seeking current supported crypto co-processors
Andre Oppermann
andre at freebsd.org
Fri Sep 3 06:33:52 UTC 2010
On 03.09.2010 02:35, Ricky Charlet wrote:
> Howdy, <this messages is cross posted in freebsd-security and freebsd-net>
>
> I'm seeking current cryptographic coprocessors supported in FreeBSD 8.x. By perusing through the
> crypto-dev (and subsequently referenced) man page(s) I found this list: Hifn
> 7751/7951/7811/7955/7956 crypto accelerator SafeNet 1141/1741 Bluesteel 5501/5601 Broadcom
> bcm5801/5802/5805/5820/5821/5822/5823/5825
>
> Those are all pretty old (and in some cases, no longer existent). I'm surveying these lists to
> see if anyone knows of more modern chips working with FreeBSD 8.x. Or if you feel some chip on
> the list above is up to the task of near about 1 Gb throughput across a PCIe and has friendly
> vendor support for FreeBSD, I'd sure like to hear about that too.
What cypto algorithms do you need? Stream encryption and/or PKI KEX?
For AES stream encrpytion there are some CPU's that directly support
the crypto primitives on the silicon. For newer x86/amd64 CPU's see:
http://en.wikipedia.org/wiki/AES_instruction_set
A number of VIA x86 CPU's have supported a set of crypto algorithms
inlcuding stream cyphers, cryptographic hashing and RSA for quite some
time on their silicon.
http://www.via.com.tw/en/initiatives/padlock/hardware.jsp
Other than that there are some embedded crypto engines with their own
(mostly MIPS based) single and multi-core CPU's. AKAIK they have a
FreeBSD API and the FreeBSD MIPS port should work on at least some of
them:
http://www.caviumnetworks.com/
Cavium also has some plug-in crypto accelerator cards under the brand
name Nitrox. IIRC they have some drivers for FreeBSD available.
--
Andre
More information about the freebsd-security
mailing list