DOCA Documentation v2.8.0

NVIDIA DOCA File Integrity Application Guide

This guide provides a file integrity implementation on top of NVIDIA® BlueField® DPU.

The file integrity application exhibits how to use the DOCA Comch and DOCA SHA libraries to send and receive a file securely.

The application's logic includes both a client and a server:

  • Client side – the application opens a file, calculates the SHA (secure hash algorithm) digest on it, and sends the digest of the source file alongside the file itself to the server

  • Server side – the application calculates the SHA on the received file and compares the received digest to the calculated one to check if the file has been compromised

Note

SHA hardware acceleration is only available on the BlueField-2 DPU. This application is not supported on BlueField-3.

The file integrity application runs in client mode (host) and server mode (DPU).

sys-design-version-1-modificationdate-1707755294790-api-v2.png

The file integrity application runs on top of the DOCA Comm Channel API to send and receive files from the host and DPU.

app-arch-version-1-modificationdate-1707755295213-api-v2.png

  1. Connection is established on both sides by the Comm Channel API.

  2. Client submits SHA job with the DOCA SHA library and sends the result to the server.

  3. Client sends the number of messages required to send the content of the file.

  4. Client sends data segments in size of up to 4032 bytes.

  5. Server submits a partial SHA job on each received segment.

  6. Server sends an ACK message to the client when all parts of the file are received successfully.

  7. Server compares the received SHA to the calculated SHA.

This application leverages the following DOCA libraries:

Refer to their respective programming guide for more information.

Info

Please refer to the NVIDIA DOCA Installation Guide for Linux for details on how to install BlueField-related software.

The installation of DOCA's reference applications contains the sources of the applications, alongside the matching compilation instructions. This allows for compiling the applications "as-is" and provides the ability to modify the sources, then compile a new version of the application.

Tip

For more information about the applications as well as development and compilation tips, refer to the DOCA Applications page.

The sources of the application can be found under the application's directory: /opt/mellanox/doca/applications/file_integrity/ directory.

Compiling All Applications

All DOCA applications are defined under a single meson project. So, by default, the compilation includes all of them.

To build all the applications together, run:

Copy
Copied!
            

cd /opt/mellanox/doca/applications/ meson /tmp/build ninja -C /tmp/build

Info

doca_file_integrity is created under /tmp/build/file_integrity/.


Compiling Only the Current Application

To directly build only the file integrity application:

Copy
Copied!
            

cd /opt/mellanox/doca/applications/ meson /tmp/build -Denable_all_applications=false -Denable_file_integrity=true ninja -C /tmp/build

Info

doca_file_integrity is created under /tmp/build/file_integrity/.

Alternatively, one can set the desired flags in the meson_options.txt file instead of providing them in the compilation command line:

  1. Edit the following flags in /opt/mellanox/doca/applications/meson_options.txt:

    • Set enable_all_applications to false

    • Set enable_file_integrity to true

  2. Run the following compilation commands :

    Copy
    Copied!
                

    cd /opt/mellanox/doca/applications/ meson /tmp/build ninja -C /tmp/build

    Info

    doca_file_integrity is created under /tmp/build/file_integrity/.

Troubleshooting

Refer to the NVIDIA DOCA Troubleshooting Guide for any issue encountered with the compilation of the application.

Application Execution

The file integrity application is provided in source form. Therefore, a compilation is required before the application can be executed.

  1. Application usage instructions:

    Copy
    Copied!
                

    Usage: doca_file_integrity [DOCA Flags] [Program Flags]   DOCA Flags: -h, --help Print a help synopsis -v, --version Print program version information -l, --log-level Set the (numeric) log level for the program <10=DISABLE, 20=CRITICAL, 30=ERROR, 40=WARNING, 50=INFO, 60=DEBUG, 70=TRACE> --sdk-log-level Set the SDK (numeric) log level for the program <10=DISABLE, 20=CRITICAL, 30=ERROR, 40=WARNING, 50=INFO, 60=DEBUG, 70=TRACE> -j, --json <path> Parse all command flags from an input json file   Program Flags: -p, --pci-addr DOCA Comm Channel device PCI address -r, --rep-pci DOCA Comm Channel device representor PCI address -f, --file File to send by the client / File to write by the server -t, --timeout Application timeout for receiving file content messages, default is 5 sec

    Info

    This usage printout can be printed to the command line using the -h (or --help) options:

    Copy
    Copied!
                

    ./doca_file_integrity -h

    Info

    For additional information, refer to section "Command Line Flags".

  2. CLI example for running the application on BlueField:

    Copy
    Copied!
                

    ./doca_file_integrity -p 03:00.0 -r 3b:00.0 -f received.txt

    Note

    Both the DOCA Comm Channel device PCIe address (03:00.0) and the DOCA Comm Channel device representor PCIe address (3b:00.0) should match the addresses of the desired PCIe devices.

  3. CLI example for running the application on the host:

    Copy
    Copied!
                

    ./doca_file_integrity -p 3b:00.0 -f send.txt

    Note

    The DOCA Comm Channel device PCIe address (3b:00.0) should match the address of the desired PCIe device.

  4. The application also supports a JSON-based deployment mode, in which all command-line arguments are provided through a JSON file:

    Copy
    Copied!
                

    ./doca_file_integrity --json [json_file]

    For example:

    Copy
    Copied!
                

    ./doca_file_integrity --json ./file_integrity_params.json

    Note

    Before execution, ensure that the used JSON file contains the correct configuration parameters, and especially the PCIe addresses necessary for the deployment .

Command Line Flags

Flag Type

Short Flag

Long Flag/JSON Key

Description

JSON Content

General flags

h

help

Prints a help synopsis

N/A

v

version

Prints program version information

N/A

l

log-level

Set the log level for the application:

  • DISABLE=10

  • CRITICAL=20

  • ERROR=30

  • WARNING=40

  • INFO=50

  • DEBUG=60

  • TRACE=70 ( requires compilation with TRACE log level support )

Copy
Copied!
            

"log-level": 60

N/A

sdk-log-level

Sets the log level for the program:

  • DISABLE=10

  • CRITICAL=20

  • ERROR=30

  • WARNING=40

  • INFO=50

  • DEBUG=60

  • TRACE=70

Copy
Copied!
            

"sdk-log-level": 40

j

json

Parse all command flags from an input JSON file

N/A

Program flags

f

file

For client – path to the file to be sent

For server – path to write the file into

Note

This is a mandatory flag.

Copy
Copied!
            

"file": "/tmp/data.txt"

p

pci-addr

Comm Channel DOCA device PCIe address

Note

This is a mandatory flag.

Copy
Copied!
            

"pci-addr": 03:00.1 

r

rep-pci

Comm Channel DOCA device representor PCIe address

Note

This flag is mandatory only on the DPU.

Copy
Copied!
            

"rep-pci": b1:00.1 

Info

Refer to DOCA Arg Parser for more information regarding the supported flags and execution modes.


Troubleshooting

Please refer to the NVIDIA DOCA Troubleshooting Guide for any issue encountered with the installation or execution of the DOCA applications .

  1. Parse application argument.

    1. Initialize the arg parser resources and register DOCA general parameters.

      Copy
      Copied!
                  

      doca_arg_init();

    2. Register file integrity application parameters.

      Copy
      Copied!
                  

      register_file_integrity_params();

    3. Parse application parameters.

      Copy
      Copied!
                  

      doca_argp_start();

  2. Set endpoint attributes.

    Copy
    Copied!
                

    set_endpoint_properties();

    1. Set maximum message size of 4032 bytes.

    2. Set number of maximum messages allowed per connection.

  3. Create Comm Channel endpoint.

    Copy
    Copied!
                

    doca_comm_channel_ep_create();

    1. Create endpoint for client/server.

  4. Create SHA context.

    Copy
    Copied!
                

    doca_sha_create();

    1. Create SHA context for submitting SHA jobs for client/server.

  5. Run client/server main logic.

    Copy
    Copied!
                

    file_integrity_client/server();

  6. Clean up the File Integrity app.

    Copy
    Copied!
                

    file_integrity_cleanup();

    1. Free all application resources.

  • /opt/mellanox/doca/applications/file_integrity/

  • /opt/mellanox/doca/applications/file_integrity/file_integrity_params.json

© Copyright 2024, NVIDIA. Last updated on Aug 21, 2024.