VIA Padlock, OpenSSL, OpenVPN help needed

BlueFusion

Hello folks, new time member here.

I have a repurposed Lacie Ethernet Disk 1U server with a VIA C7 1000MHz processor that supports VIA Padlock hardware crypto which I am using as my home's firewall/gateway/NAT router, etc.  I've been using it as such for about 3 months.  I am new to BSD but am familiar with Linux, making much of this familiar.

I have tried a few times to use OpenVPN on pfsense to connect to a PIA VPN account.  I have been successful in that it works, however the performance maxes out around 6Mbps (my internect connection is 35Mbps).

Upon further research, it appears that the hardware crypto device is not being used.  Well, today I had some free time to try and sort this issue out.  Here's what I've tried:

1. The FreeBSD Base OpenSSL does not support the padlock engine at all (since FreeBSD 10.0 atleast). pkg install openssl which installed a newer version of OpenSSL in /usr/local (the base is in /usr).  This version does have support for the padlock engine.  I linked /usr/local/bin/openssl to /usr/bin/ssl and that works so far:

[2.2.6-RELEASE][admin@portal.rgnet]/root: openssl version
OpenSSL 1.0.2g  1 Mar 2016

Here is a comparison between the cryptodev and padlock engines:

[2.2.6-RELEASE][admin@portal.rgnet]/root: openssl speed -elapsed -evp aes-128-cbc -engine cryptodev
engine "cryptodev" set.
You have chosen to measure elapsed time instead of user CPU time.
Doing aes-128-cbc for 3s on 16 size blocks: 451613 aes-128-cbc's in 3.00s
Doing aes-128-cbc for 3s on 64 size blocks: 441681 aes-128-cbc's in 3.00s
Doing aes-128-cbc for 3s on 256 size blocks: 416402 aes-128-cbc's in 3.00s
Doing aes-128-cbc for 3s on 1024 size blocks: 327032 aes-128-cbc's in 3.00s
Doing aes-128-cbc for 3s on 8192 size blocks: 112073 aes-128-cbc's in 3.00s
OpenSSL 1.0.2g  1 Mar 2016
built on: reproducible build, date unspecified
options:bn(64,32) md2(int) rc4(idx,int) des(ptr,risc1,16,long) aes(partial) idea(int) blowfish(idx)
compiler: cc -I. -I.. -I../include  -fPIC -DOPENSSL_PIC -DOPENSSL_THREADS -pthread -D_THREAD_SAFE -D_REENTRANT -DDSO_DLFCN -DHAVE_DLFCN_H -DL_ENDIAN -O3 -fomit-frame-pointer -Wall -O2 -pipe  -fstack-protector -fno-strict-aliasing
The 'numbers' are in 1000s of bytes per second processed.
type            16 bytes    64 bytes    256 bytes  1024 bytes  8192 bytes
aes-128-cbc      2408.60k    9422.53k    35532.97k  111626.92k  306034.01k

[2.2.6-RELEASE][admin@portal.rgnet]/root: openssl speed -elapsed -evp aes-128-cbc -engine padlock
engine "padlock" set.
You have chosen to measure elapsed time instead of user CPU time.
Doing aes-128-cbc for 3s on 16 size blocks: 9420944 aes-128-cbc's in 3.00s
Doing aes-128-cbc for 3s on 64 size blocks: 7298961 aes-128-cbc's in 3.00s
Doing aes-128-cbc for 3s on 256 size blocks: 4251695 aes-128-cbc's in 3.00s
Doing aes-128-cbc for 3s on 1024 size blocks: 1556228 aes-128-cbc's in 3.00s
Doing aes-128-cbc for 3s on 8192 size blocks: 227666 aes-128-cbc's in 3.00s
OpenSSL 1.0.2g  1 Mar 2016
built on: reproducible build, date unspecified
options:bn(64,32) md2(int) rc4(idx,int) des(ptr,risc1,16,long) aes(partial) idea(int) blowfish(idx)
compiler: cc -I. -I.. -I../include  -fPIC -DOPENSSL_PIC -DOPENSSL_THREADS -pthread -D_THREAD_SAFE -D_REENTRANT -DDSO_DLFCN -DHAVE_DLFCN_H -DL_ENDIAN -O3 -fomit-frame-pointer -Wall -O2 -pipe  -fstack-protector -fno-strict-aliasing
The 'numbers' are in 1000s of bytes per second processed.
type            16 bytes    64 bytes    256 bytes  1024 bytes  8192 bytes
aes-128-cbc      50245.03k  155711.17k  362811.31k  531192.49k  621679.96k

2. Despite the padlock engine working correctly, OpenSSL does not report it as an available option:

[2.2.6-RELEASE][admin@portal.rgnet]/root: /usr/local/bin/openssl engine -t -c
(cryptodev) BSD cryptodev engine
[RSA, DSA, DH, AES-128-CBC, AES-192-CBC, AES-256-CBC]
    [ available ]
(dynamic) Dynamic engine loading support
    [ unavailable ]

Because of this, pfsense WebGUI does not show this engine as an available Hardware Crypto Device option when configuring an OpenSSL server or client.

To make this option available (at the expense of losing the cryptodev option in the list), I modified the /etc/inc/openvpn.inc file at line 243:

function openvpn_get_engines() {
        $openssl_engines = array('none' => 'No Hardware Crypto Acceleration');
        exec("/usr/bin/openssl engine -t -c", $openssl_engine_output);    <------ Original
        $openssl_engine_output = implode("\n", $openssl_engine_output);
        $openssl_engine_output = preg_replace("/\\n\\s+/", "|", $openssl_engine_output);
        $openssl_engine_output = explode("\n", $openssl_engine_output);

function openvpn_get_engines() {
        $openssl_engines = array('none' => 'No Hardware Crypto Acceleration');
        exec("/usr/bin/openssl engine padlock -t -c", $openssl_engine_output);    <------ Modified
        $openssl_engine_output = implode("\n", $openssl_engine_output);
        $openssl_engine_output = preg_replace("/\\n\\s+/", "|", $openssl_engine_output);
        $openssl_engine_output = explode("\n", $openssl_engine_output);

Now I can select the padlock Hardware Crypto Device when configuring the VPN client.

3. So, after selecting the padlock crypto engine and saving the OpenVPN client configuration in the WebGUI, the OpenVPN client fails to start.

From the OpenVPN logs:

OpenSSL error: cannot load engine 'padlock'

Uh oh…..

[2.2.6-RELEASE][admin@portal.rgnet]/root: openvpn –show-engines
OpenSSL Crypto Engines

BSD cryptodev engine [cryptodev]
Dynamic engine loading support [dynamic]

And this is where I am currently stuck.  Any ideas on how to get OpenVPN to work with the padlock engine at this point?

3b.  For Ss and Gs, I also did a pkg install openvpn to get a newer packaged version of OpenVPN.  No luck.

[2.2.6-RELEASE][admin@portal.rgnet]/root: openvpn –version
OpenVPN 2.3.10 i386-portbld-freebsd10.1 [SSL (OpenSSL)] [LZO] [MH] [IPv6] built on Mar  5 2016
library versions: OpenSSL 1.0.1l-freebsd 15 Jan 2015, LZO 2.09
Originally developed by James Yonan
Copyright (C) 2002-2010 OpenVPN Technologies, Inc. sales@openvpn.netCompile time defines: enable_crypto=yes enable_crypto_ofb_cfb=yes enable_debug=yes enable_def_auth=yes enable_dlopen=unknown enable_dlopen_self=unknown enable_dlopen_self_static=unknown enable_fast_install=needless enable_fragment=yes enable_http_proxy=yes enable_iproute2=no enable_libtool_lock=yes enable_lzo=yes enable_lzo_stub=no enable_management=yes enable_multi=yes enable_multihome=yes enable_pam_dlopen=no enable_pedantic=no enable_pf=yes enable_pkcs11=no enable_plugin_auth_pam=yes enable_plugin_down_root=yes enable_plugins=yes enable_port_share=yes enable_selinux=no enable_server=yes enable_shared=yes enable_shared_with_static_runtimes=no enable_small=no enable_socks=yes enable_ssl=yes enable_static=yes enable_strict=no enable_strict_options=no enable_systemd=no enable_win32_dll=yes enable_x509_alt_username=no with_crypto_library=openssl with_gnu_ld=yes with_mem_check=no with_plugindir='$(libdir)/openvpn/plugins' with_sysroot=no/sales@openvpn.net

BlueFusion

A tiny bit of progress:

At the top of /etc/openssl.cnf (symlinked to /usr/local/openssl/openssl.cnf), I added the line:

openssl_conf = openssl_def

At the bottom of the file (as it always fails at the top):

[openssl_def]
engines = openssl_engines

[openssl_engines]
padlock = padlock_engine

[padlock_engine]
dynamic_path = /usr/local/lib/engines/libpadlock.so
default_algorithms = ALL

This makes OpenSSL always show Padlock as an available crypto engine.  The hack used above to the openvpn.inc file has been reversed.  OpenVPN, however still does not work with this.

As far as I can tell, even the pkg version of OpenSSL is compiled against an older Base version of OpenSSL without Padlock engine support, which is causing the issues.  What would it take to rebuild OpenVPN on a pfsense FreeBSD install?

BlueFusion

Success…..kind of!

I forgot that libcrypto.so was part of the OpenSSL library.  After linking /lib/crypto.so to the updated /usr/local/lib/libcrypto.so.8, openvpn –version was reporting the new version of OpenSSL.  I switched to the Padlock engine in the OpenVPN client config in the WebGUI, and OpenVPN is working.  I can't say for sure yet if the engine is working correctly.

In all, it's been quite a hack job and packages are definitely all sorts of screwed up now, I'm sure.  I needed to get this working for my own piece of mind.  Is there a way that the developers can make this work out-of-the-box, as it should be?

AWeidner

Thank you for this guide. I recently bought a Via C7 based Router (1000MHz) and was looking for a way to use the padlock feature. My steps to "success" differ in a few points from your guide:

1. renamed /usr/lib/libssl.so.7
2. symlink /usr/lib/libssl.so.7 -> /usr/local/lib/libssl.so.8
3. renamed /lib/libcrypto.so.7
4. symlink /lib/libcrypto.so.7 -> /usr/local/lib/libcrypto.so.8

OpenVPN uses the padlock engine```
openvpn[41390]: Initializing OpenSSL support for engine 'padlock'

We have a 40MBit/s connection to our branch office. The CPU load never goes above 50 percent, even at full bandwith using AES-128-CBC. Seems like the hardware encryption is working.

In my first try i used pfSense 2.3.0, but it seems that padlock support was removed from that release and the above steps don't work anymore.

dotdash

Padlock is pretty legacy these days, there are much better alternatives available. There is a reason it is not in FreeBSD anymore, it is widely believed that it is compromised. See Snowden, etc.

edit- link added https://wiki.freebsd.org/201309DevSummit/Security

AWeidner

@dotdash:

Padlock is pretty legacy these days, there are much better alternatives available. There is a reason it is not in FreeBSD anymore, it is widely believed that it is compromised. See Snowden, etc.

edit- link added https://wiki.freebsd.org/201309DevSummit/Security

That went below my radar. I checked the changelogs for pfsense but could not find any hints regarding that issue. But padlock support seems to vanish from all the other distributions as well. Pfsense (and BlueFusions guide) was my last resort for building a site to site hardware accelerated VPN with that VIA based router.

johnpoz

and just out of curiosity what is your speed now??  Cuz I run openvpn on some really old hardware in a VM with clearly no hardware crypto support and not having an issue with performance..

AWeidner

@johnpoz:

and just out of curiosity what is your speed now??  Cuz I run openvpn on some really old hardware in a VM with clearly no hardware crypto support and not having an issue with performance..

Main office (OpenVPN client) -bridge- Branch (OpenVPN server)
------------------------------------------------------------------
XEON E5506, 2.1GHz, 8GB RAM           VIA C7, 1GHz, 512MB RAM
Centos 7.2                            pfSense 2.2.6
Up: 12MBit/s|Down: 100MBit/s          Up: 38MBit/s|Down: 100MBit/s

Netio                        ------>  1,300KByte/s
2,400Kbyte/s                 <------  Netio

Copying files via CIFS i get 3,500Kbyte/s from branch to main office, that's quite close to the maximum upload available.  Don't know why Netio does not reach that speed though  ???

The openvpn machine used in main office is a retired server that's going to be replaced by something more economical this year.

vbentley

@dotdash:

Padlock is pretty legacy these days, there are much better alternatives available. There is a reason it is not in FreeBSD anymore, it is widely believed that it is compromised. See Snowden, etc.

There are much better alternatives IF you have the funding to obtain them. If not, and you already have Padlock equipped devices then all is not lost.

A better explanation of FreeBSD's decision can be found here http://arstechnica.com/security/2013/12/we-cannot-trust-intel-and-vias-chip-based-crypto-freebsd-developers-say/

Using Yarrow, FreeBSD does not rely on a single source of entropy. FreeBSD will not use any HRNG as an exclusive entropy source in the kernel. HRNG output is mixed with output from other entropy sources. In my opinion following BlueFusion's notes is probably safe as long as there are multiple sources of entropy and the entropy pool is not low when any crypto operations using OpenSSL are being performed.

AWeidner

@vbentley:

@dotdash:

Padlock is pretty legacy these days, there are much better alternatives available. There is a reason it is not in FreeBSD anymore, it is widely believed that it is compromised. See Snowden, etc.

There are much better alternatives IF you have the funding to obtain them. If not, and you already have Padlock equipped devices then all is not lost.

I got that VIA based router (https://www.google.de/search?q=lex+3v700d&source=lnms&tbm=isch) off of ebay for 15,- Euro including shipping. I had to add a CF card and RAM from spare parts. The proposed ALIX based solution would have cost us about 200,- Euro.

But with Padlock running out of support i will have to look for something different for future purchases.