linux-kernel.vger.kernel.org archive mirror
 help / color / mirror / Atom feed
From: Lei He <helei.sig11@bytedance.com>
To: "\"Daniel P. Berrangé\"" <berrange@redhat.com>
Cc: Lei He <helei.sig11@bytedance.com>,
	Herbert Xu <herbert@gondor.apana.org.au>,
	davem@davemloft.net, dhowells@redhat.com,
	"Michael S. Tsirkin" <mst@redhat.com>,
	linux-crypto@vger.kernel.org, linux-kernel@vger.kernel.org,
	pizhenwei@bytedance.com
Subject: Re: [PATCH v2 0/4] virtio-crypto: support ECDSA algorithm
Date: Thu, 30 Jun 2022 20:43:37 +0800	[thread overview]
Message-ID: <E4378D78-C22D-44E7-9490-E31E35286C59@bytedance.com> (raw)
In-Reply-To: <Yr1xa4twKn3qFAt9@redhat.com>

On Jun 30, 2022, at 5:48 PM, Daniel P. Berrangé <berrange@redhat.com> wrote:
> 
> On Thu, Jun 30, 2022 at 03:23:39PM +0800, Lei He wrote:
>> 
>>> On Jun 30, 2022, at 2:59 PM, Herbert Xu <herbert@gondor.apana.org.au> wrote:
>>> 
>>> On Thu, Jun 23, 2022 at 03:05:46PM +0800, Lei He wrote:
>>>> From: lei he <helei.sig11@bytedance.com>
>>>> 
>>>> This patch supports the ECDSA algorithm for virtio-crypto.
>>> 
>>> Why is this necessary?
>>> 
>> 
>> The main purpose of this patch is to offload ECDSA computations to virtio-crypto dev.
>> We can modify the backend of virtio-crypto to allow hardware like Intel QAT cards to 
>> perform the actual calculations, and user-space applications such as HTTPS server 
>> can access those backend in a unified way(eg, keyctl_pk_xx syscall).
>> 
>> Related works are also described in following patch series:
>> https://lwn.net/ml/linux-crypto/20220525090118.43403-1-helei.sig11@bytedance.com/
> 
> IIUC, this link refers to testing performance of the RSA impl of
> virtio-crypto with a vhost-user backend, leveraging an Intel QAT
> device on the host. What's the status of that depolyment setup ?
> Is code for it published anywhere, and does it have dependancy on
> any kernel patches that are not yet posted and/or merged ? Does it
> cover both ECDSA and RSA yet, or still only RSA ?
> 
> The QEMU backend part of the virtio-crypto support for ECDSA looks fine
> to merge, but obviously I'd like some positive sign that the kernel
> maintainers are willing to accept the guest driver side.
> 

1. We have now been able to provide offload capability for nginx’s TLS handshake in the virtual
machine(with the kctl-engine), and have achieved	about 0.8~0.9 times performance improvement. 
But as you can see, when we were testing, both authentication and key exchange only supported 
RSA at the moment. 
2. The code for the QAT offload backend is not posted now, it does not support the ECDSA, so it also does not 
depends on any other patches that have not been merged. To support ECDSA, this patch is required.
At present, I have only implemented and tested the ECDSA for the builtin backend, and the ECDSA support
for another backend that can offload is also in progress.

By the way,  the virtio part of QEMU( for support ECDSA)  is also ready,  I will post it soon.

  reply	other threads:[~2022-06-30 12:43 UTC|newest]

Thread overview: 19+ messages / expand[flat|nested]  mbox.gz  Atom feed  top
2022-06-23  7:05 [PATCH v2 0/4] virtio-crypto: support ECDSA algorithm Lei He
2022-06-23  7:05 ` [PATCH v2 1/4] crypto: fix the calculation of max_size for ECDSA Lei He
2022-06-23  7:05 ` [PATCH v2 2/4] crypto: pkcs8 parser support ECDSA private keys Lei He
2022-06-23  7:05 ` [PATCH v2 3/4] crypto: remove unused field in pkcs8_parse_context Lei He
2022-06-23  7:05 ` [PATCH v2 4/4] virtio-crypto: support ECDSA algorithm Lei He
2022-06-24  6:51 ` [PATCH v2 0/4] " Michael S. Tsirkin
2022-06-30  6:59 ` Herbert Xu
2022-06-30  7:23   ` [External] " Lei He
2022-06-30  7:41     ` Herbert Xu
2022-06-30  8:30       ` Lei He
2022-06-30  9:07         ` Herbert Xu
2022-06-30 12:44           ` Lei He
2022-06-30 12:50             ` Lei He
2022-06-30 23:12         ` Sandy Harris
2022-07-01  2:54           ` [External] " Lei He
2022-06-30  9:48     ` [External] " Daniel P. Berrangé
2022-06-30 12:43       ` Lei He [this message]
2022-08-09 18:36 ` Michael S. Tsirkin
  -- strict thread matches above, loose matches on Subject: below --
2022-06-23  6:09 Lei He

Reply instructions:

You may reply publicly to this message via plain-text email
using any one of the following methods:

* Save the following mbox file, import it into your mail client,
  and reply-to-all from there: mbox

  Avoid top-posting and favor interleaved quoting:
  https://en.wikipedia.org/wiki/Posting_style#Interleaved_style

* Reply using the --to, --cc, and --in-reply-to
  switches of git-send-email(1):

  git send-email \
    --in-reply-to=E4378D78-C22D-44E7-9490-E31E35286C59@bytedance.com \
    --to=helei.sig11@bytedance.com \
    --cc=berrange@redhat.com \
    --cc=davem@davemloft.net \
    --cc=dhowells@redhat.com \
    --cc=herbert@gondor.apana.org.au \
    --cc=linux-crypto@vger.kernel.org \
    --cc=linux-kernel@vger.kernel.org \
    --cc=mst@redhat.com \
    --cc=pizhenwei@bytedance.com \
    /path/to/YOUR_REPLY

  https://kernel.org/pub/software/scm/git/docs/git-send-email.html

* If your mail client supports setting the In-Reply-To header
  via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line before the message body. 
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).