Le Fri, 6 Jun 2008 23:41:35 +0200, Patrick Lamaizi?re <patfbsd@davenulle.org> a ?crit : Hello,> I'm trying to port the glxsb driver from OpenBSD to FreeBSD 7-STABLE > (via the NetBSD port). > " The glxsb driver supports the security block of the Geode LX > series processors. The Geode LX is a member of the AMD Geode family > of integrated x86 system chips. > > Driven by periodic checks for available data from the generator, > glxsb supplies entropy to the random(4) driver for common usage. > > glxsb also supports acceleration of AES-128-CBC operations for > crypto(4)."Well, I hope this is the final version. http://user.lamaiziere.net/patrick/glxsb-220608.tar.gz I added a patch for FreeBSD 6 but i'am not able to test it. On 7-STABLE, I've tested with hundred openssl encryptions and some flood pings under ipsec in the background. Looks good for me. If someone can test and review it, it would be cool. Thanks, Regards.
Patrick Lamaizi?re wrote:> Le Fri, 6 Jun 2008 23:41:35 +0200, > Patrick Lamaizi?re <patfbsd@davenulle.org> a ?crit : > > Hello, > >> I'm trying to port the glxsb driver from OpenBSD to FreeBSD 7-STABLE >> (via the NetBSD port). >> " The glxsb driver supports the security block of the Geode LX >> series processors. The Geode LX is a member of the AMD Geode family >> of integrated x86 system chips. >> >> Driven by periodic checks for available data from the generator, >> glxsb supplies entropy to the random(4) driver for common usage. >> >> glxsb also supports acceleration of AES-128-CBC operations for >> crypto(4)." > > Well, I hope this is the final version. > > http://user.lamaiziere.net/patrick/glxsb-220608.tar.gz > > I added a patch for FreeBSD 6 but i'am not able to test it. > > On 7-STABLE, I've tested with hundred openssl encryptions and some flood > pings under ipsec in the background. Looks good for me. > > If someone can test and review it, it would be cool.Hi, I'm having trouble testing it. My CPU is Geode LX: CPU: Geode(TM) Integrated Processor by AMD PCS (499.91-MHz 586-class CPU) Origin = "AuthenticAMD" Id = 0x5a2 Stepping = 2 Features=0x88a93d<FPU,DE,PSE,TSC,MSR,CX8,SEP,PGE,CMOV,CLFLUSH,MMX> AMD Features=0xc0400000<MMX+,3DNow!+,3DNow!> When loading the driver, it attaches: Jun 22 18:49:41 ursaminor kernel: cryptosoft0: <software crypto> on motherboard Jun 22 18:49:41 ursaminor kernel: glxsb0: <AMD Geode LX Security Block (AES-128-CBC,RNG)> mem 0xe0210000-0xe0213fff irq 11 at device 1.2 on pci0 I have the following klds loaded: 7 1 0xc3819000 4000 glxsb.ko 8 2 0xc389d000 23000 crypto.ko 9 2 0xc38c0000 a000 zlib.ko 10 1 0xc381e000 4000 cryptodev.ko Running openssl speed without cryptodev gives: > openssl speed aes-128-cbc To get the most accurate results, try to run this program when this computer is idle. Doing aes-128 cbc for 3s on 16 size blocks: 1005506 aes-128 cbc's in 0.98s Doing aes-128 cbc for 3s on 64 size blocks: 262185 aes-128 cbc's in 0.98s Doing aes-128 cbc for 3s on 256 size blocks: 66055 aes-128 cbc's in 0.97s Doing aes-128 cbc for 3s on 1024 size blocks: 16680 aes-128 cbc's in 0.98s Doing aes-128 cbc for 3s on 8192 size blocks: 2086 aes-128 cbc's in 0.98s OpenSSL 0.9.8e 23 Feb 2007 built on: Tue Apr 15 19:40:37 CEST 2008 options:bn(64,32) md2(int) rc4(idx,int) des(ptr,risc1,16,long) aes(partial) blowfish(idx) compiler: cc available timing options: USE_TOD HZ=128 [sysconf value] timing function used: getrusage The 'numbers' are in 1000s of bytes per second processed. type 16 bytes 64 bytes 256 bytes 1024 bytes 8192 bytes aes-128 cbc 16465.91k 17171.01k 17422.55k 17486.30k 17485.16k But running it with cryptodev gives: > openssl speed aes-128-cbc -engine cryptodev engine "cryptodev" set. To get the most accurate results, try to run this program when this computer is idle. Doing aes-128 cbc for 3s on 16 size blocks: 1007404 aes-128 cbc's in 0.97s Doing aes-128 cbc for 3s on 64 size blocks: 262177 aes-128 cbc's in 0.98s Doing aes-128 cbc for 3s on 256 size blocks: 66500 aes-128 cbc's in 0.98s Doing aes-128 cbc for 3s on 1024 size blocks: 16564 aes-128 cbc's in 0.97s Doing aes-128 cbc for 3s on 8192 size blocks: 2087 aes-128 cbc's in 0.98s OpenSSL 0.9.8e 23 Feb 2007 built on: Tue Apr 15 19:40:37 CEST 2008 options:bn(64,32) md2(int) rc4(idx,int) des(ptr,risc1,16,long) aes(partial) blowfish(idx) compiler: cc available timing options: USE_TOD HZ=128 [sysconf value] timing function used: getrusage The 'numbers' are in 1000s of bytes per second processed. type 16 bytes 64 bytes 256 bytes 1024 bytes 8192 bytes aes-128 cbc 16545.20k 17173.92k 17417.71k 17476.48k 17485.82k The results are practically the same. This is on 7-STABLE from April. -------------- next part -------------- A non-text attachment was scrubbed... Name: signature.asc Type: application/pgp-signature Size: 250 bytes Desc: OpenPGP digital signature Url : http://lists.freebsd.org/pipermail/freebsd-stable/attachments/20080622/055ee493/signature.pgp
On Sun, Jun 22, 2008 at 6:05 PM, Patrick Lamaizi?re <patfbsd@davenulle.org> wrote:> Le Fri, 6 Jun 2008 23:41:35 +0200, > Patrick Lamaizi?re <patfbsd@davenulle.org> a ?crit : > > Hello, > >> I'm trying to port the glxsb driver from OpenBSD to FreeBSD 7-STABLE >> (via the NetBSD port). >> " The glxsb driver supports the security block of the Geode LX >> series processors. The Geode LX is a member of the AMD Geode family >> of integrated x86 system chips. >> >> Driven by periodic checks for available data from the generator, >> glxsb supplies entropy to the random(4) driver for common usage. >> >> glxsb also supports acceleration of AES-128-CBC operations for >> crypto(4)." > > Well, I hope this is the final version. > > http://user.lamaiziere.net/patrick/glxsb-220608.tar.gz > > I added a patch for FreeBSD 6 but i'am not able to test it. > > On 7-STABLE, I've tested with hundred openssl encryptions and some flood > pings under ipsec in the background. Looks good for me. > > If someone can test and review it, it would be cool. > > Thanks, Regards.It compiles on without a problem on 6.2 and loads on my Soekris Net5501-70 running pfSense (6.2-RELEASE-p11) glxsb0: <AMD Geode LX Security Block (AES-128-CBC,RNG)> mem 0xa0000000-0xa0003fff irq 10 at device 1.2 on pci0 Thanks!, Niki
Patrick Lamaizi?re wrote:> Le Fri, 6 Jun 2008 23:41:35 +0200, > Patrick Lamaizi?re <patfbsd@davenulle.org> a ?crit : > > Hello, > >> I'm trying to port the glxsb driver from OpenBSD to FreeBSD 7-STABLE >> (via the NetBSD port). >> " The glxsb driver supports the security block of the Geode LX >> series processors. The Geode LX is a member of the AMD Geode family >> of integrated x86 system chips. >> >> Driven by periodic checks for available data from the generator, >> glxsb supplies entropy to the random(4) driver for common usage. >> >> glxsb also supports acceleration of AES-128-CBC operations for >> crypto(4)." > > Well, I hope this is the final version. > > http://user.lamaiziere.net/patrick/glxsb-220608.tar.gz > > I added a patch for FreeBSD 6 but i'am not able to test it. > > On 7-STABLE, I've tested with hundred openssl encryptions and some flood > pings under ipsec in the background. Looks good for me. > > If someone can test and review it, it would be cool.I don't know if you built it for this or not, but I just tested your module on 8-CURRENT (last supped May 19) and its working beautifully on an ALIX.3c1 (GeodeLX 700): Copyright (c) 1992-2008 The FreeBSD Project. Copyright (c) 1979, 1980, 1983, 1986, 1988, 1989, 1991, 1992, 1993, 1994 The Regents of the University of California. All rights reserved. FreeBSD is a registered trademark of The FreeBSD Foundation. FreeBSD 8.0-CURRENT #0: Thu Jun 5 22:44:20 EDT 2008 root@minibsd8-dev.localnet:/usr/obj/usr/src/sys/MINIBSD8 Timecounter "i8254" frequency 1193182 Hz quality 0 CPU: Geode(TM) Integrated Processor by AMD PCS (431.65-MHz 586-class CPU) Origin = "AuthenticAMD" Id = 0x5a2 Stepping = 2 Features=0x88a93d<FPU,DE,PSE,TSC,MSR,CX8,SEP,PGE,CMOV,CLFLUSH,MMX> AMD Features=0xc0400000<MMX+,3DNow!+,3DNow!> real memory = 134217728 (128 MB) avail memory = 126152704 (120 MB) pnpbios: Bad PnP BIOS data checksum wlan: mac acl policy registered K6-family MTRR support enabled (2 registers) ath_hal: 0.9.20.3 (AR5210, AR5211, AR5212, RF5111, RF5112, RF2413, RF5413) cryptosoft0: <software crypto> on motherboard pcib0: <Host to PCI bridge> pcibus 0 on motherboard pci0: <PCI bus> on pcib0 Geode LX: PC Engines ALIX.2 v0.98 tinyBIOS V1.4a (C)1997-2007 glxsb0: <AMD Geode LX Security Block (AES-128-CBC,RNG)> mem 0xefff4000-0xefff7fff irq 9 at device 1.2 on pci0 Output from "openssl speed -engine cryptodev -elapsed -evp aes-128-cbc aes-128-cbc" engine "cryptodev" set. You have chosen to measure elapsed time instead of user CPU time. To get the most accurate results, try to run this program when this computer is idle. Doing aes-128 cbc for 3s on 16 size blocks: 668161 aes-128 cbc's in 3.00s Doing aes-128 cbc for 3s on 64 size blocks: 178842 aes-128 cbc's in 3.00s Doing aes-128 cbc for 3s on 256 size blocks: 45510 aes-128 cbc's in 3.00s Doing aes-128 cbc for 3s on 1024 size blocks: 11435 aes-128 cbc's in 3.00s Doing aes-128 cbc for 3s on 8192 size blocks: 1429 aes-128 cbc's in 3.00s Doing aes-128-cbc for 3s on 16 size blocks: 61055 aes-128-cbc's in 3.00s Doing aes-128-cbc for 3s on 64 size blocks: 59430 aes-128-cbc's in 3.00s Doing aes-128-cbc for 3s on 256 size blocks: 53475 aes-128-cbc's in 3.00s Doing aes-128-cbc for 3s on 1024 size blocks: 37812 aes-128-cbc's in 3.00s Doing aes-128-cbc for 3s on 8192 size blocks: 9323 aes-128-cbc's in 3.00s OpenSSL 0.9.8e 23 Feb 2007 built on: Thu Jun 5 21:15:55 EDT 2008 options:bn(64,32) md2(int) rc4(idx,int) des(ptr,risc1,16,long) aes(partial) blowfish(idx) compiler: cc available timing options: USE_TOD HZ=128 [sysconf value] timing function used: gettimeofday The 'numbers' are in 1000s of bytes per second processed. type 16 bytes 64 bytes 256 bytes 1024 bytes 8192 bytes aes-128 cbc 3563.35k 3815.11k 3883.37k 3901.80k 3900.02k aes-128-cbc 325.65k 1267.73k 4562.72k 12904.84k 25453.89k Thanks for that, hopefully it can/will be committed soon! -Proto
At 11:05 AM 6/22/2008, Patrick Lamaizi?re wrote:>Le Fri, 6 Jun 2008 23:41:35 +0200, >Patrick Lamaizi?re <patfbsd@davenulle.org> a ?crit : > >Hello, > > > I'm trying to port the glxsb driver from OpenBSD to FreeBSD 7-STABLE > > (via the NetBSD port). > > " The glxsb driver supports the security block of the Geode LX > > series processors. The Geode LX is a member of the AMD Geode family > > of integrated x86 system chips.Hi, Thanks for porting this over! I am just trying it now with ipsec on a soekris 5501 Without the module loaded, I can do something simple like # sh s # cat s MEOUTSIDE=64.x.x.x MEINSIDE=192.168.5.0/24 REMOTEOUTSIDE=64.y.y.y REMOTEINSIDE=192.168.1.0/24 IPSECKEY=zxzpprlNH61N11SGfrCa8dxZ setkey -c <<EOF add $MEOUTSIDE $REMOTEOUTSIDE esp 1049 -m any -E rijndael-cbc "$IPSECKEY"; add $REMOTEOUTSIDE $MEOUTSIDE esp 1049 -m any -E rijndael-cbc "$IPSECKEY"; spdadd $MEINSIDE $REMOTEINSIDE any -P out ipsec esp/tunnel/$MEOUTSIDE-$REMOTEOUTSIDE/require; spdadd $REMOTEINSIDE $MEINSIDE any -P in ipsec esp/tunnel/$REMOTEOUTSIDE-$MEOUTSIDE/require; EOF But if I load the glxsb modules, setkey fails on the same policy. # setkey -F # setkey -FP # setkey -DP No SPD entries. # kldload glxsb # dmesg | tail vr0: link state changed to DOWN vr0: link state changed to UP vr0: promiscuous mode enabled vr0: promiscuous mode disabled vr1: promiscuous mode enabled vr1: promiscuous mode disabled vr1: promiscuous mode enabled vr1: promiscuous mode disabled glxsb0: detached glxsb0: <AMD Geode LX Security Block (AES-128-CBC,RNG)> mem 0xa0000000-0xa0003fff irq 10 at device 1.2 on pci0 # sh s The result of line 1: Invalid argument. The result of line 2: Invalid argument. # What is the proper AES encryption to use for IPSEC ? Why is there a difference in syntax ? This is RELENG_7 from a few days ago. If I change the crypto to 3des-cbc, it works, but its not making use of the crypto offload of course. ---Mike