From mboxrd@z Thu Jan  1 00:00:00 1970
Return-Path: <akhil.goyal@nxp.com>
Received: from NAM01-BY2-obe.outbound.protection.outlook.com
 (mail-by2nam01on0081.outbound.protection.outlook.com [104.47.34.81])
 by dpdk.org (Postfix) with ESMTP id 5AA7E7D77
 for <dev@dpdk.org>; Tue, 15 Aug 2017 08:37:11 +0200 (CEST)
Received: from DM5PR03CA0025.namprd03.prod.outlook.com (10.174.189.142) by
 BY2PR03MB556.namprd03.prod.outlook.com (10.141.142.145) with Microsoft SMTP
 Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256_P256) id
 15.1.1341.21; Tue, 15 Aug 2017 06:37:09 +0000
Received: from BY2FFO11FD047.protection.gbl (2a01:111:f400:7c0c::192) by
 DM5PR03CA0025.outlook.office365.com (2603:10b6:4:3b::14) with Microsoft SMTP
 Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256_P256) id
 15.1.1341.21 via Frontend Transport; Tue, 15 Aug 2017 06:37:08 +0000
Received-SPF: Fail (protection.outlook.com: domain of nxp.com does not
 designate 192.88.158.2 as permitted sender) receiver=protection.outlook.com;
 client-ip=192.88.158.2; helo=az84smr01.freescale.net;
Received: from az84smr01.freescale.net (192.88.158.2) by
 BY2FFO11FD047.mail.protection.outlook.com (10.1.15.175) with Microsoft SMTP
 Server (version=TLS1_0, cipher=TLS_RSA_WITH_AES_256_CBC_SHA) id 15.1.1304.16
 via Frontend Transport; Tue, 15 Aug 2017 06:37:08 +0000
Received: from netperf2.ap.freescale.net ([10.232.133.164])
 by az84smr01.freescale.net (8.14.3/8.14.0) with ESMTP id v7F6atQE015692;
 Mon, 14 Aug 2017 23:37:04 -0700
From: Akhil Goyal <akhil.goyal@nxp.com>
To: <dev@dpdk.org>, <declan.doherty@intel.com>, <thomas@monjalon.net>,
 <radu.nicolau@intel.com>, <aviadye@mellanox.com>, <borisp@mellanox.com>,
 <pablo.de.lara.guarch@intel.com>, <sergio.gonzalez.monroy@intel.com>
CC: <hemant.agrawal@nxp.com>, <sandeep.malik@nxp.com>, Akhil Goyal
 <akhil.goyal@nxp.com>
Date: Tue, 15 Aug 2017 12:05:02 +0530
Message-ID: <20170815063505.22032-2-akhil.goyal@nxp.com>
X-Mailer: git-send-email 2.9.3
In-Reply-To: <20170815063505.22032-1-akhil.goyal@nxp.com>
References: <20170725112153.29699-1-akhil.goyal@nxp.com>
 <20170815063505.22032-1-akhil.goyal@nxp.com>
X-EOPAttributedMessage: 0
X-Matching-Connectors: 131472526285533332;
 (91ab9b29-cfa4-454e-5278-08d120cd25b8); ()
X-Forefront-Antispam-Report: CIP:192.88.158.2; IPV:NLI; CTRY:US; EFV:NLI;
 SFV:NSPM;
 SFS:(10009020)(6009001)(336005)(39380400002)(39860400002)(2980300002)(1109001)(1110001)(339900001)(199003)(189002)(5890100001)(47776003)(2906002)(1076002)(50226002)(7416002)(77096006)(189998001)(86362001)(48376002)(8936002)(50986999)(33646002)(50466002)(8676002)(69596002)(76176999)(81166006)(105606002)(5660300001)(8656003)(106466001)(97736004)(498600001)(356003)(5003940100001)(104016004)(4326008)(2201001)(305945005)(68736007)(626005)(36756003)(2950100002)(54906002)(53936002)(81156014)(217873001)(2101003);
 DIR:OUT; SFP:1101; SCL:1; SRVR:BY2PR03MB556; H:az84smr01.freescale.net; FPR:;
 SPF:Fail; PTR:InfoDomainNonexistent; A:1; MX:1; LANG:en; 
X-Microsoft-Exchange-Diagnostics: =?us-ascii?Q?1; BY2FFO11FD047;
 1:DSLHxGA8PkNhPbULepB8xZRzjj5NbR+yvB4I8h4Y0f?=
 =?us-ascii?Q?1Ocwg2xUU3Cw+wLoAgzHCbCY7BNb53U7eV6q7zYVH8N4oQnjmVdRGcG1jx5S?=
 =?us-ascii?Q?VR6eSFUPaOSljbngX24ga6WFRInDLJPf/FWT11GgDI3nX9Y+A5L+F1hI1Att?=
 =?us-ascii?Q?dW1kK7HSfhPpKn965nlgG5awDhcnZPy3Xy/PlVB7HQatYI47WPoej8hsWEeU?=
 =?us-ascii?Q?htnINZzTjp/ebobCBZzU+V1iVNfO7cVkhMGZvh02EVYjWFk921Q5mfiPc52/?=
 =?us-ascii?Q?wguvWOJw/R8qjeBgeTi8Wy67L5fNper6Y9hUZb9mJtUZtGmTXnM3aUAjMV88?=
 =?us-ascii?Q?UOs+3vhhu7PiBi+epHfnwMJ5GKNrTaZIAyfkHYQB8SIel2qaE7Y/OR2f21lW?=
 =?us-ascii?Q?7KcohlupN9U4uIz4EuRE+FCEm4bFxtH/TxdyqnELKJgbNGYB+G1vn8unu28P?=
 =?us-ascii?Q?O6D/WJa4WrdIRWd5v8GQpkZEnuK1f8FRFnNKryGvV+VHX7LGZycvJ8JOwm+S?=
 =?us-ascii?Q?sV0vNXEKfn5KtfSoqZouUTZb6k+96+hJ9grdOeQk6abXWudslmvs0o5LERr3?=
 =?us-ascii?Q?UYaVkYg4wkI5sEZU21acc9THCTKxey9ElRjlXvJ7I9PwiEUe8MPAOrq3aDad?=
 =?us-ascii?Q?K1MJBvv8HEwY6+UMG4bixg+n7uoN7HEPuYlEpGBSuJISJG+6x6sl3gR1I64f?=
 =?us-ascii?Q?7S9/8J1NmlbN6msue8aD+Nz+pUfB9UCFyr/MjhjZJDR7ryenneyWUnKBnnqz?=
 =?us-ascii?Q?KjbfEAajaaKKnQnzYrpJt4adtuFt1i6eG0KJACg8OP4tgBQFNswjTYy8H3gE?=
 =?us-ascii?Q?yQYZO/RhzCKcVYqWboG0P8zN3hhGLqgBCRVrxbGIKAwQ1lPaKwEtAl2YEoOb?=
 =?us-ascii?Q?TZhU+6F9GbJy0meCUbW/vmvGPJw3q9uyIGLwIENMGMIaCioAvqvoBuD6sRzB?=
 =?us-ascii?Q?0BK5AnwCdiGXKh7UXNze2JLHyOOJMiF2YFTm1VjASnabIV+by9VrT4hgApUd?=
 =?us-ascii?Q?g+e3Y7AIXEAjNxR/OvWN3A?=
MIME-Version: 1.0
Content-Type: text/plain
X-MS-PublicTrafficType: Email
X-MS-Office365-Filtering-Correlation-Id: 8cb3b2fb-3c70-4f6b-843d-08d4e3a80d5a
X-Microsoft-Antispam: UriScan:; BCL:0; PCL:0;
 RULEID:(300000500095)(300135000095)(300000501095)(300135300095)(22001)(300000502095)(300135100095)(300000503095)(300135400095)(2017052603031)(201703131430075)(201703131517081)(300000504095)(300135200095)(300000505095)(300135600095)(300000506095)(300135500095);
 SRVR:BY2PR03MB556; 
X-Microsoft-Exchange-Diagnostics: 1; BY2PR03MB556;
 3:aNwaaAIMOCw9xw+LUzAdRlpE2AJpoH+wyIw7SkQWKWNf2nnt6SOrHg5xBQHIPbAACY4XDQeUSmZYDkIMY7ovmI2P4etykdZY11Jnz5x18VycpLgg45EV66YRHvpNfEEwemIIOs1uVqxgZyF0FkNL0HaV+7RtPWxBn81AKKcshPYd00I34U8ZuZg+pg6H4jRChADDHC34yUcxIVVLq9H7GsPe+OWjhP/f6KJ5GW11eeMx1ec3q1jymX3P4vI+vVDxQmr9aen8Q2pcdjqTNBYDZXU3pvDkh1HF7NcCUfybZGSmO01AwTpkpAdc3CZQkdOfx0QYrxZu586D6DdpzlZ0dg==;
 25:tKy6w2kwndatsDIbqyjT1Mn1mXaVtvNSayizmcF58D4kj5IE6v/S9vEVNi7eJ1nIZ+AgKb+eGFuNQvPPxlbhz+cHmYfS9xb77sJLi5j+PWdtdeTjSrG/c7R3edpcUJm5jxAsanJWog9BQLC/rMwzHqHDL0PMVAZiscFiCXw80Cs/k9ve8pjqGcxy0oZO5rQOEkmgH3oP13Qoi9DtuADzll5xIZiti2XC+XXV08If11ERV5mgNIMarWC49gvv3Uvt27WvrpGElowjrxuRFf3VrUFDScsVrTcYVz1uSkG7Af3pYNumC2/hw7vK4+pHrpdUe0pnaW/3ta4n72vw9kci3A==;
 31:RjBXUDcI+52nGNMEYuhbWRUFPODv5b1uu4yZTWPcCcBbBJwzyvFw2zVFVZwLTGhbJWhpzGnH/pjAFFZKtj3nElXcwvzogkCTOMGiPQHMLHvOZUHak4Wa9Phf1iefQ39X/YMaG/LaU+V7TZxtIucZi9GoJqtkhFZkyGAgUf8KobJyOzUtGOa+XDnhE84VareAEpPTB7klNFXQvWqi7MUAs1BsJnTk7+Kgg/ePiAuCg+E=
X-MS-TrafficTypeDiagnostic: BY2PR03MB556:
X-Exchange-Antispam-Report-Test: UriScan:(192374486261705)(185117386973197);
X-Microsoft-Antispam-PRVS: <BY2PR03MB55631B5FF1DE172E0DF1790E68D0@BY2PR03MB556.namprd03.prod.outlook.com>
X-Exchange-Antispam-Report-CFA-Test: BCL:0; PCL:0;
 RULEID:(100000700101)(100105000095)(100000701101)(100105300095)(100000702101)(100105100095)(6095135)(601004)(2401047)(5005006)(13018025)(13016025)(8121501046)(3002001)(100000703101)(100105400095)(10201501046)(93006095)(93001095)(6055026)(6096035)(20161123559100)(20161123556025)(201703131430075)(201703131433075)(201703131441075)(201703131448075)(201703161259150)(20161123561025)(20161123563025)(20161123565025)(201708071742011)(100000704101)(100105200095)(100000705101)(100105500095);
 SRVR:BY2PR03MB556; BCL:0; PCL:0;
 RULEID:(100000800101)(100110000095)(100000801101)(100110300095)(100000802101)(100110100095)(100000803101)(100110400095)(400006)(100000804101)(100110200095)(100000805101)(100110500095);
 SRVR:BY2PR03MB556; 
X-Microsoft-Exchange-Diagnostics: 1; BY2PR03MB556;
 4:fVsj7XGRmmdjSf2IGZtqI083aF66MaDFoOemhT5O61ONrwa+OIoL5/qvY6pasl+X8aO43eVxUAJWce1MmVvfaWxcUqXIQ9Cs37YYy2s3gvM8UcbfUB2iqEX3CKL6xOhoPD5LVFC2z7IqvssXWKX+cSRfnc9LIot+8eR0MLvCrguHn+I2jaX7G8nxzdli8hX4UlFStUIchtSK9d2eM7dn6YU/rZluH3sIglkBlXSGPmfHIQogldeHV7fOKoBHdUZvQOl+nDqn7tBvIUOrrCKiLncbMZe0wyBY5snSiJX/xXFgZ+SWE34ZLJTLSjd+FyLohDC25ge2ip9OGxeW+SfxKg==
X-Forefront-PRVS: 04004D94E2
X-Microsoft-Exchange-Diagnostics: =?us-ascii?Q?1; BY2PR03MB556;
 23:AyRz/x08gCYRpIOYBwXrQ0bdyHhgl8Kcgpu9oow3Ha?=
 =?us-ascii?Q?sht+iWnTX96r8ynaVb+2ODLR4odjbjuma2TTafpdoAC607j6hFzPwpUvhmss?=
 =?us-ascii?Q?xq71NGlfwsS/VoFc/qIYq1kQzPm7eueUZMv0a2JHuOcBYqAZZIA9llLlQQUK?=
 =?us-ascii?Q?XG+20cP8srU0JGETZ+BFapzJ6gkozV+Q6MUyP/KR2GI9VwV+TbiVGm0X4oky?=
 =?us-ascii?Q?JV/JNI17F03q9Sbww7Z3kfclwOIxSenp1kw4Ba5K/mNTOgD5TMrT5xLckSsJ?=
 =?us-ascii?Q?0XRrmRcaX53OZEb3CiylF22wZAmTV5/sD2gbRbASx1H/w8JPUWXT+2T6rNoZ?=
 =?us-ascii?Q?ek+rdLk5akokpxQk+EElneiMop6rxGyFatl/DHvId661olsvRmh5fQbVmneJ?=
 =?us-ascii?Q?2rsC2zsW5UYm+NtGbQE3avzh2AShhWlyaXKJFCDXR7jA2UmLvKyxhypCZQn6?=
 =?us-ascii?Q?6p2w/iXQaRoKqeZ2h2fy9bqMwBNuc7cgedNZ3rT5tyDVLkwbFT0KFvNXw26A?=
 =?us-ascii?Q?xOaBqsDTjsJAEuXuDrYMxptR1ZOpRjp4v14JRE0UfhZJLIzAwrmdSnPlIF6f?=
 =?us-ascii?Q?Ny1E1HoxmoTl72n7TByMx0XKFwGiQyUTWD65RpZUKD//Dfj0Vy4rquBXxmH5?=
 =?us-ascii?Q?5iWKmJf5CeitB3xVqyj2V1QnwEQ/UJtksh8pt6KU/Tb0iUwtBrqgph6WORAQ?=
 =?us-ascii?Q?LLFZpgDsBUxp5552zdypioeRZ78GrhYXdJ0uhoDhuQ6RG0k6d/CgEZgMY870?=
 =?us-ascii?Q?suxlq17+uJvrKtd83tYfb8vjXovpBZxnyp+SH9JNcdoffT/cqA2nFWYVpsBB?=
 =?us-ascii?Q?7xfD10XS6NYH9Lxg+A0licxuEOX2wYBRcUlUGg8WiQu/VEQQNwiFkNAaTbGQ?=
 =?us-ascii?Q?e1tmTXkAOiGQ+tRIltQCPpo8moRmgd+zCbdm02J1Rit2CYeK3WAMU5+HfhTH?=
 =?us-ascii?Q?24RC8IqbryvUm6ulme2ayCkh100eFFt2eTBYKIetteB6kGa2RgMpGazUKiTd?=
 =?us-ascii?Q?ottmmG+CuxDTLo8SZ6+32A078NAxIS57IXUebrFJ/QcWxmkn2gXW1yO9gxlx?=
 =?us-ascii?Q?+gl9qJaOpiS079iV1MBCeuIKtsAHd3KTAXWKfhPx18JBkVvfkg6FASTMptvM?=
 =?us-ascii?Q?5+AfQwQjvZrhW6zBXBO+132dgLl6ahpKTXfoyGmmV1bAhsPfIQ9IKn4kTWNy?=
 =?us-ascii?Q?aKw7xzo+VZFJk=3D?=
X-Microsoft-Exchange-Diagnostics: 1; BY2PR03MB556;
 6:4n5mGczJyOghmW2egTZJPZXiizpybuS1jdGbqGJ8A/MzgcPOuy4VKMKZxA6hhsnO9KqgClQgCvI8OGRDrQvlwVbQJ4uCtuSpl4VXhTerfK4YLv0tn8hfpEuVedzUCayd8yjCG+eaiPn1AmDB32v81LPJhwmR4JPiM7jEiDDsbfPzhvKR7aRfH0BYCtqn/jEDzkznOpqLhTVqAsBhDJ5wkuPVW7ftt0pYyQVdntJlGTxDKrcOPJYz9bmPeS5nTLlx4jLq+/HV6o13AiF+qpvN8C61zy0n6DkfBpsrvG6VeiMhX+hnVlZKmVc7Z3eJKDbO28j6yoSHgdL7+mti+9hTQA==;
 5:Y3qb1wM1u1P+yeYmAh1RxG6sAVpI18CJWIfNV9uR/iiTL98f+7Nh1cAwLq2kejRSOlPYXrBp/nSf1smyqZ2mLMNryAvzdAIdCCz35rKiEl6lnLhBrMPOCW9YOvf88tMMJzT2tbXiLcBjr+g6zTwYEQ==;
 24:5o16Yfk2cA3M2Nc92pJ+yMHB/f48XFNx2ZbXOt0TSVFrdAc5eVRs4LYhXFVi2XXKKlf4YTELiCJcjbgWapaHrX6HSA/hVDg5P4SuAErKmVw=;
 7:zzm8T1foSBSyZSsZe0ZHmf3TORdKr3PNQ/fB1E9efWMc5MN5Dom56LJXVQwfnDraAdO0Ol38H+vp//Zwh2BWZhyXtj4IeS9bkWq4wlty3sshc91j78PMaPXSLBYSVTdJhhUJxxAmTHUmb2ccC/CmFjydQShpJWjQB46M7BN5Up8xAthWukF0S2jUzhH1CcYNEAAb3PP0EOTb+WqBvREJizn5fnaC+9R3pTGyBomQIh0=
SpamDiagnosticOutput: 1:99
SpamDiagnosticMetadata: NSPM
X-MS-Exchange-CrossTenant-OriginalArrivalTime: 15 Aug 2017 06:37:08.3037 (UTC)
X-MS-Exchange-CrossTenant-Id: 5afe0b00-7697-4969-b663-5eab37d5f47e
X-MS-Exchange-CrossTenant-OriginalAttributedTenantConnectingIp: TenantId=5afe0b00-7697-4969-b663-5eab37d5f47e; Ip=[192.88.158.2];
 Helo=[az84smr01.freescale.net]
X-MS-Exchange-CrossTenant-FromEntityHeader: HybridOnPrem
X-MS-Exchange-Transport-CrossTenantHeadersStamped: BY2PR03MB556
Subject: [dpdk-dev] [RFC PATCH 1/4] rte_security: API definitions
X-BeenThere: dev@dpdk.org
X-Mailman-Version: 2.1.15
Precedence: list
List-Id: DPDK patches and discussions <dev.dpdk.org>
List-Unsubscribe: <http://dpdk.org/ml/options/dev>,
 <mailto:dev-request@dpdk.org?subject=unsubscribe>
List-Archive: <http://dpdk.org/ml/archives/dev/>
List-Post: <mailto:dev@dpdk.org>
List-Help: <mailto:dev-request@dpdk.org?subject=help>
List-Subscribe: <http://dpdk.org/ml/listinfo/dev>,
 <mailto:dev-request@dpdk.org?subject=subscribe>
X-List-Received-Date: Tue, 15 Aug 2017 06:37:12 -0000

Detailed description is added in the coverletter

Signed-off-by: Akhil Goyal <akhil.goyal@nxp.com>
---
 lib/librte_cryptodev/rte_security.c | 171 +++++++++++++++
 lib/librte_cryptodev/rte_security.h | 409 ++++++++++++++++++++++++++++++++++++
 2 files changed, 580 insertions(+)
 create mode 100644 lib/librte_cryptodev/rte_security.c
 create mode 100644 lib/librte_cryptodev/rte_security.h

diff --git a/lib/librte_cryptodev/rte_security.c b/lib/librte_cryptodev/rte_security.c
new file mode 100644
index 0000000..7c73c93
--- /dev/null
+++ b/lib/librte_cryptodev/rte_security.c
@@ -0,0 +1,171 @@
+/*-
+ *   BSD LICENSE
+ *
+ *   Copyright 2017 NXP.
+ *
+ *   Redistribution and use in source and binary forms, with or without
+ *   modification, are permitted provided that the following conditions
+ *   are met:
+ *
+ *     * Redistributions of source code must retain the above copyright
+ *       notice, this list of conditions and the following disclaimer.
+ *     * Redistributions in binary form must reproduce the above copyright
+ *       notice, this list of conditions and the following disclaimer in
+ *       the documentation and/or other materials provided with the
+ *       distribution.
+ *     * Neither the name of NXP nor the names of its
+ *       contributors may be used to endorse or promote products derived
+ *       from this software without specific prior written permission.
+ *
+ *   THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS
+ *   "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT
+ *   LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR
+ *   A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT
+ *   OWNER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
+ *   SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT
+ *   LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE,
+ *   DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY
+ *   THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
+ *   (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE
+ *   OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
+ */
+
+#include <rte_log.h>
+#include <rte_debug.h>
+#include <rte_dev.h>
+#include <rte_memory.h>
+#include <rte_memcpy.h>
+#include <rte_launch.h>
+#include <rte_common.h>
+#include <rte_mempool.h>
+#include <rte_malloc.h>
+#include <rte_errno.h>
+
+#include "rte_crypto.h"
+#include "rte_cryptodev_pmd.h"
+#include "rte_security.h"
+#include "rte_ethdev.h"
+#include "rte_cryptodev.h"
+
+
+struct rte_security_session *
+rte_security_session_create(struct rte_mempool *mp)
+{
+	struct rte_security_session *sess;
+
+	/* Allocate a session structure from the session pool */
+	if (rte_mempool_get(mp, (void *)&sess)) {
+		CDEV_LOG_ERR("couldn't get object from session mempool");
+		return NULL;
+	}
+
+	/* Clear device session pointer */
+	memset(sess, 0, (sizeof(void *) *
+		RTE_MAX(rte_eth_dev_count(), rte_cryptodev_count())));
+
+	return sess;
+}
+
+int
+rte_security_session_init(uint16_t dev_id,
+			  struct rte_security_session *sess,
+			  struct rte_security_sess_conf *conf,
+			  struct rte_mempool *mp)
+{
+	struct rte_cryptodev *cdev = NULL;
+	struct rte_eth_dev *dev = NULL;
+	uint8_t index;
+	int ret;
+
+	if (sess == NULL || conf == NULL)
+		return -EINVAL;
+
+	switch (conf->action_type) {
+	case RTE_SECURITY_SESS_CRYPTO_PROTO_OFFLOAD:
+		if (!rte_cryptodev_pmd_is_valid_dev(dev_id))
+			return -EINVAL;
+		cdev = rte_cryptodev_pmd_get_dev(dev_id);
+		index = cdev->driver_id;
+		if (sess->sess_private_data[index] == NULL) {
+			ret = cdev->sec_ops->session_configure(cdev, conf, sess, mp);
+			if (ret < 0) {
+				CDEV_LOG_ERR(
+					"cdev_id %d failed to configure session details",
+					dev_id);
+				return ret;
+			}
+		}
+		break;
+	case RTE_SECURITY_SESS_ETH_INLINE_CRYPTO:
+	case RTE_SECURITY_SESS_ETH_PROTO_OFFLOAD:
+		dev = &rte_eth_devices[dev_id];
+		index = dev->data->port_id;
+		if (sess->sess_private_data[index] == NULL) {
+//			ret = dev->sec_ops->session_configure(dev, conf, sess, mp);
+//			if (ret < 0) {
+//				CDEV_LOG_ERR(
+//					"dev_id %d failed to configure session details",
+//					dev_id);
+//				return ret;
+//			}
+		}
+		break;
+	default:
+		return -EINVAL;
+	}
+
+	return 0;
+}
+
+int
+rte_security_session_free(struct rte_security_session *sess)
+{
+	uint8_t i, nb_drivers = RTE_MAX(rte_eth_dev_count(),
+					rte_cryptodev_count());
+	void *sess_priv;
+	struct rte_mempool *sess_mp;
+
+	if (sess == NULL)
+		return -EINVAL;
+
+	/* Check that all device private data has been freed */
+	for (i = 0; i < nb_drivers; i++) {
+		sess_priv = get_sec_session_private_data(sess, i);
+		if (sess_priv != NULL)
+			return -EBUSY;
+	}
+
+	/* Return session to mempool */
+	sess_mp = rte_mempool_from_obj(sess);
+	rte_mempool_put(sess_mp, sess);
+
+	return 0;
+}
+
+int
+rte_security_session_clear(uint8_t dev_id,
+		enum rte_security_session_action_type action_type,
+		struct rte_security_session *sess)
+{
+	struct rte_cryptodev *cdev = NULL;
+	struct rte_eth_dev *dev = NULL;
+	switch (action_type) {
+	case RTE_SECURITY_SESS_CRYPTO_PROTO_OFFLOAD:
+		cdev =  rte_cryptodev_pmd_get_dev(dev_id);
+		if (cdev == NULL || sess == NULL)
+			return -EINVAL;
+		cdev->sec_ops->session_clear(cdev, sess);
+		break;
+	case RTE_SECURITY_SESS_ETH_INLINE_CRYPTO:
+	case RTE_SECURITY_SESS_ETH_PROTO_OFFLOAD:
+		dev = &rte_eth_devices[dev_id];
+		if (dev == NULL || sess == NULL)
+			return -EINVAL;
+//		dev->dev_ops->session_clear(dev, sess);
+		break;
+	default:
+		return -EINVAL;
+	}
+
+	return 0;
+}
diff --git a/lib/librte_cryptodev/rte_security.h b/lib/librte_cryptodev/rte_security.h
new file mode 100644
index 0000000..9747d5e
--- /dev/null
+++ b/lib/librte_cryptodev/rte_security.h
@@ -0,0 +1,409 @@
+#ifndef _RTE_SECURITY_H_
+#define _RTE_SECURITY_H_
+
+/**
+ * @file rte_security.h
+ *
+ * RTE Security Common Definitions
+ *
+ */
+
+#ifdef __cplusplus
+extern "C" {
+#endif
+
+#include <netinet/in.h>
+#include <netinet/ip.h>
+#include <netinet/ip6.h>
+
+#include <rte_mbuf.h>
+#include <rte_memory.h>
+#include <rte_mempool.h>
+#include <rte_common.h>
+#include <rte_crypto.h>
+
+/** IPSec protocol mode */
+enum rte_security_conf_ipsec_sa_mode {
+	RTE_SECURITY_IPSEC_SA_MODE_TRANSPORT,
+	/**< IPSec Transport mode */
+	RTE_SECURITY_IPSEC_SA_MODE_TUNNEL,
+	/**< IPSec Tunnel mode */
+};
+
+/** IPSec Protocol */
+enum rte_security_conf_ipsec_sa_protocol {
+	RTE_SECURITY_IPSEC_SA_PROTO_AH,
+	/**< AH protocol */
+	RTE_SECURITY_IPSEC_SA_PROTO_ESP,
+	/**< ESP protocol */
+};
+
+/** IPSEC tunnel type */
+enum rte_security_ipsec_tunnel_type {
+	RTE_SECURITY_IPSEC_TUNNEL_IPV4 = 0,
+	/**< Outer header is IPv4 */
+	RTE_SECURITY_IPSEC_TUNNEL_IPV6,
+	/**< Outer header is IPv6 */
+};
+
+/**
+ * IPSEC tunnel parameters
+ *
+ * These parameters are used to build outbound tunnel headers.
+ */
+struct rte_security_ipsec_tunnel_param {
+	enum rte_security_ipsec_tunnel_type type;
+	/**< Tunnel type: IPv4 or IPv6 */
+
+	union {
+		struct {
+			struct in_addr src_ip;
+			/**< IPv4 source address */
+			struct in_addr dst_ip;
+			/**< IPv4 destination address */
+			uint8_t dscp;
+			/**< IPv4 Differentiated Services Code Point */
+			uint8_t df;
+			/**< IPv4 Don't Fragment bit */
+			uint8_t ttl;
+			/**< IPv4 Time To Live */
+		} ipv4; /**< IPv4 header parameters */
+
+		struct {
+			struct in6_addr *src_addr;
+			/**< IPv6 source address */
+			struct in6_addr *dst_addr;
+			/**< IPv6 destination address */
+			uint8_t dscp;
+			/**< IPv6 Differentiated Services Code Point */
+			uint32_t flabel;
+			/**< IPv6 flow label */
+			uint8_t hlimit;
+			/**< IPv6 hop limit */
+		} ipv6; /**< IPv6 header parameters */
+	}; /**< Various tunnel parameters */
+};
+
+/**
+ * IPSEC SA option flags
+ */
+struct rte_security_ipsec_sa_options {
+	/** Extended Sequence Numbers (ESN)
+	  *
+	  * * 1: Use extended (64 bit) sequence numbers
+	  * * 0: Use normal sequence numbers
+	  */
+	uint32_t esn : 1;
+
+	/** UDP encapsulation
+	  *
+	  * * 1: Do UDP encapsulation/decapsulation so that IPSEC packets can
+	  *      traverse through NAT boxes.
+	  * * 0: No UDP encapsulation
+	  */
+	uint32_t udp_encap : 1;
+
+	/** Copy DSCP bits
+	  *
+	  * * 1: Copy IPv4 or IPv6 DSCP bits from inner IP header to
+	  *      the outer IP header in encapsulation, and vice versa in
+	  *      decapsulation.
+	  * * 0: Use values from odp_ipsec_tunnel_param_t in encapsulation and
+	  *      do not change DSCP field in decapsulation.
+	  */
+	uint32_t copy_dscp : 1;
+
+	/** Copy IPv6 Flow Label
+	  *
+	  * * 1: Copy IPv6 flow label from inner IPv6 header to the
+	  *      outer IPv6 header.
+	  * * 0: Use value from odp_ipsec_tunnel_param_t
+	  */
+	uint32_t copy_flabel : 1;
+
+	/** Copy IPv4 Don't Fragment bit
+	  *
+	  * * 1: Copy the DF bit from the inner IPv4 header to the outer
+	  *      IPv4 header.
+	  * * 0: Use value from odp_ipsec_tunnel_param_t
+	  */
+	uint32_t copy_df : 1;
+
+	/** Decrement inner packet Time To Live (TTL) field
+	  *
+	  * * 1: In tunnel mode, decrement inner packet IPv4 TTL or
+	  *      IPv6 Hop Limit after tunnel decapsulation, or before tunnel
+	  *      encapsulation.
+	  * * 0: Inner packet is not modified.
+	  */
+	uint32_t dec_ttl : 1;
+
+};
+
+/** IPSec Operations */
+enum rte_security_ipsec_operation {
+	RTE_SECURITY_IPSEC_OP_ENCAP,
+	/**< Encrypt and generate digest */
+	RTE_SECURITY_IPSEC_OP_DECAP,
+	/**< Verify digest and decrypt */
+};
+
+/**
+ * IPSec Setup Data.
+ *
+ * This structure contains data relating to IPSec
+ * used to create a session.
+ */
+struct rte_security_ipsec_xform {
+	enum rte_security_ipsec_operation op;
+	/**< IPSec operation - Encap or Decap */
+	unsigned int spi;
+	/**< SA security parameter index */
+	enum rte_crypto_cipher_algorithm cipher_alg;
+	/**< Cipher Algorithm */
+	struct {
+		uint8_t *data;  /**< pointer to key data */
+		size_t length;   /**< key length in bytes */
+	} cipher_key;
+	enum rte_crypto_auth_algorithm auth_alg;
+	/**< Authentication Algorithm */
+	struct {
+		uint8_t *data;  /**< pointer to key data */
+		size_t length;   /**< key length in bytes */
+	} auth_key;
+	uint32_t salt;	/**< salt for this SA */
+	enum rte_security_conf_ipsec_sa_mode mode;
+	/**< IPsec SA Mode - transport/tunnel */
+	enum rte_security_conf_ipsec_sa_protocol proto;
+	/**< IPsec SA Protocol - AH/ESP */
+	struct rte_security_ipsec_tunnel_param tunnel;
+	/**< Tunnel parameters, NULL for transport mode */
+	struct rte_security_ipsec_sa_options options;
+	/**< various SA options */
+};
+
+/** IPsec Security Session Configuration */
+struct rte_security_dtls_xform {
+	/** To be Filled */
+};
+
+/** IPsec Security Session Configuration */
+struct rte_security_macsec_xform {
+	/** To be Filled */
+};
+
+/**< Security Session action type */
+enum rte_security_session_action_type {
+	RTE_SECURITY_SESS_NONE,
+	/**< Non protocol offload. Application need to manage everything */
+	RTE_SECURITY_SESS_ETH_INLINE_CRYPTO,
+	/**< Crypto operations are performed by Network interface */
+	RTE_SECURITY_SESS_ETH_PROTO_OFFLOAD,
+	/**< Crypto operations with protocol support are performed
+	 * by Network/ethernet device.
+	 */
+	RTE_SECURITY_SESS_CRYPTO_PROTO_OFFLOAD,
+	/**< Crypto operations with protocol support are performed
+	 * by Crypto device.
+	 */
+};
+
+/** Security Session Protocols */
+enum rte_security_sess_protocol {
+	RTE_SEC_CONF_DTLS,
+	/**< DTLS Protocol */
+	RTE_SEC_CONF_IPSEC,
+	/**< IPSec Protocol */
+	RTE_SEC_CONF_MACSEC,
+	/**< MACSec Protocol */
+};
+
+/**
+ * Security Session Configuration
+ */
+struct rte_security_sess_conf {
+	enum rte_security_session_action_type action_type;
+	/**< Type of action to be performed on the session */
+	enum rte_security_sess_protocol protocol;
+	/**< Security protocol to be configured */
+
+	union {
+		struct rte_security_ipsec_xform *ipsec_xform;
+		struct rte_security_dtls_xform *dtls_xform;
+		struct rte_security_macsec_xform *macsec_xform;
+	};
+	/**< Configuration parameters for security session */
+};
+
+struct rte_security_session {
+	__extension__ void *sess_private_data[0];
+	/**< Private session material */
+};
+
+/**
+ * Create Security session header (generic with no private data)
+ *
+ * @param   mempool    Session mempool to allocate session objects from
+ * @return
+ *  - On success, pointer to session
+ *  - On failure, NULL
+ */
+struct rte_security_session *
+rte_security_session_create(struct rte_mempool *mempool);
+
+/**
+ * Fill out private data for the device, based on its device id and name.
+ *
+ * @param   dev_id   Device id that we want the session to be used on
+ * @param   dev_name Device name for which session is to be used
+ * @param   sess     Session where the private data will be attached to
+ * @param   conf     Security config to apply on flow
+ *                   processed with this session
+ * @param   mempool  Mempool where the private data is allocated.
+ *
+ * @return
+ *  - On success, zero.
+ *  - On failure, a negative value.
+ */
+int
+rte_security_session_init(uint16_t dev_id,
+			  struct rte_security_session *sess,
+			  struct rte_security_sess_conf *conf,
+			  struct rte_mempool *mempool);
+
+/**
+ * Frees Security session header, after checking that all
+ * the device private data has been freed, returning it
+ * to its original mempool.
+ *
+ * @param   sess     Session header to be freed.
+ *
+ * @return
+ *  - 0 if successful.
+ *  - -EINVAL if session is NULL.
+ *  - -EBUSY if not all device private data has been freed.
+ */
+int
+rte_security_session_free(struct rte_security_session *sess);
+
+/**
+ * Frees private data for the device id, based on its device name,
+ * returning it to its mempool.
+ *
+ * @param   dev_id	ID of device that uses the session.
+ * @param   action_type	Action type for Security operation.
+ * @param   sess	Session containing the reference to the private data
+ *
+ * @return
+ *  - 0 if successful.
+ *  - -EINVAL if device is invalid or session is NULL.
+ */
+int
+rte_security_session_clear(uint8_t dev_id,
+			   enum rte_security_session_action_type action_type,
+			   struct rte_security_session *sess);
+
+/**
+ * Attach a session to a symmetric crypto operation
+ *
+ * @param	sym_op	crypto operation
+ * @param	sess	security session
+ */
+static inline int
+__rte_security_attach_session(struct rte_crypto_sym_op *sym_op,
+			      struct rte_security_session *sess)
+{
+	sym_op->sec_session = sess;
+
+	return 0;
+}
+
+static inline void *
+get_sec_session_private_data(const struct rte_security_session *sess,
+		uint8_t driver_id) {
+	return sess->sess_private_data[driver_id];
+}
+
+static inline void
+set_sec_session_private_data(struct rte_security_session *sess,
+		uint8_t driver_id, void *private_data)
+{
+	sess->sess_private_data[driver_id] = private_data;
+}
+
+/**
+ * Attach a session to a crypto operation.
+ * This API is needed only in case of RTE_SECURITY_SESS_CRYPTO_PROTO_OFFLOAD
+ * For other rte_security_session_action_type, ol_flags in rte_mbuf may be
+ * defined to perform security operations.
+ *
+ * @param	op	crypto operation
+ * @param	sess	security session
+ */
+static inline int
+rte_security_attach_session(struct rte_crypto_op *op,
+			    struct rte_security_session *sess)
+{
+	if (unlikely(op->type != RTE_CRYPTO_OP_TYPE_SYMMETRIC))
+		return -1;
+
+	op->sess_type = RTE_CRYPTO_OP_WITH_SESSION;
+
+	return __rte_security_attach_session(op->sym, sess);
+}
+
+/**
+ * Security Capability
+ */
+struct rte_security_capabilities {
+	enum rte_security_sess_protocol protocol;
+	RTE_STD_C11
+	union {
+		struct {
+			enum rte_crypto_auth_algorithm a_algo;
+			/**< authentication algorithm */
+			enum rte_crypto_cipher_algorithm c_algo;
+			/**< cipher algorithm */
+			uint16_t block_size;
+			/**< algorithm block size */
+			struct rte_crypto_param_range c_key_size;
+			/**< cipher key size range */
+			struct rte_crypto_param_range a_key_size;
+			/**< auth key size range */
+			struct rte_crypto_param_range digest_size;
+			/**< digest size range */
+			struct rte_crypto_param_range iv_size;
+			/**< Initialisation vector data size range */
+		} ipsec;
+		/**< IPSEC transform capabilities */
+		struct {
+			/* To be Filled */
+		} dtls;
+		/**< DTLS transform capabilities */
+		struct {
+			/* To be Filled */
+		} macsec;
+		/**< MACSEC transform capabilities */
+	};
+};
+
+/**
+ *  Provide capabilities available for defined device and algorithm
+ *
+ * @param	dev_id		The identifier of the device.
+ * @param	dev_name	Device name for which capability is needed
+ * @param	protocol	Protocol for which capability is required
+ *
+ * @return
+ *   - Return description of the security capability if exist.
+ *   - Return NULL if the capability not exist.
+ */
+const struct rte_security_capabilities *
+rte_security_capability_get(uint8_t dev_id, char *dev_name,
+		enum rte_security_sess_protocol protocol);
+
+#ifdef __cplusplus
+}
+#endif
+
+#endif /* _RTE_SECURITY_H_ */
-- 
2.9.3