Thanks Andre,
I'm hoping not to get too distracted by which algorithms I want
supported. To answer directly, I want the FIPS-140-2 algorithms in block modes
and optionally the Suite-B NSA stuff too.
http://csrc.nist.gov/publications/fips/fips140-2/fips1402annexa.pdf
http://www.nsa.gov/ia/programs/suiteb_cryptography/index.shtml
But the main thrust of my question is not what algs are supported by
what parts... but instead, are their PCIe attachable crypto co-processors with
current vendor support for FreeBSD8.x?
I appreciated your pointers to VIA and various MIPS and specifically
octeon processors. And I am newly enlightened by your pointers to very new
Intel parts coming out with cipher/hash support... that may help me in the near
future. But at the moment, I am currently bound to Intel parts without the AES
feature set.
If anyone else reading this thread want's to chime in with info about
current supported crypto co-processors that plug in via PCIe, please drop a
note.
---
Ricky Charlet
Adara Networks
USA 408-433-4942
-----Original Message-----
From: Andre Oppermann [mailto:an...@freebsd.org]
Sent: Thursday, September 02, 2010 11:07 PM
To: Ricky Charlet
Cc: freebsd-secur...@freebsd.org; freebsd-net@freebsd.org
Subject: Re: seeking current supported crypto co-processors
On 03.09.2010 02:35, Ricky Charlet wrote:
> Howdy, <this messages is cross posted in freebsd-security and freebsd-net>
>
> I'm seeking current cryptographic coprocessors supported in FreeBSD 8.x. By
> perusing through the
> crypto-dev (and subsequently referenced) man page(s) I found this list: Hifn
> 7751/7951/7811/7955/7956 crypto accelerator SafeNet 1141/1741 Bluesteel
> 5501/5601 Broadcom
> bcm5801/5802/5805/5820/5821/5822/5823/5825
>
> Those are all pretty old (and in some cases, no longer existent). I'm
> surveying these lists to
> see if anyone knows of more modern chips working with FreeBSD 8.x. Or if you
> feel some chip on
> the list above is up to the task of near about 1 Gb throughput across a PCIe
> and has friendly
> vendor support for FreeBSD, I'd sure like to hear about that too.
What cypto algorithms do you need? Stream encryption and/or PKI KEX?
For AES stream encrpytion there are some CPU's that directly support
the crypto primitives on the silicon. For newer x86/amd64 CPU's see:
http://en.wikipedia.org/wiki/AES_instruction_set
A number of VIA x86 CPU's have supported a set of crypto algorithms
inlcuding stream cyphers, cryptographic hashing and RSA for quite some
time on their silicon.
http://www.via.com.tw/en/initiatives/padlock/hardware.jsp
Other than that there are some embedded crypto engines with their own
(mostly MIPS based) single and multi-core CPU's. AKAIK they have a
FreeBSD API and the FreeBSD MIPS port should work on at least some of
them:
http://www.caviumnetworks.com/
Cavium also has some plug-in crypto accelerator cards under the brand
name Nitrox. IIRC they have some drivers for FreeBSD available.
--
Andre
_______________________________________________
freebsd-net@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-net
To unsubscribe, send any mail to "freebsd-net-unsubscr...@freebsd.org"
