From owner-freebsd-current@FreeBSD.ORG  Tue May 18 20:12:02 2010
Return-Path: <owner-freebsd-current@FreeBSD.ORG>
Delivered-To: freebsd-current@FreeBSD.org
Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34])
	by hub.freebsd.org (Postfix) with ESMTP id 293561065679;
	Tue, 18 May 2010 20:12:02 +0000 (UTC)
	(envelope-from fabien.thomas@netasq.com)
Received: from work.netasq.com (mars.netasq.com [91.212.116.3])
	by mx1.freebsd.org (Postfix) with ESMTP id 6ABD28FC13;
	Tue, 18 May 2010 20:12:00 +0000 (UTC)
Received: from [192.168.0.1] (unknown [172.16.0.46])
	by work.netasq.com (Postfix) with ESMTPSA id C5A48740098;
	Tue, 18 May 2010 22:11:22 +0200 (CEST)
Mime-Version: 1.0 (Apple Message framework v1078)
Content-Type: text/plain; charset=us-ascii
From: Fabien Thomas <fabien.thomas@netasq.com>
In-Reply-To: <20100518184132.GA83316@deviant.kiev.zoral.com.ua>
Date: Tue, 18 May 2010 22:11:54 +0200
Content-Transfer-Encoding: quoted-printable
Message-Id: <56750197-F1C1-45AC-AA6B-72FBA02F24C5@netasq.com>
References: <20100515100401.GT83316@deviant.kiev.zoral.com.ua>
	<20100518153019.GA1699@garage.freebsd.pl>
	<20100518184132.GA83316@deviant.kiev.zoral.com.ua>
To: Kostik Belousov <kostikbel@gmail.com>
X-Mailer: Apple Mail (2.1078)
Cc: freebsd-current@FreeBSD.org, Pawel Jakub Dawidek <pjd@FreeBSD.org>,
	freebsd-amd64@FreeBSD.org
Subject: Re: AESNI driver and fpu_kern KPI
X-BeenThere: freebsd-current@freebsd.org
X-Mailman-Version: 2.1.5
Precedence: list
List-Id: Discussions about the use of FreeBSD-current
	<freebsd-current.freebsd.org>
List-Unsubscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-current>, 
	<mailto:freebsd-current-request@freebsd.org?subject=unsubscribe>
List-Archive: <http://lists.freebsd.org/pipermail/freebsd-current>
List-Post: <mailto:freebsd-current@freebsd.org>
List-Help: <mailto:freebsd-current-request@freebsd.org?subject=help>
List-Subscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-current>,
	<mailto:freebsd-current-request@freebsd.org?subject=subscribe>
X-List-Received-Date: Tue, 18 May 2010 20:12:02 -0000

>=20
>>=20
>> - Unfortunately the driver in its current version can't be used with
>>  IPsec and with GELI where authentication is enabled. This is because
>>  the driver doesn't support sessions where both encryption and
>>  authentication is defined. Do you have plans to change it?
>>  I saw that you based crypto(9) bits on padlock, which does support
>>  sessions with authentication by calculating hashes in software.
> My goal was to develop fpu_kern_enter() KPI. I used the AESNI as an
> opportunity to test the KPI in real application. I may consider adding
> software-implemented authentification sometime later. I would not =
object
> if anybody do this instead of me.

Today I've tested the patch with the same "issue" with IPsec,
i've quickly re-included the same keyed hash function than padlock to =
test,
tomorrow I will test again and I will post a patch if it works well.

A minor things: aesni only compile as a module.

Another idea for Sha1 would be to integrate the new version from intel
=
http://software.intel.com/en-us/articles/improving-the-performance-of-the-=
secure-hash-algorithm-1/
but it seems the 32bits version is not available at this time (and same
licencing issue).

Regards,
Fabien