@@ -144,6 +144,27 @@ typedef union odp_crypto_auth_algos_t {
uint32_t all_bits;
} odp_crypto_auth_algos_t;
+
+/**
+ * Network security protocols in bit field structure
+ */
+typedef union odp_crypto_protocol_t {
+ /** Network security protocols */
+ struct {
+ /** ODP_AUTH_ALG_NULL */
+ uint32_t ipsec_esp : 1;
+
+ /** ODP_AUTH_ALG_MD5_96 */
+ uint32_t ipsec_ah : 1;
+
+ } bit;
+
+ /** All bits of the bit field structure
+ *
+ * This field can be used to set/clear all flags, or bitwise
+ * operations over the entire structure. */
+ uint32_t all_bits;
+} odp_crypto_protocol_t;
/**
* Crypto API key structure
*/
@@ -264,6 +285,8 @@ typedef enum {
ODP_CRYPTO_SES_CREATE_ERR_INV_CIPHER,
/** Creation failed, bad auth params */
ODP_CRYPTO_SES_CREATE_ERR_INV_AUTH,
+ /** Creation failed, bad protocol params */
+ ODP_CRYPTO_SES_CREATE_ERR_INV_PROTO,
} odp_crypto_ses_create_err_t;
/**
@@ -332,6 +355,12 @@ typedef struct odp_crypto_capability_t {
/** Authentication algorithms implemented with HW offload */
odp_crypto_auth_algos_t hw_auths;
+ /** Supported authentication algorithms */
+ odp_crypto_protocol_t protocols;
+
+ /** Authentication algorithms implemented with HW offload */
+ odp_crypto_protocol_t hw_protocols;
+
} odp_crypto_capability_t;
/**
new file mode 100644
@@ -0,0 +1,114 @@
+/* Copyright (c) 2014, Linaro Limited
+ * Copyright (c) 2015 - 2016 Freescale Semiconductor, Inc.
+ * All rights reserved.
+ *
+ * SPDX-License-Identifier: BSD-3-Clause
+ */
+
+/**
+ * @file
+ *
+ * ODP crypto IPSec extension
+ */
+
+#ifndef ODP_API_CRYPTO_IPSEC_H_
+#define ODP_API_CRYPTO_IPSEC_H_
+
+#ifdef __cplusplus
+extern "C" {
+#endif
+
+
+typedef enum odp_ipsec_mode {
+ ODP_IPSEC_MODE_TUNNEL, /**< IPSec tunnel mode */
+ ODP_IPSEC_MODE_TRANSPORT, /**< IPSec transport mode */
+} odp_ipsec_mode_t;
+
+typedef enum odp_ipsec_proto {
+ ODP_IPSEC_ESP, /**< ESP protocol */
+} odp_ipsec_proto_t;
+
+typedef enum odp_ipsec_outhdr_type {
+ ODP_IPSEC_OUTHDR_IPV4, /**< Outer header is IPv4 */
+ ODP_IPSEC_OUTHDR_IPV6, /**< Outer header is IPv6 */
+} odp_ipsec_outhdr_type_t;
+
+typedef enum odp_ipsec_ar_ws {
+ ODP_IPSEC_AR_WS_NONE, /**< Anti-replay is not enabled */
+ ODP_IPSEC_AR_WS_32, /**< Anti-replay window size 32 */
+ ODP_IPSEC_AR_WS_64, /**< Anti-replay window size 64 */
+ ODP_IPSEC_AR_WS_128, /**< Anti-replay window size 128 */
+} odp_ipsec_ar_ws_t;
+
+typedef struct odp_ipsec_params {
+ odp_ipsec_mode_t ipsec_mode; /** Transport or Tunnel */
+ uint32_t spi; /** SPI value */
+ uint32_t seq; /** Initial SEQ number */
+ odp_ipsec_ar_ws_t ar_ws; /** Anti-replay window size -
+ inbound session with authentication */
+ odp_bool_t esn; /** Use extended sequence numbers */
+ odp_bool_t auto_iv; /** Auto IV generation for each operation. */
+ uint16_t out_hdr_size; /** outer header size - tunnel mode */
+ uint8_t *out_hdr; /** outer header - tunnel mode */
+ odp_ipsec_outhdr_type_t out_hdr_type; /* outer header type -
+ tunnel mode */
+ odp_bool_t ip_csum; /** update/verify ip header checksum */
+ odp_bool_t ip_dttl; /** decrement ttl - tunnel mode encap & decap */
+ odp_bool_t remove_outer_hdr; /** remove outer header - tunnel mode decap */
+ odp_bool_t copy_dscp; /** DiffServ Copy - Copy the IPv4 TOS or
+ IPv6 Traffic Class byte from the inner/outer
+ IP header to the outer/inner IP header -
+ tunnel mode encap & decap */
+ odp_bool_t copy_df; /** Copy DF bit - copy the DF bit from
+ the inner IP header to the
+ outer IP header - tunnel mode encap */
+ odp_bool_t nat_t; /** NAT-T encapsulation enabled - tunnel mode */
+ odp_bool_t udp_csum; /** Update/verify UDP csum when NAT-T enabled */
+
+} odp_ipsec_esp_params_t;
+
+/**
+ * Configure crypto session for IPsec processing
+ *
+ * Configures a crypto session for IPSec protocol processing.
+ * Packets submitted to an IPSec enabled session will have
+ * relevant IPSec headers/trailers and tunnel headers
+ * added/removed by the crypto implementation.
+ * For example, the input packet for an IPSec ESP transport
+ * enabled session should be the clear text packet with
+ * no ESP headers/trailers prepared in advance for crypto operation.
+ * The output packet will have ESP header, IV, trailer and the ESP ICV
+ * added by crypto implementation.
+ * Depending on the particular capabilities of an implementation and
+ * the parameters enabled by application, the application may be
+ * partially or completely offloaded from IPSec protocol processing.
+ * For example, if an implementation does not support checksum
+ * update for IP header after adding ESP header the application
+ * should update after crypto IPSec operation.
+ *
+ * If an implementation does not support a particular set of
+ * arguments it should return error.
+ *
+ * @param session Session handle
+ * @param ipsec_proto IPSec protocol
+ * @param ipsec_params IPSec parameters. Parameters which are not
+ * relevant for selected protocol & mode are ignored -
+ * e.g. outer_hdr/size set for ESP transport mode.
+ * @retval 0 on success
+ * @retval <0 on failure
+ */
+int odp_crypto_ipsec_session_create(odp_crypto_session_params_t *ses_params,
+ odp_ipsec_proto_t ipsec_proto,
+ odp_ipsec_params_t *ipsec_params,
+ odp_crypto_session_t *session_out,
+ odp_crypto_ses_create_err_t *status);
+
+/**
+ * @}
+ */
+
+#ifdef __cplusplus
+}
+#endif
+
+#endif
Signed-off-by: Nikhil Agarwal <nikhil.agarwal@linaro.org> --- include/odp/api/spec/crypto.h | 29 +++++++++ include/odp/api/spec/crypto_ipsec.h | 114 ++++++++++++++++++++++++++++++++++++ 2 files changed, 143 insertions(+) create mode 100644 include/odp/api/spec/crypto_ipsec.h -- 2.9.3