]>
Commit | Line | Data |
---|---|---|
1653a5f3 GA |
1 | /* |
2 | * QEMU Cryptodev backend for QEMU cipher APIs | |
3 | * | |
4 | * Copyright (c) 2016 HUAWEI TECHNOLOGIES CO., LTD. | |
5 | * | |
6 | * Authors: | |
7 | * Gonglei <arei.gonglei@huawei.com> | |
8 | * | |
9 | * This library is free software; you can redistribute it and/or | |
10 | * modify it under the terms of the GNU Lesser General Public | |
11 | * License as published by the Free Software Foundation; either | |
0dda001b | 12 | * version 2.1 of the License, or (at your option) any later version. |
1653a5f3 GA |
13 | * |
14 | * This library is distributed in the hope that it will be useful, | |
15 | * but WITHOUT ANY WARRANTY; without even the implied warranty of | |
16 | * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU | |
17 | * Lesser General Public License for more details. | |
18 | * | |
19 | * You should have received a copy of the GNU Lesser General Public | |
20 | * License along with this library; if not, see <http://www.gnu.org/licenses/>. | |
21 | * | |
22 | */ | |
23 | ||
24 | #include "qemu/osdep.h" | |
25 | #include "sysemu/cryptodev.h" | |
1653a5f3 GA |
26 | #include "qapi/error.h" |
27 | #include "standard-headers/linux/virtio_crypto.h" | |
28 | #include "crypto/cipher.h" | |
db1015e9 | 29 | #include "qom/object.h" |
1653a5f3 GA |
30 | |
31 | ||
32 | /** | |
33 | * @TYPE_CRYPTODEV_BACKEND_BUILTIN: | |
34 | * name of backend that uses QEMU cipher API | |
35 | */ | |
36 | #define TYPE_CRYPTODEV_BACKEND_BUILTIN "cryptodev-backend-builtin" | |
37 | ||
8063396b | 38 | OBJECT_DECLARE_SIMPLE_TYPE(CryptoDevBackendBuiltin, CRYPTODEV_BACKEND_BUILTIN) |
1653a5f3 | 39 | |
1653a5f3 GA |
40 | |
41 | typedef struct CryptoDevBackendBuiltinSession { | |
42 | QCryptoCipher *cipher; | |
43 | uint8_t direction; /* encryption or decryption */ | |
44 | uint8_t type; /* cipher? hash? aead? */ | |
45 | QTAILQ_ENTRY(CryptoDevBackendBuiltinSession) next; | |
46 | } CryptoDevBackendBuiltinSession; | |
47 | ||
48 | /* Max number of symmetric sessions */ | |
49 | #define MAX_NUM_SESSIONS 256 | |
50 | ||
51 | #define CRYPTODEV_BUITLIN_MAX_AUTH_KEY_LEN 512 | |
52 | #define CRYPTODEV_BUITLIN_MAX_CIPHER_KEY_LEN 64 | |
53 | ||
54 | struct CryptoDevBackendBuiltin { | |
55 | CryptoDevBackend parent_obj; | |
56 | ||
57 | CryptoDevBackendBuiltinSession *sessions[MAX_NUM_SESSIONS]; | |
58 | }; | |
59 | ||
60 | static void cryptodev_builtin_init( | |
61 | CryptoDevBackend *backend, Error **errp) | |
62 | { | |
63 | /* Only support one queue */ | |
64 | int queues = backend->conf.peers.queues; | |
65 | CryptoDevBackendClient *cc; | |
66 | ||
67 | if (queues != 1) { | |
68 | error_setg(errp, | |
69 | "Only support one queue in cryptdov-builtin backend"); | |
70 | return; | |
71 | } | |
72 | ||
73 | cc = cryptodev_backend_new_client( | |
74 | "cryptodev-builtin", NULL); | |
75 | cc->info_str = g_strdup_printf("cryptodev-builtin0"); | |
76 | cc->queue_index = 0; | |
5da73dab | 77 | cc->type = CRYPTODEV_BACKEND_TYPE_BUILTIN; |
1653a5f3 GA |
78 | backend->conf.peers.ccs[0] = cc; |
79 | ||
80 | backend->conf.crypto_services = | |
81 | 1u << VIRTIO_CRYPTO_SERVICE_CIPHER | | |
82 | 1u << VIRTIO_CRYPTO_SERVICE_HASH | | |
83 | 1u << VIRTIO_CRYPTO_SERVICE_MAC; | |
84 | backend->conf.cipher_algo_l = 1u << VIRTIO_CRYPTO_CIPHER_AES_CBC; | |
85 | backend->conf.hash_algo = 1u << VIRTIO_CRYPTO_HASH_SHA1; | |
86 | /* | |
87 | * Set the Maximum length of crypto request. | |
88 | * Why this value? Just avoid to overflow when | |
89 | * memory allocation for each crypto request. | |
90 | */ | |
91 | backend->conf.max_size = LONG_MAX - sizeof(CryptoDevBackendSymOpInfo); | |
92 | backend->conf.max_cipher_key_len = CRYPTODEV_BUITLIN_MAX_CIPHER_KEY_LEN; | |
93 | backend->conf.max_auth_key_len = CRYPTODEV_BUITLIN_MAX_AUTH_KEY_LEN; | |
6138dbda GA |
94 | |
95 | cryptodev_backend_set_ready(backend, true); | |
1653a5f3 GA |
96 | } |
97 | ||
98 | static int | |
99 | cryptodev_builtin_get_unused_session_index( | |
100 | CryptoDevBackendBuiltin *builtin) | |
101 | { | |
102 | size_t i; | |
103 | ||
104 | for (i = 0; i < MAX_NUM_SESSIONS; i++) { | |
105 | if (builtin->sessions[i] == NULL) { | |
106 | return i; | |
107 | } | |
108 | } | |
109 | ||
110 | return -1; | |
111 | } | |
112 | ||
465f2fed LM |
113 | #define AES_KEYSIZE_128 16 |
114 | #define AES_KEYSIZE_192 24 | |
115 | #define AES_KEYSIZE_256 32 | |
116 | #define AES_KEYSIZE_128_XTS AES_KEYSIZE_256 | |
117 | #define AES_KEYSIZE_256_XTS 64 | |
118 | ||
1653a5f3 | 119 | static int |
465f2fed | 120 | cryptodev_builtin_get_aes_algo(uint32_t key_len, int mode, Error **errp) |
1653a5f3 GA |
121 | { |
122 | int algo; | |
123 | ||
465f2fed | 124 | if (key_len == AES_KEYSIZE_128) { |
1653a5f3 | 125 | algo = QCRYPTO_CIPHER_ALG_AES_128; |
465f2fed | 126 | } else if (key_len == AES_KEYSIZE_192) { |
1653a5f3 | 127 | algo = QCRYPTO_CIPHER_ALG_AES_192; |
465f2fed LM |
128 | } else if (key_len == AES_KEYSIZE_256) { /* equals AES_KEYSIZE_128_XTS */ |
129 | if (mode == QCRYPTO_CIPHER_MODE_XTS) { | |
130 | algo = QCRYPTO_CIPHER_ALG_AES_128; | |
131 | } else { | |
132 | algo = QCRYPTO_CIPHER_ALG_AES_256; | |
133 | } | |
134 | } else if (key_len == AES_KEYSIZE_256_XTS) { | |
135 | if (mode == QCRYPTO_CIPHER_MODE_XTS) { | |
136 | algo = QCRYPTO_CIPHER_ALG_AES_256; | |
137 | } else { | |
138 | goto err; | |
139 | } | |
1653a5f3 | 140 | } else { |
465f2fed | 141 | goto err; |
1653a5f3 GA |
142 | } |
143 | ||
144 | return algo; | |
465f2fed LM |
145 | |
146 | err: | |
147 | error_setg(errp, "Unsupported key length :%u", key_len); | |
148 | return -1; | |
1653a5f3 GA |
149 | } |
150 | ||
151 | static int cryptodev_builtin_create_cipher_session( | |
152 | CryptoDevBackendBuiltin *builtin, | |
153 | CryptoDevBackendSymSessionInfo *sess_info, | |
154 | Error **errp) | |
155 | { | |
156 | int algo; | |
157 | int mode; | |
158 | QCryptoCipher *cipher; | |
159 | int index; | |
160 | CryptoDevBackendBuiltinSession *sess; | |
161 | ||
162 | if (sess_info->op_type != VIRTIO_CRYPTO_SYM_OP_CIPHER) { | |
163 | error_setg(errp, "Unsupported optype :%u", sess_info->op_type); | |
164 | return -1; | |
165 | } | |
166 | ||
167 | index = cryptodev_builtin_get_unused_session_index(builtin); | |
168 | if (index < 0) { | |
169 | error_setg(errp, "Total number of sessions created exceeds %u", | |
170 | MAX_NUM_SESSIONS); | |
171 | return -1; | |
172 | } | |
173 | ||
174 | switch (sess_info->cipher_alg) { | |
175 | case VIRTIO_CRYPTO_CIPHER_AES_ECB: | |
465f2fed | 176 | mode = QCRYPTO_CIPHER_MODE_ECB; |
1653a5f3 | 177 | algo = cryptodev_builtin_get_aes_algo(sess_info->key_len, |
465f2fed | 178 | mode, errp); |
1653a5f3 GA |
179 | if (algo < 0) { |
180 | return -1; | |
181 | } | |
1653a5f3 GA |
182 | break; |
183 | case VIRTIO_CRYPTO_CIPHER_AES_CBC: | |
465f2fed | 184 | mode = QCRYPTO_CIPHER_MODE_CBC; |
1653a5f3 | 185 | algo = cryptodev_builtin_get_aes_algo(sess_info->key_len, |
465f2fed | 186 | mode, errp); |
1653a5f3 GA |
187 | if (algo < 0) { |
188 | return -1; | |
189 | } | |
1653a5f3 GA |
190 | break; |
191 | case VIRTIO_CRYPTO_CIPHER_AES_CTR: | |
465f2fed | 192 | mode = QCRYPTO_CIPHER_MODE_CTR; |
1653a5f3 | 193 | algo = cryptodev_builtin_get_aes_algo(sess_info->key_len, |
465f2fed | 194 | mode, errp); |
1653a5f3 GA |
195 | if (algo < 0) { |
196 | return -1; | |
197 | } | |
1653a5f3 | 198 | break; |
eaa57403 LM |
199 | case VIRTIO_CRYPTO_CIPHER_AES_XTS: |
200 | mode = QCRYPTO_CIPHER_MODE_XTS; | |
201 | algo = cryptodev_builtin_get_aes_algo(sess_info->key_len, | |
202 | mode, errp); | |
203 | if (algo < 0) { | |
204 | return -1; | |
205 | } | |
206 | break; | |
48ae36c0 LM |
207 | case VIRTIO_CRYPTO_CIPHER_3DES_ECB: |
208 | mode = QCRYPTO_CIPHER_MODE_ECB; | |
209 | algo = QCRYPTO_CIPHER_ALG_3DES; | |
210 | break; | |
211 | case VIRTIO_CRYPTO_CIPHER_3DES_CBC: | |
212 | mode = QCRYPTO_CIPHER_MODE_CBC; | |
213 | algo = QCRYPTO_CIPHER_ALG_3DES; | |
214 | break; | |
215 | case VIRTIO_CRYPTO_CIPHER_3DES_CTR: | |
216 | mode = QCRYPTO_CIPHER_MODE_CTR; | |
217 | algo = QCRYPTO_CIPHER_ALG_3DES; | |
218 | break; | |
1653a5f3 GA |
219 | default: |
220 | error_setg(errp, "Unsupported cipher alg :%u", | |
221 | sess_info->cipher_alg); | |
222 | return -1; | |
223 | } | |
224 | ||
225 | cipher = qcrypto_cipher_new(algo, mode, | |
226 | sess_info->cipher_key, | |
227 | sess_info->key_len, | |
228 | errp); | |
229 | if (!cipher) { | |
230 | return -1; | |
231 | } | |
232 | ||
233 | sess = g_new0(CryptoDevBackendBuiltinSession, 1); | |
234 | sess->cipher = cipher; | |
235 | sess->direction = sess_info->direction; | |
236 | sess->type = sess_info->op_type; | |
237 | ||
238 | builtin->sessions[index] = sess; | |
239 | ||
240 | return index; | |
241 | } | |
242 | ||
243 | static int64_t cryptodev_builtin_sym_create_session( | |
244 | CryptoDevBackend *backend, | |
245 | CryptoDevBackendSymSessionInfo *sess_info, | |
246 | uint32_t queue_index, Error **errp) | |
247 | { | |
248 | CryptoDevBackendBuiltin *builtin = | |
249 | CRYPTODEV_BACKEND_BUILTIN(backend); | |
250 | int64_t session_id = -1; | |
251 | int ret; | |
252 | ||
253 | switch (sess_info->op_code) { | |
254 | case VIRTIO_CRYPTO_CIPHER_CREATE_SESSION: | |
255 | ret = cryptodev_builtin_create_cipher_session( | |
256 | builtin, sess_info, errp); | |
257 | if (ret < 0) { | |
258 | return ret; | |
259 | } else { | |
260 | session_id = ret; | |
261 | } | |
262 | break; | |
263 | case VIRTIO_CRYPTO_HASH_CREATE_SESSION: | |
264 | case VIRTIO_CRYPTO_MAC_CREATE_SESSION: | |
265 | default: | |
266 | error_setg(errp, "Unsupported opcode :%" PRIu32 "", | |
267 | sess_info->op_code); | |
268 | return -1; | |
269 | } | |
270 | ||
271 | return session_id; | |
272 | } | |
273 | ||
274 | static int cryptodev_builtin_sym_close_session( | |
275 | CryptoDevBackend *backend, | |
276 | uint64_t session_id, | |
277 | uint32_t queue_index, Error **errp) | |
278 | { | |
279 | CryptoDevBackendBuiltin *builtin = | |
280 | CRYPTODEV_BACKEND_BUILTIN(backend); | |
281 | ||
2a340b67 | 282 | assert(session_id < MAX_NUM_SESSIONS && builtin->sessions[session_id]); |
1653a5f3 GA |
283 | |
284 | qcrypto_cipher_free(builtin->sessions[session_id]->cipher); | |
285 | g_free(builtin->sessions[session_id]); | |
286 | builtin->sessions[session_id] = NULL; | |
287 | return 0; | |
288 | } | |
289 | ||
290 | static int cryptodev_builtin_sym_operation( | |
291 | CryptoDevBackend *backend, | |
292 | CryptoDevBackendSymOpInfo *op_info, | |
293 | uint32_t queue_index, Error **errp) | |
294 | { | |
295 | CryptoDevBackendBuiltin *builtin = | |
296 | CRYPTODEV_BACKEND_BUILTIN(backend); | |
297 | CryptoDevBackendBuiltinSession *sess; | |
298 | int ret; | |
299 | ||
300 | if (op_info->session_id >= MAX_NUM_SESSIONS || | |
301 | builtin->sessions[op_info->session_id] == NULL) { | |
302 | error_setg(errp, "Cannot find a valid session id: %" PRIu64 "", | |
303 | op_info->session_id); | |
304 | return -VIRTIO_CRYPTO_INVSESS; | |
305 | } | |
306 | ||
307 | if (op_info->op_type == VIRTIO_CRYPTO_SYM_OP_ALGORITHM_CHAINING) { | |
308 | error_setg(errp, | |
309 | "Algorithm chain is unsupported for cryptdoev-builtin"); | |
310 | return -VIRTIO_CRYPTO_NOTSUPP; | |
311 | } | |
312 | ||
313 | sess = builtin->sessions[op_info->session_id]; | |
314 | ||
50d19cf3 LM |
315 | if (op_info->iv_len > 0) { |
316 | ret = qcrypto_cipher_setiv(sess->cipher, op_info->iv, | |
317 | op_info->iv_len, errp); | |
318 | if (ret < 0) { | |
319 | return -VIRTIO_CRYPTO_ERR; | |
320 | } | |
1653a5f3 GA |
321 | } |
322 | ||
323 | if (sess->direction == VIRTIO_CRYPTO_OP_ENCRYPT) { | |
324 | ret = qcrypto_cipher_encrypt(sess->cipher, op_info->src, | |
325 | op_info->dst, op_info->src_len, errp); | |
326 | if (ret < 0) { | |
327 | return -VIRTIO_CRYPTO_ERR; | |
328 | } | |
329 | } else { | |
330 | ret = qcrypto_cipher_decrypt(sess->cipher, op_info->src, | |
331 | op_info->dst, op_info->src_len, errp); | |
332 | if (ret < 0) { | |
333 | return -VIRTIO_CRYPTO_ERR; | |
334 | } | |
335 | } | |
336 | return VIRTIO_CRYPTO_OK; | |
337 | } | |
338 | ||
339 | static void cryptodev_builtin_cleanup( | |
340 | CryptoDevBackend *backend, | |
341 | Error **errp) | |
342 | { | |
343 | CryptoDevBackendBuiltin *builtin = | |
344 | CRYPTODEV_BACKEND_BUILTIN(backend); | |
345 | size_t i; | |
346 | int queues = backend->conf.peers.queues; | |
347 | CryptoDevBackendClient *cc; | |
348 | ||
349 | for (i = 0; i < MAX_NUM_SESSIONS; i++) { | |
350 | if (builtin->sessions[i] != NULL) { | |
2a340b67 | 351 | cryptodev_builtin_sym_close_session(backend, i, 0, &error_abort); |
1653a5f3 GA |
352 | } |
353 | } | |
354 | ||
1653a5f3 GA |
355 | for (i = 0; i < queues; i++) { |
356 | cc = backend->conf.peers.ccs[i]; | |
357 | if (cc) { | |
358 | cryptodev_backend_free_client(cc); | |
359 | backend->conf.peers.ccs[i] = NULL; | |
360 | } | |
361 | } | |
6138dbda GA |
362 | |
363 | cryptodev_backend_set_ready(backend, false); | |
1653a5f3 GA |
364 | } |
365 | ||
366 | static void | |
367 | cryptodev_builtin_class_init(ObjectClass *oc, void *data) | |
368 | { | |
369 | CryptoDevBackendClass *bc = CRYPTODEV_BACKEND_CLASS(oc); | |
370 | ||
371 | bc->init = cryptodev_builtin_init; | |
372 | bc->cleanup = cryptodev_builtin_cleanup; | |
373 | bc->create_session = cryptodev_builtin_sym_create_session; | |
374 | bc->close_session = cryptodev_builtin_sym_close_session; | |
375 | bc->do_sym_op = cryptodev_builtin_sym_operation; | |
376 | } | |
377 | ||
378 | static const TypeInfo cryptodev_builtin_info = { | |
379 | .name = TYPE_CRYPTODEV_BACKEND_BUILTIN, | |
380 | .parent = TYPE_CRYPTODEV_BACKEND, | |
381 | .class_init = cryptodev_builtin_class_init, | |
382 | .instance_size = sizeof(CryptoDevBackendBuiltin), | |
383 | }; | |
384 | ||
385 | static void | |
386 | cryptodev_builtin_register_types(void) | |
387 | { | |
388 | type_register_static(&cryptodev_builtin_info); | |
389 | } | |
390 | ||
391 | type_init(cryptodev_builtin_register_types); |