[dpdk-dev] [PATCH v4 0/7] add support for DOCSIS protocol
Akhil Goyal
akhil.goyal at nxp.com
Sat Jul 4 21:54:41 CEST 2020
> Introduction
> ============
>
> This patchset adds support for the DOCSIS protocol to the DPDK Security
> API (rte_security), to be used by the AESNI-MB and QAT crypto devices to
> combine and accelerate Crypto and CRC functions of the DOCSIS protocol
> into a single operation.
>
> Performing these functions in parallel as a single operation can enable a
> significant performance improvement in a DPDK-based DOCSIS MAC pipeline.
>
>
> Background
> ==========
>
> A number of approaches to combine DOCSIS Crypto and CRC functions have
> been discussed in the DPDK community to date, namely:
> 1) adding a new rte_accelerator API, to provide a generic interface for
> combining operations of different types
> 2) using rawdev through a multi-function interface, again to provide a
> generic interface for combining operations of different types
> 3) adding support for DOCSIS Crypto-CRC to rte_security
>
> The third option above is the preferred approach for the following
> reasons:
> - it addresses the immediate use case to add DOCSIS Crypto-CRC support to
> DPDK so that it can be consumed easily by cable equipment vendors
> - it uses an already existing framework in DPDK
> - it will mean much less code churn in DOCSIS applications, which already
> use rte_cryptodev for encryption/decryption
>
>
> Use Cases
> =========
>
> The primary use case for this proposal has already been mentioned, namely
> to add DOCSIS Crypto-CRC support to DPDK:
>
> - DOCSIS MAC: Crypto-CRC
> - Order:
> - Downstream: CRC, Encrypt
> - Upstream: Decrypt, CRC
> - Specifications:
> - Crypto: 128-bit and 256-bit AES-CFB encryption variant
> for DOCSIS as described in section 11.1 of DOCSIS 3.1
> Security Specification
>
> (https://eur01.safelinks.protection.outlook.com/?url=https%3A%2F%2Fapps.ca
> blelabs.com%2Fspecification%2FCM-SP-
> SECv3.1&data=02%7C01%7Cakhil.goyal%40nxp.com%7C39c59476749d4f5
> ec88a08d81f5153d0%7C686ea1d3bc2b4c6fa92cd99c5c301635%7C0%7C0%7C6
> 37293781444756595&sdata=W4YJl2bu8jsADjsLVDG2vXhYkOmbBhFY%2B4A
> a47onVak%3D&reserved=0)
> - CRC: Ethernet 32-bit CRC as defined in
> Ethernet/[ISO/IEC 8802-3]
>
> Note that support for these chained operations is already available in
> the Intel IPSec Multi-Buffer library.
>
> However, other DOCSIS protocol functions could be optimized too in the
> future using the same rte_security API for DOCSIS (e.g. Header Checksum
> (HCS) calculation).
>
> v4:
> * addressed Akhil's comments regarding documentation
> * made some code fixes
> * fixed possible NULL pointer dereference when allocating security_ctx
> in AESNI-MB and QAT PMDs
> * freed security_ctx memory when exiting AESNI-MB and QAT PMDs
> * added session IOVA verification update when creating security
> sessions in QAT PMD
>
> v3:
> * removed rte_security_op definition
> * now using rte_crypto_sym_op->auth.data fields for CRC offset and
> length as suggested by feedback from Akhil and Konstantin
> * addressed Pablo's comments
> * removed support for out-of-place for DOCSIS protocol from QAT PMD
> * updated dpdk-crypto-perf-test tool for DOCSIS
> * updated documentation
>
> v2:
> * added rte_security and rte_cryptodev code changes
> * added AESNI MB crypto PMD code changes
> * added QAT SYM crypto PMD code changes
> * added crypto unit tests
> * added security unit tests
>
> v1:
> * added proposed API changes
> * added security capabilities to aesni_mb crypto PMD
>
> David Coyle (7):
> security: add support for DOCSIS protocol
> cryptodev: add a note regarding DOCSIS protocol support
> crypto/aesni_mb: add support for DOCSIS protocol
> crypto/qat: add support for DOCSIS protocol
> test/crypto: add DOCSIS security test cases
> test/security: add DOCSIS capability check tests
> app/crypto-perf: add support for DOCSIS protocol
>
> app/test-crypto-perf/cperf_ops.c | 82 +-
> app/test-crypto-perf/cperf_options.h | 5 +-
> app/test-crypto-perf/cperf_options_parsing.c | 67 +-
> app/test-crypto-perf/cperf_test_throughput.c | 3 +-
> app/test-crypto-perf/cperf_test_vectors.c | 3 +-
> app/test-crypto-perf/main.c | 5 +-
> app/test-crypto-perf/meson.build | 2 +-
> app/test/test_cryptodev.c | 513 ++++++
> ...t_cryptodev_security_docsis_test_vectors.h | 1544 +++++++++++++++++
> app/test/test_security.c | 88 +
> doc/guides/cryptodevs/aesni_mb.rst | 8 +
> doc/guides/cryptodevs/features/aesni_mb.ini | 1 +
> doc/guides/cryptodevs/features/qat.ini | 1 +
> doc/guides/cryptodevs/qat.rst | 7 +
> doc/guides/prog_guide/rte_security.rst | 114 +-
> doc/guides/rel_notes/release_20_08.rst | 21 +
> doc/guides/tools/cryptoperf.rst | 5 +
> drivers/common/qat/Makefile | 3 +
> .../crypto/aesni_mb/aesni_mb_pmd_private.h | 19 +-
> drivers/crypto/aesni_mb/meson.build | 2 +-
> drivers/crypto/aesni_mb/rte_aesni_mb_pmd.c | 301 +++-
> .../crypto/aesni_mb/rte_aesni_mb_pmd_ops.c | 125 ++
> drivers/crypto/qat/meson.build | 2 +
> drivers/crypto/qat/qat_sym.c | 71 +-
> drivers/crypto/qat/qat_sym.h | 62 +-
> drivers/crypto/qat/qat_sym_capabilities.h | 42 +
> drivers/crypto/qat/qat_sym_pmd.c | 61 +-
> drivers/crypto/qat/qat_sym_pmd.h | 4 +
> drivers/crypto/qat/qat_sym_session.c | 153 ++
> drivers/crypto/qat/qat_sym_session.h | 11 +
> lib/librte_cryptodev/rte_crypto_sym.h | 14 +
> lib/librte_security/rte_security.c | 5 +
> lib/librte_security/rte_security.h | 38 +
> 33 files changed, 3348 insertions(+), 34 deletions(-)
> create mode 100644 app/test/test_cryptodev_security_docsis_test_vectors.h
>
Some modifications are done in the release notes while merging. Please check.
Applied to dpdk-next-crypto
Thanks.
More information about the dev
mailing list