From nobody Mon Jun 29 10:31:12 2026 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from vger.kernel.org (vger.kernel.org [23.128.96.18]) by smtp.lore.kernel.org (Postfix) with ESMTP id F27C1C433EF for ; Fri, 11 Feb 2022 08:42:47 +0000 (UTC) Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1348099AbiBKImq (ORCPT ); Fri, 11 Feb 2022 03:42:46 -0500 Received: from mxb-00190b01.gslb.pphosted.com ([23.128.96.19]:35278 "EHLO lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1348100AbiBKImp (ORCPT ); Fri, 11 Feb 2022 03:42:45 -0500 Received: from mail-pj1-x1030.google.com (mail-pj1-x1030.google.com [IPv6:2607:f8b0:4864:20::1030]) by lindbergh.monkeyblade.net (Postfix) with ESMTPS id 244E1E5A for ; Fri, 11 Feb 2022 00:42:43 -0800 (PST) Received: by mail-pj1-x1030.google.com with SMTP id om7so7463498pjb.5 for ; Fri, 11 Feb 2022 00:42:43 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=bytedance-com.20210112.gappssmtp.com; s=20210112; h=from:to:cc:subject:date:message-id:in-reply-to:references :mime-version:content-transfer-encoding; bh=CGAayov/+ln4jw241yuyUW4Ct9nFUZ87co88ghlbBxs=; b=JBTQjbSXF3YPniG9xLJNKSrGKXFx1bLPF+uqoUTCBbIf01mDmIvu56ZNTesVGlXjcZ o1yVHu32Fa5TOQjqIIKEE6qRYIn9uy9FgF+Hkm1uSdbubJtor7F12mVSIU9IDX57Scgy xmGHxw7Dm+YRWla98b2TSZJ9GDCnajM7eXlzn+Sfe1sYow7OEOTT2IyfFgm4C86AsK74 QHN+zQBUQqcfwtTQBviyN3+UNhBPe9N610Y7CeMlICwpHzcOPGZCCNs9WePO1D5pVzU+ BThx9BjjfzYmGvpEOnhBYE5PG+HoXwPkigro/bJAfj3E4ioSEgWZOw5gbblsopqgnSm7 Y/1w== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20210112; h=x-gm-message-state:from:to:cc:subject:date:message-id:in-reply-to :references:mime-version:content-transfer-encoding; bh=CGAayov/+ln4jw241yuyUW4Ct9nFUZ87co88ghlbBxs=; b=PBsZd85nQcK9UG1kwDOUDo2wEDzBpRn0+eqEjyPdsEk9+XteX3SArpSTtpOwdMrTQ5 aMu+KmgwC87GDs+Imjs6BsMQ4DJRO2TqZSihQiaSkkneELV9DXcr0B6IGbO2HIbQUyID HcUM6kjsPL6pDqvcUQ4U4UW18pCp6weuJGHpyPZhEn4vlnXtjfmyQXYe/RBlEZC1EfTz hoF7kwDvgmlb9Pu95JksLLA77FrVd3oD2p08bZFaN0GIh1GfZQOzL1UQ7PXRJ09pT9Rn ILz87ZFVLSpwaQRMFemYDCgna+AEDWF7FunE6dPBi1jrmrQOBmUCYQHIcaItYCcNDEKs EjDg== X-Gm-Message-State: AOAM531lRtfj+3gOh62xzqKvx5N7W+4EMlv+5G7EhuR5qRxmWw+OAaJ0 Weeq6J1lGRgDmsHNJObUrB3T4eUlh2QjQg== X-Google-Smtp-Source: ABdhPJytPoIyffxZ0megHXcbWD5+PkOjOTyQ9qJOzHAP2lML9ZVoHZrvfB46L3enU00p8a1n8YykHQ== X-Received: by 2002:a17:90b:3e8e:: with SMTP id rj14mr673323pjb.38.1644568962619; Fri, 11 Feb 2022 00:42:42 -0800 (PST) Received: from libai.bytedance.net ([61.120.150.72]) by smtp.gmail.com with ESMTPSA id p21sm13368481pfo.97.2022.02.11.00.42.38 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Fri, 11 Feb 2022 00:42:41 -0800 (PST) From: zhenwei pi To: arei.gonglei@huawei.com, mst@redhat.com Cc: jasowang@redhat.com, virtualization@lists.linux-foundation.org, linux-crypto@vger.kernel.org, linux-kernel@vger.kernel.org, helei.sig11@bytedance.com, herbert@gondor.apana.org.au, zhenwei pi Subject: [PATCH v2 1/3] virtio_crypto: Introduce VIRTIO_CRYPTO_NOSPC Date: Fri, 11 Feb 2022 16:41:06 +0800 Message-Id: <20220211084108.1254218-2-pizhenwei@bytedance.com> X-Mailer: git-send-email 2.25.1 In-Reply-To: <20220211084108.1254218-1-pizhenwei@bytedance.com> References: <20220211084108.1254218-1-pizhenwei@bytedance.com> MIME-Version: 1.0 Content-Transfer-Encoding: quoted-printable Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org Content-Type: text/plain; charset="utf-8" Base on the lastest virtio crypto spec, define VIRTIO_CRYPTO_NOSPC. Reviewed-by: Gonglei Signed-off-by: zhenwei pi --- include/uapi/linux/virtio_crypto.h | 1 + 1 file changed, 1 insertion(+) diff --git a/include/uapi/linux/virtio_crypto.h b/include/uapi/linux/virtio= _crypto.h index a03932f10565..1166a49084b0 100644 --- a/include/uapi/linux/virtio_crypto.h +++ b/include/uapi/linux/virtio_crypto.h @@ -408,6 +408,7 @@ struct virtio_crypto_op_data_req { #define VIRTIO_CRYPTO_BADMSG 2 #define VIRTIO_CRYPTO_NOTSUPP 3 #define VIRTIO_CRYPTO_INVSESS 4 /* Invalid session id */ +#define VIRTIO_CRYPTO_NOSPC 5 /* no free session ID */ =20 /* The accelerator hardware is ready */ #define VIRTIO_CRYPTO_S_HW_READY (1 << 0) --=20 2.20.1 From nobody Mon Jun 29 10:31:12 2026 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from vger.kernel.org (vger.kernel.org [23.128.96.18]) by smtp.lore.kernel.org (Postfix) with ESMTP id 4F5BAC433EF for ; Fri, 11 Feb 2022 08:42:58 +0000 (UTC) Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1348122AbiBKIm5 (ORCPT ); Fri, 11 Feb 2022 03:42:57 -0500 Received: from mxb-00190b01.gslb.pphosted.com ([23.128.96.19]:35482 "EHLO lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1348111AbiBKImw (ORCPT ); Fri, 11 Feb 2022 03:42:52 -0500 Received: from mail-pl1-x62a.google.com (mail-pl1-x62a.google.com [IPv6:2607:f8b0:4864:20::62a]) by lindbergh.monkeyblade.net (Postfix) with ESMTPS id 8FE22E5A for ; Fri, 11 Feb 2022 00:42:47 -0800 (PST) Received: by mail-pl1-x62a.google.com with SMTP id y18so4102246plb.11 for ; Fri, 11 Feb 2022 00:42:47 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=bytedance-com.20210112.gappssmtp.com; s=20210112; h=from:to:cc:subject:date:message-id:in-reply-to:references :mime-version:content-transfer-encoding; bh=eMGUlxbGHpNzsCgvYTaJe79XRr8ucJVHogPErD9/eyI=; b=E2QQ/Dgz17Z/fgJVMU7AuWrHdtwQfayfuxV67eptxZpxqFTW3hJkUnj8EduR6+Kaku OrMlY+a4+3LmyZLBKSWb4DBBQ4uyru2KFMOXhfK/XWWkAnleUACKAnIIr1/KCLLfohC7 s3ZbJg4SUala+oEZAF3ERFT5jI9CWPo37Ctg5skQtmnFELGXLxLB72koVV2d9wor3kLJ iwNqi6Ebss8UEQSFpyX6+RKCJb9ctrsoB14cJypRqYRCikc3WZ0S+CWP8mFY498Txboo ujA9/ZMXhHmLLkj43dqGoVBqM0KVEwjUg3ac1bzoBYM1wxYchB4/Ydcih0FIwTarxjP/ IG4Q== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20210112; h=x-gm-message-state:from:to:cc:subject:date:message-id:in-reply-to :references:mime-version:content-transfer-encoding; bh=eMGUlxbGHpNzsCgvYTaJe79XRr8ucJVHogPErD9/eyI=; b=esPtmdumBjP2S8of8Q4ONpGq5OeHnX/Gepb9VFcCK5m8dc9Kk/HHCLM6Ldmg1Qb7pN cR+XiST8cA6fjeA96rxE+no5UnKmByNYtaRDPLOpzEsm5bw7NuSVHcRV2bCM0Yhf0QWv VjxcjBgCxQtKbsILfOBZqbUiq/3El0ycz24MopOTLPaGOq30JgFdxwMPHq2WdwwuaSoj 6IAC1/E8AczeiKbEWdQWLnbkeZbbJ65//pyEOdTlW1ekALKHpBPs9/glZ/a1qgxQeIyw dW25yacvYVv5Tkh/XIIv/KCro1x7HEZ0vK519nw7HILbAYCzYhR2nCG1NNc+wJdlDUh5 u8VQ== X-Gm-Message-State: AOAM530GYubXUfnIexOjx2kGZ5ntX7RUe3mP2O43b7tvsY/RRYw5cPVW dfmTIICgZGHepjd5y8nCEHX58syQM4HBeQ== X-Google-Smtp-Source: ABdhPJwWOCsQV9+aSNngr8TL03sNjfvwY1hzpoHzJNb/AllIl7LYQJHL/HTrpmNgcXsrjRc7KFeEqQ== X-Received: by 2002:a17:902:a509:: with SMTP id s9mr543640plq.134.1644568967084; Fri, 11 Feb 2022 00:42:47 -0800 (PST) Received: from libai.bytedance.net ([61.120.150.72]) by smtp.gmail.com with ESMTPSA id p21sm13368481pfo.97.2022.02.11.00.42.43 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Fri, 11 Feb 2022 00:42:46 -0800 (PST) From: zhenwei pi To: arei.gonglei@huawei.com, mst@redhat.com Cc: jasowang@redhat.com, virtualization@lists.linux-foundation.org, linux-crypto@vger.kernel.org, linux-kernel@vger.kernel.org, helei.sig11@bytedance.com, herbert@gondor.apana.org.au, zhenwei pi Subject: [PATCH v2 2/3] virtio-crypto: introduce akcipher service Date: Fri, 11 Feb 2022 16:41:07 +0800 Message-Id: <20220211084108.1254218-3-pizhenwei@bytedance.com> X-Mailer: git-send-email 2.25.1 In-Reply-To: <20220211084108.1254218-1-pizhenwei@bytedance.com> References: <20220211084108.1254218-1-pizhenwei@bytedance.com> MIME-Version: 1.0 Content-Transfer-Encoding: quoted-printable Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org Content-Type: text/plain; charset="utf-8" Introduce asymmetric service definition, asymmetric operations and several well known algorithms. Co-developed-by: lei he Signed-off-by: lei he Signed-off-by: zhenwei pi Reviewed-by: Gonglei --- include/uapi/linux/virtio_crypto.h | 81 +++++++++++++++++++++++++++++- 1 file changed, 80 insertions(+), 1 deletion(-) diff --git a/include/uapi/linux/virtio_crypto.h b/include/uapi/linux/virtio= _crypto.h index 1166a49084b0..71a54a6849ca 100644 --- a/include/uapi/linux/virtio_crypto.h +++ b/include/uapi/linux/virtio_crypto.h @@ -37,6 +37,7 @@ #define VIRTIO_CRYPTO_SERVICE_HASH 1 #define VIRTIO_CRYPTO_SERVICE_MAC 2 #define VIRTIO_CRYPTO_SERVICE_AEAD 3 +#define VIRTIO_CRYPTO_SERVICE_AKCIPHER 4 =20 #define VIRTIO_CRYPTO_OPCODE(service, op) (((service) << 8) | (op)) =20 @@ -57,6 +58,10 @@ struct virtio_crypto_ctrl_header { VIRTIO_CRYPTO_OPCODE(VIRTIO_CRYPTO_SERVICE_AEAD, 0x02) #define VIRTIO_CRYPTO_AEAD_DESTROY_SESSION \ VIRTIO_CRYPTO_OPCODE(VIRTIO_CRYPTO_SERVICE_AEAD, 0x03) +#define VIRTIO_CRYPTO_AKCIPHER_CREATE_SESSION \ + VIRTIO_CRYPTO_OPCODE(VIRTIO_CRYPTO_SERVICE_AKCIPHER, 0x04) +#define VIRTIO_CRYPTO_AKCIPHER_DESTROY_SESSION \ + VIRTIO_CRYPTO_OPCODE(VIRTIO_CRYPTO_SERVICE_AKCIPHER, 0x05) __le32 opcode; __le32 algo; __le32 flag; @@ -180,6 +185,58 @@ struct virtio_crypto_aead_create_session_req { __u8 padding[32]; }; =20 +struct virtio_crypto_rsa_session_para { +#define VIRTIO_CRYPTO_RSA_RAW_PADDING 0 +#define VIRTIO_CRYPTO_RSA_PKCS1_PADDING 1 + __le32 padding_algo; + +#define VIRTIO_CRYPTO_RSA_NO_HASH 0 +#define VIRTIO_CRYPTO_RSA_MD2 1 +#define VIRTIO_CRYPTO_RSA_MD3 2 +#define VIRTIO_CRYPTO_RSA_MD4 3 +#define VIRTIO_CRYPTO_RSA_MD5 4 +#define VIRTIO_CRYPTO_RSA_SHA1 5 +#define VIRTIO_CRYPTO_RSA_SHA256 6 +#define VIRTIO_CRYPTO_RSA_SHA384 7 +#define VIRTIO_CRYPTO_RSA_SHA512 8 +#define VIRTIO_CRYPTO_RSA_SHA224 9 + __le32 hash_algo; +}; + +struct virtio_crypto_ecdsa_session_para { +#define VIRTIO_CRYPTO_CURVE_UNKNOWN 0 +#define VIRTIO_CRYPTO_CURVE_NIST_P192 1 +#define VIRTIO_CRYPTO_CURVE_NIST_P224 2 +#define VIRTIO_CRYPTO_CURVE_NIST_P256 3 +#define VIRTIO_CRYPTO_CURVE_NIST_P384 4 +#define VIRTIO_CRYPTO_CURVE_NIST_P521 5 + __le32 curve_id; + __le32 padding; +}; + +struct virtio_crypto_akcipher_session_para { +#define VIRTIO_CRYPTO_NO_AKCIPHER 0 +#define VIRTIO_CRYPTO_AKCIPHER_RSA 1 +#define VIRTIO_CRYPTO_AKCIPHER_DSA 2 +#define VIRTIO_CRYPTO_AKCIPHER_ECDSA 3 + __le32 algo; + +#define VIRTIO_CRYPTO_AKCIPHER_KEY_TYPE_PUBLIC 1 +#define VIRTIO_CRYPTO_AKCIPHER_KEY_TYPE_PRIVATE 2 + __le32 keytype; + __le32 keylen; + + union { + struct virtio_crypto_rsa_session_para rsa; + struct virtio_crypto_ecdsa_session_para ecdsa; + } u; +}; + +struct virtio_crypto_akcipher_create_session_req { + struct virtio_crypto_akcipher_session_para para; + __u8 padding[36]; +}; + struct virtio_crypto_alg_chain_session_para { #define VIRTIO_CRYPTO_SYM_ALG_CHAIN_ORDER_HASH_THEN_CIPHER 1 #define VIRTIO_CRYPTO_SYM_ALG_CHAIN_ORDER_CIPHER_THEN_HASH 2 @@ -247,6 +304,8 @@ struct virtio_crypto_op_ctrl_req { mac_create_session; struct virtio_crypto_aead_create_session_req aead_create_session; + struct virtio_crypto_akcipher_create_session_req + akcipher_create_session; struct virtio_crypto_destroy_session_req destroy_session; __u8 padding[56]; @@ -266,6 +325,14 @@ struct virtio_crypto_op_header { VIRTIO_CRYPTO_OPCODE(VIRTIO_CRYPTO_SERVICE_AEAD, 0x00) #define VIRTIO_CRYPTO_AEAD_DECRYPT \ VIRTIO_CRYPTO_OPCODE(VIRTIO_CRYPTO_SERVICE_AEAD, 0x01) +#define VIRTIO_CRYPTO_AKCIPHER_ENCRYPT \ + VIRTIO_CRYPTO_OPCODE(VIRTIO_CRYPTO_SERVICE_AKCIPHER, 0x00) +#define VIRTIO_CRYPTO_AKCIPHER_DECRYPT \ + VIRTIO_CRYPTO_OPCODE(VIRTIO_CRYPTO_SERVICE_AKCIPHER, 0x01) +#define VIRTIO_CRYPTO_AKCIPHER_SIGN \ + VIRTIO_CRYPTO_OPCODE(VIRTIO_CRYPTO_SERVICE_AKCIPHER, 0x02) +#define VIRTIO_CRYPTO_AKCIPHER_VERIFY \ + VIRTIO_CRYPTO_OPCODE(VIRTIO_CRYPTO_SERVICE_AKCIPHER, 0x03) __le32 opcode; /* algo should be service-specific algorithms */ __le32 algo; @@ -390,6 +457,16 @@ struct virtio_crypto_aead_data_req { __u8 padding[32]; }; =20 +struct virtio_crypto_akcipher_para { + __le32 src_data_len; + __le32 dst_data_len; +}; + +struct virtio_crypto_akcipher_data_req { + struct virtio_crypto_akcipher_para para; + __u8 padding[40]; +}; + /* The request of the data virtqueue's packet */ struct virtio_crypto_op_data_req { struct virtio_crypto_op_header header; @@ -399,6 +476,7 @@ struct virtio_crypto_op_data_req { struct virtio_crypto_hash_data_req hash_req; struct virtio_crypto_mac_data_req mac_req; struct virtio_crypto_aead_data_req aead_req; + struct virtio_crypto_akcipher_data_req akcipher_req; __u8 padding[48]; } u; }; @@ -409,6 +487,7 @@ struct virtio_crypto_op_data_req { #define VIRTIO_CRYPTO_NOTSUPP 3 #define VIRTIO_CRYPTO_INVSESS 4 /* Invalid session id */ #define VIRTIO_CRYPTO_NOSPC 5 /* no free session ID */ +#define VIRTIO_CRYPTO_KEY_REJECTED 6 /* Signature verification failed */ =20 /* The accelerator hardware is ready */ #define VIRTIO_CRYPTO_S_HW_READY (1 << 0) @@ -439,7 +518,7 @@ struct virtio_crypto_config { __le32 max_cipher_key_len; /* Maximum length of authenticated key */ __le32 max_auth_key_len; - __le32 reserve; + __le32 akcipher_algo; /* Maximum size of each crypto request's content */ __le64 max_size; }; --=20 2.20.1 From nobody Mon Jun 29 10:31:12 2026 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from vger.kernel.org (vger.kernel.org [23.128.96.18]) by smtp.lore.kernel.org (Postfix) with ESMTP id 32F3EC433EF for ; Fri, 11 Feb 2022 08:43:06 +0000 (UTC) Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1348162AbiBKInE (ORCPT ); Fri, 11 Feb 2022 03:43:04 -0500 Received: from mxb-00190b01.gslb.pphosted.com ([23.128.96.19]:35486 "EHLO lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1348113AbiBKImy (ORCPT ); Fri, 11 Feb 2022 03:42:54 -0500 Received: from mail-pl1-x635.google.com (mail-pl1-x635.google.com [IPv6:2607:f8b0:4864:20::635]) by lindbergh.monkeyblade.net (Postfix) with ESMTPS id 87AA9F5F for ; Fri, 11 Feb 2022 00:42:52 -0800 (PST) Received: by mail-pl1-x635.google.com with SMTP id p6so3922586plf.10 for ; Fri, 11 Feb 2022 00:42:52 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=bytedance-com.20210112.gappssmtp.com; s=20210112; h=from:to:cc:subject:date:message-id:in-reply-to:references :mime-version:content-transfer-encoding; bh=nlQTxs4PuSNM/Bt/Q3ArFOKaDCIQnh3Rp62IS+P5JGM=; b=N0DnPYC3e7jYw+xqAi60zK9oZV8bxMFuR+A+FTkIUWmve280LUUzTqQgWEbI4gBCw9 VwXq8JWrQhcJ6JqpA0if2QNId3i+Zbnha7kVGQtZVxvbsdwDCtbt0sh3lU7G9saPKWS8 C0eWsBLcdxvUsTw3vW2WMeX+nOSTwWOVnoNekZHo4UGx3pQ5xX2J4RKFEXHBWFOFaoCJ CoIvJ3PFbXs6NhNZ73O0Bt2pFGLFTDQuZsjOT18uVWRwYMvFa+PRCz/mNDO9PjyKkbtl RMQIErU9IIExDY2WsmpUP3FX91uB6DxrOsH5ZedAIcl3GjgU2nnihwBbaDVVBDSZ/DR6 4uMQ== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20210112; h=x-gm-message-state:from:to:cc:subject:date:message-id:in-reply-to :references:mime-version:content-transfer-encoding; bh=nlQTxs4PuSNM/Bt/Q3ArFOKaDCIQnh3Rp62IS+P5JGM=; b=V+apQdCtf+qTMmNJTwKHB8dRkq1cHVYDCn5EDsu69DdttUWjs4zLfhiPVBX4O5fp/Y w3GQboDc15o0kkh1+72UakyrL3XMVx5BJMLxucK74+BegZvW0R8+LSLsI2g1T1NbbMq7 W+0m1+ATGfcICbJvCE/+3PsisckxJdfx3DbzlS3Vy/YPBbWdypjLjrXA+WQ7hB6OJzTo 6MCurGTNuHLgdpuJPGojbIgrg2LB1z1+023OgyVwlwKM9gltRJcFJIbcASPq1G2oGOzt sPpah/P87Njc1GMCdgcuL00CpRjlVE5rJk4b03KMs4VsTwwa4XVqWeQ5Qu1S2+UXvEet yY4Q== X-Gm-Message-State: AOAM532/GPgDan5PwlvAHvMDRE+BfOczWrd6hzpmk0szMoVeouCFkike tcXcNkrOufmipy+EVruObfkBwA== X-Google-Smtp-Source: ABdhPJwIAMwor0vhWJHM6CXBd60Q+q6VLqoiWEwCGvb1+sTfhdgaE1Fm+xy6DbMGwyoME6oi7CRc8g== X-Received: by 2002:a17:90a:aa96:: with SMTP id l22mr674010pjq.188.1644568971913; Fri, 11 Feb 2022 00:42:51 -0800 (PST) Received: from libai.bytedance.net ([61.120.150.72]) by smtp.gmail.com with ESMTPSA id p21sm13368481pfo.97.2022.02.11.00.42.47 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Fri, 11 Feb 2022 00:42:51 -0800 (PST) From: zhenwei pi To: arei.gonglei@huawei.com, mst@redhat.com Cc: jasowang@redhat.com, virtualization@lists.linux-foundation.org, linux-crypto@vger.kernel.org, linux-kernel@vger.kernel.org, helei.sig11@bytedance.com, herbert@gondor.apana.org.au, zhenwei pi , kernel test robot Subject: [PATCH v2 3/3] virtio-crypto: implement RSA algorithm Date: Fri, 11 Feb 2022 16:41:08 +0800 Message-Id: <20220211084108.1254218-4-pizhenwei@bytedance.com> X-Mailer: git-send-email 2.25.1 In-Reply-To: <20220211084108.1254218-1-pizhenwei@bytedance.com> References: <20220211084108.1254218-1-pizhenwei@bytedance.com> MIME-Version: 1.0 Content-Transfer-Encoding: quoted-printable Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org Content-Type: text/plain; charset="utf-8" Support rsa & pkcs1pad(rsa,sha1) with priority 150. Test with QEMU built-in backend, it works fine. 1, The self-test framework of crypto layer works fine in guest kernel 2, Test with Linux guest(with asym support), the following script test(note that pkey_XXX is supported only in a newer version of keyutils): - both public key & private key - create/close session - encrypt/decrypt/sign/verify basic driver operation - also test with kernel crypto layer(pkey add/query) All the cases work fine. rm -rf *.der *.pem *.pfx modprobe pkcs8_key_parser # if CONFIG_PKCS8_PRIVATE_KEY_PARSER=3Dm rm -rf /tmp/data dd if=3D/dev/random of=3D/tmp/data count=3D1 bs=3D226 openssl req -nodes -x509 -newkey rsa:2048 -keyout key.pem -out cert.pem -su= bj "/C=3DCN/ST=3DBJ/L=3DHD/O=3Dqemu/OU=3Ddev/CN=3Dqemu/emailAddress=3Dqemu@= qemu.org" openssl pkcs8 -in key.pem -topk8 -nocrypt -outform DER -out key.der openssl x509 -in cert.pem -inform PEM -outform DER -out cert.der PRIV_KEY_ID=3D`cat key.der | keyctl padd asymmetric test_priv_key @s` echo "priv key id =3D "$PRIV_KEY_ID PUB_KEY_ID=3D`cat cert.der | keyctl padd asymmetric test_pub_key @s` echo "pub key id =3D "$PUB_KEY_ID keyctl pkey_query $PRIV_KEY_ID 0 keyctl pkey_query $PUB_KEY_ID 0 echo "Enc with priv key..." keyctl pkey_encrypt $PRIV_KEY_ID 0 /tmp/data enc=3Dpkcs1 >/tmp/enc.priv echo "Dec with pub key..." keyctl pkey_decrypt $PRIV_KEY_ID 0 /tmp/enc.priv enc=3Dpkcs1 >/tmp/dec cmp /tmp/data /tmp/dec echo "Sign with priv key..." keyctl pkey_sign $PRIV_KEY_ID 0 /tmp/data enc=3Dpkcs1 hash=3Dsha1 > /tmp/sig echo "Verify with pub key..." keyctl pkey_verify $PRIV_KEY_ID 0 /tmp/data /tmp/sig enc=3Dpkcs1 hash=3Dsha1 echo "Enc with pub key..." keyctl pkey_encrypt $PUB_KEY_ID 0 /tmp/data enc=3Dpkcs1 >/tmp/enc.pub echo "Dec with priv key..." keyctl pkey_decrypt $PRIV_KEY_ID 0 /tmp/enc.pub enc=3Dpkcs1 >/tmp/dec cmp /tmp/data /tmp/dec echo "Verify with pub key..." keyctl pkey_verify $PUB_KEY_ID 0 /tmp/data /tmp/sig enc=3Dpkcs1 hash=3Dsha1 [1 compiling warning during development] Reported-by: kernel test robot Co-developed-by: lei he Signed-off-by: lei he Signed-off-by: zhenwei pi --- drivers/crypto/virtio/Makefile | 1 + .../virtio/virtio_crypto_akcipher_algo.c | 584 ++++++++++++++++++ drivers/crypto/virtio/virtio_crypto_common.h | 3 + drivers/crypto/virtio/virtio_crypto_core.c | 6 +- drivers/crypto/virtio/virtio_crypto_mgr.c | 11 + 5 files changed, 604 insertions(+), 1 deletion(-) create mode 100644 drivers/crypto/virtio/virtio_crypto_akcipher_algo.c diff --git a/drivers/crypto/virtio/Makefile b/drivers/crypto/virtio/Makefile index cbfccccfa135..06b23c5e784e 100644 --- a/drivers/crypto/virtio/Makefile +++ b/drivers/crypto/virtio/Makefile @@ -2,5 +2,6 @@ obj-$(CONFIG_CRYPTO_DEV_VIRTIO) +=3D virtio_crypto.o virtio_crypto-objs :=3D \ virtio_crypto_algs.o \ + virtio_crypto_akcipher_algo.o \ virtio_crypto_mgr.o \ virtio_crypto_core.o diff --git a/drivers/crypto/virtio/virtio_crypto_akcipher_algo.c b/drivers/= crypto/virtio/virtio_crypto_akcipher_algo.c new file mode 100644 index 000000000000..2b3f8780b755 --- /dev/null +++ b/drivers/crypto/virtio/virtio_crypto_akcipher_algo.c @@ -0,0 +1,584 @@ +// SPDX-License-Identifier: GPL-2.0-or-later + /* Asymmetric algorithms supported by virtio crypto device + * + * Authors: zhenwei pi + * lei he + * + * Copyright 2022 Bytedance CO., LTD. + */ + +#include +#include +#include +#include +#include +#include +#include +#include + +#include +#include "virtio_crypto_common.h" + +struct virtio_crypto_rsa_ctx { + MPI n; +}; + +struct virtio_crypto_akcipher_ctx { + struct crypto_engine_ctx enginectx; + struct virtio_crypto *vcrypto; + struct crypto_akcipher *tfm; + bool session_valid; + __u64 session_id; + union { + struct virtio_crypto_rsa_ctx rsa_ctx; + }; +}; + +struct virtio_crypto_akcipher_request { + struct virtio_crypto_request base; + struct virtio_crypto_akcipher_ctx *akcipher_ctx; + struct akcipher_request *akcipher_req; + void *src_buf; + void *dst_buf; + uint32_t opcode; +}; + +struct virtio_crypto_akcipher_algo { + uint32_t algonum; + uint32_t service; + unsigned int active_devs; + struct akcipher_alg algo; +}; + +static DEFINE_MUTEX(algs_lock); + +static void virtio_crypto_akcipher_finalize_req( + struct virtio_crypto_akcipher_request *vc_akcipher_req, + struct akcipher_request *req, int err) +{ + virtcrypto_clear_request(&vc_akcipher_req->base); + + crypto_finalize_akcipher_request(vc_akcipher_req->base.dataq->engine, req= , err); +} + +static void virtio_crypto_dataq_akcipher_callback(struct virtio_crypto_req= uest *vc_req, int len) +{ + struct virtio_crypto_akcipher_request *vc_akcipher_req =3D + container_of(vc_req, struct virtio_crypto_akcipher_request, base); + struct akcipher_request *akcipher_req; + int error; + + switch (vc_req->status) { + case VIRTIO_CRYPTO_OK: + error =3D 0; + break; + case VIRTIO_CRYPTO_INVSESS: + case VIRTIO_CRYPTO_ERR: + error =3D -EINVAL; + break; + case VIRTIO_CRYPTO_BADMSG: + error =3D -EBADMSG; + break; + + case VIRTIO_CRYPTO_KEY_REJECTED: + error =3D -EKEYREJECTED; + break; + + default: + error =3D -EIO; + break; + } + + akcipher_req =3D vc_akcipher_req->akcipher_req; + sg_copy_from_buffer(akcipher_req->dst, sg_nents(akcipher_req->dst), + vc_akcipher_req->dst_buf, akcipher_req->dst_len); + virtio_crypto_akcipher_finalize_req(vc_akcipher_req, akcipher_req, error); +} + +static int virtio_crypto_alg_akcipher_init_session(struct virtio_crypto_ak= cipher_ctx *ctx, + struct virtio_crypto_ctrl_header *header, void *para, + const uint8_t *key, unsigned int keylen) +{ + struct scatterlist outhdr_sg, key_sg, inhdr_sg, *sgs[3]; + struct virtio_crypto *vcrypto =3D ctx->vcrypto; + uint8_t *pkey; + unsigned int inlen; + int err; + unsigned int num_out =3D 0, num_in =3D 0; + + pkey =3D kmemdup(key, keylen, GFP_ATOMIC); + if (!pkey) + return -ENOMEM; + + spin_lock(&vcrypto->ctrl_lock); + memcpy(&vcrypto->ctrl.header, header, sizeof(vcrypto->ctrl.header)); + memcpy(&vcrypto->ctrl.u, para, sizeof(vcrypto->ctrl.u)); + vcrypto->input.status =3D cpu_to_le32(VIRTIO_CRYPTO_ERR); + + sg_init_one(&outhdr_sg, &vcrypto->ctrl, sizeof(vcrypto->ctrl)); + sgs[num_out++] =3D &outhdr_sg; + + sg_init_one(&key_sg, pkey, keylen); + sgs[num_out++] =3D &key_sg; + + sg_init_one(&inhdr_sg, &vcrypto->input, sizeof(vcrypto->input)); + sgs[num_out + num_in++] =3D &inhdr_sg; + + err =3D virtqueue_add_sgs(vcrypto->ctrl_vq, sgs, num_out, num_in, vcrypto= , GFP_ATOMIC); + if (err < 0) + goto out; + + virtqueue_kick(vcrypto->ctrl_vq); + while (!virtqueue_get_buf(vcrypto->ctrl_vq, &inlen) && + !virtqueue_is_broken(vcrypto->ctrl_vq)) + cpu_relax(); + + if (le32_to_cpu(vcrypto->input.status) !=3D VIRTIO_CRYPTO_OK) { + err =3D -EINVAL; + goto out; + } + + ctx->session_id =3D le64_to_cpu(vcrypto->input.session_id); + ctx->session_valid =3D true; + err =3D 0; + +out: + spin_unlock(&vcrypto->ctrl_lock); + kfree_sensitive(pkey); + + if (err < 0) + pr_err("virtio_crypto: Create session failed status: %u\n", + le32_to_cpu(vcrypto->input.status)); + + return err; +} + +static int virtio_crypto_alg_akcipher_close_session(struct virtio_crypto_a= kcipher_ctx *ctx) +{ + struct scatterlist outhdr_sg, inhdr_sg, *sgs[2]; + struct virtio_crypto_destroy_session_req *destroy_session; + struct virtio_crypto *vcrypto =3D ctx->vcrypto; + unsigned int num_out =3D 0, num_in =3D 0, inlen; + int err; + + spin_lock(&vcrypto->ctrl_lock); + if (!ctx->session_valid) { + err =3D 0; + goto out; + } + vcrypto->ctrl_status.status =3D VIRTIO_CRYPTO_ERR; + vcrypto->ctrl.header.opcode =3D cpu_to_le32(VIRTIO_CRYPTO_AKCIPHER_DESTRO= Y_SESSION); + vcrypto->ctrl.header.queue_id =3D 0; + + destroy_session =3D &vcrypto->ctrl.u.destroy_session; + destroy_session->session_id =3D cpu_to_le64(ctx->session_id); + + sg_init_one(&outhdr_sg, &vcrypto->ctrl, sizeof(vcrypto->ctrl)); + sgs[num_out++] =3D &outhdr_sg; + + sg_init_one(&inhdr_sg, &vcrypto->ctrl_status.status, sizeof(vcrypto->ctrl= _status.status)); + sgs[num_out + num_in++] =3D &inhdr_sg; + + err =3D virtqueue_add_sgs(vcrypto->ctrl_vq, sgs, num_out, num_in, vcrypto= , GFP_ATOMIC); + if (err < 0) + goto out; + + virtqueue_kick(vcrypto->ctrl_vq); + while (!virtqueue_get_buf(vcrypto->ctrl_vq, &inlen) && + !virtqueue_is_broken(vcrypto->ctrl_vq)) + cpu_relax(); + + if (vcrypto->ctrl_status.status !=3D VIRTIO_CRYPTO_OK) { + err =3D -EINVAL; + goto out; + } + + err =3D 0; + ctx->session_valid =3D false; + +out: + spin_unlock(&vcrypto->ctrl_lock); + if (err < 0) { + pr_err("virtio_crypto: Close session failed status: %u, session_id: 0x%l= lx\n", + vcrypto->ctrl_status.status, destroy_session->session_id); + } + + return err; +} + +static int __virtio_crypto_akcipher_do_req(struct virtio_crypto_akcipher_r= equest *vc_akcipher_req, + struct akcipher_request *req, struct data_queue *data_vq) +{ + struct virtio_crypto_akcipher_ctx *ctx =3D vc_akcipher_req->akcipher_ctx; + struct virtio_crypto_request *vc_req =3D &vc_akcipher_req->base; + struct virtio_crypto *vcrypto =3D ctx->vcrypto; + struct virtio_crypto_op_data_req *req_data =3D vc_req->req_data; + struct scatterlist *sgs[4], outhdr_sg, inhdr_sg, srcdata_sg, dstdata_sg; + void *src_buf =3D NULL, *dst_buf =3D NULL; + unsigned int num_out =3D 0, num_in =3D 0; + int node =3D dev_to_node(&vcrypto->vdev->dev); + unsigned long flags; + int ret =3D -ENOMEM; + bool verify =3D vc_akcipher_req->opcode =3D=3D VIRTIO_CRYPTO_AKCIPHER_VER= IFY; + unsigned int src_len =3D verify ? req->src_len + req->dst_len : req->src_= len; + + /* out header */ + sg_init_one(&outhdr_sg, req_data, sizeof(*req_data)); + sgs[num_out++] =3D &outhdr_sg; + + /* src data */ + src_buf =3D kcalloc_node(src_len, 1, GFP_KERNEL, node); + if (!src_buf) + goto err; + + if (verify) { + /* for verify operation, both src and dst data work as OUT direction */ + sg_copy_to_buffer(req->src, sg_nents(req->src), src_buf, src_len); + sg_init_one(&srcdata_sg, src_buf, src_len); + sgs[num_out++] =3D &srcdata_sg; + } else { + sg_copy_to_buffer(req->src, sg_nents(req->src), src_buf, src_len); + sg_init_one(&srcdata_sg, src_buf, src_len); + sgs[num_out++] =3D &srcdata_sg; + + /* dst data */ + dst_buf =3D kcalloc_node(req->dst_len, 1, GFP_KERNEL, node); + if (!dst_buf) + goto err; + + sg_init_one(&dstdata_sg, dst_buf, req->dst_len); + sgs[num_out + num_in++] =3D &dstdata_sg; + } + + /* in header */ + sg_init_one(&inhdr_sg, &vc_req->status, sizeof(vc_req->status)); + sgs[num_out + num_in++] =3D &inhdr_sg; + + spin_lock_irqsave(&data_vq->lock, flags); + ret =3D virtqueue_add_sgs(data_vq->vq, sgs, num_out, num_in, vc_req, GFP_= ATOMIC); + virtqueue_kick(data_vq->vq); + spin_unlock_irqrestore(&data_vq->lock, flags); + if (ret) + goto err; + + vc_akcipher_req->src_buf =3D src_buf; + vc_akcipher_req->dst_buf =3D dst_buf; + + return 0; + +err: + kfree(src_buf); + kfree(dst_buf); + + return -ENOMEM; +} + +static int virtio_crypto_rsa_do_req(struct crypto_engine *engine, void *vr= eq) +{ + struct akcipher_request *req =3D container_of(vreq, struct akcipher_reque= st, base); + struct virtio_crypto_akcipher_request *vc_akcipher_req =3D akcipher_reque= st_ctx(req); + struct virtio_crypto_request *vc_req =3D &vc_akcipher_req->base; + struct virtio_crypto_akcipher_ctx *ctx =3D vc_akcipher_req->akcipher_ctx; + struct virtio_crypto *vcrypto =3D ctx->vcrypto; + struct data_queue *data_vq =3D vc_req->dataq; + struct virtio_crypto_op_header *header; + struct virtio_crypto_akcipher_data_req *akcipher_req; + int ret; + + vc_req->sgs =3D NULL; + vc_req->req_data =3D kzalloc_node(sizeof(*vc_req->req_data), + GFP_KERNEL, dev_to_node(&vcrypto->vdev->dev)); + if (!vc_req->req_data) + return -ENOMEM; + + /* build request header */ + header =3D &vc_req->req_data->header; + header->opcode =3D cpu_to_le32(vc_akcipher_req->opcode); + header->algo =3D cpu_to_le32(VIRTIO_CRYPTO_AKCIPHER_RSA); + header->session_id =3D cpu_to_le64(ctx->session_id); + + /* build request akcipher data */ + akcipher_req =3D &vc_req->req_data->u.akcipher_req; + akcipher_req->para.src_data_len =3D cpu_to_le32(req->src_len); + akcipher_req->para.dst_data_len =3D cpu_to_le32(req->dst_len); + + ret =3D __virtio_crypto_akcipher_do_req(vc_akcipher_req, req, data_vq); + if (ret < 0) { + kfree_sensitive(vc_req->req_data); + vc_req->req_data =3D NULL; + return ret; + } + + return 0; +} + +static int virtio_crypto_rsa_req(struct akcipher_request *req, uint32_t op= code) +{ + struct crypto_akcipher *atfm =3D crypto_akcipher_reqtfm(req); + struct virtio_crypto_akcipher_ctx *ctx =3D akcipher_tfm_ctx(atfm); + struct virtio_crypto_akcipher_request *vc_akcipher_req =3D akcipher_reque= st_ctx(req); + struct virtio_crypto_request *vc_req =3D &vc_akcipher_req->base; + struct virtio_crypto *vcrypto =3D ctx->vcrypto; + /* Use the first data virtqueue as default */ + struct data_queue *data_vq =3D &vcrypto->data_vq[0]; + + vc_req->dataq =3D data_vq; + vc_req->alg_cb =3D virtio_crypto_dataq_akcipher_callback; + vc_akcipher_req->akcipher_ctx =3D ctx; + vc_akcipher_req->akcipher_req =3D req; + vc_akcipher_req->opcode =3D opcode; + + return crypto_transfer_akcipher_request_to_engine(data_vq->engine, req); +} + +static int virtio_crypto_rsa_encrypt(struct akcipher_request *req) +{ + return virtio_crypto_rsa_req(req, VIRTIO_CRYPTO_AKCIPHER_ENCRYPT); +} + +static int virtio_crypto_rsa_decrypt(struct akcipher_request *req) +{ + return virtio_crypto_rsa_req(req, VIRTIO_CRYPTO_AKCIPHER_DECRYPT); +} + +static int virtio_crypto_rsa_sign(struct akcipher_request *req) +{ + return virtio_crypto_rsa_req(req, VIRTIO_CRYPTO_AKCIPHER_SIGN); +} + +static int virtio_crypto_rsa_verify(struct akcipher_request *req) +{ + return virtio_crypto_rsa_req(req, VIRTIO_CRYPTO_AKCIPHER_VERIFY); +} + +static int virtio_crypto_rsa_set_key(struct crypto_akcipher *tfm, + const void *key, + unsigned int keylen, + bool private, + int padding_algo, + int hash_algo) +{ + struct virtio_crypto_akcipher_ctx *ctx =3D akcipher_tfm_ctx(tfm); + struct virtio_crypto_rsa_ctx *rsa_ctx =3D &ctx->rsa_ctx; + struct virtio_crypto *vcrypto; + struct virtio_crypto_ctrl_header header; + struct virtio_crypto_akcipher_session_para para; + struct rsa_key rsa_key =3D {0}; + int node =3D virtio_crypto_get_current_node(); + uint32_t keytype; + int ret; + + /* mpi_free will test n, just free it. */ + mpi_free(rsa_ctx->n); + rsa_ctx->n =3D NULL; + + if (private) { + keytype =3D VIRTIO_CRYPTO_AKCIPHER_KEY_TYPE_PRIVATE; + ret =3D rsa_parse_priv_key(&rsa_key, key, keylen); + } else { + keytype =3D VIRTIO_CRYPTO_AKCIPHER_KEY_TYPE_PUBLIC; + ret =3D rsa_parse_pub_key(&rsa_key, key, keylen); + } + + if (ret) + return ret; + + rsa_ctx->n =3D mpi_read_raw_data(rsa_key.n, rsa_key.n_sz); + if (!rsa_ctx->n) + return -ENOMEM; + + if (!ctx->vcrypto) { + vcrypto =3D virtcrypto_get_dev_node(node, VIRTIO_CRYPTO_SERVICE_AKCIPHER, + VIRTIO_CRYPTO_AKCIPHER_RSA); + if (!vcrypto) { + pr_err("virtio_crypto: Could not find a virtio device in the system or = unsupported algo\n"); + return -ENODEV; + } + + ctx->vcrypto =3D vcrypto; + } else { + virtio_crypto_alg_akcipher_close_session(ctx); + } + + /* set ctrl header */ + header.opcode =3D cpu_to_le32(VIRTIO_CRYPTO_AKCIPHER_CREATE_SESSION); + header.algo =3D cpu_to_le32(VIRTIO_CRYPTO_AKCIPHER_RSA); + header.queue_id =3D 0; + + /* set RSA para */ + para.algo =3D cpu_to_le32(VIRTIO_CRYPTO_AKCIPHER_RSA); + para.keytype =3D cpu_to_le32(keytype); + para.keylen =3D cpu_to_le32(keylen); + para.u.rsa.padding_algo =3D cpu_to_le32(padding_algo); + para.u.rsa.hash_algo =3D cpu_to_le32(hash_algo); + + return virtio_crypto_alg_akcipher_init_session(ctx, &header, ¶, key, = keylen); +} + +static int virtio_crypto_rsa_raw_set_priv_key(struct crypto_akcipher *tfm, + const void *key, + unsigned int keylen) +{ + return virtio_crypto_rsa_set_key(tfm, key, keylen, 1, + VIRTIO_CRYPTO_RSA_RAW_PADDING, + VIRTIO_CRYPTO_RSA_NO_HASH); +} + + +static int virtio_crypto_p1pad_rsa_sha1_set_priv_key(struct crypto_akciphe= r *tfm, + const void *key, + unsigned int keylen) +{ + return virtio_crypto_rsa_set_key(tfm, key, keylen, 1, + VIRTIO_CRYPTO_RSA_PKCS1_PADDING, + VIRTIO_CRYPTO_RSA_SHA1); +} + +static int virtio_crypto_rsa_raw_set_pub_key(struct crypto_akcipher *tfm, + const void *key, + unsigned int keylen) +{ + return virtio_crypto_rsa_set_key(tfm, key, keylen, 0, + VIRTIO_CRYPTO_RSA_RAW_PADDING, + VIRTIO_CRYPTO_RSA_NO_HASH); +} + +static int virtio_crypto_p1pad_rsa_sha1_set_pub_key(struct crypto_akcipher= *tfm, + const void *key, + unsigned int keylen) +{ + return virtio_crypto_rsa_set_key(tfm, key, keylen, 0, + VIRTIO_CRYPTO_RSA_PKCS1_PADDING, + VIRTIO_CRYPTO_RSA_SHA1); +} + +static unsigned int virtio_crypto_rsa_max_size(struct crypto_akcipher *tfm) +{ + struct virtio_crypto_akcipher_ctx *ctx =3D akcipher_tfm_ctx(tfm); + struct virtio_crypto_rsa_ctx *rsa_ctx =3D &ctx->rsa_ctx; + + return mpi_get_size(rsa_ctx->n); +} + +static int virtio_crypto_rsa_init_tfm(struct crypto_akcipher *tfm) +{ + struct virtio_crypto_akcipher_ctx *ctx =3D akcipher_tfm_ctx(tfm); + + ctx->tfm =3D tfm; + ctx->enginectx.op.do_one_request =3D virtio_crypto_rsa_do_req; + ctx->enginectx.op.prepare_request =3D NULL; + ctx->enginectx.op.unprepare_request =3D NULL; + + return 0; +} + +static void virtio_crypto_rsa_exit_tfm(struct crypto_akcipher *tfm) +{ + struct virtio_crypto_akcipher_ctx *ctx =3D akcipher_tfm_ctx(tfm); + struct virtio_crypto_rsa_ctx *rsa_ctx =3D &ctx->rsa_ctx; + + virtio_crypto_alg_akcipher_close_session(ctx); + virtcrypto_dev_put(ctx->vcrypto); + mpi_free(rsa_ctx->n); + rsa_ctx->n =3D NULL; +} + +static struct virtio_crypto_akcipher_algo virtio_crypto_akcipher_algs[] = =3D { + { + .algonum =3D VIRTIO_CRYPTO_AKCIPHER_RSA, + .service =3D VIRTIO_CRYPTO_SERVICE_AKCIPHER, + .algo =3D { + .encrypt =3D virtio_crypto_rsa_encrypt, + .decrypt =3D virtio_crypto_rsa_decrypt, + .set_pub_key =3D virtio_crypto_rsa_raw_set_pub_key, + .set_priv_key =3D virtio_crypto_rsa_raw_set_priv_key, + .max_size =3D virtio_crypto_rsa_max_size, + .init =3D virtio_crypto_rsa_init_tfm, + .exit =3D virtio_crypto_rsa_exit_tfm, + .reqsize =3D sizeof(struct virtio_crypto_akcipher_request), + .base =3D { + .cra_name =3D "rsa", + .cra_driver_name =3D "virtio-crypto-rsa", + .cra_priority =3D 150, + .cra_module =3D THIS_MODULE, + .cra_ctxsize =3D sizeof(struct virtio_crypto_akcipher_ctx), + }, + }, + }, + { + .algonum =3D VIRTIO_CRYPTO_AKCIPHER_RSA, + .service =3D VIRTIO_CRYPTO_SERVICE_AKCIPHER, + .algo =3D { + .encrypt =3D virtio_crypto_rsa_encrypt, + .decrypt =3D virtio_crypto_rsa_decrypt, + .sign =3D virtio_crypto_rsa_sign, + .verify =3D virtio_crypto_rsa_verify, + .set_pub_key =3D virtio_crypto_p1pad_rsa_sha1_set_pub_key, + .set_priv_key =3D virtio_crypto_p1pad_rsa_sha1_set_priv_key, + .max_size =3D virtio_crypto_rsa_max_size, + .init =3D virtio_crypto_rsa_init_tfm, + .exit =3D virtio_crypto_rsa_exit_tfm, + .reqsize =3D sizeof(struct virtio_crypto_akcipher_request), + .base =3D { + .cra_name =3D "pkcs1pad(rsa,sha1)", + .cra_driver_name =3D "virtio-pkcs1-rsa-with-sha1", + .cra_priority =3D 150, + .cra_module =3D THIS_MODULE, + .cra_ctxsize =3D sizeof(struct virtio_crypto_akcipher_ctx), + }, + }, + }, +}; + +int virtio_crypto_akcipher_algs_register(struct virtio_crypto *vcrypto) +{ + int ret =3D 0; + int i =3D 0; + + mutex_lock(&algs_lock); + + for (i =3D 0; i < ARRAY_SIZE(virtio_crypto_akcipher_algs); i++) { + uint32_t service =3D virtio_crypto_akcipher_algs[i].service; + uint32_t algonum =3D virtio_crypto_akcipher_algs[i].algonum; + + if (!virtcrypto_algo_is_supported(vcrypto, service, algonum)) + continue; + + if (virtio_crypto_akcipher_algs[i].active_devs =3D=3D 0) { + ret =3D crypto_register_akcipher(&virtio_crypto_akcipher_algs[i].algo); + if (ret) + goto unlock; + } + + virtio_crypto_akcipher_algs[i].active_devs++; + dev_info(&vcrypto->vdev->dev, "Registered akcipher algo %s\n", + virtio_crypto_akcipher_algs[i].algo.base.cra_name); + } + +unlock: + mutex_unlock(&algs_lock); + return ret; +} + +void virtio_crypto_akcipher_algs_unregister(struct virtio_crypto *vcrypto) +{ + int i =3D 0; + + mutex_lock(&algs_lock); + + for (i =3D 0; i < ARRAY_SIZE(virtio_crypto_akcipher_algs); i++) { + uint32_t service =3D virtio_crypto_akcipher_algs[i].service; + uint32_t algonum =3D virtio_crypto_akcipher_algs[i].algonum; + + if (virtio_crypto_akcipher_algs[i].active_devs =3D=3D 0 || + !virtcrypto_algo_is_supported(vcrypto, service, algonum)) + continue; + + if (virtio_crypto_akcipher_algs[i].active_devs =3D=3D 1) + crypto_unregister_akcipher(&virtio_crypto_akcipher_algs[i].algo); + + virtio_crypto_akcipher_algs[i].active_devs--; + } + + mutex_unlock(&algs_lock); +} diff --git a/drivers/crypto/virtio/virtio_crypto_common.h b/drivers/crypto/= virtio/virtio_crypto_common.h index a24f85c589e7..214f9a6fcf84 100644 --- a/drivers/crypto/virtio/virtio_crypto_common.h +++ b/drivers/crypto/virtio/virtio_crypto_common.h @@ -56,6 +56,7 @@ struct virtio_crypto { u32 mac_algo_l; u32 mac_algo_h; u32 aead_algo; + u32 akcipher_algo; =20 /* Maximum length of cipher key */ u32 max_cipher_key_len; @@ -131,5 +132,7 @@ static inline int virtio_crypto_get_current_node(void) =20 int virtio_crypto_algs_register(struct virtio_crypto *vcrypto); void virtio_crypto_algs_unregister(struct virtio_crypto *vcrypto); +int virtio_crypto_akcipher_algs_register(struct virtio_crypto *vcrypto); +void virtio_crypto_akcipher_algs_unregister(struct virtio_crypto *vcrypto); =20 #endif /* _VIRTIO_CRYPTO_COMMON_H */ diff --git a/drivers/crypto/virtio/virtio_crypto_core.c b/drivers/crypto/vi= rtio/virtio_crypto_core.c index 8e977b7627cb..c6f482db0bc0 100644 --- a/drivers/crypto/virtio/virtio_crypto_core.c +++ b/drivers/crypto/virtio/virtio_crypto_core.c @@ -297,6 +297,7 @@ static int virtcrypto_probe(struct virtio_device *vdev) u32 mac_algo_l =3D 0; u32 mac_algo_h =3D 0; u32 aead_algo =3D 0; + u32 akcipher_algo =3D 0; u32 crypto_services =3D 0; =20 if (!virtio_has_feature(vdev, VIRTIO_F_VERSION_1)) @@ -348,6 +349,9 @@ static int virtcrypto_probe(struct virtio_device *vdev) mac_algo_h, &mac_algo_h); virtio_cread_le(vdev, struct virtio_crypto_config, aead_algo, &aead_algo); + if (crypto_services & (1 << VIRTIO_CRYPTO_SERVICE_AKCIPHER)) + virtio_cread_le(vdev, struct virtio_crypto_config, + akcipher_algo, &akcipher_algo); =20 /* Add virtio crypto device to global table */ err =3D virtcrypto_devmgr_add_dev(vcrypto); @@ -374,7 +378,7 @@ static int virtcrypto_probe(struct virtio_device *vdev) vcrypto->mac_algo_h =3D mac_algo_h; vcrypto->hash_algo =3D hash_algo; vcrypto->aead_algo =3D aead_algo; - + vcrypto->akcipher_algo =3D akcipher_algo; =20 dev_info(&vdev->dev, "max_queues: %u, max_cipher_key_len: %u, max_auth_key_len: %u, max_size = 0x%llx\n", diff --git a/drivers/crypto/virtio/virtio_crypto_mgr.c b/drivers/crypto/vir= tio/virtio_crypto_mgr.c index 6860f8180c7c..1cb92418b321 100644 --- a/drivers/crypto/virtio/virtio_crypto_mgr.c +++ b/drivers/crypto/virtio/virtio_crypto_mgr.c @@ -242,6 +242,12 @@ int virtcrypto_dev_start(struct virtio_crypto *vcrypto) return -EFAULT; } =20 + if (virtio_crypto_akcipher_algs_register(vcrypto)) { + pr_err("virtio_crypto: Failed to register crypto akcipher algs\n"); + virtio_crypto_algs_unregister(vcrypto); + return -EFAULT; + } + return 0; } =20 @@ -258,6 +264,7 @@ int virtcrypto_dev_start(struct virtio_crypto *vcrypto) void virtcrypto_dev_stop(struct virtio_crypto *vcrypto) { virtio_crypto_algs_unregister(vcrypto); + virtio_crypto_akcipher_algs_unregister(vcrypto); } =20 /* @@ -312,6 +319,10 @@ bool virtcrypto_algo_is_supported(struct virtio_crypto= *vcrypto, case VIRTIO_CRYPTO_SERVICE_AEAD: algo_mask =3D vcrypto->aead_algo; break; + + case VIRTIO_CRYPTO_SERVICE_AKCIPHER: + algo_mask =3D vcrypto->akcipher_algo; + break; } =20 if (!(algo_mask & (1u << algo))) --=20 2.20.1