From mboxrd@z Thu Jan 1 00:00:00 1970 From: Akhil Goyal Subject: Re: [PATCH v2] crypto/openssl: support truncated HMAC operations Date: Fri, 28 Sep 2018 15:58:06 +0530 Message-ID: <3bf1a0fd-d4e3-b9ab-0d13-260fc6dad18e@nxp.com> References: <20180916031823.17560-1-dmitry.ereminsolenikov@linaro.org> <37565196-8048-fd4b-3e88-7fe3d09236f8@nxp.com> <2c10f1e1-d3b6-ee04-4df3-ca847febc416@linaro.org> Mime-Version: 1.0 Content-Type: text/plain; charset=utf-8; format=flowed Content-Transfer-Encoding: 8bit To: Dmitry Eremin-Solenikov , dev@dpdk.org Return-path: Received: from EUR01-HE1-obe.outbound.protection.outlook.com (mail-he1eur01on0057.outbound.protection.outlook.com [104.47.0.57]) by dpdk.org (Postfix) with ESMTP id E0A351B148 for ; Fri, 28 Sep 2018 12:28:36 +0200 (CEST) In-Reply-To: <2c10f1e1-d3b6-ee04-4df3-ca847febc416@linaro.org> Content-Language: en-US List-Id: DPDK patches and discussions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: dev-bounces@dpdk.org Sender: "dev" On 9/28/2018 3:02 AM, Dmitry Eremin-Solenikov wrote: > On 25/09/18 17:46, Akhil Goyal wrote: >> >> On 9/16/2018 8:48 AM, Dmitry Eremin-Solenikov wrote: >>> IPsec requires truncated HMAC operations support. Extend OpenSSL crypto >>> PMD to support truncated HMAC operations necessary for IPsec. >>> >>> Signed-off-by: Dmitry Eremin-Solenikov >>> >>> --- >>> Changes since V1: >>>   - support all digest sizes from half of corresponding digest size up to >>>     full length. >> Why can't we extend this to digest size starting from 1 to full length? >> Why is there a limitation for half of corresponding digest size? > Mainly because there is little point in supporting such truncated > digests. It won't be cryptographically safe. I believe we shall let the application decide the digest size and not make this a limitation of PMD. > >>> --- >>>   drivers/crypto/openssl/rte_openssl_pmd.c     | 19 ++++++++-------- >>>   drivers/crypto/openssl/rte_openssl_pmd_ops.c | 24 ++++++++++---------- >>>   2 files changed, 22 insertions(+), 21 deletions(-) >>> >>> diff --git a/drivers/crypto/openssl/rte_openssl_pmd.c >>> b/drivers/crypto/openssl/rte_openssl_pmd.c >>> index 7d263aba3bbd..c635f1e2493c 100644 >>> --- a/drivers/crypto/openssl/rte_openssl_pmd.c >>> +++ b/drivers/crypto/openssl/rte_openssl_pmd.c >>> @@ -1509,15 +1509,7 @@ process_openssl_auth_op(struct openssl_qp *qp, >>> struct rte_crypto_op *op, >>>         srclen = op->sym->auth.data.length; >>>   -    if (sess->auth.operation == RTE_CRYPTO_AUTH_OP_VERIFY) >>> -        dst = qp->temp_digest; >>> -    else { >>> -        dst = op->sym->auth.digest.data; >>> -        if (dst == NULL) >>> -            dst = rte_pktmbuf_mtod_offset(mbuf_dst, uint8_t *, >>> -                    op->sym->auth.data.offset + >>> -                    op->sym->auth.data.length); >>> -    } >>> +    dst = qp->temp_digest; >>>         switch (sess->auth.mode) { >>>       case OPENSSL_AUTH_AS_AUTH: >>> @@ -1540,6 +1532,15 @@ process_openssl_auth_op(struct openssl_qp *qp, >>> struct rte_crypto_op *op, >>>                   sess->auth.digest_length) != 0) { >>>               op->status = RTE_CRYPTO_OP_STATUS_AUTH_FAILED; >>>           } >>> +    } else { >>> +        uint8_t *auth_dst; >>> + >>> +        auth_dst = op->sym->auth.digest.data; >>> +        if (auth_dst == NULL) >>> +            auth_dst = rte_pktmbuf_mtod_offset(mbuf_dst, uint8_t *, >>> +                    op->sym->auth.data.offset + >>> +                    op->sym->auth.data.length); >>> +        memcpy(auth_dst, dst, sess->auth.digest_length); >>>       } >>>         if (status != 0) >>> diff --git a/drivers/crypto/openssl/rte_openssl_pmd_ops.c >>> b/drivers/crypto/openssl/rte_openssl_pmd_ops.c >>> index de2284390b12..6d3e21de404d 100644 >>> --- a/drivers/crypto/openssl/rte_openssl_pmd_ops.c >>> +++ b/drivers/crypto/openssl/rte_openssl_pmd_ops.c >>> @@ -26,9 +26,9 @@ static const struct rte_cryptodev_capabilities >>> openssl_pmd_capabilities[] = { >>>                       .increment = 1 >>>                   }, >>>                   .digest_size = { >>> -                    .min = 16, >>> +                    .min = 8, >>>                       .max = 16, >>> -                    .increment = 0 >>> +                    .increment = 1 >>>                   }, >>>                   .iv_size = { 0 } >>>               }, } >>> @@ -68,9 +68,9 @@ static const struct rte_cryptodev_capabilities >>> openssl_pmd_capabilities[] = { >>>                       .increment = 1 >>>                   }, >>>                   .digest_size = { >>> -                    .min = 20, >>> +                    .min = 10, >>>                       .max = 20, >>> -                    .increment = 0 >>> +                    .increment = 1 >>>                   }, >>>                   .iv_size = { 0 } >>>               }, } >>> @@ -110,9 +110,9 @@ static const struct rte_cryptodev_capabilities >>> openssl_pmd_capabilities[] = { >>>                       .increment = 1 >>>                   }, >>>                   .digest_size = { >>> -                    .min = 28, >>> +                    .min = 14, >>>                       .max = 28, >>> -                    .increment = 0 >>> +                    .increment = 1 >>>                   }, >>>                   .iv_size = { 0 } >>>               }, } >>> @@ -152,9 +152,9 @@ static const struct rte_cryptodev_capabilities >>> openssl_pmd_capabilities[] = { >>>                       .increment = 1 >>>                   }, >>>                   .digest_size = { >>> -                    .min = 32, >>> +                    .min = 16, >>>                       .max = 32, >>> -                    .increment = 0 >>> +                    .increment = 1 >>>                   }, >>>                   .iv_size = { 0 } >>>               }, } >>> @@ -194,9 +194,9 @@ static const struct rte_cryptodev_capabilities >>> openssl_pmd_capabilities[] = { >>>                       .increment = 1 >>>                   }, >>>                   .digest_size = { >>> -                    .min = 48, >>> +                    .min = 24, >>>                       .max = 48, >>> -                    .increment = 0 >>> +                    .increment = 1 >>>                   }, >>>                   .iv_size = { 0 } >>>               }, } >>> @@ -236,9 +236,9 @@ static const struct rte_cryptodev_capabilities >>> openssl_pmd_capabilities[] = { >>>                       .increment = 1 >>>                   }, >>>                   .digest_size = { >>> -                    .min = 64, >>> +                    .min = 32, >>>                       .max = 64, >>> -                    .increment = 0 >>> +                    .increment = 1 >>>                   }, >>>                   .iv_size = { 0 } >>>               }, } >