Subject: Re: VIA ACE patch
To: Daniel de Kok <email@example.com>
From: Pawel Jakub Dawidek <pjd@FreeBSD.org>
Date: 01/12/2007 20:52:34
Content-Type: text/plain; charset=iso-8859-2
On Fri, Jan 12, 2007 at 08:38:01PM +0100, Daniel de Kok wrote:
> Miles Nordin wrote:
> >Do you know what it does exactly? ex., ``It accelerates AES in
> >FAST_IPSEC and in cgd''?
> It registers itself with the opencrypto framework, making it (transparent=
ly) useful for all opencrypto consumers. FAST_IPSEC is an opencrypto consum=
er, cgd is not at this=20
> time (though I plan to look at that if no one else does).
> >Anyway this is kernel-only support, or it somehow affects openssl too?
> >I guess I don't understand our crypto architecture that well.
> If you use OpenSSL with the cryptodev engine, yes, since it uses /dev/cry=
pto (which is handled through opencrypto framework). Though, -current and 4=
=2E0_BETA2 also have an=20
> OpenSSL engine that directly utilizes ACE. I have issued a pullup request=
for the netbsd-3 branch to get this engine integrated in the netbsd-3 bran=
ch. So, for applications=20
> that rely on OpenSSL, you may want to use that, rather than cryptodev.
> Still, this is patch is useful for kernel components that use crypto.
> -- Daniel
>  Especially considering that cryptodev currently does not support aes-=
256-cbc, though that is trivial to patch.
I'm not sure if this version of the patch works. The previous one which
only added AES-192-CBC and AES-256-CBC worked for sure.
BTW. You can look at FreeBSD version of padlock driver. I added also
SHA1 and SHA256 handling, so it can be used by opencrypto.
My version also registers other hash algorithms, so it can be used with
FAST_IPSEC. If it only implement symmetric cryptography, it won't be
usable by FAST_IPSEC (or at least FreeBSD's version).
There are probably also other things to fix first. I did a lot of fixes
in the opencrypto framework to be able to use it with geli(8)'s data
Pawel Jakub Dawidek http://www.wheel.pl
FreeBSD committer Am I Evil? Yes, I Am!
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.6 (FreeBSD)
-----END PGP SIGNATURE-----