Optimizing use of SSL?
Md Sohail Ahmad
Wed Feb 2 23:23:12 PST 2011
4096 is fixed in the standard to map "Passphrase" to PSK using PBKDF2 method. Modifying this would break the interoperability.
--- On Thu, 3/2/11, Ben Greear <greearb at candelatech.com> wrote:
From: Ben Greear <greearb at candelatech.com>
Subject: Re: Optimizing use of SSL?
To: hostap at lists.shmoo.com
Date: Thursday, 3 February, 2011, 5:35 AM
On 02/02/2011 03:38 PM, Ben Greear wrote:
> I've been looking at ways to optimize wpa_supplicant for when we are using
> lots and lots of vifs (say, 128).? These are configured to use WPA,
> and the NIC (ath9k) is set to software-encryption in order to work with multiple
> I ran it under callgrind (valgrind --tool=callgrind) with only
> 16 vifs, and libcrypto seems to be using most of the CPU.
> I'm wondering if anyone has any ideas for ways to optimize
> supplicant to work better in this case.? I was thinking it
> should only be passing relatively few pkts around, so I'm
> not too sure why it's such a CPU hog.
Hrm, seems that a lot of the cost is calculating
???Frame: Backtrace for Thread 1
? ? [ 0]? EVP_DigestInit_ex (209361 x)
? ? [ 1]? openssl_digest_vector (209361 x)
? ? [ 2]? sha1_vector (104681 x)
? ? [ 3]? hmac_sha1_vector (104655 x)
? ? [ 4]? hmac_sha1 (104629 x)
? ? [ 5]? pbkdf2_sha1 (13 x)
? ? [ 6]? wpa_config_update_psk (13 x)
? ? [ 7]? wpa_config_read (13 x)
? ? [ 8]? wpa_supplicant_add_iface (13 x)
? ? [ 9]? main (1 x)
? ? ? (below main) (1 x)
? ? ? 0x0804c220 (1 x)
? ? ? 0x4d80d870
Specifically, this method has a pretty mean loop:
It loops for all iterations, which is passed in as 4096
by this method below:
? * wpa_config_update_psk - Update WPA PSK based on passphrase and SSID
? * @ssid: Pointer to network configuration data
? * This function must be called to update WPA PSK when either SSID or the
? * passphrase has changed for the network configuration.
void wpa_config_update_psk(struct wpa_ssid *ssid)
??? ??? ? ? (char *) ssid->ssid, ssid->ssid_len, 4096,
??? ??? ? ? ssid->psk, PMK_LEN);
??? wpa_hexdump_key(MSG_MSGDUMP, "PSK (from passphrase)",
??? ??? ??? ssid->psk, PMK_LEN);
??? ssid->psk_set = 1;
#endif /* CONFIG_NO_PBKDF2 */
Is it required to do that 4096 times, or is it just higher
grade encryption that way?? If something lesser would be
adequate, maybe I can make it a configurable value?
-------------- next part --------------
An HTML attachment was scrubbed...
More information about the Hostap