Encrypting large buffers with AES-CTR about cryptodev-linux HOT 5 CLOSED

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Hi,

On Thu, Oct 22, 2015 at 12:48:21PM -0700, CrawX wrote:

I'm currently trying to incorporate cryptodev into an application I'm writing. The application does a lot of AES-CTR encryption and decryption as well as SHA256 checksumming and I was aiming to utilize the hardware capabilities of the ARM-board I'm using. I'm using the Wandboard which is using an i.MX6 SoC that has hardware crypto acceleration called CAAM and does support both AES-CTR and SHA256.

Integrating cryptodev was pretty easy by following the examples, it was also much easier than AF_ALG and I had some quick success with both AES and SHA. However, I noticed that there are loads of messages like this on dmesg:

[93503.170342] cryptodev: aes.test[11535] (adjust_sg_array:93): reallocating from 32 to 256 pages

This looks like a test code problem. ;)

If cryptodev has to handle data in more pages than it has preallocated
for (32 by default), then it will double that value until it has enough.
So for a given session this should not happen too often.

Without seeing your code, I would suspect you are having some design
issue there. Is it really necessary to change keys that often?

If this is really unavoidable, you can of course tune
DEFAULT_PREALLOC_PAGES to suit your needs. Another alternative would be
to export this default as a module parameter, so you could adjust it at
modprobe time. Patches welcome! :)

HTH, Phil
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v2

iEYEARECAAYFAlYqz4sACgkQnMPprxY1hCeFFACeLVBrG5m8sbOp+6dBcwfYmd9f
dG8AoIv7IPKBq/kO6apBt9uEzKnAT8te
=8a5C
-----END PGP SIGNATURE-----

from cryptodev-linux.

Hi, thanks for having a look at this.

You're right, I do create new sessions very frequently because different keys are used very often.
While this may not be strictly necessary, other implementations (golang, OpenSSL) do not have this issue. Of course, those are just software implementations and they do not have to work with the constraints given by a hardware module.

So to solve this, I'll have to either reuse the same keys more often or raise the DEFAULT_PREALLOC_PAGES somehow. If I come up with a module parameter solution that I'm comfortable of pushing, I will do that.

Thanks again
CruX

from cryptodev-linux.

Hi,

On Sat, Oct 24, 2015 at 01:50:11AM -0700, CrawX wrote:

Hi, thanks for having a look at this.

You're right, I do create new sessions very frequently because different keys are used very often.
While this may not be strictly necessary, other implementations (golang, OpenSSL) do not have this issue. Of course, those are just software implementations and they do not have to work with the constraints given by a hardware module.

So to solve this, I'll have to either reuse the same keys more often or raise the DEFAULT_PREALLOC_PAGES somehow. If I come up with a module parameter solution that I'm comfortable of pushing, I will do that.

It's really not a big deal, just have a look at module_param() and
friends. Feel free to ask if you run into a problem.

Cheers, Phil

Thanks again
CruX

---

Reply to this email directly or view it on GitHub:
#8 (comment)

from cryptodev-linux.

While thinking about it, I got another idea and implemented it on a per-session basis via CIOCGSESSION in CrawX/cryptodev-linux@d6ccdc1.
Seems to work fairly well but I think this could break compatibility with people who don't explicitly memset the session_op to zero before CIOCGSESSION.

If this approach does not make sense, I'll switch to @n0-1's idea.

Cheers,
CruX

from cryptodev-linux.

It looks like this issue is rather a corner case, and since you seem to have found a solution that works for you, I'm going to close this issue now. Feel free to send a patch if you think this feature should be upstreamed.

from cryptodev-linux.