Date: Fri, 3 Sep 2010 14:16:22 -0700 From: "Ricky Charlet" <RCharlet@adaranet.com> To: Andre Oppermann <andre@freebsd.org> Cc: "freebsd-security@freebsd.org" <freebsd-security@freebsd.org>, "freebsd-net@freebsd.org" <freebsd-net@freebsd.org> Subject: RE: seeking current supported crypto co-processors Message-ID: <32AB5C9615CC494997D9ABB1DB12783C024C8DE0F2@SJ-EXCH-1.adaranet.com> In-Reply-To: <4C80908D.9030106@freebsd.org> References: <32AB5C9615CC494997D9ABB1DB12783C024C8DE03A@SJ-EXCH-1.adaranet.com> <4C80908D.9030106@freebsd.org>
next in thread | previous in thread | raw e-mail | index | archive | help
Thanks Andre,
I'm hoping not to get too distracted by which algorithms I want sup=
ported. To answer directly, I want the FIPS-140-2 algorithms in block modes=
and optionally the Suite-B NSA stuff too.
http://csrc.nist.gov/publications/fips/fips140-2/fips1402annexa.pdf
http://www.nsa.gov/ia/programs/suiteb_cryptography/index.shtml
But the main thrust of my question is not what algs are supported b=
y what parts... but instead, are their PCIe attachable crypto co-processors=
with current vendor support for FreeBSD8.x?
I appreciated your pointers to VIA and various MIPS and specificall=
y octeon processors. And I am newly enlightened by your pointers to very ne=
w Intel parts coming out with cipher/hash support... that may help me in th=
e near future. But at the moment, I am currently bound to Intel parts witho=
ut the AES feature set.
If anyone else reading this thread want's to chime in with info abo=
ut current supported crypto co-processors that plug in via PCIe, please dro=
p a note.
---
Ricky Charlet
Adara Networks
USA 408-433-4942
-----Original Message-----
From: Andre Oppermann [mailto:andre@freebsd.org]
Sent: Thursday, September 02, 2010 11:07 PM
To: Ricky Charlet
Cc: freebsd-security@freebsd.org; freebsd-net@freebsd.org
Subject: Re: seeking current supported crypto co-processors
On 03.09.2010 02:35, Ricky Charlet wrote:
> Howdy, <this messages is cross posted in freebsd-security and freebsd-net=
>
>
> I'm seeking current cryptographic coprocessors supported in FreeBSD 8.x. =
By perusing through the
> crypto-dev (and subsequently referenced) man page(s) I found this list: H=
ifn
> 7751/7951/7811/7955/7956 crypto accelerator SafeNet 1141/1741 Bluesteel 5=
501/5601 Broadcom
> bcm5801/5802/5805/5820/5821/5822/5823/5825
>
> Those are all pretty old (and in some cases, no longer existent). I'm sur=
veying these lists to
> see if anyone knows of more modern chips working with FreeBSD 8.x. Or if =
you feel some chip on
> the list above is up to the task of near about 1 Gb throughput across a P=
CIe and has friendly
> vendor support for FreeBSD, I'd sure like to hear about that too.
What cypto algorithms do you need? Stream encryption and/or PKI KEX?
For AES stream encrpytion there are some CPU's that directly support
the crypto primitives on the silicon. For newer x86/amd64 CPU's see:
http://en.wikipedia.org/wiki/AES_instruction_set
A number of VIA x86 CPU's have supported a set of crypto algorithms
inlcuding stream cyphers, cryptographic hashing and RSA for quite some
time on their silicon.
http://www.via.com.tw/en/initiatives/padlock/hardware.jsp
Other than that there are some embedded crypto engines with their own
(mostly MIPS based) single and multi-core CPU's. AKAIK they have a
FreeBSD API and the FreeBSD MIPS port should work on at least some of
them:
http://www.caviumnetworks.com/
Cavium also has some plug-in crypto accelerator cards under the brand
name Nitrox. IIRC they have some drivers for FreeBSD available.
--
Andre
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?32AB5C9615CC494997D9ABB1DB12783C024C8DE0F2>