[virtio-dev] RE: [V0 1/1] virtio crypto device specification: asymmetric crypto service
On Wednesday, September 21, 2016 3:03 PM, Gonglei (Arei) Wrote: > > -Original Message- > > From: Xin Zeng [mailto:xin.z...@intel.com] > > Sent: Wednesday, September 21, 2016 1:15 PM > > To: virtio-dev@lists.oasis-open.org; qemu-de...@nongnu.org; Gonglei > (Arei) > > Cc: m...@redhat.com; brian.a.keat...@intel.com; john.grif...@intel.com; > > liang.j...@intel.com; Huangweidong (C); Xin Zeng > > Subject: [V0 1/1] virtio crypto device specification: asymmetric crypto > service > > > > This patch introduces asymmetric crypto service into virtio crypto > > device. The asymmetric crypto service can be referred as signature, > > verification, encryption, decryption, key generation and key exchange. > > This patch depends on another virtio crypto device spec patch: > > https://lists.gnu.org/archive/html/qemu-devel/2016-09/msg04563.html. > > > > Signed-off-by: Xin Zeng> > --- > > virtio-crypto.tex | 932 > > +- > > 1 file changed, 931 insertions(+), 1 deletion(-) > > > > diff --git a/virtio-crypto.tex b/virtio-crypto.tex > > index c3554e3..699d8dc 100644 > > --- a/virtio-crypto.tex > > +++ b/virtio-crypto.tex > > @@ -46,6 +46,7 @@ struct virtio_crypto_config { > > le32 kdf_algo; > > le32 aead_algo; > > le32 primitive_algo; > > +le32 rsa_padding; > > The structure doesn't 64-bit aligned now. Please add a padding. > Yes. We also need remove some fields for now as Michael suggested in another mail. > > }; > > \end{lstlisting} > > > > @@ -67,6 +68,7 @@ The following services are defined: > > #define VIRTIO_CRYPTO_SERVICE_HASH (1) /* HASH service */ > > #define VIRTIO_CRYPTO_SERVICE_MAC(2) /* MAC (Message > > Authentication Codes) service */ > > #define VIRTIO_CRYPTO_SERVICE_AEAD (3) /* AEAD (Authenticated > > Encryption with Associated Data) service */ > > +#define VIRTIO_CRYPTO_SERVICE_ASYM (4) /* Asymmetric crypto > service*/ > > \end{lstlisting} > > > > The last driver-read-only fields specify detailed algorithms masks > > @@ -140,6 +142,28 @@ The following AEAD algorithms are defined: > > #define VIRTIO_CRYPTO_AEAD_CHACHA20_POLY1305 3 > > \end{lstlisting} > > > > +The following asymmetric algorithms are defined: > > + > > +\begin{lstlisting} > > +#define VIRTIO_CRYPTO_ASYM_NONE0 > > +#define VIRTIO_CRYPTO_ASYM_RSA 1 > > +#define VIRTIO_CRYPTO_ASYM_DSA 2 > > +#define VIRTIO_CRYPTO_ASYM_DH 3 > > +#define VIRTIO_CRYPTO_ASYM_ECDSA 4 > > +#define VIRTIO_CRYPTO_ASYM_ECDH 5 > > +\end{lstlisting} > > + > > +The following rsa padding capabilities are defined: > > + > > +\begin{lstlisting} > > +#define VIRTIO_CRYPTO_RSA_NO_PADDING 0 > > +#define VIRTIO_CRYPTO_RSA_PKCS1_PADDING 1 > > +#define VIRTIO_CRYPTO_RSA_SSLV23_PADDING 2 > > +#define VIRTIO_CRYPTO_RSA_PKCS1_OAEP_PADDING 3 > > +#define VIRTIO_CRYPTO_RSA_X931_PADDING 4 > > +#define VIRTIO_CRYPTO_RSA_PKCS1_PSS_PADDING 5 > > +\end{lstlisting} > > + > > \begin{note} > > More algorithms will be defined in the future. > > \end{note} > > @@ -238,6 +262,18 @@ struct virtio_crypto_op_header { > > VIRTIO_CRYPTO_OPCODE(VIRTIO_CRYPTO_SERVICE_AEAD, 0x00) > > #define VIRTIO_CRYPTO_AEAD_DECRYPT \ > > VIRTIO_CRYPTO_OPCODE(VIRTIO_CRYPTO_SERVICE_AEAD, 0x01) > > +#define VIRTIO_CRYPTO_ASYM_SIGN\ > > +VIRTIO_CRYPTO_OPCODE(VIRTIO_CRYPTO_SERVICE_ASYM, 0x00) > > +#define VIRTIO_CRYPTO_ASYM_VERIFY \ > > +VIRTIO_CRYPTO_OPCODE(VIRTIO_CRYPTO_SERVICE_ASYM, 0x01) > > +#define VIRTIO_CRYPTO_ASYM_ENCRYPT \ > > +VIRTIO_CRYPTO_OPCODE(VIRTIO_CRYPTO_SERVICE_ASYM, 0x02) > > +#define VIRTIO_CRYPTO_ASYM_DECRYPT \ > > +VIRTIO_CRYPTO_OPCODE(VIRTIO_CRYPTO_SERVICE_ASYM, 0x03) > > +#define VIRTIO_CRYPTO_ASYM_KEY_GEN \ > > +VIRTIO_CRYPTO_OPCODE(VIRTIO_CRYPTO_SERVICE_ASYM, 0x04) > > +#define VIRTIO_CRYPTO_ASYM_KEY_EXCHG \ > > +VIRTIO_CRYPTO_OPCODE(VIRTIO_CRYPTO_SERVICE_ASYM, 0x05) > > le32 opcode; > > /* algo should be service-specific algorithms */ > > le32 algo; > > @@ -540,6 +576,26 @@ struct virtio_crypto_op_data_req { > > struct virtio_crypto_hash_data_req hash_req; > > struct virtio_crypto_mac_data_req mac_req; > > struct virtio_crypto_aead_data_req aead_req; > > +struct virtio_crypto_ecdsa_sign_req ecdsa_sign_req; > > +struct virtio_crypto_dsa_sign_req dsa_sign_req; > > +struct virtio_crypto_rsa_sign_req rsa_sign_req; > > + > > +struct virtio_crypto_ecdsa_verify_req ecdsa_verify_req; > > +struct virtio_crypto_dsa_verify_req dsa_verify_req; > > +struct virtio_crypto_rsa_verify_req rsa_verify_req; > > + > > +struct virtio_crypto_rsa_enc_req rsa_enc_req > > +struct virtio_crypto_rsa_dec_req rsa_dec_req; > > + > > +struct virtio_crypto_rsa_keygen_req rsa_keygen_req; > > +struct virtio_crypto_dsa_keygen_req dsa_keygen_req; > > +struct
[virtio-dev] RE: [V0 1/1] virtio crypto device specification: asymmetric crypto service
Hi Xin, Here you go. ;) > -Original Message- > From: Xin Zeng [mailto:xin.z...@intel.com] > Sent: Wednesday, September 21, 2016 1:15 PM > To: virtio-dev@lists.oasis-open.org; qemu-de...@nongnu.org; Gonglei (Arei) > Cc: m...@redhat.com; brian.a.keat...@intel.com; john.grif...@intel.com; > liang.j...@intel.com; Huangweidong (C); Xin Zeng > Subject: [V0 1/1] virtio crypto device specification: asymmetric crypto > service > > This patch introduces asymmetric crypto service into virtio crypto > device. The asymmetric crypto service can be referred as signature, > verification, encryption, decryption, key generation and key exchange. > This patch depends on another virtio crypto device spec patch: > https://lists.gnu.org/archive/html/qemu-devel/2016-09/msg04563.html. > > Signed-off-by: Xin Zeng> --- > virtio-crypto.tex | 932 > +- > 1 file changed, 931 insertions(+), 1 deletion(-) > > diff --git a/virtio-crypto.tex b/virtio-crypto.tex > index c3554e3..699d8dc 100644 > --- a/virtio-crypto.tex > +++ b/virtio-crypto.tex > @@ -46,6 +46,7 @@ struct virtio_crypto_config { > le32 kdf_algo; > le32 aead_algo; > le32 primitive_algo; > +le32 rsa_padding; The structure doesn't 64-bit aligned now. Please add a padding. > }; > \end{lstlisting} > > @@ -67,6 +68,7 @@ The following services are defined: > #define VIRTIO_CRYPTO_SERVICE_HASH (1) /* HASH service */ > #define VIRTIO_CRYPTO_SERVICE_MAC(2) /* MAC (Message > Authentication Codes) service */ > #define VIRTIO_CRYPTO_SERVICE_AEAD (3) /* AEAD (Authenticated > Encryption with Associated Data) service */ > +#define VIRTIO_CRYPTO_SERVICE_ASYM (4) /* Asymmetric crypto service*/ > \end{lstlisting} > > The last driver-read-only fields specify detailed algorithms masks > @@ -140,6 +142,28 @@ The following AEAD algorithms are defined: > #define VIRTIO_CRYPTO_AEAD_CHACHA20_POLY1305 3 > \end{lstlisting} > > +The following asymmetric algorithms are defined: > + > +\begin{lstlisting} > +#define VIRTIO_CRYPTO_ASYM_NONE0 > +#define VIRTIO_CRYPTO_ASYM_RSA 1 > +#define VIRTIO_CRYPTO_ASYM_DSA 2 > +#define VIRTIO_CRYPTO_ASYM_DH 3 > +#define VIRTIO_CRYPTO_ASYM_ECDSA 4 > +#define VIRTIO_CRYPTO_ASYM_ECDH 5 > +\end{lstlisting} > + > +The following rsa padding capabilities are defined: > + > +\begin{lstlisting} > +#define VIRTIO_CRYPTO_RSA_NO_PADDING 0 > +#define VIRTIO_CRYPTO_RSA_PKCS1_PADDING 1 > +#define VIRTIO_CRYPTO_RSA_SSLV23_PADDING 2 > +#define VIRTIO_CRYPTO_RSA_PKCS1_OAEP_PADDING 3 > +#define VIRTIO_CRYPTO_RSA_X931_PADDING 4 > +#define VIRTIO_CRYPTO_RSA_PKCS1_PSS_PADDING 5 > +\end{lstlisting} > + > \begin{note} > More algorithms will be defined in the future. > \end{note} > @@ -238,6 +262,18 @@ struct virtio_crypto_op_header { > VIRTIO_CRYPTO_OPCODE(VIRTIO_CRYPTO_SERVICE_AEAD, 0x00) > #define VIRTIO_CRYPTO_AEAD_DECRYPT \ > VIRTIO_CRYPTO_OPCODE(VIRTIO_CRYPTO_SERVICE_AEAD, 0x01) > +#define VIRTIO_CRYPTO_ASYM_SIGN\ > +VIRTIO_CRYPTO_OPCODE(VIRTIO_CRYPTO_SERVICE_ASYM, 0x00) > +#define VIRTIO_CRYPTO_ASYM_VERIFY \ > +VIRTIO_CRYPTO_OPCODE(VIRTIO_CRYPTO_SERVICE_ASYM, 0x01) > +#define VIRTIO_CRYPTO_ASYM_ENCRYPT \ > +VIRTIO_CRYPTO_OPCODE(VIRTIO_CRYPTO_SERVICE_ASYM, 0x02) > +#define VIRTIO_CRYPTO_ASYM_DECRYPT \ > +VIRTIO_CRYPTO_OPCODE(VIRTIO_CRYPTO_SERVICE_ASYM, 0x03) > +#define VIRTIO_CRYPTO_ASYM_KEY_GEN \ > +VIRTIO_CRYPTO_OPCODE(VIRTIO_CRYPTO_SERVICE_ASYM, 0x04) > +#define VIRTIO_CRYPTO_ASYM_KEY_EXCHG \ > +VIRTIO_CRYPTO_OPCODE(VIRTIO_CRYPTO_SERVICE_ASYM, 0x05) > le32 opcode; > /* algo should be service-specific algorithms */ > le32 algo; > @@ -540,6 +576,26 @@ struct virtio_crypto_op_data_req { > struct virtio_crypto_hash_data_req hash_req; > struct virtio_crypto_mac_data_req mac_req; > struct virtio_crypto_aead_data_req aead_req; > +struct virtio_crypto_ecdsa_sign_req ecdsa_sign_req; > +struct virtio_crypto_dsa_sign_req dsa_sign_req; > +struct virtio_crypto_rsa_sign_req rsa_sign_req; > + > +struct virtio_crypto_ecdsa_verify_req ecdsa_verify_req; > +struct virtio_crypto_dsa_verify_req dsa_verify_req; > +struct virtio_crypto_rsa_verify_req rsa_verify_req; > + > +struct virtio_crypto_rsa_enc_req rsa_enc_req > +struct virtio_crypto_rsa_dec_req rsa_dec_req; > + > +struct virtio_crypto_rsa_keygen_req rsa_keygen_req; > +struct virtio_crypto_dsa_keygen_req dsa_keygen_req; > +struct virtio_crypto_ec_keygen_req ec_keygen_req; > + > +struct virtio_crypto_dh_keyexchg_param_gen_req > dh_keyexchg_param_gen_req; > +struct virtio_crypto_dh_keyexchg_key_gen_req > dh_keyexchg_key_gen_req; > +struct virtio_crypto_dh_keyexchg_key_compute_req > dh_keyexchg_key_compute_req; > +struct