Tales from the Crypt-o: Update on BBB Crypto Hardware Trials

This is an update for those following along with my BeagleBone Black’s hardware crypto project.  The TL;DR is that the cryptodev module with OpenSSL is unstable in my testing.  What follows is a list of my experiments and some results / observations:

  1. A helpful reader tried a 5 Gig OpenSSL test and his BBB appeared to segfault and lock up. This was the start of things not looking so hot.
  2. I configured tor to use hardware acceleration and the cryptodev module.  This was easy enough, I just add the following lines in torrc:
    HardwareAccel 1
    AccelName cryptodev
  3. Tor, running as a client only, acts a bit wonky (technical term).  The first time I tried hardware acceleration it locked up the BBB after it registered the engine for DH and RSA use.  This has me a bit concerned because the BBB only has AES/SHA/MD5 support so I’m not sure what happens when one tries to use DH/RSA.  I looked at cryptodev’s source (cryptodev.h) and there’s no mention of RSA.  However, according to this README, I might have better luck swapping the eng_cryptodev.c provided by cryptodev with the one from OpenSSL.
  4. Tor complained about missing library versions in my home compiled OpenSSL.  Fortunately, I found a post that explained how to fix that and I slightly modified the instructions for the current OpenSSL version.
  5. Then I tried to get fancy and I hacked tor’s crypto.c such that for all algorithms, except for those provided by the BBB, tor was configured to use the software implementations.  Well, while tor successfully bootstraps as a client (I haven’t tried it as a relay yet), my BBB has locked up twice now.
  6. Another motivated reader tried to follow my instructions, but for Arch Linux on the BBB. After talking on IRC (jbdatko @ freenode or oftc, feel free to msg me if you are working on this!), we swapped statistics and our numbers didn’t match at all.  His times for SHA and MD5 were much faster, but my AES times were better. That’s just odd.

Let’s take a step back. The goal here is to use the BBB’s crypto hardware to reduce CPU usage.  The kernel can access the HW, but userspace is out-of-luck without a module or a driver of some sort.  Cryptodev appears to provide the interface, but there seem to be some issues.

Here’s what I’m going to try next:

  1. Replace eng_cryptodev.c and rebuild OpenSSL.
  2. If that doesn’t work, I really want the engine to just provide the algorithms I know the BBB supports. So, maybe I’ll fork that file and modify it.
  3. Re-investigate 🙂

There are a few BBB Cypherpunks out there beside myself!  It’s all about incremental progress.

Advertisements