Hardware Cryptography for Kirkwood

Guides written by the community, for the community, and only guides!

Re: Hardware Cryptography for Kirkwood

Postby ruidc » Fri Mar 23, 2012 8:59 am

Assuming that 1.0.1 is still breaking for someone, the cryptodev author has made some changes he'd like us to test:

https://mail.gna.org/public/cryptodev-l ... 00004.html

Can somebody with a source building environment give it a go?
ruidc
 
Posts: 31
Joined: Wed Mar 07, 2012 10:32 pm
Location: Switzerland

Re: Hardware Cryptography for Kirkwood

Postby kmihelich » Fri Mar 23, 2012 2:30 pm

FWIW, each time I have built the package, 'make test' passes here. It's being built on a GFN running the latest kernel with the cryptodev module loaded.
Arch Linux ARM exists and continues to grow through community support, please donate today!
kmihelich
Developer
 
Posts: 1133
Joined: Tue Jul 20, 2010 6:55 am
Location: aka leming #archlinuxarm

Re: Hardware Cryptography for Kirkwood

Postby ruidc » Fri Mar 23, 2012 4:29 pm

are you also able to test the openssl rsa key generation?:
$this->bbcode_second_pass_code('', '
openssl genrsa -out privkey.pem 2048
openssl req -new -sha1 -x509 -key privkey.pem -out cacert.pem
')
ruidc
 
Posts: 31
Joined: Wed Mar 07, 2012 10:32 pm
Location: Switzerland

Re: Hardware Cryptography for Kirkwood

Postby WarheadsSE » Fri Mar 23, 2012 5:44 pm

$this->bbcode_second_pass_code('', '[root@GFN ~]# pacman -S openssl-cryptodev
resolving dependencies...
looking for inter-conflicts...
:: openssl-cryptodev and openssl are in conflict. Remove openssl? [y/N] y

Targets (2): openssl-1.0.1-1 [removal] openssl-cryptodev-1.0.1-1

Total Download Size: 2.24 MiB
Total Installed Size: 9.12 MiB
Net Upgrade Size: 0.04 MiB

Proceed with installation? [Y/n] y
:: Retrieving packages from core...
openssl-cryptodev-1.0.1-1-arm 2.2 MiB 1259K/s 00:02 [################################] 100%
(1/1) checking package integrity [################################] 100%
(1/1) loading package files [################################] 100%
(1/1) checking for file conflicts [################################] 100%
(2/2) checking available disk space [################################] 100%
(1/1) removing openssl [################################] 100%
(1/1) installing openssl-cryptodev [################################] 100%
Optional dependencies for openssl-cryptodev
ca-certificates
[root@GFN ~]# cd tmp/cryptodev/
[root@GFN cryptodev]# openssl genrsa -out privkey.pem 2048
Generating RSA private key, 2048 bit long modulus
.......................................+++
.....+++
e is 65537 (0x10001)
[root@GFN cryptodev]# openssl req -new -sha1 -x509 -key privkey.pem -out cacert.pem
You are about to be asked to enter information that will be incorporated
into your certificate request.
What you are about to enter is what is called a Distinguished Name or a DN.
There are quite a few fields but you can leave some blank
For some fields there will be a default value,
If you enter '.', the field will be left blank.
-----
Country Name (2 letter code) [AU]:US
State or Province Name (full name) [Some-State]:-------
Locality Name (eg, city) []:-------
Organization Name (eg, company) [Internet Widgits Pty Ltd]:Arch Linux ARM
Organizational Unit Name (eg, section) []:WHSE
Common Name (e.g. server FQDN or YOUR name) []:whse.archlinuxarm.org
Email Address []:---@archlinuxarm.org
')
Core Developer
Remember: Arch Linux ARM is entirely community donation supported!
WarheadsSE
Developer
 
Posts: 6807
Joined: Mon Oct 18, 2010 2:12 pm

Re: Hardware Cryptography for Kirkwood

Postby kmihelich » Fri Mar 23, 2012 6:19 pm

Looks like I'm getting the same problem:
$this->bbcode_second_pass_code('', '1074128080:error:0606B06E:digital envelope routines:EVP_SignFinal:wrong public key type:p_sign.c:125:
1074128080:error:0D0C3006:asn1 encoding routines:ASN1_item_sign:EVP lib:a_sign.c:279:')
Arch Linux ARM exists and continues to grow through community support, please donate today!
kmihelich
Developer
 
Posts: 1133
Joined: Tue Jul 20, 2010 6:55 am
Location: aka leming #archlinuxarm

Re: Hardware Cryptography for Kirkwood

Postby kmihelich » Fri Mar 23, 2012 6:35 pm

Disregard that, I had the older 1.0.0h still installed. On 1.0.1 it works without issue.
$this->bbcode_second_pass_code('', 'root@americium:~/temp# lsmod
Module Size Used by
ipv6 254083 10
rmd160 7186 0
sha1_generic 1661 8
hmac 2387 0
blowfish 8374 0
mv_cesa 9021 8
cryptodev 30515 3
root@americium:~/temp# openssl genrsa -out privkey.pem 2048
Generating RSA private key, 2048 bit long modulus
.....................................................................................................................................................................................................................................+++
................................................+++
e is 65537 (0x10001)
root@americium:~/temp# openssl req -new -sha1 -x509 -key privkey.pem -out cacert.pem
You are about to be asked to enter information that will be incorporated
into your certificate request.
What you are about to enter is what is called a Distinguished Name or a DN.
There are quite a few fields but you can leave some blank
For some fields there will be a default value,
If you enter '.', the field will be left blank.
-----
Country Name (2 letter code) [AU]:
State or Province Name (full name) [Some-State]:
Locality Name (eg, city) []:
Organization Name (eg, company) [Internet Widgits Pty Ltd]:
Organizational Unit Name (eg, section) []:
Common Name (e.g. server FQDN or YOUR name) []:
Email Address []:
root@americium:~/temp#')
Arch Linux ARM exists and continues to grow through community support, please donate today!
kmihelich
Developer
 
Posts: 1133
Joined: Tue Jul 20, 2010 6:55 am
Location: aka leming #archlinuxarm

Re: Hardware Cryptography for Kirkwood

Postby ruidc » Sat Mar 24, 2012 7:17 pm

great stuff, 1.0.1 works for me on sheevaplug too, thx all
ruidc
 
Posts: 31
Joined: Wed Mar 07, 2012 10:32 pm
Location: Switzerland

Re: Hardware Cryptography for Kirkwood

Postby firefoxPL » Sun Mar 25, 2012 6:34 pm

Thats's great news, looks like my Pink pogoplug might get some attention back (for now I had everything setup on V3 with SATA), thanks kmihelich.
Pogo-P24 (new Pogoplug Classic) - ALARM on SATA (mediatomb, netatalk, avahi, time machine, swap, openvpn)
Pogo-E02 (v2 Pink) - ALARM on USB (netatalk, avahi, cryptodev-linux, getting ready for L2TP)
firefoxPL
 
Posts: 65
Joined: Thu Dec 08, 2011 1:49 pm

Re: Hardware Cryptography for Kirkwood

Postby jamesbarclay » Wed Mar 28, 2012 6:16 am

We are using the Debian build and kernel (2.6.33.6) from http://code.google.com/p/dreamplug/downloads/list
Now, we are VERY eager to get hardware crypto acceleration working!
As I have understood, as OpenSSL lacks an engine for MV_CESA (the Marvell AES hardware acceleration), I will have to apply kernel patches for OCF (OpenBSD Cryptographic Framework), to make a /dev/crypto device and then patch OpenSSL to use OCF through a cryptodev engine.
Kernel patching:
Code:

vpnserver:/usr/src/linux# patch -p1 < crypto/ocf/patches/linux-2.6.33-ocf.patch

But the kernel make fails building OCF kernel modules
Code:

LD crypto/ocf/built-in.o
CC [M] crypto/ocf/crypto.o
CC [M] crypto/ocf/criov.o
CC [M] crypto/ocf/random.o
CC [M] crypto/ocf/rndtest.o
LD [M] crypto/ocf/ocf.o
CC [M] crypto/ocf/cryptodev.o
CC [M] crypto/ocf/cryptosoft.o
CC [M] crypto/ocf/ocf-bench.o
LD crypto/ocf/kirkwood/built-in.o
CC [M] crypto/ocf/kirkwood/cesa/mvCesa.o
In file included from crypto/ocf/kirkwood/cesa/mvCesa.h:77,
from crypto/ocf/kirkwood/cesa/mvCesa.c:65:
crypto/ocf/kirkwood/mvHal/linux_oss/mvOs.h:34:28: error: linux/autoconf.h: No such file or directory
In file included from crypto/ocf/kirkwood/mvHal/kw_family/ctrlEnv/mvCtrlEnvSpec.h:69,
from crypto/ocf/kirkwood/cesa/mvCesa.h:81,
from crypto/ocf/kirkwood/cesa/mvCesa.c:65:
crypto/ocf/kirkwood/mvHal/mvSysHwConfig.h:34:48: error: ../../../../include/linux/autoconf.h: No such file or directory
make[3]: *** [crypto/ocf/kirkwood/cesa/mvCesa.o] Error 1
make[2]: *** [crypto/ocf/kirkwood] Error 2
make[1]: *** [crypto/ocf] Error 2
make: *** [crypto] Error 2


And OpenSSL 0.9.8n (the latest version where OCF patches exist) fails to patch.

Has anyone successfully built OCF kernel modules and OpenSSL with cryptodev engine? Can you share your code with me?

Thanks!!!
jamesbarclay
 
Posts: 1
Joined: Wed Mar 28, 2012 6:12 am

Re: Hardware Cryptography for Kirkwood

Postby WarheadsSE » Wed Mar 28, 2012 12:25 pm

@jamesbarclay
It looks like you need the linux header files.
Core Developer
Remember: Arch Linux ARM is entirely community donation supported!
WarheadsSE
Developer
 
Posts: 6807
Joined: Mon Oct 18, 2010 2:12 pm

PreviousNext

Return to Community Guides

Who is online

Users browsing this forum: No registered users and 1 guest