bcmspu.ko spudd impl3 for BCM63138 on Homeware 18.3 Linux 4.1.38: testing strongswan 5.6.3 IPsec IKEv2

bcmspu-testing.txt

root@OpenWrt:/tmp# insmod bcmspu.ko && dmesg
[  301.979565] Creating CPU ring for queue number 2 with 256 packets descriptor=0xbef459f4, size_of_entry 16
[  301.979638] Done initializing Ring 2 Base=0xe0843000 End=0xe0844000 calculated entries= 256 RDD Base=c3f000K descriptor=0xbef459f4

root@OpenWrt:~# lsmod | grep bcmspu
bcmspu                 19529  2
bdmf                 1231462 11 bcmspu,dhd,wfd,bcm_enet,pktrunner,bcmxtmrtdrv,bcm_spdsvc,rdpa_cmd,rdpa_mw,rdpa,rdpa_gpl
rdpa_gpl               15152 11 bcmspu,dhd,wfd,bcm_enet,pktrunner,bcm_ingqos,bcmxtmrtdrv,bcm_spdsvc,rdpa_cmd,rdpa_mw,rdpa

root@OpenWrt:/tmp# ls /dev/spu*
/dev/spu0

root@OpenWrt:/tmp# spuctl start

root@OpenWrt:/tmp# cat /proc/crypto | grep -A 11 -B 2 bcmspu
name         : authenc(hmac(sha256),cbc(des))
driver       : authenc-hmac-sha256-cbc-des-spu
module       : bcmspu
priority     : 3000
refcnt       : 1
selftest     : passed
internal     : no
type         : aead
async        : yes
blocksize    : 8
ivsize       : 8
maxauthsize  : 32
geniv        : <built-in>

name         : authenc(hmac(sha256),cbc(des3_ede))
driver       : authenc-hmac-sha256-cbc-3des-spu
module       : bcmspu
priority     : 3000
refcnt       : 1
selftest     : passed
internal     : no
type         : aead
async        : yes
blocksize    : 8
ivsize       : 8
maxauthsize  : 32
geniv        : <built-in>

name         : authenc(hmac(sha256),cbc(aes))
driver       : authenc-hmac-sha256-cbc-aes-spu
module       : bcmspu
priority     : 3000
refcnt       : 1
selftest     : passed
internal     : no
type         : aead
async        : yes
blocksize    : 16
ivsize       : 16
maxauthsize  : 32
geniv        : <built-in>

name         : authenc(hmac(md5),cbc(des))
driver       : authenc-hmac-md5-cbc-des-spu
module       : bcmspu
priority     : 3000
refcnt       : 1
selftest     : passed
internal     : no
type         : aead
async        : yes
blocksize    : 8
ivsize       : 8
maxauthsize  : 16
geniv        : <built-in>

name         : authenc(hmac(md5),cbc(des3_ede))
driver       : authenc-hmac-md5-cbc-3des-spu
module       : bcmspu
priority     : 3000
refcnt       : 1
selftest     : passed
internal     : no
type         : aead
async        : yes
blocksize    : 8
ivsize       : 8
maxauthsize  : 16
geniv        : <built-in>

name         : authenc(hmac(md5),cbc(aes))
driver       : authenc-hmac-md5-cbc-aes-spu
module       : bcmspu
priority     : 3000
refcnt       : 1
selftest     : passed
internal     : no
type         : aead
async        : yes
blocksize    : 16
ivsize       : 16
maxauthsize  : 16
geniv        : <built-in>

name         : authenc(hmac(sha1),cbc(des))
driver       : authenc-hmac-sha1-cbc-des-spu
module       : bcmspu
priority     : 3000
refcnt       : 1
selftest     : passed
internal     : no
type         : aead
async        : yes
blocksize    : 8
ivsize       : 8
maxauthsize  : 20
geniv        : <built-in>

name         : authenc(hmac(sha1),cbc(des3_ede))
driver       : authenc-hmac-sha1-cbc-3des-spu
module       : bcmspu
priority     : 3000
refcnt       : 1
selftest     : passed
internal     : no
type         : aead
async        : yes
blocksize    : 8
ivsize       : 8
maxauthsize  : 20
geniv        : <built-in>

name         : authenc(hmac(sha1),cbc(aes))
driver       : authenc-hmac-sha1-cbc-aes-spu
module       : bcmspu
priority     : 3000
refcnt       : 3
selftest     : passed
internal     : no
type         : aead
async        : yes
blocksize    : 16
ivsize       : 16
maxauthsize  : 20
geniv        : <built-in>

root@OpenWrt:~# ipsec statusall
Status of IKE charon daemon (strongSwan 5.6.3, Linux 4.1.38, armv7l):
  uptime: 32 minutes, since May 23 02:26:31 2020
  malloc: sbrk 753664, mmap 0, used 312176, free 441488
  worker threads: 10 of 16 idle, 6/0/0/0 working, job queue: 0/0/0/0, scheduled: 2
  loaded plugins: charon test-vectors pkcs11 aes des blowfish rc2 sha2 sha1 md4 md5 random nonce x509 revocation constraints pubkey pkcs1 pkcs7 pkcs8 pkcs12 pgp dnskey sshkey pem openssl gcrypt fips-prf gmp gmpdh curve25519 agent xcbc cmac hmac ctr ccm gcm curl attr kernel-netlink resolve socket-default socket-dynamic connmark forecast farp stroke vici smp updown eap-identity eap-md5 eap-mschapv2 eap-radius eap-tls xauth-generic xauth-eap dhcp whitelist led duplicheck addrblock unity
Listening IP addresses:
  192.168.43.254
...
Connections:
roadwarriorPUBKEY:  %any...%any  IKEv2
...
roadwarriorPUBKEY:   remote: uses public key authentication
roadwarriorPUBKEY:   child:  0.0.0.0/0 ::/0 === dynamic TUNNEL
roadwarriorEAPTLS:  %any...%any  IKEv2
...
roadwarriorEAPTLS:   remote: uses EAP_TLS authentication with EAP identity '%any'
roadwarriorEAPTLS:   child:  0.0.0.0/0 ::/0 === dynamic TUNNEL
Security Associations (1 up, 0 connecting):
...
roadwarriorEAPTLS[4]: IKEv2 SPIs: d903e4c411b5be67_i b7e8ca32f4ff6d94_r*, public key reauthentication in 2 hours
roadwarriorEAPTLS[4]: IKE proposal: AES_CBC_256/HMAC_SHA2_256_128/PRF_HMAC_SHA2_256/MODP_3072
roadwarriorEAPTLS{1}:  INSTALLED, TUNNEL, reqid 1, ESP in UDP SPIs: cd60e89d_i 8bd7bc53_o
roadwarriorEAPTLS{1}:  AES_CBC_256/HMAC_SHA1_96, 271600951 bytes_i (254572 pkts, 37s ago), 156956715 bytes_o (177812 pkts, 37s ago), rekeying in 16 minutes
roadwarriorEAPTLS{1}:   0.0.0.0/0 ::/0 === 192.168.43.181/32

root@OpenWrt:~# spuctl showstats
Encryption stats
     Ingress 177811
     Fallback 0
     Egress 175526
     Error 0
     Dropped 2285
Decryption stats
     Ingress 256429
     Fallback 0
     Egress 254571
     Error 0
     Dropped 1858