I've just released version 0.5. The changelog since last release is:
* Corrected issue with zero copy on multiple pages.
* Fallback to normal operation if user pages cannot be
mapped.
___
Cryptodev-linux-devel mailing list
Cryptodev-linux-devel@gna.org
Michal Ludvig wrote:
> Hi Nikos,
>
> I'm glad to see you have adopted my cryptodev driver and are taking it
> further. Have you got any plans for inclusion into the mainline kernel?
Hello Michal,
This is the idea, but I don't think this is feasible since the
linux-crypto people have their own
On 07/24/2010 06:02 PM, cryptodev-linux-commit-ow...@gna.org wrote:
Please use the devel list for questions.
https://mail.gna.org/listinfo/cryptodev-linux-devel/
About your question. Have you tried the programs "cipher" and "hmac" in
the examples directory? Is the output ok?
What patches did you
Hello,
When I started working on cryptodev I've used the GPLv3+ license.
However this is incompatible with the linux kernel which is GPLv2-only.
Would you agree to move the code to a GPLv2+ license? (I don't like the
GPLv2-only and GPLv2+ is a compatible compromise).
regards,
Nikos
_
On 08/08/2010 07:40 PM, Jan Misiak wrote:
> Hello,
>
> I appreciate your effort of maintaining cryptodev module for Linux.
> There is something I do not understand though. Why doesn't Linux
> kernel expose its CryptoAPI to userspace and force users to rely on
> this patch or OCF? Do you plan on pu
On 08/31/2010 02:40 PM, Dmitry Kasatkin wrote:
> Hello all,
>
> Thanks for this work. Very nice stuff.
> But have you ever tried you run checkpatch.pl from kernel tree?
> For example
> ./scripts/checkpatch.pl --file ../crypto/cryptodev-linux/cryptodev_main.c
> Our kernel maintainers does not allow
On 09/06/2010 08:58 AM, Dmitry Kasatkin wrote:
> Hi,
>
> Just realized that you removed support for old api in the newapi branch.
> Old module was 150k, new one is 3.5M.
> It looks somewhat insane for our mobile device while we need very simple
> functionality.
> Any ways (CONFIG options) to strip
On 09/06/2010 11:46 AM, Miloslav Trmac wrote:
> Hello,
> - "Dmitry Kasatkin" wrote:
>> Just realized that you removed support for old api in the newapi
>> branch.
>> Old module was 150k, new one is 3.5M.
> Could the difference be simply in debug info?
>
> $ ll -h cryptodev.ko
> -rw-rw-r--. 1
On 09/07/2010 08:19 AM, Dmitry Kasatkin wrote:
> Hello,
>
> Here is updates to old cryptodev (master branch).
> I backported some new stuff which was in newapi branch and fixed checkpatch
> errors and warnings.
>
> I will appreciate if you would apply it.
Thanks, I've pushed it.
regards,
Nikos
On Tue, Sep 7, 2010 at 9:02 AM, Dmitry Kasatkin
wrote:
> Please look to patch description.
> normally OpenSSL API use looks like:
[...]
I know this was a limitation of the openbsd API, and this addition
will make the two APIs incompatible. I don't think anyone really cared
about it because hash a
Hello,
I've just released cryptodev-linux 0.6. The changes since last release are:
Version 0.6 (released 2010-09-16)
* multi-update support for hash calculation using
the new flag COP_FLAG_UPDATE.
* Relicensed under GPLv2.
* Added AES-CTR.
* Corrected fallback to non-zero copy when referenced
Hello,
I've made a 0.1 release of the NCR framework. It is a cryptographic
framework for the linux kernel. Its main features are:
* Self contained linux kernel module
* Separation of cryptographic keys from user-space applications
* Support for RSA, DSA and Diffie Hellman public key algorithms
*
On Tue, Sep 28, 2010 at 1:58 PM, Phil Sutter wrote:
> Hi!
> Please do not apply this patch as is - this is just meant for review,
> therefore
> I didn't bother removing debug output and dead code.
> IMO, a bigger rewrite of the internal routines in cryptodev_main.c is needed
> in
> order to supp
On 09/29/2010 04:59 PM, Phil Sutter wrote:
> Hi,
>
> On Wed, Sep 29, 2010 at 03:56:46PM +0200, Nikos Mavrogiannopoulos wrote:
>> I like the implementation and the idea. A question would be why use
>> read()/write()
>> instead say of new ioctls (e.g. CIOCCRYPT_ASYNC)?
On 10/01/2010 04:38 PM, Phil Sutter wrote:
> This time insertion and collection of asynchronous jobs is implemented
> via ioctl calls.
Thanks it looks nice.
> What do you think about the preallocated list items? The implementation is
> flexible enough to allow for creating them right when they're
On 09/07/2010 10:14 AM, Dmitry Kasatkin wrote:
> Hi,
>
> If the flag is not set then it works as original..
> On our device software implementation give 19MB/s throughput with 95%
> cpu load.
> cryptodev with SHA1 HW accelerator gives 30MB/s throughput with 5% cpu load.
> Very impressive. Power co
Hello,
I've just released cryptodev-linux 0.7. The changes since last release are:
Version 0.7 (released 2010-10-08)
* Added COP_FLAG_FINAL to make multi-update
more efficient.
* Added CRIOGET_NOT_NEEDED definition to allow
users of the API to distinguish from the bare
OpenBSD API that require
On Mon, Oct 11, 2010 at 7:54 PM, Phil Sutter wrote:
>> > This time insertion and collection of asynchronous jobs is implemented
>> > via ioctl calls.
>> Thanks it looks nice.
> But it's all kippers and curtains. When testing an async-able speed.c on
> a multiprocessor system, interactivity went to
On Tue, Oct 19, 2010 at 3:44 PM, Herbert Xu
wrote:
> OK I've gone ahead and implemented the user-space API for hashes
> and ciphers.
> To recap this interface is designed to allow user-space programs
> to access hardware cryptographic accelerators that we have added
> to the kernel.
> The intended
On Wed, Oct 13, 2010 at 5:17 PM, Phil Sutter wrote:
> Still ugly as hell (and therefore TODO):
> - having to pass task_struct and mm_struct from the calling process
> around
> - need to copy the IV right at write() time (copy_from_user seems to
> work in process context only)
I'm still trying t
Hello Phil,
Thanks you for the patchset. I've just commited it. I've also applied
some changes, such as not copying the "mac" field on every operation.
regards,
Nikos
___
Cryptodev-linux-devel mailing list
Cryptodev-linux-devel@gna.org
https://mail.gna
On 10/25/2010 07:08 PM, Luca Niccoli wrote:
> I compiled and tested both 0.7 and git
> (ad67bbd1ae0b366455c9ca61334399930fc43ae2); I can successfully use the
> example programs and the CESA crypto engine of my openrd board is used
> (I can see it from the speedup and /proc/interrupts).
> I refreshe
On Mon, Oct 25, 2010 at 11:41 PM, Luca Niccoli wrote:
>> I remember I needed an extra flag to use the actual engine in speed. Did
>> you try openssl speed -evp aes-128-cbc -engine ...?
> That did it.
[...]
> which makes me think (together with the driver source) that the CESA engine
> supports 256
Applied!
___
Cryptodev-linux-devel mailing list
Cryptodev-linux-devel@gna.org
https://mail.gna.org/listinfo/cryptodev-linux-devel
Hello,
I've just released cryptodev-linux 0.8. The changes - thanks to Phil -
since version 0.7 are summarized below:
Version 0.8 (released 2010-11-06)
* Made cryptodev aware of alignment constraints.
* Added support for CRYPTO_AES_ECB.
* Added asynchronous operation support using
CIOCASYNCC
Hello Phil,
I've applied patches 1-3, but I haven't applied this one. That is
because this will make the driver not compatible with the original
openbsd interface (we'll have structures with different content). I'd
suggest extensions like those to be added as a new ioctl that can be
checked for ex
Applied. I have made the system used configurable, so one will need to
use the --kib option to speed to replace the default (SI system).
On 12/17/2010 07:04 PM, Phil Sutter wrote:
> Since measurement is done in bytes, use a capital B as unit. Also,
> stepping by 1024 from one magnitude to the next
On 12/17/2010 06:52 PM, Phil Sutter wrote:
> For now, the only information returned are the verbose names of the
> requested cipher and hash algos along with their driver names.
I've applied both of them. Thank you!
___
Cryptodev-linux-devel mailing li
On 12/20/2010 02:49 PM, Phil Sutter wrote:
> Hi,
>
> On Sun, Dec 19, 2010 at 05:20:51AM +0100, Nikos Mavrogiannopoulos wrote:
>> Applied. I have made the system used configurable, so one will need to
>> use the --kib option to speed to replace the default (SI system).
>
&
On 12/20/2010 05:54 PM, Phil Sutter wrote:
> Hi,
>
> On Mon, Dec 20, 2010 at 05:38:05PM +0100, Nikos Mavrogiannopoulos wrote:
>>> Could you possibly have forgotten to commit parts of that? The currently
>>> published state has usage of the SI system hard-coded.
>&g
I've removed the mob branch few weeks before. I didn't find it much
easy to use...
Was it of use to you?
regards,
Nikos
On Mon, Dec 27, 2010 at 5:35 PM, Phil Sutter wrote:
> Hi,
>
> I tried to push this series of (quite uninteresting) patches to the mob
> branch,
> but failed. Looks like there
On 01/03/2011 04:01 PM, Phil Sutter wrote:
> Hey Nikos,
>
> On Wed, Dec 15, 2010 at 02:26:50PM +0100, Nikos Mavrogiannopoulos wrote:
>> I've applied patches 1-3, but I haven't applied this one. That is
>> because this will make the driver not compatible with th
On 01/06/2011 07:16 PM, Phil Sutter wrote:
> When trying to en-/decrypt a buffer using CBC in two steps by
> passing a part from the buffer's start at first, and then the
> remaining data in the second call, the second operation depends on
> the first one in that it's IV depends on it's result. Ins
On 01/17/2011 11:47 AM, Phil Sutter wrote:
> Hi,
>
> On Sat, Jan 15, 2011 at 01:48:47PM +0100, Nikos Mavrogiannopoulos wrote:
>> On 01/03/2011 04:01 PM, Phil Sutter wrote:
>>> Hey Nikos,
>>>
>>> On Wed, Dec 15, 2010 at 02:26:50PM +0100, Nikos Mavrogianno
Applied!
On 01/17/2011 06:29 PM, Phil Sutter wrote:
> ---
> cryptodev.h |4 ++--
> cryptodev_int.h |2 --
> cryptodev_main.c|4 +++-
> examples/async_cipher.c | 45 ++---
> examples/async_speed.c | 25 +++
On 01/17/2011 11:40 AM, Phil Sutter wrote:
> Hi,
>
> On Sat, Jan 15, 2011 at 02:00:02PM +0100, Nikos Mavrogiannopoulos
> wrote:
>> On 01/06/2011 07:16 PM, Phil Sutter wrote:
>>> When trying to en-/decrypt a buffer using CBC in two steps by
>>> passing a p
On 01/18/2011 01:18 PM, Phil Sutter wrote:
> When the user has specified COP_FLAG_WRITE_IV in crypt_op.flags, the
> updated IV will be written back to userspace. This is useful for
> encryption of continuous data in several steps, without having to care
> for each cipher's inerna.
>
> Protecting t
On 01/18/2011 06:33 PM, Phil Sutter wrote:
> For simplicity's sake, this is a per-fd option, and therefore applies to
> all sessions opened over it.
Hello Phil,
I have applied up to here... This is an interesting patch, but I'm
more curious on how you use it in practice? Is to load balance
across
On Mon, Jan 24, 2011 at 2:54 PM, Phil Sutter wrote:
> Hey Nikos,
>> I have applied up to here... This is an interesting patch, but I'm
>> more curious on how you use it in practice? Is to load balance
>> across CPUs? If this is the purpose shouldn't it be implicit
>> and only handled by the drive
On Wed, Jan 26, 2011 at 5:57 PM, Phil Sutter wrote:
>> I'm don't know much on scheduling, but just an idea, what about avoiding the
>> userspace hint for cpu with a scheduler that evenly distributes jobs across
>> all
>> available CPUs - by checking the amount of pending jobs on each one, and
>>
Hello,
I've just released 0.9 version of cryptodev. The changes since
0.8 are:
Version 0.9 (released 2011-02-11)
* Added additional test tools:
- sha_speed does performance testing of SHA1 and SHA256
- hashcrypt_speed additionally encrypts with AES128 and AES256
* Allow updating the IV in u
Hello,
cryptodev doesn't include any more algorithms than supported by
linux-crypto. The NCR API at:
http://download.gna.org/cryptodev-linux/ncr-0.1.1.tar.gz
http://home.gna.org/cryptodev-linux/ncr.html
however does. This is a different API (not cryptodev) that
has hooks to use public key algorith
I suppose that you have to use -I and set the
path of the libtomcrypt headers in the ncr module
source.
On Tue, Feb 22, 2011 at 1:22 PM, André Egners
wrote:
> Hi,
>
> this sounds good, but how would I #include<> the lib?
>
> Cheers,
> André
>
> On 22.02.2011 12:38,
On 03/25/2011 12:07 AM, Vladimir Zapolskiy wrote:
> Having absolute path for cryptodev.h allows to compile cryptodev
> examples out of source tree.
Hi,
Thank you for the patch. The problem seems to be that if applied then
the examples cannot be built in the source tree (if cryptodev wasn't
previo
On 03/25/2011 12:07 AM, Vladimir Zapolskiy wrote:
> This change adds setting up of alignment mask for buffers according to
> the value, which is obtained from the kernel algorithm definition.
>
> Signed-off-by: Vladimir Zapolskiy
> ---
> examples/hashcrypt_speed.c | 10 ++
> examples/s
On 03/26/2011 09:21 AM, Vladimir Zapolskiy wrote:
>> Hi,
>> Thank you for the patch. The problem seems to be that if applied then
>> the examples cannot be built in the source tree (if cryptodev wasn't
>> previously installed).
> sounds very odd, especially because all other examples have
> as t
Hello,
I've just released cryptodev-linux 1.0. It includes
several fixes in the example programs.
The changelog since 0.9 is:
Version 1.0 (released 201-04-12)
* Several fixes in the included examples. Based on
patches by Vladimir Zapolskiy.
regards,
Nikos
Hello,
I've compared the cryptodev [0] and AF_ALG interfaces in terms of
performance [1]. I've put the results, as well as the benchmarks used
in: http://home.gna.org/cryptodev-linux/comparison.html
The benchmark idea was to test the speed of initialization, encryption
and deinitiation, as well
On 08/28/2011 10:35 PM, David Miller wrote:
The benchmark idea was to test the speed of initialization, encryption
and deinitiation, as well as the encryption speed alone. These are the
most common use cases of the frameworks (i.e. how they would be used
by a cryptographic library).
Be sure to
On 09/01/2011 04:15 AM, Herbert Xu wrote:
Nikos Mavrogiannopoulos wrote:
Given my benchmarks have no issues, it is not apparent to me why one
should use AF_ALG instead of cryptodev. I do not know though why AF_ALG
performs so poor. I'd speculate by blaming it on the usage of the socke
On 09/01/2011 08:43 AM, Herbert Xu wrote:
On Thu, Sep 01, 2011 at 08:26:07AM +0200, Nikos Mavrogiannopoulos wrote:
Actually this is the reason of the ecb(cipher-null) comparison. To
emulate the case of a hardware offload device. I tried to make that
clear in the text, but may not be. If you
On Thu, Sep 1, 2011 at 4:14 PM, Herbert Xu wrote:
> Are you maxing out your submission CPU? If not then you're testing
> the latency of the interface, as opposed to the throughput.
I think it is obvious that a benchmark of throughput measures
throughput. If however, you think that AF_ALG is in d
On Thu, Sep 1, 2011 at 4:59 PM, Herbert Xu wrote:
>> latency, maybe(?) high throughput or so). Thus, I designed this
>> benchmark with a use-case in mind, i.e., a TLS or DTLS tunnel
>> executing in a system with such an accelerator. There might be other
>> benchmarks with other use cases in mind,
On 09/01/2011 05:32 PM, David Miller wrote:
From: Nikos Mavrogiannopoulos
Date: Thu, 1 Sep 2011 17:06:06 +0200
It would be interesting to have a partial kernel-space TLS
implementation but I don't know whether such a thing could ever make
it to kernel.
Herbert and I have discussed
Hello,
In the aead branch of cryptodev-linux repository [0], I've added a
new interface to access authenticated encryption ciphersuites (aead).
This includes combinations of cipher/mac for TLS and SRTP. This allows
combining the operation of encryption and mac on a single system call.
This is achi
Hello,
(note that the main mailing list is cryptodev-linux-devel@gna.org)
What is the output you get from "make check" in the cryptodev
distribution? Could you provide a backtrace of the gnutls-cli segfault?
regards,
Nikos
PS. About the openssl speed, you need to use -evp mode to enable other
e
On 02/19/2012 11:34 AM, Frank wrote:
>> Hello,
>> (note that the main mailing list is cryptodev-linux-devel@gna.org)
> I was first thinking about sending my report there, but then I read that
> bug-reports should be send to cryptodev-linux-com...@gna.org on the following
> page: http://home.gn
Hello,
I've just released cryptodev-linux 1.1. It adds
new features to the API. Part of this work was sponsored
by the OpenSSL foundation.
The changelog since 1.0 is:
Version 1.1 (released 2012-02-20)
* Fixed alignment issue in speed.c
* Defined HASH_MAX_LEN is cryptodev.h
* CIOCGSESSINFO ioc
On 02/23/2012 07:48 PM, Phil Sutter wrote:
>> These are the specs: - On Marvell Kirkwood hardware - Running
>> Debian Wheezy (Linux kernel 3.2.0) - cryptodev-linux 1.0 - (Debian
>> version of) openssl 1.0.0g with cryptodev support (both tried
>> -DHAVE_CRYPTODEV -DUSE_CRYPTODEV_DIGESTS -DHASH_MAX
On 02/24/2012 08:55 AM, Frank wrote:
> The fix solves the problems with gnutls-cli --benchmark-tls when
> mv_cesa is loaded. Thanks! Note that the openssl problems (segfault
> with openssl s_server, nginx crashing when serving https) occur
> regardless of whether mv_cesa is loaded or not on my A
Hello,
I've just released cryptodev-linux 1.2. This fixes an issue
with mv_cesa in ARM processors, adds COP_FLAG_RESET to allow
resetting the state of a hash or HMAC, and sets the flag
SIOP_FLAG_KERNEL_DRIVER_ONLY on systems that the kernel doesn't
support the CRYPTO_ALG_KERN_DRIVER_ONLY flag, usi
On 02/24/2012 09:24 AM, Frank wrote:
> I'll try to find time to check platform-dependence by testing on a
> virtual x86 installation, and will contact the code submitters of
> eng_cryptodev.c in openssl more directly with the results.
It seems the openssl digests option was never tested with cr
On 02/28/2012 06:27 PM, Phil Sutter wrote:
> From Phil Sutter # This line is ignored.
> From: Phil Sutter
> Subject: Fixup of my initial patch series
> In-Reply-To: 1330443633-12558-1-git-send-email-phil.sut...@viprinet.com
>
> - forgot to add openssl_wrapper.h
> - aligned second patch's subjec
On Tue, Feb 28, 2012 at 11:56 PM, Phil Sutter wrote:
>> > - forgot to add openssl_wrapper.h
>> > - aligned second patch's subject line with the first one
>> Thank you Phil. I've just committed them!
> Great, thanks! I found this very useful for debugging problems with
> mv_cesa. Hard-coding diges
Hello,
I've just released cryptodev-linux 1.3. This release includes
few minor updates. The changelog since 1.2 is:
Version 1.3 (released 2012-02-29)
* Return EBADMSG instead of ECANCELED on tag verification
failure in authenc modes.
* COP_FLAG_RESET can be combined with COP_FLAG_UPDATE for
eff
er wrote:
> Hi,
>
> On Wed, Feb 29, 2012 at 01:19:43PM +0100, Nikos Mavrogiannopoulos wrote:
>> On Tue, Feb 28, 2012 at 11:56 PM, Phil Sutter wrote:
>> > Another thing I just noticed, these commit-mails are somehow broken.
>> > E.g. backslashes are missing comple
Hello,
I've just released cryptodev-linux 1.4. This release includes
a minor update. The changelog since 1.3 is:
Version 1.4 (released 2012-03-15)
* Correctly report hw accelerated ciphers.
regards,
Nikos
___
Cryptodev-linux-devel mailing list
Crypto
d add some fixes so "make
test" succeeds on openssl. Could you try this version of eng_cryptodev.c?
regards,
Nikos
/*
* Copyright (c) 2002 Bob Beck
* Copyright (c) 2002 Theo de Raadt
* Copyright (c) 2002 Markus Friedl
* Copyright (c) 2012 Nikos Mavrogiannopoulos
* All rights reserv
On 05/17/2012 12:34 AM, Jaren Johnston wrote:
> Hi all,
>
> I enjoyed finding these while testing on a system where I'd forgotten to
> enable gcm in the kernel. I.e., these bugs are on error flows, and I
> wouldn't expect to encounter them normally.
Thank you Jaren. I've applied the fixes.
>
On 06/09/2012 10:42 PM, Jaren Johnston wrote:
> Hey there,
> I've recently been working on some GCM cases with empty PT and AAD. I don't
> know how useful they are in practice, but they're legit and show up in
> validation tests (e.g., FIPS).
Hello,
Indeed it is a useful addition. However you
On 06/09/2012 11:18 PM, Jaren Johnston wrote:
> Author: Jaren Johnston
> Date: Fri Jun 8 15:49:03 2012 -0700
>
>
>
> adjustment to adjust_sg_array
>
>
>
> Replaced the exponential requesting of memory w/ something more linear.
Why is that? Did you notice any issues with the
On Thu, Jun 14, 2012 at 4:04 PM, Phil Sutter wrote:
> Hi,
> I am currently comparing eng_cryptodev.c in current cryptodev-linux git
> with the same file in openssl-1.0.0c, wondering about the differences.
> Why the commented out support for HMAC modes? I assume cryptodev-linux
> should still serve
On Fri, Jun 15, 2012 at 12:41 PM, Phil Sutter wrote:
> Hi,
> On Thu, Jun 14, 2012 at 04:38:03PM +0200, Nikos Mavrogiannopoulos wrote:
>> Which changes do you refer to? If I remember well this file is based
>> on the eng_cryptodev.c of 1.0.1.
> Particularly those:
>
>
On Fri, Jun 15, 2012 at 1:56 PM, Phil Sutter wrote:
> I was rather referring to the #if 0 above, effectively deactivating the
> whole set of *_HMAC digests. :)
Ah, ok. I saw that the digest_init() function had:
sess->mackey = state->dummy_mac_key;
sess->mackeylen = digest_key_length(ctx->digest
On 06/12/2012 08:11 PM, Jaren Johnston wrote:
>> [Jaren Johnston]
>>
>> Yes: Your original loop works fine -- except if I set
> DEFAULT_PREALLOC_PAGES
>> = 0. I don't personally need that case... I'd set DEFAULT_PREALLOC_PAGES
> = 1
>> just now during testing, to ensure page requests doubled nice
On 06/15/2012 10:33 PM, Jaren Johnston wrote:
>> [Nikos Mavrogiannopoulos]
>>> btw, your description
>>> on the second patch in this mail doesn't really match the contents.
>>
>> [Jaren Johnston]
>> Wow... ok then. Neither one of those is what I
Applied thank you.
On 06/29/2012 12:09 AM, Jaren Johnston wrote:
> Hey,
>
>
>
> During yet more gcm testing, I ran into cases where I'd end up sitting on a
> trylock:
>
>
>
> ioctl.c:321: if (!mutex_trylock(&ses_ptr->sem)) {
>
> ioctl.c-322- dprintk(2, KE
Applied!
On 07/16/2012 03:10 PM, Phil Sutter wrote:
>
> Signed-off-by: Phil Sutter
> ---
> authenc.c | 28 ++--
> cryptlib.c |2 +-
> cryptlib.h |2 +-
> cryptodev_int.h |2 +-
> ioctl.c |4 ++--
> lib/benchmark.c |8 ---
Thanks Jaren,
Could you send the patch attached, so I can apply it cleanly. Your
mailer breaks the format. It is better to use the output of git
format-patch.
regards,
Nikos
On 07/27/2012 07:50 PM, Jaren Johnston wrote:
>
>
> Output buffer doesn't hold tag on decrypt, so no need to account f
On 08/02/2012 12:51 AM, Jaren Johnston wrote:
> Hmm... that *was* the output from git format-patch... apparently mangled :-/
>
> Here it is as an attachment.
Applied, thank you!
___
Cryptodev-linux-devel mailing list
Cryptodev-linux-devel@gna.org
ht
Hello,
I've just released cryptodev-linux 1.5. This is a bug fix release.
A brief changelog follows.
Version 1.5 (released 2012-08-04)
* Fixes in AEAD support. Patches by Jaren Johnston.
* Simplifications in memory locking. Patch by Phil Sutter.
* Allow empty plaintext and authenticated data
On 08/17/2012 06:45 PM, Sridhar Manickam wrote:
> Hi,
>
> My expertise with C on Linux is quiet rusty. What we were looking for
> is a mechanism to store a Master key in Linux which is strongly
> protected and I came across the crypto-dev project and thought using
> the /dev/ncr to store the mast
On 08/29/2012 11:05 PM, Sridhar Manickam wrote:
> Nikos,
>
> Thanks for your response. I have looked at the aes.c sample and have some
> follow up questions
> The executable aes runs fine even without me using the ncr-setkey to set the
> master key, so does that mean the data encryption key is
On Tue, Sep 4, 2012 at 11:59 PM, Sridhar Manickam wrote:
> Nikos,
> I was able to get the samples for STORE WRAP & STORE UNWRAP working. Thanks
> for your help. What is minimum Linux Kernel version that is needed to support
> the /dev/ncr ?
Most probably it would work from the 2.6, but the only
On 09/20/2012 04:55 PM, Tom St Denis wrote:
> I see that cryptodev supports AEAD mode with GCM but are there any plans to
> add AEAD support for generic cipher/hash modes? Some crypto hardware support
> these modes and it would be nice to have access to it via the userspace API.
The current AE
On 09/23/2012 11:54 PM, Lluís Batlle i Rossell wrote:
>> Specifically, this 3.5.4 reports on dmesg:
>> MV-CESA:Fallback driver 'hmac(sha1)' could not be loaded!
>> MV-CESA:Fallback driver 'sha1' could not be loaded!
>>
>> This happens every time I run something doing sha1 in openssl. Let it be
>>
On 09/24/2012 08:46 PM, Lluís Batlle i Rossell wrote:
>> There will be no much change. If you mv_cesa doesn't support sha1, it
>> may be faster to use the userspace implementation of sha1.
> I got it working. Simply, the mv_cesa wants a 'fallback'. Maybe for some
> shorter-than-usual-length block
On 11/03/2012 03:22 PM, Frediano Ziglio wrote:
> Hi,
> I'm searching for a way to pass a TLS session between two programs
> under Unix. I can use unix sockets to send the file descriptor but I
> don't know how to request to GnuTLS crypto information (like algorithm
> used and key) in order to pa
On 11/03/2012 09:08 PM, Frediano Ziglio wrote:
> Hi, what I'm trying to do is to store a connection in another process
> to do connection pooling.
If by storing connection you mean to transfer a gnutls session from one
process to another, you cannot do it, either with cryptodev or without.
The
On 11/19/2012 03:04 PM, nick Rakar wrote:
>
> Hello!
> I download the sources cryptodev-linux-1.5 and according to the README file i
> replace the eng_cryptodev.c file of openssl (crypto/engine/) with the version
> available in the extras subdirectory and also i add the flags
> -DHAVE_CRYPTOD
On 11/21/2012 08:58 AM, nick Rakar wrote:
> > Could you try removing those flags?
> Yes, i replace the flags with zeros and the compilation was successful.These
> flags appeared at definitions:
> static const EVP_MD cryptodev_sha1 static const EVP_MD cryptodev_sha256
> static const EVP_MD crypto
On 11/28/2012 11:39 AM, Yashpal Dutta wrote:
> 1) Cryptodev-linux being a linux kernel module require a build target for
>module_install and not for install.
> 2) Some cross-compiler target need installation of module to different
> directory
> than host's module directory path. PREFIX allow
On 11/30/2012 11:33 AM, Nikolaos Tsakalakis wrote:
> Hello all,
>
> I have an issue concerning cryptodev and talitos use. I use kernel 2.6.32-13,
> however I use the talitos version of 2.6.35 backported. I have several times
> a crash like the one below.
[...]
>
> I attach the objdump. Having
On Mon, Jan 7, 2013 at 2:36 PM, Kees-Jan Hermans wrote:
> It is, however, a question surrounding some confusion I have wrt using
> cryptodev: on the internet (for example, here:
>
> http://wiki.ipfire.org/en/optimization/cryptodev
> ) I find references that cryptodev can do AES-256. In crypto/cryp
On 01/24/2013 11:55 PM, Yashpal Dutta wrote:
> Signed-off-by: Yashpal Dutta
> ---
> crypto/cryptodev.h |2 ++
> extras/eng_cryptodev.c | 21 +
> ioctl.c|8
> 3 files changed, 31 insertions(+), 0 deletions(-)
Thanks. Applied.
On 01/24/2013 11:22 PM, Yashpal Dutta wrote:
> 1) The keylen in cryptodev_dh_compute_key is already in bits. So, avoid
> multiplying
> it with 8 while passing it to cryptodev.
>
> 2) cryptodev_dh_compute_key must return size of secret generated as expected
> by openssl.
>
> Signed-off-by: Yash
Hello,
I've moved the source and the web pages of cryptodev-linux at github.
The new pages are at:
http://cryptodev-linux.org/
and the source code at:
https://github.com/nmav/cryptodev-linux/
regards,
Nikos
___
Cryptodev-linux-devel mailing list
Crypt
On Fri, Feb 1, 2013 at 6:24 AM, Dutta Yashpal-B05456
wrote:
> Hi,
>
> In cryptodev, there are some scenarios where in/out parameters are allocated
> on stack. One of few such cases is
> as follows:
>
> During cryptodev_hash_init, the Mackey being passed to crypto_ahash_setkey
> is on stack and
On 02/15/2013 04:22 PM, Dutta Yashpal-B05456 wrote:
> Hi Phil,
>
> This can break because copy_from/to_user() copies from the current user
> process (which should be obvious, since
> there's no way to tell it which user process to copy from).
>
> In a syscall invoked by your userspace process
On 02/27/2013 01:45 AM, Zi Zhou wrote:
> I am new to cryptodev and HW acceleration. So my question is very
> basic. I have built cryptodev module and loaded to my kernel, the HW
> crypto driver is in development by other party, I don't quite know
> how the 2 glue together. Is there any extra logi
1 - 100 of 148 matches
Mail list logo
