Error: I'm afraid this is the first I've heard of a "html." flavoured Blosxom. Try dropping the "/+html." bit from the end of the URL.

Fri, 09 Nov 2007

New HIFN driver release.
This release forces HIFN driver to invoke crypto callbacks in softirq context instead of hardirq one because of network stack, which performs whole data processing either in process or bottom-half context.

One can find new driver in archive.
It will be included into 2.6.25 kernel tree via cryptodev git tree. #

Thu, 11 Oct 2007

HIFN driver has been imported into cryptodev-2.6 tree.
Driver will be added either into 2.6.24 or 2.6.25 tree eventually.
I've also added a patch to export DES key extension to catch weak keys and use it in HIFN driver. Now it is ready.
Interested reader can find updated HIFN driver in archive. #

Wed, 10 Oct 2007

Misalignment access handling has been implemented in HIFN driver. New version has been released.
Although it contains some obscure for the reader comments, like

	/*
	 * Temporary of course...
	 * Kick author if you will catch this one.
	 */
	printk(KERN_ERR "%s: dlen: %u, nbytes: %u,"
		"slen: %u, offset: %u.\n",
		__func__, dlen, nbytes, slen, offset);
	printk(KERN_ERR "%s: please contact author to fix this "
		"issue, generally you should not catch "
		"this path under any condition but who "
		"knows how did you use crypto code.\n"
		"Thank you.\n",	__func__);
	BUG();
This should not happen in real life, but in theory it is probably possible condition, so I added a bug and above prints.
It uses quite tricky copyings over the source/destination buffers in case of misaligned access, but driver passed all tests in tcrypt.c, except DES weak test (hardware can not distinguish weak keys).

I've released new version, which you can find in archive.
Groovy! #

Tue, 09 Oct 2007

I think HIFN driver is the most complex one I ever wrote.
I already implemented at least two different designs of misaligned access handling code - both were not good enough (basically did not work in some or other cases), now I'm working on third one - this should be damn good, but not very fast - no one promised fast access, when you put each byte of the word to be encrypted in different page. It will be limited enough to say, that if there is more than predefined number of pages, then caller sucks. And it will be complex. It is complex already.
Actually HIFN driver can handle most of the misaligned access just fine: if data is word aligned (some times two words aligned) and size of the data provided is more than two bytes (one word, or two words in some cases), in other cases copy is needed.
Neither IPsec, nor dm-crypt provides such packets. Protocol just does not allow that, but some obscure crypto users can have such stupid idea in mind, so we have to copy...
Crap.
But it will be ready this week!
And right now I will move to development shop - I've done enough at paid work and for HIFN driver for today, so let's change the business... #

Fri, 05 Oct 2007

Misaligned access in crypto stack and HIFN driver.
It is possible, that provided to crypto processor data is misaligned or split between pages so that each page contains not block size aligned chunk. In this case data has to be relocated.
Linux crypto stack provides data to underlying crypto processing driver in scatterlists, which is essentially array of pages and appropriate size/offset information. Thus it is possible that each page in scatterlist has to be relocated. I will create a 'cache' of preallocated pages, which will be used as a temporary storage for crypto data, if cache is empty, crypto processing function will allocate new pages in its context, and then copy data from misaligned page into given page and process it. In interrupt, when the fact, that all pages have been processed, is confirmed, new data will be copied back to requested destination buffer (if needed, for example if source buffer is misaligned, but destination is ok, second copy is not required), this can also be postponed to process context via workqueue, but that will introduce additional latency, which is quite noticeble (as I tested in acrypto crypto stack). #

Thu, 04 Oct 2007

Linux crypto stack issues.
It was not designed for async operations at all - all helpers, I described previously, do not work in async context, i.e. when several chunks of the same request can be encrypted in parallel, since blkcipher_walk* interfaces provides the same destination buffer for all parts of the same request.
So, to handle misaligned data I have to develop own helpers for HIFN driver. #

Wed, 03 Oct 2007

HIFN driver addons and crypto stack issues.
I decided to rewrite crypto session setup in HIFN driver to allow multiple scatter-gather lists (which are now transformed into pages) in single crypto session (even though with multiple descriptor slots being used). Main goal for this step is to allow encryption of buffers, which are split into number of pages, where each chunk is not block size aligned (for example one page contains 2 bytes and another one 14 for single datablock of 16 bytes). Second revision of driver does not support such blocks yet.
To simplify this I started to use generic linux crypto helpers blkcipher_walk_* from block ciphers. But they do not allow to be called in interrupt context, although all allocations are performed like they happen in atomic context.
Rougly code looks like this (error processing ommitted):

struct blkcipher_walk walk;

blkcipher_walk_init(&walk, dst, src, nbytes);
blkcipher_walk_virt(desc, &walk);

while ((nbytes = walk.nbytes)) {
	u8 *iv = encrypt();
	memcpy(walk.iv, iv, ivsize);
	nbytes &= blocksize - 1;
	err = blkcipher_walk_done(desc, &walk, nbytes);
}
Above struct blkcipher_walk contains source and destination page addresses, appropriate sizes and offsets. Variable desc is a struct blkcipher_desc pointer, which contains original parameters of crypto request. #

Tue, 02 Oct 2007

HIFN 795x driver for Linux kernel 2.6 is ready.
I've fixed CBC processing bug, added software queue (which I consider a serious ugly hack in existing kernel async crypto stack implementation), added support for DES and 3DES algorithms (all are limited to blocksized chunks), fixed indent and watchdog setup.
Everything I wanted to complete is ready in this driver, so I even updated TODO list a bit.
One can find patch against the latest git in archive. #

Mon, 01 Oct 2007

HIFN driver is ready.
There is number of nitpicks though, but overall it works. Slightly tested with tcrypt testing module, here is related output. Chunks with 'fail' label requires additional work - although decryption works ok in driver (reverse hifn_test() operations for example), tcrypt decryption tests (with 'chunking' which I need to check what is it in tcrypt module) fail. I will investigate this further tomorrow. Patch against the latest 2.6 git tree is available in archive. 

[  628.851890] testing ecb(aes) encryption
[  628.857498] hifn_cra_init: tfm: ffff81003a8739c8, dev: hifn0 [ffff81003dd7c2c8].
[  628.865046] test 1 (128 bit key):
[  628.868505] hifn_setkey: tfm: ffff81003a8739c8, ctx: ffff81003a873a08, dev: hifn0 [ffff81003dd7c2c8], len: 16.
[  628.878679] hifn_setup_crypto: req: ffff81003a873f20, tfm: ffff81003a8739c8, ctx: ffff81003a873a08, keylen: 16.
[  628.888943] hifn_setup_session: start
[  628.892652] cmd: i=1, u=0, k=1
[  628.895752] src: i=1, u=1, k=0
[  628.898852] dst: i=1, u=1, k=0
[  628.901952] res: i=1, u=0, k=1
[  628.905054] hifn0: iv: 0000000000000000 [0], key: ffff81003a873a08 [16], mode: 0, op: 1, type: 0.
[  628.913996] hifn0: 1 dmacsr: 8898888c, dmareg: 22322023, res: 00100000 [2], i: 1.2.2.1, u: 2.2.2.2.
[  628.923104] hifn0: ring cleanup 1: i: 2.2.2.2, u: 1.2.2.1, k: 1.0.0.1.
[  628.929676] hifn0: ring cleanup 2: i: 2.2.2.2, u: 0.2.2.0, k: 2.0.0.2.
[  628.937082] 69c4e0d86a7b0430d8cdb78070b4c55a
[  628.942302] pass
[  628.944280] test 2 (192 bit key):
[  628.947732] hifn_setkey: tfm: ffff81003a8739c8, ctx: ffff81003a873a08, dev: hifn0 [ffff81003dd7c2c8], len: 24.
[  628.957917] hifn_setup_crypto: req: ffff81003a873f20, tfm: ffff81003a8739c8, ctx: ffff81003a873a08, keylen: 24.
[  628.968159] hifn_setup_session: start
[  628.971870] cmd: i=2, u=0, k=2
[  628.974969] src: i=2, u=2, k=0
[  628.978069] dst: i=2, u=2, k=0
[  628.981169] res: i=2, u=0, k=2
[  628.984271] hifn0: iv: 0000000000000000 [0], key: ffff81003a873a08 [24], mode: 0, op: 1, type: 1.
[  628.993214] hifn0: 1 dmacsr: 8898888c, dmareg: 22322023, res: 00100000 [3], i: 1.3.3.1, u: 3.3.3.3.
[  629.002321] hifn0: ring cleanup 1: i: 3.3.3.3, u: 1.3.3.1, k: 2.0.0.2.
[  629.008894] hifn0: ring cleanup 2: i: 3.3.3.3, u: 0.3.3.0, k: 3.0.0.3.
[  629.016167] dda97ca4864cdfe06eaf70a0ec0d7191
[  629.021398] pass
[  629.023376] test 3 (256 bit key):
[  629.026827] hifn_setkey: tfm: ffff81003a8739c8, ctx: ffff81003a873a08, dev: hifn0 [ffff81003dd7c2c8], len: 32.
[  629.037001] hifn_setup_crypto: req: ffff81003a873f20, tfm: ffff81003a8739c8, ctx: ffff81003a873a08, keylen: 32.
[  629.047247] hifn_setup_session: start
[  629.050956] cmd: i=3, u=0, k=3
[  629.054055] src: i=3, u=3, k=0
[  629.057158] dst: i=3, u=3, k=0
[  629.060258] res: i=3, u=0, k=3
[  629.063359] hifn0: iv: 0000000000000000 [0], key: ffff81003a873a08 [32], mode: 0, op: 1, type: 2.
[  629.072302] hifn0: 1 dmacsr: 8898888c, dmareg: 22322023, res: 00100000 [4], i: 1.4.4.1, u: 4.4.4.4.
[  629.081408] hifn0: ring cleanup 1: i: 4.4.4.4, u: 1.4.4.1, k: 3.0.0.3.
[  629.087980] hifn0: ring cleanup 2: i: 4.4.4.4, u: 0.4.4.0, k: 4.0.0.4.
[  629.095353] 8ea2b7ca516745bfeafc49904b496089
[  629.100581] pass
[  629.102558] 
[  629.102558] testing ecb(aes) encryption across pages (chunking)
[  629.110232] 
[  629.110233] testing ecb(aes) decryption
[  629.115822] hifn_cra_init: tfm: ffff81003a873f20, dev: hifn0 [ffff81003dd7c2c8].
[  629.123369] test 1 (128 bit key):
[  629.126833] hifn_setkey: tfm: ffff81003a873f20, ctx: ffff81003a873f60, dev: hifn0 [ffff81003dd7c2c8], len: 16.
[  629.136996] hifn_setup_crypto: req: ffff81003a8739c8, tfm: ffff81003a873f20, ctx: ffff81003a873f60, keylen: 16.
[  629.147271] hifn_setup_session: start
[  629.150976] cmd: i=4, u=0, k=4
[  629.154076] src: i=4, u=4, k=0
[  629.157176] dst: i=4, u=4, k=0
[  629.160277] res: i=4, u=0, k=4
[  629.163379] hifn0: iv: 0000000000000000 [0], key: ffff81003a873f60 [16], mode: 0, op: 0, type: 0.
[  629.172322] hifn0: 1 dmacsr: 8898888c, dmareg: 22322023, res: 00100000 [5], i: 1.5.5.1, u: 5.5.5.5.
[  629.181428] hifn0: ring cleanup 1: i: 5.5.5.5, u: 1.5.5.1, k: 4.0.0.4.
[  629.188000] hifn0: ring cleanup 2: i: 5.5.5.5, u: 0.5.5.0, k: 5.0.0.5.
[  629.195404] 00112233445566778899aabbccddeeff
[  629.200642] pass
[  629.207471] test 2 (192 bit key):
[  629.210924] hifn_setkey: tfm: ffff81003a873f20, ctx: ffff81003a873f60, dev: hifn0 [ffff81003dd7c2c8], len: 24.
[  629.221079] hifn_setup_crypto: req: ffff81003a8739c8, tfm: ffff81003a873f20, ctx: ffff81003a873f60, keylen: 24.
[  629.231323] hifn_setup_session: start
[  629.235034] cmd: i=5, u=0, k=5
[  629.238135] src: i=5, u=5, k=0
[  629.241235] dst: i=5, u=5, k=0
[  629.244336] res: i=5, u=0, k=5
[  629.247437] hifn0: iv: 0000000000000000 [0], key: ffff81003a873f60 [24], mode: 0, op: 0, type: 1.
[  629.256379] hifn0: 1 dmacsr: 8898888c, dmareg: 22322023, res: 00100000 [6], i: 1.6.6.1, u: 6.6.6.6.
[  629.265486] hifn0: ring cleanup 1: i: 6.6.6.6, u: 1.6.6.1, k: 5.0.0.5.
[  629.272059] hifn0: ring cleanup 2: i: 6.6.6.6, u: 0.6.6.0, k: 6.0.0.6.
[  629.279309] 00112233445566778899aabbccddeeff
[  629.284545] pass
[  629.286543] test 3 (256 bit key):
[  629.290001] hifn_setkey: tfm: ffff81003a873f20, ctx: ffff81003a873f60, dev: hifn0 [ffff81003dd7c2c8], len: 32.
[  629.300171] hifn_setup_crypto: req: ffff81003a8739c8, tfm: ffff81003a873f20, ctx: ffff81003a873f60, keylen: 32.
[  629.310424] hifn_setup_session: start
[  629.314131] cmd: i=6, u=0, k=6
[  629.317231] src: i=6, u=6, k=0
[  629.320330] dst: i=6, u=6, k=0
[  629.323430] res: i=6, u=0, k=6
[  629.326532] hifn0: iv: 0000000000000000 [0], key: ffff81003a873f60 [32], mode: 0, op: 0, type: 2.
[  629.335473] hifn0: 1 dmacsr: 8898888c, dmareg: 22322023, res: 00100000 [7], i: 1.7.7.1, u: 7.7.7.7.
[  629.344573] hifn0: ring cleanup 1: i: 7.7.7.7, u: 1.7.7.1, k: 6.0.0.6.
[  629.351146] hifn0: ring cleanup 2: i: 7.7.7.7, u: 0.7.7.0, k: 7.0.0.7.
[  629.358529] 00112233445566778899aabbccddeeff
[  629.363762] pass
[  629.365742] 
[  629.365743] testing ecb(aes) decryption across pages (chunking)
[  629.373421] 
[  629.373422] testing cbc(aes) encryption
[  629.379011] hifn_cra_init: tfm: ffff81003a8739c8, dev: hifn0 [ffff81003dd7c2c8].
[  629.386560] test 1 (128 bit key):
[  629.390012] hifn_setkey: tfm: ffff81003a8739c8, ctx: ffff81003a873a08, dev: hifn0 [ffff81003dd7c2c8], len: 16.
[  629.400170] hifn_setup_crypto: req: ffff81003a873f20, tfm: ffff81003a8739c8, ctx: ffff81003a873a08, keylen: 16.
[  629.410430] hifn_setup_session: start
[  629.414143] cmd: i=7, u=0, k=7
[  629.417241] src: i=7, u=7, k=0
[  629.420342] dst: i=7, u=7, k=0
[  629.423442] res: i=7, u=0, k=7
[  629.426543] hifn0: iv: 0000000000000000 [0], key: ffff81003a873a08 [16], mode: 1, op: 1, type: 0.
[  629.435484] hifn0: 1 dmacsr: 8898888c, dmareg: 22322023, res: 00100000 [8], i: 1.8.8.1, u: 8.8.8.8.
[  629.444585] hifn0: ring cleanup 1: i: 8.8.8.8, u: 1.8.8.1, k: 7.0.0.7.
[  629.451156] hifn0: ring cleanup 2: i: 8.8.8.8, u: 0.8.8.0, k: 8.0.0.8.
[  629.458574] 3b629d77f45eff9817c5849f9a0aba71
[  629.463817] fail
[  629.465795] test 2 (128 bit key):
[  629.469246] hifn_setkey: tfm: ffff81003a8739c8, ctx: ffff81003a873a08, dev: hifn0 [ffff81003dd7c2c8], len: 16.
[  629.479405] hifn_setup_crypto: req: ffff81003a873f20, tfm: ffff81003a8739c8, ctx: ffff81003a873a08, keylen: 16.
[  629.489649] hifn_setup_session: start
[  629.493359] cmd: i=8, u=0, k=8
[  629.496458] src: i=8, u=8, k=0
[  629.499558] dst: i=8, u=8, k=0
[  629.502661] res: i=8, u=0, k=8
[  629.505760] hifn0: iv: 0000000000000000 [0], key: ffff81003a873a08 [16], mode: 1, op: 1, type: 0.
[  629.514704] hifn0: 1 dmacsr: 8898888c, dmareg: 22322023, res: 00100000 [9], i: 1.9.9.1, u: 9.9.9.9.
[  629.523810] hifn0: ring cleanup 1: i: 9.9.9.9, u: 1.9.9.1, k: 8.0.0.8.
[  629.530383] hifn0: ring cleanup 2: i: 9.9.9.9, u: 0.9.9.0, k: 9.0.0.9.
[  629.537784] bd0cb8b2220fab0cf10079d1b48ffde82b8bae025030fb5245010d5b7f1fc8c4
[  629.546619] fail
[  629.548600] 
[  629.548601] testing cbc(aes) encryption across pages (chunking)
[  629.556264] 
[  629.556265] testing cbc(aes) decryption
[  629.561849] hifn_cra_init: tfm: ffff81003a873f20, dev: hifn0 [ffff81003dd7c2c8].
[  629.569412] test 1 (128 bit key):
[  629.572868] hifn_setkey: tfm: ffff81003a873f20, ctx: ffff81003a873f60, dev: hifn0 [ffff81003dd7c2c8], len: 16.
[  629.583026] hifn_setup_crypto: req: ffff81003a8739c8, tfm: ffff81003a873f20, ctx: ffff81003a873f60, keylen: 16.
[  629.593270] hifn_setup_session: start
[  629.596981] cmd: i=9, u=0, k=9
[  629.600081] src: i=9, u=9, k=0
[  629.603181] dst: i=9, u=9, k=0
[  629.606283] res: i=9, u=0, k=9
[  629.609384] hifn0: iv: 0000000000000000 [0], key: ffff81003a873f60 [16], mode: 1, op: 0, type: 0.
[  629.618327] hifn0: 1 dmacsr: 8898888c, dmareg: 22322023, res: 00100000 [10], i: 1.10.10.1, u: 10.10.10.10.
[  629.628039] hifn0: ring cleanup 1: i: 10.10.10.10, u: 1.10.10.1, k: 9.0.0.9.
[  629.635131] hifn0: ring cleanup 2: i: 10.10.10.10, u: 0.10.10.0, k: 10.0.0.10.
[  629.643103] 8d95a3b9e1823aeaff452dc6b285c73c
[  629.648346] fail
[  629.650323] test 2 (128 bit key):
[  629.653776] hifn_setkey: tfm: ffff81003a873f20, ctx: ffff81003a873f60, dev: hifn0 [ffff81003dd7c2c8], len: 16.
[  629.663960] hifn_setup_crypto: req: ffff81003a8739c8, tfm: ffff81003a873f20, ctx: ffff81003a873f60, keylen: 16.
[  629.674202] hifn_setup_session: start
[  629.677914] cmd: i=10, u=0, k=10
[  629.681186] src: i=10, u=10, k=0
[  629.684460] dst: i=10, u=10, k=0
[  629.687734] res: i=10, u=0, k=10
[  629.691008] hifn0: iv: 0000000000000000 [0], key: ffff81003a873f60 [16], mode: 1, op: 0, type: 0.
[  629.699951] hifn0: 1 dmacsr: 8898888c, dmareg: 22322023, res: 00100000 [11], i: 1.11.11.1, u: 11.11.11.11.
[  629.709663] hifn0: ring cleanup 1: i: 11.11.11.11, u: 1.11.11.1, k: 10.0.0.10.
[  629.716946] hifn0: ring cleanup 2: i: 11.11.11.11, u: 0.11.11.0, k: 11.0.0.11.
[  629.725063] 23a975b74c30c4d6ce38d6dcf0f57be6101112131415161718191a1b1c1d1e1f
[  629.733895] fail
#

Tue, 05 Jun 2007

Problems with HIFN driver development for cryptoapi.

Actually it is more serious problem.
Existing crypotapi is very software-centric, i.e. it does not have any hardware context nad thus should not initialize it per request. In hardware (at least in HIFN) each crypto request must be programmed into device's ROM and registers, so when user creates a new crypto request (read: new crypto user requests operations creating crypto TFM structure), it is only assigned with software context, which contains besides other fields, crypto functions (encrypt/decrypt/setkey), but does not contain pointer to crypto device (since software does not need it, it can store and initialize itself in setkey time).

Another crypto devices (padlock and geode) do not have such problems, since padlock just uses the same software approach, but with different asm instructions, and geode has only one device, which has global pointer accessed from crypto processing functions. #

Mon, 04 Jun 2007

Second release of the HIFN crypto driver for 2.6 cryptoapi.

Added a lot of cryptoapi bindings.
Driver now supports AES, 3DES and DES ciphers with all four crypto modes (ECB, CBC, CFB and OFB). My cat has pissed on my domestic slippers when he saw that. And believe me, he does know, how to distinguish between good and other code.

Well, I do not have a cat, but if I would, he would definitely piss on my slippers.

Anyway, patch can be found in archive. #

Tue, 22 May 2007

Preliminary HIFN 795x (7955/7956) crypto accelerator chip driver for mainstream 2.6 tree.

I've just released a preliminary HIFN 795x driver for mainstream crypto api stack. Driver is based on my work for acrypto asynchronous crypto stack, where it worked correctly, but this one was only compile teted, since I do not have hardware right now. Will do all tests when it arrives.
I've sent to linux-crypto@ for comments mostly about cryptoapi bindings, since there are several issues (I was not agree with when Herbert designed them), which I might implement wrong in the driver.

Due to problems with interrupt storms and possible adapter freeze (sorry, but HIFN spec I have really sucks, so likely it is programming error, but who knows) I added special watchdog, which fires if after predefined timeout sessions which are supposed to be completed are not. In that case callback is invoked with -EBUSY error. Neither implementation I checked (OpenBSD, Linux OCF) does not support it, but it helped me greatly in acrypto days.

Patch is quite big (61k) and contains a lot of debug stuff, but it is only preliminary work.

So far, patch against 2.6.21 can be downloaded from archive. #

Mon, 16 Apr 2007

Acrypto is officially closed.

Yes, I close acrypto project after more than two years of maintenance.
The reason is simple - I could not convince Linux kernel community to include acrypto into mainline (neither James Morris - previous crypto maintainer, nor Herbert Xu - current one, did not want to include such massive subsystem into the tree), although I did not tried too hard. I continued to support it as out-of-the-tree package until kernel does not support async API.

This day has come - Herbert Xu proposed a new async interface to synchronous by design Linux cryptoapi.

It looks good (although I do consider it as a hack on top of synchronous software-only crypto api - my opinion has not changed after discussion with Herbert more than a year ago :) and lacks a lot of acrypto features (crypto routing, load balancing, autotuning, prio queues and so on), but something can be added if required.
I decided that dropping acrypto and focus on async cryptoapi is at least some progress in that area.
I plan to start porting HIFN 795x driver from acrypto to cryptoapi soon, it should not take too long to complete. #

Sat, 03 Feb 2007

New acrypto release for 2.6.20 kernel.

Acrypto allows to handle crypto requests asynchronously in hardware.

Acrypto supports following features:


Combined patchsets include: Changes from previous release include: TODO: #

New HIFN 795x crypto accelerator driver release.

It includes API changes related to mainline work struct update and changes related to acryto naming (by Markus Kammerst).

New version available from acrypto homepage. #

Sat, 16 Dec 2006

2.6.19 kernel acrypto release.

Acrypto allows to handle crypto requests asynchronously in hardware.

Acrypto supports following features:


Combined patchsets include: #

Thu, 14 Dec 2006

New acrypto release for 2.6.19 kernel tree.

Changes from 2.6.18 are small enough, but my testing machine is not functional yet, so I will start testing tomorrow and then will announce release in mail lists. #

Thu, 26 Oct 2006

New combined acrypto release.

It fixes small glitch in OCF <-> acrypto bridge.
Thanks to Yakov Lerner (author of the module) for fixing it.
Patch is available in archive. #

Thu, 28 Sep 2006

New asynchronous crypto layer (acrypto) release.

I'm pleased to announce asynchronous crypto layer (acrypto) release for 2.6.18 kernel tree. Acrypto allows to handle crypto requests asynchronously in hardware.

With this release of combined patchset for 2.6.18 I drop feature extensions for 2.6.16 and 2.6.17 trees and move them into maintenance state.

Combined patchset (190k) and drivers for various acrypto providers can be found on project's homepage. #

Mon, 25 Sep 2006

Acrypto has been ported to 2.6.18.

Combined patchset includes:



Issue with strange ipsec behaviour with vanilla tree and my setup is not resolved yet, and although it does not matter if system works with acrypto or vanilla tree, I postpone official release notes and mail list presentation until it is resolved (if it will be, since it is my test system and users do not complain about it on theirs machines, I think it does not have too high priority and I will not bother developers if things will not be easily resolved). As for now, one can download patch from archive. #

Fri, 22 Sep 2006

IPsec was changed again in 2.6.18 (and now it is broken).

So I need to run through my IPsec related acrypto changed again.
I've noticed strange thing with current port - incoming connection can be easily established and run quite smooth, while outgoing is very slow and it looks like there are a lot of spurious retransmits all over the place, which definitely does not allow to easily find single point of failure. It looks like XFRM state is destroyed very frequently, and packets are queued until renegatiation happens, but it can be just a mistake though.

It looks like it is 2.6.18 kernel bug and not acrypto, since with default kernel I get the same strange result. Here is tcpdump output between 2.6.18 kernel (192.168.4.78) and 2.6.17-1.2139_FC5smp kernel (192.168.4.79), I try telnet 192.168.4.79 22 after key daemons exchanged keys and this results in quite long response time:

15:15:47.396925 IP 192.168.4.78 > 192.168.4.79: ESP(spi=0x027181f9,seq=0x21), length 84
15:15:47.397391 IP 192.168.4.79 > 192.168.4.78: ESP(spi=0x0961a360,seq=0x18), length 84
15:15:47.397025 IP 192.168.4.78 > 192.168.4.79: ESP(spi=0x027181f9,seq=0x22), length 84
15:15:47.404166 IP 192.168.4.79.ssh > 192.168.4.78.47256: P 2541002438:2541002458(20) ack 1601271418 win 91 
15:15:48.279375 IP 192.168.4.79.ssh > 192.168.4.78.47256: P 0:20(20) ack 1 win 91 
15:15:50.031487 IP 192.168.4.79.ssh > 192.168.4.78.47256: P 0:20(20) ack 1 win 91 
15:15:53.535710 IP 192.168.4.79.ssh > 192.168.4.78.47256: P 0:20(20) ack 1 win 91 
15:16:00.544154 IP 192.168.4.79.ssh > 192.168.4.78.47256: P 0:20(20) ack 1 win 91 
15:16:14.561064 IP 192.168.4.79 > 192.168.4.78: ESP(spi=0x0961a360,seq=0x19), length 100
15:16:14.561218 IP 192.168.4.78 > 192.168.4.79: ESP(spi=0x027181f9,seq=0x23), length 84
As you see there are unencrypted messages between machines, which I suspect are result of broken behaviour somewhere in XFRM stack. ping works ok though:
15:15:37.919617 IP 192.168.4.78 > 192.168.4.79: ESP(spi=0x027181f9,seq=0x1c), length 116
15:15:37.919858 IP 192.168.4.79 > 192.168.4.78: ESP(spi=0x0961a360,seq=0x13), length 116
15:15:38.920772 IP 192.168.4.78 > 192.168.4.79: ESP(spi=0x027181f9,seq=0x1d), length 116
15:15:38.920823 IP 192.168.4.79 > 192.168.4.78: ESP(spi=0x0961a360,seq=0x14), length 116
15:15:39.920823 IP 192.168.4.78 > 192.168.4.79: ESP(spi=0x027181f9,seq=0x1e), length 116
15:15:39.920883 IP 192.168.4.79 > 192.168.4.78: ESP(spi=0x0961a360,seq=0x15), length 116
15:15:40.920848 IP 192.168.4.78 > 192.168.4.79: ESP(spi=0x027181f9,seq=0x1f), length 116
15:15:40.920893 IP 192.168.4.79 > 192.168.4.78: ESP(spi=0x0961a360,seq=0x16), length 116
telnet from 2.6.17 to 2.6.18 works ok too:
15:32:57.742011 IP 192.168.4.79 > 192.168.4.78: ESP(spi=0x0961a360,seq=0x21), length 84
15:32:57.742173 IP 192.168.4.78 > 192.168.4.79: ESP(spi=0x027181f9,seq=0x33), length 84
15:32:57.742278 IP 192.168.4.79 > 192.168.4.78: ESP(spi=0x0961a360,seq=0x22), length 84
15:32:57.750256 IP 192.168.4.78 > 192.168.4.79: ESP(spi=0x027181f9,seq=0x34), length 100
15:32:57.750329 IP 192.168.4.79 > 192.168.4.78: ESP(spi=0x0961a360,seq=0x23), length 84
15:33:01.201502 IP 192.168.4.79 > 192.168.4.78: ESP(spi=0x0961a360,seq=0x24), length 84
15:33:01.201640 IP 192.168.4.78 > 192.168.4.79: ESP(spi=0x027181f9,seq=0x35), length 84
15:33:01.201698 IP 192.168.4.78 > 192.168.4.79: ESP(spi=0x027181f9,seq=0x36), length 100
It was definitely introduced somewhere in 2.6.18 release cycle, since 2.6.17 works ok both with acrypto and vanilla kernels. As far as I recall I created initial port of 2.6.18 acrypto after some major changes in XFRM stack and it worked too.

It looks like that problem exists even in 2.6.16 vanilla tree, it really looks broken to me. #

Mon, 10 Jul 2006

Acrypto.

I've released new set of combined patches, which include:


With this release I drop support for old style tarballs and 2.6.15 combined patchsets. Currently supported kernel versions are 2.6.16 and 2.6.17.

IXP4xx benchmark with OCF to acrypto bridge: #

Tue, 27 Jun 2006

Acrypto.

I've reorganized acrypto archive.
It now contains patchsets subdir where all IPsec, dm-crypt, acrypto combined patchsets live.
Drivers subdir now only contains real acrypto drivers (HIFN, FCRYPT, VIA, likely IXP4xx soon) and old_patches subdir, where old development patches live. #

Acrypto.

I've completed 2.6.17 port.

Well, previously described changes were imported in 2.6.18 tree, and I've rebased my acrypto tree against 2.6.18-git, not pure 2.6.17, so all porting work was done for the future release.
2.6.17 does not contain major changes in IPsec, so porting is simple. #

Mon, 26 Jun 2006

Acrypto.

I've started acrypto port to 2.6.17. IPsec was noticebly changed from previous kernel release: there were splitted encapsulation mode processing into separate objects (one can find transport and tunnel modes when configuring the kernel now, they were embedded before), which means that each packet is processed in two different callbacks now, for example in ESP4 code to decrypt/encrypt data and in tunnel or transport callback which creates proper headers. #

Sat, 24 Jun 2006

Acrypto.

I've released new combined patchsets which contain major refactoring of all acrypto related prefixes from "crypto" to "acrypto".
As ususal, they are available in archive. #

Mon, 19 Jun 2006

Acrypto.

I've released new combined patchsets which change crypto context callback return value and thus might fail when crypto context is initialized. #

Thu, 15 Jun 2006

Acrypto development.

Some brain-damaged hardware (like IXP4xx crypto processors) can not handle key exchange in run-time, so they must be somehow called before sessions with new key are queued for processing.

Yakov Lerner (iler.ml_gmail.com) gave me idea of so called crypto contexts, which holds information about crypto operations performed for given context, for example key and mode for IPsec or dm-crypt. That context can be created when new crypto user wants to start crypto processing, and allow to notify about various events all drivers, which are registered for those notifications. With above design IXP4xx hardware can register itself for key change notification, which generally happens in process context at least in dm-crypt and IPsec, and update it's hardware structures to be capable to process flow of crypto requests.

I've released new combined patchsets for 2.6.15 and 2.6.16 trees with above concept imeplemented. Patches can be found in archive. #

Tue, 30 May 2006

HIFN benchmark continue.

Hardware: VIA C3 Ezra with 256 Mb of RAM.
Big file copy from unencrypted to encrypted partition.

HIFN (7955 in 32/33 pci slot) with acrypto dm-crypt:

687235072 bytes (687 MB) copied, 78.1593 seconds, 8.8 MB/s
0.19user 28.15system 1:18.32elapsed 36%CPU (0avgtext+0avgdata 0maxresident)k
0inputs+0outputs (3major+210minor)pagefaults 0swaps

687235072 bytes (687 MB) copied, 79.6745 seconds, 8.6 MB/s
0.14user 28.30system 1:20.57elapsed 35%CPU (0avgtext+0avgdata 0maxresident)k
0inputs+0outputs (3major+210minor)pagefaults 0swaps

687235072 bytes (687 MB) copied, 75.5192 seconds, 9.1 MB/s
0.13user 31.09system 1:16.33elapsed 40%CPU (0avgtext+0avgdata 0maxresident)k
0inputs+0outputs (4major+209minor)pagefaults 0swaps

687235072 bytes (687 MB) copied, 75.9418 seconds, 9.0 MB/s
0.12user 28.85system 1:16.40elapsed 37%CPU (0avgtext+0avgdata 0maxresident)k
0inputs+0outputs (4major+209minor)pagefaults 0swaps
SW dm-crypt:
687235072 bytes (687 MB) copied, 91.1585 seconds, 7.5 MB/s
0.16user 12.82system 1:31.25elapsed 14%CPU (0avgtext+0avgdata 0maxresident)k
0inputs+0outputs (2major+211minor)pagefaults 0swaps

687235072 bytes (687 MB) copied, 91.5068 seconds, 7.5 MB/s
0.10user 13.12system 1:32.36elapsed 14%CPU (0avgtext+0avgdata 0maxresident)k
0inputs+0outputs (4major+211minor)pagefaults 0swaps

687235072 bytes (687 MB) copied, 91.4392 seconds, 7.5 MB/s
0.10user 12.98system 1:32.13elapsed 14%CPU (0avgtext+0avgdata 0maxresident)k
0inputs+0outputs (4major+210minor)pagefaults 0swaps

687235072 bytes (687 MB) copied, 94.6944 seconds, 7.3 MB/s
0.10user 12.82system 1:35.47elapsed 13%CPU (0avgtext+0avgdata 0maxresident)k
0inputs+0outputs (3major+211minor)pagefaults 0swaps
As you see HIFN results are definitely better. But CPU usage is higher, but that CPU usage is not 100%-what_user_might_use, but instead it is time which copy itself was performed, so if it is higher it is better.

Hardware: Celeron 1.3 Ghz with 504 Mb of RAM.
HIFN (7955 in 32/33 pci slot) with acrypto dm-crypt:
727478272 bytes transferred in 64.528197 seconds (11273804 bytes/sec)
0.19user 17.22system 1:04.55elapsed 26%CPU (0avgtext+0avgdata 0maxresident)k
0inputs+0outputs (0major+211minor)pagefaults 0swaps

727478272 bytes transferred in 67.712388 seconds (10743651 bytes/sec)
0.18user 15.33system 1:08.23elapsed 22%CPU (0avgtext+0avgdata 0maxresident)k
0inputs+0outputs (13major+252minor)pagefaults 0swaps
SW dm-crypt:
727478272 bytes transferred in 59.352731 seconds (12256863 bytes/sec)
0.22user 10.50system 0:59.54elapsed 18%CPU (0avgtext+0avgdata 0maxresident)k
0inputs+0outputs (11major+256minor)pagefaults 0swaps

727478272 bytes transferred in 60.080185 seconds (12108456 bytes/sec)
0.26user 11.07system 1:01.19elapsed 18%CPU (0avgtext+0avgdata 0maxresident)k
0inputs+0outputs (17major+248minor)pagefaults 0swaps
HIFN is slower here. Probably because of PCI bridge. #

Mon, 29 May 2006

Acrypto hacking.

New version of the HIFN driver has been released.
It introduces watchdog, since 795x chip can just freeze without any interrupt generation. Likely it is my misconfiguration, but those datasheet that I have does not explain that behaviour and sometimes even says wrong things.

New acrypto package and combined patchsets have been released.
Short changelog:

Trivial copy benchmark on Xeon 2.4 Ghz (HT enabled) with 1 Gb of RAM with HIFN driver and dm-crypt:
mkfs.ext3 (12 Gb partition):
real    0m17.898s
user    0m0.032s
sys     0m4.088s

$ time cp /storage1/iso/FC-5-i386-disc1.iso /mnt/1/

real    0m25.397s
user    0m0.104s
sys     0m5.064s

$ time cp /storage1/iso/FC-5-i386-disc1.iso /mnt/1/
cp: overwrite `/mnt/1/FC-5-i386-disc1.iso'? y

real    0m26.245s
user    0m0.092s
sys     0m5.792s

$ time cp /storage1/iso/FC-5-i386-disc1.iso /mnt/1/
cp: overwrite `/mnt/1/FC-5-i386-disc1.iso'? y

real    0m29.867s
user    0m0.096s
sys     0m5.476s
With software crypto provider (which is rougly equal to synchronous crypto speed) above numbers are upto 20% slower. But I want to add some special usage case: sometimes I see cp/kjournald starvation, i.e. CPU usage is about 2-3% and input dataflow for dm-crypt is very small, so overall performance is small too. But in that case CPU usage is very small too. #

Thu, 25 May 2006

HIFN hacking.

Did I say that HIFN sucks? If you read my blog for a while, you already know this, but I want to repeat.
HIFN just bloody sucks with theirs horrible specs, at least with that that I have.
And dm-crypt does not work with HIFN adapter yet.
I am a looser.
Crap. #

Sun, 21 May 2006

New acrypto release.

This small update brings following items:

#

Updated HIFN driver.

I've also run IPsec benchmark with HIFN driver:
	2.6.16-1.2069_FC4smp -> vanilla 2.6.16-git: ~11.8 MB/s
	vanilla 2.6.16-git -> 2.6.16-1.2069_FC4smp: ~13.2 MB/s

	2.6.16-1.2069_FC4smp -> acrypto HIFN 2.6.16: ~13.2 MB/s
	acrypto HIFN 2.6.16 -> 2.6.16-1.2069_FC4smp: ~13.5 MB/s
As you might expect, CPU usage is noticebly less.
Above numbers drift with the time, especially when machine running stock FC4 kernel overheats, and that numbers decrease to 12-13 MB/s. #

Sat, 20 May 2006

HIFN driver updated.

I've released new version which brings HIFN driver to the latest acrypto API.
Driver is available in archive. #

Wed, 10 May 2006

Acrypto.

Fixed bug in fragmented skb ESP processing code, that tricky thing forced changes in acrypto API, since when ESP code splits skb into fragments it does not align it's boundaries to crypto buffer size, but acrypto scatter/gather processor assumed that scatterlists are always aligned properly.
New combined patches for 2.6.15 and 2.6.16 are available in archive. #