NetBSD-Users archive

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index][Old Index]

Re: setkey -- twofish-cbc unsupported algorithm

Pierre-Philipp Braun <> writes:

> Of course, the only symmetric cipher that can compete with hardware
> accelerated AES in terms of throughput is Chacha20 and we don't have
> it in setkey.  It's there in the OpenSSH code, though, it's even
> builtin without OpenSSL.

I'm not clear on if Chacha20 is specified for IPsec.

> I am not clear however on how to test crypto hardware acceleration on
> netbsd.  I could try the `openssl speed` feature but the first thing I
> would be looking for is whether my CPU has the AES-NI, AVX and AVX2
> flags available.  Is there a way to do that on NetBSD?  Then how to
> check of /dev/crypto is leveraged at various places in userland?

See the cpuctl man page.

NetBSD has support for various crypto offload devices.  Aside from
AES-NI instrucions, my impression is that offload devices are mostly
useful for public-key operations.

Run "openssl engine" and read any associated man pages.

See crypto(4) and opencrypto(9).

Home | Main Index | Thread Index | Old Index