[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: [Qemu-devel] [RFC v1] virtio-crypto specification
From: |
Michael S. Tsirkin |
Subject: |
Re: [Qemu-devel] [RFC v1] virtio-crypto specification |
Date: |
Fri, 20 Nov 2015 11:39:41 +0200 |
Thanks, looks good overall.
You might want to join the TC if you maintain a device.
Generally, I think this needs a bit more formal conformance
statements.
Some examples below.
On Fri, Nov 20, 2015 at 03:27:51AM +0000, Gonglei (Arei) wrote:
> Hi guys,
>
> After initial discussion at this year's KVM forum, I post the RFC version of
> virtio-crypto
> device specification now.
>
> If you have any comments, please let me know, thanks.
>
> Regards,
> -Gonglei
>
>
> 1 Crypto Device
>
> The virtio crypto device is a virtual crypto device (ie. hardware crypto
> accelerator card). Encrypt and decrypt requests are placed in the data queue,
> and handled by the real hardware crypto accelerators finally. A second queue
> is the controlling queue, which is used to create/destroy session or some
> other advanced filtering features.
>
> 1.1 Device ID
>
> 65535 (experimental)
>
> 1.2 Virtqueues
>
> 0
> controlq
> 1
> dataq
>
> 1.3 Feature bits
>
> VIRTIO_CRYPTO_F_REQ_SIZE_MAX (0)
> Maximum size of any single request is in “size_max”.
> VIRTIO_CRYPTO_F_SYM (1)
> Device supports the symmetric cryptography API.
> VIRTIO_CRYPTO_F_DH (2)
> Device supports the Diffie Hellman API.
> VIRTIO_CRYPTO_F_DSA (3)
> Device supports the DSA API.
> VIRTIO_CRYPTO_F_RSA (4)
> Device supports the RSA API.
> VIRTIO_CRYPTO_F_EC (5)
> Device supports the Elliptic Curve API.
> VIRTIO_CRYPTO_F_ECDH (6)
> Device supports the Elliptic Curve Diffie Hellman API.
> VIRTIO_CRYPTO_F_ECDSA (7)
> Device supports the Elliptic Curve DSA API.
> VIRTIO_CRYPTO_F _KEY (8)
> Device supports the Key Generation API.
> VIRTIO_CRYPTO_F_LN (9)
> Device supports the Large Number API.
> VIRTIO_CRYPTO_F_PRIME (10)
> Device supports the prime number testing API.
> VIRTIO_CRYPTO_F_DRGB (11)
> Device supports the DRGB API.
> VIRTIO_CRYPTO_F_NRGB (12)
> Device supports the NRGB API.
> VIRTIO_CRYPTO_F_RAND (13)
> Device supports the random bit/number generation API.
>
> 1.4 Device configuration layout
>
> struct virtio_crypto_config {
> le32 size_max; /* Maximum size of any single request */
> }
>
> 1.5 Device Initialization
>
> 1. The initialization routine should identify the data and control virtqueues.
> 2. If the VIRTIO_CRYPTO_F_SYM feature bit is negotiated, identify the device
> supports the symmetric cryptography API, which as the same as other features.
>
> 1.6 Device Operation
>
> The controlq is used to control session operations, such as create or
> destroy. Meanwhile, some other features or functions can also be
> handled by controlq.
In future versions of the specification?
> The control request is preceded by a header:
> struct virtio_crypto_ctx_outhdr {
> /* cipher algorithm type (ie. aes-cbc ) */
> __virtio32 alg;
> /* length of key */
> __virtio32 keylen;
> /* reserved */
> __virtio32 flags;
> /* control type */
> uint8_t type;
> /* encrypt or decrypt */
> uint8_t op;
> /* mode of hash operation, including authenticated/plain/nested hash */
> uint8_t hash_mode;
> /* authenticate hash/cipher ordering */
> uint8_t alg_chain_order;
> /* length of authenticated key */
> __virtio32 auth_key_len;
> /* hash algorithm type */
> __virtio32 hash_alg;
You can make this all le too: I don't think we need to
support legacy devices of this type.
Spec also does not use uint8_t.
> };
> The encrypt/decrypt requests and the corresponding results are transmitted by
> placing them in dataq. The request itself is preceded by a header:
> struct virtio_crypto_req_outhdr {
> /* algorithm type (ie. aes-128-cbc ) */
> __virtio32 mode;
> /* length of iv */
> __virtio32 ivlen;
> /* length of source data */
> __virtio32 len;
> /* length of auth data */
> __virtio32 auth_len;
> /* the backend session id */
> __virtio64 session_id;
> /* reserved */
> __virtio32 flags;
> };
>
> Both ctx and data requests end by a status byte. The final status byte is
> written by the device: either VIRTIO_CRYPTO_S_OK for success,
> VIRTIO_BLK_S_IOERR for device or driver error or VIRTIO_BLK_S_UNSUPP for a
> request unsupported by device, VIRTIO_CRYPTO_S_BADMSG for verification failed
> when decrypt AEAD algorithms:
>
> #define VIRTIO_CRYPTO_S_OK 0
> #define VIRTIO_CRYPTO_S_ERR 1
> #define VIRTIO_CRYPTO_S_UNSUPP 2
> #define VIRTIO_CRYPTO_S_BADMSG 3
>
> For symmetric cryptography, three types algorithms are supported:
What does this "are supported" mean?
Device SHOULD support 3 types of algorithms?
Or CAN? MUST?
> enum {
> VIRTIO_CRYPTO_ABLKCIPHER,
> VIRTIO_CRYPTO_AEAD,
> VIRTIO_CRYPTO_HASH,
> };
Specify values here too pls.
> VIRTIO_CRYPTO_ABLKCIPHER: Asynchronous Block Cipher.
> VIRTIO_CRYPTO_AEAD: Authenticated Encryption With Associated Data (AEAD)
> Cipher.
> VIRTIO_CRYPTO_HASH: Hash and MAC (Message Authentication Code) cipher.
>
> 1.6.1 Encryption Operation
>
> Bothe ctrlq and dataq virtqueue are bidirectional.
> Step1: Create a session:
> 1. The front-end driver fill out the context message, include algorithm
> name, key, keylen etc;
> 2. The front-end driver send a context message to the backend device by
> controlq;
> 3. The backend driver create a session using the message transmitted by
> controlq;
> 4. Return a session id to the driver.
> Step 2: Execute the detail encryption operation:
> 1. The front-end driver fill out the encrypt requests;
> 2. Put the requests into dataq and kick the virtqueue;
> 3. The backend driver execute the encryption operation according the
> requests’ arguments;
> 4. Return the encryption result to the front-end driver by dataq.
> 5. The front-end driver callback handle the result and over
>
I'm guessing backend driver is the device and front-end the driver?
> Note: the front-end driver needs to support both synchronous and asynchronous
> encryption.
So Driver MUST support .... ?
Or does this in fact a requirement from device to support
both types.
> Even then the performance is poor in synchronous operation because frequent
> context switching and virtualization overhead.
So driver SHOULD by preference use asynchronous encryption?
> 1.6.2 Decryption Operation
>
> The decryption process is the same with encryption, except that AEAD
> algorithm needs to be verified before decryption, if the verify result is not
> correct, the device will directly return VIRTIO_CRYPTO_S_BADMSG (bad message)
> to front-end driver.
>
>
needs to be verified -> device MUST verify and MUST return .... ?