Enable CRYPTO_ADIANTUM for better encryption performances

Discussion about U-Boot and the kernel.

Enable CRYPTO_ADIANTUM for better encryption performances

Postby Sbyrr0 » Mon Jan 25, 2021 12:05 am

Since many ARM devices lacks hadware support for AES instructions, why not making these new ciphers available?
Found a discussion here: https://github.com/raspberrypi/linux/issues/3648
Example usage of the new cipher on Raspberry Pi 3/4 running Ubuntu Server 20.04: https://github.com/ViRb3/pi-encrypted-b ... n-the-host
Sbyrr0
 
Posts: 28
Joined: Wed May 13, 2020 10:05 pm

Re: Enable CRYPTO_ADIANTUM for better encryption performance

Postby graysky » Mon Jan 25, 2021 4:30 pm

For which kernel would you like to see additional modules build? What specific ciphers and options are lacking? The link you posted called out a few:
$this->bbcode_second_pass_code('', 'CONFIG_CRYPTO_ADIANTUM=m
CONFIG_CRYPTO_CHACHA20_NEON=m
CONFIG_CRYPTO_NHPOLY1305_NEON=m')
graysky
Developer
 
Posts: 1723
Joined: Sun Jun 26, 2011 6:56 am
Location: /run/user/1000

Re: Enable CRYPTO_ADIANTUM for better encryption performance

Postby Sbyrr0 » Mon Jan 25, 2021 7:33 pm

$this->bbcode_second_pass_quote('', 'F')or which kernel would you like to see additional modules build?

At the moment I'm using Arch Linux ARM in a Raspberry Pi 2, so current kernel is package is `core/linux-raspberrypi 5.4.83-5`
$this->bbcode_second_pass_quote('', 'W')hat specific ciphers and options are lacking?

The command cryptsetup benchmark -c xchacha12,aes-adiantum for instance works fine on my computer, while on my Raspberry Pi returns the following:
$this->bbcode_second_pass_code('', 'Cipher xchacha12,aes-adiantum (with 256 bits key) is not available.')
Here's a comparison of the output between my computer (5.10.10-1-MANJARO) and my Raspberry Pi (5.4.83-5-ARCH), I marked the missing files:

find /usr/lib/modules -iname "*adiantum*"
$this->bbcode_second_pass_code('', '
* /usr/lib/modules/5.10.10-1-MANJARO/build/include/config/crypto/adiantum.h
* /usr/lib/modules/5.10.10-1-MANJARO/kernel/crypto/adiantum.ko.xz
')

$this->bbcode_second_pass_code('', '
')

find /usr/lib/modules -iname "*chacha*"
$this->bbcode_second_pass_code('', '
build/include/config/crypto/chacha20
build/include/config/crypto/chacha20poly1305.h
* build/include/config/crypto/lib/chacha20poly1305.h
* build/include/config/crypto/lib/chacha.h
* build/include/config/crypto/lib/chacha
* build/include/config/crypto/arch/have/lib/chacha.h
build/include/config/crypto/chacha20.h
* build/include/crypto/chacha20poly1305.h
build/include/crypto/chacha.h
* build/include/crypto/internal/chacha.h
* kernel/lib/crypto/libchacha20poly1305.ko.xz
* kernel/lib/crypto/libchacha.ko.xz
kernel/crypto/chacha20poly1305.ko.xz
kernel/crypto/chacha_generic.ko.xz
kernel/arch/x86/crypto/chacha-x86_64.ko.xz
')

$this->bbcode_second_pass_code('', '
build/include/crypto/chacha.h
build/include/config/crypto/chacha20poly1305.h
build/include/config/crypto/chacha20.h
build/include/config/crypto/chacha20
kernel/crypto/chacha_generic.ko.gz
kernel/crypto/chacha20poly1305.ko.gz
kernel/arch/arm/crypto/chacha-neon.ko.gz
')

zgrep -E 'ADIANTUM|CHACHA|POLY1305' /proc/config.gz'
$this->bbcode_second_pass_code('', '
CONFIG_CRYPTO_CHACHA20POLY1305=m
CONFIG_CRYPTO_NHPOLY1305=m
CONFIG_CRYPTO_NHPOLY1305_SSE2=m
CONFIG_CRYPTO_NHPOLY1305_AVX2=m
* CONFIG_CRYPTO_ADIANTUM=m
CONFIG_CRYPTO_POLY1305=m
* CONFIG_CRYPTO_POLY1305_X86_64=m
CONFIG_CRYPTO_CHACHA20=m
CONFIG_CRYPTO_CHACHA20_X86_64=m
* CONFIG_CRYPTO_ARCH_HAVE_LIB_CHACHA=m
* CONFIG_CRYPTO_LIB_CHACHA_GENERIC=m
* CONFIG_CRYPTO_LIB_CHACHA=m
* CONFIG_CRYPTO_LIB_POLY1305_RSIZE=11
* CONFIG_CRYPTO_ARCH_HAVE_LIB_POLY1305=m
* CONFIG_CRYPTO_LIB_POLY1305_GENERIC=m
* CONFIG_CRYPTO_LIB_POLY1305=m
* CONFIG_CRYPTO_LIB_CHACHA20POLY1305=m
')

$this->bbcode_second_pass_code('', '
CONFIG_CRYPTO_CHACHA20_NEON=m
CONFIG_CRYPTO_NHPOLY1305_NEON=m
CONFIG_CRYPTO_CHACHA20POLY1305=m
CONFIG_CRYPTO_NHPOLY1305=m
# CONFIG_CRYPTO_ADIANTUM is not set
CONFIG_CRYPTO_POLY1305=m
CONFIG_CRYPTO_CHACHA20=m
')


Also, any plan to ship the wireguard module in these kernel? I can only see it in "linux-armv7", "linux-armv7-rc" and "linux-am33x", but neither on "linux-raspberrypi" or "linux-raspberrypi4".

---

Edit: it seems that you enabled the wireguard module, thank you
Last edited by Sbyrr0 on Sat Jan 30, 2021 4:39 pm, edited 1 time in total.
Sbyrr0
 
Posts: 28
Joined: Wed May 13, 2020 10:05 pm

Re: Enable CRYPTO_ADIANTUM for better encryption performance

Postby Sbyrr0 » Wed Jan 27, 2021 4:23 pm

I can see it working in 5.10.10-2-ARCH, upstream has implemented it.
Sbyrr0
 
Posts: 28
Joined: Wed May 13, 2020 10:05 pm

Re: Enable CRYPTO_ADIANTUM for better encryption performance

Postby graysky » Wed Jan 27, 2021 5:07 pm

$this->bbcode_second_pass_quote('Sbyrr0', 'I') can see it working in 5.10.10-2-ARCH, upstream has implemented it.


Yes, I made this change a few days ago. So to confirm, you are getting what you wanted with our kernel, yes?
graysky
Developer
 
Posts: 1723
Joined: Sun Jun 26, 2011 6:56 am
Location: /run/user/1000
Top

Re: Enable CRYPTO_ADIANTUM for better encryption performance

Postby Sbyrr0 » Thu Jan 28, 2021 12:25 am

Yes, thank you, these are new benchmarks I can do:

uname -a
$this->bbcode_second_pass_code('', 'Linux Hostname 5.10.10-2-ARCH #1 SMP Tue Jan 26 16:16:37 UTC 2021 armv7l GNU/Linux')

cryptsetup benchmark -c xchacha12,aes-adiantum
$this->bbcode_second_pass_code('', '
Tests are approximate using memory only (no storage IO).
# Algorithm | Key | Encryption | Decryption
xchacha12,aes-adiantum 256b 39.4 MiB/s 53.2 MiB/s
')

cryptsetup benchmark -c xchacha20,aes-adiantum
$this->bbcode_second_pass_code('', '
# Tests are approximate using memory only (no storage IO).
# Algorithm | Key | Encryption | Decryption
xchacha20,aes-adiantum 256b 39.5 MiB/s 38.7 MiB/s
')

Comparison with the old one:
cryptsetup benchmark -c aes-xts -s 512
$this->bbcode_second_pass_code('', '
# Tests are approximate using memory only (no storage IO).
# Algorithm | Key | Encryption | Decryption
aes-xts 512b 11.9 MiB/s 12.4 MiB/s
')
---

Unrelated: every time I click on the '"Quote' button I see this error

$this->bbcode_second_pass_quote('', 'I')nformation
This topic is too old to reply, so, it's locked now. Thanks.
Sbyrr0
 
Posts: 28
Joined: Wed May 13, 2020 10:05 pm
Top


Return to U-Boot/Kernel

Who is online

Users browsing this forum: No registered users and 3 guests