cryptodev-vhost-user: add asymmetric crypto support

Add asymmetric crypto support in vhost_user backend.

Signed-off-by: Gowrishankar Muthukrishnan <gmuthukrishn@marvell.com>
Message-Id: <20230516083139.2349744-1-gmuthukrishn@marvell.com>
Reviewed-by: Michael S. Tsirkin <mst@redhat.com>
Signed-off-by: Michael S. Tsirkin <mst@redhat.com>
This commit is contained in:
Gowrishankar Muthukrishnan 2023-05-16 14:01:39 +05:30 committed by Michael S. Tsirkin
parent bafe030832
commit 5c33f9783a
2 changed files with 66 additions and 18 deletions

View File

@ -232,9 +232,9 @@ static void cryptodev_vhost_user_init(
backend->conf.max_auth_key_len = VHOST_USER_MAX_AUTH_KEY_LEN; backend->conf.max_auth_key_len = VHOST_USER_MAX_AUTH_KEY_LEN;
} }
static int64_t cryptodev_vhost_user_sym_create_session( static int64_t cryptodev_vhost_user_crypto_create_session(
CryptoDevBackend *backend, CryptoDevBackend *backend,
CryptoDevBackendSymSessionInfo *sess_info, CryptoDevBackendSessionInfo *sess_info,
uint32_t queue_index, Error **errp) uint32_t queue_index, Error **errp)
{ {
CryptoDevBackendClient *cc = CryptoDevBackendClient *cc =
@ -266,18 +266,17 @@ static int cryptodev_vhost_user_create_session(
void *opaque) void *opaque)
{ {
uint32_t op_code = sess_info->op_code; uint32_t op_code = sess_info->op_code;
CryptoDevBackendSymSessionInfo *sym_sess_info;
int64_t ret; int64_t ret;
Error *local_error = NULL; Error *local_error = NULL;
int status; int status;
switch (op_code) { switch (op_code) {
case VIRTIO_CRYPTO_CIPHER_CREATE_SESSION: case VIRTIO_CRYPTO_CIPHER_CREATE_SESSION:
case VIRTIO_CRYPTO_AKCIPHER_CREATE_SESSION:
case VIRTIO_CRYPTO_HASH_CREATE_SESSION: case VIRTIO_CRYPTO_HASH_CREATE_SESSION:
case VIRTIO_CRYPTO_MAC_CREATE_SESSION: case VIRTIO_CRYPTO_MAC_CREATE_SESSION:
case VIRTIO_CRYPTO_AEAD_CREATE_SESSION: case VIRTIO_CRYPTO_AEAD_CREATE_SESSION:
sym_sess_info = &sess_info->u.sym_sess_info; ret = cryptodev_vhost_user_crypto_create_session(backend, sess_info,
ret = cryptodev_vhost_user_sym_create_session(backend, sym_sess_info,
queue_index, &local_error); queue_index, &local_error);
break; break;

View File

@ -11,6 +11,7 @@
#include "qemu/osdep.h" #include "qemu/osdep.h"
#include "qapi/error.h" #include "qapi/error.h"
#include "hw/virtio/vhost.h" #include "hw/virtio/vhost.h"
#include "hw/virtio/virtio-crypto.h"
#include "hw/virtio/vhost-user.h" #include "hw/virtio/vhost-user.h"
#include "hw/virtio/vhost-backend.h" #include "hw/virtio/vhost-backend.h"
#include "hw/virtio/virtio.h" #include "hw/virtio/virtio.h"
@ -163,13 +164,24 @@ typedef struct VhostUserConfig {
#define VHOST_CRYPTO_SYM_HMAC_MAX_KEY_LEN 512 #define VHOST_CRYPTO_SYM_HMAC_MAX_KEY_LEN 512
#define VHOST_CRYPTO_SYM_CIPHER_MAX_KEY_LEN 64 #define VHOST_CRYPTO_SYM_CIPHER_MAX_KEY_LEN 64
#define VHOST_CRYPTO_ASYM_MAX_KEY_LEN 1024
typedef struct VhostUserCryptoSession { typedef struct VhostUserCryptoSession {
/* session id for success, -1 on errors */ uint64_t op_code;
int64_t session_id; union {
struct {
CryptoDevBackendSymSessionInfo session_setup_data; CryptoDevBackendSymSessionInfo session_setup_data;
uint8_t key[VHOST_CRYPTO_SYM_CIPHER_MAX_KEY_LEN]; uint8_t key[VHOST_CRYPTO_SYM_CIPHER_MAX_KEY_LEN];
uint8_t auth_key[VHOST_CRYPTO_SYM_HMAC_MAX_KEY_LEN]; uint8_t auth_key[VHOST_CRYPTO_SYM_HMAC_MAX_KEY_LEN];
} sym;
struct {
CryptoDevBackendAsymSessionInfo session_setup_data;
uint8_t key[VHOST_CRYPTO_ASYM_MAX_KEY_LEN];
} asym;
} u;
/* session id for success, -1 on errors */
int64_t session_id;
} VhostUserCryptoSession; } VhostUserCryptoSession;
static VhostUserConfig c __attribute__ ((unused)); static VhostUserConfig c __attribute__ ((unused));
@ -2357,7 +2369,7 @@ static int vhost_user_crypto_create_session(struct vhost_dev *dev,
int ret; int ret;
bool crypto_session = virtio_has_feature(dev->protocol_features, bool crypto_session = virtio_has_feature(dev->protocol_features,
VHOST_USER_PROTOCOL_F_CRYPTO_SESSION); VHOST_USER_PROTOCOL_F_CRYPTO_SESSION);
CryptoDevBackendSymSessionInfo *sess_info = session_info; CryptoDevBackendSessionInfo *backend_info = session_info;
VhostUserMsg msg = { VhostUserMsg msg = {
.hdr.request = VHOST_USER_CREATE_CRYPTO_SESSION, .hdr.request = VHOST_USER_CREATE_CRYPTO_SESSION,
.hdr.flags = VHOST_USER_VERSION, .hdr.flags = VHOST_USER_VERSION,
@ -2371,16 +2383,53 @@ static int vhost_user_crypto_create_session(struct vhost_dev *dev,
return -ENOTSUP; return -ENOTSUP;
} }
memcpy(&msg.payload.session.session_setup_data, sess_info, if (backend_info->op_code == VIRTIO_CRYPTO_AKCIPHER_CREATE_SESSION) {
CryptoDevBackendAsymSessionInfo *sess = &backend_info->u.asym_sess_info;
size_t keylen;
memcpy(&msg.payload.session.u.asym.session_setup_data, sess,
sizeof(CryptoDevBackendAsymSessionInfo));
if (sess->keylen) {
keylen = sizeof(msg.payload.session.u.asym.key);
if (sess->keylen > keylen) {
error_report("Unsupported asymmetric key size");
return -ENOTSUP;
}
memcpy(&msg.payload.session.u.asym.key, sess->key,
sess->keylen);
}
} else {
CryptoDevBackendSymSessionInfo *sess = &backend_info->u.sym_sess_info;
size_t keylen;
memcpy(&msg.payload.session.u.sym.session_setup_data, sess,
sizeof(CryptoDevBackendSymSessionInfo)); sizeof(CryptoDevBackendSymSessionInfo));
if (sess_info->key_len) { if (sess->key_len) {
memcpy(&msg.payload.session.key, sess_info->cipher_key, keylen = sizeof(msg.payload.session.u.sym.key);
sess_info->key_len); if (sess->key_len > keylen) {
error_report("Unsupported cipher key size");
return -ENOTSUP;
} }
if (sess_info->auth_key_len > 0) {
memcpy(&msg.payload.session.auth_key, sess_info->auth_key, memcpy(&msg.payload.session.u.sym.key, sess->cipher_key,
sess_info->auth_key_len); sess->key_len);
} }
if (sess->auth_key_len > 0) {
keylen = sizeof(msg.payload.session.u.sym.auth_key);
if (sess->auth_key_len > keylen) {
error_report("Unsupported auth key size");
return -ENOTSUP;
}
memcpy(&msg.payload.session.u.sym.auth_key, sess->auth_key,
sess->auth_key_len);
}
}
msg.payload.session.op_code = backend_info->op_code;
msg.payload.session.session_id = backend_info->session_id;
ret = vhost_user_write(dev, &msg, NULL, 0); ret = vhost_user_write(dev, &msg, NULL, 0);
if (ret < 0) { if (ret < 0) {
error_report("vhost_user_write() return %d, create session failed", error_report("vhost_user_write() return %d, create session failed",