Debian
使用 Debian Linux 的 Sun T2/Niagara 硬體加密加速?
我想使用較舊的 T2 機器作為 SSL 重網站的網路伺服器。使用 Solaris,可以使用對 SSL 有意義的加密加速。現在我想知道這種加密加速是否曾經移植到 Linux 上?
# cat /etc/debian_version 7.7 # cat /proc/cpuinfo cpu : UltraSparc T2 (Niagara2) fpu : UltraSparc T2 integrated FPU pmu : niagara2 prom : OBP 4.32.2.b 2010/12/21 20:20 type : sun4v ncpus probed : 64 ncpus active : 64 D$ parity tl1 : 0 I$ parity tl1 : 0 cpucaps : flush,stbar,swap,muldiv,v9,blkinit,n2,mul32,div32,v8plus,popc,vis,vis2,ASIBlkInit # openssl engine (dynamic) Dynamic engine loading support
我無法停止思考這個問題,所以我安裝了另一台帶有 Solaris 10 和 pkcs11 更新檔的 T2 機器。儘管在 dmesg、openssl 引擎或其他方面沒有說明,但 Niagara CPU 的硬體加速似乎已經在 Linux 中實現:
索拉里斯 10
# /usr/sfw/bin/openssl speed aes-128-cbc -engine pkcs11 engine "pkcs11" set. Doing aes-128 cbc for 3s on 16 size blocks: 2752929 aes-128 cbc's in 2.99s Doing aes-128 cbc for 3s on 64 size blocks: 718278 aes-128 cbc's in 3.00s Doing aes-128 cbc for 3s on 256 size blocks: 181422 aes-128 cbc's in 3.00s Doing aes-128 cbc for 3s on 1024 size blocks: 45305 aes-128 cbc's in 3.00s Doing aes-128 cbc for 3s on 8192 size blocks: 5566 aes-128 cbc's in 3.00s OpenSSL 0.9.7d 17 Mar 2004 (+ security fixes for: CVE-2005-2969 CVE-2006-2937 CVE-2006-2940 CVE-2006-3738 CVE-2006-4339 CVE-2006-4343 CVE-2007-5135 CVE-2007-3108 CVE-2008-5077 CVE-2008-7270 CVE-2009-0590 CVE-2009-3555 CVE-2010-4180) built on: date not available options:bn(64,32) md2(int) rc4(ptr,char) des(ptr,risc1,16,long) aes(partial) blowfish(ptr) compiler: information not available available timing options: TIMES TIMEB HZ=100 [sysconf value] timing function used: times The 'numbers' are in 1000s of bytes per second processed. type 16 bytes 64 bytes 256 bytes 1024 bytes 8192 bytes aes-128 cbc 14731.39k 15323.26k 15481.34k 15464.11k 15198.89kLinux
# openssl speed aes-128-cbc Doing aes-128 cbc for 3s on 16 size blocks: 3247945 aes-128 cbc's in 3.00s Doing aes-128 cbc for 3s on 64 size blocks: 958075 aes-128 cbc's in 3.00s Doing aes-128 cbc for 3s on 256 size blocks: 250480 aes-128 cbc's in 3.00s Doing aes-128 cbc for 3s on 1024 size blocks: 63411 aes-128 cbc's in 3.00s Doing aes-128 cbc for 3s on 8192 size blocks: 7802 aes-128 cbc's in 3.00s OpenSSL 1.0.1e 11 Feb 2013 built on: Wed Oct 15 18:50:32 UTC 2014 options:bn(64,32) rc4(ptr,char) des(idx,cisc,16,long) aes(partial) blowfish(ptr) compiler: gcc -fPIC -DOPENSSL_PIC -DZLIB -DOPENSSL_THREADS -D_REENTRANT -DDSO_DLFCN -DHAVE_DLFCN_H -DB_ENDIAN -DTERMIO -g -O2 -fstack-protector --param=ssp-buffer-size=4 -Wformat -Werror=format-security -D_FORTIFY_SOURCE=2 -Wl,-z,relro -Wa,--noexecstack -Wall -DOPENSSL_BN_ASM_MONT -DSHA1_ASM -DSHA256_ASM -DSHA512_ASM -DAES_ASM -DGHASH_ASM The 'numbers' are in 1000s of bytes per second processed. type 16 bytes 64 bytes 256 bytes 1024 bytes 8192 bytes aes-128 cbc 17322.37k 20438.93k 21374.29k 21644.29k 21304.66k