Re: Cryptography Accelerators

2006-06-09 Thread jared r r spiegel 
On Thu, Jun 08, 2006 at 05:13:40PM -0600, Breen Ouellette wrote:

 Or does it make more sense to shoot for a 
 total solution like the VIA C3?

  the aes is fast:

---
$ dmesg | grep cpu
cpu0: VIA Nehemiah (CentaurHauls 686-class) 1 GHz
cpu0: FPU,V86,DE,PSE,TSC,MSR,APIC,SEP,MTRR,PGE,CMOV,PAT,MMX,FXSR,SSE
cpu0: RNG AES
cpu0 at mainbus0
$ openssl speed -evp aes-256-cbc -elapsed -multi 64 21 | tail -n 1
(null)   36356.44k   144121.60k   376855.43k   567238.49k  1005003.61k
$ openssl speed -evp aes-256-cbc -elapsed 21 | tail -n 1
aes-256-cbc  27868.02k   102439.00k   248141.83k   396093.64k   470116.18k
$ sudo sysctl -w kern.usercrypto=0
kern.usercrypto: 1 - 0
$ openssl speed -evp aes-256-cbc -elapsed -multi 64 21 | tail -n 1
(null)   10532.68k11675.81k12186.78k12510.61k13991.07k
$ openssl speed -evp aes-256-cbc -elapsed 21 | tail -n 1
aes-256-cbc   7581.06k 8303.45k 8697.99k 8667.23k 8803.77k
---

vs 

---
$ dmesg | grep cpu
cpu0: AMD Athlon(tm) MP 2800+ (AuthenticAMD 686-class, 512KB L2 cache) 2.14 
GHz
cpu0: 
FPU,V86,DE,PSE,TSC,MSR,PAE,MCE,CX8,APIC,SEP,MTRR,PGE,MCA,CMOV,PAT,PSE36,MMX,FXSR,SSE
cpu0 at mainbus0: apid 1 (boot processor)
cpu0: apic clock running at 266 MHz
cpu1 at mainbus0: apid 0 (application processor)
cpu1: AMD Athlon(tm) MP 2800+ (AuthenticAMD 686-class, 512KB L2 cache) 2.14 
GHz
cpu1: 
FPU,V86,DE,PSE,TSC,MSR,PAE,MCE,CX8,APIC,SEP,MTRR,PGE,MCA,CMOV,PAT,PSE36,MMX,FXSR,SSE
$ openssl speed -evp aes-256-cbc -elapsed -multi 64 21 | tail -n 1
(null)  104813.32k   139692.08k   142233.86k   149469.42k   257132.02k
$ openssl speed -evp aes-256-cbc -elapsed 21 | tail -n 1
aes-256-cbc  46059.31k53584.04k56047.45k56841.01k56656.38k
---

  to be fair, the athlon also rocks some ass if i put the vpn1401 in
  it, but that's on loan.

-- 

  jared

[ openbsd 3.9-current GENERIC ( may  1 ) // i386 ]

Cryptography Accelerators

2006-06-08 Thread Breen Ouellette 

Hello.

Given the recent post by Theo about the poor state of Hifn cooperation, 
I am curious to know how OpenBSD developers rate the other companies 
producing cryptography accelerators. The Cryptography page 
(http://www.openbsd.org/crypto.html) seems to be somewhat outdated, 
stating 'Hifn was initially a difficult company to deal with 
(threatening to sue us over our non-USA reverse engineering of their 
crypto unlock algorithm), but more recently they have been very helpful 
in providing boards and support'. Since this runs contrary to what Theo 
has said on the subject, I am wondering if the products from Broadcom or 
SafeNet are better supported. Or does it make more sense to shoot for a 
total solution like the VIA C3? Or are there other viable options?


Thanks.

Breeno

Re: Cryptography Accelerators

2006-06-08 Thread Stuart Henderson 
On 2006/06/08 17:13, Breen Ouellette wrote:
 total solution like the VIA C3?

Not sure you can still get C3, Intel revoked VIA's license to use
the bus. Think they worked-around it by combining cpu and chipset into
the same chip for the 'corefusion' stuff and then there's the C7
with a new bus.

 Or are there other viable options?

Faster general-purpose cpu?