[dpdk-dev] [PATCH v3 0/8] add support for DOCSIS protocol

From: David Coyle <david.coyle@intel.com>
To: akhil.goyal@nxp.com, declan.doherty@intel.com,
	pablo.de.lara.guarch@intel.com, fiona.trahe@intel.com,
	roy.fan.zhang@intel.com, konstantin.ananyev@intel.com
Cc: dev@dpdk.org, thomas@monjalon.net, ferruh.yigit@intel.com,
	brendan.ryan@intel.com, hemant.agrawal@nxp.com,
	anoobj@marvell.com, ruifeng.wang@arm.com, lironh@marvell.com,
	rnagadheeraj@marvell.com, jsrikanth@marvell.com, G.Singh@nxp.com,
	jianjay.zhou@huawei.com, ravi1.kumar@amd.com,
	bruce.richardson@intel.com, olivier.matz@6wind.com,
	honnappa.nagarahalli@arm.com, stephen@networkplumber.org,
	alexr@mellanox.com, jerinj@marvell.com,
	David Coyle <david.coyle@intel.com>
Subject: [dpdk-dev] [PATCH v3 0/8] add support for DOCSIS protocol
Date: Tue, 30 Jun 2020 17:30:41 +0100	[thread overview]
Message-ID: <20200630163049.61900-1-david.coyle@intel.com> (raw)
In-Reply-To: <20200623101423.9215-1-david.coyle@intel.com>

Introduction
============

This patchset adds support for the DOCSIS protocol to the DPDK Security
API (rte_security), to be used by the AESNI-MB and QAT crypto devices to
combine and accelerate Crypto and CRC functions of the DOCSIS protocol
into a single operation.

Performing these functions in parallel as a single operation can enable a
significant performance improvement in a DPDK-based DOCSIS MAC pipeline.

Background
==========

A number of approaches to combine DOCSIS Crypto and CRC functions have
been discussed in the DPDK community to date, namely:
1) adding a new rte_accelerator API, to provide a generic interface for
   combining operations of different types
2) using rawdev through a multi-function interface, again to provide a
   generic interface for combining operations of different types
3) adding support for DOCSIS Crypto-CRC to rte_security

The third option above is the preferred approach for the following
reasons:
- it addresses the immediate use case to add DOCSIS Crypto-CRC support to
  DPDK so that it can be consumed easily by cable equipment vendors
- it uses an already existing framework in DPDK
- it will mean much less code churn in DOCSIS applications, which already
  use rte_cryptodev for encryption/decryption

Use Cases
=========

The primary use case for this proposal has already been mentioned, namely
to add DOCSIS Crypto-CRC support to DPDK:

- DOCSIS MAC: Crypto-CRC
	- Order:
		- Downstream: CRC, Encrypt
		- Upstream: Decrypt, CRC
	- Specifications:
		- Crypto: 128-bit and 256-bit AES-CFB encryption variant
		  for DOCSIS as described in section 11.1 of DOCSIS 3.1
		  Security Specification
		  (https://apps.cablelabs.com/specification/CM-SP-SECv3.1)
		- CRC: Ethernet 32-bit CRC as defined in
		  Ethernet/[ISO/IEC 8802-3]

Note that support for these chained operations is already available in
the Intel IPSec Multi-Buffer library.

However, other DOCSIS protocol functions could be optimized too in the
future using the same rte_security API for DOCSIS (e.g. Header Checksum
(HCS) calculation).

v3:
* removed rte_security_op definition
  * now using rte_crypto_sym_op->auth.data fields for CRC offset and
    length as suggested by feedback from Akhil and Konstantin
* addressed Pablo's comments
* removed support for out-of-place for DOCSIS protocol from QAT PMD
* updated dpdk-crypto-perf-test tool for DOCSIS
* updated documentation

v2:
* added rte_security and rte_cryptodev code changes
* added AESNI MB crypto PMD code changes
* added QAT SYM crypto PMD code changes
* added crypto unit tests
* added security unit tests

v1:
* added proposed API changes
* added security capabilities to aesni_mb crypto PMD

David Coyle (8):
  security: add support for DOCSIS protocol
  cryptodev: add a note regarding DOCSIS protocol support
  crypto/aesni_mb: add support for DOCSIS protocol
  crypto/qat: add support for DOCSIS protocol
  test/crypto: add DOCSIS security test cases
  test/security: add DOCSIS capability check tests
  app/crypto-perf: add support for DOCSIS protocol
  doc: add doc updates for DOCSIS security protocol

 app/test-crypto-perf/cperf_ops.c              |   82 +-
 app/test-crypto-perf/cperf_options.h          |    5 +-
 app/test-crypto-perf/cperf_options_parsing.c  |   67 +-
 app/test-crypto-perf/cperf_test_throughput.c  |    3 +-
 app/test-crypto-perf/cperf_test_vectors.c     |    3 +-
 app/test-crypto-perf/main.c                   |    5 +-
 app/test-crypto-perf/meson.build              |    2 +-
 app/test/test_cryptodev.c                     |  513 ++++++
 ...t_cryptodev_security_docsis_test_vectors.h | 1544 +++++++++++++++++
 app/test/test_security.c                      |   88 +
 doc/guides/cryptodevs/aesni_mb.rst            |    8 +
 doc/guides/cryptodevs/features/aesni_mb.ini   |    1 +
 doc/guides/cryptodevs/features/qat.ini        |    1 +
 doc/guides/cryptodevs/qat.rst                 |    7 +
 doc/guides/prog_guide/rte_security.rst        |  114 +-
 doc/guides/rel_notes/release_20_08.rst        |   16 +
 doc/guides/tools/cryptoperf.rst               |    5 +
 drivers/common/qat/Makefile                   |    3 +
 .../crypto/aesni_mb/aesni_mb_pmd_private.h    |   19 +-
 drivers/crypto/aesni_mb/meson.build           |    2 +-
 drivers/crypto/aesni_mb/rte_aesni_mb_pmd.c    |  293 +++-
 .../crypto/aesni_mb/rte_aesni_mb_pmd_ops.c    |  125 ++
 drivers/crypto/qat/meson.build                |    2 +
 drivers/crypto/qat/qat_sym.c                  |   70 +-
 drivers/crypto/qat/qat_sym.h                  |   69 +-
 drivers/crypto/qat/qat_sym_capabilities.h     |   42 +
 drivers/crypto/qat/qat_sym_pmd.c              |   53 +-
 drivers/crypto/qat/qat_sym_pmd.h              |    4 +
 drivers/crypto/qat/qat_sym_session.c          |  146 ++
 drivers/crypto/qat/qat_sym_session.h          |   12 +
 lib/librte_cryptodev/rte_crypto_sym.h         |   14 +
 lib/librte_security/rte_security.c            |    5 +
 lib/librte_security/rte_security.h            |   38 +
 33 files changed, 3328 insertions(+), 33 deletions(-)
 create mode 100644 app/test/test_cryptodev_security_docsis_test_vectors.h

-- 
2.17.1