Skip site navigation (1)Skip section navigation (2) 
Date:      Wed, 3 Jul 2002 13:46:16 -0700
From:      "Sam Leffler" <sam@errno.com>
To:        <freebsd-arch@freebsd.org>
Subject:   status of hardware crypto support
Message-ID:  <05c801c222d2$ad797550$52557f42@errno.com>
next in thread | raw e-mail | index | archive | help 
This is a short note about the status of my work to port openbsd's support
for hardware crypto devices to freebsd.  I've had a patch available
for -stable for a while that provides the openbsd kernel framework and a
port of the device driver for various Hifn parts (e.g. 7751, 7951, 7811).
In the past few weeks I've made major progress changing the KAME IPSEC code
to use this framework, again in the style done by openbsd (using
continuations to break up the input and output packet processing paths).  At
this point I have almost all aspects of IPv4-based IPSEC tested and working.
There are some minor issues like support of the old-style AH protocol and
keyed- MD5 and SHA1 AH algorithms, and I have yet to do any IPv6-based
testing.

In addition to the IPSEC work I've been talking to various hardware vendors
about support for their products in FreeBSD.  I now have Hifn-based cards of
various flavors, and a Broadcom card for testing.  I'm supposed to receive
more hardware in the near future.  I will be porting drivers for each of
these cards from openbsd.

Finally, I've been in touch with both openbsd and netbsd folks.  My intent
is to provide a common API for in-kernel and user-mode access to hardware
crypto support.  This will let everyone share application code (e.g. OpenSSL
already done by openbsd) and reduce the effort required to port device
drivers between the various systems.

All my work so far has been in -stable, but I hope to port the work
to -current soon.  A goal is to get the kernel crypto device framework into
the 5.0 release.  I've been in touch with the KAME folks and will continue
to discuss my IPSEC mods with them.

My immediate work is to do performance analysis and tuning, and stress
testing.  Once I've completed that work I'll make the changes generally
available.

Special thanks to Vernier Networks who has been supporting this work and to
GTGI who has provided crypto hardware.

    Sam


To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-arch" in the body of the message

Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?05c801c222d2$ad797550$52557f42>