|
|
|
|
|
|
| Author |
Message |
Mark Murray
*nix forums beginner
Joined: 24 Mar 2002
Posts: 49
|
 Posted: Sun Jul 28, 2002 11:04 am Post subject:
Re: status of hardware crypto support
|
|
|
| Quote: | This is a short note about the status of my work to port openbsd's support
for hardware crypto devices to freebsd. I've had a patch available
for -stable for a while that provides the openbsd kernel framework and a
port of the device driver for various Hifn parts (e.g. 7751, 7951, 7811).
In the past few weeks I've made major progress changing the KAME IPSEC code
to use this framework, again in the style done by openbsd (using
continuations to break up the input and output packet processing paths). At
this point I have almost all aspects of IPv4-based IPSEC tested and working.
There are some minor issues like support of the old-style AH protocol and
keyed- MD5 and SHA1 AH algorithms, and I have yet to do any IPv6-based
testing.
|
This is excellent!
I have had a (stalled) crypto library (implemented as a loadable module)
based on the OpenBSD code for quite a while. It sounds like you are further
than me in getting to do something useful. Does your code implement the
userland-usable /dev/crypto that OpenSSL can use?
| Quote: | In addition to the IPSEC work I've been talking to various hardware vendors
about support for their products in FreeBSD. I now have Hifn-based cards of
various flavors, and a Broadcom card for testing. I'm supposed to receive
more hardware in the near future. I will be porting drivers for each of
these cards from openbsd.
|
If you want a hand with any of that, I'll be in a position to help in
a very short while (once I come out of storage in a week).
| Quote: | Finally, I've been in touch with both openbsd and netbsd folks. My intent
is to provide a common API for in-kernel and user-mode access to hardware
crypto support. This will let everyone share application code (e.g. OpenSSL
already done by openbsd) and reduce the effort required to port device
drivers between the various systems.
|
Cool! (I've started doing the /dev/crypto thing, but that has stalled because
of employment issues).
| Quote: | All my work so far has been in -stable, but I hope to port the work
to -current soon. A goal is to get the kernel crypto device framework into
the 5.0 release. I've been in touch with the KAME folks and will continue
to discuss my IPSEC mods with them.
|
If you need a hand for CURRENT, I'll be delighted to help.
M
--
o Mark Murray
\_
O.\_ Warning: this .sig is umop ap!sdn
To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-arch" in the body of the message |
|
| Back to top |
|
 |
Kris Kennaway
*nix forums Guru
Joined: 28 Apr 2002
Posts: 634
|
| Posted: Tue Jul 09, 2002 2:57 pm Post subject:
Re: status of hardware crypto support
|
|
|
On Wed, Jul 03, 2002 at 01:46:16PM -0700, Sam Leffler wrote:
| Quote: | This is a short note about the status of my work to port openbsd's support
for hardware crypto devices to freebsd. [...]
|
This sounds great, thanks for doing it!
Kris |
|
| Back to top |
|
|
Sam Leffler
*nix forums addict
Joined: 20 Jun 2002
Posts: 75
|
| Posted: Wed Jul 03, 2002 6:46 pm Post subject:
status of hardware crypto support
|
|
|
This is a short note about the status of my work to port openbsd's support
for hardware crypto devices to freebsd. I've had a patch available
for -stable for a while that provides the openbsd kernel framework and a
port of the device driver for various Hifn parts (e.g. 7751, 7951, 7811).
In the past few weeks I've made major progress changing the KAME IPSEC code
to use this framework, again in the style done by openbsd (using
continuations to break up the input and output packet processing paths). At
this point I have almost all aspects of IPv4-based IPSEC tested and working.
There are some minor issues like support of the old-style AH protocol and
keyed- MD5 and SHA1 AH algorithms, and I have yet to do any IPv6-based
testing.
In addition to the IPSEC work I've been talking to various hardware vendors
about support for their products in FreeBSD. I now have Hifn-based cards of
various flavors, and a Broadcom card for testing. I'm supposed to receive
more hardware in the near future. I will be porting drivers for each of
these cards from openbsd.
Finally, I've been in touch with both openbsd and netbsd folks. My intent
is to provide a common API for in-kernel and user-mode access to hardware
crypto support. This will let everyone share application code (e.g. OpenSSL
already done by openbsd) and reduce the effort required to port device
drivers between the various systems.
All my work so far has been in -stable, but I hope to port the work
to -current soon. A goal is to get the kernel crypto device framework into
the 5.0 release. I've been in touch with the KAME folks and will continue
to discuss my IPSEC mods with them.
My immediate work is to do performance analysis and tuning, and stress
testing. Once I've completed that work I'll make the changes generally
available.
Special thanks to Vernier Networks who has been supporting this work and to
GTGI who has provided crypto hardware.
Sam
To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-arch" in the body of the message |
|
| Back to top |
|
|
Google
|
|
| Back to top |
|
|
|
|
The time now is Thu Jan 08, 2009 5:39 am | All times are GMT
|
|
Buy WoW Gold | Carrinhos para bebĂȘ | Credit Cards | Books | Personal Loans
|
|
Copyright © 2004-2005 DeniX Solutions SRL
|
|
|
|
Other DeniX Solutions sites:
Unix/Linux blog |
electronics forum |
medicine forum |
science forum |
|
|
Privacy Policy
|
Powered by phpBB © 2001, 2005 phpBB Group
|
|
FAQ
Search
Memberlist
Usergroups
Register
Profile
Log in to check your private messages
Log in
Forum index
»
*nix
»
BSD
»
FreeBSD
»
mail-lists
»
Architecture
