From mboxrd@z Thu Jan 1 00:00:00 1970
Return-Path: <akhil.goyal@nxp.com>
Received: from NAM02-SN1-obe.outbound.protection.outlook.com
(mail-sn1nam02on0084.outbound.protection.outlook.com [104.47.36.84])
by dpdk.org (Postfix) with ESMTP id 88CAE1AEE9
for <dev@dpdk.org>; Thu, 14 Sep 2017 10:29:16 +0200 (CEST)
Received: from MWHPR03CA0050.namprd03.prod.outlook.com (10.174.173.167) by
BN6PR03MB2689.namprd03.prod.outlook.com (10.173.144.8) with Microsoft SMTP
Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384_P256) id
15.20.35.12; Thu, 14 Sep 2017 08:29:14 +0000
Received: from BL2FFO11FD039.protection.gbl (2a01:111:f400:7c09::129) by
MWHPR03CA0050.outlook.office365.com (2603:10b6:301:3b::39) with Microsoft
SMTP Server (version=TLS1_2,
cipher=TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384_P256) id 15.20.56.11 via
Frontend Transport; Thu, 14 Sep 2017 08:29:13 +0000
Authentication-Results: spf=fail (sender IP is 192.88.168.50)
smtp.mailfrom=nxp.com; NXP1.onmicrosoft.com; dkim=none (message not signed)
header.d=none;NXP1.onmicrosoft.com; dmarc=fail action=none
header.from=nxp.com;
Received-SPF: Fail (protection.outlook.com: domain of nxp.com does not
designate 192.88.168.50 as permitted sender) receiver=protection.outlook.com;
client-ip=192.88.168.50; helo=tx30smr01.am.freescale.net;
Received: from tx30smr01.am.freescale.net (192.88.168.50) by
BL2FFO11FD039.mail.protection.outlook.com (10.173.161.135) with Microsoft
SMTP Server (version=TLS1_0, cipher=TLS_RSA_WITH_AES_256_CBC_SHA) id
15.20.13.11 via Frontend Transport; Thu, 14 Sep 2017 08:29:13 +0000
Received: from netperf2.ap.freescale.net ([10.232.133.164])
by tx30smr01.am.freescale.net (8.14.3/8.14.0) with ESMTP id v8E8T36F025953;
Thu, 14 Sep 2017 01:29:09 -0700
From: Akhil Goyal <akhil.goyal@nxp.com>
To: <dev@dpdk.org>
CC: <declan.doherty@intel.com>, <pablo.de.lara.guarch@intel.com>,
<hemant.agrawal@nxp.com>, <radu.nicolau@intel.com>, <borisp@mellanox.com>,
<aviadye@mellanox.com>, <thomas@monjalon.net>, <sandeep.malik@nxp.com>,
<jerin.jacob@caviumnetworks.com>
Date: Thu, 14 Sep 2017 13:56:41 +0530
Message-ID: <20170914082651.26232-2-akhil.goyal@nxp.com>
X-Mailer: git-send-email 2.9.3
In-Reply-To: <20170914082651.26232-1-akhil.goyal@nxp.com>
References: <20170914082651.26232-1-akhil.goyal@nxp.com>
X-EOPAttributedMessage: 0
X-Matching-Connectors: 131498513531891477;
(91ab9b29-cfa4-454e-5278-08d120cd25b8); ()
X-Forefront-Antispam-Report: CIP:192.88.168.50; IPV:NLI; CTRY:US; EFV:NLI;
SFV:NSPM;
SFS:(10009020)(6009001)(336005)(39380400002)(346002)(376002)(39860400002)(2980300002)(1110001)(1109001)(339900001)(189002)(199003)(36756003)(86362001)(15650500001)(2351001)(2906002)(8936002)(6666003)(5890100001)(48376002)(33646002)(50466002)(316002)(110136004)(2950100002)(8656003)(50226002)(6916009)(106466001)(4326008)(16586007)(5660300001)(7416002)(97736004)(85426001)(50986999)(104016004)(77096006)(53946003)(47776003)(5003940100001)(76176999)(105606002)(1076002)(53936002)(54906002)(68736007)(189998001)(81166006)(8676002)(356003)(81156014)(305945005)(498600001);
DIR:OUT; SFP:1101; SCL:1; SRVR:BN6PR03MB2689; H:tx30smr01.am.freescale.net;
FPR:; SPF:Fail; PTR:InfoDomainNonexistent; MX:1; A:1; LANG:en;
X-Microsoft-Exchange-Diagnostics: 1; BL2FFO11FD039;
1:z0gPOZvRwljJzHGwAWeRvHCfsMN6SG5llRMt1k56TpF4EeQGWcaQebz7LHTk4yS3mgs9fkvBTXDuQrKhph9U9onkcn7gBK0cJ7DNBceU37Ru9LKdlodb+lG5NoOhSMrl
MIME-Version: 1.0
Content-Type: text/plain
X-MS-PublicTrafficType: Email
X-MS-Office365-Filtering-Correlation-Id: 97b3482d-98e6-4bed-0db7-08d4fb4aae04
X-Microsoft-Antispam: UriScan:; BCL:0; PCL:0;
RULEID:(300000500095)(300135000095)(300000501095)(300135300095)(22001)(300000502095)(300135100095)(300000503095)(300135400095)(2017052603199)(201703131430075)(201703131517081)(300000504095)(300135200095)(300000505095)(300135600095)(300000506095)(300135500095);
SRVR:BN6PR03MB2689;
X-Microsoft-Exchange-Diagnostics: 1; BN6PR03MB2689;
3:BbWD3NelXKuTXzhBMzyJK16Cy9NaDk67ECtOxNkfZxunv/kXJoVA6MVThTQMGXTg4QzRO/llDmPPly5sOI0gqBcUTSuj6dhdhRayWCytmV6C7ZfFVLPYKBXdj3TCfmewEa6XEHBHV5sr8Cv4008pIbKT1K+PTl9xLsWf8fxADZQavrjkIap5OXUNjsrbeYnCFAtdwZw04VeLjwqLJpHkH6euJd+fyaPO4x5bPLWJl3TQkiFj3I7h3kQ/rU24fIxaWt0QI+g+6QbrtWyFHlgGUlCfg8AetOxp2Jj4N6GL13oU26lxLjLCDvp3yhymyohupV83AoawV4WOVO+XE+LZa56zL5xnnoDJrtmRB+m5ANE=;
25:03F06JsAWiCocRK9tzeQntzUj8wMwL/48DHewCOJJsBg+SB6KWVcvhAQYhcb/OOn6rN11KWjoXSgViD3vb75Cg/PFA5XXzMETbN/PNMuKIwwn5kshBa789j/rxX6UDJ+xy01s+vFysfAL6YLKZ1k1jQAVDkx28lWH6EfVmR8/jdS+dhgfnsOdt2skM0G2wR/ieAoLIuI54GFrfvJqEfjf24vhiIrQhm8F2LI6cAoFI+DuatJwb6ULrMvmVEyo2njKx5SEmE+Gaf4HA9zcZzD7E/aaEuxw3XW6q1RpGmYSNvNDh4ILnZFzPcODaEVjzstfIE1Pjo4XKhM+TH6+D57ig==
X-MS-TrafficTypeDiagnostic: BN6PR03MB2689:
X-Microsoft-Exchange-Diagnostics: 1; BN6PR03MB2689;
31:1kaKnrkIOoRdeZSI4sKN9fZfSZyY73i/Zl4qUkfvD+qdAsR3jL31onvpphDkQams8eANFHCTpwtrT6/lkWrIctKF2OpLEZHhioNupqIo7HGzcJYTpNzWzn1zGVzyYKILJHIyZVKSHFF8fx+CsGhkmBNzNQyJvwI/yUWYRk1GKmj/hU3BxYTiAhkY4hrQfHJDy+60Z/69y9CT9VNq6PkNYCNU6+RDxoZ9GHq7BHotgZA=;
4:KSIe0GhGKdO0MDdmIXdop0cmBt3RE24Q62H7ztolkINyzqP0qegO081HNgXNBSEqUHBczBntnq4hf68cDYdlwd9vY1yO+46sTFRQk+Mt1Goq0oHFjrA+K/1kPITK7i1DcNV+lz4HyvfUilUJLbmYpiFf+3nt1UtGH9ooEvxpOWRe8AG8qlneYWs/7A+jy0hH5kQNBFgPFoMCf0Sp7yoX9RkfOoGBZg9K52o/9Rx5P7VzpaS7rA7iegAbwcBg7HEwN/nUmwHoGI/bgPtbpN5QSKUW3RddY37oPifIslY2FEFDQtFphryPis2xbE9kd9/H/ndSJU9CD/vDZlpkUygx0uZKXLor7CEkBttpH4CGdpGXoc9ioNT4NgMX0oHmxOO1
X-Exchange-Antispam-Report-Test: UriScan:(192374486261705)(185117386973197)(228905959029699);
X-Microsoft-Antispam-PRVS: <BN6PR03MB2689F3A30ECE518141B89465E66F0@BN6PR03MB2689.namprd03.prod.outlook.com>
X-Exchange-Antispam-Report-CFA-Test: BCL:0; PCL:0;
RULEID:(100000700101)(100105000095)(100000701101)(100105300095)(100000702101)(100105100095)(6095135)(2401047)(5005006)(8121501046)(10201501046)(93006095)(93001095)(3002001)(100000703101)(100105400095)(6055026)(6096035)(20161123563025)(20161123556025)(20161123565025)(201703131430075)(201703131433075)(201703131448075)(201703161259150)(201703151042153)(20161123559100)(20161123561025)(201708071742011)(100000704101)(100105200095)(100000705101)(100105500095);
SRVR:BN6PR03MB2689; BCL:0; PCL:0;
RULEID:(100000800101)(100110000095)(100000801101)(100110300095)(100000802101)(100110100095)(100000803101)(100110400095)(400006)(100000804101)(100110200095)(100000805101)(100110500095);
SRVR:BN6PR03MB2689;
X-Forefront-PRVS: 0430FA5CB7
X-Microsoft-Exchange-Diagnostics: =?us-ascii?Q?1; BN6PR03MB2689;
23:koFOerv/ErNXjgcLpL0DeIiFejp0dEIY3vT4sI5f6?=
=?us-ascii?Q?6aC8kmoOBcx6xTYxZAUEo/iMkiDrkw5h6KvHmbAIRWPmmeDnzJy/VhJQ6xKG?=
=?us-ascii?Q?eHlWAaehRP9tmwuzi7fV4mYE5797qYpcQ+swiPxHNv4Dt/87njRE7ZrVwFb0?=
=?us-ascii?Q?R6GlIg2JFHxo64RBT08TgB58dm2OdNPsEwajyolT7Sny4WChe4e9su/SMd02?=
=?us-ascii?Q?IEXwRCnN5R52rpy/EGyIXX6cvN5rPiEwZT5Q1GZMnVQoProX85ZoQNQLDP5I?=
=?us-ascii?Q?acnb+3hbpKQXE4mZ/w/dhK0BQ5bD9OB4RLqbRl8RVMXHJw2D+0VRC3kTIwme?=
=?us-ascii?Q?FQYmrR5QhFKEHJwPqzXaDoVdavaDm3R4QtQ9OxtFidplykIqA62pm6R4cp4z?=
=?us-ascii?Q?lQ3f7/qT17cquv8t50Et3jFt+YDq7V9sSmYNIOX/awIg1+qSIGcZJzDj5mXB?=
=?us-ascii?Q?hzM92W3TC77bgZhy5qn6DVVwgR5c7C1VnhIt75NexqY88QNIE7pBZYhqmNt0?=
=?us-ascii?Q?2o/+U/jQ4fNMTL5ywKVsZkMFZtnoAJqJu28xABqh/wd+zaQEHkb6DashxIvW?=
=?us-ascii?Q?mLZ5aebdCEtFRzY6GV2IZZT8BX28beEcDaVvfP34gaW4G9saJTZD46QY9bvH?=
=?us-ascii?Q?TTBc/ozsEyy+0FM8GktLvbYz99Pb+joxsCzRot4o5boJ5RXDYFGpKt64IlyL?=
=?us-ascii?Q?W5RqKRLbxGPl2asZ4ueKfzlZYmM6UtMViQbLBVPAeEX0ehX646+u6/asw35y?=
=?us-ascii?Q?xXeYu8wIlCnPHm75MOz58WNeEjnoiZteBLqq2uWj1YGijmoF2PWb7MMJ4uvV?=
=?us-ascii?Q?zf1Hbjayf+PcKjl8bxcIPwYdczkMLMK5VVtRfwcm8FkFo9K/Yu8qnWIKXdAG?=
=?us-ascii?Q?YPomBDQc+CxhVn3WqaMbGa5Hv1P4X9kApYJbQV8y3IvfmisyC2QdOz2TtCY2?=
=?us-ascii?Q?M87iieiMFONEMK1n9YSACyNRc5PwLCs9wwtJgFylya3nchyKj8Nxjalcpq+q?=
=?us-ascii?Q?4d86VKJkCJvUr7aE9QI7HglcaJVwXvJLqFfNKtkUZ6E8VnId+BS5tbmPRLQ9?=
=?us-ascii?Q?SmR9OIw5QbYC/o6M2BDPUEB9zfePoQZ3lWiNvm0BJuteHQXSXlRHxkPubwqm?=
=?us-ascii?Q?OFnrrKTfduIN78FJWv8RxNOZejWF5FrYB4TN7zVuvuu2ee8ycpnBC0eD9iIa?=
=?us-ascii?Q?luAMQ5Lluydw+idrwWf9FQmR6YVzAdu2j4NtpRuBqPN/H/5L2avhIu3ZHEde?=
=?us-ascii?Q?6RlpC873WLk3023NafpEtcNcSgCkexIJWd2wWQ50bR8VRfCRUGNtOVHi6/Tm?=
=?us-ascii?B?UT09?=
X-Microsoft-Exchange-Diagnostics: 1; BN6PR03MB2689;
6:3uujd62fjaAhj3A4inGNhtN/KwPNgnUL6prieaE173ZQNur736l2fH25Be4PinTBAFd58k9K8G6m+5utrl4dXKU0qgbkILxYSbfsYyv4lEKPE7ytRRkXGESgeVD8kKNwykR5VfC4xJqVbXu3SqHwCc8J/bzl6P04JSG2wKqDAeqYJS/X8lG7ACwm+P+aNXBXhP+iBRQaxh6CHxAj2xFNfz7Gz9iC5OZO2vajz/nstp4nxuhs5ZD69Ii9vjUWb6hwnh79yibg3yqx/TWPl42E7yFfR/7VJigbhFK1WvCZcSlausjtr8UXqcTyw+scIn4xIs3zIzgxhifbW+MAt/F0SA==;
5:SyprRgUMZoyO7EjGTBFFz3EfVZa6/S+aDkGIbr20xdKZPPc+dbF0MzsapZV4HdhMEDSqpHpN1e6H11XbMpFWs3hVnmD3GUXo67g4Giox9L8UOsQHcBPhMfgsRXtBfUfBFbkJxYh1cyb0+oB9tzvo1Q==;
24:aIHzld8tXEQFKtyS3CfUI95OFwXSe88vK9Zys4HTtY6x96XwfiTHyxO7QD6iTuxfRqO8gAK0IyrJKKcMsVmIVmkrNbiQuBGFR5NVGf9yHM4=;
7:m6yxmyfgxOxMvCun2MepCiQf/tbVDwCjAzopAsROUXXcwj7A9G0X7L0mSkdAiSLrOgtoKJlwkn2ZAWOX+6pBN+KA3voB+n6DiXckh0JjGsgYEkTSXxIkBayH4LgxB7TeTtgaVhKpT54ievdWbFH35N5ryR+6mLBbxwh1gcGOCzsAnUz/kuiM1LMYF3li6ZMY+XZVTaZE26EUaIqSU5Dq4k1hQLTwttA7NeTjVMeI68c=
SpamDiagnosticOutput: 1:99
SpamDiagnosticMetadata: NSPM
X-MS-Exchange-CrossTenant-OriginalArrivalTime: 14 Sep 2017 08:29:13.0175 (UTC)
X-MS-Exchange-CrossTenant-Id: 5afe0b00-7697-4969-b663-5eab37d5f47e
X-MS-Exchange-CrossTenant-OriginalAttributedTenantConnectingIp: TenantId=5afe0b00-7697-4969-b663-5eab37d5f47e; Ip=[192.88.168.50];
Helo=[tx30smr01.am.freescale.net]
X-MS-Exchange-CrossTenant-FromEntityHeader: HybridOnPrem
X-MS-Exchange-Transport-CrossTenantHeadersStamped: BN6PR03MB2689
Subject: [dpdk-dev] [PATCH 01/11] lib/rte_security: add security library
X-BeenThere: dev@dpdk.org
X-Mailman-Version: 2.1.15
Precedence: list
List-Id: DPDK patches and discussions <dev.dpdk.org>
List-Unsubscribe: <http://dpdk.org/ml/options/dev>,
<mailto:dev-request@dpdk.org?subject=unsubscribe>
List-Archive: <http://dpdk.org/ml/archives/dev/>
List-Post: <mailto:dev@dpdk.org>
List-Help: <mailto:dev-request@dpdk.org?subject=help>
List-Subscribe: <http://dpdk.org/ml/listinfo/dev>,
<mailto:dev-request@dpdk.org?subject=subscribe>
X-List-Received-Date: Thu, 14 Sep 2017 08:29:17 -0000
rte_security library provides APIs for security session
create/free for protocol offload or offloaded crypto
operation to ethernet device.
Signed-off-by: Akhil Goyal <akhil.goyal@nxp.com>
Signed-off-by: Boris Pismenny <borisp@mellanox.com>
Signed-off-by: Radu Nicolau <radu.nicolau@intel.com>
Signed-off-by: Declan Doherty <declan.doherty@intel.com>
---
lib/librte_security/Makefile | 53 +++
lib/librte_security/rte_security.c | 252 ++++++++++++++
lib/librte_security/rte_security.h | 494 +++++++++++++++++++++++++++
lib/librte_security/rte_security_driver.h | 181 ++++++++++
lib/librte_security/rte_security_version.map | 13 +
5 files changed, 993 insertions(+)
create mode 100644 lib/librte_security/Makefile
create mode 100644 lib/librte_security/rte_security.c
create mode 100644 lib/librte_security/rte_security.h
create mode 100644 lib/librte_security/rte_security_driver.h
create mode 100644 lib/librte_security/rte_security_version.map
diff --git a/lib/librte_security/Makefile b/lib/librte_security/Makefile
new file mode 100644
index 0000000..af87bb2
--- /dev/null
+++ b/lib/librte_security/Makefile
@@ -0,0 +1,53 @@
+# BSD LICENSE
+#
+# Copyright(c) 2017 Intel Corporation. All rights reserved.
+#
+# Redistribution and use in source and binary forms, with or without
+# modification, are permitted provided that the following conditions
+# are met:
+#
+# * Redistributions of source code must retain the above copyright
+# notice, this list of conditions and the following disclaimer.
+# * Redistributions in binary form must reproduce the above copyright
+# notice, this list of conditions and the following disclaimer in
+# the documentation and/or other materials provided with the
+# distribution.
+# * Neither the name of Intel Corporation nor the names of its
+# contributors may be used to endorse or promote products derived
+# from this software without specific prior written permission.
+#
+# THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS
+# "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT
+# LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR
+# A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT
+# OWNER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
+# SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT
+# LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE,
+# DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY
+# THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
+# (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE
+# OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
+
+include $(RTE_SDK)/mk/rte.vars.mk
+
+# library name
+LIB = librte_security.a
+
+# library version
+LIBABIVER := 1
+
+# build flags
+CFLAGS += -O3
+CFLAGS += $(WERROR_FLAGS)
+
+# library source files
+SRCS-y += rte_security.c
+
+# export include files
+SYMLINK-y-include += rte_security.h
+SYMLINK-y-include += rte_security_driver.h
+
+# versioning export map
+EXPORT_MAP := rte_security_version.map
+
+include $(RTE_SDK)/mk/rte.lib.mk
diff --git a/lib/librte_security/rte_security.c b/lib/librte_security/rte_security.c
new file mode 100644
index 0000000..5776246
--- /dev/null
+++ b/lib/librte_security/rte_security.c
@@ -0,0 +1,252 @@
+/*-
+ * BSD LICENSE
+ *
+ * Copyright 2017 NXP.
+ * Copyright(c) 2017 Intel Corporation. All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ *
+ * * Redistributions of source code must retain the above copyright
+ * notice, this list of conditions and the following disclaimer.
+ * * Redistributions in binary form must reproduce the above copyright
+ * notice, this list of conditions and the following disclaimer in
+ * the documentation and/or other materials provided with the
+ * distribution.
+ * * Neither the name of NXP nor the names of its
+ * contributors may be used to endorse or promote products derived
+ * from this software without specific prior written permission.
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS
+ * "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT
+ * LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR
+ * A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT
+ * OWNER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
+ * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT
+ * LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE,
+ * DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY
+ * THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
+ * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE
+ * OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
+ */
+
+#include <rte_malloc.h>
+#include <rte_dev.h>
+
+#include "rte_security.h"
+#include "rte_security_driver.h"
+
+#define RTE_SECURITY_INSTANCES_BLOCK_ALLOC_SZ (8)
+
+struct rte_security_ctx {
+ uint16_t id;
+ enum {
+ RTE_SECURITY_INSTANCE_INVALID = 0,
+ RTE_SECURITY_INSTANCE_VALID
+ } state;
+ void *device;
+ struct rte_security_ops *ops;
+};
+
+static struct rte_security_ctx *security_instances;
+static uint16_t max_nb_security_instances;
+static uint16_t nb_security_instances;
+
+static int
+rte_security_is_valid_id(uint16_t id)
+{
+ if (id >= nb_security_instances ||
+ (security_instances[id].state != RTE_SECURITY_INSTANCE_VALID))
+ return 0;
+ else
+ return 1;
+}
+
+/* Macros to check for valid id */
+#define RTE_SEC_VALID_ID_OR_ERR_RET(id, retval) do { \
+ if (!rte_security_is_valid_id(id)) { \
+ RTE_PMD_DEBUG_TRACE("Invalid sec_id=%d\n", id); \
+ return retval; \
+ } \
+} while (0)
+
+#define RTE_SEC_VALID_ID_OR_RET(id) do { \
+ if (!rte_security_is_valid_id(id)) { \
+ RTE_PMD_DEBUG_TRACE("Invalid sec_id=%d\n", id); \
+ return; \
+ } \
+} while (0)
+
+int
+rte_security_register(uint16_t *id, void *device,
+ struct rte_security_ops *ops)
+{
+ if (max_nb_security_instances == 0) {
+ security_instances = rte_malloc(
+ "rte_security_instances_ops",
+ sizeof(*security_instances) *
+ RTE_SECURITY_INSTANCES_BLOCK_ALLOC_SZ, 0);
+
+ if (security_instances == NULL)
+ return -ENOMEM;
+ max_nb_security_instances =
+ RTE_SECURITY_INSTANCES_BLOCK_ALLOC_SZ;
+ } else if (nb_security_instances >= max_nb_security_instances) {
+ uint16_t *instances = rte_realloc(security_instances,
+ sizeof(struct rte_security_ops *) *
+ (max_nb_security_instances +
+ RTE_SECURITY_INSTANCES_BLOCK_ALLOC_SZ), 0);
+
+ if (instances == NULL)
+ return -ENOMEM;
+
+ max_nb_security_instances +=
+ RTE_SECURITY_INSTANCES_BLOCK_ALLOC_SZ;
+ }
+
+ *id = nb_security_instances++;
+
+ security_instances[*id].id = *id;
+ security_instances[*id].state = RTE_SECURITY_INSTANCE_VALID;
+ security_instances[*id].device = device;
+ security_instances[*id].ops = ops;
+
+ return 0;
+}
+
+int
+rte_security_unregister(__rte_unused uint16_t *id)
+{
+ /* To be implemented */
+ return 0;
+}
+
+struct rte_security_session *
+rte_security_session_create(uint16_t id,
+ struct rte_security_session_conf *conf,
+ struct rte_mempool *mp)
+{
+ struct rte_security_ctx *instance;
+ struct rte_security_session *sess = NULL;
+
+ RTE_SEC_VALID_ID_OR_ERR_RET(id, NULL);
+ instance = &security_instances[id];
+
+ if (conf == NULL)
+ return NULL;
+
+ if (rte_mempool_get(mp, (void *)&sess))
+ return NULL;
+
+ RTE_FUNC_PTR_OR_ERR_RET(*instance->ops->session_create, NULL);
+ if (instance->ops->session_create(instance->device, conf, sess, mp)) {
+ rte_mempool_put(mp, (void *)sess);
+ return NULL;
+ }
+ return sess;
+}
+
+int
+rte_security_session_update(uint16_t id,
+ struct rte_security_session *sess,
+ struct rte_security_session_conf *conf)
+{
+ struct rte_security_ctx *instance;
+
+ RTE_SEC_VALID_ID_OR_ERR_RET(id, -ENODEV);
+ instance = &security_instances[id];
+
+ RTE_FUNC_PTR_OR_ERR_RET(*instance->ops->session_update, -ENOTSUP);
+ return instance->ops->session_update(instance->device, sess, conf);
+}
+
+int
+rte_security_session_query(uint16_t id,
+ struct rte_security_session *sess,
+ struct rte_security_stats *stats)
+{
+ struct rte_security_ctx *instance;
+
+ RTE_SEC_VALID_ID_OR_ERR_RET(id, -ENODEV);
+ instance = &security_instances[id];
+
+ RTE_FUNC_PTR_OR_ERR_RET(*instance->ops->session_query, -ENOTSUP);
+ return instance->ops->session_query(instance->device, sess, stats);
+}
+
+int
+rte_security_session_destroy(uint16_t id, struct rte_security_session *sess)
+{
+ struct rte_security_ctx *instance;
+
+ RTE_SEC_VALID_ID_OR_ERR_RET(id, -ENODEV);
+ instance = &security_instances[id];
+
+ RTE_FUNC_PTR_OR_ERR_RET(*instance->ops->session_destroy, -ENOTSUP);
+ return instance->ops->session_destroy(instance->device, sess);
+}
+
+int
+rte_security_set_pkt_metadata(uint16_t id,
+ struct rte_security_session *sess,
+ struct rte_mbuf *m, void *params)
+{
+ struct rte_security_ctx *instance;
+
+ RTE_SEC_VALID_ID_OR_ERR_RET(id, -ENODEV);
+ instance = &security_instances[id];
+
+ RTE_FUNC_PTR_OR_ERR_RET(*instance->ops->set_pkt_metadata, -ENOTSUP);
+ return instance->ops->set_pkt_metadata(instance->device,
+ sess, m, params);
+}
+
+const struct rte_security_capability *
+rte_security_capabilities_get(uint16_t id)
+{
+ struct rte_security_ctx *instance;
+
+ RTE_SEC_VALID_ID_OR_ERR_RET(id, NULL);
+ instance = &security_instances[id];
+
+ RTE_FUNC_PTR_OR_ERR_RET(*instance->ops->capabilities_get, NULL);
+ return instance->ops->capabilities_get(instance->device);
+}
+
+const struct rte_security_capability *
+rte_security_capability_get(uint16_t id,
+ struct rte_security_capability_idx *idx)
+{
+ struct rte_security_ctx *instance;
+ const struct rte_security_capability *capabilities;
+ const struct rte_security_capability *capability;
+ uint16_t i = 0;
+
+ RTE_SEC_VALID_ID_OR_ERR_RET(id, NULL);
+ instance = &security_instances[id];
+
+ RTE_FUNC_PTR_OR_ERR_RET(*instance->ops->capabilities_get, NULL);
+ capabilities = instance->ops->capabilities_get(instance->device);
+
+ if (capabilities == NULL)
+ return NULL;
+
+ while ((capability = &capabilities[i++])->action
+ != RTE_SECURITY_ACTION_TYPE_NONE) {
+ if (capability->action == idx->action &&
+ capability->protocol == idx->protocol) {
+ if (idx->protocol == RTE_SECURITY_PROTOCOL_IPSEC) {
+ if (capability->ipsec.proto ==
+ idx->ipsec.proto &&
+ capability->ipsec.mode ==
+ idx->ipsec.mode &&
+ capability->ipsec.direction ==
+ idx->ipsec.direction)
+ return capability;
+ }
+ }
+ }
+
+ return NULL;
+}
diff --git a/lib/librte_security/rte_security.h b/lib/librte_security/rte_security.h
new file mode 100644
index 0000000..2faac96
--- /dev/null
+++ b/lib/librte_security/rte_security.h
@@ -0,0 +1,494 @@
+/*-
+ * BSD LICENSE
+ *
+ * Copyright 2017 NXP.
+ * Copyright(c) 2017 Intel Corporation. All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ *
+ * * Redistributions of source code must retain the above copyright
+ * notice, this list of conditions and the following disclaimer.
+ * * Redistributions in binary form must reproduce the above copyright
+ * notice, this list of conditions and the following disclaimer in
+ * the documentation and/or other materials provided with the
+ * distribution.
+ * * Neither the name of NXP nor the names of its
+ * contributors may be used to endorse or promote products derived
+ * from this software without specific prior written permission.
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS
+ * "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT
+ * LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR
+ * A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT
+ * OWNER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
+ * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT
+ * LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE,
+ * DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY
+ * THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
+ * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE
+ * OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
+ */
+
+#ifndef _RTE_SECURITY_H_
+#define _RTE_SECURITY_H_
+
+/**
+ * @file rte_security.h
+ *
+ * RTE Security Common Definitions
+ *
+ */
+
+#ifdef __cplusplus
+extern "C" {
+#endif
+
+#include <netinet/in.h>
+#include <netinet/ip.h>
+#include <netinet/ip6.h>
+
+#include <rte_mbuf.h>
+#include <rte_memory.h>
+#include <rte_mempool.h>
+#include <rte_common.h>
+#include <rte_crypto.h>
+
+/** IPSec protocol mode */
+enum rte_security_ipsec_sa_mode {
+ RTE_SECURITY_IPSEC_SA_MODE_TRANSPORT,
+ /**< IPSec Transport mode */
+ RTE_SECURITY_IPSEC_SA_MODE_TUNNEL,
+ /**< IPSec Tunnel mode */
+};
+
+/** IPSec Protocol */
+enum rte_security_ipsec_sa_protocol {
+ RTE_SECURITY_IPSEC_SA_PROTO_AH,
+ /**< AH protocol */
+ RTE_SECURITY_IPSEC_SA_PROTO_ESP,
+ /**< ESP protocol */
+};
+
+/** IPSEC tunnel type */
+enum rte_security_ipsec_tunnel_type {
+ RTE_SECURITY_IPSEC_TUNNEL_IPV4 = 0,
+ /**< Outer header is IPv4 */
+ RTE_SECURITY_IPSEC_TUNNEL_IPV6,
+ /**< Outer header is IPv6 */
+};
+
+/**
+ * IPSEC tunnel parameters
+ *
+ * These parameters are used to build outbound tunnel headers.
+ */
+struct rte_security_ipsec_tunnel_param {
+ enum rte_security_ipsec_tunnel_type type;
+ /**< Tunnel type: IPv4 or IPv6 */
+ union {
+ struct {
+ struct in_addr src_ip;
+ /**< IPv4 source address */
+ struct in_addr dst_ip;
+ /**< IPv4 destination address */
+ uint8_t dscp;
+ /**< IPv4 Differentiated Services Code Point */
+ uint8_t df;
+ /**< IPv4 Don't Fragment bit */
+ uint8_t ttl;
+ /**< IPv4 Time To Live */
+ } ipv4;
+ /**< IPv4 header parameters */
+ struct {
+ struct in6_addr src_addr;
+ /**< IPv6 source address */
+ struct in6_addr dst_addr;
+ /**< IPv6 destination address */
+ uint8_t dscp;
+ /**< IPv6 Differentiated Services Code Point */
+ uint32_t flabel;
+ /**< IPv6 flow label */
+ uint8_t hlimit;
+ /**< IPv6 hop limit */
+ } ipv6;
+ /**< IPv6 header parameters */
+ };
+};
+
+/**
+ * IPsec Security Association option flags
+ */
+struct rte_security_ipsec_sa_options {
+ /** Extended Sequence Numbers (ESN)
+ *
+ * * 1: Use extended (64 bit) sequence numbers
+ * * 0: Use normal sequence numbers
+ */
+ uint32_t esn : 1;
+
+ /** UDP encapsulation
+ *
+ * * 1: Do UDP encapsulation/decapsulation so that IPSEC packets can
+ * traverse through NAT boxes.
+ * * 0: No UDP encapsulation
+ */
+ uint32_t udp_encap : 1;
+
+ /** Copy DSCP bits
+ *
+ * * 1: Copy IPv4 or IPv6 DSCP bits from inner IP header to
+ * the outer IP header in encapsulation, and vice versa in
+ * decapsulation.
+ * * 0: Use values from odp_ipsec_tunnel_param_t in encapsulation and
+ * do not change DSCP field in decapsulation.
+ */
+ uint32_t copy_dscp : 1;
+
+ /** Copy IPv6 Flow Label
+ *
+ * * 1: Copy IPv6 flow label from inner IPv6 header to the
+ * outer IPv6 header.
+ * * 0: Use value from odp_ipsec_tunnel_param_t
+ */
+ uint32_t copy_flabel : 1;
+
+ /** Copy IPv4 Don't Fragment bit
+ *
+ * * 1: Copy the DF bit from the inner IPv4 header to the outer
+ * IPv4 header.
+ * * 0: Use value from odp_ipsec_tunnel_param_t
+ */
+ uint32_t copy_df : 1;
+
+ /** Decrement inner packet Time To Live (TTL) field
+ *
+ * * 1: In tunnel mode, decrement inner packet IPv4 TTL or
+ * IPv6 Hop Limit after tunnel decapsulation, or before tunnel
+ * encapsulation.
+ * * 0: Inner packet is not modified.
+ */
+ uint32_t dec_ttl : 1;
+
+ /** HW constructs/removes trailer of packets
+ *
+ * * 1: Transmitted packets will have the trailer added to them by
+ * hardawre. The next protocol field will be based on the
+ * mbuf->inner_esp_next_proto field.
+ * Received packets have no trailer, the next protocol field is
+ * supplied in the mbuf->inner_esp_next_proto field.
+ * * 0: Inner packet is not modified.
+ */
+ uint32_t no_trailer : 1;
+};
+
+/** IPSec security association direction */
+enum rte_security_ipsec_sa_direction {
+ RTE_SECURITY_IPSEC_SA_DIR_EGRESS,
+ /**< Encrypt and generate digest */
+ RTE_SECURITY_IPSEC_SA_DIR_INGRESS,
+ /**< Verify digest and decrypt */
+};
+
+/**
+ * IPsec security association configuration data.
+ *
+ * This structure contains data required to create an IPsec SA security session.
+ */
+struct rte_security_ipsec_xform {
+ uint32_t spi;
+ /**< SA security parameter index */
+ uint32_t salt;
+ /**< SA salt */
+ struct rte_security_ipsec_sa_options options;
+ /**< various SA options */
+ enum rte_security_ipsec_sa_direction direction;
+ /**< IPSec SA Direction - Egress/Ingress */
+ enum rte_security_ipsec_sa_protocol proto;
+ /**< IPsec SA Protocol - AH/ESP */
+ enum rte_security_ipsec_sa_mode mode;
+ /**< IPsec SA Mode - transport/tunnel */
+ struct rte_security_ipsec_tunnel_param tunnel;
+ /**< Tunnel parameters, NULL for transport mode */
+};
+
+/**
+ * MACsec security session configuration
+ */
+struct rte_security_macsec_xform {
+ /** To be Filled */
+};
+
+/**
+ * Security session action type.
+ */
+enum rte_security_session_action_type {
+ RTE_SECURITY_ACTION_TYPE_NONE,
+ /**< No security actions */
+ RTE_SECURITY_ACTION_TYPE_INLINE_CRYPTO,
+ /**< Crypto processing for security protocol is processed inline
+ * during transmission */
+ RTE_SECURITY_ACTION_TYPE_INLINE_PROTOCOL,
+ /**< All security protocol processing is performed inline during
+ * transmission */
+ RTE_SECURITY_ACTION_TYPE_LOOKASIDE_PROTOCOL
+ /**< All security protocol processing including crypto is performed
+ * on a lookaside accelerator */
+};
+
+/** Security session protocol definition */
+enum rte_security_session_protocol {
+ RTE_SECURITY_PROTOCOL_IPSEC,
+ /**< IPsec Protocol */
+ RTE_SECURITY_PROTOCOL_MACSEC,
+ /**< MACSec Protocol */
+};
+
+/**
+ * Security session configuration
+ */
+struct rte_security_session_conf {
+ enum rte_security_session_action_type action_type;
+ /**< Type of action to be performed on the session */
+ enum rte_security_session_protocol protocol;
+ /**< Security protocol to be configured */
+ union {
+ struct rte_security_ipsec_xform ipsec;
+ struct rte_security_macsec_xform macsec;
+ };
+ /**< Configuration parameters for security session */
+ struct rte_crypto_sym_xform *crypto_xform;
+ /**< Security Session Crypto Transformations */
+};
+
+struct rte_security_session {
+ __extension__ void *sess_private_data;
+ /**< Private session material */
+};
+
+/**
+ * Create security session as specified by the session configuration
+ *
+ * @param id security instance identifier id
+ * @param conf session configuration parameters
+ * @param mp mempool to allocate session objects from
+ * @return
+ * - On success, pointer to session
+ * - On failure, NULL
+ */
+struct rte_security_session *
+rte_security_session_create(uint16_t id,
+ struct rte_security_session_conf *conf,
+ struct rte_mempool *mp);
+
+/**
+ * Update security session as specified by the session configuration
+ *
+ * @param id security instance identifier id
+ * @param sess session to update parameters
+ * @param conf update configuration parameters
+ * @return
+ * - On success returns 0
+ * - On failure return errno
+ */
+int
+rte_security_session_update(uint16_t id,
+ struct rte_security_session *sess,
+ struct rte_security_session_conf *conf);
+
+/**
+ * Free security session header and the session private data and
+ * return it to its original mempool.
+ *
+ * @param id security instance identifier id
+ * @param sess security session to freed
+ *
+ * @return
+ * - 0 if successful.
+ * - -EINVAL if session is NULL.
+ * - -EBUSY if not all device private data has been freed.
+ */
+int
+rte_security_session_destroy(uint16_t id, struct rte_security_session *sess);
+
+/**
+ * Updates the buffer with device-specific defined metadata
+ *
+ * @param id security instance identifier id
+ * @param sess security session
+ * @param m packet mbuf to set metadata on.
+ * @param params device-specific defined parameters required for metadata
+ *
+ * @return
+ * - On success, zero.
+ * - On failure, a negative value.
+ */
+int
+rte_security_set_pkt_metadata(uint16_t id,
+ struct rte_security_session *sess,
+ struct rte_mbuf *mb, void *params);
+
+/**
+ * Attach a session to a symmetric crypto operation
+ *
+ * @param sym_op crypto operation
+ * @param sess security session
+ */
+static inline int
+__rte_security_attach_session(struct rte_crypto_sym_op *sym_op,
+ struct rte_security_session *sess)
+{
+ sym_op->sec_session = sess;
+
+ return 0;
+}
+
+static inline void *
+get_sec_session_private_data(const struct rte_security_session *sess)
+{
+ return sess->sess_private_data;
+}
+
+static inline void
+set_sec_session_private_data(struct rte_security_session *sess,
+ void *private_data)
+{
+ sess->sess_private_data = private_data;
+}
+
+/**
+ * Attach a session to a crypto operation.
+ * This API is needed only in case of RTE_SECURITY_SESS_CRYPTO_PROTO_OFFLOAD
+ * For other rte_security_session_action_type, ol_flags in rte_mbuf may be
+ * defined to perform security operations.
+ *
+ * @param op crypto operation
+ * @param sess security session
+ */
+static inline int
+rte_security_attach_session(struct rte_crypto_op *op,
+ struct rte_security_session *sess)
+{
+ if (unlikely(op->type != RTE_CRYPTO_OP_TYPE_SYMMETRIC))
+ return -1;
+
+ op->sess_type = RTE_CRYPTO_OP_SECURITY_SESSION;
+
+ return __rte_security_attach_session(op->sym, sess);
+}
+
+struct rte_security_macsec_stats {
+ uint64_t reserved;
+};
+
+struct rte_security_ipsec_stats {
+ uint64_t reserved;
+
+};
+
+struct rte_security_stats {
+ enum rte_security_session_protocol protocol;
+ /**< Security protocol to be configured */
+
+ union {
+ struct rte_security_macsec_stats macsec;
+ struct rte_security_ipsec_stats ipsec;
+ };
+};
+
+/**
+ * Query security session statistics
+ *
+ * @param id security instance identifier id
+ * @param sess security session
+ * @param stats statistics
+ * @return
+ * - On success return 0
+ * - On failure errno
+ */
+int
+rte_security_session_query(uint16_t id,
+ struct rte_security_session *sess,
+ struct rte_security_stats *stats);
+
+/**
+ * Security capability definition
+ */
+struct rte_security_capability {
+ enum rte_security_session_action_type action;
+ /**< Security action type*/
+ enum rte_security_session_protocol protocol;
+ /**< Security protocol */
+ RTE_STD_C11
+ union {
+ struct {
+ enum rte_security_ipsec_sa_protocol proto;
+ /**< IPsec SA protocol */
+ enum rte_security_ipsec_sa_mode mode;
+ /**< IPsec SA mode */
+ enum rte_security_ipsec_sa_direction direction;
+ /**< IPsec SA direction */
+ struct rte_security_ipsec_sa_options options;
+ /**< IPsec SA supported options */
+ } ipsec;
+ /**< IPsec capability */
+ struct {
+ /* To be Filled */
+ } macsec;
+ /**< MACsec capability */
+ };
+
+ const struct rte_cryptodev_capabilities *crypto_capabilities;
+ /**< Corresponding crypto capabilities for security capability */
+};
+
+/**
+ * Security capability index used to query a security instance for a specific
+ * security capability
+ */
+struct rte_security_capability_idx {
+ enum rte_security_session_action_type action;
+ enum rte_security_session_protocol protocol;
+
+ union {
+ struct {
+ enum rte_security_ipsec_sa_protocol proto;
+ enum rte_security_ipsec_sa_mode mode;
+ enum rte_security_ipsec_sa_direction direction;
+ } ipsec;
+ };
+};
+
+/**
+ * Returns array of security instance capabilities
+ *
+ * @param id Security instance identifier.
+ *
+ * @return
+ * - Returns array of security capabilities.
+ * - Return NULL if no capabilities available.
+ */
+const struct rte_security_capability *
+rte_security_capabilities_get(uint16_t id);
+
+/**
+ * Query if a specific capability is available on security instance
+ *
+ * @param id security instance identifier.
+ * @param idx security capability index to match against
+ *
+ * @return
+ * - Returns pointer to security capability on match of capability
+ * index criteria.
+ * - Return NULL if the capability not matched on security instance.
+ */
+const struct rte_security_capability *
+rte_security_capability_get(uint16_t id,
+ struct rte_security_capability_idx *idx);
+
+#ifdef __cplusplus
+}
+#endif
+
+#endif /* _RTE_SECURITY_H_ */
diff --git a/lib/librte_security/rte_security_driver.h b/lib/librte_security/rte_security_driver.h
new file mode 100644
index 0000000..e2632df
--- /dev/null
+++ b/lib/librte_security/rte_security_driver.h
@@ -0,0 +1,181 @@
+/*-
+ * BSD LICENSE
+ *
+ * Copyright(c) 2017 Intel Corporation. All rights reserved.
+ * Copyright 2017 NXP.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ *
+ * * Redistributions of source code must retain the above copyright
+ * notice, this list of conditions and the following disclaimer.
+ * * Redistributions in binary form must reproduce the above copyright
+ * notice, this list of conditions and the following disclaimer in
+ * the documentation and/or other materials provided with the
+ * distribution.
+ * * Neither the name of Intel Corporation nor the names of its
+ * contributors may be used to endorse or promote products derived
+ * from this software without specific prior written permission.
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS
+ * "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT
+ * LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR
+ * A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT
+ * OWNER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
+ * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT
+ * LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE,
+ * DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY
+ * THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
+ * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE
+ * OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
+ */
+
+#ifndef _RTE_SECURITY_DRIVER_H_
+#define _RTE_SECURITY_DRIVER_H_
+
+/**
+ * @file rte_security_driver.h
+ *
+ * RTE Security Common Definitions
+ *
+ */
+
+#ifdef __cplusplus
+extern "C" {
+#endif
+
+#include "rte_security.h"
+
+/**
+ * Configure a security session on a device.
+ *
+ * @param device Crypto/eth device pointer
+ * @param conf Security session configuration
+ * @param sess Pointer to Security private session structure
+ * @param mp Mempool where the private session is allocated
+ *
+ * @return
+ * - Returns 0 if private session structure have been created successfully.
+ * - Returns -EINVAL if input parameters are invalid.
+ * - Returns -ENOTSUP if crypto device does not support the crypto transform.
+ * - Returns -ENOMEM if the private session could not be allocated.
+ */
+typedef int (*security_session_create_t)(void *device,
+ struct rte_security_session_conf *conf,
+ struct rte_security_session *sess,
+ struct rte_mempool *mp);
+
+/**
+ * Free driver private session data.
+ *
+ * @param dev Crypto/eth device pointer
+ * @param sess Security session structure
+ */
+typedef int (*security_session_destroy_t)(void *device,
+ struct rte_security_session *sess);
+
+/**
+ * Update driver private session data.
+ *
+ * @param device Crypto/eth device pointer
+ * @param sess Pointer to Security private session structure
+ * @param conf Security session configuration
+ *
+ * @return
+ * - Returns 0 if private session structure have been updated successfully.
+ * - Returns -EINVAL if input parameters are invalid.
+ * - Returns -ENOTSUP if crypto device does not support the crypto transform.
+ */
+typedef int (*security_session_update_t)(void *device,
+ struct rte_security_session *sess,
+ struct rte_security_session_conf *conf);
+/**
+ * Query stats from the PMD.
+ *
+ * @param device Crypto/eth device pointer
+ * @param sess Pointer to Security private session structure
+ * @param stats Security stats of the driver
+ *
+ * @return
+ * - Returns 0 if private session structure have been updated successfully.
+ * - Returns -EINVAL if session parameters are invalid.
+ */
+typedef int (*security_session_query_t)(void *device,
+ struct rte_security_session *sess,
+ struct rte_security_stats *stats);
+
+/**
+ * Update buffer with provided metadata.
+ *
+ * @param sess Security session structure
+ * @param mb Packet buffer
+ * @param mt Metadata
+ *
+ * @return
+ * - Returns 0 if metadata updated successfully.
+ * - Returns -ve value for errors.
+ */
+typedef int (*security_set_pkt_metadata_t)(void *device,
+ struct rte_security_session *sess, struct rte_mbuf *m,
+ void *params);
+
+/**
+ * Get security capabilities of the device.
+ *
+ * @param device crypto/eth device pointer
+ *
+ * @return
+ * - Returns rte_security_capability pointer on success.
+ * - Returns NULL on error.
+ */
+typedef const struct rte_security_capability *(*security_capabilities_get_t)(
+ void *device);
+
+/** Security operations function pointer table */
+struct rte_security_ops {
+ security_session_create_t session_create;
+ /**< Configure a Security session. */
+ security_session_update_t session_update;
+ /**< Update a security sessions state */
+ security_session_query_t session_query;
+ /**< Clear a security sessions private data. */
+ security_session_destroy_t session_destroy;
+ /**< Clear a security sessions private data. */
+ security_set_pkt_metadata_t set_pkt_metadata;
+ /**< Update buffer metadata. */
+ security_capabilities_get_t capabilities_get;
+};
+
+/**
+ * Register a Crypto/eth device for security operations.
+ *
+ * @param id id of the crypto/eth device
+ * @param device crypto/eth device pointer
+ * @param ops Security ops to be supported by device
+ *
+ * @return
+ * - Returns 0 if metadata updated successfully.
+ * - Returns -ve value for errors.
+ */
+int
+rte_security_register(uint16_t *id, void *device,
+ struct rte_security_ops *ops);
+
+/**
+ * Unregister a Crypto/eth device for security operations.
+ *
+ * @param id id of the crypto/eth device
+ *
+ * @return
+ * - Returns 0 if device is successfully unregistered.
+ * - Returns -ve value for errors.
+ */
+int
+rte_security_unregister(uint16_t *id);
+
+#ifdef __cplusplus
+}
+#endif
+
+#endif /* _RTE_SECURITY_DRIVER_H_ */
diff --git a/lib/librte_security/rte_security_version.map b/lib/librte_security/rte_security_version.map
new file mode 100644
index 0000000..82b7921
--- /dev/null
+++ b/lib/librte_security/rte_security_version.map
@@ -0,0 +1,13 @@
+DPDK_17.11 {
+ global:
+
+ rte_security_attach_session;
+ rte_security_capabilities_get;
+ rte_security_capability_get;
+ rte_security_session_create;
+ rte_security_session_free;
+ rte_security_session_query;
+ rte_security_session_update;
+ rte_security_set_pkt_metadata;
+
+};
--
2.9.3