FreeBSD equivalent to Sun crypto framework APIs (PKCS#11) (for
hardware AES-CTR)
John Case
case at sdf.lonestar.org
Fri Oct 16 02:26:47 UTC 2009
> There are a number of hardware solutions for performing AES-CTR in
> hardware - for example the broadcom BCM5825, which is supported by
> the ubsec driver.
>
> The problem is that OpenSSL does not currently support hardware
> acceleration of AES-CTR. The solution on a Sun system is to use the
> Sun crypto framework APIs (PKCS#11) which does support AES-CTR in
> hardware.
>
> Is there an analagous API in FreeBSD that I could implement in my
> code so as to use the hardware AES-CTR of devices supported by ubsec ?
> Aside from crypto(3) (OpenSSL), there's also crypto(9) (kernel) and
> crypto(4) (userland), but they don't appear to support CTR - just CBC.
Understood.
How difficult or trivial would it be to add AES-CTR to either crypto(9) or
crypto(4) ?
Are those just derived from OpenSSL in some way anyway ? If not, who is
responsible for this kind of work ?
More information about the freebsd-security
mailing list