Introduce akcipher service, implement RSA algorithm, and a minor fix.
zhenwei pi (3):
virtio_crypto: Introduce VIRTIO_CRYPTO_NOSPC
virtio-crypto: introduce akcipher service
virtio-crypto: implement RSA algorithm
drivers/crypto/virtio/Makefile| 1 +
.../virtio
Base on the lastest virtio crypto spec, define VIRTIO_CRYPTO_NOSPC.
Signed-off-by: zhenwei pi
---
include/uapi/linux/virtio_crypto.h | 1 +
1 file changed, 1 insertion(+)
diff --git a/include/uapi/linux/virtio_crypto.h
b/include/uapi/linux/virtio_crypto.h
index a03932f10565..1166a49084b0
Introduce asymmetric service definition, asymmetric operations and
several well known algorithms.
Co-developed-by: lei he
Signed-off-by: lei he
Signed-off-by: zhenwei pi
---
include/uapi/linux/virtio_crypto.h | 99 +++---
1 file changed, 89 insertions(+), 10 deletions
/data enc=pkcs1 >/tmp/enc.pub
echo "Dec with priv key..."
keyctl pkey_decrypt $PRIV_KEY_ID 0 /tmp/enc.pub enc=pkcs1 >/tmp/dec
cmp /tmp/data /tmp/dec
echo "Verify with pub key..."
keyctl pkey_verify $PUB_KEY_ID 0 /tmp/data /tmp/sig enc=pkcs1 hash=sha1
Co-developed-by: lei h
PING!
PS: Please ignore the warning from kernel test robot, I'll fix it in
next version.
On 1/21/22 10:24 AM, zhenwei pi wrote:
Introduce akcipher service, implement RSA algorithm, and a minor fix.
zhenwei pi (3):
virtio_crypto: Introduce VIRTIO_CRYPTO_NOSPC
virtio-crypto: intr
__le32 reserve;-->__le32 akcipher_algo;
/* Maximum size of each crypto request's content */
__le64 max_size;
};
--
zhenwei pi
___
Virtualization mailing list
Virtualization@lists.linux-foundation.org
https://list
bit alignment.
- Remove irrelevant change by code format alignment.
- Also CC crypto gurus Herbert and linux-cry...@vger.kernel.org.
- Test with QEMU(patched by the v2 version), works fine.
v1:
- Introduce akcipher service, implement RSA algorithm, and a minor fix.
zhenwei pi (3):
v
Introduce asymmetric service definition, asymmetric operations and
several well known algorithms.
Co-developed-by: lei he
Signed-off-by: lei he
Signed-off-by: zhenwei pi
---
include/uapi/linux/virtio_crypto.h | 81 +-
1 file changed, 80 insertions(+), 1 deletion
Base on the lastest virtio crypto spec, define VIRTIO_CRYPTO_NOSPC.
Reviewed-by: Gonglei
Signed-off-by: zhenwei pi
---
include/uapi/linux/virtio_crypto.h | 1 +
1 file changed, 1 insertion(+)
diff --git a/include/uapi/linux/virtio_crypto.h
b/include/uapi/linux/virtio_crypto.h
index
ipher_algo.c
@@ -0,0 +1,584 @@
+// SPDX-License-Identifier: GPL-2.0-or-later
+ /* Asymmetric algorithms supported by virtio crypto device
+ *
+ * Authors: zhenwei pi
+ * lei he
+ *
+ * Copyright 2022 Bytedance CO., LTD.
+ */
+
+#include
+#include
+#include
+#include
+#include
+#inc
v1 -> v2:
- Update virtio_crypto.h from v2 version of related kernel patch.
v1:
- Support akcipher for virtio-crypto.
- Introduce akcipher class.
- Introduce ASN1 decoder into QEMU.
- Implement RSA backend by nettle/hogweed.
Lei He (1):
crypto: Introduce RSA algorithm
Zhenwei Pi (2):
vir
Update header from linux, support akcipher service.
Signed-off-by: lei he
Signed-off-by: zhenwei pi
---
.../standard-headers/linux/virtio_crypto.h| 82 ++-
1 file changed, 81 insertions(+), 1 deletion(-)
diff --git a/include/standard-headers/linux/virtio_crypto.h
b
can provide asymmetric support for guest, but the asymmetric
request from guest shoule always fail until an available asymmetric
backend gets supported.
Co-developed-by: lei he
Signed-off-by: lei he
Signed-off-by: zhenwei pi
---
backends/cryptodev-builtin.c | 201 ++
back
tmp/data enc=pkcs1 >/tmp/enc.pub
echo "Dec with priv key..."
keyctl pkey_decrypt $PRIV_KEY_ID 0 /tmp/enc.pub enc=pkcs1 >/tmp/dec
cmp /tmp/data /tmp/dec
echo "Verify with pub key..."
keyctl pkey_verify $PUB_KEY_ID 0 /tmp/data /tmp/sig enc=pkcs1 hash=sha1
Signed-off-by:
Hi, Lei
Could you please review the V2 version?
On 2/11/22 4:41 PM, zhenwei pi wrote:
v1 -> v2:
- Fix 1 compiling warning reported by kernel test robot
- Put "__le32 akcipher_algo;" instead of "__le32 reserve;" field of
struct virtio_crypto_config directly wit
pher.
This gets unclear from current v2 version.
On the other hand, the kernel side prefers to separate skcipher and
akcipher(separated header files and implementations).
--
zhenwei pi
___
Virtualization mailing list
Virtualization@lists.linux-foundat
On 2/18/22 11:12 AM, zhenwei pi wrote:
+void virtio_crypto_akcipher_algs_unregister(struct virtio_crypto
+*vcrypto) {
+ int i = 0;
+
+ mutex_lock(&algs_lock);
+
+ for (i = 0; i < ARRAY_SIZE(virtio_crypto_akcipher_algs); i++) {
+ uint32_t service = virtio_crypto_akcipher
PING!
Hi, Lei
I also take a look at other crypto drivers qat/ccp/hisilicon, they
separate akcipher/skcipher algo. If you consider that reusing
virtio_crypto_algs_register/unregister seems better, I will try to merge
them into a single function.
On 2/23/22 6:17 PM, zhenwei pi wrote:
On 2/18/22
to gurus Herbert and linux-cry...@vger.kernel.org.
Test with QEMU(patched by the v2 version), works fine.
v1:
Introduce akcipher service, implement RSA algorithm, and a minor fix.
zhenwei pi (4):
virtio_crypto: Introduce VIRTIO_CRYPTO_NOSPC
virtio-crypto: introduce akcipher service
vi
Introduce asymmetric service definition, asymmetric operations and
several well known algorithms.
Co-developed-by: lei he
Signed-off-by: lei he
Signed-off-by: zhenwei pi
---
include/uapi/linux/virtio_crypto.h | 81 +-
1 file changed, 80 insertions(+), 1 deletion
Base on the lastest virtio crypto spec, define VIRTIO_CRYPTO_NOSPC.
Reviewed-by: Gonglei
Signed-off-by: zhenwei pi
---
include/uapi/linux/virtio_crypto.h | 1 +
1 file changed, 1 insertion(+)
diff --git a/include/uapi/linux/virtio_crypto.h
b/include/uapi/linux/virtio_crypto.h
index
ipher_algs.c
@@ -0,0 +1,585 @@
+// SPDX-License-Identifier: GPL-2.0-or-later
+ /* Asymmetric algorithms supported by virtio crypto device
+ *
+ * Authors: zhenwei pi
+ * lei he
+ *
+ * Copyright 2022 Bytedance CO., LTD.
+ */
+
+#include
+#include
+#include
+#include
+#include
+#inc
Suggested by Gonglei, rename virtio_crypto_algs.c to
virtio_crypto_skcipher_algs.c. Also minor changes for function name.
Thus the function of source files get clear: skcipher services in
virtio_crypto_skcipher_algs.c and akcipher services in
virtio_crypto_akcipher_algs.c.
Signed-off-by: zhenwei
On 3/3/22 4:40 AM, Eric Biggers wrote:
On Wed, Mar 02, 2022 at 11:39:13AM +0800, zhenwei pi wrote:
v2 -> v3:
Rename virtio_crypto_algs.c to virtio_crypto_skcipher_algs.c, and
minor changes of function name.
Minor changes in virtio_crypto_akcipher_algs.c: no need to copy f
lso cc Cornelia Huck.
On 3/2/22 11:39 AM, zhenwei pi wrote:
v2 -> v3:
Rename virtio_crypto_algs.c to virtio_crypto_skcipher_algs.c, and
minor changes of function name.
Minor changes in virtio_crypto_akcipher_algs.c: no need to copy from
buffer if opcode is verify.
v1 -&g
On 3/7/22 5:05 PM, Michael S. Tsirkin wrote:
On Mon, Mar 07, 2022 at 10:42:30AM +0800, zhenwei pi wrote:
Hi, Michael & Lei
The full patchset has been reviewed by Gonglei, thanks to Gonglei.
Should I modify the virtio crypto specification(use "__le32 akcipher_algo;"
instead of &
>> The virtio crypto driver started making use of certain libraries and
>> algorithms without selecting them. Do so to fix these errors.
>>
>> Fixes: 8a75f36b5d7a ("virtio-crypto: implement RSA algorithm")
>> Signed-off-by: Nathan Chancellor
&
hogweed
tests/crypto: Add test suite for crypto akcipher
Zhenwei Pi (3):
virtio-crypto: header update
crypto: Introduce akcipher crypto class
virtio-crypto: Introduce RSA algorithm
backends/cryptodev-builtin.c | 319 +++-
backends/cryptodev-vhost-user.c |
Update header from linux, support akcipher service.
Reviewed-by: Gonglei
Signed-off-by: lei he
Signed-off-by: zhenwei pi
---
.../standard-headers/linux/virtio_crypto.h| 82 ++-
1 file changed, 81 insertions(+), 1 deletion(-)
diff --git a/include/standard-headers/linux
From: Lei He
Introduce akcipher types, also include RSA & ECDSA related types.
Signed-off-by: Lei He
Signed-off-by: zhenwei pi
---
qapi/crypto.json | 86
1 file changed, 86 insertions(+)
diff --git a/qapi/crypto.json b/qapi/crypto.json
i
Support basic asymmetric operations: encrypt, decrypt, sign and
verify.
Co-developed-by: lei he
Signed-off-by: lei he
Signed-off-by: zhenwei pi
---
crypto/akcipher.c | 78 +
crypto/meson.build| 1 +
include/crypto/akcipher.h | 139
From: Lei He
Introduce ASN.1 decoder, and implement RSA algorithm by hogweed
from nettle. Thus QEMU supports a 'real' RSA backend to handle
request from guest side. It's important to test RSA offload case
without OS & hardware requirement.
Signed-off-by: lei he
Signed
From: Lei He
Add unit test and benchmark test for crypto akcipher.
Signed-off-by: lei he
Signed-off-by: zhenwei pi
---
tests/bench/benchmark-crypto-akcipher.c | 163 ++
tests/bench/meson.build | 6 +
tests/bench/test_akcipher_keys.inc | 277 +
tests/unit
There are two parts in this patch:
1, support akcipher service by cryptodev-builtin driver
2, virtio-crypto driver supports akcipher service
Then virtio-crypto gets request from guest side, and forwards the
request to builtin driver to handle it.
Test with a guest linux:
1, The self-test framewor
On 3/23/22 13:17, Eric Biggers wrote:
On Wed, Mar 23, 2022 at 10:49:06AM +0800, zhenwei pi wrote:
v2 -> v3:
- Introduce akcipher types to qapi
- Add test/benchmark suite for akcipher class
- Seperate 'virtio_crypto: Support virtio crypto asym operation' into:
- crypto: Intro
On 3/23/22 20:36, Michael S. Tsirkin wrote:
On Wed, Mar 23, 2022 at 10:49:06AM +0800, zhenwei pi wrote:
v2 -> v3:
- Introduce akcipher types to qapi
- Add test/benchmark suite for akcipher class
- Seperate 'virtio_crypto: Support virtio crypto asym operation' into:
- cryp
On 3/23/22 23:38, Daniel P. Berrangé wrote:
On Wed, Mar 23, 2022 at 10:49:07AM +0800, zhenwei pi wrote:
Update header from linux, support akcipher service.
I'm assuming this is updated for *non-merged* Linux headers, since
I don't see these changes present in current linux.git
On 3/24/22 02:03, Eric Biggers wrote:
On Wed, Mar 23, 2022 at 03:32:37PM +0800, zhenwei pi wrote:
On 3/23/22 13:17, Eric Biggers wrote:
On Wed, Mar 23, 2022 at 10:49:06AM +0800, zhenwei pi wrote:
v2 -> v3:
- Introduce akcipher types to qapi
- Add test/benchmark suite for akcipher cl
Looks good to me, thanks!
Acked-by: zhenwei pi
On 11/14/22 19:07, Wei Yongjun wrote:
From: Wei Yongjun
'vc_ctrl_req' is alloced in virtio_crypto_alg_skcipher_close_session(),
and should be freed in the invalid ctrl_status->status error handling
case. Otherwise there is a memory
- Implement RSA backend by nettle/hogweed.
Lei He (4):
crypto-akcipher: Introduce akcipher types to qapi
crypto: add ASN.1 decoder
crypto: Implement RSA algorithm by hogweed
crypto: Implement RSA algorithm by gcrypt
Zhenwei Pi (3):
virtio-crypto: header update
crypto: Introduce akc
Update header from linux, support akcipher service.
Reviewed-by: Gonglei
Signed-off-by: lei he
Signed-off-by: zhenwei pi
---
.../standard-headers/linux/virtio_crypto.h| 82 ++-
1 file changed, 81 insertions(+), 1 deletion(-)
diff --git a/include/standard-headers/linux
From: Lei He
Introduce akcipher types, also include RSA related types.
Signed-off-by: Lei He
Signed-off-by: zhenwei pi
---
qapi/crypto.json | 64
1 file changed, 64 insertions(+)
diff --git a/qapi/crypto.json b/qapi/crypto.json
index
Support basic asymmetric operations: encrypt, decrypt, sign and
verify.
Co-developed-by: lei he
Signed-off-by: lei he
Signed-off-by: zhenwei pi
---
crypto/akcipher.c | 102 +
crypto/akcipherpriv.h | 43 +++
crypto/meson.build| 1
From: Lei He
Add an ANS.1 decoder which is used to parse asymmetric
cipher keys
Signed-off-by: zhenwei pi
Signed-off-by: Lei He
---
crypto/asn1_decoder.c | 161 ++
crypto/asn1_decoder.h | 75 +++
crypto/meson.build| 1
From: Lei He
Implement RSA algorithm by hogweed from nettle. Thus QEMU supports
a 'real' RSA backend to handle request from guest side. It's
important to test RSA offload case without OS & hardware requirement.
Signed-off-by: Lei He
Signed-off-by: zhenwei pi
---
crypto/ak
From: Lei He
Added gcryt implementation of RSA algorithm, RSA algorithm
implemented by gcrypt has a higher priority than nettle because
it supports raw padding.
Signed-off-by: Lei He
---
crypto/akcipher-gcrypt.c.inc | 531 +++
crypto/akcipher.c| 4
From: lei he
Add unit test and benchmark test for crypto akcipher.
Signed-off-by: lei he
Signed-off-by: zhenwei pi
---
tests/bench/benchmark-crypto-akcipher.c | 161 ++
tests/bench/meson.build | 4 +
tests/bench/test_akcipher_keys.inc | 537
a enc=pkcs1 >/tmp/enc.pub
echo "Dec with priv key..."
keyctl pkey_decrypt $PRIV_KEY_ID 0 /tmp/enc.pub enc=pkcs1 >/tmp/dec
cmp /tmp/data /tmp/dec
echo "Verify with pub key..."
keyctl pkey_verify $PUB_KEY_ID 0 /tmp/data /tmp/sig enc=pkcs1 hash=sha1
Signed-off-by
that virtio-crypto could also
provide the functionality of an HSM? Or does the standard require that
the keys are provided by the guest?
Paolo
I'm very interested in this, I'll try in Q3-2022 or later.
--
zhenwei pi
___
Virtualization mailin
rypto engine to improve performance for data queue,
this allows the larger depth instead of 1.
- Fix dst data length in akcipher service.
- Other style fix.
lei he (2):
virtio-crypto: adjust dst_len at ops callback
virtio-crypto: enable retry for virtio-crypto-dev
zhenwei pi (2):
virtio-c
Signed-off-by: zhenwei pi
---
drivers/crypto/virtio/virtio_crypto_common.c | 31 +++
drivers/crypto/virtio/virtio_crypto_common.h | 2 ++
drivers/crypto/virtio/virtio_crypto_core.c | 32
3 files changed, 33 insertions(+), 32 deletions(-)
diff --git a/drivers
e, wait completion instead
of busy polling without lock race, and get completed by control queue
callback. Test this patch, the guest side get ~200K/s operations with
300% CPU utilization.
Signed-off-by: zhenwei pi
---
drivers/crypto/virtio/Makefile| 1 +
.../virti
From: lei he
For some akcipher operations(eg, decryption of pkcs1pad(rsa)),
the length of returned result maybe less than akcipher_req->dst_len,
we need to recalculate the actual dst_len through the virt-queue
protocol.
Signed-off-by: lei he
Signed-off-by: zhenwei pi
---
drivers/cry
From: lei he
Enable retry for virtio-crypto-dev, so that crypto-engine
can process cipher-requests parallelly.
Signed-off-by: lei he
---
drivers/crypto/virtio/virtio_crypto_core.c | 3 ++-
1 file changed, 2 insertions(+), 1 deletion(-)
diff --git a/drivers/crypto/virtio/virtio_crypto_core.c
ty
improvement and might need its own patch, or at least documentation.
OK, kfree is good enough here, I'll fix this.
Thanks a lot!
--
zhenwei pi
___
Virtualization mailing list
Virtualization@lists.linux-foundation.org
https://lists.linuxfoundation.org/mailman/listinfo/virtualization
o-crypto: enable retry for virtio-crypto-dev
zhenwei pi (2):
virtio-crypto: wait ctrl queue instead of busy polling
virtio-crypto: move helpers into virtio_crypto_common.c
drivers/crypto/virtio/Makefile| 1 +
.../virtio/virtio_crypto_akcipher_algs.c | 95 ++---
add & kick
|
-spin_unlock(&vcrypto->ctrl_lock)--
/ / \ \
| | | |
wait wait wait wait
Test this patch, the guest side get ~20
Signed-off-by: zhenwei pi
---
drivers/crypto/virtio/virtio_crypto_common.c | 31 +++
drivers/crypto/virtio/virtio_crypto_common.h | 2 ++
drivers/crypto/virtio/virtio_crypto_core.c | 32
3 files changed, 33 insertions(+), 32 deletions(-)
diff --git a/drivers
From: lei he
For some akcipher operations(eg, decryption of pkcs1pad(rsa)),
the length of returned result maybe less than akcipher_req->dst_len,
we need to recalculate the actual dst_len through the virt-queue
protocol.
Signed-off-by: lei he
Signed-off-by: zhenwei pi
---
drivers/cry
From: lei he
Enable retry for virtio-crypto-dev, so that crypto-engine
can process cipher-requests parallelly.
Signed-off-by: lei he
---
drivers/crypto/virtio/virtio_crypto_core.c | 3 ++-
1 file changed, 2 insertions(+), 1 deletion(-)
diff --git a/drivers/crypto/virtio/virtio_crypto_core.c
Hi Daniel,
Could you please review this series?
On 4/11/22 18:43, zhenwei pi wrote:
v3 -> v4:
- Coding style fix: Akcipher -> AkCipher, struct XXX -> XXX, Rsa -> RSA,
XXX-alg -> XXX-algo.
- Change version info in qapi/crypto.json, from 7.0 -> 7.1.
- Remove ecdsa from qapi/cry
On 4/20/22 11:32, Jason Wang wrote:
在 2022/4/18 17:00, zhenwei pi 写道:
Originally, after submitting request into virtio crypto control
queue, the guest side polls the result from the virt queue. This
allows all of the requests share a single request buffer in
struct virtio_crypto(ctrl&i
retry on crypto engine to improve performance for data queue,
this allows the larger depth instead of 1.
- Fix dst data length in akcipher service.
- Other style fix.
lei he (2):
virtio-crypto: adjust dst_len at ops callback
virtio-crypto: enable retry for virtio-crypto-dev
zhenwei pi (3):
vi
uest::ctrl::u::destroy_session::padding[48]
*/
So use kzalloc to allocate buffer of struct virtio_crypto_ctrl_request.
Cc: Michael S. Tsirkin
Cc: Jason Wang
Cc: Gonglei
Signed-off-by: zhenwei pi
---
drivers/crypto/virtio/Makefile| 1 +
.../virtio/virtio_crypto_akcipher_algs
| |
wait wait wait wait
Test this patch, the guest side get ~200K/s operations with 300% CPU
utilization.
Cc: Michael S. Tsirkin
Cc: Jason Wang
Cc: Gonglei
Signed-off-by: zhenwei pi
---
drivers/crypto/virtio/virtio_crypto_comm
: Michael S. Tsirkin
Cc: Jason Wang
Cc: Gonglei
Signed-off-by: zhenwei pi
---
drivers/crypto/virtio/virtio_crypto_common.c | 31 +++
drivers/crypto/virtio/virtio_crypto_common.h | 2 ++
drivers/crypto/virtio/virtio_crypto_core.c | 32
3 files changed, 33
he
Signed-off-by: zhenwei pi
---
drivers/crypto/virtio/virtio_crypto_akcipher_algs.c | 5 -
1 file changed, 4 insertions(+), 1 deletion(-)
diff --git a/drivers/crypto/virtio/virtio_crypto_akcipher_algs.c
b/drivers/crypto/virtio/virtio_crypto_akcipher_algs.c
index 9561bc2df62b..82db86e08
From: lei he
Enable retry for virtio-crypto-dev, so that crypto-engine
can process cipher-requests parallelly.
Cc: Michael S. Tsirkin
Cc: Jason Wang
Cc: Gonglei
Signed-off-by: lei he
Signed-off-by: zhenwei pi
---
drivers/crypto/virtio/virtio_crypto_core.c | 3 ++-
1 file changed, 2
On 4/22/22 15:46, Jason Wang wrote:
在 2022/4/21 18:40, zhenwei pi 写道:
Originally, after submitting request into virtio crypto control
queue, the guest side polls the result from the virt queue. This
works like following:
CPU0 CPU1 ... CPUx CPUy
On 4/22/22 15:41, Jason Wang wrote:
在 2022/4/21 18:40, zhenwei pi 写道:
Originally, all of the control requests share a single buffer(
ctrl & input & ctrl_status fields in struct virtio_crypto), this
allows queue depth 1 only, the performance of control queue gets
limited by this des
rtio-crypto: enable retry for virtio-crypto-dev
zhenwei pi (3):
virtio-crypto: change code style
virtio-crypto: use private buffer for control request
virtio-crypto: wait ctrl queue instead of busy polling
.../virtio/virtio_crypto_akcipher_algs.c | 83 ++-
drivers/crypto/virtio/
le32(op);
The new style shows more obviously:
- the variable we want to operate.
- an assignment statement in a single line.
Cc: Michael S. Tsirkin
Cc: Jason Wang
Cc: Gonglei
Signed-off-by: zhenwei pi
---
.../virtio/virtio_crypto_akcipher_algs.c | 40 ++-
.../v
* sending to host to avoid to divulge any information.
* Ex, virtio_crypto_ctrl_request::ctrl::u::destroy_session::padding[48]
*/
So use kzalloc to allocate buffer of struct virtio_crypto_ctrl_request.
Cc: Michael S. Tsirkin
Cc: Jason Wang
Cc: Gonglei
Signed-off-by: zhenwei pi
--
| |
wait wait wait wait
Test this patch, the guest side get ~200K/s operations with 300% CPU
utilization.
Cc: Michael S. Tsirkin
Cc: Jason Wang
Cc: Gonglei
Signed-off-by: zhenwei pi
---
.../virtio/virtio_crypto_akcipher_algs.c | 29 +
he
Signed-off-by: zhenwei pi
---
drivers/crypto/virtio/virtio_crypto_akcipher_algs.c | 5 -
1 file changed, 4 insertions(+), 1 deletion(-)
diff --git a/drivers/crypto/virtio/virtio_crypto_akcipher_algs.c
b/drivers/crypto/virtio/virtio_crypto_akcipher_algs.c
index 1e98502830cf..1892901d2
From: lei he
Enable retry for virtio-crypto-dev, so that crypto-engine
can process cipher-requests parallelly.
Cc: Michael S. Tsirkin
Cc: Jason Wang
Cc: Gonglei
Signed-off-by: lei he
Signed-off-by: zhenwei pi
---
drivers/crypto/virtio/virtio_crypto_core.c | 3 ++-
1 file changed, 2
On 4/24/22 14:21, Jason Wang wrote:
On Fri, Apr 22, 2022 at 5:12 PM zhenwei pi wrote:
On 4/22/22 15:41, Jason Wang wrote:
在 2022/4/21 18:40, zhenwei pi 写道:
Originally, all of the control requests share a single buffer(
ctrl & input & ctrl_status fields in struct virtio_crypto), thi
On 4/26/22 14:12, Jason Wang wrote:
On Sun, Apr 24, 2022 at 6:45 PM zhenwei pi wrote:
Use temporary variable to make code easy to read and maintain.
/* Pad cipher's parameters */
vcrypto->ctrl.u.sym_create_session.op_type =
cpu
y hogweed
crypto: Implement RSA algorithm by gcrypt
test/crypto: Add test suite for crypto akcipher
tests/crypto: Add test suite for RSA keys
Zhenwei Pi (3):
virtio-crypto: header update
crypto: Introduce akcipher crypto class
crypto: Introduce RSA algorithm
backends/cryptodev-buil
Update header from linux, support akcipher service.
Reviewed-by: Gonglei
Signed-off-by: lei he
Signed-off-by: zhenwei pi
---
.../standard-headers/linux/virtio_crypto.h| 82 ++-
1 file changed, 81 insertions(+), 1 deletion(-)
diff --git a/include/standard-headers/linux
From: Lei He
Introduce akcipher types, also include RSA related types.
Reviewed-by: Daniel P. Berrangé
Signed-off-by: Lei He
Signed-off-by: zhenwei pi
---
qapi/crypto.json | 64
1 file changed, 64 insertions(+)
diff --git a/qapi/crypto.json
ned-off-by: zhenwei pi
---
crypto/akcipher.c | 102
crypto/akcipherpriv.h | 55 +
crypto/meson.build| 1 +
include/crypto/akcipher.h | 158 ++
4 files changed, 316 insertions(+)
create mode 100644 crypto/
From: Lei He
Add an ANS.1 DER decoder which is used to parse asymmetric
cipher keys
Signed-off-by: zhenwei pi
Signed-off-by: lei he
---
crypto/der.c | 190 +++
crypto/der.h | 82 ++
crypto/meson.build | 1 +
tests/unit
From: Lei He
Added gcryt implementation of RSA algorithm, RSA algorithm
implemented by gcrypt has a higher priority than nettle because
it supports raw padding.
Signed-off-by: lei he
---
crypto/akcipher-gcrypt.c.inc | 520 +++
crypto/akcipher.c| 4
From: Lei He
Implement RSA algorithm by hogweed from nettle. Thus QEMU supports
a 'real' RSA backend to handle request from guest side. It's
important to test RSA offload case without OS & hardware requirement.
Signed-off-by: lei he
Signed-off-by: zhenwei pi
---
crypto/ak
From: Lei He
As Daniel suggested, Add tests suite for rsakey, as a way to prove
that we can handle DER errors correctly.
Signed-off-by: lei he
---
tests/unit/test-crypto-akcipher.c | 285 +-
1 file changed, 282 insertions(+), 3 deletions(-)
diff --git a/tests/unit/
From: Lei He
Add unit test and benchmark test for crypto akcipher.
Signed-off-by: lei he
Signed-off-by: zhenwei pi
Reviewed-by: Daniel P. Berrangé
---
tests/bench/benchmark-crypto-akcipher.c | 157 ++
tests/bench/meson.build | 4 +
tests/bench/test_akcipher_keys.inc
a enc=pkcs1 >/tmp/enc.pub
echo "Dec with priv key..."
keyctl pkey_decrypt $PRIV_KEY_ID 0 /tmp/enc.pub enc=pkcs1 >/tmp/dec
cmp /tmp/data /tmp/dec
echo "Verify with pub key..."
keyctl pkey_verify $PUB_KEY_ID 0 /tmp/data /tmp/sig enc=pkcs1 hash=sha1
Signed-off-by
this driver is not used widely. So I'd like to rework a lot,
it would be best to complete this work in 5.18 window.
This gets different point with Jason. I would appreciate it if you could
give me any hint.
On 4/24/22 18:41, zhenwei pi wrote:
Hi, Lei
I'd like to move helper and callba
ervice.
- Other style fix.
lei he (2):
virtio-crypto: adjust dst_len at ops callback
virtio-crypto: enable retry for virtio-crypto-dev
zhenwei pi (3):
virtio-crypto: change code style
virtio-crypto: use private buffer for control request
virtio-crypto: wait ctrl queue
le32(op);
The new style shows more obviously:
- the variable we want to operate.
- an assignment statement in a single line.
Cc: Michael S. Tsirkin
Cc: Jason Wang
Cc: Gonglei
Signed-off-by: zhenwei pi
---
.../virtio/virtio_crypto_akcipher_algs.c | 40 ++-
.../v
Dan Carpenter
Cc: Michael S. Tsirkin
Cc: Jason Wang
Cc: Gonglei
Signed-off-by: zhenwei pi
---
.../virtio/virtio_crypto_akcipher_algs.c | 57 ---
drivers/crypto/virtio/virtio_crypto_common.h | 17 --
.../virtio/virtio_crypto_skcipher_algs.c | 50 ++--
| |
wait wait wait wait
Test this patch, the guest side get ~200K/s operations with 300% CPU
utilization.
Cc: Michael S. Tsirkin
Cc: Jason Wang
Cc: Gonglei
Signed-off-by: zhenwei pi
---
.../virtio/virtio_crypto_akcipher_algs.c | 29 +
he
Signed-off-by: zhenwei pi
---
drivers/crypto/virtio/virtio_crypto_akcipher_algs.c | 5 -
1 file changed, 4 insertions(+), 1 deletion(-)
diff --git a/drivers/crypto/virtio/virtio_crypto_akcipher_algs.c
b/drivers/crypto/virtio/virtio_crypto_akcipher_algs.c
index 382ccec9ab12..2a60d0525
From: lei he
Enable retry for virtio-crypto-dev, so that crypto-engine
can process cipher-requests parallelly.
Cc: Michael S. Tsirkin
Cc: Jason Wang
Cc: Gonglei
Signed-off-by: lei he
Signed-off-by: zhenwei pi
---
drivers/crypto/virtio/virtio_crypto_core.c | 3 ++-
1 file changed, 2
On 5/5/22 12:57, Michael S. Tsirkin wrote:
On Thu, May 05, 2022 at 03:14:40AM +, Gonglei (Arei) wrote:
-Original Message-
From: zhenwei pi [mailto:pizhen...@bytedance.com]
Sent: Thursday, May 5, 2022 10:35 AM
To: Gonglei (Arei) ; m...@redhat.com;
jasow...@redhat.com
Cc: herb
On 5/6/22 17:34, Gonglei (Arei) wrote:
-Original Message-
From: zhenwei pi [mailto:pizhen...@bytedance.com]
Sent: Thursday, May 5, 2022 5:24 PM
To: Gonglei (Arei) ; m...@redhat.com
Cc: jasow...@redhat.com; herb...@gondor.apana.org.au;
linux-ker...@vger.kernel.org; virtualization
0K/s.
- Enable retry on crypto engine to improve performance for data queue,
this allows the larger depth instead of 1.
- Fix dst data length in akcipher service.
- Other style fix.
lei he (2):
virtio-crypto: adjust dst_len at ops callback
virtio-crypto: enable retry for virtio-crypto-dev
zhen
le32(op);
The new style shows more obviously:
- the variable we want to operate.
- an assignment statement in a single line.
Cc: Michael S. Tsirkin
Cc: Jason Wang
Cc: Gonglei
Reviewed-by: Gonglei
Signed-off-by: zhenwei pi
---
.../virtio/virtio_crypto_akcipher_algs.c | 40 ++--
From: lei he
Enable retry for virtio-crypto-dev, so that crypto-engine
can process cipher-requests parallelly.
Cc: Michael S. Tsirkin
Cc: Jason Wang
Cc: Gonglei
Reviewed-by: Gonglei
Signed-off-by: lei he
Signed-off-by: zhenwei pi
---
drivers/crypto/virtio/virtio_crypto_core.c | 3 ++-
1
1 - 100 of 169 matches
Mail list logo
