Date: Tue, 14 Dec 2010 09:08:07 +0200 From: Kostik Belousov <kostikbel@gmail.com> To: Mike Tancsa <mike@sentex.net> Cc: stable-list freebsd <freebsd-stable@freebsd.org> Subject: Re: cryptodev cipher registration (aesni and padlock) Message-ID: <20101214070807.GJ33073@deviant.kiev.zoral.com.ua> In-Reply-To: <4D063B44.4050303@sentex.net> References: <4D063B44.4050303@sentex.net>
next in thread | previous in thread | raw e-mail | index | archive | help
--332CIdRmeZdukXAd Content-Type: text/plain; charset=us-ascii Content-Disposition: inline Content-Transfer-Encoding: quoted-printable On Mon, Dec 13, 2010 at 10:27:00AM -0500, Mike Tancsa wrote: > While doing some testing with the aesni driver, it seems some ciphers are= registered with openssl and some are not. >=20 > e.g. if I start an ssh session using aes128, I see the following >=20 > [pyroxene]% ssh -c aes128-cbc smarthost1 "cryptostats" | grep sym > 654198 symmetric crypto ops (0 errors, 0 times driver blocked) > [pyroxene]% ssh -c aes128-cbc smarthost1 "cryptostats" | grep sym > 654225 symmetric crypto ops (0 errors, 0 times driver blocked) > [pyroxene]%=20 >=20 > ie it shows the hardware transformation count increasing. But if I do ae= s 192 or 256, it does not >=20 > [pyroxene]% ssh -c aes256-cbc smarthost1 "cryptostats" | grep sym > 654231 symmetric crypto ops (0 errors, 0 times driver blocked) > [pyroxene]% ssh -c aes192-cbc smarthost1 "cryptostats" | grep sym > 654231 symmetric crypto ops (0 errors, 0 times driver blocked) > [pyroxene]% ssh -c aes192-cbc smarthost1 "cryptostats" | grep sym > 654231 symmetric crypto ops (0 errors, 0 times driver blocked) > [pyroxene]% ssh -c aes192-cbc smarthost1 "cryptostats" | grep sym > 654231 symmetric crypto ops (0 errors, 0 times driver blocked) > [pyroxene]%=20 > Yet the are supposed to be supported, no ? Where in openssl is this conf= igured ? The padlock driver does the same thing >=20 > % ssh -c aes256-cbc smarthost1 "cryptotest -z" > 0.000 sec, 2 aes crypts, 16 bytes, 4000000 byte/sec, = 30.5 Mb/sec > 0.000 sec, 2 aes crypts, 32 bytes, 16000000 byte/sec, = 122.1 Mb/sec > 0.000 sec, 2 aes crypts, 64 bytes, 32000000 byte/sec, = 244.1 Mb/sec > 0.000 sec, 2 aes crypts, 128 bytes, 64000000 byte/sec, = 488.3 Mb/sec > 0.000 sec, 2 aes crypts, 256 bytes, 128000000 byte/sec, = 976.6 Mb/sec > 0.000 sec, 2 aes crypts, 512 bytes, 170666667 byte/sec, = 1302.1 Mb/sec > 0.000 sec, 2 aes crypts, 1024 bytes, 292571429 byte/sec, = 2232.1 Mb/sec > 0.000 sec, 2 aes crypts, 2048 bytes, 455111111 byte/sec, = 3472.2 Mb/sec > 0.000 sec, 2 aes crypts, 4096 bytes, 512000000 byte/sec, = 3906.2 Mb/sec > 0.000 sec, 2 aes crypts, 8192 bytes, 420102564 byte/sec, = 3205.1 Mb/sec > 0.000 sec, 2 aes192 crypts, 16 bytes, 8000000 byte/sec, = 61.0 Mb/sec > 0.000 sec, 2 aes192 crypts, 32 bytes, 16000000 byte/sec, = 122.1 Mb/sec > 0.000 sec, 2 aes192 crypts, 64 bytes, 32000000 byte/sec, = 244.1 Mb/sec > 0.000 sec, 2 aes192 crypts, 128 bytes, 64000000 byte/sec, = 488.3 Mb/sec > 0.000 sec, 2 aes192 crypts, 256 bytes, 128000000 byte/sec, = 976.6 Mb/sec > 0.000 sec, 2 aes192 crypts, 512 bytes, 204800000 byte/sec, = 1562.5 Mb/sec > 0.000 sec, 2 aes192 crypts, 1024 bytes, 341333333 byte/sec, = 2604.2 Mb/sec > 0.000 sec, 2 aes192 crypts, 2048 bytes, 409600000 byte/sec, = 3125.0 Mb/sec > 0.000 sec, 2 aes192 crypts, 4096 bytes, 546133333 byte/sec, = 4166.7 Mb/sec > 0.000 sec, 2 aes192 crypts, 8192 bytes, 496484848 byte/sec, = 3787.9 Mb/sec > 0.000 sec, 2 aes256 crypts, 16 bytes, 10666667 byte/sec, = 81.4 Mb/sec > 0.000 sec, 2 aes256 crypts, 32 bytes, 21333333 byte/sec, = 162.8 Mb/sec > 0.000 sec, 2 aes256 crypts, 64 bytes, 32000000 byte/sec, = 244.1 Mb/sec > 0.000 sec, 2 aes256 crypts, 128 bytes, 51200000 byte/sec, = 390.6 Mb/sec > 0.000 sec, 2 aes256 crypts, 256 bytes, 102400000 byte/sec, = 781.2 Mb/sec > 0.000 sec, 2 aes256 crypts, 512 bytes, 204800000 byte/sec, = 1562.5 Mb/sec > 0.000 sec, 2 aes256 crypts, 1024 bytes, 292571429 byte/sec, = 2232.1 Mb/sec > 0.000 sec, 2 aes256 crypts, 2048 bytes, 409600000 byte/sec, = 3125.0 Mb/sec > 0.000 sec, 2 aes256 crypts, 4096 bytes, 512000000 byte/sec, = 3906.2 Mb/sec > 0.000 sec, 2 aes256 crypts, 8192 bytes, 442810811 byte/sec, = 3378.4 Mb/secW =46rom my reading of src/crypto/openssl/crypto/engine/eng_cryptodev.c, and browsing http://cvs.openssl.org/rlog?f=3Dopenssl/crypto/engine/eng_cryptodev.c it seems that only OpenSSL HEAD and 1.0 branch have support for AES-192 and AES-256 when working with /dev/crypto. --332CIdRmeZdukXAd Content-Type: application/pgp-signature Content-Disposition: inline -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.11 (FreeBSD) iEYEARECAAYFAk0HF9cACgkQC3+MBN1Mb4j8dwCcCRyZzbaZRPcf9TNggJ3gRUW0 k3oAoIZRLVFtFRBmye8kX1gBLWI4tD/s =oncn -----END PGP SIGNATURE----- --332CIdRmeZdukXAd--
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20101214070807.GJ33073>