mbox series

[v2,0/6] add support for DOCSIS protocol

Message ID 20200623101423.9215-1-david.coyle@intel.com (mailing list archive)
Headers
Series add support for DOCSIS protocol |

Message

Coyle, David June 23, 2020, 10:14 a.m. UTC
Introduction
============

This patchset adds support for the DOCSIS protocol to the DPDK Security
API (rte_security), to be used by the AESNI-MB and QAT crypto devices to
combine and accelerate Crypto and CRC functions of the DOCSIS protocol
into a single operation.

Performing these functions in parallel as a single operation can enable a
significant performance improvement in a DPDK-based DOCSIS MAC pipeline.


Background
==========

A number of approaches to combine DOCSIS Crypto and CRC functions have
been discussed in the DPDK community to date, namely:
1) adding a new rte_accelerator API, to provide a generic interface for
   combining operations of different types
2) using rawdev through a multi-function interface, again to provide a
   generic interface for combining operations of different types
3) adding support for DOCSIS Crypto-CRC to rte_security

The third option above is the preferred approach for the following
reasons:
- it addresses the immediate use case to add DOCSIS Crypto-CRC support to
  DPDK so that it can be consumed easily by cable equipment vendors
- it uses an already existing framework in DPDK
- it will mean much less code churn in DOCSIS applications, which already
  use rte_cryptodev for encryption/decryption


Use Cases
=========

The primary use case for this proposal has already been mentioned, namely
to add DOCSIS Crypto-CRC support to DPDK:

- DOCSIS MAC: Crypto-CRC
	- Order:
		- Downstream: CRC, Encrypt
		- Upstream: Decrypt, CRC
	- Specifications:
		- Crypto: 128-bit and 256-bit AES-CFB encryption variant
		  for DOCSIS as described in section 11.1 of DOCSIS 3.1
		  Security Specification
		  (https://apps.cablelabs.com/specification/CM-SP-SECv3.1)
		- CRC: Ethernet 32-bit CRC as defined in
		  Ethernet/[ISO/IEC 8802-3]

Note that support for these chained operations is already available in
the Intel IPSec Multi-Buffer library.

However, other DOCSIS protocol functions could be optimized too in the
future using the same rte_security API for DOCSIS (e.g. Header Checksum
(HCS) calculation).

v1:
* added proposed API changes
* added security capabilities to aesni_mb crypto PMD

v2:
* added rte_security and rte_cryptodev code changes
* added AESNI MB crypto PMD code changes
* added QAT SYM crypto PMD code changes
* added crypto unit tests
* added security unit tests

David Coyle (6):
  cryptodev: add security operation to crypto operation
  security: add support for DOCSIS protocol
  crypto/aesni_mb: add support for DOCSIS protocol
  crypto/qat: add support for DOCSIS protocol
  test/crypto: add DOCSIS security test cases
  test/security: add DOCSIS capability check tests

 app/test/test_cryptodev.c                     |  552 ++++++
 ...t_cryptodev_security_docsis_test_vectors.h | 1544 +++++++++++++++++
 app/test/test_security.c                      |  139 ++
 drivers/common/qat/Makefile                   |    3 +
 .../crypto/aesni_mb/aesni_mb_pmd_private.h    |   19 +-
 drivers/crypto/aesni_mb/meson.build           |    2 +-
 drivers/crypto/aesni_mb/rte_aesni_mb_pmd.c    |  316 +++-
 .../crypto/aesni_mb/rte_aesni_mb_pmd_ops.c    |  127 ++
 drivers/crypto/qat/meson.build                |    2 +
 drivers/crypto/qat/qat_sym.c                  |  139 +-
 drivers/crypto/qat/qat_sym.h                  |   82 +-
 drivers/crypto/qat/qat_sym_capabilities.h     |   44 +
 drivers/crypto/qat/qat_sym_pmd.c              |   53 +-
 drivers/crypto/qat/qat_sym_pmd.h              |    4 +
 drivers/crypto/qat/qat_sym_session.c          |  148 ++
 drivers/crypto/qat/qat_sym_session.h          |   12 +
 lib/librte_cryptodev/rte_crypto.h             |   19 +-
 lib/librte_cryptodev/rte_cryptodev.c          |    5 +-
 lib/librte_security/rte_security.c            |    7 +
 lib/librte_security/rte_security.h            |  116 +-
 20 files changed, 3271 insertions(+), 62 deletions(-)
 create mode 100644 app/test/test_cryptodev_security_docsis_test_vectors.h
  

Comments

David Marchand June 23, 2020, 2:51 p.m. UTC | #1
On Tue, Jun 23, 2020 at 12:36 PM David Coyle <david.coyle@intel.com> wrote:
> A number of approaches to combine DOCSIS Crypto and CRC functions have
> been discussed in the DPDK community to date, namely:
> 1) adding a new rte_accelerator API, to provide a generic interface for
>    combining operations of different types
> 2) using rawdev through a multi-function interface, again to provide a
>    generic interface for combining operations of different types
> 3) adding support for DOCSIS Crypto-CRC to rte_security
>
> The third option above is the preferred approach for the following
> reasons:
> - it addresses the immediate use case to add DOCSIS Crypto-CRC support to
>   DPDK so that it can be consumed easily by cable equipment vendors
> - it uses an already existing framework in DPDK
> - it will mean much less code churn in DOCSIS applications, which already
>   use rte_cryptodev for encryption/decryption

I guess https://patchwork.dpdk.org/project/dpdk/list/?series=9304 can
be marked Superseded then.
Thanks.
  
Coyle, David June 23, 2020, 3:18 p.m. UTC | #2
> -----Original Message-----
> From: David Marchand <david.marchand@redhat.com>
> Sent: Tuesday, June 23, 2020 3:52 PM
> 
> > A number of approaches to combine DOCSIS Crypto and CRC functions
> have
> > been discussed in the DPDK community to date, namely:
> > 1) adding a new rte_accelerator API, to provide a generic interface for
> >    combining operations of different types
> > 2) using rawdev through a multi-function interface, again to provide a
> >    generic interface for combining operations of different types
> > 3) adding support for DOCSIS Crypto-CRC to rte_security
> >
> > The third option above is the preferred approach for the following
> > reasons:
> > - it addresses the immediate use case to add DOCSIS Crypto-CRC support to
> >   DPDK so that it can be consumed easily by cable equipment vendors
> > - it uses an already existing framework in DPDK
> > - it will mean much less code churn in DOCSIS applications, which already
> >   use rte_cryptodev for encryption/decryption
> 
> I guess https://patchwork.dpdk.org/project/dpdk/list/?series=9304 can be
> marked Superseded then.
> Thanks.

[DC] Yes it can - I have tried to set it to Superseded but don't have permissions to
do that - guess one of the Maintainers needs to do that.
> 
> --
> David Marchand
  
David Marchand June 23, 2020, 3:38 p.m. UTC | #3
On Tue, Jun 23, 2020 at 5:18 PM Coyle, David <david.coyle@intel.com> wrote:
> > I guess https://patchwork.dpdk.org/project/dpdk/list/?series=9304 can be
> > marked Superseded then.
> > Thanks.
>
> [DC] Yes it can - I have tried to set it to Superseded but don't have permissions to
> do that - guess one of the Maintainers needs to do that.

You need to be logged in patchwork and have the same mail address that
sent the series attached to your account.
  
Coyle, David June 23, 2020, 3:56 p.m. UTC | #4
> -----Original Message-----
> From: David Marchand <david.marchand@redhat.com>
> Sent: Tuesday, June 23, 2020 4:39 PM
> > > I guess https://patchwork.dpdk.org/project/dpdk/list/?series=9304
> > > can be marked Superseded then.
> > > Thanks.
> >
> > [DC] Yes it can - I have tried to set it to Superseded but don't have
> > permissions to do that - guess one of the Maintainers needs to do that.
> 
> You need to be logged in patchwork and have the same mail address that
> sent the series attached to your account.
> 
[DC] I have tried attach my email address to my account but I think Intel has some
blocker on emails coming from patchwork, so I'm not receiving the confirmation email.
This same problem with emails getting blocked also hit me before when I originally signed
up to patchwork.

Thanks for the info on this btw.
  
David Marchand June 23, 2020, 4:22 p.m. UTC | #5
On Tue, Jun 23, 2020 at 5:56 PM Coyle, David <david.coyle@intel.com> wrote:
>
> > -----Original Message-----
> > From: David Marchand <david.marchand@redhat.com>
> > Sent: Tuesday, June 23, 2020 4:39 PM
> > > > I guess https://patchwork.dpdk.org/project/dpdk/list/?series=9304
> > > > can be marked Superseded then.
> > > > Thanks.
> > >
> > > [DC] Yes it can - I have tried to set it to Superseded but don't have
> > > permissions to do that - guess one of the Maintainers needs to do that.
> >
> > You need to be logged in patchwork and have the same mail address that
> > sent the series attached to your account.
> >
> [DC] I have tried attach my email address to my account but I think Intel has some
> blocker on emails coming from patchwork, so I'm not receiving the confirmation email.
> This same problem with emails getting blocked also hit me before when I originally signed
> up to patchwork.

I saw some offlist exchanges about this.
It might be the right time to push your IT about this issue :-).

I marked the series as superseded.
  
Coyle, David June 23, 2020, 4:27 p.m. UTC | #6
> -----Original Message-----
> From: David Marchand <david.marchand@redhat.com>
> Sent: Tuesday, June 23, 2020 5:22 PM
> To: Coyle, David <david.coyle@intel.com>
> > > > > I guess
> > > > > https://patchwork.dpdk.org/project/dpdk/list/?series=9304
> > > > > can be marked Superseded then.
> > > > > Thanks.
> > > >
> > > > [DC] Yes it can - I have tried to set it to Superseded but don't
> > > > have permissions to do that - guess one of the Maintainers needs to do
> that.
> > >
> > > You need to be logged in patchwork and have the same mail address
> > > that sent the series attached to your account.
> > >
> > [DC] I have tried attach my email address to my account but I think
> > Intel has some blocker on emails coming from patchwork, so I'm not
> receiving the confirmation email.
> > This same problem with emails getting blocked also hit me before when
> > I originally signed up to patchwork.
> 
> I saw some offlist exchanges about this.
> It might be the right time to push your IT about this issue :-).
[DC] I think you are right - I will try get this resolved.
> 
> I marked the series as superseded.
[DC] Thank you for doing that and apologies for the inconvenience.