Date: Thu, 10 Jul 2008 13:09:04 +0200 From: Patrick =?ISO-8859-15?Q?Lamaizi=E8re?= <patfbsd@davenulle.org> To: Mike Tancsa <mike@sentex.net> Cc: freebsd-stable@freebsd.org Subject: Re: AMD Geode LX crypto accelerator (glxsb) Message-ID: <20080710130904.6c06fdfb@baby-jane-lamaiziere-net.local> In-Reply-To: <200807091931.m69JVWej032290@lava.sentex.ca> References: <20080606234135.46144207@baby-jane-lamaiziere-net.local> <20080622170507.5ac469d2@baby-jane-lamaiziere-net.local> <200807091931.m69JVWej032290@lava.sentex.ca>
next in thread | previous in thread | raw e-mail | index | archive | help
Le Wed, 09 Jul 2008 15:31:30 -0400, Mike Tancsa <mike@sentex.net> a écrit : > Without the module loaded, I can do something simple like > glxsb0: detached > glxsb0: <AMD Geode LX Security Block > (AES-128-CBC,RNG)> mem 0xa0000000-0xa0003fff irq 10 at device 1.2 on > pci0 # sh s > The result of line 1: Invalid argument. > The result of line 2: Invalid argument. > > What is the proper AES encryption to use for > IPSEC ? Why is there a difference in syntax > ? I've found, i think. The Geode handles only AES with a 128 bits key. When setkey/ipsec opens a crypto session, the driver returns an error (EINVAL) if the key length is != 128. So setkey fails. There is no way to tell to the crypto framework that we can do only AES with 128 bits keys. It is a problem in this case. I don't have any solution, I can just add a BUG section in the man page for this case. Thank you for the report. Regards.
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20080710130904.6c06fdfb>