Hi Linus:
Here is an updated to the crypto pull request for 2.6.38:
* Crypto API interface for user-space (hash + skcipher)
This interface is intended to provide access of kernel
hardware crypto drivers to user-space applications. It
presents the kernel crypto API via a
On Sat, Jan 08, 2011 at 03:23:04PM +0200, Nikos Mavrogiannopoulos wrote:
On Fri, Jan 7, 2011 at 2:04 PM, Neil Horman nhor...@tuxdriver.com wrote:
Btw, it doesn't have to be about performance per se. Does this allow
people to use keys without actually _seeing_ those keys? Your example
On Sat, Jan 08, 2011 at 03:23:04PM +0200, Nikos Mavrogiannopoulos wrote:
On Fri, Jan 7, 2011 at 2:04 PM, Neil Horman nhor...@tuxdriver.com
wrote:
Btw, it doesn't have to be about performance per se. Does this
allow people to use keys without actually _seeing_ those keys?
Your
On Fri, Jan 7, 2011 at 2:04 PM, Neil Horman nhor...@tuxdriver.com wrote:
Btw, it doesn't have to be about performance per se. Does this allow
people to use keys without actually _seeing_ those keys? Your example
implies that that is not the case, but that's actually one of the few
reasons to
On Thu, Jan 06, 2011 at 02:13:17PM -0800, Linus Torvalds wrote:
On Thu, Jan 6, 2011 at 1:39 PM, Herbert Xu herb...@gondor.hengli.com.au
wrote:
On Thu, Jan 06, 2011 at 01:23:19PM -0800, Linus Torvalds wrote:
Explanations of interface. Code. Who uses it? What are the actual
performance
On Wed, Jan 5, 2011 at 4:01 PM, Herbert Xu herb...@gondor.hengli.com.au wrote:
* Crypto API interface for user-space (hash + skcipher)
Is there really any point to this? And can we get more explanation of
what the interface is, and who would use it?
If you need crypto in user space, it's
On Thu, Jan 06, 2011 at 10:05:46AM -0800, Linus Torvalds wrote:
Is there really any point to this? And can we get more explanation of
what the interface is, and who would use it?
I think you've answered it yourself in the third paragraph :)
If you need crypto in user space, it's almost
On Thu, Jan 6, 2011 at 1:16 PM, Herbert Xu herb...@gondor.hengli.com.au wrote:
On Thu, Jan 06, 2011 at 10:05:46AM -0800, Linus Torvalds wrote:
Is there really any point to this? And can we get more explanation of
what the interface is, and who would use it?
I think you've answered it
On Thu, Jan 06, 2011 at 01:23:19PM -0800, Linus Torvalds wrote:
Explanations of interface. Code. Who uses it? What are the actual
performance benefits on real code?
You snipped out the bit in my reply where I expanded on it:
: Right. This purpose of this interface is to access the async
:
On Thu, Jan 06, 2011 at 04:46:02PM -0500, Pavel Roskin wrote:
Are there any chances AEAD will be supported? Is the API extendable to
allow that?
Yes we can support AEAD. However, as there weren't any existing
user-space users that could benefit immediately, I have not added
it at this
On 01/06/2011 04:16 PM, Herbert Xu wrote:
This is also why only hash and skcipher are supported as they
are the main algorithm types supported by teh current async
drivers in the kernel.
Are there any chances AEAD will be supported? Is the API extendable to
allow that?
If I remember
On Thu, Jan 6, 2011 at 1:39 PM, Herbert Xu herb...@gondor.hengli.com.au wrote:
On Thu, Jan 06, 2011 at 01:23:19PM -0800, Linus Torvalds wrote:
Explanations of interface. Code. Who uses it? What are the actual
performance benefits on real code?
You snipped out the bit in my reply where I
On Thu, Jan 06, 2011 at 02:13:17PM -0800, Linus Torvalds wrote:
But I'm still missing the part where you show that there is any actual
use case that makes sense, and that actually improves performance.
Maybe it's been posted somewhere else, but the thing is, you're asking
_me_ to pull, and
From: Herbert Xu herb...@gondor.apana.org.au
Date: Fri, 7 Jan 2011 09:30:42 +1100
On Thu, Jan 06, 2011 at 02:13:17PM -0800, Linus Torvalds wrote:
But I'm still missing the part where you show that there is any actual
use case that makes sense, and that actually improves performance.
Maybe
On Thu, Jan 06, 2011 at 02:43:35PM -0800, Linus Torvalds wrote:
Can you do the bypass directly to the TCP stream with the interface
you added? It isn't at all obvious how it would work.
Yes it can. The interface allows zero-copy in both directions
using the splice interface. Here is a sample
On Thursday 06 January 2011 23:46:02 Pavel Roskin wrote:
On 01/06/2011 04:16 PM, Herbert Xu wrote:
This is also why only hash and skcipher are supported as they
are the main algorithm types supported by teh current async
drivers in the kernel.
Are there any chances AEAD will be
On Thu, Jan 6, 2011 at 2:30 PM, Herbert Xu herb...@gondor.hengli.com.au wrote:
The main use-case is bulk encryption/hashing in user-space. For
example, on Sparc Niagara2 you need to use SPU (Stream Processing
Unit) in order to do crypto at 10Gb/s over the network.
Umm. But doesn't that
On Thu, Jan 6, 2011 at 2:53 PM, Herbert Xu herb...@gondor.hengli.com.au wrote:
On Thu, Jan 06, 2011 at 02:43:35PM -0800, Linus Torvalds wrote:
Can you do the bypass directly to the TCP stream with the interface
you added? It isn't at all obvious how it would work.
Yes it can. The interface
On Thu, Jan 06, 2011 at 03:25:32PM -0800, Linus Torvalds wrote:
Ok. So can we actually get numbers for this?
As you alluded to, we need real non-x86 hardware to get some
proper numbers. Unfortunately I'm currently a continent away
from my async hardware so all I can give you are software
Quoting Herbert Xu herb...@gondor.apana.org.au:
setsockopt(tfmfd, SOL_ALG, ALG_SET_KEY,
\x06\xa9\x21\x40\x36\xb8\xa1\x5b
\x51\x2e\x03\xd5\x34\x12\x00\x06, 16);
By the way, is it a good idea to use setsockopt() this way? Some keys
may be large.
From: Herbert Xu herb...@gondor.apana.org.au
Date: Fri, 7 Jan 2011 11:14:59 +1100
Anyway, here is a test program that does a set number (1024 * 1024)
of 4096-byte (total 4GB) encryptions with libssl and kernel crypto.
The result on my Core 2 (in a KVM VM FWIW) is:
lenny0:~# time
On Thu, Jan 06, 2011 at 09:39:28PM -0500, Pavel Roskin wrote:
By the way, is it a good idea to use setsockopt() this way? Some keys
may be large. And if AEAD is supported, will it use setsockopt() for
the unencrypted authenticated data?
For large keys (i.e., asymmetric key crypto) the
On Thu, Jan 06, 2011 at 06:43:02PM -0800, David Miller wrote:
da...@maramba:~$ time ./crypto_user_test /dev/null
real 0m46.586s
user 0m3.280s
sys0m43.230s
da...@maramba:~$ time ./crypto_user_test software /dev/null
real 10m40.336s
user
Hi Linus:
Here is the crypto update for 2.6.38:
* Crypto API interface for user-space (hash + skcipher)
* Fixes for new OMAP driver.
* 32-bit support in aesni-intel.
* GCM support in aesni-intel.
* Misc fixes.
Please pull from
git://git.kernel.org/pub/scm/linux/kernel/git/herbert/crypto-2.6
24 matches
Mail list logo
