| Message ID | 20220121022438.1042547-3-pizhenwei@bytedance.com (mailing list archive) |
|---|---|
| State | Changes Requested |
| Delegated to: | Herbert Xu |
| Headers | show |
| Series | Introduce akcipher service for virtio-crypto | expand |
> -----Original Message----- > From: zhenwei pi [mailto:pizhenwei@bytedance.com] > Sent: Friday, January 21, 2022 10:25 AM > To: mst@redhat.com; Gonglei (Arei) <arei.gonglei@huawei.com> > Cc: jasowang@redhat.com; virtualization@lists.linux-foundation.org; > linux-crypto@vger.kernel.org; linux-kernel@vger.kernel.org; > helei.sig11@bytedance.com; zhenwei pi <pizhenwei@bytedance.com> > Subject: [PATCH 2/3] virtio-crypto: introduce akcipher service > > Introduce asymmetric service definition, asymmetric operations and several well > known algorithms. > > Co-developed-by: lei he <helei.sig11@bytedance.com> > Signed-off-by: lei he <helei.sig11@bytedance.com> > Signed-off-by: zhenwei pi <pizhenwei@bytedance.com> > --- > include/uapi/linux/virtio_crypto.h | 99 +++++++++++++++++++++++++++--- > 1 file changed, 89 insertions(+), 10 deletions(-) > > diff --git a/include/uapi/linux/virtio_crypto.h > b/include/uapi/linux/virtio_crypto.h > index 1166a49084b0..050578d61d85 100644 > --- a/include/uapi/linux/virtio_crypto.h > +++ b/include/uapi/linux/virtio_crypto.h > @@ -33,10 +33,11 @@ > #include <linux/virtio_config.h> > > > -#define VIRTIO_CRYPTO_SERVICE_CIPHER 0 > -#define VIRTIO_CRYPTO_SERVICE_HASH 1 > -#define VIRTIO_CRYPTO_SERVICE_MAC 2 > -#define VIRTIO_CRYPTO_SERVICE_AEAD 3 > +#define VIRTIO_CRYPTO_SERVICE_CIPHER 0 > +#define VIRTIO_CRYPTO_SERVICE_HASH 1 > +#define VIRTIO_CRYPTO_SERVICE_MAC 2 > +#define VIRTIO_CRYPTO_SERVICE_AEAD 3 > +#define VIRTIO_CRYPTO_SERVICE_AKCIPHER 4 > Only need to add the last line Pls. > #define VIRTIO_CRYPTO_OPCODE(service, op) (((service) << 8) | (op)) > > @@ -57,6 +58,10 @@ struct virtio_crypto_ctrl_header { > VIRTIO_CRYPTO_OPCODE(VIRTIO_CRYPTO_SERVICE_AEAD, 0x02) > #define VIRTIO_CRYPTO_AEAD_DESTROY_SESSION \ > VIRTIO_CRYPTO_OPCODE(VIRTIO_CRYPTO_SERVICE_AEAD, 0x03) > +#define VIRTIO_CRYPTO_AKCIPHER_CREATE_SESSION \ > + VIRTIO_CRYPTO_OPCODE(VIRTIO_CRYPTO_SERVICE_AKCIPHER, 0x04) > #define > +VIRTIO_CRYPTO_AKCIPHER_DESTROY_SESSION \ > + VIRTIO_CRYPTO_OPCODE(VIRTIO_CRYPTO_SERVICE_AKCIPHER, 0x05) > __le32 opcode; > __le32 algo; > __le32 flag; > @@ -180,6 +185,57 @@ struct virtio_crypto_aead_create_session_req { > __u8 padding[32]; > }; > > +struct virtio_crypto_rsa_session_para { > +#define VIRTIO_CRYPTO_RSA_RAW_PADDING 0 > +#define VIRTIO_CRYPTO_RSA_PKCS1_PADDING 1 > + __le32 padding_algo; > + > +#define VIRTIO_CRYPTO_RSA_NO_HASH 0 > +#define VIRTIO_CRYPTO_RSA_MD2 1 > +#define VIRTIO_CRYPTO_RSA_MD3 2 > +#define VIRTIO_CRYPTO_RSA_MD4 3 > +#define VIRTIO_CRYPTO_RSA_MD5 4 > +#define VIRTIO_CRYPTO_RSA_SHA1 5 > +#define VIRTIO_CRYPTO_RSA_SHA256 6 > +#define VIRTIO_CRYPTO_RSA_SHA384 7 > +#define VIRTIO_CRYPTO_RSA_SHA512 8 > +#define VIRTIO_CRYPTO_RSA_SHA224 9 > + __le32 hash_algo; > +}; > + > +struct virtio_crypto_ecdsa_session_para { > +#define VIRTIO_CRYPTO_CURVE_UNKNOWN 0 > +#define VIRTIO_CRYPTO_CURVE_NIST_P192 1 #define > +VIRTIO_CRYPTO_CURVE_NIST_P224 2 #define > VIRTIO_CRYPTO_CURVE_NIST_P256 3 > +#define VIRTIO_CRYPTO_CURVE_NIST_P384 4 #define > +VIRTIO_CRYPTO_CURVE_NIST_P521 5 > + __le32 curve_id; > +}; > + 64-bit alignment is required. > +struct virtio_crypto_akcipher_session_para { > +#define VIRTIO_CRYPTO_NO_AKCIPHER 0 > +#define VIRTIO_CRYPTO_AKCIPHER_RSA 1 > +#define VIRTIO_CRYPTO_AKCIPHER_DSA 2 > +#define VIRTIO_CRYPTO_AKCIPHER_ECDSA 3 > + __le32 algo; > + > +#define VIRTIO_CRYPTO_AKCIPHER_KEY_TYPE_PUBLIC 1 #define > +VIRTIO_CRYPTO_AKCIPHER_KEY_TYPE_PRIVATE 2 > + __le32 keytype; > + __le32 keylen; > + > + union { > + struct virtio_crypto_rsa_session_para rsa; > + struct virtio_crypto_ecdsa_session_para ecdsa; > + } u; > +}; > + > +struct virtio_crypto_akcipher_create_session_req { > + struct virtio_crypto_akcipher_session_para para; > + __u8 padding[36]; > +}; > + > struct virtio_crypto_alg_chain_session_para { #define > VIRTIO_CRYPTO_SYM_ALG_CHAIN_ORDER_HASH_THEN_CIPHER 1 #define > VIRTIO_CRYPTO_SYM_ALG_CHAIN_ORDER_CIPHER_THEN_HASH 2 @@ -247,6 > +303,8 @@ struct virtio_crypto_op_ctrl_req { > mac_create_session; > struct virtio_crypto_aead_create_session_req > aead_create_session; > + struct virtio_crypto_akcipher_create_session_req > + akcipher_create_session; > struct virtio_crypto_destroy_session_req > destroy_session; > __u8 padding[56]; > @@ -266,6 +324,14 @@ struct virtio_crypto_op_header { > VIRTIO_CRYPTO_OPCODE(VIRTIO_CRYPTO_SERVICE_AEAD, 0x00) #define > VIRTIO_CRYPTO_AEAD_DECRYPT \ > VIRTIO_CRYPTO_OPCODE(VIRTIO_CRYPTO_SERVICE_AEAD, 0x01) > +#define VIRTIO_CRYPTO_AKCIPHER_ENCRYPT \ > + VIRTIO_CRYPTO_OPCODE(VIRTIO_CRYPTO_SERVICE_AKCIPHER, 0x00) > #define > +VIRTIO_CRYPTO_AKCIPHER_DECRYPT \ > + VIRTIO_CRYPTO_OPCODE(VIRTIO_CRYPTO_SERVICE_AKCIPHER, 0x01) > #define > +VIRTIO_CRYPTO_AKCIPHER_SIGN \ > + VIRTIO_CRYPTO_OPCODE(VIRTIO_CRYPTO_SERVICE_AKCIPHER, 0x02) > #define > +VIRTIO_CRYPTO_AKCIPHER_VERIFY \ > + VIRTIO_CRYPTO_OPCODE(VIRTIO_CRYPTO_SERVICE_AKCIPHER, 0x03) > __le32 opcode; > /* algo should be service-specific algorithms */ > __le32 algo; > @@ -390,6 +456,16 @@ struct virtio_crypto_aead_data_req { > __u8 padding[32]; > }; > > +struct virtio_crypto_akcipher_para { > + __le32 src_data_len; > + __le32 dst_data_len; > +}; > + > +struct virtio_crypto_akcipher_data_req { > + struct virtio_crypto_akcipher_para para; > + __u8 padding[40]; > +}; > + > /* The request of the data virtqueue's packet */ struct > virtio_crypto_op_data_req { > struct virtio_crypto_op_header header; @@ -399,16 +475,18 @@ struct > virtio_crypto_op_data_req { > struct virtio_crypto_hash_data_req hash_req; > struct virtio_crypto_mac_data_req mac_req; > struct virtio_crypto_aead_data_req aead_req; > + struct virtio_crypto_akcipher_data_req akcipher_req; > __u8 padding[48]; > } u; > }; > > -#define VIRTIO_CRYPTO_OK 0 > -#define VIRTIO_CRYPTO_ERR 1 > -#define VIRTIO_CRYPTO_BADMSG 2 > -#define VIRTIO_CRYPTO_NOTSUPP 3 > -#define VIRTIO_CRYPTO_INVSESS 4 /* Invalid session id */ > -#define VIRTIO_CRYPTO_NOSPC 5 /* no free session ID */ > +#define VIRTIO_CRYPTO_OK 0 > +#define VIRTIO_CRYPTO_ERR 1 > +#define VIRTIO_CRYPTO_BADMSG 2 > +#define VIRTIO_CRYPTO_NOTSUPP 3 > +#define VIRTIO_CRYPTO_INVSESS 4 /* Invalid session id */ > +#define VIRTIO_CRYPTO_NOSPC 5 /* no free session ID */ > +#define VIRTIO_CRYPTO_KEY_REJECTED 6 /* Signature verification failed > +*/ > Same above. Do not modify irrelevant information. > /* The accelerator hardware is ready */ #define > VIRTIO_CRYPTO_S_HW_READY (1 << 0) @@ -442,6 +520,7 @@ struct > virtio_crypto_config { > __le32 reserve; > /* Maximum size of each crypto request's content */ > __le64 max_size; > + __le32 akcipher_algo; > }; > You can use the reserve attribute. Keeping 64-bit aligned. > struct virtio_crypto_inhdr { > -- > 2.25.1
>> /* The accelerator hardware is ready */ #define >> VIRTIO_CRYPTO_S_HW_READY (1 << 0) @@ -442,6 +520,7 @@ struct >> virtio_crypto_config { >> __le32 reserve; >> /* Maximum size of each crypto request's content */ >> __le64 max_size; >> + __le32 akcipher_algo; >> }; >> > You can use the reserve attribute. Keeping 64-bit aligned. > >> struct virtio_crypto_inhdr { >> -- >> 2.25.1 > Can I use the "__le32 reserve;" field directly? struct virtio_crypto_config { /* See VIRTIO_CRYPTO_OP_* above */ __le32 status; /* * Maximum number of data queue */ __le32 max_dataqueues; /* * Specifies the services mask which the device support, * see VIRTIO_CRYPTO_SERVICE_* above */ __le32 crypto_services; /* Detailed algorithms mask */ __le32 cipher_algo_l; __le32 cipher_algo_h; __le32 hash_algo; __le32 mac_algo_l; __le32 mac_algo_h; __le32 aead_algo; /* Maximum length of cipher key */ __le32 max_cipher_key_len; /* Maximum length of authenticated key */ __le32 max_auth_key_len; __le32 reserve; --> __le32 akcipher_algo; /* Maximum size of each crypto request's content */ __le64 max_size; };
> -----Original Message----- > From: zhenwei pi [mailto:pizhenwei@bytedance.com] > Sent: Thursday, February 10, 2022 4:18 PM > To: Gonglei (Arei) <arei.gonglei@huawei.com> > Cc: jasowang@redhat.com; virtualization@lists.linux-foundation.org; > linux-crypto@vger.kernel.org; linux-kernel@vger.kernel.org; > helei.sig11@bytedance.com; mst@redhat.com > Subject: Re: RE: [PATCH 2/3] virtio-crypto: introduce akcipher service > > >> /* The accelerator hardware is ready */ #define > >> VIRTIO_CRYPTO_S_HW_READY (1 << 0) @@ -442,6 +520,7 @@ struct > >> virtio_crypto_config { > >> __le32 reserve; > >> /* Maximum size of each crypto request's content */ > >> __le64 max_size; > >> + __le32 akcipher_algo; > >> }; > >> > > You can use the reserve attribute. Keeping 64-bit aligned. > > > >> struct virtio_crypto_inhdr { > >> -- > >> 2.25.1 > > > > Can I use the "__le32 reserve;" field directly? > > struct virtio_crypto_config { > /* See VIRTIO_CRYPTO_OP_* above */ > __le32 status; > > /* > * Maximum number of data queue > */ > __le32 max_dataqueues; > > /* > * Specifies the services mask which the device support, > * see VIRTIO_CRYPTO_SERVICE_* above > */ > __le32 crypto_services; > > /* Detailed algorithms mask */ > __le32 cipher_algo_l; > __le32 cipher_algo_h; > __le32 hash_algo; > __le32 mac_algo_l; > __le32 mac_algo_h; > __le32 aead_algo; > /* Maximum length of cipher key */ > __le32 max_cipher_key_len; > /* Maximum length of authenticated key */ > __le32 max_auth_key_len; > __le32 reserve; --> __le32 akcipher_algo; > /* Maximum size of each crypto request's content */ > __le64 max_size; > }; > Yes, I think so. Otherwise you will add other reserved field :( Regards, -Gonglei
diff --git a/include/uapi/linux/virtio_crypto.h b/include/uapi/linux/virtio_crypto.h index 1166a49084b0..050578d61d85 100644 --- a/include/uapi/linux/virtio_crypto.h +++ b/include/uapi/linux/virtio_crypto.h @@ -33,10 +33,11 @@ #include <linux/virtio_config.h> -#define VIRTIO_CRYPTO_SERVICE_CIPHER 0 -#define VIRTIO_CRYPTO_SERVICE_HASH 1 -#define VIRTIO_CRYPTO_SERVICE_MAC 2 -#define VIRTIO_CRYPTO_SERVICE_AEAD 3 +#define VIRTIO_CRYPTO_SERVICE_CIPHER 0 +#define VIRTIO_CRYPTO_SERVICE_HASH 1 +#define VIRTIO_CRYPTO_SERVICE_MAC 2 +#define VIRTIO_CRYPTO_SERVICE_AEAD 3 +#define VIRTIO_CRYPTO_SERVICE_AKCIPHER 4 #define VIRTIO_CRYPTO_OPCODE(service, op) (((service) << 8) | (op)) @@ -57,6 +58,10 @@ struct virtio_crypto_ctrl_header { VIRTIO_CRYPTO_OPCODE(VIRTIO_CRYPTO_SERVICE_AEAD, 0x02) #define VIRTIO_CRYPTO_AEAD_DESTROY_SESSION \ VIRTIO_CRYPTO_OPCODE(VIRTIO_CRYPTO_SERVICE_AEAD, 0x03) +#define VIRTIO_CRYPTO_AKCIPHER_CREATE_SESSION \ + VIRTIO_CRYPTO_OPCODE(VIRTIO_CRYPTO_SERVICE_AKCIPHER, 0x04) +#define VIRTIO_CRYPTO_AKCIPHER_DESTROY_SESSION \ + VIRTIO_CRYPTO_OPCODE(VIRTIO_CRYPTO_SERVICE_AKCIPHER, 0x05) __le32 opcode; __le32 algo; __le32 flag; @@ -180,6 +185,57 @@ struct virtio_crypto_aead_create_session_req { __u8 padding[32]; }; +struct virtio_crypto_rsa_session_para { +#define VIRTIO_CRYPTO_RSA_RAW_PADDING 0 +#define VIRTIO_CRYPTO_RSA_PKCS1_PADDING 1 + __le32 padding_algo; + +#define VIRTIO_CRYPTO_RSA_NO_HASH 0 +#define VIRTIO_CRYPTO_RSA_MD2 1 +#define VIRTIO_CRYPTO_RSA_MD3 2 +#define VIRTIO_CRYPTO_RSA_MD4 3 +#define VIRTIO_CRYPTO_RSA_MD5 4 +#define VIRTIO_CRYPTO_RSA_SHA1 5 +#define VIRTIO_CRYPTO_RSA_SHA256 6 +#define VIRTIO_CRYPTO_RSA_SHA384 7 +#define VIRTIO_CRYPTO_RSA_SHA512 8 +#define VIRTIO_CRYPTO_RSA_SHA224 9 + __le32 hash_algo; +}; + +struct virtio_crypto_ecdsa_session_para { +#define VIRTIO_CRYPTO_CURVE_UNKNOWN 0 +#define VIRTIO_CRYPTO_CURVE_NIST_P192 1 +#define VIRTIO_CRYPTO_CURVE_NIST_P224 2 +#define VIRTIO_CRYPTO_CURVE_NIST_P256 3 +#define VIRTIO_CRYPTO_CURVE_NIST_P384 4 +#define VIRTIO_CRYPTO_CURVE_NIST_P521 5 + __le32 curve_id; +}; + +struct virtio_crypto_akcipher_session_para { +#define VIRTIO_CRYPTO_NO_AKCIPHER 0 +#define VIRTIO_CRYPTO_AKCIPHER_RSA 1 +#define VIRTIO_CRYPTO_AKCIPHER_DSA 2 +#define VIRTIO_CRYPTO_AKCIPHER_ECDSA 3 + __le32 algo; + +#define VIRTIO_CRYPTO_AKCIPHER_KEY_TYPE_PUBLIC 1 +#define VIRTIO_CRYPTO_AKCIPHER_KEY_TYPE_PRIVATE 2 + __le32 keytype; + __le32 keylen; + + union { + struct virtio_crypto_rsa_session_para rsa; + struct virtio_crypto_ecdsa_session_para ecdsa; + } u; +}; + +struct virtio_crypto_akcipher_create_session_req { + struct virtio_crypto_akcipher_session_para para; + __u8 padding[36]; +}; + struct virtio_crypto_alg_chain_session_para { #define VIRTIO_CRYPTO_SYM_ALG_CHAIN_ORDER_HASH_THEN_CIPHER 1 #define VIRTIO_CRYPTO_SYM_ALG_CHAIN_ORDER_CIPHER_THEN_HASH 2 @@ -247,6 +303,8 @@ struct virtio_crypto_op_ctrl_req { mac_create_session; struct virtio_crypto_aead_create_session_req aead_create_session; + struct virtio_crypto_akcipher_create_session_req + akcipher_create_session; struct virtio_crypto_destroy_session_req destroy_session; __u8 padding[56]; @@ -266,6 +324,14 @@ struct virtio_crypto_op_header { VIRTIO_CRYPTO_OPCODE(VIRTIO_CRYPTO_SERVICE_AEAD, 0x00) #define VIRTIO_CRYPTO_AEAD_DECRYPT \ VIRTIO_CRYPTO_OPCODE(VIRTIO_CRYPTO_SERVICE_AEAD, 0x01) +#define VIRTIO_CRYPTO_AKCIPHER_ENCRYPT \ + VIRTIO_CRYPTO_OPCODE(VIRTIO_CRYPTO_SERVICE_AKCIPHER, 0x00) +#define VIRTIO_CRYPTO_AKCIPHER_DECRYPT \ + VIRTIO_CRYPTO_OPCODE(VIRTIO_CRYPTO_SERVICE_AKCIPHER, 0x01) +#define VIRTIO_CRYPTO_AKCIPHER_SIGN \ + VIRTIO_CRYPTO_OPCODE(VIRTIO_CRYPTO_SERVICE_AKCIPHER, 0x02) +#define VIRTIO_CRYPTO_AKCIPHER_VERIFY \ + VIRTIO_CRYPTO_OPCODE(VIRTIO_CRYPTO_SERVICE_AKCIPHER, 0x03) __le32 opcode; /* algo should be service-specific algorithms */ __le32 algo; @@ -390,6 +456,16 @@ struct virtio_crypto_aead_data_req { __u8 padding[32]; }; +struct virtio_crypto_akcipher_para { + __le32 src_data_len; + __le32 dst_data_len; +}; + +struct virtio_crypto_akcipher_data_req { + struct virtio_crypto_akcipher_para para; + __u8 padding[40]; +}; + /* The request of the data virtqueue's packet */ struct virtio_crypto_op_data_req { struct virtio_crypto_op_header header; @@ -399,16 +475,18 @@ struct virtio_crypto_op_data_req { struct virtio_crypto_hash_data_req hash_req; struct virtio_crypto_mac_data_req mac_req; struct virtio_crypto_aead_data_req aead_req; + struct virtio_crypto_akcipher_data_req akcipher_req; __u8 padding[48]; } u; }; -#define VIRTIO_CRYPTO_OK 0 -#define VIRTIO_CRYPTO_ERR 1 -#define VIRTIO_CRYPTO_BADMSG 2 -#define VIRTIO_CRYPTO_NOTSUPP 3 -#define VIRTIO_CRYPTO_INVSESS 4 /* Invalid session id */ -#define VIRTIO_CRYPTO_NOSPC 5 /* no free session ID */ +#define VIRTIO_CRYPTO_OK 0 +#define VIRTIO_CRYPTO_ERR 1 +#define VIRTIO_CRYPTO_BADMSG 2 +#define VIRTIO_CRYPTO_NOTSUPP 3 +#define VIRTIO_CRYPTO_INVSESS 4 /* Invalid session id */ +#define VIRTIO_CRYPTO_NOSPC 5 /* no free session ID */ +#define VIRTIO_CRYPTO_KEY_REJECTED 6 /* Signature verification failed */ /* The accelerator hardware is ready */ #define VIRTIO_CRYPTO_S_HW_READY (1 << 0) @@ -442,6 +520,7 @@ struct virtio_crypto_config { __le32 reserve; /* Maximum size of each crypto request's content */ __le64 max_size; + __le32 akcipher_algo; }; struct virtio_crypto_inhdr {