From owner-freebsd-hackers@FreeBSD.ORG Sat Jun 7 04:19:02 2008 Return-Path: Delivered-To: freebsd-hackers@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34]) by hub.freebsd.org (Postfix) with ESMTP id A6A261065673 for ; Sat, 7 Jun 2008 04:19:02 +0000 (UTC) (envelope-from pjd@garage.freebsd.pl) Received: from mail.garage.freebsd.pl (chello087206046210.chello.pl [87.206.46.210]) by mx1.freebsd.org (Postfix) with ESMTP id 4398F8FC0A for ; Sat, 7 Jun 2008 04:19:01 +0000 (UTC) (envelope-from pjd@garage.freebsd.pl) Received: by mail.garage.freebsd.pl (Postfix, from userid 65534) id 8474845F20; Sat, 7 Jun 2008 06:19:00 +0200 (CEST) Received: from localhost (chello087206046210.chello.pl [87.206.46.210]) (using TLSv1 with cipher DHE-RSA-AES256-SHA (256/256 bits)) (No client certificate requested) by mail.garage.freebsd.pl (Postfix) with ESMTP id 0E5F345EA4; Sat, 7 Jun 2008 06:18:54 +0200 (CEST) Date: Sat, 7 Jun 2008 06:18:55 +0200 From: Pawel Jakub Dawidek To: Patrick Lamaizi?re Message-ID: <20080607041855.GA3462@garage.freebsd.pl> References: <20080606234135.46144207@baby-jane-lamaiziere-net.local> Mime-Version: 1.0 Content-Type: multipart/signed; micalg=pgp-sha1; protocol="application/pgp-signature"; boundary="azLHFNyN32YCQGCU" Content-Disposition: inline In-Reply-To: <20080606234135.46144207@baby-jane-lamaiziere-net.local> User-Agent: Mutt/1.4.2.3i X-PGP-Key-URL: http://people.freebsd.org/~pjd/pjd.asc X-OS: FreeBSD 8.0-CURRENT i386 X-Spam-Checker-Version: SpamAssassin 3.0.4 (2005-06-05) on mail.garage.freebsd.pl X-Spam-Level: X-Spam-Status: No, score=-2.6 required=3.0 tests=BAYES_00 autolearn=ham version=3.0.4 Cc: freebsd-hackers@freebsd.org Subject: Re: AMD Geode LX crypto accelerator (glxsb) X-BeenThere: freebsd-hackers@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: Technical Discussions relating to FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Sat, 07 Jun 2008 04:19:02 -0000 --azLHFNyN32YCQGCU Content-Type: text/plain; charset=us-ascii Content-Disposition: inline Content-Transfer-Encoding: quoted-printable On Fri, Jun 06, 2008 at 11:41:35PM +0200, Patrick Lamaizi?re wrote: > Dears, >=20 > I'm trying to port the glxsb driver from OpenBSD to FreeBSD 7-STABLE > (via the NetBSD port). Cool. > " The glxsb driver supports the security block of the Geode LX > series processors. The Geode LX is a member of the AMD Geode family > of integrated x86 system chips. > =20 > Driven by periodic checks for available data from the generator, > glxsb supplies entropy to the random(4) driver for common usage. >=20 > glxsb also supports acceleration of AES-128-CBC operations for > crypto(4)." >=20 > I think that most of the work is done, except the random generator. > Source "in progress" for 7-STABLE: > http://user.lamaiziere.net/patrick/glxsb.c > http://user.lamaiziere.net/patrick/glxsb.tar.gz (c+Makefile) >=20 > Credits to OpenBSD and NetBSD, Thanks! >=20 > Well, it seems to work but i've got few problems to test the module : >=20 > - How check the encryption/decryption ? >=20 > Openssl seems ok, i've got quite the same results as NetBSD on a Soekris > net5501 box. But i must use -engine cryptodev, why ? This is ok, as you may not want to use it, right? > $ openssl speed -evp aes-128-cbc -engine cryptodev -elapsed > engine "cryptodev" set. > ...CUT... > type 16 bytes 64 bytes 256 bytes 1024 bytes 8192 bytes > aes-128-cbc 1151.08k 4134.25k 11936.49k 22504.83k 25576.36k >=20 > When i test ssh -c aes128-cbc hostname, ssh does not use the crypto > device. I receive a crypto_newsession() followed by a > crypto_freesession(), i mean i don't receive any crypto_process(). Have you tried to put some debug to opencrypto? I believe openssh should use it automatically, at least this was the case some time ago, AFAIR. > So how can I be sure that the datas are well encrypted ? Try comparing result of openssl encryption with and without '-engine cryptodev'. Remember to use -nosalt (and maybe -raw) prevent openssl from putting salt in front of the ciphertext. > Also, I've got some questions to finish the driver: >=20 > - between arc4rand() and read_random(), witch function shall i use ? arc4rand() is preferred. > - Shall I lock the sessions ? The padlock driver uses a mutex to lock > the sessions > http://fxr.watson.org/fxr/source/crypto/via/padlock.c?v=3DFREEBSD7#L211= =20 >=20 > Is it usefull ? Drivers ubsec, safe and hifn don't lock the sessions at > all. You should and they should as well. > - during crypto_process() the driver uses "s =3D splnet();". I'm not sure > about this ? Drop this one. > - The driver does a busy wait to check the completion of the > encryption. I think it would be beter to use the interrupt. I will > look later. I remember looking at that code sometime ago and that bit is really lame, so lame that I think they would do it in a different way if that was possible. Maybe it's worth contacting OpenBSD/NetBSD and ask? There might be a good reason for that. > - Any comment is welcome, this is my first work on a driver. Looks good:) I can do a final review and commit once you are done and if I'll be able to start my Soekris and test it. --=20 Pawel Jakub Dawidek http://www.wheel.pl pjd@FreeBSD.org http://www.FreeBSD.org FreeBSD committer Am I Evil? Yes, I Am! --azLHFNyN32YCQGCU Content-Type: application/pgp-signature Content-Disposition: inline -----BEGIN PGP SIGNATURE----- Version: GnuPG v2.0.4 (FreeBSD) iD8DBQFISgwuForvXbEpPzQRAipxAJ4jazwBTft3mMLQLYZOANWDg1Wn9gCg8BeS 4+Zc/B/9/8h8BcazpHh+ow0= =+f8m -----END PGP SIGNATURE----- --azLHFNyN32YCQGCU--