lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  PHC 
Open Source and information security mailing list archives
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Date:   Mon, 24 Aug 2020 09:07:26 +0000
From:   "Van Leeuwen, Pascal" <>
To:     Andrew Lunn <>
CC:     Sabrina Dubroca <>,
        Scott Dial <>,
        "" <>,
        Ryan Cox <>,
        "" <>,
        "" <>,
        Antoine Tenart <>,
        "" <>
Subject: RE: Severe performance regression in "net: macsec: preserve ingress
 frame ordering"

> -----Original Message-----
> From: <> On Behalf Of Andrew Lunn
> Sent: Wednesday, August 12, 2020 2:42 PM
> To: Van Leeuwen, Pascal <>
> Cc: Sabrina Dubroca <>; Scott Dial <>;; Ryan Cox
> <>;;; Antoine Tenart <>;
> Subject: Re: Severe performance regression in "net: macsec: preserve ingress frame ordering"
> <<< External Email >>>
> > With networking protocols you often also have a requirement to minimize
> > packet reordering, so I understand it's a careful balance. But it is possible
> > to serialize the important stuff and still do the crypto out-of-order, which
> > would be really beneficial on _some_ platforms (which have HW crypto
> > acceleration but no such CPU extensions) at least.
> Many Ethernet PHYs are also capable of doing MACSeC as they
> send/receive frames. Doing it in hardware in the PHY avoids all these
> out-of-order and latency issues. Unfortunately, we are still at the
> early days for PHY drivers actually implementing MACSeC offload. At
> the moment only the Microsemi PHY and Aquantia PHY via firmware in the
> Atlantic NIC support this.
No need to point this out to me as we're the number one supplier of inline MACsec IP :-)
In fact, the Microsemi PHY solution you mention is ours, major parts of that design were
even created by these 2 hands here.  Full protocol offload is obviously the holy grail of HW
acceleration, and what we tend to strive for. The problem is always with the software
integration, so I'm happy to see a framework for inline MACsec acceleration being added to
the kernel.

Without such a protocol acceleration framework (which AFAIK doesn't exist for IPsec yet,
at least not in a generic form supporting all modes and ciphersuites), however, you fall
back to basic hash-encrypt/AEAD offload as the "best you can do".  And some low-cost
devices may still do it on the CPU to minimize silicon cost. So it is still very useful for the
crypto API path to be as efficient as possible, at least for the time being.

Pascal van Leeuwen
Silicon IP Architect Multi-Protocol Engines, Rambus Security
Rambus ROTW Holding BV
+31-73 6581953

Note: The Inside Secure/Verimatrix Silicon IP team was recently acquired by Rambus.
Please be so kind to update your e-mail address book with my new e-mail address.

** This message and any attachments are for the sole use of the intended recipient(s). It may contain information that is confidential and privileged. If you are not the intended recipient of this message, you are prohibited from printing, copying, forwarding or saving it. Please delete the message and attachments and notify the sender immediately. **

Rambus Inc.<>

Powered by blists - more mailing lists