virtio_crypto.h (14143B)
1#ifndef _VIRTIO_CRYPTO_H 2#define _VIRTIO_CRYPTO_H 3/* This header is BSD licensed so anyone can use the definitions to implement 4 * compatible drivers/servers. 5 * 6 * Redistribution and use in source and binary forms, with or without 7 * modification, are permitted provided that the following conditions 8 * are met: 9 * 1. Redistributions of source code must retain the above copyright 10 * notice, this list of conditions and the following disclaimer. 11 * 2. Redistributions in binary form must reproduce the above copyright 12 * notice, this list of conditions and the following disclaimer in the 13 * documentation and/or other materials provided with the distribution. 14 * 3. Neither the name of IBM nor the names of its contributors 15 * may be used to endorse or promote products derived from this software 16 * without specific prior written permission. 17 * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS 18 * ``AS IS'' AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT 19 * LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS 20 * FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL IBM OR 21 * CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, 22 * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT 23 * LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF 24 * USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND 25 * ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, 26 * OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT 27 * OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF 28 * SUCH DAMAGE. 29 */ 30#include "standard-headers/linux/types.h" 31#include "standard-headers/linux/virtio_types.h" 32#include "standard-headers/linux/virtio_ids.h" 33#include "standard-headers/linux/virtio_config.h" 34 35 36#define VIRTIO_CRYPTO_SERVICE_CIPHER 0 37#define VIRTIO_CRYPTO_SERVICE_HASH 1 38#define VIRTIO_CRYPTO_SERVICE_MAC 2 39#define VIRTIO_CRYPTO_SERVICE_AEAD 3 40 41#define VIRTIO_CRYPTO_OPCODE(service, op) (((service) << 8) | (op)) 42 43struct virtio_crypto_ctrl_header { 44#define VIRTIO_CRYPTO_CIPHER_CREATE_SESSION \ 45 VIRTIO_CRYPTO_OPCODE(VIRTIO_CRYPTO_SERVICE_CIPHER, 0x02) 46#define VIRTIO_CRYPTO_CIPHER_DESTROY_SESSION \ 47 VIRTIO_CRYPTO_OPCODE(VIRTIO_CRYPTO_SERVICE_CIPHER, 0x03) 48#define VIRTIO_CRYPTO_HASH_CREATE_SESSION \ 49 VIRTIO_CRYPTO_OPCODE(VIRTIO_CRYPTO_SERVICE_HASH, 0x02) 50#define VIRTIO_CRYPTO_HASH_DESTROY_SESSION \ 51 VIRTIO_CRYPTO_OPCODE(VIRTIO_CRYPTO_SERVICE_HASH, 0x03) 52#define VIRTIO_CRYPTO_MAC_CREATE_SESSION \ 53 VIRTIO_CRYPTO_OPCODE(VIRTIO_CRYPTO_SERVICE_MAC, 0x02) 54#define VIRTIO_CRYPTO_MAC_DESTROY_SESSION \ 55 VIRTIO_CRYPTO_OPCODE(VIRTIO_CRYPTO_SERVICE_MAC, 0x03) 56#define VIRTIO_CRYPTO_AEAD_CREATE_SESSION \ 57 VIRTIO_CRYPTO_OPCODE(VIRTIO_CRYPTO_SERVICE_AEAD, 0x02) 58#define VIRTIO_CRYPTO_AEAD_DESTROY_SESSION \ 59 VIRTIO_CRYPTO_OPCODE(VIRTIO_CRYPTO_SERVICE_AEAD, 0x03) 60 uint32_t opcode; 61 uint32_t algo; 62 uint32_t flag; 63 /* data virtqueue id */ 64 uint32_t queue_id; 65}; 66 67struct virtio_crypto_cipher_session_para { 68#define VIRTIO_CRYPTO_NO_CIPHER 0 69#define VIRTIO_CRYPTO_CIPHER_ARC4 1 70#define VIRTIO_CRYPTO_CIPHER_AES_ECB 2 71#define VIRTIO_CRYPTO_CIPHER_AES_CBC 3 72#define VIRTIO_CRYPTO_CIPHER_AES_CTR 4 73#define VIRTIO_CRYPTO_CIPHER_DES_ECB 5 74#define VIRTIO_CRYPTO_CIPHER_DES_CBC 6 75#define VIRTIO_CRYPTO_CIPHER_3DES_ECB 7 76#define VIRTIO_CRYPTO_CIPHER_3DES_CBC 8 77#define VIRTIO_CRYPTO_CIPHER_3DES_CTR 9 78#define VIRTIO_CRYPTO_CIPHER_KASUMI_F8 10 79#define VIRTIO_CRYPTO_CIPHER_SNOW3G_UEA2 11 80#define VIRTIO_CRYPTO_CIPHER_AES_F8 12 81#define VIRTIO_CRYPTO_CIPHER_AES_XTS 13 82#define VIRTIO_CRYPTO_CIPHER_ZUC_EEA3 14 83 uint32_t algo; 84 /* length of key */ 85 uint32_t keylen; 86 87#define VIRTIO_CRYPTO_OP_ENCRYPT 1 88#define VIRTIO_CRYPTO_OP_DECRYPT 2 89 /* encrypt or decrypt */ 90 uint32_t op; 91 uint32_t padding; 92}; 93 94struct virtio_crypto_session_input { 95 /* Device-writable part */ 96 uint64_t session_id; 97 uint32_t status; 98 uint32_t padding; 99}; 100 101struct virtio_crypto_cipher_session_req { 102 struct virtio_crypto_cipher_session_para para; 103 uint8_t padding[32]; 104}; 105 106struct virtio_crypto_hash_session_para { 107#define VIRTIO_CRYPTO_NO_HASH 0 108#define VIRTIO_CRYPTO_HASH_MD5 1 109#define VIRTIO_CRYPTO_HASH_SHA1 2 110#define VIRTIO_CRYPTO_HASH_SHA_224 3 111#define VIRTIO_CRYPTO_HASH_SHA_256 4 112#define VIRTIO_CRYPTO_HASH_SHA_384 5 113#define VIRTIO_CRYPTO_HASH_SHA_512 6 114#define VIRTIO_CRYPTO_HASH_SHA3_224 7 115#define VIRTIO_CRYPTO_HASH_SHA3_256 8 116#define VIRTIO_CRYPTO_HASH_SHA3_384 9 117#define VIRTIO_CRYPTO_HASH_SHA3_512 10 118#define VIRTIO_CRYPTO_HASH_SHA3_SHAKE128 11 119#define VIRTIO_CRYPTO_HASH_SHA3_SHAKE256 12 120 uint32_t algo; 121 /* hash result length */ 122 uint32_t hash_result_len; 123 uint8_t padding[8]; 124}; 125 126struct virtio_crypto_hash_create_session_req { 127 struct virtio_crypto_hash_session_para para; 128 uint8_t padding[40]; 129}; 130 131struct virtio_crypto_mac_session_para { 132#define VIRTIO_CRYPTO_NO_MAC 0 133#define VIRTIO_CRYPTO_MAC_HMAC_MD5 1 134#define VIRTIO_CRYPTO_MAC_HMAC_SHA1 2 135#define VIRTIO_CRYPTO_MAC_HMAC_SHA_224 3 136#define VIRTIO_CRYPTO_MAC_HMAC_SHA_256 4 137#define VIRTIO_CRYPTO_MAC_HMAC_SHA_384 5 138#define VIRTIO_CRYPTO_MAC_HMAC_SHA_512 6 139#define VIRTIO_CRYPTO_MAC_CMAC_3DES 25 140#define VIRTIO_CRYPTO_MAC_CMAC_AES 26 141#define VIRTIO_CRYPTO_MAC_KASUMI_F9 27 142#define VIRTIO_CRYPTO_MAC_SNOW3G_UIA2 28 143#define VIRTIO_CRYPTO_MAC_GMAC_AES 41 144#define VIRTIO_CRYPTO_MAC_GMAC_TWOFISH 42 145#define VIRTIO_CRYPTO_MAC_CBCMAC_AES 49 146#define VIRTIO_CRYPTO_MAC_CBCMAC_KASUMI_F9 50 147#define VIRTIO_CRYPTO_MAC_XCBC_AES 53 148 uint32_t algo; 149 /* hash result length */ 150 uint32_t hash_result_len; 151 /* length of authenticated key */ 152 uint32_t auth_key_len; 153 uint32_t padding; 154}; 155 156struct virtio_crypto_mac_create_session_req { 157 struct virtio_crypto_mac_session_para para; 158 uint8_t padding[40]; 159}; 160 161struct virtio_crypto_aead_session_para { 162#define VIRTIO_CRYPTO_NO_AEAD 0 163#define VIRTIO_CRYPTO_AEAD_GCM 1 164#define VIRTIO_CRYPTO_AEAD_CCM 2 165#define VIRTIO_CRYPTO_AEAD_CHACHA20_POLY1305 3 166 uint32_t algo; 167 /* length of key */ 168 uint32_t key_len; 169 /* hash result length */ 170 uint32_t hash_result_len; 171 /* length of the additional authenticated data (AAD) in bytes */ 172 uint32_t aad_len; 173 /* encrypt or decrypt, See above VIRTIO_CRYPTO_OP_* */ 174 uint32_t op; 175 uint32_t padding; 176}; 177 178struct virtio_crypto_aead_create_session_req { 179 struct virtio_crypto_aead_session_para para; 180 uint8_t padding[32]; 181}; 182 183struct virtio_crypto_alg_chain_session_para { 184#define VIRTIO_CRYPTO_SYM_ALG_CHAIN_ORDER_HASH_THEN_CIPHER 1 185#define VIRTIO_CRYPTO_SYM_ALG_CHAIN_ORDER_CIPHER_THEN_HASH 2 186 uint32_t alg_chain_order; 187/* Plain hash */ 188#define VIRTIO_CRYPTO_SYM_HASH_MODE_PLAIN 1 189/* Authenticated hash (mac) */ 190#define VIRTIO_CRYPTO_SYM_HASH_MODE_AUTH 2 191/* Nested hash */ 192#define VIRTIO_CRYPTO_SYM_HASH_MODE_NESTED 3 193 uint32_t hash_mode; 194 struct virtio_crypto_cipher_session_para cipher_param; 195 union { 196 struct virtio_crypto_hash_session_para hash_param; 197 struct virtio_crypto_mac_session_para mac_param; 198 uint8_t padding[16]; 199 } u; 200 /* length of the additional authenticated data (AAD) in bytes */ 201 uint32_t aad_len; 202 uint32_t padding; 203}; 204 205struct virtio_crypto_alg_chain_session_req { 206 struct virtio_crypto_alg_chain_session_para para; 207}; 208 209struct virtio_crypto_sym_create_session_req { 210 union { 211 struct virtio_crypto_cipher_session_req cipher; 212 struct virtio_crypto_alg_chain_session_req chain; 213 uint8_t padding[48]; 214 } u; 215 216 /* Device-readable part */ 217 218/* No operation */ 219#define VIRTIO_CRYPTO_SYM_OP_NONE 0 220/* Cipher only operation on the data */ 221#define VIRTIO_CRYPTO_SYM_OP_CIPHER 1 222/* 223 * Chain any cipher with any hash or mac operation. The order 224 * depends on the value of alg_chain_order param 225 */ 226#define VIRTIO_CRYPTO_SYM_OP_ALGORITHM_CHAINING 2 227 uint32_t op_type; 228 uint32_t padding; 229}; 230 231struct virtio_crypto_destroy_session_req { 232 /* Device-readable part */ 233 uint64_t session_id; 234 uint8_t padding[48]; 235}; 236 237/* The request of the control virtqueue's packet */ 238struct virtio_crypto_op_ctrl_req { 239 struct virtio_crypto_ctrl_header header; 240 241 union { 242 struct virtio_crypto_sym_create_session_req 243 sym_create_session; 244 struct virtio_crypto_hash_create_session_req 245 hash_create_session; 246 struct virtio_crypto_mac_create_session_req 247 mac_create_session; 248 struct virtio_crypto_aead_create_session_req 249 aead_create_session; 250 struct virtio_crypto_destroy_session_req 251 destroy_session; 252 uint8_t padding[56]; 253 } u; 254}; 255 256struct virtio_crypto_op_header { 257#define VIRTIO_CRYPTO_CIPHER_ENCRYPT \ 258 VIRTIO_CRYPTO_OPCODE(VIRTIO_CRYPTO_SERVICE_CIPHER, 0x00) 259#define VIRTIO_CRYPTO_CIPHER_DECRYPT \ 260 VIRTIO_CRYPTO_OPCODE(VIRTIO_CRYPTO_SERVICE_CIPHER, 0x01) 261#define VIRTIO_CRYPTO_HASH \ 262 VIRTIO_CRYPTO_OPCODE(VIRTIO_CRYPTO_SERVICE_HASH, 0x00) 263#define VIRTIO_CRYPTO_MAC \ 264 VIRTIO_CRYPTO_OPCODE(VIRTIO_CRYPTO_SERVICE_MAC, 0x00) 265#define VIRTIO_CRYPTO_AEAD_ENCRYPT \ 266 VIRTIO_CRYPTO_OPCODE(VIRTIO_CRYPTO_SERVICE_AEAD, 0x00) 267#define VIRTIO_CRYPTO_AEAD_DECRYPT \ 268 VIRTIO_CRYPTO_OPCODE(VIRTIO_CRYPTO_SERVICE_AEAD, 0x01) 269 uint32_t opcode; 270 /* algo should be service-specific algorithms */ 271 uint32_t algo; 272 /* session_id should be service-specific algorithms */ 273 uint64_t session_id; 274 /* control flag to control the request */ 275 uint32_t flag; 276 uint32_t padding; 277}; 278 279struct virtio_crypto_cipher_para { 280 /* 281 * Byte Length of valid IV/Counter 282 * 283 * For block ciphers in CBC or F8 mode, or for Kasumi in F8 mode, or for 284 * SNOW3G in UEA2 mode, this is the length of the IV (which 285 * must be the same as the block length of the cipher). 286 * For block ciphers in CTR mode, this is the length of the counter 287 * (which must be the same as the block length of the cipher). 288 * For AES-XTS, this is the 128bit tweak, i, from IEEE Std 1619-2007. 289 * 290 * The IV/Counter will be updated after every partial cryptographic 291 * operation. 292 */ 293 uint32_t iv_len; 294 /* length of source data */ 295 uint32_t src_data_len; 296 /* length of dst data */ 297 uint32_t dst_data_len; 298 uint32_t padding; 299}; 300 301struct virtio_crypto_hash_para { 302 /* length of source data */ 303 uint32_t src_data_len; 304 /* hash result length */ 305 uint32_t hash_result_len; 306}; 307 308struct virtio_crypto_mac_para { 309 struct virtio_crypto_hash_para hash; 310}; 311 312struct virtio_crypto_aead_para { 313 /* 314 * Byte Length of valid IV data pointed to by the below iv_addr 315 * parameter. 316 * 317 * For GCM mode, this is either 12 (for 96-bit IVs) or 16, in which 318 * case iv_addr points to J0. 319 * For CCM mode, this is the length of the nonce, which can be in the 320 * range 7 to 13 inclusive. 321 */ 322 uint32_t iv_len; 323 /* length of additional auth data */ 324 uint32_t aad_len; 325 /* length of source data */ 326 uint32_t src_data_len; 327 /* length of dst data */ 328 uint32_t dst_data_len; 329}; 330 331struct virtio_crypto_cipher_data_req { 332 /* Device-readable part */ 333 struct virtio_crypto_cipher_para para; 334 uint8_t padding[24]; 335}; 336 337struct virtio_crypto_hash_data_req { 338 /* Device-readable part */ 339 struct virtio_crypto_hash_para para; 340 uint8_t padding[40]; 341}; 342 343struct virtio_crypto_mac_data_req { 344 /* Device-readable part */ 345 struct virtio_crypto_mac_para para; 346 uint8_t padding[40]; 347}; 348 349struct virtio_crypto_alg_chain_data_para { 350 uint32_t iv_len; 351 /* Length of source data */ 352 uint32_t src_data_len; 353 /* Length of destination data */ 354 uint32_t dst_data_len; 355 /* Starting point for cipher processing in source data */ 356 uint32_t cipher_start_src_offset; 357 /* Length of the source data that the cipher will be computed on */ 358 uint32_t len_to_cipher; 359 /* Starting point for hash processing in source data */ 360 uint32_t hash_start_src_offset; 361 /* Length of the source data that the hash will be computed on */ 362 uint32_t len_to_hash; 363 /* Length of the additional auth data */ 364 uint32_t aad_len; 365 /* Length of the hash result */ 366 uint32_t hash_result_len; 367 uint32_t reserved; 368}; 369 370struct virtio_crypto_alg_chain_data_req { 371 /* Device-readable part */ 372 struct virtio_crypto_alg_chain_data_para para; 373}; 374 375struct virtio_crypto_sym_data_req { 376 union { 377 struct virtio_crypto_cipher_data_req cipher; 378 struct virtio_crypto_alg_chain_data_req chain; 379 uint8_t padding[40]; 380 } u; 381 382 /* See above VIRTIO_CRYPTO_SYM_OP_* */ 383 uint32_t op_type; 384 uint32_t padding; 385}; 386 387struct virtio_crypto_aead_data_req { 388 /* Device-readable part */ 389 struct virtio_crypto_aead_para para; 390 uint8_t padding[32]; 391}; 392 393/* The request of the data virtqueue's packet */ 394struct virtio_crypto_op_data_req { 395 struct virtio_crypto_op_header header; 396 397 union { 398 struct virtio_crypto_sym_data_req sym_req; 399 struct virtio_crypto_hash_data_req hash_req; 400 struct virtio_crypto_mac_data_req mac_req; 401 struct virtio_crypto_aead_data_req aead_req; 402 uint8_t padding[48]; 403 } u; 404}; 405 406#define VIRTIO_CRYPTO_OK 0 407#define VIRTIO_CRYPTO_ERR 1 408#define VIRTIO_CRYPTO_BADMSG 2 409#define VIRTIO_CRYPTO_NOTSUPP 3 410#define VIRTIO_CRYPTO_INVSESS 4 /* Invalid session id */ 411 412/* The accelerator hardware is ready */ 413#define VIRTIO_CRYPTO_S_HW_READY (1 << 0) 414 415struct virtio_crypto_config { 416 /* See VIRTIO_CRYPTO_OP_* above */ 417 uint32_t status; 418 419 /* 420 * Maximum number of data queue 421 */ 422 uint32_t max_dataqueues; 423 424 /* 425 * Specifies the services mask which the device support, 426 * see VIRTIO_CRYPTO_SERVICE_* above 427 */ 428 uint32_t crypto_services; 429 430 /* Detailed algorithms mask */ 431 uint32_t cipher_algo_l; 432 uint32_t cipher_algo_h; 433 uint32_t hash_algo; 434 uint32_t mac_algo_l; 435 uint32_t mac_algo_h; 436 uint32_t aead_algo; 437 /* Maximum length of cipher key */ 438 uint32_t max_cipher_key_len; 439 /* Maximum length of authenticated key */ 440 uint32_t max_auth_key_len; 441 uint32_t reserve; 442 /* Maximum size of each crypto request's content */ 443 uint64_t max_size; 444}; 445 446struct virtio_crypto_inhdr { 447 /* See VIRTIO_CRYPTO_* above */ 448 uint8_t status; 449}; 450#endif