From owner-freebsd-mips@FreeBSD.ORG Tue Jun 25 17:02:08 2013 Return-Path: Delivered-To: mips@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:1900:2254:206a::19:1]) by hub.freebsd.org (Postfix) with ESMTP id 456EEA34 for ; Tue, 25 Jun 2013 17:02:08 +0000 (UTC) (envelope-from juli@clockworksquid.com) Received: from mail-la0-x22c.google.com (mail-la0-x22c.google.com [IPv6:2a00:1450:4010:c03::22c]) by mx1.freebsd.org (Postfix) with ESMTP id C5441186D for ; Tue, 25 Jun 2013 17:02:07 +0000 (UTC) Received: by mail-la0-f44.google.com with SMTP id er20so12615059lab.17 for ; Tue, 25 Jun 2013 10:02:06 -0700 (PDT) X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=20120113; h=mime-version:sender:in-reply-to:references:from:date :x-google-sender-auth:message-id:subject:to:cc:content-type :x-gm-message-state; bh=IXEFXVsk4g0vyMh28aH2ORsI/CdMLMyQnoyFNyGgAIU=; b=pEJL4JJ4zr+yzhiSzFGEH0iyEKcpi0El662bdN8i6+vmZ/yr6j/XJrU4kyci2eQLm0 b7OGZDsWdnN5Vcijs0MOmGbN0UJvYTl+45hOAYXgFBSfGlm/aigP7JnWrVvsC41CQ6yj jGtEb+EswwINc16HM25WZdaqRwMeaWyf4WfaRTB7poqvPsxfg1pa6HJ+K75pH2eTs+J4 GEP+A59EroqJoTU70CbFlY88ZTnaXiHXOeS037RCbigG5fHf38B6GUryW1YJ+Cr0pj0q L+An3YSm7T40dMUhGHsMTfO+Kc4fyqse4l9hOCjfPWwoO49bp46RarxsWQTf2B3dPN4L 9ivg== X-Received: by 10.152.2.201 with SMTP id 9mr13742776law.84.1372179726656; Tue, 25 Jun 2013 10:02:06 -0700 (PDT) MIME-Version: 1.0 Sender: juli@clockworksquid.com Received: by 10.152.113.231 with HTTP; Tue, 25 Jun 2013 10:01:45 -0700 (PDT) In-Reply-To: <51C9BFE6.20701@rewt.org.uk> References: <51C9BFE6.20701@rewt.org.uk> From: Juli Mallett Date: Tue, 25 Jun 2013 10:01:45 -0700 X-Google-Sender-Auth: TEwye1VwxbiDHLJqfCH25UtSUcc Message-ID: Subject: Re: AES-GCM/Hardware crypto for Octeon To: Joe Holden Content-Type: text/plain; charset=UTF-8 X-Gm-Message-State: ALoCoQk78Eb9EBOWVqUfH96CF5eymrCYIJdXc8cOj0Z5lYEyNxyPjMhmoh4Xym2mhEsh1mxLWdsV Cc: "freebsd-mips@FreeBSD.org" X-BeenThere: freebsd-mips@freebsd.org X-Mailman-Version: 2.1.14 Precedence: list List-Id: Porting FreeBSD to MIPS List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Tue, 25 Jun 2013 17:02:08 -0000 Rather than using a cryptodev, you can actually use the crypto coprocessor from userland. I remember looking at AES-GCM once, and I think it includes some instructions or coprocessor features that make implementing GCM easier, but it's not like the hardware will directly do AES in Galois Counter Mode for you. I could be misremembering. If you look at the cvmx-asm.h file in sys/contrib/octeon-sdk you can see what the interfaces for crypto offload are like, and you can see (somewhat convoluted) sample code using them in sys/mips/cavium/cryptocteon. There are patches to OpenSSL to use the crypto coprocessor directly, but they're certainly not in our tree, and I don't think there's a version of OpenSSL that ships with them. Are you just wanting AES-GCM to go faster across the whole OS, with SSH, etc., or do you have a specialized application that you want it for? If the latter, I'd encourage you to consider getting someone to throw together code to use the crypto coprocessor that's tailored to your application. Thanks, Juli. On Tue, Jun 25, 2013 at 9:05 AM, Joe Holden wrote: > Hi, > > Is the hardware crypto used by OpenCrypto/OpenSSL on the Octeon Plus range? > Other than specifying cryptodev engine, is there a way to make sure that > it's being used? > > Also, according to the Cavium product brief, the coprocessor supports > AES-GCM, I can't work out if it's actually supported in OpenSSL as the > patches seem to be geared towards Intel's hardware assisted variant - is > this supportable on the current tree, or will it require extra patches/work > (perhaps upstream?) > > Cheers, > Joe