Open Bug 479744 Opened 14 years ago Updated 9 years ago

RFE : VIA Padlock ACE support (hardware RNG, AES, SHA1 and SHA256)

Categories

(NSS :: Libraries, enhancement)

Product:
NSS
Component:
Libraries
Platform:
x86
All
Type:
enhancement
Priority:
Not set
Severity:
normal

Tracking

(Not tracked)

People

(Reporter: basic, Unassigned)

References

(
URL
)

Details

VIA Padlock ACE support. VIA CPUs are found on many netbooks nowadays. This could give a boost to SSL/TLS on those platforms.

note: openssl has support for padlock ACE. see: http://cvs.openssl.org/fileview?f=openssl/engines/e_padlock.c&v=1.6
The model used by NSS for over 10 years now is that ALL crypto hardware is
supported through the industry-standard PKCS#11 API.  It's up to each HW 
vendor to supply a PKCS#11 software module for their hardware.  When they 
do that, their hardware will work with NSS without any change to NSS. 

The development of PKCS#11 modules for any specific vendor's hardware is 
outside of the scope of NSS.  It is the hardware vendor's responsibility.  

Please check with the VIA people to see if they have a PKCS#11 software 
module, and if not, suggest to them that they develop one.  NSS offers 
open source code for a PKCS#11 "framework", a bare bones PKCS#11 module,
with which they could start, and add their own source code to directly 
support their own hardware.
This RFE could be asking for treatment similar to bug 459248,
in which NSS supports Intel AES instructions directly in
lib/freebl, bypassing the PKCS #11 API.
Status: UNCONFIRMED → NEW
Ever confirmed: true
hi,has someone already  been fixed the bug?

(In reply to Nelson Bolyard (seldom reads bugmail) from comment #1)
> The model used by NSS for over 10 years now is that ALL crypto hardware is
> supported through the industry-standard PKCS#11 API.  It's up to each HW 
> vendor to supply a PKCS#11 software module for their hardware.  When they 
> do that, their hardware will work with NSS without any change to NSS. 
> 
> The development of PKCS#11 modules for any specific vendor's hardware is 
> outside of the scope of NSS.  It is the hardware vendor's responsibility.  
> 
> Please check with the VIA people to see if they have a PKCS#11 software 
> module, and if not, suggest to them that they develop one.  NSS offers 
> open source code for a PKCS#11 "framework", a bare bones PKCS#11 module,
> with which they could start, and add their own source code to directly 
> support their own hardware.
hi,has someone already  been fixed the bug?
recently, i want add Hardware AES cipher to NSS module,But, always make some mistakes!I am a green hand, Could you give me some suggestion。

(In reply to basic from comment #0)
> VIA Padlock ACE support. VIA CPUs are found on many netbooks nowadays. This
> could give a boost to SSL/TLS on those platforms.
> 
> note: openssl has support for padlock ACE. see:
> http://cvs.openssl.org/fileview?f=openssl/engines/e_padlock.c&v=1.6
hi,has someone already  been fixed the bug?
recently, i want add Hardware AES cipher to NSS module,But, always make some mistakes
(In reply to 404103360 from comment #5)
> hi,has someone already  been fixed the bug?
> recently, i want add Via Padlock Hardware AES cipher to NSS module,But, always make some
> mistakes
在 2014年1月10日星期五UTC+8上午11时04分21秒,njut...@gmail.com写道> hi,has someone already  been fixed the bug?
> 
> recently, I want add Via Padlock Hardware AES cipher to NSS module,But, always make some mistakes

In Nss project, I use clipher to test aes_cbc -E aes_cbc -D
the following is the print log

Software AES clipher log:

input is : 0x30, 0x31, 0x32, 0x33, 0x34, 0x35, 0x36, 0x37, 0x38, 0x39, 0x61, 0x62, 0x63, 0x64, 0x65, 0x66, 
output is : 0xa0, 0x92, 0xe0, 0x3b, 0x36, 0x75, 0x1a, 0x25, 0xad, 0xdc, 0x31, 0xa8, 0xda, 0xc3, 0xca, 0x68, 
input is : 0x30, 0x31, 0x32, 0x33, 0x34, 0x35, 0x36, 0x37, 0x38, 0x39, 0x61, 0x62, 0x63, 0x64, 0x65, 0x66, 
output is : 0xe9, 0xf2, 0x1a, 0xe4, 0x73, 0xe6, 0xc6, 0x70, 0x98, 0x3c, 0xa7, 0xe1, 0xdb, 0xc0, 0xa9, 0xdf, 
Encryption self-test for aes_cbc passed.
cipher.sh: #1: AES CBC Encrypt  - PASSED



input is : 0xa0, 0x92, 0xe0, 0x3b, 0x36, 0x75, 0x1a, 0x25, 0xad, 0xdc, 0x31, 0xa8, 0xda, 0xc3, 0xca, 0x68, 
output is : 0x30, 0x31, 0x32, 0x33, 0x34, 0x35, 0x36, 0x37, 0x38, 0x39, 0x61, 0x62, 0x63, 0x64, 0x65, 0x66, 
$$$$$$$$$$$$$AES_Decrypt$$$$$$$$$$$$$$$$
input is : 0xe9, 0xf2, 0x1a, 0xe4, 0x73, 0xe6, 0xc6, 0x70, 0x98, 0x3c, 0xa7, 0xe1, 0xdb, 0xc0, 0xa9, 0xdf, 
output is : 0x30, 0x31, 0x32, 0x33, 0x34, 0x35, 0x36, 0x37, 0x38, 0x39, 0x61, 0x62, 0x63, 0x64, 0x65, 0x66, 
Decryption self-test for aes_cbc passed.
cipher.sh: #1: AES CBC Decrypt  - PASSED



VIA Hardware Aes clipher log:


#########encrypt is : 1##########
#####via padlock ace is available  liuwei#####
mode is :1
key is :0x66, 0x65, 0x64, 0x63, 0x62, 0x61, 0x39, 0x38, 0x37, 0x36, 0x35, 0x34, 0x33, 0x32, 0x31, 0x30, 
iv is : 0x71, 0x77, 0x65, 0x72, 0x74, 0x79, 0x75, 0x69, 0x6f, 0x70, 0x61, 0x73, 0x64, 0x66, 0x67, 0x68, 0x66, 0x65, 0x64, 0x63, 0x62, 0x61, 0x39, 0x38, 0x37, 0x36, 0x35, 0x34, 0x33, 0x32, 0x31, 0x30, 
#######aes_via_InitContext() Success#####
Via Encrypt in the via_aes_encrypt  inlen: 16    blocksize : 16
input is : 0x30, 0x31, 0x32, 0x33, 0x34, 0x35, 0x36, 0x37, 0x38, 0x39, 0x61, 0x62, 0x63, 0x64, 0x65, 0x66, 
output is : 0xa0, 0x92, 0xe0, 0x3b, 0x36, 0x75, 0x1a, 0x25, 0xad, 0xdc, 0x31, 0xa8, 0xda, 0xc3, 0xca, 0x68, 
Via Encrypt in the via_aes_encrypt  inlen: 16    blocksize : 16
input is : 0x30, 0x31, 0x32, 0x33, 0x34, 0x35, 0x36, 0x37, 0x38, 0x39, 0x61, 0x62, 0x63, 0x64, 0x65, 0x66, 
output is : 0xe9, 0xf2, 0x1a, 0xe4, 0x73, 0xe6, 0xc6, 0x70, 0x98, 0x3c, 0xa7, 0xe1, 0xdb, 0xc0, 0xa9, 0xdf, 
via_AES_DestroyContext liuwei
Encryption self-test for aes_cbc passed.
cipher.sh: #1: AES CBC Encrypt  - PASSED





#########encrypt is : 0##########
#####via padlock ace is available  liuwei#####
mode is :1
key is :0x66, 0x65, 0x64, 0x63, 0x62, 0x61, 0x39, 0x38, 0x37, 0x36, 0x35, 0x34, 0x33, 0x32, 0x31, 0x30, 
iv is : 0x71, 0x77, 0x65, 0x72, 0x74, 0x79, 0x75, 0x69, 0x6f, 0x70, 0x61, 0x73, 0x64, 0x66, 0x67, 0x68, 0x66, 0x65, 0x64, 0x63, 0x62, 0x61, 0x39, 0x38, 0x37, 0x36, 0x35, 0x34, 0x33, 0x32, 0x31, 0x30, 
#######aes_via_InitContext() Success#####
$$$$$$$$$$$$$AES_Decrypt$$$$$$$$$$$$$$$$
Via Decrypt in the via_aes_decrypt inlen: 16    blocksize : 16
input is : 0xa0, 0x92, 0xe0, 0x3b, 0x36, 0x75, 0x1a, 0x25, 0xad, 0xdc, 0x31, 0xa8, 0xda, 0xc3, 0xca, 0x68, 
output is : 0x30, 0x31, 0x32, 0x33, 0x34, 0x35, 0x36, 0x37, 0x38, 0x39, 0x61, 0x62, 0x63, 0x64, 0x65, 0x66, 
$$$$$$$$$$$$$AES_Decrypt$$$$$$$$$$$$$$$$
Via Decrypt in the via_aes_decrypt inlen: 16    blocksize : 16
input is : 0xe9, 0xf2, 0x1a, 0xe4, 0x73, 0xe6, 0xc6, 0x70, 0x98, 0x3c, 0xa7, 0xe1, 0xdb, 0xc0, 0xa9, 0xdf, 
output is : 0x30, 0x31, 0x32, 0x33, 0x34, 0x35, 0x36, 0x37, 0x38, 0x39, 0x61, 0x62, 0x63, 0x64, 0x65, 0x66, 
via_AES_DestroyContext liuwei
Decryption self-test for aes_cbc passed.
cipher.sh: #1: AES CBC Decrypt  - PASSED


the software crypt data and VIA Hardware crypt data are the same


But when i excute the NSS module in Firefox , The always make a mistake the Brower is broken.
You need to log in before you can comment on or make changes to this bug.