John Case
2009-Oct-14 18:24 UTC
FreeBSD equivalent to Sun crypto framework APIs (PKCS#11) (for hardware AES-CTR)
There are a number of hardware solutions for performing AES-CTR in hardware - for example the broadcom BCM5825, which is supported by the ubsec driver. The problem is that OpenSSL does not currently support hardware acceleration of AES-CTR. The solution on a Sun system is to use the Sun crypto framework APIs (PKCS#11) which does support AES-CTR in hardware. Is there an analagous API in FreeBSD that I could implement in my code so as to use the hardware AES-CTR of devices supported by ubsec ? Or do I need to directly manipulate ubsec with my actual application in order to do this ?
RW
2009-Oct-14 22:54 UTC
FreeBSD equivalent to Sun crypto framework APIs (PKCS#11) (for hardware AES-CTR)
On Wed, 14 Oct 2009 18:02:36 +0000 (UTC) John Case <case@sdf.lonestar.org> wrote:> > There are a number of hardware solutions for performing AES-CTR in > hardware - for example the broadcom BCM5825, which is supported by > the ubsec driver. > > The problem is that OpenSSL does not currently support hardware > acceleration of AES-CTR. The solution on a Sun system is to use the > Sun crypto framework APIs (PKCS#11) which does support AES-CTR in > hardware. > > Is there an analagous API in FreeBSD that I could implement in my > code so as to use the hardware AES-CTR of devices supported by ubsec ?Aside from crypto(3) (OpenSSL), there's also crypto(9) (kernel) and crypto(4) (userland), but they don't appear to support CTR - just CBC.
John Case
2009-Oct-16 05:04 UTC
FreeBSD equivalent to Sun crypto framework APIs (PKCS#11) (for hardware AES-CTR)
> There are a number of hardware solutions for performing AES-CTR in > hardware - for example the broadcom BCM5825, which is supported by > the ubsec driver. > > The problem is that OpenSSL does not currently support hardware > acceleration of AES-CTR. The solution on a Sun system is to use the > Sun crypto framework APIs (PKCS#11) which does support AES-CTR in > hardware. > > Is there an analagous API in FreeBSD that I could implement in my > code so as to use the hardware AES-CTR of devices supported by ubsec ?> Aside from crypto(3) (OpenSSL), there's also crypto(9) (kernel) and > crypto(4) (userland), but they don't appear to support CTR - just CBC.Understood. How difficult or trivial would it be to add AES-CTR to either crypto(9) or crypto(4) ? Are those just derived from OpenSSL in some way anyway ? If not, who is responsible for this kind of work ?