• State Resolved
  • Locked Locked
  • Replies 13 replies
  • Answers 1 answer
  • Subscribers 98 subscribers
  • Views 635 views
  • Users 0 members are here
Support feedback
Options
Options
Related

This thread has been locked.

If you have a related question, please click the "Ask a related question" button in the top right corner. The newly created question will be automatically linked to this question.

AM5708: SHA2 cryptographic support

stef boerrigter
Expert 1050 points
Part Number: AM5708

Hi,

According to the AM5708 (and 5706) Datasheet http://www.ti.com/lit/ds/symlink/am5708.pdf there is support for hardware accelerated crypto support for the following algorithms:

Supports cryptographic cores – AES – 128/192/256-bits key sizes – 3DES – 56/112/168-bits key sizes – MD5, SHA1 – SHA2 – 224/256/384/512

According to the SDK documentation the software support for linux is limited to AES, DES and DES3DES only for the AM57X / DRA7, no mention of SHA algorithms:

* AM335X     : MD5, SHA1, SHA224, SHA256, AES, DES
* AM437X     : MD5, SHA1, SAH224, SHA256, SHA384, SHA512, AES, DES, DES3DES
* AM57x/DRA7 : AES, DES, DES3DES

http://software-dl.ti.com/processor-sdk-linux/esd/docs/latest/linux/Foundational_Components_Kernel_Drivers.html#crypto

Question:

Is there SHA support (expected) for Linux for the AM57xx family?

I have tested the following using cryptodev examples: :

root@:~# ./aes-example
Got cbc(aes) with driver cbc-aes-omap
Got cbc(aes) with driver cbc-aes-omap

AES Test passed
root@:~# ./sha-example
Got sha1 with driver sha1-generic
Note: This is not an accelerated cipher
digest: 2f:d4:e1:c6:7a:2d:28:fc:ed:84:9e:e1:bb:76:e7:39:1b:93:eb:12:

Note: meassured using: time -v openssl speed -evp sha256 -engine cryptodev
using sha1 iso sha256 seems to have hardware support though

  • 0
    TI__Guru**** 168211 points

    Hi,

    I am not sure how the cryptodev example works, but yes, Linux kernel does have a driver to support sha2 hw acceleration on AM57x. Please check the kernel driver drivers/crypto/omap-sham.c:

    $ grep '.cra_driver_name' drivers/crypto/omap-sham.c                    
                .cra_driver_name        = "omap-sha1",                                    
                .cra_driver_name        = "omap-md5",                                     
                .cra_driver_name        = "omap-hmac-sha1",                               
                .cra_driver_name        = "omap-hmac-md5",                                
                .cra_driver_name        = "omap-sha224",                                  
                .cra_driver_name        = "omap-sha256",                                  
                .cra_driver_name        = "omap-hmac-sha224",                             
                .cra_driver_name        = "omap-hmac-sha256",                             
                .cra_driver_name        = "omap-sha384",                                  
                .cra_driver_name        = "omap-sha512",                                  
                .cra_driver_name        = "omap-hmac-sha384",                             
                .cra_driver_name        = "omap-hmac-sha512",
  • 0 in reply to Bin Liu
    Expert 1050 points

    Hi,

    Yes i have seen these, but how do we do an accelerated sha2 (sha256 / sha512) operation on this driver? 

    Best Regards,

    Stef

  • 0 in reply to stef boerrigter
    TI__Guru**** 168211 points

    Hi Stef,

    The hw accelerated sha2 along with other crypto algs implemented in the omap crypto drivers can be used in user space applications via cryptodev interface, like "openssl ... -engine cryptodev".

  • 0 in reply to Bin Liu
    Expert 1050 points

    Hi Bin Liu,

    Please read my opening post, i tried this but it doesnt work accelerated, also the example from cryptodev mentions SHAX is not accelerated

    Best Regards,

    Stef

  • 0
    TI__Guru**** 168211 points

    stef boerrigter said:
    Note: meassured using: time -v openssl speed -evp sha256 -engine cryptodev
    using sha1 iso sha256 seems to have hardware support though

    As you see, SHA2 is accelerated in openssl with cryptodev engine. But we don't provide support for open source packages, so if cryptodev examples behavior differently, please study the source code or ask for the open source community for support.

  • 0 in reply to Bin Liu
    Expert 1050 points

    Can you provide an (working) accelerated example with SHA256 then from linux userspace?

  • 0 in reply to stef boerrigter
    TI__Guru**** 168211 points

    We don't have any other user space program examples, openssl with cryptodev engine is the example provided in the Processor SDK Linux package.

  • 0 in reply to Bin Liu
    Expert 1050 points

    And you can confirm it works with the AM57EVM with Processor SDK with example using openssl -cryptodev?

  • 0 in reply to stef boerrigter
    TI__Guru**** 168211 points

    I thought you have confirmed it in your test. But anyway, please check the following test log. The sham interrupt count increases in both SHA1 and SHA256 test. The test was done with Processor SDK v6.0.0.7 release.

    root@am57xx-evm:~# uname -a                                                        
Linux am57xx-evm 4.19.38-g4dae378bbe #1 SMP PREEMPT Sun Jul 7 03:51:33 UTC 2019 armv7l GNU/Linux
root@am57xx-evm:~# 
root@am57xx-evm:~# grep sham /proc/interrupts                                      
 95:          0          0      CBAR  46 Level     4b101000.sham
root@am57xx-evm:~#
root@am57xx-evm:~# openssl speed -evp sha1 -engine cryptodev -elapsed              
engine "cryptodev" set.                                                            
[...]                                                                              
The 'numbers' are in 1000s of bytes per second processed.                          
type             16 bytes     64 bytes    256 bytes   1024 bytes   8192 bytes   
sha1               766.45k     3035.07k     3528.70k    12151.47k    46205.61k  
root@am57xx-evm:~#                                                                 
root@am57xx-evm:~# grep sham /proc/interrupts                                      
 95:     187746          0      CBAR  46 Level     4b101000.sham                   
root@am57xx-evm:~#                                                                 
root@am57xx-evm:~# openssl speed -evp sha256 -engine cryptodev -elapsed            
engine "cryptodev" set.                                                            
[...]                                                                              
The 'numbers' are in 1000s of bytes per second processed.                          
type             16 bytes     64 bytes    256 bytes   1024 bytes   8192 bytes   
sha256             775.26k     2936.53k     3822.76k    12179.80k    46604.29k  
root@am57xx-evm:~#
root@am57xx-evm:~# grep sham /proc/interrupts                                      
 95:     382842          0      CBAR  46 Level     4b101000.sham
  • 0 in reply to Bin Liu
    Expert 1050 points

    Thanks, then i must dig in to see what my setup is different compared to SDK, 

  • 0 in reply to stef boerrigter
    TI__Guru**** 168211 points

    Sounds good. Please let us know when you need any further assistance.

  • 0 in reply to Bin Liu
    Expert 1050 points

    Hi Bin Liu,

    Could you share which version of openssl you are using in the provided example?

    i see in the SDK that there are 2 versions of openssl installed (openssl10 -> openssl.

    Also could you share the output of the following 3 command's on the TI SDK?:

    openssl engine
    openssl10 engine
    lsmod

    i can reproduce the mentioned interrupts and hw acceleration only with openssl10:

    root@wa55-hs:~# openssl version
    OpenSSL 1.1.1b 26 Feb 2019
    root@wa55-hs:~# openssl10 version
    OpenSSL 1.0.2r 26 Feb 2019
    root@wa55-hs:~# openssl engine
    (dynamic) Dynamic engine loading support
    root@wa55-hs:~# openssl10 engine
    (dynamic) Dynamic engine loading support
    root@wa55-hs:~# modprobe cryptodev
    [ 44.008111] cryptodev: driver 1.9 loaded.
    root@wa55-hs:~# openssl engine
    (dynamic) Dynamic engine loading support
    root@wa55-hs:~# openssl10 engine
    (cryptodev) cryptodev engine
    (dynamic) Dynamic engine loading support

    root@wa55-hs:~# grep sham /proc/interrupts
    91: 94812 CBAR 46 Level 4b101000.sham
    root@wa55-hs:~# openssl10 speed -evp sha256 -engine cryptodev -elapsed
    engine "cryptodev" set.
    You have chosen to measure elapsed time instead of user CPU time.
    Doing sha256 for 3s on 16 size blocks: 47101 sha256's in 3.00s
    Doing sha256 for 3s on 64 size blocks: 46108 sha256's in 3.00s
    Doing sha256 for 3s on 256 size blocks: 20702 sha256's in 3.00s
    Doing sha256 for 3s on 1024 size blocks: 16936 sha256's in 3.00s
    Doing sha256 for 3s on 8192 size blocks: 9237 sha256's in 3.00s
    OpenSSL 1.0.2r 26 Feb 2019
    built on: reproducible build, date unspecified
    options:bn(64,32) rc4(ptr,char) des(idx,cisc,16,long) aes(partial) idea(int) blowfish(ptr)
    compiler: arm-oe-linux-gnueabi-gcc -march=armv7-a -mthumb -mfpu=neon -mfloat-abi=hard -DL_ENDIAN -DTERMIO -O2 -pipe -g -feliminate-unused-debug-types -fexpensive-optimizations -frename-registers -fomit-frame-pointer -Wall -Wa,--noexecstack
    The 'numbers' are in 1000s of bytes per second processed.
    type 16 bytes 64 bytes 256 bytes 1024 bytes 8192 bytes
    sha256 251.21k 983.64k 1766.57k 5780.82k 25223.17k
    root@wa55-hs:~# grep sham /proc/interrupts
    91: 188562 CBAR 46 Level 4b101000.sham
    root@wa55-hs:~#

  • 0 in reply to stef boerrigter
    TI__Guru**** 168211 points

    Hi Stef,

    stef boerrigter said:

    Could you share which version of openssl you are using in the provided example?

    i see in the SDK that there are 2 versions of openssl installed (openssl10 -> openssl.

    Sorry, I should have mentioned that hw accelerated crypto is not supported with openssl v1.1 yet in Processor SDK Linux v6.x releases. And that is the reason that the SDK provides both v1.0 and v1.1 versions of openssl packages. I was testing with openssl 1.0. There is no timeline when the issue will be solved yet.