Hi Maxim, I noticed that but I wanted to know if there are some other comments more oriented to the functionality this patch proposes.
Thanks, Alex On 30 July 2015 at 12:21, Maxim Uvarov <[email protected]> wrote: > On 07/30/15 12:04, Alexandru Badicioiu wrote: > >> Ping. >> > > Alex, Mike replayed to you to fix minor fixes. > > Maxim. > >> >> On 22 July 2015 at 11:26, <[email protected] <mailto: >> [email protected]>> wrote: >> >> From: Alexandru Badicioiu <[email protected] >> <mailto:[email protected]>> >> >> This patch adds IPSec protocol processing capabilities to crypto >> sesssions. Implementations which have these capabilities in hardware >> crypto engines can use the extension to offload the application from >> IPSec protocol processing. >> >> Signed-off-by: Alexandru Badicioiu <[email protected] >> <mailto:[email protected]>> >> >> --- >> include/odp/api/crypto_ipsec.h | 110 >> ++++++++++++++++++++ >> platform/linux-generic/include/odp/crypto.h | 2 + >> .../include/odp/plat/crypto_ipsec_types.h | 53 ++++++++++ >> 3 files changed, 165 insertions(+), 0 deletions(-) >> create mode 100644 include/odp/api/crypto_ipsec.h >> create mode 100644 >> platform/linux-generic/include/odp/plat/crypto_ipsec_types.h >> >> diff --git a/include/odp/api/crypto_ipsec.h >> b/include/odp/api/crypto_ipsec.h >> new file mode 100644 >> index 0000000..e59fea4 >> --- /dev/null >> +++ b/include/odp/api/crypto_ipsec.h >> @@ -0,0 +1,110 @@ >> +/* Copyright (c) 2014, Linaro Limited >> + * All rights reserved. >> + * >> + * SPDX-License-Identifier: BSD-3-Clause >> + */ >> + >> +/** >> + * @file >> + * >> + * ODP crypto IPSec extension >> + */ >> + >> +#ifndef ODP_API_CRYPTO_IPSEC_H_ >> +#define ODP_API_CRYPTO_IPSEC_H_ >> + >> +#ifdef __cplusplus >> +extern "C" { >> +#endif >> + >> +/** >> + * @enum odp_ipsec_outhdr_type >> + * IPSec tunnel outer header type >> + * >> + * @enum odp_ipsec_ar_ws >> + * IPSec Anti-replay window size >> + * >> + */ >> + >> +typedef struct odp_ipsec_params { >> + uint32_t spi; /** SPI value */ >> + uint32_t seq; /** Initial SEQ number */ >> + enum odp_ipsec_ar_ws ar_ws; /** Anti-replay window size - >> + inbound session with >> authentication */ >> + odp_bool_t esn; /** Use extended sequence numbers */ >> + odp_bool_t auto_iv; /** Auto IV generation for each >> operation. */ >> + uint16_t out_hdr_size; /** outer header size - tunnel >> mode */ >> + uint8_t *out_hdr; /** outer header - tunnel mode */ >> + enum odp_ipsec_outhdr_type out_hdr_type; /* outer header >> type - >> + tunnel mode */ >> + odp_bool_t ip_csum; /** update/verify ip header >> checksum */ >> + odp_bool_t ip_dttl; /** decrement ttl - tunnel mode >> encap & decap */ >> + odp_bool_t remove_outer_hdr; /** remove outer header - >> tunnel mode decap */ >> + odp_bool_t copy_dscp; /** DiffServ Copy - Copy the IPv4 >> TOS or >> + IPv6 Traffic Class byte from >> the inner/outer >> + IP header to the outer/inner >> IP header - >> + tunnel mode encap & decap */ >> + odp_bool_t copy_df; /** Copy DF bit - copy the DF bit from >> + the inner IP header to the >> + outer IP header - tunnel mode >> encap */ >> + odp_bool_t nat_t; /** NAT-T encapsulation enabled - >> tunnel mode */ >> + odp_bool_t udp_csum; /** Update/verify UDP csum when >> NAT-T enabled */ >> + >> +} odp_ipsec_params_t; >> + >> +/** >> + * @enum odp_ipsec_mode:ODP_IPSEC_MODE_TUNNEL >> + * IPSec tunnel mode >> + * >> + * @enum odp_ipsec_mode:ODP_IPSEC_MODE_TRANSPORT >> + * IPSec transport mode >> + * >> + * @enum odp_ipsec_proto >> + * IPSec protocol >> + */ >> + >> +/** >> + * Configure crypto session for IPsec processing >> + * >> + * Configures a crypto session for IPSec protocol processing. >> + * Packets submitted to an IPSec enabled session will have >> + * relevant IPSec headers/trailers and tunnel headers >> + * added/removed by the crypto implementation. >> + * For example, the input packet for an IPSec ESP transport >> + * enabled session should be the clear text packet with >> + * no ESP headers/trailers prepared in advance for crypto operation. >> + * The output packet will have ESP header, IV, trailer and the >> ESP ICV >> + * added by crypto implementation. >> + * Depending on the particular capabilities of an implementation and >> + * the parameters enabled by application, the application may be >> + * partially or completely offloaded from IPSec protocol processing. >> + * For example, if an implementation does not support checksum >> + * update for IP header after adding ESP header the application >> + * should update after crypto IPSec operation. >> + * >> + * If an implementation does not support a particular set of >> + * arguments it should return error. >> + * >> + * @param session Session handle >> + * @param ipsec_mode IPSec protocol mode >> + * @param ipsec_proto IPSec protocol >> + * @param ipsec_params IPSec parameters. Parameters which are not >> + * relevant for selected protocol & mode >> are ignored - >> + * e.g. outer_hdr/size set for ESP >> transport mode. >> + * @retval 0 on success >> + * @retval <0 on failure >> + */ >> +int odp_crypto_session_config_ipsec(odp_crypto_session_t session, >> + enum odp_ipsec_mode ipsec_mode, >> + enum odp_ipsec_proto ipsec_proto, >> + odp_ipsec_params_t ipsec_params); >> + >> +/** >> + * @} >> + */ >> + >> +#ifdef __cplusplus >> +} >> +#endif >> + >> +#endif >> diff --git a/platform/linux-generic/include/odp/crypto.h >> b/platform/linux-generic/include/odp/crypto.h >> index 7684c1e..718ab7d 100644 >> --- a/platform/linux-generic/include/odp/crypto.h >> +++ b/platform/linux-generic/include/odp/crypto.h >> @@ -20,6 +20,7 @@ extern "C" { >> #include <odp/std_types.h> >> #include <odp/plat/packet_types.h> >> #include <odp/plat/crypto_types.h> >> +#include <odp/plat/crypto_ipsec_types.h> >> #include <odp/plat/buffer_types.h> >> #include <odp/plat/pool_types.h> >> #include <odp/queue.h> >> @@ -33,6 +34,7 @@ extern "C" { >> */ >> >> #include <odp/api/crypto.h> >> +#include <odp/api/crypto_ipsec.h> >> >> #ifdef __cplusplus >> } >> diff --git >> a/platform/linux-generic/include/odp/plat/crypto_ipsec_types.h >> b/platform/linux-generic/include/odp/plat/crypto_ipsec_types.h >> new file mode 100644 >> index 0000000..74521da >> --- /dev/null >> +++ b/platform/linux-generic/include/odp/plat/crypto_ipsec_types.h >> @@ -0,0 +1,53 @@ >> +/* Copyright (c) 2015, Linaro Limited >> + * All rights reserved. >> + * >> + * SPDX-License-Identifier: BSD-3-Clause >> + */ >> + >> +/** >> + * @file >> + * >> + * ODP crypto >> + */ >> + >> +#ifndef ODP_CRYPTO_IPSEC_TYPES_H_ >> +#define ODP_CRYPTO_IPSEC_TYPES_H_ >> + >> +#ifdef __cplusplus >> +extern "C" { >> +#endif >> + >> +/** @addtogroup odp_crypto >> + * @{ >> + */ >> + >> +enum odp_ipsec_mode { >> + ODP_IPSEC_MODE_TUNNEL, /**< IPSec tunnel mode */ >> + ODP_IPSEC_MODE_TRANSPORT, /**< IPSec transport mode */ >> +}; >> + >> +enum odp_ipsec_proto { >> + ODP_IPSEC_ESP, /**< ESP protocol */ >> +}; >> + >> +enum odp_ipsec_outhdr_type { >> + ODP_IPSEC_OUTHDR_IPV4, /**< Outer header is IPv4 */ >> + ODP_IPSEC_OUTHDR_IPV6, /**< Outer header is IPv6 */ >> +}; >> + >> +enum odp_ipsec_ar_ws { >> + ODP_IPSEC_AR_WS_NONE, /**< Anti-replay is not enabled */ >> + ODP_IPSEC_AR_WS_32, /**< Anti-replay window size 32 */ >> + ODP_IPSEC_AR_WS_64, /**< Anti-replay window size 64 */ >> + ODP_IPSEC_AR_WS_128, /**< Anti-replay window size 128 */ >> +}; >> + >> +/** >> + * @} >> + */ >> + >> +#ifdef __cplusplus >> +} >> +#endif >> + >> +#endif >> -- >> 1.7.3.4 >> >> >> >> >> _______________________________________________ >> lng-odp mailing list >> [email protected] >> https://lists.linaro.org/mailman/listinfo/lng-odp >> > > _______________________________________________ > lng-odp mailing list > [email protected] > https://lists.linaro.org/mailman/listinfo/lng-odp >
_______________________________________________ lng-odp mailing list [email protected] https://lists.linaro.org/mailman/listinfo/lng-odp
