From patchwork Tue Nov 28 12:59:44 2023 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: "Nikunj A. Dadhania" X-Patchwork-Id: 170760 Return-Path: Delivered-To: ouuuleilei@gmail.com Received: by 2002:a59:ce62:0:b0:403:3b70:6f57 with SMTP id o2csp3897069vqx; Tue, 28 Nov 2023 05:01:13 -0800 (PST) X-Google-Smtp-Source: AGHT+IGrDtfY3y787AFypxjhC42FdrxQNOjZo9w64+4/7Dmjp9M3cAfAqVNG6HEs69GAt0Bdu5Fh X-Received: by 2002:a05:6a00:4198:b0:6c3:1b8e:eb37 with SMTP id ca24-20020a056a00419800b006c31b8eeb37mr16418205pfb.6.1701176473116; Tue, 28 Nov 2023 05:01:13 -0800 (PST) ARC-Seal: i=2; a=rsa-sha256; t=1701176473; cv=pass; d=google.com; s=arc-20160816; b=Nb65UhIh26BpYOjnwk49zXNTLinBWT4BoJJZZ06yN3p24wy7u6kTUpas2LnLI2lt6Z gFQifvBCU08WWtNF2xIk7Xop4Pi4n9SzSUWy19q+DkJHXOpX5MYggFGQ+xbEuRo6+TFt 3vsDZT5FdhcaAf4Q0ufUngq+gHMeKtG4FVnSeFTbSj1wg6Lkn9bMZmmw6cT5usnhGKGb 4TG0xTdcNRbGDiPwm5jDJKrR4RLfeLpipHfIqWBEykvuCjP/AWY6sCTh1Emf9iUHPeEf LfP9cqvzTaJt9tbQQPlKSS8SVqJTdbuh0627rL5I5UyUgPwBDJ/cSzGT0qIAdEZ7zGfv dI+w== ARC-Message-Signature: i=2; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:content-transfer-encoding:mime-version :references:in-reply-to:message-id:date:subject:cc:to:from :dkim-signature; bh=7T3zDODN927+8s4apyuLZYZicHXyFa2x66/1zTcElM4=; fh=GrBYTfaCmKSBoJ0OQBiloTDpWB/NcGHvBdTqN4MlWVs=; b=vkq3dqFSwfxOcjOHYogf86AW8YI/20hRev2ofU40uZKCxJNOSmDmZh3ysWB48Ib2Dz beT6JDroOHokTCZcJNGJA5YD5qrk+Cmkm84PKHJOIHz4VXPFTGQqVzPQfv7Rc9hOGk6f OqEmiIgUjjM1yzJOramFXM5Nuogg+kJkuPr3JeThF2qIIjmNLic4fjibhzxkcncpzPn4 qnszvzjirJ3rguKt1kfqOVeUMwV8emrRjc83i54SemvQKvhBTNLq0Nx2zIN7m4Cp7/lW 9TpTzu34T2yvjc6EN87ZZlLfZJwhhtgShVYFvgC6PGO5DfJipshzXDECy+y4JaaIBBja 9sbg== ARC-Authentication-Results: i=2; mx.google.com; dkim=pass header.i=@amd.com header.s=selector1 header.b=T9nb74RM; arc=pass (i=1 spf=pass spfdomain=amd.com dmarc=pass fromdomain=amd.com); spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.32 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=QUARANTINE sp=QUARANTINE dis=NONE) header.from=amd.com Received: from agentk.vger.email (agentk.vger.email. [23.128.96.32]) by mx.google.com with ESMTPS id j29-20020a63595d000000b005b8f61fcba6si11670842pgm.452.2023.11.28.05.01.12 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Tue, 28 Nov 2023 05:01:13 -0800 (PST) Received-SPF: pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.32 as permitted sender) client-ip=23.128.96.32; Authentication-Results: mx.google.com; dkim=pass header.i=@amd.com header.s=selector1 header.b=T9nb74RM; arc=pass (i=1 spf=pass spfdomain=amd.com dmarc=pass fromdomain=amd.com); spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.32 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=QUARANTINE sp=QUARANTINE dis=NONE) header.from=amd.com Received: from out1.vger.email (depot.vger.email [IPv6:2620:137:e000::3:0]) by agentk.vger.email (Postfix) with ESMTP id 13F6180560C5; Tue, 28 Nov 2023 05:01:08 -0800 (PST) X-Virus-Status: Clean X-Virus-Scanned: clamav-milter 0.103.11 at agentk.vger.email Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1344834AbjK1NAb (ORCPT + 99 others); Tue, 28 Nov 2023 08:00:31 -0500 Received: from lindbergh.monkeyblade.net ([23.128.96.19]:48934 "EHLO lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1344840AbjK1NA3 (ORCPT ); Tue, 28 Nov 2023 08:00:29 -0500 Received: from NAM12-MW2-obe.outbound.protection.outlook.com (mail-mw2nam12on2078.outbound.protection.outlook.com [40.107.244.78]) by lindbergh.monkeyblade.net (Postfix) with ESMTPS id B07C8D72; Tue, 28 Nov 2023 05:00:34 -0800 (PST) ARC-Seal: i=1; a=rsa-sha256; s=arcselector9901; d=microsoft.com; cv=none; b=aEWO6fgRq7y9owoRHHE+C+BdqiYjsyDQ0Up4vC5qfPvW3tgLEo5fxx1GEDjSL/1IK/49GOsFsEvlOBXHNhZpXCwTAKLsbC/gD5RhUbIC/EUB+9XJUnqh0K5aN8wjyDsk2R0YX/Bj0GvYs9krpirdByl1OZ3ts1FghqPsVncXiPhT2eTDdlhe2el7/tpPx8KDGLJT9gB7Kj6K36raotY49ktBiIL6tr7tHfGlrZiSxzkOM08L/nrD7mcyQZZSvtAG1z/aPF1Id/wKb0GbpW2TAK1oyu2GlzHlA6AlU9ZubP+3RrewWnVCbkOB8/CX/YC5nMiA4IRbf6NwqP+d4vrLBQ== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector9901; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-AntiSpam-MessageData-ChunkCount:X-MS-Exchange-AntiSpam-MessageData-0:X-MS-Exchange-AntiSpam-MessageData-1; bh=7T3zDODN927+8s4apyuLZYZicHXyFa2x66/1zTcElM4=; b=WA6Ywk1oC03N77JgHE1WY0JiABOGwc5chaqow8SLGSLdx6gA/4mxTjWNMTfKhBGBWu4JJhEmuKZ4UvqY0FG5e1RGHRGI/G+Nr+Z1jDAk3bxkxv3PKa/cDucschjrj60UmdA7zEt0MjVFIxk14hO+9XanW70gYRx9ebQGzAKLTXS4Dg7b/qIzCWlRNA3lVv7Ipbvohxt67VQShNoPvYyVCMLgzKQg3JhRxJKmzTGMJpuZj5/LN3jdNBMN+OXRNyjyNmYwiMtBk6OX405yhV+CpTQUBRfMobUL+YRzcC+spQFyl3Awh2AlzkB1TBP6zo1oeLD/CL9m/HEhX0ipg9oKig== ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=pass (sender ip is 165.204.84.17) smtp.rcpttodomain=vger.kernel.org smtp.mailfrom=amd.com; dmarc=pass (p=quarantine sp=quarantine pct=100) action=none header.from=amd.com; dkim=none (message not signed); arc=none (0) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=amd.com; s=selector1; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=7T3zDODN927+8s4apyuLZYZicHXyFa2x66/1zTcElM4=; b=T9nb74RM5F020WApb1yl7kNya1jEKlnR1ePydQLNVk41KayibOYUsfSLZtr1mgRV8ifyF6SbWncsz7obFUSeFw0C40deLmLM2XyBVA/yOmRIB6bGBtORkE9Nwxqqp3xq3k+y1ySzXWzurkOyRibLWYdc0lhBQPhhkI1fRAfkF+o= Received: from DM6PR07CA0129.namprd07.prod.outlook.com (2603:10b6:5:330::23) by SA0PR12MB4430.namprd12.prod.outlook.com (2603:10b6:806:70::20) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.7025.29; Tue, 28 Nov 2023 13:00:31 +0000 Received: from CY4PEPF0000EE37.namprd05.prod.outlook.com (2603:10b6:5:330:cafe::cf) by DM6PR07CA0129.outlook.office365.com (2603:10b6:5:330::23) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.7025.29 via Frontend Transport; Tue, 28 Nov 2023 13:00:31 +0000 X-MS-Exchange-Authentication-Results: spf=pass (sender IP is 165.204.84.17) smtp.mailfrom=amd.com; dkim=none (message not signed) header.d=none;dmarc=pass action=none header.from=amd.com; Received-SPF: Pass (protection.outlook.com: domain of amd.com designates 165.204.84.17 as permitted sender) receiver=protection.outlook.com; client-ip=165.204.84.17; helo=SATLEXMB04.amd.com; pr=C Received: from SATLEXMB04.amd.com (165.204.84.17) by CY4PEPF0000EE37.mail.protection.outlook.com (10.167.242.43) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256) id 15.20.7046.17 via Frontend Transport; Tue, 28 Nov 2023 13:00:31 +0000 Received: from gomati.amd.com (10.180.168.240) by SATLEXMB04.amd.com (10.181.40.145) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256) id 15.1.2507.34; Tue, 28 Nov 2023 07:00:26 -0600 From: Nikunj A Dadhania To: , , , CC: , , , , , , , , Subject: [PATCH v6 01/16] virt: sev-guest: Use AES GCM crypto library Date: Tue, 28 Nov 2023 18:29:44 +0530 Message-ID: <20231128125959.1810039-2-nikunj@amd.com> X-Mailer: git-send-email 2.34.1 In-Reply-To: <20231128125959.1810039-1-nikunj@amd.com> References: <20231128125959.1810039-1-nikunj@amd.com> MIME-Version: 1.0 X-Originating-IP: [10.180.168.240] X-ClientProxiedBy: SATLEXMB04.amd.com (10.181.40.145) To SATLEXMB04.amd.com (10.181.40.145) X-EOPAttributedMessage: 0 X-MS-PublicTrafficType: Email X-MS-TrafficTypeDiagnostic: CY4PEPF0000EE37:EE_|SA0PR12MB4430:EE_ X-MS-Office365-Filtering-Correlation-Id: abcd63a9-e1dc-4790-54c7-08dbf01200d8 X-MS-Exchange-SenderADCheck: 1 X-MS-Exchange-AntiSpam-Relay: 0 X-Microsoft-Antispam: BCL:0; X-Microsoft-Antispam-Message-Info: PzcSa2PQOvt4+EH5cw8vMoDP94kybE5evcBChce9d5yhe8aw/ZRQDJfQZwc/6pocfUj0levmhAh9D3TcK6EHX5EbgoOEbHPN+jAeZKxdSUsO4fIbl999xajX5LVWh29Y9o7niGovss97msODtlB2ekBTN6Z5vgtMMbHkebDj3bwhgWwTHYadrV/Zp4jjd159LnXtcnzaVApCElZFqhG3f4ES4eoLe+zVcg6aKMHRIwlbbgYTXV8gm1wkDClOYKSwjhDbWnwJHwkPfF4U79/fYWOdQIqOkIjdwVCkpMhyZj36B9j87Z9s7pCZf780xy1UWExZwRCIMMxwcrPLDt+5ty7uL8PwYleVBLpm9Uboxo7lkcTHi+WT8egXBGfZ77Oho/7IqoymqfJWc6PoGosGK53kD0noRzzVBAFMHek8Ld9DCIsSY/Q3xka8joptTe70u7Et2lliDPx4xsjVwpFuh+gBzQIJ7C0hRbej79oRfiSwPQyrncMxkfXH/Vy64QsQb7s8DTAVYh9b8e7A2xc1HVyysARULv7A3uHqvot9jsRhaLNvkCjNd+/G/DIOEjqHqyw3XiCRmlLYVmfVUwLkAu9Oox10sYC4wM9buLKnCuCUPRe+aWX+HBGufH0sp3oG7YKQNH1uYdmvaA+CyMbtFmSJ+EkC4tNGHO96B7gJg83ysSsRU3W7QXm5XPKeG/rNEo9bJfKYQg1x7cqBa5fNP5TG+HeXPUK6lG6fRgItw9gEty663xxjmBRb0Qyi5KVLXvNYK8hW1RPOHsL6cPNung== X-Forefront-Antispam-Report: CIP:165.204.84.17;CTRY:US;LANG:en;SCL:1;SRV:;IPV:CAL;SFV:NSPM;H:SATLEXMB04.amd.com;PTR:InfoDomainNonexistent;CAT:NONE;SFS:(13230031)(4636009)(136003)(376002)(346002)(39860400002)(396003)(230922051799003)(451199024)(64100799003)(186009)(1800799012)(82310400011)(40470700004)(46966006)(36840700001)(6666004)(8936002)(8676002)(4326008)(7696005)(54906003)(110136005)(70586007)(70206006)(316002)(478600001)(40460700003)(36860700001)(81166007)(30864003)(356005)(47076005)(41300700001)(1076003)(36756003)(26005)(16526019)(2906002)(2616005)(40480700001)(83380400001)(336012)(426003)(7416002)(82740400003)(5660300002)(36900700001);DIR:OUT;SFP:1101; X-OriginatorOrg: amd.com X-MS-Exchange-CrossTenant-OriginalArrivalTime: 28 Nov 2023 13:00:31.6374 (UTC) X-MS-Exchange-CrossTenant-Network-Message-Id: abcd63a9-e1dc-4790-54c7-08dbf01200d8 X-MS-Exchange-CrossTenant-Id: 3dd8961f-e488-4e60-8e11-a82d994e183d X-MS-Exchange-CrossTenant-OriginalAttributedTenantConnectingIp: TenantId=3dd8961f-e488-4e60-8e11-a82d994e183d;Ip=[165.204.84.17];Helo=[SATLEXMB04.amd.com] X-MS-Exchange-CrossTenant-AuthSource: CY4PEPF0000EE37.namprd05.prod.outlook.com X-MS-Exchange-CrossTenant-AuthAs: Anonymous X-MS-Exchange-CrossTenant-FromEntityHeader: HybridOnPrem X-MS-Exchange-Transport-CrossTenantHeadersStamped: SA0PR12MB4430 X-Spam-Status: No, score=-0.9 required=5.0 tests=DKIMWL_WL_HIGH,DKIM_SIGNED, DKIM_VALID,DKIM_VALID_AU,HEADER_FROM_DIFFERENT_DOMAINS, MAILING_LIST_MULTI,SPF_HELO_NONE,SPF_PASS,T_SCC_BODY_TEXT_LINE autolearn=unavailable autolearn_force=no version=3.4.6 X-Spam-Checker-Version: SpamAssassin 3.4.6 (2021-04-09) on agentk.vger.email Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org X-Greylist: Sender passed SPF test, not delayed by milter-greylist-4.6.4 (agentk.vger.email [0.0.0.0]); Tue, 28 Nov 2023 05:01:09 -0800 (PST) X-getmail-retrieved-from-mailbox: INBOX X-GMAIL-THRID: 1783812821943749772 X-GMAIL-MSGID: 1783812821943749772 The sev-guest driver encryption code uses Crypto API for SNP guest messaging to interact with AMD Security processor. For enabling SecureTSC, SEV-SNP guests need to send a TSC_INFO request guest message before the smpboot phase starts. Details from the TSC_INFO response will be used to program the VMSA before the secondary CPUs are brought up. The Crypto API is not available this early in the boot phase. In preparation of moving the encryption code out of sev-guest driver to support SecureTSC and make reviewing the diff easier, start using AES GCM library implementation instead of Crypto API. Drop __enc_payload() and dec_payload() helpers as both are pretty small and can be moved to the respective callers. CC: Ard Biesheuvel Signed-off-by: Nikunj A Dadhania Reviewed-by: Tom Lendacky --- drivers/virt/coco/sev-guest/Kconfig | 4 +- drivers/virt/coco/sev-guest/sev-guest.c | 175 ++++++------------------ drivers/virt/coco/sev-guest/sev-guest.h | 3 + 3 files changed, 43 insertions(+), 139 deletions(-) diff --git a/drivers/virt/coco/sev-guest/Kconfig b/drivers/virt/coco/sev-guest/Kconfig index 1cffc72c41cb..0b772bd921d8 100644 --- a/drivers/virt/coco/sev-guest/Kconfig +++ b/drivers/virt/coco/sev-guest/Kconfig @@ -2,9 +2,7 @@ config SEV_GUEST tristate "AMD SEV Guest driver" default m depends on AMD_MEM_ENCRYPT - select CRYPTO - select CRYPTO_AEAD2 - select CRYPTO_GCM + select CRYPTO_LIB_AESGCM select TSM_REPORTS help SEV-SNP firmware provides the guest a mechanism to communicate with diff --git a/drivers/virt/coco/sev-guest/sev-guest.c b/drivers/virt/coco/sev-guest/sev-guest.c index bc564adcf499..aedc842781b6 100644 --- a/drivers/virt/coco/sev-guest/sev-guest.c +++ b/drivers/virt/coco/sev-guest/sev-guest.c @@ -17,8 +17,7 @@ #include #include #include -#include -#include +#include #include #include #include @@ -32,24 +31,16 @@ #include "sev-guest.h" #define DEVICE_NAME "sev-guest" -#define AAD_LEN 48 -#define MSG_HDR_VER 1 #define SNP_REQ_MAX_RETRY_DURATION (60*HZ) #define SNP_REQ_RETRY_DELAY (2*HZ) -struct snp_guest_crypto { - struct crypto_aead *tfm; - u8 *iv, *authtag; - int iv_len, a_len; -}; - struct snp_guest_dev { struct device *dev; struct miscdevice misc; void *certs_data; - struct snp_guest_crypto *crypto; + struct aesgcm_ctx *ctx; /* request and response are in unencrypted memory */ struct snp_guest_msg *request, *response; @@ -161,132 +152,31 @@ static inline struct snp_guest_dev *to_snp_dev(struct file *file) return container_of(dev, struct snp_guest_dev, misc); } -static struct snp_guest_crypto *init_crypto(struct snp_guest_dev *snp_dev, u8 *key, size_t keylen) +static struct aesgcm_ctx *snp_init_crypto(u8 *key, size_t keylen) { - struct snp_guest_crypto *crypto; + struct aesgcm_ctx *ctx; - crypto = kzalloc(sizeof(*crypto), GFP_KERNEL_ACCOUNT); - if (!crypto) + ctx = kzalloc(sizeof(*ctx), GFP_KERNEL_ACCOUNT); + if (!ctx) return NULL; - crypto->tfm = crypto_alloc_aead("gcm(aes)", 0, 0); - if (IS_ERR(crypto->tfm)) - goto e_free; - - if (crypto_aead_setkey(crypto->tfm, key, keylen)) - goto e_free_crypto; - - crypto->iv_len = crypto_aead_ivsize(crypto->tfm); - crypto->iv = kmalloc(crypto->iv_len, GFP_KERNEL_ACCOUNT); - if (!crypto->iv) - goto e_free_crypto; - - if (crypto_aead_authsize(crypto->tfm) > MAX_AUTHTAG_LEN) { - if (crypto_aead_setauthsize(crypto->tfm, MAX_AUTHTAG_LEN)) { - dev_err(snp_dev->dev, "failed to set authsize to %d\n", MAX_AUTHTAG_LEN); - goto e_free_iv; - } + if (aesgcm_expandkey(ctx, key, keylen, AUTHTAG_LEN)) { + pr_err("Crypto context initialization failed\n"); + kfree(ctx); + return NULL; } - crypto->a_len = crypto_aead_authsize(crypto->tfm); - crypto->authtag = kmalloc(crypto->a_len, GFP_KERNEL_ACCOUNT); - if (!crypto->authtag) - goto e_free_iv; - - return crypto; - -e_free_iv: - kfree(crypto->iv); -e_free_crypto: - crypto_free_aead(crypto->tfm); -e_free: - kfree(crypto); - - return NULL; -} - -static void deinit_crypto(struct snp_guest_crypto *crypto) -{ - crypto_free_aead(crypto->tfm); - kfree(crypto->iv); - kfree(crypto->authtag); - kfree(crypto); -} - -static int enc_dec_message(struct snp_guest_crypto *crypto, struct snp_guest_msg *msg, - u8 *src_buf, u8 *dst_buf, size_t len, bool enc) -{ - struct snp_guest_msg_hdr *hdr = &msg->hdr; - struct scatterlist src[3], dst[3]; - DECLARE_CRYPTO_WAIT(wait); - struct aead_request *req; - int ret; - - req = aead_request_alloc(crypto->tfm, GFP_KERNEL); - if (!req) - return -ENOMEM; - - /* - * AEAD memory operations: - * +------ AAD -------+------- DATA -----+---- AUTHTAG----+ - * | msg header | plaintext | hdr->authtag | - * | bytes 30h - 5Fh | or | | - * | | cipher | | - * +------------------+------------------+----------------+ - */ - sg_init_table(src, 3); - sg_set_buf(&src[0], &hdr->algo, AAD_LEN); - sg_set_buf(&src[1], src_buf, hdr->msg_sz); - sg_set_buf(&src[2], hdr->authtag, crypto->a_len); - - sg_init_table(dst, 3); - sg_set_buf(&dst[0], &hdr->algo, AAD_LEN); - sg_set_buf(&dst[1], dst_buf, hdr->msg_sz); - sg_set_buf(&dst[2], hdr->authtag, crypto->a_len); - - aead_request_set_ad(req, AAD_LEN); - aead_request_set_tfm(req, crypto->tfm); - aead_request_set_callback(req, 0, crypto_req_done, &wait); - - aead_request_set_crypt(req, src, dst, len, crypto->iv); - ret = crypto_wait_req(enc ? crypto_aead_encrypt(req) : crypto_aead_decrypt(req), &wait); - - aead_request_free(req); - return ret; -} - -static int __enc_payload(struct snp_guest_dev *snp_dev, struct snp_guest_msg *msg, - void *plaintext, size_t len) -{ - struct snp_guest_crypto *crypto = snp_dev->crypto; - struct snp_guest_msg_hdr *hdr = &msg->hdr; - - memset(crypto->iv, 0, crypto->iv_len); - memcpy(crypto->iv, &hdr->msg_seqno, sizeof(hdr->msg_seqno)); - - return enc_dec_message(crypto, msg, plaintext, msg->payload, len, true); -} - -static int dec_payload(struct snp_guest_dev *snp_dev, struct snp_guest_msg *msg, - void *plaintext, size_t len) -{ - struct snp_guest_crypto *crypto = snp_dev->crypto; - struct snp_guest_msg_hdr *hdr = &msg->hdr; - - /* Build IV with response buffer sequence number */ - memset(crypto->iv, 0, crypto->iv_len); - memcpy(crypto->iv, &hdr->msg_seqno, sizeof(hdr->msg_seqno)); - - return enc_dec_message(crypto, msg, msg->payload, plaintext, len, false); + return ctx; } static int verify_and_dec_payload(struct snp_guest_dev *snp_dev, void *payload, u32 sz) { - struct snp_guest_crypto *crypto = snp_dev->crypto; struct snp_guest_msg *resp = &snp_dev->secret_response; struct snp_guest_msg *req = &snp_dev->secret_request; struct snp_guest_msg_hdr *req_hdr = &req->hdr; struct snp_guest_msg_hdr *resp_hdr = &resp->hdr; + struct aesgcm_ctx *ctx = snp_dev->ctx; + u8 iv[GCM_AES_IV_SIZE] = {}; dev_dbg(snp_dev->dev, "response [seqno %lld type %d version %d sz %d]\n", resp_hdr->msg_seqno, resp_hdr->msg_type, resp_hdr->msg_version, resp_hdr->msg_sz); @@ -307,11 +197,16 @@ static int verify_and_dec_payload(struct snp_guest_dev *snp_dev, void *payload, * If the message size is greater than our buffer length then return * an error. */ - if (unlikely((resp_hdr->msg_sz + crypto->a_len) > sz)) + if (unlikely((resp_hdr->msg_sz + ctx->authsize) > sz)) return -EBADMSG; /* Decrypt the payload */ - return dec_payload(snp_dev, resp, payload, resp_hdr->msg_sz + crypto->a_len); + memcpy(iv, &resp_hdr->msg_seqno, sizeof(resp_hdr->msg_seqno)); + if (!aesgcm_decrypt(ctx, payload, resp->payload, resp_hdr->msg_sz, + &resp_hdr->algo, AAD_LEN, iv, resp_hdr->authtag)) + return -EBADMSG; + + return 0; } static int enc_payload(struct snp_guest_dev *snp_dev, u64 seqno, int version, u8 type, @@ -319,6 +214,8 @@ static int enc_payload(struct snp_guest_dev *snp_dev, u64 seqno, int version, u8 { struct snp_guest_msg *req = &snp_dev->secret_request; struct snp_guest_msg_hdr *hdr = &req->hdr; + struct aesgcm_ctx *ctx = snp_dev->ctx; + u8 iv[GCM_AES_IV_SIZE] = {}; memset(req, 0, sizeof(*req)); @@ -338,7 +235,14 @@ static int enc_payload(struct snp_guest_dev *snp_dev, u64 seqno, int version, u8 dev_dbg(snp_dev->dev, "request [seqno %lld type %d version %d sz %d]\n", hdr->msg_seqno, hdr->msg_type, hdr->msg_version, hdr->msg_sz); - return __enc_payload(snp_dev, req, payload, sz); + if (WARN_ON((sz + ctx->authsize) > sizeof(req->payload))) + return -EBADMSG; + + memcpy(iv, &hdr->msg_seqno, sizeof(hdr->msg_seqno)); + aesgcm_encrypt(ctx, req->payload, payload, sz, &hdr->algo, AAD_LEN, + iv, hdr->authtag); + + return 0; } static int __handle_guest_request(struct snp_guest_dev *snp_dev, u64 exit_code, @@ -486,7 +390,6 @@ struct snp_req_resp { static int get_report(struct snp_guest_dev *snp_dev, struct snp_guest_request_ioctl *arg) { - struct snp_guest_crypto *crypto = snp_dev->crypto; struct snp_report_req *req = &snp_dev->req.report; struct snp_report_resp *resp; int rc, resp_len; @@ -504,7 +407,7 @@ static int get_report(struct snp_guest_dev *snp_dev, struct snp_guest_request_io * response payload. Make sure that it has enough space to cover the * authtag. */ - resp_len = sizeof(resp->data) + crypto->a_len; + resp_len = sizeof(resp->data) + snp_dev->ctx->authsize; resp = kzalloc(resp_len, GFP_KERNEL_ACCOUNT); if (!resp) return -ENOMEM; @@ -526,7 +429,6 @@ static int get_report(struct snp_guest_dev *snp_dev, struct snp_guest_request_io static int get_derived_key(struct snp_guest_dev *snp_dev, struct snp_guest_request_ioctl *arg) { struct snp_derived_key_req *req = &snp_dev->req.derived_key; - struct snp_guest_crypto *crypto = snp_dev->crypto; struct snp_derived_key_resp resp = {0}; int rc, resp_len; /* Response data is 64 bytes and max authsize for GCM is 16 bytes. */ @@ -542,7 +444,7 @@ static int get_derived_key(struct snp_guest_dev *snp_dev, struct snp_guest_reque * response payload. Make sure that it has enough space to cover the * authtag. */ - resp_len = sizeof(resp.data) + crypto->a_len; + resp_len = sizeof(resp.data) + snp_dev->ctx->authsize; if (sizeof(buf) < resp_len) return -ENOMEM; @@ -569,7 +471,6 @@ static int get_ext_report(struct snp_guest_dev *snp_dev, struct snp_guest_reques { struct snp_ext_report_req *req = &snp_dev->req.ext_report; - struct snp_guest_crypto *crypto = snp_dev->crypto; struct snp_report_resp *resp; int ret, npages = 0, resp_len; sockptr_t certs_address; @@ -612,7 +513,7 @@ static int get_ext_report(struct snp_guest_dev *snp_dev, struct snp_guest_reques * response payload. Make sure that it has enough space to cover the * authtag. */ - resp_len = sizeof(resp->data) + crypto->a_len; + resp_len = sizeof(resp->data) + snp_dev->ctx->authsize; resp = kzalloc(resp_len, GFP_KERNEL_ACCOUNT); if (!resp) return -ENOMEM; @@ -954,8 +855,8 @@ static int __init sev_guest_probe(struct platform_device *pdev) goto e_free_response; ret = -EIO; - snp_dev->crypto = init_crypto(snp_dev, snp_dev->vmpck, VMPCK_KEY_LEN); - if (!snp_dev->crypto) + snp_dev->ctx = snp_init_crypto(snp_dev->vmpck, VMPCK_KEY_LEN); + if (!snp_dev->ctx) goto e_free_cert_data; misc = &snp_dev->misc; @@ -978,11 +879,13 @@ static int __init sev_guest_probe(struct platform_device *pdev) ret = misc_register(misc); if (ret) - goto e_free_cert_data; + goto e_free_ctx; dev_info(dev, "Initialized SEV guest driver (using vmpck_id %d)\n", vmpck_id); return 0; +e_free_ctx: + kfree(snp_dev->ctx); e_free_cert_data: free_shared_pages(snp_dev->certs_data, SEV_FW_BLOB_MAX_SIZE); e_free_response: @@ -1001,7 +904,7 @@ static int __exit sev_guest_remove(struct platform_device *pdev) free_shared_pages(snp_dev->certs_data, SEV_FW_BLOB_MAX_SIZE); free_shared_pages(snp_dev->response, sizeof(struct snp_guest_msg)); free_shared_pages(snp_dev->request, sizeof(struct snp_guest_msg)); - deinit_crypto(snp_dev->crypto); + kfree(snp_dev->ctx); misc_deregister(&snp_dev->misc); return 0; diff --git a/drivers/virt/coco/sev-guest/sev-guest.h b/drivers/virt/coco/sev-guest/sev-guest.h index 21bda26fdb95..ceb798a404d6 100644 --- a/drivers/virt/coco/sev-guest/sev-guest.h +++ b/drivers/virt/coco/sev-guest/sev-guest.h @@ -13,6 +13,9 @@ #include #define MAX_AUTHTAG_LEN 32 +#define AUTHTAG_LEN 16 +#define AAD_LEN 48 +#define MSG_HDR_VER 1 /* See SNP spec SNP_GUEST_REQUEST section for the structure */ enum msg_type {