Check out the new USENIX Web site. next up previous
Next: Conclusions Up: Other Optimizations and Future Previous: OpenSSL support algorithm-chaining with

Minimize number user/kernel crossings and data copying.

In most practical uses of the OCF (especially in protocols like TLS or SSH), an application issues one or more crypto requests via /dev/crypto, followed by a write() or send() call to transmit the data. Similarly, a read() or recv() call is followed by a number of requests to /dev/crypto. This implies considerable data copying to and from the kernel, and potentially unnecessary context switching back and forth. An alternative approach is to ``link'' some crypto context to a socket or file descriptor (when doing application-level file encryption), such that data sent or received on that file descriptor are processed appropriately by the kernel: for example, a TLS implementation might construct a data record and simply write() it to the socket (one data copy and kernel crossing), only to have the kernel pass it to the OCF for processing before actually passing it on to TCP for transmission. This requires some discipline by the application, which must set the state on the socket and only write() appropriately-formatted record, as well as some support in the kernel to decode incoming TLS or SSH frames for processing by the OCF before passing them on to the application.

Another potential approach is to do ``page sharing'' of data buffers; when a request is given to /dev/crypto, the kernel removes the page from the process's address space and maps it in its own. When the request is done, the kernel re-maps the page back to the process's address space, avoiding all data copying. This works well as long as /dev/crypto remains a synchronous interface. If processes are allowed to have multiple pending requests, accesses to that page while it is being shared with the kernel must be caught and handled, similar to the way copy-on-write of memory pages is handled. An alternative is to block any process that tries to access such pinned-down pages until the crypto request is completed. Obviously, pages that are shared between processes can cause similar problems even in the current mode of operation. Operations that cross page boundaries also have to be dealt carefully.


next up previous
Next: Conclusions Up: Other Optimizations and Future Previous: OpenSSL support algorithm-chaining with
Angelos D. Keromytis
3/25/2003