Date: Thu, 19 Dec 2019 14:21:10 -0000 From: Patryk Duda <pdk@semihalf.com> To: freebsd-arch@freebsd.org Cc: Marcin Wojtas <mw@semihalf.com>, Patryk Duda <pdk@semihalf.com> Subject: Re: CFT: Open Crypto Framework Changes: Round 1 Message-ID: <CAGOBvLosCvxpT86_ijgm3VH7H=y5tBV2sLqE6J-M%2B_0GEL8rcQ@mail.gmail.com>
next in thread | raw e-mail | index | archive | help
Hi John, I tested ocf_rework branch on device which has cesa support. Output from "cryptocheck -vz -a all" doesn't differ when kernel was compiled from ocf_rework and from e0f7c88b6c (commit before changes). In both cases I can get the same number of interrupts generated by cesa using "vmstat -i". Nevertheless when I'm running IPSec (Strongswan acts as IKE daemon) software crypto is used instead of cesa. Performance is poor and no cesa interrupts are generated. When running kernel built from commit e0f7c88b6c IPSec works fine. Strongswan is configured to use only AES128 CBC + SHA256 HMAC. This combination is supported by cesa, confirmed by cryptocheck. In my opinion something between IPSec and cesa broken. Best regards, Patryk
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?CAGOBvLosCvxpT86_ijgm3VH7H=y5tBV2sLqE6J-M%2B_0GEL8rcQ>