From owner-freebsd-stable@FreeBSD.ORG  Mon Jan 26 08:30:32 2004
Return-Path: <owner-freebsd-stable@FreeBSD.ORG>
Delivered-To: freebsd-stable@freebsd.org
Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125])
	by hub.freebsd.org (Postfix) with ESMTP id CD7A416A4CE
	for <stable@freebsd.org>; Mon, 26 Jan 2004 08:30:32 -0800 (PST)
Received: from smtpout.mac.com (A17-250-248-84.apple.com [17.250.248.84])
	by mx1.FreeBSD.org (Postfix) with ESMTP id 3121E43D31
	for <stable@freebsd.org>; Mon, 26 Jan 2004 08:30:29 -0800 (PST)
	(envelope-from cswiger@mac.com)
Received: from mac.com (smtpin08-en2 [10.13.10.153])
	by smtpout.mac.com (8.12.6/MantshX 2.0) with ESMTP id i0QGUJ4O011655;
	Mon, 26 Jan 2004 08:30:19 -0800 (PST)
Received: from [192.168.1.6] (pool-68-160-236-34.ny325.east.verizon.net
	[68.160.236.34])	(authenticated bits=0)i0QGUGIc028272;
	Mon, 26 Jan 2004 08:30:19 -0800 (PST)
In-Reply-To: <20040126155600.GB230@e-card.bg>
References: <20040126091424.GI688@e-card.bg>
	<6889E365-5016-11D8-B821-003065A20588@mac.com>
	<20040126155600.GB230@e-card.bg>
Mime-Version: 1.0 (Apple Message framework v609)
Content-Type: text/plain; charset=US-ASCII; format=flowed
Message-Id: <EFEE6595-501C-11D8-B821-003065A20588@mac.com>
Content-Transfer-Encoding: 7bit
From: Charles Swiger <cswiger@mac.com>
Date: Mon, 26 Jan 2004 11:30:22 -0500
To: Rumen Telbizov <altares@e-card.bg>
X-Mailer: Apple Mail (2.609)
cc: stable@freebsd.org
Subject: Re: FreeBSD + Rainbow Cryptoswift
X-BeenThere: freebsd-stable@freebsd.org
X-Mailman-Version: 2.1.1
Precedence: list
List-Id: Production branch of FreeBSD source code
	<freebsd-stable.freebsd.org>
List-Unsubscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-stable>,
	<mailto:freebsd-stable-request@freebsd.org?subject=unsubscribe>
List-Archive: <http://lists.freebsd.org/pipermail/freebsd-stable>
List-Post: <mailto:freebsd-stable@freebsd.org>
List-Help: <mailto:freebsd-stable-request@freebsd.org?subject=help>
List-Subscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-stable>,
	<mailto:freebsd-stable-request@freebsd.org?subject=subscribe>
X-List-Received-Date: Mon, 26 Jan 2004 16:30:33 -0000

On Jan 26, 2004, at 10:56 AM, Rumen Telbizov wrote:
[ ... ]
> I don't see anything related to RSA computations?!
> Do you see any real acceleration in the RSA operations
> while using this card or there is NO support for RSA in
> the crypto device ?

It might be worth asking the author of cryptodev and hifn whether the 
manpage is current with regard to RSA support.  For my purposes, adding 
entropy and speeding up 3DES for ssh is useful, but you are right that 
HTTPS acceleration will want RSA.

The hifn cards will do ARC4/MD5/SHA, which is still helpful to your 
situation, but doing SSL session startup with a 1024-bit RSA server 
certificate tends to be the hit that slows down a busy site, not 
streaming 40/128-bit encryption afterwards.

Here's the results of an "openssl speed" on a machine with a 933MHz 
Tualatin:

OpenSSL 0.9.7c 30 Sep 2003
built on: Mon Jan 19 17:09:38 EST 2004
options:bn(64,32) md2(int) rc4(idx,int) des(ptr,risc1,16,long) 
aes(partial) blowfish(idx)
compiler: cc
available timing options: USE_TOD HZ=128 [sysconf value]
timing function used: getrusage
The 'numbers' are in 1000s of bytes per second processed.
type             16 bytes     64 bytes    256 bytes   1024 bytes   8192 
bytes
md2                620.93k     1321.03k     1840.87k     2043.58k     
2109.85k
mdc2              1216.23k     1340.13k     1379.00k     1386.49k     
1392.69k
md4               5238.60k    18516.78k    53933.28k   103206.39k   
141003.58k
md5               3403.53k    10198.36k    23224.80k    34163.24k    
39580.86k
hmac(md5)         1853.72k     6250.73k    17093.20k    30202.23k    
38852.70k
sha1              3834.47k     9754.21k    23442.41k    36293.86k    
43284.01k
rmd160            3402.43k     9754.38k    20798.38k    28830.32k    
32526.01k
rc4              63056.66k    72429.52k    76481.40k    76876.09k    
77175.42k
des cbc           5793.26k     5932.76k     5974.18k     5984.65k     
5987.75k
des ede3          2522.17k     2549.38k     2560.15k     2562.74k     
2565.13k
idea cbc             0.00         0.00         0.00         0.00        
  0.00
rc2 cbc           7170.32k     7373.37k     7451.72k     7474.13k     
7527.15k
rc5-32/12 cbc    36376.64k    42649.09k    45031.39k    45666.52k    
45844.24k
blowfish cbc     15556.50k    16535.16k    16851.46k    16930.07k    
16962.81k
cast cbc         15316.29k    16194.30k    16490.12k    16564.61k    
16580.42k
aes-128 cbc      14087.20k    14768.17k    14920.34k    14969.05k    
14981.57k
aes-192 cbc      12415.22k    12648.94k    12721.03k    12741.74k    
12740.70k
aes-256 cbc      11021.74k    11247.24k    11286.85k    11298.91k    
11300.38k
                   sign    verify    sign/s verify/s
rsa  512 bits   0.0031s   0.0003s    326.2   3032.8
rsa 1024 bits   0.0161s   0.0009s     61.9   1114.6
rsa 2048 bits   0.0959s   0.0029s     10.4    346.7
rsa 4096 bits   0.6236s   0.0098s      1.6    101.9
                   sign    verify    sign/s verify/s
dsa  512 bits   0.0026s   0.0033s    382.9    304.3
dsa 1024 bits   0.0079s   0.0097s    126.8    102.6
dsa 2048 bits   0.0263s   0.0319s     38.1     31.3
396.70s real  395.67s user  0.03s system  99%

-- 
-Chuck