Date: Fri, 16 Oct 2009 02:26:41 +0000 (UTC) From: John Case <case@sdf.lonestar.org> To: freebsd-security@freebsd.org Subject: RE: FreeBSD equivalent to Sun crypto framework APIs (PKCS#11) (for hardware AES-CTR) Message-ID: <Pine.NEB.4.64.0910160223010.25574@otaku.freeshell.org>
next in thread | raw e-mail | index | archive | help
> There are a number of hardware solutions for performing AES-CTR in > hardware - for example the broadcom BCM5825, which is supported by > the ubsec driver. > > The problem is that OpenSSL does not currently support hardware > acceleration of AES-CTR. The solution on a Sun system is to use the > Sun crypto framework APIs (PKCS#11) which does support AES-CTR in > hardware. > > Is there an analagous API in FreeBSD that I could implement in my > code so as to use the hardware AES-CTR of devices supported by ubsec ? > Aside from crypto(3) (OpenSSL), there's also crypto(9) (kernel) and > crypto(4) (userland), but they don't appear to support CTR - just CBC. Understood. How difficult or trivial would it be to add AES-CTR to either crypto(9) or crypto(4) ? Are those just derived from OpenSSL in some way anyway ? If not, who is responsible for this kind of work ?
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?Pine.NEB.4.64.0910160223010.25574>