From mboxrd@z Thu Jan  1 00:00:00 1970
Return-Path: <akhil.goyal@nxp.com>
Received: from NAM03-CO1-obe.outbound.protection.outlook.com
 (mail-co1nam03on0067.outbound.protection.outlook.com [104.47.40.67])
 by dpdk.org (Postfix) with ESMTP id 6469A1B2FE
 for <dev@dpdk.org>; Sun, 15 Oct 2017 00:20:29 +0200 (CEST)
Received: from BN3PR03CA0099.namprd03.prod.outlook.com (2603:10b6:400:4::17)
 by SN2PR03MB2367.namprd03.prod.outlook.com (2603:10b6:804:e::18) with
 Microsoft SMTP Server (version=TLS1_2,
 cipher=TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384_P256) id 15.20.77.7; Sat, 14 Oct
 2017 22:20:27 +0000
Received: from BL2FFO11FD015.protection.gbl (2a01:111:f400:7c09::180) by
 BN3PR03CA0099.outlook.office365.com (2603:10b6:400:4::17) with Microsoft SMTP
 Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384_P256) id
 15.20.77.7 via Frontend Transport; Sat, 14 Oct 2017 22:20:27 +0000
Authentication-Results: spf=fail (sender IP is 192.88.158.2)
 smtp.mailfrom=nxp.com; NXP1.onmicrosoft.com; dkim=none (message not signed)
 header.d=none;NXP1.onmicrosoft.com; dmarc=fail action=none
 header.from=nxp.com;
Received-SPF: Fail (protection.outlook.com: domain of nxp.com does not
 designate 192.88.158.2 as permitted sender) receiver=protection.outlook.com;
 client-ip=192.88.158.2; helo=az84smr01.freescale.net;
Received: from az84smr01.freescale.net (192.88.158.2) by
 BL2FFO11FD015.mail.protection.outlook.com (10.173.160.223) with Microsoft
 SMTP Server (version=TLS1_0, cipher=TLS_RSA_WITH_AES_256_CBC_SHA) id
 15.20.77.10 via Frontend Transport; Sat, 14 Oct 2017 22:20:26 +0000
Received: from netperf2.ap.freescale.net ([10.232.133.164])
 by az84smr01.freescale.net (8.14.3/8.14.0) with ESMTP id v9EMKCMK018714;
 Sat, 14 Oct 2017 15:20:20 -0700
From: Akhil Goyal <akhil.goyal@nxp.com>
To: <dev@dpdk.org>
CC: <declan.doherty@intel.com>, <pablo.de.lara.guarch@intel.com>,
 <hemant.agrawal@nxp.com>, <radu.nicolau@intel.com>, <borisp@mellanox.com>,
 <aviadye@mellanox.com>, <thomas@monjalon.net>, <sandeep.malik@nxp.com>,
 <jerin.jacob@caviumnetworks.com>, <john.mcnamara@intel.com>,
 <konstantin.ananyev@intel.com>, <shahafs@mellanox.com>,
 <olivier.matz@6wind.com>
Date: Sun, 15 Oct 2017 03:47:23 +0530
Message-ID: <20171014221734.15511-2-akhil.goyal@nxp.com>
X-Mailer: git-send-email 2.9.3
In-Reply-To: <20171014221734.15511-1-akhil.goyal@nxp.com>
References: <20171006181151.4758-1-akhil.goyal@nxp.com>
 <20171014221734.15511-1-akhil.goyal@nxp.com>
X-EOPAttributedMessage: 0
X-Matching-Connectors: 131524932268681882;
 (91ab9b29-cfa4-454e-5278-08d120cd25b8); ()
X-Forefront-Antispam-Report: CIP:192.88.158.2; IPV:NLI; CTRY:US; EFV:NLI;
 SFV:NSPM;
 SFS:(10009020)(6009001)(336005)(346002)(39380400002)(39860400002)(376002)(2980300002)(1110001)(1109001)(339900001)(189002)(199003)(77096006)(5660300001)(1076002)(5003940100001)(8656003)(2906002)(7416002)(85426001)(5890100001)(15650500001)(356003)(305945005)(97736004)(16586007)(8936002)(8676002)(81156014)(81166006)(316002)(104016004)(2950100002)(54906003)(6916009)(53946003)(53936002)(4326008)(47776003)(498600001)(76176999)(50986999)(50466002)(50226002)(69596002)(48376002)(105606002)(189998001)(86362001)(68736007)(33646002)(106466001)(2351001)(36756003);
 DIR:OUT; SFP:1101; SCL:1; SRVR:SN2PR03MB2367; H:az84smr01.freescale.net; FPR:;
 SPF:Fail; PTR:InfoDomainNonexistent; MX:1; A:1; LANG:en; 
X-Microsoft-Exchange-Diagnostics: 1; BL2FFO11FD015;
 1:wvXX6hkLtGldcejR64bjDm7EoEPBNk1URMUU8UbI05+HQEL7mSLKkkCOz4qQBo6r8WTqB4UGcr8CylMwbmKTXhmEmIDaFaouOpumzsA3UFfRpuW+PwnDTOZgsJMCVUTc
MIME-Version: 1.0
Content-Type: text/plain
X-MS-PublicTrafficType: Email
X-MS-Office365-Filtering-Correlation-Id: a18d3658-be26-46c4-6a9a-08d51351c572
X-Microsoft-Antispam: UriScan:; BCL:0; PCL:0;
 RULEID:(22001)(2017052603199)(201703131430075)(201703131517081);
 SRVR:SN2PR03MB2367; 
X-Microsoft-Exchange-Diagnostics: 1; SN2PR03MB2367;
 3:vjfntAN3nCivyxKQ9+AsXG8uRuEOOhws7ptLBhX5XHORfWKoED6+5BNkY/CDZdfbeddwXaL6Rr+BUo467tR6JygJyaDpbmt5xLEkN9Ez6WmxFpoWEVhZeaLZRHFZXqAdJB4Tz4Atc+6niqcMa2g/Q8vJsU1vCGQFLBUcPDMiRIyoVS45nM+35QwgoO5cnE6IPlwxGMvOO1yQpnwDyon5h10YjVt2gjyQ66dcNqd0vDrrSWEIla8PPI82HVb0+2KAhYgMuicc+HPXjPuOsJPGkQsZzOvQekaQcsy4jidNEr+SHwwN9Xohs5BKv7kRKzzdMfLuAX1giUQo8KZeJ32FFn5Oj+WO0xZxygpa8Coq8So=;
 25:9Iztm8N5m8FzN2MxlgfzaQntX7Vp/lo7aUoiqB+2/m5qTjQ9yQ7vvJTCs9gNHfms0AMCIy8nFPE2ZfyoL4ApOs5r4wtJZJ7qZo1cNbPUF3kU8oNHPmImE40/sySjSXIyOFLXPQMmiFFTBs61GxpFC0nFsK0ev7wL+KSjzYoblGqEeltdGY2Do3nqqV54qbNgl4vpWiL5H6PtFURmaPbQQxCIwCTDWWopkBp5EiAwhEbrrOnhfzYwEJbpifpTqjdMUSNe4bo0rUZg4Igp8c3dCAn9InRSHYoCq26w+en6mR/sQfByZWSQcTF8nhizepzadaenBtQmKNBcaNGpnM29yA==
X-MS-TrafficTypeDiagnostic: SN2PR03MB2367:
X-Microsoft-Exchange-Diagnostics: 1; SN2PR03MB2367;
 31:5rsyd52FHSMrmpBefB66y4/DjpzvL+ONdBM+wAsbZH3uKqY91XO5aA/yT0vCGDsSICRVUAKX4FPVjIZyWhKa6/Vh8Zmypvm9rR6MwfcRLlMclvhWQNqzalwLJXX/dc7xwe8gh/f9FL+gEfzxQaA/xBNiupRRwevvZ+T0Jz8jfwJWWajYqvtGYzQRdqlyLjFzIRb/bwnfGqPTCcJT784qk7WeFkDU+9kf033qdkbaGpE=;
 4:+KETqj82zS5fLIEUYEBsuW+/bUGkSvtkr4mlZ80usQ8nz8H+H/MkCS+fm7BnQlCNIwlUhx/EH+AWMHJbrTjiADOg0uTmt8Lt0qd8yaMOluKzUDEsfv0bhZKtBgypqmlq0EzCTpURWLjDZJiZ35C3O165DHIElbqNZlSGJXE7Lkfb1Q1EJui9dFtXyRY9lSXrS+xWcu9YyGlXb8pz4j2quYFil6HyuINwjH6JQkDgvxnVpD6dNBMbt04z9Yy5psBAgBv+lA5gV/AwHekoLYps6F3CDqii5INQxWiBP2Hk1ZkPjQ8BRisIrcxYPZnaFchkCPr1VM+HMsDjvTBOkiwhvn+M+NMWfZ6NTDPi4o8+jDVS4qgcNvVB8x9RdGbO3rWs
X-Exchange-Antispam-Report-Test: UriScan:(192374486261705)(185117386973197)(228905959029699); 
X-Microsoft-Antispam-PRVS: <SN2PR03MB2367EDCE1603E3ADB13C8D1DE6490@SN2PR03MB2367.namprd03.prod.outlook.com>
X-Exchange-Antispam-Report-CFA-Test: BCL:0; PCL:0;
 RULEID:(100000700101)(100105000095)(100000701101)(100105300095)(100000702101)(100105100095)(6095135)(2401047)(5005006)(8121501046)(93006095)(93001095)(3002001)(100000703101)(100105400095)(10201501046)(6055026)(6096035)(20161123556025)(20161123559100)(201703131430075)(201703131433075)(201703131448075)(201703161259150)(201703151042153)(20161123563025)(20161123565025)(20161123561025)(201708071742011)(100000704101)(100105200095)(100000705101)(100105500095);
 SRVR:SN2PR03MB2367; BCL:0; PCL:0;
 RULEID:(100000800101)(100110000095)(100000801101)(100110300095)(100000802101)(100110100095)(100000803101)(100110400095)(400006)(100000804101)(100110200095)(100000805101)(100110500095);
 SRVR:SN2PR03MB2367; 
X-Forefront-PRVS: 046060344D
X-Microsoft-Exchange-Diagnostics: =?us-ascii?Q?1; SN2PR03MB2367;
 23:795QOcaftK3sq7dst2bMUXQi4LGn82V2OGFWII99D?=
 =?us-ascii?Q?Nb9jwmHkzScQ9rNpLp/K/rzOxBcXN6i3NrqmkcyNCXwa3sfDtAjb/LLHabCW?=
 =?us-ascii?Q?VkQy/Gz6klahllB+Rq9ki87TYAZJq6KBm4KE6ELqOSL4KVpvq8oeOdo7zLms?=
 =?us-ascii?Q?gUBW26SrzpuKxKMHUM7n8zBSBUYFKfHBc3TO2DmFdEKsx2GGFiCzdVxlJb8s?=
 =?us-ascii?Q?YF1JDi4IrS8Ecof+7hp3zcfkJTtFMMij6/Ke6d+JVmuZmWUJHbQ+FOhKqmbl?=
 =?us-ascii?Q?uyd97rfw7Z2soCTjbGQ/h8xdJuwalMimb29/98/B2gSqIwlyKkEJC8j7lkib?=
 =?us-ascii?Q?wXq/DaYOD8VH0T+TqqSjK5Az/dFmRh3dUF5JvHEg3IVOvCTk+om5Cq9vN+3y?=
 =?us-ascii?Q?crpp4vpC8dhevO7zUbViBaQbh/0JibTeGyjh0rsoytJebwoasVK26H/UiBOJ?=
 =?us-ascii?Q?HDwdyfNezxmMQuODDj+4XfSI1dA3nFySPUnuDzv33Gk0cb0br307b+83B051?=
 =?us-ascii?Q?jUujOdh0KNEBdYbGt1DLqtGSFGwvSfIXP2Q8oZ4VB97m/FP/LeBU7RTSG0GL?=
 =?us-ascii?Q?4s58GFSPvPAlUN6voXFzd/9aWOCoSpVtomclFbmd04smvDWv6/NrdXYSN9Kz?=
 =?us-ascii?Q?poWRVtn4aOtZqIlkDKB99hsIQ4HZY0OReMg15RFjKkw5XFxFR0Sz4YX/ZkNj?=
 =?us-ascii?Q?keloJDBM3y7D4W8UvHSoTCwUdbU9YMqDhoANadBCcPW6Y+HbjgQP1HNXUrf2?=
 =?us-ascii?Q?UzlnazSB3BmgwQwyMDKf1Rm29JKTbct/CqSO+KUI6IB3vx09yuu3lzZzm4SU?=
 =?us-ascii?Q?eEr7qPdT+vMMtQ6D6KidLm0FZEaWwJtQ02perasyi/kIs9NVL5qgN5i73usz?=
 =?us-ascii?Q?nXbr541dC2B/PQcdzJOKOFgCKOExuq+sT4uFijMhxU3N/fDBnS1mOLDf3HXL?=
 =?us-ascii?Q?MKrnQ1igIs3vJ9ZhFeXV7qqiPafoe4LHLAKGl3/m1xQ6YZzGuoeXYZ48bXEf?=
 =?us-ascii?Q?Lex0KiP6HFjO/b71jE5luc1n8ZmMdtge+Jqx5bidMWhKaSvx6USS1O1Mcw3F?=
 =?us-ascii?Q?MpKRmh8A9m+ROwXqTr5u5MkgY/C5XFVL8ynPZePrQpCqbuRntAGK/pv/I7EF?=
 =?us-ascii?Q?Gn4mGlRH8tZOT4wySpYimcP79a9QyjOqlLUzA7NCtfPAtOrutPiV78y1QKox?=
 =?us-ascii?Q?YzO72PIjvX5f+cOl7AxOIxxsGHlGn8AOkhJJIU788gen9rYKFCX0jO9P/g+u?=
 =?us-ascii?Q?j+qDPbFz2WOaiak/pFHrKHAjrH1SK26vOHS8D4L?=
X-Microsoft-Exchange-Diagnostics: 1; SN2PR03MB2367;
 6:Ddw/8nu5sCOJCeqPvfUU4DpzecCTkTh4a654Sd1IGh3q7KdUzefMJ5ErxZHQT4rm1AumFG7LlnFtaLUH7BcuACHAD6XhwCMO0xfKUBxZ7D+nJ67V9tPJoGLiOSlR8aPI8QzwnuVBc3qfUWNGVMRVQieQ7qLC2xtFAOlXjcDO183XaLlO6itHeTI2Oba6M5j098JYBUBKTvp6lftjinV6h4n+KSG8z1vUwDQZ+rcSTV5Wm++lDFWbbs+DO7MLqsQuuh9481M5psSt/FkU4OFF6B7ctGvqr1obav2jYwAgUKN7Xi9t054wlbsaks8bZodJTF5WAsafduW5GieZ1XCX/g==;
 5:XXWUTpUNE4Bxc6R+BUgwT61tYHIc8jmPi26QW3mHuH5vG+YfjhV93z84GaMEiko14fLS2XyIvrLWbiZHov544votqeFnuMgFaJTTLGk0E+GRT6loeq6QlFDBwQhdmKyk+SjxTw49mhf2Wv6hMT+oMw==;
 24:GrkqzEwqu/ekKMLL9X2i8cAVG4LGPlDbrMUYgZAuO0p0wl6XVA/KwJ+OmE6JTcbaLA/9htZ4rQ0uKHuWbSLHQrFZHNTrvLR2KlBVpl5xyDA=;
 7:MscmbVSJpmd0zzqgwzxCKDUJimz/IO7H3JoXGBlzDsCy14GVQzoNu3y3S3udUGILkIgJxGVu9JxWVYp07H6iWoCv7ZZ7zRCSYmbFkZDkWK2Xjns5ZqANqdUQDVt/qNVo5V3PQPD54KzksEiaOo6R55k5yLqHv2FICC4sBkwCzuyaPHU+hY1zDgWK+xRRdgc1jd5hKRzm/rpgsaQxcPkCk9RtzfRSWJvoyQHswkGFHcs=
SpamDiagnosticOutput: 1:99
SpamDiagnosticMetadata: NSPM
X-MS-Exchange-CrossTenant-OriginalArrivalTime: 14 Oct 2017 22:20:26.6341 (UTC)
X-MS-Exchange-CrossTenant-Id: 5afe0b00-7697-4969-b663-5eab37d5f47e
X-MS-Exchange-CrossTenant-OriginalAttributedTenantConnectingIp: TenantId=5afe0b00-7697-4969-b663-5eab37d5f47e; Ip=[192.88.158.2];
 Helo=[az84smr01.freescale.net]
X-MS-Exchange-CrossTenant-FromEntityHeader: HybridOnPrem
X-MS-Exchange-Transport-CrossTenantHeadersStamped: SN2PR03MB2367
Subject: [dpdk-dev] [PATCH v4 01/12] lib/rte_security: add security library
X-BeenThere: dev@dpdk.org
X-Mailman-Version: 2.1.15
Precedence: list
List-Id: DPDK patches and discussions <dev.dpdk.org>
List-Unsubscribe: <http://dpdk.org/ml/options/dev>,
 <mailto:dev-request@dpdk.org?subject=unsubscribe>
List-Archive: <http://dpdk.org/ml/archives/dev/>
List-Post: <mailto:dev@dpdk.org>
List-Help: <mailto:dev-request@dpdk.org?subject=help>
List-Subscribe: <http://dpdk.org/ml/listinfo/dev>,
 <mailto:dev-request@dpdk.org?subject=subscribe>
X-List-Received-Date: Sat, 14 Oct 2017 22:20:30 -0000

rte_security library provides APIs for security session
create/free for protocol offload or offloaded crypto
operation to ethernet device.

Signed-off-by: Akhil Goyal <akhil.goyal@nxp.com>
Signed-off-by: Boris Pismenny <borisp@mellanox.com>
Signed-off-by: Radu Nicolau <radu.nicolau@intel.com>
Signed-off-by: Declan Doherty <declan.doherty@intel.com>
Signed-off-by: Aviad Yehezkel <aviadye@mellanox.com>
---
 lib/librte_security/Makefile                 |  53 +++
 lib/librte_security/rte_security.c           | 149 ++++++++
 lib/librte_security/rte_security.h           | 535 +++++++++++++++++++++++++++
 lib/librte_security/rte_security_driver.h    | 155 ++++++++
 lib/librte_security/rte_security_version.map |  13 +
 5 files changed, 905 insertions(+)
 create mode 100644 lib/librte_security/Makefile
 create mode 100644 lib/librte_security/rte_security.c
 create mode 100644 lib/librte_security/rte_security.h
 create mode 100644 lib/librte_security/rte_security_driver.h
 create mode 100644 lib/librte_security/rte_security_version.map

diff --git a/lib/librte_security/Makefile b/lib/librte_security/Makefile
new file mode 100644
index 0000000..af87bb2
--- /dev/null
+++ b/lib/librte_security/Makefile
@@ -0,0 +1,53 @@
+#   BSD LICENSE
+#
+#   Copyright(c) 2017 Intel Corporation. All rights reserved.
+#
+#   Redistribution and use in source and binary forms, with or without
+#   modification, are permitted provided that the following conditions
+#   are met:
+#
+#     * Redistributions of source code must retain the above copyright
+#       notice, this list of conditions and the following disclaimer.
+#     * Redistributions in binary form must reproduce the above copyright
+#       notice, this list of conditions and the following disclaimer in
+#       the documentation and/or other materials provided with the
+#       distribution.
+#     * Neither the name of Intel Corporation nor the names of its
+#       contributors may be used to endorse or promote products derived
+#       from this software without specific prior written permission.
+#
+#   THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS
+#   "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT
+#   LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR
+#   A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT
+#   OWNER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
+#   SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT
+#   LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE,
+#   DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY
+#   THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
+#   (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE
+#   OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
+
+include $(RTE_SDK)/mk/rte.vars.mk
+
+# library name
+LIB = librte_security.a
+
+# library version
+LIBABIVER := 1
+
+# build flags
+CFLAGS += -O3
+CFLAGS += $(WERROR_FLAGS)
+
+# library source files
+SRCS-y += rte_security.c
+
+# export include files
+SYMLINK-y-include += rte_security.h
+SYMLINK-y-include += rte_security_driver.h
+
+# versioning export map
+EXPORT_MAP := rte_security_version.map
+
+include $(RTE_SDK)/mk/rte.lib.mk
diff --git a/lib/librte_security/rte_security.c b/lib/librte_security/rte_security.c
new file mode 100644
index 0000000..1227fca
--- /dev/null
+++ b/lib/librte_security/rte_security.c
@@ -0,0 +1,149 @@
+/*-
+ *   BSD LICENSE
+ *
+ *   Copyright 2017 NXP.
+ *   Copyright(c) 2017 Intel Corporation. All rights reserved.
+ *
+ *   Redistribution and use in source and binary forms, with or without
+ *   modification, are permitted provided that the following conditions
+ *   are met:
+ *
+ *     * Redistributions of source code must retain the above copyright
+ *       notice, this list of conditions and the following disclaimer.
+ *     * Redistributions in binary form must reproduce the above copyright
+ *       notice, this list of conditions and the following disclaimer in
+ *       the documentation and/or other materials provided with the
+ *       distribution.
+ *     * Neither the name of NXP nor the names of its
+ *       contributors may be used to endorse or promote products derived
+ *       from this software without specific prior written permission.
+ *
+ *   THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS
+ *   "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT
+ *   LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR
+ *   A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT
+ *   OWNER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
+ *   SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT
+ *   LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE,
+ *   DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY
+ *   THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
+ *   (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE
+ *   OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
+ */
+
+#include <rte_malloc.h>
+#include <rte_dev.h>
+
+#include "rte_security.h"
+#include "rte_security_driver.h"
+
+struct rte_security_session *
+rte_security_session_create(struct rte_security_ctx *instance,
+			    struct rte_security_session_conf *conf,
+			    struct rte_mempool *mp)
+{
+	struct rte_security_session *sess = NULL;
+
+	if (conf == NULL)
+		return NULL;
+
+	RTE_FUNC_PTR_OR_ERR_RET(*instance->ops->session_create, NULL);
+
+	if (rte_mempool_get(mp, (void *)&sess))
+		return NULL;
+
+	if (instance->ops->session_create(instance->device, conf, sess, mp)) {
+		rte_mempool_put(mp, (void *)sess);
+		return NULL;
+	}
+	instance->sess_cnt++;
+
+	return sess;
+}
+
+int
+rte_security_session_update(struct rte_security_ctx *instance,
+			    struct rte_security_session *sess,
+			    struct rte_security_session_conf *conf)
+{
+	RTE_FUNC_PTR_OR_ERR_RET(*instance->ops->session_update, -ENOTSUP);
+	return instance->ops->session_update(instance->device, sess, conf);
+}
+
+int
+rte_security_session_stats_get(struct rte_security_ctx *instance,
+			       struct rte_security_session *sess,
+			       struct rte_security_stats *stats)
+{
+	RTE_FUNC_PTR_OR_ERR_RET(*instance->ops->session_stats_get, -ENOTSUP);
+	return instance->ops->session_stats_get(instance->device, sess, stats);
+}
+
+int
+rte_security_session_destroy(struct rte_security_ctx *instance,
+			     struct rte_security_session *sess)
+{
+	int ret;
+	struct rte_mempool *mp = rte_mempool_from_obj(sess);
+
+	RTE_FUNC_PTR_OR_ERR_RET(*instance->ops->session_destroy, -ENOTSUP);
+
+	if (instance->sess_cnt)
+		instance->sess_cnt--;
+
+	ret = instance->ops->session_destroy(instance->device, sess);
+	if (!ret)
+		rte_mempool_put(mp, (void *)sess);
+
+	return ret;
+}
+
+int
+rte_security_set_pkt_metadata(struct rte_security_ctx *instance,
+			      struct rte_security_session *sess,
+			      struct rte_mbuf *m, void *params)
+{
+	RTE_FUNC_PTR_OR_ERR_RET(*instance->ops->set_pkt_metadata, -ENOTSUP);
+	return instance->ops->set_pkt_metadata(instance->device,
+					       sess, m, params);
+}
+
+const struct rte_security_capability *
+rte_security_capabilities_get(struct rte_security_ctx *instance)
+{
+	RTE_FUNC_PTR_OR_ERR_RET(*instance->ops->capabilities_get, NULL);
+	return instance->ops->capabilities_get(instance->device);
+}
+
+const struct rte_security_capability *
+rte_security_capability_get(struct rte_security_ctx *instance,
+			    struct rte_security_capability_idx *idx)
+{
+	const struct rte_security_capability *capabilities;
+	const struct rte_security_capability *capability;
+	uint16_t i = 0;
+
+	RTE_FUNC_PTR_OR_ERR_RET(*instance->ops->capabilities_get, NULL);
+	capabilities = instance->ops->capabilities_get(instance->device);
+
+	if (capabilities == NULL)
+		return NULL;
+
+	while ((capability = &capabilities[i++])->action
+			!= RTE_SECURITY_ACTION_TYPE_NONE) {
+		if (capability->action  == idx->action &&
+				capability->protocol == idx->protocol) {
+			if (idx->protocol == RTE_SECURITY_PROTOCOL_IPSEC) {
+				if (capability->ipsec.proto ==
+						idx->ipsec.proto &&
+					capability->ipsec.mode ==
+							idx->ipsec.mode &&
+					capability->ipsec.direction ==
+							idx->ipsec.direction)
+					return capability;
+			}
+		}
+	}
+
+	return NULL;
+}
diff --git a/lib/librte_security/rte_security.h b/lib/librte_security/rte_security.h
new file mode 100644
index 0000000..416bbfd
--- /dev/null
+++ b/lib/librte_security/rte_security.h
@@ -0,0 +1,535 @@
+/*-
+ *   BSD LICENSE
+ *
+ *   Copyright 2017 NXP.
+ *   Copyright(c) 2017 Intel Corporation. All rights reserved.
+ *
+ *   Redistribution and use in source and binary forms, with or without
+ *   modification, are permitted provided that the following conditions
+ *   are met:
+ *
+ *     * Redistributions of source code must retain the above copyright
+ *       notice, this list of conditions and the following disclaimer.
+ *     * Redistributions in binary form must reproduce the above copyright
+ *       notice, this list of conditions and the following disclaimer in
+ *       the documentation and/or other materials provided with the
+ *       distribution.
+ *     * Neither the name of NXP nor the names of its
+ *       contributors may be used to endorse or promote products derived
+ *       from this software without specific prior written permission.
+ *
+ *   THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS
+ *   "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT
+ *   LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR
+ *   A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT
+ *   OWNER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
+ *   SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT
+ *   LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE,
+ *   DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY
+ *   THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
+ *   (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE
+ *   OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
+ */
+
+#ifndef _RTE_SECURITY_H_
+#define _RTE_SECURITY_H_
+
+/**
+ * @file rte_security.h
+ *
+ * RTE Security Common Definitions
+ *
+ */
+
+#ifdef __cplusplus
+extern "C" {
+#endif
+
+#include <sys/types.h>
+
+#include <netinet/in.h>
+#include <netinet/ip.h>
+#include <netinet/ip6.h>
+
+#include <rte_common.h>
+#include <rte_crypto.h>
+#include <rte_mbuf.h>
+#include <rte_memory.h>
+#include <rte_mempool.h>
+
+/** IPSec protocol mode */
+enum rte_security_ipsec_sa_mode {
+	RTE_SECURITY_IPSEC_SA_MODE_TRANSPORT,
+	/**< IPSec Transport mode */
+	RTE_SECURITY_IPSEC_SA_MODE_TUNNEL,
+	/**< IPSec Tunnel mode */
+};
+
+/** IPSec Protocol */
+enum rte_security_ipsec_sa_protocol {
+	RTE_SECURITY_IPSEC_SA_PROTO_AH,
+	/**< AH protocol */
+	RTE_SECURITY_IPSEC_SA_PROTO_ESP,
+	/**< ESP protocol */
+};
+
+/** IPSEC tunnel type */
+enum rte_security_ipsec_tunnel_type {
+	RTE_SECURITY_IPSEC_TUNNEL_IPV4,
+	/**< Outer header is IPv4 */
+	RTE_SECURITY_IPSEC_TUNNEL_IPV6,
+	/**< Outer header is IPv6 */
+};
+
+/**
+ * Security context for crypto/eth devices
+ *
+ * Security instance for each driver to register security operations.
+ * The application can get the security context from the crypto/eth device id
+ * using the APIs rte_cryptodev_get_sec_ctx()/rte_eth_dev_get_sec_ctx()
+ * This structure is used to identify the device(crypto/eth) for which the
+ * security operations need to be performed.
+ */
+struct rte_security_ctx {
+	enum {
+		RTE_SECURITY_INSTANCE_INVALID,
+		/**< Security context is invalid */
+		RTE_SECURITY_INSTANCE_VALID
+		/**< Security context is valid */
+	} state;
+	/**< Current state of security context */
+	void *device;
+	/**< Crypto/ethernet device attached */
+	struct rte_security_ops *ops;
+	/**< Pointer to security ops for the device */
+	uint16_t sess_cnt;
+	/**< Number of sessions attached to this context */
+};
+
+/**
+ * IPSEC tunnel parameters
+ *
+ * These parameters are used to build outbound tunnel headers.
+ */
+struct rte_security_ipsec_tunnel_param {
+	enum rte_security_ipsec_tunnel_type type;
+	/**< Tunnel type: IPv4 or IPv6 */
+	RTE_STD_C11
+	union {
+		struct {
+			struct in_addr src_ip;
+			/**< IPv4 source address */
+			struct in_addr dst_ip;
+			/**< IPv4 destination address */
+			uint8_t dscp;
+			/**< IPv4 Differentiated Services Code Point */
+			uint8_t df;
+			/**< IPv4 Don't Fragment bit */
+			uint8_t ttl;
+			/**< IPv4 Time To Live */
+		} ipv4;
+		/**< IPv4 header parameters */
+		struct {
+			struct in6_addr src_addr;
+			/**< IPv6 source address */
+			struct in6_addr dst_addr;
+			/**< IPv6 destination address */
+			uint8_t dscp;
+			/**< IPv6 Differentiated Services Code Point */
+			uint32_t flabel;
+			/**< IPv6 flow label */
+			uint8_t hlimit;
+			/**< IPv6 hop limit */
+		} ipv6;
+		/**< IPv6 header parameters */
+	};
+};
+
+/**
+ * IPsec Security Association option flags
+ */
+struct rte_security_ipsec_sa_options {
+	/**< Extended Sequence Numbers (ESN)
+	 *
+	 * * 1: Use extended (64 bit) sequence numbers
+	 * * 0: Use normal sequence numbers
+	 */
+	uint32_t esn : 1;
+
+	/**< UDP encapsulation
+	 *
+	 * * 1: Do UDP encapsulation/decapsulation so that IPSEC packets can
+	 *      traverse through NAT boxes.
+	 * * 0: No UDP encapsulation
+	 */
+	uint32_t udp_encap : 1;
+
+	/**< Copy DSCP bits
+	 *
+	 * * 1: Copy IPv4 or IPv6 DSCP bits from inner IP header to
+	 *      the outer IP header in encapsulation, and vice versa in
+	 *      decapsulation.
+	 * * 0: Do not change DSCP field.
+	 */
+	uint32_t copy_dscp : 1;
+
+	/**< Copy IPv6 Flow Label
+	 *
+	 * * 1: Copy IPv6 flow label from inner IPv6 header to the
+	 *      outer IPv6 header.
+	 * * 0: Outer header is not modified.
+	 */
+	uint32_t copy_flabel : 1;
+
+	/**< Copy IPv4 Don't Fragment bit
+	 *
+	 * * 1: Copy the DF bit from the inner IPv4 header to the outer
+	 *      IPv4 header.
+	 * * 0: Outer header is not modified.
+	 */
+	uint32_t copy_df : 1;
+
+	/**< Decrement inner packet Time To Live (TTL) field
+	 *
+	 * * 1: In tunnel mode, decrement inner packet IPv4 TTL or
+	 *      IPv6 Hop Limit after tunnel decapsulation, or before tunnel
+	 *      encapsulation.
+	 * * 0: Inner packet is not modified.
+	 */
+	uint32_t dec_ttl : 1;
+};
+
+/** IPSec security association direction */
+enum rte_security_ipsec_sa_direction {
+	RTE_SECURITY_IPSEC_SA_DIR_EGRESS,
+	/**< Encrypt and generate digest */
+	RTE_SECURITY_IPSEC_SA_DIR_INGRESS,
+	/**< Verify digest and decrypt */
+};
+
+/**
+ * IPsec security association configuration data.
+ *
+ * This structure contains data required to create an IPsec SA security session.
+ */
+struct rte_security_ipsec_xform {
+	uint32_t spi;
+	/**< SA security parameter index */
+	uint32_t salt;
+	/**< SA salt */
+	struct rte_security_ipsec_sa_options options;
+	/**< various SA options */
+	enum rte_security_ipsec_sa_direction direction;
+	/**< IPSec SA Direction - Egress/Ingress */
+	enum rte_security_ipsec_sa_protocol proto;
+	/**< IPsec SA Protocol - AH/ESP */
+	enum rte_security_ipsec_sa_mode mode;
+	/**< IPsec SA Mode - transport/tunnel */
+	struct rte_security_ipsec_tunnel_param tunnel;
+	/**< Tunnel parameters, NULL for transport mode */
+};
+
+/**
+ * MACsec security session configuration
+ */
+struct rte_security_macsec_xform {
+	/** To be Filled */
+};
+
+/**
+ * Security session action type.
+ */
+enum rte_security_session_action_type {
+	RTE_SECURITY_ACTION_TYPE_NONE,
+	/**< No security actions */
+	RTE_SECURITY_ACTION_TYPE_INLINE_CRYPTO,
+	/**< Crypto processing for security protocol is processed inline
+	 * during transmission
+	 */
+	RTE_SECURITY_ACTION_TYPE_INLINE_PROTOCOL,
+	/**< All security protocol processing is performed inline during
+	 * transmission
+	 */
+	RTE_SECURITY_ACTION_TYPE_LOOKASIDE_PROTOCOL
+	/**< All security protocol processing including crypto is performed
+	 * on a lookaside accelerator
+	 */
+};
+
+/** Security session protocol definition */
+enum rte_security_session_protocol {
+	RTE_SECURITY_PROTOCOL_IPSEC,
+	/**< IPsec Protocol */
+	RTE_SECURITY_PROTOCOL_MACSEC,
+	/**< MACSec Protocol */
+};
+
+/**
+ * Security session configuration
+ */
+struct rte_security_session_conf {
+	enum rte_security_session_action_type action_type;
+	/**< Type of action to be performed on the session */
+	enum rte_security_session_protocol protocol;
+	/**< Security protocol to be configured */
+	union {
+		struct rte_security_ipsec_xform ipsec;
+		struct rte_security_macsec_xform macsec;
+	};
+	/**< Configuration parameters for security session */
+	struct rte_crypto_sym_xform *crypto_xform;
+	/**< Security Session Crypto Transformations */
+};
+
+struct rte_security_session {
+	void *sess_private_data;
+	/**< Private session material */
+};
+
+/**
+ * Create security session as specified by the session configuration
+ *
+ * @param   instance	security instance
+ * @param   conf	session configuration parameters
+ * @param   mp		mempool to allocate session objects from
+ * @return
+ *  - On success, pointer to session
+ *  - On failure, NULL
+ */
+struct rte_security_session *
+rte_security_session_create(struct rte_security_ctx *instance,
+			    struct rte_security_session_conf *conf,
+			    struct rte_mempool *mp);
+
+/**
+ * Update security session as specified by the session configuration
+ *
+ * @param   instance	security instance
+ * @param   sess	session to update parameters
+ * @param   conf	update configuration parameters
+ * @return
+ *  - On success returns 0
+ *  - On failure return errno
+ */
+int
+rte_security_session_update(struct rte_security_ctx *instance,
+			    struct rte_security_session *sess,
+			    struct rte_security_session_conf *conf);
+
+/**
+ * Free security session header and the session private data and
+ * return it to its original mempool.
+ *
+ * @param   instance	security instance
+ * @param   sess	security session to freed
+ *
+ * @return
+ *  - 0 if successful.
+ *  - -EINVAL if session is NULL.
+ *  - -EBUSY if not all device private data has been freed.
+ */
+int
+rte_security_session_destroy(struct rte_security_ctx *instance,
+			     struct rte_security_session *sess);
+
+/**
+ *  Updates the buffer with device-specific defined metadata
+ *
+ * @param	instance	security instance
+ * @param	sess		security session
+ * @param	mb		packet mbuf to set metadata on.
+ * @param	params		device-specific defined parameters
+ *				required for metadata
+ *
+ * @return
+ *  - On success, zero.
+ *  - On failure, a negative value.
+ */
+int
+rte_security_set_pkt_metadata(struct rte_security_ctx *instance,
+			      struct rte_security_session *sess,
+			      struct rte_mbuf *mb, void *params);
+
+/**
+ * Attach a session to a symmetric crypto operation
+ *
+ * @param	sym_op	crypto operation
+ * @param	sess	security session
+ */
+static inline int
+__rte_security_attach_session(struct rte_crypto_sym_op *sym_op,
+			      struct rte_security_session *sess)
+{
+	sym_op->sec_session = sess;
+
+	return 0;
+}
+
+static inline void *
+get_sec_session_private_data(const struct rte_security_session *sess)
+{
+	return sess->sess_private_data;
+}
+
+static inline void
+set_sec_session_private_data(struct rte_security_session *sess,
+			     void *private_data)
+{
+	sess->sess_private_data = private_data;
+}
+
+/**
+ * Attach a session to a crypto operation.
+ * This API is needed only in case of RTE_SECURITY_SESS_CRYPTO_PROTO_OFFLOAD
+ * For other rte_security_session_action_type, ol_flags in rte_mbuf may be
+ * defined to perform security operations.
+ *
+ * @param	op	crypto operation
+ * @param	sess	security session
+ */
+static inline int
+rte_security_attach_session(struct rte_crypto_op *op,
+			    struct rte_security_session *sess)
+{
+	if (unlikely(op->type != RTE_CRYPTO_OP_TYPE_SYMMETRIC))
+		return -EINVAL;
+
+	op->sess_type =  RTE_CRYPTO_OP_SECURITY_SESSION;
+
+	return __rte_security_attach_session(op->sym, sess);
+}
+
+struct rte_security_macsec_stats {
+	uint64_t reserved;
+};
+
+struct rte_security_ipsec_stats {
+	uint64_t reserved;
+
+};
+
+struct rte_security_stats {
+	enum rte_security_session_protocol protocol;
+	/**< Security protocol to be configured */
+
+	union {
+		struct rte_security_macsec_stats macsec;
+		struct rte_security_ipsec_stats ipsec;
+	};
+};
+
+/**
+ * Get security session statistics
+ *
+ * @param	instance	security instance
+ * @param	sess		security session
+ * @param	stats		statistics
+ * @return
+ *  - On success return 0
+ *  - On failure errno
+ */
+int
+rte_security_session_stats_get(struct rte_security_ctx *instance,
+			       struct rte_security_session *sess,
+			       struct rte_security_stats *stats);
+
+/**
+ * Security capability definition
+ */
+struct rte_security_capability {
+	enum rte_security_session_action_type action;
+	/**< Security action type*/
+	enum rte_security_session_protocol protocol;
+	/**< Security protocol */
+	RTE_STD_C11
+	union {
+		struct {
+			enum rte_security_ipsec_sa_protocol proto;
+			/**< IPsec SA protocol */
+			enum rte_security_ipsec_sa_mode mode;
+			/**< IPsec SA mode */
+			enum rte_security_ipsec_sa_direction direction;
+			/**< IPsec SA direction */
+			struct rte_security_ipsec_sa_options options;
+			/**< IPsec SA supported options */
+		} ipsec;
+		/**< IPsec capability */
+		struct {
+			/* To be Filled */
+		} macsec;
+		/**< MACsec capability */
+	};
+
+	const struct rte_cryptodev_capabilities *crypto_capabilities;
+	/**< Corresponding crypto capabilities for security capability  */
+
+	uint32_t ol_flags;
+	/**< Device offload flags */
+};
+
+#define RTE_SECURITY_TX_OLOAD_NEED_MDATA	0x00000001
+/**< HW needs metadata update, see rte_security_set_pkt_metadata().
+ */
+
+#define RTE_SECURITY_TX_HW_TRAILER_OFFLOAD	0x00000002
+/**< HW constructs trailer of packets
+ * Transmitted packets will have the trailer added to them
+ * by hardawre. The next protocol field will be based on
+ * the mbuf->inner_esp_next_proto field.
+ */
+#define RTE_SECURITY_RX_HW_TRAILER_OFFLOAD	0x00010000
+/**< HW removes trailer of packets
+ * Received packets have no trailer, the next protocol field
+ * is supplied in the mbuf->inner_esp_next_proto field.
+ * Inner packet is not modified.
+ */
+
+/**
+ * Security capability index used to query a security instance for a specific
+ * security capability
+ */
+struct rte_security_capability_idx {
+	enum rte_security_session_action_type action;
+	enum rte_security_session_protocol protocol;
+
+	union {
+		struct {
+			enum rte_security_ipsec_sa_protocol proto;
+			enum rte_security_ipsec_sa_mode mode;
+			enum rte_security_ipsec_sa_direction direction;
+		} ipsec;
+	};
+};
+
+/**
+ *  Returns array of security instance capabilities
+ *
+ * @param	instance	Security instance.
+ *
+ * @return
+ *   - Returns array of security capabilities.
+ *   - Return NULL if no capabilities available.
+ */
+const struct rte_security_capability *
+rte_security_capabilities_get(struct rte_security_ctx *instance);
+
+/**
+ * Query if a specific capability is available on security instance
+ *
+ * @param	instance	security instance.
+ * @param	idx		security capability index to match against
+ *
+ * @return
+ *   - Returns pointer to security capability on match of capability
+ *     index criteria.
+ *   - Return NULL if the capability not matched on security instance.
+ */
+const struct rte_security_capability *
+rte_security_capability_get(struct rte_security_ctx *instance,
+			    struct rte_security_capability_idx *idx);
+
+#ifdef __cplusplus
+}
+#endif
+
+#endif /* _RTE_SECURITY_H_ */
diff --git a/lib/librte_security/rte_security_driver.h b/lib/librte_security/rte_security_driver.h
new file mode 100644
index 0000000..78814fa
--- /dev/null
+++ b/lib/librte_security/rte_security_driver.h
@@ -0,0 +1,155 @@
+/*-
+ *   BSD LICENSE
+ *
+ *   Copyright(c) 2017 Intel Corporation. All rights reserved.
+ *   Copyright 2017 NXP.
+ *
+ *   Redistribution and use in source and binary forms, with or without
+ *   modification, are permitted provided that the following conditions
+ *   are met:
+ *
+ *     * Redistributions of source code must retain the above copyright
+ *       notice, this list of conditions and the following disclaimer.
+ *     * Redistributions in binary form must reproduce the above copyright
+ *       notice, this list of conditions and the following disclaimer in
+ *       the documentation and/or other materials provided with the
+ *       distribution.
+ *     * Neither the name of Intel Corporation nor the names of its
+ *       contributors may be used to endorse or promote products derived
+ *       from this software without specific prior written permission.
+ *
+ *   THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS
+ *   "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT
+ *   LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR
+ *   A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT
+ *   OWNER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
+ *   SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT
+ *   LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE,
+ *   DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY
+ *   THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
+ *   (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE
+ *   OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
+ */
+
+#ifndef _RTE_SECURITY_DRIVER_H_
+#define _RTE_SECURITY_DRIVER_H_
+
+/**
+ * @file rte_security_driver.h
+ *
+ * RTE Security Common Definitions
+ *
+ */
+
+#ifdef __cplusplus
+extern "C" {
+#endif
+
+#include "rte_security.h"
+
+/**
+ * Configure a security session on a device.
+ *
+ * @param	device		Crypto/eth device pointer
+ * @param	conf		Security session configuration
+ * @param	sess		Pointer to Security private session structure
+ * @param	mp		Mempool where the private session is allocated
+ *
+ * @return
+ *  - Returns 0 if private session structure have been created successfully.
+ *  - Returns -EINVAL if input parameters are invalid.
+ *  - Returns -ENOTSUP if crypto device does not support the crypto transform.
+ *  - Returns -ENOMEM if the private session could not be allocated.
+ */
+typedef int (*security_session_create_t)(void *device,
+		struct rte_security_session_conf *conf,
+		struct rte_security_session *sess,
+		struct rte_mempool *mp);
+
+/**
+ * Free driver private session data.
+ *
+ * @param	dev		Crypto/eth device pointer
+ * @param	sess		Security session structure
+ */
+typedef int (*security_session_destroy_t)(void *device,
+		struct rte_security_session *sess);
+
+/**
+ * Update driver private session data.
+ *
+ * @param	device		Crypto/eth device pointer
+ * @param	sess		Pointer to Security private session structure
+ * @param	conf		Security session configuration
+ *
+ * @return
+ *  - Returns 0 if private session structure have been updated successfully.
+ *  - Returns -EINVAL if input parameters are invalid.
+ *  - Returns -ENOTSUP if crypto device does not support the crypto transform.
+ */
+typedef int (*security_session_update_t)(void *device,
+		struct rte_security_session *sess,
+		struct rte_security_session_conf *conf);
+/**
+ * Get stats from the PMD.
+ *
+ * @param	device		Crypto/eth device pointer
+ * @param	sess		Pointer to Security private session structure
+ * @param	stats		Security stats of the driver
+ *
+ * @return
+ *  - Returns 0 if private session structure have been updated successfully.
+ *  - Returns -EINVAL if session parameters are invalid.
+ */
+typedef int (*security_session_stats_get_t)(void *device,
+		struct rte_security_session *sess,
+		struct rte_security_stats *stats);
+
+/**
+ * Update the mbuf with provided metadata.
+ *
+ * @param	sess		Security session structure
+ * @param	mb		Packet buffer
+ * @param	mt		Metadata
+ *
+ * @return
+ *  - Returns 0 if metadata updated successfully.
+ *  - Returns -ve value for errors.
+ */
+typedef int (*security_set_pkt_metadata_t)(void *device,
+		struct rte_security_session *sess, struct rte_mbuf *m,
+		void *params);
+
+/**
+ * Get security capabilities of the device.
+ *
+ * @param	device		crypto/eth device pointer
+ *
+ * @return
+ *  - Returns rte_security_capability pointer on success.
+ *  - Returns NULL on error.
+ */
+typedef const struct rte_security_capability *(*security_capabilities_get_t)(
+		void *device);
+
+/** Security operations function pointer table */
+struct rte_security_ops {
+	security_session_create_t session_create;
+	/**< Configure a security session. */
+	security_session_update_t session_update;
+	/**< Update a security session. */
+	security_session_stats_get_t session_stats_get;
+	/**< Get security session statistics. */
+	security_session_destroy_t session_destroy;
+	/**< Clear a security sessions private data. */
+	security_set_pkt_metadata_t set_pkt_metadata;
+	/**< Update mbuf metadata. */
+	security_capabilities_get_t capabilities_get;
+	/**< Get security capabilities. */
+};
+
+#ifdef __cplusplus
+}
+#endif
+
+#endif /* _RTE_SECURITY_DRIVER_H_ */
diff --git a/lib/librte_security/rte_security_version.map b/lib/librte_security/rte_security_version.map
new file mode 100644
index 0000000..8af7fc1
--- /dev/null
+++ b/lib/librte_security/rte_security_version.map
@@ -0,0 +1,13 @@
+DPDK_17.11 {
+	global:
+
+	rte_security_attach_session;
+	rte_security_capabilities_get;
+	rte_security_capability_get;
+	rte_security_session_create;
+	rte_security_session_destroy;
+	rte_security_session_stats_get;
+	rte_security_session_update;
+	rte_security_set_pkt_metadata;
+
+};
-- 
2.9.3