On Thu, Sep 01, 2005 at 10:42:55AM +0300, Ronen Shitrit ([EMAIL PROTECTED]) wrote: > Hi > > I review both the OCF and the Acrypto projects, > both of the projects looks like a _great_ projects. > > But I choose to use the OCF project, > The main reason for choosing the OCF is that the OCF session concept > suits better the HW accelerator I'm going to use, > By session concept I mean: > In the OCF first we open a session, then we can make few operation using > this session and when we are done, we close the session. > In the Acrypto each operation is a new session.
Acrypto has crypto routing which allows to use the same session for many crypto operations. 1. create session 2. add first route (AES crypto for example) 3. add second route (DES crypto) 4. add yet another route (HMAC) 5. bind to TPM device 6. isnert session to be processed. Provided callback will be called after all operations sucessfully finished. This mechanism was designed specially for complex crypto schemas like IPsec requires. > In the HW accelerator I'm using, the overhead of opening a session is a > little high, and it is not reasonable to do it for each operation. > The overhead is a little high, since we are trying to optimize part of > the alg, for example when using the HMAC, we can calculate in > advance part of the alg and reuse it for later operations. Exactly for such kind of scenarios crypto routing was created. It allows to have crypt->hmac->crypt->anything to do with the data without needs to care about manually reinsert the session. Crypto devices are selected automatically according to the crypto scheduler for each route, so it always will be as fast as possible, although one can bind session to particular device. OCF is a very good stack, and I think it will handle your needs well. > Regards > Ronen Shitrit > Marvell Semiconductor Israel Ltd > > > -----Original Message----- > From: [EMAIL PROTECTED] > [mailto:[EMAIL PROTECTED] On Behalf Of David McCullough > Sent: Tuesday, August 30, 2005 2:09 AM > To: Ronen Shitrit > Cc: [EMAIL PROTECTED] > Subject: Re: OCF or Acrypto for IPSec and dm-crypt > > > Jivin Ronen Shitrit lays it down ... > > Hi, > > > > So I guess there isn't any other HD encryption I can use that support > > the OCF I saw that the OCF support esp and ah for Rx/Tx, when using > > openswan with the KLIPS patch for 2.6, does this OCF patch work? Or is > > > it under development? > > It works. I need to update it to fix a couple of small issues that I > have found, but the patch as is functions quite well. > > > I also noticed that the latest openswan version can be use with the > > 2.6 native Ipsec stack. > > Is there any plan to port the OCF to support 2.6 Ipsec native stack? > > There is definately intentions to do this, though it doesn't currently > have a high priority. Klips provides better coverage of the things we > need from an ipsec stack at the moment. The OpenSwan guys have been > working pretty hard on 2.6 support as well. > > I think someone on this list was working on a 2.6 IPSec/OCF combo ? > > Cheers, > Davidm > > -- > David McCullough, [EMAIL PROTECTED], Custom Embedded Solutions + > Security > Ph:+61 734352815 Fx:+61 738913630 http://www.uCdot.org > http://www.cyberguard.com > _______________________________________________ > > Subscription: http://lists.logix.cz/mailman/listinfo/cryptoapi > List archive: http://lists.logix.cz/pipermail/cryptoapi > _______________________________________________ > > Subscription: http://lists.logix.cz/mailman/listinfo/cryptoapi > List archive: http://lists.logix.cz/pipermail/cryptoapi -- Evgeniy Polyakov - To unsubscribe from this list: send the line "unsubscribe linux-crypto" in the body of a message to [EMAIL PROTECTED] More majordomo info at http://vger.kernel.org/majordomo-info.html
