AES-NI and Intel I210-AT support

Hi! I was thinking about purchasing a mini pc to use it as my Router / OpenVPN client (PIA)

I want to know if the following things are supported in OpenWRT x86

  1. AES-NI acceleration for OpenVPN client
  2. Intel I210-AT lan card driver

Links:

  1. https://www.aliexpress.com/item/Minisys-New-NUC-Mini-PC-Celeron-J3160-Quad-Core-4-Intel-i210AT-Nic-X86-Computer-Soft/32891699351.html
  2. https://ark.intel.com/products/64400/Intel-Ethernet-Controller-I210-AT
  1. https://en.wikipedia.org/wiki/AES_instruction_set#Supporting_software
  2. Search for compatiable driver here: https://openwrt.org/packages/table/start?dataflt[Description_wiki*~]=intel

I hope I am not hijacking this thread.
But how can one check that AES-NI is available to and beeing used by the system?

https://openwrt.org/docs/techref/hardware/cryptographic.hardware.accelerators
"When the acceleration is not in the instruction set of the CPU, it is supported via a kernel driver (/dev/crypto or AF_ALG socket). "

If have this CPU in my x86 router, which supports AES-NI.
https://ark.intel.com/content/www/us/en/ark/products/91533/intel-celeron-processor-j3160-2m-cache-up-to-2-24-ghz.html

Both ways result to a /dev/crypto device which can be used by userspace crypto applications (e.g., the ones that utilize openssl or gnutls).

This means (since it's an Intel) - that it's in your instruction set.

  • So...do you see /dev/crypto ?
  • What does the command cat /proc/crypto show?

Also see:
https://openwrt.org/docs/techref/hardware/cryptographic.hardware.accelerators#finding_out_what_s_available_in_the_kernel

root@OPENWRT-ROUTER:~# cat /dev/crypto
cat: can't open '/dev/crypto': No such file or directory
/proc/crypto
root@OPENWRT-ROUTER:~# cat /proc/crypto
name         : xts(aes)
driver       : xts-aes-aesni
module       : kernel
priority     : 401
refcnt       : 1
selftest     : passed
internal     : no
type         : skcipher
async        : yes
blocksize    : 16
min keysize  : 32
max keysize  : 64
ivsize       : 16
chunksize    : 16
walksize     : 16

name         : ctr(aes)
driver       : ctr-aes-aesni
module       : kernel
priority     : 400
refcnt       : 1
selftest     : passed
internal     : no
type         : skcipher
async        : yes
blocksize    : 1
min keysize  : 16
max keysize  : 32
ivsize       : 16
chunksize    : 16
walksize     : 16

name         : cbc(aes)
driver       : cbc-aes-aesni
module       : kernel
priority     : 400
refcnt       : 1
selftest     : passed
internal     : no
type         : skcipher
async        : yes
blocksize    : 16
min keysize  : 16
max keysize  : 32
ivsize       : 16
chunksize    : 16
walksize     : 16

name         : ecb(aes)
driver       : ecb-aes-aesni
module       : kernel
priority     : 400
refcnt       : 1
selftest     : passed
internal     : no
type         : skcipher
async        : yes
blocksize    : 16
min keysize  : 16
max keysize  : 32
ivsize       : 0
chunksize    : 16
walksize     : 16

name         : gcm(aes)
driver       : generic-gcm-aesni
module       : kernel
priority     : 400
refcnt       : 1
selftest     : passed
internal     : no
type         : aead
async        : yes
blocksize    : 1
ivsize       : 12
maxauthsize  : 16
geniv        : <none>

name         : __generic-gcm-aes-aesni
driver       : __driver-generic-gcm-aes-aesni
module       : kernel
priority     : 0
refcnt       : 1
selftest     : passed
internal     : yes
type         : aead
async        : no
blocksize    : 1
ivsize       : 12
maxauthsize  : 16
geniv        : <none>

name         : rfc4106(gcm(aes))
driver       : rfc4106-gcm-aesni
module       : kernel
priority     : 400
refcnt       : 1
selftest     : passed
internal     : no
type         : aead
async        : yes
blocksize    : 1
ivsize       : 8
maxauthsize  : 16
geniv        : <none>

name         : __gcm-aes-aesni
driver       : __driver-gcm-aes-aesni
module       : kernel
priority     : 0
refcnt       : 1
selftest     : passed
internal     : yes
type         : aead
async        : no
blocksize    : 1
ivsize       : 8
maxauthsize  : 16
geniv        : <none>

name         : __xts(aes)
driver       : __xts-aes-aesni
module       : kernel
priority     : 401
refcnt       : 1
selftest     : passed
internal     : yes
type         : skcipher
async        : no
blocksize    : 16
min keysize  : 32
max keysize  : 64
ivsize       : 16
chunksize    : 16
walksize     : 16

name         : __ctr(aes)
driver       : __ctr-aes-aesni
module       : kernel
priority     : 400
refcnt       : 1
selftest     : passed
internal     : yes
type         : skcipher
async        : no
blocksize    : 1
min keysize  : 16
max keysize  : 32
ivsize       : 16
chunksize    : 16
walksize     : 16

name         : __cbc(aes)
driver       : __cbc-aes-aesni
module       : kernel
priority     : 400
refcnt       : 1
selftest     : passed
internal     : yes
type         : skcipher
async        : no
blocksize    : 16
min keysize  : 16
max keysize  : 32
ivsize       : 16
chunksize    : 16
walksize     : 16

name         : __ecb(aes)
driver       : __ecb-aes-aesni
module       : kernel
priority     : 400
refcnt       : 1
selftest     : passed
internal     : yes
type         : skcipher
async        : no
blocksize    : 16
min keysize  : 16
max keysize  : 32
ivsize       : 0
chunksize    : 16
walksize     : 16

name         : __aes
driver       : __aes-aesni
module       : kernel
priority     : 300
refcnt       : 1
selftest     : passed
internal     : yes
type         : cipher
blocksize    : 16
min keysize  : 16
max keysize  : 32

name         : aes
driver       : aes-aesni
module       : kernel
priority     : 300
refcnt       : 2
selftest     : passed
internal     : no
type         : cipher
blocksize    : 16
min keysize  : 16
max keysize  : 32

name         : crct10dif
driver       : crct10dif-generic
module       : kernel
priority     : 100
refcnt       : 2
selftest     : passed
internal     : no
type         : shash
blocksize    : 1
digestsize   : 2

name         : crc32
driver       : crc32-generic
module       : kernel
priority     : 100
refcnt       : 1
selftest     : passed
internal     : no
type         : shash
blocksize    : 1
digestsize   : 4

name         : crc32c
driver       : crc32c-generic
module       : kernel
priority     : 100
refcnt       : 3
selftest     : passed
internal     : no
type         : shash
blocksize    : 1
digestsize   : 4

name         : ecb(arc4)
driver       : ecb(arc4)-generic
module       : kernel
priority     : 100
refcnt       : 1
selftest     : passed
internal     : no
type         : blkcipher
blocksize    : 1
min keysize  : 1
max keysize  : 256
ivsize       : 0
geniv        : <default>

name         : arc4
driver       : arc4-generic
module       : kernel
priority     : 0
refcnt       : 1
selftest     : passed
internal     : no
type         : cipher
blocksize    : 1
min keysize  : 1
max keysize  : 256

name         : aes
driver       : aes-generic
module       : kernel
priority     : 100
refcnt       : 1
selftest     : passed
internal     : no
type         : cipher
blocksize    : 16
min keysize  : 16
max keysize  : 32

name         : digest_null
driver       : digest_null-generic
module       : kernel
priority     : 0
refcnt       : 1
selftest     : passed
internal     : no
type         : shash
blocksize    : 1
digestsize   : 0

name         : compress_null
driver       : compress_null-generic
module       : kernel
priority     : 0
refcnt       : 1
selftest     : passed
internal     : no
type         : compression

name         : ecb(cipher_null)
driver       : ecb-cipher_null
module       : kernel
priority     : 100
refcnt       : 1
selftest     : passed
internal     : no
type         : blkcipher
blocksize    : 1
min keysize  : 0
max keysize  : 0
ivsize       : 0
geniv        : <default>

name         : cipher_null
driver       : cipher_null-generic
module       : kernel
priority     : 0
refcnt       : 1
selftest     : passed
internal     : no
type         : cipher
blocksize    : 1
min keysize  : 0
max keysize  : 0

name         : aes
driver       : aes-asm
module       : kernel
priority     : 200
refcnt       : 1
selftest     : passed
internal     : no
type         : cipher
blocksize    : 16
min keysize  : 16
max keysize  : 32
1 Like

As you can see, your crypto is loaded.

So no need to do anything more on my side?
OpenWrt will handle everything?

  • Of course not, it's there already
  • Not sure what "everything" entails; but as you can see - the crypto support is enabled already...so anything that needs it should work

Hope this helps.

Also, the datasheet says it may have a Digital Random Number Generator, you may wish to setup rng-tools as well.

1 Like