Features/VirtioCrypto
The virtio crypto device is a virtual crypto device, and is a kind of virtual hardware accelerator for virtual machines. The encryption and decryption requests are placed in the data queue, and handled by the real crypto accelerators finally. The second queue is the control queue, which is used to create or destroy sessions for symmetric algorithms, and control some advanced features in the future. The virtio crypto device can provide seven crypto services: CIPHER, MAC, HASH, AEAD, KDF, ASYM, PRIMITIVE.
Feature maintainers
Gonglei: <arei.gonglei@huawei.com>
Code
- Virtio-crypto specification: Gonglei's virtio.git
- Virtio-crypto linux driver: Gonglei's virtio-crypto-linux-driver.git
- QEMU: Gonglei's qemu.git
- Cryptodev-linux: Cryptodev-linux's website Cryptodev-linux is implemented as a standalone module that requires no dependencies other than a stock linux kernel.
Quickstart
Host:
QEMU:
$ git clone -b virtio-crypto https://github.com/gongleiarei/qemu $ cd qemu $ ./configure --target-list=x86_64-softmmu $ make
Guest:
$ git clone https://github.com/gongleiarei/virtio-crypto-linux-driver.git $ cd virtio-crypto-linux-driver $ make;make install
To use vhost_vsock.ko you must boot into the new host kernel and modprobe vhost_vsock.
The guest should also use the kernel so that modprobe virtio_transport can load the vsock guest driver.
For details on host and guest boot, see go.sh. Use nc-vsock 2 1234 inside the guest to connect to vsock port 1234 on the host. Use nc-vsock -l 1234 on the host to listen on that port.
Testing
The vhost-vsock-test qtest replays packets from a JSON file and verifies that the expected reply is received.
The JSON test file format is described in a README.
$ cd qemu $ make -j4 $ make tests/vhost-vsock-test $ sudo QTEST_QEMU_BINARY=x86_64-softmmu/qemu-system-x86_64 QTEST_QEMU_IMG=qemu-img MALLOC_PERTURB_=${MALLOC_PERTURB_:-$((RANDOM % 255 + 1))} gtester -k --verbose -m=quick tests/vhost-vsock-test -o /dev/stderr
Create and edit test cases in tests/vhost-vsock-test-data/*.json.
Links
- KVM Forum 2015 presentation: virtio-vsock: Zero-configuration host/guest communication (pdf)
- Connectathon 2016 presentation: NFS over virtio-vsock: Host/guest file sharing for virtual machines (pdf)