Re: VIA ACE patch

To: Daniel de Kok <danieldk%pobox.com@localhost>
Subject: Re: VIA ACE patch
From: Pawel Jakub Dawidek <pjd%FreeBSD.org@localhost>
Date: Fri, 12 Jan 2007 20:52:34 +0100

On Fri, Jan 12, 2007 at 08:38:01PM +0100, Daniel de Kok wrote:
> Miles Nordin wrote:
> >Do you know what it does exactly?  ex., ``It accelerates AES in
> >FAST_IPSEC and in cgd''?
> 
> It registers itself with the opencrypto framework, making it (transparently) 
> useful for all opencrypto consumers. FAST_IPSEC is an opencrypto consumer, 
> cgd is not at this 
> time (though I plan to look at that if no one else does).
> 
> >Anyway this is kernel-only support, or it somehow affects openssl too?
> >I guess I don't understand our crypto architecture that well.
> 
> If you use OpenSSL with the cryptodev engine, yes, since it uses /dev/crypto 
> (which is handled through opencrypto framework). Though, -current and 
> 4.0_BETA2 also have an 
> OpenSSL engine that directly utilizes ACE. I have issued a pullup request for 
> the netbsd-3 branch to get this engine integrated in the netbsd-3 branch. So, 
> for applications 
> that rely on OpenSSL, you may want to use that, rather than cryptodev[1].
> 
> Still, this is patch is useful for kernel components that use crypto.
> 
> -- Daniel
> 
> [1] Especially considering that cryptodev currently does not support 
> aes-256-cbc, though that is trivial to patch.

        http://people.freebsd.org/~pjd/patches/eng_cryptodev.c.patch

I'm not sure if this version of the patch works. The previous one which
only added AES-192-CBC and AES-256-CBC worked for sure.

BTW. You can look at FreeBSD version of padlock driver. I added also
SHA1 and SHA256 handling, so it can be used by opencrypto.

My version also registers other hash algorithms, so it can be used with
FAST_IPSEC. If it only implement symmetric cryptography, it won't be
usable by FAST_IPSEC (or at least FreeBSD's version).

There are probably also other things to fix first. I did a lot of fixes
in the opencrypto framework to be able to use it with geli(8)'s data
authentication.

-- 
Pawel Jakub Dawidek                       http://www.wheel.pl
pjd%FreeBSD.org@localhost                           http://www.FreeBSD.org
FreeBSD committer                         Am I Evil? Yes, I Am!

Attachment: pgpIlcVK7L9o4.pgp
Description: PGP signature

Follow-Ups:
- Re: VIA ACE patch
  - From: Daniel de Kok

References:
- Re: VIA ACE patch
  - From: Daniel de Kok

Prev by Date: Re: VIA ACE patch
Next by Date: Re: VIA ACE patch
Previous by Thread: Re: VIA ACE patch
Next by Thread: Re: VIA ACE patch
Indexes:

Home | Main Index | Thread Index | Old Index