New IT forum Follow us on Twitter
21 May 2012, 04:19:15 pm *
Welcome, Guest. Please login or register.
Did you miss your activation email?

Login with username, password and session length
News: EFIKA MX now in stock!
 
   Home   SHOP Help Search Login Register  
New IT forum > SheevaPlug > For beginners > Hardware supported Cryptography?
Pages: [1]
« previous next »
  Print  
Author Topic: Hardware supported Cryptography?  (Read 1283 times)
DanielSjoholm
Newbie
*
Posts: 10
« on: 21 December 2009, 10:37:39 am »
Hi, I'm trying to do full disk encryption with dm_crypt, but i suffer from terrible speeds - 5 mbps. This speed is what others have reported when it's not using hardware support (however nowhere they say how to turn on/off usage of it), and 10mbps when hardware support is activated.

I know the sheevaplug has a chip for handling cryptography in hardware, question is, how do i utilise it?

I'm running the rootfs from stock, but with a 2.6.32 kernel, with the config option for CESA enabled (and all ciphers enabled too).

/proc/crypto
Code:
name         : xts(aes)
driver       : xts(aes-generic)
module       : kernel
priority     : 100
refcnt       : 2
selftest     : passed
type         : givcipher
async        : yes
blocksize    : 16
min keysize  : 32
max keysize  : 64
ivsize       : 16
geniv        : chainiv

name         : xts(aes)
driver       : xts(aes-generic)
module       : xts
priority     : 100
refcnt       : 2
selftest     : passed
type         : blkcipher
blocksize    : 16
min keysize  : 32
max keysize  : 64
ivsize       : 16
geniv        : <default>

name         : cbc(aes)
driver       : mv-cbc-aes
module       : kernel
priority     : 300
refcnt       : 1
selftest     : passed
type         : ablkcipher
async        : yes
blocksize    : 16
min keysize  : 16
max keysize  : 32
ivsize       : 16
geniv        : <default>

name         : ecb(aes)
driver       : mv-ecb-aes
module       : kernel
priority     : 300
refcnt       : 1
selftest     : passed
type         : ablkcipher
async        : yes
blocksize    : 16
min keysize  : 16
max keysize  : 32
ivsize       : 0
geniv        : <default>

name         : stdrng
driver       : krng
module       : kernel
priority     : 200
refcnt       : 2
selftest     : passed
type         : rng
seedsize     : 0

name         : lzo
driver       : lzo-generic
module       : kernel
priority     : 0
refcnt       : 2
selftest     : passed
type         : compression

name         : crc32c
driver       : crc32c-generic
module       : kernel
priority     : 100
refcnt       : 2
selftest     : passed
type         : shash
blocksize    : 1
digestsize   : 4

name         : deflate
driver       : deflate-generic
module       : kernel
priority     : 0
refcnt       : 2
selftest     : passed
type         : compression

name         : arc4
driver       : arc4-generic
module       : kernel
priority     : 0
refcnt       : 1
selftest     : passed
type         : cipher
blocksize    : 1
min keysize  : 1
max keysize  : 256

name         : aes
driver       : aes-generic
module       : kernel
priority     : 100
refcnt       : 3
selftest     : passed
type         : cipher
blocksize    : 16
min keysize  : 16
max keysize  : 32

name         : des3_ede
driver       : des3_ede-generic
module       : kernel
priority     : 0
refcnt       : 1
selftest     : passed
type         : cipher
blocksize    : 8
min keysize  : 24
max keysize  : 24

name         : des
driver       : des-generic
module       : kernel
priority     : 0
refcnt       : 1
selftest     : passed
type         : cipher
blocksize    : 8
min keysize  : 8
max keysize  : 8

name         : md5
driver       : md5-generic
module       : kernel
priority     : 0
refcnt       : 1
selftest     : passed
type         : shash
blocksize    : 64
digestsize   : 16
Logged
NewIT_Marcus
Administrator
Hero Member
*****
Posts: 960
« Reply #1 on: 22 December 2009, 08:31:06 am »
Daniel -

Did you try asking at plugcomputer.org forum? If you receive no replies (and we don't have an answer to this right now) I can pass it "upstairs".
Logged
DanielSjoholm
Newbie
*
Posts: 10
« Reply #2 on: 22 December 2009, 02:45:52 pm »
I will try my luck there then and come back in a few weeks if i get no replies.
Logged
DanielSjoholm
Newbie
*
Posts: 10
« Reply #3 on: 23 December 2009, 11:19:27 am »
Turns out it is very easy to use the hardware support, albeit i only notice a 1.7mbps increase, i think cpu usage is lower than without.
To use hardware support you only need to use one of the supported ciphers, namely those that have a Driver: mv-*.
cbc-aes-essiv:sha256 yields a speed of 6.9 mb/sec with 70-80% cpu usage and 20% waiting.
The xts-aes-plain i was using before gives me 5.2 mb/sec with 100% cpu usage and almost 0% waiting.
This is for dm_crypt however, and apparently you cannot use it with openSSL or other tools yet, according to the plugcomputer forum.
Logged
NewIT_Marcus
Administrator
Hero Member
*****
Posts: 960
« Reply #4 on: 23 December 2009, 07:06:42 pm »
Daniel -

Thank you for investigating this.

Let's hope that by the time the next 10,000 Sheevaplugs are sold that it won't be quite such a struggle to make the most of such features.
Logged
Pages: [1]
  Print  
« previous next »
 
Jump to:  

Powered by MySQL Powered by PHP Powered by SMF 1.1.16 | SMF © 2011, Simple Machines Valid XHTML 1.0! Valid CSS!