]>
Commit | Line | Data |
---|---|---|
1653a5f3 GA |
1 | /* |
2 | * QEMU Cryptodev backend for QEMU cipher APIs | |
3 | * | |
4 | * Copyright (c) 2016 HUAWEI TECHNOLOGIES CO., LTD. | |
5 | * | |
6 | * Authors: | |
7 | * Gonglei <arei.gonglei@huawei.com> | |
8 | * | |
9 | * This library is free software; you can redistribute it and/or | |
10 | * modify it under the terms of the GNU Lesser General Public | |
11 | * License as published by the Free Software Foundation; either | |
12 | * version 2 of the License, or (at your option) any later version. | |
13 | * | |
14 | * This library is distributed in the hope that it will be useful, | |
15 | * but WITHOUT ANY WARRANTY; without even the implied warranty of | |
16 | * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU | |
17 | * Lesser General Public License for more details. | |
18 | * | |
19 | * You should have received a copy of the GNU Lesser General Public | |
20 | * License along with this library; if not, see <http://www.gnu.org/licenses/>. | |
21 | * | |
22 | */ | |
23 | ||
24 | #include "qemu/osdep.h" | |
25 | #include "sysemu/cryptodev.h" | |
26 | #include "hw/boards.h" | |
27 | #include "qapi/error.h" | |
28 | #include "standard-headers/linux/virtio_crypto.h" | |
29 | #include "crypto/cipher.h" | |
30 | ||
31 | ||
32 | /** | |
33 | * @TYPE_CRYPTODEV_BACKEND_BUILTIN: | |
34 | * name of backend that uses QEMU cipher API | |
35 | */ | |
36 | #define TYPE_CRYPTODEV_BACKEND_BUILTIN "cryptodev-backend-builtin" | |
37 | ||
38 | #define CRYPTODEV_BACKEND_BUILTIN(obj) \ | |
39 | OBJECT_CHECK(CryptoDevBackendBuiltin, \ | |
40 | (obj), TYPE_CRYPTODEV_BACKEND_BUILTIN) | |
41 | ||
42 | typedef struct CryptoDevBackendBuiltin | |
43 | CryptoDevBackendBuiltin; | |
44 | ||
45 | typedef struct CryptoDevBackendBuiltinSession { | |
46 | QCryptoCipher *cipher; | |
47 | uint8_t direction; /* encryption or decryption */ | |
48 | uint8_t type; /* cipher? hash? aead? */ | |
49 | QTAILQ_ENTRY(CryptoDevBackendBuiltinSession) next; | |
50 | } CryptoDevBackendBuiltinSession; | |
51 | ||
52 | /* Max number of symmetric sessions */ | |
53 | #define MAX_NUM_SESSIONS 256 | |
54 | ||
55 | #define CRYPTODEV_BUITLIN_MAX_AUTH_KEY_LEN 512 | |
56 | #define CRYPTODEV_BUITLIN_MAX_CIPHER_KEY_LEN 64 | |
57 | ||
58 | struct CryptoDevBackendBuiltin { | |
59 | CryptoDevBackend parent_obj; | |
60 | ||
61 | CryptoDevBackendBuiltinSession *sessions[MAX_NUM_SESSIONS]; | |
62 | }; | |
63 | ||
64 | static void cryptodev_builtin_init( | |
65 | CryptoDevBackend *backend, Error **errp) | |
66 | { | |
67 | /* Only support one queue */ | |
68 | int queues = backend->conf.peers.queues; | |
69 | CryptoDevBackendClient *cc; | |
70 | ||
71 | if (queues != 1) { | |
72 | error_setg(errp, | |
73 | "Only support one queue in cryptdov-builtin backend"); | |
74 | return; | |
75 | } | |
76 | ||
77 | cc = cryptodev_backend_new_client( | |
78 | "cryptodev-builtin", NULL); | |
79 | cc->info_str = g_strdup_printf("cryptodev-builtin0"); | |
80 | cc->queue_index = 0; | |
81 | backend->conf.peers.ccs[0] = cc; | |
82 | ||
83 | backend->conf.crypto_services = | |
84 | 1u << VIRTIO_CRYPTO_SERVICE_CIPHER | | |
85 | 1u << VIRTIO_CRYPTO_SERVICE_HASH | | |
86 | 1u << VIRTIO_CRYPTO_SERVICE_MAC; | |
87 | backend->conf.cipher_algo_l = 1u << VIRTIO_CRYPTO_CIPHER_AES_CBC; | |
88 | backend->conf.hash_algo = 1u << VIRTIO_CRYPTO_HASH_SHA1; | |
89 | /* | |
90 | * Set the Maximum length of crypto request. | |
91 | * Why this value? Just avoid to overflow when | |
92 | * memory allocation for each crypto request. | |
93 | */ | |
94 | backend->conf.max_size = LONG_MAX - sizeof(CryptoDevBackendSymOpInfo); | |
95 | backend->conf.max_cipher_key_len = CRYPTODEV_BUITLIN_MAX_CIPHER_KEY_LEN; | |
96 | backend->conf.max_auth_key_len = CRYPTODEV_BUITLIN_MAX_AUTH_KEY_LEN; | |
97 | } | |
98 | ||
99 | static int | |
100 | cryptodev_builtin_get_unused_session_index( | |
101 | CryptoDevBackendBuiltin *builtin) | |
102 | { | |
103 | size_t i; | |
104 | ||
105 | for (i = 0; i < MAX_NUM_SESSIONS; i++) { | |
106 | if (builtin->sessions[i] == NULL) { | |
107 | return i; | |
108 | } | |
109 | } | |
110 | ||
111 | return -1; | |
112 | } | |
113 | ||
465f2fed LM |
114 | #define AES_KEYSIZE_128 16 |
115 | #define AES_KEYSIZE_192 24 | |
116 | #define AES_KEYSIZE_256 32 | |
117 | #define AES_KEYSIZE_128_XTS AES_KEYSIZE_256 | |
118 | #define AES_KEYSIZE_256_XTS 64 | |
119 | ||
1653a5f3 | 120 | static int |
465f2fed | 121 | cryptodev_builtin_get_aes_algo(uint32_t key_len, int mode, Error **errp) |
1653a5f3 GA |
122 | { |
123 | int algo; | |
124 | ||
465f2fed | 125 | if (key_len == AES_KEYSIZE_128) { |
1653a5f3 | 126 | algo = QCRYPTO_CIPHER_ALG_AES_128; |
465f2fed | 127 | } else if (key_len == AES_KEYSIZE_192) { |
1653a5f3 | 128 | algo = QCRYPTO_CIPHER_ALG_AES_192; |
465f2fed LM |
129 | } else if (key_len == AES_KEYSIZE_256) { /* equals AES_KEYSIZE_128_XTS */ |
130 | if (mode == QCRYPTO_CIPHER_MODE_XTS) { | |
131 | algo = QCRYPTO_CIPHER_ALG_AES_128; | |
132 | } else { | |
133 | algo = QCRYPTO_CIPHER_ALG_AES_256; | |
134 | } | |
135 | } else if (key_len == AES_KEYSIZE_256_XTS) { | |
136 | if (mode == QCRYPTO_CIPHER_MODE_XTS) { | |
137 | algo = QCRYPTO_CIPHER_ALG_AES_256; | |
138 | } else { | |
139 | goto err; | |
140 | } | |
1653a5f3 | 141 | } else { |
465f2fed | 142 | goto err; |
1653a5f3 GA |
143 | } |
144 | ||
145 | return algo; | |
465f2fed LM |
146 | |
147 | err: | |
148 | error_setg(errp, "Unsupported key length :%u", key_len); | |
149 | return -1; | |
1653a5f3 GA |
150 | } |
151 | ||
152 | static int cryptodev_builtin_create_cipher_session( | |
153 | CryptoDevBackendBuiltin *builtin, | |
154 | CryptoDevBackendSymSessionInfo *sess_info, | |
155 | Error **errp) | |
156 | { | |
157 | int algo; | |
158 | int mode; | |
159 | QCryptoCipher *cipher; | |
160 | int index; | |
161 | CryptoDevBackendBuiltinSession *sess; | |
162 | ||
163 | if (sess_info->op_type != VIRTIO_CRYPTO_SYM_OP_CIPHER) { | |
164 | error_setg(errp, "Unsupported optype :%u", sess_info->op_type); | |
165 | return -1; | |
166 | } | |
167 | ||
168 | index = cryptodev_builtin_get_unused_session_index(builtin); | |
169 | if (index < 0) { | |
170 | error_setg(errp, "Total number of sessions created exceeds %u", | |
171 | MAX_NUM_SESSIONS); | |
172 | return -1; | |
173 | } | |
174 | ||
175 | switch (sess_info->cipher_alg) { | |
176 | case VIRTIO_CRYPTO_CIPHER_AES_ECB: | |
465f2fed | 177 | mode = QCRYPTO_CIPHER_MODE_ECB; |
1653a5f3 | 178 | algo = cryptodev_builtin_get_aes_algo(sess_info->key_len, |
465f2fed | 179 | mode, errp); |
1653a5f3 GA |
180 | if (algo < 0) { |
181 | return -1; | |
182 | } | |
1653a5f3 GA |
183 | break; |
184 | case VIRTIO_CRYPTO_CIPHER_AES_CBC: | |
465f2fed | 185 | mode = QCRYPTO_CIPHER_MODE_CBC; |
1653a5f3 | 186 | algo = cryptodev_builtin_get_aes_algo(sess_info->key_len, |
465f2fed | 187 | mode, errp); |
1653a5f3 GA |
188 | if (algo < 0) { |
189 | return -1; | |
190 | } | |
1653a5f3 GA |
191 | break; |
192 | case VIRTIO_CRYPTO_CIPHER_AES_CTR: | |
465f2fed | 193 | mode = QCRYPTO_CIPHER_MODE_CTR; |
1653a5f3 | 194 | algo = cryptodev_builtin_get_aes_algo(sess_info->key_len, |
465f2fed | 195 | mode, errp); |
1653a5f3 GA |
196 | if (algo < 0) { |
197 | return -1; | |
198 | } | |
1653a5f3 GA |
199 | break; |
200 | case VIRTIO_CRYPTO_CIPHER_DES_ECB: | |
1653a5f3 | 201 | mode = QCRYPTO_CIPHER_MODE_ECB; |
465f2fed | 202 | algo = QCRYPTO_CIPHER_ALG_DES_RFB; |
1653a5f3 GA |
203 | break; |
204 | default: | |
205 | error_setg(errp, "Unsupported cipher alg :%u", | |
206 | sess_info->cipher_alg); | |
207 | return -1; | |
208 | } | |
209 | ||
210 | cipher = qcrypto_cipher_new(algo, mode, | |
211 | sess_info->cipher_key, | |
212 | sess_info->key_len, | |
213 | errp); | |
214 | if (!cipher) { | |
215 | return -1; | |
216 | } | |
217 | ||
218 | sess = g_new0(CryptoDevBackendBuiltinSession, 1); | |
219 | sess->cipher = cipher; | |
220 | sess->direction = sess_info->direction; | |
221 | sess->type = sess_info->op_type; | |
222 | ||
223 | builtin->sessions[index] = sess; | |
224 | ||
225 | return index; | |
226 | } | |
227 | ||
228 | static int64_t cryptodev_builtin_sym_create_session( | |
229 | CryptoDevBackend *backend, | |
230 | CryptoDevBackendSymSessionInfo *sess_info, | |
231 | uint32_t queue_index, Error **errp) | |
232 | { | |
233 | CryptoDevBackendBuiltin *builtin = | |
234 | CRYPTODEV_BACKEND_BUILTIN(backend); | |
235 | int64_t session_id = -1; | |
236 | int ret; | |
237 | ||
238 | switch (sess_info->op_code) { | |
239 | case VIRTIO_CRYPTO_CIPHER_CREATE_SESSION: | |
240 | ret = cryptodev_builtin_create_cipher_session( | |
241 | builtin, sess_info, errp); | |
242 | if (ret < 0) { | |
243 | return ret; | |
244 | } else { | |
245 | session_id = ret; | |
246 | } | |
247 | break; | |
248 | case VIRTIO_CRYPTO_HASH_CREATE_SESSION: | |
249 | case VIRTIO_CRYPTO_MAC_CREATE_SESSION: | |
250 | default: | |
251 | error_setg(errp, "Unsupported opcode :%" PRIu32 "", | |
252 | sess_info->op_code); | |
253 | return -1; | |
254 | } | |
255 | ||
256 | return session_id; | |
257 | } | |
258 | ||
259 | static int cryptodev_builtin_sym_close_session( | |
260 | CryptoDevBackend *backend, | |
261 | uint64_t session_id, | |
262 | uint32_t queue_index, Error **errp) | |
263 | { | |
264 | CryptoDevBackendBuiltin *builtin = | |
265 | CRYPTODEV_BACKEND_BUILTIN(backend); | |
266 | ||
267 | if (session_id >= MAX_NUM_SESSIONS || | |
268 | builtin->sessions[session_id] == NULL) { | |
269 | error_setg(errp, "Cannot find a valid session id: %" PRIu64 "", | |
270 | session_id); | |
271 | return -1; | |
272 | } | |
273 | ||
274 | qcrypto_cipher_free(builtin->sessions[session_id]->cipher); | |
275 | g_free(builtin->sessions[session_id]); | |
276 | builtin->sessions[session_id] = NULL; | |
277 | return 0; | |
278 | } | |
279 | ||
280 | static int cryptodev_builtin_sym_operation( | |
281 | CryptoDevBackend *backend, | |
282 | CryptoDevBackendSymOpInfo *op_info, | |
283 | uint32_t queue_index, Error **errp) | |
284 | { | |
285 | CryptoDevBackendBuiltin *builtin = | |
286 | CRYPTODEV_BACKEND_BUILTIN(backend); | |
287 | CryptoDevBackendBuiltinSession *sess; | |
288 | int ret; | |
289 | ||
290 | if (op_info->session_id >= MAX_NUM_SESSIONS || | |
291 | builtin->sessions[op_info->session_id] == NULL) { | |
292 | error_setg(errp, "Cannot find a valid session id: %" PRIu64 "", | |
293 | op_info->session_id); | |
294 | return -VIRTIO_CRYPTO_INVSESS; | |
295 | } | |
296 | ||
297 | if (op_info->op_type == VIRTIO_CRYPTO_SYM_OP_ALGORITHM_CHAINING) { | |
298 | error_setg(errp, | |
299 | "Algorithm chain is unsupported for cryptdoev-builtin"); | |
300 | return -VIRTIO_CRYPTO_NOTSUPP; | |
301 | } | |
302 | ||
303 | sess = builtin->sessions[op_info->session_id]; | |
304 | ||
305 | ret = qcrypto_cipher_setiv(sess->cipher, op_info->iv, | |
306 | op_info->iv_len, errp); | |
307 | if (ret < 0) { | |
308 | return -VIRTIO_CRYPTO_ERR; | |
309 | } | |
310 | ||
311 | if (sess->direction == VIRTIO_CRYPTO_OP_ENCRYPT) { | |
312 | ret = qcrypto_cipher_encrypt(sess->cipher, op_info->src, | |
313 | op_info->dst, op_info->src_len, errp); | |
314 | if (ret < 0) { | |
315 | return -VIRTIO_CRYPTO_ERR; | |
316 | } | |
317 | } else { | |
318 | ret = qcrypto_cipher_decrypt(sess->cipher, op_info->src, | |
319 | op_info->dst, op_info->src_len, errp); | |
320 | if (ret < 0) { | |
321 | return -VIRTIO_CRYPTO_ERR; | |
322 | } | |
323 | } | |
324 | return VIRTIO_CRYPTO_OK; | |
325 | } | |
326 | ||
327 | static void cryptodev_builtin_cleanup( | |
328 | CryptoDevBackend *backend, | |
329 | Error **errp) | |
330 | { | |
331 | CryptoDevBackendBuiltin *builtin = | |
332 | CRYPTODEV_BACKEND_BUILTIN(backend); | |
333 | size_t i; | |
334 | int queues = backend->conf.peers.queues; | |
335 | CryptoDevBackendClient *cc; | |
336 | ||
337 | for (i = 0; i < MAX_NUM_SESSIONS; i++) { | |
338 | if (builtin->sessions[i] != NULL) { | |
339 | cryptodev_builtin_sym_close_session( | |
340 | backend, i, 0, errp); | |
341 | } | |
342 | } | |
343 | ||
344 | assert(queues == 1); | |
345 | ||
346 | for (i = 0; i < queues; i++) { | |
347 | cc = backend->conf.peers.ccs[i]; | |
348 | if (cc) { | |
349 | cryptodev_backend_free_client(cc); | |
350 | backend->conf.peers.ccs[i] = NULL; | |
351 | } | |
352 | } | |
353 | } | |
354 | ||
355 | static void | |
356 | cryptodev_builtin_class_init(ObjectClass *oc, void *data) | |
357 | { | |
358 | CryptoDevBackendClass *bc = CRYPTODEV_BACKEND_CLASS(oc); | |
359 | ||
360 | bc->init = cryptodev_builtin_init; | |
361 | bc->cleanup = cryptodev_builtin_cleanup; | |
362 | bc->create_session = cryptodev_builtin_sym_create_session; | |
363 | bc->close_session = cryptodev_builtin_sym_close_session; | |
364 | bc->do_sym_op = cryptodev_builtin_sym_operation; | |
365 | } | |
366 | ||
367 | static const TypeInfo cryptodev_builtin_info = { | |
368 | .name = TYPE_CRYPTODEV_BACKEND_BUILTIN, | |
369 | .parent = TYPE_CRYPTODEV_BACKEND, | |
370 | .class_init = cryptodev_builtin_class_init, | |
371 | .instance_size = sizeof(CryptoDevBackendBuiltin), | |
372 | }; | |
373 | ||
374 | static void | |
375 | cryptodev_builtin_register_types(void) | |
376 | { | |
377 | type_register_static(&cryptodev_builtin_info); | |
378 | } | |
379 | ||
380 | type_init(cryptodev_builtin_register_types); |