From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: from mga04.intel.com (mga04.intel.com [192.55.52.120]) by dpdk.org (Postfix) with ESMTP id 9A9AF5598 for ; Thu, 23 Feb 2017 15:00:45 +0100 (CET) Received: from fmsmga004.fm.intel.com ([10.253.24.48]) by fmsmga104.fm.intel.com with ESMTP/TLS/DHE-RSA-AES256-GCM-SHA384; 23 Feb 2017 06:00:44 -0800 X-ExtLoop1: 1 X-IronPort-AV: E=Sophos;i="5.35,198,1484035200"; d="scan'208";a="228834322" Received: from silpixa00381631.ir.intel.com (HELO silpixa00381631.ger.corp.intel.com) ([10.237.222.122]) by fmsmga004.fm.intel.com with ESMTP; 23 Feb 2017 06:00:43 -0800 From: Pablo de Lara To: declan.doherty@intel.com, fiona.trahe@intel.com Cc: dev@dpdk.org, Pablo de Lara Date: Thu, 23 Feb 2017 14:02:55 +0000 Message-Id: <1487858575-140430-1-git-send-email-pablo.de.lara.guarch@intel.com> X-Mailer: git-send-email 2.7.4 In-Reply-To: <1484751890-9716-1-git-send-email-fiona.trahe@intel.com> References: <1484751890-9716-1-git-send-email-fiona.trahe@intel.com> Subject: [dpdk-dev] [PATCH v2] cryptodev: enable BPI for Cablelabs DOCSIS security spec X-BeenThere: dev@dpdk.org X-Mailman-Version: 2.1.15 Precedence: list List-Id: DPDK patches and discussions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Thu, 23 Feb 2017 14:00:46 -0000 Extend the DPDK cryptodev API to enable processing of packets according to the Baseline Privacy Interface Plus (BPI+) Specification described in the security specification of the Cablelabs Data-over-Cable Service Interface Specification (DOCSIS). Brief summary of BPI+ symmetric cryptography requirements: BPI+ cryptography uses a block cipher (AES-CBC/DES-CBC) to encrypt/decrypt all the whole blocks in the packet. However the data length is not always a block-multiple, so where there is a final block less than the full block size this residual block requires special handling using AES-CFB/DES-CFB mode. Similar special handling is specified where there is only one block, smaller than the block size for the cipher. See spec for further details. https://apps.cablelabs.com/specification/docsis-3-1-security-specification/ Two new elements are added to the enum rte_crypto_cipher_algorithm. Note elements of this enum are actually a combination of an algorithm (AES, 3DES, etc) and mode (CBC, CTR, etc). The new DOCSISBPI mode is used to convey to the PMD that the mode applied should be the specific combination of CBC and CFB required by the DOCSIS Baseline Privacy Plus Spec. Signed-off-by: Fiona Trahe Signed-off-by: Pablo de Lara --- Changes in v2: - Changed order of algorithms to be alphabetically ordered between themselves - Added strings for the algorithms lib/librte_cryptodev/rte_crypto_sym.h | 10 ++++++++++ lib/librte_cryptodev/rte_cryptodev.c | 2 ++ 2 files changed, 12 insertions(+) diff --git a/lib/librte_cryptodev/rte_crypto_sym.h b/lib/librte_cryptodev/rte_crypto_sym.h index c782588..4d5459f 100644 --- a/lib/librte_cryptodev/rte_crypto_sym.h +++ b/lib/librte_cryptodev/rte_crypto_sym.h @@ -108,6 +108,16 @@ enum rte_crypto_cipher_algorithm { RTE_CRYPTO_CIPHER_DES_CBC, /**< DES algorithm in CBC mode */ + RTE_CRYPTO_CIPHER_AES_DOCSISBPI, + /**< AES algorithm using modes required by + * DOCSIS Baseline Privacy Plus Spec. + */ + + RTE_CRYPTO_CIPHER_DES_DOCSISBPI, + /**< DES algorithm using modes required by + * DOCSIS Baseline Privacy Plus Spec. + */ + RTE_CRYPTO_CIPHER_LIST_END }; diff --git a/lib/librte_cryptodev/rte_cryptodev.c b/lib/librte_cryptodev/rte_cryptodev.c index f15f65b..0ac23ed 100644 --- a/lib/librte_cryptodev/rte_cryptodev.c +++ b/lib/librte_cryptodev/rte_cryptodev.c @@ -126,6 +126,7 @@ rte_crypto_cipher_algorithm_strings[] = { [RTE_CRYPTO_CIPHER_AES_CBC] = "aes-cbc", [RTE_CRYPTO_CIPHER_AES_CCM] = "aes-ccm", [RTE_CRYPTO_CIPHER_AES_CTR] = "aes-ctr", + [RTE_CRYPTO_CIPHER_AES_DOCSISBPI] = "aes-docsisbpi", [RTE_CRYPTO_CIPHER_AES_ECB] = "aes-ecb", [RTE_CRYPTO_CIPHER_AES_GCM] = "aes-gcm", [RTE_CRYPTO_CIPHER_AES_F8] = "aes-f8", @@ -134,6 +135,7 @@ rte_crypto_cipher_algorithm_strings[] = { [RTE_CRYPTO_CIPHER_ARC4] = "arc4", [RTE_CRYPTO_CIPHER_DES_CBC] = "des-cbc", + [RTE_CRYPTO_CIPHER_DES_DOCSISBPI] = "des-docsisbpi", [RTE_CRYPTO_CIPHER_NULL] = "null", -- 2.7.4