From: "Daniel P. Berrange" <berrange@redhat.com>
To: "Longpeng(Mike)" <longpeng2@huawei.com>
Cc: arei.gonglei@huawei.com, longpeng.mike@gmail.com,
qemu-devel@nongnu.org, weidong.huang@huawei.com
Subject: Re: [Qemu-devel] [PATCH v3 13/18] crypto: cipher: add afalg-backend cipher support
Date: Wed, 26 Apr 2017 13:17:07 +0100 [thread overview]
Message-ID: <20170426121707.GS18933@redhat.com> (raw)
In-Reply-To: <1492845627-4384-14-git-send-email-longpeng2@huawei.com>
On Sat, Apr 22, 2017 at 03:20:22PM +0800, Longpeng(Mike) wrote:
> Adds afalg-backend cipher support: introduces some private APIs
> firstly, and then intergrates them into qcrypto_cipher_afalg_driver.
>
> Signed-off-by: Longpeng(Mike) <longpeng2@huawei.com>
> ---
> crypto/Makefile.objs | 1 +
> crypto/afalgpriv.h | 9 ++
> crypto/cipher-afalg.c | 229 +++++++++++++++++++++++++++++++++++++++++++++
> crypto/cipher.c | 28 +++++-
> crypto/cipherpriv.h | 11 +++
> include/crypto/cipher.h | 8 ++
> tests/test-crypto-cipher.c | 10 +-
> 7 files changed, 294 insertions(+), 2 deletions(-)
> create mode 100644 crypto/cipher-afalg.c
>
> diff --git a/crypto/cipher-afalg.c b/crypto/cipher-afalg.c
> new file mode 100644
> index 0000000..cce8e6b
> --- /dev/null
> +++ b/crypto/cipher-afalg.c
> +static char *
> +qcrypto_afalg_cipher_format_name(QCryptoCipherAlgorithm alg,
> + QCryptoCipherMode mode,
> + Error **errp)
> +{
> + char *name;
> + const char *alg_name;
> + const char *mode_name;
> + int ret;
> +
> + switch (alg) {
> + case QCRYPTO_CIPHER_ALG_AES_128:
> + case QCRYPTO_CIPHER_ALG_AES_192:
> + case QCRYPTO_CIPHER_ALG_AES_256:
> + alg_name = "aes";
> + break;
> + case QCRYPTO_CIPHER_ALG_CAST5_128:
> + alg_name = "cast5";
> + break;
> + case QCRYPTO_CIPHER_ALG_SERPENT_128:
> + case QCRYPTO_CIPHER_ALG_SERPENT_192:
> + case QCRYPTO_CIPHER_ALG_SERPENT_256:
> + alg_name = "serpent";
> + break;
> + case QCRYPTO_CIPHER_ALG_TWOFISH_128:
> + case QCRYPTO_CIPHER_ALG_TWOFISH_192:
> + case QCRYPTO_CIPHER_ALG_TWOFISH_256:
> + alg_name = "twofish";
> + break;
> +
> + default:
> + error_setg(errp, "Unsupported cipher algorithm %d", alg);
> + return NULL;
> + }
> +
> + mode_name = QCryptoCipherMode_lookup[mode];
> +
> + name = g_new0(char, SALG_NAME_LEN_MAX);
> + ret = snprintf(name, SALG_NAME_LEN_MAX, "%s(%s)", mode_name,
> + alg_name);
> + if (ret < 0 || ret >= SALG_NAME_LEN_MAX) {
> + error_setg(errp, "Build ciphername(name='%s',mode='%s') failed",
> + alg_name, mode_name);
> + g_free(name);
> + return NULL;
> + }
Using g_new0+snprintf() is never a good idea. Instead use g_strdup_printf().
There is no need for the length check here either, since
qcrypto_afalg_comm_alloc() is already going to bounds check
it
> +
> + return name;
> +}
> +
> +QCryptoAFAlg *
> +qcrypto_afalg_cipher_ctx_new(QCryptoCipherAlgorithm alg,
> + QCryptoCipherMode mode,
> + const uint8_t *key,
> + size_t nkey, Error **errp)
> +{
> + QCryptoAFAlg *afalg;
> + size_t except_niv;
Typo - I think you meant 'expect_niv' instead - same typo in other
methods below too
> + char *name;
> +
> + name = qcrypto_afalg_cipher_format_name(alg, mode, errp);
> + if (!name) {
> + return NULL;
> + }
> +
> + afalg = qcrypto_afalg_comm_alloc(AFALG_TYPE_CIPHER, name, errp);
> + if (!afalg) {
> + g_free(name);
> + return NULL;
> + }
> + afalg->name = name;
> +
> + /* setkey */
> + if (qemu_setsockopt(afalg->tfmfd, SOL_ALG, ALG_SET_KEY, key,
> + nkey) != 0) {
> + error_setg_errno(errp, errno, "Set key failed");
> + qcrypto_afalg_comm_free(afalg);
> + return NULL;
> + }
> +
> + /* prepare msg header */
> + afalg->msg = g_new0(struct msghdr, 1);
> + afalg->msg->msg_controllen += CMSG_SPACE(ALG_OPTYPE_LEN);
> + except_niv = qcrypto_cipher_get_iv_len(alg, mode);
> + if (except_niv) {
> + afalg->msg->msg_controllen += CMSG_SPACE(ALG_MSGIV_LEN(except_niv));
> + }
> + afalg->msg->msg_control = g_new0(uint8_t, afalg->msg->msg_controllen);
> +
> + /* We use 1st msghdr for crypto-info and 2nd msghdr for IV-info */
> + afalg->cmsg = CMSG_FIRSTHDR(afalg->msg);
> + afalg->cmsg->cmsg_level = SOL_ALG;
> + afalg->cmsg->cmsg_type = ALG_SET_OP;
> + afalg->cmsg->cmsg_len = CMSG_SPACE(ALG_OPTYPE_LEN);
> +
> + return afalg;
> +}
> +
> +static int
> +qcrypto_afalg_cipher_setiv(QCryptoCipher *cipher,
> + const uint8_t *iv,
> + size_t niv, Error **errp)
> +{
> + struct af_alg_iv *alg_iv;
> + size_t except_niv;
> + QCryptoAFAlg *afalg = cipher->opaque;
> +
> + except_niv = qcrypto_cipher_get_iv_len(cipher->alg, cipher->mode);
> + if (niv != except_niv) {
> + error_setg(errp, "Set IV len(%lu) not match excepted(%lu)",
> + niv, except_niv);
When printing variables that are 'size_t', you need '%zu' rather
than '%lu'
> + return -1;
> + }
> +
> + /* move ->cmsg to next msghdr, for IV-info */
> + afalg->cmsg = CMSG_NXTHDR(afalg->msg, afalg->cmsg);
> +
> + /* build setiv msg */
> + afalg->cmsg->cmsg_level = SOL_ALG;
> + afalg->cmsg->cmsg_type = ALG_SET_IV;
> + afalg->cmsg->cmsg_len = CMSG_SPACE(ALG_MSGIV_LEN(niv));
> + alg_iv = (struct af_alg_iv *)CMSG_DATA(afalg->cmsg);
> + alg_iv->ivlen = niv;
> + memcpy(alg_iv->iv, iv, niv);
> +
> + return 0;
> +}
> +
> +static int
> +qcrypto_afalg_cipher_op(QCryptoAFAlg *afalg,
> + const void *in, void *out,
> + size_t len, bool do_encrypt,
> + Error **errp)
> +{
> + uint32_t *type = NULL;
> + struct iovec iov;
> + size_t ret, done = 0;
> + uint32_t origin_contorllen;
Typo - you mean 'origin_controllen'
> +
> + origin_contorllen = afalg->msg->msg_controllen;
> + /* movev ->cmsg to first header, for crypto-info */
> + afalg->cmsg = CMSG_FIRSTHDR(afalg->msg);
> +
> + /* build encrypt msg */
> + afalg->msg->msg_iov = &iov;
> + afalg->msg->msg_iovlen = 1;
> + type = (uint32_t *)CMSG_DATA(afalg->cmsg);
> + if (do_encrypt) {
> + *type = ALG_OP_ENCRYPT;
> + } else {
> + *type = ALG_OP_DECRYPT;
> + }
> +
> + do {
> + iov.iov_base = (void *)in + done;
> + iov.iov_len = len - done;
> +
> + /* send info to AF_ALG core */
> + ret = sendmsg(afalg->opfd, afalg->msg, 0);
> + if (ret == -1) {
> + error_setg_errno(errp, errno, "Send data to AF_ALG core failed");
> + return -1;
> + }
> +
> + /* encrypto && get result */
> + if (ret != read(afalg->opfd, out, ret)) {
> + error_setg_errno(errp, errno, "Get result from AF_ALG core failed");
> + return -1;
> + }
> +
> + /* do not update IV for following chunks */
> + afalg->msg->msg_controllen = 0;
> + done += ret;
> + } while (done < len);
> +
> + afalg->msg->msg_controllen = origin_contorllen;
> +
> + return 0;
> +}
> diff --git a/crypto/cipher.c b/crypto/cipher.c
> index a6e052c..4a6f548 100644
> --- a/crypto/cipher.c
> +++ b/crypto/cipher.c
> @@ -164,17 +164,34 @@ QCryptoCipher *qcrypto_cipher_new(QCryptoCipherAlgorithm alg,
> {
> QCryptoCipher *cipher;
> void *ctx;
Initialize this to NULL;
> + Error *err2 = NULL;
> + QCryptoCipherDriver *drv;
> +
> +#ifdef CONFIG_AF_ALG
> + ctx = qcrypto_afalg_cipher_ctx_new(alg, mode, key, nkey, &err2);
> + if (ctx) {
> + drv = &qcrypto_cipher_afalg_driver;
> + goto set_cipher;
And drop the goto here.
> + }
> +#endif
>
And add 'if (!ctx)' before this next block:
> ctx = qcrypto_cipher_ctx_new(alg, mode, key, nkey, errp);
> if (ctx == NULL) {
> + error_free(err2);
> return NULL;
> }
>
> + drv = &qcrypto_cipher_lib_driver;
> + error_free(err2);
> +
> +#ifdef CONFIG_AF_ALG
> +set_cipher:
> +#endif
> cipher = g_new0(QCryptoCipher, 1);
> cipher->alg = alg;
> cipher->mode = mode;
> cipher->opaque = ctx;
> - cipher->driver = (void *)&qcrypto_cipher_lib_driver;
> + cipher->driver = (void *)drv;
>
> return cipher;
> }
> @@ -220,3 +237,12 @@ void qcrypto_cipher_free(QCryptoCipher *cipher)
> g_free(cipher);
> }
> }
> +
> +bool qcrypto_cipher_using_afalg_drv(QCryptoCipher *cipher)
> +{
> +#ifdef CONFIG_AF_ALG
> + return cipher->driver == (void *)&qcrypto_cipher_afalg_driver;
> +#else
> + return false;
> +#endif
> +}
> diff --git a/include/crypto/cipher.h b/include/crypto/cipher.h
> index 984fb82..037f602 100644
> --- a/include/crypto/cipher.h
> +++ b/include/crypto/cipher.h
> @@ -233,4 +233,12 @@ int qcrypto_cipher_setiv(QCryptoCipher *cipher,
> const uint8_t *iv, size_t niv,
> Error **errp);
>
> +/**
> + * qcrypto_cipher_using_afalg_drv:
> + * @ the cipher object
> + *
> + * Returns: true if @cipher is using afalg driver, otherwise false.
> + */
> +bool qcrypto_cipher_using_afalg_drv(QCryptoCipher *cipher);
IMHO whether we use afalg or not should be hidden from users of the
crypto API, so I'd prefer we didn't add this method
> diff --git a/tests/test-crypto-cipher.c b/tests/test-crypto-cipher.c
> index 07fa2fa..8bb3308 100644
> --- a/tests/test-crypto-cipher.c
> +++ b/tests/test-crypto-cipher.c
> @@ -715,6 +715,7 @@ static void test_cipher_null_iv(void)
> uint8_t key[32] = { 0 };
> uint8_t plaintext[32] = { 0 };
> uint8_t ciphertext[32] = { 0 };
> + Error *err = NULL;
>
> cipher = qcrypto_cipher_new(
> QCRYPTO_CIPHER_ALG_AES_256,
> @@ -729,7 +730,14 @@ static void test_cipher_null_iv(void)
> plaintext,
> ciphertext,
> sizeof(plaintext),
> - &error_abort);
> + &err);
> +
> + if (qcrypto_cipher_using_afalg_drv(cipher)) {
> + g_assert(err != NULL);
> + error_free_or_abort(&err);
> + } else {
> + g_assert(err == NULL);
> + }
This looks wierd - we should not have different behaviour here when
using afalg
Regards,
Daniel
--
|: https://berrange.com -o- https://www.flickr.com/photos/dberrange :|
|: https://libvirt.org -o- https://fstop138.berrange.com :|
|: https://entangle-photo.org -o- https://www.instagram.com/dberrange :|
next prev parent reply other threads:[~2017-04-26 12:17 UTC|newest]
Thread overview: 37+ messages / expand[flat|nested] mbox.gz Atom feed top
2017-04-22 7:20 [Qemu-devel] [PATCH v3 00/18] crypto: add afalg-backend support Longpeng(Mike)
2017-04-22 7:20 ` [Qemu-devel] [PATCH v3 01/18] crypto: cipher: introduce context free function Longpeng(Mike)
2017-04-26 12:02 ` Daniel P. Berrange
2017-04-22 7:20 ` [Qemu-devel] [PATCH v3 02/18] crypto: cipher: introduce qcrypto_cipher_ctx_new for gcrypt-backend Longpeng(Mike)
2017-04-26 12:02 ` Daniel P. Berrange
2017-04-22 7:20 ` [Qemu-devel] [PATCH v3 03/18] crypto: cipher: introduce qcrypto_cipher_ctx_new for nettle-backend Longpeng(Mike)
2017-04-26 12:03 ` Daniel P. Berrange
2017-04-22 7:20 ` [Qemu-devel] [PATCH v3 04/18] crypto: cipher: introduce qcrypto_cipher_ctx_new for builtin-backend Longpeng(Mike)
2017-04-26 12:03 ` Daniel P. Berrange
2017-04-22 7:20 ` [Qemu-devel] [PATCH v3 05/18] crypto: cipher: add cipher driver framework Longpeng(Mike)
2017-04-26 12:04 ` Daniel P. Berrange
2017-04-22 7:20 ` [Qemu-devel] [PATCH v3 06/18] crypto: hash: add hash " Longpeng(Mike)
2017-04-26 12:04 ` Daniel P. Berrange
2017-04-22 7:20 ` [Qemu-devel] [PATCH v3 07/18] crypto: hmac: move crypto/hmac.h into include/crypto/ Longpeng(Mike)
2017-04-26 12:05 ` Daniel P. Berrange
2017-04-22 7:20 ` [Qemu-devel] [PATCH v3 08/18] crypto: hmac: introduce qcrypto_hmac_ctx_new for gcrypt-backend Longpeng(Mike)
2017-04-26 12:05 ` Daniel P. Berrange
2017-04-22 7:20 ` [Qemu-devel] [PATCH v3 09/18] crypto: hmac: introduce qcrypto_hmac_ctx_new for nettle-backend Longpeng(Mike)
2017-04-26 12:06 ` Daniel P. Berrange
2017-04-22 7:20 ` [Qemu-devel] [PATCH v3 10/18] crypto: hmac: introduce qcrypto_hmac_ctx_new for glib-backend Longpeng(Mike)
2017-04-26 12:06 ` Daniel P. Berrange
2017-04-22 7:20 ` [Qemu-devel] [PATCH v3 11/18] crypto: hmac: add hmac driver framework Longpeng(Mike)
2017-04-26 12:07 ` Daniel P. Berrange
2017-04-22 7:20 ` [Qemu-devel] [PATCH v3 12/18] crypto: introduce some common functions for af_alg backend Longpeng(Mike)
2017-04-26 12:10 ` Daniel P. Berrange
2017-04-22 7:20 ` [Qemu-devel] [PATCH v3 13/18] crypto: cipher: add afalg-backend cipher support Longpeng(Mike)
2017-04-26 12:17 ` Daniel P. Berrange [this message]
2017-04-22 7:20 ` [Qemu-devel] [PATCH v3 14/18] crypto: hash: add afalg-backend hash support Longpeng(Mike)
2017-04-26 12:20 ` Daniel P. Berrange
2017-04-22 7:20 ` [Qemu-devel] [PATCH v3 15/18] crypto: hmac: add af_alg hmac support Longpeng(Mike)
2017-04-26 12:23 ` Daniel P. Berrange
2017-07-04 8:52 ` Longpeng (Mike)
2017-04-22 7:20 ` [Qemu-devel] [PATCH v3 16/18] tests: crypto: add cipher speed benchmark support Longpeng(Mike)
2017-04-22 7:20 ` [Qemu-devel] [PATCH v3 17/18] tests: crypto: add hash " Longpeng(Mike)
2017-04-22 7:20 ` [Qemu-devel] [PATCH v3 18/18] tests: crypto: add hmac " Longpeng(Mike)
2017-04-22 7:41 ` [Qemu-devel] [PATCH v3 00/18] crypto: add afalg-backend support no-reply
2017-04-22 7:42 ` no-reply
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20170426121707.GS18933@redhat.com \
--to=berrange@redhat.com \
--cc=arei.gonglei@huawei.com \
--cc=longpeng.mike@gmail.com \
--cc=longpeng2@huawei.com \
--cc=qemu-devel@nongnu.org \
--cc=weidong.huang@huawei.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).