| Message ID | 20220919035320.84467-1-helei.sig11@bytedance.com (mailing list archive) |
|---|---|
| Headers | show |
| Series | Add a new backend for cryptodev | expand |
On 2022/9/19 11:53, Lei He wrote: > This patch adds a new backend called LKCF to cryptodev, LKCF stands > for Linux Kernel Cryptography Framework. If a cryptographic > accelerator that supports LKCF is installed on the the host (you can > see which algorithms are supported in host's LKCF by executing > 'cat /proc/crypto'), then RSA operations can be offloaded. > More background info can refer to: https://lwn.net/Articles/895399/, > 'keyctl[5]' in the picture. > > This patch: > 1. Modified some interfaces of cryptodev and cryptodev-backend to > support asynchronous requests. > 2. Extended the DER encoder in crypto, so that we can export the > RSA private key into PKCS#8 format and upload it to host kernel. > 3. Added a new backend for cryptodev. > > I tested the backend with a QAT card, the qps of RSA-2048-decryption > is about 25k/s, and the main-loop becomes the bottleneck. The qps > using OpenSSL directly is about 6k/s (with 6 vCPUs). We will support > IO-thread for cryptodev in another series later. PING, sorry if it made noise, can anyone help take a look at this patch, thanks. Best regards, Lei He -- helei.sig11@bytedance.com
On Mon, Sep 19, 2022 at 11:53:16AM +0800, Lei He wrote: > This patch adds a new backend called LKCF to cryptodev, LKCF stands > for Linux Kernel Cryptography Framework. If a cryptographic > accelerator that supports LKCF is installed on the the host (you can > see which algorithms are supported in host's LKCF by executing > 'cat /proc/crypto'), then RSA operations can be offloaded. > More background info can refer to: https://lwn.net/Articles/895399/, > 'keyctl[5]' in the picture. > > This patch: > 1. Modified some interfaces of cryptodev and cryptodev-backend to > support asynchronous requests. > 2. Extended the DER encoder in crypto, so that we can export the > RSA private key into PKCS#8 format and upload it to host kernel. > 3. Added a new backend for cryptodev. > > I tested the backend with a QAT card, the qps of RSA-2048-decryption > is about 25k/s, and the main-loop becomes the bottleneck. The qps > using OpenSSL directly is about 6k/s (with 6 vCPUs). We will support > IO-thread for cryptodev in another series later. > > Lei He (4): > virtio-crypto: Support asynchronous mode > crypto: Support DER encodings > crypto: Support export akcipher to pkcs8 > cryptodev: Add a lkcf-backend for cryptodev Seems to fail build for me - probably a conflict applying. Coul you pls rebase and repost? Sorry about the noise. > backends/cryptodev-builtin.c | 69 +++-- > backends/cryptodev-lkcf.c | 620 ++++++++++++++++++++++++++++++++++++++++ > backends/cryptodev-vhost-user.c | 51 +++- > backends/cryptodev.c | 44 +-- > backends/meson.build | 3 + > crypto/akcipher.c | 17 ++ > crypto/der.c | 307 ++++++++++++++++++-- > crypto/der.h | 211 +++++++++++++- > crypto/rsakey.c | 42 +++ > crypto/rsakey.h | 11 +- > hw/virtio/virtio-crypto.c | 324 ++++++++++++--------- > include/crypto/akcipher.h | 21 ++ > include/sysemu/cryptodev.h | 61 ++-- > qapi/qom.json | 2 + > tests/unit/test-crypto-der.c | 126 ++++++-- > 15 files changed, 1649 insertions(+), 260 deletions(-) > create mode 100644 backends/cryptodev-lkcf.c > > -- > 2.11.0
On 2022/10/7 22:25, Michael S. Tsirkin wrote: > On Mon, Sep 19, 2022 at 11:53:16AM +0800, Lei He wrote: >> This patch adds a new backend called LKCF to cryptodev, LKCF stands >> for Linux Kernel Cryptography Framework. If a cryptographic >> accelerator that supports LKCF is installed on the the host (you can >> see which algorithms are supported in host's LKCF by executing >> 'cat /proc/crypto'), then RSA operations can be offloaded. >> More background info can refer to: https://lwn.net/Articles/895399/, >> 'keyctl[5]' in the picture. >> >> This patch: >> 1. Modified some interfaces of cryptodev and cryptodev-backend to >> support asynchronous requests. >> 2. Extended the DER encoder in crypto, so that we can export the >> RSA private key into PKCS#8 format and upload it to host kernel. >> 3. Added a new backend for cryptodev. >> >> I tested the backend with a QAT card, the qps of RSA-2048-decryption >> is about 25k/s, and the main-loop becomes the bottleneck. The qps >> using OpenSSL directly is about 6k/s (with 6 vCPUs). We will support >> IO-thread for cryptodev in another series later. >> >> Lei He (4): >> virtio-crypto: Support asynchronous mode >> crypto: Support DER encodings >> crypto: Support export akcipher to pkcs8 >> cryptodev: Add a lkcf-backend for cryptodev > > Seems to fail build for me - probably a conflict applying. > Coul you pls rebase and repost? Sorry about the noise. I did a rebase but no conflicts seem to be found, this patch causes a compile error when neither nettle nor gcrypt is enabled - I've fixed it and reposted it as v2. > >> backends/cryptodev-builtin.c | 69 +++-- >> backends/cryptodev-lkcf.c | 620 ++++++++++++++++++++++++++++++++++++++++ >> backends/cryptodev-vhost-user.c | 51 +++- >> backends/cryptodev.c | 44 +-- >> backends/meson.build | 3 + >> crypto/akcipher.c | 17 ++ >> crypto/der.c | 307 ++++++++++++++++++-- >> crypto/der.h | 211 +++++++++++++- >> crypto/rsakey.c | 42 +++ >> crypto/rsakey.h | 11 +- >> hw/virtio/virtio-crypto.c | 324 ++++++++++++--------- >> include/crypto/akcipher.h | 21 ++ >> include/sysemu/cryptodev.h | 61 ++-- >> qapi/qom.json | 2 + >> tests/unit/test-crypto-der.c | 126 ++++++-- >> 15 files changed, 1649 insertions(+), 260 deletions(-) >> create mode 100644 backends/cryptodev-lkcf.c >> >> -- >> 2.11.0 > Best regards, Lei He -- helei.sig11@bytedance.com