23. Virtio Crypto Poll Mode Driver

The virtio crypto PMD provides poll mode driver support for the virtio crypto device.

23.1. Features

The virtio crypto PMD has support for:

Cipher algorithms:

  • RTE_CRYPTO_CIPHER_AES_CBC

Hash algorithms:

  • RTE_CRYPTO_AUTH_SHA1_HMAC

23.2. Limitations

  • Only supports the session-oriented API implementation (session-less APIs are not supported).
  • Only supports modern mode since virtio crypto conforms to virtio-1.0.
  • Only has two types of queues: data queue and control queue. These two queues only support indirect buffers to communication with the virtio backend.
  • Only supports AES_CBC cipher only algorithm and AES_CBC with HMAC_SHA1 chaining algorithm since the vhost crypto backend only these algorithms are supported.
  • Does not support Link State interrupt.
  • Does not support runtime configuration.

23.3. Virtio crypto PMD Rx/Tx Callbacks

Rx callbacks:

  • virtio_crypto_pkt_rx_burst

Tx callbacks:

  • virtio_crypto_pkt_tx_burst

23.4. Installation

Quick instructions are as follows:

Firstly run DPDK vhost crypto sample as a server side and build QEMU with vhost crypto enabled. QEMU can then be started using the following parameters:

qemu-system-x86_64 \
[...] \
    -chardev socket,id=charcrypto0,path=/path/to/your/socket \
    -object cryptodev-vhost-user,id=cryptodev0,chardev=charcrypto0 \
    -device virtio-crypto-pci,id=crypto0,cryptodev=cryptodev0
[...]

Secondly bind the uio_pci_generic driver for the virtio-crypto device. For example, 0000:00:04.0 is the domain, bus, device and function number of the virtio-crypto device:

modprobe uio_pci_generic
echo -n 0000:00:04.0 > /sys/bus/pci/drivers/virtio-pci/unbind
echo "1af4 1054" > /sys/bus/pci/drivers/uio_pci_generic/new_id

Finally the front-end virtio crypto PMD can be installed.

23.5. Tests

The unit test cases can be tested as below:

reserve enough huge pages
cd to <build_dir>
meson test cryptodev_virtio_autotest

The performance can be tested as below:

reserve enough huge pages
cd to <build_dir>

./app/dpdk-test-crypto-perf -l 0,1 -- --devtype crypto_virtio \
    --ptest throughput --optype cipher-then-auth --cipher-algo aes-cbc \
    --cipher-op encrypt --cipher-key-sz 16 --auth-algo sha1-hmac \
    --auth-op generate --auth-key-sz 64 --digest-sz 12 \
    --total-ops 100000000 --burst-sz 64 --buffer-sz 2048