Joined: 07 Apr 2018 Posts: 66 Location: Calgary, AB Canada
Posted: Wed Apr 11, 2018 19:11 Post subject: AES-NI Acceleration support for WRT Series Inquiry.
Greetings,
I posted this in the general forum but was directed to post here instead for a likely faster and more informed response.
I would like to know if any of the WRT line of Routers Support Encryption Acceleration.
Specifically:
WRT1900ACv2/WRT1900ACS (My current router running ExpressVPN fork of Chaos Calmer 15.05 w/ Luci)
WRT3200ACM
WRT32X
I got this from my router log:
Quote:
Wed Apr 11 16:16:27 2018 Outgoing Data Channel: Cipher 'AES-256-CBC' initialized with 256 bit key
Wed Apr 11 16:16:27 2018 Outgoing Data Channel: Using 256 bit message hash 'SHA256' for HMAC authentication
Wed Apr 11 16:16:27 2018 Incoming Data Channel: Cipher 'AES-256-CBC' initialized with 256 bit key
Wed Apr 11 16:16:27 2018 Incoming Data Channel: Using 256 bit message hash 'SHA256' for HMAC authentication
Does this mean the router I have already supports AES-NI/AES-256-CBC?
Not sure I can comment specifically on DD-WRT or that I am well informed on the topic, but the WRT3200ACM (and potentially other Marvell based routers) support hardware acceleration (https://forum.lede-project.org/t/wrt3200acm-hardware-crypto-support/6382) via Marvell CESA.
I believe it would support AES-256-CBC, but not sure on AES-NI.
So, DD-WRT definitely seems to support crypto offloading for hardware acceleration to a Marvel CESA cryptographic engine within the Marvel Armada 385 SoC.
I'm just trying to figure out which encryption and/or data cypher algorithms may be supported in hardware, and how to confirm offloading/acceleration... The only idea I've got so far is maybe to compare speedtests through openvpn for each cypher with and without marvell-cesa enabled/disabled. Hmm, how to disable for testing...?
Oh my! In the attached, I do beleive that all drivers beginning with "mv-" may be potentially hardware accelerated in the associated CESA (one for each core, I presume).
EDIT: I've confirmed (using cat /proc/interrupts) that neither AES-xxx-GCM nor ChaCha20 are offloadable to the Armada 385 CESA (at least with current drivers), but AES-xxx-CBC is. _________________ My DD-WRT Routers:
Linksys WRT3200ACM - Marvell
Linksys WRT1900ACS - Marvell
Netgear R9000 - Atheros
Netgear R7000 - Broadcom
PC x86-64 VM - Atheros
Posted: Fri Jun 17, 2022 9:55 Post subject: Re: AES-NI Acceleration support for WRT Series Inquiry.
Skoda Zek wrote:
Greetings,
I posted this in the general forum but was directed to post here instead for a likely faster and more informed response.
I would like to know if any of the WRT line of Routers Support Encryption Acceleration.
Specifically:
WRT1900ACv2/WRT1900ACS (My current router running ExpressVPN fork of Chaos Calmer 15.05 w/ Luci)
WRT3200ACM
WRT32X
I got this from my router log:
Quote:
Wed Apr 11 16:16:27 2018 Outgoing Data Channel: Cipher 'AES-256-CBC' initialized with 256 bit key
Wed Apr 11 16:16:27 2018 Outgoing Data Channel: Using 256 bit message hash 'SHA256' for HMAC authentication
Wed Apr 11 16:16:27 2018 Incoming Data Channel: Cipher 'AES-256-CBC' initialized with 256 bit key
Wed Apr 11 16:16:27 2018 Incoming Data Channel: Using 256 bit message hash 'SHA256' for HMAC authentication
Does this mean the router I have already supports AES-NI/AES-256-CBC?
they can make it work but they need to install some install kmod-crypto-ocf so we need someone who can do that as it have hardware to support and speed is better.
omnia-stable has too old packages
I’ve solved the issue simply by installing:
opkg install kmod-crypto-ocf
and rebooting
After reboot engine cryptodev works.
But performance is not that great…
~50mbps 1k packets aes-128-cbc
~47mbps 1k packets aes-256-cbc
i have better performance inside the debian lxc ~59mbps 1kp aes-128-cbc
2
achim71
Nov '16
What is the performance without the cesa module loaded?
Joined: 04 Aug 2018 Posts: 1446 Location: Appalachian mountains, USA
Posted: Fri Jun 17, 2022 17:42 Post subject:
Quote:
Does this mean the router I have already supports AES-NI/AES-256-CBC?
No. Those are standard messages from the openvpn client going through the process of connecting to a server.
AFAIK, we don't have AES-NI hardware in these routers. For that reason, I use the very computationally efficient CHACHA20-POLY1305 data cipher, which my provider AirVPN supports. I have measured 215 Mbps download speed over openvpn and a 200 Mbps ISP speed - so maxed out - using this cipher in an WRT1900ACSv2, but of course YMMV. Depends on many, many things. But using that cipher, we are not struggling for adequate speeds.
The AES-256-GCM and AES-256-CBC second- and third-choice ciphers (for these routers) are not as fast, but I have seen 80 Mbps speeds there. _________________ 2x Netgear XR500 and 3x Linksys WRT1900ACSv2 on 53544: VLANs, VAPs, NAS, station mode, OpenVPN client (AirVPN), wireguard server (AirVPN port forward) and clients (AzireVPN, AirVPN, private), 3 DNSCrypt providers via VPN.
Joined: 31 Jul 2021 Posts: 2146 Location: All over YOUR webs
Posted: Fri Jun 17, 2022 18:19 Post subject:
CHACHA20-POLY130 is the bees knees and wings. All the cool kids use it these days on some IRC servers and other services. Very fast indeed. Of course HW acceleration helps other less efficient ciphers, but like you said, consumer level router equipment CPU's mostly none support AES instruction set on chip, will likely only be supported on select x86 amd64 devices. IDK if existing ARM CPUs on consumer routers support it at all natively otherwise.
But that doesn't mean the CPU cant handle AES its just more resource intensive without the instruction set on chip and thus slower.
they can make it work but they need to install some install kmod-crypto-ocf so we need someone who can do that as it have hardware to support and speed is better.
omnia-stable has too old packages
I’ve solved the issue simply by installing:
opkg install kmod-crypto-ocf
and rebooting
After reboot engine cryptodev works.
But performance is not that great…
~50mbps 1k packets aes-128-cbc
~47mbps 1k packets aes-256-cbc
i have better performance inside the debian lxc ~59mbps 1kp aes-128-cbc
2
achim71
Nov '16
What is the performance without the cesa module loaded?
Nice! Per that thread, @grinch reported that AES-256-GCM showed CESA acceleration improvements just like AES-256-CBC.
My current numbers are basically the same with or without:
# Without:
root@WRT1900ACSv2:~# openssl speed aes-256-cbc
...
The 'numbers' are in 1000s of bytes per second processed.
type 16 bytes 64 bytes 256 bytes 1024 bytes 8192 bytes 1 6384 bytes
aes-256 cbc 34419.59k 35757.18k 36537.28k 36728.72k 36719.27k 36916.06k
# With:
root@WRT1900ACSv2:~# openssl speed -evp aes-256-cbc
...
The 'numbers' are in 1000s of bytes per second processed.
type 16 bytes 64 bytes 256 bytes 1024 bytes 8192 bytes 1 6384 bytes
aes-256-cbc 29770.85k 34705.34k 36611.78k 36905.44k 36904.96k 36842.15k
I don't seem to have opkg (or even ipkg) on these units. So I'll try to install opkg first, then kmod-crypto-ocf, and report back... _________________ My DD-WRT Routers:
Linksys WRT3200ACM - Marvell
Linksys WRT1900ACS - Marvell
Netgear R9000 - Atheros
Netgear R7000 - Broadcom
PC x86-64 VM - Atheros
I've got that enabled but my provider doesn't support it yet. Thus, it would be amazing to make proper use of the Marvell CESA hardware for AES. _________________ My DD-WRT Routers:
Linksys WRT3200ACM - Marvell
Linksys WRT1900ACS - Marvell
Netgear R9000 - Atheros
Netgear R7000 - Broadcom
PC x86-64 VM - Atheros
...
AFAIK, we don't have AES-NI hardware in these routers.
...
Ah, but there's the rub. The Marvell Armada 385 SoC does include a crypto hardware acceleration CESA module, which seems to be underutilized (if at all).
EDIT: Actually, I believe one per core, so two (2) CESA modules on the 2-core 385. _________________ My DD-WRT Routers:
Linksys WRT3200ACM - Marvell
Linksys WRT1900ACS - Marvell
Netgear R9000 - Atheros
Netgear R7000 - Broadcom
PC x86-64 VM - Atheros
My cat proc/crypto results were in my first file attachment, but I now realize that the "kernel" indicators would instead be something like "marvell-crypto" for actual implementation in the CESA hardware IP co-processors.
I'm actually stuck on the very basic step of how to install opkg in dd-wrt since these builds don't seem to have ipkg either. I know I'd done it a few years ago on different hardware, but maybe that one already had ipkg? Current build (at least std) doesn't seem to have ipkg or opkg. I read that opkg can be installed with entware, but I'd rather not go that route just yet. Any relatively trusted lightweight alternatives?
EDIT: Oh, and GCM looks significantly slower than CBC in software (please ignore missing cryptodev errors, same result with or without that explicit hw parameter):
root@WRT1900ACSv2:/tmp# openssl speed -elapsed -engine cryptodev -evp aes-256-gcm
invalid engine "cryptodev"
3069994572:error:25066067:lib(37):func(102):reason(103):NA:0:filename(/usr/lib/engines-1.1/cryptodev.so): Error loading shared library /usr/lib/engines-1.1/cryptodev.so: No such file or directory
3069994572:error:25070067:lib(37):func(112):reason(103):NA:0:
3069994572:error:260B6084:lib(38):func(182):reason(132):NA:0:
3069994572:error:2606A074:lib(38):func(106):reason(116):NA:0:id=cryptodev
3069994572:error:25066067:lib(37):func(102):reason(103):NA:0:filename(libcryptodev.so): Error loading shared library libcryptodev.so: No such file or directory
3069994572:error:25070067:lib(37):func(112):reason(103):NA:0:
3069994572:error:260B6084:lib(38):func(182):reason(132):NA:0:
You have chosen to measure elapsed time instead of user CPU time.
Doing aes-256-gcm for 3s on 16 size blocks: 4362926 aes-256-gcm's in 3.00s
Doing aes-256-gcm for 3s on 64 size blocks: 1187190 aes-256-gcm's in 3.00s
Doing aes-256-gcm for 3s on 256 size blocks: 304619 aes-256-gcm's in 3.00s
Doing aes-256-gcm for 3s on 1024 size blocks: 76654 aes-256-gcm's in 3.00s
Doing aes-256-gcm for 3s on 8192 size blocks: 9600 aes-256-gcm's in 3.00s
Doing aes-256-gcm for 3s on 16384 size blocks: 4799 aes-256-gcm's in 3.00s
OpenSSL 1.1.1o 3 May 2022
built on: Wed May 25 19:25:39 2022 UTC
options:bn(64,32) rc4(char) des(long) aes(partial) blowfish(ptr)
compiler: ccache arm-linux-uclibc-gcc -I/home/seg/DEV/mvebu/src/router/openssl/crypto -fPIC -fPIC -pthread -Wa,--noexecstack -Os -pipe -mcpu=cortex-a9 -mtune=cortex-a9 -mfpu=vfpv3-d16 -fno-caller-saves -fno-plt -Os -pipe -mcpu=cortex-a9 -mtune=cortex-a9 -mfpu=vfpv3-d16 -fno-caller-saves -fno-plt -ffunction-sections -fdata-sections -DOPENSSL_USE_NODELETE -DOPENSSL_PIC -DOPENSSL_CPUID_OBJ -DOPENSSL_BN_ASM_MONT -DOPENSSL_BN_ASM_GF2m -DSHA1_ASM -DSHA256_ASM -DSHA512_ASM -DKECCAK1600_ASM -DAES_ASM -DBSAES_ASM -DGHASH_ASM -DECP_NISTZ256_ASM -DPOLY1305_ASM -DNDEBUG -DASMAES512 -DNDEBUG -D_GNU_SOURCE -DHAVE_CRYPTODEV -DUSE_CRYPTODEV_DIGEST -DOPENSSL_SMALL_FOOTPRINT
The 'numbers' are in 1000s of bytes per second processed.
type 16 bytes 64 bytes 256 bytes 1024 bytes 8192 bytes 16384 bytes
aes-256-gcm 23268.94k 25326.72k 25994.15k 26164.57k 26214.40k 26208.94k _________________ My DD-WRT Routers:
Linksys WRT3200ACM - Marvell
Linksys WRT1900ACS - Marvell
Netgear R9000 - Atheros
Netgear R7000 - Broadcom
PC x86-64 VM - Atheros
Last edited by o2bad455 on Fri Jun 17, 2022 21:27; edited 1 time in total
Oh, thanks! I didn't know. Then I guess the above test results could be inaccurate. I'll try to do some other types of testing as a sanity check once the CESA is awake for comparison. Either that or use opkg, once installed, to install a fuller openssl in addition to the kmod-crypto-ocf. _________________ My DD-WRT Routers:
Linksys WRT3200ACM - Marvell
Linksys WRT1900ACS - Marvell
Netgear R9000 - Atheros
Netgear R7000 - Broadcom
PC x86-64 VM - Atheros
Last I knew, you couldn't opkg or ipkg any OpenWRT kernel modules; they have to be compiled from source.
Thanks! After climbing out of that rabbit hole, I think you're correct about no more ipkg or opkg support.
So I just tried loading Entware, but failed to make everything else work from usb rather than jffs2. In particular, my freeradius certs wouldn't work after copying or even regenerate from usb - always stuck at 60% (and yes, I'd disabled jffs2). So I've lost confidence in the usb approach for now, and don't have an external hdd/ssd at hand.
I'll try to collect the additional source code and go from there. Searched, but haven't found a how-to yet. Any idea which compiler(s) are needed to compile from source? _________________ My DD-WRT Routers:
Linksys WRT3200ACM - Marvell
Linksys WRT1900ACS - Marvell
Netgear R9000 - Atheros
Netgear R7000 - Broadcom
PC x86-64 VM - Atheros
Joined: 31 Jul 2021 Posts: 2146 Location: All over YOUR webs
Posted: Sun Jun 19, 2022 13:55 Post subject:
o2bad455 wrote:
Any idea which compiler(s) are needed to compile from source?
gcc would be the compiler, and also all the specific project build dependencies and not to mention any (maybe) toolchains and definitely crosscompiling env stuffs, cause compiling stuff on the router it will take umpteen yonks.
Some projects are very good at documenting their build/configuration process, others share nothing, but the makefiles have info in them.