Date: Tue, 25 Jun 2013 10:01:45 -0700 From: Juli Mallett <jmallett@FreeBSD.org> To: Joe Holden <lists@rewt.org.uk> Cc: "freebsd-mips@FreeBSD.org" <mips@freebsd.org> Subject: Re: AES-GCM/Hardware crypto for Octeon Message-ID: <CACVs6=_y3NFo3Pq8cDy_JvqCqPcGhk-O%2B%2BOWHCT68F-rdwExbQ@mail.gmail.com> In-Reply-To: <51C9BFE6.20701@rewt.org.uk> References: <51C9BFE6.20701@rewt.org.uk>
next in thread | previous in thread | raw e-mail | index | archive | help
Rather than using a cryptodev, you can actually use the crypto coprocessor from userland. I remember looking at AES-GCM once, and I think it includes some instructions or coprocessor features that make implementing GCM easier, but it's not like the hardware will directly do AES in Galois Counter Mode for you. I could be misremembering. If you look at the cvmx-asm.h file in sys/contrib/octeon-sdk you can see what the interfaces for crypto offload are like, and you can see (somewhat convoluted) sample code using them in sys/mips/cavium/cryptocteon. There are patches to OpenSSL to use the crypto coprocessor directly, but they're certainly not in our tree, and I don't think there's a version of OpenSSL that ships with them. Are you just wanting AES-GCM to go faster across the whole OS, with SSH, etc., or do you have a specialized application that you want it for? If the latter, I'd encourage you to consider getting someone to throw together code to use the crypto coprocessor that's tailored to your application. Thanks, Juli. On Tue, Jun 25, 2013 at 9:05 AM, Joe Holden <lists@rewt.org.uk> wrote: > Hi, > > Is the hardware crypto used by OpenCrypto/OpenSSL on the Octeon Plus range? > Other than specifying cryptodev engine, is there a way to make sure that > it's being used? > > Also, according to the Cavium product brief, the coprocessor supports > AES-GCM, I can't work out if it's actually supported in OpenSSL as the > patches seem to be geared towards Intel's hardware assisted variant - is > this supportable on the current tree, or will it require extra patches/work > (perhaps upstream?) > > Cheers, > Joe
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?CACVs6=_y3NFo3Pq8cDy_JvqCqPcGhk-O%2B%2BOWHCT68F-rdwExbQ>