From mboxrd@z Thu Jan  1 00:00:00 1970
Return-Path: <dev-bounces@dpdk.org>
Received: from dpdk.org (dpdk.org [92.243.14.124])
	by inbox.dpdk.org (Postfix) with ESMTP id 4C1FDA00C4;
	Thu,  4 Jun 2020 17:32:57 +0200 (CEST)
Received: from [92.243.14.124] (localhost [127.0.0.1])
	by dpdk.org (Postfix) with ESMTP id 5CCB31D5DA;
	Thu,  4 Jun 2020 17:32:56 +0200 (CEST)
Received: from mga06.intel.com (mga06.intel.com [134.134.136.31])
 by dpdk.org (Postfix) with ESMTP id A4A681D5D8
 for <dev@dpdk.org>; Thu,  4 Jun 2020 17:32:54 +0200 (CEST)
IronPort-SDR: MJZ3viTRlIsnA0dmUVEtc8vUOZr4XPaMIumM5NhHct9A2Y3wwuoUa73p9pn7FImoNKhaUEFCPo
 /SuE166ASeqg==
X-Amp-Result: SKIPPED(no attachment in message)
X-Amp-File-Uploaded: False
Received: from orsmga005.jf.intel.com ([10.7.209.41])
 by orsmga104.jf.intel.com with ESMTP/TLS/ECDHE-RSA-AES256-GCM-SHA384;
 04 Jun 2020 08:32:53 -0700
IronPort-SDR: cDjFMlKgcuO+kAICZpxGkCOVT8EHtJCbsQ0K2HUUUta33fw37OQdUxQmNFcEXrWHpHnFDWNR8Q
 Oy0G4e4LDqlg==
X-ExtLoop1: 1
X-IronPort-AV: E=Sophos;i="5.73,472,1583222400"; d="scan'208";a="445542648"
Received: from silpixa00399912.ir.intel.com (HELO
 silpixa00399912.ger.corp.intel.com) ([10.237.223.64])
 by orsmga005.jf.intel.com with ESMTP; 04 Jun 2020 08:32:47 -0700
From: David Coyle <david.coyle@intel.com>
To: akhil.goyal@nxp.com, declan.doherty@intel.com,
 pablo.de.lara.guarch@intel.com, fiona.trahe@intel.com,
 roy.fan.zhang@intel.com
Cc: dev@dpdk.org, thomas@monjalon.net, ferruh.yigit@intel.com,
 brendan.ryan@intel.com, hemant.agrawal@nxp.com, anoobj@marvell.com,
 ruifeng.wang@arm.com, lironh@marvell.com, rnagadheeraj@marvell.com,
 jsrikanth@marvell.com, G.Singh@nxp.com, jianjay.zhou@huawei.com,
 ravi1.kumar@amd.com, bruce.richardson@intel.com, olivier.matz@6wind.com,
 honnappa.nagarahalli@arm.com, stephen@networkplumber.org,
 alexr@mellanox.com, jerinj@marvell.com, David Coyle <david.coyle@intel.com>
Date: Thu,  4 Jun 2020 16:13:21 +0100
Message-Id: <20200604151324.50704-1-david.coyle@intel.com>
X-Mailer: git-send-email 2.17.1
In-Reply-To: <20200410142757.31508-1-david.coyle@intel.com>
References: <20200410142757.31508-1-david.coyle@intel.com>
Subject: [dpdk-dev] [PATCH 0/3] add support for DOCSIS protocol to security
	library
X-BeenThere: dev@dpdk.org
X-Mailman-Version: 2.1.15
Precedence: list
List-Id: DPDK patches and discussions <dev.dpdk.org>
List-Unsubscribe: <https://mails.dpdk.org/options/dev>,
 <mailto:dev-request@dpdk.org?subject=unsubscribe>
List-Archive: <http://mails.dpdk.org/archives/dev/>
List-Post: <mailto:dev@dpdk.org>
List-Help: <mailto:dev-request@dpdk.org?subject=help>
List-Subscribe: <https://mails.dpdk.org/listinfo/dev>,
 <mailto:dev-request@dpdk.org?subject=subscribe>
Errors-To: dev-bounces@dpdk.org
Sender: "dev" <dev-bounces@dpdk.org>

Introduction
============

This patchset adds support for the DOCSIS protocol to the DPDK Security
API (rte_security), to be used by the AESNI-MB and QAT crypto devices to
combine and accelerate Crypto and CRC functions of the DOCSIS protocol
into a single operation.

Performing these functions in parallel as a single operation can enable a
significant performance improvement in a DPDK-based DOCSIS MAC pipeline.

PLEASE NOTE: this patchset only includes the proposed API changes. The
implementation will follow in the next version.

Background
==========

A number of approaches to combine DOCSIS Crypto and CRC functions have
been discussed in the DPDK community to date, namely:
1) adding a new rte_accelerator API, to provide a generic interface for
   combining operations of different types
2) using rawdev through a multi-function interface, again to provide a
   generic interface for combining operations of different types
3) adding support for DOCSIS Crypto-CRC to rte_security

The third option above is the preferred approach for the following
reasons:
- it addresses the immediate use case to add DOCSIS Crypto-CRC support to
  DPDK so that it can be consumed easily by cable equipment vendors
- it uses an already existing framework in DPDK
- it will mean much less code churn in DOCSIS applications, which already
  use rte_cryptodev for encryption/decryption


Use Cases
=========

The primary use case for this proposal has already been mentioned, namely
to add DOCSIS Crypto-CRC support to DPDK:

- DOCSIS MAC: Crypto-CRC
	- Order:
		- Downstream: CRC, Encrypt
		- Upstream: Decrypt, CRC
	- Specifications:
		- Crypto: 128-bit AES-CFB encryption variant for DOCSIS as
		  described in section 11.1 of DOCSIS 3.1 Security
		  Specification
		  (https://apps.cablelabs.com/specification/CM-SP-SECv3.1)
		- CRC: Ethernet 32-bit CRC as defined in
		  Ethernet/[ISO/IEC 8802-3]

Note that support for this chained operations is already available in the
Intel IPSec Multi-Buffer library.

However, other DOCSIS protocol functions could be optimized too in the
future using the same rte_security API for DOCSIS (e.g. Header Checksum
(HCS) calculation).

v1:
* added proposed API changes
* added security capabilities to aesni_mb crypto PMD

David Coyle (3):
  security: add support for DOCSIS protocol
  cryptodev: add security operation to crypto operation
  crypto/aesni_mb: add support for DOCSIS protocol

 drivers/crypto/aesni_mb/meson.build           |   2 +-
 .../crypto/aesni_mb/rte_aesni_mb_pmd_ops.c    |  63 ++++++++++
 lib/librte_cryptodev/rte_crypto.h             |  11 +-
 lib/librte_security/rte_security.h            | 114 ++++++++++++++++++
 4 files changed, 188 insertions(+), 2 deletions(-)

-- 
2.17.1