Features/VirtioCrypto: Difference between revisions
(Created page with 'virtio-vsock is a ''host/guest communications device''. It allows applications in the guest and host to communicate. This can be used to implement hypervisor services and guest…') |
No edit summary |
||
| Line 1: | Line 1: | ||
virtio | The virtio crypto device is a virtual crypto device, and is a kind of | ||
virtual hardware accelerator for virtual machines. The encryption and | |||
decryption requests are placed in the data queue, and handled by the | |||
real crypto accelerators finally. The second queue is the control queue, | |||
which is used to create or destroy sessions for symmetric algorithms, and | |||
control some advanced features in the future. The virtio crypto | |||
device can provide seven crypto services: CIPHER, MAC, HASH, AEAD, | |||
KDF, ASYM, PRIMITIVE. | |||
==Code== | ==Code== | ||
Revision as of 01:26, 13 September 2016
The virtio crypto device is a virtual crypto device, and is a kind of virtual hardware accelerator for virtual machines. The encryption and decryption requests are placed in the data queue, and handled by the real crypto accelerators finally. The second queue is the control queue, which is used to create or destroy sessions for symmetric algorithms, and control some advanced features in the future. The virtio crypto device can provide seven crypto services: CIPHER, MAC, HASH, AEAD, KDF, ASYM, PRIMITIVE.
Code
- Virtio specification: HTML or virtio.git
- Linux kernel: stefanha's linux.git
- QEMU: stefanha's qemu.git
- netcat-like utility: nc-vsock
Quickstart
QEMU:
$ git clone -b vsock https://github.com/stefanha/qemu $ cd qemu $ ./configure --target-list=x86_64-softmmu $ make
Linux:
$ git clone -b vsock https://github.com/stefanha/linux $ cd linux $ cp /boot/config-$(uname -r) .config $ make menuconfig # select CONFIG_VHOST_VSOCK=m and CONFIG_VIRTIO_VSOCKETS=m $ make install modules_install
To use vhost_vsock.ko you must boot into the new host kernel and modprobe vhost_vsock.
The guest should also use the kernel so that modprobe virtio_transport can load the vsock guest driver.
For details on host and guest boot, see go.sh. Use nc-vsock 2 1234 inside the guest to connect to vsock port 1234 on the host. Use nc-vsock -l 1234 on the host to listen on that port.
Testing
The vhost-vsock-test qtest replays packets from a JSON file and verifies that the expected reply is received.
The JSON test file format is described in a README.
$ cd qemu
$ make -j4
$ make tests/vhost-vsock-test
$ sudo QTEST_QEMU_BINARY=x86_64-softmmu/qemu-system-x86_64 QTEST_QEMU_IMG=qemu-img MALLOC_PERTURB_=${MALLOC_PERTURB_:-$((RANDOM % 255 + 1))} gtester -k --verbose -m=quick tests/vhost-vsock-test -o /dev/stderr
Create and edit test cases in tests/vhost-vsock-test-data/*.json.
Links
- KVM Forum 2015 presentation: virtio-vsock: Zero-configuration host/guest communication (pdf)
- Connectathon 2016 presentation: NFS over virtio-vsock: Host/guest file sharing for virtual machines (pdf)