]>
Commit | Line | Data |
---|---|---|
1653a5f3 GA |
1 | /* |
2 | * QEMU Cryptodev backend for QEMU cipher APIs | |
3 | * | |
4 | * Copyright (c) 2016 HUAWEI TECHNOLOGIES CO., LTD. | |
5 | * | |
6 | * Authors: | |
7 | * Gonglei <arei.gonglei@huawei.com> | |
8 | * | |
9 | * This library is free software; you can redistribute it and/or | |
10 | * modify it under the terms of the GNU Lesser General Public | |
11 | * License as published by the Free Software Foundation; either | |
0dda001b | 12 | * version 2.1 of the License, or (at your option) any later version. |
1653a5f3 GA |
13 | * |
14 | * This library is distributed in the hope that it will be useful, | |
15 | * but WITHOUT ANY WARRANTY; without even the implied warranty of | |
16 | * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU | |
17 | * Lesser General Public License for more details. | |
18 | * | |
19 | * You should have received a copy of the GNU Lesser General Public | |
20 | * License along with this library; if not, see <http://www.gnu.org/licenses/>. | |
21 | * | |
22 | */ | |
23 | ||
24 | #include "qemu/osdep.h" | |
25 | #include "sysemu/cryptodev.h" | |
1653a5f3 GA |
26 | #include "qapi/error.h" |
27 | #include "standard-headers/linux/virtio_crypto.h" | |
28 | #include "crypto/cipher.h" | |
0e660a6f | 29 | #include "crypto/akcipher.h" |
db1015e9 | 30 | #include "qom/object.h" |
1653a5f3 GA |
31 | |
32 | ||
33 | /** | |
34 | * @TYPE_CRYPTODEV_BACKEND_BUILTIN: | |
35 | * name of backend that uses QEMU cipher API | |
36 | */ | |
37 | #define TYPE_CRYPTODEV_BACKEND_BUILTIN "cryptodev-backend-builtin" | |
38 | ||
8063396b | 39 | OBJECT_DECLARE_SIMPLE_TYPE(CryptoDevBackendBuiltin, CRYPTODEV_BACKEND_BUILTIN) |
1653a5f3 | 40 | |
1653a5f3 GA |
41 | |
42 | typedef struct CryptoDevBackendBuiltinSession { | |
43 | QCryptoCipher *cipher; | |
44 | uint8_t direction; /* encryption or decryption */ | |
45 | uint8_t type; /* cipher? hash? aead? */ | |
0e660a6f | 46 | QCryptoAkCipher *akcipher; |
1653a5f3 GA |
47 | QTAILQ_ENTRY(CryptoDevBackendBuiltinSession) next; |
48 | } CryptoDevBackendBuiltinSession; | |
49 | ||
0e660a6f | 50 | /* Max number of symmetric/asymmetric sessions */ |
1653a5f3 GA |
51 | #define MAX_NUM_SESSIONS 256 |
52 | ||
53 | #define CRYPTODEV_BUITLIN_MAX_AUTH_KEY_LEN 512 | |
54 | #define CRYPTODEV_BUITLIN_MAX_CIPHER_KEY_LEN 64 | |
55 | ||
56 | struct CryptoDevBackendBuiltin { | |
57 | CryptoDevBackend parent_obj; | |
58 | ||
59 | CryptoDevBackendBuiltinSession *sessions[MAX_NUM_SESSIONS]; | |
60 | }; | |
61 | ||
abca0fc3 ZP |
62 | static void cryptodev_builtin_init_akcipher(CryptoDevBackend *backend) |
63 | { | |
64 | QCryptoAkCipherOptions opts; | |
65 | ||
66 | opts.alg = QCRYPTO_AKCIPHER_ALG_RSA; | |
67 | opts.u.rsa.padding_alg = QCRYPTO_RSA_PADDING_ALG_RAW; | |
68 | if (qcrypto_akcipher_supports(&opts)) { | |
69 | backend->conf.crypto_services |= | |
70 | (1u << QCRYPTODEV_BACKEND_SERVICE_AKCIPHER); | |
71 | backend->conf.akcipher_algo = 1u << VIRTIO_CRYPTO_AKCIPHER_RSA; | |
72 | } | |
73 | } | |
74 | ||
1653a5f3 GA |
75 | static void cryptodev_builtin_init( |
76 | CryptoDevBackend *backend, Error **errp) | |
77 | { | |
78 | /* Only support one queue */ | |
79 | int queues = backend->conf.peers.queues; | |
80 | CryptoDevBackendClient *cc; | |
81 | ||
82 | if (queues != 1) { | |
83 | error_setg(errp, | |
84 | "Only support one queue in cryptdov-builtin backend"); | |
85 | return; | |
86 | } | |
87 | ||
3f478371 | 88 | cc = cryptodev_backend_new_client(); |
1653a5f3 GA |
89 | cc->info_str = g_strdup_printf("cryptodev-builtin0"); |
90 | cc->queue_index = 0; | |
14c9fd16 | 91 | cc->type = QCRYPTODEV_BACKEND_TYPE_BUILTIN; |
1653a5f3 GA |
92 | backend->conf.peers.ccs[0] = cc; |
93 | ||
94 | backend->conf.crypto_services = | |
bc304a64 ZP |
95 | 1u << QCRYPTODEV_BACKEND_SERVICE_CIPHER | |
96 | 1u << QCRYPTODEV_BACKEND_SERVICE_HASH | | |
abca0fc3 | 97 | 1u << QCRYPTODEV_BACKEND_SERVICE_MAC; |
1653a5f3 GA |
98 | backend->conf.cipher_algo_l = 1u << VIRTIO_CRYPTO_CIPHER_AES_CBC; |
99 | backend->conf.hash_algo = 1u << VIRTIO_CRYPTO_HASH_SHA1; | |
100 | /* | |
101 | * Set the Maximum length of crypto request. | |
102 | * Why this value? Just avoid to overflow when | |
103 | * memory allocation for each crypto request. | |
104 | */ | |
0e660a6f | 105 | backend->conf.max_size = LONG_MAX - sizeof(CryptoDevBackendOpInfo); |
1653a5f3 GA |
106 | backend->conf.max_cipher_key_len = CRYPTODEV_BUITLIN_MAX_CIPHER_KEY_LEN; |
107 | backend->conf.max_auth_key_len = CRYPTODEV_BUITLIN_MAX_AUTH_KEY_LEN; | |
abca0fc3 | 108 | cryptodev_builtin_init_akcipher(backend); |
6138dbda GA |
109 | |
110 | cryptodev_backend_set_ready(backend, true); | |
1653a5f3 GA |
111 | } |
112 | ||
113 | static int | |
114 | cryptodev_builtin_get_unused_session_index( | |
115 | CryptoDevBackendBuiltin *builtin) | |
116 | { | |
117 | size_t i; | |
118 | ||
119 | for (i = 0; i < MAX_NUM_SESSIONS; i++) { | |
120 | if (builtin->sessions[i] == NULL) { | |
121 | return i; | |
122 | } | |
123 | } | |
124 | ||
125 | return -1; | |
126 | } | |
127 | ||
465f2fed LM |
128 | #define AES_KEYSIZE_128 16 |
129 | #define AES_KEYSIZE_192 24 | |
130 | #define AES_KEYSIZE_256 32 | |
131 | #define AES_KEYSIZE_128_XTS AES_KEYSIZE_256 | |
132 | #define AES_KEYSIZE_256_XTS 64 | |
133 | ||
1653a5f3 | 134 | static int |
465f2fed | 135 | cryptodev_builtin_get_aes_algo(uint32_t key_len, int mode, Error **errp) |
1653a5f3 GA |
136 | { |
137 | int algo; | |
138 | ||
465f2fed | 139 | if (key_len == AES_KEYSIZE_128) { |
1653a5f3 | 140 | algo = QCRYPTO_CIPHER_ALG_AES_128; |
465f2fed | 141 | } else if (key_len == AES_KEYSIZE_192) { |
1653a5f3 | 142 | algo = QCRYPTO_CIPHER_ALG_AES_192; |
465f2fed LM |
143 | } else if (key_len == AES_KEYSIZE_256) { /* equals AES_KEYSIZE_128_XTS */ |
144 | if (mode == QCRYPTO_CIPHER_MODE_XTS) { | |
145 | algo = QCRYPTO_CIPHER_ALG_AES_128; | |
146 | } else { | |
147 | algo = QCRYPTO_CIPHER_ALG_AES_256; | |
148 | } | |
149 | } else if (key_len == AES_KEYSIZE_256_XTS) { | |
150 | if (mode == QCRYPTO_CIPHER_MODE_XTS) { | |
151 | algo = QCRYPTO_CIPHER_ALG_AES_256; | |
152 | } else { | |
153 | goto err; | |
154 | } | |
1653a5f3 | 155 | } else { |
465f2fed | 156 | goto err; |
1653a5f3 GA |
157 | } |
158 | ||
159 | return algo; | |
465f2fed LM |
160 | |
161 | err: | |
162 | error_setg(errp, "Unsupported key length :%u", key_len); | |
163 | return -1; | |
1653a5f3 GA |
164 | } |
165 | ||
0e660a6f ZP |
166 | static int cryptodev_builtin_get_rsa_hash_algo( |
167 | int virtio_rsa_hash, Error **errp) | |
168 | { | |
169 | switch (virtio_rsa_hash) { | |
170 | case VIRTIO_CRYPTO_RSA_MD5: | |
171 | return QCRYPTO_HASH_ALG_MD5; | |
172 | ||
173 | case VIRTIO_CRYPTO_RSA_SHA1: | |
174 | return QCRYPTO_HASH_ALG_SHA1; | |
175 | ||
176 | case VIRTIO_CRYPTO_RSA_SHA256: | |
177 | return QCRYPTO_HASH_ALG_SHA256; | |
178 | ||
179 | case VIRTIO_CRYPTO_RSA_SHA512: | |
180 | return QCRYPTO_HASH_ALG_SHA512; | |
181 | ||
182 | default: | |
183 | error_setg(errp, "Unsupported rsa hash algo: %d", virtio_rsa_hash); | |
184 | return -1; | |
185 | } | |
186 | } | |
187 | ||
188 | static int cryptodev_builtin_set_rsa_options( | |
189 | int virtio_padding_algo, | |
190 | int virtio_hash_algo, | |
191 | QCryptoAkCipherOptionsRSA *opt, | |
192 | Error **errp) | |
193 | { | |
194 | if (virtio_padding_algo == VIRTIO_CRYPTO_RSA_PKCS1_PADDING) { | |
195 | int hash_alg; | |
196 | ||
197 | hash_alg = cryptodev_builtin_get_rsa_hash_algo(virtio_hash_algo, errp); | |
198 | if (hash_alg < 0) { | |
199 | return -1; | |
200 | } | |
201 | opt->hash_alg = hash_alg; | |
202 | opt->padding_alg = QCRYPTO_RSA_PADDING_ALG_PKCS1; | |
203 | return 0; | |
204 | } | |
205 | ||
206 | if (virtio_padding_algo == VIRTIO_CRYPTO_RSA_RAW_PADDING) { | |
207 | opt->padding_alg = QCRYPTO_RSA_PADDING_ALG_RAW; | |
208 | return 0; | |
209 | } | |
210 | ||
211 | error_setg(errp, "Unsupported rsa padding algo: %d", virtio_padding_algo); | |
212 | return -1; | |
213 | } | |
214 | ||
1653a5f3 GA |
215 | static int cryptodev_builtin_create_cipher_session( |
216 | CryptoDevBackendBuiltin *builtin, | |
217 | CryptoDevBackendSymSessionInfo *sess_info, | |
218 | Error **errp) | |
219 | { | |
220 | int algo; | |
221 | int mode; | |
222 | QCryptoCipher *cipher; | |
223 | int index; | |
224 | CryptoDevBackendBuiltinSession *sess; | |
225 | ||
226 | if (sess_info->op_type != VIRTIO_CRYPTO_SYM_OP_CIPHER) { | |
227 | error_setg(errp, "Unsupported optype :%u", sess_info->op_type); | |
228 | return -1; | |
229 | } | |
230 | ||
231 | index = cryptodev_builtin_get_unused_session_index(builtin); | |
232 | if (index < 0) { | |
233 | error_setg(errp, "Total number of sessions created exceeds %u", | |
234 | MAX_NUM_SESSIONS); | |
235 | return -1; | |
236 | } | |
237 | ||
238 | switch (sess_info->cipher_alg) { | |
239 | case VIRTIO_CRYPTO_CIPHER_AES_ECB: | |
465f2fed | 240 | mode = QCRYPTO_CIPHER_MODE_ECB; |
1653a5f3 | 241 | algo = cryptodev_builtin_get_aes_algo(sess_info->key_len, |
465f2fed | 242 | mode, errp); |
1653a5f3 GA |
243 | if (algo < 0) { |
244 | return -1; | |
245 | } | |
1653a5f3 GA |
246 | break; |
247 | case VIRTIO_CRYPTO_CIPHER_AES_CBC: | |
465f2fed | 248 | mode = QCRYPTO_CIPHER_MODE_CBC; |
1653a5f3 | 249 | algo = cryptodev_builtin_get_aes_algo(sess_info->key_len, |
465f2fed | 250 | mode, errp); |
1653a5f3 GA |
251 | if (algo < 0) { |
252 | return -1; | |
253 | } | |
1653a5f3 GA |
254 | break; |
255 | case VIRTIO_CRYPTO_CIPHER_AES_CTR: | |
465f2fed | 256 | mode = QCRYPTO_CIPHER_MODE_CTR; |
1653a5f3 | 257 | algo = cryptodev_builtin_get_aes_algo(sess_info->key_len, |
465f2fed | 258 | mode, errp); |
1653a5f3 GA |
259 | if (algo < 0) { |
260 | return -1; | |
261 | } | |
1653a5f3 | 262 | break; |
eaa57403 LM |
263 | case VIRTIO_CRYPTO_CIPHER_AES_XTS: |
264 | mode = QCRYPTO_CIPHER_MODE_XTS; | |
265 | algo = cryptodev_builtin_get_aes_algo(sess_info->key_len, | |
266 | mode, errp); | |
267 | if (algo < 0) { | |
268 | return -1; | |
269 | } | |
270 | break; | |
48ae36c0 LM |
271 | case VIRTIO_CRYPTO_CIPHER_3DES_ECB: |
272 | mode = QCRYPTO_CIPHER_MODE_ECB; | |
273 | algo = QCRYPTO_CIPHER_ALG_3DES; | |
274 | break; | |
275 | case VIRTIO_CRYPTO_CIPHER_3DES_CBC: | |
276 | mode = QCRYPTO_CIPHER_MODE_CBC; | |
277 | algo = QCRYPTO_CIPHER_ALG_3DES; | |
278 | break; | |
279 | case VIRTIO_CRYPTO_CIPHER_3DES_CTR: | |
280 | mode = QCRYPTO_CIPHER_MODE_CTR; | |
281 | algo = QCRYPTO_CIPHER_ALG_3DES; | |
282 | break; | |
1653a5f3 GA |
283 | default: |
284 | error_setg(errp, "Unsupported cipher alg :%u", | |
285 | sess_info->cipher_alg); | |
286 | return -1; | |
287 | } | |
288 | ||
289 | cipher = qcrypto_cipher_new(algo, mode, | |
290 | sess_info->cipher_key, | |
291 | sess_info->key_len, | |
292 | errp); | |
293 | if (!cipher) { | |
294 | return -1; | |
295 | } | |
296 | ||
297 | sess = g_new0(CryptoDevBackendBuiltinSession, 1); | |
298 | sess->cipher = cipher; | |
299 | sess->direction = sess_info->direction; | |
300 | sess->type = sess_info->op_type; | |
301 | ||
302 | builtin->sessions[index] = sess; | |
303 | ||
304 | return index; | |
305 | } | |
306 | ||
0e660a6f ZP |
307 | static int cryptodev_builtin_create_akcipher_session( |
308 | CryptoDevBackendBuiltin *builtin, | |
309 | CryptoDevBackendAsymSessionInfo *sess_info, | |
310 | Error **errp) | |
311 | { | |
312 | CryptoDevBackendBuiltinSession *sess; | |
313 | QCryptoAkCipher *akcipher; | |
314 | int index; | |
315 | QCryptoAkCipherKeyType type; | |
316 | QCryptoAkCipherOptions opts; | |
317 | ||
318 | switch (sess_info->algo) { | |
319 | case VIRTIO_CRYPTO_AKCIPHER_RSA: | |
320 | opts.alg = QCRYPTO_AKCIPHER_ALG_RSA; | |
321 | if (cryptodev_builtin_set_rsa_options(sess_info->u.rsa.padding_algo, | |
322 | sess_info->u.rsa.hash_algo, &opts.u.rsa, errp) != 0) { | |
323 | return -1; | |
324 | } | |
325 | break; | |
326 | ||
327 | /* TODO support DSA&ECDSA until qemu crypto framework support these */ | |
328 | ||
329 | default: | |
330 | error_setg(errp, "Unsupported akcipher alg %u", sess_info->algo); | |
331 | return -1; | |
332 | } | |
333 | ||
334 | switch (sess_info->keytype) { | |
335 | case VIRTIO_CRYPTO_AKCIPHER_KEY_TYPE_PUBLIC: | |
336 | type = QCRYPTO_AKCIPHER_KEY_TYPE_PUBLIC; | |
337 | break; | |
338 | ||
339 | case VIRTIO_CRYPTO_AKCIPHER_KEY_TYPE_PRIVATE: | |
340 | type = QCRYPTO_AKCIPHER_KEY_TYPE_PRIVATE; | |
341 | break; | |
342 | ||
343 | default: | |
344 | error_setg(errp, "Unsupported akcipher keytype %u", sess_info->keytype); | |
345 | return -1; | |
346 | } | |
347 | ||
348 | index = cryptodev_builtin_get_unused_session_index(builtin); | |
349 | if (index < 0) { | |
350 | error_setg(errp, "Total number of sessions created exceeds %u", | |
351 | MAX_NUM_SESSIONS); | |
352 | return -1; | |
353 | } | |
354 | ||
355 | akcipher = qcrypto_akcipher_new(&opts, type, sess_info->key, | |
356 | sess_info->keylen, errp); | |
357 | if (!akcipher) { | |
358 | return -1; | |
359 | } | |
360 | ||
361 | sess = g_new0(CryptoDevBackendBuiltinSession, 1); | |
362 | sess->akcipher = akcipher; | |
363 | ||
364 | builtin->sessions[index] = sess; | |
365 | ||
366 | return index; | |
367 | } | |
368 | ||
2fda101d | 369 | static int cryptodev_builtin_create_session( |
1653a5f3 | 370 | CryptoDevBackend *backend, |
0e660a6f | 371 | CryptoDevBackendSessionInfo *sess_info, |
2fda101d LH |
372 | uint32_t queue_index, |
373 | CryptoDevCompletionFunc cb, | |
374 | void *opaque) | |
1653a5f3 GA |
375 | { |
376 | CryptoDevBackendBuiltin *builtin = | |
377 | CRYPTODEV_BACKEND_BUILTIN(backend); | |
0e660a6f ZP |
378 | CryptoDevBackendSymSessionInfo *sym_sess_info; |
379 | CryptoDevBackendAsymSessionInfo *asym_sess_info; | |
2fda101d LH |
380 | int ret, status; |
381 | Error *local_error = NULL; | |
1653a5f3 GA |
382 | |
383 | switch (sess_info->op_code) { | |
384 | case VIRTIO_CRYPTO_CIPHER_CREATE_SESSION: | |
0e660a6f | 385 | sym_sess_info = &sess_info->u.sym_sess_info; |
2fda101d LH |
386 | ret = cryptodev_builtin_create_cipher_session( |
387 | builtin, sym_sess_info, &local_error); | |
388 | break; | |
0e660a6f ZP |
389 | |
390 | case VIRTIO_CRYPTO_AKCIPHER_CREATE_SESSION: | |
391 | asym_sess_info = &sess_info->u.asym_sess_info; | |
2fda101d LH |
392 | ret = cryptodev_builtin_create_akcipher_session( |
393 | builtin, asym_sess_info, &local_error); | |
394 | break; | |
0e660a6f | 395 | |
1653a5f3 GA |
396 | case VIRTIO_CRYPTO_HASH_CREATE_SESSION: |
397 | case VIRTIO_CRYPTO_MAC_CREATE_SESSION: | |
398 | default: | |
2fda101d | 399 | error_setg(&local_error, "Unsupported opcode :%" PRIu32 "", |
1653a5f3 | 400 | sess_info->op_code); |
2fda101d | 401 | return -VIRTIO_CRYPTO_NOTSUPP; |
1653a5f3 GA |
402 | } |
403 | ||
2fda101d LH |
404 | if (local_error) { |
405 | error_report_err(local_error); | |
406 | } | |
407 | if (ret < 0) { | |
408 | status = -VIRTIO_CRYPTO_ERR; | |
409 | } else { | |
410 | sess_info->session_id = ret; | |
411 | status = VIRTIO_CRYPTO_OK; | |
412 | } | |
413 | if (cb) { | |
414 | cb(opaque, status); | |
415 | } | |
416 | return 0; | |
1653a5f3 GA |
417 | } |
418 | ||
0e660a6f | 419 | static int cryptodev_builtin_close_session( |
1653a5f3 GA |
420 | CryptoDevBackend *backend, |
421 | uint64_t session_id, | |
2fda101d LH |
422 | uint32_t queue_index, |
423 | CryptoDevCompletionFunc cb, | |
424 | void *opaque) | |
1653a5f3 GA |
425 | { |
426 | CryptoDevBackendBuiltin *builtin = | |
427 | CRYPTODEV_BACKEND_BUILTIN(backend); | |
0e660a6f | 428 | CryptoDevBackendBuiltinSession *session; |
1653a5f3 | 429 | |
2a340b67 | 430 | assert(session_id < MAX_NUM_SESSIONS && builtin->sessions[session_id]); |
1653a5f3 | 431 | |
0e660a6f ZP |
432 | session = builtin->sessions[session_id]; |
433 | if (session->cipher) { | |
434 | qcrypto_cipher_free(session->cipher); | |
435 | } else if (session->akcipher) { | |
436 | qcrypto_akcipher_free(session->akcipher); | |
437 | } | |
438 | ||
439 | g_free(session); | |
1653a5f3 | 440 | builtin->sessions[session_id] = NULL; |
2fda101d LH |
441 | if (cb) { |
442 | cb(opaque, VIRTIO_CRYPTO_OK); | |
443 | } | |
1653a5f3 GA |
444 | return 0; |
445 | } | |
446 | ||
447 | static int cryptodev_builtin_sym_operation( | |
0e660a6f ZP |
448 | CryptoDevBackendBuiltinSession *sess, |
449 | CryptoDevBackendSymOpInfo *op_info, Error **errp) | |
1653a5f3 | 450 | { |
1653a5f3 GA |
451 | int ret; |
452 | ||
1653a5f3 GA |
453 | if (op_info->op_type == VIRTIO_CRYPTO_SYM_OP_ALGORITHM_CHAINING) { |
454 | error_setg(errp, | |
455 | "Algorithm chain is unsupported for cryptdoev-builtin"); | |
456 | return -VIRTIO_CRYPTO_NOTSUPP; | |
457 | } | |
458 | ||
50d19cf3 LM |
459 | if (op_info->iv_len > 0) { |
460 | ret = qcrypto_cipher_setiv(sess->cipher, op_info->iv, | |
461 | op_info->iv_len, errp); | |
462 | if (ret < 0) { | |
463 | return -VIRTIO_CRYPTO_ERR; | |
464 | } | |
1653a5f3 GA |
465 | } |
466 | ||
467 | if (sess->direction == VIRTIO_CRYPTO_OP_ENCRYPT) { | |
468 | ret = qcrypto_cipher_encrypt(sess->cipher, op_info->src, | |
469 | op_info->dst, op_info->src_len, errp); | |
470 | if (ret < 0) { | |
471 | return -VIRTIO_CRYPTO_ERR; | |
472 | } | |
473 | } else { | |
474 | ret = qcrypto_cipher_decrypt(sess->cipher, op_info->src, | |
475 | op_info->dst, op_info->src_len, errp); | |
476 | if (ret < 0) { | |
477 | return -VIRTIO_CRYPTO_ERR; | |
478 | } | |
479 | } | |
0e660a6f ZP |
480 | |
481 | return VIRTIO_CRYPTO_OK; | |
482 | } | |
483 | ||
484 | static int cryptodev_builtin_asym_operation( | |
485 | CryptoDevBackendBuiltinSession *sess, uint32_t op_code, | |
486 | CryptoDevBackendAsymOpInfo *op_info, Error **errp) | |
487 | { | |
488 | int ret; | |
489 | ||
490 | switch (op_code) { | |
491 | case VIRTIO_CRYPTO_AKCIPHER_ENCRYPT: | |
492 | ret = qcrypto_akcipher_encrypt(sess->akcipher, | |
493 | op_info->src, op_info->src_len, | |
494 | op_info->dst, op_info->dst_len, errp); | |
495 | break; | |
496 | ||
497 | case VIRTIO_CRYPTO_AKCIPHER_DECRYPT: | |
498 | ret = qcrypto_akcipher_decrypt(sess->akcipher, | |
499 | op_info->src, op_info->src_len, | |
500 | op_info->dst, op_info->dst_len, errp); | |
501 | break; | |
502 | ||
503 | case VIRTIO_CRYPTO_AKCIPHER_SIGN: | |
504 | ret = qcrypto_akcipher_sign(sess->akcipher, | |
505 | op_info->src, op_info->src_len, | |
506 | op_info->dst, op_info->dst_len, errp); | |
507 | break; | |
508 | ||
509 | case VIRTIO_CRYPTO_AKCIPHER_VERIFY: | |
510 | ret = qcrypto_akcipher_verify(sess->akcipher, | |
511 | op_info->src, op_info->src_len, | |
512 | op_info->dst, op_info->dst_len, errp); | |
513 | break; | |
514 | ||
515 | default: | |
516 | return -VIRTIO_CRYPTO_ERR; | |
517 | } | |
518 | ||
519 | if (ret < 0) { | |
520 | if (op_code == VIRTIO_CRYPTO_AKCIPHER_VERIFY) { | |
521 | return -VIRTIO_CRYPTO_KEY_REJECTED; | |
522 | } | |
523 | return -VIRTIO_CRYPTO_ERR; | |
524 | } | |
525 | ||
526 | /* Buffer is too short, typically the driver should handle this case */ | |
527 | if (unlikely(ret > op_info->dst_len)) { | |
528 | if (errp && !*errp) { | |
529 | error_setg(errp, "dst buffer too short"); | |
530 | } | |
531 | ||
532 | return -VIRTIO_CRYPTO_ERR; | |
533 | } | |
534 | ||
535 | op_info->dst_len = ret; | |
536 | ||
1653a5f3 GA |
537 | return VIRTIO_CRYPTO_OK; |
538 | } | |
539 | ||
0e660a6f ZP |
540 | static int cryptodev_builtin_operation( |
541 | CryptoDevBackend *backend, | |
2cb06927 | 542 | CryptoDevBackendOpInfo *op_info) |
0e660a6f ZP |
543 | { |
544 | CryptoDevBackendBuiltin *builtin = | |
545 | CRYPTODEV_BACKEND_BUILTIN(backend); | |
546 | CryptoDevBackendBuiltinSession *sess; | |
547 | CryptoDevBackendSymOpInfo *sym_op_info; | |
548 | CryptoDevBackendAsymOpInfo *asym_op_info; | |
999c789f | 549 | QCryptodevBackendAlgType algtype = op_info->algtype; |
2fda101d LH |
550 | int status = -VIRTIO_CRYPTO_ERR; |
551 | Error *local_error = NULL; | |
0e660a6f ZP |
552 | |
553 | if (op_info->session_id >= MAX_NUM_SESSIONS || | |
554 | builtin->sessions[op_info->session_id] == NULL) { | |
2fda101d | 555 | error_setg(&local_error, "Cannot find a valid session id: %" PRIu64 "", |
0e660a6f ZP |
556 | op_info->session_id); |
557 | return -VIRTIO_CRYPTO_INVSESS; | |
558 | } | |
559 | ||
560 | sess = builtin->sessions[op_info->session_id]; | |
999c789f | 561 | if (algtype == QCRYPTODEV_BACKEND_ALG_SYM) { |
0e660a6f | 562 | sym_op_info = op_info->u.sym_op_info; |
2fda101d LH |
563 | status = cryptodev_builtin_sym_operation(sess, sym_op_info, |
564 | &local_error); | |
999c789f | 565 | } else if (algtype == QCRYPTODEV_BACKEND_ALG_ASYM) { |
0e660a6f | 566 | asym_op_info = op_info->u.asym_op_info; |
2fda101d LH |
567 | status = cryptodev_builtin_asym_operation(sess, op_info->op_code, |
568 | asym_op_info, &local_error); | |
0e660a6f ZP |
569 | } |
570 | ||
2fda101d LH |
571 | if (local_error) { |
572 | error_report_err(local_error); | |
573 | } | |
2cb06927 ZP |
574 | if (op_info->cb) { |
575 | op_info->cb(op_info->opaque, status); | |
2fda101d LH |
576 | } |
577 | return 0; | |
0e660a6f ZP |
578 | } |
579 | ||
1653a5f3 GA |
580 | static void cryptodev_builtin_cleanup( |
581 | CryptoDevBackend *backend, | |
582 | Error **errp) | |
583 | { | |
584 | CryptoDevBackendBuiltin *builtin = | |
585 | CRYPTODEV_BACKEND_BUILTIN(backend); | |
586 | size_t i; | |
587 | int queues = backend->conf.peers.queues; | |
588 | CryptoDevBackendClient *cc; | |
589 | ||
590 | for (i = 0; i < MAX_NUM_SESSIONS; i++) { | |
591 | if (builtin->sessions[i] != NULL) { | |
2fda101d | 592 | cryptodev_builtin_close_session(backend, i, 0, NULL, NULL); |
1653a5f3 GA |
593 | } |
594 | } | |
595 | ||
1653a5f3 GA |
596 | for (i = 0; i < queues; i++) { |
597 | cc = backend->conf.peers.ccs[i]; | |
598 | if (cc) { | |
599 | cryptodev_backend_free_client(cc); | |
600 | backend->conf.peers.ccs[i] = NULL; | |
601 | } | |
602 | } | |
6138dbda GA |
603 | |
604 | cryptodev_backend_set_ready(backend, false); | |
1653a5f3 GA |
605 | } |
606 | ||
607 | static void | |
608 | cryptodev_builtin_class_init(ObjectClass *oc, void *data) | |
609 | { | |
610 | CryptoDevBackendClass *bc = CRYPTODEV_BACKEND_CLASS(oc); | |
611 | ||
612 | bc->init = cryptodev_builtin_init; | |
613 | bc->cleanup = cryptodev_builtin_cleanup; | |
0e660a6f ZP |
614 | bc->create_session = cryptodev_builtin_create_session; |
615 | bc->close_session = cryptodev_builtin_close_session; | |
616 | bc->do_op = cryptodev_builtin_operation; | |
1653a5f3 GA |
617 | } |
618 | ||
619 | static const TypeInfo cryptodev_builtin_info = { | |
620 | .name = TYPE_CRYPTODEV_BACKEND_BUILTIN, | |
621 | .parent = TYPE_CRYPTODEV_BACKEND, | |
622 | .class_init = cryptodev_builtin_class_init, | |
623 | .instance_size = sizeof(CryptoDevBackendBuiltin), | |
624 | }; | |
625 | ||
626 | static void | |
627 | cryptodev_builtin_register_types(void) | |
628 | { | |
629 | type_register_static(&cryptodev_builtin_info); | |
630 | } | |
631 | ||
632 | type_init(cryptodev_builtin_register_types); |