| Message ID | 20230514065519.2335265-1-gmuthukrishn@marvell.com (mailing list archive) |
|---|---|
| State | Superseded |
| Headers | show |
| Series | cryptodev-vhost-user: add asymmetric crypto support | expand |
On 5/14/23 14:55, Gowrishankar Muthukrishnan wrote: > Add asymmetric crypto support in vhost_user backend. > > Signed-off-by: Gowrishankar Muthukrishnan <gmuthukrishn@marvell.com> > --- > backends/cryptodev-vhost-user.c | 9 +++--- > hw/virtio/vhost-user.c | 52 ++++++++++++++++++++++++--------- > 2 files changed, 43 insertions(+), 18 deletions(-) > > diff --git a/backends/cryptodev-vhost-user.c b/backends/cryptodev-vhost-user.c > index b1d9eb735f..c3283ba84a 100644 > --- a/backends/cryptodev-vhost-user.c > +++ b/backends/cryptodev-vhost-user.c > @@ -232,9 +232,9 @@ static void cryptodev_vhost_user_init( > backend->conf.max_auth_key_len = VHOST_USER_MAX_AUTH_KEY_LEN; > } > > -static int64_t cryptodev_vhost_user_sym_create_session( > +static int64_t cryptodev_vhost_user_crypto_create_session( > CryptoDevBackend *backend, > - CryptoDevBackendSymSessionInfo *sess_info, > + CryptoDevBackendSessionInfo *sess_info, > uint32_t queue_index, Error **errp) > { > CryptoDevBackendClient *cc = > @@ -266,18 +266,17 @@ static int cryptodev_vhost_user_create_session( > void *opaque) > { > uint32_t op_code = sess_info->op_code; > - CryptoDevBackendSymSessionInfo *sym_sess_info; > int64_t ret; > Error *local_error = NULL; > int status; > > switch (op_code) { > case VIRTIO_CRYPTO_CIPHER_CREATE_SESSION: > + case VIRTIO_CRYPTO_AKCIPHER_CREATE_SESSION: > case VIRTIO_CRYPTO_HASH_CREATE_SESSION: > case VIRTIO_CRYPTO_MAC_CREATE_SESSION: > case VIRTIO_CRYPTO_AEAD_CREATE_SESSION: > - sym_sess_info = &sess_info->u.sym_sess_info; > - ret = cryptodev_vhost_user_sym_create_session(backend, sym_sess_info, > + ret = cryptodev_vhost_user_crypto_create_session(backend, sess_info, > queue_index, &local_error); > break; > > diff --git a/hw/virtio/vhost-user.c b/hw/virtio/vhost-user.c > index e5285df4ba..c3f5ecd112 100644 > --- a/hw/virtio/vhost-user.c > +++ b/hw/virtio/vhost-user.c > @@ -11,6 +11,7 @@ > #include "qemu/osdep.h" > #include "qapi/error.h" > #include "hw/virtio/vhost.h" > +#include "hw/virtio/virtio-crypto.h" > #include "hw/virtio/vhost-user.h" > #include "hw/virtio/vhost-backend.h" > #include "hw/virtio/virtio.h" > @@ -173,13 +174,24 @@ typedef struct VhostUserConfig { > > #define VHOST_CRYPTO_SYM_HMAC_MAX_KEY_LEN 512 > #define VHOST_CRYPTO_SYM_CIPHER_MAX_KEY_LEN 64 > +#define VHOST_CRYPTO_ASYM_MAX_KEY_LEN 1024 > > typedef struct VhostUserCryptoSession { > + uint64_t op_code; > + union { > + struct { > + CryptoDevBackendSymSessionInfo session_setup_data; > + uint8_t key[VHOST_CRYPTO_SYM_CIPHER_MAX_KEY_LEN]; > + uint8_t auth_key[VHOST_CRYPTO_SYM_HMAC_MAX_KEY_LEN]; > + } sym; > + struct { > + CryptoDevBackendAsymSessionInfo session_setup_data; > + uint8_t key[VHOST_CRYPTO_ASYM_MAX_KEY_LEN]; > + } asym; > + } u; > + > /* session id for success, -1 on errors */ > int64_t session_id; > - CryptoDevBackendSymSessionInfo session_setup_data; > - uint8_t key[VHOST_CRYPTO_SYM_CIPHER_MAX_KEY_LEN]; > - uint8_t auth_key[VHOST_CRYPTO_SYM_HMAC_MAX_KEY_LEN]; > } VhostUserCryptoSession; > > static VhostUserConfig c __attribute__ ((unused)); > @@ -2366,7 +2378,7 @@ static int vhost_user_crypto_create_session(struct vhost_dev *dev, > int ret; > bool crypto_session = virtio_has_feature(dev->protocol_features, > VHOST_USER_PROTOCOL_F_CRYPTO_SESSION); > - CryptoDevBackendSymSessionInfo *sess_info = session_info; > + CryptoDevBackendSessionInfo *backend_info = session_info; > VhostUserMsg msg = { > .hdr.request = VHOST_USER_CREATE_CRYPTO_SESSION, > .hdr.flags = VHOST_USER_VERSION, > @@ -2380,16 +2392,30 @@ static int vhost_user_crypto_create_session(struct vhost_dev *dev, > return -ENOTSUP; > } > > - memcpy(&msg.payload.session.session_setup_data, sess_info, > - sizeof(CryptoDevBackendSymSessionInfo)); > - if (sess_info->key_len) { > - memcpy(&msg.payload.session.key, sess_info->cipher_key, > - sess_info->key_len); > - } > - if (sess_info->auth_key_len > 0) { > - memcpy(&msg.payload.session.auth_key, sess_info->auth_key, > - sess_info->auth_key_len); > + if (backend_info->op_code == VIRTIO_CRYPTO_AKCIPHER_CREATE_SESSION) { > + CryptoDevBackendAsymSessionInfo *sess_info = &backend_info->u.asym_sess_info; > + memcpy(&msg.payload.session.u.asym.session_setup_data, sess_info, > + sizeof(CryptoDevBackendAsymSessionInfo)); > + if (sess_info->keylen) { > + memcpy(&msg.payload.session.u.asym.key, sess_info->key, > + sess_info->keylen); > + } Hi, Could you please test the length of msg.payload.session.u.asym.key and sess_info->keylen to avoid buffer overflow? and so does the following codes. > + } else { > + CryptoDevBackendSymSessionInfo *sess_info = &backend_info->u.sym_sess_info; > + memcpy(&msg.payload.session.u.sym.session_setup_data, sess_info, > + sizeof(CryptoDevBackendSymSessionInfo)); > + if (sess_info->key_len) { > + memcpy(&msg.payload.session.u.sym.key, sess_info->cipher_key, > + sess_info->key_len); > + } > + if (sess_info->auth_key_len > 0) { > + memcpy(&msg.payload.session.u.sym.auth_key, sess_info->auth_key, > + sess_info->auth_key_len); > + } > } > + > + msg.payload.session.op_code = backend_info->op_code; > + msg.payload.session.session_id = backend_info->session_id; > ret = vhost_user_write(dev, &msg, NULL, 0); > if (ret < 0) { > error_report("vhost_user_write() return %d, create session failed",
diff --git a/backends/cryptodev-vhost-user.c b/backends/cryptodev-vhost-user.c index b1d9eb735f..c3283ba84a 100644 --- a/backends/cryptodev-vhost-user.c +++ b/backends/cryptodev-vhost-user.c @@ -232,9 +232,9 @@ static void cryptodev_vhost_user_init( backend->conf.max_auth_key_len = VHOST_USER_MAX_AUTH_KEY_LEN; } -static int64_t cryptodev_vhost_user_sym_create_session( +static int64_t cryptodev_vhost_user_crypto_create_session( CryptoDevBackend *backend, - CryptoDevBackendSymSessionInfo *sess_info, + CryptoDevBackendSessionInfo *sess_info, uint32_t queue_index, Error **errp) { CryptoDevBackendClient *cc = @@ -266,18 +266,17 @@ static int cryptodev_vhost_user_create_session( void *opaque) { uint32_t op_code = sess_info->op_code; - CryptoDevBackendSymSessionInfo *sym_sess_info; int64_t ret; Error *local_error = NULL; int status; switch (op_code) { case VIRTIO_CRYPTO_CIPHER_CREATE_SESSION: + case VIRTIO_CRYPTO_AKCIPHER_CREATE_SESSION: case VIRTIO_CRYPTO_HASH_CREATE_SESSION: case VIRTIO_CRYPTO_MAC_CREATE_SESSION: case VIRTIO_CRYPTO_AEAD_CREATE_SESSION: - sym_sess_info = &sess_info->u.sym_sess_info; - ret = cryptodev_vhost_user_sym_create_session(backend, sym_sess_info, + ret = cryptodev_vhost_user_crypto_create_session(backend, sess_info, queue_index, &local_error); break; diff --git a/hw/virtio/vhost-user.c b/hw/virtio/vhost-user.c index e5285df4ba..c3f5ecd112 100644 --- a/hw/virtio/vhost-user.c +++ b/hw/virtio/vhost-user.c @@ -11,6 +11,7 @@ #include "qemu/osdep.h" #include "qapi/error.h" #include "hw/virtio/vhost.h" +#include "hw/virtio/virtio-crypto.h" #include "hw/virtio/vhost-user.h" #include "hw/virtio/vhost-backend.h" #include "hw/virtio/virtio.h" @@ -173,13 +174,24 @@ typedef struct VhostUserConfig { #define VHOST_CRYPTO_SYM_HMAC_MAX_KEY_LEN 512 #define VHOST_CRYPTO_SYM_CIPHER_MAX_KEY_LEN 64 +#define VHOST_CRYPTO_ASYM_MAX_KEY_LEN 1024 typedef struct VhostUserCryptoSession { + uint64_t op_code; + union { + struct { + CryptoDevBackendSymSessionInfo session_setup_data; + uint8_t key[VHOST_CRYPTO_SYM_CIPHER_MAX_KEY_LEN]; + uint8_t auth_key[VHOST_CRYPTO_SYM_HMAC_MAX_KEY_LEN]; + } sym; + struct { + CryptoDevBackendAsymSessionInfo session_setup_data; + uint8_t key[VHOST_CRYPTO_ASYM_MAX_KEY_LEN]; + } asym; + } u; + /* session id for success, -1 on errors */ int64_t session_id; - CryptoDevBackendSymSessionInfo session_setup_data; - uint8_t key[VHOST_CRYPTO_SYM_CIPHER_MAX_KEY_LEN]; - uint8_t auth_key[VHOST_CRYPTO_SYM_HMAC_MAX_KEY_LEN]; } VhostUserCryptoSession; static VhostUserConfig c __attribute__ ((unused)); @@ -2366,7 +2378,7 @@ static int vhost_user_crypto_create_session(struct vhost_dev *dev, int ret; bool crypto_session = virtio_has_feature(dev->protocol_features, VHOST_USER_PROTOCOL_F_CRYPTO_SESSION); - CryptoDevBackendSymSessionInfo *sess_info = session_info; + CryptoDevBackendSessionInfo *backend_info = session_info; VhostUserMsg msg = { .hdr.request = VHOST_USER_CREATE_CRYPTO_SESSION, .hdr.flags = VHOST_USER_VERSION, @@ -2380,16 +2392,30 @@ static int vhost_user_crypto_create_session(struct vhost_dev *dev, return -ENOTSUP; } - memcpy(&msg.payload.session.session_setup_data, sess_info, - sizeof(CryptoDevBackendSymSessionInfo)); - if (sess_info->key_len) { - memcpy(&msg.payload.session.key, sess_info->cipher_key, - sess_info->key_len); - } - if (sess_info->auth_key_len > 0) { - memcpy(&msg.payload.session.auth_key, sess_info->auth_key, - sess_info->auth_key_len); + if (backend_info->op_code == VIRTIO_CRYPTO_AKCIPHER_CREATE_SESSION) { + CryptoDevBackendAsymSessionInfo *sess_info = &backend_info->u.asym_sess_info; + memcpy(&msg.payload.session.u.asym.session_setup_data, sess_info, + sizeof(CryptoDevBackendAsymSessionInfo)); + if (sess_info->keylen) { + memcpy(&msg.payload.session.u.asym.key, sess_info->key, + sess_info->keylen); + } + } else { + CryptoDevBackendSymSessionInfo *sess_info = &backend_info->u.sym_sess_info; + memcpy(&msg.payload.session.u.sym.session_setup_data, sess_info, + sizeof(CryptoDevBackendSymSessionInfo)); + if (sess_info->key_len) { + memcpy(&msg.payload.session.u.sym.key, sess_info->cipher_key, + sess_info->key_len); + } + if (sess_info->auth_key_len > 0) { + memcpy(&msg.payload.session.u.sym.auth_key, sess_info->auth_key, + sess_info->auth_key_len); + } } + + msg.payload.session.op_code = backend_info->op_code; + msg.payload.session.session_id = backend_info->session_id; ret = vhost_user_write(dev, &msg, NULL, 0); if (ret < 0) { error_report("vhost_user_write() return %d, create session failed",
Add asymmetric crypto support in vhost_user backend. Signed-off-by: Gowrishankar Muthukrishnan <gmuthukrishn@marvell.com> --- backends/cryptodev-vhost-user.c | 9 +++--- hw/virtio/vhost-user.c | 52 ++++++++++++++++++++++++--------- 2 files changed, 43 insertions(+), 18 deletions(-)