qemu-devel
[Top][All Lists]
Advanced

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [Qemu-devel] [PATCH v14 0/2] virtio-crypto: virtio crypto device spe


From: Gonglei (Arei)
Subject: Re: [Qemu-devel] [PATCH v14 0/2] virtio-crypto: virtio crypto device specification
Date: Mon, 26 Dec 2016 02:38:29 +0000

Hi all,

 Merry Christmas and Happy new year. :)

Both Alex and Stefan mentioned that the process of create/close a session
makes we have a least one full round-trip cost from guest to host to guest
to be able to send any data for symmetric algorithms. It gets ourself into
synchronization troubles in some scenarios like a web server handling lots
of small requests whose algorithms and keys are different.

Because the virtio crypto specification has not been voted yet and v15 is on 
the way.
I'd like to make some changes in order to support those scenarios better. That 
means
we will support one-blob request (no sessions) as well for symmetric
algorithms, including HASH, MAC services. The benefit is obvious for
HASH service because it's usually a one-blob operation.

The main changes will be:
 1) using the flag property of struct virtio_crypto_op_header to identify the
    type of crypto request. Aka Is it a session-based or non-session request?
    The flag is not used currently, so we can make use of it.

 2) extending virtio_crypto_*_para structures, for example, add the content of
    struct virtio_crypto_cipher_session_para into struct 
virtio_crypto_cipher_para.
    It's true that will increase the size of each crypto request after this 
change.

Does it make sense? Thanks!



Regards,
-Gonglei


> -----Original Message-----
> From: Gonglei (Arei)
> Sent: Friday, November 11, 2016 5:23 PM
> (Arei)
> Subject: [PATCH v14 0/2] virtio-crypto: virtio crypto device specification
> 
> Hi,
> 
> Changes since v13:
>  - drop the all GPA stuff in the spec. [Cornelia]
>  - drop all structures undefined in virtio_crypto.h. [Halil]
>  - re-describe per request for per crypto service avoid confusion.
>  - fix typos here and there.           [Michael]
>  - drop descriptions about using indirect table. [Michael]
>  - make consistency check including nameing and layout notation. [Halil]
>  - use a byte array variable size holding all kind of data [Halil]
>  - other trivial fixes.
> 
> 
> This is the specification about a new virtio crypto device.
> 
> You can get the source code from the QEMU master tree.
> 
> For more information, please see:
>  http://qemu-project.org/Features/VirtioCrypto
> 
> Please help to review, thanks.
> 
> CC: Michael S. Tsirkin <address@hidden>
> CC: Cornelia Huck <address@hidden>
> CC: Stefan Hajnoczi <address@hidden>
> CC: Lingli Deng <address@hidden>
> CC: Jani Kokkonen <address@hidden>
> CC: Ola Liljedahl <address@hidden>
> CC: Varun Sethi <address@hidden>
> CC: Zeng Xin <address@hidden>
> CC: Keating Brian <address@hidden>
> CC: Ma Liang J <address@hidden>
> CC: Griffin John <address@hidden>
> CC: Hanweidong <address@hidden>
> CC: Mihai Claudiu Caraman <address@hidden>
> 
> Changes since v12:
>  - add max_size field in the virtio-crypto device config in order
>    to tell the driver what's maximum size of crypto request the
>    device supports.     [Michael]
>  - add max_cipher_key_len and max_auth_key_len in the device config
>    too for the symmetric algorithms to limit resource utilization by
>    guest. [Thoughts come from Michael]
> 
> Changes since v11:
>  - drop scatter-gather I/O definition for virtio crypto device because
>    The vring already provides scatter-gather I/O.  It is usually not
>    necessary to define scatter-gather I/O at the device level.      [Stefan]
>  - perfect algorithm chain parameters' definition.
>  - add HASH/MAC parameter structure.
> 
> Changes since v10:
>  - fix typos s/filed/field/. [Xin]
>  - replace 'real cypto accelerator' with 'backend crypto accelerator'. [mst]
>  - drop KDF, ASYM, PRIMITIVE services description temporarily. [mst]
>  - write a device requirement are testable about
> VIRTIO_CRYPTO_S_HW_READY. [mst]
>  - add a space before * in one code comment. [mst]
>  - reset the layout of all crypto operations for better asymmetric algos 
> support.
> [Xin]
>  - add more detailed description for initialization vector under different 
> modes.
>  - sed -i 's/VIRTIO_CRYPTO_OP_/VIRTIO_CRYPTO_/g' for general usage in
> asym algos. [Xin]
> 
> Changes since v9:
>  - request a native speaker go over the text and fix corresponding grammar
> issues. [mst]
>  - make some description more appropriated over here and there. [mst]
>  - rewrite some requirement for both device and driver. [mst]
>  - use RFC 2119 keywords. [mst]
>  - fix some complaints by Xelatex and typoes. [Xin Zeng]
>  - add scatter/getter chain support for possible large block data.
> 
> Thanks for your review, Michael and Xin.
> 
> Changes from v8:
>  - add additional auth gpa and length to struct virtio_crypto_sym_data_req;
>  - add definition of op in struct virtio_crypto_cipher_session_para,
>   VIRTIO_CRYPTO_OP_ENCRYPT and VIRTIO_CRYPTO_OP_DECRYPT;
>  - make all structures 64bit aligned in order to support different
>   architectures more conveniently [Alex & Stefan]
>  - change to devicenormative{\subsection} and \drivernormative{\subsection}
> in some sections [Stefan]
>  - driver does not have to initialize all data virtqueues if it wants to use 
> fewer
> [Stefan]
>  - drop VIRTIO_CRYPTO_NO_SERVICE definition [Stefan]
>  - many grammatical problems and typos. [Stefan]
>  - rename VIRTIO_CRYPTO_MAC_CMAC_KASUMI_F9 to
> VIRTIO_CRYPTO_MAC_CMAC_KASUMI_F9,
>   and VIRTIO_CRYPTO_MAC_CMAC_SNOW3G_UIA2 to
> VIRTIO_CRYPTO_MAC_SNOW3G_UIA2. [Liang Ma]
>  - drop queue_id property of struct virtio_crypto_op_data_req.
>  - reconstruct some structures about session operation request.
>  - introduce struct virtio_crypto_alg_chain_session_req and struct
> virtio_crypto_alg_chain_data_req,
>   introduce chain para, output, input structures as well.
>  - change some sections' layout for better compatibility, for asymmetric 
> algos.
> [Xin Zeng]
> 
> Changes from v7:
>  - fix some grammar or typo problems.
>  - add more detailed description at steps of encryption section.
> 
> Changes from v6:
>  - drop verion filed in struct virtio_crypto_config. [Michael & Cornelia]
>  - change the incorrect description in initialization routine. [Zeng Xin]
>  - redefine flag u16 to make structure alignment. [Zeng Xin]
>  - move the content of virtio_crypto_hash_session_para into
>    virtio_crypto_hash_session_input directly, Same to MAC/SYM/AEAD
> session creation. [Zeng Xin]
>  - adjuest the sequence of idata and odata refer to the virtio scsi parts,
>    meanwhile add the comments of device-readable/writable for them.
>  - add restrictive documents for the guest memory in some structure, which
>    MUST be gauranted to be allocated and physically-contiguous.
> 
> Changes from v5:
>  - add conformance clauses for virtio crypto device. [Michael]
>  - drop VIRTIO_CRYPTO_S_STARTED. [Michael]
>  - fix some characters problems. [Stefan]
>  - add a MAC algorithm, named VIRTIO_CRYPTO_MAC_ZUC_EIA3. [Zeng Xin]
>  - add the fourth return code, named VIRTIO_CRYPTO_OP_INVSESS used
>    for invalid session id when executing crypto operations.
>  - drop some gpu stuff forgot to delete. [Michael]
>  - convert tab to space all over the content.
> 
> Changes from v4:
>  - introduce crypto services into virtio crypto device. The services
>    currently defined are CIPHER, MAC, HASH, AEAD, KDF, ASYM, PRIMITIVE.
>  - define a unified crypto request format that is consisted of
>    general header + service specific request,  Where 'general header' is for
> all
>    crypto request,  'service specific request' is composed of
>    operation parameter + input data + output data in generally.
>    operation parameter is algorithm-specific parameters,
>    input data is the data should be operated ,
>    output data is the "operation result + result buffer".
>  - redefine the algorithms and structure based on above crypto services.
>  - rearrange the title and subtitle
>  - Only support CIPHER, MAC, HASH and AEAD crypto services, and Xin will
>    focus KDF, ASYM and PRIMITIVE services.
>  - Some other corresponding fixes.
>  - Make a formal patch using tex type.
> 
> This version is a big reconstruction based on Zeng, Xin' comments, thanks a 
> lot.
> 
> Changes from v3:
>  - Don't use enum is the spec but macros in specific structures. [Michael &
> Stefan]
>  - Add two complete structures for session creation and closing, so that
>   the spec is clear on how to lay out the request.  [Stefan]
>  - Definite the crypto operation request with assigned structure, in this way,
>   each data request only occupies *one entry* of the Vring descriptor table,
>   which *improves* the *throughput* of data transferring.
> 
> Changes from v2:
>  - Reserve virtio device ID 20 for crypto device. [Cornelia]
>  - Drop all feature bits, those capabilities are offered by the device all 
> the time.
> [Stefan & Cornelia]
>  - Add a new section 1.4.2 for driver requirements. [Stefan]
>  - Use definite type definition instead of enum type in some structure. 
> [Stefan]
>  - Add virtio_crypto_cipher_alg definition. [Stefan]
>  - Add a "Device requirements" section as using MUST. [Stefan]
>  - Some grammar nits fixes and typo fixes. [Stefan & Cornelia]
>  - Add one VIRTIO_CRYPTO_S_STARTED status for the driver as the flag of
> virtio-crypto device started and can work now.
> 
> Great thanks for Stefan and Cornelia!
> 
> Gonglei (2):
>   virtio-crypto: Add virtio crypto device specification
>   virtio-crypto: Add conformance clauses
> 
>  conformance.tex   |  30 ++
>  content.tex       |   2 +
>  virtio-crypto.tex | 945
> ++++++++++++++++++++++++++++++++++++++++++++++++++++++
>  3 files changed, 977 insertions(+)
>  create mode 100644 virtio-crypto.tex
> 
> --
> 1.7.12.4
> 




reply via email to

[Prev in Thread] Current Thread [Next in Thread]