Hi! I was thinking about purchasing a mini pc to use it as my Router / OpenVPN client (PIA)
I want to know if the following things are supported in OpenWRT x86
- AES-NI acceleration for OpenVPN client
- Intel I210-AT lan card driver
Links:
- https://en.wikipedia.org/wiki/AES_instruction_set#Supporting_software
- Search for compatiable driver here: https://openwrt.org/packages/table/start?dataflt[Description_wiki*~]=intel
I hope I am not hijacking this thread.
But how can one check that AES-NI is available to and beeing used by the system?
https://openwrt.org/docs/techref/hardware/cryptographic.hardware.accelerators
"When the acceleration is not in the instruction set of the CPU, it is supported via a kernel driver (/dev/crypto or AF_ALG socket). "
If have this CPU in my x86 router, which supports AES-NI.
https://ark.intel.com/content/www/us/en/ark/products/91533/intel-celeron-processor-j3160-2m-cache-up-to-2-24-ghz.html
- Did you see the "Enabling" section of the Wiki page you posted: https://openwrt.org/docs/techref/hardware/cryptographic.hardware.accelerators#enablingdevcrypto
- Otherwise, below the same quote you posted - is the answer:
Both ways result to a /dev/crypto device which can be used by userspace crypto applications (e.g., the ones that utilize openssl or gnutls).
This means (since it's an Intel) - that it's in your instruction set.
- So...do you see /dev/crypto ?
- What does the command
cat /proc/cryptoshow?
Also see:
root@OPENWRT-ROUTER:~# cat /dev/crypto
cat: can't open '/dev/crypto': No such file or directory
/proc/crypto
root@OPENWRT-ROUTER:~# cat /proc/crypto
name : xts(aes)
driver : xts-aes-aesni
module : kernel
priority : 401
refcnt : 1
selftest : passed
internal : no
type : skcipher
async : yes
blocksize : 16
min keysize : 32
max keysize : 64
ivsize : 16
chunksize : 16
walksize : 16
name : ctr(aes)
driver : ctr-aes-aesni
module : kernel
priority : 400
refcnt : 1
selftest : passed
internal : no
type : skcipher
async : yes
blocksize : 1
min keysize : 16
max keysize : 32
ivsize : 16
chunksize : 16
walksize : 16
name : cbc(aes)
driver : cbc-aes-aesni
module : kernel
priority : 400
refcnt : 1
selftest : passed
internal : no
type : skcipher
async : yes
blocksize : 16
min keysize : 16
max keysize : 32
ivsize : 16
chunksize : 16
walksize : 16
name : ecb(aes)
driver : ecb-aes-aesni
module : kernel
priority : 400
refcnt : 1
selftest : passed
internal : no
type : skcipher
async : yes
blocksize : 16
min keysize : 16
max keysize : 32
ivsize : 0
chunksize : 16
walksize : 16
name : gcm(aes)
driver : generic-gcm-aesni
module : kernel
priority : 400
refcnt : 1
selftest : passed
internal : no
type : aead
async : yes
blocksize : 1
ivsize : 12
maxauthsize : 16
geniv : <none>
name : __generic-gcm-aes-aesni
driver : __driver-generic-gcm-aes-aesni
module : kernel
priority : 0
refcnt : 1
selftest : passed
internal : yes
type : aead
async : no
blocksize : 1
ivsize : 12
maxauthsize : 16
geniv : <none>
name : rfc4106(gcm(aes))
driver : rfc4106-gcm-aesni
module : kernel
priority : 400
refcnt : 1
selftest : passed
internal : no
type : aead
async : yes
blocksize : 1
ivsize : 8
maxauthsize : 16
geniv : <none>
name : __gcm-aes-aesni
driver : __driver-gcm-aes-aesni
module : kernel
priority : 0
refcnt : 1
selftest : passed
internal : yes
type : aead
async : no
blocksize : 1
ivsize : 8
maxauthsize : 16
geniv : <none>
name : __xts(aes)
driver : __xts-aes-aesni
module : kernel
priority : 401
refcnt : 1
selftest : passed
internal : yes
type : skcipher
async : no
blocksize : 16
min keysize : 32
max keysize : 64
ivsize : 16
chunksize : 16
walksize : 16
name : __ctr(aes)
driver : __ctr-aes-aesni
module : kernel
priority : 400
refcnt : 1
selftest : passed
internal : yes
type : skcipher
async : no
blocksize : 1
min keysize : 16
max keysize : 32
ivsize : 16
chunksize : 16
walksize : 16
name : __cbc(aes)
driver : __cbc-aes-aesni
module : kernel
priority : 400
refcnt : 1
selftest : passed
internal : yes
type : skcipher
async : no
blocksize : 16
min keysize : 16
max keysize : 32
ivsize : 16
chunksize : 16
walksize : 16
name : __ecb(aes)
driver : __ecb-aes-aesni
module : kernel
priority : 400
refcnt : 1
selftest : passed
internal : yes
type : skcipher
async : no
blocksize : 16
min keysize : 16
max keysize : 32
ivsize : 0
chunksize : 16
walksize : 16
name : __aes
driver : __aes-aesni
module : kernel
priority : 300
refcnt : 1
selftest : passed
internal : yes
type : cipher
blocksize : 16
min keysize : 16
max keysize : 32
name : aes
driver : aes-aesni
module : kernel
priority : 300
refcnt : 2
selftest : passed
internal : no
type : cipher
blocksize : 16
min keysize : 16
max keysize : 32
name : crct10dif
driver : crct10dif-generic
module : kernel
priority : 100
refcnt : 2
selftest : passed
internal : no
type : shash
blocksize : 1
digestsize : 2
name : crc32
driver : crc32-generic
module : kernel
priority : 100
refcnt : 1
selftest : passed
internal : no
type : shash
blocksize : 1
digestsize : 4
name : crc32c
driver : crc32c-generic
module : kernel
priority : 100
refcnt : 3
selftest : passed
internal : no
type : shash
blocksize : 1
digestsize : 4
name : ecb(arc4)
driver : ecb(arc4)-generic
module : kernel
priority : 100
refcnt : 1
selftest : passed
internal : no
type : blkcipher
blocksize : 1
min keysize : 1
max keysize : 256
ivsize : 0
geniv : <default>
name : arc4
driver : arc4-generic
module : kernel
priority : 0
refcnt : 1
selftest : passed
internal : no
type : cipher
blocksize : 1
min keysize : 1
max keysize : 256
name : aes
driver : aes-generic
module : kernel
priority : 100
refcnt : 1
selftest : passed
internal : no
type : cipher
blocksize : 16
min keysize : 16
max keysize : 32
name : digest_null
driver : digest_null-generic
module : kernel
priority : 0
refcnt : 1
selftest : passed
internal : no
type : shash
blocksize : 1
digestsize : 0
name : compress_null
driver : compress_null-generic
module : kernel
priority : 0
refcnt : 1
selftest : passed
internal : no
type : compression
name : ecb(cipher_null)
driver : ecb-cipher_null
module : kernel
priority : 100
refcnt : 1
selftest : passed
internal : no
type : blkcipher
blocksize : 1
min keysize : 0
max keysize : 0
ivsize : 0
geniv : <default>
name : cipher_null
driver : cipher_null-generic
module : kernel
priority : 0
refcnt : 1
selftest : passed
internal : no
type : cipher
blocksize : 1
min keysize : 0
max keysize : 0
name : aes
driver : aes-asm
module : kernel
priority : 200
refcnt : 1
selftest : passed
internal : no
type : cipher
blocksize : 16
min keysize : 16
max keysize : 32
1 Like
As you can see, your crypto is loaded.
So no need to do anything more on my side?
OpenWrt will handle everything?
- Of course not, it's there already
- Not sure what "everything" entails; but as you can see - the crypto support is enabled already...so anything that needs it should work
Hope this helps.
Also, the datasheet says it may have a Digital Random Number Generator, you may wish to setup rng-tools as well.
1 Like