1 #ifndef _LINUX_VIRTIO_CRYPTO_H
2 #define _LINUX_VIRTIO_CRYPTO_H
3 /* This header is BSD licensed so anyone can use the definitions to implement
4  * compatible drivers/servers.
5  *
6  * Redistribution and use in source and binary forms, with or without
7  * modification, are permitted provided that the following conditions
8  * are met:
9  * 1. Redistributions of source code must retain the above copyright
10  *    notice, this list of conditions and the following disclaimer.
11  * 2. Redistributions in binary form must reproduce the above copyright
12  *    notice, this list of conditions and the following disclaimer in the
13  *    documentation and/or other materials provided with the distribution.
14  * 3. Neither the name of IBM nor the names of its contributors
15  *    may be used to endorse or promote products derived from this software
16  *    without specific prior written permission.
17  * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS ``AS IS''
18  * AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
19  * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
20  * ARE DISCLAIMED.  IN NO EVENT SHALL IBM OR CONTRIBUTORS BE LIABLE
21  * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
22  * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
23  * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
24  * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
25  * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
26  * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
27  * SUCH DAMAGE. */
28 
29 #include "standard-headers/linux/types.h"
30 #include "standard-headers/linux/virtio_config.h"
31 #include "standard-headers/linux/virtio_types.h"
32 
33 
34 #define VIRTIO_CRYPTO_SERVICE_CIPHER 0
35 #define VIRTIO_CRYPTO_SERVICE_HASH 1
36 #define VIRTIO_CRYPTO_SERVICE_MAC  2
37 #define VIRTIO_CRYPTO_SERVICE_AEAD 3
38 
39 #define VIRTIO_CRYPTO_OPCODE(service, op)   (((service) << 8) | (op))
40 
41 struct virtio_crypto_ctrl_header {
42 #define VIRTIO_CRYPTO_CIPHER_CREATE_SESSION \
43        VIRTIO_CRYPTO_OPCODE(VIRTIO_CRYPTO_SERVICE_CIPHER, 0x02)
44 #define VIRTIO_CRYPTO_CIPHER_DESTROY_SESSION \
45        VIRTIO_CRYPTO_OPCODE(VIRTIO_CRYPTO_SERVICE_CIPHER, 0x03)
46 #define VIRTIO_CRYPTO_HASH_CREATE_SESSION \
47        VIRTIO_CRYPTO_OPCODE(VIRTIO_CRYPTO_SERVICE_HASH, 0x02)
48 #define VIRTIO_CRYPTO_HASH_DESTROY_SESSION \
49        VIRTIO_CRYPTO_OPCODE(VIRTIO_CRYPTO_SERVICE_HASH, 0x03)
50 #define VIRTIO_CRYPTO_MAC_CREATE_SESSION \
51        VIRTIO_CRYPTO_OPCODE(VIRTIO_CRYPTO_SERVICE_MAC, 0x02)
52 #define VIRTIO_CRYPTO_MAC_DESTROY_SESSION \
53        VIRTIO_CRYPTO_OPCODE(VIRTIO_CRYPTO_SERVICE_MAC, 0x03)
54 #define VIRTIO_CRYPTO_AEAD_CREATE_SESSION \
55        VIRTIO_CRYPTO_OPCODE(VIRTIO_CRYPTO_SERVICE_AEAD, 0x02)
56 #define VIRTIO_CRYPTO_AEAD_DESTROY_SESSION \
57        VIRTIO_CRYPTO_OPCODE(VIRTIO_CRYPTO_SERVICE_AEAD, 0x03)
58     __virtio32 opcode;
59     __virtio32 algo;
60     __virtio32 flag;
61     /* data virtqueue id */
62     __virtio32 queue_id;
63 };
64 
65 struct virtio_crypto_cipher_session_para {
66 #define VIRTIO_CRYPTO_NO_CIPHER                 0
67 #define VIRTIO_CRYPTO_CIPHER_ARC4               1
68 #define VIRTIO_CRYPTO_CIPHER_AES_ECB            2
69 #define VIRTIO_CRYPTO_CIPHER_AES_CBC            3
70 #define VIRTIO_CRYPTO_CIPHER_AES_CTR            4
71 #define VIRTIO_CRYPTO_CIPHER_DES_ECB            5
72 #define VIRTIO_CRYPTO_CIPHER_DES_CBC            6
73 #define VIRTIO_CRYPTO_CIPHER_3DES_ECB           7
74 #define VIRTIO_CRYPTO_CIPHER_3DES_CBC           8
75 #define VIRTIO_CRYPTO_CIPHER_3DES_CTR           9
76 #define VIRTIO_CRYPTO_CIPHER_KASUMI_F8          10
77 #define VIRTIO_CRYPTO_CIPHER_SNOW3G_UEA2        11
78 #define VIRTIO_CRYPTO_CIPHER_AES_F8             12
79 #define VIRTIO_CRYPTO_CIPHER_AES_XTS            13
80 #define VIRTIO_CRYPTO_CIPHER_ZUC_EEA3           14
81     __virtio32 algo;
82     /* length of key */
83     __virtio32 keylen;
84 
85 #define VIRTIO_CRYPTO_OP_ENCRYPT  1
86 #define VIRTIO_CRYPTO_OP_DECRYPT  2
87     /* encrypt or decrypt */
88     __virtio32 op;
89     __virtio32 padding;
90 };
91 
92 struct virtio_crypto_session_input {
93     /* Device-writable part */
94     __virtio64 session_id;
95     __virtio32 status;
96     __virtio32 padding;
97 };
98 
99 struct virtio_crypto_cipher_session_req {
100     struct virtio_crypto_cipher_session_para para;
101 };
102 
103 struct virtio_crypto_hash_session_para {
104 #define VIRTIO_CRYPTO_NO_HASH            0
105 #define VIRTIO_CRYPTO_HASH_MD5           1
106 #define VIRTIO_CRYPTO_HASH_SHA1          2
107 #define VIRTIO_CRYPTO_HASH_SHA_224       3
108 #define VIRTIO_CRYPTO_HASH_SHA_256       4
109 #define VIRTIO_CRYPTO_HASH_SHA_384       5
110 #define VIRTIO_CRYPTO_HASH_SHA_512       6
111 #define VIRTIO_CRYPTO_HASH_SHA3_224      7
112 #define VIRTIO_CRYPTO_HASH_SHA3_256      8
113 #define VIRTIO_CRYPTO_HASH_SHA3_384      9
114 #define VIRTIO_CRYPTO_HASH_SHA3_512      10
115 #define VIRTIO_CRYPTO_HASH_SHA3_SHAKE128      11
116 #define VIRTIO_CRYPTO_HASH_SHA3_SHAKE256      12
117     __virtio32 algo;
118     /* hash result length */
119     __virtio32 hash_result_len;
120 };
121 
122 struct virtio_crypto_hash_create_session_req {
123     struct virtio_crypto_hash_session_para para;
124 };
125 
126 struct virtio_crypto_mac_session_para {
127 #define VIRTIO_CRYPTO_NO_MAC                       0
128 #define VIRTIO_CRYPTO_MAC_HMAC_MD5                 1
129 #define VIRTIO_CRYPTO_MAC_HMAC_SHA1                2
130 #define VIRTIO_CRYPTO_MAC_HMAC_SHA_224             3
131 #define VIRTIO_CRYPTO_MAC_HMAC_SHA_256             4
132 #define VIRTIO_CRYPTO_MAC_HMAC_SHA_384             5
133 #define VIRTIO_CRYPTO_MAC_HMAC_SHA_512             6
134 #define VIRTIO_CRYPTO_MAC_CMAC_3DES                25
135 #define VIRTIO_CRYPTO_MAC_CMAC_AES                 26
136 #define VIRTIO_CRYPTO_MAC_KASUMI_F9                27
137 #define VIRTIO_CRYPTO_MAC_SNOW3G_UIA2              28
138 #define VIRTIO_CRYPTO_MAC_GMAC_AES                 41
139 #define VIRTIO_CRYPTO_MAC_GMAC_TWOFISH             42
140 #define VIRTIO_CRYPTO_MAC_CBCMAC_AES               49
141 #define VIRTIO_CRYPTO_MAC_CBCMAC_KASUMI_F9         50
142 #define VIRTIO_CRYPTO_MAC_XCBC_AES                 53
143     __virtio32 algo;
144     /* hash result length */
145     __virtio32 hash_result_len;
146     /* length of authenticated key */
147     __virtio32 auth_key_len;
148     __virtio32 padding;
149 };
150 
151 struct virtio_crypto_mac_create_session_req {
152     struct virtio_crypto_mac_session_para para;
153 };
154 
155 struct virtio_crypto_aead_session_para {
156 #define VIRTIO_CRYPTO_NO_AEAD     0
157 #define VIRTIO_CRYPTO_AEAD_GCM    1
158 #define VIRTIO_CRYPTO_AEAD_CCM    2
159 #define VIRTIO_CRYPTO_AEAD_CHACHA20_POLY1305  3
160     __virtio32 algo;
161     /* length of key */
162     __virtio32 key_len;
163     /* digest result length */
164     __virtio32 digest_result_len;
165     /* length of the additional authenticated data (AAD) in bytes */
166     __virtio32 aad_len;
167     /* encrypt or decrypt, See above VIRTIO_CRYPTO_OP_* */
168     __virtio32 op;
169     __virtio32 padding;
170 };
171 
172 struct virtio_crypto_aead_create_session_req {
173     struct virtio_crypto_aead_session_para para;
174 };
175 
176 struct virtio_crypto_alg_chain_session_para {
177 #define VIRTIO_CRYPTO_SYM_ALG_CHAIN_ORDER_HASH_THEN_CIPHER  1
178 #define VIRTIO_CRYPTO_SYM_ALG_CHAIN_ORDER_CIPHER_THEN_HASH  2
179     __virtio32 alg_chain_order;
180 /* Plain hash */
181 #define VIRTIO_CRYPTO_SYM_HASH_MODE_PLAIN    1
182 /* Authenticated hash (mac) */
183 #define VIRTIO_CRYPTO_SYM_HASH_MODE_AUTH     2
184 /* Nested hash */
185 #define VIRTIO_CRYPTO_SYM_HASH_MODE_NESTED   3
186     __virtio32 hash_mode;
187     struct virtio_crypto_cipher_session_para cipher_param;
188     union {
189         struct virtio_crypto_hash_session_para hash_param;
190         struct virtio_crypto_mac_session_para mac_param;
191     } u;
192     /* length of the additional authenticated data (AAD) in bytes */
193     __virtio32 aad_len;
194     __virtio32 padding;
195 };
196 
197 struct virtio_crypto_alg_chain_session_req {
198     struct virtio_crypto_alg_chain_session_para para;
199 };
200 
201 struct virtio_crypto_sym_create_session_req {
202     union {
203         struct virtio_crypto_cipher_session_req cipher;
204         struct virtio_crypto_alg_chain_session_req chain;
205     } u;
206 
207     /* Device-readable part */
208 
209 /* No operation */
210 #define VIRTIO_CRYPTO_SYM_OP_NONE  0
211 /* Cipher only operation on the data */
212 #define VIRTIO_CRYPTO_SYM_OP_CIPHER  1
213 /* Chain any cipher with any hash or mac operation. The order
214    depends on the value of alg_chain_order param */
215 #define VIRTIO_CRYPTO_SYM_OP_ALGORITHM_CHAINING  2
216     __virtio32 op_type;
217     __virtio32 padding;
218 };
219 
220 struct virtio_crypto_destroy_session_req {
221     /* Device-readable part */
222     __virtio64  session_id;
223 };
224 
225 /* The request of the control viritqueue's packet */
226 struct virtio_crypto_op_ctrl_req {
227     struct virtio_crypto_ctrl_header header;
228 
229     union {
230         struct virtio_crypto_sym_create_session_req   sym_create_session;
231         struct virtio_crypto_hash_create_session_req  hash_create_session;
232         struct virtio_crypto_mac_create_session_req   mac_create_session;
233         struct virtio_crypto_aead_create_session_req  aead_create_session;
234         struct virtio_crypto_destroy_session_req      destroy_session;
235     } u;
236 };
237 
238 struct virtio_crypto_op_header {
239 #define VIRTIO_CRYPTO_CIPHER_ENCRYPT \
240     VIRTIO_CRYPTO_OPCODE(VIRTIO_CRYPTO_SERVICE_CIPHER, 0x00)
241 #define VIRTIO_CRYPTO_CIPHER_DECRYPT \
242     VIRTIO_CRYPTO_OPCODE(VIRTIO_CRYPTO_SERVICE_CIPHER, 0x01)
243 #define VIRTIO_CRYPTO_HASH \
244     VIRTIO_CRYPTO_OPCODE(VIRTIO_CRYPTO_SERVICE_HASH, 0x00)
245 #define VIRTIO_CRYPTO_MAC \
246     VIRTIO_CRYPTO_OPCODE(VIRTIO_CRYPTO_SERVICE_MAC, 0x00)
247 #define VIRTIO_CRYPTO_AEAD_ENCRYPT \
248     VIRTIO_CRYPTO_OPCODE(VIRTIO_CRYPTO_SERVICE_AEAD, 0x00)
249 #define VIRTIO_CRYPTO_AEAD_DECRYPT \
250     VIRTIO_CRYPTO_OPCODE(VIRTIO_CRYPTO_SERVICE_AEAD, 0x01)
251     __virtio32 opcode;
252     /* algo should be service-specific algorithms */
253     __virtio32 algo;
254     /* session_id should be service-specific algorithms */
255     __virtio64 session_id;
256     /* control flag to control the request */
257     __virtio32 flag;
258     __virtio32 padding;
259 };
260 
261 struct virtio_crypto_cipher_para {
262     /*
263      * Byte Length of valid IV/Counter
264      *
265      * - For block ciphers in CBC or F8 mode, or for Kasumi in F8 mode, or for
266      *   SNOW3G in UEA2 mode, this is the length of the IV (which
267      *   must be the same as the block length of the cipher).
268      * - For block ciphers in CTR mode, this is the length of the counter
269      *   (which must be the same as the block length of the cipher).
270      * - For AES-XTS, this is the 128bit tweak, i, from IEEE Std 1619-2007.
271      *
272      * The IV/Counter will be updated after every partial cryptographic
273      * operation.
274      */
275     __virtio32 iv_len;
276     /* length of source data */
277     __virtio32 src_data_len;
278     /* length of dst data */
279     __virtio32 dst_data_len;
280     __virtio32 padding;
281 };
282 
283 struct virtio_crypto_hash_para {
284     /* length of source data */
285     __virtio32 src_data_len;
286     /* hash result length */
287     __virtio32 hash_result_len;
288 };
289 
290 struct virtio_crypto_mac_para {
291     struct virtio_crypto_hash_para hash;
292 };
293 
294 struct virtio_crypto_aead_para {
295     /*
296      * Byte Length of valid IV data pointed to by the below iv_addr
297      * parameter.
298      *
299      * - For GCM mode, this is either 12 (for 96-bit IVs) or 16, in which
300      *   case iv_addr points to J0.
301      * - For CCM mode, this is the length of the nonce, which can be in the
302      *   range 7 to 13 inclusive.
303      */
304     __virtio32 iv_len;
305     /* length of additional auth data */
306     __virtio32 aad_len;
307     /* length of source data */
308     __virtio32 src_data_len;
309     /* length of dst data */
310     __virtio32 dst_data_len;
311 };
312 
313 struct virtio_crypto_cipher_data_req {
314     /* Device-readable part */
315     struct virtio_crypto_cipher_para para;
316 };
317 
318 struct virtio_crypto_hash_data_req {
319     /* Device-readable part */
320     struct virtio_crypto_hash_para para;
321 };
322 
323 struct virtio_crypto_mac_data_req {
324     /* Device-readable part */
325     struct virtio_crypto_mac_para para;
326 };
327 
328 struct virtio_crypto_alg_chain_data_para {
329     __virtio32 iv_len;
330     /* Length of source data */
331     __virtio32 src_data_len;
332     /* Length of destination data */
333     __virtio32 dst_data_len;
334     /* Starting point for cipher processing in source data */
335     __virtio32 cipher_start_src_offset;
336     /* Length of the source data that the cipher will be computed on */
337     __virtio32 len_to_cipher;
338     /* Starting point for hash processing in source data */
339     __virtio32 hash_start_src_offset;
340     /* Length of the source data that the hash will be computed on */
341     __virtio32 len_to_hash;
342     /* Length of the additional auth data */
343     __virtio32 aad_len;
344     /* Length of the hash result */
345     __virtio32 hash_result_len;
346     __virtio32 reserved;
347 };
348 
349 struct virtio_crypto_alg_chain_data_req {
350     /* Device-readable part */
351     struct virtio_crypto_alg_chain_data_para para;
352 };
353 
354 struct virtio_crypto_sym_data_req {
355     union {
356         struct virtio_crypto_cipher_data_req cipher;
357         struct virtio_crypto_alg_chain_data_req chain;
358     } u;
359 
360     /* See above VIRTIO_CRYPTO_SYM_OP_* */
361     __virtio32 op_type;
362     __virtio32 padding;
363 };
364 
365 struct virtio_crypto_aead_data_req {
366     /* Device-readable part */
367     struct virtio_crypto_aead_para para;
368 };
369 
370 /* The request of the data viritqueue's packet */
371 struct virtio_crypto_op_data_req {
372     struct virtio_crypto_op_header header;
373 
374     union {
375         struct virtio_crypto_sym_data_req  sym_req;
376         struct virtio_crypto_hash_data_req hash_req;
377         struct virtio_crypto_mac_data_req mac_req;
378         struct virtio_crypto_aead_data_req aead_req;
379     } u;
380 };
381 
382 #define VIRTIO_CRYPTO_OK        0
383 #define VIRTIO_CRYPTO_ERR       1
384 #define VIRTIO_CRYPTO_BADMSG    2
385 #define VIRTIO_CRYPTO_NOTSUPP   3
386 #define VIRTIO_CRYPTO_INVSESS   4 /* Invaild session id */
387 
388 /* The accelerator hardware is ready */
389 #define VIRTIO_CRYPTO_S_HW_READY  (1 << 0)
390 #define VIRTIO_CRYPTO_S_STARTED  (1 << 1)
391 
392 struct virtio_crypto_config {
393     /* See VIRTIO_CRYPTO_* above */
394     __virtio32  status;
395 
396     /*
397      * Maximum number of data queue legal values are between 1 and 0x8000
398      */
399     __virtio32  max_dataqueues;
400 
401     /* Specifies the services mask which the devcie support,
402        see VIRTIO_CRYPTO_SERVICE_* above */
403     __virtio32 crypto_services;
404 
405     /* Detailed algorithms mask */
406     __virtio32 cipher_algo_l;
407     __virtio32 cipher_algo_h;
408     __virtio32 hash_algo;
409     __virtio32 mac_algo_l;
410     __virtio32 mac_algo_h;
411     __virtio32 aead_algo;
412 
413     /* Maximum length of cipher key */
414     uint32_t max_cipher_key_len;
415     /* Maximum length of authenticated key */
416     uint32_t max_auth_key_len;
417 
418     __virtio32 reserve;
419 
420     /* The maximum size of per request's content */
421     __virtio64 max_size;
422 };
423 
424 struct virtio_crypto_inhdr {
425     /* See VIRTIO_CRYPTO_* above */
426     uint8_t status;
427 };
428 
429 #endif /* _LINUX_VIRTIO_CRYPTO_H */
430