Re: IPSec ESP Authenc Offload

2008-05-29 Thread Herbert Xu
On Thu, May 29, 2008 at 10:44:47AM -0700, Loc Ho wrote: > > [Loc Ho] > I would like to use the existent interface and it does work. Except, it > will require extra works such as 1) another context SA per an operation > (this is in addition to the context SA with the tfm), 2) as there are > now mul

RE: IPSec ESP Authenc Offload

2008-05-29 Thread Loc Ho
Hi, See inline... -Original Message- From: Herbert Xu [mailto:[EMAIL PROTECTED] Sent: Thursday, May 29, 2008 12:02 AM To: Loc Ho Cc: linux-crypto@vger.kernel.org Subject: Re: IPSec ESP Authenc Offload On Wed, May 28, 2008 at 04:02:11PM -0700, Loc Ho wrote: >> >> It doesn&

Re: IPSec ESP Authenc Offload

2008-05-29 Thread Herbert Xu
On Wed, May 28, 2008 at 04:02:11PM -0700, Loc Ho wrote: > > It doesn't help if it is generated by software. The driver still needs a > context SA for each operation. In addition, the driver will have to > increment seq (or load from request) and load SEQ and IV into each > context SA. It is much c

RE: IPSec ESP Authenc Offload

2008-05-28 Thread Loc Ho
t: Re: IPSec ESP Authenc Offload On Wed, May 28, 2008 at 09:42:47AM -0700, Loc Ho wrote: > Hi, > > With IPSec ESP Authenc, it is expected that the selected driver > generates "IV" as well as encrypts the data. Our 'hardware' (available > currently), can only hand

Re: IPSec ESP Authenc Offload

2008-05-28 Thread Herbert Xu
On Wed, May 28, 2008 at 09:42:47AM -0700, Loc Ho wrote: > Hi, > > With IPSec ESP Authenc, it is expected that the selected driver > generates "IV" as well as encrypts the data. Our 'hardware' (available > currently), can only handle either no header processing or header > processing (from ESP to I

RE: IPSec ESP Authenc Offload

2008-05-28 Thread Loc Ho
008 11:35 PM To: Loc Ho Cc: linux-crypto@vger.kernel.org Subject: Re: IPSec ESP Authenc Offload On Tue, May 27, 2008 at 11:29:22AM -0700, Loc Ho wrote: > > For authenc hardware offload outbound, we need to know the whole ESP > header length - IP header + UDP header + ESP header + IV. I

Re: IPSec ESP Authenc Offload

2008-05-27 Thread Herbert Xu
On Tue, May 27, 2008 at 11:29:22AM -0700, Loc Ho wrote: > > For authenc hardware offload outbound, we need to know the whole ESP > header length - IP header + UDP header + ESP header + IV. I am thinking > adding a field in struct aead_givcrypt_request as below: Could you please let me know why it

IPSec ESP Authenc Offload

2008-05-27 Thread Loc Ho
Hi Herbert, For authenc hardware offload outbound, we need to know the whole ESP header length - IP header + UDP header + ESP header + IV. I am thinking adding a field in struct aead_givcrypt_request as below: /** * struct aead_givcrypt_request - AEAD request with IV generation * @seq