On Mon, Dec 13, 2010 at 10:27:00AM -0500, Mike Tancsa wrote: > While doing some testing with the aesni driver, it seems some ciphers are > registered with openssl and some are not. > > e.g. if I start an ssh session using aes128, I see the following > > [pyroxene]% ssh -c aes128-cbc smarthost1 "cryptostats" | grep sym > 654198 symmetric crypto ops (0 errors, 0 times driver blocked) > [pyroxene]% ssh -c aes128-cbc smarthost1 "cryptostats" | grep sym > 654225 symmetric crypto ops (0 errors, 0 times driver blocked) > [pyroxene]% > > ie it shows the hardware transformation count increasing. But if I do aes > 192 or 256, it does not > > [pyroxene]% ssh -c aes256-cbc smarthost1 "cryptostats" | grep sym > 654231 symmetric crypto ops (0 errors, 0 times driver blocked) > [pyroxene]% ssh -c aes192-cbc smarthost1 "cryptostats" | grep sym > 654231 symmetric crypto ops (0 errors, 0 times driver blocked) > [pyroxene]% ssh -c aes192-cbc smarthost1 "cryptostats" | grep sym > 654231 symmetric crypto ops (0 errors, 0 times driver blocked) > [pyroxene]% ssh -c aes192-cbc smarthost1 "cryptostats" | grep sym > 654231 symmetric crypto ops (0 errors, 0 times driver blocked) > [pyroxene]% > Yet the are supposed to be supported, no ? Where in openssl is this > configured ? The padlock driver does the same thing > > % ssh -c aes256-cbc smarthost1 "cryptotest -z" > 0.000 sec, 2 aes crypts, 16 bytes, 4000000 byte/sec, > 30.5 Mb/sec > 0.000 sec, 2 aes crypts, 32 bytes, 16000000 byte/sec, > 122.1 Mb/sec > 0.000 sec, 2 aes crypts, 64 bytes, 32000000 byte/sec, > 244.1 Mb/sec > 0.000 sec, 2 aes crypts, 128 bytes, 64000000 byte/sec, > 488.3 Mb/sec > 0.000 sec, 2 aes crypts, 256 bytes, 128000000 byte/sec, > 976.6 Mb/sec > 0.000 sec, 2 aes crypts, 512 bytes, 170666667 byte/sec, > 1302.1 Mb/sec > 0.000 sec, 2 aes crypts, 1024 bytes, 292571429 byte/sec, > 2232.1 Mb/sec > 0.000 sec, 2 aes crypts, 2048 bytes, 455111111 byte/sec, > 3472.2 Mb/sec > 0.000 sec, 2 aes crypts, 4096 bytes, 512000000 byte/sec, > 3906.2 Mb/sec > 0.000 sec, 2 aes crypts, 8192 bytes, 420102564 byte/sec, > 3205.1 Mb/sec > 0.000 sec, 2 aes192 crypts, 16 bytes, 8000000 byte/sec, > 61.0 Mb/sec > 0.000 sec, 2 aes192 crypts, 32 bytes, 16000000 byte/sec, > 122.1 Mb/sec > 0.000 sec, 2 aes192 crypts, 64 bytes, 32000000 byte/sec, > 244.1 Mb/sec > 0.000 sec, 2 aes192 crypts, 128 bytes, 64000000 byte/sec, > 488.3 Mb/sec > 0.000 sec, 2 aes192 crypts, 256 bytes, 128000000 byte/sec, > 976.6 Mb/sec > 0.000 sec, 2 aes192 crypts, 512 bytes, 204800000 byte/sec, > 1562.5 Mb/sec > 0.000 sec, 2 aes192 crypts, 1024 bytes, 341333333 byte/sec, > 2604.2 Mb/sec > 0.000 sec, 2 aes192 crypts, 2048 bytes, 409600000 byte/sec, > 3125.0 Mb/sec > 0.000 sec, 2 aes192 crypts, 4096 bytes, 546133333 byte/sec, > 4166.7 Mb/sec > 0.000 sec, 2 aes192 crypts, 8192 bytes, 496484848 byte/sec, > 3787.9 Mb/sec > 0.000 sec, 2 aes256 crypts, 16 bytes, 10666667 byte/sec, > 81.4 Mb/sec > 0.000 sec, 2 aes256 crypts, 32 bytes, 21333333 byte/sec, > 162.8 Mb/sec > 0.000 sec, 2 aes256 crypts, 64 bytes, 32000000 byte/sec, > 244.1 Mb/sec > 0.000 sec, 2 aes256 crypts, 128 bytes, 51200000 byte/sec, > 390.6 Mb/sec > 0.000 sec, 2 aes256 crypts, 256 bytes, 102400000 byte/sec, > 781.2 Mb/sec > 0.000 sec, 2 aes256 crypts, 512 bytes, 204800000 byte/sec, > 1562.5 Mb/sec > 0.000 sec, 2 aes256 crypts, 1024 bytes, 292571429 byte/sec, > 2232.1 Mb/sec > 0.000 sec, 2 aes256 crypts, 2048 bytes, 409600000 byte/sec, > 3125.0 Mb/sec > 0.000 sec, 2 aes256 crypts, 4096 bytes, 512000000 byte/sec, > 3906.2 Mb/sec > 0.000 sec, 2 aes256 crypts, 8192 bytes, 442810811 byte/sec, > 3378.4 Mb/secW
From my reading of src/crypto/openssl/crypto/engine/eng_cryptodev.c, and browsing http://cvs.openssl.org/rlog?f=openssl/crypto/engine/eng_cryptodev.c it seems that only OpenSSL HEAD and 1.0 branch have support for AES-192 and AES-256 when working with /dev/crypto.
pgp0dhrqHFg74.pgp
Description: PGP signature
