Date: Sat, 7 Jun 2008 06:18:55 +0200 From: Pawel Jakub Dawidek <pjd@FreeBSD.org> To: Patrick Lamaizi?re <patfbsd@davenulle.org> Cc: freebsd-hackers@freebsd.org Subject: Re: AMD Geode LX crypto accelerator (glxsb) Message-ID: <20080607041855.GA3462@garage.freebsd.pl> In-Reply-To: <20080606234135.46144207@baby-jane-lamaiziere-net.local> References: <20080606234135.46144207@baby-jane-lamaiziere-net.local>
next in thread | previous in thread | raw e-mail | index | archive | help
--azLHFNyN32YCQGCU Content-Type: text/plain; charset=us-ascii Content-Disposition: inline Content-Transfer-Encoding: quoted-printable On Fri, Jun 06, 2008 at 11:41:35PM +0200, Patrick Lamaizi?re wrote: > Dears, >=20 > I'm trying to port the glxsb driver from OpenBSD to FreeBSD 7-STABLE > (via the NetBSD port). Cool. > " The glxsb driver supports the security block of the Geode LX > series processors. The Geode LX is a member of the AMD Geode family > of integrated x86 system chips. > =20 > Driven by periodic checks for available data from the generator, > glxsb supplies entropy to the random(4) driver for common usage. >=20 > glxsb also supports acceleration of AES-128-CBC operations for > crypto(4)." >=20 > I think that most of the work is done, except the random generator. > Source "in progress" for 7-STABLE: > http://user.lamaiziere.net/patrick/glxsb.c > http://user.lamaiziere.net/patrick/glxsb.tar.gz (c+Makefile) >=20 > Credits to OpenBSD and NetBSD, Thanks! >=20 > Well, it seems to work but i've got few problems to test the module : >=20 > - How check the encryption/decryption ? >=20 > Openssl seems ok, i've got quite the same results as NetBSD on a Soekris > net5501 box. But i must use -engine cryptodev, why ? This is ok, as you may not want to use it, right? > $ openssl speed -evp aes-128-cbc -engine cryptodev -elapsed > engine "cryptodev" set. > ...CUT... > type 16 bytes 64 bytes 256 bytes 1024 bytes 8192 bytes > aes-128-cbc 1151.08k 4134.25k 11936.49k 22504.83k 25576.36k >=20 > When i test ssh -c aes128-cbc hostname, ssh does not use the crypto > device. I receive a crypto_newsession() followed by a > crypto_freesession(), i mean i don't receive any crypto_process(). Have you tried to put some debug to opencrypto? I believe openssh should use it automatically, at least this was the case some time ago, AFAIR. > So how can I be sure that the datas are well encrypted ? Try comparing result of openssl encryption with and without '-engine cryptodev'. Remember to use -nosalt (and maybe -raw) prevent openssl from putting salt in front of the ciphertext. > Also, I've got some questions to finish the driver: >=20 > - between arc4rand() and read_random(), witch function shall i use ? arc4rand() is preferred. > - Shall I lock the sessions ? The padlock driver uses a mutex to lock > the sessions > http://fxr.watson.org/fxr/source/crypto/via/padlock.c?v=3DFREEBSD7#L211= =20 >=20 > Is it usefull ? Drivers ubsec, safe and hifn don't lock the sessions at > all. You should and they should as well. > - during crypto_process() the driver uses "s =3D splnet();". I'm not sure > about this ? Drop this one. > - The driver does a busy wait to check the completion of the > encryption. I think it would be beter to use the interrupt. I will > look later. I remember looking at that code sometime ago and that bit is really lame, so lame that I think they would do it in a different way if that was possible. Maybe it's worth contacting OpenBSD/NetBSD and ask? There might be a good reason for that. > - Any comment is welcome, this is my first work on a driver. Looks good:) I can do a final review and commit once you are done and if I'll be able to start my Soekris and test it. --=20 Pawel Jakub Dawidek http://www.wheel.pl pjd@FreeBSD.org http://www.FreeBSD.org FreeBSD committer Am I Evil? Yes, I Am! --azLHFNyN32YCQGCU Content-Type: application/pgp-signature Content-Disposition: inline -----BEGIN PGP SIGNATURE----- Version: GnuPG v2.0.4 (FreeBSD) iD8DBQFISgwuForvXbEpPzQRAipxAJ4jazwBTft3mMLQLYZOANWDg1Wn9gCg8BeS 4+Zc/B/9/8h8BcazpHh+ow0= =+f8m -----END PGP SIGNATURE----- --azLHFNyN32YCQGCU--
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20080607041855.GA3462>