On Wed, Sep 27, 2000 at 01:38:31PM +0000, Marc Mutz wrote: > Peter van Hove wrote: > > > <snip> > > i was wndering if there already is support for crypto cards in the kernel and if so > > can they be used to accelerate IPsec encryption. > > > > Lee Cremeans <leec@xxxxxxxx> is working on a driver for a crypto card > for Linux. He posted an unrelated question on lkml, but has not said > anything more about it. If it is there, I'll try and make this work for > the cryptoapi (kerneli patch). But so far, both frees/wan and (this is a > guess) the nist implementation of ipsec for linux do not use the crypto > api. The redcreek thing might be the better way for now. > I think there are some interesting issues to be solved when we want to get hardware crypto cards running under Linux. For one, we want to have a queue of processing requests for the device instead of having a synchronous interface like most crypto libraries offer. We also probably want to use the CPU if the queue starts to have too many entries, or load-balance between several cards, so we need a "crypto-provider" concept. Also, for programmable crypto-cards we might want to consider the cost of switching ciphers on the card when choosing which requests should be done by which cards/CPU. This will be interesting to look at when the first drivers emerge. astor -- Alexander Kjeldaas Mail: astor@xxxxxxx finger astor@xxxxxxxxxxxxxxxxx for OpenPGP key. Linux-crypto: cryptography in and on the Linux system Archive: http://mail.nl.linux.org/linux-crypto/
