[Openswan Users] Openswan-3.0.06: KLIPS_OCF a must to use hardware crypto with linux-2.6.20?
David McCullough
David_Mccullough at securecomputing.com
Thu Nov 8 17:38:32 EST 2007
Jivin Paul Wouters lays it down ...
> On Thu, 8 Nov 2007, KokHow.Teh at infineon.com wrote:
>
> > Presently, my hardware crypto device drivers are using the stock
> > CRYPTO_ALGAPI available in 2.6.20. I take a look at hifn and ixp4xx and
> > it needs major changes to the drivers. Is there anyway to use the
> > hardware crypto with openswan-3.0.06 for the moment without having to
> > use the asyncchronous OCF accleration system?
>
> No. The whole point of OCF was to get hardware crypto working properly.
> Why Linux then started their own "acrypto" is something you will have to
> ask them. Perhaps they have the resources to port openswan to their crypto
> stack?
You can use the cryptosoft driver, which will take advantage of your
in-kernel CRYPTO_ALGAPI implementation. It's not ideal, but it's a
start. If you are using SMP systems it may even be acceptable ;-)
The real advantage is to write yourself an async capable OCF driver. It's
not as hard as you may think if you already have a driver and the HW is
capable of async operation, lot of example drivers too :-)
Cheers,
Davidm
--
David McCullough, david_mccullough at securecomputing.com, Ph:+61 734352815
Secure Computing - SnapGear http://www.uCdot.org http://www.cyberguard.com
More information about the Users
mailing list