[COMMIT] branch api-next updated. v1.15.0.0-430-gf49ce736 - git-lng-odp

13 Jul 2017

This is an automated email from the git hooks/post-receive script. It was
generated because a ref change was pushed to the repository containing
the project "".
The branch, api-next has been updated
       via  f49ce736d461c3e8c2534ed216e8a70e8bee954e (commit)
       via  d4b85d07214fb1f566b8ac346375cfe097c0bb51 (commit)
       via  127c73198b07dfe413e8ce401bb26f3e5ff71e91 (commit)
       via  2cd78610004d755dbe7a8e9c29086791793aea19 (commit)
       via  e58e1fc97f392f63a267c2252656367b12417152 (commit)
       via  a3ff4f6726582e41dd1398a6939a1877b9f25edc (commit)
       via  4e3598f34f16aa9e50ac1aaae2b4074cd806e419 (commit)
       via  697c4a58d57c286e679dd570722d8875ccf05a27 (commit)
       via  6879ecd2d136508e59cf8d9b8f15c6475ba74c99 (commit)
      from  698d82ce41a3f6ca08c6f218784d3eea6ac81e42 (commit)
Those revisions listed above that are new to this repository have
not appeared on any other notification email; so we list those
revisions in full, below.
- Log -----------------------------------------------------------------
commit f49ce736d461c3e8c2534ed216e8a70e8bee954e
Author: Petri Savolainen petri.savolainen@linaro.org
Date:   Wed Jul 12 16:54:38 2017 +0300
api: ipsec: remove initial sequence number parameter
Application should not need to control initial sequence number
    value as implementation is able to manage that internally.
Signed-off-by: Petri Savolainen petri.savolainen@linaro.org
    Reviewed-by: Dmitry Eremin-Solenikov dmitry.ereminsolenikov@linaro.org
    Reviewed-by: Balasubramanian Manoharan bala.manoharan@linaro.org
    Signed-off-by: Maxim Uvarov maxim.uvarov@linaro.org

diff --git a/include/odp/api/spec/ipsec.h b/include/odp/api/spec/ipsec.h
index a156b54f..de126c37 100644
--- a/include/odp/api/spec/ipsec.h
+++ b/include/odp/api/spec/ipsec.h
@@ -623,9 +623,6 @@ typedef struct odp_ipsec_sa_param_t {
    /** SA lifetime parameters */
    odp_ipsec_lifetime_t lifetime;
-	/** Initial sequence number */
-	uint64_t seq;
-
    /** SPI value */
    uint32_t spi;
commit d4b85d07214fb1f566b8ac346375cfe097c0bb51
Author: Petri Savolainen petri.savolainen@linaro.org
Date:   Wed Jul 12 16:54:37 2017 +0300
api: ipsec: outer header pointer as const
Outer headers are read-only data for an implementation.
Signed-off-by: Petri Savolainen petri.savolainen@linaro.org
    Signed-off-by: Dmitry Eremin-Solenikov dmitry.ereminsolenikov@linaro.org
    Reviewed-by: Dmitry Eremin-Solenikov dmitry.ereminsolenikov@linaro.org
    Reviewed-by: Balasubramanian Manoharan bala.manoharan@linaro.org
    Signed-off-by: Maxim Uvarov maxim.uvarov@linaro.org
diff --git a/include/odp/api/spec/ipsec.h b/include/odp/api/spec/ipsec.h
index 00f3fd05..a156b54f 100644
--- a/include/odp/api/spec/ipsec.h
+++ b/include/odp/api/spec/ipsec.h
@@ -1073,7 +1073,7 @@ typedef struct odp_ipsec_out_inline_param_t {
    	/** Points to first byte of outer headers to be copied in
    	 *  front of the outgoing IPSEC packet. Implementation copies
    	 *  the headers during odp_ipsec_out_inline() call. */
-		uint8_t *ptr;
+		const uint8_t *ptr;
/** Outer header length in bytes */
    	uint32_t len;
commit 127c73198b07dfe413e8ce401bb26f3e5ff71e91
Author: Petri Savolainen petri.savolainen@linaro.org
Date:   Wed Jul 12 16:54:36 2017 +0300
api: ipsec: flexible soft lifetime reporting
Allow implementation to decide how many times a soft lifetime
    expiration is reported. Application does not require strict
    synchronization of soft lifetimes.
Signed-off-by: Petri Savolainen petri.savolainen@linaro.org
    Reviewed-by: Dmitry Eremin-Solenikov dmitry.ereminsolenikov@linaro.org
    Reviewed-by: Balasubramanian Manoharan bala.manoharan@linaro.org
    Signed-off-by: Maxim Uvarov maxim.uvarov@linaro.org
diff --git a/include/odp/api/spec/ipsec.h b/include/odp/api/spec/ipsec.h
index e6124464..00f3fd05 100644
--- a/include/odp/api/spec/ipsec.h
+++ b/include/odp/api/spec/ipsec.h
@@ -504,7 +504,9 @@ typedef struct odp_ipsec_sa_opt_t {
  *
  * These limits are used for setting up SA lifetime. IPSEC operations check
  * against the limits and output a status code (e.g. soft_exp_bytes) when
- * a limit is crossed. Any number of limits may be used simultaneously.
+ * a limit is crossed. It's implementation defined how many times soft
+ * lifetime expiration is reported: only once, first N or all packets following
+ * the limit crossing. Any number of limits may be used simultaneously.
  * Use zero when there is no limit.
  */
 typedef struct odp_ipsec_lifetime_t {
commit 2cd78610004d755dbe7a8e9c29086791793aea19
Author: Petri Savolainen petri.savolainen@linaro.org
Date:   Wed Jul 12 16:54:35 2017 +0300
api: ipsec: split operation result status bits
Split error bits into error and warning bits. Move flags into
    separate type and field. This way, all exceptions (rare but
    important events) can be checked and maintained separately
    from operation flags, which may be set for almost every packet.
Signed-off-by: Petri Savolainen petri.savolainen@linaro.org
    Reviewed-by: Dmitry Eremin-Solenikov dmitry.ereminsolenikov@linaro.org
    Reviewed-by: Balasubramanian Manoharan bala.manoharan@linaro.org
    Signed-off-by: Maxim Uvarov maxim.uvarov@linaro.org
diff --git a/include/odp/api/spec/ipsec.h b/include/odp/api/spec/ipsec.h
index 331971db..e6124464 100644
--- a/include/odp/api/spec/ipsec.h
+++ b/include/odp/api/spec/ipsec.h
@@ -555,8 +555,8 @@ typedef enum odp_ipsec_frag_mode_t {
  * Lookup mode controls how an SA participates in SA lookup offload.
  * Inbound operations perform SA lookup if application does not provide a SA as
  * a parameter. In inline mode, a lookup miss directs the packet back to normal
- * packet input interface processing. SA lookup failure status (error.sa_lookup)
- * is reported through odp_ipsec_packet_result_t.
+ * packet input interface processing. SA lookup failure status
+ * (status.error.sa_lookup) is reported through odp_ipsec_packet_result_t.
  */
 typedef enum odp_ipsec_lookup_mode_t {
    /** Inbound SA lookup is disabled for the SA. */
@@ -875,11 +875,11 @@ uint64_t odp_ipsec_sa_to_u64(odp_ipsec_sa_t sa);
 /** IPSEC operation status has no errors */
 #define ODP_IPSEC_OK 0
-/** IPSEC operation status */
-typedef struct odp_ipsec_op_status_t {
-	/** Variant mappings for op status */
+/** IPSEC errors */
+typedef struct odp_ipsec_error_t {
+	/** IPSEC errors */
    union {
-		/** Error flags */
+		/** Error bits */
    	struct {
    		/** Protocol error. Not a valid ESP or AH packet,
    		 *  packet data length error, etc. */
@@ -900,44 +900,81 @@ typedef struct odp_ipsec_op_status_t {
    		/** Packet does not fit into the given MTU size */
    		uint32_t mtu              : 1;
-			/** Soft lifetime expired: bytes */
-			uint32_t soft_exp_bytes   : 1;
-
-			/** Soft lifetime expired: packets */
-			uint32_t soft_exp_packets : 1;
-
    		/** Hard lifetime expired: bytes */
    		uint32_t hard_exp_bytes   : 1;
/** Hard lifetime expired: packets */
    		uint32_t hard_exp_packets : 1;
-
-		} error;
+		};
/** All error bits
    	 *
-		 *  This field can be used to set, clear or compare multiple
-		 *  flags. For example, 'status.all_error != ODP_IPSEC_OK'
-		 *  checks if there are
-		 *  any errors.
+		 *  This field can be used to set, clear or compare
+		 *  multiple bits. For example, 'status.error.all != 0'
+		 *  checks if there are any errors.
    	 */
-		uint32_t all_error;
+		uint32_t all;
    };
-	/** Variant mappings for status flags */
+} odp_ipsec_error_t;
+
+/** IPSEC warnings */
+typedef struct odp_ipsec_warn_t {
+	/** IPSEC warnings */
    union {
-		/** Status flags */
+		/** Warning bits */
+		struct {
+			/** Soft lifetime expired: bytes */
+			uint32_t soft_exp_bytes   : 1;
+
+			/** Soft lifetime expired: packets */
+			uint32_t soft_exp_packets : 1;
+		};
+
+		/** All warnings bits */
+		uint32_t all;
+	};
+
+} odp_ipsec_warn_t;
+
+/** IPSEC operation status */
+typedef struct odp_ipsec_op_status_t {
+	/** IPSEC status bits */
+	union {
+		/** IPSEC errors and warnings */
+		struct {
+			/** IPSEC errors */
+			odp_ipsec_error_t error;
+
+			/** IPSEC warnings */
+			odp_ipsec_warn_t warn;
+		};
+
+		/** All status bits. Combines all error and warning bits.
+		 *  For example, 'status.all != ODP_IPSEC_OK' checks if there
+		 *  are any errors or warnings. */
+		uint64_t all;
+
+	};
+
+} odp_ipsec_op_status_t;
+
+/** IPSEC operation flags */
+typedef struct odp_ipsec_op_flag_t {
+	/** IPSEC operations flags */
+	union {
+		/** Operation flags */
    	struct {
    		/** Packet was processed in inline mode */
    		uint32_t inline_mode      : 1;
-		} flag;
+		};
/** All flag bits */
-		uint32_t all_flag;
+		uint32_t all;
    };
-} odp_ipsec_op_status_t;
+} odp_ipsec_op_flag_t;
/**
  * IPSEC outbound operation options
@@ -1046,9 +1083,14 @@ typedef struct odp_ipsec_out_inline_param_t {
  * IPSEC operation result for a packet
  */
 typedef struct odp_ipsec_packet_result_t {
-	/** IPSEC operation status */
+	/** IPSEC operation status. Use this to check if IPSEC operation
+	 *  reported any errors or warnings (e.g. status.all != ODP_IPSEC_OK).
+	 */
    odp_ipsec_op_status_t status;
+	/** IPSEC operation flags */
+	odp_ipsec_op_flag_t flag;
+
    /** IPSEC SA that was used to create the packet
     *
     *  Operation updates this SA handle value, when SA look up is performed
@@ -1060,7 +1102,7 @@ typedef struct odp_ipsec_packet_result_t {
/** Packet outer header status before inbound inline processing.
     *  This is valid only when outer headers are retained
-	 *  (see odp_ipsec_inbound_config_t) and status.flag.inline_mode is set.
+	 *  (see odp_ipsec_inbound_config_t) and flag.inline_mode is set.
     */
    struct {
    	/** Points to the first byte of retained outer headers. These
commit e58e1fc97f392f63a267c2252656367b12417152
Author: Petri Savolainen petri.savolainen@linaro.org
Date:   Wed Jul 12 16:54:34 2017 +0300
api: ipsec: ignore aad capability
AAD lengths are needed in crypto API but not in IPSEC API.
    So, application should ignore AAD capability values in IPSEC
    API.
Signed-off-by: Petri Savolainen petri.savolainen@linaro.org
    Reviewed-by: Dmitry Eremin-Solenikov dmitry.ereminsolenikov@linaro.org
    Reviewed-by: Balasubramanian Manoharan bala.manoharan@linaro.org
    Signed-off-by: Maxim Uvarov maxim.uvarov@linaro.org
diff --git a/include/odp/api/spec/ipsec.h b/include/odp/api/spec/ipsec.h
index 2d0aea45..331971db 100644
--- a/include/odp/api/spec/ipsec.h
+++ b/include/odp/api/spec/ipsec.h
@@ -758,7 +758,9 @@ int odp_ipsec_cipher_capability(odp_cipher_alg_t cipher,
  * Outputs all supported configuration options for the algorithm. Output is
  * sorted (from the smallest to the largest) first by digest length, then by key
  * length. Use this information to select key lengths, etc authentication
- * algorithm options for SA creation (odp_ipsec_crypto_param_t).
+ * algorithm options for SA creation (odp_ipsec_crypto_param_t). Application
+ * must ignore values for AAD length capabilities as those are not relevant for
+ * IPSEC API (fixed in IPSEC RFCs).
  *
  * @param      auth         Authentication algorithm
  * @param[out] capa         Array of capability structures for output
commit a3ff4f6726582e41dd1398a6939a1877b9f25edc
Author: Petri Savolainen petri.savolainen@linaro.org
Date:   Wed Jul 12 16:54:33 2017 +0300
api: ipsec: remove time based SA lifetime
Application may track time based SA lifetime expiration
    efficiently and in many ways: e.g. ODP timers may be used,
    wall clock time may be polled, control plane may send
    notifications, etc.
Signed-off-by: Petri Savolainen petri.savolainen@linaro.org
    Reviewed-by: Dmitry Eremin-Solenikov dmitry.ereminsolenikov@linaro.org
    Reviewed-by: Balasubramanian Manoharan bala.manoharan@linaro.org
    Signed-off-by: Maxim Uvarov maxim.uvarov@linaro.org
diff --git a/include/odp/api/spec/ipsec.h b/include/odp/api/spec/ipsec.h
index 31fcd750..2d0aea45 100644
--- a/include/odp/api/spec/ipsec.h
+++ b/include/odp/api/spec/ipsec.h
@@ -278,20 +278,6 @@ typedef struct odp_ipsec_capability_t {
     *  be used for many SAs. */
    uint32_t max_queues;
-	/** Soft expiry limit in seconds support
-	 *
-	 *  0: Limit is not supported
-	 *  1: Limit is supported
-	 */
-	uint8_t soft_limit_sec;
-
-	/** Hard expiry limit in seconds support
-	 *
-	 *  0: Limit is not supported
-	 *  1: Limit is supported
-	 */
-	uint8_t hard_limit_sec;
-
    /** Supported cipher algorithms */
    odp_crypto_cipher_algos_t ciphers;
@@ -524,9 +510,6 @@ typedef struct odp_ipsec_sa_opt_t {
 typedef struct odp_ipsec_lifetime_t {
    /** Soft expiry limits for the session */
    struct {
-		/** Limit in seconds from the SA creation */
-		uint64_t sec;
-
    	/** Limit in bytes */
    	uint64_t bytes;
@@ -536,9 +519,6 @@ typedef struct odp_ipsec_lifetime_t {
/** Hard expiry limits for the session */
    struct {
-		/** Limit in seconds from the SA creation */
-		uint64_t sec;
-
    	/** Limit in bytes */
    	uint64_t bytes;
@@ -918,18 +898,12 @@ typedef struct odp_ipsec_op_status_t {
    		/** Packet does not fit into the given MTU size */
    		uint32_t mtu              : 1;
-			/** Soft lifetime expired: seconds */
-			uint32_t soft_exp_sec     : 1;
-
    		/** Soft lifetime expired: bytes */
    		uint32_t soft_exp_bytes   : 1;
/** Soft lifetime expired: packets */
    		uint32_t soft_exp_packets : 1;
-			/** Hard lifetime expired: seconds */
-			uint32_t hard_exp_sec     : 1;
-
    		/** Hard lifetime expired: bytes */
    		uint32_t hard_exp_bytes   : 1;
commit 4e3598f34f16aa9e50ac1aaae2b4074cd806e419
Author: Petri Savolainen petri.savolainen@linaro.org
Date:   Wed Jul 12 16:54:32 2017 +0300
api: ipsec: direction specific SA params
Move direction (inboud/outbound) specific SA parameters
    into separate structures. Specification is more clear
    between common and direction specific SA parameters.
Signed-off-by: Petri Savolainen petri.savolainen@linaro.org
    Signed-off-by: Bogdan Pricope bogdan.pricope@linaro.org
    Reviewed-by: Dmitry Eremin-Solenikov dmitry.ereminsolenikov@linaro.org
    Reviewed-by: Balasubramanian Manoharan bala.manoharan@linaro.org
    Signed-off-by: Maxim Uvarov maxim.uvarov@linaro.org
diff --git a/include/odp/api/spec/ipsec.h b/include/odp/api/spec/ipsec.h
index 7f4a2c4c..31fcd750 100644
--- a/include/odp/api/spec/ipsec.h
+++ b/include/odp/api/spec/ipsec.h
@@ -635,51 +635,18 @@ typedef struct odp_ipsec_sa_param_t {
    /** Parameters for crypto and authentication algorithms */
    odp_ipsec_crypto_param_t crypto;
-	/** Parameters for tunnel mode */
-	odp_ipsec_tunnel_param_t tunnel;
-
-	/** Fragmentation mode */
-	odp_ipsec_frag_mode_t frag_mode;
-
    /** Various SA option flags */
    odp_ipsec_sa_opt_t opt;
/** SA lifetime parameters */
    odp_ipsec_lifetime_t lifetime;
-	/** SA lookup mode */
-	odp_ipsec_lookup_mode_t lookup_mode;
-
-	/** Minimum anti-replay window size. Use 0 to disable anti-replay
-	  * service. */
-	uint32_t antireplay_ws;
-
    /** Initial sequence number */
    uint64_t seq;
/** SPI value */
    uint32_t spi;
-	/** Additional inbound SA lookup parameters. Values are considered
-	 *  only in ODP_IPSEC_LOOKUP_DSTADDR_SPI lookup mode. */
-	struct {
-		/** Select IP version
-		 */
-		odp_ipsec_ip_version_t ip_version;
-
-		/** IP destination address (NETWORK ENDIAN) */
-		void    *dst_addr;
-
-	} lookup_param;
-
-	/** MTU for outbound IP fragmentation offload
-	 *
-	 *  This is the maximum length of IP packets that outbound IPSEC
-	 *  operations may produce. The value may be updated later with
-	 *  odp_ipsec_mtu_update().
-	 */
-	uint32_t mtu;
-
    /** Select pipelined destination for resulting events
     *
     *  Asynchronous and inline modes generate events. Select where
@@ -696,17 +663,6 @@ typedef struct odp_ipsec_sa_param_t {
     */
    odp_queue_t dest_queue;
-	/** Classifier destination CoS for resulting packets
-	 *
-	 *  Successfully decapsulated packets are sent to classification
-	 *  through this CoS. Other resulting events are sent to 'dest_queue'.
-	 *  This field is considered only when 'pipeline' is
-	 *  ODP_IPSEC_PIPELINE_CLS. The CoS must not be shared between any pktio
-	 *  interface default CoS. The maximum number of different CoS supported
-	 *  is defined by IPSEC capability max_cls_cos.
-	 */
-	odp_cos_t dest_cos;
-
    /** User defined SA context pointer
     *
     *  User defined context pointer associated with the SA.
@@ -723,6 +679,65 @@ typedef struct odp_ipsec_sa_param_t {
     */
    uint32_t context_len;
+	/** IPSEC SA direction dependent parameters */
+	union {
+		/** Inbound specific parameters */
+		struct {
+			/** SA lookup mode */
+			odp_ipsec_lookup_mode_t lookup_mode;
+
+			/** Additional SA lookup parameters. Values are
+			 *  considered only in ODP_IPSEC_LOOKUP_DSTADDR_SPI
+			 *  lookup mode. */
+			struct {
+				/** Select IP version */
+				odp_ipsec_ip_version_t ip_version;
+
+				/** IP destination address (NETWORK ENDIAN) to
+				 *  be matched in addition to SPI value. */
+				void *dst_addr;
+
+			} lookup_param;
+
+			/** Minimum anti-replay window size. Use 0 to disable
+			 *  anti-replay service.
+			 */
+			uint32_t antireplay_ws;
+
+			/** Classifier destination CoS for resulting packets
+			 *
+			 *  Successfully decapsulated packets are sent to
+			 *  classification through this CoS. Other resulting
+			 *  events are sent to 'dest_queue'. This field is
+			 *  considered only when 'pipeline' is
+			 *  ODP_IPSEC_PIPELINE_CLS. The CoS must not be shared
+			 *  between any pktio interface default CoS. The maximum
+			 *  number of different CoS supported is defined by
+			 *  IPSEC capability max_cls_cos.
+			 */
+			odp_cos_t dest_cos;
+
+		} inbound;
+
+		/** Outbound specific parameters */
+		struct {
+			/** Parameters for tunnel mode */
+			odp_ipsec_tunnel_param_t tunnel;
+
+			/** Fragmentation mode */
+			odp_ipsec_frag_mode_t frag_mode;
+
+			/** MTU for outbound IP fragmentation offload
+			 *
+			 *  This is the maximum length of IP packets that
+			 *  outbound IPSEC operations may produce. The value may
+			 *  be updated later with odp_ipsec_mtu_update().
+			 */
+			uint32_t mtu;
+
+		} outbound;
+	};
+
 } odp_ipsec_sa_param_t;
/**
commit 697c4a58d57c286e679dd570722d8875ccf05a27
Author: Petri Savolainen petri.savolainen@linaro.org
Date:   Wed Jul 12 16:54:31 2017 +0300
api: ipsec: add max queues capability
Added capability to specify maximum number of different queues that
    can be used with IPsec.
Signed-off-by: Petri Savolainen petri.savolainen@linaro.org
    Reviewed-by: Dmitry Eremin-Solenikov dmitry.ereminsolenikov@linaro.org
    Reviewed-by: Balasubramanian Manoharan bala.manoharan@linaro.org
    Signed-off-by: Maxim Uvarov maxim.uvarov@linaro.org
diff --git a/include/odp/api/spec/ipsec.h b/include/odp/api/spec/ipsec.h
index 7fa4e178..7f4a2c4c 100644
--- a/include/odp/api/spec/ipsec.h
+++ b/include/odp/api/spec/ipsec.h
@@ -274,6 +274,10 @@ typedef struct odp_ipsec_capability_t {
     */
    uint32_t max_cls_cos;
+	/** Maximum number of different destination queues. The same queue may
+	 *  be used for many SAs. */
+	uint32_t max_queues;
+
    /** Soft expiry limit in seconds support
     *
     *  0: Limit is not supported
commit 6879ecd2d136508e59cf8d9b8f15c6475ba74c99
Author: Petri Savolainen petri.savolainen@linaro.org
Date:   Wed Jul 12 16:54:30 2017 +0300
api: ipsec: add salt parameter
Added a parameter for passing salt/nonce for algorithms that
    need it. Currently, only AES GCM needs it with 4 bytes of
    salt. Later on, other cipher (or auth) algorithms may need
    also salt/nonce data.
Signed-off-by: Petri Savolainen petri.savolainen@linaro.org
    Reviewed-by: Dmitry Eremin-Solenikov dmitry.ereminsolenikov@linaro.org
    Reviewed-by: Balasubramanian Manoharan bala.manoharan@linaro.org
    Signed-off-by: Maxim Uvarov maxim.uvarov@linaro.org
diff --git a/include/odp/api/spec/ipsec.h b/include/odp/api/spec/ipsec.h
index 54491b12..7fa4e178 100644
--- a/include/odp/api/spec/ipsec.h
+++ b/include/odp/api/spec/ipsec.h
@@ -384,6 +384,15 @@ typedef struct odp_ipsec_crypto_param_t {
    /** Cipher key */
    odp_crypto_key_t cipher_key;
+	/** Extra keying material for cipher key
+	 *
+	 *  Additional data used as salt or nonce if the algorithm requires it,
+	 *  other algorithms ignore this field. These algorithms require this
+	 *  field set:
+	 *  - AES_GCM: 4 bytes of salt
+	 **/
+	odp_crypto_key_t cipher_key_extra;
+
    /** Authentication algorithm */
    odp_auth_alg_t auth_alg;
-----------------------------------------------------------------------
Summary of changes:
 include/odp/api/spec/ipsec.h | 243 +++++++++++++++++++++++++------------------
 1 file changed, 144 insertions(+), 99 deletions(-)
hooks/post-receive
-- 


    