From patchwork Mon Oct 24 17:04:54 2016 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Nikhil Agarwal X-Patchwork-Id: 78929 Delivered-To: patch@linaro.org Received: by 10.140.97.247 with SMTP id m110csp2527456qge; Mon, 24 Oct 2016 04:38:24 -0700 (PDT) X-Received: by 10.107.179.11 with SMTP id c11mr12041741iof.169.1477309104902; Mon, 24 Oct 2016 04:38:24 -0700 (PDT) Return-Path: Received: from lists.linaro.org (lists.linaro.org. [54.225.227.206]) by mx.google.com with ESMTP id q96si10072032ioi.114.2016.10.24.04.38.24; Mon, 24 Oct 2016 04:38:24 -0700 (PDT) Received-SPF: pass (google.com: domain of lng-odp-bounces@lists.linaro.org designates 54.225.227.206 as permitted sender) client-ip=54.225.227.206; Authentication-Results: mx.google.com; spf=pass (google.com: domain of lng-odp-bounces@lists.linaro.org designates 54.225.227.206 as permitted sender) smtp.mailfrom=lng-odp-bounces@lists.linaro.org; dmarc=pass (p=NONE dis=NONE) header.from=linaro.org Received: by lists.linaro.org (Postfix, from userid 109) id 25D4B6064A; Mon, 24 Oct 2016 11:37:54 +0000 (UTC) X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on ip-10-142-244-252 X-Spam-Level: * X-Spam-Status: No, score=1.1 required=5.0 tests=BAD_ENC_HEADER,BAYES_00, DATE_IN_FUTURE_03_06, RCVD_IN_DNSWL_NONE, RCVD_IN_MSPIKE_H3, RCVD_IN_MSPIKE_WL, SPF_HELO_PASS autolearn=disabled version=3.4.0 Received: from [127.0.0.1] (localhost [127.0.0.1]) by lists.linaro.org (Postfix) with ESMTP id EFE0A607C8; Mon, 24 Oct 2016 11:37:44 +0000 (UTC) X-Original-To: lng-odp@lists.linaro.org Delivered-To: lng-odp@lists.linaro.org Received: by lists.linaro.org (Postfix, from userid 109) id F0A5C608DB; Mon, 24 Oct 2016 11:37:41 +0000 (UTC) Received: from NAM02-BL2-obe.outbound.protection.outlook.com (mail-bl2nam02on0083.outbound.protection.outlook.com [104.47.38.83]) by lists.linaro.org (Postfix) with ESMTPS id 60D276064E for ; Mon, 24 Oct 2016 11:37:40 +0000 (UTC) Received: from DM5PR03CA0018.namprd03.prod.outlook.com (10.175.104.28) by CY1PR0301MB1626.namprd03.prod.outlook.com (10.162.166.28) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384_P384) id 15.1.679.12; Mon, 24 Oct 2016 11:37:38 +0000 Received: from BY2FFO11FD021.protection.gbl (2a01:111:f400:7c0c::173) by DM5PR03CA0018.outlook.office365.com (2603:10b6:3:118::28) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384_P384) id 15.1.649.16 via Frontend Transport; Mon, 24 Oct 2016 11:37:38 +0000 Received-SPF: SoftFail (protection.outlook.com: domain of transitioning linaro.org discourages use of 192.88.168.50 as permitted sender) Received: from tx30smr01.am.freescale.net (192.88.168.50) by BY2FFO11FD021.mail.protection.outlook.com (10.1.15.210) with Microsoft SMTP Server (version=TLS1_0, cipher=TLS_RSA_WITH_AES_256_CBC_SHA) id 15.1.669.7 via Frontend Transport; Mon, 24 Oct 2016 11:37:37 +0000 Received: from netperf2.ap.freescale.net ([10.232.133.164]) by tx30smr01.am.freescale.net (8.14.3/8.14.0) with ESMTP id u9OBbZqw027179 for ; Mon, 24 Oct 2016 04:37:36 -0700 From: Nikhil Agarwal To: Date: Mon, 24 Oct 2016 22:34:54 +0530 Message-ID: <20161024170454.29245-1-nikhil.agarwal@linaro.org> X-Mailer: git-send-email 2.9.3 X-EOPAttributedMessage: 0 X-Matching-Connectors: 131217826582991554; (91ab9b29-cfa4-454e-5278-08d120cd25b8); () X-Forefront-Antispam-Report: CIP:192.88.168.50; IPV:NLI; CTRY:US; EFV:NLI; SFV:NSPM; SFS:(10009020)(6009001)(7916002)(2980300002)(199003)(189002)(229853001)(33646002)(50226002)(110136003)(5660300001)(6916009)(6666003)(50986999)(105596002)(68736007)(2351001)(50466002)(626004)(19580405001)(356003)(48376002)(19580395003)(106466001)(8936002)(7846002)(575784001)(86362001)(305945005)(97736004)(450100001)(11100500001)(36756003)(107886002)(92566002)(47776003)(104016004)(87936001)(77096005)(5003940100001)(586003)(8676002)(189998001)(2906002)(81166006)(81156014)(1076002); DIR:OUT; SFP:1101; SCL:1; SRVR:CY1PR0301MB1626; H:tx30smr01.am.freescale.net; FPR:; SPF:SoftFail; PTR:InfoDomainNonexistent; A:1; MX:1; LANG:en; X-Microsoft-Exchange-Diagnostics: 1; BY2FFO11FD021; 1:9EVM/N7BtuHTZp0KkO54T9MPpMKvha697U681DRh56U+UfYd3JIzw7W4cmCF4lgKOvE8BnNnxjG34ZNE/uyktJH3bNGxmtxUgVoRFxHWOTomLQW0fn9x5l+vnHwbr7Hz8miKAdBgvRKHSlx6w14yNuZFFo/FYP4EtQEKSD/ftCXNtzn9gUwlh8ovnd5mGtfHroF/OxM9rKqAkGpIL23SkLGLmUvCEcfYLYT25LHQTTvgFcbqH7dhk3Wv0ttibDbcwcOKxJmBMj6eX+A/u/VfWH5u5svNw+gwympIO8EpkIswJg1L0dO9edxFOSKVRMxFJboi4CVhMyqTDJfpz7Eo9388SBbf9iWl0hDVYakhb4blMI/FcavaDVznMUWMMlh94KBbsodIQ0YZJWMlGdwCYSpPRxSjOz/qzHZjad02HLDi2z7OyLZ/KEe7kVH/q5u6cF7BFTXYTNGwx6+6hKxnsMd2V/3PXicbsFe4ndwSCc4f3BfOk0vxvm4IWHRXESM6fZPBW5/xK7rPu+UsP+9VCX6xGed9e0RLU/ggu2iOv38kHiZ7mfkecDZrPzkiwP+c MIME-Version: 1.0 X-MS-Office365-Filtering-Correlation-Id: c7d15b85-eb30-42e9-87c2-08d3fc022811 X-Microsoft-Exchange-Diagnostics: 1; CY1PR0301MB1626; 2:fShLDFHTuHc3ZjeN/DyXs9wzS1IorDNkbm2IDmQv29rCzHQuk1MhCYCT8SJMSu24U6pm5LYR1J4aq3syKE3Q+xfuwKkPZu+uTP8b9ycvRiG1yjZaCF/ZxgjdcUQdckndRcbDqfBpmAbbM9CPxuquS5DjkhtX+XonJMd8ioKbORNvQpCL8kcfZhJafecwR3Es3LFQcMZ8wdPpW/ZEbQrPBg==; 3:6afHj3HTEf3xyyaZoNHkU2vWJIC37PDXCeOTLgbVXtS1ru7cq5y9vGip+XA9fTkErg0zPuxRZUHy/1oqCQA2HSEpNhBGhVTNcNktAbIsVIu9ZVk2E4heg+bMQjazrfhM/UzXIzadmrOfvC+cU4XNFcZ2XxKBHkj68rRgF+WAFd+/2V2P5aey0TpXgVWopxo/GN/ydoXx1GkgS+rv1lUEClaozVj87R/NploDMWlIW8u6YACgPQAgImQ77CzNnZSW X-Microsoft-Antispam: UriScan:;BCL:0;PCL:0;RULEID:;SRVR:CY1PR0301MB1626; X-Microsoft-Exchange-Diagnostics: 1; CY1PR0301MB1626; 25:By21ifla2+yAcsgejK7j2TN47yK5ii+zONJGNKYVYoJV0L4aYxOXuvzXmd/ZjwxFT6IHEAtBLwM4N7b25Y4ubeV6oil/XBcFQK7Mf6IMr/pl2cs9ym1QH6i1bbFlQ0+R13+vcHhGWBxo87rJqpXZjsEIKZLsusncj20SwyUaHjb6MpX0Olo3fawYljZ7sMk9/rECgLaKPKA5stVhscw4Xq1ksoV8YRFfvDRRjHdEMu2C052UC/7xZPyJn+7NfKOvhfvCkEDVP74nAh0pJRsy/WNrNpzftZqlJDGXLF8xsv5yJ3QvW52dbG/QDPUV86FgOGoFrcSky/UEDwC5GWD4q6+a3zGugncDrpyGAW6sI1zvbJcXQIhHpeGwq+cTqwMQagM8RbiL5BKLfzZQr6en3B7MNGnUFlTvGUSG557g2OD+nBcR4AQKHOXF6wndh9Dcrwl0QxDvxJSJp+VeiGG12rka6zXYahcvSH5y5zN1WYkgxhkt2lgAlzgHwZJ5tLx1SXppYysooZD7lNMTnTK/NOoSu9Qo+FNNM6hCKoP+G7++3B6kchoXmoBLi6m3ReaxB+CpZny7YHBil+Hh0BOqLVkxNb0shhXDx6KHSa0KikoyTO5zkd5/grOQhIun98JO4qGZaMS9e0x5FkwaA9IXVALaZdQmT7y3kJKghyM2CsbCVEmo5xvmBhrPfo9akRnAvnyzJNg8ioaX/WS7OrMpNRWMBoK3/3oHcqXasK5eu5eQU7pGIYBC9WVZvl8JGwFP7xOJg5k6oRYyBBODFAuNlK+hM1+GtJCw7WjU5L+uDLM= X-Microsoft-Exchange-Diagnostics: 1; CY1PR0301MB1626; 31:9CoAWjqACyFTx6+fJ5pxYyWXHt+umzqILzxDTrOWMpSFXGG0R8fqKxUiGWzgWpIi4zrGyyAtLM+pdTlYeREv4hufuLsYW/cBJGYMFzD95LmUeZjCSPrrK3ukkgfAkmjguF08Psa3bA23Bu0ke/jk8YYso70QiSvFimd7rDKWVXbdF810usvUUw19d1gX0bLfHo+KRZ6Mxq0p6MLBapJoKc+I/ssAMP4Lu6lb4SPojRARP4e31Jyy9TEjafkYtsRCplUJUqwjJvT4aNJ2F35knUA/Oe4NSiyLT7wjknesI7I=; 4:y2pdTXUU7TSOvVI85e07ULcnMBUNDW1B6bmTuUUIxTuXI9Q0KvnuAdfiQNkQzjR4/NQhJaZRFrO0RmVX5RZU4A900rG+KVk0OfWVfQpyfh6bofXDTc+qJkrkVn+muetgPsJI02v23ajrD0hlytBzwKh8v19LDtoaHkMlLlo88t68RZkIfWVMthD08aisiEOMncoI6XYGvDfWE3dT37EV+F//FcM+nS0kyZY/FriLeU5ryM4wdGXYiauF4oYEKnO9Ib3wGuEffjLjxqMOJ10OjbfJJx7ls0+26RYZLHEd0g7qVTgw+LA3TKK+c6OncYs3GlFj8OFcmqbbTrbfrjabAb8pWrKzTLtTGgtJGEB/7IH3dQYTw8NdMlBFT8cPo9evMwqhwEAYPqh6Dl+rKq4wc1o6amDsgubzhw+dwcPRFgmRwFL+kFAFIfxKjhLm6yzfoUvp+H46InGyuueGjtNwpdvIyhcnWUKDjNniyJsQde3OtKOJdnz/fctghuQ2MI3uqikvfNimDhYD6DT7gWWUj9bTVCZjS/iz+lwf+WMAJJUkxIzxcL9AKTTpCXay3IlR X-Microsoft-Antispam-PRVS: X-Exchange-Antispam-Report-Test: UriScan:(192374486261705); X-Exchange-Antispam-Report-CFA-Test: BCL:0; PCL:0; RULEID:(6040176)(601004)(2401047)(13023025)(13018025)(13024025)(13015025)(13017025)(8121501046)(5005006)(10201501046)(3002001)(6055026); SRVR:CY1PR0301MB1626; BCL:0; PCL:0; RULEID:(400006); SRVR:CY1PR0301MB1626; X-Forefront-PRVS: 0105DAA385 X-Microsoft-Exchange-Diagnostics: =?us-ascii?Q?1; CY1PR0301MB1626; 23:JCJBhrA/vH1w07M93n2CXfrkVYU9vwt5hPtTb4O?= =?us-ascii?Q?oaflYnUMTOsDlr9xw7M+9WxFWAp021B/sALKNtKxFYgdBgQRRFxkwuuiqclO?= =?us-ascii?Q?flWYhcNBcHaGsVZs+Un67eDYlxoiCt1/7TYLcageMFpwGKEHRtNIC5RMqXU0?= =?us-ascii?Q?m9ovuKoXwY7CV82MWlhwtPxI9+A/GboSkEiTUOxSycoZT693y7qmZKBIu8kh?= =?us-ascii?Q?1AE7iFI5MoyBzbLryEwS0HuRmoQkKu5VsN4bz+cgJC/fyatR73p9pNtOYbhe?= =?us-ascii?Q?/uXNDreYRLaAQ+tpwVxk6N0frV1CpEixaPp1BG4awH56tRo1X4BTotiwuhnZ?= =?us-ascii?Q?ZD7807RWMXiGUnO4fsGsS/pfAyLSI1OqOmrKoxgLOi/M+6AcCXMQgARmhP2u?= =?us-ascii?Q?5bFPkiVuYUNKmJJMEv+njB06T1s8N8KC1K7glVJrBAahSSO2CqVjXdR9DLaY?= =?us-ascii?Q?KEDGHBVV65vbQGb2EwyyGY1yYtOvhqsZeUIojHbem76fyBpl26UWZtXhHULq?= =?us-ascii?Q?/AzUWjA29VXmOZ5fYBm2gxTG1qCYEQmPh3wAYq5CqBDYiE9aCjU81gb3SXGJ?= =?us-ascii?Q?6DBa+RO6+Q/0XatOgdXhFIIJm/bFWkQ03W0R3V+bcIZqFUZGwJK3SstWXkm+?= =?us-ascii?Q?b/mqUhGxqkRZRKNPnISWXp1OU+oBvtvElwEe06Fv4EEFBdaRQ+F3gsHG2S9d?= =?us-ascii?Q?4beEtMyBjJog0V9sSXLyoc17S1dZXd2H07wXobFBf56o3Hg426KJAyK5KHhY?= =?us-ascii?Q?9R+fQ8lVpkeVDe4uC2s6PUmqVdTfMB7skbnjPH+3h6dm/frsgVcmjx7z0QYl?= =?us-ascii?Q?E3BqXeotdq5kf6BzkDFUn3C/SBq2NONuQIfxafhkNvio13AlWVvGsyPLodeh?= =?us-ascii?Q?u04AsT64pvYstjxVJ81l0vj7w6XZaHaUscgwoEFyy5TKORVXJoHBcbeSs/bM?= =?us-ascii?Q?V+YwqCLRoaLiux64dfnYqfM84jGiEY075wS/1dyTbhGkfLboPXcGr9sNzMCo?= =?us-ascii?Q?oOJdKpVSuzhbvvi02r3DA1Fk0mjW6lddE0IrM3J0eg6QINUS/Sd1fVXHOONI?= =?us-ascii?Q?PNNjA6G83cAy1IB5wEFwkq6Ff7dlbN9fquMuHSvv4PxP8XWfJDHxB0RMJTsz?= =?us-ascii?Q?5UzV25N3Yf8Y=3D?= X-Microsoft-Exchange-Diagnostics: 1; CY1PR0301MB1626; 6:uL6BVpFKrgb5mc+TW8gNFoSEHdP+IL145zsHINAtcKOcI65phSm3fobcT4vCGXQEAIBGQOm/W36BptMutGhxoO42GVnEfUg73VVQt+36KYGm6AyTRhJtPnsWOiOTbQEgPPGv+gshaSwJfD2yH4AjVbq2ELQ+kqDkWvxZoOM91ikhP3qOKGGQHqrKSxQTi3uqTCPnMi+ln576ZBFFelECQNG0SPEhgBc9sM6Q6otxl3Re9nnMbBkqlVr2iPef4Ao+Ty/Qp3OVlohwhYdDIjibmIytt50cBwxTPltkfPmxfL38NGn25s/54AjOgYM1UYA0; 5:5etDQeC2oXbE9sLH7f9gOQ1fUNSWGpM12NGu+vPUwYFZdX0zFH9FnsRlpYSFTC4XlCzB90sN+GTnd5ndDDQElYG39IdRTVG4udDwyoRj7Ohf0fl7xoQ87GDLd61HLbHgP6qUCTLwstlbVoDkpcjQZtIeWl+gomtlGYtS/6zhODBMN08pPBC/nHKpiGARcv/G; 24:GONW0ys5w+Go4csroKU0hC9vNhvYpRFhpBjH8byv/besVZItKB0i0t1/VEH9O/nz8b9XOUb+NmP4tu1VZ1/8L3WgsHgITvok47dR6oMviTs= SpamDiagnosticOutput: 1:99 SpamDiagnosticMetadata: NSPM X-Microsoft-Exchange-Diagnostics: 1; CY1PR0301MB1626; 7:Z+F/xNjiC+tbf6cexPTre0WQRU9lJbTSg+k1ARO+LBSUAHWItUiO9Q/GmdvqaXwmi8UGz6cLF61uX3y67g5GlJbJfR5zdPEy21PRuS/cIMRaoZdjY8i0LPyLQzUfpS4dCmlxdyaaGnzPc+1ZEMb1I6PHQ9EBpKkavX9FeIZW/F+W8o+We4X4/92hLl9KMbsSyBhZuoVhQcSs+wzlUapA3Mq1UiEgV/GoiVSzCje8OwyqV2yydzS2RzjLOizLL+fcXv91AMqL28Kz182PifOFzlI/CBRkdo9cMXMTNZoqnkzTwSYU489YTm9yphqbtW0/el4GkOFut7a4dkNrPEBHL0zbztW/hVvnLaH/bO35W0c= X-MS-Exchange-CrossTenant-OriginalArrivalTime: 24 Oct 2016 11:37:37.9871 (UTC) X-MS-Exchange-CrossTenant-Id: 5afe0b00-7697-4969-b663-5eab37d5f47e X-MS-Exchange-CrossTenant-OriginalAttributedTenantConnectingIp: TenantId=5afe0b00-7697-4969-b663-5eab37d5f47e; Ip=[192.88.168.50]; Helo=[tx30smr01.am.freescale.net] X-MS-Exchange-CrossTenant-FromEntityHeader: HybridOnPrem X-MS-Exchange-Transport-CrossTenantHeadersStamped: CY1PR0301MB1626 X-Topics: crypto Subject: [lng-odp] [RFCv2] api:crypto: Adding IPSEC protocol APIs. X-BeenThere: lng-odp@lists.linaro.org X-Mailman-Version: 2.1.16 Precedence: list List-Id: "The OpenDataPlane \(ODP\) List" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: lng-odp-bounces@lists.linaro.org Sender: "lng-odp" This RFC introduces IPSEC crypto offload APIs. These APIs can be used in accelerator pipeline model or for look aside IPSEC model. TODO items: - statistics amd capability APIs - Encrypt and send APIs Signed-off-by: Nikhil Agarwal --- include/odp/api/spec/crypto.h | 29 ++ include/odp/api/spec/crypto_ipsec.h | 449 +++++++++++++++++++++ .../include/odp/api/plat/event_types.h | 1 + 3 files changed, 479 insertions(+) create mode 100644 include/odp/api/spec/crypto_ipsec.h -- 2.9.3 diff --git a/include/odp/api/spec/crypto.h b/include/odp/api/spec/crypto.h index dea1fe9..3a67d92 100644 --- a/include/odp/api/spec/crypto.h +++ b/include/odp/api/spec/crypto.h @@ -144,6 +144,27 @@ typedef union odp_crypto_auth_algos_t { uint32_t all_bits; } odp_crypto_auth_algos_t; + +/** + * Network security protocols in bit field structure + */ +typedef union odp_crypto_protocol_t { + /** Network security protocols */ + struct { + /** ESP Protocol */ + uint32_t ipsec_esp : 1; + + /** AH protocol */ + uint32_t ipsec_ah : 1; + + } bit; + + /** All bits of the bit field structure + * + * This field can be used to set/clear all flags, or bitwise + * operations over the entire structure. */ + uint32_t all_bits; +} odp_crypto_protocol_t; /** * Crypto API key structure */ @@ -264,6 +285,8 @@ typedef enum { ODP_CRYPTO_SES_CREATE_ERR_INV_CIPHER, /** Creation failed, bad auth params */ ODP_CRYPTO_SES_CREATE_ERR_INV_AUTH, + /** Creation failed, bad protocol params */ + ODP_CRYPTO_SES_CREATE_ERR_INV_PROTO, } odp_crypto_ses_create_err_t; /** @@ -332,6 +355,12 @@ typedef struct odp_crypto_capability_t { /** Authentication algorithms implemented with HW offload */ odp_crypto_auth_algos_t hw_auths; + /** Supported authentication algorithms */ + odp_crypto_protocol_t protocols; + + /** Authentication algorithms implemented with HW offload */ + odp_crypto_protocol_t hw_protocols; + } odp_crypto_capability_t; /** diff --git a/include/odp/api/spec/crypto_ipsec.h b/include/odp/api/spec/crypto_ipsec.h new file mode 100644 index 0000000..5916ea0 --- /dev/null +++ b/include/odp/api/spec/crypto_ipsec.h @@ -0,0 +1,449 @@ +/* Copyright (c) 2014, Linaro Limited + * Copyright (c) 2015 - 2016 Freescale Semiconductor, Inc. + * All rights reserved. + * + * SPDX-License-Identifier: BSD-3-Clause + */ + +/** + * @file + * + * ODP crypto IPSec extension + */ + +#ifndef ODP_API_CRYPTO_IPSEC_H_ +#define ODP_API_CRYPTO_IPSEC_H_ + +#ifdef __cplusplus +extern "C" { +#endif + + +typedef enum odp_ipsec_mode { + ODP_IPSEC_MODE_TUNNEL, /** IPSec tunnel mode */ + ODP_IPSEC_MODE_TRANSPORT, /** IPSec transport mode */ +} odp_ipsec_mode_t; + +typedef enum odp_ipsec_proto { + ODP_IPSEC_ESP, /** ESP protocol */ + ODP_IPSEC_AH, /** AH protocol */ +} odp_ipsec_proto_t; + +typedef enum odp_ipsec_outhdr_type { + ODP_IPSEC_OUTHDR_IPV4, /** Outer header is IPv4 */ + ODP_IPSEC_OUTHDR_IPV6, /** Outer header is IPv6 */ +} odp_ipsec_outhdr_type_t; + +/** + * ODP IPSEC flags bit feilds structure + */ + +typedef struct odp_ipsec_session_flags { + uint32_t esn : 1; + /** When enabled, extended sequence numbers is used */ + uint32_t nat_t : 1; + /** When enabled, this indicates that UDP encapsulation/decapsulation + * for IPSEC packet has to be done so that IPSEC packet can traverse + * through NAT boxes. UDP encapsulation/decapsulation is to be applied + * for packets that get processed off this SA. + */ + uint32_t copy_dscp : 1; + /** When enabled, Copy the IPv4 TOS or IPv6 Traffic Class byte from + * inner/outer IP header to the outer/inner IP header. If disabled + * values from configured Header will be used */ + uint32_t copy_df : 1; + /** When enabled, copy the DF bit from the inner IP header to the outer + * IP header. If disabled, values from configured Header will be used */ + + uint32_t ip_dttl : 1; + /** When enabled,IPv4 ttl/IPv6 Hop Limit feild will be decremented + * in case of tunnel mode encap & decap */ + + uint32_t remove_outer_hdr : 1; + /** remove outer header - tunnel mode decap */ + + uint32_t verify_sa_selectors : 1; + /** This flag is only application to inbound sessions. When enabled, + * this indicates that post decryption, selectors needs to be verified + * for this session. */ + +} odp_ipsec_session_flags_t; + +typedef enum odp_ipsec_sa_lifetime_type { + ODP_IPSEC_SA_LIFETIME_IN_SEC, /** SA life time is in seconds */ + ODP_IPSEC_SA_LIFETIME_IN_KB, /** SA life time is in kilo bytes */ + ODP_IPSEC_SA_LIFETIME_IN_PKT_CNT, /** SA life time is in packet count */ +} odp_ipsec_sa_lifetime_type_t; + +typedef struct odp_ipsec_params { + odp_ipsec_mode_t ipsec_mode; /** Transport or Tunnel */ + odp_ipsec_proto_t ipsec_proto; /** IPSEC protocol ESP/AH */ + uint64_t seq; /** Initial SEQ number */ + uint32_t spi; /** SPI value */ + uint16_t ar_ws; /** Anti-replay window size. Value 0 indicates that + Anti-replay window check is disabled for this SA */ + uint16_t out_hdr_size; /** outer header size - tunnel mode */ + uint8_t *out_hdr; /** outer header - tunnel mode */ + odp_ipsec_outhdr_type_t out_hdr_type; /** outer header type tunnel mode*/ + odp_ipsec_session_flags_t sa_flags; /** SA control flags */ + odp_ipsec_sa_lifetime_type_t lifetime_type; /** lifetime type */ + uint64_t soft_expiry_limit; + /** Soft expiry for this session, values may be in seconds, Kilobytes or + * number of packets depending on feild odp_ipsec_sa_lifetime_type_t */ + uint64_t hard_expiry_limit; + /** Hard expiry for this session, values may be in seconds, Kilobytes or + * number of packets depending on feild odp_ipsec_sa_lifetime_type_t */ + +} odp_ipsec_params_t; + +/** + * Configure crypto session for IPsec processing + * + * Configures a crypto session for IPSec protocol processing. + * Packets submitted to an IPSec enabled session will have + * relevant IPSec headers/trailers and tunnel headers + * added/removed by the crypto implementation. + * For example, the input packet for an IPSec ESP transport + * enabled session should be the clear text packet with + * no ESP headers/trailers prepared in advance for crypto operation. + * The output packet will have ESP header, IV, trailer and the ESP ICV + * added by crypto implementation. + * Depending on the particular capabilities of an implementation and + * the parameters enabled by application, the application may be + * partially or completely offloaded from IPSec protocol processing. + * For example, if an implementation does not support checksum + * update for IP header after adding ESP header the application + * should update after crypto IPSec operation. + * + * If an implementation does not support a particular set of + * arguments it should return error. + * + * @param session Session handle + * @param ipsec_params IPSec parameters. Parameters which are not + * relevant for selected protocol & mode are ignored - + * e.g. outer_hdr/size set for ESP transport mode. + * @retval 0 on success + * @retval <0 on failure + */ +int odp_crypto_ipsec_session_create(odp_crypto_session_params_t *ses_params, + odp_ipsec_params_t *ipsec_params, + odp_crypto_session_t *session_out, + odp_crypto_ses_create_err_t *status); + + +/** + * SPD Policy/SA direction information + */ +typedef enum odp_ipsec_direction { + ODP_IPSEC_INBOUND, /** Inbound Direction */ + ODP_IPSEC_OUTBOUND /** Outbound Direction */ +}odp_ipsec_direction_t; + +/** + * SPD Policy Action information + */ +typedef enum odp_ipsec_policy_rule_action { + ODP_IPSEC_POLICY_ACTION_IPSEC, /** Apply IPSec processing on Packet*/ + ODP_IPSEC_POLICY_ACTION_DISCARD, /** Discard or Drop the packet */ + ODP_IPSEC_POLICY_ACTION_BYPASS, /** Bypass/Allow to pass the packet */ +}odp_ipsec_policy_rule_action_t; + +/** + * SPD Policy Position information + */ +typedef enum odp_ipsec_policy_rule_position{ + ODP_IPSEC_POLICY_POSITION_BEGIN, /** Add at the beginning of the list */ + ODP_IPSEC_POLICY_POSITION_BEFORE, /** Add before the mentioned Policy */ + ODP_IPSEC_POLICY_POSITION_AFTER, /** Add after the mentioned Policy */ + ODP_IPSEC_POLICY_POSITION_END, /** Add at the end of the list */ +} odp_ipsec_policy_rule_position_t; + + +/** + * DSCP Range information + */ +typedef struct odp_ipsec_policy_rule_dscprange { + uint8_t start; /** Start value in Range */ + uint8_t end; /** End value in Range */ +}odp_ipsec_policy_rule_dscprange_t; + +/** + * Fragmentation Before Encapsulation (Redside Fragmentation) + */ +typedef enum odp_ipsec_policy_redside_fragmentation { + ODP_IPSEC_POLICY_REDSIDE_FRAGMENTATION_DISABLE = 0, + /** Disable Redside fragmentation in IPSec Policy */ + ODP_IPSEC_POLICY_REDSIDE_FRAGMENTATION_ENABLE + /** Enable Redside fragmentation in IPSec Policy */ +}odp_ipsec_policy_redside_fragmentation_t; + +/** + * Input parameters to SPD Policy addition + */ +struct odp_ipsec_spd_params{ + uint32_t tunnel_id; + /** Tunnel ID */ + odp_ipsec_direction_t dir; + /** Direction: Inbound or Outbound */ + odp_ipsec_policy_rule_action_t action; + /** SPD Policy Action */ + odp_ipsec_policy_rule_position_t position; + /** Position of this policy in policy table */ + odp_ipsec_policy_t relative_policy; + /** relative policy for the position in case of before/after */ + uint32_t n_dscp_ranges; + /** Number of DSCP Ranges */ + struct odp_ipsec_policy_rule_dscprange *dscp_ranges; + /** Array of DSCP Ranges */ + enum odp_ipsec_policy_redside_fragmentation redside; + /** Fragmentation before Encapsulation option: TRUE/FALSE */ + uint32_t n_selectors; + /** Number of selectors */ + const odp_pmr_param_t *selectors; + /** Array of Selectors */ +}; + +/** + * Output parameters to SPD Policy addition + */ +typedef struct odp_ipsec_spd_add_err{ + int32_t result; + /** 0:Success; Non Zero value: Error code indicating failure */ +}odp_ipsec_pol_add_err_t; + +/** + * @brief This API is used to add Inbound/Outbound SPD policy to SPD policy + * database. This database is maintained per Name Space and Tunnel instance. + * This function first validates the incoming parameters + * and if all validations succeed, new SPD policy is added to the database. + * + * @param[in] params Pointer to input param structure which contains + * spd policy information. + * @param[out] policy Handle to the IPSEC policy. + * @param[out] resp Failure code if unsuccessful. + * + * @returns 0 on Success or negative value on failure. + * + */ +int32_t odp_ipsec_spd_add( + const struct odp_ipsec_spd_params *params, + odp_ipsec_policy_t *policy, + odp_ipsec_pol_add_err_t *resp); + +/** + * @brief This API is used to delete Inbound/Outbound SPD policy from SPD policy + * database. + * + * @param[in] policy Handle to the IPSEC policy. + * + * @returns 0 on Success or negative value on failure. + * + */ +int32_t odp_ipsec_spd_del(odp_ipsec_policy_t policy); + +/** + * @brief This API is used to flush/delete all Inbound and Outbound SPD + * policies. + * + * @returns 0 on Success or negative value on failure. + * + */ +int32_t odp_ipsec_spd_flush(); + +/** + * @brief This API maps an IPSEC policy to an IPSEC crypto session. + * + * @param[in] policy - Handle to the IPSEC policy. + * @param[in] session - Handle to the IPSEC session(SA). + * + * @returns SUCCESS on success; FAILURE otherwise + * + */ +int32_t odp_ipsec_map_pol_session(odp_ipsec_policy_t policy + odp_crypto_session_t session); + +/** + * @brief This API unmaps an IPSEC policy to an IPSEC crypto session. + * + * @param[in] policy - Handle to the IPSEC policy. + * @param[in] session - Handle to the IPSEC session(SA). + * + * @returns SUCCESS on success; FAILURE otherwise + * + */ +int32_t odp_ipsec_unmap_pol_session(odp_ipsec_policy_t policy + odp_crypto_session_t session); + +/** + * ODP ipsec notification event type + */ + +typedef enum odp_ipsec_notif_type { + ODP_IPSEC_NO_OUB_SA, /** IPSEC policy matched but Outbound SA not found */ + ODP_IPSEC_NO_INB_SA, /** IPSEC policy matched but inbound SA not found */ + ODP_IPSEC_SA_SOFT_EXPIRY, /** SA soft expiry limit reached */ + ODP_IPSEC_SA_HARD_EXPIRY, /** SA hard expiry limit reached */ + ODP_IPSEC_SA_SEQ_NUM_OVERFLOW, /** Seq number overflow */ +} odp_ipsec_notif_type_t; + +typedef struct odp_ipsec_notif_info { + odp_ipsec_notif_type_t notif_type; + odp_ipsec_policy_t policy; + odp_ipsec_session_t session; +}odp_ipsec_notif_info_t; + +/** + * @brief This API gets notification queue for ODP IPSEC module. + * + * @param[out] queue - Handle to the IPSEC notification queue. + * + * @returns SUCCESS on success; FAILURE otherwise + * + */ +int32_t odp_ipsec_get_notification_queue(odp_queue_t *queue); + +/** + * Return crypto notification handle that is associated with event + * + * Note: any invalid parameters will cause undefined behavior and may cause + * the application to abort or crash. + * + * @param ev An event of type ODP_EVENT_CRYPTO_NOTIF + * + * @return crypto completion handle + */ +odp_crypto_notif_t odp_crypto_notif_from_event(odp_event_t ev); + + +/** + * Return notification info of this crypto notification event. + * + * @param[in] notif_ev An event of type ODP_EVENT_CRYPTO_NOTIF + * @param[out] notif_info structure populated with notification info + * + * @return success/failure + */ +uint32_t odp_ipsec_notif_info_from_event(odp_crypto_notif_t notif_ev + odp_ipsec_notif_info_t* notif_info); + +/** + * SPD Policy Statistics information structure + */ +typedef struct odp_ipsec_spd_stats { + uint64_t received_pkts; + /** Received Outbound/Inbound packets */ + uint64_t processed_pkts; + /** Processed Outbound/Inbound packets */ + uint64_t processed_bytes; + /** Number of bytes processed on Inbound/Outbound policy */ + + /** Struct details + */ + struct { + uint32_t crypto_op_failed; + /** Crypto operations failed */ + }protocol_violation_errors; + /** Protocol violation errors */ + + /** Struct details + */ + struct { + uint32_t no_matching_dscp_range; + /** Matching dscp range not found in the SPD policy */ + + uint32_t submit_to_sec_failed; + /** Submission to SEC failed for crypto operations */ + uint32_t no_outb_sa; + /** Outbound SA not found */ + uint32_t frag_failed; + /** Fragmentation failed */ + uint32_t mem_alloc_failed; + /** Memory allocation failed for SA/SPD/descriptor etc.*/ + uint32_t internal_error; + /** All other errors locally encountered */ + }local_errors; + /** Local/internal errors */ + +}odp_ipsec_spd_stats_t; + +/** + * @brief This API fetches global statistics. + * + * @param[out] stats Pointer to statistics structure filled by this API. + * + * @returns 0 on Success or negative value on failure. + * + */ +int32_t odp_ipsec_global_stats_get(odp_ipsec_spd_stats_t *stats); + +/** + * IPSec Module Capabilities + */ +struct odp_ipsec_capabilities { + /** This parameter indicates if IPSec-DP is capable of doing SPD + * rule search for incoming or outgoing datagrams + */ + + uint32_t sel_store_in_spd : 1, + + /** Authentication Header processing */ + ah_protocol:1, + + /** ESP Header processing */ + esp_protocol:1, + + /** IPComp related processing */ + ipcomp_protocol:1, + + /** IPSec Tunnel Mode processing */ + tunnel_mode:1, + + /** IPSec Tunnel Mode processing */ + transport_mode:1, + + /** This indicates if IPSec has capability to generate + * (for Outbound) and verify (for Inbound) extended sequence numbers. + */ + esn:1, + + /** This option indicates whether IPSec can + * handle the necessary UDP Encapsulation required at + * IPSec level for traversing NAT boxes. + */ + udp_encap:1, + + /** This option indicates whether IPSec can fragment packets + * before IPSec encryption, so that the resulting IPSec encrypted + * fragments do not exceed MTU + */ + redside_frag:1, + + + /** Indicates the maximum number of IN and OUT SPD policies. */ + uint32_t max_spd_policies; + + /** Indicates the maximum number of IN and OUT IPSec SAs. */ + uint32_t max_sas; +}odp_ipsec_capabilities_t; + +/** + * @brief This API fetches IPSec module Capabilities + * + * @param[out] capa - capabilities structure filled by API. + * + * @returns SUCCESS on success; FAILURE otherwise + * + */ +int32_t odp_ipsec_capabilities_get(odp_ipsec_capabilities_t *capa); + + +#endif /* __IPSEC_API_H */ +/** + * @} + */ + +#ifdef __cplusplus +} +#endif + +#endif diff --git a/platform/linux-generic/include/odp/api/plat/event_types.h b/platform/linux-generic/include/odp/api/plat/event_types.h index 9ca0fb8..b083d3e 100644 --- a/platform/linux-generic/include/odp/api/plat/event_types.h +++ b/platform/linux-generic/include/odp/api/plat/event_types.h @@ -38,6 +38,7 @@ typedef enum odp_event_type_t { ODP_EVENT_PACKET = 2, ODP_EVENT_TIMEOUT = 3, ODP_EVENT_CRYPTO_COMPL = 4, + ODP_EVENT_CRYPTO_notif = 5, } odp_event_type_t; /** Get printable format of odp_event_t */