CUR: /usr/sbin/config and hardcoding eng_cryptodev.c to work with
HIFN 795X and only aes-128-cbc supported
Chargen
chargen at gmail.com
Fri Jan 25 13:59:34 PST 2008
Dear all,
I don't know which branch or maillist to subscribe to discuss these issues
I found a some things,
1. concerning /usr/sbin/config {kernelname}
packetstorm# pwd
/usr/src/sys/i386/conf
packetstorm# config santaclaus
config: santaclaus: No such file or directory
packetstorm# ls -alrt ../compile/
total 32
-rw-r--r-- 1 root wheel 13 Jul 2 2001 .cvsignore
drwxr-xr-x 15 root wheel 512 Jan 21 23:33 ..
drwxr-xr-x 2 root wheel 512 Jan 23 20:51 santaclaus
I don't think the creation of this dir inode is intentional after config
fails to find a kernelconfiguration :-)
packetstorm# uname -a
FreeBSD packetstorm 7.0-PRERELEASE FreeBSD 7.0-PRERELEASE #0: Thu Jan 24
03:37:11 CET 2008 root at packetstorm:/usr/src/sys/i386/compile/PACKETSTORM
i386
2. Hardware support for cryptodev -> wired to HIFN - crypto/OPENSSL/
eng_cryptodev.c
these are know issues , apparently the correct freebsd version isn't
properly checked or recognised, some fixes have spreading been around but
none are taken into 7)
( options crypto, options cryptodev, device hifn are included in my
kernelconfig)
I still have to hardcode eng_cryptodev.c in order to make openssl work with
my device hifn (7955 - soekris VPN140x)
packetstorm# diff /usr/src/crypto/openssl/crypto/engine/eng_cryptodev.c
/root/eng_cryptodev.c
44a45,47
> #include <sys/param.h>
> # define HAVE_CRYPTODEV
>
1128a1132
> ENGINE_set_default_ciphers(engine);
yes, dirty :-)
(dmesg :
hifn0 mem 0xfe12c000-0xfe12cfff,0xfe12a000-0xfe12bfff,0xfe120000-0xfe127fff
irq 25 at device 4.0 on pci0
hifn0: [ITHREAD]
hifn0: Hifn 7955, rev 0, 32KB dram, pll=0x801<ext clk, 4x mult> )
the following concerns the lack of AES-192/256-CBC support over HIFN795X
cryptocards
A) AES-256-CBC fails to pass over HIFN
packetstorm# time dd if=/dev/zero bs=1m count=2 | openssl aes-256-cbc -pass
pass:test -out /dev/null
2+0 records in
2+0 records out
2097152 bytes transferred in 0.081557 secs (25713931 bytes/sec)
packetstorm#
hifnstats
input 0 bytes 0 packets
output 0 bytes 0 packets
invalid 0 nomem 0 abort 0
noirq 0 unaligned 0
totbatch 0 maxbatch 0
nomem: map 0 load 0 mbuf 0 mcl 0 cr 0 sd 0
B) AES-128-CBC works (eng_cryptodev.c hardcoded to work )
packetstorm# time dd if=/dev/zero bs=1m count=2 | openssl aes-128-cbc -pass
pass:test -out /dev/null
2+0 records in
2+0 records out
2097152 bytes transferred in 0.124829 secs (16800191 bytes/sec)
packetstorm# hifnstats
input 2097168 bytes 513 packets
output 2097168 bytes 513 packets
invalid 0 nomem 0 abort 0
noirq 0 unaligned 0
totbatch 0 maxbatch 0
nomem: map 0 load 0 mbuf 0 mcl 0 cr 0 sd 0
systat -vmstat really shows HIFN takes ints when processing aes-128-cbc
packetstorm# sysctl -a | grep "cryp"
kern.cryptodevallowsoft: 0
kern.userasymcrypto: 0
net.inet.ipsec.crypto_support: 50331648
debug.crypto_timing: 0
hw.via_feature_xcrypt: 0
dev.cryptosoft.0.%desc: software crypto
dev.cryptosoft.0.%driver: cryptosoft
dev.cryptosoft.0.%parent: nexus0
packetstorm# dmesg | grep "cryp"
cryptosoft0: <software crypto> on motherboard
Kind regards,
and have a nice weekend all
Chargen
More information about the freebsd-current
mailing list