Skip to content

Crypto virtio patches #17979

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Open
ThePassionate wants to merge 9 commits into
base: master
Choose a base branch
from
Open

Crypto virtio patches #17979

ThePassionate wants to merge 9 commits into from
+2,114 −34

Conversation

@ThePassionate
Copy link
Contributor

@ThePassionate ThePassionate commented Jan 17, 2026

VirtIO Crypto: Add VirtIO crypto driver support

Summary

This PR adds VirtIO crypto driver support to NuttX, enabling hardware crypto acceleration in virtualized environments. It includes comprehensive enhancements to the cryptodev subsystem to support various cipher algorithms and improves compatibility with QEMU and other VirtIO backends.

Changes

Files Modified/Added

  1. drivers/virtio/virtio-crypto.c (new)

    • Implement VirtIO crypto driver core functionality
    • Add support for symmetric cipher operations
    • Handle VirtIO crypto device initialization and communication

  2. drivers/virtio/virtio-crypto.h (new)

    • Define VirtIO crypto driver internal structures
    • Add helper functions for crypto operations

  3. include/crypto/virtio_crypto.h (new)

    • Add VirtIO crypto protocol definitions
    • Support vela crypto driver algo converting from VirtIO crypto algo

  4. include/nuttx/virtio/virtio-crypto.h (new)

    • Define public VirtIO crypto device interface
    • Export VirtIO crypto device structures

  5. crypto/cryptodev.c

    • Add support to keep private data in crypto driver
    • Add encrypt op and olen for support VirtIO mode
    • Export ivlen to support different cipher algorithms

  6. crypto/crypto.c

    • Determine the order of obtained crypto drivers
    • Prioritize: local hardware driver → remote driver → software encryption

  7. crypto/cryptosoft.c

    • Fix iv length of aesctr/aesxts to 16 bytes for QEMU backend compatibility
    • Fix encdec to not change input buffer pointer

  8. drivers/virtio/CMakeLists.txt, Make.defs, Kconfig

    • Add build configuration for VirtIO crypto driver

  9. Documentation/components/crypto.rst

    • Add comprehensive VirtIO crypto driver documentation
    • Document configuration options and usage examples
    • Add QEMU integration instructions

Technical Details

VirtIO Crypto Driver:

  • Implements VirtIO crypto device specification
  • Supports symmetric cipher operations (AES-CBC, AES-CTR, AES-XTS, AES-ECB)
  • Supports hash algorithms (MD5, SHA-1, SHA-256, SHA-512)
  • Supports message authentication codes (AES-CMAC)
  • Provides hardware acceleration through VirtIO interface
  • Converts between VirtIO crypto algorithms and NuttX crypto algorithms

Cryptodev Enhancements:

  • Enables keeping driver-specific private data
  • Adds encryption operation tracking
  • Exports initialization vector length for flexibility
  • Implements crypto driver priority ordering

Bug Fixes:

  • Fixed AES-CTR/AES-XTS IV length from variable to constant 16 bytes
  • Prevents buffer pointer modification during encrypt/decrypt operations

Impact

  • Performance: Enables hardware crypto acceleration in virtualized environments
  • Compatibility: Improves QEMU backend support for crypto operations
  • Flexibility: Supports multiple cipher algorithms with proper IV handling
  • Architecture: Establishes proper crypto driver priority (hardware > remote > software)
  • Stability: Fixes buffer management issues in cryptosoft implementation
  • Documentation: Comprehensive documentation for VirtIO crypto driver usage

Testing

Test Environment:

  • QEMU with VirtIO crypto backend
  • Various cipher algorithms (AES-CBC, AES-CTR, AES-XTS)
  • Hash algorithms (MD5, SHA-1, SHA-256, SHA-512)
  • NuttX standard build system

Test Procedure:

  1. Build NuttX with VirtIO crypto driver enabled
  2. Initialize VirtIO crypto device in QEMU environment
  3. Perform encryption/decryption operations with various algorithms
  4. Test hash operations with different algorithms
  5. Verify IV length handling for AES-CTR and AES-XTS
  6. Test crypto driver priority ordering
  7. Validate buffer pointer integrity during operations

Test Results:

  • ✅ VirtIO crypto device initializes successfully
  • ✅ Symmetric cipher operations work correctly
  • ✅ Hash operations function properly
  • ✅ IV length fixed for QEMU backend compatibility
  • ✅ Crypto driver priority ordering functions as expected
  • ✅ Buffer pointers remain unchanged during operations
  • ✅ No regressions in existing crypto functionality

Related Issues

  • VirtIO crypto driver implementation for NuttX
  • Hardware crypto acceleration support in virtualized environments
  • QEMU VirtIO crypto backend compatibility
  • Cryptodev subsystem enhancements for driver flexibility

@ThePassionate
crypto/cryptodev: support private data in driver
010b06e 
Add support for storing driver-specific private data in the crypto
driver structure. This allows crypto drivers to maintain session
state and other driver-specific information.

Signed-off-by: makejian <makejian@xiaomi.com>
@github-actions github-actions bot added Area: Documentation Improvements or additions to documentation Area: Drivers Drivers issues Area: Crypto Size: XL The size of the change in this PR is very large. Consider breaking down the PR into smaller pieces. labels Jan 17, 2026
@ThePassionate
virtio/crypto: add virtio crypto driver
c038b24 
Implement VirtIO crypto driver that provides hardware crypto
acceleration in virtualized environments. The driver implements
the VirtIO crypto device specification and supports symmetric
cipher operations including AES-CBC, AES-CTR, AES-XTS, and AES-ECB.

Key features:
- Automatic algorithm conversion between VirtIO and NuttX formats
- Support for hash operations (MD5, SHA-1, SHA-256, SHA-512)
- Support for AES-CMAC message authentication
- Integration with NuttX cryptodev subsystem

Signed-off-by: makejian <makejian@xiaomi.com>
@ThePassionate
crypto/cryptodev: add encrypt op and olen
c863280 
Add encryption operation tracking and output length (olen) field
to support VirtIO crypto mode. This allows the cryptodev subsystem
to properly track operation types and buffer sizes for VirtIO
crypto operations.

Signed-off-by: makejian <makejian@xiaomi.com>
@ThePassionate
crypto/cryptosoft: fix iv length for qemu
59d8aca 
Fix initialization vector (IV) length for AES-CTR and AES-XTS modes
to be constant 16 bytes to maintain compatibility with QEMU backend.

Changes:
- CTR mode: IV length changed to 16, fix reinit to copy IV correctly
- XTS mode: IV length changed to 16, use IV as tweak directly

Signed-off-by: makejian <makejian@xiaomi.com>
@ThePassionate
crypto: export ivlen for different cipher algs
0870523 
Export initialization vector length (ivlen) in the crypto interface
to support different cipher algorithms with varying IV length
requirements. This improves flexibility for crypto drivers.

Signed-off-by: makejian <makejian@xiaomi.com>
@ThePassionate
crypto: determine crypto driver priority order
b2907c8 
Implement crypto driver priority ordering to select the most
appropriate crypto driver automatically.

After adding the cross-core crypto driver, there are now three
encryption modes:
1. Hardware driver in local core
2. Crypto driver in remote core
3. Software encryption in local core

The system prioritizes drivers as follows:
- Local hardware driver (preferred for best performance)
- Remote driver (typically hardware, used in virtualized environments)
- Local software driver (fallback for testing and compatibility)

Signed-off-by: makejian <makejian@xiaomi.com>
@ThePassionate
virtio/crypto: add algo conversion support
c159edc 
Add algorithm conversion support between VirtIO crypto algorithms
and NuttX crypto algorithms. This enables proper mapping of cipher
and hash algorithms when using VirtIO crypto backend.

Signed-off-by: makejian <makejian@xiaomi.com>
@ThePassionate
crypto/cryptosoft: fix input buffer handling
f5fb588 
Fix cryptosoft encdec functions to not modify the input buffer
pointer during encryption/decryption operations. This ensures
buffer integrity and prevents potential memory corruption issues.

Signed-off-by: makejian <makejian@xiaomi.com>
@ThePassionate
Documentation: add virtio crypto driver docs
7f0338c 
Add comprehensive documentation for the VirtIO crypto driver
including configuration options, supported operations and
algorithms, driver priority ordering, QEMU usage examples,
and implementation notes.

Signed-off-by: makejian <makejian@xiaomi.com>
@ThePassionate ThePassionate force-pushed the crypto-virtio-patches branch 2 times, most recently from 375f2a7 to 7f0338c Compare January 17, 2026 05:23
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@jerpelea jerpelea Awaiting requested review from jerpelea jerpelea is a code owner

@simbit18 simbit18 Awaiting requested review from simbit18 simbit18 is a code owner

@xiaoxiang781216 xiaoxiang781216 Awaiting requested review from xiaoxiang781216 xiaoxiang781216 is a code owner

@masayuki2009 masayuki2009 Awaiting requested review from masayuki2009 masayuki2009 is a code owner

@yf13 yf13 Awaiting requested review from yf13 yf13 is a code owner

@gustavonihei gustavonihei Awaiting requested review from gustavonihei gustavonihei is a code owner

@raiden00pl raiden00pl Awaiting requested review from raiden00pl raiden00pl is a code owner

At least 2 approving reviews are required to merge this pull request.

Assignees

No one assigned

Labels

Area: Crypto Area: Documentation Improvements or additions to documentation Area: Drivers Drivers issues Size: XL The size of the change in this PR is very large. Consider breaking down the PR into smaller pieces.

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

1 participant

@ThePassionate