From nobody Tue Feb 10 07:41:13 2026
Delivered-To: importer@patchew.org
Received-SPF: pass (zoho.com: domain of gnu.org designates 208.118.235.17 as
 permitted sender) client-ip=208.118.235.17;
 envelope-from=qemu-devel-bounces+importer=patchew.org@nongnu.org;
 helo=lists.gnu.org;
Authentication-Results: mx.zohomail.com;
	dkim=fail;
	spf=pass (zoho.com: domain of gnu.org designates 208.118.235.17 as permitted
 sender)  smtp.mailfrom=qemu-devel-bounces+importer=patchew.org@nongnu.org
Return-Path: <qemu-devel-bounces+importer=patchew.org@nongnu.org>
Received: from lists.gnu.org (lists.gnu.org [208.118.235.17]) by
 mx.zohomail.com
	with SMTPS id 1500056040364981.2403945160821;
 Fri, 14 Jul 2017 11:14:00 -0700 (PDT)
Received: from localhost ([::1]:39311 helo=lists.gnu.org)
	by lists.gnu.org with esmtp (Exim 4.71)
	(envelope-from <qemu-devel-bounces+importer=patchew.org@nongnu.org>)
	id 1dW56D-0005TY-T2
	for importer@patchew.org; Fri, 14 Jul 2017 14:13:57 -0400
Received: from eggs.gnu.org ([2001:4830:134:3::10]:55324)
	by lists.gnu.org with esmtp (Exim 4.71)
	(envelope-from <longpeng.mike@gmail.com>) id 1dW4x6-0005M1-Dy
	for qemu-devel@nongnu.org; Fri, 14 Jul 2017 14:04:33 -0400
Received: from Debian-exim by eggs.gnu.org with spam-scanned (Exim 4.71)
	(envelope-from <longpeng.mike@gmail.com>) id 1dW4x4-0003Gt-W1
	for qemu-devel@nongnu.org; Fri, 14 Jul 2017 14:04:32 -0400
Received: from mail-pg0-x244.google.com ([2607:f8b0:400e:c05::244]:34104)
	by eggs.gnu.org with esmtps (TLS1.0:RSA_AES_128_CBC_SHA1:16)
	(Exim 4.71) (envelope-from <longpeng.mike@gmail.com>)
	id 1dW4x4-0003G4-Mf
	for qemu-devel@nongnu.org; Fri, 14 Jul 2017 14:04:30 -0400
Received: by mail-pg0-x244.google.com with SMTP id j186so11377615pge.1
	for <qemu-devel@nongnu.org>; Fri, 14 Jul 2017 11:04:30 -0700 (PDT)
Received: from localhost (45.78.25.254.16clouds.com. [45.78.25.254])
	by smtp.gmail.com with ESMTPSA id
	b28sm22323841pfm.9.2017.07.14.11.04.29
	(version=TLS1_2 cipher=AES128-SHA bits=128/128);
	Fri, 14 Jul 2017 11:04:29 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20161025;
	h=from:to:cc:subject:date:message-id:in-reply-to:references;
	bh=K1+LVT/IkT3LMFEagadiJJi3/3N0SIE+5jvzX3A3kFU=;
	b=k9VUD86mSlGLm5hHgbEw4IWG66pf4JhofrKdy4PLIzNKSncQEd7OTw0mXInWMKdkL3
	XhhviqsHQKPj513oxO6JG/3HRwI+XIEBoiVnAemOZ08XmZTyrsZK1mXstPmgnqcsHliT
	QVE3Sa6xx+LT+oyaJfddGn6m5BzfnV5P1hOfS5zkz4B1yPoS+utbiDIbV40dfm3q0uAZ
	thvSXSizwotog+iOSvr1TRm6L12+MMF95tQEIA+n0mubmwvM8P7wIlxvo+QfGhqFno7F
	99gsybJuDLzxSsobywAG0UyhE50jWWfe0VhqALF8/LfxYV3ssY1xqRbmMlUEQZW0nyK1
	q6zQ==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
	d=1e100.net; s=20161025;
	h=x-gm-message-state:from:to:cc:subject:date:message-id:in-reply-to
	:references;
	bh=K1+LVT/IkT3LMFEagadiJJi3/3N0SIE+5jvzX3A3kFU=;
	b=LdLSbH6LdPfASwjoqoce9B2m+MTJ/ffBYRDIGEZ3QyJPAyBlxsgPr6bhHQmxa/w5G9
	4oLPgwVeLeadajmRC7mbFff6it3qDWFbTTqcXf4tmWUxHFGmxOL9nvZMzNGx7nfK5+tY
	SsD7zpfRIfYnIP52yFRH6A5qSjUAo8iHvsCxVZA1qH/XkesGCCv2/yMj6bMPbLOmVX1d
	bp8d/0JE5u6Ponbql7ezyuEHcfrJbz7wCy+05h0XVb6CHSos2aEPNtOiHF8aQq61WBPr
	e+dVoTTuD6ghRP1vanVnMapJvWiYCozYeD4phjS7tykig8/Zl2u1RPuR+b5ORopRhnQR
	8UIQ==
X-Gm-Message-State: AIVw111ykfbliln6T1uB0SWymImoPZ5lsJL9KQOMjxKzXLFdtYHqeJHv
	VbZIO8VX186F5g==
X-Received: by 10.98.148.25 with SMTP id m25mr6631046pfe.7.1500055469870;
	Fri, 14 Jul 2017 11:04:29 -0700 (PDT)
From: longpeng.mike@gmail.com
To: berrange@redhat.com
Date: Fri, 14 Jul 2017 14:04:05 -0400
Message-Id: <1500055451-14041-13-git-send-email-longpeng.mike@gmail.com>
X-Mailer: git-send-email 1.7.1
In-Reply-To: <1500055451-14041-1-git-send-email-longpeng.mike@gmail.com>
References: <1500055451-14041-1-git-send-email-longpeng.mike@gmail.com>
X-detected-operating-system: by eggs.gnu.org: Genre and OS details not
	recognized.
X-Received-From: 2607:f8b0:400e:c05::244
Subject: [Qemu-devel] [PATCH v6 12/18] crypto: introduce some common
 functions for af_alg backend
X-BeenThere: qemu-devel@nongnu.org
X-Mailman-Version: 2.1.21
Precedence: list
List-Id: <qemu-devel.nongnu.org>
List-Unsubscribe: <https://lists.nongnu.org/mailman/options/qemu-devel>,
	<mailto:qemu-devel-request@nongnu.org?subject=unsubscribe>
List-Archive: <http://lists.nongnu.org/archive/html/qemu-devel/>
List-Post: <mailto:qemu-devel@nongnu.org>
List-Help: <mailto:qemu-devel-request@nongnu.org?subject=help>
List-Subscribe: <https://lists.nongnu.org/mailman/listinfo/qemu-devel>,
	<mailto:qemu-devel-request@nongnu.org?subject=subscribe>
Cc: "Longpeng\(Mike\)" <longpeng2@huawei.com>, arei.gonglei@huawei.com,
	weidong.huang@huawei.com, qemu-devel@nongnu.org
Errors-To: qemu-devel-bounces+importer=patchew.org@nongnu.org
Sender: "Qemu-devel" <qemu-devel-bounces+importer=patchew.org@nongnu.org>
X-ZohoMail-DKIM: fail (Header signature does not verify)
X-ZohoMail: RDKM_2  RSF_0  Z_629925259 SPT_0
Content-Transfer-Encoding: quoted-printable
MIME-Version: 1.0
Content-Type: text/plain; charset="utf-8"

From: "Longpeng(Mike)" <longpeng2@huawei.com>

The AF_ALG socket family is the userspace interface for linux
crypto API, this patch adds af_alg family support and some common
functions for af_alg backend. It'll be used by afalg-backend crypto
latter.

Signed-off-by: Longpeng(Mike) <longpeng2@huawei.com>
---
 configure            |  30 +++++++++++++
 crypto/Makefile.objs |   1 +
 crypto/afalg.c       | 116 +++++++++++++++++++++++++++++++++++++++++++++++=
++++
 crypto/afalgpriv.h   |  54 ++++++++++++++++++++++++
 4 files changed, 201 insertions(+)
 create mode 100644 crypto/afalg.c
 create mode 100644 crypto/afalgpriv.h

diff --git a/configure b/configure
index 902653a..4beab2a 100755
--- a/configure
+++ b/configure
@@ -375,6 +375,7 @@ libnfs=3D""
 coroutine=3D""
 coroutine_pool=3D""
 debug_stack_usage=3D"no"
+crypto_afalg=3D"no"
 seccomp=3D""
 glusterfs=3D""
 glusterfs_xlator_opt=3D"no"
@@ -1124,6 +1125,8 @@ for opt do
   ;;
   --enable-debug-stack-usage) debug_stack_usage=3D"yes"
   ;;
+  --enable-crypto-afalg) crypto_afalg=3D"yes"
+  ;;
   --disable-docs) docs=3D"no"
   ;;
   --enable-docs) docs=3D"yes"
@@ -1443,6 +1446,8 @@ Advanced options (experts only):
                            xen pv domain builder
   --enable-debug-stack-usage
                            track the maximum stack usage of stacks created=
 by qemu_alloc_stack
+  --enable-crypto-afalg
+                           enable afalg-backend crypto and try to use it f=
irst.
=20
 Optional features, enabled with --enable-FEATURE and
 disabled with --disable-FEATURE, default is enabled if available:
@@ -4834,6 +4839,24 @@ if compile_prog "" "" ; then
     have_af_vsock=3Dyes
 fi
=20
+##########################################
+# check for usable AF_ALG environment
+hava_af_alg=3Dno
+cat > $TMPC << EOF
+#include <errno.h>
+#include <sys/types.h>
+#include <sys/socket.h>
+#include <linux/if_alg.h>
+int main(void) {
+    int sock;
+    sock =3D socket(AF_ALG, SOCK_SEQPACKET, 0);
+    return sock;
+}
+EOF
+if compile_prog "" "" ; then
+    have_afalg=3Dyes
+fi
+
 #################################################
 # Sparc implicitly links with --relax, which is
 # incompatible with -r, so --no-relax should be
@@ -5300,6 +5323,7 @@ echo "seccomp support   $seccomp"
 echo "coroutine backend $coroutine"
 echo "coroutine pool    $coroutine_pool"
 echo "debug stack usage $debug_stack_usage"
+echo "crypto afalg      $crypto_afalg"
 echo "GlusterFS support $glusterfs"
 echo "gcov              $gcov_tool"
 echo "gcov enabled      $gcov"
@@ -5811,6 +5835,12 @@ if test "$debug_stack_usage" =3D "yes" ; then
   echo "CONFIG_DEBUG_STACK_USAGE=3Dy" >> $config_host_mak
 fi
=20
+if test "$crypto_afalg" =3D "yes" ; then
+  if test "$have_afalg" =3D "yes" ; then
+    echo "CONFIG_AF_ALG=3Dy" >> $config_host_mak
+  fi
+fi
+
 if test "$open_by_handle_at" =3D "yes" ; then
   echo "CONFIG_OPEN_BY_HANDLE=3Dy" >> $config_host_mak
 fi
diff --git a/crypto/Makefile.objs b/crypto/Makefile.objs
index 1f749f2..2be5a3a 100644
--- a/crypto/Makefile.objs
+++ b/crypto/Makefile.objs
@@ -10,6 +10,7 @@ crypto-obj-$(if $(CONFIG_NETTLE),n,$(if $(CONFIG_GCRYPT_H=
MAC),n,y)) +=3D hmac-glib
 crypto-obj-y +=3D aes.o
 crypto-obj-y +=3D desrfb.o
 crypto-obj-y +=3D cipher.o
+crypto-obj-$(CONFIG_AF_ALG) +=3D afalg.o
 crypto-obj-y +=3D tlscreds.o
 crypto-obj-y +=3D tlscredsanon.o
 crypto-obj-y +=3D tlscredsx509.o
diff --git a/crypto/afalg.c b/crypto/afalg.c
new file mode 100644
index 0000000..10046bb
--- /dev/null
+++ b/crypto/afalg.c
@@ -0,0 +1,116 @@
+/*
+ * QEMU Crypto af_alg support
+ *
+ * Copyright (c) 2017 HUAWEI TECHNOLOGIES CO., LTD.
+ *
+ * Authors:
+ *    Longpeng(Mike) <longpeng2@huawei.com>
+ *
+ * This work is licensed under the terms of the GNU GPL, version 2 or
+ * (at your option) any later version.  See the COPYING file in the
+ * top-level directory.
+ */
+#include "qemu/osdep.h"
+#include "qemu/cutils.h"
+#include "qemu/sockets.h"
+#include "qapi/error.h"
+#include "afalgpriv.h"
+
+static bool
+qcrypto_afalg_build_saddr(const char *type, const char *name,
+                          struct sockaddr_alg *salg, Error **errp)
+{
+    salg->salg_family =3D AF_ALG;
+
+    if (strnlen(type, SALG_TYPE_LEN_MAX) >=3D SALG_TYPE_LEN_MAX) {
+        error_setg(errp, "Afalg type(%s) is larger than %d bytes",
+                   type, SALG_TYPE_LEN_MAX);
+        return false;
+    }
+
+    if (strnlen(name, SALG_NAME_LEN_MAX) >=3D SALG_NAME_LEN_MAX) {
+        error_setg(errp, "Afalg name(%s) is larger than %d bytes",
+                   name, SALG_NAME_LEN_MAX);
+        return false;
+    }
+
+    pstrcpy((char *)salg->salg_type, SALG_TYPE_LEN_MAX, type);
+    pstrcpy((char *)salg->salg_name, SALG_NAME_LEN_MAX, name);
+
+    return true;
+}
+
+static int
+qcrypto_afalg_socket_bind(const char *type, const char *name,
+                          Error **errp)
+{
+    int sbind;
+    struct sockaddr_alg salg =3D {0};
+
+    if (!qcrypto_afalg_build_saddr(type, name, &salg, errp)) {
+        return -1;
+    }
+
+    sbind =3D qemu_socket(AF_ALG, SOCK_SEQPACKET, 0);
+    if (sbind < 0) {
+        error_setg_errno(errp, errno, "Failed to create socket");
+        return -1;
+    }
+
+    if (bind(sbind, (const struct sockaddr *)&salg, sizeof(salg)) !=3D 0) {
+        error_setg_errno(errp, errno, "Failed to bind socket");
+        closesocket(sbind);
+        return -1;
+    }
+
+    return sbind;
+}
+
+QCryptoAFAlg *
+qcrypto_afalg_comm_alloc(const char *type, const char *name,
+                         Error **errp)
+{
+    QCryptoAFAlg *afalg;
+
+    afalg =3D g_new0(QCryptoAFAlg, 1);
+    /* initilize crypto API socket */
+    afalg->opfd =3D -1;
+    afalg->tfmfd =3D qcrypto_afalg_socket_bind(type, name, errp);
+    if (afalg->tfmfd =3D=3D -1) {
+        goto error;
+    }
+
+    afalg->opfd =3D qemu_accept(afalg->tfmfd, NULL, 0);
+    if (afalg->opfd =3D=3D -1) {
+        error_setg_errno(errp, errno, "Failed to accept socket");
+        goto error;
+    }
+
+    return afalg;
+
+error:
+    qcrypto_afalg_comm_free(afalg);
+    return NULL;
+}
+
+void qcrypto_afalg_comm_free(QCryptoAFAlg *afalg)
+{
+    if (!afalg) {
+        return;
+    }
+
+    if (afalg->msg) {
+        g_free(afalg->msg->msg_control);
+        g_free(afalg->msg);
+    }
+
+    if (afalg->tfmfd !=3D -1) {
+        closesocket(afalg->tfmfd);
+    }
+
+    if (afalg->opfd !=3D -1) {
+        closesocket(afalg->opfd);
+    }
+
+    g_free(afalg);
+}
diff --git a/crypto/afalgpriv.h b/crypto/afalgpriv.h
new file mode 100644
index 0000000..76118cf
--- /dev/null
+++ b/crypto/afalgpriv.h
@@ -0,0 +1,54 @@
+/*
+ * QEMU Crypto af_alg support
+ *
+ * Copyright (c) 2017 HUAWEI TECHNOLOGIES CO., LTD.
+ *
+ * Authors:
+ *    Longpeng(Mike) <longpeng2@huawei.com>
+ *
+ * This work is licensed under the terms of the GNU GPL, version 2 or
+ * (at your option) any later version.  See the COPYING file in the
+ * top-level directory.
+ */
+
+#ifndef QCRYPTO_AFALGPRIV_H
+#define QCRYPTO_AFALGPRIV_H
+
+#include <linux/if_alg.h>
+
+#define SALG_TYPE_LEN_MAX 14
+#define SALG_NAME_LEN_MAX 64
+
+typedef struct QCryptoAFAlg QCryptoAFAlg;
+
+struct QCryptoAFAlg {
+    int tfmfd;
+    int opfd;
+    struct msghdr *msg;
+    struct cmsghdr *cmsg;
+};
+
+/**
+ * qcrypto_afalg_comm_alloc:
+ * @type: the type of crypto operation
+ * @name: the name of crypto operation
+ *
+ * Allocate a QCryptoAFAlg object and bind itself to
+ * a AF_ALG socket.
+ *
+ * Returns:
+ *  a new QCryptoAFAlg object, or NULL in error.
+ */
+QCryptoAFAlg *
+qcrypto_afalg_comm_alloc(const char *type, const char *name,
+                         Error **errp);
+
+/**
+ * afalg_comm_free:
+ * @afalg: the QCryptoAFAlg object
+ *
+ * Free the @afalg.
+ */
+void qcrypto_afalg_comm_free(QCryptoAFAlg *afalg);
+
+#endif
--=20
1.8.3.1