Date: Tue, 18 May 2010 22:11:54 +0200 From: Fabien Thomas <fabien.thomas@netasq.com> To: Kostik Belousov <kostikbel@gmail.com> Cc: freebsd-current@FreeBSD.org, Pawel Jakub Dawidek <pjd@FreeBSD.org>, freebsd-amd64@FreeBSD.org Subject: Re: AESNI driver and fpu_kern KPI Message-ID: <56750197-F1C1-45AC-AA6B-72FBA02F24C5@netasq.com> In-Reply-To: <20100518184132.GA83316@deviant.kiev.zoral.com.ua> References: <20100515100401.GT83316@deviant.kiev.zoral.com.ua> <20100518153019.GA1699@garage.freebsd.pl> <20100518184132.GA83316@deviant.kiev.zoral.com.ua>
next in thread | previous in thread | raw e-mail | index | archive | help
>=20 >>=20 >> - Unfortunately the driver in its current version can't be used with >> IPsec and with GELI where authentication is enabled. This is because >> the driver doesn't support sessions where both encryption and >> authentication is defined. Do you have plans to change it? >> I saw that you based crypto(9) bits on padlock, which does support >> sessions with authentication by calculating hashes in software. > My goal was to develop fpu_kern_enter() KPI. I used the AESNI as an > opportunity to test the KPI in real application. I may consider adding > software-implemented authentification sometime later. I would not = object > if anybody do this instead of me. Today I've tested the patch with the same "issue" with IPsec, i've quickly re-included the same keyed hash function than padlock to = test, tomorrow I will test again and I will post a patch if it works well. A minor things: aesni only compile as a module. Another idea for Sha1 would be to integrate the new version from intel = http://software.intel.com/en-us/articles/improving-the-performance-of-the-= secure-hash-algorithm-1/ but it seems the 32bits version is not available at this time (and same licencing issue). Regards, Fabien
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?56750197-F1C1-45AC-AA6B-72FBA02F24C5>