[EXPERIMENTAL]Hardware Crypto on kickwood device with debian buster September 04, 2019 04:03AM |
Registered: 4 years ago Posts: 10 |
openssl_conf = default_conf [default_conf] ssl_conf = ssl_sect engines = afalg_sect [afalg_sect] afalg = afalg_engine_on [afalg_engine_on] default_algorithms = ALL init = 1Verify: "openssl engine". If you see
(dynamic) Dynamic engine loading support (afalg) AFALG engine supportthen it's working. And you have to use either AES128-CBC/AES192-CBC/AES256-CBC in the specific program's cipher setting. I'm not going to cover those setting.
Quote
BTW I'm not a cryptography expert but as far as I know CBC mode is still "acceptable safe" to date as long as you have all the security patch and TLS ver ≥1.1. This is certainly not the most secure mode anymore and it may become unsafe in the future. You have been warned
apt source openssh cd openssh-x.x.x # Edit debian/rules and add it to common build options: confflags += --with-sandbox=no dpkg-buildpackage -b -us # After finished. Install the debs and job doneYou can freeze the openssh version by "apt-mark hold" to avoid accidently update your openssh.
(devcrypto) /dev/crypto enginethen it's working.
OPENSSL_CONF=/path/to/engine/afalg.cnf sshd
Re: [EXPERIMENTAL]Hardware Crypto on kickwood device with debian buster September 04, 2019 04:06AM |
Registered: 4 years ago Posts: 10 |
Software type 16 bytes 64 bytes 256 bytes 1024 bytes 8192 bytes 16384 bytes md4 2722.18k 9854.38k 28290.99k 53199.87k 71554.39k 72204.29k md5 2624.53k 9288.04k 25463.21k 45150.89k 58217.81k 58698.41k sha1 2185.57k 6787.61k 15682.05k 23386.45k 27249.32k 27383.13k sha256 1838.62k 5413.55k 11722.75k 16576.51k 18800.64k 18928.98k sha512 782.49k 3129.15k 5093.63k 7302.14k 8350.38k 8410.45k seed-cbc 5682.78k 7678.91k 8421.21k 8622.42k 8669.87k 8605.68k rc2-cbc 5222.04k 6596.48k 7061.16k 7196.33k 7225.34k 7208.96k bf-cbc 7275.10k 10337.98k 11551.32k 11906.39k 11990.36k 11900.25k des-cbc 4284.48k 5318.12k 5657.17k 5753.17k 5772.63k 5756.25k des-ede3 1717.97k 1801.34k 1820.50k 1826.47k 1818.03k 1824.09k aes-128-cbc 7139.94k 10119.32k 11303.00k 11645.61k 11730.94k 11692.71k aes-192-cbc 6484.08k 8852.16k 9745.15k 9985.02k 10051.58k 10027.01k aes-256-cbc 5933.29k 7865.71k 8559.62k 8753.15k 8809.13k 8781.82k camellia-128-cbc 6486.85k 9001.51k 9959.34k 10229.42k 10291.88k 10205.98k camellia-192-cbc 5507.29k 7205.87k 7813.46k 7975.94k 8019.97k 7979.01k camellia-256-cbc 5498.62k 7211.39k 7816.28k 7976.96k 8017.24k 7984.47k rc4 16630.41k 30758.76k 39129.43k 41958.40k 42833.24k 42435.10k cast5-cbc 7442.66k 10786.60k 12143.02k 12535.47k 12626.60k 12539.22k devcrypto(no hash) type 16 bytes 64 bytes 256 bytes 1024 bytes 8192 bytes 16384 bytes md4 2722.72k 9863.34k 28256.94k 53164.37k 71488.85k 72198.83k md5 2622.62k 9290.20k 25420.37k 45139.97k 58253.31k 58709.33k sha1 2185.84k 6790.59k 15698.69k 23368.36k 27254.78k 27399.51k sha256 1835.02k 5408.98k 11733.67k 16566.95k 18819.75k 18928.98k sha512 777.93k 3111.53k 5078.70k 7298.39k 8350.38k 8382.51k seed-cbc 5668.70k 7670.57k 8409.60k 8613.21k 8672.60k 8623.45k rc2-cbc 5224.66k 6597.16k 7054.93k 7184.04k 7222.61k 7203.50k bf-cbc 7266.79k 10320.17k 11550.98k 11927.37k 12027.72k 11940.05k des-cbc 176.32k 703.15k 2809.09k 8457.08k 30488.49k 36422.89k des-ede3 1723.68k 1803.29k 1832.84k 1836.69k 1829.55k 1824.09k aes-128-cbc 176.46k 701.38k 2799.53k 8301.91k 25679.19k 22189.40k aes-192-cbc 173.95k 693.48k 2771.63k 8152.41k 24586.92k 21315.58k aes-256-cbc 175.72k 700.89k 2798.08k 8094.04k 23803.22k 20682.07k camellia-128-cbc 6486.53k 8990.14k 9952.17k 10213.38k 10289.15k 10234.54k camellia-192-cbc 5513.48k 7205.06k 7805.70k 7974.91k 8014.51k 8000.21k camellia-256-cbc 5511.72k 7206.98k 7807.74k 7999.19k 8044.05k 7979.01k rc4 16621.46k 30820.75k 39183.58k 42052.84k 42811.39k 42314.41k cast5-cbc 7453.44k 10802.28k 12179.44k 12559.58k 12629.33k 12533.76k devcrypto(w/ hash) type 16 bytes 64 bytes 256 bytes 1024 bytes 8192 bytes 16384 bytes md4 888.85k 3446.70k 12095.49k 32558.42k 64353.62k 67960.83k md5 105.24k 311.98k 1247.91k 4413.44k 22994.94k 32123.56k sha1 104.72k 310.36k 1240.75k 4352.68k 21121.71k 30108.33k sha256 761.06k 2649.45k 7452.50k 13649.58k 17986.90k 18278.23k sha512 483.14k 1940.82k 4055.38k 6613.33k 8118.27k 8252.07k seed-cbc 5600.77k 7557.95k 8275.46k 8485.89k 8566.10k 8548.17k rc2-cbc 5139.08k 6491.09k 6947.93k 7071.74k 7128.96k 7121.58k bf-cbc 7157.43k 10165.48k 11413.33k 11724.12k 11793.75k 11763.71k des-cbc 172.36k 688.79k 2754.22k 8364.37k 30089.22k 35973.80k des-ede3 1700.85k 1774.29k 1794.90k 1805.99k 1818.62k 1802.24k aes-128-cbc 173.11k 675.54k 2698.92k 8060.93k 25351.51k 22173.01k aes-192-cbc 170.45k 679.59k 2730.24k 8029.53k 24491.35k 21381.12k aes-256-cbc 170.69k 678.68k 2717.44k 7923.03k 23519.23k 20611.07k camellia-128-cbc 6387.72k 8881.83k 9835.97k 10103.35k 10161.92k 10070.70k camellia-192-cbc 5427.82k 7114.77k 7742.93k 7875.55k 7891.63k 7864.32k camellia-256-cbc 5400.30k 7094.31k 7682.90k 7849.64k 7891.63k 7853.40k rc4 16359.03k 30267.09k 38463.15k 41235.46k 42276.18k 41872.04k cast5-cbc 7340.99k 10604.95k 11952.30k 12482.25k 12451.84k 12337.15k AFALG type 16 bytes 64 bytes 256 bytes 1024 bytes 8192 bytes 16384 bytes md4 2721.70k 9860.42k 28274.60k 53107.71k 71467.01k 72204.29k md5 2622.15k 9300.91k 25444.18k 45130.41k 58187.78k 58736.64k sha1 2187.27k 6580.26k 15610.45k 23381.67k 27249.32k 27366.74k sha256 1837.62k 5408.36k 11730.77k 16567.30k 18825.22k 18912.60k sha512 778.44k 3107.82k 5080.23k 7292.25k 8353.11k 8410.45k seed-cbc 5643.20k 7672.55k 8413.44k 8624.81k 8667.14k 8634.37k rc2-cbc 5218.85k 6595.58k 7058.77k 7192.23k 7222.61k 7185.01k bf-cbc 7286.44k 10320.41k 11590.21k 11905.71k 11998.55k 11911.17k des-cbc 4291.94k 5317.55k 5658.37k 5744.64k 5707.09k 5690.71k des-ede3 1718.94k 1803.78k 1824.51k 1828.52k 1826.82k 1823.47k aes-128-cbc 103.81k 411.48k 1621.59k 5250.73k 18773.33k 22844.76k aes-192-cbc 104.05k 412.03k 1629.61k 5142.53k 18631.34k 22391.47k aes-256-cbc 103.34k 408.19k 1622.27k 5082.79k 17937.75k 21621.42k camellia-128-cbc 6493.03k 9002.88k 9958.74k 10233.51k 10302.81k 10240.00k camellia-192-cbc 5500.22k 7207.13k 7816.28k 7979.69k 8019.97k 7984.47k camellia-256-cbc 5505.26k 7213.44k 7819.18k 7974.23k 8019.97k 7984.47k rc4 16637.58k 30748.93k 39127.81k 41966.93k 42860.54k 42445.48k cast5-cbc 7451.31k 10774.06k 12136.02k 12542.63k 12640.26k 12544.68k
Felix
Re: [EXPERIMENTAL]Hardware Crypto on kickwood device with debian buster December 14, 2020 02:15PM |