[Qemu-devel] [PATCH v9 1/2] virtio-crypto: Add virtio crypto device specification
The virtio crypto device is a virtual crypto device (ie. hardware
crypto accelerator card). The virtio crypto device can provide
five crypto services: CIPHER, MAC, HASH, AEAD, KDF, ASYM, PRIMITIVE.
In this patch, CIPHER, MAC, HASH, AEAD services are introduced.
Signed-off-by: Gonglei
CC: Michael S. Tsirkin
CC: Cornelia Huck
CC: Stefan Hajnoczi
CC: Lingli Deng
CC: Jani Kokkonen
CC: Ola Liljedahl
CC: Varun Sethi
CC: Zeng Xin
CC: Keating Brian
CC: Ma Liang J
CC: Griffin John
CC: Hanweidong
CC: Mihai Claudiu Caraman
---
content.tex | 2 +
virtio-crypto.tex | 926 ++
2 files changed, 928 insertions(+)
create mode 100644 virtio-crypto.tex
diff --git a/content.tex b/content.tex
index 4b45678..ab75f78 100644
--- a/content.tex
+++ b/content.tex
@@ -5750,6 +5750,8 @@ descriptor for the \field{sense_len}, \field{residual},
\field{status_qualifier}, \field{status}, \field{response} and
\field{sense} fields.
+\input{virtio-crypto.tex}
+
\chapter{Reserved Feature Bits}\label{sec:Reserved Feature Bits}
Currently there are three device-independent feature bits defined:
diff --git a/virtio-crypto.tex b/virtio-crypto.tex
new file mode 100644
index 000..eec4741
--- /dev/null
+++ b/virtio-crypto.tex
@@ -0,0 +1,926 @@
+\section{Crypto Device}\label{sec:Device Types / Crypto Device}
+
+The virtio crypto device is a virtual crypto device, and is a kind of
+virtual hardware accelerator for virtual machines. The encryption and
+decryption requests are placed in the data queue, and handled by the
+real crypto accelerators finally. The second queue is the control queue,
+which is used to create or destroy sessions for symmetric algorithms, and
+control some advanced features in the future. The virtio crypto
+device can provide seven crypto services: CIPHER, MAC, HASH, AEAD,
+KDF, ASYM, PRIMITIVE.
+
+\subsection{Device ID}\label{sec:Device Types / Crypto Device / Device ID}
+
+20
+
+\subsection{Virtqueues}\label{sec:Device Types / Crypto Device / Virtqueues}
+
+\begin{description}
+\item[0] dataq1
+\item[\ldots]
+\item[N-1] dataqN
+\item[N] controlq
+\end{description}
+
+N is set by \field{max_dataqueues}.
+
+\subsection{Feature bits}\label{sec:Device Types / Crypto Device / Feature
bits}
+ None currently defined
+
+\subsection{Device configuration layout}\label{sec:Device Types / Crypto
Device / Device configuration layout}
+
+The following driver-read-only configuration fields are currently defined.
+
+\begin{lstlisting}
+struct virtio_crypto_config {
+le32 status;
+le32 max_dataqueues;
+le32 crypto_services;
+/* detailed algorithms mask */
+le32 cipher_algo_l;
+le32 cipher_algo_h;
+le32 hash_algo;
+le32 mac_algo_l;
+le32 mac_algo_h;
+le32 asym_algo;
+le32 kdf_algo;
+le32 aead_algo;
+le32 primitive_algo;
+};
+\end{lstlisting}
+
+The first field, \field{status} is currently defined: VIRTIO_CRYPTO_S_HW_READY
+and VIRTIO_CRYPTO_S_STARTED.
+
+\begin{lstlisting}
+#define VIRTIO_CRYPTO_S_HW_READY (1 << 0)
+#define VIRTIO_CRYPTO_S_STARTED (1 << 1)
+\end{lstlisting}
+
+The following driver-read-only field, \field{max_dataqueuess} specifies the
+maximum number of data virtqueues (dataq1\ldots dataqN). The
\field{crypto_services}
+shows the crypto service the virtio crypto supports. The service currently
+defined are:
+
+\begin{lstlisting}
+#define VIRTIO_CRYPTO_SERVICE_CIPHER (0) /* cipher service */
+#define VIRTIO_CRYPTO_SERVICE_HASH (1) /* hash service */
+#define VIRTIO_CRYPTO_SERVICE_MAC(2) /* MAC (Message Authentication Codes)
service */
+#define VIRTIO_CRYPTO_SERVICE_AEAD (3) /* AEAD (Authenticated Encryption
with Associated Data) service */
+\end{lstlisting}
+
+The last driver-read-only fields specify detailed algorithms masks which
+the device offers for corresponding services. The below CIPHER algorithms
+are defined currently:
+
+\begin{lstlisting}
+#define VIRTIO_CRYPTO_NO_CIPHER 0
+#define VIRTIO_CRYPTO_CIPHER_ARC4 1
+#define VIRTIO_CRYPTO_CIPHER_AES_ECB2
+#define VIRTIO_CRYPTO_CIPHER_AES_CBC3
+#define VIRTIO_CRYPTO_CIPHER_AES_CTR4
+#define VIRTIO_CRYPTO_CIPHER_DES_ECB5
+#define VIRTIO_CRYPTO_CIPHER_DES_CBC6
+#define VIRTIO_CRYPTO_CIPHER_3DES_ECB 7
+#define VIRTIO_CRYPTO_CIPHER_3DES_CBC 8
+#define VIRTIO_CRYPTO_CIPHER_3DES_CTR 9
+#define VIRTIO_CRYPTO_CIPHER_KASUMI_F8 10
+#define VIRTIO_CRYPTO_CIPHER_SNOW3G_UEA211
+#define VIRTIO_CRYPTO_CIPHER_AES_F8 12
+#define VIRTIO_CRYPTO_CIPHER_AES_XTS13
+#define VIRTIO_CRYPTO_CIPHER_ZUC_EEA3 14
+\end{lstlisting}
+
+The below HASH algorithms are defined currently:
+
+\begin{lstlisting}
+#define VIRTIO_CRYPTO_NO_HASH0
+#define VIRTIO_CRYPTO_HASH_MD5 1
+#define VIRTIO_CRYPTO_HASH_SHA1 2
+#define VIRTIO_CRYPTO_HASH_SHA_224 3
+#d
Re: [Qemu-devel] [PATCH v9 1/2] virtio-crypto: Add virtio crypto device specification
On Thu, Sep 08, 2016 at 06:05:14PM +0800, Gonglei wrote:
> The virtio crypto device is a virtual crypto device (ie. hardware
> crypto accelerator card). The virtio crypto device can provide
> five crypto services: CIPHER, MAC, HASH, AEAD, KDF, ASYM, PRIMITIVE.
>
> In this patch, CIPHER, MAC, HASH, AEAD services are introduced.
>
> Signed-off-by: Gonglei
> CC: Michael S. Tsirkin
> CC: Cornelia Huck
> CC: Stefan Hajnoczi
> CC: Lingli Deng
> CC: Jani Kokkonen
> CC: Ola Liljedahl
> CC: Varun Sethi
> CC: Zeng Xin
> CC: Keating Brian
> CC: Ma Liang J
> CC: Griffin John
> CC: Hanweidong
> CC: Mihai Claudiu Caraman
I mostly looked at the conformance clauses.
Here are some comments worth addressing.
Thanks!
> ---
> content.tex | 2 +
> virtio-crypto.tex | 926
> ++
> 2 files changed, 928 insertions(+)
> create mode 100644 virtio-crypto.tex
>
> diff --git a/content.tex b/content.tex
> index 4b45678..ab75f78 100644
> --- a/content.tex
> +++ b/content.tex
> @@ -5750,6 +5750,8 @@ descriptor for the \field{sense_len}, \field{residual},
> \field{status_qualifier}, \field{status}, \field{response} and
> \field{sense} fields.
>
> +\input{virtio-crypto.tex}
> +
> \chapter{Reserved Feature Bits}\label{sec:Reserved Feature Bits}
>
> Currently there are three device-independent feature bits defined:
> diff --git a/virtio-crypto.tex b/virtio-crypto.tex
> new file mode 100644
> index 000..eec4741
> --- /dev/null
> +++ b/virtio-crypto.tex
> @@ -0,0 +1,926 @@
> +\section{Crypto Device}\label{sec:Device Types / Crypto Device}
> +
> +The virtio crypto device is a virtual crypto device, and is a kind of
> +virtual hardware accelerator for virtual machines. The encryption and
> +decryption requests are placed in the data queue, and handled by the
> +real crypto accelerators finally. The second queue is the control queue,
> +which is used to create or destroy sessions for symmetric algorithms, and
> +control some advanced features in the future. The virtio crypto
> +device can provide seven crypto services: CIPHER, MAC, HASH, AEAD,
> +KDF, ASYM, PRIMITIVE.
> +
> +\subsection{Device ID}\label{sec:Device Types / Crypto Device / Device ID}
> +
> +20
> +
> +\subsection{Virtqueues}\label{sec:Device Types / Crypto Device / Virtqueues}
> +
> +\begin{description}
> +\item[0] dataq1
> +\item[\ldots]
> +\item[N-1] dataqN
> +\item[N] controlq
> +\end{description}
> +
> +N is set by \field{max_dataqueues}.
> +
> +\subsection{Feature bits}\label{sec:Device Types / Crypto Device / Feature
> bits}
> + None currently defined
> +
> +\subsection{Device configuration layout}\label{sec:Device Types / Crypto
> Device / Device configuration layout}
> +
> +The following driver-read-only configuration fields are currently defined.
> +
> +\begin{lstlisting}
> +struct virtio_crypto_config {
> +le32 status;
> +le32 max_dataqueues;
> +le32 crypto_services;
> +/* detailed algorithms mask */
> +le32 cipher_algo_l;
> +le32 cipher_algo_h;
> +le32 hash_algo;
> +le32 mac_algo_l;
> +le32 mac_algo_h;
> +le32 asym_algo;
> +le32 kdf_algo;
> +le32 aead_algo;
> +le32 primitive_algo;
> +};
> +\end{lstlisting}
> +
> +The first field, \field{status} is currently defined:
> VIRTIO_CRYPTO_S_HW_READY
> +and VIRTIO_CRYPTO_S_STARTED.
> +
> +\begin{lstlisting}
> +#define VIRTIO_CRYPTO_S_HW_READY (1 << 0)
> +#define VIRTIO_CRYPTO_S_STARTED (1 << 1)
> +\end{lstlisting}
> +
> +The following driver-read-only field, \field{max_dataqueuess} specifies the
> +maximum number of data virtqueues (dataq1\ldots dataqN). The
> \field{crypto_services}
> +shows the crypto service the virtio crypto supports. The service currently
> +defined are:
I'm not a native english speaker myself but I can tell there are some
mistakes in english in this text. Could you pls get a native speaker go
over the text for you? We'll likely get it corrected during public
review anyway, but it's better to fix them early.
> +
> +\begin{lstlisting}
> +#define VIRTIO_CRYPTO_SERVICE_CIPHER (0) /* cipher service */
> +#define VIRTIO_CRYPTO_SERVICE_HASH (1) /* hash service */
You write cipher and hash here, but elsewhere in text you
refer to them as CIPHER and HASH.
> +#define VIRTIO_CRYPTO_SERVICE_MAC(2) /* MAC (Message Authentication
> Codes) service */
> +#define VIRTIO_CRYPTO_SERVICE_AEAD (3) /* AEAD (Authenticated Encryption
> with Associated Data) service */
> +\end{lstlisting}
> +
> +The last driver-read-only fields specify detailed algorithms masks which
> +the device offers for corresponding services. The below CIPHER algorithms
> +are defined currently:
... are currently defined
Similarly "finally" etc elsewhere.
Or better just drop "currently", it adds no value, here and
elsewhere.
> +
> +\begin{lstlisting}
> +#define VIRTIO_CRYPTO_NO_CIPHER 0
> +#define VIRTIO_CRYPTO_CIPHER_ARC4 1
> +#define VIRTIO_CRYPTO_CIPHER_
Re: [Qemu-devel] [PATCH v9 1/2] virtio-crypto: Add virtio crypto device specification
Hi Michael,
> -Original Message-
> From: Michael S. Tsirkin [mailto:m...@redhat.com]
> Sent: Friday, September 09, 2016 12:44 AM
> Subject: Re: [PATCH v9 1/2] virtio-crypto: Add virtio crypto device
> specification
>
> On Thu, Sep 08, 2016 at 06:05:14PM +0800, Gonglei wrote:
> > The virtio crypto device is a virtual crypto device (ie. hardware
> > crypto accelerator card). The virtio crypto device can provide
> > five crypto services: CIPHER, MAC, HASH, AEAD, KDF, ASYM, PRIMITIVE.
> >
> > In this patch, CIPHER, MAC, HASH, AEAD services are introduced.
> >
> > Signed-off-by: Gonglei
> > CC: Michael S. Tsirkin
> > CC: Cornelia Huck
> > CC: Stefan Hajnoczi
> > CC: Lingli Deng
> > CC: Jani Kokkonen
> > CC: Ola Liljedahl
> > CC: Varun Sethi
> > CC: Zeng Xin
> > CC: Keating Brian
> > CC: Ma Liang J
> > CC: Griffin John
> > CC: Hanweidong
> > CC: Mihai Claudiu Caraman
>
> I mostly looked at the conformance clauses.
> Here are some comments worth addressing.
>
Good, Thanks !
> Thanks!
>
> > ---
> > content.tex | 2 +
> > virtio-crypto.tex | 926
> ++
> > 2 files changed, 928 insertions(+)
> > create mode 100644 virtio-crypto.tex
> >
> > diff --git a/content.tex b/content.tex
> > index 4b45678..ab75f78 100644
> > --- a/content.tex
> > +++ b/content.tex
> > @@ -5750,6 +5750,8 @@ descriptor for the \field{sense_len},
> \field{residual},
> > \field{status_qualifier}, \field{status}, \field{response} and
> > \field{sense} fields.
> >
> > +\input{virtio-crypto.tex}
> > +
> > \chapter{Reserved Feature Bits}\label{sec:Reserved Feature Bits}
> >
> > Currently there are three device-independent feature bits defined:
> > diff --git a/virtio-crypto.tex b/virtio-crypto.tex
> > new file mode 100644
> > index 000..eec4741
> > --- /dev/null
> > +++ b/virtio-crypto.tex
> > @@ -0,0 +1,926 @@
> > +\section{Crypto Device}\label{sec:Device Types / Crypto Device}
> > +
> > +The virtio crypto device is a virtual crypto device, and is a kind of
> > +virtual hardware accelerator for virtual machines. The encryption and
> > +decryption requests are placed in the data queue, and handled by the
> > +real crypto accelerators finally. The second queue is the control queue,
> > +which is used to create or destroy sessions for symmetric algorithms, and
> > +control some advanced features in the future. The virtio crypto
> > +device can provide seven crypto services: CIPHER, MAC, HASH, AEAD,
> > +KDF, ASYM, PRIMITIVE.
> > +
> > +\subsection{Device ID}\label{sec:Device Types / Crypto Device / Device ID}
> > +
> > +20
> > +
> > +\subsection{Virtqueues}\label{sec:Device Types / Crypto Device /
> Virtqueues}
> > +
> > +\begin{description}
> > +\item[0] dataq1
> > +\item[\ldots]
> > +\item[N-1] dataqN
> > +\item[N] controlq
> > +\end{description}
> > +
> > +N is set by \field{max_dataqueues}.
> > +
> > +\subsection{Feature bits}\label{sec:Device Types / Crypto Device / Feature
> bits}
> > + None currently defined
> > +
> > +\subsection{Device configuration layout}\label{sec:Device Types / Crypto
> Device / Device configuration layout}
> > +
> > +The following driver-read-only configuration fields are currently defined.
> > +
> > +\begin{lstlisting}
> > +struct virtio_crypto_config {
> > +le32 status;
> > +le32 max_dataqueues;
> > +le32 crypto_services;
> > +/* detailed algorithms mask */
> > +le32 cipher_algo_l;
> > +le32 cipher_algo_h;
> > +le32 hash_algo;
> > +le32 mac_algo_l;
> > +le32 mac_algo_h;
> > +le32 asym_algo;
> > +le32 kdf_algo;
> > +le32 aead_algo;
> > +le32 primitive_algo;
> > +};
> > +\end{lstlisting}
> > +
> > +The first field, \field{status} is currently defined:
> VIRTIO_CRYPTO_S_HW_READY
> > +and VIRTIO_CRYPTO_S_STARTED.
> > +
> > +\begin{lstlisting}
> > +#define VIRTIO_CRYPTO_S_HW_READY (1 << 0)
> > +#define VIRTIO_CRYPTO_S_STARTED (1 << 1)
> > +\end{lstlisting}
> > +
> > +The following driver-read-only field, \field{max_dataqueuess} specifies the
> > +maximum number of data virtqueues (dataq1\ldots dataqN). The
> \field{crypto_services}
> > +shows the crypto service the virtio crypto supports. The service currently
> > +defined are:
>
> I'm not a native english speaker myself but I can tell there are some
> mistakes in english in this text. Could you pls get a native speaker go
> over the text for you? We'll likely get it corrected during public
> review anyway, but it's better to fix them early.
>
Yes, you are right. I'll do this thing before next version's publication, hope
it's not too late. :)
>
> > +
> > +\begin{lstlisting}
> > +#define VIRTIO_CRYPTO_SERVICE_CIPHER (0) /* cipher service */
> > +#define VIRTIO_CRYPTO_SERVICE_HASH (1) /* hash service */
>
> You write cipher and hash here, but elsewhere in text you
> refer to them as CIPHER and HASH.
>
> > +#define VIRTIO_CRYPTO_SERVICE_MAC(2) /* MAC (Message
> Authentication Codes) service */
> > +#define VIRT
Re: [Qemu-devel] [PATCH v9 1/2] virtio-crypto: Add virtio crypto device specification
On Fri, Sep 09, 2016 at 02:42:41AM +, Gonglei (Arei) wrote:
> Hi Michael,
>
>
> > -Original Message-
> > From: Michael S. Tsirkin [mailto:m...@redhat.com]
> > Sent: Friday, September 09, 2016 12:44 AM
> > Subject: Re: [PATCH v9 1/2] virtio-crypto: Add virtio crypto device
> > specification
> >
> > On Thu, Sep 08, 2016 at 06:05:14PM +0800, Gonglei wrote:
> > > The virtio crypto device is a virtual crypto device (ie. hardware
> > > crypto accelerator card). The virtio crypto device can provide
> > > five crypto services: CIPHER, MAC, HASH, AEAD, KDF, ASYM, PRIMITIVE.
> > >
> > > In this patch, CIPHER, MAC, HASH, AEAD services are introduced.
> > >
> > > Signed-off-by: Gonglei
> > > CC: Michael S. Tsirkin
> > > CC: Cornelia Huck
> > > CC: Stefan Hajnoczi
> > > CC: Lingli Deng
> > > CC: Jani Kokkonen
> > > CC: Ola Liljedahl
> > > CC: Varun Sethi
> > > CC: Zeng Xin
> > > CC: Keating Brian
> > > CC: Ma Liang J
> > > CC: Griffin John
> > > CC: Hanweidong
> > > CC: Mihai Claudiu Caraman
> >
> > I mostly looked at the conformance clauses.
> > Here are some comments worth addressing.
> >
> Good, Thanks !
>
> > Thanks!
> >
> > > ---
> > > content.tex | 2 +
> > > virtio-crypto.tex | 926
> > ++
> > > 2 files changed, 928 insertions(+)
> > > create mode 100644 virtio-crypto.tex
> > >
> > > diff --git a/content.tex b/content.tex
> > > index 4b45678..ab75f78 100644
> > > --- a/content.tex
> > > +++ b/content.tex
> > > @@ -5750,6 +5750,8 @@ descriptor for the \field{sense_len},
> > \field{residual},
> > > \field{status_qualifier}, \field{status}, \field{response} and
> > > \field{sense} fields.
> > >
> > > +\input{virtio-crypto.tex}
> > > +
> > > \chapter{Reserved Feature Bits}\label{sec:Reserved Feature Bits}
> > >
> > > Currently there are three device-independent feature bits defined:
> > > diff --git a/virtio-crypto.tex b/virtio-crypto.tex
> > > new file mode 100644
> > > index 000..eec4741
> > > --- /dev/null
> > > +++ b/virtio-crypto.tex
> > > @@ -0,0 +1,926 @@
> > > +\section{Crypto Device}\label{sec:Device Types / Crypto Device}
> > > +
> > > +The virtio crypto device is a virtual crypto device, and is a kind of
> > > +virtual hardware accelerator for virtual machines. The encryption and
> > > +decryption requests are placed in the data queue, and handled by the
> > > +real crypto accelerators finally. The second queue is the control queue,
> > > +which is used to create or destroy sessions for symmetric algorithms, and
> > > +control some advanced features in the future. The virtio crypto
> > > +device can provide seven crypto services: CIPHER, MAC, HASH, AEAD,
> > > +KDF, ASYM, PRIMITIVE.
> > > +
> > > +\subsection{Device ID}\label{sec:Device Types / Crypto Device / Device
> > > ID}
> > > +
> > > +20
> > > +
> > > +\subsection{Virtqueues}\label{sec:Device Types / Crypto Device /
> > Virtqueues}
> > > +
> > > +\begin{description}
> > > +\item[0] dataq1
> > > +\item[\ldots]
> > > +\item[N-1] dataqN
> > > +\item[N] controlq
> > > +\end{description}
> > > +
> > > +N is set by \field{max_dataqueues}.
> > > +
> > > +\subsection{Feature bits}\label{sec:Device Types / Crypto Device /
> > > Feature
> > bits}
> > > + None currently defined
> > > +
> > > +\subsection{Device configuration layout}\label{sec:Device Types / Crypto
> > Device / Device configuration layout}
> > > +
> > > +The following driver-read-only configuration fields are currently
> > > defined.
> > > +
> > > +\begin{lstlisting}
> > > +struct virtio_crypto_config {
> > > +le32 status;
> > > +le32 max_dataqueues;
> > > +le32 crypto_services;
> > > +/* detailed algorithms mask */
> > > +le32 cipher_algo_l;
> > > +le32 cipher_algo_h;
> > > +le32 hash_algo;
> > > +le32 mac_algo_l;
> > > +le32 mac_algo_h;
> > > +le32 asym_algo;
> > > +le32 kdf_algo;
> > > +le32 aead_algo;
> > > +le32 primitive_algo;
> > > +};
> > > +\end{lstlisting}
> > > +
> > > +The first field, \field{status} is currently defined:
> > VIRTIO_CRYPTO_S_HW_READY
> > > +and VIRTIO_CRYPTO_S_STARTED.
> > > +
> > > +\begin{lstlisting}
> > > +#define VIRTIO_CRYPTO_S_HW_READY (1 << 0)
> > > +#define VIRTIO_CRYPTO_S_STARTED (1 << 1)
> > > +\end{lstlisting}
> > > +
> > > +The following driver-read-only field, \field{max_dataqueuess} specifies
> > > the
> > > +maximum number of data virtqueues (dataq1\ldots dataqN). The
> > \field{crypto_services}
> > > +shows the crypto service the virtio crypto supports. The service
> > > currently
> > > +defined are:
> >
> > I'm not a native english speaker myself but I can tell there are some
> > mistakes in english in this text. Could you pls get a native speaker go
> > over the text for you? We'll likely get it corrected during public
> > review anyway, but it's better to fix them early.
> >
> Yes, you are right. I'll do this thing before next version's publication,
> hope it's not too late. :)
Re: [Qemu-devel] [PATCH v9 1/2] virtio-crypto: Add virtio crypto device specification
> -Original Message-
> From: Michael S. Tsirkin [mailto:m...@redhat.com]
> Sent: Friday, September 09, 2016 11:43 AM
> Subject: Re: [PATCH v9 1/2] virtio-crypto: Add virtio crypto device
> specification
>
> On Fri, Sep 09, 2016 at 02:42:41AM +, Gonglei (Arei) wrote:
> > Hi Michael,
> >
> >
> > > -Original Message-
> > > From: Michael S. Tsirkin [mailto:m...@redhat.com]
> > > Sent: Friday, September 09, 2016 12:44 AM
> > > Subject: Re: [PATCH v9 1/2] virtio-crypto: Add virtio crypto device
> specification
> > >
> > > On Thu, Sep 08, 2016 at 06:05:14PM +0800, Gonglei wrote:
> > > > The virtio crypto device is a virtual crypto device (ie. hardware
> > > > crypto accelerator card). The virtio crypto device can provide
> > > > five crypto services: CIPHER, MAC, HASH, AEAD, KDF, ASYM, PRIMITIVE.
> > > >
> > > > In this patch, CIPHER, MAC, HASH, AEAD services are introduced.
> > > >
> > > > Signed-off-by: Gonglei
> > > > CC: Michael S. Tsirkin
> > > > CC: Cornelia Huck
> > > > CC: Stefan Hajnoczi
> > > > CC: Lingli Deng
> > > > CC: Jani Kokkonen
> > > > CC: Ola Liljedahl
> > > > CC: Varun Sethi
> > > > CC: Zeng Xin
> > > > CC: Keating Brian
> > > > CC: Ma Liang J
> > > > CC: Griffin John
> > > > CC: Hanweidong
> > > > CC: Mihai Claudiu Caraman
> > >
> > > I mostly looked at the conformance clauses.
> > > Here are some comments worth addressing.
> > >
> > Good, Thanks !
> >
> > > Thanks!
> > >
> > > > ---
> > > > content.tex | 2 +
> > > > virtio-crypto.tex | 926
> > > ++
> > > > 2 files changed, 928 insertions(+)
> > > > create mode 100644 virtio-crypto.tex
> > > >
> > > > diff --git a/content.tex b/content.tex
> > > > index 4b45678..ab75f78 100644
> > > > --- a/content.tex
> > > > +++ b/content.tex
> > > > @@ -5750,6 +5750,8 @@ descriptor for the \field{sense_len},
> > > \field{residual},
> > > > \field{status_qualifier}, \field{status}, \field{response} and
> > > > \field{sense} fields.
> > > >
> > > > +\input{virtio-crypto.tex}
> > > > +
> > > > \chapter{Reserved Feature Bits}\label{sec:Reserved Feature Bits}
> > > >
> > > > Currently there are three device-independent feature bits defined:
> > > > diff --git a/virtio-crypto.tex b/virtio-crypto.tex
> > > > new file mode 100644
> > > > index 000..eec4741
> > > > --- /dev/null
> > > > +++ b/virtio-crypto.tex
> > > > @@ -0,0 +1,926 @@
> > > > +\section{Crypto Device}\label{sec:Device Types / Crypto Device}
> > > > +
> > > > +The virtio crypto device is a virtual crypto device, and is a kind of
> > > > +virtual hardware accelerator for virtual machines. The encryption and
> > > > +decryption requests are placed in the data queue, and handled by the
> > > > +real crypto accelerators finally. The second queue is the control
> > > > queue,
> > > > +which is used to create or destroy sessions for symmetric algorithms,
> and
> > > > +control some advanced features in the future. The virtio crypto
> > > > +device can provide seven crypto services: CIPHER, MAC, HASH, AEAD,
> > > > +KDF, ASYM, PRIMITIVE.
> > > > +
> > > > +\subsection{Device ID}\label{sec:Device Types / Crypto Device / Device
> ID}
> > > > +
> > > > +20
> > > > +
> > > > +\subsection{Virtqueues}\label{sec:Device Types / Crypto Device /
> > > Virtqueues}
> > > > +
> > > > +\begin{description}
> > > > +\item[0] dataq1
> > > > +\item[\ldots]
> > > > +\item[N-1] dataqN
> > > > +\item[N] controlq
> > > > +\end{description}
> > > > +
> > > > +N is set by \field{max_dataqueues}.
> > > > +
> > > > +\subsection{Feature bits}\label{sec:Device Types / Crypto Device /
> Feature
> > > bits}
> > > > + None currently defined
> > > > +
> > > > +\subsection{Device configuration layout}\label{sec:Device Types /
> > > > Crypto
> > > Device / Device configuration layout}
> > > > +
> > > > +The following driver-read-only configuration fields are currently
> > > > defined.
> > > > +
> > > > +\begin{lstlisting}
> > > > +struct virtio_crypto_config {
> > > > +le32 status;
> > > > +le32 max_dataqueues;
> > > > +le32 crypto_services;
> > > > +/* detailed algorithms mask */
> > > > +le32 cipher_algo_l;
> > > > +le32 cipher_algo_h;
> > > > +le32 hash_algo;
> > > > +le32 mac_algo_l;
> > > > +le32 mac_algo_h;
> > > > +le32 asym_algo;
> > > > +le32 kdf_algo;
> > > > +le32 aead_algo;
> > > > +le32 primitive_algo;
> > > > +};
> > > > +\end{lstlisting}
> > > > +
> > > > +The first field, \field{status} is currently defined:
> > > VIRTIO_CRYPTO_S_HW_READY
> > > > +and VIRTIO_CRYPTO_S_STARTED.
> > > > +
> > > > +\begin{lstlisting}
> > > > +#define VIRTIO_CRYPTO_S_HW_READY (1 << 0)
> > > > +#define VIRTIO_CRYPTO_S_STARTED (1 << 1)
> > > > +\end{lstlisting}
> > > > +
> > > > +The following driver-read-only field, \field{max_dataqueuess} specifies
> the
> > > > +maximum number of data virtqueues (dataq1\ldots dataqN). The
> > > \field{crypto_services}
> > > > +shows the crypto
Re: [Qemu-devel] [PATCH v9 1/2] virtio-crypto: Add virtio crypto device specification
On Thursday, September 08, 2016 6:05 PM, Gonglei Wrote:
> +The below AEAD algorithms are defined currently:
> +
> +\begin{lstlisting}
> +#define VIRTIO_CRYPTO_NO_AEAD 0
> +#define VIRTIO_CRYPTO_AEAD_GCM1
> +#define VIRTIO_CRYPTO_AEAD_CCM2
> +#define VIRTIO_CRYPTO_AEAD_CHACHA20_POLY1305 3
> +\end{lstlisting}
> +
> +\devicenormative{\subsection}{Device Requirements: Device configuration
> layout}\label{sec:Device Types / Crypto Device / Device configuration layout /
> Device Requirements: Device configuration layout}
Xelatex complains " Argument of \label has an extra } ", need fix.
Same complaints below when using devicenormative and label.
> +
> +\begin{itemize*}
> +\item The device MUST set \field{max_dataqueues} to between 1 and 65535
> inclusive.
> +\item The device SHOULD set \field{status} according to the status of the
> hardware-backed implementation.
> +\item The device MUST set \field{crypto_services} according to the crypto
> services which the device offered.
> +\item The device MUST set detailed algorithms mask according to
> \field{crypto_services} field.
> +\end{itemize*}
> +
> +\drivernormative{\subsection}{Driver Requirements: Device configuration
> layout}\label{sec:Device Types / Crypto Device / Device configuration layout /
> Driver Requirements: Device configuration layout}
> +
> +\begin{itemize*}
> +\item The driver MUST read the ready \field{status} from the bottom bit of
> status to
> + check whether the hardware-backed implementation is ready or not.
> +\item The driver MAY read \field{max_dataqueues} field to discover how
> many data queues the device supports.
> +\item The driver MUST read \field{crypto_services} field to discover which
> services the device is able to offer.
> +\item The driver MUST read the detailed \field{algorithms} field according to
> \field{crypto_services} field.
> +\end{itemize*}
> +
> +\subsection{Device Initialization}\label{sec:Device Types / Crypto Device /
> Device Initialization}
> +
> +\subsubsection{Driver Requirements: Device Initialization}\label{sec:Device
> Types / Crypto Device / Device Initialization / Driver Requirements: Device
> Initialization}
> +
> +\begin{itemize*}
> +\item The driver MUST identify and initialize up to \field{max_dataqueues}
> data virtqueues.
> +\item The driver MUST identify the control virtqueue.
> +\item The driver MUST identify the ready status of hardware-backend from
> \field{status} field.
> +\item The driver MUST read the supported crypto services from bits of
> \field{crypto_servies}.
> +\item The driver MUST read the supported algorithms according to
> \field{crypto_services} field.
> +\end{itemize*}
> +
> +\subsubsection{Device Requirements: Device Initialization}\label{sec:Device
> Types / Crypto Device / Device Initialization / Device Requirements: Device
> Initialization}
> +
> +\begin{itemize*}
> +\item The device MUST be configured at least one accelerator which executes
> real crypto operations.
> +\item The device MUST write the \field{crypto_services} field according to
> the
> capacities of the backend accelerator.
> +\end{itemize*}
> +
> +\subsection{Device Operation}\label{sec:Device Types / Crypto Device /
> Device Operation}
> +
> +Packets can be transmitted by placing them in both the controlq and dataq.
> +Packets consist of a generic header and a service-specific request.
> +Where 'general header' is for all crypto requests, 'service specific
> requests'
> +are composed of operation parameter + output data + input data in general.
> +Operation parameters are algorithm-specific parameters, output data is the
> +data should be operated, input data is the "operation result + result
> buffer".
> +The general header of controlq:
> +
> +\begin{lstlisting}
> +#define VIRTIO_CRYPTO_OPCODE(service, op) ((service << 8) | (op))
> +
> +struct virtio_crypto_ctrl_header {
> +#define VIRTIO_CRYPTO_CIPHER_CREATE_SESSION \
> + VIRTIO_CRYPTO_OPCODE(VIRTIO_CRYPTO_SERVICE_CIPHER, 0x02)
> +#define VIRTIO_CRYPTO_CIPHER_DESTROY_SESSION \
> + VIRTIO_CRYPTO_OPCODE(VIRTIO_CRYPTO_SERVICE_CIPHER, 0x03)
> +#define VIRTIO_CRYPTO_HASH_CREATE_SESSION \
> + VIRTIO_CRYPTO_OPCODE(VIRTIO_CRYPTO_SERVICE_HASH, 0x02)
> +#define VIRTIO_CRYPTO_HASH_DESTROY_SESSION \
> + VIRTIO_CRYPTO_OPCODE(VIRTIO_CRYPTO_SERVICE_HASH, 0x03)
> +#define VIRTIO_CRYPTO_MAC_CREATE_SESSION \
> + VIRTIO_CRYPTO_OPCODE(VIRTIO_CRYPTO_SERVICE_MAC, 0x02)
> +#define VIRTIO_CRYPTO_MAC_DESTROY_SESSION \
> + VIRTIO_CRYPTO_OPCODE(VIRTIO_CRYPTO_SERVICE_MAC, 0x03)
> +#define VIRTIO_CRYPTO_AEAD_CREATE_SESSION \
> + VIRTIO_CRYPTO_OPCODE(VIRTIO_CRYPTO_SERVICE_AEAD, 0x02)
> +#define VIRTIO_CRYPTO_AEAD_DESTROY_SESSION \
> + VIRTIO_CRYPTO_OPCODE(VIRTIO_CRYPTO_SERVICE_AEAD, 0x03)
> +__virtio32 opcode;
> +__virtio32 algo;
> +__virtio32 flag;
> +/* data virtqueue id */
> +__virtio32 queue_id;
> +};
> +\end{lstlisting}
> +
> +The general header of dataq:
> +
> +\begin{lstlisting}
> +
Re: [Qemu-devel] [PATCH v9 1/2] virtio-crypto: Add virtio crypto device specification
Hi Xin,
Will fix in the next version, thanks!
Regards,
-Gonglei
> -Original Message-
> From: Zeng, Xin [mailto:xin.z...@intel.com]
> Sent: Friday, September 09, 2016 4:26 PM
> To: Gonglei (Arei); qemu-devel@nongnu.org; virtio-...@lists.oasis-open.org
> Cc: Huangpeng (Peter); Luonengjun; m...@redhat.com;
> cornelia.h...@de.ibm.com; stefa...@redhat.com;
> denglin...@chinamobile.com; Jani Kokkonen; ola.liljed...@arm.com;
> varun.se...@freescale.com; Keating, Brian A; Ma, Liang J; Griffin, John;
> Hanweidong (Randy); Huangweidong (C); mike.cara...@nxp.com;
> ag...@suse.de; Claudio Fontana
> Subject: RE: [PATCH v9 1/2] virtio-crypto: Add virtio crypto device
> specification
>
> On Thursday, September 08, 2016 6:05 PM, Gonglei Wrote:
>
> > +The below AEAD algorithms are defined currently:
> > +
> > +\begin{lstlisting}
> > +#define VIRTIO_CRYPTO_NO_AEAD 0
> > +#define VIRTIO_CRYPTO_AEAD_GCM1
> > +#define VIRTIO_CRYPTO_AEAD_CCM2
> > +#define VIRTIO_CRYPTO_AEAD_CHACHA20_POLY1305 3
> > +\end{lstlisting}
> > +
> > +\devicenormative{\subsection}{Device Requirements: Device configuration
> > layout}\label{sec:Device Types / Crypto Device / Device configuration
> > layout /
> > Device Requirements: Device configuration layout}
>
> Xelatex complains " Argument of \label has an extra } ", need fix.
> Same complaints below when using devicenormative and label.
>
> > +
> > +\begin{itemize*}
> > +\item The device MUST set \field{max_dataqueues} to between 1 and 65535
> > inclusive.
> > +\item The device SHOULD set \field{status} according to the status of the
> > hardware-backed implementation.
> > +\item The device MUST set \field{crypto_services} according to the crypto
> > services which the device offered.
> > +\item The device MUST set detailed algorithms mask according to
> > \field{crypto_services} field.
> > +\end{itemize*}
> > +
> > +\drivernormative{\subsection}{Driver Requirements: Device configuration
> > layout}\label{sec:Device Types / Crypto Device / Device configuration
> > layout /
> > Driver Requirements: Device configuration layout}
> > +
> > +\begin{itemize*}
> > +\item The driver MUST read the ready \field{status} from the bottom bit of
> > status to
> > + check whether the hardware-backed implementation is ready or not.
> > +\item The driver MAY read \field{max_dataqueues} field to discover how
> > many data queues the device supports.
> > +\item The driver MUST read \field{crypto_services} field to discover which
> > services the device is able to offer.
> > +\item The driver MUST read the detailed \field{algorithms} field according
> > to
> > \field{crypto_services} field.
> > +\end{itemize*}
> > +
> > +\subsection{Device Initialization}\label{sec:Device Types / Crypto Device /
> > Device Initialization}
> > +
> > +\subsubsection{Driver Requirements: Device Initialization}\label{sec:Device
> > Types / Crypto Device / Device Initialization / Driver Requirements: Device
> > Initialization}
> > +
> > +\begin{itemize*}
> > +\item The driver MUST identify and initialize up to \field{max_dataqueues}
> > data virtqueues.
> > +\item The driver MUST identify the control virtqueue.
> > +\item The driver MUST identify the ready status of hardware-backend from
> > \field{status} field.
> > +\item The driver MUST read the supported crypto services from bits of
> > \field{crypto_servies}.
> > +\item The driver MUST read the supported algorithms according to
> > \field{crypto_services} field.
> > +\end{itemize*}
> > +
> > +\subsubsection{Device Requirements: Device Initialization}\label{sec:Device
> > Types / Crypto Device / Device Initialization / Device Requirements: Device
> > Initialization}
> > +
> > +\begin{itemize*}
> > +\item The device MUST be configured at least one accelerator which
> executes
> > real crypto operations.
> > +\item The device MUST write the \field{crypto_services} field according to
> the
> > capacities of the backend accelerator.
> > +\end{itemize*}
> > +
> > +\subsection{Device Operation}\label{sec:Device Types / Crypto Device /
> > Device Operation}
> > +
> > +Packets can be transmitted by placing them in both the controlq and dataq.
> > +Packets consist of a generic header and a service-specific request.
> > +Where 'general header' is for all crypto requests, 'service specific
> > requests'
> > +are composed of operation parameter + output data + input data in general.
> > +Operation parameters are algorithm-specific parameters, output data is the
> > +data should be operated, input data is the "operation result + result
> > buffer".
> > +The general header of controlq:
> > +
> > +\begin{lstlisting}
> > +#define VIRTIO_CRYPTO_OPCODE(service, op) ((service << 8) | (op))
> > +
> > +struct virtio_crypto_ctrl_header {
> > +#define VIRTIO_CRYPTO_CIPHER_CREATE_SESSION \
> > + VIRTIO_CRYPTO_OPCODE(VIRTIO_CRYPTO_SERVICE_CIPHER,
> 0x02)
> > +#define VIRTIO_CRYPTO_CIPHER_DESTROY_SESSION \
> > + VIRTIO_CRYPTO_OPCODE(VIRTIO_CRYPTO_SERVICE_CIP
