1 /* Algorithms supported by virtio crypto device
3 * Authors: Gonglei <arei.gonglei@huawei.com>
5 * Copyright 2016 HUAWEI TECHNOLOGIES CO., LTD.
7 * This program is free software; you can redistribute it and/or modify
8 * it under the terms of the GNU General Public License as published by
9 * the Free Software Foundation; either version 2 of the License, or
10 * (at your option) any later version.
12 * This program is distributed in the hope that it will be useful,
13 * but WITHOUT ANY WARRANTY; without even the implied warranty of
14 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
15 * GNU General Public License for more details.
17 * You should have received a copy of the GNU General Public License
18 * along with this program; if not, see <http://www.gnu.org/licenses/>.
21 #include <linux/scatterlist.h>
22 #include <crypto/algapi.h>
23 #include <linux/err.h>
24 #include <crypto/scatterwalk.h>
25 #include <linux/atomic.h>
27 #include <uapi/linux/virtio_crypto.h>
28 #include "virtio_crypto_common.h"
31 struct virtio_crypto_ablkcipher_ctx {
32 struct crypto_engine_ctx enginectx;
33 struct virtio_crypto *vcrypto;
34 struct crypto_tfm *tfm;
36 struct virtio_crypto_sym_session_info enc_sess_info;
37 struct virtio_crypto_sym_session_info dec_sess_info;
40 struct virtio_crypto_sym_request {
41 struct virtio_crypto_request base;
45 struct virtio_crypto_ablkcipher_ctx *ablkcipher_ctx;
46 struct ablkcipher_request *ablkcipher_req;
52 struct virtio_crypto_algo {
55 unsigned int active_devs;
56 struct crypto_alg algo;
60 * The algs_lock protects the below global virtio_crypto_active_devs
61 * and crypto algorithms registion.
63 static DEFINE_MUTEX(algs_lock);
64 static void virtio_crypto_ablkcipher_finalize_req(
65 struct virtio_crypto_sym_request *vc_sym_req,
66 struct ablkcipher_request *req,
69 static void virtio_crypto_dataq_sym_callback
70 (struct virtio_crypto_request *vc_req, int len)
72 struct virtio_crypto_sym_request *vc_sym_req =
73 container_of(vc_req, struct virtio_crypto_sym_request, base);
74 struct ablkcipher_request *ablk_req;
77 /* Finish the encrypt or decrypt process */
78 if (vc_sym_req->type == VIRTIO_CRYPTO_SYM_OP_CIPHER) {
79 switch (vc_req->status) {
80 case VIRTIO_CRYPTO_OK:
83 case VIRTIO_CRYPTO_INVSESS:
84 case VIRTIO_CRYPTO_ERR:
87 case VIRTIO_CRYPTO_BADMSG:
94 ablk_req = vc_sym_req->ablkcipher_req;
95 virtio_crypto_ablkcipher_finalize_req(vc_sym_req,
100 static u64 virtio_crypto_alg_sg_nents_length(struct scatterlist *sg)
104 for (total = 0; sg; sg = sg_next(sg))
111 virtio_crypto_alg_validate_key(int key_len, uint32_t *alg)
114 case AES_KEYSIZE_128:
115 case AES_KEYSIZE_192:
116 case AES_KEYSIZE_256:
117 *alg = VIRTIO_CRYPTO_CIPHER_AES_CBC;
125 static int virtio_crypto_alg_ablkcipher_init_session(
126 struct virtio_crypto_ablkcipher_ctx *ctx,
127 uint32_t alg, const uint8_t *key,
131 struct scatterlist outhdr, key_sg, inhdr, *sgs[3];
133 struct virtio_crypto *vcrypto = ctx->vcrypto;
134 int op = encrypt ? VIRTIO_CRYPTO_OP_ENCRYPT : VIRTIO_CRYPTO_OP_DECRYPT;
136 unsigned int num_out = 0, num_in = 0;
139 * Avoid to do DMA from the stack, switch to using
140 * dynamically-allocated for the key
142 uint8_t *cipher_key = kmalloc(keylen, GFP_ATOMIC);
147 memcpy(cipher_key, key, keylen);
149 spin_lock(&vcrypto->ctrl_lock);
150 /* Pad ctrl header */
151 vcrypto->ctrl.header.opcode =
152 cpu_to_le32(VIRTIO_CRYPTO_CIPHER_CREATE_SESSION);
153 vcrypto->ctrl.header.algo = cpu_to_le32(alg);
154 /* Set the default dataqueue id to 0 */
155 vcrypto->ctrl.header.queue_id = 0;
157 vcrypto->input.status = cpu_to_le32(VIRTIO_CRYPTO_ERR);
158 /* Pad cipher's parameters */
159 vcrypto->ctrl.u.sym_create_session.op_type =
160 cpu_to_le32(VIRTIO_CRYPTO_SYM_OP_CIPHER);
161 vcrypto->ctrl.u.sym_create_session.u.cipher.para.algo =
162 vcrypto->ctrl.header.algo;
163 vcrypto->ctrl.u.sym_create_session.u.cipher.para.keylen =
165 vcrypto->ctrl.u.sym_create_session.u.cipher.para.op =
168 sg_init_one(&outhdr, &vcrypto->ctrl, sizeof(vcrypto->ctrl));
169 sgs[num_out++] = &outhdr;
172 sg_init_one(&key_sg, cipher_key, keylen);
173 sgs[num_out++] = &key_sg;
175 /* Return status and session id back */
176 sg_init_one(&inhdr, &vcrypto->input, sizeof(vcrypto->input));
177 sgs[num_out + num_in++] = &inhdr;
179 err = virtqueue_add_sgs(vcrypto->ctrl_vq, sgs, num_out,
180 num_in, vcrypto, GFP_ATOMIC);
182 spin_unlock(&vcrypto->ctrl_lock);
186 virtqueue_kick(vcrypto->ctrl_vq);
189 * Trapping into the hypervisor, so the request should be
190 * handled immediately.
192 while (!virtqueue_get_buf(vcrypto->ctrl_vq, &tmp) &&
193 !virtqueue_is_broken(vcrypto->ctrl_vq))
196 if (le32_to_cpu(vcrypto->input.status) != VIRTIO_CRYPTO_OK) {
197 spin_unlock(&vcrypto->ctrl_lock);
198 pr_err("virtio_crypto: Create session failed status: %u\n",
199 le32_to_cpu(vcrypto->input.status));
205 ctx->enc_sess_info.session_id =
206 le64_to_cpu(vcrypto->input.session_id);
208 ctx->dec_sess_info.session_id =
209 le64_to_cpu(vcrypto->input.session_id);
211 spin_unlock(&vcrypto->ctrl_lock);
217 static int virtio_crypto_alg_ablkcipher_close_session(
218 struct virtio_crypto_ablkcipher_ctx *ctx,
221 struct scatterlist outhdr, status_sg, *sgs[2];
223 struct virtio_crypto_destroy_session_req *destroy_session;
224 struct virtio_crypto *vcrypto = ctx->vcrypto;
226 unsigned int num_out = 0, num_in = 0;
228 spin_lock(&vcrypto->ctrl_lock);
229 vcrypto->ctrl_status.status = VIRTIO_CRYPTO_ERR;
230 /* Pad ctrl header */
231 vcrypto->ctrl.header.opcode =
232 cpu_to_le32(VIRTIO_CRYPTO_CIPHER_DESTROY_SESSION);
233 /* Set the default virtqueue id to 0 */
234 vcrypto->ctrl.header.queue_id = 0;
236 destroy_session = &vcrypto->ctrl.u.destroy_session;
239 destroy_session->session_id =
240 cpu_to_le64(ctx->enc_sess_info.session_id);
242 destroy_session->session_id =
243 cpu_to_le64(ctx->dec_sess_info.session_id);
245 sg_init_one(&outhdr, &vcrypto->ctrl, sizeof(vcrypto->ctrl));
246 sgs[num_out++] = &outhdr;
248 /* Return status and session id back */
249 sg_init_one(&status_sg, &vcrypto->ctrl_status.status,
250 sizeof(vcrypto->ctrl_status.status));
251 sgs[num_out + num_in++] = &status_sg;
253 err = virtqueue_add_sgs(vcrypto->ctrl_vq, sgs, num_out,
254 num_in, vcrypto, GFP_ATOMIC);
256 spin_unlock(&vcrypto->ctrl_lock);
259 virtqueue_kick(vcrypto->ctrl_vq);
261 while (!virtqueue_get_buf(vcrypto->ctrl_vq, &tmp) &&
262 !virtqueue_is_broken(vcrypto->ctrl_vq))
265 if (vcrypto->ctrl_status.status != VIRTIO_CRYPTO_OK) {
266 spin_unlock(&vcrypto->ctrl_lock);
267 pr_err("virtio_crypto: Close session failed status: %u, session_id: 0x%llx\n",
268 vcrypto->ctrl_status.status,
269 destroy_session->session_id);
273 spin_unlock(&vcrypto->ctrl_lock);
278 static int virtio_crypto_alg_ablkcipher_init_sessions(
279 struct virtio_crypto_ablkcipher_ctx *ctx,
280 const uint8_t *key, unsigned int keylen)
284 struct virtio_crypto *vcrypto = ctx->vcrypto;
286 if (keylen > vcrypto->max_cipher_key_len) {
287 pr_err("virtio_crypto: the key is too long\n");
291 if (virtio_crypto_alg_validate_key(keylen, &alg))
294 /* Create encryption session */
295 ret = virtio_crypto_alg_ablkcipher_init_session(ctx,
296 alg, key, keylen, 1);
299 /* Create decryption session */
300 ret = virtio_crypto_alg_ablkcipher_init_session(ctx,
301 alg, key, keylen, 0);
303 virtio_crypto_alg_ablkcipher_close_session(ctx, 1);
309 crypto_tfm_set_flags(ctx->tfm, CRYPTO_TFM_RES_BAD_KEY_LEN);
313 /* Note: kernel crypto API realization */
314 static int virtio_crypto_ablkcipher_setkey(struct crypto_ablkcipher *tfm,
318 struct virtio_crypto_ablkcipher_ctx *ctx = crypto_ablkcipher_ctx(tfm);
322 ret = virtio_crypto_alg_validate_key(keylen, &alg);
328 int node = virtio_crypto_get_current_node();
329 struct virtio_crypto *vcrypto =
330 virtcrypto_get_dev_node(node,
331 VIRTIO_CRYPTO_SERVICE_CIPHER, alg);
333 pr_err("virtio_crypto: Could not find a virtio device in the system or unsupported algo\n");
337 ctx->vcrypto = vcrypto;
339 /* Rekeying, we should close the created sessions previously */
340 virtio_crypto_alg_ablkcipher_close_session(ctx, 1);
341 virtio_crypto_alg_ablkcipher_close_session(ctx, 0);
344 ret = virtio_crypto_alg_ablkcipher_init_sessions(ctx, key, keylen);
346 virtcrypto_dev_put(ctx->vcrypto);
356 __virtio_crypto_ablkcipher_do_req(struct virtio_crypto_sym_request *vc_sym_req,
357 struct ablkcipher_request *req,
358 struct data_queue *data_vq)
360 struct crypto_ablkcipher *tfm = crypto_ablkcipher_reqtfm(req);
361 struct virtio_crypto_ablkcipher_ctx *ctx = vc_sym_req->ablkcipher_ctx;
362 struct virtio_crypto_request *vc_req = &vc_sym_req->base;
363 unsigned int ivsize = crypto_ablkcipher_ivsize(tfm);
364 struct virtio_crypto *vcrypto = ctx->vcrypto;
365 struct virtio_crypto_op_data_req *req_data;
366 int src_nents, dst_nents;
369 struct scatterlist outhdr, iv_sg, status_sg, **sgs;
371 unsigned int num_out = 0, num_in = 0;
374 struct scatterlist *sg;
376 src_nents = sg_nents_for_len(req->src, req->nbytes);
378 pr_err("Invalid number of src SG.\n");
382 dst_nents = sg_nents(req->dst);
384 pr_debug("virtio_crypto: Number of sgs (src_nents: %d, dst_nents: %d)\n",
385 src_nents, dst_nents);
387 /* Why 3? outhdr + iv + inhdr */
388 sg_total = src_nents + dst_nents + 3;
389 sgs = kcalloc_node(sg_total, sizeof(*sgs), GFP_KERNEL,
390 dev_to_node(&vcrypto->vdev->dev));
394 req_data = kzalloc_node(sizeof(*req_data), GFP_KERNEL,
395 dev_to_node(&vcrypto->vdev->dev));
401 vc_req->req_data = req_data;
402 vc_sym_req->type = VIRTIO_CRYPTO_SYM_OP_CIPHER;
403 /* Head of operation */
404 if (vc_sym_req->encrypt) {
405 req_data->header.session_id =
406 cpu_to_le64(ctx->enc_sess_info.session_id);
407 req_data->header.opcode =
408 cpu_to_le32(VIRTIO_CRYPTO_CIPHER_ENCRYPT);
410 req_data->header.session_id =
411 cpu_to_le64(ctx->dec_sess_info.session_id);
412 req_data->header.opcode =
413 cpu_to_le32(VIRTIO_CRYPTO_CIPHER_DECRYPT);
415 req_data->u.sym_req.op_type = cpu_to_le32(VIRTIO_CRYPTO_SYM_OP_CIPHER);
416 req_data->u.sym_req.u.cipher.para.iv_len = cpu_to_le32(ivsize);
417 req_data->u.sym_req.u.cipher.para.src_data_len =
418 cpu_to_le32(req->nbytes);
420 dst_len = virtio_crypto_alg_sg_nents_length(req->dst);
421 if (unlikely(dst_len > U32_MAX)) {
422 pr_err("virtio_crypto: The dst_len is beyond U32_MAX\n");
427 dst_len = min_t(unsigned int, req->nbytes, dst_len);
428 pr_debug("virtio_crypto: src_len: %u, dst_len: %llu\n",
429 req->nbytes, dst_len);
431 if (unlikely(req->nbytes + dst_len + ivsize +
432 sizeof(vc_req->status) > vcrypto->max_size)) {
433 pr_err("virtio_crypto: The length is too big\n");
438 req_data->u.sym_req.u.cipher.para.dst_data_len =
439 cpu_to_le32((uint32_t)dst_len);
442 sg_init_one(&outhdr, req_data, sizeof(*req_data));
443 sgs[num_out++] = &outhdr;
448 * Avoid to do DMA from the stack, switch to using
449 * dynamically-allocated for the IV
451 iv = kzalloc_node(ivsize, GFP_ATOMIC,
452 dev_to_node(&vcrypto->vdev->dev));
457 memcpy(iv, req->info, ivsize);
458 if (!vc_sym_req->encrypt)
459 scatterwalk_map_and_copy(req->info, req->src,
460 req->nbytes - AES_BLOCK_SIZE,
463 sg_init_one(&iv_sg, iv, ivsize);
464 sgs[num_out++] = &iv_sg;
468 for (sg = req->src; src_nents; sg = sg_next(sg), src_nents--)
471 /* Destination data */
472 for (sg = req->dst; sg; sg = sg_next(sg))
473 sgs[num_out + num_in++] = sg;
476 sg_init_one(&status_sg, &vc_req->status, sizeof(vc_req->status));
477 sgs[num_out + num_in++] = &status_sg;
481 spin_lock_irqsave(&data_vq->lock, flags);
482 err = virtqueue_add_sgs(data_vq->vq, sgs, num_out,
483 num_in, vc_req, GFP_ATOMIC);
484 virtqueue_kick(data_vq->vq);
485 spin_unlock_irqrestore(&data_vq->lock, flags);
486 if (unlikely(err < 0))
499 static int virtio_crypto_ablkcipher_encrypt(struct ablkcipher_request *req)
501 struct crypto_ablkcipher *atfm = crypto_ablkcipher_reqtfm(req);
502 struct virtio_crypto_ablkcipher_ctx *ctx = crypto_ablkcipher_ctx(atfm);
503 struct virtio_crypto_sym_request *vc_sym_req =
504 ablkcipher_request_ctx(req);
505 struct virtio_crypto_request *vc_req = &vc_sym_req->base;
506 struct virtio_crypto *vcrypto = ctx->vcrypto;
507 /* Use the first data virtqueue as default */
508 struct data_queue *data_vq = &vcrypto->data_vq[0];
512 if (req->nbytes % AES_BLOCK_SIZE)
515 vc_req->dataq = data_vq;
516 vc_req->alg_cb = virtio_crypto_dataq_sym_callback;
517 vc_sym_req->ablkcipher_ctx = ctx;
518 vc_sym_req->ablkcipher_req = req;
519 vc_sym_req->encrypt = true;
521 return crypto_transfer_ablkcipher_request_to_engine(data_vq->engine, req);
524 static int virtio_crypto_ablkcipher_decrypt(struct ablkcipher_request *req)
526 struct crypto_ablkcipher *atfm = crypto_ablkcipher_reqtfm(req);
527 struct virtio_crypto_ablkcipher_ctx *ctx = crypto_ablkcipher_ctx(atfm);
528 struct virtio_crypto_sym_request *vc_sym_req =
529 ablkcipher_request_ctx(req);
530 struct virtio_crypto_request *vc_req = &vc_sym_req->base;
531 struct virtio_crypto *vcrypto = ctx->vcrypto;
532 /* Use the first data virtqueue as default */
533 struct data_queue *data_vq = &vcrypto->data_vq[0];
537 if (req->nbytes % AES_BLOCK_SIZE)
540 vc_req->dataq = data_vq;
541 vc_req->alg_cb = virtio_crypto_dataq_sym_callback;
542 vc_sym_req->ablkcipher_ctx = ctx;
543 vc_sym_req->ablkcipher_req = req;
544 vc_sym_req->encrypt = false;
546 return crypto_transfer_ablkcipher_request_to_engine(data_vq->engine, req);
549 static int virtio_crypto_ablkcipher_init(struct crypto_tfm *tfm)
551 struct virtio_crypto_ablkcipher_ctx *ctx = crypto_tfm_ctx(tfm);
553 tfm->crt_ablkcipher.reqsize = sizeof(struct virtio_crypto_sym_request);
556 ctx->enginectx.op.do_one_request = virtio_crypto_ablkcipher_crypt_req;
557 ctx->enginectx.op.prepare_request = NULL;
558 ctx->enginectx.op.unprepare_request = NULL;
562 static void virtio_crypto_ablkcipher_exit(struct crypto_tfm *tfm)
564 struct virtio_crypto_ablkcipher_ctx *ctx = crypto_tfm_ctx(tfm);
569 virtio_crypto_alg_ablkcipher_close_session(ctx, 1);
570 virtio_crypto_alg_ablkcipher_close_session(ctx, 0);
571 virtcrypto_dev_put(ctx->vcrypto);
575 int virtio_crypto_ablkcipher_crypt_req(
576 struct crypto_engine *engine, void *vreq)
578 struct ablkcipher_request *req = container_of(vreq, struct ablkcipher_request, base);
579 struct virtio_crypto_sym_request *vc_sym_req =
580 ablkcipher_request_ctx(req);
581 struct virtio_crypto_request *vc_req = &vc_sym_req->base;
582 struct data_queue *data_vq = vc_req->dataq;
585 ret = __virtio_crypto_ablkcipher_do_req(vc_sym_req, req, data_vq);
589 virtqueue_kick(data_vq->vq);
594 static void virtio_crypto_ablkcipher_finalize_req(
595 struct virtio_crypto_sym_request *vc_sym_req,
596 struct ablkcipher_request *req,
599 if (vc_sym_req->encrypt)
600 scatterwalk_map_and_copy(req->info, req->dst,
601 req->nbytes - AES_BLOCK_SIZE,
603 kzfree(vc_sym_req->iv);
604 virtcrypto_clear_request(&vc_sym_req->base);
606 crypto_finalize_ablkcipher_request(vc_sym_req->base.dataq->engine,
610 static struct virtio_crypto_algo virtio_crypto_algs[] = { {
611 .algonum = VIRTIO_CRYPTO_CIPHER_AES_CBC,
612 .service = VIRTIO_CRYPTO_SERVICE_CIPHER,
614 .cra_name = "cbc(aes)",
615 .cra_driver_name = "virtio_crypto_aes_cbc",
617 .cra_flags = CRYPTO_ALG_TYPE_ABLKCIPHER | CRYPTO_ALG_ASYNC,
618 .cra_blocksize = AES_BLOCK_SIZE,
619 .cra_ctxsize = sizeof(struct virtio_crypto_ablkcipher_ctx),
621 .cra_module = THIS_MODULE,
622 .cra_type = &crypto_ablkcipher_type,
623 .cra_init = virtio_crypto_ablkcipher_init,
624 .cra_exit = virtio_crypto_ablkcipher_exit,
627 .setkey = virtio_crypto_ablkcipher_setkey,
628 .decrypt = virtio_crypto_ablkcipher_decrypt,
629 .encrypt = virtio_crypto_ablkcipher_encrypt,
630 .min_keysize = AES_MIN_KEY_SIZE,
631 .max_keysize = AES_MAX_KEY_SIZE,
632 .ivsize = AES_BLOCK_SIZE,
638 int virtio_crypto_algs_register(struct virtio_crypto *vcrypto)
643 mutex_lock(&algs_lock);
645 for (i = 0; i < ARRAY_SIZE(virtio_crypto_algs); i++) {
647 uint32_t service = virtio_crypto_algs[i].service;
648 uint32_t algonum = virtio_crypto_algs[i].algonum;
650 if (!virtcrypto_algo_is_supported(vcrypto, service, algonum))
653 if (virtio_crypto_algs[i].active_devs == 0) {
654 ret = crypto_register_alg(&virtio_crypto_algs[i].algo);
659 virtio_crypto_algs[i].active_devs++;
660 dev_info(&vcrypto->vdev->dev, "Registered algo %s\n",
661 virtio_crypto_algs[i].algo.cra_name);
665 mutex_unlock(&algs_lock);
669 void virtio_crypto_algs_unregister(struct virtio_crypto *vcrypto)
673 mutex_lock(&algs_lock);
675 for (i = 0; i < ARRAY_SIZE(virtio_crypto_algs); i++) {
677 uint32_t service = virtio_crypto_algs[i].service;
678 uint32_t algonum = virtio_crypto_algs[i].algonum;
680 if (virtio_crypto_algs[i].active_devs == 0 ||
681 !virtcrypto_algo_is_supported(vcrypto, service, algonum))
684 if (virtio_crypto_algs[i].active_devs == 1)
685 crypto_unregister_alg(&virtio_crypto_algs[i].algo);
687 virtio_crypto_algs[i].active_devs--;
690 mutex_unlock(&algs_lock);
projects / releases.git / blob