Cryptographic protection of I/O data for DMA capable I/O controllers

The invention claimed is: 1. A computing device for secure I/O, the computing device comprising: an I/O controller to generate a direct memory access (DMA) transaction, wherein the DMA transaction includes a channel identifier that is indicative of the I/O controller and that is indicative of an I/O device coupled to the I/O controller; and a cryptographic engine comprising a channel identifier table and a hardware cryptography block, wherein the cryptographic engine is to (i) intercept the DMA transaction from the I/O controller, (ii) determine whether to protect the DMA transaction as a function of the channel identifier, wherein to determine whether to protect the DMA transaction as a function of the channel identifier comprises to compare the channel identifier included in the DMA transaction to the channel identifier table of the cryptographic engine, and (iii) perform a cryptographic operation with the hardware cryptography block of the cryptographic engine using an encryption key associated with the channel identifier in response to a determination to protect the DMA transaction; wherein to determine whether to protect the DMA transaction as a function of the channel identifier comprises to: (i) determine, by the cryptographic engine, whether the channel identifier of the DMA transaction matches an entry of the channel identifier table of the cryptographic engine, wherein the channel identifier table comprises a content-addressable memory of the cryptographic engine, and (ii) retrieve, by the cryptographic engine, the encryption key from the entry of the channel identifier table in response to a determination that the channel identifier of the DMA transaction matches the entry. 2. The computing device of claim 1 , wherein the DMA transaction comprises a transaction layer packet (TLP) prefix, wherein the TLP prefix includes the channel identifier. 3. The computing device of claim 1 , wherein: the DMA transaction comprises a DMA write transaction that further includes plaintext I/O data generated by the I/O device; and to perform the cryptographic operation comprises to generate encrypted cipher text as a function of the plaintext I/O data and the encryption key. 4. The computing device of claim 3 , wherein: the cryptographic engine is further to generate a second DMA write transaction in response to performance of the cryptographic operation, wherein the second DMA write transaction includes the cipher text and a target address in a memory of the computing device; wherein the DMA write transaction further includes the target address in the memory. 5. The computing device of claim 4 , further comprising a trusted application module to decrypt, by trusted software of the computing device, the cipher text with the encryption key in response to generation of the second DMA write transaction. 6. The computing device of claim 3 , wherein to perform the cryptographic operation further comprises to generate an authentication tag structure as a function of the plaintext I/O data and the encryption key. 7. The computing device of claim 1 , wherein the DMA transaction comprises a DMA read request transaction that includes a controller tag associated with the I/O controller and a target address in the memory. 8. The computing device of claim 7 , wherein the cryptographic engine is further to generate a second DMA read request transaction in response to the determination to protect the DMA transaction, wherein the second DMA read request transaction includes a data tag and the target address. 9. The computing device of claim 8 , wherein: the cryptographic engine is further to intercept a DMA read completion transaction in response to generation of the second DMA read request transaction, wherein the DMA read completion transaction includes the data tag and encrypted cipher text; and to perform the cryptographic operation comprises to generate decrypted plaintext I/O data as a function of the cipher text and the encryption key. 10. The computing device of claim 7 , wherein the cryptographic engine is further to generate a second DMA read request transaction in response to the determination to protect the DMA transaction, wherein the second DMA read request transaction includes an authentication tag (AT) and an address of an authentication tag buffer in the memory. 11. A method for secure I/O, the method comprising: intercepting, by a cryptographic engine of a computing device, a direct memory access (DMA) transaction from an I/O controller of the computing device, wherein the DMA transaction includes a channel identifier that is indicative of the I/O controller and that is indicative of an I/O device coupled to the I/O controller; determining, by the cryptographic engine of the computing device, whether to protect the DMA transaction as a function of the channel identifier, wherein determining whether to protect the DMA transaction as a function of the channel identifier comprises comparing the channel identifier included in the DMA transaction to a channel identifier table of the cryptographic engine, and wherein determining whether to protect the DMA transaction further comprises: (i) determining, by the cryptographic engine, whether the channel identifier of the DMA transaction matches an entry of the channel identifier table of the cryptographic engine, wherein the channel identifier table comprises a content-addressable memory of the cryptographic engine, and (ii) retrieving, by the cryptographic engine, an encryption key from the entry of the channel identifier table in response to determining that the channel identifier of the DMA transaction matches the entry; and performing, by the cryptographic engine of the computing device, a cryptographic operation with a hardware cryptography block of the cryptographic engine using the encryption key associated with the channel identifier in response to determining to protect the DMA transaction. 12. The method of claim 11 , wherein intercepting the DMA transaction comprises intercepting a DMA transaction that includes a transaction layer packet (TLP) prefix, wherein the TLP prefix includes the channel identifier. 13. The method of claim 11 , wherein: intercepting the DMA transaction comprises intercepting a DMA write transaction, wherein the DMA transaction further includes plaintext I/O data generated by the I/O device; and performing the cryptographic operation comprises generating encrypted cipher text as a function of the plaintext I/O data and the encryption key. 14. The method of claim 11 , wherein intercepting the DMA transaction comprises intercepting a DMA read request transaction, wherein the DMA transaction includes a controller tag associated with the I/O controller and a target address in a memory of the computing device. 15. One or more non-transitory, machine readable storage media comprising a plurality of instructions that in response to being executed cause a computing device to: intercept, by a cryptographic engine of the computing device, a direct memory access (DMA) transaction from an I/O controller of the computing device, wherein the DMA transaction includes a channel identifier that is indicative of the I/O controller and that is indicative of an I/O device coupled to the I/O controller; determine, by the cryptographic engine, whether to protect the DMA transaction as a function of the channel identifier, wherein to determine whether to protect the DMA transaction as a function of the channel identifier comprises to compare the channel identifier included in the DMA transaction to a channel identifier table of the cryptographic engine, and wherein