api: crypto: split header files

Split crypto API into separate header files for functions and types. This enables inline implementation of API functions. Signed-off-by: Matias Elo <matias.elo@nokia.com> Reviewed-by: Tuomas Taipale <tuomas.taipale@nokia.com>
author: Matias Elo <matias.elo@nokia.com> 2022-10-28 17:32:56 +0300
committer: Petri Savolainen <petri.savolainen@nokia.com> 2022-12-29 14:55:25 +0200
commit: 648c27bfcfdf4c19e4418aedf75e803eb914bcfd (patch)
tree: ecbba3ab26824a47d2ed86c25f9c89ce5be28b8d
parent: ccb7b35bb75366968e316bbadd6a030a976e5b21 (diff)
19 files changed, 1263 insertions, 1101 deletions
diff --git a/include/Makefile.am b/include/Makefile.am
index 49ccf552e..7e9b8fedf 100644
--- a/include/Makefile.am
+++ b/include/Makefile.am
@@ -20,6 +20,7 @@ odpapiinclude_HEADERS = \
 	odp/api/cpu.h \
 	odp/api/cpumask.h \
 	odp/api/crypto.h \
+	odp/api/crypto_types.h \
 	odp/api/debug.h \
 	odp/api/deprecated.h \
 	odp/api/dma.h \
@@ -84,6 +85,7 @@ odpapispecinclude_HEADERS = \
 		  odp/api/spec/cpu.h \
 		  odp/api/spec/cpumask.h \
 		  odp/api/spec/crypto.h \
+		  odp/api/spec/crypto_types.h \
 		  odp/api/spec/debug.h \
 		  odp/api/spec/dma.h \
 		  odp/api/spec/dma_types.h \
@@ -150,6 +152,7 @@ odpapiabidefaultinclude_HEADERS = \
 	odp/api/abi-default/cpu.h \
 	odp/api/abi-default/cpumask.h \
 	odp/api/abi-default/crypto.h \
+	odp/api/abi-default/crypto_types.h \
 	odp/api/abi-default/debug.h \
 	odp/api/abi-default/dma_types.h \
 	odp/api/abi-default/errno.h \
@@ -208,6 +211,7 @@ odpapiabiarchinclude_HEADERS = \
 	odp/arch/arm32-linux/odp/api/abi/cpu.h \
 	odp/arch/arm32-linux/odp/api/abi/cpumask.h \
 	odp/arch/arm32-linux/odp/api/abi/crypto.h \
+	odp/arch/arm32-linux/odp/api/abi/crypto_types.h \
 	odp/arch/arm32-linux/odp/api/abi/debug.h \
 	odp/arch/arm32-linux/odp/api/abi/dma_types.h \
 	odp/arch/arm32-linux/odp/api/abi/errno.h \
@@ -262,6 +266,7 @@ odpapiabiarchinclude_HEADERS = \
 	odp/arch/arm64-linux/odp/api/abi/cpu.h \
 	odp/arch/arm64-linux/odp/api/abi/cpumask.h \
 	odp/arch/arm64-linux/odp/api/abi/crypto.h \
+	odp/arch/arm64-linux/odp/api/abi/crypto_types.h \
 	odp/arch/arm64-linux/odp/api/abi/debug.h \
 	odp/arch/arm64-linux/odp/api/abi/dma_types.h \
 	odp/arch/arm64-linux/odp/api/abi/errno.h \
@@ -316,6 +321,7 @@ odpapiabiarchinclude_HEADERS = \
 	odp/arch/default-linux/odp/api/abi/cpu.h \
 	odp/arch/default-linux/odp/api/abi/cpumask.h \
 	odp/arch/default-linux/odp/api/abi/crypto.h \
+	odp/arch/default-linux/odp/api/abi/crypto_types.h \
 	odp/arch/default-linux/odp/api/abi/debug.h \
 	odp/arch/default-linux/odp/api/abi/dma_types.h \
 	odp/arch/default-linux/odp/api/abi/errno.h \
@@ -370,6 +376,7 @@ odpapiabiarchinclude_HEADERS = \
 	odp/arch/power64-linux/odp/api/abi/cpu.h \
 	odp/arch/power64-linux/odp/api/abi/cpumask.h \
 	odp/arch/power64-linux/odp/api/abi/crypto.h \
+	odp/arch/power64-linux/odp/api/abi/crypto_types.h \
 	odp/arch/power64-linux/odp/api/abi/debug.h \
 	odp/arch/power64-linux/odp/api/abi/dma_types.h \
 	odp/arch/power64-linux/odp/api/abi/errno.h \
@@ -424,6 +431,7 @@ odpapiabiarchinclude_HEADERS = \
 	odp/arch/x86_32-linux/odp/api/abi/cpu.h \
 	odp/arch/x86_32-linux/odp/api/abi/cpumask.h \
 	odp/arch/x86_32-linux/odp/api/abi/crypto.h \
+	odp/arch/x86_32-linux/odp/api/abi/crypto_types.h \
 	odp/arch/x86_32-linux/odp/api/abi/debug.h \
 	odp/arch/x86_32-linux/odp/api/abi/dma_types.h \
 	odp/arch/x86_32-linux/odp/api/abi/errno.h \
@@ -478,6 +486,7 @@ odpapiabiarchinclude_HEADERS = \
 	odp/arch/x86_64-linux/odp/api/abi/cpu.h \
 	odp/arch/x86_64-linux/odp/api/abi/cpumask.h \
 	odp/arch/x86_64-linux/odp/api/abi/crypto.h \
+	odp/arch/x86_64-linux/odp/api/abi/crypto_types.h \
 	odp/arch/x86_64-linux/odp/api/abi/debug.h \
 	odp/arch/x86_64-linux/odp/api/abi/dma_types.h \
 	odp/arch/x86_64-linux/odp/api/abi/errno.h \
diff --git a/include/odp/api/abi-default/crypto.h b/include/odp/api/abi-default/crypto.h
index e7c0a651c..0e9e8506a 100644
--- a/include/odp/api/abi-default/crypto.h
+++ b/include/odp/api/abi-default/crypto.h
@@ -1,4 +1,5 @@
 /* Copyright (c) 2017-2018, Linaro Limited
+ * Copyright (c) 2022, Nokia
  * All rights reserved.
  *
  * SPDX-License-Identifier:     BSD-3-Clause
@@ -11,23 +12,7 @@
 extern "C" {
 #endif
 
-#include <stdint.h>
-
-/** @internal Dummy type for strong typing */
-typedef struct { char dummy; /**< @internal Dummy */ } _odp_abi_crypto_compl_t;
-
-/** @ingroup odp_crypto
- *  @{
- */
-
-#define ODP_CRYPTO_SESSION_INVALID (0xffffffffffffffffULL)
-
-typedef uint64_t  odp_crypto_session_t;
-typedef _odp_abi_crypto_compl_t *odp_crypto_compl_t;
-
-/**
- * @}
- */
+/* Empty header required due to the inline functions */
 
 #ifdef __cplusplus
 }
diff --git a/include/odp/api/abi-default/crypto_types.h b/include/odp/api/abi-default/crypto_types.h
new file mode 100644
index 000000000..cc9155bfa
--- /dev/null
+++ b/include/odp/api/abi-default/crypto_types.h
@@ -0,0 +1,37 @@
+/* Copyright (c) 2017-2018, Linaro Limited
+ * Copyright (c) 2022, Nokia
+ * All rights reserved.
+ *
+ * SPDX-License-Identifier:     BSD-3-Clause
+ */
+
+#ifndef ODP_ABI_CRYPTO_TYPES_H_
+#define ODP_ABI_CRYPTO_TYPES_H_
+
+#ifdef __cplusplus
+extern "C" {
+#endif
+
+#include <stdint.h>
+
+/** @internal Dummy type for strong typing */
+typedef struct { char dummy; /**< @internal Dummy */ } _odp_abi_crypto_compl_t;
+
+/** @ingroup odp_crypto
+ *  @{
+ */
+
+#define ODP_CRYPTO_SESSION_INVALID (0xffffffffffffffffULL)
+
+typedef uint64_t  odp_crypto_session_t;
+typedef _odp_abi_crypto_compl_t *odp_crypto_compl_t;
+
+/**
+ * @}
+ */
+
+#ifdef __cplusplus
+}
+#endif
+
+#endif
diff --git a/include/odp/api/crypto.h b/include/odp/api/crypto.h
index ec7c8370b..336304553 100644
--- a/include/odp/api/crypto.h
+++ b/include/odp/api/crypto.h
@@ -17,19 +17,7 @@
 extern "C" {
 #endif
 
-#include <odp/api/std_types.h>
-#include <odp/api/abi/packet_types.h>
 #include <odp/api/abi/crypto.h>
-#include <odp/api/abi/buffer.h>
-#include <odp/api/abi/queue_types.h>
-
-/** @ingroup odp_crypto
- *  @{
- */
-
-/**
- * @}
- */
 
 #include <odp/api/spec/crypto.h>
 
diff --git a/include/odp/api/crypto_types.h b/include/odp/api/crypto_types.h
new file mode 100644
index 000000000..225ff7df0
--- /dev/null
+++ b/include/odp/api/crypto_types.h
@@ -0,0 +1,28 @@
+/* Copyright (c) 2022, Nokia
+ * All rights reserved.
+ *
+ * SPDX-License-Identifier:     BSD-3-Clause
+ */
+
+/**
+ * @file
+ *
+ * ODP crypto
+ */
+
+#ifndef ODP_API_CRYPTO_TYPES_H_
+#define ODP_API_CRYPTO_TYPES_H_
+
+#ifdef __cplusplus
+extern "C" {
+#endif
+
+#include <odp/api/abi/crypto_types.h>
+
+#include <odp/api/spec/crypto_types.h>
+
+#ifdef __cplusplus
+}
+#endif
+
+#endif
diff --git a/include/odp/api/spec/crypto.h b/include/odp/api/spec/crypto.h
index a79a05ad3..2118cb589 100644
--- a/include/odp/api/spec/crypto.h
+++ b/include/odp/api/spec/crypto.h
@@ -15,9 +15,9 @@
 #define ODP_API_SPEC_CRYPTO_H_
 #include <odp/visibility_begin.h>
 
+#include <odp/api/crypto_types.h>
 #include <odp/api/deprecated.h>
 #include <odp/api/packet_types.h>
-#include <odp/api/pool_types.h>
 #include <odp/api/std_types.h>
 
 #ifdef __cplusplus
@@ -30,1062 +30,6 @@ extern "C" {
  */
 
 /**
- * @def ODP_CRYPTO_SESSION_INVALID
- * Invalid session handle
- */
-
-/**
- * @typedef odp_crypto_session_t
- * Crypto API opaque session handle
- */
-
-/**
- * @typedef odp_crypto_compl_t
-*  @deprecated Crypto API completion event (platform dependent).
-*/
-
-/**
- * Crypto API operation mode
- */
-typedef enum {
-	/** Synchronous, return results immediately */
-	ODP_CRYPTO_SYNC,
-	/** Asynchronous, return results via posted event */
-	ODP_CRYPTO_ASYNC,
-} odp_crypto_op_mode_t;
-
-/**
- * Crypto API operation type
- */
-typedef enum {
-	/** Encrypt and/or compute authentication ICV */
-	ODP_CRYPTO_OP_ENCODE,
-	/** Decrypt and/or verify authentication ICV */
-	ODP_CRYPTO_OP_DECODE,
-} odp_crypto_op_t;
-
-/**
- * Crypto API cipher algorithm
- */
-typedef enum {
-	/** No cipher algorithm specified */
-	ODP_CIPHER_ALG_NULL,
-
-	/** DES */
-	ODP_CIPHER_ALG_DES,
-
-	/** Triple DES with cipher block chaining */
-	ODP_CIPHER_ALG_3DES_CBC,
-
-	/** Triple DES with Electronic Codebook */
-	ODP_CIPHER_ALG_3DES_ECB,
-
-	/** AES with cipher block chaining */
-	ODP_CIPHER_ALG_AES_CBC,
-
-	/** AES with counter mode */
-	ODP_CIPHER_ALG_AES_CTR,
-
-	/** AES with electronic codebook */
-	ODP_CIPHER_ALG_AES_ECB,
-
-	/** AES with 128-bit cipher feedback */
-	ODP_CIPHER_ALG_AES_CFB128,
-
-	/** AES with XEX-based tweaked-codebook mode with ciphertext stealing
-	 * (XTS) */
-	ODP_CIPHER_ALG_AES_XTS,
-
-	/** AES-GCM
-	 *
-	 *  AES in Galois/Counter Mode (GCM) algorithm. GCM provides both
-	 *  authentication and ciphering of data (authenticated encryption)
-	 *  in the same operation. Hence this algorithm must be paired always
-	 *  with ODP_AUTH_ALG_AES_GCM authentication.
-	 */
-	ODP_CIPHER_ALG_AES_GCM,
-
-	/** AES-CCM
-	 *
-	 *  AES in Counter with CBC-MAC (CCM) mode algorithm. CCM provides both
-	 *  authentication and ciphering of data (authenticated encryption)
-	 *  in the same operation. Hence this algorithm must be paired always
-	 *  with ODP_AUTH_ALG_AES_CCM authentication.
-	 */
-	ODP_CIPHER_ALG_AES_CCM,
-
-	/** ChaCha20-Poly1305
-	 *
-	 *  ChaCha20 with Poly1305 provide both authentication and ciphering of
-	 *  data (authenticated encryption) in the same operation. Hence this
-	 *  algorithm must be paired always with ODP_AUTH_ALG_CHACHA20_POLY1305
-	 *  authentication.
-	 */
-	ODP_CIPHER_ALG_CHACHA20_POLY1305,
-
-	/** Confidentiality F8 algorithm (UEA1)
-	 *
-	 *  KASUMI-based F8 algorithm (also known as UEA1).
-	 *
-	 *  IV should be formatted according to the 3GPP TS 35.201:
-	 *  COUNT || BEARER || DIRECTION || 0...0
-	 */
-	ODP_CIPHER_ALG_KASUMI_F8,
-
-	/** Confidentiality UEA2 algorithm (128-EEA1)
-	 *
-	 *  SNOW 3G-based UEA2 algorithm (also known as 128-EEA1).
-	 *
-	 *  IV (128 bit) should be formatted according to the ETSI/SAGE
-	 *  UEA2 & UIA2 specification:
-	 *  COUNT || BEARER || DIRECTION || 0...0 ||
-	 *  COUNT || BEARER || DIRECTION || 0...0 ||
-	 */
-	ODP_CIPHER_ALG_SNOW3G_UEA2,
-
-	/** Confidentiality 128-EEA2 algorithm
-	 *
-	 *  AES-CTR-based 128-EEA2 algorithm.
-	 *
-	 *  IV (128 bit) should be formatted according to the ETSI/SAGE
-	 *  128-EA2 & 128-EIA2 specification:
-	 *  COUNT || BEARER ||
-	 *  DIRECTION || 0....0
-	 */
-	ODP_CIPHER_ALG_AES_EEA2,
-
-	/** ZUC based confidentiality algorithm
-	 *
-	 *  128-EEA3/128-NEA3 algorithm when key length is 128 bits.
-	 *
-	 *  IV (128 bit) should be formatted according to the ETSI/SAGE
-	 *  128-EEA3 & 128-EIA3 specification:
-	 *  COUNT || BEARER || DIRECTION || 0...0 ||
-	 *  COUNT || BEARER || DIRECTION || 0...0 ||
-	 *
-	 *  256-bit key length support is experimental and subject to
-	 *  change. The following variants may be supported:
-	 *
-	 *  - ZUC-256 with 25 byte IV (of which 184 bits are variable)
-	 *    as specified in "The ZUC-256 Stream Cipher".
-	 *  - ZUC-256 with 16 byte IV as specified in
-	 *        "An Addendum to the ZUC-256 Stream Cipher",
-	 *        https://eprint.iacr.org/2021/1439
-	 */
-	ODP_CIPHER_ALG_ZUC_EEA3,
-
-} odp_cipher_alg_t;
-
-/**
- * Crypto API authentication algorithm
- */
-typedef enum {
-	 /** No authentication algorithm specified */
-	ODP_AUTH_ALG_NULL,
-
-	/** HMAC-MD5
-	 *
-	 * MD5 algorithm in HMAC mode
-	 */
-	ODP_AUTH_ALG_MD5_HMAC,
-
-	/** HMAC-SHA-1
-	 *
-	 *  SHA-1 algorithm in HMAC mode
-	 */
-	ODP_AUTH_ALG_SHA1_HMAC,
-
-	/** HMAC-SHA-224
-	 *
-	 *  SHA-224 algorithm in HMAC mode
-	 */
-	ODP_AUTH_ALG_SHA224_HMAC,
-
-	/** HMAC-SHA-256
-	 *
-	 *  SHA-256 algorithm in HMAC mode
-	 */
-	ODP_AUTH_ALG_SHA256_HMAC,
-
-	 /** HMAC-SHA-384
-	 *
-	 *  SHA-384 algorithm in HMAC mode
-	 */
-	ODP_AUTH_ALG_SHA384_HMAC,
-
-	/** HMAC-SHA-512
-	 *
-	 *  SHA-512 algorithm in HMAC mode
-	 */
-	ODP_AUTH_ALG_SHA512_HMAC,
-
-	/** AES-GCM
-	 *
-	 *  AES in Galois/Counter Mode (GCM) algorithm. GCM provides both
-	 *  authentication and ciphering of data (authenticated encryption)
-	 *  in the same operation. Hence this algorithm must be paired always
-	 *  with ODP_CIPHER_ALG_AES_GCM cipher.
-	 */
-	ODP_AUTH_ALG_AES_GCM,
-
-	/** AES-GMAC
-	 *
-	 *  AES Galois Message Authentication Code (GMAC) algorithm. AES-GMAC
-	 *  is based on AES-GCM operation, but provides authentication only.
-	 *  Hence this algorithm can be paired only with ODP_CIPHER_ALG_NULL
-	 *  cipher.
-	 *
-	 *  NIST and RFC specifications of GMAC refer to all data to be
-	 *  authenticated as AAD. In ODP the data to be authenticated, i.e.
-	 *  AAD, is ODP packet data and specified using the auth_range
-	 *  parameter. The aad_length and aad_ptr parameters, which would
-	 *  require the data to be contiguous in memory, are ignored with
-	 *  AES-GMAC.
-	 *
-	 *  GMAC needs an initialization vector, which can be passed via
-	 *  session (auth_iv) or packet (auth_iv_ptr) level parameters.
-	 */
-	ODP_AUTH_ALG_AES_GMAC,
-
-	/** AES-CCM
-	 *
-	 *  AES in Counter with CBC-MAC (CCM) mode algorithm. CCM provides both
-	 *  authentication and ciphering of data (authenticated encryption)
-	 *  in the same operation. Hence this algorithm must be paired always
-	 *  with ODP_CIPHER_ALG_AES_CCM cipher.
-	 */
-	ODP_AUTH_ALG_AES_CCM,
-
-	/** AES-CMAC
-	 *
-	 *  AES Cipher-based Message Authentication Code (CMAC) algorithm. CMAC
-	 *  is a keyed hash function that is based on a symmetric key block
-	 *  cipher, such as the AES.
-	 */
-	ODP_AUTH_ALG_AES_CMAC,
-
-	/** AES-XCBC-MAC
-	 *
-	 *  AES CBC MAC for arbitrary-length messages (XCBC-MAC).
-	 *
-	 */
-	ODP_AUTH_ALG_AES_XCBC_MAC,
-
-	/** ChaCha20-Poly1305 AEAD
-	 *
-	 *  ChaCha20 with Poly1305 provide both authentication and ciphering of
-	 *  data (authenticated encryption) in the same operation. Hence this
-	 *  algorithm must be paired always with
-	 *  ODP_CIPHER_ALG_CHACHA20_POLY1305 cipher.
-	 */
-	ODP_AUTH_ALG_CHACHA20_POLY1305,
-
-	/** Integrity F9 algorithm (UIA1)
-	 *
-	 *  KASUMI-based F9 algorithm (also known as UIA1).
-	 *
-	 *  IV (9 bytes) is a concatenation of COUNT (32b), FRESH (32b) and
-	 *  DIRECTION (LSB-aligned, 1b).
-	 *  IV (8 bytes) is a concatenation of COUNT (32b) and FRESH (32b)
-	 *  DIRECTION (1b) and padding should come at the end of message.
-	 */
-	ODP_AUTH_ALG_KASUMI_F9,
-
-	/** Integrity UIA2 algorithm (128-EIA1)
-	 *
-	 *  SNOW 3G-based UIA2 algorithm (also known as 128-EIA1).
-	 *  IV (128 bit) should be formatted according to the ETSI/SAGE
-	 *  UEA2 & UIA2 specification:
-	 *  COUNT || FRESH ||
-	 *  DIRECTION XOR COUNT0 || COUNT1 .. COUNT31 ||
-	 *  FRESH0 .. FRESH15 || FRESH16 XOR DIRECTION || FRESH17 .. FRESH31
-	 */
-	ODP_AUTH_ALG_SNOW3G_UIA2,
-
-	/** Integrity 128-EIA2 algorithm
-	 *
-	 *  AES_CMAC-based 128-EIA2 algorithm.
-	 *
-	 *  IV (128 bit) should be formatted according to the ETSI/SAGE
-	 *  128-EA2 & 128-EIA2 specification:
-	 *  COUNT || BEARER ||
-	 *  DIRECTION || 0....0
-	 */
-	ODP_AUTH_ALG_AES_EIA2,
-
-	/** ZUC-based integrity algorithm.
-	 *
-	 *  128-EIA3/128-NIA3 algorithm when key length is 128 bits.
-	 *
-	 *  IV (128 bit) should be formatted according to the ETSI/SAGE
-	 *  128-EA3 & 128-EIA2 specification:
-	 *  COUNT || BEARER ||
-	 *  DIRECTION XOR COUNT0 || COUNT1 .. COUNT31 ||
-	 *  BEARER || 0...0 || DIRECTION || 0...0
-	 *
-	 *  256-bit key length support is experimental and subject to
-	 *  change. The following variants may be supported:
-	 *
-	 *  - ZUC-256 with 25 byte IV (of which 184 bits are variable) and
-	 *    32/64/128 bit MAC as specified in "The ZUC-256 Stream Cipher".
-	 *  - ZUC-256 with 16 byte IV and 32/64/128 bit MAC as specified in
-	 *        "An Addendum to the ZUC-256 Stream Cipher",
-	 *        https://eprint.iacr.org/2021/1439
-	 */
-	ODP_AUTH_ALG_ZUC_EIA3,
-
-	/** MD5 algorithm */
-	ODP_AUTH_ALG_MD5,
-
-	/** SHA1 algorithm */
-	ODP_AUTH_ALG_SHA1,
-
-	/** 224 bit SHA2 algorithm */
-	ODP_AUTH_ALG_SHA224,
-
-	/** 256 bit SHA2 algorithm */
-	ODP_AUTH_ALG_SHA256,
-
-	/** 384 bit SHA2 algorithm */
-	ODP_AUTH_ALG_SHA384,
-
-	/** 512 bit SHA2 algorithm */
-	ODP_AUTH_ALG_SHA512,
-
-} odp_auth_alg_t;
-
-/**
- * Cipher algorithms in a bit field structure
- */
-typedef union odp_crypto_cipher_algos_t {
-	/** Cipher algorithms */
-	struct {
-		/** ODP_CIPHER_ALG_NULL */
-		uint32_t null        : 1;
-
-		/** ODP_CIPHER_ALG_DES */
-		uint32_t des         : 1;
-
-		/** ODP_CIPHER_ALG_3DES_CBC */
-		uint32_t trides_cbc  : 1;
-
-		/** ODP_CIPHER_ALG_3DES_ECB */
-		uint32_t trides_ecb : 1;
-
-		/** ODP_CIPHER_ALG_AES_CBC */
-		uint32_t aes_cbc     : 1;
-
-		/** ODP_CIPHER_ALG_AES_CTR */
-		uint32_t aes_ctr     : 1;
-
-		/** ODP_CIPHER_ALG_AES_ECB */
-		uint32_t aes_ecb     : 1;
-
-		/** ODP_CIPHER_ALG_AES_CFB128 */
-		uint32_t aes_cfb128  : 1;
-
-		/** ODP_CIPHER_ALG_AES_XTS */
-		uint32_t aes_xts     : 1;
-
-		/** ODP_CIPHER_ALG_AES_GCM */
-		uint32_t aes_gcm     : 1;
-
-		/** ODP_CIPHER_ALG_AES_CCM */
-		uint32_t aes_ccm     : 1;
-
-		/** ODP_CIPHER_ALG_CHACHA20_POLY1305 */
-		uint32_t chacha20_poly1305 : 1;
-
-		/** ODP_CIPHER_ALG_KASUMI_F8 */
-		uint32_t kasumi_f8   : 1;
-
-		/** ODP_CIPHER_ALG_SNOW3G_UEA2 */
-		uint32_t snow3g_uea2 : 1;
-
-		/** ODP_CIPHER_ALG_AES_EEA2 */
-		uint32_t aes_eea2 : 1;
-
-		/** ODP_CIPHER_ALG_ZUC_EEA3 */
-		uint32_t zuc_eea3    : 1;
-
-	} bit;
-
-	/** All bits of the bit field structure
-	  *
-	  * This field can be used to set/clear all flags, or bitwise
-	  * operations over the entire structure. */
-	uint32_t all_bits;
-} odp_crypto_cipher_algos_t;
-
-/**
- * Authentication algorithms in a bit field structure
- */
-typedef union odp_crypto_auth_algos_t {
-	/** Authentication algorithms */
-	struct {
-		/** ODP_AUTH_ALG_NULL */
-		uint32_t null        : 1;
-
-		/** ODP_AUTH_ALG_MD5_HMAC */
-		uint32_t md5_hmac    : 1;
-
-		/** ODP_AUTH_ALG_SHA1_HMAC */
-		uint32_t sha1_hmac : 1;
-
-		/** ODP_AUTH_ALG_SHA224_HMAC */
-		uint32_t sha224_hmac : 1;
-
-		/** ODP_AUTH_ALG_SHA256_HMAC */
-		uint32_t sha256_hmac : 1;
-
-		/** ODP_AUTH_ALG_SHA384_HMAC */
-		uint32_t sha384_hmac : 1;
-
-		/** ODP_AUTH_ALG_SHA512_HMAC */
-		uint32_t sha512_hmac : 1;
-
-		/** ODP_AUTH_ALG_AES_GCM */
-		uint32_t aes_gcm     : 1;
-
-		/** ODP_AUTH_ALG_AES_GMAC*/
-		uint32_t aes_gmac    : 1;
-
-		/** ODP_AUTH_ALG_AES_CCM */
-		uint32_t aes_ccm     : 1;
-
-		/** ODP_AUTH_ALG_AES_CMAC*/
-		uint32_t aes_cmac    : 1;
-
-		/** ODP_AUTH_ALG_AES_XCBC_MAC*/
-		uint32_t aes_xcbc_mac    : 1;
-
-		/** ODP_AUTH_ALG_CHACHA20_POLY1305 */
-		uint32_t chacha20_poly1305 : 1;
-
-		/** ODP_AUTH_ALG_KASUMI_F9 */
-		uint32_t kasumi_f9   : 1;
-
-		/** ODP_AUTH_ALG_SNOW3G_UIA2 */
-		uint32_t snow3g_uia2 : 1;
-
-		/** ODP_AUTH_ALG_AES_EIA2 */
-		uint32_t aes_eia2 : 1;
-
-		/** ODP_AUTH_ALG_ZUC_EIA3 */
-		uint32_t zuc_eia3    : 1;
-
-		/** ODP_AUTH_ALG_MD5 */
-		uint32_t md5 : 1;
-
-		/** ODP_AUTH_ALG_SHA1 */
-		uint32_t sha1 : 1;
-
-		/** ODP_AUTH_ALG_SHA224 */
-		uint32_t sha224 : 1;
-
-		/** ODP_AUTH_ALG_SHA256 */
-		uint32_t sha256 : 1;
-
-		/** ODP_AUTH_ALG_SHA384 */
-		uint32_t sha384 : 1;
-
-		/** ODP_AUTH_ALG_SHA512 */
-		uint32_t sha512 : 1;
-
-	} bit;
-
-	/** All bits of the bit field structure
-	  *
-	  * This field can be used to set/clear all flags, or bitwise
-	  * operations over the entire structure. */
-	uint32_t all_bits;
-} odp_crypto_auth_algos_t;
-
-/**
- * Crypto API key structure
- */
-typedef struct odp_crypto_key {
-	/** Key data */
-	uint8_t *data;
-
-	/** Key length in bytes */
-	uint32_t length;
-
-} odp_crypto_key_t;
-
-/**
- * Crypto API IV structure
- *
- * @deprecated Use per-packet IV in crypto operation parameters
- */
-typedef struct odp_crypto_iv {
-	/** IV data
-	 *
-	 *  Ignored when length is zero. Null value indicates that an
-	 *  IV will be provided for each packet through the crypto
-	 *  operation parameters. In that case the per-operation
-	 *  IV parameter must always point to a valid IV.
-	 *
-	 *  Default value is NULL.
-	 */
-	uint8_t *data;
-
-	/** IV length in bytes. Default value is zero. */
-	uint32_t length;
-
-} ODP_DEPRECATE(odp_crypto_iv_t);
-
-/**
- * Crypto API session creation parameters
- */
-typedef struct odp_crypto_session_param_t {
-	/** Encode vs. decode operation
-	 *
-	 *  The default value is ODP_CRYPTO_OP_ENCODE.
-	 */
-	odp_crypto_op_t op;
-
-	/** Authenticate cipher vs. plain text
-	 *
-	 *  Controls ordering of authentication and cipher operations,
-	 *  and is relative to the operation (encode vs decode). When encoding,
-	 *  TRUE indicates the authentication operation should be performed
-	 *  after the cipher operation else before. When decoding, TRUE
-	 *  indicates the reverse order of operation.
-	 *
-	 *  The value is ignored with authenticated encryption algorithms
-	 *  such as AES-GCM.
-	 *
-	 *  true:  Authenticate cipher text
-	 *  false: Authenticate plain text
-	 *
-	 *  The default value is false.
-	 */
-	odp_bool_t auth_cipher_text;
-
-	/** Hash result location may overlap authentication range
-	 *
-	 *  This flag indicates that the hash result location may (but is
-	 *  not required to) overlap authentication range. Setting this
-	 *  flag may reduce performance.
-	 *
-	 *  Default value is false.
-	 */
-	odp_bool_t hash_result_in_auth_range;
-
-	/** Preferred sync vs. async for odp_crypto_operation()
-	 *
-	 *  The default value is ODP_CRYPTO_SYNC.
-	 *
-	 *  @deprecated Used only with deprecated odp_crypto_operation()
-	 */
-	odp_crypto_op_mode_t ODP_DEPRECATE(pref_mode);
-
-	/** Operation mode when using packet interface: sync or async
-	 *
-	 *  The default value is ODP_CRYPTO_SYNC.
-	 */
-	odp_crypto_op_mode_t op_mode;
-
-	/** Cipher algorithm
-	 *
-	 *  Select cipher algorithm to be used. ODP_CIPHER_ALG_NULL indicates
-	 *  that ciphering is disabled. Use odp_crypto_capability() for
-	 *  supported algorithms. Note that some algorithms restrict choice of
-	 *  the pairing authentication algorithm. When ciphering is enabled
-	 *  cipher key and IV need to be set. The default value is
-	 *  ODP_CIPHER_ALG_NULL.
-	 */
-	odp_cipher_alg_t cipher_alg;
-
-	/** Cipher key
-	 *
-	 * Use odp_crypto_cipher_capa() for supported key and IV lengths.
-	 */
-	odp_crypto_key_t cipher_key;
-
-	/** Cipher Initialization Vector (IV)
-	 *
-	 *  Unless using the deprecated API, this specifies the length of
-	 *  the IV only. The actual IV must then be provided in per-packet
-	 *  parameters of crypto operations.
-	 */
-	union {
-#if ODP_DEPRECATED_API
-		/** @deprecated Cipher IV */
-		odp_crypto_iv_t ODP_DEPRECATE(cipher_iv);
-#endif
-		/** Cipher IV length */
-		struct {
-#if ODP_DEPRECATED_API
-			/** @cond
-			 *  Unused padding field
-			 */
-			uint8_t *dummy_padding_0;
-			/** @endcond */
-#endif
-			/** Length of cipher initialization vector.
-			 *  Default value is zero.
-			 */
-			uint32_t cipher_iv_len;
-		};
-	};
-
-	/** Authentication algorithm
-	 *
-	 *  Select authentication algorithm to be used. ODP_AUTH_ALG_NULL
-	 *  indicates that authentication is disabled. Use
-	 *  odp_crypto_capability() for supported algorithms. Note that some
-	 *  algorithms restrict choice of the pairing cipher algorithm. When
-	 *  single algorithm provides both ciphering and authentication
-	 *  (i.e. Authenticated Encryption), authentication side key
-	 *  (auth_key) and IV (auth_iv) are ignored, and cipher side values are
-	 *  used instead. These algorithms ignore authentication side key
-	 *  and IV: ODP_AUTH_ALG_AES_GCM, ODP_AUTH_ALG_AES_CCM and
-	 *  ODP_AUTH_ALG_CHACHA20_POLY1305. Otherwise, all authentication side
-	 *  parameters must be set when authentication is enabled. The default
-	 *  value is ODP_AUTH_ALG_NULL.
-	 */
-	odp_auth_alg_t auth_alg;
-
-	/** Authentication key
-	 *
-	 *  Use odp_crypto_auth_capability() for supported key lengths.
-	 */
-	odp_crypto_key_t auth_key;
-
-	/** Authentication Initialization Vector (IV)
-	 *
-	 *  Unless using the deprecated API, this specifies the length of
-	 *  the IV only. The actual IV must then be provided in per-packet
-	 *  parameters of crypto operations.
-	 */
-	union {
-#if ODP_DEPRECATED_API
-		/** @deprecated Authentication IV */
-		odp_crypto_iv_t ODP_DEPRECATE(auth_iv);
-#endif
-		/** Authentication IV length */
-		struct {
-#if ODP_DEPRECATED_API
-			/** @cond
-			 *  Unused padding field
-			 */
-			uint8_t *dummy_padding_1;
-			/** @endcond */
-#endif
-			/** Length of authentication initialization vector.
-			 *  Default value is zero.
-			 */
-			uint32_t auth_iv_len;
-		};
-	};
-
-	/** Authentication digest length in bytes
-	 *
-	 *  Use odp_crypto_auth_capability() for supported digest lengths.
-	 */
-	uint32_t auth_digest_len;
-
-	/** Additional Authenticated Data (AAD) length in bytes
-	 *
-	 *  AAD length is constant for all operations (packets) of the session.
-	 *  Set to zero when AAD is not used. Use odp_crypto_auth_capability()
-	 *  for supported AAD lengths. The default value is zero.
-	 */
-	uint32_t auth_aad_len;
-
-	/** Async mode completion event queue
-	 *
-	 *  The completion queue is used to return completions from
-	 *  odp_crypto_op_enq() (and the deprecated odp_crypto_operation())
-	 *  to the application.
-	 */
-	odp_queue_t compl_queue;
-
-	/** Output pool
-	 *
-	 *  When the output packet is not specified during the call to
-	 *  crypto operation, the output packet will be allocated
-	 *  from this pool.
-	 */
-	odp_pool_t output_pool;
-
-} odp_crypto_session_param_t;
-
-/**
- * Crypto API per packet operation parameters
- *
- * @deprecated Use odp_crypto_packet_op_param_t instead.
- */
-typedef struct odp_crypto_op_param_t {
-	/** Session handle from creation */
-	odp_crypto_session_t session;
-
-	/** User context */
-	void *ctx;
-
-	/** Input packet
-	 *
-	 *  Specifies the input packet for the crypto operation. When the
-	 *  'out_pkt' variable is set to ODP_PACKET_INVALID (indicating a new
-	 *  packet should be allocated for the resulting packet).
-	 */
-	odp_packet_t pkt;
-
-	/** Output packet
-	 *
-	 *  Both "in place" (the original packet 'pkt' is modified) and
-	 *  "copy" (the packet is replicated to a new packet which contains
-	 *  the modified data) modes are supported. The "in place" mode of
-	 *  operation is indicated by setting 'out_pkt' equal to 'pkt'.
-	 *  For the copy mode of operation, setting 'out_pkt' to a valid packet
-	 *  value indicates the caller wishes to specify the destination packet.
-	 *  Setting 'out_pkt' to ODP_PACKET_INVALID indicates the caller wishes
-	 *  the destination packet be allocated from the output pool specified
-	 *  during session creation.
-	 */
-	odp_packet_t out_pkt;
-
-	/** IV pointer for cipher */
-	uint8_t *cipher_iv_ptr;
-
-	/** Authentication IV pointer */
-	uint8_t *auth_iv_ptr;
-
-	/** Offset from start of packet for hash result
-	 *
-	 *  In case of decode sessions, the expected hash will be read from
-	 *  this offset and compared with the calculated hash. After the
-	 *  operation the hash bytes will have undefined values.
-	 *
-	 *  In case of encode sessions the calculated hash will be stored in
-	 *  this offset.
-	 *
-	 *  If the hash_result_in_auth_range session parameter is true,
-	 *  the hash result location may overlap auth_range. In that case
-	 *  the result location will be zeroed in decode sessions before
-	 *  hash calculation. Zeroing is not done in encode sessions.
-	 */
-	uint32_t hash_result_offset;
-
-	/** Pointer to AAD. AAD length is defined by 'auth_aad_len'
-	 *  session parameter.
-	 */
-	uint8_t *aad_ptr;
-
-	/** Data range to be ciphered */
-	odp_packet_data_range_t cipher_range;
-
-	/** Data range to be authenticated
-	 *
-	 *  The value is ignored with authenticated encryption algorithms,
-	 *  such as AES-GCM, which authenticate data in the cipher range
-	 *  and the AAD.
-	 *
-	 *  As a special case AES-GMAC uses this field instead of aad_ptr
-	 *  for the data bytes to be authenticated.
-	 */
-	odp_packet_data_range_t auth_range;
-
-} ODP_DEPRECATE(odp_crypto_op_param_t);
-
-/**
- * Crypto packet API per packet operation parameters
- */
-typedef struct odp_crypto_packet_op_param_t {
-	/** Session handle from creation */
-	odp_crypto_session_t session;
-
-	/** IV pointer for cipher */
-	uint8_t *cipher_iv_ptr;
-
-	/** IV pointer for authentication */
-	uint8_t *auth_iv_ptr;
-
-	/** Offset from start of packet for hash result
-	 *
-	 *  In case of decode sessions, the expected hash will be read from
-	 *  this offset and compared with the calculated hash. After the
-	 *  operation the hash bytes will have undefined values.
-	 *
-	 *  In case of encode sessions the calculated hash will be stored in
-	 *  this offset.
-	 *
-	 *  If the hash_result_in_auth_range session parameter is true,
-	 *  the hash result location may overlap auth_range. In that case the
-	 *  result location will be zeroed in decode sessions before hash
-	 *  calculation. Zeroing is not done in encode sessions.
-	 */
-	uint32_t hash_result_offset;
-
-	/** Pointer to AAD. AAD length is defined by 'auth_aad_len'
-	 *  session parameter.
-	 */
-	uint8_t *aad_ptr;
-
-	/** Data range to apply cipher */
-	odp_packet_data_range_t cipher_range;
-
-	/** Data range to authenticate */
-	odp_packet_data_range_t auth_range;
-
-} odp_crypto_packet_op_param_t;
-
-/**
- * Crypto API session creation return code
- */
-typedef enum {
-	/** Session created */
-	ODP_CRYPTO_SES_ERR_NONE,
-	/** Creation failed, no resources */
-	ODP_CRYPTO_SES_ERR_ENOMEM,
-	/** Creation failed, bad cipher params */
-	ODP_CRYPTO_SES_ERR_CIPHER,
-	/** Creation failed, bad auth params */
-	ODP_CRYPTO_SES_ERR_AUTH,
-
-	/** Unsupported combination of algorithms
-	 *
-	 *  The combination of cipher and auth algorithms with their
-	 *  specific parameters is not supported even if the algorithms
-	 *  appear in capabilities and are supported in combination with
-	 *  other algorithms or other algorithm specific parameters.
-	 */
-	ODP_CRYPTO_SES_ERR_ALG_COMBO,
-
-	/** Unsupported order of cipher and auth
-	 *
-	 *  The requested mutual order of ciphering and authentication
-	 *  is not supported with the chosen individual cipher and
-	 *  authentication algorithms.
-	 */
-	ODP_CRYPTO_SES_ERR_ALG_ORDER,
-
-	/** Unsupported combination of session creation parameters
-	 *
-	 *  The combination of provided session creation parameters is not
-	 *  supported. This error can occur when there are limitations that
-	 *  are not expressible through crypto capabilities or other error
-	 *  status values.
-	 */
-	ODP_CRYPTO_SES_ERR_PARAMS,
-} odp_crypto_ses_create_err_t;
-
-/** This synonym for backward compatibility will be deprecated later */
-#define ODP_CRYPTO_SES_CREATE_ERR_NONE       ODP_CRYPTO_SES_ERR_NONE
-/** This synonym for backward compatibility will be deprecated later */
-#define ODP_CRYPTO_SES_CREATE_ERR_ENOMEM     ODP_CRYPTO_SES_ERR_ENOMEM
-/** This synonym for backward compatibility will be deprecated later */
-#define ODP_CRYPTO_SES_CREATE_ERR_INV_CIPHER ODP_CRYPTO_SES_ERR_CIPHER
-/** This synonym for backward compatibility will be deprecated later */
-#define ODP_CRYPTO_SES_CREATE_ERR_INV_AUTH   ODP_CRYPTO_SES_ERR_AUTH
-
-/**
- * Crypto API algorithm return code
- */
-typedef enum {
-	/** Algorithm successful */
-	ODP_CRYPTO_ALG_ERR_NONE,
-	/** Invalid data block size */
-	ODP_CRYPTO_ALG_ERR_DATA_SIZE,
-	/** Key size invalid for algorithm */
-	ODP_CRYPTO_ALG_ERR_KEY_SIZE,
-	/** Computed ICV value mismatch */
-	ODP_CRYPTO_ALG_ERR_ICV_CHECK,
-	/** IV value not specified */
-	ODP_CRYPTO_ALG_ERR_IV_INVALID,
-} odp_crypto_alg_err_t;
-
-/**
- * Crypto API hardware centric return code
- */
-typedef enum {
-	/** Operation completed successfully */
-	ODP_CRYPTO_HW_ERR_NONE,
-	/** Error detected during DMA of data */
-	ODP_CRYPTO_HW_ERR_DMA,
-	/** Operation failed due to pool depletion */
-	ODP_CRYPTO_HW_ERR_BP_DEPLETED,
-} odp_crypto_hw_err_t;
-
-/**
- * Cryto API per packet operation completion status
- */
-typedef struct odp_crypto_op_status {
-	/** Algorithm specific return code */
-	odp_crypto_alg_err_t alg_err;
-
-	/** Hardware specific return code */
-	odp_crypto_hw_err_t  hw_err;
-
-} odp_crypto_op_status_t;
-
-/**
- * Crypto API operation result
- *
- * @deprecated Use odp_crypto_packet_result_t instead.
- */
-typedef struct odp_crypto_op_result {
-	/** Request completed successfully */
-	odp_bool_t  ok;
-
-	/** User context from request */
-	void *ctx;
-
-	/** Output packet */
-	odp_packet_t pkt;
-
-	/** Cipher status */
-	odp_crypto_op_status_t cipher_status;
-
-	/** Authentication status */
-	odp_crypto_op_status_t auth_status;
-
-} ODP_DEPRECATE(odp_crypto_op_result_t);
-
-/**
- * Crypto packet API operation result
- */
-typedef struct odp_crypto_packet_result_t {
-	/** Request completed successfully */
-	odp_bool_t  ok;
-
-	/** Cipher status */
-	odp_crypto_op_status_t cipher_status;
-
-	/** Authentication status */
-	odp_crypto_op_status_t auth_status;
-
-} odp_crypto_packet_result_t;
-
-/**
- * Crypto capabilities
- */
-typedef struct odp_crypto_capability_t {
-	/** Maximum number of crypto sessions */
-	uint32_t max_sessions;
-
-	/** Supported packet operation in SYNC mode */
-	odp_support_t sync_mode;
-
-	/** Supported packet operation in ASYNC mode */
-	odp_support_t async_mode;
-
-	/** Supported cipher algorithms */
-	odp_crypto_cipher_algos_t ciphers;
-
-	/** Cipher algorithms implemented with HW offload */
-	odp_crypto_cipher_algos_t hw_ciphers;
-
-	/** Supported authentication algorithms */
-	odp_crypto_auth_algos_t   auths;
-
-	/** Authentication algorithms implemented with HW offload */
-	odp_crypto_auth_algos_t   hw_auths;
-
-	/**
-	 * Scheduled crypto completion queue support
-	 *
-	 * This defines whether scheduled queues are supported as crypto
-	 * compl_queue.
-	 * 0: Scheduled queues are not supported as crypto completion queues
-	 * 1: Scheduled queues are supported as crypto completion queues
-	 * @see odp_crypto_session_param_t
-	 */
-	odp_bool_t queue_type_sched;
-
-	/**
-	 * Plain crypto completion queue support
-	 *
-	 * This defines whether plain queues are supported as crypto
-	 * compl_queue.
-	 * 0: Plain queues are not supported as crypto completion queues
-	 * 1: Plain queues are supported as crypto completion queues
-	 * @see odp_crypto_session_param_t
-	 */
-	odp_bool_t queue_type_plain;
-} odp_crypto_capability_t;
-
-/**
- * Cipher algorithm capabilities
- */
-typedef struct odp_crypto_cipher_capability_t {
-	/** Key length in bytes */
-	uint32_t key_len;
-
-	/** IV length in bytes */
-	uint32_t iv_len;
-
-	/** Cipher is operating in bitwise mode
-	 *
-	 * This cipher works on series of bits, rather than sequences of bytes:
-	 * cipher_range in odp_crypto_op_param_t and
-	 * odp_crypto_packet_op_param_t will use bits, rather than bytes.
-	 *
-	 * Note: data buffer MUST start on the byte boundary, using offset
-	 * which is not divisible by 8 is unsupported and will result in
-	 * unspecified behaviour.
-	 *
-	 * Note2: If the data length is not a multiple of 8, the remaining
-	 * bits of the data in the last byte of the input/output will be the
-	 * most significant bits, i.e. the most significant bit is considered
-	 * to be the first bit of a byte for the purpose of input and output
-	 * data range. The output bits that fall out of the output range are
-	 * undefined.
-	 */
-	odp_bool_t bit_mode;
-
-} odp_crypto_cipher_capability_t;
-
-/**
- * Authentication algorithm capabilities
- */
-typedef struct odp_crypto_auth_capability_t {
-	/** Digest length in bytes */
-	uint32_t digest_len;
-
-	/** Key length in bytes */
-	uint32_t key_len;
-
-	/** IV length in bytes */
-	uint32_t iv_len;
-
-	/** Additional Authenticated Data (AAD) lengths */
-	struct {
-		/** Minimum AAD length in bytes */
-		uint32_t min;
-
-		/** Maximum AAD length in bytes */
-		uint32_t max;
-
-		/** Increment of supported lengths between min and max
-		 *  (in bytes) */
-		uint32_t inc;
-	} aad_len;
-
-	/** Auth is operating in bitstring mode
-	 *
-	 * This auth works on series of bits, rather than sequences of bytes:
-	 * auth_range in odp_crypto_op_param_t and
-	 * odp_crypto_packet_op_param_t will use bits, rather than bytes.
-	 *
-	 * Note: data buffer MUST start on the byte boundary, using offset
-	 * which is not divisible by 8 is unsupported and will result in
-	 * unpredictable behaviour.
-	 *
-	 * Note2: If the data length is not a multiple of 8, the remaining
-	 * bits of the data in the last byte of the input/output will be the
-	 * most significant bits, i.e. the most significant bit is considered
-	 * to be the first bit of a byte for the purpose of input and output
-	 * data range. The output bits that fall out of the output range are
-	 * undefined.
-	 */
-	odp_bool_t bit_mode;
-
-} odp_crypto_auth_capability_t;
-
-/**
  * Query crypto capabilities
  *
  * Outputs crypto capabilities on success.
@@ -1336,7 +280,7 @@ int odp_crypto_result(odp_crypto_packet_result_t *result,
  * from provided pool. All arrays should be of num_pkt size.
  *
  * @param         pkt_in   Packets to be processed
- * @param[in,out] pkt_out  Packet handle array specifyint resulting packets
+ * @param[in,out] pkt_out  Packet handle array specifying resulting packets
  * @param         param    Operation parameters array
  * @param         num_pkt  Number of packets to be processed
  *
diff --git a/include/odp/api/spec/crypto_types.h b/include/odp/api/spec/crypto_types.h
new file mode 100644
index 000000000..7f2c49a7d
--- /dev/null
+++ b/include/odp/api/spec/crypto_types.h
@@ -0,0 +1,1095 @@
+/* Copyright (c) 2014-2018, Linaro Limited
+ * Copyright (c) 2021-2022, Nokia
+ * All rights reserved.
+ *
+ * SPDX-License-Identifier:     BSD-3-Clause
+ */
+
+/**
+ * @file
+ *
+ * ODP crypto types */
+
+#ifndef ODP_API_SPEC_CRYPTO_TYPES_H_
+#define ODP_API_SPEC_CRYPTO_TYPES_H_
+#include <odp/visibility_begin.h>
+
+#include <odp/api/deprecated.h>
+#include <odp/api/packet_types.h>
+#include <odp/api/pool_types.h>
+#include <odp/api/std_types.h>
+
+#ifdef __cplusplus
+extern "C" {
+#endif
+
+/** @addtogroup odp_crypto
+ *  @{
+ */
+
+/**
+ * @def ODP_CRYPTO_SESSION_INVALID
+ * Invalid session handle
+ */
+
+/**
+ * @typedef odp_crypto_session_t
+ * Crypto API opaque session handle
+ */
+
+/**
+ * @typedef odp_crypto_compl_t
+*  @deprecated Crypto API completion event (platform dependent).
+*/
+
+/**
+ * Crypto API operation mode
+ */
+typedef enum {
+	/** Synchronous, return results immediately */
+	ODP_CRYPTO_SYNC,
+	/** Asynchronous, return results via posted event */
+	ODP_CRYPTO_ASYNC,
+} odp_crypto_op_mode_t;
+
+/**
+ * Crypto API operation type
+ */
+typedef enum {
+	/** Encrypt and/or compute authentication ICV */
+	ODP_CRYPTO_OP_ENCODE,
+	/** Decrypt and/or verify authentication ICV */
+	ODP_CRYPTO_OP_DECODE,
+} odp_crypto_op_t;
+
+/**
+ * Crypto API cipher algorithm
+ */
+typedef enum {
+	/** No cipher algorithm specified */
+	ODP_CIPHER_ALG_NULL,
+
+	/** DES */
+	ODP_CIPHER_ALG_DES,
+
+	/** Triple DES with cipher block chaining */
+	ODP_CIPHER_ALG_3DES_CBC,
+
+	/** Triple DES with Electronic Codebook */
+	ODP_CIPHER_ALG_3DES_ECB,
+
+	/** AES with cipher block chaining */
+	ODP_CIPHER_ALG_AES_CBC,
+
+	/** AES with counter mode */
+	ODP_CIPHER_ALG_AES_CTR,
+
+	/** AES with electronic codebook */
+	ODP_CIPHER_ALG_AES_ECB,
+
+	/** AES with 128-bit cipher feedback */
+	ODP_CIPHER_ALG_AES_CFB128,
+
+	/** AES with XEX-based tweaked-codebook mode with ciphertext stealing
+	 * (XTS) */
+	ODP_CIPHER_ALG_AES_XTS,
+
+	/** AES-GCM
+	 *
+	 *  AES in Galois/Counter Mode (GCM) algorithm. GCM provides both
+	 *  authentication and ciphering of data (authenticated encryption)
+	 *  in the same operation. Hence this algorithm must be paired always
+	 *  with ODP_AUTH_ALG_AES_GCM authentication.
+	 */
+	ODP_CIPHER_ALG_AES_GCM,
+
+	/** AES-CCM
+	 *
+	 *  AES in Counter with CBC-MAC (CCM) mode algorithm. CCM provides both
+	 *  authentication and ciphering of data (authenticated encryption)
+	 *  in the same operation. Hence this algorithm must be paired always
+	 *  with ODP_AUTH_ALG_AES_CCM authentication.
+	 */
+	ODP_CIPHER_ALG_AES_CCM,
+
+	/** ChaCha20-Poly1305
+	 *
+	 *  ChaCha20 with Poly1305 provide both authentication and ciphering of
+	 *  data (authenticated encryption) in the same operation. Hence this
+	 *  algorithm must be paired always with ODP_AUTH_ALG_CHACHA20_POLY1305
+	 *  authentication.
+	 */
+	ODP_CIPHER_ALG_CHACHA20_POLY1305,
+
+	/** Confidentiality F8 algorithm (UEA1)
+	 *
+	 *  KASUMI-based F8 algorithm (also known as UEA1).
+	 *
+	 *  IV should be formatted according to the 3GPP TS 35.201:
+	 *  COUNT || BEARER || DIRECTION || 0...0
+	 */
+	ODP_CIPHER_ALG_KASUMI_F8,
+
+	/** Confidentiality UEA2 algorithm (128-EEA1)
+	 *
+	 *  SNOW 3G-based UEA2 algorithm (also known as 128-EEA1).
+	 *
+	 *  IV (128 bit) should be formatted according to the ETSI/SAGE
+	 *  UEA2 & UIA2 specification:
+	 *  COUNT || BEARER || DIRECTION || 0...0 ||
+	 *  COUNT || BEARER || DIRECTION || 0...0 ||
+	 */
+	ODP_CIPHER_ALG_SNOW3G_UEA2,
+
+	/** Confidentiality 128-EEA2 algorithm
+	 *
+	 *  AES-CTR-based 128-EEA2 algorithm.
+	 *
+	 *  IV (128 bit) should be formatted according to the ETSI/SAGE
+	 *  128-EA2 & 128-EIA2 specification:
+	 *  COUNT || BEARER ||
+	 *  DIRECTION || 0....0
+	 */
+	ODP_CIPHER_ALG_AES_EEA2,
+
+	/** ZUC based confidentiality algorithm
+	 *
+	 *  128-EEA3/128-NEA3 algorithm when key length is 128 bits.
+	 *
+	 *  IV (128 bit) should be formatted according to the ETSI/SAGE
+	 *  128-EEA3 & 128-EIA3 specification:
+	 *  COUNT || BEARER || DIRECTION || 0...0 ||
+	 *  COUNT || BEARER || DIRECTION || 0...0 ||
+	 *
+	 *  256-bit key length support is experimental and subject to
+	 *  change. The following variants may be supported:
+	 *
+	 *  - ZUC-256 with 25 byte IV (of which 184 bits are variable)
+	 *    as specified in "The ZUC-256 Stream Cipher".
+	 *  - ZUC-256 with 16 byte IV as specified in
+	 *        "An Addendum to the ZUC-256 Stream Cipher",
+	 *        https://eprint.iacr.org/2021/1439
+	 */
+	ODP_CIPHER_ALG_ZUC_EEA3,
+
+} odp_cipher_alg_t;
+
+/**
+ * Crypto API authentication algorithm
+ */
+typedef enum {
+	 /** No authentication algorithm specified */
+	ODP_AUTH_ALG_NULL,
+
+	/** HMAC-MD5
+	 *
+	 * MD5 algorithm in HMAC mode
+	 */
+	ODP_AUTH_ALG_MD5_HMAC,
+
+	/** HMAC-SHA-1
+	 *
+	 *  SHA-1 algorithm in HMAC mode
+	 */
+	ODP_AUTH_ALG_SHA1_HMAC,
+
+	/** HMAC-SHA-224
+	 *
+	 *  SHA-224 algorithm in HMAC mode
+	 */
+	ODP_AUTH_ALG_SHA224_HMAC,
+
+	/** HMAC-SHA-256
+	 *
+	 *  SHA-256 algorithm in HMAC mode
+	 */
+	ODP_AUTH_ALG_SHA256_HMAC,
+
+	 /** HMAC-SHA-384
+	 *
+	 *  SHA-384 algorithm in HMAC mode
+	 */
+	ODP_AUTH_ALG_SHA384_HMAC,
+
+	/** HMAC-SHA-512
+	 *
+	 *  SHA-512 algorithm in HMAC mode
+	 */
+	ODP_AUTH_ALG_SHA512_HMAC,
+
+	/** AES-GCM
+	 *
+	 *  AES in Galois/Counter Mode (GCM) algorithm. GCM provides both
+	 *  authentication and ciphering of data (authenticated encryption)
+	 *  in the same operation. Hence this algorithm must be paired always
+	 *  with ODP_CIPHER_ALG_AES_GCM cipher.
+	 */
+	ODP_AUTH_ALG_AES_GCM,
+
+	/** AES-GMAC
+	 *
+	 *  AES Galois Message Authentication Code (GMAC) algorithm. AES-GMAC
+	 *  is based on AES-GCM operation, but provides authentication only.
+	 *  Hence this algorithm can be paired only with ODP_CIPHER_ALG_NULL
+	 *  cipher.
+	 *
+	 *  NIST and RFC specifications of GMAC refer to all data to be
+	 *  authenticated as AAD. In ODP the data to be authenticated, i.e.
+	 *  AAD, is ODP packet data and specified using the auth_range
+	 *  parameter. The aad_length and aad_ptr parameters, which would
+	 *  require the data to be contiguous in memory, are ignored with
+	 *  AES-GMAC.
+	 *
+	 *  GMAC needs an initialization vector, which can be passed via
+	 *  session (auth_iv) or packet (auth_iv_ptr) level parameters.
+	 */
+	ODP_AUTH_ALG_AES_GMAC,
+
+	/** AES-CCM
+	 *
+	 *  AES in Counter with CBC-MAC (CCM) mode algorithm. CCM provides both
+	 *  authentication and ciphering of data (authenticated encryption)
+	 *  in the same operation. Hence this algorithm must be paired always
+	 *  with ODP_CIPHER_ALG_AES_CCM cipher.
+	 */
+	ODP_AUTH_ALG_AES_CCM,
+
+	/** AES-CMAC
+	 *
+	 *  AES Cipher-based Message Authentication Code (CMAC) algorithm. CMAC
+	 *  is a keyed hash function that is based on a symmetric key block
+	 *  cipher, such as the AES.
+	 */
+	ODP_AUTH_ALG_AES_CMAC,
+
+	/** AES-XCBC-MAC
+	 *
+	 *  AES CBC MAC for arbitrary-length messages (XCBC-MAC).
+	 *
+	 */
+	ODP_AUTH_ALG_AES_XCBC_MAC,
+
+	/** ChaCha20-Poly1305 AEAD
+	 *
+	 *  ChaCha20 with Poly1305 provide both authentication and ciphering of
+	 *  data (authenticated encryption) in the same operation. Hence this
+	 *  algorithm must be paired always with
+	 *  ODP_CIPHER_ALG_CHACHA20_POLY1305 cipher.
+	 */
+	ODP_AUTH_ALG_CHACHA20_POLY1305,
+
+	/** Integrity F9 algorithm (UIA1)
+	 *
+	 *  KASUMI-based F9 algorithm (also known as UIA1).
+	 *
+	 *  IV (9 bytes) is a concatenation of COUNT (32b), FRESH (32b) and
+	 *  DIRECTION (LSB-aligned, 1b).
+	 *  IV (8 bytes) is a concatenation of COUNT (32b) and FRESH (32b)
+	 *  DIRECTION (1b) and padding should come at the end of message.
+	 */
+	ODP_AUTH_ALG_KASUMI_F9,
+
+	/** Integrity UIA2 algorithm (128-EIA1)
+	 *
+	 *  SNOW 3G-based UIA2 algorithm (also known as 128-EIA1).
+	 *  IV (128 bit) should be formatted according to the ETSI/SAGE
+	 *  UEA2 & UIA2 specification:
+	 *  COUNT || FRESH ||
+	 *  DIRECTION XOR COUNT0 || COUNT1 .. COUNT31 ||
+	 *  FRESH0 .. FRESH15 || FRESH16 XOR DIRECTION || FRESH17 .. FRESH31
+	 */
+	ODP_AUTH_ALG_SNOW3G_UIA2,
+
+	/** Integrity 128-EIA2 algorithm
+	 *
+	 *  AES_CMAC-based 128-EIA2 algorithm.
+	 *
+	 *  IV (128 bit) should be formatted according to the ETSI/SAGE
+	 *  128-EA2 & 128-EIA2 specification:
+	 *  COUNT || BEARER ||
+	 *  DIRECTION || 0....0
+	 */
+	ODP_AUTH_ALG_AES_EIA2,
+
+	/** ZUC-based integrity algorithm.
+	 *
+	 *  128-EIA3/128-NIA3 algorithm when key length is 128 bits.
+	 *
+	 *  IV (128 bit) should be formatted according to the ETSI/SAGE
+	 *  128-EA3 & 128-EIA2 specification:
+	 *  COUNT || BEARER ||
+	 *  DIRECTION XOR COUNT0 || COUNT1 .. COUNT31 ||
+	 *  BEARER || 0...0 || DIRECTION || 0...0
+	 *
+	 *  256-bit key length support is experimental and subject to
+	 *  change. The following variants may be supported:
+	 *
+	 *  - ZUC-256 with 25 byte IV (of which 184 bits are variable) and
+	 *    32/64/128 bit MAC as specified in "The ZUC-256 Stream Cipher".
+	 *  - ZUC-256 with 16 byte IV and 32/64/128 bit MAC as specified in
+	 *        "An Addendum to the ZUC-256 Stream Cipher",
+	 *        https://eprint.iacr.org/2021/1439
+	 */
+	ODP_AUTH_ALG_ZUC_EIA3,
+
+	/** MD5 algorithm */
+	ODP_AUTH_ALG_MD5,
+
+	/** SHA1 algorithm */
+	ODP_AUTH_ALG_SHA1,
+
+	/** 224 bit SHA2 algorithm */
+	ODP_AUTH_ALG_SHA224,
+
+	/** 256 bit SHA2 algorithm */
+	ODP_AUTH_ALG_SHA256,
+
+	/** 384 bit SHA2 algorithm */
+	ODP_AUTH_ALG_SHA384,
+
+	/** 512 bit SHA2 algorithm */
+	ODP_AUTH_ALG_SHA512,
+
+} odp_auth_alg_t;
+
+/**
+ * Cipher algorithms in a bit field structure
+ */
+typedef union odp_crypto_cipher_algos_t {
+	/** Cipher algorithms */
+	struct {
+		/** ODP_CIPHER_ALG_NULL */
+		uint32_t null        : 1;
+
+		/** ODP_CIPHER_ALG_DES */
+		uint32_t des         : 1;
+
+		/** ODP_CIPHER_ALG_3DES_CBC */
+		uint32_t trides_cbc  : 1;
+
+		/** ODP_CIPHER_ALG_3DES_ECB */
+		uint32_t trides_ecb : 1;
+
+		/** ODP_CIPHER_ALG_AES_CBC */
+		uint32_t aes_cbc     : 1;
+
+		/** ODP_CIPHER_ALG_AES_CTR */
+		uint32_t aes_ctr     : 1;
+
+		/** ODP_CIPHER_ALG_AES_ECB */
+		uint32_t aes_ecb     : 1;
+
+		/** ODP_CIPHER_ALG_AES_CFB128 */
+		uint32_t aes_cfb128  : 1;
+
+		/** ODP_CIPHER_ALG_AES_XTS */
+		uint32_t aes_xts     : 1;
+
+		/** ODP_CIPHER_ALG_AES_GCM */
+		uint32_t aes_gcm     : 1;
+
+		/** ODP_CIPHER_ALG_AES_CCM */
+		uint32_t aes_ccm     : 1;
+
+		/** ODP_CIPHER_ALG_CHACHA20_POLY1305 */
+		uint32_t chacha20_poly1305 : 1;
+
+		/** ODP_CIPHER_ALG_KASUMI_F8 */
+		uint32_t kasumi_f8   : 1;
+
+		/** ODP_CIPHER_ALG_SNOW3G_UEA2 */
+		uint32_t snow3g_uea2 : 1;
+
+		/** ODP_CIPHER_ALG_AES_EEA2 */
+		uint32_t aes_eea2 : 1;
+
+		/** ODP_CIPHER_ALG_ZUC_EEA3 */
+		uint32_t zuc_eea3    : 1;
+
+	} bit;
+
+	/** All bits of the bit field structure
+	  *
+	  * This field can be used to set/clear all flags, or bitwise
+	  * operations over the entire structure. */
+	uint32_t all_bits;
+} odp_crypto_cipher_algos_t;
+
+/**
+ * Authentication algorithms in a bit field structure
+ */
+typedef union odp_crypto_auth_algos_t {
+	/** Authentication algorithms */
+	struct {
+		/** ODP_AUTH_ALG_NULL */
+		uint32_t null        : 1;
+
+		/** ODP_AUTH_ALG_MD5_HMAC */
+		uint32_t md5_hmac    : 1;
+
+		/** ODP_AUTH_ALG_SHA1_HMAC */
+		uint32_t sha1_hmac : 1;
+
+		/** ODP_AUTH_ALG_SHA224_HMAC */
+		uint32_t sha224_hmac : 1;
+
+		/** ODP_AUTH_ALG_SHA256_HMAC */
+		uint32_t sha256_hmac : 1;
+
+		/** ODP_AUTH_ALG_SHA384_HMAC */
+		uint32_t sha384_hmac : 1;
+
+		/** ODP_AUTH_ALG_SHA512_HMAC */
+		uint32_t sha512_hmac : 1;
+
+		/** ODP_AUTH_ALG_AES_GCM */
+		uint32_t aes_gcm     : 1;
+
+		/** ODP_AUTH_ALG_AES_GMAC*/
+		uint32_t aes_gmac    : 1;
+
+		/** ODP_AUTH_ALG_AES_CCM */
+		uint32_t aes_ccm     : 1;
+
+		/** ODP_AUTH_ALG_AES_CMAC*/
+		uint32_t aes_cmac    : 1;
+
+		/** ODP_AUTH_ALG_AES_XCBC_MAC*/
+		uint32_t aes_xcbc_mac    : 1;
+
+		/** ODP_AUTH_ALG_CHACHA20_POLY1305 */
+		uint32_t chacha20_poly1305 : 1;
+
+		/** ODP_AUTH_ALG_KASUMI_F9 */
+		uint32_t kasumi_f9   : 1;
+
+		/** ODP_AUTH_ALG_SNOW3G_UIA2 */
+		uint32_t snow3g_uia2 : 1;
+
+		/** ODP_AUTH_ALG_AES_EIA2 */
+		uint32_t aes_eia2 : 1;
+
+		/** ODP_AUTH_ALG_ZUC_EIA3 */
+		uint32_t zuc_eia3    : 1;
+
+		/** ODP_AUTH_ALG_MD5 */
+		uint32_t md5 : 1;
+
+		/** ODP_AUTH_ALG_SHA1 */
+		uint32_t sha1 : 1;
+
+		/** ODP_AUTH_ALG_SHA224 */
+		uint32_t sha224 : 1;
+
+		/** ODP_AUTH_ALG_SHA256 */
+		uint32_t sha256 : 1;
+
+		/** ODP_AUTH_ALG_SHA384 */
+		uint32_t sha384 : 1;
+
+		/** ODP_AUTH_ALG_SHA512 */
+		uint32_t sha512 : 1;
+
+	} bit;
+
+	/** All bits of the bit field structure
+	  *
+	  * This field can be used to set/clear all flags, or bitwise
+	  * operations over the entire structure. */
+	uint32_t all_bits;
+} odp_crypto_auth_algos_t;
+
+/**
+ * Crypto API key structure
+ */
+typedef struct odp_crypto_key {
+	/** Key data */
+	uint8_t *data;
+
+	/** Key length in bytes */
+	uint32_t length;
+
+} odp_crypto_key_t;
+
+/**
+ * Crypto API IV structure
+ *
+ * @deprecated Use per-packet IV in crypto operation parameters
+ */
+typedef struct odp_crypto_iv {
+	/** IV data
+	 *
+	 *  Ignored when length is zero. Null value indicates that an
+	 *  IV will be provided for each packet through the crypto
+	 *  operation parameters. In that case the per-operation
+	 *  IV parameter must always point to a valid IV.
+	 *
+	 *  Default value is NULL.
+	 */
+	uint8_t *data;
+
+	/** IV length in bytes. Default value is zero. */
+	uint32_t length;
+
+} ODP_DEPRECATE(odp_crypto_iv_t);
+
+/**
+ * Crypto API session creation parameters
+ */
+typedef struct odp_crypto_session_param_t {
+	/** Encode vs. decode operation
+	 *
+	 *  The default value is ODP_CRYPTO_OP_ENCODE.
+	 */
+	odp_crypto_op_t op;
+
+	/** Authenticate cipher vs. plain text
+	 *
+	 *  Controls ordering of authentication and cipher operations,
+	 *  and is relative to the operation (encode vs decode). When encoding,
+	 *  TRUE indicates the authentication operation should be performed
+	 *  after the cipher operation else before. When decoding, TRUE
+	 *  indicates the reverse order of operation.
+	 *
+	 *  The value is ignored with authenticated encryption algorithms
+	 *  such as AES-GCM.
+	 *
+	 *  true:  Authenticate cipher text
+	 *  false: Authenticate plain text
+	 *
+	 *  The default value is false.
+	 */
+	odp_bool_t auth_cipher_text;
+
+	/** Hash result location may overlap authentication range
+	 *
+	 *  This flag indicates that the hash result location may (but is
+	 *  not required to) overlap authentication range. Setting this
+	 *  flag may reduce performance.
+	 *
+	 *  Default value is false.
+	 */
+	odp_bool_t hash_result_in_auth_range;
+
+	/** Preferred sync vs. async for odp_crypto_operation()
+	 *
+	 *  The default value is ODP_CRYPTO_SYNC.
+	 *
+	 *  @deprecated Used only with deprecated odp_crypto_operation()
+	 */
+	odp_crypto_op_mode_t ODP_DEPRECATE(pref_mode);
+
+	/** Operation mode when using packet interface: sync or async
+	 *
+	 *  The default value is ODP_CRYPTO_SYNC.
+	 */
+	odp_crypto_op_mode_t op_mode;
+
+	/** Cipher algorithm
+	 *
+	 *  Select cipher algorithm to be used. ODP_CIPHER_ALG_NULL indicates
+	 *  that ciphering is disabled. Use odp_crypto_capability() for
+	 *  supported algorithms. Note that some algorithms restrict choice of
+	 *  the pairing authentication algorithm. When ciphering is enabled
+	 *  cipher key and IV need to be set. The default value is
+	 *  ODP_CIPHER_ALG_NULL.
+	 */
+	odp_cipher_alg_t cipher_alg;
+
+	/** Cipher key
+	 *
+	 * Use odp_crypto_cipher_capa() for supported key and IV lengths.
+	 */
+	odp_crypto_key_t cipher_key;
+
+	/** Cipher Initialization Vector (IV)
+	 *
+	 *  Unless using the deprecated API, this specifies the length of
+	 *  the IV only. The actual IV must then be provided in per-packet
+	 *  parameters of crypto operations.
+	 */
+	union {
+#if ODP_DEPRECATED_API
+		/** @deprecated Cipher IV */
+		odp_crypto_iv_t ODP_DEPRECATE(cipher_iv);
+#endif
+		/** Cipher IV length */
+		struct {
+#if ODP_DEPRECATED_API
+			/** @cond
+			 *  Unused padding field
+			 */
+			uint8_t *dummy_padding_0;
+			/** @endcond */
+#endif
+			/** Length of cipher initialization vector.
+			 *  Default value is zero.
+			 */
+			uint32_t cipher_iv_len;
+		};
+	};
+
+	/** Authentication algorithm
+	 *
+	 *  Select authentication algorithm to be used. ODP_AUTH_ALG_NULL
+	 *  indicates that authentication is disabled. Use
+	 *  odp_crypto_capability() for supported algorithms. Note that some
+	 *  algorithms restrict choice of the pairing cipher algorithm. When
+	 *  single algorithm provides both ciphering and authentication
+	 *  (i.e. Authenticated Encryption), authentication side key
+	 *  (auth_key) and IV (auth_iv) are ignored, and cipher side values are
+	 *  used instead. These algorithms ignore authentication side key
+	 *  and IV: ODP_AUTH_ALG_AES_GCM, ODP_AUTH_ALG_AES_CCM and
+	 *  ODP_AUTH_ALG_CHACHA20_POLY1305. Otherwise, all authentication side
+	 *  parameters must be set when authentication is enabled. The default
+	 *  value is ODP_AUTH_ALG_NULL.
+	 */
+	odp_auth_alg_t auth_alg;
+
+	/** Authentication key
+	 *
+	 *  Use odp_crypto_auth_capability() for supported key lengths.
+	 */
+	odp_crypto_key_t auth_key;
+
+	/** Authentication Initialization Vector (IV)
+	 *
+	 *  Unless using the deprecated API, this specifies the length of
+	 *  the IV only. The actual IV must then be provided in per-packet
+	 *  parameters of crypto operations.
+	 */
+	union {
+#if ODP_DEPRECATED_API
+		/** @deprecated Authentication IV */
+		odp_crypto_iv_t ODP_DEPRECATE(auth_iv);
+#endif
+		/** Authentication IV length */
+		struct {
+#if ODP_DEPRECATED_API
+			/** @cond
+			 *  Unused padding field
+			 */
+			uint8_t *dummy_padding_1;
+			/** @endcond */
+#endif
+			/** Length of authentication initialization vector.
+			 *  Default value is zero.
+			 */
+			uint32_t auth_iv_len;
+		};
+	};
+
+	/** Authentication digest length in bytes
+	 *
+	 *  Use odp_crypto_auth_capability() for supported digest lengths.
+	 */
+	uint32_t auth_digest_len;
+
+	/** Additional Authenticated Data (AAD) length in bytes
+	 *
+	 *  AAD length is constant for all operations (packets) of the session.
+	 *  Set to zero when AAD is not used. Use odp_crypto_auth_capability()
+	 *  for supported AAD lengths. The default value is zero.
+	 */
+	uint32_t auth_aad_len;
+
+	/** Async mode completion event queue
+	 *
+	 *  The completion queue is used to return completions from
+	 *  odp_crypto_op_enq() (and the deprecated odp_crypto_operation())
+	 *  to the application.
+	 */
+	odp_queue_t compl_queue;
+
+	/** Output pool
+	 *
+	 *  When the output packet is not specified during the call to
+	 *  crypto operation, the output packet will be allocated
+	 *  from this pool.
+	 */
+	odp_pool_t output_pool;
+
+} odp_crypto_session_param_t;
+
+/**
+ * Crypto API per packet operation parameters
+ *
+ * @deprecated Use odp_crypto_packet_op_param_t instead.
+ */
+typedef struct odp_crypto_op_param_t {
+	/** Session handle from creation */
+	odp_crypto_session_t session;
+
+	/** User context */
+	void *ctx;
+
+	/** Input packet
+	 *
+	 *  Specifies the input packet for the crypto operation. When the
+	 *  'out_pkt' variable is set to ODP_PACKET_INVALID (indicating a new
+	 *  packet should be allocated for the resulting packet).
+	 */
+	odp_packet_t pkt;
+
+	/** Output packet
+	 *
+	 *  Both "in place" (the original packet 'pkt' is modified) and
+	 *  "copy" (the packet is replicated to a new packet which contains
+	 *  the modified data) modes are supported. The "in place" mode of
+	 *  operation is indicated by setting 'out_pkt' equal to 'pkt'.
+	 *  For the copy mode of operation, setting 'out_pkt' to a valid packet
+	 *  value indicates the caller wishes to specify the destination packet.
+	 *  Setting 'out_pkt' to ODP_PACKET_INVALID indicates the caller wishes
+	 *  the destination packet be allocated from the output pool specified
+	 *  during session creation.
+	 */
+	odp_packet_t out_pkt;
+
+	/** IV pointer for cipher */
+	uint8_t *cipher_iv_ptr;
+
+	/** Authentication IV pointer */
+	uint8_t *auth_iv_ptr;
+
+	/** Offset from start of packet for hash result
+	 *
+	 *  In case of decode sessions, the expected hash will be read from
+	 *  this offset and compared with the calculated hash. After the
+	 *  operation the hash bytes will have undefined values.
+	 *
+	 *  In case of encode sessions the calculated hash will be stored in
+	 *  this offset.
+	 *
+	 *  If the hash_result_in_auth_range session parameter is true,
+	 *  the hash result location may overlap auth_range. In that case
+	 *  the result location will be zeroed in decode sessions before
+	 *  hash calculation. Zeroing is not done in encode sessions.
+	 */
+	uint32_t hash_result_offset;
+
+	/** Pointer to AAD. AAD length is defined by 'auth_aad_len'
+	 *  session parameter.
+	 */
+	uint8_t *aad_ptr;
+
+	/** Data range to be ciphered */
+	odp_packet_data_range_t cipher_range;
+
+	/** Data range to be authenticated
+	 *
+	 *  The value is ignored with authenticated encryption algorithms,
+	 *  such as AES-GCM, which authenticate data in the cipher range
+	 *  and the AAD.
+	 *
+	 *  As a special case AES-GMAC uses this field instead of aad_ptr
+	 *  for the data bytes to be authenticated.
+	 */
+	odp_packet_data_range_t auth_range;
+
+} ODP_DEPRECATE(odp_crypto_op_param_t);
+
+/**
+ * Crypto packet API per packet operation parameters
+ */
+typedef struct odp_crypto_packet_op_param_t {
+	/** Session handle from creation */
+	odp_crypto_session_t session;
+
+	/** IV pointer for cipher */
+	uint8_t *cipher_iv_ptr;
+
+	/** IV pointer for authentication */
+	uint8_t *auth_iv_ptr;
+
+	/** Offset from start of packet for hash result
+	 *
+	 *  In case of decode sessions, the expected hash will be read from
+	 *  this offset and compared with the calculated hash. After the
+	 *  operation the hash bytes will have undefined values.
+	 *
+	 *  In case of encode sessions the calculated hash will be stored in
+	 *  this offset.
+	 *
+	 *  If the hash_result_in_auth_range session parameter is true,
+	 *  the hash result location may overlap auth_range. In that case the
+	 *  result location will be zeroed in decode sessions before hash
+	 *  calculation. Zeroing is not done in encode sessions.
+	 */
+	uint32_t hash_result_offset;
+
+	/** Pointer to AAD. AAD length is defined by 'auth_aad_len'
+	 *  session parameter.
+	 */
+	uint8_t *aad_ptr;
+
+	/** Data range to apply cipher */
+	odp_packet_data_range_t cipher_range;
+
+	/** Data range to authenticate */
+	odp_packet_data_range_t auth_range;
+
+} odp_crypto_packet_op_param_t;
+
+/**
+ * Crypto API session creation return code
+ */
+typedef enum {
+	/** Session created */
+	ODP_CRYPTO_SES_ERR_NONE,
+	/** Creation failed, no resources */
+	ODP_CRYPTO_SES_ERR_ENOMEM,
+	/** Creation failed, bad cipher params */
+	ODP_CRYPTO_SES_ERR_CIPHER,
+	/** Creation failed, bad auth params */
+	ODP_CRYPTO_SES_ERR_AUTH,
+
+	/** Unsupported combination of algorithms
+	 *
+	 *  The combination of cipher and auth algorithms with their
+	 *  specific parameters is not supported even if the algorithms
+	 *  appear in capabilities and are supported in combination with
+	 *  other algorithms or other algorithm specific parameters.
+	 */
+	ODP_CRYPTO_SES_ERR_ALG_COMBO,
+
+	/** Unsupported order of cipher and auth
+	 *
+	 *  The requested mutual order of ciphering and authentication
+	 *  is not supported with the chosen individual cipher and
+	 *  authentication algorithms.
+	 */
+	ODP_CRYPTO_SES_ERR_ALG_ORDER,
+
+	/** Unsupported combination of session creation parameters
+	 *
+	 *  The combination of provided session creation parameters is not
+	 *  supported. This error can occur when there are limitations that
+	 *  are not expressible through crypto capabilities or other error
+	 *  status values.
+	 */
+	ODP_CRYPTO_SES_ERR_PARAMS,
+} odp_crypto_ses_create_err_t;
+
+/** This synonym for backward compatibility will be deprecated later */
+#define ODP_CRYPTO_SES_CREATE_ERR_NONE       ODP_CRYPTO_SES_ERR_NONE
+/** This synonym for backward compatibility will be deprecated later */
+#define ODP_CRYPTO_SES_CREATE_ERR_ENOMEM     ODP_CRYPTO_SES_ERR_ENOMEM
+/** This synonym for backward compatibility will be deprecated later */
+#define ODP_CRYPTO_SES_CREATE_ERR_INV_CIPHER ODP_CRYPTO_SES_ERR_CIPHER
+/** This synonym for backward compatibility will be deprecated later */
+#define ODP_CRYPTO_SES_CREATE_ERR_INV_AUTH   ODP_CRYPTO_SES_ERR_AUTH
+
+/**
+ * Crypto API algorithm return code
+ */
+typedef enum {
+	/** Algorithm successful */
+	ODP_CRYPTO_ALG_ERR_NONE,
+	/** Invalid data block size */
+	ODP_CRYPTO_ALG_ERR_DATA_SIZE,
+	/** Key size invalid for algorithm */
+	ODP_CRYPTO_ALG_ERR_KEY_SIZE,
+	/** Computed ICV value mismatch */
+	ODP_CRYPTO_ALG_ERR_ICV_CHECK,
+	/** IV value not specified */
+	ODP_CRYPTO_ALG_ERR_IV_INVALID,
+} odp_crypto_alg_err_t;
+
+/**
+ * Crypto API hardware centric return code
+ */
+typedef enum {
+	/** Operation completed successfully */
+	ODP_CRYPTO_HW_ERR_NONE,
+	/** Error detected during DMA of data */
+	ODP_CRYPTO_HW_ERR_DMA,
+	/** Operation failed due to pool depletion */
+	ODP_CRYPTO_HW_ERR_BP_DEPLETED,
+} odp_crypto_hw_err_t;
+
+/**
+ * Cryto API per packet operation completion status
+ */
+typedef struct odp_crypto_op_status {
+	/** Algorithm specific return code */
+	odp_crypto_alg_err_t alg_err;
+
+	/** Hardware specific return code */
+	odp_crypto_hw_err_t  hw_err;
+
+} odp_crypto_op_status_t;
+
+/**
+ * Crypto API operation result
+ *
+ * @deprecated Use odp_crypto_packet_result_t instead.
+ */
+typedef struct odp_crypto_op_result {
+	/** Request completed successfully */
+	odp_bool_t  ok;
+
+	/** User context from request */
+	void *ctx;
+
+	/** Output packet */
+	odp_packet_t pkt;
+
+	/** Cipher status */
+	odp_crypto_op_status_t cipher_status;
+
+	/** Authentication status */
+	odp_crypto_op_status_t auth_status;
+
+} ODP_DEPRECATE(odp_crypto_op_result_t);
+
+/**
+ * Crypto packet API operation result
+ */
+typedef struct odp_crypto_packet_result_t {
+	/** Request completed successfully */
+	odp_bool_t  ok;
+
+	/** Cipher status */
+	odp_crypto_op_status_t cipher_status;
+
+	/** Authentication status */
+	odp_crypto_op_status_t auth_status;
+
+} odp_crypto_packet_result_t;
+
+/**
+ * Crypto capabilities
+ */
+typedef struct odp_crypto_capability_t {
+	/** Maximum number of crypto sessions */
+	uint32_t max_sessions;
+
+	/** Supported packet operation in SYNC mode */
+	odp_support_t sync_mode;
+
+	/** Supported packet operation in ASYNC mode */
+	odp_support_t async_mode;
+
+	/** Supported cipher algorithms */
+	odp_crypto_cipher_algos_t ciphers;
+
+	/** Cipher algorithms implemented with HW offload */
+	odp_crypto_cipher_algos_t hw_ciphers;
+
+	/** Supported authentication algorithms */
+	odp_crypto_auth_algos_t   auths;
+
+	/** Authentication algorithms implemented with HW offload */
+	odp_crypto_auth_algos_t   hw_auths;
+
+	/**
+	 * Scheduled crypto completion queue support
+	 *
+	 * This defines whether scheduled queues are supported as crypto
+	 * compl_queue.
+	 * 0: Scheduled queues are not supported as crypto completion queues
+	 * 1: Scheduled queues are supported as crypto completion queues
+	 * @see odp_crypto_session_param_t
+	 */
+	odp_bool_t queue_type_sched;
+
+	/**
+	 * Plain crypto completion queue support
+	 *
+	 * This defines whether plain queues are supported as crypto
+	 * compl_queue.
+	 * 0: Plain queues are not supported as crypto completion queues
+	 * 1: Plain queues are supported as crypto completion queues
+	 * @see odp_crypto_session_param_t
+	 */
+	odp_bool_t queue_type_plain;
+} odp_crypto_capability_t;
+
+/**
+ * Cipher algorithm capabilities
+ */
+typedef struct odp_crypto_cipher_capability_t {
+	/** Key length in bytes */
+	uint32_t key_len;
+
+	/** IV length in bytes */
+	uint32_t iv_len;
+
+	/** Cipher is operating in bitwise mode
+	 *
+	 * This cipher works on series of bits, rather than sequences of bytes:
+	 * cipher_range in odp_crypto_op_param_t and
+	 * odp_crypto_packet_op_param_t will use bits, rather than bytes.
+	 *
+	 * Note: data buffer MUST start on the byte boundary, using offset
+	 * which is not divisible by 8 is unsupported and will result in
+	 * unspecified behaviour.
+	 *
+	 * Note2: If the data length is not a multiple of 8, the remaining
+	 * bits of the data in the last byte of the input/output will be the
+	 * most significant bits, i.e. the most significant bit is considered
+	 * to be the first bit of a byte for the purpose of input and output
+	 * data range. The output bits that fall out of the output range are
+	 * undefined.
+	 */
+	odp_bool_t bit_mode;
+
+} odp_crypto_cipher_capability_t;
+
+/**
+ * Authentication algorithm capabilities
+ */
+typedef struct odp_crypto_auth_capability_t {
+	/** Digest length in bytes */
+	uint32_t digest_len;
+
+	/** Key length in bytes */
+	uint32_t key_len;
+
+	/** IV length in bytes */
+	uint32_t iv_len;
+
+	/** Additional Authenticated Data (AAD) lengths */
+	struct {
+		/** Minimum AAD length in bytes */
+		uint32_t min;
+
+		/** Maximum AAD length in bytes */
+		uint32_t max;
+
+		/** Increment of supported lengths between min and max
+		 *  (in bytes) */
+		uint32_t inc;
+	} aad_len;
+
+	/** Auth is operating in bitstring mode
+	 *
+	 * This auth works on series of bits, rather than sequences of bytes:
+	 * auth_range in odp_crypto_op_param_t and
+	 * odp_crypto_packet_op_param_t will use bits, rather than bytes.
+	 *
+	 * Note: data buffer MUST start on the byte boundary, using offset
+	 * which is not divisible by 8 is unsupported and will result in
+	 * unpredictable behaviour.
+	 *
+	 * Note2: If the data length is not a multiple of 8, the remaining
+	 * bits of the data in the last byte of the input/output will be the
+	 * most significant bits, i.e. the most significant bit is considered
+	 * to be the first bit of a byte for the purpose of input and output
+	 * data range. The output bits that fall out of the output range are
+	 * undefined.
+	 */
+	odp_bool_t bit_mode;
+
+} odp_crypto_auth_capability_t;
+
+/**
+ * @}
+ */
+
+#ifdef __cplusplus
+}
+#endif
+
+#include <odp/visibility_end.h>
+#endif
diff --git a/include/odp/api/spec/ipsec.h b/include/odp/api/spec/ipsec.h
index b091961cc..603bf3aef 100644
--- a/include/odp/api/spec/ipsec.h
+++ b/include/odp/api/spec/ipsec.h
@@ -19,7 +19,7 @@
 extern "C" {
 #endif
 
-#include <odp/api/crypto.h>
+#include <odp/api/crypto_types.h>
 #include <odp/api/event_types.h>
 #include <odp/api/ipsec_types.h>
 #include <odp/api/packet_types.h>
diff --git a/include/odp/api/spec/ipsec_types.h b/include/odp/api/spec/ipsec_types.h
index b74d26d4f..b34fb5982 100644
--- a/include/odp/api/spec/ipsec_types.h
+++ b/include/odp/api/spec/ipsec_types.h
@@ -20,7 +20,7 @@ extern "C" {
 #endif
 
 #include <odp/api/classification.h>
-#include <odp/api/crypto.h>
+#include <odp/api/crypto_types.h>
 #include <odp/api/packet_io_types.h>
 #include <odp/api/protocols.h>
 #include <odp/api/std_types.h>
diff --git a/include/odp/arch/arm32-linux/odp/api/abi/crypto_types.h b/include/odp/arch/arm32-linux/odp/api/abi/crypto_types.h
new file mode 100644
index 000000000..ddadec1c1
--- /dev/null
+++ b/include/odp/arch/arm32-linux/odp/api/abi/crypto_types.h
@@ -0,0 +1,7 @@
+/* Copyright (c) 2022, Nokia
+ * All rights reserved.
+ *
+ * SPDX-License-Identifier:     BSD-3-Clause
+ */
+
+#include <odp/api/abi-default/crypto_types.h>
diff --git a/include/odp/arch/arm64-linux/odp/api/abi/crypto_types.h b/include/odp/arch/arm64-linux/odp/api/abi/crypto_types.h
new file mode 100644
index 000000000..ddadec1c1
--- /dev/null
+++ b/include/odp/arch/arm64-linux/odp/api/abi/crypto_types.h
@@ -0,0 +1,7 @@
+/* Copyright (c) 2022, Nokia
+ * All rights reserved.
+ *
+ * SPDX-License-Identifier:     BSD-3-Clause
+ */
+
+#include <odp/api/abi-default/crypto_types.h>
diff --git a/include/odp/arch/default-linux/odp/api/abi/crypto_types.h b/include/odp/arch/default-linux/odp/api/abi/crypto_types.h
new file mode 100644
index 000000000..ddadec1c1
--- /dev/null
+++ b/include/odp/arch/default-linux/odp/api/abi/crypto_types.h
@@ -0,0 +1,7 @@
+/* Copyright (c) 2022, Nokia
+ * All rights reserved.
+ *
+ * SPDX-License-Identifier:     BSD-3-Clause
+ */
+
+#include <odp/api/abi-default/crypto_types.h>
diff --git a/include/odp/arch/power64-linux/odp/api/abi/crypto_types.h b/include/odp/arch/power64-linux/odp/api/abi/crypto_types.h
new file mode 100644
index 000000000..ddadec1c1
--- /dev/null
+++ b/include/odp/arch/power64-linux/odp/api/abi/crypto_types.h
@@ -0,0 +1,7 @@
+/* Copyright (c) 2022, Nokia
+ * All rights reserved.
+ *
+ * SPDX-License-Identifier:     BSD-3-Clause
+ */
+
+#include <odp/api/abi-default/crypto_types.h>
diff --git a/include/odp/arch/x86_32-linux/odp/api/abi/crypto_types.h b/include/odp/arch/x86_32-linux/odp/api/abi/crypto_types.h
new file mode 100644
index 000000000..ddadec1c1
--- /dev/null
+++ b/include/odp/arch/x86_32-linux/odp/api/abi/crypto_types.h
@@ -0,0 +1,7 @@
+/* Copyright (c) 2022, Nokia
+ * All rights reserved.
+ *
+ * SPDX-License-Identifier:     BSD-3-Clause
+ */
+
+#include <odp/api/abi-default/crypto_types.h>
diff --git a/include/odp/arch/x86_64-linux/odp/api/abi/crypto_types.h b/include/odp/arch/x86_64-linux/odp/api/abi/crypto_types.h
new file mode 100644
index 000000000..ddadec1c1
--- /dev/null
+++ b/include/odp/arch/x86_64-linux/odp/api/abi/crypto_types.h
@@ -0,0 +1,7 @@
+/* Copyright (c) 2022, Nokia
+ * All rights reserved.
+ *
+ * SPDX-License-Identifier:     BSD-3-Clause
+ */
+
+#include <odp/api/abi-default/crypto_types.h>
diff --git a/platform/linux-generic/Makefile.am b/platform/linux-generic/Makefile.am
index 3310e9603..7bc48edd6 100644
--- a/platform/linux-generic/Makefile.am
+++ b/platform/linux-generic/Makefile.am
@@ -75,6 +75,7 @@ odpapiabiarchinclude_HEADERS += \
 		  include-abi/odp/api/abi/comp.h \
 		  include-abi/odp/api/abi/cpumask.h \
 		  include-abi/odp/api/abi/crypto.h \
+		  include-abi/odp/api/abi/crypto_types.h \
 		  include-abi/odp/api/abi/debug.h \
 		  include-abi/odp/api/abi/dma_types.h \
 		  include-abi/odp/api/abi/errno.h \
diff --git a/platform/linux-generic/include-abi/odp/api/abi/crypto.h b/platform/linux-generic/include-abi/odp/api/abi/crypto.h
index b57667e76..24019db12 100644
--- a/platform/linux-generic/include-abi/odp/api/abi/crypto.h
+++ b/platform/linux-generic/include-abi/odp/api/abi/crypto.h
@@ -1,4 +1,5 @@
 /* Copyright (c) 2015-2018, Linaro Limited
+ * Copyright (c) 2022, Nokia
  * All rights reserved.
  *
  * SPDX-License-Identifier:     BSD-3-Clause
@@ -18,18 +19,7 @@
 extern "C" {
 #endif
 
-/** @ingroup odp_crypto
- *  @{
- */
-
-#define ODP_CRYPTO_SESSION_INVALID (0xffffffffffffffffULL)
-
-typedef uint64_t odp_crypto_session_t;
-typedef ODP_HANDLE_T(odp_crypto_compl_t);
-
-/**
- * @}
- */
+/* Placeholder for inlined API functions */
 
 #ifdef __cplusplus
 }
diff --git a/platform/linux-generic/include-abi/odp/api/abi/crypto_types.h b/platform/linux-generic/include-abi/odp/api/abi/crypto_types.h
new file mode 100644
index 000000000..a5cb43c5d
--- /dev/null
+++ b/platform/linux-generic/include-abi/odp/api/abi/crypto_types.h
@@ -0,0 +1,42 @@
+/* Copyright (c) 2015-2018, Linaro Limited
+ * Copyright (c) 2022, Nokia
+ * All rights reserved.
+ *
+ * SPDX-License-Identifier:     BSD-3-Clause
+ */
+
+/**
+ * @file
+ *
+ * ODP crypto
+ */
+
+#ifndef ODP_API_ABI_CRYPTO_TYPES_H_
+#define ODP_API_ABI_CRYPTO_TYPES_H_
+
+#ifdef __cplusplus
+extern "C" {
+#endif
+
+#include <odp/api/std_types.h>
+
+#include <odp/api/plat/strong_types.h>
+
+/** @ingroup odp_crypto
+ *  @{
+ */
+
+#define ODP_CRYPTO_SESSION_INVALID (0xffffffffffffffffULL)
+
+typedef uint64_t odp_crypto_session_t;
+typedef ODP_HANDLE_T(odp_crypto_compl_t);
+
+/**
+ * @}
+ */
+
+#ifdef __cplusplus
+}
+#endif
+
+#endif
diff --git a/platform/linux-generic/odp_ipsec_sad.c b/platform/linux-generic/odp_ipsec_sad.c
index 1b3a90e6a..9bb89ad8b 100644
--- a/platform/linux-generic/odp_ipsec_sad.c
+++ b/platform/linux-generic/odp_ipsec_sad.c
@@ -6,6 +6,7 @@
  */
 
 #include <odp/api/atomic.h>
+#include <odp/api/crypto.h>
 #include <odp/api/ipsec.h>
 #include <odp/api/random.h>
 #include <odp/api/shared_memory.h>
author	Matias Elo <matias.elo@nokia.com>	2022-10-28 17:32:56 +0300
committer	Petri Savolainen <petri.savolainen@nokia.com>	2022-12-29 14:55:25 +0200
commit	648c27bfcfdf4c19e4418aedf75e803eb914bcfd (patch)
tree	ecbba3ab26824a47d2ed86c25f9c89ce5be28b8d
parent	ccb7b35bb75366968e316bbadd6a030a976e5b21 (diff)