[Babel-users] hmac merge

Dave Taht dave at taht.net
Mon Nov 12 23:42:10 GMT 2018 

Antonin Décimo <antonin.decimo at gmail.com> writes:

>>> I do have one objection to the codebase, in that it pulls in
>>> libgcrypt, ssl, and pthreads... about 5MB? of libs... for two hash
>>> functions.
>>
>> Yeah, we should just include an implementation of SHA-256 in the code.
>
> There's also the option of using the kernel crypto api.  We'd have
> something (hopefully correct), possibly hardware-accelerated.
> Linux and BSD expose different interfaces, of course.

Well... I'm watching the wireguard related churn over there... I think a
"hard" linux kernel dependency would be a PITA at the present time.

I am (based on all that stress testing I just did) very interested in
ways to not overwhelm low end routers from big ones. 

externally...

Much of the whole ebpf thing is driven by the big sites' needs to
intelligently drop and route packets. we certainly have that problem
here so long as most small cpus fall apart at below a gbit of traffic in
the first place. I'm kind of overfocused on my edgerouterx (4 cores) and
means to make that work better at the moment. It's a *good box*
otherwise.

I only began to think about hmac sunday and got off on the wrong foot.

I have not reviewed the babel spec as to any degree of "offloadability",
but certainly a lot of means exist. I was really impressed by the armv8
benchmarks for sha1 speedups, for example. Not sure if the armada 385 I
use has those extensions...

but I'd like to measure first tho, get a pps (or rps? "routes per
second?") figure for hmac on or off on various platforms, and then
decide to worry or not... after finding a good lib.

>
> From my tests, `LDFLAGS= -lcrypto` is enough.

ok. 

>
> Also, I wonder why the HMAC set of functions [1] from OpenSSL were not
> used.  Could they be applied here?

Sure. But jeeze, it's two hash functions with multiple pretty good
reference implementations. Less than 4k added to the basic babeld
binary, if that. no lib needed.

That said, I had figured when first looking this over that the
pentultimate intent was to do something with dtls. I don't know what
libs are best for that (am unfond of openssl... libsodium? nettle?
other?). Is it your branch or christofs that's got that the furthest along?

same goes for the pps/rps idea

>
>
> [1]: https://www.openssl.org/docs/manmaster/man3/HMAC.html
>
> -- Antonin
>
> _______________________________________________
> Babel-users mailing list
> Babel-users at alioth-lists.debian.net
> https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/babel-users

More information about the Babel-users mailing list