Message ID | 1480923846-166484-2-git-send-email-longpeng2@huawei.com |
---|---|
State | New |
Headers | show |
> -----Original Message----- > From: longpeng > Sent: Monday, December 05, 2016 3:44 PM > To: Gonglei (Arei) > Cc: longpeng; qemu-devel@nongnu.org; Wubin (H); Zhoujian (jay, Euler) > Subject: [PATCH for-2.9 1/2] cryptodev: fix the check of aes algorithm > > As the key length of xts(aes) is different with other mode of aes, > so we should check specially in cryptodev_builtin_get_aes_algo, if > it is xts mode. > > Signed-off-by: Longpeng(Mike) <longpeng2@huawei.com> > --- > backends/cryptodev-builtin.c | 47 > +++++++++++++++++++++++++++++++------------- > 1 file changed, 33 insertions(+), 14 deletions(-) > > diff --git a/backends/cryptodev-builtin.c b/backends/cryptodev-builtin.c > index eda954b..9dec6b8 100644 > --- a/backends/cryptodev-builtin.c > +++ b/backends/cryptodev-builtin.c > @@ -111,23 +111,42 @@ cryptodev_builtin_get_unused_session_index( > return -1; > } > > +#define AES_KEYSIZE_128 16 > +#define AES_KEYSIZE_128_XTS 32 > +#define AES_KEYSIZE_192 24 > +#define AES_KEYSIZE_256 32 > +#define AES_KEYSIZE_256_XTS 64 > + > static int > -cryptodev_builtin_get_aes_algo(uint32_t key_len, Error **errp) > +cryptodev_builtin_get_aes_algo(uint32_t key_len, int mode, Error **errp) > { > int algo; > > - if (key_len == 128 / 8) { > + if (key_len == AES_KEYSIZE_128) { > algo = QCRYPTO_CIPHER_ALG_AES_128; > - } else if (key_len == 192 / 8) { > + } else if (key_len == AES_KEYSIZE_192) { > algo = QCRYPTO_CIPHER_ALG_AES_192; > - } else if (key_len == 256 / 8) { > - algo = QCRYPTO_CIPHER_ALG_AES_256; > + } else if (key_len == AES_KEYSIZE_256) { /* equals AES_KEYSIZE_128_XTS > */ So I think you can: #define AES_KEYSIZE_128_XTS AES_KEYSIZE_256 Regards, -Gonglei > + if (mode == QCRYPTO_CIPHER_MODE_XTS) { > + algo = QCRYPTO_CIPHER_ALG_AES_128; > + } else { > + algo = QCRYPTO_CIPHER_ALG_AES_256; > + } > + } else if (key_len == AES_KEYSIZE_256_XTS) { > + if (mode == QCRYPTO_CIPHER_MODE_XTS) { > + algo = QCRYPTO_CIPHER_ALG_AES_256; > + } else { > + goto err; > + } > } else { > - error_setg(errp, "Unsupported key length :%u", key_len); > - return -1; > + goto err; > } > > return algo; > + > +err: > + error_setg(errp, "Unsupported key length :%u", key_len); > + return -1; > } > > static int cryptodev_builtin_create_cipher_session( > @@ -155,32 +174,32 @@ static int cryptodev_builtin_create_cipher_session( > > switch (sess_info->cipher_alg) { > case VIRTIO_CRYPTO_CIPHER_AES_ECB: > + mode = QCRYPTO_CIPHER_MODE_ECB; > algo = cryptodev_builtin_get_aes_algo(sess_info->key_len, > - errp); > + mode, errp); > if (algo < 0) { > return -1; > } > - mode = QCRYPTO_CIPHER_MODE_ECB; > break; > case VIRTIO_CRYPTO_CIPHER_AES_CBC: > + mode = QCRYPTO_CIPHER_MODE_CBC; > algo = cryptodev_builtin_get_aes_algo(sess_info->key_len, > - errp); > + mode, errp); > if (algo < 0) { > return -1; > } > - mode = QCRYPTO_CIPHER_MODE_CBC; > break; > case VIRTIO_CRYPTO_CIPHER_AES_CTR: > + mode = QCRYPTO_CIPHER_MODE_CTR; > algo = cryptodev_builtin_get_aes_algo(sess_info->key_len, > - errp); > + mode, errp); > if (algo < 0) { > return -1; > } > - mode = QCRYPTO_CIPHER_MODE_CTR; > break; > case VIRTIO_CRYPTO_CIPHER_DES_ECB: > - algo = QCRYPTO_CIPHER_ALG_DES_RFB; > mode = QCRYPTO_CIPHER_MODE_ECB; > + algo = QCRYPTO_CIPHER_ALG_DES_RFB; > break; > default: > error_setg(errp, "Unsupported cipher alg :%u", > -- > 1.8.3.1 >
Hi Gonglei, On 2016/12/5 17:34, Gonglei (Arei) wrote: > ...... >> >> +#define AES_KEYSIZE_128 16 >> +#define AES_KEYSIZE_128_XTS 32 >> +#define AES_KEYSIZE_192 24 >> +#define AES_KEYSIZE_256 32 >> +#define AES_KEYSIZE_256_XTS 64 >> + >> static int >> -cryptodev_builtin_get_aes_algo(uint32_t key_len, Error **errp) >> +cryptodev_builtin_get_aes_algo(uint32_t key_len, int mode, Error **errp) >> { >> int algo; >> >> - if (key_len == 128 / 8) { >> + if (key_len == AES_KEYSIZE_128) { >> algo = QCRYPTO_CIPHER_ALG_AES_128; >> - } else if (key_len == 192 / 8) { >> + } else if (key_len == AES_KEYSIZE_192) { >> algo = QCRYPTO_CIPHER_ALG_AES_192; >> - } else if (key_len == 256 / 8) { >> - algo = QCRYPTO_CIPHER_ALG_AES_256; >> + } else if (key_len == AES_KEYSIZE_256) { /* equals AES_KEYSIZE_128_XTS >> */ > > So I think you can: > #define AES_KEYSIZE_128_XTS AES_KEYSIZE_256 All right, I send a V2 later. :) > > > Regards, > -Gonglei > ...... >
diff --git a/backends/cryptodev-builtin.c b/backends/cryptodev-builtin.c index eda954b..9dec6b8 100644 --- a/backends/cryptodev-builtin.c +++ b/backends/cryptodev-builtin.c @@ -111,23 +111,42 @@ cryptodev_builtin_get_unused_session_index( return -1; } +#define AES_KEYSIZE_128 16 +#define AES_KEYSIZE_128_XTS 32 +#define AES_KEYSIZE_192 24 +#define AES_KEYSIZE_256 32 +#define AES_KEYSIZE_256_XTS 64 + static int -cryptodev_builtin_get_aes_algo(uint32_t key_len, Error **errp) +cryptodev_builtin_get_aes_algo(uint32_t key_len, int mode, Error **errp) { int algo; - if (key_len == 128 / 8) { + if (key_len == AES_KEYSIZE_128) { algo = QCRYPTO_CIPHER_ALG_AES_128; - } else if (key_len == 192 / 8) { + } else if (key_len == AES_KEYSIZE_192) { algo = QCRYPTO_CIPHER_ALG_AES_192; - } else if (key_len == 256 / 8) { - algo = QCRYPTO_CIPHER_ALG_AES_256; + } else if (key_len == AES_KEYSIZE_256) { /* equals AES_KEYSIZE_128_XTS */ + if (mode == QCRYPTO_CIPHER_MODE_XTS) { + algo = QCRYPTO_CIPHER_ALG_AES_128; + } else { + algo = QCRYPTO_CIPHER_ALG_AES_256; + } + } else if (key_len == AES_KEYSIZE_256_XTS) { + if (mode == QCRYPTO_CIPHER_MODE_XTS) { + algo = QCRYPTO_CIPHER_ALG_AES_256; + } else { + goto err; + } } else { - error_setg(errp, "Unsupported key length :%u", key_len); - return -1; + goto err; } return algo; + +err: + error_setg(errp, "Unsupported key length :%u", key_len); + return -1; } static int cryptodev_builtin_create_cipher_session( @@ -155,32 +174,32 @@ static int cryptodev_builtin_create_cipher_session( switch (sess_info->cipher_alg) { case VIRTIO_CRYPTO_CIPHER_AES_ECB: + mode = QCRYPTO_CIPHER_MODE_ECB; algo = cryptodev_builtin_get_aes_algo(sess_info->key_len, - errp); + mode, errp); if (algo < 0) { return -1; } - mode = QCRYPTO_CIPHER_MODE_ECB; break; case VIRTIO_CRYPTO_CIPHER_AES_CBC: + mode = QCRYPTO_CIPHER_MODE_CBC; algo = cryptodev_builtin_get_aes_algo(sess_info->key_len, - errp); + mode, errp); if (algo < 0) { return -1; } - mode = QCRYPTO_CIPHER_MODE_CBC; break; case VIRTIO_CRYPTO_CIPHER_AES_CTR: + mode = QCRYPTO_CIPHER_MODE_CTR; algo = cryptodev_builtin_get_aes_algo(sess_info->key_len, - errp); + mode, errp); if (algo < 0) { return -1; } - mode = QCRYPTO_CIPHER_MODE_CTR; break; case VIRTIO_CRYPTO_CIPHER_DES_ECB: - algo = QCRYPTO_CIPHER_ALG_DES_RFB; mode = QCRYPTO_CIPHER_MODE_ECB; + algo = QCRYPTO_CIPHER_ALG_DES_RFB; break; default: error_setg(errp, "Unsupported cipher alg :%u",
As the key length of xts(aes) is different with other mode of aes, so we should check specially in cryptodev_builtin_get_aes_algo, if it is xts mode. Signed-off-by: Longpeng(Mike) <longpeng2@huawei.com> --- backends/cryptodev-builtin.c | 47 +++++++++++++++++++++++++++++++------------- 1 file changed, 33 insertions(+), 14 deletions(-)