subject:"\[Qemu\-devel\] \[PATCH v10 1\/2\] virtio\-crypto\: Add virtio crypto device specification"

Re: [Qemu-devel] [PATCH v10 1/2] virtio-crypto: Add virtio crypto device specification

2016-09-20 Thread Michael S. Tsirkin

On Tue, Sep 20, 2016 at 05:46:01PM +0800, Gonglei wrote:
> The virtio crypto device is a virtual crypto device (ie. hardware
> crypto accelerator card). The virtio crypto device can provide
> five crypto services: CIPHER, MAC, HASH, AEAD, KDF, ASYM, PRIMITIVE.

Only CIPHER, MAC, HASH, AEAD are documented at this point.
Let's drop others for now?


> 
> In this patch, CIPHER, MAC, HASH, AEAD services are introduced.
> 
> Signed-off-by: Gonglei 
> CC: Michael S. Tsirkin 
> CC: Cornelia Huck 
> CC: Stefan Hajnoczi 
> CC: Lingli Deng 
> CC: Jani Kokkonen 
> CC: Ola Liljedahl 
> CC: Varun Sethi 
> CC: Zeng Xin 
> CC: Keating Brian 
> CC: Ma Liang J 
> CC: Griffin John 
> CC: Hanweidong 
> CC: Mihai Claudiu Caraman 
> ---
>  content.tex   |   2 +
>  virtio-crypto.tex | 942 
> ++
>  2 files changed, 944 insertions(+)
>  create mode 100644 virtio-crypto.tex
> 
> diff --git a/content.tex b/content.tex
> index 4b45678..ab75f78 100644
> --- a/content.tex
> +++ b/content.tex
> @@ -5750,6 +5750,8 @@ descriptor for the \field{sense_len}, \field{residual},
>  \field{status_qualifier}, \field{status}, \field{response} and
>  \field{sense} fields.
>  
> +\input{virtio-crypto.tex}
> +
>  \chapter{Reserved Feature Bits}\label{sec:Reserved Feature Bits}
>  
>  Currently there are three device-independent feature bits defined:
> diff --git a/virtio-crypto.tex b/virtio-crypto.tex
> new file mode 100644
> index 000..ac1fc0a
> --- /dev/null
> +++ b/virtio-crypto.tex
> @@ -0,0 +1,942 @@
> +\section{Crypto Device}\label{sec:Device Types / Crypto Device}
> +
> +The virtio crypto device is a virtual cryptography device as well as a kind 
> of
> +virtual hardware accelerator for virtual machines. The encryption and
> +decryption requests are placed in the data queue and are ultimately handled 
> by the
> +real crypto accelerators.

I would like "real" to be renamed "backend".

> The second queue is the control queue used to create 
> +or destroy sessions for symmetric algorithms and will control some advanced
> +features in the future. The virtio crypto device provides seven crypto
> +services: CIPHER, MAC, HASH, AEAD, KDF, ASYM, and PRIMITIVE.
> +
> +
> +\subsection{Device ID}\label{sec:Device Types / Crypto Device / Device ID}
> +
> +20
> +
> +\subsection{Virtqueues}\label{sec:Device Types / Crypto Device / Virtqueues}
> +
> +\begin{description}
> +\item[0] dataq1
> +\item[\ldots]
> +\item[N-1] dataqN
> +\item[N] controlq
> +\end{description}
> +
> +N is set by \field{max_dataqueues}.
> +
> +\subsection{Feature bits}\label{sec:Device Types / Crypto Device / Feature 
> bits}
> +  None currently defined
> +
> +\subsection{Device configuration layout}\label{sec:Device Types / Crypto 
> Device / Device configuration layout}
> +
> +The following driver-read-only configuration fields are defined:
> +
> +\begin{lstlisting}
> +struct virtio_crypto_config {
> +le32  status;
> +le32  max_dataqueues;

Is this just num_queues - 1?
Why isn't the generic num_queues sufficient?


> +le32  crypto_services;

Would it make sense to use feature bits for this instead?
Looks like that you need to add algo masks when
adding services, and tying config space fields
to features  is well supported by guests.

> +/* detailed algorithms mask */
> +le32 cipher_algo_l;
> +le32 cipher_algo_h;
> +le32 hash_algo;
> +le32 mac_algo_l;
> +le32 mac_algo_h;
> +le32 asym_algo;
> +le32 kdf_algo;
> +le32 aead_algo;
> +le32 primitive_algo;
> +};
> +\end{lstlisting}
> +
> +In the \field{status}, the value of the field is VIRTIO_CRYPTO_S_HW_READY or 
> VIRTIO_CRYPTO_S_STARTED.
> +
> +\begin{lstlisting}
> +#define VIRTIO_CRYPTO_S_HW_READY  (1 << 0)
> +#define VIRTIO_CRYPTO_S_STARTED  (1 << 1)
> +\end{lstlisting}
> +
> +The following driver-read-only fields include \field{max_dataqueues}, which 
> specifies the
> +maximum number of data virtqueues (dataq1\ldots dataqN), and 
> \field{crypto_services},
> +which indicates the crypto service the virtio crypto supports.
> +
> +The following services are defined:
> +
> +\begin{lstlisting}
> +#define VIRTIO_CRYPTO_SERVICE_CIPHER (0) /* CIPHER service */
> +#define VIRTIO_CRYPTO_SERVICE_HASH   (1) /* HASH service */
> +#define VIRTIO_CRYPTO_SERVICE_MAC(2) /* MAC (Message Authentication 
> Codes) service */
> +#define VIRTIO_CRYPTO_SERVICE_AEAD   (3) /* AEAD (Authenticated Encryption 
> with Associated Data) service */
> +\end{lstlisting}
> +
> +The last driver-read-only fields specify detailed algorithms masks 
> +the device offers for corresponding services. The following CIPHER algorithms
>

[Qemu-devel] [PATCH v10 1/2] virtio-crypto: Add virtio crypto device specification

2016-09-20 Thread Gonglei

The virtio crypto device is a virtual crypto device (ie. hardware
crypto accelerator card). The virtio crypto device can provide
five crypto services: CIPHER, MAC, HASH, AEAD, KDF, ASYM, PRIMITIVE.

In this patch, CIPHER, MAC, HASH, AEAD services are introduced.

Signed-off-by: Gonglei 
CC: Michael S. Tsirkin 
CC: Cornelia Huck 
CC: Stefan Hajnoczi 
CC: Lingli Deng 
CC: Jani Kokkonen 
CC: Ola Liljedahl 
CC: Varun Sethi 
CC: Zeng Xin 
CC: Keating Brian 
CC: Ma Liang J 
CC: Griffin John 
CC: Hanweidong 
CC: Mihai Claudiu Caraman 
---
 content.tex   |   2 +
 virtio-crypto.tex | 942 ++
 2 files changed, 944 insertions(+)
 create mode 100644 virtio-crypto.tex

diff --git a/content.tex b/content.tex
index 4b45678..ab75f78 100644
--- a/content.tex
+++ b/content.tex
@@ -5750,6 +5750,8 @@ descriptor for the \field{sense_len}, \field{residual},
 \field{status_qualifier}, \field{status}, \field{response} and
 \field{sense} fields.
 
+\input{virtio-crypto.tex}
+
 \chapter{Reserved Feature Bits}\label{sec:Reserved Feature Bits}
 
 Currently there are three device-independent feature bits defined:
diff --git a/virtio-crypto.tex b/virtio-crypto.tex
new file mode 100644
index 000..ac1fc0a
--- /dev/null
+++ b/virtio-crypto.tex
@@ -0,0 +1,942 @@
+\section{Crypto Device}\label{sec:Device Types / Crypto Device}
+
+The virtio crypto device is a virtual cryptography device as well as a kind of
+virtual hardware accelerator for virtual machines. The encryption and
+decryption requests are placed in the data queue and are ultimately handled by 
the
+real crypto accelerators. The second queue is the control queue used to create 
+or destroy sessions for symmetric algorithms and will control some advanced
+features in the future. The virtio crypto device provides seven crypto
+services: CIPHER, MAC, HASH, AEAD, KDF, ASYM, and PRIMITIVE.
+
+
+\subsection{Device ID}\label{sec:Device Types / Crypto Device / Device ID}
+
+20
+
+\subsection{Virtqueues}\label{sec:Device Types / Crypto Device / Virtqueues}
+
+\begin{description}
+\item[0] dataq1
+\item[\ldots]
+\item[N-1] dataqN
+\item[N] controlq
+\end{description}
+
+N is set by \field{max_dataqueues}.
+
+\subsection{Feature bits}\label{sec:Device Types / Crypto Device / Feature 
bits}
+  None currently defined
+
+\subsection{Device configuration layout}\label{sec:Device Types / Crypto 
Device / Device configuration layout}
+
+The following driver-read-only configuration fields are defined:
+
+\begin{lstlisting}
+struct virtio_crypto_config {
+le32  status;
+le32  max_dataqueues;
+le32  crypto_services;
+/* detailed algorithms mask */
+le32 cipher_algo_l;
+le32 cipher_algo_h;
+le32 hash_algo;
+le32 mac_algo_l;
+le32 mac_algo_h;
+le32 asym_algo;
+le32 kdf_algo;
+le32 aead_algo;
+le32 primitive_algo;
+};
+\end{lstlisting}
+
+In the \field{status}, the value of the field is VIRTIO_CRYPTO_S_HW_READY or 
VIRTIO_CRYPTO_S_STARTED.
+
+\begin{lstlisting}
+#define VIRTIO_CRYPTO_S_HW_READY  (1 << 0)
+#define VIRTIO_CRYPTO_S_STARTED  (1 << 1)
+\end{lstlisting}
+
+The following driver-read-only fields include \field{max_dataqueues}, which 
specifies the
+maximum number of data virtqueues (dataq1\ldots dataqN), and 
\field{crypto_services},
+which indicates the crypto service the virtio crypto supports.
+
+The following services are defined:
+
+\begin{lstlisting}
+#define VIRTIO_CRYPTO_SERVICE_CIPHER (0) /* CIPHER service */
+#define VIRTIO_CRYPTO_SERVICE_HASH   (1) /* HASH service */
+#define VIRTIO_CRYPTO_SERVICE_MAC(2) /* MAC (Message Authentication Codes) 
service */
+#define VIRTIO_CRYPTO_SERVICE_AEAD   (3) /* AEAD (Authenticated Encryption 
with Associated Data) service */
+\end{lstlisting}
+
+The last driver-read-only fields specify detailed algorithms masks 
+the device offers for corresponding services. The following CIPHER algorithms
+are defined:
+
+\begin{lstlisting}
+#define VIRTIO_CRYPTO_NO_CIPHER 0
+#define VIRTIO_CRYPTO_CIPHER_ARC4   1
+#define VIRTIO_CRYPTO_CIPHER_AES_ECB2
+#define VIRTIO_CRYPTO_CIPHER_AES_CBC3
+#define VIRTIO_CRYPTO_CIPHER_AES_CTR4
+#define VIRTIO_CRYPTO_CIPHER_DES_ECB5
+#define VIRTIO_CRYPTO_CIPHER_DES_CBC6
+#define VIRTIO_CRYPTO_CIPHER_3DES_ECB   7
+#define VIRTIO_CRYPTO_CIPHER_3DES_CBC   8
+#define VIRTIO_CRYPTO_CIPHER_3DES_CTR   9
+#define VIRTIO_CRYPTO_CIPHER_KASUMI_F8  10
+#define VIRTIO_CRYPTO_CIPHER_SNOW3G_UEA211
+#define VIRTIO_CRYPTO_CIPHER_AES_F8 12
+#define

Re: [Qemu-devel] [PATCH v10 1/2] virtio-crypto: Add virtio crypto device specification

[Qemu-devel] [PATCH v10 1/2] virtio-crypto: Add virtio crypto device specification

2 matches

Site Navigation

Mail list logo

Footer information