Features/VirtioCrypto: Difference between revisions

From QEMU
No edit summary
Line 18: Line 18:
==Quickstart==
==Quickstart==
'''Host:'''
'''Host:'''
* Step 1: Use the cryptodev-linux as the client, the cryptodev.ko should be inserted on the host.
* Step 1: Build Qemu with libgcrypt cryptography support
 
  $ git clone https://github.com/cryptodev-linux/cryptodev-linux.git
  $ cd cryptodev-linux
  $ make; make install
 
* Step 2: Build Qemu with cryptodev-linux support


   $ git clone -b virtio-crypto https://github.com/gongleiarei/qemu
   $ git clone -b virtio-crypto https://github.com/gongleiarei/qemu
Line 35: Line 29:
   $ qemu-system-x86_64 \
   $ qemu-system-x86_64 \
     [...] \
     [...] \
         -cryptodev type=cryptodev-linux,id=cryptodev0 \
         -object cryptodev-backend-gcrypt,id=cryptodev0 \
         -device virtio-crypto-pci,id=crypto0,cryptodev=cryptodev0 \
         -device virtio-crypto-pci,id=crypto0,cryptodev=cryptodev0 \
     [...]
     [...]

Revision as of 07:45, 19 September 2016

The virtio crypto is a virtual crypto device as well as a kind of virtual hardware accelerator for virtual machines. The encryption and decryption requests are placed in the data queue and handled by the real crypto accelerators finally. The second queue is the control queue used to create or destroy sessions for symmetric algorithms and control some advanced features in the future. The virtio crypto device provides seven crypto services: CIPHER, MAC, HASH, AEAD, KDF, ASYM, and PRIMITIVE.

Feature maintainers

Gonglei: <arei.gonglei@huawei.com>

Code

Quickstart

Host:

  • Step 1: Build Qemu with libgcrypt cryptography support
 $ git clone -b virtio-crypto https://github.com/gongleiarei/qemu
 $ cd qemu
 $ ./configure --target-list=x86_64-softmmu
 $ make
  • Step 3: Strat Qemu using the following parameters:
 $ qemu-system-x86_64 \
   [...] \
       -object cryptodev-backend-gcrypt,id=cryptodev0 \
       -device virtio-crypto-pci,id=crypto0,cryptodev=cryptodev0 \
   [...]


Guest:

  • Step 1: Build and install virtio-crypto linux driver.
 $ git clone https://github.com/gongleiarei/virtio-crypto-linux-driver.git
 $ cd virtio-crypto-linux-driver
 $ make;make install
  • Step 2: use cryptodev-linux test the crypto functions

Testing

Use the cryptodev-linux module to test the crypto functions in the guest.

$ git clone https://github.com/cryptodev-linux/cryptodev-linux.git
$ cd cryptodev-linux
$ make; make install
$ cd tests
$ ./cipher -
requested cipher CRYPTO_AES_CBC, got cbc(aes) with driver virtio_crypto_aes_cbc
AES Test passed
requested cipher CRYPTO_AES_CBC, got cbc(aes) with driver virtio_crypto_aes_cbc
requested cipher CRYPTO_AES_CBC, got cbc(aes) with driver virtio_crypto_aes_cbc
Test passed

A simple benchmark in the cryptodev-linux module (synchronous encryption in the guest and no hardware accelerator in the host)

$ ./speed
 Testing AES-128-CBC cipher: 
       Encrypting in chunks of 512 bytes: done. 85.10 MB in 5.00 secs: 17.02 MB/sec
       Encrypting in chunks of 1024 bytes: done. 162.98 MB in 5.00 secs: 32.59 MB/sec
       Encrypting in chunks of 2048 bytes: done. 292.93 MB in 5.00 secs: 58.58 MB/sec
       Encrypting in chunks of 4096 bytes: done. 500.77 MB in 5.00 secs: 100.14 MB/sec
       Encrypting in chunks of 8192 bytes: done. 766.14 MB in 5.00 secs: 153.20 MB/sec
       Encrypting in chunks of 16384 bytes: done. 1.05 GB in 5.00 secs: 0.21 GB/sec
       Encrypting in chunks of 32768 bytes: done. 1.31 GB in 5.00 secs: 0.26 GB/sec
       Encrypting in chunks of 65536 bytes: done. 1.51 GB in 5.00 secs: 0.30 GB/sec

Links