xref: /dpdk/lib/vhost/virtio_crypto.h (revision 99a2dd955fba6e4cc23b77d590a033650ced9c45) 
1 /* SPDX-License-Identifier: BSD-3-Clause
2  * Copyright(c) 2018 HUAWEI TECHNOLOGIES CO., LTD.
3  */
4 
5 #ifndef _VIRTIO_CRYPTO_H
6 #define _VIRTIO_CRYPTO_H
7 
8 #define VIRTIO_CRYPTO_SERVICE_CIPHER 0
9 #define VIRTIO_CRYPTO_SERVICE_HASH   1
10 #define VIRTIO_CRYPTO_SERVICE_MAC    2
11 #define VIRTIO_CRYPTO_SERVICE_AEAD   3
12 
13 #define VIRTIO_CRYPTO_OPCODE(service, op)   (((service) << 8) | (op))
14 
15 struct virtio_crypto_ctrl_header {
16 #define VIRTIO_CRYPTO_CIPHER_CREATE_SESSION \
17 	   VIRTIO_CRYPTO_OPCODE(VIRTIO_CRYPTO_SERVICE_CIPHER, 0x02)
18 #define VIRTIO_CRYPTO_CIPHER_DESTROY_SESSION \
19 	   VIRTIO_CRYPTO_OPCODE(VIRTIO_CRYPTO_SERVICE_CIPHER, 0x03)
20 #define VIRTIO_CRYPTO_HASH_CREATE_SESSION \
21 	   VIRTIO_CRYPTO_OPCODE(VIRTIO_CRYPTO_SERVICE_HASH, 0x02)
22 #define VIRTIO_CRYPTO_HASH_DESTROY_SESSION \
23 	   VIRTIO_CRYPTO_OPCODE(VIRTIO_CRYPTO_SERVICE_HASH, 0x03)
24 #define VIRTIO_CRYPTO_MAC_CREATE_SESSION \
25 	   VIRTIO_CRYPTO_OPCODE(VIRTIO_CRYPTO_SERVICE_MAC, 0x02)
26 #define VIRTIO_CRYPTO_MAC_DESTROY_SESSION \
27 	   VIRTIO_CRYPTO_OPCODE(VIRTIO_CRYPTO_SERVICE_MAC, 0x03)
28 #define VIRTIO_CRYPTO_AEAD_CREATE_SESSION \
29 	   VIRTIO_CRYPTO_OPCODE(VIRTIO_CRYPTO_SERVICE_AEAD, 0x02)
30 #define VIRTIO_CRYPTO_AEAD_DESTROY_SESSION \
31 	   VIRTIO_CRYPTO_OPCODE(VIRTIO_CRYPTO_SERVICE_AEAD, 0x03)
32 	uint32_t opcode;
33 	uint32_t algo;
34 	uint32_t flag;
35 	/* data virtqueue id */
36 	uint32_t queue_id;
37 };
38 
39 struct virtio_crypto_cipher_session_para {
40 #define VIRTIO_CRYPTO_NO_CIPHER                 0
41 #define VIRTIO_CRYPTO_CIPHER_ARC4               1
42 #define VIRTIO_CRYPTO_CIPHER_AES_ECB            2
43 #define VIRTIO_CRYPTO_CIPHER_AES_CBC            3
44 #define VIRTIO_CRYPTO_CIPHER_AES_CTR            4
45 #define VIRTIO_CRYPTO_CIPHER_DES_ECB            5
46 #define VIRTIO_CRYPTO_CIPHER_DES_CBC            6
47 #define VIRTIO_CRYPTO_CIPHER_3DES_ECB           7
48 #define VIRTIO_CRYPTO_CIPHER_3DES_CBC           8
49 #define VIRTIO_CRYPTO_CIPHER_3DES_CTR           9
50 #define VIRTIO_CRYPTO_CIPHER_KASUMI_F8          10
51 #define VIRTIO_CRYPTO_CIPHER_SNOW3G_UEA2        11
52 #define VIRTIO_CRYPTO_CIPHER_AES_F8             12
53 #define VIRTIO_CRYPTO_CIPHER_AES_XTS            13
54 #define VIRTIO_CRYPTO_CIPHER_ZUC_EEA3           14
55 	uint32_t algo;
56 	/* length of key */
57 	uint32_t keylen;
58 
59 #define VIRTIO_CRYPTO_OP_ENCRYPT  1
60 #define VIRTIO_CRYPTO_OP_DECRYPT  2
61 	/* encrypt or decrypt */
62 	uint32_t op;
63 	uint32_t padding;
64 };
65 
66 struct virtio_crypto_session_input {
67 	/* Device-writable part */
68 	uint64_t session_id;
69 	uint32_t status;
70 	uint32_t padding;
71 };
72 
73 struct virtio_crypto_cipher_session_req {
74 	struct virtio_crypto_cipher_session_para para;
75 	uint8_t padding[32];
76 };
77 
78 struct virtio_crypto_hash_session_para {
79 #define VIRTIO_CRYPTO_NO_HASH            0
80 #define VIRTIO_CRYPTO_HASH_MD5           1
81 #define VIRTIO_CRYPTO_HASH_SHA1          2
82 #define VIRTIO_CRYPTO_HASH_SHA_224       3
83 #define VIRTIO_CRYPTO_HASH_SHA_256       4
84 #define VIRTIO_CRYPTO_HASH_SHA_384       5
85 #define VIRTIO_CRYPTO_HASH_SHA_512       6
86 #define VIRTIO_CRYPTO_HASH_SHA3_224      7
87 #define VIRTIO_CRYPTO_HASH_SHA3_256      8
88 #define VIRTIO_CRYPTO_HASH_SHA3_384      9
89 #define VIRTIO_CRYPTO_HASH_SHA3_512      10
90 #define VIRTIO_CRYPTO_HASH_SHA3_SHAKE128      11
91 #define VIRTIO_CRYPTO_HASH_SHA3_SHAKE256      12
92 	uint32_t algo;
93 	/* hash result length */
94 	uint32_t hash_result_len;
95 	uint8_t padding[8];
96 };
97 
98 struct virtio_crypto_hash_create_session_req {
99 	struct virtio_crypto_hash_session_para para;
100 	uint8_t padding[40];
101 };
102 
103 struct virtio_crypto_mac_session_para {
104 #define VIRTIO_CRYPTO_NO_MAC                       0
105 #define VIRTIO_CRYPTO_MAC_HMAC_MD5                 1
106 #define VIRTIO_CRYPTO_MAC_HMAC_SHA1                2
107 #define VIRTIO_CRYPTO_MAC_HMAC_SHA_224             3
108 #define VIRTIO_CRYPTO_MAC_HMAC_SHA_256             4
109 #define VIRTIO_CRYPTO_MAC_HMAC_SHA_384             5
110 #define VIRTIO_CRYPTO_MAC_HMAC_SHA_512             6
111 #define VIRTIO_CRYPTO_MAC_CMAC_3DES                25
112 #define VIRTIO_CRYPTO_MAC_CMAC_AES                 26
113 #define VIRTIO_CRYPTO_MAC_KASUMI_F9                27
114 #define VIRTIO_CRYPTO_MAC_SNOW3G_UIA2              28
115 #define VIRTIO_CRYPTO_MAC_GMAC_AES                 41
116 #define VIRTIO_CRYPTO_MAC_GMAC_TWOFISH             42
117 #define VIRTIO_CRYPTO_MAC_CBCMAC_AES               49
118 #define VIRTIO_CRYPTO_MAC_CBCMAC_KASUMI_F9         50
119 #define VIRTIO_CRYPTO_MAC_XCBC_AES                 53
120 	uint32_t algo;
121 	/* hash result length */
122 	uint32_t hash_result_len;
123 	/* length of authenticated key */
124 	uint32_t auth_key_len;
125 	uint32_t padding;
126 };
127 
128 struct virtio_crypto_mac_create_session_req {
129 	struct virtio_crypto_mac_session_para para;
130 	uint8_t padding[40];
131 };
132 
133 struct virtio_crypto_aead_session_para {
134 #define VIRTIO_CRYPTO_NO_AEAD     0
135 #define VIRTIO_CRYPTO_AEAD_GCM    1
136 #define VIRTIO_CRYPTO_AEAD_CCM    2
137 #define VIRTIO_CRYPTO_AEAD_CHACHA20_POLY1305  3
138 	uint32_t algo;
139 	/* length of key */
140 	uint32_t key_len;
141 	/* hash result length */
142 	uint32_t hash_result_len;
143 	/* length of the additional authenticated data (AAD) in bytes */
144 	uint32_t aad_len;
145 	/* encrypt or decrypt, See above VIRTIO_CRYPTO_OP_* */
146 	uint32_t op;
147 	uint32_t padding;
148 };
149 
150 struct virtio_crypto_aead_create_session_req {
151 	struct virtio_crypto_aead_session_para para;
152 	uint8_t padding[32];
153 };
154 
155 struct virtio_crypto_alg_chain_session_para {
156 #define VIRTIO_CRYPTO_SYM_ALG_CHAIN_ORDER_HASH_THEN_CIPHER  1
157 #define VIRTIO_CRYPTO_SYM_ALG_CHAIN_ORDER_CIPHER_THEN_HASH  2
158 	uint32_t alg_chain_order;
159 /* Plain hash */
160 #define VIRTIO_CRYPTO_SYM_HASH_MODE_PLAIN    1
161 /* Authenticated hash (mac) */
162 #define VIRTIO_CRYPTO_SYM_HASH_MODE_AUTH     2
163 /* Nested hash */
164 #define VIRTIO_CRYPTO_SYM_HASH_MODE_NESTED   3
165 	uint32_t hash_mode;
166 	struct virtio_crypto_cipher_session_para cipher_param;
167 	union {
168 		struct virtio_crypto_hash_session_para hash_param;
169 		struct virtio_crypto_mac_session_para mac_param;
170 		uint8_t padding[16];
171 	} u;
172 	/* length of the additional authenticated data (AAD) in bytes */
173 	uint32_t aad_len;
174 	uint32_t padding;
175 };
176 
177 struct virtio_crypto_alg_chain_session_req {
178 	struct virtio_crypto_alg_chain_session_para para;
179 };
180 
181 struct virtio_crypto_sym_create_session_req {
182 	union {
183 		struct virtio_crypto_cipher_session_req cipher;
184 		struct virtio_crypto_alg_chain_session_req chain;
185 		uint8_t padding[48];
186 	} u;
187 
188 	/* Device-readable part */
189 
190 /* No operation */
191 #define VIRTIO_CRYPTO_SYM_OP_NONE  0
192 /* Cipher only operation on the data */
193 #define VIRTIO_CRYPTO_SYM_OP_CIPHER  1
194 /*
195  * Chain any cipher with any hash or mac operation. The order
196  * depends on the value of alg_chain_order param
197  */
198 #define VIRTIO_CRYPTO_SYM_OP_ALGORITHM_CHAINING  2
199 	uint32_t op_type;
200 	uint32_t padding;
201 };
202 
203 struct virtio_crypto_destroy_session_req {
204 	/* Device-readable part */
205 	uint64_t  session_id;
206 	uint8_t padding[48];
207 };
208 
209 /* The request of the control virtqueue's packet */
210 struct virtio_crypto_op_ctrl_req {
211 	struct virtio_crypto_ctrl_header header;
212 
213 	union {
214 		struct virtio_crypto_sym_create_session_req
215 			sym_create_session;
216 		struct virtio_crypto_hash_create_session_req
217 			hash_create_session;
218 		struct virtio_crypto_mac_create_session_req
219 			mac_create_session;
220 		struct virtio_crypto_aead_create_session_req
221 			aead_create_session;
222 		struct virtio_crypto_destroy_session_req
223 			destroy_session;
224 		uint8_t padding[56];
225 	} u;
226 };
227 
228 struct virtio_crypto_op_header {
229 #define VIRTIO_CRYPTO_CIPHER_ENCRYPT \
230 	VIRTIO_CRYPTO_OPCODE(VIRTIO_CRYPTO_SERVICE_CIPHER, 0x00)
231 #define VIRTIO_CRYPTO_CIPHER_DECRYPT \
232 	VIRTIO_CRYPTO_OPCODE(VIRTIO_CRYPTO_SERVICE_CIPHER, 0x01)
233 #define VIRTIO_CRYPTO_HASH \
234 	VIRTIO_CRYPTO_OPCODE(VIRTIO_CRYPTO_SERVICE_HASH, 0x00)
235 #define VIRTIO_CRYPTO_MAC \
236 	VIRTIO_CRYPTO_OPCODE(VIRTIO_CRYPTO_SERVICE_MAC, 0x00)
237 #define VIRTIO_CRYPTO_AEAD_ENCRYPT \
238 	VIRTIO_CRYPTO_OPCODE(VIRTIO_CRYPTO_SERVICE_AEAD, 0x00)
239 #define VIRTIO_CRYPTO_AEAD_DECRYPT \
240 	VIRTIO_CRYPTO_OPCODE(VIRTIO_CRYPTO_SERVICE_AEAD, 0x01)
241 	uint32_t opcode;
242 	/* algo should be service-specific algorithms */
243 	uint32_t algo;
244 	/* session_id should be service-specific algorithms */
245 	uint64_t session_id;
246 	/* control flag to control the request */
247 	uint32_t flag;
248 	uint32_t padding;
249 };
250 
251 struct virtio_crypto_cipher_para {
252 	/*
253 	 * Byte Length of valid IV/Counter
254 	 *
255 	 * For block ciphers in CBC or F8 mode, or for Kasumi in F8 mode, or for
256 	 *   SNOW3G in UEA2 mode, this is the length of the IV (which
257 	 *   must be the same as the block length of the cipher).
258 	 * For block ciphers in CTR mode, this is the length of the counter
259 	 *   (which must be the same as the block length of the cipher).
260 	 * For AES-XTS, this is the 128bit tweak, i, from IEEE Std 1619-2007.
261 	 *
262 	 * The IV/Counter will be updated after every partial cryptographic
263 	 * operation.
264 	 */
265 	uint32_t iv_len;
266 	/* length of source data */
267 	uint32_t src_data_len;
268 	/* length of dst data */
269 	uint32_t dst_data_len;
270 	uint32_t padding;
271 };
272 
273 struct virtio_crypto_hash_para {
274 	/* length of source data */
275 	uint32_t src_data_len;
276 	/* hash result length */
277 	uint32_t hash_result_len;
278 };
279 
280 struct virtio_crypto_mac_para {
281 	struct virtio_crypto_hash_para hash;
282 };
283 
284 struct virtio_crypto_aead_para {
285 	/*
286 	 * Byte Length of valid IV data pointed to by the below iv_addr
287 	 * parameter.
288 	 *
289 	 * For GCM mode, this is either 12 (for 96-bit IVs) or 16, in which
290 	 *   case iv_addr points to J0.
291 	 * For CCM mode, this is the length of the nonce, which can be in the
292 	 *   range 7 to 13 inclusive.
293 	 */
294 	uint32_t iv_len;
295 	/* length of additional auth data */
296 	uint32_t aad_len;
297 	/* length of source data */
298 	uint32_t src_data_len;
299 	/* length of dst data */
300 	uint32_t dst_data_len;
301 };
302 
303 struct virtio_crypto_cipher_data_req {
304 	/* Device-readable part */
305 	struct virtio_crypto_cipher_para para;
306 	uint8_t padding[24];
307 };
308 
309 struct virtio_crypto_hash_data_req {
310 	/* Device-readable part */
311 	struct virtio_crypto_hash_para para;
312 	uint8_t padding[40];
313 };
314 
315 struct virtio_crypto_mac_data_req {
316 	/* Device-readable part */
317 	struct virtio_crypto_mac_para para;
318 	uint8_t padding[40];
319 };
320 
321 struct virtio_crypto_alg_chain_data_para {
322 	uint32_t iv_len;
323 	/* Length of source data */
324 	uint32_t src_data_len;
325 	/* Length of destination data */
326 	uint32_t dst_data_len;
327 	/* Starting point for cipher processing in source data */
328 	uint32_t cipher_start_src_offset;
329 	/* Length of the source data that the cipher will be computed on */
330 	uint32_t len_to_cipher;
331 	/* Starting point for hash processing in source data */
332 	uint32_t hash_start_src_offset;
333 	/* Length of the source data that the hash will be computed on */
334 	uint32_t len_to_hash;
335 	/* Length of the additional auth data */
336 	uint32_t aad_len;
337 	/* Length of the hash result */
338 	uint32_t hash_result_len;
339 	uint32_t reserved;
340 };
341 
342 struct virtio_crypto_alg_chain_data_req {
343 	/* Device-readable part */
344 	struct virtio_crypto_alg_chain_data_para para;
345 };
346 
347 struct virtio_crypto_sym_data_req {
348 	union {
349 		struct virtio_crypto_cipher_data_req cipher;
350 		struct virtio_crypto_alg_chain_data_req chain;
351 		uint8_t padding[40];
352 	} u;
353 
354 	/* See above VIRTIO_CRYPTO_SYM_OP_* */
355 	uint32_t op_type;
356 	uint32_t padding;
357 };
358 
359 struct virtio_crypto_aead_data_req {
360 	/* Device-readable part */
361 	struct virtio_crypto_aead_para para;
362 	uint8_t padding[32];
363 };
364 
365 /* The request of the data virtqueue's packet */
366 struct virtio_crypto_op_data_req {
367 	struct virtio_crypto_op_header header;
368 
369 	union {
370 		struct virtio_crypto_sym_data_req  sym_req;
371 		struct virtio_crypto_hash_data_req hash_req;
372 		struct virtio_crypto_mac_data_req mac_req;
373 		struct virtio_crypto_aead_data_req aead_req;
374 		uint8_t padding[48];
375 	} u;
376 };
377 
378 #define VIRTIO_CRYPTO_OK        0
379 #define VIRTIO_CRYPTO_ERR       1
380 #define VIRTIO_CRYPTO_BADMSG    2
381 #define VIRTIO_CRYPTO_NOTSUPP   3
382 #define VIRTIO_CRYPTO_INVSESS   4 /* Invalid session id */
383 
384 /* The accelerator hardware is ready */
385 #define VIRTIO_CRYPTO_S_HW_READY  (1 << 0)
386 
387 struct virtio_crypto_config {
388 	/* See VIRTIO_CRYPTO_OP_* above */
389 	uint32_t  status;
390 
391 	/*
392 	 * Maximum number of data queue
393 	 */
394 	uint32_t  max_dataqueues;
395 
396 	/*
397 	 * Specifies the services mask which the device support,
398 	 * see VIRTIO_CRYPTO_SERVICE_* above
399 	 */
400 	uint32_t crypto_services;
401 
402 	/* Detailed algorithms mask */
403 	uint32_t cipher_algo_l;
404 	uint32_t cipher_algo_h;
405 	uint32_t hash_algo;
406 	uint32_t mac_algo_l;
407 	uint32_t mac_algo_h;
408 	uint32_t aead_algo;
409 	/* Maximum length of cipher key */
410 	uint32_t max_cipher_key_len;
411 	/* Maximum length of authenticated key */
412 	uint32_t max_auth_key_len;
413 	uint32_t reserve;
414 	/* Maximum size of each crypto request's content */
415 	uint64_t max_size;
416 };
417 
418 struct virtio_crypto_inhdr {
419 	/* See VIRTIO_CRYPTO_* above */
420 	uint8_t status;
421 };
422 #endif /* _VIRTIO_CRYPTO_H */
423