Hi,
Do we have any guidelines documented to decide what should be the
algorithm priority. Specially for authenc implementation.Most of the
drivers have fixed priority for all algos. Problem comes in when we
have cbc(aes), hmac(sha1) and authenc(cbc(aes),hmac(sha1))
implementation in driver. Base authenc driver gets more precedence
because of higher priority(enc->base.cra_priority * 10 +
auth_base->cra_priority;)
What should be the priority of
cbc(aes),
hmac(sha1)
authenc(cbc(aes),hmac(sha1))
Regards
Harsh Jain
Am Dienstag, 4. April 2017, 09:53:17 CEST schrieb Harsh Jain:
Hi Harsh,
> Hi,
>
> Do we have any guidelines documented to decide what should be the
> algorithm priority. Specially for authenc implementation.Most of the
> drivers have fixed priority for all algos. Problem comes in when we
> have cbc(aes), hmac(sha1) and authenc(cbc(aes),hmac(sha1))
> implementation in driver. Base authenc driver gets more precedence
> because of higher priority(enc->base.cra_priority * 10 +
> auth_base->cra_priority;)
>
> What should be the priority of
> cbc(aes),
> hmac(sha1)
> authenc(cbc(aes),hmac(sha1))
There is no general rule about the actual numbers. But commonly, the prios are
set such that the prios of C implementations < ASM implementations < hardware
accelerators. The idea is to give users the fastest implementation there is
for his particular system.
Ciao
Stephan
On Tue, Apr 4, 2017 at 6:07 PM, Stephan Müller <[email protected]> wrote:
> Am Dienstag, 4. April 2017, 09:53:17 CEST schrieb Harsh Jain:
>
> Hi Harsh,
>
>> Hi,
>>
>> Do we have any guidelines documented to decide what should be the
>> algorithm priority. Specially for authenc implementation.Most of the
>> drivers have fixed priority for all algos. Problem comes in when we
>> have cbc(aes), hmac(sha1) and authenc(cbc(aes),hmac(sha1))
>> implementation in driver. Base authenc driver gets more precedence
>> because of higher priority(enc->base.cra_priority * 10 +
>> auth_base->cra_priority;)
>>
>> What should be the priority of
>> cbc(aes),
>> hmac(sha1)
>> authenc(cbc(aes),hmac(sha1))
>
> There is no general rule about the actual numbers. But commonly, the prios are
> set such that the prios of C implementations < ASM implementations < hardware
> accelerators. The idea is to give users the fastest implementation there is
> for his particular system.
It means cbc, hmac should have smaller(nearly 10 times less) priority
than their authenc implementation otherwise request will not offload
to driver because sw authenc priority is (aes * 10 + hmac).
>
> Ciao
> Stephan
"authenc" and "hmac" are templates, not different implementations of a cipher.
Please take a look at:
https://kernel.readthedocs.io/en/sphinx-samples/crypto-API.html#terminology
On Thu, Apr 6, 2017 at 9:56 AM, Harsh Jain <[email protected]> wrote:
> On Tue, Apr 4, 2017 at 6:07 PM, Stephan Müller <[email protected]> wrote:
>> Am Dienstag, 4. April 2017, 09:53:17 CEST schrieb Harsh Jain:
>>
>> Hi Harsh,
>>
>>> Hi,
>>>
>>> Do we have any guidelines documented to decide what should be the
>>> algorithm priority. Specially for authenc implementation.Most of the
>>> drivers have fixed priority for all algos. Problem comes in when we
>>> have cbc(aes), hmac(sha1) and authenc(cbc(aes),hmac(sha1))
>>> implementation in driver. Base authenc driver gets more precedence
>>> because of higher priority(enc->base.cra_priority * 10 +
>>> auth_base->cra_priority;)
>>>
>>> What should be the priority of
>>> cbc(aes),
>>> hmac(sha1)
>>> authenc(cbc(aes),hmac(sha1))
>>
>> There is no general rule about the actual numbers. But commonly, the prios are
>> set such that the prios of C implementations < ASM implementations < hardware
>> accelerators. The idea is to give users the fastest implementation there is
>> for his particular system.
>
> It means cbc, hmac should have smaller(nearly 10 times less) priority
> than their authenc implementation otherwise request will not offload
> to driver because sw authenc priority is (aes * 10 + hmac).
>
>>
>> Ciao
>> Stephan
Harsh Jain <[email protected]> wrote:
>
> It means cbc, hmac should have smaller(nearly 10 times less) priority
> than their authenc implementation otherwise request will not offload
> to driver because sw authenc priority is (aes * 10 + hmac).
I think you should look at it the other way. The priority of
your hardware authenc should be greater than (aes * 10 + hmac)
where aes is the priority of your hardware aes and hmac is the
priority of your hardware hmac.
Cheers,
--
Email: Herbert Xu <[email protected]>
Home Page: http://gondor.apana.org.au/~herbert/
PGP Key: http://gondor.apana.org.au/~herbert/pubkey.txt