AESNI driver and fpu_kern KPI
Fabien Thomas
fabien.thomas at netasq.com
Tue May 18 20:12:02 UTC 2010
>
>>
>> - Unfortunately the driver in its current version can't be used with
>> IPsec and with GELI where authentication is enabled. This is because
>> the driver doesn't support sessions where both encryption and
>> authentication is defined. Do you have plans to change it?
>> I saw that you based crypto(9) bits on padlock, which does support
>> sessions with authentication by calculating hashes in software.
> My goal was to develop fpu_kern_enter() KPI. I used the AESNI as an
> opportunity to test the KPI in real application. I may consider adding
> software-implemented authentification sometime later. I would not object
> if anybody do this instead of me.
Today I've tested the patch with the same "issue" with IPsec,
i've quickly re-included the same keyed hash function than padlock to test,
tomorrow I will test again and I will post a patch if it works well.
A minor things: aesni only compile as a module.
Another idea for Sha1 would be to integrate the new version from intel
http://software.intel.com/en-us/articles/improving-the-performance-of-the-secure-hash-algorithm-1/
but it seems the 32bits version is not available at this time (and same
licencing issue).
Regards,
Fabien
More information about the freebsd-current
mailing list