[16440] in cryptography@c2.net mail archive
OCF port to linux (fwd from davidm@snapgear.com)
daemon@ATHENA.MIT.EDU (Eugen Leitl)
Thu Nov 18 13:19:26 2004
X-Original-To: cryptography@metzdowd.com
X-Original-To: cryptography@metzdowd.com
Date: Wed, 17 Nov 2004 10:22:49 +0100
From: Eugen Leitl <eugen@leitl.org>
To: Cryptography List <cryptography@metzdowd.com>
--rkWPrZ4ko+EtDPdn
Content-Type: text/plain; charset=us-ascii
Content-Disposition: inline
Content-Transfer-Encoding: quoted-printable
From: David McCullough <davidm@snapgear.com>
Subject: OCF port to linux
To: cryptoapi@lists.logix.cz
Date: Wed, 17 Nov 2004 17:51:31 +1000
Hi all,
Just thought I drop a line to see if anyone is interested in a linux
port of the FreeBSD(OpenBSD) Open Cryptographic Framework (OCF) ?
I needed user crypto acceleration under 2.4 in a hurry and Evgeniy
Polyakov hadn't quite posted his work at the time, so I ported the
full OCF framework. The userland API is 100% BSD compatible, thus
reducing the work I needed to do with openssl/ssh.
I have read all the posts to the list on Evgeniy's work and also Michal
Ludvig's /dev/crypto work. I understand that this probably isn't the
format/license/API that people would like, but it is working and can
used for comparison if nothing else :-). If anyone would like to play
with it I can put together a patch for 2.4 or 2.6. The patch would be
about 70k.
I have a software OCF driver (using the crypto API in the kernel), a
safenet driver and an Xscale CryptACC driver. I should get time to
port the hifn driver in the next day or so.
Anyway, everyone wants to see the numbers, they are included below.
Of course there are still a few bugs to work out :-) The results do
show the trends in trade offs between user/kernel assisted crypto
though, the most obvious is that for small packets user crypto is better,
Cheers,
Davidm
Early OCF test results
=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D
Here is the result of some tests run on OCF under linux. The platform was a
533MHz Intel Xscale IXP425 platform (ARM big endian). The board has a
safenet 1141 on the PCI bus and also the IXP has a built in crypto engine.
The following tests were done using the following commands.
openssl speed -evp des -elapsed
openssl speed -evp des3 -elapsed
"-engine cryptodev" was added to the command when OCF acceleration was desi=
red.
The OCF modules used are:
none - completely user mode software crypto
soft - using crypto framework with software crypto engine
safe - using crypto framework with safenet crypto engine
ixp - using crypto framework with IXP crypto engine
I dropped the max packet size down to 2048 bytes, 8192 seems a little
unrealistic. Needless to say, the HW crypto is even further ahead with
bigger buffers to work on.
cipher mod. 16 bytes 64 bytes 256 bytes 1024 bytes 2048 =
bytes
---------------------------------------------------------------------------=
-----
des-cbc none 3244.01k 3476.31k 3539.97k 3556.01k 3558.=
74k
des-cbc soft 594.90k 1388.31k 2132.48k 2462.04k 2540.=
20k
des-cbc ixp 314.33k 1217.98k 3928.18k 8692.22k 11236.=
34k
des-cbc safe 205.34k 797.56k 2926.12k 8199.85k 11954.=
75k
des-ede3-cbc none 1211.87k 1243.69k 1252.01k 1253.03k 1253.=
38k
des-ede3-cbc soft 451.45k 812.94k 1019.56k 1102.53k 1117.=
84k
des-ede3-cbc ixp 314.59k 1205.56k 3499.49k 7148.88k 8622.=
22k
des-ede3-cbc safe 204.12k 777.94k 2750.98k 7124.99k 9697.=
96k
The following tests are the same as above only 10 threads were run in
parallel by adding the "-multi 10" option to openssl speed.
cipher mod. 16 bytes 64 bytes 256 bytes 1024 bytes 2048 =
bytes
---------------------------------------------------------------------------=
-----
des-cbc none 3252.99k 3464.39k 3575.26k 3479.82k 4251.=
62k
des-cbc soft 645.83k 1399.34k 2071.83k 2453.65k 2796.=
95k
des-cbc ixp 139.91k 346.95k 1648.15k 4154.48k 8433.=
97k
des-cbc safe 109.68k 415.31k 1496.91k 3889.41k 8108.=
29k
des-ede3-cbc none 1245.77k 1238.85k 1247.49k 1249.28k 1646.=
35k
des-ede3-cbc soft 476.38k 817.10k 1010.62k 1094.42k 1690.=
12k
des-ede3-cbc ixp 100.05k 348.10k 1736.11k 4174.40k 8484.=
31k
des-ede3-cbc safe 111.67k 410.05k 1537.71k 3736.93k 8132.=
46k
Tests using "scp -c cipher" of a 19Mb file:
cipher module scp output
-----------------------------------------
3des none 100% 19MB 717.3KB/s
3des soft 100% 19MB 646.6KB/s
3des ixp 100% 19MB 1.6MB/s
3des safe failed (endian problems)
Same as above using 4 copies at the same time and averaging the results:
cipher module scp output
-----------------------------------------
3des none 100% 19MB 192.2KB/s
3des soft 100% 19MB 172.6KB/s
3des ixp 100% 19MB 442.5KB/s
3des safe failed (endian problems)
--=20
David McCullough, davidm@snapgear.com Ph:+61 7 34352815 http://www.SnapGea=
r.com
Custom Embedded Solutions + Security Fx:+61 7 38913630 http://www.uCdot.o=
rg
_______________________________________________
Subscription: http://lists.logix.cz/mailman/listinfo/cryptoapi
List archive: http://lists.logix.cz/pipermail/cryptoapi
----------
--=20
Eugen* Leitl <a href=3D"http://leitl.org">leitl</a>
______________________________________________________________
ICBM: 48.07078, 11.61144 http://www.leitl.org
8B29F6BE: 099D 78BA 2FD3 B014 B08A 7779 75B0 2443 8B29 F6BE
http://moleculardevices.org http://nanomachines.net
--rkWPrZ4ko+EtDPdn
Content-Type: application/pgp-signature
Content-Disposition: inline
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.2-rc1-SuSE (GNU/Linux)
iD8DBQFBmxhpdbAkQ4sp9r4RAsSdAKCMZdxzd5Yidt4aYtInE74Y4Txc2wCghb8o
4aE47uRHS1MGQeVejjlGqu0=
=le+O
-----END PGP SIGNATURE-----
--rkWPrZ4ko+EtDPdn--
---------------------------------------------------------------------
The Cryptography Mailing List
Unsubscribe by sending "unsubscribe cryptography" to majordomo@metzdowd.com
