/*
* QEMU Crypto af_alg-backend hash/hmac support
*
* Copyright (c) 2024 Seagate Technology LLC and/or its Affiliates
* Copyright (c) 2017 HUAWEI TECHNOLOGIES CO., LTD.
*
* Authors:
* Longpeng(Mike) <longpeng2@huawei.com>
*
* This work is licensed under the terms of the GNU GPL, version 2 or
* (at your option) any later version. See the COPYING file in the
* top-level directory.
*/
#include "qemu/osdep.h"
#include "qemu/iov.h"
#include "qemu/sockets.h"
#include "qapi/error.h"
#include "crypto/hash.h"
#include "crypto/hmac.h"
#include "hashpriv.h"
#include "hmacpriv.h"
static char *
qcrypto_afalg_hash_format_name(QCryptoHashAlgo alg,
bool is_hmac,
Error **errp)
{
char *name;
const char *alg_name;
switch (alg) {
case QCRYPTO_HASH_ALGO_MD5:
alg_name = "md5";
break;
case QCRYPTO_HASH_ALGO_SHA1:
alg_name = "sha1";
break;
case QCRYPTO_HASH_ALGO_SHA224:
alg_name = "sha224";
break;
case QCRYPTO_HASH_ALGO_SHA256:
alg_name = "sha256";
break;
case QCRYPTO_HASH_ALGO_SHA384:
alg_name = "sha384";
break;
case QCRYPTO_HASH_ALGO_SHA512:
alg_name = "sha512";
break;
case QCRYPTO_HASH_ALGO_RIPEMD160:
alg_name = "rmd160";
break;
default:
error_setg(errp, "Unsupported hash algorithm %d", alg);
return NULL;
}
if (is_hmac) {
name = g_strdup_printf("hmac(%s)", alg_name);
} else {
name = g_strdup_printf("%s", alg_name);
}
return name;
}
static QCryptoAFAlgo *
qcrypto_afalg_hash_hmac_ctx_new(QCryptoHashAlgo alg,
const uint8_t *key, size_t nkey,
bool is_hmac, Error **errp)
{
QCryptoAFAlgo *afalg;
char *name;
name = qcrypto_afalg_hash_format_name(alg, is_hmac, errp);
if (!name) {
return NULL;
}
afalg = qcrypto_afalg_comm_alloc(AFALG_TYPE_HASH, name, errp);
if (!afalg) {
g_free(name);
return NULL;
}
g_free(name);
/* HMAC needs setkey */
if (is_hmac) {
if (setsockopt(afalg->tfmfd, SOL_ALG, ALG_SET_KEY,
key, nkey) != 0) {
error_setg_errno(errp, errno, "Set hmac key failed");
qcrypto_afalg_comm_free(afalg);
return NULL;
}
}
return afalg;
}
static QCryptoAFAlgo *
qcrypto_afalg_hash_ctx_new(QCryptoHashAlgo alg,
Error **errp)
{
return qcrypto_afalg_hash_hmac_ctx_new(alg, NULL, 0, false, errp);
}
QCryptoAFAlgo *
qcrypto_afalg_hmac_ctx_new(QCryptoHashAlgo alg,
const uint8_t *key, size_t nkey,
Error **errp)
{
return qcrypto_afalg_hash_hmac_ctx_new(alg, key, nkey, true, errp);
}
static
QCryptoHash *qcrypto_afalg_hash_new(QCryptoHashAlgo alg, Error **errp)
{
/* Check if hash algorithm is supported */
char *alg_name = qcrypto_afalg_hash_format_name(alg, false, NULL);
QCryptoHash *hash;
if (alg_name == NULL) {
error_setg(errp, "Unknown hash algorithm %d", alg);
return NULL;
}
g_free(alg_name);
hash = g_new(QCryptoHash, 1);
hash->alg = alg;
hash->opaque = qcrypto_afalg_hash_ctx_new(alg, errp);
if (!hash->opaque) {
free(hash);
return NULL;
}
return hash;
}
static
void qcrypto_afalg_hash_free(QCryptoHash *hash)
{
QCryptoAFAlgo *ctx = hash->opaque;
if (ctx) {
qcrypto_afalg_comm_free(ctx);
}
g_free(hash);
}
/**
* Send data to the kernel's crypto core.
*
* The more_data parameter is used to notify the crypto engine
* that this is an "update" operation, and that more data will
* be provided to calculate the final hash.
*/
static
int qcrypto_afalg_send_to_kernel(QCryptoAFAlgo *afalg,
const struct iovec *iov,
size_t niov,
bool more_data,
Error **errp)
{
int ret = 0;
int flags = (more_data ? MSG_MORE : 0);
/* send data to kernel's crypto core */
ret = iov_send_recv_with_flags(afalg->opfd, flags, iov, niov,
0, iov_size(iov, niov), true);
if (ret < 0) {
error_setg_errno(errp, errno, "Send data to afalg-core failed");
ret = -1;
} else {
/* No error, so return 0 */
ret = 0;
}
return ret;
}
static
int qcrypto_afalg_recv_from_kernel(QCryptoAFAlgo *afalg,
QCryptoHashAlgo alg,
uint8_t **result,
size_t *result_len,
Error **errp)
{
struct iovec outv;
int ret;
const int expected_len = qcrypto_hash_digest_len(alg);
if (*result_len == 0) {
*result_len = expected_len;
*result = g_new0(uint8_t, *result_len);
} else if (*result_len != expected_len) {
error_setg(errp,
"Result buffer size %zu is not match hash %d",
*result_len, expected_len);
return -1;
}
/* hash && get result */
outv.iov_base = *result;
outv.iov_len = *result_len;
ret = iov_send_recv(afalg->opfd, &outv, 1,
0, iov_size(&outv, 1), false);
if (ret < 0) {
error_setg_errno(errp, errno, "Recv result from afalg-core failed");
return -1;
}
return 0;
}
static
int qcrypto_afalg_hash_update(QCryptoHash *hash,
const struct iovec *iov,
size_t niov,
Error **errp)
{
return qcrypto_afalg_send_to_kernel((QCryptoAFAlgo *) hash->opaque,
iov, niov, true, errp);
}
static
int qcrypto_afalg_hash_finalize(QCryptoHash *hash,
uint8_t **result,
size_t *result_len,
Error **errp)
{
return qcrypto_afalg_recv_from_kernel((QCryptoAFAlgo *) hash->opaque,
hash->alg, result, result_len, errp);
}
static int
qcrypto_afalg_hash_hmac_bytesv(QCryptoAFAlgo *hmac,
QCryptoHashAlgo alg,
const struct iovec *iov,
size_t niov, uint8_t **result,
size_t *resultlen,
Error **errp)
{
int ret = 0;
ret = qcrypto_afalg_send_to_kernel(hmac, iov, niov, false, errp);
if (ret == 0) {
ret = qcrypto_afalg_recv_from_kernel(hmac, alg, result,
resultlen, errp);
}
return ret;
}
static int
qcrypto_afalg_hmac_bytesv(QCryptoHmac *hmac,
const struct iovec *iov,
size_t niov, uint8_t **result,
size_t *resultlen,
Error **errp)
{
return qcrypto_afalg_hash_hmac_bytesv(hmac->opaque, hmac->alg,
iov, niov, result, resultlen,
errp);
}
static void qcrypto_afalg_hmac_ctx_free(QCryptoHmac *hmac)
{
QCryptoAFAlgo *afalg;
afalg = hmac->opaque;
qcrypto_afalg_comm_free(afalg);
}
QCryptoHashDriver qcrypto_hash_afalg_driver = {
.hash_new = qcrypto_afalg_hash_new,
.hash_free = qcrypto_afalg_hash_free,
.hash_update = qcrypto_afalg_hash_update,
.hash_finalize = qcrypto_afalg_hash_finalize
};
QCryptoHmacDriver qcrypto_hmac_afalg_driver = {
.hmac_bytesv = qcrypto_afalg_hmac_bytesv,
.hmac_free = qcrypto_afalg_hmac_ctx_free,
};