* Using asynchonous block cipher for CCMP
@ 2010-02-27 5:44 Pavel Roskin
2010-02-27 7:03 ` Johannes Berg
0 siblings, 1 reply; 4+ messages in thread
From: Pavel Roskin @ 2010-02-27 5:44 UTC (permalink / raw)
To: linux-wireless
Hello!
I'm looking for ways to accelerate CCMP on Intel IXP425.
drivers/crypto/ixp4xx_crypto.c implements only asynchronous block
ciphers, and the reason appears to be that the crypto processor uses DMA
and interrupts to communicate with the CPU, which would make synchronous
encryption ineffective.
It turns out that mac80211 uses plain AES for CCMP. However, it uses an
asynchronous block cipher "ecb(arc4)" for WEP and TKIP.
I'd like to make CCMP use an asynchronous block cipher. Has anyone
attempted that? Are there any issues I should be aware of?
--
Regards,
Pavel Roskin
^ permalink raw reply [flat|nested] 4+ messages in thread
* Re: Using asynchonous block cipher for CCMP
2010-02-27 5:44 Using asynchonous block cipher for CCMP Pavel Roskin
@ 2010-02-27 7:03 ` Johannes Berg
2010-02-27 22:14 ` Pavel Roskin
0 siblings, 1 reply; 4+ messages in thread
From: Johannes Berg @ 2010-02-27 7:03 UTC (permalink / raw)
To: Pavel Roskin; +Cc: linux-wireless
On Sat, 2010-02-27 at 00:44 -0500, Pavel Roskin wrote:
> Hello!
>
> I'm looking for ways to accelerate CCMP on Intel IXP425.
>
> drivers/crypto/ixp4xx_crypto.c implements only asynchronous block
> ciphers, and the reason appears to be that the crypto processor uses DMA
> and interrupts to communicate with the CPU, which would make synchronous
> encryption ineffective.
>
> It turns out that mac80211 uses plain AES for CCMP. However, it uses an
> asynchronous block cipher "ecb(arc4)" for WEP and TKIP.
>
> I'd like to make CCMP use an asynchronous block cipher. Has anyone
> attempted that? Are there any issues I should be aware of?
Well the issue is going to be having to interrupt the flow there and
then pick it back up after crypto. Or you can stick it after the entire
flow and treat it like hw crypto in the card.
johannes
^ permalink raw reply [flat|nested] 4+ messages in thread
* Re: Using asynchonous block cipher for CCMP
2010-02-27 7:03 ` Johannes Berg
@ 2010-02-27 22:14 ` Pavel Roskin
2010-03-08 7:57 ` Johannes Berg
0 siblings, 1 reply; 4+ messages in thread
From: Pavel Roskin @ 2010-02-27 22:14 UTC (permalink / raw)
To: Johannes Berg; +Cc: linux-wireless
Quoting Johannes Berg <johannes@sipsolutions.net>:
> On Sat, 2010-02-27 at 00:44 -0500, Pavel Roskin wrote:
>> It turns out that mac80211 uses plain AES for CCMP. However, it uses an
>> asynchronous block cipher "ecb(arc4)" for WEP and TKIP.
>>
>> I'd like to make CCMP use an asynchronous block cipher. Has anyone
>> attempted that? Are there any issues I should be aware of?
>
> Well the issue is going to be having to interrupt the flow there and
> then pick it back up after crypto. Or you can stick it after the entire
> flow and treat it like hw crypto in the card.
I should not have emphasized the "asynchronous" part. It's possible
to call a block cipher synchronously, and that's what the WEP code does:
crypto_blkcipher_encrypt(&desc, &sg, &sg, sg.length);
That encrypts the whole packet at once. The function returns when it's done.
The CCMP code, on the other hand, calls crypto_cipher_encrypt_one() in
a loop for 16 byte long chunks. That would be simply ineffective for
some hardware accelerators.
OK, what really matters is that nobody has replied that it was
attempted and didn't work :-)
--
Regards,
Pavel Roskin
^ permalink raw reply [flat|nested] 4+ messages in thread
* Re: Using asynchonous block cipher for CCMP
2010-02-27 22:14 ` Pavel Roskin
@ 2010-03-08 7:57 ` Johannes Berg
0 siblings, 0 replies; 4+ messages in thread
From: Johannes Berg @ 2010-03-08 7:57 UTC (permalink / raw)
To: Pavel Roskin; +Cc: linux-wireless
On Sat, 2010-02-27 at 17:14 -0500, Pavel Roskin wrote:
> I should not have emphasized the "asynchronous" part. It's possible
> to call a block cipher synchronously, and that's what the WEP code does:
>
> crypto_blkcipher_encrypt(&desc, &sg, &sg, sg.length);
>
> That encrypts the whole packet at once. The function returns when it's done.
>
> The CCMP code, on the other hand, calls crypto_cipher_encrypt_one() in
> a loop for 16 byte long chunks. That would be simply ineffective for
> some hardware accelerators.
Ah. Well the problem is that CCM has the authentication rolled in, so
you'd have to find hw support for the entire loop that calls it, or find
an equivalent mode.
johannes
^ permalink raw reply [flat|nested] 4+ messages in thread
end of thread, other threads:[~2010-03-08 7:57 UTC | newest]
Thread overview: 4+ messages (download: mbox.gz / follow: Atom feed)
-- links below jump to the message on this page --
2010-02-27 5:44 Using asynchonous block cipher for CCMP Pavel Roskin
2010-02-27 7:03 ` Johannes Berg
2010-02-27 22:14 ` Pavel Roskin
2010-03-08 7:57 ` Johannes Berg
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).