From patchwork Mon Apr 11 10:43:22 2022 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: zhenwei pi X-Patchwork-Id: 12808986 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from lists.gnu.org (lists.gnu.org [209.51.188.17]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by smtp.lore.kernel.org (Postfix) with ESMTPS id 75EB6C433EF for ; Mon, 11 Apr 2022 10:50:43 +0000 (UTC) Received: from localhost ([::1]:53092 helo=lists1p.gnu.org) by lists.gnu.org with esmtp (Exim 4.90_1) (envelope-from ) id 1ndrd4-0001Po-Hz for qemu-devel@archiver.kernel.org; Mon, 11 Apr 2022 06:50:42 -0400 Received: from eggs.gnu.org ([2001:470:142:3::10]:33274) by lists.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.90_1) (envelope-from ) id 1ndrZv-0006wF-M8 for qemu-devel@nongnu.org; Mon, 11 Apr 2022 06:47:27 -0400 Received: from mail-pj1-x102a.google.com ([2607:f8b0:4864:20::102a]:52074) by eggs.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_128_GCM_SHA256:128) (Exim 4.90_1) (envelope-from ) id 1ndrZp-0002Wo-3S for qemu-devel@nongnu.org; Mon, 11 Apr 2022 06:47:24 -0400 Received: by mail-pj1-x102a.google.com with SMTP id bg24so2467241pjb.1 for ; Mon, 11 Apr 2022 03:47:20 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=bytedance-com.20210112.gappssmtp.com; s=20210112; h=from:to:cc:subject:date:message-id:in-reply-to:references :mime-version:content-transfer-encoding; bh=KWVLLL75305PEMMlh9Ha+LztksnTi4oO/fMo8+IqEcs=; b=630NriGzjnYeE+2JXYRMJDWEq0rN1V9lXQbjZbzBV55NqmeBbce0Qm16Aj4X2trlti 1W2Og8EPpOx4PBggROFVsUM2Tm4ENAAwdy7hZvqfnn4edVR7xP3AfpfNBFd4ECdVarM0 twMYsUMq/AbJw1AMgWxmGlYLeCXIm5iDoIOZ8QzV2uGRKmT5cA8xOxKYao5DvTRaRsER 8X1zu/ixvJ3Id7Z5YZwrYRksqA98eZwNUM5lGdEgjyE/JX8NK8sos1HReDR/1J/m3Nw1 WMGZlngWi7brRQatsM4oamzsYG8j0qlWiVBqMb1MsU79pyd0L3OnMTFO7/oOAJ8Z41pU WcXQ== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20210112; h=x-gm-message-state:from:to:cc:subject:date:message-id:in-reply-to :references:mime-version:content-transfer-encoding; bh=KWVLLL75305PEMMlh9Ha+LztksnTi4oO/fMo8+IqEcs=; b=iFeQYNMkyGLK1V2D6XhlT4WnTe9cXQReaXL9uwUWQGWu90DgqLhVzpZBc2EmBB+pmh QOZXeEnKvKFsgReAvzRXOjN3QwArGgRQceRNyKg04EQJlinI3/UXRmkDOJK8SRmQVOrr U14lKK5WGTJ2CbZupcgQ2MxM7y/gdnsZkhgh8dXzYg3f1MZR5TRw0SB7QAOevBPBOVsM c+ESmgCqalJXke/mZsL1gjCbwdenBCaYpwFZvNINSC6uwsu0Wa0WozsscPqpZzx6u4aU Atg2nrH/Bggtk3r5ggMHuJV09t9qHtwipbyiXSfJmlB4Adb8zeGJQmInwkg9MunLSiig 85vA== X-Gm-Message-State: AOAM53299YEuZ0Srarl+MCksgVe7xbOle7Fnsy/V5dJNaAjLOQhYgczf tUjb5fywycGzYktaAWzJp1VlpPi36blfpQ== X-Google-Smtp-Source: ABdhPJwOtfpy8uM52zjJo+wVxs1FiSNLctloDYSl8Cufy+I0UYJkARvUFuchKS8WDsVpp2Ntr6s1AA== X-Received: by 2002:a17:90b:164b:b0:1cb:61c8:afeb with SMTP id il11-20020a17090b164b00b001cb61c8afebmr12321298pjb.91.1649674039306; Mon, 11 Apr 2022 03:47:19 -0700 (PDT) Received: from always-x1.bytedance.net ([61.120.150.76]) by smtp.gmail.com with ESMTPSA id d8-20020a636808000000b00398e9c7049bsm27541649pgc.31.2022.04.11.03.47.15 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Mon, 11 Apr 2022 03:47:18 -0700 (PDT) From: zhenwei pi To: mst@redhat.com, berrange@redhat.com, arei.gonglei@huawei.com Subject: [PATCH v4 3/8] crypto: Introduce akcipher crypto class Date: Mon, 11 Apr 2022 18:43:22 +0800 Message-Id: <20220411104327.197048-4-pizhenwei@bytedance.com> X-Mailer: git-send-email 2.25.1 In-Reply-To: <20220411104327.197048-1-pizhenwei@bytedance.com> References: <20220411104327.197048-1-pizhenwei@bytedance.com> MIME-Version: 1.0 Received-SPF: pass client-ip=2607:f8b0:4864:20::102a; envelope-from=pizhenwei@bytedance.com; helo=mail-pj1-x102a.google.com X-Spam_score_int: -18 X-Spam_score: -1.9 X-Spam_bar: - X-Spam_report: (-1.9 / 5.0 requ) BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, RCVD_IN_DNSWL_NONE=-0.0001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001, T_SCC_BODY_TEXT_LINE=-0.01 autolearn=ham autolearn_force=no X-Spam_action: no action X-BeenThere: qemu-devel@nongnu.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Cc: helei.sig11@bytedance.com, jasowang@redhat.com, cohuck@redhat.com, qemu-devel@nongnu.org, zhenwei pi , virtualization@lists.linux-foundation.org, linux-crypto@vger.kernel.org Errors-To: qemu-devel-bounces+qemu-devel=archiver.kernel.org@nongnu.org Sender: "Qemu-devel" Support basic asymmetric operations: encrypt, decrypt, sign and verify. Co-developed-by: lei he Signed-off-by: lei he Signed-off-by: zhenwei pi --- crypto/akcipher.c | 102 +++++++++++++++++++++++++ crypto/akcipherpriv.h | 43 +++++++++++ crypto/meson.build | 1 + include/crypto/akcipher.h | 151 ++++++++++++++++++++++++++++++++++++++ 4 files changed, 297 insertions(+) create mode 100644 crypto/akcipher.c create mode 100644 crypto/akcipherpriv.h create mode 100644 include/crypto/akcipher.h diff --git a/crypto/akcipher.c b/crypto/akcipher.c new file mode 100644 index 0000000000..7323a48073 --- /dev/null +++ b/crypto/akcipher.c @@ -0,0 +1,102 @@ +/* + * QEMU Crypto akcipher algorithms + * + * Copyright (c) 2022 Bytedance + * Author: zhenwei pi + * + * This library is free software; you can redistribute it and/or + * modify it under the terms of the GNU Lesser General Public + * License as published by the Free Software Foundation; either + * version 2.1 of the License, or (at your option) any later version. + * + * This library is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU + * Lesser General Public License for more details. + * + * You should have received a copy of the GNU Lesser General Public + * License along with this library; if not, see . + * + */ + +#include "qemu/osdep.h" +#include "crypto/akcipher.h" +#include "akcipherpriv.h" + +QCryptoAkCipher *qcrypto_akcipher_new(const QCryptoAkCipherOptions *opts, + QCryptoAkCipherKeyType type, + const uint8_t *key, size_t keylen, + Error **errp) +{ + QCryptoAkCipher *akcipher = NULL; + + return akcipher; +} + +bool qcrypto_akcipher_supports(QCryptoAkCipherOptions *opts) +{ + return false; +} + +int qcrypto_akcipher_encrypt(QCryptoAkCipher *akcipher, + const void *in, size_t in_len, + void *out, size_t out_len, Error **errp) +{ + const QCryptoAkCipherDriver *drv = akcipher->driver; + + return drv->encrypt(akcipher, in, in_len, out, out_len, errp); +} + +int qcrypto_akcipher_decrypt(QCryptoAkCipher *akcipher, + const void *in, size_t in_len, + void *out, size_t out_len, Error **errp) +{ + const QCryptoAkCipherDriver *drv = akcipher->driver; + + return drv->decrypt(akcipher, in, in_len, out, out_len, errp); +} + +int qcrypto_akcipher_sign(QCryptoAkCipher *akcipher, + const void *in, size_t in_len, + void *out, size_t out_len, Error **errp) +{ + const QCryptoAkCipherDriver *drv = akcipher->driver; + + return drv->sign(akcipher, in, in_len, out, out_len, errp); +} + +int qcrypto_akcipher_verify(QCryptoAkCipher *akcipher, + const void *in, size_t in_len, + const void *in2, size_t in2_len, Error **errp) +{ + const QCryptoAkCipherDriver *drv = akcipher->driver; + + return drv->verify(akcipher, in, in_len, in2, in2_len, errp); +} + +int qcrypto_akcipher_max_plaintext_len(QCryptoAkCipher *akcipher) +{ + return akcipher->max_plaintext_len; +} + +int qcrypto_akcipher_max_ciphertext_len(QCryptoAkCipher *akcipher) +{ + return akcipher->max_ciphertext_len; +} + +int qcrypto_akcipher_max_signature_len(QCryptoAkCipher *akcipher) +{ + return akcipher->max_signature_len; +} + +int qcrypto_akcipher_max_dgst_len(QCryptoAkCipher *akcipher) +{ + return akcipher->max_dgst_len; +} + +int qcrypto_akcipher_free(QCryptoAkCipher *akcipher, Error **errp) +{ + const QCryptoAkCipherDriver *drv = akcipher->driver; + + return drv->free(akcipher, errp); +} diff --git a/crypto/akcipherpriv.h b/crypto/akcipherpriv.h new file mode 100644 index 0000000000..da9e54a796 --- /dev/null +++ b/crypto/akcipherpriv.h @@ -0,0 +1,43 @@ +/* + * QEMU Crypto asymmetric algorithms + * + * Copyright (c) 2022 Bytedance + * Author: zhenwei pi + * + * This library is free software; you can redistribute it and/or + * modify it under the terms of the GNU Lesser General Public + * License as published by the Free Software Foundation; either + * version 2.1 of the License, or (at your option) any later version. + * + * This library is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU + * Lesser General Public License for more details. + * + * You should have received a copy of the GNU Lesser General Public + * License along with this library; if not, see . + * + */ + +#ifndef QCRYPTO_AKCIPHERPRIV_H +#define QCRYPTO_AKCIPHERPRIV_H + +#include "qapi/qapi-types-crypto.h" + +struct QCryptoAkCipherDriver { + int (*encrypt)(QCryptoAkCipher *akcipher, + const void *in, size_t in_len, + void *out, size_t out_len, Error **errp); + int (*decrypt)(QCryptoAkCipher *akcipher, + const void *out, size_t out_len, + void *in, size_t in_len, Error **errp); + int (*sign)(QCryptoAkCipher *akcipher, + const void *in, size_t in_len, + void *out, size_t out_len, Error **errp); + int (*verify)(QCryptoAkCipher *akcipher, + const void *in, size_t in_len, + const void *in2, size_t in2_len, Error **errp); + int (*free)(QCryptoAkCipher *akcipher, Error **errp); +}; + +#endif /* QCRYPTO_AKCIPHER_H */ diff --git a/crypto/meson.build b/crypto/meson.build index 19c44bea89..7647d5e243 100644 --- a/crypto/meson.build +++ b/crypto/meson.build @@ -1,6 +1,7 @@ crypto_ss.add(genh) crypto_ss.add(files( 'afsplit.c', + 'akcipher.c', 'block-luks.c', 'block-qcow.c', 'block.c', diff --git a/include/crypto/akcipher.h b/include/crypto/akcipher.h new file mode 100644 index 0000000000..c1970b3b3b --- /dev/null +++ b/include/crypto/akcipher.h @@ -0,0 +1,151 @@ +/* + * QEMU Crypto asymmetric algorithms + * + * Copyright (c) 2022 Bytedance + * Author: zhenwei pi + * + * This library is free software; you can redistribute it and/or + * modify it under the terms of the GNU Lesser General Public + * License as published by the Free Software Foundation; either + * version 2.1 of the License, or (at your option) any later version. + * + * This library is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU + * Lesser General Public License for more details. + * + * You should have received a copy of the GNU Lesser General Public + * License along with this library; if not, see . + * + */ + +#ifndef QCRYPTO_AKCIPHER_H +#define QCRYPTO_AKCIPHER_H + +#include "qapi/qapi-types-crypto.h" + +typedef struct QCryptoAkCipher QCryptoAkCipher; +typedef struct QCryptoAkCipherDriver QCryptoAkCipherDriver; + +struct QCryptoAkCipher { + QCryptoAkCipherAlgorithm alg; + QCryptoAkCipherKeyType type; + int max_plaintext_len; + int max_ciphertext_len; + int max_signature_len; + int max_dgst_len; + QCryptoAkCipherDriver *driver; +}; + +/** + * qcrypto_akcipher_supports: + * @opts: the asymmetric key algorithm and related options + * + * Determine if asymmetric key cipher decribed with @opts is + * supported by the current configured build + * + * Returns: true if it is supported, false otherwise. + */ +bool qcrypto_akcipher_supports(QCryptoAkCipherOptions *opts); + +/** + * qcrypto_akcipher_new: + * @opts: specify the algorithm and the related arguments + * @type: private or public key type + * @key: buffer to store the key + * @key_len: the length of key buffer + * @errp: error pointer + * + * Create akcipher context + * + * Returns: On success, a new QCryptoAkCipher initialized with @opt + * is created and returned, otherwise NULL is returned. + */ + +QCryptoAkCipher *qcrypto_akcipher_new(const QCryptoAkCipherOptions *opts, + QCryptoAkCipherKeyType type, + const uint8_t *key, size_t key_len, + Error **errp); + +/** + * qcrypto_akcipher_encrypt: + * @akcipher: akcipher context + * @in: plaintext pending to be encrypted + * @in_len: length of the plaintext, MUST less or equal to max_plaintext_len + * @out: buffer to store the ciphertext + * @out_len: the length of ciphertext buffer, usually equals to + * max_ciphertext_len + * @errp: error pointer + * + * Encrypt data and write ciphertext into out + * + * Returns: length of ciphertext if encrypt succeed, otherwise -1 is returned + */ +int qcrypto_akcipher_encrypt(QCryptoAkCipher *akcipher, + const void *in, size_t in_len, + void *out, size_t out_len, Error **errp); + +/** + * qcrypto_akcipher_decrypt: + * @akcipher: akcipher context + * @in: ciphertext to be decrypted + * @in_len: the length of ciphertext + * @out: buffer to store the plaintext + * @out_len: length of the plaintext buffer, usually less or equals to + * max_plaintext_len + * @errp: error pointer + * + * Decrypt ciphertext and write plaintext into out + * + * Returns: length of plaintext if decrypt succeed, otherwise -1 is returned + */ +int qcrypto_akcipher_decrypt(QCryptoAkCipher *akcipher, + const void *in, size_t in_len, + void *out, size_t out_len, Error **errp); + +/** + * qcrypto_akcipher_sign: + * @akcipher: akcipher context + * @in: data to be signed + * @in_len: the length of data + * @out: buffer to store the signature + * @out_len: length of the signature buffer, usually equals to max_signature_len + * @errp: error pointer + * + * Generate signature for data using akcipher + * + * Returns: length of signature if succeed, otherwise -1 is returned + */ +int qcrypto_akcipher_sign(QCryptoAkCipher *akcipher, + const void *in, size_t in_len, + void *out, size_t out_len, Error **errp); + +/** + * qcrypto_akcipher_verify: + * @akcipher: akcipher used to do verifycation + * @in: pointer to the signature + * @in_len: length of the signature + * @in2: pointer to original data + * @in2_len: the length of original data + * @errp: error pointer + * + * Verify the signature and the data match or not + * + * Returns: 0 for succeed, otherwise -1 is returned + */ +int qcrypto_akcipher_verify(QCryptoAkCipher *akcipher, + const void *in, size_t in_len, + const void *in2, size_t in2_len, Error **errp); + +int qcrypto_akcipher_max_plaintext_len(QCryptoAkCipher *akcipher); + +int qcrypto_akcipher_max_ciphertext_len(QCryptoAkCipher *akcipher); + +int qcrypto_akcipher_max_signature_len(QCryptoAkCipher *akcipher); + +int qcrypto_akcipher_max_dgst_len(QCryptoAkCipher *akcipher); + +int qcrypto_akcipher_free(QCryptoAkCipher *akcipher, Error **errp); + + +#endif /* QCRYPTO_AKCIPHER_H */