DOCA SDK Documentation
DOCA SDK Documentation
Breadcrumbs

DOCA File Integrity Application Guide

This guide provides a file integrity implementation on top of NVIDIA® BlueField® DPU.

Introduction

The file integrity application exhibits how to use the DOCA Comch and DOCA SHA libraries to send and receive a file securely.

The application's logic includes both a client and a server:

  • Client side – the application opens a file, calculates the SHA (secure hash algorithm) digest on it, and sends the digest of the source file alongside the file itself to the server

  • Server side – the application calculates the SHA on the received file and compares the received digest to the calculated one to check if the file has been compromised

SHA hardware acceleration is only available on the BlueField-2 DPU. This application is not supported on BlueField-3.

System Design

The file integrity application runs in client mode (host) and server mode (DPU).

sys-design.png

Application Architecture

The file integrity application runs on top of the DOCA Comm Channel API to send and receive files from the host and DPU.

app-arch.png

  1. Connection is established on both sides by the Comm Channel API.

  2. Client submits SHA job with the DOCA SHA library and sends the result to the server.

  3. Client sends the number of messages required to send the content of the file.

  4. Client sends data segments in size of up to 4032 bytes.

  5. Server submits a partial SHA job on each received segment.

  6. Server sends an ACK message to the client when all parts of the file are received successfully.

  7. Server compares the received SHA to the calculated SHA.

DOCA Libraries

This application leverages the following DOCA libraries:

Refer to their respective programming guide for more information.

Compiling the Application

Please refer to the DOCA Installation Guide for Linux for details on how to install BlueField-related software.

DOCA reference applications are installed with full source code and build instructions. This allows you to compile them as-is or modify the source code to create custom versions.

For more information about the applications as well as development and compilation tips, refer to the DOCA Reference Applications page.

The source code for the application is located in the following directory: 

/opt/mellanox/doca/applications/file_integrity/

Compiling All Applications

All DOCA applications are defined under a single meson project. So, by default, the compilation includes all of them.

To build all the applications together, run:

cd /opt/mellanox/doca/applications/
meson /tmp/build 
ninja -C /tmp/build

doca_file_integrity is created under /tmp/build/file_integrity/.

Compiling Only the Current Application

To directly build only the file integrity application:

cd /opt/mellanox/doca/applications/
meson /tmp/build -Denable_all_applications=false -Denable_file_integrity=true
ninja -C /tmp/build

doca_file_integrity is created under /tmp/build/file_integrity/.

Alternatively, one can set the desired flags in the meson_options.txt file instead of providing them in the compilation command line:

  1. Edit the following flags in /opt/mellanox/doca/applications/meson_options.txt:Set enable_all_applications to falseSet enable_file_integrity to true

  2. Run the following compilation commands:

    cd /opt/mellanox/doca/applications/
meson /tmp/build 
ninja -C /tmp/build

    doca_file_integrity is created under /tmp/build/file_integrity/.

Running the Application

Application Execution

The file integrity application is provided in source form. Therefore, a compilation is required before the application can be executed.

  • Application usage instructions:

    Usage: doca_file_integrity [DOCA Flags] [Program Flags]

DOCA Flags:
  -h, --help                        Print a help synopsis
  -v, --version                     Print program version information
  -l, --log-level                   Set the (numeric) log level for the program <10=DISABLE, 20=CRITICAL, 30=ERROR, 40=WARNING, 50=INFO, 60=DEBUG, 70=TRACE>
  --sdk-log-level                   Set the SDK (numeric) log level for the program <10=DISABLE, 20=CRITICAL, 30=ERROR, 40=WARNING, 50=INFO, 60=DEBUG, 70=TRACE>
  --log-filter                      Filter logs from specific modules, separated by comma
  -j, --json <path>                 Parse command line flags from an input json file

Program Flags:
  -p, --pci-addr                    DOCA Comm Channel device PCI address
  -r, --rep-pci                     DOCA Comm Channel device representor PCI address
  -f, --file                        File to send by the client / File to write by the server
  -t, --timeout                     Application timeout for receiving file content messages, default is 5 sec

    This usage printout can be printed to the command line using the -h (or --help) options:

    ./doca_file_integrity -h


    For additional information, refer to section "DOCA File Integrity Application Guide | Command Line Flags".

  • CLI example for running the application on BlueField:

    ./doca_file_integrity -p 03:00.0 -r 3b:00.0 -f received.txt

    Both the DOCA Comm Channel device PCIe address (03:00.0) and the DOCA Comm Channel device representor PCIe address (3b:00.0) should match the addresses of the desired PCIe devices.

  • CLI example for running the application on the host:

    ./doca_file_integrity -p 3b:00.0 -f send.txt

    The DOCA Comm Channel device PCIe address (3b:00.0) should match the address of the desired PCIe device.

Command Line Flags

General Flags

Short Flag

Long Flag

Description

-h

--help

Prints a help synopsis and exits

-v

--version

Prints program version information and exits

-l

--log-level

Sets the numeric log level for the application:

  • 10 – DISABLE

  • 20 – CRITICAL 

  • 30 – ERROR

  • 40 – WARNING

  • 50 – INFO

  • 60 – DEBUG

  • 70 – TRACE (requires compilation with TRACE support)

N/A

--sdk-log-level

Sets the SDK numeric log level using the same 10-70 scale as above

N/A

--log-filter

Filters logs from specific modules (comma-separated list)

-j

--json

Parses command-line flags from a specified input JSON file

Refer to DOCA Arg Parser for more information regarding the supported flags and execution modes.

Host Program Flags

Short Flag

Long Flag

Description

f

file

  • For client – path to the file to be sent

  • For server – path to write the file into

This is a mandatory flag. 

p

pci-addr

Comm Channel DOCA device PCIe address

This is a mandatory flag.

r

rep-pci

Comm Channel DOCA device representor PCIe address

This flag is mandatory only on the DPU.

Troubleshooting

Refer to the NVIDIA BlueField Platform Software Troubleshooting Guide for any issue encountered with the compilation, installation, or execution of the DOCA applications.

Application Code Flow

  1. Parse application argument. 

    1. Initialize the arg parser resources and register DOCA general parameters.

      doca_arg_init();


    2. Register file integrity application parameters.

      register_file_integrity_params();


    3. Parse application parameters.

      doca_argp_start();


  2. Set endpoint attributes.

    set_endpoint_properties();

    1. Set maximum message size of 4032 bytes.

    2. Set number of maximum messages allowed per connection.

  3. Create Comm Channel endpoint.

    doca_comm_channel_ep_create();

    1. Create endpoint for client/server.

  4. Create SHA context.

    doca_sha_create();

    1. Create SHA context for submitting SHA jobs for client/server.

  5. Run client/server main logic. 

    file_integrity_client/server();


  6. Clean up the File Integrity app. 

    file_integrity_cleanup();

    1. Free all application resources.

References

  • /opt/mellanox/doca/applications/file_integrity/

Last updated: