[thirdparty/qemu.git] / hw / virtio / virtio-crypto.c

/*
 * Virtio crypto Support
 *
 * Copyright (c) 2016 HUAWEI TECHNOLOGIES CO., LTD.
 *
 * Authors:
 *    Gonglei <arei.gonglei@huawei.com>
 *
 * This work is licensed under the terms of the GNU GPL, version 2 or
 * (at your option) any later version.  See the COPYING file in the
 * top-level directory.
 */
#include "qemu/osdep.h"
#include "qemu/iov.h"
#include "hw/qdev.h"
#include "qapi/error.h"
#include "qemu/error-report.h"

#include "hw/virtio/virtio.h"
#include "hw/virtio/virtio-crypto.h"
#include "hw/virtio/virtio-access.h"
#include "standard-headers/linux/virtio_ids.h"

#define VIRTIO_CRYPTO_VM_VERSION 1

/*
 * Transfer virtqueue index to crypto queue index.
 * The control virtqueue is after the data virtqueues
 * so the input value doesn't need to be adjusted
 */
static inline int virtio_crypto_vq2q(int queue_index)
{
    return queue_index;
}

static int
virtio_crypto_cipher_session_helper(VirtIODevice *vdev,
           CryptoDevBackendSymSessionInfo *info,
           struct virtio_crypto_cipher_session_para *cipher_para,
           struct iovec **iov, unsigned int *out_num)
{
    VirtIOCrypto *vcrypto = VIRTIO_CRYPTO(vdev);
    unsigned int num = *out_num;

    info->cipher_alg = ldl_le_p(&cipher_para->algo);
    info->key_len = ldl_le_p(&cipher_para->keylen);
    info->direction = ldl_le_p(&cipher_para->op);
    DPRINTF("cipher_alg=%" PRIu32 ", info->direction=%" PRIu32 "\n",
             info->cipher_alg, info->direction);

    if (info->key_len > vcrypto->conf.max_cipher_key_len) {
        error_report("virtio-crypto length of cipher key is too big: %u",
                     info->key_len);
        return -VIRTIO_CRYPTO_ERR;
    }
    /* Get cipher key */
    if (info->key_len > 0) {
        size_t s;
        DPRINTF("keylen=%" PRIu32 "\n", info->key_len);

        info->cipher_key = g_malloc(info->key_len);
        s = iov_to_buf(*iov, num, 0, info->cipher_key, info->key_len);
        if (unlikely(s != info->key_len)) {
            virtio_error(vdev, "virtio-crypto cipher key incorrect");
            return -EFAULT;
        }
        iov_discard_front(iov, &num, info->key_len);
        *out_num = num;
    }

    return 0;
}

static int64_t
virtio_crypto_create_sym_session(VirtIOCrypto *vcrypto,
               struct virtio_crypto_sym_create_session_req *sess_req,
               uint32_t queue_id,
               uint32_t opcode,
               struct iovec *iov, unsigned int out_num)
{
    VirtIODevice *vdev = VIRTIO_DEVICE(vcrypto);
    CryptoDevBackendSymSessionInfo info;
    int64_t session_id;
    int queue_index;
    uint32_t op_type;
    Error *local_err = NULL;
    int ret;

    memset(&info, 0, sizeof(info));
    op_type = ldl_le_p(&sess_req->op_type);
    info.op_type = op_type;
    info.op_code = opcode;

    if (op_type == VIRTIO_CRYPTO_SYM_OP_CIPHER) {
        ret = virtio_crypto_cipher_session_helper(vdev, &info,
                           &sess_req->u.cipher.para,
                           &iov, &out_num);
        if (ret < 0) {
            goto err;
        }
    } else if (op_type == VIRTIO_CRYPTO_SYM_OP_ALGORITHM_CHAINING) {
        size_t s;
        /* cipher part */
        ret = virtio_crypto_cipher_session_helper(vdev, &info,
                           &sess_req->u.chain.para.cipher_param,
                           &iov, &out_num);
        if (ret < 0) {
            goto err;
        }
        /* hash part */
        info.alg_chain_order = ldl_le_p(
                                     &sess_req->u.chain.para.alg_chain_order);
        info.add_len = ldl_le_p(&sess_req->u.chain.para.aad_len);
        info.hash_mode = ldl_le_p(&sess_req->u.chain.para.hash_mode);
        if (info.hash_mode == VIRTIO_CRYPTO_SYM_HASH_MODE_AUTH) {
            info.hash_alg = ldl_le_p(&sess_req->u.chain.para.u.mac_param.algo);
            info.auth_key_len = ldl_le_p(
                             &sess_req->u.chain.para.u.mac_param.auth_key_len);
            info.hash_result_len = ldl_le_p(
                           &sess_req->u.chain.para.u.mac_param.hash_result_len);
            if (info.auth_key_len > vcrypto->conf.max_auth_key_len) {
                error_report("virtio-crypto length of auth key is too big: %u",
                             info.auth_key_len);
                ret = -VIRTIO_CRYPTO_ERR;
                goto err;
            }
            /* get auth key */
            if (info.auth_key_len > 0) {
                DPRINTF("auth_keylen=%" PRIu32 "\n", info.auth_key_len);
                info.auth_key = g_malloc(info.auth_key_len);
                s = iov_to_buf(iov, out_num, 0, info.auth_key,
                               info.auth_key_len);
                if (unlikely(s != info.auth_key_len)) {
                    virtio_error(vdev,
                          "virtio-crypto authenticated key incorrect");
                    ret = -EFAULT;
                    goto err;
                }
                iov_discard_front(&iov, &out_num, info.auth_key_len);
            }
        } else if (info.hash_mode == VIRTIO_CRYPTO_SYM_HASH_MODE_PLAIN) {
            info.hash_alg = ldl_le_p(
                             &sess_req->u.chain.para.u.hash_param.algo);
            info.hash_result_len = ldl_le_p(
                        &sess_req->u.chain.para.u.hash_param.hash_result_len);
        } else {
            /* VIRTIO_CRYPTO_SYM_HASH_MODE_NESTED */
            error_report("unsupported hash mode");
            ret = -VIRTIO_CRYPTO_NOTSUPP;
            goto err;
        }
    } else {
        /* VIRTIO_CRYPTO_SYM_OP_NONE */
        error_report("unsupported cipher op_type: VIRTIO_CRYPTO_SYM_OP_NONE");
        ret = -VIRTIO_CRYPTO_NOTSUPP;
        goto err;
    }

    queue_index = virtio_crypto_vq2q(queue_id);
    session_id = cryptodev_backend_sym_create_session(
                                     vcrypto->cryptodev,
                                     &info, queue_index, &local_err);
    if (session_id >= 0) {
        DPRINTF("create session_id=%" PRIu64 " successfully\n",
                session_id);

        ret = session_id;
    } else {
        if (local_err) {
            error_report_err(local_err);
        }
        ret = -VIRTIO_CRYPTO_ERR;
    }

err:
    g_free(info.cipher_key);
    g_free(info.auth_key);
    return ret;
}

static uint8_t
virtio_crypto_handle_close_session(VirtIOCrypto *vcrypto,
         struct virtio_crypto_destroy_session_req *close_sess_req,
         uint32_t queue_id)
{
    int ret;
    uint64_t session_id;
    uint32_t status;
    Error *local_err = NULL;

    session_id = ldq_le_p(&close_sess_req->session_id);
    DPRINTF("close session, id=%" PRIu64 "\n", session_id);

    ret = cryptodev_backend_sym_close_session(
              vcrypto->cryptodev, session_id, queue_id, &local_err);
    if (ret == 0) {
        status = VIRTIO_CRYPTO_OK;
    } else {
        if (local_err) {
            error_report_err(local_err);
        } else {
            error_report("destroy session failed");
        }
        status = VIRTIO_CRYPTO_ERR;
    }

    return status;
}

static void virtio_crypto_handle_ctrl(VirtIODevice *vdev, VirtQueue *vq)
{
    VirtIOCrypto *vcrypto = VIRTIO_CRYPTO(vdev);
    struct virtio_crypto_op_ctrl_req ctrl;
    VirtQueueElement *elem;
    struct iovec *in_iov;
    struct iovec *out_iov;
    unsigned in_num;
    unsigned out_num;
    uint32_t queue_id;
    uint32_t opcode;
    struct virtio_crypto_session_input input;
    int64_t session_id;
    uint8_t status;
    size_t s;

    for (;;) {
        elem = virtqueue_pop(vq, sizeof(VirtQueueElement));
        if (!elem) {
            break;
        }
        if (elem->out_num < 1 || elem->in_num < 1) {
            virtio_error(vdev, "virtio-crypto ctrl missing headers");
            virtqueue_detach_element(vq, elem, 0);
            g_free(elem);
            break;
        }

        out_num = elem->out_num;
        out_iov = elem->out_sg;
        in_num = elem->in_num;
        in_iov = elem->in_sg;
        if (unlikely(iov_to_buf(out_iov, out_num, 0, &ctrl, sizeof(ctrl))
                    != sizeof(ctrl))) {
            virtio_error(vdev, "virtio-crypto request ctrl_hdr too short");
            virtqueue_detach_element(vq, elem, 0);
            g_free(elem);
            break;
        }
        iov_discard_front(&out_iov, &out_num, sizeof(ctrl));

        opcode = ldl_le_p(&ctrl.header.opcode);
        queue_id = ldl_le_p(&ctrl.header.queue_id);

        switch (opcode) {
        case VIRTIO_CRYPTO_CIPHER_CREATE_SESSION:
            memset(&input, 0, sizeof(input));
            session_id = virtio_crypto_create_sym_session(vcrypto,
                             &ctrl.u.sym_create_session,
                             queue_id, opcode,
                             out_iov, out_num);
            /* Serious errors, need to reset virtio crypto device */
            if (session_id == -EFAULT) {
                virtqueue_detach_element(vq, elem, 0);
                break;
            } else if (session_id == -VIRTIO_CRYPTO_NOTSUPP) {
                stl_le_p(&input.status, VIRTIO_CRYPTO_NOTSUPP);
            } else if (session_id == -VIRTIO_CRYPTO_ERR) {
                stl_le_p(&input.status, VIRTIO_CRYPTO_ERR);
            } else {
                /* Set the session id */
                stq_le_p(&input.session_id, session_id);
                stl_le_p(&input.status, VIRTIO_CRYPTO_OK);
            }

            s = iov_from_buf(in_iov, in_num, 0, &input, sizeof(input));
            if (unlikely(s != sizeof(input))) {
                virtio_error(vdev, "virtio-crypto input incorrect");
                virtqueue_detach_element(vq, elem, 0);
                break;
            }
            virtqueue_push(vq, elem, sizeof(input));
            virtio_notify(vdev, vq);
            break;
        case VIRTIO_CRYPTO_CIPHER_DESTROY_SESSION:
        case VIRTIO_CRYPTO_HASH_DESTROY_SESSION:
        case VIRTIO_CRYPTO_MAC_DESTROY_SESSION:
        case VIRTIO_CRYPTO_AEAD_DESTROY_SESSION:
            status = virtio_crypto_handle_close_session(vcrypto,
                   &ctrl.u.destroy_session, queue_id);
            /* The status only occupy one byte, we can directly use it */
            s = iov_from_buf(in_iov, in_num, 0, &status, sizeof(status));
            if (unlikely(s != sizeof(status))) {
                virtio_error(vdev, "virtio-crypto status incorrect");
                virtqueue_detach_element(vq, elem, 0);
                break;
            }
            virtqueue_push(vq, elem, sizeof(status));
            virtio_notify(vdev, vq);
            break;
        case VIRTIO_CRYPTO_HASH_CREATE_SESSION:
        case VIRTIO_CRYPTO_MAC_CREATE_SESSION:
        case VIRTIO_CRYPTO_AEAD_CREATE_SESSION:
        default:
            error_report("virtio-crypto unsupported ctrl opcode: %d", opcode);
            memset(&input, 0, sizeof(input));
            stl_le_p(&input.status, VIRTIO_CRYPTO_NOTSUPP);
            s = iov_from_buf(in_iov, in_num, 0, &input, sizeof(input));
            if (unlikely(s != sizeof(input))) {
                virtio_error(vdev, "virtio-crypto input incorrect");
                virtqueue_detach_element(vq, elem, 0);
                break;
            }
            virtqueue_push(vq, elem, sizeof(input));
            virtio_notify(vdev, vq);

            break;
        } /* end switch case */

        g_free(elem);
    } /* end for loop */
}

static uint64_t virtio_crypto_get_features(VirtIODevice *vdev,
                                           uint64_t features,
                                           Error **errp)
{
    return features;
}

static void virtio_crypto_reset(VirtIODevice *vdev)
{
    VirtIOCrypto *vcrypto = VIRTIO_CRYPTO(vdev);
    /* multiqueue is disabled by default */
    vcrypto->curr_queues = 1;
    if (!vcrypto->cryptodev->ready) {
        vcrypto->status &= ~VIRTIO_CRYPTO_S_HW_READY;
    } else {
        vcrypto->status |= VIRTIO_CRYPTO_S_HW_READY;
    }
}

static void virtio_crypto_init_config(VirtIODevice *vdev)
{
    VirtIOCrypto *vcrypto = VIRTIO_CRYPTO(vdev);

    vcrypto->conf.crypto_services =
                     vcrypto->conf.cryptodev->conf.crypto_services;
    vcrypto->conf.cipher_algo_l =
                     vcrypto->conf.cryptodev->conf.cipher_algo_l;
    vcrypto->conf.cipher_algo_h =
                     vcrypto->conf.cryptodev->conf.cipher_algo_h;
    vcrypto->conf.hash_algo = vcrypto->conf.cryptodev->conf.hash_algo;
    vcrypto->conf.mac_algo_l = vcrypto->conf.cryptodev->conf.mac_algo_l;
    vcrypto->conf.mac_algo_h = vcrypto->conf.cryptodev->conf.mac_algo_h;
    vcrypto->conf.aead_algo = vcrypto->conf.cryptodev->conf.aead_algo;
    vcrypto->conf.max_cipher_key_len =
                  vcrypto->conf.cryptodev->conf.max_cipher_key_len;
    vcrypto->conf.max_auth_key_len =
                  vcrypto->conf.cryptodev->conf.max_auth_key_len;
    vcrypto->conf.max_size = vcrypto->conf.cryptodev->conf.max_size;
}

static void virtio_crypto_device_realize(DeviceState *dev, Error **errp)
{
    VirtIODevice *vdev = VIRTIO_DEVICE(dev);
    VirtIOCrypto *vcrypto = VIRTIO_CRYPTO(dev);
    int i;

    vcrypto->cryptodev = vcrypto->conf.cryptodev;
    if (vcrypto->cryptodev == NULL) {
        error_setg(errp, "'cryptodev' parameter expects a valid object");
        return;
    }

    vcrypto->max_queues = MAX(vcrypto->cryptodev->conf.peers.queues, 1);
    if (vcrypto->max_queues + 1 > VIRTIO_QUEUE_MAX) {
        error_setg(errp, "Invalid number of queues (= %" PRIu32 "), "
                   "must be a postive integer less than %d.",
                   vcrypto->max_queues, VIRTIO_QUEUE_MAX);
        return;
    }

    virtio_init(vdev, "virtio-crypto", VIRTIO_ID_CRYPTO, vcrypto->config_size);
    vcrypto->curr_queues = 1;

    for (i = 0; i < vcrypto->max_queues; i++) {
        virtio_add_queue(vdev, 1024, NULL);
    }

    vcrypto->ctrl_vq = virtio_add_queue(vdev, 64, virtio_crypto_handle_ctrl);
    if (!vcrypto->cryptodev->ready) {
        vcrypto->status &= ~VIRTIO_CRYPTO_S_HW_READY;
    } else {
        vcrypto->status |= VIRTIO_CRYPTO_S_HW_READY;
    }

    virtio_crypto_init_config(vdev);
}

static void virtio_crypto_device_unrealize(DeviceState *dev, Error **errp)
{
    VirtIODevice *vdev = VIRTIO_DEVICE(dev);

    virtio_cleanup(vdev);
}

static const VMStateDescription vmstate_virtio_crypto = {
    .name = "virtio-crypto",
    .minimum_version_id = VIRTIO_CRYPTO_VM_VERSION,
    .version_id = VIRTIO_CRYPTO_VM_VERSION,
    .fields = (VMStateField[]) {
        VMSTATE_VIRTIO_DEVICE,
        VMSTATE_END_OF_LIST()
    },
};

static Property virtio_crypto_properties[] = {
    DEFINE_PROP_END_OF_LIST(),
};

static void virtio_crypto_get_config(VirtIODevice *vdev, uint8_t *config)
{
    VirtIOCrypto *c = VIRTIO_CRYPTO(vdev);
    struct virtio_crypto_config crypto_cfg;

    /*
     * Virtio-crypto device conforms to VIRTIO 1.0 which is always LE,
     * so we can use LE accessors directly.
     */
    stl_le_p(&crypto_cfg.status, c->status);
    stl_le_p(&crypto_cfg.max_dataqueues, c->max_queues);
    stl_le_p(&crypto_cfg.crypto_services, c->conf.crypto_services);
    stl_le_p(&crypto_cfg.cipher_algo_l, c->conf.cipher_algo_l);
    stl_le_p(&crypto_cfg.cipher_algo_h, c->conf.cipher_algo_h);
    stl_le_p(&crypto_cfg.hash_algo, c->conf.hash_algo);
    stl_le_p(&crypto_cfg.mac_algo_l, c->conf.mac_algo_l);
    stl_le_p(&crypto_cfg.mac_algo_h, c->conf.mac_algo_h);
    stl_le_p(&crypto_cfg.aead_algo, c->conf.aead_algo);
    stl_le_p(&crypto_cfg.max_cipher_key_len, c->conf.max_cipher_key_len);
    stl_le_p(&crypto_cfg.max_auth_key_len, c->conf.max_auth_key_len);
    stq_le_p(&crypto_cfg.max_size, c->conf.max_size);

    memcpy(config, &crypto_cfg, c->config_size);
}

static void virtio_crypto_class_init(ObjectClass *klass, void *data)
{
    DeviceClass *dc = DEVICE_CLASS(klass);
    VirtioDeviceClass *vdc = VIRTIO_DEVICE_CLASS(klass);

    dc->props = virtio_crypto_properties;
    dc->vmsd = &vmstate_virtio_crypto;
    set_bit(DEVICE_CATEGORY_MISC, dc->categories);
    vdc->realize = virtio_crypto_device_realize;
    vdc->unrealize = virtio_crypto_device_unrealize;
    vdc->get_config = virtio_crypto_get_config;
    vdc->get_features = virtio_crypto_get_features;
    vdc->reset = virtio_crypto_reset;
}

static void virtio_crypto_instance_init(Object *obj)
{
    VirtIOCrypto *vcrypto = VIRTIO_CRYPTO(obj);

    /*
     * The default config_size is sizeof(struct virtio_crypto_config).
     * Can be overriden with virtio_crypto_set_config_size.
     */
    vcrypto->config_size = sizeof(struct virtio_crypto_config);

    object_property_add_link(obj, "cryptodev",
                             TYPE_CRYPTODEV_BACKEND,
                             (Object **)&vcrypto->conf.cryptodev,
                             qdev_prop_allow_set_link_before_realize,
                             OBJ_PROP_LINK_UNREF_ON_RELEASE, NULL);
}

static const TypeInfo virtio_crypto_info = {
    .name = TYPE_VIRTIO_CRYPTO,
    .parent = TYPE_VIRTIO_DEVICE,
    .instance_size = sizeof(VirtIOCrypto),
    .instance_init = virtio_crypto_instance_init,
    .class_init = virtio_crypto_class_init,
};

static void virtio_register_types(void)
{
    type_register_static(&virtio_crypto_info);
}

type_init(virtio_register_types)
Commit	Line	Data
ea4d8ac2 GA	1	/*
	2	* Virtio crypto Support
	3	*
	4	* Copyright (c) 2016 HUAWEI TECHNOLOGIES CO., LTD.
	5	*
	6	* Authors:
	7	* Gonglei <arei.gonglei@huawei.com>
	8	*
	9	* This work is licensed under the terms of the GNU GPL, version 2 or
	10	* (at your option) any later version. See the COPYING file in the
	11	* top-level directory.
	12	*/
	13	#include "qemu/osdep.h"
	14	#include "qemu/iov.h"
	15	#include "hw/qdev.h"
	16	#include "qapi/error.h"
	17	#include "qemu/error-report.h"
	18
	19	#include "hw/virtio/virtio.h"
	20	#include "hw/virtio/virtio-crypto.h"
	21	#include "hw/virtio/virtio-access.h"
	22	#include "standard-headers/linux/virtio_ids.h"
	23
	24	#define VIRTIO_CRYPTO_VM_VERSION 1
	25
59c360ca GA	26	/*
	27	* Transfer virtqueue index to crypto queue index.
	28	* The control virtqueue is after the data virtqueues
	29	* so the input value doesn't need to be adjusted
	30	*/
	31	static inline int virtio_crypto_vq2q(int queue_index)
	32	{
	33	return queue_index;
	34	}
	35
	36	static int
	37	virtio_crypto_cipher_session_helper(VirtIODevice *vdev,
	38	CryptoDevBackendSymSessionInfo *info,
	39	struct virtio_crypto_cipher_session_para *cipher_para,
	40	struct iovec *iov, unsigned int out_num)
	41	{
	42	VirtIOCrypto *vcrypto = VIRTIO_CRYPTO(vdev);
	43	unsigned int num = *out_num;
	44
	45	info->cipher_alg = ldl_le_p(&cipher_para->algo);
	46	info->key_len = ldl_le_p(&cipher_para->keylen);
	47	info->direction = ldl_le_p(&cipher_para->op);
	48	DPRINTF("cipher_alg=%" PRIu32 ", info->direction=%" PRIu32 "\n",
	49	info->cipher_alg, info->direction);
	50
	51	if (info->key_len > vcrypto->conf.max_cipher_key_len) {
	52	error_report("virtio-crypto length of cipher key is too big: %u",
	53	info->key_len);
	54	return -VIRTIO_CRYPTO_ERR;
	55	}
	56	/* Get cipher key */
	57	if (info->key_len > 0) {
	58	size_t s;
	59	DPRINTF("keylen=%" PRIu32 "\n", info->key_len);
	60
	61	info->cipher_key = g_malloc(info->key_len);
	62	s = iov_to_buf(*iov, num, 0, info->cipher_key, info->key_len);
	63	if (unlikely(s != info->key_len)) {
	64	virtio_error(vdev, "virtio-crypto cipher key incorrect");
	65	return -EFAULT;
	66	}
	67	iov_discard_front(iov, &num, info->key_len);
	68	*out_num = num;
	69	}
	70
	71	return 0;
	72	}
	73
	74	static int64_t
	75	virtio_crypto_create_sym_session(VirtIOCrypto *vcrypto,
	76	struct virtio_crypto_sym_create_session_req *sess_req,
	77	uint32_t queue_id,
	78	uint32_t opcode,
	79	struct iovec *iov, unsigned int out_num)
	80	{
	81	VirtIODevice *vdev = VIRTIO_DEVICE(vcrypto);
	82	CryptoDevBackendSymSessionInfo info;
	83	int64_t session_id;
	84	int queue_index;
	85	uint32_t op_type;
	86	Error *local_err = NULL;
	87	int ret;
	88
	89	memset(&info, 0, sizeof(info));
90	op_type = ldl_le_p(&sess_req->op_type);
91	info.op_type = op_type;
92	info.op_code = opcode;
93
94	if (op_type == VIRTIO_CRYPTO_SYM_OP_CIPHER) {
95	ret = virtio_crypto_cipher_session_helper(vdev, &info,
96	&sess_req->u.cipher.para,
97	&iov, &out_num);
98	if (ret < 0) {
99	goto err;
100	}
101	} else if (op_type == VIRTIO_CRYPTO_SYM_OP_ALGORITHM_CHAINING) {
102	size_t s;
103	/* cipher part */
104	ret = virtio_crypto_cipher_session_helper(vdev, &info,
105	&sess_req->u.chain.para.cipher_param,
106	&iov, &out_num);
107	if (ret < 0) {
108	goto err;
109	}
110	/* hash part */
111	info.alg_chain_order = ldl_le_p(
112	&sess_req->u.chain.para.alg_chain_order);
113	info.add_len = ldl_le_p(&sess_req->u.chain.para.aad_len);
114	info.hash_mode = ldl_le_p(&sess_req->u.chain.para.hash_mode);
115	if (info.hash_mode == VIRTIO_CRYPTO_SYM_HASH_MODE_AUTH) {
116	info.hash_alg = ldl_le_p(&sess_req->u.chain.para.u.mac_param.algo);
117	info.auth_key_len = ldl_le_p(
118	&sess_req->u.chain.para.u.mac_param.auth_key_len);
119	info.hash_result_len = ldl_le_p(
120	&sess_req->u.chain.para.u.mac_param.hash_result_len);
121	if (info.auth_key_len > vcrypto->conf.max_auth_key_len) {
122	error_report("virtio-crypto length of auth key is too big: %u",
123	info.auth_key_len);
124	ret = -VIRTIO_CRYPTO_ERR;
125	goto err;
126	}
127	/* get auth key */
128	if (info.auth_key_len > 0) {
129	DPRINTF("auth_keylen=%" PRIu32 "\n", info.auth_key_len);
130	info.auth_key = g_malloc(info.auth_key_len);
131	s = iov_to_buf(iov, out_num, 0, info.auth_key,
132	info.auth_key_len);
133	if (unlikely(s != info.auth_key_len)) {
134	virtio_error(vdev,
135	"virtio-crypto authenticated key incorrect");
136	ret = -EFAULT;
137	goto err;
138	}
139	iov_discard_front(&iov, &out_num, info.auth_key_len);
140	}
141	} else if (info.hash_mode == VIRTIO_CRYPTO_SYM_HASH_MODE_PLAIN) {
142	info.hash_alg = ldl_le_p(
143	&sess_req->u.chain.para.u.hash_param.algo);
144	info.hash_result_len = ldl_le_p(
145	&sess_req->u.chain.para.u.hash_param.hash_result_len);
146	} else {
147	/* VIRTIO_CRYPTO_SYM_HASH_MODE_NESTED */
148	error_report("unsupported hash mode");
149	ret = -VIRTIO_CRYPTO_NOTSUPP;
150	goto err;
151	}
152	} else {
153	/* VIRTIO_CRYPTO_SYM_OP_NONE */
154	error_report("unsupported cipher op_type: VIRTIO_CRYPTO_SYM_OP_NONE");
155	ret = -VIRTIO_CRYPTO_NOTSUPP;
156	goto err;
157	}
158
159	queue_index = virtio_crypto_vq2q(queue_id);
160	session_id = cryptodev_backend_sym_create_session(
161	vcrypto->cryptodev,
162	&info, queue_index, &local_err);
163	if (session_id >= 0) {
164	DPRINTF("create session_id=%" PRIu64 " successfully\n",
165	session_id);
166
167	ret = session_id;
168	} else {
169	if (local_err) {
170	error_report_err(local_err);
171	}
172	ret = -VIRTIO_CRYPTO_ERR;
173	}
174
175	err:
176	g_free(info.cipher_key);
177	g_free(info.auth_key);
178	return ret;
179	}
180
181	static uint8_t
182	virtio_crypto_handle_close_session(VirtIOCrypto *vcrypto,
183	struct virtio_crypto_destroy_session_req *close_sess_req,
184	uint32_t queue_id)
185	{
186	int ret;
187	uint64_t session_id;
188	uint32_t status;
189	Error *local_err = NULL;
190
191	session_id = ldq_le_p(&close_sess_req->session_id);
192	DPRINTF("close session, id=%" PRIu64 "\n", session_id);
193
194	ret = cryptodev_backend_sym_close_session(
195	vcrypto->cryptodev, session_id, queue_id, &local_err);
196	if (ret == 0) {
197	status = VIRTIO_CRYPTO_OK;
198	} else {
199	if (local_err) {
200	error_report_err(local_err);
201	} else {
202	error_report("destroy session failed");
203	}
204	status = VIRTIO_CRYPTO_ERR;
205	}
206
207	return status;
208	}
209
210	static void virtio_crypto_handle_ctrl(VirtIODevice vdev, VirtQueue vq)
211	{
212	VirtIOCrypto *vcrypto = VIRTIO_CRYPTO(vdev);
213	struct virtio_crypto_op_ctrl_req ctrl;
214	VirtQueueElement *elem;
215	struct iovec *in_iov;
216	struct iovec *out_iov;
217	unsigned in_num;
218	unsigned out_num;
219	uint32_t queue_id;
220	uint32_t opcode;
221	struct virtio_crypto_session_input input;
222	int64_t session_id;
223	uint8_t status;
224	size_t s;
225
226	for (;;) {
227	elem = virtqueue_pop(vq, sizeof(VirtQueueElement));
228	if (!elem) {
229	break;
230	}
231	if (elem->out_num < 1 \|\| elem->in_num < 1) {
232	virtio_error(vdev, "virtio-crypto ctrl missing headers");
233	virtqueue_detach_element(vq, elem, 0);
234	g_free(elem);
235	break;
236	}
237
238	out_num = elem->out_num;
239	out_iov = elem->out_sg;
240	in_num = elem->in_num;
241	in_iov = elem->in_sg;
242	if (unlikely(iov_to_buf(out_iov, out_num, 0, &ctrl, sizeof(ctrl))
243	!= sizeof(ctrl))) {
244	virtio_error(vdev, "virtio-crypto request ctrl_hdr too short");
245	virtqueue_detach_element(vq, elem, 0);
246	g_free(elem);
247	break;
248	}
249	iov_discard_front(&out_iov, &out_num, sizeof(ctrl));
250
251	opcode = ldl_le_p(&ctrl.header.opcode);
252	queue_id = ldl_le_p(&ctrl.header.queue_id);
253
254	switch (opcode) {
255	case VIRTIO_CRYPTO_CIPHER_CREATE_SESSION:
256	memset(&input, 0, sizeof(input));
257	session_id = virtio_crypto_create_sym_session(vcrypto,
258	&ctrl.u.sym_create_session,
259	queue_id, opcode,
260	out_iov, out_num);
261	/* Serious errors, need to reset virtio crypto device */
262	if (session_id == -EFAULT) {
263	virtqueue_detach_element(vq, elem, 0);
264	break;
265	} else if (session_id == -VIRTIO_CRYPTO_NOTSUPP) {
266	stl_le_p(&input.status, VIRTIO_CRYPTO_NOTSUPP);
267	} else if (session_id == -VIRTIO_CRYPTO_ERR) {
268	stl_le_p(&input.status, VIRTIO_CRYPTO_ERR);
269	} else {
270	/* Set the session id */
271	stq_le_p(&input.session_id, session_id);
272	stl_le_p(&input.status, VIRTIO_CRYPTO_OK);
273	}
274
275	s = iov_from_buf(in_iov, in_num, 0, &input, sizeof(input));
276	if (unlikely(s != sizeof(input))) {
277	virtio_error(vdev, "virtio-crypto input incorrect");
278	virtqueue_detach_element(vq, elem, 0);
279	break;
280	}
281	virtqueue_push(vq, elem, sizeof(input));
282	virtio_notify(vdev, vq);
283	break;
284	case VIRTIO_CRYPTO_CIPHER_DESTROY_SESSION:
285	case VIRTIO_CRYPTO_HASH_DESTROY_SESSION:
286	case VIRTIO_CRYPTO_MAC_DESTROY_SESSION:
287	case VIRTIO_CRYPTO_AEAD_DESTROY_SESSION:
288	status = virtio_crypto_handle_close_session(vcrypto,
289	&ctrl.u.destroy_session, queue_id);
290	/* The status only occupy one byte, we can directly use it */
291	s = iov_from_buf(in_iov, in_num, 0, &status, sizeof(status));
292	if (unlikely(s != sizeof(status))) {
293	virtio_error(vdev, "virtio-crypto status incorrect");
294	virtqueue_detach_element(vq, elem, 0);
295	break;
296	}
297	virtqueue_push(vq, elem, sizeof(status));
298	virtio_notify(vdev, vq);
299	break;
300	case VIRTIO_CRYPTO_HASH_CREATE_SESSION:
301	case VIRTIO_CRYPTO_MAC_CREATE_SESSION:
302	case VIRTIO_CRYPTO_AEAD_CREATE_SESSION:
303	default:
304	error_report("virtio-crypto unsupported ctrl opcode: %d", opcode);
305	memset(&input, 0, sizeof(input));
306	stl_le_p(&input.status, VIRTIO_CRYPTO_NOTSUPP);
307	s = iov_from_buf(in_iov, in_num, 0, &input, sizeof(input));
308	if (unlikely(s != sizeof(input))) {
309	virtio_error(vdev, "virtio-crypto input incorrect");
310	virtqueue_detach_element(vq, elem, 0);
311	break;
312	}
313	virtqueue_push(vq, elem, sizeof(input));
314	virtio_notify(vdev, vq);
315
316	break;
317	} /* end switch case */
318
319	g_free(elem);
320	} /* end for loop */
321	}
322
ea4d8ac2 GA	323	static uint64_t virtio_crypto_get_features(VirtIODevice *vdev,
	324	uint64_t features,
	325	Error **errp)
	326	{
	327	return features;
	328	}
	329
	330	static void virtio_crypto_reset(VirtIODevice *vdev)
	331	{
	332	VirtIOCrypto *vcrypto = VIRTIO_CRYPTO(vdev);
	333	/* multiqueue is disabled by default */
	334	vcrypto->curr_queues = 1;
	335	if (!vcrypto->cryptodev->ready) {
	336	vcrypto->status &= ~VIRTIO_CRYPTO_S_HW_READY;
	337	} else {
	338	vcrypto->status \|= VIRTIO_CRYPTO_S_HW_READY;
	339	}
	340	}
	341
050652d9 GA	342	static void virtio_crypto_init_config(VirtIODevice *vdev)
	343	{
	344	VirtIOCrypto *vcrypto = VIRTIO_CRYPTO(vdev);
	345
	346	vcrypto->conf.crypto_services =
	347	vcrypto->conf.cryptodev->conf.crypto_services;
	348	vcrypto->conf.cipher_algo_l =
	349	vcrypto->conf.cryptodev->conf.cipher_algo_l;
	350	vcrypto->conf.cipher_algo_h =
	351	vcrypto->conf.cryptodev->conf.cipher_algo_h;
	352	vcrypto->conf.hash_algo = vcrypto->conf.cryptodev->conf.hash_algo;
	353	vcrypto->conf.mac_algo_l = vcrypto->conf.cryptodev->conf.mac_algo_l;
	354	vcrypto->conf.mac_algo_h = vcrypto->conf.cryptodev->conf.mac_algo_h;
	355	vcrypto->conf.aead_algo = vcrypto->conf.cryptodev->conf.aead_algo;
	356	vcrypto->conf.max_cipher_key_len =
	357	vcrypto->conf.cryptodev->conf.max_cipher_key_len;
	358	vcrypto->conf.max_auth_key_len =
	359	vcrypto->conf.cryptodev->conf.max_auth_key_len;
	360	vcrypto->conf.max_size = vcrypto->conf.cryptodev->conf.max_size;
	361	}
	362
ea4d8ac2 GA	363	static void virtio_crypto_device_realize(DeviceState dev, Error *errp)
	364	{
	365	VirtIODevice *vdev = VIRTIO_DEVICE(dev);
	366	VirtIOCrypto *vcrypto = VIRTIO_CRYPTO(dev);
	367	int i;
	368
	369	vcrypto->cryptodev = vcrypto->conf.cryptodev;
	370	if (vcrypto->cryptodev == NULL) {
	371	error_setg(errp, "'cryptodev' parameter expects a valid object");
	372	return;
	373	}
	374
	375	vcrypto->max_queues = MAX(vcrypto->cryptodev->conf.peers.queues, 1);
	376	if (vcrypto->max_queues + 1 > VIRTIO_QUEUE_MAX) {
	377	error_setg(errp, "Invalid number of queues (= %" PRIu32 "), "
	378	"must be a postive integer less than %d.",
	379	vcrypto->max_queues, VIRTIO_QUEUE_MAX);
	380	return;
	381	}
	382
	383	virtio_init(vdev, "virtio-crypto", VIRTIO_ID_CRYPTO, vcrypto->config_size);
	384	vcrypto->curr_queues = 1;
	385
	386	for (i = 0; i < vcrypto->max_queues; i++) {
	387	virtio_add_queue(vdev, 1024, NULL);
	388	}
	389
59c360ca	390	vcrypto->ctrl_vq = virtio_add_queue(vdev, 64, virtio_crypto_handle_ctrl);
ea4d8ac2 GA	391	if (!vcrypto->cryptodev->ready) {
	392	vcrypto->status &= ~VIRTIO_CRYPTO_S_HW_READY;
	393	} else {
	394	vcrypto->status \|= VIRTIO_CRYPTO_S_HW_READY;
	395	}
050652d9 GA	396
050652d9 GA	397	virtio_crypto_init_config(vdev);
ea4d8ac2 GA	398	}
	399
	400	static void virtio_crypto_device_unrealize(DeviceState dev, Error *errp)
	401	{
	402	VirtIODevice *vdev = VIRTIO_DEVICE(dev);
	403
	404	virtio_cleanup(vdev);
	405	}
	406
	407	static const VMStateDescription vmstate_virtio_crypto = {
	408	.name = "virtio-crypto",
	409	.minimum_version_id = VIRTIO_CRYPTO_VM_VERSION,
	410	.version_id = VIRTIO_CRYPTO_VM_VERSION,
	411	.fields = (VMStateField[]) {
	412	VMSTATE_VIRTIO_DEVICE,
	413	VMSTATE_END_OF_LIST()
	414	},
	415	};
	416
	417	static Property virtio_crypto_properties[] = {
	418	DEFINE_PROP_END_OF_LIST(),
	419	};
	420
	421	static void virtio_crypto_get_config(VirtIODevice vdev, uint8_t config)
	422	{
050652d9 GA	423	VirtIOCrypto *c = VIRTIO_CRYPTO(vdev);
	424	struct virtio_crypto_config crypto_cfg;
	425
	426	/*
	427	* Virtio-crypto device conforms to VIRTIO 1.0 which is always LE,
	428	* so we can use LE accessors directly.
	429	*/
	430	stl_le_p(&crypto_cfg.status, c->status);
	431	stl_le_p(&crypto_cfg.max_dataqueues, c->max_queues);
	432	stl_le_p(&crypto_cfg.crypto_services, c->conf.crypto_services);
	433	stl_le_p(&crypto_cfg.cipher_algo_l, c->conf.cipher_algo_l);
	434	stl_le_p(&crypto_cfg.cipher_algo_h, c->conf.cipher_algo_h);
	435	stl_le_p(&crypto_cfg.hash_algo, c->conf.hash_algo);
	436	stl_le_p(&crypto_cfg.mac_algo_l, c->conf.mac_algo_l);
	437	stl_le_p(&crypto_cfg.mac_algo_h, c->conf.mac_algo_h);
	438	stl_le_p(&crypto_cfg.aead_algo, c->conf.aead_algo);
	439	stl_le_p(&crypto_cfg.max_cipher_key_len, c->conf.max_cipher_key_len);
	440	stl_le_p(&crypto_cfg.max_auth_key_len, c->conf.max_auth_key_len);
	441	stq_le_p(&crypto_cfg.max_size, c->conf.max_size);
	442
	443	memcpy(config, &crypto_cfg, c->config_size);
ea4d8ac2 GA	444	}
	445
	446	static void virtio_crypto_class_init(ObjectClass klass, void data)
	447	{
	448	DeviceClass *dc = DEVICE_CLASS(klass);
	449	VirtioDeviceClass *vdc = VIRTIO_DEVICE_CLASS(klass);
	450
	451	dc->props = virtio_crypto_properties;
	452	dc->vmsd = &vmstate_virtio_crypto;
	453	set_bit(DEVICE_CATEGORY_MISC, dc->categories);
	454	vdc->realize = virtio_crypto_device_realize;
	455	vdc->unrealize = virtio_crypto_device_unrealize;
	456	vdc->get_config = virtio_crypto_get_config;
	457	vdc->get_features = virtio_crypto_get_features;
	458	vdc->reset = virtio_crypto_reset;
	459	}
	460
	461	static void virtio_crypto_instance_init(Object *obj)
	462	{
	463	VirtIOCrypto *vcrypto = VIRTIO_CRYPTO(obj);
	464
	465	/*
	466	* The default config_size is sizeof(struct virtio_crypto_config).
	467	* Can be overriden with virtio_crypto_set_config_size.
	468	*/
	469	vcrypto->config_size = sizeof(struct virtio_crypto_config);
	470
	471	object_property_add_link(obj, "cryptodev",
	472	TYPE_CRYPTODEV_BACKEND,
	473	(Object **)&vcrypto->conf.cryptodev,
	474	qdev_prop_allow_set_link_before_realize,
	475	OBJ_PROP_LINK_UNREF_ON_RELEASE, NULL);
	476	}
	477
	478	static const TypeInfo virtio_crypto_info = {
	479	.name = TYPE_VIRTIO_CRYPTO,
	480	.parent = TYPE_VIRTIO_DEVICE,
	481	.instance_size = sizeof(VirtIOCrypto),
	482	.instance_init = virtio_crypto_instance_init,
	483	.class_init = virtio_crypto_class_init,
	484	};
	485
	486	static void virtio_register_types(void)
	487	{
	488	type_register_static(&virtio_crypto_info);
	489	}
	490
	491	type_init(virtio_register_types)