Pierre-Philipp Braun <pbr...@nethence.com> writes: > Of course, the only symmetric cipher that can compete with hardware > accelerated AES in terms of throughput is Chacha20 and we don't have > it in setkey. It's there in the OpenSSH code, though, it's even > builtin without OpenSSL.
I'm not clear on if Chacha20 is specified for IPsec. > I am not clear however on how to test crypto hardware acceleration on > netbsd. I could try the `openssl speed` feature but the first thing I > would be looking for is whether my CPU has the AES-NI, AVX and AVX2 > flags available. Is there a way to do that on NetBSD? Then how to > check of /dev/crypto is leveraged at various places in userland? See the cpuctl man page. NetBSD has support for various crypto offload devices. Aside from AES-NI instrucions, my impression is that offload devices are mostly useful for public-key operations. Run "openssl engine" and read any associated man pages. See crypto(4) and opencrypto(9).
