Re: [Qemu-devel] [PATCH v10 1/2] virtio-crypto: Add virtio crypto device specification
On Tue, Sep 20, 2016 at 05:46:01PM +0800, Gonglei wrote: > The virtio crypto device is a virtual crypto device (ie. hardware > crypto accelerator card). The virtio crypto device can provide > five crypto services: CIPHER, MAC, HASH, AEAD, KDF, ASYM, PRIMITIVE. Only CIPHER, MAC, HASH, AEAD are documented at this point. Let's drop others for now? > > In this patch, CIPHER, MAC, HASH, AEAD services are introduced. > > Signed-off-by: Gonglei> CC: Michael S. Tsirkin > CC: Cornelia Huck > CC: Stefan Hajnoczi > CC: Lingli Deng > CC: Jani Kokkonen > CC: Ola Liljedahl > CC: Varun Sethi > CC: Zeng Xin > CC: Keating Brian > CC: Ma Liang J > CC: Griffin John > CC: Hanweidong > CC: Mihai Claudiu Caraman > --- > content.tex | 2 + > virtio-crypto.tex | 942 > ++ > 2 files changed, 944 insertions(+) > create mode 100644 virtio-crypto.tex > > diff --git a/content.tex b/content.tex > index 4b45678..ab75f78 100644 > --- a/content.tex > +++ b/content.tex > @@ -5750,6 +5750,8 @@ descriptor for the \field{sense_len}, \field{residual}, > \field{status_qualifier}, \field{status}, \field{response} and > \field{sense} fields. > > +\input{virtio-crypto.tex} > + > \chapter{Reserved Feature Bits}\label{sec:Reserved Feature Bits} > > Currently there are three device-independent feature bits defined: > diff --git a/virtio-crypto.tex b/virtio-crypto.tex > new file mode 100644 > index 000..ac1fc0a > --- /dev/null > +++ b/virtio-crypto.tex > @@ -0,0 +1,942 @@ > +\section{Crypto Device}\label{sec:Device Types / Crypto Device} > + > +The virtio crypto device is a virtual cryptography device as well as a kind > of > +virtual hardware accelerator for virtual machines. The encryption and > +decryption requests are placed in the data queue and are ultimately handled > by the > +real crypto accelerators. I would like "real" to be renamed "backend". > The second queue is the control queue used to create > +or destroy sessions for symmetric algorithms and will control some advanced > +features in the future. The virtio crypto device provides seven crypto > +services: CIPHER, MAC, HASH, AEAD, KDF, ASYM, and PRIMITIVE. > + > + > +\subsection{Device ID}\label{sec:Device Types / Crypto Device / Device ID} > + > +20 > + > +\subsection{Virtqueues}\label{sec:Device Types / Crypto Device / Virtqueues} > + > +\begin{description} > +\item[0] dataq1 > +\item[\ldots] > +\item[N-1] dataqN > +\item[N] controlq > +\end{description} > + > +N is set by \field{max_dataqueues}. > + > +\subsection{Feature bits}\label{sec:Device Types / Crypto Device / Feature > bits} > + None currently defined > + > +\subsection{Device configuration layout}\label{sec:Device Types / Crypto > Device / Device configuration layout} > + > +The following driver-read-only configuration fields are defined: > + > +\begin{lstlisting} > +struct virtio_crypto_config { > +le32 status; > +le32 max_dataqueues; Is this just num_queues - 1? Why isn't the generic num_queues sufficient? > +le32 crypto_services; Would it make sense to use feature bits for this instead? Looks like that you need to add algo masks when adding services, and tying config space fields to features is well supported by guests. > +/* detailed algorithms mask */ > +le32 cipher_algo_l; > +le32 cipher_algo_h; > +le32 hash_algo; > +le32 mac_algo_l; > +le32 mac_algo_h; > +le32 asym_algo; > +le32 kdf_algo; > +le32 aead_algo; > +le32 primitive_algo; > +}; > +\end{lstlisting} > + > +In the \field{status}, the value of the field is VIRTIO_CRYPTO_S_HW_READY or > VIRTIO_CRYPTO_S_STARTED. > + > +\begin{lstlisting} > +#define VIRTIO_CRYPTO_S_HW_READY (1 << 0) > +#define VIRTIO_CRYPTO_S_STARTED (1 << 1) > +\end{lstlisting} > + > +The following driver-read-only fields include \field{max_dataqueues}, which > specifies the > +maximum number of data virtqueues (dataq1\ldots dataqN), and > \field{crypto_services}, > +which indicates the crypto service the virtio crypto supports. > + > +The following services are defined: > + > +\begin{lstlisting} > +#define VIRTIO_CRYPTO_SERVICE_CIPHER (0) /* CIPHER service */ > +#define VIRTIO_CRYPTO_SERVICE_HASH (1) /* HASH service */ > +#define VIRTIO_CRYPTO_SERVICE_MAC(2) /* MAC (Message Authentication > Codes) service */ > +#define VIRTIO_CRYPTO_SERVICE_AEAD (3) /* AEAD (Authenticated Encryption > with Associated Data) service */ > +\end{lstlisting} > + > +The last driver-read-only fields specify detailed algorithms masks > +the device offers for corresponding services. The following CIPHER algorithms >
[Qemu-devel] [PATCH v10 1/2] virtio-crypto: Add virtio crypto device specification
The virtio crypto device is a virtual crypto device (ie. hardware crypto accelerator card). The virtio crypto device can provide five crypto services: CIPHER, MAC, HASH, AEAD, KDF, ASYM, PRIMITIVE. In this patch, CIPHER, MAC, HASH, AEAD services are introduced. Signed-off-by: GongleiCC: Michael S. Tsirkin CC: Cornelia Huck CC: Stefan Hajnoczi CC: Lingli Deng CC: Jani Kokkonen CC: Ola Liljedahl CC: Varun Sethi CC: Zeng Xin CC: Keating Brian CC: Ma Liang J CC: Griffin John CC: Hanweidong CC: Mihai Claudiu Caraman --- content.tex | 2 + virtio-crypto.tex | 942 ++ 2 files changed, 944 insertions(+) create mode 100644 virtio-crypto.tex diff --git a/content.tex b/content.tex index 4b45678..ab75f78 100644 --- a/content.tex +++ b/content.tex @@ -5750,6 +5750,8 @@ descriptor for the \field{sense_len}, \field{residual}, \field{status_qualifier}, \field{status}, \field{response} and \field{sense} fields. +\input{virtio-crypto.tex} + \chapter{Reserved Feature Bits}\label{sec:Reserved Feature Bits} Currently there are three device-independent feature bits defined: diff --git a/virtio-crypto.tex b/virtio-crypto.tex new file mode 100644 index 000..ac1fc0a --- /dev/null +++ b/virtio-crypto.tex @@ -0,0 +1,942 @@ +\section{Crypto Device}\label{sec:Device Types / Crypto Device} + +The virtio crypto device is a virtual cryptography device as well as a kind of +virtual hardware accelerator for virtual machines. The encryption and +decryption requests are placed in the data queue and are ultimately handled by the +real crypto accelerators. The second queue is the control queue used to create +or destroy sessions for symmetric algorithms and will control some advanced +features in the future. The virtio crypto device provides seven crypto +services: CIPHER, MAC, HASH, AEAD, KDF, ASYM, and PRIMITIVE. + + +\subsection{Device ID}\label{sec:Device Types / Crypto Device / Device ID} + +20 + +\subsection{Virtqueues}\label{sec:Device Types / Crypto Device / Virtqueues} + +\begin{description} +\item[0] dataq1 +\item[\ldots] +\item[N-1] dataqN +\item[N] controlq +\end{description} + +N is set by \field{max_dataqueues}. + +\subsection{Feature bits}\label{sec:Device Types / Crypto Device / Feature bits} + None currently defined + +\subsection{Device configuration layout}\label{sec:Device Types / Crypto Device / Device configuration layout} + +The following driver-read-only configuration fields are defined: + +\begin{lstlisting} +struct virtio_crypto_config { +le32 status; +le32 max_dataqueues; +le32 crypto_services; +/* detailed algorithms mask */ +le32 cipher_algo_l; +le32 cipher_algo_h; +le32 hash_algo; +le32 mac_algo_l; +le32 mac_algo_h; +le32 asym_algo; +le32 kdf_algo; +le32 aead_algo; +le32 primitive_algo; +}; +\end{lstlisting} + +In the \field{status}, the value of the field is VIRTIO_CRYPTO_S_HW_READY or VIRTIO_CRYPTO_S_STARTED. + +\begin{lstlisting} +#define VIRTIO_CRYPTO_S_HW_READY (1 << 0) +#define VIRTIO_CRYPTO_S_STARTED (1 << 1) +\end{lstlisting} + +The following driver-read-only fields include \field{max_dataqueues}, which specifies the +maximum number of data virtqueues (dataq1\ldots dataqN), and \field{crypto_services}, +which indicates the crypto service the virtio crypto supports. + +The following services are defined: + +\begin{lstlisting} +#define VIRTIO_CRYPTO_SERVICE_CIPHER (0) /* CIPHER service */ +#define VIRTIO_CRYPTO_SERVICE_HASH (1) /* HASH service */ +#define VIRTIO_CRYPTO_SERVICE_MAC(2) /* MAC (Message Authentication Codes) service */ +#define VIRTIO_CRYPTO_SERVICE_AEAD (3) /* AEAD (Authenticated Encryption with Associated Data) service */ +\end{lstlisting} + +The last driver-read-only fields specify detailed algorithms masks +the device offers for corresponding services. The following CIPHER algorithms +are defined: + +\begin{lstlisting} +#define VIRTIO_CRYPTO_NO_CIPHER 0 +#define VIRTIO_CRYPTO_CIPHER_ARC4 1 +#define VIRTIO_CRYPTO_CIPHER_AES_ECB2 +#define VIRTIO_CRYPTO_CIPHER_AES_CBC3 +#define VIRTIO_CRYPTO_CIPHER_AES_CTR4 +#define VIRTIO_CRYPTO_CIPHER_DES_ECB5 +#define VIRTIO_CRYPTO_CIPHER_DES_CBC6 +#define VIRTIO_CRYPTO_CIPHER_3DES_ECB 7 +#define VIRTIO_CRYPTO_CIPHER_3DES_CBC 8 +#define VIRTIO_CRYPTO_CIPHER_3DES_CTR 9 +#define VIRTIO_CRYPTO_CIPHER_KASUMI_F8 10 +#define VIRTIO_CRYPTO_CIPHER_SNOW3G_UEA211 +#define VIRTIO_CRYPTO_CIPHER_AES_F8 12 +#define