Because my linux distribution doesn't support openssl/OpenVPN with ChaCha20-Poly1305, I compiled my own openssl library and OpenVPN
on my Raspberry Pi 3.
Code: Select all
tony@tony-rpi:/project/openvpn/openvpn$ LD_LIBRARY_PATH=/opt/openssl/lib ./src/openvpn/openvpn --show-ciphers |grep CHACHA20
CHACHA20-POLY1305 (256 bit key, stream cipher, TLS client/server mode only)
Code: Select all
tony@tony-rpi:/project/openvpn/openvpn$ git show --pretty=oneline
d595562d946aec4811ac0deffff0770fb9c32a21 travis.yml: add test for iproute2 net implementation
diff --git a/.travis.yml b/.travis.yml
index e61a8d3..a8ec3a1 100644
--- a/.travis.yml
+++ b/.travis.yml
@@ -36,6 +36,9 @@ matrix:
- env: SSLLIB="openssl" OPENSSL_VERSION="1.1.0h" LABEL="linux-ppc64le"
os: linux-ppc64le
compiler: gcc
+ - env: SSLLIB="openssl" EXTRA_CONFIG="--enable-iproute2"
+ os: linux
+ compiler: gcc
- env: SSLLIB="openssl" CFLAGS="-fsanitize=address"
os: linux
compiler: clang
Code: Select all
tony@tony-rpi:/media/tony/c66c1cc7-b656-4020-946f-29df928694c4/project/openssl/openssl.git$ LD_LIBRARY_PATH=/opt/openssl/lib ./apps/openssl speed -evp chacha20-poly1305
Doing chacha20-poly1305 for 3s on 16 size blocks: 2753569 chacha20-poly1305's in 2.99s
Doing chacha20-poly1305 for 3s on 64 size blocks: 1530313 chacha20-poly1305's in 3.00s
Doing chacha20-poly1305 for 3s on 256 size blocks: 777209 chacha20-poly1305's in 3.00s
Doing chacha20-poly1305 for 3s on 1024 size blocks: 222422 chacha20-poly1305's in 2.99s
Doing chacha20-poly1305 for 3s on 8192 size blocks: 29120 chacha20-poly1305's in 3.00s
Doing chacha20-poly1305 for 3s on 16384 size blocks: 14612 chacha20-poly1305's in 3.00s
OpenSSL 1.1.1d-dev xx XXX xxxx
built on: Mon Jun 3 02:30:08 2019 UTC
options:bn(64,32) rc4(char) des(long) aes(partial) idea(int) blowfish(ptr)
compiler: gcc -fPIC -pthread -march=armv7-a -Wa,--noexecstack -Wall -O3 -DOPENSSL_USE_NODELETE -DOPENSSL_PIC -DOPENSSL_CPUID_OBJ -DOPENSSL_BN_ASM_MONT -DOPENSSL_BN_ASM_GF2m -DSHA1_ASM -DSHA256_ASM -DSHA512_ASM -DKECCAK1600_ASM -DAES_ASM -DBSAES_ASM -DGHASH_ASM -DECP_NISTZ256_ASM -DPOLY1305_ASM -DNDEBUG
The 'numbers' are in 1000s of bytes per second processed.
type 16 bytes 64 bytes 256 bytes 1024 bytes 8192 bytes 16384 bytes
chacha20-poly1305 14734.82k 32646.68k 66321.83k 76173.96k 79517.01k 79801.00k
tony@tony-rpi:/media/tony/c66c1cc7-b656-4020-946f-29df928694c4/project/openssl/openssl.git$ LD_LIBRARY_PATH=/opt/openssl/lib ./apps/openssl speed -evp AES-256-CBC
Doing aes-256-cbc for 3s on 16 size blocks: 2499571 aes-256-cbc's in 3.00s
Doing aes-256-cbc for 3s on 64 size blocks: 801797 aes-256-cbc's in 2.99s
Doing aes-256-cbc for 3s on 256 size blocks: 216892 aes-256-cbc's in 3.00s
Doing aes-256-cbc for 3s on 1024 size blocks: 55349 aes-256-cbc's in 3.00s
Doing aes-256-cbc for 3s on 8192 size blocks: 6963 aes-256-cbc's in 2.99s
Doing aes-256-cbc for 3s on 16384 size blocks: 3484 aes-256-cbc's in 3.00s
OpenSSL 1.1.1d-dev xx XXX xxxx
built on: Mon Jun 3 02:30:08 2019 UTC
options:bn(64,32) rc4(char) des(long) aes(partial) idea(int) blowfish(ptr)
compiler: gcc -fPIC -pthread -march=armv7-a -Wa,--noexecstack -Wall -O3 -DOPENSSL_USE_NODELETE -DOPENSSL_PIC -DOPENSSL_CPUID_OBJ -DOPENSSL_BN_ASM_MONT -DOPENSSL_BN_ASM_GF2m -DSHA1_ASM -DSHA256_ASM -DSHA512_ASM -DKECCAK1600_ASM -DAES_ASM -DBSAES_ASM -DGHASH_ASM -DECP_NISTZ256_ASM -DPOLY1305_ASM -DNDEBUG
The 'numbers' are in 1000s of bytes per second processed.
type 16 bytes 64 bytes 256 bytes 1024 bytes 8192 bytes 16384 bytes
aes-256-cbc 13331.05k 17162.21k 18508.12k 18892.46k 19077.22k 19027.29k
because I saw below message. Anything wrong? I 'm wondering if anyone got the performance data of ChaCha20-Poly1305 for reference or to confirm that git
commit d595562d946aec4811ac0deffff0770fb9c32a21 fully supports ChaCha20-Poly1305. Thanks.
Mon Jun 3 14:25:23 2019 us=5640 client/XXX.XXX.XXX.XXX.:57696 Outgoing Data Channel: Cipher 'CHACHA20-POLY1305' initialized with 256 bit key
Mon Jun 3 14:25:23 2019 us=5772 client/XXX.XXX.XXX.XXX:57696 Incoming Data Channel: Cipher 'CHACHA20-POLY1305' initialized with 256 bit key