ser" ;
>> *发送时间:* 2020年12月4日(星期五) 晚上6:19
>> *收件人:* "Tony He";
>> *抄送:* "lev";"Antonio Quartulli"> >;"openvpn-devel";
>> *主题:* Re: [Openvpn-devel] [ovpn-dco] Is cbc-hmac supported?
>>
>> hi Tony,
>>
>> O
will implement this.
>
>
> -- 原始邮件 --
> *发件人:* "Jan Just Keijser" ;
> *发送时间:* 2020年12月4日(星期五) 晚上6:19
> *收件人:* "Tony He";
> *抄送:* "lev";"Antonio Quartulli" >;"openvpn-devel";
> *主题:* Re: [Openvpn-devel]
hi Tony,
On 04/12/20 11:12, Tony He wrote:
Hi Jan,
>what HW engine is this? I think your best bet is to actually get the
engine to support GCM; with AES and SHA acceleration in place there is
very little to stop the HW engine from not being able to support GCM..
The HW engine is a part of
Hi Jan,
>what HW engine is this? I think your best bet is to actually get the
engine to support GCM; with AES and SHA acceleration in place there is very
little to stop the HW engine from not being able to support GCM..
The HW engine is a part of SoC al314. It connects with A15 CPU via PCI in
Hi,
On Fri, Dec 04, 2020 at 10:49:04AM +0100, Jan Just Keijser wrote:
> as far as I
> know no openvpn release supports CCM thus far (which is a shame, really).
I have heard rumors that someone got nerdsniped by this already... :-)
gert
--
"If was one thing all people took for granted, was
Hi Tony,
On 04/12/20 08:41, Tony He wrote:
Hi Jan,
Yeah, need option " -elapsed" because OpenSSL counts user time instead
of total time(user+sys time) without this option. You can see:
* aes-128-cbc and sha1 are accelerated by HW engine. I believe speed
is faster for openvpn dco module
Hi Jan,
Yeah, need option " -elapsed" because OpenSSL counts user time instead of
total time(user+sys time) without this option. You can see:
* aes-128-cbc and sha1 are accelerated by HW engine. I believe speed is
faster for openvpn dco module because it uses the HW engine in kernel space
and
Hi Tony,
On 02/12/20 15:51, Jan Just Keijser wrote:
On 02/12/20 15:22, Tony He wrote:
Hi Jan,
Welcome to join the discussion.
>the second set of numbers doesn't make sense, and a much better test
is to do an actual encryption test
I don't compile cryptodev kernel module for my PC and can
Hi Tony,
On 02/12/20 15:22, Tony He wrote:
Hi Jan,
Welcome to join the discussion.
>the second set of numbers doesn't make sense, and a much better test
is to do an actual encryption test
I don't compile cryptodev kernel module for my PC and can not
reproduce this issue for now. You don't
Hi Jan,
Welcome to join the discussion.
>the second set of numbers doesn't make sense, and a much better test is to
do an actual encryption test
I don't compile cryptodev kernel module for my PC and can not reproduce
this issue for now. You don't understand the reason why the performance
is
hi Tony,
On 01/12/20 02:50, Tony He wrote:
Hi Arne,
openssl speed -evp aes-128-cbc
type 16 bytes 64 bytes 256 bytes 1024 bytes 8192 bytes aes-128-cbc
20035.60k 123261.54k 267081.60k 1094764.09k 9181370.18k
openssl speed -evp aes-128-gcm
type 16 bytes 64 bytes 256 bytes 1024 bytes 8192 bytes
Hi Arne,
openssl speed -evp aes-128-cbc
type 16 bytes 64 bytes 256 bytes 1024 bytes 8192 bytes aes-128-cbc
20035.60k 123261.54k 267081.60k 1094764.09k 9181370.18k
openssl speed -evp aes-128-gcm
type 16 bytes 64 bytes 256 bytes 1024 bytes 8192 bytes aes-128-gcm
18738.76k 19284.91k 19524.44k
Am 26.11.20 um 10:41 schrieb Tony He:
> Hi Arne,
>
>>Since the original thread was not on the mailing list I am missing your
>>goal but if your crypto acelator already works with OpenSSL, then it
>>will also work with the "normal" OpenVPN
>
> Yes, it wokrs with "normal" OpenVPN(OpenVPN2), but
Hi,
On Thu, Nov 26, 2020 at 05:04:45PM +0800, Tony He wrote:
> Because there is HW crypto engine in some embedded devices, the crypto
> engine maybe only supports hmac-sha256-cbc-aes.
OK, I was not aware that there is such special-case hardware. Thanks
for the explanation.
Yes, in that case
3181...@qq.com> 于2020年11月26日周四 下午5:32写道:
>
>
>
> -- 原始邮件 --
> *发件人:* "Arne Schwabe" ;
> *发送时间:* 2020年11月26日(星期四) 下午5:22
> *收件人:* "Tony He";"Antonio Quartulli";
> *抄送:* "lev";"openvpn-devel"&
Am 26.11.20 um 01:46 schrieb Tony He:
>>OpenSSL directly talks to the crypto engine via a proprietary interface
>>that the FW/driver exposes to userspace. The *data* flow does not cross
>>the linux kernel crypto API
>
> No, OpenSSL doesn't directly talk to the crypto engine via a
> proprietary
Hi Gert,
Because there is HW crypto engine in some embedded devices, the crypto
engine maybe only supports hmac-sha256-cbc-aes.
Tony
Gert Doering 于2020年11月26日周四 下午4:56写道:
> Hi,
>
> On Thu, Nov 26, 2020 at 04:53:14PM +0800, Tony He wrote:
> > Understood. We have dicussed this in the OpenWRT
Hi,
On Thu, Nov 26, 2020 at 04:53:14PM +0800, Tony He wrote:
> Understood. We have dicussed this in the OpenWRT forum. Maybe some kind
> OpenWRT guys will implement aead hmac-sha256-cbc-aes
> for ovpn-dco module in the future.
Why? If you do AES in the first place, all numbers I have seen so
Hi Antonio,
Understood. We have dicussed this in the OpenWRT forum. Maybe some kind
OpenWRT guys will implement aead hmac-sha256-cbc-aes
for ovpn-dco module in the future.
https://forum.openwrt.org/t/ipq806x-nss-drivers/12613/2180?u=tony.he
Tony
Antonio Quartulli 于2020年11月26日周四 下午3:49写道:
>
Hi Tony,
On 26/11/2020 01:46, Tony He wrote:
>>OpenSSL directly talks to the crypto engine via a proprietary interface
>>that the FW/driver exposes to userspace. The *data* flow does not cross
>>the linux kernel crypto API
>
> No, OpenSSL doesn't directly talk to the crypto engine via a
>
>OpenSSL directly talks to the crypto engine via a proprietary interface
>that the FW/driver exposes to userspace. The *data* flow does not cross
>the linux kernel crypto API
No, OpenSSL doesn't directly talk to the crypto engine via a proprietary
interface that the FW/driver exposes to
21 matches
Mail list logo
