Re: [lng-odp] crypto contexts

Wed, 17 Feb 2016 07:42:05 -0800 

How can you change the crypto key? Each user has its own.

Gabor

On 02/17/2016 12:13 PM, Bala Manoharan wrote:

Hi,
There is no need to create a crypto session for each packet. The application needs to create a crypto session for a unique cipher/auth key (ie all the parameters in odp_crypto_session_params_t ). A crypto session is created so that application can create a crypto session and reuse it for packets which need similar processing. The parameters of crypto session are as follows 

typedef struct odp_crypto_session_params {
        odp_crypto_op_t op;                /**< Encode versus decode */
odp_bool_t auth_cipher_text; /**< Authenticate/cipher ordering */ 
        odp_crypto_op_mode_t pref_mode;    /**< Preferred sync vs async */
        odp_cipher_alg_t cipher_alg;       /**< Cipher algorithm */
        odp_crypto_key_t cipher_key;       /**< Cipher key */
odp_crypto_iv_t iv; /**< Cipher Initialization Vector (IV) */ odp_auth_alg_t auth_alg; /**< Authentication algorithm */ 
        odp_crypto_key_t auth_key;         /**< Authentication key */
odp_queue_t compl_queue; /**< Async mode completion event queue */ 
        odp_pool_t output_pool;            /**< Output buffer pool */
} odp_crypto_session_params_t
If you see the odp_crypto_operation() function it reuses an existing crypto session and only provides parameters which are unique per packet (ie cipher/auth range, input packet, etc )
The limit of 32 crypto sessions is a limitation on the linux-generic implementation and this value might depend on individual platforms. 

Regards,
Bala
On 16 February 2016 at 18:40, Gábor Sándor Enyedi <[email protected] <mailto:[email protected]>> wrote: 

    Hi,

    I want to keep up IPSec connections with up to ~100K users
    simultaneously. After looking into the code, it seems that both
    linux-generic and odp-dpdk can allocate at most 32 crypto sessions
    (with odp_crypto_session_create). Please confirm, that this is not
    a bug, but crypto sessions are considered to be a very limited
    resource and an ODP application should create and destroy a crypto
    session for each packet, when all the users are sending traffic at
    the same time.
    Thanks,

    Gabor
    _______________________________________________
    lng-odp mailing list
    [email protected] <mailto:[email protected]>
    https://lists.linaro.org/mailman/listinfo/lng-odp





_______________________________________________
lng-odp mailing list
[email protected]
https://lists.linaro.org/mailman/listinfo/lng-odp

Reply via email to