v1 --> v2: - Fix compile errors when neither 'nettle' nor 'gcrypt' are enabled. - Trivial changes to error codes when neither 'nettle' nor 'gcrypt' are enabled.
This patch adds a new backend called LKCF to cryptodev, LKCF stands for Linux Kernel Cryptography Framework. If a cryptographic accelerator that supports LKCF is installed on the the host (you can see which algorithms are supported in host's LKCF by executing 'cat /proc/crypto'), then RSA operations can be offloaded. More background info can refer to: https://lwn.net/Articles/895399/, 'keyctl[5]' in the picture. This patch: 1. Modified some interfaces of cryptodev and cryptodev-backend to support asynchronous requests. 2. Extended the DER encoder in crypto, so that we can export the RSA private key into PKCS#8 format and upload it to host kernel. 3. Added a new backend for cryptodev. I tested the backend with a QAT card, the qps of RSA-2048-decryption is about 25k/s, and the main-loop becomes the bottleneck. The qps using OpenSSL directly is about 6k/s (with 6 vCPUs). We will support IO-thread for cryptodev in another series later. Lei He (4): virtio-crypto: Support asynchronous mode crypto: Support DER encodings crypto: Support export akcipher to pkcs8 cryptodev: Add a lkcf-backend for cryptodev backends/cryptodev-builtin.c | 69 +++-- backends/cryptodev-lkcf.c | 645 ++++++++++++++++++++++++++++++++++++++++ backends/cryptodev-vhost-user.c | 51 +++- backends/cryptodev.c | 44 +-- backends/meson.build | 3 + crypto/akcipher.c | 18 ++ crypto/der.c | 307 +++++++++++++++++-- crypto/der.h | 211 ++++++++++++- crypto/rsakey.c | 42 +++ crypto/rsakey.h | 11 +- hw/virtio/virtio-crypto.c | 324 +++++++++++--------- include/crypto/akcipher.h | 21 ++ include/sysemu/cryptodev.h | 61 ++-- qapi/qom.json | 2 + tests/unit/test-crypto-der.c | 126 ++++++-- 15 files changed, 1675 insertions(+), 260 deletions(-) create mode 100644 backends/cryptodev-lkcf.c -- 2.11.0
