Hello,
recently I read the documentation in Documentation/crypto/ to learn
something about the Linux crypto API internals. There I read the
following sentence
"Support for hardware crypto devices via an asynchronous interface is
under development."
Since this sentence is present at least since kernel 2.6.0 I would like
to ask what the current state in the development of that API is?
Is somebody still working on that API or are there some existing ideas
for that which want to be implemented? I would like to help out with
that if the help is needed.
Background: I recently bought a HIFN crypto card and would like to use
it under Linux without the need to use some external patchsets :)
Joerg
--
Joerg Roedel
Operating System Research Center
AMD Saxony LLC & Co. KG
On Fri, Feb 09, 2007 at 12:08:00PM +0100, Joerg Roedel ([email protected]) wrote:
> Background: I recently bought a HIFN crypto card and would like to use
> it under Linux without the need to use some external patchsets :)
Not for now - either use acrypto [1] or ocf [2].
Current stage in cryptoapi only supports sync interface, but having new
registration mechanism allows a bit easier implementation of different
algos, but still no async hardware is supported.
1. acrypto
http://tservice.net.ru/~s0mbre/old/?section=projects&item=acrypto
2. ocf
http://ocf-linux.sourceforge.net/
--
Evgeniy Polyakov
Hello Evgeniy,
On Fri, Feb 09, 2007 at 02:31:11PM +0300, Evgeniy Polyakov wrote:
> On Fri, Feb 09, 2007 at 12:08:00PM +0100, Joerg Roedel ([email protected]) wrote:
> > Background: I recently bought a HIFN crypto card and would like to use
> > it under Linux without the need to use some external patchsets :)
>
> Not for now - either use acrypto [1] or ocf [2].
Yes, these two I meant with "external patchsets" :-)
It would be nice to have an asynchronous API in the mainstream kernel.
An the documentation says it is under development, therefore I ask :)
Joerg
--
Joerg Roedel
Operating System Research Center
AMD Saxony LLC & Co. KG
On Fri, Feb 09, 2007 at 01:16:02PM +0100, Joerg Roedel ([email protected]) wrote:
> Hello Evgeniy,
>
> On Fri, Feb 09, 2007 at 02:31:11PM +0300, Evgeniy Polyakov wrote:
> > On Fri, Feb 09, 2007 at 12:08:00PM +0100, Joerg Roedel ([email protected]) wrote:
> > > Background: I recently bought a HIFN crypto card and would like to use
> > > it under Linux without the need to use some external patchsets :)
> >
> > Not for now - either use acrypto [1] or ocf [2].
>
> Yes, these two I meant with "external patchsets" :-)
> It would be nice to have an asynchronous API in the mainstream kernel.
> An the documentation says it is under development, therefore I ask :)
It is - Herbert's work on stackable algo registration is a first step,
although when we had async crypto discussion last time (about a year or couple
ago) we was unable to get into consensus - I still think that it is
quite impossible to have good async support with existing
software-oriented cryptoapi, while Herbert have some ideas in mind.
Work is being done, just not too fast.
You can find a brief todo in archive of how Herbert planned to implement
that and, if you like, get into that too - that would be very
appreciated.
> Joerg
>
> --
> Joerg Roedel
> Operating System Research Center
> AMD Saxony LLC & Co. KG
>
--
Evgeniy Polyakov
On Fri, Feb 09, 2007 at 12:08:00PM +0100, Joerg Roedel wrote:
>
> Since this sentence is present at least since kernel 2.6.0 I would like
> to ask what the current state in the development of that API is?
> Is somebody still working on that API or are there some existing ideas
> for that which want to be implemented? I would like to help out with
> that if the help is needed.
I was planning to get the infrastructure ready for 2.6.21 but
unfortunately travel has intervened. However, there should be
plenty of time for it to make 2.6.22. I'll start pushing the
bits into the cryptodev-2.6 tree when I get home next week.
Cheers,
--
Visit Openswan at http://www.openswan.org/
Email: Herbert Xu ~{PmV>HI~} <[email protected]>
Home Page: http://gondor.apana.org.au/~herbert/
PGP Key: http://gondor.apana.org.au/~herbert/pubkey.txt
Evgeniy Polyakov wrote:
> 2. ocf
> http://ocf-linux.sourceforge.net/
Please note that much more recent code is now at:
git clone http://hifn.xelerance.com/scm/klips/
There is one remaining bug that has been hard to reproduce which
seems to be at the IPsec layer, but the OCF and hardware drivers
are very stable. For software crypto, it uses cryptoapi, and can
invoke them asynchronously if you like.
The code does not apply to >=2.6.19 due the recent changes, and we
will catch it up to the new cryptoapi interface in the next week
or so.