Skip site navigation (1)Skip section navigation (2)
Date:      Fri, 25 Jan 2008 22:33:54 +0100
From:      Chargen <chargen@gmail.com>
To:        freebsd-current@freebsd.org
Subject:   CUR: /usr/sbin/config and hardcoding eng_cryptodev.c to work with HIFN 795X and only aes-128-cbc supported
Message-ID:  <292361ab0801251333v43896313qd6f8c9103870eda@mail.gmail.com>

next in thread | raw e-mail | index | archive | help
Dear all,

I don't know which branch or maillist to subscribe to  discuss these issues

I found a some things,

1. concerning  /usr/sbin/config {kernelname}

packetstorm# pwd
/usr/src/sys/i386/conf
packetstorm# config santaclaus
config: santaclaus: No such file or directory

packetstorm# ls -alrt ../compile/
total 32
-rw-r--r--   1 root  wheel     13 Jul  2  2001 .cvsignore
drwxr-xr-x  15 root  wheel    512 Jan 21 23:33 ..
drwxr-xr-x   2 root  wheel    512 Jan 23 20:51 santaclaus

I don't think the creation of this dir inode is intentional after config
fails to find a kernelconfiguration  :-)

packetstorm# uname -a
FreeBSD packetstorm 7.0-PRERELEASE FreeBSD 7.0-PRERELEASE #0: Thu Jan 24
03:37:11 CET 2008     root@packetstorm:/usr/src/sys/i386/compile/PACKETSTORM
i386


2. Hardware support for cryptodev -> wired to HIFN - crypto/OPENSSL/
eng_cryptodev.c

these are know issues , apparently the correct freebsd version isn't
properly checked or recognised, some fixes have spreading been around but
none are taken into 7)

(  options crypto, options cryptodev, device hifn   are included in my
kernelconfig)

I still have to hardcode eng_cryptodev.c in order to make openssl work with
my device hifn (7955 - soekris VPN140x)

packetstorm# diff /usr/src/crypto/openssl/crypto/engine/eng_cryptodev.c
/root/eng_cryptodev.c
44a45,47
> #include <sys/param.h>
> #  define HAVE_CRYPTODEV
>
1128a1132
>         ENGINE_set_default_ciphers(engine);

yes, dirty :-)


(dmesg :

hifn0 mem 0xfe12c000-0xfe12cfff,0xfe12a000-0xfe12bfff,0xfe120000-0xfe127fff
irq 25 at device 4.0 on pci0
hifn0: [ITHREAD]
hifn0: Hifn 7955, rev 0, 32KB dram, pll=0x801<ext clk, 4x mult> )

the following concerns the lack of AES-192/256-CBC support over HIFN795X
cryptocards

A)   AES-256-CBC   fails to pass over HIFN
packetstorm# time dd if=/dev/zero bs=1m count=2 | openssl aes-256-cbc -pass
pass:test -out /dev/null
2+0 records in
2+0 records out
2097152 bytes transferred in 0.081557 secs (25713931 bytes/sec)

packetstorm#
hifnstats
input 0 bytes 0 packets
output 0 bytes 0 packets
invalid 0 nomem 0 abort 0
noirq 0 unaligned 0
totbatch 0 maxbatch 0
nomem: map 0 load 0 mbuf 0 mcl 0 cr 0 sd 0


B) AES-128-CBC works (eng_cryptodev.c hardcoded to work )

packetstorm# time dd if=/dev/zero bs=1m count=2 | openssl aes-128-cbc -pass
pass:test -out /dev/null
2+0 records in
2+0 records out
2097152 bytes transferred in 0.124829 secs (16800191 bytes/sec)

packetstorm# hifnstats
input 2097168 bytes 513 packets
output 2097168 bytes 513 packets
invalid 0 nomem 0 abort 0
noirq 0 unaligned 0
totbatch 0 maxbatch 0
nomem: map 0 load 0 mbuf 0 mcl 0 cr 0 sd 0

systat -vmstat really shows HIFN takes ints when processing aes-128-cbc

packetstorm# sysctl -a | grep "cryp"
kern.cryptodevallowsoft: 0
kern.userasymcrypto: 0
net.inet.ipsec.crypto_support: 50331648
debug.crypto_timing: 0
hw.via_feature_xcrypt: 0
dev.cryptosoft.0.%desc: software crypto
dev.cryptosoft.0.%driver: cryptosoft
dev.cryptosoft.0.%parent: nexus0

packetstorm# dmesg | grep "cryp"
cryptosoft0: <software crypto> on motherboard



Kind regards,
and have a nice weekend all

Chargen



Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?292361ab0801251333v43896313qd6f8c9103870eda>