Discussion:
IBM Crypto Accelerator
(too old to reply)
Hugo Monteiro
2006-07-27 14:20:05 UTC
Permalink
Hello,

i've managed to get the crypto hardware device recognized in the VM
machines, and i've read the few information available on mailing lists
regarding it's use. From what i understood, the use of this device by
the webserver apache is pretty straight forward. Happens that i'd like
to use the hw crypt accel in several other services which make use of
ssl connections, such as pop3s, ldap, etc.

I've compiled the ibmca openssl lib which is part of openssl, and i've
read that it's use would be as simple as loading the engine in runtime.

I have then loaded it with the following command

openssl engine dynamic -pre SO_PATH:./libibmca.so -pre ID:ibmca -pre
LOAD
From the output i got that the engine was successfully loaded, but i
have no evidence that is in fact being used. Neither the content
of /proc/driver/z90crypt changed, or the load of the machine lowered, or
i can see libibmca.so listed in lsof.

Can someone point me out some directions for the use of the ibmca
routines in general?

Thanks in advance,

Hugo Monteiro.
--
ci.fct.unl.pt:~# cat .signature

Hugo Monteiro
Email : ***@fct.unl.pt
Telefone : +351 212948300 Ext.15307

Centro de Informática
Faculdade de Ciências e Tecnologia da
Universidade Nova de Lisboa
Quinta da Torre 2829-516 Caparica Portugal
Telefone: +351 212948596 Fax: +351 212948548
www.ci.fct.unl.pt ***@fct.unl.pt

ci.fct.unl.pt:~# _
--
To UNSUBSCRIBE, email to debian-s390-***@lists.debian.org
with a subject of "unsubscribe". Trouble? Contact ***@lists.debian.org
Kyle Smith
2006-07-27 15:20:15 UTC
Permalink
Hugo,

You may want to ask this question on Marist's linux-390 mailing list. There
are numerous people on that list that could probably help you. Another
possible resource is the opencryptoki-users mailing list for users of
OpenCryptoki and libica (www.sf.net/projects/opencryptoki).

The only other starting point I have is that a coworker tells me that SSH on
SLES 9 SP3 uses hardware crypto support somehow so you could investigate
that and see how it's done (probably via OpenSSL and libica).

ks
Post by Hugo Monteiro
Hello,
i've managed to get the crypto hardware device recognized in the VM
machines, and i've read the few information available on mailing lists
regarding it's use. From what i understood, the use of this device by
the webserver apache is pretty straight forward. Happens that i'd like
to use the hw crypt accel in several other services which make use of
ssl connections, such as pop3s, ldap, etc.
I've compiled the ibmca openssl lib which is part of openssl, and i've
read that it's use would be as simple as loading the engine in runtime.
I have then loaded it with the following command
openssl engine dynamic -pre SO_PATH:./libibmca.so -pre ID:ibmca -pre
LOAD
From the output i got that the engine was successfully loaded, but i
have no evidence that is in fact being used. Neither the content
of /proc/driver/z90crypt changed, or the load of the machine lowered, or
i can see libibmca.so listed in lsof.
Can someone point me out some directions for the use of the ibmca
routines in general?
Thanks in advance,
Hugo Monteiro.
--
ci.fct.unl.pt:~# cat .signature
Hugo Monteiro
Telefone : +351 212948300 Ext.15307
Centro de Informática
Faculdade de Ciências e Tecnologia da
Universidade Nova de Lisboa
Quinta da Torre 2829-516 Caparica Portugal
Telefone: +351 212948596 Fax: +351 212948548
ci.fct.unl.pt:~# _
--
with a subject of "unsubscribe". Trouble? Contact
Adam Thornton
2006-07-27 19:50:13 UTC
Permalink
Post by Kyle Smith
The only other starting point I have is that a coworker tells me
that SSH on SLES 9 SP3 uses hardware crypto support somehow so you
could investigate that and see how it's done (probably via OpenSSL
and libica).
That is how it's done. Or at least that's how I did it on SLES 8 a
few years back.

If /proc/driver/z90crypt didn't change, I suspect that the load
didn't really work, because it really should show up there.

Adam
--
To UNSUBSCRIBE, email to debian-s390-***@lists.debian.org
with a subject of "unsubscribe". Trouble? Contact ***@lists.debian.org
Loading...