Skip to content

Instantly share code, notes, and snippets.

@LuKePicci
Last active May 23, 2020 01:14
Show Gist options
  • Save LuKePicci/64cecf8aaf4ded177255e64584d5643e to your computer and use it in GitHub Desktop.
Save LuKePicci/64cecf8aaf4ded177255e64584d5643e to your computer and use it in GitHub Desktop.
bcmspu.ko spudd impl3 for BCM63138 on Homeware 18.3 Linux 4.1.38: testing strongswan 5.6.3 IPsec IKEv2
root@OpenWrt:/tmp# insmod bcmspu.ko && dmesg
[ 301.979565] Creating CPU ring for queue number 2 with 256 packets descriptor=0xbef459f4, size_of_entry 16
[ 301.979638] Done initializing Ring 2 Base=0xe0843000 End=0xe0844000 calculated entries= 256 RDD Base=c3f000K descriptor=0xbef459f4
root@OpenWrt:~# lsmod | grep bcmspu
bcmspu 19529 2
bdmf 1231462 11 bcmspu,dhd,wfd,bcm_enet,pktrunner,bcmxtmrtdrv,bcm_spdsvc,rdpa_cmd,rdpa_mw,rdpa,rdpa_gpl
rdpa_gpl 15152 11 bcmspu,dhd,wfd,bcm_enet,pktrunner,bcm_ingqos,bcmxtmrtdrv,bcm_spdsvc,rdpa_cmd,rdpa_mw,rdpa
root@OpenWrt:/tmp# ls /dev/spu*
/dev/spu0
root@OpenWrt:/tmp# spuctl start
root@OpenWrt:/tmp# cat /proc/crypto | grep -A 11 -B 2 bcmspu
name : authenc(hmac(sha256),cbc(des))
driver : authenc-hmac-sha256-cbc-des-spu
module : bcmspu
priority : 3000
refcnt : 1
selftest : passed
internal : no
type : aead
async : yes
blocksize : 8
ivsize : 8
maxauthsize : 32
geniv : <built-in>
name : authenc(hmac(sha256),cbc(des3_ede))
driver : authenc-hmac-sha256-cbc-3des-spu
module : bcmspu
priority : 3000
refcnt : 1
selftest : passed
internal : no
type : aead
async : yes
blocksize : 8
ivsize : 8
maxauthsize : 32
geniv : <built-in>
name : authenc(hmac(sha256),cbc(aes))
driver : authenc-hmac-sha256-cbc-aes-spu
module : bcmspu
priority : 3000
refcnt : 1
selftest : passed
internal : no
type : aead
async : yes
blocksize : 16
ivsize : 16
maxauthsize : 32
geniv : <built-in>
name : authenc(hmac(md5),cbc(des))
driver : authenc-hmac-md5-cbc-des-spu
module : bcmspu
priority : 3000
refcnt : 1
selftest : passed
internal : no
type : aead
async : yes
blocksize : 8
ivsize : 8
maxauthsize : 16
geniv : <built-in>
name : authenc(hmac(md5),cbc(des3_ede))
driver : authenc-hmac-md5-cbc-3des-spu
module : bcmspu
priority : 3000
refcnt : 1
selftest : passed
internal : no
type : aead
async : yes
blocksize : 8
ivsize : 8
maxauthsize : 16
geniv : <built-in>
name : authenc(hmac(md5),cbc(aes))
driver : authenc-hmac-md5-cbc-aes-spu
module : bcmspu
priority : 3000
refcnt : 1
selftest : passed
internal : no
type : aead
async : yes
blocksize : 16
ivsize : 16
maxauthsize : 16
geniv : <built-in>
name : authenc(hmac(sha1),cbc(des))
driver : authenc-hmac-sha1-cbc-des-spu
module : bcmspu
priority : 3000
refcnt : 1
selftest : passed
internal : no
type : aead
async : yes
blocksize : 8
ivsize : 8
maxauthsize : 20
geniv : <built-in>
name : authenc(hmac(sha1),cbc(des3_ede))
driver : authenc-hmac-sha1-cbc-3des-spu
module : bcmspu
priority : 3000
refcnt : 1
selftest : passed
internal : no
type : aead
async : yes
blocksize : 8
ivsize : 8
maxauthsize : 20
geniv : <built-in>
name : authenc(hmac(sha1),cbc(aes))
driver : authenc-hmac-sha1-cbc-aes-spu
module : bcmspu
priority : 3000
refcnt : 3
selftest : passed
internal : no
type : aead
async : yes
blocksize : 16
ivsize : 16
maxauthsize : 20
geniv : <built-in>
root@OpenWrt:~# ipsec statusall
Status of IKE charon daemon (strongSwan 5.6.3, Linux 4.1.38, armv7l):
uptime: 32 minutes, since May 23 02:26:31 2020
malloc: sbrk 753664, mmap 0, used 312176, free 441488
worker threads: 10 of 16 idle, 6/0/0/0 working, job queue: 0/0/0/0, scheduled: 2
loaded plugins: charon test-vectors pkcs11 aes des blowfish rc2 sha2 sha1 md4 md5 random nonce x509 revocation constraints pubkey pkcs1 pkcs7 pkcs8 pkcs12 pgp dnskey sshkey pem openssl gcrypt fips-prf gmp gmpdh curve25519 agent xcbc cmac hmac ctr ccm gcm curl attr kernel-netlink resolve socket-default socket-dynamic connmark forecast farp stroke vici smp updown eap-identity eap-md5 eap-mschapv2 eap-radius eap-tls xauth-generic xauth-eap dhcp whitelist led duplicheck addrblock unity
Listening IP addresses:
192.168.43.254
...
Connections:
roadwarriorPUBKEY: %any...%any IKEv2
...
roadwarriorPUBKEY: remote: uses public key authentication
roadwarriorPUBKEY: child: 0.0.0.0/0 ::/0 === dynamic TUNNEL
roadwarriorEAPTLS: %any...%any IKEv2
...
roadwarriorEAPTLS: remote: uses EAP_TLS authentication with EAP identity '%any'
roadwarriorEAPTLS: child: 0.0.0.0/0 ::/0 === dynamic TUNNEL
Security Associations (1 up, 0 connecting):
...
roadwarriorEAPTLS[4]: IKEv2 SPIs: d903e4c411b5be67_i b7e8ca32f4ff6d94_r*, public key reauthentication in 2 hours
roadwarriorEAPTLS[4]: IKE proposal: AES_CBC_256/HMAC_SHA2_256_128/PRF_HMAC_SHA2_256/MODP_3072
roadwarriorEAPTLS{1}: INSTALLED, TUNNEL, reqid 1, ESP in UDP SPIs: cd60e89d_i 8bd7bc53_o
roadwarriorEAPTLS{1}: AES_CBC_256/HMAC_SHA1_96, 271600951 bytes_i (254572 pkts, 37s ago), 156956715 bytes_o (177812 pkts, 37s ago), rekeying in 16 minutes
roadwarriorEAPTLS{1}: 0.0.0.0/0 ::/0 === 192.168.43.181/32
root@OpenWrt:~# spuctl showstats
Encryption stats
Ingress 177811
Fallback 0
Egress 175526
Error 0
Dropped 2285
Decryption stats
Ingress 256429
Fallback 0
Egress 254571
Error 0
Dropped 1858
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment