[tor-relays] hardware accelerated crypto

jason jason at piratar.is
Wed Oct 2 15:42:23 UTC 2013 

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

The pi doesn't have any as I'm aware of, I was looking into any and
all small boards that posses the marvell kirkwood chipset which is
supported by cryptodev module which openssl can be compiled to utilize.
The cheapest one seems to be the v2 pogoplug, which can be had for as
cheap as $20 USD off amazon.

here's some good info:
http://www.altechnative.net/2011/05/22/hardware-accelerated-ssl-on-marvell-kirkwood-arm-using-openssl-on-fedora/


Here's a brief overview of what I've tried to get working on my debian
squeeze pogoplug. http://forum.doozan.com/read.php?2,9619

Here's a good listing of common plug boards and which processors they
contain, including the pi: http://archlinuxarm.org/platforms

Perhaps if enough are interested we could form a small group to work
on this again. mail me directly if interested.

The output from the pogo 'openssl speed rsa' is as follows (keep in
mind this is WITHOUT cryptodev support enabled). If someone points me
to the appropriate place on the wiki I'll be happy to fill in the
required info.

Doing 512 bit private rsa's for 10s: 3906 512 bit private RSA's in 9.86s
Doing 512 bit public rsa's for 10s: 43400 512 bit public RSA's in
9.84s Doing 1024 bit private rsa's for 10s: 786 1024 bit private RSA's
in 9.87s
Doing 1024 bit public rsa's for 10s: 15983 1024 bit public RSA's in 9.86s
Doing 2048 bit private rsa's for 10s: 136 2048 bit private RSA's in 9.93s
Doing 2048 bit public rsa's for 10s: 5032 2048 bit public RSA's in 9.86s
Doing 4096 bit private rsa's for 10s: 22 4096 bit private RSA's in 10.32s
Doing 4096 bit public rsa's for 10s: 1479 4096 bit public RSA's in 9.85s
OpenSSL 1.0.1c 10 May 2012
built on: Sun Jul 29 13:43:04 UTC 2012
options:bn(64,32) rc4(ptr,char) des(idx,cisc,16,long) aes(partial)
blowfish(ptr)
compiler: gcc -fPIC -DOPENSSL_PIC -DZLIB -DOPENSSL_THREADS
- -D_REENTRANT -DDSO_DLFCN -DHAVE_DLFCN_H -DL_ENDIAN -DTERMIO -g -O2
- -fstack-protector --param=ssp-buffer-size=4 -Wformat
- -Werror=format-security -D_FORTIFY_SOURCE=2 -Wl,-z,relro
- -Wa,--noexecstack -Wall
                  sign    verify    sign/s verify/s
rsa  512 bits 0.002524s 0.000227s    396.1   4410.6
rsa 1024 bits 0.012557s 0.000617s     79.6   1621.0
rsa 2048 bits 0.073015s 0.001959s     13.7    510.3
rsa 4096 bits 0.469091s 0.006660s      2.1    150.2

- -J

On 10/02/2013 02:02 AM, Gordon Morehouse wrote:
> I'm interested if there are any hardware accelerators in either
> the Raspberry Pi (which needs all the help it can get) or the
> Cubieboard 2 (A20-based).
> 
> Best, -Gordon M.
> 
> 
> Joshua Datko:
>> I was looking into this for the BeagleBone black [1], which has 
>> on-chip accelerators for AES, SHA (1 I think), and md5.  The TI 
>> processor also has a HWRNG.  My belief was that by using the 
>> cryptodev kernel module [2] I could get this working, but I ran
>> in some issues building the kernel and then I was caught up in
>> other things.
> 
>> I'm not sure if my approach was flawed or what, but maybe it
>> helps someone here.
> 
>> Josh
> 
>> [1] http://datko.net/2013/09/22/quest_bbb_crypto/ [2] 
>> http://cryptodev-linux.org/
> 
>> On Tue, Oct 1, 2013 at 2:35 PM, jason <jason at piratar.is> wrote:
>> I would love to do all this actually but I never managed to get
>> the hw accelerated crypto (ssl/tls) bits working to experiment
>> with. I'd be up for restarting this if I knew I could consult
>> with one or two others who had a genuine interest in this.
>> -Jason
> 
>> On 10/01/2013 08:26 PM, Jeroen Massar wrote:
>>>>> On 2013-10-01 21:20, Andy Isaacson wrote:
>>>>>> On Tue, Oct 01, 2013 at 06:45:52PM +0000, jason wrote:
>>>>>>> I'm not sure why I missed this first post but I'm very 
>>>>>>> interested in working on this project with whomever is 
>>>>>>> interested. I  bought a pogoplug v2 specifically to
>>>>>>> test it's usefulness as a tor exit or relay.
>>>>>> 
>>>>>> First step is, run "openssl speed rsa" and post the
>>>>>> output to the list. While you're at it you may as well
>>>>>> post the AES and SHA results as well. Heck, just run the
>>>>>> whole "openssl speed" test (should take less than 20
>>>>>> minutes) and post the whole thing. :)
>>>>>> 
>>>>>> Also details on what CPU/RAM it has, and information
>>>>>> about the kernel and OpenSSL package you are testing,
>>>>>> would be useful. "dmesg" output and the contents of
>>>>>> /proc/cpuinfo may be helpful.
>>>>> 
>>>>> Maybe a good idea to put the output in the wiki somewhere?
>>>>> 
>>>>> Greets, Jeroen
>>>>> 
>>>>> _______________________________________________ tor-relays 
>>>>> mailing list tor-relays at lists.torproject.org 
>>>>> https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays
>>>>>
>
>>>>> 
>>>>> 
>>> _______________________________________________ tor-relays 
>>> mailing list tor-relays at lists.torproject.org 
>>> https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays
>>
>>> 
_______________________________________________ tor-relays mailing
>> list tor-relays at lists.torproject.org 
>> https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays
> 
> 
> _______________________________________________ tor-relays mailing
> list tor-relays at lists.torproject.org 
> https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays
> 

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.11 (GNU/Linux)
Comment: Using GnuPG with Thunderbird - http://www.enigmail.net/

iQIcBAEBAgAGBQJSTD7eAAoJEOXtwcWdKrpuUvcP+QEIiS3C4A8/MgyeYGIB90gT
zR+UhpGbRQiVwbio88TdIEJxJGGeY5Xpq/minsDiMZJp2YNEbLMDS2Qow7HYdhxi
/aqvM1YqS8sENRXcIbl2ypZJfIa41unK9kBUSa+BE2WbHyN0faYGx/mcsUgqmIjf
RwCaXIA6q5bHo4zisiHkMqia6s6JN51Ykrv1qZGuY8Ouh7na5bg2fMho0xwNyDLq
y1M1vnyxyGHQXU9rOSW88XulqUxESoMpmbrXVhbhWjScJCQm82d/Ojth9pTWzj6Z
5EkWbUmBWR3oTh7ulSJE7h6FVH+UdBplfrhx+RDglWZWE7EeM5W+ICxCfFwd78N1
1J5jyPs7oTa8foIz92z/GOQqRnjFqvzsmM1VZJOvmQv+cl1kwqIWRuGMRTGsjbE3
5KNJsTRe2dgLCRzwAp86qkFSDkaLi2Sno09Puaa1KOi91/Az/ZqNufcsxCqI0kOK
0t1dkx0pUGkjZkrYYLVgNKmO/M4/vofrihtONDuCTCitO5WI8AJcLi11wM7absuy
Wf74bp9Ukm/HvAzjtQ6xT98jc7DDpv7NGjTKUWGhGpdac3wDB+00uLk/ti3ot1yZ
uMyr19sJyBbUlb8LzkxvsJkXTmKTqbDzQ8KEHFd3h19o8Ia443FNUo9IssxLlTE4
eFlyR44AGM8Lzjz9AFkG
=c9JM
-----END PGP SIGNATURE-----

More information about the tor-relays mailing list