Date: Sun, 28 Jul 2002 14:04:47 +0100 From: Mark Murray <mark@grondar.za> To: "Sam Leffler" <sam@errno.com> Cc: freebsd-arch@FreeBSD.ORG Subject: Re: status of hardware crypto support Message-ID: <200207281304.g6SD4lRZ001192@grimreaper.grondar.org> In-Reply-To: <05c801c222d2$ad797550$52557f42@errno.com> ; from "Sam Leffler" <sam@errno.com> "Wed, 03 Jul 2002 13:46:16 PDT." References: <05c801c222d2$ad797550$52557f42@errno.com>
next in thread | previous in thread | raw e-mail | index | archive | help
> This is a short note about the status of my work to port openbsd's support > for hardware crypto devices to freebsd. I've had a patch available > for -stable for a while that provides the openbsd kernel framework and a > port of the device driver for various Hifn parts (e.g. 7751, 7951, 7811). > In the past few weeks I've made major progress changing the KAME IPSEC code > to use this framework, again in the style done by openbsd (using > continuations to break up the input and output packet processing paths). At > this point I have almost all aspects of IPv4-based IPSEC tested and working. > There are some minor issues like support of the old-style AH protocol and > keyed- MD5 and SHA1 AH algorithms, and I have yet to do any IPv6-based > testing. This is excellent! I have had a (stalled) crypto library (implemented as a loadable module) based on the OpenBSD code for quite a while. It sounds like you are further than me in getting to do something useful. Does your code implement the userland-usable /dev/crypto that OpenSSL can use? > In addition to the IPSEC work I've been talking to various hardware vendors > about support for their products in FreeBSD. I now have Hifn-based cards of > various flavors, and a Broadcom card for testing. I'm supposed to receive > more hardware in the near future. I will be porting drivers for each of > these cards from openbsd. If you want a hand with any of that, I'll be in a position to help in a very short while (once I come out of storage in a week). > Finally, I've been in touch with both openbsd and netbsd folks. My intent > is to provide a common API for in-kernel and user-mode access to hardware > crypto support. This will let everyone share application code (e.g. OpenSSL > already done by openbsd) and reduce the effort required to port device > drivers between the various systems. Cool! (I've started doing the /dev/crypto thing, but that has stalled because of employment issues). > All my work so far has been in -stable, but I hope to port the work > to -current soon. A goal is to get the kernel crypto device framework into > the 5.0 release. I've been in touch with the KAME folks and will continue > to discuss my IPSEC mods with them. If you need a hand for CURRENT, I'll be delighted to help. M -- o Mark Murray \_ O.\_ Warning: this .sig is umop ap!sdn To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-arch" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?200207281304.g6SD4lRZ001192>