From owner-freebsd-arch@freebsd.org Thu Dec 19 14:21:10 2019 Return-Path: Delivered-To: freebsd-arch@mailman.nyi.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1]) by mailman.nyi.freebsd.org (Postfix) with ESMTP id AFFB81E1CE0 for ; Thu, 19 Dec 2019 14:21:10 +0000 (UTC) (envelope-from pdk@semihalf.com) Received: from mail-lf1-x143.google.com (mail-lf1-x143.google.com [IPv6:2a00:1450:4864:20::143]) (using TLSv1.3 with cipher TLS_AES_128_GCM_SHA256 (128/128 bits) server-signature RSA-PSS (4096 bits) client-signature RSA-PSS (2048 bits) client-digest SHA256) (Client CN "smtp.gmail.com", Issuer "GTS CA 1O1" (verified OK)) by mx1.freebsd.org (Postfix) with ESMTPS id 47dvF15b5Fz3FT8 for ; Thu, 19 Dec 2019 14:21:09 +0000 (UTC) (envelope-from pdk@semihalf.com) Received: by mail-lf1-x143.google.com with SMTP id f15so4452652lfl.13 for ; Thu, 19 Dec 2019 06:21:09 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=semihalf-com.20150623.gappssmtp.com; s=20150623; h=mime-version:from:date:message-id:subject:to:cc; bh=czqDB1gP70kQ7rCICP6IP87mH+0p5mshQKdaLlYySDs=; b=iBlj5LoMJdfx8GAfaymEMA3sC2FoxsstrnF42UAuhmlhM+10ys+bbKLFZBIjP/uzrl 8OtP/ebsGADEetpZrPSUkX/b1FxAly6RrR5Rn+S9waXXC2U/f/S7rgFpZQ+5qd5iFHf/ MHGwgIIf1iJQTBUFMR3QsquUDz6VP7ny3X0p+PaKlokzw3mFz0GkXR7AazPWoqImvmuR bBsGHoyr3p/tpAG6P4xt48UKyG5HSmbHDfuS8DloY0W/FMgsACORXQ7cXPdP13oemp9t Vf/qmNKt/ZzUmmce+2lptw20XQ/BeYn6QInkwJMk0a6GiriM7CUeemlKjE7EZpbExQ+4 r+5A== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:mime-version:from:date:message-id:subject:to:cc; bh=czqDB1gP70kQ7rCICP6IP87mH+0p5mshQKdaLlYySDs=; b=i2xuIyRjShO0In/OMSbW3dGOmMjqk+HMvqu9yW1KR21iNaUS4/XezQqcfCkuLob06l 5dRk8WH821LOvXjfxlemtzX6wF/G22qY/3SipMJuGFjkeFOL6aGCtEM8qa+M9L7T3zcV CI33V7GZFnmnhR6JUsMv0uMvOWSsG8jcGUUViYyBen5yGyP8GUjh1txyz78qGkMAHrZ6 qJ0YyeXZM6M27a/wOorpILLdF7hOXinVDkRxhvdqqjmwRWfa94OjbLDBa5+PGEnkWyso 3oG8lBa1O6HAEMW3IjvVXaVTwdG8S1zRZOy/k4+agZtjOlflDjtg8rP/WiVapya1ABct xrfg== X-Gm-Message-State: APjAAAVCgNDBUjo5sUzJ0DgHYJS5hFhsH/mYEjdaagG6fHC1ZZXtIvRs m5Gul7yF/an/xwUHNeL+bK2zbq+K2mmrE9BWc6rOqIBlBw0BuQ== X-Google-Smtp-Source: APXvYqyjyQVP/Wx7QVwS8DqOjh2/oV2AU9pW/NUmosKwFpGY7NeQIF00iNvqptCLIgfVlnZhTM8njW6wWXEBDtMcUl4= X-Received: by 2002:ac2:5604:: with SMTP id v4mr5150937lfd.152.1576765266986; Thu, 19 Dec 2019 06:21:06 -0800 (PST) MIME-Version: 1.0 From: Patryk Duda Message-ID: Subject: Re: CFT: Open Crypto Framework Changes: Round 1 To: freebsd-arch@freebsd.org Cc: Marcin Wojtas , Patryk Duda X-Rspamd-Queue-Id: 47dvF15b5Fz3FT8 X-Spamd-Bar: - Authentication-Results: mx1.freebsd.org; dkim=pass header.d=semihalf-com.20150623.gappssmtp.com header.s=20150623 header.b=iBlj5LoM; dmarc=none; spf=none (mx1.freebsd.org: domain of pdk@semihalf.com has no SPF policy when checking 2a00:1450:4864:20::143) smtp.mailfrom=pdk@semihalf.com X-Spamd-Result: default: False [-1.70 / 15.00]; ARC_NA(0.00)[]; FAKE_REPLY(1.00)[]; R_DKIM_ALLOW(-0.20)[semihalf-com.20150623.gappssmtp.com:s=20150623]; NEURAL_HAM_MEDIUM(-1.00)[-1.000,0]; FROM_HAS_DN(0.00)[]; RCPT_COUNT_THREE(0.00)[3]; TO_DN_SOME(0.00)[]; NEURAL_HAM_LONG(-1.00)[-0.999,0]; MIME_GOOD(-0.10)[multipart/alternative,text/plain]; PREVIOUSLY_DELIVERED(0.00)[freebsd-arch@freebsd.org]; DMARC_NA(0.00)[semihalf.com]; TO_MATCH_ENVRCPT_SOME(0.00)[]; DKIM_TRACE(0.00)[semihalf-com.20150623.gappssmtp.com:+]; RCVD_IN_DNSWL_NONE(0.00)[3.4.1.0.0.0.0.0.0.0.0.0.0.0.0.0.0.2.0.0.4.6.8.4.0.5.4.1.0.0.a.2.list.dnswl.org : 127.0.5.0]; R_SPF_NA(0.00)[]; FROM_EQ_ENVFROM(0.00)[]; MIME_TRACE(0.00)[0:+,1:+,2:~]; IP_SCORE(-0.40)[ip: (2.61), ipnet: 2a00:1450::/32(-2.65), asn: 15169(-1.90), country: US(-0.05)]; ASN(0.00)[asn:15169, ipnet:2a00:1450::/32, country:US]; RCVD_COUNT_TWO(0.00)[2]; RCVD_TLS_ALL(0.00)[] X-Mailman-Approved-At: Wed, 29 Jan 2020 20:50:03 +0000 Content-Type: text/plain; charset="UTF-8" X-Content-Filtered-By: Mailman/MimeDel 2.1.29 X-BeenThere: freebsd-arch@freebsd.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: Discussion related to FreeBSD architecture List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Date: Thu, 19 Dec 2019 14:21:10 -0000 X-Original-Date: Thu, 19 Dec 2019 15:19:59 +0100 X-List-Received-Date: Thu, 19 Dec 2019 14:21:10 -0000 Hi John, I tested ocf_rework branch on device which has cesa support. Output from "cryptocheck -vz -a all" doesn't differ when kernel was compiled from ocf_rework and from e0f7c88b6c (commit before changes). In both cases I can get the same number of interrupts generated by cesa using "vmstat -i". Nevertheless when I'm running IPSec (Strongswan acts as IKE daemon) software crypto is used instead of cesa. Performance is poor and no cesa interrupts are generated. When running kernel built from commit e0f7c88b6c IPSec works fine. Strongswan is configured to use only AES128 CBC + SHA256 HMAC. This combination is supported by cesa, confirmed by cryptocheck. In my opinion something between IPSec and cesa broken. Best regards, Patryk