On Tue, Oct 19, 2010 at 3:44 PM, Herbert Xu <herbert@xxxxxxxxxxxxxxxxxxxx> wrote: > OK I've gone ahead and implemented the user-space API for hashes > and ciphers. > To recap this interface is designed to allow user-space programs > to access hardware cryptographic accelerators that we have added > to the kernel. > The intended usage scenario is where a large amount of data needs > to be processed where the benefits offered by hardware acceleration > that is normally unavailable in user-space (as opposed to ones > such as the Intel AES instruction which may be used directly from > user-space) outweigh the overhead of going through the kernel. What is the overall advantage of this API comparing to other existing ones that achieve similar goals[0][1]? Some observations: 1. To perform an encryption of data 6 system calls are made (I don't count the 2 used for socket initialization since I suppose can be global for all operations) and a file descriptor is assigned. The number of system calls made has great impact to the actual speed seen by userspace (as you said this API is for user-space to access the high-speed peripherals that do encryption). 2. Due to the usage of read() and write() no zero-copy can happen for user-space buffers[3]. regards, Nikos [0]. http://home.gna.org/cryptodev-linux/ [1]. http://home.gna.org/cryptodev-linux/ncr.html [2]. The openbsd[0] api can do it with 3 system calls and NCR[1] with one, and both require no file descriptor for each operation. [3]. The openbsd[0] api and NCR[1] do zero-copy for user-space buffers. -- To unsubscribe from this list: send the line "unsubscribe linux-crypto" in the body of a message to majordomo@xxxxxxxxxxxxxxx More majordomo info at http://vger.kernel.org/majordomo-info.html
