Virtio-crypto Web Server App OpenSSL “lib” VNFC in a VM CryptoAPI “lib” vtiX:1 userland ethX /dev/crypto kernel Network stack Crypto framework IPSec Virtio-net Driver Virtio-crypto Driver Hypervisor domain Virtio-net-backend Driver Virtio-crypto-backend Driver Virtual Networking Crypto framework HW1 Driver HW2 Driver

DPDK/ODP Web Server App SSL “lib” CryptoAPI “lib” TCP/IP VNFC in a VM IPSec DPDK/ODP Crypto Framework Virtio-crypto Driver DPDK Virtio-net Virtio-crypto-backend Driver Virtio-net-backend Driver Virtual Networking Crypto framework HW1 Driver HW2 Driver Hypervisor domain

Virtio-compression Backup Archiver App Application in a VM zlib, libarchive Adapt existing libraries to use system calls and compression devices userland File system read/write /dev/compression kernel File Systems Compression framework VFS, e3compr Ensure kernel uses compression framework Virtio-block Driver Virtio-compression Driver Define new virtio classes Hypervisor domain Virtio-block-backend Driver Virtio-compression-backend Drivers HW Driver HW1 Driver HW2 Driver

Layers of APIs and entities (Open)SSL Presents a value-added API to applications Leverages crypto lib Can be asynchronous&stateless (today’s typical), or some combination Internal adaptation layer between sync/async and stateful/stateless Crypto LIB Presents a basic crypto API to applications and other libraries Leverages kernel crypto API (Netlink/AF_ALG), may also use crypto support in ISA Kernel crypto framework Implements kernel crypto functionality Provides service to internal (e.g. networking stack/IPSec) and external (through crypto API) clients Virtio-crypto guest driver Presents a driver to the kernel crypto framework Normally asynchronous and stateful/stateless Talks Virtqueues (and likely vrings) to the hypervisor Virtio-crypto hypervisor driver HW-specific driver presents an abstract (implementation independent) interface to guests