> Introduction > ============ > > This patchset adds support for the DOCSIS protocol to the DPDK Security > API (rte_security), to be used by the AESNI-MB and QAT crypto devices to > combine and accelerate Crypto and CRC functions of the DOCSIS protocol > into a single operation. > > Performing these functions in parallel as a single operation can enable a > significant performance improvement in a DPDK-based DOCSIS MAC pipeline. > > > Background > ========== > > A number of approaches to combine DOCSIS Crypto and CRC functions have > been discussed in the DPDK community to date, namely: > 1) adding a new rte_accelerator API, to provide a generic interface for > combining operations of different types > 2) using rawdev through a multi-function interface, again to provide a > generic interface for combining operations of different types > 3) adding support for DOCSIS Crypto-CRC to rte_security > > The third option above is the preferred approach for the following > reasons: > - it addresses the immediate use case to add DOCSIS Crypto-CRC support to > DPDK so that it can be consumed easily by cable equipment vendors > - it uses an already existing framework in DPDK > - it will mean much less code churn in DOCSIS applications, which already > use rte_cryptodev for encryption/decryption > > > Use Cases > ========= > > The primary use case for this proposal has already been mentioned, namely > to add DOCSIS Crypto-CRC support to DPDK: > > - DOCSIS MAC: Crypto-CRC > - Order: > - Downstream: CRC, Encrypt > - Upstream: Decrypt, CRC > - Specifications: > - Crypto: 128-bit and 256-bit AES-CFB encryption variant > for DOCSIS as described in section 11.1 of DOCSIS 3.1 > Security Specification > > (https://eur01.safelinks.protection.outlook.com/?url=https%3A%2F%2Fapps.ca > blelabs.com%2Fspecification%2FCM-SP- > SECv3.1&data=02%7C01%7Cakhil.goyal%40nxp.com%7C39c59476749d4f5 > ec88a08d81f5153d0%7C686ea1d3bc2b4c6fa92cd99c5c301635%7C0%7C0%7C6 > 37293781444756595&sdata=W4YJl2bu8jsADjsLVDG2vXhYkOmbBhFY%2B4A > a47onVak%3D&reserved=0) > - CRC: Ethernet 32-bit CRC as defined in > Ethernet/[ISO/IEC 8802-3] > > Note that support for these chained operations is already available in > the Intel IPSec Multi-Buffer library. > > However, other DOCSIS protocol functions could be optimized too in the > future using the same rte_security API for DOCSIS (e.g. Header Checksum > (HCS) calculation). > > v4: > * addressed Akhil's comments regarding documentation > * made some code fixes > * fixed possible NULL pointer dereference when allocating security_ctx > in AESNI-MB and QAT PMDs > * freed security_ctx memory when exiting AESNI-MB and QAT PMDs > * added session IOVA verification update when creating security > sessions in QAT PMD > > v3: > * removed rte_security_op definition > * now using rte_crypto_sym_op->auth.data fields for CRC offset and > length as suggested by feedback from Akhil and Konstantin > * addressed Pablo's comments > * removed support for out-of-place for DOCSIS protocol from QAT PMD > * updated dpdk-crypto-perf-test tool for DOCSIS > * updated documentation > > v2: > * added rte_security and rte_cryptodev code changes > * added AESNI MB crypto PMD code changes > * added QAT SYM crypto PMD code changes > * added crypto unit tests > * added security unit tests > > v1: > * added proposed API changes > * added security capabilities to aesni_mb crypto PMD > > David Coyle (7): > security: add support for DOCSIS protocol > cryptodev: add a note regarding DOCSIS protocol support > crypto/aesni_mb: add support for DOCSIS protocol > crypto/qat: add support for DOCSIS protocol > test/crypto: add DOCSIS security test cases > test/security: add DOCSIS capability check tests > app/crypto-perf: add support for DOCSIS protocol > > app/test-crypto-perf/cperf_ops.c | 82 +- > app/test-crypto-perf/cperf_options.h | 5 +- > app/test-crypto-perf/cperf_options_parsing.c | 67 +- > app/test-crypto-perf/cperf_test_throughput.c | 3 +- > app/test-crypto-perf/cperf_test_vectors.c | 3 +- > app/test-crypto-perf/main.c | 5 +- > app/test-crypto-perf/meson.build | 2 +- > app/test/test_cryptodev.c | 513 ++++++ > ...t_cryptodev_security_docsis_test_vectors.h | 1544 +++++++++++++++++ > app/test/test_security.c | 88 + > doc/guides/cryptodevs/aesni_mb.rst | 8 + > doc/guides/cryptodevs/features/aesni_mb.ini | 1 + > doc/guides/cryptodevs/features/qat.ini | 1 + > doc/guides/cryptodevs/qat.rst | 7 + > doc/guides/prog_guide/rte_security.rst | 114 +- > doc/guides/rel_notes/release_20_08.rst | 21 + > doc/guides/tools/cryptoperf.rst | 5 + > drivers/common/qat/Makefile | 3 + > .../crypto/aesni_mb/aesni_mb_pmd_private.h | 19 +- > drivers/crypto/aesni_mb/meson.build | 2 +- > drivers/crypto/aesni_mb/rte_aesni_mb_pmd.c | 301 +++- > .../crypto/aesni_mb/rte_aesni_mb_pmd_ops.c | 125 ++ > drivers/crypto/qat/meson.build | 2 + > drivers/crypto/qat/qat_sym.c | 71 +- > drivers/crypto/qat/qat_sym.h | 62 +- > drivers/crypto/qat/qat_sym_capabilities.h | 42 + > drivers/crypto/qat/qat_sym_pmd.c | 61 +- > drivers/crypto/qat/qat_sym_pmd.h | 4 + > drivers/crypto/qat/qat_sym_session.c | 153 ++ > drivers/crypto/qat/qat_sym_session.h | 11 + > lib/librte_cryptodev/rte_crypto_sym.h | 14 + > lib/librte_security/rte_security.c | 5 + > lib/librte_security/rte_security.h | 38 + > 33 files changed, 3348 insertions(+), 34 deletions(-) > create mode 100644 app/test/test_cryptodev_security_docsis_test_vectors.h > Some modifications are done in the release notes while merging. Please check. Applied to dpdk-next-crypto
Thanks.
