ThePassionate opened a new pull request, #17979:
URL: https://github.com/apache/nuttx/pull/17979
# VirtIO Crypto: Add VirtIO crypto driver support
## Summary
This PR adds VirtIO crypto driver support to NuttX, enabling hardware crypto
acceleration in virtualized environments. It includes comprehensive
enhancements to the cryptodev subsystem to support various cipher algorithms
and improves compatibility with QEMU and other VirtIO backends.
## Changes
### Files Modified/Added
1. **drivers/virtio/virtio-crypto.c** (new)
- Implement VirtIO crypto driver core functionality
- Add support for symmetric cipher operations
- Handle VirtIO crypto device initialization and communication
2. **drivers/virtio/virtio-crypto.h** (new)
- Define VirtIO crypto driver internal structures
- Add helper functions for crypto operations
3. **include/crypto/virtio_crypto.h** (new)
- Add VirtIO crypto protocol definitions
- Support vela crypto driver algo converting from VirtIO crypto algo
4. **include/nuttx/virtio/virtio-crypto.h** (new)
- Define public VirtIO crypto device interface
- Export VirtIO crypto device structures
5. **crypto/cryptodev.c**
- Add support to keep private data in crypto driver
- Add encrypt op and olen for support VirtIO mode
- Export ivlen to support different cipher algorithms
6. **crypto/crypto.c**
- Determine the order of obtained crypto drivers
- Prioritize: local hardware driver → remote driver → software encryption
7. **crypto/cryptosoft.c**
- Fix iv length of aesctr/aesxts to 16 bytes for QEMU backend
compatibility
- Fix encdec to not change input buffer pointer
8. **drivers/virtio/CMakeLists.txt, Make.defs, Kconfig**
- Add build configuration for VirtIO crypto driver
9. **Documentation/components/crypto.rst**
- Add comprehensive VirtIO crypto driver documentation
- Document configuration options and usage examples
- Add QEMU integration instructions
## Technical Details
**VirtIO Crypto Driver:**
- Implements VirtIO crypto device specification
- Supports symmetric cipher operations (AES-CBC, AES-CTR, AES-XTS, AES-ECB)
- Supports hash algorithms (MD5, SHA-1, SHA-256, SHA-512)
- Supports message authentication codes (AES-CMAC)
- Provides hardware acceleration through VirtIO interface
- Converts between VirtIO crypto algorithms and NuttX crypto algorithms
**Cryptodev Enhancements:**
- Enables keeping driver-specific private data
- Adds encryption operation tracking
- Exports initialization vector length for flexibility
- Implements crypto driver priority ordering
**Bug Fixes:**
- Fixed AES-CTR/AES-XTS IV length from variable to constant 16 bytes
- Prevents buffer pointer modification during encrypt/decrypt operations
## Impact
- **Performance**: Enables hardware crypto acceleration in virtualized
environments
- **Compatibility**: Improves QEMU backend support for crypto operations
- **Flexibility**: Supports multiple cipher algorithms with proper IV
handling
- **Architecture**: Establishes proper crypto driver priority (hardware >
remote > software)
- **Stability**: Fixes buffer management issues in cryptosoft implementation
- **Documentation**: Comprehensive documentation for VirtIO crypto driver
usage
## Testing
**Test Environment:**
- QEMU with VirtIO crypto backend
- Various cipher algorithms (AES-CBC, AES-CTR, AES-XTS)
- Hash algorithms (MD5, SHA-1, SHA-256, SHA-512)
- NuttX standard build system
**Test Procedure:**
1. Build NuttX with VirtIO crypto driver enabled
2. Initialize VirtIO crypto device in QEMU environment
3. Perform encryption/decryption operations with various algorithms
4. Test hash operations with different algorithms
5. Verify IV length handling for AES-CTR and AES-XTS
6. Test crypto driver priority ordering
7. Validate buffer pointer integrity during operations
**Test Results:**
- ✅ VirtIO crypto device initializes successfully
- ✅ Symmetric cipher operations work correctly
- ✅ Hash operations function properly
- ✅ IV length fixed for QEMU backend compatibility
- ✅ Crypto driver priority ordering functions as expected
- ✅ Buffer pointers remain unchanged during operations
- ✅ No regressions in existing crypto functionality
## Related Issues
- VirtIO crypto driver implementation for NuttX
- Hardware crypto acceleration support in virtualized environments
- QEMU VirtIO crypto backend compatibility
- Cryptodev subsystem enhancements for driver flexibility
--
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
To unsubscribe, e-mail: [email protected]
For queries about this service, please contact Infrastructure at:
[email protected]
