From owner-freebsd-drivers@FreeBSD.ORG Mon Apr 24 22:53:56 2006 Return-Path: X-Original-To: freebsd-drivers@freebsd.org Delivered-To: freebsd-drivers@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 50C5316A405 for ; Mon, 24 Apr 2006 22:53:56 +0000 (UTC) (envelope-from wtsai@hifn.com) Received: from outbound3-haw-R.bigfish.com (outbound-haw.frontbridge.com [12.129.219.97]) by mx1.FreeBSD.org (Postfix) with ESMTP id 9D82E43D73 for ; Mon, 24 Apr 2006 22:53:48 +0000 (GMT) (envelope-from wtsai@hifn.com) Received: from outbound3-haw.bigfish.com (localhost.localdomain [127.0.0.1]) by outbound3-haw-R.bigfish.com (Postfix) with ESMTP id 192DE151E7B5 for ; Mon, 24 Apr 2006 22:53:47 +0000 (UTC) Received: from mail1-par-R.bigfish.com (unknown [192.168.51.1]) (using TLSv1 with cipher EDH-RSA-DES-CBC3-SHA (168/168 bits)) (No client certificate requested) by outbound3-haw.bigfish.com (Postfix) with ESMTP id AFE10151E7AE for ; Mon, 24 Apr 2006 22:53:46 +0000 (UTC) Received: from mail1-par.bigfish.com (localhost.localdomain [127.0.0.1]) by mail1-par-R.bigfish.com (Postfix) with ESMTP id 5EAAF80441C for ; Mon, 24 Apr 2006 22:53:45 +0000 (UTC) X-BigFish: VP Received: by mail1-par (MessageSwitch) id 1145919225337442_18734; Mon, 24 Apr 2006 22:53:45 +0000 (UCT) Received: from sjcxch03.tbu.com (mailman1.hifn.com [208.10.194.50]) by mail1-par.bigfish.com (Postfix) with ESMTP id C075E80413F for ; Mon, 24 Apr 2006 22:53:44 +0000 (UTC) Received: from sjcxch02.tbu.com ([192.168.1.250]) by sjcxch03.tbu.com with Microsoft SMTPSVC(6.0.3790.1830); Mon, 24 Apr 2006 15:53:43 -0700 X-MimeOLE: Produced By Microsoft Exchange V6.5 Content-class: urn:content-classes:message MIME-Version: 1.0 Content-Type: text/plain; charset="us-ascii" Content-Transfer-Encoding: quoted-printable Date: Mon, 24 Apr 2006 15:53:42 -0700 Message-ID: X-MS-Has-Attach: X-MS-TNEF-Correlator: Thread-Topic: Crypto hw acceleration for openssl Thread-Index: AcZmDdCMv3y8KUXzSvCOPQuZgX/fXwB4iQ9Q From: "Winston Tsai" To: X-OriginalArrivalTime: 24 Apr 2006 22:53:43.0551 (UTC) FILETIME=[EFDAC8F0:01C667F1] Subject: RE: Crypto hw acceleration for openssl X-BeenThere: freebsd-drivers@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: Writing device drivers for FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Mon, 24 Apr 2006 22:53:56 -0000 Hi, Chuck: Thanks for the info, I tried to specify the hardware device using: openssl speed des-cbc -engine cryptodev=20 But still got similar performance results as those using sw lib. > 16 bytes 64 bytes 256 bytes 1024 bytes 8192 bytes > 43108.10k 44917.96k 45460.88k 45532.15k 45566.26k <=3D sw lib 43067.69k 44943.54k 45340.59k 45519.83k 45582.75k <=3D when using '-engine cryptodev' My version of OpenSSL lib is 0.9.7d 17 March 2004. Don't know if that matters or not. P.s. We are in the process of working to improve our support of hw with the open source community; stay tuned! :-) Regards, Winston -----Original Message----- From: Chuck Swiger [mailto:cswiger@mac.com]=20 Sent: Saturday, April 22, 2006 6:08 AM To: Winston Tsai Cc: freebsd-drivers@freebsd.org; freebsd-security@freebsd.org Subject: Re: Crypto hw acceleration for openssl Hi, Winston-- Winston Tsai wrote: [ ...followups set to just one group... ] > Openssl speed des-cbc > And got the following result: > 16 bytes 64 bytes 256 bytes 1024 bytes 8192 bytes > 43251.97k 44919.41k 45342.43k 45506.13k 45579.98k > Then I did kldunload hifn; kldunload cryptodev and ran the same test=20 > again, and got > 16 bytes 64 bytes 256 bytes 1024 bytes 8192 bytes > 43108.10k 44917.96k 45460.88k 45532.15k 45566.26k >=20 > Version of FreeBSD is 5.3-RELEASE. I believe both crypto and cryptodev > drivers are supported since v5.0. You might need to try "openssl speed des-cbc -engine cryptodev" in order to have OpenSSL actually try to use the HiFN crypto card. You might also have to fiddle with openssl itself, since the openssl binary that ships with the system seems to prefer to use the CPU even when you tell it to use hardware via the /dev/crypto interface. [1] Possibly "cd /usr/ports/security/openssl && make install" might give you another openssl binary to try that would work better. Given the domain of your email address, you might have better insight about how to improve FreeBSD's support of HiFN hardware :-), and we would be happy to adapt any such improvements. -- -Chuck [1]: I've heard rumors to the effect that the setup costs for accessing the crypto hardware acceleration are fairly high and that using hardware crypto is a win mostly only for big operations like 1024-bit RSA or DSA key operations, that ~1GHz CPUs or faster tend to handle session-level crypto (ie, your 48-/56-/128-bit DES or 3DES, or now perhaps 128/256-bit AES) faster by themselves.