Re: Linux 2.6 crypto API and HW accelerators

From: Eugene Surovegin
Date: Tue May 04 2004 - 11:20:31 EST


On Tue, May 04, 2004 at 03:39:35PM +0200, remy.gauguey@xxxxxxxxxxxxx wrote:
> I'm currently working on a ARM920T based network processor with arm-linux
> kernel 2.6.5.
> This device has a crypto hardware accelerator dedicated to IPsec.
> In ESP mode the device can do authentication (SHA-1, MD5) as well as
> encryption (AES, TDES in CBC or ECB mode) in one pass.
> Unfortunately current Linux 2.6 crypto API doesn't support this kind of
> hardware accelerator. Current crypto module relies on crypto algorithms
> which are called for a single operation and for each block.
>
> Then, I would like to know if other people are working on the hardware
> crypto support in kernel 2.6.x.
> If so, what would be the plan ? crypto api improvement or new IPsec
> specific hardware support ?
>

I wrote a driver recently for Hifn 7955 crypto processor for use in low-end PPC
box (PPC 440, 500Mhz).

I added simple extension for current Crypto API, basically a pass-through path.

Patches can be found and http://kernel.ebshome.net (patches are of alpha
quality, and were never tested on x86 :)

In short, my experience showed that without significant changes in current
implementation, e.g. adding async crypto, adding hardware crypto is worth only
for relatively slow CPUs, e.g. less than 1Ghz, and even with slow processor
overhead can be so big, that short packets are better processed by software
path.

As a side note, in addition to the limitation you noticed (sw crypto is called
for one block), there are another one, currently Linux IPSec implementation
always calls Crypto layer holding BH lock, so hw crypto driver have to busy wait
even when called from process context. Maybe this can be easily changed.

Feel free to contact me privately if you need more information :)

Eugene

-
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at http://vger.kernel.org/majordomo-info.html
Please read the FAQ at http://www.tux.org/lkml/