Re: Re: [PATCH v3 1/6] virtio-crypto: header update
On 3/23/22 23:38, Daniel P. Berrangé wrote: On Wed, Mar 23, 2022 at 10:49:07AM +0800, zhenwei pi wrote: Update header from linux, support akcipher service. I'm assuming this is updated for *non-merged* Linux headers, since I don't see these changes present in current linux.git Hi, The related context link: https://lkml.org/lkml/2022/3/1/1425 - The virtio crypto spec is the first part. It will be deferred to 1.3. The latest version: https://www.oasis-open.org/committees/ballot.php?id=3681 (need put "__le32 akcipher_algo;" instead of "__le32 reserve;" and repost) - According to the spec, then we can define the linux headers. (depend on the spec) - Update the header file for QEMU. (depend on the linux headers) All the parts are in development. -- zhenwei pi ___ Virtualization mailing list Virtualization@lists.linux-foundation.org https://lists.linuxfoundation.org/mailman/listinfo/virtualization
Re: [PATCH v3 1/6] virtio-crypto: header update
On Wed, Mar 23, 2022 at 10:49:07AM +0800, zhenwei pi wrote: > Update header from linux, support akcipher service. I'm assuming this is updated for *non-merged* Linux headers, since I don't see these changes present in current linux.git > > Reviewed-by: Gonglei > Signed-off-by: lei he > Signed-off-by: zhenwei pi > --- > .../standard-headers/linux/virtio_crypto.h| 82 ++- > 1 file changed, 81 insertions(+), 1 deletion(-) > > diff --git a/include/standard-headers/linux/virtio_crypto.h > b/include/standard-headers/linux/virtio_crypto.h > index 5ff0b4ee59..68066dafb6 100644 > --- a/include/standard-headers/linux/virtio_crypto.h > +++ b/include/standard-headers/linux/virtio_crypto.h > @@ -37,6 +37,7 @@ > #define VIRTIO_CRYPTO_SERVICE_HASH 1 > #define VIRTIO_CRYPTO_SERVICE_MAC2 > #define VIRTIO_CRYPTO_SERVICE_AEAD 3 > +#define VIRTIO_CRYPTO_SERVICE_AKCIPHER 4 > > #define VIRTIO_CRYPTO_OPCODE(service, op) (((service) << 8) | (op)) > > @@ -57,6 +58,10 @@ struct virtio_crypto_ctrl_header { > VIRTIO_CRYPTO_OPCODE(VIRTIO_CRYPTO_SERVICE_AEAD, 0x02) > #define VIRTIO_CRYPTO_AEAD_DESTROY_SESSION \ > VIRTIO_CRYPTO_OPCODE(VIRTIO_CRYPTO_SERVICE_AEAD, 0x03) > +#define VIRTIO_CRYPTO_AKCIPHER_CREATE_SESSION \ > +VIRTIO_CRYPTO_OPCODE(VIRTIO_CRYPTO_SERVICE_AKCIPHER, 0x04) > +#define VIRTIO_CRYPTO_AKCIPHER_DESTROY_SESSION \ > +VIRTIO_CRYPTO_OPCODE(VIRTIO_CRYPTO_SERVICE_AKCIPHER, 0x05) > uint32_t opcode; > uint32_t algo; > uint32_t flag; > @@ -180,6 +185,58 @@ struct virtio_crypto_aead_create_session_req { > uint8_t padding[32]; > }; > > +struct virtio_crypto_rsa_session_para { > +#define VIRTIO_CRYPTO_RSA_RAW_PADDING 0 > +#define VIRTIO_CRYPTO_RSA_PKCS1_PADDING 1 > + uint32_t padding_algo; > + > +#define VIRTIO_CRYPTO_RSA_NO_HASH 0 > +#define VIRTIO_CRYPTO_RSA_MD2 1 > +#define VIRTIO_CRYPTO_RSA_MD3 2 > +#define VIRTIO_CRYPTO_RSA_MD4 3 > +#define VIRTIO_CRYPTO_RSA_MD5 4 > +#define VIRTIO_CRYPTO_RSA_SHA1 5 Do we really need to be adding support for all these obsolete hash functions. Maybe SHA1 is borderline acceptable, but all those obsolete MD* functions too ?? > +#define VIRTIO_CRYPTO_RSA_SHA2566 > +#define VIRTIO_CRYPTO_RSA_SHA3847 > +#define VIRTIO_CRYPTO_RSA_SHA5128 > +#define VIRTIO_CRYPTO_RSA_SHA2249 > + uint32_t hash_algo; > +}; > + > +struct virtio_crypto_ecdsa_session_para { > +#define VIRTIO_CRYPTO_CURVE_UNKNOWN 0 > +#define VIRTIO_CRYPTO_CURVE_NIST_P192 1 > +#define VIRTIO_CRYPTO_CURVE_NIST_P224 2 > +#define VIRTIO_CRYPTO_CURVE_NIST_P256 3 > +#define VIRTIO_CRYPTO_CURVE_NIST_P384 4 > +#define VIRTIO_CRYPTO_CURVE_NIST_P521 5 > + uint32_t curve_id; > + uint32_t padding; > +}; > + > +struct virtio_crypto_akcipher_session_para { > +#define VIRTIO_CRYPTO_NO_AKCIPHER0 > +#define VIRTIO_CRYPTO_AKCIPHER_RSA 1 > +#define VIRTIO_CRYPTO_AKCIPHER_DSA 2 > +#define VIRTIO_CRYPTO_AKCIPHER_ECDSA 3 Here we have RSA, DSA and ECDSA, but the corresponding QEMU qapi/crypto.json doesn't define DSA at all. Is that a mistake on the QEMU side, or is the DSA support redundant ? > + uint32_t algo; > + > +#define VIRTIO_CRYPTO_AKCIPHER_KEY_TYPE_PUBLIC 1 > +#define VIRTIO_CRYPTO_AKCIPHER_KEY_TYPE_PRIVATE 2 > + uint32_t keytype; > + uint32_t keylen; > + > + union { > + struct virtio_crypto_rsa_session_para rsa; > + struct virtio_crypto_ecdsa_session_para ecdsa; > + } u; > +}; With regards, Daniel -- |: https://berrange.com -o-https://www.flickr.com/photos/dberrange :| |: https://libvirt.org -o-https://fstop138.berrange.com :| |: https://entangle-photo.org-o-https://www.instagram.com/dberrange :| ___ Virtualization mailing list Virtualization@lists.linux-foundation.org https://lists.linuxfoundation.org/mailman/listinfo/virtualization
[PATCH v3 1/6] virtio-crypto: header update
Update header from linux, support akcipher service. Reviewed-by: Gonglei Signed-off-by: lei he Signed-off-by: zhenwei pi --- .../standard-headers/linux/virtio_crypto.h| 82 ++- 1 file changed, 81 insertions(+), 1 deletion(-) diff --git a/include/standard-headers/linux/virtio_crypto.h b/include/standard-headers/linux/virtio_crypto.h index 5ff0b4ee59..68066dafb6 100644 --- a/include/standard-headers/linux/virtio_crypto.h +++ b/include/standard-headers/linux/virtio_crypto.h @@ -37,6 +37,7 @@ #define VIRTIO_CRYPTO_SERVICE_HASH 1 #define VIRTIO_CRYPTO_SERVICE_MAC2 #define VIRTIO_CRYPTO_SERVICE_AEAD 3 +#define VIRTIO_CRYPTO_SERVICE_AKCIPHER 4 #define VIRTIO_CRYPTO_OPCODE(service, op) (((service) << 8) | (op)) @@ -57,6 +58,10 @@ struct virtio_crypto_ctrl_header { VIRTIO_CRYPTO_OPCODE(VIRTIO_CRYPTO_SERVICE_AEAD, 0x02) #define VIRTIO_CRYPTO_AEAD_DESTROY_SESSION \ VIRTIO_CRYPTO_OPCODE(VIRTIO_CRYPTO_SERVICE_AEAD, 0x03) +#define VIRTIO_CRYPTO_AKCIPHER_CREATE_SESSION \ + VIRTIO_CRYPTO_OPCODE(VIRTIO_CRYPTO_SERVICE_AKCIPHER, 0x04) +#define VIRTIO_CRYPTO_AKCIPHER_DESTROY_SESSION \ + VIRTIO_CRYPTO_OPCODE(VIRTIO_CRYPTO_SERVICE_AKCIPHER, 0x05) uint32_t opcode; uint32_t algo; uint32_t flag; @@ -180,6 +185,58 @@ struct virtio_crypto_aead_create_session_req { uint8_t padding[32]; }; +struct virtio_crypto_rsa_session_para { +#define VIRTIO_CRYPTO_RSA_RAW_PADDING 0 +#define VIRTIO_CRYPTO_RSA_PKCS1_PADDING 1 + uint32_t padding_algo; + +#define VIRTIO_CRYPTO_RSA_NO_HASH 0 +#define VIRTIO_CRYPTO_RSA_MD2 1 +#define VIRTIO_CRYPTO_RSA_MD3 2 +#define VIRTIO_CRYPTO_RSA_MD4 3 +#define VIRTIO_CRYPTO_RSA_MD5 4 +#define VIRTIO_CRYPTO_RSA_SHA1 5 +#define VIRTIO_CRYPTO_RSA_SHA2566 +#define VIRTIO_CRYPTO_RSA_SHA3847 +#define VIRTIO_CRYPTO_RSA_SHA5128 +#define VIRTIO_CRYPTO_RSA_SHA2249 + uint32_t hash_algo; +}; + +struct virtio_crypto_ecdsa_session_para { +#define VIRTIO_CRYPTO_CURVE_UNKNOWN 0 +#define VIRTIO_CRYPTO_CURVE_NIST_P192 1 +#define VIRTIO_CRYPTO_CURVE_NIST_P224 2 +#define VIRTIO_CRYPTO_CURVE_NIST_P256 3 +#define VIRTIO_CRYPTO_CURVE_NIST_P384 4 +#define VIRTIO_CRYPTO_CURVE_NIST_P521 5 + uint32_t curve_id; + uint32_t padding; +}; + +struct virtio_crypto_akcipher_session_para { +#define VIRTIO_CRYPTO_NO_AKCIPHER0 +#define VIRTIO_CRYPTO_AKCIPHER_RSA 1 +#define VIRTIO_CRYPTO_AKCIPHER_DSA 2 +#define VIRTIO_CRYPTO_AKCIPHER_ECDSA 3 + uint32_t algo; + +#define VIRTIO_CRYPTO_AKCIPHER_KEY_TYPE_PUBLIC 1 +#define VIRTIO_CRYPTO_AKCIPHER_KEY_TYPE_PRIVATE 2 + uint32_t keytype; + uint32_t keylen; + + union { + struct virtio_crypto_rsa_session_para rsa; + struct virtio_crypto_ecdsa_session_para ecdsa; + } u; +}; + +struct virtio_crypto_akcipher_create_session_req { + struct virtio_crypto_akcipher_session_para para; + uint8_t padding[36]; +}; + struct virtio_crypto_alg_chain_session_para { #define VIRTIO_CRYPTO_SYM_ALG_CHAIN_ORDER_HASH_THEN_CIPHER 1 #define VIRTIO_CRYPTO_SYM_ALG_CHAIN_ORDER_CIPHER_THEN_HASH 2 @@ -247,6 +304,8 @@ struct virtio_crypto_op_ctrl_req { mac_create_session; struct virtio_crypto_aead_create_session_req aead_create_session; + struct virtio_crypto_akcipher_create_session_req + akcipher_create_session; struct virtio_crypto_destroy_session_req destroy_session; uint8_t padding[56]; @@ -266,6 +325,14 @@ struct virtio_crypto_op_header { VIRTIO_CRYPTO_OPCODE(VIRTIO_CRYPTO_SERVICE_AEAD, 0x00) #define VIRTIO_CRYPTO_AEAD_DECRYPT \ VIRTIO_CRYPTO_OPCODE(VIRTIO_CRYPTO_SERVICE_AEAD, 0x01) +#define VIRTIO_CRYPTO_AKCIPHER_ENCRYPT \ + VIRTIO_CRYPTO_OPCODE(VIRTIO_CRYPTO_SERVICE_AKCIPHER, 0x00) +#define VIRTIO_CRYPTO_AKCIPHER_DECRYPT \ + VIRTIO_CRYPTO_OPCODE(VIRTIO_CRYPTO_SERVICE_AKCIPHER, 0x01) +#define VIRTIO_CRYPTO_AKCIPHER_SIGN \ + VIRTIO_CRYPTO_OPCODE(VIRTIO_CRYPTO_SERVICE_AKCIPHER, 0x02) +#define VIRTIO_CRYPTO_AKCIPHER_VERIFY \ + VIRTIO_CRYPTO_OPCODE(VIRTIO_CRYPTO_SERVICE_AKCIPHER, 0x03) uint32_t opcode; /* algo should be service-specific algorithms */ uint32_t algo; @@ -390,6 +457,16 @@ struct virtio_crypto_aead_data_req { uint8_t padding[32]; }; +struct virtio_crypto_akcipher_para { + uint32_t src_data_len; + uint32_t dst_data_len; +}; + +struct virtio_crypto_akcipher_data_req { + struct virtio_crypto_akcipher_para para; + uint8_t padding[40]; +}; + /* The request of the data virtqueue's packet */ struct virtio_crypto_op_data_req { struct virtio_crypto_op_header header; @@ -399,6 +476,7 @@ struct virtio_crypto_op_data_req { struct virtio_crypto_hash_data_req hash_req;