Page MenuHomeFreeBSD

Add a driver for the Chelsio T6 crypto accelerator engine.
ClosedPublic

Authored by jhb on May 17 2017, 12:23 AM.
Tags
None
Referenced Files
Unknown Object (File)
Fri, Nov 22, 7:08 PM
Unknown Object (File)
Thu, Nov 21, 6:29 AM
Unknown Object (File)
Oct 26 2024, 9:39 PM
Unknown Object (File)
Oct 26 2024, 11:04 AM
Unknown Object (File)
Oct 26 2024, 10:44 AM
Unknown Object (File)
Oct 20 2024, 11:02 AM
Unknown Object (File)
Sep 30 2024, 11:40 PM
Unknown Object (File)
Sep 30 2024, 6:35 PM
Subscribers

Details

Summary

The ccr(4) driver supports use of the crypto accelerator engine on
Chelsio T6 NICs in "lookaside" mode via the opencrypto framework.

Currently, the driver supports AES-CBC, AES-CTR, AES-GCM, and AES-XTS
cipher algorithms as well as the SHA1-HMAC, SHA2-256-HMAC, SHA2-384-HMAC,
and SHA2-512-HMAC authentication algorithms. The driver also supports
chaining one of AES-CBC, AES-CTR, or AES-XTS with an authentication
algorithm for encrypt-then-authenticate operations.

Note that this driver is still under active development and testing and
may not yet be ready for production use. It does pass the tests in
tests/sys/opencrypto with the exception that the AES-GCM implementation
in the driver does not yet support requests with a zero byte payload.

To use this driver currently, the "uwire" configuration must be used
along with explicitly enabling support for lookaside crypto capabilities
in the cxgbe(4) driver. These can be done by setting the following
tunables before loading the cxgbe(4) driver:

hw.cxgbe.config_file=uwire
hw.cxgbe.cryptocaps_allowed=-1
Test Plan
  • tinderbox build is still running
  • tests/sys/opencrypto tests pass with exception of zero-byte GCM
  • cryptocheck tests also pass
  • have tested IPSec end-to-end tests using all but AES-XTS
  • have performed some initial testing of geli with AES-XTS

Diff Detail

Repository
rS FreeBSD src repository - subversion
Lint
Lint Not Applicable
Unit
Tests Not Applicable