[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index][Old Index]
Re: setkey -- twofish-cbc unsupported algorithm
Pierre-Philipp Braun <pbraun%nethence.com@localhost> writes:
> Of course, the only symmetric cipher that can compete with hardware
> accelerated AES in terms of throughput is Chacha20 and we don't have
> it in setkey. It's there in the OpenSSH code, though, it's even
> builtin without OpenSSL.
I'm not clear on if Chacha20 is specified for IPsec.
> I am not clear however on how to test crypto hardware acceleration on
> netbsd. I could try the `openssl speed` feature but the first thing I
> would be looking for is whether my CPU has the AES-NI, AVX and AVX2
> flags available. Is there a way to do that on NetBSD? Then how to
> check of /dev/crypto is leveraged at various places in userland?
See the cpuctl man page.
NetBSD has support for various crypto offload devices. Aside from
AES-NI instrucions, my impression is that offload devices are mostly
useful for public-key operations.
Run "openssl engine" and read any associated man pages.
See crypto(4) and opencrypto(9).
Main Index |
Thread Index |