1 /* 2 * QEMU Cryptodev backend for QEMU cipher APIs 3 * 4 * Copyright (c) 2016 HUAWEI TECHNOLOGIES CO., LTD. 5 * 6 * Authors: 7 * Gonglei <arei.gonglei@huawei.com> 8 * 9 * This library is free software; you can redistribute it and/or 10 * modify it under the terms of the GNU Lesser General Public 11 * License as published by the Free Software Foundation; either 12 * version 2 of the License, or (at your option) any later version. 13 * 14 * This library is distributed in the hope that it will be useful, 15 * but WITHOUT ANY WARRANTY; without even the implied warranty of 16 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU 17 * Lesser General Public License for more details. 18 * 19 * You should have received a copy of the GNU Lesser General Public 20 * License along with this library; if not, see <http://www.gnu.org/licenses/>. 21 * 22 */ 23 24 #include "qemu/osdep.h" 25 #include "sysemu/cryptodev.h" 26 #include "qapi/error.h" 27 #include "standard-headers/linux/virtio_crypto.h" 28 #include "crypto/cipher.h" 29 30 31 /** 32 * @TYPE_CRYPTODEV_BACKEND_BUILTIN: 33 * name of backend that uses QEMU cipher API 34 */ 35 #define TYPE_CRYPTODEV_BACKEND_BUILTIN "cryptodev-backend-builtin" 36 37 #define CRYPTODEV_BACKEND_BUILTIN(obj) \ 38 OBJECT_CHECK(CryptoDevBackendBuiltin, \ 39 (obj), TYPE_CRYPTODEV_BACKEND_BUILTIN) 40 41 typedef struct CryptoDevBackendBuiltin 42 CryptoDevBackendBuiltin; 43 44 typedef struct CryptoDevBackendBuiltinSession { 45 QCryptoCipher *cipher; 46 uint8_t direction; /* encryption or decryption */ 47 uint8_t type; /* cipher? hash? aead? */ 48 QTAILQ_ENTRY(CryptoDevBackendBuiltinSession) next; 49 } CryptoDevBackendBuiltinSession; 50 51 /* Max number of symmetric sessions */ 52 #define MAX_NUM_SESSIONS 256 53 54 #define CRYPTODEV_BUITLIN_MAX_AUTH_KEY_LEN 512 55 #define CRYPTODEV_BUITLIN_MAX_CIPHER_KEY_LEN 64 56 57 struct CryptoDevBackendBuiltin { 58 CryptoDevBackend parent_obj; 59 60 CryptoDevBackendBuiltinSession *sessions[MAX_NUM_SESSIONS]; 61 }; 62 63 static void cryptodev_builtin_init( 64 CryptoDevBackend *backend, Error **errp) 65 { 66 /* Only support one queue */ 67 int queues = backend->conf.peers.queues; 68 CryptoDevBackendClient *cc; 69 70 if (queues != 1) { 71 error_setg(errp, 72 "Only support one queue in cryptdov-builtin backend"); 73 return; 74 } 75 76 cc = cryptodev_backend_new_client( 77 "cryptodev-builtin", NULL); 78 cc->info_str = g_strdup_printf("cryptodev-builtin0"); 79 cc->queue_index = 0; 80 cc->type = CRYPTODEV_BACKEND_TYPE_BUILTIN; 81 backend->conf.peers.ccs[0] = cc; 82 83 backend->conf.crypto_services = 84 1u << VIRTIO_CRYPTO_SERVICE_CIPHER | 85 1u << VIRTIO_CRYPTO_SERVICE_HASH | 86 1u << VIRTIO_CRYPTO_SERVICE_MAC; 87 backend->conf.cipher_algo_l = 1u << VIRTIO_CRYPTO_CIPHER_AES_CBC; 88 backend->conf.hash_algo = 1u << VIRTIO_CRYPTO_HASH_SHA1; 89 /* 90 * Set the Maximum length of crypto request. 91 * Why this value? Just avoid to overflow when 92 * memory allocation for each crypto request. 93 */ 94 backend->conf.max_size = LONG_MAX - sizeof(CryptoDevBackendSymOpInfo); 95 backend->conf.max_cipher_key_len = CRYPTODEV_BUITLIN_MAX_CIPHER_KEY_LEN; 96 backend->conf.max_auth_key_len = CRYPTODEV_BUITLIN_MAX_AUTH_KEY_LEN; 97 98 cryptodev_backend_set_ready(backend, true); 99 } 100 101 static int 102 cryptodev_builtin_get_unused_session_index( 103 CryptoDevBackendBuiltin *builtin) 104 { 105 size_t i; 106 107 for (i = 0; i < MAX_NUM_SESSIONS; i++) { 108 if (builtin->sessions[i] == NULL) { 109 return i; 110 } 111 } 112 113 return -1; 114 } 115 116 #define AES_KEYSIZE_128 16 117 #define AES_KEYSIZE_192 24 118 #define AES_KEYSIZE_256 32 119 #define AES_KEYSIZE_128_XTS AES_KEYSIZE_256 120 #define AES_KEYSIZE_256_XTS 64 121 122 static int 123 cryptodev_builtin_get_aes_algo(uint32_t key_len, int mode, Error **errp) 124 { 125 int algo; 126 127 if (key_len == AES_KEYSIZE_128) { 128 algo = QCRYPTO_CIPHER_ALG_AES_128; 129 } else if (key_len == AES_KEYSIZE_192) { 130 algo = QCRYPTO_CIPHER_ALG_AES_192; 131 } else if (key_len == AES_KEYSIZE_256) { /* equals AES_KEYSIZE_128_XTS */ 132 if (mode == QCRYPTO_CIPHER_MODE_XTS) { 133 algo = QCRYPTO_CIPHER_ALG_AES_128; 134 } else { 135 algo = QCRYPTO_CIPHER_ALG_AES_256; 136 } 137 } else if (key_len == AES_KEYSIZE_256_XTS) { 138 if (mode == QCRYPTO_CIPHER_MODE_XTS) { 139 algo = QCRYPTO_CIPHER_ALG_AES_256; 140 } else { 141 goto err; 142 } 143 } else { 144 goto err; 145 } 146 147 return algo; 148 149 err: 150 error_setg(errp, "Unsupported key length :%u", key_len); 151 return -1; 152 } 153 154 static int cryptodev_builtin_create_cipher_session( 155 CryptoDevBackendBuiltin *builtin, 156 CryptoDevBackendSymSessionInfo *sess_info, 157 Error **errp) 158 { 159 int algo; 160 int mode; 161 QCryptoCipher *cipher; 162 int index; 163 CryptoDevBackendBuiltinSession *sess; 164 165 if (sess_info->op_type != VIRTIO_CRYPTO_SYM_OP_CIPHER) { 166 error_setg(errp, "Unsupported optype :%u", sess_info->op_type); 167 return -1; 168 } 169 170 index = cryptodev_builtin_get_unused_session_index(builtin); 171 if (index < 0) { 172 error_setg(errp, "Total number of sessions created exceeds %u", 173 MAX_NUM_SESSIONS); 174 return -1; 175 } 176 177 switch (sess_info->cipher_alg) { 178 case VIRTIO_CRYPTO_CIPHER_AES_ECB: 179 mode = QCRYPTO_CIPHER_MODE_ECB; 180 algo = cryptodev_builtin_get_aes_algo(sess_info->key_len, 181 mode, errp); 182 if (algo < 0) { 183 return -1; 184 } 185 break; 186 case VIRTIO_CRYPTO_CIPHER_AES_CBC: 187 mode = QCRYPTO_CIPHER_MODE_CBC; 188 algo = cryptodev_builtin_get_aes_algo(sess_info->key_len, 189 mode, errp); 190 if (algo < 0) { 191 return -1; 192 } 193 break; 194 case VIRTIO_CRYPTO_CIPHER_AES_CTR: 195 mode = QCRYPTO_CIPHER_MODE_CTR; 196 algo = cryptodev_builtin_get_aes_algo(sess_info->key_len, 197 mode, errp); 198 if (algo < 0) { 199 return -1; 200 } 201 break; 202 case VIRTIO_CRYPTO_CIPHER_AES_XTS: 203 mode = QCRYPTO_CIPHER_MODE_XTS; 204 algo = cryptodev_builtin_get_aes_algo(sess_info->key_len, 205 mode, errp); 206 if (algo < 0) { 207 return -1; 208 } 209 break; 210 case VIRTIO_CRYPTO_CIPHER_3DES_ECB: 211 mode = QCRYPTO_CIPHER_MODE_ECB; 212 algo = QCRYPTO_CIPHER_ALG_3DES; 213 break; 214 case VIRTIO_CRYPTO_CIPHER_3DES_CBC: 215 mode = QCRYPTO_CIPHER_MODE_CBC; 216 algo = QCRYPTO_CIPHER_ALG_3DES; 217 break; 218 case VIRTIO_CRYPTO_CIPHER_3DES_CTR: 219 mode = QCRYPTO_CIPHER_MODE_CTR; 220 algo = QCRYPTO_CIPHER_ALG_3DES; 221 break; 222 default: 223 error_setg(errp, "Unsupported cipher alg :%u", 224 sess_info->cipher_alg); 225 return -1; 226 } 227 228 cipher = qcrypto_cipher_new(algo, mode, 229 sess_info->cipher_key, 230 sess_info->key_len, 231 errp); 232 if (!cipher) { 233 return -1; 234 } 235 236 sess = g_new0(CryptoDevBackendBuiltinSession, 1); 237 sess->cipher = cipher; 238 sess->direction = sess_info->direction; 239 sess->type = sess_info->op_type; 240 241 builtin->sessions[index] = sess; 242 243 return index; 244 } 245 246 static int64_t cryptodev_builtin_sym_create_session( 247 CryptoDevBackend *backend, 248 CryptoDevBackendSymSessionInfo *sess_info, 249 uint32_t queue_index, Error **errp) 250 { 251 CryptoDevBackendBuiltin *builtin = 252 CRYPTODEV_BACKEND_BUILTIN(backend); 253 int64_t session_id = -1; 254 int ret; 255 256 switch (sess_info->op_code) { 257 case VIRTIO_CRYPTO_CIPHER_CREATE_SESSION: 258 ret = cryptodev_builtin_create_cipher_session( 259 builtin, sess_info, errp); 260 if (ret < 0) { 261 return ret; 262 } else { 263 session_id = ret; 264 } 265 break; 266 case VIRTIO_CRYPTO_HASH_CREATE_SESSION: 267 case VIRTIO_CRYPTO_MAC_CREATE_SESSION: 268 default: 269 error_setg(errp, "Unsupported opcode :%" PRIu32 "", 270 sess_info->op_code); 271 return -1; 272 } 273 274 return session_id; 275 } 276 277 static int cryptodev_builtin_sym_close_session( 278 CryptoDevBackend *backend, 279 uint64_t session_id, 280 uint32_t queue_index, Error **errp) 281 { 282 CryptoDevBackendBuiltin *builtin = 283 CRYPTODEV_BACKEND_BUILTIN(backend); 284 285 assert(session_id < MAX_NUM_SESSIONS && builtin->sessions[session_id]); 286 287 qcrypto_cipher_free(builtin->sessions[session_id]->cipher); 288 g_free(builtin->sessions[session_id]); 289 builtin->sessions[session_id] = NULL; 290 return 0; 291 } 292 293 static int cryptodev_builtin_sym_operation( 294 CryptoDevBackend *backend, 295 CryptoDevBackendSymOpInfo *op_info, 296 uint32_t queue_index, Error **errp) 297 { 298 CryptoDevBackendBuiltin *builtin = 299 CRYPTODEV_BACKEND_BUILTIN(backend); 300 CryptoDevBackendBuiltinSession *sess; 301 int ret; 302 303 if (op_info->session_id >= MAX_NUM_SESSIONS || 304 builtin->sessions[op_info->session_id] == NULL) { 305 error_setg(errp, "Cannot find a valid session id: %" PRIu64 "", 306 op_info->session_id); 307 return -VIRTIO_CRYPTO_INVSESS; 308 } 309 310 if (op_info->op_type == VIRTIO_CRYPTO_SYM_OP_ALGORITHM_CHAINING) { 311 error_setg(errp, 312 "Algorithm chain is unsupported for cryptdoev-builtin"); 313 return -VIRTIO_CRYPTO_NOTSUPP; 314 } 315 316 sess = builtin->sessions[op_info->session_id]; 317 318 if (op_info->iv_len > 0) { 319 ret = qcrypto_cipher_setiv(sess->cipher, op_info->iv, 320 op_info->iv_len, errp); 321 if (ret < 0) { 322 return -VIRTIO_CRYPTO_ERR; 323 } 324 } 325 326 if (sess->direction == VIRTIO_CRYPTO_OP_ENCRYPT) { 327 ret = qcrypto_cipher_encrypt(sess->cipher, op_info->src, 328 op_info->dst, op_info->src_len, errp); 329 if (ret < 0) { 330 return -VIRTIO_CRYPTO_ERR; 331 } 332 } else { 333 ret = qcrypto_cipher_decrypt(sess->cipher, op_info->src, 334 op_info->dst, op_info->src_len, errp); 335 if (ret < 0) { 336 return -VIRTIO_CRYPTO_ERR; 337 } 338 } 339 return VIRTIO_CRYPTO_OK; 340 } 341 342 static void cryptodev_builtin_cleanup( 343 CryptoDevBackend *backend, 344 Error **errp) 345 { 346 CryptoDevBackendBuiltin *builtin = 347 CRYPTODEV_BACKEND_BUILTIN(backend); 348 size_t i; 349 int queues = backend->conf.peers.queues; 350 CryptoDevBackendClient *cc; 351 352 for (i = 0; i < MAX_NUM_SESSIONS; i++) { 353 if (builtin->sessions[i] != NULL) { 354 cryptodev_builtin_sym_close_session(backend, i, 0, &error_abort); 355 } 356 } 357 358 for (i = 0; i < queues; i++) { 359 cc = backend->conf.peers.ccs[i]; 360 if (cc) { 361 cryptodev_backend_free_client(cc); 362 backend->conf.peers.ccs[i] = NULL; 363 } 364 } 365 366 cryptodev_backend_set_ready(backend, false); 367 } 368 369 static void 370 cryptodev_builtin_class_init(ObjectClass *oc, void *data) 371 { 372 CryptoDevBackendClass *bc = CRYPTODEV_BACKEND_CLASS(oc); 373 374 bc->init = cryptodev_builtin_init; 375 bc->cleanup = cryptodev_builtin_cleanup; 376 bc->create_session = cryptodev_builtin_sym_create_session; 377 bc->close_session = cryptodev_builtin_sym_close_session; 378 bc->do_sym_op = cryptodev_builtin_sym_operation; 379 } 380 381 static const TypeInfo cryptodev_builtin_info = { 382 .name = TYPE_CRYPTODEV_BACKEND_BUILTIN, 383 .parent = TYPE_CRYPTODEV_BACKEND, 384 .class_init = cryptodev_builtin_class_init, 385 .instance_size = sizeof(CryptoDevBackendBuiltin), 386 }; 387 388 static void 389 cryptodev_builtin_register_types(void) 390 { 391 type_register_static(&cryptodev_builtin_info); 392 } 393 394 type_init(cryptodev_builtin_register_types); 395