Modify

Opened 6 years ago

Closed 6 years ago

Last modified 4 years ago

#10410 closed defect (fixed)

alix hardware assisted crypto doesn't work on trunk without kmod-crypto-cbc

Reported by: adam2104 <openwrt@…> Owned by: developers
Priority: normal Milestone: Barrier Breaker 14.07
Component: packages Version: Trunk
Keywords: Cc:

Description

By default, the alix2 target in trunk includes most, but not all, the bits needed to enable hardware crypto on the alix platform:

kmod-crypto-hw-geode
kmod-crypto-ocf

Unfortunately, the crypto engine also requires these two modules:
kmod-crypto-aes
kmod-crypto-cbc

The AES module gets installed as part of the dependancies for the wireless drivers that are included. Unforunately, the CBC module does not. This yields to non-functioning hardware-crytpo.

Here are the OpenSSL tests without kmod-crypto-cbc:

root@OpenWrt:/# openssl speed -evp aes-128-cbc -engine cryptodev
Error allocating fallback algo cbc(aes)
Error allocating fallback algo cbc(aes)
Error allocating fallback algo cbc(aes)
Error allocating fallback algo cbc(aes)
Error allocating fallback algo cbc(aes)
Error allocating fallback algo cbc(aes)
engine "cryptodev" set.
Doing aes-128-cbc for 3s on 16 size blocks: 820652 aes-128-cbc's in 3.01s
Doing aes-128-cbc for 3s on 64 size blocks: 230400 aes-128-cbc's in 3.01s
Doing aes-128-cbc for 3s on 256 size blocks: 59647 aes-128-cbc's in 3.00s
Doing aes-128-cbc for 3s on 1024 size blocks: 15089 aes-128-cbc's in 3.02s
Doing aes-128-cbc for 3s on 8192 size blocks: 1885 aes-128-cbc's in 3.00s
OpenSSL 1.0.0e 6 Sep 2011
built on: Sat Nov 12 18:42:24 EST 2011

The 'numbers' are in 1000s of bytes per second processed.
type             16 bytes     64 bytes    256 bytes   1024 bytes   8192 bytes
aes-128-cbc       4362.27k     4898.87k     5089.88k     5116.27k     5147.31k

Note the error messages and the relatively low speeds reported in the last line. Re-running the same test on an image that includes the CBC kmod yields much faster results:

root@OpenWrt:/# openssl speed -evp aes-128-cbc -engine cryptodev
engine "cryptodev" set.
Doing aes-128-cbc for 3s on 16 size blocks: 137121 aes-128-cbc's in 0.07s
Doing aes-128-cbc for 3s on 64 size blocks: 133050 aes-128-cbc's in 0.16s
Doing aes-128-cbc for 3s on 256 size blocks: 113787 aes-128-cbc's in 0.10s
Doing aes-128-cbc for 3s on 1024 size blocks: 71551 aes-128-cbc's in 0.14s
Doing aes-128-cbc for 3s on 8192 size blocks: 16147 aes-128-cbc's in 0.05s
OpenSSL 1.0.0e 6 Sep 2011
built on: Sat Nov 12 19:23:11 EST 2011

The 'numbers' are in 1000s of bytes per second processed.
type             16 bytes     64 bytes    256 bytes   1024 bytes   8192 bytes
aes-128-cbc      31341.94k    53220.00k   291294.72k   523344.46k  2645524.48k

Would it be possible to explicitly include these two packages to ensure the crypto works:

kmod-crypto-aes
kmod-crypto-cbc

The alix platform has 256megs of ram and a compact flash card based disk. The added space shouldn't pose any risk to the system.

Attachments (0)

Change History (3)

comment:1 Changed 6 years ago by anonymous

Thanks for solution!

comment:2 Changed 6 years ago by jow

  • Resolution set to fixed
  • Status changed from new to closed

See r30980.

comment:3 Changed 4 years ago by jow

  • Milestone changed from Attitude Adjustment 12.09 to Barrier Breaker 14.07

Milestone Attitude Adjustment 12.09 deleted

Add Comment

Modify Ticket

Action
as closed .
The resolution will be deleted. Next status will be 'reopened'.
Author


E-mail address and user name can be saved in the Preferences.

 
Note: See TracTickets for help on using tickets.