Re: AEAD in TALITOS SEC1 versus TALITOS SEC2

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



On Thu, 21 Apr 2016 13:31:47 +0000
Horia Ioan Geanta Neag <horia.geanta@xxxxxxx> wrote:

> On 4/20/2016 3:04 PM, Christophe Leroy wrote:
> > Today, in Talitos driver crypto alg registration is based on predefined
> > templates with a predefined descriptor type and verification against the
> > descriptors supported by the HW. This works well for ALG that require a
> > unique descriptor. But for IPsec this is slightly different:
> > * IPsec can be performed with both DESC_HDR_TYPE_IPSEC_ESP and
> > DESC_HDR_TYPE_HMAC_SNOOP_NO_AFEU
> > * DESC_HDR_TYPE_IPSEC_ESP is supported only by SEC2
> > * DESC_HDR_TYPE_HMAC_SNOOP_NO_AFEU is supported by both SEC1 and SEC2
> > * DESC_HDR_TYPE_HMAC_SNOOP_NO_AFEU is less performant than
> > DESC_HDR_TYPE_IPSEC_ESP
> > So it is natural to use DESC_HDR_TYPE_IPSEC_ESP when it is supported and
> > use DESC_HDR_TYPE_HMAC_SNOOP_NO_AFEU otherwise ?
> >
> > What's the best way to implement the selection of the proper descriptor
> > type ?
> > * We can duplicate the templates but it means that when both types are
> > supported the driver with try to register each AEAD alg twice
> > * We can "on the fly" change the DESC_HDR_TYPE_IPSEC_ESP type into
> > DESC_HDR_TYPE_HMAC_SNOOP_NO_AFEU type ?
> > * We can alter the templates at startup when we know we are on a SEC1,
> > changing all templates based on DESC_HDR_TYPE_IPSEC_ESP into templates
> > based on DESC_HDR_TYPE_HMAC_SNOOP_NO_AFEU
> >
> > What would be the best approach from your point of view ?
> >
> I would go with altering the relevant entries in the template array, of
> course before the hw_supports() check.
>
> IIUC, the "on the fly" option won't work. There has to be a valid
> descriptor type for each template entry before hw_supports().
>
> Regards,
> Horia
> --
> To unsubscribe from this list: send the line "unsubscribe linux-crypto" in
> the body of a message to majordomo@xxxxxxxxxxxxxxx
> More majordomo info at  http://vger.kernel.org/majordomo-info.html
>
IMPORTANT NOTICE: The contents of this email and any attachments are confidential and may also be privileged. If you are not the intended recipient, please notify the sender immediately and do not disclose the contents to any other person, use it for any purpose, or store or copy the information in any medium. Thank you.

--
To unsubscribe from this list: send the line "unsubscribe linux-crypto" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at  http://vger.kernel.org/majordomo-info.html



[Index of Archives]     [Kernel]     [Gnu Classpath]     [Gnu Crypto]     [DM Crypt]     [Netfilter]     [Bugtraq]

  Powered by Linux