From: "Dybkowski, AdamX" <adamx.dybkowski@intel.com>
To: "Trahe, Fiona" <fiona.trahe@intel.com>,
Anoob Joseph <anoobj@marvell.com>, "dev@dpdk.org" <dev@dpdk.org>,
"akhil.goyal@nxp.com" <akhil.goyal@nxp.com>
Cc: "stable@dpdk.org" <stable@dpdk.org>
Subject: Re: [dpdk-stable] [dpdk-dev] [PATCH] cryptodev: fix SHA-1 digest enum comment
Date: Tue, 19 May 2020 12:19:20 +0000 [thread overview]
Message-ID: <BY5PR11MB391041ED2B4875DFCBF4A6A9EDB90@BY5PR11MB3910.namprd11.prod.outlook.com> (raw)
In-Reply-To: <SN6PR11MB28804FA977A4AEE0504EAD06E4B90@SN6PR11MB2880.namprd11.prod.outlook.com>
> -----Original Message-----
> From: Trahe, Fiona <fiona.trahe@intel.com>
> Sent: Tuesday, 19 May, 2020 12:29
> To: Dybkowski, AdamX <adamx.dybkowski@intel.com>; Anoob Joseph
> <anoobj@marvell.com>; dev@dpdk.org; akhil.goyal@nxp.com
> Cc: stable@dpdk.org; Trahe, Fiona <fiona.trahe@intel.com>
> Subject: RE: [dpdk-dev] [PATCH] cryptodev: fix SHA-1 digest enum comment
>
> Hi Adam, Anoob,
>
>
> > > > >
> > > > > > -----Original Message-----
> > > > > > From: dev <dev-bounces@dpdk.org> On Behalf Of Adam Dybkowski
> > > > > > Sent: Monday, May 18, 2020 7:54 PM
> > > > > > To: dev@dpdk.org; fiona.trahe@intel.com; akhil.goyal@nxp.com
> > > > > > Cc: Adam Dybkowski <adamx.dybkowski@intel.com>;
> > > > > > stable@dpdk.org
> > > > > > Subject: [dpdk-dev] [PATCH] cryptodev: fix SHA-1 digest enum
> > > > > > comment
> > > > > >
> > > > > > This patch fixes improper SHA-1 digest size in the enum comment.
> > > > > >
> > > > > > Fixes: 1bd407fac80b ("cryptodev: extract symmetric
> > > > > > operations")
> > > > > > Cc: stable@dpdk.org
> > > > > >
> > > > > > Signed-off-by: Adam Dybkowski <adamx.dybkowski@intel.com>
> > > > > > ---
> > > > > > lib/librte_cryptodev/rte_crypto_sym.h | 4 ++--
> > > > > > 1 file changed, 2 insertions(+), 2 deletions(-)
> > > > > >
> > > > > > diff --git a/lib/librte_cryptodev/rte_crypto_sym.h
> > > > > > b/lib/librte_cryptodev/rte_crypto_sym.h
> > > > > > index d9585ecd6..9cea4e5f0 100644
> > > > > > --- a/lib/librte_cryptodev/rte_crypto_sym.h
> > > > > > +++ b/lib/librte_cryptodev/rte_crypto_sym.h
> > > > > > @@ -269,9 +269,9 @@ enum rte_crypto_auth_algorithm {
> > > > > > /**< HMAC using MD5 algorithm */
> > > > > >
> > > > > > RTE_CRYPTO_AUTH_SHA1,
> > > > > > - /**< 128 bit SHA algorithm. */
> > > > > > + /**< 160 bit SHA algorithm. */
> > > > > > RTE_CRYPTO_AUTH_SHA1_HMAC,
> > > > > > - /**< HMAC using 128 bit SHA algorithm. */
> > > > > > + /**< HMAC using 160 bit SHA algorithm. */
> > > > >
> > > > > [Anoob] This raises one interesting question. Is HMAC-SHA-1-96
> > > > > (https://urldefense.proofpoint.com/v2/url?u=https-3A__tools.ietf
> > > > > .org
> > > > > _h
> > > > >
> > > >
> > >
> tml_rfc2404&d=DwIFAg&c=nKjWec2b6R0mOyPaz7xtfQ&r=jPfB8rwwviRSxyL
> > > Ws2
> > > > n6B-
> > > >
> > >
> WYLn1v9SyTMrT5EQqh2TU&m=pgqB2BfFosCF_7l1SdoodgXcipf7G1ofht68ZK
> > > Mt
> > > > oW0&s=hxzUN2QfRJGaR7NQ7VKGm5oQvOZez6Z70mqOyg7gKTY&e= )
> > > treated as a
> > > > separate algorithm or is it a digest size variant of
> > > > RTE_CRYPTO_AUTH_SHA1_HMAC? I assume the later.
> > > >
> > > > [Adam] DPDK doesn't have separate enums for such variations.
> > > > According to RFC 2104, chapter "5. Truncated output", the
> > > > calculation of
> > > > HMAC-SHA-1-96 is done using ordinary HMAC-SHA-1, but the
> > > > calculation result is then truncated to 96 bits, or any other
> > > > digest size provided in auth
> > > xform.
> > >
> > > [Anoob] So it is allowed to support digest sizes 12 & 20, right? Can
> > > you update the above comment in that case?
> >
> > [Adam] This depends on a particular PMD and its capabilities so we
> > cannot write here in this public header file. For example, have a look in the
> capabilities structure of QAT PMD:
> >
> > { /* SHA1 */ \
> > .op = RTE_CRYPTO_OP_TYPE_SYMMETRIC,
> \
> > {.sym = { \
> > .xform_type = RTE_CRYPTO_SYM_XFORM_AUTH,
> \
> > {.auth = { \
> > .algo = RTE_CRYPTO_AUTH_SHA1,
> \
> > .block_size = 64, \
> > .key_size = { \
> > .min = 0, \
> > .max = 0, \
> > .increment = 0 \
> > }, \
> > .digest_size = { \
> > .min = 1, \
> > .max = 20, \
> > .increment = 1 \
> > }, \
> > .iv_size = { 0 } \
> > }, } \
> > }, } \
> > }, \
> >
> > It shows QAT PMD is able to truncate the output digest to any size from 1
> to 20 bytes (160 bits).
> >
> > This can be different in other PMDs, for example OpenSSL and CCP PMDs
> > allow only 20-byte digests here while Marvell MVSAM allows 12-20 bytes.
> >
> > Adam
> [Fiona] True. But as 96 bits is a standard variant described in the spec, how
> about adding
>
> /**< HMAC using 160 bit SHA algorithm.
> HMAC-SHA-1-96 can be generated by setting digest_size to 12 */
[Adam] OK, sent this update as v2.
> This doesn't imply that all PMDs must support that - same as for any other
> feature, the capabilities can vary.
prev parent reply other threads:[~2020-05-19 12:19 UTC|newest]
Thread overview: 8+ messages / expand[flat|nested] mbox.gz Atom feed top
2020-05-18 14:23 [dpdk-stable] " Adam Dybkowski
2020-05-19 5:54 ` [dpdk-stable] [dpdk-dev] " Anoob Joseph
2020-05-19 9:31 ` Dybkowski, AdamX
2020-05-19 9:40 ` Anoob Joseph
2020-05-19 10:11 ` Dybkowski, AdamX
2020-05-19 10:29 ` Trahe, Fiona
2020-05-19 10:47 ` Anoob Joseph
2020-05-19 12:19 ` Dybkowski, AdamX [this message]
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=BY5PR11MB391041ED2B4875DFCBF4A6A9EDB90@BY5PR11MB3910.namprd11.prod.outlook.com \
--to=adamx.dybkowski@intel.com \
--cc=akhil.goyal@nxp.com \
--cc=anoobj@marvell.com \
--cc=dev@dpdk.org \
--cc=fiona.trahe@intel.com \
--cc=stable@dpdk.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).