[tor-bugs] #3374 [Torouter]: Torouter OS and configuration
Tor Bug Tracker & Wiki
torproject-admin at torproject.org
Sat Jun 11 16:01:44 UTC 2011
#3374: Torouter OS and configuration
----------------------+-----------------------------------------------------
Reporter: runa | Owner: runa
Type: task | Status: new
Priority: normal | Milestone:
Component: Torouter | Version:
Keywords: | Parent:
Points: | Actualpoints:
----------------------+-----------------------------------------------------
Comment(by jrenken):
Replying to [comment:15 cypherpunks]:
> Thanks to https://twitter.com/#!/jrenken for posting this:
http://pastebin.com/v0GhXyA2
>
> Here's a reality check for OpenSSL on the DreamPlug (from that
pastebin):
Turns out there's hardware crypto acceleration on the DreamPlug's Marvell
Kirkwood processor, via the mv_cesa Linux kernel module, but it's not
supported by OpenSSL without some patches. I updated my Pastebin with the
info below, having set it up thanks to the following posts:
{{{
http://www.altechnative.net/?p=174
http://www.newit.co.uk/forum/index.php?action=printpage;topic=2030.0
}}}
Here are the steps to make it work:
{{{
Assumptions and prerequisites:
- DreamPlug
- Debian Squeeze system
- GlobalScale stock (or other replacement-worthy) kernel
- build-essential, bzip2, devscripts, fakeroot & wget packages
- Boot partition (probably /dev/sda1) mounted on /boot
- Plenty of free space for sources
To get to this point, see:
http://code.google.com/p/dreamplug/downloads/list
Run as root (n.b. you are trusting plugapps.com):
wget --directory-prefix=/usr/src http://download.gna.org/cryptodev-linux
/cryptodev-linux-1.0.tar.gz
wget --directory-prefix=/usr/src
http://www.kernel.org/pub/linux/kernel/v2.6/linux-2.6.38.7.tar.bz2
wget --directory-prefix=/usr/src http://plugapps.com/mirror/with-
linux/2.6.38/2.6.38.7/sheeva-2.6.38.7-Modules.tar.gz
wget --directory-prefix=/boot http://plugapps.com/mirror/with-
linux/2.6.38/2.6.38.7/dream-2.6.38.7-uImage
wget --directory-prefix=/boot http://plugapps.com/mirror/with-
linux/2.6.38/2.6.38.7/dream-2.6.38.7.config
wget --directory-prefix=/boot http://plugapps.com/mirror/with-
linux/2.6.38/2.6.38.7/sheeva-2.6.38.7-System.map
tar -C / -x -v -z --no-same-owner --no-same-permissions -f
/usr/src/sheeva-2.6.38.7-Modules.tar.gz
depmod -eF /boot/sheeva-2.6.38.7-System.map 2.6.38.7
tar -C /usr/src -x -v -j --no-same-owner --no-same-permissions -f
/usr/src/linux-2.6.38.7.tar.bz2
cp /boot/dream-2.6.38.7.config /usr/src/linux-2.6.38.7/.config
tar -C /usr/src -x -v -z --no-same-owner --no-same-permissions -f /usr/src
/cryptodev-linux-1.0.tar.gz
Reboot. In U-Boot, from the serial/JTAG console:
setenv mainlineLinux yes
setenv arcNumber 2659
printenv
Use `setenv _ENV_ _VALUE_` to change "uImage" to "dream-2.6.38.7-uImage".
Now:
saveenv
reset
Let the system boot. Now, as root:
make -C /usr/src/linux-2.6.38.7 oldconfig
make -C /usr/src/linux-2.6.38.7 prepare
make -C /usr/src/linux-2.6.38.7
Watch for this output, near the top, and hit ^C once you've seen the
second line:
HOSTLD scripts/mod/modpost
HOSTCC scripts/kallsyms
(All you need from this potentially lengthy `make` is modpost.) Continue:
rm /lib/modules/2.6.38.7/build
rm /lib/modules/2.6.38.7/source
ln -s /usr/src/linux-2.6.38.7 /lib/modules/2.6.38.7/build
ln -s /usr/src/linux-2.6.38.7 /lib/modules/2.6.38.7/source
make -C /usr/src/cryptodev-linux-1.0 install
depmod -eF /boot/sheeva-2.6.38.7-System.map 2.6.38.7
modprobe cryptodev
apt-get source openssl
apt-get build-dep openssl
sed -i '/^CONFARGS/s|$| -DHAVE_CRYPTODEV -DUSE_CRYPTODEV_DIGESTS
-DHASH_MAX_LEN=64|' /usr/src/openssl-0.9.8o/debian/rules
sed -i '1i\\' /usr/src/openssl-0.9.8o/debian/changelog
sed -i '1i\ -- James Renken <jrenken at sandwich.net> Sat, 11 Jun 2011
01:13:00 -0400' /usr/src/openssl-0.9.8o/debian/changelog
sed -i '1i\\' /usr/src/openssl-0.9.8o/debian/changelog
sed -i '1i\ \ * Patched rules to compile with CRYPTODEV options'
/usr/src/openssl-0.9.8o/debian/changelog
sed -i '1i\\' /usr/src/openssl-0.9.8o/debian/changelog
sed -i '1iopenssl (0.9.8o-4squeeze1+cryptodev) stable; urgency=low'
/usr/src/openssl-0.9.8o/debian/changelog
cd /usr/src/openssl-0.9.8o ; debuild -us -uc -b
dpkg -i /usr/src/libssl0.9.8_0.9.8o-4squeeze1+cryptodev_armel.deb
/usr/src/openssl_0.9.8o-4squeeze1+cryptodev_armel.deb
}}}
Results:
{{{
# uname -a
Linux dreamplug 2.6.38.7 #1 PREEMPT Sun May 22 00:23:53 MDT 2011 armv5tel
GNU/Linux
# openssl engine
(dynamic) Dynamic engine loading support
(cryptodev) BSD cryptodev engine
# openssl speed -evp aes-128-cbc -engine cryptodev
engine "cryptodev" set.
Doing aes-128-cbc for 3s on 16 size blocks: 81432 aes-128-cbc's in 0.16s
Doing aes-128-cbc for 3s on 64 size blocks: 79173 aes-128-cbc's in 0.03s
Doing aes-128-cbc for 3s on 256 size blocks: 66949 aes-128-cbc's in 0.08s
Doing aes-128-cbc for 3s on 1024 size blocks: 40495 aes-128-cbc's in 0.03s
Doing aes-128-cbc for 3s on 8192 size blocks: 8300 aes-128-cbc's in 0.01s
OpenSSL 0.9.8o 01 Jun 2010
built on: Sat Jun 11 05:44:31 UTC 2011
options:bn(64,32) md2(int) rc4(ptr,int) des(idx,risc1,4,long) aes(partial)
blowfish(idx)
compiler: gcc -fPIC -DOPENSSL_PIC -DZLIB -DOPENSSL_THREADS -D_REENTRANT
-DDSO_DLFCN -DHAVE_DLFCN_H -DHAVE_CRYPTODEV -DUSE_CRYPTODEV_DIGESTS
-DHASH_MAX_LEN=64 -DL_ENDIAN -DTERMIO -O2 -Wa,--noexecstack -g -Wall
available timing options: TIMES TIMEB HZ=100 [sysconf value]
timing function used: times
The 'numbers' are in 1000s of bytes per second processed.
type 16 bytes 64 bytes 256 bytes 1024 bytes 8192
bytes
aes-128-cbc 8143.20k 168902.40k 214236.80k 1382229.33k
6799360.00k
}}}
As of 0.9.8o in Debian Squeeze, OpenSSL doesn't include /dev/crypto
acceleration support for AES192 or AES256 CBC, nor for SHA digests. There
are some older patches for this, but they don't apply cleanly to this
version.
{{{
http://repo.or.cz/w/cryptodev-linux.git/blob/HEAD:/extras/openssl-0.9.8l-
cryptodev-aes256.patch
http://people.freebsd.org/~pjd/patches/eng_cryptodev.c.patch
}}}
--
Ticket URL: <https://trac.torproject.org/projects/tor/ticket/3374#comment:19>
Tor Bug Tracker & Wiki <https://trac.torproject.org/>
The Tor Project: anonymity online
More information about the tor-bugs
mailing list