Can't use /dev/crypto with cryptosoft driver - BSD

This is a discussion on Can't use /dev/crypto with cryptosoft driver - BSD ; Hi I've been struggling for a long time now trying to use /dev/crypto with the default software implemented driver. * Using FBSD 7, out of the box * Got crypto.ko and cryptodev.ko loaded * Set sysctl kern.cryptodevallowsoft=1 * Always getting ...

+ Reply to Thread
Results 1 to 2 of 2

Thread: Can't use /dev/crypto with cryptosoft driver

  1. Can't use /dev/crypto with cryptosoft driver

    Hi

    I've been struggling for a long time now trying to use /dev/crypto
    with the default software implemented driver.

    * Using FBSD 7, out of the box
    * Got crypto.ko and cryptodev.ko loaded
    * Set sysctl kern.cryptodevallowsoft=1
    * Always getting 'Invalid argument' when doing the CIOCGSESSION
    ioctl; I specify aes-cbc, correct key, 16 byte keylen, zero
    flags...tried many different flags
    * Running /usr/src/tools/tools/crypto/cryptotest also gives 'Invalid
    argument' when doing the CIOCGSESSION ioctl...I also explicity ran it
    with -d cryptosoft.
    * Also tried the OpenSSL cryptodev driver and it fails in the same
    way.

    I looked at the crypto and cryptodev code and the intention of the
    code is not clear to me. It almost looks as if software crypto is not
    allowed, and yet the cryptosoft device code is there and loaded. Will
    now start looking exactly why the code fails but it will take some
    time.

    Does anybody perhaps have any ideas in the mean time?

    g

  2. Re: Can't use /dev/crypto with cryptosoft driver

    gerrie wrote:

    > I've been struggling for a long time now trying to use /dev/crypto
    > with the default software implemented driver.
    >
    > * Using FBSD 7, out of the box
    > * Got crypto.ko and cryptodev.ko loaded
    > * Set sysctl kern.cryptodevallowsoft=1
    > * Always getting 'Invalid argument' when doing the CIOCGSESSION
    > ioctl; I specify aes-cbc, correct key, 16 byte keylen, zero
    > flags...tried many different flags
    > * Running /usr/src/tools/tools/crypto/cryptotest also gives 'Invalid
    > argument' when doing the CIOCGSESSION ioctl...I also explicity ran it
    > with -d cryptosoft.
    > * Also tried the OpenSSL cryptodev driver and it fails in the same
    > way.
    >
    > I looked at the crypto and cryptodev code and the intention of the
    > code is not clear to me. It almost looks as if software crypto is not
    > allowed, and yet the cryptosoft device code is there and loaded. Will
    > now start looking exactly why the code fails but it will take some
    > time.


    cryptodev fails because it checks that the requested crypto driver
    provides hardware crypto. function "checkforsoftware" in cryptodev.c

    And it does not take care about the sysctl kern.cryptodevallowsoft.

    Looks like a bug and not a feature. OpenBSD's cryptodev seems to take
    care about the sysctl and i think you can use the cryptosoft driver with
    it.



+ Reply to Thread