Jivin Palacios, Hector lays it down ...
> Greetings,
>
> I have a Netsilicon CPU (NS9215) which contains an AES accelerator which I
> want to use with OpenSSL. I have a Linux driver for this hardware AES module
> which uses the kernel 2.6.26 CryptoAPI.
> This driver basically registers the cbc(aes) and ecb(aes) ciphers.
>
> / # cat /proc/crypto
> name : cbc(aes)
> driver : ns921x-aes
> module : kernel
> priority : 0
> refcnt : 1
> type : ablkcipher
> async : yes
> blocksize : 16
> min keysize : 16
> max keysize : 32
> ivsize : 0
> geniv : <default>
>
> name : ecb(aes)
> driver : ns921x-aes
> module : kernel
> priority : 400
> refcnt : 1
> type : ablkcipher
> async : yes
> blocksize : 16
> min keysize : 16
> max keysize : 32
> ivsize : 0
> geniv : <default>
>
>
> I would like to have OpenSSL use this driver to accelerate encryption when
> using these ciphers.
> Looking in the Internet I found the OCF project
> (http://ocf-linux.sourceforge.net/) which is supposed to do the link between
> the kernel CryptoAPI and OpenSSL by means of an engine called 'cryptodev'
> which makes use of device node /dev/crypto.
> I'm using openssl-0.9.8g and have integrated the OCF patches for the 2.6.26
> version and for OpenSSL 0.9.8g (similarly as done in
> http://www.docunext.com/wiki/My_Notes_on_Patching_2.6.22_with_OCF). It builds
> ok and I obtain several modules: ocf.ko, cryptodev.ko cryptosoft.ko.
>
> By executing the OpenSSL commands with option '-engine cryptodev', OpenSSL
> seems to be using this engine. However, just with that my specific driver
> functions are not being called. For example I have tried with:
> # openssl speed -engine cryptodev -evp aes128
> and with
> # time openssl enc aes128 -engine cryptodev -in testfile -out /dev/null -k
> test
> I would appreciate any hint of how to tell OpenSSL or OCF to use my driver
> functions.
Have you loaded the cryptosoft driver ? It is needed to talk to the
cryptoAPI in the kernel.
modprobe ocf
modprobe cryptosoft
modprobe cryptodev
You can check that cryptosoft is being used by loading it with the debug
parameter, or enabling debug later with:
echo 1 > /sys/module/cryptosoft/parameters/swcr_debug
Check your syslog (or console output) for driver messages from cryptosoft
which will confirm it is being used when you run openssl.
Probably best to move this discussion to the ocf-linux mailing list, not
sure it belongs on the openssl list ;-)
http://lists.sourceforge.net/mailman/listinfo/ocf-linux-users
Cheers,
Davidm
--
David McCullough, david_mccullo...@securecomputing.com, Ph:+61 734352815
Secure Computing - SnapGear http://www.uCdot.org http://www.snapgear.com
______________________________________________________________________
OpenSSL Project http://www.openssl.org
Development Mailing List openssl-dev@openssl.org
Automated List Manager majord...@openssl.org
