Adds afalg-backend hmac support: introduces some private APIs
firstly, and then intergrates them into qcrypto_hmac_afalg_driver.
Signed-off-by: Longpeng(Mike) <longpeng2@huawei.com>
---
crypto/hash-afalg.c | 108 +++++++++++++++++++++++++++++++++++++++++++-------
crypto/hmac.c | 27 ++++++++++++-
crypto/hmacpriv.h | 9 +++++
include/crypto/hmac.h | 8 ++++
4 files changed, 136 insertions(+), 16 deletions(-)
diff --git a/crypto/hash-afalg.c b/crypto/hash-afalg.c
index f577c83..0670481 100644
--- a/crypto/hash-afalg.c
+++ b/crypto/hash-afalg.c
@@ -1,5 +1,5 @@
/*
- * QEMU Crypto af_alg-backend hash support
+ * QEMU Crypto af_alg-backend hash/hmac support
*
* Copyright (c) 2017 HUAWEI TECHNOLOGIES CO., LTD.
*
@@ -16,10 +16,13 @@
#include "qemu-common.h"
#include "qapi/error.h"
#include "crypto/hash.h"
+#include "crypto/hmac.h"
#include "hashpriv.h"
+#include "hmacpriv.h"
static char *
qcrypto_afalg_hash_format_name(QCryptoHashAlgorithm alg,
+ bool is_hmac,
Error **errp)
{
char *name;
@@ -55,10 +58,14 @@ qcrypto_afalg_hash_format_name(QCryptoHashAlgorithm alg,
}
name = g_new0(char, SALG_NAME_LEN_MAX);
- ret = snprintf(name, SALG_NAME_LEN_MAX, "%s", alg_name);
+ if (is_hmac) {
+ ret = snprintf(name, SALG_NAME_LEN_MAX, "hmac(%s)", alg_name);
+ } else { /* hash */
+ ret = snprintf(name, SALG_NAME_LEN_MAX, "%s", alg_name);
+ }
if (ret < 0 || ret >= SALG_NAME_LEN_MAX) {
- error_setg(errp, "Build hash name(name='%s') failed",
- alg_name);
+ error_setg(errp, "Build %s name(name='%s') failed",
+ is_hmac ? "hmac" : "hash", alg_name);
g_free(name);
return NULL;
}
@@ -67,12 +74,14 @@ qcrypto_afalg_hash_format_name(QCryptoHashAlgorithm alg,
}
static QCryptoAFAlg *
-qcrypto_afalg_hash_ctx_new(QCryptoHashAlgorithm alg, Error **errp)
+qcrypto_afalg_hash_hmac_ctx_new(QCryptoHashAlgorithm alg,
+ const uint8_t *key, size_t nkey,
+ bool is_hmac, Error **errp)
{
QCryptoAFAlg *afalg;
char *name;
- name = qcrypto_afalg_hash_format_name(alg, errp);
+ name = qcrypto_afalg_hash_format_name(alg, is_hmac, errp);
if (!name) {
return NULL;
}
@@ -84,22 +93,49 @@ qcrypto_afalg_hash_ctx_new(QCryptoHashAlgorithm alg, Error **errp)
}
afalg->name = name;
+ /* HMAC needs setkey */
+ if (is_hmac) {
+ if (qemu_setsockopt(afalg->tfmfd, SOL_ALG, ALG_SET_KEY,
+ key, nkey) != 0) {
+ error_setg_errno(errp, errno, "Set hmac key failed");
+ qcrypto_afalg_comm_free(afalg);
+ return NULL;
+ }
+ }
+
/* prepare msg header */
afalg->msg = g_new0(struct msghdr, 1);
return afalg;
}
+static QCryptoAFAlg *
+qcrypto_afalg_hash_ctx_new(QCryptoHashAlgorithm alg,
+ Error **errp)
+{
+ return qcrypto_afalg_hash_hmac_ctx_new(alg, NULL, 0, false, errp);
+}
+
+QCryptoAFAlg *
+qcrypto_afalg_hmac_ctx_new(QCryptoHashAlgorithm alg,
+ const uint8_t *key, size_t nkey,
+ Error **errp)
+{
+ return qcrypto_afalg_hash_hmac_ctx_new(alg, key, nkey, true, errp);
+}
+
static int
-qcrypto_afalg_hash_bytesv(QCryptoHashAlgorithm alg,
- const struct iovec *iov,
- size_t niov, uint8_t **result,
- size_t *resultlen,
- Error **errp)
+qcrypto_afalg_hash_hmac_bytesv(QCryptoAFAlg *hmac,
+ QCryptoHashAlgorithm alg,
+ const struct iovec *iov,
+ size_t niov, uint8_t **result,
+ size_t *resultlen,
+ Error **errp)
{
QCryptoAFAlg *afalg;
struct iovec outv;
int ret = 0;
+ bool is_hmac = (hmac != NULL) ? true : false;
const int except_len = qcrypto_hash_digest_len(alg);
if (*resultlen == 0) {
@@ -112,9 +148,13 @@ qcrypto_afalg_hash_bytesv(QCryptoHashAlgorithm alg,
return -1;
}
- afalg = qcrypto_afalg_hash_ctx_new(alg, errp);
- if (afalg == NULL) {
- return -1;
+ if (is_hmac) {
+ afalg = hmac;
+ } else {
+ afalg = qcrypto_afalg_hash_ctx_new(alg, errp);
+ if (afalg == NULL) {
+ return -1;
+ }
}
/* send data to kernel's crypto core */
@@ -138,10 +178,48 @@ qcrypto_afalg_hash_bytesv(QCryptoHashAlgorithm alg,
}
out:
- qcrypto_afalg_comm_free(afalg);
+ if (!is_hmac) {
+ qcrypto_afalg_comm_free(afalg);
+ }
return ret;
}
+static int
+qcrypto_afalg_hash_bytesv(QCryptoHashAlgorithm alg,
+ const struct iovec *iov,
+ size_t niov, uint8_t **result,
+ size_t *resultlen,
+ Error **errp)
+{
+ return qcrypto_afalg_hash_hmac_bytesv(NULL, alg, iov, niov, result,
+ resultlen, errp);
+}
+
+static int
+qcrypto_afalg_hmac_bytesv(QCryptoHmac *hmac,
+ const struct iovec *iov,
+ size_t niov, uint8_t **result,
+ size_t *resultlen,
+ Error **errp)
+{
+ return qcrypto_afalg_hash_hmac_bytesv(hmac->opaque, hmac->alg,
+ iov, niov, result, resultlen,
+ errp);
+}
+
+static void qcrypto_afalg_hmac_ctx_free(QCryptoHmac *hmac)
+{
+ QCryptoAFAlg *afalg;
+
+ afalg = hmac->opaque;
+ qcrypto_afalg_comm_free(afalg);
+}
+
QCryptoHashDriver qcrypto_hash_afalg_driver = {
.hash_bytesv = qcrypto_afalg_hash_bytesv,
};
+
+QCryptoHmacDriver qcrypto_hmac_afalg_driver = {
+ .hmac_bytesv = qcrypto_afalg_hmac_bytesv,
+ .hmac_free = qcrypto_afalg_hmac_ctx_free,
+};
diff --git a/crypto/hmac.c b/crypto/hmac.c
index d040fbb..0a1a6e7 100644
--- a/crypto/hmac.c
+++ b/crypto/hmac.c
@@ -90,16 +90,32 @@ QCryptoHmac *qcrypto_hmac_new(QCryptoHashAlgorithm alg,
{
QCryptoHmac *hmac;
void *ctx;
+ Error *err2 = NULL;
+ QCryptoHmacDriver *drv;
+
+#ifdef CONFIG_AF_ALG
+ ctx = qcrypto_afalg_hmac_ctx_new(alg, key, nkey, &err2);
+ if (ctx) {
+ drv = &qcrypto_hmac_afalg_driver;
+ goto set_hmac;
+ }
+#endif
ctx = qcrypto_hmac_ctx_new(alg, key, nkey, errp);
if (ctx == NULL) {
return NULL;
}
+ drv = &qcrypto_hmac_lib_driver;
+ error_free(err2);
+
+#ifdef CONFIG_AF_ALG
+set_hmac:
+#endif
hmac = g_new0(QCryptoHmac, 1);
hmac->alg = alg;
hmac->opaque = ctx;
- hmac->driver = (void *)&qcrypto_hmac_lib_driver;
+ hmac->driver = (void *)drv;
return hmac;
}
@@ -114,3 +130,12 @@ void qcrypto_hmac_free(QCryptoHmac *hmac)
g_free(hmac);
}
}
+
+bool qcrypto_hmac_using_afalg_drv(QCryptoHmac *hmac)
+{
+#ifdef CONFIG_AF_ALG
+ return hmac->driver == &qcrypto_hmac_afalg_driver;
+#else
+ return false;
+#endif
+}
diff --git a/crypto/hmacpriv.h b/crypto/hmacpriv.h
index 2be389a..2d1900f 100644
--- a/crypto/hmacpriv.h
+++ b/crypto/hmacpriv.h
@@ -15,6 +15,8 @@
#ifndef QCRYPTO_HMACPRIV_H
#define QCRYPTO_HMACPRIV_H
+#include "afalgpriv.h"
+
typedef struct QCryptoHmacDriver QCryptoHmacDriver;
struct QCryptoHmacDriver {
@@ -33,4 +35,11 @@ extern void *qcrypto_hmac_ctx_new(QCryptoHashAlgorithm alg,
Error **errp);
extern QCryptoHmacDriver qcrypto_hmac_lib_driver;
+
+extern QCryptoAFAlg *
+qcrypto_afalg_hmac_ctx_new(QCryptoHashAlgorithm alg,
+ const uint8_t *key, size_t nkey,
+ Error **errp);
+extern QCryptoHmacDriver qcrypto_hmac_afalg_driver;
+
#endif
diff --git a/include/crypto/hmac.h b/include/crypto/hmac.h
index 5e88905..450cdee 100644
--- a/include/crypto/hmac.h
+++ b/include/crypto/hmac.h
@@ -164,4 +164,12 @@ int qcrypto_hmac_digest(QCryptoHmac *hmac,
char **digest,
Error **errp);
+/**
+ * qcrypto_cipher_using_afalg_drv:
+ * @hmac: the hmac object
+ *
+ * Returns: True if @hmac using afalg driver, otherwise false.
+ */
+bool qcrypto_hmac_using_afalg_drv(QCryptoHmac *hmac);
+
#endif
--
1.8.3.1
On Sat, Apr 22, 2017 at 03:20:24PM +0800, Longpeng(Mike) wrote:
> Adds afalg-backend hmac support: introduces some private APIs
> firstly, and then intergrates them into qcrypto_hmac_afalg_driver.
>
> Signed-off-by: Longpeng(Mike) <longpeng2@huawei.com>
> ---
> crypto/hash-afalg.c | 108 +++++++++++++++++++++++++++++++++++++++++++-------
> crypto/hmac.c | 27 ++++++++++++-
> crypto/hmacpriv.h | 9 +++++
> include/crypto/hmac.h | 8 ++++
> 4 files changed, 136 insertions(+), 16 deletions(-)
>
> diff --git a/crypto/hash-afalg.c b/crypto/hash-afalg.c
> index f577c83..0670481 100644
> --- a/crypto/hash-afalg.c
> +++ b/crypto/hash-afalg.c
> @@ -1,5 +1,5 @@
> /*
> - * QEMU Crypto af_alg-backend hash support
> + * QEMU Crypto af_alg-backend hash/hmac support
> *
> * Copyright (c) 2017 HUAWEI TECHNOLOGIES CO., LTD.
> *
> @@ -16,10 +16,13 @@
> #include "qemu-common.h"
> #include "qapi/error.h"
> #include "crypto/hash.h"
> +#include "crypto/hmac.h"
> #include "hashpriv.h"
> +#include "hmacpriv.h"
>
> static char *
> qcrypto_afalg_hash_format_name(QCryptoHashAlgorithm alg,
> + bool is_hmac,
> Error **errp)
> {
> char *name;
> @@ -55,10 +58,14 @@ qcrypto_afalg_hash_format_name(QCryptoHashAlgorithm alg,
> }
>
> name = g_new0(char, SALG_NAME_LEN_MAX);
> - ret = snprintf(name, SALG_NAME_LEN_MAX, "%s", alg_name);
> + if (is_hmac) {
> + ret = snprintf(name, SALG_NAME_LEN_MAX, "hmac(%s)", alg_name);
> + } else { /* hash */
> + ret = snprintf(name, SALG_NAME_LEN_MAX, "%s", alg_name);
> + }
> if (ret < 0 || ret >= SALG_NAME_LEN_MAX) {
> - error_setg(errp, "Build hash name(name='%s') failed",
> - alg_name);
> + error_setg(errp, "Build %s name(name='%s') failed",
> + is_hmac ? "hmac" : "hash", alg_name);
> g_free(name);
> return NULL;
> }
Same comments as before about using g_strdup_printf
> diff --git a/crypto/hmac.c b/crypto/hmac.c
> index d040fbb..0a1a6e7 100644
> --- a/crypto/hmac.c
> +++ b/crypto/hmac.c
> @@ -90,16 +90,32 @@ QCryptoHmac *qcrypto_hmac_new(QCryptoHashAlgorithm alg,
> {
> QCryptoHmac *hmac;
> void *ctx;
Initialize to NULL
> + Error *err2 = NULL;
> + QCryptoHmacDriver *drv;
> +
> +#ifdef CONFIG_AF_ALG
> + ctx = qcrypto_afalg_hmac_ctx_new(alg, key, nkey, &err2);
> + if (ctx) {
> + drv = &qcrypto_hmac_afalg_driver;
> + goto set_hmac;
Drop the goto
> + }
> +#endif
>
And we can just add 'if (!ctx)' here
> ctx = qcrypto_hmac_ctx_new(alg, key, nkey, errp);
> if (ctx == NULL) {
> return NULL;
> }
>
> + drv = &qcrypto_hmac_lib_driver;
> + error_free(err2);
> +
> +#ifdef CONFIG_AF_ALG
> +set_hmac:
> +#endif
> hmac = g_new0(QCryptoHmac, 1);
> hmac->alg = alg;
> hmac->opaque = ctx;
> - hmac->driver = (void *)&qcrypto_hmac_lib_driver;
> + hmac->driver = (void *)drv;
>
> return hmac;
> }
Regards,
Daniel
--
|: https://berrange.com -o- https://www.flickr.com/photos/dberrange :|
|: https://libvirt.org -o- https://fstop138.berrange.com :|
|: https://entangle-photo.org -o- https://www.instagram.com/dberrange :|
Hi Daniel,
First, sorry for the long delay...
I have modified the code as your suggestion, and I'll send V4 soon.
On 2017/4/26 20:23, Daniel P. Berrange wrote:
> On Sat, Apr 22, 2017 at 03:20:24PM +0800, Longpeng(Mike) wrote:
>> Adds afalg-backend hmac support: introduces some private APIs
>> firstly, and then intergrates them into qcrypto_hmac_afalg_driver.
>>
>> Signed-off-by: Longpeng(Mike) <longpeng2@huawei.com>
>> ---
>> crypto/hash-afalg.c | 108 +++++++++++++++++++++++++++++++++++++++++++-------
>> crypto/hmac.c | 27 ++++++++++++-
>> crypto/hmacpriv.h | 9 +++++
>> include/crypto/hmac.h | 8 ++++
>> 4 files changed, 136 insertions(+), 16 deletions(-)
>>
>> diff --git a/crypto/hash-afalg.c b/crypto/hash-afalg.c
>> index f577c83..0670481 100644
>> --- a/crypto/hash-afalg.c
>> +++ b/crypto/hash-afalg.c
>> @@ -1,5 +1,5 @@
>> /*
>> - * QEMU Crypto af_alg-backend hash support
>> + * QEMU Crypto af_alg-backend hash/hmac support
>> *
>> * Copyright (c) 2017 HUAWEI TECHNOLOGIES CO., LTD.
>> *
>> @@ -16,10 +16,13 @@
>> #include "qemu-common.h"
>> #include "qapi/error.h"
>> #include "crypto/hash.h"
>> +#include "crypto/hmac.h"
>> #include "hashpriv.h"
>> +#include "hmacpriv.h"
>>
>> static char *
>> qcrypto_afalg_hash_format_name(QCryptoHashAlgorithm alg,
>> + bool is_hmac,
>> Error **errp)
>> {
>> char *name;
>> @@ -55,10 +58,14 @@ qcrypto_afalg_hash_format_name(QCryptoHashAlgorithm alg,
>> }
>>
>> name = g_new0(char, SALG_NAME_LEN_MAX);
>> - ret = snprintf(name, SALG_NAME_LEN_MAX, "%s", alg_name);
>> + if (is_hmac) {
>> + ret = snprintf(name, SALG_NAME_LEN_MAX, "hmac(%s)", alg_name);
>> + } else { /* hash */
>> + ret = snprintf(name, SALG_NAME_LEN_MAX, "%s", alg_name);
>> + }
>> if (ret < 0 || ret >= SALG_NAME_LEN_MAX) {
>> - error_setg(errp, "Build hash name(name='%s') failed",
>> - alg_name);
>> + error_setg(errp, "Build %s name(name='%s') failed",
>> + is_hmac ? "hmac" : "hash", alg_name);
>> g_free(name);
>> return NULL;
>> }
>
> Same comments as before about using g_strdup_printf
>
>> diff --git a/crypto/hmac.c b/crypto/hmac.c
>> index d040fbb..0a1a6e7 100644
>> --- a/crypto/hmac.c
>> +++ b/crypto/hmac.c
>> @@ -90,16 +90,32 @@ QCryptoHmac *qcrypto_hmac_new(QCryptoHashAlgorithm alg,
>> {
>> QCryptoHmac *hmac;
>> void *ctx;
>
> Initialize to NULL
>
>> + Error *err2 = NULL;
>> + QCryptoHmacDriver *drv;
>> +
>> +#ifdef CONFIG_AF_ALG
>> + ctx = qcrypto_afalg_hmac_ctx_new(alg, key, nkey, &err2);
>> + if (ctx) {
>> + drv = &qcrypto_hmac_afalg_driver;
>> + goto set_hmac;
>
> Drop the goto
>
>> + }
>> +#endif
>>
>
> And we can just add 'if (!ctx)' here
>
>> ctx = qcrypto_hmac_ctx_new(alg, key, nkey, errp);
>> if (ctx == NULL) {
>> return NULL;
>> }
>>
>> + drv = &qcrypto_hmac_lib_driver;
>> + error_free(err2);
>> +
>> +#ifdef CONFIG_AF_ALG
>> +set_hmac:
>> +#endif
>> hmac = g_new0(QCryptoHmac, 1);
>> hmac->alg = alg;
>> hmac->opaque = ctx;
>> - hmac->driver = (void *)&qcrypto_hmac_lib_driver;
>> + hmac->driver = (void *)drv;
>>
>> return hmac;
>> }
>
> Regards,
> Daniel
--
Regards,
Longpeng(Mike)
© 2016 - 2026 Red Hat, Inc.