qemu/crypto/cipher-afalg.c

227 lines
6.3 KiB
C

/*
* QEMU Crypto af_alg-backend cipher support
*
* Copyright (c) 2017 HUAWEI TECHNOLOGIES CO., LTD.
*
* Authors:
* Longpeng(Mike) <longpeng2@huawei.com>
*
* This work is licensed under the terms of the GNU GPL, version 2 or
* (at your option) any later version. See the COPYING file in the
* top-level directory.
*/
#include "qemu/osdep.h"
#include "qemu/sockets.h"
#include "qemu-common.h"
#include "qapi/error.h"
#include "crypto/cipher.h"
#include "cipherpriv.h"
static char *
qcrypto_afalg_cipher_format_name(QCryptoCipherAlgorithm alg,
QCryptoCipherMode mode,
Error **errp)
{
char *name;
const char *alg_name;
const char *mode_name;
switch (alg) {
case QCRYPTO_CIPHER_ALG_AES_128:
case QCRYPTO_CIPHER_ALG_AES_192:
case QCRYPTO_CIPHER_ALG_AES_256:
alg_name = "aes";
break;
case QCRYPTO_CIPHER_ALG_CAST5_128:
alg_name = "cast5";
break;
case QCRYPTO_CIPHER_ALG_SERPENT_128:
case QCRYPTO_CIPHER_ALG_SERPENT_192:
case QCRYPTO_CIPHER_ALG_SERPENT_256:
alg_name = "serpent";
break;
case QCRYPTO_CIPHER_ALG_TWOFISH_128:
case QCRYPTO_CIPHER_ALG_TWOFISH_192:
case QCRYPTO_CIPHER_ALG_TWOFISH_256:
alg_name = "twofish";
break;
default:
error_setg(errp, "Unsupported cipher algorithm %d", alg);
return NULL;
}
mode_name = QCryptoCipherMode_str(mode);
name = g_strdup_printf("%s(%s)", mode_name, alg_name);
return name;
}
QCryptoAFAlg *
qcrypto_afalg_cipher_ctx_new(QCryptoCipherAlgorithm alg,
QCryptoCipherMode mode,
const uint8_t *key,
size_t nkey, Error **errp)
{
QCryptoAFAlg *afalg;
size_t expect_niv;
char *name;
name = qcrypto_afalg_cipher_format_name(alg, mode, errp);
if (!name) {
return NULL;
}
afalg = qcrypto_afalg_comm_alloc(AFALG_TYPE_CIPHER, name, errp);
if (!afalg) {
g_free(name);
return NULL;
}
g_free(name);
/* setkey */
if (qemu_setsockopt(afalg->tfmfd, SOL_ALG, ALG_SET_KEY, key,
nkey) != 0) {
error_setg_errno(errp, errno, "Set key failed");
qcrypto_afalg_comm_free(afalg);
return NULL;
}
/* prepare msg header */
afalg->msg = g_new0(struct msghdr, 1);
afalg->msg->msg_controllen += CMSG_SPACE(ALG_OPTYPE_LEN);
expect_niv = qcrypto_cipher_get_iv_len(alg, mode);
if (expect_niv) {
afalg->msg->msg_controllen += CMSG_SPACE(ALG_MSGIV_LEN(expect_niv));
}
afalg->msg->msg_control = g_new0(uint8_t, afalg->msg->msg_controllen);
/* We use 1st msghdr for crypto-info and 2nd msghdr for IV-info */
afalg->cmsg = CMSG_FIRSTHDR(afalg->msg);
afalg->cmsg->cmsg_type = ALG_SET_OP;
afalg->cmsg->cmsg_len = CMSG_SPACE(ALG_OPTYPE_LEN);
if (expect_niv) {
afalg->cmsg = CMSG_NXTHDR(afalg->msg, afalg->cmsg);
afalg->cmsg->cmsg_type = ALG_SET_IV;
afalg->cmsg->cmsg_len = CMSG_SPACE(ALG_MSGIV_LEN(expect_niv));
}
afalg->cmsg = CMSG_FIRSTHDR(afalg->msg);
return afalg;
}
static int
qcrypto_afalg_cipher_setiv(QCryptoCipher *cipher,
const uint8_t *iv,
size_t niv, Error **errp)
{
struct af_alg_iv *alg_iv;
size_t expect_niv;
QCryptoAFAlg *afalg = cipher->opaque;
expect_niv = qcrypto_cipher_get_iv_len(cipher->alg, cipher->mode);
if (niv != expect_niv) {
error_setg(errp, "Set IV len(%zu) not match expected(%zu)",
niv, expect_niv);
return -1;
}
/* move ->cmsg to next msghdr, for IV-info */
afalg->cmsg = CMSG_NXTHDR(afalg->msg, afalg->cmsg);
/* build setiv msg */
afalg->cmsg->cmsg_level = SOL_ALG;
alg_iv = (struct af_alg_iv *)CMSG_DATA(afalg->cmsg);
alg_iv->ivlen = niv;
memcpy(alg_iv->iv, iv, niv);
return 0;
}
static int
qcrypto_afalg_cipher_op(QCryptoAFAlg *afalg,
const void *in, void *out,
size_t len, bool do_encrypt,
Error **errp)
{
uint32_t *type = NULL;
struct iovec iov;
size_t ret, rlen, done = 0;
uint32_t origin_controllen;
origin_controllen = afalg->msg->msg_controllen;
/* movev ->cmsg to first header, for crypto-info */
afalg->cmsg = CMSG_FIRSTHDR(afalg->msg);
/* build encrypt msg */
afalg->cmsg->cmsg_level = SOL_ALG;
afalg->msg->msg_iov = &iov;
afalg->msg->msg_iovlen = 1;
type = (uint32_t *)CMSG_DATA(afalg->cmsg);
if (do_encrypt) {
*type = ALG_OP_ENCRYPT;
} else {
*type = ALG_OP_DECRYPT;
}
do {
iov.iov_base = (void *)in + done;
iov.iov_len = len - done;
/* send info to AF_ALG core */
ret = sendmsg(afalg->opfd, afalg->msg, 0);
if (ret == -1) {
error_setg_errno(errp, errno, "Send data to AF_ALG core failed");
return -1;
}
/* encrypto && get result */
rlen = read(afalg->opfd, out, ret);
if (rlen == -1) {
error_setg_errno(errp, errno, "Get result from AF_ALG core failed");
return -1;
}
assert(rlen == ret);
/* do not update IV for following chunks */
afalg->msg->msg_controllen = 0;
done += ret;
} while (done < len);
afalg->msg->msg_controllen = origin_controllen;
return 0;
}
static int
qcrypto_afalg_cipher_encrypt(QCryptoCipher *cipher,
const void *in, void *out,
size_t len, Error **errp)
{
return qcrypto_afalg_cipher_op(cipher->opaque, in, out,
len, true, errp);
}
static int
qcrypto_afalg_cipher_decrypt(QCryptoCipher *cipher,
const void *in, void *out,
size_t len, Error **errp)
{
return qcrypto_afalg_cipher_op(cipher->opaque, in, out,
len, false, errp);
}
static void qcrypto_afalg_comm_ctx_free(QCryptoCipher *cipher)
{
qcrypto_afalg_comm_free(cipher->opaque);
}
struct QCryptoCipherDriver qcrypto_cipher_afalg_driver = {
.cipher_encrypt = qcrypto_afalg_cipher_encrypt,
.cipher_decrypt = qcrypto_afalg_cipher_decrypt,
.cipher_setiv = qcrypto_afalg_cipher_setiv,
.cipher_free = qcrypto_afalg_comm_ctx_free,
};