Navigation

    全志在线开发者论坛

    • Register
    • Login
    • Search
    • Categories
    • Tags
    • 在线文档
    • 社区主页

    【DIY教程】D1 SDK可支持openssl对接CE硬件加解密模块

    MR Series
    2
    2
    1778
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • xiaowenge
      DOT小文哥 LV 8 last edited by xiaowenge

      D1 SDK可支持openssl对接CE,验证方法如下:

      ① tina/package加入补丁

      diff --git a/libs/openssl/Makefile b/libs/openssl/Makefile
      index c755f8adf..dbb608fdf 100755
      --- a/libs/openssl/Makefile
      +++ b/libs/openssl/Makefile
      @@ -137,7 +137,7 @@ define Package/libopenssl-afalg
         $(call Package/openssl/Default)
         SUBMENU:=SSL
         TITLE:=AFALG hardware acceleration engine
      -  DEPENDS:=libopenssl @OPENSSL_ENGINE +@KERNEL_AIO @!LINUX_3_18 @LINUX_4_4||@LINUX_4_9
      +  DEPENDS:=libopenssl @OPENSSL_ENGINE +@KERNEL_AIO @!LINUX_3_18 @LINUX_4_4||@LINUX_4_9||@LINUX_5_4
       endef
      
       define Package/libopenssl-padlock
      @@ -210,7 +210,7 @@ ifdef CONFIG_OPENSSL_ENGINE
         ifndef CONFIG_PACKAGE_libopenssl-afalg
           OPENSSL_OPTIONS += no-afalgeng
         else
      -    ifneq ($(CONFIG_PLATFORM_v5)$(CONFIG_PLATFORM_r328s2)$(CONFIG_PLATFORM_r328s3)$(CONFIG_PLATFORM_r18)$(CONFIG_PLATFORM_r329),)
      +    ifneq ($(CONFIG_PLATFORM_v5)$(CONFIG_PLATFORM_r328s2)$(CONFIG_PLATFORM_r328s3)$(CONFIG_PLATFORM_r18)$(CONFIG_PLATFORM_r329)$(CONFIG_PLATFORM_r528)$(CONFIG_PLATFORM_d1),)
             OPENSSL_OPTIONS += -DSUPPORT_CE_V3_1
           else
             OPENSSL_OPTIONS += -DSUPPORT_CE_V3_2
      

      ② tina配置,make menconfig

      Tina Configuration
          Libraries  --->
              SSL  --->
                  -*- libopenssl........................... Open source SSL toolkit (libraries)  --->
      [*]   Enable engine support
      [*]     Support dynamic engine (NEW)
      [*]   Support Zero-Copy mode to call kernel's algorithms
      <*>   libopenssl-afalg...................... AFALG hardware acceleration engine
      

      说明: 可以将tina/lichee/linux-5.4/drivers/crypto/sunxi-ce/Makefile中的ccflags-y += -DDEBUG打开,这样每次调用CE时,就会产生debug打印。

      ③ 内核配置 (参考显杨文档中的配置dts等),make kernel_menuconfig

      Linux/riscv 5.4.61 Kernel Configuration
      [*] Networking support  --->
      -*- Cryptographic API  --->
      [*]   Disable run-time self tests
      <*>   CBC support 
      <*>   CFB support 
      -*-   CTR support 
      <*>   CTS support 
      -*-   ECB support 
      <*>   OFB support 
      <*>   XTS support 
      <*>   MD5 digest algorithm
      <*>   SHA1 digest algorithm              
      -*-   SHA224 and SHA256 digest algorithm 
      <*>   SHA384 and SHA512 digest algorithms
      -*-   AES cipher algorithms
      <*>   User-space interface for hash algorithms                   
      <*>   User-space interface for symmetric key cipher algorithms   
      <*>   User-space interface for random number generator algorithms
      <*>   User-space interface for AEAD cipher algorithms            
      [*]   Hardware crypto devices  --->                              
      <*>   Support for Allwinner Sunxi CryptoEngine
      

      ④ 编译,将afalgtest程序adb push到设备上运行
      PC端: adb push tina/out/d1-nezha/compile_dir/target/openssl-1.1.0i/test/aflagtest /tmp/
      设备端: /tmp/aflagtest
      该测试程序会对当前已经对接好CE的算法(主要是AES与Hash)进行测试。

      大家可以参考tina/out/d1-nezha/compile_dir/target/openssl-1.1.0i/test/aflagtest.c进行编程即可使用CE加解密。

      M 1 Reply Last reply Reply Quote Share 0
      • M
        mengxp LV 5 @xiaowenge last edited by mengxp

        使用afalg小块性能非常拉胯,可能是受限于内核通信或硬件中断之类的吧。

        engine "afalg" set.
        You have chosen to measure elapsed time instead of user CPU time.
        Doing aes-128-cbc for 3s on 16 size blocks: 62569 aes-128-cbc's in 3.00s
        Doing aes-128-cbc for 3s on 64 size blocks: 57975 aes-128-cbc's in 3.00s
        Doing aes-128-cbc for 3s on 256 size blocks: 55735 aes-128-cbc's in 3.00s
        Doing aes-128-cbc for 3s on 1024 size blocks: 43987 aes-128-cbc's in 3.00s
        Doing aes-128-cbc for 3s on 8192 size blocks: 16572 aes-128-cbc's in 3.00s
        Doing aes-128-cbc for 3s on 16384 size blocks: 9685 aes-128-cbc's in 3.00s
        OpenSSL 1.1.1m  14 Dec 2021
        built on: Fri Dec 31 05:37:09 2021 UTC
        options:bn(64,32) rc4(char) des(long) aes(partial) idea(int) blowfish(ptr) 
        compiler: arm-linux-gnueabihf-gcc -fPIC -pthread -Wa,--noexecstack -Wall -O3 -DOPENSSL_USE_NODELETE -DOPENSSL_PIC -DOPENSSL_CPUID_OBJ -DOPENSSL_BN_ASM_MONT -DOPENSSL_BN_ASM_GF2m -DSHA1_ASM -DSHA256_ASM -DSHA512_ASM -DKECCAK1600_ASM -DAES_ASM -DBSAES_ASM -DGHASH_ASM -DECP_NISTZ256_ASM -DPOLY1305_ASM -DNDEBUG
        The 'numbers' are in 1000s of bytes per second processed.
        type             16 bytes     64 bytes    256 bytes   1024 bytes   8192 bytes  16384 bytes
        aes-128-cbc        333.70k     1236.80k     4756.05k    15014.23k    45252.61k    52893.01k
        

        不开afalg加速性能如下

        You have chosen to measure elapsed time instead of user CPU time.
        Doing aes-128-cbc for 3s on 16 size blocks: 4299138 aes-128-cbc's in 3.00s
        Doing aes-128-cbc for 3s on 64 size blocks: 1332727 aes-128-cbc's in 3.00s
        Doing aes-128-cbc for 3s on 256 size blocks: 357553 aes-128-cbc's in 3.00s
        Doing aes-128-cbc for 3s on 1024 size blocks: 91071 aes-128-cbc's in 3.00s
        Doing aes-128-cbc for 3s on 8192 size blocks: 11447 aes-128-cbc's in 3.00s
        Doing aes-128-cbc for 3s on 16384 size blocks: 5724 aes-128-cbc's in 3.00s
        OpenSSL 1.1.1m  14 Dec 2021
        built on: Fri Dec 31 05:37:09 2021 UTC
        options:bn(64,32) rc4(char) des(long) aes(partial) idea(int) blowfish(ptr) 
        compiler: arm-linux-gnueabihf-gcc -fPIC -pthread -Wa,--noexecstack -Wall -O3 -DOPENSSL_USE_NODELETE -DOPENSSL_PIC -DOPENSSL_CPUID_OBJ -DOPENSSL_BN_ASM_MONT -DOPENSSL_BN_ASM_GF2m -DSHA1_ASM -DSHA256_ASM -DSHA512_ASM -DKECCAK1600_ASM -DAES_ASM -DBSAES_ASM -DGHASH_ASM -DECP_NISTZ256_ASM -DPOLY1305_ASM -DNDEBUG
        The 'numbers' are in 1000s of bytes per second processed.
        type             16 bytes     64 bytes    256 bytes   1024 bytes   8192 bytes  16384 bytes
        aes-128-cbc      22928.74k    28431.51k    30511.19k    31085.57k    31257.94k    31260.67k
        

        平台: R328-S3

        1 Reply Last reply Reply Quote Share 0
        • 1 / 1
        • First post
          Last post

        Copyright © 2024 深圳全志在线有限公司 粤ICP备2021084185号 粤公网安备44030502007680号

        行为准则 | 用户协议 | 隐私权政策