DPDK patches and discussions
 help / color / mirror / Atom feed
From: "Trahe, Fiona" <fiona.trahe@intel.com>
To: "Nowak, DamianX" <damianx.nowak@intel.com>,
	"dev@dpdk.org" <dev@dpdk.org>,
	 "De Lara Guarch, Pablo" <pablo.de.lara.guarch@intel.com>
Cc: "Kusztal, ArkadiuszX" <arkadiuszx.kusztal@intel.com>,
	"Trahe, Fiona" <fiona.trahe@intel.com>,
	Akhil Goyal <akhil.goyal@nxp.com>
Subject: Re: [dpdk-dev] [PATCH v2 01/10] cryptodev: document usage of digest-appended operations
Date: Thu, 13 Jun 2019 13:56:14 +0000	[thread overview]
Message-ID: <348A99DA5F5B7549AA880327E580B4358978FBD3@IRSMSX101.ger.corp.intel.com> (raw)
In-Reply-To: <20190607100608.16212-2-damianx.nowak@intel.com>

Hi Damian,

> -----Original Message-----
> From: Nowak, DamianX
> Sent: Friday, June 7, 2019 11:06 AM
> To: dev@dpdk.org
> Cc: Trahe, Fiona <fiona.trahe@intel.com>; Kusztal, ArkadiuszX <arkadiuszx.kusztal@intel.com>; Nowak,
> DamianX <damianx.nowak@intel.com>
> Subject: [PATCH v2 01/10] cryptodev: document usage of digest-appended operations
> 
> This patch explains what are the conditions
> and how to use digest appended for auth-cipher
> operations.
> 
> Signed-off-by: Damian Nowak <damianx.nowak@intel.com>
> ---
>  lib/librte_cryptodev/rte_crypto_sym.h | 43 +++++++++++++++++++++++++++++++++++
>  1 file changed, 43 insertions(+)
> 
> diff --git a/lib/librte_cryptodev/rte_crypto_sym.h b/lib/librte_cryptodev/rte_crypto_sym.h
> index c80e90e..b211bf5 100644
> --- a/lib/librte_cryptodev/rte_crypto_sym.h
> +++ b/lib/librte_cryptodev/rte_crypto_sym.h
> @@ -662,6 +662,49 @@ struct rte_crypto_sym_op {
>  					 * physically contiguous memory at this
>  					 * location.
>  					 *
> +					 * @note
[Fiona] I suggest adding "Digest-encrypted case." at start of this note. 
> +					 * Digest can be generated, appended to
> +					 * the end of raw data and encrypted
> +					 * together using chained digest
> +					 * generation
> +					 * (@ref RTE_CRYPTO_AUTH_OP_GENERATE)
> +					 * and encryption
> +					 * (@ref RTE_CRYPTO_CIPHER_OP_ENCRYPT)
> +					 * xforms. Similarly, authentication
> +					 * of the raw data against appended,
> +					 * decrypted digest, can be performed
> +					 * using decryption
> +					 * (@ref RTE_CRYPTO_CIPHER_OP_DECRYPT)
> +					 * and digest verification
> +					 * (@ref RTE_CRYPTO_AUTH_OP_VERIFY)
> +					 * chained xforms.
> +					 * To perform those operations, a few
> +					 * additional conditions must be met:
> +					 * - caller must allocate at least
> +					 * digest_length of memory at the end of
> +					 * source and (in case of out-of-place
> +					 * operations) destination buffer; those
> +					 * buffers can be linear or split using
> +					 * scatter-gather lists,
> +					 * - digest data pointer must point to
> +					 * the end of source or (in case of
> +					 * out-of-place operations) destination
> +					 * data, which is pointer to the raw
> +					 * data buffer + auth.data.offset +
> +					 * auth.data.length,
[Fiona] The word raw is confusing here - better leave it out.
i.e. in auth-then-encrypt direction and OOP, the dest buffer doesn't hold raw data, it holds encrypted data.
Copying Pablo - this is slightly different to what we suggested in RFC - can you review for the aesni-mb PMD please.

 
> +					 * - cipher.data.offset +
> +					 * cipher.data.length must be greater
> +					 * than auth.data.offset +
> +					 * auth.data.length and is typically
> +					 * equal to auth.data.offset +
> +					 * auth.data.length + digest_length.
> +					 *
> +					 * Note, that for security reasons, it
> +					 * is PMDs' responsibility to not
> +					 * leave an unencrypted digest in any
> +					 * buffer after performing auth-cipher
> +					 * operations.
> +					 *
[Fiona] below this is a separate note, which applies to all cases, not just to digest-encrypted case
so better move it back to above the digest-encrypted note
>  					 * For digest generation, the digest result
>  					 * will overwrite any data at this location.
>  					 *
> --
> 2.7.4


  reply	other threads:[~2019-06-13 13:56 UTC|newest]

Thread overview: 42+ messages / expand[flat|nested]  mbox.gz  Atom feed  top
2019-06-03 14:50 [dpdk-dev] [PATCH 0/9] add QAT support for digest encrypted Nowak
2019-06-03 14:50 ` [dpdk-dev] [PATCH 1/9] crypto/qat: check buffer size for oop auth-cipher Nowak
2019-06-03 14:50 ` [dpdk-dev] [PATCH 2/9] test/crypto: add snow3g test cases for oop operation Nowak
2019-06-03 14:50 ` [dpdk-dev] [PATCH 3/9] test/crypto: add kasumi " Nowak
2019-06-03 14:50 ` [dpdk-dev] [PATCH 4/9] test/crypto: add sgl test cases for ip and oop Nowak
2019-06-03 14:50 ` [dpdk-dev] [PATCH 5/9] cryptodev: document usage of digest-appended operations Nowak
2019-06-04  9:11   ` Mcnamara, John
2019-06-03 14:50 ` [dpdk-dev] [PATCH 6/9] cryptodev: add digest encrypted feature flag Nowak
2019-06-03 14:50 ` [dpdk-dev] [PATCH 7/9] crypto/qat: " Nowak
2019-06-04 13:45   ` Trahe, Fiona
2019-06-03 14:50 ` [dpdk-dev] [PATCH 8/9] test/crypto: add digest encrypted feature flag check Nowak
2019-06-03 14:50 ` [dpdk-dev] [PATCH 9/9] test/crypto: return correct value if feature not supported Nowak
2019-06-04 13:16 ` [dpdk-dev] [PATCH 0/9] add QAT support for digest encrypted Trahe, Fiona
2019-06-07 10:05 ` [dpdk-dev] [PATCH v2 00/10] cryptodev: support encrypted-digest use-cases Damian Nowak
2019-06-07 10:05   ` [dpdk-dev] [PATCH v2 01/10] cryptodev: document usage of digest-appended operations Damian Nowak
2019-06-13 13:56     ` Trahe, Fiona [this message]
2019-06-07 10:05   ` [dpdk-dev] [PATCH v2 02/10] cryptodev: add digest encrypted feature flag Damian Nowak
2019-06-13 14:16     ` Trahe, Fiona
2019-06-07 10:06   ` [dpdk-dev] [PATCH v2 03/10] crypto/qat: handle buffer size for digest-encrypted auth-cipher Damian Nowak
2019-06-07 10:06   ` [dpdk-dev] [PATCH v2 04/10] crypto/qat: add digest encrypted feature flag Damian Nowak
2019-06-13  8:18     ` Akhil Goyal
2019-06-07 10:06   ` [dpdk-dev] [PATCH v2 05/10] test/crypto: add snow3g test cases for auth-cipher Damian Nowak
2019-06-07 10:06   ` [dpdk-dev] [PATCH v2 06/10] test/crypto: add kasumi " Damian Nowak
2019-06-07 10:06   ` [dpdk-dev] [PATCH v2 07/10] test/crypto: add sgl test cases for ip and oop Damian Nowak
2019-06-07 10:06   ` [dpdk-dev] [PATCH v2 08/10] test/crypto: return correct value if feature not supported Damian Nowak
2019-06-07 10:06   ` [dpdk-dev] [PATCH v2 09/10] doc/crypto: document digest-encrypted limitations in qat Damian Nowak
2019-06-13  8:12     ` Akhil Goyal
2019-06-07 10:06   ` [dpdk-dev] [PATCH v2 10/10] doc: update release notes for 19.08 Damian Nowak
2019-06-13  8:14     ` Akhil Goyal
2019-07-03 11:15   ` [dpdk-dev] [PATCH v3 0/8] cryptodev: support encrypted-digest use-cases Damian Nowak
2019-07-03 11:15     ` [dpdk-dev] [PATCH v3 1/8] cryptodev: document usage of digest-appended operations Damian Nowak
2019-07-03 16:13       ` De Lara Guarch, Pablo
2019-07-03 11:15     ` [dpdk-dev] [PATCH v3 2/8] cryptodev: add digest encrypted feature flag Damian Nowak
2019-07-03 16:14       ` De Lara Guarch, Pablo
2019-07-05  7:10         ` Akhil Goyal
2019-07-03 11:15     ` [dpdk-dev] [PATCH v3 3/8] crypto/qat: extend support for digest-encrypted auth-cipher Damian Nowak
2019-07-03 11:15     ` [dpdk-dev] [PATCH v3 4/8] test/crypto: add snow3g test cases for auth-cipher Damian Nowak
2019-07-03 11:15     ` [dpdk-dev] [PATCH v3 5/8] test/crypto: add zuc " Damian Nowak
2019-07-03 11:15     ` [dpdk-dev] [PATCH v3 6/8] test/crypto: add kasumi " Damian Nowak
2019-07-03 11:15     ` [dpdk-dev] [PATCH v3 7/8] test/crypto: add sgl test cases for ip and oop Damian Nowak
2019-07-03 11:15     ` [dpdk-dev] [PATCH v3 8/8] test/crypto: return correct value if feature not supported Damian Nowak
2019-07-03 15:28     ` [dpdk-dev] [PATCH v3 0/8] cryptodev: support encrypted-digest use-cases Trahe, Fiona

Reply instructions:

You may reply publicly to this message via plain-text email
using any one of the following methods:

* Save the following mbox file, import it into your mail client,
  and reply-to-all from there: mbox

  Avoid top-posting and favor interleaved quoting:
  https://en.wikipedia.org/wiki/Posting_style#Interleaved_style

* Reply using the --to, --cc, and --in-reply-to
  switches of git-send-email(1):

  git send-email \
    --in-reply-to=348A99DA5F5B7549AA880327E580B4358978FBD3@IRSMSX101.ger.corp.intel.com \
    --to=fiona.trahe@intel.com \
    --cc=akhil.goyal@nxp.com \
    --cc=arkadiuszx.kusztal@intel.com \
    --cc=damianx.nowak@intel.com \
    --cc=dev@dpdk.org \
    --cc=pablo.de.lara.guarch@intel.com \
    /path/to/YOUR_REPLY

  https://kernel.org/pub/software/scm/git/docs/git-send-email.html

* If your mail client supports setting the In-Reply-To header
  via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).