cryptodev: enable BPI for Cablelabs DOCSIS security spec

Extend the DPDK cryptodev API to enable processing of packets according
to the Baseline Privacy Interface Plus (BPI+) Specification described in
the security specification of the Cablelabs Data-over-Cable Service
Interface Specification (DOCSIS).

Brief summary of BPI+ symmetric cryptography requirements:
BPI+ cryptography uses a block cipher (AES-CBC/DES-CBC) to encrypt/decrypt
all the whole blocks in the packet. However the data length is not always
a block-multiple, so where there is a final block less than the full block
size this residual block requires special handling using AES-CFB/DES-CFB
mode. Similar special handling is specified where there is only one block,
smaller than the block size for the cipher. See spec for further details.
https://apps.cablelabs.com/specification/docsis-3-1-security-specification/

Two new elements are added to the enum rte_crypto_cipher_algorithm.
Note elements of this enum are actually a combination of an algorithm (AES,
3DES, etc) and mode (CBC, CTR, etc). The new DOCSISBPI mode is used to
convey to the PMD that the mode applied should be the specific combination
of CBC and CFB required by the DOCSIS Baseline Privacy Plus Spec.

Signed-off-by: Fiona Trahe <fiona.trahe@intel.com>
Signed-off-by: Pablo de Lara <pablo.de.lara.guarch@intel.com>
Acked-by: Deepak Kumar Jain <deepak.k.jain@intel.com>

diff --git a/lib/librte_cryptodev/rte_crypto_sym.h b/lib/librte_cryptodev/rte_crypto_sym.h
index c78258813fafe7b6c3c74768f39b480566a435ee..4d5459f77fbf353c9228b664a92a3f7117032735 100644 (file)
--- a/lib/librte_cryptodev/rte_crypto_sym.h
+++ b/lib/librte_cryptodev/rte_crypto_sym.h
@@ -108,6 +108,16 @@ enum rte_crypto_cipher_algorithm {
        RTE_CRYPTO_CIPHER_DES_CBC,
        /**< DES algorithm in CBC mode */
 
+       RTE_CRYPTO_CIPHER_AES_DOCSISBPI,
+       /**< AES algorithm using modes required by
+        * DOCSIS Baseline Privacy Plus Spec.
+        */
+
+       RTE_CRYPTO_CIPHER_DES_DOCSISBPI,
+       /**< DES algorithm using modes required by
+        * DOCSIS Baseline Privacy Plus Spec.
+        */
+
        RTE_CRYPTO_CIPHER_LIST_END
 
 };

diff --git a/lib/librte_cryptodev/rte_cryptodev.c b/lib/librte_cryptodev/rte_cryptodev.c
index f15f65ba2a8020016d315bf5f509ef61d34ecf9a..0ac23ed85586dbc561612d51f89fabd1ee769603 100644 (file)
--- a/lib/librte_cryptodev/rte_cryptodev.c
+++ b/lib/librte_cryptodev/rte_cryptodev.c
@@ -126,6 +126,7 @@ rte_crypto_cipher_algorithm_strings[] = {
        [RTE_CRYPTO_CIPHER_AES_CBC]     = "aes-cbc",
        [RTE_CRYPTO_CIPHER_AES_CCM]     = "aes-ccm",
        [RTE_CRYPTO_CIPHER_AES_CTR]     = "aes-ctr",
+       [RTE_CRYPTO_CIPHER_AES_DOCSISBPI]       = "aes-docsisbpi",
        [RTE_CRYPTO_CIPHER_AES_ECB]     = "aes-ecb",
        [RTE_CRYPTO_CIPHER_AES_GCM]     = "aes-gcm",
        [RTE_CRYPTO_CIPHER_AES_F8]      = "aes-f8",
@@ -134,6 +135,7 @@ rte_crypto_cipher_algorithm_strings[] = {
        [RTE_CRYPTO_CIPHER_ARC4]        = "arc4",
 
        [RTE_CRYPTO_CIPHER_DES_CBC]     = "des-cbc",
+       [RTE_CRYPTO_CIPHER_DES_DOCSISBPI]       = "des-docsisbpi",
 
        [RTE_CRYPTO_CIPHER_NULL]        = "null",