Received: by 2002:a25:824b:0:0:0:0:0 with SMTP id d11csp1912924ybn; Thu, 26 Sep 2019 04:12:42 -0700 (PDT) X-Google-Smtp-Source: APXvYqxmBFxWiRgKESB4iwCrTkBRagjicDmsToVZ8MyNWBMWXxIOKC/kLZPl7QRKJiMtBa5ocnwV X-Received: by 2002:a17:906:e288:: with SMTP id gg8mr2510350ejb.24.1569496362165; Thu, 26 Sep 2019 04:12:42 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1569496362; cv=none; d=google.com; s=arc-20160816; b=J3oiyfuyYsJfVVh3gci+2ZsYtPbAdOl8zPsfBCaZRnLKx9qjiI5sMvNobAIwxAtz2e a2s8mG6ssP8y/osYkL1B+7kfVXdOFMSc/vo5PP93b4EiFeeJjxvqmh7Q2iftANgfmwWj 8R9olGEGOxav7Uz4Dx/BvXnMjCK7A7oD45aO/EcjFitq5sqcmxbzUOAwrV+1ihxxh5yl 4iXj0G/ea4VgMaAvOB3Haz9bquHBF6rat1FVlr/A4DrGC2RgSD5Bl7RaLxPFx1iBhFuJ Jkyl7iWGI6BDqE3f9q8l4r4zsuyGndcFyC9u8rVXILUTN91DWxdAlHUE1M7hT9wR1uOj 9HPg== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:sender:cc:to:subject:message-id:date:from :in-reply-to:references:mime-version:dkim-signature; bh=jEcRIGweuSrFlyGiVQx6ikGHcrWfWuwZJNaWDvSoGKA=; b=n7ze+10Ar53UBLS7902sKoRd5XVT3hEALlRpt7KgNOcM4cDnbvCGkCciYX8frbLi7Y Gady9SPxVmPubXFN941vqVfg63jGr7Bw3VIfTCn0mxszximK/HLhquw4Veslave+amw0 KV7+0batpUmekbwwzvn6MQIhdtDMZlFMBy48kmM2aOKjUAkr6+q99l4ZNSoCRcSjxETc /Ru2I7WrxiHrBAANBD0OZUfJOj1RAubXlqrvFECvVlXWDUylf6NJnD1G4o6QnL8mVu3i 8MItZ0pM1RN7g3vDx6l2BZTdHqAfFSd9gvczzBU/in8N68YFlRxh+v1Zi43neRIiWW7V UZXQ== ARC-Authentication-Results: i=1; mx.google.com; dkim=pass header.i=@zx2c4.com header.s=mail header.b=SgBxyX4N; spf=pass (google.com: best guess record for domain of linux-crypto-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-crypto-owner@vger.kernel.org; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=zx2c4.com Return-Path: Received: from vger.kernel.org (vger.kernel.org. [209.132.180.67]) by mx.google.com with ESMTP id e7si1057745edn.267.2019.09.26.04.12.16; Thu, 26 Sep 2019 04:12:42 -0700 (PDT) Received-SPF: pass (google.com: best guess record for domain of linux-crypto-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) client-ip=209.132.180.67; Authentication-Results: mx.google.com; dkim=pass header.i=@zx2c4.com header.s=mail header.b=SgBxyX4N; spf=pass (google.com: best guess record for domain of linux-crypto-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-crypto-owner@vger.kernel.org; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=zx2c4.com Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1725536AbfIZLMH (ORCPT + 99 others); Thu, 26 Sep 2019 07:12:07 -0400 Received: from frisell.zx2c4.com ([192.95.5.64]:46487 "EHLO frisell.zx2c4.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1725280AbfIZLMH (ORCPT ); Thu, 26 Sep 2019 07:12:07 -0400 Received: by frisell.zx2c4.com (ZX2C4 Mail Server) with ESMTP id 08d1f1df; Thu, 26 Sep 2019 10:26:13 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha1; c=relaxed; d=zx2c4.com; h=mime-version :references:in-reply-to:from:date:message-id:subject:to:cc :content-type; s=mail; bh=0KrXBh/Bsqvx7HfMQP+/WOxM5VQ=; b=SgBxyX 4NMpvWxsmvkJGlPcW1N1PFhincDEmLASGMhzti7agl4WVuCxMjSBiAJBeRFMKAWB 3IH22LQ39469zaaVYF53FIPATv7HE6D7Y6ija/Zvrm7cG7q1y8JPEXbTboQS3MJv szjScWeJmb+okPp1OjUE7WWHLtk+CRxgfpnqj2FqwKURrzS3NbNdEFxUJWGodVou V8+Z1WGBfY4rCD6G1fNaPKLvO8MZVzwzpZ1jwYxMA0Icp0/XFX5lKt0t5VBuryin cQmtXGl7ULEMD1xIuT2CNgI6kLPmaYfzZF3rzuYPrbCUW7hXY6hyKxJe/7HyAqkl /r5T3GNVIm77+iFQ== Received: by frisell.zx2c4.com (ZX2C4 Mail Server) with ESMTPSA id 09e055a9 (TLSv1.2:ECDHE-RSA-AES256-GCM-SHA384:256:NO); Thu, 26 Sep 2019 10:26:12 +0000 (UTC) Received: by mail-ot1-x330.google.com with SMTP id o44so1596522ota.10; Thu, 26 Sep 2019 04:12:03 -0700 (PDT) X-Gm-Message-State: APjAAAUH+kRSTgzzBJjFMv0/xDRhP5dj/+7G12Z696XBKtjTHacereqr mPIJjXah2UHouBiXq7r5Dt+DSVY2PA4tfoXUvo8= X-Received: by 2002:a9d:ec2:: with SMTP id 60mr2198189otj.369.1569496022509; Thu, 26 Sep 2019 04:07:02 -0700 (PDT) MIME-Version: 1.0 References: <20190925161255.1871-1-ard.biesheuvel@linaro.org> In-Reply-To: From: "Jason A. Donenfeld" Date: Thu, 26 Sep 2019 13:06:51 +0200 X-Gmail-Original-Message-ID: Message-ID: Subject: chapoly acceleration hardware [Was: Re: [RFC PATCH 00/18] crypto: wireguard using the existing crypto API] To: Pascal Van Leeuwen Cc: Ard Biesheuvel , Linux Crypto Mailing List , linux-arm-kernel , Herbert Xu , David Miller , Greg KH , Linus Torvalds , Samuel Neves , Dan Carpenter , Arnd Bergmann , Eric Biggers , Andy Lutomirski , Will Deacon , Marc Zyngier , Catalin Marinas , Willy Tarreau , Netdev , =?UTF-8?B?VG9rZSBIw7hpbGFuZC1Kw7hyZ2Vuc2Vu?= , Dave Taht Content-Type: text/plain; charset="UTF-8" Sender: linux-crypto-owner@vger.kernel.org Precedence: bulk List-ID: X-Mailing-List: linux-crypto@vger.kernel.org [CC +willy, toke, dave, netdev] Hi Pascal On Thu, Sep 26, 2019 at 12:19 PM Pascal Van Leeuwen wrote: > Actually, that assumption is factually wrong. I don't know if anything > is *publicly* available, but I can assure you the silicon is running in > labs already. And something will be publicly available early next year > at the latest. Which could nicely coincide with having Wireguard support > in the kernel (which I would also like to see happen BTW) ... > > Not "at some point". It will. Very soon. Maybe not in consumer or server > CPUs, but definitely in the embedded (networking) space. > And it *will* be much faster than the embedded CPU next to it, so it will > be worth using it for something like bulk packet encryption. Super! I was wondering if you could speak a bit more about the interface. My biggest questions surround latency. Will it be synchronous or asynchronous? If the latter, why? What will its latencies be? How deep will its buffers be? The reason I ask is that a lot of crypto acceleration hardware of the past has been fast and having very deep buffers, but at great expense of latency. In the networking context, keeping latency low is pretty important. Already WireGuard is multi-threaded which isn't super great all the time for latency (improvements are a work in progress). If you're involved with the design of the hardware, perhaps this is something you can help ensure winds up working well? For example, AES-NI is straightforward and good, but Intel can do that because they are the CPU. It sounds like your silicon will be adjacent. How do you envision this working in a low latency environment? Jason