On Tue, Aug 23, 2005 at 06:40:42PM +0300, Ronen Shitrit ([EMAIL PROTECTED]) 
wrote:
> Hi
> 
> The device I'm planning to use can support synchronous encryption, but
> Isn't any device can do it, by polling the device till it complete?
> Won't it be a waste of time, waiting for the HW accelerator to complete
> processing,
> While other tasks can use the CPU?

Sure.
I mean VIA/Freescale like processing - it does not support asynchronous
processing, but instead doing crypto operations like original CPU
instructions.

> What exactly do you mean by:
> "Next pont is to support in-kernel input IPsec processing" ?
> Isn't the patch for IPsec from the Acrypto patch enough ?

Current asynchronous IPsec processing includes only outgoing crypto,
i.e. only packets which live host will be encrypted using acrypto.
This was implemented first since all servers/embedded servers 
have moch bigger outgoing traffic volume.
Input processing still uses synchromous crypto stack.

> What kind of development is done, on the application area?

I plan to add OpenSSL support, since userspace already created
using both ioctl and direct process page access.
Also input IPsec procesing is inthe TODO list.
Probably IPsec code will be refactored a bit so it could be used
by different asynchroous stack,
so such stack changes could be included into mainline.
Currnt schema with deferred dst_entry porcessing definitely can 
work for any asynchronous stack, it only needs some beautification...

> Thanks 
> 
> Ronen Shitrit 
> Marvell Semiconductor Israel Ltd
> 
> -----Original Message-----
> From: Evgeniy Polyakov [mailto:[EMAIL PROTECTED] 
> Sent: Tuesday, August 23, 2005 5:37 PM
> To: Ronen Shitrit
> Cc: linux-crypto@vger.kernel.org
> Subject: Re: OCF or Acrypto for IPSec and dm-crypt
> 
> On Tue, Aug 23, 2005 at 05:23:40PM +0300, Ronen Shitrit
> ([EMAIL PROTECTED]) wrote:
> > Hi
> 
> Hi.
> 
> > I'm working on a device which include HW acceleration for few 
> > Encryption Alg (AES, DES and 3DES) and few digest Alg (SHA1 and MD5).
> > My plan is to add support for this HW acceleration in a way that both 
> > the IPSec and the dm-crypt will be able to use it, In order to do so 
> > in efficient way I must use the HW engines in asynchronous way.
> > I did some research and went over the entire mailing list and found, 
> > that there are 2 main frameworks for Asynchronous crypto support, both
> 
> > seems stable and both support few HW accelerators:
> >  
> >         Acrypto:    http://tservice.net.ru/~s0mbre/archive/acrypto/
> >                         http://lwn.net/Articles/109475/ 
> >                       with patch for using Acrypto through the IPsec,
> >                       but won't have any further development?
> > http://lwn.net/Articles/146802/
> 
> 
> As author of this stack I can say that it is currently under
> development. Next pont is to support in-kernel input IPsec processing.
> Development is not stopped, it is shifted into application area.
> 
> >         Linux-OCF: http://ocf-linux.sourceforge.net/
> >                       no specific patch for using kernel IPSec, 
> >                       under constant development.
> >                       
> > I also noticed another mail, asking the same question, but he didn't 
> > get any firm answer:
> >     http://lists.logix.cz/pipermail/cryptoapi/2005/000470.html
> >  
> > Any suggestion which framework should be used?
> 
> If your device supports synchronous crypto processing, like
> VIA/FreeScale processors, you can even use existing synchronous crypto
> stack. Herbert Xu, current linux kernel crypto maintainer, recently
> added new scatterlist walkers which allow drivers to use whole pages of
> data, which dramatically improoves performance.
> 
> > Any idea which framework is going to be integrated to the kernel 
> > mainline?
> 
> In the near future neither I think.
> There is alternative to both asynchronous crypto stack, which is based
> on existing synchronoust SW stack, but it is only in early stage of
> development, so let's wait until it is done.
> 
> > Any suggestion which framework is easier for use? or more stable?
> 
> I will not answer this question as person concerned :)
> 
> > Any patch for using the dm-crypt with any of the above framework?
> 
> Not yet.
> 
> > Any help will be appreciated.
> 
> Hope this helps.
> 
> > Regards
> > 
> > Ronen Shitrit
> > Marvell Semiconductor Israel Ltd
> > 
> 
> P.S. cryptoapi@ maillist is closed, let's use [EMAIL PROTECTED]
> 
> -- 
>       Evgeniy Polyakov

-- 
        Evgeniy Polyakov
-
To unsubscribe from this list: send the line "unsubscribe linux-crypto" in
the body of a message to [EMAIL PROTECTED]
More majordomo info at  http://vger.kernel.org/majordomo-info.html

Reply via email to