OCF port to linux (fwd from davidm at snapgear.com)
Eugen Leitl
eugen at leitl.org
Wed Nov 17 04:22:49 EST 2004
From: David McCullough <davidm at snapgear.com>
Subject: OCF port to linux
To: cryptoapi at lists.logix.cz
Date: Wed, 17 Nov 2004 17:51:31 +1000
Hi all,
Just thought I drop a line to see if anyone is interested in a linux
port of the FreeBSD(OpenBSD) Open Cryptographic Framework (OCF) ?
I needed user crypto acceleration under 2.4 in a hurry and Evgeniy
Polyakov hadn't quite posted his work at the time, so I ported the
full OCF framework. The userland API is 100% BSD compatible, thus
reducing the work I needed to do with openssl/ssh.
I have read all the posts to the list on Evgeniy's work and also Michal
Ludvig's /dev/crypto work. I understand that this probably isn't the
format/license/API that people would like, but it is working and can
used for comparison if nothing else :-). If anyone would like to play
with it I can put together a patch for 2.4 or 2.6. The patch would be
about 70k.
I have a software OCF driver (using the crypto API in the kernel), a
safenet driver and an Xscale CryptACC driver. I should get time to
port the hifn driver in the next day or so.
Anyway, everyone wants to see the numbers, they are included below.
Of course there are still a few bugs to work out :-) The results do
show the trends in trade offs between user/kernel assisted crypto
though, the most obvious is that for small packets user crypto is better,
Cheers,
Davidm
Early OCF test results
======================
Here is the result of some tests run on OCF under linux. The platform was a
533MHz Intel Xscale IXP425 platform (ARM big endian). The board has a
safenet 1141 on the PCI bus and also the IXP has a built in crypto engine.
The following tests were done using the following commands.
openssl speed -evp des -elapsed
openssl speed -evp des3 -elapsed
"-engine cryptodev" was added to the command when OCF acceleration was desired.
The OCF modules used are:
none - completely user mode software crypto
soft - using crypto framework with software crypto engine
safe - using crypto framework with safenet crypto engine
ixp - using crypto framework with IXP crypto engine
I dropped the max packet size down to 2048 bytes, 8192 seems a little
unrealistic. Needless to say, the HW crypto is even further ahead with
bigger buffers to work on.
cipher mod. 16 bytes 64 bytes 256 bytes 1024 bytes 2048 bytes
--------------------------------------------------------------------------------
des-cbc none 3244.01k 3476.31k 3539.97k 3556.01k 3558.74k
des-cbc soft 594.90k 1388.31k 2132.48k 2462.04k 2540.20k
des-cbc ixp 314.33k 1217.98k 3928.18k 8692.22k 11236.34k
des-cbc safe 205.34k 797.56k 2926.12k 8199.85k 11954.75k
des-ede3-cbc none 1211.87k 1243.69k 1252.01k 1253.03k 1253.38k
des-ede3-cbc soft 451.45k 812.94k 1019.56k 1102.53k 1117.84k
des-ede3-cbc ixp 314.59k 1205.56k 3499.49k 7148.88k 8622.22k
des-ede3-cbc safe 204.12k 777.94k 2750.98k 7124.99k 9697.96k
The following tests are the same as above only 10 threads were run in
parallel by adding the "-multi 10" option to openssl speed.
cipher mod. 16 bytes 64 bytes 256 bytes 1024 bytes 2048 bytes
--------------------------------------------------------------------------------
des-cbc none 3252.99k 3464.39k 3575.26k 3479.82k 4251.62k
des-cbc soft 645.83k 1399.34k 2071.83k 2453.65k 2796.95k
des-cbc ixp 139.91k 346.95k 1648.15k 4154.48k 8433.97k
des-cbc safe 109.68k 415.31k 1496.91k 3889.41k 8108.29k
des-ede3-cbc none 1245.77k 1238.85k 1247.49k 1249.28k 1646.35k
des-ede3-cbc soft 476.38k 817.10k 1010.62k 1094.42k 1690.12k
des-ede3-cbc ixp 100.05k 348.10k 1736.11k 4174.40k 8484.31k
des-ede3-cbc safe 111.67k 410.05k 1537.71k 3736.93k 8132.46k
Tests using "scp -c cipher" of a 19Mb file:
cipher module scp output
-----------------------------------------
3des none 100% 19MB 717.3KB/s
3des soft 100% 19MB 646.6KB/s
3des ixp 100% 19MB 1.6MB/s
3des safe failed (endian problems)
Same as above using 4 copies at the same time and averaging the results:
cipher module scp output
-----------------------------------------
3des none 100% 19MB 192.2KB/s
3des soft 100% 19MB 172.6KB/s
3des ixp 100% 19MB 442.5KB/s
3des safe failed (endian problems)
--
David McCullough, davidm at snapgear.com Ph:+61 7 34352815 http://www.SnapGear.com
Custom Embedded Solutions + Security Fx:+61 7 38913630 http://www.uCdot.org
_______________________________________________
Subscription: http://lists.logix.cz/mailman/listinfo/cryptoapi
List archive: http://lists.logix.cz/pipermail/cryptoapi
----------
--
Eugen* Leitl <a href="http://leitl.org">leitl</a>
______________________________________________________________
ICBM: 48.07078, 11.61144 http://www.leitl.org
8B29F6BE: 099D 78BA 2FD3 B014 B08A 7779 75B0 2443 8B29 F6BE
http://moleculardevices.org http://nanomachines.net
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 198 bytes
Desc: not available
URL: <http://www.metzdowd.com/pipermail/cryptography/attachments/20041117/11140ed3/attachment.pgp>
More information about the cryptography
mailing list