From: "Medvedkin, Vladimir" <vladimir.medvedkin@intel.com>
To: Stephen Hemminger <stephen@networkplumber.org>,
"dev@dpdk.org" <dev@dpdk.org>
Cc: "Wang, Yipeng1" <Yipeng1.Wang@intel.com>,
"Gobriel, Sameh" <sameh.gobriel@intel.com>,
"Richardson, Bruce" <bruce.richardson@intel.com>
Subject: Re: [PATCH v6] lib/hash: add siphash
Date: Wed, 16 Oct 2024 16:48:12 +0100 [thread overview]
Message-ID: <93e1fd04-5246-4ee6-bfeb-2d82091cff06@intel.com> (raw)
In-Reply-To: <20240801153130.63407-1-stephen@networkplumber.org>
Hi Stephen,
Thanks for introducing this hash function.
I have just a few nits:
On 01/08/2024 16:31, Stephen Hemminger wrote:
> The existing hash functions in DPDK are not cryptographically
> secure and can be subject to carefully crafted packets causing
> DoS attack.
Currently in DPDK we have 3 hash functions, 2 of them can be used with
our cuckoo hash table implementation:
1. CRC - Very weak, do not use with hash table if you don't fully
control all keys to install into a hash table.
2. Toeplitz - keyed hash function, not used with hash tables, fastest if
you have GFNI, level of diffusion fully depends on the hash key, weak
against differential crypto analysis. Technically may be used with hash
tables in number of usecases.
3. Jenkins hash (lookup3) - and here I can not say that it is not secure
and it is subject to collisions. I'm not aware on any successful attacks
on it, it has a great diffusion (see https://doi.org/10.1002/spe.2179).
It is also keyed with the same size of the key as rte_hsiphash().
So I won't agree with this sentence.
>
> Add SipHash which is a fast and cryptographicly sound hash
> created by Jean-Philippe Aumasson and Daniel J. Bernstein.
> Siphash is widely used by Linux, FreeBSD, OpenBSD and other
> projects because it is fast and resistant to DoS attacks.
> This version is designed to be useful as alternative hash
> with cuckoo hash in DPDK.
>
> Implementation is based of the public domain and Creative
> Common license reference version as well as some optimizations
> from the GPL-2 or BSD-3 licensed version in Linux.
>
> Signed-off-by: Stephen Hemminger <stephen@networkplumber.org>
> ---
> v6 - rebase to 24.07
>
> app/test/test_hash_functions.c | 75 +++++++++++++-
> lib/hash/meson.build | 2 +
> lib/hash/rte_siphash.c | 176 +++++++++++++++++++++++++++++++++
> lib/hash/rte_siphash.h | 87 ++++++++++++++++
> lib/hash/version.map | 4 +
> 5 files changed, 340 insertions(+), 4 deletions(-)
> create mode 100644 lib/hash/rte_siphash.c
> create mode 100644 lib/hash/rte_siphash.h
<snip>
> + return (v0 ^ v1) ^ (v2 ^ v3);
do we need parentheses here? XOR is associative and commutative, the
compiler must figure out by itself in which order it will be better to
add them together
<snip>
Also please add release notes.
Apart from it - LGTM.
Acked-by: Vladimir Medvedkin <vladimir.medvedkin@intel.com>
--
Regards,
Vladimir
next prev parent reply other threads:[~2024-10-16 15:48 UTC|newest]
Thread overview: 12+ messages / expand[flat|nested] mbox.gz Atom feed top
2024-02-27 17:39 [PATCH] lib/hash: add SipHash function Stephen Hemminger
2024-02-27 19:14 ` [PATCH v2] lib/hash: add siphash Stephen Hemminger
2024-02-27 21:57 ` Mattias Rönnblom
2024-02-27 22:34 ` Stephen Hemminger
2024-02-29 0:32 ` [PATCH v3] " Stephen Hemminger
2024-05-29 15:47 ` [PATCH v4] " Stephen Hemminger
2024-06-17 14:58 ` [PATCH v5] " Stephen Hemminger
2024-06-19 14:24 ` Thomas Monjalon
2024-08-01 15:31 ` [PATCH v6] " Stephen Hemminger
2024-10-16 15:48 ` Medvedkin, Vladimir [this message]
2024-10-16 17:07 ` Stephen Hemminger
2024-10-16 18:06 ` Medvedkin, Vladimir
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=93e1fd04-5246-4ee6-bfeb-2d82091cff06@intel.com \
--to=vladimir.medvedkin@intel.com \
--cc=Yipeng1.Wang@intel.com \
--cc=bruce.richardson@intel.com \
--cc=dev@dpdk.org \
--cc=sameh.gobriel@intel.com \
--cc=stephen@networkplumber.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).