xref: /openbmc/qemu/crypto/cipher-afalg.c (revision 438c78da)
1 /*
2  * QEMU Crypto af_alg-backend cipher support
3  *
4  * Copyright (c) 2017 HUAWEI TECHNOLOGIES CO., LTD.
5  *
6  * Authors:
7  *    Longpeng(Mike) <longpeng2@huawei.com>
8  *
9  * This work is licensed under the terms of the GNU GPL, version 2 or
10  * (at your option) any later version.  See the COPYING file in the
11  * top-level directory.
12  */
13 #include "qemu/osdep.h"
14 #include "qemu/sockets.h"
15 #include "qemu-common.h"
16 #include "qapi/error.h"
17 #include "crypto/cipher.h"
18 #include "cipherpriv.h"
19 
20 
21 static char *
22 qcrypto_afalg_cipher_format_name(QCryptoCipherAlgorithm alg,
23                                  QCryptoCipherMode mode,
24                                  Error **errp)
25 {
26     char *name;
27     const char *alg_name;
28     const char *mode_name;
29 
30     switch (alg) {
31     case QCRYPTO_CIPHER_ALG_AES_128:
32     case QCRYPTO_CIPHER_ALG_AES_192:
33     case QCRYPTO_CIPHER_ALG_AES_256:
34         alg_name = "aes";
35         break;
36     case QCRYPTO_CIPHER_ALG_CAST5_128:
37         alg_name = "cast5";
38         break;
39     case QCRYPTO_CIPHER_ALG_SERPENT_128:
40     case QCRYPTO_CIPHER_ALG_SERPENT_192:
41     case QCRYPTO_CIPHER_ALG_SERPENT_256:
42         alg_name = "serpent";
43         break;
44     case QCRYPTO_CIPHER_ALG_TWOFISH_128:
45     case QCRYPTO_CIPHER_ALG_TWOFISH_192:
46     case QCRYPTO_CIPHER_ALG_TWOFISH_256:
47         alg_name = "twofish";
48         break;
49 
50     default:
51         error_setg(errp, "Unsupported cipher algorithm %d", alg);
52         return NULL;
53     }
54 
55     mode_name = QCryptoCipherMode_str(mode);
56     name = g_strdup_printf("%s(%s)", mode_name, alg_name);
57 
58     return name;
59 }
60 
61 QCryptoAFAlg *
62 qcrypto_afalg_cipher_ctx_new(QCryptoCipherAlgorithm alg,
63                              QCryptoCipherMode mode,
64                              const uint8_t *key,
65                              size_t nkey, Error **errp)
66 {
67     QCryptoAFAlg *afalg;
68     size_t expect_niv;
69     char *name;
70 
71     name = qcrypto_afalg_cipher_format_name(alg, mode, errp);
72     if (!name) {
73         return NULL;
74     }
75 
76     afalg = qcrypto_afalg_comm_alloc(AFALG_TYPE_CIPHER, name, errp);
77     if (!afalg) {
78         g_free(name);
79         return NULL;
80     }
81 
82     g_free(name);
83 
84     /* setkey */
85     if (qemu_setsockopt(afalg->tfmfd, SOL_ALG, ALG_SET_KEY, key,
86                         nkey) != 0) {
87         error_setg_errno(errp, errno, "Set key failed");
88         qcrypto_afalg_comm_free(afalg);
89         return NULL;
90     }
91 
92     /* prepare msg header */
93     afalg->msg = g_new0(struct msghdr, 1);
94     afalg->msg->msg_controllen += CMSG_SPACE(ALG_OPTYPE_LEN);
95     expect_niv = qcrypto_cipher_get_iv_len(alg, mode);
96     if (expect_niv) {
97         afalg->msg->msg_controllen += CMSG_SPACE(ALG_MSGIV_LEN(expect_niv));
98     }
99     afalg->msg->msg_control = g_new0(uint8_t, afalg->msg->msg_controllen);
100 
101     /* We use 1st msghdr for crypto-info and 2nd msghdr for IV-info */
102     afalg->cmsg = CMSG_FIRSTHDR(afalg->msg);
103     afalg->cmsg->cmsg_type = ALG_SET_OP;
104     afalg->cmsg->cmsg_len = CMSG_SPACE(ALG_OPTYPE_LEN);
105     if (expect_niv) {
106         afalg->cmsg = CMSG_NXTHDR(afalg->msg, afalg->cmsg);
107         afalg->cmsg->cmsg_type = ALG_SET_IV;
108         afalg->cmsg->cmsg_len = CMSG_SPACE(ALG_MSGIV_LEN(expect_niv));
109     }
110     afalg->cmsg = CMSG_FIRSTHDR(afalg->msg);
111 
112     return afalg;
113 }
114 
115 static int
116 qcrypto_afalg_cipher_setiv(QCryptoCipher *cipher,
117                            const uint8_t *iv,
118                            size_t niv, Error **errp)
119 {
120     struct af_alg_iv *alg_iv;
121     size_t expect_niv;
122     QCryptoAFAlg *afalg = cipher->opaque;
123 
124     expect_niv = qcrypto_cipher_get_iv_len(cipher->alg, cipher->mode);
125     if (niv != expect_niv) {
126         error_setg(errp, "Set IV len(%zu) not match expected(%zu)",
127                    niv, expect_niv);
128         return -1;
129     }
130 
131     /* move ->cmsg to next msghdr, for IV-info */
132     afalg->cmsg = CMSG_NXTHDR(afalg->msg, afalg->cmsg);
133 
134     /* build setiv msg */
135     afalg->cmsg->cmsg_level = SOL_ALG;
136     alg_iv = (struct af_alg_iv *)CMSG_DATA(afalg->cmsg);
137     alg_iv->ivlen = niv;
138     memcpy(alg_iv->iv, iv, niv);
139 
140     return 0;
141 }
142 
143 static int
144 qcrypto_afalg_cipher_op(QCryptoAFAlg *afalg,
145                         const void *in, void *out,
146                         size_t len, bool do_encrypt,
147                         Error **errp)
148 {
149     uint32_t *type = NULL;
150     struct iovec iov;
151     size_t ret, rlen, done = 0;
152     uint32_t origin_controllen;
153 
154     origin_controllen = afalg->msg->msg_controllen;
155     /* movev ->cmsg to first header, for crypto-info */
156     afalg->cmsg = CMSG_FIRSTHDR(afalg->msg);
157 
158     /* build encrypt msg */
159     afalg->cmsg->cmsg_level = SOL_ALG;
160     afalg->msg->msg_iov = &iov;
161     afalg->msg->msg_iovlen = 1;
162     type = (uint32_t *)CMSG_DATA(afalg->cmsg);
163     if (do_encrypt) {
164         *type = ALG_OP_ENCRYPT;
165     } else {
166         *type = ALG_OP_DECRYPT;
167     }
168 
169     do {
170         iov.iov_base = (void *)in + done;
171         iov.iov_len = len - done;
172 
173         /* send info to AF_ALG core */
174         ret = sendmsg(afalg->opfd, afalg->msg, 0);
175         if (ret == -1) {
176             error_setg_errno(errp, errno, "Send data to AF_ALG core failed");
177             return -1;
178         }
179 
180         /* encrypto && get result */
181         rlen = read(afalg->opfd, out, ret);
182         if (rlen == -1) {
183             error_setg_errno(errp, errno, "Get result from AF_ALG core failed");
184             return -1;
185         }
186         assert(rlen == ret);
187 
188         /* do not update IV for following chunks */
189         afalg->msg->msg_controllen = 0;
190         done += ret;
191     } while (done < len);
192 
193     afalg->msg->msg_controllen = origin_controllen;
194 
195     return 0;
196 }
197 
198 static int
199 qcrypto_afalg_cipher_encrypt(QCryptoCipher *cipher,
200                              const void *in, void *out,
201                              size_t len, Error **errp)
202 {
203     return qcrypto_afalg_cipher_op(cipher->opaque, in, out,
204                                    len, true, errp);
205 }
206 
207 static int
208 qcrypto_afalg_cipher_decrypt(QCryptoCipher *cipher,
209                              const void *in, void *out,
210                              size_t len, Error **errp)
211 {
212     return qcrypto_afalg_cipher_op(cipher->opaque, in, out,
213                                    len, false, errp);
214 }
215 
216 static void qcrypto_afalg_comm_ctx_free(QCryptoCipher *cipher)
217 {
218     qcrypto_afalg_comm_free(cipher->opaque);
219 }
220 
221 struct QCryptoCipherDriver qcrypto_cipher_afalg_driver = {
222     .cipher_encrypt = qcrypto_afalg_cipher_encrypt,
223     .cipher_decrypt = qcrypto_afalg_cipher_decrypt,
224     .cipher_setiv = qcrypto_afalg_cipher_setiv,
225     .cipher_free = qcrypto_afalg_comm_ctx_free,
226 };
227