mirror of
https://gitlab.com/qemu-project/qemu
synced 2024-10-01 16:53:46 +00:00
cryptodev-vhost-user: add asymmetric crypto support
Add asymmetric crypto support in vhost_user backend. Signed-off-by: Gowrishankar Muthukrishnan <gmuthukrishn@marvell.com> Message-Id: <20230516083139.2349744-1-gmuthukrishn@marvell.com> Reviewed-by: Michael S. Tsirkin <mst@redhat.com> Signed-off-by: Michael S. Tsirkin <mst@redhat.com>
This commit is contained in:
Gowrishankar Muthukrishnan
Michael S. Tsirkin
parent
bafe030832
commit
5c33f9783a
|
|
@ -232,9 +232,9 @@ static void cryptodev_vhost_user_init(
|
||||||
backend->conf.max_auth_key_len = VHOST_USER_MAX_AUTH_KEY_LEN;
|
backend->conf.max_auth_key_len = VHOST_USER_MAX_AUTH_KEY_LEN;
|
||||||
}
|
}
|
||||||
|
|
||||||
static int64_t cryptodev_vhost_user_sym_create_session(
|
static int64_t cryptodev_vhost_user_crypto_create_session(
|
||||||
CryptoDevBackend *backend,
|
CryptoDevBackend *backend,
|
||||||
CryptoDevBackendSymSessionInfo *sess_info,
|
CryptoDevBackendSessionInfo *sess_info,
|
||||||
uint32_t queue_index, Error **errp)
|
uint32_t queue_index, Error **errp)
|
||||||
{
|
{
|
||||||
CryptoDevBackendClient *cc =
|
CryptoDevBackendClient *cc =
|
||||||
|
|
@ -266,18 +266,17 @@ static int cryptodev_vhost_user_create_session(
|
||||||
void *opaque)
|
void *opaque)
|
||||||
{
|
{
|
||||||
uint32_t op_code = sess_info->op_code;
|
uint32_t op_code = sess_info->op_code;
|
||||||
CryptoDevBackendSymSessionInfo *sym_sess_info;
|
|
||||||
int64_t ret;
|
int64_t ret;
|
||||||
Error *local_error = NULL;
|
Error *local_error = NULL;
|
||||||
int status;
|
int status;
|
||||||
|
|
||||||
switch (op_code) {
|
switch (op_code) {
|
||||||
case VIRTIO_CRYPTO_CIPHER_CREATE_SESSION:
|
case VIRTIO_CRYPTO_CIPHER_CREATE_SESSION:
|
||||||
|
case VIRTIO_CRYPTO_AKCIPHER_CREATE_SESSION:
|
||||||
case VIRTIO_CRYPTO_HASH_CREATE_SESSION:
|
case VIRTIO_CRYPTO_HASH_CREATE_SESSION:
|
||||||
case VIRTIO_CRYPTO_MAC_CREATE_SESSION:
|
case VIRTIO_CRYPTO_MAC_CREATE_SESSION:
|
||||||
case VIRTIO_CRYPTO_AEAD_CREATE_SESSION:
|
case VIRTIO_CRYPTO_AEAD_CREATE_SESSION:
|
||||||
sym_sess_info = &sess_info->u.sym_sess_info;
|
ret = cryptodev_vhost_user_crypto_create_session(backend, sess_info,
|
||||||
ret = cryptodev_vhost_user_sym_create_session(backend, sym_sess_info,
|
|
||||||
queue_index, &local_error);
|
queue_index, &local_error);
|
||||||
break;
|
break;
|
||||||
|
|
||||||
|
|
|
||||||
|
|
@ -11,6 +11,7 @@
|
||||||
#include "qemu/osdep.h"
|
#include "qemu/osdep.h"
|
||||||
#include "qapi/error.h"
|
#include "qapi/error.h"
|
||||||
#include "hw/virtio/vhost.h"
|
#include "hw/virtio/vhost.h"
|
||||||
|
#include "hw/virtio/virtio-crypto.h"
|
||||||
#include "hw/virtio/vhost-user.h"
|
#include "hw/virtio/vhost-user.h"
|
||||||
#include "hw/virtio/vhost-backend.h"
|
#include "hw/virtio/vhost-backend.h"
|
||||||
#include "hw/virtio/virtio.h"
|
#include "hw/virtio/virtio.h"
|
||||||
|
|
@ -163,13 +164,24 @@ typedef struct VhostUserConfig {
|
||||||
|
|
||||||
#define VHOST_CRYPTO_SYM_HMAC_MAX_KEY_LEN 512
|
#define VHOST_CRYPTO_SYM_HMAC_MAX_KEY_LEN 512
|
||||||
#define VHOST_CRYPTO_SYM_CIPHER_MAX_KEY_LEN 64
|
#define VHOST_CRYPTO_SYM_CIPHER_MAX_KEY_LEN 64
|
||||||
|
#define VHOST_CRYPTO_ASYM_MAX_KEY_LEN 1024
|
||||||
|
|
||||||
typedef struct VhostUserCryptoSession {
|
typedef struct VhostUserCryptoSession {
|
||||||
|
uint64_t op_code;
|
||||||
|
union {
|
||||||
|
struct {
|
||||||
|
CryptoDevBackendSymSessionInfo session_setup_data;
|
||||||
|
uint8_t key[VHOST_CRYPTO_SYM_CIPHER_MAX_KEY_LEN];
|
||||||
|
uint8_t auth_key[VHOST_CRYPTO_SYM_HMAC_MAX_KEY_LEN];
|
||||||
|
} sym;
|
||||||
|
struct {
|
||||||
|
CryptoDevBackendAsymSessionInfo session_setup_data;
|
||||||
|
uint8_t key[VHOST_CRYPTO_ASYM_MAX_KEY_LEN];
|
||||||
|
} asym;
|
||||||
|
} u;
|
||||||
|
|
||||||
/* session id for success, -1 on errors */
|
/* session id for success, -1 on errors */
|
||||||
int64_t session_id;
|
int64_t session_id;
|
||||||
CryptoDevBackendSymSessionInfo session_setup_data;
|
|
||||||
uint8_t key[VHOST_CRYPTO_SYM_CIPHER_MAX_KEY_LEN];
|
|
||||||
uint8_t auth_key[VHOST_CRYPTO_SYM_HMAC_MAX_KEY_LEN];
|
|
||||||
} VhostUserCryptoSession;
|
} VhostUserCryptoSession;
|
||||||
|
|
||||||
static VhostUserConfig c __attribute__ ((unused));
|
static VhostUserConfig c __attribute__ ((unused));
|
||||||
|
|
@ -2357,7 +2369,7 @@ static int vhost_user_crypto_create_session(struct vhost_dev *dev,
|
||||||
int ret;
|
int ret;
|
||||||
bool crypto_session = virtio_has_feature(dev->protocol_features,
|
bool crypto_session = virtio_has_feature(dev->protocol_features,
|
||||||
VHOST_USER_PROTOCOL_F_CRYPTO_SESSION);
|
VHOST_USER_PROTOCOL_F_CRYPTO_SESSION);
|
||||||
CryptoDevBackendSymSessionInfo *sess_info = session_info;
|
CryptoDevBackendSessionInfo *backend_info = session_info;
|
||||||
VhostUserMsg msg = {
|
VhostUserMsg msg = {
|
||||||
.hdr.request = VHOST_USER_CREATE_CRYPTO_SESSION,
|
.hdr.request = VHOST_USER_CREATE_CRYPTO_SESSION,
|
||||||
.hdr.flags = VHOST_USER_VERSION,
|
.hdr.flags = VHOST_USER_VERSION,
|
||||||
|
|
@ -2371,16 +2383,53 @@ static int vhost_user_crypto_create_session(struct vhost_dev *dev,
|
||||||
return -ENOTSUP;
|
return -ENOTSUP;
|
||||||
}
|
}
|
||||||
|
|
||||||
memcpy(&msg.payload.session.session_setup_data, sess_info,
|
if (backend_info->op_code == VIRTIO_CRYPTO_AKCIPHER_CREATE_SESSION) {
|
||||||
sizeof(CryptoDevBackendSymSessionInfo));
|
CryptoDevBackendAsymSessionInfo *sess = &backend_info->u.asym_sess_info;
|
||||||
if (sess_info->key_len) {
|
size_t keylen;
|
||||||
memcpy(&msg.payload.session.key, sess_info->cipher_key,
|
|
||||||
sess_info->key_len);
|
memcpy(&msg.payload.session.u.asym.session_setup_data, sess,
|
||||||
}
|
sizeof(CryptoDevBackendAsymSessionInfo));
|
||||||
if (sess_info->auth_key_len > 0) {
|
if (sess->keylen) {
|
||||||
memcpy(&msg.payload.session.auth_key, sess_info->auth_key,
|
keylen = sizeof(msg.payload.session.u.asym.key);
|
||||||
sess_info->auth_key_len);
|
if (sess->keylen > keylen) {
|
||||||
|
error_report("Unsupported asymmetric key size");
|
||||||
|
return -ENOTSUP;
|
||||||
|
}
|
||||||
|
|
||||||
|
memcpy(&msg.payload.session.u.asym.key, sess->key,
|
||||||
|
sess->keylen);
|
||||||
|
}
|
||||||
|
} else {
|
||||||
|
CryptoDevBackendSymSessionInfo *sess = &backend_info->u.sym_sess_info;
|
||||||
|
size_t keylen;
|
||||||
|
|
||||||
|
memcpy(&msg.payload.session.u.sym.session_setup_data, sess,
|
||||||
|
sizeof(CryptoDevBackendSymSessionInfo));
|
||||||
|
if (sess->key_len) {
|
||||||
|
keylen = sizeof(msg.payload.session.u.sym.key);
|
||||||
|
if (sess->key_len > keylen) {
|
||||||
|
error_report("Unsupported cipher key size");
|
||||||
|
return -ENOTSUP;
|
||||||
|
}
|
||||||
|
|
||||||
|
memcpy(&msg.payload.session.u.sym.key, sess->cipher_key,
|
||||||
|
sess->key_len);
|
||||||
|
}
|
||||||
|
|
||||||
|
if (sess->auth_key_len > 0) {
|
||||||
|
keylen = sizeof(msg.payload.session.u.sym.auth_key);
|
||||||
|
if (sess->auth_key_len > keylen) {
|
||||||
|
error_report("Unsupported auth key size");
|
||||||
|
return -ENOTSUP;
|
||||||
|
}
|
||||||
|
|
||||||
|
memcpy(&msg.payload.session.u.sym.auth_key, sess->auth_key,
|
||||||
|
sess->auth_key_len);
|
||||||
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
|
msg.payload.session.op_code = backend_info->op_code;
|
||||||
|
msg.payload.session.session_id = backend_info->session_id;
|
||||||
ret = vhost_user_write(dev, &msg, NULL, 0);
|
ret = vhost_user_write(dev, &msg, NULL, 0);
|
||||||
if (ret < 0) {
|
if (ret < 0) {
|
||||||
error_report("vhost_user_write() return %d, create session failed",
|
error_report("vhost_user_write() return %d, create session failed",
|
||||||
|
|
|
||||||
Loading…
Reference in a new issue