[cgl_discussion] Hardware support for IPSec
Makan Pourzandi (LMC)
Makan.Pourzandi at ericsson.ca
Thu Feb 6 09:04:52 PST 2003
Hi Randy,
I was talking about crypto card support, not sw support. The crypto API doc which you refer to is in the security document as a reference from the first draft. Actually, I was refering to the following email posted to linux kernel mailing list, 15 Dec 2002:
[RFC] Hardware support notes for the kernel crypto API (2.5+)
http://www.uwsg.indiana.edu/hypermail/linux/kernel/0212.1/1507.html
http://www.kerneli.org/pipermail/cryptoapi-devel/2002-December/000333.html
from the email:
"The focus at the moment is on gathering the requirements for generic
hardware crypto devices, which can be used to assist kernel components
(e.g. IPsec, CIFS), and userspace applications (e.g. SSL, IKE). Some work
has begun on obtaining documentation from vendors and developing clean GPL
drivers."
regarding your comments about ipsec hardware support in 2.5.x, I have not yet used the crypto in 2.5.x but from what I've seen from 2.5.52 source code, the crypto implementation for now seems to be purely software. IMO, the support comes when you have api usable by crypto-api or else to write drivers for cards supporting ipsec.
Regards,
Makan
> -----Original Message-----
> From: Randy.Dunlap [mailto:rddunlap at osdl.org]
> Sent: Wednesday, February 05, 2003 6:27 PM
> To: Makan Pourzandi (LMC)
> Cc: Cgl_Discussion (E-mail)
> Subject: Re: [cgl_discussion] Hardware support for IPSec
>
>
> On Wed, 5 Feb 2003, Makan Pourzandi (LMC) wrote:
>
> | Hi,
> |
> | Useful info regarding hardware support for IPSec:
> |
> | http://samba.org/~jamesm/crypto/hardware_notes.txt
> |
> | the above link comments on the crypto hardware support,
> even if I didn't check all cards, many of the cards mentioned
> in the doc support ipsec.
> |
> | In the doc, there is no mention of intel cards. Is it
> possible for Intel people to find out if there is any support
> for hardware crypto/ipsec support from Intel?
> |
> | Any info or comments regarding a standard API for crypto
> card support? Is there somebody who knows what happened to a
> standard hardware crypto API proposed I believe by James Morris?
>
> You noticed that the URL you quoted contains ~jamesm == James Morris?
>
> The crypto API has been added to 2.5.x.
> See recent Documentation/crypto/api-intro.txt for more into.
>
> --
> ~Randy
>
> | Makan
> |
> | from the document:
> |
> |
> | Hardware documentation status:
> |
> | HiFn
> | Documentation for Hifn cards available via download at
> their web site.
> |
> | IBM
> | Can provide driver source for the card, and some
> general documentation is
> | available at http://www.ibm.com/security/cryptocards/
> | Software development toolkit is export controlled
> (contact IBM for more
> | info).
> |
> | Motorola
> | http://e-www.motorola.com/brdata/PDFDB/docs/MPC190UM.pdf
> | http://e-www.motorola.com/brdata/PDFDB/docs/MPC184UM.pdf
> |
> | Intel
> | Crypto documentation for NICs unavailable.
> |
> | 3COM
> | Crypto documentation for NICs unavailable.
> |
> | Broadcom
> | In disucssion.
> |
> | AEP/Baltimore
> | Limited documentation available, can study the existing
> driver code.
> |
> | Corrent
> | Unknown (not contacted yet).
> |
> | Eracom
> | Contacted some time ago, documentation had to be
> purchased (expensive).
> | Not sure if this has changed.
> |
> | Safenet
> | Unknown (not contacted yet).
> |
> |
> | GPL Driver status:
> |
> | HiFn 7751
> | James Morris (in progress).
> |
> | HiFn 7951
> | David Bryson (in progress).
> | Also see http://sourceforge.net/projects/hifn7951/
> |
> | HiFn 7901
> | See http://sources.colubris.com/en/projects/FreeSWAN/
> |
> | Motorola MPC190, MPC184
> | Steve (in progress).
> |
> | IBM 4758
> | Available from IBM on request.
> |
> | AEP paep
> | A dual licensed GPL/BSD driver available with some
> kernels (Red Hat 7.2+).
> |
> | BCM5820
> | GPL driver available with some kernels (Red Hat).
> |
> | Summary:
> | I don't think we have enough documentation yet, notably
> none for NICs
> | with crypto hardware.
>
More information about the cgl_discussion
mailing list