2005-11-10 12:37:48

by David McCullough

[permalink] [raw]
Subject: ocf-linux-20051110 - Asynchronous Crypto support for linux


Hi all,

A new release of the ocf-linux package is up:

http://ocf-linux.sourceforge.net/

Mostly Openswan updates/cleanups and fixes in this release.

* Patch for the latest OpenSwan to utilise OCF for full IPSEC
ESP and AH processing.
* Well tested on 2.4.31 and 2.6.14 with OpenSwan.
* Simple single patch to add OCF to 2.4 or 2.6 kernels.
* Fixed broken openssl speed test (Ronen Shitrit)

Cheers,
Davidm

--
David McCullough, [email protected], Custom Embedded Solutions + Security
Ph:+61 734352815 Fx:+61 738913630 http://www.uCdot.org http://www.cyberguard.com


2005-11-29 09:51:41

by Ronen Shitrit

[permalink] [raw]
Subject: RE: ocf-linux-20051110 - Asynchronous Crypto support for linux

Hi

I want to use the OCF OpenSwan KLIPS,
I can see that the openswan patch is very big,
What exactly does this patch support:
Which encryption Alg does it support??
Which Authentication Alg does it support??
I saw that part of the patch is for the kernel and part for the user??
Is there any readme describing this patch??


Is there any working going on, for porting the OCF to the kernel IPsec??

Regards
Ronen Shitrit


-----Original Message-----
From: [email protected]
[mailto:[email protected]] On Behalf Of David
McCullough
Sent: Thursday, November 10, 2005 2:37 PM
To: [email protected]
Cc: [email protected]
Subject: ocf-linux-20051110 - Asynchronous Crypto support for linux


Hi all,

A new release of the ocf-linux package is up:

http://ocf-linux.sourceforge.net/

Mostly Openswan updates/cleanups and fixes in this release.

* Patch for the latest OpenSwan to utilise OCF for full IPSEC
ESP and AH processing.
* Well tested on 2.4.31 and 2.6.14 with OpenSwan.
* Simple single patch to add OCF to 2.4 or 2.6 kernels.
* Fixed broken openssl speed test (Ronen Shitrit)

Cheers,
Davidm

--
David McCullough, [email protected], Custom Embedded Solutions +
Security
Ph:+61 734352815 Fx:+61 738913630 http://www.uCdot.org
http://www.cyberguard.com

2006-02-01 05:24:11

by David McCullough

[permalink] [raw]
Subject: Re: ocf-linux-20051110 - Asynchronous Crypto support for linux


Jivin Ronen Shitrit lays it down ...
> Hi

Apologies, somehow I never replied to this :-(

> I want to use the OCF OpenSwan KLIPS,
> I can see that the openswan patch is very big,
> What exactly does this patch support:
> Which encryption Alg does it support??

It will accelerate anything supported by your driver configuration
in OCF. For most drivers this is DES/3DES/AES and MD5/SHA

> Which Authentication Alg does it support??

MD5/SHA

> I saw that part of the patch is for the kernel and part for the user??
> Is there any readme describing this patch??

Only whats up at http://ocf-linux.sourceforge.net/.

The current version supports KLIPS and accelerates ESP and AH.

The use part of the patch allows pluto to use crypto/IKE acceleration
through OCF as well. You can ditch the user changes completely and
still get almost all the benefits.

The kernel changes appear larger than they are, this is mainly due to
moving code around to be asynchronous. The code it self is still the
same and if you read the data packet flow it will look almost identical.

> Is there any working going on, for porting the OCF to the kernel IPsec??

Some people have mentioned playing with 26sec (netkey) and OCF but I do not
know if anyone has it completed or in a state others can play with.

I hope to start on it at some stage if no one gets there before me :-)

Cheers,
Davidm

> -----Original Message-----
> From: [email protected]
> [mailto:[email protected]] On Behalf Of David
> McCullough
> Sent: Thursday, November 10, 2005 2:37 PM
> To: [email protected]
> Cc: [email protected]
> Subject: ocf-linux-20051110 - Asynchronous Crypto support for linux
>
>
> Hi all,
>
> A new release of the ocf-linux package is up:
>
> http://ocf-linux.sourceforge.net/
>
> Mostly Openswan updates/cleanups and fixes in this release.
>
> * Patch for the latest OpenSwan to utilise OCF for full IPSEC
> ESP and AH processing.
> * Well tested on 2.4.31 and 2.6.14 with OpenSwan.
> * Simple single patch to add OCF to 2.4 or 2.6 kernels.
> * Fixed broken openssl speed test (Ronen Shitrit)
>
> Cheers,
> Davidm

--
David McCullough, [email protected], Custom Embedded Solutions + Security
Ph:+61 734352815 Fx:+61 738913630 http://www.uCdot.org http://www.cyberguard.com