From: Steffen Klassert <steffen.klassert@secunet.com>
To: Sverd Johnsen <sverd.johnsen@googlemail.com>
Cc: linux-crypto@vger.kernel.org
Subject: Re: CONFIG_CRYPTO_PCRYPT, CONFIG_CRYPTO_CRYPTD etc. questions
Date: Tue, 11 Oct 2011 11:17:06 +0200 [thread overview]
Message-ID: <20111011091706.GA1830@secunet.com> (raw)
In-Reply-To: <CAGmahrQ5YC0UynzyjzMcvunh_UgKo-OMF6A9PM_nD3w12hrM2Q@mail.gmail.com>
On Sun, Oct 09, 2011 at 01:00:08AM +0200, Sverd Johnsen wrote:
> Hey,
>
> how do they work? Should one use them? Does it work with all ciphers?
> Do they exclude each other?
They don't exclude each other, but using both in an algorithm instance
does not make much sense. It depends on your usecase what to choose.
If a single cpu sends a lot of crypto requests (like it happens on
IPsec networking), it makes sense to parallelize with pcrypt.
Usually you don't need to setup a cryptd algorithm expicit. If an
algorithm needs cryptd, it cooses it automatically. It is used e.g.
to move the crypto requests out of atomic context (AES-NI does this.)
>
> Do they need module parameters? What if they are built-in?
They don't need module parameters. It does not matter much if they
are build-in or a module. If they are build-in, they can be just
instantiated. If they are build as module, the crypto layer tries
to autoload the module if it is not already loaded.
If you want to use pcrypt/cryptd on an algorithm that does not coose
them automatically, you have to instantiate (load) these algorithms.
Right now, using 'tcrypt' is the only way to instantiate such nonstandard
algorithms. That's kind of a hack, but things are getting much easier
as soon as we have the crypto userspace configuration API merged.
> How can I verify that they work?
You can look at /proc/crypto, this shows which algorithms are used.
You should find cryptd/pcrypt in the algorithm drivers name if they
are instantiated.
> How do they work? There is absolutely no fucking information
> whatsoever, neither in the help text nor in the docs. Am i missing
> something?
Indeed, there is no documentation.
>
> Talking mostly about typical disk encryption on SMP machines via
> dm-crypt, interested in best performance. (without AES-NI)
dm-crypt uses it's own workqueue, so you don't need cryptd here.
On recent kernels this workqueue is multithreaded, so if the
crypto requests are send from multiple cpus it behaves well
parallelized. If only one cpu sends crypto requests, it is
serialized to this cpu. pcrypt could help here, but it still
lacks ablkcipher support what is needed for dm-crypt.
prev parent reply other threads:[~2011-10-11 9:17 UTC|newest]
Thread overview: 2+ messages / expand[flat|nested] mbox.gz Atom feed top
2011-10-08 23:00 CONFIG_CRYPTO_PCRYPT, CONFIG_CRYPTO_CRYPTD etc. questions Sverd Johnsen
2011-10-11 9:17 ` Steffen Klassert [this message]
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20111011091706.GA1830@secunet.com \
--to=steffen.klassert@secunet.com \
--cc=linux-crypto@vger.kernel.org \
--cc=sverd.johnsen@googlemail.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).