From owner-freebsd-arch Sun Jul 28 7:12:51 2002 Delivered-To: freebsd-arch@freebsd.org Received: from mx1.FreeBSD.org (mx1.FreeBSD.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 12C6E37B401 for ; Sun, 28 Jul 2002 07:12:43 -0700 (PDT) Received: from storm.FreeBSD.org.uk (storm.FreeBSD.org.uk [194.242.139.170]) by mx1.FreeBSD.org (Postfix) with ESMTP id F1D2543E5E for ; Sun, 28 Jul 2002 07:12:41 -0700 (PDT) (envelope-from mark@grimreaper.grondar.org) Received: from storm.FreeBSD.org.uk (uucp@localhost [127.0.0.1]) by storm.FreeBSD.org.uk (8.12.5/8.12.5) with ESMTP id g6SECW3H033895; Sun, 28 Jul 2002 15:12:32 +0100 (BST) (envelope-from mark@grimreaper.grondar.org) Received: (from uucp@localhost) by storm.FreeBSD.org.uk (8.12.5/8.12.5/Submit) with UUCP id g6SECWMm033894; Sun, 28 Jul 2002 15:12:32 +0100 (BST) Received: from grimreaper.grondar.org (localhost [127.0.0.1]) by grimreaper.grondar.org (8.12.5/8.12.5) with ESMTP id g6SD4lRZ001192; Sun, 28 Jul 2002 14:04:47 +0100 (BST) (envelope-from mark@grimreaper.grondar.org) Message-Id: <200207281304.g6SD4lRZ001192@grimreaper.grondar.org> To: "Sam Leffler" Cc: freebsd-arch@FreeBSD.ORG Subject: Re: status of hardware crypto support References: <05c801c222d2$ad797550$52557f42@errno.com> In-Reply-To: <05c801c222d2$ad797550$52557f42@errno.com> ; from "Sam Leffler" "Wed, 03 Jul 2002 13:46:16 PDT." Date: Sun, 28 Jul 2002 14:04:47 +0100 From: Mark Murray Sender: owner-freebsd-arch@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.ORG > This is a short note about the status of my work to port openbsd's support > for hardware crypto devices to freebsd. I've had a patch available > for -stable for a while that provides the openbsd kernel framework and a > port of the device driver for various Hifn parts (e.g. 7751, 7951, 7811). > In the past few weeks I've made major progress changing the KAME IPSEC code > to use this framework, again in the style done by openbsd (using > continuations to break up the input and output packet processing paths). At > this point I have almost all aspects of IPv4-based IPSEC tested and working. > There are some minor issues like support of the old-style AH protocol and > keyed- MD5 and SHA1 AH algorithms, and I have yet to do any IPv6-based > testing. This is excellent! I have had a (stalled) crypto library (implemented as a loadable module) based on the OpenBSD code for quite a while. It sounds like you are further than me in getting to do something useful. Does your code implement the userland-usable /dev/crypto that OpenSSL can use? > In addition to the IPSEC work I've been talking to various hardware vendors > about support for their products in FreeBSD. I now have Hifn-based cards of > various flavors, and a Broadcom card for testing. I'm supposed to receive > more hardware in the near future. I will be porting drivers for each of > these cards from openbsd. If you want a hand with any of that, I'll be in a position to help in a very short while (once I come out of storage in a week). > Finally, I've been in touch with both openbsd and netbsd folks. My intent > is to provide a common API for in-kernel and user-mode access to hardware > crypto support. This will let everyone share application code (e.g. OpenSSL > already done by openbsd) and reduce the effort required to port device > drivers between the various systems. Cool! (I've started doing the /dev/crypto thing, but that has stalled because of employment issues). > All my work so far has been in -stable, but I hope to port the work > to -current soon. A goal is to get the kernel crypto device framework into > the 5.0 release. I've been in touch with the KAME folks and will continue > to discuss my IPSEC mods with them. If you need a hand for CURRENT, I'll be delighted to help. M -- o Mark Murray \_ O.\_ Warning: this .sig is umop ap!sdn To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-arch" in the body of the message