From nobody Mon Feb  9 11:31:46 2026
Delivered-To: importer@patchew.org
Received-SPF: pass (zoho.com: domain of gnu.org designates 208.118.235.17 as
 permitted sender) client-ip=208.118.235.17;
 envelope-from=qemu-devel-bounces+importer=patchew.org@nongnu.org;
 helo=lists.gnu.org;
Authentication-Results: mx.zoho.com;
	spf=pass (zoho.com: domain of gnu.org designates 208.118.235.17 as permitted
 sender)  smtp.mailfrom=qemu-devel-bounces+importer=patchew.org@nongnu.org;
Return-Path: <qemu-devel-bounces+importer=patchew.org@nongnu.org>
Received: from lists.gnu.org (lists.gnu.org [208.118.235.17]) by
 mx.zohomail.com
	with SMTPS id 1499159304764610.0055550247755;
 Tue, 4 Jul 2017 02:08:24 -0700 (PDT)
Received: from localhost ([::1]:39619 helo=lists.gnu.org)
	by lists.gnu.org with esmtp (Exim 4.71)
	(envelope-from <qemu-devel-bounces+importer=patchew.org@nongnu.org>)
	id 1dSJol-0006pc-5B
	for importer@patchew.org; Tue, 04 Jul 2017 05:08:23 -0400
Received: from eggs.gnu.org ([2001:4830:134:3::10]:46958)
	by lists.gnu.org with esmtp (Exim 4.71)
	(envelope-from <longpeng2@huawei.com>) id 1dSJef-0005Db-Dx
	for qemu-devel@nongnu.org; Tue, 04 Jul 2017 04:57:58 -0400
Received: from Debian-exim by eggs.gnu.org with spam-scanned (Exim 4.71)
	(envelope-from <longpeng2@huawei.com>) id 1dSJed-0005fu-SA
	for qemu-devel@nongnu.org; Tue, 04 Jul 2017 04:57:57 -0400
Received: from szxga01-in.huawei.com ([45.249.212.187]:4016)
	by eggs.gnu.org with esmtps (TLS1.0:RSA_ARCFOUR_SHA1:16) (Exim 4.71)
	(envelope-from <longpeng2@huawei.com>) id 1dSJed-0005dG-1e
	for qemu-devel@nongnu.org; Tue, 04 Jul 2017 04:57:55 -0400
Received: from 172.30.72.55 (EHLO DGGEML402-HUB.china.huawei.com)
	([172.30.72.55])
	by dggrg01-dlp.huawei.com (MOS 4.4.6-GA FastPath queued)
	with ESMTP id ARL27717; Tue, 04 Jul 2017 16:57:51 +0800 (CST)
Received: from localhost (10.177.246.209) by DGGEML402-HUB.china.huawei.com
	(10.3.17.38) with Microsoft SMTP Server id 14.3.301.0; Tue, 4 Jul 2017
	16:57:41 +0800
From: "Longpeng(Mike)" <longpeng2@huawei.com>
To: <berrange@redhat.com>
Date: Tue, 4 Jul 2017 16:57:05 +0800
Message-ID: <1499158630-75260-14-git-send-email-longpeng2@huawei.com>
X-Mailer: git-send-email 1.8.4.msysgit.0
In-Reply-To: <1499158630-75260-1-git-send-email-longpeng2@huawei.com>
References: <1499158630-75260-1-git-send-email-longpeng2@huawei.com>
MIME-Version: 1.0
X-Originating-IP: [10.177.246.209]
X-CFilter-Loop: Reflected
X-Mirapoint-Virus-RAPID-Raw: score=unknown(0),
	refid=str=0001.0A090202.595B5890.0192, ss=1, re=0.000, recu=0.000,
	reip=0.000, cl=1, cld=1, fgs=0, ip=0.0.0.0,
	so=2014-11-16 11:51:01, dmn=2013-03-21 17:37:32
X-Mirapoint-Loop-Id: 4be6a5536dbbf7fe2a3b5b59acab46df
X-detected-operating-system: by eggs.gnu.org: GNU/Linux 2.4.x-2.6.x [generic]
	[fuzzy]
X-Received-From: 45.249.212.187
Subject: [Qemu-devel] [PATCH v4 13/18] crypto: cipher: add afalg-backend
 cipher support
X-BeenThere: qemu-devel@nongnu.org
X-Mailman-Version: 2.1.21
Precedence: list
List-Id: <qemu-devel.nongnu.org>
List-Unsubscribe: <https://lists.nongnu.org/mailman/options/qemu-devel>,
	<mailto:qemu-devel-request@nongnu.org?subject=unsubscribe>
List-Archive: <http://lists.nongnu.org/archive/html/qemu-devel/>
List-Post: <mailto:qemu-devel@nongnu.org>
List-Help: <mailto:qemu-devel-request@nongnu.org?subject=help>
List-Subscribe: <https://lists.nongnu.org/mailman/listinfo/qemu-devel>,
	<mailto:qemu-devel-request@nongnu.org?subject=subscribe>
Cc: weidong.huang@huawei.com, wangxinxin.wang@huawei.com,
 qemu-devel@nongnu.org,
	arei.gonglei@huawei.com, longpeng.mike@gmail.com,
	"Longpeng\(Mike\)" <longpeng2@huawei.com>
Errors-To: qemu-devel-bounces+importer=patchew.org@nongnu.org
Sender: "Qemu-devel" <qemu-devel-bounces+importer=patchew.org@nongnu.org>
X-ZohoMail: RSF_0  Z_629925259 SPT_0
Content-Transfer-Encoding: quoted-printable
Content-Type: text/plain; charset="utf-8"

Adds afalg-backend cipher support: introduces some private APIs
firstly, and then intergrates them into qcrypto_cipher_afalg_driver.

Signed-off-by: Longpeng(Mike) <longpeng2@huawei.com>
---
 crypto/Makefile.objs  |   1 +
 crypto/afalgpriv.h    |   9 ++
 crypto/cipher-afalg.c | 223 ++++++++++++++++++++++++++++++++++++++++++++++=
++++
 crypto/cipher.c       |  23 +++++-
 crypto/cipherpriv.h   |  16 ++++
 5 files changed, 268 insertions(+), 4 deletions(-)
 create mode 100644 crypto/cipher-afalg.c

diff --git a/crypto/Makefile.objs b/crypto/Makefile.objs
index 2be5a3a..d2e8fa8 100644
--- a/crypto/Makefile.objs
+++ b/crypto/Makefile.objs
@@ -11,6 +11,7 @@ crypto-obj-y +=3D aes.o
 crypto-obj-y +=3D desrfb.o
 crypto-obj-y +=3D cipher.o
 crypto-obj-$(CONFIG_AF_ALG) +=3D afalg.o
+crypto-obj-$(CONFIG_AF_ALG) +=3D cipher-afalg.o
 crypto-obj-y +=3D tlscreds.o
 crypto-obj-y +=3D tlscredsanon.o
 crypto-obj-y +=3D tlscredsx509.o
diff --git a/crypto/afalgpriv.h b/crypto/afalgpriv.h
index d21160c..a4a7b97 100644
--- a/crypto/afalgpriv.h
+++ b/crypto/afalgpriv.h
@@ -19,6 +19,15 @@
 #define SALG_TYPE_LEN_MAX 14
 #define SALG_NAME_LEN_MAX 64
=20
+#ifndef SOL_ALG
+#define SOL_ALG 279
+#endif
+
+#define AFALG_TYPE_CIPHER "skcipher"
+
+#define ALG_OPTYPE_LEN 4
+#define ALG_MSGIV_LEN(len) (sizeof(struct af_alg_iv) + (len))
+
 typedef struct QCryptoAFAlg QCryptoAFAlg;
=20
 struct QCryptoAFAlg {
diff --git a/crypto/cipher-afalg.c b/crypto/cipher-afalg.c
new file mode 100644
index 0000000..c5d1d5d
--- /dev/null
+++ b/crypto/cipher-afalg.c
@@ -0,0 +1,223 @@
+/*
+ * QEMU Crypto af_alg-backend cipher support
+ *
+ * Copyright (c) 2017 HUAWEI TECHNOLOGIES CO., LTD.
+ *
+ * Authors:
+ *    Longpeng(Mike) <longpeng2@huawei.com>
+ *
+ * This work is licensed under the terms of the GNU GPL, version 2 or
+ * (at your option) any later version.  See the COPYING file in the
+ * top-level directory.
+ */
+#include "qemu/osdep.h"
+#include "qemu/sockets.h"
+#include "qemu-common.h"
+#include "qapi/error.h"
+#include "crypto/cipher.h"
+#include "cipherpriv.h"
+
+
+static char *
+qcrypto_afalg_cipher_format_name(QCryptoCipherAlgorithm alg,
+                                 QCryptoCipherMode mode,
+                                 Error **errp)
+{
+    char *name;
+    const char *alg_name;
+    const char *mode_name;
+
+    switch (alg) {
+    case QCRYPTO_CIPHER_ALG_AES_128:
+    case QCRYPTO_CIPHER_ALG_AES_192:
+    case QCRYPTO_CIPHER_ALG_AES_256:
+        alg_name =3D "aes";
+        break;
+    case QCRYPTO_CIPHER_ALG_CAST5_128:
+        alg_name =3D "cast5";
+        break;
+    case QCRYPTO_CIPHER_ALG_SERPENT_128:
+    case QCRYPTO_CIPHER_ALG_SERPENT_192:
+    case QCRYPTO_CIPHER_ALG_SERPENT_256:
+        alg_name =3D "serpent";
+        break;
+    case QCRYPTO_CIPHER_ALG_TWOFISH_128:
+    case QCRYPTO_CIPHER_ALG_TWOFISH_192:
+    case QCRYPTO_CIPHER_ALG_TWOFISH_256:
+        alg_name =3D "twofish";
+        break;
+
+    default:
+        error_setg(errp, "Unsupported cipher algorithm %d", alg);
+        return NULL;
+    }
+
+    mode_name =3D QCryptoCipherMode_lookup[mode];
+    name =3D g_strdup_printf("%s(%s)", mode_name, alg_name);
+
+    return name;
+}
+
+QCryptoAFAlg *
+qcrypto_afalg_cipher_ctx_new(QCryptoCipherAlgorithm alg,
+                             QCryptoCipherMode mode,
+                             const uint8_t *key,
+                             size_t nkey, Error **errp)
+{
+    QCryptoAFAlg *afalg;
+    size_t expect_niv;
+    char *name;
+
+    name =3D qcrypto_afalg_cipher_format_name(alg, mode, errp);
+    if (!name) {
+        return NULL;
+    }
+
+    afalg =3D qcrypto_afalg_comm_alloc(AFALG_TYPE_CIPHER, name, errp);
+    if (!afalg) {
+        g_free(name);
+        return NULL;
+    }
+    afalg->name =3D name;
+
+    /* setkey */
+    if (qemu_setsockopt(afalg->tfmfd, SOL_ALG, ALG_SET_KEY, key,
+                        nkey) !=3D 0) {
+        error_setg_errno(errp, errno, "Set key failed");
+        qcrypto_afalg_comm_free(afalg);
+        return NULL;
+    }
+
+    /* prepare msg header */
+    afalg->msg =3D g_new0(struct msghdr, 1);
+    afalg->msg->msg_controllen +=3D CMSG_SPACE(ALG_OPTYPE_LEN);
+    expect_niv =3D qcrypto_cipher_get_iv_len(alg, mode);
+    if (expect_niv) {
+        afalg->msg->msg_controllen +=3D CMSG_SPACE(ALG_MSGIV_LEN(expect_ni=
v));
+    }
+    afalg->msg->msg_control =3D g_new0(uint8_t, afalg->msg->msg_controllen=
);
+
+    /* We use 1st msghdr for crypto-info and 2nd msghdr for IV-info */
+    afalg->cmsg =3D CMSG_FIRSTHDR(afalg->msg);
+    afalg->cmsg->cmsg_type =3D ALG_SET_OP;
+    afalg->cmsg->cmsg_len =3D CMSG_SPACE(ALG_OPTYPE_LEN);
+    if (expect_niv) {
+        afalg->cmsg =3D CMSG_NXTHDR(afalg->msg, afalg->cmsg);
+        afalg->cmsg->cmsg_type =3D ALG_SET_IV;
+        afalg->cmsg->cmsg_len =3D CMSG_SPACE(ALG_MSGIV_LEN(expect_niv));
+    }
+    afalg->cmsg =3D CMSG_FIRSTHDR(afalg->msg);
+
+    return afalg;
+}
+
+static int
+qcrypto_afalg_cipher_setiv(QCryptoCipher *cipher,
+                           const uint8_t *iv,
+                           size_t niv, Error **errp)
+{
+    struct af_alg_iv *alg_iv;
+    size_t expect_niv;
+    QCryptoAFAlg *afalg =3D cipher->opaque;
+
+    expect_niv =3D qcrypto_cipher_get_iv_len(cipher->alg, cipher->mode);
+    if (niv !=3D expect_niv) {
+        error_setg(errp, "Set IV len(%zu) not match expected(%zu)",
+                   niv, expect_niv);
+        return -1;
+    }
+
+    /* move ->cmsg to next msghdr, for IV-info */
+    afalg->cmsg =3D CMSG_NXTHDR(afalg->msg, afalg->cmsg);
+
+    /* build setiv msg */
+    afalg->cmsg->cmsg_level =3D SOL_ALG;
+    alg_iv =3D (struct af_alg_iv *)CMSG_DATA(afalg->cmsg);
+    alg_iv->ivlen =3D niv;
+    memcpy(alg_iv->iv, iv, niv);
+
+    return 0;
+}
+
+static int
+qcrypto_afalg_cipher_op(QCryptoAFAlg *afalg,
+                        const void *in, void *out,
+                        size_t len, bool do_encrypt,
+                        Error **errp)
+{
+    uint32_t *type =3D NULL;
+    struct iovec iov;
+    size_t ret, done =3D 0;
+    uint32_t origin_controllen;
+
+    origin_controllen =3D afalg->msg->msg_controllen;
+    /* movev ->cmsg to first header, for crypto-info */
+    afalg->cmsg =3D CMSG_FIRSTHDR(afalg->msg);
+
+    /* build encrypt msg */
+    afalg->cmsg->cmsg_level =3D SOL_ALG;
+    afalg->msg->msg_iov =3D &iov;
+    afalg->msg->msg_iovlen =3D 1;
+    type =3D (uint32_t *)CMSG_DATA(afalg->cmsg);
+    if (do_encrypt) {
+        *type =3D ALG_OP_ENCRYPT;
+    } else {
+        *type =3D ALG_OP_DECRYPT;
+    }
+
+    do {
+        iov.iov_base =3D (void *)in + done;
+        iov.iov_len =3D len - done;
+
+        /* send info to AF_ALG core */
+        ret =3D sendmsg(afalg->opfd, afalg->msg, 0);
+        if (ret =3D=3D -1) {
+            error_setg_errno(errp, errno, "Send data to AF_ALG core failed=
");
+            return -1;
+        }
+
+        /* encrypto && get result */
+        if (ret !=3D read(afalg->opfd, out, ret)) {
+            error_setg_errno(errp, errno, "Get result from AF_ALG core fai=
led");
+            return -1;
+        }
+
+        /* do not update IV for following chunks */
+        afalg->msg->msg_controllen =3D 0;
+        done +=3D ret;
+    } while (done < len);
+
+    afalg->msg->msg_controllen =3D origin_controllen;
+
+    return 0;
+}
+
+static int
+qcrypto_afalg_cipher_encrypt(QCryptoCipher *cipher,
+                             const void *in, void *out,
+                             size_t len, Error **errp)
+{
+    return qcrypto_afalg_cipher_op(cipher->opaque, in, out,
+                                   len, true, errp);
+}
+
+static int
+qcrypto_afalg_cipher_decrypt(QCryptoCipher *cipher,
+                             const void *in, void *out,
+                             size_t len, Error **errp)
+{
+    return qcrypto_afalg_cipher_op(cipher->opaque, in, out,
+                                   len, false, errp);
+}
+
+static void qcrypto_afalg_comm_ctx_free(QCryptoCipher *cipher)
+{
+    qcrypto_afalg_comm_free(cipher->opaque);
+}
+
+struct QCryptoCipherDriver qcrypto_cipher_afalg_driver =3D {
+    .cipher_encrypt =3D qcrypto_afalg_cipher_encrypt,
+    .cipher_decrypt =3D qcrypto_afalg_cipher_decrypt,
+    .cipher_setiv =3D qcrypto_afalg_cipher_setiv,
+    .cipher_free =3D qcrypto_afalg_comm_ctx_free,
+};
diff --git a/crypto/cipher.c b/crypto/cipher.c
index 0a3d2e5..a487270 100644
--- a/crypto/cipher.c
+++ b/crypto/cipher.c
@@ -163,18 +163,33 @@ QCryptoCipher *qcrypto_cipher_new(QCryptoCipherAlgori=
thm alg,
                                   Error **errp)
 {
     QCryptoCipher *cipher;
-    void *ctx;
+    void *ctx =3D NULL;
+    Error *err2 =3D NULL;
+    QCryptoCipherDriver *drv;
+
+#ifdef CONFIG_AF_ALG
+    ctx =3D qcrypto_afalg_cipher_ctx_new(alg, mode, key, nkey, &err2);
+    if (ctx) {
+        drv =3D &qcrypto_cipher_afalg_driver;
+    }
+#endif
=20
-    ctx =3D qcrypto_cipher_ctx_new(alg, mode, key, nkey, errp);
     if (!ctx) {
-        return NULL;
+        ctx =3D qcrypto_cipher_ctx_new(alg, mode, key, nkey, errp);
+        if (!ctx) {
+            error_free(err2);
+            return NULL;
+        }
+
+        drv =3D &qcrypto_cipher_lib_driver;
+        error_free(err2);
     }
=20
     cipher =3D g_new0(QCryptoCipher, 1);
     cipher->alg =3D alg;
     cipher->mode =3D mode;
     cipher->opaque =3D ctx;
-    cipher->driver =3D (void *)&qcrypto_cipher_lib_driver;
+    cipher->driver =3D (void *)drv;
=20
     return cipher;
 }
diff --git a/crypto/cipherpriv.h b/crypto/cipherpriv.h
index 4af5e85..77da4c2 100644
--- a/crypto/cipherpriv.h
+++ b/crypto/cipherpriv.h
@@ -15,6 +15,8 @@
 #ifndef QCRYPTO_CIPHERPRIV_H
 #define QCRYPTO_CIPHERPRIV_H
=20
+#include "qapi-types.h"
+
 typedef struct QCryptoCipherDriver QCryptoCipherDriver;
=20
 struct QCryptoCipherDriver {
@@ -37,4 +39,18 @@ struct QCryptoCipherDriver {
     void (*cipher_free)(QCryptoCipher *cipher);
 };
=20
+#ifdef CONFIG_AF_ALG
+
+#include "afalgpriv.h"
+
+extern QCryptoAFAlg *
+qcrypto_afalg_cipher_ctx_new(QCryptoCipherAlgorithm alg,
+                             QCryptoCipherMode mode,
+                             const uint8_t *key,
+                             size_t nkey, Error **errp);
+
+extern struct QCryptoCipherDriver qcrypto_cipher_afalg_driver;
+
+#endif
+
 #endif
--=20
1.8.3.1