Features/VirtioCrypto: Difference between revisions
| Line 46: | Line 46: | ||
Use the cryptodev-linux module to test the crypto functions in the guest. | Use the cryptodev-linux module to test the crypto functions in the guest. | ||
$ git clone https://github.com/ | $ git clone https://github.com/cryptodev-linux/cryptodev-linux.git | ||
$ cd | $ cd cryptodev-linux | ||
$ | $ make; make install | ||
$ cd tests | |||
$ ./cipher - | |||
requested cipher CRYPTO_AES_CBC, got cbc(aes) with driver virtio_crypto_aes_cbc | |||
AES Test passed | |||
requested cipher CRYPTO_AES_CBC, got cbc(aes) with driver virtio_crypto_aes_cbc | |||
requested cipher CRYPTO_AES_CBC, got cbc(aes) with driver virtio_crypto_aes_cbc | |||
Test passed | |||
# simply benchmark | |||
$ ./speed | |||
Testing AES-128-CBC cipher: | |||
Encrypting in chunks of 512 bytes: done. 50.42 MB in 5.00 secs: 10.08 MB/sec | |||
Encrypting in chunks of 1024 bytes: done. 105.53 MB in 5.00 secs: 21.10 MB/sec | |||
Encrypting in chunks of 2048 bytes: done. 207.50 MB in 5.00 secs: 41.49 MB/sec | |||
Encrypting in chunks of 4096 bytes: done. 382.42 MB in 5.00 secs: 76.47 MB/sec | |||
Encrypting in chunks of 8192 bytes: done. 616.17 MB in 5.00 secs: 123.21 MB/sec | |||
Encrypting in chunks of 16384 bytes: done. 866.86 MB in 5.00 secs: 173.34 MB/sec | |||
Encrypting in chunks of 32768 bytes: done. 1.11 GB in 5.00 secs: 0.22 GB/sec | |||
Encrypting in chunks of 65536 bytes: done. 1.29 GB in 5.00 secs: 0.26 GB/sec | |||
==Links== | ==Links== | ||
* KVM Forum 2015 presentation: [http://vmsplice.net/~stefan/stefanha-kvm-forum-2015.pdf virtio-vsock: Zero-configuration host/guest communication] (pdf) | * KVM Forum 2015 presentation: [http://vmsplice.net/~stefan/stefanha-kvm-forum-2015.pdf virtio-vsock: Zero-configuration host/guest communication] (pdf) | ||
* Connectathon 2016 presentation: [http://vmsplice.net/~stefan/stefanha-connectathon-2016.pdf NFS over virtio-vsock: Host/guest file sharing for virtual machines] (pdf) | * Connectathon 2016 presentation: [http://vmsplice.net/~stefan/stefanha-connectathon-2016.pdf NFS over virtio-vsock: Host/guest file sharing for virtual machines] (pdf) | ||
Revision as of 02:07, 13 September 2016
The virtio crypto device is a virtual crypto device, and is a kind of virtual hardware accelerator for virtual machines. The encryption and decryption requests are placed in the data queue, and handled by the real crypto accelerators finally. The second queue is the control queue, which is used to create or destroy sessions for symmetric algorithms, and control some advanced features in the future. The virtio crypto device can provide seven crypto services: CIPHER, MAC, HASH, AEAD, KDF, ASYM, PRIMITIVE.
Feature maintainers
Gonglei: <arei.gonglei@huawei.com>
Code
- Virtio-crypto specification: Gonglei's virtio.git
- Virtio-crypto linux driver: Gonglei's virtio-crypto-linux-driver.git
- QEMU: Gonglei's qemu.git
- Cryptodev-linux: Cryptodev-linux's website Cryptodev-linux is implemented as a standalone module that requires no dependencies other than a stock linux kernel.
Quickstart
Host:
- Step 1: Use the cryptodev-linux as the client, the cryptodev.ko should be insert on the host.
Cryptodev:
$ git clone https://github.com/cryptodev-linux/cryptodev-linux.git $ cd cryptodev-linux $ make; make install
- Step 2: Build qemu with cryptodev-linux support
QEMU:
$ git clone -b virtio-crypto https://github.com/gongleiarei/qemu $ cd qemu $ ./configure --target-list=x86_64-softmmu $ make
Guest:
- Step 1: Build and install virtio-crypto linux driver.
$ git clone https://github.com/gongleiarei/virtio-crypto-linux-driver.git $ cd virtio-crypto-linux-driver $ make;make install
- Step 2: use cryptodev-linux test the crypto functions
Testing
Use the cryptodev-linux module to test the crypto functions in the guest.
$ git clone https://github.com/cryptodev-linux/cryptodev-linux.git $ cd cryptodev-linux $ make; make install $ cd tests $ ./cipher - requested cipher CRYPTO_AES_CBC, got cbc(aes) with driver virtio_crypto_aes_cbc AES Test passed requested cipher CRYPTO_AES_CBC, got cbc(aes) with driver virtio_crypto_aes_cbc requested cipher CRYPTO_AES_CBC, got cbc(aes) with driver virtio_crypto_aes_cbc Test passed # simply benchmark $ ./speed
Testing AES-128-CBC cipher:
Encrypting in chunks of 512 bytes: done. 50.42 MB in 5.00 secs: 10.08 MB/sec
Encrypting in chunks of 1024 bytes: done. 105.53 MB in 5.00 secs: 21.10 MB/sec
Encrypting in chunks of 2048 bytes: done. 207.50 MB in 5.00 secs: 41.49 MB/sec
Encrypting in chunks of 4096 bytes: done. 382.42 MB in 5.00 secs: 76.47 MB/sec
Encrypting in chunks of 8192 bytes: done. 616.17 MB in 5.00 secs: 123.21 MB/sec
Encrypting in chunks of 16384 bytes: done. 866.86 MB in 5.00 secs: 173.34 MB/sec
Encrypting in chunks of 32768 bytes: done. 1.11 GB in 5.00 secs: 0.22 GB/sec
Encrypting in chunks of 65536 bytes: done. 1.29 GB in 5.00 secs: 0.26 GB/sec
Links
- KVM Forum 2015 presentation: virtio-vsock: Zero-configuration host/guest communication (pdf)
- Connectathon 2016 presentation: NFS over virtio-vsock: Host/guest file sharing for virtual machines (pdf)