NVIDIA DOCA File Integrity Application Guide
This guide provides a file integrity implementation on top of NVIDIA® BlueField® DPU.
The file integrity application exhibits how to use the DOCA Comch and DOCA SHA libraries to send and receive a file securely.
The application's logic includes both a client and a server:
Client side – the application opens a file, calculates the SHA (secure hash algorithm) digest on it, and sends the digest of the source file alongside the file itself to the server
Server side – the application calculates the SHA on the received file and compares the received digest to the calculated one to check if the file has been compromised
SHA hardware acceleration is only available on the BlueField-2 DPU. This application is not supported on BlueField-3.
The file integrity application runs in client mode (host) and server mode (DPU).
The file integrity application runs on top of the DOCA Comm Channel API to send and receive files from the host and DPU.
Connection is established on both sides by the Comm Channel API.
Client submits SHA job with the DOCA SHA library and sends the result to the server.
Client sends the number of messages required to send the content of the file.
Client sends data segments in size of up to 4032 bytes.
Server submits a partial SHA job on each received segment.
Server sends an ACK message to the client when all parts of the file are received successfully.
Server compares the received SHA to the calculated SHA.
This application leverages the following DOCA libraries:
Refer to their respective programming guide for more information.
Please refer to the NVIDIA DOCA Installation Guide for Linux for details on how to install BlueField-related software.
The installation of DOCA's reference applications contains the sources of the applications, alongside the matching compilation instructions. This allows for compiling the applications "as-is" and provides the ability to modify the sources, then compile a new version of the application.
For more information about the applications as well as development and compilation tips, refer to the DOCA Applications page.
The sources of the application can be found under the application's directory: /opt/mellanox/doca/applications/file_integrity/ directory.
Compiling All Applications
All DOCA applications are defined under a single meson project. So, by default, the compilation includes all of them.
To build all the applications together, run:
cd /opt/mellanox/doca/applications/
meson /tmp/build
ninja -C /tmp/build
doca_file_integrity is created under /tmp/build/file_integrity/.
Compiling Only the Current Application
To directly build only the file integrity application:
cd /opt/mellanox/doca/applications/
meson /tmp/build -Denable_all_applications=false
-Denable_file_integrity=true
ninja -C /tmp/build
doca_file_integrity is created under /tmp/build/file_integrity/.
Alternatively, one can set the desired flags in the meson_options.txt file instead of providing them in the compilation command line:
Edit the following flags in /opt/mellanox/doca/applications/meson_options.txt:
Set enable_all_applications to false
Set enable_file_integrity to true
Run the following compilation commands :
cd /opt/mellanox/doca/applications/ meson /tmp/build ninja -C /tmp/build
Infodoca_file_integrity is created under /tmp/build/file_integrity/.
Troubleshooting
Refer to the NVIDIA DOCA Troubleshooting Guide for any issue encountered with the compilation of the application.
Application Execution
The file integrity application is provided in source form. Therefore, a compilation is required before the application can be executed.
Application usage instructions:
Usage: doca_file_integrity [DOCA Flags] [Program Flags] DOCA Flags: -h, --help Print a help synopsis -v, --version Print program version information -l, --log-level Set the (numeric) log level
for
the program <10
=DISABLE,20
=CRITICAL,30
=ERROR,40
=WARNING,50
=INFO,60
=DEBUG,70
=TRACE> --sdk-log-level Set the SDK (numeric) log levelfor
the program <10
=DISABLE,20
=CRITICAL,30
=ERROR,40
=WARNING,50
=INFO,60
=DEBUG,70
=TRACE> -j, --json <path> Parse all command flags from an input json file Program Flags: -p, --pci-addr DOCA Comm Channel device PCI address -r, --rep-pci DOCA Comm Channel device representor PCI address -f, --file File to send by the client / File to write by the server -t, --timeout Application timeoutfor
receiving file content messages,default
is5
secInfoThis usage printout can be printed to the command line using the -h (or --help) options:
./doca_file_integrity -h
InfoFor additional information, refer to section "Command Line Flags".
CLI example for running the application on BlueField:
./doca_file_integrity -p
03
:00.0
-r 3b:00.0
-f received.txtNoteBoth the DOCA Comm Channel device PCIe address (03:00.0) and the DOCA Comm Channel device representor PCIe address (3b:00.0) should match the addresses of the desired PCIe devices.
CLI example for running the application on the host:
./doca_file_integrity -p 3b:
00.0
-f send.txtNoteThe DOCA Comm Channel device PCIe address (3b:00.0) should match the address of the desired PCIe device.
The application also supports a JSON-based deployment mode, in which all command-line arguments are provided through a JSON file:
./doca_file_integrity --json [json_file]
For example:
./doca_file_integrity --json ./file_integrity_params.json
NoteBefore execution, ensure that the used JSON file contains the correct configuration parameters, and especially the PCIe addresses necessary for the deployment .
Command Line Flags
Flag Type |
Short Flag |
Long Flag/JSON Key |
Description |
JSON Content |
General flags |
h |
help |
Prints a help synopsis |
N/A |
v |
version |
Prints program version information |
N/A |
|
l |
log-level |
Set the log level for the application:
|
|
|
N/A |
sdk-log-level |
Sets the log level for the program:
|
|
|
j |
json |
Parse all command flags from an input JSON file |
N/A |
|
Program flags |
f |
file |
For client – path to the file to be sent For server – path to write the file into Note
This is a mandatory flag.
|
|
p |
pci-addr |
Comm Channel DOCA device PCIe address Note
This is a mandatory flag.
|
|
|
r |
rep-pci |
Comm Channel DOCA device representor PCIe address Note
This flag is mandatory only on the DPU.
|
|
Refer to DOCA Arg Parser for more information regarding the supported flags and execution modes.
Troubleshooting
Please refer to the NVIDIA DOCA Troubleshooting Guide for any issue encountered with the installation or execution of the DOCA applications .
Parse application argument.
Initialize the arg parser resources and register DOCA general parameters.
doca_arg_init();
Register file integrity application parameters.
register_file_integrity_params();
Parse application parameters.
doca_argp_start();
Set endpoint attributes.
set_endpoint_properties();
Set maximum message size of 4032 bytes.
Set number of maximum messages allowed per connection.
Create Comm Channel endpoint.
doca_comm_channel_ep_create();
Create endpoint for client/server.
Create SHA context.
doca_sha_create();
Create SHA context for submitting SHA jobs for client/server.
Run client/server main logic.
file_integrity_client/server();
Clean up the File Integrity app.
file_integrity_cleanup();
Free all application resources.
/opt/mellanox/doca/applications/file_integrity/
/opt/mellanox/doca/applications/file_integrity/file_integrity_params.json