS1.3 name=TLS_AES_128_CCM_SHA256 >> 159066.197240:qcrypto_tls_cipher_suite_info data=[0xc0,0x30] >> version=TLS1.2 name=TLS_ECDHE_RSA_AES_256_GCM_SHA384 >> 159066.197245:qcrypto_tls_cipher_suite_info data=[0xcc,0xa8] >> version=TLS1.2 name=TLS_ECDHE_RSA_CHACHA20_POLY1305 >> 159066.197250:qcrypto_tls_cipher_suite_info data=[0xc0,0x14] >> version=TLS1.0 name=TLS_ECDHE_RSA_AES_256_CBC_SHA1 >> 159066.197254:qcrypto_tls_cipher_suite_info data=[0xc0,0x2f] >> version=TLS1.2 name=TLS_ECDHE_RSA_AES_128_GCM_SHA256 >> 159066.197258:qcrypto_tls_cipher_suite_info data=[0xc0,0x13] >> version=TLS1.0 name=TLS_ECDHE_RSA_AES_128_CBC_SHA1 >> 159066.197261:qcrypto_tls_cipher_suite_info data=[0xc0,0x2c] >> version=TLS1.2 name=TLS_ECDHE_ECDSA_AES_256_GCM_SHA384 >> 159066.197266:qcrypto_tls_cipher_suite_info data=[0xcc,0xa9] >> version=TLS1.2 name=TLS_ECDHE_ECDSA_CHACHA20_POLY1305 >> 159066.197270:qcrypto_tls_cipher_suite_info data=[0xc0,0xad] >> version=TLS1.2 name=TLS_ECDHE_ECDSA_AES_256_CCM >> 159066.197274:qcrypto_tls_cipher_suite_info data=[0xc0,0x0a] >> version=TLS1.0 name=TLS_ECDHE_ECDSA_AES_256_CBC_SHA1 >> 159066.197278:qcrypto_tls_cipher_suite_info data=[0xc0,0x2b] >> version=TLS1.2 name=TLS_ECDHE_ECDSA_AES_128_GCM_SHA256 >> 159066.197283:qcrypto_tls_cipher_suite_info data=[0xc0,0xac] >> version=TLS1.2 name=TLS_ECDHE_ECDSA_AES_128_CCM >> 159066.197287:qcrypto_tls_cipher_suite_info data=[0xc0,0x09] >> version=TLS1.0 name=TLS_ECDHE_ECDSA_AES_128_CBC_SHA1 >> 159066.197291:qcrypto_tls_cipher_suite_info data=[0x00,0x9d] >> version=TLS1.2 name=TLS_RSA_AES_256_GCM_SHA384 >> 159066.197296:qcrypto_tls_cipher_suite_info data=[0xc0,0x9d] >> version=TLS1.2 name=TLS_RSA_AES_256_CCM >> 159066.197300:qcrypto_tls_cipher_suite_info data=[0x00,0x35] >> version=TLS1.0 name=TLS_RSA_AES_256_CBC_SHA1 >> 159066.197304:qcrypto_tls_cipher_suite_info data=[0x00,0x9c] >> version=TLS1.2 name=TLS_RSA_AES_128_GCM_SHA256 >> 159066.197308:qcrypto_tls_cipher_suite_info data=[0xc0,0x9c] >> version=TLS1.2 name=TLS_RSA_AES_128_CCM >> 159066.197312:qcrypto_tls_cipher_suite_info data=[0x00,0x2f] >> version=TLS1.0 name=TLS_RSA_AES_128_CBC_SHA1 >> 159066.197316:qcrypto_tls_cipher_suite_info data=[0x00,0x9f] >> version=TLS1.2 name=TLS_DHE_RSA_AES_256_GCM_SHA384 >> 159066.197320:qcrypto_tls_cipher_suite_info data=[0xcc,0xaa] >> version=TLS1.2 name=TLS_DHE_RSA_CHACHA20_POLY1305 >> 159066.197325:qcrypto_tls_cipher_suite_info data=[0xc0,0x9f] >> version=TLS1.2 name=TLS_DHE_RSA_AES_256_CCM >> 159066.197329:qcrypto_tls_cipher_suite_info data=[0x00,0x39] >> version=TLS1.0 name=TLS_DHE_RSA_AES_256_CBC_SHA1 >> 159066.197333:qcrypto_tls_cipher_suite_info data=[0x00,0x9e] >> version=TLS1.2 name=TLS_DHE_RSA_AES_128_GCM_SHA256 >> 159066.197337:qcrypto_tls_cipher_suite_info data=[0xc0,0x9e] >> version=TLS1.2 name=TLS_DHE_RSA_AES_128_CCM >> 159066.197341:qcrypto_tls_cipher_suite_info data=[0x00,0x33] >> version=TLS1.0 name=TLS_DHE_RSA_AES_128_CBC_SHA1 >> 159066.197345:qcrypto_tls_cipher_suite_count count: 29 >> >> Signed-off-by: Philippe Mathieu-Daudé >> Reviewed-by: Daniel P. Berrangé >> Acked-by: Laszlo Ersek >> Message-Id: <20200623172726.21040-6-phi...@redhat.com> > > I noticed only now that this breaks '--object help' in > qemu-storage-daemon: > > $ qemu-storage-daemon --object help > List of user creatable objects: > qemu-storage-daemon: missing interface 'fw_cfg-data-generator' for object > 'tls-creds' > Aborted (core dumped) > > The reason is that we don't (and can't) link hw/nvram/fw_cfg.c into the > storage daemon because it requires other system emulator stuff. Ouch. I've been completely oblivious to "--object help" and how it affects qemu-storage-daemon. Sorry about that. Could you please include a backtrace about the abort()? Grepping for the error message, I can find type_initialize() in "qom/object.c", but my kn
Re: [PULL 5/5] crypto/tls-cipher-suites: Produce fw_cfg consumable blob
Hi Laszlo, On 10/1/20 9:18 AM, Laszlo Ersek wrote: > On 09/29/20 17:46, Kevin Wolf wrote: >> Am 04.07.2020 um 18:39 hat Philippe Mathieu-Daudé geschrieben: >>> Since our format is consumable by the fw_cfg device, >>> we can implement the FW_CFG_DATA_GENERATOR interface. >>> >>> Example of use to dump the cipher suites (if tracing enabled): >>> >>> $ qemu-system-x86_64 -S \ >>> -object tls-cipher-suites,id=mysuite1,priority=@SYSTEM \ >>> -fw_cfg name=etc/path/to/ciphers,gen_id=mysuite1 \ >>> -trace qcrypto\* >>> 159066.197123:qcrypto_tls_cipher_suite_priority priority: @SYSTEM >>> 159066.197219:qcrypto_tls_cipher_suite_info data=[0x13,0x02] >>> version=TLS1.3 name=TLS_AES_256_GCM_SHA384 >>> 159066.197228:qcrypto_tls_cipher_suite_info data=[0x13,0x03] >>> version=TLS1.3 name=TLS_CHACHA20_POLY1305_SHA256 >>> 159066.197233:qcrypto_tls_cipher_suite_info data=[0x13,0x01] >>> version=TLS1.3 name=TLS_AES_128_GCM_SHA256 >>> 159066.197236:qcrypto_tls_cipher_suite_info data=[0x13,0x04] >>> version=TLS1.3 name=TLS_AES_128_CCM_SHA256 >>> 159066.197240:qcrypto_tls_cipher_suite_info data=[0xc0,0x30] >>> version=TLS1.2 name=TLS_ECDHE_RSA_AES_256_GCM_SHA384 >>> 159066.197245:qcrypto_tls_cipher_suite_info data=[0xcc,0xa8] >>> version=TLS1.2 name=TLS_ECDHE_RSA_CHACHA20_POLY1305 >>> 159066.197250:qcrypto_tls_cipher_suite_info data=[0xc0,0x14] >>> version=TLS1.0 name=TLS_ECDHE_RSA_AES_256_CBC_SHA1 >>> 159066.197254:qcrypto_tls_cipher_suite_info data=[0xc0,0x2f] >>> version=TLS1.2 name=TLS_ECDHE_RSA_AES_128_GCM_SHA256 >>> 159066.197258:qcrypto_tls_cipher_suite_info data=[0xc0,0x13] >>> version=TLS1.0 name=TLS_ECDHE_RSA_AES_128_CBC_SHA1 >>> 159066.197261:qcrypto_tls_cipher_suite_info data=[0xc0,0x2c] >>> version=TLS1.2 name=TLS_ECDHE_ECDSA_AES_256_GCM_SHA384 >>> 159066.197266:qcrypto_tls_cipher_suite_info data=[0xcc,0xa9] >>> version=TLS1.2 name=TLS_ECDHE_ECDSA_CHACHA20_POLY1305 >>> 159066.197270:qcrypto_tls_cipher_suite_info data=[0xc0,0xad] >>> version=TLS1.2 name=TLS_ECDHE_ECDSA_AES_256_CCM >>> 159066.197274:qcrypto_tls_cipher_suite_info data=[0xc0,0x0a] >>> version=TLS1.0 name=TLS_ECDHE_ECDSA_AES_256_CBC_SHA1 >>> 159066.197278:qcrypto_tls_cipher_suite_info data=[0xc0,0x2b] >>> version=TLS1.2 name=TLS_ECDHE_ECDSA_AES_128_GCM_SHA256 >>> 159066.197283:qcrypto_tls_cipher_suite_info data=[0xc0,0xac] >>> version=TLS1.2 name=TLS_ECDHE_ECDSA_AES_128_CCM >>> 159066.197287:qcrypto_tls_cipher_suite_info data=[0xc0,0x09] >>> version=TLS1.0 name=TLS_ECDHE_ECDSA_AES_128_CBC_SHA1 >>> 159066.197291:qcrypto_tls_cipher_suite_info data=[0x00,0x9d] >>> version=TLS1.2 name=TLS_RSA_AES_256_GCM_SHA384 >>> 159066.197296:qcrypto_tls_cipher_suite_info data=[0xc0,0x9d] >>> version=TLS1.2 name=TLS_RSA_AES_256_CCM >>> 159066.197300:qcrypto_tls_cipher_suite_info data=[0x00,0x35] >>> version=TLS1.0 name=TLS_RSA_AES_256_CBC_SHA1 >>> 159066.197304:qcrypto_tls_cipher_suite_info data=[0x00,0x9c] >>> version=TLS1.2 name=TLS_RSA_AES_128_GCM_SHA256 >>> 159066.197308:qcrypto_tls_cipher_suite_info data=[0xc0,0x9c] >>> version=TLS1.2 name=TLS_RSA_AES_128_CCM >>> 159066.197312:qcrypto_tls_cipher_suite_info data=[0x00,0x2f] >>> version=TLS1.0 name=TLS_RSA_AES_128_CBC_SHA1 >>> 159066.197316:qcrypto_tls_cipher_suite_info data=[0x00,0x9f] >>> version=TLS1.2 name=TLS_DHE_RSA_AES_256_GCM_SHA384 >>> 159066.197320:qcrypto_tls_cipher_suite_info data=[0xcc,0xaa] >>> version=TLS1.2 name=TLS_DHE_RSA_CHACHA20_POLY1305 >>> 159066.197325:qcrypto_tls_cipher_suite_info data=[0xc0,0x9f] >>> version=TLS1.2 name=TLS_DHE_RSA_AES_256_CCM >>> 159066.197329:qcrypto_tls_cipher_suite_info data=[0x00,0x39] >>> version=TLS1.0 name=TLS_DHE_RSA_AES_256_CBC_SHA1 >>> 159066.197333:qcrypto_tls_cipher_suite_info data=[0x00,0x9e] >>> version=TLS1.2 name=TLS_DHE_RSA_AES_128_GCM_SHA256 >>> 159066.197337:qcrypto_tls_cipher_suite_info data=[0xc0,0x9e] >>> version=TLS1.2 name=TLS_DHE_RSA_AES_128_CCM >>> 159066.197341:qcrypto_tls_cipher_suite_info data=[0x00,0x33] >>> version=TLS1.0 name=TLS_DHE_RSA_AES_128_CBC_SHA1 >>> 159066.197345:qcrypto_tls_cipher_suite_count count: 29 >>> >>> Signed-off-by: Philippe Mathieu-Daudé >>> Reviewed-by: Daniel P. Berrangé >>> Acked-by: Laszlo Ersek >>> Message-Id: <20200623172726.21040-6-phi...@redhat.com> >> >> I noticed only now that this breaks '--object help' in >> qemu-storage-daemon: >> >> $ qemu-storage-daemon --object help >> List of user creatable objects: >> qemu-storage-daemon: missing interface 'fw_cfg-data-generator' for object >> 'tls-creds' >> Aborted (core dumped) >> >> The reason is that we don't (and can't) link hw/nvram/fw_cfg.c into the >> storage daemon because it requires other system emulator stuff. > > Ouch. I've been completely oblivious to "--object help" and how it > affects qemu-storage-daemon. Sorry about that. >
Re: [PULL 5/5] crypto/tls-cipher-suites: Produce fw_cfg consumable blob
On 10/05/20 11:16, Philippe Mathieu-Daudé wrote: > Hi Laszlo, > > On 10/1/20 9:18 AM, Laszlo Ersek wrote: >> On 09/29/20 17:46, Kevin Wolf wrote: >>> Am 04.07.2020 um 18:39 hat Philippe Mathieu-Daudé geschrieben: Since our format is consumable by the fw_cfg device, we can implement the FW_CFG_DATA_GENERATOR interface. Example of use to dump the cipher suites (if tracing enabled): $ qemu-system-x86_64 -S \ -object tls-cipher-suites,id=mysuite1,priority=@SYSTEM \ -fw_cfg name=etc/path/to/ciphers,gen_id=mysuite1 \ -trace qcrypto\* 159066.197123:qcrypto_tls_cipher_suite_priority priority: @SYSTEM 159066.197219:qcrypto_tls_cipher_suite_info data=[0x13,0x02] version=TLS1.3 name=TLS_AES_256_GCM_SHA384 159066.197228:qcrypto_tls_cipher_suite_info data=[0x13,0x03] version=TLS1.3 name=TLS_CHACHA20_POLY1305_SHA256 159066.197233:qcrypto_tls_cipher_suite_info data=[0x13,0x01] version=TLS1.3 name=TLS_AES_128_GCM_SHA256 159066.197236:qcrypto_tls_cipher_suite_info data=[0x13,0x04] version=TLS1.3 name=TLS_AES_128_CCM_SHA256 159066.197240:qcrypto_tls_cipher_suite_info data=[0xc0,0x30] version=TLS1.2 name=TLS_ECDHE_RSA_AES_256_GCM_SHA384 159066.197245:qcrypto_tls_cipher_suite_info data=[0xcc,0xa8] version=TLS1.2 name=TLS_ECDHE_RSA_CHACHA20_POLY1305 159066.197250:qcrypto_tls_cipher_suite_info data=[0xc0,0x14] version=TLS1.0 name=TLS_ECDHE_RSA_AES_256_CBC_SHA1 159066.197254:qcrypto_tls_cipher_suite_info data=[0xc0,0x2f] version=TLS1.2 name=TLS_ECDHE_RSA_AES_128_GCM_SHA256 159066.197258:qcrypto_tls_cipher_suite_info data=[0xc0,0x13] version=TLS1.0 name=TLS_ECDHE_RSA_AES_128_CBC_SHA1 159066.197261:qcrypto_tls_cipher_suite_info data=[0xc0,0x2c] version=TLS1.2 name=TLS_ECDHE_ECDSA_AES_256_GCM_SHA384 159066.197266:qcrypto_tls_cipher_suite_info data=[0xcc,0xa9] version=TLS1.2 name=TLS_ECDHE_ECDSA_CHACHA20_POLY1305 159066.197270:qcrypto_tls_cipher_suite_info data=[0xc0,0xad] version=TLS1.2 name=TLS_ECDHE_ECDSA_AES_256_CCM 159066.197274:qcrypto_tls_cipher_suite_info data=[0xc0,0x0a] version=TLS1.0 name=TLS_ECDHE_ECDSA_AES_256_CBC_SHA1 159066.197278:qcrypto_tls_cipher_suite_info data=[0xc0,0x2b] version=TLS1.2 name=TLS_ECDHE_ECDSA_AES_128_GCM_SHA256 159066.197283:qcrypto_tls_cipher_suite_info data=[0xc0,0xac] version=TLS1.2 name=TLS_ECDHE_ECDSA_AES_128_CCM 159066.197287:qcrypto_tls_cipher_suite_info data=[0xc0,0x09] version=TLS1.0 name=TLS_ECDHE_ECDSA_AES_128_CBC_SHA1 159066.197291:qcrypto_tls_cipher_suite_info data=[0x00,0x9d] version=TLS1.2 name=TLS_RSA_AES_256_GCM_SHA384 159066.197296:qcrypto_tls_cipher_suite_info data=[0xc0,0x9d] version=TLS1.2 name=TLS_RSA_AES_256_CCM 159066.197300:qcrypto_tls_cipher_suite_info data=[0x00,0x35] version=TLS1.0 name=TLS_RSA_AES_256_CBC_SHA1 159066.197304:qcrypto_tls_cipher_suite_info data=[0x00,0x9c] version=TLS1.2 name=TLS_RSA_AES_128_GCM_SHA256 159066.197308:qcrypto_tls_cipher_suite_info data=[0xc0,0x9c] version=TLS1.2 name=TLS_RSA_AES_128_CCM 159066.197312:qcrypto_tls_cipher_suite_info data=[0x00,0x2f] version=TLS1.0 name=TLS_RSA_AES_128_CBC_SHA1 159066.197316:qcrypto_tls_cipher_suite_info data=[0x00,0x9f] version=TLS1.2 name=TLS_DHE_RSA_AES_256_GCM_SHA384 159066.197320:qcrypto_tls_cipher_suite_info data=[0xcc,0xaa] version=TLS1.2 name=TLS_DHE_RSA_CHACHA20_POLY1305 159066.197325:qcrypto_tls_cipher_suite_info data=[0xc0,0x9f] version=TLS1.2 name=TLS_DHE_RSA_AES_256_CCM 159066.197329:qcrypto_tls_cipher_suite_info data=[0x00,0x39] version=TLS1.0 name=TLS_DHE_RSA_AES_256_CBC_SHA1 159066.197333:qcrypto_tls_cipher_suite_info data=[0x00,0x9e] version=TLS1.2 name=TLS_DHE_RSA_AES_128_GCM_SHA256 159066.197337:qcrypto_tls_cipher_suite_info data=[0xc0,0x9e] version=TLS1.2 name=TLS_DHE_RSA_AES_128_CCM 159066.197341:qcrypto_tls_cipher_suite_info data=[0x00,0x33] version=TLS1.0 name=TLS_DHE_RSA_AES_128_CBC_SHA1 159066.197345:qcrypto_tls_cipher_suite_count count: 29 Signed-off-by: Philippe Mathieu-Daudé Reviewed-by: Daniel P. Berrangé Acked-by: Laszlo Ersek Message-Id: <20200623172726.21040-6-phi...@redhat.com> >>> >>> I noticed only now that this breaks '--object help' in >>> qemu-storage-daemon: >>> >>> $ qemu-storage-daemon --object help >>> List of user creatable objects: >>> qemu-storage-daemon: missing interface 'fw_cfg-data-generator' for object >>> 'tls-creds' >>> Aborted (core dumped) >>> >>> The reason is that we don't (and can't) link hw/nvram/fw_cfg.c into the >>> storage daemon because it requires other syst
Re: [PULL 5/5] crypto/tls-cipher-suites: Produce fw_cfg consumable blob
On 10/6/20 10:41 AM, Laszlo Ersek wrote: > On 10/05/20 11:16, Philippe Mathieu-Daudé wrote: >> Hi Laszlo, >> >> On 10/1/20 9:18 AM, Laszlo Ersek wrote: >>> On 09/29/20 17:46, Kevin Wolf wrote: Am 04.07.2020 um 18:39 hat Philippe Mathieu-Daudé geschrieben: > Since our format is consumable by the fw_cfg device, > we can implement the FW_CFG_DATA_GENERATOR interface. > > Example of use to dump the cipher suites (if tracing enabled): > > $ qemu-system-x86_64 -S \ > -object tls-cipher-suites,id=mysuite1,priority=@SYSTEM \ > -fw_cfg name=etc/path/to/ciphers,gen_id=mysuite1 \ > -trace qcrypto\* > 159066.197123:qcrypto_tls_cipher_suite_priority priority: @SYSTEM > 159066.197219:qcrypto_tls_cipher_suite_info data=[0x13,0x02] > version=TLS1.3 name=TLS_AES_256_GCM_SHA384 > 159066.197228:qcrypto_tls_cipher_suite_info data=[0x13,0x03] > version=TLS1.3 name=TLS_CHACHA20_POLY1305_SHA256 > 159066.197233:qcrypto_tls_cipher_suite_info data=[0x13,0x01] > version=TLS1.3 name=TLS_AES_128_GCM_SHA256 > 159066.197236:qcrypto_tls_cipher_suite_info data=[0x13,0x04] > version=TLS1.3 name=TLS_AES_128_CCM_SHA256 > 159066.197240:qcrypto_tls_cipher_suite_info data=[0xc0,0x30] > version=TLS1.2 name=TLS_ECDHE_RSA_AES_256_GCM_SHA384 > 159066.197245:qcrypto_tls_cipher_suite_info data=[0xcc,0xa8] > version=TLS1.2 name=TLS_ECDHE_RSA_CHACHA20_POLY1305 > 159066.197250:qcrypto_tls_cipher_suite_info data=[0xc0,0x14] > version=TLS1.0 name=TLS_ECDHE_RSA_AES_256_CBC_SHA1 > 159066.197254:qcrypto_tls_cipher_suite_info data=[0xc0,0x2f] > version=TLS1.2 name=TLS_ECDHE_RSA_AES_128_GCM_SHA256 > 159066.197258:qcrypto_tls_cipher_suite_info data=[0xc0,0x13] > version=TLS1.0 name=TLS_ECDHE_RSA_AES_128_CBC_SHA1 > 159066.197261:qcrypto_tls_cipher_suite_info data=[0xc0,0x2c] > version=TLS1.2 name=TLS_ECDHE_ECDSA_AES_256_GCM_SHA384 > 159066.197266:qcrypto_tls_cipher_suite_info data=[0xcc,0xa9] > version=TLS1.2 name=TLS_ECDHE_ECDSA_CHACHA20_POLY1305 > 159066.197270:qcrypto_tls_cipher_suite_info data=[0xc0,0xad] > version=TLS1.2 name=TLS_ECDHE_ECDSA_AES_256_CCM > 159066.197274:qcrypto_tls_cipher_suite_info data=[0xc0,0x0a] > version=TLS1.0 name=TLS_ECDHE_ECDSA_AES_256_CBC_SHA1 > 159066.197278:qcrypto_tls_cipher_suite_info data=[0xc0,0x2b] > version=TLS1.2 name=TLS_ECDHE_ECDSA_AES_128_GCM_SHA256 > 159066.197283:qcrypto_tls_cipher_suite_info data=[0xc0,0xac] > version=TLS1.2 name=TLS_ECDHE_ECDSA_AES_128_CCM > 159066.197287:qcrypto_tls_cipher_suite_info data=[0xc0,0x09] > version=TLS1.0 name=TLS_ECDHE_ECDSA_AES_128_CBC_SHA1 > 159066.197291:qcrypto_tls_cipher_suite_info data=[0x00,0x9d] > version=TLS1.2 name=TLS_RSA_AES_256_GCM_SHA384 > 159066.197296:qcrypto_tls_cipher_suite_info data=[0xc0,0x9d] > version=TLS1.2 name=TLS_RSA_AES_256_CCM > 159066.197300:qcrypto_tls_cipher_suite_info data=[0x00,0x35] > version=TLS1.0 name=TLS_RSA_AES_256_CBC_SHA1 > 159066.197304:qcrypto_tls_cipher_suite_info data=[0x00,0x9c] > version=TLS1.2 name=TLS_RSA_AES_128_GCM_SHA256 > 159066.197308:qcrypto_tls_cipher_suite_info data=[0xc0,0x9c] > version=TLS1.2 name=TLS_RSA_AES_128_CCM > 159066.197312:qcrypto_tls_cipher_suite_info data=[0x00,0x2f] > version=TLS1.0 name=TLS_RSA_AES_128_CBC_SHA1 > 159066.197316:qcrypto_tls_cipher_suite_info data=[0x00,0x9f] > version=TLS1.2 name=TLS_DHE_RSA_AES_256_GCM_SHA384 > 159066.197320:qcrypto_tls_cipher_suite_info data=[0xcc,0xaa] > version=TLS1.2 name=TLS_DHE_RSA_CHACHA20_POLY1305 > 159066.197325:qcrypto_tls_cipher_suite_info data=[0xc0,0x9f] > version=TLS1.2 name=TLS_DHE_RSA_AES_256_CCM > 159066.197329:qcrypto_tls_cipher_suite_info data=[0x00,0x39] > version=TLS1.0 name=TLS_DHE_RSA_AES_256_CBC_SHA1 > 159066.197333:qcrypto_tls_cipher_suite_info data=[0x00,0x9e] > version=TLS1.2 name=TLS_DHE_RSA_AES_128_GCM_SHA256 > 159066.197337:qcrypto_tls_cipher_suite_info data=[0xc0,0x9e] > version=TLS1.2 name=TLS_DHE_RSA_AES_128_CCM > 159066.197341:qcrypto_tls_cipher_suite_info data=[0x00,0x33] > version=TLS1.0 name=TLS_DHE_RSA_AES_128_CBC_SHA1 > 159066.197345:qcrypto_tls_cipher_suite_count count: 29 > > Signed-off-by: Philippe Mathieu-Daudé > Reviewed-by: Daniel P. Berrangé > Acked-by: Laszlo Ersek > Message-Id: <20200623172726.21040-6-phi...@redhat.com> I noticed only now that this breaks '--object help' in qemu-storage-daemon: $ qemu-storage-daemon --object help List of user creatable objects: qemu-storage-daemon: missing interface 'fw_cfg-data-generator' for object 'tls-creds' Aborted (core dumped)
