From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from vger.kernel.org (vger.kernel.org [23.128.96.18]) by smtp.lore.kernel.org (Postfix) with ESMTP id 29CCDC433EF for ; Wed, 23 Mar 2022 15:38:36 +0000 (UTC) Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S237933AbiCWPkD (ORCPT ); Wed, 23 Mar 2022 11:40:03 -0400 Received: from lindbergh.monkeyblade.net ([23.128.96.19]:51004 "EHLO lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S238063AbiCWPkC (ORCPT ); Wed, 23 Mar 2022 11:40:02 -0400 Received: from us-smtp-delivery-124.mimecast.com (us-smtp-delivery-124.mimecast.com [170.10.129.124]) by lindbergh.monkeyblade.net (Postfix) with ESMTP id 92F7AB87F for ; Wed, 23 Mar 2022 08:38:32 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=redhat.com; s=mimecast20190719; t=1648049911; h=from:from:reply-to:reply-to:subject:subject:date:date: message-id:message-id:to:to:cc:cc:mime-version:mime-version: content-type:content-type:in-reply-to:in-reply-to: references:references; bh=52OyT4hNZgnDakpoSYVZAqnZ+3Oak7O7fHORDYjy2eA=; b=bI/hO3vmx6kdRaJ+tj4BCs3350N5CVVq8nLdEkXfyjKjAjS4xIx+DgQeahrb0fYJkBEAfz LvTmiuhMlYZ5DUz6jGMcVIE9+rEwTMLDnypFvxqKMhOcQyN6YcNB5vPGqPw1Y84UQ9WDTO IKm35xu0Kf0VYjczglEhdFMvZY5wJ/Q= Received: from mimecast-mx02.redhat.com (mx3-rdu2.redhat.com [66.187.233.73]) by relay.mimecast.com with ESMTP with STARTTLS (version=TLSv1.2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id us-mta-39-spB1Q2qaM_GCIH9FixBKRw-1; Wed, 23 Mar 2022 11:38:26 -0400 X-MC-Unique: spB1Q2qaM_GCIH9FixBKRw-1 Received: from smtp.corp.redhat.com (int-mx07.intmail.prod.int.rdu2.redhat.com [10.11.54.7]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by mimecast-mx02.redhat.com (Postfix) with ESMTPS id BCBAE2800F6B; Wed, 23 Mar 2022 15:38:25 +0000 (UTC) Received: from redhat.com (unknown [10.33.36.123]) by smtp.corp.redhat.com (Postfix) with ESMTPS id 299AD140241B; Wed, 23 Mar 2022 15:38:24 +0000 (UTC) Date: Wed, 23 Mar 2022 15:38:21 +0000 From: Daniel =?utf-8?B?UC4gQmVycmFuZ8Op?= To: zhenwei pi Cc: arei.gonglei@huawei.com, mst@redhat.com, herbert@gondor.apana.org.au, jasowang@redhat.com, qemu-devel@nongnu.org, virtualization@lists.linux-foundation.org, linux-crypto@vger.kernel.org, lei he Subject: Re: [PATCH v3 1/6] virtio-crypto: header update Message-ID: Reply-To: Daniel =?utf-8?B?UC4gQmVycmFuZ8Op?= References: <20220323024912.249789-1-pizhenwei@bytedance.com> <20220323024912.249789-2-pizhenwei@bytedance.com> MIME-Version: 1.0 Content-Type: text/plain; charset=utf-8 Content-Disposition: inline In-Reply-To: <20220323024912.249789-2-pizhenwei@bytedance.com> User-Agent: Mutt/2.1.5 (2021-12-30) X-Scanned-By: MIMEDefang 2.85 on 10.11.54.7 Precedence: bulk List-ID: X-Mailing-List: linux-crypto@vger.kernel.org On Wed, Mar 23, 2022 at 10:49:07AM +0800, zhenwei pi wrote: > Update header from linux, support akcipher service. I'm assuming this is updated for *non-merged* Linux headers, since I don't see these changes present in current linux.git > > Reviewed-by: Gonglei > Signed-off-by: lei he > Signed-off-by: zhenwei pi > --- > .../standard-headers/linux/virtio_crypto.h | 82 ++++++++++++++++++- > 1 file changed, 81 insertions(+), 1 deletion(-) > > diff --git a/include/standard-headers/linux/virtio_crypto.h b/include/standard-headers/linux/virtio_crypto.h > index 5ff0b4ee59..68066dafb6 100644 > --- a/include/standard-headers/linux/virtio_crypto.h > +++ b/include/standard-headers/linux/virtio_crypto.h > @@ -37,6 +37,7 @@ > #define VIRTIO_CRYPTO_SERVICE_HASH 1 > #define VIRTIO_CRYPTO_SERVICE_MAC 2 > #define VIRTIO_CRYPTO_SERVICE_AEAD 3 > +#define VIRTIO_CRYPTO_SERVICE_AKCIPHER 4 > > #define VIRTIO_CRYPTO_OPCODE(service, op) (((service) << 8) | (op)) > > @@ -57,6 +58,10 @@ struct virtio_crypto_ctrl_header { > VIRTIO_CRYPTO_OPCODE(VIRTIO_CRYPTO_SERVICE_AEAD, 0x02) > #define VIRTIO_CRYPTO_AEAD_DESTROY_SESSION \ > VIRTIO_CRYPTO_OPCODE(VIRTIO_CRYPTO_SERVICE_AEAD, 0x03) > +#define VIRTIO_CRYPTO_AKCIPHER_CREATE_SESSION \ > + VIRTIO_CRYPTO_OPCODE(VIRTIO_CRYPTO_SERVICE_AKCIPHER, 0x04) > +#define VIRTIO_CRYPTO_AKCIPHER_DESTROY_SESSION \ > + VIRTIO_CRYPTO_OPCODE(VIRTIO_CRYPTO_SERVICE_AKCIPHER, 0x05) > uint32_t opcode; > uint32_t algo; > uint32_t flag; > @@ -180,6 +185,58 @@ struct virtio_crypto_aead_create_session_req { > uint8_t padding[32]; > }; > > +struct virtio_crypto_rsa_session_para { > +#define VIRTIO_CRYPTO_RSA_RAW_PADDING 0 > +#define VIRTIO_CRYPTO_RSA_PKCS1_PADDING 1 > + uint32_t padding_algo; > + > +#define VIRTIO_CRYPTO_RSA_NO_HASH 0 > +#define VIRTIO_CRYPTO_RSA_MD2 1 > +#define VIRTIO_CRYPTO_RSA_MD3 2 > +#define VIRTIO_CRYPTO_RSA_MD4 3 > +#define VIRTIO_CRYPTO_RSA_MD5 4 > +#define VIRTIO_CRYPTO_RSA_SHA1 5 Do we really need to be adding support for all these obsolete hash functions. Maybe SHA1 is borderline acceptable, but all those obsolete MD* functions too ?? > +#define VIRTIO_CRYPTO_RSA_SHA256 6 > +#define VIRTIO_CRYPTO_RSA_SHA384 7 > +#define VIRTIO_CRYPTO_RSA_SHA512 8 > +#define VIRTIO_CRYPTO_RSA_SHA224 9 > + uint32_t hash_algo; > +}; > + > +struct virtio_crypto_ecdsa_session_para { > +#define VIRTIO_CRYPTO_CURVE_UNKNOWN 0 > +#define VIRTIO_CRYPTO_CURVE_NIST_P192 1 > +#define VIRTIO_CRYPTO_CURVE_NIST_P224 2 > +#define VIRTIO_CRYPTO_CURVE_NIST_P256 3 > +#define VIRTIO_CRYPTO_CURVE_NIST_P384 4 > +#define VIRTIO_CRYPTO_CURVE_NIST_P521 5 > + uint32_t curve_id; > + uint32_t padding; > +}; > + > +struct virtio_crypto_akcipher_session_para { > +#define VIRTIO_CRYPTO_NO_AKCIPHER 0 > +#define VIRTIO_CRYPTO_AKCIPHER_RSA 1 > +#define VIRTIO_CRYPTO_AKCIPHER_DSA 2 > +#define VIRTIO_CRYPTO_AKCIPHER_ECDSA 3 Here we have RSA, DSA and ECDSA, but the corresponding QEMU qapi/crypto.json doesn't define DSA at all. Is that a mistake on the QEMU side, or is the DSA support redundant ? > + uint32_t algo; > + > +#define VIRTIO_CRYPTO_AKCIPHER_KEY_TYPE_PUBLIC 1 > +#define VIRTIO_CRYPTO_AKCIPHER_KEY_TYPE_PRIVATE 2 > + uint32_t keytype; > + uint32_t keylen; > + > + union { > + struct virtio_crypto_rsa_session_para rsa; > + struct virtio_crypto_ecdsa_session_para ecdsa; > + } u; > +}; With regards, Daniel -- |: https://berrange.com -o- https://www.flickr.com/photos/dberrange :| |: https://libvirt.org -o- https://fstop138.berrange.com :| |: https://entangle-photo.org -o- https://www.instagram.com/dberrange :| From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from smtp3.osuosl.org (smtp3.osuosl.org [140.211.166.136]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by smtp.lore.kernel.org (Postfix) with ESMTPS id F267CC433FE for ; Wed, 23 Mar 2022 15:38:36 +0000 (UTC) Received: from localhost (localhost [127.0.0.1]) by smtp3.osuosl.org (Postfix) with ESMTP id 811D160B98; Wed, 23 Mar 2022 15:38:36 +0000 (UTC) X-Virus-Scanned: amavisd-new at osuosl.org Received: from smtp3.osuosl.org ([127.0.0.1]) by localhost (smtp3.osuosl.org [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id nVkMu_J2sWWL; Wed, 23 Mar 2022 15:38:35 +0000 (UTC) Received: from lists.linuxfoundation.org (lf-lists.osuosl.org [140.211.9.56]) by smtp3.osuosl.org (Postfix) with ESMTPS id 162B4605BE; Wed, 23 Mar 2022 15:38:35 +0000 (UTC) Received: from lf-lists.osuosl.org (localhost [127.0.0.1]) by lists.linuxfoundation.org (Postfix) with ESMTP id F1BF8C001A; Wed, 23 Mar 2022 15:38:34 +0000 (UTC) Received: from smtp3.osuosl.org (smtp3.osuosl.org [140.211.166.136]) by lists.linuxfoundation.org (Postfix) with ESMTP id A2654C000B for ; Wed, 23 Mar 2022 15:38:33 +0000 (UTC) Received: from localhost (localhost [127.0.0.1]) by smtp3.osuosl.org (Postfix) with ESMTP id 8399F60B98 for ; Wed, 23 Mar 2022 15:38:33 +0000 (UTC) X-Virus-Scanned: amavisd-new at osuosl.org Received: from smtp3.osuosl.org ([127.0.0.1]) by localhost (smtp3.osuosl.org [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 1AezPy9K1Zrm for ; Wed, 23 Mar 2022 15:38:32 +0000 (UTC) X-Greylist: domain auto-whitelisted by SQLgrey-1.8.0 Received: from us-smtp-delivery-124.mimecast.com (us-smtp-delivery-124.mimecast.com [170.10.129.124]) by smtp3.osuosl.org (Postfix) with ESMTPS id 8E4A2605BE for ; Wed, 23 Mar 2022 15:38:32 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=redhat.com; s=mimecast20190719; t=1648049911; h=from:from:reply-to:reply-to:subject:subject:date:date: message-id:message-id:to:to:cc:cc:mime-version:mime-version: content-type:content-type:in-reply-to:in-reply-to: references:references; bh=52OyT4hNZgnDakpoSYVZAqnZ+3Oak7O7fHORDYjy2eA=; b=bI/hO3vmx6kdRaJ+tj4BCs3350N5CVVq8nLdEkXfyjKjAjS4xIx+DgQeahrb0fYJkBEAfz LvTmiuhMlYZ5DUz6jGMcVIE9+rEwTMLDnypFvxqKMhOcQyN6YcNB5vPGqPw1Y84UQ9WDTO IKm35xu0Kf0VYjczglEhdFMvZY5wJ/Q= Received: from mimecast-mx02.redhat.com (mx3-rdu2.redhat.com [66.187.233.73]) by relay.mimecast.com with ESMTP with STARTTLS (version=TLSv1.2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id us-mta-39-spB1Q2qaM_GCIH9FixBKRw-1; Wed, 23 Mar 2022 11:38:26 -0400 X-MC-Unique: spB1Q2qaM_GCIH9FixBKRw-1 Received: from smtp.corp.redhat.com (int-mx07.intmail.prod.int.rdu2.redhat.com [10.11.54.7]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by mimecast-mx02.redhat.com (Postfix) with ESMTPS id BCBAE2800F6B; Wed, 23 Mar 2022 15:38:25 +0000 (UTC) Received: from redhat.com (unknown [10.33.36.123]) by smtp.corp.redhat.com (Postfix) with ESMTPS id 299AD140241B; Wed, 23 Mar 2022 15:38:24 +0000 (UTC) Date: Wed, 23 Mar 2022 15:38:21 +0000 From: Daniel =?utf-8?B?UC4gQmVycmFuZ8Op?= To: zhenwei pi Subject: Re: [PATCH v3 1/6] virtio-crypto: header update Message-ID: References: <20220323024912.249789-1-pizhenwei@bytedance.com> <20220323024912.249789-2-pizhenwei@bytedance.com> MIME-Version: 1.0 Content-Disposition: inline In-Reply-To: <20220323024912.249789-2-pizhenwei@bytedance.com> User-Agent: Mutt/2.1.5 (2021-12-30) X-Scanned-By: MIMEDefang 2.85 on 10.11.54.7 Cc: herbert@gondor.apana.org.au, mst@redhat.com, qemu-devel@nongnu.org, virtualization@lists.linux-foundation.org, linux-crypto@vger.kernel.org, lei he X-BeenThere: virtualization@lists.linux-foundation.org X-Mailman-Version: 2.1.15 Precedence: list List-Id: Linux virtualization List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Reply-To: Daniel =?utf-8?B?UC4gQmVycmFuZ8Op?= Content-Type: text/plain; charset="us-ascii" Content-Transfer-Encoding: 7bit Errors-To: virtualization-bounces@lists.linux-foundation.org Sender: "Virtualization" On Wed, Mar 23, 2022 at 10:49:07AM +0800, zhenwei pi wrote: > Update header from linux, support akcipher service. I'm assuming this is updated for *non-merged* Linux headers, since I don't see these changes present in current linux.git > > Reviewed-by: Gonglei > Signed-off-by: lei he > Signed-off-by: zhenwei pi > --- > .../standard-headers/linux/virtio_crypto.h | 82 ++++++++++++++++++- > 1 file changed, 81 insertions(+), 1 deletion(-) > > diff --git a/include/standard-headers/linux/virtio_crypto.h b/include/standard-headers/linux/virtio_crypto.h > index 5ff0b4ee59..68066dafb6 100644 > --- a/include/standard-headers/linux/virtio_crypto.h > +++ b/include/standard-headers/linux/virtio_crypto.h > @@ -37,6 +37,7 @@ > #define VIRTIO_CRYPTO_SERVICE_HASH 1 > #define VIRTIO_CRYPTO_SERVICE_MAC 2 > #define VIRTIO_CRYPTO_SERVICE_AEAD 3 > +#define VIRTIO_CRYPTO_SERVICE_AKCIPHER 4 > > #define VIRTIO_CRYPTO_OPCODE(service, op) (((service) << 8) | (op)) > > @@ -57,6 +58,10 @@ struct virtio_crypto_ctrl_header { > VIRTIO_CRYPTO_OPCODE(VIRTIO_CRYPTO_SERVICE_AEAD, 0x02) > #define VIRTIO_CRYPTO_AEAD_DESTROY_SESSION \ > VIRTIO_CRYPTO_OPCODE(VIRTIO_CRYPTO_SERVICE_AEAD, 0x03) > +#define VIRTIO_CRYPTO_AKCIPHER_CREATE_SESSION \ > + VIRTIO_CRYPTO_OPCODE(VIRTIO_CRYPTO_SERVICE_AKCIPHER, 0x04) > +#define VIRTIO_CRYPTO_AKCIPHER_DESTROY_SESSION \ > + VIRTIO_CRYPTO_OPCODE(VIRTIO_CRYPTO_SERVICE_AKCIPHER, 0x05) > uint32_t opcode; > uint32_t algo; > uint32_t flag; > @@ -180,6 +185,58 @@ struct virtio_crypto_aead_create_session_req { > uint8_t padding[32]; > }; > > +struct virtio_crypto_rsa_session_para { > +#define VIRTIO_CRYPTO_RSA_RAW_PADDING 0 > +#define VIRTIO_CRYPTO_RSA_PKCS1_PADDING 1 > + uint32_t padding_algo; > + > +#define VIRTIO_CRYPTO_RSA_NO_HASH 0 > +#define VIRTIO_CRYPTO_RSA_MD2 1 > +#define VIRTIO_CRYPTO_RSA_MD3 2 > +#define VIRTIO_CRYPTO_RSA_MD4 3 > +#define VIRTIO_CRYPTO_RSA_MD5 4 > +#define VIRTIO_CRYPTO_RSA_SHA1 5 Do we really need to be adding support for all these obsolete hash functions. Maybe SHA1 is borderline acceptable, but all those obsolete MD* functions too ?? > +#define VIRTIO_CRYPTO_RSA_SHA256 6 > +#define VIRTIO_CRYPTO_RSA_SHA384 7 > +#define VIRTIO_CRYPTO_RSA_SHA512 8 > +#define VIRTIO_CRYPTO_RSA_SHA224 9 > + uint32_t hash_algo; > +}; > + > +struct virtio_crypto_ecdsa_session_para { > +#define VIRTIO_CRYPTO_CURVE_UNKNOWN 0 > +#define VIRTIO_CRYPTO_CURVE_NIST_P192 1 > +#define VIRTIO_CRYPTO_CURVE_NIST_P224 2 > +#define VIRTIO_CRYPTO_CURVE_NIST_P256 3 > +#define VIRTIO_CRYPTO_CURVE_NIST_P384 4 > +#define VIRTIO_CRYPTO_CURVE_NIST_P521 5 > + uint32_t curve_id; > + uint32_t padding; > +}; > + > +struct virtio_crypto_akcipher_session_para { > +#define VIRTIO_CRYPTO_NO_AKCIPHER 0 > +#define VIRTIO_CRYPTO_AKCIPHER_RSA 1 > +#define VIRTIO_CRYPTO_AKCIPHER_DSA 2 > +#define VIRTIO_CRYPTO_AKCIPHER_ECDSA 3 Here we have RSA, DSA and ECDSA, but the corresponding QEMU qapi/crypto.json doesn't define DSA at all. Is that a mistake on the QEMU side, or is the DSA support redundant ? > + uint32_t algo; > + > +#define VIRTIO_CRYPTO_AKCIPHER_KEY_TYPE_PUBLIC 1 > +#define VIRTIO_CRYPTO_AKCIPHER_KEY_TYPE_PRIVATE 2 > + uint32_t keytype; > + uint32_t keylen; > + > + union { > + struct virtio_crypto_rsa_session_para rsa; > + struct virtio_crypto_ecdsa_session_para ecdsa; > + } u; > +}; With regards, Daniel -- |: https://berrange.com -o- https://www.flickr.com/photos/dberrange :| |: https://libvirt.org -o- https://fstop138.berrange.com :| |: https://entangle-photo.org -o- https://www.instagram.com/dberrange :| _______________________________________________ Virtualization mailing list Virtualization@lists.linux-foundation.org https://lists.linuxfoundation.org/mailman/listinfo/virtualization From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from lists.gnu.org (lists.gnu.org [209.51.188.17]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by smtp.lore.kernel.org (Postfix) with ESMTPS id 03718C433F5 for ; Wed, 23 Mar 2022 15:39:48 +0000 (UTC) Received: from localhost ([::1]:39142 helo=lists1p.gnu.org) by lists.gnu.org with esmtp (Exim 4.90_1) (envelope-from ) id 1nX35P-0003Tv-Lh for qemu-devel@archiver.kernel.org; Wed, 23 Mar 2022 11:39:47 -0400 Received: from eggs.gnu.org ([209.51.188.92]:58884) by lists.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.90_1) (envelope-from ) id 1nX34D-0002f0-AO for qemu-devel@nongnu.org; Wed, 23 Mar 2022 11:38:33 -0400 Received: from us-smtp-delivery-124.mimecast.com ([170.10.129.124]:45987) by eggs.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.90_1) (envelope-from ) id 1nX34A-0000Hq-B3 for qemu-devel@nongnu.org; Wed, 23 Mar 2022 11:38:31 -0400 DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=redhat.com; s=mimecast20190719; t=1648049909; h=from:from:reply-to:reply-to:subject:subject:date:date: message-id:message-id:to:to:cc:cc:mime-version:mime-version: content-type:content-type:in-reply-to:in-reply-to: references:references; bh=52OyT4hNZgnDakpoSYVZAqnZ+3Oak7O7fHORDYjy2eA=; b=MgbVoJ15BhzujMO8Qo9p69fGYhMnTYz5f4GQfvOy8Vpdod1qo+g/QtT233s8LEvIw6UUHq iWKKwVZaZJJaw72YCFgT3/nH9w9GhcDr9wVu1KtWRqgFiG/wqcDUxqqcaEB7GpSI9khEnY 9uyguA6+VjW7o+qFWhxDK/IJc4ueq2A= Received: from mimecast-mx02.redhat.com (mx3-rdu2.redhat.com [66.187.233.73]) by relay.mimecast.com with ESMTP with STARTTLS (version=TLSv1.2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id us-mta-39-spB1Q2qaM_GCIH9FixBKRw-1; Wed, 23 Mar 2022 11:38:26 -0400 X-MC-Unique: spB1Q2qaM_GCIH9FixBKRw-1 Received: from smtp.corp.redhat.com (int-mx07.intmail.prod.int.rdu2.redhat.com [10.11.54.7]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by mimecast-mx02.redhat.com (Postfix) with ESMTPS id BCBAE2800F6B; Wed, 23 Mar 2022 15:38:25 +0000 (UTC) Received: from redhat.com (unknown [10.33.36.123]) by smtp.corp.redhat.com (Postfix) with ESMTPS id 299AD140241B; Wed, 23 Mar 2022 15:38:24 +0000 (UTC) Date: Wed, 23 Mar 2022 15:38:21 +0000 From: Daniel =?utf-8?B?UC4gQmVycmFuZ8Op?= To: zhenwei pi Subject: Re: [PATCH v3 1/6] virtio-crypto: header update Message-ID: References: <20220323024912.249789-1-pizhenwei@bytedance.com> <20220323024912.249789-2-pizhenwei@bytedance.com> MIME-Version: 1.0 Content-Type: text/plain; charset=utf-8 Content-Disposition: inline In-Reply-To: <20220323024912.249789-2-pizhenwei@bytedance.com> User-Agent: Mutt/2.1.5 (2021-12-30) X-Scanned-By: MIMEDefang 2.85 on 10.11.54.7 Received-SPF: pass client-ip=170.10.129.124; envelope-from=berrange@redhat.com; helo=us-smtp-delivery-124.mimecast.com X-Spam_score_int: -21 X-Spam_score: -2.2 X-Spam_bar: -- X-Spam_report: (-2.2 / 5.0 requ) BAYES_00=-1.9, DKIMWL_WL_HIGH=-0.082, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, RCVD_IN_DNSWL_NONE=-0.0001, RCVD_IN_MSPIKE_H4=0.001, RCVD_IN_MSPIKE_WL=0.001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001, T_SCC_BODY_TEXT_LINE=-0.01 autolearn=ham autolearn_force=no X-Spam_action: no action X-BeenThere: qemu-devel@nongnu.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Reply-To: Daniel =?utf-8?B?UC4gQmVycmFuZ8Op?= Cc: herbert@gondor.apana.org.au, mst@redhat.com, jasowang@redhat.com, qemu-devel@nongnu.org, virtualization@lists.linux-foundation.org, arei.gonglei@huawei.com, linux-crypto@vger.kernel.org, lei he Errors-To: qemu-devel-bounces+qemu-devel=archiver.kernel.org@nongnu.org Sender: "Qemu-devel" On Wed, Mar 23, 2022 at 10:49:07AM +0800, zhenwei pi wrote: > Update header from linux, support akcipher service. I'm assuming this is updated for *non-merged* Linux headers, since I don't see these changes present in current linux.git > > Reviewed-by: Gonglei > Signed-off-by: lei he > Signed-off-by: zhenwei pi > --- > .../standard-headers/linux/virtio_crypto.h | 82 ++++++++++++++++++- > 1 file changed, 81 insertions(+), 1 deletion(-) > > diff --git a/include/standard-headers/linux/virtio_crypto.h b/include/standard-headers/linux/virtio_crypto.h > index 5ff0b4ee59..68066dafb6 100644 > --- a/include/standard-headers/linux/virtio_crypto.h > +++ b/include/standard-headers/linux/virtio_crypto.h > @@ -37,6 +37,7 @@ > #define VIRTIO_CRYPTO_SERVICE_HASH 1 > #define VIRTIO_CRYPTO_SERVICE_MAC 2 > #define VIRTIO_CRYPTO_SERVICE_AEAD 3 > +#define VIRTIO_CRYPTO_SERVICE_AKCIPHER 4 > > #define VIRTIO_CRYPTO_OPCODE(service, op) (((service) << 8) | (op)) > > @@ -57,6 +58,10 @@ struct virtio_crypto_ctrl_header { > VIRTIO_CRYPTO_OPCODE(VIRTIO_CRYPTO_SERVICE_AEAD, 0x02) > #define VIRTIO_CRYPTO_AEAD_DESTROY_SESSION \ > VIRTIO_CRYPTO_OPCODE(VIRTIO_CRYPTO_SERVICE_AEAD, 0x03) > +#define VIRTIO_CRYPTO_AKCIPHER_CREATE_SESSION \ > + VIRTIO_CRYPTO_OPCODE(VIRTIO_CRYPTO_SERVICE_AKCIPHER, 0x04) > +#define VIRTIO_CRYPTO_AKCIPHER_DESTROY_SESSION \ > + VIRTIO_CRYPTO_OPCODE(VIRTIO_CRYPTO_SERVICE_AKCIPHER, 0x05) > uint32_t opcode; > uint32_t algo; > uint32_t flag; > @@ -180,6 +185,58 @@ struct virtio_crypto_aead_create_session_req { > uint8_t padding[32]; > }; > > +struct virtio_crypto_rsa_session_para { > +#define VIRTIO_CRYPTO_RSA_RAW_PADDING 0 > +#define VIRTIO_CRYPTO_RSA_PKCS1_PADDING 1 > + uint32_t padding_algo; > + > +#define VIRTIO_CRYPTO_RSA_NO_HASH 0 > +#define VIRTIO_CRYPTO_RSA_MD2 1 > +#define VIRTIO_CRYPTO_RSA_MD3 2 > +#define VIRTIO_CRYPTO_RSA_MD4 3 > +#define VIRTIO_CRYPTO_RSA_MD5 4 > +#define VIRTIO_CRYPTO_RSA_SHA1 5 Do we really need to be adding support for all these obsolete hash functions. Maybe SHA1 is borderline acceptable, but all those obsolete MD* functions too ?? > +#define VIRTIO_CRYPTO_RSA_SHA256 6 > +#define VIRTIO_CRYPTO_RSA_SHA384 7 > +#define VIRTIO_CRYPTO_RSA_SHA512 8 > +#define VIRTIO_CRYPTO_RSA_SHA224 9 > + uint32_t hash_algo; > +}; > + > +struct virtio_crypto_ecdsa_session_para { > +#define VIRTIO_CRYPTO_CURVE_UNKNOWN 0 > +#define VIRTIO_CRYPTO_CURVE_NIST_P192 1 > +#define VIRTIO_CRYPTO_CURVE_NIST_P224 2 > +#define VIRTIO_CRYPTO_CURVE_NIST_P256 3 > +#define VIRTIO_CRYPTO_CURVE_NIST_P384 4 > +#define VIRTIO_CRYPTO_CURVE_NIST_P521 5 > + uint32_t curve_id; > + uint32_t padding; > +}; > + > +struct virtio_crypto_akcipher_session_para { > +#define VIRTIO_CRYPTO_NO_AKCIPHER 0 > +#define VIRTIO_CRYPTO_AKCIPHER_RSA 1 > +#define VIRTIO_CRYPTO_AKCIPHER_DSA 2 > +#define VIRTIO_CRYPTO_AKCIPHER_ECDSA 3 Here we have RSA, DSA and ECDSA, but the corresponding QEMU qapi/crypto.json doesn't define DSA at all. Is that a mistake on the QEMU side, or is the DSA support redundant ? > + uint32_t algo; > + > +#define VIRTIO_CRYPTO_AKCIPHER_KEY_TYPE_PUBLIC 1 > +#define VIRTIO_CRYPTO_AKCIPHER_KEY_TYPE_PRIVATE 2 > + uint32_t keytype; > + uint32_t keylen; > + > + union { > + struct virtio_crypto_rsa_session_para rsa; > + struct virtio_crypto_ecdsa_session_para ecdsa; > + } u; > +}; With regards, Daniel -- |: https://berrange.com -o- https://www.flickr.com/photos/dberrange :| |: https://libvirt.org -o- https://fstop138.berrange.com :| |: https://entangle-photo.org -o- https://www.instagram.com/dberrange :|