xref: /openbmc/qemu/backends/cryptodev-builtin.c (revision ebe15582)
1 /*
2  * QEMU Cryptodev backend for QEMU cipher APIs
3  *
4  * Copyright (c) 2016 HUAWEI TECHNOLOGIES CO., LTD.
5  *
6  * Authors:
7  *    Gonglei <arei.gonglei@huawei.com>
8  *
9  * This library is free software; you can redistribute it and/or
10  * modify it under the terms of the GNU Lesser General Public
11  * License as published by the Free Software Foundation; either
12  * version 2 of the License, or (at your option) any later version.
13  *
14  * This library is distributed in the hope that it will be useful,
15  * but WITHOUT ANY WARRANTY; without even the implied warranty of
16  * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU
17  * Lesser General Public License for more details.
18  *
19  * You should have received a copy of the GNU Lesser General Public
20  * License along with this library; if not, see <http://www.gnu.org/licenses/>.
21  *
22  */
23 
24 #include "qemu/osdep.h"
25 #include "sysemu/cryptodev.h"
26 #include "qapi/error.h"
27 #include "standard-headers/linux/virtio_crypto.h"
28 #include "crypto/cipher.h"
29 
30 
31 /**
32  * @TYPE_CRYPTODEV_BACKEND_BUILTIN:
33  * name of backend that uses QEMU cipher API
34  */
35 #define TYPE_CRYPTODEV_BACKEND_BUILTIN "cryptodev-backend-builtin"
36 
37 #define CRYPTODEV_BACKEND_BUILTIN(obj) \
38     OBJECT_CHECK(CryptoDevBackendBuiltin, \
39                  (obj), TYPE_CRYPTODEV_BACKEND_BUILTIN)
40 
41 typedef struct CryptoDevBackendBuiltin
42                          CryptoDevBackendBuiltin;
43 
44 typedef struct CryptoDevBackendBuiltinSession {
45     QCryptoCipher *cipher;
46     uint8_t direction; /* encryption or decryption */
47     uint8_t type; /* cipher? hash? aead? */
48     QTAILQ_ENTRY(CryptoDevBackendBuiltinSession) next;
49 } CryptoDevBackendBuiltinSession;
50 
51 /* Max number of symmetric sessions */
52 #define MAX_NUM_SESSIONS 256
53 
54 #define CRYPTODEV_BUITLIN_MAX_AUTH_KEY_LEN    512
55 #define CRYPTODEV_BUITLIN_MAX_CIPHER_KEY_LEN  64
56 
57 struct CryptoDevBackendBuiltin {
58     CryptoDevBackend parent_obj;
59 
60     CryptoDevBackendBuiltinSession *sessions[MAX_NUM_SESSIONS];
61 };
62 
63 static void cryptodev_builtin_init(
64              CryptoDevBackend *backend, Error **errp)
65 {
66     /* Only support one queue */
67     int queues = backend->conf.peers.queues;
68     CryptoDevBackendClient *cc;
69 
70     if (queues != 1) {
71         error_setg(errp,
72                   "Only support one queue in cryptdov-builtin backend");
73         return;
74     }
75 
76     cc = cryptodev_backend_new_client(
77               "cryptodev-builtin", NULL);
78     cc->info_str = g_strdup_printf("cryptodev-builtin0");
79     cc->queue_index = 0;
80     cc->type = CRYPTODEV_BACKEND_TYPE_BUILTIN;
81     backend->conf.peers.ccs[0] = cc;
82 
83     backend->conf.crypto_services =
84                          1u << VIRTIO_CRYPTO_SERVICE_CIPHER |
85                          1u << VIRTIO_CRYPTO_SERVICE_HASH |
86                          1u << VIRTIO_CRYPTO_SERVICE_MAC;
87     backend->conf.cipher_algo_l = 1u << VIRTIO_CRYPTO_CIPHER_AES_CBC;
88     backend->conf.hash_algo = 1u << VIRTIO_CRYPTO_HASH_SHA1;
89     /*
90      * Set the Maximum length of crypto request.
91      * Why this value? Just avoid to overflow when
92      * memory allocation for each crypto request.
93      */
94     backend->conf.max_size = LONG_MAX - sizeof(CryptoDevBackendSymOpInfo);
95     backend->conf.max_cipher_key_len = CRYPTODEV_BUITLIN_MAX_CIPHER_KEY_LEN;
96     backend->conf.max_auth_key_len = CRYPTODEV_BUITLIN_MAX_AUTH_KEY_LEN;
97 
98     cryptodev_backend_set_ready(backend, true);
99 }
100 
101 static int
102 cryptodev_builtin_get_unused_session_index(
103                  CryptoDevBackendBuiltin *builtin)
104 {
105     size_t i;
106 
107     for (i = 0; i < MAX_NUM_SESSIONS; i++) {
108         if (builtin->sessions[i] == NULL) {
109             return i;
110         }
111     }
112 
113     return -1;
114 }
115 
116 #define AES_KEYSIZE_128 16
117 #define AES_KEYSIZE_192 24
118 #define AES_KEYSIZE_256 32
119 #define AES_KEYSIZE_128_XTS AES_KEYSIZE_256
120 #define AES_KEYSIZE_256_XTS 64
121 
122 static int
123 cryptodev_builtin_get_aes_algo(uint32_t key_len, int mode, Error **errp)
124 {
125     int algo;
126 
127     if (key_len == AES_KEYSIZE_128) {
128         algo = QCRYPTO_CIPHER_ALG_AES_128;
129     } else if (key_len == AES_KEYSIZE_192) {
130         algo = QCRYPTO_CIPHER_ALG_AES_192;
131     } else if (key_len == AES_KEYSIZE_256) { /* equals AES_KEYSIZE_128_XTS */
132         if (mode == QCRYPTO_CIPHER_MODE_XTS) {
133             algo = QCRYPTO_CIPHER_ALG_AES_128;
134         } else {
135             algo = QCRYPTO_CIPHER_ALG_AES_256;
136         }
137     } else if (key_len == AES_KEYSIZE_256_XTS) {
138         if (mode == QCRYPTO_CIPHER_MODE_XTS) {
139             algo = QCRYPTO_CIPHER_ALG_AES_256;
140         } else {
141             goto err;
142         }
143     } else {
144         goto err;
145     }
146 
147     return algo;
148 
149 err:
150    error_setg(errp, "Unsupported key length :%u", key_len);
151    return -1;
152 }
153 
154 static int cryptodev_builtin_create_cipher_session(
155                     CryptoDevBackendBuiltin *builtin,
156                     CryptoDevBackendSymSessionInfo *sess_info,
157                     Error **errp)
158 {
159     int algo;
160     int mode;
161     QCryptoCipher *cipher;
162     int index;
163     CryptoDevBackendBuiltinSession *sess;
164 
165     if (sess_info->op_type != VIRTIO_CRYPTO_SYM_OP_CIPHER) {
166         error_setg(errp, "Unsupported optype :%u", sess_info->op_type);
167         return -1;
168     }
169 
170     index = cryptodev_builtin_get_unused_session_index(builtin);
171     if (index < 0) {
172         error_setg(errp, "Total number of sessions created exceeds %u",
173                   MAX_NUM_SESSIONS);
174         return -1;
175     }
176 
177     switch (sess_info->cipher_alg) {
178     case VIRTIO_CRYPTO_CIPHER_AES_ECB:
179         mode = QCRYPTO_CIPHER_MODE_ECB;
180         algo = cryptodev_builtin_get_aes_algo(sess_info->key_len,
181                                                     mode, errp);
182         if (algo < 0)  {
183             return -1;
184         }
185         break;
186     case VIRTIO_CRYPTO_CIPHER_AES_CBC:
187         mode = QCRYPTO_CIPHER_MODE_CBC;
188         algo = cryptodev_builtin_get_aes_algo(sess_info->key_len,
189                                                     mode, errp);
190         if (algo < 0)  {
191             return -1;
192         }
193         break;
194     case VIRTIO_CRYPTO_CIPHER_AES_CTR:
195         mode = QCRYPTO_CIPHER_MODE_CTR;
196         algo = cryptodev_builtin_get_aes_algo(sess_info->key_len,
197                                                     mode, errp);
198         if (algo < 0)  {
199             return -1;
200         }
201         break;
202     case VIRTIO_CRYPTO_CIPHER_AES_XTS:
203         mode = QCRYPTO_CIPHER_MODE_XTS;
204         algo = cryptodev_builtin_get_aes_algo(sess_info->key_len,
205                                                     mode, errp);
206         if (algo < 0)  {
207             return -1;
208         }
209         break;
210     case VIRTIO_CRYPTO_CIPHER_3DES_ECB:
211         mode = QCRYPTO_CIPHER_MODE_ECB;
212         algo = QCRYPTO_CIPHER_ALG_3DES;
213         break;
214     case VIRTIO_CRYPTO_CIPHER_3DES_CBC:
215         mode = QCRYPTO_CIPHER_MODE_CBC;
216         algo = QCRYPTO_CIPHER_ALG_3DES;
217         break;
218     case VIRTIO_CRYPTO_CIPHER_3DES_CTR:
219         mode = QCRYPTO_CIPHER_MODE_CTR;
220         algo = QCRYPTO_CIPHER_ALG_3DES;
221         break;
222     default:
223         error_setg(errp, "Unsupported cipher alg :%u",
224                    sess_info->cipher_alg);
225         return -1;
226     }
227 
228     cipher = qcrypto_cipher_new(algo, mode,
229                                sess_info->cipher_key,
230                                sess_info->key_len,
231                                errp);
232     if (!cipher) {
233         return -1;
234     }
235 
236     sess = g_new0(CryptoDevBackendBuiltinSession, 1);
237     sess->cipher = cipher;
238     sess->direction = sess_info->direction;
239     sess->type = sess_info->op_type;
240 
241     builtin->sessions[index] = sess;
242 
243     return index;
244 }
245 
246 static int64_t cryptodev_builtin_sym_create_session(
247            CryptoDevBackend *backend,
248            CryptoDevBackendSymSessionInfo *sess_info,
249            uint32_t queue_index, Error **errp)
250 {
251     CryptoDevBackendBuiltin *builtin =
252                       CRYPTODEV_BACKEND_BUILTIN(backend);
253     int64_t session_id = -1;
254     int ret;
255 
256     switch (sess_info->op_code) {
257     case VIRTIO_CRYPTO_CIPHER_CREATE_SESSION:
258         ret = cryptodev_builtin_create_cipher_session(
259                            builtin, sess_info, errp);
260         if (ret < 0) {
261             return ret;
262         } else {
263             session_id = ret;
264         }
265         break;
266     case VIRTIO_CRYPTO_HASH_CREATE_SESSION:
267     case VIRTIO_CRYPTO_MAC_CREATE_SESSION:
268     default:
269         error_setg(errp, "Unsupported opcode :%" PRIu32 "",
270                    sess_info->op_code);
271         return -1;
272     }
273 
274     return session_id;
275 }
276 
277 static int cryptodev_builtin_sym_close_session(
278            CryptoDevBackend *backend,
279            uint64_t session_id,
280            uint32_t queue_index, Error **errp)
281 {
282     CryptoDevBackendBuiltin *builtin =
283                       CRYPTODEV_BACKEND_BUILTIN(backend);
284 
285     if (session_id >= MAX_NUM_SESSIONS ||
286               builtin->sessions[session_id] == NULL) {
287         error_setg(errp, "Cannot find a valid session id: %" PRIu64 "",
288                       session_id);
289         return -1;
290     }
291 
292     qcrypto_cipher_free(builtin->sessions[session_id]->cipher);
293     g_free(builtin->sessions[session_id]);
294     builtin->sessions[session_id] = NULL;
295     return 0;
296 }
297 
298 static int cryptodev_builtin_sym_operation(
299                  CryptoDevBackend *backend,
300                  CryptoDevBackendSymOpInfo *op_info,
301                  uint32_t queue_index, Error **errp)
302 {
303     CryptoDevBackendBuiltin *builtin =
304                       CRYPTODEV_BACKEND_BUILTIN(backend);
305     CryptoDevBackendBuiltinSession *sess;
306     int ret;
307 
308     if (op_info->session_id >= MAX_NUM_SESSIONS ||
309               builtin->sessions[op_info->session_id] == NULL) {
310         error_setg(errp, "Cannot find a valid session id: %" PRIu64 "",
311                    op_info->session_id);
312         return -VIRTIO_CRYPTO_INVSESS;
313     }
314 
315     if (op_info->op_type == VIRTIO_CRYPTO_SYM_OP_ALGORITHM_CHAINING) {
316         error_setg(errp,
317                "Algorithm chain is unsupported for cryptdoev-builtin");
318         return -VIRTIO_CRYPTO_NOTSUPP;
319     }
320 
321     sess = builtin->sessions[op_info->session_id];
322 
323     if (op_info->iv_len > 0) {
324         ret = qcrypto_cipher_setiv(sess->cipher, op_info->iv,
325                                    op_info->iv_len, errp);
326         if (ret < 0) {
327             return -VIRTIO_CRYPTO_ERR;
328         }
329     }
330 
331     if (sess->direction == VIRTIO_CRYPTO_OP_ENCRYPT) {
332         ret = qcrypto_cipher_encrypt(sess->cipher, op_info->src,
333                                      op_info->dst, op_info->src_len, errp);
334         if (ret < 0) {
335             return -VIRTIO_CRYPTO_ERR;
336         }
337     } else {
338         ret = qcrypto_cipher_decrypt(sess->cipher, op_info->src,
339                                      op_info->dst, op_info->src_len, errp);
340         if (ret < 0) {
341             return -VIRTIO_CRYPTO_ERR;
342         }
343     }
344     return VIRTIO_CRYPTO_OK;
345 }
346 
347 static void cryptodev_builtin_cleanup(
348              CryptoDevBackend *backend,
349              Error **errp)
350 {
351     CryptoDevBackendBuiltin *builtin =
352                       CRYPTODEV_BACKEND_BUILTIN(backend);
353     size_t i;
354     int queues = backend->conf.peers.queues;
355     CryptoDevBackendClient *cc;
356 
357     for (i = 0; i < MAX_NUM_SESSIONS; i++) {
358         if (builtin->sessions[i] != NULL) {
359             cryptodev_builtin_sym_close_session(
360                     backend, i, 0, errp);
361         }
362     }
363 
364     for (i = 0; i < queues; i++) {
365         cc = backend->conf.peers.ccs[i];
366         if (cc) {
367             cryptodev_backend_free_client(cc);
368             backend->conf.peers.ccs[i] = NULL;
369         }
370     }
371 
372     cryptodev_backend_set_ready(backend, false);
373 }
374 
375 static void
376 cryptodev_builtin_class_init(ObjectClass *oc, void *data)
377 {
378     CryptoDevBackendClass *bc = CRYPTODEV_BACKEND_CLASS(oc);
379 
380     bc->init = cryptodev_builtin_init;
381     bc->cleanup = cryptodev_builtin_cleanup;
382     bc->create_session = cryptodev_builtin_sym_create_session;
383     bc->close_session = cryptodev_builtin_sym_close_session;
384     bc->do_sym_op = cryptodev_builtin_sym_operation;
385 }
386 
387 static const TypeInfo cryptodev_builtin_info = {
388     .name = TYPE_CRYPTODEV_BACKEND_BUILTIN,
389     .parent = TYPE_CRYPTODEV_BACKEND,
390     .class_init = cryptodev_builtin_class_init,
391     .instance_size = sizeof(CryptoDevBackendBuiltin),
392 };
393 
394 static void
395 cryptodev_builtin_register_types(void)
396 {
397     type_register_static(&cryptodev_builtin_info);
398 }
399 
400 type_init(cryptodev_builtin_register_types);
401