[Feature Request] Arm version

[ilkkaya]

i want to use with rpi. can you write for arm version? thanks

[basil00]

What happens if you try and compile it?

I think the code should be portable except perhaps for the hardware AES instructions.

[puppet13th]

raspbian stretch using this gcc version
gcc (Raspbian 6.3.0-18+rpi1+deb9u1) 6.3.0 20170516

when compiling the source got some error like this:
gcc: error: unrecognized command line option ‘-maes’; did you mean ‘-mapcs’?

where can i remove the hardware AES instructions from the source code?

[basil00]

It should not be too difficult.

First src/encodings/crypt.c needs to be modified to remove all traces of aes_hardware, e.g., make hardware_ciphers an empty array.

Next encodings/aes_hardware.o needs to be removed from the build system (Makefiles).

That should work. The implementation will fall back on the portable software implementation of AES.

[puppet13th]

i have make change to makefiles and the earlier error was sloved. now it stuck on compiling http_data and install_data.it generate big file in endless loop.i use my linux machine to compile http_data and install_data and make static c source file for it.somehow i able to compile reqrypt client_install.
i got error when running reqrypt

root@Nall-RPi0w:~/.reqrypt# reqrypt --no-iptables --no-launch-ui
ReQrypt 1.4.1 [linux] Copyright (C) 2017 basil
License GPLv3+: GNU GPL version 3 or later <http://gnu.org/licenses/gpl.html>.
This is free software: you are free to change and redistribute it.
There is NO WARRANTY, to the extent permitted by law.

log: installing "reqrypt.crypt.cache"
warning: unable to parse configuration file "reqrypt.config": expected a configuration variable token; found error (invalid) token
warning: unable to read tunnel URL from file "reqrypt.cache"; expected 1 or more URL characters followed by a space character
log: starting reqrypt user interface http://localhost:40404/
log: attempting to open tunnel udp://taiga.reqrypt.org:48168?crypt=cipher.aes,cert.loWNhcG7iQwVbQS44EidtM,sec.2888
log: attempting to open tunnel udp://109.248.168.126:48168?crypt=cipher.aes,cert.loWNhcG7iQwVbQS44EidtM,sec.2888
log: [linux] caught deadly signal 11; cleaning up iptables state
error: caught deadly signal 11; exitting
log: [linux] caught deadly signal 11; cleaning up iptables state
error: caught deadly signal 11; exitting

any clue?

[puppet13th]

btw there is some warning when compiling the client_install.

pi@Nall-RPi0w:~/reqrypt $ make client_install
(cd src; \
 make clean; \
 make -j 4 client)
make[1]: Entering directory '/home/pi/reqrypt/src'
#rm -f base64.o client.o checksum.o cktp_client.o cktp_common.o cktp_encoding.o cktp_url.o config.o encodings/aes.o encodings/crypt.o encodings/pad.o encodings/natural.o http_server.o install.o log.o options.o packet.o packet_dispatch.o packet_filter.o packet_protocol.o packet_track.o random.o tunnel.o linux/capture.o linux/misc.o base64.o checksum.o config.o cktp_common.o cktp_encoding.o cktp_server.o cktp_url.o encodings/aes.o encodings/crypt.o encodings/pad.o linux/misc.o quota.o random.o server.o server_table.o http_data.c install_data.c tools/file2c
rm -f base64.o client.o checksum.o cktp_client.o cktp_common.o cktp_encoding.o cktp_url.o config.o encodings/aes.o encodings/crypt.o encodings/pad.o encodings/natural.o http_server.o install.o log.o options.o packet.o packet_dispatch.o packet_filter.o packet_protocol.o packet_track.o random.o tunnel.o linux/capture.o linux/misc.o base64.o checksum.o config.o cktp_common.o cktp_encoding.o cktp_server.o cktp_url.o encodings/aes.o encodings/crypt.o encodings/pad.o linux/misc.o quota.o random.o server.o server_table.o tools/file2c
make[1]: Leaving directory '/home/pi/reqrypt/src'
make[1]: Entering directory '/home/pi/reqrypt/src'
gcc -DCLIENT -DLINUX -Wall -O2 -I "/home/pi/reqrypt/src/"   -c -o base64.o base64.c
gcc -DCLIENT -DLINUX -Wall -O2 -I "/home/pi/reqrypt/src/"   -c -o client.o client.c
gcc -DCLIENT -DLINUX -Wall -O2 -I "/home/pi/reqrypt/src/"   -c -o checksum.o checksum.c
gcc -DCLIENT -DLINUX -Wall -O2 -I "/home/pi/reqrypt/src/"   -c -o cktp_client.o cktp_client.c
gcc -DCLIENT -DLINUX -Wall -O2 -I "/home/pi/reqrypt/src/"   -c -o cktp_common.o cktp_common.c
gcc -DCLIENT -DLINUX -Wall -O2 -I "/home/pi/reqrypt/src/"   -c -o cktp_encoding.o cktp_encoding.c
gcc -DCLIENT -DLINUX -Wall -O2 -I "/home/pi/reqrypt/src/"   -c -o cktp_url.o cktp_url.c
gcc -DCLIENT -DLINUX -Wall -O2 -I "/home/pi/reqrypt/src/"   -c -o config.o config.c
gcc -DCLIENT -DLINUX -Wall -O2 -I "/home/pi/reqrypt/src/"   -c -o encodings/aes.o encodings/aes.c
config.c: In function âread_tokenâ:
config.c:828:13: warning: case label value is less than minimum value for type
             case EOF:
             ^~~~
config.c:877:13: warning: case label value is less than minimum value for type
             case EOF:
             ^~~~
gcc -DCLIENT -DLINUX -Wall -O2 -I "/home/pi/reqrypt/src/"   -c -o encodings/crypt.o encodings/crypt.c
gcc -DCLIENT -DLINUX -Wall -O2 -I "/home/pi/reqrypt/src/"   -c -o encodings/pad.o encodings/pad.c
encodings/crypt.c: In function âcrypt_find_certificateâ:
encodings/crypt.c:828:13: warning: case label value is less than minimum value for type
             case EOF:
             ^~~~
gcc -DCLIENT -DLINUX -Wall -O2 -I "/home/pi/reqrypt/src/" -O3   -c -o encodings/natural.o encodings/natural.c
gcc -DCLIENT -DLINUX -Wall -O2 -I "/home/pi/reqrypt/src/"   -c -o http_server.o http_server.c
gcc -DCLIENT -DLINUX -Wall -O2 -I "/home/pi/reqrypt/src/"   -c -o install.o install.c
gcc -DCLIENT -DLINUX -Wall -O2 -I "/home/pi/reqrypt/src/"   -c -o log.o log.c
gcc -DCLIENT -DLINUX -Wall -O2 -I "/home/pi/reqrypt/src/"   -c -o options.o options.c
gcc -DCLIENT -DLINUX -Wall -O2 -I "/home/pi/reqrypt/src/"   -c -o packet.o packet.c
gcc -DCLIENT -DLINUX -Wall -O2 -I "/home/pi/reqrypt/src/"   -c -o packet_dispatch.o packet_dispatch.c
gcc -DCLIENT -DLINUX -Wall -O2 -I "/home/pi/reqrypt/src/"   -c -o packet_filter.o packet_filter.c
gcc -DCLIENT -DLINUX -Wall -O2 -I "/home/pi/reqrypt/src/"   -c -o packet_protocol.o packet_protocol.c
gcc -DCLIENT -DLINUX -Wall -O2 -I "/home/pi/reqrypt/src/"   -c -o packet_track.o packet_track.c
gcc -DCLIENT -DLINUX -Wall -O2 -I "/home/pi/reqrypt/src/"   -c -o random.o random.c
gcc -DCLIENT -DLINUX -Wall -O2 -I "/home/pi/reqrypt/src/"   -c -o tunnel.o tunnel.c
gcc -DCLIENT -DLINUX -Wall -O2 -I "/home/pi/reqrypt/src/"   -c -o linux/capture.o linux/capture.c
gcc -DCLIENT -DLINUX -Wall -O2 -I "/home/pi/reqrypt/src/"   -c -o linux/misc.o linux/misc.c
gcc -o reqrypt base64.o client.o checksum.o cktp_client.o cktp_common.o cktp_encoding.o cktp_url.o config.o encodings/aes.o encodings/crypt.o encodings/pad.o encodings/natural.o http_server.o install.o log.o options.o packet.o packet_dispatch.o packet_filter.o packet_protocol.o packet_track.o random.o tunnel.o linux/capture.o linux/misc.o -lpthread
strip reqrypt
make[1]: Leaving directory '/home/pi/reqrypt/src'
(cd src/tools; \
     ./build_clientdeb.sh reqrypt 1.4.1; \
 mv reqrypt_*.deb ../../)
pi@Nall-RPi0w:~/reqrypt $

[basil00]

any clue?

Unfortunately, I do not. At the very least, you'd probably need to run it in a debugger to find the crash location, and maybe that can help. The EOF warning is unlikely to be the culprit.

[svost]

What about arm aes hardware support? Take look at almost complete implementation https://github.com/CryptoManiac/gravity-sphincs/blob/arm-prerelease/Optimized_Implementation/primitives/aarch64/aes.c

[basil00]

We could consider adding it, but maybe after the basic ARM client is working.

However, hardware support is not so important for the client. Rather, it was mainly intended to help optimize the server a bit. I am not sure how much of a difference it really makes in practice though.

[svost]

I compiled make server on aarch64 instance. Is it possible to get rid of the hardcoded "-maes" flag from cfg.mk.* and other files? I have never edit configure.ac file. Will it be like AM_CONDITIONAL([ENABLE_AESNI],[test x$enable_aesni = xyes]) with binding to a certain variable HAS_AES? Sorry for mistakes, English not native for me.

[puppet13th]

@svost check my git repo. I have managed to compile client and server on raspberry pi. Btw what devices are you using?

[svost]

@puppet13th https://www.scaleway.com/pricing/
@basil00 can you add new branch for test purposes?

[puppet13th]

@svost Arm Instances? Have you checked and my git fork? If your server running an armv8, it should have hardware aes extension, but don't know about support from the gcc.

Check aes extension :
cat /proc/cpuinfo

Check gcc version :
gcc - v

I have tested from raspberry pi 3 which have armv8 cpu. It doesn't have aes extension.

[svost]

Yes, scaleway cpu has hw aes support, but arm code for aes complitely different (neon vs x86 intrinsics). So, it would be better if all realisations will be placed in one current repo. May be some #ifdef's in c code, plus some editions of https://github.com/basil00/reqrypt/blob/master/configure.ac#L54 - this line serve only x86 and x86_64 realisations, not arm architecture and rewriting cfg.make.in (-maes flag work around) give full support for arm platform.