v2 --> v3:
- Avoid using g_autoptr to free memory that not allocated in current
function.
- Fix memory-leak when 'virtio_crypto_handle_request' returns non-zero
  value.
- When error occurred, always pass negative status to function 
'virtio_crypto_req_complete'.


v1 --> v2:
- Fix compile errors when neither 'nettle' nor 'gcrypt' are enabled.
- Trivial changes to error codes when neither 'nettle' nor 'gcrypt' are
enabled.

This patch adds a new backend called LKCF to cryptodev, LKCF stands
for Linux Kernel Cryptography Framework. If a cryptographic
accelerator that supports LKCF is installed on the the host (you can
see which algorithms are supported in host's LKCF by executing
'cat /proc/crypto'), then RSA operations can be offloaded.
More background info can refer to: https://lwn.net/Articles/895399/,
'keyctl[5]' in the picture.

This patch:
1. Modified some interfaces of cryptodev and cryptodev-backend to
support asynchronous requests.
2. Extended the DER encoder in crypto, so that we can export the
RSA private key into PKCS#8 format and upload it to host kernel.
3. Added a new backend for cryptodev.

I tested the backend with a QAT card, the qps of RSA-2048-decryption
is about 25k/s, and the main-loop becomes the bottleneck. The qps
using OpenSSL directly is about 6k/s (with 6 vCPUs). We will support 
IO-thread for cryptodev in another series later.


Lei He (4):
  virtio-crypto: Support asynchronous mode
  crypto: Support DER encodings
  crypto: Support export akcipher to pkcs8
  cryptodev: Add a lkcf-backend for cryptodev

 backends/cryptodev-builtin.c    |  69 +++--
 backends/cryptodev-lkcf.c       | 645 ++++++++++++++++++++++++++++++++++++++++
 backends/cryptodev-vhost-user.c |  51 +++-
 backends/cryptodev.c            |  44 +--
 backends/meson.build            |   3 +
 crypto/akcipher.c               |  18 ++
 crypto/der.c                    | 307 +++++++++++++++++--
 crypto/der.h                    | 211 ++++++++++++-
 crypto/rsakey.c                 |  42 +++
 crypto/rsakey.h                 |  11 +-
 hw/virtio/virtio-crypto.c       | 335 ++++++++++++---------
 include/crypto/akcipher.h       |  21 ++
 include/sysemu/cryptodev.h      |  61 ++--
 qapi/qom.json                   |   2 +
 tests/unit/test-crypto-der.c    | 126 ++++++--
 15 files changed, 1682 insertions(+), 264 deletions(-)
 create mode 100644 backends/cryptodev-lkcf.c

-- 
2.11.0

On Wed, Nov 02, 2022 at 04:02:09PM +0800, Lei He wrote:
> v2 --> v3:
> - Avoid using g_autoptr to free memory that not allocated in current
> function.
> - Fix memory-leak when 'virtio_crypto_handle_request' returns non-zero
>   value.
> - When error occurred, always pass negative status to function 
> 'virtio_crypto_req_complete'.

Thanks!
Can you send fixup patches on top pls?
If I drop v2 at this point I'll have to defer this to after
the release.

-- 
MST