From owner-freebsd-hackers@FreeBSD.ORG Sat Jun 14 17:03:55 2008 Return-Path: Delivered-To: freebsd-hackers@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34]) by hub.freebsd.org (Postfix) with ESMTP id BCD16106566C for ; Sat, 14 Jun 2008 17:03:55 +0000 (UTC) (envelope-from patfbsd@davenulle.org) Received: from smtp.lamaiziere.net (net.lamaiziere.net [213.186.42.107]) by mx1.freebsd.org (Postfix) with ESMTP id 801B28FC2F for ; Sat, 14 Jun 2008 17:03:55 +0000 (UTC) (envelope-from patfbsd@davenulle.org) Received: from baby-jane.lamaiziere.net (15.10.87-79.rev.gaoland.net [79.87.10.15]) by smtp.lamaiziere.net (Postfix) with ESMTP id 9F232118059D for ; Sat, 14 Jun 2008 19:03:53 +0200 (CEST) Received: from baby-jane-lamaiziere-net.local (localhost [127.0.0.1]) by baby-jane.lamaiziere.net (Postfix) with ESMTP id 7DA64449936 for ; Sat, 14 Jun 2008 19:03:52 +0200 (CEST) Date: Sat, 14 Jun 2008 19:03:51 +0200 From: Patrick =?ISO-8859-15?Q?Lamaizi=E8re?= To: freebsd-hackers@freebsd.org Message-ID: <20080614190351.4ec7660d@baby-jane-lamaiziere-net.local> In-Reply-To: <20080606234135.46144207@baby-jane-lamaiziere-net.local> References: <20080606234135.46144207@baby-jane-lamaiziere-net.local> Organization: /dave/nulle X-Mailer: Claws Mail 3.3.1 (GTK+ 2.12.8; i386-apple-darwin9.2.0) Mime-Version: 1.0 Content-Type: text/plain; charset=ISO-8859-15 Content-Transfer-Encoding: 8bit Subject: Re: AMD Geode LX crypto accelerator (glxsb) X-BeenThere: freebsd-hackers@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: Technical Discussions relating to FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Sat, 14 Jun 2008 17:03:55 -0000 Le Fri, 6 Jun 2008 23:41:35 +0200, Patrick Lamaizière a écrit : Hello, > I'm trying to port the glxsb driver from OpenBSD to FreeBSD 7-STABLE > (via the NetBSD port). > " The glxsb driver supports the security block of the Geode LX > series processors. The Geode LX is a member of the AMD Geode family > of integrated x86 system chips. > > Driven by periodic checks for available data from the generator, > glxsb supplies entropy to the random(4) driver for common usage. > > glxsb also supports acceleration of AES-128-CBC operations for > crypto(4)." I'm still working on it. I think it is ok now : - The random number generator feeds random(4) with entropy via random_harvest(9) - I added hmac software encryptions to be able to use the driver with ipsec(4). Most of the code is stolen from padlock(4), it is not easy to use the same code as OpenBSD : they use some code from crytosoft but in FreeBSD this code is private to the module. And the code of padlock is more "human readable", I think. - I reworked the sessions to use a TAILQ like padlock. - I added few sysctl for debugging purposes. I tested with openssl, and ipsec with all hmac supported by the driver. Seems good, but i'm not able to benchmark ipsec. Sources (7-STABLE): http://user.lamaiziere.net/patrick/glxsb-140608.tar.gz (Yes this is the good version!) If you can test it and provide some review it would be nice. Thanks, regards.