Skip site navigation (1)Skip section navigation (2) 
Date:      Sat, 17 Jul 2004 11:48:35 +0200
From:      Cor Bosman <cor@xs4all.nl>
To:        Mike Tancsa <mike@sentex.net>
Cc:        Cor Bosman <cor@xs4all.nl>
Subject:   Re: HIFN/7955 Soekris 1401 openssl problem
Message-ID:  <20040717094835.GB87292@xs4all.nl>
In-Reply-To: <6.1.2.0.0.20040717051945.06290030@64.7.153.2>
References:  <200407162339.i6GNdvtS065629@xs1.xs4all.nl> <392hf09pbb6ca5val0aimm00sg0u8knv1d@4ax.com> <20040717075944.GA67166@xs4all.nl> <6.1.2.0.0.20040717051945.06290030@64.7.153.2>
next in thread | previous in thread | raw e-mail | index | archive | help 
> >When using mozilla to send a mail it negotiates the following encryption
> >scheme: DHE-RSA-AES256-SHA. Ive also used Kmail and outlook, which
> 
> 
> If you look at the man pages for the hifn card and for crypto, it will list 
> what the card supports for encryption, and what crypto supports
> 
>   Depending on hardware being present, the following symmetric and asymmet-
>      ric cryptographic features are potentially available from /dev/crypto:
> 
>            CRYPTO_DES_CBC
>            CRYPTO_3DES_CBC
>            CRYPTO_BLF_CBC
>            CRYPTO_CAST_CBC
>            CRYPTO_SKIPJACK_CBC
>            CRYPTO_MD5_HMAC
>            CRYPTO_SHA1_HMAC
>            CRYPTO_RIPEMD160_HMAC
>            CRYPTO_MD5_KPDK
>            CRYPTO_SHA1_KPDK
>            CRYPTO_AES_CBC
>            CRYPTO_ARC4
>            CRYPTO_MD5
>            CRYPTO_SHA1
>            CRK_MOD_EXP
>            CRK_MOD_EXP_CRT
>            CRK_DSA_SIGN
>            CRK_DSA_VERIFY
>            CRK_DH_COMPUTE_KEY
> 
> if its not listed there, it doesnt matter what card you have or what the 
> card potentially can do.

Yeah, i figured this was the problem. The driver/card only registered the
following schemes: RSA, DSA, DH, DES-CBC, DES-EDE3-CBC, AES-128-CBC

If i understand you and the manual correctly, no matter what the card
supports, crytodev only supports the list you mentioned above?
How do you read such a list. Does that mean a scheme like DES-CBC-SHA
could possibly be supported? Or can only the 2 seperate schemes
of DES_CBC and SHA1 be accelerated? 

If the latter, is there a way to find out what schemes different cards will
register before buying them? :) Some cards have their own engine, so are
seperate from cryptodev.. right?

Cor

Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20040717094835.GB87292>