2 * QEMU Cryptodev backend for QEMU cipher APIs
4 * Copyright (c) 2016 HUAWEI TECHNOLOGIES CO., LTD.
7 * Gonglei <arei.gonglei@huawei.com>
9 * This library is free software; you can redistribute it and/or
10 * modify it under the terms of the GNU Lesser General Public
11 * License as published by the Free Software Foundation; either
12 * version 2 of the License, or (at your option) any later version.
14 * This library is distributed in the hope that it will be useful,
15 * but WITHOUT ANY WARRANTY; without even the implied warranty of
16 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
17 * Lesser General Public License for more details.
19 * You should have received a copy of the GNU Lesser General Public
20 * License along with this library; if not, see <http://www.gnu.org/licenses/>.
24 #include "qemu/osdep.h"
25 #include "sysemu/cryptodev.h"
26 #include "qapi/error.h"
27 #include "standard-headers/linux/virtio_crypto.h"
28 #include "crypto/cipher.h"
32 * @TYPE_CRYPTODEV_BACKEND_BUILTIN:
33 * name of backend that uses QEMU cipher API
35 #define TYPE_CRYPTODEV_BACKEND_BUILTIN "cryptodev-backend-builtin"
37 #define CRYPTODEV_BACKEND_BUILTIN(obj) \
38 OBJECT_CHECK(CryptoDevBackendBuiltin, \
39 (obj), TYPE_CRYPTODEV_BACKEND_BUILTIN)
41 typedef struct CryptoDevBackendBuiltin
42 CryptoDevBackendBuiltin
;
44 typedef struct CryptoDevBackendBuiltinSession
{
45 QCryptoCipher
*cipher
;
46 uint8_t direction
; /* encryption or decryption */
47 uint8_t type
; /* cipher? hash? aead? */
48 QTAILQ_ENTRY(CryptoDevBackendBuiltinSession
) next
;
49 } CryptoDevBackendBuiltinSession
;
51 /* Max number of symmetric sessions */
52 #define MAX_NUM_SESSIONS 256
54 #define CRYPTODEV_BUITLIN_MAX_AUTH_KEY_LEN 512
55 #define CRYPTODEV_BUITLIN_MAX_CIPHER_KEY_LEN 64
57 struct CryptoDevBackendBuiltin
{
58 CryptoDevBackend parent_obj
;
60 CryptoDevBackendBuiltinSession
*sessions
[MAX_NUM_SESSIONS
];
63 static void cryptodev_builtin_init(
64 CryptoDevBackend
*backend
, Error
**errp
)
66 /* Only support one queue */
67 int queues
= backend
->conf
.peers
.queues
;
68 CryptoDevBackendClient
*cc
;
72 "Only support one queue in cryptdov-builtin backend");
76 cc
= cryptodev_backend_new_client(
77 "cryptodev-builtin", NULL
);
78 cc
->info_str
= g_strdup_printf("cryptodev-builtin0");
80 cc
->type
= CRYPTODEV_BACKEND_TYPE_BUILTIN
;
81 backend
->conf
.peers
.ccs
[0] = cc
;
83 backend
->conf
.crypto_services
=
84 1u << VIRTIO_CRYPTO_SERVICE_CIPHER
|
85 1u << VIRTIO_CRYPTO_SERVICE_HASH
|
86 1u << VIRTIO_CRYPTO_SERVICE_MAC
;
87 backend
->conf
.cipher_algo_l
= 1u << VIRTIO_CRYPTO_CIPHER_AES_CBC
;
88 backend
->conf
.hash_algo
= 1u << VIRTIO_CRYPTO_HASH_SHA1
;
90 * Set the Maximum length of crypto request.
91 * Why this value? Just avoid to overflow when
92 * memory allocation for each crypto request.
94 backend
->conf
.max_size
= LONG_MAX
- sizeof(CryptoDevBackendSymOpInfo
);
95 backend
->conf
.max_cipher_key_len
= CRYPTODEV_BUITLIN_MAX_CIPHER_KEY_LEN
;
96 backend
->conf
.max_auth_key_len
= CRYPTODEV_BUITLIN_MAX_AUTH_KEY_LEN
;
98 cryptodev_backend_set_ready(backend
, true);
102 cryptodev_builtin_get_unused_session_index(
103 CryptoDevBackendBuiltin
*builtin
)
107 for (i
= 0; i
< MAX_NUM_SESSIONS
; i
++) {
108 if (builtin
->sessions
[i
] == NULL
) {
116 #define AES_KEYSIZE_128 16
117 #define AES_KEYSIZE_192 24
118 #define AES_KEYSIZE_256 32
119 #define AES_KEYSIZE_128_XTS AES_KEYSIZE_256
120 #define AES_KEYSIZE_256_XTS 64
123 cryptodev_builtin_get_aes_algo(uint32_t key_len
, int mode
, Error
**errp
)
127 if (key_len
== AES_KEYSIZE_128
) {
128 algo
= QCRYPTO_CIPHER_ALG_AES_128
;
129 } else if (key_len
== AES_KEYSIZE_192
) {
130 algo
= QCRYPTO_CIPHER_ALG_AES_192
;
131 } else if (key_len
== AES_KEYSIZE_256
) { /* equals AES_KEYSIZE_128_XTS */
132 if (mode
== QCRYPTO_CIPHER_MODE_XTS
) {
133 algo
= QCRYPTO_CIPHER_ALG_AES_128
;
135 algo
= QCRYPTO_CIPHER_ALG_AES_256
;
137 } else if (key_len
== AES_KEYSIZE_256_XTS
) {
138 if (mode
== QCRYPTO_CIPHER_MODE_XTS
) {
139 algo
= QCRYPTO_CIPHER_ALG_AES_256
;
150 error_setg(errp
, "Unsupported key length :%u", key_len
);
154 static int cryptodev_builtin_create_cipher_session(
155 CryptoDevBackendBuiltin
*builtin
,
156 CryptoDevBackendSymSessionInfo
*sess_info
,
161 QCryptoCipher
*cipher
;
163 CryptoDevBackendBuiltinSession
*sess
;
165 if (sess_info
->op_type
!= VIRTIO_CRYPTO_SYM_OP_CIPHER
) {
166 error_setg(errp
, "Unsupported optype :%u", sess_info
->op_type
);
170 index
= cryptodev_builtin_get_unused_session_index(builtin
);
172 error_setg(errp
, "Total number of sessions created exceeds %u",
177 switch (sess_info
->cipher_alg
) {
178 case VIRTIO_CRYPTO_CIPHER_AES_ECB
:
179 mode
= QCRYPTO_CIPHER_MODE_ECB
;
180 algo
= cryptodev_builtin_get_aes_algo(sess_info
->key_len
,
186 case VIRTIO_CRYPTO_CIPHER_AES_CBC
:
187 mode
= QCRYPTO_CIPHER_MODE_CBC
;
188 algo
= cryptodev_builtin_get_aes_algo(sess_info
->key_len
,
194 case VIRTIO_CRYPTO_CIPHER_AES_CTR
:
195 mode
= QCRYPTO_CIPHER_MODE_CTR
;
196 algo
= cryptodev_builtin_get_aes_algo(sess_info
->key_len
,
202 case VIRTIO_CRYPTO_CIPHER_AES_XTS
:
203 mode
= QCRYPTO_CIPHER_MODE_XTS
;
204 algo
= cryptodev_builtin_get_aes_algo(sess_info
->key_len
,
210 case VIRTIO_CRYPTO_CIPHER_3DES_ECB
:
211 mode
= QCRYPTO_CIPHER_MODE_ECB
;
212 algo
= QCRYPTO_CIPHER_ALG_3DES
;
214 case VIRTIO_CRYPTO_CIPHER_3DES_CBC
:
215 mode
= QCRYPTO_CIPHER_MODE_CBC
;
216 algo
= QCRYPTO_CIPHER_ALG_3DES
;
218 case VIRTIO_CRYPTO_CIPHER_3DES_CTR
:
219 mode
= QCRYPTO_CIPHER_MODE_CTR
;
220 algo
= QCRYPTO_CIPHER_ALG_3DES
;
223 error_setg(errp
, "Unsupported cipher alg :%u",
224 sess_info
->cipher_alg
);
228 cipher
= qcrypto_cipher_new(algo
, mode
,
229 sess_info
->cipher_key
,
236 sess
= g_new0(CryptoDevBackendBuiltinSession
, 1);
237 sess
->cipher
= cipher
;
238 sess
->direction
= sess_info
->direction
;
239 sess
->type
= sess_info
->op_type
;
241 builtin
->sessions
[index
] = sess
;
246 static int64_t cryptodev_builtin_sym_create_session(
247 CryptoDevBackend
*backend
,
248 CryptoDevBackendSymSessionInfo
*sess_info
,
249 uint32_t queue_index
, Error
**errp
)
251 CryptoDevBackendBuiltin
*builtin
=
252 CRYPTODEV_BACKEND_BUILTIN(backend
);
253 int64_t session_id
= -1;
256 switch (sess_info
->op_code
) {
257 case VIRTIO_CRYPTO_CIPHER_CREATE_SESSION
:
258 ret
= cryptodev_builtin_create_cipher_session(
259 builtin
, sess_info
, errp
);
266 case VIRTIO_CRYPTO_HASH_CREATE_SESSION
:
267 case VIRTIO_CRYPTO_MAC_CREATE_SESSION
:
269 error_setg(errp
, "Unsupported opcode :%" PRIu32
"",
277 static int cryptodev_builtin_sym_close_session(
278 CryptoDevBackend
*backend
,
280 uint32_t queue_index
, Error
**errp
)
282 CryptoDevBackendBuiltin
*builtin
=
283 CRYPTODEV_BACKEND_BUILTIN(backend
);
285 assert(session_id
< MAX_NUM_SESSIONS
&& builtin
->sessions
[session_id
]);
287 qcrypto_cipher_free(builtin
->sessions
[session_id
]->cipher
);
288 g_free(builtin
->sessions
[session_id
]);
289 builtin
->sessions
[session_id
] = NULL
;
293 static int cryptodev_builtin_sym_operation(
294 CryptoDevBackend
*backend
,
295 CryptoDevBackendSymOpInfo
*op_info
,
296 uint32_t queue_index
, Error
**errp
)
298 CryptoDevBackendBuiltin
*builtin
=
299 CRYPTODEV_BACKEND_BUILTIN(backend
);
300 CryptoDevBackendBuiltinSession
*sess
;
303 if (op_info
->session_id
>= MAX_NUM_SESSIONS
||
304 builtin
->sessions
[op_info
->session_id
] == NULL
) {
305 error_setg(errp
, "Cannot find a valid session id: %" PRIu64
"",
306 op_info
->session_id
);
307 return -VIRTIO_CRYPTO_INVSESS
;
310 if (op_info
->op_type
== VIRTIO_CRYPTO_SYM_OP_ALGORITHM_CHAINING
) {
312 "Algorithm chain is unsupported for cryptdoev-builtin");
313 return -VIRTIO_CRYPTO_NOTSUPP
;
316 sess
= builtin
->sessions
[op_info
->session_id
];
318 if (op_info
->iv_len
> 0) {
319 ret
= qcrypto_cipher_setiv(sess
->cipher
, op_info
->iv
,
320 op_info
->iv_len
, errp
);
322 return -VIRTIO_CRYPTO_ERR
;
326 if (sess
->direction
== VIRTIO_CRYPTO_OP_ENCRYPT
) {
327 ret
= qcrypto_cipher_encrypt(sess
->cipher
, op_info
->src
,
328 op_info
->dst
, op_info
->src_len
, errp
);
330 return -VIRTIO_CRYPTO_ERR
;
333 ret
= qcrypto_cipher_decrypt(sess
->cipher
, op_info
->src
,
334 op_info
->dst
, op_info
->src_len
, errp
);
336 return -VIRTIO_CRYPTO_ERR
;
339 return VIRTIO_CRYPTO_OK
;
342 static void cryptodev_builtin_cleanup(
343 CryptoDevBackend
*backend
,
346 CryptoDevBackendBuiltin
*builtin
=
347 CRYPTODEV_BACKEND_BUILTIN(backend
);
349 int queues
= backend
->conf
.peers
.queues
;
350 CryptoDevBackendClient
*cc
;
352 for (i
= 0; i
< MAX_NUM_SESSIONS
; i
++) {
353 if (builtin
->sessions
[i
] != NULL
) {
354 cryptodev_builtin_sym_close_session(backend
, i
, 0, &error_abort
);
358 for (i
= 0; i
< queues
; i
++) {
359 cc
= backend
->conf
.peers
.ccs
[i
];
361 cryptodev_backend_free_client(cc
);
362 backend
->conf
.peers
.ccs
[i
] = NULL
;
366 cryptodev_backend_set_ready(backend
, false);
370 cryptodev_builtin_class_init(ObjectClass
*oc
, void *data
)
372 CryptoDevBackendClass
*bc
= CRYPTODEV_BACKEND_CLASS(oc
);
374 bc
->init
= cryptodev_builtin_init
;
375 bc
->cleanup
= cryptodev_builtin_cleanup
;
376 bc
->create_session
= cryptodev_builtin_sym_create_session
;
377 bc
->close_session
= cryptodev_builtin_sym_close_session
;
378 bc
->do_sym_op
= cryptodev_builtin_sym_operation
;
381 static const TypeInfo cryptodev_builtin_info
= {
382 .name
= TYPE_CRYPTODEV_BACKEND_BUILTIN
,
383 .parent
= TYPE_CRYPTODEV_BACKEND
,
384 .class_init
= cryptodev_builtin_class_init
,
385 .instance_size
= sizeof(CryptoDevBackendBuiltin
),
389 cryptodev_builtin_register_types(void)
391 type_register_static(&cryptodev_builtin_info
);
394 type_init(cryptodev_builtin_register_types
);