From owner-freebsd-hackers@FreeBSD.ORG Fri Jun 6 21:57:13 2008 Return-Path: Delivered-To: freebsd-hackers@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34]) by hub.freebsd.org (Postfix) with ESMTP id 6963A1065672 for ; Fri, 6 Jun 2008 21:57:13 +0000 (UTC) (envelope-from patfbsd@davenulle.org) Received: from smtp.lamaiziere.net (net.lamaiziere.net [213.186.42.107]) by mx1.freebsd.org (Postfix) with ESMTP id 3E57C8FC21 for ; Fri, 6 Jun 2008 21:57:13 +0000 (UTC) (envelope-from patfbsd@davenulle.org) Received: from baby-jane.lamaiziere.net (78.6.192-77.rev.gaoland.net [77.192.6.78]) by smtp.lamaiziere.net (Postfix) with ESMTP id 5A1CF118058C for ; Fri, 6 Jun 2008 23:41:37 +0200 (CEST) Received: from baby-jane-lamaiziere-net.local (localhost [127.0.0.1]) by baby-jane.lamaiziere.net (Postfix) with ESMTP id 738EE43ED85 for ; Fri, 6 Jun 2008 23:41:36 +0200 (CEST) Date: Fri, 6 Jun 2008 23:41:35 +0200 From: Patrick =?ISO-8859-15?Q?Lamaizi=E8re?= To: freebsd-hackers@freebsd.org Message-ID: <20080606234135.46144207@baby-jane-lamaiziere-net.local> Organization: /dave/nulle X-Mailer: Claws Mail 3.3.1 (GTK+ 2.12.8; i386-apple-darwin9.2.0) Mime-Version: 1.0 Content-Type: text/plain; charset=US-ASCII Content-Transfer-Encoding: 7bit Subject: AMD Geode LX crypto accelerator (glxsb) X-BeenThere: freebsd-hackers@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: Technical Discussions relating to FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Fri, 06 Jun 2008 21:57:13 -0000 Dears, I'm trying to port the glxsb driver from OpenBSD to FreeBSD 7-STABLE (via the NetBSD port). " The glxsb driver supports the security block of the Geode LX series processors. The Geode LX is a member of the AMD Geode family of integrated x86 system chips. Driven by periodic checks for available data from the generator, glxsb supplies entropy to the random(4) driver for common usage. glxsb also supports acceleration of AES-128-CBC operations for crypto(4)." I think that most of the work is done, except the random generator. Source "in progress" for 7-STABLE: http://user.lamaiziere.net/patrick/glxsb.c http://user.lamaiziere.net/patrick/glxsb.tar.gz (c+Makefile) Credits to OpenBSD and NetBSD, Thanks! Well, it seems to work but i've got few problems to test the module : - How check the encryption/decryption ? Openssl seems ok, i've got quite the same results as NetBSD on a Soekris net5501 box. But i must use -engine cryptodev, why ? $ openssl speed -evp aes-128-cbc -engine cryptodev -elapsed engine "cryptodev" set. ...CUT... type 16 bytes 64 bytes 256 bytes 1024 bytes 8192 bytes aes-128-cbc 1151.08k 4134.25k 11936.49k 22504.83k 25576.36k When i test ssh -c aes128-cbc hostname, ssh does not use the crypto device. I receive a crypto_newsession() followed by a crypto_freesession(), i mean i don't receive any crypto_process(). So how can I be sure that the datas are well encrypted ? Also, I've got some questions to finish the driver: - between arc4rand() and read_random(), witch function shall i use ? - Shall I lock the sessions ? The padlock driver uses a mutex to lock the sessions http://fxr.watson.org/fxr/source/crypto/via/padlock.c?v=FREEBSD7#L211 Is it usefull ? Drivers ubsec, safe and hifn don't lock the sessions at all. - during crypto_process() the driver uses "s = splnet();". I'm not sure about this ? - The driver does a busy wait to check the completion of the encryption. I think it would be beter to use the interrupt. I will look later. - Any comment is welcome, this is my first work on a driver. Thanks, regards.