Using asynchonous block cipher for CCMP

Using asynchonous block cipher for CCMP

[Pavel Roskin]

Hello!

I'm looking for ways to accelerate CCMP on Intel IXP425.

drivers/crypto/ixp4xx_crypto.c implements only asynchronous block
ciphers, and the reason appears to be that the crypto processor uses DMA
and interrupts to communicate with the CPU, which would make synchronous
encryption ineffective.

It turns out that mac80211 uses plain AES for CCMP.  However, it uses an
asynchronous block cipher "ecb(arc4)" for WEP and TKIP.

I'd like to make CCMP use an asynchronous block cipher.  Has anyone
attempted that?  Are there any issues I should be aware of?

-- 
Regards,
Pavel Roskin

Re: Using asynchonous block cipher for CCMP

[Johannes Berg]

On Sat, 2010-02-27 at 00:44 -0500, Pavel Roskin wrote:
> Hello!
> 
> I'm looking for ways to accelerate CCMP on Intel IXP425.
> 
> drivers/crypto/ixp4xx_crypto.c implements only asynchronous block
> ciphers, and the reason appears to be that the crypto processor uses DMA
> and interrupts to communicate with the CPU, which would make synchronous
> encryption ineffective.
> 
> It turns out that mac80211 uses plain AES for CCMP.  However, it uses an
> asynchronous block cipher "ecb(arc4)" for WEP and TKIP.
> 
> I'd like to make CCMP use an asynchronous block cipher.  Has anyone
> attempted that?  Are there any issues I should be aware of?

Well the issue is going to be having to interrupt the flow there and
then pick it back up after crypto. Or you can stick it after the entire
flow and treat it like hw crypto in the card.

johannes

Re: Using asynchonous block cipher for CCMP

[Pavel Roskin]

Quoting Johannes Berg <johannes@sipsolutions.net>:

> On Sat, 2010-02-27 at 00:44 -0500, Pavel Roskin wrote:
>> It turns out that mac80211 uses plain AES for CCMP.  However, it uses an
>> asynchronous block cipher "ecb(arc4)" for WEP and TKIP.
>>
>> I'd like to make CCMP use an asynchronous block cipher.  Has anyone
>> attempted that?  Are there any issues I should be aware of?
>
> Well the issue is going to be having to interrupt the flow there and
> then pick it back up after crypto. Or you can stick it after the entire
> flow and treat it like hw crypto in the card.

I should not have emphasized the "asynchronous" part.  It's possible  
to call a block cipher synchronously, and that's what the WEP code does:

crypto_blkcipher_encrypt(&desc, &sg, &sg, sg.length);

That encrypts the whole packet at once.  The function returns when it's done.

The CCMP code, on the other hand, calls crypto_cipher_encrypt_one() in  
a loop for 16 byte long chunks.  That would be simply ineffective for  
some hardware accelerators.

OK, what really matters is that nobody has replied that it was  
attempted and didn't work :-)

-- 
Regards,
Pavel Roskin

Re: Using asynchonous block cipher for CCMP

[Johannes Berg]

On Sat, 2010-02-27 at 17:14 -0500, Pavel Roskin wrote:

> I should not have emphasized the "asynchronous" part.  It's possible  
> to call a block cipher synchronously, and that's what the WEP code does:
> 
> crypto_blkcipher_encrypt(&desc, &sg, &sg, sg.length);
> 
> That encrypts the whole packet at once.  The function returns when it's done.
> 
> The CCMP code, on the other hand, calls crypto_cipher_encrypt_one() in  
> a loop for 16 byte long chunks.  That would be simply ineffective for  
> some hardware accelerators.

Ah. Well the problem is that CCM has the authentication rolled in, so
you'd have to find hw support for the entire loop that calls it, or find
an equivalent mode.

johannes