VIA Padlock - What is the current state?

Botanic · Mar 8, 2012

I have a VIA board with Nano + padlock. I don't think my padlock works in 9.0-RELEASE amd64. Has anyone managed to get it working? How?

Code:

# kldstat
Id Refs Address            Size     Name
 1    9 0xffffffff80200000 11cd9b0  kernel
 3    2 0xffffffff813d4000 2b4a8    crypto.ko
 4    2 0xffffffff81400000 dde0     zlib.ko
 5    1 0xffffffff81612000 2a134    pf.ko
 6    1 0xffffffff8163d000 1d3c     padlock.ko

# openssl engine
(dynamic) Dynamic engine loading support

# dmesg | grep adlock
  VIA Padlock Features=0x70dcc<RNG,AES,AES-CTR,SHA1,SHA256>
padlock0: <AES-CBC,SHA1,SHA256> on motherboard

I have found this old thread, but I suspect/hope that FreeBSD has evolved since: http://forums.freebsd.org/showthread.php?t=7418

Any help or pointers are welcome.

Botanic · Mar 14, 2012

No one here using VIA Padlock in 2012?

Nukama · Mar 14, 2012

My Via C7 hwcrypto works well with AES-CBC 128.
Only thing needed was to add

Code:

padlock_load="YES"

and

Code:

geom_eli_load="YES"

to /boot/loader.conf.
Maybe with ports/164795 your Via Nano hwcrypto will be recognized by /usr/local/bin/openssl.

Code:

# openssl engine -c -tt
(padlock) VIA PadLock (no-RNG, ACE)
 [AES-128-ECB, AES-128-CBC, AES-128-CFB, AES-128-OFB, AES-192-ECB, AES-192-CBC, AES-192-CFB, AES-192-OFB, AES-256-ECB, AES-256-CBC, AES-256-CFB, AES-256-OFB]
     [ available ]
(dynamic) Dynamic engine loading support
     [ unavailable ]

[url=https://www.freshports.org/security/openssl]security/openssl[/URL] with [url=http://www.freebsd.org/cgi/query-pr.cgi?pr=164795]ports/164795[/URL]
# /usr/local/bin/openssl engine -c -tt
WARNING: can't open config file: /usr/local/openssl/openssl.cnf
(dynamic) Dynamic engine loading support
     [ unavailable ]
(padlock) VIA PadLock: RNG ACE2 PHE PMM 
 [AES-128-ECB, AES-128-CBC, AES-128-CFB, AES-128-OFB, AES-192-ECB, AES-192-CBC, AES-192-CFB, AES-192-OFB, AES-256-ECB, AES-256-CBC, AES-256-CFB, AES-256-OFB, SHA1, DSA, SHA224, SHA256]
     [ available ]

# dmesg
CPU: VIA Esther processor 1000MHz (1009.89-MHz 686-class CPU)
  Origin = "CentaurHauls"  Id = 0x6a9  Family = 6  Model = a  Stepping = 9
  Features=0xa7c9bbff<FPU,VME,DE,PSE,TSC,MSR,PAE,MCE,CX8,APIC,SEP,MTRR,PGE,CMOV,PAT,CLFLUSH,ACPI,MMX,FXSR,SSE,SSE2,TM,PBE>
  Features2=0x181<SSE3,EST,TM2>
  AMD Features=0x100000<NX>
  VIA Padlock Features=0x3fcc<RNG,AES,AES-CTR,SHA1,SHA256,RSA>

cryptosoft0: <software crypto> on motherboard
padlock0: <AES-CBC,SHA1,SHA256> on motherboard

GEOM_ELI: Device gpt/disk1-root.eli created.
GEOM_ELI: Encryption: AES-CBC 128
GEOM_ELI:     Crypto: hardware
GEOM_ELI: Device gpt/disk2-root.eli created.
GEOM_ELI: Encryption: AES-CBC 128
GEOM_ELI:     Crypto: hardware
Trying to mount root from zfs:zfs-root/FreeBSD [rw]...
GEOM_ELI: Device gpt/disk1-swap.eli created.
GEOM_ELI: Encryption: AES-CBC 128
GEOM_ELI:     Crypto: hardware
GEOM_ELI: Device gpt/disk2-swap.eli created.
GEOM_ELI: Encryption: AES-CBC 128
GEOM_ELI:     Crypto: hardware

# openssl enc -e -aes-128-cbc -k password -in random.100M -out /dev/null -nosalt [-engine padlock | -engine cryptodev | nothing]

finishes in 5 sec for padlock and 15-17s for cryptodev and nothing. Beware, these measurements where taken, while the system was running its normal workload.

# /usr/bin/openssl speed -evp aes-128-cbc aes-256-cbc sha1 sha256 -engine padlock

Code:

The 'numbers' are in 1000s of bytes per second processed.
type             16 bytes     64 bytes    256 bytes   1024 bytes   8192 bytes
sha1              3273.36k     9192.53k    19010.76k    25750.16k    28694.50k
aes-256 cbc       7381.81k     7597.51k     7642.95k     7676.18k     7665.14k
aes-128-cbc      47559.54k   160047.92k   379685.45k   584730.11k   694125.18k
sha256            2141.29k     4885.78k     8502.64k    10476.39k    11182.48k

# /usr/bin/openssl speed -evp aes-128-cbc aes-256-cbc sha1 sha256 -engine cryptodev

Code:

The 'numbers' are in 1000s of bytes per second processed.
type             16 bytes     64 bytes    256 bytes   1024 bytes   8192 bytes
sha1              3325.89k     9183.70k    18885.51k    25692.15k    28779.25k
aes-256 cbc       7418.30k     7576.12k     7639.88k     7660.01k     7660.89k
aes-128-cbc       9016.53k     9673.84k     9901.57k     9923.14k     9934.59k
sha256            2140.96k     4898.88k     8500.36k    10446.46k    11184.23k

# /usr/bin/openssl speed -evp aes-128-cbc aes-256-cbc sha1 sha256 -engine nothing

Code:

The 'numbers' are in 1000s of bytes per second processed.
type             16 bytes     64 bytes    256 bytes   1024 bytes   8192 bytes
sha1              3280.48k     9188.50k    18921.20k    25669.28k    28607.35k
aes-256 cbc       7402.28k     7594.92k     7642.67k     7658.31k     7682.43k
aes-128-cbc       8997.31k     9670.30k     9900.19k     9948.56k     9933.84k
sha256            2141.50k     4887.58k     8520.72k    10444.82k    11189.69k

# /usr/local/bin/openssl speed -evp aes-128-cbc aes-256-cbc sha1 sha256 -engine padlock with ports/164795

Code:

The 'numbers' are in 1000s of bytes per second processed.
type             16 bytes     64 bytes    256 bytes   1024 bytes   8192 bytes
sha1             16740.27k    53378.34k   131121.99k   206969.10k   247910.87k
aes-256 cbc       5455.68k     5706.26k     5726.23k    11279.60k    11300.67k
aes-128-cbc      48158.70k   158295.81k   382867.52k   585777.37k   693511.81k
sha256           15740.09k    50090.60k   124018.69k   197043.22k   237898.81k

# /usr/local/bin/openssl speed -evp aes-128-cbc aes-256-cbc sha1 sha256 -engine cryptodev with ports/164795

Code:

The 'numbers' are in 1000s of bytes per second processed.
type             16 bytes     64 bytes    256 bytes   1024 bytes   8192 bytes
sha1              6530.31k    16275.71k    30023.11k    38024.09k    41112.92k
aes-256 cbc       5428.75k     5669.89k     5741.62k    11256.25k    11309.64k
aes-128-cbc       7219.07k     7793.12k     8018.26k    15437.53k    15539.78k
sha256            3401.48k     7578.30k    12974.63k    15868.40k    16993.27k

# /usr/local/bin/openssl speed -evp aes-128-cbc aes-256-cbc sha1 sha256 -engine nothing with ports/164795

Code:

The 'numbers' are in 1000s of bytes per second processed.
type             16 bytes     64 bytes    256 bytes   1024 bytes   8192 bytes
sha1              6281.22k    16297.86k    30117.19k    38099.20k    41207.30k
aes-256 cbc       5454.00k     5660.60k     5740.29k    11265.05k    11313.43k
aes-128-cbc       7192.12k     7825.76k     8022.54k    15381.21k    15529.87k
sha256            3397.62k     7592.94k    12974.96k    15828.38k    16969.41k

Botanic · Mar 15, 2012

Thank you for pointing out the patch!
After applying the patch and installing the port with padlock support, it seems to work.
(I am not using geom_eli though).

What is the best way to replace /usr/bin/openssl with /usr/local/bin/openssl ?

Botanic · Mar 15, 2012

Found this one:
http://www.mebsd.com/freebsd-security-hardening/openssl-upgrade-freebsd.html

This seems as a good way of replacing openssl.

Nukama · Mar 15, 2012

There is another security update for openssl committed just today. Diff against current version from ports:
patches/openssl-164795.patch

VIA Esther processor 1000MHz (686-class CPU)
# /usr/local/bin/openssl speed -evp aes-128-cbc aes-256-cbc sha1 sha256 -engine padlock

Code:

The 'numbers' are in 1000s of bytes per second processed.
type             16 bytes     64 bytes    256 bytes   1024 bytes   8192 bytes
sha1             16979.75k    53461.56k   130988.72k   206913.36k   248042.26k
aes-256 cbc       5436.17k     5666.19k     5727.16k    11310.54k    11288.92k
aes-128-cbc      48329.44k   158724.39k   382883.92k   586099.13k   694773.63k
sha256           15747.36k    49932.37k   124270.90k   197178.34k   238066.32k

against
AMD Phenom(tm) II X2 550 Processor 3100 MHz (K8-class CPU)
# /usr/local/bin/openssl speed -evp aes-128-cbc aes-256-cbc sha1 sha256 -engine cryptodev

Code:

The 'numbers' are in 1000s of bytes per second processed.
type             16 bytes     64 bytes    256 bytes   1024 bytes   8192 bytes
sha1             43162.14k   135779.56k   292025.09k   407047.85k   462351.02k
aes-256 cbc      64902.55k    67789.61k    68896.09k   177724.76k   179393.88k
aes-128-cbc      85742.78k    94955.69k    98489.94k   250809.34k   255748.51k
sha256           36998.34k    84899.24k   148152.49k   182026.58k   195689.47k

Botanic · Mar 15, 2012

How do I make sure that OpenSSH is using padlock?

I have this:

Code:

# cat /etc/make.conf
WITH_OPENSSL_PORT=yes

That should compile all applications from ports that use openssl, to use the openssl from ports.

I also have this in /usr/local/openssl/openssl.cnf

Code:

openssl_conf = openssl_def
[openssl_def]
engines = openssl_engines
[openssl_engines]
padlock = padlock_engine
[padlock_engine]
default_algorithms = ALL

This makes the ports provided openssl always use Padlock. I have verified that it works.

I installed the openssh-portable port.
I have it listening on another TCP port than the system provided openssh.
When I transfer a file with SCP to the either TCP port, I get the exact same speed.
So there is something that is not working as I intended.

stadtkind · Mar 16, 2012

Botanic said:
How do I make sure that OpenSSH is using padlock?

I have this:

Code:
# cat /etc/make.conf WITH_OPENSSL_PORT=yes

That should compile all applications from ports that use openssl, to use the openssl from ports.

I also have this in /usr/local/openssl/openssl.cnf

Code:
openssl_conf = openssl_def [openssl_def] engines = openssl_engines [openssl_engines] padlock = padlock_engine [padlock_engine] default_algorithms = ALL

This makes the ports provided openssl always use Padlock. I have verified that it works.

I installed the openssh-portable port.
I have it listening on another TCP port than the system provided openssh.
When I transfer a file with SCP to the either TCP port, I get the exact same speed.
So there is something that is not working as I intended.

Did you tell scp/ssh (e.g. via ~/.ssh/config) to use the aes128-cbc cipher (default cipher is aes128-ctr, which is not hardware-accelerated yet, see ssh_config(5))?

Botanic · Mar 16, 2012

Thanks stadtkind! I had missed that detail all together.

Botanic said:
I also have this in /usr/local/openssl/openssl.cnf

Code:
openssl_conf = openssl_def [openssl_def] engines = openssl_engines [openssl_engines] padlock = padlock_engine [padlock_engine] default_algorithms = ALL

This makes the ports provided openssl always use Padlock. I have verified that it works.

I realized that these lines makes my openssl segfault.
It seems as if I do not need them anyway. At least when I now do a file transfer with scp, it goes almost twice the speed with the new openssh.
Does anyone know if openssl uses padlock all the time now, with the patches and all?
(According to this http://www.a110wiki.de/wiki/VIA_Padlock http://www.a110wiki.de/wiki/VIA_Padlock those lines are/were needed)

stadtkind · Mar 16, 2012

Botanic said:
Thanks stadtkind! I had missed that detail all together.

I realized that these lines makes my openssl segfault.
It seems as if I do not need them anyway. At least when I now do a file transfer with scp, it goes almost twice the speed with the new openssh.
Does anyone know if openssl uses padlock all the time now, with the patches and all?
(According to this http://www.a110wiki.de/wiki/VIA_Padlock http://www.a110wiki.de/wiki/VIA_Padlock those lines are/were needed)

Try adding

Code:

init = 1

at the end of the [padlock_engine] codeblock.

Back to your orignal question, IMHO the padlock stuff really needs some love. The rng code was x86 only, i.e. you have no hardware random numbers on 9.0/amd64 (fixed in 9.0-STABLE, see http://www.freebsd.org/cgi/query-pr.cgi?pr=163974)

Frequency scaling is not supported on some Nano CPUs (see http://www.freebsd.org/cgi/query-pr.cgi?pr=165303. Luckily C2 state works (embedded Via boards like Epia don't support CPU freq scaling anyway).

I also had very poor disk performance when using geli with sha1/sha256 HMAC.

One last thing, Via Padlock also supports AES-CTR but no OS/app on the planet seems to support it

Botanic · Mar 17, 2012

I am confused.
Do I need to have anything special in /usr/local/openssl/openssl.cnf in order to always use padlock with openssl?
When I do these tests, I can see that there is a speed increase with the new openssl from ports. But there is no difference if I add anything in the configuration file:

Code:

# /usr/bin/openssl speed aes-128-cbc
To get the most accurate results, try to run this
program when this computer is idle.
Doing aes-128 cbc for 3s on 16 size blocks: 8573969 aes-128 cbc's in 2.94s
Doing aes-128 cbc for 3s on 64 size blocks: 2333341 aes-128 cbc's in 2.99s
Doing aes-128 cbc for 3s on 256 size blocks: 590360 aes-128 cbc's in 2.97s
Doing aes-128 cbc for 3s on 1024 size blocks: 149845 aes-128 cbc's in 2.99s
Doing aes-128 cbc for 3s on 8192 size blocks: 18741 aes-128 cbc's in 2.99s
OpenSSL 0.9.8q 2 Dec 2010
built on: date not available
options:bn(64,64) md2(int) rc4(ptr,int) des(idx,cisc,16,int) aes(partial) blowfish(idx) 
compiler: cc
available timing options: USE_TOD HZ=128 [sysconf value]
timing function used: getrusage
The 'numbers' are in 1000s of bytes per second processed.
type             16 bytes     64 bytes    256 bytes   1024 bytes   8192 bytes
aes-128 cbc      46731.07k    49877.95k    50929.36k    51250.05k    51289.82k

Code:

# /usr/local/bin/openssl speed aes-128-cbc
Doing aes-128 cbc for 3s on 16 size blocks: 6328981 aes-128 cbc's in 2.99s
Doing aes-128 cbc for 3s on 64 size blocks: 1688598 aes-128 cbc's in 2.99s
Doing aes-128 cbc for 3s on 256 size blocks: 428394 aes-128 cbc's in 3.00s
Doing aes-128 cbc for 3s on 1024 size blocks: 238176 aes-128 cbc's in 2.99s
Doing aes-128 cbc for 3s on 8192 size blocks: 30225 aes-128 cbc's in 2.99s
OpenSSL 1.0.0h 12 Mar 2012
built on: Thu Mar 15 14:38:12 CET 2012
options:bn(64,64) md2(int) rc4(8x,int) des(idx,cisc,16,int) aes(partial) idea(int) blowfish(idx) 
compiler: cc -fPIC -DOPENSSL_PIC -DZLIB_SHARED -DZLIB -DOPENSSL_THREADS -D_REENTRANT -DDSO_DLFCN -DHAVE_DLFCN_H -Wa,--noexecstack -DL_ENDIAN -DTERMIOS -O3
 -DMD32_REG_T=int -Wall -O2 -pipe -fno-strict-aliasing -DOPENSSL_IA32_SSE2 -DOPENSSL_BN_ASM_MONT -DSHA1_ASM -DSHA256_ASM -DSHA512_ASM -DMD5_ASM -DAES_ASM
 -DWHIRLPOOL_ASM
The 'numbers' are in 1000s of bytes per second processed.
type             16 bytes     64 bytes    256 bytes   1024 bytes   8192 bytes
aes-128 cbc      33842.70k    36117.48k    36556.29k    81509.67k    82749.89k

I could just be happy that I see a speed increase, but I want to understand.

I don't think that my Nano has support for frequency scaling. I have the first Nano ever released by VIA. (I waited for this board to be released for so long. It is such an off duck board, that I kind of regret that I ever bought it. But still I really want it to be working 100% before I give up on it).

stadtkind · Mar 17, 2012

Botanic said:

First things first, you have to add:

Code:

# add this line at the beginning
openssl_conf = openssl_init

...

# add the following lines at the end
[openssl_init]
engines = openssl_engines

[openssl_engines]
padlock = padlock_engine

[padlock_engine]
default_algorithms = ALL
init = 1

to /usr/local/openssl/openssl.cnf (system openssl will not work because it's too old for amd64 padlock, openssl from ports with Nukumas patch is best for Via Nano CPUs)

Also, your tests don't make use of hw accel crypto, so it's slow whether or not you have configured openssl as seen above:

Code:

$ /usr/local/bin/openssl speed aes-128-cbc
type             16 bytes     64 bytes    256 bytes   1024 bytes   8192 bytes
aes-128 cbc      31158.88k    32532.68k    32953.39k    74572.54k    75169.13k

vs. -evp flag, which makes use of hw crypto support:

Code:

$ /usr/local/bin/openssl speed -evp aes-128-cbc
type             16 bytes     64 bytes    256 bytes   1024 bytes   8192 bytes
aes-128-cbc     109134.11k   321334.71k   597890.66k   749538.89k   813193.45k

Botanic · Mar 18, 2012

After adding those lines to /usr/local/openssl/openssl.cnf the thing segfaults:

Code:

# /usr/local/bin/openssl speed -evp aes-128-cbc
Error configuring OpenSSL
34378561064:error:260B606D:engine routines:DYNAMIC_LOAD:init failed:eng_dyn.c:521:
34378561064:error:2606A074:engine routines:ENGINE_by_id:no such engine:eng_list.c:417:id=padlock
34378561064:error:260BC066:engine routines:INT_ENGINE_CONFIGURE:engine configuration error:eng_cnf.c:204:section=padlock_engine, name=default_algorithms, value=ALL
34378561064:error:0E07606D:configuration file routines:MODULE_RUN:module initialization error:conf_mod.c:235:module=engines, value=openssl_engines, retcode=-1      
Segmentation fault (core dumped)

It bails out the exact same way now if I do any of these commands:
/usr/local/bin/openssl engine
/usr/local/bin/openssl speed aes-128-cbc
/usr/local/bin/openssl speed -evp aes-128-cbc

Is this a new bug? What should I do?

Botanic · Mar 18, 2012

Disregard my latest post.
I re-compiled and re-installed the openssl port.
It works.

Code:

# /usr/local/bin/openssl speed -evp aes-128-cbc
Doing aes-128-cbc for 3s on 16 size blocks: 15232721 aes-128-cbc's in 2.99s
Doing aes-128-cbc for 3s on 64 size blocks: 14996822 aes-128-cbc's in 2.99s
Doing aes-128-cbc for 3s on 256 size blocks: 7428385 aes-128-cbc's in 2.99s
Doing aes-128-cbc for 3s on 1024 size blocks: 2464653 aes-128-cbc's in 3.00s
Doing aes-128-cbc for 3s on 8192 size blocks: 340503 aes-128-cbc's in 2.99s
OpenSSL 1.0.0h 12 Mar 2012
built on: Sun Mar 18 12:55:37 CET 2012
options:bn(64,64) md2(int) rc4(8x,int) des(idx,cisc,16,int) aes(partial) idea(int) blowfish(idx) 
compiler: cc -fPIC -DOPENSSL_PIC -DZLIB_SHARED -DZLIB -DOPENSSL_THREADS -D_REENTRANT -DDSO_DLFCN -DHAVE_DLFCN_H -Wa,--noexecstack -DL_ENDIAN -DTERMIOS -O3
 -DMD32_REG_T=int -Wall -O2 -pipe -fno-strict-aliasing -DOPENSSL_IA32_SSE2 -DOPENSSL_BN_ASM_MONT -DSHA1_ASM -DSHA256_ASM -DSHA512_ASM -DMD5_ASM -DAES_ASM
 -DWHIRLPOOL_ASM
The 'numbers' are in 1000s of bytes per second processed.
type             16 bytes     64 bytes    256 bytes   1024 bytes   8192 bytes
aes-128-cbc      81453.30k   320767.53k   635543.92k   841268.22k   932227.87k

Botanic · Apr 25, 2012

Is there a patch for the latest openssl-1.0.1_1?

Will these patches be included in ports, ever, or is there a reason why it should/could not be done?

stadtkind · Apr 29, 2012

Botanic said:
Is there a patch for the latest openssl-1.0.1_1?

Will these patches be included in ports, ever, or is there a reason why it should/could not be done?

Take a look at ports/164795. The padlock patches should work with openssl-1.0.1 (see mentioned bug report if you want to know where to get them or check for updates).

I will not put further work into this.

Botanic · Apr 30, 2012

I tried to modify 164795 for openssl-1.0.1_1. My modified patch compiles fine, but padlock is not working. Either I screwed up something, or there is something else at play here.

I run x86_64, but since it is compiling fine, this is not the problem: http://openssl.org/news/notice_20120425.txt

I found something that could have something to do with this: https://bugs.archlinux.org/task/29118

I do not fully understand the explanation by dinoex about not including the 164795 patch. Does he mean that padlock will never be supported, or is there a small hope for it to be supported someday?

VIA Padlock - What is the current state?

Botanic

Member

Botanic

Member

Nukama

Active Member

Botanic

Member

Botanic

Member

Nukama

Active Member

Botanic

Member

stadtkind

New Member

Botanic

Member

stadtkind

New Member

Botanic

Member

stadtkind

New Member

Botanic

Member

Botanic

Member

Botanic

Member

stadtkind

New Member

Botanic

Member