Date: Sun, 15 Apr 2001 06:09:35 +0000 From: Gunther Schadow <gunther@aurora.regenstrief.org> To: Len Conrad <LConrad@Go2France.com> Cc: freebsd-small@FreeBSD.ORG Subject: Re: The ultimate board! Message-ID: <3AD93B1F.D46A8DA0@aurora.regenstrief.org> References: <Pine.BSF.4.32.0104141110490.91559-100000@mail.wolves.k12.mo.us> <5.0.0.25.0.20010415060946.057f0e80@mail.Go2France.com>
next in thread | previous in thread | raw e-mail | index | archive | help
Len Conrad wrote: > >hub :-(. I understand that the 486 class CPU is sort of a bottleneck > >for encryption work though, but Soren wanted to build a Hi/Fn based > >hardware crypto board too. Will be some fiddling with drivers though ... > > Since FreeBSD has no hardware crypto support (vs OpenBSD) and none is > on the announced horizon afaik, I conclude that "fiddling with > drivers" is understating the difficulty of adding hardware crypto support. Well, it can't be too difficult. Since I can account the work on my dayjob hours, I am willing to help with driver writing. Unfortunately with most crypto stuff, documentation is very scarce (i.e., the Intel Pro/100 S NIC has a crypto chip, but nobody except Intel and Microsoft seems to know how to program it) ... if we can get good documentation on how to program the Hi/Fn 7951, it shouldn't be too hard ... actually I am more ready to write a driver for the hardware then to write the crypto algorithms in software :-). Since crypto algorithms are in the FreeBSD kernel already, offloading those to a chip shouldn't be that big of a deal ... just use the same API as the existing software algorithms and pipe stuff to the chip instead. With good documentation and preparation this should be a matter of a day or two to get it supported in FreeBSD (and all KAME/IPsec hosts for that matter.) Outside of the kernel, I would have a /dev node interface as a character device ... I love character devices (and I hate IOCTL's for that matter) because they can be used easily in shell scripts. Probably a triple of devices organized as a pipe. For example /dev/cri0 would be the crypto input (i) end of the pipe, and /dev/cro0 would be the crypto output (o) end of the pipe. Finally /dev/crc0 would be the crypto control (c) channel. Into this channel one would write a string that identifies the cipher followed by the key and initialization vector and other parameters. Whenever the crypto control channel is written, the crypto buffer is reset and ready to accept data. Would be fun to do. regards -Gunther -- Gunther Schadow, M.D., Ph.D. gschadow@regenstrief.org Medical Information Scientist Regenstrief Institute for Health Care Adjunct Assistent Professor Indiana University School of Medicine tel:1(317)630-7960 http://aurora.regenstrief.org To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-small" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?3AD93B1F.D46A8DA0>