From patchwork Tue Jun 12 19:48:34 2018 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Farhan Ali X-Patchwork-Id: 10461007 Return-Path: Received: from mail.wl.linuxfoundation.org (pdx-wl-mail.web.codeaurora.org [172.30.200.125]) by pdx-korg-patchwork.web.codeaurora.org (Postfix) with ESMTP id 975876020F for ; Tue, 12 Jun 2018 19:49:55 +0000 (UTC) Received: from mail.wl.linuxfoundation.org (localhost [127.0.0.1]) by mail.wl.linuxfoundation.org (Postfix) with ESMTP id 77C4928A4C for ; Tue, 12 Jun 2018 19:49:55 +0000 (UTC) Received: by mail.wl.linuxfoundation.org (Postfix, from userid 486) id 6A14028A74; Tue, 12 Jun 2018 19:49:55 +0000 (UTC) X-Spam-Checker-Version: SpamAssassin 3.3.1 (2010-03-16) on pdx-wl-mail.web.codeaurora.org X-Spam-Level: X-Spam-Status: No, score=-7.9 required=2.0 tests=BAYES_00, MAILING_LIST_MULTI, RCVD_IN_DNSWL_HI autolearn=ham version=3.3.1 Received: from lists.gnu.org (lists.gnu.org [208.118.235.17]) (using TLSv1 with cipher AES256-SHA (256/256 bits)) (No client certificate requested) by mail.wl.linuxfoundation.org (Postfix) with ESMTPS id D1D9F28A4C for ; Tue, 12 Jun 2018 19:49:54 +0000 (UTC) Received: from localhost ([::1]:58191 helo=lists.gnu.org) by lists.gnu.org with esmtp (Exim 4.71) (envelope-from ) id 1fSpIg-00012z-5W for patchwork-qemu-devel@patchwork.kernel.org; Tue, 12 Jun 2018 15:49:54 -0400 Received: from eggs.gnu.org ([2001:4830:134:3::10]:43162) by lists.gnu.org with esmtp (Exim 4.71) (envelope-from ) id 1fSpHa-0000gO-A7 for qemu-devel@nongnu.org; Tue, 12 Jun 2018 15:48:47 -0400 Received: from Debian-exim by eggs.gnu.org with spam-scanned (Exim 4.71) (envelope-from ) id 1fSpHV-0004c0-DF for qemu-devel@nongnu.org; Tue, 12 Jun 2018 15:48:46 -0400 Received: from mx0b-001b2d01.pphosted.com ([148.163.158.5]:43272 helo=mx0a-001b2d01.pphosted.com) by eggs.gnu.org with esmtps (TLS1.0:RSA_AES_256_CBC_SHA1:32) (Exim 4.71) (envelope-from ) id 1fSpHV-0004bb-64 for qemu-devel@nongnu.org; Tue, 12 Jun 2018 15:48:41 -0400 Received: from pps.filterd (m0098417.ppops.net [127.0.0.1]) by mx0a-001b2d01.pphosted.com (8.16.0.22/8.16.0.22) with SMTP id w5CJhdGx083958 for ; Tue, 12 Jun 2018 15:48:40 -0400 Received: from e16.ny.us.ibm.com (e16.ny.us.ibm.com [129.33.205.206]) by mx0a-001b2d01.pphosted.com with ESMTP id 2jjh8as71v-1 (version=TLSv1.2 cipher=AES256-GCM-SHA384 bits=256 verify=NOT) for ; Tue, 12 Jun 2018 15:48:40 -0400 Received: from localhost by e16.ny.us.ibm.com with IBM ESMTP SMTP Gateway: Authorized Use Only! Violators will be prosecuted for from ; Tue, 12 Jun 2018 15:48:39 -0400 Received: from b01cxnp22034.gho.pok.ibm.com (9.57.198.24) by e16.ny.us.ibm.com (146.89.104.203) with IBM ESMTP SMTP Gateway: Authorized Use Only! Violators will be prosecuted; (version=TLSv1/SSLv3 cipher=AES256-GCM-SHA384 bits=256/256) Tue, 12 Jun 2018 15:48:37 -0400 Received: from b01ledav006.gho.pok.ibm.com (b01ledav006.gho.pok.ibm.com [9.57.199.111]) by b01cxnp22034.gho.pok.ibm.com (8.14.9/8.14.9/NCO v10.0) with ESMTP id w5CJmZcj3998112 (version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-GCM-SHA384 bits=256 verify=FAIL); Tue, 12 Jun 2018 19:48:35 GMT Received: from b01ledav006.gho.pok.ibm.com (unknown [127.0.0.1]) by IMSVA (Postfix) with ESMTP id C1EBAAC05B; Tue, 12 Jun 2018 15:49:57 -0400 (EDT) Received: from b01ledav006.gho.pok.ibm.com (unknown [127.0.0.1]) by IMSVA (Postfix) with ESMTP id AB8B8AC059; Tue, 12 Jun 2018 15:49:57 -0400 (EDT) Received: from alifm-ThinkPad-T470p.ibm.com (unknown [9.85.144.158]) by b01ledav006.gho.pok.ibm.com (Postfix) with ESMTPS; Tue, 12 Jun 2018 15:49:57 -0400 (EDT) From: Farhan Ali To: qemu-devel@nongnu.org Date: Tue, 12 Jun 2018 15:48:34 -0400 X-Mailer: git-send-email 2.7.4 In-Reply-To: References: X-TM-AS-GCONF: 00 x-cbid: 18061219-0072-0000-0000-0000036DA823 X-IBM-SpamModules-Scores: X-IBM-SpamModules-Versions: BY=3.00009177; HX=3.00000241; KW=3.00000007; PH=3.00000004; SC=3.00000265; SDB=6.01046021; UDB=6.00535679; IPR=6.00824998; MB=3.00021608; MTD=3.00000008; XFM=3.00000015; UTC=2018-06-12 19:48:38 X-IBM-AV-DETECTION: SAVI=unused REMOTE=unused XFE=unused x-cbparentid: 18061219-0073-0000-0000-00004857C33A Message-Id: X-Proofpoint-Virus-Version: vendor=fsecure engine=2.50.10434:, , definitions=2018-06-12_12:, , signatures=0 X-Proofpoint-Spam-Details: rule=outbound_notspam policy=outbound score=0 priorityscore=1501 malwarescore=0 suspectscore=1 phishscore=0 bulkscore=0 spamscore=0 clxscore=1015 lowpriorityscore=0 mlxscore=0 impostorscore=0 mlxlogscore=999 adultscore=0 classifier=spam adjust=0 reason=mlx scancount=1 engine=8.0.1-1805220000 definitions=main-1806120220 X-detected-operating-system: by eggs.gnu.org: GNU/Linux 3.x [generic] [fuzzy] X-Received-From: 148.163.158.5 Subject: [Qemu-devel] [RFC v1 1/1] virtio-crypto: Allow disabling of cipher algorithms for virtio-crypto device X-BeenThere: qemu-devel@nongnu.org X-Mailman-Version: 2.1.21 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Cc: frankja@linux.ibm.com, mst@redhat.com, alifm@linux.ibm.com, pasic@linux.ibm.com, borntraeger@de.ibm.com, arei.gonglei@huawei.com, longpeng2@huawei.com Errors-To: qemu-devel-bounces+patchwork-qemu-devel=patchwork.kernel.org@nongnu.org Sender: "Qemu-devel" X-Virus-Scanned: ClamAV using ClamSMTP The virtio-crypto driver currently propagates to the guest all the cipher algorithms that the backend cryptodev can support. But in certain cases where the guest has more performant mechanism to handle some algorithms, it would be useful to propagate only a subset of the algorithms. This patch adds support for disabling the cipher algorithms of the backend cryptodev. eg: -object cryptodev-backend-builtin,id=cryptodev0 -device virtio-crypto-ccw,id=crypto0,cryptodev=cryptodev0,cipher-aes-cbc=off Signed-off-by: Farhan Ali --- Please note this patch is not complete, and there are TODOs to handle for other types of algorithms such Hash, AEAD and MAC algorithms. This is mainly intended to get some feedback on the design approach from the community. hw/virtio/virtio-crypto.c | 46 ++++++++++++++++++++++++++++++++++++--- include/hw/virtio/virtio-crypto.h | 3 +++ 2 files changed, 46 insertions(+), 3 deletions(-) diff --git a/hw/virtio/virtio-crypto.c b/hw/virtio/virtio-crypto.c index 9a9fa49..4aed9ca 100644 --- a/hw/virtio/virtio-crypto.c +++ b/hw/virtio/virtio-crypto.c @@ -754,12 +754,22 @@ static void virtio_crypto_reset(VirtIODevice *vdev) static void virtio_crypto_init_config(VirtIODevice *vdev) { VirtIOCrypto *vcrypto = VIRTIO_CRYPTO(vdev); + uint32_t user_crypto_services = (1u << VIRTIO_CRYPTO_SERVICE_CIPHER) | + (1u << VIRTIO_CRYPTO_SERVICE_HASH) | + (1u << VIRTIO_CRYPTO_SERVICE_AEAD) | + (1u << VIRTIO_CRYPTO_SERVICE_MAC); + + if (vcrypto->user_cipher_algo_l & (1u << VIRTIO_CRYPTO_NO_CIPHER)) { + vcrypto->user_cipher_algo_l = 1u << VIRTIO_CRYPTO_NO_CIPHER; + vcrypto->user_cipher_algo_h = 0; + user_crypto_services &= ~(1u << VIRTIO_CRYPTO_SERVICE_CIPHER); + } - vcrypto->conf.crypto_services = + vcrypto->conf.crypto_services = user_crypto_services & vcrypto->conf.cryptodev->conf.crypto_services; - vcrypto->conf.cipher_algo_l = + vcrypto->conf.cipher_algo_l = vcrypto->user_cipher_algo_l & vcrypto->conf.cryptodev->conf.cipher_algo_l; - vcrypto->conf.cipher_algo_h = + vcrypto->conf.cipher_algo_h = vcrypto->user_cipher_algo_h & vcrypto->conf.cryptodev->conf.cipher_algo_h; vcrypto->conf.hash_algo = vcrypto->conf.cryptodev->conf.hash_algo; vcrypto->conf.mac_algo_l = vcrypto->conf.cryptodev->conf.mac_algo_l; @@ -853,6 +863,34 @@ static const VMStateDescription vmstate_virtio_crypto = { static Property virtio_crypto_properties[] = { DEFINE_PROP_LINK("cryptodev", VirtIOCrypto, conf.cryptodev, TYPE_CRYPTODEV_BACKEND, CryptoDevBackend *), + DEFINE_PROP_BIT("no-cipher", VirtIOCrypto, user_cipher_algo_l, + VIRTIO_CRYPTO_CIPHER_ARC4, false), + DEFINE_PROP_BIT("cipher-arc4", VirtIOCrypto, user_cipher_algo_l, + VIRTIO_CRYPTO_CIPHER_ARC4, false), + DEFINE_PROP_BIT("cipher-aes-ecb", VirtIOCrypto, user_cipher_algo_l, + VIRTIO_CRYPTO_CIPHER_AES_ECB, false), + DEFINE_PROP_BIT("cipher-aes-cbc", VirtIOCrypto, user_cipher_algo_l, + VIRTIO_CRYPTO_CIPHER_AES_CBC, false), + DEFINE_PROP_BIT("cipher-aes-ctr", VirtIOCrypto, user_cipher_algo_l, + VIRTIO_CRYPTO_CIPHER_AES_CTR, false), + DEFINE_PROP_BIT("cipher-des-ecb", VirtIOCrypto, user_cipher_algo_l, + VIRTIO_CRYPTO_CIPHER_DES_ECB, false), + DEFINE_PROP_BIT("cipher-3des-ecb", VirtIOCrypto, user_cipher_algo_l, + VIRTIO_CRYPTO_CIPHER_3DES_ECB, false), + DEFINE_PROP_BIT("cipher-3des-cbc", VirtIOCrypto, user_cipher_algo_l, + VIRTIO_CRYPTO_CIPHER_3DES_CBC, false), + DEFINE_PROP_BIT("cipher-3des-ctr", VirtIOCrypto, user_cipher_algo_l, + VIRTIO_CRYPTO_CIPHER_3DES_CTR, false), + DEFINE_PROP_BIT("cipher-kasumi-f8", VirtIOCrypto, user_cipher_algo_l, + VIRTIO_CRYPTO_CIPHER_KASUMI_F8, false), + DEFINE_PROP_BIT("cipher-snow3g-uea2", VirtIOCrypto, user_cipher_algo_l, + VIRTIO_CRYPTO_CIPHER_SNOW3G_UEA2, false), + DEFINE_PROP_BIT("cipher-aes-f8", VirtIOCrypto, user_cipher_algo_l, + VIRTIO_CRYPTO_CIPHER_AES_F8, false), + DEFINE_PROP_BIT("cipher-aes-xts", VirtIOCrypto, user_cipher_algo_l, + VIRTIO_CRYPTO_CIPHER_AES_XTS, false), + DEFINE_PROP_BIT("cipher-zuc-eea3", VirtIOCrypto, user_cipher_algo_l, + VIRTIO_CRYPTO_CIPHER_ZUC_EEA3, false), DEFINE_PROP_END_OF_LIST(), }; @@ -974,6 +1012,8 @@ static void virtio_crypto_instance_init(Object *obj) * Can be overriden with virtio_crypto_set_config_size. */ vcrypto->config_size = sizeof(struct virtio_crypto_config); + vcrypto->user_cipher_algo_l = ~VIRTIO_CRYPTO_NO_CIPHER - 1; + vcrypto->user_cipher_algo_h = ~VIRTIO_CRYPTO_NO_CIPHER; } static const TypeInfo virtio_crypto_info = { diff --git a/include/hw/virtio/virtio-crypto.h b/include/hw/virtio/virtio-crypto.h index ca3a049..c5bb684 100644 --- a/include/hw/virtio/virtio-crypto.h +++ b/include/hw/virtio/virtio-crypto.h @@ -97,6 +97,9 @@ typedef struct VirtIOCrypto { uint32_t curr_queues; size_t config_size; uint8_t vhost_started; + + uint32_t user_cipher_algo_l; + uint32_t user_cipher_algo_h; } VirtIOCrypto; #endif /* _QEMU_VIRTIO_CRYPTO_H */