From patchwork Tue Jul 4 08:57:04 2017 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: "Longpeng(Mike)" X-Patchwork-Id: 9824407 Return-Path: Received: from mail.wl.linuxfoundation.org (pdx-wl-mail.web.codeaurora.org [172.30.200.125]) by pdx-korg-patchwork.web.codeaurora.org (Postfix) with ESMTP id 409BC602F0 for ; Tue, 4 Jul 2017 09:12:03 +0000 (UTC) Received: from mail.wl.linuxfoundation.org (localhost [127.0.0.1]) by mail.wl.linuxfoundation.org (Postfix) with ESMTP id 2F8642844C for ; Tue, 4 Jul 2017 09:12:03 +0000 (UTC) Received: by mail.wl.linuxfoundation.org (Postfix, from userid 486) id 242E728462; Tue, 4 Jul 2017 09:12:03 +0000 (UTC) X-Spam-Checker-Version: SpamAssassin 3.3.1 (2010-03-16) on pdx-wl-mail.web.codeaurora.org X-Spam-Level: X-Spam-Status: No, score=-6.9 required=2.0 tests=BAYES_00,RCVD_IN_DNSWL_HI autolearn=ham version=3.3.1 Received: from lists.gnu.org (lists.gnu.org [208.118.235.17]) (using TLSv1 with cipher AES256-SHA (256/256 bits)) (No client certificate requested) by mail.wl.linuxfoundation.org (Postfix) with ESMTPS id 7B04A2844C for ; Tue, 4 Jul 2017 09:12:02 +0000 (UTC) Received: from localhost ([::1]:39645 helo=lists.gnu.org) by lists.gnu.org with esmtp (Exim 4.71) (envelope-from ) id 1dSJsH-0001hQ-Pj for patchwork-qemu-devel@patchwork.kernel.org; Tue, 04 Jul 2017 05:12:01 -0400 Received: from eggs.gnu.org ([2001:4830:134:3::10]:46975) by lists.gnu.org with esmtp (Exim 4.71) (envelope-from ) id 1dSJeg-0005E9-1P for qemu-devel@nongnu.org; Tue, 04 Jul 2017 04:57:59 -0400 Received: from Debian-exim by eggs.gnu.org with spam-scanned (Exim 4.71) (envelope-from ) id 1dSJee-0005gN-LR for qemu-devel@nongnu.org; Tue, 04 Jul 2017 04:57:58 -0400 Received: from szxga01-in.huawei.com ([45.249.212.187]:4020) by eggs.gnu.org with esmtps (TLS1.0:RSA_ARCFOUR_SHA1:16) (Exim 4.71) (envelope-from ) id 1dSJee-0005em-1O for qemu-devel@nongnu.org; Tue, 04 Jul 2017 04:57:56 -0400 Received: from 172.30.72.55 (EHLO DGGEML402-HUB.china.huawei.com) ([172.30.72.55]) by dggrg01-dlp.huawei.com (MOS 4.4.6-GA FastPath queued) with ESMTP id ARL27723; Tue, 04 Jul 2017 16:57:52 +0800 (CST) Received: from localhost (10.177.246.209) by DGGEML402-HUB.china.huawei.com (10.3.17.38) with Microsoft SMTP Server id 14.3.301.0; Tue, 4 Jul 2017 16:57:40 +0800 From: "Longpeng(Mike)" To: Date: Tue, 4 Jul 2017 16:57:04 +0800 Message-ID: <1499158630-75260-13-git-send-email-longpeng2@huawei.com> X-Mailer: git-send-email 1.8.4.msysgit.0 In-Reply-To: <1499158630-75260-1-git-send-email-longpeng2@huawei.com> References: <1499158630-75260-1-git-send-email-longpeng2@huawei.com> MIME-Version: 1.0 X-Originating-IP: [10.177.246.209] X-CFilter-Loop: Reflected X-Mirapoint-Virus-RAPID-Raw: score=unknown(0), refid=str=0001.0A090201.595B5891.018E, ss=1, re=0.000, recu=0.000, reip=0.000, cl=1, cld=1, fgs=0, ip=0.0.0.0, so=2014-11-16 11:51:01, dmn=2013-03-21 17:37:32 X-Mirapoint-Loop-Id: e95e7787281992d1c99f1b042307cbfb X-detected-operating-system: by eggs.gnu.org: GNU/Linux 2.4.x-2.6.x [generic] [fuzzy] X-Received-From: 45.249.212.187 Subject: [Qemu-devel] [PATCH v4 12/18] crypto: introduce some common functions for af_alg backend X-BeenThere: qemu-devel@nongnu.org X-Mailman-Version: 2.1.21 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Cc: weidong.huang@huawei.com, wangxinxin.wang@huawei.com, qemu-devel@nongnu.org, arei.gonglei@huawei.com, longpeng.mike@gmail.com, "Longpeng\(Mike\)" Errors-To: qemu-devel-bounces+patchwork-qemu-devel=patchwork.kernel.org@nongnu.org Sender: "Qemu-devel" X-Virus-Scanned: ClamAV using ClamSMTP The AF_ALG socket family is the userspace interface for linux crypto API, this patch adds af_alg family support and some common functions for af_alg backend. It'll be used by afalg-backend crypto latter. Signed-off-by: Longpeng(Mike) --- configure | 22 ++++++++++ crypto/Makefile.objs | 1 + crypto/afalg.c | 118 +++++++++++++++++++++++++++++++++++++++++++++++++++ crypto/afalgpriv.h | 55 ++++++++++++++++++++++++ 4 files changed, 196 insertions(+) create mode 100644 crypto/afalg.c create mode 100644 crypto/afalgpriv.h diff --git a/configure b/configure index c571ad1..0b3e6c1 100755 --- a/configure +++ b/configure @@ -4744,6 +4744,24 @@ if compile_prog "" "" ; then have_af_vsock=yes fi +########################################## +# check for usable AF_ALG environment +hava_af_alg=no +cat > $TMPC << EOF +#include +#include +#include +#include +int main(void) { + int sock; + sock = socket(AF_ALG, SOCK_SEQPACKET, 0); + return sock; +} +EOF +if compile_prog "" "" ; then + have_af_alg=yes +fi + ################################################# # Sparc implicitly links with --relax, which is # incompatible with -r, so --no-relax should be @@ -5855,6 +5873,10 @@ if test "$have_af_vsock" = "yes" ; then echo "CONFIG_AF_VSOCK=y" >> $config_host_mak fi +if test "$have_af_alg" = "yes" ; then + echo "CONFIG_AF_ALG=y" >> $config_host_mak +fi + if test "$have_sysmacros" = "yes" ; then echo "CONFIG_SYSMACROS=y" >> $config_host_mak fi diff --git a/crypto/Makefile.objs b/crypto/Makefile.objs index 1f749f2..2be5a3a 100644 --- a/crypto/Makefile.objs +++ b/crypto/Makefile.objs @@ -10,6 +10,7 @@ crypto-obj-$(if $(CONFIG_NETTLE),n,$(if $(CONFIG_GCRYPT_HMAC),n,y)) += hmac-glib crypto-obj-y += aes.o crypto-obj-y += desrfb.o crypto-obj-y += cipher.o +crypto-obj-$(CONFIG_AF_ALG) += afalg.o crypto-obj-y += tlscreds.o crypto-obj-y += tlscredsanon.o crypto-obj-y += tlscredsx509.o diff --git a/crypto/afalg.c b/crypto/afalg.c new file mode 100644 index 0000000..337d8a8 --- /dev/null +++ b/crypto/afalg.c @@ -0,0 +1,118 @@ +/* + * QEMU Crypto af_alg support + * + * Copyright (c) 2017 HUAWEI TECHNOLOGIES CO., LTD. + * + * Authors: + * Longpeng(Mike) + * + * This work is licensed under the terms of the GNU GPL, version 2 or + * (at your option) any later version. See the COPYING file in the + * top-level directory. + */ +#include "qemu/osdep.h" +#include "qemu/cutils.h" +#include "qemu/sockets.h" +#include "qapi/error.h" +#include "afalgpriv.h" + +static bool +qcrypto_afalg_build_saddr(const char *type, const char *name, + struct sockaddr_alg *salg, Error **errp) +{ + salg->salg_family = AF_ALG; + + if (strnlen(type, SALG_TYPE_LEN_MAX) >= SALG_TYPE_LEN_MAX) { + error_setg(errp, "Afalg type(%s) is larger than %d bytes", + type, SALG_TYPE_LEN_MAX); + return false; + } + + if (strnlen(name, SALG_NAME_LEN_MAX) >= SALG_NAME_LEN_MAX) { + error_setg(errp, "Afalg name(%s) is larger than %d bytes", + name, SALG_NAME_LEN_MAX); + return false; + } + + pstrcpy((char *)salg->salg_type, SALG_TYPE_LEN_MAX, type); + pstrcpy((char *)salg->salg_name, SALG_NAME_LEN_MAX, name); + + return true; +} + +static int +qcrypto_afalg_socket_bind(const char *type, const char *name, + Error **errp) +{ + int sbind; + struct sockaddr_alg salg = {0}; + + if (!qcrypto_afalg_build_saddr(type, name, &salg, errp)) { + return -1; + } + + sbind = qemu_socket(AF_ALG, SOCK_SEQPACKET, 0); + if (sbind < 0) { + error_setg_errno(errp, errno, "Failed to create socket"); + return -1; + } + + if (bind(sbind, (const struct sockaddr *)&salg, sizeof(salg)) != 0) { + error_setg_errno(errp, errno, "Failed to bind socket"); + closesocket(sbind); + return -1; + } + + return sbind; +} + +QCryptoAFAlg * +qcrypto_afalg_comm_alloc(const char *type, const char *name, + Error **errp) +{ + QCryptoAFAlg *afalg; + + afalg = g_new0(QCryptoAFAlg, 1); + /* initilize crypto API socket */ + afalg->opfd = -1; + afalg->tfmfd = qcrypto_afalg_socket_bind(type, name, errp); + if (afalg->tfmfd == -1) { + goto error; + } + + afalg->opfd = qemu_accept(afalg->tfmfd, NULL, 0); + if (afalg->opfd == -1) { + error_setg_errno(errp, errno, "Failed to accept socket"); + goto error; + } + + return afalg; + +error: + qcrypto_afalg_comm_free(afalg); + return NULL; +} + +void qcrypto_afalg_comm_free(QCryptoAFAlg *afalg) +{ + if (!afalg) { + return; + } + + if (afalg->msg) { + g_free(afalg->msg->msg_control); + g_free(afalg->msg); + } + + g_free(afalg->name); + + if (afalg->tfmfd != -1) { + closesocket(afalg->tfmfd); + } + + if (afalg->opfd != -1) { + closesocket(afalg->opfd); + } + + g_free(afalg); +} diff --git a/crypto/afalgpriv.h b/crypto/afalgpriv.h new file mode 100644 index 0000000..d21160c --- /dev/null +++ b/crypto/afalgpriv.h @@ -0,0 +1,55 @@ +/* + * QEMU Crypto af_alg support + * + * Copyright (c) 2017 HUAWEI TECHNOLOGIES CO., LTD. + * + * Authors: + * Longpeng(Mike) + * + * This work is licensed under the terms of the GNU GPL, version 2 or + * (at your option) any later version. See the COPYING file in the + * top-level directory. + */ + +#ifndef QCRYPTO_AFALGPRIV_H +#define QCRYPTO_AFALGPRIV_H + +#include + +#define SALG_TYPE_LEN_MAX 14 +#define SALG_NAME_LEN_MAX 64 + +typedef struct QCryptoAFAlg QCryptoAFAlg; + +struct QCryptoAFAlg { + int tfmfd; + int opfd; + char *name; + struct msghdr *msg; + struct cmsghdr *cmsg; +}; + +/** + * qcrypto_afalg_comm_alloc: + * @type: the type of crypto operation + * @name: the name of crypto operation + * + * Allocate a QCryptoAFAlg object and bind itself to + * a AF_ALG socket. + * + * Returns: + * a new QCryptoAFAlg object, or NULL in error. + */ +QCryptoAFAlg * +qcrypto_afalg_comm_alloc(const char *type, const char *name, + Error **errp); + +/** + * afalg_comm_free: + * @afalg: the QCryptoAFAlg object + * + * Free the @afalg. + */ +void qcrypto_afalg_comm_free(QCryptoAFAlg *afalg); + +#endif