Introduction
============
This patchset adds support for the DOCSIS protocol to the DPDK Security
API (rte_security), to be used by the AESNI-MB and QAT crypto devices to
combine and accelerate Crypto and CRC functions of the DOCSIS protocol
into a single operation.
Performing these functions in parallel as a single operation can enable a
significant performance improvement in a DPDK-based DOCSIS MAC pipeline.
Background
==========
A number of approaches to combine DOCSIS Crypto and CRC functions have
been discussed in the DPDK community to date, namely:
1) adding a new rte_accelerator API, to provide a generic interface for
combining operations of different types
2) using rawdev through a multi-function interface, again to provide a
generic interface for combining operations of different types
3) adding support for DOCSIS Crypto-CRC to rte_security
The third option above is the preferred approach for the following
reasons:
- it addresses the immediate use case to add DOCSIS Crypto-CRC support to
DPDK so that it can be consumed easily by cable equipment vendors
- it uses an already existing framework in DPDK
- it will mean much less code churn in DOCSIS applications, which already
use rte_cryptodev for encryption/decryption
Use Cases
=========
The primary use case for this proposal has already been mentioned, namely
to add DOCSIS Crypto-CRC support to DPDK:
- DOCSIS MAC: Crypto-CRC
- Order:
- Downstream: CRC, Encrypt
- Upstream: Decrypt, CRC
- Specifications:
- Crypto: 128-bit and 256-bit AES-CFB encryption variant
for DOCSIS as described in section 11.1 of DOCSIS 3.1
Security Specification
(https://apps.cablelabs.com/specification/CM-SP-SECv3.1)
- CRC: Ethernet 32-bit CRC as defined in
Ethernet/[ISO/IEC 8802-3]
Note that support for these chained operations is already available in
the Intel IPSec Multi-Buffer library.
However, other DOCSIS protocol functions could be optimized too in the
future using the same rte_security API for DOCSIS (e.g. Header Checksum
(HCS) calculation).
v1:
* added proposed API changes
* added security capabilities to aesni_mb crypto PMD
v2:
* added rte_security and rte_cryptodev code changes
* added AESNI MB crypto PMD code changes
* added QAT SYM crypto PMD code changes
* added crypto unit tests
* added security unit tests
David Coyle (6):
cryptodev: add security operation to crypto operation
security: add support for DOCSIS protocol
crypto/aesni_mb: add support for DOCSIS protocol
crypto/qat: add support for DOCSIS protocol
test/crypto: add DOCSIS security test cases
test/security: add DOCSIS capability check tests
app/test/test_cryptodev.c | 552 ++++++
...t_cryptodev_security_docsis_test_vectors.h | 1544 +++++++++++++++++
app/test/test_security.c | 139 ++
drivers/common/qat/Makefile | 3 +
.../crypto/aesni_mb/aesni_mb_pmd_private.h | 19 +-
drivers/crypto/aesni_mb/meson.build | 2 +-
drivers/crypto/aesni_mb/rte_aesni_mb_pmd.c | 316 +++-
.../crypto/aesni_mb/rte_aesni_mb_pmd_ops.c | 127 ++
drivers/crypto/qat/meson.build | 2 +
drivers/crypto/qat/qat_sym.c | 139 +-
drivers/crypto/qat/qat_sym.h | 82 +-
drivers/crypto/qat/qat_sym_capabilities.h | 44 +
drivers/crypto/qat/qat_sym_pmd.c | 53 +-
drivers/crypto/qat/qat_sym_pmd.h | 4 +
drivers/crypto/qat/qat_sym_session.c | 148 ++
drivers/crypto/qat/qat_sym_session.h | 12 +
lib/librte_cryptodev/rte_crypto.h | 19 +-
lib/librte_cryptodev/rte_cryptodev.c | 5 +-
lib/librte_security/rte_security.c | 7 +
lib/librte_security/rte_security.h | 116 +-
20 files changed, 3271 insertions(+), 62 deletions(-)
create mode 100644 app/test/test_cryptodev_security_docsis_test_vectors.h
--
2.17.1
