Commit 24e19590 authored by zhenwei pi's avatar zhenwei pi Committed by Michael S. Tsirkin
Browse files

virtio-crypto: introduce akcipher service 



Introduce asymmetric service definition, asymmetric operations and
several well known algorithms.

Co-developed-by: default avatarlei he <helei.sig11@bytedance.com>
Signed-off-by: default avatarlei he <helei.sig11@bytedance.com>
Signed-off-by: default avatarzhenwei pi <pizhenwei@bytedance.com>
Link: https://lore.kernel.org/r/20220302033917.1295334-3-pizhenwei@bytedance.com


Signed-off-by: default avatarMichael S. Tsirkin <mst@redhat.com>
Reviewed-by: default avatarGonglei <arei.gonglei@huawei.com>
parent 13d640a3

include/uapi/linux/virtio_crypto.h

+80 −1
Original line number Diff line number Diff line
@@ -37,6 +37,7 @@ 
#define VIRTIO_CRYPTO_SERVICE_HASH   1

#define VIRTIO_CRYPTO_SERVICE_MAC    2

#define VIRTIO_CRYPTO_SERVICE_AEAD   3

#define VIRTIO_CRYPTO_SERVICE_AKCIPHER 4



#define VIRTIO_CRYPTO_OPCODE(service, op)   (((service) << 8) | (op))
@@ -57,6 +58,10 @@ struct virtio_crypto_ctrl_header { 
	   VIRTIO_CRYPTO_OPCODE(VIRTIO_CRYPTO_SERVICE_AEAD, 0x02)

#define VIRTIO_CRYPTO_AEAD_DESTROY_SESSION \

	   VIRTIO_CRYPTO_OPCODE(VIRTIO_CRYPTO_SERVICE_AEAD, 0x03)

#define VIRTIO_CRYPTO_AKCIPHER_CREATE_SESSION \

	   VIRTIO_CRYPTO_OPCODE(VIRTIO_CRYPTO_SERVICE_AKCIPHER, 0x04)

#define VIRTIO_CRYPTO_AKCIPHER_DESTROY_SESSION \

	   VIRTIO_CRYPTO_OPCODE(VIRTIO_CRYPTO_SERVICE_AKCIPHER, 0x05)

	__le32 opcode;

	__le32 algo;

	__le32 flag;
@@ -180,6 +185,58 @@ struct virtio_crypto_aead_create_session_req { 
	__u8 padding[32];

};



struct virtio_crypto_rsa_session_para {

#define VIRTIO_CRYPTO_RSA_RAW_PADDING   0

#define VIRTIO_CRYPTO_RSA_PKCS1_PADDING 1

	__le32 padding_algo;



#define VIRTIO_CRYPTO_RSA_NO_HASH   0

#define VIRTIO_CRYPTO_RSA_MD2       1

#define VIRTIO_CRYPTO_RSA_MD3       2

#define VIRTIO_CRYPTO_RSA_MD4       3

#define VIRTIO_CRYPTO_RSA_MD5       4

#define VIRTIO_CRYPTO_RSA_SHA1      5

#define VIRTIO_CRYPTO_RSA_SHA256    6

#define VIRTIO_CRYPTO_RSA_SHA384    7

#define VIRTIO_CRYPTO_RSA_SHA512    8

#define VIRTIO_CRYPTO_RSA_SHA224    9

	__le32 hash_algo;

};



struct virtio_crypto_ecdsa_session_para {

#define VIRTIO_CRYPTO_CURVE_UNKNOWN   0

#define VIRTIO_CRYPTO_CURVE_NIST_P192 1

#define VIRTIO_CRYPTO_CURVE_NIST_P224 2

#define VIRTIO_CRYPTO_CURVE_NIST_P256 3

#define VIRTIO_CRYPTO_CURVE_NIST_P384 4

#define VIRTIO_CRYPTO_CURVE_NIST_P521 5

	__le32 curve_id;

	__le32 padding;

};



struct virtio_crypto_akcipher_session_para {

#define VIRTIO_CRYPTO_NO_AKCIPHER    0

#define VIRTIO_CRYPTO_AKCIPHER_RSA   1

#define VIRTIO_CRYPTO_AKCIPHER_DSA   2

#define VIRTIO_CRYPTO_AKCIPHER_ECDSA 3

	__le32 algo;



#define VIRTIO_CRYPTO_AKCIPHER_KEY_TYPE_PUBLIC  1

#define VIRTIO_CRYPTO_AKCIPHER_KEY_TYPE_PRIVATE 2

	__le32 keytype;

	__le32 keylen;



	union {

		struct virtio_crypto_rsa_session_para rsa;

		struct virtio_crypto_ecdsa_session_para ecdsa;

	} u;

};



struct virtio_crypto_akcipher_create_session_req {

	struct virtio_crypto_akcipher_session_para para;

	__u8 padding[36];

};



struct virtio_crypto_alg_chain_session_para {

#define VIRTIO_CRYPTO_SYM_ALG_CHAIN_ORDER_HASH_THEN_CIPHER  1

#define VIRTIO_CRYPTO_SYM_ALG_CHAIN_ORDER_CIPHER_THEN_HASH  2
@@ -247,6 +304,8 @@ struct virtio_crypto_op_ctrl_req { 
			mac_create_session;

		struct virtio_crypto_aead_create_session_req

			aead_create_session;

		struct virtio_crypto_akcipher_create_session_req

			akcipher_create_session;

		struct virtio_crypto_destroy_session_req

			destroy_session;

		__u8 padding[56];
@@ -266,6 +325,14 @@ struct virtio_crypto_op_header { 
	VIRTIO_CRYPTO_OPCODE(VIRTIO_CRYPTO_SERVICE_AEAD, 0x00)

#define VIRTIO_CRYPTO_AEAD_DECRYPT \

	VIRTIO_CRYPTO_OPCODE(VIRTIO_CRYPTO_SERVICE_AEAD, 0x01)

#define VIRTIO_CRYPTO_AKCIPHER_ENCRYPT \

	VIRTIO_CRYPTO_OPCODE(VIRTIO_CRYPTO_SERVICE_AKCIPHER, 0x00)

#define VIRTIO_CRYPTO_AKCIPHER_DECRYPT \

	VIRTIO_CRYPTO_OPCODE(VIRTIO_CRYPTO_SERVICE_AKCIPHER, 0x01)

#define VIRTIO_CRYPTO_AKCIPHER_SIGN \

	VIRTIO_CRYPTO_OPCODE(VIRTIO_CRYPTO_SERVICE_AKCIPHER, 0x02)

#define VIRTIO_CRYPTO_AKCIPHER_VERIFY \

	VIRTIO_CRYPTO_OPCODE(VIRTIO_CRYPTO_SERVICE_AKCIPHER, 0x03)

	__le32 opcode;

	/* algo should be service-specific algorithms */

	__le32 algo;
@@ -390,6 +457,16 @@ struct virtio_crypto_aead_data_req { 
	__u8 padding[32];

};



struct virtio_crypto_akcipher_para {

	__le32 src_data_len;

	__le32 dst_data_len;

};



struct virtio_crypto_akcipher_data_req {

	struct virtio_crypto_akcipher_para para;

	__u8 padding[40];

};



/* The request of the data virtqueue's packet */

struct virtio_crypto_op_data_req {

	struct virtio_crypto_op_header header;
@@ -399,6 +476,7 @@ struct virtio_crypto_op_data_req { 
		struct virtio_crypto_hash_data_req hash_req;

		struct virtio_crypto_mac_data_req mac_req;

		struct virtio_crypto_aead_data_req aead_req;

		struct virtio_crypto_akcipher_data_req akcipher_req;

		__u8 padding[48];

	} u;

};
@@ -409,6 +487,7 @@ struct virtio_crypto_op_data_req { 
#define VIRTIO_CRYPTO_NOTSUPP   3

#define VIRTIO_CRYPTO_INVSESS   4 /* Invalid session id */

#define VIRTIO_CRYPTO_NOSPC     5 /* no free session ID */

#define VIRTIO_CRYPTO_KEY_REJECTED 6 /* Signature verification failed */



/* The accelerator hardware is ready */

#define VIRTIO_CRYPTO_S_HW_READY  (1 << 0)
@@ -439,7 +518,7 @@ struct virtio_crypto_config { 
	__le32 max_cipher_key_len;

	/* Maximum length of authenticated key */

	__le32 max_auth_key_len;

	__le32 reserve;

	__le32 akcipher_algo;

	/* Maximum size of each crypto request's content */

	__le64 max_size;

};