DPDK patches and discussions
 help / color / mirror / Atom feed
From: "Kusztal, ArkadiuszX" <arkadiuszx.kusztal@intel.com>
To: "Trahe, Fiona" <fiona.trahe@intel.com>,
	"dev@dpdk.org" <dev@dpdk.org>,
	"Doherty, Declan" <declan.doherty@intel.com>,
	"De Lara Guarch, Pablo" <pablo.de.lara.guarch@intel.com>,
	"akhil.goyal@nxp.com" <akhil.goyal@nxp.com>,
	"ravi1.kumar@amd.com" <ravi1.kumar@amd.com>,
	"tdu@semihalf.com" <tdu@semihalf.com>,
	"lironh@marvell.com" <lironh@marvell.com>,
	"walan@marvell.com" <walan@marvell.com>,
	Michael Shamis <michaelsh@marvell.com>
Subject: Re: [dpdk-dev] [RFC] cryptodev/sym: GCM IV len != 12 byte case
Date: Mon, 1 Apr 2019 13:53:16 +0000	[thread overview]
Message-ID: <06EE24DD0B19E248B53F6DC8657831551B14EF77@hasmsx109.ger.corp.intel.com> (raw)
Message-ID: <20190401135316.0neY1zh8IYakGcvdo4FprOaPNc8SXQgoe6qcPImonmQ@z> (raw)
In-Reply-To: <348A99DA5F5B7549AA880327E580B4358972374E@IRSMSX101.ger.corp.intel.com>

[-- Warning: decoded text below may be mangled, UTF-8 assumed --]
[-- Attachment #1: Type: text/plain; charset="UTF-8", Size: 3888 bytes --]

Hi Fiona, Pablo,

> -----Original Message-----
> From: Trahe, Fiona
> Sent: Friday, March 29, 2019 7:03 PM
> To: Kusztal, ArkadiuszX <arkadiuszx.kusztal@intel.com>; dev@dpdk.org;
> Doherty, Declan <declan.doherty@intel.com>; De Lara Guarch, Pablo
> <pablo.de.lara.guarch@intel.com>; akhil.goyal@nxp.com;
> ravi1.kumar@amd.com; tdu@semihalf.com; lironh@marvell.com;
> walan@marvell.com; Michael Shamis <michaelsh@marvell.com>
> Cc: Trahe, Fiona <fiona.trahe@intel.com>
> Subject: RE: [RFC] cryptodev/sym: GCM IV len != 12 byte case
> 
> Hi Arek,
> 
> > -----Original Message-----
> > From: Kusztal, ArkadiuszX
> > Sent: Wednesday, March 20, 2019 6:47 PM
> > To: dev@dpdk.org; Trahe, Fiona <fiona.trahe@intel.com>; Doherty,
> > Declan <declan.doherty@intel.com>; De Lara Guarch, Pablo
> > <pablo.de.lara.guarch@intel.com>; akhil.goyal@nxp.com;
> > ravi1.kumar@amd.com; tdu@semihalf.com; lironh@marvell.com;
> > walan@marvell.com
> > Subject: [RFC] cryptodev/sym: GCM IV len != 12 byte case
> >
> > Hi all,
> >
> > There is a proposition to amend a bit API due to the following lines:
> >
> > * - For GCM mode, this is either 12 (for 96-bit IVs)
> >  * or 16, in which case data points to J0.
> > ...
> > } iv;   /**< Initialisation vector parameters */
> >
> >
> > Problem arise when driver cannot support J0 input, right now we know
> > that OPENSSL PMD works with IV instead of J0 when iv_len != 12.
> > So it may be that we have to somehow support both. There are two
> > options, and I am very curious about community opinion.
> >
> > 1) Add a flag to aead_xform.iv to supports IV or J0 like this:
> > uint8_t IV_used;
> > And this could be reflected in capabilities. Of course for 96bits IV
> > this field would not be used, so it would had to be set only for
> > iv.length != 12
> > 2) Change API comments to something like:
> > * - For GCM mode, this is either 12 (for 96-bit IVs),
> > * - for IV length different than 96 bits it is or J0 or IV,
> > * - refer to specific driver rst or capabilities which one
> > * - is supported, etc. (J0 by definition is of 16 bytes len)
> >
> > I cc'ing maintainers of drivers that support iv_len != 12 bytes.
> > Cannot check how it works as I have no hw.
> >
> > Regards,
> > Arek
> 
> [Fiona] Pablo suggested a simpler approach. Same functional change in API -
> i.e. support input in both J0 and IV formats, but different implementation, no
> need for new flags in session or capabilities. Proposal is to use special value 0
> to indicate J0 format, in both capabilities and xform, i.e.
> appl passes in rte_crypto_cipher_xform.iv.length = 0  => J0 format, already
> known to be 16bytes, so no need for explicit length info appl passes in
> iv.length > 0  => IV, so PMD must derive J0. (current API, no change here)
> 
> Capability example1: PMD can accept a 16-byte J0 OR a 12 byte IV .iv_size = {
> 	.min = 0,
> 	.max = 12,
> 	.increment = 12
> }
> Capability example2: PMD can accept IV of length 12 and 16, but not J0.
> .iv_size = {
> 	.min = 12,
> 	.max = 16,
> 	.increment = 4
> }
> Capability example3: PMD can accept IV of length between 8 and 128, but
> not J0.
> .iv_size = {
> 	.min = 8,
> 	.max = 128,
> 	.increment = 1
> }
> Capability example4: PMD can accept IV of length between 1 and 128, and
> also J0.
> .iv_size = {
> 	.min = 0,
> 	.max = 128,
> 	.increment = 1
> }
> What do you think?

[AK] Len(iv) == 0 is invalid per GCM spec so its fine for me, although it is very unlikely case that driver would support both iv and J0.

[AK] Only one issue in this proposal and first one I proposed is that the driver which properly implements API directives need to be reworked, and we don't know which driver properly implements it as we have no hardware to check it. So this work need to be somehow synchronized.

Regards,
Arek


  parent reply	other threads:[~2019-04-01 13:53 UTC|newest]

Thread overview: 8+ messages / expand[flat|nested]  mbox.gz  Atom feed  top
2019-03-20 18:47 Kusztal, ArkadiuszX
2019-03-20 18:47 ` Kusztal, ArkadiuszX
2019-03-20 18:50 ` Liron Himi
2019-03-20 18:50   ` Liron Himi
2019-03-29 18:02 ` Trahe, Fiona
2019-03-29 18:02   ` Trahe, Fiona
2019-04-01 13:53   ` Kusztal, ArkadiuszX [this message]
2019-04-01 13:53     ` Kusztal, ArkadiuszX

Reply instructions:

You may reply publicly to this message via plain-text email
using any one of the following methods:

* Save the following mbox file, import it into your mail client,
  and reply-to-all from there: mbox

  Avoid top-posting and favor interleaved quoting:
  https://en.wikipedia.org/wiki/Posting_style#Interleaved_style

* Reply using the --to, --cc, and --in-reply-to
  switches of git-send-email(1):

  git send-email \
    --in-reply-to=06EE24DD0B19E248B53F6DC8657831551B14EF77@hasmsx109.ger.corp.intel.com \
    --to=arkadiuszx.kusztal@intel.com \
    --cc=akhil.goyal@nxp.com \
    --cc=declan.doherty@intel.com \
    --cc=dev@dpdk.org \
    --cc=fiona.trahe@intel.com \
    --cc=lironh@marvell.com \
    --cc=michaelsh@marvell.com \
    --cc=pablo.de.lara.guarch@intel.com \
    --cc=ravi1.kumar@amd.com \
    --cc=tdu@semihalf.com \
    --cc=walan@marvell.com \
    /path/to/YOUR_REPLY

  https://kernel.org/pub/software/scm/git/docs/git-send-email.html

* If your mail client supports setting the In-Reply-To header
  via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).