[COMMIT] branch next updated. v1.17.0.0_tigermoth_rc1-289-gba28192c - git-lng-odp

22 Feb 2018

This is an automated email from the git hooks/post-receive script. It was
generated because a ref change was pushed to the repository containing
the project "".
The branch, next has been updated
       via  ba28192c7622cb924897c0fe0649a33b92fc4a01 (commit)
       via  f1e38303bfdb3089040520e54c89fbd3332663e4 (commit)
       via  7a85e5003abf2471602d00262b9f0b674c869bff (commit)
       via  1caa6bb7a5a176a08dfb6f716e1f57d8baf2c750 (commit)
       via  fc42a45b63cad94c7e988f304b5a2bc7709cd1b9 (commit)
       via  b00b3da903d0fb6119f4dd1aaeec867710233878 (commit)
       via  7afe30301553162e2c17f94d233e11d4cf694d7b (commit)
       via  17e490743c04688768b38335e678496fa8ca6f07 (commit)
       via  fae927777349fba5bcf1eb558856d2994b483877 (commit)
       via  6d129fc5aaf50594c2c04a3907d012497a985391 (commit)
       via  6b78210a7538f212f5ee7a38eef1f20c01c5fac7 (commit)
       via  89362efefe04306f1f91ab73c0e90f9a49ffbf45 (commit)
       via  0977cf1ba3a1a514516e8de01c0dfd916af27d6d (commit)
       via  f586a074c3377ae004eec1dd1d90b2b463cb85e5 (commit)
       via  a7ba3dfd6c69f9c8ea4767380f165683c5ad0056 (commit)
       via  0ab5d3c6a6953b05a1cef183e546370c5e1b4018 (commit)
       via  ea94c80f13bc020580ac4e1ab7530ef07d2a8fba (commit)
       via  9bc5e8752b73340377665e9c11a13a1d1822f349 (commit)
       via  fa944ab886b990f8b5deae944c6fb674aead29ef (commit)
       via  60176e6d6d64427dfd9e0fd1688fabcb492a3def (commit)
       via  5765254404be8772e60fda5143a07e61133c7db6 (commit)
       via  c20e507662bb67ad47429ee3e9c1c4f8e61e7e57 (commit)
       via  601c8a1c38bd5a284c0df8d7bc88fa7445f42a99 (commit)
      from  2e58a2fdb2a72f8676c01de429e3d371ad720180 (commit)
Those revisions listed above that are new to this repository have
not appeared on any other notification email; so we list those
revisions in full, below.
- Log -----------------------------------------------------------------
commit ba28192c7622cb924897c0fe0649a33b92fc4a01
Author: Dmitry Eremin-Solenikov dmitry.ereminsolenikov@linaro.org
Date:   Wed Feb 14 10:20:10 2018 +0300
linux-gen: add L2 type support for non-ABI-compat mode
Signed-off-by: Dmitry Eremin-Solenikov dmitry.ereminsolenikov@linaro.org
    Reviewed-by: Bill Fischofer bill.fischofer@linaro.org
    Reviewed-by: Balasubramanian Manoharan bala.manoharan@linaro.org
    Reviewed-by: Petri Savolainen petri.savolainen@linaro.org
    Signed-off-by: Maxim Uvarov maxim.uvarov@linaro.org

diff --git a/platform/linux-generic/include-abi/odp/api/abi/packet.h b/platform/linux-generic/include-abi/odp/api/abi/packet.h
index 5d4673fc..ecac4737 100644
--- a/platform/linux-generic/include-abi/odp/api/abi/packet.h
+++ b/platform/linux-generic/include-abi/odp/api/abi/packet.h
@@ -47,6 +47,11 @@ static inline odp_packet_seg_t _odp_packet_seg_from_ndx(uint8_t ndx)
#define ODP_PACKET_SEG_INVALID ((odp_packet_seg_t)-1)
+typedef uint8_t odp_proto_l2_type_t;
+
+#define ODP_PROTO_L2_TYPE_NONE   0
+#define ODP_PROTO_L2_TYPE_ETH    1
+
 typedef uint8_t odp_proto_l3_type_t;
#define ODP_PROTO_L3_TYPE_NONE   0
commit f1e38303bfdb3089040520e54c89fbd3332663e4
Author: Dmitry Eremin-Solenikov dmitry.ereminsolenikov@linaro.org
Date:   Wed Feb 14 10:06:58 2018 +0300
api: packet add L2 packet type to complement L3 and L4 types
Signed-off-by: Dmitry Eremin-Solenikov dmitry.ereminsolenikov@linaro.org
    Reviewed-by: Bill Fischofer bill.fischofer@linaro.org
    Reviewed-by: Balasubramanian Manoharan bala.manoharan@linaro.org
    Reviewed-by: Petri Savolainen petri.savolainen@linaro.org
    Signed-off-by: Maxim Uvarov maxim.uvarov@linaro.org
diff --git a/include/odp/api/abi-default/packet.h b/include/odp/api/abi-default/packet.h
index d3a1753f..97c0d088 100644
--- a/include/odp/api/abi-default/packet.h
+++ b/include/odp/api/abi-default/packet.h
@@ -30,6 +30,11 @@ typedef _odp_abi_packet_seg_t *odp_packet_seg_t;
 #define ODP_PACKET_SEG_INVALID    ((odp_packet_seg_t)0xffffffff)
 #define ODP_PACKET_OFFSET_INVALID 0xffff
+typedef uint8_t odp_proto_l2_type_t;
+
+#define ODP_PROTO_L2_TYPE_NONE   0
+#define ODP_PROTO_L2_TYPE_ETH    1
+
 typedef uint8_t odp_proto_l3_type_t;
#define ODP_PROTO_L3_TYPE_NONE   0
diff --git a/include/odp/api/spec/packet.h b/include/odp/api/spec/packet.h
index 4be515c7..079a1ae1 100644
--- a/include/odp/api/spec/packet.h
+++ b/include/odp/api/spec/packet.h
@@ -71,6 +71,19 @@ extern "C" {
   * Packet is red
   */
+/**
+ * @typedef odp_proto_l2_type_t
+ * Layer 2 protocol type
+ */
+
+/**
+ * @def ODP_PROTO_L2_TYPE_NONE
+ * Layer 2 protocol type not defined
+ *
+ * @def ODP_PROTO_L2_TYPE_ETH
+ * Layer 2 protocol is Ethernet
+ */
+
 /**
  * @typedef odp_proto_l3_type_t
  * Layer 3 protocol type
@@ -1615,6 +1628,17 @@ uint32_t odp_packet_l4_offset(odp_packet_t pkt);
  */
 int odp_packet_l4_offset_set(odp_packet_t pkt, uint32_t offset);
+/**
+ * Layer 2 protocol type
+ *
+ * Returns layer 2 protocol type. Initial type value is ODP_PROTO_L2_TYPE_NONE.
+ *
+ * @param      pkt      Packet handle
+ *
+ * @return Layer 2 protocol type
+ */
+odp_proto_l2_type_t odp_packet_l2_type(odp_packet_t pkt);
+
 /**
  * Layer 3 protocol type
  *
commit 7a85e5003abf2471602d00262b9f0b674c869bff
Author: Balasubramanian Manoharan bala.manoharan@linaro.org
Date:   Mon Feb 5 17:49:43 2018 +0530
linux-gen: schedule: implements async ordered lock
implements asynchronous order context lock
Signed-off-by: Balasubramanian Manoharan bala.manoharan@linaro.org
    Reviewed-by: Petri Savolainen petri.savolainen@linaro.org
    Reviewed-by: Bill Fischofer bill.fischofer@linaro.org
    Signed-off-by: Maxim Uvarov maxim.uvarov@linaro.org
diff --git a/platform/linux-generic/include/odp_schedule_if.h b/platform/linux-generic/include/odp_schedule_if.h
index 8605ca66..66e05043 100644
--- a/platform/linux-generic/include/odp_schedule_if.h
+++ b/platform/linux-generic/include/odp_schedule_if.h
@@ -41,6 +41,8 @@ typedef int (*schedule_term_local_fn_t)(void);
 typedef void (*schedule_order_lock_fn_t)(void);
 typedef void (*schedule_order_unlock_fn_t)(void);
 typedef void (*schedule_order_unlock_lock_fn_t)(void);
+typedef void (*schedule_order_lock_start_fn_t)(void);
+typedef void (*schedule_order_lock_wait_fn_t)(void);
 typedef uint32_t (*schedule_max_ordered_locks_fn_t)(void);
 typedef void (*schedule_save_context_fn_t)(uint32_t queue_index);
@@ -60,6 +62,8 @@ typedef struct schedule_fn_t {
    schedule_term_local_fn_t    term_local;
    schedule_order_lock_fn_t    order_lock;
    schedule_order_unlock_fn_t  order_unlock;
+	schedule_order_lock_start_fn_t	start_order_lock;
+	schedule_order_lock_wait_fn_t	wait_order_lock;
    schedule_order_unlock_lock_fn_t  order_unlock_lock;
    schedule_max_ordered_locks_fn_t max_ordered_locks;
@@ -105,6 +109,8 @@ typedef struct {
    void (*schedule_order_lock)(uint32_t);
    void (*schedule_order_unlock)(uint32_t);
    void (*schedule_order_unlock_lock)(uint32_t, uint32_t);
+	void (*schedule_order_lock_start)(uint32_t);
+	void (*schedule_order_lock_wait)(uint32_t);
} schedule_api_t;
diff --git a/platform/linux-generic/odp_schedule.c b/platform/linux-generic/odp_schedule.c
index c91a9338..a6581bed 100644
--- a/platform/linux-generic/odp_schedule.c
+++ b/platform/linux-generic/odp_schedule.c
@@ -1152,6 +1152,16 @@ static void schedule_order_unlock_lock(uint32_t unlock_index,
    schedule_order_lock(lock_index);
 }
+static void schedule_order_lock_start(uint32_t lock_index)
+{
+	(void)lock_index;
+}
+
+static void schedule_order_lock_wait(uint32_t lock_index)
+{
+	schedule_order_lock(lock_index);
+}
+
 static void schedule_pause(void)
 {
    sched_local.pause = 1;
@@ -1438,5 +1448,7 @@ const schedule_api_t schedule_default_api = {
    .schedule_group_info      = schedule_group_info,
    .schedule_order_lock      = schedule_order_lock,
    .schedule_order_unlock    = schedule_order_unlock,
-	.schedule_order_unlock_lock    = schedule_order_unlock_lock
+	.schedule_order_unlock_lock    = schedule_order_unlock_lock,
+	.schedule_order_lock_start	= schedule_order_lock_start,
+	.schedule_order_lock_wait      = schedule_order_lock_wait
 };
diff --git a/platform/linux-generic/odp_schedule_if.c b/platform/linux-generic/odp_schedule_if.c
index e5f734ae..6a3b4e4b 100644
--- a/platform/linux-generic/odp_schedule_if.c
+++ b/platform/linux-generic/odp_schedule_if.c
@@ -134,3 +134,14 @@ void odp_schedule_order_unlock_lock(uint32_t unlock_index, uint32_t lock_index)
 {
    sched_api->schedule_order_unlock_lock(unlock_index, lock_index);
 }
+
+void odp_schedule_order_lock_start(uint32_t lock_index)
+{
+	sched_api->schedule_order_lock_start(lock_index);
+}
+
+void odp_schedule_order_lock_wait(uint32_t lock_index)
+{
+	sched_api->schedule_order_lock_wait(lock_index);
+}
+
diff --git a/platform/linux-generic/odp_schedule_iquery.c b/platform/linux-generic/odp_schedule_iquery.c
index 02396aa0..3ce85394 100644
--- a/platform/linux-generic/odp_schedule_iquery.c
+++ b/platform/linux-generic/odp_schedule_iquery.c
@@ -1308,6 +1308,16 @@ static uint32_t schedule_max_ordered_locks(void)
    return CONFIG_QUEUE_MAX_ORD_LOCKS;
 }
+static void schedule_order_lock_start(uint32_t lock_index)
+{
+	(void)lock_index;
+}
+
+static void schedule_order_lock_wait(uint32_t lock_index)
+{
+	schedule_order_lock(lock_index);
+}
+
 static inline bool is_atomic_queue(unsigned int queue_index)
 {
    return (sched->queues[queue_index].sync == ODP_SCHED_SYNC_ATOMIC);
@@ -1376,7 +1386,9 @@ const schedule_api_t schedule_iquery_api = {
    .schedule_group_info      = schedule_group_info,
    .schedule_order_lock      = schedule_order_lock,
    .schedule_order_unlock    = schedule_order_unlock,
-	.schedule_order_unlock_lock    = schedule_order_unlock_lock
+	.schedule_order_unlock_lock    = schedule_order_unlock_lock,
+	.schedule_order_lock_start	= schedule_order_lock_start,
+	.schedule_order_lock_wait	= schedule_order_lock_wait
 };
static void thread_set_interest(sched_thread_local_t *thread,
diff --git a/platform/linux-generic/odp_schedule_scalable.c b/platform/linux-generic/odp_schedule_scalable.c
index 761f93d3..f5974442 100644
--- a/platform/linux-generic/odp_schedule_scalable.c
+++ b/platform/linux-generic/odp_schedule_scalable.c
@@ -1186,6 +1186,16 @@ static void schedule_order_unlock_lock(uint32_t unlock_index,
    schedule_order_lock(lock_index);
 }
+static void schedule_order_lock_start(uint32_t lock_index)
+{
+	(void)lock_index;
+}
+
+static void schedule_order_lock_wait(uint32_t lock_index)
+{
+	schedule_order_lock(lock_index);
+}
+
 static void schedule_release_atomic(void)
 {
    sched_scalable_thread_state_t *ts;
@@ -2096,4 +2106,6 @@ const schedule_api_t schedule_scalable_api = {
    .schedule_order_lock		= schedule_order_lock,
    .schedule_order_unlock		= schedule_order_unlock,
    .schedule_order_unlock_lock	= schedule_order_unlock_lock,
+	.schedule_order_lock_start	= schedule_order_lock_start,
+	.schedule_order_lock_wait	= schedule_order_lock_wait
 };
diff --git a/platform/linux-generic/odp_schedule_sp.c b/platform/linux-generic/odp_schedule_sp.c
index bad47cad..e46ae448 100644
--- a/platform/linux-generic/odp_schedule_sp.c
+++ b/platform/linux-generic/odp_schedule_sp.c
@@ -829,6 +829,16 @@ static void schedule_order_unlock_lock(uint32_t unlock_index,
    (void)lock_index;
 }
+static void schedule_order_lock_start(uint32_t lock_index)
+{
+	(void)lock_index;
+}
+
+static void schedule_order_lock_wait(uint32_t lock_index)
+{
+	(void)lock_index;
+}
+
 static void order_lock(void)
 {
 }
@@ -879,5 +889,7 @@ const schedule_api_t schedule_sp_api = {
    .schedule_group_info      = schedule_group_info,
    .schedule_order_lock      = schedule_order_lock,
    .schedule_order_unlock    = schedule_order_unlock,
-	.schedule_order_unlock_lock	= schedule_order_unlock_lock
+	.schedule_order_unlock_lock	= schedule_order_unlock_lock,
+	.schedule_order_lock_start	= schedule_order_lock_start,
+	.schedule_order_lock_wait	= schedule_order_lock_wait
 };
commit 1caa6bb7a5a176a08dfb6f716e1f57d8baf2c750
Author: Balasubramanian Manoharan bala.manoharan@linaro.org
Date:   Mon Feb 5 17:49:26 2018 +0530
api: schedule: add asynchronous order lock
add asynchronous order lock api. schedule order context lock can be
    acquired asynchronously using two functions start and wait. application can
    utilize the cycles between these functions to increase performance.
Signed-off-by: Balasubramanian Manoharan bala.manoharan@linaro.org
    Reviewed-by: Petri Savolainen petri.savolainen@linaro.org
    Reviewed-by: Bill Fischofer bill.fischofer@linaro.org
    Signed-off-by: Maxim Uvarov maxim.uvarov@linaro.org
diff --git a/include/odp/api/spec/schedule.h b/include/odp/api/spec/schedule.h
index d493cc75..bbc74983 100644
--- a/include/odp/api/spec/schedule.h
+++ b/include/odp/api/spec/schedule.h
@@ -371,6 +371,34 @@ void odp_schedule_order_unlock(uint32_t lock_index);
  */
 void odp_schedule_order_unlock_lock(uint32_t unlock_index, uint32_t lock_index);
+/** Asynchronous ordered context lock
+ * Request an ordered context lock to be acquired. Starts an ordered context
+ * lock acquire operation, but does not wait until the lock has been acquired.
+ * Application can use this call to potentially interleave some processing
+ * within waiting for this lock. Each start lock call must be paired with a wait
+ * call that blocks until the lock has been acquired. Locks cannot be acquired
+ * in nested fashion i.e each start call must follow a paring wait and unlock
+ * calls, before using another lock.
+ * The same constraints apply as with odp_schedule_order_lock()
+ *
+ * @param lock_index	Index of the ordered lock in the current context to
+ *			start acquire operation.
+ *			Must be in the range 0..odp_queue_lock_count() - 1.
+ *
+ */
+void odp_schedule_order_lock_start(uint32_t lock_index);
+
+/** Asynchronous ordered context lock wait
+ * Wait for a previously started lock acquire operation to finish.
+ * Lock index must match with the previous start call. Ordered lock acquisition
+ * will be completed during this call.
+ *
+ * @param lock_index	Index of the ordered lock in the current context to
+ *			complete acquire operation.
+ *			Must be in the range 0..odp_queue_lock_count() - 1.
+ */
+void odp_schedule_order_lock_wait(uint32_t lock_index);
+
 /**
  * @}
  */
commit fc42a45b63cad94c7e988f304b5a2bc7709cd1b9
Author: Petri Savolainen petri.savolainen@linaro.org
Date:   Tue Feb 6 13:44:04 2018 +0200
linux-gen: pktio: fix recv timeout issue with socket mmap
Validation test failed sometimes when select returned that
    there are packets but sock_mmap_recv did find those (or it
    dropped those). Continue timeout wait with select if
    sock_mmap_recv didn't find any packets. Select updates
    timeout value automatically to reflect the amount of
    time not slept.
Fixes https://bugs.linaro.org/show_bug.cgi?id=3615
Signed-off-by: Petri Savolainen petri.savolainen@linaro.org
    Reviewed-by: Bill Fischofer bill.fischofer@linaro.org
    Signed-off-by: Maxim Uvarov maxim.uvarov@linaro.org
diff --git a/platform/linux-generic/pktio/socket_mmap.c b/platform/linux-generic/pktio/socket_mmap.c
index fd823205..deaa6da1 100644
--- a/platform/linux-generic/pktio/socket_mmap.c
+++ b/platform/linux-generic/pktio/socket_mmap.c
@@ -693,10 +693,19 @@ static int sock_mmap_recv_tmo(pktio_entry_t *pktio_entry, int index,
    FD_ZERO(&readfds);
    maxfd = sock_mmap_fd_set(pktio_entry, index, &readfds);
-	if (select(maxfd + 1, &readfds, NULL, NULL, &timeout) == 0)
-		return 0;
+	while (1) {
+		ret = select(maxfd + 1, &readfds, NULL, NULL, &timeout);
+
+		if (ret <= 0)
+			return ret;
+
+		ret = sock_mmap_recv(pktio_entry, index, pkt_table, num);
+
+		if (ret)
+			return ret;
-	return sock_mmap_recv(pktio_entry, index, pkt_table, num);
+		/* If no packets, continue wait until timeout expires */
+	}
 }
static int sock_mmap_recv_mq_tmo(pktio_entry_t *pktio_entry[], int index[],
@@ -730,20 +739,25 @@ static int sock_mmap_recv_mq_tmo(pktio_entry_t *pktio_entry[], int index[],
    timeout.tv_sec = usecs / (1000 * 1000);
    timeout.tv_usec = usecs - timeout.tv_sec * (1000ULL * 1000ULL);
-	if (select(maxfd + 1, &readfds, NULL, NULL, &timeout) == 0)
-		return 0;
+	while (1) {
+		ret = select(maxfd + 1, &readfds, NULL, NULL, &timeout);
-	for (i = 0; i < num_q; i++) {
-		ret = sock_mmap_recv(pktio_entry[i], index[i], pkt_table, num);
+		if (ret <= 0)
+			return ret;
-		if (ret > 0 && from)
-			*from = i;
+		for (i = 0; i < num_q; i++) {
+			ret = sock_mmap_recv(pktio_entry[i], index[i],
+					     pkt_table, num);
-		if (ret != 0)
-			return ret;
-	}
+			if (ret > 0 && from)
+				*from = i;
-	return 0;
+			if (ret)
+				return ret;
+		}
+
+		/* If no packets, continue wait until timeout expires */
+	}
 }
static int sock_mmap_send(pktio_entry_t *pktio_entry, int index ODP_UNUSED,
commit b00b3da903d0fb6119f4dd1aaeec867710233878
Author: Petri Savolainen petri.savolainen@linaro.org
Date:   Tue Feb 6 13:40:36 2018 +0200
validation: pktio: recv tmo test improvements
Add checks and improve test output when recv tmo function
    fails to timeout correctly.
Signed-off-by: Petri Savolainen petri.savolainen@linaro.org
    Reviewed-by: Bill Fischofer bill.fischofer@linaro.org
    Signed-off-by: Maxim Uvarov maxim.uvarov@linaro.org
diff --git a/test/validation/api/pktio/pktio.c b/test/validation/api/pktio/pktio.c
index ecab4448..f5bb2e26 100644
--- a/test/validation/api/pktio/pktio.c
+++ b/test/validation/api/pktio/pktio.c
@@ -510,7 +510,7 @@ static int wait_for_packets(pktio_info_t *pktio_rx, odp_packet_t pkt_tbl[],
static int recv_packets_tmo(odp_pktio_t pktio, odp_packet_t pkt_tbl[],
    		    uint32_t seq_tbl[], int num, recv_tmo_mode_e mode,
-			    uint64_t tmo, uint64_t ns)
+			    uint64_t tmo, uint64_t ns, int no_pkt)
 {
    odp_packet_t pkt_tmp[num];
    odp_pktin_queue_t pktin[MAX_QUEUES];
@@ -541,8 +541,19 @@ static int recv_packets_tmo(odp_pktio_t pktio, odp_packet_t pkt_tbl[],
    					  num - num_rx, tmo);
    	ts2 = odp_time_global();
+		CU_ASSERT(n >= 0);
+
    	if (n <= 0)
    		break;
+
+		/* When we don't expect any packets, drop all packets and
+		 * retry timeout test. */
+		if (no_pkt) {
+			printf("    drop %i dummy packets\n", n);
+			odp_packet_free_multi(pkt_tmp, n);
+			continue;
+		}
+
    	for (i = 0; i < n; i++) {
    		if (pktio_pkt_seq(pkt_tmp[i]) == seq_tbl[num_rx])
    			pkt_tbl[num_rx++] = pkt_tmp[i];
@@ -553,8 +564,15 @@ static int recv_packets_tmo(odp_pktio_t pktio, odp_packet_t pkt_tbl[],
    		CU_ASSERT(from_val < (unsigned)num_q);
    } while (num_rx < num);
-	if (num_rx < num)
-		CU_ASSERT(odp_time_diff_ns(ts2, ts1) >= ns);
+	if (num_rx < num) {
+		uint64_t diff = odp_time_diff_ns(ts2, ts1);
+
+		if (diff < ns)
+			printf("    diff %" PRIu64 ", ns %" PRIu64 "\n",
+			       diff, ns);
+
+		CU_ASSERT(diff >= ns);
+	}
return num_rx;
 }
@@ -966,8 +984,9 @@ static void test_recv_tmo(recv_tmo_mode_e mode)
/* No packets sent yet, so should wait */
    ns = 100 * ODP_TIME_MSEC_IN_NS;
+
    ret = recv_packets_tmo(pktio_rx, &pkt_tbl[0], &pkt_seq[0], 1, mode,
-			       odp_pktin_wait_time(ns), ns);
+			       odp_pktin_wait_time(ns), ns, 1);
    CU_ASSERT(ret == 0);
ret = create_packets(pkt_tbl, pkt_seq, test_pkt_count, pktio_tx,
@@ -978,19 +997,19 @@ static void test_recv_tmo(recv_tmo_mode_e mode)
    CU_ASSERT_FATAL(ret == test_pkt_count);
ret = recv_packets_tmo(pktio_rx, &pkt_tbl[0], &pkt_seq[0], 1, mode,
-			       odp_pktin_wait_time(UINT64_MAX), 0);
+			       odp_pktin_wait_time(UINT64_MAX), 0, 0);
    CU_ASSERT_FATAL(ret == 1);
ret = recv_packets_tmo(pktio_rx, &pkt_tbl[1], &pkt_seq[1], 1, mode,
-			       ODP_PKTIN_NO_WAIT, 0);
+			       ODP_PKTIN_NO_WAIT, 0, 0);
    CU_ASSERT_FATAL(ret == 1);
ret = recv_packets_tmo(pktio_rx, &pkt_tbl[2], &pkt_seq[2], 1, mode,
-			       odp_pktin_wait_time(0), 0);
+			       odp_pktin_wait_time(0), 0, 0);
    CU_ASSERT_FATAL(ret == 1);
ret = recv_packets_tmo(pktio_rx, &pkt_tbl[3], &pkt_seq[3], 3, mode,
-			       odp_pktin_wait_time(ns), ns);
+			       odp_pktin_wait_time(ns), ns, 0);
    CU_ASSERT_FATAL(ret == 3);
for (i = 0; i < test_pkt_count; i++)
commit 7afe30301553162e2c17f94d233e11d4cf694d7b
Author: Dmitry Eremin-Solenikov dmitry.ereminsolenikov@linaro.org
Date:   Sat Feb 3 06:19:01 2018 +0300
validation: crypto: properly use check_alg for GMAC/CMAC testing
Use check_alg instead of alg_test for GMAC/CMAC testing.
Signed-off-by: Dmitry Eremin-Solenikov dmitry.ereminsolenikov@linaro.org
    Reviewed-by: Bill Fischofer bill.fischofer@linaro.org
    Signed-off-by: Maxim Uvarov maxim.uvarov@linaro.org
diff --git a/test/validation/api/crypto/odp_crypto_test_inp.c b/test/validation/api/crypto/odp_crypto_test_inp.c
index b86bd985..ad64111b 100644
--- a/test/validation/api/crypto/odp_crypto_test_inp.c
+++ b/test/validation/api/crypto/odp_crypto_test_inp.c
@@ -1224,17 +1224,12 @@ static int check_alg_aes_gmac(void)
static void crypto_test_gen_alg_aes_gmac(void)
 {
-	unsigned int test_vec_num = (sizeof(aes_gmac_reference) /
-				     sizeof(aes_gmac_reference[0]));
-	unsigned int i;
-
-	for (i = 0; i < test_vec_num; i++)
-		check_alg(ODP_CRYPTO_OP_ENCODE,
-			  ODP_CIPHER_ALG_NULL,
-			  ODP_AUTH_ALG_AES_GMAC,
-			  aes_gmac_reference,
-			  ARRAY_SIZE(aes_gmac_reference),
-			  false);
+	check_alg(ODP_CRYPTO_OP_ENCODE,
+		  ODP_CIPHER_ALG_NULL,
+		  ODP_AUTH_ALG_AES_GMAC,
+		  aes_gmac_reference,
+		  ARRAY_SIZE(aes_gmac_reference),
+		  false);
 }
static void crypto_test_check_alg_aes_gmac(void)
@@ -1254,17 +1249,12 @@ static int check_alg_aes_cmac(void)
static void crypto_test_gen_alg_aes_cmac(void)
 {
-	unsigned int test_vec_num = (sizeof(aes_cmac_reference) /
-				     sizeof(aes_cmac_reference[0]));
-	unsigned int i;
-
-	for (i = 0; i < test_vec_num; i++)
-		check_alg(ODP_CRYPTO_OP_ENCODE,
-			  ODP_CIPHER_ALG_NULL,
-			  ODP_AUTH_ALG_AES_CMAC,
-			  aes_cmac_reference,
-			  ARRAY_SIZE(aes_cmac_reference),
-			  false);
+	check_alg(ODP_CRYPTO_OP_ENCODE,
+		  ODP_CIPHER_ALG_NULL,
+		  ODP_AUTH_ALG_AES_CMAC,
+		  aes_cmac_reference,
+		  ARRAY_SIZE(aes_cmac_reference),
+		  false);
 }
static void crypto_test_check_alg_aes_cmac(void)
commit 17e490743c04688768b38335e678496fa8ca6f07
Author: Dmitry Eremin-Solenikov dmitry.ereminsolenikov@linaro.org
Date:   Fri Feb 2 21:52:16 2018 +0300
api: crypto: add AES-XCBC-MAC enumerations
Following SonicWall proposal, add AES-XCBC-MAC algorithm enumerations.
Signed-off-by: Dmitry Eremin-Solenikov dmitry.ereminsolenikov@linaro.org
    Reviewed-by: Bill Fischofer bill.fischofer@linaro.org
    Reviewed-by: Petri Savolainen petri.savolainen@linaro.org
    Signed-off-by: Maxim Uvarov maxim.uvarov@linaro.org
diff --git a/include/odp/api/spec/crypto.h b/include/odp/api/spec/crypto.h
index e27860a3..c59f6602 100644
--- a/include/odp/api/spec/crypto.h
+++ b/include/odp/api/spec/crypto.h
@@ -198,6 +198,13 @@ typedef enum {
     */
    ODP_AUTH_ALG_AES_CMAC,
+	/** AES-XCBC-MAC
+	 *
+	 *  AES CBC MAC for arbitrary-length messages (XCBC-MAC).
+	 *
+	 */
+	ODP_AUTH_ALG_AES_XCBC_MAC,
+
    /** ChaCha20-Poly1305 AEAD
     *
     *  ChaCha20 with Poly1305 provide both authentication and ciphering of
@@ -299,6 +306,9 @@ typedef union odp_crypto_auth_algos_t {
    	/** ODP_AUTH_ALG_AES_CMAC*/
    	uint32_t aes_cmac    : 1;
+		/** ODP_AUTH_ALG_AES_XCBC_MAC*/
+		uint32_t aes_xcbc_mac    : 1;
+
    	/** ODP_AUTH_ALG_CHACHA20_POLY1305 */
    	uint32_t chacha20_poly1305 : 1;
commit fae927777349fba5bcf1eb558856d2994b483877
Author: Dmitry Eremin-Solenikov dmitry.ereminsolenikov@linaro.org
Date:   Fri Feb 2 21:52:16 2018 +0300
api: crypto: add SHA-384 enumerations
Following SonicWall proposal, add SHA-384 algorithm enumerations.
Signed-off-by: Dmitry Eremin-Solenikov dmitry.ereminsolenikov@linaro.org
    Reviewed-by: Bill Fischofer bill.fischofer@linaro.org
    Reviewed-by: Petri Savolainen petri.savolainen@linaro.org
    Signed-off-by: Maxim Uvarov maxim.uvarov@linaro.org
diff --git a/include/odp/api/spec/crypto.h b/include/odp/api/spec/crypto.h
index b7ab5362..e27860a3 100644
--- a/include/odp/api/spec/crypto.h
+++ b/include/odp/api/spec/crypto.h
@@ -143,6 +143,12 @@ typedef enum {
     */
    ODP_AUTH_ALG_SHA256_HMAC,
+	 /** HMAC-SHA-384
+	 *
+	 *  SHA-384 algorithm in HMAC mode
+	 */
+	ODP_AUTH_ALG_SHA384_HMAC,
+
    /** HMAC-SHA-512
     *
     *  SHA-512 algorithm in HMAC mode
@@ -275,6 +281,9 @@ typedef union odp_crypto_auth_algos_t {
    	/** ODP_AUTH_ALG_SHA256_HMAC */
    	uint32_t sha256_hmac : 1;
+		/** ODP_AUTH_ALG_SHA384_HMAC */
+		uint32_t sha384_hmac : 1;
+
    	/** ODP_AUTH_ALG_SHA512_HMAC */
    	uint32_t sha512_hmac : 1;
commit 6d129fc5aaf50594c2c04a3907d012497a985391
Author: Petri Savolainen petri.savolainen@linaro.org
Date:   Thu Jan 18 14:45:03 2018 +0200
api: ipsec: inbound inner packet checksum capability
Add inbound inner packet checksum check capability. When
    e.g. L4 checksum checking is not implemented in HW, it may
    be better to leave checking for application, as it would
    check only those packets that need the check.
Signed-off-by: Petri Savolainen petri.savolainen@linaro.org
    Reviewed-by: Balasubramanian Manoharan bala.manoharan@linaro.org
    Reviewed-by:  Dmitry Eremin-Solenikov dmitry.ereminsolenikov@linaro.org
    Signed-off-by: Maxim Uvarov maxim.uvarov@linaro.org
diff --git a/include/odp/api/spec/ipsec.h b/include/odp/api/spec/ipsec.h
index 665dc07b..2d1c4d9b 100644
--- a/include/odp/api/spec/ipsec.h
+++ b/include/odp/api/spec/ipsec.h
@@ -238,6 +238,11 @@ typedef struct odp_ipsec_capability_t {
     */
    odp_support_t retain_header;
+	/**
+	 * Inner packet checksum check offload support in inbound direction.
+	 */
+	odp_proto_chksums_t chksums_in;
+
    /** Maximum number of different destination CoSes in classification
     *  pipelining. The same CoS may be used for many SAs. This is equal or
     *  less than 'max_cos' capability in classifier API.
commit 6b78210a7538f212f5ee7a38eef1f20c01c5fac7
Author: Petri Savolainen petri.savolainen@linaro.org
Date:   Tue Jan 23 13:50:24 2018 +0200
api: ipsec: outbound TFC padding and dummy packets
Specify how application can request TFC padding and dummy
    packet creation at output. Application can use
    odp_ipsec_out_opt_t options to reguest addition of TFC
    padding, or creation of a TFC dummy packet
    (next header = 59). IP parameter override options are needed
    for tunnel mode dummy packet creation as there's no IP header
    to copy e.g. DSCP or flow label values to tunnel IP header.
Signed-off-by: Petri Savolainen petri.savolainen@linaro.org
    Reviewed-by: Balasubramanian Manoharan bala.manoharan@linaro.org
    Reviewed-by:  Dmitry Eremin-Solenikov dmitry.ereminsolenikov@linaro.org
    Signed-off-by: Maxim Uvarov maxim.uvarov@linaro.org
diff --git a/include/odp/api/spec/ipsec.h b/include/odp/api/spec/ipsec.h
index 721f9685..665dc07b 100644
--- a/include/odp/api/spec/ipsec.h
+++ b/include/odp/api/spec/ipsec.h
@@ -991,6 +991,22 @@ typedef struct odp_ipsec_out_opt_t {
    		/** Use fragmentation mode option */
    		uint32_t frag_mode: 1;
+			/** Use TFC padding length option */
+			uint32_t tfc_pad:   1;
+
+			/** Tunnel mode TFC dummy packet. This can be used only
+			 *  in tunnel mode. When the flag is set, packet length
+			 *  and content is ignored and instead a TFC dummy
+			 *  packet is created during IPSEC operation. The dummy
+			 *  packet length is defined by 'tfc_pad_len' option.
+			 *  If the SA is configured to copy IP header fields
+			 *  from inner IP packet, those fields must be passed
+			 *  with IP parameters option. */
+			uint32_t tfc_dummy: 1;
+
+			/** Use IP parameters option */
+			uint32_t ip_param:  1;
+
    	} flag;
/** All flag bits */
@@ -1000,6 +1016,26 @@ typedef struct odp_ipsec_out_opt_t {
    /** Fragmentation mode */
    odp_ipsec_frag_mode_t frag_mode;
+	/** TFC padding length
+	 *
+	 *  Number of TFC padding bytes added to the packet during IPSEC
+	 *  processing. Resulting packet should not exceed the maximum packet
+	 *  length of the pool, otherwise IPSEC operation may fail.
+	 *  Implementation guarantees that the padding does not contain any
+	 *  confidential information. */
+	uint32_t tfc_pad_len;
+
+	/** Union of IP parameters */
+	union {
+		/** Override IPv4 parameters in outer header creation.
+		 *  IP addresses are ignored. */
+		odp_ipsec_ipv4_param_t ipv4;
+
+		/** Override IPv6 parameters in outer header creation.
+		 *  IP addresses are ignored. */
+		odp_ipsec_ipv6_param_t ipv6;
+	};
+
 } odp_ipsec_out_opt_t;
/**
@@ -1302,7 +1338,13 @@ int odp_ipsec_in(const odp_packet_t pkt_in[], int num_in,
  * The operation does packet transformation according to IPSEC standards (see
  * e.g. RFC 4302 and 4303). Resulting packets are well formed IP packets
  * with IPSEC, etc headers constructed according to the standards. The amount
- * and content of packet data before the IP header is undefined.
+ * and content of packet data before the IP header is undefined. Use outbound
+ * operation parameters to specify the amount of TFC padding appended to
+ * the packet during IPSEC transformation. Options can be used also to create
+ * TFC dummy packets. Packet data content is ignored in tunnel mode TFC dummy
+ * packet creation as tfc_pad_len option defines solely the packet length.
+ * In all other cases, payload length for the IPSEC transformation is specified
+ * by odp_packet_len() minus odp_packet_l3_offset() plus tfc_pad_len option.
  *
  * Each successfully transformed packet has a valid value for these metadata:
  * - L3 offset: Offset to the first byte of the (outmost) IP header
commit 89362efefe04306f1f91ab73c0e90f9a49ffbf45
Author: Petri Savolainen petri.savolainen@linaro.org
Date:   Tue Jan 23 13:46:26 2018 +0200
api: ipsec: inbound TFC padding and dummy packets
Specify how application can recognize TFC padding and dummy
    packets at input. Packet metadata for L3/L4 protocol type
    indicate if the original packet was an IP or a TFC dummy packet.
    When packet length is larger than protocol fields indicate,
    some TFC padding remain in the packet.
Signed-off-by: Petri Savolainen petri.savolainen@linaro.org
    Reviewed-by: Balasubramanian Manoharan bala.manoharan@linaro.org
    Reviewed-by:  Dmitry Eremin-Solenikov dmitry.ereminsolenikov@linaro.org
    Signed-off-by: Maxim Uvarov maxim.uvarov@linaro.org
diff --git a/include/odp/api/spec/ipsec.h b/include/odp/api/spec/ipsec.h
index 08533d80..721f9685 100644
--- a/include/odp/api/spec/ipsec.h
+++ b/include/odp/api/spec/ipsec.h
@@ -1226,12 +1226,23 @@ typedef struct odp_ipsec_status_t {
  * e.g. RFC 4302 and 4303). Resulting packets are well formed, reconstructed
  * original IP packets, with IPSEC headers removed and valid header field values
  * restored. The amount and content of packet data before the IP header is
- * undefined.
+ * undefined. Some amount of TFC padding may follow the IP packet payload,
+ * in which case packet length is larger than protocol headers indicate.
+ * TFC dummy packets have l3_type set to ODP_PROTO_L3_TYPE_NONE in tunnel mode
+ * or l4_type set to ODP_PROTO_L4_TYPE_NO_NEXT in transport mode. Dummy
+ * packets contain implementation specific amount of (dummy) data. Furthermore,
+ * inline IPSEC processing may drop dummy packets.
  *
  * Each successfully transformed packet has a valid value for these metadata
  * regardless of the inner packet parse configuration
  * (odp_ipsec_inbound_config_t):
- * - L3 offset: Offset to the first byte of the (outmost) IP header
+ * - l3_offset: Offset to the first byte of the original IP packet. The value
+ *              is implementation specific for tunnel mode TFC dummy packets.
+ * - l3_type:   Specifies if the original packet is IPv4 or IPv6. For tunnel
+ *              mode TFC dummy packets set to ODP_PROTO_L3_TYPE_NONE.
+ * - l4_type:   Always set to ODP_PROTO_L4_TYPE_NO_NEXT for transport mode dummy
+ *              packets. Otherwise, depends on parse configuration. Default
+ *              value is ODP_PROTO_L4_TYPE_NONE.
  * - pktio:     For inline IPSEC processed packets, original packet input
  *              interface
  *
commit 0977cf1ba3a1a514516e8de01c0dfd916af27d6d
Author: Petri Savolainen petri.savolainen@linaro.org
Date:   Tue Jan 23 13:37:20 2018 +0200
api: ipsec: outbound operation option flags
Add flags to select which options application uses. Currently,
    there's no ambiguity, but as soon as there are multiple options
    implementation needs to know which options are used and which
    are ignored.
Signed-off-by: Petri Savolainen petri.savolainen@linaro.org
    Reviewed-by: Balasubramanian Manoharan bala.manoharan@linaro.org
    Reviewed-by:  Dmitry Eremin-Solenikov dmitry.ereminsolenikov@linaro.org
    Signed-off-by: Maxim Uvarov maxim.uvarov@linaro.org
diff --git a/include/odp/api/spec/ipsec.h b/include/odp/api/spec/ipsec.h
index 1060a3ee..08533d80 100644
--- a/include/odp/api/spec/ipsec.h
+++ b/include/odp/api/spec/ipsec.h
@@ -983,6 +983,20 @@ typedef struct odp_ipsec_op_flag_t {
  * These may be used to override some SA level options
  */
 typedef struct odp_ipsec_out_opt_t {
+	/** Union of all flag bits */
+	union {
+		/** Option flags. Set flag for those options that are
+		 *  used, all other options are ignored. */
+		struct {
+			/** Use fragmentation mode option */
+			uint32_t frag_mode: 1;
+
+		} flag;
+
+		/** All flag bits */
+		uint32_t all_flags;
+	};
+
    /** Fragmentation mode */
    odp_ipsec_frag_mode_t frag_mode;
commit f586a074c3377ae004eec1dd1d90b2b463cb85e5
Author: Petri Savolainen petri.savolainen@linaro.org
Date:   Thu Jan 18 13:26:56 2018 +0200
api: ipsec: rename fragmentation mode option
Rename outbound operation fragmentation options to frag_mode.
    Frag_mode is used elsewhere in the API and "mode" is too generic
    term for it (not future proof).
Signed-off-by: Petri Savolainen petri.savolainen@linaro.org
    Reviewed-by: Balasubramanian Manoharan bala.manoharan@linaro.org
    Reviewed-by:  Dmitry Eremin-Solenikov dmitry.ereminsolenikov@linaro.org
    Signed-off-by: Maxim Uvarov maxim.uvarov@linaro.org
diff --git a/include/odp/api/spec/ipsec.h b/include/odp/api/spec/ipsec.h
index c78afbe3..1060a3ee 100644
--- a/include/odp/api/spec/ipsec.h
+++ b/include/odp/api/spec/ipsec.h
@@ -984,7 +984,7 @@ typedef struct odp_ipsec_op_flag_t {
  */
 typedef struct odp_ipsec_out_opt_t {
    /** Fragmentation mode */
-	odp_ipsec_frag_mode_t mode;
+	odp_ipsec_frag_mode_t frag_mode;
} odp_ipsec_out_opt_t;
diff --git a/platform/linux-generic/odp_ipsec.c b/platform/linux-generic/odp_ipsec.c
index 9e329264..3e6a8098 100644
--- a/platform/linux-generic/odp_ipsec.c
+++ b/platform/linux-generic/odp_ipsec.c
@@ -1307,7 +1307,7 @@ static ipsec_sa_t *ipsec_out_single(odp_packet_t pkt,
    ipsec_sa = _odp_ipsec_sa_use(sa);
    ODP_ASSERT(NULL != ipsec_sa);
-	if ((opt && opt->mode == ODP_IPSEC_FRAG_CHECK) ||
+	if ((opt && opt->frag_mode == ODP_IPSEC_FRAG_CHECK) ||
        (!opt && ipsec_sa->out.frag_mode == ODP_IPSEC_FRAG_CHECK))
    	mtu = ipsec_sa->out.mtu;
    else
diff --git a/test/validation/api/ipsec/ipsec_test_out.c b/test/validation/api/ipsec/ipsec_test_out.c
index 0f49c7e1..2850ddfa 100644
--- a/test/validation/api/ipsec/ipsec_test_out.c
+++ b/test/validation/api/ipsec/ipsec_test_out.c
@@ -572,7 +572,7 @@ static void test_out_ipv4_ah_sha256_frag_check(void)
    ipsec_test_part test2 = {
    	.pkt_in = &pkt_ipv4_icmp_0,
    	.num_opt = 1,
-		.opt = { .mode = ODP_IPSEC_FRAG_DISABLED, },
+		.opt = { .frag_mode = ODP_IPSEC_FRAG_DISABLED, },
    	.out_pkt = 1,
    	.out = {
    		{ .status.warn.all = 0,
@@ -665,7 +665,7 @@ static void test_out_ipv4_esp_null_sha256_frag_check(void)
    ipsec_test_part test2 = {
    	.pkt_in = &pkt_ipv4_icmp_0,
    	.num_opt = 1,
-		.opt = { .mode = ODP_IPSEC_FRAG_DISABLED, },
+		.opt = { .frag_mode = ODP_IPSEC_FRAG_DISABLED, },
    	.out_pkt = 1,
    	.out = {
    		{ .status.warn.all = 0,
commit a7ba3dfd6c69f9c8ea4767380f165683c5ad0056
Author: Petri Savolainen petri.savolainen@linaro.org
Date:   Thu Jan 18 11:02:27 2018 +0200
api: ipsec: IP header parameter types
Create IP header parameter types, so that those can be used
    also outside of SA parameter struct.
Signed-off-by: Petri Savolainen petri.savolainen@linaro.org
    Reviewed-by: Balasubramanian Manoharan bala.manoharan@linaro.org
    Reviewed-by:  Dmitry Eremin-Solenikov dmitry.ereminsolenikov@linaro.org
    Signed-off-by: Maxim Uvarov maxim.uvarov@linaro.org
diff --git a/include/odp/api/spec/ipsec.h b/include/odp/api/spec/ipsec.h
index 47e3045f..c78afbe3 100644
--- a/include/odp/api/spec/ipsec.h
+++ b/include/odp/api/spec/ipsec.h
@@ -382,6 +382,44 @@ typedef struct odp_ipsec_crypto_param_t {
} odp_ipsec_crypto_param_t;
+/** IPv4 header parameters */
+typedef struct odp_ipsec_ipv4_param_t {
+	/** IPv4 source address (NETWORK ENDIAN) */
+	void *src_addr;
+
+	/** IPv4 destination address (NETWORK ENDIAN) */
+	void *dst_addr;
+
+	/** IPv4 Differentiated Services Code Point */
+	uint8_t dscp;
+
+	/** IPv4 Don't Fragment bit */
+	uint8_t df;
+
+	/** IPv4 Time To Live */
+	uint8_t ttl;
+
+} odp_ipsec_ipv4_param_t;
+
+/** IPv6 header parameters */
+typedef struct odp_ipsec_ipv6_param_t {
+	/** IPv6 source address (NETWORK ENDIAN) */
+	void *src_addr;
+
+	/** IPv6 destination address (NETWORK ENDIAN) */
+	void *dst_addr;
+
+	/** IPv6 flow label */
+	uint32_t flabel;
+
+	/** IPv6 Differentiated Services Code Point */
+	uint8_t dscp;
+
+	/** IPv6 hop limit */
+	uint8_t hlimit;
+
+} odp_ipsec_ipv6_param_t;
+
 /**
  * IPSEC tunnel parameters
  *
@@ -397,40 +435,10 @@ typedef struct odp_ipsec_tunnel_param_t {
    /** Variant mappings for tunnel parameters */
    union {
    	/** IPv4 header parameters */
-		struct {
-			/** IPv4 source address (NETWORK ENDIAN) */
-			void *src_addr;
-
-			/** IPv4 destination address (NETWORK ENDIAN) */
-			void *dst_addr;
-
-			/** IPv4 Differentiated Services Code Point */
-			uint8_t dscp;
-
-			/** IPv4 Don't Fragment bit */
-			uint8_t df;
-
-			/** IPv4 Time To Live */
-			uint8_t ttl;
-		} ipv4;
+		odp_ipsec_ipv4_param_t ipv4;
/** IPv6 header parameters */
-		struct {
-			/** IPv6 source address (NETWORK ENDIAN) */
-			void *src_addr;
-
-			/** IPv6 destination address (NETWORK ENDIAN) */
-			void *dst_addr;
-
-			/** IPv6 Differentiated Services Code Point */
-			uint8_t dscp;
-
-			/** IPv6 flow label */
-			uint32_t flabel;
-
-			/** IPv6 hop limit */
-			uint8_t hlimit;
-		} ipv6;
+		odp_ipsec_ipv6_param_t ipv6;
    };
 } odp_ipsec_tunnel_param_t;
commit 0ab5d3c6a6953b05a1cef183e546370c5e1b4018
Author: Petri Savolainen petri.savolainen@linaro.org
Date:   Wed Jan 31 15:03:20 2018 +0200
api: packet: add protocol type enumeration
Add enumerations for L3 and L4 protocol types, and functions
    to request those.
Signed-off-by: Petri Savolainen petri.savolainen@linaro.org
    Reviewed-by: Balasubramanian Manoharan bala.manoharan@linaro.org
    Reviewed-by:  Dmitry Eremin-Solenikov dmitry.ereminsolenikov@linaro.org
    Signed-off-by: Maxim Uvarov maxim.uvarov@linaro.org
diff --git a/include/odp/api/abi-default/packet.h b/include/odp/api/abi-default/packet.h
index 10eed530..d3a1753f 100644
--- a/include/odp/api/abi-default/packet.h
+++ b/include/odp/api/abi-default/packet.h
@@ -30,6 +30,34 @@ typedef _odp_abi_packet_seg_t *odp_packet_seg_t;
 #define ODP_PACKET_SEG_INVALID    ((odp_packet_seg_t)0xffffffff)
 #define ODP_PACKET_OFFSET_INVALID 0xffff
+typedef uint8_t odp_proto_l3_type_t;
+
+#define ODP_PROTO_L3_TYPE_NONE   0
+#define ODP_PROTO_L3_TYPE_ARP    1
+#define ODP_PROTO_L3_TYPE_RARP   2
+#define ODP_PROTO_L3_TYPE_MPLS   3
+#define ODP_PROTO_L3_TYPE_IPV4   4
+#define ODP_PROTO_L3_TYPE_IPV6   6
+
+typedef uint8_t odp_proto_l4_type_t;
+
+/* Numbers from IANA Assigned Internet Protocol Numbers list */
+#define ODP_PROTO_L4_TYPE_NONE      0
+#define ODP_PROTO_L4_TYPE_ICMPV4    1
+#define ODP_PROTO_L4_TYPE_IGMP      2
+#define ODP_PROTO_L4_TYPE_IPV4      4
+#define ODP_PROTO_L4_TYPE_TCP       6
+#define ODP_PROTO_L4_TYPE_UDP       17
+#define ODP_PROTO_L4_TYPE_IPV6      41
+#define ODP_PROTO_L4_TYPE_GRE       47
+#define ODP_PROTO_L4_TYPE_ESP       50
+#define ODP_PROTO_L4_TYPE_AH        51
+#define ODP_PROTO_L4_TYPE_ICMPV6    58
+#define ODP_PROTO_L4_TYPE_NO_NEXT   59
+#define ODP_PROTO_L4_TYPE_IPCOMP    108
+#define ODP_PROTO_L4_TYPE_SCTP      132
+#define ODP_PROTO_L4_TYPE_ROHC      142
+
 typedef enum {
    ODP_PACKET_GREEN = 0,
    ODP_PACKET_YELLOW = 1,
diff --git a/include/odp/api/spec/packet.h b/include/odp/api/spec/packet.h
index 3222ff5c..4be515c7 100644
--- a/include/odp/api/spec/packet.h
+++ b/include/odp/api/spec/packet.h
@@ -71,6 +71,79 @@ extern "C" {
   * Packet is red
   */
+/**
+ * @typedef odp_proto_l3_type_t
+ * Layer 3 protocol type
+ */
+
+/**
+ * @def ODP_PROTO_L3_TYPE_NONE
+ * Layer 3 protocol type not defined
+ *
+ * @def ODP_PROTO_L3_TYPE_ARP
+ * Layer 3 protocol is ARP
+ *
+ * @def ODP_PROTO_L3_TYPE_RARP
+ * Layer 3 protocol is RARP
+ *
+ * @def ODP_PROTO_L3_TYPE_MPLS
+ * Layer 3 protocol is MPLS
+ *
+ * @def ODP_PROTO_L3_TYPE_IPV4
+ * Layer 3 protocol type is IPv4
+ *
+ * @def ODP_PROTO_L3_TYPE_IPV6
+ * Layer 3 protocol type is IPv6
+ */
+
+/**
+ * @def ODP_PROTO_L4_TYPE_NONE
+ * Layer 4 protocol type not defined
+ *
+ * @def ODP_PROTO_L4_TYPE_ICMPV4
+ * Layer 4 protocol type is ICMPv4
+ *
+ * @def ODP_PROTO_L4_TYPE_IGMP
+ * Layer 4 protocol type is IGMP
+ *
+ * @def ODP_PROTO_L4_TYPE_IPV4
+ * Layer 4 protocol type is IPv4
+ *
+ * @def ODP_PROTO_L4_TYPE_TCP
+ * Layer 4 protocol type is TCP
+ *
+ * @def ODP_PROTO_L4_TYPE_UDP
+ * Layer 4 protocol type is UDP
+ *
+ * @def ODP_PROTO_L4_TYPE_IPV6
+ * Layer 4 protocol type is IPv6
+ *
+ * @def ODP_PROTO_L4_TYPE_GRE
+ * Layer 4 protocol type is GRE
+ *
+ * @def ODP_PROTO_L4_TYPE_ESP
+ * Layer 4 protocol type is IPSEC ESP
+ *
+ * @def ODP_PROTO_L4_TYPE_AH
+ * Layer 4 protocol type is IPSEC AH
+ *
+ * @def ODP_PROTO_L4_TYPE_ICMPV6
+ * Layer 4 protocol type is ICMPv6
+ *
+ * @def ODP_PROTO_L4_TYPE_NO_NEXT
+ * Layer 4 protocol type is "No Next Header".
+ * Protocol / next header number is 59.
+ *
+ * @def ODP_PROTO_L4_TYPE_IPCOMP
+ * Layer 4 protocol type is IP Payload Compression Protocol
+ *
+ * @def ODP_PROTO_L4_TYPE_SCTP
+ * Layer 4 protocol type is SCTP
+ *
+ * @def ODP_PROTO_L4_TYPE_ROHC
+ * Layer 4 protocol type is ROHC
+ */
+
 /**
  * Protocol
  */
@@ -1542,6 +1615,28 @@ uint32_t odp_packet_l4_offset(odp_packet_t pkt);
  */
 int odp_packet_l4_offset_set(odp_packet_t pkt, uint32_t offset);
+/**
+ * Layer 3 protocol type
+ *
+ * Returns layer 3 protocol type. Initial type value is ODP_PROTO_L3_TYPE_NONE.
+ *
+ * @param      pkt      Packet handle
+ *
+ * @return Layer 3 protocol type
+ */
+odp_proto_l3_type_t odp_packet_l3_type(odp_packet_t pkt);
+
+/**
+ * Layer 4 protocol type
+ *
+ * Returns layer 4 protocol type. Initial type value is ODP_PROTO_L4_TYPE_NONE.
+ *
+ * @param      pkt      Packet handle
+ *
+ * @return Layer 4 protocol type
+ */
+odp_proto_l4_type_t odp_packet_l4_type(odp_packet_t pkt);
+
 /**
  * Layer 3 checksum check status
  *
diff --git a/platform/linux-generic/include-abi/odp/api/abi/packet.h b/platform/linux-generic/include-abi/odp/api/abi/packet.h
index 66948aa1..5d4673fc 100644
--- a/platform/linux-generic/include-abi/odp/api/abi/packet.h
+++ b/platform/linux-generic/include-abi/odp/api/abi/packet.h
@@ -47,6 +47,34 @@ static inline odp_packet_seg_t _odp_packet_seg_from_ndx(uint8_t ndx)
#define ODP_PACKET_SEG_INVALID ((odp_packet_seg_t)-1)
+typedef uint8_t odp_proto_l3_type_t;
+
+#define ODP_PROTO_L3_TYPE_NONE   0
+#define ODP_PROTO_L3_TYPE_ARP    1
+#define ODP_PROTO_L3_TYPE_RARP   2
+#define ODP_PROTO_L3_TYPE_MPLS   3
+#define ODP_PROTO_L3_TYPE_IPV4   4
+#define ODP_PROTO_L3_TYPE_IPV6   6
+
+typedef uint8_t odp_proto_l4_type_t;
+
+/* Numbers from IANA Assigned Internet Protocol Numbers list */
+#define ODP_PROTO_L4_TYPE_NONE      0
+#define ODP_PROTO_L4_TYPE_ICMPV4    1
+#define ODP_PROTO_L4_TYPE_IGMP      2
+#define ODP_PROTO_L4_TYPE_IPV4      4
+#define ODP_PROTO_L4_TYPE_TCP       6
+#define ODP_PROTO_L4_TYPE_UDP       17
+#define ODP_PROTO_L4_TYPE_IPV6      41
+#define ODP_PROTO_L4_TYPE_GRE       47
+#define ODP_PROTO_L4_TYPE_ESP       50
+#define ODP_PROTO_L4_TYPE_AH        51
+#define ODP_PROTO_L4_TYPE_ICMPV6    58
+#define ODP_PROTO_L4_TYPE_NO_NEXT   59
+#define ODP_PROTO_L4_TYPE_IPCOMP    108
+#define ODP_PROTO_L4_TYPE_SCTP      132
+#define ODP_PROTO_L4_TYPE_ROHC      142
+
 typedef enum {
    ODP_PACKET_GREEN = 0,
    ODP_PACKET_YELLOW = 1,
commit ea94c80f13bc020580ac4e1ab7530ef07d2a8fba
Author: Dmitry Eremin-Solenikov dmitry.ereminsolenikov@linaro.org
Date:   Wed Jan 24 08:03:56 2018 +0300
linux-gen: ipsec: support ChaCha20-Poly1305
Support IPsec ChaCha20-Poly1305 on top of linux-generic's crypto
    support.
Signed-off-by: Dmitry Eremin-Solenikov dmitry.ereminsolenikov@linaro.org
    Reviewed-by: Bill Fischofer bill.fischofer@linaro.org
    Signed-off-by: Maxim Uvarov maxim.uvarov@linaro.org
diff --git a/platform/linux-generic/odp_ipsec.c b/platform/linux-generic/odp_ipsec.c
index 8d897771..9e329264 100644
--- a/platform/linux-generic/odp_ipsec.c
+++ b/platform/linux-generic/odp_ipsec.c
@@ -112,6 +112,7 @@ int odp_ipsec_auth_capability(odp_auth_alg_t auth,
    		continue;
if (ODP_AUTH_ALG_AES_GCM == auth ||
+		    ODP_AUTH_ALG_CHACHA20_POLY1305 == auth ||
    	    ODP_DEPRECATE(ODP_AUTH_ALG_AES128_GCM) == auth) {
    		uint8_t aad_len = 12;
diff --git a/platform/linux-generic/odp_ipsec_sad.c b/platform/linux-generic/odp_ipsec_sad.c
index d5348c45..3ac8c49c 100644
--- a/platform/linux-generic/odp_ipsec_sad.c
+++ b/platform/linux-generic/odp_ipsec_sad.c
@@ -220,6 +220,8 @@ uint32_t _odp_ipsec_cipher_iv_len(odp_cipher_alg_t cipher)
 #endif
    case ODP_CIPHER_ALG_AES_GCM:
    	return 12;
+	case ODP_CIPHER_ALG_CHACHA20_POLY1305:
+		return 12;
    default:
    	return (uint32_t)-1;
    }
@@ -250,6 +252,8 @@ uint32_t _odp_ipsec_auth_digest_len(odp_auth_alg_t auth)
    case ODP_AUTH_ALG_AES_GCM:
    case ODP_AUTH_ALG_AES_GMAC:
    	return 16;
+	case ODP_AUTH_ALG_CHACHA20_POLY1305:
+		return 16;
    default:
    	return (uint32_t)-1;
    }
@@ -403,6 +407,11 @@ odp_ipsec_sa_t odp_ipsec_sa_create(const odp_ipsec_sa_param_t *param)
    	ipsec_sa->esp_iv_len = 8;
    	ipsec_sa->esp_block_len = 16;
    	break;
+	case ODP_CIPHER_ALG_CHACHA20_POLY1305:
+		ipsec_sa->use_counter_iv = 1;
+		ipsec_sa->esp_iv_len = 8;
+		ipsec_sa->esp_block_len = 1;
+		break;
    default:
    	goto error;
    }
@@ -422,6 +431,9 @@ odp_ipsec_sa_t odp_ipsec_sa_create(const odp_ipsec_sa_param_t *param)
    	ipsec_sa->esp_block_len = 16;
    	crypto_param.auth_iv.length = 12;
    	break;
+	case ODP_AUTH_ALG_CHACHA20_POLY1305:
+		crypto_param.auth_aad_len = sizeof(ipsec_aad_t);
+		break;
    default:
    	break;
    }
commit 9bc5e8752b73340377665e9c11a13a1d1822f349
Author: Dmitry Eremin-Solenikov dmitry.ereminsolenikov@linaro.org
Date:   Wed Jan 24 08:03:19 2018 +0300
validation: ipsec: add ChaCha20-Poly1305 test vectors
Signed-off-by: Dmitry Eremin-Solenikov dmitry.ereminsolenikov@linaro.org
    Reviewed-by: Bill Fischofer bill.fischofer@linaro.org
    Signed-off-by: Maxim Uvarov maxim.uvarov@linaro.org
diff --git a/test/validation/api/ipsec/ipsec.c b/test/validation/api/ipsec/ipsec.c
index e97ff611..cdaf04f5 100644
--- a/test/validation/api/ipsec/ipsec.c
+++ b/test/validation/api/ipsec/ipsec.c
@@ -177,6 +177,10 @@ int ipsec_check(odp_bool_t ah,
    	if (!capa.ciphers.bit.aes_gcm)
    		return ODP_TEST_INACTIVE;
    	break;
+	case ODP_CIPHER_ALG_CHACHA20_POLY1305:
+		if (!capa.ciphers.bit.chacha20_poly1305)
+			return ODP_TEST_INACTIVE;
+		break;
    default:
    	fprintf(stderr, "Unsupported cipher algorithm\n");
    	return ODP_TEST_INACTIVE;
@@ -212,6 +216,10 @@ int ipsec_check(odp_bool_t ah,
    	if (!capa.auths.bit.aes_gmac)
    		return ODP_TEST_INACTIVE;
    	break;
+	case ODP_AUTH_ALG_CHACHA20_POLY1305:
+		if (!capa.auths.bit.chacha20_poly1305)
+			return ODP_TEST_INACTIVE;
+		break;
    default:
    	fprintf(stderr, "Unsupported authentication algorithm\n");
    	return ODP_TEST_INACTIVE;
@@ -313,6 +321,12 @@ int ipsec_check_esp_null_aes_gmac_128(void)
    			ODP_AUTH_ALG_AES_GMAC, 128);
 }
+int ipsec_check_esp_chacha20_poly1305(void)
+{
+	return  ipsec_check_esp(ODP_CIPHER_ALG_CHACHA20_POLY1305, 256,
+				ODP_AUTH_ALG_CHACHA20_POLY1305, 0);
+}
+
 void ipsec_sa_param_fill(odp_ipsec_sa_param_t *param,
    		 odp_bool_t in,
    		 odp_bool_t ah,
diff --git a/test/validation/api/ipsec/ipsec.h b/test/validation/api/ipsec/ipsec.h
index 31ebed78..7ba9ef10 100644
--- a/test/validation/api/ipsec/ipsec.h
+++ b/test/validation/api/ipsec/ipsec.h
@@ -91,5 +91,6 @@ int ipsec_check_esp_aes_gcm_128(void);
 int ipsec_check_esp_aes_gcm_256(void);
 int ipsec_check_ah_aes_gmac_128(void);
 int ipsec_check_esp_null_aes_gmac_128(void);
+int ipsec_check_esp_chacha20_poly1305(void);
#endif
diff --git a/test/validation/api/ipsec/ipsec_test_in.c b/test/validation/api/ipsec/ipsec_test_in.c
index 8a82abe4..8138defb 100644
--- a/test/validation/api/ipsec/ipsec_test_in.c
+++ b/test/validation/api/ipsec/ipsec_test_in.c
@@ -1136,6 +1136,37 @@ static void test_in_ipv4_mcgrew_gcm_15_esp(void)
    ipsec_sa_destroy(sa);
 }
+static void test_in_ipv4_rfc7634_chacha(void)
+{
+	odp_ipsec_tunnel_param_t tunnel = {};
+	odp_ipsec_sa_param_t param;
+	odp_ipsec_sa_t sa;
+
+	ipsec_sa_param_fill(&param,
+			    true, false, 0x01020304, &tunnel,
+			    ODP_CIPHER_ALG_CHACHA20_POLY1305, &key_rfc7634,
+			    ODP_AUTH_ALG_CHACHA20_POLY1305, NULL,
+			    &key_rfc7634_salt);
+
+	sa = odp_ipsec_sa_create(&param);
+
+	CU_ASSERT_NOT_EQUAL_FATAL(ODP_IPSEC_SA_INVALID, sa);
+
+	ipsec_test_part test = {
+		.pkt_in = &pkt_ipv4_rfc7634_esp,
+		.out_pkt = 1,
+		.out = {
+			{ .status.warn.all = 0,
+			  .status.error.all = 0,
+			  .pkt_out = &pkt_ipv4_rfc7634},
+		},
+	};
+
+	ipsec_check_in_one(&test, sa);
+
+	ipsec_sa_destroy(sa);
+}
+
 static void test_in_ipv4_ah_aes_gmac_128(void)
 {
    odp_ipsec_sa_param_t param;
@@ -1474,6 +1505,8 @@ odp_testinfo_t ipsec_in_suite[] = {
 #endif
    ODP_TEST_INFO_CONDITIONAL(test_in_ipv4_mcgrew_gcm_15_esp,
    			  ipsec_check_esp_null_aes_gmac_128),
+	ODP_TEST_INFO_CONDITIONAL(test_in_ipv4_rfc7634_chacha,
+				  ipsec_check_esp_chacha20_poly1305),
    ODP_TEST_INFO_CONDITIONAL(test_in_ipv4_ah_sha256,
    			  ipsec_check_ah_sha256),
    ODP_TEST_INFO_CONDITIONAL(test_in_ipv4_ah_sha256_tun_ipv4,
diff --git a/test/validation/api/ipsec/ipsec_test_out.c b/test/validation/api/ipsec/ipsec_test_out.c
index 971fbbf8..0f49c7e1 100644
--- a/test/validation/api/ipsec/ipsec_test_out.c
+++ b/test/validation/api/ipsec/ipsec_test_out.c
@@ -500,6 +500,48 @@ static void test_out_ipv4_esp_null_aes_gmac_128(void)
    ipsec_sa_destroy(sa);
 }
+static void test_out_ipv4_esp_chacha20_poly1305(void)
+{
+	odp_ipsec_sa_param_t param;
+	odp_ipsec_sa_t sa;
+	odp_ipsec_sa_t sa2;
+
+	ipsec_sa_param_fill(&param,
+			    false, false, 123, NULL,
+			    ODP_CIPHER_ALG_CHACHA20_POLY1305, &key_rfc7634,
+			    ODP_AUTH_ALG_CHACHA20_POLY1305, NULL,
+			    &key_rfc7634_salt);
+
+	sa = odp_ipsec_sa_create(&param);
+
+	CU_ASSERT_NOT_EQUAL_FATAL(ODP_IPSEC_SA_INVALID, sa);
+
+	ipsec_sa_param_fill(&param,
+			    true, false, 123, NULL,
+			    ODP_CIPHER_ALG_CHACHA20_POLY1305, &key_rfc7634,
+			    ODP_AUTH_ALG_CHACHA20_POLY1305, NULL,
+			    &key_rfc7634_salt);
+
+	sa2 = odp_ipsec_sa_create(&param);
+
+	CU_ASSERT_NOT_EQUAL_FATAL(ODP_IPSEC_SA_INVALID, sa2);
+
+	ipsec_test_part test = {
+		.pkt_in = &pkt_ipv4_icmp_0,
+		.out_pkt = 1,
+		.out = {
+			{ .status.warn.all = 0,
+			  .status.error.all = 0,
+			  .pkt_out = &pkt_ipv4_icmp_0 },
+		},
+	};
+
+	ipsec_check_out_in_one(&test, sa, sa2);
+
+	ipsec_sa_destroy(sa2);
+	ipsec_sa_destroy(sa);
+}
+
 static void test_out_ipv4_ah_sha256_frag_check(void)
 {
    odp_ipsec_sa_param_t param;
@@ -978,6 +1020,8 @@ odp_testinfo_t ipsec_out_suite[] = {
    			  ipsec_check_ah_aes_gmac_128),
    ODP_TEST_INFO_CONDITIONAL(test_out_ipv4_esp_null_aes_gmac_128,
    			  ipsec_check_esp_null_aes_gmac_128),
+	ODP_TEST_INFO_CONDITIONAL(test_out_ipv4_esp_chacha20_poly1305,
+				  ipsec_check_esp_chacha20_poly1305),
    ODP_TEST_INFO_CONDITIONAL(test_out_ipv4_ah_sha256_frag_check,
    			  ipsec_check_ah_sha256),
    ODP_TEST_INFO_CONDITIONAL(test_out_ipv4_ah_sha256_frag_check_2,
diff --git a/test/validation/api/ipsec/test_vectors.h b/test/validation/api/ipsec/test_vectors.h
index 4732d6ca..f14fdb2b 100644
--- a/test/validation/api/ipsec/test_vectors.h
+++ b/test/validation/api/ipsec/test_vectors.h
@@ -48,6 +48,11 @@ KEY(key_mcgrew_gcm_salt_12, 0xd9, 0x66, 0x42, 0x67);
 KEY(key_mcgrew_gcm_15, 0x4c, 0x80, 0xcd, 0xef, 0xbb, 0x5d, 0x10, 0xda,
    	       0x90, 0x6a, 0xc7, 0x3c, 0x36, 0x13, 0xa6, 0x34);
 KEY(key_mcgrew_gcm_salt_15, 0x22, 0x43, 0x3c, 0x64);
+KEY(key_rfc7634, 0x80, 0x81, 0x82, 0x83, 0x84, 0x85, 0x86, 0x87,
+		 0x88, 0x89, 0x8a, 0x8b, 0x8c, 0x8d, 0x8e, 0x8f,
+		 0x90, 0x91, 0x92, 0x93, 0x94, 0x95, 0x96, 0x97,
+		 0x98, 0x99, 0x9a, 0x9b, 0x9c, 0x9d, 0x9e, 0x9f);
+KEY(key_rfc7634_salt, 0xa0, 0xa1, 0xa2, 0xa3);
static const ODP_UNUSED ipsec_test_packet pkt_ipv4_icmp_0 = {
    .len = 142,
@@ -1730,6 +1735,67 @@ static const ipsec_test_packet pkt_mcgrew_gcm_test_15_esp = {
    },
 };
+static const ODP_UNUSED ipsec_test_packet pkt_ipv4_rfc7634 = {
+	.len = 98,
+	.l2_offset = 0,
+	.l3_offset = 14,
+	.l4_offset = 34,
+	.data = {
+		/* ETH - not a part of RFC, added for simplicity */
+		0xf1, 0xf1, 0xf1, 0xf1, 0xf1, 0xf1,
+		0xf2, 0xf2, 0xf2, 0xf2, 0xf2, 0xf2, 0x08, 0x00,
+
+		/* IP */
+		0x45, 0x00, 0x00, 0x54, 0xa6, 0xf2, 0x00, 0x00,
+		0x40, 0x01, 0xe7, 0x78, 0xc6, 0x33, 0x64, 0x05,
+		0xc0, 0x00, 0x02, 0x05,
+
+		/* ICMP */
+		0x08, 0x00, 0x5b, 0x7a, 0x3a, 0x08, 0x00, 0x00,
+		0x55, 0x3b, 0xec, 0x10, 0x00, 0x07, 0x36, 0x27,
+		0x08, 0x09, 0x0a, 0x0b, 0x0c, 0x0d, 0x0e, 0x0f,
+		0x10, 0x11, 0x12, 0x13, 0x14, 0x15, 0x16, 0x17,
+		0x18, 0x19, 0x1a, 0x1b, 0x1c, 0x1d, 0x1e, 0x1f,
+		0x20, 0x21, 0x22, 0x23, 0x24, 0x25, 0x26, 0x27,
+		0x28, 0x29, 0x2a, 0x2b, 0x2c, 0x2d, 0x2e, 0x2f,
+		0x30, 0x31, 0x32, 0x33, 0x34, 0x35, 0x36, 0x37,
+	},
+};
+
+static const ODP_UNUSED ipsec_test_packet pkt_ipv4_rfc7634_esp = {
+	.len = 154,
+	.l2_offset = 0,
+	.l3_offset = 14,
+	.l4_offset = 34,
+	.data = {
+		/* ETH - not a part of RFC, added for simplicity */
+		0xf1, 0xf1, 0xf1, 0xf1, 0xf1, 0xf1,
+		0xf2, 0xf2, 0xf2, 0xf2, 0xf2, 0xf2, 0x08, 0x00,
+
+		/* IP */
+		0x45, 0x00, 0x00, 0x8c, 0x23, 0x45, 0x00, 0x00,
+		0x40, 0x32, 0xde, 0x5b, 0xcb, 0x00, 0x71, 0x99,
+		0xcb, 0x00, 0x71, 0x05,
+
+		/* ESP */
+		0x01, 0x02, 0x03, 0x04, 0x00, 0x00, 0x00, 0x05,
+		0x10, 0x11, 0x12, 0x13, 0x14, 0x15, 0x16, 0x17,
+		0x24, 0x03, 0x94, 0x28, 0xb9, 0x7f, 0x41, 0x7e,
+		0x3c, 0x13, 0x75, 0x3a, 0x4f, 0x05, 0x08, 0x7b,
+		0x67, 0xc3, 0x52, 0xe6, 0xa7, 0xfa, 0xb1, 0xb9,
+		0x82, 0xd4, 0x66, 0xef, 0x40, 0x7a, 0xe5, 0xc6,
+		0x14, 0xee, 0x80, 0x99, 0xd5, 0x28, 0x44, 0xeb,
+		0x61, 0xaa, 0x95, 0xdf, 0xab, 0x4c, 0x02, 0xf7,
+		0x2a, 0xa7, 0x1e, 0x7c, 0x4c, 0x4f, 0x64, 0xc9,
+		0xbe, 0xfe, 0x2f, 0xac, 0xc6, 0x38, 0xe8, 0xf3,
+		0xcb, 0xec, 0x16, 0x3f, 0xac, 0x46, 0x9b, 0x50,
+		0x27, 0x73, 0xf6, 0xfb, 0x94, 0xe6, 0x64, 0xda,
+		0x91, 0x65, 0xb8, 0x28, 0x29, 0xf6, 0x41, 0xe0,
+		0x76, 0xaa, 0xa8, 0x26, 0x6b, 0x7f, 0xb0, 0xf7,
+		0xb1, 0x1b, 0x36, 0x99, 0x07, 0xe1, 0xad, 0x43,
+	},
+};
+
 static const ODP_UNUSED ipsec_test_packet
    	pkt_ipv6_icmp_0_esp_udp_null_sha256_1 = {
    .len = 206,
commit fa944ab886b990f8b5deae944c6fb674aead29ef
Author: Dmitry Eremin-Solenikov dmitry.ereminsolenikov@linaro.org
Date:   Sat Jan 27 04:50:06 2018 +0300
linux-gen: crypto: implement AES-CMAC
Signed-off-by: Dmitry Eremin-Solenikov dmitry.ereminsolenikov@linaro.org
    Reviewed-by: Bill Fischofer bill.fischofer@linaro.org
    Signed-off-by: Maxim Uvarov maxim.uvarov@linaro.org
diff --git a/platform/linux-generic/odp_crypto.c b/platform/linux-generic/odp_crypto.c
index 40b1dbe4..f1d5fcad 100644
--- a/platform/linux-generic/odp_crypto.c
+++ b/platform/linux-generic/odp_crypto.c
@@ -25,6 +25,7 @@
#include <openssl/rand.h>
 #include <openssl/hmac.h>
+#include <openssl/cmac.h>
 #include <openssl/evp.h>
#if (OPENSSL_VERSION_NUMBER >= 0x10100000L) && !defined(OPENSSL_NO_POLY1305)
@@ -108,6 +109,14 @@ static const odp_crypto_auth_capability_t auth_capa_aes_gmac[] = {
 {.digest_len = 16, .key_len = 16, .aad_len = {.min = 0, .max = 0, .inc = 0},
    .iv_len = 12 } };
+static const odp_crypto_auth_capability_t auth_capa_aes_cmac[] = {
+{.digest_len = 12, .key_len = 16, .aad_len = {.min = 0, .max = 0, .inc = 0} },
+{.digest_len = 16, .key_len = 16, .aad_len = {.min = 0, .max = 0, .inc = 0} },
+{.digest_len = 12, .key_len = 24, .aad_len = {.min = 0, .max = 0, .inc = 0} },
+{.digest_len = 16, .key_len = 24, .aad_len = {.min = 0, .max = 0, .inc = 0} },
+{.digest_len = 12, .key_len = 32, .aad_len = {.min = 0, .max = 0, .inc = 0} },
+{.digest_len = 16, .key_len = 32, .aad_len = {.min = 0, .max = 0, .inc = 0} } };
+
 #if _ODP_HAVE_CHACHA20_POLY1305
 static const odp_crypto_auth_capability_t auth_capa_chacha20_poly1305[] = {
 {.digest_len = 16, .key_len = 0, .aad_len = {.min = 8, .max = 12, .inc = 4} } };
@@ -177,6 +186,7 @@ static odp_crypto_global_t *global;
typedef struct crypto_local_t {
    HMAC_CTX *hmac_ctx[MAX_SESSIONS];
+	CMAC_CTX *cmac_ctx[MAX_SESSIONS];
    EVP_CIPHER_CTX *cipher_ctx[MAX_SESSIONS];
    EVP_CIPHER_CTX *mac_cipher_ctx[MAX_SESSIONS];
    uint8_t *ctx_valid;
@@ -344,6 +354,93 @@ odp_crypto_alg_err_t auth_hmac_check(odp_packet_t pkt,
    return ODP_CRYPTO_ALG_ERR_NONE;
 }
+static void
+auth_cmac_init(odp_crypto_generic_session_t *session)
+{
+	CMAC_CTX *ctx = local.cmac_ctx[session->idx];
+
+	CMAC_Init(ctx,
+		  session->auth.key,
+		  session->p.auth_key.length,
+		  session->auth.evp_cipher,
+		  NULL);
+}
+
+static
+void packet_cmac(odp_packet_t pkt,
+		 const odp_crypto_packet_op_param_t *param,
+		 odp_crypto_generic_session_t *session,
+		 uint8_t *hash)
+{
+	CMAC_CTX *ctx = local.cmac_ctx[session->idx];
+	uint32_t offset = param->auth_range.offset;
+	uint32_t len   = param->auth_range.length;
+	size_t outlen;
+
+	ODP_ASSERT(offset + len <= odp_packet_len(pkt));
+
+	/* Reinitialize CMAC calculation without resetting the key */
+	CMAC_Init(ctx, NULL, 0, NULL, NULL);
+
+	while (len > 0) {
+		uint32_t seglen = 0; /* GCC */
+		void *mapaddr = odp_packet_offset(pkt, offset, &seglen, NULL);
+		uint32_t maclen = len > seglen ? seglen : len;
+
+		CMAC_Update(ctx, mapaddr, maclen);
+		offset  += maclen;
+		len     -= maclen;
+	}
+
+	CMAC_Final(ctx, hash, &outlen);
+}
+
+static
+odp_crypto_alg_err_t auth_cmac_gen(odp_packet_t pkt,
+				   const odp_crypto_packet_op_param_t *param,
+				   odp_crypto_generic_session_t *session)
+{
+	uint8_t  hash[EVP_MAX_MD_SIZE];
+
+	/* Hash it */
+	packet_cmac(pkt, param, session, hash);
+
+	/* Copy to the output location */
+	odp_packet_copy_from_mem(pkt,
+				 param->hash_result_offset,
+				 session->p.auth_digest_len,
+				 hash);
+
+	return ODP_CRYPTO_ALG_ERR_NONE;
+}
+
+static
+odp_crypto_alg_err_t auth_cmac_check(odp_packet_t pkt,
+				     const odp_crypto_packet_op_param_t *param,
+				     odp_crypto_generic_session_t *session)
+{
+	uint32_t bytes = session->p.auth_digest_len;
+	uint8_t  hash_in[EVP_MAX_MD_SIZE];
+	uint8_t  hash_out[EVP_MAX_MD_SIZE];
+
+	/* Copy current value out and clear it before authentication */
+	odp_packet_copy_to_mem(pkt, param->hash_result_offset,
+			       bytes, hash_in);
+
+	_odp_packet_set_data(pkt, param->hash_result_offset,
+			     0, bytes);
+
+	/* Hash it */
+	packet_cmac(pkt, param, session, hash_out);
+
+	/* Verify match */
+	if (0 != memcmp(hash_in, hash_out, bytes))
+		return ODP_CRYPTO_ALG_ERR_ICV_CHECK;
+
+	/* Matched */
+	return ODP_CRYPTO_ALG_ERR_NONE;
+}
+
 static
 int internal_aad(EVP_CIPHER_CTX *ctx,
    	 odp_packet_t pkt,
@@ -1001,6 +1098,35 @@ static int process_auth_hmac_param(odp_crypto_generic_session_t *session,
    return 0;
 }
+static int process_auth_cmac_param(odp_crypto_generic_session_t *session,
+				   const EVP_CIPHER *cipher)
+{
+	/* Verify Key len is valid */
+	if ((uint32_t)EVP_CIPHER_key_length(cipher) !=
+	    session->p.auth_key.length)
+		return -1;
+
+	/* Set function */
+	if (ODP_CRYPTO_OP_ENCODE == session->p.op)
+		session->auth.func = auth_cmac_gen;
+	else
+		session->auth.func = auth_cmac_check;
+	session->auth.init = auth_cmac_init;
+
+	session->auth.evp_cipher = cipher;
+
+	/* Number of valid bytes */
+	if (session->p.auth_digest_len <
+	    (unsigned)EVP_CIPHER_block_size(cipher) / 2)
+		return -1;
+
+	/* Convert keys */
+	memcpy(session->auth.key, session->p.auth_key.data,
+	       session->p.auth_key.length);
+
+	return 0;
+}
+
 int odp_crypto_capability(odp_crypto_capability_t *capa)
 {
    if (NULL == capa)
@@ -1030,6 +1156,7 @@ int odp_crypto_capability(odp_crypto_capability_t *capa)
    capa->auths.bit.aes_gcm      = 1;
    capa->auths.bit.aes_ccm      = 1;
    capa->auths.bit.aes_gmac     = 1;
+	capa->auths.bit.aes_cmac     = 1;
 #if _ODP_HAVE_CHACHA20_POLY1305
    capa->auths.bit.chacha20_poly1305 = 1;
 #endif
@@ -1138,6 +1265,10 @@ int odp_crypto_auth_capability(odp_auth_alg_t auth,
    	src = auth_capa_aes_ccm;
    	num = sizeof(auth_capa_aes_ccm) / size;
    	break;
+	case ODP_AUTH_ALG_AES_CMAC:
+		src = auth_capa_aes_cmac;
+		num = sizeof(auth_capa_aes_cmac) / size;
+		break;
 #if _ODP_HAVE_CHACHA20_POLY1305
    case ODP_AUTH_ALG_CHACHA20_POLY1305:
    	src = auth_capa_chacha20_poly1305;
@@ -1374,6 +1505,19 @@ odp_crypto_session_create(odp_crypto_session_param_t *param,
    		rc = -1;
    	}
    	break;
+	case ODP_AUTH_ALG_AES_CMAC:
+		if (param->auth_key.length == 16)
+			rc = process_auth_cmac_param(session,
+						     EVP_aes_128_cbc());
+		else if (param->auth_key.length == 24)
+			rc = process_auth_cmac_param(session,
+						     EVP_aes_192_cbc());
+		else if (param->auth_key.length == 32)
+			rc = process_auth_cmac_param(session,
+						     EVP_aes_256_cbc());
+		else
+			rc = -1;
+		break;
 #if _ODP_HAVE_CHACHA20_POLY1305
    case ODP_AUTH_ALG_CHACHA20_POLY1305:
    	/* ChaCha20_Poly1305 requires to do both auth and
@@ -1561,6 +1705,7 @@ int _odp_crypto_init_local(void)
for (i = 0; i < MAX_SESSIONS; i++) {
    	local.hmac_ctx[i] = HMAC_CTX_new();
+		local.cmac_ctx[i] = CMAC_CTX_new();
    	local.cipher_ctx[i] = EVP_CIPHER_CTX_new();
    	local.mac_cipher_ctx[i] = EVP_CIPHER_CTX_new();
@@ -1584,6 +1729,8 @@ int _odp_crypto_term_local(void)
    unsigned i;
for (i = 0; i < MAX_SESSIONS; i++) {
+		if (local.cmac_ctx[i] != NULL)
+			CMAC_CTX_free(local.cmac_ctx[i]);
    	if (local.hmac_ctx[i] != NULL)
    		HMAC_CTX_free(local.hmac_ctx[i]);
    	if (local.cipher_ctx[i] != NULL)
commit 60176e6d6d64427dfd9e0fd1688fabcb492a3def
Author: Dmitry Eremin-Solenikov dmitry.ereminsolenikov@linaro.org
Date:   Sat Jan 27 04:07:42 2018 +0300
linux-gen: crypto: rename auth functions
Point that current authentication functions use HMAC by including hmac
    in their names.
Signed-off-by: Dmitry Eremin-Solenikov dmitry.ereminsolenikov@linaro.org
    Reviewed-by: Bill Fischofer bill.fischofer@linaro.org
    Signed-off-by: Maxim Uvarov maxim.uvarov@linaro.org
diff --git a/platform/linux-generic/odp_crypto.c b/platform/linux-generic/odp_crypto.c
index a0fff174..40b1dbe4 100644
--- a/platform/linux-generic/odp_crypto.c
+++ b/platform/linux-generic/odp_crypto.c
@@ -149,8 +149,6 @@ struct odp_crypto_generic_session_t {
    struct {
    	uint8_t  key[EVP_MAX_KEY_LENGTH];
    	uint8_t  iv_data[EVP_MAX_IV_LENGTH];
-		uint32_t key_length;
-		uint32_t bytes;
    	union {
    		const EVP_MD *evp_md;
    		const EVP_CIPHER *evp_cipher;
@@ -260,13 +258,13 @@ static void HMAC_CTX_free(HMAC_CTX *ctx)
 #endif
static void
-auth_init(odp_crypto_generic_session_t *session)
+auth_hmac_init(odp_crypto_generic_session_t *session)
 {
    HMAC_CTX *ctx = local.hmac_ctx[session->idx];
HMAC_Init_ex(ctx,
    	     session->auth.key,
-		     session->auth.key_length,
+		     session->p.auth_key.length,
    	     session->auth.evp_md,
    	     NULL);
 }
@@ -301,9 +299,9 @@ void packet_hmac(odp_packet_t pkt,
 }
static
-odp_crypto_alg_err_t auth_gen(odp_packet_t pkt,
-			      const odp_crypto_packet_op_param_t *param,
-			      odp_crypto_generic_session_t *session)
+odp_crypto_alg_err_t auth_hmac_gen(odp_packet_t pkt,
+				   const odp_crypto_packet_op_param_t *param,
+				   odp_crypto_generic_session_t *session)
 {
    uint8_t  hash[EVP_MAX_MD_SIZE];
@@ -320,9 +318,9 @@ odp_crypto_alg_err_t auth_gen(odp_packet_t pkt,
 }
static
-odp_crypto_alg_err_t auth_check(odp_packet_t pkt,
-				const odp_crypto_packet_op_param_t *param,
-				odp_crypto_generic_session_t *session)
+odp_crypto_alg_err_t auth_hmac_check(odp_packet_t pkt,
+				     const odp_crypto_packet_op_param_t *param,
+				     odp_crypto_generic_session_t *session)
 {
    uint32_t bytes = session->p.auth_digest_len;
    uint8_t  hash_in[EVP_MAX_MD_SIZE];
@@ -824,12 +822,24 @@ static int process_aes_gmac_param(odp_crypto_generic_session_t *session,
    return 0;
 }
+static void
+aes_ccm_encrypt_init(odp_crypto_generic_session_t *session)
+{
+	EVP_CIPHER_CTX *ctx = local.cipher_ctx[session->idx];
+
+	EVP_EncryptInit_ex(ctx, session->cipher.evp_cipher, NULL,
+			   NULL, NULL);
+	EVP_CIPHER_CTX_ctrl(ctx, EVP_CTRL_CCM_SET_IVLEN,
+			    session->p.cipher_iv.length, NULL);
+	EVP_CIPHER_CTX_set_padding(ctx, 0);
+}
+
 static
 odp_crypto_alg_err_t aes_ccm_encrypt(odp_packet_t pkt,
    			     const odp_crypto_packet_op_param_t *param,
    			     odp_crypto_generic_session_t *session)
 {
-	EVP_CIPHER_CTX *ctx;
+	EVP_CIPHER_CTX *ctx = local.cipher_ctx[session->idx];
    const uint8_t *aad_head = param->aad_ptr;
    uint32_t aad_len = session->p.auth_aad_len;
    void *iv_ptr;
@@ -847,16 +857,9 @@ odp_crypto_alg_err_t aes_ccm_encrypt(odp_packet_t pkt,
    else
    	return ODP_CRYPTO_ALG_ERR_IV_INVALID;
-	/* Encrypt it */
-	ctx = EVP_CIPHER_CTX_new();
-	EVP_EncryptInit_ex(ctx, session->cipher.evp_cipher, NULL,
-			   NULL, NULL);
-	EVP_CIPHER_CTX_ctrl(ctx, EVP_CTRL_CCM_SET_IVLEN,
-			    session->p.cipher_iv.length, NULL);
    EVP_CIPHER_CTX_ctrl(ctx, EVP_CTRL_CCM_SET_TAG,
    		    session->p.auth_digest_len, NULL);
    EVP_EncryptInit_ex(ctx, NULL, NULL, session->cipher.key_data, iv_ptr);
-	EVP_CIPHER_CTX_set_padding(ctx, 0);
/* Set len */
    EVP_EncryptUpdate(ctx, NULL, &dummy_len, NULL, in_len);
@@ -882,18 +885,28 @@ odp_crypto_alg_err_t aes_ccm_encrypt(odp_packet_t pkt,
    odp_packet_copy_from_mem(pkt, param->hash_result_offset,
    			 session->p.auth_digest_len, block);
-	EVP_CIPHER_CTX_free(ctx);
-
    return ret <= 0 ? ODP_CRYPTO_ALG_ERR_DATA_SIZE :
    		  ODP_CRYPTO_ALG_ERR_NONE;
 }
+static void
+aes_ccm_decrypt_init(odp_crypto_generic_session_t *session)
+{
+	EVP_CIPHER_CTX *ctx = local.cipher_ctx[session->idx];
+
+	EVP_DecryptInit_ex(ctx, session->cipher.evp_cipher, NULL,
+			   session->cipher.key_data, NULL);
+	EVP_CIPHER_CTX_ctrl(ctx, EVP_CTRL_GCM_SET_IVLEN,
+			    session->p.cipher_iv.length, NULL);
+	EVP_CIPHER_CTX_set_padding(ctx, 0);
+}
+
 static
 odp_crypto_alg_err_t aes_ccm_decrypt(odp_packet_t pkt,
    			     const odp_crypto_packet_op_param_t *param,
    			     odp_crypto_generic_session_t *session)
 {
-	EVP_CIPHER_CTX *ctx;
+	EVP_CIPHER_CTX *ctx = local.cipher_ctx[session->idx];
    const uint8_t *aad_head = param->aad_ptr;
    uint32_t aad_len = session->p.auth_aad_len;
    void *iv_ptr;
@@ -911,18 +924,11 @@ odp_crypto_alg_err_t aes_ccm_decrypt(odp_packet_t pkt,
    else
    	return ODP_CRYPTO_ALG_ERR_IV_INVALID;
-	/* Decrypt it */
-	ctx = EVP_CIPHER_CTX_new();
-	EVP_DecryptInit_ex(ctx, session->cipher.evp_cipher, NULL,
-			   NULL, NULL);
-	EVP_CIPHER_CTX_ctrl(ctx, EVP_CTRL_CCM_SET_IVLEN,
-			    session->p.cipher_iv.length, NULL);
    odp_packet_copy_to_mem(pkt, param->hash_result_offset,
    		       session->p.auth_digest_len, block);
    EVP_CIPHER_CTX_ctrl(ctx, EVP_CTRL_CCM_SET_TAG,
    		    session->p.auth_digest_len, block);
    EVP_DecryptInit_ex(ctx, NULL, NULL, session->cipher.key_data, iv_ptr);
-	EVP_CIPHER_CTX_set_padding(ctx, 0);
/* Set len */
    EVP_DecryptUpdate(ctx, NULL, &dummy_len, NULL, in_len);
@@ -943,8 +949,6 @@ odp_crypto_alg_err_t aes_ccm_decrypt(odp_packet_t pkt,
    odp_packet_copy_from_mem(pkt, param->cipher_range.offset, in_len,
    			 data);
-	EVP_CIPHER_CTX_free(ctx);
-
    return ret <= 0 ? ODP_CRYPTO_ALG_ERR_ICV_CHECK :
    		  ODP_CRYPTO_ALG_ERR_NONE;
 }
@@ -963,24 +967,26 @@ static int process_aes_ccm_param(odp_crypto_generic_session_t *session,
    session->cipher.evp_cipher = cipher;
/* Set function */
-	if (ODP_CRYPTO_OP_ENCODE == session->p.op)
+	if (ODP_CRYPTO_OP_ENCODE == session->p.op) {
    	session->cipher.func = aes_ccm_encrypt;
-	else
+		session->cipher.init = aes_ccm_encrypt_init;
+	} else {
    	session->cipher.func = aes_ccm_decrypt;
+		session->cipher.init = aes_ccm_decrypt_init;
+	}
return 0;
 }
-static int process_auth_param(odp_crypto_generic_session_t *session,
-			      uint32_t key_length,
-			      const EVP_MD *evp_md)
+static int process_auth_hmac_param(odp_crypto_generic_session_t *session,
+				   const EVP_MD *evp_md)
 {
    /* Set function */
    if (ODP_CRYPTO_OP_ENCODE == session->p.op)
-		session->auth.func = auth_gen;
+		session->auth.func = auth_hmac_gen;
    else
-		session->auth.func = auth_check;
-	session->auth.init = auth_init;
+		session->auth.func = auth_hmac_check;
+	session->auth.init = auth_hmac_init;
session->auth.evp_md = evp_md;
@@ -989,9 +995,8 @@ static int process_auth_param(odp_crypto_generic_session_t *session,
    	return -1;
/* Convert keys */
-	session->auth.key_length = key_length;
    memcpy(session->auth.key, session->p.auth_key.data,
-	       session->auth.key_length);
+	       session->p.auth_key.length);
return 0;
 }
@@ -1312,10 +1317,10 @@ odp_crypto_session_create(odp_crypto_session_param_t *param,
 #endif
    	/* Fallthrough */
    case ODP_AUTH_ALG_MD5_HMAC:
-		rc = process_auth_param(session, 16, EVP_md5());
+		rc = process_auth_hmac_param(session, EVP_md5());
    	break;
    case ODP_AUTH_ALG_SHA1_HMAC:
-		rc = process_auth_param(session, 20, EVP_sha1());
+		rc = process_auth_hmac_param(session, EVP_sha1());
    	break;
 #if ODP_DEPRECATED_API
    case ODP_AUTH_ALG_SHA256_128:
@@ -1324,10 +1329,10 @@ odp_crypto_session_create(odp_crypto_session_param_t *param,
 #endif
    	/* Fallthrough */
    case ODP_AUTH_ALG_SHA256_HMAC:
-		rc = process_auth_param(session, 32, EVP_sha256());
+		rc = process_auth_hmac_param(session, EVP_sha256());
    	break;
    case ODP_AUTH_ALG_SHA512_HMAC:
-		rc = process_auth_param(session, 64, EVP_sha512());
+		rc = process_auth_hmac_param(session, EVP_sha512());
    	break;
 #if ODP_DEPRECATED_API
    case ODP_AUTH_ALG_AES128_GCM:
@@ -1363,6 +1368,7 @@ odp_crypto_session_create(odp_crypto_session_param_t *param,
    	 * cipher at the same time */
    	if (param->cipher_alg == ODP_CIPHER_ALG_AES_CCM) {
    		session->auth.func = null_crypto_routine;
+			session->auth.init = null_crypto_init_routine;
    		rc = 0;
    	} else {
    		rc = -1;
commit 5765254404be8772e60fda5143a07e61133c7db6
Author: Dmitry Eremin-Solenikov dmitry.ereminsolenikov@linaro.org
Date:   Sat Jan 27 03:47:34 2018 +0300
linux-gen: crypto: provide AES-CCM implementation
AES-CCM support in OpenSSL is quite unique: it requires whole data to be
    passed in single EVP_EncryptUpdate/EVP_DecryptUpdate call. Supporting
    this requires copying data back-and-forth between packet and temporary
    buffer.
Signed-off-by: Dmitry Eremin-Solenikov dmitry.ereminsolenikov@linaro.org
    Reviewed-by: Bill Fischofer bill.fischofer@linaro.org
    Signed-off-by: Maxim Uvarov maxim.uvarov@linaro.org
diff --git a/platform/linux-generic/odp_crypto.c b/platform/linux-generic/odp_crypto.c
index 995e0921..a0fff174 100644
--- a/platform/linux-generic/odp_crypto.c
+++ b/platform/linux-generic/odp_crypto.c
@@ -61,6 +61,14 @@ static const odp_crypto_cipher_capability_t cipher_capa_aes_gcm[] = {
 {.key_len = 24, .iv_len = 12},
 {.key_len = 32, .iv_len = 12} };
+static const odp_crypto_cipher_capability_t cipher_capa_aes_ccm[] = {
+{.key_len = 16, .iv_len = 11},
+{.key_len = 16, .iv_len = 13},
+{.key_len = 24, .iv_len = 11},
+{.key_len = 24, .iv_len = 13},
+{.key_len = 32, .iv_len = 11},
+{.key_len = 32, .iv_len = 13} };
+
 #if _ODP_HAVE_CHACHA20_POLY1305
 static const odp_crypto_cipher_capability_t cipher_capa_chacha20_poly1305[] = {
 {.key_len = 32, .iv_len = 12} };
@@ -93,6 +101,9 @@ static const odp_crypto_auth_capability_t auth_capa_sha512_hmac[] = {
 static const odp_crypto_auth_capability_t auth_capa_aes_gcm[] = {
 {.digest_len = 16, .key_len = 0, .aad_len = {.min = 8, .max = 12, .inc = 4} } };
+static const odp_crypto_auth_capability_t auth_capa_aes_ccm[] = {
+{.digest_len = 8, .key_len = 0, .aad_len = {.min = 8, .max = 12, .inc = 4} } };
+
 static const odp_crypto_auth_capability_t auth_capa_aes_gmac[] = {
 {.digest_len = 16, .key_len = 16, .aad_len = {.min = 0, .max = 0, .inc = 0},
    .iv_len = 12 } };
@@ -813,6 +824,153 @@ static int process_aes_gmac_param(odp_crypto_generic_session_t *session,
    return 0;
 }
+static
+odp_crypto_alg_err_t aes_ccm_encrypt(odp_packet_t pkt,
+				     const odp_crypto_packet_op_param_t *param,
+				     odp_crypto_generic_session_t *session)
+{
+	EVP_CIPHER_CTX *ctx;
+	const uint8_t *aad_head = param->aad_ptr;
+	uint32_t aad_len = session->p.auth_aad_len;
+	void *iv_ptr;
+	int dummy_len = 0;
+	int cipher_len;
+	uint32_t in_len = param->cipher_range.length;
+	uint8_t data[in_len];
+	uint8_t block[EVP_MAX_MD_SIZE];
+	int ret;
+
+	if (param->cipher_iv_ptr)
+		iv_ptr = param->cipher_iv_ptr;
+	else if (session->p.cipher_iv.data)
+		iv_ptr = session->cipher.iv_data;
+	else
+		return ODP_CRYPTO_ALG_ERR_IV_INVALID;
+
+	/* Encrypt it */
+	ctx = EVP_CIPHER_CTX_new();
+	EVP_EncryptInit_ex(ctx, session->cipher.evp_cipher, NULL,
+			   NULL, NULL);
+	EVP_CIPHER_CTX_ctrl(ctx, EVP_CTRL_CCM_SET_IVLEN,
+			    session->p.cipher_iv.length, NULL);
+	EVP_CIPHER_CTX_ctrl(ctx, EVP_CTRL_CCM_SET_TAG,
+			    session->p.auth_digest_len, NULL);
+	EVP_EncryptInit_ex(ctx, NULL, NULL, session->cipher.key_data, iv_ptr);
+	EVP_CIPHER_CTX_set_padding(ctx, 0);
+
+	/* Set len */
+	EVP_EncryptUpdate(ctx, NULL, &dummy_len, NULL, in_len);
+
+	/* Authenticate header data (if any) without encrypting them */
+	if (aad_len > 0)
+		EVP_EncryptUpdate(ctx, NULL, &dummy_len,
+				  aad_head, aad_len);
+
+	odp_packet_copy_to_mem(pkt, param->cipher_range.offset, in_len,
+			       data);
+
+	EVP_EncryptUpdate(ctx, data, &cipher_len, data, in_len);
+
+	ret = EVP_EncryptFinal_ex(ctx, data + cipher_len, &dummy_len);
+	cipher_len += dummy_len;
+
+	odp_packet_copy_from_mem(pkt, param->cipher_range.offset, in_len,
+				 data);
+
+	EVP_CIPHER_CTX_ctrl(ctx, EVP_CTRL_CCM_GET_TAG,
+			    session->p.auth_digest_len, block);
+	odp_packet_copy_from_mem(pkt, param->hash_result_offset,
+				 session->p.auth_digest_len, block);
+
+	EVP_CIPHER_CTX_free(ctx);
+
+	return ret <= 0 ? ODP_CRYPTO_ALG_ERR_DATA_SIZE :
+			  ODP_CRYPTO_ALG_ERR_NONE;
+}
+
+static
+odp_crypto_alg_err_t aes_ccm_decrypt(odp_packet_t pkt,
+				     const odp_crypto_packet_op_param_t *param,
+				     odp_crypto_generic_session_t *session)
+{
+	EVP_CIPHER_CTX *ctx;
+	const uint8_t *aad_head = param->aad_ptr;
+	uint32_t aad_len = session->p.auth_aad_len;
+	void *iv_ptr;
+	int dummy_len = 0;
+	int cipher_len;
+	uint32_t in_len = param->cipher_range.length;
+	uint8_t data[in_len];
+	uint8_t block[EVP_MAX_MD_SIZE];
+	int ret;
+
+	if (param->cipher_iv_ptr)
+		iv_ptr = param->cipher_iv_ptr;
+	else if (session->p.cipher_iv.data)
+		iv_ptr = session->cipher.iv_data;
+	else
+		return ODP_CRYPTO_ALG_ERR_IV_INVALID;
+
+	/* Decrypt it */
+	ctx = EVP_CIPHER_CTX_new();
+	EVP_DecryptInit_ex(ctx, session->cipher.evp_cipher, NULL,
+			   NULL, NULL);
+	EVP_CIPHER_CTX_ctrl(ctx, EVP_CTRL_CCM_SET_IVLEN,
+			    session->p.cipher_iv.length, NULL);
+	odp_packet_copy_to_mem(pkt, param->hash_result_offset,
+			       session->p.auth_digest_len, block);
+	EVP_CIPHER_CTX_ctrl(ctx, EVP_CTRL_CCM_SET_TAG,
+			    session->p.auth_digest_len, block);
+	EVP_DecryptInit_ex(ctx, NULL, NULL, session->cipher.key_data, iv_ptr);
+	EVP_CIPHER_CTX_set_padding(ctx, 0);
+
+	/* Set len */
+	EVP_DecryptUpdate(ctx, NULL, &dummy_len, NULL, in_len);
+
+	/* Authenticate header data (if any) without encrypting them */
+	if (aad_len > 0)
+		EVP_DecryptUpdate(ctx, NULL, &dummy_len,
+				  aad_head, aad_len);
+
+	odp_packet_copy_to_mem(pkt, param->cipher_range.offset, in_len,
+			       data);
+
+	ret = EVP_DecryptUpdate(ctx, data, &cipher_len, data, in_len);
+
+	EVP_DecryptFinal_ex(ctx, data + cipher_len, &dummy_len);
+	cipher_len += dummy_len;
+
+	odp_packet_copy_from_mem(pkt, param->cipher_range.offset, in_len,
+				 data);
+
+	EVP_CIPHER_CTX_free(ctx);
+
+	return ret <= 0 ? ODP_CRYPTO_ALG_ERR_ICV_CHECK :
+			  ODP_CRYPTO_ALG_ERR_NONE;
+}
+
+static int process_aes_ccm_param(odp_crypto_generic_session_t *session,
+				 const EVP_CIPHER *cipher)
+{
+	/* Verify Key len is valid */
+	if ((uint32_t)EVP_CIPHER_key_length(cipher) !=
+	    session->p.cipher_key.length)
+		return -1;
+
+	memcpy(session->cipher.key_data, session->p.cipher_key.data,
+	       session->p.cipher_key.length);
+
+	session->cipher.evp_cipher = cipher;
+
+	/* Set function */
+	if (ODP_CRYPTO_OP_ENCODE == session->p.op)
+		session->cipher.func = aes_ccm_encrypt;
+	else
+		session->cipher.func = aes_ccm_decrypt;
+
+	return 0;
+}
+
 static int process_auth_param(odp_crypto_generic_session_t *session,
    		      uint32_t key_length,
    		      const EVP_MD *evp_md)
@@ -854,6 +1012,7 @@ int odp_crypto_capability(odp_crypto_capability_t *capa)
    capa->ciphers.bit.aes_cbc    = 1;
    capa->ciphers.bit.aes_ctr    = 1;
    capa->ciphers.bit.aes_gcm    = 1;
+	capa->ciphers.bit.aes_ccm    = 1;
 #if _ODP_HAVE_CHACHA20_POLY1305
    capa->ciphers.bit.chacha20_poly1305 = 1;
 #endif
@@ -864,6 +1023,7 @@ int odp_crypto_capability(odp_crypto_capability_t *capa)
    capa->auths.bit.sha256_hmac  = 1;
    capa->auths.bit.sha512_hmac  = 1;
    capa->auths.bit.aes_gcm      = 1;
+	capa->auths.bit.aes_ccm      = 1;
    capa->auths.bit.aes_gmac     = 1;
 #if _ODP_HAVE_CHACHA20_POLY1305
    capa->auths.bit.chacha20_poly1305 = 1;
@@ -911,6 +1071,10 @@ int odp_crypto_cipher_capability(odp_cipher_alg_t cipher,
    	src = cipher_capa_aes_gcm;
    	num = sizeof(cipher_capa_aes_gcm) / size;
    	break;
+	case ODP_CIPHER_ALG_AES_CCM:
+		src = cipher_capa_aes_ccm;
+		num = sizeof(cipher_capa_aes_ccm) / size;
+		break;
 #if _ODP_HAVE_CHACHA20_POLY1305
    case ODP_CIPHER_ALG_CHACHA20_POLY1305:
    	src = cipher_capa_chacha20_poly1305;
@@ -965,6 +1129,10 @@ int odp_crypto_auth_capability(odp_auth_alg_t auth,
    	src = auth_capa_aes_gmac;
    	num = sizeof(auth_capa_aes_gmac) / size;
    	break;
+	case ODP_AUTH_ALG_AES_CCM:
+		src = auth_capa_aes_ccm;
+		num = sizeof(auth_capa_aes_ccm) / size;
+		break;
 #if _ODP_HAVE_CHACHA20_POLY1305
    case ODP_AUTH_ALG_CHACHA20_POLY1305:
    	src = auth_capa_chacha20_poly1305;
@@ -1093,6 +1261,20 @@ odp_crypto_session_create(odp_crypto_session_param_t *param,
    	else
    		rc = -1;
    	break;
+	case ODP_CIPHER_ALG_AES_CCM:
+		/* AES-CCM requires to do both auth and
+		 * cipher at the same time */
+		if (param->auth_alg != ODP_AUTH_ALG_AES_CCM)
+			rc = -1;
+		else if (param->cipher_key.length == 16)
+			rc = process_aes_ccm_param(session, EVP_aes_128_ccm());
+		else if (param->cipher_key.length == 24)
+			rc = process_aes_ccm_param(session, EVP_aes_192_ccm());
+		else if (param->cipher_key.length == 32)
+			rc = process_aes_ccm_param(session, EVP_aes_256_ccm());
+		else
+			rc = -1;
+		break;
 #if _ODP_HAVE_CHACHA20_POLY1305
    case ODP_CIPHER_ALG_CHACHA20_POLY1305:
    	/* ChaCha20_Poly1305 requires to do both auth and
@@ -1176,6 +1358,16 @@ odp_crypto_session_create(odp_crypto_session_param_t *param,
    	else
    		rc = -1;
    	break;
+	case ODP_AUTH_ALG_AES_CCM:
+		/* AES-CCM requires to do both auth and
+		 * cipher at the same time */
+		if (param->cipher_alg == ODP_CIPHER_ALG_AES_CCM) {
+			session->auth.func = null_crypto_routine;
+			rc = 0;
+		} else {
+			rc = -1;
+		}
+		break;
 #if _ODP_HAVE_CHACHA20_POLY1305
    case ODP_AUTH_ALG_CHACHA20_POLY1305:
    	/* ChaCha20_Poly1305 requires to do both auth and
commit c20e507662bb67ad47429ee3e9c1c4f8e61e7e57
Author: Dmitry Eremin-Solenikov dmitry.ereminsolenikov@linaro.org
Date:   Wed Jan 24 08:03:56 2018 +0300
linux-gen: crypto: support ChaCha20-Poly1305
OpenSSL >= 1.1.0 supports ChaCha20-Poly1305 AEAD cipher, so let's
    support it in linux-generic.
Signed-off-by: Dmitry Eremin-Solenikov dmitry.ereminsolenikov@linaro.org
    Reviewed-by: Bill Fischofer bill.fischofer@linaro.org
    Signed-off-by: Maxim Uvarov maxim.uvarov@linaro.org
diff --git a/platform/linux-generic/odp_crypto.c b/platform/linux-generic/odp_crypto.c
index b3df87e6..995e0921 100644
--- a/platform/linux-generic/odp_crypto.c
+++ b/platform/linux-generic/odp_crypto.c
@@ -27,6 +27,12 @@
 #include <openssl/hmac.h>
 #include <openssl/evp.h>
+#if (OPENSSL_VERSION_NUMBER >= 0x10100000L) && !defined(OPENSSL_NO_POLY1305)
+#define _ODP_HAVE_CHACHA20_POLY1305 1
+#else
+#define _ODP_HAVE_CHACHA20_POLY1305 0
+#endif
+
 #define MAX_SESSIONS 32
/*
@@ -55,6 +61,11 @@ static const odp_crypto_cipher_capability_t cipher_capa_aes_gcm[] = {
 {.key_len = 24, .iv_len = 12},
 {.key_len = 32, .iv_len = 12} };
+#if _ODP_HAVE_CHACHA20_POLY1305
+static const odp_crypto_cipher_capability_t cipher_capa_chacha20_poly1305[] = {
+{.key_len = 32, .iv_len = 12} };
+#endif
+
 /*
  * Authentication algorithm capabilities
  *
@@ -86,6 +97,11 @@ static const odp_crypto_auth_capability_t auth_capa_aes_gmac[] = {
 {.digest_len = 16, .key_len = 16, .aad_len = {.min = 0, .max = 0, .inc = 0},
    .iv_len = 12 } };
+#if _ODP_HAVE_CHACHA20_POLY1305
+static const odp_crypto_auth_capability_t auth_capa_chacha20_poly1305[] = {
+{.digest_len = 16, .key_len = 0, .aad_len = {.min = 8, .max = 12, .inc = 4} } };
+#endif
+
 /** Forward declaration of session structure */
 typedef struct odp_crypto_generic_session_t odp_crypto_generic_session_t;
@@ -838,6 +854,9 @@ int odp_crypto_capability(odp_crypto_capability_t *capa)
    capa->ciphers.bit.aes_cbc    = 1;
    capa->ciphers.bit.aes_ctr    = 1;
    capa->ciphers.bit.aes_gcm    = 1;
+#if _ODP_HAVE_CHACHA20_POLY1305
+	capa->ciphers.bit.chacha20_poly1305 = 1;
+#endif
capa->auths.bit.null         = 1;
    capa->auths.bit.md5_hmac     = 1;
@@ -846,6 +865,9 @@ int odp_crypto_capability(odp_crypto_capability_t *capa)
    capa->auths.bit.sha512_hmac  = 1;
    capa->auths.bit.aes_gcm      = 1;
    capa->auths.bit.aes_gmac     = 1;
+#if _ODP_HAVE_CHACHA20_POLY1305
+	capa->auths.bit.chacha20_poly1305 = 1;
+#endif
#if ODP_DEPRECATED_API
    capa->ciphers.bit.aes128_cbc = 1;
@@ -889,6 +911,12 @@ int odp_crypto_cipher_capability(odp_cipher_alg_t cipher,
    	src = cipher_capa_aes_gcm;
    	num = sizeof(cipher_capa_aes_gcm) / size;
    	break;
+#if _ODP_HAVE_CHACHA20_POLY1305
+	case ODP_CIPHER_ALG_CHACHA20_POLY1305:
+		src = cipher_capa_chacha20_poly1305;
+		num = sizeof(cipher_capa_chacha20_poly1305) / size;
+		break;
+#endif
    default:
    	return -1;
    }
@@ -937,6 +965,12 @@ int odp_crypto_auth_capability(odp_auth_alg_t auth,
    	src = auth_capa_aes_gmac;
    	num = sizeof(auth_capa_aes_gmac) / size;
    	break;
+#if _ODP_HAVE_CHACHA20_POLY1305
+	case ODP_AUTH_ALG_CHACHA20_POLY1305:
+		src = auth_capa_chacha20_poly1305;
+		num = sizeof(auth_capa_chacha20_poly1305) / size;
+		break;
+#endif
    default:
    	return -1;
    }
@@ -1059,6 +1093,17 @@ odp_crypto_session_create(odp_crypto_session_param_t *param,
    	else
    		rc = -1;
    	break;
+#if _ODP_HAVE_CHACHA20_POLY1305
+	case ODP_CIPHER_ALG_CHACHA20_POLY1305:
+		/* ChaCha20_Poly1305 requires to do both auth and
+		 * cipher at the same time */
+		if (param->auth_alg != ODP_AUTH_ALG_CHACHA20_POLY1305)
+			rc = -1;
+		else
+			rc = process_aes_gcm_param(session,
+						   EVP_chacha20_poly1305());
+		break;
+#endif
    default:
    	rc = -1;
    }
@@ -1131,6 +1176,19 @@ odp_crypto_session_create(odp_crypto_session_param_t *param,
    	else
    		rc = -1;
    	break;
+#if _ODP_HAVE_CHACHA20_POLY1305
+	case ODP_AUTH_ALG_CHACHA20_POLY1305:
+		/* ChaCha20_Poly1305 requires to do both auth and
+		 * cipher at the same time */
+		if (param->cipher_alg == ODP_CIPHER_ALG_CHACHA20_POLY1305) {
+			session->auth.func = null_crypto_routine;
+			session->auth.init = null_crypto_init_routine;
+			rc = 0;
+		} else {
+			rc = -1;
+		}
+		break;
+#endif
    default:
    	rc = -1;
    }
commit 601c8a1c38bd5a284c0df8d7bc88fa7445f42a99
Author: Dmitry Eremin-Solenikov dmitry.ereminsolenikov@linaro.org
Date:   Tue Jan 30 07:13:49 2018 +0300
linux-gen: crypto: drop stale enum
Drop crypto_kind_t, unused now.
Signed-off-by: Dmitry Eremin-Solenikov dmitry.ereminsolenikov@linaro.org
    Reviewed-by: Bill Fischofer bill.fischofer@linaro.org
    Signed-off-by: Maxim Uvarov maxim.uvarov@linaro.org
diff --git a/platform/linux-generic/odp_crypto.c b/platform/linux-generic/odp_crypto.c
index 4b2b884a..b3df87e6 100644
--- a/platform/linux-generic/odp_crypto.c
+++ b/platform/linux-generic/odp_crypto.c
@@ -159,8 +159,6 @@ typedef struct crypto_local_t {
static __thread crypto_local_t local;
-typedef enum { KIND_HMAC, KIND_CIPHER, KIND_MAC_CIPHER } crypto_kind_t;
-
 static inline void crypto_init(odp_crypto_generic_session_t *session)
 {
    if (local.ctx_valid[session->idx])
-----------------------------------------------------------------------
Summary of changes:
 include/odp/api/abi-default/packet.h               |  33 ++
 include/odp/api/spec/crypto.h                      |  19 +
 include/odp/api/spec/ipsec.h                       | 152 +++++--
 include/odp/api/spec/packet.h                      | 119 ++++++
 include/odp/api/spec/schedule.h                    |  28 ++
 .../linux-generic/include-abi/odp/api/abi/packet.h |  33 ++
 platform/linux-generic/include/odp_schedule_if.h   |   6 +
 platform/linux-generic/odp_crypto.c                | 449 +++++++++++++++++++--
 platform/linux-generic/odp_ipsec.c                 |   3 +-
 platform/linux-generic/odp_ipsec_sad.c             |  12 +
 platform/linux-generic/odp_schedule.c              |  14 +-
 platform/linux-generic/odp_schedule_if.c           |  11 +
 platform/linux-generic/odp_schedule_iquery.c       |  14 +-
 platform/linux-generic/odp_schedule_scalable.c     |  12 +
 platform/linux-generic/odp_schedule_sp.c           |  14 +-
 platform/linux-generic/pktio/socket_mmap.c         |  40 +-
 test/validation/api/crypto/odp_crypto_test_inp.c   |  34 +-
 test/validation/api/ipsec/ipsec.c                  |  14 +
 test/validation/api/ipsec/ipsec.h                  |   1 +
 test/validation/api/ipsec/ipsec_test_in.c          |  33 ++
 test/validation/api/ipsec/ipsec_test_out.c         |  48 ++-
 test/validation/api/ipsec/test_vectors.h           |  66 +++
 test/validation/api/pktio/pktio.c                  |  35 +-
 23 files changed, 1081 insertions(+), 109 deletions(-)
hooks/post-receive
-- 


    