tjh.dev
Linux kernel mirror (for testing)
git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git
kernel
os
linux
virtio-crypto: introduce akcipher service
Introduce asymmetric service definition, asymmetric operations and
several well known algorithms.
Co-developed-by: lei he <helei.sig11@bytedance.com>
Signed-off-by: lei he <helei.sig11@bytedance.com>
Signed-off-by: zhenwei pi <pizhenwei@bytedance.com>
Link: https://lore.kernel.org/r/20220302033917.1295334-3-pizhenwei@bytedance.com
Signed-off-by: Michael S. Tsirkin <mst@redhat.com>
Reviewed-by: Gonglei <arei.gonglei@huawei.com>
authored by
zhenwei pi
and committed by
Michael S. Tsirkin
24e19590
13d640a3
+80
-1
+80
-1
include/uapi/linux/virtio_crypto.h
+80
-1
include/uapi/linux/virtio_crypto.h
···
37
37
#define VIRTIO_CRYPTO_SERVICE_HASH 1
38
38
#define VIRTIO_CRYPTO_SERVICE_MAC 2
39
39
#define VIRTIO_CRYPTO_SERVICE_AEAD 3
40
+
#define VIRTIO_CRYPTO_SERVICE_AKCIPHER 4
40
41
41
42
#define VIRTIO_CRYPTO_OPCODE(service, op) (((service) << 8) | (op))
42
43
···
58
57
VIRTIO_CRYPTO_OPCODE(VIRTIO_CRYPTO_SERVICE_AEAD, 0x02)
59
58
#define VIRTIO_CRYPTO_AEAD_DESTROY_SESSION \
60
59
VIRTIO_CRYPTO_OPCODE(VIRTIO_CRYPTO_SERVICE_AEAD, 0x03)
60
+
#define VIRTIO_CRYPTO_AKCIPHER_CREATE_SESSION \
61
+
VIRTIO_CRYPTO_OPCODE(VIRTIO_CRYPTO_SERVICE_AKCIPHER, 0x04)
62
+
#define VIRTIO_CRYPTO_AKCIPHER_DESTROY_SESSION \
63
+
VIRTIO_CRYPTO_OPCODE(VIRTIO_CRYPTO_SERVICE_AKCIPHER, 0x05)
61
64
__le32 opcode;
62
65
__le32 algo;
63
66
__le32 flag;
···
185
180
__u8 padding[32];
186
181
};
187
182
183
+
struct virtio_crypto_rsa_session_para {
184
+
#define VIRTIO_CRYPTO_RSA_RAW_PADDING 0
185
+
#define VIRTIO_CRYPTO_RSA_PKCS1_PADDING 1
186
+
__le32 padding_algo;
187
+
188
+
#define VIRTIO_CRYPTO_RSA_NO_HASH 0
189
+
#define VIRTIO_CRYPTO_RSA_MD2 1
190
+
#define VIRTIO_CRYPTO_RSA_MD3 2
191
+
#define VIRTIO_CRYPTO_RSA_MD4 3
192
+
#define VIRTIO_CRYPTO_RSA_MD5 4
193
+
#define VIRTIO_CRYPTO_RSA_SHA1 5
194
+
#define VIRTIO_CRYPTO_RSA_SHA256 6
195
+
#define VIRTIO_CRYPTO_RSA_SHA384 7
196
+
#define VIRTIO_CRYPTO_RSA_SHA512 8
197
+
#define VIRTIO_CRYPTO_RSA_SHA224 9
198
+
__le32 hash_algo;
199
+
};
200
+
201
+
struct virtio_crypto_ecdsa_session_para {
202
+
#define VIRTIO_CRYPTO_CURVE_UNKNOWN 0
203
+
#define VIRTIO_CRYPTO_CURVE_NIST_P192 1
204
+
#define VIRTIO_CRYPTO_CURVE_NIST_P224 2
205
+
#define VIRTIO_CRYPTO_CURVE_NIST_P256 3
206
+
#define VIRTIO_CRYPTO_CURVE_NIST_P384 4
207
+
#define VIRTIO_CRYPTO_CURVE_NIST_P521 5
208
+
__le32 curve_id;
209
+
__le32 padding;
210
+
};
211
+
212
+
struct virtio_crypto_akcipher_session_para {
213
+
#define VIRTIO_CRYPTO_NO_AKCIPHER 0
214
+
#define VIRTIO_CRYPTO_AKCIPHER_RSA 1
215
+
#define VIRTIO_CRYPTO_AKCIPHER_DSA 2
216
+
#define VIRTIO_CRYPTO_AKCIPHER_ECDSA 3
217
+
__le32 algo;
218
+
219
+
#define VIRTIO_CRYPTO_AKCIPHER_KEY_TYPE_PUBLIC 1
220
+
#define VIRTIO_CRYPTO_AKCIPHER_KEY_TYPE_PRIVATE 2
221
+
__le32 keytype;
222
+
__le32 keylen;
223
+
224
+
union {
225
+
struct virtio_crypto_rsa_session_para rsa;
226
+
struct virtio_crypto_ecdsa_session_para ecdsa;
227
+
} u;
228
+
};
229
+
230
+
struct virtio_crypto_akcipher_create_session_req {
231
+
struct virtio_crypto_akcipher_session_para para;
232
+
__u8 padding[36];
233
+
};
234
+
188
235
struct virtio_crypto_alg_chain_session_para {
189
236
#define VIRTIO_CRYPTO_SYM_ALG_CHAIN_ORDER_HASH_THEN_CIPHER 1
190
237
#define VIRTIO_CRYPTO_SYM_ALG_CHAIN_ORDER_CIPHER_THEN_HASH 2
···
304
247
mac_create_session;
305
248
struct virtio_crypto_aead_create_session_req
306
249
aead_create_session;
250
+
struct virtio_crypto_akcipher_create_session_req
251
+
akcipher_create_session;
307
252
struct virtio_crypto_destroy_session_req
308
253
destroy_session;
309
254
__u8 padding[56];
···
325
266
VIRTIO_CRYPTO_OPCODE(VIRTIO_CRYPTO_SERVICE_AEAD, 0x00)
326
267
#define VIRTIO_CRYPTO_AEAD_DECRYPT \
327
268
VIRTIO_CRYPTO_OPCODE(VIRTIO_CRYPTO_SERVICE_AEAD, 0x01)
269
+
#define VIRTIO_CRYPTO_AKCIPHER_ENCRYPT \
270
+
VIRTIO_CRYPTO_OPCODE(VIRTIO_CRYPTO_SERVICE_AKCIPHER, 0x00)
271
+
#define VIRTIO_CRYPTO_AKCIPHER_DECRYPT \
272
+
VIRTIO_CRYPTO_OPCODE(VIRTIO_CRYPTO_SERVICE_AKCIPHER, 0x01)
273
+
#define VIRTIO_CRYPTO_AKCIPHER_SIGN \
274
+
VIRTIO_CRYPTO_OPCODE(VIRTIO_CRYPTO_SERVICE_AKCIPHER, 0x02)
275
+
#define VIRTIO_CRYPTO_AKCIPHER_VERIFY \
276
+
VIRTIO_CRYPTO_OPCODE(VIRTIO_CRYPTO_SERVICE_AKCIPHER, 0x03)
328
277
__le32 opcode;
329
278
/* algo should be service-specific algorithms */
330
279
__le32 algo;
···
457
390
__u8 padding[32];
458
391
};
459
392
393
+
struct virtio_crypto_akcipher_para {
394
+
__le32 src_data_len;
395
+
__le32 dst_data_len;
396
+
};
397
+
398
+
struct virtio_crypto_akcipher_data_req {
399
+
struct virtio_crypto_akcipher_para para;
400
+
__u8 padding[40];
401
+
};
402
+
460
403
/* The request of the data virtqueue's packet */
461
404
struct virtio_crypto_op_data_req {
462
405
struct virtio_crypto_op_header header;
···
476
399
struct virtio_crypto_hash_data_req hash_req;
477
400
struct virtio_crypto_mac_data_req mac_req;
478
401
struct virtio_crypto_aead_data_req aead_req;
402
+
struct virtio_crypto_akcipher_data_req akcipher_req;
479
403
__u8 padding[48];
480
404
} u;
481
405
};
···
487
409
#define VIRTIO_CRYPTO_NOTSUPP 3
488
410
#define VIRTIO_CRYPTO_INVSESS 4 /* Invalid session id */
489
411
#define VIRTIO_CRYPTO_NOSPC 5 /* no free session ID */
412
+
#define VIRTIO_CRYPTO_KEY_REJECTED 6 /* Signature verification failed */
490
413
491
414
/* The accelerator hardware is ready */
492
415
#define VIRTIO_CRYPTO_S_HW_READY (1 << 0)
···
518
439
__le32 max_cipher_key_len;
519
440
/* Maximum length of authenticated key */
520
441
__le32 max_auth_key_len;
521
-
__le32 reserve;
442
+
__le32 akcipher_algo;
522
443
/* Maximum size of each crypto request's content */
523
444
__le64 max_size;
524
445
};