From patchwork Mon Apr 10 09:01:20 2017 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: "Longpeng (Mike, Cloud Infrastructure Service Product Dept.)" X-Patchwork-Id: 748909 Return-Path: X-Original-To: incoming@patchwork.ozlabs.org Delivered-To: patchwork-incoming@bilbo.ozlabs.org Received: from lists.gnu.org (lists.gnu.org [IPv6:2001:4830:134:3::11]) (using TLSv1 with cipher AES256-SHA (256/256 bits)) (No client certificate requested) by ozlabs.org (Postfix) with ESMTPS id 3w1kyS4lhzz9sNK for ; Mon, 10 Apr 2017 19:14:08 +1000 (AEST) Received: from localhost ([::1]:33135 helo=lists.gnu.org) by lists.gnu.org with esmtp (Exim 4.71) (envelope-from ) id 1cxVOg-0001T4-61 for incoming@patchwork.ozlabs.org; Mon, 10 Apr 2017 05:14:06 -0400 Received: from eggs.gnu.org ([2001:4830:134:3::10]:54719) by lists.gnu.org with esmtp (Exim 4.71) (envelope-from ) id 1cxVCk-0000dU-Gs for qemu-devel@nongnu.org; Mon, 10 Apr 2017 05:01:48 -0400 Received: from Debian-exim by eggs.gnu.org with spam-scanned (Exim 4.71) (envelope-from ) id 1cxVCf-0002UL-Nb for qemu-devel@nongnu.org; Mon, 10 Apr 2017 05:01:46 -0400 Received: from szxga03-in.huawei.com ([45.249.212.189]:3358 helo=dggrg03-dlp.huawei.com) by eggs.gnu.org with esmtps (TLS1.0:RSA_ARCFOUR_SHA1:16) (Exim 4.71) (envelope-from ) id 1cxVCe-0002T0-Ja for qemu-devel@nongnu.org; Mon, 10 Apr 2017 05:01:41 -0400 Received: from 172.30.72.56 (EHLO DGGEML404-HUB.china.huawei.com) ([172.30.72.56]) by dggrg03-dlp.huawei.com (MOS 4.4.6-GA FastPath queued) with ESMTP id ALL31633; Mon, 10 Apr 2017 17:01:35 +0800 (CST) Received: from localhost (10.177.246.209) by DGGEML404-HUB.china.huawei.com (10.3.17.39) with Microsoft SMTP Server id 14.3.301.0; Mon, 10 Apr 2017 17:01:27 +0800 From: "Longpeng(Mike)" To: Date: Mon, 10 Apr 2017 17:01:20 +0800 Message-ID: <1491814880-55900-1-git-send-email-longpeng2@huawei.com> X-Mailer: git-send-email 1.8.4.msysgit.0 MIME-Version: 1.0 X-Originating-IP: [10.177.246.209] X-CFilter-Loop: Reflected X-Mirapoint-Virus-RAPID-Raw: score=unknown(0), refid=str=0001.0A090205.58EB49EF.0103, ss=1, re=0.000, recu=0.000, reip=0.000, cl=1, cld=1, fgs=0, ip=0.0.0.0, so=2014-11-16 11:51:01, dmn=2013-03-21 17:37:32 X-Mirapoint-Loop-Id: 557f2642b075fc3671029604e9dc1677 X-detected-operating-system: by eggs.gnu.org: GNU/Linux 2.4.x-2.6.x [generic] [fuzzy] X-Received-From: 45.249.212.189 Subject: [Qemu-devel] [PATCH for-2.10 18/19] crypto: hmac: add af_alg hmac support X-BeenThere: qemu-devel@nongnu.org X-Mailman-Version: 2.1.21 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Cc: "Longpeng\(Mike\)" , xuquan8@huawei.com, arei.gonglei@huawei.com, qemu-devel@nongnu.org Errors-To: qemu-devel-bounces+incoming=patchwork.ozlabs.org@nongnu.org Sender: "Qemu-devel" Adds afalg-backend hmac support: introduces some private APIs firstly, and then intergrates them into qcrypto_hmac_afalg_driver. Signed-off-by: Longpeng(Mike) --- crypto/hash-afalg.c | 108 ++++++++++++++++++++++++++++++++++++++------ crypto/hmac.c | 28 +++++++++++- include/crypto/afalg-comm.h | 1 + include/crypto/hmac.h | 13 ++++++ 4 files changed, 136 insertions(+), 14 deletions(-) diff --git a/crypto/hash-afalg.c b/crypto/hash-afalg.c index d96d7568..f2c27b1 100644 --- a/crypto/hash-afalg.c +++ b/crypto/hash-afalg.c @@ -1,5 +1,5 @@ /* - * QEMU Crypto af_alg-backend hash support + * QEMU Crypto af_alg-backend hash/hmac support * * Copyright (c) 2017 HUAWEI TECHNOLOGIES CO., LTD. * @@ -16,6 +16,7 @@ #include "qemu-common.h" #include "qapi/error.h" #include "crypto/hash.h" +#include "crypto/hmac.h" #include "crypto/afalg-comm.h" #include @@ -57,7 +58,10 @@ static int afalg_hash_format_name(QCryptoHashAlgorithm alg, return 0; } -static QCryptoAfalg *afalg_hash_ctx_new(QCryptoHashAlgorithm alg) +static QCryptoAfalg * +afalg_hash_hmac_ctx_new(QCryptoHashAlgorithm alg, + const uint8_t *key, size_t nkey, + bool is_hash) { SocketAddress *saddr = NULL; QCryptoAfalg *afalg = NULL; @@ -70,13 +74,27 @@ static QCryptoAfalg *afalg_hash_ctx_new(QCryptoHashAlgorithm alg) if (ret != 0) { goto error; } - afalg_comm_format_type(saddr->u.afalg.data, ALG_TYPE_HASH); + + if (is_hash) { + afalg_comm_format_type(saddr->u.afalg.data, ALG_TYPE_HASH); + } else { + afalg_comm_format_type(saddr->u.afalg.data, ALG_TYPE_HMAC); + } afalg = afalg_comm_alloc(saddr); if (!afalg) { goto error; } + /* HMAC needs setkey */ + if (!is_hash) { + ret = qemu_setsockopt(afalg->tfmfd, SOL_ALG, ALG_SET_KEY, + key, nkey); + if (ret != 0) { + goto error; + } + } + /* prepare msg header */ afalg->msg = g_new0(struct msghdr, 1); @@ -93,15 +111,38 @@ error: goto cleanup; } -static int afalg_hash_bytesv(QCryptoHashAlgorithm alg, - const struct iovec *iov, - size_t niov, uint8_t **result, - size_t *resultlen, - Error **errp) +static QCryptoAfalg *afalg_hash_ctx_new(QCryptoHashAlgorithm alg) +{ + return afalg_hash_hmac_ctx_new(alg, NULL, 0, true); +} + +QCryptoAfalg *afalg_hmac_ctx_new(QCryptoHashAlgorithm alg, + const uint8_t *key, size_t nkey, + Error **errp) +{ + QCryptoAfalg *afalg; + + afalg = afalg_hash_hmac_ctx_new(alg, key, nkey, false); + if (afalg == NULL) { + error_setg(errp, "Afalg cannot initialize hmac and set key"); + return NULL; + } + + return afalg; +} + +static int +afalg_hash_hmac_bytesv(QCryptoAfalg *hmac, + QCryptoHashAlgorithm alg, + const struct iovec *iov, + size_t niov, uint8_t **result, + size_t *resultlen, + Error **errp) { QCryptoAfalg *afalg = NULL; struct iovec outv; int ret = 0; + bool is_hmac = (hmac != NULL) ? true : false; const int except_len = qcrypto_hash_digest_len(alg); if (*resultlen == 0) { @@ -114,10 +155,14 @@ static int afalg_hash_bytesv(QCryptoHashAlgorithm alg, return -1; } - afalg = afalg_hash_ctx_new(alg); - if (afalg == NULL) { - error_setg(errp, "Alloc QCryptoAfalg object failed"); - return -1; + if (is_hmac) { + afalg = hmac; + } else { + afalg = afalg_hash_ctx_new(alg); + if (afalg == NULL) { + error_setg(errp, "Alloc QCryptoAfalg object failed"); + return -1; + } } /* send data to kernel's crypto core */ @@ -141,10 +186,47 @@ static int afalg_hash_bytesv(QCryptoHashAlgorithm alg, } out: - afalg_comm_free(afalg); + if (!is_hmac) { /* hash */ + afalg_comm_free(afalg); + } return ret; } +static int +afalg_hash_bytesv(QCryptoHashAlgorithm alg, + const struct iovec *iov, + size_t niov, uint8_t **result, + size_t *resultlen, + Error **errp) +{ + return afalg_hash_hmac_bytesv(NULL, alg, iov, niov, + result, resultlen, errp); +} + +static int +afalg_hmac_bytesv(QCryptoHmac *hmac, + const struct iovec *iov, + size_t niov, uint8_t **result, + size_t *resultlen, + Error **errp) +{ + return afalg_hash_hmac_bytesv(hmac->opaque, hmac->alg, iov, niov, + result, resultlen, errp); +} + +static void afalg_hmac_ctx_free(QCryptoHmac *hmac) +{ + QCryptoAfalg *afalg; + + afalg = hmac->opaque; + afalg_comm_free(afalg); +} + QCryptoHashDriver qcrypto_hash_afalg_driver = { .hash_bytesv = afalg_hash_bytesv, }; + +QCryptoHmacDriver qcrypto_hmac_afalg_driver = { + .hmac_bytesv = afalg_hmac_bytesv, + .hmac_free = afalg_hmac_ctx_free, +}; diff --git a/crypto/hmac.c b/crypto/hmac.c index 2d9487a..9419abd 100644 --- a/crypto/hmac.c +++ b/crypto/hmac.c @@ -12,6 +12,7 @@ #include "qemu/osdep.h" #include "qapi/error.h" #include "crypto/hmac.h" +#include "crypto/afalg-comm.h" static const char hex[] = "0123456789abcdef"; @@ -88,16 +89,32 @@ QCryptoHmac *qcrypto_hmac_new(QCryptoHashAlgorithm alg, { QCryptoHmac *hmac; void *ctx; + QCryptoHmacDriver *drv; +#ifdef CONFIG_AF_ALG + Error *errp2 = NULL; + + ctx = afalg_hmac_ctx_new(alg, key, nkey, &errp2); + if (ctx) { + drv = &qcrypto_hmac_afalg_driver; + goto set; + } + + if (errp2) { + error_free(errp2); + } +#endif ctx = qcrypto_hmac_ctx_new(alg, key, nkey, errp); if (ctx == NULL) { return NULL; } + drv = &qcrypto_hmac_lib_driver; +set: hmac = g_new0(QCryptoHmac, 1); hmac->alg = alg; hmac->opaque = ctx; - hmac->driver = &qcrypto_hmac_lib_driver; + hmac->driver = drv; return hmac; } @@ -109,3 +126,12 @@ void qcrypto_hmac_free(QCryptoHmac *hmac) g_free(hmac); } } + +bool qcrypto_hmac_using_afalg_drv(QCryptoHmac *hmac) +{ +#ifdef CONFIG_AF_ALG + return hmac->driver == &qcrypto_hmac_afalg_driver; +#else + return false; +#endif +} diff --git a/include/crypto/afalg-comm.h b/include/crypto/afalg-comm.h index 3293949..3da9166 100644 --- a/include/crypto/afalg-comm.h +++ b/include/crypto/afalg-comm.h @@ -21,6 +21,7 @@ #define ALG_TYPE_CIPHER "skcipher" #define ALG_TYPE_HASH "hash" +#define ALG_TYPE_HMAC "hmac" #define ALG_OPTYPE_LEN 4 #define ALG_MSGIV_LEN(len) (sizeof(struct af_alg_iv) + (len)) diff --git a/include/crypto/hmac.h b/include/crypto/hmac.h index 6f63eb8..91d1d0b 100644 --- a/include/crypto/hmac.h +++ b/include/crypto/hmac.h @@ -13,6 +13,7 @@ #define QCRYPTO_HMAC_H #include "qapi-types.h" +#include "afalg-comm.h" typedef struct QCryptoHmacDriver QCryptoHmacDriver; typedef struct QCryptoHmac QCryptoHmac; @@ -39,6 +40,10 @@ extern void *qcrypto_hmac_ctx_new(QCryptoHashAlgorithm alg, Error **errp); extern QCryptoHmacDriver qcrypto_hmac_lib_driver; +extern QCryptoAfalg *afalg_hmac_ctx_new(QCryptoHashAlgorithm alg, + const uint8_t *key, size_t nkey, + Error **errp); +extern QCryptoHmacDriver qcrypto_hmac_afalg_driver; /** * qcrypto_hmac_supports: @@ -183,4 +188,12 @@ int qcrypto_hmac_digest(QCryptoHmac *hmac, char **digest, Error **errp); +/** + * qcrypto_cipher_using_afalg_drv: + * @hmac: the hmac object + * + * Returns: True if @hmac using afalg driver, otherwise false. + */ +bool qcrypto_hmac_using_afalg_drv(QCryptoHmac *hmac); + #endif