From patchwork Fri Dec 16 15:07:41 2016 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 8bit X-Patchwork-Submitter: Fiona Trahe X-Patchwork-Id: 18081 X-Patchwork-Delegate: pablo.de.lara.guarch@intel.com Return-Path: X-Original-To: patchwork@dpdk.org Delivered-To: patchwork@dpdk.org Received: from [92.243.14.124] (localhost [IPv6:::1]) by dpdk.org (Postfix) with ESMTP id 6C5D35589; Fri, 16 Dec 2016 16:07:50 +0100 (CET) Received: from mga05.intel.com (mga05.intel.com [192.55.52.43]) by dpdk.org (Postfix) with ESMTP id E9C455588 for ; Fri, 16 Dec 2016 16:07:46 +0100 (CET) Received: from fmsmga005.fm.intel.com ([10.253.24.32]) by fmsmga105.fm.intel.com with ESMTP; 16 Dec 2016 07:07:45 -0800 X-ExtLoop1: 1 X-IronPort-AV: E=Sophos;i="5.33,358,1477983600"; d="scan'208";a="43286193" Received: from irsmsx109.ger.corp.intel.com ([163.33.3.23]) by fmsmga005.fm.intel.com with ESMTP; 16 Dec 2016 07:07:45 -0800 Received: from irsmsx101.ger.corp.intel.com ([169.254.1.248]) by IRSMSX109.ger.corp.intel.com ([169.254.13.8]) with mapi id 14.03.0248.002; Fri, 16 Dec 2016 15:07:42 +0000 From: "Trahe, Fiona" To: "dev@dpdk.org" CC: "De Lara Guarch, Pablo" , "Griffin, John" , "Ryan, Brendan" , "Trahe, Fiona" , "Jain, Deepak K" , "O'Hanlon, Michael A" Thread-Topic: [RFC] cryptodev: enable BPI+ for Cablelabs DOCSIS security spec Thread-Index: AdJW/KqRN4LjR92eRHSlGLIFwIFyww== Date: Fri, 16 Dec 2016 15:07:41 +0000 Message-ID: <348A99DA5F5B7549AA880327E580B4358914C009@IRSMSX101.ger.corp.intel.com> Accept-Language: en-IE, en-US Content-Language: en-US X-MS-Has-Attach: X-MS-TNEF-Correlator: x-titus-metadata-40: eyJDYXRlZ29yeUxhYmVscyI6IiIsIk1ldGFkYXRhIjp7Im5zIjoiaHR0cDpcL1wvd3d3LnRpdHVzLmNvbVwvbnNcL0ludGVsMyIsImlkIjoiOTUxOTk3N2MtMjRhZC00MzgwLWJiZTktZGIyMjg5ZDZlZmY3IiwicHJvcHMiOlt7Im4iOiJDVFBDbGFzc2lmaWNhdGlvbiIsInZhbHMiOlt7InZhbHVlIjoiQ1RQX0lDIn1dfV19LCJTdWJqZWN0TGFiZWxzIjpbXSwiVE1DVmVyc2lvbiI6IjE1LjkuNi42IiwiVHJ1c3RlZExhYmVsSGFzaCI6IkV1M29helZ5WHFqUVY4dnpiTWFqeVF0aEFuS3FcL1RjOGh5RWRWUEpOeVFNPSJ9 x-ctpclassification: CTP_IC x-originating-ip: [163.33.239.182] MIME-Version: 1.0 Subject: [dpdk-dev] [RFC] cryptodev: enable BPI+ for Cablelabs DOCSIS security spec X-BeenThere: dev@dpdk.org X-Mailman-Version: 2.1.15 Precedence: list List-Id: DPDK patches and discussions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: dev-bounces@dpdk.org Sender: "dev" Proposal to extend the DPDK cryptodev API to enable processing of packets according to the Baseline Privacy Interface Plus (BPI+) Specification described in the security specification of the Cablelabs Data-over-Cable Service Interface Specification (DOCSIS). Brief summary of BPI+ symmetric cryptography requirements: BPI+ cryptography uses a block cipher (AES-CBC/DES-CBC) to encrypt/decrypt all the whole blocks in the packet. However the data length is not always a block-multiple, so where there is a final block less than the full block size this residual block requires special handling using AES-CFB/DES-CFB mode. Similar special handling is specified where there is only one block, smaller than the block size for the cipher. See spec for further details. https://apps.cablelabs.com/specification/docsis-3-1-security-specification/ Proposal: Add new elements in the enum rte_crypto_cipher_algorithm. Note elements of this enum are actually a combination of an algorithm (AES, 3DES, etc) and mode (CBC, CTR, etc). The new DOCSISBPI mode is used to convey to the PMD that the mode applied should be the specific combination of CBC and CFB required by the DOCSIS Baseline Privacy Plus Spec. There are no other API changes needed. The API patch is below. Thoughts? diff --git a/lib/librte_cryptodev/rte_crypto_sym.h b/lib/librte_cryptodev/rte_crypto_sym.h index d694723..92fa568 100644 --- a/lib/librte_cryptodev/rte_crypto_sym.h +++ b/lib/librte_cryptodev/rte_crypto_sym.h @@ -105,6 +105,15 @@ enum rte_crypto_cipher_algorithm {        RTE_CRYPTO_CIPHER_DES_CBC,        /**< DES algorithm in CBC mode */ +       RTE_CRYPTO_CIPHER_DES_DOCSISBPI, +       /**< DES algorithm using modes required by DOCSIS Baseline Privacy Plus Spec. */ + +       RTE_CRYPTO_CIPHER_AES_DOCSISBPI, +       /**< AES algorithm using modes required by DOCSIS Baseline Privacy Plus Spec. */ +         RTE_CRYPTO_CIPHER_LIST_END };