* IPSec AH hardware offload
@ 2009-01-20 14:14 Jamie Iles
2009-01-28 3:37 ` Herbert Xu
0 siblings, 1 reply; 4+ messages in thread
From: Jamie Iles @ 2009-01-20 14:14 UTC (permalink / raw)
To: linux-crypto
Hi,
I'm currently developing a driver for a hardware crypto offload engine that is
capable of offloading both ESP and AH in IPSec. I've noticed that none of the
crypto drivers in 2.6.28 do offload for ahash and that the netkey AH
implementation both use synchronous hashes. Are the synchronous software
versions likely to be more efficient than hardware offloading or is there an
architectural reason for not using async hashes?
Cheers,
Jamie
This email and any files transmitted with it are confidential and intended solely for the use of the individuals to whom they are addressed. If you have received this email in error please notify the sender and delete the message from your system immediately.
^ permalink raw reply [flat|nested] 4+ messages in thread* Re: IPSec AH hardware offload
2009-01-20 14:14 IPSec AH hardware offload Jamie Iles
@ 2009-01-28 3:37 ` Herbert Xu
2009-01-28 8:36 ` Jamie Iles
0 siblings, 1 reply; 4+ messages in thread
From: Herbert Xu @ 2009-01-28 3:37 UTC (permalink / raw)
To: Jamie Iles; +Cc: linux-crypto
Jamie Iles <jamie.iles@picochip.com> wrote:
>
> I'm currently developing a driver for a hardware crypto offload engine that is
> capable of offloading both ESP and AH in IPSec. I've noticed that none of the
> crypto drivers in 2.6.28 do offload for ahash and that the netkey AH
> implementation both use synchronous hashes. Are the synchronous software
> versions likely to be more efficient than hardware offloading or is there an
> architectural reason for not using async hashes?
No it's just because nobody has gotten around to complete the
async hash work yet. So we're currently half-way through the
process of converting existing algorithms to the shash interface,
which allows them to be used efficiently by IPsec through the
ahash interface.
Once that's completed we can then convert IPsec (or rather, authenc)
over to using ahash.
Cheers,
--
Visit Openswan at http://www.openswan.org/
Email: Herbert Xu ~{PmV>HI~} <herbert@gondor.apana.org.au>
Home Page: http://gondor.apana.org.au/~herbert/
PGP Key: http://gondor.apana.org.au/~herbert/pubkey.txt
^ permalink raw reply [flat|nested] 4+ messages in thread* Re: IPSec AH hardware offload
2009-01-28 3:37 ` Herbert Xu
@ 2009-01-28 8:36 ` Jamie Iles
2009-01-28 10:41 ` Herbert Xu
0 siblings, 1 reply; 4+ messages in thread
From: Jamie Iles @ 2009-01-28 8:36 UTC (permalink / raw)
To: Herbert Xu; +Cc: linux-crypto
Herbert Xu wrote:
> Once that's completed we can then convert IPsec (or rather, authenc)
> over to using ahash.
Does that include the hash for authentication header in
net/ipv[46]/ah[46].c?
The driver implements authenc algorithms, so we'll already get
asynchronous operation for ESP, but the crypto_alloc_hash() in ah[46].c
explicitly requests a synchronous hash. Is this worth converting to use
ahash?
Thanks,
Jamie
^ permalink raw reply [flat|nested] 4+ messages in thread
end of thread, other threads:[~2009-01-28 10:41 UTC | newest]
Thread overview: 4+ messages (download: mbox.gz follow: Atom feed
-- links below jump to the message on this page --
2009-01-20 14:14 IPSec AH hardware offload Jamie Iles
2009-01-28 3:37 ` Herbert Xu
2009-01-28 8:36 ` Jamie Iles
2009-01-28 10:41 ` Herbert Xu
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.