Today, in Talitos driver crypto alg registration is based on predefined
templates with a predefined descriptor type and verification against the
descriptors supported by the HW. This works well for ALG that require a
unique descriptor. But for IPsec this is slightly different:
* IPsec can be performed with both DESC_HDR_TYPE_IPSEC_ESP and
DESC_HDR_TYPE_HMAC_SNOOP_NO_AFEU
* DESC_HDR_TYPE_IPSEC_ESP is supported only by SEC2
* DESC_HDR_TYPE_HMAC_SNOOP_NO_AFEU is supported by both SEC1 and SEC2
* DESC_HDR_TYPE_HMAC_SNOOP_NO_AFEU is less performant than
DESC_HDR_TYPE_IPSEC_ESP
So it is natural to use DESC_HDR_TYPE_IPSEC_ESP when it is supported and
use DESC_HDR_TYPE_HMAC_SNOOP_NO_AFEU otherwise ?
What's the best way to implement the selection of the proper descriptor
type ?
* We can duplicate the templates but it means that when both types are
supported the driver with try to register each AEAD alg twice
* We can "on the fly" change the DESC_HDR_TYPE_IPSEC_ESP type into
DESC_HDR_TYPE_HMAC_SNOOP_NO_AFEU type ?
* We can alter the templates at startup when we know we are on a SEC1,
changing all templates based on DESC_HDR_TYPE_IPSEC_ESP into templates
based on DESC_HDR_TYPE_HMAC_SNOOP_NO_AFEU
What would be the best approach from your point of view ?
Christophe
--
To unsubscribe from this list: send the line "unsubscribe linux-crypto" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at http://vger.kernel.org/majordomo-info.html
