[qemu.git] / crypto / cipher-afalg.c

/*
 * QEMU Crypto af_alg-backend cipher support
 *
 * Copyright (c) 2017 HUAWEI TECHNOLOGIES CO., LTD.
 *
 * Authors:
 *    Longpeng(Mike) <[email protected]>
 *
 * This work is licensed under the terms of the GNU GPL, version 2 or
 * (at your option) any later version.  See the COPYING file in the
 * top-level directory.
 */
#include "qemu/osdep.h"
#include "qemu/sockets.h"
#include "qemu-common.h"
#include "qapi/error.h"
#include "crypto/cipher.h"
#include "cipherpriv.h"


static char *
qcrypto_afalg_cipher_format_name(QCryptoCipherAlgorithm alg,
                                 QCryptoCipherMode mode,
                                 Error **errp)
{
    char *name;
    const char *alg_name;
    const char *mode_name;

    switch (alg) {
    case QCRYPTO_CIPHER_ALG_AES_128:
    case QCRYPTO_CIPHER_ALG_AES_192:
    case QCRYPTO_CIPHER_ALG_AES_256:
        alg_name = "aes";
        break;
    case QCRYPTO_CIPHER_ALG_CAST5_128:
        alg_name = "cast5";
        break;
    case QCRYPTO_CIPHER_ALG_SERPENT_128:
    case QCRYPTO_CIPHER_ALG_SERPENT_192:
    case QCRYPTO_CIPHER_ALG_SERPENT_256:
        alg_name = "serpent";
        break;
    case QCRYPTO_CIPHER_ALG_TWOFISH_128:
    case QCRYPTO_CIPHER_ALG_TWOFISH_192:
    case QCRYPTO_CIPHER_ALG_TWOFISH_256:
        alg_name = "twofish";
        break;

    default:
        error_setg(errp, "Unsupported cipher algorithm %d", alg);
        return NULL;
    }

    mode_name = QCryptoCipherMode_str(mode);
    name = g_strdup_printf("%s(%s)", mode_name, alg_name);

    return name;
}

QCryptoAFAlg *
qcrypto_afalg_cipher_ctx_new(QCryptoCipherAlgorithm alg,
                             QCryptoCipherMode mode,
                             const uint8_t *key,
                             size_t nkey, Error **errp)
{
    QCryptoAFAlg *afalg;
    size_t expect_niv;
    char *name;

    name = qcrypto_afalg_cipher_format_name(alg, mode, errp);
    if (!name) {
        return NULL;
    }

    afalg = qcrypto_afalg_comm_alloc(AFALG_TYPE_CIPHER, name, errp);
    if (!afalg) {
        g_free(name);
        return NULL;
    }

    g_free(name);

    /* setkey */
    if (qemu_setsockopt(afalg->tfmfd, SOL_ALG, ALG_SET_KEY, key,
                        nkey) != 0) {
        error_setg_errno(errp, errno, "Set key failed");
        qcrypto_afalg_comm_free(afalg);
        return NULL;
    }

    /* prepare msg header */
    afalg->msg = g_new0(struct msghdr, 1);
    afalg->msg->msg_controllen += CMSG_SPACE(ALG_OPTYPE_LEN);
    expect_niv = qcrypto_cipher_get_iv_len(alg, mode);
    if (expect_niv) {
        afalg->msg->msg_controllen += CMSG_SPACE(ALG_MSGIV_LEN(expect_niv));
    }
    afalg->msg->msg_control = g_new0(uint8_t, afalg->msg->msg_controllen);

    /* We use 1st msghdr for crypto-info and 2nd msghdr for IV-info */
    afalg->cmsg = CMSG_FIRSTHDR(afalg->msg);
    afalg->cmsg->cmsg_type = ALG_SET_OP;
    afalg->cmsg->cmsg_len = CMSG_SPACE(ALG_OPTYPE_LEN);
    if (expect_niv) {
        afalg->cmsg = CMSG_NXTHDR(afalg->msg, afalg->cmsg);
        afalg->cmsg->cmsg_type = ALG_SET_IV;
        afalg->cmsg->cmsg_len = CMSG_SPACE(ALG_MSGIV_LEN(expect_niv));
    }
    afalg->cmsg = CMSG_FIRSTHDR(afalg->msg);

    return afalg;
}

static int
qcrypto_afalg_cipher_setiv(QCryptoCipher *cipher,
                           const uint8_t *iv,
                           size_t niv, Error **errp)
{
    struct af_alg_iv *alg_iv;
    size_t expect_niv;
    QCryptoAFAlg *afalg = cipher->opaque;

    expect_niv = qcrypto_cipher_get_iv_len(cipher->alg, cipher->mode);
    if (niv != expect_niv) {
        error_setg(errp, "Set IV len(%zu) not match expected(%zu)",
                   niv, expect_niv);
        return -1;
    }

    /* move ->cmsg to next msghdr, for IV-info */
    afalg->cmsg = CMSG_NXTHDR(afalg->msg, afalg->cmsg);

    /* build setiv msg */
    afalg->cmsg->cmsg_level = SOL_ALG;
    alg_iv = (struct af_alg_iv *)CMSG_DATA(afalg->cmsg);
    alg_iv->ivlen = niv;
    memcpy(alg_iv->iv, iv, niv);

    return 0;
}

static int
qcrypto_afalg_cipher_op(QCryptoAFAlg *afalg,
                        const void *in, void *out,
                        size_t len, bool do_encrypt,
                        Error **errp)
{
    uint32_t *type = NULL;
    struct iovec iov;
    size_t ret, rlen, done = 0;
    uint32_t origin_controllen;

    origin_controllen = afalg->msg->msg_controllen;
    /* movev ->cmsg to first header, for crypto-info */
    afalg->cmsg = CMSG_FIRSTHDR(afalg->msg);

    /* build encrypt msg */
    afalg->cmsg->cmsg_level = SOL_ALG;
    afalg->msg->msg_iov = &iov;
    afalg->msg->msg_iovlen = 1;
    type = (uint32_t *)CMSG_DATA(afalg->cmsg);
    if (do_encrypt) {
        *type = ALG_OP_ENCRYPT;
    } else {
        *type = ALG_OP_DECRYPT;
    }

    do {
        iov.iov_base = (void *)in + done;
        iov.iov_len = len - done;

        /* send info to AF_ALG core */
        ret = sendmsg(afalg->opfd, afalg->msg, 0);
        if (ret == -1) {
            error_setg_errno(errp, errno, "Send data to AF_ALG core failed");
            return -1;
        }

        /* encrypto && get result */
        rlen = read(afalg->opfd, out, ret);
        if (rlen == -1) {
            error_setg_errno(errp, errno, "Get result from AF_ALG core failed");
            return -1;
        }
        assert(rlen == ret);

        /* do not update IV for following chunks */
        afalg->msg->msg_controllen = 0;
        done += ret;
    } while (done < len);

    afalg->msg->msg_controllen = origin_controllen;

    return 0;
}

static int
qcrypto_afalg_cipher_encrypt(QCryptoCipher *cipher,
                             const void *in, void *out,
                             size_t len, Error **errp)
{
    return qcrypto_afalg_cipher_op(cipher->opaque, in, out,
                                   len, true, errp);
}

static int
qcrypto_afalg_cipher_decrypt(QCryptoCipher *cipher,
                             const void *in, void *out,
                             size_t len, Error **errp)
{
    return qcrypto_afalg_cipher_op(cipher->opaque, in, out,
                                   len, false, errp);
}

static void qcrypto_afalg_comm_ctx_free(QCryptoCipher *cipher)
{
    qcrypto_afalg_comm_free(cipher->opaque);
}

struct QCryptoCipherDriver qcrypto_cipher_afalg_driver = {
    .cipher_encrypt = qcrypto_afalg_cipher_encrypt,
    .cipher_decrypt = qcrypto_afalg_cipher_decrypt,
    .cipher_setiv = qcrypto_afalg_cipher_setiv,
    .cipher_free = qcrypto_afalg_comm_ctx_free,
};
Commit	Line	Data
25c60df3 LM	1	/*
	2	* QEMU Crypto af_alg-backend cipher support
	3	*
	4	* Copyright (c) 2017 HUAWEI TECHNOLOGIES CO., LTD.
	5	*
	6	* Authors:
	7	* Longpeng(Mike) <[email protected]>
	8	*
	9	* This work is licensed under the terms of the GNU GPL, version 2 or
	10	* (at your option) any later version. See the COPYING file in the
	11	* top-level directory.
	12	*/
	13	#include "qemu/osdep.h"
	14	#include "qemu/sockets.h"
	15	#include "qemu-common.h"
	16	#include "qapi/error.h"
	17	#include "crypto/cipher.h"
	18	#include "cipherpriv.h"
	19
	20
	21	static char *
	22	qcrypto_afalg_cipher_format_name(QCryptoCipherAlgorithm alg,
	23	QCryptoCipherMode mode,
	24	Error **errp)
	25	{
	26	char *name;
	27	const char *alg_name;
	28	const char *mode_name;
	29
	30	switch (alg) {
	31	case QCRYPTO_CIPHER_ALG_AES_128:
	32	case QCRYPTO_CIPHER_ALG_AES_192:
	33	case QCRYPTO_CIPHER_ALG_AES_256:
	34	alg_name = "aes";
	35	break;
	36	case QCRYPTO_CIPHER_ALG_CAST5_128:
	37	alg_name = "cast5";
	38	break;
	39	case QCRYPTO_CIPHER_ALG_SERPENT_128:
	40	case QCRYPTO_CIPHER_ALG_SERPENT_192:
	41	case QCRYPTO_CIPHER_ALG_SERPENT_256:
	42	alg_name = "serpent";
	43	break;
	44	case QCRYPTO_CIPHER_ALG_TWOFISH_128:
	45	case QCRYPTO_CIPHER_ALG_TWOFISH_192:
	46	case QCRYPTO_CIPHER_ALG_TWOFISH_256:
	47	alg_name = "twofish";
	48	break;
	49
	50	default:
	51	error_setg(errp, "Unsupported cipher algorithm %d", alg);
	52	return NULL;
	53	}
	54
977c736f	55	mode_name = QCryptoCipherMode_str(mode);
25c60df3 LM	56	name = g_strdup_printf("%s(%s)", mode_name, alg_name);
	57
	58	return name;
	59	}
	60
	61	QCryptoAFAlg *
	62	qcrypto_afalg_cipher_ctx_new(QCryptoCipherAlgorithm alg,
	63	QCryptoCipherMode mode,
	64	const uint8_t *key,
	65	size_t nkey, Error **errp)
	66	{
	67	QCryptoAFAlg *afalg;
	68	size_t expect_niv;
	69	char *name;
	70
	71	name = qcrypto_afalg_cipher_format_name(alg, mode, errp);
	72	if (!name) {
	73	return NULL;
	74	}
	75
	76	afalg = qcrypto_afalg_comm_alloc(AFALG_TYPE_CIPHER, name, errp);
	77	if (!afalg) {
	78	g_free(name);
	79	return NULL;
	80	}
	81
	82	g_free(name);
	83
	84	/* setkey */
	85	if (qemu_setsockopt(afalg->tfmfd, SOL_ALG, ALG_SET_KEY, key,
	86	nkey) != 0) {
	87	error_setg_errno(errp, errno, "Set key failed");
	88	qcrypto_afalg_comm_free(afalg);
	89	return NULL;
	90	}
	91
	92	/* prepare msg header */
	93	afalg->msg = g_new0(struct msghdr, 1);
	94	afalg->msg->msg_controllen += CMSG_SPACE(ALG_OPTYPE_LEN);
	95	expect_niv = qcrypto_cipher_get_iv_len(alg, mode);
	96	if (expect_niv) {
	97	afalg->msg->msg_controllen += CMSG_SPACE(ALG_MSGIV_LEN(expect_niv));
	98	}
	99	afalg->msg->msg_control = g_new0(uint8_t, afalg->msg->msg_controllen);
	100
	101	/* We use 1st msghdr for crypto-info and 2nd msghdr for IV-info */
	102	afalg->cmsg = CMSG_FIRSTHDR(afalg->msg);
	103	afalg->cmsg->cmsg_type = ALG_SET_OP;
	104	afalg->cmsg->cmsg_len = CMSG_SPACE(ALG_OPTYPE_LEN);
	105	if (expect_niv) {
	106	afalg->cmsg = CMSG_NXTHDR(afalg->msg, afalg->cmsg);
	107	afalg->cmsg->cmsg_type = ALG_SET_IV;
	108	afalg->cmsg->cmsg_len = CMSG_SPACE(ALG_MSGIV_LEN(expect_niv));
	109	}
	110	afalg->cmsg = CMSG_FIRSTHDR(afalg->msg);
	111
	112	return afalg;
	113	}
	114
	115	static int
	116	qcrypto_afalg_cipher_setiv(QCryptoCipher *cipher,
	117	const uint8_t *iv,
	118	size_t niv, Error **errp)
	119	{
120	struct af_alg_iv *alg_iv;
121	size_t expect_niv;
122	QCryptoAFAlg *afalg = cipher->opaque;
123
124	expect_niv = qcrypto_cipher_get_iv_len(cipher->alg, cipher->mode);
125	if (niv != expect_niv) {
126	error_setg(errp, "Set IV len(%zu) not match expected(%zu)",
127	niv, expect_niv);
128	return -1;
129	}
130
131	/* move ->cmsg to next msghdr, for IV-info */
132	afalg->cmsg = CMSG_NXTHDR(afalg->msg, afalg->cmsg);
133
134	/* build setiv msg */
135	afalg->cmsg->cmsg_level = SOL_ALG;
136	alg_iv = (struct af_alg_iv *)CMSG_DATA(afalg->cmsg);
137	alg_iv->ivlen = niv;
138	memcpy(alg_iv->iv, iv, niv);
139
140	return 0;
141	}
142
143	static int
144	qcrypto_afalg_cipher_op(QCryptoAFAlg *afalg,
145	const void in, void out,
146	size_t len, bool do_encrypt,
147	Error **errp)
148	{
149	uint32_t *type = NULL;
150	struct iovec iov;
151	size_t ret, rlen, done = 0;
152	uint32_t origin_controllen;
153
154	origin_controllen = afalg->msg->msg_controllen;
155	/* movev ->cmsg to first header, for crypto-info */
156	afalg->cmsg = CMSG_FIRSTHDR(afalg->msg);
157
158	/* build encrypt msg */
159	afalg->cmsg->cmsg_level = SOL_ALG;
160	afalg->msg->msg_iov = &iov;
161	afalg->msg->msg_iovlen = 1;
162	type = (uint32_t *)CMSG_DATA(afalg->cmsg);
163	if (do_encrypt) {
164	*type = ALG_OP_ENCRYPT;
165	} else {
166	*type = ALG_OP_DECRYPT;
167	}
168
169	do {
170	iov.iov_base = (void *)in + done;
171	iov.iov_len = len - done;
172
173	/* send info to AF_ALG core */
174	ret = sendmsg(afalg->opfd, afalg->msg, 0);
175	if (ret == -1) {
176	error_setg_errno(errp, errno, "Send data to AF_ALG core failed");
177	return -1;
178	}
179
180	/* encrypto && get result */
181	rlen = read(afalg->opfd, out, ret);
182	if (rlen == -1) {
183	error_setg_errno(errp, errno, "Get result from AF_ALG core failed");
184	return -1;
185	}
186	assert(rlen == ret);
187
188	/* do not update IV for following chunks */
189	afalg->msg->msg_controllen = 0;
190	done += ret;
191	} while (done < len);
192
193	afalg->msg->msg_controllen = origin_controllen;
194
195	return 0;
196	}
197
198	static int
199	qcrypto_afalg_cipher_encrypt(QCryptoCipher *cipher,
200	const void in, void out,
201	size_t len, Error **errp)
202	{
203	return qcrypto_afalg_cipher_op(cipher->opaque, in, out,
204	len, true, errp);
205	}
206
207	static int
208	qcrypto_afalg_cipher_decrypt(QCryptoCipher *cipher,
209	const void in, void out,
210	size_t len, Error **errp)
211	{
212	return qcrypto_afalg_cipher_op(cipher->opaque, in, out,
213	len, false, errp);
214	}
215
216	static void qcrypto_afalg_comm_ctx_free(QCryptoCipher *cipher)
217	{
218	qcrypto_afalg_comm_free(cipher->opaque);
219	}
220
221	struct QCryptoCipherDriver qcrypto_cipher_afalg_driver = {
222	.cipher_encrypt = qcrypto_afalg_cipher_encrypt,
223	.cipher_decrypt = qcrypto_afalg_cipher_decrypt,
224	.cipher_setiv = qcrypto_afalg_cipher_setiv,
225	.cipher_free = qcrypto_afalg_comm_ctx_free,
226	};