[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]
Subject: RE: [PATCH v1 1/1] virtio crypto device specification: asymmetric crypto service
Ping....
Is there any comment for this patch?
thanks
> -----Original Message-----
> From: Zeng, Xin
> Sent: Friday, October 28, 2016 10:52 AM
> To: virtio-dev@lists.oasis-open.org; qemu-devel@nongnu.org
> Cc: mst@redhat.com; arei.gonglei@huawei.com; Keating, Brian A
> <brian.a.keating@intel.com>; Griffin, John <john.griffin@intel.com>; Ma,
> Liang J <liang.j.ma@intel.com>; weidong.huang@huawei.com; Zeng, Xin
> <xin.zeng@intel.com>
> Subject: [PATCH v1 1/1] virtio crypto device specification: asymmetric crypto
> service
>
> This patch introduces asymmetric crypto service into virtio crypto
> device spec. The asymmetric crypto service can be referred as signature,
> verification, encryption, decryption, key generation and key exchange.
> This patch depends on another virtio crypto device spec patch:
> https://lists.gnu.org/archive/html/qemu-devel/2016-10/msg01744.html
>
> Changes since v0:
> - Use devicenormative/drivernormative instead of self-defined
> device/driver label. [Lei]
> - Change the error code of verification to general virtio_crypto
> error code. [Lei]
> - Use macro instead of enum in verification result. [Lei]
> - Fix the incorrect label value for paragraph and section. [Lei]
>
> Please help to review, thanks!
>
> Signed-off-by: Xin Zeng <xin.zeng@intel.com>
> ---
> virtio-crypto.tex | 965
> +++++++++++++++++++++++++++++++++++++++++++++++++++++-
> 1 file changed, 962 insertions(+), 3 deletions(-)
>
> diff --git a/virtio-crypto.tex b/virtio-crypto.tex
> index 86e4869..43772da 100644
> --- a/virtio-crypto.tex
> +++ b/virtio-crypto.tex
> @@ -6,7 +6,7 @@ decryption requests are placed in the data queue and are
> ultimately handled by t
> backend crypto accelerators. The second queue is the control queue used to
> create
> or destroy sessions for symmetric algorithms and will control some advanced
> features in the future. The virtio crypto device provides the following crypto
> -services: CIPHER, MAC, HASH, and AEAD.
> +services: CIPHER, MAC, HASH, AEAD and ASYM.
>
>
> \subsection{Device ID}\label{sec:Device Types / Crypto Device / Device ID}
> @@ -44,7 +44,9 @@ struct virtio_crypto_config {
> le32 mac_algo_l;
> le32 mac_algo_h;
> le32 aead_algo;
> - le32 reserve;
> + le32 asym_algo;
> + le32 rsa_padding;
> + le32 reserved;
> };
> \end{lstlisting}
>
> @@ -70,6 +72,8 @@ The following services are defined:
> #define VIRTIO_CRYPTO_SERVICE_MAC (2)
> /* AEAD (Authenticated Encryption with Associated Data) service */
> #define VIRTIO_CRYPTO_SERVICE_AEAD (3)
> +/* ASYM (Asymmetric crypto algorithms) service */
> +#define VIRTIO_CRYPTO_SERVICE_ASYM (4)
> \end{lstlisting}
>
> The last driver-read-only fields specify detailed algorithms masks
> @@ -143,6 +147,28 @@ The following AEAD algorithms are defined:
> #define VIRTIO_CRYPTO_AEAD_CHACHA20_POLY1305 3
> \end{lstlisting}
>
> +The following asymmetric algorithms are defined:
> +
> +\begin{lstlisting}
> +#define VIRTIO_CRYPTO_ASYM_NONE 0
> +#define VIRTIO_CRYPTO_ASYM_RSA 1
> +#define VIRTIO_CRYPTO_ASYM_DSA 2
> +#define VIRTIO_CRYPTO_ASYM_DH 3
> +#define VIRTIO_CRYPTO_ASYM_ECDSA 4
> +#define VIRTIO_CRYPTO_ASYM_ECDH 5
> +\end{lstlisting}
> +
> +The following rsa padding capabilities are defined:
> +
> +\begin{lstlisting}
> +#define VIRTIO_CRYPTO_RSA_NO_PADDING 0
> +#define VIRTIO_CRYPTO_RSA_PKCS1_PADDING 1
> +#define VIRTIO_CRYPTO_RSA_SSLV23_PADDING 2
> +#define VIRTIO_CRYPTO_RSA_PKCS1_OAEP_PADDING 3
> +#define VIRTIO_CRYPTO_RSA_X931_PADDING 4
> +#define VIRTIO_CRYPTO_RSA_PKCS1_PSS_PADDING 5
> +\end{lstlisting}
> +
> \begin{note}
> Any other value is reserved for future use.
> \end{note}
> @@ -241,6 +267,18 @@ struct virtio_crypto_op_header {
> VIRTIO_CRYPTO_OPCODE(VIRTIO_CRYPTO_SERVICE_AEAD, 0x00)
> #define VIRTIO_CRYPTO_AEAD_DECRYPT \
> VIRTIO_CRYPTO_OPCODE(VIRTIO_CRYPTO_SERVICE_AEAD, 0x01)
> +#define VIRTIO_CRYPTO_ASYM_SIGN \
> + VIRTIO_CRYPTO_OPCODE(VIRTIO_CRYPTO_SERVICE_ASYM, 0x00)
> +#define VIRTIO_CRYPTO_ASYM_VERIFY \
> + VIRTIO_CRYPTO_OPCODE(VIRTIO_CRYPTO_SERVICE_ASYM, 0x01)
> +#define VIRTIO_CRYPTO_ASYM_ENCRYPT \
> + VIRTIO_CRYPTO_OPCODE(VIRTIO_CRYPTO_SERVICE_ASYM, 0x02)
> +#define VIRTIO_CRYPTO_ASYM_DECRYPT \
> + VIRTIO_CRYPTO_OPCODE(VIRTIO_CRYPTO_SERVICE_ASYM, 0x03)
> +#define VIRTIO_CRYPTO_ASYM_KEY_GEN \
> + VIRTIO_CRYPTO_OPCODE(VIRTIO_CRYPTO_SERVICE_ASYM, 0x04)
> +#define VIRTIO_CRYPTO_ASYM_KEY_EXCHG \
> + VIRTIO_CRYPTO_OPCODE(VIRTIO_CRYPTO_SERVICE_ASYM, 0x05)
> le32 opcode;
> /* algo should be service-specific algorithms */
> le32 algo;
> @@ -548,6 +586,23 @@ struct virtio_crypto_op_data_req {
> struct virtio_crypto_hash_data_req hash_req;
> struct virtio_crypto_mac_data_req mac_req;
> struct virtio_crypto_aead_data_req aead_req;
> +
> + struct virtio_crypto_ecdsa_sign_req ecdsa_sign_req;
> + struct virtio_crypto_dsa_sign_req dsa_sign_req;
> + struct virtio_crypto_rsa_sign_req rsa_sign_req;
> + struct virtio_crypto_ecdsa_verify_req ecdsa_verify_req;
> + struct virtio_crypto_dsa_verify_req dsa_verify_req;
> + struct virtio_crypto_rsa_verify_req rsa_verify_req;
> + struct virtio_crypto_rsa_enc_req rsa_enc_req
> + struct virtio_crypto_rsa_dec_req rsa_dec_req;
> + struct virtio_crypto_rsa_keygen_req rsa_keygen_req;
> + struct virtio_crypto_dsa_keygen_req dsa_keygen_req;
> + struct virtio_crypto_ec_keygen_req ec_keygen_req;
> + struct virtio_crypto_dh_keyexchg_param_gen_req
> dh_keyexchg_param_gen_req;
> + struct virtio_crypto_dh_keyexchg_key_gen_req
> dh_keyexchg_key_gen_req;
> + struct virtio_crypto_dh_keyexchg_key_compute_req
> dh_keyexchg_key_compute_req;
> + struct virtio_crypto_ecdh_keyexchg_key_gen_req
> ecdh_keyexchg_key_gen_req;
> + struct virtio_crypto_ecdh_keyexchg_key_compute_req
> ecdh_keyexchg_key_compute_req;
> } u;
> };
> \end{lstlisting}
> @@ -996,4 +1051,908 @@ pointed by \field{dst_data_addr} and
> \field{digest_result_addr} in struct virtio
> \item The device MUST copy the digest result to the guest memory
> recorded by \field{digest_result_addr} field in struct
> virtio_crypto_aead_input.
> \item The device MUST set the \field{status} field in strut
> virtio_crypto_aead_input: VIRTIO_CRYPTO_OK: success;
> VIRTIO_CRYPTO_ERR: creation failed or device error;
> VIRTIO_CRYPTO_NOTSUPP: not supported.
> \item When the \field{opcode} is VIRTIO_CRYPTO_AEAD_DECRYPT, the
> device MUST verify and return the verification result to the driver, and if the
> verification result is incorrect, VIRTIO_CRYPTO_BADMSG (bad message)
> MUST be returned to the driver.
> -\end{itemize*}
> \ No newline at end of file
> +\end{itemize*}
> +
> +\subsubsection{Asymmetric Crypto Service Operation}\label{sec:Device
> Types / Crypto Device / Device Operation /
> +Crypto operation / Asymmetric Crypto Service Operation}
> +
> +In general, asymmetric crypto service can be referred as signature,
> verification,
> +encryption, decryption, key generation and key exchange. Not each
> algorithm supports
> +all these services.
> +
> +Unlike symmetric crypto service, asymmetric crypto service normally does't
> +need session operations, the request is encapsulated within one packet
> which is represented
> +by \field{virtio_crypto_op_data_req}.
> +(see \ref{sec:Device Types / Crypto Device / Device Operation / Data
> Virtqueue}).
> +
> +Once service request is handled by the device, the device writes back the
> operation results to the corresponding
> +fields in the request packet.
> +
> +The asymmetric crypto operation uses a virtio_crypto_buf to represent the
> input/output buffer.
> +\begin{lstlisting}
> +struct virtio_crypto_buf {
> + le32 len;
> + le32 reserved;
> + le64 addr;
> +};
> +\end{lstlisting}
> +
> +\devicenormative{\paragraph}{Asymmetric Crypto Service
> Operation}{Device Types / Crypto Device / Device Operation / Asymmetric
> Crypto Service Operation}
> +\begin{itemize*}
> +\item The device MUST parse the field \field{opcode} within
> \field{virtio_crypto_op_header} (see \ref{sec:Device Types / Crypto Device /
> Device Operation}) before
> +it handles the corresponding service request.
> +\item The device SHOULD set the operation status in field \field{status}
> within \field{idata}.
> +\item The device SHOULD update the operation result to the fields in
> \field{idata} if the operation is successful.
> +\end{itemize*}
> +
> +\drivernormative{\paragraph}{Asymmetric Crypto Service
> Operation}{Device Types / Crypto Device / Device Operation / Asymmetric
> Crypto Service Operation}
> +\begin{itemize*}
> +\item The driver SHOULD set the corresponding \field{opcode} in
> \field{virtio_crypto_op_header} according to different services.
> +\item The driver SHOULD offer operatable buffer within \field{idata} if the
> service request structure defines.
> +\end{itemize*}
> +
> +\paragraph{Signature: ECDSA signature operation}\label{sec:Device Types /
> Crypto Device /
> +Device Operation / Crypto operation / Asymmetric Crypto Service
> Operation / Signature: ECDSA signature operation}
> +
> +\begin{lstlisting}
> +struct virtio_crypto_ec_group {
> + struct virtio_crypto_buf xg;
> + struct virtio_crypto_buf yg;
> + struct virtio_crypto_buf n;
> + struct virtio_crypto_buf q;
> + struct virtio_crypto_buf a;
> + struct virtio_crypto_buf b;
> + struct virtio_crypto_buf h;
> +};
> +
> +#define VIRTIO_CRYPTO_EC_FIELD_TYPE_PRIME 0
> +#define VIRTIO_CRYPTO_EC_FIELD_TYPE_BINARY 1
> +
> +struct virtio_crypto_ecdsa_sign_para{
> + /* Hash alogrithms applied to msg */
> + le32 hash_algo;
> + /* EC field_type, see VIRTIO_CRYPTO_EC_FIELD_TYPE_* definition */
> + le32 field_type;
> +
> + /* EC Group parameters */
> + struct virtio_crypto_ec_group ec;
> + /* Random value */
> + struct virtio_crypto_buf k;
> + /* Private Key */
> + struct virtio_crypto_buf d;
> +};
> +
> +struct virtio_crypto_ecdsa_sign_output {
> + /* Message need to be signed */
> + struct virtio_crypto_buf msg;
> +};
> +
> +struct virtio_crypto_ecdsa_sign_input {
> + /* operation result */
> + le32 status;
> + le32 reserved;
> +
> + /* signature result */
> + struct virtio_crypto_buf r;
> + struct virtio_crypto_buf s;
> +};
> +\end{lstlisting}
> +
> +ECDSA signature operation request is defined as below:
> +\begin{lstlisting}
> +struct virtio_crypto_ecdsa_sign_req {
> + struct virtio_crypto_ecdsa_sign_para parameter;
> + struct virtio_crypto_ecdsa_sign_output odata;
> +
> + struct virtio_crypto_ecdsa_sign_input idata;
> +};
> +\end{lstlisting}
> +
> +
> +\devicenormative{\subparagraph}{ECDSA signature operation}{Device
> Types / Crypto Device / Device Operation / Asymmetric Crypto Service
> Operation / ECDSA signature operation}
> +\begin{itemize*}
> +\item The device SHOULD set the operation results in \field{idata} according
> to the general device requirments for asymmetric crypto service.
> +\end{itemize*}
> +
> +\drivernormative{\subparagraph}{ECDSA signature operation}{Device
> Types / Crypto Device / Device Operation / Asymmetric Crypto Service
> Operation / ECDSA signature operation}
> +\begin{itemize*}
> +\item The driver SHOULD set the \field{opcode} in
> \field{virtio_crypto_op_header} to VIRTIO_CRYPTO_ASYM_SIGN,
> +set \field{algo} to VIRTIO_CRYPTO_ASYM_ECDSA.
> +\item The driver SHOULD set all fields in \field{parameter} and \field{odata}
> except field \field{reserved}.
> +\item The driver MUST check the operation result \field{status} in
> \field{idata} before it operates other fields in \field{idata}.
> +Only if the operation is successful, the \field{r,s} in \field{idata} are
> operatable.
> +\end{itemize*}
> +
> +\paragraph{Signature: DSA signature operation}\label{sec:Device Types /
> Crypto Device /
> +Device Operation / Crypto operation / Asymmetric Crypto Service
> Operation/ Signature: DSA signature operation}
> +
> +\begin{lstlisting}
> +struct virtio_crypto_dsa_group {
> + struct virtio_crypto_buf p;
> + struct virtio_crypto_buf q;
> + struct virtio_crypto_buf g;
> +};
> +
> +struct virtio_crypto_dsa_sign_para {
> + /* Hash alogrithms applied to msg */
> + le32 hash_algo;
> + le32 reserved;
> +
> + /* DSA group parameter */
> + struct virtio_crypto_dsa_group dsa;
> + /* Random value */
> + struct virtio_crypto_buf k;
> + /* Private Key */
> + struct virtio_crypto_buf x;
> +};
> +
> +struct virtio_crypto_dsa_sign_output {
> + struct virtio_crypto_buf msg;
> +};
> +
> +struct virtio_crypto_dsa_sign_input {
> + /* operation result */
> + le32 status;
> + le32 reserved;
> +
> + /* signature result */
> + struct virtio_crypto_buf r;
> + struct virtio_crypto_buf s;
> +};
> +\end{lstlisting}
> +DSA signature operation request is defined as below:
> +\begin{lstlisting}
> +struct virtio_crypto_dsa_sign_req {
> + struct virtio_crypto_dsa_sign_para parameter;
> + struct virtio_crypto_dsa_sign_output odata;
> +
> + struct virtio_crypto_dsa_sign_input idata;
> +};
> +\end{lstlisting}
> +
> +
> +\devicenormative{\subparagraph}{DSA signature operation}{Device Types /
> Crypto Device / Device Operation / Asymmetric Crypto Service Operation /
> DSA signature operation}
> +\begin{itemize*}
> +\item The device SHOULD set the operation results in \field{idata} according
> to the general device requirments for asymmetric crypto service.
> +\end{itemize*}
> +
> +\drivernormative{\subparagraph}{DSA signature operation}{Device Types /
> Crypto Device / Device Operation / Asymmetric Crypto Service Operation /
> DSA signature operation}
> +\begin{itemize*}
> +\item The driver SHOULD set the \field{opcode} in
> \field{virtio_crypto_op_header} to VIRTIO_CRYPTO_ASYM_SIGN,
> +set \field{algo} to VIRTIO_CRYPTO_ASYM_DSA.
> +\item The driver SHOULD set all fields in \field{parameter} and \field{odata}
> except field \field{reserved}.
> +\item The driver MUST check the operation result \field{status} in
> \field{idata} before it operates other fields in \field{idata}.
> +Only if the operation is successful, the \field{r,s} in \field{idata} are
> operatable.
> +\end{itemize*}
> +
> +\paragraph{Signature: RSA signature operation}\label{sec:Device Types /
> Crypto Device /
> +Device Operation / Crypto operation / Asymmetric Crypto Service
> Operation / Signature: RSA signature operation}
> +
> +\begin{lstlisting}
> +struct virtio_crypto_rsa_pub_key{
> + /* The RSA modules */
> + struct virtio_crypto_buf n;
> + /* The RSA public exponent */
> + struct virtio_crypto_buf e;
> +};
> +
> +struct virtio_crypto_rsa_priv_key_rep1{
> + /* The RSA modules */
> + struct virtio_crypto_buf n;
> + /* The RSA private exponent */
> + struct virtio_crypto_buf d;
> +};
> +
> +struct virtio_crypto_rsa_priv_key_rep2{
> + /* The first factor */
> + struct virtio_crypto_buf p;
> + /* The second factor */
> + struct virtio_crypto_buf q;
> + /* The first factor's CRT exponent */
> + struct virtio_crypto_buf dp;
> + /* The second factor's CRT exponent */
> + struct virtio_crypto_buf dq;
> + /* The first CRT coeffieient */
> + struct virtio_crypto_buf qinv;
> + /* The factors array when prime_number > 2 */
> + struct virtio_crypto_buf r[];
> + /* The CRT exponent array when prime_number > 2 */
> + struct virtio_crypto_buf d[];
> + /* The CRT coeffieient array when prime_number > 2 */
> + struct virtio_crypto_buf t[];
> +};
> +
> +struct virtio_crypto_rsa_priv_key {
> + le32 prime_number;
> +#define VIRTIO_CRYPTO_RSA_PRIV_KEY_REPTYPE1 0
> +#define VIRTIO_CRYPTO_RSA_PRIV_KEY_REPTYPE2 1
> + le32 priv_key_rep_type;
> + union {
> + struct virtio_crypto_rsa_priv_key_rep1 privkey_rep1;
> + struct virtio_crypto_rsa_priv_key_rep2 privkey_rep2;
> + }key;
> +};
> +
> +struct virtio_crypto_rsa_sign_para {
> + /* Hash alogrithms applied to msg */
> + le32 hash_algo;
> + le32 padding_mode;
> + struct virtio_crypto_rsa_priv_key priv_key;
> +};
> +
> +struct virtio_crypto_rsa_sign_output {
> + struct virtio_crypto_buf msg;
> +};
> +
> +struct virtio_crypto_rsa_sign_input {
> + le32 status;
> + le32 reserved;
> +
> + struct virtio_crypto_buf signature;
> +};
> +\end{lstlisting}
> +
> +RSA signature operation request is defined as below:
> +\begin{lstlisting}
> +struct virtio_crypto_rsa_sign_req {
> + struct virtio_crypto rsa_sign_para parameter;
> + struct virtio_crypto rsa_sign_output odata;
> +
> + struct virtio_crypto rsa_sign_input idata;
> +};
> +\end{lstlisting}
> +
> +
> +\devicenormative{\subparagraph}{ECDSA signature operation}{Device
> Types / Crypto Device / Device Operation / Asymmetric Crypto Service
> Operation / RSA signature operation}
> +\begin{itemize*}
> +\item The device SHOULD set the operation results in \field{idata} according
> to the general device requirments for asymmetric crypto service.
> +\end{itemize*}
> +
> +\drivernormative{\subparagraph}{ECDSA signature operation}{Device
> Types / Crypto Device / Device Operation / Asymmetric Crypto Service
> Operation / RSA signature operation}
> +\begin{itemize*}
> +\item The driver SHOULD set the \field{opcode} in
> \field{virtio_crypto_op_header} to VIRTIO_CRYPTO_ASYM_SIGN,
> +set \field{algo} to VIRTIO_CRYPTO_ASYM_RSA.
> +\item The driver SHOULD set all fields in \field{parameter} and \field{odata}
> except field \field{reserved}.
> +\item The driver MUST check the operation result \field{status} in
> \field{idata} before it operates other fields in \field{idata}.
> +Only if the operation is successful, the \field{signature} in \field{idata} is
> operatable.
> +\end{itemize*}
> +
> +\paragraph{Verification: Common Structure}\label{sec:Device Types /
> +Crypto Device / Device Operation / Crypto operation / Asymmetric Crypto
> Service Operation / Verification: Common Structure}
> +
> +The result of verification operation can be represented by structure
> \field{virtio_crypto_asym_verify_gen_input}.
> +
> +\begin{lstlisting}
> +struct virtio_crypto_asym_verify_gen_input {
> + /* Operation result */
> + le32 status;
> + /* Verification result, VIRTIO_CRYPTO_OK for a susscssful verification
> + VIRTIO_CRYPTO_BADMSG for a failed verification */
> + le32 verify_result;
> +};
> +\end{lstlisting}
> +
> +\paragraph{Verification: ECDSA Verification Operation}\label{sec:Device
> Types /
> +Crypto Device / Device Operation / Crypto operation / Asymmetric Crypto
> Service Operation / Verification: ECDSA Verification Operation}
> +
> +\begin{lstlisting}
> +struct virtio_crypto_ecdsa_verify_para {
> + /* Hash alogrithms applied to msg */
> + le32 hash_algo;
> + /* EC field_type, see VIRTIO_CRYPTO_EC_FIELD_TYPE_* definition */
> + le32 field_type;
> +
> + /* EC Group parameters */
> + struct virtio_crypto_ec_group ec;
> +
> + /* Public key */
> + struct virtio_crypto_buf x;
> + struct virtio_crypto_buf y;
> +};
> +
> +struct virtio_crypto_ecdsa_verify_output {
> + /* Signature value */
> + struct virtio_crypto_buf r;
> + struct virtio_crypto_buf s;
> +
> + struct virtio_crypto_buf msg;
> +};
> +\end{lstlisting}
> +
> +ECDSA Verification Operation request is defined as below:
> +\begin{lstlisting}
> +struct virtio_crypto_ecdsa_verify_req {
> + struct virtio_crypto_ecdsa_verify_para parameter;
> + struct virtio_crypto_ecdsa_verify_output odata;
> +
> + struct virtio_crypto_asym_verify_gen_input idata;
> +};
> +\end{lstlisting}
> +
> +\devicenormative{\subparagraph}{ECDSA verification operation}{Device
> Types / Crypto Device / Device Operation / Asymmetric Crypto Service
> Operation / ECDSA verification operation}
> +\begin{itemize*}
> +\item The device SHOULD set the operation results in \field{idata} according
> to the general device requirments for asymmetric crypto service.
> +\end{itemize*}
> +
> +\drivernormative{\subparagraph}{ECDSA verification operation}{Device
> Types / Crypto Device / Device Operation / Asymmetric Crypto Service
> Operation / ECDSA verification operation}
> +\begin{itemize*}
> +\item The driver SHOULD set the \field{opcode} in
> \field{virtio_crypto_op_header} to VIRTIO_CRYPTO_ASYM_VERIFY,
> +set \field{algo} to VIRTIO_CRYPTO_ASYM_ECDSA.
> +\item The driver SHOULD set all fields in \field{parameter} and \field{odata}
> except field \field{reserved}.
> +\item The driver MUST check the operation result \field{status} in
> \field{idata} before it checks \field{verify_result}.
> +\end{itemize*}
> +
> +\paragraph{Verification: DSA Verification Operation}\label{sec:Device Types
> /
> +Crypto Device / Device Operation / Crypto operation / Asymmetric Crypto
> Service Operation / Verification: DSA Verification Operation}
> +
> +\begin{lstlisting}
> +struct virtio_crypto_dsa_verify_para {
> + le32 hash_algo;
> + le32 reserved;
> +
> + /* DSA Group parameters */
> + struct virtio_crypto_dsa_group dsa;
> +
> + /* Public key */
> + struct virtio_crypto_buf y;
> +};
> +
> +struct virtio_crypto_dsa_verify_output {
> + /* Signature value */
> + struct virtio_crypto_buf r;
> + struct virtio_crypto_buf s;
> +
> + struct virtio_crypto_buf msg;
> +};
> +\end{lstlisting}
> +
> +DSA Verification Operation request is defined as below:
> +\begin{lstlisting}
> +struct virtio_crypto_dsa_verify_req {
> + struct virtio_crypto_dsa_verify_para parameter;
> + struct virtio_crypto_dsa_verify_output odata;
> +
> + struct virtio_crypto_asym_verify_gen_input idata;
> +};
> +\end{lstlisting}
> +
> +\devicenormative{\subparagraph}{DSA verification operation}{Device
> Types / Crypto Device / Device Operation / Asymmetric Crypto Service
> Operation / DSA verification operation}
> +\begin{itemize*}
> +\item The device SHOULD set the operation results in \field{idata}.
> +\end{itemize*}
> +
> +\drivernormative{\subparagraph}{DSA verification operation}{Device Types
> / Crypto Device / Device Operation / Asymmetric Crypto Service Operation /
> DSA verification operation}
> +\begin{itemize*}
> +\item The driver SHOULD set the \field{opcode} in
> \field{virtio_crypto_op_header} to VIRTIO_CRYPTO_ASYM_VERIFY,
> +set \field{algo} to VIRTIO_CRYPTO_ASYM_DSA.
> +\item The driver SHOULD set all fields in \field{parameter} and \field{odata}
> except field \field{reserved}.
> +\item The driver MUST check the operation result \field{status} in
> \field{idata} before it checks \field{verify_result}.
> +\end{itemize*}
> +
> +\paragraph{Verification: RSA Verification Operation}\label{sec:Device Types
> /
> +Crypto Device / Device Operation / Crypto operation / Asymmetric Crypto
> Service Operation / Verification: RSA Verification Operation}
> +
> +\begin{lstlisting}
> +struct virtio_crypto_rsa_verify_para {
> + le32 hash_algo;
> + le32 padding_mode;
> + struct virtio_crypto_rsa_pub_key pubkey;
> +};
> +
> +struct virtio_crypto_rsa_verify_output {
> + struct virtio_crypto_buf msg;
> +};
> +\end{lstlisting}
> +
> +RSA verification operation request is defined as below:
> +\begin{lstlisting}
> +struct virtio_crypto_rsa_verify_req {
> + struct virtio_crypto_rsa_verify_para parameter;
> + struct virtio_crypto_rsa_verify_output odata;
> +
> + struct virtio_crypto_asym_verify_gen_input idata;
> +};
> +\end{lstlisting}
> +
> +\devicenormative{\subparagraph}{RSA verification operation}{Device Types
> / Crypto Device / Device Operation / Asymmetric Crypto Service Operation /
> RSA verification operation}
> +\begin{itemize*}
> +\item The device SHOULD set the operation results in \field{idata}.
> +\end{itemize*}
> +
> +\drivernormative{\subparagraph}{RSA verification operation}{Device Types
> / Crypto Device / Device Operation / Asymmetric Crypto Service Operation /
> RSA verification operation}
> +\begin{itemize*}
> +\item The driver SHOULD set the \field{opcode} in
> \field{virtio_crypto_op_header} to VIRTIO_CRYPTO_ASYM_VERIFY,
> +set \field{algo} to VIRTIO_CRYPTO_ASYM_RSA.
> +\item The driver SHOULD set all fields in \field{parameter} and \field{odata}
> except field \field{reserved}.
> +\item The driver MUST check the operation result \field{status} in
> \field{idata} before it checks \field{verify_result}.
> +\end{itemize*}
> +
> +\paragraph{Encryption: RSA Encryption Operation}\label{sec:Device Types /
> +Crypto Device / Device Operation / Crypto operation / Asymmetric Crypto
> Service Operation / Encryption: RSA Encryption Operation}
> +
> +\begin{lstlisting}
> +struct virtio_crypto_rsa_enc_para {
> + le32 padding_mode;
> + le32 reserved;
> + struct rsa_pub_key pub_key;
> +};
> +
> +struct virtio_crypto_rsa_enc_output {
> + struct virtio_crypto_buf msg;
> +};
> +
> +struct virtio_crypto_rsa_enc_input {
> + le32 status;
> + le32 reserved;
> +
> + struct virtio_crypto_buf cmsg;
> +};
> +\end{lstlisting}
> +
> +RSA encryption operation request is defined as below:
> +\begin{lstlisting}
> +struct virtio_crypto_rsa_enc_req {
> + struct virtio_crypto_rsa_enc_para parameter;
> + struct virtio_crypto_rsa_enc_output odata;
> +
> + struct virtio_crypto_rsa_enc_input idata;
> +};
> +\end{lstlisting}
> +
> +\devicenormative{\subparagraph}{RSA Encryption Operation}{Device Types
> / Crypto Device / Device Operation / Asymmetric Crypto Service Operation /
> RSA Encryption Operation}
> +\begin{itemize*}
> +\item The device SHOULD set the operation results in \field{idata} according
> to the general device requirments for asymmetric crypto service.
> +\end{itemize*}
> +
> +\drivernormative{\subparagraph}{RSA Encryption Operation}{Device Types
> / Crypto Device / Device Operation / Asymmetric Crypto Service Operation /
> RSA Encryption Operation}
> +\begin{itemize*}
> +\item The driver SHOULD set the \field{opcode} in
> \field{virtio_crypto_op_header} to VIRTIO_CRYPTO_ASYM_ENCRYPT,
> +set \field{algo} to VIRTIO_CRYPTO_ASYM_RSA.
> +\item The driver SHOULD set all fields in \field{parameter} and \field{odata}
> except field \field{reserved}.
> +\item The driver MUST check the operation result \field{status} in
> \field{idata} before it operates other fields in \field{idata}.
> +Only if the operation is successful, the \field{cmsg} in \field{idata} is
> operatable.
> +\end{itemize*}
> +
> +\paragraph{Decryption: RSA Decryption Operation}\label{sec:Device Types
> /
> +Crypto Device / Device Operation / Crypto operation / Asymmetric Crypto
> Service Operation / Decryption: RSA Decryption Operation}
> +
> +\begin{lstlisting}
> +struct virtio_crypto_rsa_dec_para {
> + le32 padding_mode;
> + le32 reserved;
> + struct virtio_crypto_rsa_priv_key priv_key;
> +};
> +
> +struct virtio_crypto_rsa_dec_output {
> + struct virtio_crypto_buf cmsg;
> +}
> +
> +struct virtio_crypto_rsa_dec_input {
> + le32 status;
> + le32 reserved;
> +
> + struct virtio_crypto_buf msg;
> +};
> +\end{lstlisting}
> +
> +RSA decryption operation request is defined as below:
> +\begin{lstlisting}
> +struct virtio_crypto_rsa_dec_req {
> + struct virtio_crypto_rsa_dec_para parameter;
> + struct virtio_crypto_rsa_dec_output odata;
> +
> + struct virtio_crypto_rsa_dec_input idata;
> +};
> +\end{lstlisting}
> +
> +\devicenormative{\subparagraph}{RSA Decryption Operation}{Device
> Types / Crypto Device / Device Operation / Asymmetric Crypto Service
> Operation / RSA Decryption Operation}
> +\begin{itemize*}
> +\item The device SHOULD set the operation results in \field{idata} according
> to the general device requirments for asymmetric crypto service.
> +\end{itemize*}
> +
> +\drivernormative{\subparagraph}{RSA Decryption Operation}{Device Types
> / Crypto Device / Device Operation / Asymmetric Crypto Service Operation /
> RSA Decryption Operation}
> +\begin{itemize*}
> +\item The driver SHOULD set the \field{opcode} in
> \field{virtio_crypto_op_header} to VIRTIO_CRYPTO_ASYM_DECRYPT,
> +set \field{algo} to VIRTIO_CRYPTO_ASYM_RSA.
> +\item The driver SHOULD set all fields in \field{parameter} and \field{odata}
> except field \field{reserved}.
> +\item The driver MUST check the operation result \field{status} in
> \field{idata} before it operates other fields in \field{idata}.
> +Only if the operation is successful, the \field{msg} in \field{idata} is
> operatable.
> +\end{itemize*}
> +
> +\paragraph{Key Generation: RSA Key Generation
> Operation}\label{sec:Device Types /
> +Crypto Device / Device Operation / Crypto operation / Asymmetric Crypto
> Service Operation / Key Generation: RSA Key Generation Operation}
> +
> +\begin{lstlisting}
> +struct virtio_crypto_rsa_keygen_para {
> + /* The modules length in bytes */
> + le32 modulus_len;
> + le32 rsa_prime_number;
> + le32 priv_key_rep_type;
> + le32 reserved;
> +
> + /* the public exponent */
> + struct virtio_crypto_buf e;
> +};
> +
> +struct virtio_crypto_rsa_keygen_input {
> + le32 status;
> + le32 reserved;
> +
> + struct virtio_crypto_rsa_priv_key priv_key;
> + struct virtio_crypto_rsa_pub_key pub_key;
> +};
> +\end{lstlisting}
> +
> +RSA key-generation operation request is defined as below:
> +\begin{lstlisting}
> +struct virtio_crypto_rsa_keygen_req {
> + struct virtio_crypto_rsa_keygen_para parameter;
> +
> + struct virtio_crypto_rsa_keygen_input idata;
> +};
> +\end{lstlisting}
> +
> +\devicenormative{\subparagraph}{RSA Key Generation Operation}{Device
> Types / Crypto Device / Device Operation / Asymmetric Crypto Service
> Operation / RSA Key Generation Operation}
> +\begin{itemize*}
> +\item The device SHOULD set the operation results in \field{idata} according
> to the general device requirments for asymmetric crypto service.
> +\end{itemize*}
> +
> +\drivernormative{\subparagraph}{RSA Key Generation Operation}{Device
> Types / Crypto Device / Device Operation / Asymmetric Crypto Service
> Operation / RSA Key Generation Operation}
> +\begin{itemize*}
> +\item The driver SHOULD set the \field{opcode} in
> \field{virtio_crypto_op_header} to VIRTIO_CRYPTO_ASYM_KEY_GEN,
> +set \field{algo} to VIRTIO_CRYPTO_ASYM_RSA.
> +\item The driver SHOULD set all fields in \field{parameter} except
> \field{reserved} field.
> +\item The driver MUST check the operation result \field{status} in
> \field{idata} before it operates other fields in \field{idata}.
> +Only if the operation is successful, the \field{priv_key} and \field{pub_key}
> in \field{idata} are operatable.
> +\end{itemize*}
> +
> +\paragraph{Key Generation: DSA Key Generation
> operation}\label{sec:Device Types /
> +Crypto Device / Device Operation / Crypto operation / Asymmetric Crypto
> Service Operation / Key Generation: DSA Key Generation operation}
> +
> +\begin{lstlisting}
> +struct virtio_crypto_dsa_keygen_para {
> + le32 modulus_len;
> + le32 reserved;
> +};
> +
> +struct virtio_crypto_dsa_keygen_input {
> + le32 status;
> + le32 reserved;
> +
> + /* DSA Group parameters */
> + struct virtio_crypto_dsa_group dsa;
> + /* Private key */
> + struct virtio_crypto_buf x;
> + /* Public key */
> + struct virtio_crypto_buf y;
> +};
> +\end{lstlisting}
> +
> +DSA key-generation operation request is defined as below:
> +\begin{lstlisting}
> +struct virtio_crypto_dsa_keygen_req {
> + struct virtio_crypto_dsa_keygen_para parameter;
> +
> + struct virtio_crypto_dsa_keygen_input idata;
> +};
> +\end{lstlisting}
> +
> +\devicenormative{\subparagraph}{DSA Key Generation Operation}{Device
> Types / Crypto Device / Device Operation / Asymmetric Crypto Service
> Operation / DSA Key Generation Operation}
> +\begin{itemize*}
> +\item The device SHOULD set the operation results in \field{idata} according
> to the general device requirments for asymmetric crypto service.
> +\end{itemize*}
> +
> +\drivernormative{\subparagraph}{DSA Key Generation Operation}{Device
> Types / Crypto Device / Device Operation / Asymmetric Crypto Service
> Operation / DSA Key Generation Operation}
> +\begin{itemize*}
> +\item The driver SHOULD set the \field{opcode} in
> \field{virtio_crypto_op_header} to VIRTIO_CRYPTO_ASYM_KEY_GEN,
> +set \field{algo} to VIRTIO_CRYPTO_ASYM_DSA.
> +\item The driver SHOULD set all fields in \field{parameter} except
> \field{reserved} field.
> +\item The driver MUST check the operation result \field{status} in
> \field{idata} before it operates other fields in \field{idata}.
> +Only if the operation is successful, the \field{priv_key} and \field{pub_key}
> in \field{idata} are operatable.
> +\end{itemize*}
> +
> +\paragraph{Key Generation: EC Key Generation
> operation}\label{sec:Device Types /
> +Crypto Device / Device Operation / Crypto operation / Asymmetric Crypto
> Service Operation / Key Generation: EC Key Generation operation}
> +
> +\begin{lstlisting}
> +struct virtio_crypto_ec_keygen_para {
> + /* EC field_type, see VIRTIO_CRYPTO_EC_FIELD_TYPE_* definition */
> + le32 field_type;
> + le32 reserved;
> +
> + /* EC group parameters */
> + struct virtio_crypto_ec_group ec;
> +};
> +
> +struct virtio_crypto_ec_keygen_input {
> + le32 status;
> + le32 reserved;
> +
> + /* Private key */
> + struct virtio_crypto_buf d;
> +
> + /* Public key */
> + struct virtio_crypto_buf x;
> + struct virtio_crypto_buf y;
> +};
> +\end{lstlisting}
> +
> +EC key-generation operation request is defined as below:
> +\begin{lstlisting}
> +struct virtio_crypto_ec_keygen_req {
> + struct virtio_crypto_ec_keygen_para parameter;
> +
> + struct virtio_crypto_ec_keygen_input key;
> +};
> +\end{lstlisting}
> +
> +\devicenormative{\subparagraph}{EC Key Generation Operation}{Device
> Types / Crypto Device / Device Operation / Asymmetric Crypto Service
> Operation / EC Key Generation Operation}
> +\begin{itemize*}
> +\item The device SHOULD set the operation results in \field{idata} according
> to the general device requirments for asymmetric crypto service.
> +\end{itemize*}
> +
> +\drivernormative{\subparagraph}{EC Key Generation Operation}{Device
> Types / Crypto Device / Device Operation / Asymmetric Crypto Service
> Operation / EC Key Generation Operation}
> +\begin{itemize*}
> +\item The driver SHOULD set the \field{opcode} in
> \field{virtio_crypto_op_header} to VIRTIO_CRYPTO_ASYM_KEY_GEN,
> +set \field{algo} to VIRTIO_CRYPTO_ASYM_ECDH or
> VIRTIO_CRYPTO_ASYM_ECDSA.
> +\item The driver SHOULD set all fields in \field{parameter} except
> \field{reserved} field.
> +\item The driver MUST check the operation result \field{status} in
> \field{idata} before it operates other fields in \field{idata}.
> +Only if the operation is successful, the other fields in \field{idata} are
> operatable.
> +\end{itemize*}
> +
> +\paragraph{Key Exchange: Common Structure}\label{sec:Device Types /
> +Crypto Device / Device Operation / Crypto operation / Asymmetric Crypto
> Service Operation / Key Exchange: Common Structure}
> +
> +Key Exchange request has two kinds of operations in general, key
> generation and key computation.
> +For DH, it has additional operation: parameter generation operation.
> +
> +\paragraph{Key Exchange: DH Parameter Generation
> Operation}\label{sec:Device Types /
> +Crypto Device / Device Operation / Crypto operation / Asymmetric Crypto
> Service Operation / Key Exchange: DH Parameter Generation Operation}
> +
> +\begin{lstlisting}
> +struct virtio_crypto_dh_parameter {
> + le32 modules_len;
> + le32 reserved;
> +
> + /* random odd prime number */
> + struct virtio_crypto_buf p;
> + /* base (g) */
> + struct virtio_crypto_buf g;
> +};
> +
> +#define VIRTIO_CRYPTO_KEY_EXCHANGE_GEN_KEY 0
> +#define VIRTIO_CRYPTO_KEY_EXCHANGE_COMPUTE_KEY 1
> +/* It's only valid in case algorithm is DH */
> +#define VIRTIO_CRYPTO_KEY_EXCHANGE_GEN_DH_PARAM 2
> +
> +struct virtio_crypto_dh_keyexchg_para {
> + /*
> + * The sub-operation in key exchange,
> + * see VIRTIO_CRYPTO_KEY_EXCHANGE_ definition
> + */
> + le32 keyexchg_op;
> + le32 reserved;
> +
> + struct virtio_crypto_dh_parameter dh_param;
> +};
> +
> +struct virtio_crypto_dh_keyexchg_param_gen_input {
> + le32 status;
> + le32 reserved;
> +};
> +\end{lstlisting}
> +
> +DH Parameter Generation Operation in Key-Exchange is defined as below:
> +\begin{lstlisting}
> +struct virtio_crypto_dh_keyexchg_param_gen_req {
> + struct virtio_crypto_dh_keyexchg_para parameter;
> +
> + struct virtio_crypto_dh_keyexchg_param_gen_input idata;
> +};
> +\end{lstlisting}
> +
> +\devicenormative{\subparagraph}{Key Exchange: DH Parameter
> Generation Operation}{Device Types / Crypto Device / Device Operation /
> +Asymmetric Crypto Service Operation / Key Exchange: DH Parameter
> Generation Operation}
> +\begin{itemize*}
> +\item The device SHOULD set the operation result in \field{idata}, and set
> \field{p} and \field{g} in \field{dh_param}.
> +\end{itemize*}
> +
> +\drivernormative{\subparagraph}{Key Exchange: DH Parameter Generation
> Operation}{Device Types / Crypto Device / Device Operation /
> +Asymmetric Crypto Service Operation / Key Exchange: DH Parameter
> Generation Operation}
> +\begin{itemize*}
> +\item The driver SHOULD set the \field{opcode} in
> \field{virtio_crypto_op_header} to VIRTIO_CRYPTO_ASYM_KEY_EXCHG,
> +set \field{algo} to VIRTIO_CRYPTO_ASYM_DH.
> +\item The driver SHOULD set the \field{keyexchg_op} to
> VIRTIO_CRYPTO_KEY_EXCHANGE_GEN_DH_PARAM in \field{parameter}.
> +\item The driver SHOULD set \field{modules_len} in \field{dh_param}.
> +\item The driver MUST check the operation result \field{status} in
> \field{idata} firstly.
> +Only if the operation is successful, the other fields in \field{idata} are
> operatable.
> +\end{itemize*}
> +
> +\paragraph{Key Exchange: DH Key Generation Operation}\label{sec:Device
> Types /
> +Crypto Device / Device Operation / Crypto operation / Asymmetric Crypto
> Service Operation / Key Exchange: DH Key Generation Operation}
> +
> +\begin{lstlisting}
> +struct virtio_crypto_dh_keyexchg_keygen_input {
> + le32 status;
> + le32 reserved;
> +
> + /* private key */
> + struct virtio_crypto_buf x;
> + /* public key */
> + struct virtio_crypto_buf y;
> +};
> +\end{lstlisting}
> +
> +DH Key Generation Operation in Key-Exchange is defined as below:
> +\begin{lstlisting}
> +struct virtio_crypto_dh_keyexchg_key_gen_req {
> + struct virtio_crypto_dh_keyexchg_para parameter;
> +
> + struct virtio_crypto_dh_key_exchg_keygen_input idata;
> +};
> +\end{lstlisting}
> +
> +\devicenormative{\subparagraph}{Key Exchange: DH Key Generation
> Operation}{Device Types / Crypto Device / Device Operation /
> +Asymmetric Crypto Service Operation / Key Exchange: DH Key Generation
> Operation}
> +\begin{itemize*}
> +\item The device SHOULD set the operation results in \field{idata} according
> to the general device requirments for asymmetric crypto service.
> +\end{itemize*}
> +
> +\drivernormative{\subparagraph}{Key Exchange: DH Key Generation
> Operation}{Device Types / Crypto Device / Device Operation /
> +Asymmetric Crypto Service Operation / Key Exchange: DH Key Generation
> Operation}
> +\begin{itemize*}
> +\item The driver SHOULD set the \field{opcode} in
> \field{virtio_crypto_op_header} to VIRTIO_CRYPTO_ASYM_KEY_EXCHG,
> +set \field{algo} to VIRTIO_CRYPTO_ASYM_DH.
> +\item The driver SHOULD set the \field{keyexchg_op} to
> VIRTIO_CRYPTO_KEY_EXCHANGE_GEN_KEY in \field{parameter}.
> +\item The driver SHOULD set all other fields in \field{parameter} except
> field \field{reserved}.
> +\item The driver MUST check the operation result \field{status} in
> \field{idata} firstly.
> +Only if the operation is successful, the other fields in \field{idata} are
> operatable.
> +\end{itemize*}
> +
> +\paragraph{Key Exchange: DH Key Computation
> Operation}\label{sec:Device Types /
> +Crypto Device / Device Operation / Crypto operation / Asymmetric Crypto
> Service Operation / Key Exchange: DH Key Computation Operation}
> +
> +\begin{lstlisting}
> +struct virtio_crypto_dh_keyexchg_compute_key_output {
> + /* local private key */
> + struct virtio_crypto_buf x;
> + /* peer's public key */
> + struct virtio_crypto_buf y;
> +};
> +
> +struct virtio_crypto_dh_keyexchg_compute_key_input {
> + le32 status;
> + le32 reserved;
> +
> + struct virtio_crypto_buf shared_secret;
> +};
> +\end{lstlisting}
> +
> +DH Key Computation Operation in Key-Exchange is defined as below:
> +\begin{lstlisting}
> +struct virtio_crypto_dh_keyexchg_key_compute_req {
> + struct virtio_crypto_dh_keyexchg_para parameter;
> + struct virtio_crypto_dh_keyexchg_compute_key_output odata;
> +
> + struct virtio_crypto_dh_keyexchg_compute_key_input idata;
> +};
> +\end{lstlisting}
> +
> +\devicenormative{\subparagraph}{Key Exchange: DH Key Computation
> Operation}{Device Types / Crypto Device / Device Operation /
> +Asymmetric Crypto Service Operation / Key Exchange: DH Key Computation
> Operation}
> +\begin{itemize*}
> +\item The device SHOULD set the operation results in \field{idata} according
> to the general device requirments for asymmetric crypto service.
> +\end{itemize*}
> +
> +\drivernormative{\subparagraph}{Key Exchange: DH Key Computation
> Operation}{Device Types / Crypto Device / Device Operation /
> +Asymmetric Crypto Service Operation / Key Exchange: DH Key Computation
> Operation}
> +\begin{itemize*}
> +\item The driver SHOULD set the \field{opcode} in
> \field{virtio_crypto_op_header} to VIRTIO_CRYPTO_ASYM_KEY_EXCHG,
> +set \field{algo} to VIRTIO_CRYPTO_ASYM_DH.
> +\item The driver SHOULD set the \field{keyexchg_op} to
> VIRTIO_CRYPTO_KEY_EXCHANGE_COMPUTE_KEY in \field{parameter}.
> +\item The driver SHOULD set all other fields in \field{parameter} except
> field \field{reserved}.
> +\item The driver SHOULD set all fields in \field{odata} except field
> \field{reserved}.
> +\item The driver MUST check the operation result \field{status} in
> \field{idata} firstly.
> +Only if the operation is successful, the other fields in \field{idata} are
> operatable.
> +\end{itemize*}
> +
> +\paragraph{Key Exchange: ECDH Key Generation
> Operation}\label{sec:Device Types /
> +Crypto Device / Device Operation / Crypto operation / Asymmetric Crypto
> Service Operation / Key Exchange: ECDH Key Generation Operation}
> +
> +\begin{lstlisting}
> +struct virtio_crypto_ecdh_keyexchg_keygen_para {
> + /*
> + * The sub-operation in key exchange,
> + * see VIRTIO_CRYPTO_KEY_EXCHANGE_ definition
> + */
> + le32 keyexchg_op;
> + le32 reserved;
> +
> + struct virtio_crypto_ec_keygen_para parameter;
> +};
> +\end{lstlisting}
> +
> +ECDH Key Generation Operation in Key-Exchange is defined as below:
> +\begin{lstlisting}
> +struct virtio_crypto_ecdh_keyexchg_key_gen_req {
> + struct virtio_crypto_ecdh_keyexchg_keygen_para parameter;
> +
> + struct virtio_crypto_ec_keygen_input idata;
> +};
> +\end{lstlisting}
> +
> +\devicenormative{\subparagraph}{Key Exchange: ECDH Key Generation
> Operation}{Device Types / Crypto Device / Device Operation /
> +Asymmetric Crypto Service Operation / Key Exchange: ECDH Key
> Generation Operation}
> +\begin{itemize*}
> +\item The device SHOULD set the operation results in \field{idata} according
> to the general device requirments for asymmetric crypto service.
> +\end{itemize*}
> +
> +\drivernormative{\subparagraph}{Key Exchange: ECDH Key Generation
> Operation}{Device Types / Crypto Device / Device Operation /
> +Asymmetric Crypto Service Operation / Key Exchange: ECDH Key
> Generation Operation}
> +\begin{itemize*}
> +\item The driver SHOULD set the \field{opcode} in
> \field{virtio_crypto_op_header} to VIRTIO_CRYPTO_ASYM_KEY_EXCHG,
> +set \field{algo} to VIRTIO_CRYPTO_ASYM_ECDH.
> +\item The driver SHOULD set the \field{keyexchg_op} to
> VIRTIO_CRYPTO_KEY_EXCHANGE_GEN_KEY in \field{parameter}.
> +\item The driver SHOULD set all other fields in \field{parameter} except
> field \field{reserved}.
> +\item The driver MUST check the operation result \field{status} in
> \field{idata} firstly.
> +Only if the operation is successful, the other fields in \field{idata} are
> operatable.
> +\end{itemize*}
> +
> +\paragraph{Key Exchange: ECDH Key Computation
> Operation}\label{sec:Device Types /
> +Crypto Device / Device Operation / Crypto operation / Asymmetric Crypto
> Service Operation / Key Exchange: ECDH Key Computation Operation}
> +
> +\begin{lstlisting}
> +struct virtio_crypto_ecdh_keyexchg_compute_key_para {
> + /*
> + * The sub-operation in key exchange,
> + * see VIRTIO_CRYPTO_KEY_EXCHANGE_ definition
> + */
> + le32 keyexchg_op;
> + le32 reserved;
> +
> + struct virtio_crypto_ec_keygen_para parameter;
> +};
> +
> +struct virtio_crypto_ecdh_keyexchg_compute_key_output {
> + /* local private key */
> + struct virtio_crypto_buf d;
> +
> + /* peer's public key */
> + struct virtio_crypto_buf x;
> + struct virtio_crypto_buf y;
> +};
> +
> +struct virtio_crypto_ecdh_keyexchg_compute_key_input {
> + le32 status;
> + le32 reserved;
> +
> + struct virtio_crypto_buf shared_secret;
> +};
> +\end{lstlisting}
> +
> +ECDH Key Computation Operation in Key-Exchange is defined as below:
> +\begin{lstlisting}
> +struct virtio_crypto_ecdh_keyexchg_key_compute_req {
> + struct virtio_crypto_ecdh_keyexchg_compute_key_para parameter;
> + struct virtio_crypto_ecdh_keyexchg_compute_key_output odata;
> +
> + struct virtio_crypto_ecdh_keyexchg_compute_key_input idata;
> +};
> +\end{lstlisting}
> +
> +\devicenormative{\subparagraph}{Key Exchange: ECDH Key Computation
> Operation}{Device Types / Crypto Device / Device Operation /
> +Asymmetric Crypto Service Operation / Key Exchange: ECDH Key
> Computation Operation}
> +\begin{itemize*}
> +\item The device SHOULD set the operation results in \field{idata} according
> to the general device requirments for asymmetric crypto service.
> +\end{itemize*}
> +
> +\drivernormative{\subparagraph}{Key Exchange: ECDH Key Computation
> Operation}{Device Types / Crypto Device / Device Operation /
> +Asymmetric Crypto Service Operation / Key Exchange: ECDH Key
> Computation Operation}
> +\begin{itemize*}
> +\item The driver SHOULD set the \field{opcode} in
> \field{virtio_crypto_op_header} to VIRTIO_CRYPTO_ASYM_KEY_EXCHG,
> +set \field{algo} to VIRTIO_CRYPTO_ASYM_ECDH.
> +\item The driver SHOULD set the \field{keyexchg_op} to
> VIRTIO_CRYPTO_KEY_EXCHANGE_GEN_KEY in \field{parameter}.
> +\item The driver SHOULD set all other fields in \field{parameter} except
> field \field{reserved}.
> +\item The driver MUST check the operation result \field{status} in
> \field{idata} firstly.
> +Only if the operation is successful, the other fields in \field{idata} are
> operatable.
> +\end{itemize*}
> --
> 1.9.3
[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]