[tor-bugs] #3374 [Torouter]: Torouter OS and configuration

Tor Bug Tracker & Wiki torproject-admin at torproject.org
Sat Jun 11 16:01:44 UTC 2011


#3374: Torouter OS and configuration
----------------------+-----------------------------------------------------
 Reporter:  runa      |          Owner:  runa
     Type:  task      |         Status:  new 
 Priority:  normal    |      Milestone:      
Component:  Torouter  |        Version:      
 Keywords:            |         Parent:      
   Points:            |   Actualpoints:      
----------------------+-----------------------------------------------------

Comment(by jrenken):

 Replying to [comment:15 cypherpunks]:
 > Thanks to https://twitter.com/#!/jrenken for posting this:
 http://pastebin.com/v0GhXyA2
 >
 > Here's a reality check for OpenSSL on the DreamPlug (from that
 pastebin):

 Turns out there's hardware crypto acceleration on the DreamPlug's Marvell
 Kirkwood processor, via the mv_cesa Linux kernel module, but it's not
 supported by OpenSSL without some patches. I updated my Pastebin with the
 info below, having set it up thanks to the following posts:

 {{{
 http://www.altechnative.net/?p=174
 http://www.newit.co.uk/forum/index.php?action=printpage;topic=2030.0
 }}}

 Here are the steps to make it work:

 {{{
 Assumptions and prerequisites:

 - DreamPlug
 - Debian Squeeze system
 - GlobalScale stock (or other replacement-worthy) kernel
 - build-essential, bzip2, devscripts, fakeroot & wget packages
 - Boot partition (probably /dev/sda1) mounted on /boot
 - Plenty of free space for sources

 To get to this point, see:
 http://code.google.com/p/dreamplug/downloads/list

 Run as root (n.b. you are trusting plugapps.com):

 wget --directory-prefix=/usr/src http://download.gna.org/cryptodev-linux
 /cryptodev-linux-1.0.tar.gz
 wget --directory-prefix=/usr/src
 http://www.kernel.org/pub/linux/kernel/v2.6/linux-2.6.38.7.tar.bz2
 wget --directory-prefix=/usr/src http://plugapps.com/mirror/with-
 linux/2.6.38/2.6.38.7/sheeva-2.6.38.7-Modules.tar.gz
 wget --directory-prefix=/boot http://plugapps.com/mirror/with-
 linux/2.6.38/2.6.38.7/dream-2.6.38.7-uImage
 wget --directory-prefix=/boot http://plugapps.com/mirror/with-
 linux/2.6.38/2.6.38.7/dream-2.6.38.7.config
 wget --directory-prefix=/boot http://plugapps.com/mirror/with-
 linux/2.6.38/2.6.38.7/sheeva-2.6.38.7-System.map
 tar -C / -x -v -z --no-same-owner --no-same-permissions -f
 /usr/src/sheeva-2.6.38.7-Modules.tar.gz
 depmod -eF /boot/sheeva-2.6.38.7-System.map 2.6.38.7
 tar -C /usr/src -x -v -j --no-same-owner --no-same-permissions -f
 /usr/src/linux-2.6.38.7.tar.bz2
 cp /boot/dream-2.6.38.7.config /usr/src/linux-2.6.38.7/.config
 tar -C /usr/src -x -v -z --no-same-owner --no-same-permissions -f /usr/src
 /cryptodev-linux-1.0.tar.gz

 Reboot. In U-Boot, from the serial/JTAG console:

 setenv mainlineLinux yes
 setenv arcNumber 2659
 printenv

 Use `setenv _ENV_ _VALUE_` to change "uImage" to "dream-2.6.38.7-uImage".
 Now:

 saveenv
 reset

 Let the system boot. Now, as root:

 make -C /usr/src/linux-2.6.38.7 oldconfig
 make -C /usr/src/linux-2.6.38.7 prepare
 make -C /usr/src/linux-2.6.38.7

 Watch for this output, near the top, and hit ^C once you've seen the
 second line:
   HOSTLD  scripts/mod/modpost
   HOSTCC  scripts/kallsyms
 (All you need from this potentially lengthy `make` is modpost.) Continue:

 rm /lib/modules/2.6.38.7/build
 rm /lib/modules/2.6.38.7/source
 ln -s /usr/src/linux-2.6.38.7 /lib/modules/2.6.38.7/build
 ln -s /usr/src/linux-2.6.38.7 /lib/modules/2.6.38.7/source
 make -C /usr/src/cryptodev-linux-1.0 install
 depmod -eF /boot/sheeva-2.6.38.7-System.map 2.6.38.7
 modprobe cryptodev

 apt-get source openssl
 apt-get build-dep openssl
 sed -i '/^CONFARGS/s|$| -DHAVE_CRYPTODEV -DUSE_CRYPTODEV_DIGESTS
 -DHASH_MAX_LEN=64|' /usr/src/openssl-0.9.8o/debian/rules
 sed -i '1i\\' /usr/src/openssl-0.9.8o/debian/changelog
 sed -i '1i\ -- James Renken <jrenken at sandwich.net>  Sat, 11 Jun 2011
 01:13:00 -0400' /usr/src/openssl-0.9.8o/debian/changelog
 sed -i '1i\\' /usr/src/openssl-0.9.8o/debian/changelog
 sed -i '1i\ \ * Patched rules to compile with CRYPTODEV options'
 /usr/src/openssl-0.9.8o/debian/changelog
 sed -i '1i\\' /usr/src/openssl-0.9.8o/debian/changelog
 sed -i '1iopenssl (0.9.8o-4squeeze1+cryptodev) stable; urgency=low'
 /usr/src/openssl-0.9.8o/debian/changelog
 cd /usr/src/openssl-0.9.8o ; debuild -us -uc -b
 dpkg -i /usr/src/libssl0.9.8_0.9.8o-4squeeze1+cryptodev_armel.deb
 /usr/src/openssl_0.9.8o-4squeeze1+cryptodev_armel.deb
 }}}

 Results:

 {{{
 # uname -a
 Linux dreamplug 2.6.38.7 #1 PREEMPT Sun May 22 00:23:53 MDT 2011 armv5tel
 GNU/Linux

 # openssl engine
 (dynamic) Dynamic engine loading support
 (cryptodev) BSD cryptodev engine

 # openssl speed -evp aes-128-cbc -engine cryptodev
 engine "cryptodev" set.
 Doing aes-128-cbc for 3s on 16 size blocks: 81432 aes-128-cbc's in 0.16s
 Doing aes-128-cbc for 3s on 64 size blocks: 79173 aes-128-cbc's in 0.03s
 Doing aes-128-cbc for 3s on 256 size blocks: 66949 aes-128-cbc's in 0.08s
 Doing aes-128-cbc for 3s on 1024 size blocks: 40495 aes-128-cbc's in 0.03s
 Doing aes-128-cbc for 3s on 8192 size blocks: 8300 aes-128-cbc's in 0.01s
 OpenSSL 0.9.8o 01 Jun 2010
 built on: Sat Jun 11 05:44:31 UTC 2011
 options:bn(64,32) md2(int) rc4(ptr,int) des(idx,risc1,4,long) aes(partial)
 blowfish(idx)
 compiler: gcc -fPIC -DOPENSSL_PIC -DZLIB -DOPENSSL_THREADS -D_REENTRANT
 -DDSO_DLFCN -DHAVE_DLFCN_H -DHAVE_CRYPTODEV -DUSE_CRYPTODEV_DIGESTS
 -DHASH_MAX_LEN=64 -DL_ENDIAN -DTERMIO -O2 -Wa,--noexecstack -g -Wall
 available timing options: TIMES TIMEB HZ=100 [sysconf value]
 timing function used: times
 The 'numbers' are in 1000s of bytes per second processed.
 type             16 bytes     64 bytes    256 bytes   1024 bytes   8192
 bytes
 aes-128-cbc       8143.20k   168902.40k   214236.80k  1382229.33k
 6799360.00k
 }}}

 As of 0.9.8o in Debian Squeeze, OpenSSL doesn't include /dev/crypto
 acceleration support for AES192 or AES256 CBC, nor for SHA digests. There
 are some older patches for this, but they don't apply cleanly to this
 version.

 {{{
 http://repo.or.cz/w/cryptodev-linux.git/blob/HEAD:/extras/openssl-0.9.8l-
 cryptodev-aes256.patch
 http://people.freebsd.org/~pjd/patches/eng_cryptodev.c.patch
 }}}

-- 
Ticket URL: <https://trac.torproject.org/projects/tor/ticket/3374#comment:19>
Tor Bug Tracker & Wiki <https://trac.torproject.org/>
The Tor Project: anonymity online


More information about the tor-bugs mailing list