Closed
Bug 479744
Opened 16 years ago
Closed 1 year ago
RFE : VIA Padlock ACE support (hardware RNG, AES, SHA1 and SHA256)
Categories
(NSS :: Libraries, enhancement, P5)
Tracking
(Not tracked)
RESOLVED
WONTFIX
People
(Reporter: basic, Unassigned)
References
()
Details
VIA Padlock ACE support. VIA CPUs are found on many netbooks nowadays. This could give a boost to SSL/TLS on those platforms.
note: openssl has support for padlock ACE. see: http://cvs.openssl.org/fileview?f=openssl/engines/e_padlock.c&v=1.6
|
||
Comment 1•16 years ago
|
||
The model used by NSS for over 10 years now is that ALL crypto hardware is
supported through the industry-standard PKCS#11 API. It's up to each HW
vendor to supply a PKCS#11 software module for their hardware. When they
do that, their hardware will work with NSS without any change to NSS.
The development of PKCS#11 modules for any specific vendor's hardware is
outside of the scope of NSS. It is the hardware vendor's responsibility.
Please check with the VIA people to see if they have a PKCS#11 software
module, and if not, suggest to them that they develop one. NSS offers
open source code for a PKCS#11 "framework", a bare bones PKCS#11 module,
with which they could start, and add their own source code to directly
support their own hardware.
|
||
Comment 2•16 years ago
|
||
This RFE could be asking for treatment similar to bug 459248,
in which NSS supports Intel AES instructions directly in
lib/freebl, bypassing the PKCS #11 API.
Status: UNCONFIRMED → NEW
Ever confirmed: true
hi,has someone already been fixed the bug?
(In reply to Nelson Bolyard (seldom reads bugmail) from comment #1)
> The model used by NSS for over 10 years now is that ALL crypto hardware is
> supported through the industry-standard PKCS#11 API. It's up to each HW
> vendor to supply a PKCS#11 software module for their hardware. When they
> do that, their hardware will work with NSS without any change to NSS.
>
> The development of PKCS#11 modules for any specific vendor's hardware is
> outside of the scope of NSS. It is the hardware vendor's responsibility.
>
> Please check with the VIA people to see if they have a PKCS#11 software
> module, and if not, suggest to them that they develop one. NSS offers
> open source code for a PKCS#11 "framework", a bare bones PKCS#11 module,
> with which they could start, and add their own source code to directly
> support their own hardware.
hi,has someone already been fixed the bug?
recently, i want add Hardware AES cipher to NSS module,But, always make some mistakes!I am a green hand, Could you give me some suggestion。
(In reply to basic from comment #0)
> VIA Padlock ACE support. VIA CPUs are found on many netbooks nowadays. This
> could give a boost to SSL/TLS on those platforms.
>
> note: openssl has support for padlock ACE. see:
> http://cvs.openssl.org/fileview?f=openssl/engines/e_padlock.c&v=1.6
hi,has someone already been fixed the bug?
recently, i want add Hardware AES cipher to NSS module,But, always make some mistakes
(In reply to 404103360 from comment #5)
> hi,has someone already been fixed the bug?
> recently, i want add Via Padlock Hardware AES cipher to NSS module,But, always make some
> mistakes
在 2014年1月10日星期五UTC+8上午11时04分21秒,njut...@gmail.com写道:
> hi,has someone already been fixed the bug?
>
> recently, I want add Via Padlock Hardware AES cipher to NSS module,But, always make some mistakes
In Nss project, I use clipher to test aes_cbc -E aes_cbc -D
the following is the print log
Software AES clipher log:
input is : 0x30, 0x31, 0x32, 0x33, 0x34, 0x35, 0x36, 0x37, 0x38, 0x39, 0x61, 0x62, 0x63, 0x64, 0x65, 0x66,
output is : 0xa0, 0x92, 0xe0, 0x3b, 0x36, 0x75, 0x1a, 0x25, 0xad, 0xdc, 0x31, 0xa8, 0xda, 0xc3, 0xca, 0x68,
input is : 0x30, 0x31, 0x32, 0x33, 0x34, 0x35, 0x36, 0x37, 0x38, 0x39, 0x61, 0x62, 0x63, 0x64, 0x65, 0x66,
output is : 0xe9, 0xf2, 0x1a, 0xe4, 0x73, 0xe6, 0xc6, 0x70, 0x98, 0x3c, 0xa7, 0xe1, 0xdb, 0xc0, 0xa9, 0xdf,
Encryption self-test for aes_cbc passed.
cipher.sh: #1: AES CBC Encrypt - PASSED
input is : 0xa0, 0x92, 0xe0, 0x3b, 0x36, 0x75, 0x1a, 0x25, 0xad, 0xdc, 0x31, 0xa8, 0xda, 0xc3, 0xca, 0x68,
output is : 0x30, 0x31, 0x32, 0x33, 0x34, 0x35, 0x36, 0x37, 0x38, 0x39, 0x61, 0x62, 0x63, 0x64, 0x65, 0x66,
$$$$$$$$$$$$$AES_Decrypt$$$$$$$$$$$$$$$$
input is : 0xe9, 0xf2, 0x1a, 0xe4, 0x73, 0xe6, 0xc6, 0x70, 0x98, 0x3c, 0xa7, 0xe1, 0xdb, 0xc0, 0xa9, 0xdf,
output is : 0x30, 0x31, 0x32, 0x33, 0x34, 0x35, 0x36, 0x37, 0x38, 0x39, 0x61, 0x62, 0x63, 0x64, 0x65, 0x66,
Decryption self-test for aes_cbc passed.
cipher.sh: #1: AES CBC Decrypt - PASSED
VIA Hardware Aes clipher log:
#########encrypt is : 1##########
#####via padlock ace is available liuwei#####
mode is :1
key is :0x66, 0x65, 0x64, 0x63, 0x62, 0x61, 0x39, 0x38, 0x37, 0x36, 0x35, 0x34, 0x33, 0x32, 0x31, 0x30,
iv is : 0x71, 0x77, 0x65, 0x72, 0x74, 0x79, 0x75, 0x69, 0x6f, 0x70, 0x61, 0x73, 0x64, 0x66, 0x67, 0x68, 0x66, 0x65, 0x64, 0x63, 0x62, 0x61, 0x39, 0x38, 0x37, 0x36, 0x35, 0x34, 0x33, 0x32, 0x31, 0x30,
#######aes_via_InitContext() Success#####
Via Encrypt in the via_aes_encrypt inlen: 16 blocksize : 16
input is : 0x30, 0x31, 0x32, 0x33, 0x34, 0x35, 0x36, 0x37, 0x38, 0x39, 0x61, 0x62, 0x63, 0x64, 0x65, 0x66,
output is : 0xa0, 0x92, 0xe0, 0x3b, 0x36, 0x75, 0x1a, 0x25, 0xad, 0xdc, 0x31, 0xa8, 0xda, 0xc3, 0xca, 0x68,
Via Encrypt in the via_aes_encrypt inlen: 16 blocksize : 16
input is : 0x30, 0x31, 0x32, 0x33, 0x34, 0x35, 0x36, 0x37, 0x38, 0x39, 0x61, 0x62, 0x63, 0x64, 0x65, 0x66,
output is : 0xe9, 0xf2, 0x1a, 0xe4, 0x73, 0xe6, 0xc6, 0x70, 0x98, 0x3c, 0xa7, 0xe1, 0xdb, 0xc0, 0xa9, 0xdf,
via_AES_DestroyContext liuwei
Encryption self-test for aes_cbc passed.
cipher.sh: #1: AES CBC Encrypt - PASSED
#########encrypt is : 0##########
#####via padlock ace is available liuwei#####
mode is :1
key is :0x66, 0x65, 0x64, 0x63, 0x62, 0x61, 0x39, 0x38, 0x37, 0x36, 0x35, 0x34, 0x33, 0x32, 0x31, 0x30,
iv is : 0x71, 0x77, 0x65, 0x72, 0x74, 0x79, 0x75, 0x69, 0x6f, 0x70, 0x61, 0x73, 0x64, 0x66, 0x67, 0x68, 0x66, 0x65, 0x64, 0x63, 0x62, 0x61, 0x39, 0x38, 0x37, 0x36, 0x35, 0x34, 0x33, 0x32, 0x31, 0x30,
#######aes_via_InitContext() Success#####
$$$$$$$$$$$$$AES_Decrypt$$$$$$$$$$$$$$$$
Via Decrypt in the via_aes_decrypt inlen: 16 blocksize : 16
input is : 0xa0, 0x92, 0xe0, 0x3b, 0x36, 0x75, 0x1a, 0x25, 0xad, 0xdc, 0x31, 0xa8, 0xda, 0xc3, 0xca, 0x68,
output is : 0x30, 0x31, 0x32, 0x33, 0x34, 0x35, 0x36, 0x37, 0x38, 0x39, 0x61, 0x62, 0x63, 0x64, 0x65, 0x66,
$$$$$$$$$$$$$AES_Decrypt$$$$$$$$$$$$$$$$
Via Decrypt in the via_aes_decrypt inlen: 16 blocksize : 16
input is : 0xe9, 0xf2, 0x1a, 0xe4, 0x73, 0xe6, 0xc6, 0x70, 0x98, 0x3c, 0xa7, 0xe1, 0xdb, 0xc0, 0xa9, 0xdf,
output is : 0x30, 0x31, 0x32, 0x33, 0x34, 0x35, 0x36, 0x37, 0x38, 0x39, 0x61, 0x62, 0x63, 0x64, 0x65, 0x66,
via_AES_DestroyContext liuwei
Decryption self-test for aes_cbc passed.
cipher.sh: #1: AES CBC Decrypt - PASSED
the software crypt data and VIA Hardware crypt data are the same
But when i excute the NSS module in Firefox , The always make a mistake the Brower is broken.
|
||
Updated•2 years ago
|
Severity: normal → S3
|
||
Updated•1 year ago
|
Severity: S3 → N/A
Status: NEW → RESOLVED
Closed: 1 year ago
Priority: -- → P5
Resolution: --- → WONTFIX
You need to log in
before you can comment on or make changes to this bug.
Description
•