Skip site navigation (1)Skip section navigation (2) 
Date:      Thu, 19 Dec 2019 14:21:10 -0000
From:      Patryk Duda <pdk@semihalf.com>
To:        freebsd-arch@freebsd.org
Cc:        Marcin Wojtas <mw@semihalf.com>, Patryk Duda <pdk@semihalf.com>
Subject:   Re: CFT: Open Crypto Framework Changes: Round 1
Message-ID:  <CAGOBvLosCvxpT86_ijgm3VH7H=y5tBV2sLqE6J-M%2B_0GEL8rcQ@mail.gmail.com>
next in thread | raw e-mail | index | archive | help 
Hi John,

I tested ocf_rework branch on device which has cesa support. Output from
"cryptocheck -vz -a all" doesn't differ when kernel was compiled from
ocf_rework and from e0f7c88b6c (commit before changes). In both cases I can
get the same number of interrupts generated by cesa using "vmstat -i".
Nevertheless when I'm running IPSec (Strongswan acts as IKE daemon)
software crypto is used instead of cesa. Performance is poor and no cesa
interrupts are generated. When running kernel built from commit e0f7c88b6c
IPSec works fine. Strongswan is configured to use only AES128 CBC + SHA256
HMAC. This combination is supported by cesa, confirmed by cryptocheck. In
my opinion something between IPSec and cesa broken.

Best regards,
Patryk

Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?CAGOBvLosCvxpT86_ijgm3VH7H=y5tBV2sLqE6J-M%2B_0GEL8rcQ>