OASIS Mailing List ArchivesView the OASIS mailing list archive below
or browse/search using MarkMail.


Help: OASIS Mailing Lists Help | MarkMail Help

virtio-dev message

[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]

Subject: [PATCH v10 00/12] virtio-crypto: introduce framework and device emulation


The virtio crypto is a virtual crypto device as well as a kind
of virtual hardware accelerator for virtual machines. The
encryption and decryption requests are placed in the data
queue and handled by the real crypto accelerators finally.
The second queue is the control queue used to create or
destroy sessions for symmetric algorithms and control
some advanced features in the future. The virtio crypto
device provides the following crypto services: CIPHER,

 - add vhost-user as a high performance cryptodev backend.
 - more crypto services support.
 - mirgration support.

Changes since v9:
 - Virtio-crypto device conforms to VIRTIO 1.0 which is always LE,
   so we can use LE accessors directly. [Michael]
 - add max_size field in the virtio-crypto device config in order
   to tell the driver what's maximum size of crypto request the
   device supports.   [Michael]
 - add max_cipher_key_len and max_auth_key_len in the device config
   too for the symmetric algorithms to limit resource utilization by
   guest. Add corresponding initialization and checks.
 - fix a typo, s/exist/exists/g  [Michael] 

Changes since v8:
 - fix a incorrect check condition in patch 9/12
 - add bh as the asynchronous handler for virtio-crypto's
   data virtqueue in patch 11/12  [Stefan]

Changes since v7:
 - handle endianess problems in input path [Stefan]
 - fix two possiable memory leak  [Stefan]
 - use the iov_*() functions on in_iov/in_num instead of directly accessing the iovecs
 - handle possible integer overflow [Stefan]
 - fix a typo  [Stefan]
 - define struct virtio_crypto_inhdr in virtio_crypto.h [Stefan]
 - use uint8_t instead of uint32_t for status in struct virtio_crypto_inhdr
 - remove unused field in VirtIOCryptoConf. [Stefan]
 - squash the VIRTIO_CRYPTO_OK changes into the patches that introduced the old code. [Stefan]
 - squash the previous patch 12 to patch 3 and patch 9 so that we can import the final version of
   external header file from Linux. [Stefan]

Changes since v6:
 - add copyright and license for virtio_crypto.h [Eric]
 - add/remove (bracket pair for macro definition in virtio_crypto.h  [Eric]
 - add missing dc->vmsd and fix a typo in patch 5
 - fix a checkpatch.pl complaint
 - rebase on the QEMU master branch

Changes since v5:
 - rebase the patch 14 in v5, using the correct at the beginning of whole patch series. [Eric]
 - perfect algorithm chain support in patch 12.
 - more friendly error handler in both controlq and dataq.
 - drop patch "virtio-crypto: emulate virtio crypto as a legacy device by default" because
  we shouldn't support transitional virtio devices any more. [Michael] 
 - drop patch "virtio-crypto-test: add qtest case for virtio-crypto" because
  libqtest doesn't support virtio-1.0 device yet.
 - rebase the patch set based on Michael's pull request:
    [PULL 00/33] virtio, pc: fixes and features

Changes since v4: (Thanks to Stefan)
 - drop scatter-gather I/O identification in virtio crypto spec and corresponding code [Stefan]
 - remove qcrypto perfix for cryptdov stuff [Stefan]
 - use virtio_error() in virtio-crypto device's functions. [Stefan]
 - fix endianness handling. [Stefan]
 - use VMSTATE_VIRTIO_DEVICE() instead of calling register_savevm(). [Stefan]
 - redefine DPRINTF in virtio-crypto.h [Stefan]
 - fix some typos [Stefan]
 - fix other farraginous problems suggested by Stefan.

Changes since v3:
 - rename cryptodev-gcrypt to cryptodev-buitlin. [Daniel]
 - move cryptodev stuff from crypto/ directory to backends/ directory
   in order to keep the crypto subsystem influence by syetem
   emulators. [Daniel]
 - emulate virtio-crypto device as a legacy device by default in patch 11
 - introduce virtio-crypto qtest case in patch 12
 - add myself as cryptdoev backends mainatainer and vitio-crypto
   co-maintainer in patch 13
 - add CRT support for cryptodev-builtin, it based on my previous crypto
   patch serial queued by Daniel.
 - add queue_index for qcrypto_cryptodev_backend_sym_close_session()

Changes since v2:
 According to Daniel's comments:
 - drop cryptodev kernel module as a cryptodev backend
 - rename crypto stuff to cryptodev stuff
 - change some files' license to GPLv2+
 - remove cryptodev command line instead of QOM to define the cryptodev backend
 - rename all functions and structures in crypto sub-directory.
 - add full inline documentation for cryptodev.h
 - drop crypto-queue.c [Paolo]
 - merge some patches

Great thanks to Daniel and Paolo. Please review again, thanks!

Changes since v1:
 - rmmove mixed endian-ness handler for virtio-crypto device, just
   use little-endian. [mst]
 - add sg list support according virtio-crypto spec v10 (will be posted soon).
 - fix a memory leak in session handler.
 - add a feature page link in qemu.org (http://qemu-project.org/Features/VirtioCrypto)
 - fix some trivial problems, sush as 's/Since 2.7/Since 2.8/g' in qapi-schema.json
 - rebase the latest qemu master tree.

This patch series realize the framework and emulation of a new
virtio crypto device, which is similar with virtio net device.
 - I introduce the cryptodev backend as the client of virtio crypto device
   which can be realized by different methods, such as cryptodev-backend-gcrypt in my series,
   vhost-crypto kernel module, vhost-user etc.
 - The patch set abides by the virtio crypto speccification.
 - The virtio crypto support symmetric algorithms (including CIPHER and algorithm chainning)
   at present, except HASH, MAC and AEAD services.
 - unsupport hot plug/unplug cryptodev backend at this moment.

Firstly build QEMU with libgcrypt cryptography support. 

QEMU can then be started using the following parameters:

qemu-system-x86_64 \
    [...] \
        -object cryptodev-backend-builtin,id=cryptodev0 \
        -device virtio-crypto-pci,id=crypto0,cryptodev=cryptodev0 \

The front-end linux kernel driver (Experimental at present) is publicly accessible from:

After insmod virtio-crypto.ko, you can use cryptodev-linux test the crypto function
in the guest. For example:

linux-guest:/home/gonglei/cryptodev-linux/tests # ./cipher -
requested cipher CRYPTO_AES_CBC, got cbc(aes) with driver virtio_crypto_aes_cbc
AES Test passed
requested cipher CRYPTO_AES_CBC, got cbc(aes) with driver virtio_crypto_aes_cbc
requested cipher CRYPTO_AES_CBC, got cbc(aes) with driver virtio_crypto_aes_cbc
Test passed

QEMU code also can be accessible from:


 branch virtio-crypto

For more information, please see:

Gonglei (12):
  cryptodev: introduce cryptodev backend interface
  cryptodev: add symmetric algorithm operation stuff
  virtio-crypto: introduce virtio_crypto.h
  cryptodev: introduce a new cryptodev backend
  virtio-crypto: add virtio crypto device emulation
  virtio-crypto-pci: add virtio crypto pci support
  virtio-crypto: set capacity of algorithms supported
  virtio-crypto: add control queue handler
  virtio-crypto: add data queue processing handler
  cryptodev: introduce an unified wrapper for crypto operation
  virtio-crypto: using bh to handle dataq's requests
  virtio-crypto: add myself as virtio-crypto and cryptodev backends

 MAINTAINERS                                    |  13 +
 backends/Makefile.objs                         |   3 +
 backends/cryptodev-builtin.c                   | 361 ++++++++++
 backends/cryptodev.c                           | 245 +++++++
 hw/virtio/Makefile.objs                        |   2 +
 hw/virtio/virtio-crypto-pci.c                  |  77 +++
 hw/virtio/virtio-crypto.c                      | 898 +++++++++++++++++++++++++
 hw/virtio/virtio-pci.h                         |  15 +
 include/hw/virtio/virtio-crypto.h              | 101 +++
 include/standard-headers/linux/virtio_crypto.h | 429 ++++++++++++
 include/standard-headers/linux/virtio_ids.h    |   2 +-
 include/sysemu/cryptodev.h                     | 298 ++++++++
 qemu-options.hx                                |  18 +
 13 files changed, 2461 insertions(+), 1 deletion(-)
 create mode 100644 backends/cryptodev-builtin.c
 create mode 100644 backends/cryptodev.c
 create mode 100644 hw/virtio/virtio-crypto-pci.c
 create mode 100644 hw/virtio/virtio-crypto.c
 create mode 100644 include/hw/virtio/virtio-crypto.h
 create mode 100644 include/standard-headers/linux/virtio_crypto.h
 create mode 100644 include/sysemu/cryptodev.h


[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]