generic ahash question

generic ahash question

[Pascal Van Leeuwen]

Hi,

I recall reading somewhere in the Linux Crypto documentation that support for finup() and digest()
calls were explicitly added to support hardware that couldn't handle seperate init/update/final
calls so they could at least be used with e.g. the IPsec stack.  I also noticed that testmgr *does*
 attempt to verify these seperate calls ...

So I'm guessing there must be some flags that I can set to indicate I'm not supporting seperate
init/update/final calls so that testmgr skips those specific tests? Which flag(s) do I need to set?

Regards,
Pascal van Leeuwen
Silicon IP Architect, Multi-Protocol Engines @ Verimatrix
www.insidesecure.com

Re: generic ahash question

[Herbert Xu]

On Fri, Jul 19, 2019 at 02:41:03PM +0000, Pascal Van Leeuwen wrote:
> 
> So I'm guessing there must be some flags that I can set to indicate I'm not supporting seperate
> init/update/final calls so that testmgr skips those specific tests? Which flag(s) do I need to set?

All implementations must support all of these calls.  If your
hardware cannot produce non-finalised output, then what you need
to do is use a fallback for init/update and then implement final,
finup and digest.  If your hardware can't even accept non-finalised
input, then you will need to use a fallback for everything but
digest.

Since IPsec uses the digest call it would still be able to benefit.

Cheers,
-- 
Email: Herbert Xu <herbert@gondor.apana.org.au>
Home Page: http://gondor.apana.org.au/~herbert/
PGP Key: http://gondor.apana.org.au/~herbert/pubkey.txt

RE: generic ahash question

[Pascal Van Leeuwen]

> -----Original Message-----
> From: linux-crypto-owner@vger.kernel.org <linux-crypto-owner@vger.kernel.org> On Behalf Of Herbert Xu
> Sent: Friday, July 19, 2019 4:58 PM
> To: Pascal Van Leeuwen <pvanleeuwen@verimatrix.com>
> Cc: linux-crypto@vger.kernel.org; David S. Miller <davem@davemloft.net>
> Subject: Re: generic ahash question
> 
> On Fri, Jul 19, 2019 at 02:41:03PM +0000, Pascal Van Leeuwen wrote:
> >
> > So I'm guessing there must be some flags that I can set to indicate I'm not supporting seperate
> > init/update/final calls so that testmgr skips those specific tests? Which flag(s) do I need to set?
> 
> All implementations must support all of these calls.  If your
> hardware cannot produce non-finalised output, then what you need
> to do is use a fallback for init/update and then implement final,
> finup and digest.  If your hardware can't even accept non-finalised
> input, then you will need to use a fallback for everything but
> digest.
> 
Thanks, that was sort of the answer I was fearing :-)
So I guess I'll opt for door number 3 for now: don't advertise the algorithm unless
someone comes with a very solid use case for accelerating it ...

> Since IPsec uses the digest call it would still be able to benefit.
> 
For IPsec I don't need the standalone MACs anyway since I also advertise the
combined AEAD constructs which are far more efficient to use on our HW.

> Cheers,
> --
> Email: Herbert Xu <herbert@gondor.apana.org.au>
> Home Page: http://gondor.apana.org.au/~herbert/
> PGP Key: http://gondor.apana.org.au/~herbert/pubkey.txt



Regards,
Pascal van Leeuwen
Silicon IP Architect, Multi-Protocol Engines @ Verimatrix
www.insidesecure.com

Re: generic ahash question

[Eric Biggers]

On Fri, Jul 19, 2019 at 02:41:03PM +0000, Pascal Van Leeuwen wrote:
> Hi,
> 
> I recall reading somewhere in the Linux Crypto documentation that support for finup() and digest()
> calls were explicitly added to support hardware that couldn't handle seperate init/update/final
> calls so they could at least be used with e.g. the IPsec stack.  I also noticed that testmgr *does*
>  attempt to verify these seperate calls ...
> 
> So I'm guessing there must be some flags that I can set to indicate I'm not supporting seperate
> init/update/final calls so that testmgr skips those specific tests? Which flag(s) do I need to set?
> 

Where does the documentation say that?

AFAICS, init/update/final have been mandatory for at least 9 years, as that's
when testmgr started testing it.  See:

	commit a8f1a05292db8b410be47fa905669672011f0343
	Author: David S. Miller <davem@davemloft.net>
	Date:   Wed May 19 14:12:03 2010 +1000

	    crypto: testmgr - Add testing for async hashing and update/final

- Eric

RE: generic ahash question

[Pascal Van Leeuwen]

> -----Original Message-----
> From: linux-crypto-owner@vger.kernel.org <linux-crypto-owner@vger.kernel.org> On Behalf Of Eric Biggers
> Sent: Friday, July 19, 2019 6:23 PM
> To: Pascal Van Leeuwen <pvanleeuwen@verimatrix.com>
> Cc: linux-crypto@vger.kernel.org; Herbert Xu <herbert@gondor.apana.org.au>; David S. Miller <davem@davemloft.net>
> Subject: Re: generic ahash question
> 
> On Fri, Jul 19, 2019 at 02:41:03PM +0000, Pascal Van Leeuwen wrote:
> > Hi,
> >
> > I recall reading somewhere in the Linux Crypto documentation that support for finup() and digest()
> > calls were explicitly added to support hardware that couldn't handle seperate init/update/final
> > calls so they could at least be used with e.g. the IPsec stack.  I also noticed that testmgr *does*
> >  attempt to verify these seperate calls ...
> >
> > So I'm guessing there must be some flags that I can set to indicate I'm not supporting seperate
> > init/update/final calls so that testmgr skips those specific tests? Which flag(s) do I need to set?
> >
> 
> Where does the documentation say that?

For finup:
"As some hardware cannot do update and final separately, this callback was added to allow such 
hardware to be used at least by IPsec"

For digest:
"Just like finup, this was added for hardware which cannot do even the finup, but can only do the 
whole transformation in one run."

Those statement sort of imply (to me) that it's OK to only support digest or only finup and digest.

> 
> AFAICS, init/update/final have been mandatory for at least 9 years, as that's
> when testmgr started testing it.  See:

I just spotted some [mandatory] tags as well ... must've missed those on the previous read, 
I'm not good with details, I'm more of a big picture guy.

Not that I was expecting a different answer anyway :-) Just being hopeful.

> 
> 	commit a8f1a05292db8b410be47fa905669672011f0343
> 	Author: David S. Miller <davem@davemloft.net>
> 	Date:   Wed May 19 14:12:03 2010 +1000
> 
> 	    crypto: testmgr - Add testing for async hashing and update/final
> 
> - Eric

Regards,
Pascal van Leeuwen
Silicon IP Architect, Multi-Protocol Engines @ Verimatrix
www.insidesecure.com

Re: generic ahash question

[Eric Biggers]

On Fri, Jul 19, 2019 at 07:33:30PM +0000, Pascal Van Leeuwen wrote:
> > -----Original Message-----
> > From: linux-crypto-owner@vger.kernel.org <linux-crypto-owner@vger.kernel.org> On Behalf Of Eric Biggers
> > Sent: Friday, July 19, 2019 6:23 PM
> > To: Pascal Van Leeuwen <pvanleeuwen@verimatrix.com>
> > Cc: linux-crypto@vger.kernel.org; Herbert Xu <herbert@gondor.apana.org.au>; David S. Miller <davem@davemloft.net>
> > Subject: Re: generic ahash question
> > 
> > On Fri, Jul 19, 2019 at 02:41:03PM +0000, Pascal Van Leeuwen wrote:
> > > Hi,
> > >
> > > I recall reading somewhere in the Linux Crypto documentation that support for finup() and digest()
> > > calls were explicitly added to support hardware that couldn't handle seperate init/update/final
> > > calls so they could at least be used with e.g. the IPsec stack.  I also noticed that testmgr *does*
> > >  attempt to verify these seperate calls ...
> > >
> > > So I'm guessing there must be some flags that I can set to indicate I'm not supporting seperate
> > > init/update/final calls so that testmgr skips those specific tests? Which flag(s) do I need to set?
> > >
> > 
> > Where does the documentation say that?
> 
> For finup:
> "As some hardware cannot do update and final separately, this callback was added to allow such 
> hardware to be used at least by IPsec"
> 
> For digest:
> "Just like finup, this was added for hardware which cannot do even the finup, but can only do the 
> whole transformation in one run."
> 
> Those statement sort of imply (to me) that it's OK to only support digest or only finup and digest.
> 

Can you send a patch to fix this documentation?

- Eric

RE: generic ahash question

[Pascal Van Leeuwen]

> -----Original Message-----
> From: linux-crypto-owner@vger.kernel.org <linux-crypto-owner@vger.kernel.org> On Behalf Of Eric Biggers
> Sent: Friday, July 19, 2019 10:07 PM
> To: Pascal Van Leeuwen <pvanleeuwen@verimatrix.com>
> Cc: linux-crypto@vger.kernel.org; Herbert Xu <herbert@gondor.apana.org.au>; David S. Miller <davem@davemloft.net>
> Subject: Re: generic ahash question
> 
> On Fri, Jul 19, 2019 at 07:33:30PM +0000, Pascal Van Leeuwen wrote:
> > > -----Original Message-----
> > > From: linux-crypto-owner@vger.kernel.org <linux-crypto-owner@vger.kernel.org> On Behalf Of Eric Biggers
> > > Sent: Friday, July 19, 2019 6:23 PM
> > > To: Pascal Van Leeuwen <pvanleeuwen@verimatrix.com>
> > > Cc: linux-crypto@vger.kernel.org; Herbert Xu <herbert@gondor.apana.org.au>; David S. Miller <davem@davemloft.net>
> > > Subject: Re: generic ahash question
> > >
> > > On Fri, Jul 19, 2019 at 02:41:03PM +0000, Pascal Van Leeuwen wrote:
> > > > Hi,
> > > >
> > > > I recall reading somewhere in the Linux Crypto documentation that support for finup() and digest()
> > > > calls were explicitly added to support hardware that couldn't handle seperate init/update/final
> > > > calls so they could at least be used with e.g. the IPsec stack.  I also noticed that testmgr *does*
> > > >  attempt to verify these seperate calls ...
> > > >
> > > > So I'm guessing there must be some flags that I can set to indicate I'm not supporting seperate
> > > > init/update/final calls so that testmgr skips those specific tests? Which flag(s) do I need to set?
> > > >
> > >
> > > Where does the documentation say that?
> >
> > For finup:
> > "As some hardware cannot do update and final separately, this callback was added to allow such
> > hardware to be used at least by IPsec"
> >
> > For digest:
> > "Just like finup, this was added for hardware which cannot do even the finup, but can only do the
> > whole transformation in one run."
> >
> > Those statement sort of imply (to me) that it's OK to only support digest or only finup and digest.
> >
> 
> Can you send a patch to fix this documentation?
> 
I could add some big fat disclaimer somewhere, but admittedly I just did not read or
remember thoroughly enough. And perhaps my memory was just being selective,
only remembering the parts that suited me well (it usually does :-).

Still, it seems rather odd to on the one hand acknowledge the fact that there is 
hardware out there with these limitations, and add  specific support for that, and 
on the other hand burden their drivers with implementing all these fallbacks.
That's why I assumed there must be some flags somehere to indicate to the API
that it should not bother my driver with requests requiring init/update/final.
Which I now know is not the case, so fine, I either implement the fallbacks or I
just don't bother supporting the algorithm.

Regards,
Pascal van Leeuwen
Silicon IP Architect, Multi-Protocol Engines @ Verimatrix
www.insidesecure.com

Re: generic ahash question

[Herbert Xu]

On Fri, Jul 19, 2019 at 09:30:20PM +0000, Pascal Van Leeuwen wrote:
>
> Still, it seems rather odd to on the one hand acknowledge the fact that there is 
> hardware out there with these limitations, and add  specific support for that, and 
> on the other hand burden their drivers with implementing all these fallbacks.
> That's why I assumed there must be some flags somehere to indicate to the API
> that it should not bother my driver with requests requiring init/update/final.
> Which I now know is not the case, so fine, I either implement the fallbacks or I
> just don't bother supporting the algorithm.

If we could abstract out the fallback stuff so that it could be
reused in multiple drivers then we should do that.  It's just
that there hasn't been enough of a need to do this up until now.

Cheers,
-- 
Email: Herbert Xu <herbert@gondor.apana.org.au>
Home Page: http://gondor.apana.org.au/~herbert/
PGP Key: http://gondor.apana.org.au/~herbert/pubkey.txt