Hi ,
I want to interact with Crypto Hardware from user space using openssl
like libraries based applications through cryptodev-linux interface.
it looks like openssl comes with cryptodev-linux support(through
eng_cryptodev.c) .
When I downloaded openssl,eng_cryptodev.c file is available by default.
below link refers about eng_cryptodev.c for openssl support :
http://repo.or.cz/w/cryptodev-linux.git/commitdiff/56cc4e3b8b761cb34f928f4eee59755d1f0afc53
Note:looks like there are some additional changes done on
eng_cryptodev.c file available in updated openssl source code.
There seems to be some changes/patches also available recently for
cryptodev-linux,below contains reference information.
http://rt.openssl.org/Ticket/Display.html?id=2770&user=guest&pass=guest
Please let me know if my understanding is incorrect .
BR,
Srisowj
Am Samstag, 21. Februar 2015, 01:27:04 schrieb sri sowj:
Hi sri,
> Hi ,
>
> I want to interact with Crypto Hardware from user space using openssl
> like libraries based applications through cryptodev-linux interface.
>
> it looks like openssl comes with cryptodev-linux support(through
> eng_cryptodev.c) .
> When I downloaded openssl,eng_cryptodev.c file is available by default.
>
> below link refers about eng_cryptodev.c for openssl support :
>
> http://repo.or.cz/w/cryptodev-linux.git/commitdiff/56cc4e3b8b761cb34f928f4ee
> e59755d1f0afc53
>
> Note:looks like there are some additional changes done on
> eng_cryptodev.c file available in updated openssl source code.
>
> There seems to be some changes/patches also available recently for
> cryptodev-linux,below contains reference information.
>
> http://rt.openssl.org/Ticket/Display.html?id=2770&user=guest&pass=guest
>
>
> Please let me know if my understanding is incorrect .
See AF_ALG and a generic user space library around it:
http://www.chronox.de/libkcapi.html
>
>
> BR,
> Srisowj
> --
> To unsubscribe from this list: send the line "unsubscribe linux-crypto" in
> the body of a message to [email protected]
> More majordomo info at http://vger.kernel.org/majordomo-info.html
--
Ciao
Stephan
Hi Stephen,
Thank you very much for the information provided.
I will try to explore more on AF_ALG , in between please can you also
provide information regarding below ?
#1: how openssl communicates to crypto h/w using PF_ALG
#2: How man algorithms are supported?
#3: are there any samples to get start with.
but if you can provide some info regarding cryptodev-linux from the
openssl prospect it will be more helpful.
BR,
Srisowj
On Sat, Feb 21, 2015 at 2:28 AM, Stephan Mueller <[email protected]> wrote:
> Am Samstag, 21. Februar 2015, 01:27:04 schrieb sri sowj:
>
> Hi sri,
>
>> Hi ,
>>
>> I want to interact with Crypto Hardware from user space using openssl
>> like libraries based applications through cryptodev-linux interface.
>>
>> it looks like openssl comes with cryptodev-linux support(through
>> eng_cryptodev.c) .
>> When I downloaded openssl,eng_cryptodev.c file is available by default.
>>
>> below link refers about eng_cryptodev.c for openssl support :
>>
>> http://repo.or.cz/w/cryptodev-linux.git/commitdiff/56cc4e3b8b761cb34f928f4ee
>> e59755d1f0afc53
>>
>> Note:looks like there are some additional changes done on
>> eng_cryptodev.c file available in updated openssl source code.
>>
>> There seems to be some changes/patches also available recently for
>> cryptodev-linux,below contains reference information.
>>
>> http://rt.openssl.org/Ticket/Display.html?id=2770&user=guest&pass=guest
>>
>>
>> Please let me know if my understanding is incorrect .
>
> See AF_ALG and a generic user space library around it:
>
> http://www.chronox.de/libkcapi.html
>>
>>
>> BR,
>> Srisowj
>> --
>> To unsubscribe from this list: send the line "unsubscribe linux-crypto" in
>> the body of a message to [email protected]
>> More majordomo info at http://vger.kernel.org/majordomo-info.html
>
>
> --
> Ciao
> Stephan
Am Samstag, 21. Februar 2015, 08:39:05 schrieb sri sowj:
Hi sri,
> Hi Stephen,
>
> Thank you very much for the information provided.
>
> I will try to explore more on AF_ALG , in between please can you also
> provide information regarding below ?
> #1: how openssl communicates to crypto h/w using PF_ALG
Search the net, there is an engine available
> #2: How man algorithms are supported?
All that the kernel crypto API supports
> #3: are there any samples to get start with.
Maybe you look into libkcapi -- there are plenty of examples.
>
> but if you can provide some info regarding cryptodev-linux from the
> openssl prospect it will be more helpful.
cryptodev-linux is not merged into the kernel and it looks that it never will
considering the presence of AF_ALG
>
>
> BR,
> Srisowj
>
> On Sat, Feb 21, 2015 at 2:28 AM, Stephan Mueller <[email protected]>
wrote:
> > Am Samstag, 21. Februar 2015, 01:27:04 schrieb sri sowj:
> >
> > Hi sri,
> >
> >> Hi ,
> >>
> >> I want to interact with Crypto Hardware from user space using openssl
> >> like libraries based applications through cryptodev-linux interface.
> >>
> >> it looks like openssl comes with cryptodev-linux support(through
> >> eng_cryptodev.c) .
> >> When I downloaded openssl,eng_cryptodev.c file is available by default.
> >>
> >> below link refers about eng_cryptodev.c for openssl support :
> >>
> >> http://repo.or.cz/w/cryptodev-linux.git/commitdiff/56cc4e3b8b761cb34f928f
> >> 4ee e59755d1f0afc53
> >>
> >> Note:looks like there are some additional changes done on
> >> eng_cryptodev.c file available in updated openssl source code.
> >>
> >> There seems to be some changes/patches also available recently for
> >> cryptodev-linux,below contains reference information.
> >>
> >> http://rt.openssl.org/Ticket/Display.html?id=2770&user=guest&pass=guest
> >>
> >>
> >> Please let me know if my understanding is incorrect .
> >
> > See AF_ALG and a generic user space library around it:
> >
> > http://www.chronox.de/libkcapi.html
> >
> >> BR,
> >> Srisowj
> >> --
> >> To unsubscribe from this list: send the line "unsubscribe linux-crypto"
> >> in
> >> the body of a message to [email protected]
> >> More majordomo info at http://vger.kernel.org/majordomo-info.html
> >
> > --
> > Ciao
> > Stephan
>
> --
> To unsubscribe from this list: send the line "unsubscribe linux-crypto" in
> the body of a message to [email protected]
> More majordomo info at http://vger.kernel.org/majordomo-info.html
--
Ciao
Stephan
Hi Stephen,
It was a great information with respective PF_ALG , I have explored a
bit on openssl and algorithms prospect , Please let me know if
anything to add to it.
openssl crypto engine:
below are the steps to enable openssl to communicate using pf/af_alg.
#1:git clone http://src.carnivore.it/users/common/af_alg/
#2:cd af_alg/
#3:make
#4:sudo cp libaf_alg.so /usr/lib/arm-linux-gnueabi/openssl-1.0.0/engines/
#5:sudo chmod 644 /usr/lib/arm-linux-gnueabi/openssl-1.0.0/engines/libaf_alg.so
Algorithms supported by pf/af_alg from user space to test:
CIPHERS=aes-128-cbc aes-192-cbc aes-256-cbc des-cbc des-ede3-cbc
DIGESTS=md4 md5 sha1 sha224 sha256 sha512
Next step is ,I would like to see the support available to write and
test more and more samples/test utilities between PF/AF_ALG and
cryptodev .
BR,
SriSowj
On Sat, Feb 21, 2015 at 12:31 PM, Stephan Mueller <[email protected]> wrote:
> Am Samstag, 21. Februar 2015, 08:39:05 schrieb sri sowj:
>
> Hi sri,
>
>> Hi Stephen,
>>
>> Thank you very much for the information provided.
>>
>> I will try to explore more on AF_ALG , in between please can you also
>> provide information regarding below ?
>> #1: how openssl communicates to crypto h/w using PF_ALG
>
> Search the net, there is an engine available
>
>> #2: How man algorithms are supported?
>
> All that the kernel crypto API supports
>
>> #3: are there any samples to get start with.
>
> Maybe you look into libkcapi -- there are plenty of examples.
>>
>> but if you can provide some info regarding cryptodev-linux from the
>> openssl prospect it will be more helpful.
>
> cryptodev-linux is not merged into the kernel and it looks that it never will
> considering the presence of AF_ALG
>>
>>
>> BR,
>> Srisowj
>>
>> On Sat, Feb 21, 2015 at 2:28 AM, Stephan Mueller <[email protected]>
> wrote:
>> > Am Samstag, 21. Februar 2015, 01:27:04 schrieb sri sowj:
>> >
>> > Hi sri,
>> >
>> >> Hi ,
>> >>
>> >> I want to interact with Crypto Hardware from user space using openssl
>> >> like libraries based applications through cryptodev-linux interface.
>> >>
>> >> it looks like openssl comes with cryptodev-linux support(through
>> >> eng_cryptodev.c) .
>> >> When I downloaded openssl,eng_cryptodev.c file is available by default.
>> >>
>> >> below link refers about eng_cryptodev.c for openssl support :
>> >>
>> >> http://repo.or.cz/w/cryptodev-linux.git/commitdiff/56cc4e3b8b761cb34f928f
>> >> 4ee e59755d1f0afc53
>> >>
>> >> Note:looks like there are some additional changes done on
>> >> eng_cryptodev.c file available in updated openssl source code.
>> >>
>> >> There seems to be some changes/patches also available recently for
>> >> cryptodev-linux,below contains reference information.
>> >>
>> >> http://rt.openssl.org/Ticket/Display.html?id=2770&user=guest&pass=guest
>> >>
>> >>
>> >> Please let me know if my understanding is incorrect .
>> >
>> > See AF_ALG and a generic user space library around it:
>> >
>> > http://www.chronox.de/libkcapi.html
>> >
>> >> BR,
>> >> Srisowj
>> >> --
>> >> To unsubscribe from this list: send the line "unsubscribe linux-crypto"
>> >> in
>> >> the body of a message to [email protected]
>> >> More majordomo info at http://vger.kernel.org/majordomo-info.html
>> >
>> > --
>> > Ciao
>> > Stephan
>>
>> --
>> To unsubscribe from this list: send the line "unsubscribe linux-crypto" in
>> the body of a message to [email protected]
>> More majordomo info at http://vger.kernel.org/majordomo-info.html
>
>
> --
> Ciao
> Stephan
Am Sonntag, 22. Februar 2015, 18:32:34 schrieb sri sowj:
Hi sri,
> Hi Stephen,
>
> It was a great information with respective PF_ALG , I have explored a
> bit on openssl and algorithms prospect , Please let me know if
> anything to add to it.
>
> openssl crypto engine:
>
> below are the steps to enable openssl to communicate using pf/af_alg.
>
> #1:git clone http://src.carnivore.it/users/common/af_alg/
Yes, that is it. But it is not fully efficient as it does not use vmsplice
where appropriate. So, libkcapi should be faster in several use cases.
> #2:cd af_alg/
> #3:make
> #4:sudo cp libaf_alg.so /usr/lib/arm-linux-gnueabi/openssl-1.0.0/engines/
> #5:sudo chmod 644
> /usr/lib/arm-linux-gnueabi/openssl-1.0.0/engines/libaf_alg.so
>
>
> Algorithms supported by pf/af_alg from user space to test:
>
> CIPHERS=aes-128-cbc aes-192-cbc aes-256-cbc des-cbc des-ede3-cbc
> DIGESTS=md4 md5 sha1 sha224 sha256 sha512
>
>
> Next step is ,I would like to see the support available to write and
> test more and more samples/test utilities between PF/AF_ALG and
> cryptodev .
>
> BR,
> SriSowj
>
> On Sat, Feb 21, 2015 at 12:31 PM, Stephan Mueller <[email protected]>
wrote:
> > Am Samstag, 21. Februar 2015, 08:39:05 schrieb sri sowj:
> >
> > Hi sri,
> >
> >> Hi Stephen,
> >>
> >> Thank you very much for the information provided.
> >>
> >> I will try to explore more on AF_ALG , in between please can you also
> >> provide information regarding below ?
> >> #1: how openssl communicates to crypto h/w using PF_ALG
> >
> > Search the net, there is an engine available
> >
> >> #2: How man algorithms are supported?
> >
> > All that the kernel crypto API supports
> >
> >> #3: are there any samples to get start with.
> >
> > Maybe you look into libkcapi -- there are plenty of examples.
> >
> >> but if you can provide some info regarding cryptodev-linux from the
> >> openssl prospect it will be more helpful.
> >
> > cryptodev-linux is not merged into the kernel and it looks that it never
> > will considering the presence of AF_ALG
> >
> >> BR,
> >> Srisowj
> >>
> >> On Sat, Feb 21, 2015 at 2:28 AM, Stephan Mueller <[email protected]>
> >
> > wrote:
> >> > Am Samstag, 21. Februar 2015, 01:27:04 schrieb sri sowj:
> >> >
> >> > Hi sri,
> >> >
> >> >> Hi ,
> >> >>
> >> >> I want to interact with Crypto Hardware from user space using openssl
> >> >> like libraries based applications through cryptodev-linux interface.
> >> >>
> >> >> it looks like openssl comes with cryptodev-linux support(through
> >> >> eng_cryptodev.c) .
> >> >> When I downloaded openssl,eng_cryptodev.c file is available by
> >> >> default.
> >> >>
> >> >> below link refers about eng_cryptodev.c for openssl support :
> >> >>
> >> >> http://repo.or.cz/w/cryptodev-linux.git/commitdiff/56cc4e3b8b761cb34f9
> >> >> 28f
> >> >> 4ee e59755d1f0afc53
> >> >>
> >> >> Note:looks like there are some additional changes done on
> >> >> eng_cryptodev.c file available in updated openssl source code.
> >> >>
> >> >> There seems to be some changes/patches also available recently for
> >> >> cryptodev-linux,below contains reference information.
> >> >>
> >> >> http://rt.openssl.org/Ticket/Display.html?id=2770&user=guest&pass=gues
> >> >> t
> >> >>
> >> >>
> >> >> Please let me know if my understanding is incorrect .
> >> >
> >> > See AF_ALG and a generic user space library around it:
> >> >
> >> > http://www.chronox.de/libkcapi.html
> >> >
> >> >> BR,
> >> >> Srisowj
> >> >> --
> >> >> To unsubscribe from this list: send the line "unsubscribe
> >> >> linux-crypto"
> >> >> in
> >> >> the body of a message to [email protected]
> >> >> More majordomo info at http://vger.kernel.org/majordomo-info.html
> >> >
> >> > --
> >> > Ciao
> >> > Stephan
> >>
> >> --
> >> To unsubscribe from this list: send the line "unsubscribe linux-crypto"
> >> in
> >> the body of a message to [email protected]
> >> More majordomo info at http://vger.kernel.org/majordomo-info.html
> >
> > --
> > Ciao
> > Stephan
--
Ciao
Stephan
Hi Stephen,
Thank you very much for your time and information. I really appreciate
your time and efforts.
I am little confused here , is "libkcpi" is alternative to other
method(#1 to #5 for libaf_alg.so ) I mentioned?
if yes then how does libkcpi handles with openssl engine ?
please can you also help me to explore like "libkcapi" or the other
method(#1 to #5 for libaf_alg.so ) is more active in open source
community
BR,
Srisowj
On Sun, Feb 22, 2015 at 8:34 PM, Stephan Mueller <[email protected]> wrote:
> Am Sonntag, 22. Februar 2015, 18:32:34 schrieb sri sowj:
>
> Hi sri,
>
>> Hi Stephen,
>>
>> It was a great information with respective PF_ALG , I have explored a
>> bit on openssl and algorithms prospect , Please let me know if
>> anything to add to it.
>>
>> openssl crypto engine:
>>
>> below are the steps to enable openssl to communicate using pf/af_alg.
>>
>> #1:git clone http://src.carnivore.it/users/common/af_alg/
>
> Yes, that is it. But it is not fully efficient as it does not use vmsplice
> where appropriate. So, libkcapi should be faster in several use cases.
>
>> #2:cd af_alg/
>> #3:make
>> #4:sudo cp libaf_alg.so /usr/lib/arm-linux-gnueabi/openssl-1.0.0/engines/
>> #5:sudo chmod 644
>> /usr/lib/arm-linux-gnueabi/openssl-1.0.0/engines/libaf_alg.so
>>
>>
>> Algorithms supported by pf/af_alg from user space to test:
>>
>> CIPHERS=aes-128-cbc aes-192-cbc aes-256-cbc des-cbc des-ede3-cbc
>> DIGESTS=md4 md5 sha1 sha224 sha256 sha512
>>
>>
>> Next step is ,I would like to see the support available to write and
>> test more and more samples/test utilities between PF/AF_ALG and
>> cryptodev .
>>
>> BR,
>> SriSowj
>>
>> On Sat, Feb 21, 2015 at 12:31 PM, Stephan Mueller <[email protected]>
> wrote:
>> > Am Samstag, 21. Februar 2015, 08:39:05 schrieb sri sowj:
>> >
>> > Hi sri,
>> >
>> >> Hi Stephen,
>> >>
>> >> Thank you very much for the information provided.
>> >>
>> >> I will try to explore more on AF_ALG , in between please can you also
>> >> provide information regarding below ?
>> >> #1: how openssl communicates to crypto h/w using PF_ALG
>> >
>> > Search the net, there is an engine available
>> >
>> >> #2: How man algorithms are supported?
>> >
>> > All that the kernel crypto API supports
>> >
>> >> #3: are there any samples to get start with.
>> >
>> > Maybe you look into libkcapi -- there are plenty of examples.
>> >
>> >> but if you can provide some info regarding cryptodev-linux from the
>> >> openssl prospect it will be more helpful.
>> >
>> > cryptodev-linux is not merged into the kernel and it looks that it never
>> > will considering the presence of AF_ALG
>> >
>> >> BR,
>> >> Srisowj
>> >>
>> >> On Sat, Feb 21, 2015 at 2:28 AM, Stephan Mueller <[email protected]>
>> >
>> > wrote:
>> >> > Am Samstag, 21. Februar 2015, 01:27:04 schrieb sri sowj:
>> >> >
>> >> > Hi sri,
>> >> >
>> >> >> Hi ,
>> >> >>
>> >> >> I want to interact with Crypto Hardware from user space using openssl
>> >> >> like libraries based applications through cryptodev-linux interface.
>> >> >>
>> >> >> it looks like openssl comes with cryptodev-linux support(through
>> >> >> eng_cryptodev.c) .
>> >> >> When I downloaded openssl,eng_cryptodev.c file is available by
>> >> >> default.
>> >> >>
>> >> >> below link refers about eng_cryptodev.c for openssl support :
>> >> >>
>> >> >> http://repo.or.cz/w/cryptodev-linux.git/commitdiff/56cc4e3b8b761cb34f9
>> >> >> 28f
>> >> >> 4ee e59755d1f0afc53
>> >> >>
>> >> >> Note:looks like there are some additional changes done on
>> >> >> eng_cryptodev.c file available in updated openssl source code.
>> >> >>
>> >> >> There seems to be some changes/patches also available recently for
>> >> >> cryptodev-linux,below contains reference information.
>> >> >>
>> >> >> http://rt.openssl.org/Ticket/Display.html?id=2770&user=guest&pass=gues
>> >> >> t
>> >> >>
>> >> >>
>> >> >> Please let me know if my understanding is incorrect .
>> >> >
>> >> > See AF_ALG and a generic user space library around it:
>> >> >
>> >> > http://www.chronox.de/libkcapi.html
>> >> >
>> >> >> BR,
>> >> >> Srisowj
>> >> >> --
>> >> >> To unsubscribe from this list: send the line "unsubscribe
>> >> >> linux-crypto"
>> >> >> in
>> >> >> the body of a message to [email protected]
>> >> >> More majordomo info at http://vger.kernel.org/majordomo-info.html
>> >> >
>> >> > --
>> >> > Ciao
>> >> > Stephan
>> >>
>> >> --
>> >> To unsubscribe from this list: send the line "unsubscribe linux-crypto"
>> >> in
>> >> the body of a message to [email protected]
>> >> More majordomo info at http://vger.kernel.org/majordomo-info.html
>> >
>> > --
>> > Ciao
>> > Stephan
>
>
> --
> Ciao
> Stephan
Am Sonntag, 22. Februar 2015, 21:11:13 schrieb sri sowj:
Hi sri,
> Hi Stephen,
>
> Thank you very much for your time and information. I really appreciate
> your time and efforts.
>
> I am little confused here , is "libkcpi" is alternative to other
> method(#1 to #5 for libaf_alg.so ) I mentioned?
> if yes then how does libkcpi handles with openssl engine ?
libkcapi is just a generic crypto lib and has no OpenSSL engine. However,
either the existing engine can be easily converted to use libkcapi or you port
the vmsplice support to the engine code.
>
> please can you also help me to explore like "libkcapi" or the other
> method(#1 to #5 for libaf_alg.so ) is more active in open source
> community
>
> BR,
> Srisowj
>
> On Sun, Feb 22, 2015 at 8:34 PM, Stephan Mueller <[email protected]>
wrote:
> > Am Sonntag, 22. Februar 2015, 18:32:34 schrieb sri sowj:
> >
> > Hi sri,
> >
> >> Hi Stephen,
> >>
> >> It was a great information with respective PF_ALG , I have explored a
> >> bit on openssl and algorithms prospect , Please let me know if
> >> anything to add to it.
> >>
> >> openssl crypto engine:
> >>
> >> below are the steps to enable openssl to communicate using pf/af_alg.
> >>
> >> #1:git clone http://src.carnivore.it/users/common/af_alg/
> >
> > Yes, that is it. But it is not fully efficient as it does not use vmsplice
> > where appropriate. So, libkcapi should be faster in several use cases.
> >
> >> #2:cd af_alg/
> >> #3:make
> >> #4:sudo cp libaf_alg.so /usr/lib/arm-linux-gnueabi/openssl-1.0.0/engines/
> >> #5:sudo chmod 644
> >> /usr/lib/arm-linux-gnueabi/openssl-1.0.0/engines/libaf_alg.so
> >>
> >>
> >> Algorithms supported by pf/af_alg from user space to test:
> >>
> >> CIPHERS=aes-128-cbc aes-192-cbc aes-256-cbc des-cbc des-ede3-cbc
> >> DIGESTS=md4 md5 sha1 sha224 sha256 sha512
> >>
> >>
> >> Next step is ,I would like to see the support available to write and
> >> test more and more samples/test utilities between PF/AF_ALG and
> >> cryptodev .
> >>
> >> BR,
> >> SriSowj
> >>
> >> On Sat, Feb 21, 2015 at 12:31 PM, Stephan Mueller <[email protected]>
> >
> > wrote:
> >> > Am Samstag, 21. Februar 2015, 08:39:05 schrieb sri sowj:
> >> >
> >> > Hi sri,
> >> >
> >> >> Hi Stephen,
> >> >>
> >> >> Thank you very much for the information provided.
> >> >>
> >> >> I will try to explore more on AF_ALG , in between please can you also
> >> >> provide information regarding below ?
> >> >> #1: how openssl communicates to crypto h/w using PF_ALG
> >> >
> >> > Search the net, there is an engine available
> >> >
> >> >> #2: How man algorithms are supported?
> >> >
> >> > All that the kernel crypto API supports
> >> >
> >> >> #3: are there any samples to get start with.
> >> >
> >> > Maybe you look into libkcapi -- there are plenty of examples.
> >> >
> >> >> but if you can provide some info regarding cryptodev-linux from the
> >> >> openssl prospect it will be more helpful.
> >> >
> >> > cryptodev-linux is not merged into the kernel and it looks that it
> >> > never
> >> > will considering the presence of AF_ALG
> >> >
> >> >> BR,
> >> >> Srisowj
> >> >>
> >> >> On Sat, Feb 21, 2015 at 2:28 AM, Stephan Mueller <[email protected]>
> >> >
> >> > wrote:
> >> >> > Am Samstag, 21. Februar 2015, 01:27:04 schrieb sri sowj:
> >> >> >
> >> >> > Hi sri,
> >> >> >
> >> >> >> Hi ,
> >> >> >>
> >> >> >> I want to interact with Crypto Hardware from user space using
> >> >> >> openssl
> >> >> >> like libraries based applications through cryptodev-linux
> >> >> >> interface.
> >> >> >>
> >> >> >> it looks like openssl comes with cryptodev-linux support(through
> >> >> >> eng_cryptodev.c) .
> >> >> >> When I downloaded openssl,eng_cryptodev.c file is available by
> >> >> >> default.
> >> >> >>
> >> >> >> below link refers about eng_cryptodev.c for openssl support :
> >> >> >>
> >> >> >> http://repo.or.cz/w/cryptodev-linux.git/commitdiff/56cc4e3b8b761cb3
> >> >> >> 4f9
> >> >> >> 28f
> >> >> >> 4ee e59755d1f0afc53
> >> >> >>
> >> >> >> Note:looks like there are some additional changes done on
> >> >> >> eng_cryptodev.c file available in updated openssl source code.
> >> >> >>
> >> >> >> There seems to be some changes/patches also available recently for
> >> >> >> cryptodev-linux,below contains reference information.
> >> >> >>
> >> >> >> http://rt.openssl.org/Ticket/Display.html?id=2770&user=guest&pass=g
> >> >> >> ues
> >> >> >> t
> >> >> >>
> >> >> >>
> >> >> >> Please let me know if my understanding is incorrect .
> >> >> >
> >> >> > See AF_ALG and a generic user space library around it:
> >> >> >
> >> >> > http://www.chronox.de/libkcapi.html
> >> >> >
> >> >> >> BR,
> >> >> >> Srisowj
> >> >> >> --
> >> >> >> To unsubscribe from this list: send the line "unsubscribe
> >> >> >> linux-crypto"
> >> >> >> in
> >> >> >> the body of a message to [email protected]
> >> >> >> More majordomo info at http://vger.kernel.org/majordomo-info.html
> >> >> >
> >> >> > --
> >> >> > Ciao
> >> >> > Stephan
> >> >>
> >> >> --
> >> >> To unsubscribe from this list: send the line "unsubscribe
> >> >> linux-crypto"
> >> >> in
> >> >> the body of a message to [email protected]
> >> >> More majordomo info at http://vger.kernel.org/majordomo-info.html
> >> >
> >> > --
> >> > Ciao
> >> > Stephan
> >
> > --
> > Ciao
> > Stephan
>
> --
> To unsubscribe from this list: send the line "unsubscribe linux-crypto" in
> the body of a message to [email protected]
> More majordomo info at http://vger.kernel.org/majordomo-info.html
--
Ciao
Stephan
On Sun, 2015-02-22 at 16:04 +0100, Stephan Mueller wrote:
> Am Sonntag, 22. Februar 2015, 18:32:34 schrieb sri sowj:
>
> Hi sri,
>
> > Hi Stephen,
> >
> > It was a great information with respective PF_ALG , I have explored a
> > bit on openssl and algorithms prospect , Please let me know if
> > anything to add to it.
> >
> > openssl crypto engine:
> >
> > below are the steps to enable openssl to communicate using pf/af_alg.
> >
> > #1:git clone http://src.carnivore.it/users/common/af_alg/
> Yes, that is it. But it is not fully efficient as it does not use vmsplice
> where appropriate. So, libkcapi should be faster in several use cases.
When would vmsplice be appropriate? As far as I understand vmsplice adds
a cost on operations for small data, which is the majority of use cases
in crypto. In the measurements I did for cryptodev-linux [0] vmsplice
did improve performance only for more than 64k packets which is never
the case with real world crypto (TLS has a maximum of 14k for example).
regards,
Nikos
[0]. http://cryptodev-linux.org/comparison.html
Hi Nikos,
Please can you let me know my understanding regarding openssl and
crypto are correct?
I have mentioned my understanding in my earlier posts,but let me
mention it here again.
I want to interact with Crypto Hardware from user space using openssl
like libraries based applications through cryptodev-linux interface.
it looks like openssl comes with cryptodev-linux support(through
eng_cryptodev.c) .
When I downloaded openssl,eng_cryptodev.c file is available by default.
below link refers about eng_cryptodev.c for openssl support :
http://repo.or.cz/w/cryptodev-linux.git/commitdiff/56cc4e3b8b761cb34f928f4eee59755d1f0afc53
Note:looks like there are some additional changes done on
eng_cryptodev.c file available in updated openssl source code.
There seems to be some changes/patches also available recently for
cryptodev-linux,below contains reference information.
http://rt.openssl.org/Ticket/Display.html?id=2770&user=guest&pass=guest
Please let me know if my understanding is incorrect .
one more thing while compiling openssl with above mentioned changes I
faced compilation issues in linux ,Please can you also let me know
whether there are per-requisites like any dependent libraries or
installing cryptodev-linux on host/target machine before compiling
openssl etc?
BR,
Srisowj
On Mon, Feb 23, 2015 at 2:56 AM, Nikos Mavrogiannopoulos
<[email protected]> wrote:
> On Sun, 2015-02-22 at 16:04 +0100, Stephan Mueller wrote:
>> Am Sonntag, 22. Februar 2015, 18:32:34 schrieb sri sowj:
>>
>> Hi sri,
>>
>> > Hi Stephen,
>> >
>> > It was a great information with respective PF_ALG , I have explored a
>> > bit on openssl and algorithms prospect , Please let me know if
>> > anything to add to it.
>> >
>> > openssl crypto engine:
>> >
>> > below are the steps to enable openssl to communicate using pf/af_alg.
>> >
>> > #1:git clone http://src.carnivore.it/users/common/af_alg/
>> Yes, that is it. But it is not fully efficient as it does not use vmsplice
>> where appropriate. So, libkcapi should be faster in several use cases.
>
> When would vmsplice be appropriate? As far as I understand vmsplice adds
> a cost on operations for small data, which is the majority of use cases
> in crypto. In the measurements I did for cryptodev-linux [0] vmsplice
> did improve performance only for more than 64k packets which is never
> the case with real world crypto (TLS has a maximum of 14k for example).
>
> regards,
> Nikos
>
> [0]. http://cryptodev-linux.org/comparison.html
>
>
> --
> To unsubscribe from this list: send the line "unsubscribe linux-crypto" in
> the body of a message to [email protected]
> More majordomo info at http://vger.kernel.org/majordomo-info.html
Am Sonntag, 22. Februar 2015, 22:26:32 schrieb Nikos Mavrogiannopoulos:
Hi Nikos,
> On Sun, 2015-02-22 at 16:04 +0100, Stephan Mueller wrote:
> > Am Sonntag, 22. Februar 2015, 18:32:34 schrieb sri sowj:
> >
> > Hi sri,
> >
> > > Hi Stephen,
> > >
> > > It was a great information with respective PF_ALG , I have explored a
> > > bit on openssl and algorithms prospect , Please let me know if
> > > anything to add to it.
> > >
> > > openssl crypto engine:
> > >
> > > below are the steps to enable openssl to communicate using pf/af_alg.
> > >
> > > #1:git clone http://src.carnivore.it/users/common/af_alg/
> >
> > Yes, that is it. But it is not fully efficient as it does not use vmsplice
> > where appropriate. So, libkcapi should be faster in several use cases.
>
> When would vmsplice be appropriate? As far as I understand vmsplice adds
> a cost on operations for small data, which is the majority of use cases
> in crypto. In the measurements I did for cryptodev-linux [0] vmsplice
> did improve performance only for more than 64k packets which is never
> the case with real world crypto (TLS has a maximum of 14k for example).
According to my measurements, I have the following heuristic for symmetric
ciphers: if the ciphertext is less than 1<<13, then use one sendmsg call.
Otherwise use vmsplice.
For AEAD, my library uses 3 IOVecs which means that sendmsg is faster in any
case (the overhead for setting up 3 IOVecs in kernel space for vmsplice is
higher than sendmsg copy).
For hashes, I yet have to make the measurements.
>
> regards,
> Nikos
>
> [0]. http://cryptodev-linux.org/comparison.html
>
>
> --
> To unsubscribe from this list: send the line "unsubscribe linux-crypto" in
> the body of a message to [email protected]
> More majordomo info at http://vger.kernel.org/majordomo-info.html
--
Ciao
Stephan
Am Montag, 23. Februar 2015, 09:36:22 schrieb sri sowj:
Hi sri,
> Hi Nikos,
>
> Please can you let me know my understanding regarding openssl and
> crypto are correct?
> I have mentioned my understanding in my earlier posts,but let me
> mention it here again.
>
> I want to interact with Crypto Hardware from user space using openssl
> like libraries based applications through cryptodev-linux interface.
>
> it looks like openssl comes with cryptodev-linux support(through
> eng_cryptodev.c) .
> When I downloaded openssl,eng_cryptodev.c file is available by default.
>
> below link refers about eng_cryptodev.c for openssl support :
>
> http://repo.or.cz/w/cryptodev-linux.git/commitdiff/56cc4e3b8b761cb34f928f4ee
> e59755d1f0afc53
>
> Note:looks like there are some additional changes done on
> eng_cryptodev.c file available in updated openssl source code.
>
> There seems to be some changes/patches also available recently for
> cryptodev-linux,below contains reference information.
>
> http://rt.openssl.org/Ticket/Display.html?id=2770&user=guest&pass=guest
>
>
> Please let me know if my understanding is incorrect .
>
> one more thing while compiling openssl with above mentioned changes I
> faced compilation issues in linux ,Please can you also let me know
> whether there are per-requisites like any dependent libraries or
> installing cryptodev-linux on host/target machine before compiling
> openssl etc?
Per default, you lack the kernel side support (there is no /dev/crypto) unless
you patch your kernel. Thus, that cryptodev support in OpenSSL is not used on
default kernels.
>
> BR,
> Srisowj
>
>
> On Mon, Feb 23, 2015 at 2:56 AM, Nikos Mavrogiannopoulos
>
> <[email protected]> wrote:
> > On Sun, 2015-02-22 at 16:04 +0100, Stephan Mueller wrote:
> >> Am Sonntag, 22. Februar 2015, 18:32:34 schrieb sri sowj:
> >>
> >> Hi sri,
> >>
> >> > Hi Stephen,
> >> >
> >> > It was a great information with respective PF_ALG , I have explored a
> >> > bit on openssl and algorithms prospect , Please let me know if
> >> > anything to add to it.
> >> >
> >> > openssl crypto engine:
> >> >
> >> > below are the steps to enable openssl to communicate using pf/af_alg.
> >> >
> >> > #1:git clone http://src.carnivore.it/users/common/af_alg/
> >>
> >> Yes, that is it. But it is not fully efficient as it does not use
> >> vmsplice
> >> where appropriate. So, libkcapi should be faster in several use cases.
> >
> > When would vmsplice be appropriate? As far as I understand vmsplice adds
> > a cost on operations for small data, which is the majority of use cases
> > in crypto. In the measurements I did for cryptodev-linux [0] vmsplice
> > did improve performance only for more than 64k packets which is never
> > the case with real world crypto (TLS has a maximum of 14k for example).
> >
> > regards,
> > Nikos
> >
> > [0]. http://cryptodev-linux.org/comparison.html
> >
> >
> > --
> > To unsubscribe from this list: send the line "unsubscribe linux-crypto" in
> > the body of a message to [email protected]
> > More majordomo info at http://vger.kernel.org/majordomo-info.html
--
Ciao
Stephan
On Mon, Feb 23, 2015 at 5:06 AM, sri sowj <[email protected]> wrote:
> Hi Nikos,
>
> Please can you let me know my understanding regarding openssl and
> crypto are correct?
> I have mentioned my understanding in my earlier posts,but let me
> mention it here again.
> I want to interact with Crypto Hardware from user space using openssl
> like libraries based applications through cryptodev-linux interface.
> it looks like openssl comes with cryptodev-linux support(through
> eng_cryptodev.c) .
> When I downloaded openssl,eng_cryptodev.c file is available by default.
> below link refers about eng_cryptodev.c for openssl support :
> http://repo.or.cz/w/cryptodev-linux.git/commitdiff/56cc4e3b8b761cb34f928f4eee59755d1f0afc53
That's a very old link. Note that openssl's cryptodev support works
well for ciphers, but not for digests (hashes). So the best is to
compile without digest support, or use the patches in
https://github.com/openssl/openssl/pull/191
The most current instructions are:
https://github.com/cryptodev-linux/cryptodev-linux/blob/master/INSTALL
and in https://github.com/cryptodev-linux/cryptodev-linux
regards,
Nikos
On Mon, Feb 23, 2015 at 9:18 AM, Stephan Mueller <[email protected]> wrote:
>> one more thing while compiling openssl with above mentioned changes I
>> faced compilation issues in linux ,Please can you also let me know
>> whether there are per-requisites like any dependent libraries or
>> installing cryptodev-linux on host/target machine before compiling
>> openssl etc?
> Per default, you lack the kernel side support (there is no /dev/crypto) unless
> you patch your kernel. Thus, that cryptodev support in OpenSSL is not used on
> default kernels.
It depends. If you are working in an embedded system /dev/crypto is
most probably there. AF_ALG could be supported too, but there is
little reason to use it, unless working slow is your goal.
regards,
Nikos
Hi Nikos,
Thanks a lot for the information provided on openssl part for cryptodev-linux.
I have followed the steps mentioned in "
https://github.com/cryptodev-linux/cryptodev-linux/blob/master/INSTALL
"
But When I executed " make check" command I got following error,please
can you help me with this.
cc -I.. -c -o cipher_comp.o cipher_comp.c
cc -I.. -c -o openssl_wrapper.o openssl_wrapper.c
openssl_wrapper.c: In function ‘openssl_hmac’:
openssl_wrapper.c:136:5: error: invalid use of void expression
openssl_wrapper.c:144:3: error: invalid use of void expression
openssl_wrapper.c:152:3: error: invalid use of void expression
make[1]: *** [openssl_wrapper.o] Error 1
make[1]: Leaving directory `/home/srisowj/cryptodev/cryptodev-linux-1.6/tests'
make: *** [check] Error 2
BR,
& Srisowj
On Mon, Feb 23, 2015 at 1:57 PM, Nikos Mavrogiannopoulos
<[email protected]> wrote:
> On Mon, Feb 23, 2015 at 5:06 AM, sri sowj <[email protected]> wrote:
>> Hi Nikos,
>>
>> Please can you let me know my understanding regarding openssl and
>> crypto are correct?
>> I have mentioned my understanding in my earlier posts,but let me
>> mention it here again.
>> I want to interact with Crypto Hardware from user space using openssl
>> like libraries based applications through cryptodev-linux interface.
>> it looks like openssl comes with cryptodev-linux support(through
>> eng_cryptodev.c) .
>> When I downloaded openssl,eng_cryptodev.c file is available by default.
>> below link refers about eng_cryptodev.c for openssl support :
>> http://repo.or.cz/w/cryptodev-linux.git/commitdiff/56cc4e3b8b761cb34f928f4eee59755d1f0afc53
>
> That's a very old link. Note that openssl's cryptodev support works
> well for ciphers, but not for digests (hashes). So the best is to
> compile without digest support, or use the patches in
> https://github.com/openssl/openssl/pull/191
>
> The most current instructions are:
> https://github.com/cryptodev-linux/cryptodev-linux/blob/master/INSTALL
> and in https://github.com/cryptodev-linux/cryptodev-linux
>
> regards,
> Nikos