DPDK patches and discussions
 help / color / mirror / Atom feed
From: Thomas Monjalon <thomas@monjalon.net>
To: "Kusztal, ArkadiuszX" <arkadiuszx.kusztal@intel.com>
Cc: "dev@dpdk.org" <dev@dpdk.org>,
	"akhil.goyal@nxp.com" <akhil.goyal@nxp.com>,
	"anoobj@marvell.com" <anoobj@marvell.com>,
	"Doherty, Declan" <declan.doherty@intel.com>,
	"Trahe, Fiona" <fiona.trahe@intel.com>,
	"asomalap@amd.com" <asomalap@amd.com>,
	"rnagadheeraj@marvell.com" <rnagadheeraj@marvell.com>,
	"hemant.agrawal@nxp.com" <hemant.agrawal@nxp.com>,
	"De Lara Guarch, Pablo" <pablo.de.lara.guarch@intel.com>,
	"Zhang, Roy Fan" <roy.fan.zhang@intel.com>
Subject: Re: [dpdk-dev] [PATCH v2] doc: announce move of aes gmac algorithm to aead
Date: Tue, 01 Sep 2020 10:18:53 +0200
Message-ID: <10057334.se6I27zTtR@thomas> (raw)
In-Reply-To: <CY4PR11MB18306E2CC1EB041B6295A9C49F510@CY4PR11MB1830.namprd11.prod.outlook.com>

31/08/2020 08:34, Kusztal, ArkadiuszX:
> From: Thomas Monjalon <thomas@monjalon.net> 
> > 05/08/2020 17:15, Arek Kusztal:
> > > This patch announces removal of RTE_CRYPTO_AUTH_AES_GMAC from
> > > rte_crypto_auth_algorithm and addition of RTE_CRYPTO_AEAD_AES_GMAC to
> > > rte_crypto_aead_algorithm.
> > > AES-GMAC is variation of AES-GCM algorithm with the difference that it
> > > does not perform encryption. As a matter of fact internally there is
> > > no difference between GMAC and GCM except for the way how data is
> > > passed.
> > > Moving GMAC to AEAD can simplify way of implementing this alogrithm
> > > for example in IPsec (RFC4543).
> > > 
> > > Signed-off-by: Arek Kusztal <arkadiuszx.kusztal@intel.com>
> > > ---
> > > --- a/doc/guides/rel_notes/deprecation.rst
> > > +++ b/doc/guides/rel_notes/deprecation.rst
> > > +* cryptodev: ``RTE_CRYPTO_AUTH_AES_GMAC`` will no longer be included
> > > +in
> > > +  ``enum rte_crypto_auth_algorithm``. It will be included in
> > > +  ``enum rte_crypto_aead_algorithm`` as ``RTE_CRYPTO_AEAD_AES_GMAC``.
> > 
> > I wonder whether this move shows a problem in classification of the crypto
> > algorithms.
> 
> [Arek] - it is not particularly bad that GMAC is auth algorithm, it really depends on lib (openssl PMD internally uses conformant approach I have suggested in other mail).
> But from what I currently see GMAC as AEAD is preferred way, I think this subject may be back in future.

The strange thing is that AEAD is a kind of authentication, isn't it?
I would see it as a subset of auth algos.

> Anyway this proposal didn't meet its audience.
> Because of the lack of ack (3 required), it cannot be accepted.

Indeed. Why others did not approve?
What is the consequence?



  reply	other threads:[~2020-09-01  8:18 UTC|newest]

Thread overview: 5+ messages / expand[flat|nested]  mbox.gz  Atom feed  top
2020-08-05 15:15 Arek Kusztal
2020-08-07 21:49 ` Thomas Monjalon
2020-08-31  6:34   ` Kusztal, ArkadiuszX
2020-09-01  8:18     ` Thomas Monjalon [this message]
2020-09-01 10:57       ` Kusztal, ArkadiuszX

Reply instructions:

You may reply publicly to this message via plain-text email
using any one of the following methods:

* Save the following mbox file, import it into your mail client,
  and reply-to-all from there: mbox

  Avoid top-posting and favor interleaved quoting:
  https://en.wikipedia.org/wiki/Posting_style#Interleaved_style

* Reply using the --to, --cc, and --in-reply-to
  switches of git-send-email(1):

  git send-email \
    --in-reply-to=10057334.se6I27zTtR@thomas \
    --to=thomas@monjalon.net \
    --cc=akhil.goyal@nxp.com \
    --cc=anoobj@marvell.com \
    --cc=arkadiuszx.kusztal@intel.com \
    --cc=asomalap@amd.com \
    --cc=declan.doherty@intel.com \
    --cc=dev@dpdk.org \
    --cc=fiona.trahe@intel.com \
    --cc=hemant.agrawal@nxp.com \
    --cc=pablo.de.lara.guarch@intel.com \
    --cc=rnagadheeraj@marvell.com \
    --cc=roy.fan.zhang@intel.com \
    /path/to/YOUR_REPLY

  https://kernel.org/pub/software/scm/git/docs/git-send-email.html

* If your mail client supports setting the In-Reply-To header
  via mailto: links, try the mailto: link

DPDK patches and discussions

This inbox may be cloned and mirrored by anyone:

	git clone --mirror https://inbox.dpdk.org/dev/0 dev/git/0.git

	# If you have public-inbox 1.1+ installed, you may
	# initialize and index your mirror using the following commands:
	public-inbox-init -V2 dev dev/ https://inbox.dpdk.org/dev \
		dev@dpdk.org
	public-inbox-index dev

Example config snippet for mirrors.
Newsgroup available over NNTP:
	nntp://inbox.dpdk.org/inbox.dpdk.dev


AGPL code for this site: git clone https://public-inbox.org/public-inbox.git