Hi Miloslav,

I had read or glance over the patch from " 
http://people.redhat.com/mitr/cryptodev-ncr/0002";. We have post a version of 
the CryptoDev over a year ago. Unfortunately, we did not got a chance to pick 
up again. In that process, Herbert Xu provides a number of comments. You can 
search the mailing list for that. Here are my comment based on experience with 
hardware crypto:

1. This CrytoDev (user space) interface needs to support multiple operations at 
once
2. This CrytoDev interface needs to support async
3. This CryotDev interface needs to support large data operation such as an 
entire file
4. Zero crypto (already see this in your version)
5. Avoid a lot of little kmalloc for various small structures (This once is 
from Herbert Xu.)
6. This interface needs to work with OpenSSL which allow OpenSwan to work

Reason for item above:
Item #1. Multiple operations - This needs to take advance of the hardware 
offload. If you only submit one operation at a time, the latency of the 
software/hardware will be a problem. By allow submitting multiple operations, 
you fill up the hardware buffer and keep in running. Otherwise, it just be idle 
a majority of the time and the difference between SW vs HW is nill.

Item #2. Asnc - You can argue that you can open multiple /dev/crypto session 
and submit them. But this does not work for the same session and for HW base 
crypto. Having an async interface has the benefit to the user space application 
developer as they can use the same async programming interface as with other 
I/O operations.

Item #3. Large file support - Most hardware algorithms can't support this as 
the operation cannot be continue. Not sure how to handle this.

Item #4. Right now you are pining the entire buffer. For small buffer, this may 
not make sense. We have not got a chance to see if what is the limit for this.

Item #5. Herbert Xu mentioned that we should avoid having a lot of small 
kmalloc when possible.

Item #6. You should give OpenSSL a patach and see how it works out. Although, 
OpenSSL does not take advantage of batch submission. Again, to really take 
advantage of the HW, you really need to support batch operation.

For all other comments, search for previous /dev/cryptodev submission and you 
will find a bunch of argue on this "user space crypto API".

-Loc


CONFIDENTIALITY NOTICE: This e-mail message, including any attachments, 
is for the sole use of the intended recipient(s) and contains information�
that is confidential and proprietary to AppliedMicro Corporation or its 
subsidiaries. 
It is to be used solely for the purpose of furthering the parties' business 
relationship. 
All unauthorized review, use, disclosure or distribution is prohibited. 
If you are not the intended recipient, please contact the sender by reply 
e-mail 
and destroy all copies of the original message.


--
To unsubscribe from this list: send the line "unsubscribe linux-crypto" in
the body of a message to majord...@vger.kernel.org
More majordomo info at  http://vger.kernel.org/majordomo-info.html

Reply via email to