From: lei he
Enable retry for virtio-crypto-dev, so that crypto-engine
can process cipher-requests parallelly.
Cc: Michael S. Tsirkin
Cc: Jason Wang
Cc: Gonglei
Signed-off-by: lei he
Signed-off-by: zhenwei pi
---
drivers/crypto/virtio/virtio_crypto_core.c | 3 ++-
1 file changed, 2
he
Signed-off-by: zhenwei pi
---
drivers/crypto/virtio/virtio_crypto_akcipher_algs.c | 5 -
1 file changed, 4 insertions(+), 1 deletion(-)
diff --git a/drivers/crypto/virtio/virtio_crypto_akcipher_algs.c
b/drivers/crypto/virtio/virtio_crypto_akcipher_algs.c
index 9561bc2df62b..82db86e08
: Michael S. Tsirkin
Cc: Jason Wang
Cc: Gonglei
Signed-off-by: zhenwei pi
---
drivers/crypto/virtio/virtio_crypto_common.c | 31 +++
drivers/crypto/virtio/virtio_crypto_common.h | 2 ++
drivers/crypto/virtio/virtio_crypto_core.c | 32
3 files changed, 33
| |
wait wait wait wait
Test this patch, the guest side get ~200K/s operations with 300% CPU
utilization.
Cc: Michael S. Tsirkin
Cc: Jason Wang
Cc: Gonglei
Signed-off-by: zhenwei pi
---
drivers/crypto/virtio/virtio_crypto_comm
uest::ctrl::u::destroy_session::padding[48]
*/
So use kzalloc to allocate buffer of struct virtio_crypto_ctrl_request.
Cc: Michael S. Tsirkin
Cc: Jason Wang
Cc: Gonglei
Signed-off-by: zhenwei pi
---
drivers/crypto/virtio/Makefile| 1 +
.../virtio/virtio_crypto_akcipher_algs
retry on crypto engine to improve performance for data queue,
this allows the larger depth instead of 1.
- Fix dst data length in akcipher service.
- Other style fix.
lei he (2):
virtio-crypto: adjust dst_len at ops callback
virtio-crypto: enable retry for virtio-crypto-dev
zhenwei pi (3):
vi
On 4/20/22 11:32, Jason Wang wrote:
在 2022/4/18 17:00, zhenwei pi 写道:
Originally, after submitting request into virtio crypto control
queue, the guest side polls the result from the virt queue. This
allows all of the requests share a single request buffer in
struct virtio_crypto(ctrl&i
Hi Daniel,
Could you please review this series?
On 4/11/22 18:43, zhenwei pi wrote:
v3 -> v4:
- Coding style fix: Akcipher -> AkCipher, struct XXX -> XXX, Rsa -> RSA,
XXX-alg -> XXX-algo.
- Change version info in qapi/crypto.json, from 7.0 -> 7.1.
- Remove ecdsa from qapi/cry
From: lei he
Enable retry for virtio-crypto-dev, so that crypto-engine
can process cipher-requests parallelly.
Signed-off-by: lei he
---
drivers/crypto/virtio/virtio_crypto_core.c | 3 ++-
1 file changed, 2 insertions(+), 1 deletion(-)
diff --git a/drivers/crypto/virtio/virtio_crypto_core.c
From: lei he
For some akcipher operations(eg, decryption of pkcs1pad(rsa)),
the length of returned result maybe less than akcipher_req->dst_len,
we need to recalculate the actual dst_len through the virt-queue
protocol.
Signed-off-by: lei he
Signed-off-by: zhenwei pi
---
drivers/cry
Signed-off-by: zhenwei pi
---
drivers/crypto/virtio/virtio_crypto_common.c | 31 +++
drivers/crypto/virtio/virtio_crypto_common.h | 2 ++
drivers/crypto/virtio/virtio_crypto_core.c | 32
3 files changed, 33 insertions(+), 32 deletions(-)
diff --git a/drivers
add & kick
|
-spin_unlock(&vcrypto->ctrl_lock)--
/ / \ \
| | | |
wait wait wait wait
Test this patch, the guest side get ~20
o-crypto: enable retry for virtio-crypto-dev
zhenwei pi (2):
virtio-crypto: wait ctrl queue instead of busy polling
virtio-crypto: move helpers into virtio_crypto_common.c
drivers/crypto/virtio/Makefile| 1 +
.../virtio/virtio_crypto_akcipher_algs.c | 95 ++---
ty
improvement and might need its own patch, or at least documentation.
OK, kfree is good enough here, I'll fix this.
Thanks a lot!
--
zhenwei pi
___
Virtualization mailing list
Virtualization@lists.linux-foundation.org
https://lists.linuxfoundation.org/mailman/listinfo/virtualization
From: lei he
Enable retry for virtio-crypto-dev, so that crypto-engine
can process cipher-requests parallelly.
Signed-off-by: lei he
---
drivers/crypto/virtio/virtio_crypto_core.c | 3 ++-
1 file changed, 2 insertions(+), 1 deletion(-)
diff --git a/drivers/crypto/virtio/virtio_crypto_core.c
From: lei he
For some akcipher operations(eg, decryption of pkcs1pad(rsa)),
the length of returned result maybe less than akcipher_req->dst_len,
we need to recalculate the actual dst_len through the virt-queue
protocol.
Signed-off-by: lei he
Signed-off-by: zhenwei pi
---
drivers/cry
Signed-off-by: zhenwei pi
---
drivers/crypto/virtio/virtio_crypto_common.c | 31 +++
drivers/crypto/virtio/virtio_crypto_common.h | 2 ++
drivers/crypto/virtio/virtio_crypto_core.c | 32
3 files changed, 33 insertions(+), 32 deletions(-)
diff --git a/drivers
e, wait completion instead
of busy polling without lock race, and get completed by control queue
callback. Test this patch, the guest side get ~200K/s operations with
300% CPU utilization.
Signed-off-by: zhenwei pi
---
drivers/crypto/virtio/Makefile| 1 +
.../virti
rypto engine to improve performance for data queue,
this allows the larger depth instead of 1.
- Fix dst data length in akcipher service.
- Other style fix.
lei he (2):
virtio-crypto: adjust dst_len at ops callback
virtio-crypto: enable retry for virtio-crypto-dev
zhenwei pi (2):
virtio-c
that virtio-crypto could also
provide the functionality of an HSM? Or does the standard require that
the keys are provided by the guest?
Paolo
I'm very interested in this, I'll try in Q3-2022 or later.
--
zhenwei pi
___
Virtualization mailin
a enc=pkcs1 >/tmp/enc.pub
echo "Dec with priv key..."
keyctl pkey_decrypt $PRIV_KEY_ID 0 /tmp/enc.pub enc=pkcs1 >/tmp/dec
cmp /tmp/data /tmp/dec
echo "Verify with pub key..."
keyctl pkey_verify $PUB_KEY_ID 0 /tmp/data /tmp/sig enc=pkcs1 hash=sha1
Signed-off-by
From: lei he
Add unit test and benchmark test for crypto akcipher.
Signed-off-by: lei he
Signed-off-by: zhenwei pi
---
tests/bench/benchmark-crypto-akcipher.c | 161 ++
tests/bench/meson.build | 4 +
tests/bench/test_akcipher_keys.inc | 537
From: Lei He
Added gcryt implementation of RSA algorithm, RSA algorithm
implemented by gcrypt has a higher priority than nettle because
it supports raw padding.
Signed-off-by: Lei He
---
crypto/akcipher-gcrypt.c.inc | 531 +++
crypto/akcipher.c| 4
From: Lei He
Implement RSA algorithm by hogweed from nettle. Thus QEMU supports
a 'real' RSA backend to handle request from guest side. It's
important to test RSA offload case without OS & hardware requirement.
Signed-off-by: Lei He
Signed-off-by: zhenwei pi
---
crypto/ak
From: Lei He
Add an ANS.1 decoder which is used to parse asymmetric
cipher keys
Signed-off-by: zhenwei pi
Signed-off-by: Lei He
---
crypto/asn1_decoder.c | 161 ++
crypto/asn1_decoder.h | 75 +++
crypto/meson.build| 1
Support basic asymmetric operations: encrypt, decrypt, sign and
verify.
Co-developed-by: lei he
Signed-off-by: lei he
Signed-off-by: zhenwei pi
---
crypto/akcipher.c | 102 +
crypto/akcipherpriv.h | 43 +++
crypto/meson.build| 1
From: Lei He
Introduce akcipher types, also include RSA related types.
Signed-off-by: Lei He
Signed-off-by: zhenwei pi
---
qapi/crypto.json | 64
1 file changed, 64 insertions(+)
diff --git a/qapi/crypto.json b/qapi/crypto.json
index
- Implement RSA backend by nettle/hogweed.
Lei He (4):
crypto-akcipher: Introduce akcipher types to qapi
crypto: add ASN.1 decoder
crypto: Implement RSA algorithm by hogweed
crypto: Implement RSA algorithm by gcrypt
Zhenwei Pi (3):
virtio-crypto: header update
crypto: Introduce akc
Update header from linux, support akcipher service.
Reviewed-by: Gonglei
Signed-off-by: lei he
Signed-off-by: zhenwei pi
---
.../standard-headers/linux/virtio_crypto.h| 82 ++-
1 file changed, 81 insertions(+), 1 deletion(-)
diff --git a/include/standard-headers/linux
On 3/24/22 02:03, Eric Biggers wrote:
On Wed, Mar 23, 2022 at 03:32:37PM +0800, zhenwei pi wrote:
On 3/23/22 13:17, Eric Biggers wrote:
On Wed, Mar 23, 2022 at 10:49:06AM +0800, zhenwei pi wrote:
v2 -> v3:
- Introduce akcipher types to qapi
- Add test/benchmark suite for akcipher cl
On 3/23/22 23:38, Daniel P. Berrangé wrote:
On Wed, Mar 23, 2022 at 10:49:07AM +0800, zhenwei pi wrote:
Update header from linux, support akcipher service.
I'm assuming this is updated for *non-merged* Linux headers, since
I don't see these changes present in current linux.git
On 3/23/22 20:36, Michael S. Tsirkin wrote:
On Wed, Mar 23, 2022 at 10:49:06AM +0800, zhenwei pi wrote:
v2 -> v3:
- Introduce akcipher types to qapi
- Add test/benchmark suite for akcipher class
- Seperate 'virtio_crypto: Support virtio crypto asym operation' into:
- cryp
On 3/23/22 13:17, Eric Biggers wrote:
On Wed, Mar 23, 2022 at 10:49:06AM +0800, zhenwei pi wrote:
v2 -> v3:
- Introduce akcipher types to qapi
- Add test/benchmark suite for akcipher class
- Seperate 'virtio_crypto: Support virtio crypto asym operation' into:
- crypto: Intro
There are two parts in this patch:
1, support akcipher service by cryptodev-builtin driver
2, virtio-crypto driver supports akcipher service
Then virtio-crypto gets request from guest side, and forwards the
request to builtin driver to handle it.
Test with a guest linux:
1, The self-test framewor
From: Lei He
Add unit test and benchmark test for crypto akcipher.
Signed-off-by: lei he
Signed-off-by: zhenwei pi
---
tests/bench/benchmark-crypto-akcipher.c | 163 ++
tests/bench/meson.build | 6 +
tests/bench/test_akcipher_keys.inc | 277 +
tests/unit
From: Lei He
Introduce ASN.1 decoder, and implement RSA algorithm by hogweed
from nettle. Thus QEMU supports a 'real' RSA backend to handle
request from guest side. It's important to test RSA offload case
without OS & hardware requirement.
Signed-off-by: lei he
Signed
Support basic asymmetric operations: encrypt, decrypt, sign and
verify.
Co-developed-by: lei he
Signed-off-by: lei he
Signed-off-by: zhenwei pi
---
crypto/akcipher.c | 78 +
crypto/meson.build| 1 +
include/crypto/akcipher.h | 139
From: Lei He
Introduce akcipher types, also include RSA & ECDSA related types.
Signed-off-by: Lei He
Signed-off-by: zhenwei pi
---
qapi/crypto.json | 86
1 file changed, 86 insertions(+)
diff --git a/qapi/crypto.json b/qapi/crypto.json
i
Update header from linux, support akcipher service.
Reviewed-by: Gonglei
Signed-off-by: lei he
Signed-off-by: zhenwei pi
---
.../standard-headers/linux/virtio_crypto.h| 82 ++-
1 file changed, 81 insertions(+), 1 deletion(-)
diff --git a/include/standard-headers/linux
hogweed
tests/crypto: Add test suite for crypto akcipher
Zhenwei Pi (3):
virtio-crypto: header update
crypto: Introduce akcipher crypto class
virtio-crypto: Introduce RSA algorithm
backends/cryptodev-builtin.c | 319 +++-
backends/cryptodev-vhost-user.c |
>> The virtio crypto driver started making use of certain libraries and
>> algorithms without selecting them. Do so to fix these errors.
>>
>> Fixes: 8a75f36b5d7a ("virtio-crypto: implement RSA algorithm")
>> Signed-off-by: Nathan Chancellor
&
On 3/7/22 5:05 PM, Michael S. Tsirkin wrote:
On Mon, Mar 07, 2022 at 10:42:30AM +0800, zhenwei pi wrote:
Hi, Michael & Lei
The full patchset has been reviewed by Gonglei, thanks to Gonglei.
Should I modify the virtio crypto specification(use "__le32 akcipher_algo;"
instead of &
lso cc Cornelia Huck.
On 3/2/22 11:39 AM, zhenwei pi wrote:
v2 -> v3:
Rename virtio_crypto_algs.c to virtio_crypto_skcipher_algs.c, and
minor changes of function name.
Minor changes in virtio_crypto_akcipher_algs.c: no need to copy from
buffer if opcode is verify.
v1 -&g
On 3/3/22 4:40 AM, Eric Biggers wrote:
On Wed, Mar 02, 2022 at 11:39:13AM +0800, zhenwei pi wrote:
v2 -> v3:
Rename virtio_crypto_algs.c to virtio_crypto_skcipher_algs.c, and
minor changes of function name.
Minor changes in virtio_crypto_akcipher_algs.c: no need to copy f
Suggested by Gonglei, rename virtio_crypto_algs.c to
virtio_crypto_skcipher_algs.c. Also minor changes for function name.
Thus the function of source files get clear: skcipher services in
virtio_crypto_skcipher_algs.c and akcipher services in
virtio_crypto_akcipher_algs.c.
Signed-off-by: zhenwei
ipher_algs.c
@@ -0,0 +1,585 @@
+// SPDX-License-Identifier: GPL-2.0-or-later
+ /* Asymmetric algorithms supported by virtio crypto device
+ *
+ * Authors: zhenwei pi
+ * lei he
+ *
+ * Copyright 2022 Bytedance CO., LTD.
+ */
+
+#include
+#include
+#include
+#include
+#include
+#inc
Introduce asymmetric service definition, asymmetric operations and
several well known algorithms.
Co-developed-by: lei he
Signed-off-by: lei he
Signed-off-by: zhenwei pi
---
include/uapi/linux/virtio_crypto.h | 81 +-
1 file changed, 80 insertions(+), 1 deletion
Base on the lastest virtio crypto spec, define VIRTIO_CRYPTO_NOSPC.
Reviewed-by: Gonglei
Signed-off-by: zhenwei pi
---
include/uapi/linux/virtio_crypto.h | 1 +
1 file changed, 1 insertion(+)
diff --git a/include/uapi/linux/virtio_crypto.h
b/include/uapi/linux/virtio_crypto.h
index
to gurus Herbert and linux-cry...@vger.kernel.org.
Test with QEMU(patched by the v2 version), works fine.
v1:
Introduce akcipher service, implement RSA algorithm, and a minor fix.
zhenwei pi (4):
virtio_crypto: Introduce VIRTIO_CRYPTO_NOSPC
virtio-crypto: introduce akcipher service
vi
PING!
Hi, Lei
I also take a look at other crypto drivers qat/ccp/hisilicon, they
separate akcipher/skcipher algo. If you consider that reusing
virtio_crypto_algs_register/unregister seems better, I will try to merge
them into a single function.
On 2/23/22 6:17 PM, zhenwei pi wrote:
On 2/18/22
On 2/18/22 11:12 AM, zhenwei pi wrote:
+void virtio_crypto_akcipher_algs_unregister(struct virtio_crypto
+*vcrypto) {
+ int i = 0;
+
+ mutex_lock(&algs_lock);
+
+ for (i = 0; i < ARRAY_SIZE(virtio_crypto_akcipher_algs); i++) {
+ uint32_t service = virtio_crypto_akcipher
pher.
This gets unclear from current v2 version.
On the other hand, the kernel side prefers to separate skcipher and
akcipher(separated header files and implementations).
--
zhenwei pi
___
Virtualization mailing list
Virtualization@lists.linux-foundat
Hi, Lei
Could you please review the V2 version?
On 2/11/22 4:41 PM, zhenwei pi wrote:
v1 -> v2:
- Fix 1 compiling warning reported by kernel test robot
- Put "__le32 akcipher_algo;" instead of "__le32 reserve;" field of
struct virtio_crypto_config directly wit
tmp/data enc=pkcs1 >/tmp/enc.pub
echo "Dec with priv key..."
keyctl pkey_decrypt $PRIV_KEY_ID 0 /tmp/enc.pub enc=pkcs1 >/tmp/dec
cmp /tmp/data /tmp/dec
echo "Verify with pub key..."
keyctl pkey_verify $PUB_KEY_ID 0 /tmp/data /tmp/sig enc=pkcs1 hash=sha1
Signed-off-by:
can provide asymmetric support for guest, but the asymmetric
request from guest shoule always fail until an available asymmetric
backend gets supported.
Co-developed-by: lei he
Signed-off-by: lei he
Signed-off-by: zhenwei pi
---
backends/cryptodev-builtin.c | 201 ++
back
Update header from linux, support akcipher service.
Signed-off-by: lei he
Signed-off-by: zhenwei pi
---
.../standard-headers/linux/virtio_crypto.h| 82 ++-
1 file changed, 81 insertions(+), 1 deletion(-)
diff --git a/include/standard-headers/linux/virtio_crypto.h
b
v1 -> v2:
- Update virtio_crypto.h from v2 version of related kernel patch.
v1:
- Support akcipher for virtio-crypto.
- Introduce akcipher class.
- Introduce ASN1 decoder into QEMU.
- Implement RSA backend by nettle/hogweed.
Lei He (1):
crypto: Introduce RSA algorithm
Zhenwei Pi (2):
vir
ipher_algo.c
@@ -0,0 +1,584 @@
+// SPDX-License-Identifier: GPL-2.0-or-later
+ /* Asymmetric algorithms supported by virtio crypto device
+ *
+ * Authors: zhenwei pi
+ * lei he
+ *
+ * Copyright 2022 Bytedance CO., LTD.
+ */
+
+#include
+#include
+#include
+#include
+#include
+#inc
Introduce asymmetric service definition, asymmetric operations and
several well known algorithms.
Co-developed-by: lei he
Signed-off-by: lei he
Signed-off-by: zhenwei pi
---
include/uapi/linux/virtio_crypto.h | 81 +-
1 file changed, 80 insertions(+), 1 deletion
Base on the lastest virtio crypto spec, define VIRTIO_CRYPTO_NOSPC.
Reviewed-by: Gonglei
Signed-off-by: zhenwei pi
---
include/uapi/linux/virtio_crypto.h | 1 +
1 file changed, 1 insertion(+)
diff --git a/include/uapi/linux/virtio_crypto.h
b/include/uapi/linux/virtio_crypto.h
index
bit alignment.
- Remove irrelevant change by code format alignment.
- Also CC crypto gurus Herbert and linux-cry...@vger.kernel.org.
- Test with QEMU(patched by the v2 version), works fine.
v1:
- Introduce akcipher service, implement RSA algorithm, and a minor fix.
zhenwei pi (3):
v
__le32 reserve;-->__le32 akcipher_algo;
/* Maximum size of each crypto request's content */
__le64 max_size;
};
--
zhenwei pi
___
Virtualization mailing list
Virtualization@lists.linux-foundation.org
https://list
PING!
PS: Please ignore the warning from kernel test robot, I'll fix it in
next version.
On 1/21/22 10:24 AM, zhenwei pi wrote:
Introduce akcipher service, implement RSA algorithm, and a minor fix.
zhenwei pi (3):
virtio_crypto: Introduce VIRTIO_CRYPTO_NOSPC
virtio-crypto: intr
/data enc=pkcs1 >/tmp/enc.pub
echo "Dec with priv key..."
keyctl pkey_decrypt $PRIV_KEY_ID 0 /tmp/enc.pub enc=pkcs1 >/tmp/dec
cmp /tmp/data /tmp/dec
echo "Verify with pub key..."
keyctl pkey_verify $PUB_KEY_ID 0 /tmp/data /tmp/sig enc=pkcs1 hash=sha1
Co-developed-by: lei h
Introduce asymmetric service definition, asymmetric operations and
several well known algorithms.
Co-developed-by: lei he
Signed-off-by: lei he
Signed-off-by: zhenwei pi
---
include/uapi/linux/virtio_crypto.h | 99 +++---
1 file changed, 89 insertions(+), 10 deletions
Base on the lastest virtio crypto spec, define VIRTIO_CRYPTO_NOSPC.
Signed-off-by: zhenwei pi
---
include/uapi/linux/virtio_crypto.h | 1 +
1 file changed, 1 insertion(+)
diff --git a/include/uapi/linux/virtio_crypto.h
b/include/uapi/linux/virtio_crypto.h
index a03932f10565..1166a49084b0
Introduce akcipher service, implement RSA algorithm, and a minor fix.
zhenwei pi (3):
virtio_crypto: Introduce VIRTIO_CRYPTO_NOSPC
virtio-crypto: introduce akcipher service
virtio-crypto: implement RSA algorithm
drivers/crypto/virtio/Makefile| 1 +
.../virtio
is that the port is unplugged and the vq buf still remained.
So, fix two cases in this patch:
1, fix memory leak with attach-device/detach-device.
2, fix logic bug with attach-device/detach-device/attach-device.
Signed-off-by: zhenwei pi
---
drivers/char/virtio_console.c | 21
is that the port is unplugged and the vq buf still remained.
So, fix two cases in this patch:
1, fix memory leak with attach-device/detach-device.
2, fix logic bug with attach-device/detach-device/attach-device.
Signed-off-by: zhenwei pi
---
drivers/char/virtio_console.c | 21
101 - 169 of 169 matches
Mail list logo