* [dpdk-stable] [PATCH] cryptodev: fix SHA-1 digest enum comment
@ 2020-05-18 14:23 Adam Dybkowski
2020-05-19 5:54 ` [dpdk-stable] [dpdk-dev] " Anoob Joseph
0 siblings, 1 reply; 8+ messages in thread
From: Adam Dybkowski @ 2020-05-18 14:23 UTC (permalink / raw)
To: dev, fiona.trahe, akhil.goyal; +Cc: Adam Dybkowski, stable
This patch fixes improper SHA-1 digest size in the enum comment.
Fixes: 1bd407fac80b ("cryptodev: extract symmetric operations")
Cc: stable@dpdk.org
Signed-off-by: Adam Dybkowski <adamx.dybkowski@intel.com>
---
lib/librte_cryptodev/rte_crypto_sym.h | 4 ++--
1 file changed, 2 insertions(+), 2 deletions(-)
diff --git a/lib/librte_cryptodev/rte_crypto_sym.h b/lib/librte_cryptodev/rte_crypto_sym.h
index d9585ecd6..9cea4e5f0 100644
--- a/lib/librte_cryptodev/rte_crypto_sym.h
+++ b/lib/librte_cryptodev/rte_crypto_sym.h
@@ -269,9 +269,9 @@ enum rte_crypto_auth_algorithm {
/**< HMAC using MD5 algorithm */
RTE_CRYPTO_AUTH_SHA1,
- /**< 128 bit SHA algorithm. */
+ /**< 160 bit SHA algorithm. */
RTE_CRYPTO_AUTH_SHA1_HMAC,
- /**< HMAC using 128 bit SHA algorithm. */
+ /**< HMAC using 160 bit SHA algorithm. */
RTE_CRYPTO_AUTH_SHA224,
/**< 224 bit SHA algorithm. */
RTE_CRYPTO_AUTH_SHA224_HMAC,
--
2.17.1
^ permalink raw reply [flat|nested] 8+ messages in thread
* Re: [dpdk-stable] [dpdk-dev] [PATCH] cryptodev: fix SHA-1 digest enum comment
2020-05-18 14:23 [dpdk-stable] [PATCH] cryptodev: fix SHA-1 digest enum comment Adam Dybkowski
@ 2020-05-19 5:54 ` Anoob Joseph
2020-05-19 9:31 ` Dybkowski, AdamX
0 siblings, 1 reply; 8+ messages in thread
From: Anoob Joseph @ 2020-05-19 5:54 UTC (permalink / raw)
To: Adam Dybkowski, dev, fiona.trahe, akhil.goyal; +Cc: stable
Hi Adam, Akhil,
Please see inline.
Thanks,
Anoob
> -----Original Message-----
> From: dev <dev-bounces@dpdk.org> On Behalf Of Adam Dybkowski
> Sent: Monday, May 18, 2020 7:54 PM
> To: dev@dpdk.org; fiona.trahe@intel.com; akhil.goyal@nxp.com
> Cc: Adam Dybkowski <adamx.dybkowski@intel.com>; stable@dpdk.org
> Subject: [dpdk-dev] [PATCH] cryptodev: fix SHA-1 digest enum comment
>
> This patch fixes improper SHA-1 digest size in the enum comment.
>
> Fixes: 1bd407fac80b ("cryptodev: extract symmetric operations")
> Cc: stable@dpdk.org
>
> Signed-off-by: Adam Dybkowski <adamx.dybkowski@intel.com>
> ---
> lib/librte_cryptodev/rte_crypto_sym.h | 4 ++--
> 1 file changed, 2 insertions(+), 2 deletions(-)
>
> diff --git a/lib/librte_cryptodev/rte_crypto_sym.h
> b/lib/librte_cryptodev/rte_crypto_sym.h
> index d9585ecd6..9cea4e5f0 100644
> --- a/lib/librte_cryptodev/rte_crypto_sym.h
> +++ b/lib/librte_cryptodev/rte_crypto_sym.h
> @@ -269,9 +269,9 @@ enum rte_crypto_auth_algorithm {
> /**< HMAC using MD5 algorithm */
>
> RTE_CRYPTO_AUTH_SHA1,
> - /**< 128 bit SHA algorithm. */
> + /**< 160 bit SHA algorithm. */
> RTE_CRYPTO_AUTH_SHA1_HMAC,
> - /**< HMAC using 128 bit SHA algorithm. */
> + /**< HMAC using 160 bit SHA algorithm. */
[Anoob] This raises one interesting question. Is HMAC-SHA-1-96 (https://tools.ietf.org/html/rfc2404) treated as a separate algorithm or is it a digest size variant of RTE_CRYPTO_AUTH_SHA1_HMAC? I assume the later.
> RTE_CRYPTO_AUTH_SHA224,
> /**< 224 bit SHA algorithm. */
> RTE_CRYPTO_AUTH_SHA224_HMAC,
> --
> 2.17.1
^ permalink raw reply [flat|nested] 8+ messages in thread
* Re: [dpdk-stable] [dpdk-dev] [PATCH] cryptodev: fix SHA-1 digest enum comment
2020-05-19 5:54 ` [dpdk-stable] [dpdk-dev] " Anoob Joseph
@ 2020-05-19 9:31 ` Dybkowski, AdamX
2020-05-19 9:40 ` Anoob Joseph
0 siblings, 1 reply; 8+ messages in thread
From: Dybkowski, AdamX @ 2020-05-19 9:31 UTC (permalink / raw)
To: Anoob Joseph, dev, Trahe, Fiona, akhil.goyal; +Cc: stable
Hi.
My answer below.
Adam
> -----Original Message-----
> From: Anoob Joseph <anoobj@marvell.com>
> Sent: Tuesday, 19 May, 2020 07:54
> To: Dybkowski, AdamX <adamx.dybkowski@intel.com>; dev@dpdk.org;
> Trahe, Fiona <fiona.trahe@intel.com>; akhil.goyal@nxp.com
> Cc: stable@dpdk.org
> Subject: RE: [dpdk-dev] [PATCH] cryptodev: fix SHA-1 digest enum comment
>
> Hi Adam, Akhil,
>
> Please see inline.
>
> Thanks,
> Anoob
>
> > -----Original Message-----
> > From: dev <dev-bounces@dpdk.org> On Behalf Of Adam Dybkowski
> > Sent: Monday, May 18, 2020 7:54 PM
> > To: dev@dpdk.org; fiona.trahe@intel.com; akhil.goyal@nxp.com
> > Cc: Adam Dybkowski <adamx.dybkowski@intel.com>; stable@dpdk.org
> > Subject: [dpdk-dev] [PATCH] cryptodev: fix SHA-1 digest enum comment
> >
> > This patch fixes improper SHA-1 digest size in the enum comment.
> >
> > Fixes: 1bd407fac80b ("cryptodev: extract symmetric operations")
> > Cc: stable@dpdk.org
> >
> > Signed-off-by: Adam Dybkowski <adamx.dybkowski@intel.com>
> > ---
> > lib/librte_cryptodev/rte_crypto_sym.h | 4 ++--
> > 1 file changed, 2 insertions(+), 2 deletions(-)
> >
> > diff --git a/lib/librte_cryptodev/rte_crypto_sym.h
> > b/lib/librte_cryptodev/rte_crypto_sym.h
> > index d9585ecd6..9cea4e5f0 100644
> > --- a/lib/librte_cryptodev/rte_crypto_sym.h
> > +++ b/lib/librte_cryptodev/rte_crypto_sym.h
> > @@ -269,9 +269,9 @@ enum rte_crypto_auth_algorithm {
> > /**< HMAC using MD5 algorithm */
> >
> > RTE_CRYPTO_AUTH_SHA1,
> > - /**< 128 bit SHA algorithm. */
> > + /**< 160 bit SHA algorithm. */
> > RTE_CRYPTO_AUTH_SHA1_HMAC,
> > - /**< HMAC using 128 bit SHA algorithm. */
> > + /**< HMAC using 160 bit SHA algorithm. */
>
> [Anoob] This raises one interesting question. Is HMAC-SHA-1-96
> (https://tools.ietf.org/html/rfc2404) treated as a separate algorithm or is it a
> digest size variant of RTE_CRYPTO_AUTH_SHA1_HMAC? I assume the later.
[Adam] DPDK doesn't have separate enums for such variations. According to RFC 2104, chapter "5. Truncated output", the calculation of HMAC-SHA-1-96 is done using ordinary HMAC-SHA-1, but the calculation result is then truncated to 96 bits, or any other digest size provided in auth xform.
>
> > RTE_CRYPTO_AUTH_SHA224,
> > /**< 224 bit SHA algorithm. */
> > RTE_CRYPTO_AUTH_SHA224_HMAC,
> > --
> > 2.17.1
^ permalink raw reply [flat|nested] 8+ messages in thread
* Re: [dpdk-stable] [dpdk-dev] [PATCH] cryptodev: fix SHA-1 digest enum comment
2020-05-19 9:31 ` Dybkowski, AdamX
@ 2020-05-19 9:40 ` Anoob Joseph
2020-05-19 10:11 ` Dybkowski, AdamX
0 siblings, 1 reply; 8+ messages in thread
From: Anoob Joseph @ 2020-05-19 9:40 UTC (permalink / raw)
To: Dybkowski, AdamX, dev, Trahe, Fiona, akhil.goyal; +Cc: stable
Hi Adam,
Please see inline.
Thanks,
Anoob
> -----Original Message-----
> From: Dybkowski, AdamX <adamx.dybkowski@intel.com>
> Sent: Tuesday, May 19, 2020 3:01 PM
> To: Anoob Joseph <anoobj@marvell.com>; dev@dpdk.org; Trahe, Fiona
> <fiona.trahe@intel.com>; akhil.goyal@nxp.com
> Cc: stable@dpdk.org
> Subject: [EXT] RE: [dpdk-dev] [PATCH] cryptodev: fix SHA-1 digest enum
> comment
>
> External Email
>
> ----------------------------------------------------------------------
> Hi.
> My answer below.
>
> Adam
>
> > -----Original Message-----
> > From: Anoob Joseph <anoobj@marvell.com>
> > Sent: Tuesday, 19 May, 2020 07:54
> > To: Dybkowski, AdamX <adamx.dybkowski@intel.com>; dev@dpdk.org; Trahe,
> > Fiona <fiona.trahe@intel.com>; akhil.goyal@nxp.com
> > Cc: stable@dpdk.org
> > Subject: RE: [dpdk-dev] [PATCH] cryptodev: fix SHA-1 digest enum
> > comment
> >
> > Hi Adam, Akhil,
> >
> > Please see inline.
> >
> > Thanks,
> > Anoob
> >
> > > -----Original Message-----
> > > From: dev <dev-bounces@dpdk.org> On Behalf Of Adam Dybkowski
> > > Sent: Monday, May 18, 2020 7:54 PM
> > > To: dev@dpdk.org; fiona.trahe@intel.com; akhil.goyal@nxp.com
> > > Cc: Adam Dybkowski <adamx.dybkowski@intel.com>; stable@dpdk.org
> > > Subject: [dpdk-dev] [PATCH] cryptodev: fix SHA-1 digest enum comment
> > >
> > > This patch fixes improper SHA-1 digest size in the enum comment.
> > >
> > > Fixes: 1bd407fac80b ("cryptodev: extract symmetric operations")
> > > Cc: stable@dpdk.org
> > >
> > > Signed-off-by: Adam Dybkowski <adamx.dybkowski@intel.com>
> > > ---
> > > lib/librte_cryptodev/rte_crypto_sym.h | 4 ++--
> > > 1 file changed, 2 insertions(+), 2 deletions(-)
> > >
> > > diff --git a/lib/librte_cryptodev/rte_crypto_sym.h
> > > b/lib/librte_cryptodev/rte_crypto_sym.h
> > > index d9585ecd6..9cea4e5f0 100644
> > > --- a/lib/librte_cryptodev/rte_crypto_sym.h
> > > +++ b/lib/librte_cryptodev/rte_crypto_sym.h
> > > @@ -269,9 +269,9 @@ enum rte_crypto_auth_algorithm {
> > > /**< HMAC using MD5 algorithm */
> > >
> > > RTE_CRYPTO_AUTH_SHA1,
> > > - /**< 128 bit SHA algorithm. */
> > > + /**< 160 bit SHA algorithm. */
> > > RTE_CRYPTO_AUTH_SHA1_HMAC,
> > > - /**< HMAC using 128 bit SHA algorithm. */
> > > + /**< HMAC using 160 bit SHA algorithm. */
> >
> > [Anoob] This raises one interesting question. Is HMAC-SHA-1-96
> > (https://urldefense.proofpoint.com/v2/url?u=https-3A__tools.ietf.org_h
> >
> tml_rfc2404&d=DwIFAg&c=nKjWec2b6R0mOyPaz7xtfQ&r=jPfB8rwwviRSxyLWs2
> n6B-
> WYLn1v9SyTMrT5EQqh2TU&m=pgqB2BfFosCF_7l1SdoodgXcipf7G1ofht68ZKMt
> oW0&s=hxzUN2QfRJGaR7NQ7VKGm5oQvOZez6Z70mqOyg7gKTY&e= ) treated
> as a separate algorithm or is it a digest size variant of
> RTE_CRYPTO_AUTH_SHA1_HMAC? I assume the later.
>
> [Adam] DPDK doesn't have separate enums for such variations. According to RFC
> 2104, chapter "5. Truncated output", the calculation of HMAC-SHA-1-96 is done
> using ordinary HMAC-SHA-1, but the calculation result is then truncated to 96
> bits, or any other digest size provided in auth xform.
[Anoob] So it is allowed to support digest sizes 12 & 20, right? Can you update the above comment in that case?
>
> >
> > > RTE_CRYPTO_AUTH_SHA224,
> > > /**< 224 bit SHA algorithm. */
> > > RTE_CRYPTO_AUTH_SHA224_HMAC,
> > > --
> > > 2.17.1
^ permalink raw reply [flat|nested] 8+ messages in thread
* Re: [dpdk-stable] [dpdk-dev] [PATCH] cryptodev: fix SHA-1 digest enum comment
2020-05-19 9:40 ` Anoob Joseph
@ 2020-05-19 10:11 ` Dybkowski, AdamX
2020-05-19 10:29 ` Trahe, Fiona
0 siblings, 1 reply; 8+ messages in thread
From: Dybkowski, AdamX @ 2020-05-19 10:11 UTC (permalink / raw)
To: Anoob Joseph, dev, Trahe, Fiona, akhil.goyal; +Cc: stable
> -----Original Message-----
> From: Anoob Joseph <anoobj@marvell.com>
> Sent: Tuesday, 19 May, 2020 11:40
> To: Dybkowski, AdamX <adamx.dybkowski@intel.com>; dev@dpdk.org;
> Trahe, Fiona <fiona.trahe@intel.com>; akhil.goyal@nxp.com
> Cc: stable@dpdk.org
> Subject: RE: [dpdk-dev] [PATCH] cryptodev: fix SHA-1 digest enum comment
>
> Hi Adam,
>
> Please see inline.
>
> Thanks,
> Anoob
>
> > -----Original Message-----
> > From: Dybkowski, AdamX <adamx.dybkowski@intel.com>
> > Sent: Tuesday, May 19, 2020 3:01 PM
> > To: Anoob Joseph <anoobj@marvell.com>; dev@dpdk.org; Trahe, Fiona
> > <fiona.trahe@intel.com>; akhil.goyal@nxp.com
> > Cc: stable@dpdk.org
> > Subject: [EXT] RE: [dpdk-dev] [PATCH] cryptodev: fix SHA-1 digest enum
> > comment
> >
> > External Email
> >
> > ----------------------------------------------------------------------
> > Hi.
> > My answer below.
> >
> > Adam
> >
> > > -----Original Message-----
> > > From: Anoob Joseph <anoobj@marvell.com>
> > > Sent: Tuesday, 19 May, 2020 07:54
> > > To: Dybkowski, AdamX <adamx.dybkowski@intel.com>; dev@dpdk.org;
> > > Trahe, Fiona <fiona.trahe@intel.com>; akhil.goyal@nxp.com
> > > Cc: stable@dpdk.org
> > > Subject: RE: [dpdk-dev] [PATCH] cryptodev: fix SHA-1 digest enum
> > > comment
> > >
> > > Hi Adam, Akhil,
> > >
> > > Please see inline.
> > >
> > > Thanks,
> > > Anoob
> > >
> > > > -----Original Message-----
> > > > From: dev <dev-bounces@dpdk.org> On Behalf Of Adam Dybkowski
> > > > Sent: Monday, May 18, 2020 7:54 PM
> > > > To: dev@dpdk.org; fiona.trahe@intel.com; akhil.goyal@nxp.com
> > > > Cc: Adam Dybkowski <adamx.dybkowski@intel.com>; stable@dpdk.org
> > > > Subject: [dpdk-dev] [PATCH] cryptodev: fix SHA-1 digest enum
> > > > comment
> > > >
> > > > This patch fixes improper SHA-1 digest size in the enum comment.
> > > >
> > > > Fixes: 1bd407fac80b ("cryptodev: extract symmetric operations")
> > > > Cc: stable@dpdk.org
> > > >
> > > > Signed-off-by: Adam Dybkowski <adamx.dybkowski@intel.com>
> > > > ---
> > > > lib/librte_cryptodev/rte_crypto_sym.h | 4 ++--
> > > > 1 file changed, 2 insertions(+), 2 deletions(-)
> > > >
> > > > diff --git a/lib/librte_cryptodev/rte_crypto_sym.h
> > > > b/lib/librte_cryptodev/rte_crypto_sym.h
> > > > index d9585ecd6..9cea4e5f0 100644
> > > > --- a/lib/librte_cryptodev/rte_crypto_sym.h
> > > > +++ b/lib/librte_cryptodev/rte_crypto_sym.h
> > > > @@ -269,9 +269,9 @@ enum rte_crypto_auth_algorithm {
> > > > /**< HMAC using MD5 algorithm */
> > > >
> > > > RTE_CRYPTO_AUTH_SHA1,
> > > > - /**< 128 bit SHA algorithm. */
> > > > + /**< 160 bit SHA algorithm. */
> > > > RTE_CRYPTO_AUTH_SHA1_HMAC,
> > > > - /**< HMAC using 128 bit SHA algorithm. */
> > > > + /**< HMAC using 160 bit SHA algorithm. */
> > >
> > > [Anoob] This raises one interesting question. Is HMAC-SHA-1-96
> > > (https://urldefense.proofpoint.com/v2/url?u=https-3A__tools.ietf.org
> > > _h
> > >
> >
> tml_rfc2404&d=DwIFAg&c=nKjWec2b6R0mOyPaz7xtfQ&r=jPfB8rwwviRSxyL
> Ws2
> > n6B-
> >
> WYLn1v9SyTMrT5EQqh2TU&m=pgqB2BfFosCF_7l1SdoodgXcipf7G1ofht68ZK
> Mt
> > oW0&s=hxzUN2QfRJGaR7NQ7VKGm5oQvOZez6Z70mqOyg7gKTY&e= )
> treated as a
> > separate algorithm or is it a digest size variant of
> > RTE_CRYPTO_AUTH_SHA1_HMAC? I assume the later.
> >
> > [Adam] DPDK doesn't have separate enums for such variations. According
> > to RFC 2104, chapter "5. Truncated output", the calculation of
> > HMAC-SHA-1-96 is done using ordinary HMAC-SHA-1, but the calculation
> > result is then truncated to 96 bits, or any other digest size provided in auth
> xform.
>
> [Anoob] So it is allowed to support digest sizes 12 & 20, right? Can you
> update the above comment in that case?
[Adam] This depends on a particular PMD and its capabilities so we cannot write here in this public header file. For example, have a look in the capabilities structure of QAT PMD:
{ /* SHA1 */ \
.op = RTE_CRYPTO_OP_TYPE_SYMMETRIC, \
{.sym = { \
.xform_type = RTE_CRYPTO_SYM_XFORM_AUTH, \
{.auth = { \
.algo = RTE_CRYPTO_AUTH_SHA1, \
.block_size = 64, \
.key_size = { \
.min = 0, \
.max = 0, \
.increment = 0 \
}, \
.digest_size = { \
.min = 1, \
.max = 20, \
.increment = 1 \
}, \
.iv_size = { 0 } \
}, } \
}, } \
}, \
It shows QAT PMD is able to truncate the output digest to any size from 1 to 20 bytes (160 bits).
This can be different in other PMDs, for example OpenSSL and CCP PMDs allow only 20-byte digests here while Marvell MVSAM allows 12-20 bytes.
Adam
^ permalink raw reply [flat|nested] 8+ messages in thread
* Re: [dpdk-stable] [dpdk-dev] [PATCH] cryptodev: fix SHA-1 digest enum comment
2020-05-19 10:11 ` Dybkowski, AdamX
@ 2020-05-19 10:29 ` Trahe, Fiona
2020-05-19 10:47 ` Anoob Joseph
2020-05-19 12:19 ` Dybkowski, AdamX
0 siblings, 2 replies; 8+ messages in thread
From: Trahe, Fiona @ 2020-05-19 10:29 UTC (permalink / raw)
To: Dybkowski, AdamX, Anoob Joseph, dev, akhil.goyal; +Cc: stable, Trahe, Fiona
Hi Adam, Anoob,
> > > >
> > > > > -----Original Message-----
> > > > > From: dev <dev-bounces@dpdk.org> On Behalf Of Adam Dybkowski
> > > > > Sent: Monday, May 18, 2020 7:54 PM
> > > > > To: dev@dpdk.org; fiona.trahe@intel.com; akhil.goyal@nxp.com
> > > > > Cc: Adam Dybkowski <adamx.dybkowski@intel.com>; stable@dpdk.org
> > > > > Subject: [dpdk-dev] [PATCH] cryptodev: fix SHA-1 digest enum
> > > > > comment
> > > > >
> > > > > This patch fixes improper SHA-1 digest size in the enum comment.
> > > > >
> > > > > Fixes: 1bd407fac80b ("cryptodev: extract symmetric operations")
> > > > > Cc: stable@dpdk.org
> > > > >
> > > > > Signed-off-by: Adam Dybkowski <adamx.dybkowski@intel.com>
> > > > > ---
> > > > > lib/librte_cryptodev/rte_crypto_sym.h | 4 ++--
> > > > > 1 file changed, 2 insertions(+), 2 deletions(-)
> > > > >
> > > > > diff --git a/lib/librte_cryptodev/rte_crypto_sym.h
> > > > > b/lib/librte_cryptodev/rte_crypto_sym.h
> > > > > index d9585ecd6..9cea4e5f0 100644
> > > > > --- a/lib/librte_cryptodev/rte_crypto_sym.h
> > > > > +++ b/lib/librte_cryptodev/rte_crypto_sym.h
> > > > > @@ -269,9 +269,9 @@ enum rte_crypto_auth_algorithm {
> > > > > /**< HMAC using MD5 algorithm */
> > > > >
> > > > > RTE_CRYPTO_AUTH_SHA1,
> > > > > - /**< 128 bit SHA algorithm. */
> > > > > + /**< 160 bit SHA algorithm. */
> > > > > RTE_CRYPTO_AUTH_SHA1_HMAC,
> > > > > - /**< HMAC using 128 bit SHA algorithm. */
> > > > > + /**< HMAC using 160 bit SHA algorithm. */
> > > >
> > > > [Anoob] This raises one interesting question. Is HMAC-SHA-1-96
> > > > (https://urldefense.proofpoint.com/v2/url?u=https-3A__tools.ietf.org
> > > > _h
> > > >
> > >
> > tml_rfc2404&d=DwIFAg&c=nKjWec2b6R0mOyPaz7xtfQ&r=jPfB8rwwviRSxyL
> > Ws2
> > > n6B-
> > >
> > WYLn1v9SyTMrT5EQqh2TU&m=pgqB2BfFosCF_7l1SdoodgXcipf7G1ofht68ZK
> > Mt
> > > oW0&s=hxzUN2QfRJGaR7NQ7VKGm5oQvOZez6Z70mqOyg7gKTY&e= )
> > treated as a
> > > separate algorithm or is it a digest size variant of
> > > RTE_CRYPTO_AUTH_SHA1_HMAC? I assume the later.
> > >
> > > [Adam] DPDK doesn't have separate enums for such variations. According
> > > to RFC 2104, chapter "5. Truncated output", the calculation of
> > > HMAC-SHA-1-96 is done using ordinary HMAC-SHA-1, but the calculation
> > > result is then truncated to 96 bits, or any other digest size provided in auth
> > xform.
> >
> > [Anoob] So it is allowed to support digest sizes 12 & 20, right? Can you
> > update the above comment in that case?
>
> [Adam] This depends on a particular PMD and its capabilities so we cannot write here in this public
> header file. For example, have a look in the capabilities structure of QAT PMD:
>
> { /* SHA1 */ \
> .op = RTE_CRYPTO_OP_TYPE_SYMMETRIC, \
> {.sym = { \
> .xform_type = RTE_CRYPTO_SYM_XFORM_AUTH, \
> {.auth = { \
> .algo = RTE_CRYPTO_AUTH_SHA1, \
> .block_size = 64, \
> .key_size = { \
> .min = 0, \
> .max = 0, \
> .increment = 0 \
> }, \
> .digest_size = { \
> .min = 1, \
> .max = 20, \
> .increment = 1 \
> }, \
> .iv_size = { 0 } \
> }, } \
> }, } \
> }, \
>
> It shows QAT PMD is able to truncate the output digest to any size from 1 to 20 bytes (160 bits).
>
> This can be different in other PMDs, for example OpenSSL and CCP PMDs allow only 20-byte digests
> here while Marvell MVSAM allows 12-20 bytes.
>
> Adam
[Fiona] True. But as 96 bits is a standard variant described in the spec, how about adding
/**< HMAC using 160 bit SHA algorithm.
HMAC-SHA-1-96 can be generated by setting digest_size to 12 */
This doesn't imply that all PMDs must support that - same as for any other feature, the capabilities can vary.
^ permalink raw reply [flat|nested] 8+ messages in thread
* Re: [dpdk-stable] [dpdk-dev] [PATCH] cryptodev: fix SHA-1 digest enum comment
2020-05-19 10:29 ` Trahe, Fiona
@ 2020-05-19 10:47 ` Anoob Joseph
2020-05-19 12:19 ` Dybkowski, AdamX
1 sibling, 0 replies; 8+ messages in thread
From: Anoob Joseph @ 2020-05-19 10:47 UTC (permalink / raw)
To: Trahe, Fiona, Dybkowski, AdamX, dev, akhil.goyal; +Cc: stable
Hi Fiona,
Please see inline.
Thanks,
Anoob
> -----Original Message-----
> From: Trahe, Fiona <fiona.trahe@intel.com>
> Sent: Tuesday, May 19, 2020 3:59 PM
> To: Dybkowski, AdamX <adamx.dybkowski@intel.com>; Anoob Joseph
> <anoobj@marvell.com>; dev@dpdk.org; akhil.goyal@nxp.com
> Cc: stable@dpdk.org; Trahe, Fiona <fiona.trahe@intel.com>
> Subject: [EXT] RE: [dpdk-dev] [PATCH] cryptodev: fix SHA-1 digest enum
> comment
>
> External Email
>
> ----------------------------------------------------------------------
> Hi Adam, Anoob,
>
>
> > > > >
> > > > > > -----Original Message-----
> > > > > > From: dev <dev-bounces@dpdk.org> On Behalf Of Adam Dybkowski
> > > > > > Sent: Monday, May 18, 2020 7:54 PM
> > > > > > To: dev@dpdk.org; fiona.trahe@intel.com; akhil.goyal@nxp.com
> > > > > > Cc: Adam Dybkowski <adamx.dybkowski@intel.com>;
> > > > > > stable@dpdk.org
> > > > > > Subject: [dpdk-dev] [PATCH] cryptodev: fix SHA-1 digest enum
> > > > > > comment
> > > > > >
> > > > > > This patch fixes improper SHA-1 digest size in the enum comment.
> > > > > >
> > > > > > Fixes: 1bd407fac80b ("cryptodev: extract symmetric
> > > > > > operations")
> > > > > > Cc: stable@dpdk.org
> > > > > >
> > > > > > Signed-off-by: Adam Dybkowski <adamx.dybkowski@intel.com>
> > > > > > ---
> > > > > > lib/librte_cryptodev/rte_crypto_sym.h | 4 ++--
> > > > > > 1 file changed, 2 insertions(+), 2 deletions(-)
> > > > > >
> > > > > > diff --git a/lib/librte_cryptodev/rte_crypto_sym.h
> > > > > > b/lib/librte_cryptodev/rte_crypto_sym.h
> > > > > > index d9585ecd6..9cea4e5f0 100644
> > > > > > --- a/lib/librte_cryptodev/rte_crypto_sym.h
> > > > > > +++ b/lib/librte_cryptodev/rte_crypto_sym.h
> > > > > > @@ -269,9 +269,9 @@ enum rte_crypto_auth_algorithm {
> > > > > > /**< HMAC using MD5 algorithm */
> > > > > >
> > > > > > RTE_CRYPTO_AUTH_SHA1,
> > > > > > - /**< 128 bit SHA algorithm. */
> > > > > > + /**< 160 bit SHA algorithm. */
> > > > > > RTE_CRYPTO_AUTH_SHA1_HMAC,
> > > > > > - /**< HMAC using 128 bit SHA algorithm. */
> > > > > > + /**< HMAC using 160 bit SHA algorithm. */
> > > > >
> > > > > [Anoob] This raises one interesting question. Is HMAC-SHA-1-96
> > > > > (https://urldefense.proofpoint.com/v2/url?u=https-3A__tools.ietf
> > > > > .org
> > > > > _h
> > > > >
> > > >
> > > tml_rfc2404&d=DwIFAg&c=nKjWec2b6R0mOyPaz7xtfQ&r=jPfB8rwwviRSxyL
> > > Ws2
> > > > n6B-
> > > >
> > > WYLn1v9SyTMrT5EQqh2TU&m=pgqB2BfFosCF_7l1SdoodgXcipf7G1ofht68ZK
> > > Mt
> > > > oW0&s=hxzUN2QfRJGaR7NQ7VKGm5oQvOZez6Z70mqOyg7gKTY&e= )
> > > treated as a
> > > > separate algorithm or is it a digest size variant of
> > > > RTE_CRYPTO_AUTH_SHA1_HMAC? I assume the later.
> > > >
> > > > [Adam] DPDK doesn't have separate enums for such variations.
> > > > According to RFC 2104, chapter "5. Truncated output", the
> > > > calculation of
> > > > HMAC-SHA-1-96 is done using ordinary HMAC-SHA-1, but the
> > > > calculation result is then truncated to 96 bits, or any other
> > > > digest size provided in auth
> > > xform.
> > >
> > > [Anoob] So it is allowed to support digest sizes 12 & 20, right? Can
> > > you update the above comment in that case?
> >
> > [Adam] This depends on a particular PMD and its capabilities so we
> > cannot write here in this public header file. For example, have a look in the
> capabilities structure of QAT PMD:
> >
> > { /* SHA1 */ \
> > .op = RTE_CRYPTO_OP_TYPE_SYMMETRIC,
> \
> > {.sym = { \
> > .xform_type = RTE_CRYPTO_SYM_XFORM_AUTH,
> \
> > {.auth = { \
> > .algo = RTE_CRYPTO_AUTH_SHA1,
> \
> > .block_size = 64, \
> > .key_size = { \
> > .min = 0, \
> > .max = 0, \
> > .increment = 0 \
> > }, \
> > .digest_size = { \
> > .min = 1, \
> > .max = 20, \
> > .increment = 1 \
> > }, \
> > .iv_size = { 0 } \
> > }, } \
> > }, } \
> > }, \
> >
> > It shows QAT PMD is able to truncate the output digest to any size from 1 to
> 20 bytes (160 bits).
> >
> > This can be different in other PMDs, for example OpenSSL and CCP PMDs
> > allow only 20-byte digests here while Marvell MVSAM allows 12-20 bytes.
> >
> > Adam
> [Fiona] True. But as 96 bits is a standard variant described in the spec, how
> about adding
>
> /**< HMAC using 160 bit SHA algorithm.
> HMAC-SHA-1-96 can be generated by setting digest_size to 12 */
>
> This doesn't imply that all PMDs must support that - same as for any other
> feature, the capabilities can vary.
[Anoob] Your suggestion sounds ok to me.
One confusion though.
For SHA224 etc, the RFC specifies fixed digest size (like 224 bits or 28 bytes). So the comment in the spec/library is accurate, but QAT has digest size of 1-28 bytes. Is that correct? The comment in the spec says, "224 bit SHA algorithm" but if other digest sizes are supported, that comment becomes invalid, right?
^ permalink raw reply [flat|nested] 8+ messages in thread
* Re: [dpdk-stable] [dpdk-dev] [PATCH] cryptodev: fix SHA-1 digest enum comment
2020-05-19 10:29 ` Trahe, Fiona
2020-05-19 10:47 ` Anoob Joseph
@ 2020-05-19 12:19 ` Dybkowski, AdamX
1 sibling, 0 replies; 8+ messages in thread
From: Dybkowski, AdamX @ 2020-05-19 12:19 UTC (permalink / raw)
To: Trahe, Fiona, Anoob Joseph, dev, akhil.goyal; +Cc: stable
> -----Original Message-----
> From: Trahe, Fiona <fiona.trahe@intel.com>
> Sent: Tuesday, 19 May, 2020 12:29
> To: Dybkowski, AdamX <adamx.dybkowski@intel.com>; Anoob Joseph
> <anoobj@marvell.com>; dev@dpdk.org; akhil.goyal@nxp.com
> Cc: stable@dpdk.org; Trahe, Fiona <fiona.trahe@intel.com>
> Subject: RE: [dpdk-dev] [PATCH] cryptodev: fix SHA-1 digest enum comment
>
> Hi Adam, Anoob,
>
>
> > > > >
> > > > > > -----Original Message-----
> > > > > > From: dev <dev-bounces@dpdk.org> On Behalf Of Adam Dybkowski
> > > > > > Sent: Monday, May 18, 2020 7:54 PM
> > > > > > To: dev@dpdk.org; fiona.trahe@intel.com; akhil.goyal@nxp.com
> > > > > > Cc: Adam Dybkowski <adamx.dybkowski@intel.com>;
> > > > > > stable@dpdk.org
> > > > > > Subject: [dpdk-dev] [PATCH] cryptodev: fix SHA-1 digest enum
> > > > > > comment
> > > > > >
> > > > > > This patch fixes improper SHA-1 digest size in the enum comment.
> > > > > >
> > > > > > Fixes: 1bd407fac80b ("cryptodev: extract symmetric
> > > > > > operations")
> > > > > > Cc: stable@dpdk.org
> > > > > >
> > > > > > Signed-off-by: Adam Dybkowski <adamx.dybkowski@intel.com>
> > > > > > ---
> > > > > > lib/librte_cryptodev/rte_crypto_sym.h | 4 ++--
> > > > > > 1 file changed, 2 insertions(+), 2 deletions(-)
> > > > > >
> > > > > > diff --git a/lib/librte_cryptodev/rte_crypto_sym.h
> > > > > > b/lib/librte_cryptodev/rte_crypto_sym.h
> > > > > > index d9585ecd6..9cea4e5f0 100644
> > > > > > --- a/lib/librte_cryptodev/rte_crypto_sym.h
> > > > > > +++ b/lib/librte_cryptodev/rte_crypto_sym.h
> > > > > > @@ -269,9 +269,9 @@ enum rte_crypto_auth_algorithm {
> > > > > > /**< HMAC using MD5 algorithm */
> > > > > >
> > > > > > RTE_CRYPTO_AUTH_SHA1,
> > > > > > - /**< 128 bit SHA algorithm. */
> > > > > > + /**< 160 bit SHA algorithm. */
> > > > > > RTE_CRYPTO_AUTH_SHA1_HMAC,
> > > > > > - /**< HMAC using 128 bit SHA algorithm. */
> > > > > > + /**< HMAC using 160 bit SHA algorithm. */
> > > > >
> > > > > [Anoob] This raises one interesting question. Is HMAC-SHA-1-96
> > > > > (https://urldefense.proofpoint.com/v2/url?u=https-3A__tools.ietf
> > > > > .org
> > > > > _h
> > > > >
> > > >
> > >
> tml_rfc2404&d=DwIFAg&c=nKjWec2b6R0mOyPaz7xtfQ&r=jPfB8rwwviRSxyL
> > > Ws2
> > > > n6B-
> > > >
> > >
> WYLn1v9SyTMrT5EQqh2TU&m=pgqB2BfFosCF_7l1SdoodgXcipf7G1ofht68ZK
> > > Mt
> > > > oW0&s=hxzUN2QfRJGaR7NQ7VKGm5oQvOZez6Z70mqOyg7gKTY&e= )
> > > treated as a
> > > > separate algorithm or is it a digest size variant of
> > > > RTE_CRYPTO_AUTH_SHA1_HMAC? I assume the later.
> > > >
> > > > [Adam] DPDK doesn't have separate enums for such variations.
> > > > According to RFC 2104, chapter "5. Truncated output", the
> > > > calculation of
> > > > HMAC-SHA-1-96 is done using ordinary HMAC-SHA-1, but the
> > > > calculation result is then truncated to 96 bits, or any other
> > > > digest size provided in auth
> > > xform.
> > >
> > > [Anoob] So it is allowed to support digest sizes 12 & 20, right? Can
> > > you update the above comment in that case?
> >
> > [Adam] This depends on a particular PMD and its capabilities so we
> > cannot write here in this public header file. For example, have a look in the
> capabilities structure of QAT PMD:
> >
> > { /* SHA1 */ \
> > .op = RTE_CRYPTO_OP_TYPE_SYMMETRIC,
> \
> > {.sym = { \
> > .xform_type = RTE_CRYPTO_SYM_XFORM_AUTH,
> \
> > {.auth = { \
> > .algo = RTE_CRYPTO_AUTH_SHA1,
> \
> > .block_size = 64, \
> > .key_size = { \
> > .min = 0, \
> > .max = 0, \
> > .increment = 0 \
> > }, \
> > .digest_size = { \
> > .min = 1, \
> > .max = 20, \
> > .increment = 1 \
> > }, \
> > .iv_size = { 0 } \
> > }, } \
> > }, } \
> > }, \
> >
> > It shows QAT PMD is able to truncate the output digest to any size from 1
> to 20 bytes (160 bits).
> >
> > This can be different in other PMDs, for example OpenSSL and CCP PMDs
> > allow only 20-byte digests here while Marvell MVSAM allows 12-20 bytes.
> >
> > Adam
> [Fiona] True. But as 96 bits is a standard variant described in the spec, how
> about adding
>
> /**< HMAC using 160 bit SHA algorithm.
> HMAC-SHA-1-96 can be generated by setting digest_size to 12 */
[Adam] OK, sent this update as v2.
> This doesn't imply that all PMDs must support that - same as for any other
> feature, the capabilities can vary.
^ permalink raw reply [flat|nested] 8+ messages in thread
end of thread, other threads:[~2020-05-19 12:19 UTC | newest]
Thread overview: 8+ messages (download: mbox.gz / follow: Atom feed)
-- links below jump to the message on this page --
2020-05-18 14:23 [dpdk-stable] [PATCH] cryptodev: fix SHA-1 digest enum comment Adam Dybkowski
2020-05-19 5:54 ` [dpdk-stable] [dpdk-dev] " Anoob Joseph
2020-05-19 9:31 ` Dybkowski, AdamX
2020-05-19 9:40 ` Anoob Joseph
2020-05-19 10:11 ` Dybkowski, AdamX
2020-05-19 10:29 ` Trahe, Fiona
2020-05-19 10:47 ` Anoob Joseph
2020-05-19 12:19 ` Dybkowski, AdamX
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).