1 #ifndef _VIRTIO_CRYPTO_H
2 #define _VIRTIO_CRYPTO_H
3 /* This header is BSD licensed so anyone can use the definitions to implement
4  * compatible drivers/servers.
5  *
6  * Redistribution and use in source and binary forms, with or without
7  * modification, are permitted provided that the following conditions
8  * are met:
9  * 1. Redistributions of source code must retain the above copyright
10  *    notice, this list of conditions and the following disclaimer.
11  * 2. Redistributions in binary form must reproduce the above copyright
12  *    notice, this list of conditions and the following disclaimer in the
13  *    documentation and/or other materials provided with the distribution.
14  * 3. Neither the name of IBM nor the names of its contributors
15  *    may be used to endorse or promote products derived from this software
16  *    without specific prior written permission.
17  * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS
18  * ``AS IS'' AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT
19  * LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS
20  * FOR A PARTICULAR PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL IBM OR
21  * CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
22  * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT
23  * LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF
24  * USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND
25  * ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY,
26  * OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT
27  * OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
28  * SUCH DAMAGE.
29  */
30 #include "standard-headers/linux/types.h"
31 #include "standard-headers/linux/virtio_types.h"
32 #include "standard-headers/linux/virtio_ids.h"
33 #include "standard-headers/linux/virtio_config.h"
34 
35 
36 #define VIRTIO_CRYPTO_SERVICE_CIPHER 0
37 #define VIRTIO_CRYPTO_SERVICE_HASH   1
38 #define VIRTIO_CRYPTO_SERVICE_MAC    2
39 #define VIRTIO_CRYPTO_SERVICE_AEAD   3
40 
41 #define VIRTIO_CRYPTO_OPCODE(service, op)   (((service) << 8) | (op))
42 
43 struct virtio_crypto_ctrl_header {
44 #define VIRTIO_CRYPTO_CIPHER_CREATE_SESSION \
45 	   VIRTIO_CRYPTO_OPCODE(VIRTIO_CRYPTO_SERVICE_CIPHER, 0x02)
46 #define VIRTIO_CRYPTO_CIPHER_DESTROY_SESSION \
47 	   VIRTIO_CRYPTO_OPCODE(VIRTIO_CRYPTO_SERVICE_CIPHER, 0x03)
48 #define VIRTIO_CRYPTO_HASH_CREATE_SESSION \
49 	   VIRTIO_CRYPTO_OPCODE(VIRTIO_CRYPTO_SERVICE_HASH, 0x02)
50 #define VIRTIO_CRYPTO_HASH_DESTROY_SESSION \
51 	   VIRTIO_CRYPTO_OPCODE(VIRTIO_CRYPTO_SERVICE_HASH, 0x03)
52 #define VIRTIO_CRYPTO_MAC_CREATE_SESSION \
53 	   VIRTIO_CRYPTO_OPCODE(VIRTIO_CRYPTO_SERVICE_MAC, 0x02)
54 #define VIRTIO_CRYPTO_MAC_DESTROY_SESSION \
55 	   VIRTIO_CRYPTO_OPCODE(VIRTIO_CRYPTO_SERVICE_MAC, 0x03)
56 #define VIRTIO_CRYPTO_AEAD_CREATE_SESSION \
57 	   VIRTIO_CRYPTO_OPCODE(VIRTIO_CRYPTO_SERVICE_AEAD, 0x02)
58 #define VIRTIO_CRYPTO_AEAD_DESTROY_SESSION \
59 	   VIRTIO_CRYPTO_OPCODE(VIRTIO_CRYPTO_SERVICE_AEAD, 0x03)
60 	uint32_t opcode;
61 	uint32_t algo;
62 	uint32_t flag;
63 	/* data virtqueue id */
64 	uint32_t queue_id;
65 };
66 
67 struct virtio_crypto_cipher_session_para {
68 #define VIRTIO_CRYPTO_NO_CIPHER                 0
69 #define VIRTIO_CRYPTO_CIPHER_ARC4               1
70 #define VIRTIO_CRYPTO_CIPHER_AES_ECB            2
71 #define VIRTIO_CRYPTO_CIPHER_AES_CBC            3
72 #define VIRTIO_CRYPTO_CIPHER_AES_CTR            4
73 #define VIRTIO_CRYPTO_CIPHER_DES_ECB            5
74 #define VIRTIO_CRYPTO_CIPHER_DES_CBC            6
75 #define VIRTIO_CRYPTO_CIPHER_3DES_ECB           7
76 #define VIRTIO_CRYPTO_CIPHER_3DES_CBC           8
77 #define VIRTIO_CRYPTO_CIPHER_3DES_CTR           9
78 #define VIRTIO_CRYPTO_CIPHER_KASUMI_F8          10
79 #define VIRTIO_CRYPTO_CIPHER_SNOW3G_UEA2        11
80 #define VIRTIO_CRYPTO_CIPHER_AES_F8             12
81 #define VIRTIO_CRYPTO_CIPHER_AES_XTS            13
82 #define VIRTIO_CRYPTO_CIPHER_ZUC_EEA3           14
83 	uint32_t algo;
84 	/* length of key */
85 	uint32_t keylen;
86 
87 #define VIRTIO_CRYPTO_OP_ENCRYPT  1
88 #define VIRTIO_CRYPTO_OP_DECRYPT  2
89 	/* encrypt or decrypt */
90 	uint32_t op;
91 	uint32_t padding;
92 };
93 
94 struct virtio_crypto_session_input {
95 	/* Device-writable part */
96 	uint64_t session_id;
97 	uint32_t status;
98 	uint32_t padding;
99 };
100 
101 struct virtio_crypto_cipher_session_req {
102 	struct virtio_crypto_cipher_session_para para;
103 	uint8_t padding[32];
104 };
105 
106 struct virtio_crypto_hash_session_para {
107 #define VIRTIO_CRYPTO_NO_HASH            0
108 #define VIRTIO_CRYPTO_HASH_MD5           1
109 #define VIRTIO_CRYPTO_HASH_SHA1          2
110 #define VIRTIO_CRYPTO_HASH_SHA_224       3
111 #define VIRTIO_CRYPTO_HASH_SHA_256       4
112 #define VIRTIO_CRYPTO_HASH_SHA_384       5
113 #define VIRTIO_CRYPTO_HASH_SHA_512       6
114 #define VIRTIO_CRYPTO_HASH_SHA3_224      7
115 #define VIRTIO_CRYPTO_HASH_SHA3_256      8
116 #define VIRTIO_CRYPTO_HASH_SHA3_384      9
117 #define VIRTIO_CRYPTO_HASH_SHA3_512      10
118 #define VIRTIO_CRYPTO_HASH_SHA3_SHAKE128      11
119 #define VIRTIO_CRYPTO_HASH_SHA3_SHAKE256      12
120 	uint32_t algo;
121 	/* hash result length */
122 	uint32_t hash_result_len;
123 	uint8_t padding[8];
124 };
125 
126 struct virtio_crypto_hash_create_session_req {
127 	struct virtio_crypto_hash_session_para para;
128 	uint8_t padding[40];
129 };
130 
131 struct virtio_crypto_mac_session_para {
132 #define VIRTIO_CRYPTO_NO_MAC                       0
133 #define VIRTIO_CRYPTO_MAC_HMAC_MD5                 1
134 #define VIRTIO_CRYPTO_MAC_HMAC_SHA1                2
135 #define VIRTIO_CRYPTO_MAC_HMAC_SHA_224             3
136 #define VIRTIO_CRYPTO_MAC_HMAC_SHA_256             4
137 #define VIRTIO_CRYPTO_MAC_HMAC_SHA_384             5
138 #define VIRTIO_CRYPTO_MAC_HMAC_SHA_512             6
139 #define VIRTIO_CRYPTO_MAC_CMAC_3DES                25
140 #define VIRTIO_CRYPTO_MAC_CMAC_AES                 26
141 #define VIRTIO_CRYPTO_MAC_KASUMI_F9                27
142 #define VIRTIO_CRYPTO_MAC_SNOW3G_UIA2              28
143 #define VIRTIO_CRYPTO_MAC_GMAC_AES                 41
144 #define VIRTIO_CRYPTO_MAC_GMAC_TWOFISH             42
145 #define VIRTIO_CRYPTO_MAC_CBCMAC_AES               49
146 #define VIRTIO_CRYPTO_MAC_CBCMAC_KASUMI_F9         50
147 #define VIRTIO_CRYPTO_MAC_XCBC_AES                 53
148 	uint32_t algo;
149 	/* hash result length */
150 	uint32_t hash_result_len;
151 	/* length of authenticated key */
152 	uint32_t auth_key_len;
153 	uint32_t padding;
154 };
155 
156 struct virtio_crypto_mac_create_session_req {
157 	struct virtio_crypto_mac_session_para para;
158 	uint8_t padding[40];
159 };
160 
161 struct virtio_crypto_aead_session_para {
162 #define VIRTIO_CRYPTO_NO_AEAD     0
163 #define VIRTIO_CRYPTO_AEAD_GCM    1
164 #define VIRTIO_CRYPTO_AEAD_CCM    2
165 #define VIRTIO_CRYPTO_AEAD_CHACHA20_POLY1305  3
166 	uint32_t algo;
167 	/* length of key */
168 	uint32_t key_len;
169 	/* hash result length */
170 	uint32_t hash_result_len;
171 	/* length of the additional authenticated data (AAD) in bytes */
172 	uint32_t aad_len;
173 	/* encrypt or decrypt, See above VIRTIO_CRYPTO_OP_* */
174 	uint32_t op;
175 	uint32_t padding;
176 };
177 
178 struct virtio_crypto_aead_create_session_req {
179 	struct virtio_crypto_aead_session_para para;
180 	uint8_t padding[32];
181 };
182 
183 struct virtio_crypto_alg_chain_session_para {
184 #define VIRTIO_CRYPTO_SYM_ALG_CHAIN_ORDER_HASH_THEN_CIPHER  1
185 #define VIRTIO_CRYPTO_SYM_ALG_CHAIN_ORDER_CIPHER_THEN_HASH  2
186 	uint32_t alg_chain_order;
187 /* Plain hash */
188 #define VIRTIO_CRYPTO_SYM_HASH_MODE_PLAIN    1
189 /* Authenticated hash (mac) */
190 #define VIRTIO_CRYPTO_SYM_HASH_MODE_AUTH     2
191 /* Nested hash */
192 #define VIRTIO_CRYPTO_SYM_HASH_MODE_NESTED   3
193 	uint32_t hash_mode;
194 	struct virtio_crypto_cipher_session_para cipher_param;
195 	union {
196 		struct virtio_crypto_hash_session_para hash_param;
197 		struct virtio_crypto_mac_session_para mac_param;
198 		uint8_t padding[16];
199 	} u;
200 	/* length of the additional authenticated data (AAD) in bytes */
201 	uint32_t aad_len;
202 	uint32_t padding;
203 };
204 
205 struct virtio_crypto_alg_chain_session_req {
206 	struct virtio_crypto_alg_chain_session_para para;
207 };
208 
209 struct virtio_crypto_sym_create_session_req {
210 	union {
211 		struct virtio_crypto_cipher_session_req cipher;
212 		struct virtio_crypto_alg_chain_session_req chain;
213 		uint8_t padding[48];
214 	} u;
215 
216 	/* Device-readable part */
217 
218 /* No operation */
219 #define VIRTIO_CRYPTO_SYM_OP_NONE  0
220 /* Cipher only operation on the data */
221 #define VIRTIO_CRYPTO_SYM_OP_CIPHER  1
222 /*
223  * Chain any cipher with any hash or mac operation. The order
224  * depends on the value of alg_chain_order param
225  */
226 #define VIRTIO_CRYPTO_SYM_OP_ALGORITHM_CHAINING  2
227 	uint32_t op_type;
228 	uint32_t padding;
229 };
230 
231 struct virtio_crypto_destroy_session_req {
232 	/* Device-readable part */
233 	uint64_t  session_id;
234 	uint8_t padding[48];
235 };
236 
237 /* The request of the control virtqueue's packet */
238 struct virtio_crypto_op_ctrl_req {
239 	struct virtio_crypto_ctrl_header header;
240 
241 	union {
242 		struct virtio_crypto_sym_create_session_req
243 			sym_create_session;
244 		struct virtio_crypto_hash_create_session_req
245 			hash_create_session;
246 		struct virtio_crypto_mac_create_session_req
247 			mac_create_session;
248 		struct virtio_crypto_aead_create_session_req
249 			aead_create_session;
250 		struct virtio_crypto_destroy_session_req
251 			destroy_session;
252 		uint8_t padding[56];
253 	} u;
254 };
255 
256 struct virtio_crypto_op_header {
257 #define VIRTIO_CRYPTO_CIPHER_ENCRYPT \
258 	VIRTIO_CRYPTO_OPCODE(VIRTIO_CRYPTO_SERVICE_CIPHER, 0x00)
259 #define VIRTIO_CRYPTO_CIPHER_DECRYPT \
260 	VIRTIO_CRYPTO_OPCODE(VIRTIO_CRYPTO_SERVICE_CIPHER, 0x01)
261 #define VIRTIO_CRYPTO_HASH \
262 	VIRTIO_CRYPTO_OPCODE(VIRTIO_CRYPTO_SERVICE_HASH, 0x00)
263 #define VIRTIO_CRYPTO_MAC \
264 	VIRTIO_CRYPTO_OPCODE(VIRTIO_CRYPTO_SERVICE_MAC, 0x00)
265 #define VIRTIO_CRYPTO_AEAD_ENCRYPT \
266 	VIRTIO_CRYPTO_OPCODE(VIRTIO_CRYPTO_SERVICE_AEAD, 0x00)
267 #define VIRTIO_CRYPTO_AEAD_DECRYPT \
268 	VIRTIO_CRYPTO_OPCODE(VIRTIO_CRYPTO_SERVICE_AEAD, 0x01)
269 	uint32_t opcode;
270 	/* algo should be service-specific algorithms */
271 	uint32_t algo;
272 	/* session_id should be service-specific algorithms */
273 	uint64_t session_id;
274 	/* control flag to control the request */
275 	uint32_t flag;
276 	uint32_t padding;
277 };
278 
279 struct virtio_crypto_cipher_para {
280 	/*
281 	 * Byte Length of valid IV/Counter
282 	 *
283 	 * For block ciphers in CBC or F8 mode, or for Kasumi in F8 mode, or for
284 	 *   SNOW3G in UEA2 mode, this is the length of the IV (which
285 	 *   must be the same as the block length of the cipher).
286 	 * For block ciphers in CTR mode, this is the length of the counter
287 	 *   (which must be the same as the block length of the cipher).
288 	 * For AES-XTS, this is the 128bit tweak, i, from IEEE Std 1619-2007.
289 	 *
290 	 * The IV/Counter will be updated after every partial cryptographic
291 	 * operation.
292 	 */
293 	uint32_t iv_len;
294 	/* length of source data */
295 	uint32_t src_data_len;
296 	/* length of dst data */
297 	uint32_t dst_data_len;
298 	uint32_t padding;
299 };
300 
301 struct virtio_crypto_hash_para {
302 	/* length of source data */
303 	uint32_t src_data_len;
304 	/* hash result length */
305 	uint32_t hash_result_len;
306 };
307 
308 struct virtio_crypto_mac_para {
309 	struct virtio_crypto_hash_para hash;
310 };
311 
312 struct virtio_crypto_aead_para {
313 	/*
314 	 * Byte Length of valid IV data pointed to by the below iv_addr
315 	 * parameter.
316 	 *
317 	 * For GCM mode, this is either 12 (for 96-bit IVs) or 16, in which
318 	 *   case iv_addr points to J0.
319 	 * For CCM mode, this is the length of the nonce, which can be in the
320 	 *   range 7 to 13 inclusive.
321 	 */
322 	uint32_t iv_len;
323 	/* length of additional auth data */
324 	uint32_t aad_len;
325 	/* length of source data */
326 	uint32_t src_data_len;
327 	/* length of dst data */
328 	uint32_t dst_data_len;
329 };
330 
331 struct virtio_crypto_cipher_data_req {
332 	/* Device-readable part */
333 	struct virtio_crypto_cipher_para para;
334 	uint8_t padding[24];
335 };
336 
337 struct virtio_crypto_hash_data_req {
338 	/* Device-readable part */
339 	struct virtio_crypto_hash_para para;
340 	uint8_t padding[40];
341 };
342 
343 struct virtio_crypto_mac_data_req {
344 	/* Device-readable part */
345 	struct virtio_crypto_mac_para para;
346 	uint8_t padding[40];
347 };
348 
349 struct virtio_crypto_alg_chain_data_para {
350 	uint32_t iv_len;
351 	/* Length of source data */
352 	uint32_t src_data_len;
353 	/* Length of destination data */
354 	uint32_t dst_data_len;
355 	/* Starting point for cipher processing in source data */
356 	uint32_t cipher_start_src_offset;
357 	/* Length of the source data that the cipher will be computed on */
358 	uint32_t len_to_cipher;
359 	/* Starting point for hash processing in source data */
360 	uint32_t hash_start_src_offset;
361 	/* Length of the source data that the hash will be computed on */
362 	uint32_t len_to_hash;
363 	/* Length of the additional auth data */
364 	uint32_t aad_len;
365 	/* Length of the hash result */
366 	uint32_t hash_result_len;
367 	uint32_t reserved;
368 };
369 
370 struct virtio_crypto_alg_chain_data_req {
371 	/* Device-readable part */
372 	struct virtio_crypto_alg_chain_data_para para;
373 };
374 
375 struct virtio_crypto_sym_data_req {
376 	union {
377 		struct virtio_crypto_cipher_data_req cipher;
378 		struct virtio_crypto_alg_chain_data_req chain;
379 		uint8_t padding[40];
380 	} u;
381 
382 	/* See above VIRTIO_CRYPTO_SYM_OP_* */
383 	uint32_t op_type;
384 	uint32_t padding;
385 };
386 
387 struct virtio_crypto_aead_data_req {
388 	/* Device-readable part */
389 	struct virtio_crypto_aead_para para;
390 	uint8_t padding[32];
391 };
392 
393 /* The request of the data virtqueue's packet */
394 struct virtio_crypto_op_data_req {
395 	struct virtio_crypto_op_header header;
396 
397 	union {
398 		struct virtio_crypto_sym_data_req  sym_req;
399 		struct virtio_crypto_hash_data_req hash_req;
400 		struct virtio_crypto_mac_data_req mac_req;
401 		struct virtio_crypto_aead_data_req aead_req;
402 		uint8_t padding[48];
403 	} u;
404 };
405 
406 #define VIRTIO_CRYPTO_OK        0
407 #define VIRTIO_CRYPTO_ERR       1
408 #define VIRTIO_CRYPTO_BADMSG    2
409 #define VIRTIO_CRYPTO_NOTSUPP   3
410 #define VIRTIO_CRYPTO_INVSESS   4 /* Invalid session id */
411 
412 /* The accelerator hardware is ready */
413 #define VIRTIO_CRYPTO_S_HW_READY  (1 << 0)
414 
415 struct virtio_crypto_config {
416 	/* See VIRTIO_CRYPTO_OP_* above */
417 	uint32_t  status;
418 
419 	/*
420 	 * Maximum number of data queue
421 	 */
422 	uint32_t  max_dataqueues;
423 
424 	/*
425 	 * Specifies the services mask which the device support,
426 	 * see VIRTIO_CRYPTO_SERVICE_* above
427 	 */
428 	uint32_t crypto_services;
429 
430 	/* Detailed algorithms mask */
431 	uint32_t cipher_algo_l;
432 	uint32_t cipher_algo_h;
433 	uint32_t hash_algo;
434 	uint32_t mac_algo_l;
435 	uint32_t mac_algo_h;
436 	uint32_t aead_algo;
437 	/* Maximum length of cipher key */
438 	uint32_t max_cipher_key_len;
439 	/* Maximum length of authenticated key */
440 	uint32_t max_auth_key_len;
441 	uint32_t reserve;
442 	/* Maximum size of each crypto request's content */
443 	uint64_t max_size;
444 };
445 
446 struct virtio_crypto_inhdr {
447 	/* See VIRTIO_CRYPTO_* above */
448 	uint8_t status;
449 };
450 #endif
451