OCF port to linux (fwd from davidm at snapgear.com)

Eugen Leitl eugen at leitl.org
Wed Nov 17 04:22:49 EST 2004 

From: David McCullough <davidm at snapgear.com>
Subject: OCF port to linux
To: cryptoapi at lists.logix.cz
Date: Wed, 17 Nov 2004 17:51:31 +1000


Hi all,

Just thought I drop a line to see if anyone is interested in a linux
port of the FreeBSD(OpenBSD) Open Cryptographic Framework (OCF) ?

I needed user crypto acceleration under 2.4 in a hurry and Evgeniy
Polyakov hadn't quite posted his work at the time,  so I ported the
full OCF framework.  The userland API is 100% BSD compatible,  thus
reducing the work I needed to do with openssl/ssh.

I have read all the posts to the list on Evgeniy's work and also Michal
Ludvig's /dev/crypto work.   I understand that this probably isn't the
format/license/API that people would like,  but it is working and can
used for comparison if nothing else :-).  If anyone would like to play
with it I can put together a patch for 2.4 or 2.6.  The patch would be
about 70k.

I have a software OCF driver (using the crypto API in the kernel), a
safenet driver and an Xscale CryptACC driver.  I should get time to
port the hifn driver in the next day or so.

Anyway,  everyone wants to see the numbers,  they are included below.
Of course there are still a few bugs to work out :-)  The results do
show the trends in trade offs between user/kernel assisted crypto
though,  the most obvious is that for small packets user crypto is better,

Cheers,
Davidm

Early OCF test results
======================

Here is the result of some tests run on OCF under linux.  The platform was a
533MHz Intel Xscale IXP425 platform (ARM big endian).  The board has a
safenet 1141 on the PCI bus and also the IXP has a built in crypto engine.

The following tests were done using the following commands.

    openssl speed -evp des -elapsed
    openssl speed -evp des3 -elapsed

"-engine cryptodev" was added to the command when OCF acceleration was desired.
The OCF modules used are:

    none            - completely user mode software crypto
    soft            - using crypto framework with software crypto engine
    safe            - using crypto framework with safenet crypto engine
    ixp             - using crypto framework with IXP crypto engine

I dropped the max packet size down to 2048 bytes,  8192 seems a little
unrealistic.  Needless to say,  the HW crypto is even further ahead with
bigger buffers to work on.

cipher       mod.   16 bytes     64 bytes    256 bytes   1024 bytes   2048 bytes
--------------------------------------------------------------------------------
des-cbc      none   3244.01k     3476.31k    3539.97k    3556.01k     3558.74k
des-cbc      soft    594.90k     1388.31k    2132.48k    2462.04k     2540.20k
des-cbc      ixp     314.33k     1217.98k    3928.18k    8692.22k    11236.34k
des-cbc      safe    205.34k      797.56k    2926.12k    8199.85k    11954.75k
des-ede3-cbc none   1211.87k     1243.69k    1252.01k    1253.03k     1253.38k
des-ede3-cbc soft    451.45k      812.94k    1019.56k    1102.53k     1117.84k
des-ede3-cbc ixp     314.59k     1205.56k    3499.49k    7148.88k     8622.22k
des-ede3-cbc safe    204.12k      777.94k    2750.98k    7124.99k     9697.96k

The following tests are the same as above only 10 threads were run in
parallel by adding the "-multi 10" option to openssl speed.

cipher       mod.   16 bytes     64 bytes    256 bytes   1024 bytes   2048 bytes
--------------------------------------------------------------------------------
des-cbc      none   3252.99k     3464.39k    3575.26k    3479.82k     4251.62k
des-cbc      soft    645.83k     1399.34k    2071.83k    2453.65k     2796.95k
des-cbc      ixp     139.91k      346.95k    1648.15k    4154.48k     8433.97k
des-cbc      safe    109.68k      415.31k    1496.91k    3889.41k     8108.29k

des-ede3-cbc none   1245.77k     1238.85k    1247.49k    1249.28k     1646.35k
des-ede3-cbc soft    476.38k      817.10k    1010.62k    1094.42k     1690.12k
des-ede3-cbc ixp     100.05k      348.10k    1736.11k    4174.40k     8484.31k
des-ede3-cbc safe    111.67k      410.05k    1537.71k    3736.93k     8132.46k

Tests using "scp -c cipher" of a 19Mb file:

cipher    module    scp output
-----------------------------------------
3des      none      100%   19MB 717.3KB/s
3des      soft      100%   19MB 646.6KB/s
3des      ixp       100%   19MB   1.6MB/s
3des      safe      failed (endian problems)

Same as above using 4 copies at the same time and averaging the results:

cipher    module    scp output
-----------------------------------------
3des      none      100%   19MB 192.2KB/s
3des      soft      100%   19MB 172.6KB/s
3des      ixp       100%   19MB 442.5KB/s
3des      safe      failed (endian problems)

-- 
David McCullough, davidm at snapgear.com  Ph:+61 7 34352815 http://www.SnapGear.com
Custom Embedded Solutions + Security   Fx:+61 7 38913630 http://www.uCdot.org
_______________________________________________

Subscription: http://lists.logix.cz/mailman/listinfo/cryptoapi
List archive: http://lists.logix.cz/pipermail/cryptoapi

----------

-- 
Eugen* Leitl <a href="http://leitl.org">leitl</a>
______________________________________________________________
ICBM: 48.07078, 11.61144            http://www.leitl.org
8B29F6BE: 099D 78BA 2FD3 B014 B08A  7779 75B0 2443 8B29 F6BE
http://moleculardevices.org         http://nanomachines.net
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 198 bytes
Desc: not available
URL: <http://www.metzdowd.com/pipermail/cryptography/attachments/20041117/11140ed3/attachment.pgp>

More information about the cryptography mailing list