----- "Herbert Xu" <herbert@xxxxxxxxxxxxxxxxxxxx> wrote:
> On Tue, Sep 07, 2010 at 10:34:25AM -0400, Miloslav Trmac wrote:
> >
> > > > > /* These may also be set through sendmsg(2) cmsgs. */
> > > > > op = ALG_AEAD_OP_ENCRYPT;
> > > > > setsockopt(opfd, SOL_ALG, ALG_AEAD_OP, op, sizeof(op));
> > > > > setsockopt(opfd, SOL_ALG, ALG_AEAD_SET_IV, iv, ivlen);
> > > > So that is 8 syscalls to initialize a single AEAD operation.
> > >
> > > If this interface is fast enough for TCP, it ought to be fast
> > > enough for crypto.
> > Crypto has much smaller granularity than TCP. A single TLS
> handshake involves something on the order of 20 separate crypto
> operations in addition to setting up the four transforms used
> throughout the life of the session.
> >
> > A single SHA-256 password verification is more than 5000 hash
> operations by default.
>
> If you're processing a small amount of data the last thing you want
> is to go through the kernel if you care about performance.
>
> Now on the other hand if you had to go through the kernel for
> certification reasons then why are you talking about performance?
Because in the real world people want both certification, features _and_ performance. If all they cared about is certification they could just as well buy a pencil.
Mirek
--
To unsubscribe from this list: send the line "unsubscribe linux-crypto" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at http://vger.kernel.org/majordomo-info.html
