Several targets have received support for armv8-CE crypto algorithms on Saturday. Including bcm4908, layerscape armv8_64b, mvebu a53 and a72, octeontx, rockchip and sunxi a53.
I'm trying to get this to work on a Orange Pi Zero Plus (sunxi a53 target), but I can't get OpenSSL to work with it.
First of all, cat /proc/crypto
does show a difference. On a 22.03-rc1 build:
name : ghash
driver : ghash-generic
module : kernel
priority : 100
refcnt : 1
selftest : passed
internal : no
type : shash
blocksize : 16
digestsize : 16
name : crct10dif
driver : crct10dif-generic
module : kernel
priority : 100
refcnt : 2
selftest : passed
internal : no
type : shash
blocksize : 1
digestsize : 2
name : crc32
driver : crc32-generic
module : kernel
priority : 100
refcnt : 2
selftest : passed
internal : no
type : shash
blocksize : 1
digestsize : 4
name : crc32c
driver : crc32c-generic
module : kernel
priority : 100
refcnt : 2
selftest : passed
internal : no
type : shash
blocksize : 1
digestsize : 4
name : aes
driver : aes-generic
module : kernel
priority : 100
refcnt : 1
selftest : passed
internal : no
type : cipher
blocksize : 16
min keysize : 16
max keysize : 32
name : des3_ede
driver : des3_ede-generic
module : kernel
priority : 100
refcnt : 1
selftest : passed
internal : no
type : cipher
blocksize : 8
min keysize : 24
max keysize : 24
name : des
driver : des-generic
module : kernel
priority : 100
refcnt : 1
selftest : passed
internal : no
type : cipher
blocksize : 8
min keysize : 8
max keysize : 8
name : sha1
driver : sha1-generic
module : kernel
priority : 100
refcnt : 1
selftest : passed
internal : no
type : shash
blocksize : 64
digestsize : 20
name : md5
driver : md5-generic
module : kernel
priority : 0
refcnt : 1
selftest : passed
internal : no
type : shash
blocksize : 64
digestsize : 16
name : ecb(cipher_null)
driver : ecb-cipher_null
module : kernel
priority : 100
refcnt : 1
selftest : passed
internal : no
type : skcipher
async : no
blocksize : 1
min keysize : 0
max keysize : 0
ivsize : 0
chunksize : 1
walksize : 1
name : digest_null
driver : digest_null-generic
module : kernel
priority : 0
refcnt : 1
selftest : passed
internal : no
type : shash
blocksize : 1
digestsize : 0
name : compress_null
driver : compress_null-generic
module : kernel
priority : 0
refcnt : 1
selftest : passed
internal : no
type : compression
name : cipher_null
driver : cipher_null-generic
module : kernel
priority : 0
refcnt : 1
selftest : passed
internal : no
type : cipher
blocksize : 1
min keysize : 0
max keysize : 0
On today's snapshot:
name : xchacha12
driver : xchacha12-neon
module : chacha_neon
priority : 300
refcnt : 1
selftest : passed
internal : no
type : skcipher
async : no
blocksize : 1
min keysize : 32
max keysize : 32
ivsize : 32
chunksize : 64
walksize : 320
name : xchacha20
driver : xchacha20-neon
module : chacha_neon
priority : 300
refcnt : 1
selftest : passed
internal : no
type : skcipher
async : no
blocksize : 1
min keysize : 32
max keysize : 32
ivsize : 32
chunksize : 64
walksize : 320
name : chacha20
driver : chacha20-neon
module : chacha_neon
priority : 300
refcnt : 1
selftest : passed
internal : no
type : skcipher
async : no
blocksize : 1
min keysize : 32
max keysize : 32
ivsize : 16
chunksize : 64
walksize : 320
name : poly1305
driver : poly1305-neon
module : poly1305_neon
priority : 200
refcnt : 1
selftest : passed
internal : no
type : shash
blocksize : 16
digestsize : 16
name : aes
driver : aes-arm64
module : kernel
priority : 200
refcnt : 1
selftest : passed
internal : no
type : cipher
blocksize : 16
min keysize : 16
max keysize : 32
name : ccm(aes)
driver : ccm-aes-ce
module : kernel
priority : 300
refcnt : 1
selftest : passed
internal : no
type : aead
async : no
blocksize : 1
ivsize : 16
maxauthsize : 16
geniv : <none>
name : aes
driver : aes-ce
module : kernel
priority : 250
refcnt : 1
selftest : passed
internal : no
type : cipher
blocksize : 16
min keysize : 16
max keysize : 32
name : crct10dif
driver : crct10dif-arm64-ce
module : kernel
priority : 200
refcnt : 2
selftest : passed
internal : no
type : shash
blocksize : 1
digestsize : 2
name : crct10dif
driver : crct10dif-arm64-neon
module : kernel
priority : 100
refcnt : 1
selftest : passed
internal : no
type : shash
blocksize : 1
digestsize : 2
name : gcm(aes)
driver : gcm-aes-ce
module : kernel
priority : 300
refcnt : 1
selftest : passed
internal : no
type : aead
async : no
blocksize : 1
ivsize : 12
maxauthsize : 16
geniv : <none>
name : sha1
driver : sha1-ce
module : kernel
priority : 200
refcnt : 1
selftest : passed
internal : no
type : shash
blocksize : 64
digestsize : 20
name : ghash
driver : ghash-generic
module : kernel
priority : 100
refcnt : 1
selftest : passed
internal : no
type : shash
blocksize : 16
digestsize : 16
name : crct10dif
driver : crct10dif-generic
module : kernel
priority : 100
refcnt : 1
selftest : passed
internal : no
type : shash
blocksize : 1
digestsize : 2
name : crc32
driver : crc32-generic
module : kernel
priority : 100
refcnt : 1
selftest : passed
internal : no
type : shash
blocksize : 1
digestsize : 4
name : crc32c
driver : crc32c-generic
module : kernel
priority : 100
refcnt : 4
selftest : passed
internal : no
type : shash
blocksize : 1
digestsize : 4
name : aes
driver : aes-generic
module : kernel
priority : 100
refcnt : 1
selftest : passed
internal : no
type : cipher
blocksize : 16
min keysize : 16
max keysize : 32
name : des3_ede
driver : des3_ede-generic
module : kernel
priority : 100
refcnt : 1
selftest : passed
internal : no
type : cipher
blocksize : 8
min keysize : 24
max keysize : 24
name : des
driver : des-generic
module : kernel
priority : 100
refcnt : 1
selftest : passed
internal : no
type : cipher
blocksize : 8
min keysize : 8
max keysize : 8
name : sha1
driver : sha1-generic
module : kernel
priority : 100
refcnt : 1
selftest : passed
internal : no
type : shash
blocksize : 64
digestsize : 20
name : md5
driver : md5-generic
module : kernel
priority : 0
refcnt : 1
selftest : passed
internal : no
type : shash
blocksize : 64
digestsize : 16
name : ecb(cipher_null)
driver : ecb-cipher_null
module : kernel
priority : 100
refcnt : 1
selftest : passed
internal : no
type : skcipher
async : no
blocksize : 1
min keysize : 0
max keysize : 0
ivsize : 0
chunksize : 1
walksize : 1
name : digest_null
driver : digest_null-generic
module : kernel
priority : 0
refcnt : 1
selftest : passed
internal : no
type : shash
blocksize : 1
digestsize : 0
name : compress_null
driver : compress_null-generic
module : kernel
priority : 0
refcnt : 1
selftest : passed
internal : no
type : compression
name : cipher_null
driver : cipher_null-generic
module : kernel
priority : 0
refcnt : 1
selftest : passed
internal : no
type : cipher
blocksize : 1
min keysize : 0
max keysize : 0
Still, support is fairly limited but at least AES-CTR
and AES-GCM
should work...
I've created an image with the kmod-cryptodev
and libopenssl-devcrypto
packages, and edited the /etc/ssl/openssl.cnf
file according to the Wiki. (I should add that /etc/ssl/openssl.cnf
refers to /etc/ssl/engines.cnf.d/devcrypto.cnf
, I've tried both the wiki's guidance and this new file.)
But whatever I enter, openssl engine -pre DUMP_INFO devcrypto
gives the following output:
(devcrypto) /dev/crypto engine
Information about ciphers supported by the /dev/crypto engine:
Cipher DES-CBC, NID=31, /dev/crypto info: id=1, CIOCGSESSION (session open call) failed
Cipher DES-EDE3-CBC, NID=44, /dev/crypto info: id=2, CIOCGSESSION (session open call) failed
Cipher BF-CBC, NID=91, /dev/crypto info: id=3, CIOCGSESSION (session open call) failed
Cipher CAST5-CBC, NID=108, /dev/crypto info: id=4, CIOCGSESSION (session open call) failed
Cipher AES-128-CBC, NID=419, /dev/crypto info: id=11, CIOCGSESSION (session open call) failed
Cipher AES-192-CBC, NID=423, /dev/crypto info: id=11, CIOCGSESSION (session open call) failed
Cipher AES-256-CBC, NID=427, /dev/crypto info: id=11, CIOCGSESSION (session open call) failed
Cipher RC4, NID=5, /dev/crypto info: id=12, CIOCGSESSION (session open call) failed
Cipher AES-128-CTR, NID=904, /dev/crypto info: id=21, driver=ctr(aes-ce) (software)
Cipher AES-192-CTR, NID=905, /dev/crypto info: id=21, driver=ctr(aes-ce) (software)
Cipher AES-256-CTR, NID=906, /dev/crypto info: id=21, driver=ctr(aes-ce) (software)
Cipher AES-128-ECB, NID=418, /dev/crypto info: id=23, CIOCGSESSION (session open call) failed
Cipher AES-192-ECB, NID=422, /dev/crypto info: id=23, CIOCGSESSION (session open call) failed
Cipher AES-256-ECB, NID=426, /dev/crypto info: id=23, CIOCGSESSION (session open call) failed
Information about digests supported by the /dev/crypto engine:
Digest MD5, NID=4, /dev/crypto info: id=13, driver=md5-generic (software), CIOCCPHASH capable
Digest SHA1, NID=64, /dev/crypto info: id=14, driver=sha1-ce (software), CIOCCPHASH capable
Digest RIPEMD160, NID=117, /dev/crypto info: id=102, driver=unknown. CIOCGSESSION (session open) failed
Digest SHA224, NID=675, /dev/crypto info: id=103, driver=unknown. CIOCGSESSION (session open) failed
Digest SHA256, NID=672, /dev/crypto info: id=104, driver=unknown. CIOCGSESSION (session open) failed
Digest SHA384, NID=673, /dev/crypto info: id=105, driver=unknown. CIOCGSESSION (session open) failed
Digest SHA512, NID=674, /dev/crypto info: id=106, driver=unknown. CIOCGSESSION (session open) failed
[Success]: DUMP_INFO
So OpenSSL can't use any hardware-accelerated cipher... Also, any cipher I used in openssl speed
gives equal results whether I enable acceleration or not.
I'm not sure if I'm misconfiguring anything, or if the armv8-CE crypto algorithms just don't match with what OpenSSL is able to use?