mirror of
https://github.com/openwrt/openwrt.git
synced 2024-12-22 15:02:32 +00:00
da1bb88a2b
SVN-Revision: 21952 |
||
---|---|---|
.. | ||
c7108 | ||
cryptocteon | ||
ep80579 | ||
hifn | ||
ixp4xx | ||
kirkwood | ||
ocfnull | ||
pasemi | ||
safe | ||
talitos | ||
Config.in | ||
criov.c | ||
crypto.c | ||
cryptodev.c | ||
cryptodev.h | ||
cryptosoft.c | ||
Kconfig | ||
Makefile | ||
ocf-bench.c | ||
ocf-compat.h | ||
random.c | ||
README | ||
rndtest.c | ||
rndtest.h | ||
uio.h |
README - ocf-linux-20100325 --------------------------- This README provides instructions for getting ocf-linux compiled and operating in a generic linux environment. For other information you might like to visit the home page for this project: http://ocf-linux.sourceforge.net/ Adding OCF to linux ------------------- Not much in this file for now, just some notes. I usually build the ocf support as modules but it can be built into the kernel as well. To use it: * mknod /dev/crypto c 10 70 * to add OCF to your kernel source, you have two options. Apply the kernel specific patch: cd linux-2.4*; gunzip < ocf-linux-24-XXXXXXXX.patch.gz | patch -p1 cd linux-2.6*; gunzip < ocf-linux-26-XXXXXXXX.patch.gz | patch -p1 if you do one of the above, then you can proceed to the next step, or you can do the above process by hand with using the patches against linux-2.4.35 and 2.6.33 to include the ocf code under crypto/ocf. Here's how to add it: for 2.4.35 (and later) cd linux-2.4.35/crypto tar xvzf ocf-linux.tar.gz cd .. patch -p1 < crypto/ocf/patches/linux-2.4.35-ocf.patch for 2.6.23 (and later), find the kernel patch specific (or nearest) to your kernel versions and then: cd linux-2.6.NN/crypto tar xvzf ocf-linux.tar.gz cd .. patch -p1 < crypto/ocf/patches/linux-2.6.NN-ocf.patch It should be easy to take this patch and apply it to other more recent versions of the kernels. The same patches should also work relatively easily on kernels as old as 2.6.11 and 2.4.18. * under 2.4 if you are on a non-x86 platform, you may need to: cp linux-2.X.x/include/asm-i386/kmap_types.h linux-2.X.x/include/asm-YYY so that you can build the kernel crypto support needed for the cryptosoft driver. * For simplicity you should enable all the crypto support in your kernel except for the test driver. Likewise for the OCF options. Do not enable OCF crypto drivers for HW that you do not have (for example ixp4xx will not compile on non-Xscale systems). * make sure that cryptodev.h (from ocf-linux.tar.gz) is installed as crypto/cryptodev.h in an include directory that is used for building applications for your platform. For example on a host system that might be: /usr/include/crypto/cryptodev.h * patch your openssl-0.9.8n code with the openssl-0.9.8n.patch. (NOTE: there is no longer a need to patch ssh). The patch is against: openssl-0_9_8e If you need a patch for an older version of openssl, you should look to older OCF releases. This patch is unlikely to work on older openssl versions. openssl-0.9.8n.patch - enables --with-cryptodev for non BSD systems - adds -cpu option to openssl speed for calculating CPU load under linux - fixes null pointer in openssl speed multi thread output. - fixes test keys to work with linux crypto's more stringent key checking. - adds MD5/SHA acceleration (Ronen Shitrit), only enabled with the --with-cryptodev-digests option - fixes bug in engine code caching. * build crypto-tools-XXXXXXXX.tar.gz if you want to try some of the BSD tools for testing OCF (ie., cryptotest). How to load the OCF drivers --------------------------- First insert the base modules: insmod ocf insmod cryptodev You can then install the software OCF driver with: insmod cryptosoft and one or more of the OCF HW drivers with: insmod safe insmod hifn7751 insmod ixp4xx ... all the drivers take a debug option to enable verbose debug so that you can see what is going on. For debug you load them as: insmod ocf crypto_debug=1 insmod cryptodev cryptodev_debug=1 insmod cryptosoft swcr_debug=1 You may load more than one OCF crypto driver but then there is no guarantee as to which will be used. You can also enable debug at run time on 2.6 systems with the following: echo 1 > /sys/module/ocf/parameters/crypto_debug echo 1 > /sys/module/cryptodev/parameters/cryptodev_debug echo 1 > /sys/module/cryptosoft/parameters/swcr_debug echo 1 > /sys/module/hifn7751/parameters/hifn_debug echo 1 > /sys/module/safe/parameters/safe_debug echo 1 > /sys/module/ixp4xx/parameters/ixp_debug ... Testing the OCF support ----------------------- run "cryptotest", it should do a short test for a couple of des packets. If it does everything is working. If this works, then ssh will use the driver when invoked as: ssh -c 3des username@host to see for sure that it is operating, enable debug as defined above. To get a better idea of performance run: cryptotest 100 4096 There are more options to cryptotest, see the help. It is also possible to use openssl to test the speed of the crypto drivers. openssl speed -evp des -engine cryptodev -elapsed openssl speed -evp des3 -engine cryptodev -elapsed openssl speed -evp aes128 -engine cryptodev -elapsed and multiple threads (10) with: openssl speed -evp des -engine cryptodev -elapsed -multi 10 openssl speed -evp des3 -engine cryptodev -elapsed -multi 10 openssl speed -evp aes128 -engine cryptodev -elapsed -multi 10 for public key testing you can try: cryptokeytest openssl speed -engine cryptodev rsa -elapsed openssl speed -engine cryptodev dsa -elapsed David McCullough david_mccullough@mcafee.com