2 * Virtio crypto Support
4 * Copyright (c) 2016 HUAWEI TECHNOLOGIES CO., LTD.
7 * Gonglei <arei.gonglei@huawei.com>
9 * This work is licensed under the terms of the GNU GPL, version 2 or
10 * (at your option) any later version. See the COPYING file in the
11 * top-level directory.
13 #include "qemu/osdep.h"
16 #include "qapi/error.h"
17 #include "qemu/error-report.h"
19 #include "hw/virtio/virtio.h"
20 #include "hw/virtio/virtio-crypto.h"
21 #include "hw/virtio/virtio-access.h"
22 #include "standard-headers/linux/virtio_ids.h"
24 #define VIRTIO_CRYPTO_VM_VERSION 1
27 * Transfer virtqueue index to crypto queue index.
28 * The control virtqueue is after the data virtqueues
29 * so the input value doesn't need to be adjusted
31 static inline int virtio_crypto_vq2q(int queue_index
)
37 virtio_crypto_cipher_session_helper(VirtIODevice
*vdev
,
38 CryptoDevBackendSymSessionInfo
*info
,
39 struct virtio_crypto_cipher_session_para
*cipher_para
,
40 struct iovec
**iov
, unsigned int *out_num
)
42 VirtIOCrypto
*vcrypto
= VIRTIO_CRYPTO(vdev
);
43 unsigned int num
= *out_num
;
45 info
->cipher_alg
= ldl_le_p(&cipher_para
->algo
);
46 info
->key_len
= ldl_le_p(&cipher_para
->keylen
);
47 info
->direction
= ldl_le_p(&cipher_para
->op
);
48 DPRINTF("cipher_alg=%" PRIu32
", info->direction=%" PRIu32
"\n",
49 info
->cipher_alg
, info
->direction
);
51 if (info
->key_len
> vcrypto
->conf
.max_cipher_key_len
) {
52 error_report("virtio-crypto length of cipher key is too big: %u",
54 return -VIRTIO_CRYPTO_ERR
;
57 if (info
->key_len
> 0) {
59 DPRINTF("keylen=%" PRIu32
"\n", info
->key_len
);
61 info
->cipher_key
= g_malloc(info
->key_len
);
62 s
= iov_to_buf(*iov
, num
, 0, info
->cipher_key
, info
->key_len
);
63 if (unlikely(s
!= info
->key_len
)) {
64 virtio_error(vdev
, "virtio-crypto cipher key incorrect");
67 iov_discard_front(iov
, &num
, info
->key_len
);
75 virtio_crypto_create_sym_session(VirtIOCrypto
*vcrypto
,
76 struct virtio_crypto_sym_create_session_req
*sess_req
,
79 struct iovec
*iov
, unsigned int out_num
)
81 VirtIODevice
*vdev
= VIRTIO_DEVICE(vcrypto
);
82 CryptoDevBackendSymSessionInfo info
;
86 Error
*local_err
= NULL
;
89 memset(&info
, 0, sizeof(info
));
90 op_type
= ldl_le_p(&sess_req
->op_type
);
91 info
.op_type
= op_type
;
92 info
.op_code
= opcode
;
94 if (op_type
== VIRTIO_CRYPTO_SYM_OP_CIPHER
) {
95 ret
= virtio_crypto_cipher_session_helper(vdev
, &info
,
96 &sess_req
->u
.cipher
.para
,
101 } else if (op_type
== VIRTIO_CRYPTO_SYM_OP_ALGORITHM_CHAINING
) {
104 ret
= virtio_crypto_cipher_session_helper(vdev
, &info
,
105 &sess_req
->u
.chain
.para
.cipher_param
,
111 info
.alg_chain_order
= ldl_le_p(
112 &sess_req
->u
.chain
.para
.alg_chain_order
);
113 info
.add_len
= ldl_le_p(&sess_req
->u
.chain
.para
.aad_len
);
114 info
.hash_mode
= ldl_le_p(&sess_req
->u
.chain
.para
.hash_mode
);
115 if (info
.hash_mode
== VIRTIO_CRYPTO_SYM_HASH_MODE_AUTH
) {
116 info
.hash_alg
= ldl_le_p(&sess_req
->u
.chain
.para
.u
.mac_param
.algo
);
117 info
.auth_key_len
= ldl_le_p(
118 &sess_req
->u
.chain
.para
.u
.mac_param
.auth_key_len
);
119 info
.hash_result_len
= ldl_le_p(
120 &sess_req
->u
.chain
.para
.u
.mac_param
.hash_result_len
);
121 if (info
.auth_key_len
> vcrypto
->conf
.max_auth_key_len
) {
122 error_report("virtio-crypto length of auth key is too big: %u",
124 ret
= -VIRTIO_CRYPTO_ERR
;
128 if (info
.auth_key_len
> 0) {
129 DPRINTF("auth_keylen=%" PRIu32
"\n", info
.auth_key_len
);
130 info
.auth_key
= g_malloc(info
.auth_key_len
);
131 s
= iov_to_buf(iov
, out_num
, 0, info
.auth_key
,
133 if (unlikely(s
!= info
.auth_key_len
)) {
135 "virtio-crypto authenticated key incorrect");
139 iov_discard_front(&iov
, &out_num
, info
.auth_key_len
);
141 } else if (info
.hash_mode
== VIRTIO_CRYPTO_SYM_HASH_MODE_PLAIN
) {
142 info
.hash_alg
= ldl_le_p(
143 &sess_req
->u
.chain
.para
.u
.hash_param
.algo
);
144 info
.hash_result_len
= ldl_le_p(
145 &sess_req
->u
.chain
.para
.u
.hash_param
.hash_result_len
);
147 /* VIRTIO_CRYPTO_SYM_HASH_MODE_NESTED */
148 error_report("unsupported hash mode");
149 ret
= -VIRTIO_CRYPTO_NOTSUPP
;
153 /* VIRTIO_CRYPTO_SYM_OP_NONE */
154 error_report("unsupported cipher op_type: VIRTIO_CRYPTO_SYM_OP_NONE");
155 ret
= -VIRTIO_CRYPTO_NOTSUPP
;
159 queue_index
= virtio_crypto_vq2q(queue_id
);
160 session_id
= cryptodev_backend_sym_create_session(
162 &info
, queue_index
, &local_err
);
163 if (session_id
>= 0) {
164 DPRINTF("create session_id=%" PRIu64
" successfully\n",
170 error_report_err(local_err
);
172 ret
= -VIRTIO_CRYPTO_ERR
;
176 g_free(info
.cipher_key
);
177 g_free(info
.auth_key
);
182 virtio_crypto_handle_close_session(VirtIOCrypto
*vcrypto
,
183 struct virtio_crypto_destroy_session_req
*close_sess_req
,
189 Error
*local_err
= NULL
;
191 session_id
= ldq_le_p(&close_sess_req
->session_id
);
192 DPRINTF("close session, id=%" PRIu64
"\n", session_id
);
194 ret
= cryptodev_backend_sym_close_session(
195 vcrypto
->cryptodev
, session_id
, queue_id
, &local_err
);
197 status
= VIRTIO_CRYPTO_OK
;
200 error_report_err(local_err
);
202 error_report("destroy session failed");
204 status
= VIRTIO_CRYPTO_ERR
;
210 static void virtio_crypto_handle_ctrl(VirtIODevice
*vdev
, VirtQueue
*vq
)
212 VirtIOCrypto
*vcrypto
= VIRTIO_CRYPTO(vdev
);
213 struct virtio_crypto_op_ctrl_req ctrl
;
214 VirtQueueElement
*elem
;
215 struct iovec
*in_iov
;
216 struct iovec
*out_iov
;
221 struct virtio_crypto_session_input input
;
227 elem
= virtqueue_pop(vq
, sizeof(VirtQueueElement
));
231 if (elem
->out_num
< 1 || elem
->in_num
< 1) {
232 virtio_error(vdev
, "virtio-crypto ctrl missing headers");
233 virtqueue_detach_element(vq
, elem
, 0);
238 out_num
= elem
->out_num
;
239 out_iov
= elem
->out_sg
;
240 in_num
= elem
->in_num
;
241 in_iov
= elem
->in_sg
;
242 if (unlikely(iov_to_buf(out_iov
, out_num
, 0, &ctrl
, sizeof(ctrl
))
244 virtio_error(vdev
, "virtio-crypto request ctrl_hdr too short");
245 virtqueue_detach_element(vq
, elem
, 0);
249 iov_discard_front(&out_iov
, &out_num
, sizeof(ctrl
));
251 opcode
= ldl_le_p(&ctrl
.header
.opcode
);
252 queue_id
= ldl_le_p(&ctrl
.header
.queue_id
);
255 case VIRTIO_CRYPTO_CIPHER_CREATE_SESSION
:
256 memset(&input
, 0, sizeof(input
));
257 session_id
= virtio_crypto_create_sym_session(vcrypto
,
258 &ctrl
.u
.sym_create_session
,
261 /* Serious errors, need to reset virtio crypto device */
262 if (session_id
== -EFAULT
) {
263 virtqueue_detach_element(vq
, elem
, 0);
265 } else if (session_id
== -VIRTIO_CRYPTO_NOTSUPP
) {
266 stl_le_p(&input
.status
, VIRTIO_CRYPTO_NOTSUPP
);
267 } else if (session_id
== -VIRTIO_CRYPTO_ERR
) {
268 stl_le_p(&input
.status
, VIRTIO_CRYPTO_ERR
);
270 /* Set the session id */
271 stq_le_p(&input
.session_id
, session_id
);
272 stl_le_p(&input
.status
, VIRTIO_CRYPTO_OK
);
275 s
= iov_from_buf(in_iov
, in_num
, 0, &input
, sizeof(input
));
276 if (unlikely(s
!= sizeof(input
))) {
277 virtio_error(vdev
, "virtio-crypto input incorrect");
278 virtqueue_detach_element(vq
, elem
, 0);
281 virtqueue_push(vq
, elem
, sizeof(input
));
282 virtio_notify(vdev
, vq
);
284 case VIRTIO_CRYPTO_CIPHER_DESTROY_SESSION
:
285 case VIRTIO_CRYPTO_HASH_DESTROY_SESSION
:
286 case VIRTIO_CRYPTO_MAC_DESTROY_SESSION
:
287 case VIRTIO_CRYPTO_AEAD_DESTROY_SESSION
:
288 status
= virtio_crypto_handle_close_session(vcrypto
,
289 &ctrl
.u
.destroy_session
, queue_id
);
290 /* The status only occupy one byte, we can directly use it */
291 s
= iov_from_buf(in_iov
, in_num
, 0, &status
, sizeof(status
));
292 if (unlikely(s
!= sizeof(status
))) {
293 virtio_error(vdev
, "virtio-crypto status incorrect");
294 virtqueue_detach_element(vq
, elem
, 0);
297 virtqueue_push(vq
, elem
, sizeof(status
));
298 virtio_notify(vdev
, vq
);
300 case VIRTIO_CRYPTO_HASH_CREATE_SESSION
:
301 case VIRTIO_CRYPTO_MAC_CREATE_SESSION
:
302 case VIRTIO_CRYPTO_AEAD_CREATE_SESSION
:
304 error_report("virtio-crypto unsupported ctrl opcode: %d", opcode
);
305 memset(&input
, 0, sizeof(input
));
306 stl_le_p(&input
.status
, VIRTIO_CRYPTO_NOTSUPP
);
307 s
= iov_from_buf(in_iov
, in_num
, 0, &input
, sizeof(input
));
308 if (unlikely(s
!= sizeof(input
))) {
309 virtio_error(vdev
, "virtio-crypto input incorrect");
310 virtqueue_detach_element(vq
, elem
, 0);
313 virtqueue_push(vq
, elem
, sizeof(input
));
314 virtio_notify(vdev
, vq
);
317 } /* end switch case */
323 static uint64_t virtio_crypto_get_features(VirtIODevice
*vdev
,
330 static void virtio_crypto_reset(VirtIODevice
*vdev
)
332 VirtIOCrypto
*vcrypto
= VIRTIO_CRYPTO(vdev
);
333 /* multiqueue is disabled by default */
334 vcrypto
->curr_queues
= 1;
335 if (!vcrypto
->cryptodev
->ready
) {
336 vcrypto
->status
&= ~VIRTIO_CRYPTO_S_HW_READY
;
338 vcrypto
->status
|= VIRTIO_CRYPTO_S_HW_READY
;
342 static void virtio_crypto_init_config(VirtIODevice
*vdev
)
344 VirtIOCrypto
*vcrypto
= VIRTIO_CRYPTO(vdev
);
346 vcrypto
->conf
.crypto_services
=
347 vcrypto
->conf
.cryptodev
->conf
.crypto_services
;
348 vcrypto
->conf
.cipher_algo_l
=
349 vcrypto
->conf
.cryptodev
->conf
.cipher_algo_l
;
350 vcrypto
->conf
.cipher_algo_h
=
351 vcrypto
->conf
.cryptodev
->conf
.cipher_algo_h
;
352 vcrypto
->conf
.hash_algo
= vcrypto
->conf
.cryptodev
->conf
.hash_algo
;
353 vcrypto
->conf
.mac_algo_l
= vcrypto
->conf
.cryptodev
->conf
.mac_algo_l
;
354 vcrypto
->conf
.mac_algo_h
= vcrypto
->conf
.cryptodev
->conf
.mac_algo_h
;
355 vcrypto
->conf
.aead_algo
= vcrypto
->conf
.cryptodev
->conf
.aead_algo
;
356 vcrypto
->conf
.max_cipher_key_len
=
357 vcrypto
->conf
.cryptodev
->conf
.max_cipher_key_len
;
358 vcrypto
->conf
.max_auth_key_len
=
359 vcrypto
->conf
.cryptodev
->conf
.max_auth_key_len
;
360 vcrypto
->conf
.max_size
= vcrypto
->conf
.cryptodev
->conf
.max_size
;
363 static void virtio_crypto_device_realize(DeviceState
*dev
, Error
**errp
)
365 VirtIODevice
*vdev
= VIRTIO_DEVICE(dev
);
366 VirtIOCrypto
*vcrypto
= VIRTIO_CRYPTO(dev
);
369 vcrypto
->cryptodev
= vcrypto
->conf
.cryptodev
;
370 if (vcrypto
->cryptodev
== NULL
) {
371 error_setg(errp
, "'cryptodev' parameter expects a valid object");
375 vcrypto
->max_queues
= MAX(vcrypto
->cryptodev
->conf
.peers
.queues
, 1);
376 if (vcrypto
->max_queues
+ 1 > VIRTIO_QUEUE_MAX
) {
377 error_setg(errp
, "Invalid number of queues (= %" PRIu32
"), "
378 "must be a postive integer less than %d.",
379 vcrypto
->max_queues
, VIRTIO_QUEUE_MAX
);
383 virtio_init(vdev
, "virtio-crypto", VIRTIO_ID_CRYPTO
, vcrypto
->config_size
);
384 vcrypto
->curr_queues
= 1;
386 for (i
= 0; i
< vcrypto
->max_queues
; i
++) {
387 virtio_add_queue(vdev
, 1024, NULL
);
390 vcrypto
->ctrl_vq
= virtio_add_queue(vdev
, 64, virtio_crypto_handle_ctrl
);
391 if (!vcrypto
->cryptodev
->ready
) {
392 vcrypto
->status
&= ~VIRTIO_CRYPTO_S_HW_READY
;
394 vcrypto
->status
|= VIRTIO_CRYPTO_S_HW_READY
;
397 virtio_crypto_init_config(vdev
);
400 static void virtio_crypto_device_unrealize(DeviceState
*dev
, Error
**errp
)
402 VirtIODevice
*vdev
= VIRTIO_DEVICE(dev
);
404 virtio_cleanup(vdev
);
407 static const VMStateDescription vmstate_virtio_crypto
= {
408 .name
= "virtio-crypto",
409 .minimum_version_id
= VIRTIO_CRYPTO_VM_VERSION
,
410 .version_id
= VIRTIO_CRYPTO_VM_VERSION
,
411 .fields
= (VMStateField
[]) {
412 VMSTATE_VIRTIO_DEVICE
,
413 VMSTATE_END_OF_LIST()
417 static Property virtio_crypto_properties
[] = {
418 DEFINE_PROP_END_OF_LIST(),
421 static void virtio_crypto_get_config(VirtIODevice
*vdev
, uint8_t *config
)
423 VirtIOCrypto
*c
= VIRTIO_CRYPTO(vdev
);
424 struct virtio_crypto_config crypto_cfg
;
427 * Virtio-crypto device conforms to VIRTIO 1.0 which is always LE,
428 * so we can use LE accessors directly.
430 stl_le_p(&crypto_cfg
.status
, c
->status
);
431 stl_le_p(&crypto_cfg
.max_dataqueues
, c
->max_queues
);
432 stl_le_p(&crypto_cfg
.crypto_services
, c
->conf
.crypto_services
);
433 stl_le_p(&crypto_cfg
.cipher_algo_l
, c
->conf
.cipher_algo_l
);
434 stl_le_p(&crypto_cfg
.cipher_algo_h
, c
->conf
.cipher_algo_h
);
435 stl_le_p(&crypto_cfg
.hash_algo
, c
->conf
.hash_algo
);
436 stl_le_p(&crypto_cfg
.mac_algo_l
, c
->conf
.mac_algo_l
);
437 stl_le_p(&crypto_cfg
.mac_algo_h
, c
->conf
.mac_algo_h
);
438 stl_le_p(&crypto_cfg
.aead_algo
, c
->conf
.aead_algo
);
439 stl_le_p(&crypto_cfg
.max_cipher_key_len
, c
->conf
.max_cipher_key_len
);
440 stl_le_p(&crypto_cfg
.max_auth_key_len
, c
->conf
.max_auth_key_len
);
441 stq_le_p(&crypto_cfg
.max_size
, c
->conf
.max_size
);
443 memcpy(config
, &crypto_cfg
, c
->config_size
);
446 static void virtio_crypto_class_init(ObjectClass
*klass
, void *data
)
448 DeviceClass
*dc
= DEVICE_CLASS(klass
);
449 VirtioDeviceClass
*vdc
= VIRTIO_DEVICE_CLASS(klass
);
451 dc
->props
= virtio_crypto_properties
;
452 dc
->vmsd
= &vmstate_virtio_crypto
;
453 set_bit(DEVICE_CATEGORY_MISC
, dc
->categories
);
454 vdc
->realize
= virtio_crypto_device_realize
;
455 vdc
->unrealize
= virtio_crypto_device_unrealize
;
456 vdc
->get_config
= virtio_crypto_get_config
;
457 vdc
->get_features
= virtio_crypto_get_features
;
458 vdc
->reset
= virtio_crypto_reset
;
461 static void virtio_crypto_instance_init(Object
*obj
)
463 VirtIOCrypto
*vcrypto
= VIRTIO_CRYPTO(obj
);
466 * The default config_size is sizeof(struct virtio_crypto_config).
467 * Can be overriden with virtio_crypto_set_config_size.
469 vcrypto
->config_size
= sizeof(struct virtio_crypto_config
);
471 object_property_add_link(obj
, "cryptodev",
472 TYPE_CRYPTODEV_BACKEND
,
473 (Object
**)&vcrypto
->conf
.cryptodev
,
474 qdev_prop_allow_set_link_before_realize
,
475 OBJ_PROP_LINK_UNREF_ON_RELEASE
, NULL
);
478 static const TypeInfo virtio_crypto_info
= {
479 .name
= TYPE_VIRTIO_CRYPTO
,
480 .parent
= TYPE_VIRTIO_DEVICE
,
481 .instance_size
= sizeof(VirtIOCrypto
),
482 .instance_init
= virtio_crypto_instance_init
,
483 .class_init
= virtio_crypto_class_init
,
486 static void virtio_register_types(void)
488 type_register_static(&virtio_crypto_info
);
491 type_init(virtio_register_types
)