Commit | Line | Data |
---|---|---|
dbaf0624 G |
1 | #ifndef _VIRTIO_CRYPTO_H |
2 | #define _VIRTIO_CRYPTO_H | |
3 | /* This header is BSD licensed so anyone can use the definitions to implement | |
4 | * compatible drivers/servers. | |
5 | * | |
6 | * Redistribution and use in source and binary forms, with or without | |
7 | * modification, are permitted provided that the following conditions | |
8 | * are met: | |
9 | * 1. Redistributions of source code must retain the above copyright | |
10 | * notice, this list of conditions and the following disclaimer. | |
11 | * 2. Redistributions in binary form must reproduce the above copyright | |
12 | * notice, this list of conditions and the following disclaimer in the | |
13 | * documentation and/or other materials provided with the distribution. | |
14 | * 3. Neither the name of IBM nor the names of its contributors | |
15 | * may be used to endorse or promote products derived from this software | |
16 | * without specific prior written permission. | |
17 | * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS | |
18 | * ``AS IS'' AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT | |
19 | * LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS | |
20 | * FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL IBM OR | |
21 | * CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, | |
22 | * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT | |
23 | * LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF | |
24 | * USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND | |
25 | * ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, | |
26 | * OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT | |
27 | * OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF | |
28 | * SUCH DAMAGE. | |
29 | */ | |
30 | #include <linux/types.h> | |
31 | #include <linux/virtio_types.h> | |
32 | #include <linux/virtio_ids.h> | |
33 | #include <linux/virtio_config.h> | |
34 | ||
35 | ||
36 | #define VIRTIO_CRYPTO_SERVICE_CIPHER 0 | |
37 | #define VIRTIO_CRYPTO_SERVICE_HASH 1 | |
38 | #define VIRTIO_CRYPTO_SERVICE_MAC 2 | |
39 | #define VIRTIO_CRYPTO_SERVICE_AEAD 3 | |
40 | ||
41 | #define VIRTIO_CRYPTO_OPCODE(service, op) (((service) << 8) | (op)) | |
42 | ||
43 | struct virtio_crypto_ctrl_header { | |
44 | #define VIRTIO_CRYPTO_CIPHER_CREATE_SESSION \ | |
45 | VIRTIO_CRYPTO_OPCODE(VIRTIO_CRYPTO_SERVICE_CIPHER, 0x02) | |
46 | #define VIRTIO_CRYPTO_CIPHER_DESTROY_SESSION \ | |
47 | VIRTIO_CRYPTO_OPCODE(VIRTIO_CRYPTO_SERVICE_CIPHER, 0x03) | |
48 | #define VIRTIO_CRYPTO_HASH_CREATE_SESSION \ | |
49 | VIRTIO_CRYPTO_OPCODE(VIRTIO_CRYPTO_SERVICE_HASH, 0x02) | |
50 | #define VIRTIO_CRYPTO_HASH_DESTROY_SESSION \ | |
51 | VIRTIO_CRYPTO_OPCODE(VIRTIO_CRYPTO_SERVICE_HASH, 0x03) | |
52 | #define VIRTIO_CRYPTO_MAC_CREATE_SESSION \ | |
53 | VIRTIO_CRYPTO_OPCODE(VIRTIO_CRYPTO_SERVICE_MAC, 0x02) | |
54 | #define VIRTIO_CRYPTO_MAC_DESTROY_SESSION \ | |
55 | VIRTIO_CRYPTO_OPCODE(VIRTIO_CRYPTO_SERVICE_MAC, 0x03) | |
56 | #define VIRTIO_CRYPTO_AEAD_CREATE_SESSION \ | |
57 | VIRTIO_CRYPTO_OPCODE(VIRTIO_CRYPTO_SERVICE_AEAD, 0x02) | |
58 | #define VIRTIO_CRYPTO_AEAD_DESTROY_SESSION \ | |
59 | VIRTIO_CRYPTO_OPCODE(VIRTIO_CRYPTO_SERVICE_AEAD, 0x03) | |
60 | __le32 opcode; | |
61 | __le32 algo; | |
62 | __le32 flag; | |
63 | /* data virtqueue id */ | |
64 | __le32 queue_id; | |
65 | }; | |
66 | ||
67 | struct virtio_crypto_cipher_session_para { | |
68 | #define VIRTIO_CRYPTO_NO_CIPHER 0 | |
69 | #define VIRTIO_CRYPTO_CIPHER_ARC4 1 | |
70 | #define VIRTIO_CRYPTO_CIPHER_AES_ECB 2 | |
71 | #define VIRTIO_CRYPTO_CIPHER_AES_CBC 3 | |
72 | #define VIRTIO_CRYPTO_CIPHER_AES_CTR 4 | |
73 | #define VIRTIO_CRYPTO_CIPHER_DES_ECB 5 | |
74 | #define VIRTIO_CRYPTO_CIPHER_DES_CBC 6 | |
75 | #define VIRTIO_CRYPTO_CIPHER_3DES_ECB 7 | |
76 | #define VIRTIO_CRYPTO_CIPHER_3DES_CBC 8 | |
77 | #define VIRTIO_CRYPTO_CIPHER_3DES_CTR 9 | |
78 | #define VIRTIO_CRYPTO_CIPHER_KASUMI_F8 10 | |
79 | #define VIRTIO_CRYPTO_CIPHER_SNOW3G_UEA2 11 | |
80 | #define VIRTIO_CRYPTO_CIPHER_AES_F8 12 | |
81 | #define VIRTIO_CRYPTO_CIPHER_AES_XTS 13 | |
82 | #define VIRTIO_CRYPTO_CIPHER_ZUC_EEA3 14 | |
83 | __le32 algo; | |
84 | /* length of key */ | |
85 | __le32 keylen; | |
86 | ||
87 | #define VIRTIO_CRYPTO_OP_ENCRYPT 1 | |
88 | #define VIRTIO_CRYPTO_OP_DECRYPT 2 | |
89 | /* encrypt or decrypt */ | |
90 | __le32 op; | |
91 | __le32 padding; | |
92 | }; | |
93 | ||
94 | struct virtio_crypto_session_input { | |
95 | /* Device-writable part */ | |
96 | __le64 session_id; | |
97 | __le32 status; | |
98 | __le32 padding; | |
99 | }; | |
100 | ||
101 | struct virtio_crypto_cipher_session_req { | |
102 | struct virtio_crypto_cipher_session_para para; | |
103 | __u8 padding[32]; | |
104 | }; | |
105 | ||
106 | struct virtio_crypto_hash_session_para { | |
107 | #define VIRTIO_CRYPTO_NO_HASH 0 | |
108 | #define VIRTIO_CRYPTO_HASH_MD5 1 | |
109 | #define VIRTIO_CRYPTO_HASH_SHA1 2 | |
110 | #define VIRTIO_CRYPTO_HASH_SHA_224 3 | |
111 | #define VIRTIO_CRYPTO_HASH_SHA_256 4 | |
112 | #define VIRTIO_CRYPTO_HASH_SHA_384 5 | |
113 | #define VIRTIO_CRYPTO_HASH_SHA_512 6 | |
114 | #define VIRTIO_CRYPTO_HASH_SHA3_224 7 | |
115 | #define VIRTIO_CRYPTO_HASH_SHA3_256 8 | |
116 | #define VIRTIO_CRYPTO_HASH_SHA3_384 9 | |
117 | #define VIRTIO_CRYPTO_HASH_SHA3_512 10 | |
118 | #define VIRTIO_CRYPTO_HASH_SHA3_SHAKE128 11 | |
119 | #define VIRTIO_CRYPTO_HASH_SHA3_SHAKE256 12 | |
120 | __le32 algo; | |
121 | /* hash result length */ | |
122 | __le32 hash_result_len; | |
123 | __u8 padding[8]; | |
124 | }; | |
125 | ||
126 | struct virtio_crypto_hash_create_session_req { | |
127 | struct virtio_crypto_hash_session_para para; | |
128 | __u8 padding[40]; | |
129 | }; | |
130 | ||
131 | struct virtio_crypto_mac_session_para { | |
132 | #define VIRTIO_CRYPTO_NO_MAC 0 | |
133 | #define VIRTIO_CRYPTO_MAC_HMAC_MD5 1 | |
134 | #define VIRTIO_CRYPTO_MAC_HMAC_SHA1 2 | |
135 | #define VIRTIO_CRYPTO_MAC_HMAC_SHA_224 3 | |
136 | #define VIRTIO_CRYPTO_MAC_HMAC_SHA_256 4 | |
137 | #define VIRTIO_CRYPTO_MAC_HMAC_SHA_384 5 | |
138 | #define VIRTIO_CRYPTO_MAC_HMAC_SHA_512 6 | |
139 | #define VIRTIO_CRYPTO_MAC_CMAC_3DES 25 | |
140 | #define VIRTIO_CRYPTO_MAC_CMAC_AES 26 | |
141 | #define VIRTIO_CRYPTO_MAC_KASUMI_F9 27 | |
142 | #define VIRTIO_CRYPTO_MAC_SNOW3G_UIA2 28 | |
143 | #define VIRTIO_CRYPTO_MAC_GMAC_AES 41 | |
144 | #define VIRTIO_CRYPTO_MAC_GMAC_TWOFISH 42 | |
145 | #define VIRTIO_CRYPTO_MAC_CBCMAC_AES 49 | |
146 | #define VIRTIO_CRYPTO_MAC_CBCMAC_KASUMI_F9 50 | |
147 | #define VIRTIO_CRYPTO_MAC_XCBC_AES 53 | |
148 | __le32 algo; | |
149 | /* hash result length */ | |
150 | __le32 hash_result_len; | |
151 | /* length of authenticated key */ | |
152 | __le32 auth_key_len; | |
153 | __le32 padding; | |
154 | }; | |
155 | ||
156 | struct virtio_crypto_mac_create_session_req { | |
157 | struct virtio_crypto_mac_session_para para; | |
158 | __u8 padding[40]; | |
159 | }; | |
160 | ||
161 | struct virtio_crypto_aead_session_para { | |
162 | #define VIRTIO_CRYPTO_NO_AEAD 0 | |
163 | #define VIRTIO_CRYPTO_AEAD_GCM 1 | |
164 | #define VIRTIO_CRYPTO_AEAD_CCM 2 | |
165 | #define VIRTIO_CRYPTO_AEAD_CHACHA20_POLY1305 3 | |
166 | __le32 algo; | |
167 | /* length of key */ | |
168 | __le32 key_len; | |
169 | /* hash result length */ | |
170 | __le32 hash_result_len; | |
171 | /* length of the additional authenticated data (AAD) in bytes */ | |
172 | __le32 aad_len; | |
173 | /* encrypt or decrypt, See above VIRTIO_CRYPTO_OP_* */ | |
174 | __le32 op; | |
175 | __le32 padding; | |
176 | }; | |
177 | ||
178 | struct virtio_crypto_aead_create_session_req { | |
179 | struct virtio_crypto_aead_session_para para; | |
180 | __u8 padding[32]; | |
181 | }; | |
182 | ||
183 | struct virtio_crypto_alg_chain_session_para { | |
184 | #define VIRTIO_CRYPTO_SYM_ALG_CHAIN_ORDER_HASH_THEN_CIPHER 1 | |
185 | #define VIRTIO_CRYPTO_SYM_ALG_CHAIN_ORDER_CIPHER_THEN_HASH 2 | |
186 | __le32 alg_chain_order; | |
187 | /* Plain hash */ | |
188 | #define VIRTIO_CRYPTO_SYM_HASH_MODE_PLAIN 1 | |
189 | /* Authenticated hash (mac) */ | |
190 | #define VIRTIO_CRYPTO_SYM_HASH_MODE_AUTH 2 | |
191 | /* Nested hash */ | |
192 | #define VIRTIO_CRYPTO_SYM_HASH_MODE_NESTED 3 | |
193 | __le32 hash_mode; | |
194 | struct virtio_crypto_cipher_session_para cipher_param; | |
195 | union { | |
196 | struct virtio_crypto_hash_session_para hash_param; | |
197 | struct virtio_crypto_mac_session_para mac_param; | |
198 | __u8 padding[16]; | |
199 | } u; | |
200 | /* length of the additional authenticated data (AAD) in bytes */ | |
201 | __le32 aad_len; | |
202 | __le32 padding; | |
203 | }; | |
204 | ||
205 | struct virtio_crypto_alg_chain_session_req { | |
206 | struct virtio_crypto_alg_chain_session_para para; | |
207 | }; | |
208 | ||
209 | struct virtio_crypto_sym_create_session_req { | |
210 | union { | |
211 | struct virtio_crypto_cipher_session_req cipher; | |
212 | struct virtio_crypto_alg_chain_session_req chain; | |
213 | __u8 padding[48]; | |
214 | } u; | |
215 | ||
216 | /* Device-readable part */ | |
217 | ||
218 | /* No operation */ | |
219 | #define VIRTIO_CRYPTO_SYM_OP_NONE 0 | |
220 | /* Cipher only operation on the data */ | |
221 | #define VIRTIO_CRYPTO_SYM_OP_CIPHER 1 | |
222 | /* | |
223 | * Chain any cipher with any hash or mac operation. The order | |
224 | * depends on the value of alg_chain_order param | |
225 | */ | |
226 | #define VIRTIO_CRYPTO_SYM_OP_ALGORITHM_CHAINING 2 | |
227 | __le32 op_type; | |
228 | __le32 padding; | |
229 | }; | |
230 | ||
231 | struct virtio_crypto_destroy_session_req { | |
232 | /* Device-readable part */ | |
233 | __le64 session_id; | |
234 | __u8 padding[48]; | |
235 | }; | |
236 | ||
237 | /* The request of the control virtqueue's packet */ | |
238 | struct virtio_crypto_op_ctrl_req { | |
239 | struct virtio_crypto_ctrl_header header; | |
240 | ||
241 | union { | |
242 | struct virtio_crypto_sym_create_session_req | |
243 | sym_create_session; | |
244 | struct virtio_crypto_hash_create_session_req | |
245 | hash_create_session; | |
246 | struct virtio_crypto_mac_create_session_req | |
247 | mac_create_session; | |
248 | struct virtio_crypto_aead_create_session_req | |
249 | aead_create_session; | |
250 | struct virtio_crypto_destroy_session_req | |
251 | destroy_session; | |
252 | __u8 padding[56]; | |
253 | } u; | |
254 | }; | |
255 | ||
256 | struct virtio_crypto_op_header { | |
257 | #define VIRTIO_CRYPTO_CIPHER_ENCRYPT \ | |
258 | VIRTIO_CRYPTO_OPCODE(VIRTIO_CRYPTO_SERVICE_CIPHER, 0x00) | |
259 | #define VIRTIO_CRYPTO_CIPHER_DECRYPT \ | |
260 | VIRTIO_CRYPTO_OPCODE(VIRTIO_CRYPTO_SERVICE_CIPHER, 0x01) | |
261 | #define VIRTIO_CRYPTO_HASH \ | |
262 | VIRTIO_CRYPTO_OPCODE(VIRTIO_CRYPTO_SERVICE_HASH, 0x00) | |
263 | #define VIRTIO_CRYPTO_MAC \ | |
264 | VIRTIO_CRYPTO_OPCODE(VIRTIO_CRYPTO_SERVICE_MAC, 0x00) | |
265 | #define VIRTIO_CRYPTO_AEAD_ENCRYPT \ | |
266 | VIRTIO_CRYPTO_OPCODE(VIRTIO_CRYPTO_SERVICE_AEAD, 0x00) | |
267 | #define VIRTIO_CRYPTO_AEAD_DECRYPT \ | |
268 | VIRTIO_CRYPTO_OPCODE(VIRTIO_CRYPTO_SERVICE_AEAD, 0x01) | |
269 | __le32 opcode; | |
270 | /* algo should be service-specific algorithms */ | |
271 | __le32 algo; | |
272 | /* session_id should be service-specific algorithms */ | |
273 | __le64 session_id; | |
274 | /* control flag to control the request */ | |
275 | __le32 flag; | |
276 | __le32 padding; | |
277 | }; | |
278 | ||
279 | struct virtio_crypto_cipher_para { | |
280 | /* | |
281 | * Byte Length of valid IV/Counter | |
282 | * | |
283 | * For block ciphers in CBC or F8 mode, or for Kasumi in F8 mode, or for | |
284 | * SNOW3G in UEA2 mode, this is the length of the IV (which | |
285 | * must be the same as the block length of the cipher). | |
286 | * For block ciphers in CTR mode, this is the length of the counter | |
287 | * (which must be the same as the block length of the cipher). | |
288 | * For AES-XTS, this is the 128bit tweak, i, from IEEE Std 1619-2007. | |
289 | * | |
290 | * The IV/Counter will be updated after every partial cryptographic | |
291 | * operation. | |
292 | */ | |
293 | __le32 iv_len; | |
294 | /* length of source data */ | |
295 | __le32 src_data_len; | |
296 | /* length of dst data */ | |
297 | __le32 dst_data_len; | |
298 | __le32 padding; | |
299 | }; | |
300 | ||
301 | struct virtio_crypto_hash_para { | |
302 | /* length of source data */ | |
303 | __le32 src_data_len; | |
304 | /* hash result length */ | |
305 | __le32 hash_result_len; | |
306 | }; | |
307 | ||
308 | struct virtio_crypto_mac_para { | |
309 | struct virtio_crypto_hash_para hash; | |
310 | }; | |
311 | ||
312 | struct virtio_crypto_aead_para { | |
313 | /* | |
314 | * Byte Length of valid IV data pointed to by the below iv_addr | |
315 | * parameter. | |
316 | * | |
317 | * For GCM mode, this is either 12 (for 96-bit IVs) or 16, in which | |
318 | * case iv_addr points to J0. | |
319 | * For CCM mode, this is the length of the nonce, which can be in the | |
320 | * range 7 to 13 inclusive. | |
321 | */ | |
322 | __le32 iv_len; | |
323 | /* length of additional auth data */ | |
324 | __le32 aad_len; | |
325 | /* length of source data */ | |
326 | __le32 src_data_len; | |
327 | /* length of dst data */ | |
328 | __le32 dst_data_len; | |
329 | }; | |
330 | ||
331 | struct virtio_crypto_cipher_data_req { | |
332 | /* Device-readable part */ | |
333 | struct virtio_crypto_cipher_para para; | |
334 | __u8 padding[24]; | |
335 | }; | |
336 | ||
337 | struct virtio_crypto_hash_data_req { | |
338 | /* Device-readable part */ | |
339 | struct virtio_crypto_hash_para para; | |
340 | __u8 padding[40]; | |
341 | }; | |
342 | ||
343 | struct virtio_crypto_mac_data_req { | |
344 | /* Device-readable part */ | |
345 | struct virtio_crypto_mac_para para; | |
346 | __u8 padding[40]; | |
347 | }; | |
348 | ||
349 | struct virtio_crypto_alg_chain_data_para { | |
350 | __le32 iv_len; | |
351 | /* Length of source data */ | |
352 | __le32 src_data_len; | |
353 | /* Length of destination data */ | |
354 | __le32 dst_data_len; | |
355 | /* Starting point for cipher processing in source data */ | |
356 | __le32 cipher_start_src_offset; | |
357 | /* Length of the source data that the cipher will be computed on */ | |
358 | __le32 len_to_cipher; | |
359 | /* Starting point for hash processing in source data */ | |
360 | __le32 hash_start_src_offset; | |
361 | /* Length of the source data that the hash will be computed on */ | |
362 | __le32 len_to_hash; | |
363 | /* Length of the additional auth data */ | |
364 | __le32 aad_len; | |
365 | /* Length of the hash result */ | |
366 | __le32 hash_result_len; | |
367 | __le32 reserved; | |
368 | }; | |
369 | ||
370 | struct virtio_crypto_alg_chain_data_req { | |
371 | /* Device-readable part */ | |
372 | struct virtio_crypto_alg_chain_data_para para; | |
373 | }; | |
374 | ||
375 | struct virtio_crypto_sym_data_req { | |
376 | union { | |
377 | struct virtio_crypto_cipher_data_req cipher; | |
378 | struct virtio_crypto_alg_chain_data_req chain; | |
379 | __u8 padding[40]; | |
380 | } u; | |
381 | ||
382 | /* See above VIRTIO_CRYPTO_SYM_OP_* */ | |
383 | __le32 op_type; | |
384 | __le32 padding; | |
385 | }; | |
386 | ||
387 | struct virtio_crypto_aead_data_req { | |
388 | /* Device-readable part */ | |
389 | struct virtio_crypto_aead_para para; | |
390 | __u8 padding[32]; | |
391 | }; | |
392 | ||
393 | /* The request of the data virtqueue's packet */ | |
394 | struct virtio_crypto_op_data_req { | |
395 | struct virtio_crypto_op_header header; | |
396 | ||
397 | union { | |
398 | struct virtio_crypto_sym_data_req sym_req; | |
399 | struct virtio_crypto_hash_data_req hash_req; | |
400 | struct virtio_crypto_mac_data_req mac_req; | |
401 | struct virtio_crypto_aead_data_req aead_req; | |
402 | __u8 padding[48]; | |
403 | } u; | |
404 | }; | |
405 | ||
406 | #define VIRTIO_CRYPTO_OK 0 | |
407 | #define VIRTIO_CRYPTO_ERR 1 | |
408 | #define VIRTIO_CRYPTO_BADMSG 2 | |
409 | #define VIRTIO_CRYPTO_NOTSUPP 3 | |
410 | #define VIRTIO_CRYPTO_INVSESS 4 /* Invalid session id */ | |
411 | ||
412 | /* The accelerator hardware is ready */ | |
413 | #define VIRTIO_CRYPTO_S_HW_READY (1 << 0) | |
414 | ||
415 | struct virtio_crypto_config { | |
416 | /* See VIRTIO_CRYPTO_OP_* above */ | |
417 | __u32 status; | |
418 | ||
419 | /* | |
420 | * Maximum number of data queue | |
421 | */ | |
422 | __u32 max_dataqueues; | |
423 | ||
424 | /* | |
425 | * Specifies the services mask which the device support, | |
426 | * see VIRTIO_CRYPTO_SERVICE_* above | |
427 | */ | |
428 | __u32 crypto_services; | |
429 | ||
430 | /* Detailed algorithms mask */ | |
431 | __u32 cipher_algo_l; | |
432 | __u32 cipher_algo_h; | |
433 | __u32 hash_algo; | |
434 | __u32 mac_algo_l; | |
435 | __u32 mac_algo_h; | |
436 | __u32 aead_algo; | |
437 | /* Maximum length of cipher key */ | |
438 | __u32 max_cipher_key_len; | |
439 | /* Maximum length of authenticated key */ | |
440 | __u32 max_auth_key_len; | |
441 | __u32 reserve; | |
442 | /* Maximum size of each crypto request's content */ | |
443 | __u64 max_size; | |
444 | }; | |
445 | ||
446 | struct virtio_crypto_inhdr { | |
447 | /* See VIRTIO_CRYPTO_* above */ | |
448 | __u8 status; | |
449 | }; | |
450 | #endif |