Project

General

Profile

Actions

Feature #14291

closed

Support for cryptographic acceleration using the Multi-Buffer Crypto for IPsec Library (IPsec-MB, IIMB)

Added by Jim Pingle over 1 year ago. Updated about 1 year ago.

Status:
Closed
Priority:
Normal
Category:
Cryptographic Modules
Target version:
Start date:
Due date:
% Done:

100%

Estimated time:
Release Notes:
Default

Description

The kernel module for the Intel® Multi-Buffer Crypto for IPsec Library (a.k.a. IPsec-MB or IIMB) has been added in the FreeBSD source for Plus, and GUI/backend code has been added to enable it. Documentation is ready and staged for 23.05 as well.

IPsec-MB is not limited to accelerating IPsec, despite the name. It leverages CPU SIMD instructions to accelerate anything using kernel crypto functions for AES-GCM-128, AES-GCM-256, AES-CBC-128, AES-CBC-256, SHA1, SHA2, and ChaCha20/Poly1305. This includes IPsec, WireGuard, OpenVPN DCO and more.

This issue is for tracking purposes and to make a release notes entry, more details are on NG 10281.


Files

Actions #1

Updated by Jim Pingle over 1 year ago

  • Category changed from Operating System to Cryptographic Modules
Actions #2

Updated by Jonathan Lee about 1 year ago

Old post however I wanted to bring more attention to CryptoID loss of ping-auth when fresh firmware is installed.

AES-GCM,ChaCha20-Poly1305,AES-ICM,AES-XTS,SHA1,SHA256,SHA384,SHA512

SG-2100 has issues with 23.09.01 the command ping-auth is removed.

"The CryptoID is shown as expected if the /etc/thoth/thothid is populated. That file is populated by ping-auth which no longer exists which is why fresh installs show the error but upgrades do not." (Steve Wheeler)

https://redmine.pfsense.org/issues/15103

https://redmine.netgate.com/issues/12636

Actions #3

Updated by Jim Pingle about 1 year ago

crypto id/ping-auth has nothing to do with cryptographic acceleration, it's not relevant to this issue in any way.

Actions

Also available in: Atom PDF