SunSSH with HW crypto support
By janp on Sep 15, 2008
On Friday Sep 12, I integrated 6445288 ssh needs to be OpenSSL engine aware project which will be released together with Nevada 99. The project was targeted at UltraSPARC T2 platform (AKA Niagara 2) because it provides a hardware acceleration of symmetric encryption algorithms that can be used to speed up applications like SSH. Platforms without any hardware acceleration for symmetric ciphers are uneffected. If you have a Niagara 2 and will use the new code, you will see the difference without changing your configuration. It will work out of box.
Many details are in the SunSSH HW crypto support presentation, I just mention that with the new code, the data transfer time on Niagara 2 is reduced to 40% of the previous value for the default AES-128-CTR mode. Before the change:
$ time dd if=/dev/zero bs=1024k count=500 | \\ ssh t5220-sfb-06 'cat >/dev/null' real 0m52.718s user 0m49.720s sys 0m3.165sAnd after I integrated the code into Nevada build 99:
$ time dd if=/dev/zero bs=1024k count=500 | \\ ssh t5220-sfb-06 'cat >/dev/null' real 0m20.839s user 0m11.962s sys 0m6.179sNote that since Niagara 1 has ncp(7d) driver which supports public key algorithms only, you will not see any acceleration there unless you have SCA-6000 crypto accelerator card. SCA-6000 can be used for acceleration on other machines as well, see the presentation for more information. Also, see the presentation on information about possible backport to Solaris 10. In short - there is a plan to do that but we can not promise anything at this point.