From owner-freebsd-security@FreeBSD.ORG Fri Sep 3 06:33:52 2010 Return-Path: Delivered-To: freebsd-security@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34]) by hub.freebsd.org (Postfix) with ESMTP id 3ABC71065714 for ; Fri, 3 Sep 2010 06:33:52 +0000 (UTC) (envelope-from andre@freebsd.org) Received: from c00l3r.networx.ch (c00l3r.networx.ch [62.48.2.2]) by mx1.freebsd.org (Postfix) with ESMTP id 9ECA58FC16 for ; Fri, 3 Sep 2010 06:33:51 +0000 (UTC) Received: (qmail 22018 invoked from network); 3 Sep 2010 06:04:16 -0000 Received: from localhost (HELO [127.0.0.1]) ([127.0.0.1]) (envelope-sender ) by c00l3r.networx.ch (qmail-ldap-1.03) with SMTP for ; 3 Sep 2010 06:04:16 -0000 Message-ID: <4C80908D.9030106@freebsd.org> Date: Fri, 03 Sep 2010 08:07:09 +0200 From: Andre Oppermann User-Agent: Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.9.2.8) Gecko/20100802 Thunderbird/3.1.2 MIME-Version: 1.0 To: Ricky Charlet References: <32AB5C9615CC494997D9ABB1DB12783C024C8DE03A@SJ-EXCH-1.adaranet.com> In-Reply-To: <32AB5C9615CC494997D9ABB1DB12783C024C8DE03A@SJ-EXCH-1.adaranet.com> Content-Type: text/plain; charset=ISO-8859-1; format=flowed Content-Transfer-Encoding: 7bit X-Mailman-Approved-At: Fri, 03 Sep 2010 11:16:12 +0000 Cc: "freebsd-security@freebsd.org" , "freebsd-net@freebsd.org" Subject: Re: seeking current supported crypto co-processors X-BeenThere: freebsd-security@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: "Security issues \[members-only posting\]" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Fri, 03 Sep 2010 06:33:52 -0000 On 03.09.2010 02:35, Ricky Charlet wrote: > Howdy, > > I'm seeking current cryptographic coprocessors supported in FreeBSD 8.x. By perusing through the > crypto-dev (and subsequently referenced) man page(s) I found this list: Hifn > 7751/7951/7811/7955/7956 crypto accelerator SafeNet 1141/1741 Bluesteel 5501/5601 Broadcom > bcm5801/5802/5805/5820/5821/5822/5823/5825 > > Those are all pretty old (and in some cases, no longer existent). I'm surveying these lists to > see if anyone knows of more modern chips working with FreeBSD 8.x. Or if you feel some chip on > the list above is up to the task of near about 1 Gb throughput across a PCIe and has friendly > vendor support for FreeBSD, I'd sure like to hear about that too. What cypto algorithms do you need? Stream encryption and/or PKI KEX? For AES stream encrpytion there are some CPU's that directly support the crypto primitives on the silicon. For newer x86/amd64 CPU's see: http://en.wikipedia.org/wiki/AES_instruction_set A number of VIA x86 CPU's have supported a set of crypto algorithms inlcuding stream cyphers, cryptographic hashing and RSA for quite some time on their silicon. http://www.via.com.tw/en/initiatives/padlock/hardware.jsp Other than that there are some embedded crypto engines with their own (mostly MIPS based) single and multi-core CPU's. AKAIK they have a FreeBSD API and the FreeBSD MIPS port should work on at least some of them: http://www.caviumnetworks.com/ Cavium also has some plug-in crypto accelerator cards under the brand name Nitrox. IIRC they have some drivers for FreeBSD available. -- Andre