crypto: introduce some common functions for af_alg backend

The AF_ALG socket family is the userspace interface for linux
crypto API, this patch adds af_alg family support and some common
functions for af_alg backend. It'll be used by afalg-backend crypto
latter.

Signed-off-by: Longpeng(Mike) <longpeng2@huawei.com>

Maintainer: modified to report an error if AF_ALG is requested
but cannot be supported

Signed-off-by: Daniel P. Berrange <berrange@redhat.com>
This commit is contained in:
Longpeng(Mike) 2017-07-14 14:04:05 -04:00 committed by Daniel P. Berrange
parent 14a5a2aef4
commit f0d92b56d8
4 changed files with 208 additions and 0 deletions

37
configure vendored
View File

@ -375,6 +375,7 @@ libnfs=""
coroutine="" coroutine=""
coroutine_pool="" coroutine_pool=""
debug_stack_usage="no" debug_stack_usage="no"
crypto_afalg="no"
seccomp="" seccomp=""
glusterfs="" glusterfs=""
glusterfs_xlator_opt="no" glusterfs_xlator_opt="no"
@ -1124,6 +1125,10 @@ for opt do
;; ;;
--enable-debug-stack-usage) debug_stack_usage="yes" --enable-debug-stack-usage) debug_stack_usage="yes"
;; ;;
--enable-crypto-afalg) crypto_afalg="yes"
;;
--disable-crypto-afalg) crypto_afalg="no"
;;
--disable-docs) docs="no" --disable-docs) docs="no"
;; ;;
--enable-docs) docs="yes" --enable-docs) docs="yes"
@ -1518,6 +1523,7 @@ disabled with --disable-FEATURE, default is enabled if available:
qom-cast-debug cast debugging support qom-cast-debug cast debugging support
tools build qemu-io, qemu-nbd and qemu-image tools tools build qemu-io, qemu-nbd and qemu-image tools
vxhs Veritas HyperScale vDisk backend support vxhs Veritas HyperScale vDisk backend support
crypto-afalg Linux AF_ALG crypto backend driver
NOTE: The object files are built at the place where configure is launched NOTE: The object files are built at the place where configure is launched
EOF EOF
@ -4834,6 +4840,32 @@ if compile_prog "" "" ; then
have_af_vsock=yes have_af_vsock=yes
fi fi
##########################################
# check for usable AF_ALG environment
hava_afalg=no
cat > $TMPC << EOF
#include <errno.h>
#include <sys/types.h>
#include <sys/socket.h>
#include <linux/if_alg.h>
int main(void) {
int sock;
sock = socket(AF_ALG, SOCK_SEQPACKET, 0);
return sock;
}
EOF
if compile_prog "" "" ; then
have_afalg=yes
fi
if test "$crypto_afalg" = "yes"
then
if test "$have_afalg" != "yes"
then
error_exit "AF_ALG requested but could not be detected"
fi
fi
################################################# #################################################
# Sparc implicitly links with --relax, which is # Sparc implicitly links with --relax, which is
# incompatible with -r, so --no-relax should be # incompatible with -r, so --no-relax should be
@ -5315,6 +5347,7 @@ echo "seccomp support $seccomp"
echo "coroutine backend $coroutine" echo "coroutine backend $coroutine"
echo "coroutine pool $coroutine_pool" echo "coroutine pool $coroutine_pool"
echo "debug stack usage $debug_stack_usage" echo "debug stack usage $debug_stack_usage"
echo "crypto afalg $crypto_afalg"
echo "GlusterFS support $glusterfs" echo "GlusterFS support $glusterfs"
echo "gcov $gcov_tool" echo "gcov $gcov_tool"
echo "gcov enabled $gcov" echo "gcov enabled $gcov"
@ -5826,6 +5859,10 @@ if test "$debug_stack_usage" = "yes" ; then
echo "CONFIG_DEBUG_STACK_USAGE=y" >> $config_host_mak echo "CONFIG_DEBUG_STACK_USAGE=y" >> $config_host_mak
fi fi
if test "$crypto_afalg" = "yes" ; then
echo "CONFIG_AF_ALG=y" >> $config_host_mak
fi
if test "$open_by_handle_at" = "yes" ; then if test "$open_by_handle_at" = "yes" ; then
echo "CONFIG_OPEN_BY_HANDLE=y" >> $config_host_mak echo "CONFIG_OPEN_BY_HANDLE=y" >> $config_host_mak
fi fi

View File

@ -10,6 +10,7 @@ crypto-obj-$(if $(CONFIG_NETTLE),n,$(if $(CONFIG_GCRYPT_HMAC),n,y)) += hmac-glib
crypto-obj-y += aes.o crypto-obj-y += aes.o
crypto-obj-y += desrfb.o crypto-obj-y += desrfb.o
crypto-obj-y += cipher.o crypto-obj-y += cipher.o
crypto-obj-$(CONFIG_AF_ALG) += afalg.o
crypto-obj-y += tlscreds.o crypto-obj-y += tlscreds.o
crypto-obj-y += tlscredsanon.o crypto-obj-y += tlscredsanon.o
crypto-obj-y += tlscredsx509.o crypto-obj-y += tlscredsx509.o

116
crypto/afalg.c Normal file
View File

@ -0,0 +1,116 @@
/*
* QEMU Crypto af_alg support
*
* Copyright (c) 2017 HUAWEI TECHNOLOGIES CO., LTD.
*
* Authors:
* Longpeng(Mike) <longpeng2@huawei.com>
*
* This work is licensed under the terms of the GNU GPL, version 2 or
* (at your option) any later version. See the COPYING file in the
* top-level directory.
*/
#include "qemu/osdep.h"
#include "qemu/cutils.h"
#include "qemu/sockets.h"
#include "qapi/error.h"
#include "afalgpriv.h"
static bool
qcrypto_afalg_build_saddr(const char *type, const char *name,
struct sockaddr_alg *salg, Error **errp)
{
salg->salg_family = AF_ALG;
if (strnlen(type, SALG_TYPE_LEN_MAX) >= SALG_TYPE_LEN_MAX) {
error_setg(errp, "Afalg type(%s) is larger than %d bytes",
type, SALG_TYPE_LEN_MAX);
return false;
}
if (strnlen(name, SALG_NAME_LEN_MAX) >= SALG_NAME_LEN_MAX) {
error_setg(errp, "Afalg name(%s) is larger than %d bytes",
name, SALG_NAME_LEN_MAX);
return false;
}
pstrcpy((char *)salg->salg_type, SALG_TYPE_LEN_MAX, type);
pstrcpy((char *)salg->salg_name, SALG_NAME_LEN_MAX, name);
return true;
}
static int
qcrypto_afalg_socket_bind(const char *type, const char *name,
Error **errp)
{
int sbind;
struct sockaddr_alg salg = {0};
if (!qcrypto_afalg_build_saddr(type, name, &salg, errp)) {
return -1;
}
sbind = qemu_socket(AF_ALG, SOCK_SEQPACKET, 0);
if (sbind < 0) {
error_setg_errno(errp, errno, "Failed to create socket");
return -1;
}
if (bind(sbind, (const struct sockaddr *)&salg, sizeof(salg)) != 0) {
error_setg_errno(errp, errno, "Failed to bind socket");
closesocket(sbind);
return -1;
}
return sbind;
}
QCryptoAFAlg *
qcrypto_afalg_comm_alloc(const char *type, const char *name,
Error **errp)
{
QCryptoAFAlg *afalg;
afalg = g_new0(QCryptoAFAlg, 1);
/* initilize crypto API socket */
afalg->opfd = -1;
afalg->tfmfd = qcrypto_afalg_socket_bind(type, name, errp);
if (afalg->tfmfd == -1) {
goto error;
}
afalg->opfd = qemu_accept(afalg->tfmfd, NULL, 0);
if (afalg->opfd == -1) {
error_setg_errno(errp, errno, "Failed to accept socket");
goto error;
}
return afalg;
error:
qcrypto_afalg_comm_free(afalg);
return NULL;
}
void qcrypto_afalg_comm_free(QCryptoAFAlg *afalg)
{
if (!afalg) {
return;
}
if (afalg->msg) {
g_free(afalg->msg->msg_control);
g_free(afalg->msg);
}
if (afalg->tfmfd != -1) {
closesocket(afalg->tfmfd);
}
if (afalg->opfd != -1) {
closesocket(afalg->opfd);
}
g_free(afalg);
}

54
crypto/afalgpriv.h Normal file
View File

@ -0,0 +1,54 @@
/*
* QEMU Crypto af_alg support
*
* Copyright (c) 2017 HUAWEI TECHNOLOGIES CO., LTD.
*
* Authors:
* Longpeng(Mike) <longpeng2@huawei.com>
*
* This work is licensed under the terms of the GNU GPL, version 2 or
* (at your option) any later version. See the COPYING file in the
* top-level directory.
*/
#ifndef QCRYPTO_AFALGPRIV_H
#define QCRYPTO_AFALGPRIV_H
#include <linux/if_alg.h>
#define SALG_TYPE_LEN_MAX 14
#define SALG_NAME_LEN_MAX 64
typedef struct QCryptoAFAlg QCryptoAFAlg;
struct QCryptoAFAlg {
int tfmfd;
int opfd;
struct msghdr *msg;
struct cmsghdr *cmsg;
};
/**
* qcrypto_afalg_comm_alloc:
* @type: the type of crypto operation
* @name: the name of crypto operation
*
* Allocate a QCryptoAFAlg object and bind itself to
* a AF_ALG socket.
*
* Returns:
* a new QCryptoAFAlg object, or NULL in error.
*/
QCryptoAFAlg *
qcrypto_afalg_comm_alloc(const char *type, const char *name,
Error **errp);
/**
* afalg_comm_free:
* @afalg: the QCryptoAFAlg object
*
* Free the @afalg.
*/
void qcrypto_afalg_comm_free(QCryptoAFAlg *afalg);
#endif