From patchwork Fri Sep 23 15:42:19 2016
Content-Type: text/plain; charset="utf-8"
MIME-Version: 1.0
Content-Transfer-Encoding: 7bit
X-Patchwork-Submitter: Nikhil Agarwal <nikhil.agarwal@linaro.org>
X-Patchwork-Id: 76837
Delivered-To: patch@linaro.org
Received: by 10.140.106.72 with SMTP id d66csp485378qgf;
 Fri, 23 Sep 2016 03:14:39 -0700 (PDT)
X-Received: by 10.237.33.111 with SMTP id 102mr6788613qtc.56.1474625679803; 
 Fri, 23 Sep 2016 03:14:39 -0700 (PDT)
Return-Path: <lng-odp-bounces@lists.linaro.org>
Received: from lists.linaro.org (lists.linaro.org. [54.225.227.206])
 by mx.google.com with ESMTP id
 m125si4621588qkc.143.2016.09.23.03.14.38; 
 Fri, 23 Sep 2016 03:14:39 -0700 (PDT)
Received-SPF: pass (google.com: domain of lng-odp-bounces@lists.linaro.org
 designates 54.225.227.206 as permitted sender)
 client-ip=54.225.227.206; 
Authentication-Results: mx.google.com;
 spf=pass (google.com: domain of lng-odp-bounces@lists.linaro.org
 designates 54.225.227.206 as permitted sender)
 smtp.mailfrom=lng-odp-bounces@lists.linaro.org; 
 dmarc=pass (p=NONE dis=NONE) header.from=linaro.org
Received: by lists.linaro.org (Postfix, from userid 109)
 id 3939361788; Fri, 23 Sep 2016 10:14:38 +0000 (UTC)
X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on ip-10-142-244-252
X-Spam-Level: *
X-Spam-Status: No, score=1.1 required=5.0 tests=BAD_ENC_HEADER,BAYES_00,
 DATE_IN_FUTURE_03_06, RCVD_IN_DNSWL_NONE, RCVD_IN_MSPIKE_H3,
 RCVD_IN_MSPIKE_WL, 
 SPF_HELO_PASS autolearn=disabled version=3.4.0
Received: from [127.0.0.1] (localhost [127.0.0.1])
 by lists.linaro.org (Postfix) with ESMTP id 44D0A60F02;
 Fri, 23 Sep 2016 10:14:30 +0000 (UTC)
X-Original-To: lng-odp@lists.linaro.org
Delivered-To: lng-odp@lists.linaro.org
Received: by lists.linaro.org (Postfix, from userid 109)
 id E047A6171D; Fri, 23 Sep 2016 10:14:27 +0000 (UTC)
Received: from NAM03-CO1-obe.outbound.protection.outlook.com
 (mail-co1nam03on0089.outbound.protection.outlook.com [104.47.40.89])
 by lists.linaro.org (Postfix) with ESMTPS id 71BA060E65
 for <lng-odp@lists.linaro.org>; Fri, 23 Sep 2016 10:14:24 +0000 (UTC)
Received: from BLUPR0301CA0039.namprd03.prod.outlook.com (10.162.113.177) by
 SN2PR03MB2239.namprd03.prod.outlook.com (10.166.210.8) with
 Microsoft SMTP Server (version=TLS1_2,
 cipher=TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384_P384) id
 15.1.639.5; Fri, 23 Sep 2016 10:14:22 +0000
Received: from BY2FFO11FD053.protection.gbl (2a01:111:f400:7c0c::148) by
 BLUPR0301CA0039.outlook.office365.com (2a01:111:e400:5259::49) with
 Microsoft SMTP Server (version=TLS1_2,
 cipher=TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384_P384) id 15.1.639.5 via
 Frontend Transport; Fri, 23 Sep 2016 10:14:22 +0000
Received-SPF: SoftFail (protection.outlook.com: domain of transitioning
 linaro.org discourages use of 192.88.168.50 as permitted sender)
Received: from tx30smr01.am.freescale.net (192.88.168.50) by
 BY2FFO11FD053.mail.protection.outlook.com (10.1.15.190) with
 Microsoft SMTP Server (version=TLS1_0,
 cipher=TLS_RSA_WITH_AES_256_CBC_SHA) id 15.1.629.5
 via Frontend Transport; Fri, 23 Sep 2016 10:14:22 +0000
Received: from netperf2.ap.freescale.net ([10.232.133.164])
 by tx30smr01.am.freescale.net (8.14.3/8.14.0) with ESMTP id
 u8NAEJaK027011
 for <lng-odp@lists.linaro.org>; Fri, 23 Sep 2016 03:14:20 -0700
From: Nikhil Agarwal <nikhil.agarwal@linaro.org>
To: <lng-odp@lists.linaro.org>
Date: Fri, 23 Sep 2016 21:12:19 +0530
Message-ID: <20160923154219.28000-1-nikhil.agarwal@linaro.org>
X-Mailer: git-send-email 2.9.3
X-EOPAttributedMessage: 0
X-Matching-Connectors: 131190992624405418;
 (91ab9b29-cfa4-454e-5278-08d120cd25b8); ()
X-Forefront-Antispam-Report: CIP:192.88.168.50; IPV:NLI; CTRY:US; EFV:NLI;
 SFV:NSPM;
 SFS:(10009020)(6009001)(7916002)(2980300002)(199003)(189002)(2906002)(87936001)(33646002)(229853001)(586003)(107886002)(77096005)(106466001)(50466002)(48376002)(19580405001)(19580395003)(1076002)(104016004)(50986999)(2351001)(11100500001)(189998001)(7846002)(626004)(47776003)(110136003)(97736004)(8936002)(5003940100001)(8676002)(50226002)(81166006)(81156014)(5660300001)(105596002)(36756003)(92566002)(575784001)(356003)(86362001)(68736007)(305945005)(450100001);
 DIR:OUT; SFP:1101; SCL:1; SRVR:SN2PR03MB2239;
 H:tx30smr01.am.freescale.net; 
 FPR:; SPF:SoftFail; PTR:InfoDomainNonexistent; A:1; MX:1; LANG:en; 
X-Microsoft-Exchange-Diagnostics: 1; BY2FFO11FD053;
 1:IzuSOYVL0VATNohiIfjPDM/UepyzNExCIT4YO4Mw8667BddgWswdxLJCQNgNAk2JxVLgkZd58GGMw2Q0BmyQOuKdlsx6Il/0VweMlLRoNinyrYlWnGvEUWH3/HXxZWR8fvK9JfTauPUtLt3D748ZJtjDPr5KvySK3b6MmUPAZkbKTriCksf0+LtVjVaIvdQo4bAmDH7ggngcoJLmKEYy0m11dsDEXu0v9FLtbeGQ9mM2gJq2QbG8B2aZ5gX4+vq9baboGtUzgff8qkPHizl3u0xpZGkM2q4kbxtZJcdSdb8kkyb3IBWK3Gtwk467KXHMa6SRGFfqhV5FFhPtX3oJI2qkarlZV/xO8kxVLyMuUTKDp1dM5bufHPQL5XAUrpriE0ZQVcovkW4wKjswX8iumQW12FpLahfr6oHrfI82gms5GIC6WGu6X0Hed/0FSBphCWKj5y95t0vZxeJlixDwE/bMDwY4pAYrabDiTq2S7LJ2sbo/St6AcgMaSeJS3joKNWe6vZtf+6ZWc4PwmtebEVTIS7RR+gNB5M9ieAm9QiDSUYZZRrYBS5fikrx6KNZ/
MIME-Version: 1.0
X-MS-Office365-Filtering-Correlation-Id: b5aa2c4c-bd82-4dc3-cbaa-08d3e39a6392
X-Microsoft-Exchange-Diagnostics: 1; SN2PR03MB2239;
 2:E6246Q09m21vKdPwSecrly6Ui/Nns36woopTQeCBZXTPS7k27GeKaMKpf+A+SyurkSZe+kbv+HhifhkeF6M3g4PYqllhHuEky7hI5g6mmrRtdSFa1XPCfMwFnfZ/H5G6xIZhOsRwVBkJNuPZWDnfKc6J0NAhlis4hVhx8BTpleAeL5uLpo8/KU9Oy7UewNjY;
 3:910dq86DqhaDGtzYiIynoFpAJepTJNCmgDlbmit15eFi7mn64i7o9e9q6OYb90MKdJSF3R9cDa+KuRW1goq2FiiTCf/5eOUeyw9MYXEsDuI/vd1G4IQ6rPEMWaioWzYCYR4xRSM0e2MMrdQ8WAda/pPFVxMomulgsX0RBVDnsBWRUlvqiMxvsQ080SLKXyErPTzRt8IOShPlw8I4c3A46pAoHkRSegzE3q23lLwiDPM=;
 25:soQWs4OJ9nXIRDACrLtjTE7D9nbiTXZRril3IHR9IkKMLaiWJ5QbmjLPR2dqwRus8bckcjjV/X0KPewGZz/u0BquQ1HRgadVOqYyS0hurZUjg7atq/m11ueguCVvw2XcIOh9ak+0QEnytufLVTOXlnH7D5pr4S4Qtrb2ajsMR4JDt8rU3ICTEmtvSmEBAGmsQZLqU7HQ0TsRE9bhC6HjRSigYVkdr3XHXnQsJ52p+5/G3aPnVxvigov6n4EyoNVCgDwZGjIrkBIoHM6tgMzMSIus7G7zg5DTWy7ilI8S+9SLoGhjF7iJGk8muGDTKA9VOkr+EBz5cHKgjqpgas2ItIxGscws+QoDJuk+aZrLgaWFYj941iUlGkF8xc2kkG8Hh96d6Rgua62bcAIDhxKSYe1tmS8eV2CJffDE8NwXKSc=
X-Microsoft-Antispam: UriScan:;BCL:0;PCL:0;RULEID:;SRVR:SN2PR03MB2239;
X-Microsoft-Exchange-Diagnostics: 1; SN2PR03MB2239;
 31:XeWuE9ptTvYNbTbFov0IvVDUfWuu87KHvIvdhIdBdK9MggSpptlVkhJ0jbzWJNzD6kg/OhhcD+AD6HyvTJSdAiXV36hs4x2B5CJrscJCVoKXFei0L1HgYxLZ0pHGINYn5h9TUuy77xwslDRFiCPJYLo7WFQMXCHwIBLNzAZzKXjsbvn9EfGf5NNem+lPNvtWavlXcy5JsZ8CUr1rAh/hgiOkJb622VQ6WCIFikuzJS0=;
 4:zukk3H3/VCCnD1jmJjSW3sU/u40pj1BOdqoGfae7K9m4nLUabou8o5+RBfzPH/+5f4WpnJHfxfcGDTUnonkvKe9+erzSZHa7SQtA4QtP7GMtCM4auTY33AC0NxtdKvBOekwytThifvOeW0A+kiriBW0bY8It46ORh1kHHqwNzyAjrItYf++q5N+FNGzWDI+9Zuso7NUOcBc914Yw9+pwbEIEI21ZzqvIrQhnY3/PA78u7KqrxwYaC5XU5aX59GUL7/Voc9k+LPKsdRtAD498TIyhjXeDPYC+4M9C3UfOQ7ysWFZwrCq1mWXSjLXszietllgP/7flWjFbfj8ZrXgUqp30LKMx+8enwyebTHmb38fLmwLWBBoFLo98H22LjWQClyhg4KCSM4fygcW4sNChPGNHOfKqtyUtkz0Uc/2IQ/hfSjK+Y2Rc5hTA9P+ewqq5YqzDZ/SKYMBDHTCTzcovoShkmotfmuWizEFVzzeFkbag0qJctXDmhyDrgnrM19vBioezHPAUvo6/xIxB4coP8OWURK6Zd/35KzyXK5z9y30=
X-Microsoft-Antispam-PRVS: <SN2PR03MB223919E6A25A1A230CEE00E0F9C80@SN2PR03MB2239.namprd03.prod.outlook.com>
X-Exchange-Antispam-Report-Test: UriScan:(192374486261705);
X-Exchange-Antispam-Report-CFA-Test: BCL:0; PCL:0;
 RULEID:(6040176)(601004)(2401047)(13017025)(5005006)(8121501046)(13015025)(13023025)(13024025)(13018025)(10201501046)(3002001)(6055026);
 SRVR:SN2PR03MB2239; BCL:0; PCL:0; RULEID:(400006); SRVR:SN2PR03MB2239;
X-Forefront-PRVS: 0074BBE012
X-Microsoft-Exchange-Diagnostics: =?us-ascii?Q?1; SN2PR03MB2239;
 23:JK9SOogNEDFpeMx03BLKgyDTVcuqJ1kvYj1G/wGkk?=
 =?us-ascii?Q?oduuLLFYeV2I/NjYqXKt7H1L1VJA1dA5AYP9uaAoznuswoBFqxfZU4c99KFV?=
 =?us-ascii?Q?SEXhkq+62rlZiyJjOkKUpBdGd5N2OBDghZU8bCJnSge9mhSrViIUanVo/D3T?=
 =?us-ascii?Q?EASLiw4g9ubUPS1lDJJ71rkfbVNwjkz3DuiWyZnHmdjoo2lygS2oJa27LhQo?=
 =?us-ascii?Q?Z5LxcX7GyTUzoxJDrFTWwo1HPorP9Z/jdO8TPm28hLauprx7V2JZN7tSjk/P?=
 =?us-ascii?Q?t++HybafoZNuDdmpkDjNClWrO4k9Jtiue8/aAJmCgk6RUjwbZVpjEUSJQXgP?=
 =?us-ascii?Q?NGR1KQNAGqni6PcjUM9WILR8e8TMinEF5F9Gd0p20z0Hb2tAG1nh3KUiGrEt?=
 =?us-ascii?Q?ZUQFyOJzAEKIXW6Hdon6bLcmF8Ayk9ZQ3SkyYu3JgBpnh90DC/EtZbxRRvRM?=
 =?us-ascii?Q?o4JHL8BV3FBtLiKWe88M/kOkcTDEMwVw/w9rf54dC6W7kvEf7DSfBUxn3Yqd?=
 =?us-ascii?Q?JitgL6Sm6Nj7SECtAHVD474pg01GeGjLblx+PQZj4nm8ZaJLvXzEFJ/p0ayK?=
 =?us-ascii?Q?Dw+5j+fmJWDRw+Emj6SubnWfZfii+4I38XK4oksnR2wMm456kKQFwNHC38LZ?=
 =?us-ascii?Q?YmfBQ6vzR1rYfdUYvs8iunLQJPaKKQBzXOBZp6tjM+t/baY0bN0f8mJwV2YI?=
 =?us-ascii?Q?Hnt6mPFV3fgh6HnSrt3SFkeXEkr1qjOJgC/NtLe5iWppwknStwKZ5U5bVfwf?=
 =?us-ascii?Q?xsaJI0dN+upLata+fY+PvzKhlj1RyLhIeOhZWn3kjtArrBJPAbpZ8NJme/hr?=
 =?us-ascii?Q?7LUmloww1NFzRramDdoGhljg6mCBck87VgDvS5TN/bQMwisXn1YQrXv/S+4+?=
 =?us-ascii?Q?LDbZGaEC+rEJwJnk12B7ivycav1+njO4JRTAnxD/3XRIKq4alu6nx2AEPSOR?=
 =?us-ascii?Q?OYcNmD89UufDlZaNKOltltva9tp+/WSL/51iG34bSZqjG5F9GusgG7F8HPez?=
 =?us-ascii?Q?Vg3Qyr1ROzdvS8w6kL84MPmwxPksvBhalY5OfDBan56hIRhDl84KMmss9C7C?=
 =?us-ascii?Q?XJAfgWkxHHWSDLHl539nC34OEXu?=
X-Microsoft-Exchange-Diagnostics: 1; SN2PR03MB2239;
 6:0Y6JV9JSWnwfadj4zf4I7IVgJFy5dnGmZVlI7NtK/fIFg1LMzdctEZVZp4WwJdsjun14NlSP0xXFzQsEFx69dk/2bwpnGvn1/JutV/gbYWoTj6imzNXCtEdtb22JANlpBqiVviBeOFJkuohcPKuz/ymlBumbqcI2Pr6MvZTaatXYucZh91/qyDARLu8MK3B7GWjwSZian5C7ue155PkpgpgjdLk2hA329AvuZQKYZtpHOOETux1GjwYsLerus9ebSWpCdFfkpmI7V4AjYj0Yy6knoFMCWU9Q/QIYdIx626E=;
 5:gosv8snOq7x3Q+uURp2MVh/CcF2cO6vxpx3dvmRYccxh1yBDpVQ5gjPdHzc395I0aUpMJC7DPj+wTjo8hj4XQBqnvNb57uiRwgsfRq7HQeMt4xRaCoSSejGt/E9A+/9NPq0akwDBHIJ8C7589o5EqVWw323ZDA00E6igNgQfDg0=;
 24:XQsBkcrDxLjRn4NxBO3a1ato1wtiLvfKJReSYYl/PMNuVe/698+DhXuGhXIQUhqYYKV6iDjf8hE9fKIb+RHFFMJoqC6RGrGY03qbOO2rWTM=;
 7:1vStjPl0SYV8jGy62FOoRAYjDauTqmoUtnmivdQqbC6aUMHZrGj6yhL0igniIE3aUmjj8wJOn3Bj60+WgoJWh0G2w4R0MpgpCwvZye25z5YiNC9ZtH175iZF66K9sqv0g5Pb4IRAtrB091/0IyPE066V7vcKhx38ptsW5Tp51n0Fjjl+h5wo4YXUQKTW0V0RiawTX4UrBj7yPXWXDpPsiS7TqXKvrjUgsMubozkP9gi/f62ptQPyIOi1eKkrCKBD21bXwnKjWay0rtQa5pKvAbnRe1exJJg7kXu8pGqlDspZUgd3w9Lo8eH9IFbQN554
SpamDiagnosticOutput: 1:99
SpamDiagnosticMetadata: NSPM
X-MS-Exchange-CrossTenant-OriginalArrivalTime: 23 Sep 2016 10:14:22.2533 (UTC)
X-MS-Exchange-CrossTenant-Id: 5afe0b00-7697-4969-b663-5eab37d5f47e
X-MS-Exchange-CrossTenant-OriginalAttributedTenantConnectingIp: TenantId=5afe0b00-7697-4969-b663-5eab37d5f47e; 
 Ip=[192.88.168.50]; 
 Helo=[tx30smr01.am.freescale.net]
X-MS-Exchange-CrossTenant-FromEntityHeader: HybridOnPrem
X-MS-Exchange-Transport-CrossTenantHeadersStamped: SN2PR03MB2239
X-Topics: crypto
	patch
Subject: [lng-odp] [PATCH] api:crypto: Adding IPSEC protocol APIs.
X-BeenThere: lng-odp@lists.linaro.org
X-Mailman-Version: 2.1.16
Precedence: list
List-Id: "The OpenDataPlane \(ODP\) List" <lng-odp.lists.linaro.org>
List-Unsubscribe: <https://lists.linaro.org/mailman/options/lng-odp>,
 <mailto:lng-odp-request@lists.linaro.org?subject=unsubscribe>
List-Archive: <http://lists.linaro.org/pipermail/lng-odp/>
List-Post: <mailto:lng-odp@lists.linaro.org>
List-Help: <mailto:lng-odp-request@lists.linaro.org?subject=help>
List-Subscribe: <https://lists.linaro.org/mailman/listinfo/lng-odp>,
 <mailto:lng-odp-request@lists.linaro.org?subject=subscribe>
Errors-To: lng-odp-bounces@lists.linaro.org
Sender: "lng-odp" <lng-odp-bounces@lists.linaro.org>

TODO items:
- Event Notification(Eg. Seq Number overflow, SA not found, SA hard/soft expiry)
- statistics APIs
- Encrpt and send APIs

Signed-off-by: Nikhil Agarwal <nikhil.agarwal@linaro.org>
---
 include/odp/api/spec/crypto.h       |  29 +++
 include/odp/api/spec/crypto_ipsec.h | 345 ++++++++++++++++++++++++++++++++++++
 2 files changed, 374 insertions(+)
 create mode 100644 include/odp/api/spec/crypto_ipsec.h

-- 
2.9.3

diff --git a/include/odp/api/spec/crypto.h b/include/odp/api/spec/crypto.h
index dea1fe9..b629b82 100644
--- a/include/odp/api/spec/crypto.h
+++ b/include/odp/api/spec/crypto.h
@@ -144,6 +144,27 @@ typedef union odp_crypto_auth_algos_t {
 	uint32_t all_bits;
 } odp_crypto_auth_algos_t;
 
+
+/**
+ * Network security protocols in bit field structure
+ */
+typedef union odp_crypto_protocol_t {
+	/** Network security protocols */
+	struct {
+		/** ODP_AUTH_ALG_NULL */
+		uint32_t ipsec_esp    : 1;
+
+		/** ODP_AUTH_ALG_MD5_96 */
+		uint32_t ipsec_ah     : 1;
+
+	} bit;
+
+	/** All bits of the bit field structure
+	  *
+	  * This field can be used to set/clear all flags, or bitwise
+	  * operations over the entire structure. */
+	uint32_t all_bits;
+} odp_crypto_protocol_t;
 /**
  * Crypto API key structure
  */
@@ -264,6 +285,8 @@ typedef enum {
 	ODP_CRYPTO_SES_CREATE_ERR_INV_CIPHER,
 	/** Creation failed, bad auth params */
 	ODP_CRYPTO_SES_CREATE_ERR_INV_AUTH,
+	/** Creation failed, bad protocol params */
+	ODP_CRYPTO_SES_CREATE_ERR_INV_PROTO,
 } odp_crypto_ses_create_err_t;
 
 /**
@@ -332,6 +355,12 @@ typedef struct odp_crypto_capability_t {
 	/** Authentication algorithms implemented with HW offload */
 	odp_crypto_auth_algos_t   hw_auths;
 
+	/** Supported authentication algorithms */
+	odp_crypto_protocol_t   protocols;
+
+	/** Authentication algorithms implemented with HW offload */
+	odp_crypto_protocol_t   hw_protocols;
+
 } odp_crypto_capability_t;
 
 /**
diff --git a/include/odp/api/spec/crypto_ipsec.h b/include/odp/api/spec/crypto_ipsec.h
new file mode 100644
index 0000000..6a0cee0
--- /dev/null
+++ b/include/odp/api/spec/crypto_ipsec.h
@@ -0,0 +1,345 @@
+/* Copyright (c) 2014, Linaro Limited
+ * Copyright (c) 2015 - 2016 Freescale Semiconductor, Inc.
+ * All rights reserved.
+ *
+ * SPDX-License-Identifier:	BSD-3-Clause
+ */
+
+/**
+ * @file
+ *
+ * ODP crypto IPSec extension
+ */
+
+#ifndef ODP_API_CRYPTO_IPSEC_H_
+#define ODP_API_CRYPTO_IPSEC_H_
+
+#ifdef __cplusplus
+extern "C" {
+#endif
+
+
+typedef enum odp_ipsec_mode {
+	ODP_IPSEC_MODE_TUNNEL,	    /**< IPSec tunnel mode */
+	ODP_IPSEC_MODE_TRANSPORT,   /**< IPSec transport mode */
+} odp_ipsec_mode_t;
+
+typedef enum odp_ipsec_proto {
+	ODP_IPSEC_ESP,		   /**< ESP protocol */
+} odp_ipsec_proto_t;
+
+typedef enum odp_ipsec_outhdr_type {
+	ODP_IPSEC_OUTHDR_IPV4,	  /**< Outer header is IPv4 */
+	ODP_IPSEC_OUTHDR_IPV6,	  /**< Outer header is IPv6 */
+} odp_ipsec_outhdr_type_t;
+
+typedef enum odp_ipsec_ar_ws {
+	ODP_IPSEC_AR_WS_NONE,	   /**< Anti-replay is not enabled */
+	ODP_IPSEC_AR_WS_32,	   /**< Anti-replay window size 32 */
+	ODP_IPSEC_AR_WS_64,	   /**< Anti-replay window size 64 */
+	ODP_IPSEC_AR_WS_128,	   /**< Anti-replay window size 128 */
+} odp_ipsec_ar_ws_t;
+
+typedef struct odp_ipsec_params {
+	odp_ipsec_mode_t ipsec_mode; /** Transport or Tunnel */
+	uint32_t spi;		 /** SPI value */
+	uint32_t seq;		 /** Initial SEQ number */
+	odp_ipsec_ar_ws_t ar_ws; /** Anti-replay window size -
+					inbound session with authentication */
+	odp_bool_t esn;		/** Use extended sequence numbers */
+	odp_bool_t auto_iv;	/** Auto IV generation for each operation. */
+	uint16_t out_hdr_size;	 /** outer header size - tunnel mode */
+	uint8_t *out_hdr;	 /** outer header - tunnel mode */
+	odp_ipsec_outhdr_type_t out_hdr_type; /* outer header type -
+						    tunnel mode */
+	odp_bool_t ip_csum;	/** update/verify ip header checksum */
+	odp_bool_t ip_dttl;	/** decrement ttl - tunnel mode encap & decap */
+	odp_bool_t remove_outer_hdr; /** remove outer header - tunnel mode decap */
+	odp_bool_t copy_dscp;	/** DiffServ Copy - Copy the IPv4 TOS or
+				    IPv6 Traffic Class byte from the inner/outer
+				    IP header to the outer/inner IP header -
+				    tunnel mode encap & decap */
+	odp_bool_t copy_df;	/** Copy DF bit - copy the DF bit from
+				    the inner IP header to the
+				    outer IP header - tunnel mode encap */
+	odp_bool_t nat_t;	/** NAT-T encapsulation enabled - tunnel mode */
+	odp_bool_t udp_csum;    /** Update/verify UDP csum when NAT-T enabled */
+
+} odp_ipsec_esp_params_t;
+
+/**
+ * Configure crypto session for IPsec processing
+ *
+ * Configures a crypto session for IPSec protocol processing.
+ * Packets submitted to an IPSec enabled session will have
+ * relevant IPSec headers/trailers and tunnel headers
+ * added/removed by the crypto implementation.
+ * For example, the input packet for an IPSec ESP transport
+ * enabled session should be the clear text packet with
+ * no ESP headers/trailers prepared in advance for crypto operation.
+ * The output packet will have ESP header, IV, trailer and the ESP ICV
+ * added by crypto implementation.
+ * Depending on the particular capabilities of an implementation and
+ * the parameters enabled by application, the application may be
+ * partially or completely offloaded from IPSec protocol processing.
+ * For example, if an implementation does not support checksum
+ * update for IP header after adding ESP header the application
+ * should update after crypto IPSec operation.
+ *
+ * If an implementation does not support a particular set of
+ * arguments it should return error.
+ *
+ * @param session	    Session handle
+ * @param ipsec_proto	    IPSec protocol
+ * @param ipsec_params	    IPSec parameters. Parameters which are not
+ *			    relevant for selected protocol & mode are ignored -
+ *			    e.g. outer_hdr/size set for ESP transport mode.
+ * @retval 0 on success
+ * @retval <0 on failure
+ */
+int odp_crypto_ipsec_session_create(odp_crypto_session_params_t *ses_params,
+				    odp_ipsec_proto_t ipsec_proto,
+				    odp_ipsec_params_t *ipsec_params,
+				    odp_crypto_session_t *session_out,
+				    odp_crypto_ses_create_err_t *status);
+
+
+/*!
+ * SPD Policy/SA direction information
+ */
+enum odp_ipsec_direction {
+	ODP_IPSEC_INBOUND =1, 	/**< Inbound Direction */
+	ODP_IPSEC_OUTBOUND 	/**< Outbound Direction */
+};
+
+
+/*!
+ * DSCP Range information
+ */
+struct odp_ipsec_policy_rule_dscprange {
+	uint8_t start; 	/**< Start value in Range */
+	uint8_t end; 	/**< End value  in Range */
+};
+
+/*!
+ * Fragmentation Before Encapsulation (Redside Fragmentation)
+ */
+enum odp_ipsec_policy_redside_fragmentation {
+	ODP_IPSEC_POLICY_REDSIDE_FRAGMENTATION_DISABLE = 0,
+	/**< Diasable Redside fragmentation in IPSec Policy */
+	ODP_IPSEC_POLICY_REDSIDE_FRAGMENTATION_ENABLE
+		/**< Enable Redside fragmentation in IPSec Policy */
+};
+
+/*!
+ * Input parameters to SPD Policy addition
+ */
+struct odp_ipsec_spd_params{
+	uint32_t tunnel_id;
+	/**< Tunnel ID */
+	enum odp_ipsec_direction dir;
+	/**< Direction: Inbound or Outbound */
+	uint32_t n_dscp_ranges;
+	/**< Number of DSCP Ranges */
+	struct odp_ipsec_policy_rule_dscprange *dscp_ranges;
+	/**< Array of DSCP Ranges */
+	enum odp_ipsec_policy_redside_fragmentation redside;
+	/**< Fragmentation before Encapsulation option: TRUE/FALSE */
+	uint32_t n_selectors;
+	/**< Number of selectors */
+	const odp_pmr_param_t *selectors;
+	/**< Array of Selectors */
+};
+
+/*!
+ * Output parameters to SPD Policy addition
+ */
+typedef struct odp_ipsec_spd_add_err{
+	int32_t result;
+	/**< 0:Success; Non Zero value: Error code indicating failure */
+}odp_ipsec_pol_add_err_t;
+
+/*!
+ * @brief This API is used to add Inbound/Outbound SPD policy to SPD policy
+ * database.  This database is maintained per Name Space and Tunnel instance.
+ * This function first validates the incoming parameters
+ * and if all validations succeed, new SPD policy is added to the database.
+ *
+ * @param[in] params	Pointer to input param structure which contains
+ *			spd policy information.
+ * @param[out] policy 	Handle to the IPSEC policy.
+ * @param[out] resp	Failure code if unsuccessful.
+ *
+ * @returns 0 on Success or negative value on failure.
+ *
+ */
+int32_t odp_ipsec_spd_add(
+		const struct odp_ipsec_spd_params *params,
+		odp_ipsec_policy_t *policy,
+		odp_ipsec_pol_add_err_t *resp);
+
+/*!
+ * @brief This API is used to delete Inbound/Outbound SPD policy from SPD policy
+ * database.
+ *
+ * @param[in] policy 	Handle to the IPSEC policy.
+ *
+ * @returns 0 on Success or negative value on failure.
+ *
+ */
+int32_t odp_ipsec_spd_del(odp_ipsec_policy_t policy);
+
+/*!
+ * @brief This API is used to flush/delete all Inbound and Outbound SPD
+ * policies.
+ *
+ * @returns 0 on Success or negative value on failure.
+ *
+ */
+int32_t odp_ipsec_spd_flush();
+
+/*!
+ * @brief This API maps an IPSEC policy to an IPSEC crypto session.
+ *
+ * @param[in] policy - Handle to the IPSEC policy.
+ * @param[in] session - Handle to the IPSEC session(SA).
+ *
+ * @returns SUCCESS on success; FAILURE otherwise
+ *
+ */
+int32_t odp_ipsec_map_pol_session(odp_ipsec_policy_t policy
+				odp_crypto_session_t session);
+
+/*!
+ * @brief This API unmaps an IPSEC policy to an IPSEC crypto session.
+ *
+ * @param[in] policy - Handle to the IPSEC policy.
+ * @param[in] session - Handle to the IPSEC session(SA).
+ *
+ * @returns SUCCESS on success; FAILURE otherwise
+ *
+ */
+int32_t odp_ipsec_unmap_pol_session(odp_ipsec_policy_t policy
+				odp_crypto_session_t session);
+
+/*!
+ * SPD Policy Statistics information structure
+ */
+typedef struct odp_ipsec_spd_stats {
+	uint64_t received_pkts;
+	/**< Received Outbound/Inbound packets */
+	uint64_t processed_pkts;
+	/**< Processed Outbound/Inbound packets */
+	uint64_t processed_bytes;
+	/**< Number of bytes processed on Inbound/Outbound policy */
+
+	/*! Struct details
+	 */
+	struct {
+		uint32_t crypto_op_failed;
+		/**< Crypto operations failed */
+	}protocol_violation_errors;
+	/**< Protocol violation errors */
+
+	/*! Struct details
+	 */
+	struct {
+		uint32_t no_matching_dscp_range;
+		/**< Matching dscp range not found in the SPD policy */
+
+		uint32_t submit_to_sec_failed;
+		/**< Submission to SEC failed for crypto operations */
+		uint32_t no_outb_sa;
+		/**< Outbound SA not found */
+		uint32_t frag_failed;
+		/**< Fragmentation failed */
+		uint32_t mem_alloc_failed;
+		/**< Memory allocation failed for SA/SPD/descriptor etc.*/
+		uint32_t internal_error;
+		/**< All other errors locally encountered */
+	}local_errors;
+	/**< Local/internal errors */
+
+}odp_ipsec_spd_stats_t;
+
+/*!
+ * @brief This API fetches global statistics.
+ *
+ * @param[out] stats  Pointer to statistics structure filled by this API.
+ *
+ * @returns 0 on Success or negative value on failure.
+ *
+ */
+int32_t odp_ipsec_global_stats_get(odp_ipsec_spd_stats_t *stats);
+
+/*!
+ * IPSec Module Capabilities
+ */
+struct odp_ipsec_capabilities {
+	/*! This parameter indicates if IPSec-DP is capable of doing SPD
+	 * rule search for incoming or outgoing datagrams
+	 */
+
+	uint32_t sel_store_in_spd : 1,
+
+		 /*! Authentication Header processing */
+		 ah_protocol:1,
+
+		 /*! ESP Header processing */
+		 esp_protocol:1,
+
+		 /*! IPComp related processing */
+		 ipcomp_protocol:1,
+
+		 /*! IPSec Tunnel Mode processing */
+		 tunnel_mode:1,
+
+		 /*! IPSec Tunnel Mode processing */
+		 transport_mode:1,
+
+		 /*! This indicates if IPSec has capability to generate
+		  * (for Outbound) and verify (for Inbound) extended sequence numbers.
+		  */
+		 esn:1,
+
+		 /*! This option indicates whether IPSec can
+		  * handle the necessary UDP Encapsulation required at
+		  * IPSec level for traversing NAT boxes.
+		  */
+		 udp_encap:1,
+
+		 /*! This option indicates whether IPSec can fragment packets
+		  * before IPSec encryption, so that the resulting IPSec encrypted
+		  * fragments do not exceed MTU
+		  */
+		 redside_frag:1,
+
+
+	/*! Indicates the maximum number of IN and OUT SPD policies. */
+	uint32_t	    max_spd_policies;
+
+	/*! Indicates the maximum number of IN and OUT IPSec SAs. */
+	uint32_t	     max_sas;
+}odp_ipsec_capabilities_t;
+
+/*!
+ * @brief This API fetches IPSec module Capabilities
+ *
+ * @param[out] capa - capabilities structure filled by API.
+ *
+ * @returns SUCCESS on success; FAILURE otherwise
+ *
+ */
+int32_t odp_ipsec_capabilities_get(odp_ipsec_capabilities_t *capa);
+
+
+#endif /* __IPSEC_API_H */
+/**
+ * @}
+ */
+
+#ifdef __cplusplus
+}
+#endif
+
+#endif