This is the specification about a new virtio crypto device. You can get the source code from the below website:
[PATCH v3 00/10] virtio-crypto: introduce framework and device emulation https://lists.gnu.org/archive/html/qemu-devel/2016-09/msg04132.html [PATCH v4 00/13] virtio-crypto: introduce framework and device emulation https://lists.gnu.org/archive/html/qemu-devel/2016-09/msg07327.html [PATCH v5 00/14] virtio-crypto: introduce framework and device emulation https://lists.gnu.org/archive/html/qemu-devel/2016-10/msg00963.html For more information, please see: http://qemu-project.org/Features/VirtioCrypto Please help to review, thanks. CC: Michael S. Tsirkin <m...@redhat.com> CC: Cornelia Huck <cornelia.h...@de.ibm.com> CC: Stefan Hajnoczi <stefa...@redhat.com> CC: Lingli Deng <denglin...@chinamobile.com> CC: Jani Kokkonen <jani.kokko...@huawei.com> CC: Ola Liljedahl <ola.liljed...@arm.com> CC: Varun Sethi <varun.se...@freescale.com> CC: Zeng Xin <xin.z...@intel.com> CC: Keating Brian <brian.a.keat...@intel.com> CC: Ma Liang J <liang.j...@intel.com> CC: Griffin John <john.grif...@intel.com> CC: Hanweidong <hanweid...@huawei.com> CC: Mihai Claudiu Caraman <mike.cara...@nxp.com> Changes since v11: - drop scatter-gather I/O definition for virtio crypto device because The vring already provides scatter-gather I/O. It is usually not necessary to define scatter-gather I/O at the device level. [Stefan] - perfect algorithm chain parameters' definition. - add HASH/MAC parameter structure. Changes since v10: - fix typos s/filed/field/. [Xin] - replace 'real cypto accelerator' with 'backend crypto accelerator'. [mst] - drop KDF, ASYM, PRIMITIVE services description temporarily. [mst] - write a device requirement are testable about VIRTIO_CRYPTO_S_HW_READY. [mst] - add a space before * in one code comment. [mst] - reset the layout of all crypto operations for better asymmetric algos support. [Xin] - add more detailed description for initialization vector under different modes. - sed -i 's/VIRTIO_CRYPTO_OP_/VIRTIO_CRYPTO_/g' for general usage in asym algos. [Xin] Changes since v9: - request a native speaker go over the text and fix corresponding grammar issues. [mst] - make some description more appropriated over here and there. [mst] - rewrite some requirement for both device and driver. [mst] - use RFC 2119 keywords. [mst] - fix some complaints by Xelatex and typoes. [Xin Zeng] - add scatter/getter chain support for possible large block data. Thanks for your review, Michael and Xin. Changes from v8: - add additional auth gpa and length to struct virtio_crypto_sym_data_req; - add definition of op in struct virtio_crypto_cipher_session_para, VIRTIO_CRYPTO_OP_ENCRYPT and VIRTIO_CRYPTO_OP_DECRYPT; - make all structures 64bit aligned in order to support different architectures more conveniently [Alex & Stefan] - change to devicenormative{\subsection} and \drivernormative{\subsection} in some sections [Stefan] - driver does not have to initialize all data virtqueues if it wants to use fewer [Stefan] - drop VIRTIO_CRYPTO_NO_SERVICE definition [Stefan] - many grammatical problems and typos. [Stefan] - rename VIRTIO_CRYPTO_MAC_CMAC_KASUMI_F9 to VIRTIO_CRYPTO_MAC_CMAC_KASUMI_F9, and VIRTIO_CRYPTO_MAC_CMAC_SNOW3G_UIA2 to VIRTIO_CRYPTO_MAC_SNOW3G_UIA2. [Liang Ma] - drop queue_id property of struct virtio_crypto_op_data_req. - reconstruct some structures about session operation request. - introduce struct virtio_crypto_alg_chain_session_req and struct virtio_crypto_alg_chain_data_req, introduce chain para, output, input structures as well. - change some sections' layout for better compatibility, for asymmetric algos. [Xin Zeng] Changes from v7: - fix some grammar or typo problems. - add more detailed description at steps of encryption section. Changes from v6: - drop verion filed in struct virtio_crypto_config. [Michael & Cornelia] - change the incorrect description in initialization routine. [Zeng Xin] - redefine flag u16 to make structure alignment. [Zeng Xin] - move the content of virtio_crypto_hash_session_para into virtio_crypto_hash_session_input directly, Same to MAC/SYM/AEAD session creation. [Zeng Xin] - adjuest the sequence of idata and odata refer to the virtio scsi parts, meanwhile add the comments of device-readable/writable for them. - add restrictive documents for the guest memory in some structure, which MUST be gauranted to be allocated and physically-contiguous. Changes from v5: - add conformance clauses for virtio crypto device. [Michael] - drop VIRTIO_CRYPTO_S_STARTED. [Michael] - fix some characters problems. [Stefan] - add a MAC algorithm, named VIRTIO_CRYPTO_MAC_ZUC_EIA3. [Zeng Xin] - add the fourth return code, named VIRTIO_CRYPTO_OP_INVSESS used for invalid session id when executing crypto operations. - drop some gpu stuff forgot to delete. [Michael] - convert tab to space all over the content. Changes from v4: - introduce crypto services into virtio crypto device. The services currently defined are CIPHER, MAC, HASH, AEAD, KDF, ASYM, PRIMITIVE. - define a unified crypto request format that is consisted of general header + service specific request, Where 'general header' is for all crypto request, 'service specific request' is composed of operation parameter + input data + output data in generally. operation parameter is algorithm-specific parameters, input data is the data should be operated , output data is the "operation result + result buffer". - redefine the algorithms and structure based on above crypto services. - rearrange the title and subtitle - Only support CIPHER, MAC, HASH and AEAD crypto services, and Xin will focus KDF, ASYM and PRIMITIVE services. - Some other corresponding fixes. - Make a formal patch using tex type. This version is a big reconstruction based on Zeng, Xin' comments, thanks a lot. Changes from v3: - Don't use enum is the spec but macros in specific structures. [Michael & Stefan] - Add two complete structures for session creation and closing, so that the spec is clear on how to lay out the request. [Stefan] - Definite the crypto operation request with assigned structure, in this way, each data request only occupies *one entry* of the Vring descriptor table, which *improves* the *throughput* of data transferring. Changes from v2: - Reserve virtio device ID 20 for crypto device. [Cornelia] - Drop all feature bits, those capabilities are offered by the device all the time. [Stefan & Cornelia] - Add a new section 1.4.2 for driver requirements. [Stefan] - Use definite type definition instead of enum type in some structure. [Stefan] - Add virtio_crypto_cipher_alg definition. [Stefan] - Add a "Device requirements" section as using MUST. [Stefan] - Some grammar nits fixes and typo fixes. [Stefan & Cornelia] - Add one VIRTIO_CRYPTO_S_STARTED status for the driver as the flag of virtio-crypto device started and can work now. Great thanks for Stefan and Cornelia! Changes from v1: - Drop the feature bit definition for each algorithm, and using config space instead [Cornelia] - Add multiqueue support and add corresponding feature bit - Update Encryption process and header definition - Add session operation process and add corresponding header description - Other better description in order to fit for virtio spec [Michael] - Some other trivial fixes. Gonglei (2): virtio-crypto: Add virtio crypto device specification virtio-crypto: Add conformance clauses conformance.tex | 30 ++ content.tex | 2 + virtio-crypto.tex | 999 ++++++++++++++++++++++++++++++++++++++++++++++++++++++ 3 files changed, 1031 insertions(+) create mode 100644 virtio-crypto.tex -- 1.7.12.4
