# Via Eden CPU and Padlock Support - How to enable it



## connchri (Aug 7, 2018)

I've got a small Via Eden CPU based computer running FreeBSD 11.2 release, and I can't for the life of me get hardware acceleration enabled with the openSSL library.

I have the Kernel module install and loaded at boot time.  I have tried building OpenSSL from ports - but it appears the mirrors are missing a file (1001-crypto-hmac-support-EVP_MD_CTX_FLAG_ONESHOT-and-set-.patch).  I have had a peak at the 'current' pkg package and noted that the libpadlock.so is contained within it, but I can't fathom out if it is installed along with the userland OpenSSL package.  I have tried to force the base OpenSSL to use libpadlock.so from this file, but I get a segmentation fault (no doubt due to the base version being compiled against different binaries).

Btw, I am new to FreeBSD - I've spent hours at this.  So, if you can tollerate a such a N00b, it would be greatly appreciated.

So, it is possible to get the required engine libraries for compiled against the base openSSL so I can enable padlock acceleration?  Or even instructions on how to compile it myself (sources for the version included with the base?) If not, is there a way to customise the installation of the package from PKG to ensure it's installation includes the additional engine libraries that are in the package (I don't think they are installed by default, either that or I am running openssl from the base install, in which case, how can I change that?).  Failing this, how can I compile a later version when such files are missing?

I know that the random number generator is percieved as unsafe, and compromised, however I wouldn't be using it for this use, I will be using it purely for it's hardware hashing and AES acceleration (randomness goes through Yammer as far as I am aware anyway).

I've spent hours on this, and I'm frustrated and tired.  Any pointers on where I can pick up from in the morning would be great.

Ideally I'd like to enable padlock support with the 'base' install of OpenSSL.  But if not, another local copy will suffice.

Cheers.

[Edit] Just to confirm that the hardware features of this ancient CPU are seen by FreeBSD - it's now just a matter of getting OpenSSL to play ball [/Edit]


----------



## SirDice (Aug 7, 2018)

All you need to do is kldload(8) padlock(4). OpenSSL uses crypto(4) and padlock(4) registers there. So you shouldn't need to do anything more for it to work.


----------



## connchri (Aug 7, 2018)

I'm afraid it doesn't. 

All tests show there's no acceleration.  It appears the the padlock engine for OpenSSL isn't compiled with the base binaries nor is support selected for compiliation by default. Some of the sources are missing the correct links for downloading certain source files to.  For example: https://git.alpinelinux.org/cgit/ap...upport-EVP_MD_CTX_FLAG_ONESHOT-and-set-.patch is actually kept here :https://git.alpinelinux.org/cgit/aports/plain/main/*openssl1.0*/1001-crypto-hmac-support-EVP_MD_CTX_FLAG_ONESHOT-and-set-.patch.

I downloaded the patches manually.  It's currently compiling, on a 1GHz Via Eden - I'll let you know in about 13 years how I get on...


----------



## SirDice (Aug 7, 2018)

connchri said:


> It appears the the padlock engine for OpenSSL isn't compiled with the base binaries nor is support selected for compiliation by default.


As far as I know this isn't relevant because OpenSSL uses crypto(4) and it's crypto(4) that uses aesni(4) or padlock(4). So there's no need for OpenSSL to access the hardware directly.

It's a little difficult for me to test as I don't have a VIA chipset. But aesni(4) works exactly the same way for Intel CPUs and that definitely works.


----------



## connchri (Aug 7, 2018)

aesni may work, but my understanding that the Via CPU predates those supported instructions by a good few years.  Hence the reliance on the padlock engine being compiled into OpenSSL.  I've gave up for now - I kept getting segmentation faults and I've a deadline for next week, so I'll revisit it after then.

P.S.  There's no difference in performance numbers when the kernel module is loaded or not, and the performance numbers are no where near the region of previous users of OpenSSL with Padlock. (See here: Actually - I can't find the link I was looking at).  

I'll update when I can.  It would just be nice to off-load some crypto to hardware since this is underpowered as it is.

Thanks for your input.  Please correct me if I'm wrong with any of the above.


----------



## SirDice (Aug 7, 2018)

connchri said:


> aesni may work, but my understanding that the Via CPU predates those supported instructions by a good few years.


padlock(4) was added in FreeBSD 6.0, aesni(4) in 9.0. So support for padlock has been around a lot longer.  



> Hence the reliance on the padlock engine being compiled into OpenSSL.


Again, that shouldn't matter. OpenSSL, simply talks to crypto(4), not directly to the hardware. And it's crypto(4) that eventually uses aesni(4) or padlock(4). This makes OpenSSL independent of the actual hardware.


----------



## connchri (Aug 7, 2018)

OK.  Thanks for your time with this.

Can you confirm the command needed to benchmark this - I might be getting this wrong.

I have been using a mixture of "openssl speed -evp -engine padlock/crypto/whatever" trying to test for differences with the aes-256 algothrim.  When I try -engine "insert anything here", I get error pertaining to not being able to load shared libraries.  But from what you are saying, these are no longer required as OpenSSL simply goes via cryto to get to padlock without additional flags.

As such, I've just did benchmark now with Padlock disabled with the command openssl speed.  I'll post the values once it has finished.  I'll then enable the Padlock module again, re-run, and see if there's any significant difference in the numbers. 

Btw, it is simply a case of enabling the padlock kernel module to enable padlock support, or do I need to tell crypto that is is there to be used?


----------



## SirDice (Aug 7, 2018)

connchri said:


> Btw, it is simply a case of enabling the padlock kernel module to enable padlock support, or do I need to tell crypto that is is there to be used?


Just loading it should be enough. At least that's the case for aesni(4), it should work the same for padlock(4):

```
The padlock driver registers itself to accelerate AES operations and, if
     available, HMAC/SHA1 and HMAC/SHA256 for crypto(4).  It also registers
     itself to accelerate other HMAC algorithms, although there is no hardware
     acceleration for those algorithms.  This is only needed so padlock can
     work with ipsec(4).
```

I just noticed the "_if available_". Are you sure your CPU actually has the hardware? And are you using the correct HMAC algorithms with OpenSSL? Any other HMAC algorithm is supported but not accelerated. This might be why you're not seeing any speed improvements.


----------



## connchri (Aug 7, 2018)

SirDice said:


> I just noticed the "_if available_". Are you sure your CPU actually has the hardware? And are you using the correct HMAC algorithms with OpenSSL? Any other HMAC algorithm is supported but not accelerated. This might be why you're not seeing any speed improvements.



I did wonder this, and checked.  It does indeed have support for AES, SHA1, and SHA256.  Here's the output from dmesg -a | grep Features


```
dmesg -a | grep Features
  Features=0xa7c9bbff<FPU,VME,DE,PSE,TSC,MSR,PAE,MCE,CX8,APIC,SEP,MTRR,PGE,CMOV,PAT,CLFLUSH,ACPI,MMX,FXSR,SSE,SSE2,TM,PBE>
  Features2=0x4181<SSE3,EST,TM2,xTPR>
  AMD Features=0x100000<NX>
  VIA Padlock Features=0xffcc<RNG,AES,AES-CTR,SHA1,SHA256,RSA>
```

I did the openssl speed and here are the results with the module disabled v enabled.  There's none amongst any algorithms.

Disabled (not loaded):


```
OpenSSL 1.0.2o-freebsd  27 Mar 2018
built on: date not available
options:bn(64,32) rc4(8x,mmx) des(ptr,risc1,16,long) aes(partial) idea(int) blowfish(idx)
compiler: clang
The 'numbers' are in 1000s of bytes per second processed.
type             16 bytes     64 bytes    256 bytes   1024 bytes   8192 bytes
md2                  0.00         0.00         0.00         0.00         0.00
mdc2              1163.89k     1247.20k     1273.26k     1274.79k     1281.90k
md4               6714.13k    21187.66k    51069.01k    79138.67k    94065.21k
md5               5698.88k    18736.41k    47676.58k    77566.49k    94883.81k
hmac(md5)         4500.62k    15337.14k    41731.59k    73418.51k    94073.42k
sha1              5140.92k    14234.87k    29639.40k    40605.40k    45676.19k
rmd160            3986.39k    10200.95k    19358.07k    25026.52k    27381.01k
rc4              38104.05k    44952.99k    47069.17k    47671.44k    47904.24k
des cbc          10563.53k    10899.20k    10980.10k    11047.89k    11019.63k
des ede3          3697.86k     3747.39k     3748.27k     3763.84k     3758.32k
idea cbc          7677.65k     8081.96k     8176.00k     8199.47k     8261.68k
seed cbc         12631.11k    13513.51k    13745.96k    13828.10k    13812.18k
rc2 cbc           5569.31k     5787.82k     5833.56k     5855.61k     5839.72k
rc5-32/12 cbc    36404.11k    40774.05k    42274.32k    42572.39k    42793.98k
blowfish cbc     19308.36k    20419.67k    20765.52k    20868.58k    20891.92k
cast cbc          9026.19k     9431.52k     9582.67k     9616.64k     9604.19k
aes-128 cbc       8994.57k     9414.32k     9597.25k    15322.18k    15423.95k
aes-192 cbc       7527.61k     7888.53k     8012.16k    12993.51k    13049.56k
aes-256 cbc       6533.67k     6775.89k     6854.26k    11142.84k    11226.90k
camellia-128 cbc    12232.63k    15313.54k    16382.71k    16682.51k    16730.67k
camellia-192 cbc     9921.51k    11810.90k    12476.20k    12635.20k    12689.97k
camellia-256 cbc     9916.98k    11843.17k    12478.17k    12618.86k    12704.65k
sha256            3854.06k     8421.44k    16251.72k    20262.63k    21841.67k
sha512            2331.83k     9300.24k    13537.01k    18664.72k    20941.40k
whirlpool         2734.07k     5909.82k    10040.30k    12204.49k    12968.94k
aes-128 ige       8475.77k     8961.68k     9146.28k     9151.77k     9200.50k
aes-192 ige       7217.75k     7562.74k     7676.80k     7696.84k     7716.09k
aes-256 ige       6278.22k     6535.67k     6607.05k     6613.49k     6643.73k
ghash            18960.93k    28677.79k    32798.11k    34072.54k    34415.86k
                  sign    verify    sign/s verify/s
rsa  512 bits 0.001620s 0.000121s    617.2   8258.8
rsa 1024 bits 0.009049s 0.000393s    110.5   2546.8
rsa 2048 bits 0.059723s 0.001448s     16.7    690.4
rsa 4096 bits 0.402500s 0.005603s      2.5    178.5
                  sign    verify    sign/s verify/s
dsa  512 bits 0.001871s 0.001515s    534.5    660.2
dsa 1024 bits 0.005510s 0.004728s    181.5    211.5
dsa 2048 bits 0.019356s 0.017360s     51.7     57.6
                              sign    verify    sign/s verify/s
160 bit ecdsa (secp160r1)   0.0017s   0.0042s    590.5    238.9
192 bit ecdsa (nistp192)   0.0014s   0.0058s    695.1    173.9
224 bit ecdsa (nistp224)   0.0019s   0.0075s    532.2    134.0
256 bit ecdsa (nistp256)   0.0025s   0.0097s    407.1    102.7
384 bit ecdsa (nistp384)   0.0058s   0.0224s    173.5     44.6
521 bit ecdsa (nistp521)   0.0128s   0.0494s     78.0     20.2
163 bit ecdsa (nistk163)   0.0043s   0.0158s    231.0     63.1
233 bit ecdsa (nistk233)   0.0094s   0.0302s    106.8     33.2
283 bit ecdsa (nistk283)   0.0144s   0.0547s     69.4     18.3
409 bit ecdsa (nistk409)   0.0383s   0.1222s     26.1      8.2
571 bit ecdsa (nistk571)   0.0961s   0.2806s     10.4      3.6
163 bit ecdsa (nistb163)   0.0043s   0.0171s    230.9     58.3
233 bit ecdsa (nistb233)   0.0093s   0.0332s    107.7     30.1
283 bit ecdsa (nistb283)   0.0145s   0.0604s     69.2     16.6
409 bit ecdsa (nistb409)   0.0382s   0.1381s     26.2      7.2
571 bit ecdsa (nistb571)   0.0959s   0.3221s     10.4      3.1
                              op      op/s
160 bit ecdh (secp160r1)   0.0036s    281.0
192 bit ecdh (nistp192)   0.0049s    203.5
224 bit ecdh (nistp224)   0.0065s    154.8
256 bit ecdh (nistp256)   0.0084s    119.1
384 bit ecdh (nistp384)   0.0191s     52.3
521 bit ecdh (nistp521)   0.0414s     24.2
163 bit ecdh (nistk163)   0.0078s    127.6
233 bit ecdh (nistk233)   0.0148s     67.6
283 bit ecdh (nistk283)   0.0273s     36.7
409 bit ecdh (nistk409)   0.0612s     16.3
571 bit ecdh (nistk571)   0.1421s      7.0
163 bit ecdh (nistb163)   0.0085s    117.4
233 bit ecdh (nistb233)   0.0165s     60.7
283 bit ecdh (nistb283)   0.0306s     32.7
409 bit ecdh (nistb409)   0.0697s     14.4
571 bit ecdh (nistb571)   0.1612s      6.2
```


Loaded into kernel:

```
OpenSSL 1.0.2o-freebsd  27 Mar 2018
built on: date not available
options:bn(64,32) rc4(8x,mmx) des(ptr,risc1,16,long) aes(partial) idea(int) blowfish(idx)
compiler: clang
The 'numbers' are in 1000s of bytes per second processed.
type             16 bytes     64 bytes    256 bytes   1024 bytes   8192 bytes
md2                  0.00         0.00         0.00         0.00         0.00
mdc2              1161.26k     1248.38k     1268.28k     1278.81k     1278.82k
md4               6731.44k    21124.49k    51140.21k    79066.61k    94165.97k
md5               5716.10k    18736.00k    47621.11k    77739.99k    94986.71k
hmac(md5)         4500.72k    15299.13k    41893.93k    73372.87k    94149.50k
sha1              5143.29k    14229.20k    29594.21k    40670.06k    45625.57k
rmd160            3979.13k    10203.95k    19446.73k    25222.54k    27318.46k
rc4              38054.32k    45046.11k    47069.00k    47677.18k    47942.45k
des cbc          10546.88k    10901.34k    10982.41k    11033.72k    11040.24k
des ede3          3691.04k     3746.49k     3757.74k     3770.76k     3756.26k
idea cbc          7671.94k     8088.63k     8189.07k     8198.26k     8207.82k
seed cbc         12610.27k    13516.91k    13740.69k    13842.04k    13812.18k
rc2 cbc           5575.03k     5788.38k     5824.23k     5856.96k     5842.46k
rc5-32/12 cbc    36446.05k    40743.58k    42234.61k    42578.98k    42799.47k
blowfish cbc     19259.33k    20412.60k    20778.69k    20834.61k    20900.15k
cast cbc          9034.40k     9449.34k     9560.98k     9604.97k     9629.33k
aes-128 cbc       8994.29k     9424.60k     9609.34k    15317.24k    15381.89k
aes-192 cbc       7556.24k     7868.10k     8021.55k    12985.05k    13066.03k
aes-256 cbc       6515.79k     6792.54k     6841.41k    11167.54k    11218.67k
camellia-128 cbc    12228.23k    15332.49k    16344.90k    16673.59k    16771.73k
camellia-192 cbc     9918.38k    11808.09k    12495.36k    12642.08k    12671.68k
camellia-256 cbc     9924.60k    11826.89k    12467.88k    12642.61k    12703.69k
sha256            3853.45k     8441.77k    16197.49k    20239.30k    21838.93k
sha512            2332.45k     9285.03k    13556.86k    18653.40k    20960.54k
whirlpool         2734.51k     5893.75k    10039.27k    12183.52k    12998.97k
aes-128 ige       8468.03k     8967.97k     9130.78k     9170.92k     9163.40k
aes-192 ige       7217.53k     7545.58k     7684.35k     7714.03k     7716.52k
aes-256 ige       6277.70k     6528.22k     6605.63k     6624.61k     6619.66k
ghash            19009.21k    28666.77k    32839.47k    34081.46k    34446.84k
                  sign    verify    sign/s verify/s
rsa  512 bits 0.001621s 0.000121s    616.9   8256.2
rsa 1024 bits 0.009054s 0.000393s    110.4   2546.2
rsa 2048 bits 0.059740s 0.001447s     16.7    691.1
rsa 4096 bits 0.402187s 0.005601s      2.5    178.5
                  sign    verify    sign/s verify/s
dsa  512 bits 0.001872s 0.001532s    534.1    652.9
dsa 1024 bits 0.005510s 0.004863s    181.5    205.7
dsa 2048 bits 0.019371s 0.017571s     51.6     56.9
                              sign    verify    sign/s verify/s
160 bit ecdsa (secp160r1)   0.0017s   0.0043s    588.6    234.8
192 bit ecdsa (nistp192)   0.0014s   0.0057s    693.7    176.1
224 bit ecdsa (nistp224)   0.0019s   0.0075s    530.3    132.5
256 bit ecdsa (nistp256)   0.0025s   0.0100s    406.7    100.4
384 bit ecdsa (nistp384)   0.0058s   0.0226s    173.8     44.2
521 bit ecdsa (nistp521)   0.0128s   0.0491s     77.8     20.4
163 bit ecdsa (nistk163)   0.0043s   0.0156s    230.6     63.9
233 bit ecdsa (nistk233)   0.0094s   0.0301s    106.7     33.2
283 bit ecdsa (nistk283)   0.0144s   0.0546s     69.4     18.3
409 bit ecdsa (nistk409)   0.0381s   0.1222s     26.3      8.2
571 bit ecdsa (nistk571)   0.0958s   0.2817s     10.4      3.6
163 bit ecdsa (nistb163)   0.0043s   0.0170s    230.8     58.9
233 bit ecdsa (nistb233)   0.0093s   0.0331s    107.5     30.2
283 bit ecdsa (nistb283)   0.0145s   0.0612s     69.2     16.3
409 bit ecdsa (nistb409)   0.0382s   0.1386s     26.2      7.2
571 bit ecdsa (nistb571)   0.0959s   0.3233s     10.4      3.1
                              op      op/s
160 bit ecdh (secp160r1)   0.0036s    278.5
192 bit ecdh (nistp192)   0.0048s    207.3
224 bit ecdh (nistp224)   0.0064s    156.2
256 bit ecdh (nistp256)   0.0082s    122.4
384 bit ecdh (nistp384)   0.0190s     52.7
521 bit ecdh (nistp521)   0.0411s     24.3
163 bit ecdh (nistk163)   0.0078s    127.8
233 bit ecdh (nistk233)   0.0149s     67.0
283 bit ecdh (nistk283)   0.0274s     36.6
409 bit ecdh (nistk409)   0.0611s     16.4
571 bit ecdh (nistk571)   0.1421s      7.0
163 bit ecdh (nistb163)   0.0082s    121.8
233 bit ecdh (nistb233)   0.0165s     60.5
283 bit ecdh (nistb283)   0.0305s     32.8
409 bit ecdh (nistb409)   0.0696s     14.4
571 bit ecdh (nistb571)   0.1624s      6.2
```

At a loss so I am.

[edit] Just thought I'd repeat, I've used every itteration of the "openssl" command I can think of.  Mainly using "openssl speed -evp aes-128-cbc" as it's far quicker and has been confimed on other platforms to work with this CPU.


----------



## connchri (Aug 7, 2018)

Is there a way of getting hold of the original base package - so I can extract the libpadlock.so library from it.  I have a sneaky suspicion that's the issue.  The current openssl package has a slightly different revision number and isn't compiled against the base version.

Here's a comes a bit of ignorance - is there a way of configuring optional options in a package, as the package file available to pkg does contain the libpadlock.so but I don't think it installs it.  Course, this package is also different from the base version so the library isn't compiled against openssl in base.


----------



## SirDice (Aug 8, 2018)

connchri said:


> is there a way of configuring optional options in a package,


No, once a package has been created you cannot change any of its options. You will need to build from ports for that.


----------



## connchri (Aug 8, 2018)

Yeah, tried that.  Still no game.

The port has incorrect links to some sources too, as said above.  Once I copied the correct ones, I can get compiling.  But, once I try to get hardware accelerated crypto, I get segmentation faults.  If I was competent enough I would file a bug, but considering the amount of people using this setup will be slim to none, and that operator error can't be ruled out, I see no point.

Thanks for your time.  I may just 'upgrade' to a core 2 duo system.  I want to throw more hard drives onto this anyway.


----------



## Phishfry (Aug 10, 2018)

Did you happen to catch this github shown on HackerNews today.
Via C3 had some funny business going on there.
https://github.com/xoreaxeaxeax/rosenbridge


----------



## connchri (Aug 10, 2018)

Phishfry said:


> Did you happen to catch this github shown on HackerNews today.
> Via C3 had some funny business going on there.
> https://github.com/xoreaxeaxeax/rosenbridge



I didn't. Interesting.  I don't know enough about the exploit, or the techinicalities involved, but as I was only getting 5MB/s network transfer with the poor wee Eden CPU, I was going to fire it on the Spare C2D I have in a couple of weeks time.  It can sit as it is for now.  Although I'd really like to get the 8 Core Xeon xw6600 up and running, but I can't justify the electricity and noise level - I may have to do some modding to get it quiet enough.  It's got plenty of ECC Ram, a couple of nice hard drives, and a 4 x 1Gbps NIC that can be used with LACP and my procurve switch.  Not that I'm going to be requiring such bandwidth...


----------

