Hardware Cryptography cryptodev/openssl On arm5/Debian Wheezy/GoFlex Net

I ran another test and it looks much better without hardware hashing support. You get the best performance out of your cpu and hardware encryption. Here are my results

openssl speed -evp md4 -elapsed 2>&1 | tail -2
openssl speed -evp md5 -engine cryptodev -elapsed  2>&1 | tail -1
openssl speed -evp sha  -engine cryptodev -elapsed 2>&1 | tail -1
openssl speed -evp sha1 -engine cryptodev -elapsed 2>&1 | tail -1
openssl speed -evp sha256 -engine cryptodev -elapsed 2>&1 | tail -1
openssl speed -evp sha512 -engine cryptodev -elapsed 2>&1 | tail -1
openssl speed -evp seed-cbc -engine cryptodev -elapsed 2>&1 | tail -1
openssl speed -evp rc2-cbc -engine cryptodev -elapsed 2>&1 | tail -1
openssl speed -evp bf-cbc -engine cryptodev -elapsed 2>&1 | tail -1
openssl speed -evp des-cbc -engine cryptodev -elapsed 2>&1 | tail -1
openssl speed -evp des-ede3 -engine cryptodev -elapsed 2>&1 | tail -1
openssl speed -evp aes-128-cbc -engine cryptodev -elapsed 2>&1 | tail -1
openssl speed -evp aes-192-cbc -engine cryptodev -elapsed 2>&1 | tail -1
openssl speed -evp aes-256-cbc -engine cryptodev -elapsed 2>&1 | tail -1

Software

type             16 bytes     64 bytes    256 bytes   1024 bytes   8192 bytes
md4               4687.75k    16979.54k    47831.55k    89257.64k   117858.30k
md5               4390.96k    15246.83k    40418.90k    68383.40k    86196.22k
sha               3184.15k     9946.73k    22927.62k    34451.11k    39537.32k
sha1              3660.91k    10940.99k    24468.99k    35066.88k    40487.59k
sha256            2861.02k     8331.03k    17467.65k    24374.61k    27295.74k
sha512            1177.14k     4709.65k     7574.36k    10788.52k    12356.27k
seed-cbc          9318.57k    11685.21k    12496.21k    12711.94k    12771.33k
rc2-cbc           8858.23k    10091.61k    10420.39k    10542.08k    10540.37k
bf-cbc           14214.04k    17590.81k    18851.41k    19054.25k    19237.55k
des-cbc           7452.25k     8695.27k     9013.16k     9161.05k     9128.62k
des-ede3          3006.30k     3092.52k     3138.65k     3127.98k     3145.73k
aes-128-cbc      11681.94k    15434.52k    16682.50k    17152.34k    17154.05k
aes-192-cbc      10564.55k    13374.25k    14460.93k    14653.44k    14808.41k
aes-256-cbc       9540.99k    11920.94k    12633.86k    12920.49k    12899.67k

Hardware encryption with hashing

type             16 bytes     64 bytes    256 bytes   1024 bytes   8192 bytes
md4               1903.62k     7254.46k    24534.70k    61964.29k   109524.31k
md5                249.94k      984.11k     3806.98k    13445.80k    49444.18k
sha               1459.43k     5056.60k    14757.03k    28397.91k    38780.93k
sha1               235.87k      923.63k     3436.54k    10942.81k    29040.64k
sha256             217.11k      853.03k     3063.21k     8526.51k    17776.64k
sha512             183.10k      737.13k     2084.27k     4512.09k     6709.25k
seed-cbc          9336.94k    11653.57k    12533.67k    12677.80k    12806.83k
rc2-cbc           8845.15k    10102.78k    10406.66k    10561.19k    10523.99k
bf-cbc             771.97k     2649.79k     6843.31k    11201.88k    13415.77k
des-cbc            759.29k     2444.25k     5402.88k     7826.09k     8729.94k
des-ede3          3006.80k     3092.57k     3139.50k     3126.95k     3145.73k
aes-128-cbc        321.53k     1256.45k     4222.89k    11138.39k    19292.16k
aes-192-cbc        322.18k     1260.05k     4204.20k    11042.82k    18969.94k
aes-256-cbc        319.79k     1252.14k     3749.80k    10877.95k    18404.69k

Hardware encryption without hashing support

type             16 bytes     64 bytes    256 bytes   1024 bytes   8192 bytes
md4               5021.59k    17826.18k    49067.01k    90718.55k   118235.14k
md5               4713.27k    15732.82k    41317.46k    68965.72k    86379.18k
sha               3432.53k    10362.94k    23534.17k    34742.95k    39701.16k
sha1              3697.88k    10951.72k    24367.70k    35169.96k    40353.79k
sha256            3063.94k     8491.90k    17772.54k    24374.95k    27443.20k
sha512            1188.88k     4776.15k     7563.26k    10842.45k    12309.85k
seed-cbc          9336.42k    11648.64k    12531.97k    12677.80k    12804.10k
rc2-cbc           8836.70k    10105.58k    10405.38k    10561.54k    10523.99k
bf-cbc             772.83k     2639.83k     6838.61k    11209.73k    13413.03k
des-cbc            757.69k     2439.32k     5398.10k     7826.43k     8727.21k
des-ede3          2998.01k     3082.07k     3126.27k     3113.98k     3132.07k
aes-128-cbc        321.65k     1260.91k     4180.65k    11113.47k    19286.70k
aes-192-cbc        321.16k     1259.33k     4147.97k    11022.68k    18852.52k
aes-256-cbc        319.56k     1255.08k     3740.59k    10874.54k    18432.00k

Edited 1 time(s). Last edit at 10/22/2014 08:52AM by Almaz.

@Almaz - Not exactly following what you mean with dropping the hashing flag ? My understanding was that the DIGESTs flag was to persuade openssl to actually use cryptodev for encryption :D

@ALL ... I've put together some rough test results. I can't get my non-cryptodev machine non-loaded on CPU because I have a long running process I'm not going to pause/stop. From what I understand from restamp, doesn't actually matter because openssl is working on throughput rates for these numbers and they'll be extrapolated in one direction or another another depending on the number of tests run. So what counts is how fast the CPU or hardware cryptography engine processed it.

cryptodev from what I understand has a setup cost, which is why we see some lower throughput for smaller byte sizes. However larger byte sizes, are (often) several orders of magnitude faster than CPU only :D

Where the numbers are roughly the same I'm assuming openssl is using a CPU routine on both tests. The anomaly is rc4, which has a cryptodev EVP definition for ... I guess digging in the code might explain this.

Not entirely sure what "infk" means, but assuming it's a bigger number than the speed test wants to show ... probably extremely fast, maybe more the 10GB/s, but don't know what the limit is that openssl speedwise can display ... again digging in the code might explain this.

Lastly it's possible to add addtional ciphers at compile time, but presumably Debian thought about which ones were needed and have included what 99.9% of openssl users will need. I don't know enough about the hardware engine, but at a guess I'd say it's possible to incorporate additional ciphers to use it. All of this is beyond my purposes though ...

With engine set to cryptodev EVP :

type             16 bytes     64 bytes    256 bytes   1024 bytes   8192 bytes
md4               1974.01k     7473.53k    25347.85k    63358.20k   111770.11k
md5                963.96k     3059.27k    13363.20k    56407.77k   429766.78k
sha1              1018.12k     3281.20k    12674.47k    56231.97k   457070.48k
sha256             759.27k     3609.95k    13385.51k    56758.54k   449126.40k
sha512             874.12k     3163.25k    14664.63k    47308.80k   291050.06k
sha512             874.12k     2915.28k    13955.90k    47308.80k   255692.80k
seed-cbc          9447.04k    11863.63k    12674.48k    12945.35k    12964.73k
rc2-cbc           8995.98k    10231.40k    10555.31k    10678.71k    10715.36k
bf-cbc           10608.65k    89370.31k   137946.45k  3408998.40k         infk
des-cbc          20963.93k    81814.04k   410764.80k  1192345.60k         infk
des-ede3          3046.93k     3150.30k     3164.93k     3182.28k     3180.91k
aes-128-cbc      19504.00k    95302.40k   158867.20k   421337.60k  2934374.40k
aes-192-cbc      24471.20k    71013.12k   140839.82k  1115374.93k  5693440.00k
aes-256-cbc      13946.74k    54555.43k   230394.88k   549717.33k  2747187.20k
camellia-128-cbc    10210.91k    12978.32k    13925.89k    14182.23k    14213.12k
camellia-192-cbc     8522.68k    10364.96k    10959.63k    11093.67k    11170.16k
camellia-256-cbc     8551.78k    10369.78k    10959.20k    11156.10k    11124.74k
rc4              32187.86k    46647.72k    52507.48k    54061.59k    54732.97k
cast5-cbc        13636.76k    16334.08k    17241.47k    17479.58k    17610.07k

On openssl not compiled to use cryptodev, and no cryptodev-linux installed, using exactly the same shell script :

type             16 bytes     64 bytes    256 bytes   1024 bytes   8192 bytes
md4               4691.72k    16600.91k    46934.30k    89977.02k   118431.21k
md5               4549.27k    15141.94k    40299.97k    69228.65k    87146.99k
sha1              3719.51k    11310.95k    24654.00k    35324.48k    40890.98k
sha256            2907.65k     8359.95k    17646.07k    24553.20k    27835.06k
sha512            1189.79k     4691.80k     7664.49k    10965.21k    12360.55k
seed-cbc          9423.57k    11851.83k    12619.29k    12780.51k    12936.66k
rc2-cbc           8602.97k    10045.40k    10554.54k    10651.09k    10664.07k
bf-cbc           14317.07k    17928.68k    19126.90k    19446.28k    19535.01k
des-cbc           7598.11k     8814.18k     9189.72k     9371.58k     9253.03k
des-ede3          3031.52k     3147.62k     3157.33k     3169.87k     3199.35k
aes-128-cbc      11900.42k    15726.33k    17126.02k    17330.82k    17388.57k
aes-192-cbc      10786.92k    13599.36k    14511.12k    14817.51k    15016.52k
aes-256-cbc       9797.74k    12161.10k    13004.04k    13173.17k    13191.94k
camellia-128-cbc    10242.31k    12999.55k    13995.75k    14134.25k    14405.27k
camellia-192-cbc     8624.15k    10230.30k    10959.64k    11197.27k    11143.49k
camellia-256-cbc     8485.17k    10406.64k    10884.12k    11060.81k    11129.82k
rc4              32486.44k    47344.91k    52127.76k    54090.49k    54294.06k
cast5-cbc        13693.77k    16524.56k    17185.95k    17497.99k    18370.03k

As I say these are pretty "rough" tests, I don't have the time to setup both machines with same kernel and remove any other processes that might load the CPU or tilt the results. If you want to then feel free, and FEEL FREE TO DO SO prior to making any conclusions, assumptions etc relating to the above numbers. DO YOUR OWN DUE DILIGENCE as I said right at the beginning of the original post.

My intention here is to show what's possible with hardware cryptography, not provide a fully tested, rock-solid, bullet proof solution ... again you're welcome to put the hours in yourself, if you want to improve on what I've shared here, I'd be delighted actually ... getting this further tested and integrated into mainline Debian/openssl builds would potentially benefit anyone who's got a hardware cryptography co-processor that uses cryptodev-linux :D

Lastly, I recently read a blurb on the Seagate Business Storage 2 which has an arm processor, and is being talked about being Debian'ised on this forum. One of the major selling points was "Hardware Government Grade Encryption" eg :

Quote
Seagate
Always-on data security

2-Bay NAS delivers government-grade hardware encryption technology that helps protect your all-important data where it lives: on the hard drive

ref: http://www.seagate.com/external-hard-drives/network-storage/business/business-storage-2-bay-nas/#features

... so it makes me wonder if the likes of Texas Instruments and Seagate (and many others I'm sure) can use this facility, then surely we should be able to take advantage of it too ...

Tested on :

GoFlexNet1 crytodev Wheezy 3.16 bodhi kernel CPU not knowingly loaded, ie not much else running on the box.
GoFlexNet2 without cryptodev Wheezy 3.3 davygravy kernel CPU under load as part of a long running process which I won't/can't stop. So might be slightly less than what would be achieved no-load, but honestly I think the difference would be marginal.

To do :

Test switching off the 64 bit hash limit compiler argument, and see what affect that has on the performance.

Cheers

DC

Don Charisma ... because anything is possible with Charisma

My blog - http://DonCharisma.org
Our commercial site - http://DonCharisma.com

Digests flag is only for hashing and nothing else. Hashing is slow and I don't think it's a good idea to use with our CPU. By not enabling DUSE_CRYPTODEV_DIGESTS flag, we are disabling hardware encryption for md4, md5 and all sha. It might be for some others as well. Also I don't like hardware hashing that much because it can only processed files lower than ram file. If you try openssl dgst md5 file500mb then it'll kill the process. For now using hardware AES is much better than nothing.

For the test, it's probably better to use -elapsed option because your test only shows user info. By using -elapsed will include user and kernel time to process data.

You can easily find what ciphers are available using openssl ciphers -v Also you can find out what is processed by hardware or software cat /proc/crypto

I don't think if I'll be doing a lot more tests with it because it just works fine for me.



Edited 1 time(s). Last edit at 10/23/2014 04:25AM by Almaz.

Thanks for the clarification, makes sense now :) ... AES I believe Seagate are using for disk encryption ...

And yes, same, that's the extent of my testing for now ...

Cheers

DC

Don Charisma ... because anything is possible with Charisma

My blog - http://DonCharisma.org
Our commercial site - http://DonCharisma.com

Hi Team,

I am working on testng Openvpn performance with and without cryptodev engine.

Without cryptodev engine i am getting performance 80 Mbps but when i am inserting cryptodev driver my performance is dcreasing to 17 Mbps.

I tried to disable DUSE_CRYPTODEV_DIGESTS flag in the openssl source code,after this fix with cryptodev performance increased to 50 Mbps from earlier (17 Mbps) but still it is less then without cryptodev case.

Can you please give me some inputs regarding this.What is the cause here and if i can apply some patch to the openssl source to increase performance with cryptodev case.

I am using below versions of the source.

OpenSSL 1.0.1g 7 Apr 2014

Openvpn --version

OpenVPN 2.1.3 arm-fsl-linux-gnueabi [SSL] [LZO2] [EPOLL] built on Jul 29 2015
Originally developed by James Yonan
Copyright (C) 2002-2010 OpenVPN Technologies, Inc. <sales@openvpn.net>

Cryptodev 1.6 version

Thanks for the help.

Regards

Rahul Arora

Hi Team,

I am working on testng Openvpn performance with and without cryptodev engine.

Without cryptodev engine i am getting performance 80 Mbps but when i am inserting cryptodev driver my performance is dcreasing to 17 Mbps.

I tried to disable DUSE_CRYPTODEV_DIGESTS flag in the openssl source code,after this fix with cryptodev performance increased to 50 Mbps from earlier (17 Mbps) but still it is less then without cryptodev case.

Can you please give me some inputs regarding this.What is the cause here and if i can apply some patch to the openssl source to increase performance with cryptodev case.

I am using below versions of the source.

OpenSSL 1.0.1g 7 Apr 2014

Openvpn --version

OpenVPN 2.1.3 arm-fsl-linux-gnueabi [SSL] [LZO2] [EPOLL] built on Jul 29 2015
Originally developed by James Yonan
Copyright (C) 2002-2010 OpenVPN Technologies, Inc. <sales@openvpn.net>

Cryptodev 1.6 version

Thanks for the help.

Regards

Rahul Arora

FYI,

There is a new Marvell CESA driver and it will be available in kernel 4.2. This should be interesting to investigate.

Quote

restamp

> There are several instances where I think the
> crypto engine might be viable. One would be if
> someone were to use it to implement an encrypting
> file system (or generic disk) driver (or LVM?). I
> believe if the engine was strictly accessed from
> within the kernel, and the engine were dedicated
> strictly to this one use, you could likely get
> disk encryption thrown in for little or no
> processor overhead. Implementing such a driver
> (or module) would take more effort than I'd care
> to expend, though.

>

Quote

restamp

What I meant was that only several of the modes that the Crypto Engine and Security Accelerator handles are considered viable today. For instance, AES and 3DES are still considered usable ciphers, but DES is considered too weak today to be of any practical value. And other ciphers that are not certified but find wide use in greater Internet, like blowfish, are not included at all. Furthermore, there is a similar gamut of viability in the methods of employing the good ciphers; for instance CBC mode is generally considered good, some of the others the CESA implements, such as ECB, not as good by today's standards.

We should try to verify the above.

-bodhi
===========================
Forum Wiki
bodhi's corner (buy bodhi a beer)



Edited 1 time(s). Last edit at 09/03/2015 03:47PM by bodhi.

These are modules running on my test 4.2 kernel

lsmod

Module                  Size  Used by
bnep                   11479  2 
bluetooth             388630  5 bnep
rfkill                 15823  2 bluetooth
autofs4                28801  2 
twofish_generic         6730  0 
twofish_common         13130  1 twofish_generic
camellia_generic       19626  0 
serpent_generic        20979  0 
blowfish_generic        3617  0 
blowfish_common         6549  1 blowfish_generic
cast5_generic          11152  0 
cast_common             4753  1 cast5_generic
cmac                    2497  0 
xcbc                    2311  0 
rmd160                  7456  0 
sha512_generic          8372  0 
af_key                 31752  0 
xfrm_algo               4621  1 af_key
ipv6                  312359  64 
fuse                   75892  1 
evdev                   9408  1 
orion_wdt               6105  0 
marvell_cesa           24785  0 
des_generic            16866  1 marvell_cesa
mv_cesa                11324  0 
gpio_keys               7609  0 
uio_pdrv_genirq         2946  0 
uio                     7174  1 uio_pdrv_genirq
netconsole              8725  0 
configfs               22667  2 netconsole
sg                     21297  0 
sd_mod                 28586  2 
uas                    12100  0 
sata_mv                24936  0 
usb_storage            42754  2 uas
libata                164323  1 sata_mv
mvsdio                  9205  0 
mmc_core              101717  1 mvsdio
scsi_mod              173509  5 sg,uas,usb_storage,libata,sd_mod

-bodhi
===========================
Forum Wiki
bodhi's corner (buy bodhi a beer)

Quoting Free Electrons

Quote

Support for Marvell EBU ARM processors:

A completely new driver for the CESA cryptographic engine was contributed by Boris Brezillon. This driver aims at replacing the old mv_cesa drivers, by supporting the newer features of the cryptographic engine available in recent Marvell EBU SoCs (DMA, new ciphers, etc.). The driver is backward compatible with the older processors, so it will be a full replacement for mv_cesa.

New algorithms: SHA256, DES and 3DES

So check out this new driver in new kernel 4.2 soon to released in the kernel thread!

-bodhi
===========================
Forum Wiki
bodhi's corner (buy bodhi a beer)



Edited 1 time(s). Last edit at 09/03/2015 06:53PM by bodhi.

Hi,

I`ve managed to get marvell_cesa and cryptodev to work on an Zyxell-NSA325 (Kirkwood 1.6Ghz).

Here are my results:

Linux nas3 4.2.0-kirkwood-tld-1 #1 PREEMPT Mon Aug 31 23:12:00 PDT 2015 armv5tel GNU/Linux
I`ve used DTS from some Arch guy.
Important step is to blacklist mv_cesa and load marvell_cesa with the additional parameter allhwsupport=1.


Roughly stated: AES-CBC performance has doubled compared to old mv_cesa.

Benchmarks in next post.

Without marvell_cesa (software)

root@nas3:~# openssl speed -evp aes-128-cbc -elapsed
You have chosen to measure elapsed time instead of user CPU time.
Doing aes-128-cbc for 3s on 16 size blocks: 3258768 aes-128-cbc's in 3.00s
Doing aes-128-cbc for 3s on 64 size blocks: 1013101 aes-128-cbc's in 3.00s
Doing aes-128-cbc for 3s on 256 size blocks: 269788 aes-128-cbc's in 3.00s
Doing aes-128-cbc for 3s on 1024 size blocks: 68561 aes-128-cbc's in 3.00s
Doing aes-128-cbc for 3s on 8192 size blocks: 8608 aes-128-cbc's in 3.00s
OpenSSL 1.0.2d 9 Jul 2015
built on: reproducible build, date unspecified
options:bn(64,32) rc4(ptr,char) des(idx,cisc,16,long) aes(partial) blowfish(ptr)
compiler: gcc -I. -I.. -I../include -fPIC -DOPENSSL_PIC -DOPENSSL_THREADS -D_REENTRANT -DDSO_DLFCN -DHAVE_DLFCN_H -DHAVE_CRYPTODEV -DL_ENDIAN -g -O2 -fstack-protector-strong -Wformat -Werror=format-security -D_FORTIFY_SOURCE=2 -Wl,-z,relro -Wa,--noexecstack -Wall -DOPENSSL_BN_ASM_MONT -DOPENSSL_BN_ASM_GF2m -DSHA1_ASM -DSHA256_ASM -DSHA512_ASM -DAES_ASM -DBSAES_ASM -DGHASH_ASM
The 'numbers' are in 1000s of bytes per second processed.
type 16 bytes 64 bytes 256 bytes 1024 bytes 8192 bytes
aes-128-cbc 17380.10k 21612.82k 23021.91k 23402.15k 23505.58k


Using marvell_cesa (hardware accelerated)
root@nas3:~# openssl speed -evp aes-128-cbc -elapsed
You have chosen to measure elapsed time instead of user CPU time.
Doing aes-128-cbc for 3s on 16 size blocks: 72078 aes-128-cbc's in 3.00s
Doing aes-128-cbc for 3s on 64 size blocks: 68990 aes-128-cbc's in 3.00s
Doing aes-128-cbc for 3s on 256 size blocks: 68632 aes-128-cbc's in 3.00s
Doing aes-128-cbc for 3s on 1024 size blocks: 50137 aes-128-cbc's in 3.00s
Doing aes-128-cbc for 3s on 8192 size blocks: 14980 aes-128-cbc's in 3.00s
OpenSSL 1.0.2d 9 Jul 2015
built on: reproducible build, date unspecified
options:bn(64,32) rc4(ptr,char) des(idx,cisc,16,long) aes(partial) blowfish(ptr)
compiler: gcc -I. -I.. -I../include -fPIC -DOPENSSL_PIC -DOPENSSL_THREADS -D_REENTRANT -DDSO_DLFCN -DHAVE_DLFCN_H -DHAVE_CRYPTODEV -DL_ENDIAN -g -O2 -fstack-protector-strong -Wformat -Werror=format-security -D_FORTIFY_SOURCE=2 -Wl,-z,relro -Wa,--noexecstack -Wall -DOPENSSL_BN_ASM_MONT -DOPENSSL_BN_ASM_GF2m -DSHA1_ASM -DSHA256_ASM -DSHA512_ASM -DAES_ASM -DBSAES_ASM -DGHASH_ASM
The 'numbers' are in 1000s of bytes per second processed.
type 16 bytes 64 bytes 256 bytes 1024 bytes 8192 bytes
aes-128-cbc 384.42k 1471.79k 5856.60k 17113.43k 40905.39k


Benchmark using cryptsetup:
root@nas3:~# cryptsetup benchmark
# Tests are approximate using memory only (no storage IO).
PBKDF2-sha1 79921 iterations per second
PBKDF2-sha256 63015 iterations per second
PBKDF2-sha512 7532 iterations per second
PBKDF2-ripemd160 71234 iterations per second
PBKDF2-whirlpool 6387 iterations per second
# Algorithm | Key | Encryption | Decryption
aes-cbc 128b 42.7 MiB/s 43.9 MiB/s
serpent-cbc 128b 14.7 MiB/s 15.3 MiB/s
twofish-cbc 128b 18.9 MiB/s 19.1 MiB/s
aes-cbc 256b 38.5 MiB/s 39.6 MiB/s
serpent-cbc 256b 14.7 MiB/s 15.3 MiB/s
twofish-cbc 256b 18.9 MiB/s 19.1 MiB/s
aes-xts 256b 17.7 MiB/s 17.6 MiB/s
serpent-xts 256b 14.9 MiB/s 15.2 MiB/s
twofish-xts 256b 19.5 MiB/s 18.9 MiB/s
aes-xts 512b 14.1 MiB/s 14.0 MiB/s
serpent-xts 512b 14.9 MiB/s 15.2 MiB/s
twofish-xts 512b 19.5 MiB/s 18.9 MiB/s



I`ve also found a problem. I can crash the machine by doind SCP onto a LUKS encrypted mount.
scp somebigfile.bin root@nas:/mnt/encrypteddrive/

ssh and luks both using marvell_cesa and aes-cbc-256

So what is the best way to use hardware cryptography?
I have NSA310 with Debian 8.2 @ 4.2.0-kirkwood-tld-1 and I can't install cryptodev. cryptodev.ko exist in "extra" modules directory, but I can't load it by modprobe.

Maybe better way is using marvell_cesa which is built in new bodhi kernel? How can I use it with OpenSSL?

i'll try out the new kernel tomorrow, sounds promising!
but I'm also a bit unsure how to activate the module, could anybody hint on how to use the new driver with openvpn?

FYI,

There is a quite a bit of patches in linux 4.4 for marvell_cesa.

-bodhi
===========================
Forum Wiki
bodhi's corner (buy bodhi a beer)

I think I figured out how to activate marvell_cesa in 4.2

first, check if marvell is working:
cat /proc/crypto |grep -C 2 "marvell"


create these two files :

vi /etc/modprobe.d/marvell_cesa.conf
options marvell_cesa allhwsupport=1

vi /etc/modprobe.d/mv_cesa.conf
blacklist mv_cesa

Unfortunately, openvpn still takes up around 30% of CPU on the goflexhome when downloading at around 1 MB/s, pretty much the same as before using marvell_cesa.

Please, can anyone help me? I've tried everything and searched everywhere: I can't compile cryptodev at all. The "make" command doesn't work, here is the output:

# make
make -C /lib/modules/3.14.0-kirkwood-tld-1/build SUBDIRS=`pwd` modules
make: *** /lib/modules/3.14.0-kirkwood-tld-1/build: No such file or directory.  Stop.
make: *** [build] Error 2

I have linux-headers-3.14.0-kirkwood-tld-1 installed but no luck. I'm on a Pogoplug V4 (mobile) running debian-3.14.0-kirkwood-tld-1. Thank you so much for atleast taking the time to read my post!

Folder /lib/modules/3.14.0-kirkwood-tld-1/build should exist if everything is installed properly. Reinstall linux-headers-3.14.0-kirkwood-tld-1 and post output how you installed it here.





Liam80 Wrote:
-------------------------------------------------------
> Please, can anyone help me? I've tried everything

> make: ***
> /lib/modules/3.14.0-kirkwood-tld-1/build: No such
> file or directory. Stop.
> make: *** [build] Error 2
> [/code]
>
>
> I have linux-headers-3.14.0-kirkwood-tld-1
> installed but no luck. I'm on a Pogoplug V4
> (mobile) running debian-3.14.0-kirkwood-tld-1.
> Thank you so much for atleast taking the time to
> read my post!

cryptodev 1.8 is building successfully against linux.4.4 but make check is still failing


http://pastebin.com/MBBjyLYk <- seen via ssh

http://pastebin.com/r47xKdnU <- kernel log

I'm using marvell_cesa as chrishelms mentioned

perhaps I'm using the wrong device .. let's see the result on other kirkwood devices


Edit


tested devices:

- ZyXEL NSA325v2
- Iomega iConnect
- Seagate GoFlex Net


It's the same on all devices



Edited 2 time(s). Last edit at 01/18/2016 09:16AM by pengu.

Finally got this working:

auzn@goflex-home:/media/part1/openssl$ openssl engine cryptodev
(cryptodev) cryptodev engine
auzn@goflex-home:/media/part1/openssl$ openssl speed -evp aes-128-cbc
Doing aes-128-cbc for 3s on 16 size blocks: 53796 aes-128-cbc's in 0.18s
Doing aes-128-cbc for 3s on 64 size blocks: 52113 aes-128-cbc's in 0.22s
Doing aes-128-cbc for 3s on 256 size blocks: 51991 aes-128-cbc's in 0.30s
Doing aes-128-cbc for 3s on 1024 size blocks: 40134 aes-128-cbc's in 0.17s
Doing aes-128-cbc for 3s on 8192 size blocks: 13103 aes-128-cbc's in 0.07s
OpenSSL 1.0.1k 8 Jan 2015
built on: Sun May 15 14:39:19 2016
options:bn(64,32) rc4(ptr,char) des(idx,cisc,16,long) aes(partial) blowfish(ptr)
compiler: -I. -I.. -I../include  -fPIC -DOPENSSL_PIC -DOPENSSL_THREADS -D_REENTRANT -DDSO_DLFCN -DHAVE_DLFCN_H -DL_ENDIAN -DTERMIO -g -O2 -fstack-protector-strong -Wformat -Werror=format-security -DHAVE_CRYPTODEV -DUSE_CRYPTODEV_DIGESTS -DHASH_MAX_LEN=64 -D_FORTIFY_SOURCE=2 -Wl,-z,relro -Wa,--noexecstack -Wall -DOPENSSL_BN_ASM_MONT -DOPENSSL_BN_ASM_GF2m -DSHA1_ASM -DSHA256_ASM -DSHA512_ASM -DAES_ASM -DGHASH_ASM
The 'numbers' are in 1000s of bytes per second processed.
type             16 bytes     64 bytes    256 bytes   1024 bytes   8192 bytes
aes-128-cbc       4781.87k    15160.15k    44365.65k   241748.33k  1533425.37k

I am using bodhi's kernel 4.5. I generally followed Don's guide to get this working. Don's guide is the best I can find on this, but given the age of the guide, I still need to google around a lot to get everything working. There are quite a few places that needs to be changed:

1. To compile cryptodev, linux-headers 4.5 must be installed. Bodhi's kernel included the headers in the tarball. So we can find a linux-header-*.deb in /boot and it can be installed with dpkg -i . However, the 4.5 header in particular did not create a link from /lib/modules/$(uname -r)/build to /usr/src/$(uname -r)/ for me, so it is necessary to make one manually.

2. make cryptodev worked fine, but make check will hang at ./cipher-gcm and result in a oops in the kernel. This seems to be related to a current bug in the kernel. As long as the make works, it did not seem to affect anything yet. I am not a linux expert, so I am not sure about this.

3. After install cryptodev, do depmod -a before modprobe cryptodev. In my case, without depmod -a, modprobe cannot find the new cryptodev module.

4. The biggest confusion I have in the process is the patch file for eng_cryptodev.c . I did not use the file Don provided but tried to use the patches from Niko. There are two patches: 0001 and 0002. 0001 works without any modification, but 0002 needs to be edited first. Specifically, the #ifdef to #endif at the end of the 0002 patch needs to be remove. Then it will work.

5. The openssl source file from apt-get source openssl does not compile because of a recently (May 10th) expired certificate used for testing. The expired certificates are in test/smime-cert/ . I replaced the folder with certificates from a ubuntu openssl package.


Edit: The system crushed sometime later after I did this. I am not exactly sure why yet. However, the system could not boot after the crush because I forgot the set cryptodev to load automatically at boot. So it is important to do so before reboot.



Edited 1 time(s). Last edit at 05/20/2016 08:59PM by auzn.

Thanks auzn, I'l make a note in the mini wiki thread for these hints!

-bodhi
===========================
Forum Wiki
bodhi's corner (buy bodhi a beer)

I'm having problems with compilation of cryptodev, I use bodhi's kernel (4.15.2-kirkwood-tld-1 #1 PREEMPT Fri Feb 9 01:52:00 PST 2018 armv5tel GNU/Linux) and rootfs on Debian 8.
After installing the headers I had to create the build folder link manually.

I follow the instructions, and try to build the latest cryptodev-linux from github but I get the error:

# make
make -C /lib/modules/4.15.2-kirkwood-tld-1/build M=/root/inst/cryptodev-linux modules
make[1]: Entering directory '/usr/src/linux-headers-4.15.2-kirkwood-tld-1'
  CC [M]  /root/inst/cryptodev-linux/ioctl.o
In file included from ./include/linux/netfilter.h:8:0,
                 from ./include/linux/netfilter/nf_conntrack_tuple_common.h:6,
                 from ./include/linux/netfilter/nf_conntrack_dccp.h:29,
                 from ./include/net/netns/conntrack.h:11,
                 from ./include/net/net_namespace.h:27,
                 from ./include/linux/netdevice.h:42,
                 from ./include/linux/rtnetlink.h:7,
                 from /root/inst/cryptodev-linux/ioctl.c:47:
./include/linux/if.h:28:54: fatal error: sys/socket.h: No such file or directory
 #include <sys/socket.h>   /* for struct sockaddr.  */
                                                      ^
compilation terminated.
scripts/Makefile.build:316: recipe for target '/root/inst/cryptodev-linux/ioctl.o' failed
make[2]: *** [/root/inst/cryptodev-linux/ioctl.o] Error 1
Makefile:1508: recipe for target '_module_/root/inst/cryptodev-linux' failed
make[1]: *** [_module_/root/inst/cryptodev-linux] Error 2
make[1]: Leaving directory '/usr/src/linux-headers-4.15.2-kirkwood-tld-1'
Makefile:27: recipe for target 'build' failed
make: *** [build] Error 2

The sys/socket.h however sits within /usr/include/arm-linux-gnueabi folder.
If I modify Makefile to include that, the features.h is missing, when I include the /usr/include folder I get tons of messages warning of types redefinitions.

This machine was installed long ago could that be a problem with my rootfs?

BR,
racic

racic,

did you managed to solve the issue?
I am seeing the same now (I am trying to follow this guide first time)

ayosher

i have just cross-build it on my debian machine without any issue for 5.1 kernel. you can get module using this link cryptodev.ko

thefear@ix2:~$ uname -a 
Linux ix2 5.1.0-kirkwood-tld-1 #1 PREEMPT Tue May 7 00:16:02 PDT 2019 armv5tel GNU/Linux
thefear@ix2:~$ lsmod|grep cryptodev
cryptodev              45056  0

the real problem is to get openssl work with cryptodev now.
it looks like in openssl1.1.0j eng_cryptodev.c is refactored and i am unable to patch it using files Provided by Nikos in 2014year even manually.

Is there any chance to get new patches?

so there is no cryptodev in new openssl. for some licence reason they made a new cryptodev implementation called devcrypto.

the key is to configure openssl with this key enable-devcryptoeng

git clone https://github.com/openssl/openssl.git
./Configure linux-armv4 no-idea no-mdc2 no-rc5 no-zlib no-ssl3 enable-unit-test no-ssl3-method enable-rfc3779 enable-cms enable-devcryptoeng
make
make install

root@ix2:~/openssl# /usr/local/bin/openssl engine devcrypto
(devcrypto) /dev/crypto engine

TheFeaR,

> so there is no cryptodev in new openssl. for
> some licence reason they made a new
> cryptodev implementation called
> devcrypto.
>
> the key is to configure openssl with this key
> enable-devcryptoeng
>
> git clone https://github.com/openssl/openssl.git
> ./Configure linux-armv4 no-idea no-mdc2 no-rc5
> no-zlib no-ssl3 enable-unit-test no-ssl3-method
> enable-rfc3779 enable-cms enable-devcryptoeng
> make
> make install
>
>

> root@ix2:~/openssl# /usr/local/bin/openssl engine
> devcrypto
> (devcrypto) /dev/crypto engine
>

Thanks for the info!

-bodhi
===========================
Forum Wiki
bodhi's corner (buy bodhi a beer)

I had a really bad time compiling openvpn but filnally i did it.

in attach you can find last versions of openvpn and openssl all statically linked [no need for side packets installation] both supporting devcrypto.

openvpn compiled to run only as client.[no server mode] and without systemd support so you should write service file by yourself.

openvpn+openssl

just extract is to / using

tar xzvf vpn.tar.gz -C /

oot@ix2:~# openssl version -a
OpenSSL 3.0.0-dev xx XXX xxxx
built on: Thu May 16 12:51:18 2019 UTC
platform: linux-armv4
options:  bn(64,32) rc4(char) des(long) blowfish(ptr) 
compiler: arm-linux-gnueabi-gcc -fPIC -pthread -Wa,--noexecstack -Wall -O3 -DOPENSSL_USE_NODELETE -DOPENSSL_PIC -DOPENSSL_CPUID_OBJ -DOPENSSL_BN_ASM_MONT -DOPENSSL_BN_ASM_GF2m -DSHA1_ASM -DSHA256_ASM -DSHA512_ASM -DKECCAK1600_ASM -DAES_ASM -DBSAES_ASM -DGHASH_ASM -DECP_NISTZ256_ASM -DPOLY1305_ASM -DNDEBUG
OPENSSLDIR: "/usr/local/ssl"
ENGINESDIR: "/usr/local/lib/engines-3"
MODULESDIR: "/usr/local/lib/ossl-modules"
Seeding source: os-specific

root@ix2:~# openvpn --version
OpenVPN 2.4.7 arm-unknown-linux-gnueabi [SSL (OpenSSL)] [LZO] [LZ4] [EPOLL] [MH/PKTINFO] [AEAD] built on May 24 2019
library versions: OpenSSL 3.0.0-dev xx XXX xxxx, LZO 2.10
Originally developed by James Yonan
Copyright (C) 2002-2018 OpenVPN Inc <sales@openvpn.net>
Compile time defines: enable_async_push=no enable_comp_stub=no enable_crypto=yes enable_crypto_ofb_cfb=yes enable_debug=no enable_def_auth=yes enable_dlopen=unknown enable_dlopen_self=unknown enable_dlopen_self_static=unknown enable_fast_install=needless enable_fragment=yes enable_iproute2=no enable_libtool_lock=yes enable_lz4=yes enable_lzo=yes enable_management=yes enable_multihome=yes enable_pam_dlopen=no enable_pedantic=no enable_pf=yes enable_pkcs11=no enable_plugin_auth_pam=no enable_plugin_down_root=no enable_plugins=no enable_port_share=yes enable_selinux=no enable_server=no enable_shared=no enable_shared_with_static_runtimes=no enable_small=no enable_static=yes enable_strict=no enable_strict_options=no enable_systemd=no enable_werror=no enable_win32_dll=yes enable_x509_alt_username=no with_aix_soname=aix with_crypto_library=openssl with_gnu_ld=yes with_mem_check=no with_sysroot=no

openssl performance on this script

root@ix2:~# cat 2.sh 
#!/bin/bash

openssl speed -evp md4 2>&1 | tail -2
openssl speed -evp md5 -engine devcrypto 2>&1 | tail -1
openssl speed -evp sha1 -engine devcrypto 2>&1 | tail -1
openssl speed -evp sha1 -engine devcrypto 2>&1 | tail -1
openssl speed -evp sha256 -engine devcrypto 2>&1 | tail -1
openssl speed -evp sha512 -engine devcrypto 2>&1 | tail -1
openssl speed -evp seed-cbc -engine devcrypto 2>&1 | tail -1
openssl speed -evp rc2-cbc -engine devcrypto 2>&1 | tail -1
openssl speed -evp bf-cbc -engine devcrypto 2>&1 | tail -1
openssl speed -evp des-cbc -engine devcrypto 2>&1 | tail -1
openssl speed -evp des-ede3 -engine devcrypto 2>&1 | tail -1
openssl speed -evp aes-128-cbc -engine devcrypto 2>&1 | tail -1
openssl speed -evp aes-192-cbc -engine devcrypto 2>&1 | tail -1
openssl speed -evp aes-256-cbc -engine devcrypto 2>&1 | tail -1
openssl speed -evp camellia-128-cbc -engine devcrypto 2>&1 | tail -1
openssl speed -evp camellia-192-cbc -engine devcrypto 2>&1 | tail -1
openssl speed -evp camellia-256-cbc -engine devcrypto 2>&1 | tail -1
openssl speed -evp rc4 -engine devcrypto 2>&1 | tail -1
openssl speed -evp cast -engine devcrypto 2>&1 | tail -1

is following:

root@ix2:~# sh ./2.sh
type             16 bytes     64 bytes    256 bytes   1024 bytes   8192 bytes  16384 bytes
md4               3858.69k    13959.79k    41624.83k    82193.53k   114073.60k   115586.65k
md5                744.18k     2886.24k    11025.86k    41708.50k   428400.64k   710583.72k
sha1               593.12k     2175.76k    12366.15k    41272.08k   818626.56k  1037554.04k
sha1               579.80k     3468.99k    15440.21k    37219.13k   245543.15k   872258.95k
sha256             641.10k     2373.69k     7569.12k    16949.08k    26301.78k    27181.06k
sha512             967.91k     3909.46k     6993.66k    10539.24k    12455.13k    12528.30k
seed-cbc          9132.63k    12005.46k    13036.39k    13323.99k    13345.21k    13254.66k
rc2-cbc           8557.58k    10060.15k    10507.18k    10667.75k    10663.44k    10668.78k
bf-cbc           13041.08k    16977.34k    18300.97k    18757.35k    18797.91k    18625.73k
des-cbc           6002.33k    18942.63k    66012.80k   730030.08k  1649751.77k  4588066.13k
des-ede3          3015.56k     3204.02k     3243.18k     3266.04k     3265.84k     3249.49k
aes-128-cbc       6031.13k    23757.96k   355618.13k   329625.60k  3212083.20k         infk
aes-192-cbc       3840.94k    36640.91k    74466.74k   443596.80k  3087018.67k  4157440.00k
aes-256-cbc       5122.09k    17618.35k    94459.35k   252840.23k  1729945.60k         infk
camellia-128-cbc    10064.92k    13438.24k    14643.97k    15026.77k    15081.47k    15014.10k
camellia-192-cbc     8415.22k    10742.43k    11492.86k    11778.44k    11794.84k    11726.34k
camellia-256-cbc     8476.33k    10738.53k    11492.86k    11745.18k    11790.93k    11681.79k
rc4              31972.68k    51583.79k    60758.49k    63884.93k    64506.54k    64325.25k
cast5-cbc        13209.57k    17576.16k    19090.94k    19598.81k    19647.15k    19518.33k

TheFeaR,

Nicely done!

-bodhi
===========================
Forum Wiki
bodhi's corner (buy bodhi a beer)

Added to Wiki thread

Quote

Hardware Cryptography

Marvell CESA (also see correction post in this thread)
Marvell CESA in kernel 4.4 performance
Hardware Cryptography cryptodev/openssl On arm5/Debian (build circa 2019)

-bodhi
===========================
Forum Wiki
bodhi's corner (buy bodhi a beer)