DOCA File Integrity Application Guide

This guide provides a file integrity implementation on top of NVIDIA® BlueField® DPU.

Introduction

The file integrity application exhibits how to use the DOCA Comch and DOCA SHA libraries to send and receive a file securely.

The application's logic includes both a client and a server:

Client side – the application opens a file, calculates the SHA (secure hash algorithm) digest on it, and sends the digest of the source file alongside the file itself to the server
Server side – the application calculates the SHA on the received file and compares the received digest to the calculated one to check if the file has been compromised

SHA hardware acceleration is only available on the BlueField-2 DPU. This application is not supported on BlueField-3.

System Design

The file integrity application runs in client mode (host) and server mode (DPU).

Application Architecture

The file integrity application runs on top of the DOCA Comm Channel API to send and receive files from the host and DPU.

Connection is established on both sides by the Comm Channel API.
Client submits SHA job with the DOCA SHA library and sends the result to the server.
Client sends the number of messages required to send the content of the file.
Client sends data segments in size of up to 4032 bytes.
Server submits a partial SHA job on each received segment.
Server sends an ACK message to the client when all parts of the file are received successfully.
Server compares the received SHA to the calculated SHA.

DOCA Libraries

This application leverages the following DOCA libraries:

Refer to their respective programming guide for more information.

Compiling the Application

Please refer to the DOCA Installation Guide for Linux for details on how to install BlueField-related software.

The installation of DOCA's reference applications contains the sources of the applications, alongside the matching compilation instructions. This allows for compiling the applications "as-is" and provides the ability to modify the sources, then compile a new version of the application.

For more information about the applications as well as development and compilation tips, refer to the DOCA Reference Applications page.

The sources of the application can be found under the application's directory: /opt/mellanox/doca/applications/file_integrity/ directory.

Compiling All Applications

All DOCA applications are defined under a single meson project. So, by default, the compilation includes all of them.

To build all the applications together, run:

cd /opt/mellanox/doca/applications/
meson /tmp/build 
ninja -C /tmp/build

doca_file_integrity is created under /tmp/build/file_integrity/.

Compiling Only the Current Application

To directly build only the file integrity application:

cd /opt/mellanox/doca/applications/
meson /tmp/build -Denable_all_applications=false -Denable_file_integrity=true
ninja -C /tmp/build

doca_file_integrity is created under /tmp/build/file_integrity/.

Alternatively, one can set the desired flags in the meson_options.txt file instead of providing them in the compilation command line:

Edit the following flags in /opt/mellanox/doca/applications/meson_options.txt:
- Set enable_all_applications to false
- Set enable_file_integrity to true
Run the following compilation commands:
```
cd /opt/mellanox/doca/applications/
meson /tmp/build 
ninja -C /tmp/build
```
doca_file_integrity is created under /tmp/build/file_integrity/.

Troubleshooting

Refer to the DOCA Troubleshooting for any issue encountered with the compilation of the application.

Running the Application

Application Execution

The file integrity application is provided in source form. Therefore, a compilation is required before the application can be executed.

Application usage instructions:

Usage: doca_file_integrity [DOCA Flags] [Program Flags]

DOCA Flags:
  -h, --help                        Print a help synopsis
  -v, --version                     Print program version information
  -l, --log-level                   Set the (numeric) log level for the program <10=DISABLE, 20=CRITICAL, 30=ERROR, 40=WARNING, 50=INFO, 60=DEBUG, 70=TRACE>
  --sdk-log-level                   Set the SDK (numeric) log level for the program <10=DISABLE, 20=CRITICAL, 30=ERROR, 40=WARNING, 50=INFO, 60=DEBUG, 70=TRACE>

Program Flags:
  -p, --pci-addr                    DOCA Comm Channel device PCI address
  -r, --rep-pci                     DOCA Comm Channel device representor PCI address
  -f, --file                        File to send by the client / File to write by the server
  -t, --timeout                     Application timeout for receiving file content messages, default is 5 sec

This usage printout can be printed to the command line using the -h (or --help) options:

./doca_file_integrity -h

For additional information, refer to section "DOCA File Integrity Application Guide | id (3.1.0 core update)DOCAFileIntegrityApplicationGuide CommandLineFlags".

CLI example for running the application on BlueField:
```
./doca_file_integrity -p 03:00.0 -r 3b:00.0 -f received.txt
```
Both the DOCA Comm Channel device PCIe address (03:00.0) and the DOCA Comm Channel device representor PCIe address (3b:00.0) should match the addresses of the desired PCIe devices.
CLI example for running the application on the host:
```
./doca_file_integrity -p 3b:00.0 -f send.txt
```
The DOCA Comm Channel device PCIe address (3b:00.0) should match the address of the desired PCIe device.

Command Line Flags

Flag Type	Short Flag	Long Flag	Description
General flags	`h`	`help`	Prints a help synopsis
	`v`	`version`	Prints program version information
	`l`	`log-level`	Set the log level for the application: DISABLE=10 CRITICAL=20 ERROR=30 WARNING=40 INFO=50 DEBUG=60 TRACE=70 (requires compilation with `TRACE` log level support)
	N/A	`sdk-log-level`	Sets the log level for the program: DISABLE=10 CRITICAL=20 ERROR=30 WARNING=40 INFO=50 DEBUG=60 TRACE=70
Program flags	`f`	`file`	For client – path to the file to be sent For server – path to write the file into This is a mandatory flag.
	`p`	`pci-addr`	Comm Channel DOCA device PCIe address This is a mandatory flag.
	`r`	`rep-pci`	Comm Channel DOCA device representor PCIe address This flag is mandatory only on the DPU.

Refer to DOCA Arg Parser for more information regarding the supported flags and execution modes.

Troubleshooting

Please refer to the DOCA Troubleshooting for any issue encountered with the installation or execution of the DOCA applications.

Application Code Flow

Parse application argument.
1. Initialize the arg parser resources and register DOCA general parameters.
  doca_arg_init();
2. Register file integrity application parameters.
  register_file_integrity_params();
3. Parse application parameters.
  doca_argp_start();
Set endpoint attributes.
```
set_endpoint_properties();
```
1. Set maximum message size of 4032 bytes.
2. Set number of maximum messages allowed per connection.
Create Comm Channel endpoint.
```
doca_comm_channel_ep_create();
```
1. Create endpoint for client/server.
Create SHA context.
```
doca_sha_create();
```
1. Create SHA context for submitting SHA jobs for client/server.
Run client/server main logic.
```
file_integrity_client/server();
```
Clean up the File Integrity app.
```
file_integrity_cleanup();
```
1. Free all application resources.

References

/opt/mellanox/doca/applications/file_integrity/

Last updated: July 29, 2025