Re: [tor-relays] hardware accelerated crypto
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 On 10/01/2013 10:02 PM, Gordon Morehouse wrote: I'm interested if there are any hardware accelerators in either the Raspberry Pi (which needs all the help it can get) or the Cubieboard 2 (A20-based). To the best of my knowledge, no. http://www.raspberrypi.org/phpBB3/viewtopic.php?f=7t=2723 http://www.raspberrypi.org/phpBB3/viewtopic.php?f=2t=659 The RasPi is nice but it's also not terribly powerful. It definitely has its limits. For example, I found out the hard way last weekend that trying to run an Etherpad-Lite on a RasPi is a great way to run one into the ground... - -- The Doctor [412/724/301/703] [ZS] Developer, Project Byzantium: http://project-byzantium.org/ PGP: 0x807B17C1 / 7960 1CDC 85C9 0B63 8D9F DD89 3BD8 FF2B 807B 17C1 WWW: https://drwho.virtadpt.net/ Meeble! Meeble meeble meeble! -BEGIN PGP SIGNATURE- Version: GnuPG v2.0.20 (GNU/Linux) Comment: Using GnuPG with Thunderbird - http://www.enigmail.net/ iEYEARECAAYFAlJMVucACgkQO9j/K4B7F8HS5QCg4l1g+ZO9zwUkYt6AAAYzwn+J STwAoNijC841qjr7Toqfo2Zyf/edcmQz =aaLU -END PGP SIGNATURE- ___ tor-relays mailing list tor-relays@lists.torproject.org https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays
Re: [tor-relays] hardware accelerated crypto
The RasPi is nice but it's also not terribly powerful. It definitely has its limits. For example, I found out the hard way last weekend that trying to run an Etherpad-Lite on a RasPi is a great way to run one into the ground... I have a RasPi Model B Rev 2 running etherpad-lite and a Tor-Relay. Slow as shit, but it works. :-) ___ tor-relays mailing list tor-relays@lists.torproject.org https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays
Re: [tor-relays] hardware accelerated crypto
Happily, it DOES appear that there may be some hope for the Allwinner A20 based Cubieboard 2 (I haven't checked for the original Cubieboard yet): The Security System (SS) is one encrypt/ decrypt function accelerator that is suitable for a variety of applications. It supports both encryption and decryption. Several modes are supported by the SS module. It features: AES, DES, 3DES, SHA-1, MD5 are supported by this system ECB, CBC, CNT modes for AES/DES/3DES 128-bit, 192-bit and 256-bit key size for AES 160-bit hardware PRNG with 192-bit seed 32-word RX FIFO and 32-word TX FIFO for high speed application Support CPU mode and DMA mode Interrupt support http://dl.linux-sunxi.org/A20/A20%20User%20Manual%202013-03-22.pdf So, it may be a little help, anyway. The Cubieboard 2 is great for small Tor relays - it'd definitely be more capable than a Raspberry Pi model B as it has double the RAM and 2 more powerful cores with ARMv7 instead of ARMv6. It's also almost double the price (for considerably more than double the computer), but I don't expect that to last long. Best, -Gordon M. On Tue, 01 Oct 2013 19:02:37 -0700, Gordon Morehouse gor...@morehouse.me wrote: -BEGIN PGP SIGNED MESSAGE- Hash: SHA512 I'm interested if there are any hardware accelerators in either the Raspberry Pi (which needs all the help it can get) or the Cubieboard 2 (A20-based). Best, - -Gordon M. Joshua Datko: I was looking into this for the BeagleBone black [1], which has on-chip accelerators for AES, SHA (1 I think), and md5. The TI processor also has a HWRNG. My belief was that by using the cryptodev kernel module [2] I could get this working, but I ran in some issues building the kernel and then I was caught up in other things. I'm not sure if my approach was flawed or what, but maybe it helps someone here. Josh [1] http://datko.net/2013/09/22/quest_bbb_crypto/ [2] http://cryptodev-linux.org/ On Tue, Oct 1, 2013 at 2:35 PM, jason ja...@piratar.is wrote: I would love to do all this actually but I never managed to get the hw accelerated crypto (ssl/tls) bits working to experiment with. I'd be up for restarting this if I knew I could consult with one or two others who had a genuine interest in this. -Jason On 10/01/2013 08:26 PM, Jeroen Massar wrote: On 2013-10-01 21:20, Andy Isaacson wrote: On Tue, Oct 01, 2013 at 06:45:52PM +, jason wrote: I'm not sure why I missed this first post but I'm very interested in working on this project with whomever is interested. I bought a pogoplug v2 specifically to test it's usefulness as a tor exit or relay. First step is, run openssl speed rsa and post the output to the list. While you're at it you may as well post the AES and SHA results as well. Heck, just run the whole openssl speed test (should take less than 20 minutes) and post the whole thing. :) Also details on what CPU/RAM it has, and information about the kernel and OpenSSL package you are testing, would be useful. dmesg output and the contents of /proc/cpuinfo may be helpful. Maybe a good idea to put the output in the wiki somewhere? Greets, Jeroen ___ tor-relays mailing list tor-relays@lists.torproject.org https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays ___ tor-relays mailing list tor-relays@lists.torproject.org https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays ___ tor-relays mailing list tor-relays@lists.torproject.org https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays - -- Sent from my thing that sends email. -BEGIN PGP SIGNATURE- iQEcBAEBCgAGBQJSS366AAoJED/jpRoe7/ujyREIAKb2xTXWR8xLdVpj2K8Dub9W jSuMtWycMgSW5nkJAOCwA+uJuX47/v7tzejNut1E76oRaAHwEn1fufiWGdT+Dbju f4BycdI5Pl3NTRuYcFBas32+lbFeyw+gLClczUjfE+fe/pmHiaXAXra6Alai40z8 77B/xGQwrpVyla4S8JHP4CY/p6FHuI5JDs+ghvVESUEK2DHJdNt5R2oLSBy4ZNQw BTzAf6qvflFUWhpWOkIkzIzo0c5FsJ/nYiVWpWyAjdV1NgufPdZ8ZKIoNx92iJBP aD1G7h9fQh3E2AU/6VHPvPdekQ5NPzehXtH8ywNFMw16oFbXkZ6/eUYUpJ50YZ8= =3Yig -END PGP SIGNATURE- ___ tor-relays mailing list tor-relays@lists.torproject.org https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays ___ tor-relays mailing list tor-relays@lists.torproject.org https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays
Re: [tor-relays] hardware accelerated crypto
On Fri, Sep 13, 2013 at 12:25:47AM +0200, Sarah Vigote wrote: I would like to run a 100Mb/s tor exit node, but I have issues wrt power consumption. reading http://ortizaudio.blogspot.fr/2011/10/using-dreamplugs-crypto-chip.html it seems dreamplugs has *fast* aes-128-ecb. Does anyone have any experience running a node based on cheap crypto chip (dreamplug, marvell 88F6282, sheeva-core, padlock, ...) ? What performance can I expect out of these ? Unfortunately AES is not the primary CPU consumer on Tor nodes right now; we spend a lot more time doing bignum computation for TAP circuits. Crypto accelerators don't work very well for bignums. It's not a perfect equivalence, but openssl speed rsa should give a reasonable estimate of how well your chip will do for TAP circuit creation. Here's a dual-core Westmere at 2.1 GHz (should be fairly close to a modern Xeon core): signverifysign/s verify/s rsa 512 bits 0.000105s 0.07s 9548.7 137778.7 rsa 1024 bits 0.000340s 0.21s 2941.1 48539.0 rsa 2048 bits 0.002205s 0.70s453.4 14362.8 rsa 4096 bits 0.016398s 0.000260s 61.0 3840.3 A single Xeon core can currently handle most of a 100 Mbps exit node's traffic, so you should look for a dual-core chip that delivers at least 1500 sign/s on rsa-1024. Unfortunately I doubt there are any ARM chips that can compete. -andy ___ tor-relays mailing list tor-relays@lists.torproject.org https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays
Re: [tor-relays] hardware accelerated crypto
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 I'm not sure why I missed this first post but I'm very interested in working on this project with whomever is interested. I bought a pogoplug v2 specifically to test it's usefulness as a tor exit or relay. - -Jason On 10/01/2013 06:39 PM, Andy Isaacson wrote: On Fri, Sep 13, 2013 at 12:25:47AM +0200, Sarah Vigote wrote: I would like to run a 100Mb/s tor exit node, but I have issues wrt power consumption. reading http://ortizaudio.blogspot.fr/2011/10/using-dreamplugs-crypto-chip.html it seems dreamplugs has *fast* aes-128-ecb. Does anyone have any experience running a node based on cheap crypto chip (dreamplug, marvell 88F6282, sheeva-core, padlock, ...) ? What performance can I expect out of these ? Unfortunately AES is not the primary CPU consumer on Tor nodes right now; we spend a lot more time doing bignum computation for TAP circuits. Crypto accelerators don't work very well for bignums. It's not a perfect equivalence, but openssl speed rsa should give a reasonable estimate of how well your chip will do for TAP circuit creation. Here's a dual-core Westmere at 2.1 GHz (should be fairly close to a modern Xeon core): signverifysign/s verify/s rsa 512 bits 0.000105s 0.07s 9548.7 137778.7 rsa 1024 bits 0.000340s 0.21s 2941.1 48539.0 rsa 2048 bits 0.002205s 0.70s453.4 14362.8 rsa 4096 bits 0.016398s 0.000260s 61.0 3840.3 A single Xeon core can currently handle most of a 100 Mbps exit node's traffic, so you should look for a dual-core chip that delivers at least 1500 sign/s on rsa-1024. Unfortunately I doubt there are any ARM chips that can compete. -andy ___ tor-relays mailing list tor-relays@lists.torproject.org https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.11 (GNU/Linux) Comment: Using GnuPG with Thunderbird - http://www.enigmail.net/ iQIcBAEBAgAGBQJSSxhfAAoJEOXtwcWdKrpuG4cP/04KspbxenNkcLXvXWPdiUTi UJlg2EOphyHlMp8lUPQPcHprYAWEQUjTpUevxZXNhjhr6oGrw/OVem1Ht74DpjA/ 9rg+0z4m/YiRCUCSLtl5aLqE65z8bN9NM00qyppDLCEsu/ogR3qXDibUNjIAjmfg 8qRcoA28xJ3hn0eo21AB1aZ/clkUF5REAPoLeG2K7Nmz1sBznky0NxtdgHx+bPP/ utQg5n797pIUx3PjWsV/PnebeJ2VPFCkM6ZI06jINcYHXVLGn1B/2NklGSUrwNLf 4W7vIWptENHjcsM4XBLcnPt8DzrtNEPKOemKLRledWFOE2Kha/nBqMRoExXjEgbA 1VNE1gbwNIsUEbr1uEuAu2cbfvHXw1wPMWvn9dV+4Kh4srhARiq+4xZ7qRAGxrbr uf2klMY+brrwf6nLJsbPxAdKWZCLNCe1CIrpb9mX/SJVCb8qWGMXSxnDbpqfZsYU CxJy2JQ9VeVaPCNypjm2PQprBz2vt/QGlaXELiL446QVveSZIv6e4QCGSSmHPvww TeqCRkvgGj5tE43On2cj0YBmuLjJXnsA2K3+KrZtshVp1qBQIf3FevhHCzKljdW4 QYn7v/kBWRlko/79iJMp9FP7jL6gsfiHj9NkEjAer04Esnyych5aXpNEv2GXDKyr 8omA70GBANyUybmIk7aW =hL5v -END PGP SIGNATURE- ___ tor-relays mailing list tor-relays@lists.torproject.org https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays
Re: [tor-relays] hardware accelerated crypto
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 I would love to do all this actually but I never managed to get the hw accelerated crypto (ssl/tls) bits working to experiment with. I'd be up for restarting this if I knew I could consult with one or two others who had a genuine interest in this. - -Jason On 10/01/2013 08:26 PM, Jeroen Massar wrote: On 2013-10-01 21:20, Andy Isaacson wrote: On Tue, Oct 01, 2013 at 06:45:52PM +, jason wrote: I'm not sure why I missed this first post but I'm very interested in working on this project with whomever is interested. I bought a pogoplug v2 specifically to test it's usefulness as a tor exit or relay. First step is, run openssl speed rsa and post the output to the list. While you're at it you may as well post the AES and SHA results as well. Heck, just run the whole openssl speed test (should take less than 20 minutes) and post the whole thing. :) Also details on what CPU/RAM it has, and information about the kernel and OpenSSL package you are testing, would be useful. dmesg output and the contents of /proc/cpuinfo may be helpful. Maybe a good idea to put the output in the wiki somewhere? Greets, Jeroen ___ tor-relays mailing list tor-relays@lists.torproject.org https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.11 (GNU/Linux) Comment: Using GnuPG with Thunderbird - http://www.enigmail.net/ iQIcBAEBAgAGBQJSSzIUAAoJEOXtwcWdKrpuw1oP/RW+ZvMVTDAL0PrKniMB+skZ gZf/G2grWaGHzOyo3rC0er8iZdfFY1lN6SB/NWUR7K1xAIvnARRv5Y/N62f9T5O4 a3bOu61T0XtZ3CeGVtA9Op9QmCOC/UOMebVh4Fa1/Ksb7eEpcne7JcCpW4wnGLHO iL+nHDEhyfCjYtBQHa471RaIha+D25yKMIaEhjol9daEbW3PdryzHH7F7mVOYwiT W+cCeu5NnHRp9FIwOXTPWwaTLro4XsORLcuJzXjF2Gz6k/HXF1yi1eBv9ljvsa5y /ZrpzYqk6gE6zr51GolIypIMm4bLnuzs5ld4XsXT2rdJUSgBKpzydqdn0UZplVKa 4Tes7s/8WQCK0CGQvguhQYxUTzF9J/5PtWRBtb9UBM7Zzz1YLFEesQH4kGtevviO K8wInsAXcJjAYiPY51eoMXCz38qqHlhy9v/20cg8erJrC7K/r4OlmtDGBegrNI7G joHi+HsthFHcGs7AZb2dxSozO9+jt26gtG4u7XDdoEzF5hOJZBopjilERuNRUxSZ QHhUdPMh7UFOmYDNkrisF6qPImuuKtQf5NLQ0NaeOrXCwzgJTc4vMk9brAE2kZ0P lv389MO7d7AnvtMwr/fIjoZHTCgGuCQU0iA5baeid/FlfWsaHudkAI+7w77qRLCN dj7XKgeHH8XghTToTxaB =TTnt -END PGP SIGNATURE- ___ tor-relays mailing list tor-relays@lists.torproject.org https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays
Re: [tor-relays] hardware accelerated crypto
On 2013-10-01 21:20, Andy Isaacson wrote: On Tue, Oct 01, 2013 at 06:45:52PM +, jason wrote: I'm not sure why I missed this first post but I'm very interested in working on this project with whomever is interested. I bought a pogoplug v2 specifically to test it's usefulness as a tor exit or relay. First step is, run openssl speed rsa and post the output to the list. While you're at it you may as well post the AES and SHA results as well. Heck, just run the whole openssl speed test (should take less than 20 minutes) and post the whole thing. :) Also details on what CPU/RAM it has, and information about the kernel and OpenSSL package you are testing, would be useful. dmesg output and the contents of /proc/cpuinfo may be helpful. Maybe a good idea to put the output in the wiki somewhere? Greets, Jeroen ___ tor-relays mailing list tor-relays@lists.torproject.org https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays
Re: [tor-relays] hardware accelerated crypto
Am Fri, 13 Sep 2013 00:25:47 +0200 schrieb Sarah Vigote pixe...@riseup.net: I once meassured the performance of the padlock crypto chip on a VIA Esther C7 1500 MHz processor. Result: AES-128 cbc with padlock is about 14 times faster compared to the C7 with padlock disabled. regards, Fabian hi, I would like to run a 100Mb/s tor exit node, but I have issues wrt power consumption. reading http://ortizaudio.blogspot.fr/2011/10/using-dreamplugs-crypto-chip.html it seems dreamplugs has *fast* aes-128-ecb. Does anyone have any experience running a node based on cheap crypto chip (dreamplug, marvell 88F6282, sheeva-core, padlock, ...) ? What performance can I expect out of these ? regards, sv ___ tor-relays mailing list tor-relays@lists.torproject.org https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays ___ tor-relays mailing list tor-relays@lists.torproject.org https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays
[tor-relays] hardware accelerated crypto
hi, I would like to run a 100Mb/s tor exit node, but I have issues wrt power consumption. reading http://ortizaudio.blogspot.fr/2011/10/using-dreamplugs-crypto-chip.html it seems dreamplugs has *fast* aes-128-ecb. Does anyone have any experience running a node based on cheap crypto chip (dreamplug, marvell 88F6282, sheeva-core, padlock, ...) ? What performance can I expect out of these ? regards, sv ___ tor-relays mailing list tor-relays@lists.torproject.org https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays
