Hardware Cryptography cryptodev/openssl On arm5/Debian Wheezy/GoFlex Net October 19, 2014 09:39AM |
Registered: 11 years ago Posts: 168 |
# a couple of benchmarks, records the results and do these after you've installed openssl speed -evp aes-128-cbc openssl speed -evp sha1 # may be some others here like build-essential and make, I forget exactly which ! apt-get install git cd /home mkdir cryptodev cd cryptodev git clone https://github.com/cryptodev-linux/cryptodev-linux cd cryptodev-linux # refer to file INSTALL make make install # If alls well then run this to check alls well make check
echo "cryptodev" >> /etc/modules
# make cryptodev load at boot -> edit /etc/rc.conf MODULES=(cryptodev) # and .... echo 'KERNEL=="crypto", MODE="0666"' > /etc/udev/rules.d/99-cryptodev.rules # and .... echo "cryptodev" > /etc/modules-load.d/cryptodev.conf
cat /proc/modules or lsmod # AND you should have this : ls /dev/crypto
dmesg | grep cryptodev [ 34.832269] cryptodev: driver 1.6 loaded.
ls -l /lib/modules/3.16.0-kirkwood-tld-3/extra total 48 -rw-r--r-- 1 root root 46752 Oct 18 09:06 cryptodev.ko
openssl engine cryptodev (cryptodev) cryptodev engine
cd /home mkdir openssl cd openssl # this will get openssl-1.0.1e # you need to have the deb-src lines in your /etc/apt/sources.list apt-get source openssl cd openssl-1.0.1e # YOU NEED TO NOW PUT MY eng_cryptodev in the ./crypto/engine/ folder # YOU WILL ALSO NEED TO EDIT ./debian/rules , and edit the CONFARGS variable like so : vi ./debian/rules CONFARGS = --prefix=/usr --openssldir=/usr/lib/ssl --libdir=lib/$(DEB_HOST_MULTIARCH) no-idea no-mdc2 no-rc5 shared threads zlib enable-tlsext no-ssl2 # I'm not sure if editting the CONFARGS is 100% neccessary, but I couldn't find out what "shared threads" means # and ArchLinux suggest that it's needed. So I figured it is needed. # Build/Compile/Package DEB_CFLAGS_APPEND='-DHAVE_CRYPTODEV -DUSE_CRYPTODEV_DIGESTS -DHASH_MAX_LEN=64' dpkg-buildpackage -b -us # if all goes well the parent directory will contain deb packages to install cd .. # Not sure if all these steps are neccessary, you might just need openssl, but be on safe side dpkg -i libssl1.0.0_1.0.1e-2+deb7u13_armel.deb dpkg -i libssl-doc_1.0.1e-2+deb7u13_all.deb dpkg -i libssl1.0.0-dbg_1.0.1e-2+deb7u13_armel.deb dpkg -i libssl-dev_1.0.1e-2+deb7u13_armel.deb dpkg -i openssl_1.0.1e-2+deb7u13_armel.deb # With any luck, and some prayers, try this : openssl engine cryptodev #And you should see this : (cryptodev) cryptodev engine # If all's well then you can run the tests you did at the begining to verify cryptodev actually using hardware openssl speed -evp aes-128-cbc openssl speed -evp sha1
Re: Hardware Cryptography cryptodev/openssl On arm5/Debian Wheezy/GoFlex Net October 19, 2014 12:01PM |
Registered: 13 years ago Posts: 264 |
Doing aes-128-cbc for 3s on 256 size blocks: 110394 aes-128-cbc's in 1.67sto mean that openssl iterated AES-128-cbc 110394 time while using 1.67 actual seconds of CPU. (What else is going on on your machine which would be competing with openssl for that CPU? When I run this on my Pogo E2 I get
Doing aes-128-cbc for 3s on 256 size blocks: 196065 aes-128-cbc's in 2.95sor nearly 100% CPU utilization as compared to your 55% utilization.)
Re: Hardware Cryptography cryptodev/openssl On arm5/Debian Wheezy/GoFlex Net October 19, 2014 01:40PM |
Registered: 11 years ago Posts: 168 |
Re: Hardware Cryptography cryptodev/openssl On arm5/Debian Wheezy/GoFlex Net October 19, 2014 03:41PM |
Registered: 13 years ago Posts: 264 |
Re: Hardware Cryptography cryptodev/openssl On arm5/Debian Wheezy/GoFlex Net October 19, 2014 04:03PM |
Admin Registered: 13 years ago Posts: 18,856 |
Re: Hardware Cryptography cryptodev/openssl On arm5/Debian Wheezy/GoFlex Net October 20, 2014 04:18AM |
Registered: 11 years ago Posts: 168 |
Re: Hardware Cryptography cryptodev/openssl On arm5/Debian Wheezy/GoFlex Net October 20, 2014 05:46AM |
Registered: 11 years ago Posts: 168 |
Re: Hardware Cryptography cryptodev/openssl On arm5/Debian Wheezy/GoFlex Net October 20, 2014 10:32AM |
Registered: 11 years ago Posts: 168 |
Quote
Nikos
It also requires the following patches to
openssl:
http://rt.openssl.org/Ticket/Display.html?id=2770&user=guest&pass=guest
Otherwise it may cause some random corruption on your SSL/TLS
connections. If these patches works for you, I'd suggest to bug the
openssl folks to include them.
Re: Hardware Cryptography cryptodev/openssl On arm5/Debian Wheezy/GoFlex Net October 20, 2014 01:21PM |
Registered: 10 years ago Posts: 162 |
Re: Hardware Cryptography cryptodev/openssl On arm5/Debian Wheezy/GoFlex Net October 20, 2014 01:56PM |
Registered: 11 years ago Posts: 168 |
ls /lib/modules/3.12.0-kirkwood-tld-3/build
# ls -l /lib/modules/3.16.0-kirkwood-tld-3/build lrwxrwxrwx 1 root root 44 Sep 27 17:08 /lib/modules/3.16.0-kirkwood-tld-3/build -> /usr/src/linux-headers-3.16.0-kirkwood-tld-3
Re: Hardware Cryptography cryptodev/openssl On arm5/Debian Wheezy/GoFlex Net October 20, 2014 02:05PM |
Registered: 11 years ago Posts: 168 |
/lib/modules/3.3.2-kirkwood-dg/kernel
Re: Hardware Cryptography cryptodev/openssl On arm5/Debian Wheezy/GoFlex Net October 20, 2014 02:09PM |
Registered: 10 years ago Posts: 162 |
Re: Hardware Cryptography cryptodev/openssl On arm5/Debian Wheezy/GoFlex Net October 20, 2014 02:17PM |
Registered: 11 years ago Posts: 168 |
Re: Hardware Cryptography cryptodev/openssl On arm5/Debian Wheezy/GoFlex Net October 20, 2014 02:18PM |
Registered: 10 years ago Posts: 162 |
Re: Hardware Cryptography cryptodev/openssl On arm5/Debian Wheezy/GoFlex Net October 20, 2014 02:36PM |
Registered: 11 years ago Posts: 168 |
Re: Hardware Cryptography cryptodev/openssl On arm5/Debian Wheezy/GoFlex Net October 20, 2014 02:41PM |
Registered: 10 years ago Posts: 162 |
make[1]: Entering directory `/usr/src/linux-headers-3.12.0-kirkwood-tld-3' CC [M] /tmp/1/cryptodev-linux/ioctl.o In file included from /usr/src/linux-headers-3.12.0-kirkwood-tld-3/arch/arm/include/asm/hardirq.h:6:0, from include/linux/preempt_mask.h:5, from include/linux/hardirq.h:4, from include/linux/highmem.h:9, from /tmp/1/cryptodev-linux/ioctl.c:39: /usr/src/linux-headers-3.12.0-kirkwood-tld-3/arch/arm/include/asm/irq.h:7:23: fatal error: mach/irqs.h: No such file or directory compilation terminated. make[2]: *** [/tmp/1/cryptodev-linux/ioctl.o] Error 1 make[1]: *** [_module_/tmp/1/cryptodev-linux] Error 2 make[1]: Leaving directory `/usr/src/linux-headers-3.12.0-kirkwood-tld-3' make: *** [build] Error 2 root@debian:/tmp/1/cryptodev-linux#
Re: Hardware Cryptography cryptodev/openssl On arm5/Debian Wheezy/GoFlex Net October 20, 2014 02:51PM |
Registered: 11 years ago Posts: 168 |
# openssl engine crytodev 3070035152:error:25066067:DSO support routines:DLFCN_LOAD:could not load the sha red library:dso_dlfcn.c:185:filename(/usr/lib/arm-linux-gnueabi/openssl-1.0.0/en gines/libcrytodev.so): /usr/lib/arm-linux-gnueabi/openssl-1.0.0/engines/libcryto dev.so: cannot open shared object file: No such file or directory 3070035152:error:25070067:DSO support routines:DSO_load:could not load the share d library:dso_lib.c:244: 3070035152:error:260B6084:engine routines:DYNAMIC_LOAD:dso not found:eng_dyn.c:4 50: 3070035152:error:2606A074:engine routines:ENGINE_by_id:no such engine:eng_list.c :417:id=crytodev
Re: Hardware Cryptography cryptodev/openssl On arm5/Debian Wheezy/GoFlex Net October 20, 2014 02:56PM |
Registered: 10 years ago Posts: 162 |
Re: Hardware Cryptography cryptodev/openssl On arm5/Debian Wheezy/GoFlex Net October 20, 2014 04:42PM |
Registered: 11 years ago Posts: 168 |
Re: Hardware Cryptography cryptodev/openssl On arm5/Debian Wheezy/GoFlex Net October 20, 2014 04:46PM |
Admin Registered: 13 years ago Posts: 18,856 |
Re: Hardware Cryptography cryptodev/openssl On arm5/Debian Wheezy/GoFlex Net October 20, 2014 04:48PM |
Registered: 10 years ago Posts: 162 |
Re: Hardware Cryptography cryptodev/openssl On arm5/Debian Wheezy/GoFlex Net October 20, 2014 05:16PM |
Registered: 10 years ago Posts: 162 |
Re: Hardware Cryptography cryptodev/openssl On arm5/Debian Wheezy/GoFlex Net October 20, 2014 07:27PM |
Registered: 11 years ago Posts: 168 |
grep -r "stack-protector" *
Makefile:CFLAG= -fPIC -DOPENSSL_PIC -DZLIB -DOPENSSL_THREADS -D_REENTRANT -DDSO_ DLFCN -DHAVE_DLFCN_H -DL_ENDIAN -DTERMIO -g -O2 -fstack-protector --param=ssp-bu ffer-size=4 -Wformat -Werror=format-security -DHAVE_CRYPTODEV -DUSE_CRYPTODEV_DI GESTS -DHASH_MAX_LEN=64 -D_FORTIFY_SOURCE=2 -Wl,-z,relro -Wa,--noexecstack -Wall -DOPENSSL_BN_ASM_MONT -DOPENSSL_BN_ASM_GF2m -DSHA1_ASM -DSHA256_ASM -DSHA512_AS M -DAES_ASM -DGHASH_ASM
# openssl version -a OpenSSL 1.0.1e 11 Feb 2013 built on: Sun Oct 19 15:13:41 ICT 2014 platform: debian-armel options: bn(64,32) rc4(ptr,char) des(idx,cisc,16,long) blowfish(ptr) compiler: gcc -fPIC -DOPENSSL_PIC -DZLIB -DOPENSSL_THREADS -D_REENTRANT -DDSO_DL FCN -DHAVE_DLFCN_H -DL_ENDIAN -DTERMIO -g -O2 -fstack-protector --param=ssp-buff er-size=4 -Wformat -Werror=format-security -DHAVE_CRYPTODEV -DUSE_CRYPTODEV_DIGE STS -DHASH_MAX_LEN=64 -D_FORTIFY_SOURCE=2 -Wl,-z,relro -Wa,--noexecstack -Wall - DOPENSSL_BN_ASM_MONT -DOPENSSL_BN_ASM_GF2m -DSHA1_ASM -DSHA256_ASM -DSHA512_ASM -DAES_ASM -DGHASH_ASM OPENSSLDIR: "/usr/lib/ssl"
apt-cache show gcc #bla bla bla Version: 4:4.6.3-8 #bla bla bla
Re: Hardware Cryptography cryptodev/openssl On arm5/Debian Wheezy/GoFlex Net October 20, 2014 08:08PM |
Registered: 10 years ago Posts: 162 |
Re: Hardware Cryptography cryptodev/openssl On arm5/Debian Wheezy/GoFlex Net October 21, 2014 09:34AM |
Registered: 11 years ago Posts: 168 |
#!/bin/bash openssl speed -evp md4 2>&1 | tail -2 openssl speed -evp md5 -engine cryptodev 2>&1 | tail -1 openssl speed -evp sha1 -engine cryptodev 2>&1 | tail -1 openssl speed -evp sha1 -engine cryptodev 2>&1 | tail -1 openssl speed -evp sha256 -engine cryptodev 2>&1 | tail -1 openssl speed -evp sha512 -engine cryptodev 2>&1 | tail -1 openssl speed -evp seed-cbc -engine cryptodev 2>&1 | tail -1 openssl speed -evp rc2-cbc -engine cryptodev 2>&1 | tail -1 openssl speed -evp bf-cbc -engine cryptodev 2>&1 | tail -1 openssl speed -evp des-cbc -engine cryptodev 2>&1 | tail -1 openssl speed -evp des-ede3 -engine cryptodev 2>&1 | tail -1 openssl speed -evp aes-128-cbc -engine cryptodev 2>&1 | tail -1 openssl speed -evp aes-192-cbc -engine cryptodev 2>&1 | tail -1 openssl speed -evp aes-256-cbc -engine cryptodev 2>&1 | tail -1 openssl speed -evp camellia-128-cbc -engine cryptodev 2>&1 | tail -1 openssl speed -evp camellia-192-cbc -engine cryptodev 2>&1 | tail -1 openssl speed -evp camellia-256-cbc -engine cryptodev 2>&1 | tail -1 openssl speed -evp rc4 -engine cryptodev 2>&1 | tail -1 openssl speed -evp cast -engine cryptodev 2>&1 | tail -1
chmod 0755 test_cryptodev.sh # and useful too : ./test_cryptodev.sh | tee test_cryptodev.log
Re: Hardware Cryptography cryptodev/openssl On arm5/Debian Wheezy/GoFlex Net October 21, 2014 03:17PM |
Registered: 10 years ago Posts: 162 |
Re: Hardware Cryptography cryptodev/openssl On arm5/Debian Wheezy/GoFlex Net October 21, 2014 05:30PM |
Registered: 11 years ago Posts: 168 |
openssl engine Almaz
Re: Hardware Cryptography cryptodev/openssl On arm5/Debian Wheezy/GoFlex Net October 21, 2014 06:39PM |
Registered: 13 years ago Posts: 264 |
Re: Hardware Cryptography cryptodev/openssl On arm5/Debian Wheezy/GoFlex Net October 22, 2014 12:33AM |
Registered: 10 years ago Posts: 162 |
type 16 bytes 64 bytes 256 bytes 1024 bytes 8192 bytes md4 1888.78k 7023.04k 24279.93k 60463.70k 107171.84k md5 702.17k 3094.53k 12916.87k 54358.65k 513966.08k sha1 760.67k 3536.64k 12044.80k 47183.64k 416823.85k sha1 791.39k 2820.64k 10835.59k 53232.00k 386048.00k sha256 645.60k 3009.89k 12674.69k 52314.58k 350208.00k sha512 553.42k 2697.08k 12141.99k 39128.18k 383931.73k seed-cbc 9169.27k 11454.44k 12279.62k 12528.20k 12677.12k rc2-cbc 8774.90k 9905.71k 10241.41k 10584.73k 10302.06k bf-cbc 17436.57k 37553.45k 156690.29k 269858.13k 1339118.93k des-cbc 17393.48k 40492.80k 161518.08k 781312.00k infk des-ede3 3031.62k 3153.57k 3174.14k 3179.95k 3177.17k aes-128-cbc 23825.20k 33785.60k 135773.87k 464047.54k 2881536.00k aes-192-cbc 47808.00k 46655.20k 205405.87k 651161.60k 2813542.40k aes-256-cbc 11898.60k 92960.00k 112291.84k 397964.80k 1822446.93k camellia-128-cbc 10215.05k 12979.09k 13904.53k 14197.62k 14212.43k camellia-192-cbc 8537.04k 10361.64k 10956.28k 11122.38k 11153.30k camellia-256-cbc 8554.34k 10342.14k 10978.41k 11138.69k 11139.46k rc4 32509.28k 46819.94k 52510.03k 54268.54k 54622.59k cast5-cbc 13678.16k 16339.92k 17249.82k 17436.81k 17665.38k
type 16 bytes 64 bytes 256 bytes 1024 bytes 8192 bytes md4 5202.66k 18155.21k 51247.27k 93648.28k 123130.78k md5 4807.57k 16208.84k 42361.82k 71206.62k 87673.84k sha1 3696.67k 11038.03k 24585.68k 35641.10k 41082.31k sha1 3689.18k 11037.00k 24628.94k 35554.05k 40979.50k sha256 3081.80k 8605.30k 18079.76k 24776.96k 27724.19k sha512 1209.35k 4836.46k 7730.68k 10948.98k 12555.49k seed-cbc 9796.35k 12241.75k 13022.24k 13295.69k 13345.67k rc2-cbc 8990.13k 10172.57k 10531.32k 10630.79k 10624.69k bf-cbc 14460.52k 17821.00k 18956.49k 19345.53k 19284.64k des-cbc 7661.51k 8764.82k 9145.64k 9217.77k 9248.04k des-ede3 3031.85k 3134.21k 3172.75k 3163.95k 3174.05k aes-128-cbc 12081.12k 15684.09k 16972.80k 17311.48k 17460.42k aes-192-cbc 10924.88k 13629.04k 14663.40k 14859.11k 15044.76k aes-256-cbc 9858.65k 12076.43k 12884.31k 13040.69k 13121.18k camellia-128-cbc 10465.21k 13259.40k 14326.60k 14583.93k 14670.62k camellia-192-cbc 8715.39k 10605.02k 11240.76k 11434.44k 11421.43k camellia-256-cbc 8700.24k 10597.89k 11290.39k 11401.23k 11493.96k rc4 42813.40k 59951.86k 66336.42k 68387.96k 68933.02k cast5-cbc 14482.54k 18073.60k 19210.54k 19591.14k 19610.81k
Re: Hardware Cryptography cryptodev/openssl On arm5/Debian Wheezy/GoFlex Net October 22, 2014 05:17AM |
Registered: 11 years ago Posts: 168 |