CFT: Open Crypto Framework Changes: Round 1
Patryk Duda
pdk at semihalf.com
Thu Jan 9 15:54:43 UTC 2020
Hi John,
I tested ocf_rework branch on device which has cesa support. Output from
"cryptocheck -vz -a all" doesn't differ when kernel was compiled from
ocf_rework and from e0f7c88b6c (commit before changes). In both cases I can
get the same number of interrupts generated by cesa using "vmstat -i".
Nevertheless when I'm running IPSec (Strongswan acts as IKE daemon)
software crypto is used instead of cesa. Performance is poor and no cesa
interrupts are generated. When running kernel built from commit e0f7c88b6c
IPSec works fine. Strongswan is configured to use only AES128 CBC + SHA256
HMAC. This combination is supported by cesa, confirmed by cryptocheck. In
my opinion something between IPSec and cesa is broken.
Best regards,
Patryk
PS This message was sent twice because for the first time I was not
subscribed for mailing list and my message got stuck in moderation.
More information about the freebsd-arch
mailing list