* [PATCH] cryptodev: enable BPI for Cablelabs DOCSIS security spec
@ 2017-01-18 15:04 Fiona Trahe
2017-02-23 14:02 ` [PATCH v2] " Pablo de Lara
0 siblings, 1 reply; 4+ messages in thread
From: Fiona Trahe @ 2017-01-18 15:04 UTC (permalink / raw)
To: dev; +Cc: deepak.k.jain, pablo.de.lara.guarch, fiona.trahe
Extend the DPDK cryptodev API to enable processing of packets according
to the Baseline Privacy Interface Plus (BPI+) Specification described in
the security specification of the Cablelabs Data-over-Cable Service
Interface Specification (DOCSIS).
Brief summary of BPI+ symmetric cryptography requirements:
BPI+ cryptography uses a block cipher (AES-CBC/DES-CBC) to encrypt/decrypt
all the whole blocks in the packet. However the data length is not always
a block-multiple, so where there is a final block less than the full block
size this residual block requires special handling using AES-CFB/DES-CFB
mode. Similar special handling is specified where there is only one block,
smaller than the block size for the cipher. See spec for further details.
https://apps.cablelabs.com/specification/docsis-3-1-security-specification/
Two new elements are added to the enum rte_crypto_cipher_algorithm.
Note elements of this enum are actually a combination of an algorithm (AES,
3DES, etc) and mode (CBC, CTR, etc). The new DOCSISBPI mode is used to
convey to the PMD that the mode applied should be the specific combination
of CBC and CFB required by the DOCSIS Baseline Privacy Plus Spec.
Signed-off-by: Fiona Trahe <fiona.trahe@intel.com>
---
This patch is targeted at dpdk 17.05 release - pushing API early to give
people a chance to comment. PMD patches implementing this are expected
later in the 17.05 release cycle.
lib/librte_cryptodev/rte_crypto_sym.h | 10 +++++++++-
1 file changed, 9 insertions(+), 1 deletion(-)
diff --git a/lib/librte_cryptodev/rte_crypto_sym.h b/lib/librte_cryptodev/rte_crypto_sym.h
index 0e20b30..c25c09c 100644
--- a/lib/librte_cryptodev/rte_crypto_sym.h
+++ b/lib/librte_cryptodev/rte_crypto_sym.h
@@ -108,7 +108,17 @@ enum rte_crypto_cipher_algorithm {
RTE_CRYPTO_CIPHER_DES_CBC,
/**< DES algorithm in CBC mode */
- RTE_CRYPTO_CIPHER_LIST_END
+ RTE_CRYPTO_CIPHER_DES_DOCSISBPI,
+ /**< DES algorithm using modes required by
+ * DOCSIS Baseline Privacy Plus Spec.
+ */
+
+ RTE_CRYPTO_CIPHER_AES_DOCSISBPI,
+ /**< AES algorithm using modes required by
+ * DOCSIS Baseline Privacy Plus Spec.
+ */
+
+ RTE_CRYPTO_CIPHER_LIST_END
};
--
2.5.0
^ permalink raw reply related [flat|nested] 4+ messages in thread
* [PATCH v2] cryptodev: enable BPI for Cablelabs DOCSIS security spec
2017-01-18 15:04 [PATCH] cryptodev: enable BPI for Cablelabs DOCSIS security spec Fiona Trahe
@ 2017-02-23 14:02 ` Pablo de Lara
2017-02-27 21:10 ` Jain, Deepak K
2017-03-06 16:47 ` De Lara Guarch, Pablo
0 siblings, 2 replies; 4+ messages in thread
From: Pablo de Lara @ 2017-02-23 14:02 UTC (permalink / raw)
To: declan.doherty, fiona.trahe; +Cc: dev, Pablo de Lara
Extend the DPDK cryptodev API to enable processing of packets according
to the Baseline Privacy Interface Plus (BPI+) Specification described in
the security specification of the Cablelabs Data-over-Cable Service
Interface Specification (DOCSIS).
Brief summary of BPI+ symmetric cryptography requirements:
BPI+ cryptography uses a block cipher (AES-CBC/DES-CBC) to encrypt/decrypt
all the whole blocks in the packet. However the data length is not always
a block-multiple, so where there is a final block less than the full block
size this residual block requires special handling using AES-CFB/DES-CFB
mode. Similar special handling is specified where there is only one block,
smaller than the block size for the cipher. See spec for further details.
https://apps.cablelabs.com/specification/docsis-3-1-security-specification/
Two new elements are added to the enum rte_crypto_cipher_algorithm.
Note elements of this enum are actually a combination of an algorithm (AES,
3DES, etc) and mode (CBC, CTR, etc). The new DOCSISBPI mode is used to
convey to the PMD that the mode applied should be the specific combination
of CBC and CFB required by the DOCSIS Baseline Privacy Plus Spec.
Signed-off-by: Fiona Trahe <fiona.trahe@intel.com>
Signed-off-by: Pablo de Lara <pablo.de.lara.guarch@intel.com>
---
Changes in v2:
- Changed order of algorithms to be alphabetically ordered between themselves
- Added strings for the algorithms
lib/librte_cryptodev/rte_crypto_sym.h | 10 ++++++++++
lib/librte_cryptodev/rte_cryptodev.c | 2 ++
2 files changed, 12 insertions(+)
diff --git a/lib/librte_cryptodev/rte_crypto_sym.h b/lib/librte_cryptodev/rte_crypto_sym.h
index c782588..4d5459f 100644
--- a/lib/librte_cryptodev/rte_crypto_sym.h
+++ b/lib/librte_cryptodev/rte_crypto_sym.h
@@ -108,6 +108,16 @@ enum rte_crypto_cipher_algorithm {
RTE_CRYPTO_CIPHER_DES_CBC,
/**< DES algorithm in CBC mode */
+ RTE_CRYPTO_CIPHER_AES_DOCSISBPI,
+ /**< AES algorithm using modes required by
+ * DOCSIS Baseline Privacy Plus Spec.
+ */
+
+ RTE_CRYPTO_CIPHER_DES_DOCSISBPI,
+ /**< DES algorithm using modes required by
+ * DOCSIS Baseline Privacy Plus Spec.
+ */
+
RTE_CRYPTO_CIPHER_LIST_END
};
diff --git a/lib/librte_cryptodev/rte_cryptodev.c b/lib/librte_cryptodev/rte_cryptodev.c
index f15f65b..0ac23ed 100644
--- a/lib/librte_cryptodev/rte_cryptodev.c
+++ b/lib/librte_cryptodev/rte_cryptodev.c
@@ -126,6 +126,7 @@ rte_crypto_cipher_algorithm_strings[] = {
[RTE_CRYPTO_CIPHER_AES_CBC] = "aes-cbc",
[RTE_CRYPTO_CIPHER_AES_CCM] = "aes-ccm",
[RTE_CRYPTO_CIPHER_AES_CTR] = "aes-ctr",
+ [RTE_CRYPTO_CIPHER_AES_DOCSISBPI] = "aes-docsisbpi",
[RTE_CRYPTO_CIPHER_AES_ECB] = "aes-ecb",
[RTE_CRYPTO_CIPHER_AES_GCM] = "aes-gcm",
[RTE_CRYPTO_CIPHER_AES_F8] = "aes-f8",
@@ -134,6 +135,7 @@ rte_crypto_cipher_algorithm_strings[] = {
[RTE_CRYPTO_CIPHER_ARC4] = "arc4",
[RTE_CRYPTO_CIPHER_DES_CBC] = "des-cbc",
+ [RTE_CRYPTO_CIPHER_DES_DOCSISBPI] = "des-docsisbpi",
[RTE_CRYPTO_CIPHER_NULL] = "null",
--
2.7.4
^ permalink raw reply related [flat|nested] 4+ messages in thread
* Re: [PATCH v2] cryptodev: enable BPI for Cablelabs DOCSIS security spec
2017-02-23 14:02 ` [PATCH v2] " Pablo de Lara
@ 2017-02-27 21:10 ` Jain, Deepak K
2017-03-06 16:47 ` De Lara Guarch, Pablo
1 sibling, 0 replies; 4+ messages in thread
From: Jain, Deepak K @ 2017-02-27 21:10 UTC (permalink / raw)
To: De Lara Guarch, Pablo, Doherty, Declan, Trahe, Fiona
Cc: dev, De Lara Guarch, Pablo
> -----Original Message-----
> From: dev [mailto:dev-bounces@dpdk.org] On Behalf Of Pablo de Lara
> Sent: Thursday, February 23, 2017 2:03 PM
> To: Doherty, Declan <declan.doherty@intel.com>; Trahe, Fiona
> <fiona.trahe@intel.com>
> Cc: dev@dpdk.org; De Lara Guarch, Pablo <pablo.de.lara.guarch@intel.com>
> Subject: [dpdk-dev] [PATCH v2] cryptodev: enable BPI for Cablelabs DOCSIS
> security spec
>
> Extend the DPDK cryptodev API to enable processing of packets according to
> the Baseline Privacy Interface Plus (BPI+) Specification described in the
> security specification of the Cablelabs Data-over-Cable Service Interface
> Specification (DOCSIS).
>
> Two new elements are added to the enum rte_crypto_cipher_algorithm.
> Note elements of this enum are actually a combination of an algorithm (AES,
> 3DES, etc) and mode (CBC, CTR, etc). The new DOCSISBPI mode is used to
> convey to the PMD that the mode applied should be the specific combination
> of CBC and CFB required by the DOCSIS Baseline Privacy Plus Spec.
>
> Signed-off-by: Fiona Trahe <fiona.trahe@intel.com>
> Signed-off-by: Pablo de Lara <pablo.de.lara.guarch@intel.com>
> ---
> 2.7.4
Acked-by: Deepak Kumar Jain <deepak.k.jain@intel.com>
^ permalink raw reply [flat|nested] 4+ messages in thread
* Re: [PATCH v2] cryptodev: enable BPI for Cablelabs DOCSIS security spec
2017-02-23 14:02 ` [PATCH v2] " Pablo de Lara
2017-02-27 21:10 ` Jain, Deepak K
@ 2017-03-06 16:47 ` De Lara Guarch, Pablo
1 sibling, 0 replies; 4+ messages in thread
From: De Lara Guarch, Pablo @ 2017-03-06 16:47 UTC (permalink / raw)
To: Doherty, Declan, Trahe, Fiona; +Cc: dev
> -----Original Message-----
> From: De Lara Guarch, Pablo
> Sent: Thursday, February 23, 2017 2:03 PM
> To: Doherty, Declan; Trahe, Fiona
> Cc: dev@dpdk.org; De Lara Guarch, Pablo
> Subject: [PATCH v2] cryptodev: enable BPI for Cablelabs DOCSIS security
> spec
>
> Extend the DPDK cryptodev API to enable processing of packets according
> to the Baseline Privacy Interface Plus (BPI+) Specification described in
> the security specification of the Cablelabs Data-over-Cable Service
> Interface Specification (DOCSIS).
>
> Brief summary of BPI+ symmetric cryptography requirements:
> BPI+ cryptography uses a block cipher (AES-CBC/DES-CBC) to
> encrypt/decrypt
> all the whole blocks in the packet. However the data length is not always
> a block-multiple, so where there is a final block less than the full block
> size this residual block requires special handling using AES-CFB/DES-CFB
> mode. Similar special handling is specified where there is only one block,
> smaller than the block size for the cipher. See spec for further details.
> https://apps.cablelabs.com/specification/docsis-3-1-security-specification/
>
> Two new elements are added to the enum rte_crypto_cipher_algorithm.
> Note elements of this enum are actually a combination of an algorithm
> (AES,
> 3DES, etc) and mode (CBC, CTR, etc). The new DOCSISBPI mode is used to
> convey to the PMD that the mode applied should be the specific
> combination
> of CBC and CFB required by the DOCSIS Baseline Privacy Plus Spec.
>
> Signed-off-by: Fiona Trahe <fiona.trahe@intel.com>
> Signed-off-by: Pablo de Lara <pablo.de.lara.guarch@intel.com>
Applied to dpdk-next-crypto.
Thanks,
Pablo
^ permalink raw reply [flat|nested] 4+ messages in thread
end of thread, other threads:[~2017-03-06 16:47 UTC | newest]
Thread overview: 4+ messages (download: mbox.gz / follow: Atom feed)
-- links below jump to the message on this page --
2017-01-18 15:04 [PATCH] cryptodev: enable BPI for Cablelabs DOCSIS security spec Fiona Trahe
2017-02-23 14:02 ` [PATCH v2] " Pablo de Lara
2017-02-27 21:10 ` Jain, Deepak K
2017-03-06 16:47 ` De Lara Guarch, Pablo
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.