c512l
March 24, 2024, 9:16pm
1
I will limit the explantion by just referring to the Kconfig help text, but to summarize, this would allow fairly fast external storage encryption on devices with no hardware available for accelerating AES (which a lot of OpenWrt devices could benefit from).
https://cateee.net/lkddb/web-lkddb/CRYPTO_ADIANTUM.html
https://cateee.net/lkddb/web-lkddb/CRYPTO_NHPOLY1305.html
There is also hardware acceleration for nhpoly1305 for aarch64 and x86:
https://cateee.net/lkddb/web-lkddb/CRYPTO_NHPOLY1305_NEON.html
https://cateee.net/lkddb/web-lkddb/CRYPTO_NHPOLY1305_SSE2.html
https://cateee.net/lkddb/web-lkddb/CRYPTO_NHPOLY1305_AVX2.html
I took the time to make a little benchmark for comparison on a Raspberry Pi 4B with a Fedora Server and the results look promising.
maurer
March 28, 2024, 7:30am
2
hi @c512l could you please open an issue on github and cc me (@maurerr
there) as I'd be interested in working on this
c512l
March 28, 2024, 11:20am
3
sure, but isn't this the proper communication channel for working on this? seems like the github issue tracker is used for bugs only.
maurer
March 28, 2024, 11:24am
4
missing some kernel features could be considered a bug as well
1 Like
c512l
March 28, 2024, 11:55am
5
I have opened an issue and CC'd you as you suggested :
opened 11:48AM - 28 Mar 24 UTC
bug
### Describe the bug
Kernel is not compiled/packaged as kmods with adiantum nor… nhpoly1305 support, which could be uses to speed up disk encryption on devices without cryptographic hardware instructions and for mounting luks formatted devices using it.
@maurerr mentioned he is interested in working on it
### OpenWrt version
r23809-234f1a2efa
### OpenWrt release
23.05.3
### OpenWrt target/subtarget
Not relevant
### Device
Not relevant
### Image kind
Official downloaded image
### Steps to reproduce
Install cryptsetup
Try to use `cryptsetup` with `--cipher=xchacha20,aes-adiantum-plain64` or `--cipher=xchacha20,aes-adiantum-plain64`
### Actual behaviour
cryptsetup fails and openwrt is unable to use those disk encryption settings
### Expected behaviour
Cryptsetup works and allows the usage of xchacha20,aes-adiantum-plain64 and xchacha12,aes-adiantum-plain64
### Additional info
Relevant Kconfig settings are:
CONFIG_CRYPTO_ADIANTUM
CONFIG_CRYPTO_NHPOLY1305
Hardware accelerated implementations:
CONFIG_CRYPTO_NHPOLY1305_NEON
CONFIG_CRYPTO_NHPOLY1305_SSE2
CONFIG_CRYPTO_NHPOLY1305_AVX2
### Diffconfig
_No response_
### Terms
- [X] I am reporting an issue for OpenWrt, not an unsupported fork.
1 Like
You'll need to keep track of it, since there are/will be counter questions.
maurer
April 1, 2024, 2:25pm
7
1 Like