qemu-devel
[Top][All Lists]
Advanced
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [Qemu-devel] [RFC v1] virtio-crypto specification

From: Michael S. Tsirkin
Subject: Re: [Qemu-devel] [RFC v1] virtio-crypto specification
Date: Fri, 20 Nov 2015 11:39:41 +0200 
Thanks, looks good overall.
You might want to join the TC if you maintain a device.
Generally, I think this needs a bit more formal conformance
statements.
Some examples below.

On Fri, Nov 20, 2015 at 03:27:51AM +0000, Gonglei (Arei) wrote:
> Hi guys,
> 
> After initial discussion at this year's KVM forum, I post the RFC version of 
> virtio-crypto
> device specification now. 
> 
> If you have any comments, please let me know, thanks.
> 
> Regards,
> -Gonglei
> 
> 
> 1     Crypto Device
> 
> The virtio crypto device is a virtual crypto device (ie. hardware crypto 
> accelerator card). Encrypt and decrypt requests are placed in the data queue, 
> and handled by the real hardware crypto accelerators finally. A second queue 
> is the controlling queue, which is used to create/destroy session or some 
> other advanced filtering features.
> 
> 1.1   Device ID
> 
>       65535 (experimental)
> 
> 1.2   Virtqueues
> 
> 0 
>       controlq
> 1
>       dataq
> 
> 1.3   Feature bits
> 
> VIRTIO_CRYPTO_F_REQ_SIZE_MAX (0)      
> Maximum size of any single request is in “size_max”. 
> VIRTIO_CRYPTO_F_SYM (1)
> Device supports the symmetric cryptography API.
> VIRTIO_CRYPTO_F_DH (2)
> Device supports the Diffie Hellman API.
> VIRTIO_CRYPTO_F_DSA (3)
> Device supports the DSA API.
> VIRTIO_CRYPTO_F_RSA (4)
> Device supports the RSA API.
> VIRTIO_CRYPTO_F_EC (5)
> Device supports the Elliptic Curve API.
> VIRTIO_CRYPTO_F_ECDH (6)
> Device supports the Elliptic Curve Diffie Hellman API.
> VIRTIO_CRYPTO_F_ECDSA (7)
> Device supports the Elliptic Curve DSA API.
> VIRTIO_CRYPTO_F _KEY (8)
> Device supports the Key Generation API.
> VIRTIO_CRYPTO_F_LN (9)
> Device supports the Large Number API.
> VIRTIO_CRYPTO_F_PRIME (10)
> Device supports the prime number testing API.
> VIRTIO_CRYPTO_F_DRGB (11)
> Device supports the DRGB API.
> VIRTIO_CRYPTO_F_NRGB (12)
> Device supports the NRGB API.
> VIRTIO_CRYPTO_F_RAND (13)
> Device supports the random bit/number generation API.
> 
> 1.4   Device configuration layout
> 
> struct virtio_crypto_config {
>       le32 size_max; /* Maximum size of any single request */
> }
> 
> 1.5   Device Initialization
> 
> 1. The initialization routine should identify the data and control virtqueues.
> 2. If the VIRTIO_CRYPTO_F_SYM feature bit is negotiated, identify the device 
> supports the symmetric cryptography API, which as the same as other features.
> 
> 1.6   Device Operation
> 
> The controlq is used to control session operations, such as create or
> destroy. Meanwhile, some other features or functions can also be
> handled by controlq.

In future versions of the specification?

> The control request is preceded by a header:
> struct virtio_crypto_ctx_outhdr {
>     /* cipher algorithm type (ie. aes-cbc ) */
>     __virtio32 alg;
>     /* length of key */
>     __virtio32 keylen;
>     /* reserved */
>     __virtio32 flags;
>     /* control type  */
>     uint8_t type;
>     /* encrypt or decrypt */
>     uint8_t op;
>     /* mode of hash operation, including authenticated/plain/nested hash */
>     uint8_t hash_mode;
>     /* authenticate hash/cipher ordering  */
>     uint8_t alg_chain_order;
>     /* length of authenticated key */
>     __virtio32 auth_key_len;
>     /* hash algorithm type */
>     __virtio32 hash_alg;

You can make this all le too: I don't think we need to
support legacy devices of this type.
Spec also does not use uint8_t.

> };
> The encrypt/decrypt requests and the corresponding results are transmitted by 
> placing them in dataq. The request itself is preceded by a header:
> struct virtio_crypto_req_outhdr {
>     /* algorithm type (ie. aes-128-cbc ) */
>     __virtio32 mode;
>     /* length of iv */
>     __virtio32 ivlen;
>     /* length of source data */
>     __virtio32 len;
>     /* length of auth data */
>     __virtio32 auth_len;
>     /* the backend session id */
>     __virtio64 session_id;
>     /* reserved */
>     __virtio32 flags;
> };
> 
> Both ctx and data requests end by a status byte. The final status byte is 
> written by the device: either VIRTIO_CRYPTO_S_OK for success, 
> VIRTIO_BLK_S_IOERR for device or driver error or VIRTIO_BLK_S_UNSUPP for a 
> request unsupported by device, VIRTIO_CRYPTO_S_BADMSG for verification failed 
> when decrypt AEAD algorithms:
> 
> #define VIRTIO_CRYPTO_S_OK    0
> #define VIRTIO_CRYPTO_S_ERR    1
> #define VIRTIO_CRYPTO_S_UNSUPP    2
> #define VIRTIO_CRYPTO_S_BADMSG    3
> 
> For symmetric cryptography, three types algorithms are supported:

What does this "are supported" mean?
Device SHOULD support 3 types of algorithms?
Or CAN? MUST?

> enum {
>     VIRTIO_CRYPTO_ABLKCIPHER,
>     VIRTIO_CRYPTO_AEAD,
>     VIRTIO_CRYPTO_HASH,
> };

Specify values here too pls.

> VIRTIO_CRYPTO_ABLKCIPHER: Asynchronous Block Cipher.
> VIRTIO_CRYPTO_AEAD: Authenticated Encryption With Associated Data (AEAD) 
> Cipher.
> VIRTIO_CRYPTO_HASH: Hash and MAC (Message Authentication Code) cipher.
> 
> 1.6.1 Encryption Operation
> 
> Bothe ctrlq and dataq virtqueue are bidirectional.
> Step1: Create a session:
> 1.    The front-end driver fill out the context message, include algorithm 
> name, key, keylen etc;
> 2.    The front-end driver send a context message to the backend device by 
> controlq;
> 3.    The backend driver create a session using the message transmitted by 
> controlq;
> 4.    Return a session id to the driver. 
> Step 2: Execute the detail encryption operation:
> 1.    The front-end driver fill out the encrypt requests;
> 2.    Put the requests into dataq and kick the virtqueue;
> 3.    The backend driver execute the encryption operation according the 
> requests’ arguments;
> 4.    Return the encryption result to the front-end driver by dataq.
> 5.    The front-end driver callback handle the result and over
> 

I'm guessing backend driver is the device and front-end the driver?


> Note: the front-end driver needs to support both synchronous and asynchronous 
> encryption.

So Driver  MUST support .... ?
Or does this in fact a requirement from device to support
both types.

> Even then the performance is poor in synchronous operation because frequent 
> context switching and virtualization overhead.

So driver SHOULD by preference use asynchronous encryption?

> 1.6.2 Decryption Operation
> 
> The decryption process is the same with encryption, except that AEAD 
> algorithm needs to be verified before decryption, if the verify result is not 
> correct, the device will directly return VIRTIO_CRYPTO_S_BADMSG (bad message) 
> to front-end driver.
> 
> 

needs to be verified -> device MUST verify and MUST return .... ?
reply via email to
[Prev in Thread] Current Thread [Next in Thread]