diff mbox series

cryptodev-vhost-user: add asymmetric crypto support

Message ID 20230514065519.2335265-1-gmuthukrishn@marvell.com (mailing list archive)
State Superseded
Headers show
Series cryptodev-vhost-user: add asymmetric crypto support | expand

Commit Message

Gowrishankar Muthukrishnan May 14, 2023, 6:55 a.m. UTC
Add asymmetric crypto support in vhost_user backend.

Signed-off-by: Gowrishankar Muthukrishnan <gmuthukrishn@marvell.com>
---
 backends/cryptodev-vhost-user.c |  9 +++---
 hw/virtio/vhost-user.c          | 52 ++++++++++++++++++++++++---------
 2 files changed, 43 insertions(+), 18 deletions(-)

Comments

zhenwei pi May 16, 2023, 1:30 a.m. UTC | #1
On 5/14/23 14:55, Gowrishankar Muthukrishnan wrote:
> Add asymmetric crypto support in vhost_user backend.
> 
> Signed-off-by: Gowrishankar Muthukrishnan <gmuthukrishn@marvell.com>
> ---
>   backends/cryptodev-vhost-user.c |  9 +++---
>   hw/virtio/vhost-user.c          | 52 ++++++++++++++++++++++++---------
>   2 files changed, 43 insertions(+), 18 deletions(-)
> 
> diff --git a/backends/cryptodev-vhost-user.c b/backends/cryptodev-vhost-user.c
> index b1d9eb735f..c3283ba84a 100644
> --- a/backends/cryptodev-vhost-user.c
> +++ b/backends/cryptodev-vhost-user.c
> @@ -232,9 +232,9 @@ static void cryptodev_vhost_user_init(
>       backend->conf.max_auth_key_len = VHOST_USER_MAX_AUTH_KEY_LEN;
>   }
>   
> -static int64_t cryptodev_vhost_user_sym_create_session(
> +static int64_t cryptodev_vhost_user_crypto_create_session(
>              CryptoDevBackend *backend,
> -           CryptoDevBackendSymSessionInfo *sess_info,
> +           CryptoDevBackendSessionInfo *sess_info,
>              uint32_t queue_index, Error **errp)
>   {
>       CryptoDevBackendClient *cc =
> @@ -266,18 +266,17 @@ static int cryptodev_vhost_user_create_session(
>              void *opaque)
>   {
>       uint32_t op_code = sess_info->op_code;
> -    CryptoDevBackendSymSessionInfo *sym_sess_info;
>       int64_t ret;
>       Error *local_error = NULL;
>       int status;
>   
>       switch (op_code) {
>       case VIRTIO_CRYPTO_CIPHER_CREATE_SESSION:
> +    case VIRTIO_CRYPTO_AKCIPHER_CREATE_SESSION:
>       case VIRTIO_CRYPTO_HASH_CREATE_SESSION:
>       case VIRTIO_CRYPTO_MAC_CREATE_SESSION:
>       case VIRTIO_CRYPTO_AEAD_CREATE_SESSION:
> -        sym_sess_info = &sess_info->u.sym_sess_info;
> -        ret = cryptodev_vhost_user_sym_create_session(backend, sym_sess_info,
> +        ret = cryptodev_vhost_user_crypto_create_session(backend, sess_info,
>                      queue_index, &local_error);
>           break;
>   
> diff --git a/hw/virtio/vhost-user.c b/hw/virtio/vhost-user.c
> index e5285df4ba..c3f5ecd112 100644
> --- a/hw/virtio/vhost-user.c
> +++ b/hw/virtio/vhost-user.c
> @@ -11,6 +11,7 @@
>   #include "qemu/osdep.h"
>   #include "qapi/error.h"
>   #include "hw/virtio/vhost.h"
> +#include "hw/virtio/virtio-crypto.h"
>   #include "hw/virtio/vhost-user.h"
>   #include "hw/virtio/vhost-backend.h"
>   #include "hw/virtio/virtio.h"
> @@ -173,13 +174,24 @@ typedef struct VhostUserConfig {
>   
>   #define VHOST_CRYPTO_SYM_HMAC_MAX_KEY_LEN    512
>   #define VHOST_CRYPTO_SYM_CIPHER_MAX_KEY_LEN  64
> +#define VHOST_CRYPTO_ASYM_MAX_KEY_LEN  1024
>   
>   typedef struct VhostUserCryptoSession {
> +    uint64_t op_code;
> +    union {
> +        struct {
> +            CryptoDevBackendSymSessionInfo session_setup_data;
> +            uint8_t key[VHOST_CRYPTO_SYM_CIPHER_MAX_KEY_LEN];
> +            uint8_t auth_key[VHOST_CRYPTO_SYM_HMAC_MAX_KEY_LEN];
> +        } sym;
> +        struct {
> +            CryptoDevBackendAsymSessionInfo session_setup_data;
> +            uint8_t key[VHOST_CRYPTO_ASYM_MAX_KEY_LEN];
> +        } asym;
> +    } u;
> +
>       /* session id for success, -1 on errors */
>       int64_t session_id;
> -    CryptoDevBackendSymSessionInfo session_setup_data;
> -    uint8_t key[VHOST_CRYPTO_SYM_CIPHER_MAX_KEY_LEN];
> -    uint8_t auth_key[VHOST_CRYPTO_SYM_HMAC_MAX_KEY_LEN];
>   } VhostUserCryptoSession;
>   
>   static VhostUserConfig c __attribute__ ((unused));
> @@ -2366,7 +2378,7 @@ static int vhost_user_crypto_create_session(struct vhost_dev *dev,
>       int ret;
>       bool crypto_session = virtio_has_feature(dev->protocol_features,
>                                          VHOST_USER_PROTOCOL_F_CRYPTO_SESSION);
> -    CryptoDevBackendSymSessionInfo *sess_info = session_info;
> +    CryptoDevBackendSessionInfo *backend_info = session_info;
>       VhostUserMsg msg = {
>           .hdr.request = VHOST_USER_CREATE_CRYPTO_SESSION,
>           .hdr.flags = VHOST_USER_VERSION,
> @@ -2380,16 +2392,30 @@ static int vhost_user_crypto_create_session(struct vhost_dev *dev,
>           return -ENOTSUP;
>       }
>   
> -    memcpy(&msg.payload.session.session_setup_data, sess_info,
> -              sizeof(CryptoDevBackendSymSessionInfo));
> -    if (sess_info->key_len) {
> -        memcpy(&msg.payload.session.key, sess_info->cipher_key,
> -               sess_info->key_len);
> -    }
> -    if (sess_info->auth_key_len > 0) {
> -        memcpy(&msg.payload.session.auth_key, sess_info->auth_key,
> -               sess_info->auth_key_len);
> +    if (backend_info->op_code == VIRTIO_CRYPTO_AKCIPHER_CREATE_SESSION) {
> +        CryptoDevBackendAsymSessionInfo *sess_info = &backend_info->u.asym_sess_info;
> +        memcpy(&msg.payload.session.u.asym.session_setup_data, sess_info,
> +               sizeof(CryptoDevBackendAsymSessionInfo));
> +        if (sess_info->keylen) {
> +            memcpy(&msg.payload.session.u.asym.key, sess_info->key,
> +                   sess_info->keylen);
> +        }

Hi,

Could you please test the length of msg.payload.session.u.asym.key and 
sess_info->keylen to avoid buffer overflow? and so does the following codes.

> +    } else {
> +        CryptoDevBackendSymSessionInfo *sess_info = &backend_info->u.sym_sess_info;
> +        memcpy(&msg.payload.session.u.sym.session_setup_data, sess_info,
> +               sizeof(CryptoDevBackendSymSessionInfo));
> +        if (sess_info->key_len) {
> +            memcpy(&msg.payload.session.u.sym.key, sess_info->cipher_key,
> +                   sess_info->key_len);
> +        }
> +        if (sess_info->auth_key_len > 0) {
> +            memcpy(&msg.payload.session.u.sym.auth_key, sess_info->auth_key,
> +                   sess_info->auth_key_len);
> +        }
>       }
> +
> +    msg.payload.session.op_code = backend_info->op_code;
> +    msg.payload.session.session_id = backend_info->session_id;
>       ret = vhost_user_write(dev, &msg, NULL, 0);
>       if (ret < 0) {
>           error_report("vhost_user_write() return %d, create session failed",
diff mbox series

Patch

diff --git a/backends/cryptodev-vhost-user.c b/backends/cryptodev-vhost-user.c
index b1d9eb735f..c3283ba84a 100644
--- a/backends/cryptodev-vhost-user.c
+++ b/backends/cryptodev-vhost-user.c
@@ -232,9 +232,9 @@  static void cryptodev_vhost_user_init(
     backend->conf.max_auth_key_len = VHOST_USER_MAX_AUTH_KEY_LEN;
 }
 
-static int64_t cryptodev_vhost_user_sym_create_session(
+static int64_t cryptodev_vhost_user_crypto_create_session(
            CryptoDevBackend *backend,
-           CryptoDevBackendSymSessionInfo *sess_info,
+           CryptoDevBackendSessionInfo *sess_info,
            uint32_t queue_index, Error **errp)
 {
     CryptoDevBackendClient *cc =
@@ -266,18 +266,17 @@  static int cryptodev_vhost_user_create_session(
            void *opaque)
 {
     uint32_t op_code = sess_info->op_code;
-    CryptoDevBackendSymSessionInfo *sym_sess_info;
     int64_t ret;
     Error *local_error = NULL;
     int status;
 
     switch (op_code) {
     case VIRTIO_CRYPTO_CIPHER_CREATE_SESSION:
+    case VIRTIO_CRYPTO_AKCIPHER_CREATE_SESSION:
     case VIRTIO_CRYPTO_HASH_CREATE_SESSION:
     case VIRTIO_CRYPTO_MAC_CREATE_SESSION:
     case VIRTIO_CRYPTO_AEAD_CREATE_SESSION:
-        sym_sess_info = &sess_info->u.sym_sess_info;
-        ret = cryptodev_vhost_user_sym_create_session(backend, sym_sess_info,
+        ret = cryptodev_vhost_user_crypto_create_session(backend, sess_info,
                    queue_index, &local_error);
         break;
 
diff --git a/hw/virtio/vhost-user.c b/hw/virtio/vhost-user.c
index e5285df4ba..c3f5ecd112 100644
--- a/hw/virtio/vhost-user.c
+++ b/hw/virtio/vhost-user.c
@@ -11,6 +11,7 @@ 
 #include "qemu/osdep.h"
 #include "qapi/error.h"
 #include "hw/virtio/vhost.h"
+#include "hw/virtio/virtio-crypto.h"
 #include "hw/virtio/vhost-user.h"
 #include "hw/virtio/vhost-backend.h"
 #include "hw/virtio/virtio.h"
@@ -173,13 +174,24 @@  typedef struct VhostUserConfig {
 
 #define VHOST_CRYPTO_SYM_HMAC_MAX_KEY_LEN    512
 #define VHOST_CRYPTO_SYM_CIPHER_MAX_KEY_LEN  64
+#define VHOST_CRYPTO_ASYM_MAX_KEY_LEN  1024
 
 typedef struct VhostUserCryptoSession {
+    uint64_t op_code;
+    union {
+        struct {
+            CryptoDevBackendSymSessionInfo session_setup_data;
+            uint8_t key[VHOST_CRYPTO_SYM_CIPHER_MAX_KEY_LEN];
+            uint8_t auth_key[VHOST_CRYPTO_SYM_HMAC_MAX_KEY_LEN];
+        } sym;
+        struct {
+            CryptoDevBackendAsymSessionInfo session_setup_data;
+            uint8_t key[VHOST_CRYPTO_ASYM_MAX_KEY_LEN];
+        } asym;
+    } u;
+
     /* session id for success, -1 on errors */
     int64_t session_id;
-    CryptoDevBackendSymSessionInfo session_setup_data;
-    uint8_t key[VHOST_CRYPTO_SYM_CIPHER_MAX_KEY_LEN];
-    uint8_t auth_key[VHOST_CRYPTO_SYM_HMAC_MAX_KEY_LEN];
 } VhostUserCryptoSession;
 
 static VhostUserConfig c __attribute__ ((unused));
@@ -2366,7 +2378,7 @@  static int vhost_user_crypto_create_session(struct vhost_dev *dev,
     int ret;
     bool crypto_session = virtio_has_feature(dev->protocol_features,
                                        VHOST_USER_PROTOCOL_F_CRYPTO_SESSION);
-    CryptoDevBackendSymSessionInfo *sess_info = session_info;
+    CryptoDevBackendSessionInfo *backend_info = session_info;
     VhostUserMsg msg = {
         .hdr.request = VHOST_USER_CREATE_CRYPTO_SESSION,
         .hdr.flags = VHOST_USER_VERSION,
@@ -2380,16 +2392,30 @@  static int vhost_user_crypto_create_session(struct vhost_dev *dev,
         return -ENOTSUP;
     }
 
-    memcpy(&msg.payload.session.session_setup_data, sess_info,
-              sizeof(CryptoDevBackendSymSessionInfo));
-    if (sess_info->key_len) {
-        memcpy(&msg.payload.session.key, sess_info->cipher_key,
-               sess_info->key_len);
-    }
-    if (sess_info->auth_key_len > 0) {
-        memcpy(&msg.payload.session.auth_key, sess_info->auth_key,
-               sess_info->auth_key_len);
+    if (backend_info->op_code == VIRTIO_CRYPTO_AKCIPHER_CREATE_SESSION) {
+        CryptoDevBackendAsymSessionInfo *sess_info = &backend_info->u.asym_sess_info;
+        memcpy(&msg.payload.session.u.asym.session_setup_data, sess_info,
+               sizeof(CryptoDevBackendAsymSessionInfo));
+        if (sess_info->keylen) {
+            memcpy(&msg.payload.session.u.asym.key, sess_info->key,
+                   sess_info->keylen);
+        }
+    } else {
+        CryptoDevBackendSymSessionInfo *sess_info = &backend_info->u.sym_sess_info;
+        memcpy(&msg.payload.session.u.sym.session_setup_data, sess_info,
+               sizeof(CryptoDevBackendSymSessionInfo));
+        if (sess_info->key_len) {
+            memcpy(&msg.payload.session.u.sym.key, sess_info->cipher_key,
+                   sess_info->key_len);
+        }
+        if (sess_info->auth_key_len > 0) {
+            memcpy(&msg.payload.session.u.sym.auth_key, sess_info->auth_key,
+                   sess_info->auth_key_len);
+        }
     }
+
+    msg.payload.session.op_code = backend_info->op_code;
+    msg.payload.session.session_id = backend_info->session_id;
     ret = vhost_user_write(dev, &msg, NULL, 0);
     if (ret < 0) {
         error_report("vhost_user_write() return %d, create session failed",