* [dpdk-stable] [PATCH] cryptodev: fix SHA-1 digest enum comment @ 2020-05-18 14:23 Adam Dybkowski 2020-05-19 5:54 ` [dpdk-stable] [dpdk-dev] " Anoob Joseph 0 siblings, 1 reply; 8+ messages in thread From: Adam Dybkowski @ 2020-05-18 14:23 UTC (permalink / raw) To: dev, fiona.trahe, akhil.goyal; +Cc: Adam Dybkowski, stable This patch fixes improper SHA-1 digest size in the enum comment. Fixes: 1bd407fac80b ("cryptodev: extract symmetric operations") Cc: stable@dpdk.org Signed-off-by: Adam Dybkowski <adamx.dybkowski@intel.com> --- lib/librte_cryptodev/rte_crypto_sym.h | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/lib/librte_cryptodev/rte_crypto_sym.h b/lib/librte_cryptodev/rte_crypto_sym.h index d9585ecd6..9cea4e5f0 100644 --- a/lib/librte_cryptodev/rte_crypto_sym.h +++ b/lib/librte_cryptodev/rte_crypto_sym.h @@ -269,9 +269,9 @@ enum rte_crypto_auth_algorithm { /**< HMAC using MD5 algorithm */ RTE_CRYPTO_AUTH_SHA1, - /**< 128 bit SHA algorithm. */ + /**< 160 bit SHA algorithm. */ RTE_CRYPTO_AUTH_SHA1_HMAC, - /**< HMAC using 128 bit SHA algorithm. */ + /**< HMAC using 160 bit SHA algorithm. */ RTE_CRYPTO_AUTH_SHA224, /**< 224 bit SHA algorithm. */ RTE_CRYPTO_AUTH_SHA224_HMAC, -- 2.17.1 ^ permalink raw reply [flat|nested] 8+ messages in thread
* Re: [dpdk-stable] [dpdk-dev] [PATCH] cryptodev: fix SHA-1 digest enum comment 2020-05-18 14:23 [dpdk-stable] [PATCH] cryptodev: fix SHA-1 digest enum comment Adam Dybkowski @ 2020-05-19 5:54 ` Anoob Joseph 2020-05-19 9:31 ` Dybkowski, AdamX 0 siblings, 1 reply; 8+ messages in thread From: Anoob Joseph @ 2020-05-19 5:54 UTC (permalink / raw) To: Adam Dybkowski, dev, fiona.trahe, akhil.goyal; +Cc: stable Hi Adam, Akhil, Please see inline. Thanks, Anoob > -----Original Message----- > From: dev <dev-bounces@dpdk.org> On Behalf Of Adam Dybkowski > Sent: Monday, May 18, 2020 7:54 PM > To: dev@dpdk.org; fiona.trahe@intel.com; akhil.goyal@nxp.com > Cc: Adam Dybkowski <adamx.dybkowski@intel.com>; stable@dpdk.org > Subject: [dpdk-dev] [PATCH] cryptodev: fix SHA-1 digest enum comment > > This patch fixes improper SHA-1 digest size in the enum comment. > > Fixes: 1bd407fac80b ("cryptodev: extract symmetric operations") > Cc: stable@dpdk.org > > Signed-off-by: Adam Dybkowski <adamx.dybkowski@intel.com> > --- > lib/librte_cryptodev/rte_crypto_sym.h | 4 ++-- > 1 file changed, 2 insertions(+), 2 deletions(-) > > diff --git a/lib/librte_cryptodev/rte_crypto_sym.h > b/lib/librte_cryptodev/rte_crypto_sym.h > index d9585ecd6..9cea4e5f0 100644 > --- a/lib/librte_cryptodev/rte_crypto_sym.h > +++ b/lib/librte_cryptodev/rte_crypto_sym.h > @@ -269,9 +269,9 @@ enum rte_crypto_auth_algorithm { > /**< HMAC using MD5 algorithm */ > > RTE_CRYPTO_AUTH_SHA1, > - /**< 128 bit SHA algorithm. */ > + /**< 160 bit SHA algorithm. */ > RTE_CRYPTO_AUTH_SHA1_HMAC, > - /**< HMAC using 128 bit SHA algorithm. */ > + /**< HMAC using 160 bit SHA algorithm. */ [Anoob] This raises one interesting question. Is HMAC-SHA-1-96 (https://tools.ietf.org/html/rfc2404) treated as a separate algorithm or is it a digest size variant of RTE_CRYPTO_AUTH_SHA1_HMAC? I assume the later. > RTE_CRYPTO_AUTH_SHA224, > /**< 224 bit SHA algorithm. */ > RTE_CRYPTO_AUTH_SHA224_HMAC, > -- > 2.17.1 ^ permalink raw reply [flat|nested] 8+ messages in thread
* Re: [dpdk-stable] [dpdk-dev] [PATCH] cryptodev: fix SHA-1 digest enum comment 2020-05-19 5:54 ` [dpdk-stable] [dpdk-dev] " Anoob Joseph @ 2020-05-19 9:31 ` Dybkowski, AdamX 2020-05-19 9:40 ` Anoob Joseph 0 siblings, 1 reply; 8+ messages in thread From: Dybkowski, AdamX @ 2020-05-19 9:31 UTC (permalink / raw) To: Anoob Joseph, dev, Trahe, Fiona, akhil.goyal; +Cc: stable Hi. My answer below. Adam > -----Original Message----- > From: Anoob Joseph <anoobj@marvell.com> > Sent: Tuesday, 19 May, 2020 07:54 > To: Dybkowski, AdamX <adamx.dybkowski@intel.com>; dev@dpdk.org; > Trahe, Fiona <fiona.trahe@intel.com>; akhil.goyal@nxp.com > Cc: stable@dpdk.org > Subject: RE: [dpdk-dev] [PATCH] cryptodev: fix SHA-1 digest enum comment > > Hi Adam, Akhil, > > Please see inline. > > Thanks, > Anoob > > > -----Original Message----- > > From: dev <dev-bounces@dpdk.org> On Behalf Of Adam Dybkowski > > Sent: Monday, May 18, 2020 7:54 PM > > To: dev@dpdk.org; fiona.trahe@intel.com; akhil.goyal@nxp.com > > Cc: Adam Dybkowski <adamx.dybkowski@intel.com>; stable@dpdk.org > > Subject: [dpdk-dev] [PATCH] cryptodev: fix SHA-1 digest enum comment > > > > This patch fixes improper SHA-1 digest size in the enum comment. > > > > Fixes: 1bd407fac80b ("cryptodev: extract symmetric operations") > > Cc: stable@dpdk.org > > > > Signed-off-by: Adam Dybkowski <adamx.dybkowski@intel.com> > > --- > > lib/librte_cryptodev/rte_crypto_sym.h | 4 ++-- > > 1 file changed, 2 insertions(+), 2 deletions(-) > > > > diff --git a/lib/librte_cryptodev/rte_crypto_sym.h > > b/lib/librte_cryptodev/rte_crypto_sym.h > > index d9585ecd6..9cea4e5f0 100644 > > --- a/lib/librte_cryptodev/rte_crypto_sym.h > > +++ b/lib/librte_cryptodev/rte_crypto_sym.h > > @@ -269,9 +269,9 @@ enum rte_crypto_auth_algorithm { > > /**< HMAC using MD5 algorithm */ > > > > RTE_CRYPTO_AUTH_SHA1, > > - /**< 128 bit SHA algorithm. */ > > + /**< 160 bit SHA algorithm. */ > > RTE_CRYPTO_AUTH_SHA1_HMAC, > > - /**< HMAC using 128 bit SHA algorithm. */ > > + /**< HMAC using 160 bit SHA algorithm. */ > > [Anoob] This raises one interesting question. Is HMAC-SHA-1-96 > (https://tools.ietf.org/html/rfc2404) treated as a separate algorithm or is it a > digest size variant of RTE_CRYPTO_AUTH_SHA1_HMAC? I assume the later. [Adam] DPDK doesn't have separate enums for such variations. According to RFC 2104, chapter "5. Truncated output", the calculation of HMAC-SHA-1-96 is done using ordinary HMAC-SHA-1, but the calculation result is then truncated to 96 bits, or any other digest size provided in auth xform. > > > RTE_CRYPTO_AUTH_SHA224, > > /**< 224 bit SHA algorithm. */ > > RTE_CRYPTO_AUTH_SHA224_HMAC, > > -- > > 2.17.1 ^ permalink raw reply [flat|nested] 8+ messages in thread
* Re: [dpdk-stable] [dpdk-dev] [PATCH] cryptodev: fix SHA-1 digest enum comment 2020-05-19 9:31 ` Dybkowski, AdamX @ 2020-05-19 9:40 ` Anoob Joseph 2020-05-19 10:11 ` Dybkowski, AdamX 0 siblings, 1 reply; 8+ messages in thread From: Anoob Joseph @ 2020-05-19 9:40 UTC (permalink / raw) To: Dybkowski, AdamX, dev, Trahe, Fiona, akhil.goyal; +Cc: stable Hi Adam, Please see inline. Thanks, Anoob > -----Original Message----- > From: Dybkowski, AdamX <adamx.dybkowski@intel.com> > Sent: Tuesday, May 19, 2020 3:01 PM > To: Anoob Joseph <anoobj@marvell.com>; dev@dpdk.org; Trahe, Fiona > <fiona.trahe@intel.com>; akhil.goyal@nxp.com > Cc: stable@dpdk.org > Subject: [EXT] RE: [dpdk-dev] [PATCH] cryptodev: fix SHA-1 digest enum > comment > > External Email > > ---------------------------------------------------------------------- > Hi. > My answer below. > > Adam > > > -----Original Message----- > > From: Anoob Joseph <anoobj@marvell.com> > > Sent: Tuesday, 19 May, 2020 07:54 > > To: Dybkowski, AdamX <adamx.dybkowski@intel.com>; dev@dpdk.org; Trahe, > > Fiona <fiona.trahe@intel.com>; akhil.goyal@nxp.com > > Cc: stable@dpdk.org > > Subject: RE: [dpdk-dev] [PATCH] cryptodev: fix SHA-1 digest enum > > comment > > > > Hi Adam, Akhil, > > > > Please see inline. > > > > Thanks, > > Anoob > > > > > -----Original Message----- > > > From: dev <dev-bounces@dpdk.org> On Behalf Of Adam Dybkowski > > > Sent: Monday, May 18, 2020 7:54 PM > > > To: dev@dpdk.org; fiona.trahe@intel.com; akhil.goyal@nxp.com > > > Cc: Adam Dybkowski <adamx.dybkowski@intel.com>; stable@dpdk.org > > > Subject: [dpdk-dev] [PATCH] cryptodev: fix SHA-1 digest enum comment > > > > > > This patch fixes improper SHA-1 digest size in the enum comment. > > > > > > Fixes: 1bd407fac80b ("cryptodev: extract symmetric operations") > > > Cc: stable@dpdk.org > > > > > > Signed-off-by: Adam Dybkowski <adamx.dybkowski@intel.com> > > > --- > > > lib/librte_cryptodev/rte_crypto_sym.h | 4 ++-- > > > 1 file changed, 2 insertions(+), 2 deletions(-) > > > > > > diff --git a/lib/librte_cryptodev/rte_crypto_sym.h > > > b/lib/librte_cryptodev/rte_crypto_sym.h > > > index d9585ecd6..9cea4e5f0 100644 > > > --- a/lib/librte_cryptodev/rte_crypto_sym.h > > > +++ b/lib/librte_cryptodev/rte_crypto_sym.h > > > @@ -269,9 +269,9 @@ enum rte_crypto_auth_algorithm { > > > /**< HMAC using MD5 algorithm */ > > > > > > RTE_CRYPTO_AUTH_SHA1, > > > - /**< 128 bit SHA algorithm. */ > > > + /**< 160 bit SHA algorithm. */ > > > RTE_CRYPTO_AUTH_SHA1_HMAC, > > > - /**< HMAC using 128 bit SHA algorithm. */ > > > + /**< HMAC using 160 bit SHA algorithm. */ > > > > [Anoob] This raises one interesting question. Is HMAC-SHA-1-96 > > (https://urldefense.proofpoint.com/v2/url?u=https-3A__tools.ietf.org_h > > > tml_rfc2404&d=DwIFAg&c=nKjWec2b6R0mOyPaz7xtfQ&r=jPfB8rwwviRSxyLWs2 > n6B- > WYLn1v9SyTMrT5EQqh2TU&m=pgqB2BfFosCF_7l1SdoodgXcipf7G1ofht68ZKMt > oW0&s=hxzUN2QfRJGaR7NQ7VKGm5oQvOZez6Z70mqOyg7gKTY&e= ) treated > as a separate algorithm or is it a digest size variant of > RTE_CRYPTO_AUTH_SHA1_HMAC? I assume the later. > > [Adam] DPDK doesn't have separate enums for such variations. According to RFC > 2104, chapter "5. Truncated output", the calculation of HMAC-SHA-1-96 is done > using ordinary HMAC-SHA-1, but the calculation result is then truncated to 96 > bits, or any other digest size provided in auth xform. [Anoob] So it is allowed to support digest sizes 12 & 20, right? Can you update the above comment in that case? > > > > > > RTE_CRYPTO_AUTH_SHA224, > > > /**< 224 bit SHA algorithm. */ > > > RTE_CRYPTO_AUTH_SHA224_HMAC, > > > -- > > > 2.17.1 ^ permalink raw reply [flat|nested] 8+ messages in thread
* Re: [dpdk-stable] [dpdk-dev] [PATCH] cryptodev: fix SHA-1 digest enum comment 2020-05-19 9:40 ` Anoob Joseph @ 2020-05-19 10:11 ` Dybkowski, AdamX 2020-05-19 10:29 ` Trahe, Fiona 0 siblings, 1 reply; 8+ messages in thread From: Dybkowski, AdamX @ 2020-05-19 10:11 UTC (permalink / raw) To: Anoob Joseph, dev, Trahe, Fiona, akhil.goyal; +Cc: stable > -----Original Message----- > From: Anoob Joseph <anoobj@marvell.com> > Sent: Tuesday, 19 May, 2020 11:40 > To: Dybkowski, AdamX <adamx.dybkowski@intel.com>; dev@dpdk.org; > Trahe, Fiona <fiona.trahe@intel.com>; akhil.goyal@nxp.com > Cc: stable@dpdk.org > Subject: RE: [dpdk-dev] [PATCH] cryptodev: fix SHA-1 digest enum comment > > Hi Adam, > > Please see inline. > > Thanks, > Anoob > > > -----Original Message----- > > From: Dybkowski, AdamX <adamx.dybkowski@intel.com> > > Sent: Tuesday, May 19, 2020 3:01 PM > > To: Anoob Joseph <anoobj@marvell.com>; dev@dpdk.org; Trahe, Fiona > > <fiona.trahe@intel.com>; akhil.goyal@nxp.com > > Cc: stable@dpdk.org > > Subject: [EXT] RE: [dpdk-dev] [PATCH] cryptodev: fix SHA-1 digest enum > > comment > > > > External Email > > > > ---------------------------------------------------------------------- > > Hi. > > My answer below. > > > > Adam > > > > > -----Original Message----- > > > From: Anoob Joseph <anoobj@marvell.com> > > > Sent: Tuesday, 19 May, 2020 07:54 > > > To: Dybkowski, AdamX <adamx.dybkowski@intel.com>; dev@dpdk.org; > > > Trahe, Fiona <fiona.trahe@intel.com>; akhil.goyal@nxp.com > > > Cc: stable@dpdk.org > > > Subject: RE: [dpdk-dev] [PATCH] cryptodev: fix SHA-1 digest enum > > > comment > > > > > > Hi Adam, Akhil, > > > > > > Please see inline. > > > > > > Thanks, > > > Anoob > > > > > > > -----Original Message----- > > > > From: dev <dev-bounces@dpdk.org> On Behalf Of Adam Dybkowski > > > > Sent: Monday, May 18, 2020 7:54 PM > > > > To: dev@dpdk.org; fiona.trahe@intel.com; akhil.goyal@nxp.com > > > > Cc: Adam Dybkowski <adamx.dybkowski@intel.com>; stable@dpdk.org > > > > Subject: [dpdk-dev] [PATCH] cryptodev: fix SHA-1 digest enum > > > > comment > > > > > > > > This patch fixes improper SHA-1 digest size in the enum comment. > > > > > > > > Fixes: 1bd407fac80b ("cryptodev: extract symmetric operations") > > > > Cc: stable@dpdk.org > > > > > > > > Signed-off-by: Adam Dybkowski <adamx.dybkowski@intel.com> > > > > --- > > > > lib/librte_cryptodev/rte_crypto_sym.h | 4 ++-- > > > > 1 file changed, 2 insertions(+), 2 deletions(-) > > > > > > > > diff --git a/lib/librte_cryptodev/rte_crypto_sym.h > > > > b/lib/librte_cryptodev/rte_crypto_sym.h > > > > index d9585ecd6..9cea4e5f0 100644 > > > > --- a/lib/librte_cryptodev/rte_crypto_sym.h > > > > +++ b/lib/librte_cryptodev/rte_crypto_sym.h > > > > @@ -269,9 +269,9 @@ enum rte_crypto_auth_algorithm { > > > > /**< HMAC using MD5 algorithm */ > > > > > > > > RTE_CRYPTO_AUTH_SHA1, > > > > - /**< 128 bit SHA algorithm. */ > > > > + /**< 160 bit SHA algorithm. */ > > > > RTE_CRYPTO_AUTH_SHA1_HMAC, > > > > - /**< HMAC using 128 bit SHA algorithm. */ > > > > + /**< HMAC using 160 bit SHA algorithm. */ > > > > > > [Anoob] This raises one interesting question. Is HMAC-SHA-1-96 > > > (https://urldefense.proofpoint.com/v2/url?u=https-3A__tools.ietf.org > > > _h > > > > > > tml_rfc2404&d=DwIFAg&c=nKjWec2b6R0mOyPaz7xtfQ&r=jPfB8rwwviRSxyL > Ws2 > > n6B- > > > WYLn1v9SyTMrT5EQqh2TU&m=pgqB2BfFosCF_7l1SdoodgXcipf7G1ofht68ZK > Mt > > oW0&s=hxzUN2QfRJGaR7NQ7VKGm5oQvOZez6Z70mqOyg7gKTY&e= ) > treated as a > > separate algorithm or is it a digest size variant of > > RTE_CRYPTO_AUTH_SHA1_HMAC? I assume the later. > > > > [Adam] DPDK doesn't have separate enums for such variations. According > > to RFC 2104, chapter "5. Truncated output", the calculation of > > HMAC-SHA-1-96 is done using ordinary HMAC-SHA-1, but the calculation > > result is then truncated to 96 bits, or any other digest size provided in auth > xform. > > [Anoob] So it is allowed to support digest sizes 12 & 20, right? Can you > update the above comment in that case? [Adam] This depends on a particular PMD and its capabilities so we cannot write here in this public header file. For example, have a look in the capabilities structure of QAT PMD: { /* SHA1 */ \ .op = RTE_CRYPTO_OP_TYPE_SYMMETRIC, \ {.sym = { \ .xform_type = RTE_CRYPTO_SYM_XFORM_AUTH, \ {.auth = { \ .algo = RTE_CRYPTO_AUTH_SHA1, \ .block_size = 64, \ .key_size = { \ .min = 0, \ .max = 0, \ .increment = 0 \ }, \ .digest_size = { \ .min = 1, \ .max = 20, \ .increment = 1 \ }, \ .iv_size = { 0 } \ }, } \ }, } \ }, \ It shows QAT PMD is able to truncate the output digest to any size from 1 to 20 bytes (160 bits). This can be different in other PMDs, for example OpenSSL and CCP PMDs allow only 20-byte digests here while Marvell MVSAM allows 12-20 bytes. Adam ^ permalink raw reply [flat|nested] 8+ messages in thread
* Re: [dpdk-stable] [dpdk-dev] [PATCH] cryptodev: fix SHA-1 digest enum comment 2020-05-19 10:11 ` Dybkowski, AdamX @ 2020-05-19 10:29 ` Trahe, Fiona 2020-05-19 10:47 ` Anoob Joseph 2020-05-19 12:19 ` Dybkowski, AdamX 0 siblings, 2 replies; 8+ messages in thread From: Trahe, Fiona @ 2020-05-19 10:29 UTC (permalink / raw) To: Dybkowski, AdamX, Anoob Joseph, dev, akhil.goyal; +Cc: stable, Trahe, Fiona Hi Adam, Anoob, > > > > > > > > > -----Original Message----- > > > > > From: dev <dev-bounces@dpdk.org> On Behalf Of Adam Dybkowski > > > > > Sent: Monday, May 18, 2020 7:54 PM > > > > > To: dev@dpdk.org; fiona.trahe@intel.com; akhil.goyal@nxp.com > > > > > Cc: Adam Dybkowski <adamx.dybkowski@intel.com>; stable@dpdk.org > > > > > Subject: [dpdk-dev] [PATCH] cryptodev: fix SHA-1 digest enum > > > > > comment > > > > > > > > > > This patch fixes improper SHA-1 digest size in the enum comment. > > > > > > > > > > Fixes: 1bd407fac80b ("cryptodev: extract symmetric operations") > > > > > Cc: stable@dpdk.org > > > > > > > > > > Signed-off-by: Adam Dybkowski <adamx.dybkowski@intel.com> > > > > > --- > > > > > lib/librte_cryptodev/rte_crypto_sym.h | 4 ++-- > > > > > 1 file changed, 2 insertions(+), 2 deletions(-) > > > > > > > > > > diff --git a/lib/librte_cryptodev/rte_crypto_sym.h > > > > > b/lib/librte_cryptodev/rte_crypto_sym.h > > > > > index d9585ecd6..9cea4e5f0 100644 > > > > > --- a/lib/librte_cryptodev/rte_crypto_sym.h > > > > > +++ b/lib/librte_cryptodev/rte_crypto_sym.h > > > > > @@ -269,9 +269,9 @@ enum rte_crypto_auth_algorithm { > > > > > /**< HMAC using MD5 algorithm */ > > > > > > > > > > RTE_CRYPTO_AUTH_SHA1, > > > > > - /**< 128 bit SHA algorithm. */ > > > > > + /**< 160 bit SHA algorithm. */ > > > > > RTE_CRYPTO_AUTH_SHA1_HMAC, > > > > > - /**< HMAC using 128 bit SHA algorithm. */ > > > > > + /**< HMAC using 160 bit SHA algorithm. */ > > > > > > > > [Anoob] This raises one interesting question. Is HMAC-SHA-1-96 > > > > (https://urldefense.proofpoint.com/v2/url?u=https-3A__tools.ietf.org > > > > _h > > > > > > > > > tml_rfc2404&d=DwIFAg&c=nKjWec2b6R0mOyPaz7xtfQ&r=jPfB8rwwviRSxyL > > Ws2 > > > n6B- > > > > > WYLn1v9SyTMrT5EQqh2TU&m=pgqB2BfFosCF_7l1SdoodgXcipf7G1ofht68ZK > > Mt > > > oW0&s=hxzUN2QfRJGaR7NQ7VKGm5oQvOZez6Z70mqOyg7gKTY&e= ) > > treated as a > > > separate algorithm or is it a digest size variant of > > > RTE_CRYPTO_AUTH_SHA1_HMAC? I assume the later. > > > > > > [Adam] DPDK doesn't have separate enums for such variations. According > > > to RFC 2104, chapter "5. Truncated output", the calculation of > > > HMAC-SHA-1-96 is done using ordinary HMAC-SHA-1, but the calculation > > > result is then truncated to 96 bits, or any other digest size provided in auth > > xform. > > > > [Anoob] So it is allowed to support digest sizes 12 & 20, right? Can you > > update the above comment in that case? > > [Adam] This depends on a particular PMD and its capabilities so we cannot write here in this public > header file. For example, have a look in the capabilities structure of QAT PMD: > > { /* SHA1 */ \ > .op = RTE_CRYPTO_OP_TYPE_SYMMETRIC, \ > {.sym = { \ > .xform_type = RTE_CRYPTO_SYM_XFORM_AUTH, \ > {.auth = { \ > .algo = RTE_CRYPTO_AUTH_SHA1, \ > .block_size = 64, \ > .key_size = { \ > .min = 0, \ > .max = 0, \ > .increment = 0 \ > }, \ > .digest_size = { \ > .min = 1, \ > .max = 20, \ > .increment = 1 \ > }, \ > .iv_size = { 0 } \ > }, } \ > }, } \ > }, \ > > It shows QAT PMD is able to truncate the output digest to any size from 1 to 20 bytes (160 bits). > > This can be different in other PMDs, for example OpenSSL and CCP PMDs allow only 20-byte digests > here while Marvell MVSAM allows 12-20 bytes. > > Adam [Fiona] True. But as 96 bits is a standard variant described in the spec, how about adding /**< HMAC using 160 bit SHA algorithm. HMAC-SHA-1-96 can be generated by setting digest_size to 12 */ This doesn't imply that all PMDs must support that - same as for any other feature, the capabilities can vary. ^ permalink raw reply [flat|nested] 8+ messages in thread
* Re: [dpdk-stable] [dpdk-dev] [PATCH] cryptodev: fix SHA-1 digest enum comment 2020-05-19 10:29 ` Trahe, Fiona @ 2020-05-19 10:47 ` Anoob Joseph 2020-05-19 12:19 ` Dybkowski, AdamX 1 sibling, 0 replies; 8+ messages in thread From: Anoob Joseph @ 2020-05-19 10:47 UTC (permalink / raw) To: Trahe, Fiona, Dybkowski, AdamX, dev, akhil.goyal; +Cc: stable Hi Fiona, Please see inline. Thanks, Anoob > -----Original Message----- > From: Trahe, Fiona <fiona.trahe@intel.com> > Sent: Tuesday, May 19, 2020 3:59 PM > To: Dybkowski, AdamX <adamx.dybkowski@intel.com>; Anoob Joseph > <anoobj@marvell.com>; dev@dpdk.org; akhil.goyal@nxp.com > Cc: stable@dpdk.org; Trahe, Fiona <fiona.trahe@intel.com> > Subject: [EXT] RE: [dpdk-dev] [PATCH] cryptodev: fix SHA-1 digest enum > comment > > External Email > > ---------------------------------------------------------------------- > Hi Adam, Anoob, > > > > > > > > > > > > > -----Original Message----- > > > > > > From: dev <dev-bounces@dpdk.org> On Behalf Of Adam Dybkowski > > > > > > Sent: Monday, May 18, 2020 7:54 PM > > > > > > To: dev@dpdk.org; fiona.trahe@intel.com; akhil.goyal@nxp.com > > > > > > Cc: Adam Dybkowski <adamx.dybkowski@intel.com>; > > > > > > stable@dpdk.org > > > > > > Subject: [dpdk-dev] [PATCH] cryptodev: fix SHA-1 digest enum > > > > > > comment > > > > > > > > > > > > This patch fixes improper SHA-1 digest size in the enum comment. > > > > > > > > > > > > Fixes: 1bd407fac80b ("cryptodev: extract symmetric > > > > > > operations") > > > > > > Cc: stable@dpdk.org > > > > > > > > > > > > Signed-off-by: Adam Dybkowski <adamx.dybkowski@intel.com> > > > > > > --- > > > > > > lib/librte_cryptodev/rte_crypto_sym.h | 4 ++-- > > > > > > 1 file changed, 2 insertions(+), 2 deletions(-) > > > > > > > > > > > > diff --git a/lib/librte_cryptodev/rte_crypto_sym.h > > > > > > b/lib/librte_cryptodev/rte_crypto_sym.h > > > > > > index d9585ecd6..9cea4e5f0 100644 > > > > > > --- a/lib/librte_cryptodev/rte_crypto_sym.h > > > > > > +++ b/lib/librte_cryptodev/rte_crypto_sym.h > > > > > > @@ -269,9 +269,9 @@ enum rte_crypto_auth_algorithm { > > > > > > /**< HMAC using MD5 algorithm */ > > > > > > > > > > > > RTE_CRYPTO_AUTH_SHA1, > > > > > > - /**< 128 bit SHA algorithm. */ > > > > > > + /**< 160 bit SHA algorithm. */ > > > > > > RTE_CRYPTO_AUTH_SHA1_HMAC, > > > > > > - /**< HMAC using 128 bit SHA algorithm. */ > > > > > > + /**< HMAC using 160 bit SHA algorithm. */ > > > > > > > > > > [Anoob] This raises one interesting question. Is HMAC-SHA-1-96 > > > > > (https://urldefense.proofpoint.com/v2/url?u=https-3A__tools.ietf > > > > > .org > > > > > _h > > > > > > > > > > > > tml_rfc2404&d=DwIFAg&c=nKjWec2b6R0mOyPaz7xtfQ&r=jPfB8rwwviRSxyL > > > Ws2 > > > > n6B- > > > > > > > WYLn1v9SyTMrT5EQqh2TU&m=pgqB2BfFosCF_7l1SdoodgXcipf7G1ofht68ZK > > > Mt > > > > oW0&s=hxzUN2QfRJGaR7NQ7VKGm5oQvOZez6Z70mqOyg7gKTY&e= ) > > > treated as a > > > > separate algorithm or is it a digest size variant of > > > > RTE_CRYPTO_AUTH_SHA1_HMAC? I assume the later. > > > > > > > > [Adam] DPDK doesn't have separate enums for such variations. > > > > According to RFC 2104, chapter "5. Truncated output", the > > > > calculation of > > > > HMAC-SHA-1-96 is done using ordinary HMAC-SHA-1, but the > > > > calculation result is then truncated to 96 bits, or any other > > > > digest size provided in auth > > > xform. > > > > > > [Anoob] So it is allowed to support digest sizes 12 & 20, right? Can > > > you update the above comment in that case? > > > > [Adam] This depends on a particular PMD and its capabilities so we > > cannot write here in this public header file. For example, have a look in the > capabilities structure of QAT PMD: > > > > { /* SHA1 */ \ > > .op = RTE_CRYPTO_OP_TYPE_SYMMETRIC, > \ > > {.sym = { \ > > .xform_type = RTE_CRYPTO_SYM_XFORM_AUTH, > \ > > {.auth = { \ > > .algo = RTE_CRYPTO_AUTH_SHA1, > \ > > .block_size = 64, \ > > .key_size = { \ > > .min = 0, \ > > .max = 0, \ > > .increment = 0 \ > > }, \ > > .digest_size = { \ > > .min = 1, \ > > .max = 20, \ > > .increment = 1 \ > > }, \ > > .iv_size = { 0 } \ > > }, } \ > > }, } \ > > }, \ > > > > It shows QAT PMD is able to truncate the output digest to any size from 1 to > 20 bytes (160 bits). > > > > This can be different in other PMDs, for example OpenSSL and CCP PMDs > > allow only 20-byte digests here while Marvell MVSAM allows 12-20 bytes. > > > > Adam > [Fiona] True. But as 96 bits is a standard variant described in the spec, how > about adding > > /**< HMAC using 160 bit SHA algorithm. > HMAC-SHA-1-96 can be generated by setting digest_size to 12 */ > > This doesn't imply that all PMDs must support that - same as for any other > feature, the capabilities can vary. [Anoob] Your suggestion sounds ok to me. One confusion though. For SHA224 etc, the RFC specifies fixed digest size (like 224 bits or 28 bytes). So the comment in the spec/library is accurate, but QAT has digest size of 1-28 bytes. Is that correct? The comment in the spec says, "224 bit SHA algorithm" but if other digest sizes are supported, that comment becomes invalid, right? ^ permalink raw reply [flat|nested] 8+ messages in thread
* Re: [dpdk-stable] [dpdk-dev] [PATCH] cryptodev: fix SHA-1 digest enum comment 2020-05-19 10:29 ` Trahe, Fiona 2020-05-19 10:47 ` Anoob Joseph @ 2020-05-19 12:19 ` Dybkowski, AdamX 1 sibling, 0 replies; 8+ messages in thread From: Dybkowski, AdamX @ 2020-05-19 12:19 UTC (permalink / raw) To: Trahe, Fiona, Anoob Joseph, dev, akhil.goyal; +Cc: stable > -----Original Message----- > From: Trahe, Fiona <fiona.trahe@intel.com> > Sent: Tuesday, 19 May, 2020 12:29 > To: Dybkowski, AdamX <adamx.dybkowski@intel.com>; Anoob Joseph > <anoobj@marvell.com>; dev@dpdk.org; akhil.goyal@nxp.com > Cc: stable@dpdk.org; Trahe, Fiona <fiona.trahe@intel.com> > Subject: RE: [dpdk-dev] [PATCH] cryptodev: fix SHA-1 digest enum comment > > Hi Adam, Anoob, > > > > > > > > > > > > > -----Original Message----- > > > > > > From: dev <dev-bounces@dpdk.org> On Behalf Of Adam Dybkowski > > > > > > Sent: Monday, May 18, 2020 7:54 PM > > > > > > To: dev@dpdk.org; fiona.trahe@intel.com; akhil.goyal@nxp.com > > > > > > Cc: Adam Dybkowski <adamx.dybkowski@intel.com>; > > > > > > stable@dpdk.org > > > > > > Subject: [dpdk-dev] [PATCH] cryptodev: fix SHA-1 digest enum > > > > > > comment > > > > > > > > > > > > This patch fixes improper SHA-1 digest size in the enum comment. > > > > > > > > > > > > Fixes: 1bd407fac80b ("cryptodev: extract symmetric > > > > > > operations") > > > > > > Cc: stable@dpdk.org > > > > > > > > > > > > Signed-off-by: Adam Dybkowski <adamx.dybkowski@intel.com> > > > > > > --- > > > > > > lib/librte_cryptodev/rte_crypto_sym.h | 4 ++-- > > > > > > 1 file changed, 2 insertions(+), 2 deletions(-) > > > > > > > > > > > > diff --git a/lib/librte_cryptodev/rte_crypto_sym.h > > > > > > b/lib/librte_cryptodev/rte_crypto_sym.h > > > > > > index d9585ecd6..9cea4e5f0 100644 > > > > > > --- a/lib/librte_cryptodev/rte_crypto_sym.h > > > > > > +++ b/lib/librte_cryptodev/rte_crypto_sym.h > > > > > > @@ -269,9 +269,9 @@ enum rte_crypto_auth_algorithm { > > > > > > /**< HMAC using MD5 algorithm */ > > > > > > > > > > > > RTE_CRYPTO_AUTH_SHA1, > > > > > > - /**< 128 bit SHA algorithm. */ > > > > > > + /**< 160 bit SHA algorithm. */ > > > > > > RTE_CRYPTO_AUTH_SHA1_HMAC, > > > > > > - /**< HMAC using 128 bit SHA algorithm. */ > > > > > > + /**< HMAC using 160 bit SHA algorithm. */ > > > > > > > > > > [Anoob] This raises one interesting question. Is HMAC-SHA-1-96 > > > > > (https://urldefense.proofpoint.com/v2/url?u=https-3A__tools.ietf > > > > > .org > > > > > _h > > > > > > > > > > > > > tml_rfc2404&d=DwIFAg&c=nKjWec2b6R0mOyPaz7xtfQ&r=jPfB8rwwviRSxyL > > > Ws2 > > > > n6B- > > > > > > > > WYLn1v9SyTMrT5EQqh2TU&m=pgqB2BfFosCF_7l1SdoodgXcipf7G1ofht68ZK > > > Mt > > > > oW0&s=hxzUN2QfRJGaR7NQ7VKGm5oQvOZez6Z70mqOyg7gKTY&e= ) > > > treated as a > > > > separate algorithm or is it a digest size variant of > > > > RTE_CRYPTO_AUTH_SHA1_HMAC? I assume the later. > > > > > > > > [Adam] DPDK doesn't have separate enums for such variations. > > > > According to RFC 2104, chapter "5. Truncated output", the > > > > calculation of > > > > HMAC-SHA-1-96 is done using ordinary HMAC-SHA-1, but the > > > > calculation result is then truncated to 96 bits, or any other > > > > digest size provided in auth > > > xform. > > > > > > [Anoob] So it is allowed to support digest sizes 12 & 20, right? Can > > > you update the above comment in that case? > > > > [Adam] This depends on a particular PMD and its capabilities so we > > cannot write here in this public header file. For example, have a look in the > capabilities structure of QAT PMD: > > > > { /* SHA1 */ \ > > .op = RTE_CRYPTO_OP_TYPE_SYMMETRIC, > \ > > {.sym = { \ > > .xform_type = RTE_CRYPTO_SYM_XFORM_AUTH, > \ > > {.auth = { \ > > .algo = RTE_CRYPTO_AUTH_SHA1, > \ > > .block_size = 64, \ > > .key_size = { \ > > .min = 0, \ > > .max = 0, \ > > .increment = 0 \ > > }, \ > > .digest_size = { \ > > .min = 1, \ > > .max = 20, \ > > .increment = 1 \ > > }, \ > > .iv_size = { 0 } \ > > }, } \ > > }, } \ > > }, \ > > > > It shows QAT PMD is able to truncate the output digest to any size from 1 > to 20 bytes (160 bits). > > > > This can be different in other PMDs, for example OpenSSL and CCP PMDs > > allow only 20-byte digests here while Marvell MVSAM allows 12-20 bytes. > > > > Adam > [Fiona] True. But as 96 bits is a standard variant described in the spec, how > about adding > > /**< HMAC using 160 bit SHA algorithm. > HMAC-SHA-1-96 can be generated by setting digest_size to 12 */ [Adam] OK, sent this update as v2. > This doesn't imply that all PMDs must support that - same as for any other > feature, the capabilities can vary. ^ permalink raw reply [flat|nested] 8+ messages in thread
end of thread, other threads:[~2020-05-19 12:19 UTC | newest] Thread overview: 8+ messages (download: mbox.gz / follow: Atom feed) -- links below jump to the message on this page -- 2020-05-18 14:23 [dpdk-stable] [PATCH] cryptodev: fix SHA-1 digest enum comment Adam Dybkowski 2020-05-19 5:54 ` [dpdk-stable] [dpdk-dev] " Anoob Joseph 2020-05-19 9:31 ` Dybkowski, AdamX 2020-05-19 9:40 ` Anoob Joseph 2020-05-19 10:11 ` Dybkowski, AdamX 2020-05-19 10:29 ` Trahe, Fiona 2020-05-19 10:47 ` Anoob Joseph 2020-05-19 12:19 ` Dybkowski, AdamX
This is a public inbox, see mirroring instructions for how to clone and mirror all data and code used for this inbox; as well as URLs for NNTP newsgroup(s).