【DIY教程】D1 SDK可支持openssl对接CE硬件加解密模块
-
D1 SDK可支持openssl对接CE,验证方法如下:
① tina/package加入补丁
diff --git a/libs/openssl/Makefile b/libs/openssl/Makefile index c755f8adf..dbb608fdf 100755 --- a/libs/openssl/Makefile +++ b/libs/openssl/Makefile @@ -137,7 +137,7 @@ define Package/libopenssl-afalg $(call Package/openssl/Default) SUBMENU:=SSL TITLE:=AFALG hardware acceleration engine - DEPENDS:=libopenssl @OPENSSL_ENGINE +@KERNEL_AIO @!LINUX_3_18 @LINUX_4_4||@LINUX_4_9 + DEPENDS:=libopenssl @OPENSSL_ENGINE +@KERNEL_AIO @!LINUX_3_18 @LINUX_4_4||@LINUX_4_9||@LINUX_5_4 endef define Package/libopenssl-padlock @@ -210,7 +210,7 @@ ifdef CONFIG_OPENSSL_ENGINE ifndef CONFIG_PACKAGE_libopenssl-afalg OPENSSL_OPTIONS += no-afalgeng else - ifneq ($(CONFIG_PLATFORM_v5)$(CONFIG_PLATFORM_r328s2)$(CONFIG_PLATFORM_r328s3)$(CONFIG_PLATFORM_r18)$(CONFIG_PLATFORM_r329),) + ifneq ($(CONFIG_PLATFORM_v5)$(CONFIG_PLATFORM_r328s2)$(CONFIG_PLATFORM_r328s3)$(CONFIG_PLATFORM_r18)$(CONFIG_PLATFORM_r329)$(CONFIG_PLATFORM_r528)$(CONFIG_PLATFORM_d1),) OPENSSL_OPTIONS += -DSUPPORT_CE_V3_1 else OPENSSL_OPTIONS += -DSUPPORT_CE_V3_2
② tina配置,make menconfig
Tina Configuration Libraries ---> SSL ---> -*- libopenssl........................... Open source SSL toolkit (libraries) ---> [*] Enable engine support [*] Support dynamic engine (NEW) [*] Support Zero-Copy mode to call kernel's algorithms <*> libopenssl-afalg...................... AFALG hardware acceleration engine
说明: 可以将tina/lichee/linux-5.4/drivers/crypto/sunxi-ce/Makefile中的ccflags-y += -DDEBUG打开,这样每次调用CE时,就会产生debug打印。
③ 内核配置 (参考显杨文档中的配置dts等),make kernel_menuconfig
Linux/riscv 5.4.61 Kernel Configuration [*] Networking support ---> -*- Cryptographic API ---> [*] Disable run-time self tests <*> CBC support <*> CFB support -*- CTR support <*> CTS support -*- ECB support <*> OFB support <*> XTS support <*> MD5 digest algorithm <*> SHA1 digest algorithm -*- SHA224 and SHA256 digest algorithm <*> SHA384 and SHA512 digest algorithms -*- AES cipher algorithms <*> User-space interface for hash algorithms <*> User-space interface for symmetric key cipher algorithms <*> User-space interface for random number generator algorithms <*> User-space interface for AEAD cipher algorithms [*] Hardware crypto devices ---> <*> Support for Allwinner Sunxi CryptoEngine
④ 编译,将afalgtest程序adb push到设备上运行
PC端: adb push tina/out/d1-nezha/compile_dir/target/openssl-1.1.0i/test/aflagtest /tmp/
设备端: /tmp/aflagtest
该测试程序会对当前已经对接好CE的算法(主要是AES与Hash)进行测试。大家可以参考tina/out/d1-nezha/compile_dir/target/openssl-1.1.0i/test/aflagtest.c进行编程即可使用CE加解密。
-
使用afalg小块性能非常拉胯,可能是受限于内核通信或硬件中断之类的吧。
engine "afalg" set. You have chosen to measure elapsed time instead of user CPU time. Doing aes-128-cbc for 3s on 16 size blocks: 62569 aes-128-cbc's in 3.00s Doing aes-128-cbc for 3s on 64 size blocks: 57975 aes-128-cbc's in 3.00s Doing aes-128-cbc for 3s on 256 size blocks: 55735 aes-128-cbc's in 3.00s Doing aes-128-cbc for 3s on 1024 size blocks: 43987 aes-128-cbc's in 3.00s Doing aes-128-cbc for 3s on 8192 size blocks: 16572 aes-128-cbc's in 3.00s Doing aes-128-cbc for 3s on 16384 size blocks: 9685 aes-128-cbc's in 3.00s OpenSSL 1.1.1m 14 Dec 2021 built on: Fri Dec 31 05:37:09 2021 UTC options:bn(64,32) rc4(char) des(long) aes(partial) idea(int) blowfish(ptr) compiler: arm-linux-gnueabihf-gcc -fPIC -pthread -Wa,--noexecstack -Wall -O3 -DOPENSSL_USE_NODELETE -DOPENSSL_PIC -DOPENSSL_CPUID_OBJ -DOPENSSL_BN_ASM_MONT -DOPENSSL_BN_ASM_GF2m -DSHA1_ASM -DSHA256_ASM -DSHA512_ASM -DKECCAK1600_ASM -DAES_ASM -DBSAES_ASM -DGHASH_ASM -DECP_NISTZ256_ASM -DPOLY1305_ASM -DNDEBUG The 'numbers' are in 1000s of bytes per second processed. type 16 bytes 64 bytes 256 bytes 1024 bytes 8192 bytes 16384 bytes aes-128-cbc 333.70k 1236.80k 4756.05k 15014.23k 45252.61k 52893.01k
不开afalg加速性能如下
You have chosen to measure elapsed time instead of user CPU time. Doing aes-128-cbc for 3s on 16 size blocks: 4299138 aes-128-cbc's in 3.00s Doing aes-128-cbc for 3s on 64 size blocks: 1332727 aes-128-cbc's in 3.00s Doing aes-128-cbc for 3s on 256 size blocks: 357553 aes-128-cbc's in 3.00s Doing aes-128-cbc for 3s on 1024 size blocks: 91071 aes-128-cbc's in 3.00s Doing aes-128-cbc for 3s on 8192 size blocks: 11447 aes-128-cbc's in 3.00s Doing aes-128-cbc for 3s on 16384 size blocks: 5724 aes-128-cbc's in 3.00s OpenSSL 1.1.1m 14 Dec 2021 built on: Fri Dec 31 05:37:09 2021 UTC options:bn(64,32) rc4(char) des(long) aes(partial) idea(int) blowfish(ptr) compiler: arm-linux-gnueabihf-gcc -fPIC -pthread -Wa,--noexecstack -Wall -O3 -DOPENSSL_USE_NODELETE -DOPENSSL_PIC -DOPENSSL_CPUID_OBJ -DOPENSSL_BN_ASM_MONT -DOPENSSL_BN_ASM_GF2m -DSHA1_ASM -DSHA256_ASM -DSHA512_ASM -DKECCAK1600_ASM -DAES_ASM -DBSAES_ASM -DGHASH_ASM -DECP_NISTZ256_ASM -DPOLY1305_ASM -DNDEBUG The 'numbers' are in 1000s of bytes per second processed. type 16 bytes 64 bytes 256 bytes 1024 bytes 8192 bytes 16384 bytes aes-128-cbc 22928.74k 28431.51k 30511.19k 31085.57k 31257.94k 31260.67k
平台: R328-S3
Copyright © 2023 深圳全志在线有限公司 粤ICP备2021084185号 粤公网安备44030502007680号