From owner-freebsd-arch@freebsd.org Thu Jan 11 17:57:34 2018 Return-Path: Delivered-To: freebsd-arch@mailman.ysv.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:1900:2254:206a::19:1]) by mailman.ysv.freebsd.org (Postfix) with ESMTP id 406D2E722D3 for ; Thu, 11 Jan 2018 17:57:34 +0000 (UTC) (envelope-from jhb@freebsd.org) Received: from mailman.ysv.freebsd.org (unknown [127.0.1.3]) by mx1.freebsd.org (Postfix) with ESMTP id 2BCDA7CB23 for ; Thu, 11 Jan 2018 17:57:34 +0000 (UTC) (envelope-from jhb@freebsd.org) Received: by mailman.ysv.freebsd.org (Postfix) id 284E5E722D2; Thu, 11 Jan 2018 17:57:34 +0000 (UTC) Delivered-To: arch@mailman.ysv.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:1900:2254:206a::19:1]) by mailman.ysv.freebsd.org (Postfix) with ESMTP id 27FD6E722D1 for ; Thu, 11 Jan 2018 17:57:34 +0000 (UTC) (envelope-from jhb@freebsd.org) Received: from mail.baldwin.cx (bigwig.baldwin.cx [IPv6:2001:470:1f11:75::1]) (using TLSv1 with cipher DHE-RSA-CAMELLIA256-SHA (256/256 bits)) (Client did not present a certificate) by mx1.freebsd.org (Postfix) with ESMTPS id 07FF67CB20 for ; Thu, 11 Jan 2018 17:57:34 +0000 (UTC) (envelope-from jhb@freebsd.org) Received: from ralph.baldwin.cx (astound-66-234-199-215.ca.astound.net [66.234.199.215]) by mail.baldwin.cx (Postfix) with ESMTPSA id 884B110A8BC; Thu, 11 Jan 2018 12:57:26 -0500 (EST) From: John Baldwin To: Poul-Henning Kamp Cc: arch@freebsd.org Subject: Re: Ranting about OCF / crypto(9) Date: Thu, 11 Jan 2018 09:44:47 -0800 Message-ID: <3684730.T7Zgydtq6O@ralph.baldwin.cx> User-Agent: KMail/4.14.10 (FreeBSD/11.1-STABLE; KDE/4.14.30; amd64; ; ) In-Reply-To: <51883.1515656784@critter.freebsd.dk> References: <3790717.UIxaijsHl3@ralph.baldwin.cx> <51883.1515656784@critter.freebsd.dk> MIME-Version: 1.0 Content-Transfer-Encoding: 7Bit Content-Type: text/plain; charset="us-ascii" X-Greylist: Sender succeeded SMTP AUTH, not delayed by milter-greylist-4.4.3 (mail.baldwin.cx); Thu, 11 Jan 2018 12:57:26 -0500 (EST) X-Virus-Scanned: clamav-milter 0.99.2 at mail.baldwin.cx X-Virus-Status: Clean X-BeenThere: freebsd-arch@freebsd.org X-Mailman-Version: 2.1.25 Precedence: list List-Id: Discussion related to FreeBSD architecture List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Thu, 11 Jan 2018 17:57:34 -0000 On Thursday, January 11, 2018 07:46:24 AM Poul-Henning Kamp wrote: > -------- > In message <3790717.UIxaijsHl3@ralph.baldwin.cx>, John Baldwin writes: > > >- OCF is over flexible and overly broad. > > I would actually argue that it is neithe, quite the contrary. >From a device driver's perspective it is overly broad. The linked-list of descriptors in theory allows arbitrary data arrangments, but all of the recent crypto engines I'm familiar with basically cater to the layout of IPSec and TLS. They assume exactly one region of cipher text with an optional AAD region that is before (not after), etc. They don't support arbitrary combinations of alorithms, and they make certain assumptions about how combined auth+enc actually works. > With the kernel-userland transition becoming more expensive, what > we need is a DSL where you can put entire processing steps into the > kernel, sort of like BPF but more general. > > Ideally, you should be able to push something like this into > the kernel and have it executed in a single syscall: > > h = hash:sha256() > b = file_buffer() > f = open("/tmp/foo", "r") > while f.read(b): > h.input(b) > return h.hex() > > BPF is the existence proof that stuff like this is both > feasible and profitable, now we just need to take it to > the next level. > > If we had a language like this, accept-filters whouldn't be > necessary. While I think this is not a bad idea, I don't think it has any bearing on the crypto <-> driver interface which is where most of my beef lies, but rather a different method to allow construction of in-kernel requests to the crypto layer. -- John Baldwin