Hardware Cryptography for Kirkwood

Guides written by the community, for the community, and only guides!

Re: Hardware Cryptography for Kirkwood

Postby ruidc » Wed Mar 07, 2012 10:36 pm

I'd be happy to test on my sheevaplug if you can post as concise instructions for testing as you have for installing it.

regards and thanks,
RuiDC
ruidc
 
Posts: 31
Joined: Wed Mar 07, 2012 10:32 pm
Location: Switzerland

Re: Hardware Cryptography for Kirkwood

Postby firefoxPL » Wed Mar 14, 2012 5:51 pm

My response time is beyond tragic, I guess it's normal when you change job and city though ;)

In order to test my problem, you would need to install openvpn:
$this->bbcode_second_pass_code('', '
pacman -S openvpn
')
then following the Arch wiki:
$this->bbcode_second_pass_code('', '
-- login as root or su (you could probably try doing it as normal user, if you have proper permissions for cryptodev)
# su
-- copy scripts
# cp -r /usr/share/openvpn/easy-rsa /root
-- enter script folder
# cd /root/easy-rsa
-- export env variables
# source ./vars
-- try building CA
# ./build-ca
')

On my pogo I get the following error after providing e-mail address:
$this->bbcode_second_pass_code('', '
1074787536:error:0606B06E:digital envelope routines:EVP_SignFinal:wrong public key type:p_sign.c:125:
1074787536:error:0D0C3006:asn1 encoding routines:ASN1_item_sign:EVP lib:a_sign.c:279:
')
Pogo-P24 (new Pogoplug Classic) - ALARM on SATA (mediatomb, netatalk, avahi, time machine, swap, openvpn)
Pogo-E02 (v2 Pink) - ALARM on USB (netatalk, avahi, cryptodev-linux, getting ready for L2TP)
firefoxPL
 
Posts: 65
Joined: Thu Dec 08, 2011 1:49 pm

Re: Hardware Cryptography for Kirkwood

Postby phdeez » Sun Mar 18, 2012 3:26 pm

I just wanted to drop in here and say this works a treat in sabnzbd for ssl connections on the dockstar. Before using an SSL enabled server sysload was over 0.90 (even sometimes >1.40), and now I'm seeing 0.40. This is running with 6 connections at ~8Mb/s or 990KB/s.

Great work!
phdeez
 
Posts: 25
Joined: Wed Apr 07, 2010 3:05 am

Re: Hardware Cryptography for Kirkwood

Postby ruidc » Sun Mar 18, 2012 7:44 pm

$this->bbcode_second_pass_quote('firefoxPL', '
')On my pogo I get the following error after providing e-mail address:
$this->bbcode_second_pass_code('', '
1074787536:error:0606B06E:digital envelope routines:EVP_SignFinal:wrong public key type:p_sign.c:125:
1074787536:error:0D0C3006:asn1 encoding routines:ASN1_item_sign:EVP lib:a_sign.c:279:
')


Sorry for my delay (late ski holidays) I get the same on my sheevaplug, just different prefix numbers.
ruidc
 
Posts: 31
Joined: Wed Mar 07, 2012 10:32 pm
Location: Switzerland

Re: Hardware Cryptography for Kirkwood

Postby firefoxPL » Mon Mar 19, 2012 6:27 pm

Thank You ruidc for confirming the issue for me I guess I'll need to wait for some other solution for OpenVPN. I only wonder whether this issue will cause other problems when using cryptodev with other software or is it more of a OpenVPN-OpenSSL (Cryptodev) centric problem.
Pogo-P24 (new Pogoplug Classic) - ALARM on SATA (mediatomb, netatalk, avahi, time machine, swap, openvpn)
Pogo-E02 (v2 Pink) - ALARM on USB (netatalk, avahi, cryptodev-linux, getting ready for L2TP)
firefoxPL
 
Posts: 65
Joined: Thu Dec 08, 2011 1:49 pm

Re: Hardware Cryptography for Kirkwood

Postby moonman » Tue Mar 20, 2012 6:18 am

Pogoplug V4 | GoFlex Home | Raspberry Pi 4 4GB | CuBox-i4 Pro | ClearFog | BeagleBone Black | Odroid U2 | Odroid C1 | Odroid XU4
-----------------------------------------------------------------------------------------------------------------------
[armv5] Updated U-Boot | [armv5] NAND Rescue System
moonman
Developer
 
Posts: 3388
Joined: Sat Jan 15, 2011 3:36 am

Re: Hardware Cryptography for Kirkwood

Postby firefoxPL » Tue Mar 20, 2012 8:39 pm

Sorry moonman but this is completely unrelated 'fix', since the openvpn crashes long before even writing server/client configuration or even running, actually it's openssl that crashes at creating certificate authority (CA) for openvpn.
Pogo-P24 (new Pogoplug Classic) - ALARM on SATA (mediatomb, netatalk, avahi, time machine, swap, openvpn)
Pogo-E02 (v2 Pink) - ALARM on USB (netatalk, avahi, cryptodev-linux, getting ready for L2TP)
firefoxPL
 
Posts: 65
Joined: Thu Dec 08, 2011 1:49 pm

Re: Hardware Cryptography for Kirkwood

Postby moonman » Tue Mar 20, 2012 8:52 pm

Oh well, I don't use OpenVPN but came across that link so I thought I would let you know. I didn't mean it as a 'fix', just some additional info :)
Pogoplug V4 | GoFlex Home | Raspberry Pi 4 4GB | CuBox-i4 Pro | ClearFog | BeagleBone Black | Odroid U2 | Odroid C1 | Odroid XU4
-----------------------------------------------------------------------------------------------------------------------
[armv5] Updated U-Boot | [armv5] NAND Rescue System
moonman
Developer
 
Posts: 3388
Joined: Sat Jan 15, 2011 3:36 am

Re: Hardware Cryptography for Kirkwood

Postby ruidc » Tue Mar 20, 2012 11:15 pm

I see that cryptodev has moved on a few versions recently to 1.4 (our repo is 1.2), I wonder if some of the fixes would help us?:
in particular this extract from mailing list

Version 1.4 (released 2012-03-15)
* Correctly report hw accelerated ciphers.

I also see the blog author you referenced interacting with the cryptodev author there in Feb, so upgrading would give us a good basepoint to jump in the dialog.

Any chance Kevin?

Also, we can reproduce the problem with just openssl, ie. bypassing openvpn, and navigating the prompts with defaults and password:

$this->bbcode_second_pass_code('', 'openssl genrsa -out privkey.pem 2048
openssl req -new -sha1 -x509 -key privkey.pem -out cacert.pem')

But can anyone confirm this is working for them with openssl without cryptodev?
ruidc
 
Posts: 31
Joined: Wed Mar 07, 2012 10:32 pm
Location: Switzerland

Re: Hardware Cryptography for Kirkwood

Postby moonman » Wed Mar 21, 2012 3:35 am

Funny that I went to build new package with cryptodev 1.4 and when it got the stage where it signs the package I got that error. :D

EDIT: @ruidc after installing plain openssl and unloading cryptodev module the command didn't fail.
Pogoplug V4 | GoFlex Home | Raspberry Pi 4 4GB | CuBox-i4 Pro | ClearFog | BeagleBone Black | Odroid U2 | Odroid C1 | Odroid XU4
-----------------------------------------------------------------------------------------------------------------------
[armv5] Updated U-Boot | [armv5] NAND Rescue System
moonman
Developer
 
Posts: 3388
Joined: Sat Jan 15, 2011 3:36 am

PreviousNext

Return to Community Guides

Who is online

Users browsing this forum: No registered users and 14 guests