• State TI Thinks Resolved
  • Locked Locked
  • Replies 4 replies
  • Answers 1 answer
  • Subscribers 101 subscribers
  • Views 2057 views
  • Users 0 members are here
Support feedback
Options
Options
Similar topics

This thread has been locked.

If you have a related question, please click the "Ask a related question" button in the top right corner. The newly created question will be automatically linked to this question.

aes-128-cfb Support on am335x

Jing Shao
Intellectual 280 points
Other Parts Discussed in Thread: AM3352

I am developing a system based on the am3352.

We are trying to have secure access for the whole system.

  • For the HTTPS access, the default cipher suite is AES-256-GCM based, 
  • For the SNMPv3, the encryption is based on AES-128-CFB
  • The SSH access is based on AES-128-CTR

The default omap-aes.c in the Linux kernel supports the following modes:

  • AES-ECB
  • AES-CBC
  • AES-CTR

This means only the SSH can take advantage the HW accleration. The HTTPS and SNMPv3 falls back to SW implementation.

Supposedly, the OMAP_AES supports the following:

ECB, CBC, and CFB-128 encryption
CTR and F8 encryption with 16/32/64/96/128-bit counter
XEX (disk encryption)
CBC-MAC authentication including the CMAC/OMAC/PMAC subflavors
F9 authentication
GCM and CCM aead

From another thread, it seems GCM is difficult, how about CFB? Is there a solution for this mode?

For the web, we might be able to change the WEB server to use different cipher suite, but SNMPv3 only defines CFB.

Regards,

Jing
  • 0
    TI__Guru**** 393215 points
    Hi,

    I will ask the Crypto experts to comment.
  • 0
    TI__Guru*** 125366 points
    aes-gcm hw acceleration support is added since Processor SDK 2.0. cfb hw acceleration is not supported yet.
  • 0 in reply to Bin Liu
    Intellectual 280 points

    BIn,

    Thanks for the info. 

    I tried to copy the omap-*.* from drivers/crypto from Processor SDK 2.0 to my source tree, it would not compile under SDK 7.0 outright. I will spend more time on this later.

    Do you have benchmark numbers for aes-128-gcm using hardware accelerations?

    In  addition,  have you tried to run a HTTPS server with the HWA?

    If it works well, that gave me some motivation to upgrade from SDK 7.0 to processor SDK 2.0.

    Thanks again.

    Jing

  • 0 in reply to Jing Shao
    TI__Guru*** 125366 points

    Jing Shao said:
    Do you have benchmark numbers for aes-128-gcm using hardware accelerations?

    We don't have official data for gcm, but here is the number I got from tcrypt test.

      1 root@debian:~# modprobe  tcrypt sec=1 mode=211
  2 [  527.434266]
  3 [  527.434266] testing speed of rfc4106(gcm(aes)) (rfc4106-gcm-aes-omap) encryption
  4 [  527.445587] test 0 (160 bit key, 16 byte blocks): 10594 operations in 1 seconds (169504 bytes)
  5 [  528.463407] test 1 (160 bit key, 64 byte blocks): 10429 operations in 1 seconds (667456 bytes)
  6 [  529.463386] test 2 (160 bit key, 256 byte blocks): 10238 operations in 1 seconds (2620928 bytes)
  7 [  530.463391] test 3 (160 bit key, 512 byte blocks): 8528 operations in 1 seconds (4366336 bytes)
  8 [  531.463317] test 4 (160 bit key, 1024 byte blocks): 6847 operations in 1 seconds (7011328 bytes)
  9 [  532.463307] test 5 (160 bit key, 2048 byte blocks): 5475 operations in 1 seconds (11212800 bytes)
 10 [  533.463393] test 6 (160 bit key, 4096 byte blocks): 3682 operations in 1 seconds (15081472 bytes)
 11 [  534.463448] test 7 (160 bit key, 8192 byte blocks): 2282 operations in 1 seconds (18694144 bytes)
 12 [  535.463640]
 13 [  535.463640] testing speed of gcm(aes) (gcm-aes-omap) encryption
 14 [  535.472929] test 0 (160 bit key, 16 byte blocks): 11566 operations in 1 seconds (185056 bytes)
 15 [  536.473390] test 1 (160 bit key, 64 byte blocks): 10843 operations in 1 seconds (693952 bytes)
 16 [  537.473383] test 2 (160 bit key, 256 byte blocks): 10041 operations in 1 seconds (2570496 bytes)
 17 [  538.473439] test 3 (160 bit key, 512 byte blocks): 8860 operations in 1 seconds (4536320 bytes)
 18 [  539.473290] test 4 (160 bit key, 1024 byte blocks): 6913 operations in 1 seconds (7078912 bytes)
 19 [  540.473508] test 5 (160 bit key, 2048 byte blocks): 5494 operations in 1 seconds (11251712 bytes)
 20 [  541.473423] test 6 (160 bit key, 4096 byte blocks): 3631 operations in 1 seconds (14872576 bytes)
 21 [  542.473614] test 7 (160 bit key, 8192 byte blocks): 2230 operations in 1 seconds (18268160 bytes)

    Jing Shao said:
    In  addition,  have you tried to run a HTTPS server with the HWA?

    No.