From: David McCullough <[EMAIL PROTECTED]> Subject: OCF port to linux To: [EMAIL PROTECTED] Date: Wed, 17 Nov 2004 17:51:31 +1000
Hi all, Just thought I drop a line to see if anyone is interested in a linux port of the FreeBSD(OpenBSD) Open Cryptographic Framework (OCF) ? I needed user crypto acceleration under 2.4 in a hurry and Evgeniy Polyakov hadn't quite posted his work at the time, so I ported the full OCF framework. The userland API is 100% BSD compatible, thus reducing the work I needed to do with openssl/ssh. I have read all the posts to the list on Evgeniy's work and also Michal Ludvig's /dev/crypto work. I understand that this probably isn't the format/license/API that people would like, but it is working and can used for comparison if nothing else :-). If anyone would like to play with it I can put together a patch for 2.4 or 2.6. The patch would be about 70k. I have a software OCF driver (using the crypto API in the kernel), a safenet driver and an Xscale CryptACC driver. I should get time to port the hifn driver in the next day or so. Anyway, everyone wants to see the numbers, they are included below. Of course there are still a few bugs to work out :-) The results do show the trends in trade offs between user/kernel assisted crypto though, the most obvious is that for small packets user crypto is better, Cheers, Davidm Early OCF test results ====================== Here is the result of some tests run on OCF under linux. The platform was a 533MHz Intel Xscale IXP425 platform (ARM big endian). The board has a safenet 1141 on the PCI bus and also the IXP has a built in crypto engine. The following tests were done using the following commands. openssl speed -evp des -elapsed openssl speed -evp des3 -elapsed "-engine cryptodev" was added to the command when OCF acceleration was desired. The OCF modules used are: none - completely user mode software crypto soft - using crypto framework with software crypto engine safe - using crypto framework with safenet crypto engine ixp - using crypto framework with IXP crypto engine I dropped the max packet size down to 2048 bytes, 8192 seems a little unrealistic. Needless to say, the HW crypto is even further ahead with bigger buffers to work on. cipher mod. 16 bytes 64 bytes 256 bytes 1024 bytes 2048 bytes -------------------------------------------------------------------------------- des-cbc none 3244.01k 3476.31k 3539.97k 3556.01k 3558.74k des-cbc soft 594.90k 1388.31k 2132.48k 2462.04k 2540.20k des-cbc ixp 314.33k 1217.98k 3928.18k 8692.22k 11236.34k des-cbc safe 205.34k 797.56k 2926.12k 8199.85k 11954.75k des-ede3-cbc none 1211.87k 1243.69k 1252.01k 1253.03k 1253.38k des-ede3-cbc soft 451.45k 812.94k 1019.56k 1102.53k 1117.84k des-ede3-cbc ixp 314.59k 1205.56k 3499.49k 7148.88k 8622.22k des-ede3-cbc safe 204.12k 777.94k 2750.98k 7124.99k 9697.96k The following tests are the same as above only 10 threads were run in parallel by adding the "-multi 10" option to openssl speed. cipher mod. 16 bytes 64 bytes 256 bytes 1024 bytes 2048 bytes -------------------------------------------------------------------------------- des-cbc none 3252.99k 3464.39k 3575.26k 3479.82k 4251.62k des-cbc soft 645.83k 1399.34k 2071.83k 2453.65k 2796.95k des-cbc ixp 139.91k 346.95k 1648.15k 4154.48k 8433.97k des-cbc safe 109.68k 415.31k 1496.91k 3889.41k 8108.29k des-ede3-cbc none 1245.77k 1238.85k 1247.49k 1249.28k 1646.35k des-ede3-cbc soft 476.38k 817.10k 1010.62k 1094.42k 1690.12k des-ede3-cbc ixp 100.05k 348.10k 1736.11k 4174.40k 8484.31k des-ede3-cbc safe 111.67k 410.05k 1537.71k 3736.93k 8132.46k Tests using "scp -c cipher" of a 19Mb file: cipher module scp output ----------------------------------------- 3des none 100% 19MB 717.3KB/s 3des soft 100% 19MB 646.6KB/s 3des ixp 100% 19MB 1.6MB/s 3des safe failed (endian problems) Same as above using 4 copies at the same time and averaging the results: cipher module scp output ----------------------------------------- 3des none 100% 19MB 192.2KB/s 3des soft 100% 19MB 172.6KB/s 3des ixp 100% 19MB 442.5KB/s 3des safe failed (endian problems) -- David McCullough, [EMAIL PROTECTED] Ph:+61 7 34352815 http://www.SnapGear.com Custom Embedded Solutions + Security Fx:+61 7 38913630 http://www.uCdot.org _______________________________________________ Subscription: http://lists.logix.cz/mailman/listinfo/cryptoapi List archive: http://lists.logix.cz/pipermail/cryptoapi ---------- -- Eugen* Leitl <a href="http://leitl.org">leitl</a> ______________________________________________________________ ICBM: 48.07078, 11.61144 http://www.leitl.org 8B29F6BE: 099D 78BA 2FD3 B014 B08A 7779 75B0 2443 8B29 F6BE http://moleculardevices.org http://nanomachines.net
pgpZEaJx0O0JX.pgp
Description: PGP signature