Features/VirtioCrypto

From QEMU
Revision as of 02:03, 13 September 2016 by GongLei (talk | contribs) (→‎Quickstart)

The virtio crypto device is a virtual crypto device, and is a kind of virtual hardware accelerator for virtual machines. The encryption and decryption requests are placed in the data queue, and handled by the real crypto accelerators finally. The second queue is the control queue, which is used to create or destroy sessions for symmetric algorithms, and control some advanced features in the future. The virtio crypto device can provide seven crypto services: CIPHER, MAC, HASH, AEAD, KDF, ASYM, PRIMITIVE.

Feature maintainers

Gonglei: <arei.gonglei@huawei.com>

Code

Quickstart

Host:

  • Step 1: Use the cryptodev-linux as the client, the cryptodev.ko should be insert on the host.

Cryptodev:

 $ git clone https://github.com/cryptodev-linux/cryptodev-linux.git
 $ cd cryptodev-linux
 $ make; make install
  • Step 2: Build qemu with cryptodev-linux support

QEMU:

 $ git clone -b virtio-crypto https://github.com/gongleiarei/qemu
 $ cd qemu
 $ ./configure --target-list=x86_64-softmmu
 $ make

Guest:

  • Step 1: Build and install virtio-crypto linux driver.
 $ git clone https://github.com/gongleiarei/virtio-crypto-linux-driver.git
 $ cd virtio-crypto-linux-driver
 $ make;make install
  • Step 2: use cryptodev-linux test the crypto functions

Testing

The vhost-vsock-test qtest replays packets from a JSON file and verifies that the expected reply is received.

The JSON test file format is described in a README.

 $ cd qemu
 $ make -j4
 $ make tests/vhost-vsock-test
 $ sudo QTEST_QEMU_BINARY=x86_64-softmmu/qemu-system-x86_64 QTEST_QEMU_IMG=qemu-img MALLOC_PERTURB_=${MALLOC_PERTURB_:-$((RANDOM % 255 + 1))} gtester -k --verbose -m=quick tests/vhost-vsock-test -o /dev/stderr

Create and edit test cases in tests/vhost-vsock-test-data/*.json.

Links