Process-to-process secure data movement in network functions virtualization infrastructures

What is claimed is: 1. An apparatus for process-to-process communication in network functions virtualization (NFV) infrastructures, the apparatus comprising: a memory; and at least one processor comprising a memory controller and a crypto circuitry, the at least one processor to: execute a first network function within a virtual machine; execute a second network function within a second virtual machine; provide a virtual channel for communication between the first network function and the second network function, wherein the first network function is to perform one or more of: next destination determination, routing, firewall, Intrusion detection systems (IDS), intrusion prevention systems (IPS), gateway general packet radio service support node (GGSN), serving general packet radio service support node (SGSN), Radio Network Controller (RNC), or Evolved Packet Core (EPC) and wherein the second network function is to perform one or more of: next destination determination, routing, firewall, IDS, IPS, GGSN, SGSN, RNC, or EPC; and in response to the first network function requesting a copy of data for access by the second network function, the at least one processor is to copy the data without modification to an intermediate buffer, store a reference to a key for the data, and copy the data from the intermediate buffer to a destination buffer by use of the crypto circuitry to decrypt the data based on the key and encrypt the data prior to storage in a destination buffer accessible to the second network function, wherein the copied data comprises data processed by the first network function. 2. The apparatus of claim 1 , wherein to store a reference to a key for the data, the at least one processor is to: cause storage of a key identifier and source address of the data into a metadata table, wherein the metadata table is accessible to the crypto circuitry. 3. The apparatus of claim 2 , wherein the crypto circuitry is to access a table to retrieve a key using the key identifier and the source address. 4. The apparatus of claim 1 , wherein the virtual channel is to provide a ring for communication between the first network function and the second network function. 5. The apparatus of claim 1 , wherein the first network function is to issue a transmit command to the virtual channel and in response to the transmit command, the virtual channel is to cause the memory controller to copy the data without modification to an intermediate buffer and store the reference to the key for the data. 6. The apparatus of claim 1 , wherein the virtual channel is to cause the second network function to issue a receive command to the virtual channel and in response to the receive command, the virtual channel is to cause the memory controller to copy the data from the intermediate buffer to the destination buffer and use the crypto circuitry to decrypt the data based on the key and encrypt the data using a page key associated with the second network function. 7. The apparatus of claim 1 , wherein the crypto circuitry is to perform Advanced Encryption Standard (AES)-XEX tweaked-codebook mode with ciphertext stealing (XTS) compatible encryption or decryption. 8. The apparatus of claim 1 , comprising one or more of: a base station, central office, server, network interface, rack, or data center. 9. The apparatus of claim 1 , wherein the virtual channel is to execute on a first processor of the at least one processor and wherein the first processor is to execute the virtual machine and the second virtual machine. 10. A method comprising: a virtual channel receiving a request to write data processed by a first virtual network function to a destination buffer associated with a second virtual network function, the first virtual network function and the second virtual network function together performing linked operations, wherein the first virtual network function is to perform one or more of: next destination determination, routing, firewall, Intrusion detection systems (IDS), intrusion prevention systems (IPS), gateway general packet radio service support node (GGSN), serving general packet radio service support node (SGSN), Radio Network Controller (RNC), or Evolved Packet Core (EPC) and wherein the second virtual network function is to perform one or more of: next destination determination, routing, firewall, IDS, IPS, GGSN, SGSN, RNC, or EPC; in response to the request to write data, the virtual channel causing copying the data without modification to an intermediate buffer and storing a key identifier and source address associated with the data; and in response to the request to receive data from the second virtual network function: a crypto circuitry retrieving a key based on the key identifier and source address; the crypto circuitry decrypting the data in the intermediate buffer using the key; the crypto circuitry encrypting the data using a key associated with the second virtual network function; and causing the encrypted data to be written to the destination buffer. 11. The method of claim 10 , comprising the virtual channel causing the crypto circuitry to retrieve the key from a table based on the key identifier and the source address. 12. The method of claim 11 , comprising the virtual channel providing communication among the first virtual network function, the second virtual network function, a memory controller, and the crypto circuitry. 13. The method of claim 10 , wherein the key identifier and the source address are hidden from the second virtual network function. 14. The method of claim 10 , wherein the crypto circuitry applies Advanced Encryption Standard (AES)-XEX tweaked-codebook mode with ciphertext stealing (XTS) compatible encryption or decryption. 15. The method of claim 10 , comprising: a hypervisor setting up a virtual channel and the hypervisor starting the first virtual network function and the second virtual network function and programming the first virtual network function and the second virtual network function to use the virtual channel for communication. 16. A system for virtual network function linking comprising: an interface; a memory controller comprising a crypto circuitry; at least one memory; and at least one core communicatively coupled to the interface, the memory controller, and the at least one memory, the at least one core to: execute a first virtual network function; execute a second virtual network function, wherein the first virtual network function is to perform one or more of: next destination determination, routing, firewall, Intrusion detection systems (IDS), intrusion prevention systems (IPS), gateway general packet radio service support node (GGSN), serving general packet radio service support node (SGSN), Radio Network Controller (RNC), or Evolved Packet Core (EPC) and wherein the second virtual network function is to perform one or more of: next destination determination, routing, firewall, IDS, IPS, GGSN, SGSN, RNC, or EPC; in response to a transmit request from the first virtual network function, cause data to be written to an intermediate buffer without modification and cause a key identifier and source address to be stored; and in response to a receive request from the second virtual network function, cause the data in the intermediate buffer to be: decrypted based on a key associated with the key identifier and the source address, encrypted using a key associated with the second virtual network function, and the encrypted data to be written to a destination buffer associated with the second virtual network function. 17. The