qemu-devel
[Top][All Lists]
Advanced

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [Qemu-devel] [PATCH v1 1/1] virtio crypto device specification: asym


From: Zeng, Xin
Subject: Re: [Qemu-devel] [PATCH v1 1/1] virtio crypto device specification: asymmetric crypto service
Date: Thu, 10 Nov 2016 13:10:09 +0000

Ping...

Appreciate for any comments for this patch!

Thanks

> -----Original Message-----
> From: address@hidden [mailto:address@hidden
> On Behalf Of Zeng, Xin
> Sent: Thursday, November 3, 2016 8:19 PM
> To: address@hidden; address@hidden
> Cc: address@hidden; address@hidden; Keating, Brian A
> <address@hidden>; Griffin, John <address@hidden>; Ma,
> Liang J <address@hidden>; address@hidden
> Subject: [virtio-dev] RE: [PATCH v1 1/1] virtio crypto device specification:
> asymmetric crypto service
> 
> Ping....
> Is there any comment for this patch?
> 
> thanks
> 
> > -----Original Message-----
> > From: Zeng, Xin
> > Sent: Friday, October 28, 2016 10:52 AM
> > To: address@hidden; address@hidden
> > Cc: address@hidden; address@hidden; Keating, Brian A
> > <address@hidden>; Griffin, John <address@hidden>; Ma,
> > Liang J <address@hidden>; address@hidden; Zeng, Xin
> > <address@hidden>
> > Subject: [PATCH v1 1/1] virtio crypto device specification: asymmetric
> crypto
> > service
> >
> > This patch introduces asymmetric crypto service into virtio crypto
> > device spec. The asymmetric crypto service can be referred as signature,
> > verification, encryption, decryption, key generation and key exchange.
> > This patch depends on another virtio crypto device spec patch:
> > https://lists.gnu.org/archive/html/qemu-devel/2016-10/msg01744.html
> >
> > Changes since v0:
> > - Use devicenormative/drivernormative instead of self-defined
> >   device/driver label.  [Lei]
> > - Change the error code of verification to general virtio_crypto
> >   error code. [Lei]
> > - Use macro instead of enum in verification result. [Lei]
> > - Fix the incorrect label value for paragraph and section. [Lei]
> >
> > Please help to review, thanks!
> >
> > Signed-off-by: Xin Zeng <address@hidden>
> > ---
> >  virtio-crypto.tex | 965
> > +++++++++++++++++++++++++++++++++++++++++++++++++++++-
> >  1 file changed, 962 insertions(+), 3 deletions(-)
> >
> > diff --git a/virtio-crypto.tex b/virtio-crypto.tex
> > index 86e4869..43772da 100644
> > --- a/virtio-crypto.tex
> > +++ b/virtio-crypto.tex
> > @@ -6,7 +6,7 @@ decryption requests are placed in the data queue and
> are
> > ultimately handled by t
> >  backend crypto accelerators. The second queue is the control queue used
> to
> > create
> >  or destroy sessions for symmetric algorithms and will control some
> advanced
> >  features in the future. The virtio crypto device provides the following
> crypto
> > -services: CIPHER, MAC, HASH, and AEAD.
> > +services: CIPHER, MAC, HASH, AEAD and ASYM.
> >
> >
> >  \subsection{Device ID}\label{sec:Device Types / Crypto Device / Device ID}
> > @@ -44,7 +44,9 @@ struct virtio_crypto_config {
> >      le32 mac_algo_l;
> >      le32 mac_algo_h;
> >      le32 aead_algo;
> > -    le32 reserve;
> > +    le32 asym_algo;
> > +    le32 rsa_padding;
> > +    le32 reserved;
> >  };
> >  \end{lstlisting}
> >
> > @@ -70,6 +72,8 @@ The following services are defined:
> >  #define VIRTIO_CRYPTO_SERVICE_MAC    (2)
> >  /* AEAD (Authenticated Encryption with Associated Data) service */
> >  #define VIRTIO_CRYPTO_SERVICE_AEAD   (3)
> > +/* ASYM (Asymmetric crypto algorithms) service */
> > +#define VIRTIO_CRYPTO_SERVICE_ASYM   (4)
> >  \end{lstlisting}
> >
> >  The last driver-read-only fields specify detailed algorithms masks
> > @@ -143,6 +147,28 @@ The following AEAD algorithms are defined:
> >  #define VIRTIO_CRYPTO_AEAD_CHACHA20_POLY1305  3
> >  \end{lstlisting}
> >
> > +The following asymmetric algorithms are defined:
> > +
> > +\begin{lstlisting}
> > +#define VIRTIO_CRYPTO_ASYM_NONE        0
> > +#define VIRTIO_CRYPTO_ASYM_RSA         1
> > +#define VIRTIO_CRYPTO_ASYM_DSA         2
> > +#define VIRTIO_CRYPTO_ASYM_DH          3
> > +#define VIRTIO_CRYPTO_ASYM_ECDSA       4
> > +#define VIRTIO_CRYPTO_ASYM_ECDH           5
> > +\end{lstlisting}
> > +
> > +The following rsa padding capabilities are defined:
> > +
> > +\begin{lstlisting}
> > +#define VIRTIO_CRYPTO_RSA_NO_PADDING         0
> > +#define VIRTIO_CRYPTO_RSA_PKCS1_PADDING      1
> > +#define VIRTIO_CRYPTO_RSA_SSLV23_PADDING     2
> > +#define VIRTIO_CRYPTO_RSA_PKCS1_OAEP_PADDING 3
> > +#define VIRTIO_CRYPTO_RSA_X931_PADDING       4
> > +#define VIRTIO_CRYPTO_RSA_PKCS1_PSS_PADDING  5
> > +\end{lstlisting}
> > +
> >  \begin{note}
> >  Any other value is reserved for future use.
> >  \end{note}
> > @@ -241,6 +267,18 @@ struct virtio_crypto_op_header {
> >      VIRTIO_CRYPTO_OPCODE(VIRTIO_CRYPTO_SERVICE_AEAD, 0x00)
> >  #define VIRTIO_CRYPTO_AEAD_DECRYPT \
> >      VIRTIO_CRYPTO_OPCODE(VIRTIO_CRYPTO_SERVICE_AEAD, 0x01)
> > +#define VIRTIO_CRYPTO_ASYM_SIGN    \
> > +    VIRTIO_CRYPTO_OPCODE(VIRTIO_CRYPTO_SERVICE_ASYM, 0x00)
> > +#define VIRTIO_CRYPTO_ASYM_VERIFY \
> > +    VIRTIO_CRYPTO_OPCODE(VIRTIO_CRYPTO_SERVICE_ASYM, 0x01)
> > +#define VIRTIO_CRYPTO_ASYM_ENCRYPT  \
> > +    VIRTIO_CRYPTO_OPCODE(VIRTIO_CRYPTO_SERVICE_ASYM, 0x02)
> > +#define VIRTIO_CRYPTO_ASYM_DECRYPT  \
> > +    VIRTIO_CRYPTO_OPCODE(VIRTIO_CRYPTO_SERVICE_ASYM, 0x03)
> > +#define VIRTIO_CRYPTO_ASYM_KEY_GEN  \
> > +    VIRTIO_CRYPTO_OPCODE(VIRTIO_CRYPTO_SERVICE_ASYM, 0x04)
> > +#define VIRTIO_CRYPTO_ASYM_KEY_EXCHG \
> > +    VIRTIO_CRYPTO_OPCODE(VIRTIO_CRYPTO_SERVICE_ASYM, 0x05)
> >      le32 opcode;
> >      /* algo should be service-specific algorithms */
> >      le32 algo;
> > @@ -548,6 +586,23 @@ struct virtio_crypto_op_data_req {
> >          struct virtio_crypto_hash_data_req  hash_req;
> >          struct virtio_crypto_mac_data_req   mac_req;
> >          struct virtio_crypto_aead_data_req  aead_req;
> > +
> > +        struct virtio_crypto_ecdsa_sign_req ecdsa_sign_req;
> > +        struct virtio_crypto_dsa_sign_req dsa_sign_req;
> > +        struct virtio_crypto_rsa_sign_req rsa_sign_req;
> > +        struct virtio_crypto_ecdsa_verify_req ecdsa_verify_req;
> > +        struct virtio_crypto_dsa_verify_req dsa_verify_req;
> > +        struct virtio_crypto_rsa_verify_req rsa_verify_req;
> > +        struct virtio_crypto_rsa_enc_req rsa_enc_req
> > +        struct virtio_crypto_rsa_dec_req rsa_dec_req;
> > +        struct virtio_crypto_rsa_keygen_req rsa_keygen_req;
> > +        struct virtio_crypto_dsa_keygen_req dsa_keygen_req;
> > +        struct virtio_crypto_ec_keygen_req ec_keygen_req;
> > +        struct virtio_crypto_dh_keyexchg_param_gen_req
> > dh_keyexchg_param_gen_req;
> > +        struct virtio_crypto_dh_keyexchg_key_gen_req
> > dh_keyexchg_key_gen_req;
> > +        struct virtio_crypto_dh_keyexchg_key_compute_req
> > dh_keyexchg_key_compute_req;
> > +        struct virtio_crypto_ecdh_keyexchg_key_gen_req
> > ecdh_keyexchg_key_gen_req;
> > +        struct virtio_crypto_ecdh_keyexchg_key_compute_req
> > ecdh_keyexchg_key_compute_req;
> >      } u;
> >  };
> >  \end{lstlisting}
> > @@ -996,4 +1051,908 @@ pointed by \field{dst_data_addr} and
> > \field{digest_result_addr} in struct virtio
> >  \item The device MUST copy the digest result to the guest memory
> > recorded by \field{digest_result_addr} field in struct
> > virtio_crypto_aead_input.
> >  \item The device MUST set the \field{status} field in strut
> > virtio_crypto_aead_input: VIRTIO_CRYPTO_OK: success;
> > VIRTIO_CRYPTO_ERR: creation failed or device error;
> > VIRTIO_CRYPTO_NOTSUPP: not supported.
> >  \item When the \field{opcode} is VIRTIO_CRYPTO_AEAD_DECRYPT, the
> > device MUST verify and return the verification result to the driver, and if
> the
> > verification result is incorrect, VIRTIO_CRYPTO_BADMSG (bad message)
> > MUST be returned to the driver.
> > -\end{itemize*}
> > \ No newline at end of file
> > +\end{itemize*}
> > +
> > +\subsubsection{Asymmetric Crypto Service Operation}\label{sec:Device
> > Types / Crypto Device / Device Operation /
> > +Crypto operation / Asymmetric Crypto Service Operation}
> > +
> > +In general, asymmetric crypto service can be referred as signature,
> > verification,
> > +encryption, decryption, key generation and key exchange. Not each
> > algorithm supports
> > +all these services.
> > +
> > +Unlike symmetric crypto service, asymmetric crypto service normally
> does't
> > +need session operations, the request is encapsulated within one packet
> > which is represented
> > +by \field{virtio_crypto_op_data_req}.
> > +(see \ref{sec:Device Types / Crypto Device / Device Operation / Data
> > Virtqueue}).
> > +
> > +Once service request is handled by the device, the device writes back the
> > operation results to the corresponding
> > +fields in the request packet.
> > +
> > +The asymmetric crypto operation uses a virtio_crypto_buf to represent
> the
> > input/output buffer.
> > +\begin{lstlisting}
> > +struct virtio_crypto_buf {
> > +    le32 len;
> > +    le32 reserved;
> > +    le64 addr;
> > +};
> > +\end{lstlisting}
> > +
> > +\devicenormative{\paragraph}{Asymmetric Crypto Service
> > Operation}{Device Types / Crypto Device / Device Operation / Asymmetric
> > Crypto Service Operation}
> > +\begin{itemize*}
> > +\item The device MUST parse the field \field{opcode} within
> > \field{virtio_crypto_op_header} (see \ref{sec:Device Types / Crypto
> Device /
> > Device Operation}) before
> > +it handles the corresponding service request.
> > +\item The device SHOULD set the operation status in field \field{status}
> > within \field{idata}.
> > +\item The device SHOULD update the operation result to the fields in
> > \field{idata} if the operation is successful.
> > +\end{itemize*}
> > +
> > +\drivernormative{\paragraph}{Asymmetric Crypto Service
> > Operation}{Device Types / Crypto Device / Device Operation / Asymmetric
> > Crypto Service Operation}
> > +\begin{itemize*}
> > +\item The driver SHOULD set the corresponding \field{opcode} in
> > \field{virtio_crypto_op_header} according to different services.
> > +\item The driver SHOULD offer operatable buffer within \field{idata} if the
> > service request structure defines.
> > +\end{itemize*}
> > +
> > +\paragraph{Signature: ECDSA signature operation}\label{sec:Device Types
> /
> > Crypto Device /
> > +Device Operation / Crypto operation / Asymmetric Crypto Service
> > Operation / Signature: ECDSA signature operation}
> > +
> > +\begin{lstlisting}
> > +struct virtio_crypto_ec_group {
> > +    struct virtio_crypto_buf xg;
> > +    struct virtio_crypto_buf yg;
> > +    struct virtio_crypto_buf n;
> > +    struct virtio_crypto_buf q;
> > +    struct virtio_crypto_buf a;
> > +    struct virtio_crypto_buf b;
> > +    struct virtio_crypto_buf h;
> > +};
> > +
> > +#define VIRTIO_CRYPTO_EC_FIELD_TYPE_PRIME 0
> > +#define VIRTIO_CRYPTO_EC_FIELD_TYPE_BINARY 1
> > +
> > +struct virtio_crypto_ecdsa_sign_para{
> > +    /* Hash alogrithms applied to msg */
> > +    le32 hash_algo;
> > +    /* EC field_type, see VIRTIO_CRYPTO_EC_FIELD_TYPE_* definition */
> > +    le32 field_type;
> > +
> > +    /* EC Group parameters */
> > +    struct virtio_crypto_ec_group ec;
> > +    /* Random value */
> > +    struct virtio_crypto_buf k;
> > +    /* Private Key */
> > +    struct virtio_crypto_buf d;
> > +};
> > +
> > +struct virtio_crypto_ecdsa_sign_output {
> > +    /* Message need to be signed */
> > +    struct virtio_crypto_buf msg;
> > +};
> > +
> > +struct virtio_crypto_ecdsa_sign_input {
> > +    /* operation result */
> > +    le32 status;
> > +    le32 reserved;
> > +
> > +    /* signature result */
> > +    struct virtio_crypto_buf r;
> > +    struct virtio_crypto_buf s;
> > +};
> > +\end{lstlisting}
> > +
> > +ECDSA signature operation request is defined as below:
> > +\begin{lstlisting}
> > +struct virtio_crypto_ecdsa_sign_req {
> > +    struct virtio_crypto_ecdsa_sign_para parameter;
> > +    struct virtio_crypto_ecdsa_sign_output odata;
> > +
> > +    struct virtio_crypto_ecdsa_sign_input idata;
> > +};
> > +\end{lstlisting}
> > +
> > +
> > +\devicenormative{\subparagraph}{ECDSA signature operation}{Device
> > Types / Crypto Device / Device Operation / Asymmetric Crypto Service
> > Operation / ECDSA signature operation}
> > +\begin{itemize*}
> > +\item The device SHOULD set the operation results in \field{idata}
> according
> > to the general device requirments for asymmetric crypto service.
> > +\end{itemize*}
> > +
> > +\drivernormative{\subparagraph}{ECDSA signature operation}{Device
> > Types / Crypto Device / Device Operation / Asymmetric Crypto Service
> > Operation / ECDSA signature operation}
> > +\begin{itemize*}
> > +\item The driver SHOULD set the \field{opcode} in
> > \field{virtio_crypto_op_header} to VIRTIO_CRYPTO_ASYM_SIGN,
> > +set \field{algo} to VIRTIO_CRYPTO_ASYM_ECDSA.
> > +\item The driver SHOULD set all fields in \field{parameter} and
> \field{odata}
> > except field \field{reserved}.
> > +\item The driver MUST check the operation result \field{status} in
> > \field{idata} before it operates other fields in \field{idata}.
> > +Only if the operation is successful, the \field{r,s} in \field{idata} are
> > operatable.
> > +\end{itemize*}
> > +
> > +\paragraph{Signature: DSA signature operation}\label{sec:Device Types /
> > Crypto Device /
> > +Device Operation / Crypto operation / Asymmetric Crypto Service
> > Operation/ Signature: DSA signature operation}
> > +
> > +\begin{lstlisting}
> > +struct virtio_crypto_dsa_group {
> > +    struct virtio_crypto_buf p;
> > +    struct virtio_crypto_buf q;
> > +    struct virtio_crypto_buf g;
> > +};
> > +
> > +struct virtio_crypto_dsa_sign_para {
> > +    /* Hash alogrithms applied to msg */
> > +    le32 hash_algo;
> > +    le32 reserved;
> > +
> > +    /* DSA group parameter */
> > +    struct virtio_crypto_dsa_group dsa;
> > +    /* Random value */
> > +    struct virtio_crypto_buf k;
> > +    /* Private Key */
> > +    struct virtio_crypto_buf x;
> > +};
> > +
> > +struct virtio_crypto_dsa_sign_output {
> > +    struct virtio_crypto_buf msg;
> > +};
> > +
> > +struct virtio_crypto_dsa_sign_input  {
> > +    /* operation result */
> > +    le32 status;
> > +    le32 reserved;
> > +
> > +    /* signature result */
> > +    struct virtio_crypto_buf r;
> > +    struct virtio_crypto_buf s;
> > +};
> > +\end{lstlisting}
> > +DSA signature operation request is defined as below:
> > +\begin{lstlisting}
> > +struct virtio_crypto_dsa_sign_req {
> > +    struct virtio_crypto_dsa_sign_para parameter;
> > +    struct virtio_crypto_dsa_sign_output odata;
> > +
> > +    struct virtio_crypto_dsa_sign_input idata;
> > +};
> > +\end{lstlisting}
> > +
> > +
> > +\devicenormative{\subparagraph}{DSA signature operation}{Device
> Types /
> > Crypto Device / Device Operation / Asymmetric Crypto Service Operation /
> > DSA signature operation}
> > +\begin{itemize*}
> > +\item The device SHOULD set the operation results in \field{idata}
> according
> > to the general device requirments for asymmetric crypto service.
> > +\end{itemize*}
> > +
> > +\drivernormative{\subparagraph}{DSA signature operation}{Device Types
> /
> > Crypto Device / Device Operation / Asymmetric Crypto Service Operation /
> > DSA signature operation}
> > +\begin{itemize*}
> > +\item The driver SHOULD set the \field{opcode} in
> > \field{virtio_crypto_op_header} to VIRTIO_CRYPTO_ASYM_SIGN,
> > +set \field{algo} to VIRTIO_CRYPTO_ASYM_DSA.
> > +\item The driver SHOULD set all fields in \field{parameter} and
> \field{odata}
> > except field \field{reserved}.
> > +\item The driver MUST check the operation result \field{status} in
> > \field{idata} before it operates other fields in \field{idata}.
> > +Only if the operation is successful, the \field{r,s} in \field{idata} are
> > operatable.
> > +\end{itemize*}
> > +
> > +\paragraph{Signature: RSA signature operation}\label{sec:Device Types /
> > Crypto Device /
> > +Device Operation / Crypto operation / Asymmetric Crypto Service
> > Operation / Signature: RSA signature operation}
> > +
> > +\begin{lstlisting}
> > +struct virtio_crypto_rsa_pub_key{
> > +    /* The RSA modules */
> > +    struct virtio_crypto_buf n;
> > +    /* The RSA public exponent */
> > +    struct virtio_crypto_buf e;
> > +};
> > +
> > +struct virtio_crypto_rsa_priv_key_rep1{
> > +    /* The RSA modules */
> > +    struct virtio_crypto_buf n;
> > +    /* The RSA private exponent */
> > +    struct virtio_crypto_buf d;
> > +};
> > +
> > +struct virtio_crypto_rsa_priv_key_rep2{
> > +    /* The first factor */
> > +    struct virtio_crypto_buf p;
> > +    /* The second factor */
> > +    struct virtio_crypto_buf q;
> > +    /* The first factor's CRT exponent */
> > +    struct virtio_crypto_buf dp;
> > +    /* The second factor's CRT exponent */
> > +    struct virtio_crypto_buf dq;
> > +    /* The first CRT coeffieient */
> > +    struct virtio_crypto_buf qinv;
> > +    /* The factors array when prime_number > 2 */
> > +    struct virtio_crypto_buf r[];
> > +    /* The CRT exponent array when prime_number > 2 */
> > +    struct virtio_crypto_buf d[];
> > +    /* The CRT coeffieient array when prime_number > 2 */
> > +    struct virtio_crypto_buf t[];
> > +};
> > +
> > +struct virtio_crypto_rsa_priv_key {
> > +    le32 prime_number;
> > +#define VIRTIO_CRYPTO_RSA_PRIV_KEY_REPTYPE1 0
> > +#define VIRTIO_CRYPTO_RSA_PRIV_KEY_REPTYPE2 1
> > +    le32 priv_key_rep_type;
> > +    union {
> > +        struct virtio_crypto_rsa_priv_key_rep1 privkey_rep1;
> > +        struct virtio_crypto_rsa_priv_key_rep2 privkey_rep2;
> > +    }key;
> > +};
> > +
> > +struct virtio_crypto_rsa_sign_para {
> > +    /* Hash alogrithms applied to msg */
> > +    le32 hash_algo;
> > +    le32 padding_mode;
> > +    struct virtio_crypto_rsa_priv_key priv_key;
> > +};
> > +
> > +struct virtio_crypto_rsa_sign_output {
> > +    struct virtio_crypto_buf msg;
> > +};
> > +
> > +struct virtio_crypto_rsa_sign_input {
> > +    le32 status;
> > +    le32 reserved;
> > +
> > +    struct virtio_crypto_buf signature;
> > +};
> > +\end{lstlisting}
> > +
> > +RSA signature operation request is defined as below:
> > +\begin{lstlisting}
> > +struct virtio_crypto_rsa_sign_req {
> > +    struct virtio_crypto rsa_sign_para parameter;
> > +    struct virtio_crypto rsa_sign_output odata;
> > +
> > +    struct virtio_crypto rsa_sign_input idata;
> > +};
> > +\end{lstlisting}
> > +
> > +
> > +\devicenormative{\subparagraph}{ECDSA signature operation}{Device
> > Types / Crypto Device / Device Operation / Asymmetric Crypto Service
> > Operation / RSA signature operation}
> > +\begin{itemize*}
> > +\item The device SHOULD set the operation results in \field{idata}
> according
> > to the general device requirments for asymmetric crypto service.
> > +\end{itemize*}
> > +
> > +\drivernormative{\subparagraph}{ECDSA signature operation}{Device
> > Types / Crypto Device / Device Operation / Asymmetric Crypto Service
> > Operation / RSA signature operation}
> > +\begin{itemize*}
> > +\item The driver SHOULD set the \field{opcode} in
> > \field{virtio_crypto_op_header} to VIRTIO_CRYPTO_ASYM_SIGN,
> > +set \field{algo} to VIRTIO_CRYPTO_ASYM_RSA.
> > +\item The driver SHOULD set all fields in \field{parameter} and
> \field{odata}
> > except field \field{reserved}.
> > +\item The driver MUST check the operation result \field{status} in
> > \field{idata} before it operates other fields in \field{idata}.
> > +Only if the operation is successful, the \field{signature} in 
> > \field{idata} is
> > operatable.
> > +\end{itemize*}
> > +
> > +\paragraph{Verification: Common Structure}\label{sec:Device Types /
> > +Crypto Device / Device Operation / Crypto operation / Asymmetric Crypto
> > Service Operation / Verification: Common Structure}
> > +
> > +The result of verification operation can be represented by structure
> > \field{virtio_crypto_asym_verify_gen_input}.
> > +
> > +\begin{lstlisting}
> > +struct virtio_crypto_asym_verify_gen_input {
> > +    /* Operation result */
> > +    le32 status;
> > +    /* Verification result, VIRTIO_CRYPTO_OK for a susscssful verification
> > +     VIRTIO_CRYPTO_BADMSG for a failed verification */
> > +    le32 verify_result;
> > +};
> > +\end{lstlisting}
> > +
> > +\paragraph{Verification: ECDSA Verification Operation}\label{sec:Device
> > Types /
> > +Crypto Device / Device Operation / Crypto operation / Asymmetric Crypto
> > Service Operation / Verification: ECDSA Verification Operation}
> > +
> > +\begin{lstlisting}
> > +struct virtio_crypto_ecdsa_verify_para {
> > +    /* Hash alogrithms applied to msg */
> > +    le32 hash_algo;
> > +    /* EC field_type, see VIRTIO_CRYPTO_EC_FIELD_TYPE_* definition */
> > +    le32 field_type;
> > +
> > +    /* EC Group parameters */
> > +    struct virtio_crypto_ec_group ec;
> > +
> > +    /* Public key */
> > +    struct virtio_crypto_buf x;
> > +    struct virtio_crypto_buf y;
> > +};
> > +
> > +struct virtio_crypto_ecdsa_verify_output {
> > +    /* Signature value */
> > +    struct virtio_crypto_buf r;
> > +    struct virtio_crypto_buf s;
> > +
> > +    struct virtio_crypto_buf msg;
> > +};
> > +\end{lstlisting}
> > +
> > +ECDSA Verification Operation request is defined as below:
> > +\begin{lstlisting}
> > +struct virtio_crypto_ecdsa_verify_req {
> > +    struct virtio_crypto_ecdsa_verify_para parameter;
> > +    struct virtio_crypto_ecdsa_verify_output odata;
> > +
> > +    struct virtio_crypto_asym_verify_gen_input idata;
> > +};
> > +\end{lstlisting}
> > +
> > +\devicenormative{\subparagraph}{ECDSA verification operation}{Device
> > Types / Crypto Device / Device Operation / Asymmetric Crypto Service
> > Operation / ECDSA verification operation}
> > +\begin{itemize*}
> > +\item The device SHOULD set the operation results in \field{idata}
> according
> > to the general device requirments for asymmetric crypto service.
> > +\end{itemize*}
> > +
> > +\drivernormative{\subparagraph}{ECDSA verification operation}{Device
> > Types / Crypto Device / Device Operation / Asymmetric Crypto Service
> > Operation / ECDSA verification operation}
> > +\begin{itemize*}
> > +\item The driver SHOULD set the \field{opcode} in
> > \field{virtio_crypto_op_header} to VIRTIO_CRYPTO_ASYM_VERIFY,
> > +set \field{algo} to VIRTIO_CRYPTO_ASYM_ECDSA.
> > +\item The driver SHOULD set all fields in \field{parameter} and
> \field{odata}
> > except field \field{reserved}.
> > +\item The driver MUST check the operation result \field{status} in
> > \field{idata} before it checks \field{verify_result}.
> > +\end{itemize*}
> > +
> > +\paragraph{Verification: DSA Verification Operation}\label{sec:Device
> Types
> > /
> > +Crypto Device / Device Operation / Crypto operation / Asymmetric Crypto
> > Service Operation / Verification: DSA Verification Operation}
> > +
> > +\begin{lstlisting}
> > +struct virtio_crypto_dsa_verify_para {
> > +    le32 hash_algo;
> > +    le32 reserved;
> > +
> > +    /* DSA Group parameters */
> > +    struct virtio_crypto_dsa_group dsa;
> > +
> > +    /* Public key */
> > +    struct virtio_crypto_buf y;
> > +};
> > +
> > +struct virtio_crypto_dsa_verify_output {
> > +    /* Signature value */
> > +    struct virtio_crypto_buf r;
> > +    struct virtio_crypto_buf s;
> > +
> > +    struct virtio_crypto_buf msg;
> > +};
> > +\end{lstlisting}
> > +
> > +DSA Verification Operation request is defined as below:
> > +\begin{lstlisting}
> > +struct virtio_crypto_dsa_verify_req {
> > +    struct virtio_crypto_dsa_verify_para parameter;
> > +    struct virtio_crypto_dsa_verify_output odata;
> > +
> > +    struct virtio_crypto_asym_verify_gen_input idata;
> > +};
> > +\end{lstlisting}
> > +
> > +\devicenormative{\subparagraph}{DSA verification operation}{Device
> > Types / Crypto Device / Device Operation / Asymmetric Crypto Service
> > Operation / DSA verification operation}
> > +\begin{itemize*}
> > +\item The device SHOULD set the operation results in \field{idata}.
> > +\end{itemize*}
> > +
> > +\drivernormative{\subparagraph}{DSA verification operation}{Device
> Types
> > / Crypto Device / Device Operation / Asymmetric Crypto Service Operation
> /
> > DSA verification operation}
> > +\begin{itemize*}
> > +\item The driver SHOULD set the \field{opcode} in
> > \field{virtio_crypto_op_header} to VIRTIO_CRYPTO_ASYM_VERIFY,
> > +set \field{algo} to VIRTIO_CRYPTO_ASYM_DSA.
> > +\item The driver SHOULD set all fields in \field{parameter} and
> \field{odata}
> > except field \field{reserved}.
> > +\item The driver MUST check the operation result \field{status} in
> > \field{idata} before it checks \field{verify_result}.
> > +\end{itemize*}
> > +
> > +\paragraph{Verification: RSA Verification Operation}\label{sec:Device
> Types
> > /
> > +Crypto Device / Device Operation / Crypto operation / Asymmetric Crypto
> > Service Operation / Verification: RSA Verification Operation}
> > +
> > +\begin{lstlisting}
> > +struct virtio_crypto_rsa_verify_para {
> > +    le32 hash_algo;
> > +    le32 padding_mode;
> > +    struct virtio_crypto_rsa_pub_key pubkey;
> > +};
> > +
> > +struct virtio_crypto_rsa_verify_output {
> > +    struct virtio_crypto_buf msg;
> > +};
> > +\end{lstlisting}
> > +
> > +RSA verification operation request is defined as below:
> > +\begin{lstlisting}
> > +struct virtio_crypto_rsa_verify_req {
> > +    struct virtio_crypto_rsa_verify_para parameter;
> > +    struct virtio_crypto_rsa_verify_output odata;
> > +
> > +    struct virtio_crypto_asym_verify_gen_input idata;
> > +};
> > +\end{lstlisting}
> > +
> > +\devicenormative{\subparagraph}{RSA verification operation}{Device
> Types
> > / Crypto Device / Device Operation / Asymmetric Crypto Service Operation
> /
> > RSA verification operation}
> > +\begin{itemize*}
> > +\item The device SHOULD set the operation results in \field{idata}.
> > +\end{itemize*}
> > +
> > +\drivernormative{\subparagraph}{RSA verification operation}{Device
> Types
> > / Crypto Device / Device Operation / Asymmetric Crypto Service Operation
> /
> > RSA verification operation}
> > +\begin{itemize*}
> > +\item The driver SHOULD set the \field{opcode} in
> > \field{virtio_crypto_op_header} to VIRTIO_CRYPTO_ASYM_VERIFY,
> > +set \field{algo} to VIRTIO_CRYPTO_ASYM_RSA.
> > +\item The driver SHOULD set all fields in \field{parameter} and
> \field{odata}
> > except field \field{reserved}.
> > +\item The driver MUST check the operation result \field{status} in
> > \field{idata} before it checks \field{verify_result}.
> > +\end{itemize*}
> > +
> > +\paragraph{Encryption: RSA Encryption Operation}\label{sec:Device Types
> /
> > +Crypto Device / Device Operation / Crypto operation / Asymmetric Crypto
> > Service Operation / Encryption: RSA Encryption Operation}
> > +
> > +\begin{lstlisting}
> > +struct virtio_crypto_rsa_enc_para {
> > +    le32 padding_mode;
> > +    le32 reserved;
> > +    struct rsa_pub_key pub_key;
> > +};
> > +
> > +struct virtio_crypto_rsa_enc_output {
> > +    struct virtio_crypto_buf msg;
> > +};
> > +
> > +struct virtio_crypto_rsa_enc_input {
> > +    le32 status;
> > +    le32 reserved;
> > +
> > +    struct virtio_crypto_buf cmsg;
> > +};
> > +\end{lstlisting}
> > +
> > +RSA encryption operation request is defined as below:
> > +\begin{lstlisting}
> > +struct virtio_crypto_rsa_enc_req {
> > +    struct virtio_crypto_rsa_enc_para parameter;
> > +    struct virtio_crypto_rsa_enc_output odata;
> > +
> > +    struct virtio_crypto_rsa_enc_input idata;
> > +};
> > +\end{lstlisting}
> > +
> > +\devicenormative{\subparagraph}{RSA Encryption Operation}{Device
> Types
> > / Crypto Device / Device Operation / Asymmetric Crypto Service Operation
> /
> > RSA Encryption Operation}
> > +\begin{itemize*}
> > +\item The device SHOULD set the operation results in \field{idata}
> according
> > to the general device requirments for asymmetric crypto service.
> > +\end{itemize*}
> > +
> > +\drivernormative{\subparagraph}{RSA Encryption Operation}{Device
> Types
> > / Crypto Device / Device Operation / Asymmetric Crypto Service Operation
> /
> > RSA Encryption Operation}
> > +\begin{itemize*}
> > +\item The driver SHOULD set the \field{opcode} in
> > \field{virtio_crypto_op_header} to VIRTIO_CRYPTO_ASYM_ENCRYPT,
> > +set \field{algo} to VIRTIO_CRYPTO_ASYM_RSA.
> > +\item The driver SHOULD set all fields in \field{parameter} and
> \field{odata}
> > except field \field{reserved}.
> > +\item The driver MUST check the operation result \field{status} in
> > \field{idata} before it operates other fields in \field{idata}.
> > +Only if the operation is successful, the \field{cmsg} in \field{idata} is
> > operatable.
> > +\end{itemize*}
> > +
> > +\paragraph{Decryption: RSA Decryption Operation}\label{sec:Device
> Types
> > /
> > +Crypto Device / Device Operation / Crypto operation / Asymmetric Crypto
> > Service Operation / Decryption: RSA Decryption Operation}
> > +
> > +\begin{lstlisting}
> > +struct virtio_crypto_rsa_dec_para {
> > +    le32 padding_mode;
> > +    le32 reserved;
> > +    struct virtio_crypto_rsa_priv_key priv_key;
> > +};
> > +
> > +struct virtio_crypto_rsa_dec_output {
> > +    struct virtio_crypto_buf cmsg;
> > +}
> > +
> > +struct virtio_crypto_rsa_dec_input {
> > +    le32 status;
> > +    le32 reserved;
> > +
> > +    struct virtio_crypto_buf msg;
> > +};
> > +\end{lstlisting}
> > +
> > +RSA decryption operation request is defined as below:
> > +\begin{lstlisting}
> > +struct virtio_crypto_rsa_dec_req {
> > +    struct virtio_crypto_rsa_dec_para parameter;
> > +    struct virtio_crypto_rsa_dec_output odata;
> > +
> > +    struct virtio_crypto_rsa_dec_input idata;
> > +};
> > +\end{lstlisting}
> > +
> > +\devicenormative{\subparagraph}{RSA Decryption Operation}{Device
> > Types / Crypto Device / Device Operation / Asymmetric Crypto Service
> > Operation / RSA Decryption Operation}
> > +\begin{itemize*}
> > +\item The device SHOULD set the operation results in \field{idata}
> according
> > to the general device requirments for asymmetric crypto service.
> > +\end{itemize*}
> > +
> > +\drivernormative{\subparagraph}{RSA Decryption Operation}{Device
> Types
> > / Crypto Device / Device Operation / Asymmetric Crypto Service Operation
> /
> > RSA Decryption Operation}
> > +\begin{itemize*}
> > +\item The driver SHOULD set the \field{opcode} in
> > \field{virtio_crypto_op_header} to VIRTIO_CRYPTO_ASYM_DECRYPT,
> > +set \field{algo} to VIRTIO_CRYPTO_ASYM_RSA.
> > +\item The driver SHOULD set all fields in \field{parameter} and
> \field{odata}
> > except field \field{reserved}.
> > +\item The driver MUST check the operation result \field{status} in
> > \field{idata} before it operates other fields in \field{idata}.
> > +Only if the operation is successful, the \field{msg} in \field{idata} is
> > operatable.
> > +\end{itemize*}
> > +
> > +\paragraph{Key Generation: RSA Key Generation
> > Operation}\label{sec:Device Types /
> > +Crypto Device / Device Operation / Crypto operation / Asymmetric Crypto
> > Service Operation / Key Generation: RSA Key Generation Operation}
> > +
> > +\begin{lstlisting}
> > +struct virtio_crypto_rsa_keygen_para {
> > +    /* The modules length in bytes */
> > +    le32 modulus_len;
> > +    le32 rsa_prime_number;
> > +    le32 priv_key_rep_type;
> > +    le32 reserved;
> > +
> > +    /* the public exponent */
> > +    struct virtio_crypto_buf e;
> > +};
> > +
> > +struct virtio_crypto_rsa_keygen_input {
> > +    le32 status;
> > +    le32 reserved;
> > +
> > +    struct virtio_crypto_rsa_priv_key priv_key;
> > +    struct virtio_crypto_rsa_pub_key pub_key;
> > +};
> > +\end{lstlisting}
> > +
> > +RSA key-generation operation request is defined as below:
> > +\begin{lstlisting}
> > +struct virtio_crypto_rsa_keygen_req {
> > +    struct virtio_crypto_rsa_keygen_para parameter;
> > +
> > +    struct virtio_crypto_rsa_keygen_input idata;
> > +};
> > +\end{lstlisting}
> > +
> > +\devicenormative{\subparagraph}{RSA Key Generation
> Operation}{Device
> > Types / Crypto Device / Device Operation / Asymmetric Crypto Service
> > Operation / RSA Key Generation Operation}
> > +\begin{itemize*}
> > +\item The device SHOULD set the operation results in \field{idata}
> according
> > to the general device requirments for asymmetric crypto service.
> > +\end{itemize*}
> > +
> > +\drivernormative{\subparagraph}{RSA Key Generation Operation}{Device
> > Types / Crypto Device / Device Operation / Asymmetric Crypto Service
> > Operation / RSA Key Generation Operation}
> > +\begin{itemize*}
> > +\item The driver SHOULD set the \field{opcode} in
> > \field{virtio_crypto_op_header} to VIRTIO_CRYPTO_ASYM_KEY_GEN,
> > +set \field{algo} to VIRTIO_CRYPTO_ASYM_RSA.
> > +\item The driver SHOULD set all fields in \field{parameter} except
> > \field{reserved} field.
> > +\item The driver MUST check the operation result \field{status} in
> > \field{idata} before it operates other fields in \field{idata}.
> > +Only if the operation is successful, the \field{priv_key} and 
> > \field{pub_key}
> > in \field{idata} are operatable.
> > +\end{itemize*}
> > +
> > +\paragraph{Key Generation: DSA Key Generation
> > operation}\label{sec:Device Types /
> > +Crypto Device / Device Operation / Crypto operation / Asymmetric Crypto
> > Service Operation / Key Generation: DSA Key Generation operation}
> > +
> > +\begin{lstlisting}
> > +struct virtio_crypto_dsa_keygen_para {
> > +    le32 modulus_len;
> > +    le32 reserved;
> > +};
> > +
> > +struct virtio_crypto_dsa_keygen_input {
> > +    le32 status;
> > +    le32 reserved;
> > +
> > +    /* DSA Group parameters */
> > +    struct virtio_crypto_dsa_group dsa;
> > +    /* Private key */
> > +    struct virtio_crypto_buf x;
> > +    /* Public key */
> > +    struct virtio_crypto_buf y;
> > +};
> > +\end{lstlisting}
> > +
> > +DSA key-generation operation request is defined as below:
> > +\begin{lstlisting}
> > +struct virtio_crypto_dsa_keygen_req {
> > +    struct virtio_crypto_dsa_keygen_para parameter;
> > +
> > +    struct virtio_crypto_dsa_keygen_input idata;
> > +};
> > +\end{lstlisting}
> > +
> > +\devicenormative{\subparagraph}{DSA Key Generation
> Operation}{Device
> > Types / Crypto Device / Device Operation / Asymmetric Crypto Service
> > Operation / DSA Key Generation Operation}
> > +\begin{itemize*}
> > +\item The device SHOULD set the operation results in \field{idata}
> according
> > to the general device requirments for asymmetric crypto service.
> > +\end{itemize*}
> > +
> > +\drivernormative{\subparagraph}{DSA Key Generation Operation}{Device
> > Types / Crypto Device / Device Operation / Asymmetric Crypto Service
> > Operation / DSA Key Generation Operation}
> > +\begin{itemize*}
> > +\item The driver SHOULD set the \field{opcode} in
> > \field{virtio_crypto_op_header} to VIRTIO_CRYPTO_ASYM_KEY_GEN,
> > +set \field{algo} to VIRTIO_CRYPTO_ASYM_DSA.
> > +\item The driver SHOULD set all fields in \field{parameter} except
> > \field{reserved} field.
> > +\item The driver MUST check the operation result \field{status} in
> > \field{idata} before it operates other fields in \field{idata}.
> > +Only if the operation is successful, the \field{priv_key} and 
> > \field{pub_key}
> > in \field{idata} are operatable.
> > +\end{itemize*}
> > +
> > +\paragraph{Key Generation: EC Key Generation
> > operation}\label{sec:Device Types /
> > +Crypto Device / Device Operation / Crypto operation / Asymmetric Crypto
> > Service Operation / Key Generation: EC Key Generation operation}
> > +
> > +\begin{lstlisting}
> > +struct virtio_crypto_ec_keygen_para {
> > +    /* EC field_type, see VIRTIO_CRYPTO_EC_FIELD_TYPE_* definition */
> > +    le32 field_type;
> > +    le32 reserved;
> > +
> > +    /* EC group parameters */
> > +    struct virtio_crypto_ec_group ec;
> > +};
> > +
> > +struct virtio_crypto_ec_keygen_input {
> > +    le32 status;
> > +    le32 reserved;
> > +
> > +    /* Private key */
> > +    struct virtio_crypto_buf d;
> > +
> > +    /* Public key */
> > +    struct virtio_crypto_buf x;
> > +    struct virtio_crypto_buf y;
> > +};
> > +\end{lstlisting}
> > +
> > +EC key-generation operation request is defined as below:
> > +\begin{lstlisting}
> > +struct virtio_crypto_ec_keygen_req {
> > +    struct virtio_crypto_ec_keygen_para parameter;
> > +
> > +    struct virtio_crypto_ec_keygen_input key;
> > +};
> > +\end{lstlisting}
> > +
> > +\devicenormative{\subparagraph}{EC Key Generation Operation}{Device
> > Types / Crypto Device / Device Operation / Asymmetric Crypto Service
> > Operation / EC Key Generation Operation}
> > +\begin{itemize*}
> > +\item The device SHOULD set the operation results in \field{idata}
> according
> > to the general device requirments for asymmetric crypto service.
> > +\end{itemize*}
> > +
> > +\drivernormative{\subparagraph}{EC Key Generation Operation}{Device
> > Types / Crypto Device / Device Operation / Asymmetric Crypto Service
> > Operation / EC Key Generation Operation}
> > +\begin{itemize*}
> > +\item The driver SHOULD set the \field{opcode} in
> > \field{virtio_crypto_op_header} to VIRTIO_CRYPTO_ASYM_KEY_GEN,
> > +set \field{algo} to VIRTIO_CRYPTO_ASYM_ECDH or
> > VIRTIO_CRYPTO_ASYM_ECDSA.
> > +\item The driver SHOULD set all fields in \field{parameter} except
> > \field{reserved} field.
> > +\item The driver MUST check the operation result \field{status} in
> > \field{idata} before it operates other fields in \field{idata}.
> > +Only if the operation is successful, the other fields in \field{idata} are
> > operatable.
> > +\end{itemize*}
> > +
> > +\paragraph{Key Exchange: Common Structure}\label{sec:Device Types /
> > +Crypto Device / Device Operation / Crypto operation / Asymmetric Crypto
> > Service Operation / Key Exchange: Common Structure}
> > +
> > +Key Exchange request has two kinds of operations in general, key
> > generation and key computation.
> > +For DH, it has additional operation: parameter generation operation.
> > +
> > +\paragraph{Key Exchange: DH Parameter Generation
> > Operation}\label{sec:Device Types /
> > +Crypto Device / Device Operation / Crypto operation / Asymmetric Crypto
> > Service Operation / Key Exchange: DH Parameter Generation Operation}
> > +
> > +\begin{lstlisting}
> > +struct virtio_crypto_dh_parameter {
> > +    le32 modules_len;
> > +    le32 reserved;
> > +
> > +    /* random odd prime number */
> > +    struct virtio_crypto_buf p;
> > +    /* base (g) */
> > +    struct virtio_crypto_buf g;
> > +};
> > +
> > +#define VIRTIO_CRYPTO_KEY_EXCHANGE_GEN_KEY 0
> > +#define VIRTIO_CRYPTO_KEY_EXCHANGE_COMPUTE_KEY 1
> > +/* It's only valid in case algorithm is DH */
> > +#define VIRTIO_CRYPTO_KEY_EXCHANGE_GEN_DH_PARAM 2
> > +
> > +struct virtio_crypto_dh_keyexchg_para {
> > +    /*
> > +    * The sub-operation in key exchange,
> > +    * see VIRTIO_CRYPTO_KEY_EXCHANGE_ definition
> > +    */
> > +    le32 keyexchg_op;
> > +    le32 reserved;
> > +
> > +    struct virtio_crypto_dh_parameter dh_param;
> > +};
> > +
> > +struct virtio_crypto_dh_keyexchg_param_gen_input {
> > +    le32 status;
> > +    le32 reserved;
> > +};
> > +\end{lstlisting}
> > +
> > +DH Parameter Generation Operation in Key-Exchange is defined as below:
> > +\begin{lstlisting}
> > +struct virtio_crypto_dh_keyexchg_param_gen_req {
> > +    struct virtio_crypto_dh_keyexchg_para parameter;
> > +
> > +    struct virtio_crypto_dh_keyexchg_param_gen_input idata;
> > +};
> > +\end{lstlisting}
> > +
> > +\devicenormative{\subparagraph}{Key Exchange: DH Parameter
> > Generation Operation}{Device Types / Crypto Device / Device Operation /
> > +Asymmetric Crypto Service Operation / Key Exchange: DH Parameter
> > Generation Operation}
> > +\begin{itemize*}
> > +\item The device SHOULD set the operation result in \field{idata}, and set
> > \field{p} and \field{g} in \field{dh_param}.
> > +\end{itemize*}
> > +
> > +\drivernormative{\subparagraph}{Key Exchange: DH Parameter
> Generation
> > Operation}{Device Types / Crypto Device / Device Operation /
> > +Asymmetric Crypto Service Operation / Key Exchange: DH Parameter
> > Generation Operation}
> > +\begin{itemize*}
> > +\item The driver SHOULD set the \field{opcode} in
> > \field{virtio_crypto_op_header} to VIRTIO_CRYPTO_ASYM_KEY_EXCHG,
> > +set \field{algo} to VIRTIO_CRYPTO_ASYM_DH.
> > +\item The driver SHOULD set the \field{keyexchg_op} to
> > VIRTIO_CRYPTO_KEY_EXCHANGE_GEN_DH_PARAM in \field{parameter}.
> > +\item The driver SHOULD set \field{modules_len} in \field{dh_param}.
> > +\item The driver MUST check the operation result \field{status} in
> > \field{idata} firstly.
> > +Only if the operation is successful, the other fields in \field{idata} are
> > operatable.
> > +\end{itemize*}
> > +
> > +\paragraph{Key Exchange: DH Key Generation
> Operation}\label{sec:Device
> > Types /
> > +Crypto Device / Device Operation / Crypto operation / Asymmetric Crypto
> > Service Operation / Key Exchange: DH Key Generation Operation}
> > +
> > +\begin{lstlisting}
> > +struct virtio_crypto_dh_keyexchg_keygen_input {
> > +    le32 status;
> > +    le32 reserved;
> > +
> > +    /* private key */
> > +    struct virtio_crypto_buf x;
> > +    /* public key */
> > +    struct virtio_crypto_buf y;
> > +};
> > +\end{lstlisting}
> > +
> > +DH Key Generation Operation in Key-Exchange is defined as below:
> > +\begin{lstlisting}
> > +struct virtio_crypto_dh_keyexchg_key_gen_req {
> > +    struct virtio_crypto_dh_keyexchg_para parameter;
> > +
> > +    struct virtio_crypto_dh_key_exchg_keygen_input idata;
> > +};
> > +\end{lstlisting}
> > +
> > +\devicenormative{\subparagraph}{Key Exchange: DH Key Generation
> > Operation}{Device Types / Crypto Device / Device Operation /
> > +Asymmetric Crypto Service Operation / Key Exchange: DH Key Generation
> > Operation}
> > +\begin{itemize*}
> > +\item The device SHOULD set the operation results in \field{idata}
> according
> > to the general device requirments for asymmetric crypto service.
> > +\end{itemize*}
> > +
> > +\drivernormative{\subparagraph}{Key Exchange: DH Key Generation
> > Operation}{Device Types / Crypto Device / Device Operation /
> > +Asymmetric Crypto Service Operation / Key Exchange: DH Key Generation
> > Operation}
> > +\begin{itemize*}
> > +\item The driver SHOULD set the \field{opcode} in
> > \field{virtio_crypto_op_header} to VIRTIO_CRYPTO_ASYM_KEY_EXCHG,
> > +set \field{algo} to VIRTIO_CRYPTO_ASYM_DH.
> > +\item The driver SHOULD set the \field{keyexchg_op} to
> > VIRTIO_CRYPTO_KEY_EXCHANGE_GEN_KEY in \field{parameter}.
> > +\item The driver SHOULD set all other fields in \field{parameter} except
> > field \field{reserved}.
> > +\item The driver MUST check the operation result \field{status} in
> > \field{idata} firstly.
> > +Only if the operation is successful, the other fields in \field{idata} are
> > operatable.
> > +\end{itemize*}
> > +
> > +\paragraph{Key Exchange: DH Key Computation
> > Operation}\label{sec:Device Types /
> > +Crypto Device / Device Operation / Crypto operation / Asymmetric Crypto
> > Service Operation / Key Exchange: DH Key Computation Operation}
> > +
> > +\begin{lstlisting}
> > +struct virtio_crypto_dh_keyexchg_compute_key_output {
> > +    /* local private key */
> > +    struct virtio_crypto_buf x;
> > +    /* peer's public key */
> > +    struct virtio_crypto_buf y;
> > +};
> > +
> > +struct virtio_crypto_dh_keyexchg_compute_key_input {
> > +    le32 status;
> > +    le32 reserved;
> > +
> > +    struct virtio_crypto_buf shared_secret;
> > +};
> > +\end{lstlisting}
> > +
> > +DH Key Computation Operation in Key-Exchange is defined as below:
> > +\begin{lstlisting}
> > +struct virtio_crypto_dh_keyexchg_key_compute_req {
> > +    struct virtio_crypto_dh_keyexchg_para parameter;
> > +    struct virtio_crypto_dh_keyexchg_compute_key_output odata;
> > +
> > +    struct virtio_crypto_dh_keyexchg_compute_key_input idata;
> > +};
> > +\end{lstlisting}
> > +
> > +\devicenormative{\subparagraph}{Key Exchange: DH Key Computation
> > Operation}{Device Types / Crypto Device / Device Operation /
> > +Asymmetric Crypto Service Operation / Key Exchange: DH Key
> Computation
> > Operation}
> > +\begin{itemize*}
> > +\item The device SHOULD set the operation results in \field{idata}
> according
> > to the general device requirments for asymmetric crypto service.
> > +\end{itemize*}
> > +
> > +\drivernormative{\subparagraph}{Key Exchange: DH Key Computation
> > Operation}{Device Types / Crypto Device / Device Operation /
> > +Asymmetric Crypto Service Operation / Key Exchange: DH Key
> Computation
> > Operation}
> > +\begin{itemize*}
> > +\item The driver SHOULD set the \field{opcode} in
> > \field{virtio_crypto_op_header} to VIRTIO_CRYPTO_ASYM_KEY_EXCHG,
> > +set \field{algo} to VIRTIO_CRYPTO_ASYM_DH.
> > +\item The driver SHOULD set the \field{keyexchg_op} to
> > VIRTIO_CRYPTO_KEY_EXCHANGE_COMPUTE_KEY in \field{parameter}.
> > +\item The driver SHOULD set all other fields in \field{parameter} except
> > field \field{reserved}.
> > +\item The driver SHOULD set all fields in \field{odata} except field
> > \field{reserved}.
> > +\item The driver MUST check the operation result \field{status} in
> > \field{idata} firstly.
> > +Only if the operation is successful, the other fields in \field{idata} are
> > operatable.
> > +\end{itemize*}
> > +
> > +\paragraph{Key Exchange: ECDH Key Generation
> > Operation}\label{sec:Device Types /
> > +Crypto Device / Device Operation / Crypto operation / Asymmetric Crypto
> > Service Operation / Key Exchange: ECDH Key Generation Operation}
> > +
> > +\begin{lstlisting}
> > +struct virtio_crypto_ecdh_keyexchg_keygen_para {
> > +    /*
> > +    * The sub-operation in key exchange,
> > +    * see VIRTIO_CRYPTO_KEY_EXCHANGE_ definition
> > +    */
> > +    le32 keyexchg_op;
> > +    le32 reserved;
> > +
> > +    struct virtio_crypto_ec_keygen_para parameter;
> > +};
> > +\end{lstlisting}
> > +
> > +ECDH Key Generation Operation in Key-Exchange is defined as below:
> > +\begin{lstlisting}
> > +struct virtio_crypto_ecdh_keyexchg_key_gen_req {
> > +    struct virtio_crypto_ecdh_keyexchg_keygen_para parameter;
> > +
> > +    struct virtio_crypto_ec_keygen_input idata;
> > +};
> > +\end{lstlisting}
> > +
> > +\devicenormative{\subparagraph}{Key Exchange: ECDH Key Generation
> > Operation}{Device Types / Crypto Device / Device Operation /
> > +Asymmetric Crypto Service Operation / Key Exchange: ECDH Key
> > Generation Operation}
> > +\begin{itemize*}
> > +\item The device SHOULD set the operation results in \field{idata}
> according
> > to the general device requirments for asymmetric crypto service.
> > +\end{itemize*}
> > +
> > +\drivernormative{\subparagraph}{Key Exchange: ECDH Key Generation
> > Operation}{Device Types / Crypto Device / Device Operation /
> > +Asymmetric Crypto Service Operation / Key Exchange: ECDH Key
> > Generation Operation}
> > +\begin{itemize*}
> > +\item The driver SHOULD set the \field{opcode} in
> > \field{virtio_crypto_op_header} to VIRTIO_CRYPTO_ASYM_KEY_EXCHG,
> > +set \field{algo} to VIRTIO_CRYPTO_ASYM_ECDH.
> > +\item The driver SHOULD set the \field{keyexchg_op} to
> > VIRTIO_CRYPTO_KEY_EXCHANGE_GEN_KEY in \field{parameter}.
> > +\item The driver SHOULD set all other fields in \field{parameter} except
> > field \field{reserved}.
> > +\item The driver MUST check the operation result \field{status} in
> > \field{idata} firstly.
> > +Only if the operation is successful, the other fields in \field{idata} are
> > operatable.
> > +\end{itemize*}
> > +
> > +\paragraph{Key Exchange: ECDH Key Computation
> > Operation}\label{sec:Device Types /
> > +Crypto Device / Device Operation / Crypto operation / Asymmetric Crypto
> > Service Operation / Key Exchange: ECDH Key Computation Operation}
> > +
> > +\begin{lstlisting}
> > +struct virtio_crypto_ecdh_keyexchg_compute_key_para {
> > +    /*
> > +    * The sub-operation in key exchange,
> > +    * see VIRTIO_CRYPTO_KEY_EXCHANGE_ definition
> > +    */
> > +    le32 keyexchg_op;
> > +    le32 reserved;
> > +
> > +    struct virtio_crypto_ec_keygen_para parameter;
> > +};
> > +
> > +struct virtio_crypto_ecdh_keyexchg_compute_key_output {
> > +    /* local private key */
> > +    struct virtio_crypto_buf d;
> > +
> > +    /* peer's public key */
> > +    struct virtio_crypto_buf x;
> > +    struct virtio_crypto_buf y;
> > +};
> > +
> > +struct virtio_crypto_ecdh_keyexchg_compute_key_input {
> > +    le32 status;
> > +    le32 reserved;
> > +
> > +    struct virtio_crypto_buf shared_secret;
> > +};
> > +\end{lstlisting}
> > +
> > +ECDH Key Computation Operation in Key-Exchange is defined as below:
> > +\begin{lstlisting}
> > +struct virtio_crypto_ecdh_keyexchg_key_compute_req {
> > +    struct virtio_crypto_ecdh_keyexchg_compute_key_para parameter;
> > +    struct virtio_crypto_ecdh_keyexchg_compute_key_output odata;
> > +
> > +    struct virtio_crypto_ecdh_keyexchg_compute_key_input idata;
> > +};
> > +\end{lstlisting}
> > +
> > +\devicenormative{\subparagraph}{Key Exchange: ECDH Key Computation
> > Operation}{Device Types / Crypto Device / Device Operation /
> > +Asymmetric Crypto Service Operation / Key Exchange: ECDH Key
> > Computation Operation}
> > +\begin{itemize*}
> > +\item The device SHOULD set the operation results in \field{idata}
> according
> > to the general device requirments for asymmetric crypto service.
> > +\end{itemize*}
> > +
> > +\drivernormative{\subparagraph}{Key Exchange: ECDH Key Computation
> > Operation}{Device Types / Crypto Device / Device Operation /
> > +Asymmetric Crypto Service Operation / Key Exchange: ECDH Key
> > Computation Operation}
> > +\begin{itemize*}
> > +\item The driver SHOULD set the \field{opcode} in
> > \field{virtio_crypto_op_header} to VIRTIO_CRYPTO_ASYM_KEY_EXCHG,
> > +set \field{algo} to VIRTIO_CRYPTO_ASYM_ECDH.
> > +\item The driver SHOULD set the \field{keyexchg_op} to
> > VIRTIO_CRYPTO_KEY_EXCHANGE_GEN_KEY in \field{parameter}.
> > +\item The driver SHOULD set all other fields in \field{parameter} except
> > field \field{reserved}.
> > +\item The driver MUST check the operation result \field{status} in
> > \field{idata} firstly.
> > +Only if the operation is successful, the other fields in \field{idata} are
> > operatable.
> > +\end{itemize*}
> > --
> > 1.9.3
> 
> 
> 
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: address@hidden
> For additional commands, e-mail: address@hidden




reply via email to

[Prev in Thread] Current Thread [Next in Thread]