DPDK patches and discussions
 help / color / mirror / Atom feed
* [dpdk-dev] [PATCH 00/13] Crypto operation restructuring
@ 2017-05-28 21:05 Pablo de Lara
  2017-05-28 21:05 ` [dpdk-dev] [PATCH 01/13] cryptodev: move session type to generic crypto op Pablo de Lara
                   ` (13 more replies)
  0 siblings, 14 replies; 100+ messages in thread
From: Pablo de Lara @ 2017-05-28 21:05 UTC (permalink / raw)
  To: declan.doherty, akhil.goyal, hemant.agrawal, zbigniew.bodek, jerin.jacob
  Cc: dev, Pablo de Lara

This patchset attempts to correct and improve the current crypto operation (rte_crypto_op)
and symmetric crypto operation (rte_crypto_sym_op) structures, shrinking
their sizes to fit both structures into two 64-byte cache lines (with extra space
for the IV and other user data) as one of the goals.

It also introduces new AEAD algorithm specific parameters, to simplify
its setup with a single transform, instead of a concatenation of
a cipher and an authentication transform.

The following changes are made:

In rte_crypto_op:

- Moved session type (with session/sessionless) from symmetric op to crypto op,
  as this could be used for other types

- Combined operation type, operation status and session type into a 64-bit flag (each one taking 1 byte),
  instead of having enums taking 4 bytes each

- Removed opaque data from crypto operation, as private data can be allocated
  just after the symmetric (or other type) crypto operation

- Modified symmetric operation pointer to zero-array, as the symmetric op should be always after the crypto operation

In rte_crypto_sym_xform:

- Removed AAD length from sym_xform (will be taken from operation only)

- Added IV length and offset in sym_xform, so these will be fixed for all the operations in a session

In rte_crypto_sym_op:

- Removed IV parameters, which will be only in the session.

- Added AEAD specific parameters.

- Create union with the new AEAD parameters and the cipher/authenticatoin parameters,
  as the three cannot be used at the same time

- Removed digest length from sym crypto op, so this length will be fixed for all the operations in a session

- Added zero-array at the end of sym crypto op to be used to get extra allocated memory (IV + other user data)

Changes that will be made in v2:

- AEAD algorithms will be set up only using the AEAD structure

- AAD will be removed from authentication algorithms, as it is used for AEAD algorithms

- AES GMAC will be an authentication only algorithm

- Cryptodev tests and crypto applications will be updated with these changes


Previous rte_crypto_op (40 bytes) and rte_crypto_sym_op (114 bytes) structures:

struct rte_crypto_op {
        enum rte_crypto_op_type type;

        enum rte_crypto_op_status status;

        struct rte_mempool *mempool;

        phys_addr_t phys_addr;

        void *opaque_data;

        union {
                struct rte_crypto_sym_op *sym;
        };
} __rte_cache_aligned;

struct rte_crypto_sym_op {
        struct rte_mbuf *m_src;
        struct rte_mbuf *m_dst;

        enum rte_crypto_sym_op_sess_type sess_type;

        RTE_STD_C11
        union {
                struct rte_cryptodev_sym_session *session;
                struct rte_crypto_sym_xform *xform;
        };

        struct {
                struct {
                        uint32_t offset;
                        uint32_t length;
                } data;

                struct {
                        uint8_t *data;
                        phys_addr_t phys_addr;
                        uint16_t length;
                } iv;
        } cipher;

        struct {
                struct {
                        uint32_t offset;
                        uint32_t length;
                } data;
                struct {
                        uint8_t *data;
                        phys_addr_t phys_addr;
                        uint16_t length;
                } digest; /**< Digest parameters */

                struct {
                        uint8_t *data;
                        phys_addr_t phys_addr;
                        uint16_t length;
                } aad;

        } auth;
} __rte_cache_aligned;

New rte_crypto_op (24 bytes) and rte_crypto_sym_op (72 bytes) structures:

struct rte_crypto_op {
        uint64_t type: 8;
        uint64_t status: 8;
        uint64_t sess_type: 8;

        struct rte_mempool *mempool;

        phys_addr_t phys_addr;

        RTE_STD_C11
        union {
                struct rte_crypto_sym_op sym[0];
        };
} __rte_cache_aligned;

struct rte_crypto_sym_op {
        struct rte_mbuf *m_src;
        struct rte_mbuf *m_dst;

        RTE_STD_C11
        union {
                struct rte_cryptodev_sym_session *session;
                struct rte_crypto_sym_xform *xform;
        };

        struct {
                uint8_t offset;
        } iv;

        struct {
                union {
                        struct {
                                uint32_t offset;
                                uint32_t length;
                        } data;
                        struct {
                                uint32_t length;
                                uint8_t *data;
                                phys_addr_t phys_addr;
                        } aad;
                };

                struct {
                        uint8_t *data;
                        phys_addr_t phys_addr;
                } digest;

        } auth;
        struct {
                struct {
                        uint32_t offset;
                        uint32_t length;
                } data;

        } cipher;

        __extension__ char _private[0];
       };

struct rte_crypto_sym_op {
        struct rte_mbuf *m_src;
        struct rte_mbuf *m_dst;

        RTE_STD_C11
        union {
                struct rte_cryptodev_sym_session *session;
                struct rte_crypto_sym_xform *xform;
        };

        union {
                struct {
                        struct {
                                uint32_t offset;
                                uint32_t length;
                        } data; 
                        struct {
                                uint8_t *data;
                                phys_addr_t phys_addr;
                        } digest; 
                        struct {
                                uint8_t *data;
                                phys_addr_t phys_addr; 
                                uint32_t length; 
                        } aad;
                } aead;

                struct {
                        struct {
                                struct {
                                        uint32_t offset;
                                        uint32_t length;
                                } data;
                        } cipher;

                        struct {
                                struct {
                                        uint32_t offset;
                                        uint32_t length;
                                } data;

                                struct {
                                        uint8_t *data;
                                        phys_addr_t phys_addr; 
                                } digest; 
                        } auth;
                };
        };
};

Pablo de Lara (13):
  cryptodev: move session type to generic crypto op
  cryptodev: replace enums with 1-byte variables
  cryptodev: remove opaque data pointer in crypto op
  cryptodev: do not store pointer to op specific params
  cryptodev: add crypto op helper macros
  cryptodev: remove additional auth data from xform
  cryptodev: remove digest length from crypto op
  app/crypto-perf: move IV to crypto op private data
  cryptodev: pass IV as offset
  cryptodev: move IV parameters to crypto session
  drivers/crypto: do not use AAD in wireless algorithms
  cryptodev: aad AEAD specific data
  cryptodev: add AEAD parameters in crypto operation

 app/test-crypto-perf/cperf_ops.c                   |  74 +--
 app/test-crypto-perf/cperf_ops.h                   |   6 +-
 app/test-crypto-perf/cperf_options.h               |   6 +-
 app/test-crypto-perf/cperf_options_parsing.c       |  13 +-
 app/test-crypto-perf/cperf_test_latency.c          |  44 +-
 app/test-crypto-perf/cperf_test_throughput.c       |  15 +-
 app/test-crypto-perf/cperf_test_vector_parsing.c   |   7 +-
 app/test-crypto-perf/cperf_test_vectors.c          |   7 +-
 app/test-crypto-perf/cperf_test_verify.c           |  14 +-
 app/test-crypto-perf/main.c                        |   9 +-
 doc/guides/tools/cryptoperf.rst                    |   8 +-
 drivers/crypto/aesni_gcm/aesni_gcm_pmd.c           | 135 +++--
 drivers/crypto/aesni_gcm/aesni_gcm_pmd_ops.c       |  12 +-
 drivers/crypto/aesni_gcm/aesni_gcm_pmd_private.h   |   7 +
 drivers/crypto/aesni_mb/rte_aesni_mb_pmd.c         |  13 +-
 drivers/crypto/aesni_mb/rte_aesni_mb_pmd_ops.c     |  37 +-
 drivers/crypto/aesni_mb/rte_aesni_mb_pmd_private.h |   5 +
 drivers/crypto/armv8/rte_armv8_pmd.c               |  26 +-
 drivers/crypto/armv8/rte_armv8_pmd_ops.c           |  12 +-
 drivers/crypto/armv8/rte_armv8_pmd_private.h       |  10 +-
 drivers/crypto/dpaa2_sec/dpaa2_sec_dpseci.c        |  71 ++-
 drivers/crypto/dpaa2_sec/dpaa2_sec_priv.h          |  31 +-
 drivers/crypto/kasumi/rte_kasumi_pmd.c             |  67 ++-
 drivers/crypto/kasumi/rte_kasumi_pmd_ops.c         |  21 +-
 drivers/crypto/kasumi/rte_kasumi_pmd_private.h     |   1 +
 drivers/crypto/null/null_crypto_pmd.c              |  15 +-
 drivers/crypto/null/null_crypto_pmd_ops.c          |   7 +-
 drivers/crypto/openssl/rte_openssl_pmd.c           |  30 +-
 drivers/crypto/openssl/rte_openssl_pmd_ops.c       |  74 +--
 drivers/crypto/openssl/rte_openssl_pmd_private.h   |   8 +
 drivers/crypto/qat/qat_adf/qat_algs.h              |   8 +-
 drivers/crypto/qat/qat_adf/qat_algs_build_desc.c   |  20 +-
 drivers/crypto/qat/qat_crypto.c                    |  45 +-
 drivers/crypto/qat/qat_crypto_capabilities.h       | 159 +++---
 drivers/crypto/snow3g/rte_snow3g_pmd.c             |  64 +--
 drivers/crypto/snow3g/rte_snow3g_pmd_ops.c         |  21 +-
 drivers/crypto/snow3g/rte_snow3g_pmd_private.h     |   1 +
 drivers/crypto/zuc/rte_zuc_pmd.c                   |  52 +-
 drivers/crypto/zuc/rte_zuc_pmd_ops.c               |  21 +-
 drivers/crypto/zuc/rte_zuc_pmd_private.h           |   1 +
 lib/librte_cryptodev/rte_crypto.h                  |  39 +-
 lib/librte_cryptodev/rte_crypto_sym.h              | 599 ++++++++++++---------
 lib/librte_cryptodev/rte_cryptodev.c               |  69 ++-
 lib/librte_cryptodev/rte_cryptodev.h               |  89 ++-
 test/test/test_cryptodev.c                         |  61 +--
 test/test/test_cryptodev_perf.c                    |   1 -
 46 files changed, 1204 insertions(+), 831 deletions(-)

-- 
2.7.4

^ permalink raw reply	[flat|nested] 100+ messages in thread

* [dpdk-dev] [PATCH 01/13] cryptodev: move session type to generic crypto op
  2017-05-28 21:05 [dpdk-dev] [PATCH 00/13] Crypto operation restructuring Pablo de Lara
@ 2017-05-28 21:05 ` Pablo de Lara
  2017-05-28 21:05 ` [dpdk-dev] [PATCH 02/13] cryptodev: replace enums with 1-byte variables Pablo de Lara
                   ` (12 subsequent siblings)
  13 siblings, 0 replies; 100+ messages in thread
From: Pablo de Lara @ 2017-05-28 21:05 UTC (permalink / raw)
  To: declan.doherty, akhil.goyal, hemant.agrawal, zbigniew.bodek, jerin.jacob
  Cc: dev, Pablo de Lara

Session type (operation with or without session) is not
something specific to symmetric operations.
Therefore, the variable is moved to the generic crypto operation
structure.

Signed-off-by: Pablo de Lara <pablo.de.lara.guarch@intel.com>
---
 drivers/crypto/aesni_gcm/aesni_gcm_pmd.c    | 15 ++++++++-------
 drivers/crypto/aesni_mb/rte_aesni_mb_pmd.c  |  4 ++--
 drivers/crypto/armv8/rte_armv8_pmd.c        |  4 ++--
 drivers/crypto/dpaa2_sec/dpaa2_sec_dpseci.c |  2 +-
 drivers/crypto/kasumi/rte_kasumi_pmd.c      |  6 +++---
 drivers/crypto/null/null_crypto_pmd.c       | 15 ++++++++-------
 drivers/crypto/openssl/rte_openssl_pmd.c    |  4 ++--
 drivers/crypto/qat/qat_crypto.c             |  2 +-
 drivers/crypto/snow3g/rte_snow3g_pmd.c      |  6 +++---
 drivers/crypto/zuc/rte_zuc_pmd.c            |  4 ++--
 lib/librte_cryptodev/rte_crypto.h           | 15 +++++++++++++++
 lib/librte_cryptodev/rte_crypto_sym.h       | 16 ----------------
 test/test/test_cryptodev.c                  |  8 ++++----
 13 files changed, 51 insertions(+), 50 deletions(-)

diff --git a/drivers/crypto/aesni_gcm/aesni_gcm_pmd.c b/drivers/crypto/aesni_gcm/aesni_gcm_pmd.c
index 101ef98..ec00d22 100644
--- a/drivers/crypto/aesni_gcm/aesni_gcm_pmd.c
+++ b/drivers/crypto/aesni_gcm/aesni_gcm_pmd.c
@@ -138,16 +138,17 @@ aesni_gcm_set_session_parameters(struct aesni_gcm_session *sess,
 
 /** Get gcm session */
 static struct aesni_gcm_session *
-aesni_gcm_get_session(struct aesni_gcm_qp *qp, struct rte_crypto_sym_op *op)
+aesni_gcm_get_session(struct aesni_gcm_qp *qp, struct rte_crypto_op *op)
 {
 	struct aesni_gcm_session *sess = NULL;
+	struct rte_crypto_sym_op *sym_op = op->sym;
 
-	if (op->sess_type == RTE_CRYPTO_SYM_OP_WITH_SESSION) {
-		if (unlikely(op->session->dev_type
+	if (op->sess_type == RTE_CRYPTO_OP_WITH_SESSION) {
+		if (unlikely(sym_op->session->dev_type
 					!= RTE_CRYPTODEV_AESNI_GCM_PMD))
 			return sess;
 
-		sess = (struct aesni_gcm_session *)op->session->_private;
+		sess = (struct aesni_gcm_session *)sym_op->session->_private;
 	} else  {
 		void *_sess;
 
@@ -158,7 +159,7 @@ aesni_gcm_get_session(struct aesni_gcm_qp *qp, struct rte_crypto_sym_op *op)
 			((struct rte_cryptodev_sym_session *)_sess)->_private;
 
 		if (unlikely(aesni_gcm_set_session_parameters(sess,
-				op->xform) != 0)) {
+				sym_op->xform) != 0)) {
 			rte_mempool_put(qp->sess_mp, _sess);
 			sess = NULL;
 		}
@@ -371,7 +372,7 @@ handle_completed_gcm_crypto_op(struct aesni_gcm_qp *qp,
 	post_process_gcm_crypto_op(op);
 
 	/* Free session if a session-less crypto op */
-	if (op->sym->sess_type == RTE_CRYPTO_SYM_OP_SESSIONLESS) {
+	if (op->sess_type == RTE_CRYPTO_OP_SESSIONLESS) {
 		rte_mempool_put(qp->sess_mp, op->sym->session);
 		op->sym->session = NULL;
 	}
@@ -392,7 +393,7 @@ aesni_gcm_pmd_dequeue_burst(void *queue_pair,
 
 	for (i = 0; i < nb_dequeued; i++) {
 
-		sess = aesni_gcm_get_session(qp, ops[i]->sym);
+		sess = aesni_gcm_get_session(qp, ops[i]);
 		if (unlikely(sess == NULL)) {
 			ops[i]->status = RTE_CRYPTO_OP_STATUS_INVALID_ARGS;
 			qp->qp_stats.dequeue_err_count++;
diff --git a/drivers/crypto/aesni_mb/rte_aesni_mb_pmd.c b/drivers/crypto/aesni_mb/rte_aesni_mb_pmd.c
index 45b25c9..21e3bb2 100644
--- a/drivers/crypto/aesni_mb/rte_aesni_mb_pmd.c
+++ b/drivers/crypto/aesni_mb/rte_aesni_mb_pmd.c
@@ -344,7 +344,7 @@ get_session(struct aesni_mb_qp *qp, struct rte_crypto_op *op)
 {
 	struct aesni_mb_session *sess = NULL;
 
-	if (op->sym->sess_type == RTE_CRYPTO_SYM_OP_WITH_SESSION) {
+	if (op->sess_type == RTE_CRYPTO_OP_WITH_SESSION) {
 		if (unlikely(op->sym->session->dev_type !=
 				RTE_CRYPTODEV_AESNI_MB_PMD)) {
 			return NULL;
@@ -544,7 +544,7 @@ post_process_mb_job(struct aesni_mb_qp *qp, JOB_AES_HMAC *job)
 	}
 
 	/* Free session if a session-less crypto op */
-	if (op->sym->sess_type == RTE_CRYPTO_SYM_OP_SESSIONLESS) {
+	if (op->sess_type == RTE_CRYPTO_OP_SESSIONLESS) {
 		rte_mempool_put(qp->sess_mp, op->sym->session);
 		op->sym->session = NULL;
 	}
diff --git a/drivers/crypto/armv8/rte_armv8_pmd.c b/drivers/crypto/armv8/rte_armv8_pmd.c
index 3d603a5..146e68a 100644
--- a/drivers/crypto/armv8/rte_armv8_pmd.c
+++ b/drivers/crypto/armv8/rte_armv8_pmd.c
@@ -544,7 +544,7 @@ get_session(struct armv8_crypto_qp *qp, struct rte_crypto_op *op)
 {
 	struct armv8_crypto_session *sess = NULL;
 
-	if (op->sym->sess_type == RTE_CRYPTO_SYM_OP_WITH_SESSION) {
+	if (op->sess_type == RTE_CRYPTO_OP_WITH_SESSION) {
 		/* get existing session */
 		if (likely(op->sym->session != NULL &&
 				op->sym->session->dev_type ==
@@ -699,7 +699,7 @@ process_op(const struct armv8_crypto_qp *qp, struct rte_crypto_op *op,
 	}
 
 	/* Free session if a session-less crypto op */
-	if (op->sym->sess_type == RTE_CRYPTO_SYM_OP_SESSIONLESS) {
+	if (op->sess_type == RTE_CRYPTO_OP_SESSIONLESS) {
 		memset(sess, 0, sizeof(struct armv8_crypto_session));
 		rte_mempool_put(qp->sess_mp, op->sym->session);
 		op->sym->session = NULL;
diff --git a/drivers/crypto/dpaa2_sec/dpaa2_sec_dpseci.c b/drivers/crypto/dpaa2_sec/dpaa2_sec_dpseci.c
index 4e01fe8..ba0bfb3 100644
--- a/drivers/crypto/dpaa2_sec/dpaa2_sec_dpseci.c
+++ b/drivers/crypto/dpaa2_sec/dpaa2_sec_dpseci.c
@@ -437,7 +437,7 @@ dpaa2_sec_enqueue_burst(void *qp, struct rte_crypto_op **ops,
 	if (unlikely(nb_ops == 0))
 		return 0;
 
-	if (ops[0]->sym->sess_type != RTE_CRYPTO_SYM_OP_WITH_SESSION) {
+	if (ops[0]->sess_type != RTE_CRYPTO_OP_WITH_SESSION) {
 		RTE_LOG(ERR, PMD, "sessionless crypto op not supported\n");
 		return 0;
 	}
diff --git a/drivers/crypto/kasumi/rte_kasumi_pmd.c b/drivers/crypto/kasumi/rte_kasumi_pmd.c
index 9da9e89..d089b0d 100644
--- a/drivers/crypto/kasumi/rte_kasumi_pmd.c
+++ b/drivers/crypto/kasumi/rte_kasumi_pmd.c
@@ -142,7 +142,7 @@ kasumi_get_session(struct kasumi_qp *qp, struct rte_crypto_op *op)
 {
 	struct kasumi_session *sess;
 
-	if (op->sym->sess_type == RTE_CRYPTO_SYM_OP_WITH_SESSION) {
+	if (op->sess_type == RTE_CRYPTO_OP_WITH_SESSION) {
 		if (unlikely(op->sym->session->dev_type !=
 				RTE_CRYPTODEV_KASUMI_PMD))
 			return NULL;
@@ -352,7 +352,7 @@ process_ops(struct rte_crypto_op **ops, struct kasumi_session *session,
 		if (ops[i]->status == RTE_CRYPTO_OP_STATUS_NOT_PROCESSED)
 			ops[i]->status = RTE_CRYPTO_OP_STATUS_SUCCESS;
 		/* Free session if a session-less crypto op. */
-		if (ops[i]->sym->sess_type == RTE_CRYPTO_SYM_OP_SESSIONLESS) {
+		if (ops[i]->sess_type == RTE_CRYPTO_OP_SESSIONLESS) {
 			rte_mempool_put(qp->sess_mp, ops[i]->sym->session);
 			ops[i]->sym->session = NULL;
 		}
@@ -404,7 +404,7 @@ process_op_bit(struct rte_crypto_op *op, struct kasumi_session *session,
 		op->status = RTE_CRYPTO_OP_STATUS_SUCCESS;
 
 	/* Free session if a session-less crypto op. */
-	if (op->sym->sess_type == RTE_CRYPTO_SYM_OP_SESSIONLESS) {
+	if (op->sess_type == RTE_CRYPTO_OP_SESSIONLESS) {
 		rte_mempool_put(qp->sess_mp, op->sym->session);
 		op->sym->session = NULL;
 	}
diff --git a/drivers/crypto/null/null_crypto_pmd.c b/drivers/crypto/null/null_crypto_pmd.c
index 023450a..ab4826f 100644
--- a/drivers/crypto/null/null_crypto_pmd.c
+++ b/drivers/crypto/null/null_crypto_pmd.c
@@ -89,16 +89,17 @@ process_op(const struct null_crypto_qp *qp, struct rte_crypto_op *op,
 }
 
 static struct null_crypto_session *
-get_session(struct null_crypto_qp *qp, struct rte_crypto_sym_op *op)
+get_session(struct null_crypto_qp *qp, struct rte_crypto_op *op)
 {
 	struct null_crypto_session *sess;
+	struct rte_crypto_sym_op *sym_op = op->sym;
 
-	if (op->sess_type == RTE_CRYPTO_SYM_OP_WITH_SESSION) {
-		if (unlikely(op->session == NULL ||
-			     op->session->dev_type != RTE_CRYPTODEV_NULL_PMD))
+	if (op->sess_type == RTE_CRYPTO_OP_WITH_SESSION) {
+		if (unlikely(sym_op->session == NULL ||
+			     sym_op->session->dev_type != RTE_CRYPTODEV_NULL_PMD))
 			return NULL;
 
-		sess = (struct null_crypto_session *)op->session->_private;
+		sess = (struct null_crypto_session *)sym_op->session->_private;
 	} else  {
 		struct rte_cryptodev_session *c_sess = NULL;
 
@@ -107,7 +108,7 @@ get_session(struct null_crypto_qp *qp, struct rte_crypto_sym_op *op)
 
 		sess = (struct null_crypto_session *)c_sess->_private;
 
-		if (null_crypto_set_session_parameters(sess, op->xform)	!= 0)
+		if (null_crypto_set_session_parameters(sess, sym_op->xform) != 0)
 			return NULL;
 	}
 
@@ -125,7 +126,7 @@ null_crypto_pmd_enqueue_burst(void *queue_pair, struct rte_crypto_op **ops,
 	int i, retval;
 
 	for (i = 0; i < nb_ops; i++) {
-		sess = get_session(qp, ops[i]->sym);
+		sess = get_session(qp, ops[i]);
 		if (unlikely(sess == NULL))
 			goto enqueue_err;
 
diff --git a/drivers/crypto/openssl/rte_openssl_pmd.c b/drivers/crypto/openssl/rte_openssl_pmd.c
index f0c5ca3..a92bd88 100644
--- a/drivers/crypto/openssl/rte_openssl_pmd.c
+++ b/drivers/crypto/openssl/rte_openssl_pmd.c
@@ -445,7 +445,7 @@ get_session(struct openssl_qp *qp, struct rte_crypto_op *op)
 {
 	struct openssl_session *sess = NULL;
 
-	if (op->sym->sess_type == RTE_CRYPTO_SYM_OP_WITH_SESSION) {
+	if (op->sess_type == RTE_CRYPTO_OP_WITH_SESSION) {
 		/* get existing session */
 		if (likely(op->sym->session != NULL &&
 				op->sym->session->dev_type ==
@@ -1195,7 +1195,7 @@ process_op(const struct openssl_qp *qp, struct rte_crypto_op *op,
 	}
 
 	/* Free session if a session-less crypto op */
-	if (op->sym->sess_type == RTE_CRYPTO_SYM_OP_SESSIONLESS) {
+	if (op->sess_type == RTE_CRYPTO_OP_SESSIONLESS) {
 		openssl_reset_session(sess);
 		memset(sess, 0, sizeof(struct openssl_session));
 		rte_mempool_put(qp->sess_mp, op->sym->session);
diff --git a/drivers/crypto/qat/qat_crypto.c b/drivers/crypto/qat/qat_crypto.c
index 386aa45..3bf3133 100644
--- a/drivers/crypto/qat/qat_crypto.c
+++ b/drivers/crypto/qat/qat_crypto.c
@@ -907,7 +907,7 @@ qat_write_hw_desc_entry(struct rte_crypto_op *op, uint8_t *out_msg,
 		return -EINVAL;
 	}
 #endif
-	if (unlikely(op->sym->sess_type == RTE_CRYPTO_SYM_OP_SESSIONLESS)) {
+	if (unlikely(op->sess_type == RTE_CRYPTO_OP_SESSIONLESS)) {
 		PMD_DRV_LOG(ERR, "QAT PMD only supports session oriented"
 				" requests, op (%p) is sessionless.", op);
 		return -EINVAL;
diff --git a/drivers/crypto/snow3g/rte_snow3g_pmd.c b/drivers/crypto/snow3g/rte_snow3g_pmd.c
index 960956c..d928ed2 100644
--- a/drivers/crypto/snow3g/rte_snow3g_pmd.c
+++ b/drivers/crypto/snow3g/rte_snow3g_pmd.c
@@ -142,7 +142,7 @@ snow3g_get_session(struct snow3g_qp *qp, struct rte_crypto_op *op)
 {
 	struct snow3g_session *sess;
 
-	if (op->sym->sess_type == RTE_CRYPTO_SYM_OP_WITH_SESSION) {
+	if (op->sess_type == RTE_CRYPTO_OP_WITH_SESSION) {
 		if (unlikely(op->sym->session->dev_type !=
 				RTE_CRYPTODEV_SNOW3G_PMD))
 			return NULL;
@@ -356,7 +356,7 @@ process_ops(struct rte_crypto_op **ops, struct snow3g_session *session,
 		if (ops[i]->status == RTE_CRYPTO_OP_STATUS_NOT_PROCESSED)
 			ops[i]->status = RTE_CRYPTO_OP_STATUS_SUCCESS;
 		/* Free session if a session-less crypto op. */
-		if (ops[i]->sym->sess_type == RTE_CRYPTO_SYM_OP_SESSIONLESS) {
+		if (ops[i]->sess_type == RTE_CRYPTO_OP_SESSIONLESS) {
 			rte_mempool_put(qp->sess_mp, ops[i]->sym->session);
 			ops[i]->sym->session = NULL;
 		}
@@ -408,7 +408,7 @@ process_op_bit(struct rte_crypto_op *op, struct snow3g_session *session,
 		op->status = RTE_CRYPTO_OP_STATUS_SUCCESS;
 
 	/* Free session if a session-less crypto op. */
-	if (op->sym->sess_type == RTE_CRYPTO_SYM_OP_SESSIONLESS) {
+	if (op->sess_type == RTE_CRYPTO_OP_SESSIONLESS) {
 		rte_mempool_put(qp->sess_mp, op->sym->session);
 		op->sym->session = NULL;
 	}
diff --git a/drivers/crypto/zuc/rte_zuc_pmd.c b/drivers/crypto/zuc/rte_zuc_pmd.c
index 1020544..046c830 100644
--- a/drivers/crypto/zuc/rte_zuc_pmd.c
+++ b/drivers/crypto/zuc/rte_zuc_pmd.c
@@ -141,7 +141,7 @@ zuc_get_session(struct zuc_qp *qp, struct rte_crypto_op *op)
 {
 	struct zuc_session *sess;
 
-	if (op->sym->sess_type == RTE_CRYPTO_SYM_OP_WITH_SESSION) {
+	if (op->sess_type == RTE_CRYPTO_OP_WITH_SESSION) {
 		if (unlikely(op->sym->session->dev_type !=
 				RTE_CRYPTODEV_ZUC_PMD))
 			return NULL;
@@ -332,7 +332,7 @@ process_ops(struct rte_crypto_op **ops, struct zuc_session *session,
 		if (ops[i]->status == RTE_CRYPTO_OP_STATUS_NOT_PROCESSED)
 			ops[i]->status = RTE_CRYPTO_OP_STATUS_SUCCESS;
 		/* Free session if a session-less crypto op. */
-		if (ops[i]->sym->sess_type == RTE_CRYPTO_SYM_OP_SESSIONLESS) {
+		if (ops[i]->sess_type == RTE_CRYPTO_OP_SESSIONLESS) {
 			rte_mempool_put(qp->sess_mp, ops[i]->sym->session);
 			ops[i]->sym->session = NULL;
 		}
diff --git a/lib/librte_cryptodev/rte_crypto.h b/lib/librte_cryptodev/rte_crypto.h
index 9019518..ac5c184 100644
--- a/lib/librte_cryptodev/rte_crypto.h
+++ b/lib/librte_cryptodev/rte_crypto.h
@@ -82,6 +82,16 @@ enum rte_crypto_op_status {
 };
 
 /**
+ * Crypto operation session type. This is used to specify whether a crypto
+ * operation has session structure attached for immutable parameters or if all
+ * operation information is included in the operation data structure.
+ */
+enum rte_crypto_op_sess_type {
+	RTE_CRYPTO_OP_WITH_SESSION,	/**< Session based crypto operation */
+	RTE_CRYPTO_OP_SESSIONLESS	/**< Session-less crypto operation */
+};
+
+/**
  * Cryptographic Operation.
  *
  * This structure contains data relating to performing cryptographic
@@ -102,6 +112,8 @@ struct rte_crypto_op {
 	 * will be set to RTE_CRYPTO_OP_STATUS_SUCCESS after crypto operation
 	 * is successfully processed by a crypto PMD
 	 */
+	enum rte_crypto_op_sess_type  sess_type;
+	/**< operation session type */
 
 	struct rte_mempool *mempool;
 	/**< crypto operation mempool which operation is allocated from */
@@ -130,6 +142,7 @@ __rte_crypto_op_reset(struct rte_crypto_op *op, enum rte_crypto_op_type type)
 {
 	op->type = type;
 	op->status = RTE_CRYPTO_OP_STATUS_NOT_PROCESSED;
+	op->sess_type = RTE_CRYPTO_OP_SESSIONLESS;
 
 	switch (type) {
 	case RTE_CRYPTO_OP_TYPE_SYMMETRIC:
@@ -407,6 +420,8 @@ rte_crypto_op_attach_sym_session(struct rte_crypto_op *op,
 	if (unlikely(op->type != RTE_CRYPTO_OP_TYPE_SYMMETRIC))
 		return -1;
 
+	op->sess_type = RTE_CRYPTO_OP_WITH_SESSION;
+
 	return __rte_crypto_sym_op_attach_sym_session(op->sym, sess);
 }
 
diff --git a/lib/librte_cryptodev/rte_crypto_sym.h b/lib/librte_cryptodev/rte_crypto_sym.h
index 3a40844..386b120 100644
--- a/lib/librte_cryptodev/rte_crypto_sym.h
+++ b/lib/librte_cryptodev/rte_crypto_sym.h
@@ -376,17 +376,6 @@ struct rte_crypto_sym_xform {
 	};
 };
 
-/**
- * Crypto operation session type. This is used to specify whether a crypto
- * operation has session structure attached for immutable parameters or if all
- * operation information is included in the operation data structure.
- */
-enum rte_crypto_sym_op_sess_type {
-	RTE_CRYPTO_SYM_OP_WITH_SESSION,	/**< Session based crypto operation */
-	RTE_CRYPTO_SYM_OP_SESSIONLESS	/**< Session-less crypto operation */
-};
-
-
 struct rte_cryptodev_sym_session;
 
 /**
@@ -423,8 +412,6 @@ struct rte_crypto_sym_op {
 	struct rte_mbuf *m_src;	/**< source mbuf */
 	struct rte_mbuf *m_dst;	/**< destination mbuf */
 
-	enum rte_crypto_sym_op_sess_type sess_type;
-
 	RTE_STD_C11
 	union {
 		struct rte_cryptodev_sym_session *session;
@@ -665,8 +652,6 @@ static inline void
 __rte_crypto_sym_op_reset(struct rte_crypto_sym_op *op)
 {
 	memset(op, 0, sizeof(*op));
-
-	op->sess_type = RTE_CRYPTO_SYM_OP_SESSIONLESS;
 }
 
 
@@ -708,7 +693,6 @@ __rte_crypto_sym_op_attach_sym_session(struct rte_crypto_sym_op *sym_op,
 		struct rte_cryptodev_sym_session *sess)
 {
 	sym_op->session = sess;
-	sym_op->sess_type = RTE_CRYPTO_SYM_OP_WITH_SESSION;
 
 	return 0;
 }
diff --git a/test/test/test_cryptodev.c b/test/test/test_cryptodev.c
index 029ce8a..543b60b 100644
--- a/test/test/test_cryptodev.c
+++ b/test/test/test_cryptodev.c
@@ -5557,8 +5557,8 @@ test_AES_GCM_authenticated_encryption_sessionless(
 
 	ut_params->op->sym->m_src = ut_params->ibuf;
 
-	TEST_ASSERT_EQUAL(ut_params->op->sym->sess_type,
-			RTE_CRYPTO_SYM_OP_SESSIONLESS,
+	TEST_ASSERT_EQUAL(ut_params->op->sess_type,
+			RTE_CRYPTO_OP_SESSIONLESS,
 			"crypto op session type not sessionless");
 
 	/* Process crypto operation */
@@ -5637,8 +5637,8 @@ test_AES_GCM_authenticated_decryption_sessionless(
 
 	ut_params->op->sym->m_src = ut_params->ibuf;
 
-	TEST_ASSERT_EQUAL(ut_params->op->sym->sess_type,
-			RTE_CRYPTO_SYM_OP_SESSIONLESS,
+	TEST_ASSERT_EQUAL(ut_params->op->sess_type,
+			RTE_CRYPTO_OP_SESSIONLESS,
 			"crypto op session type not sessionless");
 
 	/* Process crypto operation */
-- 
2.7.4

^ permalink raw reply	[flat|nested] 100+ messages in thread

* [dpdk-dev] [PATCH 02/13] cryptodev: replace enums with 1-byte variables
  2017-05-28 21:05 [dpdk-dev] [PATCH 00/13] Crypto operation restructuring Pablo de Lara
  2017-05-28 21:05 ` [dpdk-dev] [PATCH 01/13] cryptodev: move session type to generic crypto op Pablo de Lara
@ 2017-05-28 21:05 ` Pablo de Lara
  2017-05-28 21:05 ` [dpdk-dev] [PATCH 03/13] cryptodev: remove opaque data pointer in crypto op Pablo de Lara
                   ` (11 subsequent siblings)
  13 siblings, 0 replies; 100+ messages in thread
From: Pablo de Lara @ 2017-05-28 21:05 UTC (permalink / raw)
  To: declan.doherty, akhil.goyal, hemant.agrawal, zbigniew.bodek, jerin.jacob
  Cc: dev, Pablo de Lara

Instead of storing some crypto operation flags,
such as operation status, as enumerations,
store them as uint8_t, for memory efficiency.

Also, reserve extra 5 bytes in the crypto operation,
for future additions.

Signed-off-by: Pablo de Lara <pablo.de.lara.guarch@intel.com>
---
 lib/librte_cryptodev/rte_crypto.h | 9 +++++----
 1 file changed, 5 insertions(+), 4 deletions(-)

diff --git a/lib/librte_cryptodev/rte_crypto.h b/lib/librte_cryptodev/rte_crypto.h
index ac5c184..8e2b640 100644
--- a/lib/librte_cryptodev/rte_crypto.h
+++ b/lib/librte_cryptodev/rte_crypto.h
@@ -102,19 +102,20 @@ enum rte_crypto_op_sess_type {
  * rte_cryptodev_enqueue_burst() / rte_cryptodev_dequeue_burst() .
  */
 struct rte_crypto_op {
-	enum rte_crypto_op_type type;
+	uint8_t type;
 	/**< operation type */
-
-	enum rte_crypto_op_status status;
+	uint8_t status;
 	/**<
 	 * operation status - this is reset to
 	 * RTE_CRYPTO_OP_STATUS_NOT_PROCESSED on allocation from mempool and
 	 * will be set to RTE_CRYPTO_OP_STATUS_SUCCESS after crypto operation
 	 * is successfully processed by a crypto PMD
 	 */
-	enum rte_crypto_op_sess_type  sess_type;
+	uint8_t sess_type;
 	/**< operation session type */
 
+	uint8_t reserved[5];
+	/**< Reserved bytes to fill 64 bits for future additions */
 	struct rte_mempool *mempool;
 	/**< crypto operation mempool which operation is allocated from */
 
-- 
2.7.4

^ permalink raw reply	[flat|nested] 100+ messages in thread

* [dpdk-dev] [PATCH 03/13] cryptodev: remove opaque data pointer in crypto op
  2017-05-28 21:05 [dpdk-dev] [PATCH 00/13] Crypto operation restructuring Pablo de Lara
  2017-05-28 21:05 ` [dpdk-dev] [PATCH 01/13] cryptodev: move session type to generic crypto op Pablo de Lara
  2017-05-28 21:05 ` [dpdk-dev] [PATCH 02/13] cryptodev: replace enums with 1-byte variables Pablo de Lara
@ 2017-05-28 21:05 ` Pablo de Lara
  2017-05-28 21:05 ` [dpdk-dev] [PATCH 04/13] cryptodev: do not store pointer to op specific params Pablo de Lara
                   ` (10 subsequent siblings)
  13 siblings, 0 replies; 100+ messages in thread
From: Pablo de Lara @ 2017-05-28 21:05 UTC (permalink / raw)
  To: declan.doherty, akhil.goyal, hemant.agrawal, zbigniew.bodek, jerin.jacob
  Cc: dev, Pablo de Lara

Storing a pointer to the user data is unnecessary,
since user can store additional data, after the crypto operation.

Signed-off-by: Pablo de Lara <pablo.de.lara.guarch@intel.com>
---
 app/test-crypto-perf/cperf_test_latency.c | 30 +++++++++++++++++++-----------
 lib/librte_cryptodev/rte_crypto.h         |  5 -----
 2 files changed, 19 insertions(+), 16 deletions(-)

diff --git a/app/test-crypto-perf/cperf_test_latency.c b/app/test-crypto-perf/cperf_test_latency.c
index e61ac97..215614e 100644
--- a/app/test-crypto-perf/cperf_test_latency.c
+++ b/app/test-crypto-perf/cperf_test_latency.c
@@ -66,6 +66,10 @@ struct cperf_latency_ctx {
 	struct cperf_op_result *res;
 };
 
+struct priv_op_data {
+	struct cperf_op_result *result;
+};
+
 #define max(a, b) (a > b ? (uint64_t)a : (uint64_t)b)
 #define min(a, b) (a < b ? (uint64_t)a : (uint64_t)b)
 
@@ -276,8 +280,9 @@ cperf_latency_test_constructor(uint8_t dev_id, uint16_t qp_id,
 	snprintf(pool_name, sizeof(pool_name), "cperf_op_pool_cdev_%d",
 			dev_id);
 
+	uint16_t priv_size = sizeof(struct priv_op_data);
 	ctx->crypto_op_pool = rte_crypto_op_pool_create(pool_name,
-			RTE_CRYPTO_OP_TYPE_SYMMETRIC, options->pool_sz, 0, 0,
+			RTE_CRYPTO_OP_TYPE_SYMMETRIC, options->pool_sz, 0, priv_size,
 			rte_socket_id());
 	if (ctx->crypto_op_pool == NULL)
 		goto err;
@@ -299,7 +304,6 @@ int
 cperf_latency_test_runner(void *arg)
 {
 	struct cperf_latency_ctx *ctx = arg;
-	struct cperf_op_result *pres;
 	uint16_t test_burst_size;
 	uint8_t burst_size_idx = 0;
 
@@ -311,6 +315,7 @@ cperf_latency_test_runner(void *arg)
 	struct rte_crypto_op *ops[ctx->options->max_burst_size];
 	struct rte_crypto_op *ops_processed[ctx->options->max_burst_size];
 	uint64_t i;
+	struct priv_op_data *priv_data;
 
 	uint32_t lcore = rte_lcore_id();
 
@@ -398,7 +403,12 @@ cperf_latency_test_runner(void *arg)
 
 			for (i = 0; i < ops_enqd; i++) {
 				ctx->res[tsc_idx].tsc_start = tsc_start;
-				ops[i]->opaque_data = (void *)&ctx->res[tsc_idx];
+				/*
+				 * Private data structure starts after the end of the
+				 * rte_crypto_sym_op structure.
+				 */
+				priv_data = (struct priv_op_data *) (ops[i]->sym + 1);
+				priv_data->result = (void *)&ctx->res[tsc_idx];
 				tsc_idx++;
 			}
 
@@ -410,10 +420,9 @@ cperf_latency_test_runner(void *arg)
 				 * failures.
 				 */
 				for (i = 0; i < ops_deqd; i++) {
-					pres = (struct cperf_op_result *)
-							(ops_processed[i]->opaque_data);
-					pres->status = ops_processed[i]->status;
-					pres->tsc_end = tsc_end;
+					priv_data = (struct priv_op_data *) (ops[i]->sym + 1);
+					priv_data->result->status = ops_processed[i]->status;
+					priv_data->result->tsc_end = tsc_end;
 
 					rte_crypto_op_free(ops_processed[i]);
 				}
@@ -446,10 +455,9 @@ cperf_latency_test_runner(void *arg)
 
 			if (ops_deqd != 0) {
 				for (i = 0; i < ops_deqd; i++) {
-					pres = (struct cperf_op_result *)
-							(ops_processed[i]->opaque_data);
-					pres->status = ops_processed[i]->status;
-					pres->tsc_end = tsc_end;
+					priv_data = (struct priv_op_data *) (ops[i]->sym + 1);
+					priv_data->result->status = ops_processed[i]->status;
+					priv_data->result->tsc_end = tsc_end;
 
 					rte_crypto_op_free(ops_processed[i]);
 				}
diff --git a/lib/librte_cryptodev/rte_crypto.h b/lib/librte_cryptodev/rte_crypto.h
index 8e2b640..c2677fa 100644
--- a/lib/librte_cryptodev/rte_crypto.h
+++ b/lib/librte_cryptodev/rte_crypto.h
@@ -122,9 +122,6 @@ struct rte_crypto_op {
 	phys_addr_t phys_addr;
 	/**< physical address of crypto operation */
 
-	void *opaque_data;
-	/**< Opaque pointer for user data */
-
 	RTE_STD_C11
 	union {
 		struct rte_crypto_sym_op *sym;
@@ -158,8 +155,6 @@ __rte_crypto_op_reset(struct rte_crypto_op *op, enum rte_crypto_op_type type)
 	default:
 		break;
 	}
-
-	op->opaque_data = NULL;
 }
 
 /**
-- 
2.7.4

^ permalink raw reply	[flat|nested] 100+ messages in thread

* [dpdk-dev] [PATCH 04/13] cryptodev: do not store pointer to op specific params
  2017-05-28 21:05 [dpdk-dev] [PATCH 00/13] Crypto operation restructuring Pablo de Lara
                   ` (2 preceding siblings ...)
  2017-05-28 21:05 ` [dpdk-dev] [PATCH 03/13] cryptodev: remove opaque data pointer in crypto op Pablo de Lara
@ 2017-05-28 21:05 ` Pablo de Lara
  2017-05-28 21:05 ` [dpdk-dev] [PATCH 05/13] cryptodev: add crypto op helper macros Pablo de Lara
                   ` (9 subsequent siblings)
  13 siblings, 0 replies; 100+ messages in thread
From: Pablo de Lara @ 2017-05-28 21:05 UTC (permalink / raw)
  To: declan.doherty, akhil.goyal, hemant.agrawal, zbigniew.bodek, jerin.jacob
  Cc: dev, Pablo de Lara

Instead of storing a pointer to operation specific parameters,
such as symmetric crypto parameters, use a zero-length array,
to mark that these parameters will be stored after the
generic crypto operation structure, which was already assumed
in the code.

Signed-off-by: Pablo de Lara <pablo.de.lara.guarch@intel.com>
---
 lib/librte_cryptodev/rte_crypto.h     | 12 +++---------
 lib/librte_cryptodev/rte_crypto_sym.h |  2 +-
 2 files changed, 4 insertions(+), 10 deletions(-)

diff --git a/lib/librte_cryptodev/rte_crypto.h b/lib/librte_cryptodev/rte_crypto.h
index c2677fa..23fad79 100644
--- a/lib/librte_cryptodev/rte_crypto.h
+++ b/lib/librte_cryptodev/rte_crypto.h
@@ -124,10 +124,10 @@ struct rte_crypto_op {
 
 	RTE_STD_C11
 	union {
-		struct rte_crypto_sym_op *sym;
+		struct rte_crypto_sym_op sym[0];
 		/**< Symmetric operation parameters */
-	}; /**< operation specific parameters */
-} __rte_cache_aligned;
+	} /**< operation specific parameters */ __rte_aligned(8);
+};
 
 /**
  * Reset the fields of a crypto operation to their default values.
@@ -144,12 +144,6 @@ __rte_crypto_op_reset(struct rte_crypto_op *op, enum rte_crypto_op_type type)
 
 	switch (type) {
 	case RTE_CRYPTO_OP_TYPE_SYMMETRIC:
-		/** Symmetric operation structure starts after the end of the
-		 * rte_crypto_op structure.
-		 */
-		op->sym = (struct rte_crypto_sym_op *)(op + 1);
-		op->type = type;
-
 		__rte_crypto_sym_op_reset(op->sym);
 		break;
 	default:
diff --git a/lib/librte_cryptodev/rte_crypto_sym.h b/lib/librte_cryptodev/rte_crypto_sym.h
index 386b120..39ad1e3 100644
--- a/lib/librte_cryptodev/rte_crypto_sym.h
+++ b/lib/librte_cryptodev/rte_crypto_sym.h
@@ -640,7 +640,7 @@ struct rte_crypto_sym_op {
 		} aad;
 		/**< Additional authentication parameters */
 	} auth;
-} __rte_cache_aligned;
+};
 
 
 /**
-- 
2.7.4

^ permalink raw reply	[flat|nested] 100+ messages in thread

* [dpdk-dev] [PATCH 05/13] cryptodev: add crypto op helper macros
  2017-05-28 21:05 [dpdk-dev] [PATCH 00/13] Crypto operation restructuring Pablo de Lara
                   ` (3 preceding siblings ...)
  2017-05-28 21:05 ` [dpdk-dev] [PATCH 04/13] cryptodev: do not store pointer to op specific params Pablo de Lara
@ 2017-05-28 21:05 ` Pablo de Lara
  2017-05-28 21:05 ` [dpdk-dev] [PATCH 06/13] cryptodev: remove additional auth data from xform Pablo de Lara
                   ` (8 subsequent siblings)
  13 siblings, 0 replies; 100+ messages in thread
From: Pablo de Lara @ 2017-05-28 21:05 UTC (permalink / raw)
  To: declan.doherty, akhil.goyal, hemant.agrawal, zbigniew.bodek, jerin.jacob
  Cc: dev, Pablo de Lara

In order to facilitate the access to the private data,
after the crypto operation, two new macros have been
implemented:

- rte_crypto_op_ctod_offset(c,t,o), which returns a pointer
  to "o" bytes after the start of the crypto operation
- rte_crypto_op_ctophys_offset(c, o), which returns
  the physical address of the data "o" bytes after the
  start of the crypto operation

Signed-off-by: Pablo de Lara <pablo.de.lara.guarch@intel.com>
---
 lib/librte_cryptodev/rte_cryptodev.h | 29 +++++++++++++++++++++++++++++
 1 file changed, 29 insertions(+)

diff --git a/lib/librte_cryptodev/rte_cryptodev.h b/lib/librte_cryptodev/rte_cryptodev.h
index 88aeb87..bd09176 100644
--- a/lib/librte_cryptodev/rte_cryptodev.h
+++ b/lib/librte_cryptodev/rte_cryptodev.h
@@ -118,6 +118,35 @@ extern const char **rte_cyptodev_names;
 #define CDEV_PMD_TRACE(...) (void)0
 #endif
 
+
+
+/**
+ * A macro that points to an offset into the crypto operation structure.
+ *
+ * The returned pointer is cast to type t.
+ *
+ * @param c
+ *   The crypto operation.
+ * @param o
+ *   The offset into the crypto operation.
+ * @param t
+ *   The type to cast the result into.
+ */
+#define rte_crypto_op_ctod_offset(c, t, o)	\
+	((t)((char *)(c) + (o)))
+
+/**
+ * A macro that returns the physical address that points
+ * to an offset of the start of the crypto operation
+ *
+ * @param c
+ *   The crypto operation.
+ * @param o
+ *   The offset into the data to calculate address from.
+ */
+#define rte_crypto_op_ctophys_offset(c, o)	\
+	(phys_addr_t)((c)->phys_addr + (o))
+
 /**
  * Crypto parameters range description
  */
-- 
2.7.4

^ permalink raw reply	[flat|nested] 100+ messages in thread

* [dpdk-dev] [PATCH 06/13] cryptodev: remove additional auth data from xform
  2017-05-28 21:05 [dpdk-dev] [PATCH 00/13] Crypto operation restructuring Pablo de Lara
                   ` (4 preceding siblings ...)
  2017-05-28 21:05 ` [dpdk-dev] [PATCH 05/13] cryptodev: add crypto op helper macros Pablo de Lara
@ 2017-05-28 21:05 ` Pablo de Lara
  2017-05-28 21:05 ` [dpdk-dev] [PATCH 07/13] cryptodev: remove digest length from crypto op Pablo de Lara
                   ` (7 subsequent siblings)
  13 siblings, 0 replies; 100+ messages in thread
From: Pablo de Lara @ 2017-05-28 21:05 UTC (permalink / raw)
  To: declan.doherty, akhil.goyal, hemant.agrawal, zbigniew.bodek, jerin.jacob
  Cc: dev, Pablo de Lara

Additional authenticated data (AAD) information was duplicated
in the authentication transform and in the crypto
operation structures.

Since AAD could be modified per operation, it is removed
from the transform.

Signed-off-by: Pablo de Lara <pablo.de.lara.guarch@intel.com>
---
 app/test-crypto-perf/cperf_ops.c                 |  6 ---
 drivers/crypto/qat/qat_adf/qat_algs.h            |  3 +-
 drivers/crypto/qat/qat_adf/qat_algs_build_desc.c | 20 +++------
 drivers/crypto/qat/qat_crypto.c                  | 11 ++++-
 lib/librte_cryptodev/rte_crypto_sym.h            | 29 -------------
 test/test/test_cryptodev.c                       | 53 ++++++++++--------------
 test/test/test_cryptodev_perf.c                  |  1 -
 7 files changed, 36 insertions(+), 87 deletions(-)

diff --git a/app/test-crypto-perf/cperf_ops.c b/app/test-crypto-perf/cperf_ops.c
index c2c3db5..18a0c2c 100644
--- a/app/test-crypto-perf/cperf_ops.c
+++ b/app/test-crypto-perf/cperf_ops.c
@@ -376,14 +376,11 @@ cperf_create_session(uint8_t dev_id,
 		if (options->auth_algo != RTE_CRYPTO_AUTH_NULL) {
 			auth_xform.auth.digest_length =
 					options->auth_digest_sz;
-			auth_xform.auth.add_auth_data_length =
-					options->auth_aad_sz;
 			auth_xform.auth.key.length =
 					test_vector->auth_key.length;
 			auth_xform.auth.key.data = test_vector->auth_key.data;
 		} else {
 			auth_xform.auth.digest_length = 0;
-			auth_xform.auth.add_auth_data_length = 0;
 			auth_xform.auth.key.length = 0;
 			auth_xform.auth.key.data = NULL;
 		}
@@ -426,8 +423,6 @@ cperf_create_session(uint8_t dev_id,
 		/* auth different than null */
 		if (options->auth_algo != RTE_CRYPTO_AUTH_NULL) {
 			auth_xform.auth.digest_length = options->auth_digest_sz;
-			auth_xform.auth.add_auth_data_length =
-					options->auth_aad_sz;
 			/* auth options for aes gcm */
 			if (options->cipher_algo == RTE_CRYPTO_CIPHER_AES_GCM &&
 				options->auth_algo == RTE_CRYPTO_AUTH_AES_GCM) {
@@ -441,7 +436,6 @@ cperf_create_session(uint8_t dev_id,
 			}
 		} else {
 			auth_xform.auth.digest_length = 0;
-			auth_xform.auth.add_auth_data_length = 0;
 			auth_xform.auth.key.length = 0;
 			auth_xform.auth.key.data = NULL;
 		}
diff --git a/drivers/crypto/qat/qat_adf/qat_algs.h b/drivers/crypto/qat/qat_adf/qat_algs.h
index 5c63406..b139007 100644
--- a/drivers/crypto/qat/qat_adf/qat_algs.h
+++ b/drivers/crypto/qat/qat_adf/qat_algs.h
@@ -125,7 +125,7 @@ struct qat_session {
 	uint8_t *cd_cur_ptr;
 	phys_addr_t cd_paddr;
 	struct icp_qat_fw_la_bulk_req fw_req;
-	uint8_t aad_len;
+	uint32_t *aad_len;
 	struct qat_crypto_instance *inst;
 	rte_spinlock_t lock;	/* protects this struct */
 };
@@ -147,7 +147,6 @@ int qat_alg_aead_session_create_content_desc_cipher(struct qat_session *cd,
 int qat_alg_aead_session_create_content_desc_auth(struct qat_session *cdesc,
 						uint8_t *authkey,
 						uint32_t authkeylen,
-						uint32_t add_auth_data_length,
 						uint32_t digestsize,
 						unsigned int operation);
 
diff --git a/drivers/crypto/qat/qat_adf/qat_algs_build_desc.c b/drivers/crypto/qat/qat_adf/qat_algs_build_desc.c
index 154e1dd..0590526 100644
--- a/drivers/crypto/qat/qat_adf/qat_algs_build_desc.c
+++ b/drivers/crypto/qat/qat_adf/qat_algs_build_desc.c
@@ -661,7 +661,6 @@ int qat_alg_aead_session_create_content_desc_cipher(struct qat_session *cdesc,
 int qat_alg_aead_session_create_content_desc_auth(struct qat_session *cdesc,
 						uint8_t *authkey,
 						uint32_t authkeylen,
-						uint32_t add_auth_data_length,
 						uint32_t digestsize,
 						unsigned int operation)
 {
@@ -679,7 +678,6 @@ int qat_alg_aead_session_create_content_desc_auth(struct qat_session *cdesc,
 		sizeof(struct icp_qat_fw_la_cipher_req_params));
 	uint16_t state1_size = 0, state2_size = 0;
 	uint16_t hash_offset, cd_size;
-	uint32_t *aad_len = NULL;
 	uint32_t wordIndex  = 0;
 	uint32_t *pTempKey;
 	enum qat_crypto_proto_flag qat_proto_flag =
@@ -805,18 +803,10 @@ int qat_alg_aead_session_create_content_desc_auth(struct qat_session *cdesc,
 			PMD_DRV_LOG(ERR, "(GCM)precompute failed");
 			return -EFAULT;
 		}
-		/*
-		 * Write (the length of AAD) into bytes 16-19 of state2
-		 * in big-endian format. This field is 8 bytes
-		 */
-		auth_param->u2.aad_sz =
-				RTE_ALIGN_CEIL(add_auth_data_length, 16);
-		auth_param->hash_state_sz = (auth_param->u2.aad_sz) >> 3;
 
-		aad_len = (uint32_t *)(cdesc->cd_cur_ptr +
+		cdesc->aad_len = (uint32_t *)(cdesc->cd_cur_ptr +
 					ICP_QAT_HW_GALOIS_128_STATE1_SZ +
 					ICP_QAT_HW_GALOIS_H_SZ);
-		*aad_len = rte_bswap32(add_auth_data_length);
 		break;
 	case ICP_QAT_HW_AUTH_ALGO_SNOW_3G_UIA2:
 		qat_proto_flag = QAT_CRYPTO_PROTO_FLAG_SNOW3G;
@@ -837,8 +827,8 @@ int qat_alg_aead_session_create_content_desc_auth(struct qat_session *cdesc,
 				0, ICP_QAT_HW_SNOW_3G_UEA2_IV_SZ);
 		cdesc->cd_cur_ptr += sizeof(struct icp_qat_hw_cipher_config) +
 				authkeylen + ICP_QAT_HW_SNOW_3G_UEA2_IV_SZ;
-		auth_param->hash_state_sz =
-				RTE_ALIGN_CEIL(add_auth_data_length, 16) >> 3;
+		/* IV = 16 bytes for SNOW3G */
+		auth_param->hash_state_sz = (16 >> 3);
 		break;
 	case ICP_QAT_HW_AUTH_ALGO_ZUC_3G_128_EIA3:
 		hash->auth_config.config =
@@ -854,8 +844,8 @@ int qat_alg_aead_session_create_content_desc_auth(struct qat_session *cdesc,
 		memcpy(cdesc->cd_cur_ptr + state1_size, authkey, authkeylen);
 		cdesc->cd_cur_ptr += state1_size + state2_size
 			+ ICP_QAT_HW_ZUC_3G_EEA3_IV_SZ;
-		auth_param->hash_state_sz =
-				RTE_ALIGN_CEIL(add_auth_data_length, 16) >> 3;
+		/* IV = 16 bytes for ZUC */
+		auth_param->hash_state_sz = 16 >> 3;
 
 		break;
 	case ICP_QAT_HW_AUTH_ALGO_MD5:
diff --git a/drivers/crypto/qat/qat_crypto.c b/drivers/crypto/qat/qat_crypto.c
index 3bf3133..35edfc9 100644
--- a/drivers/crypto/qat/qat_crypto.c
+++ b/drivers/crypto/qat/qat_crypto.c
@@ -586,7 +586,6 @@ qat_crypto_sym_configure_session_auth(struct rte_cryptodev *dev,
 		if (qat_alg_aead_session_create_content_desc_auth(session,
 				cipher_xform->key.data,
 				cipher_xform->key.length,
-				auth_xform->add_auth_data_length,
 				auth_xform->digest_length,
 				auth_xform->op))
 			goto error_out;
@@ -594,7 +593,6 @@ qat_crypto_sym_configure_session_auth(struct rte_cryptodev *dev,
 		if (qat_alg_aead_session_create_content_desc_auth(session,
 				auth_xform->key.data,
 				auth_xform->key.length,
-				auth_xform->add_auth_data_length,
 				auth_xform->digest_length,
 				auth_xform->op))
 			goto error_out;
@@ -1027,6 +1025,15 @@ qat_write_hw_desc_entry(struct rte_crypto_op *op, uint8_t *out_msg,
 					ICP_QAT_HW_AUTH_ALGO_GALOIS_64) {
 			auth_ofs = op->sym->cipher.data.offset;
 			auth_len = op->sym->cipher.data.length;
+			/*
+			 * Write (the length of AAD) into bytes 16-19 of state2
+			 * in big-endian format. This field is 8 bytes
+			 */
+			auth_param->u2.aad_sz =
+					RTE_ALIGN_CEIL(op->sym->auth.aad.length, 16);
+			auth_param->hash_state_sz = (auth_param->u2.aad_sz) >> 3;
+
+			*(ctx->aad_len) = rte_bswap32(op->sym->auth.aad.length);
 		} else {
 			auth_ofs = op->sym->auth.data.offset;
 			auth_len = op->sym->auth.data.length;
diff --git a/lib/librte_cryptodev/rte_crypto_sym.h b/lib/librte_cryptodev/rte_crypto_sym.h
index 39ad1e3..08f4d02 100644
--- a/lib/librte_cryptodev/rte_crypto_sym.h
+++ b/lib/librte_cryptodev/rte_crypto_sym.h
@@ -315,35 +315,6 @@ struct rte_crypto_auth_xform {
 	 * If the value is less than the maximum length allowed by the hash,
 	 * the result shall be truncated.
 	 */
-
-	uint32_t add_auth_data_length;
-	/**< The length of the additional authenticated data (AAD) in bytes.
-	 * The maximum permitted value is 65535 (2^16 - 1) bytes, unless
-	 * otherwise specified below.
-	 *
-	 * This field must be specified when the hash algorithm is one of the
-	 * following:
-	 *
-	 * - For SNOW 3G (@ref RTE_CRYPTO_AUTH_SNOW3G_UIA2), this is the
-	 *   length of the IV (which should be 16).
-	 *
-	 * - For GCM (@ref RTE_CRYPTO_AUTH_AES_GCM).  In this case, this is
-	 *   the length of the Additional Authenticated Data (called A, in NIST
-	 *   SP800-38D).
-	 *
-	 * - For CCM (@ref RTE_CRYPTO_AUTH_AES_CCM).  In this case, this is
-	 *   the length of the associated data (called A, in NIST SP800-38C).
-	 *   Note that this does NOT include the length of any padding, or the
-	 *   18 bytes reserved at the start of the above field to store the
-	 *   block B0 and the encoded length.  The maximum permitted value in
-	 *   this case is 222 bytes.
-	 *
-	 * @note
-	 *  For AES-GMAC (@ref RTE_CRYPTO_AUTH_AES_GMAC) mode of operation
-	 *  this field is not used and should be set to 0. Instead the length
-	 *  of the AAD data is specified in additional authentication data
-	 *  length field of the rte_crypto_sym_op_data structure
-	 */
 };
 
 /** Crypto transformation types */
diff --git a/test/test/test_cryptodev.c b/test/test/test_cryptodev.c
index 543b60b..39a09e4 100644
--- a/test/test/test_cryptodev.c
+++ b/test/test/test_cryptodev.c
@@ -1778,7 +1778,7 @@ test_AES_chain_armv8_all(void)
 static int
 create_wireless_algo_hash_session(uint8_t dev_id,
 	const uint8_t *key, const uint8_t key_len,
-	const uint8_t aad_len, const uint8_t auth_len,
+	const uint8_t auth_len,
 	enum rte_crypto_auth_operation op,
 	enum rte_crypto_auth_algorithm algo)
 {
@@ -1799,7 +1799,6 @@ create_wireless_algo_hash_session(uint8_t dev_id,
 	ut_params->auth_xform.auth.key.length = key_len;
 	ut_params->auth_xform.auth.key.data = hash_key;
 	ut_params->auth_xform.auth.digest_length = auth_len;
-	ut_params->auth_xform.auth.add_auth_data_length = aad_len;
 	ut_params->sess = rte_cryptodev_sym_session_create(dev_id,
 				&ut_params->auth_xform);
 	TEST_ASSERT_NOT_NULL(ut_params->sess, "Session creation failed");
@@ -1938,7 +1937,7 @@ create_wireless_algo_cipher_auth_session(uint8_t dev_id,
 		enum rte_crypto_auth_algorithm auth_algo,
 		enum rte_crypto_cipher_algorithm cipher_algo,
 		const uint8_t *key, const uint8_t key_len,
-		const uint8_t aad_len, const uint8_t auth_len)
+		const uint8_t auth_len)
 
 {
 	uint8_t cipher_auth_key[key_len];
@@ -1957,7 +1956,6 @@ create_wireless_algo_cipher_auth_session(uint8_t dev_id,
 	/* Hash key = cipher key */
 	ut_params->auth_xform.auth.key.data = cipher_auth_key;
 	ut_params->auth_xform.auth.digest_length = auth_len;
-	ut_params->auth_xform.auth.add_auth_data_length = aad_len;
 
 	/* Setup Cipher Parameters */
 	ut_params->cipher_xform.type = RTE_CRYPTO_SYM_XFORM_CIPHER;
@@ -1991,7 +1989,6 @@ create_wireless_cipher_auth_session(uint8_t dev_id,
 
 	struct crypto_unittest_params *ut_params = &unittest_params;
 	const uint8_t *key = tdata->key.data;
-	const uint8_t aad_len = tdata->aad.len;
 	const uint8_t auth_len = tdata->digest.len;
 
 	memcpy(cipher_auth_key, key, key_len);
@@ -2006,7 +2003,6 @@ create_wireless_cipher_auth_session(uint8_t dev_id,
 	/* Hash key = cipher key */
 	ut_params->auth_xform.auth.key.data = cipher_auth_key;
 	ut_params->auth_xform.auth.digest_length = auth_len;
-	ut_params->auth_xform.auth.add_auth_data_length = aad_len;
 
 	/* Setup Cipher Parameters */
 	ut_params->cipher_xform.type = RTE_CRYPTO_SYM_XFORM_CIPHER;
@@ -2044,7 +2040,7 @@ create_wireless_algo_auth_cipher_session(uint8_t dev_id,
 		enum rte_crypto_auth_algorithm auth_algo,
 		enum rte_crypto_cipher_algorithm cipher_algo,
 		const uint8_t *key, const uint8_t key_len,
-		const uint8_t aad_len, const uint8_t auth_len)
+		const uint8_t auth_len)
 {
 	uint8_t auth_cipher_key[key_len];
 
@@ -2060,7 +2056,6 @@ create_wireless_algo_auth_cipher_session(uint8_t dev_id,
 	ut_params->auth_xform.auth.key.length = key_len;
 	ut_params->auth_xform.auth.key.data = auth_cipher_key;
 	ut_params->auth_xform.auth.digest_length = auth_len;
-	ut_params->auth_xform.auth.add_auth_data_length = aad_len;
 
 	/* Setup Cipher Parameters */
 	ut_params->cipher_xform.type = RTE_CRYPTO_SYM_XFORM_CIPHER;
@@ -2480,7 +2475,7 @@ test_snow3g_authentication(const struct snow3g_hash_test_data *tdata)
 	/* Create SNOW 3G session */
 	retval = create_wireless_algo_hash_session(ts_params->valid_devs[0],
 			tdata->key.data, tdata->key.len,
-			tdata->aad.len, tdata->digest.len,
+			tdata->digest.len,
 			RTE_CRYPTO_AUTH_OP_GENERATE,
 			RTE_CRYPTO_AUTH_SNOW3G_UIA2);
 	if (retval < 0)
@@ -2541,7 +2536,7 @@ test_snow3g_authentication_verify(const struct snow3g_hash_test_data *tdata)
 	/* Create SNOW 3G session */
 	retval = create_wireless_algo_hash_session(ts_params->valid_devs[0],
 				tdata->key.data, tdata->key.len,
-				tdata->aad.len, tdata->digest.len,
+				tdata->digest.len,
 				RTE_CRYPTO_AUTH_OP_VERIFY,
 				RTE_CRYPTO_AUTH_SNOW3G_UIA2);
 	if (retval < 0)
@@ -2602,7 +2597,7 @@ test_kasumi_authentication(const struct kasumi_hash_test_data *tdata)
 	/* Create KASUMI session */
 	retval = create_wireless_algo_hash_session(ts_params->valid_devs[0],
 			tdata->key.data, tdata->key.len,
-			tdata->aad.len, tdata->digest.len,
+			tdata->digest.len,
 			RTE_CRYPTO_AUTH_OP_GENERATE,
 			RTE_CRYPTO_AUTH_KASUMI_F9);
 	if (retval < 0)
@@ -2663,7 +2658,7 @@ test_kasumi_authentication_verify(const struct kasumi_hash_test_data *tdata)
 	/* Create KASUMI session */
 	retval = create_wireless_algo_hash_session(ts_params->valid_devs[0],
 				tdata->key.data, tdata->key.len,
-				tdata->aad.len, tdata->digest.len,
+				tdata->digest.len,
 				RTE_CRYPTO_AUTH_OP_VERIFY,
 				RTE_CRYPTO_AUTH_KASUMI_F9);
 	if (retval < 0)
@@ -3844,7 +3839,7 @@ test_snow3g_cipher_auth(const struct snow3g_test_data *tdata)
 			RTE_CRYPTO_AUTH_SNOW3G_UIA2,
 			RTE_CRYPTO_CIPHER_SNOW3G_UEA2,
 			tdata->key.data, tdata->key.len,
-			tdata->aad.len, tdata->digest.len);
+			tdata->digest.len);
 	if (retval < 0)
 		return retval;
 	ut_params->ibuf = rte_pktmbuf_alloc(ts_params->mbuf_pool);
@@ -3927,7 +3922,7 @@ test_snow3g_auth_cipher(const struct snow3g_test_data *tdata)
 			RTE_CRYPTO_AUTH_SNOW3G_UIA2,
 			RTE_CRYPTO_CIPHER_SNOW3G_UEA2,
 			tdata->key.data, tdata->key.len,
-			tdata->aad.len, tdata->digest.len);
+			tdata->digest.len);
 	if (retval < 0)
 		return retval;
 
@@ -4014,7 +4009,7 @@ test_kasumi_auth_cipher(const struct kasumi_test_data *tdata)
 			RTE_CRYPTO_AUTH_KASUMI_F9,
 			RTE_CRYPTO_CIPHER_KASUMI_F8,
 			tdata->key.data, tdata->key.len,
-			tdata->aad.len, tdata->digest.len);
+			tdata->digest.len);
 	if (retval < 0)
 		return retval;
 	ut_params->ibuf = rte_pktmbuf_alloc(ts_params->mbuf_pool);
@@ -4097,7 +4092,7 @@ test_kasumi_cipher_auth(const struct kasumi_test_data *tdata)
 			RTE_CRYPTO_AUTH_KASUMI_F9,
 			RTE_CRYPTO_CIPHER_KASUMI_F8,
 			tdata->key.data, tdata->key.len,
-			tdata->aad.len, tdata->digest.len);
+			tdata->digest.len);
 	if (retval < 0)
 		return retval;
 
@@ -4349,7 +4344,7 @@ test_zuc_authentication(const struct wireless_test_data *tdata)
 	/* Create ZUC session */
 	retval = create_wireless_algo_hash_session(ts_params->valid_devs[0],
 			tdata->key.data, tdata->key.len,
-			tdata->aad.len, tdata->digest.len,
+			tdata->digest.len,
 			RTE_CRYPTO_AUTH_OP_GENERATE,
 			RTE_CRYPTO_AUTH_ZUC_EIA3);
 	if (retval < 0)
@@ -4816,7 +4811,7 @@ test_3DES_cipheronly_openssl_all(void)
 static int
 create_gcm_session(uint8_t dev_id, enum rte_crypto_cipher_operation op,
 		const uint8_t *key, const uint8_t key_len,
-		const uint8_t aad_len, const uint8_t auth_len,
+		const uint8_t auth_len,
 		enum rte_crypto_auth_operation auth_op)
 {
 	uint8_t cipher_key[key_len];
@@ -4844,7 +4839,6 @@ create_gcm_session(uint8_t dev_id, enum rte_crypto_cipher_operation op,
 	ut_params->auth_xform.auth.algo = RTE_CRYPTO_AUTH_AES_GCM;
 
 	ut_params->auth_xform.auth.digest_length = auth_len;
-	ut_params->auth_xform.auth.add_auth_data_length = aad_len;
 	ut_params->auth_xform.auth.key.length = 0;
 	ut_params->auth_xform.auth.key.data = NULL;
 
@@ -4869,7 +4863,7 @@ static int
 create_gcm_xforms(struct rte_crypto_op *op,
 		enum rte_crypto_cipher_operation cipher_op,
 		uint8_t *key, const uint8_t key_len,
-		const uint8_t aad_len, const uint8_t auth_len,
+		const uint8_t auth_len,
 		enum rte_crypto_auth_operation auth_op)
 {
 	TEST_ASSERT_NOT_NULL(rte_crypto_op_sym_xforms_alloc(op, 2),
@@ -4891,7 +4885,6 @@ create_gcm_xforms(struct rte_crypto_op *op,
 	sym_op->xform->next->auth.algo = RTE_CRYPTO_AUTH_AES_GCM;
 	sym_op->xform->next->auth.op = auth_op;
 	sym_op->xform->next->auth.digest_length = auth_len;
-	sym_op->xform->next->auth.add_auth_data_length = aad_len;
 	sym_op->xform->next->auth.key.length = 0;
 	sym_op->xform->next->auth.key.data = NULL;
 	sym_op->xform->next->next = NULL;
@@ -5048,7 +5041,7 @@ test_mb_AES_GCM_authenticated_encryption(const struct gcm_test_data *tdata)
 	retval = create_gcm_session(ts_params->valid_devs[0],
 			RTE_CRYPTO_CIPHER_OP_ENCRYPT,
 			tdata->key.data, tdata->key.len,
-			tdata->aad.len, tdata->auth_tag.len,
+			tdata->auth_tag.len,
 			RTE_CRYPTO_AUTH_OP_GENERATE);
 	if (retval < 0)
 		return retval;
@@ -5225,7 +5218,7 @@ test_mb_AES_GCM_authenticated_decryption(const struct gcm_test_data *tdata)
 	retval = create_gcm_session(ts_params->valid_devs[0],
 			RTE_CRYPTO_CIPHER_OP_DECRYPT,
 			tdata->key.data, tdata->key.len,
-			tdata->aad.len, tdata->auth_tag.len,
+			tdata->auth_tag.len,
 			RTE_CRYPTO_AUTH_OP_VERIFY);
 	if (retval < 0)
 		return retval;
@@ -5391,7 +5384,7 @@ test_AES_GCM_authenticated_encryption_oop(const struct gcm_test_data *tdata)
 	retval = create_gcm_session(ts_params->valid_devs[0],
 			RTE_CRYPTO_CIPHER_OP_ENCRYPT,
 			tdata->key.data, tdata->key.len,
-			tdata->aad.len, tdata->auth_tag.len,
+			tdata->auth_tag.len,
 			RTE_CRYPTO_AUTH_OP_GENERATE);
 	if (retval < 0)
 		return retval;
@@ -5467,7 +5460,7 @@ test_AES_GCM_authenticated_decryption_oop(const struct gcm_test_data *tdata)
 	retval = create_gcm_session(ts_params->valid_devs[0],
 			RTE_CRYPTO_CIPHER_OP_DECRYPT,
 			tdata->key.data, tdata->key.len,
-			tdata->aad.len, tdata->auth_tag.len,
+			tdata->auth_tag.len,
 			RTE_CRYPTO_AUTH_OP_VERIFY);
 	if (retval < 0)
 		return retval;
@@ -5550,7 +5543,7 @@ test_AES_GCM_authenticated_encryption_sessionless(
 	retval = create_gcm_xforms(ut_params->op,
 			RTE_CRYPTO_CIPHER_OP_ENCRYPT,
 			key, tdata->key.len,
-			tdata->aad.len, tdata->auth_tag.len,
+			tdata->auth_tag.len,
 			RTE_CRYPTO_AUTH_OP_GENERATE);
 	if (retval < 0)
 		return retval;
@@ -5630,7 +5623,7 @@ test_AES_GCM_authenticated_decryption_sessionless(
 	retval = create_gcm_xforms(ut_params->op,
 			RTE_CRYPTO_CIPHER_OP_DECRYPT,
 			key, tdata->key.len,
-			tdata->aad.len, tdata->auth_tag.len,
+			tdata->auth_tag.len,
 			RTE_CRYPTO_AUTH_OP_VERIFY);
 	if (retval < 0)
 		return retval;
@@ -5750,7 +5743,6 @@ static int MD5_HMAC_create_session(struct crypto_testsuite_params *ts_params,
 	ut_params->auth_xform.auth.algo = RTE_CRYPTO_AUTH_MD5_HMAC;
 
 	ut_params->auth_xform.auth.digest_length = MD5_DIGEST_LEN;
-	ut_params->auth_xform.auth.add_auth_data_length = 0;
 	ut_params->auth_xform.auth.key.length = test_case->key.len;
 	ut_params->auth_xform.auth.key.data = key;
 
@@ -6560,7 +6552,6 @@ static int create_gmac_session(uint8_t dev_id,
 	ut_params->auth_xform.auth.algo = RTE_CRYPTO_AUTH_AES_GMAC;
 	ut_params->auth_xform.auth.op = auth_op;
 	ut_params->auth_xform.auth.digest_length = tdata->gmac_tag.len;
-	ut_params->auth_xform.auth.add_auth_data_length = 0;
 	ut_params->auth_xform.auth.key.length = 0;
 	ut_params->auth_xform.auth.key.data = NULL;
 
@@ -6909,7 +6900,6 @@ create_auth_session(struct crypto_unittest_params *ut_params,
 	ut_params->auth_xform.auth.key.length = reference->auth_key.len;
 	ut_params->auth_xform.auth.key.data = auth_key;
 	ut_params->auth_xform.auth.digest_length = reference->digest.len;
-	ut_params->auth_xform.auth.add_auth_data_length = reference->aad.len;
 
 	/* Create Crypto session*/
 	ut_params->sess = rte_cryptodev_sym_session_create(dev_id,
@@ -6942,7 +6932,6 @@ create_auth_cipher_session(struct crypto_unittest_params *ut_params,
 	ut_params->auth_xform.auth.key.length = reference->auth_key.len;
 	ut_params->auth_xform.auth.key.data = auth_key;
 	ut_params->auth_xform.auth.digest_length = reference->digest.len;
-	ut_params->auth_xform.auth.add_auth_data_length = reference->aad.len;
 
 	/* Setup Cipher Parameters */
 	ut_params->cipher_xform.type = RTE_CRYPTO_SYM_XFORM_CIPHER;
@@ -7466,7 +7455,7 @@ test_AES_GCM_authenticated_encryption_SGL(const struct gcm_test_data *tdata,
 	retval = create_gcm_session(ts_params->valid_devs[0],
 			RTE_CRYPTO_CIPHER_OP_ENCRYPT,
 			tdata->key.data, tdata->key.len,
-			tdata->aad.len, tdata->auth_tag.len,
+			tdata->auth_tag.len,
 			RTE_CRYPTO_AUTH_OP_GENERATE);
 	if (retval < 0)
 		return retval;
diff --git a/test/test/test_cryptodev_perf.c b/test/test/test_cryptodev_perf.c
index d60028d..8225d09 100644
--- a/test/test/test_cryptodev_perf.c
+++ b/test/test/test_cryptodev_perf.c
@@ -2749,7 +2749,6 @@ test_perf_create_snow3g_session(uint8_t dev_id, enum chain_mode chain,
 	auth_xform.auth.op = RTE_CRYPTO_AUTH_OP_GENERATE;
 	auth_xform.auth.algo = auth_algo;
 
-	auth_xform.auth.add_auth_data_length = SNOW3G_CIPHER_IV_LENGTH;
 	auth_xform.auth.key.data = snow3g_hash_key;
 	auth_xform.auth.key.length =  get_auth_key_max_length(auth_algo);
 	auth_xform.auth.digest_length = get_auth_digest_length(auth_algo);
-- 
2.7.4

^ permalink raw reply	[flat|nested] 100+ messages in thread

* [dpdk-dev] [PATCH 07/13] cryptodev: remove digest length from crypto op
  2017-05-28 21:05 [dpdk-dev] [PATCH 00/13] Crypto operation restructuring Pablo de Lara
                   ` (5 preceding siblings ...)
  2017-05-28 21:05 ` [dpdk-dev] [PATCH 06/13] cryptodev: remove additional auth data from xform Pablo de Lara
@ 2017-05-28 21:05 ` Pablo de Lara
  2017-05-28 21:05 ` [dpdk-dev] [PATCH 08/13] app/crypto-perf: move IV to crypto op private data Pablo de Lara
                   ` (6 subsequent siblings)
  13 siblings, 0 replies; 100+ messages in thread
From: Pablo de Lara @ 2017-05-28 21:05 UTC (permalink / raw)
  To: declan.doherty, akhil.goyal, hemant.agrawal, zbigniew.bodek, jerin.jacob
  Cc: dev, Pablo de Lara

Digest length was duplicated in the authentication transform
and the crypto operation structures.

Since digest length is not expected to change in a same
session, it is removed from the crypto operation.

Also, the length has been shrunk to 16 bits,
which should be sufficient for any digest.

Signed-off-by: Pablo de Lara <pablo.de.lara.guarch@intel.com>
---
 app/test-crypto-perf/cperf_ops.c                 |  7 -----
 drivers/crypto/aesni_gcm/aesni_gcm_pmd.c         | 35 ++++++++++++++----------
 drivers/crypto/aesni_gcm/aesni_gcm_pmd_private.h |  2 ++
 drivers/crypto/armv8/rte_armv8_pmd.c             |  9 ++++--
 drivers/crypto/armv8/rte_armv8_pmd_private.h     |  2 ++
 drivers/crypto/dpaa2_sec/dpaa2_sec_dpseci.c      | 34 +++++++++++++----------
 drivers/crypto/dpaa2_sec/dpaa2_sec_priv.h        |  1 +
 drivers/crypto/kasumi/rte_kasumi_pmd.c           | 18 ++++++------
 drivers/crypto/openssl/rte_openssl_pmd.c         |  8 ++++--
 drivers/crypto/openssl/rte_openssl_pmd_private.h |  3 ++
 drivers/crypto/qat/qat_adf/qat_algs.h            |  1 +
 drivers/crypto/qat/qat_crypto.c                  |  2 +-
 drivers/crypto/snow3g/rte_snow3g_pmd.c           | 18 ++++++------
 drivers/crypto/zuc/rte_zuc_pmd.c                 | 18 ++++++------
 lib/librte_cryptodev/rte_crypto_sym.h            |  6 +---
 15 files changed, 88 insertions(+), 76 deletions(-)

diff --git a/app/test-crypto-perf/cperf_ops.c b/app/test-crypto-perf/cperf_ops.c
index 18a0c2c..a101ba1 100644
--- a/app/test-crypto-perf/cperf_ops.c
+++ b/app/test-crypto-perf/cperf_ops.c
@@ -142,7 +142,6 @@ cperf_set_ops_auth(struct rte_crypto_op **ops,
 			sym_op->auth.digest.data = test_vector->digest.data;
 			sym_op->auth.digest.phys_addr =
 					test_vector->digest.phys_addr;
-			sym_op->auth.digest.length = options->auth_digest_sz;
 		} else {
 
 			uint32_t offset = options->test_buffer_size;
@@ -165,7 +164,6 @@ cperf_set_ops_auth(struct rte_crypto_op **ops,
 					uint8_t *, offset);
 			sym_op->auth.digest.phys_addr =
 					rte_pktmbuf_mtophys_offset(buf,	offset);
-			sym_op->auth.digest.length = options->auth_digest_sz;
 			sym_op->auth.aad.phys_addr = test_vector->aad.phys_addr;
 			sym_op->auth.aad.data = test_vector->aad.data;
 			sym_op->auth.aad.length = options->auth_aad_sz;
@@ -221,7 +219,6 @@ cperf_set_ops_cipher_auth(struct rte_crypto_op **ops,
 			sym_op->auth.digest.data = test_vector->digest.data;
 			sym_op->auth.digest.phys_addr =
 					test_vector->digest.phys_addr;
-			sym_op->auth.digest.length = options->auth_digest_sz;
 		} else {
 
 			uint32_t offset = options->test_buffer_size;
@@ -244,7 +241,6 @@ cperf_set_ops_cipher_auth(struct rte_crypto_op **ops,
 					uint8_t *, offset);
 			sym_op->auth.digest.phys_addr =
 					rte_pktmbuf_mtophys_offset(buf,	offset);
-			sym_op->auth.digest.length = options->auth_digest_sz;
 			sym_op->auth.aad.phys_addr = test_vector->aad.phys_addr;
 			sym_op->auth.aad.data = test_vector->aad.data;
 			sym_op->auth.aad.length = options->auth_aad_sz;
@@ -298,7 +294,6 @@ cperf_set_ops_aead(struct rte_crypto_op **ops,
 			sym_op->auth.digest.data = test_vector->digest.data;
 			sym_op->auth.digest.phys_addr =
 					test_vector->digest.phys_addr;
-			sym_op->auth.digest.length = options->auth_digest_sz;
 		} else {
 
 			uint32_t offset = sym_op->cipher.data.length +
@@ -322,8 +317,6 @@ cperf_set_ops_aead(struct rte_crypto_op **ops,
 					uint8_t *, offset);
 			sym_op->auth.digest.phys_addr =
 					rte_pktmbuf_mtophys_offset(buf,	offset);
-
-			sym_op->auth.digest.length = options->auth_digest_sz;
 		}
 
 		sym_op->auth.data.length = options->test_buffer_size;
diff --git a/drivers/crypto/aesni_gcm/aesni_gcm_pmd.c b/drivers/crypto/aesni_gcm/aesni_gcm_pmd.c
index ec00d22..31e48aa 100644
--- a/drivers/crypto/aesni_gcm/aesni_gcm_pmd.c
+++ b/drivers/crypto/aesni_gcm/aesni_gcm_pmd.c
@@ -77,6 +77,7 @@ aesni_gcm_set_session_parameters(struct aesni_gcm_session *sess,
 {
 	const struct rte_crypto_sym_xform *auth_xform;
 	const struct rte_crypto_sym_xform *cipher_xform;
+	uint16_t digest_length;
 
 	if (xform->next == NULL || xform->next->next != NULL) {
 		GCM_LOG_ERR("Two and only two chained xform required");
@@ -116,6 +117,8 @@ aesni_gcm_set_session_parameters(struct aesni_gcm_session *sess,
 		return -EINVAL;
 	}
 
+	digest_length = auth_xform->auth.digest_length;
+
 	/* Check key length and calculate GCM pre-compute. */
 	switch (cipher_xform->cipher.key.length) {
 	case 16:
@@ -133,6 +136,15 @@ aesni_gcm_set_session_parameters(struct aesni_gcm_session *sess,
 		return -EINVAL;
 	}
 
+	/* Digest check */
+	if (digest_length != 16 &&
+			digest_length != 12 &&
+			digest_length != 8) {
+		GCM_LOG_ERR("digest");
+		return -EINVAL;
+	}
+	sess->digest_length = digest_length;
+
 	return 0;
 }
 
@@ -234,13 +246,6 @@ process_gcm_crypto_op(struct rte_crypto_sym_op *op,
 		*iv_padd = rte_bswap32(1);
 	}
 
-	if (op->auth.digest.length != 16 &&
-			op->auth.digest.length != 12 &&
-			op->auth.digest.length != 8) {
-		GCM_LOG_ERR("digest");
-		return -1;
-	}
-
 	if (session->op == AESNI_GCM_OP_AUTHENTICATED_ENCRYPTION) {
 
 		aesni_gcm_enc[session->key].init(&session->gdata,
@@ -270,11 +275,11 @@ process_gcm_crypto_op(struct rte_crypto_sym_op *op,
 
 		aesni_gcm_enc[session->key].finalize(&session->gdata,
 				op->auth.digest.data,
-				(uint64_t)op->auth.digest.length);
+				(uint64_t)session->digest_length);
 	} else { /* session->op == AESNI_GCM_OP_AUTHENTICATED_DECRYPTION */
 		uint8_t *auth_tag = (uint8_t *)rte_pktmbuf_append(op->m_dst ?
 				op->m_dst : op->m_src,
-				op->auth.digest.length);
+				session->digest_length);
 
 		if (!auth_tag) {
 			GCM_LOG_ERR("auth_tag");
@@ -308,7 +313,7 @@ process_gcm_crypto_op(struct rte_crypto_sym_op *op,
 
 		aesni_gcm_dec[session->key].finalize(&session->gdata,
 				auth_tag,
-				(uint64_t)op->auth.digest.length);
+				(uint64_t)session->digest_length);
 	}
 
 	return 0;
@@ -338,21 +343,21 @@ post_process_gcm_crypto_op(struct rte_crypto_op *op)
 	if (session->op == AESNI_GCM_OP_AUTHENTICATED_DECRYPTION) {
 
 		uint8_t *tag = rte_pktmbuf_mtod_offset(m, uint8_t *,
-				m->data_len - op->sym->auth.digest.length);
+				m->data_len - session->digest_length);
 
 #ifdef RTE_LIBRTE_PMD_AESNI_GCM_DEBUG
 		rte_hexdump(stdout, "auth tag (orig):",
-				op->sym->auth.digest.data, op->sym->auth.digest.length);
+				op->sym->auth.digest.data, session->digest_length);
 		rte_hexdump(stdout, "auth tag (calc):",
-				tag, op->sym->auth.digest.length);
+				tag, session->digest_length);
 #endif
 
 		if (memcmp(tag, op->sym->auth.digest.data,
-				op->sym->auth.digest.length) != 0)
+				session->digest_length) != 0)
 			op->status = RTE_CRYPTO_OP_STATUS_AUTH_FAILED;
 
 		/* trim area used for digest from mbuf */
-		rte_pktmbuf_trim(m, op->sym->auth.digest.length);
+		rte_pktmbuf_trim(m, session->digest_length);
 	}
 }
 
diff --git a/drivers/crypto/aesni_gcm/aesni_gcm_pmd_private.h b/drivers/crypto/aesni_gcm/aesni_gcm_pmd_private.h
index 0496b44..b27ad40 100644
--- a/drivers/crypto/aesni_gcm/aesni_gcm_pmd_private.h
+++ b/drivers/crypto/aesni_gcm/aesni_gcm_pmd_private.h
@@ -90,6 +90,8 @@ enum aesni_gcm_key {
 
 /** AESNI GCM private session structure */
 struct aesni_gcm_session {
+	uint16_t digest_length;
+	/**< Digest length */
 	enum aesni_gcm_operation op;
 	/**< GCM operation type */
 	enum aesni_gcm_key key;
diff --git a/drivers/crypto/armv8/rte_armv8_pmd.c b/drivers/crypto/armv8/rte_armv8_pmd.c
index 146e68a..3ca9007 100644
--- a/drivers/crypto/armv8/rte_armv8_pmd.c
+++ b/drivers/crypto/armv8/rte_armv8_pmd.c
@@ -451,6 +451,9 @@ armv8_crypto_set_session_chained_parameters(struct armv8_crypto_session *sess,
 		return -EINVAL;
 	}
 
+	/* Set the digest length */
+	sess->auth.digest_length = auth_xform->auth.digest_length;
+
 	/* Verify supported key lengths and extract proper algorithm */
 	switch (cipher_xform->cipher.key.length << 3) {
 	case 128:
@@ -645,7 +648,7 @@ process_armv8_chained_op
 		}
 	} else {
 		adst = (uint8_t *)rte_pktmbuf_append(m_asrc,
-				op->sym->auth.digest.length);
+				sess->auth.digest_length);
 	}
 
 	if (unlikely(op->sym->cipher.iv.length != sess->cipher.iv_len)) {
@@ -667,12 +670,12 @@ process_armv8_chained_op
 	op->status = RTE_CRYPTO_OP_STATUS_SUCCESS;
 	if (sess->auth.operation == RTE_CRYPTO_AUTH_OP_VERIFY) {
 		if (memcmp(adst, op->sym->auth.digest.data,
-				op->sym->auth.digest.length) != 0) {
+				sess->auth.digest_length) != 0) {
 			op->status = RTE_CRYPTO_OP_STATUS_AUTH_FAILED;
 		}
 		/* Trim area used for digest from mbuf. */
 		rte_pktmbuf_trim(m_asrc,
-				op->sym->auth.digest.length);
+				sess->auth.digest_length);
 	}
 }
 
diff --git a/drivers/crypto/armv8/rte_armv8_pmd_private.h b/drivers/crypto/armv8/rte_armv8_pmd_private.h
index b75107f..ccd5fdc 100644
--- a/drivers/crypto/armv8/rte_armv8_pmd_private.h
+++ b/drivers/crypto/armv8/rte_armv8_pmd_private.h
@@ -196,6 +196,8 @@ struct armv8_crypto_session {
 				/**< HMAC key (max supported length)*/
 			} hmac;
 		};
+		uint16_t digest_length;
+		/* Digest length */
 	} auth;
 
 } __rte_cache_aligned;
diff --git a/drivers/crypto/dpaa2_sec/dpaa2_sec_dpseci.c b/drivers/crypto/dpaa2_sec/dpaa2_sec_dpseci.c
index ba0bfb3..336c281 100644
--- a/drivers/crypto/dpaa2_sec/dpaa2_sec_dpseci.c
+++ b/drivers/crypto/dpaa2_sec/dpaa2_sec_dpseci.c
@@ -84,7 +84,7 @@ build_authenc_fd(dpaa2_sec_session *sess,
 	struct sec_flow_context *flc;
 	uint32_t auth_only_len = sym_op->auth.data.length -
 				sym_op->cipher.data.length;
-	int icv_len = sym_op->auth.digest.length;
+	int icv_len = sess->digest_length;
 	uint8_t *old_icv;
 	uint32_t mem_len = (7 * sizeof(struct qbman_fle)) + icv_len;
 
@@ -133,7 +133,7 @@ build_authenc_fd(dpaa2_sec_session *sess,
 		   "cipher_off: 0x%x/length %d, iv-len=%d data_off: 0x%x\n",
 		   sym_op->auth.data.offset,
 		   sym_op->auth.data.length,
-		   sym_op->auth.digest.length,
+		   sess->digest_length,
 		   sym_op->cipher.data.offset,
 		   sym_op->cipher.data.length,
 		   sym_op->cipher.iv.length,
@@ -159,7 +159,7 @@ build_authenc_fd(dpaa2_sec_session *sess,
 		sge++;
 		DPAA2_SET_FLE_ADDR(sge,
 				DPAA2_VADDR_TO_IOVA(sym_op->auth.digest.data));
-		sge->length = sym_op->auth.digest.length;
+		sge->length = sess->digest_length;
 		DPAA2_SET_FD_LEN(fd, (sym_op->auth.data.length +
 					sym_op->cipher.iv.length));
 	}
@@ -175,7 +175,7 @@ build_authenc_fd(dpaa2_sec_session *sess,
 	fle->length = (sess->dir == DIR_ENC) ?
 			(sym_op->auth.data.length + sym_op->cipher.iv.length) :
 			(sym_op->auth.data.length + sym_op->cipher.iv.length +
-			 sym_op->auth.digest.length);
+			 sess->digest_length);
 
 	/* Configure Input SGE for Encap/Decap */
 	DPAA2_SET_FLE_ADDR(sge, DPAA2_VADDR_TO_IOVA(sym_op->cipher.iv.data));
@@ -190,12 +190,12 @@ build_authenc_fd(dpaa2_sec_session *sess,
 		sge++;
 		old_icv = (uint8_t *)(sge + 1);
 		memcpy(old_icv,	sym_op->auth.digest.data,
-		       sym_op->auth.digest.length);
-		memset(sym_op->auth.digest.data, 0, sym_op->auth.digest.length);
+		       sess->digest_length);
+		memset(sym_op->auth.digest.data, 0, sess->digest_length);
 		DPAA2_SET_FLE_ADDR(sge, DPAA2_VADDR_TO_IOVA(old_icv));
-		sge->length = sym_op->auth.digest.length;
+		sge->length = sess->digest_length;
 		DPAA2_SET_FD_LEN(fd, (sym_op->auth.data.length +
-				 sym_op->auth.digest.length +
+				 sess->digest_length +
 				 sym_op->cipher.iv.length));
 	}
 	DPAA2_SET_FLE_FIN(sge);
@@ -215,7 +215,7 @@ build_auth_fd(dpaa2_sec_session *sess, struct rte_crypto_op *op,
 	uint32_t mem_len = (sess->dir == DIR_ENC) ?
 			   (3 * sizeof(struct qbman_fle)) :
 			   (5 * sizeof(struct qbman_fle) +
-			    sym_op->auth.digest.length);
+			    sess->digest_length);
 	struct sec_flow_context *flc;
 	struct ctxt_priv *priv = sess->ctxt;
 	uint8_t *old_digest;
@@ -249,7 +249,7 @@ build_auth_fd(dpaa2_sec_session *sess, struct rte_crypto_op *op,
 	DPAA2_SET_FD_FLC(fd, DPAA2_VADDR_TO_IOVA(flc));
 
 	DPAA2_SET_FLE_ADDR(fle, DPAA2_VADDR_TO_IOVA(sym_op->auth.digest.data));
-	fle->length = sym_op->auth.digest.length;
+	fle->length = sess->digest_length;
 
 	DPAA2_SET_FD_ADDR(fd, DPAA2_VADDR_TO_IOVA(fle));
 	DPAA2_SET_FD_COMPOUND_FMT(fd);
@@ -280,17 +280,17 @@ build_auth_fd(dpaa2_sec_session *sess, struct rte_crypto_op *op,
 				     sym_op->m_src->data_off);
 
 		DPAA2_SET_FD_LEN(fd, sym_op->auth.data.length +
-				 sym_op->auth.digest.length);
+				 sess->digest_length);
 		sge->length = sym_op->auth.data.length;
 		sge++;
 		old_digest = (uint8_t *)(sge + 1);
 		rte_memcpy(old_digest, sym_op->auth.digest.data,
-			   sym_op->auth.digest.length);
-		memset(sym_op->auth.digest.data, 0, sym_op->auth.digest.length);
+			   sess->digest_length);
+		memset(sym_op->auth.digest.data, 0, sess->digest_length);
 		DPAA2_SET_FLE_ADDR(sge, DPAA2_VADDR_TO_IOVA(old_digest));
-		sge->length = sym_op->auth.digest.length;
+		sge->length = sess->digest_length;
 		fle->length = sym_op->auth.data.length +
-				sym_op->auth.digest.length;
+				sess->digest_length;
 		DPAA2_SET_FLE_FIN(sge);
 	}
 	DPAA2_SET_FLE_FIN(fle);
@@ -904,6 +904,8 @@ dpaa2_sec_auth_init(struct rte_cryptodev *dev,
 	authdata.key_enc_flags = 0;
 	authdata.key_type = RTA_DATA_IMM;
 
+	session->digest_length = xform->auth.digest_length;
+
 	switch (xform->auth.algo) {
 	case RTE_CRYPTO_AUTH_SHA1_HMAC:
 		authdata.algtype = OP_ALG_ALGSEL_SHA1;
@@ -1051,6 +1053,8 @@ dpaa2_sec_aead_init(struct rte_cryptodev *dev,
 	authdata.key_enc_flags = 0;
 	authdata.key_type = RTA_DATA_IMM;
 
+	session->digest_length = xform->auth.digest_length;
+
 	switch (auth_xform->algo) {
 	case RTE_CRYPTO_AUTH_SHA1_HMAC:
 		authdata.algtype = OP_ALG_ALGSEL_SHA1;
diff --git a/drivers/crypto/dpaa2_sec/dpaa2_sec_priv.h b/drivers/crypto/dpaa2_sec/dpaa2_sec_priv.h
index f5c6169..d4ca86c 100644
--- a/drivers/crypto/dpaa2_sec/dpaa2_sec_priv.h
+++ b/drivers/crypto/dpaa2_sec/dpaa2_sec_priv.h
@@ -187,6 +187,7 @@ typedef struct dpaa2_sec_session_entry {
 		uint8_t *data;	/**< pointer to key data */
 		size_t length;	/**< key length in bytes */
 	} auth_key;
+	uint16_t digest_length;
 	uint8_t status;
 	union {
 		struct dpaa2_sec_cipher_ctxt cipher_ctxt;
diff --git a/drivers/crypto/kasumi/rte_kasumi_pmd.c b/drivers/crypto/kasumi/rte_kasumi_pmd.c
index d089b0d..6407a7d 100644
--- a/drivers/crypto/kasumi/rte_kasumi_pmd.c
+++ b/drivers/crypto/kasumi/rte_kasumi_pmd.c
@@ -124,6 +124,12 @@ kasumi_set_session_parameters(struct kasumi_session *sess,
 		/* Only KASUMI F9 supported */
 		if (auth_xform->auth.algo != RTE_CRYPTO_AUTH_KASUMI_F9)
 			return -EINVAL;
+
+		if (auth_xform->auth.digest_length != KASUMI_DIGEST_LENGTH) {
+			KASUMI_LOG_ERR("Wrong digest length");
+			return -EINVAL;
+		}
+
 		sess->auth_op = auth_xform->auth.op;
 		/* Initialize key */
 		sso_kasumi_init_f9_key_sched(auth_xform->auth.key.data,
@@ -259,12 +265,6 @@ process_kasumi_hash_op(struct rte_crypto_op **ops,
 			break;
 		}
 
-		if (unlikely(ops[i]->sym->auth.digest.length != KASUMI_DIGEST_LENGTH)) {
-			ops[i]->status = RTE_CRYPTO_OP_STATUS_INVALID_ARGS;
-			KASUMI_LOG_ERR("digest");
-			break;
-		}
-
 		/* Data must be byte aligned */
 		if ((ops[i]->sym->auth.data.offset % BYTE_LEN) != 0) {
 			ops[i]->status = RTE_CRYPTO_OP_STATUS_INVALID_ARGS;
@@ -285,19 +285,19 @@ process_kasumi_hash_op(struct rte_crypto_op **ops,
 
 		if (session->auth_op == RTE_CRYPTO_AUTH_OP_VERIFY) {
 			dst = (uint8_t *)rte_pktmbuf_append(ops[i]->sym->m_src,
-					ops[i]->sym->auth.digest.length);
+					KASUMI_DIGEST_LENGTH);
 
 			sso_kasumi_f9_1_buffer_user(&session->pKeySched_hash,
 					IV, src,
 					length_in_bits,	dst, direction);
 			/* Verify digest. */
 			if (memcmp(dst, ops[i]->sym->auth.digest.data,
-					ops[i]->sym->auth.digest.length) != 0)
+					KASUMI_DIGEST_LENGTH) != 0)
 				ops[i]->status = RTE_CRYPTO_OP_STATUS_AUTH_FAILED;
 
 			/* Trim area used for digest from mbuf. */
 			rte_pktmbuf_trim(ops[i]->sym->m_src,
-					ops[i]->sym->auth.digest.length);
+					KASUMI_DIGEST_LENGTH);
 		} else  {
 			dst = ops[i]->sym->auth.digest.data;
 
diff --git a/drivers/crypto/openssl/rte_openssl_pmd.c b/drivers/crypto/openssl/rte_openssl_pmd.c
index a92bd88..0333526 100644
--- a/drivers/crypto/openssl/rte_openssl_pmd.c
+++ b/drivers/crypto/openssl/rte_openssl_pmd.c
@@ -365,6 +365,8 @@ openssl_set_session_auth_parameters(struct openssl_session *sess,
 		return -EINVAL;
 	}
 
+	sess->auth.digest_length = xform->auth.digest_length;
+
 	return 0;
 }
 
@@ -1116,7 +1118,7 @@ process_openssl_auth_op
 
 	if (sess->auth.operation == RTE_CRYPTO_AUTH_OP_VERIFY)
 		dst = (uint8_t *)rte_pktmbuf_append(mbuf_src,
-				op->sym->auth.digest.length);
+				sess->auth.digest_length);
 	else {
 		dst = op->sym->auth.digest.data;
 		if (dst == NULL)
@@ -1144,11 +1146,11 @@ process_openssl_auth_op
 
 	if (sess->auth.operation == RTE_CRYPTO_AUTH_OP_VERIFY) {
 		if (memcmp(dst, op->sym->auth.digest.data,
-				op->sym->auth.digest.length) != 0) {
+				sess->auth.digest_length) != 0) {
 			op->status = RTE_CRYPTO_OP_STATUS_AUTH_FAILED;
 		}
 		/* Trim area used for digest from mbuf. */
-		rte_pktmbuf_trim(mbuf_src, op->sym->auth.digest.length);
+		rte_pktmbuf_trim(mbuf_src, sess->auth.digest_length);
 	}
 
 	if (status != 0)
diff --git a/drivers/crypto/openssl/rte_openssl_pmd_private.h b/drivers/crypto/openssl/rte_openssl_pmd_private.h
index 4d820c5..28a8e36 100644
--- a/drivers/crypto/openssl/rte_openssl_pmd_private.h
+++ b/drivers/crypto/openssl/rte_openssl_pmd_private.h
@@ -157,6 +157,9 @@ struct openssl_session {
 				/**< pointer to EVP context structure */
 			} hmac;
 		};
+
+		uint16_t digest_length;
+		/**< digest length */
 	} auth;
 
 } __rte_cache_aligned;
diff --git a/drivers/crypto/qat/qat_adf/qat_algs.h b/drivers/crypto/qat/qat_adf/qat_algs.h
index b139007..9acd68a 100644
--- a/drivers/crypto/qat/qat_adf/qat_algs.h
+++ b/drivers/crypto/qat/qat_adf/qat_algs.h
@@ -127,6 +127,7 @@ struct qat_session {
 	struct icp_qat_fw_la_bulk_req fw_req;
 	uint32_t *aad_len;
 	struct qat_crypto_instance *inst;
+	uint16_t digest_length;
 	rte_spinlock_t lock;	/* protects this struct */
 };
 
diff --git a/drivers/crypto/qat/qat_crypto.c b/drivers/crypto/qat/qat_crypto.c
index 35edfc9..329f88a 100644
--- a/drivers/crypto/qat/qat_crypto.c
+++ b/drivers/crypto/qat/qat_crypto.c
@@ -1188,7 +1188,7 @@ qat_write_hw_desc_entry(struct rte_crypto_op *op, uint8_t *out_msg,
 	rte_hexdump(stdout, "iv:", op->sym->cipher.iv.data,
 			op->sym->cipher.iv.length);
 	rte_hexdump(stdout, "digest:", op->sym->auth.digest.data,
-			op->sym->auth.digest.length);
+			ctx->digest_length);
 	rte_hexdump(stdout, "aad:", op->sym->auth.aad.data,
 			op->sym->auth.aad.length);
 #endif
diff --git a/drivers/crypto/snow3g/rte_snow3g_pmd.c b/drivers/crypto/snow3g/rte_snow3g_pmd.c
index d928ed2..75989da 100644
--- a/drivers/crypto/snow3g/rte_snow3g_pmd.c
+++ b/drivers/crypto/snow3g/rte_snow3g_pmd.c
@@ -124,6 +124,12 @@ snow3g_set_session_parameters(struct snow3g_session *sess,
 		/* Only SNOW 3G UIA2 supported */
 		if (auth_xform->auth.algo != RTE_CRYPTO_AUTH_SNOW3G_UIA2)
 			return -EINVAL;
+
+		if (auth_xform->auth.digest_length != SNOW3G_DIGEST_LENGTH) {
+			SNOW3G_LOG_ERR("Wrong digest length");
+			return -EINVAL;
+		}
+
 		sess->auth_op = auth_xform->auth.op;
 		/* Initialize key */
 		sso_snow3g_init_key_sched(auth_xform->auth.key.data,
@@ -254,12 +260,6 @@ process_snow3g_hash_op(struct rte_crypto_op **ops,
 			break;
 		}
 
-		if (unlikely(ops[i]->sym->auth.digest.length != SNOW3G_DIGEST_LENGTH)) {
-			ops[i]->status = RTE_CRYPTO_OP_STATUS_INVALID_ARGS;
-			SNOW3G_LOG_ERR("digest");
-			break;
-		}
-
 		/* Data must be byte aligned */
 		if ((ops[i]->sym->auth.data.offset % BYTE_LEN) != 0) {
 			ops[i]->status = RTE_CRYPTO_OP_STATUS_INVALID_ARGS;
@@ -274,19 +274,19 @@ process_snow3g_hash_op(struct rte_crypto_op **ops,
 
 		if (session->auth_op == RTE_CRYPTO_AUTH_OP_VERIFY) {
 			dst = (uint8_t *)rte_pktmbuf_append(ops[i]->sym->m_src,
-					ops[i]->sym->auth.digest.length);
+					SNOW3G_DIGEST_LENGTH);
 
 			sso_snow3g_f9_1_buffer(&session->pKeySched_hash,
 					ops[i]->sym->auth.aad.data, src,
 					length_in_bits,	dst);
 			/* Verify digest. */
 			if (memcmp(dst, ops[i]->sym->auth.digest.data,
-					ops[i]->sym->auth.digest.length) != 0)
+					SNOW3G_DIGEST_LENGTH) != 0)
 				ops[i]->status = RTE_CRYPTO_OP_STATUS_AUTH_FAILED;
 
 			/* Trim area used for digest from mbuf. */
 			rte_pktmbuf_trim(ops[i]->sym->m_src,
-					ops[i]->sym->auth.digest.length);
+					SNOW3G_DIGEST_LENGTH);
 		} else  {
 			dst = ops[i]->sym->auth.digest.data;
 
diff --git a/drivers/crypto/zuc/rte_zuc_pmd.c b/drivers/crypto/zuc/rte_zuc_pmd.c
index 046c830..e7a3de8 100644
--- a/drivers/crypto/zuc/rte_zuc_pmd.c
+++ b/drivers/crypto/zuc/rte_zuc_pmd.c
@@ -123,6 +123,12 @@ zuc_set_session_parameters(struct zuc_session *sess,
 		/* Only ZUC EIA3 supported */
 		if (auth_xform->auth.algo != RTE_CRYPTO_AUTH_ZUC_EIA3)
 			return -EINVAL;
+
+		if (auth_xform->auth.digest_length != ZUC_DIGEST_LENGTH) {
+			ZUC_LOG_ERR("Wrong digest length");
+			return -EINVAL;
+		}
+
 		sess->auth_op = auth_xform->auth.op;
 		/* Copy the key */
 		memcpy(sess->pKey_hash, auth_xform->auth.key.data,
@@ -245,12 +251,6 @@ process_zuc_hash_op(struct rte_crypto_op **ops,
 			break;
 		}
 
-		if (unlikely(ops[i]->sym->auth.digest.length != ZUC_DIGEST_LENGTH)) {
-			ops[i]->status = RTE_CRYPTO_OP_STATUS_INVALID_ARGS;
-			ZUC_LOG_ERR("digest");
-			break;
-		}
-
 		/* Data must be byte aligned */
 		if ((ops[i]->sym->auth.data.offset % BYTE_LEN) != 0) {
 			ops[i]->status = RTE_CRYPTO_OP_STATUS_INVALID_ARGS;
@@ -265,19 +265,19 @@ process_zuc_hash_op(struct rte_crypto_op **ops,
 
 		if (session->auth_op == RTE_CRYPTO_AUTH_OP_VERIFY) {
 			dst = (uint32_t *)rte_pktmbuf_append(ops[i]->sym->m_src,
-					ops[i]->sym->auth.digest.length);
+					ZUC_DIGEST_LENGTH);
 
 			sso_zuc_eia3_1_buffer(session->pKey_hash,
 					ops[i]->sym->auth.aad.data, src,
 					length_in_bits,	dst);
 			/* Verify digest. */
 			if (memcmp(dst, ops[i]->sym->auth.digest.data,
-					ops[i]->sym->auth.digest.length) != 0)
+					ZUC_DIGEST_LENGTH) != 0)
 				ops[i]->status = RTE_CRYPTO_OP_STATUS_AUTH_FAILED;
 
 			/* Trim area used for digest from mbuf. */
 			rte_pktmbuf_trim(ops[i]->sym->m_src,
-					ops[i]->sym->auth.digest.length);
+					ZUC_DIGEST_LENGTH);
 		} else  {
 			dst = (uint32_t *)ops[i]->sym->auth.digest.data;
 
diff --git a/lib/librte_cryptodev/rte_crypto_sym.h b/lib/librte_cryptodev/rte_crypto_sym.h
index 08f4d02..982a97c 100644
--- a/lib/librte_cryptodev/rte_crypto_sym.h
+++ b/lib/librte_cryptodev/rte_crypto_sym.h
@@ -305,7 +305,7 @@ struct rte_crypto_auth_xform {
 	 * (for example RFC 2104, FIPS 198a).
 	 */
 
-	uint32_t digest_length;
+	uint16_t digest_length;
 	/**< Length of the digest to be returned. If the verify option is set,
 	 * this specifies the length of the digest to be compared for the
 	 * session.
@@ -553,10 +553,6 @@ struct rte_crypto_sym_op {
 			 */
 			phys_addr_t phys_addr;
 			/**< Physical address of digest */
-			uint16_t length;
-			/**< Length of digest. This must be the same value as
-			 * @ref rte_crypto_auth_xform.digest_length.
-			 */
 		} digest; /**< Digest parameters */
 
 		struct {
-- 
2.7.4

^ permalink raw reply	[flat|nested] 100+ messages in thread

* [dpdk-dev] [PATCH 08/13] app/crypto-perf: move IV to crypto op private data
  2017-05-28 21:05 [dpdk-dev] [PATCH 00/13] Crypto operation restructuring Pablo de Lara
                   ` (6 preceding siblings ...)
  2017-05-28 21:05 ` [dpdk-dev] [PATCH 07/13] cryptodev: remove digest length from crypto op Pablo de Lara
@ 2017-05-28 21:05 ` Pablo de Lara
  2017-05-28 21:05 ` [dpdk-dev] [PATCH 09/13] cryptodev: pass IV as offset Pablo de Lara
                   ` (5 subsequent siblings)
  13 siblings, 0 replies; 100+ messages in thread
From: Pablo de Lara @ 2017-05-28 21:05 UTC (permalink / raw)
  To: declan.doherty, akhil.goyal, hemant.agrawal, zbigniew.bodek, jerin.jacob
  Cc: dev, Pablo de Lara

Usually, IV will change for each crypto operation.
Therefore, instead of pointing at the same location,
IV is copied after each crypto operation.

This will let the IV to be passed as an offset from
the beginning of the crypto operation, instead of
a pointer.

Signed-off-by: Pablo de Lara <pablo.de.lara.guarch@intel.com>
---
 app/test-crypto-perf/cperf_ops.c                 | 45 +++++++++++++++++-------
 app/test-crypto-perf/cperf_ops.h                 |  3 +-
 app/test-crypto-perf/cperf_test_latency.c        |  9 +++--
 app/test-crypto-perf/cperf_test_throughput.c     |  9 +++--
 app/test-crypto-perf/cperf_test_vector_parsing.c |  1 -
 app/test-crypto-perf/cperf_test_vectors.c        |  1 -
 app/test-crypto-perf/cperf_test_verify.c         |  8 +++--
 7 files changed, 55 insertions(+), 21 deletions(-)

diff --git a/app/test-crypto-perf/cperf_ops.c b/app/test-crypto-perf/cperf_ops.c
index a101ba1..a1f2c69 100644
--- a/app/test-crypto-perf/cperf_ops.c
+++ b/app/test-crypto-perf/cperf_ops.c
@@ -40,7 +40,8 @@ cperf_set_ops_null_cipher(struct rte_crypto_op **ops,
 		struct rte_mbuf **bufs_in, struct rte_mbuf **bufs_out,
 		uint16_t nb_ops, struct rte_cryptodev_sym_session *sess,
 		const struct cperf_options *options,
-		const struct cperf_test_vector *test_vector __rte_unused)
+		const struct cperf_test_vector *test_vector __rte_unused,
+		uint16_t iv_offset __rte_unused)
 {
 	uint16_t i;
 
@@ -65,7 +66,8 @@ cperf_set_ops_null_auth(struct rte_crypto_op **ops,
 		struct rte_mbuf **bufs_in, struct rte_mbuf **bufs_out,
 		uint16_t nb_ops, struct rte_cryptodev_sym_session *sess,
 		const struct cperf_options *options,
-		const struct cperf_test_vector *test_vector __rte_unused)
+		const struct cperf_test_vector *test_vector __rte_unused,
+		uint16_t iv_offset __rte_unused)
 {
 	uint16_t i;
 
@@ -90,7 +92,8 @@ cperf_set_ops_cipher(struct rte_crypto_op **ops,
 		struct rte_mbuf **bufs_in, struct rte_mbuf **bufs_out,
 		uint16_t nb_ops, struct rte_cryptodev_sym_session *sess,
 		const struct cperf_options *options,
-		const struct cperf_test_vector *test_vector)
+		const struct cperf_test_vector *test_vector,
+		uint16_t iv_offset)
 {
 	uint16_t i;
 
@@ -103,9 +106,14 @@ cperf_set_ops_cipher(struct rte_crypto_op **ops,
 		sym_op->m_dst = bufs_out[i];
 
 		/* cipher parameters */
-		sym_op->cipher.iv.data = test_vector->iv.data;
-		sym_op->cipher.iv.phys_addr = test_vector->iv.phys_addr;
+		sym_op->cipher.iv.data = rte_crypto_op_ctod_offset(ops[i],
+							uint8_t *, iv_offset);
+		sym_op->cipher.iv.phys_addr = rte_crypto_op_ctophys_offset(ops[i],
+							iv_offset);
 		sym_op->cipher.iv.length = test_vector->iv.length;
+		memcpy(sym_op->cipher.iv.data,
+				test_vector->iv.data,
+				test_vector->iv.length);
 
 		if (options->cipher_algo == RTE_CRYPTO_CIPHER_SNOW3G_UEA2 ||
 				options->cipher_algo == RTE_CRYPTO_CIPHER_KASUMI_F8 ||
@@ -125,7 +133,8 @@ cperf_set_ops_auth(struct rte_crypto_op **ops,
 		struct rte_mbuf **bufs_in, struct rte_mbuf **bufs_out,
 		uint16_t nb_ops, struct rte_cryptodev_sym_session *sess,
 		const struct cperf_options *options,
-		const struct cperf_test_vector *test_vector)
+		const struct cperf_test_vector *test_vector,
+		uint16_t iv_offset __rte_unused)
 {
 	uint16_t i;
 
@@ -188,7 +197,8 @@ cperf_set_ops_cipher_auth(struct rte_crypto_op **ops,
 		struct rte_mbuf **bufs_in, struct rte_mbuf **bufs_out,
 		uint16_t nb_ops, struct rte_cryptodev_sym_session *sess,
 		const struct cperf_options *options,
-		const struct cperf_test_vector *test_vector)
+		const struct cperf_test_vector *test_vector,
+		uint16_t iv_offset)
 {
 	uint16_t i;
 
@@ -201,9 +211,14 @@ cperf_set_ops_cipher_auth(struct rte_crypto_op **ops,
 		sym_op->m_dst = bufs_out[i];
 
 		/* cipher parameters */
-		sym_op->cipher.iv.data = test_vector->iv.data;
-		sym_op->cipher.iv.phys_addr = test_vector->iv.phys_addr;
+		sym_op->cipher.iv.data = rte_crypto_op_ctod_offset(ops[i],
+							uint8_t *, iv_offset);
+		sym_op->cipher.iv.phys_addr = rte_crypto_op_ctophys_offset(ops[i],
+							iv_offset);
 		sym_op->cipher.iv.length = test_vector->iv.length;
+		memcpy(sym_op->cipher.iv.data,
+				test_vector->iv.data,
+				test_vector->iv.length);
 
 		if (options->cipher_algo == RTE_CRYPTO_CIPHER_SNOW3G_UEA2 ||
 				options->cipher_algo == RTE_CRYPTO_CIPHER_KASUMI_F8 ||
@@ -264,7 +279,8 @@ cperf_set_ops_aead(struct rte_crypto_op **ops,
 		struct rte_mbuf **bufs_in, struct rte_mbuf **bufs_out,
 		uint16_t nb_ops, struct rte_cryptodev_sym_session *sess,
 		const struct cperf_options *options,
-		const struct cperf_test_vector *test_vector)
+		const struct cperf_test_vector *test_vector,
+		uint16_t iv_offset)
 {
 	uint16_t i;
 
@@ -277,9 +293,14 @@ cperf_set_ops_aead(struct rte_crypto_op **ops,
 		sym_op->m_dst = bufs_out[i];
 
 		/* cipher parameters */
-		sym_op->cipher.iv.data = test_vector->iv.data;
-		sym_op->cipher.iv.phys_addr = test_vector->iv.phys_addr;
+		sym_op->cipher.iv.data = rte_crypto_op_ctod_offset(ops[i],
+							uint8_t *, iv_offset);
+		sym_op->cipher.iv.phys_addr = rte_crypto_op_ctophys_offset(ops[i],
+							iv_offset);
 		sym_op->cipher.iv.length = test_vector->iv.length;
+		memcpy(sym_op->cipher.iv.data,
+				test_vector->iv.data,
+				test_vector->iv.length);
 
 		sym_op->cipher.data.length = options->test_buffer_size;
 		sym_op->cipher.data.offset =
diff --git a/app/test-crypto-perf/cperf_ops.h b/app/test-crypto-perf/cperf_ops.h
index 1b748da..f7b431c 100644
--- a/app/test-crypto-perf/cperf_ops.h
+++ b/app/test-crypto-perf/cperf_ops.h
@@ -48,7 +48,8 @@ typedef int (*cperf_populate_ops_t)(struct rte_crypto_op **ops,
 		struct rte_mbuf **bufs_in, struct rte_mbuf **bufs_out,
 		uint16_t nb_ops, struct rte_cryptodev_sym_session *sess,
 		const struct cperf_options *options,
-		const struct cperf_test_vector *test_vector);
+		const struct cperf_test_vector *test_vector,
+		uint16_t iv_offset);
 
 struct cperf_op_fns {
 	cperf_sessions_create_t sess_create;
diff --git a/app/test-crypto-perf/cperf_test_latency.c b/app/test-crypto-perf/cperf_test_latency.c
index 215614e..780eef0 100644
--- a/app/test-crypto-perf/cperf_test_latency.c
+++ b/app/test-crypto-perf/cperf_test_latency.c
@@ -68,6 +68,7 @@ struct cperf_latency_ctx {
 
 struct priv_op_data {
 	struct cperf_op_result *result;
+	uint8_t IV[0];
 };
 
 #define max(a, b) (a > b ? (uint64_t)a : (uint64_t)b)
@@ -280,7 +281,7 @@ cperf_latency_test_constructor(uint8_t dev_id, uint16_t qp_id,
 	snprintf(pool_name, sizeof(pool_name), "cperf_op_pool_cdev_%d",
 			dev_id);
 
-	uint16_t priv_size = sizeof(struct priv_op_data);
+	uint16_t priv_size = sizeof(struct priv_op_data) + test_vector->iv.length;
 	ctx->crypto_op_pool = rte_crypto_op_pool_create(pool_name,
 			RTE_CRYPTO_OP_TYPE_SYMMETRIC, options->pool_sz, 0, priv_size,
 			rte_socket_id());
@@ -344,6 +345,10 @@ cperf_latency_test_runner(void *arg)
 	else
 		test_burst_size = ctx->options->burst_size_list[0];
 
+	uint32_t iv_offset = sizeof(struct rte_crypto_op) +
+		sizeof(struct rte_crypto_sym_op) +
+		sizeof(struct cperf_op_result *);
+
 	while (test_burst_size <= ctx->options->max_burst_size) {
 		uint64_t ops_enqd = 0, ops_deqd = 0;
 		uint64_t m_idx = 0, b_idx = 0;
@@ -372,7 +377,7 @@ cperf_latency_test_runner(void *arg)
 			(ctx->populate_ops)(ops, &ctx->mbufs_in[m_idx],
 					&ctx->mbufs_out[m_idx],
 					burst_size, ctx->sess, ctx->options,
-					ctx->test_vector);
+					ctx->test_vector, iv_offset);
 
 			tsc_start = rte_rdtsc_precise();
 
diff --git a/app/test-crypto-perf/cperf_test_throughput.c b/app/test-crypto-perf/cperf_test_throughput.c
index 61b27ea..144b550 100644
--- a/app/test-crypto-perf/cperf_test_throughput.c
+++ b/app/test-crypto-perf/cperf_test_throughput.c
@@ -262,8 +262,10 @@ cperf_throughput_test_constructor(uint8_t dev_id, uint16_t qp_id,
 	snprintf(pool_name, sizeof(pool_name), "cperf_op_pool_cdev_%d",
 			dev_id);
 
+	uint16_t priv_size = test_vector->iv.length;
+
 	ctx->crypto_op_pool = rte_crypto_op_pool_create(pool_name,
-			RTE_CRYPTO_OP_TYPE_SYMMETRIC, options->pool_sz, 0, 0,
+			RTE_CRYPTO_OP_TYPE_SYMMETRIC, options->pool_sz, 0, priv_size,
 			rte_socket_id());
 	if (ctx->crypto_op_pool == NULL)
 		goto err;
@@ -315,6 +317,9 @@ cperf_throughput_test_runner(void *test_ctx)
 	else
 		test_burst_size = ctx->options->burst_size_list[0];
 
+	uint32_t iv_offset = sizeof(struct rte_crypto_op) +
+		sizeof(struct rte_crypto_sym_op);
+
 	while (test_burst_size <= ctx->options->max_burst_size) {
 		uint64_t ops_enqd = 0, ops_enqd_total = 0, ops_enqd_failed = 0;
 		uint64_t ops_deqd = 0, ops_deqd_total = 0, ops_deqd_failed = 0;
@@ -346,7 +351,7 @@ cperf_throughput_test_runner(void *test_ctx)
 			(ctx->populate_ops)(ops, &ctx->mbufs_in[m_idx],
 					&ctx->mbufs_out[m_idx],
 					ops_needed, ctx->sess, ctx->options,
-					ctx->test_vector);
+					ctx->test_vector, iv_offset);
 
 			/**
 			 * When ops_needed is smaller than ops_enqd, the
diff --git a/app/test-crypto-perf/cperf_test_vector_parsing.c b/app/test-crypto-perf/cperf_test_vector_parsing.c
index f384e3d..62d0c91 100644
--- a/app/test-crypto-perf/cperf_test_vector_parsing.c
+++ b/app/test-crypto-perf/cperf_test_vector_parsing.c
@@ -303,7 +303,6 @@ parse_entry(char *entry, struct cperf_test_vector *vector,
 	} else if (strstr(key_token, "iv")) {
 		rte_free(vector->iv.data);
 		vector->iv.data = data;
-		vector->iv.phys_addr = rte_malloc_virt2phy(vector->iv.data);
 		if (tc_found)
 			vector->iv.length = data_length;
 		else {
diff --git a/app/test-crypto-perf/cperf_test_vectors.c b/app/test-crypto-perf/cperf_test_vectors.c
index 757957f..36b3f6f 100644
--- a/app/test-crypto-perf/cperf_test_vectors.c
+++ b/app/test-crypto-perf/cperf_test_vectors.c
@@ -423,7 +423,6 @@ cperf_test_vector_get_dummy(struct cperf_options *options)
 			memcpy(t_vec->iv.data, iv, options->cipher_iv_sz);
 		}
 		t_vec->ciphertext.length = options->max_buffer_size;
-		t_vec->iv.phys_addr = rte_malloc_virt2phy(t_vec->iv.data);
 		t_vec->iv.length = options->cipher_iv_sz;
 		t_vec->data.cipher_offset = 0;
 		t_vec->data.cipher_length = options->max_buffer_size;
diff --git a/app/test-crypto-perf/cperf_test_verify.c b/app/test-crypto-perf/cperf_test_verify.c
index 454221e..a599d91 100644
--- a/app/test-crypto-perf/cperf_test_verify.c
+++ b/app/test-crypto-perf/cperf_test_verify.c
@@ -266,8 +266,9 @@ cperf_verify_test_constructor(uint8_t dev_id, uint16_t qp_id,
 	snprintf(pool_name, sizeof(pool_name), "cperf_op_pool_cdev_%d",
 			dev_id);
 
+	uint16_t priv_size = test_vector->iv.length;
 	ctx->crypto_op_pool = rte_crypto_op_pool_create(pool_name,
-			RTE_CRYPTO_OP_TYPE_SYMMETRIC, options->pool_sz, 0, 0,
+			RTE_CRYPTO_OP_TYPE_SYMMETRIC, options->pool_sz, 0, priv_size,
 			rte_socket_id());
 	if (ctx->crypto_op_pool == NULL)
 		goto err;
@@ -417,6 +418,9 @@ cperf_verify_test_runner(void *test_ctx)
 		printf("\n# Running verify test on device: %u, lcore: %u\n",
 			ctx->dev_id, lcore);
 
+	uint32_t iv_offset = sizeof(struct rte_crypto_op) +
+		sizeof(struct rte_crypto_sym_op);
+
 	while (ops_enqd_total < ctx->options->total_ops) {
 
 		uint16_t burst_size = ((ops_enqd_total + ctx->options->max_burst_size)
@@ -438,7 +442,7 @@ cperf_verify_test_runner(void *test_ctx)
 		(ctx->populate_ops)(ops, &ctx->mbufs_in[m_idx],
 				&ctx->mbufs_out[m_idx],
 				ops_needed, ctx->sess, ctx->options,
-				ctx->test_vector);
+				ctx->test_vector, iv_offset);
 
 #ifdef CPERF_LINEARIZATION_ENABLE
 		if (linearize) {
-- 
2.7.4

^ permalink raw reply	[flat|nested] 100+ messages in thread

* [dpdk-dev] [PATCH 09/13] cryptodev: pass IV as offset
  2017-05-28 21:05 [dpdk-dev] [PATCH 00/13] Crypto operation restructuring Pablo de Lara
                   ` (7 preceding siblings ...)
  2017-05-28 21:05 ` [dpdk-dev] [PATCH 08/13] app/crypto-perf: move IV to crypto op private data Pablo de Lara
@ 2017-05-28 21:05 ` Pablo de Lara
  2017-05-28 21:05 ` [dpdk-dev] [PATCH 10/13] cryptodev: move IV parameters to crypto session Pablo de Lara
                   ` (4 subsequent siblings)
  13 siblings, 0 replies; 100+ messages in thread
From: Pablo de Lara @ 2017-05-28 21:05 UTC (permalink / raw)
  To: declan.doherty, akhil.goyal, hemant.agrawal, zbigniew.bodek, jerin.jacob
  Cc: dev, Pablo de Lara

Since IV now is copied after the crypto operation, in
its private size, IV can be passed only with offset
and length.

Signed-off-by: Pablo de Lara <pablo.de.lara.guarch@intel.com>
---
 app/test-crypto-perf/cperf_ops.c            | 21 +++------
 drivers/crypto/aesni_gcm/aesni_gcm_pmd.c    | 68 +++++++++++++++--------------
 drivers/crypto/aesni_mb/rte_aesni_mb_pmd.c  |  3 +-
 drivers/crypto/armv8/rte_armv8_pmd.c        |  3 +-
 drivers/crypto/dpaa2_sec/dpaa2_sec_dpseci.c |  8 +++-
 drivers/crypto/kasumi/rte_kasumi_pmd.c      | 10 ++++-
 drivers/crypto/openssl/rte_openssl_pmd.c    | 12 +++--
 drivers/crypto/qat/qat_crypto.c             | 16 ++++---
 drivers/crypto/snow3g/rte_snow3g_pmd.c      |  6 ++-
 drivers/crypto/zuc/rte_zuc_pmd.c            |  3 +-
 lib/librte_cryptodev/rte_crypto_sym.h       |  7 +--
 11 files changed, 89 insertions(+), 68 deletions(-)

diff --git a/app/test-crypto-perf/cperf_ops.c b/app/test-crypto-perf/cperf_ops.c
index a1f2c69..4846b68 100644
--- a/app/test-crypto-perf/cperf_ops.c
+++ b/app/test-crypto-perf/cperf_ops.c
@@ -106,12 +106,9 @@ cperf_set_ops_cipher(struct rte_crypto_op **ops,
 		sym_op->m_dst = bufs_out[i];
 
 		/* cipher parameters */
-		sym_op->cipher.iv.data = rte_crypto_op_ctod_offset(ops[i],
-							uint8_t *, iv_offset);
-		sym_op->cipher.iv.phys_addr = rte_crypto_op_ctophys_offset(ops[i],
-							iv_offset);
+		sym_op->cipher.iv.offset = iv_offset;
 		sym_op->cipher.iv.length = test_vector->iv.length;
-		memcpy(sym_op->cipher.iv.data,
+		memcpy(rte_crypto_op_ctod_offset(ops[i], uint8_t *, iv_offset),
 				test_vector->iv.data,
 				test_vector->iv.length);
 
@@ -211,12 +208,9 @@ cperf_set_ops_cipher_auth(struct rte_crypto_op **ops,
 		sym_op->m_dst = bufs_out[i];
 
 		/* cipher parameters */
-		sym_op->cipher.iv.data = rte_crypto_op_ctod_offset(ops[i],
-							uint8_t *, iv_offset);
-		sym_op->cipher.iv.phys_addr = rte_crypto_op_ctophys_offset(ops[i],
-							iv_offset);
+		sym_op->cipher.iv.offset = iv_offset;
 		sym_op->cipher.iv.length = test_vector->iv.length;
-		memcpy(sym_op->cipher.iv.data,
+		memcpy(rte_crypto_op_ctod_offset(ops[i], uint8_t *, iv_offset),
 				test_vector->iv.data,
 				test_vector->iv.length);
 
@@ -293,12 +287,9 @@ cperf_set_ops_aead(struct rte_crypto_op **ops,
 		sym_op->m_dst = bufs_out[i];
 
 		/* cipher parameters */
-		sym_op->cipher.iv.data = rte_crypto_op_ctod_offset(ops[i],
-							uint8_t *, iv_offset);
-		sym_op->cipher.iv.phys_addr = rte_crypto_op_ctophys_offset(ops[i],
-							iv_offset);
+		sym_op->cipher.iv.offset = iv_offset;
 		sym_op->cipher.iv.length = test_vector->iv.length;
-		memcpy(sym_op->cipher.iv.data,
+		memcpy(rte_crypto_op_ctod_offset(ops[i], uint8_t *, iv_offset),
 				test_vector->iv.data,
 				test_vector->iv.length);
 
diff --git a/drivers/crypto/aesni_gcm/aesni_gcm_pmd.c b/drivers/crypto/aesni_gcm/aesni_gcm_pmd.c
index 31e48aa..573e071 100644
--- a/drivers/crypto/aesni_gcm/aesni_gcm_pmd.c
+++ b/drivers/crypto/aesni_gcm/aesni_gcm_pmd.c
@@ -191,12 +191,14 @@ aesni_gcm_get_session(struct aesni_gcm_qp *qp, struct rte_crypto_op *op)
  *
  */
 static int
-process_gcm_crypto_op(struct rte_crypto_sym_op *op,
+process_gcm_crypto_op(struct rte_crypto_op *op,
 		struct aesni_gcm_session *session)
 {
 	uint8_t *src, *dst;
-	struct rte_mbuf *m_src = op->m_src;
-	uint32_t offset = op->cipher.data.offset;
+	uint8_t *IV_ptr;
+	struct rte_crypto_sym_op *sym_op = op->sym;
+	struct rte_mbuf *m_src = sym_op->m_src;
+	uint32_t offset = sym_op->cipher.data.offset;
 	uint32_t part_len, total_len, data_len;
 
 	RTE_ASSERT(m_src != NULL);
@@ -209,53 +211,55 @@ process_gcm_crypto_op(struct rte_crypto_sym_op *op,
 	}
 
 	data_len = m_src->data_len - offset;
-	part_len = (data_len < op->cipher.data.length) ? data_len :
-			op->cipher.data.length;
+	part_len = (data_len < sym_op->cipher.data.length) ? data_len :
+			sym_op->cipher.data.length;
 
 	/* Destination buffer is required when segmented source buffer */
-	RTE_ASSERT((part_len == op->cipher.data.length) ||
-			((part_len != op->cipher.data.length) &&
-					(op->m_dst != NULL)));
+	RTE_ASSERT((part_len == sym_op->cipher.data.length) ||
+			((part_len != sym_op->cipher.data.length) &&
+					(sym_op->m_dst != NULL)));
 	/* Segmented destination buffer is not supported */
-	RTE_ASSERT((op->m_dst == NULL) ||
-			((op->m_dst != NULL) &&
-					rte_pktmbuf_is_contiguous(op->m_dst)));
+	RTE_ASSERT((sym_op->m_dst == NULL) ||
+			((sym_op->m_dst != NULL) &&
+					rte_pktmbuf_is_contiguous(sym_op->m_dst)));
 
 
-	dst = op->m_dst ?
-			rte_pktmbuf_mtod_offset(op->m_dst, uint8_t *,
-					op->cipher.data.offset) :
-			rte_pktmbuf_mtod_offset(op->m_src, uint8_t *,
-					op->cipher.data.offset);
+	dst = sym_op->m_dst ?
+			rte_pktmbuf_mtod_offset(sym_op->m_dst, uint8_t *,
+					sym_op->cipher.data.offset) :
+			rte_pktmbuf_mtod_offset(sym_op->m_src, uint8_t *,
+					sym_op->cipher.data.offset);
 
 	src = rte_pktmbuf_mtod_offset(m_src, uint8_t *, offset);
 
 	/* sanity checks */
-	if (op->cipher.iv.length != 16 && op->cipher.iv.length != 12 &&
-			op->cipher.iv.length != 0) {
+	if (sym_op->cipher.iv.length != 16 && sym_op->cipher.iv.length != 12 &&
+			sym_op->cipher.iv.length != 0) {
 		GCM_LOG_ERR("iv");
 		return -1;
 	}
 
+	IV_ptr = rte_crypto_op_ctod_offset(op, uint8_t *,
+				sym_op->cipher.iv.offset);
 	/*
 	 * GCM working in 12B IV mode => 16B pre-counter block we need
 	 * to set BE LSB to 1, driver expects that 16B is allocated
 	 */
-	if (op->cipher.iv.length == 12) {
-		uint32_t *iv_padd = (uint32_t *)&op->cipher.iv.data[12];
+	if (sym_op->cipher.iv.length == 12) {
+		uint32_t *iv_padd = (uint32_t *)&(IV_ptr[12]);
 		*iv_padd = rte_bswap32(1);
 	}
 
 	if (session->op == AESNI_GCM_OP_AUTHENTICATED_ENCRYPTION) {
 
 		aesni_gcm_enc[session->key].init(&session->gdata,
-				op->cipher.iv.data,
-				op->auth.aad.data,
-				(uint64_t)op->auth.aad.length);
+				IV_ptr,
+				sym_op->auth.aad.data,
+				(uint64_t)sym_op->auth.aad.length);
 
 		aesni_gcm_enc[session->key].update(&session->gdata, dst, src,
 				(uint64_t)part_len);
-		total_len = op->cipher.data.length - part_len;
+		total_len = sym_op->cipher.data.length - part_len;
 
 		while (total_len) {
 			dst += part_len;
@@ -274,11 +278,11 @@ process_gcm_crypto_op(struct rte_crypto_sym_op *op,
 		}
 
 		aesni_gcm_enc[session->key].finalize(&session->gdata,
-				op->auth.digest.data,
+				sym_op->auth.digest.data,
 				(uint64_t)session->digest_length);
 	} else { /* session->op == AESNI_GCM_OP_AUTHENTICATED_DECRYPTION */
-		uint8_t *auth_tag = (uint8_t *)rte_pktmbuf_append(op->m_dst ?
-				op->m_dst : op->m_src,
+		uint8_t *auth_tag = (uint8_t *)rte_pktmbuf_append(sym_op->m_dst ?
+				sym_op->m_dst : sym_op->m_src,
 				session->digest_length);
 
 		if (!auth_tag) {
@@ -287,13 +291,13 @@ process_gcm_crypto_op(struct rte_crypto_sym_op *op,
 		}
 
 		aesni_gcm_dec[session->key].init(&session->gdata,
-				op->cipher.iv.data,
-				op->auth.aad.data,
-				(uint64_t)op->auth.aad.length);
+				IV_ptr,
+				sym_op->auth.aad.data,
+				(uint64_t)sym_op->auth.aad.length);
 
 		aesni_gcm_dec[session->key].update(&session->gdata, dst, src,
 				(uint64_t)part_len);
-		total_len = op->cipher.data.length - part_len;
+		total_len = sym_op->cipher.data.length - part_len;
 
 		while (total_len) {
 			dst += part_len;
@@ -405,7 +409,7 @@ aesni_gcm_pmd_dequeue_burst(void *queue_pair,
 			break;
 		}
 
-		retval = process_gcm_crypto_op(ops[i]->sym, sess);
+		retval = process_gcm_crypto_op(ops[i], sess);
 		if (retval < 0) {
 			ops[i]->status = RTE_CRYPTO_OP_STATUS_INVALID_ARGS;
 			qp->qp_stats.dequeue_err_count++;
diff --git a/drivers/crypto/aesni_mb/rte_aesni_mb_pmd.c b/drivers/crypto/aesni_mb/rte_aesni_mb_pmd.c
index 21e3bb2..284e111 100644
--- a/drivers/crypto/aesni_mb/rte_aesni_mb_pmd.c
+++ b/drivers/crypto/aesni_mb/rte_aesni_mb_pmd.c
@@ -470,7 +470,8 @@ set_mb_job_params(JOB_AES_HMAC *job, struct aesni_mb_qp *qp,
 			get_truncated_digest_byte_length(job->hash_alg);
 
 	/* Set IV parameters */
-	job->iv = op->sym->cipher.iv.data;
+	job->iv = rte_crypto_op_ctod_offset(op, uint8_t *,
+			op->sym->cipher.iv.offset);
 	job->iv_len_in_bytes = op->sym->cipher.iv.length;
 
 	/* Data  Parameter */
diff --git a/drivers/crypto/armv8/rte_armv8_pmd.c b/drivers/crypto/armv8/rte_armv8_pmd.c
index 3ca9007..77d79df 100644
--- a/drivers/crypto/armv8/rte_armv8_pmd.c
+++ b/drivers/crypto/armv8/rte_armv8_pmd.c
@@ -656,7 +656,8 @@ process_armv8_chained_op
 		return;
 	}
 
-	arg.cipher.iv = op->sym->cipher.iv.data;
+	arg.cipher.iv = rte_crypto_op_ctod_offset(op, uint8_t *,
+					op->sym->cipher.iv.offset);
 	arg.cipher.key = sess->cipher.key.data;
 	/* Acquire combined mode function */
 	crypto_func = sess->crypto_func;
diff --git a/drivers/crypto/dpaa2_sec/dpaa2_sec_dpseci.c b/drivers/crypto/dpaa2_sec/dpaa2_sec_dpseci.c
index 336c281..c192141 100644
--- a/drivers/crypto/dpaa2_sec/dpaa2_sec_dpseci.c
+++ b/drivers/crypto/dpaa2_sec/dpaa2_sec_dpseci.c
@@ -87,6 +87,8 @@ build_authenc_fd(dpaa2_sec_session *sess,
 	int icv_len = sess->digest_length;
 	uint8_t *old_icv;
 	uint32_t mem_len = (7 * sizeof(struct qbman_fle)) + icv_len;
+	uint8_t *IV_ptr = rte_crypto_op_ctod_offset(op, uint8_t *,
+			op->sym->cipher.iv.offset);
 
 	PMD_INIT_FUNC_TRACE();
 
@@ -178,7 +180,7 @@ build_authenc_fd(dpaa2_sec_session *sess,
 			 sess->digest_length);
 
 	/* Configure Input SGE for Encap/Decap */
-	DPAA2_SET_FLE_ADDR(sge, DPAA2_VADDR_TO_IOVA(sym_op->cipher.iv.data));
+	DPAA2_SET_FLE_ADDR(sge, DPAA2_VADDR_TO_IOVA(IV_ptr));
 	sge->length = sym_op->cipher.iv.length;
 	sge++;
 
@@ -307,6 +309,8 @@ build_cipher_fd(dpaa2_sec_session *sess, struct rte_crypto_op *op,
 	uint32_t mem_len = (5 * sizeof(struct qbman_fle));
 	struct sec_flow_context *flc;
 	struct ctxt_priv *priv = sess->ctxt;
+	uint8_t *IV_ptr = rte_crypto_op_ctod_offset(op, uint8_t *,
+			op->sym->cipher.iv.offset);
 
 	PMD_INIT_FUNC_TRACE();
 
@@ -369,7 +373,7 @@ build_cipher_fd(dpaa2_sec_session *sess, struct rte_crypto_op *op,
 
 	DPAA2_SET_FLE_SG_EXT(fle);
 
-	DPAA2_SET_FLE_ADDR(sge, DPAA2_VADDR_TO_IOVA(sym_op->cipher.iv.data));
+	DPAA2_SET_FLE_ADDR(sge, DPAA2_VADDR_TO_IOVA(IV_ptr));
 	sge->length = sym_op->cipher.iv.length;
 
 	sge++;
diff --git a/drivers/crypto/kasumi/rte_kasumi_pmd.c b/drivers/crypto/kasumi/rte_kasumi_pmd.c
index 6407a7d..4905641 100644
--- a/drivers/crypto/kasumi/rte_kasumi_pmd.c
+++ b/drivers/crypto/kasumi/rte_kasumi_pmd.c
@@ -179,6 +179,7 @@ process_kasumi_cipher_op(struct rte_crypto_op **ops,
 	unsigned i;
 	uint8_t processed_ops = 0;
 	uint8_t *src[num_ops], *dst[num_ops];
+	uint8_t *IV_ptr;
 	uint64_t IV[num_ops];
 	uint32_t num_bytes[num_ops];
 
@@ -197,7 +198,9 @@ process_kasumi_cipher_op(struct rte_crypto_op **ops,
 				(ops[i]->sym->cipher.data.offset >> 3) :
 			rte_pktmbuf_mtod(ops[i]->sym->m_src, uint8_t *) +
 				(ops[i]->sym->cipher.data.offset >> 3);
-		IV[i] = *((uint64_t *)(ops[i]->sym->cipher.iv.data));
+		IV_ptr = rte_crypto_op_ctod_offset(ops[i], uint8_t *,
+				ops[i]->sym->cipher.iv.offset);
+		IV[i] = *((uint64_t *)(IV_ptr));
 		num_bytes[i] = ops[i]->sym->cipher.data.length >> 3;
 
 		processed_ops++;
@@ -216,6 +219,7 @@ process_kasumi_cipher_op_bit(struct rte_crypto_op *op,
 		struct kasumi_session *session)
 {
 	uint8_t *src, *dst;
+	uint8_t *IV_ptr;
 	uint64_t IV;
 	uint32_t length_in_bits, offset_in_bits;
 
@@ -234,7 +238,9 @@ process_kasumi_cipher_op_bit(struct rte_crypto_op *op,
 		return 0;
 	}
 	dst = rte_pktmbuf_mtod(op->sym->m_dst, uint8_t *);
-	IV = *((uint64_t *)(op->sym->cipher.iv.data));
+	IV_ptr = rte_crypto_op_ctod_offset(op, uint8_t *,
+			op->sym->cipher.iv.offset);
+	IV = *((uint64_t *)(IV_ptr));
 	length_in_bits = op->sym->cipher.data.length;
 
 	sso_kasumi_f8_1_buffer_bit(&session->pKeySched_cipher, IV,
diff --git a/drivers/crypto/openssl/rte_openssl_pmd.c b/drivers/crypto/openssl/rte_openssl_pmd.c
index 0333526..c3e3cf2 100644
--- a/drivers/crypto/openssl/rte_openssl_pmd.c
+++ b/drivers/crypto/openssl/rte_openssl_pmd.c
@@ -924,7 +924,8 @@ process_openssl_combined_op
 		return;
 	}
 
-	iv = op->sym->cipher.iv.data;
+	iv = rte_crypto_op_ctod_offset(op, uint8_t *,
+			op->sym->cipher.iv.offset);
 	ivlen = op->sym->cipher.iv.length;
 	aad = op->sym->auth.aad.data;
 	aadlen = op->sym->auth.aad.length;
@@ -988,7 +989,8 @@ process_openssl_cipher_op
 	dst = rte_pktmbuf_mtod_offset(mbuf_dst, uint8_t *,
 			op->sym->cipher.data.offset);
 
-	iv = op->sym->cipher.iv.data;
+	iv = rte_crypto_op_ctod_offset(op, uint8_t *,
+			op->sym->cipher.iv.offset);
 
 	if (sess->cipher.mode == OPENSSL_CIPHER_LIB)
 		if (sess->cipher.direction == RTE_CRYPTO_CIPHER_OP_ENCRYPT)
@@ -1029,7 +1031,8 @@ process_openssl_docsis_bpi_op(struct rte_crypto_op *op,
 	dst = rte_pktmbuf_mtod_offset(mbuf_dst, uint8_t *,
 			op->sym->cipher.data.offset);
 
-	iv = op->sym->cipher.iv.data;
+	iv = rte_crypto_op_ctod_offset(op, uint8_t *,
+			op->sym->cipher.iv.offset);
 
 	block_size = DES_BLOCK_SIZE;
 
@@ -1087,7 +1090,8 @@ process_openssl_docsis_bpi_op(struct rte_crypto_op *op,
 						dst, iv,
 						last_block_len, sess->cipher.bpi_ctx);
 				/* Prepare parameters for CBC mode op */
-				iv = op->sym->cipher.iv.data;
+				iv = rte_crypto_op_ctod_offset(op, uint8_t *,
+						op->sym->cipher.iv.offset);
 				dst += last_block_len - srclen;
 				srclen -= last_block_len;
 			}
diff --git a/drivers/crypto/qat/qat_crypto.c b/drivers/crypto/qat/qat_crypto.c
index 329f88a..f72d3e3 100644
--- a/drivers/crypto/qat/qat_crypto.c
+++ b/drivers/crypto/qat/qat_crypto.c
@@ -639,7 +639,8 @@ qat_bpicipher_preprocess(struct qat_session *ctx,
 			iv = last_block - block_len;
 		else
 			/* runt block, i.e. less than one full block */
-			iv = sym_op->cipher.iv.data;
+			iv = rte_crypto_op_ctod_offset(op, uint8_t *,
+					sym_op->cipher.iv.offset);
 
 #ifdef RTE_LIBRTE_PMD_QAT_DEBUG_TX
 		rte_hexdump(stdout, "BPI: src before pre-process:", last_block,
@@ -694,7 +695,8 @@ qat_bpicipher_postprocess(struct qat_session *ctx,
 			iv = dst - block_len;
 		else
 			/* runt block, i.e. less than one full block */
-			iv = sym_op->cipher.iv.data;
+			iv = rte_crypto_op_ctod_offset(op, uint8_t *,
+					sym_op->cipher.iv.offset);
 
 #ifdef RTE_LIBRTE_PMD_QAT_DEBUG_RX
 		rte_hexdump(stdout, "BPI: src before post-process:", last_block,
@@ -895,6 +897,7 @@ qat_write_hw_desc_entry(struct rte_crypto_op *op, uint8_t *out_msg,
 	uint32_t min_ofs = 0;
 	uint64_t src_buf_start = 0, dst_buf_start = 0;
 	uint8_t do_sgl = 0;
+	uint8_t *IV_ptr;
 
 
 #ifdef RTE_LIBRTE_PMD_QAT_DEBUG_TX
@@ -935,6 +938,8 @@ qat_write_hw_desc_entry(struct rte_crypto_op *op, uint8_t *out_msg,
 		do_cipher = 1;
 	}
 
+	IV_ptr = rte_crypto_op_ctod_offset(op, uint8_t *,
+					op->sym->cipher.iv.offset);
 	if (do_cipher) {
 
 		if (ctx->qat_cipher_alg ==
@@ -978,14 +983,15 @@ qat_write_hw_desc_entry(struct rte_crypto_op *op, uint8_t *out_msg,
 			if (op->sym->cipher.iv.length <=
 					sizeof(cipher_param->u.cipher_IV_array)) {
 				rte_memcpy(cipher_param->u.cipher_IV_array,
-						op->sym->cipher.iv.data,
+						IV_ptr,
 						op->sym->cipher.iv.length);
 			} else {
 				ICP_QAT_FW_LA_CIPH_IV_FLD_FLAG_SET(
 						qat_req->comn_hdr.serv_specif_flags,
 						ICP_QAT_FW_CIPH_IV_64BIT_PTR);
 				cipher_param->u.s.cipher_IV_ptr =
-						op->sym->cipher.iv.phys_addr;
+						rte_crypto_op_ctophys_offset(op,
+							op->sym->cipher.iv.offset);
 			}
 		}
 		min_ofs = cipher_ofs;
@@ -1185,7 +1191,7 @@ qat_write_hw_desc_entry(struct rte_crypto_op *op, uint8_t *out_msg,
 	rte_hexdump(stdout, "src_data:",
 			rte_pktmbuf_mtod(op->sym->m_src, uint8_t*),
 			rte_pktmbuf_data_len(op->sym->m_src));
-	rte_hexdump(stdout, "iv:", op->sym->cipher.iv.data,
+	rte_hexdump(stdout, "iv:", IV_ptr,
 			op->sym->cipher.iv.length);
 	rte_hexdump(stdout, "digest:", op->sym->auth.digest.data,
 			ctx->digest_length);
diff --git a/drivers/crypto/snow3g/rte_snow3g_pmd.c b/drivers/crypto/snow3g/rte_snow3g_pmd.c
index 75989da..8ebe302 100644
--- a/drivers/crypto/snow3g/rte_snow3g_pmd.c
+++ b/drivers/crypto/snow3g/rte_snow3g_pmd.c
@@ -197,7 +197,8 @@ process_snow3g_cipher_op(struct rte_crypto_op **ops,
 				(ops[i]->sym->cipher.data.offset >> 3) :
 			rte_pktmbuf_mtod(ops[i]->sym->m_src, uint8_t *) +
 				(ops[i]->sym->cipher.data.offset >> 3);
-		IV[i] = ops[i]->sym->cipher.iv.data;
+		IV[i] = rte_crypto_op_ctod_offset(ops[i], uint8_t *,
+				ops[i]->sym->cipher.iv.offset);
 		num_bytes[i] = ops[i]->sym->cipher.data.length >> 3;
 
 		processed_ops++;
@@ -233,7 +234,8 @@ process_snow3g_cipher_op_bit(struct rte_crypto_op *op,
 		return 0;
 	}
 	dst = rte_pktmbuf_mtod(op->sym->m_dst, uint8_t *);
-	IV = op->sym->cipher.iv.data;
+	IV = rte_crypto_op_ctod_offset(op, uint8_t *,
+				op->sym->cipher.iv.offset);
 	length_in_bits = op->sym->cipher.data.length;
 
 	sso_snow3g_f8_1_buffer_bit(&session->pKeySched_cipher, IV,
diff --git a/drivers/crypto/zuc/rte_zuc_pmd.c b/drivers/crypto/zuc/rte_zuc_pmd.c
index e7a3de8..df58ec4 100644
--- a/drivers/crypto/zuc/rte_zuc_pmd.c
+++ b/drivers/crypto/zuc/rte_zuc_pmd.c
@@ -218,7 +218,8 @@ process_zuc_cipher_op(struct rte_crypto_op **ops,
 				(ops[i]->sym->cipher.data.offset >> 3) :
 			rte_pktmbuf_mtod(ops[i]->sym->m_src, uint8_t *) +
 				(ops[i]->sym->cipher.data.offset >> 3);
-		IV[i] = ops[i]->sym->cipher.iv.data;
+		IV[i] = rte_crypto_op_ctod_offset(ops[i], uint8_t *,
+				ops[i]->sym->cipher.iv.offset);
 		num_bytes[i] = ops[i]->sym->cipher.data.length >> 3;
 
 		cipher_keys[i] = session->pKey_cipher;
diff --git a/lib/librte_cryptodev/rte_crypto_sym.h b/lib/librte_cryptodev/rte_crypto_sym.h
index 982a97c..4b921e8 100644
--- a/lib/librte_cryptodev/rte_crypto_sym.h
+++ b/lib/librte_cryptodev/rte_crypto_sym.h
@@ -435,8 +435,10 @@ struct rte_crypto_sym_op {
 		} data; /**< Data offsets and length for ciphering */
 
 		struct {
-			uint8_t *data;
-			/**< Initialisation Vector or Counter.
+			uint16_t offset;
+			/**< Starting point for Initialisation Vector or Counter,
+			 * specified as number of bytes from start of crypto
+			 * operation.
 			 *
 			 * - For block ciphers in CBC or F8 mode, or for KASUMI
 			 * in F8 mode, or for SNOW 3G in UEA2 mode, this is the
@@ -462,7 +464,6 @@ struct rte_crypto_sym_op {
 			 * For optimum performance, the data pointed to SHOULD
 			 * be 8-byte aligned.
 			 */
-			phys_addr_t phys_addr;
 			uint16_t length;
 			/**< Length of valid IV data.
 			 *
-- 
2.7.4

^ permalink raw reply	[flat|nested] 100+ messages in thread

* [dpdk-dev] [PATCH 10/13] cryptodev: move IV parameters to crypto session
  2017-05-28 21:05 [dpdk-dev] [PATCH 00/13] Crypto operation restructuring Pablo de Lara
                   ` (8 preceding siblings ...)
  2017-05-28 21:05 ` [dpdk-dev] [PATCH 09/13] cryptodev: pass IV as offset Pablo de Lara
@ 2017-05-28 21:05 ` Pablo de Lara
  2017-05-28 21:05 ` [dpdk-dev] [PATCH 11/13] drivers/crypto: do not use AAD in wireless algorithms Pablo de Lara
                   ` (3 subsequent siblings)
  13 siblings, 0 replies; 100+ messages in thread
From: Pablo de Lara @ 2017-05-28 21:05 UTC (permalink / raw)
  To: declan.doherty, akhil.goyal, hemant.agrawal, zbigniew.bodek, jerin.jacob
  Cc: dev, Pablo de Lara

Since IV parameters (offset and length) should not
change for operations in the same session, these parameters
are moved to the crypto transform structure, so they will
be stored in the sessions.

Also, IV is not related to only cipher algorithms anymore,
as other algorithms like GMAC or the wireless algorithms,
such as SNOW3G, use it.

Therefore, the IV will be parsed from the first transform,
when creating the session of a PMD.

Signed-off-by: Pablo de Lara <pablo.de.lara.guarch@intel.com>
---
 app/test-crypto-perf/cperf_ops.c                   |  33 ++++--
 app/test-crypto-perf/cperf_ops.h                   |   3 +-
 app/test-crypto-perf/cperf_options.h               |   6 +-
 app/test-crypto-perf/cperf_options_parsing.c       |  13 ++-
 app/test-crypto-perf/cperf_test_latency.c          |   7 +-
 app/test-crypto-perf/cperf_test_throughput.c       |   6 +-
 app/test-crypto-perf/cperf_test_vector_parsing.c   |   6 +-
 app/test-crypto-perf/cperf_test_vectors.c          |   6 +-
 app/test-crypto-perf/cperf_test_verify.c           |   6 +-
 app/test-crypto-perf/main.c                        |   9 +-
 doc/guides/tools/cryptoperf.rst                    |   8 +-
 drivers/crypto/aesni_gcm/aesni_gcm_pmd.c           |  25 ++--
 drivers/crypto/aesni_gcm/aesni_gcm_pmd_ops.c       |  12 +-
 drivers/crypto/aesni_gcm/aesni_gcm_pmd_private.h   |   5 +
 drivers/crypto/aesni_mb/rte_aesni_mb_pmd.c         |   8 +-
 drivers/crypto/aesni_mb/rte_aesni_mb_pmd_ops.c     |  37 +++---
 drivers/crypto/aesni_mb/rte_aesni_mb_pmd_private.h |   5 +
 drivers/crypto/armv8/rte_armv8_pmd.c               |  12 +-
 drivers/crypto/armv8/rte_armv8_pmd_ops.c           |  12 +-
 drivers/crypto/armv8/rte_armv8_pmd_private.h       |   8 +-
 drivers/crypto/dpaa2_sec/dpaa2_sec_dpseci.c        |  31 ++---
 drivers/crypto/dpaa2_sec/dpaa2_sec_priv.h          |  30 +++--
 drivers/crypto/kasumi/rte_kasumi_pmd.c             |  25 ++--
 drivers/crypto/kasumi/rte_kasumi_pmd_ops.c         |  11 +-
 drivers/crypto/kasumi/rte_kasumi_pmd_private.h     |   1 +
 drivers/crypto/null/null_crypto_pmd_ops.c          |   7 +-
 drivers/crypto/openssl/rte_openssl_pmd.c           |  14 ++-
 drivers/crypto/openssl/rte_openssl_pmd_ops.c       |  74 +++++++-----
 drivers/crypto/openssl/rte_openssl_pmd_private.h   |   5 +
 drivers/crypto/qat/qat_adf/qat_algs.h              |   4 +
 drivers/crypto/qat/qat_crypto.c                    |  22 ++--
 drivers/crypto/qat/qat_crypto_capabilities.h       | 129 +++++++++++----------
 drivers/crypto/snow3g/rte_snow3g_pmd.c             |  25 ++--
 drivers/crypto/snow3g/rte_snow3g_pmd_ops.c         |  11 +-
 drivers/crypto/snow3g/rte_snow3g_pmd_private.h     |   1 +
 drivers/crypto/zuc/rte_zuc_pmd.c                   |  16 +--
 drivers/crypto/zuc/rte_zuc_pmd_ops.c               |  11 +-
 drivers/crypto/zuc/rte_zuc_pmd_private.h           |   1 +
 lib/librte_cryptodev/rte_crypto_sym.h              |  98 ++++++++--------
 lib/librte_cryptodev/rte_cryptodev.c               |   8 +-
 lib/librte_cryptodev/rte_cryptodev.h               |  10 +-
 41 files changed, 436 insertions(+), 325 deletions(-)

diff --git a/app/test-crypto-perf/cperf_ops.c b/app/test-crypto-perf/cperf_ops.c
index 4846b68..9a997a4 100644
--- a/app/test-crypto-perf/cperf_ops.c
+++ b/app/test-crypto-perf/cperf_ops.c
@@ -105,13 +105,11 @@ cperf_set_ops_cipher(struct rte_crypto_op **ops,
 		sym_op->m_src = bufs_in[i];
 		sym_op->m_dst = bufs_out[i];
 
-		/* cipher parameters */
-		sym_op->cipher.iv.offset = iv_offset;
-		sym_op->cipher.iv.length = test_vector->iv.length;
 		memcpy(rte_crypto_op_ctod_offset(ops[i], uint8_t *, iv_offset),
 				test_vector->iv.data,
 				test_vector->iv.length);
 
+		/* cipher parameters */
 		if (options->cipher_algo == RTE_CRYPTO_CIPHER_SNOW3G_UEA2 ||
 				options->cipher_algo == RTE_CRYPTO_CIPHER_KASUMI_F8 ||
 				options->cipher_algo == RTE_CRYPTO_CIPHER_ZUC_EEA3)
@@ -131,7 +129,7 @@ cperf_set_ops_auth(struct rte_crypto_op **ops,
 		uint16_t nb_ops, struct rte_cryptodev_sym_session *sess,
 		const struct cperf_options *options,
 		const struct cperf_test_vector *test_vector,
-		uint16_t iv_offset __rte_unused)
+		uint16_t iv_offset)
 {
 	uint16_t i;
 
@@ -143,6 +141,10 @@ cperf_set_ops_auth(struct rte_crypto_op **ops,
 		sym_op->m_src = bufs_in[i];
 		sym_op->m_dst = bufs_out[i];
 
+		memcpy(rte_crypto_op_ctod_offset(ops[i], uint8_t *, iv_offset),
+				test_vector->iv.data,
+				test_vector->iv.length);
+
 		/* authentication parameters */
 		if (options->auth_op == RTE_CRYPTO_AUTH_OP_VERIFY) {
 			sym_op->auth.digest.data = test_vector->digest.data;
@@ -207,13 +209,11 @@ cperf_set_ops_cipher_auth(struct rte_crypto_op **ops,
 		sym_op->m_src = bufs_in[i];
 		sym_op->m_dst = bufs_out[i];
 
-		/* cipher parameters */
-		sym_op->cipher.iv.offset = iv_offset;
-		sym_op->cipher.iv.length = test_vector->iv.length;
 		memcpy(rte_crypto_op_ctod_offset(ops[i], uint8_t *, iv_offset),
 				test_vector->iv.data,
 				test_vector->iv.length);
 
+		/* cipher parameters */
 		if (options->cipher_algo == RTE_CRYPTO_CIPHER_SNOW3G_UEA2 ||
 				options->cipher_algo == RTE_CRYPTO_CIPHER_KASUMI_F8 ||
 				options->cipher_algo == RTE_CRYPTO_CIPHER_ZUC_EEA3)
@@ -286,13 +286,11 @@ cperf_set_ops_aead(struct rte_crypto_op **ops,
 		sym_op->m_src = bufs_in[i];
 		sym_op->m_dst = bufs_out[i];
 
-		/* cipher parameters */
-		sym_op->cipher.iv.offset = iv_offset;
-		sym_op->cipher.iv.length = test_vector->iv.length;
 		memcpy(rte_crypto_op_ctod_offset(ops[i], uint8_t *, iv_offset),
 				test_vector->iv.data,
 				test_vector->iv.length);
 
+		/* cipher parameters */
 		sym_op->cipher.data.length = options->test_buffer_size;
 		sym_op->cipher.data.offset =
 				RTE_ALIGN_CEIL(options->auth_aad_sz, 16);
@@ -341,7 +339,8 @@ cperf_set_ops_aead(struct rte_crypto_op **ops,
 static struct rte_cryptodev_sym_session *
 cperf_create_session(uint8_t dev_id,
 	const struct cperf_options *options,
-	const struct cperf_test_vector *test_vector)
+	const struct cperf_test_vector *test_vector,
+	uint16_t iv_offset)
 {
 	struct rte_crypto_sym_xform cipher_xform;
 	struct rte_crypto_sym_xform auth_xform;
@@ -355,6 +354,7 @@ cperf_create_session(uint8_t dev_id,
 		cipher_xform.next = NULL;
 		cipher_xform.cipher.algo = options->cipher_algo;
 		cipher_xform.cipher.op = options->cipher_op;
+		cipher_xform.iv.offset = iv_offset;
 
 		/* cipher different than null */
 		if (options->cipher_algo != RTE_CRYPTO_CIPHER_NULL) {
@@ -362,9 +362,12 @@ cperf_create_session(uint8_t dev_id,
 					test_vector->cipher_key.data;
 			cipher_xform.cipher.key.length =
 					test_vector->cipher_key.length;
+			cipher_xform.iv.length = test_vector->iv.length;
+
 		} else {
 			cipher_xform.cipher.key.data = NULL;
 			cipher_xform.cipher.key.length = 0;
+			cipher_xform.iv.length = 0;
 		}
 		/* create crypto session */
 		sess = rte_cryptodev_sym_session_create(dev_id,	&cipher_xform);
@@ -376,6 +379,7 @@ cperf_create_session(uint8_t dev_id,
 		auth_xform.next = NULL;
 		auth_xform.auth.algo = options->auth_algo;
 		auth_xform.auth.op = options->auth_op;
+		auth_xform.iv.offset = iv_offset;
 
 		/* auth different than null */
 		if (options->auth_algo != RTE_CRYPTO_AUTH_NULL) {
@@ -384,6 +388,7 @@ cperf_create_session(uint8_t dev_id,
 			auth_xform.auth.key.length =
 					test_vector->auth_key.length;
 			auth_xform.auth.key.data = test_vector->auth_key.data;
+			auth_xform.iv.length = test_vector->iv.length;
 		} else {
 			auth_xform.auth.digest_length = 0;
 			auth_xform.auth.key.length = 0;
@@ -405,6 +410,7 @@ cperf_create_session(uint8_t dev_id,
 		cipher_xform.next = NULL;
 		cipher_xform.cipher.algo = options->cipher_algo;
 		cipher_xform.cipher.op = options->cipher_op;
+		cipher_xform.iv.offset = iv_offset;
 
 		/* cipher different than null */
 		if (options->cipher_algo != RTE_CRYPTO_CIPHER_NULL) {
@@ -412,9 +418,11 @@ cperf_create_session(uint8_t dev_id,
 					test_vector->cipher_key.data;
 			cipher_xform.cipher.key.length =
 					test_vector->cipher_key.length;
+			cipher_xform.iv.length = test_vector->iv.length;
 		} else {
 			cipher_xform.cipher.key.data = NULL;
 			cipher_xform.cipher.key.length = 0;
+			cipher_xform.iv.length = 0;
 		}
 
 		/*
@@ -424,10 +432,12 @@ cperf_create_session(uint8_t dev_id,
 		auth_xform.next = NULL;
 		auth_xform.auth.algo = options->auth_algo;
 		auth_xform.auth.op = options->auth_op;
+		auth_xform.iv.offset = iv_offset;
 
 		/* auth different than null */
 		if (options->auth_algo != RTE_CRYPTO_AUTH_NULL) {
 			auth_xform.auth.digest_length = options->auth_digest_sz;
+			auth_xform.iv.length = test_vector->iv.length;
 			/* auth options for aes gcm */
 			if (options->cipher_algo == RTE_CRYPTO_CIPHER_AES_GCM &&
 				options->auth_algo == RTE_CRYPTO_AUTH_AES_GCM) {
@@ -443,6 +453,7 @@ cperf_create_session(uint8_t dev_id,
 			auth_xform.auth.digest_length = 0;
 			auth_xform.auth.key.length = 0;
 			auth_xform.auth.key.data = NULL;
+			auth_xform.iv.length = 0;
 		}
 
 		/* create crypto session for aes gcm */
diff --git a/app/test-crypto-perf/cperf_ops.h b/app/test-crypto-perf/cperf_ops.h
index f7b431c..bb83cd5 100644
--- a/app/test-crypto-perf/cperf_ops.h
+++ b/app/test-crypto-perf/cperf_ops.h
@@ -42,7 +42,8 @@
 
 typedef struct rte_cryptodev_sym_session *(*cperf_sessions_create_t)(
 		uint8_t dev_id, const struct cperf_options *options,
-		const struct cperf_test_vector *test_vector);
+		const struct cperf_test_vector *test_vector,
+		uint16_t iv_offset);
 
 typedef int (*cperf_populate_ops_t)(struct rte_crypto_op **ops,
 		struct rte_mbuf **bufs_in, struct rte_mbuf **bufs_out,
diff --git a/app/test-crypto-perf/cperf_options.h b/app/test-crypto-perf/cperf_options.h
index b928c58..43b3482 100644
--- a/app/test-crypto-perf/cperf_options.h
+++ b/app/test-crypto-perf/cperf_options.h
@@ -20,10 +20,11 @@
 #define CPERF_TEST_FILE		("test-file")
 #define CPERF_TEST_NAME		("test-name")
 
+#define CPERF_IV_SZ		("iv-sz")
+
 #define CPERF_CIPHER_ALGO	("cipher-algo")
 #define CPERF_CIPHER_OP		("cipher-op")
 #define CPERF_CIPHER_KEY_SZ	("cipher-key-sz")
-#define CPERF_CIPHER_IV_SZ	("cipher-iv-sz")
 
 #define CPERF_AUTH_ALGO		("auth-algo")
 #define CPERF_AUTH_OP		("auth-op")
@@ -66,11 +67,12 @@ struct cperf_options {
 	uint32_t silent:1;
 	uint32_t csv:1;
 
+	uint16_t iv_sz;
+
 	enum rte_crypto_cipher_algorithm cipher_algo;
 	enum rte_crypto_cipher_operation cipher_op;
 
 	uint16_t cipher_key_sz;
-	uint16_t cipher_iv_sz;
 
 	enum rte_crypto_auth_algorithm auth_algo;
 	enum rte_crypto_auth_operation auth_op;
diff --git a/app/test-crypto-perf/cperf_options_parsing.c b/app/test-crypto-perf/cperf_options_parsing.c
index d172671..f808103 100644
--- a/app/test-crypto-perf/cperf_options_parsing.c
+++ b/app/test-crypto-perf/cperf_options_parsing.c
@@ -488,9 +488,9 @@ parse_cipher_key_sz(struct cperf_options *opts, const char *arg)
 }
 
 static int
-parse_cipher_iv_sz(struct cperf_options *opts, const char *arg)
+parse_iv_sz(struct cperf_options *opts, const char *arg)
 {
-	return parse_uint16_t(&opts->cipher_iv_sz, arg);
+	return parse_uint16_t(&opts->iv_sz, arg);
 }
 
 static int
@@ -594,7 +594,7 @@ static struct option lgopts[] = {
 	{ CPERF_CIPHER_OP, required_argument, 0, 0 },
 
 	{ CPERF_CIPHER_KEY_SZ, required_argument, 0, 0 },
-	{ CPERF_CIPHER_IV_SZ, required_argument, 0, 0 },
+	{ CPERF_IV_SZ, required_argument, 0, 0 },
 
 	{ CPERF_AUTH_ALGO, required_argument, 0, 0 },
 	{ CPERF_AUTH_OP, required_argument, 0, 0 },
@@ -644,7 +644,7 @@ cperf_options_default(struct cperf_options *opts)
 	opts->cipher_algo = RTE_CRYPTO_CIPHER_AES_CBC;
 	opts->cipher_op = RTE_CRYPTO_CIPHER_OP_ENCRYPT;
 	opts->cipher_key_sz = 16;
-	opts->cipher_iv_sz = 16;
+	opts->iv_sz = 16;
 
 	opts->auth_algo = RTE_CRYPTO_AUTH_SHA1_HMAC;
 	opts->auth_op = RTE_CRYPTO_AUTH_OP_GENERATE;
@@ -674,7 +674,7 @@ cperf_opts_parse_long(int opt_idx, struct cperf_options *opts)
 		{ CPERF_CIPHER_ALGO,	parse_cipher_algo },
 		{ CPERF_CIPHER_OP,	parse_cipher_op },
 		{ CPERF_CIPHER_KEY_SZ,	parse_cipher_key_sz },
-		{ CPERF_CIPHER_IV_SZ,	parse_cipher_iv_sz },
+		{ CPERF_IV_SZ,	parse_iv_sz },
 		{ CPERF_AUTH_ALGO,	parse_auth_algo },
 		{ CPERF_AUTH_OP,	parse_auth_op },
 		{ CPERF_AUTH_KEY_SZ,	parse_auth_key_sz },
@@ -904,6 +904,8 @@ cperf_options_dump(struct cperf_options *opts)
 	printf("# out of place: %s\n", opts->out_of_place ? "yes" : "no");
 
 	printf("#\n");
+	printf("# iv size: %u\n", opts->iv_sz);
+	printf("#\n");
 
 	if (opts->op_type == CPERF_AUTH_ONLY ||
 			opts->op_type == CPERF_CIPHER_THEN_AUTH ||
@@ -928,7 +930,6 @@ cperf_options_dump(struct cperf_options *opts)
 		printf("# cipher operation: %s\n",
 			rte_crypto_cipher_operation_strings[opts->cipher_op]);
 		printf("# cipher key size: %u\n", opts->cipher_key_sz);
-		printf("# cipher iv size: %u\n", opts->cipher_iv_sz);
 		printf("#\n");
 	}
 }
diff --git a/app/test-crypto-perf/cperf_test_latency.c b/app/test-crypto-perf/cperf_test_latency.c
index 780eef0..40a5b27 100644
--- a/app/test-crypto-perf/cperf_test_latency.c
+++ b/app/test-crypto-perf/cperf_test_latency.c
@@ -212,7 +212,12 @@ cperf_latency_test_constructor(uint8_t dev_id, uint16_t qp_id,
 	ctx->options = options;
 	ctx->test_vector = test_vector;
 
-	ctx->sess = op_fns->sess_create(dev_id, options, test_vector);
+	/* IV goes at the end of the crypto operation */
+	uint16_t iv_offset = sizeof(struct rte_crypto_op) +
+		sizeof(struct rte_crypto_sym_op) +
+		sizeof(struct cperf_op_result *);
+
+	ctx->sess = op_fns->sess_create(dev_id, options, test_vector, iv_offset);
 	if (ctx->sess == NULL)
 		goto err;
 
diff --git a/app/test-crypto-perf/cperf_test_throughput.c b/app/test-crypto-perf/cperf_test_throughput.c
index 144b550..379f64d 100644
--- a/app/test-crypto-perf/cperf_test_throughput.c
+++ b/app/test-crypto-perf/cperf_test_throughput.c
@@ -195,7 +195,11 @@ cperf_throughput_test_constructor(uint8_t dev_id, uint16_t qp_id,
 	ctx->options = options;
 	ctx->test_vector = test_vector;
 
-	ctx->sess = op_fns->sess_create(dev_id, options, test_vector);
+	/* IV goes at the end of the cryptop operation */
+	uint16_t iv_offset = sizeof(struct rte_crypto_op) +
+		sizeof(struct rte_crypto_sym_op);
+
+	ctx->sess = op_fns->sess_create(dev_id, options, test_vector, iv_offset);
 	if (ctx->sess == NULL)
 		goto err;
 
diff --git a/app/test-crypto-perf/cperf_test_vector_parsing.c b/app/test-crypto-perf/cperf_test_vector_parsing.c
index 62d0c91..7c751ea 100644
--- a/app/test-crypto-perf/cperf_test_vector_parsing.c
+++ b/app/test-crypto-perf/cperf_test_vector_parsing.c
@@ -306,12 +306,12 @@ parse_entry(char *entry, struct cperf_test_vector *vector,
 		if (tc_found)
 			vector->iv.length = data_length;
 		else {
-			if (opts->cipher_iv_sz > data_length) {
+			if (opts->iv_sz > data_length) {
 				printf("Global iv shorter than "
-					"cipher_iv_sz\n");
+					"iv_sz\n");
 				return -1;
 			}
-			vector->iv.length = opts->cipher_iv_sz;
+			vector->iv.length = opts->iv_sz;
 		}
 
 	} else if (strstr(key_token, "ciphertext")) {
diff --git a/app/test-crypto-perf/cperf_test_vectors.c b/app/test-crypto-perf/cperf_test_vectors.c
index 36b3f6f..d995b3e 100644
--- a/app/test-crypto-perf/cperf_test_vectors.c
+++ b/app/test-crypto-perf/cperf_test_vectors.c
@@ -414,16 +414,16 @@ cperf_test_vector_get_dummy(struct cperf_options *options)
 			t_vec->cipher_key.length = options->cipher_key_sz;
 			t_vec->ciphertext.data = ciphertext;
 			t_vec->cipher_key.data = cipher_key;
-			t_vec->iv.data = rte_malloc(NULL, options->cipher_iv_sz,
+			t_vec->iv.data = rte_malloc(NULL, options->iv_sz,
 					16);
 			if (t_vec->iv.data == NULL) {
 				rte_free(t_vec);
 				return NULL;
 			}
-			memcpy(t_vec->iv.data, iv, options->cipher_iv_sz);
+			memcpy(t_vec->iv.data, iv, options->iv_sz);
 		}
 		t_vec->ciphertext.length = options->max_buffer_size;
-		t_vec->iv.length = options->cipher_iv_sz;
+		t_vec->iv.length = options->iv_sz;
 		t_vec->data.cipher_offset = 0;
 		t_vec->data.cipher_length = options->max_buffer_size;
 	}
diff --git a/app/test-crypto-perf/cperf_test_verify.c b/app/test-crypto-perf/cperf_test_verify.c
index a599d91..68e6a94 100644
--- a/app/test-crypto-perf/cperf_test_verify.c
+++ b/app/test-crypto-perf/cperf_test_verify.c
@@ -199,7 +199,11 @@ cperf_verify_test_constructor(uint8_t dev_id, uint16_t qp_id,
 	ctx->options = options;
 	ctx->test_vector = test_vector;
 
-	ctx->sess = op_fns->sess_create(dev_id, options, test_vector);
+	/* IV goes at the end of the cryptop operation */
+	uint16_t iv_offset = sizeof(struct rte_crypto_op) +
+		sizeof(struct rte_crypto_sym_op);
+
+	ctx->sess = op_fns->sess_create(dev_id, options, test_vector, iv_offset);
 	if (ctx->sess == NULL)
 		goto err;
 
diff --git a/app/test-crypto-perf/main.c b/app/test-crypto-perf/main.c
index 9ec2a4b..fb31f5f 100644
--- a/app/test-crypto-perf/main.c
+++ b/app/test-crypto-perf/main.c
@@ -138,7 +138,8 @@ cperf_verify_devices_capabilities(struct cperf_options *opts,
 					capability,
 					opts->auth_key_sz,
 					opts->auth_digest_sz,
-					opts->auth_aad_sz);
+					opts->auth_aad_sz,
+					opts->iv_sz);
 			if (ret != 0)
 				return ret;
 		}
@@ -159,7 +160,7 @@ cperf_verify_devices_capabilities(struct cperf_options *opts,
 			ret = rte_cryptodev_sym_capability_check_cipher(
 					capability,
 					opts->cipher_key_sz,
-					opts->cipher_iv_sz);
+					opts->iv_sz);
 			if (ret != 0)
 				return ret;
 		}
@@ -187,7 +188,7 @@ cperf_check_test_vector(struct cperf_options *opts,
 				return -1;
 			if (test_vec->iv.data == NULL)
 				return -1;
-			if (test_vec->iv.length != opts->cipher_iv_sz)
+			if (test_vec->iv.length != opts->iv_sz)
 				return -1;
 			if (test_vec->cipher_key.data == NULL)
 				return -1;
@@ -228,7 +229,7 @@ cperf_check_test_vector(struct cperf_options *opts,
 				return -1;
 			if (test_vec->iv.data == NULL)
 				return -1;
-			if (test_vec->iv.length != opts->cipher_iv_sz)
+			if (test_vec->iv.length != opts->iv_sz)
 				return -1;
 			if (test_vec->cipher_key.data == NULL)
 				return -1;
diff --git a/doc/guides/tools/cryptoperf.rst b/doc/guides/tools/cryptoperf.rst
index 2d225d5..842f51e 100644
--- a/doc/guides/tools/cryptoperf.rst
+++ b/doc/guides/tools/cryptoperf.rst
@@ -246,9 +246,9 @@ The following are the appication command-line options:
 
         Set the size of cipher key.
 
-* ``--cipher-iv-sz <n>``
+* ``--iv-sz <n>``
 
-        Set the size of cipher iv.
+        Set the size of iv.
 
 * ``--auth-algo <name>``
 
@@ -375,7 +375,7 @@ on two cores for cipher encryption aes-cbc, ten operations in silent mode::
 
    dpdk-test-crypto-perf -l 4-7 --vdev crypto_aesni_mb_pmd1
    --vdev crypto_aesni_mb_pmd2 -w 0000:00:00.0 -- --devtype crypto_aesni_mb
-   --cipher-algo aes-cbc --cipher-key-sz 16 --cipher-iv-sz 16
+   --cipher-algo aes-cbc --cipher-key-sz 16 --iv-sz 16
    --cipher-op encrypt --optype cipher-only --silent
    --ptest latency --total-ops 10
 
@@ -386,7 +386,7 @@ with packet verification::
 
    dpdk-test-crypto-perf -l 4-7 --vdev crypto_openssl -w 0000:00:00.0 --
    --devtype crypto_openssl --cipher-algo aes-gcm --cipher-key-sz 16
-   --cipher-iv-sz 16 --cipher-op encrypt --auth-algo aes-gcm --auth-key-sz 16
+   --iv-sz 16 --cipher-op encrypt --auth-algo aes-gcm --auth-key-sz 16
    --auth-digest-sz 16 --auth-aad-sz 16 --auth-op generate --optype aead
    --silent --ptest verify --total-ops 10
    --test-file test_aes_gcm.data
diff --git a/drivers/crypto/aesni_gcm/aesni_gcm_pmd.c b/drivers/crypto/aesni_gcm/aesni_gcm_pmd.c
index 573e071..e7eb1f5 100644
--- a/drivers/crypto/aesni_gcm/aesni_gcm_pmd.c
+++ b/drivers/crypto/aesni_gcm/aesni_gcm_pmd.c
@@ -104,6 +104,10 @@ aesni_gcm_set_session_parameters(struct aesni_gcm_session *sess,
 		return -EINVAL;
 	}
 
+	/* Set IV parameters */
+	sess->iv.offset = xform->iv.offset;
+	sess->iv.length = xform->iv.length;
+
 	/* Select Crypto operation */
 	if (cipher_xform->cipher.op == RTE_CRYPTO_CIPHER_OP_ENCRYPT &&
 			auth_xform->auth.op == RTE_CRYPTO_AUTH_OP_GENERATE)
@@ -136,6 +140,16 @@ aesni_gcm_set_session_parameters(struct aesni_gcm_session *sess,
 		return -EINVAL;
 	}
 
+	/* IV check */
+	if (xform->iv.length != 16 && xform->iv.length != 12 &&
+			xform->iv.length != 0) {
+		GCM_LOG_ERR("iv");
+		return -EINVAL;
+	}
+
+	sess->iv.length = xform->iv.length;
+	sess->iv.offset = xform->iv.offset;
+
 	/* Digest check */
 	if (digest_length != 16 &&
 			digest_length != 12 &&
@@ -232,20 +246,13 @@ process_gcm_crypto_op(struct rte_crypto_op *op,
 
 	src = rte_pktmbuf_mtod_offset(m_src, uint8_t *, offset);
 
-	/* sanity checks */
-	if (sym_op->cipher.iv.length != 16 && sym_op->cipher.iv.length != 12 &&
-			sym_op->cipher.iv.length != 0) {
-		GCM_LOG_ERR("iv");
-		return -1;
-	}
-
 	IV_ptr = rte_crypto_op_ctod_offset(op, uint8_t *,
-				sym_op->cipher.iv.offset);
+				session->iv.offset);
 	/*
 	 * GCM working in 12B IV mode => 16B pre-counter block we need
 	 * to set BE LSB to 1, driver expects that 16B is allocated
 	 */
-	if (sym_op->cipher.iv.length == 12) {
+	if (session->iv.length == 12) {
 		uint32_t *iv_padd = (uint32_t *)&(IV_ptr[12]);
 		*iv_padd = rte_bswap32(1);
 	}
diff --git a/drivers/crypto/aesni_gcm/aesni_gcm_pmd_ops.c b/drivers/crypto/aesni_gcm/aesni_gcm_pmd_ops.c
index 7b68a20..6dd22e5 100644
--- a/drivers/crypto/aesni_gcm/aesni_gcm_pmd_ops.c
+++ b/drivers/crypto/aesni_gcm/aesni_gcm_pmd_ops.c
@@ -43,6 +43,7 @@ static const struct rte_cryptodev_capabilities aesni_gcm_pmd_capabilities[] = {
 		.op = RTE_CRYPTO_OP_TYPE_SYMMETRIC,
 		{.sym = {
 			.xform_type = RTE_CRYPTO_SYM_XFORM_AUTH,
+			.iv_size = { 0 },
 			{.auth = {
 				.algo = RTE_CRYPTO_AUTH_AES_GMAC,
 				.block_size = 16,
@@ -68,6 +69,7 @@ static const struct rte_cryptodev_capabilities aesni_gcm_pmd_capabilities[] = {
 		.op = RTE_CRYPTO_OP_TYPE_SYMMETRIC,
 		{.sym = {
 			.xform_type = RTE_CRYPTO_SYM_XFORM_AUTH,
+			.iv_size = { 0 },
 			{.auth = {
 				.algo = RTE_CRYPTO_AUTH_AES_GCM,
 				.block_size = 16,
@@ -93,6 +95,11 @@ static const struct rte_cryptodev_capabilities aesni_gcm_pmd_capabilities[] = {
 		.op = RTE_CRYPTO_OP_TYPE_SYMMETRIC,
 		{.sym = {
 			.xform_type = RTE_CRYPTO_SYM_XFORM_CIPHER,
+			.iv_size = {
+				.min = 12,
+				.max = 12,
+				.increment = 0
+			},
 			{.cipher = {
 				.algo = RTE_CRYPTO_CIPHER_AES_GCM,
 				.block_size = 16,
@@ -100,11 +107,6 @@ static const struct rte_cryptodev_capabilities aesni_gcm_pmd_capabilities[] = {
 					.min = 16,
 					.max = 32,
 					.increment = 16
-				},
-				.iv_size = {
-					.min = 12,
-					.max = 12,
-					.increment = 0
 				}
 			}, }
 		}, }
diff --git a/drivers/crypto/aesni_gcm/aesni_gcm_pmd_private.h b/drivers/crypto/aesni_gcm/aesni_gcm_pmd_private.h
index b27ad40..50dea82 100644
--- a/drivers/crypto/aesni_gcm/aesni_gcm_pmd_private.h
+++ b/drivers/crypto/aesni_gcm/aesni_gcm_pmd_private.h
@@ -90,6 +90,11 @@ enum aesni_gcm_key {
 
 /** AESNI GCM private session structure */
 struct aesni_gcm_session {
+	struct {
+		uint16_t length;
+		uint16_t offset;
+	} iv;
+	/**< IV parameters */
 	uint16_t digest_length;
 	/**< Digest length */
 	enum aesni_gcm_operation op;
diff --git a/drivers/crypto/aesni_mb/rte_aesni_mb_pmd.c b/drivers/crypto/aesni_mb/rte_aesni_mb_pmd.c
index 284e111..8e9f188 100644
--- a/drivers/crypto/aesni_mb/rte_aesni_mb_pmd.c
+++ b/drivers/crypto/aesni_mb/rte_aesni_mb_pmd.c
@@ -299,6 +299,10 @@ aesni_mb_set_session_parameters(const struct aesni_mb_op_fns *mb_ops,
 		return -1;
 	}
 
+	/* Set IV parameters */
+	sess->iv.offset = xform->iv.offset;
+	sess->iv.length = xform->iv.length;
+
 	if (aesni_mb_set_session_auth_parameters(mb_ops, sess, auth_xform)) {
 		MB_LOG_ERR("Invalid/unsupported authentication parameters");
 		return -1;
@@ -471,8 +475,8 @@ set_mb_job_params(JOB_AES_HMAC *job, struct aesni_mb_qp *qp,
 
 	/* Set IV parameters */
 	job->iv = rte_crypto_op_ctod_offset(op, uint8_t *,
-			op->sym->cipher.iv.offset);
-	job->iv_len_in_bytes = op->sym->cipher.iv.length;
+			session->iv.offset);
+	job->iv_len_in_bytes = session->iv.length;
 
 	/* Data  Parameter */
 	job->src = rte_pktmbuf_mtod(m_src, uint8_t *);
diff --git a/drivers/crypto/aesni_mb/rte_aesni_mb_pmd_ops.c b/drivers/crypto/aesni_mb/rte_aesni_mb_pmd_ops.c
index d1bc28e..936ae7c 100644
--- a/drivers/crypto/aesni_mb/rte_aesni_mb_pmd_ops.c
+++ b/drivers/crypto/aesni_mb/rte_aesni_mb_pmd_ops.c
@@ -44,6 +44,7 @@ static const struct rte_cryptodev_capabilities aesni_mb_pmd_capabilities[] = {
 		.op = RTE_CRYPTO_OP_TYPE_SYMMETRIC,
 		{.sym = {
 			.xform_type = RTE_CRYPTO_SYM_XFORM_AUTH,
+			.iv_size = { 0 },
 			{.auth = {
 				.algo = RTE_CRYPTO_AUTH_MD5_HMAC,
 				.block_size = 64,
@@ -65,6 +66,7 @@ static const struct rte_cryptodev_capabilities aesni_mb_pmd_capabilities[] = {
 		.op = RTE_CRYPTO_OP_TYPE_SYMMETRIC,
 		{.sym = {
 			.xform_type = RTE_CRYPTO_SYM_XFORM_AUTH,
+			.iv_size = { 0 },
 			{.auth = {
 				.algo = RTE_CRYPTO_AUTH_SHA1_HMAC,
 				.block_size = 64,
@@ -86,6 +88,7 @@ static const struct rte_cryptodev_capabilities aesni_mb_pmd_capabilities[] = {
 		.op = RTE_CRYPTO_OP_TYPE_SYMMETRIC,
 		{.sym = {
 			.xform_type = RTE_CRYPTO_SYM_XFORM_AUTH,
+			.iv_size = { 0 },
 			{.auth = {
 				.algo = RTE_CRYPTO_AUTH_SHA224_HMAC,
 				.block_size = 64,
@@ -107,6 +110,7 @@ static const struct rte_cryptodev_capabilities aesni_mb_pmd_capabilities[] = {
 		.op = RTE_CRYPTO_OP_TYPE_SYMMETRIC,
 		{.sym = {
 			.xform_type = RTE_CRYPTO_SYM_XFORM_AUTH,
+			.iv_size = { 0 },
 			{.auth = {
 				.algo = RTE_CRYPTO_AUTH_SHA256_HMAC,
 				.block_size = 64,
@@ -128,6 +132,7 @@ static const struct rte_cryptodev_capabilities aesni_mb_pmd_capabilities[] = {
 		.op = RTE_CRYPTO_OP_TYPE_SYMMETRIC,
 		{.sym = {
 			.xform_type = RTE_CRYPTO_SYM_XFORM_AUTH,
+			.iv_size = { 0 },
 			{.auth = {
 				.algo = RTE_CRYPTO_AUTH_SHA384_HMAC,
 				.block_size = 128,
@@ -149,6 +154,7 @@ static const struct rte_cryptodev_capabilities aesni_mb_pmd_capabilities[] = {
 		.op = RTE_CRYPTO_OP_TYPE_SYMMETRIC,
 		{.sym = {
 			.xform_type = RTE_CRYPTO_SYM_XFORM_AUTH,
+			.iv_size = { 0 },
 			{.auth = {
 				.algo = RTE_CRYPTO_AUTH_SHA512_HMAC,
 				.block_size = 128,
@@ -170,6 +176,7 @@ static const struct rte_cryptodev_capabilities aesni_mb_pmd_capabilities[] = {
 		.op = RTE_CRYPTO_OP_TYPE_SYMMETRIC,
 		{.sym = {
 			.xform_type = RTE_CRYPTO_SYM_XFORM_AUTH,
+			.iv_size = { 0 },
 			{.auth = {
 				.algo = RTE_CRYPTO_AUTH_AES_XCBC_MAC,
 				.block_size = 16,
@@ -191,6 +198,11 @@ static const struct rte_cryptodev_capabilities aesni_mb_pmd_capabilities[] = {
 		.op = RTE_CRYPTO_OP_TYPE_SYMMETRIC,
 		{.sym = {
 			.xform_type = RTE_CRYPTO_SYM_XFORM_CIPHER,
+			.iv_size = {
+				.min = 16,
+				.max = 16,
+				.increment = 0
+			},
 			{.cipher = {
 				.algo = RTE_CRYPTO_CIPHER_AES_CBC,
 				.block_size = 16,
@@ -199,11 +211,6 @@ static const struct rte_cryptodev_capabilities aesni_mb_pmd_capabilities[] = {
 					.max = 32,
 					.increment = 8
 				},
-				.iv_size = {
-					.min = 16,
-					.max = 16,
-					.increment = 0
-				}
 			}, }
 		}, }
 	},
@@ -211,6 +218,11 @@ static const struct rte_cryptodev_capabilities aesni_mb_pmd_capabilities[] = {
 		.op = RTE_CRYPTO_OP_TYPE_SYMMETRIC,
 		{.sym = {
 			.xform_type = RTE_CRYPTO_SYM_XFORM_CIPHER,
+			.iv_size = {
+				.min = 16,
+				.max = 16,
+				.increment = 0
+			},
 			{.cipher = {
 				.algo = RTE_CRYPTO_CIPHER_AES_CTR,
 				.block_size = 16,
@@ -219,11 +231,6 @@ static const struct rte_cryptodev_capabilities aesni_mb_pmd_capabilities[] = {
 					.max = 32,
 					.increment = 8
 				},
-				.iv_size = {
-					.min = 16,
-					.max = 16,
-					.increment = 0
-				}
 			}, }
 		}, }
 	},
@@ -231,6 +238,11 @@ static const struct rte_cryptodev_capabilities aesni_mb_pmd_capabilities[] = {
 		.op = RTE_CRYPTO_OP_TYPE_SYMMETRIC,
 		{.sym = {
 			.xform_type = RTE_CRYPTO_SYM_XFORM_CIPHER,
+			.iv_size = {
+				.min = 16,
+				.max = 16,
+				.increment = 0
+			},
 			{.cipher = {
 				.algo = RTE_CRYPTO_CIPHER_AES_DOCSISBPI,
 				.block_size = 16,
@@ -239,11 +251,6 @@ static const struct rte_cryptodev_capabilities aesni_mb_pmd_capabilities[] = {
 					.max = 16,
 					.increment = 0
 				},
-				.iv_size = {
-					.min = 16,
-					.max = 16,
-					.increment = 0
-				}
 			}, }
 		}, }
 	},
diff --git a/drivers/crypto/aesni_mb/rte_aesni_mb_pmd_private.h b/drivers/crypto/aesni_mb/rte_aesni_mb_pmd_private.h
index 0d82699..5c50d37 100644
--- a/drivers/crypto/aesni_mb/rte_aesni_mb_pmd_private.h
+++ b/drivers/crypto/aesni_mb/rte_aesni_mb_pmd_private.h
@@ -167,6 +167,11 @@ struct aesni_mb_qp {
 /** AES-NI multi-buffer private session structure */
 struct aesni_mb_session {
 	JOB_CHAIN_ORDER chain_order;
+	struct {
+		uint16_t length;
+		uint16_t offset;
+	} iv;
+	/**< IV parameters */
 
 	/** Cipher Parameters */
 	struct {
diff --git a/drivers/crypto/armv8/rte_armv8_pmd.c b/drivers/crypto/armv8/rte_armv8_pmd.c
index 77d79df..afd3993 100644
--- a/drivers/crypto/armv8/rte_armv8_pmd.c
+++ b/drivers/crypto/armv8/rte_armv8_pmd.c
@@ -431,7 +431,7 @@ armv8_crypto_set_session_chained_parameters(struct armv8_crypto_session *sess,
 	case RTE_CRYPTO_CIPHER_AES_CBC:
 		sess->cipher.algo = calg;
 		/* IV len is always 16 bytes (block size) for AES CBC */
-		sess->cipher.iv_len = 16;
+		sess->iv.length = 16;
 		break;
 	default:
 		return -EINVAL;
@@ -525,6 +525,9 @@ armv8_crypto_set_session_parameters(struct armv8_crypto_session *sess,
 		return -EINVAL;
 	}
 
+	/* Set IV offset */
+	sess->iv.offset = xform->iv.offset;
+
 	if (is_chained_op) {
 		ret = armv8_crypto_set_session_chained_parameters(sess,
 						cipher_xform, auth_xform);
@@ -651,13 +654,8 @@ process_armv8_chained_op
 				sess->auth.digest_length);
 	}
 
-	if (unlikely(op->sym->cipher.iv.length != sess->cipher.iv_len)) {
-		op->status = RTE_CRYPTO_OP_STATUS_INVALID_ARGS;
-		return;
-	}
-
 	arg.cipher.iv = rte_crypto_op_ctod_offset(op, uint8_t *,
-					op->sym->cipher.iv.offset);
+					sess->iv.offset);
 	arg.cipher.key = sess->cipher.key.data;
 	/* Acquire combined mode function */
 	crypto_func = sess->crypto_func;
diff --git a/drivers/crypto/armv8/rte_armv8_pmd_ops.c b/drivers/crypto/armv8/rte_armv8_pmd_ops.c
index 4d9ccbf..7f60514 100644
--- a/drivers/crypto/armv8/rte_armv8_pmd_ops.c
+++ b/drivers/crypto/armv8/rte_armv8_pmd_ops.c
@@ -46,6 +46,7 @@ static const struct rte_cryptodev_capabilities
 		.op = RTE_CRYPTO_OP_TYPE_SYMMETRIC,
 			{.sym = {
 				.xform_type = RTE_CRYPTO_SYM_XFORM_AUTH,
+				.iv_size = { 0 },
 				{.auth = {
 					.algo = RTE_CRYPTO_AUTH_SHA1_HMAC,
 					.block_size = 64,
@@ -67,6 +68,7 @@ static const struct rte_cryptodev_capabilities
 		.op = RTE_CRYPTO_OP_TYPE_SYMMETRIC,
 			{.sym = {
 				.xform_type = RTE_CRYPTO_SYM_XFORM_AUTH,
+				.iv_size = { 0 },
 				{.auth = {
 					.algo = RTE_CRYPTO_AUTH_SHA256_HMAC,
 					.block_size = 64,
@@ -88,6 +90,11 @@ static const struct rte_cryptodev_capabilities
 		.op = RTE_CRYPTO_OP_TYPE_SYMMETRIC,
 			{.sym = {
 				.xform_type = RTE_CRYPTO_SYM_XFORM_CIPHER,
+				.iv_size = {
+					.min = 16,
+					.max = 16,
+					.increment = 0
+				},
 				{.cipher = {
 					.algo = RTE_CRYPTO_CIPHER_AES_CBC,
 					.block_size = 16,
@@ -96,11 +103,6 @@ static const struct rte_cryptodev_capabilities
 						.max = 16,
 						.increment = 0
 					},
-					.iv_size = {
-						.min = 16,
-						.max = 16,
-						.increment = 0
-					}
 				}, }
 			}, }
 	},
diff --git a/drivers/crypto/armv8/rte_armv8_pmd_private.h b/drivers/crypto/armv8/rte_armv8_pmd_private.h
index ccd5fdc..bcd931d 100644
--- a/drivers/crypto/armv8/rte_armv8_pmd_private.h
+++ b/drivers/crypto/armv8/rte_armv8_pmd_private.h
@@ -153,14 +153,16 @@ struct armv8_crypto_session {
 	crypto_func_t crypto_func;
 	/**< cryptographic function to use for this session */
 
-	/** Cipher Parameters */
+	struct {
+		uint16_t length;
+		uint16_t offset;
+	} iv;
+	/**< IV parameters */
 	struct {
 		enum rte_crypto_cipher_operation direction;
 		/**< cipher operation direction */
 		enum rte_crypto_cipher_algorithm algo;
 		/**< cipher algorithm */
-		int iv_len;
-		/**< IV length */
 
 		struct {
 			uint8_t data[256];
diff --git a/drivers/crypto/dpaa2_sec/dpaa2_sec_dpseci.c b/drivers/crypto/dpaa2_sec/dpaa2_sec_dpseci.c
index c192141..40b74e1 100644
--- a/drivers/crypto/dpaa2_sec/dpaa2_sec_dpseci.c
+++ b/drivers/crypto/dpaa2_sec/dpaa2_sec_dpseci.c
@@ -88,7 +88,7 @@ build_authenc_fd(dpaa2_sec_session *sess,
 	uint8_t *old_icv;
 	uint32_t mem_len = (7 * sizeof(struct qbman_fle)) + icv_len;
 	uint8_t *IV_ptr = rte_crypto_op_ctod_offset(op, uint8_t *,
-			op->sym->cipher.iv.offset);
+			sess->iv.offset);
 
 	PMD_INIT_FUNC_TRACE();
 
@@ -138,7 +138,7 @@ build_authenc_fd(dpaa2_sec_session *sess,
 		   sess->digest_length,
 		   sym_op->cipher.data.offset,
 		   sym_op->cipher.data.length,
-		   sym_op->cipher.iv.length,
+		   sess->iv.length,
 		   sym_op->m_src->data_off);
 
 	/* Configure Output FLE with Scatter/Gather Entry */
@@ -163,7 +163,7 @@ build_authenc_fd(dpaa2_sec_session *sess,
 				DPAA2_VADDR_TO_IOVA(sym_op->auth.digest.data));
 		sge->length = sess->digest_length;
 		DPAA2_SET_FD_LEN(fd, (sym_op->auth.data.length +
-					sym_op->cipher.iv.length));
+					sess->iv.length));
 	}
 	DPAA2_SET_FLE_FIN(sge);
 
@@ -175,13 +175,13 @@ build_authenc_fd(dpaa2_sec_session *sess,
 	DPAA2_SET_FLE_SG_EXT(fle);
 	DPAA2_SET_FLE_FIN(fle);
 	fle->length = (sess->dir == DIR_ENC) ?
-			(sym_op->auth.data.length + sym_op->cipher.iv.length) :
-			(sym_op->auth.data.length + sym_op->cipher.iv.length +
+			(sym_op->auth.data.length + sess->iv.length) :
+			(sym_op->auth.data.length + sess->iv.length +
 			 sess->digest_length);
 
 	/* Configure Input SGE for Encap/Decap */
 	DPAA2_SET_FLE_ADDR(sge, DPAA2_VADDR_TO_IOVA(IV_ptr));
-	sge->length = sym_op->cipher.iv.length;
+	sge->length = sess->iv.length;
 	sge++;
 
 	DPAA2_SET_FLE_ADDR(sge, DPAA2_MBUF_VADDR_TO_IOVA(sym_op->m_src));
@@ -198,7 +198,7 @@ build_authenc_fd(dpaa2_sec_session *sess,
 		sge->length = sess->digest_length;
 		DPAA2_SET_FD_LEN(fd, (sym_op->auth.data.length +
 				 sess->digest_length +
-				 sym_op->cipher.iv.length));
+				 sess->iv.length));
 	}
 	DPAA2_SET_FLE_FIN(sge);
 	if (auth_only_len) {
@@ -310,7 +310,7 @@ build_cipher_fd(dpaa2_sec_session *sess, struct rte_crypto_op *op,
 	struct sec_flow_context *flc;
 	struct ctxt_priv *priv = sess->ctxt;
 	uint8_t *IV_ptr = rte_crypto_op_ctod_offset(op, uint8_t *,
-			op->sym->cipher.iv.offset);
+			sess->iv.offset);
 
 	PMD_INIT_FUNC_TRACE();
 
@@ -347,21 +347,21 @@ build_cipher_fd(dpaa2_sec_session *sess, struct rte_crypto_op *op,
 	flc = &priv->flc_desc[0].flc;
 	DPAA2_SET_FD_ADDR(fd, DPAA2_VADDR_TO_IOVA(fle));
 	DPAA2_SET_FD_LEN(fd, sym_op->cipher.data.length +
-			 sym_op->cipher.iv.length);
+			 sess->iv.length);
 	DPAA2_SET_FD_COMPOUND_FMT(fd);
 	DPAA2_SET_FD_FLC(fd, DPAA2_VADDR_TO_IOVA(flc));
 
 	PMD_TX_LOG(DEBUG, "cipher_off: 0x%x/length %d,ivlen=%d data_off: 0x%x",
 		   sym_op->cipher.data.offset,
 		   sym_op->cipher.data.length,
-		   sym_op->cipher.iv.length,
+		   sess->iv.length,
 		   sym_op->m_src->data_off);
 
 	DPAA2_SET_FLE_ADDR(fle, DPAA2_MBUF_VADDR_TO_IOVA(sym_op->m_src));
 	DPAA2_SET_FLE_OFFSET(fle, sym_op->cipher.data.offset +
 			     sym_op->m_src->data_off);
 
-	fle->length = sym_op->cipher.data.length + sym_op->cipher.iv.length;
+	fle->length = sym_op->cipher.data.length + sess->iv.length;
 
 	PMD_TX_LOG(DEBUG, "1 - flc = %p, fle = %p FLEaddr = %x-%x, length %d",
 		   flc, fle, fle->addr_hi, fle->addr_lo, fle->length);
@@ -369,12 +369,12 @@ build_cipher_fd(dpaa2_sec_session *sess, struct rte_crypto_op *op,
 	fle++;
 
 	DPAA2_SET_FLE_ADDR(fle, DPAA2_VADDR_TO_IOVA(sge));
-	fle->length = sym_op->cipher.data.length + sym_op->cipher.iv.length;
+	fle->length = sym_op->cipher.data.length + sess->iv.length;
 
 	DPAA2_SET_FLE_SG_EXT(fle);
 
 	DPAA2_SET_FLE_ADDR(sge, DPAA2_VADDR_TO_IOVA(IV_ptr));
-	sge->length = sym_op->cipher.iv.length;
+	sge->length = sess->iv.length;
 
 	sge++;
 	DPAA2_SET_FLE_ADDR(sge, DPAA2_MBUF_VADDR_TO_IOVA(sym_op->m_src));
@@ -1220,6 +1220,11 @@ dpaa2_sec_session_configure(struct rte_cryptodev *dev,
 		RTE_LOG(ERR, PMD, "invalid session struct");
 		return NULL;
 	}
+
+	/* Set IV parameters */
+	session->iv.offset = xform->iv.offset;
+	session->iv.length = xform->iv.length;
+
 	/* Cipher Only */
 	if (xform->type == RTE_CRYPTO_SYM_XFORM_CIPHER && xform->next == NULL) {
 		session->ctxt_type = DPAA2_SEC_CIPHER;
diff --git a/drivers/crypto/dpaa2_sec/dpaa2_sec_priv.h b/drivers/crypto/dpaa2_sec/dpaa2_sec_priv.h
index d4ca86c..b1d116b 100644
--- a/drivers/crypto/dpaa2_sec/dpaa2_sec_priv.h
+++ b/drivers/crypto/dpaa2_sec/dpaa2_sec_priv.h
@@ -187,6 +187,10 @@ typedef struct dpaa2_sec_session_entry {
 		uint8_t *data;	/**< pointer to key data */
 		size_t length;	/**< key length in bytes */
 	} auth_key;
+	struct {
+		uint16_t length; /**< IV length in bytes */
+		uint16_t offset; /**< IV offset in bytes */
+	} iv;
 	uint16_t digest_length;
 	uint8_t status;
 	union {
@@ -201,6 +205,7 @@ static const struct rte_cryptodev_capabilities dpaa2_sec_capabilities[] = {
 		.op = RTE_CRYPTO_OP_TYPE_SYMMETRIC,
 		{.sym = {
 			.xform_type = RTE_CRYPTO_SYM_XFORM_AUTH,
+			.iv_size = { 0 },
 			{.auth = {
 				.algo = RTE_CRYPTO_AUTH_MD5_HMAC,
 				.block_size = 64,
@@ -222,6 +227,7 @@ static const struct rte_cryptodev_capabilities dpaa2_sec_capabilities[] = {
 		.op = RTE_CRYPTO_OP_TYPE_SYMMETRIC,
 		{.sym = {
 			.xform_type = RTE_CRYPTO_SYM_XFORM_AUTH,
+			.iv_size = { 0 },
 			{.auth = {
 				.algo = RTE_CRYPTO_AUTH_SHA1_HMAC,
 				.block_size = 64,
@@ -243,6 +249,7 @@ static const struct rte_cryptodev_capabilities dpaa2_sec_capabilities[] = {
 		.op = RTE_CRYPTO_OP_TYPE_SYMMETRIC,
 		{.sym = {
 			.xform_type = RTE_CRYPTO_SYM_XFORM_AUTH,
+			.iv_size = { 0 },
 			{.auth = {
 				.algo = RTE_CRYPTO_AUTH_SHA224_HMAC,
 				.block_size = 64,
@@ -264,6 +271,7 @@ static const struct rte_cryptodev_capabilities dpaa2_sec_capabilities[] = {
 		.op = RTE_CRYPTO_OP_TYPE_SYMMETRIC,
 		{.sym = {
 			.xform_type = RTE_CRYPTO_SYM_XFORM_AUTH,
+			.iv_size = { 0 },
 			{.auth = {
 				.algo = RTE_CRYPTO_AUTH_SHA256_HMAC,
 				.block_size = 64,
@@ -285,6 +293,7 @@ static const struct rte_cryptodev_capabilities dpaa2_sec_capabilities[] = {
 		.op = RTE_CRYPTO_OP_TYPE_SYMMETRIC,
 		{.sym = {
 			.xform_type = RTE_CRYPTO_SYM_XFORM_AUTH,
+			.iv_size = { 0 },
 			{.auth = {
 				.algo = RTE_CRYPTO_AUTH_SHA384_HMAC,
 				.block_size = 128,
@@ -306,6 +315,7 @@ static const struct rte_cryptodev_capabilities dpaa2_sec_capabilities[] = {
 		.op = RTE_CRYPTO_OP_TYPE_SYMMETRIC,
 		{.sym = {
 			.xform_type = RTE_CRYPTO_SYM_XFORM_AUTH,
+			.iv_size = { 0 },
 			{.auth = {
 				.algo = RTE_CRYPTO_AUTH_SHA512_HMAC,
 				.block_size = 128,
@@ -327,6 +337,11 @@ static const struct rte_cryptodev_capabilities dpaa2_sec_capabilities[] = {
 		.op = RTE_CRYPTO_OP_TYPE_SYMMETRIC,
 		{.sym = {
 			.xform_type = RTE_CRYPTO_SYM_XFORM_CIPHER,
+			.iv_size = {
+				.min = 16,
+				.max = 16,
+				.increment = 0
+			},
 			{.cipher = {
 				.algo = RTE_CRYPTO_CIPHER_AES_CBC,
 				.block_size = 16,
@@ -334,11 +349,6 @@ static const struct rte_cryptodev_capabilities dpaa2_sec_capabilities[] = {
 					.min = 16,
 					.max = 32,
 					.increment = 8
-				},
-				.iv_size = {
-					.min = 16,
-					.max = 16,
-					.increment = 0
 				}
 			}, }
 		}, }
@@ -347,6 +357,11 @@ static const struct rte_cryptodev_capabilities dpaa2_sec_capabilities[] = {
 		.op = RTE_CRYPTO_OP_TYPE_SYMMETRIC,
 		{.sym = {
 			.xform_type = RTE_CRYPTO_SYM_XFORM_CIPHER,
+			.iv_size = {
+				.min = 8,
+				.max = 8,
+				.increment = 0
+			},
 			{.cipher = {
 				.algo = RTE_CRYPTO_CIPHER_3DES_CBC,
 				.block_size = 8,
@@ -354,11 +369,6 @@ static const struct rte_cryptodev_capabilities dpaa2_sec_capabilities[] = {
 					.min = 16,
 					.max = 24,
 					.increment = 8
-				},
-				.iv_size = {
-					.min = 8,
-					.max = 8,
-					.increment = 0
 				}
 			}, }
 		}, }
diff --git a/drivers/crypto/kasumi/rte_kasumi_pmd.c b/drivers/crypto/kasumi/rte_kasumi_pmd.c
index 4905641..056682b 100644
--- a/drivers/crypto/kasumi/rte_kasumi_pmd.c
+++ b/drivers/crypto/kasumi/rte_kasumi_pmd.c
@@ -111,6 +111,13 @@ kasumi_set_session_parameters(struct kasumi_session *sess,
 		return -EINVAL;
 	}
 
+	/* Sanity checks. */
+	if (xform->iv.length != KASUMI_IV_LENGTH) {
+		KASUMI_LOG_ERR("Wrong IV length");
+		return -EINVAL;
+	}
+	sess->iv_offset = xform->iv.offset;
+
 	if (cipher_xform) {
 		/* Only KASUMI F8 supported */
 		if (cipher_xform->cipher.algo != RTE_CRYPTO_CIPHER_KASUMI_F8)
@@ -184,13 +191,6 @@ process_kasumi_cipher_op(struct rte_crypto_op **ops,
 	uint32_t num_bytes[num_ops];
 
 	for (i = 0; i < num_ops; i++) {
-		/* Sanity checks. */
-		if (ops[i]->sym->cipher.iv.length != KASUMI_IV_LENGTH) {
-			ops[i]->status = RTE_CRYPTO_OP_STATUS_INVALID_ARGS;
-			KASUMI_LOG_ERR("iv");
-			break;
-		}
-
 		src[i] = rte_pktmbuf_mtod(ops[i]->sym->m_src, uint8_t *) +
 				(ops[i]->sym->cipher.data.offset >> 3);
 		dst[i] = ops[i]->sym->m_dst ?
@@ -199,7 +199,7 @@ process_kasumi_cipher_op(struct rte_crypto_op **ops,
 			rte_pktmbuf_mtod(ops[i]->sym->m_src, uint8_t *) +
 				(ops[i]->sym->cipher.data.offset >> 3);
 		IV_ptr = rte_crypto_op_ctod_offset(ops[i], uint8_t *,
-				ops[i]->sym->cipher.iv.offset);
+				session->iv_offset);
 		IV[i] = *((uint64_t *)(IV_ptr));
 		num_bytes[i] = ops[i]->sym->cipher.data.length >> 3;
 
@@ -223,13 +223,6 @@ process_kasumi_cipher_op_bit(struct rte_crypto_op *op,
 	uint64_t IV;
 	uint32_t length_in_bits, offset_in_bits;
 
-	/* Sanity checks. */
-	if (unlikely(op->sym->cipher.iv.length != KASUMI_IV_LENGTH)) {
-		op->status = RTE_CRYPTO_OP_STATUS_INVALID_ARGS;
-		KASUMI_LOG_ERR("iv");
-		return 0;
-	}
-
 	offset_in_bits = op->sym->cipher.data.offset;
 	src = rte_pktmbuf_mtod(op->sym->m_src, uint8_t *);
 	if (op->sym->m_dst == NULL) {
@@ -239,7 +232,7 @@ process_kasumi_cipher_op_bit(struct rte_crypto_op *op,
 	}
 	dst = rte_pktmbuf_mtod(op->sym->m_dst, uint8_t *);
 	IV_ptr = rte_crypto_op_ctod_offset(op, uint8_t *,
-			op->sym->cipher.iv.offset);
+			session->iv_offset);
 	IV = *((uint64_t *)(IV_ptr));
 	length_in_bits = op->sym->cipher.data.length;
 
diff --git a/drivers/crypto/kasumi/rte_kasumi_pmd_ops.c b/drivers/crypto/kasumi/rte_kasumi_pmd_ops.c
index 62ebdbd..3f587f5 100644
--- a/drivers/crypto/kasumi/rte_kasumi_pmd_ops.c
+++ b/drivers/crypto/kasumi/rte_kasumi_pmd_ops.c
@@ -43,6 +43,7 @@ static const struct rte_cryptodev_capabilities kasumi_pmd_capabilities[] = {
 		.op = RTE_CRYPTO_OP_TYPE_SYMMETRIC,
 		{.sym = {
 			.xform_type = RTE_CRYPTO_SYM_XFORM_AUTH,
+			.iv_size = { 0 },
 			{.auth = {
 				.algo = RTE_CRYPTO_AUTH_KASUMI_F9,
 				.block_size = 8,
@@ -68,6 +69,11 @@ static const struct rte_cryptodev_capabilities kasumi_pmd_capabilities[] = {
 		.op = RTE_CRYPTO_OP_TYPE_SYMMETRIC,
 		{.sym = {
 			.xform_type = RTE_CRYPTO_SYM_XFORM_CIPHER,
+			.iv_size = {
+				.min = 8,
+				.max = 8,
+				.increment = 0
+			},
 			{.cipher = {
 				.algo = RTE_CRYPTO_CIPHER_KASUMI_F8,
 				.block_size = 8,
@@ -75,11 +81,6 @@ static const struct rte_cryptodev_capabilities kasumi_pmd_capabilities[] = {
 					.min = 16,
 					.max = 16,
 					.increment = 0
-				},
-				.iv_size = {
-					.min = 8,
-					.max = 8,
-					.increment = 0
 				}
 			}, }
 		}, }
diff --git a/drivers/crypto/kasumi/rte_kasumi_pmd_private.h b/drivers/crypto/kasumi/rte_kasumi_pmd_private.h
index fb586ca..6a0d47a 100644
--- a/drivers/crypto/kasumi/rte_kasumi_pmd_private.h
+++ b/drivers/crypto/kasumi/rte_kasumi_pmd_private.h
@@ -92,6 +92,7 @@ struct kasumi_session {
 	sso_kasumi_key_sched_t pKeySched_hash;
 	enum kasumi_operation op;
 	enum rte_crypto_auth_operation auth_op;
+	uint16_t iv_offset;
 } __rte_cache_aligned;
 
 
diff --git a/drivers/crypto/null/null_crypto_pmd_ops.c b/drivers/crypto/null/null_crypto_pmd_ops.c
index 12c946c..3c88c50 100644
--- a/drivers/crypto/null/null_crypto_pmd_ops.c
+++ b/drivers/crypto/null/null_crypto_pmd_ops.c
@@ -43,6 +43,7 @@ static const struct rte_cryptodev_capabilities null_crypto_pmd_capabilities[] =
 		.op = RTE_CRYPTO_OP_TYPE_SYMMETRIC,
 		{.sym = {
 			.xform_type = RTE_CRYPTO_SYM_XFORM_AUTH,
+			.iv_size = { 0 },
 			{.auth = {
 				.algo = RTE_CRYPTO_AUTH_NULL,
 				.block_size = 1,
@@ -64,6 +65,7 @@ static const struct rte_cryptodev_capabilities null_crypto_pmd_capabilities[] =
 		.op = RTE_CRYPTO_OP_TYPE_SYMMETRIC,
 		{.sym = {
 			.xform_type = RTE_CRYPTO_SYM_XFORM_CIPHER,
+			.iv_size = { 0 },
 			{.cipher = {
 				.algo = RTE_CRYPTO_CIPHER_NULL,
 				.block_size = 1,
@@ -72,11 +74,6 @@ static const struct rte_cryptodev_capabilities null_crypto_pmd_capabilities[] =
 					.max = 0,
 					.increment = 0
 				},
-				.iv_size = {
-					.min = 0,
-					.max = 0,
-					.increment = 0
-				}
 			}, },
 		}, }
 	},
diff --git a/drivers/crypto/openssl/rte_openssl_pmd.c b/drivers/crypto/openssl/rte_openssl_pmd.c
index c3e3cf2..2a3e6ac 100644
--- a/drivers/crypto/openssl/rte_openssl_pmd.c
+++ b/drivers/crypto/openssl/rte_openssl_pmd.c
@@ -398,6 +398,10 @@ openssl_set_session_parameters(struct openssl_session *sess,
 		return -EINVAL;
 	}
 
+	/* Set IV parameters */
+	sess->iv.offset = xform->iv.offset;
+	sess->iv.length = xform->iv.length;
+
 	/* cipher_xform must be check before auth_xform */
 	if (cipher_xform) {
 		if (openssl_set_session_cipher_parameters(
@@ -925,8 +929,8 @@ process_openssl_combined_op
 	}
 
 	iv = rte_crypto_op_ctod_offset(op, uint8_t *,
-			op->sym->cipher.iv.offset);
-	ivlen = op->sym->cipher.iv.length;
+			sess->iv.offset);
+	ivlen = sess->iv.length;
 	aad = op->sym->auth.aad.data;
 	aadlen = op->sym->auth.aad.length;
 
@@ -990,7 +994,7 @@ process_openssl_cipher_op
 			op->sym->cipher.data.offset);
 
 	iv = rte_crypto_op_ctod_offset(op, uint8_t *,
-			op->sym->cipher.iv.offset);
+			sess->iv.offset);
 
 	if (sess->cipher.mode == OPENSSL_CIPHER_LIB)
 		if (sess->cipher.direction == RTE_CRYPTO_CIPHER_OP_ENCRYPT)
@@ -1032,7 +1036,7 @@ process_openssl_docsis_bpi_op(struct rte_crypto_op *op,
 			op->sym->cipher.data.offset);
 
 	iv = rte_crypto_op_ctod_offset(op, uint8_t *,
-			op->sym->cipher.iv.offset);
+			sess->iv.offset);
 
 	block_size = DES_BLOCK_SIZE;
 
@@ -1091,7 +1095,7 @@ process_openssl_docsis_bpi_op(struct rte_crypto_op *op,
 						last_block_len, sess->cipher.bpi_ctx);
 				/* Prepare parameters for CBC mode op */
 				iv = rte_crypto_op_ctod_offset(op, uint8_t *,
-						op->sym->cipher.iv.offset);
+						sess->iv.offset);
 				dst += last_block_len - srclen;
 				srclen -= last_block_len;
 			}
diff --git a/drivers/crypto/openssl/rte_openssl_pmd_ops.c b/drivers/crypto/openssl/rte_openssl_pmd_ops.c
index 22a6873..b730196 100644
--- a/drivers/crypto/openssl/rte_openssl_pmd_ops.c
+++ b/drivers/crypto/openssl/rte_openssl_pmd_ops.c
@@ -44,6 +44,7 @@ static const struct rte_cryptodev_capabilities openssl_pmd_capabilities[] = {
 		.op = RTE_CRYPTO_OP_TYPE_SYMMETRIC,
 		{.sym = {
 			.xform_type = RTE_CRYPTO_SYM_XFORM_AUTH,
+			.iv_size = { 0 },
 			{.auth = {
 				.algo = RTE_CRYPTO_AUTH_MD5_HMAC,
 				.block_size = 64,
@@ -65,6 +66,7 @@ static const struct rte_cryptodev_capabilities openssl_pmd_capabilities[] = {
 		.op = RTE_CRYPTO_OP_TYPE_SYMMETRIC,
 		{.sym = {
 			.xform_type = RTE_CRYPTO_SYM_XFORM_AUTH,
+			.iv_size = { 0 },
 			{.auth = {
 				.algo = RTE_CRYPTO_AUTH_MD5,
 				.block_size = 64,
@@ -86,6 +88,7 @@ static const struct rte_cryptodev_capabilities openssl_pmd_capabilities[] = {
 		.op = RTE_CRYPTO_OP_TYPE_SYMMETRIC,
 		{.sym = {
 			.xform_type = RTE_CRYPTO_SYM_XFORM_AUTH,
+			.iv_size = { 0 },
 			{.auth = {
 				.algo = RTE_CRYPTO_AUTH_SHA1_HMAC,
 				.block_size = 64,
@@ -107,6 +110,7 @@ static const struct rte_cryptodev_capabilities openssl_pmd_capabilities[] = {
 		.op = RTE_CRYPTO_OP_TYPE_SYMMETRIC,
 		{.sym = {
 			.xform_type = RTE_CRYPTO_SYM_XFORM_AUTH,
+			.iv_size = { 0 },
 			{.auth = {
 				.algo = RTE_CRYPTO_AUTH_SHA1,
 				.block_size = 64,
@@ -128,6 +132,7 @@ static const struct rte_cryptodev_capabilities openssl_pmd_capabilities[] = {
 		.op = RTE_CRYPTO_OP_TYPE_SYMMETRIC,
 		{.sym = {
 			.xform_type = RTE_CRYPTO_SYM_XFORM_AUTH,
+			.iv_size = { 0 },
 			{.auth = {
 				.algo = RTE_CRYPTO_AUTH_SHA224_HMAC,
 				.block_size = 64,
@@ -149,6 +154,7 @@ static const struct rte_cryptodev_capabilities openssl_pmd_capabilities[] = {
 		.op = RTE_CRYPTO_OP_TYPE_SYMMETRIC,
 		{.sym = {
 			.xform_type = RTE_CRYPTO_SYM_XFORM_AUTH,
+			.iv_size = { 0 },
 			{.auth = {
 				.algo = RTE_CRYPTO_AUTH_SHA224,
 				.block_size = 64,
@@ -170,6 +176,7 @@ static const struct rte_cryptodev_capabilities openssl_pmd_capabilities[] = {
 		.op = RTE_CRYPTO_OP_TYPE_SYMMETRIC,
 		{.sym = {
 			.xform_type = RTE_CRYPTO_SYM_XFORM_AUTH,
+			.iv_size = { 0 },
 			{.auth = {
 				.algo = RTE_CRYPTO_AUTH_SHA256_HMAC,
 				.block_size = 64,
@@ -191,6 +198,7 @@ static const struct rte_cryptodev_capabilities openssl_pmd_capabilities[] = {
 			.op = RTE_CRYPTO_OP_TYPE_SYMMETRIC,
 			{.sym = {
 				.xform_type = RTE_CRYPTO_SYM_XFORM_AUTH,
+				.iv_size = { 0 },
 				{.auth = {
 					.algo = RTE_CRYPTO_AUTH_SHA256,
 					.block_size = 64,
@@ -212,6 +220,7 @@ static const struct rte_cryptodev_capabilities openssl_pmd_capabilities[] = {
 		.op = RTE_CRYPTO_OP_TYPE_SYMMETRIC,
 		{.sym = {
 			.xform_type = RTE_CRYPTO_SYM_XFORM_AUTH,
+			.iv_size = { 0 },
 			{.auth = {
 				.algo = RTE_CRYPTO_AUTH_SHA384_HMAC,
 				.block_size = 128,
@@ -233,6 +242,7 @@ static const struct rte_cryptodev_capabilities openssl_pmd_capabilities[] = {
 		.op = RTE_CRYPTO_OP_TYPE_SYMMETRIC,
 		{.sym = {
 			.xform_type = RTE_CRYPTO_SYM_XFORM_AUTH,
+			.iv_size = { 0 },
 			{.auth = {
 				.algo = RTE_CRYPTO_AUTH_SHA384,
 				.block_size = 128,
@@ -254,6 +264,7 @@ static const struct rte_cryptodev_capabilities openssl_pmd_capabilities[] = {
 		.op = RTE_CRYPTO_OP_TYPE_SYMMETRIC,
 		{.sym = {
 			.xform_type = RTE_CRYPTO_SYM_XFORM_AUTH,
+			.iv_size = { 0 },
 			{.auth = {
 				.algo = RTE_CRYPTO_AUTH_SHA512_HMAC,
 				.block_size = 128,
@@ -275,6 +286,7 @@ static const struct rte_cryptodev_capabilities openssl_pmd_capabilities[] = {
 		.op = RTE_CRYPTO_OP_TYPE_SYMMETRIC,
 		{.sym = {
 			.xform_type = RTE_CRYPTO_SYM_XFORM_AUTH,
+			.iv_size = { 0 },
 			{.auth = {
 				.algo = RTE_CRYPTO_AUTH_SHA512,
 				.block_size = 128,
@@ -296,6 +308,11 @@ static const struct rte_cryptodev_capabilities openssl_pmd_capabilities[] = {
 		.op = RTE_CRYPTO_OP_TYPE_SYMMETRIC,
 		{.sym = {
 			.xform_type = RTE_CRYPTO_SYM_XFORM_CIPHER,
+			.iv_size = {
+				.min = 16,
+				.max = 16,
+				.increment = 0
+			},
 			{.cipher = {
 				.algo = RTE_CRYPTO_CIPHER_AES_CBC,
 				.block_size = 16,
@@ -303,11 +320,6 @@ static const struct rte_cryptodev_capabilities openssl_pmd_capabilities[] = {
 					.min = 16,
 					.max = 32,
 					.increment = 8
-				},
-				.iv_size = {
-					.min = 16,
-					.max = 16,
-					.increment = 0
 				}
 			}, }
 		}, }
@@ -316,6 +328,11 @@ static const struct rte_cryptodev_capabilities openssl_pmd_capabilities[] = {
 		.op = RTE_CRYPTO_OP_TYPE_SYMMETRIC,
 		{.sym = {
 			.xform_type = RTE_CRYPTO_SYM_XFORM_CIPHER,
+			.iv_size = {
+				.min = 16,
+				.max = 16,
+				.increment = 0
+			},
 			{.cipher = {
 				.algo = RTE_CRYPTO_CIPHER_AES_CTR,
 				.block_size = 16,
@@ -323,11 +340,6 @@ static const struct rte_cryptodev_capabilities openssl_pmd_capabilities[] = {
 					.min = 16,
 					.max = 32,
 					.increment = 8
-				},
-				.iv_size = {
-					.min = 16,
-					.max = 16,
-					.increment = 0
 				}
 			}, }
 		}, }
@@ -336,6 +348,7 @@ static const struct rte_cryptodev_capabilities openssl_pmd_capabilities[] = {
 		.op = RTE_CRYPTO_OP_TYPE_SYMMETRIC,
 		{.sym = {
 			.xform_type = RTE_CRYPTO_SYM_XFORM_AUTH,
+			.iv_size = { 0 },
 			{.auth = {
 				.algo = RTE_CRYPTO_AUTH_AES_GCM,
 				.block_size = 16,
@@ -361,6 +374,11 @@ static const struct rte_cryptodev_capabilities openssl_pmd_capabilities[] = {
 		.op = RTE_CRYPTO_OP_TYPE_SYMMETRIC,
 		{.sym = {
 			.xform_type = RTE_CRYPTO_SYM_XFORM_CIPHER,
+			.iv_size = {
+				.min = 12,
+				.max = 16,
+				.increment = 4
+			},
 			{.cipher = {
 				.algo = RTE_CRYPTO_CIPHER_AES_GCM,
 				.block_size = 16,
@@ -368,11 +386,6 @@ static const struct rte_cryptodev_capabilities openssl_pmd_capabilities[] = {
 					.min = 16,
 					.max = 32,
 					.increment = 8
-				},
-				.iv_size = {
-					.min = 12,
-					.max = 16,
-					.increment = 4
 				}
 			}, }
 		}, }
@@ -381,6 +394,7 @@ static const struct rte_cryptodev_capabilities openssl_pmd_capabilities[] = {
 		.op = RTE_CRYPTO_OP_TYPE_SYMMETRIC,
 		{.sym = {
 			.xform_type = RTE_CRYPTO_SYM_XFORM_AUTH,
+			.iv_size = { 0 },
 			{.auth = {
 				.algo = RTE_CRYPTO_AUTH_AES_GMAC,
 				.block_size = 16,
@@ -406,6 +420,11 @@ static const struct rte_cryptodev_capabilities openssl_pmd_capabilities[] = {
 		.op = RTE_CRYPTO_OP_TYPE_SYMMETRIC,
 		{.sym = {
 			.xform_type = RTE_CRYPTO_SYM_XFORM_CIPHER,
+			.iv_size = {
+				.min = 8,
+				.max = 8,
+				.increment = 0
+			},
 			{.cipher = {
 				.algo = RTE_CRYPTO_CIPHER_3DES_CBC,
 				.block_size = 8,
@@ -413,11 +432,6 @@ static const struct rte_cryptodev_capabilities openssl_pmd_capabilities[] = {
 					.min = 16,
 					.max = 24,
 					.increment = 8
-				},
-				.iv_size = {
-					.min = 8,
-					.max = 8,
-					.increment = 0
 				}
 			}, }
 		}, }
@@ -426,6 +440,11 @@ static const struct rte_cryptodev_capabilities openssl_pmd_capabilities[] = {
 		.op = RTE_CRYPTO_OP_TYPE_SYMMETRIC,
 		{.sym = {
 			.xform_type = RTE_CRYPTO_SYM_XFORM_CIPHER,
+			.iv_size = {
+				.min = 8,
+				.max = 8,
+				.increment = 0
+			},
 			{.cipher = {
 				.algo = RTE_CRYPTO_CIPHER_3DES_CTR,
 				.block_size = 8,
@@ -433,11 +452,6 @@ static const struct rte_cryptodev_capabilities openssl_pmd_capabilities[] = {
 					.min = 16,
 					.max = 24,
 					.increment = 8
-				},
-				.iv_size = {
-					.min = 8,
-					.max = 8,
-					.increment = 0
 				}
 			}, }
 		}, }
@@ -446,6 +460,11 @@ static const struct rte_cryptodev_capabilities openssl_pmd_capabilities[] = {
 		.op = RTE_CRYPTO_OP_TYPE_SYMMETRIC,
 		{.sym = {
 			.xform_type = RTE_CRYPTO_SYM_XFORM_CIPHER,
+			.iv_size = {
+				.min = 8,
+				.max = 8,
+				.increment = 0
+			},
 			{.cipher = {
 				.algo = RTE_CRYPTO_CIPHER_DES_DOCSISBPI,
 				.block_size = 8,
@@ -453,11 +472,6 @@ static const struct rte_cryptodev_capabilities openssl_pmd_capabilities[] = {
 					.min = 8,
 					.max = 8,
 					.increment = 0
-				},
-				.iv_size = {
-					.min = 8,
-					.max = 8,
-					.increment = 0
 				}
 			}, }
 		}, }
diff --git a/drivers/crypto/openssl/rte_openssl_pmd_private.h b/drivers/crypto/openssl/rte_openssl_pmd_private.h
index 28a8e36..d7eae6c 100644
--- a/drivers/crypto/openssl/rte_openssl_pmd_private.h
+++ b/drivers/crypto/openssl/rte_openssl_pmd_private.h
@@ -108,6 +108,11 @@ struct openssl_session {
 	enum openssl_chain_order chain_order;
 	/**< chain order mode */
 
+	struct {
+		uint16_t length;
+		uint16_t offset;
+	} iv;
+	/**< IV parameters */
 	/** Cipher Parameters */
 	struct {
 		enum rte_crypto_cipher_operation direction;
diff --git a/drivers/crypto/qat/qat_adf/qat_algs.h b/drivers/crypto/qat/qat_adf/qat_algs.h
index 9acd68a..84bd35b 100644
--- a/drivers/crypto/qat/qat_adf/qat_algs.h
+++ b/drivers/crypto/qat/qat_adf/qat_algs.h
@@ -128,6 +128,10 @@ struct qat_session {
 	uint32_t *aad_len;
 	struct qat_crypto_instance *inst;
 	uint16_t digest_length;
+	struct {
+		uint16_t offset;
+		uint16_t length;
+	} iv;
 	rte_spinlock_t lock;	/* protects this struct */
 };
 
diff --git a/drivers/crypto/qat/qat_crypto.c b/drivers/crypto/qat/qat_crypto.c
index f72d3e3..0fcf744 100644
--- a/drivers/crypto/qat/qat_crypto.c
+++ b/drivers/crypto/qat/qat_crypto.c
@@ -457,6 +457,10 @@ qat_crypto_sym_configure_session(struct rte_cryptodev *dev,
 	int qat_cmd_id;
 	PMD_INIT_FUNC_TRACE();
 
+	/* Set IV parameters */
+	session->iv.offset = xform->iv.offset;
+	session->iv.length = xform->iv.length;
+
 	/* Get requested QAT command id */
 	qat_cmd_id = qat_get_cmd_id(xform);
 	if (qat_cmd_id < 0 || qat_cmd_id >= ICP_QAT_FW_LA_CMD_DELIMITER) {
@@ -640,7 +644,7 @@ qat_bpicipher_preprocess(struct qat_session *ctx,
 		else
 			/* runt block, i.e. less than one full block */
 			iv = rte_crypto_op_ctod_offset(op, uint8_t *,
-					sym_op->cipher.iv.offset);
+					ctx->iv.offset);
 
 #ifdef RTE_LIBRTE_PMD_QAT_DEBUG_TX
 		rte_hexdump(stdout, "BPI: src before pre-process:", last_block,
@@ -696,7 +700,7 @@ qat_bpicipher_postprocess(struct qat_session *ctx,
 		else
 			/* runt block, i.e. less than one full block */
 			iv = rte_crypto_op_ctod_offset(op, uint8_t *,
-					sym_op->cipher.iv.offset);
+					ctx->iv.offset);
 
 #ifdef RTE_LIBRTE_PMD_QAT_DEBUG_RX
 		rte_hexdump(stdout, "BPI: src before post-process:", last_block,
@@ -939,7 +943,7 @@ qat_write_hw_desc_entry(struct rte_crypto_op *op, uint8_t *out_msg,
 	}
 
 	IV_ptr = rte_crypto_op_ctod_offset(op, uint8_t *,
-					op->sym->cipher.iv.offset);
+					ctx->iv.offset);
 	if (do_cipher) {
 
 		if (ctx->qat_cipher_alg ==
@@ -979,19 +983,19 @@ qat_write_hw_desc_entry(struct rte_crypto_op *op, uint8_t *out_msg,
 		 * use request descriptor embedded IV
 		 *
 		 */
-		if (op->sym->cipher.iv.length) {
-			if (op->sym->cipher.iv.length <=
+		if (ctx->iv.length) {
+			if (ctx->iv.length <=
 					sizeof(cipher_param->u.cipher_IV_array)) {
 				rte_memcpy(cipher_param->u.cipher_IV_array,
 						IV_ptr,
-						op->sym->cipher.iv.length);
+						ctx->iv.length);
 			} else {
 				ICP_QAT_FW_LA_CIPH_IV_FLD_FLAG_SET(
 						qat_req->comn_hdr.serv_specif_flags,
 						ICP_QAT_FW_CIPH_IV_64BIT_PTR);
 				cipher_param->u.s.cipher_IV_ptr =
 						rte_crypto_op_ctophys_offset(op,
-							op->sym->cipher.iv.offset);
+							ctx->iv.offset);
 			}
 		}
 		min_ofs = cipher_ofs;
@@ -1157,7 +1161,7 @@ qat_write_hw_desc_entry(struct rte_crypto_op *op, uint8_t *out_msg,
 
 	if (ctx->qat_hash_alg == ICP_QAT_HW_AUTH_ALGO_GALOIS_128 ||
 			ctx->qat_hash_alg == ICP_QAT_HW_AUTH_ALGO_GALOIS_64) {
-		if (op->sym->cipher.iv.length == 12) {
+		if (ctx->iv.length == 12) {
 			/*
 			 * For GCM a 12 bit IV is allowed,
 			 * but we need to inform the f/w
@@ -1192,7 +1196,7 @@ qat_write_hw_desc_entry(struct rte_crypto_op *op, uint8_t *out_msg,
 			rte_pktmbuf_mtod(op->sym->m_src, uint8_t*),
 			rte_pktmbuf_data_len(op->sym->m_src));
 	rte_hexdump(stdout, "iv:", IV_ptr,
-			op->sym->cipher.iv.length);
+			ctx->iv.length);
 	rte_hexdump(stdout, "digest:", op->sym->auth.digest.data,
 			ctx->digest_length);
 	rte_hexdump(stdout, "aad:", op->sym->auth.aad.data,
diff --git a/drivers/crypto/qat/qat_crypto_capabilities.h b/drivers/crypto/qat/qat_crypto_capabilities.h
index 1294f24..11f3687 100644
--- a/drivers/crypto/qat/qat_crypto_capabilities.h
+++ b/drivers/crypto/qat/qat_crypto_capabilities.h
@@ -39,6 +39,7 @@
 		.op = RTE_CRYPTO_OP_TYPE_SYMMETRIC,			\
 		{.sym = {						\
 			.xform_type = RTE_CRYPTO_SYM_XFORM_AUTH,	\
+			.iv_size = { 0 },				\
 			{.auth = {					\
 				.algo = RTE_CRYPTO_AUTH_SHA1_HMAC,	\
 				.block_size = 64,			\
@@ -60,6 +61,7 @@
 		.op = RTE_CRYPTO_OP_TYPE_SYMMETRIC,			\
 		{.sym = {						\
 			.xform_type = RTE_CRYPTO_SYM_XFORM_AUTH,	\
+			.iv_size = { 0 },				\
 			{.auth = {					\
 				.algo = RTE_CRYPTO_AUTH_SHA224_HMAC,	\
 				.block_size = 64,			\
@@ -81,6 +83,7 @@
 		.op = RTE_CRYPTO_OP_TYPE_SYMMETRIC,			\
 		{.sym = {						\
 			.xform_type = RTE_CRYPTO_SYM_XFORM_AUTH,	\
+			.iv_size = { 0 },				\
 			{.auth = {					\
 				.algo = RTE_CRYPTO_AUTH_SHA256_HMAC,	\
 				.block_size = 64,			\
@@ -102,6 +105,7 @@
 		.op = RTE_CRYPTO_OP_TYPE_SYMMETRIC,			\
 		{.sym = {						\
 			.xform_type = RTE_CRYPTO_SYM_XFORM_AUTH,	\
+			.iv_size = { 0 },				\
 			{.auth = {					\
 				.algo = RTE_CRYPTO_AUTH_SHA384_HMAC,	\
 				.block_size = 64,			\
@@ -123,6 +127,7 @@
 		.op = RTE_CRYPTO_OP_TYPE_SYMMETRIC,			\
 		{.sym = {						\
 			.xform_type = RTE_CRYPTO_SYM_XFORM_AUTH,	\
+			.iv_size = { 0 },				\
 			{.auth = {					\
 				.algo = RTE_CRYPTO_AUTH_SHA512_HMAC,	\
 				.block_size = 128,			\
@@ -144,6 +149,7 @@
 		.op = RTE_CRYPTO_OP_TYPE_SYMMETRIC,			\
 		{.sym = {						\
 			.xform_type = RTE_CRYPTO_SYM_XFORM_AUTH,	\
+			.iv_size = { 0 },				\
 			{.auth = {					\
 				.algo = RTE_CRYPTO_AUTH_MD5_HMAC,	\
 				.block_size = 64,			\
@@ -165,6 +171,7 @@
 		.op = RTE_CRYPTO_OP_TYPE_SYMMETRIC,			\
 		{.sym = {						\
 			.xform_type = RTE_CRYPTO_SYM_XFORM_AUTH,	\
+			.iv_size = { 0 },				\
 			{.auth = {					\
 				.algo = RTE_CRYPTO_AUTH_AES_XCBC_MAC,	\
 				.block_size = 16,			\
@@ -186,6 +193,7 @@
 		.op = RTE_CRYPTO_OP_TYPE_SYMMETRIC,			\
 		{.sym = {						\
 			.xform_type = RTE_CRYPTO_SYM_XFORM_AUTH,	\
+			.iv_size = { 0 },				\
 			{.auth = {					\
 				.algo = RTE_CRYPTO_AUTH_AES_GCM,	\
 				.block_size = 16,			\
@@ -211,6 +219,7 @@
 		.op = RTE_CRYPTO_OP_TYPE_SYMMETRIC,			\
 		{.sym = {						\
 			.xform_type = RTE_CRYPTO_SYM_XFORM_AUTH,	\
+			.iv_size = { 0 },				\
 			{.auth = {					\
 				.algo = RTE_CRYPTO_AUTH_AES_GMAC,	\
 				.block_size = 16,			\
@@ -236,6 +245,7 @@
 		.op = RTE_CRYPTO_OP_TYPE_SYMMETRIC,			\
 		{.sym = {						\
 			.xform_type = RTE_CRYPTO_SYM_XFORM_AUTH,	\
+			.iv_size = { 0 },				\
 			{.auth = {					\
 				.algo = RTE_CRYPTO_AUTH_SNOW3G_UIA2,	\
 				.block_size = 16,			\
@@ -261,6 +271,11 @@
 		.op = RTE_CRYPTO_OP_TYPE_SYMMETRIC,			\
 		{.sym = {						\
 			.xform_type = RTE_CRYPTO_SYM_XFORM_CIPHER,	\
+			.iv_size = {					\
+				.min = 12,				\
+				.max = 12,				\
+				.increment = 0				\
+			},						\
 			{.cipher = {					\
 				.algo = RTE_CRYPTO_CIPHER_AES_GCM,	\
 				.block_size = 16,			\
@@ -268,11 +283,6 @@
 					.min = 16,			\
 					.max = 32,			\
 					.increment = 8			\
-				},					\
-				.iv_size = {				\
-					.min = 12,			\
-					.max = 12,			\
-					.increment = 0			\
 				}					\
 			}, }						\
 		}, }							\
@@ -281,6 +291,11 @@
 		.op = RTE_CRYPTO_OP_TYPE_SYMMETRIC,			\
 		{.sym = {						\
 			.xform_type = RTE_CRYPTO_SYM_XFORM_CIPHER,	\
+			.iv_size = {					\
+				.min = 16,				\
+				.max = 16,				\
+				.increment = 0				\
+			},						\
 			{.cipher = {					\
 				.algo = RTE_CRYPTO_CIPHER_AES_CBC,	\
 				.block_size = 16,			\
@@ -288,11 +303,6 @@
 					.min = 16,			\
 					.max = 32,			\
 					.increment = 8			\
-				},					\
-				.iv_size = {				\
-					.min = 16,			\
-					.max = 16,			\
-					.increment = 0			\
 				}					\
 			}, }						\
 		}, }							\
@@ -301,6 +311,11 @@
 		.op = RTE_CRYPTO_OP_TYPE_SYMMETRIC,			\
 		{.sym = {						\
 			.xform_type = RTE_CRYPTO_SYM_XFORM_CIPHER,	\
+			.iv_size = {					\
+				.min = 16,				\
+				.max = 16,				\
+				.increment = 0				\
+			},						\
 			{.cipher = {					\
 				.algo = RTE_CRYPTO_CIPHER_AES_DOCSISBPI,\
 				.block_size = 16,			\
@@ -308,11 +323,6 @@
 					.min = 16,			\
 					.max = 16,			\
 					.increment = 0			\
-				},					\
-				.iv_size = {				\
-					.min = 16,			\
-					.max = 16,			\
-					.increment = 0			\
 				}					\
 			}, }						\
 		}, }							\
@@ -321,6 +331,11 @@
 		.op = RTE_CRYPTO_OP_TYPE_SYMMETRIC,			\
 		{.sym = {						\
 			.xform_type = RTE_CRYPTO_SYM_XFORM_CIPHER,	\
+			.iv_size = {					\
+				.min = 16,				\
+				.max = 16,				\
+				.increment = 0				\
+			},						\
 			{.cipher = {					\
 				.algo = RTE_CRYPTO_CIPHER_SNOW3G_UEA2,	\
 				.block_size = 16,			\
@@ -328,11 +343,6 @@
 					.min = 16,			\
 					.max = 16,			\
 					.increment = 0			\
-				},					\
-				.iv_size = {				\
-					.min = 16,			\
-					.max = 16,			\
-					.increment = 0			\
 				}					\
 			}, }						\
 		}, }							\
@@ -341,6 +351,11 @@
 		.op = RTE_CRYPTO_OP_TYPE_SYMMETRIC,			\
 		{.sym = {						\
 			.xform_type = RTE_CRYPTO_SYM_XFORM_CIPHER,	\
+			.iv_size = {					\
+				.min = 16,				\
+				.max = 16,				\
+				.increment = 0				\
+			},						\
 			{.cipher = {					\
 				.algo = RTE_CRYPTO_CIPHER_AES_CTR,	\
 				.block_size = 16,			\
@@ -348,11 +363,6 @@
 					.min = 16,			\
 					.max = 32,			\
 					.increment = 8			\
-				},					\
-				.iv_size = {				\
-					.min = 16,			\
-					.max = 16,			\
-					.increment = 0			\
 				}					\
 			}, }						\
 		}, }							\
@@ -361,6 +371,7 @@
 		.op = RTE_CRYPTO_OP_TYPE_SYMMETRIC,			\
 		{.sym = {						\
 			.xform_type = RTE_CRYPTO_SYM_XFORM_AUTH,	\
+			.iv_size = { 0 },				\
 			{.auth = {					\
 				.algo = RTE_CRYPTO_AUTH_NULL,		\
 				.block_size = 1,			\
@@ -382,6 +393,7 @@
 		.op = RTE_CRYPTO_OP_TYPE_SYMMETRIC,			\
 		{.sym = {						\
 			.xform_type = RTE_CRYPTO_SYM_XFORM_CIPHER,	\
+			.iv_size = { 0 },				\
 			{.cipher = {					\
 				.algo = RTE_CRYPTO_CIPHER_NULL,		\
 				.block_size = 1,			\
@@ -389,11 +401,6 @@
 					.min = 0,			\
 					.max = 0,			\
 					.increment = 0			\
-				},					\
-				.iv_size = {				\
-					.min = 0,			\
-					.max = 0,			\
-					.increment = 0			\
 				}					\
 			}, },						\
 		}, }							\
@@ -402,6 +409,11 @@
 		.op = RTE_CRYPTO_OP_TYPE_SYMMETRIC,			\
 		{.sym = {						\
 			.xform_type = RTE_CRYPTO_SYM_XFORM_CIPHER,	\
+			.iv_size = {					\
+				.min = 8,				\
+				.max = 8,				\
+				.increment = 0				\
+			},						\
 			{.cipher = {					\
 				.algo = RTE_CRYPTO_CIPHER_KASUMI_F8,	\
 				.block_size = 8,			\
@@ -409,11 +421,6 @@
 					.min = 16,			\
 					.max = 16,			\
 					.increment = 0			\
-				},					\
-				.iv_size = {				\
-					.min = 8,			\
-					.max = 8,			\
-					.increment = 0			\
 				}					\
 			}, }						\
 		}, }							\
@@ -422,6 +429,7 @@
 		.op = RTE_CRYPTO_OP_TYPE_SYMMETRIC,			\
 		{.sym = {						\
 			.xform_type = RTE_CRYPTO_SYM_XFORM_AUTH,	\
+			.iv_size = { 0 },				\
 			{.auth = {					\
 				.algo = RTE_CRYPTO_AUTH_KASUMI_F9,	\
 				.block_size = 8,			\
@@ -447,6 +455,11 @@
 		.op = RTE_CRYPTO_OP_TYPE_SYMMETRIC,			\
 		{.sym = {						\
 			.xform_type = RTE_CRYPTO_SYM_XFORM_CIPHER,	\
+			.iv_size = {					\
+				.min = 8,				\
+				.max = 8,				\
+				.increment = 0				\
+			},						\
 			{.cipher = {					\
 				.algo = RTE_CRYPTO_CIPHER_3DES_CBC,	\
 				.block_size = 8,			\
@@ -454,11 +467,6 @@
 					.min = 16,			\
 					.max = 24,			\
 					.increment = 8			\
-				},					\
-				.iv_size = {				\
-					.min = 8,			\
-					.max = 8,			\
-					.increment = 0			\
 				}					\
 			}, }						\
 		}, }							\
@@ -467,6 +475,11 @@
 		.op = RTE_CRYPTO_OP_TYPE_SYMMETRIC,			\
 		{.sym = {						\
 			.xform_type = RTE_CRYPTO_SYM_XFORM_CIPHER,	\
+			.iv_size = {					\
+				.min = 8,				\
+				.max = 8,				\
+				.increment = 0				\
+			},						\
 			{.cipher = {					\
 				.algo = RTE_CRYPTO_CIPHER_3DES_CTR,	\
 				.block_size = 8,			\
@@ -474,11 +487,6 @@
 					.min = 16,			\
 					.max = 24,			\
 					.increment = 8			\
-				},					\
-				.iv_size = {				\
-					.min = 8,			\
-					.max = 8,			\
-					.increment = 0			\
 				}					\
 			}, }						\
 		}, }							\
@@ -487,6 +495,11 @@
 		.op = RTE_CRYPTO_OP_TYPE_SYMMETRIC,			\
 		{.sym = {						\
 			.xform_type = RTE_CRYPTO_SYM_XFORM_CIPHER,	\
+			.iv_size = {					\
+				.min = 8,				\
+				.max = 8,				\
+				.increment = 0				\
+			},						\
 			{.cipher = {					\
 				.algo = RTE_CRYPTO_CIPHER_DES_CBC,	\
 				.block_size = 8,			\
@@ -494,11 +507,6 @@
 					.min = 8,			\
 					.max = 8,			\
 					.increment = 0			\
-				},					\
-				.iv_size = {				\
-					.min = 8,			\
-					.max = 8,			\
-					.increment = 0			\
 				}					\
 			}, }						\
 		}, }							\
@@ -507,6 +515,11 @@
 		.op = RTE_CRYPTO_OP_TYPE_SYMMETRIC,			\
 		{.sym = {						\
 			.xform_type = RTE_CRYPTO_SYM_XFORM_CIPHER,	\
+			.iv_size = {					\
+				.min = 8,				\
+				.max = 8,				\
+				.increment = 0				\
+			},						\
 			{.cipher = {					\
 				.algo = RTE_CRYPTO_CIPHER_DES_DOCSISBPI,\
 				.block_size = 8,			\
@@ -514,11 +527,6 @@
 					.min = 8,			\
 					.max = 8,			\
 					.increment = 0			\
-				},					\
-				.iv_size = {				\
-					.min = 8,			\
-					.max = 8,			\
-					.increment = 0			\
 				}					\
 			}, }						\
 		}, }							\
@@ -529,6 +537,11 @@
 		.op = RTE_CRYPTO_OP_TYPE_SYMMETRIC,			\
 		{.sym = {						\
 			.xform_type = RTE_CRYPTO_SYM_XFORM_CIPHER,	\
+			.iv_size = {					\
+				.min = 16,				\
+				.max = 16,				\
+				.increment = 0				\
+			},						\
 			{.cipher = {					\
 				.algo = RTE_CRYPTO_CIPHER_ZUC_EEA3,	\
 				.block_size = 16,			\
@@ -536,11 +549,6 @@
 					.min = 16,			\
 					.max = 16,			\
 					.increment = 0			\
-				},					\
-				.iv_size = {				\
-					.min = 16,			\
-					.max = 16,			\
-					.increment = 0			\
 				}					\
 			}, }						\
 		}, }							\
@@ -549,6 +557,7 @@
 		.op = RTE_CRYPTO_OP_TYPE_SYMMETRIC,			\
 		{.sym = {						\
 			.xform_type = RTE_CRYPTO_SYM_XFORM_AUTH,	\
+			.iv_size = { 0 },				\
 			{.auth = {					\
 				.algo = RTE_CRYPTO_AUTH_ZUC_EIA3,	\
 				.block_size = 16,			\
diff --git a/drivers/crypto/snow3g/rte_snow3g_pmd.c b/drivers/crypto/snow3g/rte_snow3g_pmd.c
index 8ebe302..30b9172 100644
--- a/drivers/crypto/snow3g/rte_snow3g_pmd.c
+++ b/drivers/crypto/snow3g/rte_snow3g_pmd.c
@@ -111,6 +111,13 @@ snow3g_set_session_parameters(struct snow3g_session *sess,
 		return -EINVAL;
 	}
 
+	/* Sanity checks. */
+	if (xform->iv.length != SNOW3G_IV_LENGTH) {
+		SNOW3G_LOG_ERR("Wrong IV length");
+		return -EINVAL;
+	}
+	sess->iv_offset = xform->iv.offset;
+
 	if (cipher_xform) {
 		/* Only SNOW 3G UEA2 supported */
 		if (cipher_xform->cipher.algo != RTE_CRYPTO_CIPHER_SNOW3G_UEA2)
@@ -183,13 +190,6 @@ process_snow3g_cipher_op(struct rte_crypto_op **ops,
 	uint32_t num_bytes[SNOW3G_MAX_BURST];
 
 	for (i = 0; i < num_ops; i++) {
-		/* Sanity checks. */
-		if (unlikely(ops[i]->sym->cipher.iv.length != SNOW3G_IV_LENGTH)) {
-			ops[i]->status = RTE_CRYPTO_OP_STATUS_INVALID_ARGS;
-			SNOW3G_LOG_ERR("iv");
-			break;
-		}
-
 		src[i] = rte_pktmbuf_mtod(ops[i]->sym->m_src, uint8_t *) +
 				(ops[i]->sym->cipher.data.offset >> 3);
 		dst[i] = ops[i]->sym->m_dst ?
@@ -198,7 +198,7 @@ process_snow3g_cipher_op(struct rte_crypto_op **ops,
 			rte_pktmbuf_mtod(ops[i]->sym->m_src, uint8_t *) +
 				(ops[i]->sym->cipher.data.offset >> 3);
 		IV[i] = rte_crypto_op_ctod_offset(ops[i], uint8_t *,
-				ops[i]->sym->cipher.iv.offset);
+				session->iv_offset);
 		num_bytes[i] = ops[i]->sym->cipher.data.length >> 3;
 
 		processed_ops++;
@@ -219,13 +219,6 @@ process_snow3g_cipher_op_bit(struct rte_crypto_op *op,
 	uint8_t *IV;
 	uint32_t length_in_bits, offset_in_bits;
 
-	/* Sanity checks. */
-	if (unlikely(op->sym->cipher.iv.length != SNOW3G_IV_LENGTH)) {
-		op->status = RTE_CRYPTO_OP_STATUS_INVALID_ARGS;
-		SNOW3G_LOG_ERR("iv");
-		return 0;
-	}
-
 	offset_in_bits = op->sym->cipher.data.offset;
 	src = rte_pktmbuf_mtod(op->sym->m_src, uint8_t *);
 	if (op->sym->m_dst == NULL) {
@@ -235,7 +228,7 @@ process_snow3g_cipher_op_bit(struct rte_crypto_op *op,
 	}
 	dst = rte_pktmbuf_mtod(op->sym->m_dst, uint8_t *);
 	IV = rte_crypto_op_ctod_offset(op, uint8_t *,
-				op->sym->cipher.iv.offset);
+				session->iv_offset);
 	length_in_bits = op->sym->cipher.data.length;
 
 	sso_snow3g_f8_1_buffer_bit(&session->pKeySched_cipher, IV,
diff --git a/drivers/crypto/snow3g/rte_snow3g_pmd_ops.c b/drivers/crypto/snow3g/rte_snow3g_pmd_ops.c
index 7ce96be..a0f1488 100644
--- a/drivers/crypto/snow3g/rte_snow3g_pmd_ops.c
+++ b/drivers/crypto/snow3g/rte_snow3g_pmd_ops.c
@@ -43,6 +43,7 @@ static const struct rte_cryptodev_capabilities snow3g_pmd_capabilities[] = {
 		.op = RTE_CRYPTO_OP_TYPE_SYMMETRIC,
 		{.sym = {
 			.xform_type = RTE_CRYPTO_SYM_XFORM_AUTH,
+			.iv_size = { 0 },
 			{.auth = {
 				.algo = RTE_CRYPTO_AUTH_SNOW3G_UIA2,
 				.block_size = 16,
@@ -68,6 +69,11 @@ static const struct rte_cryptodev_capabilities snow3g_pmd_capabilities[] = {
 		.op = RTE_CRYPTO_OP_TYPE_SYMMETRIC,
 		{.sym = {
 			.xform_type = RTE_CRYPTO_SYM_XFORM_CIPHER,
+			.iv_size = {
+				.min = 16,
+				.max = 16,
+				.increment = 0
+			},
 			{.cipher = {
 				.algo = RTE_CRYPTO_CIPHER_SNOW3G_UEA2,
 				.block_size = 16,
@@ -75,11 +81,6 @@ static const struct rte_cryptodev_capabilities snow3g_pmd_capabilities[] = {
 					.min = 16,
 					.max = 16,
 					.increment = 0
-				},
-				.iv_size = {
-					.min = 16,
-					.max = 16,
-					.increment = 0
 				}
 			}, }
 		}, }
diff --git a/drivers/crypto/snow3g/rte_snow3g_pmd_private.h b/drivers/crypto/snow3g/rte_snow3g_pmd_private.h
index 03973b9..e8943a7 100644
--- a/drivers/crypto/snow3g/rte_snow3g_pmd_private.h
+++ b/drivers/crypto/snow3g/rte_snow3g_pmd_private.h
@@ -91,6 +91,7 @@ struct snow3g_session {
 	enum rte_crypto_auth_operation auth_op;
 	sso_snow3g_key_schedule_t pKeySched_cipher;
 	sso_snow3g_key_schedule_t pKeySched_hash;
+	uint16_t iv_offset;
 } __rte_cache_aligned;
 
 
diff --git a/drivers/crypto/zuc/rte_zuc_pmd.c b/drivers/crypto/zuc/rte_zuc_pmd.c
index df58ec4..266882b 100644
--- a/drivers/crypto/zuc/rte_zuc_pmd.c
+++ b/drivers/crypto/zuc/rte_zuc_pmd.c
@@ -110,6 +110,13 @@ zuc_set_session_parameters(struct zuc_session *sess,
 		return -EINVAL;
 	}
 
+	/* Sanity checks. */
+	if (xform->iv.length != ZUC_IV_KEY_LENGTH) {
+		ZUC_LOG_ERR("Wrong IV length");
+		return -EINVAL;
+	}
+	sess->iv_offset = xform->iv.offset;
+
 	if (cipher_xform) {
 		/* Only ZUC EEA3 supported */
 		if (cipher_xform->cipher.algo != RTE_CRYPTO_CIPHER_ZUC_EEA3)
@@ -183,13 +190,6 @@ process_zuc_cipher_op(struct rte_crypto_op **ops,
 	uint8_t *cipher_keys[ZUC_MAX_BURST];
 
 	for (i = 0; i < num_ops; i++) {
-		/* Sanity checks. */
-		if (unlikely(ops[i]->sym->cipher.iv.length != ZUC_IV_KEY_LENGTH)) {
-			ops[i]->status = RTE_CRYPTO_OP_STATUS_INVALID_ARGS;
-			ZUC_LOG_ERR("iv");
-			break;
-		}
-
 		if (((ops[i]->sym->cipher.data.length % BYTE_LEN) != 0)
 				|| ((ops[i]->sym->cipher.data.offset
 					% BYTE_LEN) != 0)) {
@@ -219,7 +219,7 @@ process_zuc_cipher_op(struct rte_crypto_op **ops,
 			rte_pktmbuf_mtod(ops[i]->sym->m_src, uint8_t *) +
 				(ops[i]->sym->cipher.data.offset >> 3);
 		IV[i] = rte_crypto_op_ctod_offset(ops[i], uint8_t *,
-				ops[i]->sym->cipher.iv.offset);
+				session->iv_offset);
 		num_bytes[i] = ops[i]->sym->cipher.data.length >> 3;
 
 		cipher_keys[i] = session->pKey_cipher;
diff --git a/drivers/crypto/zuc/rte_zuc_pmd_ops.c b/drivers/crypto/zuc/rte_zuc_pmd_ops.c
index e793459..4804bd1 100644
--- a/drivers/crypto/zuc/rte_zuc_pmd_ops.c
+++ b/drivers/crypto/zuc/rte_zuc_pmd_ops.c
@@ -43,6 +43,7 @@ static const struct rte_cryptodev_capabilities zuc_pmd_capabilities[] = {
 		.op = RTE_CRYPTO_OP_TYPE_SYMMETRIC,
 		{.sym = {
 			.xform_type = RTE_CRYPTO_SYM_XFORM_AUTH,
+			.iv_size = { 0 },
 			{.auth = {
 				.algo = RTE_CRYPTO_AUTH_ZUC_EIA3,
 				.block_size = 16,
@@ -68,6 +69,11 @@ static const struct rte_cryptodev_capabilities zuc_pmd_capabilities[] = {
 		.op = RTE_CRYPTO_OP_TYPE_SYMMETRIC,
 		{.sym = {
 			.xform_type = RTE_CRYPTO_SYM_XFORM_CIPHER,
+			.iv_size = {
+				.min = 16,
+				.max = 16,
+				.increment = 0
+			},
 			{.cipher = {
 				.algo = RTE_CRYPTO_CIPHER_ZUC_EEA3,
 				.block_size = 16,
@@ -75,11 +81,6 @@ static const struct rte_cryptodev_capabilities zuc_pmd_capabilities[] = {
 					.min = 16,
 					.max = 16,
 					.increment = 0
-				},
-				.iv_size = {
-					.min = 16,
-					.max = 16,
-					.increment = 0
 				}
 			}, }
 		}, }
diff --git a/drivers/crypto/zuc/rte_zuc_pmd_private.h b/drivers/crypto/zuc/rte_zuc_pmd_private.h
index 030f120..cee1b5d 100644
--- a/drivers/crypto/zuc/rte_zuc_pmd_private.h
+++ b/drivers/crypto/zuc/rte_zuc_pmd_private.h
@@ -92,6 +92,7 @@ struct zuc_session {
 	enum rte_crypto_auth_operation auth_op;
 	uint8_t pKey_cipher[ZUC_IV_KEY_LENGTH];
 	uint8_t pKey_hash[ZUC_IV_KEY_LENGTH];
+	uint16_t iv_offset;
 } __rte_cache_aligned;
 
 
diff --git a/lib/librte_cryptodev/rte_crypto_sym.h b/lib/librte_cryptodev/rte_crypto_sym.h
index 4b921e8..9309a08 100644
--- a/lib/librte_cryptodev/rte_crypto_sym.h
+++ b/lib/librte_cryptodev/rte_crypto_sym.h
@@ -345,6 +345,55 @@ struct rte_crypto_sym_xform {
 		struct rte_crypto_cipher_xform cipher;
 		/**< Cipher xform */
 	};
+	struct {
+		uint16_t offset;
+		/**< Starting point for Initialisation Vector or Counter,
+		 * specified as number of bytes from start of crypto
+		 * operation.
+		 *
+		 * - For block ciphers in CBC or F8 mode, or for KASUMI
+		 * in F8 mode, or for SNOW 3G in UEA2 mode, this is the
+		 * Initialisation Vector (IV) value.
+		 *
+		 * - For block ciphers in CTR mode, this is the counter.
+		 *
+		 * - For GCM mode, this is either the IV (if the length
+		 * is 96 bits) or J0 (for other sizes), where J0 is as
+		 * defined by NIST SP800-38D. Regardless of the IV
+		 * length, a full 16 bytes needs to be allocated.
+		 *
+		 * - For CCM mode, the first byte is reserved, and the
+		 * nonce should be written starting at &iv[1] (to allow
+		 * space for the implementation to write in the flags
+		 * in the first byte). Note that a full 16 bytes should
+		 * be allocated, even though the length field will
+		 * have a value less than this.
+		 *
+		 * - For AES-XTS, this is the 128bit tweak, i, from
+		 * IEEE Std 1619-2007.
+		 *
+		 * For optimum performance, the data pointed to SHOULD
+		 * be 8-byte aligned.
+		 */
+		uint16_t length;
+		/**< Length of valid IV data.
+		 *
+		 * - For block ciphers in CBC or F8 mode, or for KASUMI
+		 * in F8 mode, or for SNOW 3G in UEA2 mode, this is the
+		 * length of the IV (which must be the same as the
+		 * block length of the cipher).
+		 *
+		 * - For block ciphers in CTR mode, this is the length
+		 * of the counter (which must be the same as the block
+		 * length of the cipher).
+		 *
+		 * - For GCM mode, this is either 12 (for 96-bit IVs)
+		 * or 16, in which case data points to J0.
+		 *
+		 * - For CCM mode, this is the length of the nonce,
+		 * which can be in the range 7 to 13 inclusive.
+		 */
+	} iv;	/**< Initialisation vector parameters */
 };
 
 struct rte_cryptodev_sym_session;
@@ -434,55 +483,6 @@ struct rte_crypto_sym_op {
 			  */
 		} data; /**< Data offsets and length for ciphering */
 
-		struct {
-			uint16_t offset;
-			/**< Starting point for Initialisation Vector or Counter,
-			 * specified as number of bytes from start of crypto
-			 * operation.
-			 *
-			 * - For block ciphers in CBC or F8 mode, or for KASUMI
-			 * in F8 mode, or for SNOW 3G in UEA2 mode, this is the
-			 * Initialisation Vector (IV) value.
-			 *
-			 * - For block ciphers in CTR mode, this is the counter.
-			 *
-			 * - For GCM mode, this is either the IV (if the length
-			 * is 96 bits) or J0 (for other sizes), where J0 is as
-			 * defined by NIST SP800-38D. Regardless of the IV
-			 * length, a full 16 bytes needs to be allocated.
-			 *
-			 * - For CCM mode, the first byte is reserved, and the
-			 * nonce should be written starting at &iv[1] (to allow
-			 * space for the implementation to write in the flags
-			 * in the first byte). Note that a full 16 bytes should
-			 * be allocated, even though the length field will
-			 * have a value less than this.
-			 *
-			 * - For AES-XTS, this is the 128bit tweak, i, from
-			 * IEEE Std 1619-2007.
-			 *
-			 * For optimum performance, the data pointed to SHOULD
-			 * be 8-byte aligned.
-			 */
-			uint16_t length;
-			/**< Length of valid IV data.
-			 *
-			 * - For block ciphers in CBC or F8 mode, or for KASUMI
-			 * in F8 mode, or for SNOW 3G in UEA2 mode, this is the
-			 * length of the IV (which must be the same as the
-			 * block length of the cipher).
-			 *
-			 * - For block ciphers in CTR mode, this is the length
-			 * of the counter (which must be the same as the block
-			 * length of the cipher).
-			 *
-			 * - For GCM mode, this is either 12 (for 96-bit IVs)
-			 * or 16, in which case data points to J0.
-			 *
-			 * - For CCM mode, this is the length of the nonce,
-			 * which can be in the range 7 to 13 inclusive.
-			 */
-		} iv;	/**< Initialisation vector parameters */
 	} cipher;
 
 	struct {
diff --git a/lib/librte_cryptodev/rte_cryptodev.c b/lib/librte_cryptodev/rte_cryptodev.c
index b65cd9c..c9e4fa3 100644
--- a/lib/librte_cryptodev/rte_cryptodev.c
+++ b/lib/librte_cryptodev/rte_cryptodev.c
@@ -381,7 +381,7 @@ rte_cryptodev_sym_capability_check_cipher(
 	if (param_range_check(key_size, capability->cipher.key_size))
 		return -1;
 
-	if (param_range_check(iv_size, capability->cipher.iv_size))
+	if (param_range_check(iv_size, capability->iv_size))
 		return -1;
 
 	return 0;
@@ -390,7 +390,8 @@ rte_cryptodev_sym_capability_check_cipher(
 int
 rte_cryptodev_sym_capability_check_auth(
 		const struct rte_cryptodev_symmetric_capability *capability,
-		uint16_t key_size, uint16_t digest_size, uint16_t aad_size)
+		uint16_t key_size, uint16_t digest_size, uint16_t aad_size,
+		uint16_t iv_size)
 {
 	if (param_range_check(key_size, capability->auth.key_size))
 		return -1;
@@ -401,6 +402,9 @@ rte_cryptodev_sym_capability_check_auth(
 	if (param_range_check(aad_size, capability->auth.aad_size))
 		return -1;
 
+	if (param_range_check(iv_size, capability->iv_size))
+		return -1;
+
 	return 0;
 }
 
diff --git a/lib/librte_cryptodev/rte_cryptodev.h b/lib/librte_cryptodev/rte_cryptodev.h
index bd09176..82cfddd 100644
--- a/lib/librte_cryptodev/rte_cryptodev.h
+++ b/lib/librte_cryptodev/rte_cryptodev.h
@@ -168,6 +168,8 @@ struct rte_cryptodev_symmetric_capability {
 	enum rte_crypto_sym_xform_type xform_type;
 	/**< Transform type : Authentication / Cipher */
 	RTE_STD_C11
+	struct rte_crypto_param_range iv_size;
+	/**< Initialisation vector data size range */
 	union {
 		struct {
 			enum rte_crypto_auth_algorithm algo;
@@ -189,8 +191,6 @@ struct rte_cryptodev_symmetric_capability {
 			/**< algorithm block size */
 			struct rte_crypto_param_range key_size;
 			/**< cipher key size range */
-			struct rte_crypto_param_range iv_size;
-			/**< Initialisation vector data size range */
 		} cipher;
 		/**< Symmetric Cipher transform capabilities */
 	};
@@ -237,7 +237,7 @@ rte_cryptodev_sym_capability_get(uint8_t dev_id,
  *
  * @param	capability	Description of the symmetric crypto capability.
  * @param	key_size	Cipher key size.
- * @param	iv_size		Cipher initial vector size.
+ * @param	iv_size		Initial vector size.
  *
  * @return
  *   - Return 0 if the parameters are in range of the capability.
@@ -256,6 +256,7 @@ rte_cryptodev_sym_capability_check_cipher(
  * @param	key_size	Auth key size.
  * @param	digest_size	Auth digest size.
  * @param	aad_size	Auth aad size.
+ * @param	iv_size		Initial vector size.
  *
  * @return
  *   - Return 0 if the parameters are in range of the capability.
@@ -264,7 +265,8 @@ rte_cryptodev_sym_capability_check_cipher(
 int
 rte_cryptodev_sym_capability_check_auth(
 		const struct rte_cryptodev_symmetric_capability *capability,
-		uint16_t key_size, uint16_t digest_size, uint16_t aad_size);
+		uint16_t key_size, uint16_t digest_size, uint16_t aad_size,
+		uint16_t iv_size);
 
 /**
  * Provide the cipher algorithm enum, given an algorithm string
-- 
2.7.4

^ permalink raw reply	[flat|nested] 100+ messages in thread

* [dpdk-dev] [PATCH 11/13] drivers/crypto: do not use AAD in wireless algorithms
  2017-05-28 21:05 [dpdk-dev] [PATCH 00/13] Crypto operation restructuring Pablo de Lara
                   ` (9 preceding siblings ...)
  2017-05-28 21:05 ` [dpdk-dev] [PATCH 10/13] cryptodev: move IV parameters to crypto session Pablo de Lara
@ 2017-05-28 21:05 ` Pablo de Lara
  2017-05-28 21:05 ` [dpdk-dev] [PATCH 12/13] cryptodev: aad AEAD specific data Pablo de Lara
                   ` (2 subsequent siblings)
  13 siblings, 0 replies; 100+ messages in thread
From: Pablo de Lara @ 2017-05-28 21:05 UTC (permalink / raw)
  To: declan.doherty, akhil.goyal, hemant.agrawal, zbigniew.bodek, jerin.jacob
  Cc: dev, Pablo de Lara

For wireless algorithms (SNOW3G, KASUMI, ZUC),
the IV for the authentication algorithms (F9, UIA2 and EIA3)
was taken from the AAD parameter, as there was no IV parameter
in the authentication structure, and this was pointing at IV.

Now that IV is available for all algorithms, there is need
to keep doing this, so AAD is not used for these algorithms
anymore.

Signed-off-by: Pablo de Lara <pablo.de.lara.guarch@intel.com>
---
 drivers/crypto/kasumi/rte_kasumi_pmd.c       | 12 ++++------
 drivers/crypto/kasumi/rte_kasumi_pmd_ops.c   | 12 +++++-----
 drivers/crypto/qat/qat_crypto_capabilities.h | 36 ++++++++++++++--------------
 drivers/crypto/snow3g/rte_snow3g_pmd.c       | 13 ++++------
 drivers/crypto/snow3g/rte_snow3g_pmd_ops.c   | 12 +++++-----
 drivers/crypto/zuc/rte_zuc_pmd.c             | 13 ++++------
 drivers/crypto/zuc/rte_zuc_pmd_ops.c         | 12 +++++-----
 lib/librte_cryptodev/rte_crypto_sym.h        |  4 +---
 8 files changed, 51 insertions(+), 63 deletions(-)

diff --git a/drivers/crypto/kasumi/rte_kasumi_pmd.c b/drivers/crypto/kasumi/rte_kasumi_pmd.c
index 056682b..57faa7a 100644
--- a/drivers/crypto/kasumi/rte_kasumi_pmd.c
+++ b/drivers/crypto/kasumi/rte_kasumi_pmd.c
@@ -251,6 +251,7 @@ process_kasumi_hash_op(struct rte_crypto_op **ops,
 	unsigned i;
 	uint8_t processed_ops = 0;
 	uint8_t *src, *dst;
+	uint8_t *IV_ptr;
 	uint32_t length_in_bits;
 	uint32_t num_bytes;
 	uint32_t shift_bits;
@@ -258,12 +259,6 @@ process_kasumi_hash_op(struct rte_crypto_op **ops,
 	uint8_t direction;
 
 	for (i = 0; i < num_ops; i++) {
-		if (unlikely(ops[i]->sym->auth.aad.length != KASUMI_IV_LENGTH)) {
-			ops[i]->status = RTE_CRYPTO_OP_STATUS_INVALID_ARGS;
-			KASUMI_LOG_ERR("aad");
-			break;
-		}
-
 		/* Data must be byte aligned */
 		if ((ops[i]->sym->auth.data.offset % BYTE_LEN) != 0) {
 			ops[i]->status = RTE_CRYPTO_OP_STATUS_INVALID_ARGS;
@@ -275,8 +270,9 @@ process_kasumi_hash_op(struct rte_crypto_op **ops,
 
 		src = rte_pktmbuf_mtod(ops[i]->sym->m_src, uint8_t *) +
 				(ops[i]->sym->auth.data.offset >> 3);
-		/* IV from AAD */
-		IV = *((uint64_t *)(ops[i]->sym->auth.aad.data));
+		IV_ptr = rte_crypto_op_ctod_offset(ops[i], uint8_t *,
+				session->iv_offset);
+		IV = *((uint64_t *)(IV_ptr));
 		/* Direction from next bit after end of message */
 		num_bytes = (length_in_bits >> 3) + 1;
 		shift_bits = (BYTE_LEN - 1 - length_in_bits) % BYTE_LEN;
diff --git a/drivers/crypto/kasumi/rte_kasumi_pmd_ops.c b/drivers/crypto/kasumi/rte_kasumi_pmd_ops.c
index 3f587f5..c44c107 100644
--- a/drivers/crypto/kasumi/rte_kasumi_pmd_ops.c
+++ b/drivers/crypto/kasumi/rte_kasumi_pmd_ops.c
@@ -43,7 +43,11 @@ static const struct rte_cryptodev_capabilities kasumi_pmd_capabilities[] = {
 		.op = RTE_CRYPTO_OP_TYPE_SYMMETRIC,
 		{.sym = {
 			.xform_type = RTE_CRYPTO_SYM_XFORM_AUTH,
-			.iv_size = { 0 },
+			.iv_size = {
+				.min = 8,
+				.max = 8,
+				.increment = 0
+			},
 			{.auth = {
 				.algo = RTE_CRYPTO_AUTH_KASUMI_F9,
 				.block_size = 8,
@@ -57,11 +61,7 @@ static const struct rte_cryptodev_capabilities kasumi_pmd_capabilities[] = {
 					.max = 4,
 					.increment = 0
 				},
-				.aad_size = {
-					.min = 8,
-					.max = 8,
-					.increment = 0
-				}
+				.aad_size = { 0 }
 			}, }
 		}, }
 	},
diff --git a/drivers/crypto/qat/qat_crypto_capabilities.h b/drivers/crypto/qat/qat_crypto_capabilities.h
index 11f3687..56c0536 100644
--- a/drivers/crypto/qat/qat_crypto_capabilities.h
+++ b/drivers/crypto/qat/qat_crypto_capabilities.h
@@ -245,7 +245,11 @@
 		.op = RTE_CRYPTO_OP_TYPE_SYMMETRIC,			\
 		{.sym = {						\
 			.xform_type = RTE_CRYPTO_SYM_XFORM_AUTH,	\
-			.iv_size = { 0 },				\
+			.iv_size = {					\
+				.min = 16,				\
+				.max = 16,				\
+				.increment = 0				\
+			},						\
 			{.auth = {					\
 				.algo = RTE_CRYPTO_AUTH_SNOW3G_UIA2,	\
 				.block_size = 16,			\
@@ -259,11 +263,7 @@
 					.max = 4,			\
 					.increment = 0			\
 				},					\
-				.aad_size = {				\
-					.min = 16,			\
-					.max = 16,			\
-					.increment = 0			\
-				}					\
+				.aad_size = { 0 }			\
 			}, }						\
 		}, }							\
 	},								\
@@ -429,7 +429,11 @@
 		.op = RTE_CRYPTO_OP_TYPE_SYMMETRIC,			\
 		{.sym = {						\
 			.xform_type = RTE_CRYPTO_SYM_XFORM_AUTH,	\
-			.iv_size = { 0 },				\
+			.iv_size = {					\
+				.min = 8,				\
+				.max = 8,				\
+				.increment = 0				\
+			},						\
 			{.auth = {					\
 				.algo = RTE_CRYPTO_AUTH_KASUMI_F9,	\
 				.block_size = 8,			\
@@ -443,11 +447,7 @@
 					.max = 4,			\
 					.increment = 0			\
 				},					\
-				.aad_size = {				\
-					.min = 8,			\
-					.max = 8,			\
-					.increment = 0			\
-				}					\
+				.aad_size = { 0 }			\
 			}, }						\
 		}, }							\
 	},								\
@@ -557,7 +557,11 @@
 		.op = RTE_CRYPTO_OP_TYPE_SYMMETRIC,			\
 		{.sym = {						\
 			.xform_type = RTE_CRYPTO_SYM_XFORM_AUTH,	\
-			.iv_size = { 0 },				\
+			.iv_size = {					\
+				.min = 16,				\
+				.max = 16,				\
+				.increment = 0				\
+			},						\
 			{.auth = {					\
 				.algo = RTE_CRYPTO_AUTH_ZUC_EIA3,	\
 				.block_size = 16,			\
@@ -571,11 +575,7 @@
 					.max = 4,			\
 					.increment = 0			\
 				},					\
-				.aad_size = {				\
-					.min = 16,			\
-					.max = 16,			\
-					.increment = 0			\
-				}					\
+				.aad_size = { 0 }			\
 			}, }						\
 		}, }							\
 	}
diff --git a/drivers/crypto/snow3g/rte_snow3g_pmd.c b/drivers/crypto/snow3g/rte_snow3g_pmd.c
index 30b9172..01e8d89 100644
--- a/drivers/crypto/snow3g/rte_snow3g_pmd.c
+++ b/drivers/crypto/snow3g/rte_snow3g_pmd.c
@@ -247,14 +247,9 @@ process_snow3g_hash_op(struct rte_crypto_op **ops,
 	uint8_t processed_ops = 0;
 	uint8_t *src, *dst;
 	uint32_t length_in_bits;
+	uint8_t *IV;
 
 	for (i = 0; i < num_ops; i++) {
-		if (unlikely(ops[i]->sym->auth.aad.length != SNOW3G_IV_LENGTH)) {
-			ops[i]->status = RTE_CRYPTO_OP_STATUS_INVALID_ARGS;
-			SNOW3G_LOG_ERR("aad");
-			break;
-		}
-
 		/* Data must be byte aligned */
 		if ((ops[i]->sym->auth.data.offset % BYTE_LEN) != 0) {
 			ops[i]->status = RTE_CRYPTO_OP_STATUS_INVALID_ARGS;
@@ -266,13 +261,15 @@ process_snow3g_hash_op(struct rte_crypto_op **ops,
 
 		src = rte_pktmbuf_mtod(ops[i]->sym->m_src, uint8_t *) +
 				(ops[i]->sym->auth.data.offset >> 3);
+		IV = rte_crypto_op_ctod_offset(ops[i], uint8_t *,
+				session->iv_offset);
 
 		if (session->auth_op == RTE_CRYPTO_AUTH_OP_VERIFY) {
 			dst = (uint8_t *)rte_pktmbuf_append(ops[i]->sym->m_src,
 					SNOW3G_DIGEST_LENGTH);
 
 			sso_snow3g_f9_1_buffer(&session->pKeySched_hash,
-					ops[i]->sym->auth.aad.data, src,
+					IV, src,
 					length_in_bits,	dst);
 			/* Verify digest. */
 			if (memcmp(dst, ops[i]->sym->auth.digest.data,
@@ -286,7 +283,7 @@ process_snow3g_hash_op(struct rte_crypto_op **ops,
 			dst = ops[i]->sym->auth.digest.data;
 
 			sso_snow3g_f9_1_buffer(&session->pKeySched_hash,
-					ops[i]->sym->auth.aad.data, src,
+					IV, src,
 					length_in_bits, dst);
 		}
 		processed_ops++;
diff --git a/drivers/crypto/snow3g/rte_snow3g_pmd_ops.c b/drivers/crypto/snow3g/rte_snow3g_pmd_ops.c
index a0f1488..86c229a 100644
--- a/drivers/crypto/snow3g/rte_snow3g_pmd_ops.c
+++ b/drivers/crypto/snow3g/rte_snow3g_pmd_ops.c
@@ -43,7 +43,11 @@ static const struct rte_cryptodev_capabilities snow3g_pmd_capabilities[] = {
 		.op = RTE_CRYPTO_OP_TYPE_SYMMETRIC,
 		{.sym = {
 			.xform_type = RTE_CRYPTO_SYM_XFORM_AUTH,
-			.iv_size = { 0 },
+			.iv_size = {
+				.min = 16,
+				.max = 16,
+				.increment = 0
+			},
 			{.auth = {
 				.algo = RTE_CRYPTO_AUTH_SNOW3G_UIA2,
 				.block_size = 16,
@@ -57,11 +61,7 @@ static const struct rte_cryptodev_capabilities snow3g_pmd_capabilities[] = {
 					.max = 4,
 					.increment = 0
 				},
-				.aad_size = {
-					.min = 16,
-					.max = 16,
-					.increment = 0
-				}
+				.aad_size = { 0 }
 			}, }
 		}, }
 	},
diff --git a/drivers/crypto/zuc/rte_zuc_pmd.c b/drivers/crypto/zuc/rte_zuc_pmd.c
index 266882b..510cf26 100644
--- a/drivers/crypto/zuc/rte_zuc_pmd.c
+++ b/drivers/crypto/zuc/rte_zuc_pmd.c
@@ -244,14 +244,9 @@ process_zuc_hash_op(struct rte_crypto_op **ops,
 	uint8_t *src;
 	uint32_t *dst;
 	uint32_t length_in_bits;
+	uint8_t *IV;
 
 	for (i = 0; i < num_ops; i++) {
-		if (unlikely(ops[i]->sym->auth.aad.length != ZUC_IV_KEY_LENGTH)) {
-			ops[i]->status = RTE_CRYPTO_OP_STATUS_INVALID_ARGS;
-			ZUC_LOG_ERR("aad");
-			break;
-		}
-
 		/* Data must be byte aligned */
 		if ((ops[i]->sym->auth.data.offset % BYTE_LEN) != 0) {
 			ops[i]->status = RTE_CRYPTO_OP_STATUS_INVALID_ARGS;
@@ -263,13 +258,15 @@ process_zuc_hash_op(struct rte_crypto_op **ops,
 
 		src = rte_pktmbuf_mtod(ops[i]->sym->m_src, uint8_t *) +
 				(ops[i]->sym->auth.data.offset >> 3);
+		IV = rte_crypto_op_ctod_offset(ops[i], uint8_t *,
+				session->iv_offset);
 
 		if (session->auth_op == RTE_CRYPTO_AUTH_OP_VERIFY) {
 			dst = (uint32_t *)rte_pktmbuf_append(ops[i]->sym->m_src,
 					ZUC_DIGEST_LENGTH);
 
 			sso_zuc_eia3_1_buffer(session->pKey_hash,
-					ops[i]->sym->auth.aad.data, src,
+					IV, src,
 					length_in_bits,	dst);
 			/* Verify digest. */
 			if (memcmp(dst, ops[i]->sym->auth.digest.data,
@@ -283,7 +280,7 @@ process_zuc_hash_op(struct rte_crypto_op **ops,
 			dst = (uint32_t *)ops[i]->sym->auth.digest.data;
 
 			sso_zuc_eia3_1_buffer(session->pKey_hash,
-					ops[i]->sym->auth.aad.data, src,
+					IV, src,
 					length_in_bits, dst);
 		}
 		processed_ops++;
diff --git a/drivers/crypto/zuc/rte_zuc_pmd_ops.c b/drivers/crypto/zuc/rte_zuc_pmd_ops.c
index 4804bd1..271560d 100644
--- a/drivers/crypto/zuc/rte_zuc_pmd_ops.c
+++ b/drivers/crypto/zuc/rte_zuc_pmd_ops.c
@@ -43,7 +43,11 @@ static const struct rte_cryptodev_capabilities zuc_pmd_capabilities[] = {
 		.op = RTE_CRYPTO_OP_TYPE_SYMMETRIC,
 		{.sym = {
 			.xform_type = RTE_CRYPTO_SYM_XFORM_AUTH,
-			.iv_size = { 0 },
+			.iv_size = {
+				.min = 16,
+				.max = 16,
+				.increment = 0
+			},
 			{.auth = {
 				.algo = RTE_CRYPTO_AUTH_ZUC_EIA3,
 				.block_size = 16,
@@ -57,11 +61,7 @@ static const struct rte_cryptodev_capabilities zuc_pmd_capabilities[] = {
 					.max = 4,
 					.increment = 0
 				},
-				.aad_size = {
-					.min = 16,
-					.max = 16,
-					.increment = 0
-				}
+				.aad_size = { 0 }
 			}, }
 		}, }
 	},
diff --git a/lib/librte_cryptodev/rte_crypto_sym.h b/lib/librte_cryptodev/rte_crypto_sym.h
index 9309a08..55e4a27 100644
--- a/lib/librte_cryptodev/rte_crypto_sym.h
+++ b/lib/librte_cryptodev/rte_crypto_sym.h
@@ -560,9 +560,7 @@ struct rte_crypto_sym_op {
 			uint8_t *data;
 			/**< Pointer to Additional Authenticated Data (AAD)
 			 * needed for authenticated cipher mechanisms (CCM and
-			 * GCM), and to the IV for SNOW 3G authentication
-			 * (@ref RTE_CRYPTO_AUTH_SNOW3G_UIA2). For other
-			 * authentication mechanisms this pointer is ignored.
+			 * GCM).
 			 *
 			 * The length of the data pointed to by this field is
 			 * set up for the session in the @ref
-- 
2.7.4

^ permalink raw reply	[flat|nested] 100+ messages in thread

* [dpdk-dev] [PATCH 12/13] cryptodev: aad AEAD specific data
  2017-05-28 21:05 [dpdk-dev] [PATCH 00/13] Crypto operation restructuring Pablo de Lara
                   ` (10 preceding siblings ...)
  2017-05-28 21:05 ` [dpdk-dev] [PATCH 11/13] drivers/crypto: do not use AAD in wireless algorithms Pablo de Lara
@ 2017-05-28 21:05 ` Pablo de Lara
  2017-05-28 21:05 ` [dpdk-dev] [PATCH 13/13] cryptodev: add AEAD parameters in crypto operation Pablo de Lara
  2017-06-26 10:22 ` [dpdk-dev] [PATCH v2 00/27] Crypto operation restructuring Pablo de Lara
  13 siblings, 0 replies; 100+ messages in thread
From: Pablo de Lara @ 2017-05-28 21:05 UTC (permalink / raw)
  To: declan.doherty, akhil.goyal, hemant.agrawal, zbigniew.bodek, jerin.jacob
  Cc: dev, Pablo de Lara

AEAD algorithms such as AES-GCM needed to be
used as a concatenation of a cipher transform and
an authentication transform.

Instead, a new transform and functions to handle it
are created to support these kind of algorithms,
making their use easier.

Signed-off-by: Pablo de Lara <pablo.de.lara.guarch@intel.com>
---
 lib/librte_cryptodev/rte_crypto_sym.h | 43 +++++++++++++++++++++++-
 lib/librte_cryptodev/rte_cryptodev.c  | 61 +++++++++++++++++++++++++++++++++++
 lib/librte_cryptodev/rte_cryptodev.h  | 50 +++++++++++++++++++++++++++-
 3 files changed, 152 insertions(+), 2 deletions(-)

diff --git a/lib/librte_cryptodev/rte_crypto_sym.h b/lib/librte_cryptodev/rte_crypto_sym.h
index 55e4a27..6fd6bb3 100644
--- a/lib/librte_cryptodev/rte_crypto_sym.h
+++ b/lib/librte_cryptodev/rte_crypto_sym.h
@@ -317,11 +317,50 @@ struct rte_crypto_auth_xform {
 	 */
 };
 
+
+/** Symmetric AEAD Algorithms */
+enum rte_crypto_aead_algorithm {
+	RTE_CRYPTO_AEAD_AES_CCM = 1,
+	RTE_CRYPTO_AEAD_AES_GCM,
+	RTE_CRYPTO_AEAD_LIST_END
+};
+
+/** AEAD algorithm name strings */
+extern const char *
+rte_crypto_aead_algorithm_strings[];
+
+/** Symmetric AEAD Operations */
+enum rte_crypto_aead_operation {
+	RTE_CRYPTO_AEAD_OP_ENCRYPT,
+	/**< Encrypt and generate digest */
+	RTE_CRYPTO_AEAD_OP_DECRYPT
+	/**< Verify digest and decrypt */
+};
+
+/** Authentication operation name strings */
+extern const char *
+rte_crypto_aead_operation_strings[];
+
+struct rte_crypto_aead_xform {
+	enum rte_crypto_aead_operation op;
+	/**< AEAD operation type */
+	enum rte_crypto_aead_algorithm algo;
+	/**< AEAD algorithm selection */
+
+	struct {
+		uint8_t *data;  /**< pointer to key data */
+		size_t length;   /**< key length in bytes */
+	} key;
+
+	uint32_t digest_length;
+};
+
 /** Crypto transformation types */
 enum rte_crypto_sym_xform_type {
 	RTE_CRYPTO_SYM_XFORM_NOT_SPECIFIED = 0,	/**< No xform specified */
 	RTE_CRYPTO_SYM_XFORM_AUTH,		/**< Authentication xform */
-	RTE_CRYPTO_SYM_XFORM_CIPHER		/**< Cipher xform  */
+	RTE_CRYPTO_SYM_XFORM_CIPHER,		/**< Cipher xform  */
+	RTE_CRYPTO_SYM_XFORM_AEAD		/**< AEAD xform  */
 };
 
 /**
@@ -344,6 +383,8 @@ struct rte_crypto_sym_xform {
 		/**< Authentication / hash xform */
 		struct rte_crypto_cipher_xform cipher;
 		/**< Cipher xform */
+		struct rte_crypto_aead_xform aead;
+		/**< AEAD xform */
 	};
 	struct {
 		uint16_t offset;
diff --git a/lib/librte_cryptodev/rte_cryptodev.c b/lib/librte_cryptodev/rte_cryptodev.c
index c9e4fa3..95883ba 100644
--- a/lib/librte_cryptodev/rte_cryptodev.c
+++ b/lib/librte_cryptodev/rte_cryptodev.c
@@ -189,6 +189,26 @@ rte_crypto_auth_algorithm_strings[] = {
 	[RTE_CRYPTO_AUTH_ZUC_EIA3]	= "zuc-eia3"
 };
 
+/**
+ * The crypto AEAD algorithm strings identifiers.
+ * It could be used in application command line.
+ */
+const char *
+rte_crypto_aead_algorithm_strings[] = {
+	[RTE_CRYPTO_AEAD_AES_CCM]	= "aes-ccm",
+	[RTE_CRYPTO_AEAD_AES_GCM]	= "aes-gcm",
+};
+
+/**
+ * The crypto AEAD operation strings identifiers.
+ * It could be used in application command line.
+ */
+const char *
+rte_crypto_aead_operation_strings[] = {
+	[RTE_CRYPTO_AEAD_OP_ENCRYPT]	= "encrypt",
+	[RTE_CRYPTO_AEAD_OP_DECRYPT]	= "decrypt"
+};
+
 int
 rte_cryptodev_get_cipher_algo_enum(enum rte_crypto_cipher_algorithm *algo_enum,
 		const char *algo_string)
@@ -223,6 +243,23 @@ rte_cryptodev_get_auth_algo_enum(enum rte_crypto_auth_algorithm *algo_enum,
 	return -1;
 }
 
+int
+rte_cryptodev_get_aead_algo_enum(enum rte_crypto_aead_algorithm *algo_enum,
+		const char *algo_string)
+{
+	unsigned int i;
+
+	for (i = 1; i < RTE_DIM(rte_crypto_aead_algorithm_strings); i++) {
+		if (strcmp(algo_string, rte_crypto_aead_algorithm_strings[i]) == 0) {
+			*algo_enum = (enum rte_crypto_aead_algorithm) i;
+			return 0;
+		}
+	}
+
+	/* Invalid string */
+	return -1;
+}
+
 /**
  * The crypto auth operation strings identifiers.
  * It could be used in application command line.
@@ -363,6 +400,10 @@ rte_cryptodev_sym_capability_get(uint8_t dev_id,
 		if (idx->type == RTE_CRYPTO_SYM_XFORM_CIPHER &&
 			capability->sym.cipher.algo == idx->algo.cipher)
 			return &capability->sym;
+
+		if (idx->type == RTE_CRYPTO_SYM_XFORM_AEAD &&
+				capability->sym.aead.algo == idx->algo.aead)
+			return &capability->sym;
 	}
 
 	return NULL;
@@ -408,6 +449,26 @@ rte_cryptodev_sym_capability_check_auth(
 	return 0;
 }
 
+int
+rte_cryptodev_sym_capability_check_aead(
+		const struct rte_cryptodev_symmetric_capability *capability,
+		uint16_t key_size, uint16_t digest_size, uint16_t aad_size,
+		uint16_t iv_size)
+{
+	if (param_range_check(key_size, capability->aead.key_size))
+		return -1;
+
+	if (param_range_check(digest_size, capability->aead.digest_size))
+		return -1;
+
+	if (param_range_check(aad_size, capability->aead.aad_size))
+		return -1;
+
+	if (param_range_check(iv_size, capability->iv_size))
+		return -1;
+
+	return 0;
+}
 
 const char *
 rte_cryptodev_get_feature_name(uint64_t flag)
diff --git a/lib/librte_cryptodev/rte_cryptodev.h b/lib/librte_cryptodev/rte_cryptodev.h
index 82cfddd..ff01b22 100644
--- a/lib/librte_cryptodev/rte_cryptodev.h
+++ b/lib/librte_cryptodev/rte_cryptodev.h
@@ -166,7 +166,7 @@ struct rte_crypto_param_range {
  */
 struct rte_cryptodev_symmetric_capability {
 	enum rte_crypto_sym_xform_type xform_type;
-	/**< Transform type : Authentication / Cipher */
+	/**< Transform type : Authentication / Cipher / AEAD */
 	RTE_STD_C11
 	struct rte_crypto_param_range iv_size;
 	/**< Initialisation vector data size range */
@@ -193,6 +193,18 @@ struct rte_cryptodev_symmetric_capability {
 			/**< cipher key size range */
 		} cipher;
 		/**< Symmetric Cipher transform capabilities */
+		struct {
+			enum rte_crypto_aead_algorithm algo;
+			/**< AEAD algorithm */
+			uint16_t block_size;
+			/**< algorithm block size */
+			struct rte_crypto_param_range key_size;
+			/**< AEAD key size range */
+			struct rte_crypto_param_range digest_size;
+			/**< digest size range */
+			struct rte_crypto_param_range aad_size;
+			/**< Additional authentication data size range */
+		} aead;
 	};
 };
 
@@ -214,6 +226,7 @@ struct rte_cryptodev_sym_capability_idx {
 	union {
 		enum rte_crypto_cipher_algorithm cipher;
 		enum rte_crypto_auth_algorithm auth;
+		enum rte_crypto_aead_algorithm aead;
 	} algo;
 };
 
@@ -269,6 +282,26 @@ rte_cryptodev_sym_capability_check_auth(
 		uint16_t iv_size);
 
 /**
+ * Check if key, digest, AAD and initial vector sizes are supported
+ * in crypto AEAD capability
+ *
+ * @param	capability	Description of the symmetric crypto capability.
+ * @param	key_size	AEAD key size.
+ * @param	digest_size	AEAD digest size.
+ * @param	aad_size	AEAD AAD size.
+ * @param	iv_size		AEAD IV size.
+ *
+ * @return
+ *   - Return 0 if the parameters are in range of the capability.
+ *   - Return -1 if the parameters are out of range of the capability.
+ */
+int
+rte_cryptodev_sym_capability_check_aead(
+		const struct rte_cryptodev_symmetric_capability *capability,
+		uint16_t key_size, uint16_t digest_size, uint16_t aad_size,
+		uint16_t iv_size);
+
+/**
  * Provide the cipher algorithm enum, given an algorithm string
  *
  * @param	algo_enum	A pointer to the cipher algorithm
@@ -298,6 +331,21 @@ int
 rte_cryptodev_get_auth_algo_enum(enum rte_crypto_auth_algorithm *algo_enum,
 		const char *algo_string);
 
+/**
+ * Provide the AEAD algorithm enum, given an algorithm string
+ *
+ * @param	algo_enum	A pointer to the AEAD algorithm
+ *				enum to be filled
+ * @param	algo_string	AEAD algorithm string
+ *
+ * @return
+ * - Return -1 if string is not valid
+ * - Return 0 is the string is valid
+ */
+int
+rte_cryptodev_get_aead_algo_enum(enum rte_crypto_aead_algorithm *algo_enum,
+		const char *algo_string);
+
 /** Macro used at end of crypto PMD list */
 #define RTE_CRYPTODEV_END_OF_CAPABILITIES_LIST() \
 	{ RTE_CRYPTO_OP_TYPE_UNDEFINED }
-- 
2.7.4

^ permalink raw reply	[flat|nested] 100+ messages in thread

* [dpdk-dev] [PATCH 13/13] cryptodev: add AEAD parameters in crypto operation
  2017-05-28 21:05 [dpdk-dev] [PATCH 00/13] Crypto operation restructuring Pablo de Lara
                   ` (11 preceding siblings ...)
  2017-05-28 21:05 ` [dpdk-dev] [PATCH 12/13] cryptodev: aad AEAD specific data Pablo de Lara
@ 2017-05-28 21:05 ` Pablo de Lara
  2017-06-26 10:22 ` [dpdk-dev] [PATCH v2 00/27] Crypto operation restructuring Pablo de Lara
  13 siblings, 0 replies; 100+ messages in thread
From: Pablo de Lara @ 2017-05-28 21:05 UTC (permalink / raw)
  To: declan.doherty, akhil.goyal, hemant.agrawal, zbigniew.bodek, jerin.jacob
  Cc: dev, Pablo de Lara

AEAD operation parameters can be set in the new
aead structure, in the crypto operation.
This structure is within an union with the cipher
and authentication parameters, since operations can be:
- AEAD: using the aead structure

- Cipher only: using only the cipher structure

- Auth only: using only the authentication structure

- Cipher-then-auth/Auth-then-cipher: using both cipher
  and authentication structures

Therefore, all three cannot be used at the same time.

Signed-off-by: Pablo de Lara <pablo.de.lara.guarch@intel.com>
---
 lib/librte_cryptodev/rte_crypto_sym.h | 406 ++++++++++++++++++++--------------
 1 file changed, 243 insertions(+), 163 deletions(-)

diff --git a/lib/librte_cryptodev/rte_crypto_sym.h b/lib/librte_cryptodev/rte_crypto_sym.h
index 6fd6bb3..0f48a9d 100644
--- a/lib/librte_cryptodev/rte_crypto_sym.h
+++ b/lib/librte_cryptodev/rte_crypto_sym.h
@@ -481,172 +481,252 @@ struct rte_crypto_sym_op {
 		/**< Session-less API crypto operation parameters */
 	};
 
-	struct {
-		struct {
-			uint32_t offset;
-			 /**< Starting point for cipher processing, specified
-			  * as number of bytes from start of data in the source
-			  * buffer. The result of the cipher operation will be
-			  * written back into the output buffer starting at
-			  * this location.
-			  *
-			  * @note
-			  * For SNOW 3G @ RTE_CRYPTO_CIPHER_SNOW3G_UEA2,
-			  * KASUMI @ RTE_CRYPTO_CIPHER_KASUMI_F8
-			  * and ZUC @ RTE_CRYPTO_CIPHER_ZUC_EEA3,
-			  * this field should be in bits.
-			  */
-
-			uint32_t length;
-			 /**< The message length, in bytes, of the source buffer
-			  * on which the cryptographic operation will be
-			  * computed. This must be a multiple of the block size
-			  * if a block cipher is being used. This is also the
-			  * same as the result length.
-			  *
-			  * @note
-			  * In the case of CCM @ref RTE_CRYPTO_AUTH_AES_CCM,
-			  * this value should not include the length of the
-			  * padding or the length of the MAC; the driver will
-			  * compute the actual number of bytes over which the
-			  * encryption will occur, which will include these
-			  * values.
-			  *
-			  * @note
-			  * For AES-GMAC @ref RTE_CRYPTO_AUTH_AES_GMAC, this
-			  * field should be set to 0.
-			  *
-			  * @note
-			  * For SNOW 3G @ RTE_CRYPTO_AUTH_SNOW3G_UEA2,
-			  * KASUMI @ RTE_CRYPTO_CIPHER_KASUMI_F8
-			  * and ZUC @ RTE_CRYPTO_CIPHER_ZUC_EEA3,
-			  * this field should be in bits.
-			  */
-		} data; /**< Data offsets and length for ciphering */
-
-	} cipher;
-
-	struct {
-		struct {
-			uint32_t offset;
-			 /**< Starting point for hash processing, specified as
-			  * number of bytes from start of packet in source
-			  * buffer.
-			  *
-			  * @note
-			  * For CCM and GCM modes of operation, this field is
-			  * ignored. The field @ref aad field
-			  * should be set instead.
-			  *
-			  * @note For AES-GMAC (@ref RTE_CRYPTO_AUTH_AES_GMAC)
-			  * mode of operation, this field is set to 0. aad data
-			  * pointer of rte_crypto_sym_op_data structure is
-			  * used instead
-			  *
-			  * @note
-			  * For SNOW 3G @ RTE_CRYPTO_AUTH_SNOW3G_UIA2,
-			  * KASUMI @ RTE_CRYPTO_AUTH_KASUMI_F9
-			  * and ZUC @ RTE_CRYPTO_AUTH_ZUC_EIA3,
-			  * this field should be in bits.
-			  */
-
-			uint32_t length;
-			 /**< The message length, in bytes, of the source
-			  * buffer that the hash will be computed on.
-			  *
-			  * @note
-			  * For CCM and GCM modes of operation, this field is
-			  * ignored. The field @ref aad field should be set
-			  * instead.
-			  *
-			  * @note
-			  * For AES-GMAC @ref RTE_CRYPTO_AUTH_AES_GMAC mode
-			  * of operation, this field is set to 0.
-			  * Auth.aad.length is used instead.
-			  *
-			  * @note
-			  * For SNOW 3G @ RTE_CRYPTO_AUTH_SNOW3G_UIA2,
-			  * KASUMI @ RTE_CRYPTO_AUTH_KASUMI_F9
-			  * and ZUC @ RTE_CRYPTO_AUTH_ZUC_EIA3,
-			  * this field should be in bits.
-			  */
-		} data; /**< Data offsets and length for authentication */
-
+	union {
 		struct {
-			uint8_t *data;
-			/**< This points to the location where the digest result
-			 * should be inserted (in the case of digest generation)
-			 * or where the purported digest exists (in the case of
-			 * digest verification).
-			 *
-			 * At session creation time, the client specified the
-			 * digest result length with the digest_length member
-			 * of the @ref rte_crypto_auth_xform structure. For
-			 * physical crypto devices the caller must allocate at
-			 * least digest_length of physically contiguous memory
-			 * at this location.
-			 *
-			 * For digest generation, the digest result will
-			 * overwrite any data at this location.
-			 *
-			 * @note
-			 * For GCM (@ref RTE_CRYPTO_AUTH_AES_GCM), for
-			 * "digest result" read "authentication tag T".
-			 */
-			phys_addr_t phys_addr;
-			/**< Physical address of digest */
-		} digest; /**< Digest parameters */
+			struct {
+				uint32_t offset;
+				 /**< Starting point for AEAD processing, specified as
+				  * number of bytes from start of packet in source
+				  * buffer.
+				  */
+				uint32_t length;
+				 /**< The message length, in bytes, of the source buffer
+				  * on which the cryptographic operation will be
+				  * computed. This must be a multiple of the block size
+				  */
+			} data; /**< Data offsets and length for AEAD */
+			struct {
+				uint8_t *data;
+				/**< This points to the location where the digest result
+				 * should be inserted (in the case of digest generation)
+				 * or where the purported digest exists (in the case of
+				 * digest verification).
+				 *
+				 * At session creation time, the client specified the
+				 * digest result length with the digest_length member
+				 * of the @ref rte_crypto_auth_xform structure. For
+				 * physical crypto devices the caller must allocate at
+				 * least digest_length of physically contiguous memory
+				 * at this location.
+				 *
+				 * For digest generation, the digest result will
+				 * overwrite any data at this location.
+				 *
+				 * @note
+				 * For GCM (@ref RTE_CRYPTO_AUTH_AES_GCM), for
+				 * "digest result" read "authentication tag T".
+				 */
+				phys_addr_t phys_addr;
+				/**< Physical address of digest */
+			} digest; /**< Digest parameters */
+			struct {
+				uint8_t *data;
+				/**< Pointer to Additional Authenticated Data (AAD)
+				 * needed for authenticated cipher mechanisms (CCM and
+				 * GCM)
+				 *
+				 * Specifically for CCM (@ref RTE_CRYPTO_AUTH_AES_CCM),
+				 * the caller should setup this field as follows:
+				 *
+				 * - the nonce should be written starting at an offset
+				 * of one byte into the array, leaving room for the
+				 * implementation to write in the flags to the first
+				 * byte.
+				 *
+				 * - the additional  authentication data itself should
+				 * be written starting at an offset of 18 bytes into
+				 * the array, leaving room for the length encoding in
+				 * the first two bytes of the second block.
+				 *
+				 * - the array should be big enough to hold the above
+				 *  fields, plus any padding to round this up to the
+				 *  nearest multiple of the block size (16 bytes).
+				 *  Padding will be added by the implementation.
+				 *
+				 * Finally, for GCM (@ref RTE_CRYPTO_AUTH_AES_GCM), the
+				 * caller should setup this field as follows:
+				 *
+				 * - the AAD is written in starting at byte 0
+				 * - the array must be big enough to hold the AAD, plus
+				 * any space to round this up to the nearest multiple
+				 * of the block size (16 bytes).
+				 *
+				 * @note
+				 * For AES-GMAC (@ref RTE_CRYPTO_AUTH_AES_GMAC) mode of
+				 * operation, this field is used to pass plaintext.
+				 */
+				phys_addr_t phys_addr;	/**< physical address */
+				uint32_t length; /**< Length of AAD */
+			} aad;
+			/**< Additional authentication parameters */
+		} aead;
 
 		struct {
-			uint8_t *data;
-			/**< Pointer to Additional Authenticated Data (AAD)
-			 * needed for authenticated cipher mechanisms (CCM and
-			 * GCM).
-			 *
-			 * The length of the data pointed to by this field is
-			 * set up for the session in the @ref
-			 * rte_crypto_auth_xform structure as part of the @ref
-			 * rte_cryptodev_sym_session_create function call.
-			 * This length must not exceed 65535 (2^16-1) bytes.
-			 *
-			 * Specifically for CCM (@ref RTE_CRYPTO_AUTH_AES_CCM),
-			 * the caller should setup this field as follows:
-			 *
-			 * - the nonce should be written starting at an offset
-			 * of one byte into the array, leaving room for the
-			 * implementation to write in the flags to the first
-			 *  byte.
-			 *
-			 * - the additional  authentication data itself should
-			 * be written starting at an offset of 18 bytes into
-			 * the array, leaving room for the length encoding in
-			 * the first two bytes of the second block.
-			 *
-			 * - the array should be big enough to hold the above
-			 *  fields, plus any padding to round this up to the
-			 *  nearest multiple of the block size (16 bytes).
-			 *  Padding will be added by the implementation.
-			 *
-			 * Finally, for GCM (@ref RTE_CRYPTO_AUTH_AES_GCM), the
-			 * caller should setup this field as follows:
-			 *
-			 * - the AAD is written in starting at byte 0
-			 * - the array must be big enough to hold the AAD, plus
-			 * any space to round this up to the nearest multiple
-			 * of the block size (16 bytes).
-			 *
-			 * @note
-			 * For AES-GMAC (@ref RTE_CRYPTO_AUTH_AES_GMAC) mode of
-			 * operation, this field is used to pass plaintext.
-			 */
-			phys_addr_t phys_addr;	/**< physical address */
-			uint16_t length;
-			/**< Length of additional authenticated data (AAD)
-			 * in bytes
-			 */
-		} aad;
-		/**< Additional authentication parameters */
-	} auth;
+			struct {
+				struct {
+					uint32_t offset;
+					 /**< Starting point for cipher processing, specified
+					  * as number of bytes from start of data in the source
+					  * buffer. The result of the cipher operation will be
+					  * written back into the output buffer starting at
+					  * this location.
+					  *
+					  * @note
+					  * For SNOW 3G @ RTE_CRYPTO_CIPHER_SNOW3G_UEA2,
+					  * KASUMI @ RTE_CRYPTO_CIPHER_KASUMI_F8
+					  * and ZUC @ RTE_CRYPTO_CIPHER_ZUC_EEA3,
+					  * this field should be in bits.
+					  */
+					uint32_t length;
+					 /**< The message length, in bytes, of the source buffer
+					  * on which the cryptographic operation will be
+					  * computed. This must be a multiple of the block size
+					  * if a block cipher is being used. This is also the
+					  * same as the result length.
+					  *
+					  * @note
+					  * In the case of CCM @ref RTE_CRYPTO_AUTH_AES_CCM,
+					  * this value should not include the length of the
+					  * padding or the length of the MAC; the driver will
+					  * compute the actual number of bytes over which the
+					  * encryption will occur, which will include these
+					  * values.
+					  *
+					  * @note
+					  * For AES-GMAC @ref RTE_CRYPTO_AUTH_AES_GMAC, this
+					  * field should be set to 0.
+					  *
+					  * @note
+					  * For SNOW 3G @ RTE_CRYPTO_AUTH_SNOW3G_UEA2,
+					  * KASUMI @ RTE_CRYPTO_CIPHER_KASUMI_F8
+					  * and ZUC @ RTE_CRYPTO_CIPHER_ZUC_EEA3,
+					  * this field should be in bits.
+					  */
+				} data; /**< Data offsets and length for ciphering */
+			} cipher;
+
+			struct {
+				struct {
+					uint32_t offset;
+					 /**< Starting point for hash processing, specified as
+					  * number of bytes from start of packet in source
+					  * buffer.
+					  *
+					  * @note
+					  * For CCM and GCM modes of operation, this field is
+					  * ignored. The field @ref aad field
+					  * should be set instead.
+					  *
+					  * @note For AES-GMAC (@ref RTE_CRYPTO_AUTH_AES_GMAC)
+					  * mode of operation, this field is set to 0. aad data
+					  * pointer of rte_crypto_sym_op_data structure is
+					  * used instead
+					  *
+					  * @note
+					  * For SNOW 3G @ RTE_CRYPTO_AUTH_SNOW3G_UIA2,
+					  * KASUMI @ RTE_CRYPTO_AUTH_KASUMI_F9
+					  * and ZUC @ RTE_CRYPTO_AUTH_ZUC_EIA3,
+					  * this field should be in bits.
+					  */
+					uint32_t length;
+					 /**< The message length, in bytes, of the source
+					  * buffer that the hash will be computed on.
+					  *
+					  * @note
+					  * For CCM and GCM modes of operation, this field is
+					  * ignored. The field @ref aad field should be set
+					  * instead.
+					  *
+					  * @note
+					  * For AES-GMAC @ref RTE_CRYPTO_AUTH_AES_GMAC mode
+					  * of operation, this field is set to 0.
+					  * Auth.aad.length is used instead.
+					  *
+					  * @note
+					  * For SNOW 3G @ RTE_CRYPTO_AUTH_SNOW3G_UIA2,
+					  * KASUMI @ RTE_CRYPTO_AUTH_KASUMI_F9
+					  * and ZUC @ RTE_CRYPTO_AUTH_ZUC_EIA3,
+					  * this field should be in bits.
+					  */
+				} data; /**< Data offsets and length for authentication */
+
+				struct {
+					uint8_t *data;
+					/**< This points to the location where the digest result
+					 * should be inserted (in the case of digest generation)
+					 * or where the purported digest exists (in the case of
+					 * digest verification).
+					 *
+					 * At session creation time, the client specified the
+					 * digest result length with the digest_length member
+					 * of the @ref rte_crypto_auth_xform structure. For
+					 * physical crypto devices the caller must allocate at
+					 * least digest_length of physically contiguous memory
+					 * at this location.
+					 *
+					 * For digest generation, the digest result will
+					 * overwrite any data at this location.
+					 *
+					 * @note
+					 * For GCM (@ref RTE_CRYPTO_AUTH_AES_GCM), for
+					 * "digest result" read "authentication tag T".
+					 */
+					phys_addr_t phys_addr;
+					/**< Physical address of digest */
+				} digest; /**< Digest parameters */
+
+				struct {
+					uint8_t *data;
+					/**< Pointer to Additional Authenticated Data (AAD)
+					 * needed for authenticated cipher mechanisms (CCM and
+					 * GCM).
+					 *
+					 * The length of the data pointed to by this field is
+					 * set up for the session in the @ref
+					 * rte_crypto_auth_xform structure as part of the @ref
+					 * rte_cryptodev_sym_session_create function call.
+					 * This length must not exceed 65535 (2^16-1) bytes.
+					 *
+					 * Specifically for CCM (@ref RTE_CRYPTO_AUTH_AES_CCM),
+					 * the caller should setup this field as follows:
+					 *
+					 * - the nonce should be written starting at an offset
+					 * of one byte into the array, leaving room for the
+					 * implementation to write in the flags to the first
+					 *  byte.
+					 *
+					 * - the additional  authentication data itself should
+					 * be written starting at an offset of 18 bytes into
+					 * the array, leaving room for the length encoding in
+					 * the first two bytes of the second block.
+					 *
+					 * - the array should be big enough to hold the above
+					 *  fields, plus any padding to round this up to the
+					 *  nearest multiple of the block size (16 bytes).
+					 *  Padding will be added by the implementation.
+					 *
+					 * Finally, for GCM (@ref RTE_CRYPTO_AUTH_AES_GCM), the
+					 * caller should setup this field as follows:
+					 *
+					 * - the AAD is written in starting at byte 0
+					 * - the array must be big enough to hold the AAD, plus
+					 * any space to round this up to the nearest multiple
+					 * of the block size (16 bytes).
+					 *
+					 * @note
+					 * For AES-GMAC (@ref RTE_CRYPTO_AUTH_AES_GMAC) mode of
+					 * operation, this field is used to pass plaintext.
+					 */
+					phys_addr_t phys_addr;	/**< physical address */
+					uint16_t length;
+					/**< Length of additional authenticated data (AAD)
+					 * in bytes
+					 */
+				} aad;
+				/**< Additional authentication parameters */
+			} auth;
+		};
+	};
 };
 
 
-- 
2.7.4

^ permalink raw reply	[flat|nested] 100+ messages in thread

* [dpdk-dev] [PATCH v2 00/27] Crypto operation restructuring
  2017-05-28 21:05 [dpdk-dev] [PATCH 00/13] Crypto operation restructuring Pablo de Lara
                   ` (12 preceding siblings ...)
  2017-05-28 21:05 ` [dpdk-dev] [PATCH 13/13] cryptodev: add AEAD parameters in crypto operation Pablo de Lara
@ 2017-06-26 10:22 ` Pablo de Lara
  2017-06-26 10:22   ` [dpdk-dev] [PATCH v2 01/27] cryptodev: move session type to generic crypto op Pablo de Lara
                     ` (28 more replies)
  13 siblings, 29 replies; 100+ messages in thread
From: Pablo de Lara @ 2017-06-26 10:22 UTC (permalink / raw)
  To: declan.doherty, zbigniew.bodek, jerin.jacob, akhil.goyal, hemant.agrawal
  Cc: dev, Pablo de Lara

This patchset attempts to correct and improve the current crypto operation
(rte_crypto_op) and symmetric crypto operation (rte_crypto_sym_op) structures,
shrinking their sizes to fit both structures into two 64-byte cache lines
(with extra space for the IV and other user data) as one of the goals.

It also introduces new AEAD algorithm specific parameters, to simplify
its setup with a single transform, instead of a concatenation of a cipher
and an authentication transform.

The following changes are made:

In rte_crypto_op:

- Moved session type (with session/sessionless) from symmetric op to crypto op,
  as this could be used for other types

- Combined operation type, operation status and session type into a 64-bit flag (each one taking 1 byte),
  instead of having enums taking 4 bytes each

- Removed opaque data from crypto operation, as private data can be allocated
  just after the symmetric (or other type) crypto operation

- Modified symmetric operation pointer to zero-array, as the symmetric op should be always after the crypto operation

- Removed unnecessary cache alignment

In rte_crypto_sym_xform:

- Added IV length and offset in sym_xform, so these will be fixed for all the operations in a session

- Added a new AEAD transform

- Added IV for authentication and AEAD transforms

- Removed AAD length from authentication transform, as it is only used for AEAD algorithms

In rte_crypto_sym_op:

- Removed IV parameters, which will be only in the session.

- Added AEAD specific parameters.

- Create union with the new AEAD parameters and the cipher/authentication parameters,
  as the three cannot be used at the same time

- Removed digest length from sym crypto op, so this length will be fixed for all the operations in a session

- Removed AAD length from sym crypto op, so this length will be fixed for all operations in a session

- Removed AAD from authentication structure, as it is only used for AEAD algorithms

- Added zero-array at the end of sym crypto op to be used to get extra allocated memory (IV + other user data)


In terms of algorithm usage:

- AEAD algorithms (like AES-GCM) are set up only using the AEAD structure

- AES GMAC will be an authentication only algorithm, using the source buffer directly, instead of AAD field

- Wireless algorithms (like SNOW3G) do not use AAD field for authentication IV anymore, as this is available now.


Finally, a comparison between the previous operation and the new operation:

Previous rte_crypto_op (40 bytes) and rte_crypto_sym_op (114 bytes) structures:

struct rte_crypto_op {
    enum rte_crypto_op_type type;
    enum rte_crypto_op_status status;
    struct rte_mempool *mempool;
    phys_addr_t phys_addr;
    void *opaque_data;
    union {
       struct rte_crypto_sym_op *sym;
    };
} __rte_cache_aligned;

struct rte_crypto_sym_op {
    struct rte_mbuf *m_src;
    struct rte_mbuf *m_dst;

    enum rte_crypto_sym_op_sess_type sess_type;

    RTE_STD_C11
    union {
       struct rte_cryptodev_sym_session *session;
       struct rte_crypto_sym_xform *xform;
    };

    struct {
        struct {
            uint32_t offset;
            uint32_t length;
        } data;

        struct {
            uint8_t *data;
            phys_addr_t phys_addr;
            uint16_t length;
        } iv;
    } cipher;

    struct {
        struct {
            uint32_t offset;
            uint32_t length;
        } data;
        struct {
            uint8_t *data;
            phys_addr_t phys_addr;
            uint16_t length;
        } digest; /**< Digest parameters */

        struct {
            uint8_t *data;
            phys_addr_t phys_addr;
            uint16_t length;
        } aad;

    } auth;
} __rte_cache_aligned;


New rte_crypto_op (24 bytes) and rte_crypto_sym_op (72 bytes) structures:

struct rte_crypto_op {
    uint64_t type: 8;
    uint64_t status: 8;
    uint64_t sess_type: 8;

    struct rte_mempool *mempool;

    phys_addr_t phys_addr;

    RTE_STD_C11
    union {
       struct rte_crypto_sym_op sym[0];
    };
} __rte_cache_aligned;


struct rte_crypto_sym_op {
    struct rte_mbuf *m_src;
    struct rte_mbuf *m_dst;

    union {
        struct rte_cryptodev_sym_session *session;
        /**< Handle for the initialised session context */
        struct rte_crypto_sym_xform *xform;
        /**< Session-less API Crypto operation parameters */
    };

    union {
        struct {
            struct {
                uint32_t offset;
                uint32_t length;
            } data; /**< Data offsets and length for AEAD */

            struct {
                uint8_t *data;
                phys_addr_t phys_addr;
            } digest; /**< Digest parameters */

            struct {
                uint8_t *data;
                phys_addr_t phys_addr;
            } aad;
            /**< Additional authentication parameters */
        } aead;

        struct {
            struct {
                struct {
                    uint32_t offset;
                    uint32_t length;
                } data; /**< Data offsets and length for ciphering */
            } cipher;

            struct {
                struct {
                    uint32_t offset;
                    uint32_t length;
                } data;
                /**< Data offsets and length for authentication */

                struct {
                    uint8_t *data;
                    phys_addr_t phys_addr;
                } digest; /**< Digest parameters */
            } auth;
        };
    };
};

Changes in v2:

- Added AEAD structures

- Added authentication IV (used for AES-GMAC and wireless algorithms)

- Modified all applications with the changes

- Modified all drivers with the changes

- Moved AAD length to the crypto session

- Rebased against latest dpdk-next-crypto

- Added documentation changes

Pablo de Lara (27):
  cryptodev: move session type to generic crypto op
  cryptodev: replace enums with 1-byte variables
  cryptodev: remove opaque data pointer in crypto op
  cryptodev: do not store pointer to op specific params
  cryptodev: remove useless alignment
  cryptodev: add crypto op helper macros
  crypto/qat: fix KASUMI authentication
  test/crypto: move IV to crypto op private data
  test/crypto-perf: move IV to crypto op private data
  app/crypto-perf: move IV to crypto op private data
  examples/l2fwd-crypto: move IV to crypto op private data
  examples/ipsec-secgw: move IV to crypto op private data
  cryptodev: pass IV as offset
  cryptodev: move IV parameters to crypto session
  cryptodev: add auth IV
  cryptodev: do not use AAD in wireless algorithms
  cryptodev: remove AAD length from crypto op
  cryptodev: remove digest length from crypto op
  cryptodev: set AES-GMAC as auth-only algo
  cryptodev: add AEAD specific data
  cryptodev: add AEAD parameters in crypto operation
  examples/l2fwd-crypto: avoid too many tabs
  app/test-crypto-perf: add AEAD parameters
  examples/ipsec-secgw: add AEAD parameters
  examples/l2fwd-crypto: add AEAD parameters
  cryptodev: use AES-GCM/CCM as AEAD algorithms
  cryptodev: remove AAD from authentication structure

 app/test-crypto-perf/cperf_ops.c                   |  215 ++--
 app/test-crypto-perf/cperf_ops.h                   |    6 +-
 app/test-crypto-perf/cperf_options.h               |   24 +-
 app/test-crypto-perf/cperf_options_parsing.c       |  148 ++-
 app/test-crypto-perf/cperf_test_latency.c          |   59 +-
 app/test-crypto-perf/cperf_test_throughput.c       |   24 +-
 app/test-crypto-perf/cperf_test_vector_parsing.c   |   67 +-
 app/test-crypto-perf/cperf_test_vectors.c          |  140 ++-
 app/test-crypto-perf/cperf_test_vectors.h          |   20 +-
 app/test-crypto-perf/cperf_test_verify.c           |   25 +-
 app/test-crypto-perf/data/aes_cbc_128_sha.data     |    2 +-
 app/test-crypto-perf/data/aes_cbc_192_sha.data     |    2 +-
 app/test-crypto-perf/data/aes_cbc_256_sha.data     |    2 +-
 app/test-crypto-perf/main.c                        |   61 +-
 doc/guides/prog_guide/cryptodev_lib.rst            |  107 +-
 doc/guides/prog_guide/img/crypto_xform_chain.svg   |    8 +-
 doc/guides/rel_notes/release_17_08.rst             |   36 +
 doc/guides/sample_app_ug/ipsec_secgw.rst           |   43 +-
 doc/guides/sample_app_ug/l2_forward_crypto.rst     |   41 +-
 doc/guides/tools/cryptoperf.rst                    |   50 +-
 drivers/crypto/aesni_gcm/aesni_gcm_pmd.c           |  260 +++--
 drivers/crypto/aesni_gcm/aesni_gcm_pmd_ops.c       |   32 +-
 drivers/crypto/aesni_gcm/aesni_gcm_pmd_private.h   |   13 +-
 drivers/crypto/aesni_mb/rte_aesni_mb_pmd.c         |   16 +-
 drivers/crypto/aesni_mb/rte_aesni_mb_pmd_ops.c     |   21 +-
 drivers/crypto/aesni_mb/rte_aesni_mb_pmd_private.h |    5 +
 drivers/crypto/armv8/rte_armv8_pmd.c               |   26 +-
 drivers/crypto/armv8/rte_armv8_pmd_ops.c           |    6 +-
 drivers/crypto/armv8/rte_armv8_pmd_private.h       |    9 +-
 drivers/crypto/dpaa2_sec/dpaa2_sec_dpseci.c        |   87 +-
 drivers/crypto/dpaa2_sec/dpaa2_sec_priv.h          |   25 +-
 drivers/crypto/kasumi/rte_kasumi_pmd.c             |   88 +-
 drivers/crypto/kasumi/rte_kasumi_pmd_ops.c         |    5 +-
 drivers/crypto/kasumi/rte_kasumi_pmd_private.h     |    2 +
 drivers/crypto/null/null_crypto_pmd.c              |   15 +-
 drivers/crypto/null/null_crypto_pmd_ops.c          |    9 +-
 drivers/crypto/openssl/rte_openssl_pmd.c           |  209 +++-
 drivers/crypto/openssl/rte_openssl_pmd_ops.c       |  103 +-
 drivers/crypto/openssl/rte_openssl_pmd_private.h   |   14 +
 drivers/crypto/qat/qat_adf/qat_algs.h              |    9 +
 drivers/crypto/qat/qat_adf/qat_algs_build_desc.c   |    7 +-
 drivers/crypto/qat/qat_crypto.c                    |  372 +++++--
 drivers/crypto/qat/qat_crypto.h                    |    4 +
 drivers/crypto/qat/qat_crypto_capabilities.h       |   82 +-
 drivers/crypto/snow3g/rte_snow3g_pmd.c             |   79 +-
 drivers/crypto/snow3g/rte_snow3g_pmd_ops.c         |    5 +-
 drivers/crypto/snow3g/rte_snow3g_pmd_private.h     |    2 +
 drivers/crypto/zuc/rte_zuc_pmd.c                   |   63 +-
 drivers/crypto/zuc/rte_zuc_pmd_ops.c               |    7 +-
 drivers/crypto/zuc/rte_zuc_pmd_private.h           |    2 +
 examples/ipsec-secgw/esp.c                         |  243 ++--
 examples/ipsec-secgw/ipsec.c                       |    1 -
 examples/ipsec-secgw/ipsec.h                       |    6 +-
 examples/ipsec-secgw/sa.c                          |  285 +++--
 examples/l2fwd-crypto/main.c                       |  721 +++++++++---
 lib/librte_cryptodev/rte_crypto.h                  |   37 +-
 lib/librte_cryptodev/rte_crypto_sym.h              |  618 +++++-----
 lib/librte_cryptodev/rte_cryptodev.c               |   71 +-
 lib/librte_cryptodev/rte_cryptodev.h               |   90 +-
 lib/librte_cryptodev/rte_cryptodev_version.map     |   10 +
 test/test/test_cryptodev.c                         | 1176 ++++++++------------
 test/test/test_cryptodev.h                         |    6 +
 test/test/test_cryptodev_blockcipher.c             |   35 +-
 test/test/test_cryptodev_gcm_test_vectors.h        |   29 +-
 .../test/test_cryptodev_kasumi_hash_test_vectors.h |   16 +-
 test/test/test_cryptodev_kasumi_test_vectors.h     |   20 +-
 test/test/test_cryptodev_perf.c                    |  673 +++++------
 .../test/test_cryptodev_snow3g_hash_test_vectors.h |   14 +-
 test/test/test_cryptodev_snow3g_test_vectors.h     |   24 +-
 test/test/test_cryptodev_zuc_test_vectors.h        |   38 +-
 70 files changed, 4042 insertions(+), 2728 deletions(-)

-- 
2.9.4

^ permalink raw reply	[flat|nested] 100+ messages in thread

* [dpdk-dev] [PATCH v2 01/27] cryptodev: move session type to generic crypto op
  2017-06-26 10:22 ` [dpdk-dev] [PATCH v2 00/27] Crypto operation restructuring Pablo de Lara
@ 2017-06-26 10:22   ` Pablo de Lara
  2017-06-26 10:22   ` [dpdk-dev] [PATCH v2 02/27] cryptodev: replace enums with 1-byte variables Pablo de Lara
                     ` (27 subsequent siblings)
  28 siblings, 0 replies; 100+ messages in thread
From: Pablo de Lara @ 2017-06-26 10:22 UTC (permalink / raw)
  To: declan.doherty, zbigniew.bodek, jerin.jacob, akhil.goyal, hemant.agrawal
  Cc: dev, Pablo de Lara

Session type (operation with or without session) is not
something specific to symmetric operations.
Therefore, the variable is moved to the generic crypto operation
structure.

Signed-off-by: Pablo de Lara <pablo.de.lara.guarch@intel.com>
---
 doc/guides/prog_guide/cryptodev_lib.rst     | 21 ++++++++++-----------
 doc/guides/rel_notes/release_17_08.rst      |  8 ++++++++
 drivers/crypto/aesni_gcm/aesni_gcm_pmd.c    | 15 ++++++++-------
 drivers/crypto/aesni_mb/rte_aesni_mb_pmd.c  |  4 ++--
 drivers/crypto/armv8/rte_armv8_pmd.c        |  4 ++--
 drivers/crypto/dpaa2_sec/dpaa2_sec_dpseci.c |  2 +-
 drivers/crypto/kasumi/rte_kasumi_pmd.c      |  6 +++---
 drivers/crypto/null/null_crypto_pmd.c       | 15 ++++++++-------
 drivers/crypto/openssl/rte_openssl_pmd.c    |  4 ++--
 drivers/crypto/qat/qat_crypto.c             |  2 +-
 drivers/crypto/snow3g/rte_snow3g_pmd.c      |  6 +++---
 drivers/crypto/zuc/rte_zuc_pmd.c            |  4 ++--
 lib/librte_cryptodev/rte_crypto.h           | 15 +++++++++++++++
 lib/librte_cryptodev/rte_crypto_sym.h       | 16 ----------------
 test/test/test_cryptodev.c                  |  8 ++++----
 15 files changed, 69 insertions(+), 61 deletions(-)

diff --git a/doc/guides/prog_guide/cryptodev_lib.rst b/doc/guides/prog_guide/cryptodev_lib.rst
index 4f98f28..229cb7a 100644
--- a/doc/guides/prog_guide/cryptodev_lib.rst
+++ b/doc/guides/prog_guide/cryptodev_lib.rst
@@ -1,5 +1,5 @@
 ..  BSD LICENSE
-    Copyright(c) 2016 Intel Corporation. All rights reserved.
+    Copyright(c) 2016-2017 Intel Corporation. All rights reserved.
 
     Redistribution and use in source and binary forms, with or without
     modification, are permitted provided that the following conditions
@@ -359,11 +359,12 @@ Crypto operation to be processed on a particular Crypto device poll mode driver.
 
 .. figure:: img/crypto_op.*
 
-The operation structure includes the operation type and the operation status,
-a reference to the operation specific data, which can vary in size and content
-depending on the operation being provisioned. It also contains the source
-mempool for the operation, if it allocate from a mempool. Finally an
-opaque pointer for user specific data is provided.
+The operation structure includes the operation type, the operation status
+and the session type (session-based/less), a reference to the operation
+specific data, which can vary in size and content depending on the operation
+being provisioned. It also contains the source mempool for the operation,
+if it allocate from a mempool. Finally an opaque pointer for user specific
+data is provided.
 
 If Crypto operations are allocated from a Crypto operation mempool, see next
 section, there is also the ability to allocate private memory with the
@@ -512,9 +513,9 @@ buffer. It is used for either cipher, authentication, AEAD and chained
 operations.
 
 As a minimum the symmetric operation must have a source data buffer (``m_src``),
-the session type (session-based/less), a valid session (or transform chain if in
-session-less mode) and the minimum authentication/ cipher parameters required
-depending on the type of operation specified in the session or the transform
+a valid session (or transform chain if in session-less mode) and the minimum
+authentication/ cipher parameters required depending on the type of operation
+specified in the session or the transform
 chain.
 
 .. code-block:: c
@@ -523,8 +524,6 @@ chain.
         struct rte_mbuf *m_src;
         struct rte_mbuf *m_dst;
 
-        enum rte_crypto_sym_op_sess_type type;
-
         union {
             struct rte_cryptodev_sym_session *session;
             /**< Handle for the initialised session context */
diff --git a/doc/guides/rel_notes/release_17_08.rst b/doc/guides/rel_notes/release_17_08.rst
index 842f46f..2bc405d 100644
--- a/doc/guides/rel_notes/release_17_08.rst
+++ b/doc/guides/rel_notes/release_17_08.rst
@@ -144,6 +144,14 @@ API Changes
    Also, make sure to start the actual text at the margin.
    =========================================================
 
+* **Reworked rte_cryptodev library.**
+
+  The rte_cryptodev library has been reworked and updated. The following changes
+  have been made to it:
+
+  * Removed the field ``rte_crypto_sym_op_sess_type`` from ``rte_crypto_sym_op``,
+    and moved it to ``rte_crypto_op`` as ``rte_crypto_op_sess_type``.
+
 
 ABI Changes
 -----------
diff --git a/drivers/crypto/aesni_gcm/aesni_gcm_pmd.c b/drivers/crypto/aesni_gcm/aesni_gcm_pmd.c
index 4d7aa4f..165f5a1 100644
--- a/drivers/crypto/aesni_gcm/aesni_gcm_pmd.c
+++ b/drivers/crypto/aesni_gcm/aesni_gcm_pmd.c
@@ -139,16 +139,17 @@ aesni_gcm_set_session_parameters(struct aesni_gcm_session *sess,
 
 /** Get gcm session */
 static struct aesni_gcm_session *
-aesni_gcm_get_session(struct aesni_gcm_qp *qp, struct rte_crypto_sym_op *op)
+aesni_gcm_get_session(struct aesni_gcm_qp *qp, struct rte_crypto_op *op)
 {
 	struct aesni_gcm_session *sess = NULL;
+	struct rte_crypto_sym_op *sym_op = op->sym;
 
-	if (op->sess_type == RTE_CRYPTO_SYM_OP_WITH_SESSION) {
-		if (unlikely(op->session->dev_type
+	if (op->sess_type == RTE_CRYPTO_OP_WITH_SESSION) {
+		if (unlikely(sym_op->session->dev_type
 					!= RTE_CRYPTODEV_AESNI_GCM_PMD))
 			return sess;
 
-		sess = (struct aesni_gcm_session *)op->session->_private;
+		sess = (struct aesni_gcm_session *)sym_op->session->_private;
 	} else  {
 		void *_sess;
 
@@ -159,7 +160,7 @@ aesni_gcm_get_session(struct aesni_gcm_qp *qp, struct rte_crypto_sym_op *op)
 			((struct rte_cryptodev_sym_session *)_sess)->_private;
 
 		if (unlikely(aesni_gcm_set_session_parameters(sess,
-				op->xform) != 0)) {
+				sym_op->xform) != 0)) {
 			rte_mempool_put(qp->sess_mp, _sess);
 			sess = NULL;
 		}
@@ -372,7 +373,7 @@ handle_completed_gcm_crypto_op(struct aesni_gcm_qp *qp,
 	post_process_gcm_crypto_op(op);
 
 	/* Free session if a session-less crypto op */
-	if (op->sym->sess_type == RTE_CRYPTO_SYM_OP_SESSIONLESS) {
+	if (op->sess_type == RTE_CRYPTO_OP_SESSIONLESS) {
 		rte_mempool_put(qp->sess_mp, op->sym->session);
 		op->sym->session = NULL;
 	}
@@ -393,7 +394,7 @@ aesni_gcm_pmd_dequeue_burst(void *queue_pair,
 
 	for (i = 0; i < nb_dequeued; i++) {
 
-		sess = aesni_gcm_get_session(qp, ops[i]->sym);
+		sess = aesni_gcm_get_session(qp, ops[i]);
 		if (unlikely(sess == NULL)) {
 			ops[i]->status = RTE_CRYPTO_OP_STATUS_INVALID_ARGS;
 			qp->qp_stats.dequeue_err_count++;
diff --git a/drivers/crypto/aesni_mb/rte_aesni_mb_pmd.c b/drivers/crypto/aesni_mb/rte_aesni_mb_pmd.c
index e88d3cd..efdc321 100644
--- a/drivers/crypto/aesni_mb/rte_aesni_mb_pmd.c
+++ b/drivers/crypto/aesni_mb/rte_aesni_mb_pmd.c
@@ -345,7 +345,7 @@ get_session(struct aesni_mb_qp *qp, struct rte_crypto_op *op)
 {
 	struct aesni_mb_session *sess = NULL;
 
-	if (op->sym->sess_type == RTE_CRYPTO_SYM_OP_WITH_SESSION) {
+	if (op->sess_type == RTE_CRYPTO_OP_WITH_SESSION) {
 		if (unlikely(op->sym->session->dev_type !=
 				RTE_CRYPTODEV_AESNI_MB_PMD)) {
 			return NULL;
@@ -541,7 +541,7 @@ post_process_mb_job(struct aesni_mb_qp *qp, JOB_AES_HMAC *job)
 	}
 
 	/* Free session if a session-less crypto op */
-	if (op->sym->sess_type == RTE_CRYPTO_SYM_OP_SESSIONLESS) {
+	if (op->sess_type == RTE_CRYPTO_OP_SESSIONLESS) {
 		rte_mempool_put(qp->sess_mp, op->sym->session);
 		op->sym->session = NULL;
 	}
diff --git a/drivers/crypto/armv8/rte_armv8_pmd.c b/drivers/crypto/armv8/rte_armv8_pmd.c
index 8ed26db..04d8781 100644
--- a/drivers/crypto/armv8/rte_armv8_pmd.c
+++ b/drivers/crypto/armv8/rte_armv8_pmd.c
@@ -545,7 +545,7 @@ get_session(struct armv8_crypto_qp *qp, struct rte_crypto_op *op)
 {
 	struct armv8_crypto_session *sess = NULL;
 
-	if (op->sym->sess_type == RTE_CRYPTO_SYM_OP_WITH_SESSION) {
+	if (op->sess_type == RTE_CRYPTO_OP_WITH_SESSION) {
 		/* get existing session */
 		if (likely(op->sym->session != NULL &&
 				op->sym->session->dev_type ==
@@ -700,7 +700,7 @@ process_op(const struct armv8_crypto_qp *qp, struct rte_crypto_op *op,
 	}
 
 	/* Free session if a session-less crypto op */
-	if (op->sym->sess_type == RTE_CRYPTO_SYM_OP_SESSIONLESS) {
+	if (op->sess_type == RTE_CRYPTO_OP_SESSIONLESS) {
 		memset(sess, 0, sizeof(struct armv8_crypto_session));
 		rte_mempool_put(qp->sess_mp, op->sym->session);
 		op->sym->session = NULL;
diff --git a/drivers/crypto/dpaa2_sec/dpaa2_sec_dpseci.c b/drivers/crypto/dpaa2_sec/dpaa2_sec_dpseci.c
index e32b27e..e154395 100644
--- a/drivers/crypto/dpaa2_sec/dpaa2_sec_dpseci.c
+++ b/drivers/crypto/dpaa2_sec/dpaa2_sec_dpseci.c
@@ -437,7 +437,7 @@ dpaa2_sec_enqueue_burst(void *qp, struct rte_crypto_op **ops,
 	if (unlikely(nb_ops == 0))
 		return 0;
 
-	if (ops[0]->sym->sess_type != RTE_CRYPTO_SYM_OP_WITH_SESSION) {
+	if (ops[0]->sess_type != RTE_CRYPTO_OP_WITH_SESSION) {
 		RTE_LOG(ERR, PMD, "sessionless crypto op not supported\n");
 		return 0;
 	}
diff --git a/drivers/crypto/kasumi/rte_kasumi_pmd.c b/drivers/crypto/kasumi/rte_kasumi_pmd.c
index ac80473..667ebfc 100644
--- a/drivers/crypto/kasumi/rte_kasumi_pmd.c
+++ b/drivers/crypto/kasumi/rte_kasumi_pmd.c
@@ -143,7 +143,7 @@ kasumi_get_session(struct kasumi_qp *qp, struct rte_crypto_op *op)
 {
 	struct kasumi_session *sess;
 
-	if (op->sym->sess_type == RTE_CRYPTO_SYM_OP_WITH_SESSION) {
+	if (op->sess_type == RTE_CRYPTO_OP_WITH_SESSION) {
 		if (unlikely(op->sym->session->dev_type !=
 				RTE_CRYPTODEV_KASUMI_PMD))
 			return NULL;
@@ -353,7 +353,7 @@ process_ops(struct rte_crypto_op **ops, struct kasumi_session *session,
 		if (ops[i]->status == RTE_CRYPTO_OP_STATUS_NOT_PROCESSED)
 			ops[i]->status = RTE_CRYPTO_OP_STATUS_SUCCESS;
 		/* Free session if a session-less crypto op. */
-		if (ops[i]->sym->sess_type == RTE_CRYPTO_SYM_OP_SESSIONLESS) {
+		if (ops[i]->sess_type == RTE_CRYPTO_OP_SESSIONLESS) {
 			rte_mempool_put(qp->sess_mp, ops[i]->sym->session);
 			ops[i]->sym->session = NULL;
 		}
@@ -405,7 +405,7 @@ process_op_bit(struct rte_crypto_op *op, struct kasumi_session *session,
 		op->status = RTE_CRYPTO_OP_STATUS_SUCCESS;
 
 	/* Free session if a session-less crypto op. */
-	if (op->sym->sess_type == RTE_CRYPTO_SYM_OP_SESSIONLESS) {
+	if (op->sess_type == RTE_CRYPTO_OP_SESSIONLESS) {
 		rte_mempool_put(qp->sess_mp, op->sym->session);
 		op->sym->session = NULL;
 	}
diff --git a/drivers/crypto/null/null_crypto_pmd.c b/drivers/crypto/null/null_crypto_pmd.c
index 47b8dad..fcf2adc 100644
--- a/drivers/crypto/null/null_crypto_pmd.c
+++ b/drivers/crypto/null/null_crypto_pmd.c
@@ -90,16 +90,17 @@ process_op(const struct null_crypto_qp *qp, struct rte_crypto_op *op,
 }
 
 static struct null_crypto_session *
-get_session(struct null_crypto_qp *qp, struct rte_crypto_sym_op *op)
+get_session(struct null_crypto_qp *qp, struct rte_crypto_op *op)
 {
 	struct null_crypto_session *sess;
+	struct rte_crypto_sym_op *sym_op = op->sym;
 
-	if (op->sess_type == RTE_CRYPTO_SYM_OP_WITH_SESSION) {
-		if (unlikely(op->session == NULL ||
-			     op->session->dev_type != RTE_CRYPTODEV_NULL_PMD))
+	if (op->sess_type == RTE_CRYPTO_OP_WITH_SESSION) {
+		if (unlikely(sym_op->session == NULL ||
+			     sym_op->session->dev_type != RTE_CRYPTODEV_NULL_PMD))
 			return NULL;
 
-		sess = (struct null_crypto_session *)op->session->_private;
+		sess = (struct null_crypto_session *)sym_op->session->_private;
 	} else  {
 		struct rte_cryptodev_session *c_sess = NULL;
 
@@ -108,7 +109,7 @@ get_session(struct null_crypto_qp *qp, struct rte_crypto_sym_op *op)
 
 		sess = (struct null_crypto_session *)c_sess->_private;
 
-		if (null_crypto_set_session_parameters(sess, op->xform)	!= 0)
+		if (null_crypto_set_session_parameters(sess, sym_op->xform) != 0)
 			return NULL;
 	}
 
@@ -126,7 +127,7 @@ null_crypto_pmd_enqueue_burst(void *queue_pair, struct rte_crypto_op **ops,
 	int i, retval;
 
 	for (i = 0; i < nb_ops; i++) {
-		sess = get_session(qp, ops[i]->sym);
+		sess = get_session(qp, ops[i]);
 		if (unlikely(sess == NULL))
 			goto enqueue_err;
 
diff --git a/drivers/crypto/openssl/rte_openssl_pmd.c b/drivers/crypto/openssl/rte_openssl_pmd.c
index a6438a8..9f032d3 100644
--- a/drivers/crypto/openssl/rte_openssl_pmd.c
+++ b/drivers/crypto/openssl/rte_openssl_pmd.c
@@ -446,7 +446,7 @@ get_session(struct openssl_qp *qp, struct rte_crypto_op *op)
 {
 	struct openssl_session *sess = NULL;
 
-	if (op->sym->sess_type == RTE_CRYPTO_SYM_OP_WITH_SESSION) {
+	if (op->sess_type == RTE_CRYPTO_OP_WITH_SESSION) {
 		/* get existing session */
 		if (likely(op->sym->session != NULL &&
 				op->sym->session->dev_type ==
@@ -1196,7 +1196,7 @@ process_op(const struct openssl_qp *qp, struct rte_crypto_op *op,
 	}
 
 	/* Free session if a session-less crypto op */
-	if (op->sym->sess_type == RTE_CRYPTO_SYM_OP_SESSIONLESS) {
+	if (op->sess_type == RTE_CRYPTO_OP_SESSIONLESS) {
 		openssl_reset_session(sess);
 		memset(sess, 0, sizeof(struct openssl_session));
 		rte_mempool_put(qp->sess_mp, op->sym->session);
diff --git a/drivers/crypto/qat/qat_crypto.c b/drivers/crypto/qat/qat_crypto.c
index 8b7b2fa..9b294e4 100644
--- a/drivers/crypto/qat/qat_crypto.c
+++ b/drivers/crypto/qat/qat_crypto.c
@@ -908,7 +908,7 @@ qat_write_hw_desc_entry(struct rte_crypto_op *op, uint8_t *out_msg,
 		return -EINVAL;
 	}
 #endif
-	if (unlikely(op->sym->sess_type == RTE_CRYPTO_SYM_OP_SESSIONLESS)) {
+	if (unlikely(op->sess_type == RTE_CRYPTO_OP_SESSIONLESS)) {
 		PMD_DRV_LOG(ERR, "QAT PMD only supports session oriented"
 				" requests, op (%p) is sessionless.", op);
 		return -EINVAL;
diff --git a/drivers/crypto/snow3g/rte_snow3g_pmd.c b/drivers/crypto/snow3g/rte_snow3g_pmd.c
index 855be72..6261656 100644
--- a/drivers/crypto/snow3g/rte_snow3g_pmd.c
+++ b/drivers/crypto/snow3g/rte_snow3g_pmd.c
@@ -143,7 +143,7 @@ snow3g_get_session(struct snow3g_qp *qp, struct rte_crypto_op *op)
 {
 	struct snow3g_session *sess;
 
-	if (op->sym->sess_type == RTE_CRYPTO_SYM_OP_WITH_SESSION) {
+	if (op->sess_type == RTE_CRYPTO_OP_WITH_SESSION) {
 		if (unlikely(op->sym->session->dev_type !=
 				RTE_CRYPTODEV_SNOW3G_PMD))
 			return NULL;
@@ -357,7 +357,7 @@ process_ops(struct rte_crypto_op **ops, struct snow3g_session *session,
 		if (ops[i]->status == RTE_CRYPTO_OP_STATUS_NOT_PROCESSED)
 			ops[i]->status = RTE_CRYPTO_OP_STATUS_SUCCESS;
 		/* Free session if a session-less crypto op. */
-		if (ops[i]->sym->sess_type == RTE_CRYPTO_SYM_OP_SESSIONLESS) {
+		if (ops[i]->sess_type == RTE_CRYPTO_OP_SESSIONLESS) {
 			rte_mempool_put(qp->sess_mp, ops[i]->sym->session);
 			ops[i]->sym->session = NULL;
 		}
@@ -409,7 +409,7 @@ process_op_bit(struct rte_crypto_op *op, struct snow3g_session *session,
 		op->status = RTE_CRYPTO_OP_STATUS_SUCCESS;
 
 	/* Free session if a session-less crypto op. */
-	if (op->sym->sess_type == RTE_CRYPTO_SYM_OP_SESSIONLESS) {
+	if (op->sess_type == RTE_CRYPTO_OP_SESSIONLESS) {
 		rte_mempool_put(qp->sess_mp, op->sym->session);
 		op->sym->session = NULL;
 	}
diff --git a/drivers/crypto/zuc/rte_zuc_pmd.c b/drivers/crypto/zuc/rte_zuc_pmd.c
index 7681587..d2263b4 100644
--- a/drivers/crypto/zuc/rte_zuc_pmd.c
+++ b/drivers/crypto/zuc/rte_zuc_pmd.c
@@ -142,7 +142,7 @@ zuc_get_session(struct zuc_qp *qp, struct rte_crypto_op *op)
 {
 	struct zuc_session *sess;
 
-	if (op->sym->sess_type == RTE_CRYPTO_SYM_OP_WITH_SESSION) {
+	if (op->sess_type == RTE_CRYPTO_OP_WITH_SESSION) {
 		if (unlikely(op->sym->session->dev_type !=
 				RTE_CRYPTODEV_ZUC_PMD))
 			return NULL;
@@ -333,7 +333,7 @@ process_ops(struct rte_crypto_op **ops, struct zuc_session *session,
 		if (ops[i]->status == RTE_CRYPTO_OP_STATUS_NOT_PROCESSED)
 			ops[i]->status = RTE_CRYPTO_OP_STATUS_SUCCESS;
 		/* Free session if a session-less crypto op. */
-		if (ops[i]->sym->sess_type == RTE_CRYPTO_SYM_OP_SESSIONLESS) {
+		if (ops[i]->sess_type == RTE_CRYPTO_OP_SESSIONLESS) {
 			rte_mempool_put(qp->sess_mp, ops[i]->sym->session);
 			ops[i]->sym->session = NULL;
 		}
diff --git a/lib/librte_cryptodev/rte_crypto.h b/lib/librte_cryptodev/rte_crypto.h
index 9019518..ac5c184 100644
--- a/lib/librte_cryptodev/rte_crypto.h
+++ b/lib/librte_cryptodev/rte_crypto.h
@@ -82,6 +82,16 @@ enum rte_crypto_op_status {
 };
 
 /**
+ * Crypto operation session type. This is used to specify whether a crypto
+ * operation has session structure attached for immutable parameters or if all
+ * operation information is included in the operation data structure.
+ */
+enum rte_crypto_op_sess_type {
+	RTE_CRYPTO_OP_WITH_SESSION,	/**< Session based crypto operation */
+	RTE_CRYPTO_OP_SESSIONLESS	/**< Session-less crypto operation */
+};
+
+/**
  * Cryptographic Operation.
  *
  * This structure contains data relating to performing cryptographic
@@ -102,6 +112,8 @@ struct rte_crypto_op {
 	 * will be set to RTE_CRYPTO_OP_STATUS_SUCCESS after crypto operation
 	 * is successfully processed by a crypto PMD
 	 */
+	enum rte_crypto_op_sess_type  sess_type;
+	/**< operation session type */
 
 	struct rte_mempool *mempool;
 	/**< crypto operation mempool which operation is allocated from */
@@ -130,6 +142,7 @@ __rte_crypto_op_reset(struct rte_crypto_op *op, enum rte_crypto_op_type type)
 {
 	op->type = type;
 	op->status = RTE_CRYPTO_OP_STATUS_NOT_PROCESSED;
+	op->sess_type = RTE_CRYPTO_OP_SESSIONLESS;
 
 	switch (type) {
 	case RTE_CRYPTO_OP_TYPE_SYMMETRIC:
@@ -407,6 +420,8 @@ rte_crypto_op_attach_sym_session(struct rte_crypto_op *op,
 	if (unlikely(op->type != RTE_CRYPTO_OP_TYPE_SYMMETRIC))
 		return -1;
 
+	op->sess_type = RTE_CRYPTO_OP_WITH_SESSION;
+
 	return __rte_crypto_sym_op_attach_sym_session(op->sym, sess);
 }
 
diff --git a/lib/librte_cryptodev/rte_crypto_sym.h b/lib/librte_cryptodev/rte_crypto_sym.h
index 3a40844..386b120 100644
--- a/lib/librte_cryptodev/rte_crypto_sym.h
+++ b/lib/librte_cryptodev/rte_crypto_sym.h
@@ -376,17 +376,6 @@ struct rte_crypto_sym_xform {
 	};
 };
 
-/**
- * Crypto operation session type. This is used to specify whether a crypto
- * operation has session structure attached for immutable parameters or if all
- * operation information is included in the operation data structure.
- */
-enum rte_crypto_sym_op_sess_type {
-	RTE_CRYPTO_SYM_OP_WITH_SESSION,	/**< Session based crypto operation */
-	RTE_CRYPTO_SYM_OP_SESSIONLESS	/**< Session-less crypto operation */
-};
-
-
 struct rte_cryptodev_sym_session;
 
 /**
@@ -423,8 +412,6 @@ struct rte_crypto_sym_op {
 	struct rte_mbuf *m_src;	/**< source mbuf */
 	struct rte_mbuf *m_dst;	/**< destination mbuf */
 
-	enum rte_crypto_sym_op_sess_type sess_type;
-
 	RTE_STD_C11
 	union {
 		struct rte_cryptodev_sym_session *session;
@@ -665,8 +652,6 @@ static inline void
 __rte_crypto_sym_op_reset(struct rte_crypto_sym_op *op)
 {
 	memset(op, 0, sizeof(*op));
-
-	op->sess_type = RTE_CRYPTO_SYM_OP_SESSIONLESS;
 }
 
 
@@ -708,7 +693,6 @@ __rte_crypto_sym_op_attach_sym_session(struct rte_crypto_sym_op *sym_op,
 		struct rte_cryptodev_sym_session *sess)
 {
 	sym_op->session = sess;
-	sym_op->sess_type = RTE_CRYPTO_SYM_OP_WITH_SESSION;
 
 	return 0;
 }
diff --git a/test/test/test_cryptodev.c b/test/test/test_cryptodev.c
index eed7385..cf2f90d 100644
--- a/test/test/test_cryptodev.c
+++ b/test/test/test_cryptodev.c
@@ -5556,8 +5556,8 @@ test_AES_GCM_authenticated_encryption_sessionless(
 
 	ut_params->op->sym->m_src = ut_params->ibuf;
 
-	TEST_ASSERT_EQUAL(ut_params->op->sym->sess_type,
-			RTE_CRYPTO_SYM_OP_SESSIONLESS,
+	TEST_ASSERT_EQUAL(ut_params->op->sess_type,
+			RTE_CRYPTO_OP_SESSIONLESS,
 			"crypto op session type not sessionless");
 
 	/* Process crypto operation */
@@ -5636,8 +5636,8 @@ test_AES_GCM_authenticated_decryption_sessionless(
 
 	ut_params->op->sym->m_src = ut_params->ibuf;
 
-	TEST_ASSERT_EQUAL(ut_params->op->sym->sess_type,
-			RTE_CRYPTO_SYM_OP_SESSIONLESS,
+	TEST_ASSERT_EQUAL(ut_params->op->sess_type,
+			RTE_CRYPTO_OP_SESSIONLESS,
 			"crypto op session type not sessionless");
 
 	/* Process crypto operation */
-- 
2.9.4

^ permalink raw reply	[flat|nested] 100+ messages in thread

* [dpdk-dev] [PATCH v2 02/27] cryptodev: replace enums with 1-byte variables
  2017-06-26 10:22 ` [dpdk-dev] [PATCH v2 00/27] Crypto operation restructuring Pablo de Lara
  2017-06-26 10:22   ` [dpdk-dev] [PATCH v2 01/27] cryptodev: move session type to generic crypto op Pablo de Lara
@ 2017-06-26 10:22   ` Pablo de Lara
  2017-06-26 10:22   ` [dpdk-dev] [PATCH v2 03/27] cryptodev: remove opaque data pointer in crypto op Pablo de Lara
                     ` (26 subsequent siblings)
  28 siblings, 0 replies; 100+ messages in thread
From: Pablo de Lara @ 2017-06-26 10:22 UTC (permalink / raw)
  To: declan.doherty, zbigniew.bodek, jerin.jacob, akhil.goyal, hemant.agrawal
  Cc: dev, Pablo de Lara

Instead of storing some crypto operation flags,
such as operation status, as enumerations,
store them as uint8_t, for memory efficiency.

Also, reserve extra 5 bytes in the crypto operation,
for future additions.

Signed-off-by: Pablo de Lara <pablo.de.lara.guarch@intel.com>
---
 doc/guides/rel_notes/release_17_08.rst | 3 +++
 lib/librte_cryptodev/rte_crypto.h      | 9 +++++----
 2 files changed, 8 insertions(+), 4 deletions(-)

diff --git a/doc/guides/rel_notes/release_17_08.rst b/doc/guides/rel_notes/release_17_08.rst
index 2bc405d..bbb14a9 100644
--- a/doc/guides/rel_notes/release_17_08.rst
+++ b/doc/guides/rel_notes/release_17_08.rst
@@ -151,6 +151,9 @@ API Changes
 
   * Removed the field ``rte_crypto_sym_op_sess_type`` from ``rte_crypto_sym_op``,
     and moved it to ``rte_crypto_op`` as ``rte_crypto_op_sess_type``.
+  * Enumerations ``rte_crypto_op_sess_type``, ``rte_crypto_op_status`` and
+    ``rte_crypto_op_sess_type`` in ``rte_crypto_op`` have been modified to be
+    uint8_t values.
 
 
 ABI Changes
diff --git a/lib/librte_cryptodev/rte_crypto.h b/lib/librte_cryptodev/rte_crypto.h
index ac5c184..8e2b640 100644
--- a/lib/librte_cryptodev/rte_crypto.h
+++ b/lib/librte_cryptodev/rte_crypto.h
@@ -102,19 +102,20 @@ enum rte_crypto_op_sess_type {
  * rte_cryptodev_enqueue_burst() / rte_cryptodev_dequeue_burst() .
  */
 struct rte_crypto_op {
-	enum rte_crypto_op_type type;
+	uint8_t type;
 	/**< operation type */
-
-	enum rte_crypto_op_status status;
+	uint8_t status;
 	/**<
 	 * operation status - this is reset to
 	 * RTE_CRYPTO_OP_STATUS_NOT_PROCESSED on allocation from mempool and
 	 * will be set to RTE_CRYPTO_OP_STATUS_SUCCESS after crypto operation
 	 * is successfully processed by a crypto PMD
 	 */
-	enum rte_crypto_op_sess_type  sess_type;
+	uint8_t sess_type;
 	/**< operation session type */
 
+	uint8_t reserved[5];
+	/**< Reserved bytes to fill 64 bits for future additions */
 	struct rte_mempool *mempool;
 	/**< crypto operation mempool which operation is allocated from */
 
-- 
2.9.4

^ permalink raw reply	[flat|nested] 100+ messages in thread

* [dpdk-dev] [PATCH v2 03/27] cryptodev: remove opaque data pointer in crypto op
  2017-06-26 10:22 ` [dpdk-dev] [PATCH v2 00/27] Crypto operation restructuring Pablo de Lara
  2017-06-26 10:22   ` [dpdk-dev] [PATCH v2 01/27] cryptodev: move session type to generic crypto op Pablo de Lara
  2017-06-26 10:22   ` [dpdk-dev] [PATCH v2 02/27] cryptodev: replace enums with 1-byte variables Pablo de Lara
@ 2017-06-26 10:22   ` Pablo de Lara
  2017-06-26 10:22   ` [dpdk-dev] [PATCH v2 04/27] cryptodev: do not store pointer to op specific params Pablo de Lara
                     ` (25 subsequent siblings)
  28 siblings, 0 replies; 100+ messages in thread
From: Pablo de Lara @ 2017-06-26 10:22 UTC (permalink / raw)
  To: declan.doherty, zbigniew.bodek, jerin.jacob, akhil.goyal, hemant.agrawal
  Cc: dev, Pablo de Lara

Storing a pointer to the user data is unnecessary,
since user can store additional data, after the crypto operation.

Signed-off-by: Pablo de Lara <pablo.de.lara.guarch@intel.com>
---
 app/test-crypto-perf/cperf_test_latency.c | 36 +++++++++++++++++++++----------
 doc/guides/prog_guide/cryptodev_lib.rst   |  3 +--
 doc/guides/rel_notes/release_17_08.rst    |  1 +
 lib/librte_cryptodev/rte_crypto.h         |  5 -----
 4 files changed, 27 insertions(+), 18 deletions(-)

diff --git a/app/test-crypto-perf/cperf_test_latency.c b/app/test-crypto-perf/cperf_test_latency.c
index e61ac97..a7443a3 100644
--- a/app/test-crypto-perf/cperf_test_latency.c
+++ b/app/test-crypto-perf/cperf_test_latency.c
@@ -66,6 +66,10 @@ struct cperf_latency_ctx {
 	struct cperf_op_result *res;
 };
 
+struct priv_op_data {
+	struct cperf_op_result *result;
+};
+
 #define max(a, b) (a > b ? (uint64_t)a : (uint64_t)b)
 #define min(a, b) (a < b ? (uint64_t)a : (uint64_t)b)
 
@@ -276,8 +280,9 @@ cperf_latency_test_constructor(uint8_t dev_id, uint16_t qp_id,
 	snprintf(pool_name, sizeof(pool_name), "cperf_op_pool_cdev_%d",
 			dev_id);
 
+	uint16_t priv_size = sizeof(struct priv_op_data);
 	ctx->crypto_op_pool = rte_crypto_op_pool_create(pool_name,
-			RTE_CRYPTO_OP_TYPE_SYMMETRIC, options->pool_sz, 0, 0,
+			RTE_CRYPTO_OP_TYPE_SYMMETRIC, options->pool_sz, 0, priv_size,
 			rte_socket_id());
 	if (ctx->crypto_op_pool == NULL)
 		goto err;
@@ -295,11 +300,20 @@ cperf_latency_test_constructor(uint8_t dev_id, uint16_t qp_id,
 	return NULL;
 }
 
+static inline void
+store_timestamp(struct rte_crypto_op *op, uint64_t timestamp)
+{
+	struct priv_op_data *priv_data;
+
+	priv_data = (struct priv_op_data *) (op->sym + 1);
+	priv_data->result->status = op->status;
+	priv_data->result->tsc_end = timestamp;
+}
+
 int
 cperf_latency_test_runner(void *arg)
 {
 	struct cperf_latency_ctx *ctx = arg;
-	struct cperf_op_result *pres;
 	uint16_t test_burst_size;
 	uint8_t burst_size_idx = 0;
 
@@ -311,6 +325,7 @@ cperf_latency_test_runner(void *arg)
 	struct rte_crypto_op *ops[ctx->options->max_burst_size];
 	struct rte_crypto_op *ops_processed[ctx->options->max_burst_size];
 	uint64_t i;
+	struct priv_op_data *priv_data;
 
 	uint32_t lcore = rte_lcore_id();
 
@@ -398,7 +413,12 @@ cperf_latency_test_runner(void *arg)
 
 			for (i = 0; i < ops_enqd; i++) {
 				ctx->res[tsc_idx].tsc_start = tsc_start;
-				ops[i]->opaque_data = (void *)&ctx->res[tsc_idx];
+				/*
+				 * Private data structure starts after the end of the
+				 * rte_crypto_sym_op structure.
+				 */
+				priv_data = (struct priv_op_data *) (ops[i]->sym + 1);
+				priv_data->result = (void *)&ctx->res[tsc_idx];
 				tsc_idx++;
 			}
 
@@ -410,10 +430,7 @@ cperf_latency_test_runner(void *arg)
 				 * failures.
 				 */
 				for (i = 0; i < ops_deqd; i++) {
-					pres = (struct cperf_op_result *)
-							(ops_processed[i]->opaque_data);
-					pres->status = ops_processed[i]->status;
-					pres->tsc_end = tsc_end;
+					store_timestamp(ops_processed[i], tsc_end);
 
 					rte_crypto_op_free(ops_processed[i]);
 				}
@@ -446,10 +463,7 @@ cperf_latency_test_runner(void *arg)
 
 			if (ops_deqd != 0) {
 				for (i = 0; i < ops_deqd; i++) {
-					pres = (struct cperf_op_result *)
-							(ops_processed[i]->opaque_data);
-					pres->status = ops_processed[i]->status;
-					pres->tsc_end = tsc_end;
+					store_timestamp(ops_processed[i], tsc_end);
 
 					rte_crypto_op_free(ops_processed[i]);
 				}
diff --git a/doc/guides/prog_guide/cryptodev_lib.rst b/doc/guides/prog_guide/cryptodev_lib.rst
index 229cb7a..c9a29f8 100644
--- a/doc/guides/prog_guide/cryptodev_lib.rst
+++ b/doc/guides/prog_guide/cryptodev_lib.rst
@@ -363,8 +363,7 @@ The operation structure includes the operation type, the operation status
 and the session type (session-based/less), a reference to the operation
 specific data, which can vary in size and content depending on the operation
 being provisioned. It also contains the source mempool for the operation,
-if it allocate from a mempool. Finally an opaque pointer for user specific
-data is provided.
+if it allocated from a mempool.
 
 If Crypto operations are allocated from a Crypto operation mempool, see next
 section, there is also the ability to allocate private memory with the
diff --git a/doc/guides/rel_notes/release_17_08.rst b/doc/guides/rel_notes/release_17_08.rst
index bbb14a9..20f459e 100644
--- a/doc/guides/rel_notes/release_17_08.rst
+++ b/doc/guides/rel_notes/release_17_08.rst
@@ -154,6 +154,7 @@ API Changes
   * Enumerations ``rte_crypto_op_sess_type``, ``rte_crypto_op_status`` and
     ``rte_crypto_op_sess_type`` in ``rte_crypto_op`` have been modified to be
     uint8_t values.
+  * Removed the field ``opaque_data`` from ``rte_crypto_op``.
 
 
 ABI Changes
diff --git a/lib/librte_cryptodev/rte_crypto.h b/lib/librte_cryptodev/rte_crypto.h
index 8e2b640..c2677fa 100644
--- a/lib/librte_cryptodev/rte_crypto.h
+++ b/lib/librte_cryptodev/rte_crypto.h
@@ -122,9 +122,6 @@ struct rte_crypto_op {
 	phys_addr_t phys_addr;
 	/**< physical address of crypto operation */
 
-	void *opaque_data;
-	/**< Opaque pointer for user data */
-
 	RTE_STD_C11
 	union {
 		struct rte_crypto_sym_op *sym;
@@ -158,8 +155,6 @@ __rte_crypto_op_reset(struct rte_crypto_op *op, enum rte_crypto_op_type type)
 	default:
 		break;
 	}
-
-	op->opaque_data = NULL;
 }
 
 /**
-- 
2.9.4

^ permalink raw reply	[flat|nested] 100+ messages in thread

* [dpdk-dev] [PATCH v2 04/27] cryptodev: do not store pointer to op specific params
  2017-06-26 10:22 ` [dpdk-dev] [PATCH v2 00/27] Crypto operation restructuring Pablo de Lara
                     ` (2 preceding siblings ...)
  2017-06-26 10:22   ` [dpdk-dev] [PATCH v2 03/27] cryptodev: remove opaque data pointer in crypto op Pablo de Lara
@ 2017-06-26 10:22   ` Pablo de Lara
  2017-06-26 10:22   ` [dpdk-dev] [PATCH v2 05/27] cryptodev: remove useless alignment Pablo de Lara
                     ` (24 subsequent siblings)
  28 siblings, 0 replies; 100+ messages in thread
From: Pablo de Lara @ 2017-06-26 10:22 UTC (permalink / raw)
  To: declan.doherty, zbigniew.bodek, jerin.jacob, akhil.goyal, hemant.agrawal
  Cc: dev, Pablo de Lara

Instead of storing a pointer to operation specific parameters,
such as symmetric crypto parameters, use a zero-length array,
to mark that these parameters will be stored after the
generic crypto operation structure, which was already assumed
in the code, reducing the memory footprint of the crypto operation.

Besides, it is always expected to have rte_crypto_op
and rte_crypto_sym_op (the only operation specific parameters
structure right now) to be together, as they are initialized
as a single object in the crypto operation pool.

Signed-off-by: Pablo de Lara <pablo.de.lara.guarch@intel.com>
---
 doc/guides/rel_notes/release_17_08.rst | 2 ++
 examples/ipsec-secgw/ipsec.c           | 1 -
 lib/librte_cryptodev/rte_crypto.h      | 8 +-------
 3 files changed, 3 insertions(+), 8 deletions(-)

diff --git a/doc/guides/rel_notes/release_17_08.rst b/doc/guides/rel_notes/release_17_08.rst
index 20f459e..6acbf35 100644
--- a/doc/guides/rel_notes/release_17_08.rst
+++ b/doc/guides/rel_notes/release_17_08.rst
@@ -155,6 +155,8 @@ API Changes
     ``rte_crypto_op_sess_type`` in ``rte_crypto_op`` have been modified to be
     uint8_t values.
   * Removed the field ``opaque_data`` from ``rte_crypto_op``.
+  * Pointer to ``rte_crypto_sym_op`` in ``rte_crypto_op`` has been replaced
+    with a zero length array.
 
 
 ABI Changes
diff --git a/examples/ipsec-secgw/ipsec.c b/examples/ipsec-secgw/ipsec.c
index edca5f0..126d79f 100644
--- a/examples/ipsec-secgw/ipsec.c
+++ b/examples/ipsec-secgw/ipsec.c
@@ -140,7 +140,6 @@ ipsec_enqueue(ipsec_xform_fn xform_func, struct ipsec_ctx *ipsec_ctx,
 		priv->cop.status = RTE_CRYPTO_OP_STATUS_NOT_PROCESSED;
 
 		rte_prefetch0(&priv->sym_cop);
-		priv->cop.sym = &priv->sym_cop;
 
 		if ((unlikely(sa->crypto_session == NULL)) &&
 				create_session(ipsec_ctx, sa)) {
diff --git a/lib/librte_cryptodev/rte_crypto.h b/lib/librte_cryptodev/rte_crypto.h
index c2677fa..85716a6 100644
--- a/lib/librte_cryptodev/rte_crypto.h
+++ b/lib/librte_cryptodev/rte_crypto.h
@@ -124,7 +124,7 @@ struct rte_crypto_op {
 
 	RTE_STD_C11
 	union {
-		struct rte_crypto_sym_op *sym;
+		struct rte_crypto_sym_op sym[0];
 		/**< Symmetric operation parameters */
 	}; /**< operation specific parameters */
 } __rte_cache_aligned;
@@ -144,12 +144,6 @@ __rte_crypto_op_reset(struct rte_crypto_op *op, enum rte_crypto_op_type type)
 
 	switch (type) {
 	case RTE_CRYPTO_OP_TYPE_SYMMETRIC:
-		/** Symmetric operation structure starts after the end of the
-		 * rte_crypto_op structure.
-		 */
-		op->sym = (struct rte_crypto_sym_op *)(op + 1);
-		op->type = type;
-
 		__rte_crypto_sym_op_reset(op->sym);
 		break;
 	default:
-- 
2.9.4

^ permalink raw reply	[flat|nested] 100+ messages in thread

* [dpdk-dev] [PATCH v2 05/27] cryptodev: remove useless alignment
  2017-06-26 10:22 ` [dpdk-dev] [PATCH v2 00/27] Crypto operation restructuring Pablo de Lara
                     ` (3 preceding siblings ...)
  2017-06-26 10:22   ` [dpdk-dev] [PATCH v2 04/27] cryptodev: do not store pointer to op specific params Pablo de Lara
@ 2017-06-26 10:22   ` Pablo de Lara
  2017-06-26 10:22   ` [dpdk-dev] [PATCH v2 06/27] cryptodev: add crypto op helper macros Pablo de Lara
                     ` (23 subsequent siblings)
  28 siblings, 0 replies; 100+ messages in thread
From: Pablo de Lara @ 2017-06-26 10:22 UTC (permalink / raw)
  To: declan.doherty, zbigniew.bodek, jerin.jacob, akhil.goyal, hemant.agrawal
  Cc: dev, Pablo de Lara

rte_crypto_op and rte_crypto_sym_op structures
were marked as cache aligned.
However, since these structures are always initialized
in a mempool, this alignment is useless, since the mempool
forces the alignment of its objects.

Signed-off-by: Pablo de Lara <pablo.de.lara.guarch@intel.com>
---
 lib/librte_cryptodev/rte_crypto.h     | 2 +-
 lib/librte_cryptodev/rte_crypto_sym.h | 2 +-
 2 files changed, 2 insertions(+), 2 deletions(-)

diff --git a/lib/librte_cryptodev/rte_crypto.h b/lib/librte_cryptodev/rte_crypto.h
index 85716a6..43be7dc 100644
--- a/lib/librte_cryptodev/rte_crypto.h
+++ b/lib/librte_cryptodev/rte_crypto.h
@@ -127,7 +127,7 @@ struct rte_crypto_op {
 		struct rte_crypto_sym_op sym[0];
 		/**< Symmetric operation parameters */
 	}; /**< operation specific parameters */
-} __rte_cache_aligned;
+};
 
 /**
  * Reset the fields of a crypto operation to their default values.
diff --git a/lib/librte_cryptodev/rte_crypto_sym.h b/lib/librte_cryptodev/rte_crypto_sym.h
index 386b120..39ad1e3 100644
--- a/lib/librte_cryptodev/rte_crypto_sym.h
+++ b/lib/librte_cryptodev/rte_crypto_sym.h
@@ -640,7 +640,7 @@ struct rte_crypto_sym_op {
 		} aad;
 		/**< Additional authentication parameters */
 	} auth;
-} __rte_cache_aligned;
+};
 
 
 /**
-- 
2.9.4

^ permalink raw reply	[flat|nested] 100+ messages in thread

* [dpdk-dev] [PATCH v2 06/27] cryptodev: add crypto op helper macros
  2017-06-26 10:22 ` [dpdk-dev] [PATCH v2 00/27] Crypto operation restructuring Pablo de Lara
                     ` (4 preceding siblings ...)
  2017-06-26 10:22   ` [dpdk-dev] [PATCH v2 05/27] cryptodev: remove useless alignment Pablo de Lara
@ 2017-06-26 10:22   ` Pablo de Lara
  2017-06-26 10:22   ` [dpdk-dev] [PATCH v2 07/27] crypto/qat: fix KASUMI authentication Pablo de Lara
                     ` (22 subsequent siblings)
  28 siblings, 0 replies; 100+ messages in thread
From: Pablo de Lara @ 2017-06-26 10:22 UTC (permalink / raw)
  To: declan.doherty, zbigniew.bodek, jerin.jacob, akhil.goyal, hemant.agrawal
  Cc: dev, Pablo de Lara

In order to facilitate the access to the private data,
after the crypto operation, two new macros have been
implemented:

- rte_crypto_op_ctod_offset(c,t,o), which returns a pointer
  to "o" bytes after the start of the crypto operation
  (rte_crypto_op)
- rte_crypto_op_ctophys_offset(c, o), which returns
  the physical address of the data "o" bytes after the
  start of the crypto operation (rte_crypto_op)

Signed-off-by: Pablo de Lara <pablo.de.lara.guarch@intel.com>
---
 lib/librte_cryptodev/rte_cryptodev.h | 32 ++++++++++++++++++++++++++++++++
 1 file changed, 32 insertions(+)

diff --git a/lib/librte_cryptodev/rte_cryptodev.h b/lib/librte_cryptodev/rte_cryptodev.h
index 4e318f0..91f3375 100644
--- a/lib/librte_cryptodev/rte_cryptodev.h
+++ b/lib/librte_cryptodev/rte_cryptodev.h
@@ -119,6 +119,38 @@ extern const char **rte_cyptodev_names;
 #define CDEV_PMD_TRACE(...) (void)0
 #endif
 
+
+
+/**
+ * A macro that points to an offset from the start
+ * of the crypto operation structure (rte_crypto_op)
+ *
+ * The returned pointer is cast to type t.
+ *
+ * @param c
+ *   The crypto operation.
+ * @param o
+ *   The offset from the start of the crypto operation.
+ * @param t
+ *   The type to cast the result into.
+ */
+#define rte_crypto_op_ctod_offset(c, t, o)	\
+	((t)((char *)(c) + (o)))
+
+/**
+ * A macro that returns the physical address that points
+ * to an offset from the start of the crypto operation
+ * (rte_crypto_op)
+ *
+ * @param c
+ *   The crypto operation.
+ * @param o
+ *   The offset from the start of the crypto operation
+ *   to calculate address from.
+ */
+#define rte_crypto_op_ctophys_offset(c, o)	\
+	(phys_addr_t)((c)->phys_addr + (o))
+
 /**
  * Crypto parameters range description
  */
-- 
2.9.4

^ permalink raw reply	[flat|nested] 100+ messages in thread

* [dpdk-dev] [PATCH v2 07/27] crypto/qat: fix KASUMI authentication
  2017-06-26 10:22 ` [dpdk-dev] [PATCH v2 00/27] Crypto operation restructuring Pablo de Lara
                     ` (5 preceding siblings ...)
  2017-06-26 10:22   ` [dpdk-dev] [PATCH v2 06/27] cryptodev: add crypto op helper macros Pablo de Lara
@ 2017-06-26 10:22   ` Pablo de Lara
  2017-06-26 10:22   ` [dpdk-dev] [PATCH v2 08/27] test/crypto: move IV to crypto op private data Pablo de Lara
                     ` (21 subsequent siblings)
  28 siblings, 0 replies; 100+ messages in thread
From: Pablo de Lara @ 2017-06-26 10:22 UTC (permalink / raw)
  To: declan.doherty, zbigniew.bodek, jerin.jacob, akhil.goyal, hemant.agrawal
  Cc: dev, Pablo de Lara, stable

QAT PMD was assuming that cipher IV was always prepended,
before the input buffer, but it is not necessary to have it
there, only the auth IV (COUNT and FRESH) and the input buffer
needs to be contiguous, with the direction bit after.

If AAD (containing the IV for authentication)
is not just before the message, the authentication will fail.
Therefore, the headroom of the input buffer is used to
copy the AAD, and then it is removed after the operation is
finished.

It was also assuming that the IV was starting at offset 0,
which is not always the case.

Fixes: d4f2745300e0 ("crypto/qat: add KASUMI")
CC: stable@dpdk.org

Signed-off-by: Pablo de Lara <pablo.de.lara.guarch@intel.com>
---
 drivers/crypto/qat/qat_crypto.c | 37 ++++++++++++++++++++++++++-----------
 1 file changed, 26 insertions(+), 11 deletions(-)

diff --git a/drivers/crypto/qat/qat_crypto.c b/drivers/crypto/qat/qat_crypto.c
index 9b294e4..bdd5bab 100644
--- a/drivers/crypto/qat/qat_crypto.c
+++ b/drivers/crypto/qat/qat_crypto.c
@@ -812,6 +812,11 @@ qat_pmd_dequeue_op_burst(void *qp, struct rte_crypto_op **ops,
 						(rx_op->sym->session->_private);
 			if (sess->bpi_ctx)
 				qat_bpicipher_postprocess(sess, rx_op);
+			if (sess->qat_hash_alg ==
+					ICP_QAT_HW_AUTH_ALGO_KASUMI_F9)
+				/* Trim area used for authentication IV. */
+				rte_pktmbuf_adj(rx_op->sym->m_src,
+						ICP_QAT_HW_KASUMI_BLK_SZ);
 			rx_op->status = RTE_CRYPTO_OP_STATUS_SUCCESS;
 		}
 
@@ -1012,15 +1017,25 @@ qat_write_hw_desc_entry(struct rte_crypto_op *op, uint8_t *out_msg,
 
 			if (ctx->qat_hash_alg ==
 					ICP_QAT_HW_AUTH_ALGO_KASUMI_F9) {
-				if (do_cipher) {
-					auth_len = auth_len + auth_ofs + 1 -
-						ICP_QAT_HW_KASUMI_BLK_SZ;
-					auth_ofs = ICP_QAT_HW_KASUMI_BLK_SZ;
-				} else {
-					auth_len = auth_len + auth_ofs + 1;
-					auth_ofs = 0;
-				}
-			}
+				/*
+				 * Prepend IV in mbuf, as IV and the plaintext
+				 * needs to be contiguous
+				 */
+				uint8_t *auth_iv_ptr_dst =
+						(uint8_t *) rte_pktmbuf_prepend(
+							op->sym->m_src,
+							ICP_QAT_HW_KASUMI_BLK_SZ);
+				const uint8_t *auth_iv_ptr_src =
+						op->sym->auth.aad.data;
+				rte_memcpy(auth_iv_ptr_dst, auth_iv_ptr_src,
+					       ICP_QAT_HW_KASUMI_BLK_SZ);
+				/* Auth IV and message is contiguous + direction bit */
+				auth_len = auth_len + ICP_QAT_HW_KASUMI_BLK_SZ + 1;
+				/* Buffer to cipher starts after auth IV */
+				if (do_cipher)
+					cipher_ofs += ICP_QAT_HW_KASUMI_BLK_SZ;
+			} else
+				auth_param->u1.aad_adr = op->sym->auth.aad.phys_addr;
 
 		} else if (ctx->qat_hash_alg ==
 					ICP_QAT_HW_AUTH_ALGO_GALOIS_128 ||
@@ -1028,6 +1043,8 @@ qat_write_hw_desc_entry(struct rte_crypto_op *op, uint8_t *out_msg,
 					ICP_QAT_HW_AUTH_ALGO_GALOIS_64) {
 			auth_ofs = op->sym->cipher.data.offset;
 			auth_len = op->sym->cipher.data.length;
+
+			auth_param->u1.aad_adr = op->sym->auth.aad.phys_addr;
 		} else {
 			auth_ofs = op->sym->auth.data.offset;
 			auth_len = op->sym->auth.data.length;
@@ -1036,8 +1053,6 @@ qat_write_hw_desc_entry(struct rte_crypto_op *op, uint8_t *out_msg,
 
 		auth_param->auth_res_addr = op->sym->auth.digest.phys_addr;
 
-		auth_param->u1.aad_adr = op->sym->auth.aad.phys_addr;
-
 	}
 
 	if (op->sym->m_src->next || (op->sym->m_dst && op->sym->m_dst->next))
-- 
2.9.4

^ permalink raw reply	[flat|nested] 100+ messages in thread

* [dpdk-dev] [PATCH v2 08/27] test/crypto: move IV to crypto op private data
  2017-06-26 10:22 ` [dpdk-dev] [PATCH v2 00/27] Crypto operation restructuring Pablo de Lara
                     ` (6 preceding siblings ...)
  2017-06-26 10:22   ` [dpdk-dev] [PATCH v2 07/27] crypto/qat: fix KASUMI authentication Pablo de Lara
@ 2017-06-26 10:22   ` Pablo de Lara
  2017-06-26 10:22   ` [dpdk-dev] [PATCH v2 09/27] test/crypto-perf: " Pablo de Lara
                     ` (20 subsequent siblings)
  28 siblings, 0 replies; 100+ messages in thread
From: Pablo de Lara @ 2017-06-26 10:22 UTC (permalink / raw)
  To: declan.doherty, zbigniew.bodek, jerin.jacob, akhil.goyal, hemant.agrawal
  Cc: dev, Pablo de Lara

Usually, IV will change for each crypto operation.
Therefore, instead of pointing at the same location,
IV is copied after each crypto operation.

This will let the IV to be passed as an offset from
the beginning of the crypto operation, instead of
a pointer.

Signed-off-by: Pablo de Lara <pablo.de.lara.guarch@intel.com>
---
 test/test/test_cryptodev.c             | 386 +++++++++++++--------------------
 test/test/test_cryptodev.h             |   6 +
 test/test/test_cryptodev_blockcipher.c |  30 +--
 3 files changed, 161 insertions(+), 261 deletions(-)

diff --git a/test/test/test_cryptodev.c b/test/test/test_cryptodev.c
index cf2f90d..133c439 100644
--- a/test/test/test_cryptodev.c
+++ b/test/test/test_cryptodev.c
@@ -202,7 +202,8 @@ testsuite_setup(void)
 			RTE_CRYPTO_OP_TYPE_SYMMETRIC,
 			NUM_MBUFS, MBUF_CACHE_SIZE,
 			DEFAULT_NUM_XFORMS *
-			sizeof(struct rte_crypto_sym_xform),
+			sizeof(struct rte_crypto_sym_xform) +
+			MAXIMUM_IV_LENGTH,
 			rte_socket_id());
 	if (ts_params->op_mpool == NULL) {
 		RTE_LOG(ERR, USER1, "Can't create CRYPTO_OP_POOL\n");
@@ -1306,19 +1307,19 @@ test_AES_CBC_HMAC_SHA1_encrypt_digest(void)
 			ut_params->ibuf, QUOTE_512_BYTES);
 	sym_op->auth.digest.length = DIGEST_BYTE_LENGTH_SHA1;
 
-	sym_op->auth.data.offset = CIPHER_IV_LENGTH_AES_CBC;
+	sym_op->auth.data.offset = 0;
 	sym_op->auth.data.length = QUOTE_512_BYTES;
 
 	/* Set crypto operation cipher parameters */
-	sym_op->cipher.iv.data = (uint8_t *)rte_pktmbuf_prepend(ut_params->ibuf,
-			CIPHER_IV_LENGTH_AES_CBC);
-	sym_op->cipher.iv.phys_addr = rte_pktmbuf_mtophys(ut_params->ibuf);
+	sym_op->cipher.iv.data = rte_crypto_op_ctod_offset(ut_params->op,
+						uint8_t *, IV_OFFSET);
+	sym_op->cipher.iv.phys_addr = rte_crypto_op_ctophys_offset(ut_params->op,
+						IV_OFFSET);
 	sym_op->cipher.iv.length = CIPHER_IV_LENGTH_AES_CBC;
 
-	rte_memcpy(sym_op->cipher.iv.data, aes_cbc_iv,
-			CIPHER_IV_LENGTH_AES_CBC);
+	rte_memcpy(sym_op->cipher.iv.data, aes_cbc_iv, CIPHER_IV_LENGTH_AES_CBC);
 
-	sym_op->cipher.data.offset = CIPHER_IV_LENGTH_AES_CBC;
+	sym_op->cipher.data.offset = 0;
 	sym_op->cipher.data.length = QUOTE_512_BYTES;
 
 	/* Process crypto operation */
@@ -1329,8 +1330,8 @@ test_AES_CBC_HMAC_SHA1_encrypt_digest(void)
 			"crypto op processing failed");
 
 	/* Validate obuf */
-	uint8_t *ciphertext = rte_pktmbuf_mtod_offset(ut_params->op->sym->m_src,
-			uint8_t *, CIPHER_IV_LENGTH_AES_CBC);
+	uint8_t *ciphertext = rte_pktmbuf_mtod(ut_params->op->sym->m_src,
+			uint8_t *);
 
 	TEST_ASSERT_BUFFERS_ARE_EQUAL(ciphertext,
 			catch_22_quote_2_512_bytes_AES_CBC_ciphertext,
@@ -1460,19 +1461,18 @@ test_AES_CBC_HMAC_SHA512_decrypt_perform(struct rte_cryptodev_sym_session *sess,
 			ut_params->ibuf, QUOTE_512_BYTES);
 	sym_op->auth.digest.length = DIGEST_BYTE_LENGTH_SHA512;
 
-	sym_op->auth.data.offset = CIPHER_IV_LENGTH_AES_CBC;
+	sym_op->auth.data.offset = 0;
 	sym_op->auth.data.length = QUOTE_512_BYTES;
 
-	sym_op->cipher.iv.data = (uint8_t *)rte_pktmbuf_prepend(
-			ut_params->ibuf, CIPHER_IV_LENGTH_AES_CBC);
-	sym_op->cipher.iv.phys_addr = rte_pktmbuf_mtophys_offset(
-			ut_params->ibuf, 0);
+	sym_op->cipher.iv.data = rte_crypto_op_ctod_offset(ut_params->op,
+						uint8_t *, IV_OFFSET);
+	sym_op->cipher.iv.phys_addr = rte_crypto_op_ctophys_offset(ut_params->op,
+						IV_OFFSET);
 	sym_op->cipher.iv.length = CIPHER_IV_LENGTH_AES_CBC;
 
-	rte_memcpy(sym_op->cipher.iv.data, iv,
-			CIPHER_IV_LENGTH_AES_CBC);
+	rte_memcpy(sym_op->cipher.iv.data, iv, CIPHER_IV_LENGTH_AES_CBC);
 
-	sym_op->cipher.data.offset = CIPHER_IV_LENGTH_AES_CBC;
+	sym_op->cipher.data.offset = 0;
 	sym_op->cipher.data.length = QUOTE_512_BYTES;
 
 	/* Process crypto operation */
@@ -1486,8 +1486,8 @@ test_AES_CBC_HMAC_SHA512_decrypt_perform(struct rte_cryptodev_sym_session *sess,
 
 	/* Validate obuf */
 	TEST_ASSERT_BUFFERS_ARE_EQUAL(
-			rte_pktmbuf_mtod(ut_params->obuf, uint8_t *) +
-			CIPHER_IV_LENGTH_AES_CBC, catch_22_quote,
+			rte_pktmbuf_mtod(ut_params->obuf, uint8_t *),
+			catch_22_quote,
 			QUOTE_512_BYTES,
 			"Plaintext data not as expected");
 
@@ -1838,14 +1838,12 @@ create_wireless_algo_cipher_session(uint8_t dev_id,
 }
 
 static int
-create_wireless_algo_cipher_operation(const uint8_t *iv, const unsigned iv_len,
-			const unsigned cipher_len,
-			const unsigned cipher_offset,
-			enum rte_crypto_cipher_algorithm algo)
+create_wireless_algo_cipher_operation(const uint8_t *iv, uint8_t iv_len,
+			unsigned int cipher_len,
+			unsigned int cipher_offset)
 {
 	struct crypto_testsuite_params *ts_params = &testsuite_params;
 	struct crypto_unittest_params *ut_params = &unittest_params;
-	unsigned iv_pad_len = 0;
 
 	/* Generate Crypto op data structure */
 	ut_params->op = rte_crypto_op_alloc(ts_params->op_mpool,
@@ -1862,19 +1860,11 @@ create_wireless_algo_cipher_operation(const uint8_t *iv, const unsigned iv_len,
 	sym_op->m_src = ut_params->ibuf;
 
 	/* iv */
-	if (algo == RTE_CRYPTO_CIPHER_KASUMI_F8)
-		iv_pad_len = RTE_ALIGN_CEIL(iv_len, 8);
-	else
-		iv_pad_len = RTE_ALIGN_CEIL(iv_len, 16);
-
-	sym_op->cipher.iv.data = (uint8_t *)rte_pktmbuf_prepend(ut_params->ibuf
-			, iv_pad_len);
-
-	TEST_ASSERT_NOT_NULL(sym_op->cipher.iv.data, "no room to prepend iv");
-
-	memset(sym_op->cipher.iv.data, 0, iv_pad_len);
-	sym_op->cipher.iv.phys_addr = rte_pktmbuf_mtophys(ut_params->ibuf);
-	sym_op->cipher.iv.length = iv_pad_len;
+	sym_op->cipher.iv.data = rte_crypto_op_ctod_offset(ut_params->op,
+						uint8_t *, IV_OFFSET);
+	sym_op->cipher.iv.phys_addr = rte_crypto_op_ctophys_offset(ut_params->op,
+						IV_OFFSET);
+	sym_op->cipher.iv.length = iv_len;
 
 	rte_memcpy(sym_op->cipher.iv.data, iv, iv_len);
 	sym_op->cipher.data.length = cipher_len;
@@ -1883,14 +1873,12 @@ create_wireless_algo_cipher_operation(const uint8_t *iv, const unsigned iv_len,
 }
 
 static int
-create_wireless_algo_cipher_operation_oop(const uint8_t *iv, const uint8_t iv_len,
-			const unsigned cipher_len,
-			const unsigned cipher_offset,
-			enum rte_crypto_cipher_algorithm algo)
+create_wireless_algo_cipher_operation_oop(const uint8_t *iv, uint8_t iv_len,
+			unsigned int cipher_len,
+			unsigned int cipher_offset)
 {
 	struct crypto_testsuite_params *ts_params = &testsuite_params;
 	struct crypto_unittest_params *ut_params = &unittest_params;
-	unsigned iv_pad_len = 0;
 
 	/* Generate Crypto op data structure */
 	ut_params->op = rte_crypto_op_alloc(ts_params->op_mpool,
@@ -1908,22 +1896,11 @@ create_wireless_algo_cipher_operation_oop(const uint8_t *iv, const uint8_t iv_le
 	sym_op->m_dst = ut_params->obuf;
 
 	/* iv */
-	if (algo == RTE_CRYPTO_CIPHER_KASUMI_F8)
-		iv_pad_len = RTE_ALIGN_CEIL(iv_len, 8);
-	else
-		iv_pad_len = RTE_ALIGN_CEIL(iv_len, 16);
-	sym_op->cipher.iv.data = (uint8_t *)rte_pktmbuf_prepend(ut_params->ibuf,
-					iv_pad_len);
-
-	TEST_ASSERT_NOT_NULL(sym_op->cipher.iv.data, "no room to prepend iv");
-
-	/* For OOP operation both buffers must have the same size */
-	if (ut_params->obuf)
-		rte_pktmbuf_prepend(ut_params->obuf, iv_pad_len);
-
-	memset(sym_op->cipher.iv.data, 0, iv_pad_len);
-	sym_op->cipher.iv.phys_addr = rte_pktmbuf_mtophys(ut_params->ibuf);
-	sym_op->cipher.iv.length = iv_pad_len;
+	sym_op->cipher.iv.data = rte_crypto_op_ctod_offset(ut_params->op,
+						uint8_t *, IV_OFFSET);
+	sym_op->cipher.iv.phys_addr = rte_crypto_op_ctophys_offset(ut_params->op,
+						IV_OFFSET);
+	sym_op->cipher.iv.length = iv_len;
 
 	rte_memcpy(sym_op->cipher.iv.data, iv, iv_len);
 	sym_op->cipher.data.length = cipher_len;
@@ -2164,8 +2141,7 @@ create_wireless_algo_hash_operation(const uint8_t *auth_tag,
 static int
 create_wireless_cipher_hash_operation(const struct wireless_test_data *tdata,
 	enum rte_crypto_auth_operation op,
-	enum rte_crypto_auth_algorithm auth_algo,
-	enum rte_crypto_cipher_algorithm cipher_algo)
+	enum rte_crypto_auth_algorithm auth_algo)
 {
 	struct crypto_testsuite_params *ts_params = &testsuite_params;
 	struct crypto_unittest_params *ut_params = &unittest_params;
@@ -2180,11 +2156,10 @@ create_wireless_cipher_hash_operation(const struct wireless_test_data *tdata,
 	const uint8_t *iv = tdata->iv.data;
 	const uint8_t iv_len = tdata->iv.len;
 	const unsigned int cipher_len = tdata->validCipherLenInBits.len;
-	const unsigned int cipher_offset = tdata->iv.len << 3;
+	const unsigned int cipher_offset = 0;
 	const unsigned int auth_len = tdata->validAuthLenInBits.len;
 	const unsigned int auth_offset = tdata->aad.len << 3;
 
-	unsigned int iv_pad_len = 0;
 	unsigned int aad_buffer_len;
 
 	/* Generate Crypto op data structure */
@@ -2244,17 +2219,12 @@ create_wireless_cipher_hash_operation(const struct wireless_test_data *tdata,
 	TEST_HEXDUMP(stdout, "aad:", sym_op->auth.aad.data, aad_len);
 
 	/* iv */
-	if (cipher_algo == RTE_CRYPTO_CIPHER_KASUMI_F8)
-		iv_pad_len = RTE_ALIGN_CEIL(iv_len, 8);
-	else
-		iv_pad_len = RTE_ALIGN_CEIL(iv_len, 16);
-	sym_op->cipher.iv.data = (uint8_t *)rte_pktmbuf_prepend(
-		ut_params->ibuf, iv_pad_len);
-
-	TEST_ASSERT_NOT_NULL(sym_op->cipher.iv.data, "no room to prepend iv");
-	memset(sym_op->cipher.iv.data, 0, iv_pad_len);
-	sym_op->cipher.iv.phys_addr = rte_pktmbuf_mtophys(ut_params->ibuf);
-	sym_op->cipher.iv.length = iv_pad_len;
+	sym_op->cipher.iv.data = rte_crypto_op_ctod_offset(ut_params->op,
+						uint8_t *, IV_OFFSET);
+	sym_op->cipher.iv.phys_addr = rte_crypto_op_ctophys_offset(ut_params->op,
+						IV_OFFSET);
+	sym_op->cipher.iv.length = iv_len;
+
 	rte_memcpy(sym_op->cipher.iv.data, iv, iv_len);
 	sym_op->cipher.data.length = cipher_len;
 	sym_op->cipher.data.offset = cipher_offset + auth_offset;
@@ -2270,8 +2240,7 @@ create_zuc_cipher_hash_generate_operation(
 {
 	return create_wireless_cipher_hash_operation(tdata,
 		RTE_CRYPTO_AUTH_OP_GENERATE,
-		RTE_CRYPTO_AUTH_ZUC_EIA3,
-		RTE_CRYPTO_CIPHER_ZUC_EEA3);
+		RTE_CRYPTO_AUTH_ZUC_EIA3);
 }
 
 static int
@@ -2281,7 +2250,6 @@ create_wireless_algo_cipher_hash_operation(const uint8_t *auth_tag,
 		unsigned data_pad_len,
 		enum rte_crypto_auth_operation op,
 		enum rte_crypto_auth_algorithm auth_algo,
-		enum rte_crypto_cipher_algorithm cipher_algo,
 		const uint8_t *iv, const uint8_t iv_len,
 		const unsigned cipher_len, const unsigned cipher_offset,
 		const unsigned auth_len, const unsigned auth_offset)
@@ -2289,7 +2257,6 @@ create_wireless_algo_cipher_hash_operation(const uint8_t *auth_tag,
 	struct crypto_testsuite_params *ts_params = &testsuite_params;
 	struct crypto_unittest_params *ut_params = &unittest_params;
 
-	unsigned iv_pad_len = 0;
 	unsigned aad_buffer_len;
 
 	/* Generate Crypto op data structure */
@@ -2349,17 +2316,12 @@ create_wireless_algo_cipher_hash_operation(const uint8_t *auth_tag,
 	TEST_HEXDUMP(stdout, "aad:", sym_op->auth.aad.data, aad_len);
 
 	/* iv */
-	if (cipher_algo == RTE_CRYPTO_CIPHER_KASUMI_F8)
-		iv_pad_len = RTE_ALIGN_CEIL(iv_len, 8);
-	else
-		iv_pad_len = RTE_ALIGN_CEIL(iv_len, 16);
-	sym_op->cipher.iv.data = (uint8_t *)rte_pktmbuf_prepend(
-		ut_params->ibuf, iv_pad_len);
-
-	TEST_ASSERT_NOT_NULL(sym_op->cipher.iv.data, "no room to prepend iv");
-	memset(sym_op->cipher.iv.data, 0, iv_pad_len);
-	sym_op->cipher.iv.phys_addr = rte_pktmbuf_mtophys(ut_params->ibuf);
-	sym_op->cipher.iv.length = iv_pad_len;
+	sym_op->cipher.iv.data = rte_crypto_op_ctod_offset(ut_params->op,
+						uint8_t *, IV_OFFSET);
+	sym_op->cipher.iv.phys_addr = rte_crypto_op_ctophys_offset(ut_params->op,
+						IV_OFFSET);
+	sym_op->cipher.iv.length = iv_len;
+
 	rte_memcpy(sym_op->cipher.iv.data, iv, iv_len);
 	sym_op->cipher.data.length = cipher_len;
 	sym_op->cipher.data.offset = cipher_offset + auth_offset;
@@ -2376,13 +2338,11 @@ create_wireless_algo_auth_cipher_operation(const unsigned auth_tag_len,
 		unsigned data_pad_len,
 		const unsigned cipher_len, const unsigned cipher_offset,
 		const unsigned auth_len, const unsigned auth_offset,
-		enum rte_crypto_auth_algorithm auth_algo,
-		enum rte_crypto_cipher_algorithm cipher_algo)
+		enum rte_crypto_auth_algorithm auth_algo)
 {
 	struct crypto_testsuite_params *ts_params = &testsuite_params;
 	struct crypto_unittest_params *ut_params = &unittest_params;
 
-	unsigned iv_pad_len = 0;
 	unsigned aad_buffer_len = 0;
 
 	/* Generate Crypto op data structure */
@@ -2441,18 +2401,11 @@ create_wireless_algo_auth_cipher_operation(const unsigned auth_tag_len,
 			sym_op->auth.aad.data, aad_len);
 
 	/* iv */
-	if (cipher_algo == RTE_CRYPTO_CIPHER_KASUMI_F8)
-		iv_pad_len = RTE_ALIGN_CEIL(iv_len, 8);
-	else
-		iv_pad_len = RTE_ALIGN_CEIL(iv_len, 16);
-
-	sym_op->cipher.iv.data = (uint8_t *)rte_pktmbuf_prepend(
-		ut_params->ibuf, iv_pad_len);
-	TEST_ASSERT_NOT_NULL(sym_op->cipher.iv.data, "no room to prepend iv");
-
-	memset(sym_op->cipher.iv.data, 0, iv_pad_len);
-	sym_op->cipher.iv.phys_addr = rte_pktmbuf_mtophys(ut_params->ibuf);
-	sym_op->cipher.iv.length = iv_pad_len;
+	sym_op->cipher.iv.data = rte_crypto_op_ctod_offset(ut_params->op,
+						uint8_t *, IV_OFFSET);
+	sym_op->cipher.iv.phys_addr = rte_crypto_op_ctophys_offset(ut_params->op,
+						IV_OFFSET);
+	sym_op->cipher.iv.length = iv_len;
 
 	rte_memcpy(sym_op->cipher.iv.data, iv, iv_len);
 
@@ -2886,8 +2839,7 @@ test_kasumi_encryption(const struct kasumi_test_data *tdata)
 	/* Create KASUMI operation */
 	retval = create_wireless_algo_cipher_operation(tdata->iv.data, tdata->iv.len,
 					tdata->plaintext.len,
-					(tdata->iv.len << 3),
-					RTE_CRYPTO_CIPHER_KASUMI_F8);
+					0);
 	if (retval < 0)
 		return retval;
 
@@ -2897,8 +2849,7 @@ test_kasumi_encryption(const struct kasumi_test_data *tdata)
 
 	ut_params->obuf = ut_params->op->sym->m_dst;
 	if (ut_params->obuf)
-		ciphertext = rte_pktmbuf_mtod(ut_params->obuf, uint8_t *)
-				+ tdata->iv.len;
+		ciphertext = rte_pktmbuf_mtod(ut_params->obuf, uint8_t *);
 	else
 		ciphertext = plaintext;
 
@@ -2960,8 +2911,7 @@ test_kasumi_encryption_sgl(const struct kasumi_test_data *tdata)
 	retval = create_wireless_algo_cipher_operation(tdata->iv.data,
 					tdata->iv.len,
 					tdata->plaintext.len,
-					(tdata->iv.len << 3),
-					RTE_CRYPTO_CIPHER_KASUMI_F8);
+					0);
 	if (retval < 0)
 		return retval;
 
@@ -2972,10 +2922,10 @@ test_kasumi_encryption_sgl(const struct kasumi_test_data *tdata)
 	ut_params->obuf = ut_params->op->sym->m_dst;
 
 	if (ut_params->obuf)
-		ciphertext = rte_pktmbuf_read(ut_params->obuf, tdata->iv.len,
+		ciphertext = rte_pktmbuf_read(ut_params->obuf, 0,
 				plaintext_len, buffer);
 	else
-		ciphertext = rte_pktmbuf_read(ut_params->ibuf, tdata->iv.len,
+		ciphertext = rte_pktmbuf_read(ut_params->ibuf, 0,
 				plaintext_len, buffer);
 
 	/* Validate obuf */
@@ -3031,8 +2981,7 @@ test_kasumi_encryption_oop(const struct kasumi_test_data *tdata)
 	retval = create_wireless_algo_cipher_operation_oop(tdata->iv.data,
 					tdata->iv.len,
 					tdata->plaintext.len,
-					(tdata->iv.len << 3),
-					RTE_CRYPTO_CIPHER_KASUMI_F8);
+					0);
 	if (retval < 0)
 		return retval;
 
@@ -3042,8 +2991,7 @@ test_kasumi_encryption_oop(const struct kasumi_test_data *tdata)
 
 	ut_params->obuf = ut_params->op->sym->m_dst;
 	if (ut_params->obuf)
-		ciphertext = rte_pktmbuf_mtod(ut_params->obuf, uint8_t *)
-				+ tdata->iv.len;
+		ciphertext = rte_pktmbuf_mtod(ut_params->obuf, uint8_t *);
 	else
 		ciphertext = plaintext;
 
@@ -3106,8 +3054,7 @@ test_kasumi_encryption_oop_sgl(const struct kasumi_test_data *tdata)
 	retval = create_wireless_algo_cipher_operation_oop(tdata->iv.data,
 					tdata->iv.len,
 					tdata->plaintext.len,
-					(tdata->iv.len << 3),
-					RTE_CRYPTO_CIPHER_KASUMI_F8);
+					0);
 	if (retval < 0)
 		return retval;
 
@@ -3117,10 +3064,10 @@ test_kasumi_encryption_oop_sgl(const struct kasumi_test_data *tdata)
 
 	ut_params->obuf = ut_params->op->sym->m_dst;
 	if (ut_params->obuf)
-		ciphertext = rte_pktmbuf_read(ut_params->obuf, tdata->iv.len,
+		ciphertext = rte_pktmbuf_read(ut_params->obuf, 0,
 				plaintext_pad_len, buffer);
 	else
-		ciphertext = rte_pktmbuf_read(ut_params->ibuf, tdata->iv.len,
+		ciphertext = rte_pktmbuf_read(ut_params->ibuf, 0,
 				plaintext_pad_len, buffer);
 
 	/* Validate obuf */
@@ -3174,8 +3121,7 @@ test_kasumi_decryption_oop(const struct kasumi_test_data *tdata)
 	retval = create_wireless_algo_cipher_operation_oop(tdata->iv.data,
 					tdata->iv.len,
 					tdata->ciphertext.len,
-					(tdata->iv.len << 3),
-					RTE_CRYPTO_CIPHER_KASUMI_F8);
+					0);
 	if (retval < 0)
 		return retval;
 
@@ -3185,8 +3131,7 @@ test_kasumi_decryption_oop(const struct kasumi_test_data *tdata)
 
 	ut_params->obuf = ut_params->op->sym->m_dst;
 	if (ut_params->obuf)
-		plaintext = rte_pktmbuf_mtod(ut_params->obuf, uint8_t *)
-				+ tdata->iv.len;
+		plaintext = rte_pktmbuf_mtod(ut_params->obuf, uint8_t *);
 	else
 		plaintext = ciphertext;
 
@@ -3240,8 +3185,7 @@ test_kasumi_decryption(const struct kasumi_test_data *tdata)
 	retval = create_wireless_algo_cipher_operation(tdata->iv.data,
 					tdata->iv.len,
 					tdata->ciphertext.len,
-					(tdata->iv.len << 3),
-					RTE_CRYPTO_CIPHER_KASUMI_F8);
+					0);
 	if (retval < 0)
 		return retval;
 
@@ -3251,8 +3195,7 @@ test_kasumi_decryption(const struct kasumi_test_data *tdata)
 
 	ut_params->obuf = ut_params->op->sym->m_dst;
 	if (ut_params->obuf)
-		plaintext = rte_pktmbuf_mtod(ut_params->obuf, uint8_t *)
-				+ tdata->iv.len;
+		plaintext = rte_pktmbuf_mtod(ut_params->obuf, uint8_t *);
 	else
 		plaintext = ciphertext;
 
@@ -3305,8 +3248,7 @@ test_snow3g_encryption(const struct snow3g_test_data *tdata)
 	/* Create SNOW 3G operation */
 	retval = create_wireless_algo_cipher_operation(tdata->iv.data, tdata->iv.len,
 					tdata->validCipherLenInBits.len,
-					(tdata->iv.len << 3),
-					RTE_CRYPTO_CIPHER_SNOW3G_UEA2);
+					0);
 	if (retval < 0)
 		return retval;
 
@@ -3316,8 +3258,7 @@ test_snow3g_encryption(const struct snow3g_test_data *tdata)
 
 	ut_params->obuf = ut_params->op->sym->m_dst;
 	if (ut_params->obuf)
-		ciphertext = rte_pktmbuf_mtod(ut_params->obuf, uint8_t *)
-				+ tdata->iv.len;
+		ciphertext = rte_pktmbuf_mtod(ut_params->obuf, uint8_t *);
 	else
 		ciphertext = plaintext;
 
@@ -3379,8 +3320,7 @@ test_snow3g_encryption_oop(const struct snow3g_test_data *tdata)
 	retval = create_wireless_algo_cipher_operation_oop(tdata->iv.data,
 					tdata->iv.len,
 					tdata->validCipherLenInBits.len,
-					(tdata->iv.len << 3),
-					RTE_CRYPTO_CIPHER_SNOW3G_UEA2);
+					0);
 	if (retval < 0)
 		return retval;
 
@@ -3390,8 +3330,7 @@ test_snow3g_encryption_oop(const struct snow3g_test_data *tdata)
 
 	ut_params->obuf = ut_params->op->sym->m_dst;
 	if (ut_params->obuf)
-		ciphertext = rte_pktmbuf_mtod(ut_params->obuf, uint8_t *)
-				+ tdata->iv.len;
+		ciphertext = rte_pktmbuf_mtod(ut_params->obuf, uint8_t *);
 	else
 		ciphertext = plaintext;
 
@@ -3456,8 +3395,7 @@ test_snow3g_encryption_oop_sgl(const struct snow3g_test_data *tdata)
 	retval = create_wireless_algo_cipher_operation_oop(tdata->iv.data,
 					tdata->iv.len,
 					tdata->validCipherLenInBits.len,
-					(tdata->iv.len << 3),
-					RTE_CRYPTO_CIPHER_SNOW3G_UEA2);
+					0);
 	if (retval < 0)
 		return retval;
 
@@ -3467,10 +3405,10 @@ test_snow3g_encryption_oop_sgl(const struct snow3g_test_data *tdata)
 
 	ut_params->obuf = ut_params->op->sym->m_dst;
 	if (ut_params->obuf)
-		ciphertext = rte_pktmbuf_read(ut_params->obuf, tdata->iv.len,
+		ciphertext = rte_pktmbuf_read(ut_params->obuf, 0,
 				plaintext_len, buffer);
 	else
-		ciphertext = rte_pktmbuf_read(ut_params->ibuf, tdata->iv.len,
+		ciphertext = rte_pktmbuf_read(ut_params->ibuf, 0,
 				plaintext_len, buffer);
 
 	TEST_HEXDUMP(stdout, "ciphertext:", ciphertext, plaintext_len);
@@ -3559,9 +3497,7 @@ test_snow3g_encryption_offset_oop(const struct snow3g_test_data *tdata)
 	retval = create_wireless_algo_cipher_operation_oop(tdata->iv.data,
 					tdata->iv.len,
 					tdata->validCipherLenInBits.len,
-					(tdata->iv.len << 3) +
-					extra_offset,
-					RTE_CRYPTO_CIPHER_SNOW3G_UEA2);
+					extra_offset);
 	if (retval < 0)
 		return retval;
 
@@ -3571,8 +3507,7 @@ test_snow3g_encryption_offset_oop(const struct snow3g_test_data *tdata)
 
 	ut_params->obuf = ut_params->op->sym->m_dst;
 	if (ut_params->obuf)
-		ciphertext = rte_pktmbuf_mtod(ut_params->obuf, uint8_t *)
-				+ tdata->iv.len;
+		ciphertext = rte_pktmbuf_mtod(ut_params->obuf, uint8_t *);
 	else
 		ciphertext = plaintext;
 
@@ -3638,8 +3573,7 @@ static int test_snow3g_decryption(const struct snow3g_test_data *tdata)
 	/* Create SNOW 3G operation */
 	retval = create_wireless_algo_cipher_operation(tdata->iv.data, tdata->iv.len,
 					tdata->validCipherLenInBits.len,
-					(tdata->iv.len << 3),
-					RTE_CRYPTO_CIPHER_SNOW3G_UEA2);
+					0);
 	if (retval < 0)
 		return retval;
 
@@ -3648,8 +3582,7 @@ static int test_snow3g_decryption(const struct snow3g_test_data *tdata)
 	TEST_ASSERT_NOT_NULL(ut_params->op, "failed to retrieve obuf");
 	ut_params->obuf = ut_params->op->sym->m_dst;
 	if (ut_params->obuf)
-		plaintext = rte_pktmbuf_mtod(ut_params->obuf, uint8_t *)
-				+ tdata->iv.len;
+		plaintext = rte_pktmbuf_mtod(ut_params->obuf, uint8_t *);
 	else
 		plaintext = ciphertext;
 
@@ -3712,8 +3645,7 @@ static int test_snow3g_decryption_oop(const struct snow3g_test_data *tdata)
 	retval = create_wireless_algo_cipher_operation_oop(tdata->iv.data,
 					tdata->iv.len,
 					tdata->validCipherLenInBits.len,
-					(tdata->iv.len << 3),
-					RTE_CRYPTO_CIPHER_SNOW3G_UEA2);
+					0);
 	if (retval < 0)
 		return retval;
 
@@ -3722,8 +3654,7 @@ static int test_snow3g_decryption_oop(const struct snow3g_test_data *tdata)
 	TEST_ASSERT_NOT_NULL(ut_params->op, "failed to retrieve obuf");
 	ut_params->obuf = ut_params->op->sym->m_dst;
 	if (ut_params->obuf)
-		plaintext = rte_pktmbuf_mtod(ut_params->obuf, uint8_t *)
-				+ tdata->iv.len;
+		plaintext = rte_pktmbuf_mtod(ut_params->obuf, uint8_t *);
 	else
 		plaintext = ciphertext;
 
@@ -3800,7 +3731,7 @@ test_zuc_cipher_auth(const struct wireless_test_data *tdata)
 	ut_params->obuf = ut_params->op->sym->m_src;
 	if (ut_params->obuf)
 		ciphertext = rte_pktmbuf_mtod(ut_params->obuf, uint8_t *)
-				+ tdata->iv.len + tdata->aad.len;
+				+ tdata->aad.len;
 	else
 		ciphertext = plaintext;
 
@@ -3813,7 +3744,7 @@ test_zuc_cipher_auth(const struct wireless_test_data *tdata)
 			"ZUC Ciphertext data not as expected");
 
 	ut_params->digest = rte_pktmbuf_mtod(ut_params->obuf, uint8_t *)
-	    + plaintext_pad_len + tdata->aad.len + tdata->iv.len;
+	    + plaintext_pad_len + tdata->aad.len;
 
 	/* Validate obuf */
 	TEST_ASSERT_BUFFERS_ARE_EQUAL(
@@ -3868,10 +3799,9 @@ test_snow3g_cipher_auth(const struct snow3g_test_data *tdata)
 			tdata->aad.len, /*tdata->plaintext.len,*/
 			plaintext_pad_len, RTE_CRYPTO_AUTH_OP_GENERATE,
 			RTE_CRYPTO_AUTH_SNOW3G_UIA2,
-			RTE_CRYPTO_CIPHER_SNOW3G_UEA2,
 			tdata->iv.data, tdata->iv.len,
 			tdata->validCipherLenInBits.len,
-			(tdata->iv.len << 3),
+			0,
 			tdata->validAuthLenInBits.len,
 			(tdata->aad.len << 3)
 			);
@@ -3884,7 +3814,7 @@ test_snow3g_cipher_auth(const struct snow3g_test_data *tdata)
 	ut_params->obuf = ut_params->op->sym->m_src;
 	if (ut_params->obuf)
 		ciphertext = rte_pktmbuf_mtod(ut_params->obuf, uint8_t *)
-				+ tdata->iv.len + tdata->aad.len;
+					+ tdata->aad.len;
 	else
 		ciphertext = plaintext;
 
@@ -3897,7 +3827,7 @@ test_snow3g_cipher_auth(const struct snow3g_test_data *tdata)
 			"SNOW 3G Ciphertext data not as expected");
 
 	ut_params->digest = rte_pktmbuf_mtod(ut_params->obuf, uint8_t *)
-	    + plaintext_pad_len + tdata->aad.len + tdata->iv.len;
+	    + plaintext_pad_len + tdata->aad.len;
 
 	/* Validate obuf */
 	TEST_ASSERT_BUFFERS_ARE_EQUAL(
@@ -3953,11 +3883,10 @@ test_snow3g_auth_cipher(const struct snow3g_test_data *tdata)
 		tdata->aad.data, tdata->aad.len,
 		plaintext_pad_len,
 		tdata->validCipherLenInBits.len,
-		(tdata->iv.len << 3),
+		0,
 		tdata->validAuthLenInBits.len,
 		(tdata->aad.len << 3),
-		RTE_CRYPTO_AUTH_SNOW3G_UIA2,
-		RTE_CRYPTO_CIPHER_SNOW3G_UEA2
+		RTE_CRYPTO_AUTH_SNOW3G_UIA2
 	);
 
 	if (retval < 0)
@@ -3969,12 +3898,12 @@ test_snow3g_auth_cipher(const struct snow3g_test_data *tdata)
 	ut_params->obuf = ut_params->op->sym->m_src;
 	if (ut_params->obuf)
 		ciphertext = rte_pktmbuf_mtod(ut_params->obuf, uint8_t *)
-				+ tdata->aad.len + tdata->iv.len;
+				+ tdata->aad.len;
 	else
 		ciphertext = plaintext;
 
 	ut_params->digest = rte_pktmbuf_mtod(ut_params->obuf, uint8_t *)
-			+ plaintext_pad_len + tdata->aad.len + tdata->iv.len;
+			+ plaintext_pad_len + tdata->aad.len;
 	TEST_HEXDUMP(stdout, "ciphertext:", ciphertext, plaintext_len);
 
 	/* Validate obuf */
@@ -4038,11 +3967,10 @@ test_kasumi_auth_cipher(const struct kasumi_test_data *tdata)
 				tdata->aad.data, tdata->aad.len,
 				plaintext_pad_len,
 				tdata->validCipherLenInBits.len,
-				(tdata->iv.len << 3),
+				0,
 				tdata->validAuthLenInBits.len,
 				(tdata->aad.len << 3),
-				RTE_CRYPTO_AUTH_KASUMI_F9,
-				RTE_CRYPTO_CIPHER_KASUMI_F8
+				RTE_CRYPTO_AUTH_KASUMI_F9
 				);
 
 	if (retval < 0)
@@ -4054,7 +3982,7 @@ test_kasumi_auth_cipher(const struct kasumi_test_data *tdata)
 	ut_params->obuf = ut_params->op->sym->m_src;
 	if (ut_params->obuf)
 		ciphertext = rte_pktmbuf_mtod(ut_params->obuf, uint8_t *)
-				+ tdata->iv.len + tdata->aad.len;
+				+ tdata->aad.len;
 	else
 		ciphertext = plaintext;
 
@@ -4065,7 +3993,7 @@ test_kasumi_auth_cipher(const struct kasumi_test_data *tdata)
 			tdata->validCipherLenInBits.len,
 			"KASUMI Ciphertext data not as expected");
 	ut_params->digest = rte_pktmbuf_mtod(ut_params->obuf, uint8_t *)
-	    + plaintext_pad_len + tdata->aad.len + tdata->iv.len;
+	    + plaintext_pad_len + tdata->aad.len;
 
 	/* Validate obuf */
 	TEST_ASSERT_BUFFERS_ARE_EQUAL(
@@ -4122,10 +4050,9 @@ test_kasumi_cipher_auth(const struct kasumi_test_data *tdata)
 				tdata->aad.len,
 				plaintext_pad_len, RTE_CRYPTO_AUTH_OP_GENERATE,
 				RTE_CRYPTO_AUTH_KASUMI_F9,
-				RTE_CRYPTO_CIPHER_KASUMI_F8,
 				tdata->iv.data, tdata->iv.len,
 				tdata->validCipherLenInBits.len,
-				(tdata->iv.len << 3),
+				0,
 				tdata->validAuthLenInBits.len,
 				(tdata->aad.len << 3)
 				);
@@ -4138,12 +4065,12 @@ test_kasumi_cipher_auth(const struct kasumi_test_data *tdata)
 	ut_params->obuf = ut_params->op->sym->m_src;
 	if (ut_params->obuf)
 		ciphertext = rte_pktmbuf_mtod(ut_params->obuf, uint8_t *)
-				+ tdata->aad.len + tdata->iv.len;
+				+ tdata->aad.len;
 	else
 		ciphertext = plaintext;
 
 	ut_params->digest = rte_pktmbuf_mtod(ut_params->obuf, uint8_t *)
-			+ plaintext_pad_len + tdata->aad.len + tdata->iv.len;
+			+ plaintext_pad_len + tdata->aad.len;
 
 	/* Validate obuf */
 	TEST_ASSERT_BUFFERS_ARE_EQUAL_BIT(
@@ -4209,8 +4136,7 @@ test_zuc_encryption(const struct wireless_test_data *tdata)
 	/* Create ZUC operation */
 	retval = create_wireless_algo_cipher_operation(tdata->iv.data, tdata->iv.len,
 					tdata->plaintext.len,
-					(tdata->iv.len << 3),
-					RTE_CRYPTO_CIPHER_ZUC_EEA3);
+					0);
 	if (retval < 0)
 		return retval;
 
@@ -4220,8 +4146,7 @@ test_zuc_encryption(const struct wireless_test_data *tdata)
 
 	ut_params->obuf = ut_params->op->sym->m_dst;
 	if (ut_params->obuf)
-		ciphertext = rte_pktmbuf_mtod(ut_params->obuf, uint8_t *)
-				+ tdata->iv.len;
+		ciphertext = rte_pktmbuf_mtod(ut_params->obuf, uint8_t *);
 	else
 		ciphertext = plaintext;
 
@@ -4294,8 +4219,7 @@ test_zuc_encryption_sgl(const struct wireless_test_data *tdata)
 	/* Create ZUC operation */
 	retval = create_wireless_algo_cipher_operation(tdata->iv.data,
 			tdata->iv.len, tdata->plaintext.len,
-			(tdata->iv.len << 3),
-			RTE_CRYPTO_CIPHER_ZUC_EEA3);
+			0);
 	if (retval < 0)
 		return retval;
 
@@ -4306,10 +4230,10 @@ test_zuc_encryption_sgl(const struct wireless_test_data *tdata)
 	ut_params->obuf = ut_params->op->sym->m_dst;
 	if (ut_params->obuf)
 		ciphertext = rte_pktmbuf_read(ut_params->obuf,
-			tdata->iv.len, plaintext_len, ciphertext_buffer);
+			0, plaintext_len, ciphertext_buffer);
 	else
 		ciphertext = rte_pktmbuf_read(ut_params->ibuf,
-			tdata->iv.len, plaintext_len, ciphertext_buffer);
+			0, plaintext_len, ciphertext_buffer);
 
 	/* Validate obuf */
 	TEST_HEXDUMP(stdout, "ciphertext:", ciphertext, plaintext_len);
@@ -4906,7 +4830,7 @@ create_gcm_operation(enum rte_crypto_cipher_operation op,
 	struct crypto_unittest_params *ut_params = &unittest_params;
 
 	uint8_t *plaintext, *ciphertext;
-	unsigned int iv_pad_len, aad_pad_len, plaintext_pad_len;
+	unsigned int aad_pad_len, plaintext_pad_len;
 
 	/* Generate Crypto op data structure */
 	ut_params->op = rte_crypto_op_alloc(ts_params->op_mpool,
@@ -4930,14 +4854,11 @@ create_gcm_operation(enum rte_crypto_cipher_operation op,
 	TEST_HEXDUMP(stdout, "aad:", sym_op->auth.aad.data,
 		sym_op->auth.aad.length);
 
-	/* Prepend iv */
-	iv_pad_len = RTE_ALIGN_CEIL(tdata->iv.len, 16);
-	sym_op->cipher.iv.data = (uint8_t *)rte_pktmbuf_prepend(
-			ut_params->ibuf, iv_pad_len);
-	TEST_ASSERT_NOT_NULL(sym_op->cipher.iv.data, "no room to prepend iv");
-
-	memset(sym_op->cipher.iv.data, 0, iv_pad_len);
-	sym_op->cipher.iv.phys_addr = rte_pktmbuf_mtophys(ut_params->ibuf);
+	/* Append IV at the end of the crypto operation*/
+	sym_op->cipher.iv.data = rte_crypto_op_ctod_offset(ut_params->op,
+						uint8_t *, IV_OFFSET);
+	sym_op->cipher.iv.phys_addr = rte_crypto_op_ctophys_offset(ut_params->op,
+						IV_OFFSET);
 	sym_op->cipher.iv.length = tdata->iv.len;
 
 	rte_memcpy(sym_op->cipher.iv.data, tdata->iv.data, tdata->iv.len);
@@ -4958,12 +4879,11 @@ create_gcm_operation(enum rte_crypto_cipher_operation op,
 		if (ut_params->obuf) {
 			ciphertext = (uint8_t *)rte_pktmbuf_append(
 					ut_params->obuf,
-					plaintext_pad_len + aad_pad_len +
-					iv_pad_len);
+					plaintext_pad_len + aad_pad_len);
 			TEST_ASSERT_NOT_NULL(ciphertext,
 					"no room to append ciphertext");
 
-			memset(ciphertext + aad_pad_len + iv_pad_len, 0,
+			memset(ciphertext + aad_pad_len, 0,
 					tdata->ciphertext.len);
 		}
 	} else {
@@ -4981,12 +4901,11 @@ create_gcm_operation(enum rte_crypto_cipher_operation op,
 		if (ut_params->obuf) {
 			plaintext = (uint8_t *)rte_pktmbuf_append(
 					ut_params->obuf,
-					plaintext_pad_len + aad_pad_len +
-					iv_pad_len);
+					plaintext_pad_len + aad_pad_len);
 			TEST_ASSERT_NOT_NULL(plaintext,
 					"no room to append plaintext");
 
-			memset(plaintext + aad_pad_len + iv_pad_len, 0,
+			memset(plaintext + aad_pad_len, 0,
 					tdata->plaintext.len);
 		}
 	}
@@ -5004,7 +4923,7 @@ create_gcm_operation(enum rte_crypto_cipher_operation op,
 				ut_params->obuf ? ut_params->obuf :
 						ut_params->ibuf,
 						plaintext_pad_len +
-						aad_pad_len + iv_pad_len);
+						aad_pad_len);
 		sym_op->auth.digest.length = tdata->auth_tag.len;
 	} else {
 		sym_op->auth.digest.data = (uint8_t *)rte_pktmbuf_append(
@@ -5013,7 +4932,7 @@ create_gcm_operation(enum rte_crypto_cipher_operation op,
 				"no room to append digest");
 		sym_op->auth.digest.phys_addr = rte_pktmbuf_mtophys_offset(
 				ut_params->ibuf,
-				plaintext_pad_len + aad_pad_len + iv_pad_len);
+				plaintext_pad_len + aad_pad_len);
 		sym_op->auth.digest.length = tdata->auth_tag.len;
 
 		rte_memcpy(sym_op->auth.digest.data, tdata->auth_tag.data,
@@ -5024,10 +4943,10 @@ create_gcm_operation(enum rte_crypto_cipher_operation op,
 	}
 
 	sym_op->cipher.data.length = tdata->plaintext.len;
-	sym_op->cipher.data.offset = aad_pad_len + iv_pad_len;
+	sym_op->cipher.data.offset = aad_pad_len;
 
 	sym_op->auth.data.length = tdata->plaintext.len;
-	sym_op->auth.data.offset = aad_pad_len + iv_pad_len;
+	sym_op->auth.data.offset = aad_pad_len;
 
 	return 0;
 }
@@ -6465,10 +6384,8 @@ create_gmac_operation(enum rte_crypto_auth_operation op,
 	struct crypto_unittest_params *ut_params = &unittest_params;
 	struct rte_crypto_sym_op *sym_op;
 
-	unsigned iv_pad_len;
 	unsigned aad_pad_len;
 
-	iv_pad_len = RTE_ALIGN_CEIL(tdata->iv.len, 16);
 	aad_pad_len = RTE_ALIGN_CEIL(tdata->aad.len, 16);
 
 	/*
@@ -6513,17 +6430,15 @@ create_gmac_operation(enum rte_crypto_auth_operation op,
 				sym_op->auth.digest.length);
 	}
 
-	sym_op->cipher.iv.data = (uint8_t *)rte_pktmbuf_prepend(
-			ut_params->ibuf, iv_pad_len);
-	TEST_ASSERT_NOT_NULL(sym_op->cipher.iv.data, "no room to prepend iv");
-
-	memset(sym_op->cipher.iv.data, 0, iv_pad_len);
-	sym_op->cipher.iv.phys_addr = rte_pktmbuf_mtophys(ut_params->ibuf);
+	sym_op->cipher.iv.data = rte_crypto_op_ctod_offset(ut_params->op,
+						uint8_t *, IV_OFFSET);
+	sym_op->cipher.iv.phys_addr = rte_crypto_op_ctophys_offset(ut_params->op,
+						IV_OFFSET);
 	sym_op->cipher.iv.length = tdata->iv.len;
 
 	rte_memcpy(sym_op->cipher.iv.data, tdata->iv.data, tdata->iv.len);
 
-	TEST_HEXDUMP(stdout, "iv:", sym_op->cipher.iv.data, iv_pad_len);
+	TEST_HEXDUMP(stdout, "iv:", sym_op->cipher.iv.data, tdata->iv.len);
 
 	sym_op->cipher.data.length = 0;
 	sym_op->cipher.data.offset = 0;
@@ -7061,14 +6976,13 @@ create_auth_GMAC_operation(struct crypto_testsuite_params *ts_params,
 			sym_op->auth.digest.data,
 			sym_op->auth.digest.length);
 
-	sym_op->cipher.iv.data = (uint8_t *)rte_pktmbuf_prepend(
-		ut_params->ibuf, reference->iv.len);
-	TEST_ASSERT_NOT_NULL(sym_op->cipher.iv.data, "no room to prepend iv");
-
-	sym_op->cipher.iv.phys_addr = rte_pktmbuf_mtophys(ut_params->ibuf);
+	sym_op->cipher.iv.data = rte_crypto_op_ctod_offset(ut_params->op,
+						uint8_t *, IV_OFFSET);
+	sym_op->cipher.iv.phys_addr = rte_crypto_op_ctophys_offset(ut_params->op,
+						IV_OFFSET);
 	sym_op->cipher.iv.length = reference->iv.len;
 
-	memcpy(sym_op->cipher.iv.data, reference->iv.data, reference->iv.len);
+	rte_memcpy(sym_op->cipher.iv.data, reference->iv.data, reference->iv.len);
 
 	sym_op->cipher.data.length = 0;
 	sym_op->cipher.data.offset = 0;
@@ -7121,20 +7035,19 @@ create_cipher_auth_operation(struct crypto_testsuite_params *ts_params,
 			sym_op->auth.digest.data,
 			sym_op->auth.digest.length);
 
-	sym_op->cipher.iv.data = (uint8_t *)rte_pktmbuf_prepend(
-		ut_params->ibuf, reference->iv.len);
-	TEST_ASSERT_NOT_NULL(sym_op->cipher.iv.data, "no room to prepend iv");
-
-	sym_op->cipher.iv.phys_addr = rte_pktmbuf_mtophys(ut_params->ibuf);
+	sym_op->cipher.iv.data = rte_crypto_op_ctod_offset(ut_params->op,
+						uint8_t *, IV_OFFSET);
+	sym_op->cipher.iv.phys_addr = rte_crypto_op_ctophys_offset(ut_params->op,
+						IV_OFFSET);
 	sym_op->cipher.iv.length = reference->iv.len;
 
-	memcpy(sym_op->cipher.iv.data, reference->iv.data, reference->iv.len);
+	rte_memcpy(sym_op->cipher.iv.data, reference->iv.data, reference->iv.len);
 
 	sym_op->cipher.data.length = reference->ciphertext.len;
-	sym_op->cipher.data.offset = reference->iv.len;
+	sym_op->cipher.data.offset = 0;
 
 	sym_op->auth.data.length = reference->ciphertext.len;
-	sym_op->auth.data.offset = reference->iv.len;
+	sym_op->auth.data.offset = 0;
 
 	return 0;
 }
@@ -7348,8 +7261,6 @@ create_gcm_operation_SGL(enum rte_crypto_cipher_operation op,
 	const unsigned int iv_len = tdata->iv.len;
 	const unsigned int aad_len = tdata->aad.len;
 
-	unsigned int iv_pad_len = 0;
-
 	/* Generate Crypto op data structure */
 	ut_params->op = rte_crypto_op_alloc(ts_params->op_mpool,
 			RTE_CRYPTO_OP_TYPE_SYMMETRIC);
@@ -7374,19 +7285,13 @@ create_gcm_operation_SGL(enum rte_crypto_cipher_operation op,
 				sym_op->auth.digest.length);
 	}
 
-	iv_pad_len = RTE_ALIGN_CEIL(iv_len, 16);
-
-	sym_op->cipher.iv.data = (uint8_t *)rte_pktmbuf_prepend(
-			ut_params->ibuf, iv_pad_len);
-
-	TEST_ASSERT_NOT_NULL(sym_op->cipher.iv.data,
-			"no room to prepend iv");
-
-	memset(sym_op->cipher.iv.data, 0, iv_pad_len);
-	sym_op->cipher.iv.phys_addr = rte_pktmbuf_mtophys(ut_params->ibuf);
+	sym_op->cipher.iv.data = rte_crypto_op_ctod_offset(ut_params->op,
+						uint8_t *, IV_OFFSET);
+	sym_op->cipher.iv.phys_addr = rte_crypto_op_ctophys_offset(ut_params->op,
+						IV_OFFSET);
 	sym_op->cipher.iv.length = iv_len;
 
-	rte_memcpy(sym_op->cipher.iv.data, tdata->iv.data, iv_pad_len);
+	rte_memcpy(sym_op->cipher.iv.data, tdata->iv.data, iv_len);
 
 	sym_op->auth.aad.data = (uint8_t *)rte_pktmbuf_prepend(
 			ut_params->ibuf, aad_len);
@@ -7399,14 +7304,14 @@ create_gcm_operation_SGL(enum rte_crypto_cipher_operation op,
 	memset(sym_op->auth.aad.data, 0, aad_len);
 	rte_memcpy(sym_op->auth.aad.data, tdata->aad.data, aad_len);
 
-	TEST_HEXDUMP(stdout, "iv:", sym_op->cipher.iv.data, iv_pad_len);
+	TEST_HEXDUMP(stdout, "iv:", sym_op->cipher.iv.data, iv_len);
 	TEST_HEXDUMP(stdout, "aad:",
 			sym_op->auth.aad.data, aad_len);
 
 	sym_op->cipher.data.length = tdata->plaintext.len;
-	sym_op->cipher.data.offset = aad_len + iv_pad_len;
+	sym_op->cipher.data.offset = aad_len;
 
-	sym_op->auth.data.offset = aad_len + iv_pad_len;
+	sym_op->auth.data.offset = aad_len;
 	sym_op->auth.data.length = tdata->plaintext.len;
 
 	return 0;
@@ -7440,8 +7345,7 @@ test_AES_GCM_authenticated_encryption_SGL(const struct gcm_test_data *tdata,
 	int ecx = 0;
 	void *digest_mem = NULL;
 
-	uint32_t prepend_len = ALIGN_POW2_ROUNDUP(tdata->iv.len, 16)
-			+ tdata->aad.len;
+	uint32_t prepend_len = tdata->aad.len;
 
 	if (tdata->plaintext.len % fragsz != 0) {
 		if (tdata->plaintext.len / fragsz + 1 > SGL_MAX_NO)
diff --git a/test/test/test_cryptodev.h b/test/test/test_cryptodev.h
index 67354a9..d60fa35 100644
--- a/test/test/test_cryptodev.h
+++ b/test/test/test_cryptodev.h
@@ -71,6 +71,12 @@
 #define TRUNCATED_DIGEST_BYTE_LENGTH_SHA384		(24)
 #define TRUNCATED_DIGEST_BYTE_LENGTH_SHA512		(32)
 
+#define MAXIMUM_IV_LENGTH				(16)
+
+#define IV_OFFSET			(sizeof(struct rte_crypto_op) + \
+		sizeof(struct rte_crypto_sym_op) + DEFAULT_NUM_XFORMS * \
+		sizeof(struct rte_crypto_sym_xform))
+
 /**
  * Write (spread) data from buffer to mbuf data
  *
diff --git a/test/test/test_cryptodev_blockcipher.c b/test/test/test_cryptodev_blockcipher.c
index 603c776..186e169 100644
--- a/test/test/test_cryptodev_blockcipher.c
+++ b/test/test/test_cryptodev_blockcipher.c
@@ -118,8 +118,6 @@ test_blockcipher_one_case(const struct blockcipher_test_case *t,
 	}
 
 	/* preparing data */
-	if (t->op_mask & BLOCKCIPHER_TEST_OP_CIPHER)
-		buf_len += tdata->iv.len;
 	if (t->op_mask & BLOCKCIPHER_TEST_OP_AUTH)
 		buf_len += digest_len;
 
@@ -145,10 +143,6 @@ test_blockcipher_one_case(const struct blockcipher_test_case *t,
 		pktmbuf_write(ibuf, 0, tdata->ciphertext.len,
 				tdata->ciphertext.data);
 
-	if (t->op_mask & BLOCKCIPHER_TEST_OP_CIPHER) {
-		rte_memcpy(rte_pktmbuf_prepend(ibuf, tdata->iv.len),
-				tdata->iv.data, tdata->iv.len);
-	}
 	buf_p = rte_pktmbuf_append(ibuf, digest_len);
 	if (t->op_mask & BLOCKCIPHER_TEST_OP_AUTH_VERIFY)
 		rte_memcpy(buf_p, tdata->digest.data, digest_len);
@@ -294,24 +288,20 @@ test_blockcipher_one_case(const struct blockcipher_test_case *t,
 		cipher_xform->cipher.key.data = cipher_key;
 		cipher_xform->cipher.key.length = tdata->cipher_key.len;
 
-		sym_op->cipher.data.offset = tdata->iv.len;
+		sym_op->cipher.data.offset = 0;
 		sym_op->cipher.data.length = tdata->ciphertext.len;
-		sym_op->cipher.iv.data = rte_pktmbuf_mtod(sym_op->m_src,
-			uint8_t *);
+		sym_op->cipher.iv.data = rte_crypto_op_ctod_offset(op,
+						uint8_t *, IV_OFFSET);
+		sym_op->cipher.iv.phys_addr = rte_crypto_op_ctophys_offset(op,
+						IV_OFFSET);
 		sym_op->cipher.iv.length = tdata->iv.len;
-		sym_op->cipher.iv.phys_addr = rte_pktmbuf_mtophys(
-			sym_op->m_src);
+		rte_memcpy(sym_op->cipher.iv.data, tdata->iv.data,
+				tdata->iv.len);
 	}
 
 	if (t->op_mask & BLOCKCIPHER_TEST_OP_AUTH) {
-		uint32_t auth_data_offset = 0;
 		uint32_t digest_offset = tdata->ciphertext.len;
 
-		if (t->op_mask & BLOCKCIPHER_TEST_OP_CIPHER) {
-			digest_offset += tdata->iv.len;
-			auth_data_offset += tdata->iv.len;
-		}
-
 		auth_xform->type = RTE_CRYPTO_SYM_XFORM_AUTH;
 		auth_xform->auth.algo = tdata->auth_algo;
 		auth_xform->auth.key.length = tdata->auth_key.len;
@@ -334,7 +324,7 @@ test_blockcipher_one_case(const struct blockcipher_test_case *t,
 					digest_offset);
 		}
 
-		sym_op->auth.data.offset = auth_data_offset;
+		sym_op->auth.data.offset = 0;
 		sym_op->auth.data.length = tdata->ciphertext.len;
 		sym_op->auth.digest.length = digest_len;
 	}
@@ -421,7 +411,7 @@ test_blockcipher_one_case(const struct blockcipher_test_case *t,
 			compare_len = tdata->plaintext.len;
 		}
 
-		if (memcmp(rte_pktmbuf_read(iobuf, tdata->iv.len, compare_len,
+		if (memcmp(rte_pktmbuf_read(iobuf, 0, compare_len,
 				buffer), compare_ref, compare_len)) {
 			snprintf(test_msg, BLOCKCIPHER_TEST_MSG_LEN, "line %u "
 				"FAILED: %s", __LINE__,
@@ -436,7 +426,7 @@ test_blockcipher_one_case(const struct blockcipher_test_case *t,
 
 		if (t->op_mask & BLOCKCIPHER_TEST_OP_CIPHER)
 			auth_res = pktmbuf_mtod_offset(iobuf,
-					tdata->iv.len + tdata->ciphertext.len);
+					tdata->ciphertext.len);
 		else
 			auth_res = pktmbuf_mtod_offset(iobuf,
 					tdata->ciphertext.len);
-- 
2.9.4

^ permalink raw reply	[flat|nested] 100+ messages in thread

* [dpdk-dev] [PATCH v2 09/27] test/crypto-perf: move IV to crypto op private data
  2017-06-26 10:22 ` [dpdk-dev] [PATCH v2 00/27] Crypto operation restructuring Pablo de Lara
                     ` (7 preceding siblings ...)
  2017-06-26 10:22   ` [dpdk-dev] [PATCH v2 08/27] test/crypto: move IV to crypto op private data Pablo de Lara
@ 2017-06-26 10:22   ` Pablo de Lara
  2017-06-26 10:22   ` [dpdk-dev] [PATCH v2 10/27] app/crypto-perf: " Pablo de Lara
                     ` (19 subsequent siblings)
  28 siblings, 0 replies; 100+ messages in thread
From: Pablo de Lara @ 2017-06-26 10:22 UTC (permalink / raw)
  To: declan.doherty, zbigniew.bodek, jerin.jacob, akhil.goyal, hemant.agrawal
  Cc: dev, Pablo de Lara

Usually, IV will change for each crypto operation.
Therefore, instead of pointing at the same location,
IV is copied after each crypto operation.

This will let the IV to be passed as an offset from
the beginning of the crypto operation, instead of
a pointer.

Signed-off-by: Pablo de Lara <pablo.de.lara.guarch@intel.com>
---
 test/test/test_cryptodev_perf.c | 110 ++++++++++++++++++++++------------------
 1 file changed, 60 insertions(+), 50 deletions(-)

diff --git a/test/test/test_cryptodev_perf.c b/test/test/test_cryptodev_perf.c
index 7a90667..b08451d 100644
--- a/test/test/test_cryptodev_perf.c
+++ b/test/test/test_cryptodev_perf.c
@@ -110,7 +110,6 @@ struct symmetric_session_attrs {
 
 struct crypto_params {
 	uint8_t *aad;
-	uint8_t *iv;
 	uint8_t *digest;
 };
 
@@ -265,7 +264,8 @@ testsuite_setup(void)
 			RTE_CRYPTO_OP_TYPE_SYMMETRIC,
 			NUM_MBUFS, MBUF_CACHE_SIZE,
 			DEFAULT_NUM_XFORMS *
-			sizeof(struct rte_crypto_sym_xform),
+			sizeof(struct rte_crypto_sym_xform) +
+			MAXIMUM_IV_LENGTH,
 			rte_socket_id());
 		if (ts_params->op_mpool == NULL) {
 			RTE_LOG(ERR, USER1, "Can't create CRYPTO_OP_POOL\n");
@@ -1978,19 +1978,20 @@ test_perf_crypto_qp_vary_burst_size(uint16_t dev_num)
 				data_params[0].length);
 		op->sym->auth.digest.length = DIGEST_BYTE_LENGTH_SHA256;
 
-		op->sym->auth.data.offset = CIPHER_IV_LENGTH_AES_CBC;
+		op->sym->auth.data.offset = 0;
 		op->sym->auth.data.length = data_params[0].length;
 
 
-		op->sym->cipher.iv.data = (uint8_t *)rte_pktmbuf_prepend(m,
-				CIPHER_IV_LENGTH_AES_CBC);
-		op->sym->cipher.iv.phys_addr = rte_pktmbuf_mtophys(m);
+		op->sym->cipher.iv.data = rte_crypto_op_ctod_offset(op,
+				uint8_t *, IV_OFFSET);
+		op->sym->cipher.iv.phys_addr = rte_crypto_op_ctophys_offset(op,
+				IV_OFFSET);
 		op->sym->cipher.iv.length = CIPHER_IV_LENGTH_AES_CBC;
 
 		rte_memcpy(op->sym->cipher.iv.data, aes_cbc_128_iv,
 				CIPHER_IV_LENGTH_AES_CBC);
 
-		op->sym->cipher.data.offset = CIPHER_IV_LENGTH_AES_CBC;
+		op->sym->cipher.data.offset = 0;
 		op->sym->cipher.data.length = data_params[0].length;
 
 		op->sym->m_src = m;
@@ -2887,23 +2888,25 @@ test_perf_set_crypto_op_aes(struct rte_crypto_op *op, struct rte_mbuf *m,
 		op->sym->auth.data.length = 0;
 	} else {
 		op->sym->auth.digest.data = rte_pktmbuf_mtod_offset(m,
-				 uint8_t *, AES_CIPHER_IV_LENGTH + data_len);
+				 uint8_t *, data_len);
 		op->sym->auth.digest.phys_addr = rte_pktmbuf_mtophys_offset(m,
-				AES_CIPHER_IV_LENGTH + data_len);
+				data_len);
 		op->sym->auth.digest.length = digest_len;
-		op->sym->auth.data.offset = AES_CIPHER_IV_LENGTH;
+		op->sym->auth.data.offset = 0;
 		op->sym->auth.data.length = data_len;
 	}
 
 
 	/* Cipher Parameters */
-	op->sym->cipher.iv.data = rte_pktmbuf_mtod(m, uint8_t *);
-	op->sym->cipher.iv.phys_addr = rte_pktmbuf_mtophys(m);
+	op->sym->cipher.iv.data = rte_crypto_op_ctod_offset(op,
+			uint8_t *, IV_OFFSET);
+	op->sym->cipher.iv.phys_addr = rte_crypto_op_ctophys_offset(op,
+			IV_OFFSET);
 	op->sym->cipher.iv.length = AES_CIPHER_IV_LENGTH;
 
 	rte_memcpy(op->sym->cipher.iv.data, aes_iv, AES_CIPHER_IV_LENGTH);
 
-	op->sym->cipher.data.offset = AES_CIPHER_IV_LENGTH;
+	op->sym->cipher.data.offset = 0;
 	op->sym->cipher.data.length = data_len;
 
 	op->sym->m_src = m;
@@ -2931,8 +2934,12 @@ test_perf_set_crypto_op_aes_gcm(struct rte_crypto_op *op, struct rte_mbuf *m,
 	op->sym->auth.aad.length = AES_GCM_AAD_LENGTH;
 
 	/* Cipher Parameters */
-	op->sym->cipher.iv.data = aes_iv;
+	op->sym->cipher.iv.data = rte_crypto_op_ctod_offset(op,
+			uint8_t *, IV_OFFSET);
+	op->sym->cipher.iv.phys_addr = rte_crypto_op_ctophys_offset(op,
+			IV_OFFSET);
 	op->sym->cipher.iv.length = AES_CIPHER_IV_LENGTH;
+	rte_memcpy(op->sym->cipher.iv.data, aes_iv, AES_CIPHER_IV_LENGTH);
 
 	/* Data lengths/offsets Parameters */
 	op->sym->auth.data.offset = 0;
@@ -2951,22 +2958,31 @@ test_perf_set_crypto_op_snow3g(struct rte_crypto_op *op, struct rte_mbuf *m,
 		struct rte_cryptodev_sym_session *sess, unsigned data_len,
 		unsigned digest_len)
 {
+	uint8_t *iv_ptr = rte_crypto_op_ctod_offset(op,
+			uint8_t *, IV_OFFSET);
+
 	if (rte_crypto_op_attach_sym_session(op, sess) != 0) {
 		rte_crypto_op_free(op);
 		return NULL;
 	}
 
+	rte_memcpy(iv_ptr, snow3g_iv, SNOW3G_CIPHER_IV_LENGTH);
+
 	/* Authentication Parameters */
 	op->sym->auth.digest.data = (uint8_t *)m->buf_addr +
 						(m->data_off + data_len);
 	op->sym->auth.digest.phys_addr =
 				rte_pktmbuf_mtophys_offset(m, data_len);
 	op->sym->auth.digest.length = digest_len;
-	op->sym->auth.aad.data = snow3g_iv;
+	op->sym->auth.aad.data = iv_ptr;
+	op->sym->auth.aad.phys_addr = rte_crypto_op_ctophys_offset(op,
+			IV_OFFSET);
 	op->sym->auth.aad.length = SNOW3G_CIPHER_IV_LENGTH;
 
 	/* Cipher Parameters */
-	op->sym->cipher.iv.data = snow3g_iv;
+	op->sym->cipher.iv.data = iv_ptr;
+	op->sym->cipher.iv.phys_addr = rte_crypto_op_ctophys_offset(op,
+			IV_OFFSET);
 	op->sym->cipher.iv.length = SNOW3G_CIPHER_IV_LENGTH;
 
 	/* Data lengths/offsets Parameters */
@@ -2993,12 +3009,14 @@ test_perf_set_crypto_op_snow3g_cipher(struct rte_crypto_op *op,
 	}
 
 	/* Cipher Parameters */
-	op->sym->cipher.iv.data = rte_pktmbuf_mtod(m, uint8_t *);
+	op->sym->cipher.iv.data = rte_crypto_op_ctod_offset(op,
+			uint8_t *, IV_OFFSET);
+	op->sym->cipher.iv.phys_addr = rte_crypto_op_ctophys_offset(op,
+			IV_OFFSET);
 	op->sym->cipher.iv.length = SNOW3G_CIPHER_IV_LENGTH;
 	rte_memcpy(op->sym->cipher.iv.data, snow3g_iv, SNOW3G_CIPHER_IV_LENGTH);
-	op->sym->cipher.iv.phys_addr = rte_pktmbuf_mtophys(m);
 
-	op->sym->cipher.data.offset = SNOW3G_CIPHER_IV_LENGTH;
+	op->sym->cipher.data.offset = 0;
 	op->sym->cipher.data.length = data_len << 3;
 
 	op->sym->m_src = m;
@@ -3028,14 +3046,16 @@ test_perf_set_crypto_op_snow3g_hash(struct rte_crypto_op *op,
 				rte_pktmbuf_mtophys_offset(m, data_len +
 					SNOW3G_CIPHER_IV_LENGTH);
 	op->sym->auth.digest.length = digest_len;
-	op->sym->auth.aad.data = rte_pktmbuf_mtod(m, uint8_t *);
+	op->sym->auth.aad.data = rte_crypto_op_ctod_offset(op,
+			uint8_t *, IV_OFFSET);
+	op->sym->auth.aad.phys_addr = rte_crypto_op_ctophys_offset(op,
+			IV_OFFSET);
 	op->sym->auth.aad.length = SNOW3G_CIPHER_IV_LENGTH;
 	rte_memcpy(op->sym->auth.aad.data, snow3g_iv,
 			SNOW3G_CIPHER_IV_LENGTH);
-	op->sym->auth.aad.phys_addr = rte_pktmbuf_mtophys(m);
 
 	/* Data lengths/offsets Parameters */
-	op->sym->auth.data.offset = SNOW3G_CIPHER_IV_LENGTH;
+	op->sym->auth.data.offset = 0;
 	op->sym->auth.data.length = data_len << 3;
 
 	op->sym->m_src = m;
@@ -3062,8 +3082,13 @@ test_perf_set_crypto_op_3des(struct rte_crypto_op *op, struct rte_mbuf *m,
 	op->sym->auth.digest.length = digest_len;
 
 	/* Cipher Parameters */
-	op->sym->cipher.iv.data = triple_des_iv;
+	op->sym->cipher.iv.data = rte_crypto_op_ctod_offset(op,
+			uint8_t *, IV_OFFSET);
+	op->sym->cipher.iv.phys_addr = rte_crypto_op_ctophys_offset(op,
+			IV_OFFSET);
 	op->sym->cipher.iv.length = TRIPLE_DES_CIPHER_IV_LENGTH;
+	rte_memcpy(op->sym->cipher.iv.data, triple_des_iv,
+			TRIPLE_DES_CIPHER_IV_LENGTH);
 
 	/* Data lengths/offsets Parameters */
 	op->sym->auth.data.offset = 0;
@@ -3129,10 +3154,9 @@ test_perf_aes_sha(uint8_t dev_id, uint16_t queue_id,
 			return -1;
 		}
 
-		/* Make room for Digest and IV in mbuf */
+		/* Make room for Digest in mbuf */
 		if (pparams->chain != CIPHER_ONLY)
 			rte_pktmbuf_append(mbufs[i], digest_length);
-		rte_pktmbuf_prepend(mbufs[i], AES_CIPHER_IV_LENGTH);
 	}
 
 
@@ -3253,12 +3277,12 @@ test_perf_snow3g(uint8_t dev_id, uint16_t queue_id,
 	/* Generate a burst of crypto operations */
 	for (i = 0; i < (pparams->burst_size * NUM_MBUF_SETS); i++) {
 		/*
-		 * Buffer size + iv/aad len is allocated, for perf tests they
+		 * Buffer size is allocated, for perf tests they
 		 * are equal + digest len.
 		 */
 		mbufs[i] = test_perf_create_pktmbuf(
 				ts_params->mbuf_mp,
-				pparams->buf_size + SNOW3G_CIPHER_IV_LENGTH +
+				pparams->buf_size  +
 				digest_length);
 
 		if (mbufs[i] == NULL) {
@@ -4164,28 +4188,25 @@ perf_gcm_set_crypto_op(struct rte_crypto_op *op, struct rte_mbuf *m,
 		return NULL;
 	}
 
-	uint16_t iv_pad_len = ALIGN_POW2_ROUNDUP(params->symmetric_op->iv_len,
-						 16);
-
 	op->sym->auth.digest.data = m_hlp->digest;
 	op->sym->auth.digest.phys_addr = rte_pktmbuf_mtophys_offset(
 					  m,
 					  params->symmetric_op->aad_len +
-					  iv_pad_len +
 					  params->symmetric_op->p_len);
 
 	op->sym->auth.digest.length = params->symmetric_op->t_len;
 
 	op->sym->auth.aad.data = m_hlp->aad;
 	op->sym->auth.aad.length = params->symmetric_op->aad_len;
-	op->sym->auth.aad.phys_addr = rte_pktmbuf_mtophys_offset(
-					  m,
-					  iv_pad_len);
+	op->sym->auth.aad.phys_addr = rte_pktmbuf_mtophys(m);
 
 	rte_memcpy(op->sym->auth.aad.data, params->symmetric_op->aad_data,
 		       params->symmetric_op->aad_len);
 
-	op->sym->cipher.iv.data = m_hlp->iv;
+	op->sym->cipher.iv.data = rte_crypto_op_ctod_offset(op,
+			uint8_t *, IV_OFFSET);
+	op->sym->cipher.iv.phys_addr = rte_crypto_op_ctophys_offset(op,
+			IV_OFFSET);
 	rte_memcpy(op->sym->cipher.iv.data, params->symmetric_op->iv_data,
 		       params->symmetric_op->iv_len);
 	if (params->symmetric_op->iv_len == 12)
@@ -4194,11 +4215,11 @@ perf_gcm_set_crypto_op(struct rte_crypto_op *op, struct rte_mbuf *m,
 	op->sym->cipher.iv.length = params->symmetric_op->iv_len;
 
 	op->sym->auth.data.offset =
-			iv_pad_len + params->symmetric_op->aad_len;
+			params->symmetric_op->aad_len;
 	op->sym->auth.data.length = params->symmetric_op->p_len;
 
 	op->sym->cipher.data.offset =
-			iv_pad_len + params->symmetric_op->aad_len;
+			params->symmetric_op->aad_len;
 	op->sym->cipher.data.length = params->symmetric_op->p_len;
 
 	op->sym->m_src = m;
@@ -4212,8 +4233,6 @@ test_perf_create_pktmbuf_fill(struct rte_mempool *mpool,
 		unsigned buf_sz, struct crypto_params *m_hlp)
 {
 	struct rte_mbuf *m = rte_pktmbuf_alloc(mpool);
-	uint16_t iv_pad_len =
-			ALIGN_POW2_ROUNDUP(params->symmetric_op->iv_len, 16);
 	uint16_t aad_len = params->symmetric_op->aad_len;
 	uint16_t digest_size = params->symmetric_op->t_len;
 	char *p;
@@ -4225,13 +4244,6 @@ test_perf_create_pktmbuf_fill(struct rte_mempool *mpool,
 	}
 	m_hlp->aad = (uint8_t *)p;
 
-	p = rte_pktmbuf_append(m, iv_pad_len);
-	if (p == NULL) {
-		rte_pktmbuf_free(m);
-		return NULL;
-	}
-	m_hlp->iv = (uint8_t *)p;
-
 	p = rte_pktmbuf_append(m, buf_sz);
 	if (p == NULL) {
 		rte_pktmbuf_free(m);
@@ -4350,22 +4362,20 @@ perf_AES_GCM(uint8_t dev_id, uint16_t queue_id,
 
 		for (m = 0; m < burst_dequeued; m++) {
 			if (test_ops) {
-				uint16_t iv_pad_len = ALIGN_POW2_ROUNDUP
-					(pparams->symmetric_op->iv_len, 16);
 				uint8_t *pkt = rte_pktmbuf_mtod(
 					proc_ops[m]->sym->m_src,
 					uint8_t *);
 
 				TEST_ASSERT_BUFFERS_ARE_EQUAL(
 					pparams->symmetric_op->c_data,
-					pkt + iv_pad_len +
+					pkt +
 					pparams->symmetric_op->aad_len,
 					pparams->symmetric_op->c_len,
 					"GCM Ciphertext data not as expected");
 
 				TEST_ASSERT_BUFFERS_ARE_EQUAL(
 					pparams->symmetric_op->t_data,
-					pkt + iv_pad_len +
+					pkt +
 					pparams->symmetric_op->aad_len +
 					pparams->symmetric_op->c_len,
 					pparams->symmetric_op->t_len,
-- 
2.9.4

^ permalink raw reply	[flat|nested] 100+ messages in thread

* [dpdk-dev] [PATCH v2 10/27] app/crypto-perf: move IV to crypto op private data
  2017-06-26 10:22 ` [dpdk-dev] [PATCH v2 00/27] Crypto operation restructuring Pablo de Lara
                     ` (8 preceding siblings ...)
  2017-06-26 10:22   ` [dpdk-dev] [PATCH v2 09/27] test/crypto-perf: " Pablo de Lara
@ 2017-06-26 10:22   ` Pablo de Lara
  2017-06-26 10:22   ` [dpdk-dev] [PATCH v2 11/27] examples/l2fwd-crypto: " Pablo de Lara
                     ` (18 subsequent siblings)
  28 siblings, 0 replies; 100+ messages in thread
From: Pablo de Lara @ 2017-06-26 10:22 UTC (permalink / raw)
  To: declan.doherty, zbigniew.bodek, jerin.jacob, akhil.goyal, hemant.agrawal
  Cc: dev, Pablo de Lara

Usually, IV will change for each crypto operation.
Therefore, instead of pointing at the same location,
IV is copied after each crypto operation.

This will let the IV to be passed as an offset from
the beginning of the crypto operation, instead of
a pointer.

Signed-off-by: Pablo de Lara <pablo.de.lara.guarch@intel.com>
---
 app/test-crypto-perf/cperf_ops.c                 | 45 +++++++++++++++++-------
 app/test-crypto-perf/cperf_ops.h                 |  3 +-
 app/test-crypto-perf/cperf_test_latency.c        |  8 +++--
 app/test-crypto-perf/cperf_test_throughput.c     |  9 +++--
 app/test-crypto-perf/cperf_test_vector_parsing.c |  1 -
 app/test-crypto-perf/cperf_test_vectors.c        |  1 -
 app/test-crypto-perf/cperf_test_verify.c         |  8 +++--
 7 files changed, 54 insertions(+), 21 deletions(-)

diff --git a/app/test-crypto-perf/cperf_ops.c b/app/test-crypto-perf/cperf_ops.c
index c2c3db5..423bdae 100644
--- a/app/test-crypto-perf/cperf_ops.c
+++ b/app/test-crypto-perf/cperf_ops.c
@@ -40,7 +40,8 @@ cperf_set_ops_null_cipher(struct rte_crypto_op **ops,
 		struct rte_mbuf **bufs_in, struct rte_mbuf **bufs_out,
 		uint16_t nb_ops, struct rte_cryptodev_sym_session *sess,
 		const struct cperf_options *options,
-		const struct cperf_test_vector *test_vector __rte_unused)
+		const struct cperf_test_vector *test_vector __rte_unused,
+		uint16_t iv_offset __rte_unused)
 {
 	uint16_t i;
 
@@ -65,7 +66,8 @@ cperf_set_ops_null_auth(struct rte_crypto_op **ops,
 		struct rte_mbuf **bufs_in, struct rte_mbuf **bufs_out,
 		uint16_t nb_ops, struct rte_cryptodev_sym_session *sess,
 		const struct cperf_options *options,
-		const struct cperf_test_vector *test_vector __rte_unused)
+		const struct cperf_test_vector *test_vector __rte_unused,
+		uint16_t iv_offset __rte_unused)
 {
 	uint16_t i;
 
@@ -90,7 +92,8 @@ cperf_set_ops_cipher(struct rte_crypto_op **ops,
 		struct rte_mbuf **bufs_in, struct rte_mbuf **bufs_out,
 		uint16_t nb_ops, struct rte_cryptodev_sym_session *sess,
 		const struct cperf_options *options,
-		const struct cperf_test_vector *test_vector)
+		const struct cperf_test_vector *test_vector,
+		uint16_t iv_offset)
 {
 	uint16_t i;
 
@@ -103,9 +106,14 @@ cperf_set_ops_cipher(struct rte_crypto_op **ops,
 		sym_op->m_dst = bufs_out[i];
 
 		/* cipher parameters */
-		sym_op->cipher.iv.data = test_vector->iv.data;
-		sym_op->cipher.iv.phys_addr = test_vector->iv.phys_addr;
+		sym_op->cipher.iv.data = rte_crypto_op_ctod_offset(ops[i],
+							uint8_t *, iv_offset);
+		sym_op->cipher.iv.phys_addr = rte_crypto_op_ctophys_offset(ops[i],
+							iv_offset);
 		sym_op->cipher.iv.length = test_vector->iv.length;
+		memcpy(sym_op->cipher.iv.data,
+				test_vector->iv.data,
+				test_vector->iv.length);
 
 		if (options->cipher_algo == RTE_CRYPTO_CIPHER_SNOW3G_UEA2 ||
 				options->cipher_algo == RTE_CRYPTO_CIPHER_KASUMI_F8 ||
@@ -125,7 +133,8 @@ cperf_set_ops_auth(struct rte_crypto_op **ops,
 		struct rte_mbuf **bufs_in, struct rte_mbuf **bufs_out,
 		uint16_t nb_ops, struct rte_cryptodev_sym_session *sess,
 		const struct cperf_options *options,
-		const struct cperf_test_vector *test_vector)
+		const struct cperf_test_vector *test_vector,
+		uint16_t iv_offset __rte_unused)
 {
 	uint16_t i;
 
@@ -190,7 +199,8 @@ cperf_set_ops_cipher_auth(struct rte_crypto_op **ops,
 		struct rte_mbuf **bufs_in, struct rte_mbuf **bufs_out,
 		uint16_t nb_ops, struct rte_cryptodev_sym_session *sess,
 		const struct cperf_options *options,
-		const struct cperf_test_vector *test_vector)
+		const struct cperf_test_vector *test_vector,
+		uint16_t iv_offset)
 {
 	uint16_t i;
 
@@ -203,9 +213,14 @@ cperf_set_ops_cipher_auth(struct rte_crypto_op **ops,
 		sym_op->m_dst = bufs_out[i];
 
 		/* cipher parameters */
-		sym_op->cipher.iv.data = test_vector->iv.data;
-		sym_op->cipher.iv.phys_addr = test_vector->iv.phys_addr;
+		sym_op->cipher.iv.data = rte_crypto_op_ctod_offset(ops[i],
+							uint8_t *, iv_offset);
+		sym_op->cipher.iv.phys_addr = rte_crypto_op_ctophys_offset(ops[i],
+							iv_offset);
 		sym_op->cipher.iv.length = test_vector->iv.length;
+		memcpy(sym_op->cipher.iv.data,
+				test_vector->iv.data,
+				test_vector->iv.length);
 
 		if (options->cipher_algo == RTE_CRYPTO_CIPHER_SNOW3G_UEA2 ||
 				options->cipher_algo == RTE_CRYPTO_CIPHER_KASUMI_F8 ||
@@ -268,7 +283,8 @@ cperf_set_ops_aead(struct rte_crypto_op **ops,
 		struct rte_mbuf **bufs_in, struct rte_mbuf **bufs_out,
 		uint16_t nb_ops, struct rte_cryptodev_sym_session *sess,
 		const struct cperf_options *options,
-		const struct cperf_test_vector *test_vector)
+		const struct cperf_test_vector *test_vector,
+		uint16_t iv_offset)
 {
 	uint16_t i;
 
@@ -281,9 +297,14 @@ cperf_set_ops_aead(struct rte_crypto_op **ops,
 		sym_op->m_dst = bufs_out[i];
 
 		/* cipher parameters */
-		sym_op->cipher.iv.data = test_vector->iv.data;
-		sym_op->cipher.iv.phys_addr = test_vector->iv.phys_addr;
+		sym_op->cipher.iv.data = rte_crypto_op_ctod_offset(ops[i],
+							uint8_t *, iv_offset);
+		sym_op->cipher.iv.phys_addr = rte_crypto_op_ctophys_offset(ops[i],
+							iv_offset);
 		sym_op->cipher.iv.length = test_vector->iv.length;
+		memcpy(sym_op->cipher.iv.data,
+				test_vector->iv.data,
+				test_vector->iv.length);
 
 		sym_op->cipher.data.length = options->test_buffer_size;
 		sym_op->cipher.data.offset =
diff --git a/app/test-crypto-perf/cperf_ops.h b/app/test-crypto-perf/cperf_ops.h
index 1b748da..f7b431c 100644
--- a/app/test-crypto-perf/cperf_ops.h
+++ b/app/test-crypto-perf/cperf_ops.h
@@ -48,7 +48,8 @@ typedef int (*cperf_populate_ops_t)(struct rte_crypto_op **ops,
 		struct rte_mbuf **bufs_in, struct rte_mbuf **bufs_out,
 		uint16_t nb_ops, struct rte_cryptodev_sym_session *sess,
 		const struct cperf_options *options,
-		const struct cperf_test_vector *test_vector);
+		const struct cperf_test_vector *test_vector,
+		uint16_t iv_offset);
 
 struct cperf_op_fns {
 	cperf_sessions_create_t sess_create;
diff --git a/app/test-crypto-perf/cperf_test_latency.c b/app/test-crypto-perf/cperf_test_latency.c
index a7443a3..3aca1b4 100644
--- a/app/test-crypto-perf/cperf_test_latency.c
+++ b/app/test-crypto-perf/cperf_test_latency.c
@@ -280,7 +280,7 @@ cperf_latency_test_constructor(uint8_t dev_id, uint16_t qp_id,
 	snprintf(pool_name, sizeof(pool_name), "cperf_op_pool_cdev_%d",
 			dev_id);
 
-	uint16_t priv_size = sizeof(struct priv_op_data);
+	uint16_t priv_size = sizeof(struct priv_op_data) + test_vector->iv.length;
 	ctx->crypto_op_pool = rte_crypto_op_pool_create(pool_name,
 			RTE_CRYPTO_OP_TYPE_SYMMETRIC, options->pool_sz, 0, priv_size,
 			rte_socket_id());
@@ -354,6 +354,10 @@ cperf_latency_test_runner(void *arg)
 	else
 		test_burst_size = ctx->options->burst_size_list[0];
 
+	uint16_t iv_offset = sizeof(struct rte_crypto_op) +
+		sizeof(struct rte_crypto_sym_op) +
+		sizeof(struct cperf_op_result *);
+
 	while (test_burst_size <= ctx->options->max_burst_size) {
 		uint64_t ops_enqd = 0, ops_deqd = 0;
 		uint64_t m_idx = 0, b_idx = 0;
@@ -382,7 +386,7 @@ cperf_latency_test_runner(void *arg)
 			(ctx->populate_ops)(ops, &ctx->mbufs_in[m_idx],
 					&ctx->mbufs_out[m_idx],
 					burst_size, ctx->sess, ctx->options,
-					ctx->test_vector);
+					ctx->test_vector, iv_offset);
 
 			tsc_start = rte_rdtsc_precise();
 
diff --git a/app/test-crypto-perf/cperf_test_throughput.c b/app/test-crypto-perf/cperf_test_throughput.c
index 61b27ea..ba883fd 100644
--- a/app/test-crypto-perf/cperf_test_throughput.c
+++ b/app/test-crypto-perf/cperf_test_throughput.c
@@ -262,8 +262,10 @@ cperf_throughput_test_constructor(uint8_t dev_id, uint16_t qp_id,
 	snprintf(pool_name, sizeof(pool_name), "cperf_op_pool_cdev_%d",
 			dev_id);
 
+	uint16_t priv_size = test_vector->iv.length;
+
 	ctx->crypto_op_pool = rte_crypto_op_pool_create(pool_name,
-			RTE_CRYPTO_OP_TYPE_SYMMETRIC, options->pool_sz, 0, 0,
+			RTE_CRYPTO_OP_TYPE_SYMMETRIC, options->pool_sz, 0, priv_size,
 			rte_socket_id());
 	if (ctx->crypto_op_pool == NULL)
 		goto err;
@@ -315,6 +317,9 @@ cperf_throughput_test_runner(void *test_ctx)
 	else
 		test_burst_size = ctx->options->burst_size_list[0];
 
+	uint16_t iv_offset = sizeof(struct rte_crypto_op) +
+		sizeof(struct rte_crypto_sym_op);
+
 	while (test_burst_size <= ctx->options->max_burst_size) {
 		uint64_t ops_enqd = 0, ops_enqd_total = 0, ops_enqd_failed = 0;
 		uint64_t ops_deqd = 0, ops_deqd_total = 0, ops_deqd_failed = 0;
@@ -346,7 +351,7 @@ cperf_throughput_test_runner(void *test_ctx)
 			(ctx->populate_ops)(ops, &ctx->mbufs_in[m_idx],
 					&ctx->mbufs_out[m_idx],
 					ops_needed, ctx->sess, ctx->options,
-					ctx->test_vector);
+					ctx->test_vector, iv_offset);
 
 			/**
 			 * When ops_needed is smaller than ops_enqd, the
diff --git a/app/test-crypto-perf/cperf_test_vector_parsing.c b/app/test-crypto-perf/cperf_test_vector_parsing.c
index f384e3d..62d0c91 100644
--- a/app/test-crypto-perf/cperf_test_vector_parsing.c
+++ b/app/test-crypto-perf/cperf_test_vector_parsing.c
@@ -303,7 +303,6 @@ parse_entry(char *entry, struct cperf_test_vector *vector,
 	} else if (strstr(key_token, "iv")) {
 		rte_free(vector->iv.data);
 		vector->iv.data = data;
-		vector->iv.phys_addr = rte_malloc_virt2phy(vector->iv.data);
 		if (tc_found)
 			vector->iv.length = data_length;
 		else {
diff --git a/app/test-crypto-perf/cperf_test_vectors.c b/app/test-crypto-perf/cperf_test_vectors.c
index 757957f..36b3f6f 100644
--- a/app/test-crypto-perf/cperf_test_vectors.c
+++ b/app/test-crypto-perf/cperf_test_vectors.c
@@ -423,7 +423,6 @@ cperf_test_vector_get_dummy(struct cperf_options *options)
 			memcpy(t_vec->iv.data, iv, options->cipher_iv_sz);
 		}
 		t_vec->ciphertext.length = options->max_buffer_size;
-		t_vec->iv.phys_addr = rte_malloc_virt2phy(t_vec->iv.data);
 		t_vec->iv.length = options->cipher_iv_sz;
 		t_vec->data.cipher_offset = 0;
 		t_vec->data.cipher_length = options->max_buffer_size;
diff --git a/app/test-crypto-perf/cperf_test_verify.c b/app/test-crypto-perf/cperf_test_verify.c
index 454221e..d5a2b33 100644
--- a/app/test-crypto-perf/cperf_test_verify.c
+++ b/app/test-crypto-perf/cperf_test_verify.c
@@ -266,8 +266,9 @@ cperf_verify_test_constructor(uint8_t dev_id, uint16_t qp_id,
 	snprintf(pool_name, sizeof(pool_name), "cperf_op_pool_cdev_%d",
 			dev_id);
 
+	uint16_t priv_size = test_vector->iv.length;
 	ctx->crypto_op_pool = rte_crypto_op_pool_create(pool_name,
-			RTE_CRYPTO_OP_TYPE_SYMMETRIC, options->pool_sz, 0, 0,
+			RTE_CRYPTO_OP_TYPE_SYMMETRIC, options->pool_sz, 0, priv_size,
 			rte_socket_id());
 	if (ctx->crypto_op_pool == NULL)
 		goto err;
@@ -417,6 +418,9 @@ cperf_verify_test_runner(void *test_ctx)
 		printf("\n# Running verify test on device: %u, lcore: %u\n",
 			ctx->dev_id, lcore);
 
+	uint16_t iv_offset = sizeof(struct rte_crypto_op) +
+		sizeof(struct rte_crypto_sym_op);
+
 	while (ops_enqd_total < ctx->options->total_ops) {
 
 		uint16_t burst_size = ((ops_enqd_total + ctx->options->max_burst_size)
@@ -438,7 +442,7 @@ cperf_verify_test_runner(void *test_ctx)
 		(ctx->populate_ops)(ops, &ctx->mbufs_in[m_idx],
 				&ctx->mbufs_out[m_idx],
 				ops_needed, ctx->sess, ctx->options,
-				ctx->test_vector);
+				ctx->test_vector, iv_offset);
 
 #ifdef CPERF_LINEARIZATION_ENABLE
 		if (linearize) {
-- 
2.9.4

^ permalink raw reply	[flat|nested] 100+ messages in thread

* [dpdk-dev] [PATCH v2 11/27] examples/l2fwd-crypto: move IV to crypto op private data
  2017-06-26 10:22 ` [dpdk-dev] [PATCH v2 00/27] Crypto operation restructuring Pablo de Lara
                     ` (9 preceding siblings ...)
  2017-06-26 10:22   ` [dpdk-dev] [PATCH v2 10/27] app/crypto-perf: " Pablo de Lara
@ 2017-06-26 10:22   ` Pablo de Lara
  2017-06-26 10:22   ` [dpdk-dev] [PATCH v2 12/27] examples/ipsec-secgw: " Pablo de Lara
                     ` (17 subsequent siblings)
  28 siblings, 0 replies; 100+ messages in thread
From: Pablo de Lara @ 2017-06-26 10:22 UTC (permalink / raw)
  To: declan.doherty, zbigniew.bodek, jerin.jacob, akhil.goyal, hemant.agrawal
  Cc: dev, Pablo de Lara

Usually, IV will change for each crypto operation.
Therefore, instead of pointing at the same location,
IV is copied after each crypto operation.

This will let the IV to be passed as an offset from
the beginning of the crypto operation, instead of
a pointer.

Signed-off-by: Pablo de Lara <pablo.de.lara.guarch@intel.com>
---
 examples/l2fwd-crypto/main.c | 17 +++++++++++++----
 1 file changed, 13 insertions(+), 4 deletions(-)

diff --git a/examples/l2fwd-crypto/main.c b/examples/l2fwd-crypto/main.c
index 779b4fb..1380bc6 100644
--- a/examples/l2fwd-crypto/main.c
+++ b/examples/l2fwd-crypto/main.c
@@ -89,6 +89,10 @@ enum cdev_type {
 #define MAX_PKT_BURST 32
 #define BURST_TX_DRAIN_US 100 /* TX drain every ~100us */
 
+#define MAXIMUM_IV_LENGTH	16
+#define IV_OFFSET		(sizeof(struct rte_crypto_op) + \
+				sizeof(struct rte_crypto_sym_op))
+
 /*
  * Configurable number of RX/TX ring descriptors
  */
@@ -480,8 +484,14 @@ l2fwd_simple_crypto_enqueue(struct rte_mbuf *m,
 	}
 
 	if (cparams->do_cipher) {
-		op->sym->cipher.iv.data = cparams->iv.data;
-		op->sym->cipher.iv.phys_addr = cparams->iv.phys_addr;
+		uint8_t *iv_ptr = rte_crypto_op_ctod_offset(op, uint8_t *,
+							IV_OFFSET);
+		/* Copy IV at the end of the crypto operation */
+		rte_memcpy(iv_ptr, cparams->iv.data, cparams->iv.length);
+
+		op->sym->cipher.iv.data = iv_ptr;
+		op->sym->cipher.iv.phys_addr =
+				rte_crypto_op_ctophys_offset(op, IV_OFFSET);
 		op->sym->cipher.iv.length = cparams->iv.length;
 
 		/* For wireless algorithms, offset/length must be in bits */
@@ -1950,7 +1960,6 @@ reserve_key_memory(struct l2fwd_crypto_options *options)
 	options->iv.data = rte_malloc("iv", MAX_KEY_SIZE, 0);
 	if (options->iv.data == NULL)
 		rte_exit(EXIT_FAILURE, "Failed to allocate memory for IV");
-	options->iv.phys_addr = rte_malloc_virt2phy(options->iv.data);
 
 	options->aad.data = rte_malloc("aad", MAX_KEY_SIZE, 0);
 	if (options->aad.data == NULL)
@@ -1993,7 +2002,7 @@ main(int argc, char **argv)
 
 	/* create crypto op pool */
 	l2fwd_crypto_op_pool = rte_crypto_op_pool_create("crypto_op_pool",
-			RTE_CRYPTO_OP_TYPE_SYMMETRIC, NB_MBUF, 128, 0,
+			RTE_CRYPTO_OP_TYPE_SYMMETRIC, NB_MBUF, 128, MAXIMUM_IV_LENGTH,
 			rte_socket_id());
 	if (l2fwd_crypto_op_pool == NULL)
 		rte_exit(EXIT_FAILURE, "Cannot create crypto op pool\n");
-- 
2.9.4

^ permalink raw reply	[flat|nested] 100+ messages in thread

* [dpdk-dev] [PATCH v2 12/27] examples/ipsec-secgw: move IV to crypto op private data
  2017-06-26 10:22 ` [dpdk-dev] [PATCH v2 00/27] Crypto operation restructuring Pablo de Lara
                     ` (10 preceding siblings ...)
  2017-06-26 10:22   ` [dpdk-dev] [PATCH v2 11/27] examples/l2fwd-crypto: " Pablo de Lara
@ 2017-06-26 10:22   ` Pablo de Lara
  2017-06-26 10:22   ` [dpdk-dev] [PATCH v2 13/27] cryptodev: pass IV as offset Pablo de Lara
                     ` (16 subsequent siblings)
  28 siblings, 0 replies; 100+ messages in thread
From: Pablo de Lara @ 2017-06-26 10:22 UTC (permalink / raw)
  To: declan.doherty, zbigniew.bodek, jerin.jacob, akhil.goyal, hemant.agrawal
  Cc: dev, Pablo de Lara

Usually, IV will change for each crypto operation.
Therefore, instead of pointing at the same location,
IV is copied after each crypto operation.

This will let the IV to be passed as an offset from
the beginning of the crypto operation, instead of
a pointer.

Signed-off-by: Pablo de Lara <pablo.de.lara.guarch@intel.com>
---
 examples/ipsec-secgw/esp.c   | 27 ++++++++++++++++++---------
 examples/ipsec-secgw/ipsec.h |  2 +-
 2 files changed, 19 insertions(+), 10 deletions(-)

diff --git a/examples/ipsec-secgw/esp.c b/examples/ipsec-secgw/esp.c
index e77afa0..5bf2d7d 100644
--- a/examples/ipsec-secgw/esp.c
+++ b/examples/ipsec-secgw/esp.c
@@ -50,6 +50,9 @@
 #include "esp.h"
 #include "ipip.h"
 
+#define IV_OFFSET		(sizeof(struct rte_crypto_op) + \
+				sizeof(struct rte_crypto_sym_op))
+
 int
 esp_inbound(struct rte_mbuf *m, struct ipsec_sa *sa,
 		struct rte_crypto_op *cop)
@@ -93,13 +96,17 @@ esp_inbound(struct rte_mbuf *m, struct ipsec_sa *sa,
 	struct cnt_blk *icb;
 	uint8_t *aad;
 	uint8_t *iv = RTE_PTR_ADD(ip4, ip_hdr_len + sizeof(struct esp_hdr));
+	uint8_t *iv_ptr = rte_crypto_op_ctod_offset(cop,
+				uint8_t *, IV_OFFSET);
 
 	switch (sa->cipher_algo) {
 	case RTE_CRYPTO_CIPHER_NULL:
 	case RTE_CRYPTO_CIPHER_AES_CBC:
-		sym_cop->cipher.iv.data = iv;
-		sym_cop->cipher.iv.phys_addr = rte_pktmbuf_mtophys_offset(m,
-				 ip_hdr_len + sizeof(struct esp_hdr));
+		/* Copy IV at the end of crypto operation */
+		rte_memcpy(iv_ptr, iv, sa->iv_len);
+		sym_cop->cipher.iv.data = iv_ptr;
+		sym_cop->cipher.iv.phys_addr =
+				rte_crypto_op_ctophys_offset(cop, IV_OFFSET);
 		sym_cop->cipher.iv.length = sa->iv_len;
 		break;
 	case RTE_CRYPTO_CIPHER_AES_CTR:
@@ -108,9 +115,9 @@ esp_inbound(struct rte_mbuf *m, struct ipsec_sa *sa,
 		icb->salt = sa->salt;
 		memcpy(&icb->iv, iv, 8);
 		icb->cnt = rte_cpu_to_be_32(1);
-		sym_cop->cipher.iv.data = (uint8_t *)icb;
-		sym_cop->cipher.iv.phys_addr = rte_pktmbuf_mtophys_offset(m,
-			 (uint8_t *)icb - rte_pktmbuf_mtod(m, uint8_t *));
+		sym_cop->cipher.iv.data = iv_ptr;
+		sym_cop->cipher.iv.phys_addr =
+				rte_crypto_op_ctophys_offset(cop, IV_OFFSET);
 		sym_cop->cipher.iv.length = 16;
 		break;
 	default:
@@ -341,13 +348,15 @@ esp_outbound(struct rte_mbuf *m, struct ipsec_sa *sa,
 	padding[pad_len - 2] = pad_len - 2;
 	padding[pad_len - 1] = nlp;
 
+	uint8_t *iv_ptr = rte_crypto_op_ctod_offset(cop,
+				uint8_t *, IV_OFFSET);
 	struct cnt_blk *icb = get_cnt_blk(m);
 	icb->salt = sa->salt;
 	icb->iv = sa->seq;
 	icb->cnt = rte_cpu_to_be_32(1);
-	sym_cop->cipher.iv.data = (uint8_t *)icb;
-	sym_cop->cipher.iv.phys_addr = rte_pktmbuf_mtophys_offset(m,
-			 (uint8_t *)icb - rte_pktmbuf_mtod(m, uint8_t *));
+	sym_cop->cipher.iv.data = iv_ptr;
+	sym_cop->cipher.iv.phys_addr =
+			rte_crypto_op_ctophys_offset(cop, IV_OFFSET);
 	sym_cop->cipher.iv.length = 16;
 
 	uint8_t *aad;
diff --git a/examples/ipsec-secgw/ipsec.h b/examples/ipsec-secgw/ipsec.h
index fe42661..de1df7b 100644
--- a/examples/ipsec-secgw/ipsec.h
+++ b/examples/ipsec-secgw/ipsec.h
@@ -118,10 +118,10 @@ struct ipsec_sa {
 } __rte_cache_aligned;
 
 struct ipsec_mbuf_metadata {
-	uint8_t buf[32];
 	struct ipsec_sa *sa;
 	struct rte_crypto_op cop;
 	struct rte_crypto_sym_op sym_cop;
+	uint8_t buf[32];
 } __rte_cache_aligned;
 
 struct cdev_qp {
-- 
2.9.4

^ permalink raw reply	[flat|nested] 100+ messages in thread

* [dpdk-dev] [PATCH v2 13/27] cryptodev: pass IV as offset
  2017-06-26 10:22 ` [dpdk-dev] [PATCH v2 00/27] Crypto operation restructuring Pablo de Lara
                     ` (11 preceding siblings ...)
  2017-06-26 10:22   ` [dpdk-dev] [PATCH v2 12/27] examples/ipsec-secgw: " Pablo de Lara
@ 2017-06-26 10:22   ` Pablo de Lara
  2017-06-26 10:22   ` [dpdk-dev] [PATCH v2 14/27] cryptodev: move IV parameters to crypto session Pablo de Lara
                     ` (15 subsequent siblings)
  28 siblings, 0 replies; 100+ messages in thread
From: Pablo de Lara @ 2017-06-26 10:22 UTC (permalink / raw)
  To: declan.doherty, zbigniew.bodek, jerin.jacob, akhil.goyal, hemant.agrawal
  Cc: dev, Pablo de Lara

Since IV now is copied after the crypto operation, in
its private size, IV can be passed only with offset
and length.

Signed-off-by: Pablo de Lara <pablo.de.lara.guarch@intel.com>
---
 app/test-crypto-perf/cperf_ops.c            |  21 ++----
 doc/guides/prog_guide/cryptodev_lib.rst     |   3 +-
 doc/guides/rel_notes/release_17_08.rst      |   2 +
 drivers/crypto/aesni_gcm/aesni_gcm_pmd.c    |  80 +++++++++++----------
 drivers/crypto/aesni_mb/rte_aesni_mb_pmd.c  |   3 +-
 drivers/crypto/armv8/rte_armv8_pmd.c        |   3 +-
 drivers/crypto/dpaa2_sec/dpaa2_sec_dpseci.c |   8 ++-
 drivers/crypto/kasumi/rte_kasumi_pmd.c      |  26 ++++---
 drivers/crypto/openssl/rte_openssl_pmd.c    |  12 ++--
 drivers/crypto/qat/qat_crypto.c             |  30 +++++---
 drivers/crypto/snow3g/rte_snow3g_pmd.c      |  14 ++--
 drivers/crypto/zuc/rte_zuc_pmd.c            |   7 +-
 examples/ipsec-secgw/esp.c                  |  14 +---
 examples/l2fwd-crypto/main.c                |   5 +-
 lib/librte_cryptodev/rte_crypto_sym.h       |   7 +-
 test/test/test_cryptodev.c                  | 107 +++++++++++-----------------
 test/test/test_cryptodev_blockcipher.c      |   8 +--
 test/test/test_cryptodev_perf.c             |  60 ++++++----------
 18 files changed, 193 insertions(+), 217 deletions(-)

diff --git a/app/test-crypto-perf/cperf_ops.c b/app/test-crypto-perf/cperf_ops.c
index 423bdae..1e151a9 100644
--- a/app/test-crypto-perf/cperf_ops.c
+++ b/app/test-crypto-perf/cperf_ops.c
@@ -106,12 +106,9 @@ cperf_set_ops_cipher(struct rte_crypto_op **ops,
 		sym_op->m_dst = bufs_out[i];
 
 		/* cipher parameters */
-		sym_op->cipher.iv.data = rte_crypto_op_ctod_offset(ops[i],
-							uint8_t *, iv_offset);
-		sym_op->cipher.iv.phys_addr = rte_crypto_op_ctophys_offset(ops[i],
-							iv_offset);
+		sym_op->cipher.iv.offset = iv_offset;
 		sym_op->cipher.iv.length = test_vector->iv.length;
-		memcpy(sym_op->cipher.iv.data,
+		memcpy(rte_crypto_op_ctod_offset(ops[i], uint8_t *, iv_offset),
 				test_vector->iv.data,
 				test_vector->iv.length);
 
@@ -213,12 +210,9 @@ cperf_set_ops_cipher_auth(struct rte_crypto_op **ops,
 		sym_op->m_dst = bufs_out[i];
 
 		/* cipher parameters */
-		sym_op->cipher.iv.data = rte_crypto_op_ctod_offset(ops[i],
-							uint8_t *, iv_offset);
-		sym_op->cipher.iv.phys_addr = rte_crypto_op_ctophys_offset(ops[i],
-							iv_offset);
+		sym_op->cipher.iv.offset = iv_offset;
 		sym_op->cipher.iv.length = test_vector->iv.length;
-		memcpy(sym_op->cipher.iv.data,
+		memcpy(rte_crypto_op_ctod_offset(ops[i], uint8_t *, iv_offset),
 				test_vector->iv.data,
 				test_vector->iv.length);
 
@@ -297,12 +291,9 @@ cperf_set_ops_aead(struct rte_crypto_op **ops,
 		sym_op->m_dst = bufs_out[i];
 
 		/* cipher parameters */
-		sym_op->cipher.iv.data = rte_crypto_op_ctod_offset(ops[i],
-							uint8_t *, iv_offset);
-		sym_op->cipher.iv.phys_addr = rte_crypto_op_ctophys_offset(ops[i],
-							iv_offset);
+		sym_op->cipher.iv.offset = iv_offset;
 		sym_op->cipher.iv.length = test_vector->iv.length;
-		memcpy(sym_op->cipher.iv.data,
+		memcpy(rte_crypto_op_ctod_offset(ops[i], uint8_t *, iv_offset),
 				test_vector->iv.data,
 				test_vector->iv.length);
 
diff --git a/doc/guides/prog_guide/cryptodev_lib.rst b/doc/guides/prog_guide/cryptodev_lib.rst
index c9a29f8..48c58a9 100644
--- a/doc/guides/prog_guide/cryptodev_lib.rst
+++ b/doc/guides/prog_guide/cryptodev_lib.rst
@@ -537,8 +537,7 @@ chain.
             } data;   /**< Data offsets and length for ciphering */
 
             struct {
-                uint8_t *data;
-                phys_addr_t phys_addr;
+                uint16_t offset;
                 uint16_t length;
             } iv;     /**< Initialisation vector parameters */
         } cipher;
diff --git a/doc/guides/rel_notes/release_17_08.rst b/doc/guides/rel_notes/release_17_08.rst
index 6acbf35..68e8022 100644
--- a/doc/guides/rel_notes/release_17_08.rst
+++ b/doc/guides/rel_notes/release_17_08.rst
@@ -157,6 +157,8 @@ API Changes
   * Removed the field ``opaque_data`` from ``rte_crypto_op``.
   * Pointer to ``rte_crypto_sym_op`` in ``rte_crypto_op`` has been replaced
     with a zero length array.
+  * Replaced pointer and physical address of IV in ``rte_crypto_sym_op`` with
+    offset from the start of the crypto operation.
 
 
 ABI Changes
diff --git a/drivers/crypto/aesni_gcm/aesni_gcm_pmd.c b/drivers/crypto/aesni_gcm/aesni_gcm_pmd.c
index 165f5a1..9a23415 100644
--- a/drivers/crypto/aesni_gcm/aesni_gcm_pmd.c
+++ b/drivers/crypto/aesni_gcm/aesni_gcm_pmd.c
@@ -180,12 +180,14 @@ aesni_gcm_get_session(struct aesni_gcm_qp *qp, struct rte_crypto_op *op)
  *
  */
 static int
-process_gcm_crypto_op(struct rte_crypto_sym_op *op,
+process_gcm_crypto_op(struct rte_crypto_op *op,
 		struct aesni_gcm_session *session)
 {
 	uint8_t *src, *dst;
-	struct rte_mbuf *m_src = op->m_src;
-	uint32_t offset = op->cipher.data.offset;
+	uint8_t *iv_ptr;
+	struct rte_crypto_sym_op *sym_op = op->sym;
+	struct rte_mbuf *m_src = sym_op->m_src;
+	uint32_t offset = sym_op->cipher.data.offset;
 	uint32_t part_len, total_len, data_len;
 
 	RTE_ASSERT(m_src != NULL);
@@ -198,46 +200,48 @@ process_gcm_crypto_op(struct rte_crypto_sym_op *op,
 	}
 
 	data_len = m_src->data_len - offset;
-	part_len = (data_len < op->cipher.data.length) ? data_len :
-			op->cipher.data.length;
+	part_len = (data_len < sym_op->cipher.data.length) ? data_len :
+			sym_op->cipher.data.length;
 
 	/* Destination buffer is required when segmented source buffer */
-	RTE_ASSERT((part_len == op->cipher.data.length) ||
-			((part_len != op->cipher.data.length) &&
-					(op->m_dst != NULL)));
+	RTE_ASSERT((part_len == sym_op->cipher.data.length) ||
+			((part_len != sym_op->cipher.data.length) &&
+					(sym_op->m_dst != NULL)));
 	/* Segmented destination buffer is not supported */
-	RTE_ASSERT((op->m_dst == NULL) ||
-			((op->m_dst != NULL) &&
-					rte_pktmbuf_is_contiguous(op->m_dst)));
+	RTE_ASSERT((sym_op->m_dst == NULL) ||
+			((sym_op->m_dst != NULL) &&
+					rte_pktmbuf_is_contiguous(sym_op->m_dst)));
 
 
-	dst = op->m_dst ?
-			rte_pktmbuf_mtod_offset(op->m_dst, uint8_t *,
-					op->cipher.data.offset) :
-			rte_pktmbuf_mtod_offset(op->m_src, uint8_t *,
-					op->cipher.data.offset);
+	dst = sym_op->m_dst ?
+			rte_pktmbuf_mtod_offset(sym_op->m_dst, uint8_t *,
+					sym_op->cipher.data.offset) :
+			rte_pktmbuf_mtod_offset(sym_op->m_src, uint8_t *,
+					sym_op->cipher.data.offset);
 
 	src = rte_pktmbuf_mtod_offset(m_src, uint8_t *, offset);
 
 	/* sanity checks */
-	if (op->cipher.iv.length != 16 && op->cipher.iv.length != 12 &&
-			op->cipher.iv.length != 0) {
+	if (sym_op->cipher.iv.length != 16 && sym_op->cipher.iv.length != 12 &&
+			sym_op->cipher.iv.length != 0) {
 		GCM_LOG_ERR("iv");
 		return -1;
 	}
 
+	iv_ptr = rte_crypto_op_ctod_offset(op, uint8_t *,
+				sym_op->cipher.iv.offset);
 	/*
 	 * GCM working in 12B IV mode => 16B pre-counter block we need
 	 * to set BE LSB to 1, driver expects that 16B is allocated
 	 */
-	if (op->cipher.iv.length == 12) {
-		uint32_t *iv_padd = (uint32_t *)&op->cipher.iv.data[12];
+	if (sym_op->cipher.iv.length == 12) {
+		uint32_t *iv_padd = (uint32_t *)&(iv_ptr[12]);
 		*iv_padd = rte_bswap32(1);
 	}
 
-	if (op->auth.digest.length != 16 &&
-			op->auth.digest.length != 12 &&
-			op->auth.digest.length != 8) {
+	if (sym_op->auth.digest.length != 16 &&
+			sym_op->auth.digest.length != 12 &&
+			sym_op->auth.digest.length != 8) {
 		GCM_LOG_ERR("digest");
 		return -1;
 	}
@@ -245,13 +249,13 @@ process_gcm_crypto_op(struct rte_crypto_sym_op *op,
 	if (session->op == AESNI_GCM_OP_AUTHENTICATED_ENCRYPTION) {
 
 		aesni_gcm_enc[session->key].init(&session->gdata,
-				op->cipher.iv.data,
-				op->auth.aad.data,
-				(uint64_t)op->auth.aad.length);
+				iv_ptr,
+				sym_op->auth.aad.data,
+				(uint64_t)sym_op->auth.aad.length);
 
 		aesni_gcm_enc[session->key].update(&session->gdata, dst, src,
 				(uint64_t)part_len);
-		total_len = op->cipher.data.length - part_len;
+		total_len = sym_op->cipher.data.length - part_len;
 
 		while (total_len) {
 			dst += part_len;
@@ -270,12 +274,12 @@ process_gcm_crypto_op(struct rte_crypto_sym_op *op,
 		}
 
 		aesni_gcm_enc[session->key].finalize(&session->gdata,
-				op->auth.digest.data,
-				(uint64_t)op->auth.digest.length);
+				sym_op->auth.digest.data,
+				(uint64_t)sym_op->auth.digest.length);
 	} else { /* session->op == AESNI_GCM_OP_AUTHENTICATED_DECRYPTION */
-		uint8_t *auth_tag = (uint8_t *)rte_pktmbuf_append(op->m_dst ?
-				op->m_dst : op->m_src,
-				op->auth.digest.length);
+		uint8_t *auth_tag = (uint8_t *)rte_pktmbuf_append(sym_op->m_dst ?
+				sym_op->m_dst : sym_op->m_src,
+				sym_op->auth.digest.length);
 
 		if (!auth_tag) {
 			GCM_LOG_ERR("auth_tag");
@@ -283,13 +287,13 @@ process_gcm_crypto_op(struct rte_crypto_sym_op *op,
 		}
 
 		aesni_gcm_dec[session->key].init(&session->gdata,
-				op->cipher.iv.data,
-				op->auth.aad.data,
-				(uint64_t)op->auth.aad.length);
+				iv_ptr,
+				sym_op->auth.aad.data,
+				(uint64_t)sym_op->auth.aad.length);
 
 		aesni_gcm_dec[session->key].update(&session->gdata, dst, src,
 				(uint64_t)part_len);
-		total_len = op->cipher.data.length - part_len;
+		total_len = sym_op->cipher.data.length - part_len;
 
 		while (total_len) {
 			dst += part_len;
@@ -309,7 +313,7 @@ process_gcm_crypto_op(struct rte_crypto_sym_op *op,
 
 		aesni_gcm_dec[session->key].finalize(&session->gdata,
 				auth_tag,
-				(uint64_t)op->auth.digest.length);
+				(uint64_t)sym_op->auth.digest.length);
 	}
 
 	return 0;
@@ -401,7 +405,7 @@ aesni_gcm_pmd_dequeue_burst(void *queue_pair,
 			break;
 		}
 
-		retval = process_gcm_crypto_op(ops[i]->sym, sess);
+		retval = process_gcm_crypto_op(ops[i], sess);
 		if (retval < 0) {
 			ops[i]->status = RTE_CRYPTO_OP_STATUS_INVALID_ARGS;
 			qp->qp_stats.dequeue_err_count++;
diff --git a/drivers/crypto/aesni_mb/rte_aesni_mb_pmd.c b/drivers/crypto/aesni_mb/rte_aesni_mb_pmd.c
index efdc321..1685fa8 100644
--- a/drivers/crypto/aesni_mb/rte_aesni_mb_pmd.c
+++ b/drivers/crypto/aesni_mb/rte_aesni_mb_pmd.c
@@ -471,7 +471,8 @@ set_mb_job_params(JOB_AES_HMAC *job, struct aesni_mb_qp *qp,
 			get_truncated_digest_byte_length(job->hash_alg);
 
 	/* Set IV parameters */
-	job->iv = op->sym->cipher.iv.data;
+	job->iv = rte_crypto_op_ctod_offset(op, uint8_t *,
+			op->sym->cipher.iv.offset);
 	job->iv_len_in_bytes = op->sym->cipher.iv.length;
 
 	/* Data  Parameter */
diff --git a/drivers/crypto/armv8/rte_armv8_pmd.c b/drivers/crypto/armv8/rte_armv8_pmd.c
index 04d8781..fa6a7d5 100644
--- a/drivers/crypto/armv8/rte_armv8_pmd.c
+++ b/drivers/crypto/armv8/rte_armv8_pmd.c
@@ -654,7 +654,8 @@ process_armv8_chained_op
 		return;
 	}
 
-	arg.cipher.iv = op->sym->cipher.iv.data;
+	arg.cipher.iv = rte_crypto_op_ctod_offset(op, uint8_t *,
+					op->sym->cipher.iv.offset);
 	arg.cipher.key = sess->cipher.key.data;
 	/* Acquire combined mode function */
 	crypto_func = sess->crypto_func;
diff --git a/drivers/crypto/dpaa2_sec/dpaa2_sec_dpseci.c b/drivers/crypto/dpaa2_sec/dpaa2_sec_dpseci.c
index e154395..1605701 100644
--- a/drivers/crypto/dpaa2_sec/dpaa2_sec_dpseci.c
+++ b/drivers/crypto/dpaa2_sec/dpaa2_sec_dpseci.c
@@ -87,6 +87,8 @@ build_authenc_fd(dpaa2_sec_session *sess,
 	int icv_len = sym_op->auth.digest.length;
 	uint8_t *old_icv;
 	uint32_t mem_len = (7 * sizeof(struct qbman_fle)) + icv_len;
+	uint8_t *iv_ptr = rte_crypto_op_ctod_offset(op, uint8_t *,
+			op->sym->cipher.iv.offset);
 
 	PMD_INIT_FUNC_TRACE();
 
@@ -178,7 +180,7 @@ build_authenc_fd(dpaa2_sec_session *sess,
 			 sym_op->auth.digest.length);
 
 	/* Configure Input SGE for Encap/Decap */
-	DPAA2_SET_FLE_ADDR(sge, DPAA2_VADDR_TO_IOVA(sym_op->cipher.iv.data));
+	DPAA2_SET_FLE_ADDR(sge, DPAA2_VADDR_TO_IOVA(iv_ptr));
 	sge->length = sym_op->cipher.iv.length;
 	sge++;
 
@@ -307,6 +309,8 @@ build_cipher_fd(dpaa2_sec_session *sess, struct rte_crypto_op *op,
 	uint32_t mem_len = (5 * sizeof(struct qbman_fle));
 	struct sec_flow_context *flc;
 	struct ctxt_priv *priv = sess->ctxt;
+	uint8_t *iv_ptr = rte_crypto_op_ctod_offset(op, uint8_t *,
+			op->sym->cipher.iv.offset);
 
 	PMD_INIT_FUNC_TRACE();
 
@@ -369,7 +373,7 @@ build_cipher_fd(dpaa2_sec_session *sess, struct rte_crypto_op *op,
 
 	DPAA2_SET_FLE_SG_EXT(fle);
 
-	DPAA2_SET_FLE_ADDR(sge, DPAA2_VADDR_TO_IOVA(sym_op->cipher.iv.data));
+	DPAA2_SET_FLE_ADDR(sge, DPAA2_VADDR_TO_IOVA(iv_ptr));
 	sge->length = sym_op->cipher.iv.length;
 
 	sge++;
diff --git a/drivers/crypto/kasumi/rte_kasumi_pmd.c b/drivers/crypto/kasumi/rte_kasumi_pmd.c
index 667ebfc..edf84e8 100644
--- a/drivers/crypto/kasumi/rte_kasumi_pmd.c
+++ b/drivers/crypto/kasumi/rte_kasumi_pmd.c
@@ -174,7 +174,8 @@ process_kasumi_cipher_op(struct rte_crypto_op **ops,
 	unsigned i;
 	uint8_t processed_ops = 0;
 	uint8_t *src[num_ops], *dst[num_ops];
-	uint64_t IV[num_ops];
+	uint8_t *iv_ptr;
+	uint64_t iv[num_ops];
 	uint32_t num_bytes[num_ops];
 
 	for (i = 0; i < num_ops; i++) {
@@ -192,14 +193,16 @@ process_kasumi_cipher_op(struct rte_crypto_op **ops,
 				(ops[i]->sym->cipher.data.offset >> 3) :
 			rte_pktmbuf_mtod(ops[i]->sym->m_src, uint8_t *) +
 				(ops[i]->sym->cipher.data.offset >> 3);
-		IV[i] = *((uint64_t *)(ops[i]->sym->cipher.iv.data));
+		iv_ptr = rte_crypto_op_ctod_offset(ops[i], uint8_t *,
+				ops[i]->sym->cipher.iv.offset);
+		iv[i] = *((uint64_t *)(iv_ptr));
 		num_bytes[i] = ops[i]->sym->cipher.data.length >> 3;
 
 		processed_ops++;
 	}
 
 	if (processed_ops != 0)
-		sso_kasumi_f8_n_buffer(&session->pKeySched_cipher, IV,
+		sso_kasumi_f8_n_buffer(&session->pKeySched_cipher, iv,
 			src, dst, num_bytes, processed_ops);
 
 	return processed_ops;
@@ -211,7 +214,8 @@ process_kasumi_cipher_op_bit(struct rte_crypto_op *op,
 		struct kasumi_session *session)
 {
 	uint8_t *src, *dst;
-	uint64_t IV;
+	uint8_t *iv_ptr;
+	uint64_t iv;
 	uint32_t length_in_bits, offset_in_bits;
 
 	/* Sanity checks. */
@@ -229,10 +233,12 @@ process_kasumi_cipher_op_bit(struct rte_crypto_op *op,
 		return 0;
 	}
 	dst = rte_pktmbuf_mtod(op->sym->m_dst, uint8_t *);
-	IV = *((uint64_t *)(op->sym->cipher.iv.data));
+	iv_ptr = rte_crypto_op_ctod_offset(op, uint8_t *,
+			op->sym->cipher.iv.offset);
+	iv = *((uint64_t *)(iv_ptr));
 	length_in_bits = op->sym->cipher.data.length;
 
-	sso_kasumi_f8_1_buffer_bit(&session->pKeySched_cipher, IV,
+	sso_kasumi_f8_1_buffer_bit(&session->pKeySched_cipher, iv,
 			src, dst, length_in_bits, offset_in_bits);
 
 	return 1;
@@ -250,7 +256,7 @@ process_kasumi_hash_op(struct rte_crypto_op **ops,
 	uint32_t length_in_bits;
 	uint32_t num_bytes;
 	uint32_t shift_bits;
-	uint64_t IV;
+	uint64_t iv;
 	uint8_t direction;
 
 	for (i = 0; i < num_ops; i++) {
@@ -278,7 +284,7 @@ process_kasumi_hash_op(struct rte_crypto_op **ops,
 		src = rte_pktmbuf_mtod(ops[i]->sym->m_src, uint8_t *) +
 				(ops[i]->sym->auth.data.offset >> 3);
 		/* IV from AAD */
-		IV = *((uint64_t *)(ops[i]->sym->auth.aad.data));
+		iv = *((uint64_t *)(ops[i]->sym->auth.aad.data));
 		/* Direction from next bit after end of message */
 		num_bytes = (length_in_bits >> 3) + 1;
 		shift_bits = (BYTE_LEN - 1 - length_in_bits) % BYTE_LEN;
@@ -289,7 +295,7 @@ process_kasumi_hash_op(struct rte_crypto_op **ops,
 					ops[i]->sym->auth.digest.length);
 
 			sso_kasumi_f9_1_buffer_user(&session->pKeySched_hash,
-					IV, src,
+					iv, src,
 					length_in_bits,	dst, direction);
 			/* Verify digest. */
 			if (memcmp(dst, ops[i]->sym->auth.digest.data,
@@ -303,7 +309,7 @@ process_kasumi_hash_op(struct rte_crypto_op **ops,
 			dst = ops[i]->sym->auth.digest.data;
 
 			sso_kasumi_f9_1_buffer_user(&session->pKeySched_hash,
-					IV, src,
+					iv, src,
 					length_in_bits, dst, direction);
 		}
 		processed_ops++;
diff --git a/drivers/crypto/openssl/rte_openssl_pmd.c b/drivers/crypto/openssl/rte_openssl_pmd.c
index 9f032d3..02cf25a 100644
--- a/drivers/crypto/openssl/rte_openssl_pmd.c
+++ b/drivers/crypto/openssl/rte_openssl_pmd.c
@@ -923,7 +923,8 @@ process_openssl_combined_op
 		return;
 	}
 
-	iv = op->sym->cipher.iv.data;
+	iv = rte_crypto_op_ctod_offset(op, uint8_t *,
+			op->sym->cipher.iv.offset);
 	ivlen = op->sym->cipher.iv.length;
 	aad = op->sym->auth.aad.data;
 	aadlen = op->sym->auth.aad.length;
@@ -987,7 +988,8 @@ process_openssl_cipher_op
 	dst = rte_pktmbuf_mtod_offset(mbuf_dst, uint8_t *,
 			op->sym->cipher.data.offset);
 
-	iv = op->sym->cipher.iv.data;
+	iv = rte_crypto_op_ctod_offset(op, uint8_t *,
+			op->sym->cipher.iv.offset);
 
 	if (sess->cipher.mode == OPENSSL_CIPHER_LIB)
 		if (sess->cipher.direction == RTE_CRYPTO_CIPHER_OP_ENCRYPT)
@@ -1028,7 +1030,8 @@ process_openssl_docsis_bpi_op(struct rte_crypto_op *op,
 	dst = rte_pktmbuf_mtod_offset(mbuf_dst, uint8_t *,
 			op->sym->cipher.data.offset);
 
-	iv = op->sym->cipher.iv.data;
+	iv = rte_crypto_op_ctod_offset(op, uint8_t *,
+			op->sym->cipher.iv.offset);
 
 	block_size = DES_BLOCK_SIZE;
 
@@ -1086,7 +1089,8 @@ process_openssl_docsis_bpi_op(struct rte_crypto_op *op,
 						dst, iv,
 						last_block_len, sess->cipher.bpi_ctx);
 				/* Prepare parameters for CBC mode op */
-				iv = op->sym->cipher.iv.data;
+				iv = rte_crypto_op_ctod_offset(op, uint8_t *,
+						op->sym->cipher.iv.offset);
 				dst += last_block_len - srclen;
 				srclen -= last_block_len;
 			}
diff --git a/drivers/crypto/qat/qat_crypto.c b/drivers/crypto/qat/qat_crypto.c
index bdd5bab..7015549 100644
--- a/drivers/crypto/qat/qat_crypto.c
+++ b/drivers/crypto/qat/qat_crypto.c
@@ -642,7 +642,8 @@ qat_bpicipher_preprocess(struct qat_session *ctx,
 			iv = last_block - block_len;
 		else
 			/* runt block, i.e. less than one full block */
-			iv = sym_op->cipher.iv.data;
+			iv = rte_crypto_op_ctod_offset(op, uint8_t *,
+					sym_op->cipher.iv.offset);
 
 #ifdef RTE_LIBRTE_PMD_QAT_DEBUG_TX
 		rte_hexdump(stdout, "BPI: src before pre-process:", last_block,
@@ -697,7 +698,8 @@ qat_bpicipher_postprocess(struct qat_session *ctx,
 			iv = dst - block_len;
 		else
 			/* runt block, i.e. less than one full block */
-			iv = sym_op->cipher.iv.data;
+			iv = rte_crypto_op_ctod_offset(op, uint8_t *,
+					sym_op->cipher.iv.offset);
 
 #ifdef RTE_LIBRTE_PMD_QAT_DEBUG_RX
 		rte_hexdump(stdout, "BPI: src before post-process:", last_block,
@@ -903,6 +905,7 @@ qat_write_hw_desc_entry(struct rte_crypto_op *op, uint8_t *out_msg,
 	uint32_t min_ofs = 0;
 	uint64_t src_buf_start = 0, dst_buf_start = 0;
 	uint8_t do_sgl = 0;
+	uint8_t *iv_ptr;
 
 
 #ifdef RTE_LIBRTE_PMD_QAT_DEBUG_TX
@@ -976,6 +979,8 @@ qat_write_hw_desc_entry(struct rte_crypto_op *op, uint8_t *out_msg,
 			cipher_ofs = op->sym->cipher.data.offset;
 		}
 
+		iv_ptr = rte_crypto_op_ctod_offset(op, uint8_t *,
+					op->sym->cipher.iv.offset);
 		/* copy IV into request if it fits */
 		/*
 		 * If IV length is zero do not copy anything but still
@@ -986,14 +991,15 @@ qat_write_hw_desc_entry(struct rte_crypto_op *op, uint8_t *out_msg,
 			if (op->sym->cipher.iv.length <=
 					sizeof(cipher_param->u.cipher_IV_array)) {
 				rte_memcpy(cipher_param->u.cipher_IV_array,
-						op->sym->cipher.iv.data,
+						iv_ptr,
 						op->sym->cipher.iv.length);
 			} else {
 				ICP_QAT_FW_LA_CIPH_IV_FLD_FLAG_SET(
 						qat_req->comn_hdr.serv_specif_flags,
 						ICP_QAT_FW_CIPH_IV_64BIT_PTR);
 				cipher_param->u.s.cipher_IV_ptr =
-						op->sym->cipher.iv.phys_addr;
+						rte_crypto_op_ctophys_offset(op,
+							op->sym->cipher.iv.offset);
 			}
 		}
 		min_ofs = cipher_ofs;
@@ -1194,12 +1200,16 @@ qat_write_hw_desc_entry(struct rte_crypto_op *op, uint8_t *out_msg,
 	rte_hexdump(stdout, "src_data:",
 			rte_pktmbuf_mtod(op->sym->m_src, uint8_t*),
 			rte_pktmbuf_data_len(op->sym->m_src));
-	rte_hexdump(stdout, "iv:", op->sym->cipher.iv.data,
-			op->sym->cipher.iv.length);
-	rte_hexdump(stdout, "digest:", op->sym->auth.digest.data,
-			op->sym->auth.digest.length);
-	rte_hexdump(stdout, "aad:", op->sym->auth.aad.data,
-			op->sym->auth.aad.length);
+	if (do_cipher)
+		rte_hexdump(stdout, "iv:", iv_ptr,
+				op->sym->cipher.iv.length);
+
+	if (do_auth) {
+		rte_hexdump(stdout, "digest:", op->sym->auth.digest.data,
+				op->sym->auth.digest.length);
+		rte_hexdump(stdout, "aad:", op->sym->auth.aad.data,
+				op->sym->auth.aad.length);
+	}
 #endif
 	return 0;
 }
diff --git a/drivers/crypto/snow3g/rte_snow3g_pmd.c b/drivers/crypto/snow3g/rte_snow3g_pmd.c
index 6261656..6df8416 100644
--- a/drivers/crypto/snow3g/rte_snow3g_pmd.c
+++ b/drivers/crypto/snow3g/rte_snow3g_pmd.c
@@ -174,7 +174,7 @@ process_snow3g_cipher_op(struct rte_crypto_op **ops,
 	unsigned i;
 	uint8_t processed_ops = 0;
 	uint8_t *src[SNOW3G_MAX_BURST], *dst[SNOW3G_MAX_BURST];
-	uint8_t *IV[SNOW3G_MAX_BURST];
+	uint8_t *iv[SNOW3G_MAX_BURST];
 	uint32_t num_bytes[SNOW3G_MAX_BURST];
 
 	for (i = 0; i < num_ops; i++) {
@@ -192,13 +192,14 @@ process_snow3g_cipher_op(struct rte_crypto_op **ops,
 				(ops[i]->sym->cipher.data.offset >> 3) :
 			rte_pktmbuf_mtod(ops[i]->sym->m_src, uint8_t *) +
 				(ops[i]->sym->cipher.data.offset >> 3);
-		IV[i] = ops[i]->sym->cipher.iv.data;
+		iv[i] = rte_crypto_op_ctod_offset(ops[i], uint8_t *,
+				ops[i]->sym->cipher.iv.offset);
 		num_bytes[i] = ops[i]->sym->cipher.data.length >> 3;
 
 		processed_ops++;
 	}
 
-	sso_snow3g_f8_n_buffer(&session->pKeySched_cipher, IV, src, dst,
+	sso_snow3g_f8_n_buffer(&session->pKeySched_cipher, iv, src, dst,
 			num_bytes, processed_ops);
 
 	return processed_ops;
@@ -210,7 +211,7 @@ process_snow3g_cipher_op_bit(struct rte_crypto_op *op,
 		struct snow3g_session *session)
 {
 	uint8_t *src, *dst;
-	uint8_t *IV;
+	uint8_t *iv;
 	uint32_t length_in_bits, offset_in_bits;
 
 	/* Sanity checks. */
@@ -228,10 +229,11 @@ process_snow3g_cipher_op_bit(struct rte_crypto_op *op,
 		return 0;
 	}
 	dst = rte_pktmbuf_mtod(op->sym->m_dst, uint8_t *);
-	IV = op->sym->cipher.iv.data;
+	iv = rte_crypto_op_ctod_offset(op, uint8_t *,
+				op->sym->cipher.iv.offset);
 	length_in_bits = op->sym->cipher.data.length;
 
-	sso_snow3g_f8_1_buffer_bit(&session->pKeySched_cipher, IV,
+	sso_snow3g_f8_1_buffer_bit(&session->pKeySched_cipher, iv,
 			src, dst, length_in_bits, offset_in_bits);
 
 	return 1;
diff --git a/drivers/crypto/zuc/rte_zuc_pmd.c b/drivers/crypto/zuc/rte_zuc_pmd.c
index d2263b4..8374f65 100644
--- a/drivers/crypto/zuc/rte_zuc_pmd.c
+++ b/drivers/crypto/zuc/rte_zuc_pmd.c
@@ -173,7 +173,7 @@ process_zuc_cipher_op(struct rte_crypto_op **ops,
 	unsigned i;
 	uint8_t processed_ops = 0;
 	uint8_t *src[ZUC_MAX_BURST], *dst[ZUC_MAX_BURST];
-	uint8_t *IV[ZUC_MAX_BURST];
+	uint8_t *iv[ZUC_MAX_BURST];
 	uint32_t num_bytes[ZUC_MAX_BURST];
 	uint8_t *cipher_keys[ZUC_MAX_BURST];
 
@@ -213,7 +213,8 @@ process_zuc_cipher_op(struct rte_crypto_op **ops,
 				(ops[i]->sym->cipher.data.offset >> 3) :
 			rte_pktmbuf_mtod(ops[i]->sym->m_src, uint8_t *) +
 				(ops[i]->sym->cipher.data.offset >> 3);
-		IV[i] = ops[i]->sym->cipher.iv.data;
+		iv[i] = rte_crypto_op_ctod_offset(ops[i], uint8_t *,
+				ops[i]->sym->cipher.iv.offset);
 		num_bytes[i] = ops[i]->sym->cipher.data.length >> 3;
 
 		cipher_keys[i] = session->pKey_cipher;
@@ -221,7 +222,7 @@ process_zuc_cipher_op(struct rte_crypto_op **ops,
 		processed_ops++;
 	}
 
-	sso_zuc_eea3_n_buffer(cipher_keys, IV, src, dst,
+	sso_zuc_eea3_n_buffer(cipher_keys, iv, src, dst,
 			num_bytes, processed_ops);
 
 	return processed_ops;
diff --git a/examples/ipsec-secgw/esp.c b/examples/ipsec-secgw/esp.c
index 5bf2d7d..738a800 100644
--- a/examples/ipsec-secgw/esp.c
+++ b/examples/ipsec-secgw/esp.c
@@ -104,9 +104,7 @@ esp_inbound(struct rte_mbuf *m, struct ipsec_sa *sa,
 	case RTE_CRYPTO_CIPHER_AES_CBC:
 		/* Copy IV at the end of crypto operation */
 		rte_memcpy(iv_ptr, iv, sa->iv_len);
-		sym_cop->cipher.iv.data = iv_ptr;
-		sym_cop->cipher.iv.phys_addr =
-				rte_crypto_op_ctophys_offset(cop, IV_OFFSET);
+		sym_cop->cipher.iv.offset = IV_OFFSET;
 		sym_cop->cipher.iv.length = sa->iv_len;
 		break;
 	case RTE_CRYPTO_CIPHER_AES_CTR:
@@ -115,9 +113,7 @@ esp_inbound(struct rte_mbuf *m, struct ipsec_sa *sa,
 		icb->salt = sa->salt;
 		memcpy(&icb->iv, iv, 8);
 		icb->cnt = rte_cpu_to_be_32(1);
-		sym_cop->cipher.iv.data = iv_ptr;
-		sym_cop->cipher.iv.phys_addr =
-				rte_crypto_op_ctophys_offset(cop, IV_OFFSET);
+		sym_cop->cipher.iv.offset = IV_OFFSET;
 		sym_cop->cipher.iv.length = 16;
 		break;
 	default:
@@ -348,15 +344,11 @@ esp_outbound(struct rte_mbuf *m, struct ipsec_sa *sa,
 	padding[pad_len - 2] = pad_len - 2;
 	padding[pad_len - 1] = nlp;
 
-	uint8_t *iv_ptr = rte_crypto_op_ctod_offset(cop,
-				uint8_t *, IV_OFFSET);
 	struct cnt_blk *icb = get_cnt_blk(m);
 	icb->salt = sa->salt;
 	icb->iv = sa->seq;
 	icb->cnt = rte_cpu_to_be_32(1);
-	sym_cop->cipher.iv.data = iv_ptr;
-	sym_cop->cipher.iv.phys_addr =
-			rte_crypto_op_ctophys_offset(cop, IV_OFFSET);
+	sym_cop->cipher.iv.offset = IV_OFFSET;
 	sym_cop->cipher.iv.length = 16;
 
 	uint8_t *aad;
diff --git a/examples/l2fwd-crypto/main.c b/examples/l2fwd-crypto/main.c
index 1380bc6..ffd9731 100644
--- a/examples/l2fwd-crypto/main.c
+++ b/examples/l2fwd-crypto/main.c
@@ -489,9 +489,7 @@ l2fwd_simple_crypto_enqueue(struct rte_mbuf *m,
 		/* Copy IV at the end of the crypto operation */
 		rte_memcpy(iv_ptr, cparams->iv.data, cparams->iv.length);
 
-		op->sym->cipher.iv.data = iv_ptr;
-		op->sym->cipher.iv.phys_addr =
-				rte_crypto_op_ctophys_offset(op, IV_OFFSET);
+		op->sym->cipher.iv.offset = IV_OFFSET;
 		op->sym->cipher.iv.length = cparams->iv.length;
 
 		/* For wireless algorithms, offset/length must be in bits */
@@ -700,7 +698,6 @@ l2fwd_main_loop(struct l2fwd_crypto_options *options)
 		if (port_cparams[i].do_cipher) {
 			port_cparams[i].iv.data = options->iv.data;
 			port_cparams[i].iv.length = options->iv.length;
-			port_cparams[i].iv.phys_addr = options->iv.phys_addr;
 			if (!options->iv_param)
 				generate_random_key(port_cparams[i].iv.data,
 						port_cparams[i].iv.length);
diff --git a/lib/librte_cryptodev/rte_crypto_sym.h b/lib/librte_cryptodev/rte_crypto_sym.h
index 39ad1e3..b35c45a 100644
--- a/lib/librte_cryptodev/rte_crypto_sym.h
+++ b/lib/librte_cryptodev/rte_crypto_sym.h
@@ -464,8 +464,10 @@ struct rte_crypto_sym_op {
 		} data; /**< Data offsets and length for ciphering */
 
 		struct {
-			uint8_t *data;
-			/**< Initialisation Vector or Counter.
+			uint16_t offset;
+			/**< Starting point for Initialisation Vector or Counter,
+			 * specified as number of bytes from start of crypto
+			 * operation.
 			 *
 			 * - For block ciphers in CBC or F8 mode, or for KASUMI
 			 * in F8 mode, or for SNOW 3G in UEA2 mode, this is the
@@ -491,7 +493,6 @@ struct rte_crypto_sym_op {
 			 * For optimum performance, the data pointed to SHOULD
 			 * be 8-byte aligned.
 			 */
-			phys_addr_t phys_addr;
 			uint16_t length;
 			/**< Length of valid IV data.
 			 *
diff --git a/test/test/test_cryptodev.c b/test/test/test_cryptodev.c
index 133c439..0dd95ca 100644
--- a/test/test/test_cryptodev.c
+++ b/test/test/test_cryptodev.c
@@ -1311,13 +1311,11 @@ test_AES_CBC_HMAC_SHA1_encrypt_digest(void)
 	sym_op->auth.data.length = QUOTE_512_BYTES;
 
 	/* Set crypto operation cipher parameters */
-	sym_op->cipher.iv.data = rte_crypto_op_ctod_offset(ut_params->op,
-						uint8_t *, IV_OFFSET);
-	sym_op->cipher.iv.phys_addr = rte_crypto_op_ctophys_offset(ut_params->op,
-						IV_OFFSET);
+	sym_op->cipher.iv.offset = IV_OFFSET;
 	sym_op->cipher.iv.length = CIPHER_IV_LENGTH_AES_CBC;
 
-	rte_memcpy(sym_op->cipher.iv.data, aes_cbc_iv, CIPHER_IV_LENGTH_AES_CBC);
+	rte_memcpy(rte_crypto_op_ctod_offset(ut_params->op, uint8_t *, IV_OFFSET),
+			aes_cbc_iv, CIPHER_IV_LENGTH_AES_CBC);
 
 	sym_op->cipher.data.offset = 0;
 	sym_op->cipher.data.length = QUOTE_512_BYTES;
@@ -1464,13 +1462,11 @@ test_AES_CBC_HMAC_SHA512_decrypt_perform(struct rte_cryptodev_sym_session *sess,
 	sym_op->auth.data.offset = 0;
 	sym_op->auth.data.length = QUOTE_512_BYTES;
 
-	sym_op->cipher.iv.data = rte_crypto_op_ctod_offset(ut_params->op,
-						uint8_t *, IV_OFFSET);
-	sym_op->cipher.iv.phys_addr = rte_crypto_op_ctophys_offset(ut_params->op,
-						IV_OFFSET);
+	sym_op->cipher.iv.offset = IV_OFFSET;
 	sym_op->cipher.iv.length = CIPHER_IV_LENGTH_AES_CBC;
 
-	rte_memcpy(sym_op->cipher.iv.data, iv, CIPHER_IV_LENGTH_AES_CBC);
+	rte_memcpy(rte_crypto_op_ctod_offset(ut_params->op, uint8_t *, IV_OFFSET),
+			iv, CIPHER_IV_LENGTH_AES_CBC);
 
 	sym_op->cipher.data.offset = 0;
 	sym_op->cipher.data.length = QUOTE_512_BYTES;
@@ -1860,13 +1856,11 @@ create_wireless_algo_cipher_operation(const uint8_t *iv, uint8_t iv_len,
 	sym_op->m_src = ut_params->ibuf;
 
 	/* iv */
-	sym_op->cipher.iv.data = rte_crypto_op_ctod_offset(ut_params->op,
-						uint8_t *, IV_OFFSET);
-	sym_op->cipher.iv.phys_addr = rte_crypto_op_ctophys_offset(ut_params->op,
-						IV_OFFSET);
+	sym_op->cipher.iv.offset = IV_OFFSET;
 	sym_op->cipher.iv.length = iv_len;
 
-	rte_memcpy(sym_op->cipher.iv.data, iv, iv_len);
+	rte_memcpy(rte_crypto_op_ctod_offset(ut_params->op, uint8_t *, IV_OFFSET),
+			iv, iv_len);
 	sym_op->cipher.data.length = cipher_len;
 	sym_op->cipher.data.offset = cipher_offset;
 	return 0;
@@ -1896,13 +1890,11 @@ create_wireless_algo_cipher_operation_oop(const uint8_t *iv, uint8_t iv_len,
 	sym_op->m_dst = ut_params->obuf;
 
 	/* iv */
-	sym_op->cipher.iv.data = rte_crypto_op_ctod_offset(ut_params->op,
-						uint8_t *, IV_OFFSET);
-	sym_op->cipher.iv.phys_addr = rte_crypto_op_ctophys_offset(ut_params->op,
-						IV_OFFSET);
+	sym_op->cipher.iv.offset = IV_OFFSET;
 	sym_op->cipher.iv.length = iv_len;
 
-	rte_memcpy(sym_op->cipher.iv.data, iv, iv_len);
+	rte_memcpy(rte_crypto_op_ctod_offset(ut_params->op, uint8_t *, IV_OFFSET),
+			iv, iv_len);
 	sym_op->cipher.data.length = cipher_len;
 	sym_op->cipher.data.offset = cipher_offset;
 	return 0;
@@ -2219,13 +2211,11 @@ create_wireless_cipher_hash_operation(const struct wireless_test_data *tdata,
 	TEST_HEXDUMP(stdout, "aad:", sym_op->auth.aad.data, aad_len);
 
 	/* iv */
-	sym_op->cipher.iv.data = rte_crypto_op_ctod_offset(ut_params->op,
-						uint8_t *, IV_OFFSET);
-	sym_op->cipher.iv.phys_addr = rte_crypto_op_ctophys_offset(ut_params->op,
-						IV_OFFSET);
+	sym_op->cipher.iv.offset = IV_OFFSET;
 	sym_op->cipher.iv.length = iv_len;
 
-	rte_memcpy(sym_op->cipher.iv.data, iv, iv_len);
+	rte_memcpy(rte_crypto_op_ctod_offset(ut_params->op, uint8_t *, IV_OFFSET),
+			iv, iv_len);
 	sym_op->cipher.data.length = cipher_len;
 	sym_op->cipher.data.offset = cipher_offset + auth_offset;
 	sym_op->auth.data.length = auth_len;
@@ -2316,13 +2306,11 @@ create_wireless_algo_cipher_hash_operation(const uint8_t *auth_tag,
 	TEST_HEXDUMP(stdout, "aad:", sym_op->auth.aad.data, aad_len);
 
 	/* iv */
-	sym_op->cipher.iv.data = rte_crypto_op_ctod_offset(ut_params->op,
-						uint8_t *, IV_OFFSET);
-	sym_op->cipher.iv.phys_addr = rte_crypto_op_ctophys_offset(ut_params->op,
-						IV_OFFSET);
+	sym_op->cipher.iv.offset = IV_OFFSET;
 	sym_op->cipher.iv.length = iv_len;
 
-	rte_memcpy(sym_op->cipher.iv.data, iv, iv_len);
+	rte_memcpy(rte_crypto_op_ctod_offset(ut_params->op, uint8_t *, IV_OFFSET),
+			iv, iv_len);
 	sym_op->cipher.data.length = cipher_len;
 	sym_op->cipher.data.offset = cipher_offset + auth_offset;
 	sym_op->auth.data.length = auth_len;
@@ -2401,14 +2389,11 @@ create_wireless_algo_auth_cipher_operation(const unsigned auth_tag_len,
 			sym_op->auth.aad.data, aad_len);
 
 	/* iv */
-	sym_op->cipher.iv.data = rte_crypto_op_ctod_offset(ut_params->op,
-						uint8_t *, IV_OFFSET);
-	sym_op->cipher.iv.phys_addr = rte_crypto_op_ctophys_offset(ut_params->op,
-						IV_OFFSET);
+	sym_op->cipher.iv.offset = IV_OFFSET;
 	sym_op->cipher.iv.length = iv_len;
 
-	rte_memcpy(sym_op->cipher.iv.data, iv, iv_len);
-
+	rte_memcpy(rte_crypto_op_ctod_offset(ut_params->op, uint8_t *, IV_OFFSET),
+			iv, iv_len);
 	sym_op->cipher.data.length = cipher_len;
 	sym_op->cipher.data.offset = auth_offset + cipher_offset;
 
@@ -4855,14 +4840,13 @@ create_gcm_operation(enum rte_crypto_cipher_operation op,
 		sym_op->auth.aad.length);
 
 	/* Append IV at the end of the crypto operation*/
-	sym_op->cipher.iv.data = rte_crypto_op_ctod_offset(ut_params->op,
-						uint8_t *, IV_OFFSET);
-	sym_op->cipher.iv.phys_addr = rte_crypto_op_ctophys_offset(ut_params->op,
-						IV_OFFSET);
+	uint8_t *iv_ptr = rte_crypto_op_ctod_offset(ut_params->op,
+			uint8_t *, IV_OFFSET);
+	sym_op->cipher.iv.offset = IV_OFFSET;
 	sym_op->cipher.iv.length = tdata->iv.len;
 
-	rte_memcpy(sym_op->cipher.iv.data, tdata->iv.data, tdata->iv.len);
-	TEST_HEXDUMP(stdout, "iv:", sym_op->cipher.iv.data,
+	rte_memcpy(iv_ptr, tdata->iv.data, tdata->iv.len);
+	TEST_HEXDUMP(stdout, "iv:", iv_ptr,
 		sym_op->cipher.iv.length);
 
 	/* Append plaintext/ciphertext */
@@ -6430,15 +6414,15 @@ create_gmac_operation(enum rte_crypto_auth_operation op,
 				sym_op->auth.digest.length);
 	}
 
-	sym_op->cipher.iv.data = rte_crypto_op_ctod_offset(ut_params->op,
-						uint8_t *, IV_OFFSET);
-	sym_op->cipher.iv.phys_addr = rte_crypto_op_ctophys_offset(ut_params->op,
-						IV_OFFSET);
+	uint8_t *iv_ptr = rte_crypto_op_ctod_offset(ut_params->op,
+			uint8_t *, IV_OFFSET);
+
+	sym_op->cipher.iv.offset = IV_OFFSET;
 	sym_op->cipher.iv.length = tdata->iv.len;
 
-	rte_memcpy(sym_op->cipher.iv.data, tdata->iv.data, tdata->iv.len);
+	rte_memcpy(iv_ptr, tdata->iv.data, tdata->iv.len);
 
-	TEST_HEXDUMP(stdout, "iv:", sym_op->cipher.iv.data, tdata->iv.len);
+	TEST_HEXDUMP(stdout, "iv:", iv_ptr, tdata->iv.len);
 
 	sym_op->cipher.data.length = 0;
 	sym_op->cipher.data.offset = 0;
@@ -6976,13 +6960,11 @@ create_auth_GMAC_operation(struct crypto_testsuite_params *ts_params,
 			sym_op->auth.digest.data,
 			sym_op->auth.digest.length);
 
-	sym_op->cipher.iv.data = rte_crypto_op_ctod_offset(ut_params->op,
-						uint8_t *, IV_OFFSET);
-	sym_op->cipher.iv.phys_addr = rte_crypto_op_ctophys_offset(ut_params->op,
-						IV_OFFSET);
+	sym_op->cipher.iv.offset = IV_OFFSET;
 	sym_op->cipher.iv.length = reference->iv.len;
 
-	rte_memcpy(sym_op->cipher.iv.data, reference->iv.data, reference->iv.len);
+	rte_memcpy(rte_crypto_op_ctod_offset(ut_params->op, uint8_t *, IV_OFFSET),
+			reference->iv.data, reference->iv.len);
 
 	sym_op->cipher.data.length = 0;
 	sym_op->cipher.data.offset = 0;
@@ -7035,13 +7017,11 @@ create_cipher_auth_operation(struct crypto_testsuite_params *ts_params,
 			sym_op->auth.digest.data,
 			sym_op->auth.digest.length);
 
-	sym_op->cipher.iv.data = rte_crypto_op_ctod_offset(ut_params->op,
-						uint8_t *, IV_OFFSET);
-	sym_op->cipher.iv.phys_addr = rte_crypto_op_ctophys_offset(ut_params->op,
-						IV_OFFSET);
+	sym_op->cipher.iv.offset = IV_OFFSET;
 	sym_op->cipher.iv.length = reference->iv.len;
 
-	rte_memcpy(sym_op->cipher.iv.data, reference->iv.data, reference->iv.len);
+	rte_memcpy(rte_crypto_op_ctod_offset(ut_params->op, uint8_t *, IV_OFFSET),
+			reference->iv.data, reference->iv.len);
 
 	sym_op->cipher.data.length = reference->ciphertext.len;
 	sym_op->cipher.data.offset = 0;
@@ -7285,13 +7265,12 @@ create_gcm_operation_SGL(enum rte_crypto_cipher_operation op,
 				sym_op->auth.digest.length);
 	}
 
-	sym_op->cipher.iv.data = rte_crypto_op_ctod_offset(ut_params->op,
-						uint8_t *, IV_OFFSET);
-	sym_op->cipher.iv.phys_addr = rte_crypto_op_ctophys_offset(ut_params->op,
-						IV_OFFSET);
+	uint8_t *iv_ptr = rte_crypto_op_ctod_offset(ut_params->op,
+			uint8_t *, IV_OFFSET);
+	sym_op->cipher.iv.offset = IV_OFFSET;
 	sym_op->cipher.iv.length = iv_len;
 
-	rte_memcpy(sym_op->cipher.iv.data, tdata->iv.data, iv_len);
+	rte_memcpy(iv_ptr, tdata->iv.data, iv_len);
 
 	sym_op->auth.aad.data = (uint8_t *)rte_pktmbuf_prepend(
 			ut_params->ibuf, aad_len);
@@ -7304,7 +7283,7 @@ create_gcm_operation_SGL(enum rte_crypto_cipher_operation op,
 	memset(sym_op->auth.aad.data, 0, aad_len);
 	rte_memcpy(sym_op->auth.aad.data, tdata->aad.data, aad_len);
 
-	TEST_HEXDUMP(stdout, "iv:", sym_op->cipher.iv.data, iv_len);
+	TEST_HEXDUMP(stdout, "iv:", iv_ptr, iv_len);
 	TEST_HEXDUMP(stdout, "aad:",
 			sym_op->auth.aad.data, aad_len);
 
diff --git a/test/test/test_cryptodev_blockcipher.c b/test/test/test_cryptodev_blockcipher.c
index 186e169..ad5fb0d 100644
--- a/test/test/test_cryptodev_blockcipher.c
+++ b/test/test/test_cryptodev_blockcipher.c
@@ -290,12 +290,10 @@ test_blockcipher_one_case(const struct blockcipher_test_case *t,
 
 		sym_op->cipher.data.offset = 0;
 		sym_op->cipher.data.length = tdata->ciphertext.len;
-		sym_op->cipher.iv.data = rte_crypto_op_ctod_offset(op,
-						uint8_t *, IV_OFFSET);
-		sym_op->cipher.iv.phys_addr = rte_crypto_op_ctophys_offset(op,
-						IV_OFFSET);
+		sym_op->cipher.iv.offset = IV_OFFSET;
 		sym_op->cipher.iv.length = tdata->iv.len;
-		rte_memcpy(sym_op->cipher.iv.data, tdata->iv.data,
+		rte_memcpy(rte_crypto_op_ctod_offset(op, uint8_t *, IV_OFFSET),
+				tdata->iv.data,
 				tdata->iv.len);
 	}
 
diff --git a/test/test/test_cryptodev_perf.c b/test/test/test_cryptodev_perf.c
index b08451d..86bdc6e 100644
--- a/test/test/test_cryptodev_perf.c
+++ b/test/test/test_cryptodev_perf.c
@@ -1981,15 +1981,11 @@ test_perf_crypto_qp_vary_burst_size(uint16_t dev_num)
 		op->sym->auth.data.offset = 0;
 		op->sym->auth.data.length = data_params[0].length;
 
-
-		op->sym->cipher.iv.data = rte_crypto_op_ctod_offset(op,
-				uint8_t *, IV_OFFSET);
-		op->sym->cipher.iv.phys_addr = rte_crypto_op_ctophys_offset(op,
-				IV_OFFSET);
+		op->sym->cipher.iv.offset = IV_OFFSET;
 		op->sym->cipher.iv.length = CIPHER_IV_LENGTH_AES_CBC;
 
-		rte_memcpy(op->sym->cipher.iv.data, aes_cbc_128_iv,
-				CIPHER_IV_LENGTH_AES_CBC);
+		rte_memcpy(rte_crypto_op_ctod_offset(op, uint8_t *, IV_OFFSET),
+				aes_cbc_128_iv, CIPHER_IV_LENGTH_AES_CBC);
 
 		op->sym->cipher.data.offset = 0;
 		op->sym->cipher.data.length = data_params[0].length;
@@ -2898,13 +2894,10 @@ test_perf_set_crypto_op_aes(struct rte_crypto_op *op, struct rte_mbuf *m,
 
 
 	/* Cipher Parameters */
-	op->sym->cipher.iv.data = rte_crypto_op_ctod_offset(op,
-			uint8_t *, IV_OFFSET);
-	op->sym->cipher.iv.phys_addr = rte_crypto_op_ctophys_offset(op,
-			IV_OFFSET);
+	op->sym->cipher.iv.offset = IV_OFFSET;
 	op->sym->cipher.iv.length = AES_CIPHER_IV_LENGTH;
-
-	rte_memcpy(op->sym->cipher.iv.data, aes_iv, AES_CIPHER_IV_LENGTH);
+	rte_memcpy(rte_crypto_op_ctod_offset(op, uint8_t *, IV_OFFSET),
+			aes_iv, AES_CIPHER_IV_LENGTH);
 
 	op->sym->cipher.data.offset = 0;
 	op->sym->cipher.data.length = data_len;
@@ -2934,12 +2927,10 @@ test_perf_set_crypto_op_aes_gcm(struct rte_crypto_op *op, struct rte_mbuf *m,
 	op->sym->auth.aad.length = AES_GCM_AAD_LENGTH;
 
 	/* Cipher Parameters */
-	op->sym->cipher.iv.data = rte_crypto_op_ctod_offset(op,
-			uint8_t *, IV_OFFSET);
-	op->sym->cipher.iv.phys_addr = rte_crypto_op_ctophys_offset(op,
-			IV_OFFSET);
+	op->sym->cipher.iv.offset = IV_OFFSET;
 	op->sym->cipher.iv.length = AES_CIPHER_IV_LENGTH;
-	rte_memcpy(op->sym->cipher.iv.data, aes_iv, AES_CIPHER_IV_LENGTH);
+	rte_memcpy(rte_crypto_op_ctod_offset(op, uint8_t *, IV_OFFSET),
+			aes_iv, AES_CIPHER_IV_LENGTH);
 
 	/* Data lengths/offsets Parameters */
 	op->sym->auth.data.offset = 0;
@@ -2980,9 +2971,7 @@ test_perf_set_crypto_op_snow3g(struct rte_crypto_op *op, struct rte_mbuf *m,
 	op->sym->auth.aad.length = SNOW3G_CIPHER_IV_LENGTH;
 
 	/* Cipher Parameters */
-	op->sym->cipher.iv.data = iv_ptr;
-	op->sym->cipher.iv.phys_addr = rte_crypto_op_ctophys_offset(op,
-			IV_OFFSET);
+	op->sym->cipher.iv.offset = IV_OFFSET;
 	op->sym->cipher.iv.length = SNOW3G_CIPHER_IV_LENGTH;
 
 	/* Data lengths/offsets Parameters */
@@ -3009,12 +2998,10 @@ test_perf_set_crypto_op_snow3g_cipher(struct rte_crypto_op *op,
 	}
 
 	/* Cipher Parameters */
-	op->sym->cipher.iv.data = rte_crypto_op_ctod_offset(op,
-			uint8_t *, IV_OFFSET);
-	op->sym->cipher.iv.phys_addr = rte_crypto_op_ctophys_offset(op,
-			IV_OFFSET);
+	op->sym->cipher.iv.offset = IV_OFFSET;
 	op->sym->cipher.iv.length = SNOW3G_CIPHER_IV_LENGTH;
-	rte_memcpy(op->sym->cipher.iv.data, snow3g_iv, SNOW3G_CIPHER_IV_LENGTH);
+	rte_memcpy(rte_crypto_op_ctod_offset(op, uint8_t *, IV_OFFSET),
+			snow3g_iv, SNOW3G_CIPHER_IV_LENGTH);
 
 	op->sym->cipher.data.offset = 0;
 	op->sym->cipher.data.length = data_len << 3;
@@ -3082,13 +3069,10 @@ test_perf_set_crypto_op_3des(struct rte_crypto_op *op, struct rte_mbuf *m,
 	op->sym->auth.digest.length = digest_len;
 
 	/* Cipher Parameters */
-	op->sym->cipher.iv.data = rte_crypto_op_ctod_offset(op,
-			uint8_t *, IV_OFFSET);
-	op->sym->cipher.iv.phys_addr = rte_crypto_op_ctophys_offset(op,
-			IV_OFFSET);
+	op->sym->cipher.iv.offset = IV_OFFSET;
 	op->sym->cipher.iv.length = TRIPLE_DES_CIPHER_IV_LENGTH;
-	rte_memcpy(op->sym->cipher.iv.data, triple_des_iv,
-			TRIPLE_DES_CIPHER_IV_LENGTH);
+	rte_memcpy(rte_crypto_op_ctod_offset(op, uint8_t *, IV_OFFSET),
+			triple_des_iv, TRIPLE_DES_CIPHER_IV_LENGTH);
 
 	/* Data lengths/offsets Parameters */
 	op->sym->auth.data.offset = 0;
@@ -4183,6 +4167,9 @@ perf_gcm_set_crypto_op(struct rte_crypto_op *op, struct rte_mbuf *m,
 		struct crypto_params *m_hlp,
 		struct perf_test_params *params)
 {
+	uint8_t *iv_ptr = rte_crypto_op_ctod_offset(op,
+			uint8_t *, IV_OFFSET);
+
 	if (rte_crypto_op_attach_sym_session(op, sess) != 0) {
 		rte_crypto_op_free(op);
 		return NULL;
@@ -4203,14 +4190,11 @@ perf_gcm_set_crypto_op(struct rte_crypto_op *op, struct rte_mbuf *m,
 	rte_memcpy(op->sym->auth.aad.data, params->symmetric_op->aad_data,
 		       params->symmetric_op->aad_len);
 
-	op->sym->cipher.iv.data = rte_crypto_op_ctod_offset(op,
-			uint8_t *, IV_OFFSET);
-	op->sym->cipher.iv.phys_addr = rte_crypto_op_ctophys_offset(op,
-			IV_OFFSET);
-	rte_memcpy(op->sym->cipher.iv.data, params->symmetric_op->iv_data,
+	op->sym->cipher.iv.offset = IV_OFFSET;
+	rte_memcpy(iv_ptr, params->symmetric_op->iv_data,
 		       params->symmetric_op->iv_len);
 	if (params->symmetric_op->iv_len == 12)
-		op->sym->cipher.iv.data[15] = 1;
+		iv_ptr[15] = 1;
 
 	op->sym->cipher.iv.length = params->symmetric_op->iv_len;
 
-- 
2.9.4

^ permalink raw reply	[flat|nested] 100+ messages in thread

* [dpdk-dev] [PATCH v2 14/27] cryptodev: move IV parameters to crypto session
  2017-06-26 10:22 ` [dpdk-dev] [PATCH v2 00/27] Crypto operation restructuring Pablo de Lara
                     ` (12 preceding siblings ...)
  2017-06-26 10:22   ` [dpdk-dev] [PATCH v2 13/27] cryptodev: pass IV as offset Pablo de Lara
@ 2017-06-26 10:22   ` Pablo de Lara
  2017-06-26 10:22   ` [dpdk-dev] [PATCH v2 15/27] cryptodev: add auth IV Pablo de Lara
                     ` (14 subsequent siblings)
  28 siblings, 0 replies; 100+ messages in thread
From: Pablo de Lara @ 2017-06-26 10:22 UTC (permalink / raw)
  To: declan.doherty, zbigniew.bodek, jerin.jacob, akhil.goyal, hemant.agrawal
  Cc: dev, Pablo de Lara

Since IV parameters (offset and length) should not
change for operations in the same session, these parameters
are moved to the crypto transform structure, so they will
be stored in the sessions.

Signed-off-by: Pablo de Lara <pablo.de.lara.guarch@intel.com>
---
 app/test-crypto-perf/cperf_ops.c                   |  22 ++--
 app/test-crypto-perf/cperf_ops.h                   |   3 +-
 app/test-crypto-perf/cperf_test_latency.c          |   7 +-
 app/test-crypto-perf/cperf_test_throughput.c       |   6 +-
 app/test-crypto-perf/cperf_test_vectors.c          |   9 ++
 app/test-crypto-perf/cperf_test_verify.c           |   6 +-
 doc/guides/prog_guide/cryptodev_lib.rst            |   5 -
 doc/guides/rel_notes/release_17_08.rst             |   2 +
 drivers/crypto/aesni_gcm/aesni_gcm_pmd.c           |  22 ++--
 drivers/crypto/aesni_gcm/aesni_gcm_pmd_private.h   |   5 +
 drivers/crypto/aesni_mb/rte_aesni_mb_pmd.c         |  11 +-
 drivers/crypto/aesni_mb/rte_aesni_mb_pmd_private.h |   5 +
 drivers/crypto/armv8/rte_armv8_pmd.c               |  12 +-
 drivers/crypto/armv8/rte_armv8_pmd_private.h       |   7 +-
 drivers/crypto/dpaa2_sec/dpaa2_sec_dpseci.c        |  39 ++++--
 drivers/crypto/dpaa2_sec/dpaa2_sec_priv.h          |   8 +-
 drivers/crypto/kasumi/rte_kasumi_pmd.c             |  25 ++--
 drivers/crypto/kasumi/rte_kasumi_pmd_private.h     |   1 +
 drivers/crypto/null/null_crypto_pmd_ops.c          |   6 +-
 drivers/crypto/openssl/rte_openssl_pmd.c           |  17 ++-
 drivers/crypto/openssl/rte_openssl_pmd_private.h   |   5 +
 drivers/crypto/qat/qat_adf/qat_algs.h              |   4 +
 drivers/crypto/qat/qat_crypto.c                    |  44 +++----
 drivers/crypto/snow3g/rte_snow3g_pmd.c             |  25 ++--
 drivers/crypto/snow3g/rte_snow3g_pmd_private.h     |   1 +
 drivers/crypto/zuc/rte_zuc_pmd.c                   |  16 +--
 drivers/crypto/zuc/rte_zuc_pmd_ops.c               |   2 +-
 drivers/crypto/zuc/rte_zuc_pmd_private.h           |   1 +
 examples/ipsec-secgw/esp.c                         |   9 --
 examples/ipsec-secgw/ipsec.h                       |   3 +
 examples/ipsec-secgw/sa.c                          |  20 +++
 examples/l2fwd-crypto/main.c                       |  90 ++++++++------
 lib/librte_cryptodev/rte_crypto_sym.h              |  98 +++++++--------
 test/test/test_cryptodev.c                         | 134 ++++++++++++---------
 test/test/test_cryptodev_blockcipher.c             |   4 +-
 test/test/test_cryptodev_perf.c                    |  61 +++++-----
 36 files changed, 420 insertions(+), 315 deletions(-)

diff --git a/app/test-crypto-perf/cperf_ops.c b/app/test-crypto-perf/cperf_ops.c
index 1e151a9..d6d9f14 100644
--- a/app/test-crypto-perf/cperf_ops.c
+++ b/app/test-crypto-perf/cperf_ops.c
@@ -105,13 +105,11 @@ cperf_set_ops_cipher(struct rte_crypto_op **ops,
 		sym_op->m_src = bufs_in[i];
 		sym_op->m_dst = bufs_out[i];
 
-		/* cipher parameters */
-		sym_op->cipher.iv.offset = iv_offset;
-		sym_op->cipher.iv.length = test_vector->iv.length;
 		memcpy(rte_crypto_op_ctod_offset(ops[i], uint8_t *, iv_offset),
 				test_vector->iv.data,
 				test_vector->iv.length);
 
+		/* cipher parameters */
 		if (options->cipher_algo == RTE_CRYPTO_CIPHER_SNOW3G_UEA2 ||
 				options->cipher_algo == RTE_CRYPTO_CIPHER_KASUMI_F8 ||
 				options->cipher_algo == RTE_CRYPTO_CIPHER_ZUC_EEA3)
@@ -209,13 +207,11 @@ cperf_set_ops_cipher_auth(struct rte_crypto_op **ops,
 		sym_op->m_src = bufs_in[i];
 		sym_op->m_dst = bufs_out[i];
 
-		/* cipher parameters */
-		sym_op->cipher.iv.offset = iv_offset;
-		sym_op->cipher.iv.length = test_vector->iv.length;
 		memcpy(rte_crypto_op_ctod_offset(ops[i], uint8_t *, iv_offset),
 				test_vector->iv.data,
 				test_vector->iv.length);
 
+		/* cipher parameters */
 		if (options->cipher_algo == RTE_CRYPTO_CIPHER_SNOW3G_UEA2 ||
 				options->cipher_algo == RTE_CRYPTO_CIPHER_KASUMI_F8 ||
 				options->cipher_algo == RTE_CRYPTO_CIPHER_ZUC_EEA3)
@@ -290,13 +286,11 @@ cperf_set_ops_aead(struct rte_crypto_op **ops,
 		sym_op->m_src = bufs_in[i];
 		sym_op->m_dst = bufs_out[i];
 
-		/* cipher parameters */
-		sym_op->cipher.iv.offset = iv_offset;
-		sym_op->cipher.iv.length = test_vector->iv.length;
 		memcpy(rte_crypto_op_ctod_offset(ops[i], uint8_t *, iv_offset),
 				test_vector->iv.data,
 				test_vector->iv.length);
 
+		/* cipher parameters */
 		sym_op->cipher.data.length = options->test_buffer_size;
 		sym_op->cipher.data.offset =
 				RTE_ALIGN_CEIL(options->auth_aad_sz, 16);
@@ -348,7 +342,8 @@ cperf_set_ops_aead(struct rte_crypto_op **ops,
 static struct rte_cryptodev_sym_session *
 cperf_create_session(uint8_t dev_id,
 	const struct cperf_options *options,
-	const struct cperf_test_vector *test_vector)
+	const struct cperf_test_vector *test_vector,
+	uint16_t iv_offset)
 {
 	struct rte_crypto_sym_xform cipher_xform;
 	struct rte_crypto_sym_xform auth_xform;
@@ -362,6 +357,7 @@ cperf_create_session(uint8_t dev_id,
 		cipher_xform.next = NULL;
 		cipher_xform.cipher.algo = options->cipher_algo;
 		cipher_xform.cipher.op = options->cipher_op;
+		cipher_xform.cipher.iv.offset = iv_offset;
 
 		/* cipher different than null */
 		if (options->cipher_algo != RTE_CRYPTO_CIPHER_NULL) {
@@ -369,9 +365,12 @@ cperf_create_session(uint8_t dev_id,
 					test_vector->cipher_key.data;
 			cipher_xform.cipher.key.length =
 					test_vector->cipher_key.length;
+			cipher_xform.cipher.iv.length = test_vector->iv.length;
+
 		} else {
 			cipher_xform.cipher.key.data = NULL;
 			cipher_xform.cipher.key.length = 0;
+			cipher_xform.cipher.iv.length = 0;
 		}
 		/* create crypto session */
 		sess = rte_cryptodev_sym_session_create(dev_id,	&cipher_xform);
@@ -415,6 +414,7 @@ cperf_create_session(uint8_t dev_id,
 		cipher_xform.next = NULL;
 		cipher_xform.cipher.algo = options->cipher_algo;
 		cipher_xform.cipher.op = options->cipher_op;
+		cipher_xform.cipher.iv.offset = iv_offset;
 
 		/* cipher different than null */
 		if (options->cipher_algo != RTE_CRYPTO_CIPHER_NULL) {
@@ -422,9 +422,11 @@ cperf_create_session(uint8_t dev_id,
 					test_vector->cipher_key.data;
 			cipher_xform.cipher.key.length =
 					test_vector->cipher_key.length;
+			cipher_xform.cipher.iv.length = test_vector->iv.length;
 		} else {
 			cipher_xform.cipher.key.data = NULL;
 			cipher_xform.cipher.key.length = 0;
+			cipher_xform.cipher.iv.length = 0;
 		}
 
 		/*
diff --git a/app/test-crypto-perf/cperf_ops.h b/app/test-crypto-perf/cperf_ops.h
index f7b431c..bb83cd5 100644
--- a/app/test-crypto-perf/cperf_ops.h
+++ b/app/test-crypto-perf/cperf_ops.h
@@ -42,7 +42,8 @@
 
 typedef struct rte_cryptodev_sym_session *(*cperf_sessions_create_t)(
 		uint8_t dev_id, const struct cperf_options *options,
-		const struct cperf_test_vector *test_vector);
+		const struct cperf_test_vector *test_vector,
+		uint16_t iv_offset);
 
 typedef int (*cperf_populate_ops_t)(struct rte_crypto_op **ops,
 		struct rte_mbuf **bufs_in, struct rte_mbuf **bufs_out,
diff --git a/app/test-crypto-perf/cperf_test_latency.c b/app/test-crypto-perf/cperf_test_latency.c
index 3aca1b4..d37083f 100644
--- a/app/test-crypto-perf/cperf_test_latency.c
+++ b/app/test-crypto-perf/cperf_test_latency.c
@@ -211,7 +211,12 @@ cperf_latency_test_constructor(uint8_t dev_id, uint16_t qp_id,
 	ctx->options = options;
 	ctx->test_vector = test_vector;
 
-	ctx->sess = op_fns->sess_create(dev_id, options, test_vector);
+	/* IV goes at the end of the crypto operation */
+	uint16_t iv_offset = sizeof(struct rte_crypto_op) +
+		sizeof(struct rte_crypto_sym_op) +
+		sizeof(struct cperf_op_result *);
+
+	ctx->sess = op_fns->sess_create(dev_id, options, test_vector, iv_offset);
 	if (ctx->sess == NULL)
 		goto err;
 
diff --git a/app/test-crypto-perf/cperf_test_throughput.c b/app/test-crypto-perf/cperf_test_throughput.c
index ba883fd..4d2b3d3 100644
--- a/app/test-crypto-perf/cperf_test_throughput.c
+++ b/app/test-crypto-perf/cperf_test_throughput.c
@@ -195,7 +195,11 @@ cperf_throughput_test_constructor(uint8_t dev_id, uint16_t qp_id,
 	ctx->options = options;
 	ctx->test_vector = test_vector;
 
-	ctx->sess = op_fns->sess_create(dev_id, options, test_vector);
+	/* IV goes at the end of the cryptop operation */
+	uint16_t iv_offset = sizeof(struct rte_crypto_op) +
+		sizeof(struct rte_crypto_sym_op);
+
+	ctx->sess = op_fns->sess_create(dev_id, options, test_vector, iv_offset);
 	if (ctx->sess == NULL)
 		goto err;
 
diff --git a/app/test-crypto-perf/cperf_test_vectors.c b/app/test-crypto-perf/cperf_test_vectors.c
index 36b3f6f..4a14fb3 100644
--- a/app/test-crypto-perf/cperf_test_vectors.c
+++ b/app/test-crypto-perf/cperf_test_vectors.c
@@ -423,7 +423,16 @@ cperf_test_vector_get_dummy(struct cperf_options *options)
 			memcpy(t_vec->iv.data, iv, options->cipher_iv_sz);
 		}
 		t_vec->ciphertext.length = options->max_buffer_size;
+		/* Set IV parameters */
+		t_vec->iv.data = rte_malloc(NULL, options->cipher_iv_sz,
+					16);
+		if (options->cipher_iv_sz && t_vec->iv.data == NULL) {
+			rte_free(t_vec);
+			return NULL;
+		}
+		memcpy(t_vec->iv.data, iv, options->cipher_iv_sz);
 		t_vec->iv.length = options->cipher_iv_sz;
+
 		t_vec->data.cipher_offset = 0;
 		t_vec->data.cipher_length = options->max_buffer_size;
 	}
diff --git a/app/test-crypto-perf/cperf_test_verify.c b/app/test-crypto-perf/cperf_test_verify.c
index d5a2b33..1b58b1d 100644
--- a/app/test-crypto-perf/cperf_test_verify.c
+++ b/app/test-crypto-perf/cperf_test_verify.c
@@ -199,7 +199,11 @@ cperf_verify_test_constructor(uint8_t dev_id, uint16_t qp_id,
 	ctx->options = options;
 	ctx->test_vector = test_vector;
 
-	ctx->sess = op_fns->sess_create(dev_id, options, test_vector);
+	/* IV goes at the end of the cryptop operation */
+	uint16_t iv_offset = sizeof(struct rte_crypto_op) +
+		sizeof(struct rte_crypto_sym_op);
+
+	ctx->sess = op_fns->sess_create(dev_id, options, test_vector, iv_offset);
 	if (ctx->sess == NULL)
 		goto err;
 
diff --git a/doc/guides/prog_guide/cryptodev_lib.rst b/doc/guides/prog_guide/cryptodev_lib.rst
index 48c58a9..4e352f4 100644
--- a/doc/guides/prog_guide/cryptodev_lib.rst
+++ b/doc/guides/prog_guide/cryptodev_lib.rst
@@ -535,11 +535,6 @@ chain.
                 uint32_t offset;
                 uint32_t length;
             } data;   /**< Data offsets and length for ciphering */
-
-            struct {
-                uint16_t offset;
-                uint16_t length;
-            } iv;     /**< Initialisation vector parameters */
         } cipher;
 
         struct {
diff --git a/doc/guides/rel_notes/release_17_08.rst b/doc/guides/rel_notes/release_17_08.rst
index 68e8022..4775bd2 100644
--- a/doc/guides/rel_notes/release_17_08.rst
+++ b/doc/guides/rel_notes/release_17_08.rst
@@ -159,6 +159,8 @@ API Changes
     with a zero length array.
   * Replaced pointer and physical address of IV in ``rte_crypto_sym_op`` with
     offset from the start of the crypto operation.
+  * Moved length and offset of cipher IV from ``rte_crypto_sym_op`` to
+    ``rte_crypto_cipher_xform``.
 
 
 ABI Changes
diff --git a/drivers/crypto/aesni_gcm/aesni_gcm_pmd.c b/drivers/crypto/aesni_gcm/aesni_gcm_pmd.c
index 9a23415..28ac035 100644
--- a/drivers/crypto/aesni_gcm/aesni_gcm_pmd.c
+++ b/drivers/crypto/aesni_gcm/aesni_gcm_pmd.c
@@ -104,6 +104,17 @@ aesni_gcm_set_session_parameters(struct aesni_gcm_session *sess,
 		return -EINVAL;
 	}
 
+	/* Set IV parameters */
+	sess->iv.offset = cipher_xform->cipher.iv.offset;
+	sess->iv.length = cipher_xform->cipher.iv.length;
+
+	/* IV check */
+	if (sess->iv.length != 16 && sess->iv.length != 12 &&
+			sess->iv.length != 0) {
+		GCM_LOG_ERR("Wrong IV length");
+		return -EINVAL;
+	}
+
 	/* Select Crypto operation */
 	if (cipher_xform->cipher.op == RTE_CRYPTO_CIPHER_OP_ENCRYPT &&
 			auth_xform->auth.op == RTE_CRYPTO_AUTH_OP_GENERATE)
@@ -221,20 +232,13 @@ process_gcm_crypto_op(struct rte_crypto_op *op,
 
 	src = rte_pktmbuf_mtod_offset(m_src, uint8_t *, offset);
 
-	/* sanity checks */
-	if (sym_op->cipher.iv.length != 16 && sym_op->cipher.iv.length != 12 &&
-			sym_op->cipher.iv.length != 0) {
-		GCM_LOG_ERR("iv");
-		return -1;
-	}
-
 	iv_ptr = rte_crypto_op_ctod_offset(op, uint8_t *,
-				sym_op->cipher.iv.offset);
+				session->iv.offset);
 	/*
 	 * GCM working in 12B IV mode => 16B pre-counter block we need
 	 * to set BE LSB to 1, driver expects that 16B is allocated
 	 */
-	if (sym_op->cipher.iv.length == 12) {
+	if (session->iv.length == 12) {
 		uint32_t *iv_padd = (uint32_t *)&(iv_ptr[12]);
 		*iv_padd = rte_bswap32(1);
 	}
diff --git a/drivers/crypto/aesni_gcm/aesni_gcm_pmd_private.h b/drivers/crypto/aesni_gcm/aesni_gcm_pmd_private.h
index 0496b44..2ed96f8 100644
--- a/drivers/crypto/aesni_gcm/aesni_gcm_pmd_private.h
+++ b/drivers/crypto/aesni_gcm/aesni_gcm_pmd_private.h
@@ -90,6 +90,11 @@ enum aesni_gcm_key {
 
 /** AESNI GCM private session structure */
 struct aesni_gcm_session {
+	struct {
+		uint16_t length;
+		uint16_t offset;
+	} iv;
+	/**< IV parameters */
 	enum aesni_gcm_operation op;
 	/**< GCM operation type */
 	enum aesni_gcm_key key;
diff --git a/drivers/crypto/aesni_mb/rte_aesni_mb_pmd.c b/drivers/crypto/aesni_mb/rte_aesni_mb_pmd.c
index 1685fa8..aa9fcf8 100644
--- a/drivers/crypto/aesni_mb/rte_aesni_mb_pmd.c
+++ b/drivers/crypto/aesni_mb/rte_aesni_mb_pmd.c
@@ -246,6 +246,10 @@ aesni_mb_set_session_cipher_parameters(const struct aesni_mb_op_fns *mb_ops,
 		return -1;
 	}
 
+	/* Set IV parameters */
+	sess->iv.offset = xform->cipher.iv.offset;
+	sess->iv.length = xform->cipher.iv.length;
+
 	/* Expanded cipher keys */
 	(*aes_keyexp_fn)(xform->cipher.key.data,
 			sess->cipher.expanded_aes_keys.encode,
@@ -300,6 +304,9 @@ aesni_mb_set_session_parameters(const struct aesni_mb_op_fns *mb_ops,
 		return -1;
 	}
 
+	/* Default IV length = 0 */
+	sess->iv.length = 0;
+
 	if (aesni_mb_set_session_auth_parameters(mb_ops, sess, auth_xform)) {
 		MB_LOG_ERR("Invalid/unsupported authentication parameters");
 		return -1;
@@ -472,8 +479,8 @@ set_mb_job_params(JOB_AES_HMAC *job, struct aesni_mb_qp *qp,
 
 	/* Set IV parameters */
 	job->iv = rte_crypto_op_ctod_offset(op, uint8_t *,
-			op->sym->cipher.iv.offset);
-	job->iv_len_in_bytes = op->sym->cipher.iv.length;
+			session->iv.offset);
+	job->iv_len_in_bytes = session->iv.length;
 
 	/* Data  Parameter */
 	job->src = rte_pktmbuf_mtod(m_src, uint8_t *);
diff --git a/drivers/crypto/aesni_mb/rte_aesni_mb_pmd_private.h b/drivers/crypto/aesni_mb/rte_aesni_mb_pmd_private.h
index 0d82699..5c50d37 100644
--- a/drivers/crypto/aesni_mb/rte_aesni_mb_pmd_private.h
+++ b/drivers/crypto/aesni_mb/rte_aesni_mb_pmd_private.h
@@ -167,6 +167,11 @@ struct aesni_mb_qp {
 /** AES-NI multi-buffer private session structure */
 struct aesni_mb_session {
 	JOB_CHAIN_ORDER chain_order;
+	struct {
+		uint16_t length;
+		uint16_t offset;
+	} iv;
+	/**< IV parameters */
 
 	/** Cipher Parameters */
 	struct {
diff --git a/drivers/crypto/armv8/rte_armv8_pmd.c b/drivers/crypto/armv8/rte_armv8_pmd.c
index fa6a7d5..5256f66 100644
--- a/drivers/crypto/armv8/rte_armv8_pmd.c
+++ b/drivers/crypto/armv8/rte_armv8_pmd.c
@@ -432,7 +432,7 @@ armv8_crypto_set_session_chained_parameters(struct armv8_crypto_session *sess,
 	case RTE_CRYPTO_CIPHER_AES_CBC:
 		sess->cipher.algo = calg;
 		/* IV len is always 16 bytes (block size) for AES CBC */
-		sess->cipher.iv_len = 16;
+		sess->cipher.iv.length = 16;
 		break;
 	default:
 		return -EINVAL;
@@ -523,6 +523,9 @@ armv8_crypto_set_session_parameters(struct armv8_crypto_session *sess,
 		return -EINVAL;
 	}
 
+	/* Set IV offset */
+	sess->cipher.iv.offset = cipher_xform->cipher.iv.offset;
+
 	if (is_chained_op) {
 		ret = armv8_crypto_set_session_chained_parameters(sess,
 						cipher_xform, auth_xform);
@@ -649,13 +652,8 @@ process_armv8_chained_op
 				op->sym->auth.digest.length);
 	}
 
-	if (unlikely(op->sym->cipher.iv.length != sess->cipher.iv_len)) {
-		op->status = RTE_CRYPTO_OP_STATUS_INVALID_ARGS;
-		return;
-	}
-
 	arg.cipher.iv = rte_crypto_op_ctod_offset(op, uint8_t *,
-					op->sym->cipher.iv.offset);
+					sess->cipher.iv.offset);
 	arg.cipher.key = sess->cipher.key.data;
 	/* Acquire combined mode function */
 	crypto_func = sess->crypto_func;
diff --git a/drivers/crypto/armv8/rte_armv8_pmd_private.h b/drivers/crypto/armv8/rte_armv8_pmd_private.h
index b75107f..75bde9f 100644
--- a/drivers/crypto/armv8/rte_armv8_pmd_private.h
+++ b/drivers/crypto/armv8/rte_armv8_pmd_private.h
@@ -159,8 +159,11 @@ struct armv8_crypto_session {
 		/**< cipher operation direction */
 		enum rte_crypto_cipher_algorithm algo;
 		/**< cipher algorithm */
-		int iv_len;
-		/**< IV length */
+		struct {
+			uint16_t length;
+			uint16_t offset;
+		} iv;
+		/**< IV parameters */
 
 		struct {
 			uint8_t data[256];
diff --git a/drivers/crypto/dpaa2_sec/dpaa2_sec_dpseci.c b/drivers/crypto/dpaa2_sec/dpaa2_sec_dpseci.c
index 1605701..3930794 100644
--- a/drivers/crypto/dpaa2_sec/dpaa2_sec_dpseci.c
+++ b/drivers/crypto/dpaa2_sec/dpaa2_sec_dpseci.c
@@ -88,7 +88,7 @@ build_authenc_fd(dpaa2_sec_session *sess,
 	uint8_t *old_icv;
 	uint32_t mem_len = (7 * sizeof(struct qbman_fle)) + icv_len;
 	uint8_t *iv_ptr = rte_crypto_op_ctod_offset(op, uint8_t *,
-			op->sym->cipher.iv.offset);
+			sess->iv.offset);
 
 	PMD_INIT_FUNC_TRACE();
 
@@ -138,7 +138,7 @@ build_authenc_fd(dpaa2_sec_session *sess,
 		   sym_op->auth.digest.length,
 		   sym_op->cipher.data.offset,
 		   sym_op->cipher.data.length,
-		   sym_op->cipher.iv.length,
+		   sess->iv.length,
 		   sym_op->m_src->data_off);
 
 	/* Configure Output FLE with Scatter/Gather Entry */
@@ -163,7 +163,7 @@ build_authenc_fd(dpaa2_sec_session *sess,
 				DPAA2_VADDR_TO_IOVA(sym_op->auth.digest.data));
 		sge->length = sym_op->auth.digest.length;
 		DPAA2_SET_FD_LEN(fd, (sym_op->auth.data.length +
-					sym_op->cipher.iv.length));
+					sess->iv.length));
 	}
 	DPAA2_SET_FLE_FIN(sge);
 
@@ -175,13 +175,13 @@ build_authenc_fd(dpaa2_sec_session *sess,
 	DPAA2_SET_FLE_SG_EXT(fle);
 	DPAA2_SET_FLE_FIN(fle);
 	fle->length = (sess->dir == DIR_ENC) ?
-			(sym_op->auth.data.length + sym_op->cipher.iv.length) :
-			(sym_op->auth.data.length + sym_op->cipher.iv.length +
+			(sym_op->auth.data.length + sess->iv.length) :
+			(sym_op->auth.data.length + sess->iv.length +
 			 sym_op->auth.digest.length);
 
 	/* Configure Input SGE for Encap/Decap */
 	DPAA2_SET_FLE_ADDR(sge, DPAA2_VADDR_TO_IOVA(iv_ptr));
-	sge->length = sym_op->cipher.iv.length;
+	sge->length = sess->iv.length;
 	sge++;
 
 	DPAA2_SET_FLE_ADDR(sge, DPAA2_MBUF_VADDR_TO_IOVA(sym_op->m_src));
@@ -198,7 +198,7 @@ build_authenc_fd(dpaa2_sec_session *sess,
 		sge->length = sym_op->auth.digest.length;
 		DPAA2_SET_FD_LEN(fd, (sym_op->auth.data.length +
 				 sym_op->auth.digest.length +
-				 sym_op->cipher.iv.length));
+				 sess->iv.length));
 	}
 	DPAA2_SET_FLE_FIN(sge);
 	if (auth_only_len) {
@@ -310,7 +310,7 @@ build_cipher_fd(dpaa2_sec_session *sess, struct rte_crypto_op *op,
 	struct sec_flow_context *flc;
 	struct ctxt_priv *priv = sess->ctxt;
 	uint8_t *iv_ptr = rte_crypto_op_ctod_offset(op, uint8_t *,
-			op->sym->cipher.iv.offset);
+			sess->iv.offset);
 
 	PMD_INIT_FUNC_TRACE();
 
@@ -347,21 +347,21 @@ build_cipher_fd(dpaa2_sec_session *sess, struct rte_crypto_op *op,
 	flc = &priv->flc_desc[0].flc;
 	DPAA2_SET_FD_ADDR(fd, DPAA2_VADDR_TO_IOVA(fle));
 	DPAA2_SET_FD_LEN(fd, sym_op->cipher.data.length +
-			 sym_op->cipher.iv.length);
+			 sess->iv.length);
 	DPAA2_SET_FD_COMPOUND_FMT(fd);
 	DPAA2_SET_FD_FLC(fd, DPAA2_VADDR_TO_IOVA(flc));
 
 	PMD_TX_LOG(DEBUG, "cipher_off: 0x%x/length %d,ivlen=%d data_off: 0x%x",
 		   sym_op->cipher.data.offset,
 		   sym_op->cipher.data.length,
-		   sym_op->cipher.iv.length,
+		   sess->iv.length,
 		   sym_op->m_src->data_off);
 
 	DPAA2_SET_FLE_ADDR(fle, DPAA2_MBUF_VADDR_TO_IOVA(sym_op->m_src));
 	DPAA2_SET_FLE_OFFSET(fle, sym_op->cipher.data.offset +
 			     sym_op->m_src->data_off);
 
-	fle->length = sym_op->cipher.data.length + sym_op->cipher.iv.length;
+	fle->length = sym_op->cipher.data.length + sess->iv.length;
 
 	PMD_TX_LOG(DEBUG, "1 - flc = %p, fle = %p FLEaddr = %x-%x, length %d",
 		   flc, fle, fle->addr_hi, fle->addr_lo, fle->length);
@@ -369,12 +369,12 @@ build_cipher_fd(dpaa2_sec_session *sess, struct rte_crypto_op *op,
 	fle++;
 
 	DPAA2_SET_FLE_ADDR(fle, DPAA2_VADDR_TO_IOVA(sge));
-	fle->length = sym_op->cipher.data.length + sym_op->cipher.iv.length;
+	fle->length = sym_op->cipher.data.length + sess->iv.length;
 
 	DPAA2_SET_FLE_SG_EXT(fle);
 
 	DPAA2_SET_FLE_ADDR(sge, DPAA2_VADDR_TO_IOVA(iv_ptr));
-	sge->length = sym_op->cipher.iv.length;
+	sge->length = sess->iv.length;
 
 	sge++;
 	DPAA2_SET_FLE_ADDR(sge, DPAA2_MBUF_VADDR_TO_IOVA(sym_op->m_src));
@@ -798,6 +798,10 @@ dpaa2_sec_cipher_init(struct rte_cryptodev *dev,
 	cipherdata.key_enc_flags = 0;
 	cipherdata.key_type = RTA_DATA_IMM;
 
+	/* Set IV parameters */
+	session->iv.offset = xform->cipher.iv.offset;
+	session->iv.length = xform->cipher.iv.length;
+
 	switch (xform->cipher.algo) {
 	case RTE_CRYPTO_CIPHER_AES_CBC:
 		cipherdata.algtype = OP_ALG_ALGSEL_AES;
@@ -1016,6 +1020,11 @@ dpaa2_sec_aead_init(struct rte_cryptodev *dev,
 			(cipher_xform->op == RTE_CRYPTO_CIPHER_OP_ENCRYPT) ?
 			DPAA2_SEC_HASH_CIPHER : DPAA2_SEC_CIPHER_HASH;
 	}
+
+	/* Set IV parameters */
+	session->iv.offset = cipher_xform->iv.offset;
+	session->iv.length = cipher_xform->iv.length;
+
 	/* For SEC AEAD only one descriptor is required */
 	priv = (struct ctxt_priv *)rte_zmalloc(NULL,
 			sizeof(struct ctxt_priv) + sizeof(struct sec_flc_desc),
@@ -1216,6 +1225,10 @@ dpaa2_sec_session_configure(struct rte_cryptodev *dev,
 		RTE_LOG(ERR, PMD, "invalid session struct");
 		return NULL;
 	}
+
+	/* Default IV length = 0 */
+	session->iv.length = 0;
+
 	/* Cipher Only */
 	if (xform->type == RTE_CRYPTO_SYM_XFORM_CIPHER && xform->next == NULL) {
 		session->ctxt_type = DPAA2_SEC_CIPHER;
diff --git a/drivers/crypto/dpaa2_sec/dpaa2_sec_priv.h b/drivers/crypto/dpaa2_sec/dpaa2_sec_priv.h
index f5c6169..d152161 100644
--- a/drivers/crypto/dpaa2_sec/dpaa2_sec_priv.h
+++ b/drivers/crypto/dpaa2_sec/dpaa2_sec_priv.h
@@ -187,6 +187,10 @@ typedef struct dpaa2_sec_session_entry {
 		uint8_t *data;	/**< pointer to key data */
 		size_t length;	/**< key length in bytes */
 	} auth_key;
+	struct {
+		uint16_t length; /**< IV length in bytes */
+		uint16_t offset; /**< IV offset in bytes */
+	} iv;
 	uint8_t status;
 	union {
 		struct dpaa2_sec_cipher_ctxt cipher_ctxt;
@@ -275,8 +279,8 @@ static const struct rte_cryptodev_capabilities dpaa2_sec_capabilities[] = {
 						.min = 32,
 						.max = 32,
 						.increment = 0
-					},
-					.aad_size = { 0 }
+				},
+				.aad_size = { 0 }
 				}, }
 			}, }
 		},
diff --git a/drivers/crypto/kasumi/rte_kasumi_pmd.c b/drivers/crypto/kasumi/rte_kasumi_pmd.c
index edf84e8..2af7769 100644
--- a/drivers/crypto/kasumi/rte_kasumi_pmd.c
+++ b/drivers/crypto/kasumi/rte_kasumi_pmd.c
@@ -116,6 +116,13 @@ kasumi_set_session_parameters(struct kasumi_session *sess,
 		/* Only KASUMI F8 supported */
 		if (cipher_xform->cipher.algo != RTE_CRYPTO_CIPHER_KASUMI_F8)
 			return -EINVAL;
+
+		sess->iv_offset = cipher_xform->cipher.iv.offset;
+		if (cipher_xform->cipher.iv.length != KASUMI_IV_LENGTH) {
+			KASUMI_LOG_ERR("Wrong IV length");
+			return -EINVAL;
+		}
+
 		/* Initialize key */
 		sso_kasumi_init_f8_key_sched(cipher_xform->cipher.key.data,
 				&sess->pKeySched_cipher);
@@ -179,13 +186,6 @@ process_kasumi_cipher_op(struct rte_crypto_op **ops,
 	uint32_t num_bytes[num_ops];
 
 	for (i = 0; i < num_ops; i++) {
-		/* Sanity checks. */
-		if (ops[i]->sym->cipher.iv.length != KASUMI_IV_LENGTH) {
-			ops[i]->status = RTE_CRYPTO_OP_STATUS_INVALID_ARGS;
-			KASUMI_LOG_ERR("iv");
-			break;
-		}
-
 		src[i] = rte_pktmbuf_mtod(ops[i]->sym->m_src, uint8_t *) +
 				(ops[i]->sym->cipher.data.offset >> 3);
 		dst[i] = ops[i]->sym->m_dst ?
@@ -194,7 +194,7 @@ process_kasumi_cipher_op(struct rte_crypto_op **ops,
 			rte_pktmbuf_mtod(ops[i]->sym->m_src, uint8_t *) +
 				(ops[i]->sym->cipher.data.offset >> 3);
 		iv_ptr = rte_crypto_op_ctod_offset(ops[i], uint8_t *,
-				ops[i]->sym->cipher.iv.offset);
+				session->iv_offset);
 		iv[i] = *((uint64_t *)(iv_ptr));
 		num_bytes[i] = ops[i]->sym->cipher.data.length >> 3;
 
@@ -218,13 +218,6 @@ process_kasumi_cipher_op_bit(struct rte_crypto_op *op,
 	uint64_t iv;
 	uint32_t length_in_bits, offset_in_bits;
 
-	/* Sanity checks. */
-	if (unlikely(op->sym->cipher.iv.length != KASUMI_IV_LENGTH)) {
-		op->status = RTE_CRYPTO_OP_STATUS_INVALID_ARGS;
-		KASUMI_LOG_ERR("iv");
-		return 0;
-	}
-
 	offset_in_bits = op->sym->cipher.data.offset;
 	src = rte_pktmbuf_mtod(op->sym->m_src, uint8_t *);
 	if (op->sym->m_dst == NULL) {
@@ -234,7 +227,7 @@ process_kasumi_cipher_op_bit(struct rte_crypto_op *op,
 	}
 	dst = rte_pktmbuf_mtod(op->sym->m_dst, uint8_t *);
 	iv_ptr = rte_crypto_op_ctod_offset(op, uint8_t *,
-			op->sym->cipher.iv.offset);
+			session->iv_offset);
 	iv = *((uint64_t *)(iv_ptr));
 	length_in_bits = op->sym->cipher.data.length;
 
diff --git a/drivers/crypto/kasumi/rte_kasumi_pmd_private.h b/drivers/crypto/kasumi/rte_kasumi_pmd_private.h
index fb586ca..6a0d47a 100644
--- a/drivers/crypto/kasumi/rte_kasumi_pmd_private.h
+++ b/drivers/crypto/kasumi/rte_kasumi_pmd_private.h
@@ -92,6 +92,7 @@ struct kasumi_session {
 	sso_kasumi_key_sched_t pKeySched_hash;
 	enum kasumi_operation op;
 	enum rte_crypto_auth_operation auth_op;
+	uint16_t iv_offset;
 } __rte_cache_aligned;
 
 
diff --git a/drivers/crypto/null/null_crypto_pmd_ops.c b/drivers/crypto/null/null_crypto_pmd_ops.c
index 12c946c..5f74f0c 100644
--- a/drivers/crypto/null/null_crypto_pmd_ops.c
+++ b/drivers/crypto/null/null_crypto_pmd_ops.c
@@ -72,11 +72,7 @@ static const struct rte_cryptodev_capabilities null_crypto_pmd_capabilities[] =
 					.max = 0,
 					.increment = 0
 				},
-				.iv_size = {
-					.min = 0,
-					.max = 0,
-					.increment = 0
-				}
+				.iv_size = { 0 }
 			}, },
 		}, }
 	},
diff --git a/drivers/crypto/openssl/rte_openssl_pmd.c b/drivers/crypto/openssl/rte_openssl_pmd.c
index 02cf25a..ab4333e 100644
--- a/drivers/crypto/openssl/rte_openssl_pmd.c
+++ b/drivers/crypto/openssl/rte_openssl_pmd.c
@@ -264,6 +264,10 @@ openssl_set_session_cipher_parameters(struct openssl_session *sess,
 	/* Select cipher key */
 	sess->cipher.key.length = xform->cipher.key.length;
 
+	/* Set IV parameters */
+	sess->iv.offset = xform->cipher.iv.offset;
+	sess->iv.length = xform->cipher.iv.length;
+
 	/* Select cipher algo */
 	switch (xform->cipher.algo) {
 	case RTE_CRYPTO_CIPHER_3DES_CBC:
@@ -397,6 +401,9 @@ openssl_set_session_parameters(struct openssl_session *sess,
 		return -EINVAL;
 	}
 
+	/* Default IV length = 0 */
+	sess->iv.length = 0;
+
 	/* cipher_xform must be check before auth_xform */
 	if (cipher_xform) {
 		if (openssl_set_session_cipher_parameters(
@@ -924,8 +931,8 @@ process_openssl_combined_op
 	}
 
 	iv = rte_crypto_op_ctod_offset(op, uint8_t *,
-			op->sym->cipher.iv.offset);
-	ivlen = op->sym->cipher.iv.length;
+			sess->iv.offset);
+	ivlen = sess->iv.length;
 	aad = op->sym->auth.aad.data;
 	aadlen = op->sym->auth.aad.length;
 
@@ -989,7 +996,7 @@ process_openssl_cipher_op
 			op->sym->cipher.data.offset);
 
 	iv = rte_crypto_op_ctod_offset(op, uint8_t *,
-			op->sym->cipher.iv.offset);
+			sess->iv.offset);
 
 	if (sess->cipher.mode == OPENSSL_CIPHER_LIB)
 		if (sess->cipher.direction == RTE_CRYPTO_CIPHER_OP_ENCRYPT)
@@ -1031,7 +1038,7 @@ process_openssl_docsis_bpi_op(struct rte_crypto_op *op,
 			op->sym->cipher.data.offset);
 
 	iv = rte_crypto_op_ctod_offset(op, uint8_t *,
-			op->sym->cipher.iv.offset);
+			sess->iv.offset);
 
 	block_size = DES_BLOCK_SIZE;
 
@@ -1090,7 +1097,7 @@ process_openssl_docsis_bpi_op(struct rte_crypto_op *op,
 						last_block_len, sess->cipher.bpi_ctx);
 				/* Prepare parameters for CBC mode op */
 				iv = rte_crypto_op_ctod_offset(op, uint8_t *,
-						op->sym->cipher.iv.offset);
+						sess->iv.offset);
 				dst += last_block_len - srclen;
 				srclen -= last_block_len;
 			}
diff --git a/drivers/crypto/openssl/rte_openssl_pmd_private.h b/drivers/crypto/openssl/rte_openssl_pmd_private.h
index 4d820c5..3a64853 100644
--- a/drivers/crypto/openssl/rte_openssl_pmd_private.h
+++ b/drivers/crypto/openssl/rte_openssl_pmd_private.h
@@ -108,6 +108,11 @@ struct openssl_session {
 	enum openssl_chain_order chain_order;
 	/**< chain order mode */
 
+	struct {
+		uint16_t length;
+		uint16_t offset;
+	} iv;
+	/**< IV parameters */
 	/** Cipher Parameters */
 	struct {
 		enum rte_crypto_cipher_operation direction;
diff --git a/drivers/crypto/qat/qat_adf/qat_algs.h b/drivers/crypto/qat/qat_adf/qat_algs.h
index 5c63406..e8fa3d3 100644
--- a/drivers/crypto/qat/qat_adf/qat_algs.h
+++ b/drivers/crypto/qat/qat_adf/qat_algs.h
@@ -127,6 +127,10 @@ struct qat_session {
 	struct icp_qat_fw_la_bulk_req fw_req;
 	uint8_t aad_len;
 	struct qat_crypto_instance *inst;
+	struct {
+		uint16_t offset;
+		uint16_t length;
+	} iv;
 	rte_spinlock_t lock;	/* protects this struct */
 };
 
diff --git a/drivers/crypto/qat/qat_crypto.c b/drivers/crypto/qat/qat_crypto.c
index 7015549..01f7de1 100644
--- a/drivers/crypto/qat/qat_crypto.c
+++ b/drivers/crypto/qat/qat_crypto.c
@@ -298,6 +298,9 @@ qat_crypto_sym_configure_session_cipher(struct rte_cryptodev *dev,
 	/* Get cipher xform from crypto xform chain */
 	cipher_xform = qat_get_cipher_xform(xform);
 
+	session->iv.offset = cipher_xform->iv.offset;
+	session->iv.length = cipher_xform->iv.length;
+
 	switch (cipher_xform->algo) {
 	case RTE_CRYPTO_CIPHER_AES_CBC:
 		if (qat_alg_validate_aes_key(cipher_xform->key.length,
@@ -643,7 +646,7 @@ qat_bpicipher_preprocess(struct qat_session *ctx,
 		else
 			/* runt block, i.e. less than one full block */
 			iv = rte_crypto_op_ctod_offset(op, uint8_t *,
-					sym_op->cipher.iv.offset);
+					ctx->iv.offset);
 
 #ifdef RTE_LIBRTE_PMD_QAT_DEBUG_TX
 		rte_hexdump(stdout, "BPI: src before pre-process:", last_block,
@@ -699,7 +702,7 @@ qat_bpicipher_postprocess(struct qat_session *ctx,
 		else
 			/* runt block, i.e. less than one full block */
 			iv = rte_crypto_op_ctod_offset(op, uint8_t *,
-					sym_op->cipher.iv.offset);
+					ctx->iv.offset);
 
 #ifdef RTE_LIBRTE_PMD_QAT_DEBUG_RX
 		rte_hexdump(stdout, "BPI: src before post-process:", last_block,
@@ -980,27 +983,20 @@ qat_write_hw_desc_entry(struct rte_crypto_op *op, uint8_t *out_msg,
 		}
 
 		iv_ptr = rte_crypto_op_ctod_offset(op, uint8_t *,
-					op->sym->cipher.iv.offset);
+					ctx->iv.offset);
 		/* copy IV into request if it fits */
-		/*
-		 * If IV length is zero do not copy anything but still
-		 * use request descriptor embedded IV
-		 *
-		 */
-		if (op->sym->cipher.iv.length) {
-			if (op->sym->cipher.iv.length <=
-					sizeof(cipher_param->u.cipher_IV_array)) {
-				rte_memcpy(cipher_param->u.cipher_IV_array,
-						iv_ptr,
-						op->sym->cipher.iv.length);
-			} else {
-				ICP_QAT_FW_LA_CIPH_IV_FLD_FLAG_SET(
-						qat_req->comn_hdr.serv_specif_flags,
-						ICP_QAT_FW_CIPH_IV_64BIT_PTR);
-				cipher_param->u.s.cipher_IV_ptr =
-						rte_crypto_op_ctophys_offset(op,
-							op->sym->cipher.iv.offset);
-			}
+		if (ctx->iv.length <=
+				sizeof(cipher_param->u.cipher_IV_array)) {
+			rte_memcpy(cipher_param->u.cipher_IV_array,
+					iv_ptr,
+					ctx->iv.length);
+		} else {
+			ICP_QAT_FW_LA_CIPH_IV_FLD_FLAG_SET(
+					qat_req->comn_hdr.serv_specif_flags,
+					ICP_QAT_FW_CIPH_IV_64BIT_PTR);
+			cipher_param->u.s.cipher_IV_ptr =
+					rte_crypto_op_ctophys_offset(op,
+						ctx->iv.offset);
 		}
 		min_ofs = cipher_ofs;
 	}
@@ -1166,7 +1162,7 @@ qat_write_hw_desc_entry(struct rte_crypto_op *op, uint8_t *out_msg,
 
 	if (ctx->qat_hash_alg == ICP_QAT_HW_AUTH_ALGO_GALOIS_128 ||
 			ctx->qat_hash_alg == ICP_QAT_HW_AUTH_ALGO_GALOIS_64) {
-		if (op->sym->cipher.iv.length == 12) {
+		if (ctx->iv.length == 12) {
 			/*
 			 * For GCM a 12 bit IV is allowed,
 			 * but we need to inform the f/w
@@ -1202,7 +1198,7 @@ qat_write_hw_desc_entry(struct rte_crypto_op *op, uint8_t *out_msg,
 			rte_pktmbuf_data_len(op->sym->m_src));
 	if (do_cipher)
 		rte_hexdump(stdout, "iv:", iv_ptr,
-				op->sym->cipher.iv.length);
+				ctx->iv.length);
 
 	if (do_auth) {
 		rte_hexdump(stdout, "digest:", op->sym->auth.digest.data,
diff --git a/drivers/crypto/snow3g/rte_snow3g_pmd.c b/drivers/crypto/snow3g/rte_snow3g_pmd.c
index 6df8416..2b1689b 100644
--- a/drivers/crypto/snow3g/rte_snow3g_pmd.c
+++ b/drivers/crypto/snow3g/rte_snow3g_pmd.c
@@ -116,6 +116,13 @@ snow3g_set_session_parameters(struct snow3g_session *sess,
 		/* Only SNOW 3G UEA2 supported */
 		if (cipher_xform->cipher.algo != RTE_CRYPTO_CIPHER_SNOW3G_UEA2)
 			return -EINVAL;
+
+		if (cipher_xform->cipher.iv.length != SNOW3G_IV_LENGTH) {
+			SNOW3G_LOG_ERR("Wrong IV length");
+			return -EINVAL;
+		}
+		sess->iv_offset = cipher_xform->cipher.iv.offset;
+
 		/* Initialize key */
 		sso_snow3g_init_key_sched(cipher_xform->cipher.key.data,
 				&sess->pKeySched_cipher);
@@ -178,13 +185,6 @@ process_snow3g_cipher_op(struct rte_crypto_op **ops,
 	uint32_t num_bytes[SNOW3G_MAX_BURST];
 
 	for (i = 0; i < num_ops; i++) {
-		/* Sanity checks. */
-		if (unlikely(ops[i]->sym->cipher.iv.length != SNOW3G_IV_LENGTH)) {
-			ops[i]->status = RTE_CRYPTO_OP_STATUS_INVALID_ARGS;
-			SNOW3G_LOG_ERR("iv");
-			break;
-		}
-
 		src[i] = rte_pktmbuf_mtod(ops[i]->sym->m_src, uint8_t *) +
 				(ops[i]->sym->cipher.data.offset >> 3);
 		dst[i] = ops[i]->sym->m_dst ?
@@ -193,7 +193,7 @@ process_snow3g_cipher_op(struct rte_crypto_op **ops,
 			rte_pktmbuf_mtod(ops[i]->sym->m_src, uint8_t *) +
 				(ops[i]->sym->cipher.data.offset >> 3);
 		iv[i] = rte_crypto_op_ctod_offset(ops[i], uint8_t *,
-				ops[i]->sym->cipher.iv.offset);
+				session->iv_offset);
 		num_bytes[i] = ops[i]->sym->cipher.data.length >> 3;
 
 		processed_ops++;
@@ -214,13 +214,6 @@ process_snow3g_cipher_op_bit(struct rte_crypto_op *op,
 	uint8_t *iv;
 	uint32_t length_in_bits, offset_in_bits;
 
-	/* Sanity checks. */
-	if (unlikely(op->sym->cipher.iv.length != SNOW3G_IV_LENGTH)) {
-		op->status = RTE_CRYPTO_OP_STATUS_INVALID_ARGS;
-		SNOW3G_LOG_ERR("iv");
-		return 0;
-	}
-
 	offset_in_bits = op->sym->cipher.data.offset;
 	src = rte_pktmbuf_mtod(op->sym->m_src, uint8_t *);
 	if (op->sym->m_dst == NULL) {
@@ -230,7 +223,7 @@ process_snow3g_cipher_op_bit(struct rte_crypto_op *op,
 	}
 	dst = rte_pktmbuf_mtod(op->sym->m_dst, uint8_t *);
 	iv = rte_crypto_op_ctod_offset(op, uint8_t *,
-				op->sym->cipher.iv.offset);
+				session->iv_offset);
 	length_in_bits = op->sym->cipher.data.length;
 
 	sso_snow3g_f8_1_buffer_bit(&session->pKeySched_cipher, iv,
diff --git a/drivers/crypto/snow3g/rte_snow3g_pmd_private.h b/drivers/crypto/snow3g/rte_snow3g_pmd_private.h
index 03973b9..e8943a7 100644
--- a/drivers/crypto/snow3g/rte_snow3g_pmd_private.h
+++ b/drivers/crypto/snow3g/rte_snow3g_pmd_private.h
@@ -91,6 +91,7 @@ struct snow3g_session {
 	enum rte_crypto_auth_operation auth_op;
 	sso_snow3g_key_schedule_t pKeySched_cipher;
 	sso_snow3g_key_schedule_t pKeySched_hash;
+	uint16_t iv_offset;
 } __rte_cache_aligned;
 
 
diff --git a/drivers/crypto/zuc/rte_zuc_pmd.c b/drivers/crypto/zuc/rte_zuc_pmd.c
index 8374f65..c48a2d6 100644
--- a/drivers/crypto/zuc/rte_zuc_pmd.c
+++ b/drivers/crypto/zuc/rte_zuc_pmd.c
@@ -115,6 +115,13 @@ zuc_set_session_parameters(struct zuc_session *sess,
 		/* Only ZUC EEA3 supported */
 		if (cipher_xform->cipher.algo != RTE_CRYPTO_CIPHER_ZUC_EEA3)
 			return -EINVAL;
+
+		if (cipher_xform->cipher.iv.length != ZUC_IV_KEY_LENGTH) {
+			ZUC_LOG_ERR("Wrong IV length");
+			return -EINVAL;
+		}
+		sess->iv_offset = cipher_xform->cipher.iv.offset;
+
 		/* Copy the key */
 		memcpy(sess->pKey_cipher, cipher_xform->cipher.key.data,
 				ZUC_IV_KEY_LENGTH);
@@ -178,13 +185,6 @@ process_zuc_cipher_op(struct rte_crypto_op **ops,
 	uint8_t *cipher_keys[ZUC_MAX_BURST];
 
 	for (i = 0; i < num_ops; i++) {
-		/* Sanity checks. */
-		if (unlikely(ops[i]->sym->cipher.iv.length != ZUC_IV_KEY_LENGTH)) {
-			ops[i]->status = RTE_CRYPTO_OP_STATUS_INVALID_ARGS;
-			ZUC_LOG_ERR("iv");
-			break;
-		}
-
 		if (((ops[i]->sym->cipher.data.length % BYTE_LEN) != 0)
 				|| ((ops[i]->sym->cipher.data.offset
 					% BYTE_LEN) != 0)) {
@@ -214,7 +214,7 @@ process_zuc_cipher_op(struct rte_crypto_op **ops,
 			rte_pktmbuf_mtod(ops[i]->sym->m_src, uint8_t *) +
 				(ops[i]->sym->cipher.data.offset >> 3);
 		iv[i] = rte_crypto_op_ctod_offset(ops[i], uint8_t *,
-				ops[i]->sym->cipher.iv.offset);
+				session->iv_offset);
 		num_bytes[i] = ops[i]->sym->cipher.data.length >> 3;
 
 		cipher_keys[i] = session->pKey_cipher;
diff --git a/drivers/crypto/zuc/rte_zuc_pmd_ops.c b/drivers/crypto/zuc/rte_zuc_pmd_ops.c
index e793459..c24b9bd 100644
--- a/drivers/crypto/zuc/rte_zuc_pmd_ops.c
+++ b/drivers/crypto/zuc/rte_zuc_pmd_ops.c
@@ -80,7 +80,7 @@ static const struct rte_cryptodev_capabilities zuc_pmd_capabilities[] = {
 					.min = 16,
 					.max = 16,
 					.increment = 0
-				}
+				},
 			}, }
 		}, }
 	},
diff --git a/drivers/crypto/zuc/rte_zuc_pmd_private.h b/drivers/crypto/zuc/rte_zuc_pmd_private.h
index 030f120..cee1b5d 100644
--- a/drivers/crypto/zuc/rte_zuc_pmd_private.h
+++ b/drivers/crypto/zuc/rte_zuc_pmd_private.h
@@ -92,6 +92,7 @@ struct zuc_session {
 	enum rte_crypto_auth_operation auth_op;
 	uint8_t pKey_cipher[ZUC_IV_KEY_LENGTH];
 	uint8_t pKey_hash[ZUC_IV_KEY_LENGTH];
+	uint16_t iv_offset;
 } __rte_cache_aligned;
 
 
diff --git a/examples/ipsec-secgw/esp.c b/examples/ipsec-secgw/esp.c
index 738a800..9e12782 100644
--- a/examples/ipsec-secgw/esp.c
+++ b/examples/ipsec-secgw/esp.c
@@ -50,9 +50,6 @@
 #include "esp.h"
 #include "ipip.h"
 
-#define IV_OFFSET		(sizeof(struct rte_crypto_op) + \
-				sizeof(struct rte_crypto_sym_op))
-
 int
 esp_inbound(struct rte_mbuf *m, struct ipsec_sa *sa,
 		struct rte_crypto_op *cop)
@@ -104,8 +101,6 @@ esp_inbound(struct rte_mbuf *m, struct ipsec_sa *sa,
 	case RTE_CRYPTO_CIPHER_AES_CBC:
 		/* Copy IV at the end of crypto operation */
 		rte_memcpy(iv_ptr, iv, sa->iv_len);
-		sym_cop->cipher.iv.offset = IV_OFFSET;
-		sym_cop->cipher.iv.length = sa->iv_len;
 		break;
 	case RTE_CRYPTO_CIPHER_AES_CTR:
 	case RTE_CRYPTO_CIPHER_AES_GCM:
@@ -113,8 +108,6 @@ esp_inbound(struct rte_mbuf *m, struct ipsec_sa *sa,
 		icb->salt = sa->salt;
 		memcpy(&icb->iv, iv, 8);
 		icb->cnt = rte_cpu_to_be_32(1);
-		sym_cop->cipher.iv.offset = IV_OFFSET;
-		sym_cop->cipher.iv.length = 16;
 		break;
 	default:
 		RTE_LOG(ERR, IPSEC_ESP, "unsupported cipher algorithm %u\n",
@@ -348,8 +341,6 @@ esp_outbound(struct rte_mbuf *m, struct ipsec_sa *sa,
 	icb->salt = sa->salt;
 	icb->iv = sa->seq;
 	icb->cnt = rte_cpu_to_be_32(1);
-	sym_cop->cipher.iv.offset = IV_OFFSET;
-	sym_cop->cipher.iv.length = 16;
 
 	uint8_t *aad;
 
diff --git a/examples/ipsec-secgw/ipsec.h b/examples/ipsec-secgw/ipsec.h
index de1df7b..405cf3d 100644
--- a/examples/ipsec-secgw/ipsec.h
+++ b/examples/ipsec-secgw/ipsec.h
@@ -48,6 +48,9 @@
 
 #define MAX_DIGEST_SIZE 32 /* Bytes -- 256 bits */
 
+#define IV_OFFSET		(sizeof(struct rte_crypto_op) + \
+				sizeof(struct rte_crypto_sym_op))
+
 #define uint32_t_to_char(ip, a, b, c, d) do {\
 		*a = (uint8_t)(ip >> 24 & 0xff);\
 		*b = (uint8_t)(ip >> 16 & 0xff);\
diff --git a/examples/ipsec-secgw/sa.c b/examples/ipsec-secgw/sa.c
index 39624c4..85e4d4e 100644
--- a/examples/ipsec-secgw/sa.c
+++ b/examples/ipsec-secgw/sa.c
@@ -589,6 +589,7 @@ sa_add_rules(struct sa_ctx *sa_ctx, const struct ipsec_sa entries[],
 {
 	struct ipsec_sa *sa;
 	uint32_t i, idx;
+	uint16_t iv_length;
 
 	for (i = 0; i < nb_entries; i++) {
 		idx = SPI2IDX(entries[i].spi);
@@ -607,6 +608,21 @@ sa_add_rules(struct sa_ctx *sa_ctx, const struct ipsec_sa entries[],
 			sa->dst.ip.ip4 = rte_cpu_to_be_32(sa->dst.ip.ip4);
 		}
 
+		switch (sa->cipher_algo) {
+		case RTE_CRYPTO_CIPHER_NULL:
+		case RTE_CRYPTO_CIPHER_AES_CBC:
+			iv_length = sa->iv_len;
+			break;
+		case RTE_CRYPTO_CIPHER_AES_CTR:
+		case RTE_CRYPTO_CIPHER_AES_GCM:
+			iv_length = 16;
+			break;
+		default:
+			RTE_LOG(ERR, IPSEC_ESP, "unsupported cipher algorithm %u\n",
+					sa->cipher_algo);
+			return -EINVAL;
+		}
+
 		if (inbound) {
 			sa_ctx->xf[idx].b.type = RTE_CRYPTO_SYM_XFORM_CIPHER;
 			sa_ctx->xf[idx].b.cipher.algo = sa->cipher_algo;
@@ -615,6 +631,8 @@ sa_add_rules(struct sa_ctx *sa_ctx, const struct ipsec_sa entries[],
 				sa->cipher_key_len;
 			sa_ctx->xf[idx].b.cipher.op =
 				RTE_CRYPTO_CIPHER_OP_DECRYPT;
+			sa_ctx->xf[idx].b.cipher.iv.offset = IV_OFFSET;
+			sa_ctx->xf[idx].b.cipher.iv.length = iv_length;
 			sa_ctx->xf[idx].b.next = NULL;
 
 			sa_ctx->xf[idx].a.type = RTE_CRYPTO_SYM_XFORM_AUTH;
@@ -637,6 +655,8 @@ sa_add_rules(struct sa_ctx *sa_ctx, const struct ipsec_sa entries[],
 				sa->cipher_key_len;
 			sa_ctx->xf[idx].a.cipher.op =
 				RTE_CRYPTO_CIPHER_OP_ENCRYPT;
+			sa_ctx->xf[idx].a.cipher.iv.offset = IV_OFFSET;
+			sa_ctx->xf[idx].a.cipher.iv.length = iv_length;
 			sa_ctx->xf[idx].a.next = NULL;
 
 			sa_ctx->xf[idx].b.type = RTE_CRYPTO_SYM_XFORM_AUTH;
diff --git a/examples/l2fwd-crypto/main.c b/examples/l2fwd-crypto/main.c
index ffd9731..9f16806 100644
--- a/examples/l2fwd-crypto/main.c
+++ b/examples/l2fwd-crypto/main.c
@@ -139,6 +139,11 @@ struct l2fwd_key {
 	phys_addr_t phys_addr;
 };
 
+struct l2fwd_iv {
+	uint8_t *data;
+	uint16_t length;
+};
+
 /** l2fwd crypto application command line options */
 struct l2fwd_crypto_options {
 	unsigned portmask;
@@ -155,8 +160,8 @@ struct l2fwd_crypto_options {
 	unsigned ckey_param;
 	int ckey_random_size;
 
-	struct l2fwd_key iv;
-	unsigned iv_param;
+	struct l2fwd_iv iv;
+	unsigned int iv_param;
 	int iv_random_size;
 
 	struct rte_crypto_sym_xform auth_xform;
@@ -183,7 +188,7 @@ struct l2fwd_crypto_params {
 	unsigned digest_length;
 	unsigned block_size;
 
-	struct l2fwd_key iv;
+	struct l2fwd_iv iv;
 	struct l2fwd_key aad;
 	struct rte_cryptodev_sym_session *session;
 
@@ -489,9 +494,6 @@ l2fwd_simple_crypto_enqueue(struct rte_mbuf *m,
 		/* Copy IV at the end of the crypto operation */
 		rte_memcpy(iv_ptr, cparams->iv.data, cparams->iv.length);
 
-		op->sym->cipher.iv.offset = IV_OFFSET;
-		op->sym->cipher.iv.length = cparams->iv.length;
-
 		/* For wireless algorithms, offset/length must be in bits */
 		if (cparams->cipher_algo == RTE_CRYPTO_CIPHER_SNOW3G_UEA2 ||
 				cparams->cipher_algo == RTE_CRYPTO_CIPHER_KASUMI_F8 ||
@@ -703,6 +705,9 @@ l2fwd_main_loop(struct l2fwd_crypto_options *options)
 						port_cparams[i].iv.length);
 
 			port_cparams[i].cipher_algo = options->cipher_xform.cipher.algo;
+			/* Set IV parameters */
+			options->cipher_xform.cipher.iv.offset = IV_OFFSET;
+			options->cipher_xform.cipher.iv.length = options->iv.length;
 		}
 
 		port_cparams[i].session = initialize_crypto_session(options,
@@ -1547,6 +1552,46 @@ check_supported_size(uint16_t length, uint16_t min, uint16_t max,
 
 	return -1;
 }
+
+static int
+check_iv_param(const struct rte_crypto_param_range *iv_range_size,
+		unsigned int iv_param, int iv_random_size,
+		uint16_t *iv_length)
+{
+	/*
+	 * Check if length of provided IV is supported
+	 * by the algorithm chosen.
+	 */
+	if (iv_param) {
+		if (check_supported_size(*iv_length,
+				iv_range_size->min,
+				iv_range_size->max,
+				iv_range_size->increment)
+					!= 0) {
+			printf("Unsupported IV length\n");
+			return -1;
+		}
+	/*
+	 * Check if length of IV to be randomly generated
+	 * is supported by the algorithm chosen.
+	 */
+	} else if (iv_random_size != -1) {
+		if (check_supported_size(iv_random_size,
+				iv_range_size->min,
+				iv_range_size->max,
+				iv_range_size->increment)
+					!= 0) {
+			printf("Unsupported IV length\n");
+			return -1;
+		}
+		*iv_length = iv_random_size;
+	/* No size provided, use minimum size. */
+	} else
+		*iv_length = iv_range_size->min;
+
+	return 0;
+}
+
 static int
 initialize_cryptodevs(struct l2fwd_crypto_options *options, unsigned nb_ports,
 		uint8_t *enabled_cdevs)
@@ -1614,36 +1659,9 @@ initialize_cryptodevs(struct l2fwd_crypto_options *options, unsigned nb_ports,
 			}
 
 			options->block_size = cap->sym.cipher.block_size;
-			/*
-			 * Check if length of provided IV is supported
-			 * by the algorithm chosen.
-			 */
-			if (options->iv_param) {
-				if (check_supported_size(options->iv.length,
-						cap->sym.cipher.iv_size.min,
-						cap->sym.cipher.iv_size.max,
-						cap->sym.cipher.iv_size.increment)
-							!= 0) {
-					printf("Unsupported IV length\n");
-					return -1;
-				}
-			/*
-			 * Check if length of IV to be randomly generated
-			 * is supported by the algorithm chosen.
-			 */
-			} else if (options->iv_random_size != -1) {
-				if (check_supported_size(options->iv_random_size,
-						cap->sym.cipher.iv_size.min,
-						cap->sym.cipher.iv_size.max,
-						cap->sym.cipher.iv_size.increment)
-							!= 0) {
-					printf("Unsupported IV length\n");
-					return -1;
-				}
-				options->iv.length = options->iv_random_size;
-			/* No size provided, use minimum size. */
-			} else
-				options->iv.length = cap->sym.cipher.iv_size.min;
+
+			check_iv_param(&cap->sym.cipher.iv_size, options->iv_param,
+					options->iv_random_size, &options->iv.length);
 
 			/*
 			 * Check if length of provided cipher key is supported
diff --git a/lib/librte_cryptodev/rte_crypto_sym.h b/lib/librte_cryptodev/rte_crypto_sym.h
index b35c45a..c1a1e27 100644
--- a/lib/librte_cryptodev/rte_crypto_sym.h
+++ b/lib/librte_cryptodev/rte_crypto_sym.h
@@ -190,6 +190,55 @@ struct rte_crypto_cipher_xform {
 	 *  - Each key can be either 128 bits (16 bytes) or 256 bits (32 bytes).
 	 *  - Both keys must have the same size.
 	 **/
+	struct {
+		uint16_t offset;
+		/**< Starting point for Initialisation Vector or Counter,
+		 * specified as number of bytes from start of crypto
+		 * operation (rte_crypto_op).
+		 *
+		 * - For block ciphers in CBC or F8 mode, or for KASUMI
+		 * in F8 mode, or for SNOW 3G in UEA2 mode, this is the
+		 * Initialisation Vector (IV) value.
+		 *
+		 * - For block ciphers in CTR mode, this is the counter.
+		 *
+		 * - For GCM mode, this is either the IV (if the length
+		 * is 96 bits) or J0 (for other sizes), where J0 is as
+		 * defined by NIST SP800-38D. Regardless of the IV
+		 * length, a full 16 bytes needs to be allocated.
+		 *
+		 * - For CCM mode, the first byte is reserved, and the
+		 * nonce should be written starting at &iv[1] (to allow
+		 * space for the implementation to write in the flags
+		 * in the first byte). Note that a full 16 bytes should
+		 * be allocated, even though the length field will
+		 * have a value less than this.
+		 *
+		 * - For AES-XTS, this is the 128bit tweak, i, from
+		 * IEEE Std 1619-2007.
+		 *
+		 * For optimum performance, the data pointed to SHOULD
+		 * be 8-byte aligned.
+		 */
+		uint16_t length;
+		/**< Length of valid IV data.
+		 *
+		 * - For block ciphers in CBC or F8 mode, or for KASUMI
+		 * in F8 mode, or for SNOW 3G in UEA2 mode, this is the
+		 * length of the IV (which must be the same as the
+		 * block length of the cipher).
+		 *
+		 * - For block ciphers in CTR mode, this is the length
+		 * of the counter (which must be the same as the block
+		 * length of the cipher).
+		 *
+		 * - For GCM mode, this is either 12 (for 96-bit IVs)
+		 * or 16, in which case data points to J0.
+		 *
+		 * - For CCM mode, this is the length of the nonce,
+		 * which can be in the range 7 to 13 inclusive.
+		 */
+	} iv;	/**< Initialisation vector parameters */
 };
 
 /** Symmetric Authentication / Hash Algorithms */
@@ -463,55 +512,6 @@ struct rte_crypto_sym_op {
 			  */
 		} data; /**< Data offsets and length for ciphering */
 
-		struct {
-			uint16_t offset;
-			/**< Starting point for Initialisation Vector or Counter,
-			 * specified as number of bytes from start of crypto
-			 * operation.
-			 *
-			 * - For block ciphers in CBC or F8 mode, or for KASUMI
-			 * in F8 mode, or for SNOW 3G in UEA2 mode, this is the
-			 * Initialisation Vector (IV) value.
-			 *
-			 * - For block ciphers in CTR mode, this is the counter.
-			 *
-			 * - For GCM mode, this is either the IV (if the length
-			 * is 96 bits) or J0 (for other sizes), where J0 is as
-			 * defined by NIST SP800-38D. Regardless of the IV
-			 * length, a full 16 bytes needs to be allocated.
-			 *
-			 * - For CCM mode, the first byte is reserved, and the
-			 * nonce should be written starting at &iv[1] (to allow
-			 * space for the implementation to write in the flags
-			 * in the first byte). Note that a full 16 bytes should
-			 * be allocated, even though the length field will
-			 * have a value less than this.
-			 *
-			 * - For AES-XTS, this is the 128bit tweak, i, from
-			 * IEEE Std 1619-2007.
-			 *
-			 * For optimum performance, the data pointed to SHOULD
-			 * be 8-byte aligned.
-			 */
-			uint16_t length;
-			/**< Length of valid IV data.
-			 *
-			 * - For block ciphers in CBC or F8 mode, or for KASUMI
-			 * in F8 mode, or for SNOW 3G in UEA2 mode, this is the
-			 * length of the IV (which must be the same as the
-			 * block length of the cipher).
-			 *
-			 * - For block ciphers in CTR mode, this is the length
-			 * of the counter (which must be the same as the block
-			 * length of the cipher).
-			 *
-			 * - For GCM mode, this is either 12 (for 96-bit IVs)
-			 * or 16, in which case data points to J0.
-			 *
-			 * - For CCM mode, this is the length of the nonce,
-			 * which can be in the range 7 to 13 inclusive.
-			 */
-		} iv;	/**< Initialisation vector parameters */
 	} cipher;
 
 	struct {
diff --git a/test/test/test_cryptodev.c b/test/test/test_cryptodev.c
index 0dd95ca..1f066fb 100644
--- a/test/test/test_cryptodev.c
+++ b/test/test/test_cryptodev.c
@@ -1270,6 +1270,8 @@ test_AES_CBC_HMAC_SHA1_encrypt_digest(void)
 	ut_params->cipher_xform.cipher.op = RTE_CRYPTO_CIPHER_OP_ENCRYPT;
 	ut_params->cipher_xform.cipher.key.data = aes_cbc_key;
 	ut_params->cipher_xform.cipher.key.length = CIPHER_KEY_LENGTH_AES_CBC;
+	ut_params->cipher_xform.cipher.iv.offset = IV_OFFSET;
+	ut_params->cipher_xform.cipher.iv.length = CIPHER_IV_LENGTH_AES_CBC;
 
 	/* Setup HMAC Parameters */
 	ut_params->auth_xform.type = RTE_CRYPTO_SYM_XFORM_AUTH;
@@ -1310,13 +1312,11 @@ test_AES_CBC_HMAC_SHA1_encrypt_digest(void)
 	sym_op->auth.data.offset = 0;
 	sym_op->auth.data.length = QUOTE_512_BYTES;
 
-	/* Set crypto operation cipher parameters */
-	sym_op->cipher.iv.offset = IV_OFFSET;
-	sym_op->cipher.iv.length = CIPHER_IV_LENGTH_AES_CBC;
-
+	/* Copy IV at the end of the crypto operation */
 	rte_memcpy(rte_crypto_op_ctod_offset(ut_params->op, uint8_t *, IV_OFFSET),
 			aes_cbc_iv, CIPHER_IV_LENGTH_AES_CBC);
 
+	/* Set crypto operation cipher parameters */
 	sym_op->cipher.data.offset = 0;
 	sym_op->cipher.data.length = QUOTE_512_BYTES;
 
@@ -1404,6 +1404,8 @@ test_AES_CBC_HMAC_SHA512_decrypt_create_session_params(
 	ut_params->cipher_xform.cipher.op = RTE_CRYPTO_CIPHER_OP_DECRYPT;
 	ut_params->cipher_xform.cipher.key.data = cipher_key;
 	ut_params->cipher_xform.cipher.key.length = CIPHER_KEY_LENGTH_AES_CBC;
+	ut_params->cipher_xform.cipher.iv.offset = IV_OFFSET;
+	ut_params->cipher_xform.cipher.iv.length = CIPHER_IV_LENGTH_AES_CBC;
 
 	/* Setup HMAC Parameters */
 	ut_params->auth_xform.type = RTE_CRYPTO_SYM_XFORM_AUTH;
@@ -1462,9 +1464,7 @@ test_AES_CBC_HMAC_SHA512_decrypt_perform(struct rte_cryptodev_sym_session *sess,
 	sym_op->auth.data.offset = 0;
 	sym_op->auth.data.length = QUOTE_512_BYTES;
 
-	sym_op->cipher.iv.offset = IV_OFFSET;
-	sym_op->cipher.iv.length = CIPHER_IV_LENGTH_AES_CBC;
-
+	/* Copy IV at the end of the crypto operation */
 	rte_memcpy(rte_crypto_op_ctod_offset(ut_params->op, uint8_t *, IV_OFFSET),
 			iv, CIPHER_IV_LENGTH_AES_CBC);
 
@@ -1806,7 +1806,8 @@ static int
 create_wireless_algo_cipher_session(uint8_t dev_id,
 			enum rte_crypto_cipher_operation op,
 			enum rte_crypto_cipher_algorithm algo,
-			const uint8_t *key, const uint8_t key_len)
+			const uint8_t *key, const uint8_t key_len,
+			uint8_t iv_len)
 {
 	uint8_t cipher_key[key_len];
 
@@ -1822,6 +1823,8 @@ create_wireless_algo_cipher_session(uint8_t dev_id,
 	ut_params->cipher_xform.cipher.op = op;
 	ut_params->cipher_xform.cipher.key.data = cipher_key;
 	ut_params->cipher_xform.cipher.key.length = key_len;
+	ut_params->cipher_xform.cipher.iv.offset = IV_OFFSET;
+	ut_params->cipher_xform.cipher.iv.length = iv_len;
 
 	TEST_HEXDUMP(stdout, "key:", key, key_len);
 
@@ -1856,9 +1859,6 @@ create_wireless_algo_cipher_operation(const uint8_t *iv, uint8_t iv_len,
 	sym_op->m_src = ut_params->ibuf;
 
 	/* iv */
-	sym_op->cipher.iv.offset = IV_OFFSET;
-	sym_op->cipher.iv.length = iv_len;
-
 	rte_memcpy(rte_crypto_op_ctod_offset(ut_params->op, uint8_t *, IV_OFFSET),
 			iv, iv_len);
 	sym_op->cipher.data.length = cipher_len;
@@ -1890,9 +1890,6 @@ create_wireless_algo_cipher_operation_oop(const uint8_t *iv, uint8_t iv_len,
 	sym_op->m_dst = ut_params->obuf;
 
 	/* iv */
-	sym_op->cipher.iv.offset = IV_OFFSET;
-	sym_op->cipher.iv.length = iv_len;
-
 	rte_memcpy(rte_crypto_op_ctod_offset(ut_params->op, uint8_t *, IV_OFFSET),
 			iv, iv_len);
 	sym_op->cipher.data.length = cipher_len;
@@ -1907,7 +1904,8 @@ create_wireless_algo_cipher_auth_session(uint8_t dev_id,
 		enum rte_crypto_auth_algorithm auth_algo,
 		enum rte_crypto_cipher_algorithm cipher_algo,
 		const uint8_t *key, const uint8_t key_len,
-		const uint8_t aad_len, const uint8_t auth_len)
+		const uint8_t aad_len, const uint8_t auth_len,
+		uint8_t iv_len)
 
 {
 	uint8_t cipher_auth_key[key_len];
@@ -1936,6 +1934,8 @@ create_wireless_algo_cipher_auth_session(uint8_t dev_id,
 	ut_params->cipher_xform.cipher.op = cipher_op;
 	ut_params->cipher_xform.cipher.key.data = cipher_auth_key;
 	ut_params->cipher_xform.cipher.key.length = key_len;
+	ut_params->cipher_xform.cipher.iv.offset = IV_OFFSET;
+	ut_params->cipher_xform.cipher.iv.length = iv_len;
 
 	TEST_HEXDUMP(stdout, "key:", key, key_len);
 
@@ -1962,6 +1962,7 @@ create_wireless_cipher_auth_session(uint8_t dev_id,
 	const uint8_t *key = tdata->key.data;
 	const uint8_t aad_len = tdata->aad.len;
 	const uint8_t auth_len = tdata->digest.len;
+	uint8_t iv_len = tdata->iv.len;
 
 	memcpy(cipher_auth_key, key, key_len);
 
@@ -1985,6 +1986,9 @@ create_wireless_cipher_auth_session(uint8_t dev_id,
 	ut_params->cipher_xform.cipher.op = cipher_op;
 	ut_params->cipher_xform.cipher.key.data = cipher_auth_key;
 	ut_params->cipher_xform.cipher.key.length = key_len;
+	ut_params->cipher_xform.cipher.iv.offset = IV_OFFSET;
+	ut_params->cipher_xform.cipher.iv.length = iv_len;
+
 
 	TEST_HEXDUMP(stdout, "key:", key, key_len);
 
@@ -2013,7 +2017,8 @@ create_wireless_algo_auth_cipher_session(uint8_t dev_id,
 		enum rte_crypto_auth_algorithm auth_algo,
 		enum rte_crypto_cipher_algorithm cipher_algo,
 		const uint8_t *key, const uint8_t key_len,
-		const uint8_t aad_len, const uint8_t auth_len)
+		const uint8_t aad_len, const uint8_t auth_len,
+		uint8_t iv_len)
 {
 	uint8_t auth_cipher_key[key_len];
 
@@ -2038,6 +2043,8 @@ create_wireless_algo_auth_cipher_session(uint8_t dev_id,
 	ut_params->cipher_xform.cipher.op = cipher_op;
 	ut_params->cipher_xform.cipher.key.data = auth_cipher_key;
 	ut_params->cipher_xform.cipher.key.length = key_len;
+	ut_params->cipher_xform.cipher.iv.offset = IV_OFFSET;
+	ut_params->cipher_xform.cipher.iv.length = iv_len;
 
 	TEST_HEXDUMP(stdout, "key:", key, key_len);
 
@@ -2211,9 +2218,6 @@ create_wireless_cipher_hash_operation(const struct wireless_test_data *tdata,
 	TEST_HEXDUMP(stdout, "aad:", sym_op->auth.aad.data, aad_len);
 
 	/* iv */
-	sym_op->cipher.iv.offset = IV_OFFSET;
-	sym_op->cipher.iv.length = iv_len;
-
 	rte_memcpy(rte_crypto_op_ctod_offset(ut_params->op, uint8_t *, IV_OFFSET),
 			iv, iv_len);
 	sym_op->cipher.data.length = cipher_len;
@@ -2306,9 +2310,6 @@ create_wireless_algo_cipher_hash_operation(const uint8_t *auth_tag,
 	TEST_HEXDUMP(stdout, "aad:", sym_op->auth.aad.data, aad_len);
 
 	/* iv */
-	sym_op->cipher.iv.offset = IV_OFFSET;
-	sym_op->cipher.iv.length = iv_len;
-
 	rte_memcpy(rte_crypto_op_ctod_offset(ut_params->op, uint8_t *, IV_OFFSET),
 			iv, iv_len);
 	sym_op->cipher.data.length = cipher_len;
@@ -2389,9 +2390,6 @@ create_wireless_algo_auth_cipher_operation(const unsigned auth_tag_len,
 			sym_op->auth.aad.data, aad_len);
 
 	/* iv */
-	sym_op->cipher.iv.offset = IV_OFFSET;
-	sym_op->cipher.iv.length = iv_len;
-
 	rte_memcpy(rte_crypto_op_ctod_offset(ut_params->op, uint8_t *, IV_OFFSET),
 			iv, iv_len);
 	sym_op->cipher.data.length = cipher_len;
@@ -2801,7 +2799,8 @@ test_kasumi_encryption(const struct kasumi_test_data *tdata)
 	retval = create_wireless_algo_cipher_session(ts_params->valid_devs[0],
 					RTE_CRYPTO_CIPHER_OP_ENCRYPT,
 					RTE_CRYPTO_CIPHER_KASUMI_F8,
-					tdata->key.data, tdata->key.len);
+					tdata->key.data, tdata->key.len,
+					tdata->iv.len);
 	if (retval < 0)
 		return retval;
 
@@ -2876,7 +2875,8 @@ test_kasumi_encryption_sgl(const struct kasumi_test_data *tdata)
 	retval = create_wireless_algo_cipher_session(ts_params->valid_devs[0],
 					RTE_CRYPTO_CIPHER_OP_ENCRYPT,
 					RTE_CRYPTO_CIPHER_KASUMI_F8,
-					tdata->key.data, tdata->key.len);
+					tdata->key.data, tdata->key.len,
+					tdata->iv.len);
 	if (retval < 0)
 		return retval;
 
@@ -2940,7 +2940,8 @@ test_kasumi_encryption_oop(const struct kasumi_test_data *tdata)
 	retval = create_wireless_algo_cipher_session(ts_params->valid_devs[0],
 					RTE_CRYPTO_CIPHER_OP_ENCRYPT,
 					RTE_CRYPTO_CIPHER_KASUMI_F8,
-					tdata->key.data, tdata->key.len);
+					tdata->key.data, tdata->key.len,
+					tdata->iv.len);
 	if (retval < 0)
 		return retval;
 
@@ -3017,7 +3018,8 @@ test_kasumi_encryption_oop_sgl(const struct kasumi_test_data *tdata)
 	retval = create_wireless_algo_cipher_session(ts_params->valid_devs[0],
 					RTE_CRYPTO_CIPHER_OP_ENCRYPT,
 					RTE_CRYPTO_CIPHER_KASUMI_F8,
-					tdata->key.data, tdata->key.len);
+					tdata->key.data, tdata->key.len,
+					tdata->iv.len);
 	if (retval < 0)
 		return retval;
 
@@ -3080,7 +3082,8 @@ test_kasumi_decryption_oop(const struct kasumi_test_data *tdata)
 	retval = create_wireless_algo_cipher_session(ts_params->valid_devs[0],
 					RTE_CRYPTO_CIPHER_OP_DECRYPT,
 					RTE_CRYPTO_CIPHER_KASUMI_F8,
-					tdata->key.data, tdata->key.len);
+					tdata->key.data, tdata->key.len,
+					tdata->iv.len);
 	if (retval < 0)
 		return retval;
 
@@ -3146,7 +3149,8 @@ test_kasumi_decryption(const struct kasumi_test_data *tdata)
 	retval = create_wireless_algo_cipher_session(ts_params->valid_devs[0],
 					RTE_CRYPTO_CIPHER_OP_DECRYPT,
 					RTE_CRYPTO_CIPHER_KASUMI_F8,
-					tdata->key.data, tdata->key.len);
+					tdata->key.data, tdata->key.len,
+					tdata->iv.len);
 	if (retval < 0)
 		return retval;
 
@@ -3210,7 +3214,8 @@ test_snow3g_encryption(const struct snow3g_test_data *tdata)
 	retval = create_wireless_algo_cipher_session(ts_params->valid_devs[0],
 					RTE_CRYPTO_CIPHER_OP_ENCRYPT,
 					RTE_CRYPTO_CIPHER_SNOW3G_UEA2,
-					tdata->key.data, tdata->key.len);
+					tdata->key.data, tdata->key.len,
+					tdata->iv.len);
 	if (retval < 0)
 		return retval;
 
@@ -3274,7 +3279,8 @@ test_snow3g_encryption_oop(const struct snow3g_test_data *tdata)
 	retval = create_wireless_algo_cipher_session(ts_params->valid_devs[0],
 					RTE_CRYPTO_CIPHER_OP_ENCRYPT,
 					RTE_CRYPTO_CIPHER_SNOW3G_UEA2,
-					tdata->key.data, tdata->key.len);
+					tdata->key.data, tdata->key.len,
+					tdata->iv.len);
 	if (retval < 0)
 		return retval;
 
@@ -3355,7 +3361,8 @@ test_snow3g_encryption_oop_sgl(const struct snow3g_test_data *tdata)
 	retval = create_wireless_algo_cipher_session(ts_params->valid_devs[0],
 					RTE_CRYPTO_CIPHER_OP_ENCRYPT,
 					RTE_CRYPTO_CIPHER_SNOW3G_UEA2,
-					tdata->key.data, tdata->key.len);
+					tdata->key.data, tdata->key.len,
+					tdata->iv.len);
 	if (retval < 0)
 		return retval;
 
@@ -3444,7 +3451,8 @@ test_snow3g_encryption_offset_oop(const struct snow3g_test_data *tdata)
 	retval = create_wireless_algo_cipher_session(ts_params->valid_devs[0],
 					RTE_CRYPTO_CIPHER_OP_ENCRYPT,
 					RTE_CRYPTO_CIPHER_SNOW3G_UEA2,
-					tdata->key.data, tdata->key.len);
+					tdata->key.data, tdata->key.len,
+					tdata->iv.len);
 	if (retval < 0)
 		return retval;
 
@@ -3535,7 +3543,8 @@ static int test_snow3g_decryption(const struct snow3g_test_data *tdata)
 	retval = create_wireless_algo_cipher_session(ts_params->valid_devs[0],
 					RTE_CRYPTO_CIPHER_OP_DECRYPT,
 					RTE_CRYPTO_CIPHER_SNOW3G_UEA2,
-					tdata->key.data, tdata->key.len);
+					tdata->key.data, tdata->key.len,
+					tdata->iv.len);
 	if (retval < 0)
 		return retval;
 
@@ -3596,7 +3605,8 @@ static int test_snow3g_decryption_oop(const struct snow3g_test_data *tdata)
 	retval = create_wireless_algo_cipher_session(ts_params->valid_devs[0],
 					RTE_CRYPTO_CIPHER_OP_DECRYPT,
 					RTE_CRYPTO_CIPHER_SNOW3G_UEA2,
-					tdata->key.data, tdata->key.len);
+					tdata->key.data, tdata->key.len,
+					tdata->iv.len);
 	if (retval < 0)
 		return retval;
 
@@ -3759,7 +3769,8 @@ test_snow3g_cipher_auth(const struct snow3g_test_data *tdata)
 			RTE_CRYPTO_AUTH_SNOW3G_UIA2,
 			RTE_CRYPTO_CIPHER_SNOW3G_UEA2,
 			tdata->key.data, tdata->key.len,
-			tdata->aad.len, tdata->digest.len);
+			tdata->aad.len, tdata->digest.len,
+			tdata->iv.len);
 	if (retval < 0)
 		return retval;
 	ut_params->ibuf = rte_pktmbuf_alloc(ts_params->mbuf_pool);
@@ -3841,7 +3852,8 @@ test_snow3g_auth_cipher(const struct snow3g_test_data *tdata)
 			RTE_CRYPTO_AUTH_SNOW3G_UIA2,
 			RTE_CRYPTO_CIPHER_SNOW3G_UEA2,
 			tdata->key.data, tdata->key.len,
-			tdata->aad.len, tdata->digest.len);
+			tdata->aad.len, tdata->digest.len,
+			tdata->iv.len);
 	if (retval < 0)
 		return retval;
 
@@ -3927,7 +3939,8 @@ test_kasumi_auth_cipher(const struct kasumi_test_data *tdata)
 			RTE_CRYPTO_AUTH_KASUMI_F9,
 			RTE_CRYPTO_CIPHER_KASUMI_F8,
 			tdata->key.data, tdata->key.len,
-			tdata->aad.len, tdata->digest.len);
+			tdata->aad.len, tdata->digest.len,
+			tdata->iv.len);
 	if (retval < 0)
 		return retval;
 	ut_params->ibuf = rte_pktmbuf_alloc(ts_params->mbuf_pool);
@@ -4009,7 +4022,8 @@ test_kasumi_cipher_auth(const struct kasumi_test_data *tdata)
 			RTE_CRYPTO_AUTH_KASUMI_F9,
 			RTE_CRYPTO_CIPHER_KASUMI_F8,
 			tdata->key.data, tdata->key.len,
-			tdata->aad.len, tdata->digest.len);
+			tdata->aad.len, tdata->digest.len,
+			tdata->iv.len);
 	if (retval < 0)
 		return retval;
 
@@ -4098,7 +4112,8 @@ test_zuc_encryption(const struct wireless_test_data *tdata)
 	retval = create_wireless_algo_cipher_session(ts_params->valid_devs[0],
 					RTE_CRYPTO_CIPHER_OP_ENCRYPT,
 					RTE_CRYPTO_CIPHER_ZUC_EEA3,
-					tdata->key.data, tdata->key.len);
+					tdata->key.data, tdata->key.len,
+					tdata->iv.len);
 	if (retval < 0)
 		return retval;
 
@@ -4193,7 +4208,8 @@ test_zuc_encryption_sgl(const struct wireless_test_data *tdata)
 	retval = create_wireless_algo_cipher_session(ts_params->valid_devs[0],
 			RTE_CRYPTO_CIPHER_OP_ENCRYPT,
 			RTE_CRYPTO_CIPHER_ZUC_EEA3,
-			tdata->key.data, tdata->key.len);
+			tdata->key.data, tdata->key.len,
+			tdata->iv.len);
 	if (retval < 0)
 		return retval;
 
@@ -4725,6 +4741,7 @@ static int
 create_gcm_session(uint8_t dev_id, enum rte_crypto_cipher_operation op,
 		const uint8_t *key, const uint8_t key_len,
 		const uint8_t aad_len, const uint8_t auth_len,
+		uint8_t iv_len,
 		enum rte_crypto_auth_operation auth_op)
 {
 	uint8_t cipher_key[key_len];
@@ -4742,6 +4759,8 @@ create_gcm_session(uint8_t dev_id, enum rte_crypto_cipher_operation op,
 	ut_params->cipher_xform.cipher.op = op;
 	ut_params->cipher_xform.cipher.key.data = cipher_key;
 	ut_params->cipher_xform.cipher.key.length = key_len;
+	ut_params->cipher_xform.cipher.iv.offset = IV_OFFSET;
+	ut_params->cipher_xform.cipher.iv.length = iv_len;
 
 	TEST_HEXDUMP(stdout, "key:", key, key_len);
 
@@ -4778,6 +4797,7 @@ create_gcm_xforms(struct rte_crypto_op *op,
 		enum rte_crypto_cipher_operation cipher_op,
 		uint8_t *key, const uint8_t key_len,
 		const uint8_t aad_len, const uint8_t auth_len,
+		uint8_t iv_len,
 		enum rte_crypto_auth_operation auth_op)
 {
 	TEST_ASSERT_NOT_NULL(rte_crypto_op_sym_xforms_alloc(op, 2),
@@ -4791,6 +4811,8 @@ create_gcm_xforms(struct rte_crypto_op *op,
 	sym_op->xform->cipher.op = cipher_op;
 	sym_op->xform->cipher.key.data = key;
 	sym_op->xform->cipher.key.length = key_len;
+	sym_op->xform->cipher.iv.offset = IV_OFFSET;
+	sym_op->xform->cipher.iv.length = iv_len;
 
 	TEST_HEXDUMP(stdout, "key:", key, key_len);
 
@@ -4842,12 +4864,10 @@ create_gcm_operation(enum rte_crypto_cipher_operation op,
 	/* Append IV at the end of the crypto operation*/
 	uint8_t *iv_ptr = rte_crypto_op_ctod_offset(ut_params->op,
 			uint8_t *, IV_OFFSET);
-	sym_op->cipher.iv.offset = IV_OFFSET;
-	sym_op->cipher.iv.length = tdata->iv.len;
 
 	rte_memcpy(iv_ptr, tdata->iv.data, tdata->iv.len);
 	TEST_HEXDUMP(stdout, "iv:", iv_ptr,
-		sym_op->cipher.iv.length);
+		tdata->iv.len);
 
 	/* Append plaintext/ciphertext */
 	if (op == RTE_CRYPTO_CIPHER_OP_ENCRYPT) {
@@ -4951,6 +4971,7 @@ test_mb_AES_GCM_authenticated_encryption(const struct gcm_test_data *tdata)
 			RTE_CRYPTO_CIPHER_OP_ENCRYPT,
 			tdata->key.data, tdata->key.len,
 			tdata->aad.len, tdata->auth_tag.len,
+			tdata->iv.len,
 			RTE_CRYPTO_AUTH_OP_GENERATE);
 	if (retval < 0)
 		return retval;
@@ -5128,6 +5149,7 @@ test_mb_AES_GCM_authenticated_decryption(const struct gcm_test_data *tdata)
 			RTE_CRYPTO_CIPHER_OP_DECRYPT,
 			tdata->key.data, tdata->key.len,
 			tdata->aad.len, tdata->auth_tag.len,
+			tdata->iv.len,
 			RTE_CRYPTO_AUTH_OP_VERIFY);
 	if (retval < 0)
 		return retval;
@@ -5294,6 +5316,7 @@ test_AES_GCM_authenticated_encryption_oop(const struct gcm_test_data *tdata)
 			RTE_CRYPTO_CIPHER_OP_ENCRYPT,
 			tdata->key.data, tdata->key.len,
 			tdata->aad.len, tdata->auth_tag.len,
+			tdata->iv.len,
 			RTE_CRYPTO_AUTH_OP_GENERATE);
 	if (retval < 0)
 		return retval;
@@ -5370,6 +5393,7 @@ test_AES_GCM_authenticated_decryption_oop(const struct gcm_test_data *tdata)
 			RTE_CRYPTO_CIPHER_OP_DECRYPT,
 			tdata->key.data, tdata->key.len,
 			tdata->aad.len, tdata->auth_tag.len,
+			tdata->iv.len,
 			RTE_CRYPTO_AUTH_OP_VERIFY);
 	if (retval < 0)
 		return retval;
@@ -5453,6 +5477,7 @@ test_AES_GCM_authenticated_encryption_sessionless(
 			RTE_CRYPTO_CIPHER_OP_ENCRYPT,
 			key, tdata->key.len,
 			tdata->aad.len, tdata->auth_tag.len,
+			tdata->iv.len,
 			RTE_CRYPTO_AUTH_OP_GENERATE);
 	if (retval < 0)
 		return retval;
@@ -5533,6 +5558,7 @@ test_AES_GCM_authenticated_decryption_sessionless(
 			RTE_CRYPTO_CIPHER_OP_DECRYPT,
 			key, tdata->key.len,
 			tdata->aad.len, tdata->auth_tag.len,
+			tdata->iv.len,
 			RTE_CRYPTO_AUTH_OP_VERIFY);
 	if (retval < 0)
 		return retval;
@@ -6417,9 +6443,6 @@ create_gmac_operation(enum rte_crypto_auth_operation op,
 	uint8_t *iv_ptr = rte_crypto_op_ctod_offset(ut_params->op,
 			uint8_t *, IV_OFFSET);
 
-	sym_op->cipher.iv.offset = IV_OFFSET;
-	sym_op->cipher.iv.length = tdata->iv.len;
-
 	rte_memcpy(iv_ptr, tdata->iv.data, tdata->iv.len);
 
 	TEST_HEXDUMP(stdout, "iv:", iv_ptr, tdata->iv.len);
@@ -6451,6 +6474,8 @@ static int create_gmac_session(uint8_t dev_id,
 	ut_params->cipher_xform.cipher.op = op;
 	ut_params->cipher_xform.cipher.key.data = cipher_key;
 	ut_params->cipher_xform.cipher.key.length = tdata->key.len;
+	ut_params->cipher_xform.cipher.iv.offset = IV_OFFSET;
+	ut_params->cipher_xform.cipher.iv.length = tdata->iv.len;
 
 	ut_params->auth_xform.type = RTE_CRYPTO_SYM_XFORM_AUTH;
 	ut_params->auth_xform.next = NULL;
@@ -6849,6 +6874,8 @@ create_auth_cipher_session(struct crypto_unittest_params *ut_params,
 	ut_params->cipher_xform.cipher.op = cipher_op;
 	ut_params->cipher_xform.cipher.key.data = cipher_key;
 	ut_params->cipher_xform.cipher.key.length = reference->cipher_key.len;
+	ut_params->cipher_xform.cipher.iv.offset = IV_OFFSET;
+	ut_params->cipher_xform.cipher.iv.length = reference->iv.len;
 
 	/* Create Crypto session*/
 	ut_params->sess = rte_cryptodev_sym_session_create(dev_id,
@@ -6960,9 +6987,6 @@ create_auth_GMAC_operation(struct crypto_testsuite_params *ts_params,
 			sym_op->auth.digest.data,
 			sym_op->auth.digest.length);
 
-	sym_op->cipher.iv.offset = IV_OFFSET;
-	sym_op->cipher.iv.length = reference->iv.len;
-
 	rte_memcpy(rte_crypto_op_ctod_offset(ut_params->op, uint8_t *, IV_OFFSET),
 			reference->iv.data, reference->iv.len);
 
@@ -7017,9 +7041,6 @@ create_cipher_auth_operation(struct crypto_testsuite_params *ts_params,
 			sym_op->auth.digest.data,
 			sym_op->auth.digest.length);
 
-	sym_op->cipher.iv.offset = IV_OFFSET;
-	sym_op->cipher.iv.length = reference->iv.len;
-
 	rte_memcpy(rte_crypto_op_ctod_offset(ut_params->op, uint8_t *, IV_OFFSET),
 			reference->iv.data, reference->iv.len);
 
@@ -7267,8 +7288,6 @@ create_gcm_operation_SGL(enum rte_crypto_cipher_operation op,
 
 	uint8_t *iv_ptr = rte_crypto_op_ctod_offset(ut_params->op,
 			uint8_t *, IV_OFFSET);
-	sym_op->cipher.iv.offset = IV_OFFSET;
-	sym_op->cipher.iv.length = iv_len;
 
 	rte_memcpy(iv_ptr, tdata->iv.data, iv_len);
 
@@ -7349,6 +7368,7 @@ test_AES_GCM_authenticated_encryption_SGL(const struct gcm_test_data *tdata,
 			RTE_CRYPTO_CIPHER_OP_ENCRYPT,
 			tdata->key.data, tdata->key.len,
 			tdata->aad.len, tdata->auth_tag.len,
+			tdata->iv.len,
 			RTE_CRYPTO_AUTH_OP_GENERATE);
 	if (retval < 0)
 		return retval;
diff --git a/test/test/test_cryptodev_blockcipher.c b/test/test/test_cryptodev_blockcipher.c
index ad5fb0d..c69e83e 100644
--- a/test/test/test_cryptodev_blockcipher.c
+++ b/test/test/test_cryptodev_blockcipher.c
@@ -287,11 +287,11 @@ test_blockcipher_one_case(const struct blockcipher_test_case *t,
 				RTE_CRYPTO_CIPHER_OP_DECRYPT;
 		cipher_xform->cipher.key.data = cipher_key;
 		cipher_xform->cipher.key.length = tdata->cipher_key.len;
+		cipher_xform->cipher.iv.offset = IV_OFFSET;
+		cipher_xform->cipher.iv.length = tdata->iv.len;
 
 		sym_op->cipher.data.offset = 0;
 		sym_op->cipher.data.length = tdata->ciphertext.len;
-		sym_op->cipher.iv.offset = IV_OFFSET;
-		sym_op->cipher.iv.length = tdata->iv.len;
 		rte_memcpy(rte_crypto_op_ctod_offset(op, uint8_t *, IV_OFFSET),
 				tdata->iv.data,
 				tdata->iv.len);
diff --git a/test/test/test_cryptodev_perf.c b/test/test/test_cryptodev_perf.c
index 86bdc6e..7238bfa 100644
--- a/test/test/test_cryptodev_perf.c
+++ b/test/test/test_cryptodev_perf.c
@@ -43,6 +43,8 @@
 #include "test_cryptodev.h"
 #include "test_cryptodev_gcm_test_vectors.h"
 
+#define AES_CIPHER_IV_LENGTH 16
+#define TRIPLE_DES_CIPHER_IV_LENGTH 8
 
 #define PERF_NUM_OPS_INFLIGHT		(128)
 #define DEFAULT_NUM_REQS_TO_SUBMIT	(10000000)
@@ -67,9 +69,6 @@ enum chain_mode {
 
 
 struct symmetric_op {
-	const uint8_t *iv_data;
-	uint32_t iv_len;
-
 	const uint8_t *aad_data;
 	uint32_t aad_len;
 
@@ -96,6 +95,8 @@ struct symmetric_session_attrs {
 	const uint8_t *key_auth_data;
 	uint32_t key_auth_len;
 
+	const uint8_t *iv_data;
+	uint16_t iv_len;
 	uint32_t digest_len;
 };
 
@@ -1933,7 +1934,8 @@ test_perf_crypto_qp_vary_burst_size(uint16_t dev_num)
 	ut_params->cipher_xform.cipher.op = RTE_CRYPTO_CIPHER_OP_DECRYPT;
 	ut_params->cipher_xform.cipher.key.data = aes_cbc_128_key;
 	ut_params->cipher_xform.cipher.key.length = CIPHER_IV_LENGTH_AES_CBC;
-
+	ut_params->cipher_xform.cipher.iv.offset = IV_OFFSET;
+	ut_params->cipher_xform.cipher.iv.length = CIPHER_IV_LENGTH_AES_CBC;
 
 	/* Setup HMAC Parameters */
 	ut_params->auth_xform.type = RTE_CRYPTO_SYM_XFORM_AUTH;
@@ -1981,9 +1983,6 @@ test_perf_crypto_qp_vary_burst_size(uint16_t dev_num)
 		op->sym->auth.data.offset = 0;
 		op->sym->auth.data.length = data_params[0].length;
 
-		op->sym->cipher.iv.offset = IV_OFFSET;
-		op->sym->cipher.iv.length = CIPHER_IV_LENGTH_AES_CBC;
-
 		rte_memcpy(rte_crypto_op_ctod_offset(op, uint8_t *, IV_OFFSET),
 				aes_cbc_128_iv, CIPHER_IV_LENGTH_AES_CBC);
 
@@ -2646,6 +2645,8 @@ test_perf_create_aes_sha_session(uint8_t dev_id, enum chain_mode chain,
 
 	cipher_xform.cipher.key.data = aes_key;
 	cipher_xform.cipher.key.length = cipher_key_len;
+	cipher_xform.cipher.iv.offset = IV_OFFSET;
+	cipher_xform.cipher.iv.length = AES_CIPHER_IV_LENGTH;
 	if (chain != CIPHER_ONLY) {
 		/* Setup HMAC Parameters */
 		auth_xform.type = RTE_CRYPTO_SYM_XFORM_AUTH;
@@ -2694,6 +2695,9 @@ test_perf_create_snow3g_session(uint8_t dev_id, enum chain_mode chain,
 
 	cipher_xform.cipher.key.data = snow3g_cipher_key;
 	cipher_xform.cipher.key.length = cipher_key_len;
+	cipher_xform.cipher.iv.offset = IV_OFFSET;
+	cipher_xform.cipher.iv.length = SNOW3G_CIPHER_IV_LENGTH;
+
 
 	/* Setup HMAC Parameters */
 	auth_xform.type = RTE_CRYPTO_SYM_XFORM_AUTH;
@@ -2741,17 +2745,20 @@ test_perf_create_openssl_session(uint8_t dev_id, enum chain_mode chain,
 	/* Setup Cipher Parameters */
 	cipher_xform.type = RTE_CRYPTO_SYM_XFORM_CIPHER;
 	cipher_xform.cipher.algo = cipher_algo;
+	cipher_xform.cipher.iv.offset = IV_OFFSET;
 	cipher_xform.cipher.op = RTE_CRYPTO_CIPHER_OP_ENCRYPT;
 
 	switch (cipher_algo) {
 	case RTE_CRYPTO_CIPHER_3DES_CBC:
 	case RTE_CRYPTO_CIPHER_3DES_CTR:
 		cipher_xform.cipher.key.data = triple_des_key;
+		cipher_xform.cipher.iv.length = TRIPLE_DES_CIPHER_IV_LENGTH;
 		break;
 	case RTE_CRYPTO_CIPHER_AES_CBC:
 	case RTE_CRYPTO_CIPHER_AES_CTR:
 	case RTE_CRYPTO_CIPHER_AES_GCM:
 		cipher_xform.cipher.key.data = aes_key;
+		cipher_xform.cipher.iv.length = AES_CIPHER_IV_LENGTH;
 		break;
 	default:
 		return NULL;
@@ -2816,6 +2823,8 @@ test_perf_create_armv8_session(uint8_t dev_id, enum chain_mode chain,
 	}
 
 	cipher_xform.cipher.key.length = cipher_key_len;
+	cipher_xform.cipher.iv.offset = IV_OFFSET;
+	cipher_xform.cipher.iv.length = AES_CIPHER_IV_LENGTH;
 
 	/* Setup Auth Parameters */
 	auth_xform.type = RTE_CRYPTO_SYM_XFORM_AUTH;
@@ -2844,9 +2853,7 @@ test_perf_create_armv8_session(uint8_t dev_id, enum chain_mode chain,
 	}
 }
 
-#define AES_CIPHER_IV_LENGTH 16
 #define AES_GCM_AAD_LENGTH 16
-#define TRIPLE_DES_CIPHER_IV_LENGTH 8
 
 static struct rte_mbuf *
 test_perf_create_pktmbuf(struct rte_mempool *mpool, unsigned buf_sz)
@@ -2893,12 +2900,11 @@ test_perf_set_crypto_op_aes(struct rte_crypto_op *op, struct rte_mbuf *m,
 	}
 
 
-	/* Cipher Parameters */
-	op->sym->cipher.iv.offset = IV_OFFSET;
-	op->sym->cipher.iv.length = AES_CIPHER_IV_LENGTH;
+	/* Copy the IV at the end of the crypto operation */
 	rte_memcpy(rte_crypto_op_ctod_offset(op, uint8_t *, IV_OFFSET),
 			aes_iv, AES_CIPHER_IV_LENGTH);
 
+	/* Cipher Parameters */
 	op->sym->cipher.data.offset = 0;
 	op->sym->cipher.data.length = data_len;
 
@@ -2926,9 +2932,7 @@ test_perf_set_crypto_op_aes_gcm(struct rte_crypto_op *op, struct rte_mbuf *m,
 	op->sym->auth.aad.data = aes_gcm_aad;
 	op->sym->auth.aad.length = AES_GCM_AAD_LENGTH;
 
-	/* Cipher Parameters */
-	op->sym->cipher.iv.offset = IV_OFFSET;
-	op->sym->cipher.iv.length = AES_CIPHER_IV_LENGTH;
+	/* Copy IV at the end of the crypto operation */
 	rte_memcpy(rte_crypto_op_ctod_offset(op, uint8_t *, IV_OFFSET),
 			aes_iv, AES_CIPHER_IV_LENGTH);
 
@@ -2970,10 +2974,6 @@ test_perf_set_crypto_op_snow3g(struct rte_crypto_op *op, struct rte_mbuf *m,
 			IV_OFFSET);
 	op->sym->auth.aad.length = SNOW3G_CIPHER_IV_LENGTH;
 
-	/* Cipher Parameters */
-	op->sym->cipher.iv.offset = IV_OFFSET;
-	op->sym->cipher.iv.length = SNOW3G_CIPHER_IV_LENGTH;
-
 	/* Data lengths/offsets Parameters */
 	op->sym->auth.data.offset = 0;
 	op->sym->auth.data.length = data_len << 3;
@@ -2997,9 +2997,7 @@ test_perf_set_crypto_op_snow3g_cipher(struct rte_crypto_op *op,
 		return NULL;
 	}
 
-	/* Cipher Parameters */
-	op->sym->cipher.iv.offset = IV_OFFSET;
-	op->sym->cipher.iv.length = SNOW3G_CIPHER_IV_LENGTH;
+	/* Copy IV at the end of the crypto operation */
 	rte_memcpy(rte_crypto_op_ctod_offset(op, uint8_t *, IV_OFFSET),
 			snow3g_iv, SNOW3G_CIPHER_IV_LENGTH);
 
@@ -3068,9 +3066,7 @@ test_perf_set_crypto_op_3des(struct rte_crypto_op *op, struct rte_mbuf *m,
 				rte_pktmbuf_mtophys_offset(m, data_len);
 	op->sym->auth.digest.length = digest_len;
 
-	/* Cipher Parameters */
-	op->sym->cipher.iv.offset = IV_OFFSET;
-	op->sym->cipher.iv.length = TRIPLE_DES_CIPHER_IV_LENGTH;
+	/* Copy IV at the end of the crypto operation */
 	rte_memcpy(rte_crypto_op_ctod_offset(op, uint8_t *, IV_OFFSET),
 			triple_des_iv, TRIPLE_DES_CIPHER_IV_LENGTH);
 
@@ -4136,6 +4132,8 @@ test_perf_create_session(uint8_t dev_id, struct perf_test_params *pparams)
 	cipher_xform.cipher.op = pparams->session_attrs->cipher;
 	cipher_xform.cipher.key.data = cipher_key;
 	cipher_xform.cipher.key.length = pparams->session_attrs->key_cipher_len;
+	cipher_xform.cipher.iv.length = pparams->session_attrs->iv_len;
+	cipher_xform.cipher.iv.offset = IV_OFFSET;
 
 	auth_xform.type = RTE_CRYPTO_SYM_XFORM_AUTH;
 	auth_xform.next = NULL;
@@ -4190,14 +4188,11 @@ perf_gcm_set_crypto_op(struct rte_crypto_op *op, struct rte_mbuf *m,
 	rte_memcpy(op->sym->auth.aad.data, params->symmetric_op->aad_data,
 		       params->symmetric_op->aad_len);
 
-	op->sym->cipher.iv.offset = IV_OFFSET;
-	rte_memcpy(iv_ptr, params->symmetric_op->iv_data,
-		       params->symmetric_op->iv_len);
-	if (params->symmetric_op->iv_len == 12)
+	rte_memcpy(iv_ptr, params->session_attrs->iv_data,
+		       params->session_attrs->iv_len);
+	if (params->session_attrs->iv_len == 12)
 		iv_ptr[15] = 1;
 
-	op->sym->cipher.iv.length = params->symmetric_op->iv_len;
-
 	op->sym->auth.data.offset =
 			params->symmetric_op->aad_len;
 	op->sym->auth.data.length = params->symmetric_op->p_len;
@@ -4434,11 +4429,11 @@ test_perf_AES_GCM(int continual_buf_len, int continual_size)
 		session_attrs[i].key_auth_len = 0;
 		session_attrs[i].digest_len =
 				gcm_test->auth_tag.len;
+		session_attrs[i].iv_len = gcm_test->iv.len;
+		session_attrs[i].iv_data = gcm_test->iv.data;
 
 		ops_set[i].aad_data = gcm_test->aad.data;
 		ops_set[i].aad_len = gcm_test->aad.len;
-		ops_set[i].iv_data = gcm_test->iv.data;
-		ops_set[i].iv_len = gcm_test->iv.len;
 		ops_set[i].p_data = gcm_test->plaintext.data;
 		ops_set[i].p_len = buf_lengths[i];
 		ops_set[i].c_data = gcm_test->ciphertext.data;
-- 
2.9.4

^ permalink raw reply	[flat|nested] 100+ messages in thread

* [dpdk-dev] [PATCH v2 15/27] cryptodev: add auth IV
  2017-06-26 10:22 ` [dpdk-dev] [PATCH v2 00/27] Crypto operation restructuring Pablo de Lara
                     ` (13 preceding siblings ...)
  2017-06-26 10:22   ` [dpdk-dev] [PATCH v2 14/27] cryptodev: move IV parameters to crypto session Pablo de Lara
@ 2017-06-26 10:22   ` Pablo de Lara
  2017-06-26 10:22   ` [dpdk-dev] [PATCH v2 16/27] cryptodev: do not use AAD in wireless algorithms Pablo de Lara
                     ` (13 subsequent siblings)
  28 siblings, 0 replies; 100+ messages in thread
From: Pablo de Lara @ 2017-06-26 10:22 UTC (permalink / raw)
  To: declan.doherty, zbigniew.bodek, jerin.jacob, akhil.goyal, hemant.agrawal
  Cc: dev, Pablo de Lara

Authentication algorithms, such as AES-GMAC or the wireless
algorithms (like SNOW3G) use IV, like cipher algorithms.
So far, AES-GMAC has used the IV from the cipher structure,
and the wireless algorithms have used the AAD field,
which is not technically correct.

Therefore, authentication IV parameters have been added,
so API is more correct. Like cipher IV, auth IV is expected
to be copied after the crypto operation.

Signed-off-by: Pablo de Lara <pablo.de.lara.guarch@intel.com>
---
 app/test-crypto-perf/cperf_ops.c                 |  47 ++++++--
 app/test-crypto-perf/cperf_options.h             |   2 +
 app/test-crypto-perf/cperf_options_parsing.c     |   9 ++
 app/test-crypto-perf/cperf_test_latency.c        |   4 +-
 app/test-crypto-perf/cperf_test_throughput.c     |   3 +-
 app/test-crypto-perf/cperf_test_vector_parsing.c |  54 +++++++---
 app/test-crypto-perf/cperf_test_vectors.c        |  37 +++++--
 app/test-crypto-perf/cperf_test_vectors.h        |   8 +-
 app/test-crypto-perf/cperf_test_verify.c         |   3 +-
 app/test-crypto-perf/data/aes_cbc_128_sha.data   |   2 +-
 app/test-crypto-perf/data/aes_cbc_192_sha.data   |   2 +-
 app/test-crypto-perf/data/aes_cbc_256_sha.data   |   2 +-
 app/test-crypto-perf/main.c                      |  25 ++++-
 doc/guides/prog_guide/cryptodev_lib.rst          |   3 +-
 doc/guides/rel_notes/release_17_08.rst           |   2 +
 doc/guides/sample_app_ug/l2_forward_crypto.rst   |  17 ++-
 doc/guides/tools/cryptoperf.rst                  |  14 ++-
 drivers/crypto/aesni_gcm/aesni_gcm_pmd_ops.c     |   6 +-
 drivers/crypto/aesni_mb/rte_aesni_mb_pmd_ops.c   |  21 ++--
 drivers/crypto/armv8/rte_armv8_pmd_ops.c         |   6 +-
 drivers/crypto/dpaa2_sec/dpaa2_sec_priv.h        |  18 ++--
 drivers/crypto/kasumi/rte_kasumi_pmd_ops.c       |   3 +-
 drivers/crypto/null/null_crypto_pmd_ops.c        |   3 +-
 drivers/crypto/openssl/rte_openssl_pmd_ops.c     |  78 ++++++++------
 drivers/crypto/qat/qat_crypto_capabilities.h     |  41 ++++---
 drivers/crypto/snow3g/rte_snow3g_pmd_ops.c       |   3 +-
 drivers/crypto/zuc/rte_zuc_pmd_ops.c             |   3 +-
 examples/l2fwd-crypto/main.c                     | 132 +++++++++++++++++------
 lib/librte_cryptodev/rte_crypto_sym.h            |  24 +++++
 lib/librte_cryptodev/rte_cryptodev.c             |   6 +-
 lib/librte_cryptodev/rte_cryptodev.h             |   6 +-
 31 files changed, 425 insertions(+), 159 deletions(-)

diff --git a/app/test-crypto-perf/cperf_ops.c b/app/test-crypto-perf/cperf_ops.c
index d6d9f14..0ed51e5 100644
--- a/app/test-crypto-perf/cperf_ops.c
+++ b/app/test-crypto-perf/cperf_ops.c
@@ -106,8 +106,8 @@ cperf_set_ops_cipher(struct rte_crypto_op **ops,
 		sym_op->m_dst = bufs_out[i];
 
 		memcpy(rte_crypto_op_ctod_offset(ops[i], uint8_t *, iv_offset),
-				test_vector->iv.data,
-				test_vector->iv.length);
+				test_vector->cipher_iv.data,
+				test_vector->cipher_iv.length);
 
 		/* cipher parameters */
 		if (options->cipher_algo == RTE_CRYPTO_CIPHER_SNOW3G_UEA2 ||
@@ -129,7 +129,7 @@ cperf_set_ops_auth(struct rte_crypto_op **ops,
 		uint16_t nb_ops, struct rte_cryptodev_sym_session *sess,
 		const struct cperf_options *options,
 		const struct cperf_test_vector *test_vector,
-		uint16_t iv_offset __rte_unused)
+		uint16_t iv_offset)
 {
 	uint16_t i;
 
@@ -141,6 +141,14 @@ cperf_set_ops_auth(struct rte_crypto_op **ops,
 		sym_op->m_src = bufs_in[i];
 		sym_op->m_dst = bufs_out[i];
 
+		if (test_vector->auth_iv.length) {
+			uint8_t *iv_ptr = rte_crypto_op_ctod_offset(ops[i],
+								uint8_t *,
+								iv_offset);
+			memcpy(iv_ptr, test_vector->auth_iv.data,
+					test_vector->auth_iv.length);
+		}
+
 		/* authentication parameters */
 		if (options->auth_op == RTE_CRYPTO_AUTH_OP_VERIFY) {
 			sym_op->auth.digest.data = test_vector->digest.data;
@@ -207,9 +215,11 @@ cperf_set_ops_cipher_auth(struct rte_crypto_op **ops,
 		sym_op->m_src = bufs_in[i];
 		sym_op->m_dst = bufs_out[i];
 
-		memcpy(rte_crypto_op_ctod_offset(ops[i], uint8_t *, iv_offset),
-				test_vector->iv.data,
-				test_vector->iv.length);
+		uint8_t *iv_ptr = rte_crypto_op_ctod_offset(ops[i],
+							uint8_t *,
+							iv_offset);
+		memcpy(iv_ptr, test_vector->cipher_iv.data,
+				test_vector->cipher_iv.length);
 
 		/* cipher parameters */
 		if (options->cipher_algo == RTE_CRYPTO_CIPHER_SNOW3G_UEA2 ||
@@ -221,6 +231,13 @@ cperf_set_ops_cipher_auth(struct rte_crypto_op **ops,
 
 		sym_op->cipher.data.offset = 0;
 
+		if (test_vector->auth_iv.length) {
+			/* Copy IV after the crypto operation and the cipher IV */
+			iv_ptr += test_vector->cipher_iv.length;
+			memcpy(iv_ptr, test_vector->auth_iv.data,
+					test_vector->auth_iv.length);
+		}
+
 		/* authentication parameters */
 		if (options->auth_op == RTE_CRYPTO_AUTH_OP_VERIFY) {
 			sym_op->auth.digest.data = test_vector->digest.data;
@@ -287,8 +304,8 @@ cperf_set_ops_aead(struct rte_crypto_op **ops,
 		sym_op->m_dst = bufs_out[i];
 
 		memcpy(rte_crypto_op_ctod_offset(ops[i], uint8_t *, iv_offset),
-				test_vector->iv.data,
-				test_vector->iv.length);
+				test_vector->cipher_iv.data,
+				test_vector->cipher_iv.length);
 
 		/* cipher parameters */
 		sym_op->cipher.data.length = options->test_buffer_size;
@@ -365,8 +382,8 @@ cperf_create_session(uint8_t dev_id,
 					test_vector->cipher_key.data;
 			cipher_xform.cipher.key.length =
 					test_vector->cipher_key.length;
-			cipher_xform.cipher.iv.length = test_vector->iv.length;
-
+			cipher_xform.cipher.iv.length =
+					test_vector->cipher_iv.length;
 		} else {
 			cipher_xform.cipher.key.data = NULL;
 			cipher_xform.cipher.key.length = 0;
@@ -392,11 +409,14 @@ cperf_create_session(uint8_t dev_id,
 			auth_xform.auth.key.length =
 					test_vector->auth_key.length;
 			auth_xform.auth.key.data = test_vector->auth_key.data;
+			auth_xform.auth.iv.length =
+					test_vector->auth_iv.length;
 		} else {
 			auth_xform.auth.digest_length = 0;
 			auth_xform.auth.add_auth_data_length = 0;
 			auth_xform.auth.key.length = 0;
 			auth_xform.auth.key.data = NULL;
+			auth_xform.auth.iv.length = 0;
 		}
 		/* create crypto session */
 		sess =  rte_cryptodev_sym_session_create(dev_id, &auth_xform);
@@ -422,7 +442,8 @@ cperf_create_session(uint8_t dev_id,
 					test_vector->cipher_key.data;
 			cipher_xform.cipher.key.length =
 					test_vector->cipher_key.length;
-			cipher_xform.cipher.iv.length = test_vector->iv.length;
+			cipher_xform.cipher.iv.length =
+					test_vector->cipher_iv.length;
 		} else {
 			cipher_xform.cipher.key.data = NULL;
 			cipher_xform.cipher.key.length = 0;
@@ -447,17 +468,21 @@ cperf_create_session(uint8_t dev_id,
 				options->auth_algo == RTE_CRYPTO_AUTH_AES_GCM) {
 				auth_xform.auth.key.length = 0;
 				auth_xform.auth.key.data = NULL;
+				auth_xform.auth.iv.length = 0;
 			} else { /* auth options for others */
 				auth_xform.auth.key.length =
 					test_vector->auth_key.length;
 				auth_xform.auth.key.data =
 						test_vector->auth_key.data;
+				auth_xform.auth.iv.length =
+						test_vector->auth_iv.length;
 			}
 		} else {
 			auth_xform.auth.digest_length = 0;
 			auth_xform.auth.add_auth_data_length = 0;
 			auth_xform.auth.key.length = 0;
 			auth_xform.auth.key.data = NULL;
+			auth_xform.auth.iv.length = 0;
 		}
 
 		/* create crypto session for aes gcm */
diff --git a/app/test-crypto-perf/cperf_options.h b/app/test-crypto-perf/cperf_options.h
index b928c58..0e53c03 100644
--- a/app/test-crypto-perf/cperf_options.h
+++ b/app/test-crypto-perf/cperf_options.h
@@ -28,6 +28,7 @@
 #define CPERF_AUTH_ALGO		("auth-algo")
 #define CPERF_AUTH_OP		("auth-op")
 #define CPERF_AUTH_KEY_SZ	("auth-key-sz")
+#define CPERF_AUTH_IV_SZ	("auth-iv-sz")
 #define CPERF_AUTH_DIGEST_SZ	("auth-digest-sz")
 #define CPERF_AUTH_AAD_SZ	("auth-aad-sz")
 #define CPERF_CSV		("csv-friendly")
@@ -76,6 +77,7 @@ struct cperf_options {
 	enum rte_crypto_auth_operation auth_op;
 
 	uint16_t auth_key_sz;
+	uint16_t auth_iv_sz;
 	uint16_t auth_digest_sz;
 	uint16_t auth_aad_sz;
 
diff --git a/app/test-crypto-perf/cperf_options_parsing.c b/app/test-crypto-perf/cperf_options_parsing.c
index 63ba37c..70b6a60 100644
--- a/app/test-crypto-perf/cperf_options_parsing.c
+++ b/app/test-crypto-perf/cperf_options_parsing.c
@@ -549,6 +549,12 @@ parse_auth_digest_sz(struct cperf_options *opts, const char *arg)
 }
 
 static int
+parse_auth_iv_sz(struct cperf_options *opts, const char *arg)
+{
+	return parse_uint16_t(&opts->auth_iv_sz, arg);
+}
+
+static int
 parse_auth_aad_sz(struct cperf_options *opts, const char *arg)
 {
 	return parse_uint16_t(&opts->auth_aad_sz, arg);
@@ -651,6 +657,7 @@ cperf_options_default(struct cperf_options *opts)
 
 	opts->auth_key_sz = 64;
 	opts->auth_digest_sz = 12;
+	opts->auth_iv_sz = 0;
 	opts->auth_aad_sz = 0;
 }
 
@@ -678,6 +685,7 @@ cperf_opts_parse_long(int opt_idx, struct cperf_options *opts)
 		{ CPERF_AUTH_ALGO,	parse_auth_algo },
 		{ CPERF_AUTH_OP,	parse_auth_op },
 		{ CPERF_AUTH_KEY_SZ,	parse_auth_key_sz },
+		{ CPERF_AUTH_IV_SZ,	parse_auth_iv_sz },
 		{ CPERF_AUTH_DIGEST_SZ,	parse_auth_digest_sz },
 		{ CPERF_AUTH_AAD_SZ,	parse_auth_aad_sz },
 		{ CPERF_CSV,	parse_csv_friendly},
@@ -914,6 +922,7 @@ cperf_options_dump(struct cperf_options *opts)
 		printf("# auth operation: %s\n",
 			rte_crypto_auth_operation_strings[opts->auth_op]);
 		printf("# auth key size: %u\n", opts->auth_key_sz);
+		printf("# auth iv size: %u\n", opts->auth_iv_sz);
 		printf("# auth digest size: %u\n", opts->auth_digest_sz);
 		printf("# auth aad size: %u\n", opts->auth_aad_sz);
 		printf("#\n");
diff --git a/app/test-crypto-perf/cperf_test_latency.c b/app/test-crypto-perf/cperf_test_latency.c
index d37083f..f828366 100644
--- a/app/test-crypto-perf/cperf_test_latency.c
+++ b/app/test-crypto-perf/cperf_test_latency.c
@@ -285,7 +285,9 @@ cperf_latency_test_constructor(uint8_t dev_id, uint16_t qp_id,
 	snprintf(pool_name, sizeof(pool_name), "cperf_op_pool_cdev_%d",
 			dev_id);
 
-	uint16_t priv_size = sizeof(struct priv_op_data) + test_vector->iv.length;
+	uint16_t priv_size = sizeof(struct priv_op_data) +
+			test_vector->cipher_iv.length +
+			test_vector->auth_iv.length;
 	ctx->crypto_op_pool = rte_crypto_op_pool_create(pool_name,
 			RTE_CRYPTO_OP_TYPE_SYMMETRIC, options->pool_sz, 0, priv_size,
 			rte_socket_id());
diff --git a/app/test-crypto-perf/cperf_test_throughput.c b/app/test-crypto-perf/cperf_test_throughput.c
index 4d2b3d3..1e3f3b3 100644
--- a/app/test-crypto-perf/cperf_test_throughput.c
+++ b/app/test-crypto-perf/cperf_test_throughput.c
@@ -266,7 +266,8 @@ cperf_throughput_test_constructor(uint8_t dev_id, uint16_t qp_id,
 	snprintf(pool_name, sizeof(pool_name), "cperf_op_pool_cdev_%d",
 			dev_id);
 
-	uint16_t priv_size = test_vector->iv.length;
+	uint16_t priv_size = test_vector->cipher_iv.length +
+		test_vector->auth_iv.length;
 
 	ctx->crypto_op_pool = rte_crypto_op_pool_create(pool_name,
 			RTE_CRYPTO_OP_TYPE_SYMMETRIC, options->pool_sz, 0, priv_size,
diff --git a/app/test-crypto-perf/cperf_test_vector_parsing.c b/app/test-crypto-perf/cperf_test_vector_parsing.c
index 62d0c91..277ff1e 100644
--- a/app/test-crypto-perf/cperf_test_vector_parsing.c
+++ b/app/test-crypto-perf/cperf_test_vector_parsing.c
@@ -15,7 +15,8 @@ free_test_vector(struct cperf_test_vector *vector, struct cperf_options *opts)
 	if (vector == NULL || opts == NULL)
 		return -1;
 
-	rte_free(vector->iv.data);
+	rte_free(vector->cipher_iv.data);
+	rte_free(vector->auth_iv.data);
 	rte_free(vector->aad.data);
 	rte_free(vector->digest.data);
 
@@ -84,15 +85,28 @@ show_test_vector(struct cperf_test_vector *test_vector)
 		printf("\n");
 	}
 
-	if (test_vector->iv.data) {
-		printf("\niv =\n");
-		for (i = 0; i < test_vector->iv.length; ++i) {
+	if (test_vector->cipher_iv.data) {
+		printf("\ncipher_iv =\n");
+		for (i = 0; i < test_vector->cipher_iv.length; ++i) {
 			if ((i % wrap == 0) && (i != 0))
 				printf("\n");
-			if (i == (uint32_t)(test_vector->iv.length - 1))
-				printf("0x%02x", test_vector->iv.data[i]);
+			if (i == (uint32_t)(test_vector->cipher_iv.length - 1))
+				printf("0x%02x", test_vector->cipher_iv.data[i]);
 			else
-				printf("0x%02x, ", test_vector->iv.data[i]);
+				printf("0x%02x, ", test_vector->cipher_iv.data[i]);
+		}
+		printf("\n");
+	}
+
+	if (test_vector->auth_iv.data) {
+		printf("\nauth_iv =\n");
+		for (i = 0; i < test_vector->auth_iv.length; ++i) {
+			if ((i % wrap == 0) && (i != 0))
+				printf("\n");
+			if (i == (uint32_t)(test_vector->auth_iv.length - 1))
+				printf("0x%02x", test_vector->auth_iv.data[i]);
+			else
+				printf("0x%02x, ", test_vector->auth_iv.data[i]);
 		}
 		printf("\n");
 	}
@@ -300,18 +314,32 @@ parse_entry(char *entry, struct cperf_test_vector *vector,
 			vector->auth_key.length = opts->auth_key_sz;
 		}
 
-	} else if (strstr(key_token, "iv")) {
-		rte_free(vector->iv.data);
-		vector->iv.data = data;
+	} else if (strstr(key_token, "cipher_iv")) {
+		rte_free(vector->cipher_iv.data);
+		vector->cipher_iv.data = data;
 		if (tc_found)
-			vector->iv.length = data_length;
+			vector->cipher_iv.length = data_length;
 		else {
 			if (opts->cipher_iv_sz > data_length) {
-				printf("Global iv shorter than "
+				printf("Global cipher iv shorter than "
 					"cipher_iv_sz\n");
 				return -1;
 			}
-			vector->iv.length = opts->cipher_iv_sz;
+			vector->cipher_iv.length = opts->cipher_iv_sz;
+		}
+
+	} else if (strstr(key_token, "auth_iv")) {
+		rte_free(vector->auth_iv.data);
+		vector->auth_iv.data = data;
+		if (tc_found)
+			vector->auth_iv.length = data_length;
+		else {
+			if (opts->auth_iv_sz > data_length) {
+				printf("Global auth iv shorter than "
+					"auth_iv_sz\n");
+				return -1;
+			}
+			vector->auth_iv.length = opts->auth_iv_sz;
 		}
 
 	} else if (strstr(key_token, "ciphertext")) {
diff --git a/app/test-crypto-perf/cperf_test_vectors.c b/app/test-crypto-perf/cperf_test_vectors.c
index 4a14fb3..6829b86 100644
--- a/app/test-crypto-perf/cperf_test_vectors.c
+++ b/app/test-crypto-perf/cperf_test_vectors.c
@@ -409,32 +409,34 @@ cperf_test_vector_get_dummy(struct cperf_options *options)
 			t_vec->cipher_key.length = 0;
 			t_vec->ciphertext.data = plaintext;
 			t_vec->cipher_key.data = NULL;
-			t_vec->iv.data = NULL;
+			t_vec->cipher_iv.data = NULL;
 		} else {
 			t_vec->cipher_key.length = options->cipher_key_sz;
 			t_vec->ciphertext.data = ciphertext;
 			t_vec->cipher_key.data = cipher_key;
-			t_vec->iv.data = rte_malloc(NULL, options->cipher_iv_sz,
+			t_vec->cipher_iv.data = rte_malloc(NULL, options->cipher_iv_sz,
 					16);
-			if (t_vec->iv.data == NULL) {
+			if (t_vec->cipher_iv.data == NULL) {
 				rte_free(t_vec);
 				return NULL;
 			}
-			memcpy(t_vec->iv.data, iv, options->cipher_iv_sz);
+			memcpy(t_vec->cipher_iv.data, iv, options->cipher_iv_sz);
 		}
 		t_vec->ciphertext.length = options->max_buffer_size;
+
 		/* Set IV parameters */
-		t_vec->iv.data = rte_malloc(NULL, options->cipher_iv_sz,
-					16);
-		if (options->cipher_iv_sz && t_vec->iv.data == NULL) {
+		t_vec->cipher_iv.data = rte_malloc(NULL, options->cipher_iv_sz,
+				16);
+		if (options->cipher_iv_sz && t_vec->cipher_iv.data == NULL) {
 			rte_free(t_vec);
 			return NULL;
 		}
-		memcpy(t_vec->iv.data, iv, options->cipher_iv_sz);
-		t_vec->iv.length = options->cipher_iv_sz;
+		memcpy(t_vec->cipher_iv.data, iv, options->cipher_iv_sz);
+		t_vec->cipher_iv.length = options->cipher_iv_sz;
 
 		t_vec->data.cipher_offset = 0;
 		t_vec->data.cipher_length = options->max_buffer_size;
+
 	}
 
 	if (options->op_type ==	CPERF_AUTH_ONLY ||
@@ -476,7 +478,7 @@ cperf_test_vector_get_dummy(struct cperf_options *options)
 					options->auth_aad_sz, 16);
 			if (t_vec->aad.data == NULL) {
 				if (options->op_type !=	CPERF_AUTH_ONLY)
-					rte_free(t_vec->iv.data);
+					rte_free(t_vec->cipher_iv.data);
 				rte_free(t_vec);
 				return NULL;
 			}
@@ -485,13 +487,26 @@ cperf_test_vector_get_dummy(struct cperf_options *options)
 			t_vec->aad.data = NULL;
 		}
 
+		/* Set IV parameters */
+		t_vec->auth_iv.data = rte_malloc(NULL, options->auth_iv_sz,
+				16);
+		if (options->auth_iv_sz && t_vec->auth_iv.data == NULL) {
+			if (options->op_type != CPERF_AUTH_ONLY)
+				rte_free(t_vec->cipher_iv.data);
+			rte_free(t_vec);
+			return NULL;
+		}
+		memcpy(t_vec->auth_iv.data, iv, options->auth_iv_sz);
+		t_vec->auth_iv.length = options->auth_iv_sz;
+
 		t_vec->aad.phys_addr = rte_malloc_virt2phy(t_vec->aad.data);
 		t_vec->aad.length = options->auth_aad_sz;
 		t_vec->digest.data = rte_malloc(NULL, options->auth_digest_sz,
 				16);
 		if (t_vec->digest.data == NULL) {
 			if (options->op_type !=	CPERF_AUTH_ONLY)
-				rte_free(t_vec->iv.data);
+				rte_free(t_vec->cipher_iv.data);
+			rte_free(t_vec->auth_iv.data);
 			rte_free(t_vec->aad.data);
 			rte_free(t_vec);
 			return NULL;
diff --git a/app/test-crypto-perf/cperf_test_vectors.h b/app/test-crypto-perf/cperf_test_vectors.h
index e64f116..7f9c4fa 100644
--- a/app/test-crypto-perf/cperf_test_vectors.h
+++ b/app/test-crypto-perf/cperf_test_vectors.h
@@ -53,9 +53,13 @@ struct cperf_test_vector {
 
 	struct {
 		uint8_t *data;
-		phys_addr_t phys_addr;
 		uint16_t length;
-	} iv;
+	} cipher_iv;
+
+	struct {
+		uint8_t *data;
+		uint16_t length;
+	} auth_iv;
 
 	struct {
 		uint8_t *data;
diff --git a/app/test-crypto-perf/cperf_test_verify.c b/app/test-crypto-perf/cperf_test_verify.c
index 1b58b1d..81057ff 100644
--- a/app/test-crypto-perf/cperf_test_verify.c
+++ b/app/test-crypto-perf/cperf_test_verify.c
@@ -270,7 +270,8 @@ cperf_verify_test_constructor(uint8_t dev_id, uint16_t qp_id,
 	snprintf(pool_name, sizeof(pool_name), "cperf_op_pool_cdev_%d",
 			dev_id);
 
-	uint16_t priv_size = test_vector->iv.length;
+	uint16_t priv_size = test_vector->cipher_iv.length +
+		test_vector->auth_iv.length;
 	ctx->crypto_op_pool = rte_crypto_op_pool_create(pool_name,
 			RTE_CRYPTO_OP_TYPE_SYMMETRIC, options->pool_sz, 0, priv_size,
 			rte_socket_id());
diff --git a/app/test-crypto-perf/data/aes_cbc_128_sha.data b/app/test-crypto-perf/data/aes_cbc_128_sha.data
index 0b054f5..ff55590 100644
--- a/app/test-crypto-perf/data/aes_cbc_128_sha.data
+++ b/app/test-crypto-perf/data/aes_cbc_128_sha.data
@@ -282,7 +282,7 @@ auth_key =
 0xe8, 0x38, 0x36, 0x58, 0x39, 0xd9, 0x9a, 0xc5, 0xe7, 0x3b, 0xc4, 0x47, 0xe2, 0xbd, 0x80, 0x73,
 0xf8, 0xd1, 0x9a, 0x5e, 0x4b, 0xfb, 0x52, 0x6b, 0x50, 0xaf, 0x8b, 0xb7, 0xb5, 0x2c, 0x52, 0x84
 
-iv =
+cipher_iv =
 0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07, 0x08, 0x09, 0x0A, 0x0B, 0x0C, 0x0D, 0x0E, 0x0F
 
 ####################
diff --git a/app/test-crypto-perf/data/aes_cbc_192_sha.data b/app/test-crypto-perf/data/aes_cbc_192_sha.data
index 7bfe3da..3f85a00 100644
--- a/app/test-crypto-perf/data/aes_cbc_192_sha.data
+++ b/app/test-crypto-perf/data/aes_cbc_192_sha.data
@@ -283,7 +283,7 @@ auth_key =
 0xe8, 0x38, 0x36, 0x58, 0x39, 0xd9, 0x9a, 0xc5, 0xe7, 0x3b, 0xc4, 0x47, 0xe2, 0xbd, 0x80, 0x73,
 0xf8, 0xd1, 0x9a, 0x5e, 0x4b, 0xfb, 0x52, 0x6b, 0x50, 0xaf, 0x8b, 0xb7, 0xb5, 0x2c, 0x52, 0x84
 
-iv =
+cipher_iv =
 0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07, 0x08, 0x09, 0x0A, 0x0B, 0x0C, 0x0D, 0x0E, 0x0F
 
 ####################
diff --git a/app/test-crypto-perf/data/aes_cbc_256_sha.data b/app/test-crypto-perf/data/aes_cbc_256_sha.data
index 52dafb9..8da8161 100644
--- a/app/test-crypto-perf/data/aes_cbc_256_sha.data
+++ b/app/test-crypto-perf/data/aes_cbc_256_sha.data
@@ -283,7 +283,7 @@ auth_key =
 0xe8, 0x38, 0x36, 0x58, 0x39, 0xd9, 0x9a, 0xc5, 0xe7, 0x3b, 0xc4, 0x47, 0xe2, 0xbd, 0x80, 0x73,
 0xf8, 0xd1, 0x9a, 0x5e, 0x4b, 0xfb, 0x52, 0x6b, 0x50, 0xaf, 0x8b, 0xb7, 0xb5, 0x2c, 0x52, 0x84
 
-iv =
+cipher_iv =
 0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07, 0x08, 0x09, 0x0A, 0x0B, 0x0C, 0x0D, 0x0E, 0x0F
 
 ####################
diff --git a/app/test-crypto-perf/main.c b/app/test-crypto-perf/main.c
index 9ec2a4b..cf4fa4f 100644
--- a/app/test-crypto-perf/main.c
+++ b/app/test-crypto-perf/main.c
@@ -138,7 +138,8 @@ cperf_verify_devices_capabilities(struct cperf_options *opts,
 					capability,
 					opts->auth_key_sz,
 					opts->auth_digest_sz,
-					opts->auth_aad_sz);
+					opts->auth_aad_sz,
+					opts->auth_iv_sz);
 			if (ret != 0)
 				return ret;
 		}
@@ -185,9 +186,9 @@ cperf_check_test_vector(struct cperf_options *opts,
 				return -1;
 			if (test_vec->ciphertext.length < opts->max_buffer_size)
 				return -1;
-			if (test_vec->iv.data == NULL)
+			if (test_vec->cipher_iv.data == NULL)
 				return -1;
-			if (test_vec->iv.length != opts->cipher_iv_sz)
+			if (test_vec->cipher_iv.length != opts->cipher_iv_sz)
 				return -1;
 			if (test_vec->cipher_key.data == NULL)
 				return -1;
@@ -204,6 +205,11 @@ cperf_check_test_vector(struct cperf_options *opts,
 				return -1;
 			if (test_vec->auth_key.length != opts->auth_key_sz)
 				return -1;
+			if (test_vec->auth_iv.length != opts->auth_iv_sz)
+				return -1;
+			/* Auth IV is only required for some algorithms */
+			if (opts->auth_iv_sz && test_vec->auth_iv.data == NULL)
+				return -1;
 			if (test_vec->digest.data == NULL)
 				return -1;
 			if (test_vec->digest.length < opts->auth_digest_sz)
@@ -226,9 +232,9 @@ cperf_check_test_vector(struct cperf_options *opts,
 				return -1;
 			if (test_vec->ciphertext.length < opts->max_buffer_size)
 				return -1;
-			if (test_vec->iv.data == NULL)
+			if (test_vec->cipher_iv.data == NULL)
 				return -1;
-			if (test_vec->iv.length != opts->cipher_iv_sz)
+			if (test_vec->cipher_iv.length != opts->cipher_iv_sz)
 				return -1;
 			if (test_vec->cipher_key.data == NULL)
 				return -1;
@@ -240,6 +246,11 @@ cperf_check_test_vector(struct cperf_options *opts,
 				return -1;
 			if (test_vec->auth_key.length != opts->auth_key_sz)
 				return -1;
+			if (test_vec->auth_iv.length != opts->auth_iv_sz)
+				return -1;
+			/* Auth IV is only required for some algorithms */
+			if (opts->auth_iv_sz && test_vec->auth_iv.data == NULL)
+				return -1;
 			if (test_vec->digest.data == NULL)
 				return -1;
 			if (test_vec->digest.length < opts->auth_digest_sz)
@@ -254,6 +265,10 @@ cperf_check_test_vector(struct cperf_options *opts,
 			return -1;
 		if (test_vec->ciphertext.length < opts->max_buffer_size)
 			return -1;
+		if (test_vec->cipher_iv.data == NULL)
+			return -1;
+		if (test_vec->cipher_iv.length != opts->cipher_iv_sz)
+			return -1;
 		if (test_vec->aad.data == NULL)
 			return -1;
 		if (test_vec->aad.length != opts->auth_aad_sz)
diff --git a/doc/guides/prog_guide/cryptodev_lib.rst b/doc/guides/prog_guide/cryptodev_lib.rst
index 4e352f4..68890ff 100644
--- a/doc/guides/prog_guide/cryptodev_lib.rst
+++ b/doc/guides/prog_guide/cryptodev_lib.rst
@@ -245,7 +245,8 @@ algorithm AES_CBC.
                         .max = 12,
                         .increment = 0
                     },
-                    .aad_size = { 0 }
+                    .aad_size = { 0 },
+                    .iv_size = { 0 }
                 }
             }
         },
diff --git a/doc/guides/rel_notes/release_17_08.rst b/doc/guides/rel_notes/release_17_08.rst
index 4775bd2..eabf3dd 100644
--- a/doc/guides/rel_notes/release_17_08.rst
+++ b/doc/guides/rel_notes/release_17_08.rst
@@ -161,6 +161,8 @@ API Changes
     offset from the start of the crypto operation.
   * Moved length and offset of cipher IV from ``rte_crypto_sym_op`` to
     ``rte_crypto_cipher_xform``.
+  * Added authentication IV parameters (offset and length) in
+    ``rte_crypto_auth_xform``.
 
 
 ABI Changes
diff --git a/doc/guides/sample_app_ug/l2_forward_crypto.rst b/doc/guides/sample_app_ug/l2_forward_crypto.rst
index 45d8a12..b9aa573 100644
--- a/doc/guides/sample_app_ug/l2_forward_crypto.rst
+++ b/doc/guides/sample_app_ug/l2_forward_crypto.rst
@@ -86,9 +86,10 @@ The application requires a number of command line options:
     ./build/l2fwd-crypto [EAL options] -- [-p PORTMASK] [-q NQ] [-s] [-T PERIOD] /
     [--cdev_type HW/SW/ANY] [--chain HASH_CIPHER/CIPHER_HASH/CIPHER_ONLY/HASH_ONLY] /
     [--cipher_algo ALGO] [--cipher_op ENCRYPT/DECRYPT] [--cipher_key KEY] /
-    [--cipher_key_random_size SIZE] [--iv IV] [--iv_random_size SIZE] /
+    [--cipher_key_random_size SIZE] [--cipher_iv IV] [--cipher_iv_random_size SIZE] /
     [--auth_algo ALGO] [--auth_op GENERATE/VERIFY] [--auth_key KEY] /
-    [--auth_key_random_size SIZE] [--aad AAD] [--aad_random_size SIZE] /
+    [--auth_key_random_size SIZE] [--auth_iv IV] [--auth_iv_random_size SIZE] /
+    [--aad AAD] [--aad_random_size SIZE] /
     [--digest size SIZE] [--sessionless] [--cryptodev_mask MASK]
 
 where,
@@ -127,11 +128,11 @@ where,
 
     Note that if --cipher_key is used, this will be ignored.
 
-*   iv: set the IV to be used. Bytes has to be separated with ":"
+*   cipher_iv: set the cipher IV to be used. Bytes has to be separated with ":"
 
-*   iv_random_size: set the size of the IV, which will be generated randomly.
+*   cipher_iv_random_size: set the size of the cipher IV, which will be generated randomly.
 
-    Note that if --iv is used, this will be ignored.
+    Note that if --cipher_iv is used, this will be ignored.
 
 *   auth_algo: select the authentication algorithm (default is sha1-hmac)
 
@@ -147,6 +148,12 @@ where,
 
     Note that if --auth_key is used, this will be ignored.
 
+*   auth_iv: set the auth IV to be used. Bytes has to be separated with ":"
+
+*   auth_iv_random_size: set the size of the auth IV, which will be generated randomly.
+
+    Note that if --auth_iv is used, this will be ignored.
+
 *   aad: set the AAD to be used. Bytes has to be separated with ":"
 
 *   aad_random_size: set the size of the AAD, which will be generated randomly.
diff --git a/doc/guides/tools/cryptoperf.rst b/doc/guides/tools/cryptoperf.rst
index 1acde76..c0accfc 100644
--- a/doc/guides/tools/cryptoperf.rst
+++ b/doc/guides/tools/cryptoperf.rst
@@ -290,6 +290,10 @@ The following are the appication command-line options:
 
         Set the size of authentication key.
 
+* ``--auth-iv-sz <n>``
+
+        Set the size of auth iv.
+
 * ``--auth-digest-sz <n>``
 
         Set the size of authentication digest.
@@ -345,9 +349,13 @@ a string of bytes in C byte array format::
 
         Key used in auth operation.
 
-* ``iv``
+* ``cipher_iv``
+
+        Cipher Initial Vector.
+
+* ``auth_iv``
 
-        Initial vector.
+        Auth Initial Vector.
 
 * ``aad``
 
@@ -412,7 +420,7 @@ Test vector file for cipher algorithm aes cbc 256 with authorization sha::
    0xf5, 0x0c, 0xe7, 0xa2, 0xa6, 0x23, 0xd5, 0x3d, 0x95, 0xd8, 0xcd, 0x86, 0x79, 0xf5, 0x01, 0x47,
    0x4f, 0xf9, 0x1d, 0x9d, 0x36, 0xf7, 0x68, 0x1a, 0x64, 0x44, 0x58, 0x5d, 0xe5, 0x81, 0x15, 0x2a,
    0x41, 0xe4, 0x0e, 0xaa, 0x1f, 0x04, 0x21, 0xff, 0x2c, 0xf3, 0x73, 0x2b, 0x48, 0x1e, 0xd2, 0xf7
-   iv =
+   cipher_iv =
    0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07, 0x08, 0x09, 0x0A, 0x0B, 0x0C, 0x0D, 0x0E, 0x0F
    # Section sha 1 hmac buff 32
    [sha1_hmac_buff_32]
diff --git a/drivers/crypto/aesni_gcm/aesni_gcm_pmd_ops.c b/drivers/crypto/aesni_gcm/aesni_gcm_pmd_ops.c
index 7b68a20..542e6c4 100644
--- a/drivers/crypto/aesni_gcm/aesni_gcm_pmd_ops.c
+++ b/drivers/crypto/aesni_gcm/aesni_gcm_pmd_ops.c
@@ -60,7 +60,8 @@ static const struct rte_cryptodev_capabilities aesni_gcm_pmd_capabilities[] = {
 					.min = 0,
 					.max = 65535,
 					.increment = 1
-				}
+				},
+				.iv_size = { 0 }
 			}, }
 		}, }
 	},
@@ -85,7 +86,8 @@ static const struct rte_cryptodev_capabilities aesni_gcm_pmd_capabilities[] = {
 					.min = 0,
 					.max = 65535,
 					.increment = 1
-				}
+				},
+				.iv_size = { 0 }
 			}, }
 		}, }
 	},
diff --git a/drivers/crypto/aesni_mb/rte_aesni_mb_pmd_ops.c b/drivers/crypto/aesni_mb/rte_aesni_mb_pmd_ops.c
index d1bc28e..780b88b 100644
--- a/drivers/crypto/aesni_mb/rte_aesni_mb_pmd_ops.c
+++ b/drivers/crypto/aesni_mb/rte_aesni_mb_pmd_ops.c
@@ -57,7 +57,8 @@ static const struct rte_cryptodev_capabilities aesni_mb_pmd_capabilities[] = {
 					.max = 12,
 					.increment = 0
 				},
-				.aad_size = { 0 }
+				.aad_size = { 0 },
+				.iv_size = { 0 }
 			}, }
 		}, }
 	},
@@ -78,7 +79,8 @@ static const struct rte_cryptodev_capabilities aesni_mb_pmd_capabilities[] = {
 					.max = 12,
 					.increment = 0
 				},
-				.aad_size = { 0 }
+				.aad_size = { 0 },
+				.iv_size = { 0 }
 			}, }
 		}, }
 	},
@@ -99,7 +101,8 @@ static const struct rte_cryptodev_capabilities aesni_mb_pmd_capabilities[] = {
 					.max = 14,
 					.increment = 0
 				},
-				.aad_size = { 0 }
+				.aad_size = { 0 },
+				.iv_size = { 0 }
 			}, }
 		}, }
 	},
@@ -120,7 +123,8 @@ static const struct rte_cryptodev_capabilities aesni_mb_pmd_capabilities[] = {
 					.max = 16,
 					.increment = 0
 				},
-				.aad_size = { 0 }
+				.aad_size = { 0 },
+				.iv_size = { 0 }
 			}, }
 		}, }
 	},
@@ -141,7 +145,8 @@ static const struct rte_cryptodev_capabilities aesni_mb_pmd_capabilities[] = {
 					.max = 24,
 					.increment = 0
 				},
-				.aad_size = { 0 }
+				.aad_size = { 0 },
+				.iv_size = { 0 }
 			}, }
 		}, }
 	},
@@ -162,7 +167,8 @@ static const struct rte_cryptodev_capabilities aesni_mb_pmd_capabilities[] = {
 					.max = 32,
 					.increment = 0
 				},
-				.aad_size = { 0 }
+				.aad_size = { 0 },
+				.iv_size = { 0 }
 			}, }
 		}, }
 	},
@@ -183,7 +189,8 @@ static const struct rte_cryptodev_capabilities aesni_mb_pmd_capabilities[] = {
 					.max = 12,
 					.increment = 0
 				},
-				.aad_size = { 0 }
+				.aad_size = { 0 },
+				.iv_size = { 0 }
 			}, }
 		}, }
 	},
diff --git a/drivers/crypto/armv8/rte_armv8_pmd_ops.c b/drivers/crypto/armv8/rte_armv8_pmd_ops.c
index 4d9ccbf..78ed770 100644
--- a/drivers/crypto/armv8/rte_armv8_pmd_ops.c
+++ b/drivers/crypto/armv8/rte_armv8_pmd_ops.c
@@ -59,7 +59,8 @@ static const struct rte_cryptodev_capabilities
 						.max = 20,
 						.increment = 0
 					},
-					.aad_size = { 0 }
+					.aad_size = { 0 },
+					.iv_size = { 0 }
 				}, }
 			}, }
 	},
@@ -80,7 +81,8 @@ static const struct rte_cryptodev_capabilities
 						.max = 32,
 						.increment = 0
 					},
-					.aad_size = { 0 }
+					.aad_size = { 0 },
+					.iv_size = { 0 }
 				}, }
 			}, }
 	},
diff --git a/drivers/crypto/dpaa2_sec/dpaa2_sec_priv.h b/drivers/crypto/dpaa2_sec/dpaa2_sec_priv.h
index d152161..ff3be70 100644
--- a/drivers/crypto/dpaa2_sec/dpaa2_sec_priv.h
+++ b/drivers/crypto/dpaa2_sec/dpaa2_sec_priv.h
@@ -217,7 +217,8 @@ static const struct rte_cryptodev_capabilities dpaa2_sec_capabilities[] = {
 					.max = 16,
 					.increment = 0
 				},
-				.aad_size = { 0 }
+				.aad_size = { 0 },
+				.iv_size = { 0 }
 			}, }
 		}, }
 	},
@@ -238,7 +239,8 @@ static const struct rte_cryptodev_capabilities dpaa2_sec_capabilities[] = {
 					.max = 20,
 					.increment = 0
 				},
-				.aad_size = { 0 }
+				.aad_size = { 0 },
+				.iv_size = { 0 }
 			}, }
 		}, }
 	},
@@ -259,7 +261,8 @@ static const struct rte_cryptodev_capabilities dpaa2_sec_capabilities[] = {
 					.max = 28,
 					.increment = 0
 				},
-				.aad_size = { 0 }
+				.aad_size = { 0 },
+				.iv_size = { 0 }
 			}, }
 		}, }
 	},
@@ -280,7 +283,8 @@ static const struct rte_cryptodev_capabilities dpaa2_sec_capabilities[] = {
 						.max = 32,
 						.increment = 0
 				},
-				.aad_size = { 0 }
+				.aad_size = { 0 },
+				.iv_size = { 0 }
 				}, }
 			}, }
 		},
@@ -301,7 +305,8 @@ static const struct rte_cryptodev_capabilities dpaa2_sec_capabilities[] = {
 					.max = 48,
 					.increment = 0
 				},
-				.aad_size = { 0 }
+				.aad_size = { 0 },
+				.iv_size = { 0 }
 			}, }
 		}, }
 	},
@@ -322,7 +327,8 @@ static const struct rte_cryptodev_capabilities dpaa2_sec_capabilities[] = {
 					.max = 64,
 					.increment = 0
 				},
-				.aad_size = { 0 }
+				.aad_size = { 0 },
+				.iv_size = { 0 }
 			}, }
 		}, }
 	},
diff --git a/drivers/crypto/kasumi/rte_kasumi_pmd_ops.c b/drivers/crypto/kasumi/rte_kasumi_pmd_ops.c
index 62ebdbd..8f1a116 100644
--- a/drivers/crypto/kasumi/rte_kasumi_pmd_ops.c
+++ b/drivers/crypto/kasumi/rte_kasumi_pmd_ops.c
@@ -60,7 +60,8 @@ static const struct rte_cryptodev_capabilities kasumi_pmd_capabilities[] = {
 					.min = 8,
 					.max = 8,
 					.increment = 0
-				}
+				},
+				.iv_size = { 0 }
 			}, }
 		}, }
 	},
diff --git a/drivers/crypto/null/null_crypto_pmd_ops.c b/drivers/crypto/null/null_crypto_pmd_ops.c
index 5f74f0c..f8ad8e4 100644
--- a/drivers/crypto/null/null_crypto_pmd_ops.c
+++ b/drivers/crypto/null/null_crypto_pmd_ops.c
@@ -56,7 +56,8 @@ static const struct rte_cryptodev_capabilities null_crypto_pmd_capabilities[] =
 					.max = 0,
 					.increment = 0
 				},
-				.aad_size = { 0 }
+				.aad_size = { 0 },
+				.iv_size = { 0 }
 			}, },
 		}, },
 	},
diff --git a/drivers/crypto/openssl/rte_openssl_pmd_ops.c b/drivers/crypto/openssl/rte_openssl_pmd_ops.c
index 22a6873..3026dbd 100644
--- a/drivers/crypto/openssl/rte_openssl_pmd_ops.c
+++ b/drivers/crypto/openssl/rte_openssl_pmd_ops.c
@@ -57,7 +57,8 @@ static const struct rte_cryptodev_capabilities openssl_pmd_capabilities[] = {
 					.max = 16,
 					.increment = 0
 				},
-				.aad_size = { 0 }
+				.aad_size = { 0 },
+				.iv_size = { 0 }
 			}, }
 		}, }
 	},
@@ -78,7 +79,8 @@ static const struct rte_cryptodev_capabilities openssl_pmd_capabilities[] = {
 					.max = 16,
 					.increment = 0
 				},
-				.aad_size = { 0 }
+				.aad_size = { 0 },
+				.iv_size = { 0 }
 			}, }
 		}, }
 	},
@@ -99,7 +101,8 @@ static const struct rte_cryptodev_capabilities openssl_pmd_capabilities[] = {
 					.max = 20,
 					.increment = 0
 				},
-				.aad_size = { 0 }
+				.aad_size = { 0 },
+				.iv_size = { 0 }
 			}, }
 		}, }
 	},
@@ -120,7 +123,8 @@ static const struct rte_cryptodev_capabilities openssl_pmd_capabilities[] = {
 					.max = 20,
 					.increment = 0
 				},
-				.aad_size = { 0 }
+				.aad_size = { 0 },
+				.iv_size = { 0 }
 			}, }
 		}, }
 	},
@@ -141,7 +145,8 @@ static const struct rte_cryptodev_capabilities openssl_pmd_capabilities[] = {
 					.max = 28,
 					.increment = 0
 				},
-				.aad_size = { 0 }
+				.aad_size = { 0 },
+				.iv_size = { 0 }
 			}, }
 		}, }
 	},
@@ -162,7 +167,8 @@ static const struct rte_cryptodev_capabilities openssl_pmd_capabilities[] = {
 					.max = 28,
 					.increment = 0
 				},
-				.aad_size = { 0 }
+				.aad_size = { 0 },
+				.iv_size = { 0 }
 			}, }
 		}, }
 	},
@@ -183,31 +189,33 @@ static const struct rte_cryptodev_capabilities openssl_pmd_capabilities[] = {
 					.max = 32,
 					.increment = 0
 				},
-				.aad_size = { 0 }
+				.aad_size = { 0 },
+				.iv_size = { 0 }
 			}, }
 		}, }
 	},
 	{	/* SHA256 */
-			.op = RTE_CRYPTO_OP_TYPE_SYMMETRIC,
-			{.sym = {
-				.xform_type = RTE_CRYPTO_SYM_XFORM_AUTH,
-				{.auth = {
-					.algo = RTE_CRYPTO_AUTH_SHA256,
-					.block_size = 64,
-					.key_size = {
-						.min = 0,
-						.max = 0,
-						.increment = 0
-					},
-					.digest_size = {
-						.min = 32,
-						.max = 32,
-						.increment = 0
-					},
-					.aad_size = { 0 }
-				}, }
+		.op = RTE_CRYPTO_OP_TYPE_SYMMETRIC,
+		{.sym = {
+			.xform_type = RTE_CRYPTO_SYM_XFORM_AUTH,
+			{.auth = {
+				.algo = RTE_CRYPTO_AUTH_SHA256,
+				.block_size = 64,
+				.key_size = {
+					.min = 0,
+					.max = 0,
+					.increment = 0
+				},
+				.digest_size = {
+					.min = 32,
+					.max = 32,
+					.increment = 0
+				},
+				.aad_size = { 0 },
+				.iv_size = { 0 }
 			}, }
-		},
+		}, }
+	},
 	{	/* SHA384 HMAC */
 		.op = RTE_CRYPTO_OP_TYPE_SYMMETRIC,
 		{.sym = {
@@ -225,7 +233,8 @@ static const struct rte_cryptodev_capabilities openssl_pmd_capabilities[] = {
 					.max = 48,
 					.increment = 0
 				},
-				.aad_size = { 0 }
+				.aad_size = { 0 },
+				.iv_size = { 0 }
 			}, }
 		}, }
 	},
@@ -246,7 +255,8 @@ static const struct rte_cryptodev_capabilities openssl_pmd_capabilities[] = {
 					.max = 48,
 					.increment = 0
 				},
-				.aad_size = { 0 }
+				.aad_size = { 0 },
+				.iv_size = { 0 }
 			}, }
 		}, }
 	},
@@ -267,7 +277,8 @@ static const struct rte_cryptodev_capabilities openssl_pmd_capabilities[] = {
 					.max = 64,
 					.increment = 0
 				},
-				.aad_size = { 0 }
+				.aad_size = { 0 },
+				.iv_size = { 0 }
 			}, }
 		}, }
 	},
@@ -288,7 +299,8 @@ static const struct rte_cryptodev_capabilities openssl_pmd_capabilities[] = {
 					.max = 64,
 					.increment = 0
 				},
-				.aad_size = { 0 }
+				.aad_size = { 0 },
+				.iv_size = { 0 }
 			}, }
 		}, }
 	},
@@ -353,7 +365,8 @@ static const struct rte_cryptodev_capabilities openssl_pmd_capabilities[] = {
 					.min = 0,
 					.max = 65535,
 					.increment = 1
-				}
+				},
+				.iv_size = { 0 }
 			}, }
 		}, }
 	},
@@ -398,7 +411,8 @@ static const struct rte_cryptodev_capabilities openssl_pmd_capabilities[] = {
 					.min = 8,
 					.max = 65532,
 					.increment = 4
-				}
+				},
+				.iv_size = { 0 }
 			}, }
 		}, }
 	},
diff --git a/drivers/crypto/qat/qat_crypto_capabilities.h b/drivers/crypto/qat/qat_crypto_capabilities.h
index 1294f24..4bc2c97 100644
--- a/drivers/crypto/qat/qat_crypto_capabilities.h
+++ b/drivers/crypto/qat/qat_crypto_capabilities.h
@@ -52,7 +52,8 @@
 					.max = 20,			\
 					.increment = 0			\
 				},					\
-				.aad_size = { 0 }			\
+				.aad_size = { 0 },			\
+				.iv_size = { 0 }			\
 			}, }						\
 		}, }							\
 	},								\
@@ -73,7 +74,8 @@
 					.max = 28,			\
 					.increment = 0			\
 				},					\
-				.aad_size = { 0 }			\
+				.aad_size = { 0 },			\
+				.iv_size = { 0 }			\
 			}, }						\
 		}, }							\
 	},								\
@@ -94,7 +96,8 @@
 					.max = 32,			\
 					.increment = 0			\
 				},					\
-				.aad_size = { 0 }			\
+				.aad_size = { 0 },			\
+				.iv_size = { 0 }			\
 			}, }						\
 		}, }							\
 	},								\
@@ -114,8 +117,9 @@
 					.min = 48,			\
 					.max = 48,			\
 					.increment = 0			\
-					},				\
-				.aad_size = { 0 }			\
+				},					\
+				.aad_size = { 0 },			\
+				.iv_size = { 0 }			\
 			}, }						\
 		}, }							\
 	},								\
@@ -136,7 +140,8 @@
 					.max = 64,			\
 					.increment = 0			\
 				},					\
-				.aad_size = { 0 }			\
+				.aad_size = { 0 },			\
+				.iv_size = { 0 }			\
 			}, }						\
 		}, }							\
 	},								\
@@ -157,7 +162,8 @@
 					.max = 16,			\
 					.increment = 0			\
 				},					\
-				.aad_size = { 0 }			\
+				.aad_size = { 0 },			\
+				.iv_size = { 0 }			\
 			}, }						\
 		}, }							\
 	},								\
@@ -178,7 +184,8 @@
 					.max = 16,			\
 					.increment = 0			\
 				},					\
-				.aad_size = { 0 }			\
+				.aad_size = { 0 },			\
+				.iv_size = { 0 }			\
 			}, }						\
 		}, }							\
 	},								\
@@ -203,7 +210,8 @@
 					.min = 0,			\
 					.max = 240,			\
 					.increment = 1			\
-				}					\
+				},					\
+				.iv_size = { 0 }			\
 			}, }						\
 		}, }							\
 	},								\
@@ -228,7 +236,8 @@
 					.min = 1,			\
 					.max = 65535,			\
 					.increment = 1			\
-				}					\
+				},					\
+				.iv_size = { 0 }			\
 			}, }						\
 		}, }							\
 	},								\
@@ -253,7 +262,8 @@
 					.min = 16,			\
 					.max = 16,			\
 					.increment = 0			\
-				}					\
+				},					\
+				.iv_size = { 0 }			\
 			}, }						\
 		}, }							\
 	},								\
@@ -374,7 +384,8 @@
 					.max = 0,			\
 					.increment = 0			\
 				},					\
-				.aad_size = { 0 }			\
+				.aad_size = { 0 },			\
+				.iv_size = { 0 }			\
 			}, },						\
 		}, },							\
 	},								\
@@ -439,7 +450,8 @@
 					.min = 8,			\
 					.max = 8,			\
 					.increment = 0			\
-				}					\
+				},					\
+				.iv_size = { 0 }			\
 			}, }						\
 		}, }							\
 	},								\
@@ -566,7 +578,8 @@
 					.min = 16,			\
 					.max = 16,			\
 					.increment = 0			\
-				}					\
+				},					\
+				.iv_size = { 0 }			\
 			}, }						\
 		}, }							\
 	}
diff --git a/drivers/crypto/snow3g/rte_snow3g_pmd_ops.c b/drivers/crypto/snow3g/rte_snow3g_pmd_ops.c
index 7ce96be..68ede97 100644
--- a/drivers/crypto/snow3g/rte_snow3g_pmd_ops.c
+++ b/drivers/crypto/snow3g/rte_snow3g_pmd_ops.c
@@ -60,7 +60,8 @@ static const struct rte_cryptodev_capabilities snow3g_pmd_capabilities[] = {
 					.min = 16,
 					.max = 16,
 					.increment = 0
-				}
+				},
+				.iv_size = { 0 },
 			}, }
 		}, }
 	},
diff --git a/drivers/crypto/zuc/rte_zuc_pmd_ops.c b/drivers/crypto/zuc/rte_zuc_pmd_ops.c
index c24b9bd..02c3c4a 100644
--- a/drivers/crypto/zuc/rte_zuc_pmd_ops.c
+++ b/drivers/crypto/zuc/rte_zuc_pmd_ops.c
@@ -60,7 +60,8 @@ static const struct rte_cryptodev_capabilities zuc_pmd_capabilities[] = {
 					.min = 16,
 					.max = 16,
 					.increment = 0
-				}
+				},
+				.iv_size = { 0 }
 			}, }
 		}, }
 	},
diff --git a/examples/l2fwd-crypto/main.c b/examples/l2fwd-crypto/main.c
index 9f16806..ba5aef7 100644
--- a/examples/l2fwd-crypto/main.c
+++ b/examples/l2fwd-crypto/main.c
@@ -160,14 +160,18 @@ struct l2fwd_crypto_options {
 	unsigned ckey_param;
 	int ckey_random_size;
 
-	struct l2fwd_iv iv;
-	unsigned int iv_param;
-	int iv_random_size;
+	struct l2fwd_iv cipher_iv;
+	unsigned int cipher_iv_param;
+	int cipher_iv_random_size;
 
 	struct rte_crypto_sym_xform auth_xform;
 	uint8_t akey_param;
 	int akey_random_size;
 
+	struct l2fwd_iv auth_iv;
+	unsigned int auth_iv_param;
+	int auth_iv_random_size;
+
 	struct l2fwd_key aad;
 	unsigned aad_param;
 	int aad_random_size;
@@ -188,7 +192,8 @@ struct l2fwd_crypto_params {
 	unsigned digest_length;
 	unsigned block_size;
 
-	struct l2fwd_iv iv;
+	struct l2fwd_iv cipher_iv;
+	struct l2fwd_iv auth_iv;
 	struct l2fwd_key aad;
 	struct rte_cryptodev_sym_session *session;
 
@@ -453,6 +458,18 @@ l2fwd_simple_crypto_enqueue(struct rte_mbuf *m,
 	rte_crypto_op_attach_sym_session(op, cparams->session);
 
 	if (cparams->do_hash) {
+		if (cparams->auth_iv.length) {
+			uint8_t *iv_ptr = rte_crypto_op_ctod_offset(op,
+						uint8_t *,
+						IV_OFFSET +
+						cparams->cipher_iv.length);
+			/*
+			 * Copy IV at the end of the crypto operation,
+			 * after the cipher IV, if added
+			 */
+			rte_memcpy(iv_ptr, cparams->auth_iv.data,
+					cparams->auth_iv.length);
+		}
 		if (!cparams->hash_verify) {
 			/* Append space for digest to end of packet */
 			op->sym->auth.digest.data = (uint8_t *)rte_pktmbuf_append(m,
@@ -492,7 +509,8 @@ l2fwd_simple_crypto_enqueue(struct rte_mbuf *m,
 		uint8_t *iv_ptr = rte_crypto_op_ctod_offset(op, uint8_t *,
 							IV_OFFSET);
 		/* Copy IV at the end of the crypto operation */
-		rte_memcpy(iv_ptr, cparams->iv.data, cparams->iv.length);
+		rte_memcpy(iv_ptr, cparams->cipher_iv.data,
+				cparams->cipher_iv.length);
 
 		/* For wireless algorithms, offset/length must be in bits */
 		if (cparams->cipher_algo == RTE_CRYPTO_CIPHER_SNOW3G_UEA2 ||
@@ -675,6 +693,18 @@ l2fwd_main_loop(struct l2fwd_crypto_options *options)
 		port_cparams[i].block_size = options->block_size;
 
 		if (port_cparams[i].do_hash) {
+			port_cparams[i].auth_iv.data = options->auth_iv.data;
+			port_cparams[i].auth_iv.length = options->auth_iv.length;
+			if (!options->auth_iv_param)
+				generate_random_key(port_cparams[i].auth_iv.data,
+						port_cparams[i].auth_iv.length);
+			/* Set IV parameters */
+			if (options->auth_iv.length) {
+				options->auth_xform.auth.iv.offset =
+					IV_OFFSET + options->cipher_iv.length;
+				options->auth_xform.auth.iv.length =
+					options->auth_iv.length;
+			}
 			port_cparams[i].digest_length =
 					options->auth_xform.auth.digest_length;
 			if (options->auth_xform.auth.add_auth_data_length) {
@@ -698,16 +728,17 @@ l2fwd_main_loop(struct l2fwd_crypto_options *options)
 		}
 
 		if (port_cparams[i].do_cipher) {
-			port_cparams[i].iv.data = options->iv.data;
-			port_cparams[i].iv.length = options->iv.length;
-			if (!options->iv_param)
-				generate_random_key(port_cparams[i].iv.data,
-						port_cparams[i].iv.length);
+			port_cparams[i].cipher_iv.data = options->cipher_iv.data;
+			port_cparams[i].cipher_iv.length = options->cipher_iv.length;
+			if (!options->cipher_iv_param)
+				generate_random_key(port_cparams[i].cipher_iv.data,
+						port_cparams[i].cipher_iv.length);
 
 			port_cparams[i].cipher_algo = options->cipher_xform.cipher.algo;
 			/* Set IV parameters */
 			options->cipher_xform.cipher.iv.offset = IV_OFFSET;
-			options->cipher_xform.cipher.iv.length = options->iv.length;
+			options->cipher_xform.cipher.iv.length =
+						options->cipher_iv.length;
 		}
 
 		port_cparams[i].session = initialize_crypto_session(options,
@@ -861,13 +892,15 @@ l2fwd_crypto_usage(const char *prgname)
 		"  --cipher_op ENCRYPT / DECRYPT\n"
 		"  --cipher_key KEY (bytes separated with \":\")\n"
 		"  --cipher_key_random_size SIZE: size of cipher key when generated randomly\n"
-		"  --iv IV (bytes separated with \":\")\n"
-		"  --iv_random_size SIZE: size of IV when generated randomly\n"
+		"  --cipher_iv IV (bytes separated with \":\")\n"
+		"  --cipher_iv_random_size SIZE: size of cipher IV when generated randomly\n"
 
 		"  --auth_algo ALGO\n"
 		"  --auth_op GENERATE / VERIFY\n"
 		"  --auth_key KEY (bytes separated with \":\")\n"
 		"  --auth_key_random_size SIZE: size of auth key when generated randomly\n"
+		"  --auth_iv IV (bytes separated with \":\")\n"
+		"  --auth_iv_random_size SIZE: size of auth IV when generated randomly\n"
 		"  --aad AAD (bytes separated with \":\")\n"
 		"  --aad_random_size SIZE: size of AAD when generated randomly\n"
 		"  --digest_size SIZE: size of digest to be generated/verified\n"
@@ -1078,18 +1111,18 @@ l2fwd_crypto_parse_args_long_options(struct l2fwd_crypto_options *options,
 	else if (strcmp(lgopts[option_index].name, "cipher_key_random_size") == 0)
 		return parse_size(&options->ckey_random_size, optarg);
 
-	else if (strcmp(lgopts[option_index].name, "iv") == 0) {
-		options->iv_param = 1;
-		options->iv.length =
-			parse_key(options->iv.data, optarg);
-		if (options->iv.length > 0)
+	else if (strcmp(lgopts[option_index].name, "cipher_iv") == 0) {
+		options->cipher_iv_param = 1;
+		options->cipher_iv.length =
+			parse_key(options->cipher_iv.data, optarg);
+		if (options->cipher_iv.length > 0)
 			return 0;
 		else
 			return -1;
 	}
 
-	else if (strcmp(lgopts[option_index].name, "iv_random_size") == 0)
-		return parse_size(&options->iv_random_size, optarg);
+	else if (strcmp(lgopts[option_index].name, "cipher_iv_random_size") == 0)
+		return parse_size(&options->cipher_iv_random_size, optarg);
 
 	/* Authentication options */
 	else if (strcmp(lgopts[option_index].name, "auth_algo") == 0) {
@@ -1115,6 +1148,20 @@ l2fwd_crypto_parse_args_long_options(struct l2fwd_crypto_options *options,
 		return parse_size(&options->akey_random_size, optarg);
 	}
 
+
+	else if (strcmp(lgopts[option_index].name, "auth_iv") == 0) {
+		options->auth_iv_param = 1;
+		options->auth_iv.length =
+			parse_key(options->auth_iv.data, optarg);
+		if (options->auth_iv.length > 0)
+			return 0;
+		else
+			return -1;
+	}
+
+	else if (strcmp(lgopts[option_index].name, "auth_iv_random_size") == 0)
+		return parse_size(&options->auth_iv_random_size, optarg);
+
 	else if (strcmp(lgopts[option_index].name, "aad") == 0) {
 		options->aad_param = 1;
 		options->aad.length =
@@ -1233,9 +1280,9 @@ l2fwd_crypto_default_options(struct l2fwd_crypto_options *options)
 	options->ckey_param = 0;
 	options->ckey_random_size = -1;
 	options->cipher_xform.cipher.key.length = 0;
-	options->iv_param = 0;
-	options->iv_random_size = -1;
-	options->iv.length = 0;
+	options->cipher_iv_param = 0;
+	options->cipher_iv_random_size = -1;
+	options->cipher_iv.length = 0;
 
 	options->cipher_xform.cipher.algo = RTE_CRYPTO_CIPHER_AES_CBC;
 	options->cipher_xform.cipher.op = RTE_CRYPTO_CIPHER_OP_ENCRYPT;
@@ -1246,6 +1293,9 @@ l2fwd_crypto_default_options(struct l2fwd_crypto_options *options)
 	options->akey_param = 0;
 	options->akey_random_size = -1;
 	options->auth_xform.auth.key.length = 0;
+	options->auth_iv_param = 0;
+	options->auth_iv_random_size = -1;
+	options->auth_iv.length = 0;
 	options->aad_param = 0;
 	options->aad_random_size = -1;
 	options->aad.length = 0;
@@ -1267,7 +1317,7 @@ display_cipher_info(struct l2fwd_crypto_options *options)
 	rte_hexdump(stdout, "Cipher key:",
 			options->cipher_xform.cipher.key.data,
 			options->cipher_xform.cipher.key.length);
-	rte_hexdump(stdout, "IV:", options->iv.data, options->iv.length);
+	rte_hexdump(stdout, "IV:", options->cipher_iv.data, options->cipher_iv.length);
 }
 
 static void
@@ -1279,6 +1329,7 @@ display_auth_info(struct l2fwd_crypto_options *options)
 	rte_hexdump(stdout, "Auth key:",
 			options->auth_xform.auth.key.data,
 			options->auth_xform.auth.key.length);
+	rte_hexdump(stdout, "IV:", options->auth_iv.data, options->auth_iv.length);
 	rte_hexdump(stdout, "AAD:", options->aad.data, options->aad.length);
 }
 
@@ -1316,8 +1367,11 @@ l2fwd_crypto_options_print(struct l2fwd_crypto_options *options)
 	if (options->akey_param && (options->akey_random_size != -1))
 		printf("Auth key already parsed, ignoring size of random key\n");
 
-	if (options->iv_param && (options->iv_random_size != -1))
-		printf("IV already parsed, ignoring size of random IV\n");
+	if (options->cipher_iv_param && (options->cipher_iv_random_size != -1))
+		printf("Cipher IV already parsed, ignoring size of random IV\n");
+
+	if (options->auth_iv_param && (options->auth_iv_random_size != -1))
+		printf("Auth IV already parsed, ignoring size of random IV\n");
 
 	if (options->aad_param && (options->aad_random_size != -1))
 		printf("AAD already parsed, ignoring size of random AAD\n");
@@ -1365,14 +1419,16 @@ l2fwd_crypto_parse_args(struct l2fwd_crypto_options *options,
 			{ "cipher_op", required_argument, 0, 0 },
 			{ "cipher_key", required_argument, 0, 0 },
 			{ "cipher_key_random_size", required_argument, 0, 0 },
+			{ "cipher_iv", required_argument, 0, 0 },
+			{ "cipher_iv_random_size", required_argument, 0, 0 },
 
 			{ "auth_algo", required_argument, 0, 0 },
 			{ "auth_op", required_argument, 0, 0 },
 			{ "auth_key", required_argument, 0, 0 },
 			{ "auth_key_random_size", required_argument, 0, 0 },
+			{ "auth_iv", required_argument, 0, 0 },
+			{ "auth_iv_random_size", required_argument, 0, 0 },
 
-			{ "iv", required_argument, 0, 0 },
-			{ "iv_random_size", required_argument, 0, 0 },
 			{ "aad", required_argument, 0, 0 },
 			{ "aad_random_size", required_argument, 0, 0 },
 			{ "digest_size", required_argument, 0, 0 },
@@ -1660,8 +1716,10 @@ initialize_cryptodevs(struct l2fwd_crypto_options *options, unsigned nb_ports,
 
 			options->block_size = cap->sym.cipher.block_size;
 
-			check_iv_param(&cap->sym.cipher.iv_size, options->iv_param,
-					options->iv_random_size, &options->iv.length);
+			check_iv_param(&cap->sym.cipher.iv_size,
+					options->cipher_iv_param,
+					options->cipher_iv_random_size,
+					&options->cipher_iv.length);
 
 			/*
 			 * Check if length of provided cipher key is supported
@@ -1731,6 +1789,10 @@ initialize_cryptodevs(struct l2fwd_crypto_options *options, unsigned nb_ports,
 				continue;
 			}
 
+			check_iv_param(&cap->sym.auth.iv_size,
+					options->auth_iv_param,
+					options->auth_iv_random_size,
+					&options->auth_iv.length);
 			/*
 			 * Check if length of provided AAD is supported
 			 * by the algorithm chosen.
@@ -1972,9 +2034,13 @@ reserve_key_memory(struct l2fwd_crypto_options *options)
 	if (options->auth_xform.auth.key.data == NULL)
 		rte_exit(EXIT_FAILURE, "Failed to allocate memory for auth key");
 
-	options->iv.data = rte_malloc("iv", MAX_KEY_SIZE, 0);
-	if (options->iv.data == NULL)
-		rte_exit(EXIT_FAILURE, "Failed to allocate memory for IV");
+	options->cipher_iv.data = rte_malloc("cipher iv", MAX_KEY_SIZE, 0);
+	if (options->cipher_iv.data == NULL)
+		rte_exit(EXIT_FAILURE, "Failed to allocate memory for cipher IV");
+
+	options->auth_iv.data = rte_malloc("auth iv", MAX_KEY_SIZE, 0);
+	if (options->auth_iv.data == NULL)
+		rte_exit(EXIT_FAILURE, "Failed to allocate memory for auth IV");
 
 	options->aad.data = rte_malloc("aad", MAX_KEY_SIZE, 0);
 	if (options->aad.data == NULL)
diff --git a/lib/librte_cryptodev/rte_crypto_sym.h b/lib/librte_cryptodev/rte_crypto_sym.h
index c1a1e27..0e84bad 100644
--- a/lib/librte_cryptodev/rte_crypto_sym.h
+++ b/lib/librte_cryptodev/rte_crypto_sym.h
@@ -393,6 +393,30 @@ struct rte_crypto_auth_xform {
 	 *  of the AAD data is specified in additional authentication data
 	 *  length field of the rte_crypto_sym_op_data structure
 	 */
+
+	struct {
+		uint16_t offset;
+		/**< Starting point for Initialisation Vector or Counter,
+		 * specified as number of bytes from start of crypto
+		 * operation (rte_crypto_op).
+		 *
+		 * - For KASUMI in F9 mode, SNOW 3G in UIA2 mode,
+		 *   for ZUC in EIA3 mode and for AES-GMAC, this is the
+		 *   authentication Initialisation Vector (IV) value.
+		 *
+		 *
+		 * For optimum performance, the data pointed to SHOULD
+		 * be 8-byte aligned.
+		 */
+		uint16_t length;
+		/**< Length of valid IV data.
+		 *
+		 * - For KASUMI in F9 mode, SNOW3G in UIA2 mode, for
+		 *   ZUC in EIA3 mode and for AES-GMAC, this is the length
+		 *   of the IV.
+		 *
+		 */
+	} iv;	/**< Initialisation vector parameters */
 };
 
 /** Crypto transformation types */
diff --git a/lib/librte_cryptodev/rte_cryptodev.c b/lib/librte_cryptodev/rte_cryptodev.c
index a466ed7..5aa177f 100644
--- a/lib/librte_cryptodev/rte_cryptodev.c
+++ b/lib/librte_cryptodev/rte_cryptodev.c
@@ -272,7 +272,8 @@ rte_cryptodev_sym_capability_check_cipher(
 int
 rte_cryptodev_sym_capability_check_auth(
 		const struct rte_cryptodev_symmetric_capability *capability,
-		uint16_t key_size, uint16_t digest_size, uint16_t aad_size)
+		uint16_t key_size, uint16_t digest_size, uint16_t aad_size,
+		uint16_t iv_size)
 {
 	if (param_range_check(key_size, capability->auth.key_size))
 		return -1;
@@ -283,6 +284,9 @@ rte_cryptodev_sym_capability_check_auth(
 	if (param_range_check(aad_size, capability->auth.aad_size))
 		return -1;
 
+	if (param_range_check(iv_size, capability->auth.iv_size))
+		return -1;
+
 	return 0;
 }
 
diff --git a/lib/librte_cryptodev/rte_cryptodev.h b/lib/librte_cryptodev/rte_cryptodev.h
index 91f3375..75b423a 100644
--- a/lib/librte_cryptodev/rte_cryptodev.h
+++ b/lib/librte_cryptodev/rte_cryptodev.h
@@ -184,6 +184,8 @@ struct rte_cryptodev_symmetric_capability {
 			/**< digest size range */
 			struct rte_crypto_param_range aad_size;
 			/**< Additional authentication data size range */
+			struct rte_crypto_param_range iv_size;
+			/**< Initialisation vector data size range */
 		} auth;
 		/**< Symmetric Authentication transform capabilities */
 		struct {
@@ -260,6 +262,7 @@ rte_cryptodev_sym_capability_check_cipher(
  * @param	key_size	Auth key size.
  * @param	digest_size	Auth digest size.
  * @param	aad_size	Auth aad size.
+ * @param	iv_size		Auth initial vector size.
  *
  * @return
  *   - Return 0 if the parameters are in range of the capability.
@@ -268,7 +271,8 @@ rte_cryptodev_sym_capability_check_cipher(
 int
 rte_cryptodev_sym_capability_check_auth(
 		const struct rte_cryptodev_symmetric_capability *capability,
-		uint16_t key_size, uint16_t digest_size, uint16_t aad_size);
+		uint16_t key_size, uint16_t digest_size, uint16_t aad_size,
+		uint16_t iv_size);
 
 /**
  * Provide the cipher algorithm enum, given an algorithm string
-- 
2.9.4

^ permalink raw reply	[flat|nested] 100+ messages in thread

* [dpdk-dev] [PATCH v2 16/27] cryptodev: do not use AAD in wireless algorithms
  2017-06-26 10:22 ` [dpdk-dev] [PATCH v2 00/27] Crypto operation restructuring Pablo de Lara
                     ` (14 preceding siblings ...)
  2017-06-26 10:22   ` [dpdk-dev] [PATCH v2 15/27] cryptodev: add auth IV Pablo de Lara
@ 2017-06-26 10:22   ` Pablo de Lara
  2017-06-26 10:22   ` [dpdk-dev] [PATCH v2 17/27] cryptodev: remove AAD length from crypto op Pablo de Lara
                     ` (12 subsequent siblings)
  28 siblings, 0 replies; 100+ messages in thread
From: Pablo de Lara @ 2017-06-26 10:22 UTC (permalink / raw)
  To: declan.doherty, zbigniew.bodek, jerin.jacob, akhil.goyal, hemant.agrawal
  Cc: dev, Pablo de Lara

For wireless algorithms (SNOW3G, KASUMI, ZUC),
the IV for the authentication algorithms (F9, UIA2 and EIA3)
was taken from the AAD parameter, as there was no IV parameter
in the authentication structure.

Now that IV is available for all algorithms, there is need
to keep doing this, so AAD is not used for these algorithms
anymore.

Signed-off-by: Pablo de Lara <pablo.de.lara.guarch@intel.com>
---
 app/test-crypto-perf/cperf_test_vectors.c          |   6 -
 drivers/crypto/kasumi/rte_kasumi_pmd.c             |  25 +-
 drivers/crypto/kasumi/rte_kasumi_pmd_ops.c         |   4 +-
 drivers/crypto/kasumi/rte_kasumi_pmd_private.h     |   3 +-
 drivers/crypto/qat/qat_adf/qat_algs.h              |   6 +-
 drivers/crypto/qat/qat_adf/qat_algs_build_desc.c   |   6 +-
 drivers/crypto/qat/qat_crypto.c                    |  47 ++-
 drivers/crypto/qat/qat_crypto_capabilities.h       |  12 +-
 drivers/crypto/snow3g/rte_snow3g_pmd.c             |  26 +-
 drivers/crypto/snow3g/rte_snow3g_pmd_ops.c         |   4 +-
 drivers/crypto/snow3g/rte_snow3g_pmd_private.h     |   3 +-
 drivers/crypto/zuc/rte_zuc_pmd.c                   |  24 +-
 drivers/crypto/zuc/rte_zuc_pmd_ops.c               |   4 +-
 drivers/crypto/zuc/rte_zuc_pmd_private.h           |   3 +-
 lib/librte_cryptodev/rte_crypto_sym.h              |   7 +-
 test/test/test_cryptodev.c                         | 418 ++++++++-------------
 .../test/test_cryptodev_kasumi_hash_test_vectors.h |  16 +-
 test/test/test_cryptodev_kasumi_test_vectors.h     |  20 +-
 test/test/test_cryptodev_perf.c                    |  20 +-
 .../test/test_cryptodev_snow3g_hash_test_vectors.h |  14 +-
 test/test/test_cryptodev_snow3g_test_vectors.h     |  24 +-
 test/test/test_cryptodev_zuc_test_vectors.h        |  38 +-
 22 files changed, 321 insertions(+), 409 deletions(-)

diff --git a/app/test-crypto-perf/cperf_test_vectors.c b/app/test-crypto-perf/cperf_test_vectors.c
index 6829b86..b67d0f4 100644
--- a/app/test-crypto-perf/cperf_test_vectors.c
+++ b/app/test-crypto-perf/cperf_test_vectors.c
@@ -456,12 +456,6 @@ cperf_test_vector_get_dummy(struct cperf_options *options)
 			t_vec->auth_key.data = NULL;
 			aad_alloc = 1;
 			break;
-		case RTE_CRYPTO_AUTH_SNOW3G_UIA2:
-		case RTE_CRYPTO_AUTH_KASUMI_F9:
-		case RTE_CRYPTO_AUTH_ZUC_EIA3:
-			t_vec->auth_key.data = auth_key;
-			aad_alloc = 1;
-			break;
 		case RTE_CRYPTO_AUTH_AES_GMAC:
 			/* auth key should be the same as cipher key */
 			t_vec->auth_key.data = cipher_key;
diff --git a/drivers/crypto/kasumi/rte_kasumi_pmd.c b/drivers/crypto/kasumi/rte_kasumi_pmd.c
index 2af7769..43f7fe7 100644
--- a/drivers/crypto/kasumi/rte_kasumi_pmd.c
+++ b/drivers/crypto/kasumi/rte_kasumi_pmd.c
@@ -117,7 +117,7 @@ kasumi_set_session_parameters(struct kasumi_session *sess,
 		if (cipher_xform->cipher.algo != RTE_CRYPTO_CIPHER_KASUMI_F8)
 			return -EINVAL;
 
-		sess->iv_offset = cipher_xform->cipher.iv.offset;
+		sess->cipher_iv_offset = cipher_xform->cipher.iv.offset;
 		if (cipher_xform->cipher.iv.length != KASUMI_IV_LENGTH) {
 			KASUMI_LOG_ERR("Wrong IV length");
 			return -EINVAL;
@@ -133,6 +133,13 @@ kasumi_set_session_parameters(struct kasumi_session *sess,
 		if (auth_xform->auth.algo != RTE_CRYPTO_AUTH_KASUMI_F9)
 			return -EINVAL;
 		sess->auth_op = auth_xform->auth.op;
+
+		sess->auth_iv_offset = auth_xform->auth.iv.offset;
+		if (auth_xform->auth.iv.length != KASUMI_IV_LENGTH) {
+			KASUMI_LOG_ERR("Wrong IV length");
+			return -EINVAL;
+		}
+
 		/* Initialize key */
 		sso_kasumi_init_f9_key_sched(auth_xform->auth.key.data,
 				&sess->pKeySched_hash);
@@ -194,7 +201,7 @@ process_kasumi_cipher_op(struct rte_crypto_op **ops,
 			rte_pktmbuf_mtod(ops[i]->sym->m_src, uint8_t *) +
 				(ops[i]->sym->cipher.data.offset >> 3);
 		iv_ptr = rte_crypto_op_ctod_offset(ops[i], uint8_t *,
-				session->iv_offset);
+				session->cipher_iv_offset);
 		iv[i] = *((uint64_t *)(iv_ptr));
 		num_bytes[i] = ops[i]->sym->cipher.data.length >> 3;
 
@@ -227,7 +234,7 @@ process_kasumi_cipher_op_bit(struct rte_crypto_op *op,
 	}
 	dst = rte_pktmbuf_mtod(op->sym->m_dst, uint8_t *);
 	iv_ptr = rte_crypto_op_ctod_offset(op, uint8_t *,
-			session->iv_offset);
+			session->cipher_iv_offset);
 	iv = *((uint64_t *)(iv_ptr));
 	length_in_bits = op->sym->cipher.data.length;
 
@@ -246,6 +253,7 @@ process_kasumi_hash_op(struct rte_crypto_op **ops,
 	unsigned i;
 	uint8_t processed_ops = 0;
 	uint8_t *src, *dst;
+	uint8_t *iv_ptr;
 	uint32_t length_in_bits;
 	uint32_t num_bytes;
 	uint32_t shift_bits;
@@ -253,12 +261,6 @@ process_kasumi_hash_op(struct rte_crypto_op **ops,
 	uint8_t direction;
 
 	for (i = 0; i < num_ops; i++) {
-		if (unlikely(ops[i]->sym->auth.aad.length != KASUMI_IV_LENGTH)) {
-			ops[i]->status = RTE_CRYPTO_OP_STATUS_INVALID_ARGS;
-			KASUMI_LOG_ERR("aad");
-			break;
-		}
-
 		if (unlikely(ops[i]->sym->auth.digest.length != KASUMI_DIGEST_LENGTH)) {
 			ops[i]->status = RTE_CRYPTO_OP_STATUS_INVALID_ARGS;
 			KASUMI_LOG_ERR("digest");
@@ -276,8 +278,9 @@ process_kasumi_hash_op(struct rte_crypto_op **ops,
 
 		src = rte_pktmbuf_mtod(ops[i]->sym->m_src, uint8_t *) +
 				(ops[i]->sym->auth.data.offset >> 3);
-		/* IV from AAD */
-		iv = *((uint64_t *)(ops[i]->sym->auth.aad.data));
+		iv_ptr = rte_crypto_op_ctod_offset(ops[i], uint8_t *,
+				session->auth_iv_offset);
+		iv = *((uint64_t *)(iv_ptr));
 		/* Direction from next bit after end of message */
 		num_bytes = (length_in_bits >> 3) + 1;
 		shift_bits = (BYTE_LEN - 1 - length_in_bits) % BYTE_LEN;
diff --git a/drivers/crypto/kasumi/rte_kasumi_pmd_ops.c b/drivers/crypto/kasumi/rte_kasumi_pmd_ops.c
index 8f1a116..e6f4d31 100644
--- a/drivers/crypto/kasumi/rte_kasumi_pmd_ops.c
+++ b/drivers/crypto/kasumi/rte_kasumi_pmd_ops.c
@@ -56,12 +56,12 @@ static const struct rte_cryptodev_capabilities kasumi_pmd_capabilities[] = {
 					.max = 4,
 					.increment = 0
 				},
-				.aad_size = {
+				.iv_size = {
 					.min = 8,
 					.max = 8,
 					.increment = 0
 				},
-				.iv_size = { 0 }
+				.aad_size = { 0 }
 			}, }
 		}, }
 	},
diff --git a/drivers/crypto/kasumi/rte_kasumi_pmd_private.h b/drivers/crypto/kasumi/rte_kasumi_pmd_private.h
index 6a0d47a..727cfe4 100644
--- a/drivers/crypto/kasumi/rte_kasumi_pmd_private.h
+++ b/drivers/crypto/kasumi/rte_kasumi_pmd_private.h
@@ -92,7 +92,8 @@ struct kasumi_session {
 	sso_kasumi_key_sched_t pKeySched_hash;
 	enum kasumi_operation op;
 	enum rte_crypto_auth_operation auth_op;
-	uint16_t iv_offset;
+	uint16_t cipher_iv_offset;
+	uint16_t auth_iv_offset;
 } __rte_cache_aligned;
 
 
diff --git a/drivers/crypto/qat/qat_adf/qat_algs.h b/drivers/crypto/qat/qat_adf/qat_algs.h
index e8fa3d3..f70c6cb 100644
--- a/drivers/crypto/qat/qat_adf/qat_algs.h
+++ b/drivers/crypto/qat/qat_adf/qat_algs.h
@@ -130,7 +130,11 @@ struct qat_session {
 	struct {
 		uint16_t offset;
 		uint16_t length;
-	} iv;
+	} cipher_iv;
+	struct {
+		uint16_t offset;
+		uint16_t length;
+	} auth_iv;
 	rte_spinlock_t lock;	/* protects this struct */
 };
 
diff --git a/drivers/crypto/qat/qat_adf/qat_algs_build_desc.c b/drivers/crypto/qat/qat_adf/qat_algs_build_desc.c
index 154e1dd..5bf9c86 100644
--- a/drivers/crypto/qat/qat_adf/qat_algs_build_desc.c
+++ b/drivers/crypto/qat/qat_adf/qat_algs_build_desc.c
@@ -837,8 +837,7 @@ int qat_alg_aead_session_create_content_desc_auth(struct qat_session *cdesc,
 				0, ICP_QAT_HW_SNOW_3G_UEA2_IV_SZ);
 		cdesc->cd_cur_ptr += sizeof(struct icp_qat_hw_cipher_config) +
 				authkeylen + ICP_QAT_HW_SNOW_3G_UEA2_IV_SZ;
-		auth_param->hash_state_sz =
-				RTE_ALIGN_CEIL(add_auth_data_length, 16) >> 3;
+		auth_param->hash_state_sz = ICP_QAT_HW_SNOW_3G_UEA2_IV_SZ >> 3;
 		break;
 	case ICP_QAT_HW_AUTH_ALGO_ZUC_3G_128_EIA3:
 		hash->auth_config.config =
@@ -854,8 +853,7 @@ int qat_alg_aead_session_create_content_desc_auth(struct qat_session *cdesc,
 		memcpy(cdesc->cd_cur_ptr + state1_size, authkey, authkeylen);
 		cdesc->cd_cur_ptr += state1_size + state2_size
 			+ ICP_QAT_HW_ZUC_3G_EEA3_IV_SZ;
-		auth_param->hash_state_sz =
-				RTE_ALIGN_CEIL(add_auth_data_length, 16) >> 3;
+		auth_param->hash_state_sz = ICP_QAT_HW_ZUC_3G_EEA3_IV_SZ >> 3;
 
 		break;
 	case ICP_QAT_HW_AUTH_ALGO_MD5:
diff --git a/drivers/crypto/qat/qat_crypto.c b/drivers/crypto/qat/qat_crypto.c
index 01f7de1..a384b24 100644
--- a/drivers/crypto/qat/qat_crypto.c
+++ b/drivers/crypto/qat/qat_crypto.c
@@ -298,8 +298,8 @@ qat_crypto_sym_configure_session_cipher(struct rte_cryptodev *dev,
 	/* Get cipher xform from crypto xform chain */
 	cipher_xform = qat_get_cipher_xform(xform);
 
-	session->iv.offset = cipher_xform->iv.offset;
-	session->iv.length = cipher_xform->iv.length;
+	session->cipher_iv.offset = cipher_xform->iv.offset;
+	session->cipher_iv.length = cipher_xform->iv.length;
 
 	switch (cipher_xform->algo) {
 	case RTE_CRYPTO_CIPHER_AES_CBC:
@@ -584,6 +584,9 @@ qat_crypto_sym_configure_session_auth(struct rte_cryptodev *dev,
 	}
 	cipher_xform = qat_get_cipher_xform(xform);
 
+	session->auth_iv.offset = auth_xform->iv.offset;
+	session->auth_iv.length = auth_xform->iv.length;
+
 	if ((session->qat_hash_alg == ICP_QAT_HW_AUTH_ALGO_GALOIS_128) ||
 			(session->qat_hash_alg ==
 				ICP_QAT_HW_AUTH_ALGO_GALOIS_64))  {
@@ -646,7 +649,7 @@ qat_bpicipher_preprocess(struct qat_session *ctx,
 		else
 			/* runt block, i.e. less than one full block */
 			iv = rte_crypto_op_ctod_offset(op, uint8_t *,
-					ctx->iv.offset);
+					ctx->cipher_iv.offset);
 
 #ifdef RTE_LIBRTE_PMD_QAT_DEBUG_TX
 		rte_hexdump(stdout, "BPI: src before pre-process:", last_block,
@@ -702,7 +705,7 @@ qat_bpicipher_postprocess(struct qat_session *ctx,
 		else
 			/* runt block, i.e. less than one full block */
 			iv = rte_crypto_op_ctod_offset(op, uint8_t *,
-					ctx->iv.offset);
+					ctx->cipher_iv.offset);
 
 #ifdef RTE_LIBRTE_PMD_QAT_DEBUG_RX
 		rte_hexdump(stdout, "BPI: src before post-process:", last_block,
@@ -908,8 +911,7 @@ qat_write_hw_desc_entry(struct rte_crypto_op *op, uint8_t *out_msg,
 	uint32_t min_ofs = 0;
 	uint64_t src_buf_start = 0, dst_buf_start = 0;
 	uint8_t do_sgl = 0;
-	uint8_t *iv_ptr;
-
+	uint8_t *cipher_iv_ptr = NULL;
 
 #ifdef RTE_LIBRTE_PMD_QAT_DEBUG_TX
 	if (unlikely(op->type != RTE_CRYPTO_OP_TYPE_SYMMETRIC)) {
@@ -982,21 +984,21 @@ qat_write_hw_desc_entry(struct rte_crypto_op *op, uint8_t *out_msg,
 			cipher_ofs = op->sym->cipher.data.offset;
 		}
 
-		iv_ptr = rte_crypto_op_ctod_offset(op, uint8_t *,
-					ctx->iv.offset);
+		cipher_iv_ptr = rte_crypto_op_ctod_offset(op, uint8_t *,
+					ctx->cipher_iv.offset);
 		/* copy IV into request if it fits */
-		if (ctx->iv.length <=
+		if (ctx->cipher_iv.length <=
 				sizeof(cipher_param->u.cipher_IV_array)) {
 			rte_memcpy(cipher_param->u.cipher_IV_array,
-					iv_ptr,
-					ctx->iv.length);
+					cipher_iv_ptr,
+					ctx->cipher_iv.length);
 		} else {
 			ICP_QAT_FW_LA_CIPH_IV_FLD_FLAG_SET(
 					qat_req->comn_hdr.serv_specif_flags,
 					ICP_QAT_FW_CIPH_IV_64BIT_PTR);
 			cipher_param->u.s.cipher_IV_ptr =
 					rte_crypto_op_ctophys_offset(op,
-						ctx->iv.offset);
+						ctx->cipher_iv.offset);
 		}
 		min_ofs = cipher_ofs;
 	}
@@ -1028,7 +1030,9 @@ qat_write_hw_desc_entry(struct rte_crypto_op *op, uint8_t *out_msg,
 							op->sym->m_src,
 							ICP_QAT_HW_KASUMI_BLK_SZ);
 				const uint8_t *auth_iv_ptr_src =
-						op->sym->auth.aad.data;
+						rte_crypto_op_ctod_offset(op,
+							uint8_t *,
+							ctx->auth_iv.offset);
 				rte_memcpy(auth_iv_ptr_dst, auth_iv_ptr_src,
 					       ICP_QAT_HW_KASUMI_BLK_SZ);
 				/* Auth IV and message is contiguous + direction bit */
@@ -1037,7 +1041,9 @@ qat_write_hw_desc_entry(struct rte_crypto_op *op, uint8_t *out_msg,
 				if (do_cipher)
 					cipher_ofs += ICP_QAT_HW_KASUMI_BLK_SZ;
 			} else
-				auth_param->u1.aad_adr = op->sym->auth.aad.phys_addr;
+				auth_param->u1.aad_adr =
+					rte_crypto_op_ctophys_offset(op,
+							ctx->auth_iv.offset);
 
 		} else if (ctx->qat_hash_alg ==
 					ICP_QAT_HW_AUTH_ALGO_GALOIS_128 ||
@@ -1162,7 +1168,7 @@ qat_write_hw_desc_entry(struct rte_crypto_op *op, uint8_t *out_msg,
 
 	if (ctx->qat_hash_alg == ICP_QAT_HW_AUTH_ALGO_GALOIS_128 ||
 			ctx->qat_hash_alg == ICP_QAT_HW_AUTH_ALGO_GALOIS_64) {
-		if (ctx->iv.length == 12) {
+		if (ctx->cipher_iv.length == 12) {
 			/*
 			 * For GCM a 12 bit IV is allowed,
 			 * but we need to inform the f/w
@@ -1197,10 +1203,17 @@ qat_write_hw_desc_entry(struct rte_crypto_op *op, uint8_t *out_msg,
 			rte_pktmbuf_mtod(op->sym->m_src, uint8_t*),
 			rte_pktmbuf_data_len(op->sym->m_src));
 	if (do_cipher)
-		rte_hexdump(stdout, "iv:", iv_ptr,
-				ctx->iv.length);
+		rte_hexdump(stdout, "cipher iv:", cipher_iv_ptr,
+				ctx->cipher_iv.length);
 
 	if (do_auth) {
+		if (ctx->auth_iv.length) {
+			uint8_t *auth_iv_ptr = rte_crypto_op_ctod_offset(op,
+							uint8_t *,
+							ctx->auth_iv.offset);
+			rte_hexdump(stdout, "auth iv:", auth_iv_ptr,
+						ctx->auth_iv.length);
+		}
 		rte_hexdump(stdout, "digest:", op->sym->auth.digest.data,
 				op->sym->auth.digest.length);
 		rte_hexdump(stdout, "aad:", op->sym->auth.aad.data,
diff --git a/drivers/crypto/qat/qat_crypto_capabilities.h b/drivers/crypto/qat/qat_crypto_capabilities.h
index 4bc2c97..fbff148 100644
--- a/drivers/crypto/qat/qat_crypto_capabilities.h
+++ b/drivers/crypto/qat/qat_crypto_capabilities.h
@@ -258,12 +258,12 @@
 					.max = 4,			\
 					.increment = 0			\
 				},					\
-				.aad_size = {				\
+				.iv_size = {				\
 					.min = 16,			\
 					.max = 16,			\
 					.increment = 0			\
 				},					\
-				.iv_size = { 0 }			\
+				.aad_size = { 0 }			\
 			}, }						\
 		}, }							\
 	},								\
@@ -446,12 +446,12 @@
 					.max = 4,			\
 					.increment = 0			\
 				},					\
-				.aad_size = {				\
+				.iv_size = {				\
 					.min = 8,			\
 					.max = 8,			\
 					.increment = 0			\
 				},					\
-				.iv_size = { 0 }			\
+				.aad_size = { 0 }			\
 			}, }						\
 		}, }							\
 	},								\
@@ -574,12 +574,12 @@
 					.max = 4,			\
 					.increment = 0			\
 				},					\
-				.aad_size = {				\
+				.iv_size = {				\
 					.min = 16,			\
 					.max = 16,			\
 					.increment = 0			\
 				},					\
-				.iv_size = { 0 }			\
+				.aad_size = { 0 }			\
 			}, }						\
 		}, }							\
 	}
diff --git a/drivers/crypto/snow3g/rte_snow3g_pmd.c b/drivers/crypto/snow3g/rte_snow3g_pmd.c
index 2b1689b..23f00a6 100644
--- a/drivers/crypto/snow3g/rte_snow3g_pmd.c
+++ b/drivers/crypto/snow3g/rte_snow3g_pmd.c
@@ -121,7 +121,7 @@ snow3g_set_session_parameters(struct snow3g_session *sess,
 			SNOW3G_LOG_ERR("Wrong IV length");
 			return -EINVAL;
 		}
-		sess->iv_offset = cipher_xform->cipher.iv.offset;
+		sess->cipher_iv_offset = cipher_xform->cipher.iv.offset;
 
 		/* Initialize key */
 		sso_snow3g_init_key_sched(cipher_xform->cipher.key.data,
@@ -133,6 +133,13 @@ snow3g_set_session_parameters(struct snow3g_session *sess,
 		if (auth_xform->auth.algo != RTE_CRYPTO_AUTH_SNOW3G_UIA2)
 			return -EINVAL;
 		sess->auth_op = auth_xform->auth.op;
+
+		if (auth_xform->auth.iv.length != SNOW3G_IV_LENGTH) {
+			SNOW3G_LOG_ERR("Wrong IV length");
+			return -EINVAL;
+		}
+		sess->auth_iv_offset = auth_xform->auth.iv.offset;
+
 		/* Initialize key */
 		sso_snow3g_init_key_sched(auth_xform->auth.key.data,
 				&sess->pKeySched_hash);
@@ -193,7 +200,7 @@ process_snow3g_cipher_op(struct rte_crypto_op **ops,
 			rte_pktmbuf_mtod(ops[i]->sym->m_src, uint8_t *) +
 				(ops[i]->sym->cipher.data.offset >> 3);
 		iv[i] = rte_crypto_op_ctod_offset(ops[i], uint8_t *,
-				session->iv_offset);
+				session->cipher_iv_offset);
 		num_bytes[i] = ops[i]->sym->cipher.data.length >> 3;
 
 		processed_ops++;
@@ -223,7 +230,7 @@ process_snow3g_cipher_op_bit(struct rte_crypto_op *op,
 	}
 	dst = rte_pktmbuf_mtod(op->sym->m_dst, uint8_t *);
 	iv = rte_crypto_op_ctod_offset(op, uint8_t *,
-				session->iv_offset);
+				session->cipher_iv_offset);
 	length_in_bits = op->sym->cipher.data.length;
 
 	sso_snow3g_f8_1_buffer_bit(&session->pKeySched_cipher, iv,
@@ -242,14 +249,9 @@ process_snow3g_hash_op(struct rte_crypto_op **ops,
 	uint8_t processed_ops = 0;
 	uint8_t *src, *dst;
 	uint32_t length_in_bits;
+	uint8_t *iv;
 
 	for (i = 0; i < num_ops; i++) {
-		if (unlikely(ops[i]->sym->auth.aad.length != SNOW3G_IV_LENGTH)) {
-			ops[i]->status = RTE_CRYPTO_OP_STATUS_INVALID_ARGS;
-			SNOW3G_LOG_ERR("aad");
-			break;
-		}
-
 		if (unlikely(ops[i]->sym->auth.digest.length != SNOW3G_DIGEST_LENGTH)) {
 			ops[i]->status = RTE_CRYPTO_OP_STATUS_INVALID_ARGS;
 			SNOW3G_LOG_ERR("digest");
@@ -267,13 +269,15 @@ process_snow3g_hash_op(struct rte_crypto_op **ops,
 
 		src = rte_pktmbuf_mtod(ops[i]->sym->m_src, uint8_t *) +
 				(ops[i]->sym->auth.data.offset >> 3);
+		iv = rte_crypto_op_ctod_offset(ops[i], uint8_t *,
+				session->auth_iv_offset);
 
 		if (session->auth_op == RTE_CRYPTO_AUTH_OP_VERIFY) {
 			dst = (uint8_t *)rte_pktmbuf_append(ops[i]->sym->m_src,
 					ops[i]->sym->auth.digest.length);
 
 			sso_snow3g_f9_1_buffer(&session->pKeySched_hash,
-					ops[i]->sym->auth.aad.data, src,
+					iv, src,
 					length_in_bits,	dst);
 			/* Verify digest. */
 			if (memcmp(dst, ops[i]->sym->auth.digest.data,
@@ -287,7 +291,7 @@ process_snow3g_hash_op(struct rte_crypto_op **ops,
 			dst = ops[i]->sym->auth.digest.data;
 
 			sso_snow3g_f9_1_buffer(&session->pKeySched_hash,
-					ops[i]->sym->auth.aad.data, src,
+					iv, src,
 					length_in_bits, dst);
 		}
 		processed_ops++;
diff --git a/drivers/crypto/snow3g/rte_snow3g_pmd_ops.c b/drivers/crypto/snow3g/rte_snow3g_pmd_ops.c
index 68ede97..0a56b5d 100644
--- a/drivers/crypto/snow3g/rte_snow3g_pmd_ops.c
+++ b/drivers/crypto/snow3g/rte_snow3g_pmd_ops.c
@@ -56,12 +56,12 @@ static const struct rte_cryptodev_capabilities snow3g_pmd_capabilities[] = {
 					.max = 4,
 					.increment = 0
 				},
-				.aad_size = {
+				.iv_size = {
 					.min = 16,
 					.max = 16,
 					.increment = 0
 				},
-				.iv_size = { 0 },
+				.aad_size = { 0 }
 			}, }
 		}, }
 	},
diff --git a/drivers/crypto/snow3g/rte_snow3g_pmd_private.h b/drivers/crypto/snow3g/rte_snow3g_pmd_private.h
index e8943a7..c5733fb 100644
--- a/drivers/crypto/snow3g/rte_snow3g_pmd_private.h
+++ b/drivers/crypto/snow3g/rte_snow3g_pmd_private.h
@@ -91,7 +91,8 @@ struct snow3g_session {
 	enum rte_crypto_auth_operation auth_op;
 	sso_snow3g_key_schedule_t pKeySched_cipher;
 	sso_snow3g_key_schedule_t pKeySched_hash;
-	uint16_t iv_offset;
+	uint16_t cipher_iv_offset;
+	uint16_t auth_iv_offset;
 } __rte_cache_aligned;
 
 
diff --git a/drivers/crypto/zuc/rte_zuc_pmd.c b/drivers/crypto/zuc/rte_zuc_pmd.c
index c48a2d6..c824d9c 100644
--- a/drivers/crypto/zuc/rte_zuc_pmd.c
+++ b/drivers/crypto/zuc/rte_zuc_pmd.c
@@ -120,7 +120,7 @@ zuc_set_session_parameters(struct zuc_session *sess,
 			ZUC_LOG_ERR("Wrong IV length");
 			return -EINVAL;
 		}
-		sess->iv_offset = cipher_xform->cipher.iv.offset;
+		sess->cipher_iv_offset = cipher_xform->cipher.iv.offset;
 
 		/* Copy the key */
 		memcpy(sess->pKey_cipher, cipher_xform->cipher.key.data,
@@ -132,6 +132,13 @@ zuc_set_session_parameters(struct zuc_session *sess,
 		if (auth_xform->auth.algo != RTE_CRYPTO_AUTH_ZUC_EIA3)
 			return -EINVAL;
 		sess->auth_op = auth_xform->auth.op;
+
+		if (auth_xform->auth.iv.length != ZUC_IV_KEY_LENGTH) {
+			ZUC_LOG_ERR("Wrong IV length");
+			return -EINVAL;
+		}
+		sess->auth_iv_offset = auth_xform->auth.iv.offset;
+
 		/* Copy the key */
 		memcpy(sess->pKey_hash, auth_xform->auth.key.data,
 				ZUC_IV_KEY_LENGTH);
@@ -214,7 +221,7 @@ process_zuc_cipher_op(struct rte_crypto_op **ops,
 			rte_pktmbuf_mtod(ops[i]->sym->m_src, uint8_t *) +
 				(ops[i]->sym->cipher.data.offset >> 3);
 		iv[i] = rte_crypto_op_ctod_offset(ops[i], uint8_t *,
-				session->iv_offset);
+				session->cipher_iv_offset);
 		num_bytes[i] = ops[i]->sym->cipher.data.length >> 3;
 
 		cipher_keys[i] = session->pKey_cipher;
@@ -239,14 +246,9 @@ process_zuc_hash_op(struct rte_crypto_op **ops,
 	uint8_t *src;
 	uint32_t *dst;
 	uint32_t length_in_bits;
+	uint8_t *iv;
 
 	for (i = 0; i < num_ops; i++) {
-		if (unlikely(ops[i]->sym->auth.aad.length != ZUC_IV_KEY_LENGTH)) {
-			ops[i]->status = RTE_CRYPTO_OP_STATUS_INVALID_ARGS;
-			ZUC_LOG_ERR("aad");
-			break;
-		}
-
 		if (unlikely(ops[i]->sym->auth.digest.length != ZUC_DIGEST_LENGTH)) {
 			ops[i]->status = RTE_CRYPTO_OP_STATUS_INVALID_ARGS;
 			ZUC_LOG_ERR("digest");
@@ -264,13 +266,15 @@ process_zuc_hash_op(struct rte_crypto_op **ops,
 
 		src = rte_pktmbuf_mtod(ops[i]->sym->m_src, uint8_t *) +
 				(ops[i]->sym->auth.data.offset >> 3);
+		iv = rte_crypto_op_ctod_offset(ops[i], uint8_t *,
+				session->auth_iv_offset);
 
 		if (session->auth_op == RTE_CRYPTO_AUTH_OP_VERIFY) {
 			dst = (uint32_t *)rte_pktmbuf_append(ops[i]->sym->m_src,
 					ops[i]->sym->auth.digest.length);
 
 			sso_zuc_eia3_1_buffer(session->pKey_hash,
-					ops[i]->sym->auth.aad.data, src,
+					iv, src,
 					length_in_bits,	dst);
 			/* Verify digest. */
 			if (memcmp(dst, ops[i]->sym->auth.digest.data,
@@ -284,7 +288,7 @@ process_zuc_hash_op(struct rte_crypto_op **ops,
 			dst = (uint32_t *)ops[i]->sym->auth.digest.data;
 
 			sso_zuc_eia3_1_buffer(session->pKey_hash,
-					ops[i]->sym->auth.aad.data, src,
+					iv, src,
 					length_in_bits, dst);
 		}
 		processed_ops++;
diff --git a/drivers/crypto/zuc/rte_zuc_pmd_ops.c b/drivers/crypto/zuc/rte_zuc_pmd_ops.c
index 02c3c4a..e97b8d2 100644
--- a/drivers/crypto/zuc/rte_zuc_pmd_ops.c
+++ b/drivers/crypto/zuc/rte_zuc_pmd_ops.c
@@ -56,12 +56,12 @@ static const struct rte_cryptodev_capabilities zuc_pmd_capabilities[] = {
 					.max = 4,
 					.increment = 0
 				},
-				.aad_size = {
+				.iv_size = {
 					.min = 16,
 					.max = 16,
 					.increment = 0
 				},
-				.iv_size = { 0 }
+				.aad_size = { 0 }
 			}, }
 		}, }
 	},
diff --git a/drivers/crypto/zuc/rte_zuc_pmd_private.h b/drivers/crypto/zuc/rte_zuc_pmd_private.h
index cee1b5d..173fe47 100644
--- a/drivers/crypto/zuc/rte_zuc_pmd_private.h
+++ b/drivers/crypto/zuc/rte_zuc_pmd_private.h
@@ -92,7 +92,8 @@ struct zuc_session {
 	enum rte_crypto_auth_operation auth_op;
 	uint8_t pKey_cipher[ZUC_IV_KEY_LENGTH];
 	uint8_t pKey_hash[ZUC_IV_KEY_LENGTH];
-	uint16_t iv_offset;
+	uint16_t cipher_iv_offset;
+	uint16_t auth_iv_offset;
 } __rte_cache_aligned;
 
 
diff --git a/lib/librte_cryptodev/rte_crypto_sym.h b/lib/librte_cryptodev/rte_crypto_sym.h
index 0e84bad..3ccb6fd 100644
--- a/lib/librte_cryptodev/rte_crypto_sym.h
+++ b/lib/librte_cryptodev/rte_crypto_sym.h
@@ -373,9 +373,6 @@ struct rte_crypto_auth_xform {
 	 * This field must be specified when the hash algorithm is one of the
 	 * following:
 	 *
-	 * - For SNOW 3G (@ref RTE_CRYPTO_AUTH_SNOW3G_UIA2), this is the
-	 *   length of the IV (which should be 16).
-	 *
 	 * - For GCM (@ref RTE_CRYPTO_AUTH_AES_GCM).  In this case, this is
 	 *   the length of the Additional Authenticated Data (called A, in NIST
 	 *   SP800-38D).
@@ -617,9 +614,7 @@ struct rte_crypto_sym_op {
 			uint8_t *data;
 			/**< Pointer to Additional Authenticated Data (AAD)
 			 * needed for authenticated cipher mechanisms (CCM and
-			 * GCM), and to the IV for SNOW 3G authentication
-			 * (@ref RTE_CRYPTO_AUTH_SNOW3G_UIA2). For other
-			 * authentication mechanisms this pointer is ignored.
+			 * GCM).
 			 *
 			 * The length of the data pointed to by this field is
 			 * set up for the session in the @ref
diff --git a/test/test/test_cryptodev.c b/test/test/test_cryptodev.c
index 1f066fb..b5b499a 100644
--- a/test/test/test_cryptodev.c
+++ b/test/test/test_cryptodev.c
@@ -1774,7 +1774,7 @@ test_AES_chain_armv8_all(void)
 static int
 create_wireless_algo_hash_session(uint8_t dev_id,
 	const uint8_t *key, const uint8_t key_len,
-	const uint8_t aad_len, const uint8_t auth_len,
+	const uint8_t iv_len, const uint8_t auth_len,
 	enum rte_crypto_auth_operation op,
 	enum rte_crypto_auth_algorithm algo)
 {
@@ -1795,7 +1795,8 @@ create_wireless_algo_hash_session(uint8_t dev_id,
 	ut_params->auth_xform.auth.key.length = key_len;
 	ut_params->auth_xform.auth.key.data = hash_key;
 	ut_params->auth_xform.auth.digest_length = auth_len;
-	ut_params->auth_xform.auth.add_auth_data_length = aad_len;
+	ut_params->auth_xform.auth.iv.offset = IV_OFFSET;
+	ut_params->auth_xform.auth.iv.length = iv_len;
 	ut_params->sess = rte_cryptodev_sym_session_create(dev_id,
 				&ut_params->auth_xform);
 	TEST_ASSERT_NOT_NULL(ut_params->sess, "Session creation failed");
@@ -1903,9 +1904,9 @@ create_wireless_algo_cipher_auth_session(uint8_t dev_id,
 		enum rte_crypto_auth_operation auth_op,
 		enum rte_crypto_auth_algorithm auth_algo,
 		enum rte_crypto_cipher_algorithm cipher_algo,
-		const uint8_t *key, const uint8_t key_len,
-		const uint8_t aad_len, const uint8_t auth_len,
-		uint8_t iv_len)
+		const uint8_t *key, uint8_t key_len,
+		uint8_t auth_iv_len, uint8_t auth_len,
+		uint8_t cipher_iv_len)
 
 {
 	uint8_t cipher_auth_key[key_len];
@@ -1924,7 +1925,9 @@ create_wireless_algo_cipher_auth_session(uint8_t dev_id,
 	/* Hash key = cipher key */
 	ut_params->auth_xform.auth.key.data = cipher_auth_key;
 	ut_params->auth_xform.auth.digest_length = auth_len;
-	ut_params->auth_xform.auth.add_auth_data_length = aad_len;
+	/* Auth IV will be after cipher IV */
+	ut_params->auth_xform.auth.iv.offset = IV_OFFSET + cipher_iv_len;
+	ut_params->auth_xform.auth.iv.length = auth_iv_len;
 
 	/* Setup Cipher Parameters */
 	ut_params->cipher_xform.type = RTE_CRYPTO_SYM_XFORM_CIPHER;
@@ -1935,7 +1938,7 @@ create_wireless_algo_cipher_auth_session(uint8_t dev_id,
 	ut_params->cipher_xform.cipher.key.data = cipher_auth_key;
 	ut_params->cipher_xform.cipher.key.length = key_len;
 	ut_params->cipher_xform.cipher.iv.offset = IV_OFFSET;
-	ut_params->cipher_xform.cipher.iv.length = iv_len;
+	ut_params->cipher_xform.cipher.iv.length = cipher_iv_len;
 
 	TEST_HEXDUMP(stdout, "key:", key, key_len);
 
@@ -1960,9 +1963,9 @@ create_wireless_cipher_auth_session(uint8_t dev_id,
 
 	struct crypto_unittest_params *ut_params = &unittest_params;
 	const uint8_t *key = tdata->key.data;
-	const uint8_t aad_len = tdata->aad.len;
 	const uint8_t auth_len = tdata->digest.len;
-	uint8_t iv_len = tdata->iv.len;
+	uint8_t cipher_iv_len = tdata->cipher_iv.len;
+	uint8_t auth_iv_len = tdata->auth_iv.len;
 
 	memcpy(cipher_auth_key, key, key_len);
 
@@ -1976,7 +1979,9 @@ create_wireless_cipher_auth_session(uint8_t dev_id,
 	/* Hash key = cipher key */
 	ut_params->auth_xform.auth.key.data = cipher_auth_key;
 	ut_params->auth_xform.auth.digest_length = auth_len;
-	ut_params->auth_xform.auth.add_auth_data_length = aad_len;
+	/* Auth IV will be after cipher IV */
+	ut_params->auth_xform.auth.iv.offset = IV_OFFSET + cipher_iv_len;
+	ut_params->auth_xform.auth.iv.length = auth_iv_len;
 
 	/* Setup Cipher Parameters */
 	ut_params->cipher_xform.type = RTE_CRYPTO_SYM_XFORM_CIPHER;
@@ -1987,7 +1992,7 @@ create_wireless_cipher_auth_session(uint8_t dev_id,
 	ut_params->cipher_xform.cipher.key.data = cipher_auth_key;
 	ut_params->cipher_xform.cipher.key.length = key_len;
 	ut_params->cipher_xform.cipher.iv.offset = IV_OFFSET;
-	ut_params->cipher_xform.cipher.iv.length = iv_len;
+	ut_params->cipher_xform.cipher.iv.length = cipher_iv_len;
 
 
 	TEST_HEXDUMP(stdout, "key:", key, key_len);
@@ -2017,8 +2022,8 @@ create_wireless_algo_auth_cipher_session(uint8_t dev_id,
 		enum rte_crypto_auth_algorithm auth_algo,
 		enum rte_crypto_cipher_algorithm cipher_algo,
 		const uint8_t *key, const uint8_t key_len,
-		const uint8_t aad_len, const uint8_t auth_len,
-		uint8_t iv_len)
+		uint8_t auth_iv_len, uint8_t auth_len,
+		uint8_t cipher_iv_len)
 {
 	uint8_t auth_cipher_key[key_len];
 
@@ -2034,7 +2039,9 @@ create_wireless_algo_auth_cipher_session(uint8_t dev_id,
 	ut_params->auth_xform.auth.key.length = key_len;
 	ut_params->auth_xform.auth.key.data = auth_cipher_key;
 	ut_params->auth_xform.auth.digest_length = auth_len;
-	ut_params->auth_xform.auth.add_auth_data_length = aad_len;
+	/* Auth IV will be after cipher IV */
+	ut_params->auth_xform.auth.iv.offset = IV_OFFSET + cipher_iv_len;
+	ut_params->auth_xform.auth.iv.length = auth_iv_len;
 
 	/* Setup Cipher Parameters */
 	ut_params->cipher_xform.type = RTE_CRYPTO_SYM_XFORM_CIPHER;
@@ -2044,7 +2051,7 @@ create_wireless_algo_auth_cipher_session(uint8_t dev_id,
 	ut_params->cipher_xform.cipher.key.data = auth_cipher_key;
 	ut_params->cipher_xform.cipher.key.length = key_len;
 	ut_params->cipher_xform.cipher.iv.offset = IV_OFFSET;
-	ut_params->cipher_xform.cipher.iv.length = iv_len;
+	ut_params->cipher_xform.cipher.iv.length = cipher_iv_len;
 
 	TEST_HEXDUMP(stdout, "key:", key, key_len);
 
@@ -2059,19 +2066,16 @@ create_wireless_algo_auth_cipher_session(uint8_t dev_id,
 
 static int
 create_wireless_algo_hash_operation(const uint8_t *auth_tag,
-		const unsigned auth_tag_len,
-		const uint8_t *aad, const unsigned aad_len,
-		unsigned data_pad_len,
+		unsigned int auth_tag_len,
+		const uint8_t *iv, unsigned int iv_len,
+		unsigned int data_pad_len,
 		enum rte_crypto_auth_operation op,
-		enum rte_crypto_auth_algorithm algo,
-		const unsigned auth_len, const unsigned auth_offset)
+		unsigned int auth_len, unsigned int auth_offset)
 {
 	struct crypto_testsuite_params *ts_params = &testsuite_params;
 
 	struct crypto_unittest_params *ut_params = &unittest_params;
 
-	unsigned aad_buffer_len;
-
 	/* Generate Crypto op data structure */
 	ut_params->op = rte_crypto_op_alloc(ts_params->op_mpool,
 			RTE_CRYPTO_OP_TYPE_SYMMETRIC);
@@ -2086,32 +2090,9 @@ create_wireless_algo_hash_operation(const uint8_t *auth_tag,
 	/* set crypto operation source mbuf */
 	sym_op->m_src = ut_params->ibuf;
 
-	/* aad */
-	/*
-	* Always allocate the aad up to the block size.
-	* The cryptodev API calls out -
-	*  - the array must be big enough to hold the AAD, plus any
-	*   space to round this up to the nearest multiple of the
-	*   block size (8 bytes for KASUMI and 16 bytes for SNOW 3G).
-	*/
-	if (algo == RTE_CRYPTO_AUTH_KASUMI_F9)
-		aad_buffer_len = ALIGN_POW2_ROUNDUP(aad_len, 8);
-	else
-		aad_buffer_len = ALIGN_POW2_ROUNDUP(aad_len, 16);
-	sym_op->auth.aad.data = (uint8_t *)rte_pktmbuf_prepend(
-			ut_params->ibuf, aad_buffer_len);
-	TEST_ASSERT_NOT_NULL(sym_op->auth.aad.data,
-					"no room to prepend aad");
-	sym_op->auth.aad.phys_addr = rte_pktmbuf_mtophys(
-			ut_params->ibuf);
-	sym_op->auth.aad.length = aad_len;
-
-	memset(sym_op->auth.aad.data, 0, aad_buffer_len);
-	rte_memcpy(sym_op->auth.aad.data, aad, aad_len);
-
-	TEST_HEXDUMP(stdout, "aad:",
-			sym_op->auth.aad.data, aad_len);
-
+	/* iv */
+	rte_memcpy(rte_crypto_op_ctod_offset(ut_params->op, uint8_t *, IV_OFFSET),
+			iv, iv_len);
 	/* digest */
 	sym_op->auth.digest.data = (uint8_t *)rte_pktmbuf_append(
 					ut_params->ibuf, auth_tag_len);
@@ -2120,7 +2101,7 @@ create_wireless_algo_hash_operation(const uint8_t *auth_tag,
 				"no room to append auth tag");
 	ut_params->digest = sym_op->auth.digest.data;
 	sym_op->auth.digest.phys_addr = rte_pktmbuf_mtophys_offset(
-			ut_params->ibuf, data_pad_len + aad_len);
+			ut_params->ibuf, data_pad_len);
 	sym_op->auth.digest.length = auth_tag_len;
 	if (op == RTE_CRYPTO_AUTH_OP_GENERATE)
 		memset(sym_op->auth.digest.data, 0, auth_tag_len);
@@ -2139,27 +2120,22 @@ create_wireless_algo_hash_operation(const uint8_t *auth_tag,
 
 static int
 create_wireless_cipher_hash_operation(const struct wireless_test_data *tdata,
-	enum rte_crypto_auth_operation op,
-	enum rte_crypto_auth_algorithm auth_algo)
+	enum rte_crypto_auth_operation op)
 {
 	struct crypto_testsuite_params *ts_params = &testsuite_params;
 	struct crypto_unittest_params *ut_params = &unittest_params;
 
 	const uint8_t *auth_tag = tdata->digest.data;
 	const unsigned int auth_tag_len = tdata->digest.len;
-	const uint8_t *aad = tdata->aad.data;
-	const uint8_t aad_len = tdata->aad.len;
 	unsigned int plaintext_len = ceil_byte_length(tdata->plaintext.len);
 	unsigned int data_pad_len = RTE_ALIGN_CEIL(plaintext_len, 16);
 
-	const uint8_t *iv = tdata->iv.data;
-	const uint8_t iv_len = tdata->iv.len;
+	const uint8_t *cipher_iv = tdata->cipher_iv.data;
+	const uint8_t cipher_iv_len = tdata->cipher_iv.len;
+	const uint8_t *auth_iv = tdata->auth_iv.data;
+	const uint8_t auth_iv_len = tdata->auth_iv.len;
 	const unsigned int cipher_len = tdata->validCipherLenInBits.len;
-	const unsigned int cipher_offset = 0;
 	const unsigned int auth_len = tdata->validAuthLenInBits.len;
-	const unsigned int auth_offset = tdata->aad.len << 3;
-
-	unsigned int aad_buffer_len;
 
 	/* Generate Crypto op data structure */
 	ut_params->op = rte_crypto_op_alloc(ts_params->op_mpool,
@@ -2193,37 +2169,17 @@ create_wireless_cipher_hash_operation(const struct wireless_test_data *tdata,
 		sym_op->auth.digest.data,
 		sym_op->auth.digest.length);
 
-	/* aad */
-	/*
-	* Always allocate the aad up to the block size.
-	* The cryptodev API calls out -
-	*  - the array must be big enough to hold the AAD, plus any
-	*   space to round this up to the nearest multiple of the
-	*   block size (8 bytes for KASUMI and 16 bytes for SNOW 3G).
-	*/
-	if (auth_algo == RTE_CRYPTO_AUTH_KASUMI_F9)
-		aad_buffer_len = ALIGN_POW2_ROUNDUP(aad_len, 8);
-	else
-		aad_buffer_len = ALIGN_POW2_ROUNDUP(aad_len, 16);
-	sym_op->auth.aad.data =
-		(uint8_t *)rte_pktmbuf_prepend(
-			ut_params->ibuf, aad_buffer_len);
-	TEST_ASSERT_NOT_NULL(sym_op->auth.aad.data,
-			"no room to prepend aad");
-	sym_op->auth.aad.phys_addr = rte_pktmbuf_mtophys(
-			ut_params->ibuf);
-	sym_op->auth.aad.length = aad_len;
-	memset(sym_op->auth.aad.data, 0, aad_buffer_len);
-	rte_memcpy(sym_op->auth.aad.data, aad, aad_len);
-	TEST_HEXDUMP(stdout, "aad:", sym_op->auth.aad.data, aad_len);
+	/* Copy cipher and auth IVs at the end of the crypto operation */
+	uint8_t *iv_ptr = rte_crypto_op_ctod_offset(ut_params->op, uint8_t *,
+						IV_OFFSET);
+	rte_memcpy(iv_ptr, cipher_iv, cipher_iv_len);
+	iv_ptr += cipher_iv_len;
+	rte_memcpy(iv_ptr, auth_iv, auth_iv_len);
 
-	/* iv */
-	rte_memcpy(rte_crypto_op_ctod_offset(ut_params->op, uint8_t *, IV_OFFSET),
-			iv, iv_len);
 	sym_op->cipher.data.length = cipher_len;
-	sym_op->cipher.data.offset = cipher_offset + auth_offset;
+	sym_op->cipher.data.offset = 0;
 	sym_op->auth.data.length = auth_len;
-	sym_op->auth.data.offset = auth_offset + cipher_offset;
+	sym_op->auth.data.offset = 0;
 
 	return 0;
 }
@@ -2233,26 +2189,22 @@ create_zuc_cipher_hash_generate_operation(
 		const struct wireless_test_data *tdata)
 {
 	return create_wireless_cipher_hash_operation(tdata,
-		RTE_CRYPTO_AUTH_OP_GENERATE,
-		RTE_CRYPTO_AUTH_ZUC_EIA3);
+		RTE_CRYPTO_AUTH_OP_GENERATE);
 }
 
 static int
 create_wireless_algo_cipher_hash_operation(const uint8_t *auth_tag,
 		const unsigned auth_tag_len,
-		const uint8_t *aad, const uint8_t aad_len,
+		const uint8_t *auth_iv, uint8_t auth_iv_len,
 		unsigned data_pad_len,
 		enum rte_crypto_auth_operation op,
-		enum rte_crypto_auth_algorithm auth_algo,
-		const uint8_t *iv, const uint8_t iv_len,
+		const uint8_t *cipher_iv, uint8_t cipher_iv_len,
 		const unsigned cipher_len, const unsigned cipher_offset,
 		const unsigned auth_len, const unsigned auth_offset)
 {
 	struct crypto_testsuite_params *ts_params = &testsuite_params;
 	struct crypto_unittest_params *ut_params = &unittest_params;
 
-	unsigned aad_buffer_len;
-
 	/* Generate Crypto op data structure */
 	ut_params->op = rte_crypto_op_alloc(ts_params->op_mpool,
 			RTE_CRYPTO_OP_TYPE_SYMMETRIC);
@@ -2285,33 +2237,13 @@ create_wireless_algo_cipher_hash_operation(const uint8_t *auth_tag,
 		sym_op->auth.digest.data,
 		sym_op->auth.digest.length);
 
-	/* aad */
-	/*
-	* Always allocate the aad up to the block size.
-	* The cryptodev API calls out -
-	*  - the array must be big enough to hold the AAD, plus any
-	*   space to round this up to the nearest multiple of the
-	*   block size (8 bytes for KASUMI and 16 bytes for SNOW 3G).
-	*/
-	if (auth_algo == RTE_CRYPTO_AUTH_KASUMI_F9)
-		aad_buffer_len = ALIGN_POW2_ROUNDUP(aad_len, 8);
-	else
-		aad_buffer_len = ALIGN_POW2_ROUNDUP(aad_len, 16);
-	sym_op->auth.aad.data =
-		(uint8_t *)rte_pktmbuf_prepend(
-			ut_params->ibuf, aad_buffer_len);
-	TEST_ASSERT_NOT_NULL(sym_op->auth.aad.data,
-			"no room to prepend aad");
-	sym_op->auth.aad.phys_addr = rte_pktmbuf_mtophys(
-			ut_params->ibuf);
-	sym_op->auth.aad.length = aad_len;
-	memset(sym_op->auth.aad.data, 0, aad_buffer_len);
-	rte_memcpy(sym_op->auth.aad.data, aad, aad_len);
-	TEST_HEXDUMP(stdout, "aad:", sym_op->auth.aad.data, aad_len);
+	/* Copy cipher and auth IVs at the end of the crypto operation */
+	uint8_t *iv_ptr = rte_crypto_op_ctod_offset(ut_params->op, uint8_t *,
+						IV_OFFSET);
+	rte_memcpy(iv_ptr, cipher_iv, cipher_iv_len);
+	iv_ptr += cipher_iv_len;
+	rte_memcpy(iv_ptr, auth_iv, auth_iv_len);
 
-	/* iv */
-	rte_memcpy(rte_crypto_op_ctod_offset(ut_params->op, uint8_t *, IV_OFFSET),
-			iv, iv_len);
 	sym_op->cipher.data.length = cipher_len;
 	sym_op->cipher.data.offset = cipher_offset + auth_offset;
 	sym_op->auth.data.length = auth_len;
@@ -2321,19 +2253,16 @@ create_wireless_algo_cipher_hash_operation(const uint8_t *auth_tag,
 }
 
 static int
-create_wireless_algo_auth_cipher_operation(const unsigned auth_tag_len,
-		const uint8_t *iv, const uint8_t iv_len,
-		const uint8_t *aad, const uint8_t aad_len,
-		unsigned data_pad_len,
-		const unsigned cipher_len, const unsigned cipher_offset,
-		const unsigned auth_len, const unsigned auth_offset,
-		enum rte_crypto_auth_algorithm auth_algo)
+create_wireless_algo_auth_cipher_operation(unsigned int auth_tag_len,
+		const uint8_t *cipher_iv, uint8_t cipher_iv_len,
+		const uint8_t *auth_iv, uint8_t auth_iv_len,
+		unsigned int data_pad_len,
+		unsigned int cipher_len, unsigned int cipher_offset,
+		unsigned int auth_len, unsigned int auth_offset)
 {
 	struct crypto_testsuite_params *ts_params = &testsuite_params;
 	struct crypto_unittest_params *ut_params = &unittest_params;
 
-	unsigned aad_buffer_len = 0;
-
 	/* Generate Crypto op data structure */
 	ut_params->op = rte_crypto_op_alloc(ts_params->op_mpool,
 			RTE_CRYPTO_OP_TYPE_SYMMETRIC);
@@ -2365,33 +2294,13 @@ create_wireless_algo_auth_cipher_operation(const unsigned auth_tag_len,
 			sym_op->auth.digest.data,
 			sym_op->auth.digest.length);
 
-	/* aad */
-	/*
-	* Always allocate the aad up to the block size.
-	* The cryptodev API calls out -
-	*  - the array must be big enough to hold the AAD, plus any
-	*   space to round this up to the nearest multiple of the
-	*   block size (8 bytes for KASUMI 16 bytes).
-	*/
-	if (auth_algo == RTE_CRYPTO_AUTH_KASUMI_F9)
-		aad_buffer_len = ALIGN_POW2_ROUNDUP(aad_len, 8);
-	else
-		aad_buffer_len = ALIGN_POW2_ROUNDUP(aad_len, 16);
-	sym_op->auth.aad.data = (uint8_t *)rte_pktmbuf_prepend(
-	ut_params->ibuf, aad_buffer_len);
-	TEST_ASSERT_NOT_NULL(sym_op->auth.aad.data,
-				"no room to prepend aad");
-	sym_op->auth.aad.phys_addr = rte_pktmbuf_mtophys(
-				ut_params->ibuf);
-	sym_op->auth.aad.length = aad_len;
-	memset(sym_op->auth.aad.data, 0, aad_buffer_len);
-	rte_memcpy(sym_op->auth.aad.data, aad, aad_len);
-	TEST_HEXDUMP(stdout, "aad:",
-			sym_op->auth.aad.data, aad_len);
+	/* Copy cipher and auth IVs at the end of the crypto operation */
+	uint8_t *iv_ptr = rte_crypto_op_ctod_offset(ut_params->op, uint8_t *,
+						IV_OFFSET);
+	rte_memcpy(iv_ptr, cipher_iv, cipher_iv_len);
+	iv_ptr += cipher_iv_len;
+	rte_memcpy(iv_ptr, auth_iv, auth_iv_len);
 
-	/* iv */
-	rte_memcpy(rte_crypto_op_ctod_offset(ut_params->op, uint8_t *, IV_OFFSET),
-			iv, iv_len);
 	sym_op->cipher.data.length = cipher_len;
 	sym_op->cipher.data.offset = auth_offset + cipher_offset;
 
@@ -2415,7 +2324,7 @@ test_snow3g_authentication(const struct snow3g_hash_test_data *tdata)
 	/* Create SNOW 3G session */
 	retval = create_wireless_algo_hash_session(ts_params->valid_devs[0],
 			tdata->key.data, tdata->key.len,
-			tdata->aad.len, tdata->digest.len,
+			tdata->auth_iv.len, tdata->digest.len,
 			RTE_CRYPTO_AUTH_OP_GENERATE,
 			RTE_CRYPTO_AUTH_SNOW3G_UIA2);
 	if (retval < 0)
@@ -2437,11 +2346,10 @@ test_snow3g_authentication(const struct snow3g_hash_test_data *tdata)
 
 	/* Create SNOW 3G operation */
 	retval = create_wireless_algo_hash_operation(NULL, tdata->digest.len,
-			tdata->aad.data, tdata->aad.len,
+			tdata->auth_iv.data, tdata->auth_iv.len,
 			plaintext_pad_len, RTE_CRYPTO_AUTH_OP_GENERATE,
-			RTE_CRYPTO_AUTH_SNOW3G_UIA2,
 			tdata->validAuthLenInBits.len,
-			(tdata->aad.len << 3));
+			0);
 	if (retval < 0)
 		return retval;
 
@@ -2450,7 +2358,7 @@ test_snow3g_authentication(const struct snow3g_hash_test_data *tdata)
 	ut_params->obuf = ut_params->op->sym->m_src;
 	TEST_ASSERT_NOT_NULL(ut_params->op, "failed to retrieve obuf");
 	ut_params->digest = rte_pktmbuf_mtod(ut_params->obuf, uint8_t *)
-			+ plaintext_pad_len + tdata->aad.len;
+			+ plaintext_pad_len;
 
 	/* Validate obuf */
 	TEST_ASSERT_BUFFERS_ARE_EQUAL(
@@ -2476,7 +2384,7 @@ test_snow3g_authentication_verify(const struct snow3g_hash_test_data *tdata)
 	/* Create SNOW 3G session */
 	retval = create_wireless_algo_hash_session(ts_params->valid_devs[0],
 				tdata->key.data, tdata->key.len,
-				tdata->aad.len, tdata->digest.len,
+				tdata->auth_iv.len, tdata->digest.len,
 				RTE_CRYPTO_AUTH_OP_VERIFY,
 				RTE_CRYPTO_AUTH_SNOW3G_UIA2);
 	if (retval < 0)
@@ -2498,12 +2406,11 @@ test_snow3g_authentication_verify(const struct snow3g_hash_test_data *tdata)
 	/* Create SNOW 3G operation */
 	retval = create_wireless_algo_hash_operation(tdata->digest.data,
 			tdata->digest.len,
-			tdata->aad.data, tdata->aad.len,
+			tdata->auth_iv.data, tdata->auth_iv.len,
 			plaintext_pad_len,
 			RTE_CRYPTO_AUTH_OP_VERIFY,
-			RTE_CRYPTO_AUTH_SNOW3G_UIA2,
 			tdata->validAuthLenInBits.len,
-			(tdata->aad.len << 3));
+			0);
 	if (retval < 0)
 		return retval;
 
@@ -2512,7 +2419,7 @@ test_snow3g_authentication_verify(const struct snow3g_hash_test_data *tdata)
 	TEST_ASSERT_NOT_NULL(ut_params->op, "failed to retrieve obuf");
 	ut_params->obuf = ut_params->op->sym->m_src;
 	ut_params->digest = rte_pktmbuf_mtod(ut_params->obuf, uint8_t *)
-				+ plaintext_pad_len + tdata->aad.len;
+				+ plaintext_pad_len;
 
 	/* Validate obuf */
 	if (ut_params->op->status == RTE_CRYPTO_OP_STATUS_SUCCESS)
@@ -2537,7 +2444,7 @@ test_kasumi_authentication(const struct kasumi_hash_test_data *tdata)
 	/* Create KASUMI session */
 	retval = create_wireless_algo_hash_session(ts_params->valid_devs[0],
 			tdata->key.data, tdata->key.len,
-			tdata->aad.len, tdata->digest.len,
+			tdata->auth_iv.len, tdata->digest.len,
 			RTE_CRYPTO_AUTH_OP_GENERATE,
 			RTE_CRYPTO_AUTH_KASUMI_F9);
 	if (retval < 0)
@@ -2559,11 +2466,10 @@ test_kasumi_authentication(const struct kasumi_hash_test_data *tdata)
 
 	/* Create KASUMI operation */
 	retval = create_wireless_algo_hash_operation(NULL, tdata->digest.len,
-			tdata->aad.data, tdata->aad.len,
+			tdata->auth_iv.data, tdata->auth_iv.len,
 			plaintext_pad_len, RTE_CRYPTO_AUTH_OP_GENERATE,
-			RTE_CRYPTO_AUTH_KASUMI_F9,
 			tdata->validAuthLenInBits.len,
-			(tdata->aad.len << 3));
+			0);
 	if (retval < 0)
 		return retval;
 
@@ -2572,7 +2478,7 @@ test_kasumi_authentication(const struct kasumi_hash_test_data *tdata)
 	ut_params->obuf = ut_params->op->sym->m_src;
 	TEST_ASSERT_NOT_NULL(ut_params->op, "failed to retrieve obuf");
 	ut_params->digest = rte_pktmbuf_mtod(ut_params->obuf, uint8_t *)
-			+ plaintext_pad_len + ALIGN_POW2_ROUNDUP(tdata->aad.len, 8);
+			+ plaintext_pad_len;
 
 	/* Validate obuf */
 	TEST_ASSERT_BUFFERS_ARE_EQUAL(
@@ -2598,7 +2504,7 @@ test_kasumi_authentication_verify(const struct kasumi_hash_test_data *tdata)
 	/* Create KASUMI session */
 	retval = create_wireless_algo_hash_session(ts_params->valid_devs[0],
 				tdata->key.data, tdata->key.len,
-				tdata->aad.len, tdata->digest.len,
+				tdata->auth_iv.len, tdata->digest.len,
 				RTE_CRYPTO_AUTH_OP_VERIFY,
 				RTE_CRYPTO_AUTH_KASUMI_F9);
 	if (retval < 0)
@@ -2620,12 +2526,11 @@ test_kasumi_authentication_verify(const struct kasumi_hash_test_data *tdata)
 	/* Create KASUMI operation */
 	retval = create_wireless_algo_hash_operation(tdata->digest.data,
 			tdata->digest.len,
-			tdata->aad.data, tdata->aad.len,
+			tdata->auth_iv.data, tdata->auth_iv.len,
 			plaintext_pad_len,
 			RTE_CRYPTO_AUTH_OP_VERIFY,
-			RTE_CRYPTO_AUTH_KASUMI_F9,
 			tdata->validAuthLenInBits.len,
-			(tdata->aad.len << 3));
+			0);
 	if (retval < 0)
 		return retval;
 
@@ -2634,7 +2539,7 @@ test_kasumi_authentication_verify(const struct kasumi_hash_test_data *tdata)
 	TEST_ASSERT_NOT_NULL(ut_params->op, "failed to retrieve obuf");
 	ut_params->obuf = ut_params->op->sym->m_src;
 	ut_params->digest = rte_pktmbuf_mtod(ut_params->obuf, uint8_t *)
-				+ plaintext_pad_len + tdata->aad.len;
+				+ plaintext_pad_len;
 
 	/* Validate obuf */
 	if (ut_params->op->status == RTE_CRYPTO_OP_STATUS_SUCCESS)
@@ -2800,7 +2705,7 @@ test_kasumi_encryption(const struct kasumi_test_data *tdata)
 					RTE_CRYPTO_CIPHER_OP_ENCRYPT,
 					RTE_CRYPTO_CIPHER_KASUMI_F8,
 					tdata->key.data, tdata->key.len,
-					tdata->iv.len);
+					tdata->cipher_iv.len);
 	if (retval < 0)
 		return retval;
 
@@ -2821,7 +2726,8 @@ test_kasumi_encryption(const struct kasumi_test_data *tdata)
 	TEST_HEXDUMP(stdout, "plaintext:", plaintext, plaintext_len);
 
 	/* Create KASUMI operation */
-	retval = create_wireless_algo_cipher_operation(tdata->iv.data, tdata->iv.len,
+	retval = create_wireless_algo_cipher_operation(tdata->cipher_iv.data,
+					tdata->cipher_iv.len,
 					tdata->plaintext.len,
 					0);
 	if (retval < 0)
@@ -2876,7 +2782,7 @@ test_kasumi_encryption_sgl(const struct kasumi_test_data *tdata)
 					RTE_CRYPTO_CIPHER_OP_ENCRYPT,
 					RTE_CRYPTO_CIPHER_KASUMI_F8,
 					tdata->key.data, tdata->key.len,
-					tdata->iv.len);
+					tdata->cipher_iv.len);
 	if (retval < 0)
 		return retval;
 
@@ -2893,8 +2799,8 @@ test_kasumi_encryption_sgl(const struct kasumi_test_data *tdata)
 	pktmbuf_write(ut_params->ibuf, 0, plaintext_len, tdata->plaintext.data);
 
 	/* Create KASUMI operation */
-	retval = create_wireless_algo_cipher_operation(tdata->iv.data,
-					tdata->iv.len,
+	retval = create_wireless_algo_cipher_operation(tdata->cipher_iv.data,
+					tdata->cipher_iv.len,
 					tdata->plaintext.len,
 					0);
 	if (retval < 0)
@@ -2941,7 +2847,7 @@ test_kasumi_encryption_oop(const struct kasumi_test_data *tdata)
 					RTE_CRYPTO_CIPHER_OP_ENCRYPT,
 					RTE_CRYPTO_CIPHER_KASUMI_F8,
 					tdata->key.data, tdata->key.len,
-					tdata->iv.len);
+					tdata->cipher_iv.len);
 	if (retval < 0)
 		return retval;
 
@@ -2964,8 +2870,8 @@ test_kasumi_encryption_oop(const struct kasumi_test_data *tdata)
 	TEST_HEXDUMP(stdout, "plaintext:", plaintext, plaintext_len);
 
 	/* Create KASUMI operation */
-	retval = create_wireless_algo_cipher_operation_oop(tdata->iv.data,
-					tdata->iv.len,
+	retval = create_wireless_algo_cipher_operation_oop(tdata->cipher_iv.data,
+					tdata->cipher_iv.len,
 					tdata->plaintext.len,
 					0);
 	if (retval < 0)
@@ -3019,7 +2925,7 @@ test_kasumi_encryption_oop_sgl(const struct kasumi_test_data *tdata)
 					RTE_CRYPTO_CIPHER_OP_ENCRYPT,
 					RTE_CRYPTO_CIPHER_KASUMI_F8,
 					tdata->key.data, tdata->key.len,
-					tdata->iv.len);
+					tdata->cipher_iv.len);
 	if (retval < 0)
 		return retval;
 
@@ -3038,8 +2944,8 @@ test_kasumi_encryption_oop_sgl(const struct kasumi_test_data *tdata)
 	pktmbuf_write(ut_params->ibuf, 0, plaintext_len, tdata->plaintext.data);
 
 	/* Create KASUMI operation */
-	retval = create_wireless_algo_cipher_operation_oop(tdata->iv.data,
-					tdata->iv.len,
+	retval = create_wireless_algo_cipher_operation_oop(tdata->cipher_iv.data,
+					tdata->cipher_iv.len,
 					tdata->plaintext.len,
 					0);
 	if (retval < 0)
@@ -3083,7 +2989,7 @@ test_kasumi_decryption_oop(const struct kasumi_test_data *tdata)
 					RTE_CRYPTO_CIPHER_OP_DECRYPT,
 					RTE_CRYPTO_CIPHER_KASUMI_F8,
 					tdata->key.data, tdata->key.len,
-					tdata->iv.len);
+					tdata->cipher_iv.len);
 	if (retval < 0)
 		return retval;
 
@@ -3106,8 +3012,8 @@ test_kasumi_decryption_oop(const struct kasumi_test_data *tdata)
 	TEST_HEXDUMP(stdout, "ciphertext:", ciphertext, ciphertext_len);
 
 	/* Create KASUMI operation */
-	retval = create_wireless_algo_cipher_operation_oop(tdata->iv.data,
-					tdata->iv.len,
+	retval = create_wireless_algo_cipher_operation_oop(tdata->cipher_iv.data,
+					tdata->cipher_iv.len,
 					tdata->ciphertext.len,
 					0);
 	if (retval < 0)
@@ -3150,7 +3056,7 @@ test_kasumi_decryption(const struct kasumi_test_data *tdata)
 					RTE_CRYPTO_CIPHER_OP_DECRYPT,
 					RTE_CRYPTO_CIPHER_KASUMI_F8,
 					tdata->key.data, tdata->key.len,
-					tdata->iv.len);
+					tdata->cipher_iv.len);
 	if (retval < 0)
 		return retval;
 
@@ -3171,8 +3077,8 @@ test_kasumi_decryption(const struct kasumi_test_data *tdata)
 	TEST_HEXDUMP(stdout, "ciphertext:", ciphertext, ciphertext_len);
 
 	/* Create KASUMI operation */
-	retval = create_wireless_algo_cipher_operation(tdata->iv.data,
-					tdata->iv.len,
+	retval = create_wireless_algo_cipher_operation(tdata->cipher_iv.data,
+					tdata->cipher_iv.len,
 					tdata->ciphertext.len,
 					0);
 	if (retval < 0)
@@ -3215,7 +3121,7 @@ test_snow3g_encryption(const struct snow3g_test_data *tdata)
 					RTE_CRYPTO_CIPHER_OP_ENCRYPT,
 					RTE_CRYPTO_CIPHER_SNOW3G_UEA2,
 					tdata->key.data, tdata->key.len,
-					tdata->iv.len);
+					tdata->cipher_iv.len);
 	if (retval < 0)
 		return retval;
 
@@ -3236,7 +3142,8 @@ test_snow3g_encryption(const struct snow3g_test_data *tdata)
 	TEST_HEXDUMP(stdout, "plaintext:", plaintext, plaintext_len);
 
 	/* Create SNOW 3G operation */
-	retval = create_wireless_algo_cipher_operation(tdata->iv.data, tdata->iv.len,
+	retval = create_wireless_algo_cipher_operation(tdata->cipher_iv.data,
+					tdata->cipher_iv.len,
 					tdata->validCipherLenInBits.len,
 					0);
 	if (retval < 0)
@@ -3280,7 +3187,7 @@ test_snow3g_encryption_oop(const struct snow3g_test_data *tdata)
 					RTE_CRYPTO_CIPHER_OP_ENCRYPT,
 					RTE_CRYPTO_CIPHER_SNOW3G_UEA2,
 					tdata->key.data, tdata->key.len,
-					tdata->iv.len);
+					tdata->cipher_iv.len);
 	if (retval < 0)
 		return retval;
 
@@ -3308,8 +3215,8 @@ test_snow3g_encryption_oop(const struct snow3g_test_data *tdata)
 	TEST_HEXDUMP(stdout, "plaintext:", plaintext, plaintext_len);
 
 	/* Create SNOW 3G operation */
-	retval = create_wireless_algo_cipher_operation_oop(tdata->iv.data,
-					tdata->iv.len,
+	retval = create_wireless_algo_cipher_operation_oop(tdata->cipher_iv.data,
+					tdata->cipher_iv.len,
 					tdata->validCipherLenInBits.len,
 					0);
 	if (retval < 0)
@@ -3362,7 +3269,7 @@ test_snow3g_encryption_oop_sgl(const struct snow3g_test_data *tdata)
 					RTE_CRYPTO_CIPHER_OP_ENCRYPT,
 					RTE_CRYPTO_CIPHER_SNOW3G_UEA2,
 					tdata->key.data, tdata->key.len,
-					tdata->iv.len);
+					tdata->cipher_iv.len);
 	if (retval < 0)
 		return retval;
 
@@ -3384,8 +3291,8 @@ test_snow3g_encryption_oop_sgl(const struct snow3g_test_data *tdata)
 	pktmbuf_write(ut_params->ibuf, 0, plaintext_len, tdata->plaintext.data);
 
 	/* Create SNOW 3G operation */
-	retval = create_wireless_algo_cipher_operation_oop(tdata->iv.data,
-					tdata->iv.len,
+	retval = create_wireless_algo_cipher_operation_oop(tdata->cipher_iv.data,
+					tdata->cipher_iv.len,
 					tdata->validCipherLenInBits.len,
 					0);
 	if (retval < 0)
@@ -3452,7 +3359,7 @@ test_snow3g_encryption_offset_oop(const struct snow3g_test_data *tdata)
 					RTE_CRYPTO_CIPHER_OP_ENCRYPT,
 					RTE_CRYPTO_CIPHER_SNOW3G_UEA2,
 					tdata->key.data, tdata->key.len,
-					tdata->iv.len);
+					tdata->cipher_iv.len);
 	if (retval < 0)
 		return retval;
 
@@ -3487,8 +3394,8 @@ test_snow3g_encryption_offset_oop(const struct snow3g_test_data *tdata)
 	rte_hexdump(stdout, "plaintext:", plaintext, tdata->plaintext.len);
 #endif
 	/* Create SNOW 3G operation */
-	retval = create_wireless_algo_cipher_operation_oop(tdata->iv.data,
-					tdata->iv.len,
+	retval = create_wireless_algo_cipher_operation_oop(tdata->cipher_iv.data,
+					tdata->cipher_iv.len,
 					tdata->validCipherLenInBits.len,
 					extra_offset);
 	if (retval < 0)
@@ -3544,7 +3451,7 @@ static int test_snow3g_decryption(const struct snow3g_test_data *tdata)
 					RTE_CRYPTO_CIPHER_OP_DECRYPT,
 					RTE_CRYPTO_CIPHER_SNOW3G_UEA2,
 					tdata->key.data, tdata->key.len,
-					tdata->iv.len);
+					tdata->cipher_iv.len);
 	if (retval < 0)
 		return retval;
 
@@ -3565,7 +3472,8 @@ static int test_snow3g_decryption(const struct snow3g_test_data *tdata)
 	TEST_HEXDUMP(stdout, "ciphertext:", ciphertext, ciphertext_len);
 
 	/* Create SNOW 3G operation */
-	retval = create_wireless_algo_cipher_operation(tdata->iv.data, tdata->iv.len,
+	retval = create_wireless_algo_cipher_operation(tdata->cipher_iv.data,
+					tdata->cipher_iv.len,
 					tdata->validCipherLenInBits.len,
 					0);
 	if (retval < 0)
@@ -3606,7 +3514,7 @@ static int test_snow3g_decryption_oop(const struct snow3g_test_data *tdata)
 					RTE_CRYPTO_CIPHER_OP_DECRYPT,
 					RTE_CRYPTO_CIPHER_SNOW3G_UEA2,
 					tdata->key.data, tdata->key.len,
-					tdata->iv.len);
+					tdata->cipher_iv.len);
 	if (retval < 0)
 		return retval;
 
@@ -3637,8 +3545,8 @@ static int test_snow3g_decryption_oop(const struct snow3g_test_data *tdata)
 	TEST_HEXDUMP(stdout, "ciphertext:", ciphertext, ciphertext_len);
 
 	/* Create SNOW 3G operation */
-	retval = create_wireless_algo_cipher_operation_oop(tdata->iv.data,
-					tdata->iv.len,
+	retval = create_wireless_algo_cipher_operation_oop(tdata->cipher_iv.data,
+					tdata->cipher_iv.len,
 					tdata->validCipherLenInBits.len,
 					0);
 	if (retval < 0)
@@ -3725,8 +3633,7 @@ test_zuc_cipher_auth(const struct wireless_test_data *tdata)
 	TEST_ASSERT_NOT_NULL(ut_params->op, "failed to retrieve obuf");
 	ut_params->obuf = ut_params->op->sym->m_src;
 	if (ut_params->obuf)
-		ciphertext = rte_pktmbuf_mtod(ut_params->obuf, uint8_t *)
-				+ tdata->aad.len;
+		ciphertext = rte_pktmbuf_mtod(ut_params->obuf, uint8_t *);
 	else
 		ciphertext = plaintext;
 
@@ -3739,7 +3646,7 @@ test_zuc_cipher_auth(const struct wireless_test_data *tdata)
 			"ZUC Ciphertext data not as expected");
 
 	ut_params->digest = rte_pktmbuf_mtod(ut_params->obuf, uint8_t *)
-	    + plaintext_pad_len + tdata->aad.len;
+	    + plaintext_pad_len;
 
 	/* Validate obuf */
 	TEST_ASSERT_BUFFERS_ARE_EQUAL(
@@ -3769,8 +3676,8 @@ test_snow3g_cipher_auth(const struct snow3g_test_data *tdata)
 			RTE_CRYPTO_AUTH_SNOW3G_UIA2,
 			RTE_CRYPTO_CIPHER_SNOW3G_UEA2,
 			tdata->key.data, tdata->key.len,
-			tdata->aad.len, tdata->digest.len,
-			tdata->iv.len);
+			tdata->auth_iv.len, tdata->digest.len,
+			tdata->cipher_iv.len);
 	if (retval < 0)
 		return retval;
 	ut_params->ibuf = rte_pktmbuf_alloc(ts_params->mbuf_pool);
@@ -3791,15 +3698,14 @@ test_snow3g_cipher_auth(const struct snow3g_test_data *tdata)
 
 	/* Create SNOW 3G operation */
 	retval = create_wireless_algo_cipher_hash_operation(tdata->digest.data,
-			tdata->digest.len, tdata->aad.data,
-			tdata->aad.len, /*tdata->plaintext.len,*/
+			tdata->digest.len, tdata->auth_iv.data,
+			tdata->auth_iv.len,
 			plaintext_pad_len, RTE_CRYPTO_AUTH_OP_GENERATE,
-			RTE_CRYPTO_AUTH_SNOW3G_UIA2,
-			tdata->iv.data, tdata->iv.len,
+			tdata->cipher_iv.data, tdata->cipher_iv.len,
 			tdata->validCipherLenInBits.len,
 			0,
 			tdata->validAuthLenInBits.len,
-			(tdata->aad.len << 3)
+			0
 			);
 	if (retval < 0)
 		return retval;
@@ -3809,8 +3715,7 @@ test_snow3g_cipher_auth(const struct snow3g_test_data *tdata)
 	TEST_ASSERT_NOT_NULL(ut_params->op, "failed to retrieve obuf");
 	ut_params->obuf = ut_params->op->sym->m_src;
 	if (ut_params->obuf)
-		ciphertext = rte_pktmbuf_mtod(ut_params->obuf, uint8_t *)
-					+ tdata->aad.len;
+		ciphertext = rte_pktmbuf_mtod(ut_params->obuf, uint8_t *);
 	else
 		ciphertext = plaintext;
 
@@ -3823,7 +3728,7 @@ test_snow3g_cipher_auth(const struct snow3g_test_data *tdata)
 			"SNOW 3G Ciphertext data not as expected");
 
 	ut_params->digest = rte_pktmbuf_mtod(ut_params->obuf, uint8_t *)
-	    + plaintext_pad_len + tdata->aad.len;
+	    + plaintext_pad_len;
 
 	/* Validate obuf */
 	TEST_ASSERT_BUFFERS_ARE_EQUAL(
@@ -3852,8 +3757,8 @@ test_snow3g_auth_cipher(const struct snow3g_test_data *tdata)
 			RTE_CRYPTO_AUTH_SNOW3G_UIA2,
 			RTE_CRYPTO_CIPHER_SNOW3G_UEA2,
 			tdata->key.data, tdata->key.len,
-			tdata->aad.len, tdata->digest.len,
-			tdata->iv.len);
+			tdata->auth_iv.len, tdata->digest.len,
+			tdata->cipher_iv.len);
 	if (retval < 0)
 		return retval;
 
@@ -3876,15 +3781,13 @@ test_snow3g_auth_cipher(const struct snow3g_test_data *tdata)
 	/* Create SNOW 3G operation */
 	retval = create_wireless_algo_auth_cipher_operation(
 		tdata->digest.len,
-		tdata->iv.data, tdata->iv.len,
-		tdata->aad.data, tdata->aad.len,
+		tdata->cipher_iv.data, tdata->cipher_iv.len,
+		tdata->auth_iv.data, tdata->auth_iv.len,
 		plaintext_pad_len,
 		tdata->validCipherLenInBits.len,
 		0,
 		tdata->validAuthLenInBits.len,
-		(tdata->aad.len << 3),
-		RTE_CRYPTO_AUTH_SNOW3G_UIA2
-	);
+		0);
 
 	if (retval < 0)
 		return retval;
@@ -3894,13 +3797,12 @@ test_snow3g_auth_cipher(const struct snow3g_test_data *tdata)
 	TEST_ASSERT_NOT_NULL(ut_params->op, "failed to retrieve obuf");
 	ut_params->obuf = ut_params->op->sym->m_src;
 	if (ut_params->obuf)
-		ciphertext = rte_pktmbuf_mtod(ut_params->obuf, uint8_t *)
-				+ tdata->aad.len;
+		ciphertext = rte_pktmbuf_mtod(ut_params->obuf, uint8_t *);
 	else
 		ciphertext = plaintext;
 
 	ut_params->digest = rte_pktmbuf_mtod(ut_params->obuf, uint8_t *)
-			+ plaintext_pad_len + tdata->aad.len;
+			+ plaintext_pad_len;
 	TEST_HEXDUMP(stdout, "ciphertext:", ciphertext, plaintext_len);
 
 	/* Validate obuf */
@@ -3939,8 +3841,8 @@ test_kasumi_auth_cipher(const struct kasumi_test_data *tdata)
 			RTE_CRYPTO_AUTH_KASUMI_F9,
 			RTE_CRYPTO_CIPHER_KASUMI_F8,
 			tdata->key.data, tdata->key.len,
-			tdata->aad.len, tdata->digest.len,
-			tdata->iv.len);
+			tdata->auth_iv.len, tdata->digest.len,
+			tdata->cipher_iv.len);
 	if (retval < 0)
 		return retval;
 	ut_params->ibuf = rte_pktmbuf_alloc(ts_params->mbuf_pool);
@@ -3961,14 +3863,13 @@ test_kasumi_auth_cipher(const struct kasumi_test_data *tdata)
 
 	/* Create KASUMI operation */
 	retval = create_wireless_algo_auth_cipher_operation(tdata->digest.len,
-				tdata->iv.data, tdata->iv.len,
-				tdata->aad.data, tdata->aad.len,
+				tdata->cipher_iv.data, tdata->cipher_iv.len,
+				tdata->auth_iv.data, tdata->auth_iv.len,
 				plaintext_pad_len,
 				tdata->validCipherLenInBits.len,
 				0,
 				tdata->validAuthLenInBits.len,
-				(tdata->aad.len << 3),
-				RTE_CRYPTO_AUTH_KASUMI_F9
+				0
 				);
 
 	if (retval < 0)
@@ -3979,8 +3880,7 @@ test_kasumi_auth_cipher(const struct kasumi_test_data *tdata)
 	TEST_ASSERT_NOT_NULL(ut_params->op, "failed to retrieve obuf");
 	ut_params->obuf = ut_params->op->sym->m_src;
 	if (ut_params->obuf)
-		ciphertext = rte_pktmbuf_mtod(ut_params->obuf, uint8_t *)
-				+ tdata->aad.len;
+		ciphertext = rte_pktmbuf_mtod(ut_params->obuf, uint8_t *);
 	else
 		ciphertext = plaintext;
 
@@ -3991,7 +3891,7 @@ test_kasumi_auth_cipher(const struct kasumi_test_data *tdata)
 			tdata->validCipherLenInBits.len,
 			"KASUMI Ciphertext data not as expected");
 	ut_params->digest = rte_pktmbuf_mtod(ut_params->obuf, uint8_t *)
-	    + plaintext_pad_len + tdata->aad.len;
+	    + plaintext_pad_len;
 
 	/* Validate obuf */
 	TEST_ASSERT_BUFFERS_ARE_EQUAL(
@@ -4022,8 +3922,8 @@ test_kasumi_cipher_auth(const struct kasumi_test_data *tdata)
 			RTE_CRYPTO_AUTH_KASUMI_F9,
 			RTE_CRYPTO_CIPHER_KASUMI_F8,
 			tdata->key.data, tdata->key.len,
-			tdata->aad.len, tdata->digest.len,
-			tdata->iv.len);
+			tdata->auth_iv.len, tdata->digest.len,
+			tdata->cipher_iv.len);
 	if (retval < 0)
 		return retval;
 
@@ -4045,15 +3945,14 @@ test_kasumi_cipher_auth(const struct kasumi_test_data *tdata)
 
 	/* Create KASUMI operation */
 	retval = create_wireless_algo_cipher_hash_operation(tdata->digest.data,
-				tdata->digest.len, tdata->aad.data,
-				tdata->aad.len,
+				tdata->digest.len, tdata->auth_iv.data,
+				tdata->auth_iv.len,
 				plaintext_pad_len, RTE_CRYPTO_AUTH_OP_GENERATE,
-				RTE_CRYPTO_AUTH_KASUMI_F9,
-				tdata->iv.data, tdata->iv.len,
+				tdata->cipher_iv.data, tdata->cipher_iv.len,
 				tdata->validCipherLenInBits.len,
 				0,
 				tdata->validAuthLenInBits.len,
-				(tdata->aad.len << 3)
+				0
 				);
 	if (retval < 0)
 		return retval;
@@ -4063,13 +3962,12 @@ test_kasumi_cipher_auth(const struct kasumi_test_data *tdata)
 	TEST_ASSERT_NOT_NULL(ut_params->op, "failed to retrieve obuf");
 	ut_params->obuf = ut_params->op->sym->m_src;
 	if (ut_params->obuf)
-		ciphertext = rte_pktmbuf_mtod(ut_params->obuf, uint8_t *)
-				+ tdata->aad.len;
+		ciphertext = rte_pktmbuf_mtod(ut_params->obuf, uint8_t *);
 	else
 		ciphertext = plaintext;
 
 	ut_params->digest = rte_pktmbuf_mtod(ut_params->obuf, uint8_t *)
-			+ plaintext_pad_len + tdata->aad.len;
+			+ plaintext_pad_len;
 
 	/* Validate obuf */
 	TEST_ASSERT_BUFFERS_ARE_EQUAL_BIT(
@@ -4113,7 +4011,7 @@ test_zuc_encryption(const struct wireless_test_data *tdata)
 					RTE_CRYPTO_CIPHER_OP_ENCRYPT,
 					RTE_CRYPTO_CIPHER_ZUC_EEA3,
 					tdata->key.data, tdata->key.len,
-					tdata->iv.len);
+					tdata->cipher_iv.len);
 	if (retval < 0)
 		return retval;
 
@@ -4134,7 +4032,8 @@ test_zuc_encryption(const struct wireless_test_data *tdata)
 	TEST_HEXDUMP(stdout, "plaintext:", plaintext, plaintext_len);
 
 	/* Create ZUC operation */
-	retval = create_wireless_algo_cipher_operation(tdata->iv.data, tdata->iv.len,
+	retval = create_wireless_algo_cipher_operation(tdata->cipher_iv.data,
+					tdata->cipher_iv.len,
 					tdata->plaintext.len,
 					0);
 	if (retval < 0)
@@ -4209,7 +4108,7 @@ test_zuc_encryption_sgl(const struct wireless_test_data *tdata)
 			RTE_CRYPTO_CIPHER_OP_ENCRYPT,
 			RTE_CRYPTO_CIPHER_ZUC_EEA3,
 			tdata->key.data, tdata->key.len,
-			tdata->iv.len);
+			tdata->cipher_iv.len);
 	if (retval < 0)
 		return retval;
 
@@ -4218,8 +4117,8 @@ test_zuc_encryption_sgl(const struct wireless_test_data *tdata)
 	pktmbuf_write(ut_params->ibuf, 0, plaintext_len, tdata->plaintext.data);
 
 	/* Create ZUC operation */
-	retval = create_wireless_algo_cipher_operation(tdata->iv.data,
-			tdata->iv.len, tdata->plaintext.len,
+	retval = create_wireless_algo_cipher_operation(tdata->cipher_iv.data,
+			tdata->cipher_iv.len, tdata->plaintext.len,
 			0);
 	if (retval < 0)
 		return retval;
@@ -4273,7 +4172,7 @@ test_zuc_authentication(const struct wireless_test_data *tdata)
 	/* Create ZUC session */
 	retval = create_wireless_algo_hash_session(ts_params->valid_devs[0],
 			tdata->key.data, tdata->key.len,
-			tdata->aad.len, tdata->digest.len,
+			tdata->auth_iv.len, tdata->digest.len,
 			RTE_CRYPTO_AUTH_OP_GENERATE,
 			RTE_CRYPTO_AUTH_ZUC_EIA3);
 	if (retval < 0)
@@ -4295,11 +4194,10 @@ test_zuc_authentication(const struct wireless_test_data *tdata)
 
 	/* Create ZUC operation */
 	retval = create_wireless_algo_hash_operation(NULL, tdata->digest.len,
-			tdata->aad.data, tdata->aad.len,
+			tdata->auth_iv.data, tdata->auth_iv.len,
 			plaintext_pad_len, RTE_CRYPTO_AUTH_OP_GENERATE,
-			RTE_CRYPTO_AUTH_ZUC_EIA3,
 			tdata->validAuthLenInBits.len,
-			(tdata->aad.len << 3));
+			0);
 	if (retval < 0)
 		return retval;
 
@@ -4308,7 +4206,7 @@ test_zuc_authentication(const struct wireless_test_data *tdata)
 	ut_params->obuf = ut_params->op->sym->m_src;
 	TEST_ASSERT_NOT_NULL(ut_params->op, "failed to retrieve obuf");
 	ut_params->digest = rte_pktmbuf_mtod(ut_params->obuf, uint8_t *)
-			+ plaintext_pad_len + ALIGN_POW2_ROUNDUP(tdata->aad.len, 8);
+			+ plaintext_pad_len;
 
 	/* Validate obuf */
 	TEST_ASSERT_BUFFERS_ARE_EQUAL(
diff --git a/test/test/test_cryptodev_kasumi_hash_test_vectors.h b/test/test/test_cryptodev_kasumi_hash_test_vectors.h
index 63db9c4..3ab1d27 100644
--- a/test/test/test_cryptodev_kasumi_hash_test_vectors.h
+++ b/test/test/test_cryptodev_kasumi_hash_test_vectors.h
@@ -43,7 +43,7 @@ struct kasumi_hash_test_data {
 	struct {
 		uint8_t data[8];
 		unsigned len;
-	} aad;
+	} auth_iv;
 
 	/* Includes message and DIRECTION (1 bit), plus 1 0*,
 	 * with enough 0s, so total length is multiple of 64 bits */
@@ -71,7 +71,7 @@ struct kasumi_hash_test_data kasumi_hash_test_case_1 = {
 		},
 		.len = 16
 	},
-	.aad = {
+	.auth_iv = {
 		.data = {
 			0x38, 0xA6, 0xF0, 0x56, 0x05, 0xD2, 0xEC, 0x49,
 		},
@@ -102,7 +102,7 @@ struct kasumi_hash_test_data kasumi_hash_test_case_2 = {
 		},
 		.len = 16
 	},
-	.aad = {
+	.auth_iv = {
 		.data = {
 			0x3E, 0xDC, 0x87, 0xE2, 0xA4, 0xF2, 0xD8, 0xE2,
 		},
@@ -134,7 +134,7 @@ struct kasumi_hash_test_data kasumi_hash_test_case_3 = {
 		},
 		.len = 16
 	},
-	.aad = {
+	.auth_iv = {
 		.data = {
 			0x36, 0xAF, 0x61, 0x44, 0x98, 0x38, 0xF0, 0x3A,
 		},
@@ -168,7 +168,7 @@ struct kasumi_hash_test_data kasumi_hash_test_case_4 = {
 		},
 	.len = 16
 	},
-	.aad = {
+	.auth_iv = {
 		.data = {
 			0x14, 0x79, 0x3E, 0x41, 0x03, 0x97, 0xE8, 0xFD
 		},
@@ -203,7 +203,7 @@ struct kasumi_hash_test_data kasumi_hash_test_case_5 = {
 		},
 		.len = 16
 	},
-	.aad = {
+	.auth_iv = {
 		.data = {
 			0x29, 0x6F, 0x39, 0x3C, 0x6B, 0x22, 0x77, 0x37,
 		},
@@ -247,7 +247,7 @@ struct kasumi_hash_test_data kasumi_hash_test_case_6 = {
 		},
 		.len = 16
 	},
-	.aad = {
+	.auth_iv = {
 		.data = {
 			0x36, 0xAF, 0x61, 0x44, 0x4F, 0x30, 0x2A, 0xD2
 		},
@@ -288,7 +288,7 @@ struct kasumi_hash_test_data kasumi_hash_test_case_7 = {
 		},
 		.len = 16
 	},
-	.aad = {
+	.auth_iv = {
 		.data = {
 			0x38, 0xA6, 0xF0, 0x56, 0x05, 0xD2, 0xEC, 0x49,
 		},
diff --git a/test/test/test_cryptodev_kasumi_test_vectors.h b/test/test/test_cryptodev_kasumi_test_vectors.h
index 6a7efb8..d0b83b1 100644
--- a/test/test/test_cryptodev_kasumi_test_vectors.h
+++ b/test/test/test_cryptodev_kasumi_test_vectors.h
@@ -42,13 +42,13 @@ struct kasumi_test_data {
 	struct {
 		uint8_t data[64] __rte_aligned(16);
 		unsigned len;
-	} iv;
+	} cipher_iv;
 
 	/* Includes: COUNT (4 bytes) and FRESH (4 bytes) */
 	struct {
 		uint8_t data[8];
 		unsigned len;
-	} aad;
+	} auth_iv;
 
 	struct {
 		uint8_t data[1024]; /* Data may include direction bit */
@@ -88,7 +88,7 @@ struct kasumi_test_data kasumi_test_case_1 = {
 		},
 		.len = 16
 	},
-	.iv = {
+	.cipher_iv = {
 		.data = {
 			0x72, 0xA4, 0xF2, 0x0F, 0x64, 0x00, 0x00, 0x00
 		},
@@ -143,7 +143,7 @@ struct kasumi_test_data kasumi_test_case_2 = {
 		},
 		.len = 16
 	},
-	.iv = {
+	.cipher_iv = {
 		.data = {
 			0xE2, 0x8B, 0xCF, 0x7B, 0xC0, 0x00, 0x00, 0x00
 		},
@@ -188,13 +188,13 @@ struct kasumi_test_data kasumi_test_case_3 = {
 		},
 		.len = 16
 	},
-	.iv = {
+	.cipher_iv = {
 		.data = {
 			0xFA, 0x55, 0x6B, 0x26, 0x1C, 0x00, 0x00, 0x00
 		},
 		.len = 8
 	},
-	.aad = {
+	.auth_iv = {
 		.data = {
 			0x38, 0xA6, 0xF0, 0x56, 0x05, 0xD2, 0xEC, 0x49
 		},
@@ -237,7 +237,7 @@ struct kasumi_test_data kasumi_test_case_4 = {
 		},
 		.len = 16
 	},
-	.iv = {
+	.cipher_iv = {
 		.data = {
 			0x39, 0x8A, 0x59, 0xB4, 0x2C, 0x00, 0x00, 0x00,
 		},
@@ -274,7 +274,7 @@ struct kasumi_test_data kasumi_test_case_5 = {
 		},
 		.len = 16
 	},
-	.iv = {
+	.cipher_iv = {
 		.data = {
 			0x72, 0xA4, 0xF2, 0x0F, 0x48, 0x00, 0x00, 0x00
 		},
@@ -331,13 +331,13 @@ struct kasumi_test_data kasumi_test_case_6 = {
 		},
 		.len = 16
 	},
-	.iv = {
+	.cipher_iv = {
 		.data = {
 			0xFA, 0x55, 0x6B, 0x26, 0x1C, 0x00, 0x00, 0x00
 		},
 		.len = 8
 	},
-	.aad = {
+	.auth_iv = {
 		.data = {
 			0x38, 0xA6, 0xF0, 0x56, 0x05, 0xD2, 0xEC, 0x49
 		},
diff --git a/test/test/test_cryptodev_perf.c b/test/test/test_cryptodev_perf.c
index 7238bfa..1d204fd 100644
--- a/test/test/test_cryptodev_perf.c
+++ b/test/test/test_cryptodev_perf.c
@@ -2704,10 +2704,12 @@ test_perf_create_snow3g_session(uint8_t dev_id, enum chain_mode chain,
 	auth_xform.auth.op = RTE_CRYPTO_AUTH_OP_GENERATE;
 	auth_xform.auth.algo = auth_algo;
 
-	auth_xform.auth.add_auth_data_length = SNOW3G_CIPHER_IV_LENGTH;
 	auth_xform.auth.key.data = snow3g_hash_key;
 	auth_xform.auth.key.length =  get_auth_key_max_length(auth_algo);
 	auth_xform.auth.digest_length = get_auth_digest_length(auth_algo);
+	/* Auth IV will be after cipher IV */
+	auth_xform.auth.iv.offset = IV_OFFSET + SNOW3G_CIPHER_IV_LENGTH;
+	auth_xform.auth.iv.length = SNOW3G_CIPHER_IV_LENGTH;
 
 	switch (chain) {
 	case CIPHER_HASH:
@@ -2969,10 +2971,6 @@ test_perf_set_crypto_op_snow3g(struct rte_crypto_op *op, struct rte_mbuf *m,
 	op->sym->auth.digest.phys_addr =
 				rte_pktmbuf_mtophys_offset(m, data_len);
 	op->sym->auth.digest.length = digest_len;
-	op->sym->auth.aad.data = iv_ptr;
-	op->sym->auth.aad.phys_addr = rte_crypto_op_ctophys_offset(op,
-			IV_OFFSET);
-	op->sym->auth.aad.length = SNOW3G_CIPHER_IV_LENGTH;
 
 	/* Data lengths/offsets Parameters */
 	op->sym->auth.data.offset = 0;
@@ -3017,11 +3015,16 @@ test_perf_set_crypto_op_snow3g_hash(struct rte_crypto_op *op,
 		unsigned data_len,
 		unsigned digest_len)
 {
+	uint8_t *iv_ptr = rte_crypto_op_ctod_offset(op,
+			uint8_t *, IV_OFFSET);
+
 	if (rte_crypto_op_attach_sym_session(op, sess) != 0) {
 		rte_crypto_op_free(op);
 		return NULL;
 	}
 
+	rte_memcpy(iv_ptr, snow3g_iv, SNOW3G_CIPHER_IV_LENGTH);
+
 	/* Authentication Parameters */
 
 	op->sym->auth.digest.data =
@@ -3031,13 +3034,6 @@ test_perf_set_crypto_op_snow3g_hash(struct rte_crypto_op *op,
 				rte_pktmbuf_mtophys_offset(m, data_len +
 					SNOW3G_CIPHER_IV_LENGTH);
 	op->sym->auth.digest.length = digest_len;
-	op->sym->auth.aad.data = rte_crypto_op_ctod_offset(op,
-			uint8_t *, IV_OFFSET);
-	op->sym->auth.aad.phys_addr = rte_crypto_op_ctophys_offset(op,
-			IV_OFFSET);
-	op->sym->auth.aad.length = SNOW3G_CIPHER_IV_LENGTH;
-	rte_memcpy(op->sym->auth.aad.data, snow3g_iv,
-			SNOW3G_CIPHER_IV_LENGTH);
 
 	/* Data lengths/offsets Parameters */
 	op->sym->auth.data.offset = 0;
diff --git a/test/test/test_cryptodev_snow3g_hash_test_vectors.h b/test/test/test_cryptodev_snow3g_hash_test_vectors.h
index e88e7ab..d51cdfa 100644
--- a/test/test/test_cryptodev_snow3g_hash_test_vectors.h
+++ b/test/test/test_cryptodev_snow3g_hash_test_vectors.h
@@ -42,7 +42,7 @@ struct snow3g_hash_test_data {
 	struct {
 		uint8_t data[64];
 		unsigned len;
-	} aad;
+	} auth_iv;
 
 	struct {
 		uint8_t data[2056];
@@ -67,7 +67,7 @@ struct snow3g_hash_test_data snow3g_hash_test_case_1 = {
 		},
 	.len = 16
 	},
-	.aad = {
+	.auth_iv = {
 		.data = {
 			0x14, 0x79, 0x3E, 0x41, 0x03, 0x97, 0xE8, 0xFD,
 			0x94, 0x79, 0x3E, 0x41, 0x03, 0x97, 0x68, 0xFD
@@ -102,7 +102,7 @@ struct snow3g_hash_test_data snow3g_hash_test_case_2 = {
 		},
 	.len = 16
 	},
-	.aad = {
+	.auth_iv = {
 		.data = {
 			0x29, 0x6F, 0x39, 0x3C, 0x6B, 0x22, 0x77, 0x37,
 			0xA9, 0x6F, 0x39, 0x3C, 0x6B, 0x22, 0xF7, 0x37
@@ -147,7 +147,7 @@ struct snow3g_hash_test_data snow3g_hash_test_case_3 = {
 		},
 	.len = 16
 	},
-	.aad = {
+	.auth_iv = {
 		.data = {
 			0x29, 0x6F, 0x39, 0x3C, 0x6B, 0x22, 0x77, 0x37,
 			0xA9, 0x6F, 0x39, 0x3C, 0x6B, 0x22, 0xF7, 0x37
@@ -433,7 +433,7 @@ struct snow3g_hash_test_data snow3g_hash_test_case_4 = {
 		},
 	.len = 16
 	},
-	.aad = {
+	.auth_iv = {
 		.data = {
 			0x38, 0xA6, 0xF0, 0x56, 0x05, 0xD2, 0xEC, 0x49,
 			0x38, 0xA6, 0xF0, 0x56, 0x05, 0xD2, 0xEC, 0x49,
@@ -465,7 +465,7 @@ struct snow3g_hash_test_data snow3g_hash_test_case_5 = {
 		},
 		.len = 16
 	},
-	.aad = {
+	.auth_iv = {
 		.data = {
 			0x3E, 0xDC, 0x87, 0xE2, 0xA4, 0xF2, 0xD8, 0xE2,
 			0xBE, 0xDC, 0x87, 0xE2, 0xA4, 0xF2, 0x58, 0xE2
@@ -498,7 +498,7 @@ struct snow3g_hash_test_data snow3g_hash_test_case_6 = {
 		},
 		.len = 16
 	},
-	.aad = {
+	.auth_iv = {
 		.data = {
 			0x36, 0xAF, 0x61, 0x44, 0x98, 0x38, 0xF0, 0x3A,
 			0xB6, 0xAF, 0x61, 0x44, 0x98, 0x38, 0x70, 0x3A
diff --git a/test/test/test_cryptodev_snow3g_test_vectors.h b/test/test/test_cryptodev_snow3g_test_vectors.h
index 0c8ad1c..6b99f6c 100644
--- a/test/test/test_cryptodev_snow3g_test_vectors.h
+++ b/test/test/test_cryptodev_snow3g_test_vectors.h
@@ -42,7 +42,7 @@ struct snow3g_test_data {
 	struct {
 		uint8_t data[64] __rte_aligned(16);
 		unsigned len;
-	} iv;
+	} cipher_iv;
 
 	struct {
 		uint8_t data[1024];
@@ -69,7 +69,7 @@ struct snow3g_test_data {
 	struct {
 		uint8_t data[64];
 		unsigned len;
-	} aad;
+	} auth_iv;
 
 	struct {
 		uint8_t data[64];
@@ -84,7 +84,7 @@ struct snow3g_test_data snow3g_test_case_1 = {
 		},
 		.len = 16
 	},
-	.iv = {
+	.cipher_iv = {
 		.data = {
 			0x72, 0xA4, 0xF2, 0x0F, 0x64, 0x00, 0x00, 0x00,
 			0x72, 0xA4, 0xF2, 0x0F, 0x64, 0x00, 0x00, 0x00
@@ -133,7 +133,7 @@ struct snow3g_test_data snow3g_test_case_1 = {
 	.validCipherLenInBits = {
 		.len = 800
 	},
-	.aad = {
+	.auth_iv = {
 		.data = {
 			 0x72, 0xA4, 0xF2, 0x0F, 0x64, 0x00, 0x00, 0x00,
 			 0x72, 0xA4, 0xF2, 0x0F, 0x64, 0x00, 0x00, 0x00
@@ -150,7 +150,7 @@ struct snow3g_test_data snow3g_test_case_2 = {
 		},
 		.len = 16
 	},
-	.iv = {
+	.cipher_iv = {
 	       .data = {
 			0xE2, 0x8B, 0xCF, 0x7B, 0xC0, 0x00, 0x00, 0x00,
 			0xE2, 0x8B, 0xCF, 0x7B, 0xC0, 0x00, 0x00, 0x00
@@ -189,7 +189,7 @@ struct snow3g_test_data snow3g_test_case_2 = {
 	.validCipherLenInBits = {
 		.len = 512
 	},
-	.aad = {
+	.auth_iv = {
 		.data = {
 			 0xE2, 0x8B, 0xCF, 0x7B, 0xC0, 0x00, 0x00, 0x00,
 			 0xE2, 0x8B, 0xCF, 0x7B, 0xC0, 0x00, 0x00, 0x00
@@ -206,7 +206,7 @@ struct snow3g_test_data snow3g_test_case_3 = {
 		},
 		.len = 16
 	},
-	.iv = {
+	.cipher_iv = {
 		.data = {
 			0xFA, 0x55, 0x6B, 0x26, 0x1C, 0x00, 0x00, 0x00,
 			0xFA, 0x55, 0x6B, 0x26, 0x1C, 0x00, 0x00, 0x00
@@ -233,7 +233,7 @@ struct snow3g_test_data snow3g_test_case_3 = {
 	.validCipherLenInBits = {
 		.len = 120
 	},
-	.aad = {
+	.auth_iv = {
 		.data = {
 			0xFA, 0x55, 0x6B, 0x26, 0x1C, 0x00, 0x00, 0x00,
 			0xFA, 0x55, 0x6B, 0x26, 0x1C, 0x00, 0x00, 0x00
@@ -257,7 +257,7 @@ struct snow3g_test_data snow3g_test_case_4 = {
 		},
 		.len = 16
 	},
-	.iv = {
+	.cipher_iv = {
 		.data = {
 			0x39, 0x8A, 0x59, 0xB4, 0x2C, 0x00, 0x00, 0x00,
 			0x39, 0x8A, 0x59, 0xB4, 0x2C, 0x00, 0x00, 0x00
@@ -298,7 +298,7 @@ struct snow3g_test_data snow3g_test_case_5 = {
 		},
 		.len = 16
 	},
-	.iv = {
+	.cipher_iv = {
 		.data = {
 			0x72, 0xA4, 0xF2, 0x0F, 0x48, 0x00, 0x00, 0x00,
 			0x72, 0xA4, 0xF2, 0x0F, 0x48, 0x00, 0x00, 0x00
@@ -357,14 +357,14 @@ struct snow3g_test_data snow3g_test_case_6 = {
 		},
 		.len = 16
 	},
-	.iv = {
+	.cipher_iv = {
 		.data = {
 			0x14, 0x79, 0x3E, 0x41, 0x03, 0x97, 0xE8, 0xFD,
 			0x94, 0x79, 0x3E, 0x41, 0x03, 0x97, 0x68, 0xFD
 		},
 		.len = 16
 	},
-	.aad = {
+	.auth_iv = {
 		.data = {
 			0x14, 0x79, 0x3E, 0x41, 0x03, 0x97, 0xE8, 0xFD,
 			0x94, 0x79, 0x3E, 0x41, 0x03, 0x97, 0x68, 0xFD
diff --git a/test/test/test_cryptodev_zuc_test_vectors.h b/test/test/test_cryptodev_zuc_test_vectors.h
index 50fb538..959a024 100644
--- a/test/test/test_cryptodev_zuc_test_vectors.h
+++ b/test/test/test_cryptodev_zuc_test_vectors.h
@@ -42,7 +42,7 @@ struct wireless_test_data {
 	struct {
 		uint8_t data[64] __rte_aligned(16);
 		unsigned len;
-	} iv;
+	} cipher_iv;
 
 	struct {
 		uint8_t data[2048];
@@ -69,7 +69,7 @@ struct wireless_test_data {
 	struct {
 		uint8_t data[64];
 		unsigned len;
-	} aad;
+	} auth_iv;
 
 	struct {
 		uint8_t data[64];
@@ -84,7 +84,7 @@ static struct wireless_test_data zuc_test_case_cipher_193b = {
 		},
 		.len = 16
 	},
-	.iv = {
+	.cipher_iv = {
 		.data = {
 			0x66, 0x03, 0x54, 0x92, 0x78, 0x00, 0x00, 0x00,
 			0x66, 0x03, 0x54, 0x92, 0x78, 0x00, 0x00, 0x00
@@ -125,7 +125,7 @@ static struct wireless_test_data zuc_test_case_cipher_800b = {
 		},
 		.len = 16
 	},
-	.iv = {
+	.cipher_iv = {
 		.data = {
 			0x00, 0x05, 0x68, 0x23, 0xC4, 0x00, 0x00, 0x00,
 			0x00, 0x05, 0x68, 0x23, 0xC4, 0x00, 0x00, 0x00
@@ -184,7 +184,7 @@ static struct wireless_test_data zuc_test_case_cipher_1570b = {
 		},
 		.len = 16
 	},
-	.iv = {
+	.cipher_iv = {
 		.data = {
 			0x76, 0x45, 0x2E, 0xC1, 0x14, 0x00, 0x00, 0x00,
 			0x76, 0x45, 0x2E, 0xC1, 0x14, 0x00, 0x00, 0x00
@@ -267,7 +267,7 @@ static struct wireless_test_data zuc_test_case_cipher_2798b = {
 		},
 		.len = 16
 	},
-	.iv = {
+	.cipher_iv = {
 		.data = {
 			0xE4, 0x85, 0x0F, 0xE1, 0x84, 0x00, 0x00, 0x00,
 			0xE4, 0x85, 0x0F, 0xE1, 0x84, 0x00, 0x00, 0x00
@@ -388,7 +388,7 @@ static struct wireless_test_data zuc_test_case_cipher_4019b = {
 		},
 		.len = 16
 	},
-	.iv = {
+	.cipher_iv = {
 		.data = {
 			0x27, 0x38, 0xCD, 0xAA, 0xD0, 0x00, 0x00, 0x00,
 			0x27, 0x38, 0xCD, 0xAA, 0xD0, 0x00, 0x00, 0x00
@@ -547,7 +547,7 @@ static struct wireless_test_data zuc_test_case_cipher_200b_auth_200b = {
 		},
 		.len = 16
 	},
-	.iv = {
+	.cipher_iv = {
 		.data = {
 			0x66, 0x03, 0x54, 0x92, 0x78, 0x00, 0x00, 0x00,
 			0x66, 0x03, 0x54, 0x92, 0x78, 0x00, 0x00, 0x00
@@ -578,7 +578,7 @@ static struct wireless_test_data zuc_test_case_cipher_200b_auth_200b = {
 	.validCipherLenInBits = {
 		.len = 200
 	},
-	.aad = {
+	.auth_iv = {
 		.data = {
 			0xFA, 0x55, 0x6B, 0x26, 0x1C, 0x00, 0x00, 0x00,
 			0xFA, 0x55, 0x6B, 0x26, 0x1C, 0x00, 0x00, 0x00
@@ -602,7 +602,7 @@ static struct wireless_test_data zuc_test_case_cipher_800b_auth_120b = {
 		},
 		.len = 16
 	},
-	.iv = {
+	.cipher_iv = {
 		.data = {
 			0x00, 0x05, 0x68, 0x23, 0xC4, 0x00, 0x00, 0x00,
 			0x00, 0x05, 0x68, 0x23, 0xC4, 0x00, 0x00, 0x00
@@ -651,7 +651,7 @@ static struct wireless_test_data zuc_test_case_cipher_800b_auth_120b = {
 	.validCipherLenInBits = {
 		.len = 800
 	},
-	.aad = {
+	.auth_iv = {
 		.data = {
 			0xFA, 0x55, 0x6B, 0x26, 0x1C, 0x00, 0x00, 0x00,
 			0xFA, 0x55, 0x6B, 0x26, 0x1C, 0x00, 0x00, 0x00
@@ -675,7 +675,7 @@ struct wireless_test_data zuc_test_case_auth_1b = {
 		},
 		.len = 16
 	},
-	.aad = {
+	.auth_iv = {
 		.data = {
 			0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
 			0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00
@@ -703,7 +703,7 @@ struct wireless_test_data zuc_test_case_auth_90b = {
 		},
 		.len = 16
 	},
-	.aad = {
+	.auth_iv = {
 		.data = {
 			0x56, 0x1E, 0xB2, 0xDD, 0xA0, 0x00, 0x00, 0x00,
 			0x56, 0x1E, 0xB2, 0xDD, 0xA0, 0x00, 0x00, 0x00
@@ -734,7 +734,7 @@ struct wireless_test_data zuc_test_case_auth_577b = {
 		},
 		.len = 16
 	},
-	.aad = {
+	.auth_iv = {
 		.data = {
 			0xA9, 0x40, 0x59, 0xDA, 0x50, 0x00, 0x00, 0x00,
 			0x29, 0x40, 0x59, 0xDA, 0x50, 0x00, 0x80, 0x00
@@ -773,7 +773,7 @@ struct wireless_test_data zuc_test_case_auth_2079b = {
 		},
 		.len = 16
 	},
-	.aad = {
+	.auth_iv = {
 		.data = {
 			0x05, 0x09, 0x78, 0x50, 0x80, 0x00, 0x00, 0x00,
 			0x85, 0x09, 0x78, 0x50, 0x80, 0x00, 0x80, 0x00
@@ -835,7 +835,7 @@ struct wireless_test_data zuc_test_auth_5670b = {
 		},
 		.len = 16
 	},
-	.aad = {
+	.auth_iv = {
 		.data = {
 			0x56, 0x1E, 0xB2, 0xDD, 0xE0, 0x00, 0x00, 0x00,
 			0x56, 0x1E, 0xB2, 0xDD, 0xE0, 0x00, 0x00, 0x00
@@ -950,7 +950,7 @@ static struct wireless_test_data zuc_test_case_auth_128b = {
 		.data = { 0x0 },
 		.len = 16
 	},
-	.aad = {
+	.auth_iv = {
 		.data = { 0x0 },
 		.len = 16
 	},
@@ -975,7 +975,7 @@ static struct wireless_test_data zuc_test_case_auth_2080b = {
 		},
 		.len = 16
 	},
-	.aad = {
+	.auth_iv = {
 		.data = {
 			0x05, 0x09, 0x78, 0x50, 0x80, 0x00, 0x00, 0x00,
 			0x85, 0x09, 0x78, 0x50, 0x80, 0x00, 0x80, 0x00
@@ -1037,7 +1037,7 @@ static struct wireless_test_data zuc_test_case_auth_584b = {
 		},
 		.len = 16
 	},
-	.aad = {
+	.auth_iv = {
 		.data = {
 			0xa9, 0x40, 0x59, 0xda, 0x50, 0x0, 0x0, 0x0,
 			0x29, 0x40, 0x59, 0xda, 0x50, 0x0, 0x80, 0x0
-- 
2.9.4

^ permalink raw reply	[flat|nested] 100+ messages in thread

* [dpdk-dev] [PATCH v2 17/27] cryptodev: remove AAD length from crypto op
  2017-06-26 10:22 ` [dpdk-dev] [PATCH v2 00/27] Crypto operation restructuring Pablo de Lara
                     ` (15 preceding siblings ...)
  2017-06-26 10:22   ` [dpdk-dev] [PATCH v2 16/27] cryptodev: do not use AAD in wireless algorithms Pablo de Lara
@ 2017-06-26 10:22   ` Pablo de Lara
  2017-06-26 10:22   ` [dpdk-dev] [PATCH v2 18/27] cryptodev: remove digest " Pablo de Lara
                     ` (11 subsequent siblings)
  28 siblings, 0 replies; 100+ messages in thread
From: Pablo de Lara @ 2017-06-26 10:22 UTC (permalink / raw)
  To: declan.doherty, zbigniew.bodek, jerin.jacob, akhil.goyal, hemant.agrawal
  Cc: dev, Pablo de Lara

Additional authenticated data (AAD) information was duplicated
in the authentication transform and in the crypto
operation structures.

Since AAD length is not meant to be changed in a same session,
it is removed from the crypto operation structure.

Signed-off-by: Pablo de Lara <pablo.de.lara.guarch@intel.com>
---
 app/test-crypto-perf/cperf_ops.c                 |  3 ---
 doc/guides/prog_guide/cryptodev_lib.rst          |  1 -
 doc/guides/rel_notes/release_17_08.rst           |  3 +++
 drivers/crypto/aesni_gcm/aesni_gcm_pmd.c         |  6 +++--
 drivers/crypto/aesni_gcm/aesni_gcm_pmd_private.h |  2 ++
 drivers/crypto/openssl/rte_openssl_pmd.c         |  4 ++-
 drivers/crypto/openssl/rte_openssl_pmd_private.h |  3 +++
 drivers/crypto/qat/qat_adf/qat_algs_build_desc.c |  1 +
 drivers/crypto/qat/qat_crypto.c                  |  4 +--
 examples/ipsec-secgw/esp.c                       |  2 --
 examples/l2fwd-crypto/main.c                     |  4 ---
 lib/librte_cryptodev/rte_crypto_sym.h            |  6 +----
 test/test/test_cryptodev.c                       | 10 +++-----
 test/test/test_cryptodev_perf.c                  | 31 +++++++++++++-----------
 14 files changed, 39 insertions(+), 41 deletions(-)

diff --git a/app/test-crypto-perf/cperf_ops.c b/app/test-crypto-perf/cperf_ops.c
index 0ed51e5..c45d369 100644
--- a/app/test-crypto-perf/cperf_ops.c
+++ b/app/test-crypto-perf/cperf_ops.c
@@ -180,7 +180,6 @@ cperf_set_ops_auth(struct rte_crypto_op **ops,
 			sym_op->auth.digest.length = options->auth_digest_sz;
 			sym_op->auth.aad.phys_addr = test_vector->aad.phys_addr;
 			sym_op->auth.aad.data = test_vector->aad.data;
-			sym_op->auth.aad.length = options->auth_aad_sz;
 
 		}
 
@@ -269,7 +268,6 @@ cperf_set_ops_cipher_auth(struct rte_crypto_op **ops,
 			sym_op->auth.digest.length = options->auth_digest_sz;
 			sym_op->auth.aad.phys_addr = test_vector->aad.phys_addr;
 			sym_op->auth.aad.data = test_vector->aad.data;
-			sym_op->auth.aad.length = options->auth_aad_sz;
 		}
 
 		if (options->auth_algo == RTE_CRYPTO_AUTH_SNOW3G_UIA2 ||
@@ -314,7 +312,6 @@ cperf_set_ops_aead(struct rte_crypto_op **ops,
 
 		sym_op->auth.aad.data = rte_pktmbuf_mtod(bufs_in[i], uint8_t *);
 		sym_op->auth.aad.phys_addr = rte_pktmbuf_mtophys(bufs_in[i]);
-		sym_op->auth.aad.length = options->auth_aad_sz;
 
 		/* authentication parameters */
 		if (options->auth_op == RTE_CRYPTO_AUTH_OP_VERIFY) {
diff --git a/doc/guides/prog_guide/cryptodev_lib.rst b/doc/guides/prog_guide/cryptodev_lib.rst
index 68890ff..ea8fc00 100644
--- a/doc/guides/prog_guide/cryptodev_lib.rst
+++ b/doc/guides/prog_guide/cryptodev_lib.rst
@@ -553,7 +553,6 @@ chain.
             struct {
                 uint8_t *data;
                 phys_addr_t phys_addr;
-                uint16_t length;
             } aad;    /**< Additional authentication parameters */
         } auth;
     }
diff --git a/doc/guides/rel_notes/release_17_08.rst b/doc/guides/rel_notes/release_17_08.rst
index eabf3dd..e633d73 100644
--- a/doc/guides/rel_notes/release_17_08.rst
+++ b/doc/guides/rel_notes/release_17_08.rst
@@ -163,6 +163,9 @@ API Changes
     ``rte_crypto_cipher_xform``.
   * Added authentication IV parameters (offset and length) in
     ``rte_crypto_auth_xform``.
+  * Removed Additional Authentication Data (AAD) length from ``rte_crypto_sym_op``.
+  * Changed field size of AAD length in ``rte_crypto_auth_xform``,
+    from uint32_t to uint16_t.
 
 
 ABI Changes
diff --git a/drivers/crypto/aesni_gcm/aesni_gcm_pmd.c b/drivers/crypto/aesni_gcm/aesni_gcm_pmd.c
index 28ac035..77808b4 100644
--- a/drivers/crypto/aesni_gcm/aesni_gcm_pmd.c
+++ b/drivers/crypto/aesni_gcm/aesni_gcm_pmd.c
@@ -145,6 +145,8 @@ aesni_gcm_set_session_parameters(struct aesni_gcm_session *sess,
 		return -EINVAL;
 	}
 
+	sess->aad_length = auth_xform->auth.add_auth_data_length;
+
 	return 0;
 }
 
@@ -255,7 +257,7 @@ process_gcm_crypto_op(struct rte_crypto_op *op,
 		aesni_gcm_enc[session->key].init(&session->gdata,
 				iv_ptr,
 				sym_op->auth.aad.data,
-				(uint64_t)sym_op->auth.aad.length);
+				(uint64_t)session->aad_length);
 
 		aesni_gcm_enc[session->key].update(&session->gdata, dst, src,
 				(uint64_t)part_len);
@@ -293,7 +295,7 @@ process_gcm_crypto_op(struct rte_crypto_op *op,
 		aesni_gcm_dec[session->key].init(&session->gdata,
 				iv_ptr,
 				sym_op->auth.aad.data,
-				(uint64_t)sym_op->auth.aad.length);
+				(uint64_t)session->aad_length);
 
 		aesni_gcm_dec[session->key].update(&session->gdata, dst, src,
 				(uint64_t)part_len);
diff --git a/drivers/crypto/aesni_gcm/aesni_gcm_pmd_private.h b/drivers/crypto/aesni_gcm/aesni_gcm_pmd_private.h
index 2ed96f8..bfd4d1c 100644
--- a/drivers/crypto/aesni_gcm/aesni_gcm_pmd_private.h
+++ b/drivers/crypto/aesni_gcm/aesni_gcm_pmd_private.h
@@ -99,6 +99,8 @@ struct aesni_gcm_session {
 	/**< GCM operation type */
 	enum aesni_gcm_key key;
 	/**< GCM key type */
+	uint16_t aad_length;
+	/**< AAD length */
 	struct gcm_data gdata __rte_cache_aligned;
 	/**< GCM parameters */
 };
diff --git a/drivers/crypto/openssl/rte_openssl_pmd.c b/drivers/crypto/openssl/rte_openssl_pmd.c
index ab4333e..8853a67 100644
--- a/drivers/crypto/openssl/rte_openssl_pmd.c
+++ b/drivers/crypto/openssl/rte_openssl_pmd.c
@@ -370,6 +370,8 @@ openssl_set_session_auth_parameters(struct openssl_session *sess,
 		return -EINVAL;
 	}
 
+	sess->auth.aad_length = xform->auth.add_auth_data_length;
+
 	return 0;
 }
 
@@ -934,7 +936,7 @@ process_openssl_combined_op
 			sess->iv.offset);
 	ivlen = sess->iv.length;
 	aad = op->sym->auth.aad.data;
-	aadlen = op->sym->auth.aad.length;
+	aadlen = sess->auth.aad_length;
 
 	tag = op->sym->auth.digest.data;
 	if (tag == NULL)
diff --git a/drivers/crypto/openssl/rte_openssl_pmd_private.h b/drivers/crypto/openssl/rte_openssl_pmd_private.h
index 3a64853..045e532 100644
--- a/drivers/crypto/openssl/rte_openssl_pmd_private.h
+++ b/drivers/crypto/openssl/rte_openssl_pmd_private.h
@@ -162,6 +162,9 @@ struct openssl_session {
 				/**< pointer to EVP context structure */
 			} hmac;
 		};
+
+		uint16_t aad_length;
+		/**< AAD length */
 	} auth;
 
 } __rte_cache_aligned;
diff --git a/drivers/crypto/qat/qat_adf/qat_algs_build_desc.c b/drivers/crypto/qat/qat_adf/qat_algs_build_desc.c
index 5bf9c86..4df57aa 100644
--- a/drivers/crypto/qat/qat_adf/qat_algs_build_desc.c
+++ b/drivers/crypto/qat/qat_adf/qat_algs_build_desc.c
@@ -817,6 +817,7 @@ int qat_alg_aead_session_create_content_desc_auth(struct qat_session *cdesc,
 					ICP_QAT_HW_GALOIS_128_STATE1_SZ +
 					ICP_QAT_HW_GALOIS_H_SZ);
 		*aad_len = rte_bswap32(add_auth_data_length);
+		cdesc->aad_len = add_auth_data_length;
 		break;
 	case ICP_QAT_HW_AUTH_ALGO_SNOW_3G_UIA2:
 		qat_proto_flag = QAT_CRYPTO_PROTO_FLAG_SNOW3G;
diff --git a/drivers/crypto/qat/qat_crypto.c b/drivers/crypto/qat/qat_crypto.c
index a384b24..6adc1eb 100644
--- a/drivers/crypto/qat/qat_crypto.c
+++ b/drivers/crypto/qat/qat_crypto.c
@@ -1190,7 +1190,7 @@ qat_write_hw_desc_entry(struct rte_crypto_op *op, uint8_t *out_msg,
 			cipher_param->cipher_length = 0;
 			cipher_param->cipher_offset = 0;
 			auth_param->u1.aad_adr = 0;
-			auth_param->auth_len = op->sym->auth.aad.length;
+			auth_param->auth_len = ctx->aad_len;
 			auth_param->auth_off = op->sym->auth.data.offset;
 			auth_param->u2.aad_sz = 0;
 		}
@@ -1217,7 +1217,7 @@ qat_write_hw_desc_entry(struct rte_crypto_op *op, uint8_t *out_msg,
 		rte_hexdump(stdout, "digest:", op->sym->auth.digest.data,
 				op->sym->auth.digest.length);
 		rte_hexdump(stdout, "aad:", op->sym->auth.aad.data,
-				op->sym->auth.aad.length);
+				ctx->aad_len);
 	}
 #endif
 	return 0;
diff --git a/examples/ipsec-secgw/esp.c b/examples/ipsec-secgw/esp.c
index 9e12782..571c2c6 100644
--- a/examples/ipsec-secgw/esp.c
+++ b/examples/ipsec-secgw/esp.c
@@ -129,7 +129,6 @@ esp_inbound(struct rte_mbuf *m, struct ipsec_sa *sa,
 		sym_cop->auth.aad.data = aad;
 		sym_cop->auth.aad.phys_addr = rte_pktmbuf_mtophys_offset(m,
 				aad - rte_pktmbuf_mtod(m, uint8_t *));
-		sym_cop->auth.aad.length = 8;
 		break;
 	default:
 		RTE_LOG(ERR, IPSEC_ESP, "unsupported auth algorithm %u\n",
@@ -358,7 +357,6 @@ esp_outbound(struct rte_mbuf *m, struct ipsec_sa *sa,
 		sym_cop->auth.aad.data = aad;
 		sym_cop->auth.aad.phys_addr = rte_pktmbuf_mtophys_offset(m,
 				aad - rte_pktmbuf_mtod(m, uint8_t *));
-		sym_cop->auth.aad.length = 8;
 		break;
 	default:
 		RTE_LOG(ERR, IPSEC_ESP, "unsupported auth algorithm %u\n",
diff --git a/examples/l2fwd-crypto/main.c b/examples/l2fwd-crypto/main.c
index ba5aef7..6fe829e 100644
--- a/examples/l2fwd-crypto/main.c
+++ b/examples/l2fwd-crypto/main.c
@@ -497,11 +497,9 @@ l2fwd_simple_crypto_enqueue(struct rte_mbuf *m,
 		if (cparams->aad.length) {
 			op->sym->auth.aad.data = cparams->aad.data;
 			op->sym->auth.aad.phys_addr = cparams->aad.phys_addr;
-			op->sym->auth.aad.length = cparams->aad.length;
 		} else {
 			op->sym->auth.aad.data = NULL;
 			op->sym->auth.aad.phys_addr = 0;
-			op->sym->auth.aad.length = 0;
 		}
 	}
 
@@ -709,8 +707,6 @@ l2fwd_main_loop(struct l2fwd_crypto_options *options)
 					options->auth_xform.auth.digest_length;
 			if (options->auth_xform.auth.add_auth_data_length) {
 				port_cparams[i].aad.data = options->aad.data;
-				port_cparams[i].aad.length =
-					options->auth_xform.auth.add_auth_data_length;
 				port_cparams[i].aad.phys_addr = options->aad.phys_addr;
 				if (!options->aad_param)
 					generate_random_key(port_cparams[i].aad.data,
diff --git a/lib/librte_cryptodev/rte_crypto_sym.h b/lib/librte_cryptodev/rte_crypto_sym.h
index 3ccb6fd..b964a56 100644
--- a/lib/librte_cryptodev/rte_crypto_sym.h
+++ b/lib/librte_cryptodev/rte_crypto_sym.h
@@ -365,7 +365,7 @@ struct rte_crypto_auth_xform {
 	 * the result shall be truncated.
 	 */
 
-	uint32_t add_auth_data_length;
+	uint16_t add_auth_data_length;
 	/**< The length of the additional authenticated data (AAD) in bytes.
 	 * The maximum permitted value is 65535 (2^16 - 1) bytes, unless
 	 * otherwise specified below.
@@ -653,10 +653,6 @@ struct rte_crypto_sym_op {
 			 * operation, this field is used to pass plaintext.
 			 */
 			phys_addr_t phys_addr;	/**< physical address */
-			uint16_t length;
-			/**< Length of additional authenticated data (AAD)
-			 * in bytes
-			 */
 		} aad;
 		/**< Additional authentication parameters */
 	} auth;
diff --git a/test/test/test_cryptodev.c b/test/test/test_cryptodev.c
index b5b499a..91078ab 100644
--- a/test/test/test_cryptodev.c
+++ b/test/test/test_cryptodev.c
@@ -4638,7 +4638,7 @@ test_3DES_cipheronly_openssl_all(void)
 static int
 create_gcm_session(uint8_t dev_id, enum rte_crypto_cipher_operation op,
 		const uint8_t *key, const uint8_t key_len,
-		const uint8_t aad_len, const uint8_t auth_len,
+		const uint16_t aad_len, const uint8_t auth_len,
 		uint8_t iv_len,
 		enum rte_crypto_auth_operation auth_op)
 {
@@ -4752,12 +4752,11 @@ create_gcm_operation(enum rte_crypto_cipher_operation op,
 	TEST_ASSERT_NOT_NULL(sym_op->auth.aad.data,
 			"no room to append aad");
 
-	sym_op->auth.aad.length = tdata->aad.len;
 	sym_op->auth.aad.phys_addr =
 			rte_pktmbuf_mtophys(ut_params->ibuf);
 	memcpy(sym_op->auth.aad.data, tdata->aad.data, tdata->aad.len);
 	TEST_HEXDUMP(stdout, "aad:", sym_op->auth.aad.data,
-		sym_op->auth.aad.length);
+		tdata->aad.len);
 
 	/* Append IV at the end of the crypto operation*/
 	uint8_t *iv_ptr = rte_crypto_op_ctod_offset(ut_params->op,
@@ -6316,7 +6315,6 @@ create_gmac_operation(enum rte_crypto_auth_operation op,
 	TEST_ASSERT_NOT_NULL(sym_op->auth.aad.data,
 			"no room to append aad");
 
-	sym_op->auth.aad.length = tdata->aad.len;
 	sym_op->auth.aad.phys_addr =
 			rte_pktmbuf_mtophys(ut_params->ibuf);
 	memcpy(sym_op->auth.aad.data, tdata->aad.data, tdata->aad.len);
@@ -6381,7 +6379,7 @@ static int create_gmac_session(uint8_t dev_id,
 	ut_params->auth_xform.auth.algo = RTE_CRYPTO_AUTH_AES_GMAC;
 	ut_params->auth_xform.auth.op = auth_op;
 	ut_params->auth_xform.auth.digest_length = tdata->gmac_tag.len;
-	ut_params->auth_xform.auth.add_auth_data_length = 0;
+	ut_params->auth_xform.auth.add_auth_data_length = tdata->aad.len;
 	ut_params->auth_xform.auth.key.length = 0;
 	ut_params->auth_xform.auth.key.data = NULL;
 
@@ -6861,7 +6859,6 @@ create_auth_GMAC_operation(struct crypto_testsuite_params *ts_params,
 	TEST_HEXDUMP(stdout, "AAD:", sym_op->auth.aad.data, reference->aad.len);
 
 	sym_op->auth.aad.phys_addr = rte_pktmbuf_mtophys(ut_params->ibuf);
-	sym_op->auth.aad.length = reference->aad.len;
 
 	/* digest */
 	sym_op->auth.digest.data = (uint8_t *)rte_pktmbuf_append(
@@ -7195,7 +7192,6 @@ create_gcm_operation_SGL(enum rte_crypto_cipher_operation op,
 			"no room to prepend aad");
 	sym_op->auth.aad.phys_addr = rte_pktmbuf_mtophys(
 			ut_params->ibuf);
-	sym_op->auth.aad.length = aad_len;
 
 	memset(sym_op->auth.aad.data, 0, aad_len);
 	rte_memcpy(sym_op->auth.aad.data, tdata->aad.data, aad_len);
diff --git a/test/test/test_cryptodev_perf.c b/test/test/test_cryptodev_perf.c
index 1d204fd..7239976 100644
--- a/test/test/test_cryptodev_perf.c
+++ b/test/test/test_cryptodev_perf.c
@@ -45,6 +45,7 @@
 
 #define AES_CIPHER_IV_LENGTH 16
 #define TRIPLE_DES_CIPHER_IV_LENGTH 8
+#define AES_GCM_AAD_LENGTH 16
 
 #define PERF_NUM_OPS_INFLIGHT		(128)
 #define DEFAULT_NUM_REQS_TO_SUBMIT	(10000000)
@@ -70,7 +71,6 @@ enum chain_mode {
 
 struct symmetric_op {
 	const uint8_t *aad_data;
-	uint32_t aad_len;
 
 	const uint8_t *p_data;
 	uint32_t p_len;
@@ -97,6 +97,7 @@ struct symmetric_session_attrs {
 
 	const uint8_t *iv_data;
 	uint16_t iv_len;
+	uint16_t aad_len;
 	uint32_t digest_len;
 };
 
@@ -2779,6 +2780,7 @@ test_perf_create_openssl_session(uint8_t dev_id, enum chain_mode chain,
 		break;
 	case RTE_CRYPTO_AUTH_AES_GCM:
 		auth_xform.auth.key.data = NULL;
+		auth_xform.auth.add_auth_data_length = AES_GCM_AAD_LENGTH;
 		break;
 	default:
 		return NULL;
@@ -2855,8 +2857,6 @@ test_perf_create_armv8_session(uint8_t dev_id, enum chain_mode chain,
 	}
 }
 
-#define AES_GCM_AAD_LENGTH 16
-
 static struct rte_mbuf *
 test_perf_create_pktmbuf(struct rte_mempool *mpool, unsigned buf_sz)
 {
@@ -2888,7 +2888,6 @@ test_perf_set_crypto_op_aes(struct rte_crypto_op *op, struct rte_mbuf *m,
 		op->sym->auth.digest.phys_addr = 0;
 		op->sym->auth.digest.length = 0;
 		op->sym->auth.aad.data = NULL;
-		op->sym->auth.aad.length = 0;
 		op->sym->auth.data.offset = 0;
 		op->sym->auth.data.length = 0;
 	} else {
@@ -2932,7 +2931,6 @@ test_perf_set_crypto_op_aes_gcm(struct rte_crypto_op *op, struct rte_mbuf *m,
 				rte_pktmbuf_mtophys_offset(m, data_len);
 	op->sym->auth.digest.length = digest_len;
 	op->sym->auth.aad.data = aes_gcm_aad;
-	op->sym->auth.aad.length = AES_GCM_AAD_LENGTH;
 
 	/* Copy IV at the end of the crypto operation */
 	rte_memcpy(rte_crypto_op_ctod_offset(op, uint8_t *, IV_OFFSET),
@@ -2999,9 +2997,14 @@ test_perf_set_crypto_op_snow3g_cipher(struct rte_crypto_op *op,
 	rte_memcpy(rte_crypto_op_ctod_offset(op, uint8_t *, IV_OFFSET),
 			snow3g_iv, SNOW3G_CIPHER_IV_LENGTH);
 
+	/* Cipher Parameters */
 	op->sym->cipher.data.offset = 0;
 	op->sym->cipher.data.length = data_len << 3;
 
+	rte_memcpy(rte_crypto_op_ctod_offset(op, uint8_t *, IV_OFFSET),
+			snow3g_iv,
+			SNOW3G_CIPHER_IV_LENGTH);
+
 	op->sym->m_src = m;
 
 	return op;
@@ -4137,6 +4140,7 @@ test_perf_create_session(uint8_t dev_id, struct perf_test_params *pparams)
 	auth_xform.auth.op = pparams->session_attrs->auth;
 	auth_xform.auth.algo = pparams->session_attrs->auth_algorithm;
 
+	auth_xform.auth.add_auth_data_length = pparams->session_attrs->aad_len;
 	auth_xform.auth.digest_length = pparams->session_attrs->digest_len;
 	auth_xform.auth.key.length = pparams->session_attrs->key_auth_len;
 
@@ -4172,17 +4176,16 @@ perf_gcm_set_crypto_op(struct rte_crypto_op *op, struct rte_mbuf *m,
 	op->sym->auth.digest.data = m_hlp->digest;
 	op->sym->auth.digest.phys_addr = rte_pktmbuf_mtophys_offset(
 					  m,
-					  params->symmetric_op->aad_len +
+					  params->session_attrs->aad_len +
 					  params->symmetric_op->p_len);
 
 	op->sym->auth.digest.length = params->symmetric_op->t_len;
 
 	op->sym->auth.aad.data = m_hlp->aad;
-	op->sym->auth.aad.length = params->symmetric_op->aad_len;
 	op->sym->auth.aad.phys_addr = rte_pktmbuf_mtophys(m);
 
 	rte_memcpy(op->sym->auth.aad.data, params->symmetric_op->aad_data,
-		       params->symmetric_op->aad_len);
+		       params->session_attrs->aad_len);
 
 	rte_memcpy(iv_ptr, params->session_attrs->iv_data,
 		       params->session_attrs->iv_len);
@@ -4190,11 +4193,11 @@ perf_gcm_set_crypto_op(struct rte_crypto_op *op, struct rte_mbuf *m,
 		iv_ptr[15] = 1;
 
 	op->sym->auth.data.offset =
-			params->symmetric_op->aad_len;
+			params->session_attrs->aad_len;
 	op->sym->auth.data.length = params->symmetric_op->p_len;
 
 	op->sym->cipher.data.offset =
-			params->symmetric_op->aad_len;
+			params->session_attrs->aad_len;
 	op->sym->cipher.data.length = params->symmetric_op->p_len;
 
 	op->sym->m_src = m;
@@ -4208,7 +4211,7 @@ test_perf_create_pktmbuf_fill(struct rte_mempool *mpool,
 		unsigned buf_sz, struct crypto_params *m_hlp)
 {
 	struct rte_mbuf *m = rte_pktmbuf_alloc(mpool);
-	uint16_t aad_len = params->symmetric_op->aad_len;
+	uint16_t aad_len = params->session_attrs->aad_len;
 	uint16_t digest_size = params->symmetric_op->t_len;
 	char *p;
 
@@ -4344,14 +4347,14 @@ perf_AES_GCM(uint8_t dev_id, uint16_t queue_id,
 				TEST_ASSERT_BUFFERS_ARE_EQUAL(
 					pparams->symmetric_op->c_data,
 					pkt +
-					pparams->symmetric_op->aad_len,
+					pparams->session_attrs->aad_len,
 					pparams->symmetric_op->c_len,
 					"GCM Ciphertext data not as expected");
 
 				TEST_ASSERT_BUFFERS_ARE_EQUAL(
 					pparams->symmetric_op->t_data,
 					pkt +
-					pparams->symmetric_op->aad_len +
+					pparams->session_attrs->aad_len +
 					pparams->symmetric_op->c_len,
 					pparams->symmetric_op->t_len,
 					"GCM MAC data not as expected");
@@ -4423,13 +4426,13 @@ test_perf_AES_GCM(int continual_buf_len, int continual_size)
 			RTE_CRYPTO_AUTH_OP_GENERATE;
 		session_attrs[i].key_auth_data = NULL;
 		session_attrs[i].key_auth_len = 0;
+		session_attrs[i].aad_len = gcm_test->aad.len;
 		session_attrs[i].digest_len =
 				gcm_test->auth_tag.len;
 		session_attrs[i].iv_len = gcm_test->iv.len;
 		session_attrs[i].iv_data = gcm_test->iv.data;
 
 		ops_set[i].aad_data = gcm_test->aad.data;
-		ops_set[i].aad_len = gcm_test->aad.len;
 		ops_set[i].p_data = gcm_test->plaintext.data;
 		ops_set[i].p_len = buf_lengths[i];
 		ops_set[i].c_data = gcm_test->ciphertext.data;
-- 
2.9.4

^ permalink raw reply	[flat|nested] 100+ messages in thread

* [dpdk-dev] [PATCH v2 18/27] cryptodev: remove digest length from crypto op
  2017-06-26 10:22 ` [dpdk-dev] [PATCH v2 00/27] Crypto operation restructuring Pablo de Lara
                     ` (16 preceding siblings ...)
  2017-06-26 10:22   ` [dpdk-dev] [PATCH v2 17/27] cryptodev: remove AAD length from crypto op Pablo de Lara
@ 2017-06-26 10:22   ` Pablo de Lara
  2017-06-26 10:22   ` [dpdk-dev] [PATCH v2 19/27] cryptodev: set AES-GMAC as auth-only algo Pablo de Lara
                     ` (10 subsequent siblings)
  28 siblings, 0 replies; 100+ messages in thread
From: Pablo de Lara @ 2017-06-26 10:22 UTC (permalink / raw)
  To: declan.doherty, zbigniew.bodek, jerin.jacob, akhil.goyal, hemant.agrawal
  Cc: dev, Pablo de Lara

Digest length was duplicated in the authentication transform
and the crypto operation structures.

Since digest length is not expected to change in a same
session, it is removed from the crypto operation.

Also, the length has been shrunk to 16 bits,
which should be sufficient for any digest.

Signed-off-by: Pablo de Lara <pablo.de.lara.guarch@intel.com>
---
 app/test-crypto-perf/cperf_ops.c                 |  7 ---
 doc/guides/prog_guide/cryptodev_lib.rst          |  1 -
 doc/guides/rel_notes/release_17_08.rst           |  3 ++
 drivers/crypto/aesni_gcm/aesni_gcm_pmd.c         | 34 +++++++-------
 drivers/crypto/aesni_gcm/aesni_gcm_pmd_private.h |  2 +
 drivers/crypto/armv8/rte_armv8_pmd.c             |  9 ++--
 drivers/crypto/armv8/rte_armv8_pmd_private.h     |  2 +
 drivers/crypto/dpaa2_sec/dpaa2_sec_dpseci.c      | 34 +++++++-------
 drivers/crypto/dpaa2_sec/dpaa2_sec_priv.h        |  1 +
 drivers/crypto/kasumi/rte_kasumi_pmd.c           | 18 ++++----
 drivers/crypto/openssl/rte_openssl_pmd.c         |  7 +--
 drivers/crypto/openssl/rte_openssl_pmd_private.h |  2 +
 drivers/crypto/qat/qat_adf/qat_algs.h            |  1 +
 drivers/crypto/qat/qat_crypto.c                  |  3 +-
 drivers/crypto/snow3g/rte_snow3g_pmd.c           | 18 ++++----
 drivers/crypto/zuc/rte_zuc_pmd.c                 | 18 ++++----
 examples/ipsec-secgw/esp.c                       |  2 -
 examples/l2fwd-crypto/main.c                     |  1 -
 lib/librte_cryptodev/rte_crypto_sym.h            |  6 +--
 test/test/test_cryptodev.c                       | 34 +++++---------
 test/test/test_cryptodev_blockcipher.c           |  5 +--
 test/test/test_cryptodev_perf.c                  | 56 ++++++++----------------
 22 files changed, 119 insertions(+), 145 deletions(-)

diff --git a/app/test-crypto-perf/cperf_ops.c b/app/test-crypto-perf/cperf_ops.c
index c45d369..b8bd397 100644
--- a/app/test-crypto-perf/cperf_ops.c
+++ b/app/test-crypto-perf/cperf_ops.c
@@ -154,7 +154,6 @@ cperf_set_ops_auth(struct rte_crypto_op **ops,
 			sym_op->auth.digest.data = test_vector->digest.data;
 			sym_op->auth.digest.phys_addr =
 					test_vector->digest.phys_addr;
-			sym_op->auth.digest.length = options->auth_digest_sz;
 		} else {
 
 			uint32_t offset = options->test_buffer_size;
@@ -177,7 +176,6 @@ cperf_set_ops_auth(struct rte_crypto_op **ops,
 					uint8_t *, offset);
 			sym_op->auth.digest.phys_addr =
 					rte_pktmbuf_mtophys_offset(buf,	offset);
-			sym_op->auth.digest.length = options->auth_digest_sz;
 			sym_op->auth.aad.phys_addr = test_vector->aad.phys_addr;
 			sym_op->auth.aad.data = test_vector->aad.data;
 
@@ -242,7 +240,6 @@ cperf_set_ops_cipher_auth(struct rte_crypto_op **ops,
 			sym_op->auth.digest.data = test_vector->digest.data;
 			sym_op->auth.digest.phys_addr =
 					test_vector->digest.phys_addr;
-			sym_op->auth.digest.length = options->auth_digest_sz;
 		} else {
 
 			uint32_t offset = options->test_buffer_size;
@@ -265,7 +262,6 @@ cperf_set_ops_cipher_auth(struct rte_crypto_op **ops,
 					uint8_t *, offset);
 			sym_op->auth.digest.phys_addr =
 					rte_pktmbuf_mtophys_offset(buf,	offset);
-			sym_op->auth.digest.length = options->auth_digest_sz;
 			sym_op->auth.aad.phys_addr = test_vector->aad.phys_addr;
 			sym_op->auth.aad.data = test_vector->aad.data;
 		}
@@ -318,7 +314,6 @@ cperf_set_ops_aead(struct rte_crypto_op **ops,
 			sym_op->auth.digest.data = test_vector->digest.data;
 			sym_op->auth.digest.phys_addr =
 					test_vector->digest.phys_addr;
-			sym_op->auth.digest.length = options->auth_digest_sz;
 		} else {
 
 			uint32_t offset = sym_op->cipher.data.length +
@@ -342,8 +337,6 @@ cperf_set_ops_aead(struct rte_crypto_op **ops,
 					uint8_t *, offset);
 			sym_op->auth.digest.phys_addr =
 					rte_pktmbuf_mtophys_offset(buf,	offset);
-
-			sym_op->auth.digest.length = options->auth_digest_sz;
 		}
 
 		sym_op->auth.data.length = options->test_buffer_size;
diff --git a/doc/guides/prog_guide/cryptodev_lib.rst b/doc/guides/prog_guide/cryptodev_lib.rst
index ea8fc00..e036611 100644
--- a/doc/guides/prog_guide/cryptodev_lib.rst
+++ b/doc/guides/prog_guide/cryptodev_lib.rst
@@ -547,7 +547,6 @@ chain.
             struct {
                 uint8_t *data;
                 phys_addr_t phys_addr;
-                uint16_t length;
             } digest; /**< Digest parameters */
 
             struct {
diff --git a/doc/guides/rel_notes/release_17_08.rst b/doc/guides/rel_notes/release_17_08.rst
index e633d73..a544639 100644
--- a/doc/guides/rel_notes/release_17_08.rst
+++ b/doc/guides/rel_notes/release_17_08.rst
@@ -166,6 +166,9 @@ API Changes
   * Removed Additional Authentication Data (AAD) length from ``rte_crypto_sym_op``.
   * Changed field size of AAD length in ``rte_crypto_auth_xform``,
     from uint32_t to uint16_t.
+  * Removed digest length from ``rte_crypto_sym_op``.
+  * Changed field size of digest length in ``rte_crypto_auth_xform``,
+    from uint32_t to uint16_t.
 
 
 ABI Changes
diff --git a/drivers/crypto/aesni_gcm/aesni_gcm_pmd.c b/drivers/crypto/aesni_gcm/aesni_gcm_pmd.c
index 77808b4..cf115d3 100644
--- a/drivers/crypto/aesni_gcm/aesni_gcm_pmd.c
+++ b/drivers/crypto/aesni_gcm/aesni_gcm_pmd.c
@@ -78,6 +78,7 @@ aesni_gcm_set_session_parameters(struct aesni_gcm_session *sess,
 {
 	const struct rte_crypto_sym_xform *auth_xform;
 	const struct rte_crypto_sym_xform *cipher_xform;
+	uint16_t digest_length;
 
 	if (xform->next == NULL || xform->next->next != NULL) {
 		GCM_LOG_ERR("Two and only two chained xform required");
@@ -128,6 +129,8 @@ aesni_gcm_set_session_parameters(struct aesni_gcm_session *sess,
 		return -EINVAL;
 	}
 
+	digest_length = auth_xform->auth.digest_length;
+
 	/* Check key length and calculate GCM pre-compute. */
 	switch (cipher_xform->cipher.key.length) {
 	case 16:
@@ -146,6 +149,14 @@ aesni_gcm_set_session_parameters(struct aesni_gcm_session *sess,
 	}
 
 	sess->aad_length = auth_xform->auth.add_auth_data_length;
+	/* Digest check */
+	if (digest_length != 16 &&
+			digest_length != 12 &&
+			digest_length != 8) {
+		GCM_LOG_ERR("digest");
+		return -EINVAL;
+	}
+	sess->digest_length = digest_length;
 
 	return 0;
 }
@@ -245,13 +256,6 @@ process_gcm_crypto_op(struct rte_crypto_op *op,
 		*iv_padd = rte_bswap32(1);
 	}
 
-	if (sym_op->auth.digest.length != 16 &&
-			sym_op->auth.digest.length != 12 &&
-			sym_op->auth.digest.length != 8) {
-		GCM_LOG_ERR("digest");
-		return -1;
-	}
-
 	if (session->op == AESNI_GCM_OP_AUTHENTICATED_ENCRYPTION) {
 
 		aesni_gcm_enc[session->key].init(&session->gdata,
@@ -281,11 +285,11 @@ process_gcm_crypto_op(struct rte_crypto_op *op,
 
 		aesni_gcm_enc[session->key].finalize(&session->gdata,
 				sym_op->auth.digest.data,
-				(uint64_t)sym_op->auth.digest.length);
+				(uint64_t)session->digest_length);
 	} else { /* session->op == AESNI_GCM_OP_AUTHENTICATED_DECRYPTION */
 		uint8_t *auth_tag = (uint8_t *)rte_pktmbuf_append(sym_op->m_dst ?
 				sym_op->m_dst : sym_op->m_src,
-				sym_op->auth.digest.length);
+				session->digest_length);
 
 		if (!auth_tag) {
 			GCM_LOG_ERR("auth_tag");
@@ -319,7 +323,7 @@ process_gcm_crypto_op(struct rte_crypto_op *op,
 
 		aesni_gcm_dec[session->key].finalize(&session->gdata,
 				auth_tag,
-				(uint64_t)sym_op->auth.digest.length);
+				(uint64_t)session->digest_length);
 	}
 
 	return 0;
@@ -349,21 +353,21 @@ post_process_gcm_crypto_op(struct rte_crypto_op *op)
 	if (session->op == AESNI_GCM_OP_AUTHENTICATED_DECRYPTION) {
 
 		uint8_t *tag = rte_pktmbuf_mtod_offset(m, uint8_t *,
-				m->data_len - op->sym->auth.digest.length);
+				m->data_len - session->digest_length);
 
 #ifdef RTE_LIBRTE_PMD_AESNI_GCM_DEBUG
 		rte_hexdump(stdout, "auth tag (orig):",
-				op->sym->auth.digest.data, op->sym->auth.digest.length);
+				op->sym->auth.digest.data, session->digest_length);
 		rte_hexdump(stdout, "auth tag (calc):",
-				tag, op->sym->auth.digest.length);
+				tag, session->digest_length);
 #endif
 
 		if (memcmp(tag, op->sym->auth.digest.data,
-				op->sym->auth.digest.length) != 0)
+				session->digest_length) != 0)
 			op->status = RTE_CRYPTO_OP_STATUS_AUTH_FAILED;
 
 		/* trim area used for digest from mbuf */
-		rte_pktmbuf_trim(m, op->sym->auth.digest.length);
+		rte_pktmbuf_trim(m, session->digest_length);
 	}
 }
 
diff --git a/drivers/crypto/aesni_gcm/aesni_gcm_pmd_private.h b/drivers/crypto/aesni_gcm/aesni_gcm_pmd_private.h
index bfd4d1c..05fabe6 100644
--- a/drivers/crypto/aesni_gcm/aesni_gcm_pmd_private.h
+++ b/drivers/crypto/aesni_gcm/aesni_gcm_pmd_private.h
@@ -95,6 +95,8 @@ struct aesni_gcm_session {
 		uint16_t offset;
 	} iv;
 	/**< IV parameters */
+	uint16_t digest_length;
+	/**< Digest length */
 	enum aesni_gcm_operation op;
 	/**< GCM operation type */
 	enum aesni_gcm_key key;
diff --git a/drivers/crypto/armv8/rte_armv8_pmd.c b/drivers/crypto/armv8/rte_armv8_pmd.c
index 5256f66..dae74c8 100644
--- a/drivers/crypto/armv8/rte_armv8_pmd.c
+++ b/drivers/crypto/armv8/rte_armv8_pmd.c
@@ -452,6 +452,9 @@ armv8_crypto_set_session_chained_parameters(struct armv8_crypto_session *sess,
 		return -EINVAL;
 	}
 
+	/* Set the digest length */
+	sess->auth.digest_length = auth_xform->auth.digest_length;
+
 	/* Verify supported key lengths and extract proper algorithm */
 	switch (cipher_xform->cipher.key.length << 3) {
 	case 128:
@@ -649,7 +652,7 @@ process_armv8_chained_op
 		}
 	} else {
 		adst = (uint8_t *)rte_pktmbuf_append(m_asrc,
-				op->sym->auth.digest.length);
+				sess->auth.digest_length);
 	}
 
 	arg.cipher.iv = rte_crypto_op_ctod_offset(op, uint8_t *,
@@ -667,12 +670,12 @@ process_armv8_chained_op
 	op->status = RTE_CRYPTO_OP_STATUS_SUCCESS;
 	if (sess->auth.operation == RTE_CRYPTO_AUTH_OP_VERIFY) {
 		if (memcmp(adst, op->sym->auth.digest.data,
-				op->sym->auth.digest.length) != 0) {
+				sess->auth.digest_length) != 0) {
 			op->status = RTE_CRYPTO_OP_STATUS_AUTH_FAILED;
 		}
 		/* Trim area used for digest from mbuf. */
 		rte_pktmbuf_trim(m_asrc,
-				op->sym->auth.digest.length);
+				sess->auth.digest_length);
 	}
 }
 
diff --git a/drivers/crypto/armv8/rte_armv8_pmd_private.h b/drivers/crypto/armv8/rte_armv8_pmd_private.h
index 75bde9f..09d32f2 100644
--- a/drivers/crypto/armv8/rte_armv8_pmd_private.h
+++ b/drivers/crypto/armv8/rte_armv8_pmd_private.h
@@ -199,6 +199,8 @@ struct armv8_crypto_session {
 				/**< HMAC key (max supported length)*/
 			} hmac;
 		};
+		uint16_t digest_length;
+		/* Digest length */
 	} auth;
 
 } __rte_cache_aligned;
diff --git a/drivers/crypto/dpaa2_sec/dpaa2_sec_dpseci.c b/drivers/crypto/dpaa2_sec/dpaa2_sec_dpseci.c
index 3930794..8ee6ece 100644
--- a/drivers/crypto/dpaa2_sec/dpaa2_sec_dpseci.c
+++ b/drivers/crypto/dpaa2_sec/dpaa2_sec_dpseci.c
@@ -84,7 +84,7 @@ build_authenc_fd(dpaa2_sec_session *sess,
 	struct sec_flow_context *flc;
 	uint32_t auth_only_len = sym_op->auth.data.length -
 				sym_op->cipher.data.length;
-	int icv_len = sym_op->auth.digest.length;
+	int icv_len = sess->digest_length;
 	uint8_t *old_icv;
 	uint32_t mem_len = (7 * sizeof(struct qbman_fle)) + icv_len;
 	uint8_t *iv_ptr = rte_crypto_op_ctod_offset(op, uint8_t *,
@@ -135,7 +135,7 @@ build_authenc_fd(dpaa2_sec_session *sess,
 		   "cipher_off: 0x%x/length %d, iv-len=%d data_off: 0x%x\n",
 		   sym_op->auth.data.offset,
 		   sym_op->auth.data.length,
-		   sym_op->auth.digest.length,
+		   sess->digest_length,
 		   sym_op->cipher.data.offset,
 		   sym_op->cipher.data.length,
 		   sess->iv.length,
@@ -161,7 +161,7 @@ build_authenc_fd(dpaa2_sec_session *sess,
 		sge++;
 		DPAA2_SET_FLE_ADDR(sge,
 				DPAA2_VADDR_TO_IOVA(sym_op->auth.digest.data));
-		sge->length = sym_op->auth.digest.length;
+		sge->length = sess->digest_length;
 		DPAA2_SET_FD_LEN(fd, (sym_op->auth.data.length +
 					sess->iv.length));
 	}
@@ -177,7 +177,7 @@ build_authenc_fd(dpaa2_sec_session *sess,
 	fle->length = (sess->dir == DIR_ENC) ?
 			(sym_op->auth.data.length + sess->iv.length) :
 			(sym_op->auth.data.length + sess->iv.length +
-			 sym_op->auth.digest.length);
+			 sess->digest_length);
 
 	/* Configure Input SGE for Encap/Decap */
 	DPAA2_SET_FLE_ADDR(sge, DPAA2_VADDR_TO_IOVA(iv_ptr));
@@ -192,12 +192,12 @@ build_authenc_fd(dpaa2_sec_session *sess,
 		sge++;
 		old_icv = (uint8_t *)(sge + 1);
 		memcpy(old_icv,	sym_op->auth.digest.data,
-		       sym_op->auth.digest.length);
-		memset(sym_op->auth.digest.data, 0, sym_op->auth.digest.length);
+		       sess->digest_length);
+		memset(sym_op->auth.digest.data, 0, sess->digest_length);
 		DPAA2_SET_FLE_ADDR(sge, DPAA2_VADDR_TO_IOVA(old_icv));
-		sge->length = sym_op->auth.digest.length;
+		sge->length = sess->digest_length;
 		DPAA2_SET_FD_LEN(fd, (sym_op->auth.data.length +
-				 sym_op->auth.digest.length +
+				 sess->digest_length +
 				 sess->iv.length));
 	}
 	DPAA2_SET_FLE_FIN(sge);
@@ -217,7 +217,7 @@ build_auth_fd(dpaa2_sec_session *sess, struct rte_crypto_op *op,
 	uint32_t mem_len = (sess->dir == DIR_ENC) ?
 			   (3 * sizeof(struct qbman_fle)) :
 			   (5 * sizeof(struct qbman_fle) +
-			    sym_op->auth.digest.length);
+			    sess->digest_length);
 	struct sec_flow_context *flc;
 	struct ctxt_priv *priv = sess->ctxt;
 	uint8_t *old_digest;
@@ -251,7 +251,7 @@ build_auth_fd(dpaa2_sec_session *sess, struct rte_crypto_op *op,
 	DPAA2_SET_FD_FLC(fd, DPAA2_VADDR_TO_IOVA(flc));
 
 	DPAA2_SET_FLE_ADDR(fle, DPAA2_VADDR_TO_IOVA(sym_op->auth.digest.data));
-	fle->length = sym_op->auth.digest.length;
+	fle->length = sess->digest_length;
 
 	DPAA2_SET_FD_ADDR(fd, DPAA2_VADDR_TO_IOVA(fle));
 	DPAA2_SET_FD_COMPOUND_FMT(fd);
@@ -282,17 +282,17 @@ build_auth_fd(dpaa2_sec_session *sess, struct rte_crypto_op *op,
 				     sym_op->m_src->data_off);
 
 		DPAA2_SET_FD_LEN(fd, sym_op->auth.data.length +
-				 sym_op->auth.digest.length);
+				 sess->digest_length);
 		sge->length = sym_op->auth.data.length;
 		sge++;
 		old_digest = (uint8_t *)(sge + 1);
 		rte_memcpy(old_digest, sym_op->auth.digest.data,
-			   sym_op->auth.digest.length);
-		memset(sym_op->auth.digest.data, 0, sym_op->auth.digest.length);
+			   sess->digest_length);
+		memset(sym_op->auth.digest.data, 0, sess->digest_length);
 		DPAA2_SET_FLE_ADDR(sge, DPAA2_VADDR_TO_IOVA(old_digest));
-		sge->length = sym_op->auth.digest.length;
+		sge->length = sess->digest_length;
 		fle->length = sym_op->auth.data.length +
-				sym_op->auth.digest.length;
+				sess->digest_length;
 		DPAA2_SET_FLE_FIN(sge);
 	}
 	DPAA2_SET_FLE_FIN(fle);
@@ -912,6 +912,8 @@ dpaa2_sec_auth_init(struct rte_cryptodev *dev,
 	authdata.key_enc_flags = 0;
 	authdata.key_type = RTA_DATA_IMM;
 
+	session->digest_length = xform->auth.digest_length;
+
 	switch (xform->auth.algo) {
 	case RTE_CRYPTO_AUTH_SHA1_HMAC:
 		authdata.algtype = OP_ALG_ALGSEL_SHA1;
@@ -1064,6 +1066,8 @@ dpaa2_sec_aead_init(struct rte_cryptodev *dev,
 	authdata.key_enc_flags = 0;
 	authdata.key_type = RTA_DATA_IMM;
 
+	session->digest_length = auth_xform->digest_length;
+
 	switch (auth_xform->algo) {
 	case RTE_CRYPTO_AUTH_SHA1_HMAC:
 		authdata.algtype = OP_ALG_ALGSEL_SHA1;
diff --git a/drivers/crypto/dpaa2_sec/dpaa2_sec_priv.h b/drivers/crypto/dpaa2_sec/dpaa2_sec_priv.h
index ff3be70..eda2eec 100644
--- a/drivers/crypto/dpaa2_sec/dpaa2_sec_priv.h
+++ b/drivers/crypto/dpaa2_sec/dpaa2_sec_priv.h
@@ -191,6 +191,7 @@ typedef struct dpaa2_sec_session_entry {
 		uint16_t length; /**< IV length in bytes */
 		uint16_t offset; /**< IV offset in bytes */
 	} iv;
+	uint16_t digest_length;
 	uint8_t status;
 	union {
 		struct dpaa2_sec_cipher_ctxt cipher_ctxt;
diff --git a/drivers/crypto/kasumi/rte_kasumi_pmd.c b/drivers/crypto/kasumi/rte_kasumi_pmd.c
index 43f7fe7..32a5a7c 100644
--- a/drivers/crypto/kasumi/rte_kasumi_pmd.c
+++ b/drivers/crypto/kasumi/rte_kasumi_pmd.c
@@ -132,6 +132,12 @@ kasumi_set_session_parameters(struct kasumi_session *sess,
 		/* Only KASUMI F9 supported */
 		if (auth_xform->auth.algo != RTE_CRYPTO_AUTH_KASUMI_F9)
 			return -EINVAL;
+
+		if (auth_xform->auth.digest_length != KASUMI_DIGEST_LENGTH) {
+			KASUMI_LOG_ERR("Wrong digest length");
+			return -EINVAL;
+		}
+
 		sess->auth_op = auth_xform->auth.op;
 
 		sess->auth_iv_offset = auth_xform->auth.iv.offset;
@@ -261,12 +267,6 @@ process_kasumi_hash_op(struct rte_crypto_op **ops,
 	uint8_t direction;
 
 	for (i = 0; i < num_ops; i++) {
-		if (unlikely(ops[i]->sym->auth.digest.length != KASUMI_DIGEST_LENGTH)) {
-			ops[i]->status = RTE_CRYPTO_OP_STATUS_INVALID_ARGS;
-			KASUMI_LOG_ERR("digest");
-			break;
-		}
-
 		/* Data must be byte aligned */
 		if ((ops[i]->sym->auth.data.offset % BYTE_LEN) != 0) {
 			ops[i]->status = RTE_CRYPTO_OP_STATUS_INVALID_ARGS;
@@ -288,19 +288,19 @@ process_kasumi_hash_op(struct rte_crypto_op **ops,
 
 		if (session->auth_op == RTE_CRYPTO_AUTH_OP_VERIFY) {
 			dst = (uint8_t *)rte_pktmbuf_append(ops[i]->sym->m_src,
-					ops[i]->sym->auth.digest.length);
+					KASUMI_DIGEST_LENGTH);
 
 			sso_kasumi_f9_1_buffer_user(&session->pKeySched_hash,
 					iv, src,
 					length_in_bits,	dst, direction);
 			/* Verify digest. */
 			if (memcmp(dst, ops[i]->sym->auth.digest.data,
-					ops[i]->sym->auth.digest.length) != 0)
+					KASUMI_DIGEST_LENGTH) != 0)
 				ops[i]->status = RTE_CRYPTO_OP_STATUS_AUTH_FAILED;
 
 			/* Trim area used for digest from mbuf. */
 			rte_pktmbuf_trim(ops[i]->sym->m_src,
-					ops[i]->sym->auth.digest.length);
+					KASUMI_DIGEST_LENGTH);
 		} else  {
 			dst = ops[i]->sym->auth.digest.data;
 
diff --git a/drivers/crypto/openssl/rte_openssl_pmd.c b/drivers/crypto/openssl/rte_openssl_pmd.c
index 8853a67..7b39691 100644
--- a/drivers/crypto/openssl/rte_openssl_pmd.c
+++ b/drivers/crypto/openssl/rte_openssl_pmd.c
@@ -371,6 +371,7 @@ openssl_set_session_auth_parameters(struct openssl_session *sess,
 	}
 
 	sess->auth.aad_length = xform->auth.add_auth_data_length;
+	sess->auth.digest_length = xform->auth.digest_length;
 
 	return 0;
 }
@@ -1130,7 +1131,7 @@ process_openssl_auth_op
 
 	if (sess->auth.operation == RTE_CRYPTO_AUTH_OP_VERIFY)
 		dst = (uint8_t *)rte_pktmbuf_append(mbuf_src,
-				op->sym->auth.digest.length);
+				sess->auth.digest_length);
 	else {
 		dst = op->sym->auth.digest.data;
 		if (dst == NULL)
@@ -1158,11 +1159,11 @@ process_openssl_auth_op
 
 	if (sess->auth.operation == RTE_CRYPTO_AUTH_OP_VERIFY) {
 		if (memcmp(dst, op->sym->auth.digest.data,
-				op->sym->auth.digest.length) != 0) {
+				sess->auth.digest_length) != 0) {
 			op->status = RTE_CRYPTO_OP_STATUS_AUTH_FAILED;
 		}
 		/* Trim area used for digest from mbuf. */
-		rte_pktmbuf_trim(mbuf_src, op->sym->auth.digest.length);
+		rte_pktmbuf_trim(mbuf_src, sess->auth.digest_length);
 	}
 
 	if (status != 0)
diff --git a/drivers/crypto/openssl/rte_openssl_pmd_private.h b/drivers/crypto/openssl/rte_openssl_pmd_private.h
index 045e532..4c9be05 100644
--- a/drivers/crypto/openssl/rte_openssl_pmd_private.h
+++ b/drivers/crypto/openssl/rte_openssl_pmd_private.h
@@ -165,6 +165,8 @@ struct openssl_session {
 
 		uint16_t aad_length;
 		/**< AAD length */
+		uint16_t digest_length;
+		/**< digest length */
 	} auth;
 
 } __rte_cache_aligned;
diff --git a/drivers/crypto/qat/qat_adf/qat_algs.h b/drivers/crypto/qat/qat_adf/qat_algs.h
index f70c6cb..b13d90b 100644
--- a/drivers/crypto/qat/qat_adf/qat_algs.h
+++ b/drivers/crypto/qat/qat_adf/qat_algs.h
@@ -135,6 +135,7 @@ struct qat_session {
 		uint16_t offset;
 		uint16_t length;
 	} auth_iv;
+	uint16_t digest_length;
 	rte_spinlock_t lock;	/* protects this struct */
 };
 
diff --git a/drivers/crypto/qat/qat_crypto.c b/drivers/crypto/qat/qat_crypto.c
index 6adc1eb..6174f61 100644
--- a/drivers/crypto/qat/qat_crypto.c
+++ b/drivers/crypto/qat/qat_crypto.c
@@ -606,6 +606,7 @@ qat_crypto_sym_configure_session_auth(struct rte_cryptodev *dev,
 				auth_xform->op))
 			goto error_out;
 	}
+	session->digest_length = auth_xform->digest_length;
 	return session;
 
 error_out:
@@ -1215,7 +1216,7 @@ qat_write_hw_desc_entry(struct rte_crypto_op *op, uint8_t *out_msg,
 						ctx->auth_iv.length);
 		}
 		rte_hexdump(stdout, "digest:", op->sym->auth.digest.data,
-				op->sym->auth.digest.length);
+				ctx->digest_length);
 		rte_hexdump(stdout, "aad:", op->sym->auth.aad.data,
 				ctx->aad_len);
 	}
diff --git a/drivers/crypto/snow3g/rte_snow3g_pmd.c b/drivers/crypto/snow3g/rte_snow3g_pmd.c
index 23f00a6..064fc69 100644
--- a/drivers/crypto/snow3g/rte_snow3g_pmd.c
+++ b/drivers/crypto/snow3g/rte_snow3g_pmd.c
@@ -132,6 +132,12 @@ snow3g_set_session_parameters(struct snow3g_session *sess,
 		/* Only SNOW 3G UIA2 supported */
 		if (auth_xform->auth.algo != RTE_CRYPTO_AUTH_SNOW3G_UIA2)
 			return -EINVAL;
+
+		if (auth_xform->auth.digest_length != SNOW3G_DIGEST_LENGTH) {
+			SNOW3G_LOG_ERR("Wrong digest length");
+			return -EINVAL;
+		}
+
 		sess->auth_op = auth_xform->auth.op;
 
 		if (auth_xform->auth.iv.length != SNOW3G_IV_LENGTH) {
@@ -252,12 +258,6 @@ process_snow3g_hash_op(struct rte_crypto_op **ops,
 	uint8_t *iv;
 
 	for (i = 0; i < num_ops; i++) {
-		if (unlikely(ops[i]->sym->auth.digest.length != SNOW3G_DIGEST_LENGTH)) {
-			ops[i]->status = RTE_CRYPTO_OP_STATUS_INVALID_ARGS;
-			SNOW3G_LOG_ERR("digest");
-			break;
-		}
-
 		/* Data must be byte aligned */
 		if ((ops[i]->sym->auth.data.offset % BYTE_LEN) != 0) {
 			ops[i]->status = RTE_CRYPTO_OP_STATUS_INVALID_ARGS;
@@ -274,19 +274,19 @@ process_snow3g_hash_op(struct rte_crypto_op **ops,
 
 		if (session->auth_op == RTE_CRYPTO_AUTH_OP_VERIFY) {
 			dst = (uint8_t *)rte_pktmbuf_append(ops[i]->sym->m_src,
-					ops[i]->sym->auth.digest.length);
+					SNOW3G_DIGEST_LENGTH);
 
 			sso_snow3g_f9_1_buffer(&session->pKeySched_hash,
 					iv, src,
 					length_in_bits,	dst);
 			/* Verify digest. */
 			if (memcmp(dst, ops[i]->sym->auth.digest.data,
-					ops[i]->sym->auth.digest.length) != 0)
+					SNOW3G_DIGEST_LENGTH) != 0)
 				ops[i]->status = RTE_CRYPTO_OP_STATUS_AUTH_FAILED;
 
 			/* Trim area used for digest from mbuf. */
 			rte_pktmbuf_trim(ops[i]->sym->m_src,
-					ops[i]->sym->auth.digest.length);
+					SNOW3G_DIGEST_LENGTH);
 		} else  {
 			dst = ops[i]->sym->auth.digest.data;
 
diff --git a/drivers/crypto/zuc/rte_zuc_pmd.c b/drivers/crypto/zuc/rte_zuc_pmd.c
index c824d9c..3c2d437 100644
--- a/drivers/crypto/zuc/rte_zuc_pmd.c
+++ b/drivers/crypto/zuc/rte_zuc_pmd.c
@@ -131,6 +131,12 @@ zuc_set_session_parameters(struct zuc_session *sess,
 		/* Only ZUC EIA3 supported */
 		if (auth_xform->auth.algo != RTE_CRYPTO_AUTH_ZUC_EIA3)
 			return -EINVAL;
+
+		if (auth_xform->auth.digest_length != ZUC_DIGEST_LENGTH) {
+			ZUC_LOG_ERR("Wrong digest length");
+			return -EINVAL;
+		}
+
 		sess->auth_op = auth_xform->auth.op;
 
 		if (auth_xform->auth.iv.length != ZUC_IV_KEY_LENGTH) {
@@ -249,12 +255,6 @@ process_zuc_hash_op(struct rte_crypto_op **ops,
 	uint8_t *iv;
 
 	for (i = 0; i < num_ops; i++) {
-		if (unlikely(ops[i]->sym->auth.digest.length != ZUC_DIGEST_LENGTH)) {
-			ops[i]->status = RTE_CRYPTO_OP_STATUS_INVALID_ARGS;
-			ZUC_LOG_ERR("digest");
-			break;
-		}
-
 		/* Data must be byte aligned */
 		if ((ops[i]->sym->auth.data.offset % BYTE_LEN) != 0) {
 			ops[i]->status = RTE_CRYPTO_OP_STATUS_INVALID_ARGS;
@@ -271,19 +271,19 @@ process_zuc_hash_op(struct rte_crypto_op **ops,
 
 		if (session->auth_op == RTE_CRYPTO_AUTH_OP_VERIFY) {
 			dst = (uint32_t *)rte_pktmbuf_append(ops[i]->sym->m_src,
-					ops[i]->sym->auth.digest.length);
+					ZUC_DIGEST_LENGTH);
 
 			sso_zuc_eia3_1_buffer(session->pKey_hash,
 					iv, src,
 					length_in_bits,	dst);
 			/* Verify digest. */
 			if (memcmp(dst, ops[i]->sym->auth.digest.data,
-					ops[i]->sym->auth.digest.length) != 0)
+					ZUC_DIGEST_LENGTH) != 0)
 				ops[i]->status = RTE_CRYPTO_OP_STATUS_AUTH_FAILED;
 
 			/* Trim area used for digest from mbuf. */
 			rte_pktmbuf_trim(ops[i]->sym->m_src,
-					ops[i]->sym->auth.digest.length);
+					ZUC_DIGEST_LENGTH);
 		} else  {
 			dst = (uint32_t *)ops[i]->sym->auth.digest.data;
 
diff --git a/examples/ipsec-secgw/esp.c b/examples/ipsec-secgw/esp.c
index 571c2c6..d544a3c 100644
--- a/examples/ipsec-secgw/esp.c
+++ b/examples/ipsec-secgw/esp.c
@@ -140,7 +140,6 @@ esp_inbound(struct rte_mbuf *m, struct ipsec_sa *sa,
 			rte_pktmbuf_pkt_len(m) - sa->digest_len);
 	sym_cop->auth.digest.phys_addr = rte_pktmbuf_mtophys_offset(m,
 			rte_pktmbuf_pkt_len(m) - sa->digest_len);
-	sym_cop->auth.digest.length = sa->digest_len;
 
 	return 0;
 }
@@ -368,7 +367,6 @@ esp_outbound(struct rte_mbuf *m, struct ipsec_sa *sa,
 			rte_pktmbuf_pkt_len(m) - sa->digest_len);
 	sym_cop->auth.digest.phys_addr = rte_pktmbuf_mtophys_offset(m,
 			rte_pktmbuf_pkt_len(m) - sa->digest_len);
-	sym_cop->auth.digest.length = sa->digest_len;
 
 	return 0;
 }
diff --git a/examples/l2fwd-crypto/main.c b/examples/l2fwd-crypto/main.c
index 6fe829e..6d88937 100644
--- a/examples/l2fwd-crypto/main.c
+++ b/examples/l2fwd-crypto/main.c
@@ -481,7 +481,6 @@ l2fwd_simple_crypto_enqueue(struct rte_mbuf *m,
 
 		op->sym->auth.digest.phys_addr = rte_pktmbuf_mtophys_offset(m,
 				rte_pktmbuf_pkt_len(m) - cparams->digest_length);
-		op->sym->auth.digest.length = cparams->digest_length;
 
 		/* For wireless algorithms, offset/length must be in bits */
 		if (cparams->auth_algo == RTE_CRYPTO_AUTH_SNOW3G_UIA2 ||
diff --git a/lib/librte_cryptodev/rte_crypto_sym.h b/lib/librte_cryptodev/rte_crypto_sym.h
index b964a56..de4031a 100644
--- a/lib/librte_cryptodev/rte_crypto_sym.h
+++ b/lib/librte_cryptodev/rte_crypto_sym.h
@@ -354,7 +354,7 @@ struct rte_crypto_auth_xform {
 	 * (for example RFC 2104, FIPS 198a).
 	 */
 
-	uint32_t digest_length;
+	uint16_t digest_length;
 	/**< Length of the digest to be returned. If the verify option is set,
 	 * this specifies the length of the digest to be compared for the
 	 * session.
@@ -604,10 +604,6 @@ struct rte_crypto_sym_op {
 			 */
 			phys_addr_t phys_addr;
 			/**< Physical address of digest */
-			uint16_t length;
-			/**< Length of digest. This must be the same value as
-			 * @ref rte_crypto_auth_xform.digest_length.
-			 */
 		} digest; /**< Digest parameters */
 
 		struct {
diff --git a/test/test/test_cryptodev.c b/test/test/test_cryptodev.c
index 91078ab..a1243d0 100644
--- a/test/test/test_cryptodev.c
+++ b/test/test/test_cryptodev.c
@@ -1307,7 +1307,6 @@ test_AES_CBC_HMAC_SHA1_encrypt_digest(void)
 	sym_op->auth.digest.data = ut_params->digest;
 	sym_op->auth.digest.phys_addr = rte_pktmbuf_mtophys_offset(
 			ut_params->ibuf, QUOTE_512_BYTES);
-	sym_op->auth.digest.length = DIGEST_BYTE_LENGTH_SHA1;
 
 	sym_op->auth.data.offset = 0;
 	sym_op->auth.data.length = QUOTE_512_BYTES;
@@ -1459,7 +1458,6 @@ test_AES_CBC_HMAC_SHA512_decrypt_perform(struct rte_cryptodev_sym_session *sess,
 	sym_op->auth.digest.data = ut_params->digest;
 	sym_op->auth.digest.phys_addr = rte_pktmbuf_mtophys_offset(
 			ut_params->ibuf, QUOTE_512_BYTES);
-	sym_op->auth.digest.length = DIGEST_BYTE_LENGTH_SHA512;
 
 	sym_op->auth.data.offset = 0;
 	sym_op->auth.data.length = QUOTE_512_BYTES;
@@ -2102,7 +2100,6 @@ create_wireless_algo_hash_operation(const uint8_t *auth_tag,
 	ut_params->digest = sym_op->auth.digest.data;
 	sym_op->auth.digest.phys_addr = rte_pktmbuf_mtophys_offset(
 			ut_params->ibuf, data_pad_len);
-	sym_op->auth.digest.length = auth_tag_len;
 	if (op == RTE_CRYPTO_AUTH_OP_GENERATE)
 		memset(sym_op->auth.digest.data, 0, auth_tag_len);
 	else
@@ -2110,7 +2107,7 @@ create_wireless_algo_hash_operation(const uint8_t *auth_tag,
 
 	TEST_HEXDUMP(stdout, "digest:",
 		sym_op->auth.digest.data,
-		sym_op->auth.digest.length);
+		auth_tag_len);
 
 	sym_op->auth.data.length = auth_len;
 	sym_op->auth.data.offset = auth_offset;
@@ -2159,7 +2156,6 @@ create_wireless_cipher_hash_operation(const struct wireless_test_data *tdata,
 	ut_params->digest = sym_op->auth.digest.data;
 	sym_op->auth.digest.phys_addr = rte_pktmbuf_mtophys_offset(
 			ut_params->ibuf, data_pad_len);
-	sym_op->auth.digest.length = auth_tag_len;
 	if (op == RTE_CRYPTO_AUTH_OP_GENERATE)
 		memset(sym_op->auth.digest.data, 0, auth_tag_len);
 	else
@@ -2167,7 +2163,7 @@ create_wireless_cipher_hash_operation(const struct wireless_test_data *tdata,
 
 	TEST_HEXDUMP(stdout, "digest:",
 		sym_op->auth.digest.data,
-		sym_op->auth.digest.length);
+		auth_tag_len);
 
 	/* Copy cipher and auth IVs at the end of the crypto operation */
 	uint8_t *iv_ptr = rte_crypto_op_ctod_offset(ut_params->op, uint8_t *,
@@ -2227,7 +2223,6 @@ create_wireless_algo_cipher_hash_operation(const uint8_t *auth_tag,
 	ut_params->digest = sym_op->auth.digest.data;
 	sym_op->auth.digest.phys_addr = rte_pktmbuf_mtophys_offset(
 			ut_params->ibuf, data_pad_len);
-	sym_op->auth.digest.length = auth_tag_len;
 	if (op == RTE_CRYPTO_AUTH_OP_GENERATE)
 		memset(sym_op->auth.digest.data, 0, auth_tag_len);
 	else
@@ -2235,7 +2230,7 @@ create_wireless_algo_cipher_hash_operation(const uint8_t *auth_tag,
 
 	TEST_HEXDUMP(stdout, "digest:",
 		sym_op->auth.digest.data,
-		sym_op->auth.digest.length);
+		auth_tag_len);
 
 	/* Copy cipher and auth IVs at the end of the crypto operation */
 	uint8_t *iv_ptr = rte_crypto_op_ctod_offset(ut_params->op, uint8_t *,
@@ -2286,13 +2281,12 @@ create_wireless_algo_auth_cipher_operation(unsigned int auth_tag_len,
 
 	sym_op->auth.digest.phys_addr = rte_pktmbuf_mtophys_offset(
 			ut_params->ibuf, data_pad_len);
-	sym_op->auth.digest.length = auth_tag_len;
 
 	memset(sym_op->auth.digest.data, 0, auth_tag_len);
 
 	TEST_HEXDUMP(stdout, "digest:",
 			sym_op->auth.digest.data,
-			sym_op->auth.digest.length);
+			auth_tag_len);
 
 	/* Copy cipher and auth IVs at the end of the crypto operation */
 	uint8_t *iv_ptr = rte_crypto_op_ctod_offset(ut_params->op, uint8_t *,
@@ -4825,7 +4819,6 @@ create_gcm_operation(enum rte_crypto_cipher_operation op,
 						ut_params->ibuf,
 						plaintext_pad_len +
 						aad_pad_len);
-		sym_op->auth.digest.length = tdata->auth_tag.len;
 	} else {
 		sym_op->auth.digest.data = (uint8_t *)rte_pktmbuf_append(
 				ut_params->ibuf, tdata->auth_tag.len);
@@ -4834,13 +4827,12 @@ create_gcm_operation(enum rte_crypto_cipher_operation op,
 		sym_op->auth.digest.phys_addr = rte_pktmbuf_mtophys_offset(
 				ut_params->ibuf,
 				plaintext_pad_len + aad_pad_len);
-		sym_op->auth.digest.length = tdata->auth_tag.len;
 
 		rte_memcpy(sym_op->auth.digest.data, tdata->auth_tag.data,
 			tdata->auth_tag.len);
 		TEST_HEXDUMP(stdout, "digest:",
 			sym_op->auth.digest.data,
-			sym_op->auth.digest.length);
+			tdata->auth_tag.len);
 	}
 
 	sym_op->cipher.data.length = tdata->plaintext.len;
@@ -5615,7 +5607,6 @@ static int MD5_HMAC_create_op(struct crypto_unittest_params *ut_params,
 			"no room to append digest");
 	sym_op->auth.digest.phys_addr = rte_pktmbuf_mtophys_offset(
 			ut_params->ibuf, plaintext_pad_len);
-	sym_op->auth.digest.length = MD5_DIGEST_LEN;
 
 	if (ut_params->auth_xform.auth.op == RTE_CRYPTO_AUTH_OP_VERIFY) {
 		rte_memcpy(sym_op->auth.digest.data, test_case->auth_tag.data,
@@ -6326,14 +6317,13 @@ create_gmac_operation(enum rte_crypto_auth_operation op,
 
 	sym_op->auth.digest.phys_addr = rte_pktmbuf_mtophys_offset(
 			ut_params->ibuf, aad_pad_len);
-	sym_op->auth.digest.length = tdata->gmac_tag.len;
 
 	if (op == RTE_CRYPTO_AUTH_OP_VERIFY) {
 		rte_memcpy(sym_op->auth.digest.data, tdata->gmac_tag.data,
 				tdata->gmac_tag.len);
 		TEST_HEXDUMP(stdout, "digest:",
 				sym_op->auth.digest.data,
-				sym_op->auth.digest.length);
+				tdata->gmac_tag.len);
 	}
 
 	uint8_t *iv_ptr = rte_crypto_op_ctod_offset(ut_params->op,
@@ -6811,7 +6801,6 @@ create_auth_operation(struct crypto_testsuite_params *ts_params,
 
 	sym_op->auth.digest.phys_addr = rte_pktmbuf_mtophys_offset(
 			ut_params->ibuf, reference->plaintext.len);
-	sym_op->auth.digest.length = reference->digest.len;
 
 	if (auth_generate)
 		memset(sym_op->auth.digest.data, 0, reference->digest.len);
@@ -6822,7 +6811,7 @@ create_auth_operation(struct crypto_testsuite_params *ts_params,
 
 	TEST_HEXDUMP(stdout, "digest:",
 			sym_op->auth.digest.data,
-			sym_op->auth.digest.length);
+			reference->digest.len);
 
 	sym_op->auth.data.length = reference->plaintext.len;
 	sym_op->auth.data.offset = 0;
@@ -6869,7 +6858,6 @@ create_auth_GMAC_operation(struct crypto_testsuite_params *ts_params,
 
 	sym_op->auth.digest.phys_addr = rte_pktmbuf_mtophys_offset(
 			ut_params->ibuf, reference->ciphertext.len);
-	sym_op->auth.digest.length = reference->digest.len;
 
 	if (auth_generate)
 		memset(sym_op->auth.digest.data, 0, reference->digest.len);
@@ -6880,7 +6868,7 @@ create_auth_GMAC_operation(struct crypto_testsuite_params *ts_params,
 
 	TEST_HEXDUMP(stdout, "digest:",
 			sym_op->auth.digest.data,
-			sym_op->auth.digest.length);
+			reference->digest.len);
 
 	rte_memcpy(rte_crypto_op_ctod_offset(ut_params->op, uint8_t *, IV_OFFSET),
 			reference->iv.data, reference->iv.len);
@@ -6923,7 +6911,6 @@ create_cipher_auth_operation(struct crypto_testsuite_params *ts_params,
 
 	sym_op->auth.digest.phys_addr = rte_pktmbuf_mtophys_offset(
 			ut_params->ibuf, reference->ciphertext.len);
-	sym_op->auth.digest.length = reference->digest.len;
 
 	if (auth_generate)
 		memset(sym_op->auth.digest.data, 0, reference->digest.len);
@@ -6934,7 +6921,7 @@ create_cipher_auth_operation(struct crypto_testsuite_params *ts_params,
 
 	TEST_HEXDUMP(stdout, "digest:",
 			sym_op->auth.digest.data,
-			sym_op->auth.digest.length);
+			reference->digest.len);
 
 	rte_memcpy(rte_crypto_op_ctod_offset(ut_params->op, uint8_t *, IV_OFFSET),
 			reference->iv.data, reference->iv.len);
@@ -7171,14 +7158,13 @@ create_gcm_operation_SGL(enum rte_crypto_cipher_operation op,
 			"no room to append digest");
 
 	sym_op->auth.digest.phys_addr = digest_phys;
-	sym_op->auth.digest.length = auth_tag_len;
 
 	if (op == RTE_CRYPTO_CIPHER_OP_DECRYPT) {
 		rte_memcpy(sym_op->auth.digest.data, tdata->auth_tag.data,
 				auth_tag_len);
 		TEST_HEXDUMP(stdout, "digest:",
 				sym_op->auth.digest.data,
-				sym_op->auth.digest.length);
+				auth_tag_len);
 	}
 
 	uint8_t *iv_ptr = rte_crypto_op_ctod_offset(ut_params->op,
diff --git a/test/test/test_cryptodev_blockcipher.c b/test/test/test_cryptodev_blockcipher.c
index c69e83e..6c1f1ec 100644
--- a/test/test/test_cryptodev_blockcipher.c
+++ b/test/test/test_cryptodev_blockcipher.c
@@ -324,7 +324,6 @@ test_blockcipher_one_case(const struct blockcipher_test_case *t,
 
 		sym_op->auth.data.offset = 0;
 		sym_op->auth.data.length = tdata->ciphertext.len;
-		sym_op->auth.digest.length = digest_len;
 	}
 
 	/* create session for sessioned op */
@@ -480,7 +479,7 @@ test_blockcipher_one_case(const struct blockcipher_test_case *t,
 						sym_op->auth.data.offset;
 			changed_len = sym_op->auth.data.length;
 			if (t->op_mask & BLOCKCIPHER_TEST_OP_AUTH_GEN)
-				changed_len += sym_op->auth.digest.length;
+				changed_len += digest_len;
 		} else {
 			/* cipher-only */
 			head_unchanged_len = rte_pktmbuf_headroom(mbuf) +
@@ -522,7 +521,7 @@ test_blockcipher_one_case(const struct blockcipher_test_case *t,
 		}
 
 		if (t->op_mask & BLOCKCIPHER_TEST_OP_AUTH_GEN)
-			changed_len += sym_op->auth.digest.length;
+			changed_len += digest_len;
 
 		if (t->op_mask & BLOCKCIPHER_TEST_OP_AUTH_VERIFY) {
 			/* white-box test: PMDs use some of the
diff --git a/test/test/test_cryptodev_perf.c b/test/test/test_cryptodev_perf.c
index 7239976..3bd9351 100644
--- a/test/test/test_cryptodev_perf.c
+++ b/test/test/test_cryptodev_perf.c
@@ -168,20 +168,19 @@ static struct rte_mbuf *
 test_perf_create_pktmbuf(struct rte_mempool *mpool, unsigned buf_sz);
 static inline struct rte_crypto_op *
 test_perf_set_crypto_op_snow3g(struct rte_crypto_op *op, struct rte_mbuf *m,
-		struct rte_cryptodev_sym_session *sess, unsigned data_len,
-		unsigned digest_len);
+		struct rte_cryptodev_sym_session *sess, unsigned int data_len);
 static inline struct rte_crypto_op *
 test_perf_set_crypto_op_aes(struct rte_crypto_op *op, struct rte_mbuf *m,
 		struct rte_cryptodev_sym_session *sess, unsigned int data_len,
-		unsigned int digest_len, enum chain_mode chain);
+		enum chain_mode chain);
 static inline struct rte_crypto_op *
 test_perf_set_crypto_op_aes_gcm(struct rte_crypto_op *op, struct rte_mbuf *m,
 		struct rte_cryptodev_sym_session *sess, unsigned int data_len,
-		unsigned int digest_len, enum chain_mode chain __rte_unused);
+		enum chain_mode chain __rte_unused);
 static inline struct rte_crypto_op *
 test_perf_set_crypto_op_3des(struct rte_crypto_op *op, struct rte_mbuf *m,
 		struct rte_cryptodev_sym_session *sess, unsigned int data_len,
-		unsigned int digest_len, enum chain_mode chain __rte_unused);
+		enum chain_mode chain __rte_unused);
 static uint32_t get_auth_digest_length(enum rte_crypto_auth_algorithm algo);
 
 
@@ -1979,7 +1978,6 @@ test_perf_crypto_qp_vary_burst_size(uint16_t dev_num)
 		op->sym->auth.digest.data = ut_params->digest;
 		op->sym->auth.digest.phys_addr = rte_pktmbuf_mtophys_offset(m,
 				data_params[0].length);
-		op->sym->auth.digest.length = DIGEST_BYTE_LENGTH_SHA256;
 
 		op->sym->auth.data.offset = 0;
 		op->sym->auth.data.length = data_params[0].length;
@@ -2102,8 +2100,7 @@ test_perf_snow3G_optimise_cyclecount(struct perf_test_params *pparams)
 						RTE_CRYPTO_OP_TYPE_SYMMETRIC);
 		TEST_ASSERT_NOT_NULL(op, "Failed to allocate op");
 
-		op = test_perf_set_crypto_op_snow3g(op, m, sess, pparams->buf_size,
-					get_auth_digest_length(pparams->auth_algo));
+		op = test_perf_set_crypto_op_snow3g(op, m, sess, pparams->buf_size);
 		TEST_ASSERT_NOT_NULL(op, "Failed to attach op to session");
 
 		c_ops[i] = op;
@@ -2252,11 +2249,9 @@ test_perf_openssl_optimise_cyclecount(struct perf_test_params *pparams)
 	static struct rte_crypto_op *(*test_perf_set_crypto_op)
 			(struct rte_crypto_op *, struct rte_mbuf *,
 					struct rte_cryptodev_sym_session *,
-					unsigned int, unsigned int,
+					unsigned int,
 					enum chain_mode);
 
-	unsigned int digest_length = get_auth_digest_length(pparams->auth_algo);
-
 	if (rte_cryptodev_count() == 0) {
 		printf("\nNo crypto devices found. Is PMD build configured?\n");
 		return TEST_FAILED;
@@ -2298,7 +2293,7 @@ test_perf_openssl_optimise_cyclecount(struct perf_test_params *pparams)
 		}
 
 		op = test_perf_set_crypto_op(op, m, sess, pparams->buf_size,
-				digest_length, pparams->chain);
+				pparams->chain);
 		TEST_ASSERT_NOT_NULL(op, "Failed to attach op to session");
 
 		c_ops[i] = op;
@@ -2407,8 +2402,6 @@ test_perf_armv8_optimise_cyclecount(struct perf_test_params *pparams)
 
 	static struct rte_cryptodev_sym_session *sess;
 
-	unsigned int digest_length = get_auth_digest_length(pparams->auth_algo);
-
 	if (rte_cryptodev_count() == 0) {
 		printf("\nNo crypto devices found. Is PMD build configured?\n");
 		return TEST_FAILED;
@@ -2433,7 +2426,7 @@ test_perf_armv8_optimise_cyclecount(struct perf_test_params *pparams)
 		TEST_ASSERT_NOT_NULL(op, "Failed to allocate op");
 
 		op = test_perf_set_crypto_op_aes(op, m, sess, pparams->buf_size,
-				digest_length, pparams->chain);
+				pparams->chain);
 		TEST_ASSERT_NOT_NULL(op, "Failed to attach op to session");
 
 		c_ops[i] = op;
@@ -2875,7 +2868,7 @@ test_perf_create_pktmbuf(struct rte_mempool *mpool, unsigned buf_sz)
 static inline struct rte_crypto_op *
 test_perf_set_crypto_op_aes(struct rte_crypto_op *op, struct rte_mbuf *m,
 		struct rte_cryptodev_sym_session *sess, unsigned int data_len,
-		unsigned int digest_len, enum chain_mode chain)
+		enum chain_mode chain)
 {
 	if (rte_crypto_op_attach_sym_session(op, sess) != 0) {
 		rte_crypto_op_free(op);
@@ -2886,7 +2879,6 @@ test_perf_set_crypto_op_aes(struct rte_crypto_op *op, struct rte_mbuf *m,
 	if (chain == CIPHER_ONLY) {
 		op->sym->auth.digest.data = NULL;
 		op->sym->auth.digest.phys_addr = 0;
-		op->sym->auth.digest.length = 0;
 		op->sym->auth.aad.data = NULL;
 		op->sym->auth.data.offset = 0;
 		op->sym->auth.data.length = 0;
@@ -2895,7 +2887,6 @@ test_perf_set_crypto_op_aes(struct rte_crypto_op *op, struct rte_mbuf *m,
 				 uint8_t *, data_len);
 		op->sym->auth.digest.phys_addr = rte_pktmbuf_mtophys_offset(m,
 				data_len);
-		op->sym->auth.digest.length = digest_len;
 		op->sym->auth.data.offset = 0;
 		op->sym->auth.data.length = data_len;
 	}
@@ -2917,7 +2908,7 @@ test_perf_set_crypto_op_aes(struct rte_crypto_op *op, struct rte_mbuf *m,
 static inline struct rte_crypto_op *
 test_perf_set_crypto_op_aes_gcm(struct rte_crypto_op *op, struct rte_mbuf *m,
 		struct rte_cryptodev_sym_session *sess, unsigned int data_len,
-		unsigned int digest_len, enum chain_mode chain __rte_unused)
+		enum chain_mode chain __rte_unused)
 {
 	if (rte_crypto_op_attach_sym_session(op, sess) != 0) {
 		rte_crypto_op_free(op);
@@ -2929,7 +2920,6 @@ test_perf_set_crypto_op_aes_gcm(struct rte_crypto_op *op, struct rte_mbuf *m,
 					(m->data_off + data_len);
 	op->sym->auth.digest.phys_addr =
 				rte_pktmbuf_mtophys_offset(m, data_len);
-	op->sym->auth.digest.length = digest_len;
 	op->sym->auth.aad.data = aes_gcm_aad;
 
 	/* Copy IV at the end of the crypto operation */
@@ -2950,8 +2940,7 @@ test_perf_set_crypto_op_aes_gcm(struct rte_crypto_op *op, struct rte_mbuf *m,
 
 static inline struct rte_crypto_op *
 test_perf_set_crypto_op_snow3g(struct rte_crypto_op *op, struct rte_mbuf *m,
-		struct rte_cryptodev_sym_session *sess, unsigned data_len,
-		unsigned digest_len)
+		struct rte_cryptodev_sym_session *sess, unsigned int data_len)
 {
 	uint8_t *iv_ptr = rte_crypto_op_ctod_offset(op,
 			uint8_t *, IV_OFFSET);
@@ -2968,7 +2957,6 @@ test_perf_set_crypto_op_snow3g(struct rte_crypto_op *op, struct rte_mbuf *m,
 						(m->data_off + data_len);
 	op->sym->auth.digest.phys_addr =
 				rte_pktmbuf_mtophys_offset(m, data_len);
-	op->sym->auth.digest.length = digest_len;
 
 	/* Data lengths/offsets Parameters */
 	op->sym->auth.data.offset = 0;
@@ -3015,8 +3003,7 @@ static inline struct rte_crypto_op *
 test_perf_set_crypto_op_snow3g_hash(struct rte_crypto_op *op,
 		struct rte_mbuf *m,
 		struct rte_cryptodev_sym_session *sess,
-		unsigned data_len,
-		unsigned digest_len)
+		unsigned int data_len)
 {
 	uint8_t *iv_ptr = rte_crypto_op_ctod_offset(op,
 			uint8_t *, IV_OFFSET);
@@ -3036,7 +3023,6 @@ test_perf_set_crypto_op_snow3g_hash(struct rte_crypto_op *op,
 	op->sym->auth.digest.phys_addr =
 				rte_pktmbuf_mtophys_offset(m, data_len +
 					SNOW3G_CIPHER_IV_LENGTH);
-	op->sym->auth.digest.length = digest_len;
 
 	/* Data lengths/offsets Parameters */
 	op->sym->auth.data.offset = 0;
@@ -3051,7 +3037,7 @@ test_perf_set_crypto_op_snow3g_hash(struct rte_crypto_op *op,
 static inline struct rte_crypto_op *
 test_perf_set_crypto_op_3des(struct rte_crypto_op *op, struct rte_mbuf *m,
 		struct rte_cryptodev_sym_session *sess, unsigned int data_len,
-		unsigned int digest_len, enum chain_mode chain __rte_unused)
+		enum chain_mode chain __rte_unused)
 {
 	if (rte_crypto_op_attach_sym_session(op, sess) != 0) {
 		rte_crypto_op_free(op);
@@ -3063,7 +3049,6 @@ test_perf_set_crypto_op_3des(struct rte_crypto_op *op, struct rte_mbuf *m,
 					(m->data_off + data_len);
 	op->sym->auth.digest.phys_addr =
 				rte_pktmbuf_mtophys_offset(m, data_len);
-	op->sym->auth.digest.length = digest_len;
 
 	/* Copy IV at the end of the crypto operation */
 	rte_memcpy(rte_crypto_op_ctod_offset(op, uint8_t *, IV_OFFSET),
@@ -3156,7 +3141,7 @@ test_perf_aes_sha(uint8_t dev_id, uint16_t queue_id,
 				ops[i] = test_perf_set_crypto_op_aes(ops[i],
 					mbufs[i + (pparams->burst_size *
 						(j % NUM_MBUF_SETS))],
-					sess, pparams->buf_size, digest_length,
+					sess, pparams->buf_size,
 					pparams->chain);
 
 			/* enqueue burst */
@@ -3298,7 +3283,7 @@ test_perf_snow3g(uint8_t dev_id, uint16_t queue_id,
 					mbufs[i +
 					  (pparams->burst_size * (j % NUM_MBUF_SETS))],
 					sess,
-					pparams->buf_size, digest_length);
+					pparams->buf_size);
 				else if (pparams->chain == CIPHER_ONLY)
 					ops[i+op_offset] =
 					test_perf_set_crypto_op_snow3g_cipher(ops[i+op_offset],
@@ -3394,8 +3379,6 @@ test_perf_openssl(uint8_t dev_id, uint16_t queue_id,
 	uint64_t processed = 0, failed_polls = 0, retries = 0;
 	uint64_t tsc_start = 0, tsc_end = 0;
 
-	unsigned int digest_length = get_auth_digest_length(pparams->auth_algo);
-
 	struct rte_crypto_op *ops[pparams->burst_size];
 	struct rte_crypto_op *proc_ops[pparams->burst_size];
 
@@ -3408,7 +3391,7 @@ test_perf_openssl(uint8_t dev_id, uint16_t queue_id,
 	static struct rte_crypto_op *(*test_perf_set_crypto_op)
 			(struct rte_crypto_op *, struct rte_mbuf *,
 					struct rte_cryptodev_sym_session *,
-					unsigned int, unsigned int,
+					unsigned int,
 					enum chain_mode);
 
 	switch (pparams->cipher_algo) {
@@ -3470,7 +3453,7 @@ test_perf_openssl(uint8_t dev_id, uint16_t queue_id,
 				ops[i] = test_perf_set_crypto_op(ops[i],
 					mbufs[i + (pparams->burst_size *
 						(j % NUM_MBUF_SETS))],
-					sess, pparams->buf_size, digest_length,
+					sess, pparams->buf_size,
 					pparams->chain);
 
 			/* enqueue burst */
@@ -3548,8 +3531,6 @@ test_perf_armv8(uint8_t dev_id, uint16_t queue_id,
 	uint64_t processed = 0, failed_polls = 0, retries = 0;
 	uint64_t tsc_start = 0, tsc_end = 0;
 
-	unsigned int digest_length = get_auth_digest_length(pparams->auth_algo);
-
 	struct rte_crypto_op *ops[pparams->burst_size];
 	struct rte_crypto_op *proc_ops[pparams->burst_size];
 
@@ -3604,7 +3585,7 @@ test_perf_armv8(uint8_t dev_id, uint16_t queue_id,
 				ops[i] = test_perf_set_crypto_op_aes(ops[i],
 					mbufs[i + (pparams->burst_size *
 						(j % NUM_MBUF_SETS))], sess,
-					pparams->buf_size, digest_length,
+					pparams->buf_size,
 					pparams->chain);
 
 			/* enqueue burst */
@@ -4179,7 +4160,6 @@ perf_gcm_set_crypto_op(struct rte_crypto_op *op, struct rte_mbuf *m,
 					  params->session_attrs->aad_len +
 					  params->symmetric_op->p_len);
 
-	op->sym->auth.digest.length = params->symmetric_op->t_len;
 
 	op->sym->auth.aad.data = m_hlp->aad;
 	op->sym->auth.aad.phys_addr = rte_pktmbuf_mtophys(m);
-- 
2.9.4

^ permalink raw reply	[flat|nested] 100+ messages in thread

* [dpdk-dev] [PATCH v2 19/27] cryptodev: set AES-GMAC as auth-only algo
  2017-06-26 10:22 ` [dpdk-dev] [PATCH v2 00/27] Crypto operation restructuring Pablo de Lara
                     ` (17 preceding siblings ...)
  2017-06-26 10:22   ` [dpdk-dev] [PATCH v2 18/27] cryptodev: remove digest " Pablo de Lara
@ 2017-06-26 10:22   ` Pablo de Lara
  2017-06-26 10:22   ` [dpdk-dev] [PATCH v2 20/27] cryptodev: add AEAD specific data Pablo de Lara
                     ` (9 subsequent siblings)
  28 siblings, 0 replies; 100+ messages in thread
From: Pablo de Lara @ 2017-06-26 10:22 UTC (permalink / raw)
  To: declan.doherty, zbigniew.bodek, jerin.jacob, akhil.goyal, hemant.agrawal
  Cc: dev, Pablo de Lara

AES-GMAC is an authentication algorithm, based on AES-GCM
without encryption. To simplify its usage, now it can be used
setting the authentication parameters, without requiring
to concatenate a ciphering transform.

Therefore, it is not required to set AAD, but authentication
data length and offset, giving the user the option
to have Scatter-Gather List in the input buffer,
as long as the driver supports it.

Signed-off-by: Pablo de Lara <pablo.de.lara.guarch@intel.com>
---
 app/test-crypto-perf/cperf_options_parsing.c     |   3 +-
 app/test-crypto-perf/cperf_test_vectors.c        |   5 -
 drivers/crypto/aesni_gcm/aesni_gcm_pmd.c         | 169 ++++++++++++++++-------
 drivers/crypto/aesni_gcm/aesni_gcm_pmd_ops.c     |  12 +-
 drivers/crypto/aesni_gcm/aesni_gcm_pmd_private.h |   4 +-
 drivers/crypto/openssl/rte_openssl_pmd.c         |  52 +++++--
 drivers/crypto/openssl/rte_openssl_pmd_ops.c     |   9 +-
 drivers/crypto/qat/qat_crypto.c                  | 151 ++++++++++++++------
 drivers/crypto/qat/qat_crypto_capabilities.h     |  11 +-
 lib/librte_cryptodev/rte_crypto_sym.h            |  39 +-----
 test/test/test_cryptodev.c                       | 159 ++++++++++-----------
 test/test/test_cryptodev_gcm_test_vectors.h      |  29 +---
 12 files changed, 374 insertions(+), 269 deletions(-)

diff --git a/app/test-crypto-perf/cperf_options_parsing.c b/app/test-crypto-perf/cperf_options_parsing.c
index 70b6a60..5c2dcff 100644
--- a/app/test-crypto-perf/cperf_options_parsing.c
+++ b/app/test-crypto-perf/cperf_options_parsing.c
@@ -820,8 +820,7 @@ cperf_options_check(struct cperf_options *options)
 	if (options->cipher_algo == RTE_CRYPTO_CIPHER_AES_GCM ||
 			options->cipher_algo == RTE_CRYPTO_CIPHER_AES_CCM ||
 			options->auth_algo == RTE_CRYPTO_AUTH_AES_GCM ||
-			options->auth_algo == RTE_CRYPTO_AUTH_AES_CCM ||
-			options->auth_algo == RTE_CRYPTO_AUTH_AES_GMAC) {
+			options->auth_algo == RTE_CRYPTO_AUTH_AES_CCM) {
 		if (options->op_type != CPERF_AEAD) {
 			RTE_LOG(ERR, USER1, "Use --optype aead\n");
 			return -EINVAL;
diff --git a/app/test-crypto-perf/cperf_test_vectors.c b/app/test-crypto-perf/cperf_test_vectors.c
index b67d0f4..2e5339c 100644
--- a/app/test-crypto-perf/cperf_test_vectors.c
+++ b/app/test-crypto-perf/cperf_test_vectors.c
@@ -456,11 +456,6 @@ cperf_test_vector_get_dummy(struct cperf_options *options)
 			t_vec->auth_key.data = NULL;
 			aad_alloc = 1;
 			break;
-		case RTE_CRYPTO_AUTH_AES_GMAC:
-			/* auth key should be the same as cipher key */
-			t_vec->auth_key.data = cipher_key;
-			aad_alloc = 1;
-			break;
 		default:
 			t_vec->auth_key.data = auth_key;
 			aad_alloc = 0;
diff --git a/drivers/crypto/aesni_gcm/aesni_gcm_pmd.c b/drivers/crypto/aesni_gcm/aesni_gcm_pmd.c
index cf115d3..11ab2f6 100644
--- a/drivers/crypto/aesni_gcm/aesni_gcm_pmd.c
+++ b/drivers/crypto/aesni_gcm/aesni_gcm_pmd.c
@@ -79,35 +79,74 @@ aesni_gcm_set_session_parameters(struct aesni_gcm_session *sess,
 	const struct rte_crypto_sym_xform *auth_xform;
 	const struct rte_crypto_sym_xform *cipher_xform;
 	uint16_t digest_length;
+	uint8_t key_length;
+	uint8_t *key;
 
-	if (xform->next == NULL || xform->next->next != NULL) {
-		GCM_LOG_ERR("Two and only two chained xform required");
-		return -EINVAL;
-	}
-
-	if (xform->type == RTE_CRYPTO_SYM_XFORM_CIPHER &&
-			xform->next->type == RTE_CRYPTO_SYM_XFORM_AUTH) {
-		auth_xform = xform->next;
-		cipher_xform = xform;
-	} else if (xform->type == RTE_CRYPTO_SYM_XFORM_AUTH &&
-			xform->next->type == RTE_CRYPTO_SYM_XFORM_CIPHER) {
+	/* AES-GMAC */
+	if (xform->next == NULL) {
 		auth_xform = xform;
-		cipher_xform = xform->next;
+		if (auth_xform->auth.algo != RTE_CRYPTO_AUTH_AES_GMAC) {
+			GCM_LOG_ERR("Only AES GMAC is supported as an "
+					"authentication only algorithm");
+			return -EINVAL;
+		}
+		/* Set IV parameters */
+		sess->iv.offset = auth_xform->auth.iv.offset;
+		sess->iv.length = auth_xform->auth.iv.length;
+
+		/* Select Crypto operation */
+		if (auth_xform->auth.op == RTE_CRYPTO_AUTH_OP_GENERATE)
+			sess->op = AESNI_GMAC_OP_GENERATE;
+		else
+			sess->op = AESNI_GMAC_OP_VERIFY;
+
+		key_length = auth_xform->auth.key.length;
+		key = auth_xform->auth.key.data;
+	/* AES-GCM */
 	} else {
-		GCM_LOG_ERR("Cipher and auth xform required");
-		return -EINVAL;
-	}
+		if (xform->type == RTE_CRYPTO_SYM_XFORM_CIPHER &&
+				xform->next->type == RTE_CRYPTO_SYM_XFORM_AUTH) {
+			auth_xform = xform->next;
+			cipher_xform = xform;
+		} else if (xform->type == RTE_CRYPTO_SYM_XFORM_AUTH &&
+				xform->next->type == RTE_CRYPTO_SYM_XFORM_CIPHER) {
+			auth_xform = xform;
+			cipher_xform = xform->next;
+		} else {
+			GCM_LOG_ERR("Cipher and auth xform required "
+					"when using AES GCM");
+			return -EINVAL;
+		}
 
-	if (!(cipher_xform->cipher.algo == RTE_CRYPTO_CIPHER_AES_GCM &&
-		(auth_xform->auth.algo == RTE_CRYPTO_AUTH_AES_GCM ||
-			auth_xform->auth.algo == RTE_CRYPTO_AUTH_AES_GMAC))) {
-		GCM_LOG_ERR("We only support AES GCM and AES GMAC");
-		return -EINVAL;
-	}
+		if (!(cipher_xform->cipher.algo == RTE_CRYPTO_CIPHER_AES_GCM &&
+				(auth_xform->auth.algo == RTE_CRYPTO_AUTH_AES_GCM))) {
+			GCM_LOG_ERR("The only combined operation "
+						"supported is AES GCM");
+			return -EINVAL;
+		}
 
-	/* Set IV parameters */
-	sess->iv.offset = cipher_xform->cipher.iv.offset;
-	sess->iv.length = cipher_xform->cipher.iv.length;
+		/* Set IV parameters */
+		sess->iv.offset = cipher_xform->cipher.iv.offset;
+		sess->iv.length = cipher_xform->cipher.iv.length;
+
+		/* Select Crypto operation */
+		if (cipher_xform->cipher.op == RTE_CRYPTO_CIPHER_OP_ENCRYPT &&
+				auth_xform->auth.op == RTE_CRYPTO_AUTH_OP_GENERATE)
+			sess->op = AESNI_GCM_OP_AUTHENTICATED_ENCRYPTION;
+		else if (cipher_xform->cipher.op == RTE_CRYPTO_CIPHER_OP_DECRYPT &&
+				auth_xform->auth.op == RTE_CRYPTO_AUTH_OP_VERIFY)
+			sess->op = AESNI_GCM_OP_AUTHENTICATED_DECRYPTION;
+		else {
+			GCM_LOG_ERR("Cipher/Auth operations: Encrypt/Generate or"
+					" Decrypt/Verify are valid only");
+			return -EINVAL;
+		}
+
+		key_length = cipher_xform->auth.key.length;
+		key = cipher_xform->auth.key.data;
+
+		sess->aad_length = auth_xform->auth.add_auth_data_length;
+	}
 
 	/* IV check */
 	if (sess->iv.length != 16 && sess->iv.length != 12 &&
@@ -116,39 +155,25 @@ aesni_gcm_set_session_parameters(struct aesni_gcm_session *sess,
 		return -EINVAL;
 	}
 
-	/* Select Crypto operation */
-	if (cipher_xform->cipher.op == RTE_CRYPTO_CIPHER_OP_ENCRYPT &&
-			auth_xform->auth.op == RTE_CRYPTO_AUTH_OP_GENERATE)
-		sess->op = AESNI_GCM_OP_AUTHENTICATED_ENCRYPTION;
-	else if (cipher_xform->cipher.op == RTE_CRYPTO_CIPHER_OP_DECRYPT &&
-			auth_xform->auth.op == RTE_CRYPTO_AUTH_OP_VERIFY)
-		sess->op = AESNI_GCM_OP_AUTHENTICATED_DECRYPTION;
-	else {
-		GCM_LOG_ERR("Cipher/Auth operations: Encrypt/Generate or"
-				" Decrypt/Verify are valid only");
-		return -EINVAL;
-	}
-
 	digest_length = auth_xform->auth.digest_length;
 
 	/* Check key length and calculate GCM pre-compute. */
-	switch (cipher_xform->cipher.key.length) {
+	switch (key_length) {
 	case 16:
-		aesni_gcm128_pre(cipher_xform->cipher.key.data, &sess->gdata);
+		aesni_gcm128_pre(key, &sess->gdata);
 		sess->key = AESNI_GCM_KEY_128;
 
 		break;
 	case 32:
-		aesni_gcm256_pre(cipher_xform->cipher.key.data, &sess->gdata);
+		aesni_gcm256_pre(key, &sess->gdata);
 		sess->key = AESNI_GCM_KEY_256;
 
 		break;
 	default:
-		GCM_LOG_ERR("Unsupported cipher key length");
+		GCM_LOG_ERR("Unsupported cipher/auth key length");
 		return -EINVAL;
 	}
 
-	sess->aad_length = auth_xform->auth.add_auth_data_length;
 	/* Digest check */
 	if (digest_length != 16 &&
 			digest_length != 12 &&
@@ -211,9 +236,20 @@ process_gcm_crypto_op(struct rte_crypto_op *op,
 	uint8_t *iv_ptr;
 	struct rte_crypto_sym_op *sym_op = op->sym;
 	struct rte_mbuf *m_src = sym_op->m_src;
-	uint32_t offset = sym_op->cipher.data.offset;
+	uint32_t offset, data_offset, data_length;
 	uint32_t part_len, total_len, data_len;
 
+	if (session->op == AESNI_GCM_OP_AUTHENTICATED_ENCRYPTION ||
+			session->op == AESNI_GCM_OP_AUTHENTICATED_DECRYPTION) {
+		offset = sym_op->cipher.data.offset;
+		data_offset = offset;
+		data_length = sym_op->cipher.data.length;
+	} else {
+		offset = sym_op->auth.data.offset;
+		data_offset = offset;
+		data_length = sym_op->auth.data.length;
+	}
+
 	RTE_ASSERT(m_src != NULL);
 
 	while (offset >= m_src->data_len) {
@@ -224,12 +260,12 @@ process_gcm_crypto_op(struct rte_crypto_op *op,
 	}
 
 	data_len = m_src->data_len - offset;
-	part_len = (data_len < sym_op->cipher.data.length) ? data_len :
-			sym_op->cipher.data.length;
+	part_len = (data_len < data_length) ? data_len :
+			data_length;
 
 	/* Destination buffer is required when segmented source buffer */
-	RTE_ASSERT((part_len == sym_op->cipher.data.length) ||
-			((part_len != sym_op->cipher.data.length) &&
+	RTE_ASSERT((part_len == data_length) ||
+			((part_len != data_length) &&
 					(sym_op->m_dst != NULL)));
 	/* Segmented destination buffer is not supported */
 	RTE_ASSERT((sym_op->m_dst == NULL) ||
@@ -239,9 +275,9 @@ process_gcm_crypto_op(struct rte_crypto_op *op,
 
 	dst = sym_op->m_dst ?
 			rte_pktmbuf_mtod_offset(sym_op->m_dst, uint8_t *,
-					sym_op->cipher.data.offset) :
+					data_offset) :
 			rte_pktmbuf_mtod_offset(sym_op->m_src, uint8_t *,
-					sym_op->cipher.data.offset);
+					data_offset);
 
 	src = rte_pktmbuf_mtod_offset(m_src, uint8_t *, offset);
 
@@ -265,7 +301,7 @@ process_gcm_crypto_op(struct rte_crypto_op *op,
 
 		aesni_gcm_enc[session->key].update(&session->gdata, dst, src,
 				(uint64_t)part_len);
-		total_len = sym_op->cipher.data.length - part_len;
+		total_len = data_length - part_len;
 
 		while (total_len) {
 			dst += part_len;
@@ -286,7 +322,7 @@ process_gcm_crypto_op(struct rte_crypto_op *op,
 		aesni_gcm_enc[session->key].finalize(&session->gdata,
 				sym_op->auth.digest.data,
 				(uint64_t)session->digest_length);
-	} else { /* session->op == AESNI_GCM_OP_AUTHENTICATED_DECRYPTION */
+	} else if (session->op == AESNI_GCM_OP_AUTHENTICATED_DECRYPTION) {
 		uint8_t *auth_tag = (uint8_t *)rte_pktmbuf_append(sym_op->m_dst ?
 				sym_op->m_dst : sym_op->m_src,
 				session->digest_length);
@@ -303,7 +339,7 @@ process_gcm_crypto_op(struct rte_crypto_op *op,
 
 		aesni_gcm_dec[session->key].update(&session->gdata, dst, src,
 				(uint64_t)part_len);
-		total_len = sym_op->cipher.data.length - part_len;
+		total_len = data_length - part_len;
 
 		while (total_len) {
 			dst += part_len;
@@ -324,6 +360,32 @@ process_gcm_crypto_op(struct rte_crypto_op *op,
 		aesni_gcm_dec[session->key].finalize(&session->gdata,
 				auth_tag,
 				(uint64_t)session->digest_length);
+	} else if (session->op == AESNI_GMAC_OP_GENERATE) {
+		aesni_gcm_enc[session->key].init(&session->gdata,
+				iv_ptr,
+				src,
+				(uint64_t)data_length);
+		aesni_gcm_enc[session->key].finalize(&session->gdata,
+				sym_op->auth.digest.data,
+				(uint64_t)session->digest_length);
+	} else { /* AESNI_GMAC_OP_VERIFY */
+		uint8_t *auth_tag = (uint8_t *)rte_pktmbuf_append(sym_op->m_dst ?
+				sym_op->m_dst : sym_op->m_src,
+				session->digest_length);
+
+		if (!auth_tag) {
+			GCM_LOG_ERR("auth_tag");
+			return -1;
+		}
+
+		aesni_gcm_dec[session->key].init(&session->gdata,
+				iv_ptr,
+				src,
+				(uint64_t)data_length);
+
+		aesni_gcm_dec[session->key].finalize(&session->gdata,
+				auth_tag,
+				(uint64_t)session->digest_length);
 	}
 
 	return 0;
@@ -350,7 +412,8 @@ post_process_gcm_crypto_op(struct rte_crypto_op *op)
 	op->status = RTE_CRYPTO_OP_STATUS_SUCCESS;
 
 	/* Verify digest if required */
-	if (session->op == AESNI_GCM_OP_AUTHENTICATED_DECRYPTION) {
+	if (session->op == AESNI_GCM_OP_AUTHENTICATED_DECRYPTION ||
+			session->op == AESNI_GMAC_OP_VERIFY) {
 
 		uint8_t *tag = rte_pktmbuf_mtod_offset(m, uint8_t *,
 				m->data_len - session->digest_length);
diff --git a/drivers/crypto/aesni_gcm/aesni_gcm_pmd_ops.c b/drivers/crypto/aesni_gcm/aesni_gcm_pmd_ops.c
index 542e6c4..39285d0 100644
--- a/drivers/crypto/aesni_gcm/aesni_gcm_pmd_ops.c
+++ b/drivers/crypto/aesni_gcm/aesni_gcm_pmd_ops.c
@@ -56,12 +56,12 @@ static const struct rte_cryptodev_capabilities aesni_gcm_pmd_capabilities[] = {
 					.max = 16,
 					.increment = 4
 				},
-				.aad_size = {
-					.min = 0,
-					.max = 65535,
-					.increment = 1
-				},
-				.iv_size = { 0 }
+				.aad_size = { 0 },
+				.iv_size = {
+					.min = 12,
+					.max = 12,
+					.increment = 0
+				}
 			}, }
 		}, }
 	},
diff --git a/drivers/crypto/aesni_gcm/aesni_gcm_pmd_private.h b/drivers/crypto/aesni_gcm/aesni_gcm_pmd_private.h
index 05fabe6..9dea80d 100644
--- a/drivers/crypto/aesni_gcm/aesni_gcm_pmd_private.h
+++ b/drivers/crypto/aesni_gcm/aesni_gcm_pmd_private.h
@@ -80,7 +80,9 @@ struct aesni_gcm_qp {
 
 enum aesni_gcm_operation {
 	AESNI_GCM_OP_AUTHENTICATED_ENCRYPTION,
-	AESNI_GCM_OP_AUTHENTICATED_DECRYPTION
+	AESNI_GCM_OP_AUTHENTICATED_DECRYPTION,
+	AESNI_GMAC_OP_GENERATE,
+	AESNI_GMAC_OP_VERIFY
 };
 
 enum aesni_gcm_key {
diff --git a/drivers/crypto/openssl/rte_openssl_pmd.c b/drivers/crypto/openssl/rte_openssl_pmd.c
index 7b39691..32062a0 100644
--- a/drivers/crypto/openssl/rte_openssl_pmd.c
+++ b/drivers/crypto/openssl/rte_openssl_pmd.c
@@ -330,13 +330,41 @@ openssl_set_session_auth_parameters(struct openssl_session *sess,
 
 	/* Select auth algo */
 	switch (xform->auth.algo) {
-	case RTE_CRYPTO_AUTH_AES_GMAC:
 	case RTE_CRYPTO_AUTH_AES_GCM:
-		/* Check additional condition for AES_GMAC/GCM */
+		/* Check additional condition for AES_GCM */
 		if (sess->cipher.algo != RTE_CRYPTO_CIPHER_AES_GCM)
 			return -EINVAL;
 		sess->chain_order = OPENSSL_CHAIN_COMBINED;
 		break;
+	case RTE_CRYPTO_AUTH_AES_GMAC:
+		sess->chain_order = OPENSSL_CHAIN_COMBINED;
+
+		/* Set IV parameters */
+		sess->iv.offset = xform->auth.iv.offset;
+		sess->iv.length = xform->auth.iv.length;
+
+		/*
+		 * OpenSSL requires GMAC to be a GCM operation
+		 * with no cipher data length
+		 */
+		sess->cipher.mode = OPENSSL_CIPHER_LIB;
+		if (sess->auth.operation == RTE_CRYPTO_AUTH_OP_GENERATE)
+			sess->cipher.direction = RTE_CRYPTO_CIPHER_OP_ENCRYPT;
+		else
+			sess->cipher.direction = RTE_CRYPTO_CIPHER_OP_DECRYPT;
+
+		sess->cipher.key.length = xform->auth.key.length;
+		sess->cipher.ctx = EVP_CIPHER_CTX_new();
+
+		if (get_cipher_algo(RTE_CRYPTO_CIPHER_AES_GCM,
+				sess->cipher.key.length,
+				&sess->cipher.evp_algo) != 0)
+			return -EINVAL;
+
+		get_cipher_key(xform->auth.key.data, xform->auth.key.length,
+			sess->cipher.key.data);
+
+		break;
 
 	case RTE_CRYPTO_AUTH_MD5:
 	case RTE_CRYPTO_AUTH_SHA1:
@@ -923,6 +951,7 @@ process_openssl_combined_op
 	/* cipher */
 	uint8_t *dst = NULL, *iv, *tag, *aad;
 	int srclen, ivlen, aadlen, status = -1;
+	uint32_t offset;
 
 	/*
 	 * Segmented destination buffer is not supported for
@@ -936,32 +965,37 @@ process_openssl_combined_op
 	iv = rte_crypto_op_ctod_offset(op, uint8_t *,
 			sess->iv.offset);
 	ivlen = sess->iv.length;
-	aad = op->sym->auth.aad.data;
-	aadlen = sess->auth.aad_length;
-
 	tag = op->sym->auth.digest.data;
 	if (tag == NULL)
 		tag = rte_pktmbuf_mtod_offset(mbuf_dst, uint8_t *,
 				op->sym->cipher.data.offset +
 				op->sym->cipher.data.length);
 
-	if (sess->auth.algo == RTE_CRYPTO_AUTH_AES_GMAC)
+	if (sess->auth.algo == RTE_CRYPTO_AUTH_AES_GMAC) {
 		srclen = 0;
-	else {
+		offset = op->sym->auth.data.offset;
+		aadlen = op->sym->auth.data.length;
+		aad = rte_pktmbuf_mtod_offset(mbuf_src, uint8_t *,
+				op->sym->auth.data.offset);
+
+	} else {
 		srclen = op->sym->cipher.data.length;
 		dst = rte_pktmbuf_mtod_offset(mbuf_dst, uint8_t *,
 				op->sym->cipher.data.offset);
+		offset = op->sym->cipher.data.offset;
+		aad = op->sym->auth.aad.data;
+		aadlen = sess->auth.aad_length;
 	}
 
 	if (sess->cipher.direction == RTE_CRYPTO_CIPHER_OP_ENCRYPT)
 		status = process_openssl_auth_encryption_gcm(
-				mbuf_src, op->sym->cipher.data.offset, srclen,
+				mbuf_src, offset, srclen,
 				aad, aadlen, iv, ivlen, sess->cipher.key.data,
 				dst, tag, sess->cipher.ctx,
 				sess->cipher.evp_algo);
 	else
 		status = process_openssl_auth_decryption_gcm(
-				mbuf_src, op->sym->cipher.data.offset, srclen,
+				mbuf_src, offset, srclen,
 				aad, aadlen, iv, ivlen, sess->cipher.key.data,
 				dst, tag, sess->cipher.ctx,
 				sess->cipher.evp_algo);
diff --git a/drivers/crypto/openssl/rte_openssl_pmd_ops.c b/drivers/crypto/openssl/rte_openssl_pmd_ops.c
index 3026dbd..fc525d9 100644
--- a/drivers/crypto/openssl/rte_openssl_pmd_ops.c
+++ b/drivers/crypto/openssl/rte_openssl_pmd_ops.c
@@ -407,12 +407,11 @@ static const struct rte_cryptodev_capabilities openssl_pmd_capabilities[] = {
 					.max = 16,
 					.increment = 0
 				},
-				.aad_size = {
-					.min = 8,
-					.max = 65532,
+				.iv_size = {
+					.min = 12,
+					.max = 16,
 					.increment = 4
-				},
-				.iv_size = { 0 }
+				}
 			}, }
 		}, }
 	},
diff --git a/drivers/crypto/qat/qat_crypto.c b/drivers/crypto/qat/qat_crypto.c
index 6174f61..dfd778c 100644
--- a/drivers/crypto/qat/qat_crypto.c
+++ b/drivers/crypto/qat/qat_crypto.c
@@ -518,6 +518,8 @@ qat_crypto_sym_configure_session_auth(struct rte_cryptodev *dev,
 	struct rte_crypto_cipher_xform *cipher_xform = NULL;
 	struct qat_pmd_private *internals = dev->data->dev_private;
 	auth_xform = qat_get_auth_xform(xform);
+	uint8_t *key_data = auth_xform->key.data;
+	uint8_t key_length = auth_xform->key.length;
 
 	switch (auth_xform->algo) {
 	case RTE_CRYPTO_AUTH_SHA1_HMAC:
@@ -539,10 +541,22 @@ qat_crypto_sym_configure_session_auth(struct rte_cryptodev *dev,
 		session->qat_hash_alg = ICP_QAT_HW_AUTH_ALGO_AES_XCBC_MAC;
 		break;
 	case RTE_CRYPTO_AUTH_AES_GCM:
+		cipher_xform = qat_get_cipher_xform(xform);
+
 		session->qat_hash_alg = ICP_QAT_HW_AUTH_ALGO_GALOIS_128;
+
+		key_data = cipher_xform->key.data;
+		key_length = cipher_xform->key.length;
 		break;
 	case RTE_CRYPTO_AUTH_AES_GMAC:
+		if (qat_alg_validate_aes_key(auth_xform->key.length,
+				&session->qat_cipher_alg) != 0) {
+			PMD_DRV_LOG(ERR, "Invalid AES key size");
+			goto error_out;
+		}
+		session->qat_mode = ICP_QAT_HW_CIPHER_CTR_MODE;
 		session->qat_hash_alg = ICP_QAT_HW_AUTH_ALGO_GALOIS_128;
+
 		break;
 	case RTE_CRYPTO_AUTH_SNOW3G_UIA2:
 		session->qat_hash_alg = ICP_QAT_HW_AUTH_ALGO_SNOW_3G_UIA2;
@@ -582,30 +596,62 @@ qat_crypto_sym_configure_session_auth(struct rte_cryptodev *dev,
 				auth_xform->algo);
 		goto error_out;
 	}
-	cipher_xform = qat_get_cipher_xform(xform);
 
 	session->auth_iv.offset = auth_xform->iv.offset;
 	session->auth_iv.length = auth_xform->iv.length;
 
-	if ((session->qat_hash_alg == ICP_QAT_HW_AUTH_ALGO_GALOIS_128) ||
-			(session->qat_hash_alg ==
-				ICP_QAT_HW_AUTH_ALGO_GALOIS_64))  {
-		if (qat_alg_aead_session_create_content_desc_auth(session,
-				cipher_xform->key.data,
-				cipher_xform->key.length,
-				auth_xform->add_auth_data_length,
-				auth_xform->digest_length,
-				auth_xform->op))
-			goto error_out;
+	if (auth_xform->algo == RTE_CRYPTO_AUTH_AES_GMAC) {
+		if (auth_xform->op == RTE_CRYPTO_AUTH_OP_GENERATE) {
+			session->qat_cmd = ICP_QAT_FW_LA_CMD_CIPHER_HASH;
+			session->qat_dir = ICP_QAT_HW_CIPHER_ENCRYPT;
+			/*
+			 * It needs to create cipher desc content first,
+			 * then authentication
+			 */
+			if (qat_alg_aead_session_create_content_desc_cipher(session,
+						auth_xform->key.data,
+						auth_xform->key.length))
+				goto error_out;
+
+			if (qat_alg_aead_session_create_content_desc_auth(session,
+						key_data,
+						key_length,
+						0,
+						auth_xform->digest_length,
+						auth_xform->op))
+				goto error_out;
+		} else {
+			session->qat_cmd = ICP_QAT_FW_LA_CMD_HASH_CIPHER;
+			session->qat_dir = ICP_QAT_HW_CIPHER_DECRYPT;
+			/*
+			 * It needs to create authentication desc content first,
+			 * then cipher
+			 */
+			if (qat_alg_aead_session_create_content_desc_auth(session,
+					key_data,
+					key_length,
+					0,
+					auth_xform->digest_length,
+					auth_xform->op))
+				goto error_out;
+
+			if (qat_alg_aead_session_create_content_desc_cipher(session,
+						auth_xform->key.data,
+						auth_xform->key.length))
+				goto error_out;
+		}
+		/* Restore to authentication only only */
+		session->qat_cmd = ICP_QAT_FW_LA_CMD_AUTH;
 	} else {
 		if (qat_alg_aead_session_create_content_desc_auth(session,
-				auth_xform->key.data,
-				auth_xform->key.length,
+				key_data,
+				key_length,
 				auth_xform->add_auth_data_length,
 				auth_xform->digest_length,
 				auth_xform->op))
 			goto error_out;
 	}
+
 	session->digest_length = auth_xform->digest_length;
 	return session;
 
@@ -897,6 +943,28 @@ qat_sgl_fill_array(struct rte_mbuf *buf, uint64_t buff_start,
 	return 0;
 }
 
+static inline void
+set_cipher_iv(uint16_t iv_length, uint16_t iv_offset,
+		struct icp_qat_fw_la_cipher_req_params *cipher_param,
+		struct rte_crypto_op *op,
+		struct icp_qat_fw_la_bulk_req *qat_req)
+{
+	/* copy IV into request if it fits */
+	if (iv_length <= sizeof(cipher_param->u.cipher_IV_array)) {
+		rte_memcpy(cipher_param->u.cipher_IV_array,
+				rte_crypto_op_ctod_offset(op, uint8_t *,
+					iv_offset),
+				iv_length);
+	} else {
+		ICP_QAT_FW_LA_CIPH_IV_FLD_FLAG_SET(
+				qat_req->comn_hdr.serv_specif_flags,
+				ICP_QAT_FW_CIPH_IV_64BIT_PTR);
+		cipher_param->u.s.cipher_IV_ptr =
+				rte_crypto_op_ctophys_offset(op,
+					iv_offset);
+	}
+}
+
 static inline int
 qat_write_hw_desc_entry(struct rte_crypto_op *op, uint8_t *out_msg,
 		struct qat_crypto_op_cookie *qat_op_cookie)
@@ -912,7 +980,6 @@ qat_write_hw_desc_entry(struct rte_crypto_op *op, uint8_t *out_msg,
 	uint32_t min_ofs = 0;
 	uint64_t src_buf_start = 0, dst_buf_start = 0;
 	uint8_t do_sgl = 0;
-	uint8_t *cipher_iv_ptr = NULL;
 
 #ifdef RTE_LIBRTE_PMD_QAT_DEBUG_TX
 	if (unlikely(op->type != RTE_CRYPTO_OP_TYPE_SYMMETRIC)) {
@@ -985,22 +1052,8 @@ qat_write_hw_desc_entry(struct rte_crypto_op *op, uint8_t *out_msg,
 			cipher_ofs = op->sym->cipher.data.offset;
 		}
 
-		cipher_iv_ptr = rte_crypto_op_ctod_offset(op, uint8_t *,
-					ctx->cipher_iv.offset);
-		/* copy IV into request if it fits */
-		if (ctx->cipher_iv.length <=
-				sizeof(cipher_param->u.cipher_IV_array)) {
-			rte_memcpy(cipher_param->u.cipher_IV_array,
-					cipher_iv_ptr,
-					ctx->cipher_iv.length);
-		} else {
-			ICP_QAT_FW_LA_CIPH_IV_FLD_FLAG_SET(
-					qat_req->comn_hdr.serv_specif_flags,
-					ICP_QAT_FW_CIPH_IV_64BIT_PTR);
-			cipher_param->u.s.cipher_IV_ptr =
-					rte_crypto_op_ctophys_offset(op,
-						ctx->cipher_iv.offset);
-		}
+		set_cipher_iv(ctx->cipher_iv.length, ctx->cipher_iv.offset,
+				cipher_param, op, qat_req);
 		min_ofs = cipher_ofs;
 	}
 
@@ -1050,10 +1103,18 @@ qat_write_hw_desc_entry(struct rte_crypto_op *op, uint8_t *out_msg,
 					ICP_QAT_HW_AUTH_ALGO_GALOIS_128 ||
 				ctx->qat_hash_alg ==
 					ICP_QAT_HW_AUTH_ALGO_GALOIS_64) {
-			auth_ofs = op->sym->cipher.data.offset;
-			auth_len = op->sym->cipher.data.length;
-
-			auth_param->u1.aad_adr = op->sym->auth.aad.phys_addr;
+			/* AES-GCM */
+			if (do_cipher) {
+				auth_ofs = op->sym->cipher.data.offset;
+				auth_len = op->sym->cipher.data.length;
+
+				auth_param->u1.aad_adr = op->sym->auth.aad.phys_addr;
+			/* AES-GMAC */
+			} else {
+				set_cipher_iv(ctx->auth_iv.length,
+					ctx->auth_iv.offset,
+					cipher_param, op, qat_req);
+			}
 		} else {
 			auth_ofs = op->sym->auth.data.offset;
 			auth_len = op->sym->auth.data.length;
@@ -1169,7 +1230,8 @@ qat_write_hw_desc_entry(struct rte_crypto_op *op, uint8_t *out_msg,
 
 	if (ctx->qat_hash_alg == ICP_QAT_HW_AUTH_ALGO_GALOIS_128 ||
 			ctx->qat_hash_alg == ICP_QAT_HW_AUTH_ALGO_GALOIS_64) {
-		if (ctx->cipher_iv.length == 12) {
+		if (ctx->cipher_iv.length == 12 ||
+				ctx->auth_iv.length == 12) {
 			/*
 			 * For GCM a 12 bit IV is allowed,
 			 * but we need to inform the f/w
@@ -1178,20 +1240,13 @@ qat_write_hw_desc_entry(struct rte_crypto_op *op, uint8_t *out_msg,
 				qat_req->comn_hdr.serv_specif_flags,
 				ICP_QAT_FW_LA_GCM_IV_LEN_12_OCTETS);
 		}
-		if (op->sym->cipher.data.length == 0) {
-			/*
-			 * GMAC
-			 */
-			qat_req->comn_mid.dest_data_addr =
-				qat_req->comn_mid.src_data_addr =
-						op->sym->auth.aad.phys_addr;
+		/* GMAC */
+		if (!do_cipher) {
 			qat_req->comn_mid.dst_length =
 				qat_req->comn_mid.src_length =
 					rte_pktmbuf_data_len(op->sym->m_src);
-			cipher_param->cipher_length = 0;
-			cipher_param->cipher_offset = 0;
 			auth_param->u1.aad_adr = 0;
-			auth_param->auth_len = ctx->aad_len;
+			auth_param->auth_len = op->sym->auth.data.length;
 			auth_param->auth_off = op->sym->auth.data.offset;
 			auth_param->u2.aad_sz = 0;
 		}
@@ -1203,9 +1258,13 @@ qat_write_hw_desc_entry(struct rte_crypto_op *op, uint8_t *out_msg,
 	rte_hexdump(stdout, "src_data:",
 			rte_pktmbuf_mtod(op->sym->m_src, uint8_t*),
 			rte_pktmbuf_data_len(op->sym->m_src));
-	if (do_cipher)
+	if (do_cipher) {
+		uint8_t *cipher_iv_ptr = rte_crypto_op_ctod_offset(op,
+						uint8_t *,
+						ctx->cipher_iv.offset);
 		rte_hexdump(stdout, "cipher iv:", cipher_iv_ptr,
 				ctx->cipher_iv.length);
+	}
 
 	if (do_auth) {
 		if (ctx->auth_iv.length) {
diff --git a/drivers/crypto/qat/qat_crypto_capabilities.h b/drivers/crypto/qat/qat_crypto_capabilities.h
index fbff148..d863ccd 100644
--- a/drivers/crypto/qat/qat_crypto_capabilities.h
+++ b/drivers/crypto/qat/qat_crypto_capabilities.h
@@ -232,12 +232,11 @@
 					.max = 16,			\
 					.increment = 4			\
 				},					\
-				.aad_size = {				\
-					.min = 1,			\
-					.max = 65535,			\
-					.increment = 1			\
-				},					\
-				.iv_size = { 0 }			\
+				.iv_size = {				\
+					.min = 12,			\
+					.max = 12,			\
+					.increment = 0			\
+				}					\
 			}, }						\
 		}, }							\
 	},								\
diff --git a/lib/librte_cryptodev/rte_crypto_sym.h b/lib/librte_cryptodev/rte_crypto_sym.h
index de4031a..f174e12 100644
--- a/lib/librte_cryptodev/rte_crypto_sym.h
+++ b/lib/librte_cryptodev/rte_crypto_sym.h
@@ -84,11 +84,10 @@ enum rte_crypto_cipher_algorithm {
 	/**< AES algorithm in F8 mode */
 	RTE_CRYPTO_CIPHER_AES_GCM,
 	/**< AES algorithm in GCM mode. When this cipher algorithm is used the
-	 * *RTE_CRYPTO_AUTH_AES_GCM* or *RTE_CRYPTO_AUTH_AES_GMAC* element
-	 * of the *rte_crypto_auth_algorithm* enum MUST be used to set up
-	 * the related *rte_crypto_auth_setup_data* structure in the session
-	 * context or in the op_params of the crypto operation structure
-	 * in the case of a session-less crypto operation.
+	 * *RTE_CRYPTO_AUTH_AES_GCM* element of the *rte_crypto_auth_algorithm*
+	 * enum MUST be used to set up the related *rte_crypto_auth_setup_data*
+	 * structure in the session context or in the op_params of the crypto
+	 * operation structure in the case of a session-less crypto operation.
 	 */
 	RTE_CRYPTO_CIPHER_AES_XTS,
 	/**< AES algorithm in XTS mode */
@@ -268,13 +267,7 @@ enum rte_crypto_auth_algorithm {
 	 * op_params parameter MUST be set for a session-less crypto operation.
 	 */
 	RTE_CRYPTO_AUTH_AES_GMAC,
-	/**< AES GMAC algorithm. When this hash algorithm
-	* is used, the RTE_CRYPTO_CIPHER_AES_GCM element of the
-	* rte_crypto_cipher_algorithm enum MUST be used to set up the related
-	* rte_crypto_cipher_setup_data structure in the session context,  or
-	* the corresponding parameter in the crypto operation data structures
-	* op_params parameter MUST be set for a session-less crypto operation.
-	*/
+	/**< AES GMAC algorithm. */
 	RTE_CRYPTO_AUTH_AES_XCBC_MAC,
 	/**< AES XCBC algorithm. */
 
@@ -384,11 +377,6 @@ struct rte_crypto_auth_xform {
 	 *   block B0 and the encoded length.  The maximum permitted value in
 	 *   this case is 222 bytes.
 	 *
-	 * @note
-	 *  For AES-GMAC (@ref RTE_CRYPTO_AUTH_AES_GMAC) mode of operation
-	 *  this field is not used and should be set to 0. Instead the length
-	 *  of the AAD data is specified in additional authentication data
-	 *  length field of the rte_crypto_sym_op_data structure
 	 */
 
 	struct {
@@ -522,10 +510,6 @@ struct rte_crypto_sym_op {
 			  * values.
 			  *
 			  * @note
-			  * For AES-GMAC @ref RTE_CRYPTO_AUTH_AES_GMAC, this
-			  * field should be set to 0.
-			  *
-			  * @note
 			  * For SNOW 3G @ RTE_CRYPTO_AUTH_SNOW3G_UEA2,
 			  * KASUMI @ RTE_CRYPTO_CIPHER_KASUMI_F8
 			  * and ZUC @ RTE_CRYPTO_CIPHER_ZUC_EEA3,
@@ -547,11 +531,6 @@ struct rte_crypto_sym_op {
 			  * ignored. The field @ref aad field
 			  * should be set instead.
 			  *
-			  * @note For AES-GMAC (@ref RTE_CRYPTO_AUTH_AES_GMAC)
-			  * mode of operation, this field is set to 0. aad data
-			  * pointer of rte_crypto_sym_op_data structure is
-			  * used instead
-			  *
 			  * @note
 			  * For SNOW 3G @ RTE_CRYPTO_AUTH_SNOW3G_UIA2,
 			  * KASUMI @ RTE_CRYPTO_AUTH_KASUMI_F9
@@ -569,11 +548,6 @@ struct rte_crypto_sym_op {
 			  * instead.
 			  *
 			  * @note
-			  * For AES-GMAC @ref RTE_CRYPTO_AUTH_AES_GMAC mode
-			  * of operation, this field is set to 0.
-			  * Auth.aad.length is used instead.
-			  *
-			  * @note
 			  * For SNOW 3G @ RTE_CRYPTO_AUTH_SNOW3G_UIA2,
 			  * KASUMI @ RTE_CRYPTO_AUTH_KASUMI_F9
 			  * and ZUC @ RTE_CRYPTO_AUTH_ZUC_EIA3,
@@ -644,9 +618,6 @@ struct rte_crypto_sym_op {
 			 * any space to round this up to the nearest multiple
 			 * of the block size (16 bytes).
 			 *
-			 * @note
-			 * For AES-GMAC (@ref RTE_CRYPTO_AUTH_AES_GMAC) mode of
-			 * operation, this field is used to pass plaintext.
 			 */
 			phys_addr_t phys_addr;	/**< physical address */
 		} aad;
diff --git a/test/test/test_cryptodev.c b/test/test/test_cryptodev.c
index a1243d0..11031a0 100644
--- a/test/test/test_cryptodev.c
+++ b/test/test/test_cryptodev.c
@@ -6282,17 +6282,7 @@ create_gmac_operation(enum rte_crypto_auth_operation op,
 	struct crypto_unittest_params *ut_params = &unittest_params;
 	struct rte_crypto_sym_op *sym_op;
 
-	unsigned aad_pad_len;
-
-	aad_pad_len = RTE_ALIGN_CEIL(tdata->aad.len, 16);
-
-	/*
-	 * Runtime generate the large plain text instead of use hard code
-	 * plain text vector. It is done to avoid create huge source file
-	 * with the test vector.
-	 */
-	if (tdata->aad.len == GMAC_LARGE_PLAINTEXT_LENGTH)
-		generate_gmac_large_plaintext(tdata->aad.data);
+	uint32_t plaintext_pad_len = RTE_ALIGN_CEIL(tdata->plaintext.len, 16);
 
 	/* Generate Crypto op data structure */
 	ut_params->op = rte_crypto_op_alloc(ts_params->op_mpool,
@@ -6301,14 +6291,6 @@ create_gmac_operation(enum rte_crypto_auth_operation op,
 			"Failed to allocate symmetric crypto operation struct");
 
 	sym_op = ut_params->op->sym;
-	sym_op->auth.aad.data = (uint8_t *)rte_pktmbuf_append(ut_params->ibuf,
-			aad_pad_len);
-	TEST_ASSERT_NOT_NULL(sym_op->auth.aad.data,
-			"no room to append aad");
-
-	sym_op->auth.aad.phys_addr =
-			rte_pktmbuf_mtophys(ut_params->ibuf);
-	memcpy(sym_op->auth.aad.data, tdata->aad.data, tdata->aad.len);
 
 	sym_op->auth.digest.data = (uint8_t *)rte_pktmbuf_append(
 			ut_params->ibuf, tdata->gmac_tag.len);
@@ -6316,7 +6298,7 @@ create_gmac_operation(enum rte_crypto_auth_operation op,
 			"no room to append digest");
 
 	sym_op->auth.digest.phys_addr = rte_pktmbuf_mtophys_offset(
-			ut_params->ibuf, aad_pad_len);
+			ut_params->ibuf, plaintext_pad_len);
 
 	if (op == RTE_CRYPTO_AUTH_OP_VERIFY) {
 		rte_memcpy(sym_op->auth.digest.data, tdata->gmac_tag.data,
@@ -6337,31 +6319,20 @@ create_gmac_operation(enum rte_crypto_auth_operation op,
 	sym_op->cipher.data.offset = 0;
 
 	sym_op->auth.data.offset = 0;
-	sym_op->auth.data.length = 0;
+	sym_op->auth.data.length = tdata->plaintext.len;
 
 	return 0;
 }
 
 static int create_gmac_session(uint8_t dev_id,
-		enum rte_crypto_cipher_operation op,
 		const struct gmac_test_data *tdata,
 		enum rte_crypto_auth_operation auth_op)
 {
-	uint8_t cipher_key[tdata->key.len];
+	uint8_t auth_key[tdata->key.len];
 
 	struct crypto_unittest_params *ut_params = &unittest_params;
 
-	memcpy(cipher_key, tdata->key.data, tdata->key.len);
-
-	/* For GMAC we setup cipher parameters */
-	ut_params->cipher_xform.type = RTE_CRYPTO_SYM_XFORM_CIPHER;
-	ut_params->cipher_xform.next = NULL;
-	ut_params->cipher_xform.cipher.algo = RTE_CRYPTO_CIPHER_AES_GCM;
-	ut_params->cipher_xform.cipher.op = op;
-	ut_params->cipher_xform.cipher.key.data = cipher_key;
-	ut_params->cipher_xform.cipher.key.length = tdata->key.len;
-	ut_params->cipher_xform.cipher.iv.offset = IV_OFFSET;
-	ut_params->cipher_xform.cipher.iv.length = tdata->iv.len;
+	memcpy(auth_key, tdata->key.data, tdata->key.len);
 
 	ut_params->auth_xform.type = RTE_CRYPTO_SYM_XFORM_AUTH;
 	ut_params->auth_xform.next = NULL;
@@ -6369,14 +6340,15 @@ static int create_gmac_session(uint8_t dev_id,
 	ut_params->auth_xform.auth.algo = RTE_CRYPTO_AUTH_AES_GMAC;
 	ut_params->auth_xform.auth.op = auth_op;
 	ut_params->auth_xform.auth.digest_length = tdata->gmac_tag.len;
-	ut_params->auth_xform.auth.add_auth_data_length = tdata->aad.len;
-	ut_params->auth_xform.auth.key.length = 0;
-	ut_params->auth_xform.auth.key.data = NULL;
+	ut_params->auth_xform.auth.add_auth_data_length = 0;
+	ut_params->auth_xform.auth.key.length = tdata->key.len;
+	ut_params->auth_xform.auth.key.data = auth_key;
+	ut_params->auth_xform.auth.iv.offset = IV_OFFSET;
+	ut_params->auth_xform.auth.iv.length = tdata->iv.len;
 
-	ut_params->cipher_xform.next = &ut_params->auth_xform;
 
 	ut_params->sess = rte_cryptodev_sym_session_create(dev_id,
-			&ut_params->cipher_xform);
+			&ut_params->auth_xform);
 
 	TEST_ASSERT_NOT_NULL(ut_params->sess, "Session creation failed");
 
@@ -6391,20 +6363,19 @@ test_AES_GMAC_authentication(const struct gmac_test_data *tdata)
 
 	int retval;
 
-	uint8_t *auth_tag, *p;
-	uint16_t aad_pad_len;
+	uint8_t *auth_tag, *plaintext;
+	uint16_t plaintext_pad_len;
 
 	TEST_ASSERT_NOT_EQUAL(tdata->gmac_tag.len, 0,
 			      "No GMAC length in the source data");
 
 	retval = create_gmac_session(ts_params->valid_devs[0],
-			RTE_CRYPTO_CIPHER_OP_ENCRYPT,
 			tdata, RTE_CRYPTO_AUTH_OP_GENERATE);
 
 	if (retval < 0)
 		return retval;
 
-	if (tdata->aad.len > MBUF_SIZE)
+	if (tdata->plaintext.len > MBUF_SIZE)
 		ut_params->ibuf = rte_pktmbuf_alloc(ts_params->large_mbuf_pool);
 	else
 		ut_params->ibuf = rte_pktmbuf_alloc(ts_params->mbuf_pool);
@@ -6414,9 +6385,22 @@ test_AES_GMAC_authentication(const struct gmac_test_data *tdata)
 	memset(rte_pktmbuf_mtod(ut_params->ibuf, uint8_t *), 0,
 			rte_pktmbuf_tailroom(ut_params->ibuf));
 
-	aad_pad_len = RTE_ALIGN_CEIL(tdata->aad.len, 16);
+	plaintext_pad_len = RTE_ALIGN_CEIL(tdata->plaintext.len, 16);
+	/*
+	 * Runtime generate the large plain text instead of use hard code
+	 * plain text vector. It is done to avoid create huge source file
+	 * with the test vector.
+	 */
+	if (tdata->plaintext.len == GMAC_LARGE_PLAINTEXT_LENGTH)
+		generate_gmac_large_plaintext(tdata->plaintext.data);
+
+	plaintext = (uint8_t *)rte_pktmbuf_append(ut_params->ibuf,
+				plaintext_pad_len);
+	TEST_ASSERT_NOT_NULL(plaintext, "no room to append plaintext");
 
-	p = rte_pktmbuf_mtod(ut_params->ibuf, uint8_t *);
+	memcpy(plaintext, tdata->plaintext.data, tdata->plaintext.len);
+	TEST_HEXDUMP(stdout, "plaintext:", plaintext,
+			tdata->plaintext.len);
 
 	retval = create_gmac_operation(RTE_CRYPTO_AUTH_OP_GENERATE,
 			tdata);
@@ -6436,9 +6420,9 @@ test_AES_GMAC_authentication(const struct gmac_test_data *tdata)
 
 	if (ut_params->op->sym->m_dst) {
 		auth_tag = rte_pktmbuf_mtod_offset(ut_params->op->sym->m_dst,
-				uint8_t *, aad_pad_len);
+				uint8_t *, plaintext_pad_len);
 	} else {
-		auth_tag = p + aad_pad_len;
+		auth_tag = plaintext + plaintext_pad_len;
 	}
 
 	TEST_HEXDUMP(stdout, "auth tag:", auth_tag, tdata->gmac_tag.len);
@@ -6482,18 +6466,19 @@ test_AES_GMAC_authentication_verify(const struct gmac_test_data *tdata)
 	struct crypto_testsuite_params *ts_params = &testsuite_params;
 	struct crypto_unittest_params *ut_params = &unittest_params;
 	int retval;
+	uint32_t plaintext_pad_len;
+	uint8_t *plaintext;
 
 	TEST_ASSERT_NOT_EQUAL(tdata->gmac_tag.len, 0,
 			      "No GMAC length in the source data");
 
 	retval = create_gmac_session(ts_params->valid_devs[0],
-			RTE_CRYPTO_CIPHER_OP_DECRYPT,
 			tdata, RTE_CRYPTO_AUTH_OP_VERIFY);
 
 	if (retval < 0)
 		return retval;
 
-	if (tdata->aad.len > MBUF_SIZE)
+	if (tdata->plaintext.len > MBUF_SIZE)
 		ut_params->ibuf = rte_pktmbuf_alloc(ts_params->large_mbuf_pool);
 	else
 		ut_params->ibuf = rte_pktmbuf_alloc(ts_params->mbuf_pool);
@@ -6503,6 +6488,24 @@ test_AES_GMAC_authentication_verify(const struct gmac_test_data *tdata)
 	memset(rte_pktmbuf_mtod(ut_params->ibuf, uint8_t *), 0,
 			rte_pktmbuf_tailroom(ut_params->ibuf));
 
+	plaintext_pad_len = RTE_ALIGN_CEIL(tdata->plaintext.len, 16);
+
+	/*
+	 * Runtime generate the large plain text instead of use hard code
+	 * plain text vector. It is done to avoid create huge source file
+	 * with the test vector.
+	 */
+	if (tdata->plaintext.len == GMAC_LARGE_PLAINTEXT_LENGTH)
+		generate_gmac_large_plaintext(tdata->plaintext.data);
+
+	plaintext = (uint8_t *)rte_pktmbuf_append(ut_params->ibuf,
+				plaintext_pad_len);
+	TEST_ASSERT_NOT_NULL(plaintext, "no room to append plaintext");
+
+	memcpy(plaintext, tdata->plaintext.data, tdata->plaintext.len);
+	TEST_HEXDUMP(stdout, "plaintext:", plaintext,
+			tdata->plaintext.len);
+
 	retval = create_gmac_operation(RTE_CRYPTO_AUTH_OP_VERIFY,
 			tdata);
 
@@ -6616,8 +6619,7 @@ hmac_sha1_test_crypto_vector = {
 static const struct test_crypto_vector
 aes128_gmac_test_vector = {
 	.auth_algo = RTE_CRYPTO_AUTH_AES_GMAC,
-	.crypto_algo = RTE_CRYPTO_CIPHER_AES_GCM,
-	.aad = {
+	.plaintext = {
 		.data = plaintext_hash,
 		.len = 512
 	},
@@ -6628,7 +6630,7 @@ aes128_gmac_test_vector = {
 		},
 		.len = 12
 	},
-	.cipher_key = {
+	.auth_key = {
 		.data = {
 			0x42, 0x1A, 0x7D, 0x3D, 0xF5, 0x82, 0x80, 0xF1,
 			0xF1, 0x35, 0x5C, 0x3B, 0xDD, 0x9A, 0x65, 0xBA
@@ -6746,22 +6748,28 @@ create_auth_cipher_session(struct crypto_unittest_params *ut_params,
 	/* Setup Authentication Parameters */
 	ut_params->auth_xform.type = RTE_CRYPTO_SYM_XFORM_AUTH;
 	ut_params->auth_xform.auth.op = auth_op;
-	ut_params->auth_xform.next = &ut_params->cipher_xform;
 	ut_params->auth_xform.auth.algo = reference->auth_algo;
 	ut_params->auth_xform.auth.key.length = reference->auth_key.len;
 	ut_params->auth_xform.auth.key.data = auth_key;
 	ut_params->auth_xform.auth.digest_length = reference->digest.len;
-	ut_params->auth_xform.auth.add_auth_data_length = reference->aad.len;
 
-	/* Setup Cipher Parameters */
-	ut_params->cipher_xform.type = RTE_CRYPTO_SYM_XFORM_CIPHER;
-	ut_params->cipher_xform.next = NULL;
-	ut_params->cipher_xform.cipher.algo = reference->crypto_algo;
-	ut_params->cipher_xform.cipher.op = cipher_op;
-	ut_params->cipher_xform.cipher.key.data = cipher_key;
-	ut_params->cipher_xform.cipher.key.length = reference->cipher_key.len;
-	ut_params->cipher_xform.cipher.iv.offset = IV_OFFSET;
-	ut_params->cipher_xform.cipher.iv.length = reference->iv.len;
+	if (reference->auth_algo == RTE_CRYPTO_AUTH_AES_GMAC) {
+		ut_params->auth_xform.auth.iv.offset = IV_OFFSET;
+		ut_params->auth_xform.auth.iv.length = reference->iv.len;
+	} else {
+		ut_params->auth_xform.next = &ut_params->cipher_xform;
+		ut_params->auth_xform.auth.add_auth_data_length = reference->aad.len;
+
+		/* Setup Cipher Parameters */
+		ut_params->cipher_xform.type = RTE_CRYPTO_SYM_XFORM_CIPHER;
+		ut_params->cipher_xform.next = NULL;
+		ut_params->cipher_xform.cipher.algo = reference->crypto_algo;
+		ut_params->cipher_xform.cipher.op = cipher_op;
+		ut_params->cipher_xform.cipher.key.data = cipher_key;
+		ut_params->cipher_xform.cipher.key.length = reference->cipher_key.len;
+		ut_params->cipher_xform.cipher.iv.offset = IV_OFFSET;
+		ut_params->cipher_xform.cipher.iv.length = reference->iv.len;
+	}
 
 	/* Create Crypto session*/
 	ut_params->sess = rte_cryptodev_sym_session_create(dev_id,
@@ -6839,16 +6847,6 @@ create_auth_GMAC_operation(struct crypto_testsuite_params *ts_params,
 	/* set crypto operation source mbuf */
 	sym_op->m_src = ut_params->ibuf;
 
-	/* aad */
-	sym_op->auth.aad.data = (uint8_t *)rte_pktmbuf_append(ut_params->ibuf,
-			reference->aad.len);
-	TEST_ASSERT_NOT_NULL(sym_op->auth.aad.data, "no room to append AAD");
-	memcpy(sym_op->auth.aad.data, reference->aad.data, reference->aad.len);
-
-	TEST_HEXDUMP(stdout, "AAD:", sym_op->auth.aad.data, reference->aad.len);
-
-	sym_op->auth.aad.phys_addr = rte_pktmbuf_mtophys(ut_params->ibuf);
-
 	/* digest */
 	sym_op->auth.digest.data = (uint8_t *)rte_pktmbuf_append(
 			ut_params->ibuf, reference->digest.len);
@@ -6876,7 +6874,7 @@ create_auth_GMAC_operation(struct crypto_testsuite_params *ts_params,
 	sym_op->cipher.data.length = 0;
 	sym_op->cipher.data.offset = 0;
 
-	sym_op->auth.data.length = 0;
+	sym_op->auth.data.length = reference->plaintext.len;
 	sym_op->auth.data.offset = 0;
 
 	return 0;
@@ -7026,6 +7024,7 @@ test_authentication_verify_GMAC_fail_when_corruption(
 		unsigned int data_corrupted)
 {
 	int retval;
+	uint8_t *plaintext;
 
 	/* Create session */
 	retval = create_auth_cipher_session(ut_params,
@@ -7044,6 +7043,13 @@ test_authentication_verify_GMAC_fail_when_corruption(
 	memset(rte_pktmbuf_mtod(ut_params->ibuf, uint8_t *), 0,
 			rte_pktmbuf_tailroom(ut_params->ibuf));
 
+	plaintext = (uint8_t *)rte_pktmbuf_append(ut_params->ibuf,
+			reference->plaintext.len);
+	TEST_ASSERT_NOT_NULL(plaintext, "no room to append plaintext");
+	memcpy(plaintext, reference->plaintext.data, reference->plaintext.len);
+
+	TEST_HEXDUMP(stdout, "plaintext:", plaintext, reference->plaintext.len);
+
 	/* Create operation */
 	retval = create_auth_verify_GMAC_operation(ts_params,
 			ut_params,
@@ -7053,10 +7059,9 @@ test_authentication_verify_GMAC_fail_when_corruption(
 		return retval;
 
 	if (data_corrupted)
-		data_corruption(ut_params->op->sym->auth.aad.data);
+		data_corruption(plaintext);
 	else
-		tag_corruption(ut_params->op->sym->auth.aad.data,
-				reference->aad.len);
+		tag_corruption(plaintext, reference->aad.len);
 
 	ut_params->op = process_crypto_request(ts_params->valid_devs[0],
 			ut_params->op);
diff --git a/test/test/test_cryptodev_gcm_test_vectors.h b/test/test/test_cryptodev_gcm_test_vectors.h
index 5764edb..ac4b0d4 100644
--- a/test/test/test_cryptodev_gcm_test_vectors.h
+++ b/test/test/test_cryptodev_gcm_test_vectors.h
@@ -92,11 +92,6 @@ struct gmac_test_data {
 	struct {
 		uint8_t *data;
 		unsigned len;
-	} aad;
-
-	struct {
-		uint8_t *data;
-		unsigned len;
 	} plaintext;
 
 	struct {
@@ -1484,14 +1479,10 @@ static const struct gmac_test_data gmac_test_case_1 = {
 			0xde, 0xca, 0xf8, 0x88 },
 		.len = 12
 	},
-	.aad = {
+	.plaintext = {
 		.data = gmac_plaintext,
 		.len = 160
 	},
-	.plaintext = {
-		.data = NULL,
-		.len = 0
-	},
 	.gmac_tag = {
 		.data = {
 			0x4C, 0x0C, 0x4F, 0x47, 0x2D, 0x78, 0xF6, 0xD8,
@@ -1516,14 +1507,10 @@ static const struct gmac_test_data gmac_test_case_2 = {
 		    0x55, 0x61, 0xf0, 0x43, 0x15, },
 		.len = 12
 	},
-	.aad = {
+	.plaintext = {
 		.data = gmac_plaintext,
 		.len = 80
 	},
-	.plaintext = {
-		.data = NULL,
-		.len = 0
-	},
 	.gmac_tag = {
 		.data = {
 		    0xCF, 0x82, 0x80, 0x64, 0x02, 0x46, 0xF4, 0xFB,
@@ -1550,14 +1537,10 @@ static const struct gmac_test_data gmac_test_case_3 = {
 		},
 		.len = 12
 	},
-	.aad = {
+	.plaintext = {
 		.data = gmac_plaintext,
 		.len = 65
 	},
-	.plaintext = {
-		.data = NULL,
-		.len = 0
-	},
 	.gmac_tag = {
 		.data = {
 			0x77, 0x46, 0x0D, 0x6F, 0xB1, 0x87, 0xDB, 0xA9,
@@ -2214,14 +2197,10 @@ static const struct gmac_test_data gmac_test_case_4 = {
 		},
 		.len = 12
 	},
-	.aad = {
+	.plaintext = {
 		.data = gmac_plaintext,
 		.len = GMAC_LARGE_PLAINTEXT_LENGTH
 	},
-	.plaintext = {
-		.data = NULL,
-		.len = 0
-	},
 	.gmac_tag = {
 		.data = {
 			0x3f, 0x07, 0xcb, 0xb9, 0x86, 0x3a, 0xea, 0xc2,
-- 
2.9.4

^ permalink raw reply	[flat|nested] 100+ messages in thread

* [dpdk-dev] [PATCH v2 20/27] cryptodev: add AEAD specific data
  2017-06-26 10:22 ` [dpdk-dev] [PATCH v2 00/27] Crypto operation restructuring Pablo de Lara
                     ` (18 preceding siblings ...)
  2017-06-26 10:22   ` [dpdk-dev] [PATCH v2 19/27] cryptodev: set AES-GMAC as auth-only algo Pablo de Lara
@ 2017-06-26 10:22   ` Pablo de Lara
  2017-06-26 10:22   ` [dpdk-dev] [PATCH v2 21/27] cryptodev: add AEAD parameters in crypto operation Pablo de Lara
                     ` (8 subsequent siblings)
  28 siblings, 0 replies; 100+ messages in thread
From: Pablo de Lara @ 2017-06-26 10:22 UTC (permalink / raw)
  To: declan.doherty, zbigniew.bodek, jerin.jacob, akhil.goyal, hemant.agrawal
  Cc: dev, Pablo de Lara

AEAD algorithms such as AES-GCM needed to be
used as a concatenation of a cipher transform and
an authentication transform.

Instead, a new transform and functions to handle it
are created to support these kind of algorithms,
making their use easier.

Signed-off-by: Pablo de Lara <pablo.de.lara.guarch@intel.com>
---
 doc/guides/prog_guide/cryptodev_lib.rst          | 14 +++--
 doc/guides/prog_guide/img/crypto_xform_chain.svg |  8 ++-
 doc/guides/rel_notes/release_17_08.rst           |  6 ++
 lib/librte_cryptodev/rte_crypto_sym.h            | 80 +++++++++++++++++++++++-
 lib/librte_cryptodev/rte_cryptodev.c             | 61 ++++++++++++++++++
 lib/librte_cryptodev/rte_cryptodev.h             | 52 ++++++++++++++-
 lib/librte_cryptodev/rte_cryptodev_version.map   | 10 +++
 7 files changed, 221 insertions(+), 10 deletions(-)

diff --git a/doc/guides/prog_guide/cryptodev_lib.rst b/doc/guides/prog_guide/cryptodev_lib.rst
index e036611..b888554 100644
--- a/doc/guides/prog_guide/cryptodev_lib.rst
+++ b/doc/guides/prog_guide/cryptodev_lib.rst
@@ -188,8 +188,9 @@ the device having hardware acceleration or supporting symmetric Crypto
 operations,
 
 The capabilities mechanism defines the individual algorithms/functions which
-the device supports, such as a specific symmetric Crypto cipher or
-authentication operation.
+the device supports, such as a specific symmetric Crypto cipher,
+authentication operation or Authenticated Encryption with Associated Data
+(AEAD) operation.
 
 
 Device Features
@@ -477,9 +478,8 @@ operations such as cipher encrypt and authentication generate, the next pointer
 allows transform to be chained together. Crypto devices which support chaining
 must publish the chaining of symmetric Crypto operations feature flag.
 
-Currently there are two transforms types cipher and authentication, to specify
-an AEAD operation it is required to chain a cipher and an authentication
-transform together. Also it is important to note that the order in which the
+Currently there are three transforms types cipher, authentication and AEAD.
+Also it is important to note that the order in which the
 transforms are passed indicates the order of the chaining.
 
 .. code-block:: c
@@ -494,6 +494,8 @@ transforms are passed indicates the order of the chaining.
             /**< Authentication / hash xform */
             struct rte_crypto_cipher_xform cipher;
             /**< Cipher xform */
+            struct rte_crypto_aead_xform aead;
+            /**< AEAD xform */
         };
     };
 
@@ -514,7 +516,7 @@ operations.
 
 As a minimum the symmetric operation must have a source data buffer (``m_src``),
 a valid session (or transform chain if in session-less mode) and the minimum
-authentication/ cipher parameters required depending on the type of operation
+authentication/ cipher/ AEAD parameters required depending on the type of operation
 specified in the session or the transform
 chain.
 
diff --git a/doc/guides/prog_guide/img/crypto_xform_chain.svg b/doc/guides/prog_guide/img/crypto_xform_chain.svg
index 4670a07..1368163 100644
--- a/doc/guides/prog_guide/img/crypto_xform_chain.svg
+++ b/doc/guides/prog_guide/img/crypto_xform_chain.svg
@@ -69,7 +69,9 @@
 						class="st3">auth</tspan><tspan class="st3">_</tspan><tspan class="st3">xform  </tspan><tspan x="16.02"
 						dy="1.425em" class="st4">struct </tspan><tspan class="st3">rte</tspan><tspan class="st3">_</tspan><tspan
 						class="st3">crypto</tspan><tspan class="st3">_</tspan><tspan class="st3">cipher</tspan><tspan class="st3">_</tspan><tspan
-						class="st3">xform</tspan></text>		</g>
+						class="st3">xform</tspan><tspan x="18.76" dy="1.425em" class="st4">struct </tspan><tspan
+                                                class="st3">rte</tspan><tspan class="st3">_</tspan><tspan class="st3">crypto</tspan><tspan class="st3">_</tspan><tspan
+                                                class="st3">aead</tspan><tspan class="st3">_</tspan><tspan class="st3">xform</tspan></text>		</g>
 		<g id="shape11-38" transform="translate(10.6711,-238.133)">
 			<title>Rounded Rectangle.26</title>
 			<desc>next transform (struct rte_crypto_sym_xform *)</desc>
@@ -116,7 +118,9 @@
 						class="st3">auth</tspan><tspan class="st3">_</tspan><tspan class="st3">xform  </tspan><tspan x="16.02"
 						dy="1.425em" class="st4">struct </tspan><tspan class="st3">rte</tspan><tspan class="st3">_</tspan><tspan
 						class="st3">crypto</tspan><tspan class="st3">_</tspan><tspan class="st3">cipher</tspan><tspan class="st3">_</tspan><tspan
-						class="st3">xform</tspan></text>		</g>
+						class="st3">xform</tspan><tspan x="18.76" dy="1.425em" class="st4">struct </tspan><tspan
+                                                class="st3">rte</tspan><tspan class="st3">_</tspan><tspan class="st3">crypto</tspan><tspan class="st3">_</tspan><tspan
+                                                class="st3">aead</tspan><tspan class="st3">_</tspan><tspan class="st3">xform</tspan></text>		</g>
 		<g id="shape15-102" transform="translate(209.592,-163.865)">
 			<title>Rounded Rectangle.32</title>
 			<desc>next transform (struct rte_crypto_sym_xform *)</desc>
diff --git a/doc/guides/rel_notes/release_17_08.rst b/doc/guides/rel_notes/release_17_08.rst
index a544639..b920142 100644
--- a/doc/guides/rel_notes/release_17_08.rst
+++ b/doc/guides/rel_notes/release_17_08.rst
@@ -75,6 +75,12 @@ New Features
 
   Added support for firmwares with multiple Ethernet ports per physical port.
 
+* **Updated cryptodev library.**
+
+  Added AEAD algorithm specific functions and structures, so it is not
+  necessary to use a combination of cipher and authentication
+  structures anymore.
+
 
 Resolved Issues
 ---------------
diff --git a/lib/librte_cryptodev/rte_crypto_sym.h b/lib/librte_cryptodev/rte_crypto_sym.h
index f174e12..db3957e 100644
--- a/lib/librte_cryptodev/rte_crypto_sym.h
+++ b/lib/librte_cryptodev/rte_crypto_sym.h
@@ -404,11 +404,87 @@ struct rte_crypto_auth_xform {
 	} iv;	/**< Initialisation vector parameters */
 };
 
+
+/** Symmetric AEAD Algorithms */
+enum rte_crypto_aead_algorithm {
+	RTE_CRYPTO_AEAD_AES_CCM = 1,
+	/**< AES algorithm in CCM mode. */
+	RTE_CRYPTO_AEAD_AES_GCM,
+	/**< AES algorithm in GCM mode. */
+	RTE_CRYPTO_AEAD_LIST_END
+};
+
+/** AEAD algorithm name strings */
+extern const char *
+rte_crypto_aead_algorithm_strings[];
+
+/** Symmetric AEAD Operations */
+enum rte_crypto_aead_operation {
+	RTE_CRYPTO_AEAD_OP_ENCRYPT,
+	/**< Encrypt and generate digest */
+	RTE_CRYPTO_AEAD_OP_DECRYPT
+	/**< Verify digest and decrypt */
+};
+
+/** Authentication operation name strings */
+extern const char *
+rte_crypto_aead_operation_strings[];
+
+struct rte_crypto_aead_xform {
+	enum rte_crypto_aead_operation op;
+	/**< AEAD operation type */
+	enum rte_crypto_aead_algorithm algo;
+	/**< AEAD algorithm selection */
+
+	struct {
+		uint8_t *data;  /**< pointer to key data */
+		size_t length;   /**< key length in bytes */
+	} key;
+
+	struct {
+		uint16_t offset;
+		/**< Starting point for Initialisation Vector or Counter,
+		 * specified as number of bytes from start of crypto
+		 * operation (rte_crypto_op).
+		 *
+		 * - For GCM mode, this is either the IV (if the length
+		 * is 96 bits) or J0 (for other sizes), where J0 is as
+		 * defined by NIST SP800-38D. Regardless of the IV
+		 * length, a full 16 bytes needs to be allocated.
+		 *
+		 * - For CCM mode, the first byte is reserved, and the
+		 * nonce should be written starting at &iv[1] (to allow
+		 * space for the implementation to write in the flags
+		 * in the first byte). Note that a full 16 bytes should
+		 * be allocated, even though the length field will
+		 * have a value less than this.
+		 *
+		 * For optimum performance, the data pointed to SHOULD
+		 * be 8-byte aligned.
+		 */
+		uint16_t length;
+		/**< Length of valid IV data.
+		 *
+		 * - For GCM mode, this is either 12 (for 96-bit IVs)
+		 * or 16, in which case data points to J0.
+		 *
+		 * - For CCM mode, this is the length of the nonce,
+		 * which can be in the range 7 to 13 inclusive.
+		 */
+	} iv;	/**< Initialisation vector parameters */
+
+	uint32_t digest_length;
+
+	uint16_t add_auth_data_length;
+	/**< The length of the additional authenticated data (AAD) in bytes. */
+};
+
 /** Crypto transformation types */
 enum rte_crypto_sym_xform_type {
 	RTE_CRYPTO_SYM_XFORM_NOT_SPECIFIED = 0,	/**< No xform specified */
 	RTE_CRYPTO_SYM_XFORM_AUTH,		/**< Authentication xform */
-	RTE_CRYPTO_SYM_XFORM_CIPHER		/**< Cipher xform  */
+	RTE_CRYPTO_SYM_XFORM_CIPHER,		/**< Cipher xform  */
+	RTE_CRYPTO_SYM_XFORM_AEAD		/**< AEAD xform  */
 };
 
 /**
@@ -431,6 +507,8 @@ struct rte_crypto_sym_xform {
 		/**< Authentication / hash xform */
 		struct rte_crypto_cipher_xform cipher;
 		/**< Cipher xform */
+		struct rte_crypto_aead_xform aead;
+		/**< AEAD xform */
 	};
 };
 
diff --git a/lib/librte_cryptodev/rte_cryptodev.c b/lib/librte_cryptodev/rte_cryptodev.c
index 5aa177f..60dc5e5 100644
--- a/lib/librte_cryptodev/rte_cryptodev.c
+++ b/lib/librte_cryptodev/rte_cryptodev.c
@@ -176,6 +176,26 @@ rte_crypto_auth_algorithm_strings[] = {
 	[RTE_CRYPTO_AUTH_ZUC_EIA3]	= "zuc-eia3"
 };
 
+/**
+ * The crypto AEAD algorithm strings identifiers.
+ * It could be used in application command line.
+ */
+const char *
+rte_crypto_aead_algorithm_strings[] = {
+	[RTE_CRYPTO_AEAD_AES_CCM]	= "aes-ccm",
+	[RTE_CRYPTO_AEAD_AES_GCM]	= "aes-gcm",
+};
+
+/**
+ * The crypto AEAD operation strings identifiers.
+ * It could be used in application command line.
+ */
+const char *
+rte_crypto_aead_operation_strings[] = {
+	[RTE_CRYPTO_AEAD_OP_ENCRYPT]	= "encrypt",
+	[RTE_CRYPTO_AEAD_OP_DECRYPT]	= "decrypt"
+};
+
 int
 rte_cryptodev_get_cipher_algo_enum(enum rte_crypto_cipher_algorithm *algo_enum,
 		const char *algo_string)
@@ -210,6 +230,23 @@ rte_cryptodev_get_auth_algo_enum(enum rte_crypto_auth_algorithm *algo_enum,
 	return -1;
 }
 
+int
+rte_cryptodev_get_aead_algo_enum(enum rte_crypto_aead_algorithm *algo_enum,
+		const char *algo_string)
+{
+	unsigned int i;
+
+	for (i = 1; i < RTE_DIM(rte_crypto_aead_algorithm_strings); i++) {
+		if (strcmp(algo_string, rte_crypto_aead_algorithm_strings[i]) == 0) {
+			*algo_enum = (enum rte_crypto_aead_algorithm) i;
+			return 0;
+		}
+	}
+
+	/* Invalid string */
+	return -1;
+}
+
 /**
  * The crypto auth operation strings identifiers.
  * It could be used in application command line.
@@ -245,6 +282,10 @@ rte_cryptodev_sym_capability_get(uint8_t dev_id,
 		if (idx->type == RTE_CRYPTO_SYM_XFORM_CIPHER &&
 			capability->sym.cipher.algo == idx->algo.cipher)
 			return &capability->sym;
+
+		if (idx->type == RTE_CRYPTO_SYM_XFORM_AEAD &&
+				capability->sym.aead.algo == idx->algo.aead)
+			return &capability->sym;
 	}
 
 	return NULL;
@@ -290,6 +331,26 @@ rte_cryptodev_sym_capability_check_auth(
 	return 0;
 }
 
+int
+rte_cryptodev_sym_capability_check_aead(
+		const struct rte_cryptodev_symmetric_capability *capability,
+		uint16_t key_size, uint16_t digest_size, uint16_t aad_size,
+		uint16_t iv_size)
+{
+	if (param_range_check(key_size, capability->aead.key_size))
+		return -1;
+
+	if (param_range_check(digest_size, capability->aead.digest_size))
+		return -1;
+
+	if (param_range_check(aad_size, capability->aead.aad_size))
+		return -1;
+
+	if (param_range_check(iv_size, capability->aead.iv_size))
+		return -1;
+
+	return 0;
+}
 
 const char *
 rte_cryptodev_get_feature_name(uint64_t flag)
diff --git a/lib/librte_cryptodev/rte_cryptodev.h b/lib/librte_cryptodev/rte_cryptodev.h
index 75b423a..c47a3f6 100644
--- a/lib/librte_cryptodev/rte_cryptodev.h
+++ b/lib/librte_cryptodev/rte_cryptodev.h
@@ -170,7 +170,7 @@ struct rte_crypto_param_range {
  */
 struct rte_cryptodev_symmetric_capability {
 	enum rte_crypto_sym_xform_type xform_type;
-	/**< Transform type : Authentication / Cipher */
+	/**< Transform type : Authentication / Cipher / AEAD */
 	RTE_STD_C11
 	union {
 		struct {
@@ -199,6 +199,20 @@ struct rte_cryptodev_symmetric_capability {
 			/**< Initialisation vector data size range */
 		} cipher;
 		/**< Symmetric Cipher transform capabilities */
+		struct {
+			enum rte_crypto_aead_algorithm algo;
+			/**< AEAD algorithm */
+			uint16_t block_size;
+			/**< algorithm block size */
+			struct rte_crypto_param_range key_size;
+			/**< AEAD key size range */
+			struct rte_crypto_param_range digest_size;
+			/**< digest size range */
+			struct rte_crypto_param_range aad_size;
+			/**< Additional authentication data size range */
+			struct rte_crypto_param_range iv_size;
+			/**< Initialisation vector data size range */
+		} aead;
 	};
 };
 
@@ -220,6 +234,7 @@ struct rte_cryptodev_sym_capability_idx {
 	union {
 		enum rte_crypto_cipher_algorithm cipher;
 		enum rte_crypto_auth_algorithm auth;
+		enum rte_crypto_aead_algorithm aead;
 	} algo;
 };
 
@@ -275,6 +290,26 @@ rte_cryptodev_sym_capability_check_auth(
 		uint16_t iv_size);
 
 /**
+ * Check if key, digest, AAD and initial vector sizes are supported
+ * in crypto AEAD capability
+ *
+ * @param	capability	Description of the symmetric crypto capability.
+ * @param	key_size	AEAD key size.
+ * @param	digest_size	AEAD digest size.
+ * @param	aad_size	AEAD AAD size.
+ * @param	iv_size		AEAD IV size.
+ *
+ * @return
+ *   - Return 0 if the parameters are in range of the capability.
+ *   - Return -1 if the parameters are out of range of the capability.
+ */
+int
+rte_cryptodev_sym_capability_check_aead(
+		const struct rte_cryptodev_symmetric_capability *capability,
+		uint16_t key_size, uint16_t digest_size, uint16_t aad_size,
+		uint16_t iv_size);
+
+/**
  * Provide the cipher algorithm enum, given an algorithm string
  *
  * @param	algo_enum	A pointer to the cipher algorithm
@@ -304,6 +339,21 @@ int
 rte_cryptodev_get_auth_algo_enum(enum rte_crypto_auth_algorithm *algo_enum,
 		const char *algo_string);
 
+/**
+ * Provide the AEAD algorithm enum, given an algorithm string
+ *
+ * @param	algo_enum	A pointer to the AEAD algorithm
+ *				enum to be filled
+ * @param	algo_string	AEAD algorithm string
+ *
+ * @return
+ * - Return -1 if string is not valid
+ * - Return 0 is the string is valid
+ */
+int
+rte_cryptodev_get_aead_algo_enum(enum rte_crypto_aead_algorithm *algo_enum,
+		const char *algo_string);
+
 /** Macro used at end of crypto PMD list */
 #define RTE_CRYPTODEV_END_OF_CAPABILITIES_LIST() \
 	{ RTE_CRYPTO_OP_TYPE_UNDEFINED }
diff --git a/lib/librte_cryptodev/rte_cryptodev_version.map b/lib/librte_cryptodev/rte_cryptodev_version.map
index b6c8ab8..fe79a4a 100644
--- a/lib/librte_cryptodev/rte_cryptodev_version.map
+++ b/lib/librte_cryptodev/rte_cryptodev_version.map
@@ -58,3 +58,13 @@ DPDK_17.05 {
 	rte_cryptodev_queue_pair_detach_sym_session;
 
 } DPDK_17.02;
+
+DPDK_17.08 {
+	global:
+
+	rte_cryptodev_get_aead_algo_enum;
+	rte_cryptodev_sym_capability_check_aead;
+	rte_crypto_aead_algorithm_strings;
+	rte_crypto_aead_operation_strings;
+
+} DPDK_17.05;
-- 
2.9.4

^ permalink raw reply	[flat|nested] 100+ messages in thread

* [dpdk-dev] [PATCH v2 21/27] cryptodev: add AEAD parameters in crypto operation
  2017-06-26 10:22 ` [dpdk-dev] [PATCH v2 00/27] Crypto operation restructuring Pablo de Lara
                     ` (19 preceding siblings ...)
  2017-06-26 10:22   ` [dpdk-dev] [PATCH v2 20/27] cryptodev: add AEAD specific data Pablo de Lara
@ 2017-06-26 10:22   ` Pablo de Lara
  2017-06-26 10:22   ` [dpdk-dev] [PATCH v2 22/27] examples/l2fwd-crypto: avoid too many tabs Pablo de Lara
                     ` (7 subsequent siblings)
  28 siblings, 0 replies; 100+ messages in thread
From: Pablo de Lara @ 2017-06-26 10:22 UTC (permalink / raw)
  To: declan.doherty, zbigniew.bodek, jerin.jacob, akhil.goyal, hemant.agrawal
  Cc: dev, Pablo de Lara

AEAD operation parameters can be set in the new
aead structure, in the crypto operation.
This structure is within a union with the cipher
and authentication parameters, since operations can be:
- AEAD: using the aead structure

- Cipher only: using only the cipher structure

- Auth only: using only the authentication structure

- Cipher-then-auth/Auth-then-cipher: using both cipher
  and authentication structures

Therefore, all three cannot be used at the same time.

Signed-off-by: Pablo de Lara <pablo.de.lara.guarch@intel.com>
---
 doc/guides/prog_guide/cryptodev_lib.rst |  70 +++---
 doc/guides/rel_notes/release_17_08.rst  |   1 +
 lib/librte_cryptodev/rte_crypto_sym.h   | 375 ++++++++++++++++++++------------
 3 files changed, 279 insertions(+), 167 deletions(-)

diff --git a/doc/guides/prog_guide/cryptodev_lib.rst b/doc/guides/prog_guide/cryptodev_lib.rst
index b888554..5048839 100644
--- a/doc/guides/prog_guide/cryptodev_lib.rst
+++ b/doc/guides/prog_guide/cryptodev_lib.rst
@@ -431,7 +431,6 @@ operations, as well as also supporting AEAD operations.
 
 
 Session and Session Management
-~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
 
 Session are used in symmetric cryptographic processing to store the immutable
 data defined in a cryptographic transform which is used in the operation
@@ -465,9 +464,6 @@ operation and its parameters. See the section below for details on transforms.
    struct rte_cryptodev_sym_session * rte_cryptodev_sym_session_create(
           uint8_t dev_id, struct rte_crypto_sym_xform *xform);
 
-**Note**: For AEAD operations the algorithm selected for authentication and
-ciphering must aligned, eg AES_GCM.
-
 
 Transforms and Transform Chaining
 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
@@ -533,30 +529,54 @@ chain.
             /**< Session-less API Crypto operation parameters */
         };
 
-        struct {
-            struct {
-                uint32_t offset;
-                uint32_t length;
-            } data;   /**< Data offsets and length for ciphering */
-        } cipher;
-
-        struct {
-            struct {
-                uint32_t offset;
-                uint32_t length;
-            } data;   /**< Data offsets and length for authentication */
-
+        union {
             struct {
-                uint8_t *data;
-                phys_addr_t phys_addr;
-            } digest; /**< Digest parameters */
+                struct {
+                    uint32_t offset;
+                    uint32_t length;
+                } data; /**< Data offsets and length for AEAD */
+
+                struct {
+                    uint8_t *data;
+                    phys_addr_t phys_addr;
+                } digest; /**< Digest parameters */
+
+                struct {
+                    uint8_t *data;
+                    phys_addr_t phys_addr;
+                } aad;
+                /**< Additional authentication parameters */
+            } aead;
 
             struct {
-                uint8_t *data;
-                phys_addr_t phys_addr;
-            } aad;    /**< Additional authentication parameters */
-        } auth;
-    }
+                struct {
+                    struct {
+                        uint32_t offset;
+                        uint32_t length;
+                    } data; /**< Data offsets and length for ciphering */
+                } cipher;
+
+                struct {
+                    struct {
+                        uint32_t offset;
+                        uint32_t length;
+                    } data;
+                    /**< Data offsets and length for authentication */
+
+                    struct {
+                        uint8_t *data;
+                        phys_addr_t phys_addr;
+                    } digest; /**< Digest parameters */
+
+                    struct {
+                        uint8_t *data;
+                        phys_addr_t phys_addr;
+                    } aad;
+                    /**< Additional authentication parameters */
+                } auth;
+            };
+        };
+    };
 
 
 Asymmetric Cryptography
diff --git a/doc/guides/rel_notes/release_17_08.rst b/doc/guides/rel_notes/release_17_08.rst
index b920142..2c6bef5 100644
--- a/doc/guides/rel_notes/release_17_08.rst
+++ b/doc/guides/rel_notes/release_17_08.rst
@@ -175,6 +175,7 @@ API Changes
   * Removed digest length from ``rte_crypto_sym_op``.
   * Changed field size of digest length in ``rte_crypto_auth_xform``,
     from uint32_t to uint16_t.
+  * Added AEAD structure in ``rte_crypto_sym_op``.
 
 
 ABI Changes
diff --git a/lib/librte_cryptodev/rte_crypto_sym.h b/lib/librte_cryptodev/rte_crypto_sym.h
index db3957e..f03d2fd 100644
--- a/lib/librte_cryptodev/rte_crypto_sym.h
+++ b/lib/librte_cryptodev/rte_crypto_sym.h
@@ -556,151 +556,242 @@ struct rte_crypto_sym_op {
 		/**< Session-less API crypto operation parameters */
 	};
 
-	struct {
-		struct {
-			uint32_t offset;
-			 /**< Starting point for cipher processing, specified
-			  * as number of bytes from start of data in the source
-			  * buffer. The result of the cipher operation will be
-			  * written back into the output buffer starting at
-			  * this location.
-			  *
-			  * @note
-			  * For SNOW 3G @ RTE_CRYPTO_CIPHER_SNOW3G_UEA2,
-			  * KASUMI @ RTE_CRYPTO_CIPHER_KASUMI_F8
-			  * and ZUC @ RTE_CRYPTO_CIPHER_ZUC_EEA3,
-			  * this field should be in bits.
-			  */
-
-			uint32_t length;
-			 /**< The message length, in bytes, of the source buffer
-			  * on which the cryptographic operation will be
-			  * computed. This must be a multiple of the block size
-			  * if a block cipher is being used. This is also the
-			  * same as the result length.
-			  *
-			  * @note
-			  * In the case of CCM @ref RTE_CRYPTO_AUTH_AES_CCM,
-			  * this value should not include the length of the
-			  * padding or the length of the MAC; the driver will
-			  * compute the actual number of bytes over which the
-			  * encryption will occur, which will include these
-			  * values.
-			  *
-			  * @note
-			  * For SNOW 3G @ RTE_CRYPTO_AUTH_SNOW3G_UEA2,
-			  * KASUMI @ RTE_CRYPTO_CIPHER_KASUMI_F8
-			  * and ZUC @ RTE_CRYPTO_CIPHER_ZUC_EEA3,
-			  * this field should be in bits.
-			  */
-		} data; /**< Data offsets and length for ciphering */
-
-	} cipher;
-
-	struct {
-		struct {
-			uint32_t offset;
-			 /**< Starting point for hash processing, specified as
-			  * number of bytes from start of packet in source
-			  * buffer.
-			  *
-			  * @note
-			  * For CCM and GCM modes of operation, this field is
-			  * ignored. The field @ref aad field
-			  * should be set instead.
-			  *
-			  * @note
-			  * For SNOW 3G @ RTE_CRYPTO_AUTH_SNOW3G_UIA2,
-			  * KASUMI @ RTE_CRYPTO_AUTH_KASUMI_F9
-			  * and ZUC @ RTE_CRYPTO_AUTH_ZUC_EIA3,
-			  * this field should be in bits.
-			  */
-
-			uint32_t length;
-			 /**< The message length, in bytes, of the source
-			  * buffer that the hash will be computed on.
-			  *
-			  * @note
-			  * For CCM and GCM modes of operation, this field is
-			  * ignored. The field @ref aad field should be set
-			  * instead.
-			  *
-			  * @note
-			  * For SNOW 3G @ RTE_CRYPTO_AUTH_SNOW3G_UIA2,
-			  * KASUMI @ RTE_CRYPTO_AUTH_KASUMI_F9
-			  * and ZUC @ RTE_CRYPTO_AUTH_ZUC_EIA3,
-			  * this field should be in bits.
-			  */
-		} data; /**< Data offsets and length for authentication */
-
+	union {
 		struct {
-			uint8_t *data;
-			/**< This points to the location where the digest result
-			 * should be inserted (in the case of digest generation)
-			 * or where the purported digest exists (in the case of
-			 * digest verification).
-			 *
-			 * At session creation time, the client specified the
-			 * digest result length with the digest_length member
-			 * of the @ref rte_crypto_auth_xform structure. For
-			 * physical crypto devices the caller must allocate at
-			 * least digest_length of physically contiguous memory
-			 * at this location.
-			 *
-			 * For digest generation, the digest result will
-			 * overwrite any data at this location.
-			 *
-			 * @note
-			 * For GCM (@ref RTE_CRYPTO_AUTH_AES_GCM), for
-			 * "digest result" read "authentication tag T".
-			 */
-			phys_addr_t phys_addr;
-			/**< Physical address of digest */
-		} digest; /**< Digest parameters */
+			struct {
+				uint32_t offset;
+				 /**< Starting point for AEAD processing, specified as
+				  * number of bytes from start of packet in source
+				  * buffer.
+				  */
+				uint32_t length;
+				 /**< The message length, in bytes, of the source buffer
+				  * on which the cryptographic operation will be
+				  * computed. This must be a multiple of the block size
+				  */
+			} data; /**< Data offsets and length for AEAD */
+			struct {
+				uint8_t *data;
+				/**< This points to the location where the digest result
+				 * should be inserted (in the case of digest generation)
+				 * or where the purported digest exists (in the case of
+				 * digest verification).
+				 *
+				 * At session creation time, the client specified the
+				 * digest result length with the digest_length member
+				 * of the @ref rte_crypto_auth_xform structure. For
+				 * physical crypto devices the caller must allocate at
+				 * least digest_length of physically contiguous memory
+				 * at this location.
+				 *
+				 * For digest generation, the digest result will
+				 * overwrite any data at this location.
+				 *
+				 * @note
+				 * For GCM (@ref RTE_CRYPTO_AEAD_AES_GCM), for
+				 * "digest result" read "authentication tag T".
+				 */
+				phys_addr_t phys_addr;
+				/**< Physical address of digest */
+			} digest; /**< Digest parameters */
+			struct {
+				uint8_t *data;
+				/**< Pointer to Additional Authenticated Data (AAD)
+				 * needed for authenticated cipher mechanisms (CCM and
+				 * GCM)
+				 *
+				 * Specifically for CCM (@ref RTE_CRYPTO_AEAD_AES_CCM),
+				 * the caller should setup this field as follows:
+				 *
+				 * - the nonce should be written starting at an offset
+				 * of one byte into the array, leaving room for the
+				 * implementation to write in the flags to the first
+				 * byte.
+				 *
+				 * - the additional  authentication data itself should
+				 * be written starting at an offset of 18 bytes into
+				 * the array, leaving room for the length encoding in
+				 * the first two bytes of the second block.
+				 *
+				 * - the array should be big enough to hold the above
+				 *  fields, plus any padding to round this up to the
+				 *  nearest multiple of the block size (16 bytes).
+				 *  Padding will be added by the implementation.
+				 *
+				 * Finally, for GCM (@ref RTE_CRYPTO_AEAD_AES_GCM), the
+				 * caller should setup this field as follows:
+				 *
+				 * - the AAD is written in starting at byte 0
+				 * - the array must be big enough to hold the AAD, plus
+				 * any space to round this up to the nearest multiple
+				 * of the block size (16 bytes).
+				 *
+				 */
+				phys_addr_t phys_addr;	/**< physical address */
+			} aad;
+			/**< Additional authentication parameters */
+		} aead;
 
 		struct {
-			uint8_t *data;
-			/**< Pointer to Additional Authenticated Data (AAD)
-			 * needed for authenticated cipher mechanisms (CCM and
-			 * GCM).
-			 *
-			 * The length of the data pointed to by this field is
-			 * set up for the session in the @ref
-			 * rte_crypto_auth_xform structure as part of the @ref
-			 * rte_cryptodev_sym_session_create function call.
-			 * This length must not exceed 65535 (2^16-1) bytes.
-			 *
-			 * Specifically for CCM (@ref RTE_CRYPTO_AUTH_AES_CCM),
-			 * the caller should setup this field as follows:
-			 *
-			 * - the nonce should be written starting at an offset
-			 * of one byte into the array, leaving room for the
-			 * implementation to write in the flags to the first
-			 *  byte.
-			 *
-			 * - the additional  authentication data itself should
-			 * be written starting at an offset of 18 bytes into
-			 * the array, leaving room for the length encoding in
-			 * the first two bytes of the second block.
-			 *
-			 * - the array should be big enough to hold the above
-			 *  fields, plus any padding to round this up to the
-			 *  nearest multiple of the block size (16 bytes).
-			 *  Padding will be added by the implementation.
-			 *
-			 * Finally, for GCM (@ref RTE_CRYPTO_AUTH_AES_GCM), the
-			 * caller should setup this field as follows:
-			 *
-			 * - the AAD is written in starting at byte 0
-			 * - the array must be big enough to hold the AAD, plus
-			 * any space to round this up to the nearest multiple
-			 * of the block size (16 bytes).
-			 *
-			 */
-			phys_addr_t phys_addr;	/**< physical address */
-		} aad;
-		/**< Additional authentication parameters */
-	} auth;
+			struct {
+				struct {
+					uint32_t offset;
+					 /**< Starting point for cipher processing,
+					  * specified as number of bytes from start
+					  * of data in the source buffer.
+					  * The result of the cipher operation will be
+					  * written back into the output buffer
+					  * starting at this location.
+					  *
+					  * @note
+					  * For SNOW 3G @ RTE_CRYPTO_CIPHER_SNOW3G_UEA2,
+					  * KASUMI @ RTE_CRYPTO_CIPHER_KASUMI_F8
+					  * and ZUC @ RTE_CRYPTO_CIPHER_ZUC_EEA3,
+					  * this field should be in bits.
+					  */
+					uint32_t length;
+					 /**< The message length, in bytes, of the
+					  * source buffer on which the cryptographic
+					  * operation will be computed.
+					  * This must be a multiple of the block size
+					  * if a block cipher is being used. This is
+					  * also the same as the result length.
+					  *
+					  * @note
+					  * In the case of CCM
+					  * @ref RTE_CRYPTO_AUTH_AES_CCM, this value
+					  * should not include the length of the padding
+					  * or the length of the MAC; the driver will
+					  * compute the actual number of bytes over
+					  * which the encryption will occur, which will
+					  * include these values.
+					  *
+					  * @note
+					  * For SNOW 3G @ RTE_CRYPTO_AUTH_SNOW3G_UEA2,
+					  * KASUMI @ RTE_CRYPTO_CIPHER_KASUMI_F8
+					  * and ZUC @ RTE_CRYPTO_CIPHER_ZUC_EEA3,
+					  * this field should be in bits.
+					  */
+				} data; /**< Data offsets and length for ciphering */
+			} cipher;
+
+			struct {
+				struct {
+					uint32_t offset;
+					 /**< Starting point for hash processing,
+					  * specified as number of bytes from start of
+					  * packet in source buffer.
+					  *
+					  * @note
+					  * For CCM and GCM modes of operation,
+					  * this field is ignored.
+					  * The field @ref aad field should be set
+					  * instead.
+					  *
+					  * @note
+					  * For SNOW 3G @ RTE_CRYPTO_AUTH_SNOW3G_UIA2,
+					  * KASUMI @ RTE_CRYPTO_AUTH_KASUMI_F9
+					  * and ZUC @ RTE_CRYPTO_AUTH_ZUC_EIA3,
+					  * this field should be in bits.
+					  */
+					uint32_t length;
+					 /**< The message length, in bytes, of the source
+					  * buffer that the hash will be computed on.
+					  *
+					  * @note
+					  * For CCM and GCM modes of operation,
+					  * this field is ignored. The field @ref aad
+					  * field should be set instead.
+					  *
+					  * @note
+					  * For SNOW 3G @ RTE_CRYPTO_AUTH_SNOW3G_UIA2,
+					  * KASUMI @ RTE_CRYPTO_AUTH_KASUMI_F9
+					  * and ZUC @ RTE_CRYPTO_AUTH_ZUC_EIA3,
+					  * this field should be in bits.
+					  */
+				} data;
+				/**< Data offsets and length for authentication */
+
+				struct {
+					uint8_t *data;
+					/**< This points to the location where
+					 * the digest result should be inserted
+					 * (in the case of digest generation)
+					 * or where the purported digest exists
+					 * (in the case of digest verification).
+					 *
+					 * At session creation time, the client
+					 * specified the digest result length with
+					 * the digest_length member of the
+					 * @ref rte_crypto_auth_xform structure.
+					 * For physical crypto devices the caller
+					 * must allocate at least digest_length of
+					 * physically contiguous memory at this
+					 * location.
+					 *
+					 * For digest generation, the digest result
+					 * will overwrite any data at this location.
+					 *
+					 * @note
+					 * For GCM (@ref RTE_CRYPTO_AUTH_AES_GCM), for
+					 * "digest result" read "authentication tag T".
+					 */
+					phys_addr_t phys_addr;
+					/**< Physical address of digest */
+				} digest; /**< Digest parameters */
+
+				struct {
+					uint8_t *data;
+					/**< Pointer to Additional Authenticated
+					 * Data (AAD) needed for authenticated cipher
+					 * mechanisms (CCM and GCM).
+					 *
+					 * The length of the data pointed to by this
+					 * field is set up for the session in the @ref
+					 * rte_crypto_auth_xform structure as part of
+					 * the @ref rte_cryptodev_sym_session_create
+					 * function call.
+					 * This length must not exceed 65535 (2^16-1)
+					 * bytes.
+					 *
+					 * Specifically for CCM
+					 * (@ref RTE_CRYPTO_AUTH_AES_CCM),
+					 * the caller should setup this field as follows:
+					 *
+					 * - the nonce should be written starting at
+					 * an offset of one byte into the array,
+					 * leaving room for the implementation to
+					 * write in the flags to the first byte.
+					 *
+					 * - the additional authentication data
+					 * itself should be written starting at
+					 * an offset of 18 bytes into the array,
+					 * leaving room for the length encoding in
+					 * the first two bytes of the second block.
+					 *
+					 * - the array should be big enough to hold
+					 * the above fields, plus any padding to
+					 * round this up to the nearest multiple of
+					 * the block size (16 bytes).
+					 * Padding will be added by the implementation.
+					 *
+					 * Finally, for GCM
+					 * (@ref RTE_CRYPTO_AUTH_AES_GCM), the
+					 * caller should setup this field as follows:
+					 *
+					 * - the AAD is written in starting at byte 0
+					 * - the array must be big enough to hold
+					 * the AAD, plus any space to round this up to
+					 * the nearest multiple of the block size
+					 * (16 bytes).
+					 *
+					 */
+					phys_addr_t phys_addr;	/**< physical address */
+				} aad;
+				/**< Additional authentication parameters */
+			} auth;
+		};
+	};
 };
 
 
-- 
2.9.4

^ permalink raw reply	[flat|nested] 100+ messages in thread

* [dpdk-dev] [PATCH v2 22/27] examples/l2fwd-crypto: avoid too many tabs
  2017-06-26 10:22 ` [dpdk-dev] [PATCH v2 00/27] Crypto operation restructuring Pablo de Lara
                     ` (20 preceding siblings ...)
  2017-06-26 10:22   ` [dpdk-dev] [PATCH v2 21/27] cryptodev: add AEAD parameters in crypto operation Pablo de Lara
@ 2017-06-26 10:22   ` Pablo de Lara
  2017-06-26 10:22   ` [dpdk-dev] [PATCH v2 23/27] app/test-crypto-perf: add AEAD parameters Pablo de Lara
                     ` (6 subsequent siblings)
  28 siblings, 0 replies; 100+ messages in thread
From: Pablo de Lara @ 2017-06-26 10:22 UTC (permalink / raw)
  To: declan.doherty, zbigniew.bodek, jerin.jacob, akhil.goyal, hemant.agrawal
  Cc: dev, Pablo de Lara

Some extra functions have been created to avoid
too many nested conditionals.

Signed-off-by: Pablo de Lara <pablo.de.lara.guarch@intel.com>
---
 examples/l2fwd-crypto/main.c | 125 ++++++++++++++++++++++++++-----------------
 1 file changed, 77 insertions(+), 48 deletions(-)

diff --git a/examples/l2fwd-crypto/main.c b/examples/l2fwd-crypto/main.c
index 6d88937..fb829e3 100644
--- a/examples/l2fwd-crypto/main.c
+++ b/examples/l2fwd-crypto/main.c
@@ -1556,7 +1556,8 @@ check_all_ports_link_status(uint8_t port_num, uint32_t port_mask)
 
 /* Check if device has to be HW/SW or any */
 static int
-check_type(struct l2fwd_crypto_options *options, struct rte_cryptodev_info *dev_info)
+check_type(const struct l2fwd_crypto_options *options,
+		const struct rte_cryptodev_info *dev_info)
 {
 	if (options->type == CDEV_TYPE_HW &&
 			(dev_info->feature_flags & RTE_CRYPTODEV_FF_HW_ACCELERATED))
@@ -1570,6 +1571,74 @@ check_type(struct l2fwd_crypto_options *options, struct rte_cryptodev_info *dev_
 	return -1;
 }
 
+static const struct rte_cryptodev_capabilities *
+check_device_support_cipher_algo(const struct l2fwd_crypto_options *options,
+		const struct rte_cryptodev_info *dev_info,
+		uint8_t cdev_id)
+{
+	unsigned int i = 0;
+	const struct rte_cryptodev_capabilities *cap = &dev_info->capabilities[0];
+	enum rte_crypto_cipher_algorithm cap_cipher_algo;
+	enum rte_crypto_cipher_algorithm opt_cipher_algo =
+					options->cipher_xform.cipher.algo;
+
+	while (cap->op != RTE_CRYPTO_OP_TYPE_UNDEFINED) {
+		cap_cipher_algo = cap->sym.cipher.algo;
+		if (cap->sym.xform_type == RTE_CRYPTO_SYM_XFORM_CIPHER) {
+			if (cap_cipher_algo == opt_cipher_algo) {
+				if (check_type(options, dev_info) == 0)
+					break;
+			}
+		}
+		cap = &dev_info->capabilities[++i];
+	}
+
+	if (cap->op == RTE_CRYPTO_OP_TYPE_UNDEFINED) {
+		printf("Algorithm %s not supported by cryptodev %u"
+			" or device not of preferred type (%s)\n",
+			rte_crypto_cipher_algorithm_strings[opt_cipher_algo],
+			cdev_id,
+			options->string_type);
+		return NULL;
+	}
+
+	return cap;
+}
+
+static const struct rte_cryptodev_capabilities *
+check_device_support_auth_algo(const struct l2fwd_crypto_options *options,
+		const struct rte_cryptodev_info *dev_info,
+		uint8_t cdev_id)
+{
+	unsigned int i = 0;
+	const struct rte_cryptodev_capabilities *cap = &dev_info->capabilities[0];
+	enum rte_crypto_auth_algorithm cap_auth_algo;
+	enum rte_crypto_auth_algorithm opt_auth_algo =
+					options->auth_xform.auth.algo;
+
+	while (cap->op != RTE_CRYPTO_OP_TYPE_UNDEFINED) {
+		cap_auth_algo = cap->sym.auth.algo;
+		if (cap->sym.xform_type == RTE_CRYPTO_SYM_XFORM_AUTH) {
+			if (cap_auth_algo == opt_auth_algo) {
+				if (check_type(options, dev_info) == 0)
+					break;
+			}
+		}
+		cap = &dev_info->capabilities[++i];
+	}
+
+	if (cap->op == RTE_CRYPTO_OP_TYPE_UNDEFINED) {
+		printf("Algorithm %s not supported by cryptodev %u"
+			" or device not of preferred type (%s)\n",
+			rte_crypto_auth_algorithm_strings[opt_auth_algo],
+			cdev_id,
+			options->string_type);
+		return NULL;
+	}
+
+	return cap;
+}
+
 /* Check if the device is enabled by cryptodev_mask */
 static int
 check_cryptodev_mask(struct l2fwd_crypto_options *options,
@@ -1647,12 +1716,8 @@ static int
 initialize_cryptodevs(struct l2fwd_crypto_options *options, unsigned nb_ports,
 		uint8_t *enabled_cdevs)
 {
-	unsigned i, cdev_id, cdev_count, enabled_cdev_count = 0;
+	unsigned int cdev_id, cdev_count, enabled_cdev_count = 0;
 	const struct rte_cryptodev_capabilities *cap;
-	enum rte_crypto_auth_algorithm cap_auth_algo;
-	enum rte_crypto_auth_algorithm opt_auth_algo;
-	enum rte_crypto_cipher_algorithm cap_cipher_algo;
-	enum rte_crypto_cipher_algorithm opt_cipher_algo;
 	int retval;
 
 	cdev_count = rte_cryptodev_count();
@@ -1685,29 +1750,10 @@ initialize_cryptodevs(struct l2fwd_crypto_options *options, unsigned nb_ports,
 				options->xform_chain == L2FWD_CRYPTO_HASH_CIPHER ||
 				options->xform_chain == L2FWD_CRYPTO_CIPHER_ONLY) {
 			/* Check if device supports cipher algo */
-			i = 0;
-			opt_cipher_algo = options->cipher_xform.cipher.algo;
-			cap = &dev_info.capabilities[i];
-			while (cap->op != RTE_CRYPTO_OP_TYPE_UNDEFINED) {
-				cap_cipher_algo = cap->sym.cipher.algo;
-				if (cap->sym.xform_type ==
-						RTE_CRYPTO_SYM_XFORM_CIPHER) {
-					if (cap_cipher_algo == opt_cipher_algo) {
-						if (check_type(options, &dev_info) == 0)
-							break;
-					}
-				}
-				cap = &dev_info.capabilities[++i];
-			}
-
-			if (cap->op == RTE_CRYPTO_OP_TYPE_UNDEFINED) {
-				printf("Algorithm %s not supported by cryptodev %u"
-					" or device not of preferred type (%s)\n",
-					rte_crypto_cipher_algorithm_strings[opt_cipher_algo],
-					cdev_id,
-					options->string_type);
+			cap = check_device_support_cipher_algo(options, &dev_info,
+							cdev_id);
+			if (cap == NULL)
 				continue;
-			}
 
 			options->block_size = cap->sym.cipher.block_size;
 
@@ -1762,27 +1808,10 @@ initialize_cryptodevs(struct l2fwd_crypto_options *options, unsigned nb_ports,
 				options->xform_chain == L2FWD_CRYPTO_HASH_CIPHER ||
 				options->xform_chain == L2FWD_CRYPTO_HASH_ONLY) {
 			/* Check if device supports auth algo */
-			i = 0;
-			opt_auth_algo = options->auth_xform.auth.algo;
-			cap = &dev_info.capabilities[i];
-			while (cap->op != RTE_CRYPTO_OP_TYPE_UNDEFINED) {
-				cap_auth_algo = cap->sym.auth.algo;
-				if ((cap->sym.xform_type == RTE_CRYPTO_SYM_XFORM_AUTH) &&
-						(cap_auth_algo == opt_auth_algo) &&
-						(check_type(options, &dev_info) == 0)) {
-					break;
-				}
-				cap = &dev_info.capabilities[++i];
-			}
-
-			if (cap->op == RTE_CRYPTO_OP_TYPE_UNDEFINED) {
-				printf("Algorithm %s not supported by cryptodev %u"
-					" or device not of preferred type (%s)\n",
-					rte_crypto_auth_algorithm_strings[opt_auth_algo],
-					cdev_id,
-					options->string_type);
+			cap = check_device_support_auth_algo(options, &dev_info,
+							cdev_id);
+			if (cap == NULL)
 				continue;
-			}
 
 			check_iv_param(&cap->sym.auth.iv_size,
 					options->auth_iv_param,
-- 
2.9.4

^ permalink raw reply	[flat|nested] 100+ messages in thread

* [dpdk-dev] [PATCH v2 23/27] app/test-crypto-perf: add AEAD parameters
  2017-06-26 10:22 ` [dpdk-dev] [PATCH v2 00/27] Crypto operation restructuring Pablo de Lara
                     ` (21 preceding siblings ...)
  2017-06-26 10:22   ` [dpdk-dev] [PATCH v2 22/27] examples/l2fwd-crypto: avoid too many tabs Pablo de Lara
@ 2017-06-26 10:22   ` Pablo de Lara
  2017-06-26 10:22   ` [dpdk-dev] [PATCH v2 24/27] examples/ipsec-secgw: " Pablo de Lara
                     ` (5 subsequent siblings)
  28 siblings, 0 replies; 100+ messages in thread
From: Pablo de Lara @ 2017-06-26 10:22 UTC (permalink / raw)
  To: declan.doherty, zbigniew.bodek, jerin.jacob, akhil.goyal, hemant.agrawal
  Cc: dev, Pablo de Lara

Signed-off-by: Pablo de Lara <pablo.de.lara.guarch@intel.com>
---
 app/test-crypto-perf/cperf_ops.c                 | 134 ++++++++++------------
 app/test-crypto-perf/cperf_options.h             |  22 +++-
 app/test-crypto-perf/cperf_options_parsing.c     | 138 ++++++++++++++++-------
 app/test-crypto-perf/cperf_test_latency.c        |   8 +-
 app/test-crypto-perf/cperf_test_throughput.c     |   8 +-
 app/test-crypto-perf/cperf_test_vector_parsing.c |  12 +-
 app/test-crypto-perf/cperf_test_vectors.c        | 106 ++++++++++-------
 app/test-crypto-perf/cperf_test_vectors.h        |  12 ++
 app/test-crypto-perf/cperf_test_verify.c         |  10 +-
 app/test-crypto-perf/main.c                      |  42 +++++--
 doc/guides/tools/cryptoperf.rst                  |  32 +++++-
 11 files changed, 328 insertions(+), 196 deletions(-)

diff --git a/app/test-crypto-perf/cperf_ops.c b/app/test-crypto-perf/cperf_ops.c
index b8bd397..ac4a12b 100644
--- a/app/test-crypto-perf/cperf_ops.c
+++ b/app/test-crypto-perf/cperf_ops.c
@@ -176,8 +176,6 @@ cperf_set_ops_auth(struct rte_crypto_op **ops,
 					uint8_t *, offset);
 			sym_op->auth.digest.phys_addr =
 					rte_pktmbuf_mtophys_offset(buf,	offset);
-			sym_op->auth.aad.phys_addr = test_vector->aad.phys_addr;
-			sym_op->auth.aad.data = test_vector->aad.data;
 
 		}
 
@@ -262,8 +260,6 @@ cperf_set_ops_cipher_auth(struct rte_crypto_op **ops,
 					uint8_t *, offset);
 			sym_op->auth.digest.phys_addr =
 					rte_pktmbuf_mtophys_offset(buf,	offset);
-			sym_op->auth.aad.phys_addr = test_vector->aad.phys_addr;
-			sym_op->auth.aad.data = test_vector->aad.data;
 		}
 
 		if (options->auth_algo == RTE_CRYPTO_AUTH_SNOW3G_UIA2 ||
@@ -301,23 +297,22 @@ cperf_set_ops_aead(struct rte_crypto_op **ops,
 				test_vector->cipher_iv.data,
 				test_vector->cipher_iv.length);
 
-		/* cipher parameters */
-		sym_op->cipher.data.length = options->test_buffer_size;
-		sym_op->cipher.data.offset =
-				RTE_ALIGN_CEIL(options->auth_aad_sz, 16);
+		/* AEAD parameters */
+		sym_op->aead.data.length = options->test_buffer_size;
+		sym_op->aead.data.offset =
+				RTE_ALIGN_CEIL(options->aead_aad_sz, 16);
 
-		sym_op->auth.aad.data = rte_pktmbuf_mtod(bufs_in[i], uint8_t *);
-		sym_op->auth.aad.phys_addr = rte_pktmbuf_mtophys(bufs_in[i]);
+		sym_op->aead.aad.data = rte_pktmbuf_mtod(bufs_in[i], uint8_t *);
+		sym_op->aead.aad.phys_addr = rte_pktmbuf_mtophys(bufs_in[i]);
 
-		/* authentication parameters */
-		if (options->auth_op == RTE_CRYPTO_AUTH_OP_VERIFY) {
-			sym_op->auth.digest.data = test_vector->digest.data;
-			sym_op->auth.digest.phys_addr =
+		if (options->aead_op == RTE_CRYPTO_AEAD_OP_DECRYPT) {
+			sym_op->aead.digest.data = test_vector->digest.data;
+			sym_op->aead.digest.phys_addr =
 					test_vector->digest.phys_addr;
 		} else {
 
-			uint32_t offset = sym_op->cipher.data.length +
-						sym_op->cipher.data.offset;
+			uint32_t offset = sym_op->aead.data.length +
+						sym_op->aead.data.offset;
 			struct rte_mbuf *buf, *tbuf;
 
 			if (options->out_of_place) {
@@ -333,14 +328,11 @@ cperf_set_ops_aead(struct rte_crypto_op **ops,
 				}
 			}
 
-			sym_op->auth.digest.data = rte_pktmbuf_mtod_offset(buf,
+			sym_op->aead.digest.data = rte_pktmbuf_mtod_offset(buf,
 					uint8_t *, offset);
-			sym_op->auth.digest.phys_addr =
+			sym_op->aead.digest.phys_addr =
 					rte_pktmbuf_mtophys_offset(buf,	offset);
 		}
-
-		sym_op->auth.data.length = options->test_buffer_size;
-		sym_op->auth.data.offset = options->auth_aad_sz;
 	}
 
 	return 0;
@@ -354,6 +346,7 @@ cperf_create_session(uint8_t dev_id,
 {
 	struct rte_crypto_sym_xform cipher_xform;
 	struct rte_crypto_sym_xform auth_xform;
+	struct rte_crypto_sym_xform aead_xform;
 	struct rte_cryptodev_sym_session *sess = NULL;
 
 	/*
@@ -393,9 +386,7 @@ cperf_create_session(uint8_t dev_id,
 		/* auth different than null */
 		if (options->auth_algo != RTE_CRYPTO_AUTH_NULL) {
 			auth_xform.auth.digest_length =
-					options->auth_digest_sz;
-			auth_xform.auth.add_auth_data_length =
-					options->auth_aad_sz;
+					options->digest_sz;
 			auth_xform.auth.key.length =
 					test_vector->auth_key.length;
 			auth_xform.auth.key.data = test_vector->auth_key.data;
@@ -414,9 +405,7 @@ cperf_create_session(uint8_t dev_id,
 	 * cipher and auth
 	 */
 	} else if (options->op_type == CPERF_CIPHER_THEN_AUTH
-			|| options->op_type == CPERF_AUTH_THEN_CIPHER
-			|| options->op_type == CPERF_AEAD) {
-
+			|| options->op_type == CPERF_AUTH_THEN_CIPHER) {
 		/*
 		 * cipher
 		 */
@@ -450,23 +439,12 @@ cperf_create_session(uint8_t dev_id,
 
 		/* auth different than null */
 		if (options->auth_algo != RTE_CRYPTO_AUTH_NULL) {
-			auth_xform.auth.digest_length = options->auth_digest_sz;
-			auth_xform.auth.add_auth_data_length =
-					options->auth_aad_sz;
-			/* auth options for aes gcm */
-			if (options->cipher_algo == RTE_CRYPTO_CIPHER_AES_GCM &&
-				options->auth_algo == RTE_CRYPTO_AUTH_AES_GCM) {
-				auth_xform.auth.key.length = 0;
-				auth_xform.auth.key.data = NULL;
-				auth_xform.auth.iv.length = 0;
-			} else { /* auth options for others */
-				auth_xform.auth.key.length =
+			auth_xform.auth.digest_length = options->digest_sz;
+			auth_xform.auth.iv.length = test_vector->auth_iv.length;
+			auth_xform.auth.key.length =
 					test_vector->auth_key.length;
-				auth_xform.auth.key.data =
-						test_vector->auth_key.data;
-				auth_xform.auth.iv.length =
-						test_vector->auth_iv.length;
-			}
+			auth_xform.auth.key.data =
+					test_vector->auth_key.data;
 		} else {
 			auth_xform.auth.digest_length = 0;
 			auth_xform.auth.add_auth_data_length = 0;
@@ -475,35 +453,39 @@ cperf_create_session(uint8_t dev_id,
 			auth_xform.auth.iv.length = 0;
 		}
 
-		/* create crypto session for aes gcm */
-		if (options->cipher_algo == RTE_CRYPTO_CIPHER_AES_GCM) {
-			if (options->cipher_op ==
-					RTE_CRYPTO_CIPHER_OP_ENCRYPT) {
-				cipher_xform.next = &auth_xform;
-				/* create crypto session */
-				sess = rte_cryptodev_sym_session_create(dev_id,
-					&cipher_xform);
-			} else { /* decrypt */
-				auth_xform.next = &cipher_xform;
-				/* create crypto session */
-				sess = rte_cryptodev_sym_session_create(dev_id,
-					&auth_xform);
-			}
-		} else { /* create crypto session for other */
-			/* cipher then auth */
-			if (options->op_type == CPERF_CIPHER_THEN_AUTH) {
-				cipher_xform.next = &auth_xform;
-				/* create crypto session */
-				sess = rte_cryptodev_sym_session_create(dev_id,
+		/* cipher then auth */
+		if (options->op_type == CPERF_CIPHER_THEN_AUTH) {
+			cipher_xform.next = &auth_xform;
+			/* create crypto session */
+			sess = rte_cryptodev_sym_session_create(dev_id,
 						&cipher_xform);
-			} else { /* auth then cipher */
-				auth_xform.next = &cipher_xform;
-				/* create crypto session */
-				sess = rte_cryptodev_sym_session_create(dev_id,
-						&auth_xform);
-			}
+		} else { /* auth then cipher */
+			auth_xform.next = &cipher_xform;
+			/* create crypto session */
+			sess = rte_cryptodev_sym_session_create(dev_id,
+					&auth_xform);
 		}
+	} else { /* options->op_type == CPERF_AEAD */
+		aead_xform.type = RTE_CRYPTO_SYM_XFORM_AEAD;
+		aead_xform.next = NULL;
+		aead_xform.aead.algo = options->aead_algo;
+		aead_xform.aead.op = options->aead_op;
+		aead_xform.aead.iv.offset = iv_offset;
+
+		aead_xform.aead.key.data =
+					test_vector->aead_key.data;
+		aead_xform.aead.key.length =
+					test_vector->aead_key.length;
+		aead_xform.aead.iv.length = test_vector->aead_iv.length;
+
+		aead_xform.aead.digest_length = options->digest_sz;
+		aead_xform.aead.add_auth_data_length =
+					options->aead_aad_sz;
+
+		/* Create crypto session */
+		sess = rte_cryptodev_sym_session_create(dev_id, &aead_xform);
 	}
+
 	return sess;
 }
 
@@ -515,14 +497,14 @@ cperf_get_op_functions(const struct cperf_options *options,
 
 	op_fns->sess_create = cperf_create_session;
 
-	if (options->op_type == CPERF_AEAD
-			|| options->op_type == CPERF_AUTH_THEN_CIPHER
+	if (options->op_type == CPERF_AEAD) {
+		op_fns->populate_ops = cperf_set_ops_aead;
+		return 0;
+	}
+
+	if (options->op_type == CPERF_AUTH_THEN_CIPHER
 			|| options->op_type == CPERF_CIPHER_THEN_AUTH) {
-		if (options->cipher_algo == RTE_CRYPTO_CIPHER_AES_GCM &&
-				options->auth_algo == RTE_CRYPTO_AUTH_AES_GCM)
-			op_fns->populate_ops = cperf_set_ops_aead;
-		else
-			op_fns->populate_ops = cperf_set_ops_cipher_auth;
+		op_fns->populate_ops = cperf_set_ops_cipher_auth;
 		return 0;
 	}
 	if (options->op_type == CPERF_AUTH_ONLY) {
diff --git a/app/test-crypto-perf/cperf_options.h b/app/test-crypto-perf/cperf_options.h
index 0e53c03..10cd2d8 100644
--- a/app/test-crypto-perf/cperf_options.h
+++ b/app/test-crypto-perf/cperf_options.h
@@ -29,8 +29,15 @@
 #define CPERF_AUTH_OP		("auth-op")
 #define CPERF_AUTH_KEY_SZ	("auth-key-sz")
 #define CPERF_AUTH_IV_SZ	("auth-iv-sz")
-#define CPERF_AUTH_DIGEST_SZ	("auth-digest-sz")
-#define CPERF_AUTH_AAD_SZ	("auth-aad-sz")
+
+#define CPERF_AEAD_ALGO		("aead-algo")
+#define CPERF_AEAD_OP		("aead-op")
+#define CPERF_AEAD_KEY_SZ	("aead-key-sz")
+#define CPERF_AEAD_IV_SZ	("aead-iv-sz")
+#define CPERF_AEAD_AAD_SZ	("aead-aad-sz")
+
+#define CPERF_DIGEST_SZ		("digest-sz")
+
 #define CPERF_CSV		("csv-friendly")
 
 #define MAX_LIST 32
@@ -78,8 +85,15 @@ struct cperf_options {
 
 	uint16_t auth_key_sz;
 	uint16_t auth_iv_sz;
-	uint16_t auth_digest_sz;
-	uint16_t auth_aad_sz;
+
+	enum rte_crypto_aead_algorithm aead_algo;
+	enum rte_crypto_aead_operation aead_op;
+
+	uint16_t aead_key_sz;
+	uint16_t aead_iv_sz;
+	uint16_t aead_aad_sz;
+
+	uint16_t digest_sz;
 
 	char device_type[RTE_CRYPTODEV_NAME_LEN];
 	enum cperf_op_type op_type;
diff --git a/app/test-crypto-perf/cperf_options_parsing.c b/app/test-crypto-perf/cperf_options_parsing.c
index 5c2dcff..d5bddb2 100644
--- a/app/test-crypto-perf/cperf_options_parsing.c
+++ b/app/test-crypto-perf/cperf_options_parsing.c
@@ -543,9 +543,9 @@ parse_auth_key_sz(struct cperf_options *opts, const char *arg)
 }
 
 static int
-parse_auth_digest_sz(struct cperf_options *opts, const char *arg)
+parse_digest_sz(struct cperf_options *opts, const char *arg)
 {
-	return parse_uint16_t(&opts->auth_digest_sz, arg);
+	return parse_uint16_t(&opts->digest_sz, arg);
 }
 
 static int
@@ -555,9 +555,64 @@ parse_auth_iv_sz(struct cperf_options *opts, const char *arg)
 }
 
 static int
-parse_auth_aad_sz(struct cperf_options *opts, const char *arg)
+parse_aead_algo(struct cperf_options *opts, const char *arg)
 {
-	return parse_uint16_t(&opts->auth_aad_sz, arg);
+	enum rte_crypto_aead_algorithm aead_algo;
+
+	if (rte_cryptodev_get_aead_algo_enum(&aead_algo, arg) < 0) {
+		RTE_LOG(ERR, USER1, "Invalid AEAD algorithm specified\n");
+		return -1;
+	}
+
+	opts->aead_algo = aead_algo;
+
+	return 0;
+}
+
+static int
+parse_aead_op(struct cperf_options *opts, const char *arg)
+{
+	struct name_id_map aead_op_namemap[] = {
+		{
+			rte_crypto_aead_operation_strings
+			[RTE_CRYPTO_AEAD_OP_ENCRYPT],
+			RTE_CRYPTO_AEAD_OP_ENCRYPT },
+		{
+			rte_crypto_aead_operation_strings
+			[RTE_CRYPTO_AEAD_OP_DECRYPT],
+			RTE_CRYPTO_AEAD_OP_DECRYPT
+		}
+	};
+
+	int id = get_str_key_id_mapping(aead_op_namemap,
+			RTE_DIM(aead_op_namemap), arg);
+	if (id < 0) {
+		RTE_LOG(ERR, USER1, "invalid AEAD operation specified"
+				"\n");
+		return -1;
+	}
+
+	opts->aead_op = (enum rte_crypto_aead_operation)id;
+
+	return 0;
+}
+
+static int
+parse_aead_key_sz(struct cperf_options *opts, const char *arg)
+{
+	return parse_uint16_t(&opts->aead_key_sz, arg);
+}
+
+static int
+parse_aead_iv_sz(struct cperf_options *opts, const char *arg)
+{
+	return parse_uint16_t(&opts->aead_iv_sz, arg);
+}
+
+static int
+parse_aead_aad_sz(struct cperf_options *opts, const char *arg)
+{
+	return parse_uint16_t(&opts->aead_aad_sz, arg);
 }
 
 static int
@@ -606,8 +661,17 @@ static struct option lgopts[] = {
 	{ CPERF_AUTH_OP, required_argument, 0, 0 },
 
 	{ CPERF_AUTH_KEY_SZ, required_argument, 0, 0 },
-	{ CPERF_AUTH_DIGEST_SZ, required_argument, 0, 0 },
-	{ CPERF_AUTH_AAD_SZ, required_argument, 0, 0 },
+	{ CPERF_AUTH_IV_SZ, required_argument, 0, 0 },
+
+	{ CPERF_AEAD_ALGO, required_argument, 0, 0 },
+	{ CPERF_AEAD_OP, required_argument, 0, 0 },
+
+	{ CPERF_AEAD_KEY_SZ, required_argument, 0, 0 },
+	{ CPERF_AEAD_AAD_SZ, required_argument, 0, 0 },
+	{ CPERF_AEAD_IV_SZ, required_argument, 0, 0 },
+
+	{ CPERF_DIGEST_SZ, required_argument, 0, 0 },
+
 	{ CPERF_CSV, no_argument, 0, 0},
 
 	{ NULL, 0, 0, 0 }
@@ -656,9 +720,13 @@ cperf_options_default(struct cperf_options *opts)
 	opts->auth_op = RTE_CRYPTO_AUTH_OP_GENERATE;
 
 	opts->auth_key_sz = 64;
-	opts->auth_digest_sz = 12;
 	opts->auth_iv_sz = 0;
-	opts->auth_aad_sz = 0;
+
+	opts->aead_key_sz = 0;
+	opts->aead_iv_sz = 0;
+	opts->aead_aad_sz = 0;
+
+	opts->digest_sz = 12;
 }
 
 static int
@@ -686,9 +754,13 @@ cperf_opts_parse_long(int opt_idx, struct cperf_options *opts)
 		{ CPERF_AUTH_OP,	parse_auth_op },
 		{ CPERF_AUTH_KEY_SZ,	parse_auth_key_sz },
 		{ CPERF_AUTH_IV_SZ,	parse_auth_iv_sz },
-		{ CPERF_AUTH_DIGEST_SZ,	parse_auth_digest_sz },
-		{ CPERF_AUTH_AAD_SZ,	parse_auth_aad_sz },
-		{ CPERF_CSV,	parse_csv_friendly},
+		{ CPERF_AEAD_ALGO,	parse_aead_algo },
+		{ CPERF_AEAD_OP,	parse_aead_op },
+		{ CPERF_AEAD_KEY_SZ,	parse_aead_key_sz },
+		{ CPERF_AEAD_IV_SZ,	parse_aead_iv_sz },
+		{ CPERF_AEAD_AAD_SZ,	parse_aead_aad_sz },
+		{ CPERF_DIGEST_SZ,	parse_digest_sz },
+		{ CPERF_CSV,		parse_csv_friendly},
 	};
 	unsigned int i;
 
@@ -803,30 +875,7 @@ cperf_options_check(struct cperf_options *options)
 					" options: decrypt and verify.\n");
 			return -EINVAL;
 		}
-	} else if (options->op_type == CPERF_AEAD) {
-		if (!(options->cipher_op == RTE_CRYPTO_CIPHER_OP_ENCRYPT &&
-				options->auth_op ==
-				RTE_CRYPTO_AUTH_OP_GENERATE) &&
-				!(options->cipher_op ==
-				RTE_CRYPTO_CIPHER_OP_DECRYPT &&
-				options->auth_op ==
-				RTE_CRYPTO_AUTH_OP_VERIFY)) {
-			RTE_LOG(ERR, USER1, "Use together options: encrypt and"
-					" generate or decrypt and verify.\n");
-			return -EINVAL;
-		}
-	}
-
-	if (options->cipher_algo == RTE_CRYPTO_CIPHER_AES_GCM ||
-			options->cipher_algo == RTE_CRYPTO_CIPHER_AES_CCM ||
-			options->auth_algo == RTE_CRYPTO_AUTH_AES_GCM ||
-			options->auth_algo == RTE_CRYPTO_AUTH_AES_CCM) {
-		if (options->op_type != CPERF_AEAD) {
-			RTE_LOG(ERR, USER1, "Use --optype aead\n");
-			return -EINVAL;
-		}
 	}
-
 	if (options->cipher_algo == RTE_CRYPTO_CIPHER_AES_CBC ||
 			options->cipher_algo == RTE_CRYPTO_CIPHER_AES_ECB) {
 		if (options->inc_buffer_size != 0)
@@ -914,23 +963,20 @@ cperf_options_dump(struct cperf_options *opts)
 
 	if (opts->op_type == CPERF_AUTH_ONLY ||
 			opts->op_type == CPERF_CIPHER_THEN_AUTH ||
-			opts->op_type == CPERF_AUTH_THEN_CIPHER ||
-			opts->op_type == CPERF_AEAD) {
+			opts->op_type == CPERF_AUTH_THEN_CIPHER) {
 		printf("# auth algorithm: %s\n",
 			rte_crypto_auth_algorithm_strings[opts->auth_algo]);
 		printf("# auth operation: %s\n",
 			rte_crypto_auth_operation_strings[opts->auth_op]);
 		printf("# auth key size: %u\n", opts->auth_key_sz);
 		printf("# auth iv size: %u\n", opts->auth_iv_sz);
-		printf("# auth digest size: %u\n", opts->auth_digest_sz);
-		printf("# auth aad size: %u\n", opts->auth_aad_sz);
+		printf("# auth digest size: %u\n", opts->digest_sz);
 		printf("#\n");
 	}
 
 	if (opts->op_type == CPERF_CIPHER_ONLY ||
 			opts->op_type == CPERF_CIPHER_THEN_AUTH ||
-			opts->op_type == CPERF_AUTH_THEN_CIPHER ||
-			opts->op_type == CPERF_AEAD) {
+			opts->op_type == CPERF_AUTH_THEN_CIPHER) {
 		printf("# cipher algorithm: %s\n",
 			rte_crypto_cipher_algorithm_strings[opts->cipher_algo]);
 		printf("# cipher operation: %s\n",
@@ -939,4 +985,16 @@ cperf_options_dump(struct cperf_options *opts)
 		printf("# cipher iv size: %u\n", opts->cipher_iv_sz);
 		printf("#\n");
 	}
+
+	if (opts->op_type == CPERF_AEAD) {
+		printf("# aead algorithm: %s\n",
+			rte_crypto_aead_algorithm_strings[opts->aead_algo]);
+		printf("# aead operation: %s\n",
+			rte_crypto_aead_operation_strings[opts->aead_op]);
+		printf("# aead key size: %u\n", opts->aead_key_sz);
+		printf("# aead iv size: %u\n", opts->aead_iv_sz);
+		printf("# aead digest size: %u\n", opts->digest_sz);
+		printf("# aead aad size: %u\n", opts->aead_aad_sz);
+		printf("#\n");
+	}
 }
diff --git a/app/test-crypto-perf/cperf_test_latency.c b/app/test-crypto-perf/cperf_test_latency.c
index f828366..16c114b 100644
--- a/app/test-crypto-perf/cperf_test_latency.c
+++ b/app/test-crypto-perf/cperf_test_latency.c
@@ -167,14 +167,14 @@ cperf_mbuf_create(struct rte_mempool *mempool,
 
 	if (options->op_type != CPERF_CIPHER_ONLY) {
 		mbuf_data = (uint8_t *)rte_pktmbuf_append(mbuf,
-			options->auth_digest_sz);
+			options->digest_sz);
 		if (mbuf_data == NULL)
 			goto error;
 	}
 
 	if (options->op_type == CPERF_AEAD) {
 		uint8_t *aead = (uint8_t *)rte_pktmbuf_prepend(mbuf,
-			RTE_ALIGN_CEIL(options->auth_aad_sz, 16));
+			RTE_ALIGN_CEIL(options->aead_aad_sz, 16));
 
 		if (aead == NULL)
 			goto error;
@@ -229,7 +229,7 @@ cperf_latency_test_constructor(uint8_t dev_id, uint16_t qp_id,
 			RTE_CACHE_LINE_ROUNDUP(
 				(options->max_buffer_size / options->segments_nb) +
 				(options->max_buffer_size % options->segments_nb) +
-					options->auth_digest_sz),
+					options->digest_sz),
 			rte_socket_id());
 
 	if (ctx->pkt_mbuf_pool_in == NULL)
@@ -259,7 +259,7 @@ cperf_latency_test_constructor(uint8_t dev_id, uint16_t qp_id,
 				RTE_PKTMBUF_HEADROOM +
 				RTE_CACHE_LINE_ROUNDUP(
 					options->max_buffer_size +
-					options->auth_digest_sz),
+					options->digest_sz),
 				rte_socket_id());
 
 		if (ctx->pkt_mbuf_pool_out == NULL)
diff --git a/app/test-crypto-perf/cperf_test_throughput.c b/app/test-crypto-perf/cperf_test_throughput.c
index 1e3f3b3..1ff1560 100644
--- a/app/test-crypto-perf/cperf_test_throughput.c
+++ b/app/test-crypto-perf/cperf_test_throughput.c
@@ -151,14 +151,14 @@ cperf_mbuf_create(struct rte_mempool *mempool,
 
 	if (options->op_type != CPERF_CIPHER_ONLY) {
 		mbuf_data = (uint8_t *)rte_pktmbuf_append(mbuf,
-				options->auth_digest_sz);
+				options->digest_sz);
 		if (mbuf_data == NULL)
 			goto error;
 	}
 
 	if (options->op_type == CPERF_AEAD) {
 		uint8_t *aead = (uint8_t *)rte_pktmbuf_prepend(mbuf,
-			RTE_ALIGN_CEIL(options->auth_aad_sz, 16));
+			RTE_ALIGN_CEIL(options->aead_aad_sz, 16));
 
 		if (aead == NULL)
 			goto error;
@@ -212,7 +212,7 @@ cperf_throughput_test_constructor(uint8_t dev_id, uint16_t qp_id,
 			RTE_CACHE_LINE_ROUNDUP(
 				(options->max_buffer_size / options->segments_nb) +
 				(options->max_buffer_size % options->segments_nb) +
-					options->auth_digest_sz),
+					options->digest_sz),
 			rte_socket_id());
 
 	if (ctx->pkt_mbuf_pool_in == NULL)
@@ -240,7 +240,7 @@ cperf_throughput_test_constructor(uint8_t dev_id, uint16_t qp_id,
 				RTE_PKTMBUF_HEADROOM +
 				RTE_CACHE_LINE_ROUNDUP(
 					options->max_buffer_size +
-					options->auth_digest_sz),
+					options->digest_sz),
 				rte_socket_id());
 
 		if (ctx->pkt_mbuf_pool_out == NULL)
diff --git a/app/test-crypto-perf/cperf_test_vector_parsing.c b/app/test-crypto-perf/cperf_test_vector_parsing.c
index 277ff1e..e462d2c 100644
--- a/app/test-crypto-perf/cperf_test_vector_parsing.c
+++ b/app/test-crypto-perf/cperf_test_vector_parsing.c
@@ -363,12 +363,12 @@ parse_entry(char *entry, struct cperf_test_vector *vector,
 		if (tc_found)
 			vector->aad.length = data_length;
 		else {
-			if (opts->auth_aad_sz > data_length) {
+			if (opts->aead_aad_sz > data_length) {
 				printf("Global aad shorter than "
-					"auth_aad_sz\n");
+					"aead_aad_sz\n");
 				return -1;
 			}
-			vector->aad.length = opts->auth_aad_sz;
+			vector->aad.length = opts->aead_aad_sz;
 		}
 
 	} else if (strstr(key_token, "digest")) {
@@ -379,12 +379,12 @@ parse_entry(char *entry, struct cperf_test_vector *vector,
 		if (tc_found)
 			vector->digest.length = data_length;
 		else {
-			if (opts->auth_digest_sz > data_length) {
+			if (opts->digest_sz > data_length) {
 				printf("Global digest shorter than "
-					"auth_digest_sz\n");
+					"digest_sz\n");
 				return -1;
 			}
-			vector->digest.length = opts->auth_digest_sz;
+			vector->digest.length = opts->digest_sz;
 		}
 	} else {
 		printf("Not valid key: '%s'\n", trim_space(key_token));
diff --git a/app/test-crypto-perf/cperf_test_vectors.c b/app/test-crypto-perf/cperf_test_vectors.c
index 2e5339c..03bc995 100644
--- a/app/test-crypto-perf/cperf_test_vectors.c
+++ b/app/test-crypto-perf/cperf_test_vectors.c
@@ -385,6 +385,13 @@ uint8_t auth_key[] = {
 	0x78, 0x79, 0x7A, 0x7B, 0x7C, 0x7D, 0x7E, 0x7F
 };
 
+/* AEAD key */
+uint8_t aead_key[] = {
+	0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07, 0x08, 0x09, 0x0A, 0x0B,
+	0x0C, 0x0D, 0x0E, 0x0F, 0x10, 0x11, 0x12, 0x13, 0x14, 0x15, 0x16, 0x17,
+	0x18, 0x19, 0x1A, 0x1B, 0x1C, 0x1D, 0x1E, 0x1F
+};
+
 /* Digests */
 uint8_t digest[2048] = { 0x00 };
 
@@ -403,8 +410,7 @@ cperf_test_vector_get_dummy(struct cperf_options *options)
 
 	if (options->op_type ==	CPERF_CIPHER_ONLY ||
 			options->op_type == CPERF_CIPHER_THEN_AUTH ||
-			options->op_type == CPERF_AUTH_THEN_CIPHER ||
-			options->op_type == CPERF_AEAD) {
+			options->op_type == CPERF_AUTH_THEN_CIPHER) {
 		if (options->cipher_algo == RTE_CRYPTO_CIPHER_NULL) {
 			t_vec->cipher_key.length = 0;
 			t_vec->ciphertext.data = plaintext;
@@ -441,40 +447,32 @@ cperf_test_vector_get_dummy(struct cperf_options *options)
 
 	if (options->op_type ==	CPERF_AUTH_ONLY ||
 			options->op_type == CPERF_CIPHER_THEN_AUTH ||
-			options->op_type == CPERF_AUTH_THEN_CIPHER ||
-			options->op_type == CPERF_AEAD) {
-		uint8_t aad_alloc = 0;
-
-		t_vec->auth_key.length = options->auth_key_sz;
-
-		switch (options->auth_algo) {
-		case RTE_CRYPTO_AUTH_NULL:
-			t_vec->auth_key.data = NULL;
-			aad_alloc = 0;
-			break;
-		case RTE_CRYPTO_AUTH_AES_GCM:
+			options->op_type == CPERF_AUTH_THEN_CIPHER) {
+		if (options->auth_algo == RTE_CRYPTO_AUTH_NULL) {
+			t_vec->auth_key.length = 0;
 			t_vec->auth_key.data = NULL;
-			aad_alloc = 1;
-			break;
-		default:
+			t_vec->digest.data = NULL;
+			t_vec->digest.length = 0;
+		} else {
+			t_vec->auth_key.length = options->auth_key_sz;
 			t_vec->auth_key.data = auth_key;
-			aad_alloc = 0;
-			break;
-		}
 
-		if (aad_alloc && options->auth_aad_sz) {
-			t_vec->aad.data = rte_malloc(NULL,
-					options->auth_aad_sz, 16);
-			if (t_vec->aad.data == NULL) {
-				if (options->op_type !=	CPERF_AUTH_ONLY)
-					rte_free(t_vec->cipher_iv.data);
+			t_vec->digest.data = rte_malloc(NULL,
+					options->digest_sz,
+					16);
+			if (t_vec->digest.data == NULL) {
+				rte_free(t_vec->cipher_iv.data);
 				rte_free(t_vec);
 				return NULL;
 			}
-			memcpy(t_vec->aad.data, aad, options->auth_aad_sz);
-		} else {
-			t_vec->aad.data = NULL;
+			t_vec->digest.phys_addr =
+				rte_malloc_virt2phy(t_vec->digest.data);
+			t_vec->digest.length = options->digest_sz;
+			memcpy(t_vec->digest.data, digest,
+					options->digest_sz);
 		}
+		t_vec->data.auth_offset = 0;
+		t_vec->data.auth_length = options->max_buffer_size;
 
 		/* Set IV parameters */
 		t_vec->auth_iv.data = rte_malloc(NULL, options->auth_iv_sz,
@@ -487,26 +485,52 @@ cperf_test_vector_get_dummy(struct cperf_options *options)
 		}
 		memcpy(t_vec->auth_iv.data, iv, options->auth_iv_sz);
 		t_vec->auth_iv.length = options->auth_iv_sz;
+	}
 
-		t_vec->aad.phys_addr = rte_malloc_virt2phy(t_vec->aad.data);
-		t_vec->aad.length = options->auth_aad_sz;
-		t_vec->digest.data = rte_malloc(NULL, options->auth_digest_sz,
-				16);
+	if (options->op_type == CPERF_AEAD) {
+		t_vec->aead_key.length = options->aead_key_sz;
+		t_vec->aead_key.data = aead_key;
+
+		if (options->aead_aad_sz) {
+			t_vec->aad.data = rte_malloc(NULL,
+					options->aead_aad_sz, 16);
+			if (t_vec->aad.data == NULL) {
+				rte_free(t_vec);
+				return NULL;
+			}
+			memcpy(t_vec->aad.data, aad, options->aead_aad_sz);
+			t_vec->aad.phys_addr = rte_malloc_virt2phy(t_vec->aad.data);
+			t_vec->aad.length = options->aead_aad_sz;
+		} else {
+			t_vec->aad.data = NULL;
+			t_vec->aad.length = 0;
+		}
+
+		t_vec->digest.data = rte_malloc(NULL, options->digest_sz,
+						16);
 		if (t_vec->digest.data == NULL) {
-			if (options->op_type !=	CPERF_AUTH_ONLY)
-				rte_free(t_vec->cipher_iv.data);
-			rte_free(t_vec->auth_iv.data);
 			rte_free(t_vec->aad.data);
 			rte_free(t_vec);
 			return NULL;
 		}
 		t_vec->digest.phys_addr =
 				rte_malloc_virt2phy(t_vec->digest.data);
-		t_vec->digest.length = options->auth_digest_sz;
-		memcpy(t_vec->digest.data, digest, options->auth_digest_sz);
-		t_vec->data.auth_offset = 0;
-		t_vec->data.auth_length = options->max_buffer_size;
-	}
+		t_vec->digest.length = options->digest_sz;
+		memcpy(t_vec->digest.data, digest, options->digest_sz);
+		t_vec->data.aead_offset = 0;
+		t_vec->data.aead_length = options->max_buffer_size;
 
+		/* Set IV parameters */
+		t_vec->aead_iv.data = rte_malloc(NULL, options->aead_iv_sz,
+				16);
+		if (options->aead_iv_sz && t_vec->aead_iv.data == NULL) {
+			rte_free(t_vec->aad.data);
+			rte_free(t_vec->digest.data);
+			rte_free(t_vec);
+			return NULL;
+		}
+		memcpy(t_vec->aead_iv.data, iv, options->aead_iv_sz);
+		t_vec->aead_iv.length = options->aead_iv_sz;
+	}
 	return t_vec;
 }
diff --git a/app/test-crypto-perf/cperf_test_vectors.h b/app/test-crypto-perf/cperf_test_vectors.h
index 7f9c4fa..8595570 100644
--- a/app/test-crypto-perf/cperf_test_vectors.h
+++ b/app/test-crypto-perf/cperf_test_vectors.h
@@ -54,6 +54,11 @@ struct cperf_test_vector {
 	struct {
 		uint8_t *data;
 		uint16_t length;
+	} aead_key;
+
+	struct {
+		uint8_t *data;
+		uint16_t length;
 	} cipher_iv;
 
 	struct {
@@ -63,6 +68,11 @@ struct cperf_test_vector {
 
 	struct {
 		uint8_t *data;
+		uint16_t length;
+	} aead_iv;
+
+	struct {
+		uint8_t *data;
 		uint32_t length;
 	} ciphertext;
 
@@ -83,6 +93,8 @@ struct cperf_test_vector {
 		uint32_t auth_length;
 		uint32_t cipher_offset;
 		uint32_t cipher_length;
+		uint32_t aead_offset;
+		uint32_t aead_length;
 	} data;
 };
 
diff --git a/app/test-crypto-perf/cperf_test_verify.c b/app/test-crypto-perf/cperf_test_verify.c
index 81057ff..bba8019 100644
--- a/app/test-crypto-perf/cperf_test_verify.c
+++ b/app/test-crypto-perf/cperf_test_verify.c
@@ -155,14 +155,14 @@ cperf_mbuf_create(struct rte_mempool *mempool,
 
 	if (options->op_type != CPERF_CIPHER_ONLY) {
 		mbuf_data = (uint8_t *)rte_pktmbuf_append(mbuf,
-				options->auth_digest_sz);
+				options->digest_sz);
 		if (mbuf_data == NULL)
 			goto error;
 	}
 
 	if (options->op_type == CPERF_AEAD) {
 		uint8_t *aead = (uint8_t *)rte_pktmbuf_prepend(mbuf,
-			RTE_ALIGN_CEIL(options->auth_aad_sz, 16));
+			RTE_ALIGN_CEIL(options->aead_aad_sz, 16));
 
 		if (aead == NULL)
 			goto error;
@@ -216,7 +216,7 @@ cperf_verify_test_constructor(uint8_t dev_id, uint16_t qp_id,
 			RTE_CACHE_LINE_ROUNDUP(
 				(options->max_buffer_size / options->segments_nb) +
 				(options->max_buffer_size % options->segments_nb) +
-					options->auth_digest_sz),
+					options->digest_sz),
 			rte_socket_id());
 
 	if (ctx->pkt_mbuf_pool_in == NULL)
@@ -244,7 +244,7 @@ cperf_verify_test_constructor(uint8_t dev_id, uint16_t qp_id,
 				RTE_PKTMBUF_HEADROOM +
 				RTE_CACHE_LINE_ROUNDUP(
 					options->max_buffer_size +
-					options->auth_digest_sz),
+					options->digest_sz),
 				rte_socket_id());
 
 		if (ctx->pkt_mbuf_pool_out == NULL)
@@ -379,7 +379,7 @@ cperf_verify_op(struct rte_crypto_op *op,
 		if (options->auth_op == RTE_CRYPTO_AUTH_OP_GENERATE)
 			res += memcmp(data + auth_offset,
 					vector->digest.data,
-					options->auth_digest_sz);
+					options->digest_sz);
 	}
 
 	return !!res;
diff --git a/app/test-crypto-perf/main.c b/app/test-crypto-perf/main.c
index cf4fa4f..f78c653 100644
--- a/app/test-crypto-perf/main.c
+++ b/app/test-crypto-perf/main.c
@@ -123,8 +123,7 @@ cperf_verify_devices_capabilities(struct cperf_options *opts,
 
 		if (opts->op_type == CPERF_AUTH_ONLY ||
 				opts->op_type == CPERF_CIPHER_THEN_AUTH ||
-				opts->op_type == CPERF_AUTH_THEN_CIPHER ||
-				opts->op_type == CPERF_AEAD)  {
+				opts->op_type == CPERF_AUTH_THEN_CIPHER) {
 
 			cap_idx.type = RTE_CRYPTO_SYM_XFORM_AUTH;
 			cap_idx.algo.auth = opts->auth_algo;
@@ -137,8 +136,8 @@ cperf_verify_devices_capabilities(struct cperf_options *opts,
 			ret = rte_cryptodev_sym_capability_check_auth(
 					capability,
 					opts->auth_key_sz,
-					opts->auth_digest_sz,
-					opts->auth_aad_sz,
+					opts->digest_sz,
+					0,
 					opts->auth_iv_sz);
 			if (ret != 0)
 				return ret;
@@ -146,8 +145,7 @@ cperf_verify_devices_capabilities(struct cperf_options *opts,
 
 		if (opts->op_type == CPERF_CIPHER_ONLY ||
 				opts->op_type == CPERF_CIPHER_THEN_AUTH ||
-				opts->op_type == CPERF_AUTH_THEN_CIPHER ||
-				opts->op_type == CPERF_AEAD) {
+				opts->op_type == CPERF_AUTH_THEN_CIPHER) {
 
 			cap_idx.type = RTE_CRYPTO_SYM_XFORM_CIPHER;
 			cap_idx.algo.cipher = opts->cipher_algo;
@@ -164,6 +162,26 @@ cperf_verify_devices_capabilities(struct cperf_options *opts,
 			if (ret != 0)
 				return ret;
 		}
+
+		if (opts->op_type == CPERF_AEAD) {
+
+			cap_idx.type = RTE_CRYPTO_SYM_XFORM_AEAD;
+			cap_idx.algo.aead = opts->aead_algo;
+
+			capability = rte_cryptodev_sym_capability_get(cdev_id,
+					&cap_idx);
+			if (capability == NULL)
+				return -1;
+
+			ret = rte_cryptodev_sym_capability_check_aead(
+					capability,
+					opts->aead_key_sz,
+					opts->digest_sz,
+					opts->aead_aad_sz,
+					opts->aead_iv_sz);
+			if (ret != 0)
+				return ret;
+		}
 	}
 
 	return 0;
@@ -212,7 +230,7 @@ cperf_check_test_vector(struct cperf_options *opts,
 				return -1;
 			if (test_vec->digest.data == NULL)
 				return -1;
-			if (test_vec->digest.length < opts->auth_digest_sz)
+			if (test_vec->digest.length < opts->digest_sz)
 				return -1;
 		}
 
@@ -253,7 +271,7 @@ cperf_check_test_vector(struct cperf_options *opts,
 				return -1;
 			if (test_vec->digest.data == NULL)
 				return -1;
-			if (test_vec->digest.length < opts->auth_digest_sz)
+			if (test_vec->digest.length < opts->digest_sz)
 				return -1;
 		}
 	} else if (opts->op_type == CPERF_AEAD) {
@@ -265,17 +283,17 @@ cperf_check_test_vector(struct cperf_options *opts,
 			return -1;
 		if (test_vec->ciphertext.length < opts->max_buffer_size)
 			return -1;
-		if (test_vec->cipher_iv.data == NULL)
+		if (test_vec->aead_iv.data == NULL)
 			return -1;
-		if (test_vec->cipher_iv.length != opts->cipher_iv_sz)
+		if (test_vec->aead_iv.length != opts->aead_iv_sz)
 			return -1;
 		if (test_vec->aad.data == NULL)
 			return -1;
-		if (test_vec->aad.length != opts->auth_aad_sz)
+		if (test_vec->aad.length != opts->aead_aad_sz)
 			return -1;
 		if (test_vec->digest.data == NULL)
 			return -1;
-		if (test_vec->digest.length < opts->auth_digest_sz)
+		if (test_vec->digest.length < opts->digest_sz)
 			return -1;
 	}
 	return 0;
diff --git a/doc/guides/tools/cryptoperf.rst b/doc/guides/tools/cryptoperf.rst
index c0accfc..6b797a7 100644
--- a/doc/guides/tools/cryptoperf.rst
+++ b/doc/guides/tools/cryptoperf.rst
@@ -294,13 +294,37 @@ The following are the appication command-line options:
 
         Set the size of auth iv.
 
-* ``--auth-digest-sz <n>``
+* ``--aead-algo <name>``
 
-        Set the size of authentication digest.
+        Set AEAD algorithm name, where ``name`` is one
+        of the following::
+
+           aes-ccm
+           aes-gcm
+
+* ``--aead-op <mode>``
+
+        Set AEAD operation mode, where ``mode`` is one of
+        the following::
+
+           encrypt
+           decrypt
+
+* ``--aead-key-sz <n>``
+
+        Set the size of AEAD key.
+
+* ``--aead-iv-sz <n>``
+
+        Set the size of AEAD iv.
+
+* ``--aead-aad-sz <n>``
+
+        Set the size of AEAD aad.
 
-* ``--auth-aad-sz <n>``
+* ``--digest-sz <n>``
 
-        Set the size of authentication aad.
+        Set the size of digest.
 
 * ``--csv-friendly``
 
-- 
2.9.4

^ permalink raw reply	[flat|nested] 100+ messages in thread

* [dpdk-dev] [PATCH v2 24/27] examples/ipsec-secgw: add AEAD parameters
  2017-06-26 10:22 ` [dpdk-dev] [PATCH v2 00/27] Crypto operation restructuring Pablo de Lara
                     ` (22 preceding siblings ...)
  2017-06-26 10:22   ` [dpdk-dev] [PATCH v2 23/27] app/test-crypto-perf: add AEAD parameters Pablo de Lara
@ 2017-06-26 10:22   ` Pablo de Lara
  2017-06-26 10:22   ` [dpdk-dev] [PATCH v2 25/27] examples/l2fwd-crypto: " Pablo de Lara
                     ` (4 subsequent siblings)
  28 siblings, 0 replies; 100+ messages in thread
From: Pablo de Lara @ 2017-06-26 10:22 UTC (permalink / raw)
  To: declan.doherty, zbigniew.bodek, jerin.jacob, akhil.goyal, hemant.agrawal
  Cc: dev, Pablo de Lara

Signed-off-by: Pablo de Lara <pablo.de.lara.guarch@intel.com>
---
 doc/guides/sample_app_ug/ipsec_secgw.rst |  32 +++++++--
 examples/ipsec-secgw/ipsec.h             |   1 +
 examples/ipsec-secgw/sa.c                | 116 +++++++++++++++++++++++++++++--
 3 files changed, 139 insertions(+), 10 deletions(-)

diff --git a/doc/guides/sample_app_ug/ipsec_secgw.rst b/doc/guides/sample_app_ug/ipsec_secgw.rst
index 885c77e..ca2a34d 100644
--- a/doc/guides/sample_app_ug/ipsec_secgw.rst
+++ b/doc/guides/sample_app_ug/ipsec_secgw.rst
@@ -412,7 +412,7 @@ where each options means:
 
  * Cipher algorithm
 
- * Optional: No
+ * Optional: Yes, unless <aead_algo> is not used
 
  * Available options:
 
@@ -427,7 +427,8 @@ where each options means:
 
  * Cipher key, NOT available when 'null' algorithm is used
 
- * Optional: No, must followed by <cipher_algo> option
+ * Optional: Yes, unless <aead_algo> is not used.
+   Must be followed by <cipher_algo> option
 
  * Syntax: Hexadecimal bytes (0x0-0xFF) concatenate by colon symbol ':'.
    The number of bytes should be as same as the specified cipher algorithm
@@ -440,7 +441,7 @@ where each options means:
 
  * Authentication algorithm
 
- * Optional: No
+ * Optional: Yes, unless <aead_algo> is not used
 
  * Available options:
 
@@ -453,7 +454,8 @@ where each options means:
  * Authentication key, NOT available when 'null' or 'aes-128-gcm' algorithm
    is used.
 
- * Optional: No, must followed by <auth_algo> option
+ * Optional: Yes, unless <aead_algo> is not used.
+   Must be followed by <auth_algo> option
 
  * Syntax: Hexadecimal bytes (0x0-0xFF) concatenate by colon symbol ':'.
    The number of bytes should be as same as the specified authentication
@@ -462,6 +464,28 @@ where each options means:
    For example: *auth_key A1:B2:C3:D4:A1:B2:C3:D4:A1:B2:C3:D4:A1:B2:C3:D4:
    A1:B2:C3:D4*
 
+``<aead_algo>``
+
+ * AEAD algorithm
+
+ * Optional: Yes, unless <cipher_algo> and <auth_algo> are not used
+
+ * Syntax: *cipher_algo <your algorithm>*
+
+``<aead_key>``
+
+ * Cipher key, NOT available when 'null' algorithm is used
+
+ * Optional: Yes, unless <cipher_algo> and <auth_algo> are not used.
+   Must be followed by <aead_algo> option
+
+ * Syntax: Hexadecimal bytes (0x0-0xFF) concatenate by colon symbol ':'.
+   The number of bytes should be as same as the specified AEAD algorithm
+   key size.
+
+   For example: *aead_key A1:B2:C3:D4:A1:B2:C3:D4:A1:B2:C3:D4:
+   A1:B2:C3:D4*
+
 ``<mode>``
 
  * The operation mode
diff --git a/examples/ipsec-secgw/ipsec.h b/examples/ipsec-secgw/ipsec.h
index 405cf3d..f8569ca 100644
--- a/examples/ipsec-secgw/ipsec.h
+++ b/examples/ipsec-secgw/ipsec.h
@@ -103,6 +103,7 @@ struct ipsec_sa {
 	struct rte_cryptodev_sym_session *crypto_session;
 	enum rte_crypto_cipher_algorithm cipher_algo;
 	enum rte_crypto_auth_algorithm auth_algo;
+	enum rte_crypto_aead_algorithm aead_algo;
 	uint16_t digest_len;
 	uint16_t iv_len;
 	uint16_t block_size;
diff --git a/examples/ipsec-secgw/sa.c b/examples/ipsec-secgw/sa.c
index 85e4d4e..9d80bd3 100644
--- a/examples/ipsec-secgw/sa.c
+++ b/examples/ipsec-secgw/sa.c
@@ -68,6 +68,17 @@ struct supported_auth_algo {
 	uint8_t key_not_req;
 };
 
+struct supported_aead_algo {
+	const char *keyword;
+	enum rte_crypto_aead_algorithm algo;
+	uint16_t iv_len;
+	uint16_t block_size;
+	uint16_t digest_len;
+	uint16_t key_len;
+	uint8_t aad_len;
+};
+
+
 const struct supported_cipher_algo cipher_algos[] = {
 	{
 		.keyword = "null",
@@ -128,6 +139,8 @@ const struct supported_auth_algo auth_algos[] = {
 	}
 };
 
+const struct supported_aead_algo aead_algos[] = { { } };
+
 struct ipsec_sa sa_out[IPSEC_SA_MAX_ENTRIES];
 uint32_t nb_sa_out;
 
@@ -166,6 +179,22 @@ find_match_auth_algo(const char *auth_keyword)
 	return NULL;
 }
 
+static const struct supported_aead_algo *
+find_match_aead_algo(const char *aead_keyword)
+{
+	size_t i;
+
+	for (i = 0; i < RTE_DIM(aead_algos); i++) {
+		const struct supported_aead_algo *algo =
+			&aead_algos[i];
+
+		if (strcmp(aead_keyword, algo->keyword) == 0)
+			return algo;
+	}
+
+	return NULL;
+}
+
 /** parse_key_string
  *  parse x:x:x:x.... hex number key string into uint8_t *key
  *  return:
@@ -210,6 +239,7 @@ parse_sa_tokens(char **tokens, uint32_t n_tokens,
 	uint32_t *ri /*rule index*/;
 	uint32_t cipher_algo_p = 0;
 	uint32_t auth_algo_p = 0;
+	uint32_t aead_algo_p = 0;
 	uint32_t src_p = 0;
 	uint32_t dst_p = 0;
 	uint32_t mode_p = 0;
@@ -386,6 +416,61 @@ parse_sa_tokens(char **tokens, uint32_t n_tokens,
 			continue;
 		}
 
+		if (strcmp(tokens[ti], "aead_algo") == 0) {
+			const struct supported_aead_algo *algo;
+			uint32_t key_len;
+
+			APP_CHECK_PRESENCE(aead_algo_p, tokens[ti],
+				status);
+			if (status->status < 0)
+				return;
+
+			INCREMENT_TOKEN_INDEX(ti, n_tokens, status);
+			if (status->status < 0)
+				return;
+
+			algo = find_match_aead_algo(tokens[ti]);
+
+			APP_CHECK(algo != NULL, status, "unrecognized "
+				"input \"%s\"", tokens[ti]);
+
+			rule->aead_algo = algo->algo;
+			rule->cipher_key_len = algo->key_len;
+			rule->digest_len = algo->digest_len;
+			rule->aad_len = algo->key_len;
+			rule->block_size = algo->block_size;
+			rule->iv_len = algo->iv_len;
+
+			INCREMENT_TOKEN_INDEX(ti, n_tokens, status);
+			if (status->status < 0)
+				return;
+
+			APP_CHECK(strcmp(tokens[ti], "aead_key") == 0,
+				status, "unrecognized input \"%s\", "
+				"expect \"aead_key\"", tokens[ti]);
+			if (status->status < 0)
+				return;
+
+			INCREMENT_TOKEN_INDEX(ti, n_tokens, status);
+			if (status->status < 0)
+				return;
+
+			key_len = parse_key_string(tokens[ti],
+				rule->cipher_key);
+			APP_CHECK(key_len == rule->cipher_key_len, status,
+				"unrecognized input \"%s\"", tokens[ti]);
+			if (status->status < 0)
+				return;
+
+			key_len -= 4;
+			rule->cipher_key_len = key_len;
+			memcpy(&rule->salt,
+				&rule->cipher_key[key_len], 4);
+
+			aead_algo_p = 1;
+			continue;
+		}
+
 		if (strcmp(tokens[ti], "src") == 0) {
 			APP_CHECK_PRESENCE(src_p, tokens[ti], status);
 			if (status->status < 0)
@@ -477,13 +562,25 @@ parse_sa_tokens(char **tokens, uint32_t n_tokens,
 		return;
 	}
 
-	APP_CHECK(cipher_algo_p == 1, status, "missing cipher options");
-	if (status->status < 0)
-		return;
+	if (aead_algo_p) {
+		APP_CHECK(cipher_algo_p == 0, status,
+				"AEAD used, no need for cipher options");
+		if (status->status < 0)
+			return;
 
-	APP_CHECK(auth_algo_p == 1, status, "missing auth options");
-	if (status->status < 0)
-		return;
+		APP_CHECK(auth_algo_p == 0, status,
+				"AEAD used, no need for auth options");
+		if (status->status < 0)
+			return;
+	} else {
+		APP_CHECK(cipher_algo_p == 1, status, "missing cipher or AEAD options");
+		if (status->status < 0)
+			return;
+
+		APP_CHECK(auth_algo_p == 1, status, "missing auth or AEAD options");
+		if (status->status < 0)
+			return;
+	}
 
 	APP_CHECK(mode_p == 1, status, "missing mode option");
 	if (status->status < 0)
@@ -514,6 +611,13 @@ print_one_sa_rule(const struct ipsec_sa *sa, int inbound)
 		}
 	}
 
+	for (i = 0; i < RTE_DIM(aead_algos); i++) {
+		if (aead_algos[i].algo == sa->aead_algo) {
+			printf("%s ", aead_algos[i].keyword);
+			break;
+		}
+	}
+
 	printf("mode:");
 
 	switch (sa->flags) {
-- 
2.9.4

^ permalink raw reply	[flat|nested] 100+ messages in thread

* [dpdk-dev] [PATCH v2 25/27] examples/l2fwd-crypto: add AEAD parameters
  2017-06-26 10:22 ` [dpdk-dev] [PATCH v2 00/27] Crypto operation restructuring Pablo de Lara
                     ` (23 preceding siblings ...)
  2017-06-26 10:22   ` [dpdk-dev] [PATCH v2 24/27] examples/ipsec-secgw: " Pablo de Lara
@ 2017-06-26 10:22   ` Pablo de Lara
  2017-06-26 10:22   ` [dpdk-dev] [PATCH v2 26/27] cryptodev: use AES-GCM/CCM as AEAD algorithms Pablo de Lara
                     ` (3 subsequent siblings)
  28 siblings, 0 replies; 100+ messages in thread
From: Pablo de Lara @ 2017-06-26 10:22 UTC (permalink / raw)
  To: declan.doherty, zbigniew.bodek, jerin.jacob, akhil.goyal, hemant.agrawal
  Cc: dev, Pablo de Lara

Signed-off-by: Pablo de Lara <pablo.de.lara.guarch@intel.com>
---
 doc/guides/sample_app_ug/l2_forward_crypto.rst |  24 +-
 examples/l2fwd-crypto/main.c                   | 388 +++++++++++++++++++++----
 2 files changed, 357 insertions(+), 55 deletions(-)

diff --git a/doc/guides/sample_app_ug/l2_forward_crypto.rst b/doc/guides/sample_app_ug/l2_forward_crypto.rst
index b9aa573..2880c43 100644
--- a/doc/guides/sample_app_ug/l2_forward_crypto.rst
+++ b/doc/guides/sample_app_ug/l2_forward_crypto.rst
@@ -110,7 +110,9 @@ where,
 
 *   chain: select the operation chaining to perform: Cipher->Hash (CIPHER_HASH),
 
-    Hash->Cipher (HASH_CIPHER), Cipher (CIPHER_ONLY), Hash(HASH_ONLY)
+    Hash->Cipher (HASH_CIPHER), Cipher (CIPHER_ONLY), Hash (HASH_ONLY)
+
+    or AEAD (AEAD)
 
     (default is Cipher->Hash)
 
@@ -154,6 +156,26 @@ where,
 
     Note that if --auth_iv is used, this will be ignored.
 
+*   aead_algo: select the AEAD algorithm
+
+*   aead_op: select the AEAD operation to perform: ENCRYPT or DECRYPT
+
+    (default is ENCRYPT)
+
+*   aead_key: set the AEAD key to be used. Bytes has to be separated with ":"
+
+*   aead_key_random_size: set the size of the AEAD key,
+
+    which will be generated randomly.
+
+    Note that if --aead_key is used, this will be ignored.
+
+*   aead_iv: set the AEAD IV to be used. Bytes has to be separated with ":"
+
+*   aead_iv_random_size: set the size of the AEAD IV, which will be generated randomly.
+
+    Note that if --aead_iv is used, this will be ignored.
+
 *   aad: set the AAD to be used. Bytes has to be separated with ":"
 
 *   aad_random_size: set the size of the AAD, which will be generated randomly.
diff --git a/examples/l2fwd-crypto/main.c b/examples/l2fwd-crypto/main.c
index fb829e3..914f8ed 100644
--- a/examples/l2fwd-crypto/main.c
+++ b/examples/l2fwd-crypto/main.c
@@ -130,7 +130,8 @@ enum l2fwd_crypto_xform_chain {
 	L2FWD_CRYPTO_CIPHER_HASH,
 	L2FWD_CRYPTO_HASH_CIPHER,
 	L2FWD_CRYPTO_CIPHER_ONLY,
-	L2FWD_CRYPTO_HASH_ONLY
+	L2FWD_CRYPTO_HASH_ONLY,
+	L2FWD_CRYPTO_AEAD
 };
 
 struct l2fwd_key {
@@ -172,6 +173,14 @@ struct l2fwd_crypto_options {
 	unsigned int auth_iv_param;
 	int auth_iv_random_size;
 
+	struct rte_crypto_sym_xform aead_xform;
+	unsigned int aead_key_param;
+	int aead_key_random_size;
+
+	struct l2fwd_iv aead_iv;
+	unsigned int aead_iv_param;
+	int aead_iv_random_size;
+
 	struct l2fwd_key aad;
 	unsigned aad_param;
 	int aad_random_size;
@@ -194,15 +203,18 @@ struct l2fwd_crypto_params {
 
 	struct l2fwd_iv cipher_iv;
 	struct l2fwd_iv auth_iv;
+	struct l2fwd_iv aead_iv;
 	struct l2fwd_key aad;
 	struct rte_cryptodev_sym_session *session;
 
 	uint8_t do_cipher;
 	uint8_t do_hash;
+	uint8_t do_aead;
 	uint8_t hash_verify;
 
 	enum rte_crypto_cipher_algorithm cipher_algo;
 	enum rte_crypto_auth_algorithm auth_algo;
+	enum rte_crypto_aead_algorithm aead_algo;
 };
 
 /** lcore configuration */
@@ -492,14 +504,6 @@ l2fwd_simple_crypto_enqueue(struct rte_mbuf *m,
 			op->sym->auth.data.offset = ipdata_offset;
 			op->sym->auth.data.length = data_len;
 		}
-
-		if (cparams->aad.length) {
-			op->sym->auth.aad.data = cparams->aad.data;
-			op->sym->auth.aad.phys_addr = cparams->aad.phys_addr;
-		} else {
-			op->sym->auth.aad.data = NULL;
-			op->sym->auth.aad.phys_addr = 0;
-		}
 	}
 
 	if (cparams->do_cipher) {
@@ -521,6 +525,33 @@ l2fwd_simple_crypto_enqueue(struct rte_mbuf *m,
 		}
 	}
 
+	if (cparams->do_aead) {
+		uint8_t *iv_ptr = rte_crypto_op_ctod_offset(op, uint8_t *,
+							IV_OFFSET);
+		/* Copy IV at the end of the crypto operation */
+		rte_memcpy(iv_ptr, cparams->aead_iv.data, cparams->aead_iv.length);
+
+		op->sym->aead.data.offset = ipdata_offset;
+		op->sym->aead.data.length = data_len;
+
+		if (!cparams->hash_verify) {
+			/* Append space for digest to end of packet */
+			op->sym->aead.digest.data = (uint8_t *)rte_pktmbuf_append(m,
+				cparams->digest_length);
+		} else {
+			op->sym->aead.digest.data = rte_pktmbuf_mtod(m,
+				uint8_t *) + ipdata_offset + data_len;
+		}
+
+		op->sym->auth.digest.phys_addr = rte_pktmbuf_mtophys_offset(m,
+				rte_pktmbuf_pkt_len(m) - cparams->digest_length);
+
+		if (cparams->aad.length) {
+			op->sym->aead.aad.data = cparams->aad.data;
+			op->sym->aead.aad.phys_addr = cparams->aad.phys_addr;
+		}
+	}
+
 	op->sym->m_src = m;
 
 	return l2fwd_crypto_enqueue(op, cparams);
@@ -617,7 +648,9 @@ initialize_crypto_session(struct l2fwd_crypto_options *options,
 {
 	struct rte_crypto_sym_xform *first_xform;
 
-	if (options->xform_chain == L2FWD_CRYPTO_CIPHER_HASH) {
+	if (options->xform_chain == L2FWD_CRYPTO_AEAD) {
+		first_xform = &options->aead_xform;
+	} else if (options->xform_chain == L2FWD_CRYPTO_CIPHER_HASH) {
 		first_xform = &options->cipher_xform;
 		first_xform->next = &options->auth_xform;
 	} else if (options->xform_chain == L2FWD_CRYPTO_HASH_CIPHER) {
@@ -669,8 +702,12 @@ l2fwd_main_loop(struct l2fwd_crypto_options *options)
 	for (i = 0; i < qconf->nb_crypto_devs; i++) {
 		port_cparams[i].do_cipher = 0;
 		port_cparams[i].do_hash = 0;
+		port_cparams[i].do_aead = 0;
 
 		switch (options->xform_chain) {
+		case L2FWD_CRYPTO_AEAD:
+			port_cparams[i].do_aead = 1;
+			break;
 		case L2FWD_CRYPTO_CIPHER_HASH:
 		case L2FWD_CRYPTO_HASH_CIPHER:
 			port_cparams[i].do_cipher = 1;
@@ -695,6 +732,12 @@ l2fwd_main_loop(struct l2fwd_crypto_options *options)
 			if (!options->auth_iv_param)
 				generate_random_key(port_cparams[i].auth_iv.data,
 						port_cparams[i].auth_iv.length);
+			if (options->auth_xform.auth.op == RTE_CRYPTO_AUTH_OP_VERIFY)
+				port_cparams[i].hash_verify = 1;
+			else
+				port_cparams[i].hash_verify = 0;
+
+			port_cparams[i].auth_algo = options->auth_xform.auth.algo;
 			/* Set IV parameters */
 			if (options->auth_iv.length) {
 				options->auth_xform.auth.iv.offset =
@@ -702,11 +745,16 @@ l2fwd_main_loop(struct l2fwd_crypto_options *options)
 				options->auth_xform.auth.iv.length =
 					options->auth_iv.length;
 			}
+		}
+
+		if (port_cparams[i].do_aead) {
+			port_cparams[i].aead_algo = options->aead_xform.aead.algo;
 			port_cparams[i].digest_length =
-					options->auth_xform.auth.digest_length;
-			if (options->auth_xform.auth.add_auth_data_length) {
+					options->aead_xform.aead.digest_length;
+			if (options->aead_xform.aead.add_auth_data_length) {
 				port_cparams[i].aad.data = options->aad.data;
 				port_cparams[i].aad.phys_addr = options->aad.phys_addr;
+				port_cparams[i].aad.length = options->aad.length;
 				if (!options->aad_param)
 					generate_random_key(port_cparams[i].aad.data,
 						port_cparams[i].aad.length);
@@ -714,12 +762,14 @@ l2fwd_main_loop(struct l2fwd_crypto_options *options)
 			} else
 				port_cparams[i].aad.length = 0;
 
-			if (options->auth_xform.auth.op == RTE_CRYPTO_AUTH_OP_VERIFY)
+			if (options->aead_xform.aead.op == RTE_CRYPTO_AEAD_OP_DECRYPT)
 				port_cparams[i].hash_verify = 1;
 			else
 				port_cparams[i].hash_verify = 0;
 
-			port_cparams[i].auth_algo = options->auth_xform.auth.algo;
+			/* Set IV parameters */
+			options->aead_xform.aead.iv.offset = IV_OFFSET;
+			options->aead_xform.aead.iv.length = options->aead_iv.length;
 		}
 
 		if (port_cparams[i].do_cipher) {
@@ -881,7 +931,7 @@ l2fwd_crypto_usage(const char *prgname)
 
 		"  --cdev_type HW / SW / ANY\n"
 		"  --chain HASH_CIPHER / CIPHER_HASH / CIPHER_ONLY /"
-		" HASH_ONLY\n"
+		" HASH_ONLY / AEAD\n"
 
 		"  --cipher_algo ALGO\n"
 		"  --cipher_op ENCRYPT / DECRYPT\n"
@@ -896,8 +946,16 @@ l2fwd_crypto_usage(const char *prgname)
 		"  --auth_key_random_size SIZE: size of auth key when generated randomly\n"
 		"  --auth_iv IV (bytes separated with \":\")\n"
 		"  --auth_iv_random_size SIZE: size of auth IV when generated randomly\n"
+
+		"  --aead_algo ALGO\n"
+		"  --aead_op ENCRYPT / DECRYPT\n"
+		"  --aead_key KEY (bytes separated with \":\")\n"
+		"  --aead_key_random_size SIZE: size of AEAD key when generated randomly\n"
+		"  --aead_iv IV (bytes separated with \":\")\n"
+		"  --aead_iv_random_size SIZE: size of AEAD IV when generated randomly\n"
 		"  --aad AAD (bytes separated with \":\")\n"
 		"  --aad_random_size SIZE: size of AAD when generated randomly\n"
+
 		"  --digest_size SIZE: size of digest to be generated/verified\n"
 
 		"  --sessionless\n"
@@ -939,6 +997,9 @@ parse_crypto_opt_chain(struct l2fwd_crypto_options *options, char *optarg)
 	} else if (strcmp("HASH_ONLY", optarg) == 0) {
 		options->xform_chain = L2FWD_CRYPTO_HASH_ONLY;
 		return 0;
+	} else if (strcmp("AEAD", optarg) == 0) {
+		options->xform_chain = L2FWD_CRYPTO_AEAD;
+		return 0;
 	}
 
 	return -1;
@@ -1046,6 +1107,32 @@ parse_auth_op(enum rte_crypto_auth_operation *op, char *optarg)
 }
 
 static int
+parse_aead_algo(enum rte_crypto_aead_algorithm *algo, char *optarg)
+{
+	if (rte_cryptodev_get_aead_algo_enum(algo, optarg) < 0) {
+		RTE_LOG(ERR, USER1, "AEAD algorithm specified "
+				"not supported!\n");
+		return -1;
+	}
+
+	return 0;
+}
+
+static int
+parse_aead_op(enum rte_crypto_aead_operation *op, char *optarg)
+{
+	if (strcmp("ENCRYPT", optarg) == 0) {
+		*op = RTE_CRYPTO_AEAD_OP_ENCRYPT;
+		return 0;
+	} else if (strcmp("DECRYPT", optarg) == 0) {
+		*op = RTE_CRYPTO_AEAD_OP_DECRYPT;
+		return 0;
+	}
+
+	printf("AEAD operation specified not supported!\n");
+	return -1;
+}
+static int
 parse_cryptodev_mask(struct l2fwd_crypto_options *options,
 		const char *q_arg)
 {
@@ -1143,7 +1230,6 @@ l2fwd_crypto_parse_args_long_options(struct l2fwd_crypto_options *options,
 		return parse_size(&options->akey_random_size, optarg);
 	}
 
-
 	else if (strcmp(lgopts[option_index].name, "auth_iv") == 0) {
 		options->auth_iv_param = 1;
 		options->auth_iv.length =
@@ -1157,6 +1243,43 @@ l2fwd_crypto_parse_args_long_options(struct l2fwd_crypto_options *options,
 	else if (strcmp(lgopts[option_index].name, "auth_iv_random_size") == 0)
 		return parse_size(&options->auth_iv_random_size, optarg);
 
+	/* AEAD options */
+	else if (strcmp(lgopts[option_index].name, "aead_algo") == 0) {
+		return parse_aead_algo(&options->aead_xform.aead.algo,
+				optarg);
+	}
+
+	else if (strcmp(lgopts[option_index].name, "aead_op") == 0)
+		return parse_aead_op(&options->aead_xform.aead.op,
+				optarg);
+
+	else if (strcmp(lgopts[option_index].name, "aead_key") == 0) {
+		options->aead_key_param = 1;
+		options->aead_xform.aead.key.length =
+			parse_key(options->aead_xform.aead.key.data, optarg);
+		if (options->aead_xform.aead.key.length > 0)
+			return 0;
+		else
+			return -1;
+	}
+
+	else if (strcmp(lgopts[option_index].name, "aead_key_random_size") == 0)
+		return parse_size(&options->aead_key_random_size, optarg);
+
+
+	else if (strcmp(lgopts[option_index].name, "aead_iv") == 0) {
+		options->aead_iv_param = 1;
+		options->aead_iv.length =
+			parse_key(options->aead_iv.data, optarg);
+		if (options->aead_iv.length > 0)
+			return 0;
+		else
+			return -1;
+	}
+
+	else if (strcmp(lgopts[option_index].name, "aead_iv_random_size") == 0)
+		return parse_size(&options->aead_iv_random_size, optarg);
+
 	else if (strcmp(lgopts[option_index].name, "aad") == 0) {
 		options->aad_param = 1;
 		options->aad.length =
@@ -1291,13 +1414,25 @@ l2fwd_crypto_default_options(struct l2fwd_crypto_options *options)
 	options->auth_iv_param = 0;
 	options->auth_iv_random_size = -1;
 	options->auth_iv.length = 0;
+
+	options->auth_xform.auth.algo = RTE_CRYPTO_AUTH_SHA1_HMAC;
+	options->auth_xform.auth.op = RTE_CRYPTO_AUTH_OP_GENERATE;
+
+	/* AEAD Data */
+	options->aead_xform.type = RTE_CRYPTO_SYM_XFORM_AEAD;
+	options->aead_xform.next = NULL;
+	options->aead_key_param = 0;
+	options->aead_key_random_size = -1;
+	options->aead_xform.aead.key.length = 0;
+	options->aead_iv_param = 0;
+	options->aead_iv_random_size = -1;
+	options->aead_iv.length = 0;
+
 	options->aad_param = 0;
 	options->aad_random_size = -1;
 	options->aad.length = 0;
-	options->digest_size = -1;
 
-	options->auth_xform.auth.algo = RTE_CRYPTO_AUTH_SHA1_HMAC;
-	options->auth_xform.auth.op = RTE_CRYPTO_AUTH_OP_GENERATE;
+	options->digest_size = -1;
 
 	options->type = CDEV_TYPE_ANY;
 	options->cryptodev_mask = UINT64_MAX;
@@ -1325,6 +1460,18 @@ display_auth_info(struct l2fwd_crypto_options *options)
 			options->auth_xform.auth.key.data,
 			options->auth_xform.auth.key.length);
 	rte_hexdump(stdout, "IV:", options->auth_iv.data, options->auth_iv.length);
+}
+
+static void
+display_aead_info(struct l2fwd_crypto_options *options)
+{
+	printf("\n---- AEAD information ---\n");
+	printf("Algorithm: %s\n",
+		rte_crypto_aead_algorithm_strings[options->aead_xform.aead.algo]);
+	rte_hexdump(stdout, "AEAD key:",
+			options->aead_xform.aead.key.data,
+			options->aead_xform.aead.key.length);
+	rte_hexdump(stdout, "IV:", options->aead_iv.data, options->aead_iv.length);
 	rte_hexdump(stdout, "AAD:", options->aad.data, options->aad.length);
 }
 
@@ -1333,6 +1480,7 @@ l2fwd_crypto_options_print(struct l2fwd_crypto_options *options)
 {
 	char string_cipher_op[MAX_STR_LEN];
 	char string_auth_op[MAX_STR_LEN];
+	char string_aead_op[MAX_STR_LEN];
 
 	if (options->cipher_xform.cipher.op == RTE_CRYPTO_CIPHER_OP_ENCRYPT)
 		strcpy(string_cipher_op, "Encrypt");
@@ -1344,6 +1492,12 @@ l2fwd_crypto_options_print(struct l2fwd_crypto_options *options)
 	else
 		strcpy(string_auth_op, "Auth verify");
 
+	if (options->aead_xform.aead.op == RTE_CRYPTO_AEAD_OP_ENCRYPT)
+		strcpy(string_aead_op, "Authenticated encryption");
+	else
+		strcpy(string_aead_op, "Authenticated decryption");
+
+
 	printf("Options:-\nn");
 	printf("portmask: %x\n", options->portmask);
 	printf("ports per lcore: %u\n", options->nb_ports_per_lcore);
@@ -1373,6 +1527,10 @@ l2fwd_crypto_options_print(struct l2fwd_crypto_options *options)
 
 	printf("\nCrypto chain: ");
 	switch (options->xform_chain) {
+	case L2FWD_CRYPTO_AEAD:
+		printf("Input --> %s --> Output\n", string_aead_op);
+		display_aead_info(options);
+		break;
 	case L2FWD_CRYPTO_CIPHER_HASH:
 		printf("Input --> %s --> %s --> Output\n",
 			string_cipher_op, string_auth_op);
@@ -1424,8 +1582,16 @@ l2fwd_crypto_parse_args(struct l2fwd_crypto_options *options,
 			{ "auth_iv", required_argument, 0, 0 },
 			{ "auth_iv_random_size", required_argument, 0, 0 },
 
+			{ "aead_algo", required_argument, 0, 0 },
+			{ "aead_op", required_argument, 0, 0 },
+			{ "aead_key", required_argument, 0, 0 },
+			{ "aead_key_random_size", required_argument, 0, 0 },
+			{ "aead_iv", required_argument, 0, 0 },
+			{ "aead_iv_random_size", required_argument, 0, 0 },
+
 			{ "aad", required_argument, 0, 0 },
 			{ "aad_random_size", required_argument, 0, 0 },
+
 			{ "digest_size", required_argument, 0, 0 },
 
 			{ "sessionless", no_argument, 0, 0 },
@@ -1639,6 +1805,40 @@ check_device_support_auth_algo(const struct l2fwd_crypto_options *options,
 	return cap;
 }
 
+static const struct rte_cryptodev_capabilities *
+check_device_support_aead_algo(const struct l2fwd_crypto_options *options,
+		const struct rte_cryptodev_info *dev_info,
+		uint8_t cdev_id)
+{
+	unsigned int i = 0;
+	const struct rte_cryptodev_capabilities *cap = &dev_info->capabilities[0];
+	enum rte_crypto_aead_algorithm cap_aead_algo;
+	enum rte_crypto_aead_algorithm opt_aead_algo =
+					options->aead_xform.aead.algo;
+
+	while (cap->op != RTE_CRYPTO_OP_TYPE_UNDEFINED) {
+		cap_aead_algo = cap->sym.aead.algo;
+		if (cap->sym.xform_type == RTE_CRYPTO_SYM_XFORM_AEAD) {
+			if (cap_aead_algo == opt_aead_algo) {
+				if (check_type(options, dev_info) == 0)
+					break;
+			}
+		}
+		cap = &dev_info->capabilities[++i];
+	}
+
+	if (cap->op == RTE_CRYPTO_OP_TYPE_UNDEFINED) {
+		printf("Algorithm %s not supported by cryptodev %u"
+			" or device not of preferred type (%s)\n",
+			rte_crypto_aead_algorithm_strings[opt_aead_algo],
+			cdev_id,
+			options->string_type);
+		return NULL;
+	}
+
+	return cap;
+}
+
 /* Check if the device is enabled by cryptodev_mask */
 static int
 check_cryptodev_mask(struct l2fwd_crypto_options *options,
@@ -1745,6 +1945,112 @@ initialize_cryptodevs(struct l2fwd_crypto_options *options, unsigned nb_ports,
 
 		rte_cryptodev_info_get(cdev_id, &dev_info);
 
+		/* Set AEAD parameters */
+		if (options->xform_chain == L2FWD_CRYPTO_AEAD) {
+			/* Check if device supports AEAD algo */
+			cap = check_device_support_aead_algo(options, &dev_info,
+							cdev_id);
+			if (cap == NULL)
+				continue;
+
+			options->block_size = cap->sym.aead.block_size;
+
+			check_iv_param(&cap->sym.aead.iv_size,
+					options->aead_iv_param,
+					options->aead_iv_random_size,
+					&options->aead_iv.length);
+
+			/*
+			 * Check if length of provided AEAD key is supported
+			 * by the algorithm chosen.
+			 */
+			if (options->aead_key_param) {
+				if (check_supported_size(
+						options->aead_xform.aead.key.length,
+						cap->sym.aead.key_size.min,
+						cap->sym.aead.key_size.max,
+						cap->sym.aead.key_size.increment)
+							!= 0) {
+					printf("Unsupported aead key length\n");
+					return -1;
+				}
+			/*
+			 * Check if length of the aead key to be randomly generated
+			 * is supported by the algorithm chosen.
+			 */
+			} else if (options->aead_key_random_size != -1) {
+				if (check_supported_size(options->ckey_random_size,
+						cap->sym.aead.key_size.min,
+						cap->sym.aead.key_size.max,
+						cap->sym.aead.key_size.increment)
+							!= 0) {
+					printf("Unsupported aead key length\n");
+					return -1;
+				}
+				options->aead_xform.aead.key.length =
+							options->ckey_random_size;
+			/* No size provided, use minimum size. */
+			} else
+				options->aead_xform.aead.key.length =
+						cap->sym.aead.key_size.min;
+
+			if (!options->aead_key_param)
+				generate_random_key(
+					options->aead_xform.aead.key.data,
+					options->aead_xform.aead.key.length);
+
+			/*
+			 * Check if length of provided AAD is supported
+			 * by the algorithm chosen.
+			 */
+			if (options->aad_param) {
+				if (check_supported_size(options->aad.length,
+						cap->sym.aead.aad_size.min,
+						cap->sym.aead.aad_size.max,
+						cap->sym.aead.aad_size.increment)
+							!= 0) {
+					printf("Unsupported AAD length\n");
+					return -1;
+				}
+			/*
+			 * Check if length of AAD to be randomly generated
+			 * is supported by the algorithm chosen.
+			 */
+			} else if (options->aad_random_size != -1) {
+				if (check_supported_size(options->aad_random_size,
+						cap->sym.aead.aad_size.min,
+						cap->sym.aead.aad_size.max,
+						cap->sym.aead.aad_size.increment)
+							!= 0) {
+					printf("Unsupported AAD length\n");
+					return -1;
+				}
+				options->aad.length = options->aad_random_size;
+			/* No size provided, use minimum size. */
+			} else
+				options->aad.length = cap->sym.auth.aad_size.min;
+
+			options->aead_xform.aead.add_auth_data_length =
+						options->aad.length;
+
+			/* Check if digest size is supported by the algorithm. */
+			if (options->digest_size != -1) {
+				if (check_supported_size(options->digest_size,
+						cap->sym.aead.digest_size.min,
+						cap->sym.aead.digest_size.max,
+						cap->sym.aead.digest_size.increment)
+							!= 0) {
+					printf("Unsupported digest length\n");
+					return -1;
+				}
+				options->aead_xform.aead.digest_length =
+							options->digest_size;
+			/* No size provided, use minimum size. */
+			} else
+				options->aead_xform.aead.digest_length =
+						cap->sym.aead.digest_size.min;
+		}
+
 		/* Set cipher parameters */
 		if (options->xform_chain == L2FWD_CRYPTO_CIPHER_HASH ||
 				options->xform_chain == L2FWD_CRYPTO_HASH_CIPHER ||
@@ -1818,40 +2124,6 @@ initialize_cryptodevs(struct l2fwd_crypto_options *options, unsigned nb_ports,
 					options->auth_iv_random_size,
 					&options->auth_iv.length);
 			/*
-			 * Check if length of provided AAD is supported
-			 * by the algorithm chosen.
-			 */
-			if (options->aad_param) {
-				if (check_supported_size(options->aad.length,
-						cap->sym.auth.aad_size.min,
-						cap->sym.auth.aad_size.max,
-						cap->sym.auth.aad_size.increment)
-							!= 0) {
-					printf("Unsupported AAD length\n");
-					return -1;
-				}
-			/*
-			 * Check if length of AAD to be randomly generated
-			 * is supported by the algorithm chosen.
-			 */
-			} else if (options->aad_random_size != -1) {
-				if (check_supported_size(options->aad_random_size,
-						cap->sym.auth.aad_size.min,
-						cap->sym.auth.aad_size.max,
-						cap->sym.auth.aad_size.increment)
-							!= 0) {
-					printf("Unsupported AAD length\n");
-					return -1;
-				}
-				options->aad.length = options->aad_random_size;
-			/* No size provided, use minimum size. */
-			} else
-				options->aad.length = cap->sym.auth.aad_size.min;
-
-			options->auth_xform.auth.add_auth_data_length =
-						options->aad.length;
-
-			/*
 			 * Check if length of provided auth key is supported
 			 * by the algorithm chosen.
 			 */
@@ -2052,12 +2324,16 @@ reserve_key_memory(struct l2fwd_crypto_options *options)
 	if (options->cipher_xform.cipher.key.data == NULL)
 		rte_exit(EXIT_FAILURE, "Failed to allocate memory for cipher key");
 
-
 	options->auth_xform.auth.key.data = rte_malloc("auth key",
 						MAX_KEY_SIZE, 0);
 	if (options->auth_xform.auth.key.data == NULL)
 		rte_exit(EXIT_FAILURE, "Failed to allocate memory for auth key");
 
+	options->aead_xform.aead.key.data = rte_malloc("aead key",
+						MAX_KEY_SIZE, 0);
+	if (options->aead_xform.aead.key.data == NULL)
+		rte_exit(EXIT_FAILURE, "Failed to allocate memory for AEAD key");
+
 	options->cipher_iv.data = rte_malloc("cipher iv", MAX_KEY_SIZE, 0);
 	if (options->cipher_iv.data == NULL)
 		rte_exit(EXIT_FAILURE, "Failed to allocate memory for cipher IV");
@@ -2066,6 +2342,10 @@ reserve_key_memory(struct l2fwd_crypto_options *options)
 	if (options->auth_iv.data == NULL)
 		rte_exit(EXIT_FAILURE, "Failed to allocate memory for auth IV");
 
+	options->aead_iv.data = rte_malloc("aead_iv", MAX_KEY_SIZE, 0);
+	if (options->aead_iv.data == NULL)
+		rte_exit(EXIT_FAILURE, "Failed to allocate memory for AEAD iv");
+
 	options->aad.data = rte_malloc("aad", MAX_KEY_SIZE, 0);
 	if (options->aad.data == NULL)
 		rte_exit(EXIT_FAILURE, "Failed to allocate memory for AAD");
-- 
2.9.4

^ permalink raw reply	[flat|nested] 100+ messages in thread

* [dpdk-dev] [PATCH v2 26/27] cryptodev: use AES-GCM/CCM as AEAD algorithms
  2017-06-26 10:22 ` [dpdk-dev] [PATCH v2 00/27] Crypto operation restructuring Pablo de Lara
                     ` (24 preceding siblings ...)
  2017-06-26 10:22   ` [dpdk-dev] [PATCH v2 25/27] examples/l2fwd-crypto: " Pablo de Lara
@ 2017-06-26 10:22   ` Pablo de Lara
  2017-06-26 10:23   ` [dpdk-dev] [PATCH v2 27/27] cryptodev: remove AAD from authentication structure Pablo de Lara
                     ` (2 subsequent siblings)
  28 siblings, 0 replies; 100+ messages in thread
From: Pablo de Lara @ 2017-06-26 10:22 UTC (permalink / raw)
  To: declan.doherty, zbigniew.bodek, jerin.jacob, akhil.goyal, hemant.agrawal
  Cc: dev, Pablo de Lara

Now that all the structures/functions for AEAD algorithms
are in place, migrate the two supported algorithms
AES-GCM and AES-CCM to these, instead of using
cipher and authentication parameters.

Signed-off-by: Pablo de Lara <pablo.de.lara.guarch@intel.com>
---
 doc/guides/sample_app_ug/ipsec_secgw.rst         |  11 +-
 doc/guides/sample_app_ug/l2_forward_crypto.rst   |   2 +-
 doc/guides/tools/cryptoperf.rst                  |   4 -
 drivers/crypto/aesni_gcm/aesni_gcm_pmd.c         |  76 ++--
 drivers/crypto/aesni_gcm/aesni_gcm_pmd_ops.c     |  24 +-
 drivers/crypto/dpaa2_sec/dpaa2_sec_dpseci.c      |   8 -
 drivers/crypto/openssl/rte_openssl_pmd.c         | 140 +++++--
 drivers/crypto/openssl/rte_openssl_pmd_ops.c     |  26 +-
 drivers/crypto/openssl/rte_openssl_pmd_private.h |   4 +
 drivers/crypto/qat/qat_crypto.c                  | 186 +++++++---
 drivers/crypto/qat/qat_crypto.h                  |   4 +
 drivers/crypto/qat/qat_crypto_capabilities.h     |  34 +-
 examples/ipsec-secgw/esp.c                       | 231 +++++++-----
 examples/ipsec-secgw/sa.c                        | 187 ++++++----
 examples/l2fwd-crypto/main.c                     |   3 +
 lib/librte_cryptodev/rte_crypto_sym.h            | 100 -----
 lib/librte_cryptodev/rte_cryptodev.c             |   4 -
 test/test/test_cryptodev.c                       | 218 +++++------
 test/test/test_cryptodev_perf.c                  | 446 ++++++++++++-----------
 19 files changed, 892 insertions(+), 816 deletions(-)

diff --git a/doc/guides/sample_app_ug/ipsec_secgw.rst b/doc/guides/sample_app_ug/ipsec_secgw.rst
index ca2a34d..75b960f 100644
--- a/doc/guides/sample_app_ug/ipsec_secgw.rst
+++ b/doc/guides/sample_app_ug/ipsec_secgw.rst
@@ -419,7 +419,6 @@ where each options means:
    * *null*: NULL algorithm
    * *aes-128-cbc*: AES-CBC 128-bit algorithm
    * *aes-128-ctr*: AES-CTR 128-bit algorithm
-   * *aes-128-gcm*: AES-GCM 128-bit algorithm
 
  * Syntax: *cipher_algo <your algorithm>*
 
@@ -447,7 +446,6 @@ where each options means:
 
     * *null*: NULL algorithm
     * *sha1-hmac*: HMAC SHA1 algorithm
-    * *aes-128-gcm*: AES-GCM 128-bit algorithm
 
 ``<auth_key>``
 
@@ -470,6 +468,10 @@ where each options means:
 
  * Optional: Yes, unless <cipher_algo> and <auth_algo> are not used
 
+ * Available options:
+
+   * *aes-128-gcm*: AES-GCM 128-bit algorithm
+
  * Syntax: *cipher_algo <your algorithm>*
 
 ``<aead_key>``
@@ -539,9 +541,8 @@ Example SA rules:
     src 1111:1111:1111:1111:1111:1111:1111:5555 \
     dst 2222:2222:2222:2222:2222:2222:2222:5555
 
-    sa in 105 cipher_algo aes-128-gcm \
-    cipher_key de:ad:be:ef:de:ad:be:ef:de:ad:be:ef:de:ad:be:ef:de:ad:be:ef \
-    auth_algo aes-128-gcm \
+    sa in 105 aead_algo aes-128-gcm \
+    aead_key de:ad:be:ef:de:ad:be:ef:de:ad:be:ef:de:ad:be:ef:de:ad:be:ef \
     mode ipv4-tunnel src 172.16.2.5 dst 172.16.1.5
 
 Routing rule syntax
diff --git a/doc/guides/sample_app_ug/l2_forward_crypto.rst b/doc/guides/sample_app_ug/l2_forward_crypto.rst
index 2880c43..2a61af7 100644
--- a/doc/guides/sample_app_ug/l2_forward_crypto.rst
+++ b/doc/guides/sample_app_ug/l2_forward_crypto.rst
@@ -156,7 +156,7 @@ where,
 
     Note that if --auth_iv is used, this will be ignored.
 
-*   aead_algo: select the AEAD algorithm
+*   aead_algo: select the AEAD algorithm (default is aes-gcm)
 
 *   aead_op: select the AEAD operation to perform: ENCRYPT or DECRYPT
 
diff --git a/doc/guides/tools/cryptoperf.rst b/doc/guides/tools/cryptoperf.rst
index 6b797a7..a077e7d 100644
--- a/doc/guides/tools/cryptoperf.rst
+++ b/doc/guides/tools/cryptoperf.rst
@@ -223,10 +223,8 @@ The following are the appication command-line options:
            3des-ecb
            3des-ctr
            aes-cbc
-           aes-ccm
            aes-ctr
            aes-ecb
-           aes-gcm
            aes-f8
            aes-xts
            arc4
@@ -257,9 +255,7 @@ The following are the appication command-line options:
 
            3des-cbc
            aes-cbc-mac
-           aes-ccm
            aes-cmac
-           aes-gcm
            aes-gmac
            aes-xcbc-mac
            md5
diff --git a/drivers/crypto/aesni_gcm/aesni_gcm_pmd.c b/drivers/crypto/aesni_gcm/aesni_gcm_pmd.c
index 11ab2f6..80b814a 100644
--- a/drivers/crypto/aesni_gcm/aesni_gcm_pmd.c
+++ b/drivers/crypto/aesni_gcm/aesni_gcm_pmd.c
@@ -77,13 +77,13 @@ aesni_gcm_set_session_parameters(struct aesni_gcm_session *sess,
 		const struct rte_crypto_sym_xform *xform)
 {
 	const struct rte_crypto_sym_xform *auth_xform;
-	const struct rte_crypto_sym_xform *cipher_xform;
+	const struct rte_crypto_sym_xform *aead_xform;
 	uint16_t digest_length;
 	uint8_t key_length;
 	uint8_t *key;
 
 	/* AES-GMAC */
-	if (xform->next == NULL) {
+	if (xform->type == RTE_CRYPTO_SYM_XFORM_AUTH) {
 		auth_xform = xform;
 		if (auth_xform->auth.algo != RTE_CRYPTO_AUTH_AES_GMAC) {
 			GCM_LOG_ERR("Only AES GMAC is supported as an "
@@ -102,52 +102,39 @@ aesni_gcm_set_session_parameters(struct aesni_gcm_session *sess,
 
 		key_length = auth_xform->auth.key.length;
 		key = auth_xform->auth.key.data;
+		digest_length = auth_xform->auth.digest_length;
+
 	/* AES-GCM */
-	} else {
-		if (xform->type == RTE_CRYPTO_SYM_XFORM_CIPHER &&
-				xform->next->type == RTE_CRYPTO_SYM_XFORM_AUTH) {
-			auth_xform = xform->next;
-			cipher_xform = xform;
-		} else if (xform->type == RTE_CRYPTO_SYM_XFORM_AUTH &&
-				xform->next->type == RTE_CRYPTO_SYM_XFORM_CIPHER) {
-			auth_xform = xform;
-			cipher_xform = xform->next;
-		} else {
-			GCM_LOG_ERR("Cipher and auth xform required "
-					"when using AES GCM");
-			return -EINVAL;
-		}
+	} else if (xform->type == RTE_CRYPTO_SYM_XFORM_AEAD) {
+		aead_xform = xform;
 
-		if (!(cipher_xform->cipher.algo == RTE_CRYPTO_CIPHER_AES_GCM &&
-				(auth_xform->auth.algo == RTE_CRYPTO_AUTH_AES_GCM))) {
+		if (aead_xform->aead.algo != RTE_CRYPTO_AEAD_AES_GCM) {
 			GCM_LOG_ERR("The only combined operation "
 						"supported is AES GCM");
 			return -EINVAL;
 		}
 
 		/* Set IV parameters */
-		sess->iv.offset = cipher_xform->cipher.iv.offset;
-		sess->iv.length = cipher_xform->cipher.iv.length;
+		sess->iv.offset = aead_xform->aead.iv.offset;
+		sess->iv.length = aead_xform->aead.iv.length;
 
 		/* Select Crypto operation */
-		if (cipher_xform->cipher.op == RTE_CRYPTO_CIPHER_OP_ENCRYPT &&
-				auth_xform->auth.op == RTE_CRYPTO_AUTH_OP_GENERATE)
+		if (aead_xform->aead.op == RTE_CRYPTO_AEAD_OP_ENCRYPT)
 			sess->op = AESNI_GCM_OP_AUTHENTICATED_ENCRYPTION;
-		else if (cipher_xform->cipher.op == RTE_CRYPTO_CIPHER_OP_DECRYPT &&
-				auth_xform->auth.op == RTE_CRYPTO_AUTH_OP_VERIFY)
+		else
 			sess->op = AESNI_GCM_OP_AUTHENTICATED_DECRYPTION;
-		else {
-			GCM_LOG_ERR("Cipher/Auth operations: Encrypt/Generate or"
-					" Decrypt/Verify are valid only");
-			return -EINVAL;
-		}
 
-		key_length = cipher_xform->auth.key.length;
-		key = cipher_xform->auth.key.data;
+		key_length = aead_xform->aead.key.length;
+		key = aead_xform->aead.key.data;
 
-		sess->aad_length = auth_xform->auth.add_auth_data_length;
+		sess->aad_length = aead_xform->aead.add_auth_data_length;
+		digest_length = aead_xform->aead.digest_length;
+	} else {
+		GCM_LOG_ERR("Wrong xform type, has to be AEAD or authentication");
+		return -EINVAL;
 	}
 
+
 	/* IV check */
 	if (sess->iv.length != 16 && sess->iv.length != 12 &&
 			sess->iv.length != 0) {
@@ -155,8 +142,6 @@ aesni_gcm_set_session_parameters(struct aesni_gcm_session *sess,
 		return -EINVAL;
 	}
 
-	digest_length = auth_xform->auth.digest_length;
-
 	/* Check key length and calculate GCM pre-compute. */
 	switch (key_length) {
 	case 16:
@@ -170,7 +155,7 @@ aesni_gcm_set_session_parameters(struct aesni_gcm_session *sess,
 
 		break;
 	default:
-		GCM_LOG_ERR("Unsupported cipher/auth key length");
+		GCM_LOG_ERR("Unsupported key length");
 		return -EINVAL;
 	}
 
@@ -241,9 +226,9 @@ process_gcm_crypto_op(struct rte_crypto_op *op,
 
 	if (session->op == AESNI_GCM_OP_AUTHENTICATED_ENCRYPTION ||
 			session->op == AESNI_GCM_OP_AUTHENTICATED_DECRYPTION) {
-		offset = sym_op->cipher.data.offset;
+		offset = sym_op->aead.data.offset;
 		data_offset = offset;
-		data_length = sym_op->cipher.data.length;
+		data_length = sym_op->aead.data.length;
 	} else {
 		offset = sym_op->auth.data.offset;
 		data_offset = offset;
@@ -296,7 +281,7 @@ process_gcm_crypto_op(struct rte_crypto_op *op,
 
 		aesni_gcm_enc[session->key].init(&session->gdata,
 				iv_ptr,
-				sym_op->auth.aad.data,
+				sym_op->aead.aad.data,
 				(uint64_t)session->aad_length);
 
 		aesni_gcm_enc[session->key].update(&session->gdata, dst, src,
@@ -320,7 +305,7 @@ process_gcm_crypto_op(struct rte_crypto_op *op,
 		}
 
 		aesni_gcm_enc[session->key].finalize(&session->gdata,
-				sym_op->auth.digest.data,
+				sym_op->aead.digest.data,
 				(uint64_t)session->digest_length);
 	} else if (session->op == AESNI_GCM_OP_AUTHENTICATED_DECRYPTION) {
 		uint8_t *auth_tag = (uint8_t *)rte_pktmbuf_append(sym_op->m_dst ?
@@ -334,7 +319,7 @@ process_gcm_crypto_op(struct rte_crypto_op *op,
 
 		aesni_gcm_dec[session->key].init(&session->gdata,
 				iv_ptr,
-				sym_op->auth.aad.data,
+				sym_op->aead.aad.data,
 				(uint64_t)session->aad_length);
 
 		aesni_gcm_dec[session->key].update(&session->gdata, dst, src,
@@ -414,19 +399,24 @@ post_process_gcm_crypto_op(struct rte_crypto_op *op)
 	/* Verify digest if required */
 	if (session->op == AESNI_GCM_OP_AUTHENTICATED_DECRYPTION ||
 			session->op == AESNI_GMAC_OP_VERIFY) {
+		uint8_t *digest;
 
 		uint8_t *tag = rte_pktmbuf_mtod_offset(m, uint8_t *,
 				m->data_len - session->digest_length);
 
+		if (session->op == AESNI_GMAC_OP_VERIFY)
+			digest = op->sym->auth.digest.data;
+		else
+			digest = op->sym->aead.digest.data;
+
 #ifdef RTE_LIBRTE_PMD_AESNI_GCM_DEBUG
 		rte_hexdump(stdout, "auth tag (orig):",
-				op->sym->auth.digest.data, session->digest_length);
+				digest, session->digest_length);
 		rte_hexdump(stdout, "auth tag (calc):",
 				tag, session->digest_length);
 #endif
 
-		if (memcmp(tag, op->sym->auth.digest.data,
-				session->digest_length) != 0)
+		if (memcmp(tag, digest,	session->digest_length) != 0)
 			op->status = RTE_CRYPTO_OP_STATUS_AUTH_FAILED;
 
 		/* trim area used for digest from mbuf */
diff --git a/drivers/crypto/aesni_gcm/aesni_gcm_pmd_ops.c b/drivers/crypto/aesni_gcm/aesni_gcm_pmd_ops.c
index 39285d0..5317657 100644
--- a/drivers/crypto/aesni_gcm/aesni_gcm_pmd_ops.c
+++ b/drivers/crypto/aesni_gcm/aesni_gcm_pmd_ops.c
@@ -65,12 +65,12 @@ static const struct rte_cryptodev_capabilities aesni_gcm_pmd_capabilities[] = {
 			}, }
 		}, }
 	},
-	{	/* AES GCM (AUTH) */
+	{	/* AES GCM */
 		.op = RTE_CRYPTO_OP_TYPE_SYMMETRIC,
 		{.sym = {
-			.xform_type = RTE_CRYPTO_SYM_XFORM_AUTH,
-			{.auth = {
-				.algo = RTE_CRYPTO_AUTH_AES_GCM,
+			.xform_type = RTE_CRYPTO_SYM_XFORM_AEAD,
+			{.aead = {
+				.algo = RTE_CRYPTO_AEAD_AES_GCM,
 				.block_size = 16,
 				.key_size = {
 					.min = 16,
@@ -87,22 +87,6 @@ static const struct rte_cryptodev_capabilities aesni_gcm_pmd_capabilities[] = {
 					.max = 65535,
 					.increment = 1
 				},
-				.iv_size = { 0 }
-			}, }
-		}, }
-	},
-	{	/* AES GCM (CIPHER) */
-		.op = RTE_CRYPTO_OP_TYPE_SYMMETRIC,
-		{.sym = {
-			.xform_type = RTE_CRYPTO_SYM_XFORM_CIPHER,
-			{.cipher = {
-				.algo = RTE_CRYPTO_CIPHER_AES_GCM,
-				.block_size = 16,
-				.key_size = {
-					.min = 16,
-					.max = 32,
-					.increment = 16
-				},
 				.iv_size = {
 					.min = 12,
 					.max = 12,
diff --git a/drivers/crypto/dpaa2_sec/dpaa2_sec_dpseci.c b/drivers/crypto/dpaa2_sec/dpaa2_sec_dpseci.c
index 8ee6ece..3620751 100644
--- a/drivers/crypto/dpaa2_sec/dpaa2_sec_dpseci.c
+++ b/drivers/crypto/dpaa2_sec/dpaa2_sec_dpseci.c
@@ -817,8 +817,6 @@ dpaa2_sec_cipher_init(struct rte_cryptodev *dev,
 		break;
 	case RTE_CRYPTO_CIPHER_AES_CTR:
 	case RTE_CRYPTO_CIPHER_3DES_CTR:
-	case RTE_CRYPTO_CIPHER_AES_GCM:
-	case RTE_CRYPTO_CIPHER_AES_CCM:
 	case RTE_CRYPTO_CIPHER_AES_ECB:
 	case RTE_CRYPTO_CIPHER_3DES_ECB:
 	case RTE_CRYPTO_CIPHER_AES_XTS:
@@ -946,7 +944,6 @@ dpaa2_sec_auth_init(struct rte_cryptodev *dev,
 		session->auth_alg = RTE_CRYPTO_AUTH_SHA224_HMAC;
 		break;
 	case RTE_CRYPTO_AUTH_AES_XCBC_MAC:
-	case RTE_CRYPTO_AUTH_AES_GCM:
 	case RTE_CRYPTO_AUTH_SNOW3G_UIA2:
 	case RTE_CRYPTO_AUTH_NULL:
 	case RTE_CRYPTO_AUTH_SHA1:
@@ -955,7 +952,6 @@ dpaa2_sec_auth_init(struct rte_cryptodev *dev,
 	case RTE_CRYPTO_AUTH_SHA224:
 	case RTE_CRYPTO_AUTH_SHA384:
 	case RTE_CRYPTO_AUTH_MD5:
-	case RTE_CRYPTO_AUTH_AES_CCM:
 	case RTE_CRYPTO_AUTH_AES_GMAC:
 	case RTE_CRYPTO_AUTH_KASUMI_F9:
 	case RTE_CRYPTO_AUTH_AES_CMAC:
@@ -1100,7 +1096,6 @@ dpaa2_sec_aead_init(struct rte_cryptodev *dev,
 		session->auth_alg = RTE_CRYPTO_AUTH_SHA512_HMAC;
 		break;
 	case RTE_CRYPTO_AUTH_AES_XCBC_MAC:
-	case RTE_CRYPTO_AUTH_AES_GCM:
 	case RTE_CRYPTO_AUTH_SNOW3G_UIA2:
 	case RTE_CRYPTO_AUTH_NULL:
 	case RTE_CRYPTO_AUTH_SHA1:
@@ -1109,7 +1104,6 @@ dpaa2_sec_aead_init(struct rte_cryptodev *dev,
 	case RTE_CRYPTO_AUTH_SHA224:
 	case RTE_CRYPTO_AUTH_SHA384:
 	case RTE_CRYPTO_AUTH_MD5:
-	case RTE_CRYPTO_AUTH_AES_CCM:
 	case RTE_CRYPTO_AUTH_AES_GMAC:
 	case RTE_CRYPTO_AUTH_KASUMI_F9:
 	case RTE_CRYPTO_AUTH_AES_CMAC:
@@ -1141,13 +1135,11 @@ dpaa2_sec_aead_init(struct rte_cryptodev *dev,
 		session->cipher_alg = RTE_CRYPTO_CIPHER_3DES_CBC;
 		ctxt->iv.length = TDES_CBC_IV_LEN;
 		break;
-	case RTE_CRYPTO_CIPHER_AES_GCM:
 	case RTE_CRYPTO_CIPHER_SNOW3G_UEA2:
 	case RTE_CRYPTO_CIPHER_NULL:
 	case RTE_CRYPTO_CIPHER_3DES_ECB:
 	case RTE_CRYPTO_CIPHER_AES_ECB:
 	case RTE_CRYPTO_CIPHER_AES_CTR:
-	case RTE_CRYPTO_CIPHER_AES_CCM:
 	case RTE_CRYPTO_CIPHER_KASUMI_F8:
 		RTE_LOG(ERR, PMD, "Crypto: Unsupported Cipher alg %u",
 			cipher_xform->algo);
diff --git a/drivers/crypto/openssl/rte_openssl_pmd.c b/drivers/crypto/openssl/rte_openssl_pmd.c
index 32062a0..ee2d71f 100644
--- a/drivers/crypto/openssl/rte_openssl_pmd.c
+++ b/drivers/crypto/openssl/rte_openssl_pmd.c
@@ -89,6 +89,8 @@ openssl_get_chain_order(const struct rte_crypto_sym_xform *xform)
 			else if (xform->next->type == RTE_CRYPTO_SYM_XFORM_AUTH)
 				res =  OPENSSL_CHAIN_CIPHER_AUTH;
 		}
+		if (xform->type == RTE_CRYPTO_SYM_XFORM_AEAD)
+			res = OPENSSL_CHAIN_COMBINED;
 	}
 
 	return res;
@@ -184,21 +186,6 @@ get_cipher_algo(enum rte_crypto_cipher_algorithm sess_algo, size_t keylen,
 				res = -EINVAL;
 			}
 			break;
-		case RTE_CRYPTO_CIPHER_AES_GCM:
-			switch (keylen) {
-			case 16:
-				*algo = EVP_aes_128_gcm();
-				break;
-			case 24:
-				*algo = EVP_aes_192_gcm();
-				break;
-			case 32:
-				*algo = EVP_aes_256_gcm();
-				break;
-			default:
-				res = -EINVAL;
-			}
-			break;
 		default:
 			res = -EINVAL;
 			break;
@@ -254,6 +241,41 @@ get_auth_algo(enum rte_crypto_auth_algorithm sessalgo,
 	return res;
 }
 
+/** Get adequate openssl function for input cipher algorithm */
+static uint8_t
+get_aead_algo(enum rte_crypto_aead_algorithm sess_algo, size_t keylen,
+		const EVP_CIPHER **algo)
+{
+	int res = 0;
+
+	if (algo != NULL) {
+		switch (sess_algo) {
+		case RTE_CRYPTO_AEAD_AES_GCM:
+			switch (keylen) {
+			case 16:
+				*algo = EVP_aes_128_gcm();
+				break;
+			case 24:
+				*algo = EVP_aes_192_gcm();
+				break;
+			case 32:
+				*algo = EVP_aes_256_gcm();
+				break;
+			default:
+				res = -EINVAL;
+			}
+			break;
+		default:
+			res = -EINVAL;
+			break;
+		}
+	} else {
+		res = -EINVAL;
+	}
+
+	return res;
+}
+
 /** Set session cipher parameters */
 static int
 openssl_set_session_cipher_parameters(struct openssl_session *sess,
@@ -273,7 +295,6 @@ openssl_set_session_cipher_parameters(struct openssl_session *sess,
 	case RTE_CRYPTO_CIPHER_3DES_CBC:
 	case RTE_CRYPTO_CIPHER_AES_CBC:
 	case RTE_CRYPTO_CIPHER_AES_CTR:
-	case RTE_CRYPTO_CIPHER_AES_GCM:
 		sess->cipher.mode = OPENSSL_CIPHER_LIB;
 		sess->cipher.algo = xform->cipher.algo;
 		sess->cipher.ctx = EVP_CIPHER_CTX_new();
@@ -330,12 +351,6 @@ openssl_set_session_auth_parameters(struct openssl_session *sess,
 
 	/* Select auth algo */
 	switch (xform->auth.algo) {
-	case RTE_CRYPTO_AUTH_AES_GCM:
-		/* Check additional condition for AES_GCM */
-		if (sess->cipher.algo != RTE_CRYPTO_CIPHER_AES_GCM)
-			return -EINVAL;
-		sess->chain_order = OPENSSL_CHAIN_COMBINED;
-		break;
 	case RTE_CRYPTO_AUTH_AES_GMAC:
 		sess->chain_order = OPENSSL_CHAIN_COMBINED;
 
@@ -356,7 +371,7 @@ openssl_set_session_auth_parameters(struct openssl_session *sess,
 		sess->cipher.key.length = xform->auth.key.length;
 		sess->cipher.ctx = EVP_CIPHER_CTX_new();
 
-		if (get_cipher_algo(RTE_CRYPTO_CIPHER_AES_GCM,
+		if (get_aead_algo(RTE_CRYPTO_AEAD_AES_GCM,
 				sess->cipher.key.length,
 				&sess->cipher.evp_algo) != 0)
 			return -EINVAL;
@@ -404,6 +419,50 @@ openssl_set_session_auth_parameters(struct openssl_session *sess,
 	return 0;
 }
 
+/* Set session AEAD parameters */
+static int
+openssl_set_session_aead_parameters(struct openssl_session *sess,
+		const struct rte_crypto_sym_xform *xform)
+{
+	/* Select cipher direction */
+	sess->cipher.direction = xform->cipher.op;
+	/* Select cipher key */
+	sess->cipher.key.length = xform->aead.key.length;
+
+	/* Set IV parameters */
+	sess->iv.offset = xform->aead.iv.offset;
+	sess->iv.length = xform->aead.iv.length;
+
+	/* Select auth generate/verify */
+	sess->auth.operation = xform->auth.op;
+	sess->auth.algo = xform->auth.algo;
+
+	/* Select auth algo */
+	switch (xform->aead.algo) {
+	case RTE_CRYPTO_AEAD_AES_GCM:
+		sess->cipher.mode = OPENSSL_CIPHER_LIB;
+		sess->aead_algo = xform->aead.algo;
+		sess->cipher.ctx = EVP_CIPHER_CTX_new();
+
+		if (get_aead_algo(sess->aead_algo, sess->cipher.key.length,
+				&sess->cipher.evp_algo) != 0)
+			return -EINVAL;
+
+		get_cipher_key(xform->cipher.key.data, sess->cipher.key.length,
+			sess->cipher.key.data);
+
+		sess->chain_order = OPENSSL_CHAIN_COMBINED;
+		break;
+	default:
+		return -EINVAL;
+	}
+
+	sess->auth.aad_length = xform->aead.add_auth_data_length;
+	sess->auth.digest_length = xform->aead.digest_length;
+
+	return 0;
+}
+
 /** Parse crypto xform chain and set private session parameters */
 int
 openssl_set_session_parameters(struct openssl_session *sess,
@@ -411,6 +470,7 @@ openssl_set_session_parameters(struct openssl_session *sess,
 {
 	const struct rte_crypto_sym_xform *cipher_xform = NULL;
 	const struct rte_crypto_sym_xform *auth_xform = NULL;
+	const struct rte_crypto_sym_xform *aead_xform = NULL;
 
 	sess->chain_order = openssl_get_chain_order(xform);
 	switch (sess->chain_order) {
@@ -428,6 +488,9 @@ openssl_set_session_parameters(struct openssl_session *sess,
 		auth_xform = xform;
 		cipher_xform = xform->next;
 		break;
+	case OPENSSL_CHAIN_COMBINED:
+		aead_xform = xform;
+		break;
 	default:
 		return -EINVAL;
 	}
@@ -453,6 +516,14 @@ openssl_set_session_parameters(struct openssl_session *sess,
 		}
 	}
 
+	if (aead_xform) {
+		if (openssl_set_session_aead_parameters(sess, aead_xform)) {
+			OPENSSL_LOG_ERR(
+				"Invalid/unsupported auth parameters");
+			return -EINVAL;
+		}
+	}
+
 	return 0;
 }
 
@@ -965,26 +1036,27 @@ process_openssl_combined_op
 	iv = rte_crypto_op_ctod_offset(op, uint8_t *,
 			sess->iv.offset);
 	ivlen = sess->iv.length;
-	tag = op->sym->auth.digest.data;
-	if (tag == NULL)
-		tag = rte_pktmbuf_mtod_offset(mbuf_dst, uint8_t *,
-				op->sym->cipher.data.offset +
-				op->sym->cipher.data.length);
-
 	if (sess->auth.algo == RTE_CRYPTO_AUTH_AES_GMAC) {
 		srclen = 0;
 		offset = op->sym->auth.data.offset;
 		aadlen = op->sym->auth.data.length;
 		aad = rte_pktmbuf_mtod_offset(mbuf_src, uint8_t *,
 				op->sym->auth.data.offset);
-
+		tag = op->sym->auth.digest.data;
+		if (tag == NULL)
+			tag = rte_pktmbuf_mtod_offset(mbuf_dst, uint8_t *,
+				offset + aadlen);
 	} else {
-		srclen = op->sym->cipher.data.length;
+		srclen = op->sym->aead.data.length;
 		dst = rte_pktmbuf_mtod_offset(mbuf_dst, uint8_t *,
-				op->sym->cipher.data.offset);
-		offset = op->sym->cipher.data.offset;
-		aad = op->sym->auth.aad.data;
+				op->sym->aead.data.offset);
+		offset = op->sym->aead.data.offset;
+		aad = op->sym->aead.aad.data;
 		aadlen = sess->auth.aad_length;
+		tag = op->sym->aead.digest.data;
+		if (tag == NULL)
+			tag = rte_pktmbuf_mtod_offset(mbuf_dst, uint8_t *,
+				offset + srclen);
 	}
 
 	if (sess->cipher.direction == RTE_CRYPTO_CIPHER_OP_ENCRYPT)
diff --git a/drivers/crypto/openssl/rte_openssl_pmd_ops.c b/drivers/crypto/openssl/rte_openssl_pmd_ops.c
index fc525d9..26265b8 100644
--- a/drivers/crypto/openssl/rte_openssl_pmd_ops.c
+++ b/drivers/crypto/openssl/rte_openssl_pmd_ops.c
@@ -344,12 +344,12 @@ static const struct rte_cryptodev_capabilities openssl_pmd_capabilities[] = {
 			}, }
 		}, }
 	},
-	{	/* AES GCM (AUTH) */
+	{	/* AES GCM */
 		.op = RTE_CRYPTO_OP_TYPE_SYMMETRIC,
 		{.sym = {
-			.xform_type = RTE_CRYPTO_SYM_XFORM_AUTH,
-			{.auth = {
-				.algo = RTE_CRYPTO_AUTH_AES_GCM,
+			.xform_type = RTE_CRYPTO_SYM_XFORM_AEAD,
+			{.aead = {
+				.algo = RTE_CRYPTO_AEAD_AES_GCM,
 				.block_size = 16,
 				.key_size = {
 					.min = 16,
@@ -366,27 +366,11 @@ static const struct rte_cryptodev_capabilities openssl_pmd_capabilities[] = {
 					.max = 65535,
 					.increment = 1
 				},
-				.iv_size = { 0 }
-			}, }
-		}, }
-	},
-	{	/* AES GCM (CIPHER) */
-		.op = RTE_CRYPTO_OP_TYPE_SYMMETRIC,
-		{.sym = {
-			.xform_type = RTE_CRYPTO_SYM_XFORM_CIPHER,
-			{.cipher = {
-				.algo = RTE_CRYPTO_CIPHER_AES_GCM,
-				.block_size = 16,
-				.key_size = {
-					.min = 16,
-					.max = 32,
-					.increment = 8
-				},
 				.iv_size = {
 					.min = 12,
 					.max = 16,
 					.increment = 4
-				}
+				},
 			}, }
 		}, }
 	},
diff --git a/drivers/crypto/openssl/rte_openssl_pmd_private.h b/drivers/crypto/openssl/rte_openssl_pmd_private.h
index 4c9be05..7799407 100644
--- a/drivers/crypto/openssl/rte_openssl_pmd_private.h
+++ b/drivers/crypto/openssl/rte_openssl_pmd_private.h
@@ -113,6 +113,10 @@ struct openssl_session {
 		uint16_t offset;
 	} iv;
 	/**< IV parameters */
+
+	enum rte_crypto_aead_algorithm aead_algo;
+	/**< AEAD algorithm */
+
 	/** Cipher Parameters */
 	struct {
 		enum rte_crypto_cipher_operation direction;
diff --git a/drivers/crypto/qat/qat_crypto.c b/drivers/crypto/qat/qat_crypto.c
index dfd778c..c02defc 100644
--- a/drivers/crypto/qat/qat_crypto.c
+++ b/drivers/crypto/qat/qat_crypto.c
@@ -246,6 +246,14 @@ qat_get_cmd_id(const struct rte_crypto_sym_xform *xform)
 	if (xform->type == RTE_CRYPTO_SYM_XFORM_AUTH && xform->next == NULL)
 		return ICP_QAT_FW_LA_CMD_AUTH;
 
+	/* AEAD */
+	if (xform->type == RTE_CRYPTO_SYM_XFORM_AEAD) {
+		if (xform->aead.op == RTE_CRYPTO_AEAD_OP_ENCRYPT)
+			return ICP_QAT_FW_LA_CMD_CIPHER_HASH;
+		else
+			return ICP_QAT_FW_LA_CMD_HASH_CIPHER;
+	}
+
 	if (xform->next == NULL)
 		return -1;
 
@@ -310,14 +318,6 @@ qat_crypto_sym_configure_session_cipher(struct rte_cryptodev *dev,
 		}
 		session->qat_mode = ICP_QAT_HW_CIPHER_CBC_MODE;
 		break;
-	case RTE_CRYPTO_CIPHER_AES_GCM:
-		if (qat_alg_validate_aes_key(cipher_xform->key.length,
-				&session->qat_cipher_alg) != 0) {
-			PMD_DRV_LOG(ERR, "Invalid AES cipher key size");
-			goto error_out;
-		}
-		session->qat_mode = ICP_QAT_HW_CIPHER_CTR_MODE;
-		break;
 	case RTE_CRYPTO_CIPHER_AES_CTR:
 		if (qat_alg_validate_aes_key(cipher_xform->key.length,
 				&session->qat_cipher_alg) != 0) {
@@ -418,7 +418,6 @@ qat_crypto_sym_configure_session_cipher(struct rte_cryptodev *dev,
 		break;
 	case RTE_CRYPTO_CIPHER_3DES_ECB:
 	case RTE_CRYPTO_CIPHER_AES_ECB:
-	case RTE_CRYPTO_CIPHER_AES_CCM:
 	case RTE_CRYPTO_CIPHER_AES_F8:
 	case RTE_CRYPTO_CIPHER_AES_XTS:
 	case RTE_CRYPTO_CIPHER_ARC4:
@@ -476,12 +475,26 @@ qat_crypto_sym_configure_session(struct rte_cryptodev *dev,
 	session = qat_crypto_sym_configure_session_auth(dev, xform, session);
 		break;
 	case ICP_QAT_FW_LA_CMD_CIPHER_HASH:
-	session = qat_crypto_sym_configure_session_cipher(dev, xform, session);
-	session = qat_crypto_sym_configure_session_auth(dev, xform, session);
+		if (xform->type == RTE_CRYPTO_SYM_XFORM_AEAD)
+			session = qat_crypto_sym_configure_session_aead(xform,
+					session);
+		else {
+			session = qat_crypto_sym_configure_session_cipher(dev,
+					xform, session);
+			session = qat_crypto_sym_configure_session_auth(dev,
+					xform, session);
+		}
 		break;
 	case ICP_QAT_FW_LA_CMD_HASH_CIPHER:
-	session = qat_crypto_sym_configure_session_auth(dev, xform, session);
-	session = qat_crypto_sym_configure_session_cipher(dev, xform, session);
+		if (xform->type == RTE_CRYPTO_SYM_XFORM_AEAD)
+			session = qat_crypto_sym_configure_session_aead(xform,
+					session);
+		else {
+			session = qat_crypto_sym_configure_session_auth(dev,
+					xform, session);
+			session = qat_crypto_sym_configure_session_cipher(dev,
+					xform, session);
+		}
 		break;
 	case ICP_QAT_FW_LA_CMD_TRNG_GET_RANDOM:
 	case ICP_QAT_FW_LA_CMD_TRNG_TEST:
@@ -515,7 +528,6 @@ qat_crypto_sym_configure_session_auth(struct rte_cryptodev *dev,
 
 	struct qat_session *session = session_private;
 	struct rte_crypto_auth_xform *auth_xform = NULL;
-	struct rte_crypto_cipher_xform *cipher_xform = NULL;
 	struct qat_pmd_private *internals = dev->data->dev_private;
 	auth_xform = qat_get_auth_xform(xform);
 	uint8_t *key_data = auth_xform->key.data;
@@ -540,14 +552,6 @@ qat_crypto_sym_configure_session_auth(struct rte_cryptodev *dev,
 	case RTE_CRYPTO_AUTH_AES_XCBC_MAC:
 		session->qat_hash_alg = ICP_QAT_HW_AUTH_ALGO_AES_XCBC_MAC;
 		break;
-	case RTE_CRYPTO_AUTH_AES_GCM:
-		cipher_xform = qat_get_cipher_xform(xform);
-
-		session->qat_hash_alg = ICP_QAT_HW_AUTH_ALGO_GALOIS_128;
-
-		key_data = cipher_xform->key.data;
-		key_length = cipher_xform->key.length;
-		break;
 	case RTE_CRYPTO_AUTH_AES_GMAC:
 		if (qat_alg_validate_aes_key(auth_xform->key.length,
 				&session->qat_cipher_alg) != 0) {
@@ -585,7 +589,6 @@ qat_crypto_sym_configure_session_auth(struct rte_cryptodev *dev,
 	case RTE_CRYPTO_AUTH_SHA224:
 	case RTE_CRYPTO_AUTH_SHA384:
 	case RTE_CRYPTO_AUTH_MD5:
-	case RTE_CRYPTO_AUTH_AES_CCM:
 	case RTE_CRYPTO_AUTH_AES_CMAC:
 	case RTE_CRYPTO_AUTH_AES_CBC_MAC:
 		PMD_DRV_LOG(ERR, "Crypto: Unsupported hash alg %u",
@@ -646,7 +649,7 @@ qat_crypto_sym_configure_session_auth(struct rte_cryptodev *dev,
 		if (qat_alg_aead_session_create_content_desc_auth(session,
 				key_data,
 				key_length,
-				auth_xform->add_auth_data_length,
+				0,
 				auth_xform->digest_length,
 				auth_xform->op))
 			goto error_out;
@@ -659,6 +662,85 @@ qat_crypto_sym_configure_session_auth(struct rte_cryptodev *dev,
 	return NULL;
 }
 
+struct qat_session *
+qat_crypto_sym_configure_session_aead(struct rte_crypto_sym_xform *xform,
+				struct qat_session *session_private)
+{
+	struct qat_session *session = session_private;
+	struct rte_crypto_aead_xform *aead_xform = &xform->aead;
+
+	/*
+	 * Store AEAD IV parameters as cipher IV,
+	 * to avoid unnecessary memory usage
+	 */
+	session->cipher_iv.offset = xform->aead.iv.offset;
+	session->cipher_iv.length = xform->aead.iv.length;
+
+	switch (aead_xform->algo) {
+	case RTE_CRYPTO_AEAD_AES_GCM:
+		if (qat_alg_validate_aes_key(aead_xform->key.length,
+				&session->qat_cipher_alg) != 0) {
+			PMD_DRV_LOG(ERR, "Invalid AES key size");
+			goto error_out;
+		}
+		session->qat_mode = ICP_QAT_HW_CIPHER_CTR_MODE;
+		session->qat_hash_alg = ICP_QAT_HW_AUTH_ALGO_GALOIS_128;
+		break;
+	case RTE_CRYPTO_AEAD_AES_CCM:
+		PMD_DRV_LOG(ERR, "Crypto QAT PMD: Unsupported AEAD alg %u",
+				aead_xform->algo);
+		goto error_out;
+	default:
+		PMD_DRV_LOG(ERR, "Crypto: Undefined AEAD specified %u\n",
+				aead_xform->algo);
+		goto error_out;
+	}
+
+	if (aead_xform->op == RTE_CRYPTO_AEAD_OP_ENCRYPT) {
+		session->qat_dir = ICP_QAT_HW_CIPHER_ENCRYPT;
+		/*
+		 * It needs to create cipher desc content first,
+		 * then authentication
+		 */
+		if (qat_alg_aead_session_create_content_desc_cipher(session,
+					aead_xform->key.data,
+					aead_xform->key.length))
+			goto error_out;
+
+		if (qat_alg_aead_session_create_content_desc_auth(session,
+					aead_xform->key.data,
+					aead_xform->key.length,
+					aead_xform->add_auth_data_length,
+					aead_xform->digest_length,
+					RTE_CRYPTO_AUTH_OP_GENERATE))
+			goto error_out;
+	} else {
+		session->qat_dir = ICP_QAT_HW_CIPHER_DECRYPT;
+		/*
+		 * It needs to create authentication desc content first,
+		 * then cipher
+		 */
+		if (qat_alg_aead_session_create_content_desc_auth(session,
+					aead_xform->key.data,
+					aead_xform->key.length,
+					aead_xform->add_auth_data_length,
+					aead_xform->digest_length,
+					RTE_CRYPTO_AUTH_OP_VERIFY))
+			goto error_out;
+
+		if (qat_alg_aead_session_create_content_desc_cipher(session,
+					aead_xform->key.data,
+					aead_xform->key.length))
+			goto error_out;
+	}
+
+	session->digest_length = aead_xform->digest_length;
+	return session;
+
+error_out:
+	return NULL;
+}
+
 unsigned qat_crypto_sym_get_session_private_size(
 		struct rte_cryptodev *dev __rte_unused)
 {
@@ -974,7 +1056,7 @@ qat_write_hw_desc_entry(struct rte_crypto_op *op, uint8_t *out_msg,
 	struct icp_qat_fw_la_cipher_req_params *cipher_param;
 	struct icp_qat_fw_la_auth_req_params *auth_param;
 	register struct icp_qat_fw_la_bulk_req *qat_req;
-	uint8_t do_auth = 0, do_cipher = 0;
+	uint8_t do_auth = 0, do_cipher = 0, do_aead = 0;
 	uint32_t cipher_len = 0, cipher_ofs = 0;
 	uint32_t auth_len = 0, auth_ofs = 0;
 	uint32_t min_ofs = 0;
@@ -1008,9 +1090,15 @@ qat_write_hw_desc_entry(struct rte_crypto_op *op, uint8_t *out_msg,
 	auth_param = (void *)((uint8_t *)cipher_param + sizeof(*cipher_param));
 
 	if (ctx->qat_cmd == ICP_QAT_FW_LA_CMD_HASH_CIPHER ||
-		ctx->qat_cmd == ICP_QAT_FW_LA_CMD_CIPHER_HASH) {
-		do_auth = 1;
-		do_cipher = 1;
+			ctx->qat_cmd == ICP_QAT_FW_LA_CMD_CIPHER_HASH) {
+		/* AES-GCM */
+		if (ctx->qat_hash_alg == ICP_QAT_HW_AUTH_ALGO_GALOIS_128 ||
+				ctx->qat_hash_alg == ICP_QAT_HW_AUTH_ALGO_GALOIS_64) {
+			do_aead = 1;
+		} else {
+			do_auth = 1;
+			do_cipher = 1;
+		}
 	} else if (ctx->qat_cmd == ICP_QAT_FW_LA_CMD_AUTH) {
 		do_auth = 1;
 		do_cipher = 0;
@@ -1103,18 +1191,10 @@ qat_write_hw_desc_entry(struct rte_crypto_op *op, uint8_t *out_msg,
 					ICP_QAT_HW_AUTH_ALGO_GALOIS_128 ||
 				ctx->qat_hash_alg ==
 					ICP_QAT_HW_AUTH_ALGO_GALOIS_64) {
-			/* AES-GCM */
-			if (do_cipher) {
-				auth_ofs = op->sym->cipher.data.offset;
-				auth_len = op->sym->cipher.data.length;
-
-				auth_param->u1.aad_adr = op->sym->auth.aad.phys_addr;
 			/* AES-GMAC */
-			} else {
-				set_cipher_iv(ctx->auth_iv.length,
-					ctx->auth_iv.offset,
-					cipher_param, op, qat_req);
-			}
+			set_cipher_iv(ctx->auth_iv.length,
+				ctx->auth_iv.offset,
+				cipher_param, op, qat_req);
 		} else {
 			auth_ofs = op->sym->auth.data.offset;
 			auth_len = op->sym->auth.data.length;
@@ -1125,6 +1205,19 @@ qat_write_hw_desc_entry(struct rte_crypto_op *op, uint8_t *out_msg,
 
 	}
 
+	if (do_aead) {
+		cipher_len = op->sym->aead.data.length;
+		cipher_ofs = op->sym->aead.data.offset;
+		auth_len = op->sym->aead.data.length;
+		auth_ofs = op->sym->aead.data.offset;
+
+		auth_param->u1.aad_adr = op->sym->aead.aad.phys_addr;
+		auth_param->auth_res_addr = op->sym->aead.digest.phys_addr;
+		set_cipher_iv(ctx->cipher_iv.length, ctx->cipher_iv.offset,
+				cipher_param, op, qat_req);
+		min_ofs = op->sym->aead.data.offset;
+	}
+
 	if (op->sym->m_src->next || (op->sym->m_dst && op->sym->m_dst->next))
 		do_sgl = 1;
 
@@ -1166,7 +1259,7 @@ qat_write_hw_desc_entry(struct rte_crypto_op *op, uint8_t *out_msg,
 		dst_buf_start = src_buf_start;
 	}
 
-	if (do_cipher) {
+	if (do_cipher || do_aead) {
 		cipher_param->cipher_offset =
 				(uint32_t)rte_pktmbuf_mtophys_offset(
 				op->sym->m_src, cipher_ofs) - src_buf_start;
@@ -1175,7 +1268,8 @@ qat_write_hw_desc_entry(struct rte_crypto_op *op, uint8_t *out_msg,
 		cipher_param->cipher_offset = 0;
 		cipher_param->cipher_length = 0;
 	}
-	if (do_auth) {
+
+	if (do_auth || do_aead) {
 		auth_param->auth_off = (uint32_t)rte_pktmbuf_mtophys_offset(
 				op->sym->m_src, auth_ofs) - src_buf_start;
 		auth_param->auth_len = auth_len;
@@ -1183,6 +1277,7 @@ qat_write_hw_desc_entry(struct rte_crypto_op *op, uint8_t *out_msg,
 		auth_param->auth_off = 0;
 		auth_param->auth_len = 0;
 	}
+
 	qat_req->comn_mid.dst_length =
 		qat_req->comn_mid.src_length =
 		(cipher_param->cipher_offset + cipher_param->cipher_length)
@@ -1241,7 +1336,7 @@ qat_write_hw_desc_entry(struct rte_crypto_op *op, uint8_t *out_msg,
 				ICP_QAT_FW_LA_GCM_IV_LEN_12_OCTETS);
 		}
 		/* GMAC */
-		if (!do_cipher) {
+		if (!do_aead) {
 			qat_req->comn_mid.dst_length =
 				qat_req->comn_mid.src_length =
 					rte_pktmbuf_data_len(op->sym->m_src);
@@ -1276,7 +1371,12 @@ qat_write_hw_desc_entry(struct rte_crypto_op *op, uint8_t *out_msg,
 		}
 		rte_hexdump(stdout, "digest:", op->sym->auth.digest.data,
 				ctx->digest_length);
-		rte_hexdump(stdout, "aad:", op->sym->auth.aad.data,
+	}
+
+	if (do_aead) {
+		rte_hexdump(stdout, "digest:", op->sym->aead.digest.data,
+				ctx->digest_length);
+		rte_hexdump(stdout, "aad:", op->sym->aead.aad.data,
 				ctx->aad_len);
 	}
 #endif
diff --git a/drivers/crypto/qat/qat_crypto.h b/drivers/crypto/qat/qat_crypto.h
index b740d6b..f76f3ca 100644
--- a/drivers/crypto/qat/qat_crypto.h
+++ b/drivers/crypto/qat/qat_crypto.h
@@ -117,6 +117,10 @@ qat_crypto_sym_configure_session(struct rte_cryptodev *dev,
 		struct rte_crypto_sym_xform *xform, void *session_private);
 
 struct qat_session *
+qat_crypto_sym_configure_session_aead(struct rte_crypto_sym_xform *xform,
+				struct qat_session *session_private);
+
+struct qat_session *
 qat_crypto_sym_configure_session_auth(struct rte_cryptodev *dev,
 				struct rte_crypto_sym_xform *xform,
 				struct qat_session *session_private);
diff --git a/drivers/crypto/qat/qat_crypto_capabilities.h b/drivers/crypto/qat/qat_crypto_capabilities.h
index d863ccd..fee8ee1 100644
--- a/drivers/crypto/qat/qat_crypto_capabilities.h
+++ b/drivers/crypto/qat/qat_crypto_capabilities.h
@@ -189,12 +189,12 @@
 			}, }						\
 		}, }							\
 	},								\
-	{	/* AES GCM (AUTH) */					\
+	{	/* AES GCM */						\
 		.op = RTE_CRYPTO_OP_TYPE_SYMMETRIC,			\
 		{.sym = {						\
-			.xform_type = RTE_CRYPTO_SYM_XFORM_AUTH,	\
-			{.auth = {					\
-				.algo = RTE_CRYPTO_AUTH_AES_GCM,	\
+			.xform_type = RTE_CRYPTO_SYM_XFORM_AEAD,	\
+			{.aead = {					\
+				.algo = RTE_CRYPTO_AEAD_AES_GCM,	\
 				.block_size = 16,			\
 				.key_size = {				\
 					.min = 16,			\
@@ -211,7 +211,11 @@
 					.max = 240,			\
 					.increment = 1			\
 				},					\
-				.iv_size = { 0 }			\
+				.iv_size = {				\
+					.min = 12,			\
+					.max = 12,			\
+					.increment = 0			\
+				},					\
 			}, }						\
 		}, }							\
 	},								\
@@ -266,26 +270,6 @@
 			}, }						\
 		}, }							\
 	},								\
-	{	/* AES GCM (CIPHER) */					\
-		.op = RTE_CRYPTO_OP_TYPE_SYMMETRIC,			\
-		{.sym = {						\
-			.xform_type = RTE_CRYPTO_SYM_XFORM_CIPHER,	\
-			{.cipher = {					\
-				.algo = RTE_CRYPTO_CIPHER_AES_GCM,	\
-				.block_size = 16,			\
-				.key_size = {				\
-					.min = 16,			\
-					.max = 32,			\
-					.increment = 8			\
-				},					\
-				.iv_size = {				\
-					.min = 12,			\
-					.max = 12,			\
-					.increment = 0			\
-				}					\
-			}, }						\
-		}, }							\
-	},								\
 	{	/* AES CBC */						\
 		.op = RTE_CRYPTO_OP_TYPE_SYMMETRIC,			\
 		{.sym = {						\
diff --git a/examples/ipsec-secgw/esp.c b/examples/ipsec-secgw/esp.c
index d544a3c..c1dbd15 100644
--- a/examples/ipsec-secgw/esp.c
+++ b/examples/ipsec-secgw/esp.c
@@ -84,62 +84,79 @@ esp_inbound(struct rte_mbuf *m, struct ipsec_sa *sa,
 	}
 
 	sym_cop = get_sym_cop(cop);
-
 	sym_cop->m_src = m;
-	sym_cop->cipher.data.offset =  ip_hdr_len + sizeof(struct esp_hdr) +
-		sa->iv_len;
-	sym_cop->cipher.data.length = payload_len;
-
-	struct cnt_blk *icb;
-	uint8_t *aad;
-	uint8_t *iv = RTE_PTR_ADD(ip4, ip_hdr_len + sizeof(struct esp_hdr));
-	uint8_t *iv_ptr = rte_crypto_op_ctod_offset(cop,
-				uint8_t *, IV_OFFSET);
-
-	switch (sa->cipher_algo) {
-	case RTE_CRYPTO_CIPHER_NULL:
-	case RTE_CRYPTO_CIPHER_AES_CBC:
-		/* Copy IV at the end of crypto operation */
-		rte_memcpy(iv_ptr, iv, sa->iv_len);
-		break;
-	case RTE_CRYPTO_CIPHER_AES_CTR:
-	case RTE_CRYPTO_CIPHER_AES_GCM:
+
+	if (sa->aead_algo == RTE_CRYPTO_AEAD_AES_GCM) {
+		sym_cop->aead.data.offset =  ip_hdr_len + sizeof(struct esp_hdr) +
+			sa->iv_len;
+		sym_cop->aead.data.length = payload_len;
+
+		struct cnt_blk *icb;
+		uint8_t *aad;
+		uint8_t *iv = RTE_PTR_ADD(ip4, ip_hdr_len + sizeof(struct esp_hdr));
+
 		icb = get_cnt_blk(m);
 		icb->salt = sa->salt;
 		memcpy(&icb->iv, iv, 8);
 		icb->cnt = rte_cpu_to_be_32(1);
-		break;
-	default:
-		RTE_LOG(ERR, IPSEC_ESP, "unsupported cipher algorithm %u\n",
-				sa->cipher_algo);
-		return -EINVAL;
-	}
 
-	switch (sa->auth_algo) {
-	case RTE_CRYPTO_AUTH_NULL:
-	case RTE_CRYPTO_AUTH_SHA1_HMAC:
-	case RTE_CRYPTO_AUTH_SHA256_HMAC:
-		sym_cop->auth.data.offset = ip_hdr_len;
-		sym_cop->auth.data.length = sizeof(struct esp_hdr) +
-			sa->iv_len + payload_len;
-		break;
-	case RTE_CRYPTO_AUTH_AES_GCM:
 		aad = get_aad(m);
 		memcpy(aad, iv - sizeof(struct esp_hdr), 8);
-		sym_cop->auth.aad.data = aad;
-		sym_cop->auth.aad.phys_addr = rte_pktmbuf_mtophys_offset(m,
+		sym_cop->aead.aad.data = aad;
+		sym_cop->aead.aad.phys_addr = rte_pktmbuf_mtophys_offset(m,
 				aad - rte_pktmbuf_mtod(m, uint8_t *));
-		break;
-	default:
-		RTE_LOG(ERR, IPSEC_ESP, "unsupported auth algorithm %u\n",
-				sa->auth_algo);
-		return -EINVAL;
-	}
 
-	sym_cop->auth.digest.data = rte_pktmbuf_mtod_offset(m, void*,
-			rte_pktmbuf_pkt_len(m) - sa->digest_len);
-	sym_cop->auth.digest.phys_addr = rte_pktmbuf_mtophys_offset(m,
-			rte_pktmbuf_pkt_len(m) - sa->digest_len);
+		sym_cop->aead.digest.data = rte_pktmbuf_mtod_offset(m, void*,
+				rte_pktmbuf_pkt_len(m) - sa->digest_len);
+		sym_cop->aead.digest.phys_addr = rte_pktmbuf_mtophys_offset(m,
+				rte_pktmbuf_pkt_len(m) - sa->digest_len);
+	} else {
+		sym_cop->cipher.data.offset =  ip_hdr_len + sizeof(struct esp_hdr) +
+			sa->iv_len;
+		sym_cop->cipher.data.length = payload_len;
+
+		struct cnt_blk *icb;
+		uint8_t *iv = RTE_PTR_ADD(ip4, ip_hdr_len + sizeof(struct esp_hdr));
+		uint8_t *iv_ptr = rte_crypto_op_ctod_offset(cop,
+					uint8_t *, IV_OFFSET);
+
+		switch (sa->cipher_algo) {
+		case RTE_CRYPTO_CIPHER_NULL:
+		case RTE_CRYPTO_CIPHER_AES_CBC:
+			/* Copy IV at the end of crypto operation */
+			rte_memcpy(iv_ptr, iv, sa->iv_len);
+			break;
+		case RTE_CRYPTO_CIPHER_AES_CTR:
+			icb = get_cnt_blk(m);
+			icb->salt = sa->salt;
+			memcpy(&icb->iv, iv, 8);
+			icb->cnt = rte_cpu_to_be_32(1);
+			break;
+		default:
+			RTE_LOG(ERR, IPSEC_ESP, "unsupported cipher algorithm %u\n",
+					sa->cipher_algo);
+			return -EINVAL;
+		}
+
+		switch (sa->auth_algo) {
+		case RTE_CRYPTO_AUTH_NULL:
+		case RTE_CRYPTO_AUTH_SHA1_HMAC:
+		case RTE_CRYPTO_AUTH_SHA256_HMAC:
+			sym_cop->auth.data.offset = ip_hdr_len;
+			sym_cop->auth.data.length = sizeof(struct esp_hdr) +
+				sa->iv_len + payload_len;
+			break;
+		default:
+			RTE_LOG(ERR, IPSEC_ESP, "unsupported auth algorithm %u\n",
+					sa->auth_algo);
+			return -EINVAL;
+		}
+
+		sym_cop->auth.digest.data = rte_pktmbuf_mtod_offset(m, void*,
+				rte_pktmbuf_pkt_len(m) - sa->digest_len);
+		sym_cop->auth.digest.phys_addr = rte_pktmbuf_mtophys_offset(m,
+				rte_pktmbuf_pkt_len(m) - sa->digest_len);
+	}
 
 	return 0;
 }
@@ -308,65 +325,87 @@ esp_outbound(struct rte_mbuf *m, struct ipsec_sa *sa,
 
 	sym_cop = get_sym_cop(cop);
 	sym_cop->m_src = m;
-	switch (sa->cipher_algo) {
-	case RTE_CRYPTO_CIPHER_NULL:
-	case RTE_CRYPTO_CIPHER_AES_CBC:
-		memset(iv, 0, sa->iv_len);
-		sym_cop->cipher.data.offset = ip_hdr_len +
-			sizeof(struct esp_hdr);
-		sym_cop->cipher.data.length = pad_payload_len + sa->iv_len;
-		break;
-	case RTE_CRYPTO_CIPHER_AES_CTR:
-	case RTE_CRYPTO_CIPHER_AES_GCM:
+
+	if (sa->aead_algo == RTE_CRYPTO_AEAD_AES_GCM) {
+		uint8_t *aad;
+
 		*iv = sa->seq;
-		sym_cop->cipher.data.offset = ip_hdr_len +
+		sym_cop->aead.data.offset = ip_hdr_len +
 			sizeof(struct esp_hdr) + sa->iv_len;
-		sym_cop->cipher.data.length = pad_payload_len;
-		break;
-	default:
-		RTE_LOG(ERR, IPSEC_ESP, "unsupported cipher algorithm %u\n",
-				sa->cipher_algo);
-		return -EINVAL;
-	}
+		sym_cop->aead.data.length = pad_payload_len;
+
+		/* Fill pad_len using default sequential scheme */
+		for (i = 0; i < pad_len - 2; i++)
+			padding[i] = i + 1;
+		padding[pad_len - 2] = pad_len - 2;
+		padding[pad_len - 1] = nlp;
+
+		struct cnt_blk *icb = get_cnt_blk(m);
+		icb->salt = sa->salt;
+		icb->iv = sa->seq;
+		icb->cnt = rte_cpu_to_be_32(1);
 
-	/* Fill pad_len using default sequential scheme */
-	for (i = 0; i < pad_len - 2; i++)
-		padding[i] = i + 1;
-	padding[pad_len - 2] = pad_len - 2;
-	padding[pad_len - 1] = nlp;
-
-	struct cnt_blk *icb = get_cnt_blk(m);
-	icb->salt = sa->salt;
-	icb->iv = sa->seq;
-	icb->cnt = rte_cpu_to_be_32(1);
-
-	uint8_t *aad;
-
-	switch (sa->auth_algo) {
-	case RTE_CRYPTO_AUTH_NULL:
-	case RTE_CRYPTO_AUTH_SHA1_HMAC:
-	case RTE_CRYPTO_AUTH_SHA256_HMAC:
-		sym_cop->auth.data.offset = ip_hdr_len;
-		sym_cop->auth.data.length = sizeof(struct esp_hdr) +
-			sa->iv_len + pad_payload_len;
-		break;
-	case RTE_CRYPTO_AUTH_AES_GCM:
 		aad = get_aad(m);
 		memcpy(aad, esp, 8);
-		sym_cop->auth.aad.data = aad;
-		sym_cop->auth.aad.phys_addr = rte_pktmbuf_mtophys_offset(m,
+		sym_cop->aead.aad.data = aad;
+		sym_cop->aead.aad.phys_addr = rte_pktmbuf_mtophys_offset(m,
 				aad - rte_pktmbuf_mtod(m, uint8_t *));
-		break;
-	default:
-		RTE_LOG(ERR, IPSEC_ESP, "unsupported auth algorithm %u\n",
-				sa->auth_algo);
-		return -EINVAL;
-	}
 
-	sym_cop->auth.digest.data = rte_pktmbuf_mtod_offset(m, uint8_t *,
+		sym_cop->aead.digest.data = rte_pktmbuf_mtod_offset(m, uint8_t *,
 			rte_pktmbuf_pkt_len(m) - sa->digest_len);
-	sym_cop->auth.digest.phys_addr = rte_pktmbuf_mtophys_offset(m,
+		sym_cop->aead.digest.phys_addr = rte_pktmbuf_mtophys_offset(m,
 			rte_pktmbuf_pkt_len(m) - sa->digest_len);
+	} else {
+		switch (sa->cipher_algo) {
+		case RTE_CRYPTO_CIPHER_NULL:
+		case RTE_CRYPTO_CIPHER_AES_CBC:
+			memset(iv, 0, sa->iv_len);
+			sym_cop->cipher.data.offset = ip_hdr_len +
+				sizeof(struct esp_hdr);
+			sym_cop->cipher.data.length = pad_payload_len + sa->iv_len;
+			break;
+		case RTE_CRYPTO_CIPHER_AES_CTR:
+			*iv = sa->seq;
+			sym_cop->cipher.data.offset = ip_hdr_len +
+				sizeof(struct esp_hdr) + sa->iv_len;
+			sym_cop->cipher.data.length = pad_payload_len;
+			break;
+		default:
+			RTE_LOG(ERR, IPSEC_ESP, "unsupported cipher algorithm %u\n",
+					sa->cipher_algo);
+			return -EINVAL;
+		}
+
+		/* Fill pad_len using default sequential scheme */
+		for (i = 0; i < pad_len - 2; i++)
+			padding[i] = i + 1;
+		padding[pad_len - 2] = pad_len - 2;
+		padding[pad_len - 1] = nlp;
+
+		struct cnt_blk *icb = get_cnt_blk(m);
+		icb->salt = sa->salt;
+		icb->iv = sa->seq;
+		icb->cnt = rte_cpu_to_be_32(1);
+
+		switch (sa->auth_algo) {
+		case RTE_CRYPTO_AUTH_NULL:
+		case RTE_CRYPTO_AUTH_SHA1_HMAC:
+		case RTE_CRYPTO_AUTH_SHA256_HMAC:
+			sym_cop->auth.data.offset = ip_hdr_len;
+			sym_cop->auth.data.length = sizeof(struct esp_hdr) +
+				sa->iv_len + pad_payload_len;
+			break;
+		default:
+			RTE_LOG(ERR, IPSEC_ESP, "unsupported auth algorithm %u\n",
+					sa->auth_algo);
+			return -EINVAL;
+		}
+
+		sym_cop->auth.digest.data = rte_pktmbuf_mtod_offset(m, uint8_t *,
+				rte_pktmbuf_pkt_len(m) - sa->digest_len);
+		sym_cop->auth.digest.phys_addr = rte_pktmbuf_mtophys_offset(m,
+				rte_pktmbuf_pkt_len(m) - sa->digest_len);
+	}
 
 	return 0;
 }
diff --git a/examples/ipsec-secgw/sa.c b/examples/ipsec-secgw/sa.c
index 9d80bd3..7971f72 100644
--- a/examples/ipsec-secgw/sa.c
+++ b/examples/ipsec-secgw/sa.c
@@ -64,7 +64,6 @@ struct supported_auth_algo {
 	enum rte_crypto_auth_algorithm algo;
 	uint16_t digest_len;
 	uint16_t key_len;
-	uint8_t aad_len;
 	uint8_t key_not_req;
 };
 
@@ -95,13 +94,6 @@ const struct supported_cipher_algo cipher_algos[] = {
 		.key_len = 16
 	},
 	{
-		.keyword = "aes-128-gcm",
-		.algo = RTE_CRYPTO_CIPHER_AES_GCM,
-		.iv_len = 8,
-		.block_size = 4,
-		.key_len = 20
-	},
-	{
 		.keyword = "aes-128-ctr",
 		.algo = RTE_CRYPTO_CIPHER_AES_CTR,
 		.iv_len = 8,
@@ -129,18 +121,21 @@ const struct supported_auth_algo auth_algos[] = {
 		.algo = RTE_CRYPTO_AUTH_SHA256_HMAC,
 		.digest_len = 12,
 		.key_len = 32
-	},
+	}
+};
+
+const struct supported_aead_algo aead_algos[] = {
 	{
 		.keyword = "aes-128-gcm",
-		.algo = RTE_CRYPTO_AUTH_AES_GCM,
+		.algo = RTE_CRYPTO_AEAD_AES_GCM,
+		.iv_len = 8,
+		.block_size = 4,
+		.key_len = 20,
 		.digest_len = 16,
 		.aad_len = 8,
-		.key_not_req = 1
 	}
 };
 
-const struct supported_aead_algo aead_algos[] = { { } };
-
 struct ipsec_sa sa_out[IPSEC_SA_MAX_ENTRIES];
 uint32_t nb_sa_out;
 
@@ -349,8 +344,7 @@ parse_sa_tokens(char **tokens, uint32_t n_tokens,
 			if (algo->algo == RTE_CRYPTO_CIPHER_AES_CBC)
 				rule->salt = (uint32_t)rte_rand();
 
-			if ((algo->algo == RTE_CRYPTO_CIPHER_AES_CTR) ||
-				(algo->algo == RTE_CRYPTO_CIPHER_AES_GCM)) {
+			if (algo->algo == RTE_CRYPTO_CIPHER_AES_CTR) {
 				key_len -= 4;
 				rule->cipher_key_len = key_len;
 				memcpy(&rule->salt,
@@ -712,75 +706,110 @@ sa_add_rules(struct sa_ctx *sa_ctx, const struct ipsec_sa entries[],
 			sa->dst.ip.ip4 = rte_cpu_to_be_32(sa->dst.ip.ip4);
 		}
 
-		switch (sa->cipher_algo) {
-		case RTE_CRYPTO_CIPHER_NULL:
-		case RTE_CRYPTO_CIPHER_AES_CBC:
-			iv_length = sa->iv_len;
-			break;
-		case RTE_CRYPTO_CIPHER_AES_CTR:
-		case RTE_CRYPTO_CIPHER_AES_GCM:
+		if (sa->aead_algo == RTE_CRYPTO_AEAD_AES_GCM) {
 			iv_length = 16;
-			break;
-		default:
-			RTE_LOG(ERR, IPSEC_ESP, "unsupported cipher algorithm %u\n",
-					sa->cipher_algo);
-			return -EINVAL;
-		}
 
-		if (inbound) {
-			sa_ctx->xf[idx].b.type = RTE_CRYPTO_SYM_XFORM_CIPHER;
-			sa_ctx->xf[idx].b.cipher.algo = sa->cipher_algo;
-			sa_ctx->xf[idx].b.cipher.key.data = sa->cipher_key;
-			sa_ctx->xf[idx].b.cipher.key.length =
-				sa->cipher_key_len;
-			sa_ctx->xf[idx].b.cipher.op =
-				RTE_CRYPTO_CIPHER_OP_DECRYPT;
-			sa_ctx->xf[idx].b.cipher.iv.offset = IV_OFFSET;
-			sa_ctx->xf[idx].b.cipher.iv.length = iv_length;
-			sa_ctx->xf[idx].b.next = NULL;
+			if (inbound) {
+				sa_ctx->xf[idx].a.type = RTE_CRYPTO_SYM_XFORM_AEAD;
+				sa_ctx->xf[idx].a.aead.algo = sa->aead_algo;
+				sa_ctx->xf[idx].a.aead.key.data = sa->cipher_key;
+				sa_ctx->xf[idx].a.aead.key.length =
+					sa->cipher_key_len;
+				sa_ctx->xf[idx].a.aead.op =
+					RTE_CRYPTO_AEAD_OP_DECRYPT;
+				sa_ctx->xf[idx].a.next = NULL;
+				sa_ctx->xf[idx].a.aead.iv.offset = IV_OFFSET;
+				sa_ctx->xf[idx].a.aead.iv.length = iv_length;
+				sa_ctx->xf[idx].a.aead.add_auth_data_length =
+					sa->aad_len;
+				sa_ctx->xf[idx].a.aead.digest_length =
+					sa->digest_len;
+			} else { /* outbound */
+				sa_ctx->xf[idx].a.type = RTE_CRYPTO_SYM_XFORM_AEAD;
+				sa_ctx->xf[idx].a.aead.algo = sa->aead_algo;
+				sa_ctx->xf[idx].a.aead.key.data = sa->cipher_key;
+				sa_ctx->xf[idx].a.aead.key.length =
+					sa->cipher_key_len;
+				sa_ctx->xf[idx].a.aead.op =
+					RTE_CRYPTO_AEAD_OP_ENCRYPT;
+				sa_ctx->xf[idx].a.next = NULL;
+				sa_ctx->xf[idx].a.aead.iv.offset = IV_OFFSET;
+				sa_ctx->xf[idx].a.aead.iv.length = iv_length;
+				sa_ctx->xf[idx].a.aead.add_auth_data_length =
+					sa->aad_len;
+				sa_ctx->xf[idx].a.aead.digest_length =
+					sa->digest_len;
+			}
 
-			sa_ctx->xf[idx].a.type = RTE_CRYPTO_SYM_XFORM_AUTH;
-			sa_ctx->xf[idx].a.auth.algo = sa->auth_algo;
-			sa_ctx->xf[idx].a.auth.add_auth_data_length =
-				sa->aad_len;
-			sa_ctx->xf[idx].a.auth.key.data = sa->auth_key;
-			sa_ctx->xf[idx].a.auth.key.length =
-				sa->auth_key_len;
-			sa_ctx->xf[idx].a.auth.digest_length =
-				sa->digest_len;
-			sa_ctx->xf[idx].a.auth.op =
-				RTE_CRYPTO_AUTH_OP_VERIFY;
-
-		} else { /* outbound */
-			sa_ctx->xf[idx].a.type = RTE_CRYPTO_SYM_XFORM_CIPHER;
-			sa_ctx->xf[idx].a.cipher.algo = sa->cipher_algo;
-			sa_ctx->xf[idx].a.cipher.key.data = sa->cipher_key;
-			sa_ctx->xf[idx].a.cipher.key.length =
-				sa->cipher_key_len;
-			sa_ctx->xf[idx].a.cipher.op =
-				RTE_CRYPTO_CIPHER_OP_ENCRYPT;
-			sa_ctx->xf[idx].a.cipher.iv.offset = IV_OFFSET;
-			sa_ctx->xf[idx].a.cipher.iv.length = iv_length;
-			sa_ctx->xf[idx].a.next = NULL;
-
-			sa_ctx->xf[idx].b.type = RTE_CRYPTO_SYM_XFORM_AUTH;
-			sa_ctx->xf[idx].b.auth.algo = sa->auth_algo;
-			sa_ctx->xf[idx].b.auth.add_auth_data_length =
-				sa->aad_len;
-			sa_ctx->xf[idx].b.auth.key.data = sa->auth_key;
-			sa_ctx->xf[idx].b.auth.key.length =
-				sa->auth_key_len;
-			sa_ctx->xf[idx].b.auth.digest_length =
-				sa->digest_len;
-			sa_ctx->xf[idx].b.auth.op =
-				RTE_CRYPTO_AUTH_OP_GENERATE;
-		}
+			sa->xforms = &sa_ctx->xf[idx].a;
 
-		sa_ctx->xf[idx].a.next = &sa_ctx->xf[idx].b;
-		sa_ctx->xf[idx].b.next = NULL;
-		sa->xforms = &sa_ctx->xf[idx].a;
+			print_one_sa_rule(sa, inbound);
+		} else {
+			switch (sa->cipher_algo) {
+			case RTE_CRYPTO_CIPHER_NULL:
+			case RTE_CRYPTO_CIPHER_AES_CBC:
+				iv_length = sa->iv_len;
+				break;
+			case RTE_CRYPTO_CIPHER_AES_CTR:
+				iv_length = 16;
+				break;
+			default:
+				RTE_LOG(ERR, IPSEC_ESP,
+						"unsupported cipher algorithm %u\n",
+						sa->cipher_algo);
+				return -EINVAL;
+			}
+
+			if (inbound) {
+				sa_ctx->xf[idx].b.type = RTE_CRYPTO_SYM_XFORM_CIPHER;
+				sa_ctx->xf[idx].b.cipher.algo = sa->cipher_algo;
+				sa_ctx->xf[idx].b.cipher.key.data = sa->cipher_key;
+				sa_ctx->xf[idx].b.cipher.key.length =
+					sa->cipher_key_len;
+				sa_ctx->xf[idx].b.cipher.op =
+					RTE_CRYPTO_CIPHER_OP_DECRYPT;
+				sa_ctx->xf[idx].b.next = NULL;
+				sa_ctx->xf[idx].b.cipher.iv.offset = IV_OFFSET;
+				sa_ctx->xf[idx].b.cipher.iv.length = iv_length;
+
+				sa_ctx->xf[idx].a.type = RTE_CRYPTO_SYM_XFORM_AUTH;
+				sa_ctx->xf[idx].a.auth.algo = sa->auth_algo;
+				sa_ctx->xf[idx].a.auth.key.data = sa->auth_key;
+				sa_ctx->xf[idx].a.auth.key.length =
+					sa->auth_key_len;
+				sa_ctx->xf[idx].a.auth.digest_length =
+					sa->digest_len;
+				sa_ctx->xf[idx].a.auth.op =
+					RTE_CRYPTO_AUTH_OP_VERIFY;
+			} else { /* outbound */
+				sa_ctx->xf[idx].a.type = RTE_CRYPTO_SYM_XFORM_CIPHER;
+				sa_ctx->xf[idx].a.cipher.algo = sa->cipher_algo;
+				sa_ctx->xf[idx].a.cipher.key.data = sa->cipher_key;
+				sa_ctx->xf[idx].a.cipher.key.length =
+					sa->cipher_key_len;
+				sa_ctx->xf[idx].a.cipher.op =
+					RTE_CRYPTO_CIPHER_OP_ENCRYPT;
+				sa_ctx->xf[idx].a.next = NULL;
+				sa_ctx->xf[idx].a.cipher.iv.offset = IV_OFFSET;
+				sa_ctx->xf[idx].a.cipher.iv.length = iv_length;
+
+				sa_ctx->xf[idx].b.type = RTE_CRYPTO_SYM_XFORM_AUTH;
+				sa_ctx->xf[idx].b.auth.algo = sa->auth_algo;
+				sa_ctx->xf[idx].b.auth.key.data = sa->auth_key;
+				sa_ctx->xf[idx].b.auth.key.length =
+					sa->auth_key_len;
+				sa_ctx->xf[idx].b.auth.digest_length =
+					sa->digest_len;
+				sa_ctx->xf[idx].b.auth.op =
+					RTE_CRYPTO_AUTH_OP_GENERATE;
+			}
 
-		print_one_sa_rule(sa, inbound);
+			sa_ctx->xf[idx].a.next = &sa_ctx->xf[idx].b;
+			sa_ctx->xf[idx].b.next = NULL;
+			sa->xforms = &sa_ctx->xf[idx].a;
+
+			print_one_sa_rule(sa, inbound);
+		}
 	}
 
 	return 0;
diff --git a/examples/l2fwd-crypto/main.c b/examples/l2fwd-crypto/main.c
index 914f8ed..f28e62a 100644
--- a/examples/l2fwd-crypto/main.c
+++ b/examples/l2fwd-crypto/main.c
@@ -1428,6 +1428,9 @@ l2fwd_crypto_default_options(struct l2fwd_crypto_options *options)
 	options->aead_iv_random_size = -1;
 	options->aead_iv.length = 0;
 
+	options->auth_xform.aead.algo = RTE_CRYPTO_AEAD_AES_GCM;
+	options->auth_xform.aead.op = RTE_CRYPTO_AEAD_OP_ENCRYPT;
+
 	options->aad_param = 0;
 	options->aad_random_size = -1;
 	options->aad.length = 0;
diff --git a/lib/librte_cryptodev/rte_crypto_sym.h b/lib/librte_cryptodev/rte_crypto_sym.h
index f03d2fd..dab042b 100644
--- a/lib/librte_cryptodev/rte_crypto_sym.h
+++ b/lib/librte_cryptodev/rte_crypto_sym.h
@@ -68,27 +68,12 @@ enum rte_crypto_cipher_algorithm {
 
 	RTE_CRYPTO_CIPHER_AES_CBC,
 	/**< AES algorithm in CBC mode */
-	RTE_CRYPTO_CIPHER_AES_CCM,
-	/**< AES algorithm in CCM mode. When this cipher algorithm is used the
-	 * *RTE_CRYPTO_AUTH_AES_CCM* element of the
-	 * *rte_crypto_hash_algorithm* enum MUST be used to set up the related
-	 * *rte_crypto_auth_xform* structure in the session context or in
-	 * the op_params of the crypto operation structure in the case of a
-	 * session-less crypto operation
-	 */
 	RTE_CRYPTO_CIPHER_AES_CTR,
 	/**< AES algorithm in Counter mode */
 	RTE_CRYPTO_CIPHER_AES_ECB,
 	/**< AES algorithm in ECB mode */
 	RTE_CRYPTO_CIPHER_AES_F8,
 	/**< AES algorithm in F8 mode */
-	RTE_CRYPTO_CIPHER_AES_GCM,
-	/**< AES algorithm in GCM mode. When this cipher algorithm is used the
-	 * *RTE_CRYPTO_AUTH_AES_GCM* element of the *rte_crypto_auth_algorithm*
-	 * enum MUST be used to set up the related *rte_crypto_auth_setup_data*
-	 * structure in the session context or in the op_params of the crypto
-	 * operation structure in the case of a session-less crypto operation.
-	 */
 	RTE_CRYPTO_CIPHER_AES_XTS,
 	/**< AES algorithm in XTS mode */
 
@@ -247,25 +232,8 @@ enum rte_crypto_auth_algorithm {
 
 	RTE_CRYPTO_AUTH_AES_CBC_MAC,
 	/**< AES-CBC-MAC algorithm. Only 128-bit keys are supported. */
-	RTE_CRYPTO_AUTH_AES_CCM,
-	/**< AES algorithm in CCM mode. This is an authenticated cipher. When
-	 * this hash algorithm is used, the *RTE_CRYPTO_CIPHER_AES_CCM*
-	 * element of the *rte_crypto_cipher_algorithm* enum MUST be used to
-	 * set up the related rte_crypto_cipher_setup_data structure in the
-	 * session context or the corresponding parameter in the crypto
-	 * operation data structures op_params parameter MUST be set for a
-	 * session-less crypto operation.
-	 */
 	RTE_CRYPTO_AUTH_AES_CMAC,
 	/**< AES CMAC algorithm. */
-	RTE_CRYPTO_AUTH_AES_GCM,
-	/**< AES algorithm in GCM mode. When this hash algorithm
-	 * is used, the RTE_CRYPTO_CIPHER_AES_GCM element of the
-	 * rte_crypto_cipher_algorithm enum MUST be used to set up the related
-	 * rte_crypto_cipher_setup_data structure in the session context, or
-	 * the corresponding parameter in the crypto operation data structures
-	 * op_params parameter MUST be set for a session-less crypto operation.
-	 */
 	RTE_CRYPTO_AUTH_AES_GMAC,
 	/**< AES GMAC algorithm. */
 	RTE_CRYPTO_AUTH_AES_XCBC_MAC,
@@ -363,20 +331,6 @@ struct rte_crypto_auth_xform {
 	 * The maximum permitted value is 65535 (2^16 - 1) bytes, unless
 	 * otherwise specified below.
 	 *
-	 * This field must be specified when the hash algorithm is one of the
-	 * following:
-	 *
-	 * - For GCM (@ref RTE_CRYPTO_AUTH_AES_GCM).  In this case, this is
-	 *   the length of the Additional Authenticated Data (called A, in NIST
-	 *   SP800-38D).
-	 *
-	 * - For CCM (@ref RTE_CRYPTO_AUTH_AES_CCM).  In this case, this is
-	 *   the length of the associated data (called A, in NIST SP800-38C).
-	 *   Note that this does NOT include the length of any padding, or the
-	 *   18 bytes reserved at the start of the above field to store the
-	 *   block B0 and the encoded length.  The maximum permitted value in
-	 *   this case is 222 bytes.
-	 *
 	 */
 
 	struct {
@@ -658,15 +612,6 @@ struct rte_crypto_sym_op {
 					  * also the same as the result length.
 					  *
 					  * @note
-					  * In the case of CCM
-					  * @ref RTE_CRYPTO_AUTH_AES_CCM, this value
-					  * should not include the length of the padding
-					  * or the length of the MAC; the driver will
-					  * compute the actual number of bytes over
-					  * which the encryption will occur, which will
-					  * include these values.
-					  *
-					  * @note
 					  * For SNOW 3G @ RTE_CRYPTO_AUTH_SNOW3G_UEA2,
 					  * KASUMI @ RTE_CRYPTO_CIPHER_KASUMI_F8
 					  * and ZUC @ RTE_CRYPTO_CIPHER_ZUC_EEA3,
@@ -683,12 +628,6 @@ struct rte_crypto_sym_op {
 					  * packet in source buffer.
 					  *
 					  * @note
-					  * For CCM and GCM modes of operation,
-					  * this field is ignored.
-					  * The field @ref aad field should be set
-					  * instead.
-					  *
-					  * @note
 					  * For SNOW 3G @ RTE_CRYPTO_AUTH_SNOW3G_UIA2,
 					  * KASUMI @ RTE_CRYPTO_AUTH_KASUMI_F9
 					  * and ZUC @ RTE_CRYPTO_AUTH_ZUC_EIA3,
@@ -699,11 +638,6 @@ struct rte_crypto_sym_op {
 					  * buffer that the hash will be computed on.
 					  *
 					  * @note
-					  * For CCM and GCM modes of operation,
-					  * this field is ignored. The field @ref aad
-					  * field should be set instead.
-					  *
-					  * @note
 					  * For SNOW 3G @ RTE_CRYPTO_AUTH_SNOW3G_UIA2,
 					  * KASUMI @ RTE_CRYPTO_AUTH_KASUMI_F9
 					  * and ZUC @ RTE_CRYPTO_AUTH_ZUC_EIA3,
@@ -732,9 +666,6 @@ struct rte_crypto_sym_op {
 					 * For digest generation, the digest result
 					 * will overwrite any data at this location.
 					 *
-					 * @note
-					 * For GCM (@ref RTE_CRYPTO_AUTH_AES_GCM), for
-					 * "digest result" read "authentication tag T".
 					 */
 					phys_addr_t phys_addr;
 					/**< Physical address of digest */
@@ -754,37 +685,6 @@ struct rte_crypto_sym_op {
 					 * This length must not exceed 65535 (2^16-1)
 					 * bytes.
 					 *
-					 * Specifically for CCM
-					 * (@ref RTE_CRYPTO_AUTH_AES_CCM),
-					 * the caller should setup this field as follows:
-					 *
-					 * - the nonce should be written starting at
-					 * an offset of one byte into the array,
-					 * leaving room for the implementation to
-					 * write in the flags to the first byte.
-					 *
-					 * - the additional authentication data
-					 * itself should be written starting at
-					 * an offset of 18 bytes into the array,
-					 * leaving room for the length encoding in
-					 * the first two bytes of the second block.
-					 *
-					 * - the array should be big enough to hold
-					 * the above fields, plus any padding to
-					 * round this up to the nearest multiple of
-					 * the block size (16 bytes).
-					 * Padding will be added by the implementation.
-					 *
-					 * Finally, for GCM
-					 * (@ref RTE_CRYPTO_AUTH_AES_GCM), the
-					 * caller should setup this field as follows:
-					 *
-					 * - the AAD is written in starting at byte 0
-					 * - the array must be big enough to hold
-					 * the AAD, plus any space to round this up to
-					 * the nearest multiple of the block size
-					 * (16 bytes).
-					 *
 					 */
 					phys_addr_t phys_addr;	/**< physical address */
 				} aad;
diff --git a/lib/librte_cryptodev/rte_cryptodev.c b/lib/librte_cryptodev/rte_cryptodev.c
index 60dc5e5..497f9ce 100644
--- a/lib/librte_cryptodev/rte_cryptodev.c
+++ b/lib/librte_cryptodev/rte_cryptodev.c
@@ -111,11 +111,9 @@ rte_crypto_cipher_algorithm_strings[] = {
 	[RTE_CRYPTO_CIPHER_3DES_CTR]	= "3des-ctr",
 
 	[RTE_CRYPTO_CIPHER_AES_CBC]	= "aes-cbc",
-	[RTE_CRYPTO_CIPHER_AES_CCM]	= "aes-ccm",
 	[RTE_CRYPTO_CIPHER_AES_CTR]	= "aes-ctr",
 	[RTE_CRYPTO_CIPHER_AES_DOCSISBPI]	= "aes-docsisbpi",
 	[RTE_CRYPTO_CIPHER_AES_ECB]	= "aes-ecb",
-	[RTE_CRYPTO_CIPHER_AES_GCM]	= "aes-gcm",
 	[RTE_CRYPTO_CIPHER_AES_F8]	= "aes-f8",
 	[RTE_CRYPTO_CIPHER_AES_XTS]	= "aes-xts",
 
@@ -148,9 +146,7 @@ rte_crypto_cipher_operation_strings[] = {
 const char *
 rte_crypto_auth_algorithm_strings[] = {
 	[RTE_CRYPTO_AUTH_AES_CBC_MAC]	= "aes-cbc-mac",
-	[RTE_CRYPTO_AUTH_AES_CCM]	= "aes-ccm",
 	[RTE_CRYPTO_AUTH_AES_CMAC]	= "aes-cmac",
-	[RTE_CRYPTO_AUTH_AES_GCM]	= "aes-gcm",
 	[RTE_CRYPTO_AUTH_AES_GMAC]	= "aes-gmac",
 	[RTE_CRYPTO_AUTH_AES_XCBC_MAC]	= "aes-xcbc-mac",
 
diff --git a/test/test/test_cryptodev.c b/test/test/test_cryptodev.c
index 11031a0..0f6c619 100644
--- a/test/test/test_cryptodev.c
+++ b/test/test/test_cryptodev.c
@@ -76,6 +76,7 @@ struct crypto_testsuite_params {
 struct crypto_unittest_params {
 	struct rte_crypto_sym_xform cipher_xform;
 	struct rte_crypto_sym_xform auth_xform;
+	struct rte_crypto_sym_xform aead_xform;
 
 	struct rte_cryptodev_sym_session *sess;
 
@@ -4630,54 +4631,34 @@ test_3DES_cipheronly_openssl_all(void)
 /* ***** AES-GCM Tests ***** */
 
 static int
-create_gcm_session(uint8_t dev_id, enum rte_crypto_cipher_operation op,
+create_gcm_session(uint8_t dev_id, enum rte_crypto_aead_operation op,
 		const uint8_t *key, const uint8_t key_len,
 		const uint16_t aad_len, const uint8_t auth_len,
-		uint8_t iv_len,
-		enum rte_crypto_auth_operation auth_op)
+		uint8_t iv_len)
 {
-	uint8_t cipher_key[key_len];
+	uint8_t aead_key[key_len];
 
 	struct crypto_unittest_params *ut_params = &unittest_params;
 
-	memcpy(cipher_key, key, key_len);
+	memcpy(aead_key, key, key_len);
 
-	/* Setup Cipher Parameters */
-	ut_params->cipher_xform.type = RTE_CRYPTO_SYM_XFORM_CIPHER;
-	ut_params->cipher_xform.next = NULL;
-
-	ut_params->cipher_xform.cipher.algo = RTE_CRYPTO_CIPHER_AES_GCM;
-	ut_params->auth_xform.auth.op = auth_op;
-	ut_params->cipher_xform.cipher.op = op;
-	ut_params->cipher_xform.cipher.key.data = cipher_key;
-	ut_params->cipher_xform.cipher.key.length = key_len;
-	ut_params->cipher_xform.cipher.iv.offset = IV_OFFSET;
-	ut_params->cipher_xform.cipher.iv.length = iv_len;
+	/* Setup AEAD Parameters */
+	ut_params->aead_xform.type = RTE_CRYPTO_SYM_XFORM_AEAD;
+	ut_params->aead_xform.next = NULL;
+	ut_params->aead_xform.aead.algo = RTE_CRYPTO_AEAD_AES_GCM;
+	ut_params->aead_xform.aead.op = op;
+	ut_params->aead_xform.aead.key.data = aead_key;
+	ut_params->aead_xform.aead.key.length = key_len;
+	ut_params->aead_xform.aead.iv.offset = IV_OFFSET;
+	ut_params->aead_xform.aead.iv.length = iv_len;
+	ut_params->aead_xform.aead.digest_length = auth_len;
+	ut_params->aead_xform.aead.add_auth_data_length = aad_len;
 
 	TEST_HEXDUMP(stdout, "key:", key, key_len);
 
-	/* Setup Authentication Parameters */
-	ut_params->auth_xform.type = RTE_CRYPTO_SYM_XFORM_AUTH;
-	ut_params->auth_xform.next = NULL;
-
-	ut_params->auth_xform.auth.algo = RTE_CRYPTO_AUTH_AES_GCM;
-
-	ut_params->auth_xform.auth.digest_length = auth_len;
-	ut_params->auth_xform.auth.add_auth_data_length = aad_len;
-	ut_params->auth_xform.auth.key.length = 0;
-	ut_params->auth_xform.auth.key.data = NULL;
-
-	if (op == RTE_CRYPTO_CIPHER_OP_ENCRYPT) {
-		ut_params->cipher_xform.next = &ut_params->auth_xform;
-
-		/* Create Crypto session*/
-		ut_params->sess = rte_cryptodev_sym_session_create(dev_id,
-				&ut_params->cipher_xform);
-	} else {/* Create Crypto session*/
-		ut_params->auth_xform.next = &ut_params->cipher_xform;
-		ut_params->sess = rte_cryptodev_sym_session_create(dev_id,
-				&ut_params->auth_xform);
-	}
+	/* Create Crypto session*/
+	ut_params->sess = rte_cryptodev_sym_session_create(dev_id,
+			&ut_params->aead_xform);
 
 	TEST_ASSERT_NOT_NULL(ut_params->sess, "Session creation failed");
 
@@ -4686,43 +4667,35 @@ create_gcm_session(uint8_t dev_id, enum rte_crypto_cipher_operation op,
 
 static int
 create_gcm_xforms(struct rte_crypto_op *op,
-		enum rte_crypto_cipher_operation cipher_op,
+		enum rte_crypto_aead_operation aead_op,
 		uint8_t *key, const uint8_t key_len,
 		const uint8_t aad_len, const uint8_t auth_len,
-		uint8_t iv_len,
-		enum rte_crypto_auth_operation auth_op)
+		uint8_t iv_len)
 {
-	TEST_ASSERT_NOT_NULL(rte_crypto_op_sym_xforms_alloc(op, 2),
-			"failed to allocate space for crypto transforms");
+	TEST_ASSERT_NOT_NULL(rte_crypto_op_sym_xforms_alloc(op, 1),
+			"failed to allocate space for crypto transform");
 
 	struct rte_crypto_sym_op *sym_op = op->sym;
 
-	/* Setup Cipher Parameters */
-	sym_op->xform->type = RTE_CRYPTO_SYM_XFORM_CIPHER;
-	sym_op->xform->cipher.algo = RTE_CRYPTO_CIPHER_AES_GCM;
-	sym_op->xform->cipher.op = cipher_op;
-	sym_op->xform->cipher.key.data = key;
-	sym_op->xform->cipher.key.length = key_len;
-	sym_op->xform->cipher.iv.offset = IV_OFFSET;
-	sym_op->xform->cipher.iv.length = iv_len;
+	/* Setup AEAD Parameters */
+	sym_op->xform->type = RTE_CRYPTO_SYM_XFORM_AEAD;
+	sym_op->xform->next = NULL;
+	sym_op->xform->aead.algo = RTE_CRYPTO_AEAD_AES_GCM;
+	sym_op->xform->aead.op = aead_op;
+	sym_op->xform->aead.key.data = key;
+	sym_op->xform->aead.key.length = key_len;
+	sym_op->xform->aead.iv.offset = IV_OFFSET;
+	sym_op->xform->aead.iv.length = iv_len;
+	sym_op->xform->aead.digest_length = auth_len;
+	sym_op->xform->aead.add_auth_data_length = aad_len;
 
 	TEST_HEXDUMP(stdout, "key:", key, key_len);
 
-	/* Setup Authentication Parameters */
-	sym_op->xform->next->type = RTE_CRYPTO_SYM_XFORM_AUTH;
-	sym_op->xform->next->auth.algo = RTE_CRYPTO_AUTH_AES_GCM;
-	sym_op->xform->next->auth.op = auth_op;
-	sym_op->xform->next->auth.digest_length = auth_len;
-	sym_op->xform->next->auth.add_auth_data_length = aad_len;
-	sym_op->xform->next->auth.key.length = 0;
-	sym_op->xform->next->auth.key.data = NULL;
-	sym_op->xform->next->next = NULL;
-
 	return 0;
 }
 
 static int
-create_gcm_operation(enum rte_crypto_cipher_operation op,
+create_gcm_operation(enum rte_crypto_aead_operation op,
 		const struct gcm_test_data *tdata)
 {
 	struct crypto_testsuite_params *ts_params = &testsuite_params;
@@ -4741,15 +4714,15 @@ create_gcm_operation(enum rte_crypto_cipher_operation op,
 
 	/* Append aad data */
 	aad_pad_len = RTE_ALIGN_CEIL(tdata->aad.len, 16);
-	sym_op->auth.aad.data = (uint8_t *)rte_pktmbuf_append(ut_params->ibuf,
+	sym_op->aead.aad.data = (uint8_t *)rte_pktmbuf_append(ut_params->ibuf,
 			aad_pad_len);
-	TEST_ASSERT_NOT_NULL(sym_op->auth.aad.data,
+	TEST_ASSERT_NOT_NULL(sym_op->aead.aad.data,
 			"no room to append aad");
 
-	sym_op->auth.aad.phys_addr =
+	sym_op->aead.aad.phys_addr =
 			rte_pktmbuf_mtophys(ut_params->ibuf);
-	memcpy(sym_op->auth.aad.data, tdata->aad.data, tdata->aad.len);
-	TEST_HEXDUMP(stdout, "aad:", sym_op->auth.aad.data,
+	memcpy(sym_op->aead.aad.data, tdata->aad.data, tdata->aad.len);
+	TEST_HEXDUMP(stdout, "aad:", sym_op->aead.aad.data,
 		tdata->aad.len);
 
 	/* Append IV at the end of the crypto operation*/
@@ -4761,7 +4734,7 @@ create_gcm_operation(enum rte_crypto_cipher_operation op,
 		tdata->iv.len);
 
 	/* Append plaintext/ciphertext */
-	if (op == RTE_CRYPTO_CIPHER_OP_ENCRYPT) {
+	if (op == RTE_CRYPTO_AEAD_OP_ENCRYPT) {
 		plaintext_pad_len = RTE_ALIGN_CEIL(tdata->plaintext.len, 16);
 		plaintext = (uint8_t *)rte_pktmbuf_append(ut_params->ibuf,
 				plaintext_pad_len);
@@ -4806,40 +4779,37 @@ create_gcm_operation(enum rte_crypto_cipher_operation op,
 	}
 
 	/* Append digest data */
-	if (op == RTE_CRYPTO_CIPHER_OP_ENCRYPT) {
-		sym_op->auth.digest.data = (uint8_t *)rte_pktmbuf_append(
+	if (op == RTE_CRYPTO_AEAD_OP_ENCRYPT) {
+		sym_op->aead.digest.data = (uint8_t *)rte_pktmbuf_append(
 				ut_params->obuf ? ut_params->obuf :
 						ut_params->ibuf,
 						tdata->auth_tag.len);
-		TEST_ASSERT_NOT_NULL(sym_op->auth.digest.data,
+		TEST_ASSERT_NOT_NULL(sym_op->aead.digest.data,
 				"no room to append digest");
-		memset(sym_op->auth.digest.data, 0, tdata->auth_tag.len);
-		sym_op->auth.digest.phys_addr = rte_pktmbuf_mtophys_offset(
+		memset(sym_op->aead.digest.data, 0, tdata->auth_tag.len);
+		sym_op->aead.digest.phys_addr = rte_pktmbuf_mtophys_offset(
 				ut_params->obuf ? ut_params->obuf :
 						ut_params->ibuf,
 						plaintext_pad_len +
 						aad_pad_len);
 	} else {
-		sym_op->auth.digest.data = (uint8_t *)rte_pktmbuf_append(
+		sym_op->aead.digest.data = (uint8_t *)rte_pktmbuf_append(
 				ut_params->ibuf, tdata->auth_tag.len);
-		TEST_ASSERT_NOT_NULL(sym_op->auth.digest.data,
+		TEST_ASSERT_NOT_NULL(sym_op->aead.digest.data,
 				"no room to append digest");
-		sym_op->auth.digest.phys_addr = rte_pktmbuf_mtophys_offset(
+		sym_op->aead.digest.phys_addr = rte_pktmbuf_mtophys_offset(
 				ut_params->ibuf,
 				plaintext_pad_len + aad_pad_len);
 
-		rte_memcpy(sym_op->auth.digest.data, tdata->auth_tag.data,
+		rte_memcpy(sym_op->aead.digest.data, tdata->auth_tag.data,
 			tdata->auth_tag.len);
 		TEST_HEXDUMP(stdout, "digest:",
-			sym_op->auth.digest.data,
+			sym_op->aead.digest.data,
 			tdata->auth_tag.len);
 	}
 
-	sym_op->cipher.data.length = tdata->plaintext.len;
-	sym_op->cipher.data.offset = aad_pad_len;
-
-	sym_op->auth.data.length = tdata->plaintext.len;
-	sym_op->auth.data.offset = aad_pad_len;
+	sym_op->aead.data.length = tdata->plaintext.len;
+	sym_op->aead.data.offset = aad_pad_len;
 
 	return 0;
 }
@@ -4857,11 +4827,10 @@ test_mb_AES_GCM_authenticated_encryption(const struct gcm_test_data *tdata)
 
 	/* Create GCM session */
 	retval = create_gcm_session(ts_params->valid_devs[0],
-			RTE_CRYPTO_CIPHER_OP_ENCRYPT,
+			RTE_CRYPTO_AEAD_OP_ENCRYPT,
 			tdata->key.data, tdata->key.len,
 			tdata->aad.len, tdata->auth_tag.len,
-			tdata->iv.len,
-			RTE_CRYPTO_AUTH_OP_GENERATE);
+			tdata->iv.len);
 	if (retval < 0)
 		return retval;
 
@@ -4878,7 +4847,7 @@ test_mb_AES_GCM_authenticated_encryption(const struct gcm_test_data *tdata)
 			rte_pktmbuf_tailroom(ut_params->ibuf));
 
 	/* Create GCM operation */
-	retval = create_gcm_operation(RTE_CRYPTO_CIPHER_OP_ENCRYPT, tdata);
+	retval = create_gcm_operation(RTE_CRYPTO_AEAD_OP_ENCRYPT, tdata);
 	if (retval < 0)
 		return retval;
 
@@ -5035,11 +5004,10 @@ test_mb_AES_GCM_authenticated_decryption(const struct gcm_test_data *tdata)
 
 	/* Create GCM session */
 	retval = create_gcm_session(ts_params->valid_devs[0],
-			RTE_CRYPTO_CIPHER_OP_DECRYPT,
+			RTE_CRYPTO_AEAD_OP_DECRYPT,
 			tdata->key.data, tdata->key.len,
 			tdata->aad.len, tdata->auth_tag.len,
-			tdata->iv.len,
-			RTE_CRYPTO_AUTH_OP_VERIFY);
+			tdata->iv.len);
 	if (retval < 0)
 		return retval;
 
@@ -5056,7 +5024,7 @@ test_mb_AES_GCM_authenticated_decryption(const struct gcm_test_data *tdata)
 			rte_pktmbuf_tailroom(ut_params->ibuf));
 
 	/* Create GCM operation */
-	retval = create_gcm_operation(RTE_CRYPTO_CIPHER_OP_DECRYPT, tdata);
+	retval = create_gcm_operation(RTE_CRYPTO_AEAD_OP_DECRYPT, tdata);
 	if (retval < 0)
 		return retval;
 
@@ -5202,11 +5170,10 @@ test_AES_GCM_authenticated_encryption_oop(const struct gcm_test_data *tdata)
 
 	/* Create GCM session */
 	retval = create_gcm_session(ts_params->valid_devs[0],
-			RTE_CRYPTO_CIPHER_OP_ENCRYPT,
+			RTE_CRYPTO_AEAD_OP_ENCRYPT,
 			tdata->key.data, tdata->key.len,
 			tdata->aad.len, tdata->auth_tag.len,
-			tdata->iv.len,
-			RTE_CRYPTO_AUTH_OP_GENERATE);
+			tdata->iv.len);
 	if (retval < 0)
 		return retval;
 
@@ -5220,7 +5187,7 @@ test_AES_GCM_authenticated_encryption_oop(const struct gcm_test_data *tdata)
 			rte_pktmbuf_tailroom(ut_params->obuf));
 
 	/* Create GCM operation */
-	retval = create_gcm_operation(RTE_CRYPTO_CIPHER_OP_ENCRYPT, tdata);
+	retval = create_gcm_operation(RTE_CRYPTO_AEAD_OP_ENCRYPT, tdata);
 	if (retval < 0)
 		return retval;
 
@@ -5279,11 +5246,10 @@ test_AES_GCM_authenticated_decryption_oop(const struct gcm_test_data *tdata)
 
 	/* Create GCM session */
 	retval = create_gcm_session(ts_params->valid_devs[0],
-			RTE_CRYPTO_CIPHER_OP_DECRYPT,
+			RTE_CRYPTO_AEAD_OP_DECRYPT,
 			tdata->key.data, tdata->key.len,
 			tdata->aad.len, tdata->auth_tag.len,
-			tdata->iv.len,
-			RTE_CRYPTO_AUTH_OP_VERIFY);
+			tdata->iv.len);
 	if (retval < 0)
 		return retval;
 
@@ -5297,7 +5263,7 @@ test_AES_GCM_authenticated_decryption_oop(const struct gcm_test_data *tdata)
 			rte_pktmbuf_tailroom(ut_params->obuf));
 
 	/* Create GCM operation */
-	retval = create_gcm_operation(RTE_CRYPTO_CIPHER_OP_DECRYPT, tdata);
+	retval = create_gcm_operation(RTE_CRYPTO_AEAD_OP_DECRYPT, tdata);
 	if (retval < 0)
 		return retval;
 
@@ -5356,18 +5322,17 @@ test_AES_GCM_authenticated_encryption_sessionless(
 			rte_pktmbuf_tailroom(ut_params->ibuf));
 
 	/* Create GCM operation */
-	retval = create_gcm_operation(RTE_CRYPTO_CIPHER_OP_ENCRYPT, tdata);
+	retval = create_gcm_operation(RTE_CRYPTO_AEAD_OP_ENCRYPT, tdata);
 	if (retval < 0)
 		return retval;
 
 	/* Create GCM xforms */
 	memcpy(key, tdata->key.data, tdata->key.len);
 	retval = create_gcm_xforms(ut_params->op,
-			RTE_CRYPTO_CIPHER_OP_ENCRYPT,
+			RTE_CRYPTO_AEAD_OP_ENCRYPT,
 			key, tdata->key.len,
 			tdata->aad.len, tdata->auth_tag.len,
-			tdata->iv.len,
-			RTE_CRYPTO_AUTH_OP_GENERATE);
+			tdata->iv.len);
 	if (retval < 0)
 		return retval;
 
@@ -5437,18 +5402,17 @@ test_AES_GCM_authenticated_decryption_sessionless(
 			rte_pktmbuf_tailroom(ut_params->ibuf));
 
 	/* Create GCM operation */
-	retval = create_gcm_operation(RTE_CRYPTO_CIPHER_OP_DECRYPT, tdata);
+	retval = create_gcm_operation(RTE_CRYPTO_AEAD_OP_DECRYPT, tdata);
 	if (retval < 0)
 		return retval;
 
 	/* Create GCM xforms */
 	memcpy(key, tdata->key.data, tdata->key.len);
 	retval = create_gcm_xforms(ut_params->op,
-			RTE_CRYPTO_CIPHER_OP_DECRYPT,
+			RTE_CRYPTO_AEAD_OP_DECRYPT,
 			key, tdata->key.len,
 			tdata->aad.len, tdata->auth_tag.len,
-			tdata->iv.len,
-			RTE_CRYPTO_AUTH_OP_VERIFY);
+			tdata->iv.len);
 	if (retval < 0)
 		return retval;
 
@@ -7138,7 +7102,7 @@ test_authenticated_decryption_fail_when_corruption(
 }
 
 static int
-create_gcm_operation_SGL(enum rte_crypto_cipher_operation op,
+create_gcm_operation_SGL(enum rte_crypto_aead_operation op,
 		const struct gcm_test_data *tdata,
 		void *digest_mem, uint64_t digest_phys)
 {
@@ -7157,18 +7121,18 @@ create_gcm_operation_SGL(enum rte_crypto_cipher_operation op,
 
 	struct rte_crypto_sym_op *sym_op = ut_params->op->sym;
 
-	sym_op->auth.digest.data = digest_mem;
+	sym_op->aead.digest.data = digest_mem;
 
-	TEST_ASSERT_NOT_NULL(sym_op->auth.digest.data,
+	TEST_ASSERT_NOT_NULL(sym_op->aead.digest.data,
 			"no room to append digest");
 
-	sym_op->auth.digest.phys_addr = digest_phys;
+	sym_op->aead.digest.phys_addr = digest_phys;
 
-	if (op == RTE_CRYPTO_CIPHER_OP_DECRYPT) {
-		rte_memcpy(sym_op->auth.digest.data, tdata->auth_tag.data,
+	if (op == RTE_CRYPTO_AEAD_OP_DECRYPT) {
+		rte_memcpy(sym_op->aead.digest.data, tdata->auth_tag.data,
 				auth_tag_len);
 		TEST_HEXDUMP(stdout, "digest:",
-				sym_op->auth.digest.data,
+				sym_op->aead.digest.data,
 				auth_tag_len);
 	}
 
@@ -7177,25 +7141,22 @@ create_gcm_operation_SGL(enum rte_crypto_cipher_operation op,
 
 	rte_memcpy(iv_ptr, tdata->iv.data, iv_len);
 
-	sym_op->auth.aad.data = (uint8_t *)rte_pktmbuf_prepend(
+	sym_op->aead.aad.data = (uint8_t *)rte_pktmbuf_prepend(
 			ut_params->ibuf, aad_len);
-	TEST_ASSERT_NOT_NULL(sym_op->auth.aad.data,
+	TEST_ASSERT_NOT_NULL(sym_op->aead.aad.data,
 			"no room to prepend aad");
-	sym_op->auth.aad.phys_addr = rte_pktmbuf_mtophys(
+	sym_op->aead.aad.phys_addr = rte_pktmbuf_mtophys(
 			ut_params->ibuf);
 
-	memset(sym_op->auth.aad.data, 0, aad_len);
-	rte_memcpy(sym_op->auth.aad.data, tdata->aad.data, aad_len);
+	memset(sym_op->aead.aad.data, 0, aad_len);
+	rte_memcpy(sym_op->aead.aad.data, tdata->aad.data, aad_len);
 
 	TEST_HEXDUMP(stdout, "iv:", iv_ptr, iv_len);
 	TEST_HEXDUMP(stdout, "aad:",
-			sym_op->auth.aad.data, aad_len);
+			sym_op->aead.aad.data, aad_len);
 
-	sym_op->cipher.data.length = tdata->plaintext.len;
-	sym_op->cipher.data.offset = aad_len;
-
-	sym_op->auth.data.offset = aad_len;
-	sym_op->auth.data.length = tdata->plaintext.len;
+	sym_op->aead.data.length = tdata->plaintext.len;
+	sym_op->aead.data.offset = aad_len;
 
 	return 0;
 }
@@ -7250,11 +7211,10 @@ test_AES_GCM_authenticated_encryption_SGL(const struct gcm_test_data *tdata,
 
 	/* Create GCM session */
 	retval = create_gcm_session(ts_params->valid_devs[0],
-			RTE_CRYPTO_CIPHER_OP_ENCRYPT,
+			RTE_CRYPTO_AEAD_OP_ENCRYPT,
 			tdata->key.data, tdata->key.len,
 			tdata->aad.len, tdata->auth_tag.len,
-			tdata->iv.len,
-			RTE_CRYPTO_AUTH_OP_GENERATE);
+			tdata->iv.len);
 	if (retval < 0)
 		return retval;
 
@@ -7380,7 +7340,7 @@ test_AES_GCM_authenticated_encryption_SGL(const struct gcm_test_data *tdata,
 	}
 
 	/* Create GCM opertaion */
-	retval = create_gcm_operation_SGL(RTE_CRYPTO_CIPHER_OP_ENCRYPT,
+	retval = create_gcm_operation_SGL(RTE_CRYPTO_AEAD_OP_ENCRYPT,
 			tdata, digest_mem, digest_phys);
 
 	if (retval < 0)
diff --git a/test/test/test_cryptodev_perf.c b/test/test/test_cryptodev_perf.c
index 3bd9351..5b2468d 100644
--- a/test/test/test_cryptodev_perf.c
+++ b/test/test/test_cryptodev_perf.c
@@ -65,7 +65,8 @@ enum chain_mode {
 	CIPHER_HASH,
 	HASH_CIPHER,
 	CIPHER_ONLY,
-	HASH_ONLY
+	HASH_ONLY,
+	AEAD
 };
 
 
@@ -86,6 +87,7 @@ struct symmetric_op {
 struct symmetric_session_attrs {
 	enum rte_crypto_cipher_operation cipher;
 	enum rte_crypto_auth_operation auth;
+	enum rte_crypto_aead_operation aead;
 
 	enum rte_crypto_cipher_algorithm cipher_algorithm;
 	const uint8_t *key_cipher_data;
@@ -95,6 +97,10 @@ struct symmetric_session_attrs {
 	const uint8_t *key_auth_data;
 	uint32_t key_auth_len;
 
+	enum rte_crypto_aead_algorithm aead_algorithm;
+	const uint8_t *key_aead_data;
+	uint32_t key_aead_len;
+
 	const uint8_t *iv_data;
 	uint16_t iv_len;
 	uint16_t aad_len;
@@ -124,8 +130,9 @@ struct perf_test_params {
 	enum chain_mode chain;
 
 	enum rte_crypto_cipher_algorithm cipher_algo;
-	unsigned cipher_key_length;
+	unsigned int key_length;
 	enum rte_crypto_auth_algorithm auth_algo;
+	enum rte_crypto_aead_algorithm aead_algo;
 
 	struct symmetric_session_attrs *session_attrs;
 
@@ -157,7 +164,8 @@ static struct rte_cryptodev_sym_session *
 test_perf_create_openssl_session(uint8_t dev_id, enum chain_mode chain,
 		enum rte_crypto_cipher_algorithm cipher_algo,
 		unsigned int cipher_key_len,
-		enum rte_crypto_auth_algorithm auth_algo);
+		enum rte_crypto_auth_algorithm auth_algo,
+		enum rte_crypto_aead_algorithm aead_algo);
 static struct rte_cryptodev_sym_session *
 test_perf_create_armv8_session(uint8_t dev_id, enum chain_mode chain,
 		enum rte_crypto_cipher_algorithm cipher_algo,
@@ -191,6 +199,7 @@ static const char *chain_mode_name(enum chain_mode mode)
 	case HASH_CIPHER: return "hash_cipher"; break;
 	case CIPHER_ONLY: return "cipher_only"; break;
 	case HASH_ONLY: return "hash_only"; break;
+	case AEAD: return "aead"; break;
 	default: return ""; break;
 	}
 }
@@ -2085,7 +2094,7 @@ test_perf_snow3G_optimise_cyclecount(struct perf_test_params *pparams)
 	/* Create Crypto session*/
 	sess = test_perf_create_snow3g_session(ts_params->dev_id,
 			pparams->chain, pparams->cipher_algo,
-			pparams->cipher_key_length, pparams->auth_algo);
+			pparams->key_length, pparams->auth_algo);
 	TEST_ASSERT_NOT_NULL(sess, "Session creation failed");
 
 	/* Generate Crypto op data structure(s)*/
@@ -2106,7 +2115,16 @@ test_perf_snow3G_optimise_cyclecount(struct perf_test_params *pparams)
 		c_ops[i] = op;
 	}
 
-	printf("\nOn %s dev%u qp%u, %s, cipher algo:%s, auth_algo:%s, "
+	if (pparams->chain == AEAD)
+		printf("\nOn %s dev%u qp%u, %s, aead algo:%s, "
+			"Packet Size %u bytes",
+			pmd_name(gbl_cryptodev_perftest_devtype),
+			ts_params->dev_id, 0,
+			chain_mode_name(pparams->chain),
+			rte_crypto_aead_algorithm_strings[pparams->aead_algo],
+			pparams->buf_size);
+	else
+		printf("\nOn %s dev%u qp%u, %s, cipher algo:%s, auth_algo:%s, "
 			"Packet Size %u bytes",
 			pmd_name(gbl_cryptodev_perftest_devtype),
 			ts_params->dev_id, 0,
@@ -2196,14 +2214,14 @@ test_perf_snow3G_vary_burst_size(void)
 			{
 					.chain = CIPHER_ONLY,
 					.cipher_algo  = RTE_CRYPTO_CIPHER_SNOW3G_UEA2,
-					.cipher_key_length = 16,
+					.key_length = 16,
 					.auth_algo  = RTE_CRYPTO_AUTH_NULL,
 			},
 			{
 					.chain = HASH_ONLY,
 					.cipher_algo = RTE_CRYPTO_CIPHER_NULL,
 					.auth_algo  = RTE_CRYPTO_AUTH_SNOW3G_UIA2,
-					.cipher_key_length = 16
+					.key_length = 16
 			},
 	};
 
@@ -2260,7 +2278,8 @@ test_perf_openssl_optimise_cyclecount(struct perf_test_params *pparams)
 	/* Create Crypto session*/
 	sess = test_perf_create_openssl_session(ts_params->dev_id,
 			pparams->chain, pparams->cipher_algo,
-			pparams->cipher_key_length, pparams->auth_algo);
+			pparams->key_length, pparams->auth_algo,
+			pparams->aead_algo);
 	TEST_ASSERT_NOT_NULL(sess, "Session creation failed");
 
 	/* Generate Crypto op data structure(s)*/
@@ -2275,21 +2294,22 @@ test_perf_openssl_optimise_cyclecount(struct perf_test_params *pparams)
 						RTE_CRYPTO_OP_TYPE_SYMMETRIC);
 		TEST_ASSERT_NOT_NULL(op, "Failed to allocate op");
 
-		switch (pparams->cipher_algo) {
-		case RTE_CRYPTO_CIPHER_3DES_CBC:
-		case RTE_CRYPTO_CIPHER_3DES_CTR:
-			test_perf_set_crypto_op = test_perf_set_crypto_op_3des;
-			break;
-		case RTE_CRYPTO_CIPHER_AES_CBC:
-		case RTE_CRYPTO_CIPHER_AES_CTR:
-			test_perf_set_crypto_op = test_perf_set_crypto_op_aes;
-			break;
-		case RTE_CRYPTO_CIPHER_AES_GCM:
+		if (pparams->chain == AEAD)
 			test_perf_set_crypto_op =
 						test_perf_set_crypto_op_aes_gcm;
-			break;
-		default:
-			return TEST_FAILED;
+		else {
+			switch (pparams->cipher_algo) {
+			case RTE_CRYPTO_CIPHER_3DES_CBC:
+			case RTE_CRYPTO_CIPHER_3DES_CTR:
+				test_perf_set_crypto_op = test_perf_set_crypto_op_3des;
+				break;
+			case RTE_CRYPTO_CIPHER_AES_CBC:
+			case RTE_CRYPTO_CIPHER_AES_CTR:
+				test_perf_set_crypto_op = test_perf_set_crypto_op_aes;
+				break;
+			default:
+				return TEST_FAILED;
+			}
 		}
 
 		op = test_perf_set_crypto_op(op, m, sess, pparams->buf_size,
@@ -2299,14 +2319,24 @@ test_perf_openssl_optimise_cyclecount(struct perf_test_params *pparams)
 		c_ops[i] = op;
 	}
 
-	printf("\nOn %s dev%u qp%u, %s, cipher algo:%s, cipher key length:%u, "
-			"auth_algo:%s, Packet Size %u bytes",
+	if (pparams->chain == AEAD)
+		printf("\nOn %s dev%u qp%u, %s, aead_algo:%s, "
+			"key length:%u, Packet Size %u bytes",
+			pmd_name(gbl_cryptodev_perftest_devtype),
+			ts_params->dev_id, 0,
+			chain_mode_name(pparams->chain),
+			rte_crypto_aead_algorithm_strings[pparams->aead_algo],
+			pparams->key_length,
+			pparams->buf_size);
+	else
+		printf("\nOn %s dev%u qp%u, %s, cipher algo:%s, auth_algo:%s, "
+			"key length:%u, Packet Size %u bytes",
 			pmd_name(gbl_cryptodev_perftest_devtype),
 			ts_params->dev_id, 0,
 			chain_mode_name(pparams->chain),
 			rte_crypto_cipher_algorithm_strings[pparams->cipher_algo],
-			pparams->cipher_key_length,
 			rte_crypto_auth_algorithm_strings[pparams->auth_algo],
+			pparams->key_length,
 			pparams->buf_size);
 	printf("\nOps Tx\tOps Rx\tOps/burst  ");
 	printf("Retries  EmptyPolls\tIACycles/CyOp\tIACycles/Burst\t"
@@ -2410,7 +2440,7 @@ test_perf_armv8_optimise_cyclecount(struct perf_test_params *pparams)
 	/* Create Crypto session*/
 	sess = test_perf_create_armv8_session(ts_params->dev_id,
 			pparams->chain, pparams->cipher_algo,
-			pparams->cipher_key_length, pparams->auth_algo);
+			pparams->key_length, pparams->auth_algo);
 	TEST_ASSERT_NOT_NULL(sess, "Session creation failed");
 
 	/* Generate Crypto op data structure(s)*/
@@ -2438,7 +2468,7 @@ test_perf_armv8_optimise_cyclecount(struct perf_test_params *pparams)
 			ts_params->dev_id, 0,
 			chain_mode_name(pparams->chain),
 			rte_crypto_cipher_algorithm_strings[pparams->cipher_algo],
-			pparams->cipher_key_length,
+			pparams->key_length,
 			rte_crypto_auth_algorithm_strings[pparams->auth_algo],
 			pparams->buf_size);
 	printf("\nOps Tx\tOps Rx\tOps/burst  ");
@@ -2532,8 +2562,6 @@ static uint32_t get_auth_key_max_length(enum rte_crypto_auth_algorithm algo)
 		return 128;
 	case RTE_CRYPTO_AUTH_SHA512_HMAC:
 		return 128;
-	case RTE_CRYPTO_AUTH_AES_GCM:
-		return 0;
 	default:
 		return 0;
 	}
@@ -2554,7 +2582,15 @@ static uint32_t get_auth_digest_length(enum rte_crypto_auth_algorithm algo)
 		return TRUNCATED_DIGEST_BYTE_LENGTH_SHA384;
 	case RTE_CRYPTO_AUTH_SHA512_HMAC:
 		return TRUNCATED_DIGEST_BYTE_LENGTH_SHA512;
-	case RTE_CRYPTO_AUTH_AES_GCM:
+	default:
+		return 0;
+	}
+}
+
+static uint32_t get_aead_digest_length(enum rte_crypto_aead_algorithm algo)
+{
+	switch (algo) {
+	case RTE_CRYPTO_AEAD_AES_GCM:
 		return DIGEST_BYTE_LENGTH_AES_GCM;
 	default:
 		return 0;
@@ -2732,55 +2768,73 @@ test_perf_create_snow3g_session(uint8_t dev_id, enum chain_mode chain,
 static struct rte_cryptodev_sym_session *
 test_perf_create_openssl_session(uint8_t dev_id, enum chain_mode chain,
 		enum rte_crypto_cipher_algorithm cipher_algo,
-		unsigned int cipher_key_len,
-		enum rte_crypto_auth_algorithm auth_algo)
+		unsigned int key_len,
+		enum rte_crypto_auth_algorithm auth_algo,
+		enum rte_crypto_aead_algorithm aead_algo)
 {
 	struct rte_crypto_sym_xform cipher_xform = { 0 };
 	struct rte_crypto_sym_xform auth_xform = { 0 };
+	struct rte_crypto_sym_xform aead_xform = { 0 };
 
-	/* Setup Cipher Parameters */
-	cipher_xform.type = RTE_CRYPTO_SYM_XFORM_CIPHER;
-	cipher_xform.cipher.algo = cipher_algo;
-	cipher_xform.cipher.iv.offset = IV_OFFSET;
-	cipher_xform.cipher.op = RTE_CRYPTO_CIPHER_OP_ENCRYPT;
+	if (chain == CIPHER_HASH || chain == HASH_CIPHER) {
+		/* Setup Cipher Parameters */
+		cipher_xform.type = RTE_CRYPTO_SYM_XFORM_CIPHER;
+		cipher_xform.cipher.algo = cipher_algo;
+		cipher_xform.cipher.iv.offset = IV_OFFSET;
+		cipher_xform.cipher.op = RTE_CRYPTO_CIPHER_OP_ENCRYPT;
 
-	switch (cipher_algo) {
-	case RTE_CRYPTO_CIPHER_3DES_CBC:
-	case RTE_CRYPTO_CIPHER_3DES_CTR:
-		cipher_xform.cipher.key.data = triple_des_key;
-		cipher_xform.cipher.iv.length = TRIPLE_DES_CIPHER_IV_LENGTH;
-		break;
-	case RTE_CRYPTO_CIPHER_AES_CBC:
-	case RTE_CRYPTO_CIPHER_AES_CTR:
-	case RTE_CRYPTO_CIPHER_AES_GCM:
-		cipher_xform.cipher.key.data = aes_key;
-		cipher_xform.cipher.iv.length = AES_CIPHER_IV_LENGTH;
-		break;
-	default:
-		return NULL;
-	}
+		switch (cipher_algo) {
+		case RTE_CRYPTO_CIPHER_3DES_CBC:
+		case RTE_CRYPTO_CIPHER_3DES_CTR:
+			cipher_xform.cipher.key.data = triple_des_key;
+			cipher_xform.cipher.iv.length = TRIPLE_DES_CIPHER_IV_LENGTH;
+			break;
+		case RTE_CRYPTO_CIPHER_AES_CBC:
+		case RTE_CRYPTO_CIPHER_AES_CTR:
+			cipher_xform.cipher.key.data = aes_key;
+			cipher_xform.cipher.iv.length = AES_CIPHER_IV_LENGTH;
+			break;
+		default:
+			return NULL;
+		}
 
-	cipher_xform.cipher.key.length = cipher_key_len;
+		cipher_xform.cipher.key.length = key_len;
 
-	/* Setup Auth Parameters */
-	auth_xform.type = RTE_CRYPTO_SYM_XFORM_AUTH;
-	auth_xform.auth.op = RTE_CRYPTO_AUTH_OP_GENERATE;
-	auth_xform.auth.algo = auth_algo;
+		/* Setup Auth Parameters */
+		auth_xform.type = RTE_CRYPTO_SYM_XFORM_AUTH;
+		auth_xform.auth.op = RTE_CRYPTO_AUTH_OP_GENERATE;
+		auth_xform.auth.algo = auth_algo;
 
-	switch (auth_algo) {
-	case RTE_CRYPTO_AUTH_SHA1_HMAC:
-		auth_xform.auth.key.data = hmac_sha_key;
-		break;
-	case RTE_CRYPTO_AUTH_AES_GCM:
-		auth_xform.auth.key.data = NULL;
-		auth_xform.auth.add_auth_data_length = AES_GCM_AAD_LENGTH;
-		break;
-	default:
-		return NULL;
-	}
+		switch (auth_algo) {
+		case RTE_CRYPTO_AUTH_SHA1_HMAC:
+			auth_xform.auth.key.data = hmac_sha_key;
+			break;
+		default:
+			return NULL;
+		}
 
-	auth_xform.auth.key.length =  get_auth_key_max_length(auth_algo);
-	auth_xform.auth.digest_length = get_auth_digest_length(auth_algo);
+		auth_xform.auth.key.length =  get_auth_key_max_length(auth_algo);
+		auth_xform.auth.digest_length = get_auth_digest_length(auth_algo);
+	} else if (chain == AEAD) {
+		/* Setup AEAD Parameters */
+		aead_xform.type = RTE_CRYPTO_SYM_XFORM_AEAD;
+		aead_xform.aead.op = RTE_CRYPTO_AEAD_OP_ENCRYPT;
+		aead_xform.aead.algo = aead_algo;
+		aead_xform.aead.iv.offset = IV_OFFSET;
+
+		switch (aead_algo) {
+		case RTE_CRYPTO_AEAD_AES_GCM:
+			aead_xform.aead.key.data = aes_key;
+			aead_xform.aead.iv.length = AES_CIPHER_IV_LENGTH;
+			aead_xform.aead.add_auth_data_length = AES_GCM_AAD_LENGTH;
+			aead_xform.aead.digest_length = get_aead_digest_length(auth_algo);
+			break;
+		default:
+			return NULL;
+		}
+
+		aead_xform.aead.key.length = key_len;
+	}
 
 	switch (chain) {
 	case CIPHER_HASH:
@@ -2793,6 +2847,9 @@ test_perf_create_openssl_session(uint8_t dev_id, enum chain_mode chain,
 		cipher_xform.next = NULL;
 		/* Create Crypto session*/
 		return rte_cryptodev_sym_session_create(dev_id,	&auth_xform);
+	case AEAD:
+		/* Create Crypto session*/
+		return rte_cryptodev_sym_session_create(dev_id,	&aead_xform);
 	default:
 		return NULL;
 	}
@@ -2916,22 +2973,19 @@ test_perf_set_crypto_op_aes_gcm(struct rte_crypto_op *op, struct rte_mbuf *m,
 	}
 
 	/* Authentication Parameters */
-	op->sym->auth.digest.data = (uint8_t *)m->buf_addr +
+	op->sym->aead.digest.data = (uint8_t *)m->buf_addr +
 					(m->data_off + data_len);
-	op->sym->auth.digest.phys_addr =
+	op->sym->aead.digest.phys_addr =
 				rte_pktmbuf_mtophys_offset(m, data_len);
-	op->sym->auth.aad.data = aes_gcm_aad;
+	op->sym->aead.aad.data = aes_gcm_aad;
 
 	/* Copy IV at the end of the crypto operation */
 	rte_memcpy(rte_crypto_op_ctod_offset(op, uint8_t *, IV_OFFSET),
 			aes_iv, AES_CIPHER_IV_LENGTH);
 
 	/* Data lengths/offsets Parameters */
-	op->sym->auth.data.offset = 0;
-	op->sym->auth.data.length = data_len;
-
-	op->sym->cipher.data.offset = 0;
-	op->sym->cipher.data.length = data_len;
+	op->sym->aead.data.offset = 0;
+	op->sym->aead.data.length = data_len;
 
 	op->sym->m_src = m;
 
@@ -3102,7 +3156,7 @@ test_perf_aes_sha(uint8_t dev_id, uint16_t queue_id,
 	/* Create Crypto session*/
 	sess = test_perf_create_aes_sha_session(ts_params->dev_id,
 			pparams->chain, pparams->cipher_algo,
-			pparams->cipher_key_length, pparams->auth_algo);
+			pparams->key_length, pparams->auth_algo);
 	TEST_ASSERT_NOT_NULL(sess, "Session creation failed");
 
 	/* Generate a burst of crypto operations */
@@ -3235,7 +3289,7 @@ test_perf_snow3g(uint8_t dev_id, uint16_t queue_id,
 	/* Create Crypto session*/
 	sess = test_perf_create_snow3g_session(ts_params->dev_id,
 			pparams->chain, pparams->cipher_algo,
-			pparams->cipher_key_length, pparams->auth_algo);
+			pparams->key_length, pparams->auth_algo);
 	TEST_ASSERT_NOT_NULL(sess, "Session creation failed");
 
 	/* Generate a burst of crypto operations */
@@ -3394,20 +3448,22 @@ test_perf_openssl(uint8_t dev_id, uint16_t queue_id,
 					unsigned int,
 					enum chain_mode);
 
-	switch (pparams->cipher_algo) {
-	case RTE_CRYPTO_CIPHER_3DES_CBC:
-	case RTE_CRYPTO_CIPHER_3DES_CTR:
-		test_perf_set_crypto_op = test_perf_set_crypto_op_3des;
-		break;
-	case RTE_CRYPTO_CIPHER_AES_CBC:
-	case RTE_CRYPTO_CIPHER_AES_CTR:
-		test_perf_set_crypto_op = test_perf_set_crypto_op_aes;
-		break;
-	case RTE_CRYPTO_CIPHER_AES_GCM:
-		test_perf_set_crypto_op = test_perf_set_crypto_op_aes_gcm;
-		break;
-	default:
-		return TEST_FAILED;
+	if (pparams->chain == AEAD)
+		test_perf_set_crypto_op =
+					test_perf_set_crypto_op_aes_gcm;
+	else {
+		switch (pparams->cipher_algo) {
+		case RTE_CRYPTO_CIPHER_3DES_CBC:
+		case RTE_CRYPTO_CIPHER_3DES_CTR:
+			test_perf_set_crypto_op = test_perf_set_crypto_op_3des;
+			break;
+		case RTE_CRYPTO_CIPHER_AES_CBC:
+		case RTE_CRYPTO_CIPHER_AES_CTR:
+			test_perf_set_crypto_op = test_perf_set_crypto_op_aes;
+			break;
+		default:
+			return TEST_FAILED;
+		}
 	}
 
 	if (rte_cryptodev_count() == 0) {
@@ -3418,7 +3474,8 @@ test_perf_openssl(uint8_t dev_id, uint16_t queue_id,
 	/* Create Crypto session*/
 	sess = test_perf_create_openssl_session(ts_params->dev_id,
 			pparams->chain, pparams->cipher_algo,
-			pparams->cipher_key_length, pparams->auth_algo);
+			pparams->key_length, pparams->auth_algo,
+			pparams->aead_algo);
 	TEST_ASSERT_NOT_NULL(sess, "Session creation failed");
 
 	/* Generate a burst of crypto operations */
@@ -3548,7 +3605,7 @@ test_perf_armv8(uint8_t dev_id, uint16_t queue_id,
 	/* Create Crypto session*/
 	sess = test_perf_create_armv8_session(ts_params->dev_id,
 			pparams->chain, pparams->cipher_algo,
-			pparams->cipher_key_length, pparams->auth_algo);
+			pparams->key_length, pparams->auth_algo);
 	TEST_ASSERT_NOT_NULL(sess, "Session creation failed");
 
 	/* Generate a burst of crypto operations */
@@ -3674,48 +3731,48 @@ test_perf_aes_cbc_encrypt_digest_vary_pkt_size(void)
 		{
 			.chain = CIPHER_ONLY,
 			.cipher_algo  = RTE_CRYPTO_CIPHER_AES_CBC,
-			.cipher_key_length = 16,
+			.key_length = 16,
 			.auth_algo = RTE_CRYPTO_AUTH_NULL
 		},
 		{
 			.chain = CIPHER_HASH,
 			.cipher_algo  = RTE_CRYPTO_CIPHER_AES_CBC,
-			.cipher_key_length = 16,
+			.key_length = 16,
 			.auth_algo = RTE_CRYPTO_AUTH_SHA1_HMAC
 		},
 		{
 			.chain = CIPHER_HASH,
 
 			.cipher_algo  = RTE_CRYPTO_CIPHER_AES_CBC,
-			.cipher_key_length = 16,
+			.key_length = 16,
 			.auth_algo = RTE_CRYPTO_AUTH_SHA256_HMAC
 		},
 		{
 			.chain = CIPHER_HASH,
 
 			.cipher_algo  = RTE_CRYPTO_CIPHER_AES_CBC,
-			.cipher_key_length = 16,
+			.key_length = 16,
 			.auth_algo = RTE_CRYPTO_AUTH_SHA512_HMAC
 		},
 		{
 			.chain = CIPHER_HASH,
 
 			.cipher_algo  = RTE_CRYPTO_CIPHER_AES_CBC,
-			.cipher_key_length = 32,
+			.key_length = 32,
 			.auth_algo = RTE_CRYPTO_AUTH_SHA1_HMAC
 		},
 		{
 			.chain = CIPHER_HASH,
 
 			.cipher_algo  = RTE_CRYPTO_CIPHER_AES_CBC,
-			.cipher_key_length = 32,
+			.key_length = 32,
 			.auth_algo = RTE_CRYPTO_AUTH_SHA256_HMAC
 		},
 		{
 			.chain = CIPHER_HASH,
 
 			.cipher_algo  = RTE_CRYPTO_CIPHER_AES_CBC,
-			.cipher_key_length = 32,
+			.key_length = 32,
 			.auth_algo = RTE_CRYPTO_AUTH_SHA512_HMAC
 		},
 	};
@@ -3729,7 +3786,7 @@ test_perf_aes_cbc_encrypt_digest_vary_pkt_size(void)
 			chain_mode_name(params_set[i].chain),
 			rte_crypto_cipher_algorithm_strings[params_set[i].cipher_algo],
 			rte_crypto_auth_algorithm_strings[params_set[i].auth_algo],
-			params_set[i].cipher_key_length,
+			params_set[i].key_length,
 			burst_size);
 		printf("\nBuffer Size(B)\tOPS(M)\tThroughput(Gbps)\t"
 			"Retries\tEmptyPolls\n");
@@ -3755,14 +3812,14 @@ test_perf_snow3G_vary_pkt_size(void)
 		{
 			.chain = CIPHER_ONLY,
 			.cipher_algo  = RTE_CRYPTO_CIPHER_SNOW3G_UEA2,
-			.cipher_key_length = 16,
+			.key_length = 16,
 			.auth_algo  = RTE_CRYPTO_AUTH_NULL,
 		},
 		{
 			.chain = HASH_ONLY,
 			.cipher_algo = RTE_CRYPTO_CIPHER_NULL,
 			.auth_algo  = RTE_CRYPTO_AUTH_SNOW3G_UIA2,
-			.cipher_key_length = 16
+			.key_length = 16
 		},
 	};
 
@@ -3817,63 +3874,77 @@ test_perf_openssl_vary_pkt_size(void)
 			.chain = CIPHER_HASH,
 
 			.cipher_algo  = RTE_CRYPTO_CIPHER_3DES_CBC,
-			.cipher_key_length = 16,
+			.key_length = 16,
 			.auth_algo = RTE_CRYPTO_AUTH_SHA1_HMAC
 		},
 		{
 			.chain = CIPHER_HASH,
 
 			.cipher_algo  = RTE_CRYPTO_CIPHER_3DES_CBC,
-			.cipher_key_length = 24,
+			.key_length = 24,
 			.auth_algo = RTE_CRYPTO_AUTH_SHA1_HMAC
 		},
 		{
 			.chain = CIPHER_HASH,
 
 			.cipher_algo  = RTE_CRYPTO_CIPHER_AES_CTR,
-			.cipher_key_length = 16,
+			.key_length = 16,
 			.auth_algo = RTE_CRYPTO_AUTH_SHA1_HMAC
 		},
 		{
 			.chain = CIPHER_HASH,
 
 			.cipher_algo  = RTE_CRYPTO_CIPHER_AES_CTR,
-			.cipher_key_length = 32,
+			.key_length = 32,
 			.auth_algo = RTE_CRYPTO_AUTH_SHA1_HMAC
 		},
 		{
 			.chain = CIPHER_HASH,
 
 			.cipher_algo  = RTE_CRYPTO_CIPHER_3DES_CTR,
-			.cipher_key_length = 16,
+			.key_length = 16,
 			.auth_algo = RTE_CRYPTO_AUTH_SHA1_HMAC
 		},
 		{
 			.chain = CIPHER_HASH,
 
 			.cipher_algo  = RTE_CRYPTO_CIPHER_3DES_CTR,
-			.cipher_key_length = 24,
+			.key_length = 24,
 			.auth_algo = RTE_CRYPTO_AUTH_SHA1_HMAC
 		},
 		{
-			.chain = CIPHER_HASH,
+			.chain = AEAD,
 
-			.cipher_algo  = RTE_CRYPTO_CIPHER_AES_GCM,
-			.cipher_key_length = 16,
-			.auth_algo = RTE_CRYPTO_AUTH_AES_GCM
+			.aead_algo  = RTE_CRYPTO_AEAD_AES_GCM,
+			.key_length = 16,
 		},
 	};
 
 	for (i = 0; i < RTE_DIM(params_set); i++) {
 		params_set[i].total_operations = total_operations;
 		params_set[i].burst_size = burst_size;
-		printf("\n%s. cipher algo: %s auth algo: %s cipher key size=%u."
-			" burst_size: %d ops\n",
-			chain_mode_name(params_set[i].chain),
-			rte_crypto_cipher_algorithm_strings[params_set[i].cipher_algo],
-			rte_crypto_auth_algorithm_strings[params_set[i].auth_algo],
-			params_set[i].cipher_key_length,
-			burst_size);
+		if (params_set[i].chain == AEAD) {
+			enum rte_crypto_aead_algorithm aead_algo =
+				params_set[i].aead_algo;
+			printf("\n%s. aead algo: %s  key size=%u."
+				" burst_size: %d ops\n",
+				chain_mode_name(params_set[i].chain),
+				rte_crypto_aead_algorithm_strings[aead_algo],
+				params_set[i].key_length,
+				burst_size);
+		} else {
+			enum rte_crypto_cipher_algorithm cipher_algo =
+				params_set[i].cipher_algo;
+			enum rte_crypto_auth_algorithm auth_algo =
+				params_set[i].auth_algo;
+			printf("\n%s. cipher algo: %s auth algo: %s key size=%u."
+				" burst_size: %d ops\n",
+				chain_mode_name(params_set[i].chain),
+				rte_crypto_cipher_algorithm_strings[cipher_algo],
+				rte_crypto_auth_algorithm_strings[auth_algo],
+				params_set[i].key_length,
+				burst_size);
+		}
 		printf("\nBuffer Size(B)\tOPS(M)\tThroughput(Gbps)\tRetries\t"
 				"EmptyPolls\n");
 		for (j = 0; j < RTE_DIM(buf_lengths); j++) {
@@ -3898,50 +3969,49 @@ test_perf_openssl_vary_burst_size(void)
 			.chain = CIPHER_HASH,
 
 			.cipher_algo  = RTE_CRYPTO_CIPHER_3DES_CBC,
-			.cipher_key_length = 16,
+			.key_length = 16,
 			.auth_algo = RTE_CRYPTO_AUTH_SHA1_HMAC
 		},
 		{
 			.chain = CIPHER_HASH,
 
 			.cipher_algo  = RTE_CRYPTO_CIPHER_3DES_CBC,
-			.cipher_key_length = 24,
+			.key_length = 24,
 			.auth_algo = RTE_CRYPTO_AUTH_SHA1_HMAC
 		},
 		{
 			.chain = CIPHER_HASH,
 
 			.cipher_algo  = RTE_CRYPTO_CIPHER_AES_CTR,
-			.cipher_key_length = 16,
+			.key_length = 16,
 			.auth_algo = RTE_CRYPTO_AUTH_SHA1_HMAC
 		},
 		{
 			.chain = CIPHER_HASH,
 
 			.cipher_algo  = RTE_CRYPTO_CIPHER_AES_CTR,
-			.cipher_key_length = 32,
+			.key_length = 32,
 			.auth_algo = RTE_CRYPTO_AUTH_SHA1_HMAC
 		},
 		{
 			.chain = CIPHER_HASH,
 
 			.cipher_algo  = RTE_CRYPTO_CIPHER_3DES_CTR,
-			.cipher_key_length = 16,
+			.key_length = 16,
 			.auth_algo = RTE_CRYPTO_AUTH_SHA1_HMAC
 		},
 		{
 			.chain = CIPHER_HASH,
 
 			.cipher_algo  = RTE_CRYPTO_CIPHER_3DES_CTR,
-			.cipher_key_length = 24,
+			.key_length = 24,
 			.auth_algo = RTE_CRYPTO_AUTH_SHA1_HMAC
 		},
 		{
-			.chain = CIPHER_HASH,
+			.chain = AEAD,
 
-			.cipher_algo  = RTE_CRYPTO_CIPHER_AES_GCM,
-			.cipher_key_length = 16,
-			.auth_algo = RTE_CRYPTO_AUTH_AES_GCM
+			.aead_algo  = RTE_CRYPTO_AEAD_AES_GCM,
+			.key_length = 16,
 		},
 	};
 
@@ -3978,28 +4048,28 @@ test_perf_armv8_vary_pkt_size(void)
 			.chain = CIPHER_HASH,
 
 			.cipher_algo  = RTE_CRYPTO_CIPHER_AES_CBC,
-			.cipher_key_length = 16,
+			.key_length = 16,
 			.auth_algo = RTE_CRYPTO_AUTH_SHA1_HMAC
 		},
 		{
 			.chain = HASH_CIPHER,
 
 			.cipher_algo  = RTE_CRYPTO_CIPHER_AES_CBC,
-			.cipher_key_length = 16,
+			.key_length = 16,
 			.auth_algo = RTE_CRYPTO_AUTH_SHA1_HMAC
 		},
 		{
 			.chain = CIPHER_HASH,
 
 			.cipher_algo  = RTE_CRYPTO_CIPHER_AES_CBC,
-			.cipher_key_length = 16,
+			.key_length = 16,
 			.auth_algo = RTE_CRYPTO_AUTH_SHA256_HMAC
 		},
 		{
 			.chain = HASH_CIPHER,
 
 			.cipher_algo  = RTE_CRYPTO_CIPHER_AES_CBC,
-			.cipher_key_length = 16,
+			.key_length = 16,
 			.auth_algo = RTE_CRYPTO_AUTH_SHA256_HMAC
 		},
 	};
@@ -4012,7 +4082,7 @@ test_perf_armv8_vary_pkt_size(void)
 			chain_mode_name(params_set[i].chain),
 			rte_crypto_cipher_algorithm_strings[params_set[i].cipher_algo],
 			rte_crypto_auth_algorithm_strings[params_set[i].auth_algo],
-			params_set[i].cipher_key_length,
+			params_set[i].key_length,
 			burst_size);
 		printf("\nBuffer Size(B)\tOPS(M)\tThroughput(Gbps)\tRetries\t"
 				"EmptyPolls\n");
@@ -4038,28 +4108,28 @@ test_perf_armv8_vary_burst_size(void)
 			.chain = CIPHER_HASH,
 
 			.cipher_algo  = RTE_CRYPTO_CIPHER_AES_CBC,
-			.cipher_key_length = 16,
+			.key_length = 16,
 			.auth_algo = RTE_CRYPTO_AUTH_SHA1_HMAC
 		},
 		{
 			.chain = HASH_CIPHER,
 
 			.cipher_algo  = RTE_CRYPTO_CIPHER_AES_CBC,
-			.cipher_key_length = 16,
+			.key_length = 16,
 			.auth_algo = RTE_CRYPTO_AUTH_SHA1_HMAC
 		},
 		{
 			.chain = CIPHER_HASH,
 
 			.cipher_algo  = RTE_CRYPTO_CIPHER_AES_CBC,
-			.cipher_key_length = 16,
+			.key_length = 16,
 			.auth_algo = RTE_CRYPTO_AUTH_SHA256_HMAC
 		},
 		{
 			.chain = HASH_CIPHER,
 
 			.cipher_algo  = RTE_CRYPTO_CIPHER_AES_CBC,
-			.cipher_key_length = 16,
+			.key_length = 16,
 			.auth_algo = RTE_CRYPTO_AUTH_SHA256_HMAC
 		},
 	};
@@ -4094,48 +4164,26 @@ static struct rte_cryptodev_sym_session *
 test_perf_create_session(uint8_t dev_id, struct perf_test_params *pparams)
 {
 	static struct rte_cryptodev_sym_session *sess;
-	struct rte_crypto_sym_xform cipher_xform = { 0 };
-	struct rte_crypto_sym_xform auth_xform = { 0 };
-
-	uint8_t cipher_key[pparams->session_attrs->key_cipher_len];
-	uint8_t auth_key[pparams->session_attrs->key_auth_len];
-
-	memcpy(cipher_key, pparams->session_attrs->key_cipher_data,
-		 pparams->session_attrs->key_cipher_len);
-	memcpy(auth_key, pparams->session_attrs->key_auth_data,
-		 pparams->session_attrs->key_auth_len);
-
-	cipher_xform.type = RTE_CRYPTO_SYM_XFORM_CIPHER;
-	cipher_xform.next = NULL;
-
-	cipher_xform.cipher.algo = pparams->session_attrs->cipher_algorithm;
-	cipher_xform.cipher.op = pparams->session_attrs->cipher;
-	cipher_xform.cipher.key.data = cipher_key;
-	cipher_xform.cipher.key.length = pparams->session_attrs->key_cipher_len;
-	cipher_xform.cipher.iv.length = pparams->session_attrs->iv_len;
-	cipher_xform.cipher.iv.offset = IV_OFFSET;
+	struct rte_crypto_sym_xform aead_xform = { 0 };
 
-	auth_xform.type = RTE_CRYPTO_SYM_XFORM_AUTH;
-	auth_xform.next = NULL;
+	uint8_t aead_key[pparams->session_attrs->key_aead_len];
 
-	auth_xform.auth.op = pparams->session_attrs->auth;
-	auth_xform.auth.algo = pparams->session_attrs->auth_algorithm;
+	memcpy(aead_key, pparams->session_attrs->key_aead_data,
+		 pparams->session_attrs->key_aead_len);
 
-	auth_xform.auth.add_auth_data_length = pparams->session_attrs->aad_len;
-	auth_xform.auth.digest_length = pparams->session_attrs->digest_len;
-	auth_xform.auth.key.length = pparams->session_attrs->key_auth_len;
+	aead_xform.type = RTE_CRYPTO_SYM_XFORM_AEAD;
+	aead_xform.next = NULL;
 
+	aead_xform.aead.algo = pparams->session_attrs->aead_algorithm;
+	aead_xform.aead.op = pparams->session_attrs->aead;
+	aead_xform.aead.key.data = aead_key;
+	aead_xform.aead.key.length = pparams->session_attrs->key_aead_len;
+	aead_xform.aead.iv.length = pparams->session_attrs->iv_len;
+	aead_xform.aead.iv.offset = IV_OFFSET;
+	aead_xform.aead.add_auth_data_length = pparams->session_attrs->aad_len;
+	aead_xform.aead.digest_length = pparams->session_attrs->digest_len;
 
-	cipher_xform.cipher.op = RTE_CRYPTO_CIPHER_OP_ENCRYPT;
-	if (cipher_xform.cipher.op == RTE_CRYPTO_CIPHER_OP_ENCRYPT) {
-		cipher_xform.next = &auth_xform;
-		sess = rte_cryptodev_sym_session_create(dev_id,
-				&cipher_xform);
-	} else {
-		auth_xform.next = &cipher_xform;
-		sess = rte_cryptodev_sym_session_create(dev_id,
-				&auth_xform);
-	}
+	sess = rte_cryptodev_sym_session_create(dev_id,	&aead_xform);
 
 	return sess;
 }
@@ -4154,17 +4202,17 @@ perf_gcm_set_crypto_op(struct rte_crypto_op *op, struct rte_mbuf *m,
 		return NULL;
 	}
 
-	op->sym->auth.digest.data = m_hlp->digest;
-	op->sym->auth.digest.phys_addr = rte_pktmbuf_mtophys_offset(
+	op->sym->aead.digest.data = m_hlp->digest;
+	op->sym->aead.digest.phys_addr = rte_pktmbuf_mtophys_offset(
 					  m,
 					  params->session_attrs->aad_len +
 					  params->symmetric_op->p_len);
 
 
-	op->sym->auth.aad.data = m_hlp->aad;
-	op->sym->auth.aad.phys_addr = rte_pktmbuf_mtophys(m);
+	op->sym->aead.aad.data = m_hlp->aad;
+	op->sym->aead.aad.phys_addr = rte_pktmbuf_mtophys(m);
 
-	rte_memcpy(op->sym->auth.aad.data, params->symmetric_op->aad_data,
+	rte_memcpy(op->sym->aead.aad.data, params->symmetric_op->aad_data,
 		       params->session_attrs->aad_len);
 
 	rte_memcpy(iv_ptr, params->session_attrs->iv_data,
@@ -4172,13 +4220,9 @@ perf_gcm_set_crypto_op(struct rte_crypto_op *op, struct rte_mbuf *m,
 	if (params->session_attrs->iv_len == 12)
 		iv_ptr[15] = 1;
 
-	op->sym->auth.data.offset =
-			params->session_attrs->aad_len;
-	op->sym->auth.data.length = params->symmetric_op->p_len;
-
-	op->sym->cipher.data.offset =
+	op->sym->aead.data.offset =
 			params->session_attrs->aad_len;
-	op->sym->cipher.data.length = params->symmetric_op->p_len;
+	op->sym->aead.data.length = params->symmetric_op->p_len;
 
 	op->sym->m_src = m;
 
@@ -4392,20 +4436,14 @@ test_perf_AES_GCM(int continual_buf_len, int continual_size)
 
 		gcm_test = gcm_tests[i];
 
-		session_attrs[i].cipher =
-				RTE_CRYPTO_CIPHER_OP_ENCRYPT;
-		session_attrs[i].cipher_algorithm =
-				RTE_CRYPTO_CIPHER_AES_GCM;
-		session_attrs[i].key_cipher_data =
+		session_attrs[i].aead =
+				RTE_CRYPTO_AEAD_OP_ENCRYPT;
+		session_attrs[i].aead_algorithm =
+				RTE_CRYPTO_AEAD_AES_GCM;
+		session_attrs[i].key_aead_data =
 				gcm_test->key.data;
-		session_attrs[i].key_cipher_len =
+		session_attrs[i].key_aead_len =
 				gcm_test->key.len;
-		session_attrs[i].auth_algorithm =
-				RTE_CRYPTO_AUTH_AES_GCM;
-		session_attrs[i].auth =
-			RTE_CRYPTO_AUTH_OP_GENERATE;
-		session_attrs[i].key_auth_data = NULL;
-		session_attrs[i].key_auth_len = 0;
 		session_attrs[i].aad_len = gcm_test->aad.len;
 		session_attrs[i].digest_len =
 				gcm_test->auth_tag.len;
@@ -4420,7 +4458,7 @@ test_perf_AES_GCM(int continual_buf_len, int continual_size)
 		ops_set[i].t_data = gcm_test->auth_tags[i].data;
 		ops_set[i].t_len = gcm_test->auth_tags[i].len;
 
-		params_set[i].chain = CIPHER_HASH;
+		params_set[i].chain = AEAD;
 		params_set[i].session_attrs = &session_attrs[i];
 		params_set[i].symmetric_op = &ops_set[i];
 		if (continual_buf_len)
@@ -4522,7 +4560,7 @@ test_perf_continual_performance_test(void)
 		.chain = CIPHER_HASH,
 
 		.cipher_algo  = RTE_CRYPTO_CIPHER_AES_CBC,
-		.cipher_key_length = 16,
+		.key_length = 16,
 		.auth_algo = RTE_CRYPTO_AUTH_SHA1_HMAC
 	};
 
@@ -4532,7 +4570,7 @@ test_perf_continual_performance_test(void)
 			chain_mode_name(params_set.chain),
 			rte_crypto_cipher_algorithm_strings[params_set.cipher_algo],
 			rte_crypto_auth_algorithm_strings[params_set.auth_algo],
-			params_set.cipher_key_length,
+			params_set.key_length,
 			burst_size);
 		printf("\nBuffer Size(B)\tOPS(M)\tThroughput(Gbps)\t"
 				"Retries\tEmptyPolls\n");
-- 
2.9.4

^ permalink raw reply	[flat|nested] 100+ messages in thread

* [dpdk-dev] [PATCH v2 27/27] cryptodev: remove AAD from authentication structure
  2017-06-26 10:22 ` [dpdk-dev] [PATCH v2 00/27] Crypto operation restructuring Pablo de Lara
                     ` (25 preceding siblings ...)
  2017-06-26 10:22   ` [dpdk-dev] [PATCH v2 26/27] cryptodev: use AES-GCM/CCM as AEAD algorithms Pablo de Lara
@ 2017-06-26 10:23   ` Pablo de Lara
  2017-06-29 11:34   ` [dpdk-dev] [PATCH v3 00/26] Crypto operation restructuring Pablo de Lara
  2017-06-29 16:39   ` [dpdk-dev] [PATCH v2 00/27] " Akhil Goyal
  28 siblings, 0 replies; 100+ messages in thread
From: Pablo de Lara @ 2017-06-26 10:23 UTC (permalink / raw)
  To: declan.doherty, zbigniew.bodek, jerin.jacob, akhil.goyal, hemant.agrawal
  Cc: dev, Pablo de Lara

Now that AAD is only used in AEAD algorithms,
there is no need to keep AAD in the authentication
structure.

Signed-off-by: Pablo de Lara <pablo.de.lara.guarch@intel.com>
---
 app/test-crypto-perf/cperf_ops.c         |  2 --
 doc/guides/prog_guide/cryptodev_lib.rst  |  6 ------
 doc/guides/rel_notes/release_17_08.rst   |  3 +++
 drivers/crypto/openssl/rte_openssl_pmd.c |  1 -
 lib/librte_cryptodev/rte_crypto_sym.h    | 26 --------------------------
 test/test/test_cryptodev.c               |  4 ----
 test/test/test_cryptodev_perf.c          |  1 -
 7 files changed, 3 insertions(+), 40 deletions(-)

diff --git a/app/test-crypto-perf/cperf_ops.c b/app/test-crypto-perf/cperf_ops.c
index ac4a12b..75038cd 100644
--- a/app/test-crypto-perf/cperf_ops.c
+++ b/app/test-crypto-perf/cperf_ops.c
@@ -394,7 +394,6 @@ cperf_create_session(uint8_t dev_id,
 					test_vector->auth_iv.length;
 		} else {
 			auth_xform.auth.digest_length = 0;
-			auth_xform.auth.add_auth_data_length = 0;
 			auth_xform.auth.key.length = 0;
 			auth_xform.auth.key.data = NULL;
 			auth_xform.auth.iv.length = 0;
@@ -447,7 +446,6 @@ cperf_create_session(uint8_t dev_id,
 					test_vector->auth_key.data;
 		} else {
 			auth_xform.auth.digest_length = 0;
-			auth_xform.auth.add_auth_data_length = 0;
 			auth_xform.auth.key.length = 0;
 			auth_xform.auth.key.data = NULL;
 			auth_xform.auth.iv.length = 0;
diff --git a/doc/guides/prog_guide/cryptodev_lib.rst b/doc/guides/prog_guide/cryptodev_lib.rst
index 5048839..f250c00 100644
--- a/doc/guides/prog_guide/cryptodev_lib.rst
+++ b/doc/guides/prog_guide/cryptodev_lib.rst
@@ -567,12 +567,6 @@ chain.
                         uint8_t *data;
                         phys_addr_t phys_addr;
                     } digest; /**< Digest parameters */
-
-                    struct {
-                        uint8_t *data;
-                        phys_addr_t phys_addr;
-                    } aad;
-                    /**< Additional authentication parameters */
                 } auth;
             };
         };
diff --git a/doc/guides/rel_notes/release_17_08.rst b/doc/guides/rel_notes/release_17_08.rst
index 2c6bef5..d29b203 100644
--- a/doc/guides/rel_notes/release_17_08.rst
+++ b/doc/guides/rel_notes/release_17_08.rst
@@ -176,6 +176,9 @@ API Changes
   * Changed field size of digest length in ``rte_crypto_auth_xform``,
     from uint32_t to uint16_t.
   * Added AEAD structure in ``rte_crypto_sym_op``.
+  * Removed AAD length from ``rte_crypto_auth_xform``.
+  * Removed AAD pointer and physical address from auth structure
+    in ``rte_crypto_sym_op``.
 
 
 ABI Changes
diff --git a/drivers/crypto/openssl/rte_openssl_pmd.c b/drivers/crypto/openssl/rte_openssl_pmd.c
index ee2d71f..5258f06 100644
--- a/drivers/crypto/openssl/rte_openssl_pmd.c
+++ b/drivers/crypto/openssl/rte_openssl_pmd.c
@@ -413,7 +413,6 @@ openssl_set_session_auth_parameters(struct openssl_session *sess,
 		return -EINVAL;
 	}
 
-	sess->auth.aad_length = xform->auth.add_auth_data_length;
 	sess->auth.digest_length = xform->auth.digest_length;
 
 	return 0;
diff --git a/lib/librte_cryptodev/rte_crypto_sym.h b/lib/librte_cryptodev/rte_crypto_sym.h
index dab042b..742dc34 100644
--- a/lib/librte_cryptodev/rte_crypto_sym.h
+++ b/lib/librte_cryptodev/rte_crypto_sym.h
@@ -326,13 +326,6 @@ struct rte_crypto_auth_xform {
 	 * the result shall be truncated.
 	 */
 
-	uint16_t add_auth_data_length;
-	/**< The length of the additional authenticated data (AAD) in bytes.
-	 * The maximum permitted value is 65535 (2^16 - 1) bytes, unless
-	 * otherwise specified below.
-	 *
-	 */
-
 	struct {
 		uint16_t offset;
 		/**< Starting point for Initialisation Vector or Counter,
@@ -670,25 +663,6 @@ struct rte_crypto_sym_op {
 					phys_addr_t phys_addr;
 					/**< Physical address of digest */
 				} digest; /**< Digest parameters */
-
-				struct {
-					uint8_t *data;
-					/**< Pointer to Additional Authenticated
-					 * Data (AAD) needed for authenticated cipher
-					 * mechanisms (CCM and GCM).
-					 *
-					 * The length of the data pointed to by this
-					 * field is set up for the session in the @ref
-					 * rte_crypto_auth_xform structure as part of
-					 * the @ref rte_cryptodev_sym_session_create
-					 * function call.
-					 * This length must not exceed 65535 (2^16-1)
-					 * bytes.
-					 *
-					 */
-					phys_addr_t phys_addr;	/**< physical address */
-				} aad;
-				/**< Additional authentication parameters */
 			} auth;
 		};
 	};
diff --git a/test/test/test_cryptodev.c b/test/test/test_cryptodev.c
index 0f6c619..c10225f 100644
--- a/test/test/test_cryptodev.c
+++ b/test/test/test_cryptodev.c
@@ -5531,7 +5531,6 @@ static int MD5_HMAC_create_session(struct crypto_testsuite_params *ts_params,
 	ut_params->auth_xform.auth.algo = RTE_CRYPTO_AUTH_MD5_HMAC;
 
 	ut_params->auth_xform.auth.digest_length = MD5_DIGEST_LEN;
-	ut_params->auth_xform.auth.add_auth_data_length = 0;
 	ut_params->auth_xform.auth.key.length = test_case->key.len;
 	ut_params->auth_xform.auth.key.data = key;
 
@@ -6304,7 +6303,6 @@ static int create_gmac_session(uint8_t dev_id,
 	ut_params->auth_xform.auth.algo = RTE_CRYPTO_AUTH_AES_GMAC;
 	ut_params->auth_xform.auth.op = auth_op;
 	ut_params->auth_xform.auth.digest_length = tdata->gmac_tag.len;
-	ut_params->auth_xform.auth.add_auth_data_length = 0;
 	ut_params->auth_xform.auth.key.length = tdata->key.len;
 	ut_params->auth_xform.auth.key.data = auth_key;
 	ut_params->auth_xform.auth.iv.offset = IV_OFFSET;
@@ -6684,7 +6682,6 @@ create_auth_session(struct crypto_unittest_params *ut_params,
 	ut_params->auth_xform.auth.key.length = reference->auth_key.len;
 	ut_params->auth_xform.auth.key.data = auth_key;
 	ut_params->auth_xform.auth.digest_length = reference->digest.len;
-	ut_params->auth_xform.auth.add_auth_data_length = reference->aad.len;
 
 	/* Create Crypto session*/
 	ut_params->sess = rte_cryptodev_sym_session_create(dev_id,
@@ -6722,7 +6719,6 @@ create_auth_cipher_session(struct crypto_unittest_params *ut_params,
 		ut_params->auth_xform.auth.iv.length = reference->iv.len;
 	} else {
 		ut_params->auth_xform.next = &ut_params->cipher_xform;
-		ut_params->auth_xform.auth.add_auth_data_length = reference->aad.len;
 
 		/* Setup Cipher Parameters */
 		ut_params->cipher_xform.type = RTE_CRYPTO_SYM_XFORM_CIPHER;
diff --git a/test/test/test_cryptodev_perf.c b/test/test/test_cryptodev_perf.c
index 5b2468d..7ae1ae9 100644
--- a/test/test/test_cryptodev_perf.c
+++ b/test/test/test_cryptodev_perf.c
@@ -2936,7 +2936,6 @@ test_perf_set_crypto_op_aes(struct rte_crypto_op *op, struct rte_mbuf *m,
 	if (chain == CIPHER_ONLY) {
 		op->sym->auth.digest.data = NULL;
 		op->sym->auth.digest.phys_addr = 0;
-		op->sym->auth.aad.data = NULL;
 		op->sym->auth.data.offset = 0;
 		op->sym->auth.data.length = 0;
 	} else {
-- 
2.9.4

^ permalink raw reply	[flat|nested] 100+ messages in thread

* [dpdk-dev] [PATCH v3 00/26] Crypto operation restructuring
  2017-06-26 10:22 ` [dpdk-dev] [PATCH v2 00/27] Crypto operation restructuring Pablo de Lara
                     ` (26 preceding siblings ...)
  2017-06-26 10:23   ` [dpdk-dev] [PATCH v2 27/27] cryptodev: remove AAD from authentication structure Pablo de Lara
@ 2017-06-29 11:34   ` Pablo de Lara
  2017-06-29 11:34     ` [dpdk-dev] [PATCH v3 01/26] cryptodev: move session type to generic crypto op Pablo de Lara
                       ` (27 more replies)
  2017-06-29 16:39   ` [dpdk-dev] [PATCH v2 00/27] " Akhil Goyal
  28 siblings, 28 replies; 100+ messages in thread
From: Pablo de Lara @ 2017-06-29 11:34 UTC (permalink / raw)
  To: declan.doherty, zbigniew.bodek, jerin.jacob, akhil.goyal,
	hemant.agrawal, fiona.trahe, john.griffin, deepak.k.jain
  Cc: dev, Pablo de Lara

This patchset attempts to correct and improve the current crypto operation
(rte_crypto_op) and symmetric crypto operation (rte_crypto_sym_op) structures,
shrinking their sizes to fit both structures into two 64-byte cache lines
(with extra space for the IV and other user data) as one of the goals.

It also introduces new AEAD algorithm specific parameters,
to simplify its setup with a single transform, instead of a concatenation
of a cipher and an authentication transform.

The following changes are made:

In rte_crypto_op:

- Moved session type (with session/sessionless) from symmetric op to crypto op,
  as this could be used for other types

- Combined operation type, operation status and session type into a 64-bit flag (each one taking 1 byte),
  instead of having enums taking 4 bytes each

- Removed opaque data from crypto operation, as private data can be allocated
  just after the symmetric (or other type) crypto operation

- Modified symmetric operation pointer to zero-array, as the symmetric op should be always after the crypto operation

- Removed unnecessary cache alignment

In rte_crypto_sym_xform:

- Added IV length and offset in sym_xform, so these will be fixed for all the operations in a session

- Added a new AEAD transform

- Added IV for authentication and AEAD transforms

- Removed AAD length from authentication transform, as it is only used for AEAD algorithms

In rte_crypto_sym_op:

- Removed IV parameters, which will be only in the session.

- Added AEAD specific parameters.

- Create union with the new AEAD parameters and the cipher/authentication parameters,
  as the three cannot be used at the same time

- Removed digest length from sym crypto op, so this length will be fixed for all the operations in a session

- Removed AAD length from sym crypto op, so this length will be fixed for all operations in a session

- Removed AAD from authentication structure, as it is only used for AEAD algorithms

- Added zero-array at the end of sym crypto op to be used to get extra allocated memory (IV + other user data)


In terms of algorithm usage:

- AEAD algorithms (like AES-GCM) are set up only using the AEAD structure

- AES GMAC will be an authentication only algorithm, using the source buffer directly, instead of AAD field

- Wireless algorithms (like SNOW3G) do not use AAD field for authentication IV anymore, as this is available now.


Finally, a comparison between the previous operation and the new operation:

Previous rte_crypto_op (40 bytes) and rte_crypto_sym_op (114 bytes) structures:

struct rte_crypto_op {
    enum rte_crypto_op_type type;
    enum rte_crypto_op_status status;
    struct rte_mempool *mempool;
    phys_addr_t phys_addr;
    void *opaque_data;
    union {
       struct rte_crypto_sym_op *sym;
    };
} __rte_cache_aligned;

struct rte_crypto_sym_op {
    struct rte_mbuf *m_src;
    struct rte_mbuf *m_dst;

    enum rte_crypto_sym_op_sess_type sess_type;

    RTE_STD_C11
    union {
       struct rte_cryptodev_sym_session *session;
       struct rte_crypto_sym_xform *xform;
    };

    struct {
        struct {
            uint32_t offset;
            uint32_t length;
        } data;

        struct {
            uint8_t *data;
            phys_addr_t phys_addr;
            uint16_t length;
        } iv;
    } cipher;

    struct {
        struct {
            uint32_t offset;
            uint32_t length;
        } data;
        struct {
            uint8_t *data;
            phys_addr_t phys_addr;
            uint16_t length;
        } digest; /**< Digest parameters */

        struct {
            uint8_t *data;
            phys_addr_t phys_addr;
            uint16_t length;
        } aad;

    } auth;
} __rte_cache_aligned;


New rte_crypto_op (24 bytes) and rte_crypto_sym_op (72 bytes) structures:

struct rte_crypto_op {
    uint64_t type: 8;
    uint64_t status: 8;
    uint64_t sess_type: 8;

    struct rte_mempool *mempool;

    phys_addr_t phys_addr;

    RTE_STD_C11
    union {
       struct rte_crypto_sym_op sym[0];
    };
} __rte_cache_aligned;


struct rte_crypto_sym_op {
    struct rte_mbuf *m_src;
    struct rte_mbuf *m_dst;

    union {
        struct rte_cryptodev_sym_session *session;
        /**< Handle for the initialised session context */
        struct rte_crypto_sym_xform *xform;
        /**< Session-less API Crypto operation parameters */
    };

    union {
        struct {
            struct {
                uint32_t offset;
                uint32_t length;
            } data; /**< Data offsets and length for AEAD */

            struct {
                uint8_t *data;
                phys_addr_t phys_addr;
            } digest; /**< Digest parameters */

            struct {
                uint8_t *data;
                phys_addr_t phys_addr;
            } aad;
            /**< Additional authentication parameters */
        } aead;

        struct {
            struct {
                struct {
                    uint32_t offset;
                    uint32_t length;
                } data; /**< Data offsets and length for ciphering */
            } cipher;

            struct {
                struct {
                    uint32_t offset;
                    uint32_t length;
                } data;
                /**< Data offsets and length for authentication */

                struct {
                    uint8_t *data;
                    phys_addr_t phys_addr;
                } digest; /**< Digest parameters */
            } auth;
        };
    };
};

Changes in v3:

- Removed unnecessary branch in test code

- Removed unnecessary memcpy in perf application

- Removed fix for QAT, which will be sent separated

- Rebased against dpdk-next-crypto subtree

Changes in v2:

- Added AEAD structures

- Added authentication IV (used for AES-GMAC and wireless algorithms)

- Modified all applications with the changes

- Modified all drivers with the changes

- Moved AAD length to the crypto session

- Rebased against latest dpdk-next-crypto

- Added documentation changes

Pablo de Lara (26):
  cryptodev: move session type to generic crypto op
  cryptodev: replace enums with 1-byte variables
  cryptodev: remove opaque data pointer in crypto op
  cryptodev: do not store pointer to op specific params
  cryptodev: remove useless alignment
  cryptodev: add crypto op helper macros
  test/crypto: move IV to crypto op private data
  test/crypto-perf: move IV to crypto op private data
  app/crypto-perf: move IV to crypto op private data
  examples/l2fwd-crypto: move IV to crypto op private data
  examples/ipsec-secgw: move IV to crypto op private data
  cryptodev: pass IV as offset
  cryptodev: move IV parameters to crypto session
  cryptodev: add auth IV
  cryptodev: do not use AAD in wireless algorithms
  cryptodev: remove AAD length from crypto op
  cryptodev: remove digest length from crypto op
  cryptodev: set AES-GMAC as auth-only algo
  cryptodev: add AEAD specific data
  cryptodev: add AEAD parameters in crypto operation
  examples/l2fwd-crypto: avoid too many tabs
  app/test-crypto-perf: add AEAD parameters
  examples/ipsec-secgw: add AEAD parameters
  examples/l2fwd-crypto: add AEAD parameters
  cryptodev: use AES-GCM/CCM as AEAD algorithms
  cryptodev: remove AAD from authentication structure

 app/test-crypto-perf/cperf_ops.c                   |  246 ++--
 app/test-crypto-perf/cperf_ops.h                   |    6 +-
 app/test-crypto-perf/cperf_options.h               |   24 +-
 app/test-crypto-perf/cperf_options_parsing.c       |  148 ++-
 app/test-crypto-perf/cperf_test_latency.c          |   59 +-
 app/test-crypto-perf/cperf_test_throughput.c       |   24 +-
 app/test-crypto-perf/cperf_test_vector_parsing.c   |   67 +-
 app/test-crypto-perf/cperf_test_vectors.c          |  140 ++-
 app/test-crypto-perf/cperf_test_vectors.h          |   20 +-
 app/test-crypto-perf/cperf_test_verify.c           |   25 +-
 app/test-crypto-perf/data/aes_cbc_128_sha.data     |    2 +-
 app/test-crypto-perf/data/aes_cbc_192_sha.data     |    2 +-
 app/test-crypto-perf/data/aes_cbc_256_sha.data     |    2 +-
 app/test-crypto-perf/main.c                        |   61 +-
 doc/guides/prog_guide/cryptodev_lib.rst            |  107 +-
 doc/guides/prog_guide/img/crypto_xform_chain.svg   |    8 +-
 doc/guides/rel_notes/release_17_08.rst             |   36 +
 doc/guides/sample_app_ug/ipsec_secgw.rst           |   43 +-
 doc/guides/sample_app_ug/l2_forward_crypto.rst     |   41 +-
 doc/guides/tools/cryptoperf.rst                    |   50 +-
 drivers/crypto/aesni_gcm/aesni_gcm_pmd.c           |  260 +++--
 drivers/crypto/aesni_gcm/aesni_gcm_pmd_ops.c       |   32 +-
 drivers/crypto/aesni_gcm/aesni_gcm_pmd_private.h   |   13 +-
 drivers/crypto/aesni_mb/rte_aesni_mb_pmd.c         |   16 +-
 drivers/crypto/aesni_mb/rte_aesni_mb_pmd_ops.c     |   21 +-
 drivers/crypto/aesni_mb/rte_aesni_mb_pmd_private.h |    5 +
 drivers/crypto/armv8/rte_armv8_pmd.c               |   26 +-
 drivers/crypto/armv8/rte_armv8_pmd_ops.c           |    6 +-
 drivers/crypto/armv8/rte_armv8_pmd_private.h       |    9 +-
 drivers/crypto/dpaa2_sec/dpaa2_sec_dpseci.c        |   87 +-
 drivers/crypto/dpaa2_sec/dpaa2_sec_priv.h          |   25 +-
 drivers/crypto/kasumi/rte_kasumi_pmd.c             |   88 +-
 drivers/crypto/kasumi/rte_kasumi_pmd_ops.c         |    5 +-
 drivers/crypto/kasumi/rte_kasumi_pmd_private.h     |    2 +
 drivers/crypto/null/null_crypto_pmd.c              |   15 +-
 drivers/crypto/null/null_crypto_pmd_ops.c          |    9 +-
 drivers/crypto/openssl/rte_openssl_pmd.c           |  209 +++-
 drivers/crypto/openssl/rte_openssl_pmd_ops.c       |  103 +-
 drivers/crypto/openssl/rte_openssl_pmd_private.h   |   14 +
 drivers/crypto/qat/qat_adf/qat_algs.h              |    9 +
 drivers/crypto/qat/qat_adf/qat_algs_build_desc.c   |    7 +-
 drivers/crypto/qat/qat_crypto.c                    |  341 ++++--
 drivers/crypto/qat/qat_crypto.h                    |    4 +
 drivers/crypto/qat/qat_crypto_capabilities.h       |   82 +-
 drivers/crypto/snow3g/rte_snow3g_pmd.c             |   79 +-
 drivers/crypto/snow3g/rte_snow3g_pmd_ops.c         |    5 +-
 drivers/crypto/snow3g/rte_snow3g_pmd_private.h     |    2 +
 drivers/crypto/zuc/rte_zuc_pmd.c                   |   63 +-
 drivers/crypto/zuc/rte_zuc_pmd_ops.c               |    7 +-
 drivers/crypto/zuc/rte_zuc_pmd_private.h           |    2 +
 examples/ipsec-secgw/esp.c                         |  243 ++--
 examples/ipsec-secgw/ipsec.c                       |    1 -
 examples/ipsec-secgw/ipsec.h                       |    6 +-
 examples/ipsec-secgw/sa.c                          |  285 +++--
 examples/l2fwd-crypto/main.c                       |  721 +++++++++---
 lib/librte_cryptodev/rte_crypto.h                  |   37 +-
 lib/librte_cryptodev/rte_crypto_sym.h              |  618 +++++-----
 lib/librte_cryptodev/rte_cryptodev.c               |   71 +-
 lib/librte_cryptodev/rte_cryptodev.h               |   90 +-
 lib/librte_cryptodev/rte_cryptodev_version.map     |    4 +
 test/test/test_cryptodev.c                         | 1176 ++++++++------------
 test/test/test_cryptodev.h                         |    6 +
 test/test/test_cryptodev_blockcipher.c             |   41 +-
 test/test/test_cryptodev_gcm_test_vectors.h        |   29 +-
 .../test/test_cryptodev_kasumi_hash_test_vectors.h |   16 +-
 test/test/test_cryptodev_kasumi_test_vectors.h     |   20 +-
 test/test/test_cryptodev_perf.c                    |  673 +++++------
 .../test/test_cryptodev_snow3g_hash_test_vectors.h |   14 +-
 test/test/test_cryptodev_snow3g_test_vectors.h     |   24 +-
 test/test/test_cryptodev_zuc_test_vectors.h        |   38 +-
 70 files changed, 4044 insertions(+), 2726 deletions(-)

-- 
2.9.4

^ permalink raw reply	[flat|nested] 100+ messages in thread

* [dpdk-dev] [PATCH v3 01/26] cryptodev: move session type to generic crypto op
  2017-06-29 11:34   ` [dpdk-dev] [PATCH v3 00/26] Crypto operation restructuring Pablo de Lara
@ 2017-06-29 11:34     ` Pablo de Lara
  2017-06-29 11:34     ` [dpdk-dev] [PATCH v3 02/26] cryptodev: replace enums with 1-byte variables Pablo de Lara
                       ` (26 subsequent siblings)
  27 siblings, 0 replies; 100+ messages in thread
From: Pablo de Lara @ 2017-06-29 11:34 UTC (permalink / raw)
  To: declan.doherty, zbigniew.bodek, jerin.jacob, akhil.goyal,
	hemant.agrawal, fiona.trahe, john.griffin, deepak.k.jain
  Cc: dev, Pablo de Lara

Session type (operation with or without session) is not
something specific to symmetric operations.
Therefore, the variable is moved to the generic crypto operation
structure.

Signed-off-by: Pablo de Lara <pablo.de.lara.guarch@intel.com>
Acked-by: Akhil Goyal <akhil.goyal@nxp.com>
---
 doc/guides/prog_guide/cryptodev_lib.rst     | 21 ++++++++++-----------
 doc/guides/rel_notes/release_17_08.rst      |  8 ++++++++
 drivers/crypto/aesni_gcm/aesni_gcm_pmd.c    | 15 ++++++++-------
 drivers/crypto/aesni_mb/rte_aesni_mb_pmd.c  |  4 ++--
 drivers/crypto/armv8/rte_armv8_pmd.c        |  4 ++--
 drivers/crypto/dpaa2_sec/dpaa2_sec_dpseci.c |  2 +-
 drivers/crypto/kasumi/rte_kasumi_pmd.c      |  6 +++---
 drivers/crypto/null/null_crypto_pmd.c       | 15 ++++++++-------
 drivers/crypto/openssl/rte_openssl_pmd.c    |  4 ++--
 drivers/crypto/qat/qat_crypto.c             |  2 +-
 drivers/crypto/snow3g/rte_snow3g_pmd.c      |  6 +++---
 drivers/crypto/zuc/rte_zuc_pmd.c            |  4 ++--
 lib/librte_cryptodev/rte_crypto.h           | 15 +++++++++++++++
 lib/librte_cryptodev/rte_crypto_sym.h       | 16 ----------------
 test/test/test_cryptodev.c                  |  8 ++++----
 15 files changed, 69 insertions(+), 61 deletions(-)

diff --git a/doc/guides/prog_guide/cryptodev_lib.rst b/doc/guides/prog_guide/cryptodev_lib.rst
index 4f98f28..229cb7a 100644
--- a/doc/guides/prog_guide/cryptodev_lib.rst
+++ b/doc/guides/prog_guide/cryptodev_lib.rst
@@ -1,5 +1,5 @@
 ..  BSD LICENSE
-    Copyright(c) 2016 Intel Corporation. All rights reserved.
+    Copyright(c) 2016-2017 Intel Corporation. All rights reserved.
 
     Redistribution and use in source and binary forms, with or without
     modification, are permitted provided that the following conditions
@@ -359,11 +359,12 @@ Crypto operation to be processed on a particular Crypto device poll mode driver.
 
 .. figure:: img/crypto_op.*
 
-The operation structure includes the operation type and the operation status,
-a reference to the operation specific data, which can vary in size and content
-depending on the operation being provisioned. It also contains the source
-mempool for the operation, if it allocate from a mempool. Finally an
-opaque pointer for user specific data is provided.
+The operation structure includes the operation type, the operation status
+and the session type (session-based/less), a reference to the operation
+specific data, which can vary in size and content depending on the operation
+being provisioned. It also contains the source mempool for the operation,
+if it allocate from a mempool. Finally an opaque pointer for user specific
+data is provided.
 
 If Crypto operations are allocated from a Crypto operation mempool, see next
 section, there is also the ability to allocate private memory with the
@@ -512,9 +513,9 @@ buffer. It is used for either cipher, authentication, AEAD and chained
 operations.
 
 As a minimum the symmetric operation must have a source data buffer (``m_src``),
-the session type (session-based/less), a valid session (or transform chain if in
-session-less mode) and the minimum authentication/ cipher parameters required
-depending on the type of operation specified in the session or the transform
+a valid session (or transform chain if in session-less mode) and the minimum
+authentication/ cipher parameters required depending on the type of operation
+specified in the session or the transform
 chain.
 
 .. code-block:: c
@@ -523,8 +524,6 @@ chain.
         struct rte_mbuf *m_src;
         struct rte_mbuf *m_dst;
 
-        enum rte_crypto_sym_op_sess_type type;
-
         union {
             struct rte_cryptodev_sym_session *session;
             /**< Handle for the initialised session context */
diff --git a/doc/guides/rel_notes/release_17_08.rst b/doc/guides/rel_notes/release_17_08.rst
index 842f46f..2bc405d 100644
--- a/doc/guides/rel_notes/release_17_08.rst
+++ b/doc/guides/rel_notes/release_17_08.rst
@@ -144,6 +144,14 @@ API Changes
    Also, make sure to start the actual text at the margin.
    =========================================================
 
+* **Reworked rte_cryptodev library.**
+
+  The rte_cryptodev library has been reworked and updated. The following changes
+  have been made to it:
+
+  * Removed the field ``rte_crypto_sym_op_sess_type`` from ``rte_crypto_sym_op``,
+    and moved it to ``rte_crypto_op`` as ``rte_crypto_op_sess_type``.
+
 
 ABI Changes
 -----------
diff --git a/drivers/crypto/aesni_gcm/aesni_gcm_pmd.c b/drivers/crypto/aesni_gcm/aesni_gcm_pmd.c
index 1b95c23..a0154ff 100644
--- a/drivers/crypto/aesni_gcm/aesni_gcm_pmd.c
+++ b/drivers/crypto/aesni_gcm/aesni_gcm_pmd.c
@@ -139,16 +139,17 @@ aesni_gcm_set_session_parameters(struct aesni_gcm_session *sess,
 
 /** Get gcm session */
 static struct aesni_gcm_session *
-aesni_gcm_get_session(struct aesni_gcm_qp *qp, struct rte_crypto_sym_op *op)
+aesni_gcm_get_session(struct aesni_gcm_qp *qp, struct rte_crypto_op *op)
 {
 	struct aesni_gcm_session *sess = NULL;
+	struct rte_crypto_sym_op *sym_op = op->sym;
 
-	if (op->sess_type == RTE_CRYPTO_SYM_OP_WITH_SESSION) {
-		if (unlikely(op->session->dev_type
+	if (op->sess_type == RTE_CRYPTO_OP_WITH_SESSION) {
+		if (unlikely(sym_op->session->dev_type
 					!= RTE_CRYPTODEV_AESNI_GCM_PMD))
 			return sess;
 
-		sess = (struct aesni_gcm_session *)op->session->_private;
+		sess = (struct aesni_gcm_session *)sym_op->session->_private;
 	} else  {
 		void *_sess;
 
@@ -159,7 +160,7 @@ aesni_gcm_get_session(struct aesni_gcm_qp *qp, struct rte_crypto_sym_op *op)
 			((struct rte_cryptodev_sym_session *)_sess)->_private;
 
 		if (unlikely(aesni_gcm_set_session_parameters(sess,
-				op->xform) != 0)) {
+				sym_op->xform) != 0)) {
 			rte_mempool_put(qp->sess_mp, _sess);
 			sess = NULL;
 		}
@@ -372,7 +373,7 @@ handle_completed_gcm_crypto_op(struct aesni_gcm_qp *qp,
 	post_process_gcm_crypto_op(op);
 
 	/* Free session if a session-less crypto op */
-	if (op->sym->sess_type == RTE_CRYPTO_SYM_OP_SESSIONLESS) {
+	if (op->sess_type == RTE_CRYPTO_OP_SESSIONLESS) {
 		rte_mempool_put(qp->sess_mp, op->sym->session);
 		op->sym->session = NULL;
 	}
@@ -393,7 +394,7 @@ aesni_gcm_pmd_dequeue_burst(void *queue_pair,
 
 	for (i = 0; i < nb_dequeued; i++) {
 
-		sess = aesni_gcm_get_session(qp, ops[i]->sym);
+		sess = aesni_gcm_get_session(qp, ops[i]);
 		if (unlikely(sess == NULL)) {
 			ops[i]->status = RTE_CRYPTO_OP_STATUS_INVALID_ARGS;
 			qp->qp_stats.dequeue_err_count++;
diff --git a/drivers/crypto/aesni_mb/rte_aesni_mb_pmd.c b/drivers/crypto/aesni_mb/rte_aesni_mb_pmd.c
index f9a7d5b..ccdb3a7 100644
--- a/drivers/crypto/aesni_mb/rte_aesni_mb_pmd.c
+++ b/drivers/crypto/aesni_mb/rte_aesni_mb_pmd.c
@@ -345,7 +345,7 @@ get_session(struct aesni_mb_qp *qp, struct rte_crypto_op *op)
 {
 	struct aesni_mb_session *sess = NULL;
 
-	if (op->sym->sess_type == RTE_CRYPTO_SYM_OP_WITH_SESSION) {
+	if (op->sess_type == RTE_CRYPTO_OP_WITH_SESSION) {
 		if (unlikely(op->sym->session->dev_type !=
 				RTE_CRYPTODEV_AESNI_MB_PMD)) {
 			return NULL;
@@ -541,7 +541,7 @@ post_process_mb_job(struct aesni_mb_qp *qp, JOB_AES_HMAC *job)
 	}
 
 	/* Free session if a session-less crypto op */
-	if (op->sym->sess_type == RTE_CRYPTO_SYM_OP_SESSIONLESS) {
+	if (op->sess_type == RTE_CRYPTO_OP_SESSIONLESS) {
 		rte_mempool_put(qp->sess_mp, op->sym->session);
 		op->sym->session = NULL;
 	}
diff --git a/drivers/crypto/armv8/rte_armv8_pmd.c b/drivers/crypto/armv8/rte_armv8_pmd.c
index 83dae87..4a79b61 100644
--- a/drivers/crypto/armv8/rte_armv8_pmd.c
+++ b/drivers/crypto/armv8/rte_armv8_pmd.c
@@ -545,7 +545,7 @@ get_session(struct armv8_crypto_qp *qp, struct rte_crypto_op *op)
 {
 	struct armv8_crypto_session *sess = NULL;
 
-	if (op->sym->sess_type == RTE_CRYPTO_SYM_OP_WITH_SESSION) {
+	if (op->sess_type == RTE_CRYPTO_OP_WITH_SESSION) {
 		/* get existing session */
 		if (likely(op->sym->session != NULL &&
 				op->sym->session->dev_type ==
@@ -700,7 +700,7 @@ process_op(const struct armv8_crypto_qp *qp, struct rte_crypto_op *op,
 	}
 
 	/* Free session if a session-less crypto op */
-	if (op->sym->sess_type == RTE_CRYPTO_SYM_OP_SESSIONLESS) {
+	if (op->sess_type == RTE_CRYPTO_OP_SESSIONLESS) {
 		memset(sess, 0, sizeof(struct armv8_crypto_session));
 		rte_mempool_put(qp->sess_mp, op->sym->session);
 		op->sym->session = NULL;
diff --git a/drivers/crypto/dpaa2_sec/dpaa2_sec_dpseci.c b/drivers/crypto/dpaa2_sec/dpaa2_sec_dpseci.c
index e32b27e..e154395 100644
--- a/drivers/crypto/dpaa2_sec/dpaa2_sec_dpseci.c
+++ b/drivers/crypto/dpaa2_sec/dpaa2_sec_dpseci.c
@@ -437,7 +437,7 @@ dpaa2_sec_enqueue_burst(void *qp, struct rte_crypto_op **ops,
 	if (unlikely(nb_ops == 0))
 		return 0;
 
-	if (ops[0]->sym->sess_type != RTE_CRYPTO_SYM_OP_WITH_SESSION) {
+	if (ops[0]->sess_type != RTE_CRYPTO_OP_WITH_SESSION) {
 		RTE_LOG(ERR, PMD, "sessionless crypto op not supported\n");
 		return 0;
 	}
diff --git a/drivers/crypto/kasumi/rte_kasumi_pmd.c b/drivers/crypto/kasumi/rte_kasumi_pmd.c
index 70bf228..c539650 100644
--- a/drivers/crypto/kasumi/rte_kasumi_pmd.c
+++ b/drivers/crypto/kasumi/rte_kasumi_pmd.c
@@ -143,7 +143,7 @@ kasumi_get_session(struct kasumi_qp *qp, struct rte_crypto_op *op)
 {
 	struct kasumi_session *sess;
 
-	if (op->sym->sess_type == RTE_CRYPTO_SYM_OP_WITH_SESSION) {
+	if (op->sess_type == RTE_CRYPTO_OP_WITH_SESSION) {
 		if (unlikely(op->sym->session->dev_type !=
 				RTE_CRYPTODEV_KASUMI_PMD))
 			return NULL;
@@ -353,7 +353,7 @@ process_ops(struct rte_crypto_op **ops, struct kasumi_session *session,
 		if (ops[i]->status == RTE_CRYPTO_OP_STATUS_NOT_PROCESSED)
 			ops[i]->status = RTE_CRYPTO_OP_STATUS_SUCCESS;
 		/* Free session if a session-less crypto op. */
-		if (ops[i]->sym->sess_type == RTE_CRYPTO_SYM_OP_SESSIONLESS) {
+		if (ops[i]->sess_type == RTE_CRYPTO_OP_SESSIONLESS) {
 			rte_mempool_put(qp->sess_mp, ops[i]->sym->session);
 			ops[i]->sym->session = NULL;
 		}
@@ -405,7 +405,7 @@ process_op_bit(struct rte_crypto_op *op, struct kasumi_session *session,
 		op->status = RTE_CRYPTO_OP_STATUS_SUCCESS;
 
 	/* Free session if a session-less crypto op. */
-	if (op->sym->sess_type == RTE_CRYPTO_SYM_OP_SESSIONLESS) {
+	if (op->sess_type == RTE_CRYPTO_OP_SESSIONLESS) {
 		rte_mempool_put(qp->sess_mp, op->sym->session);
 		op->sym->session = NULL;
 	}
diff --git a/drivers/crypto/null/null_crypto_pmd.c b/drivers/crypto/null/null_crypto_pmd.c
index 53bdc3e..b1e465a 100644
--- a/drivers/crypto/null/null_crypto_pmd.c
+++ b/drivers/crypto/null/null_crypto_pmd.c
@@ -90,16 +90,17 @@ process_op(const struct null_crypto_qp *qp, struct rte_crypto_op *op,
 }
 
 static struct null_crypto_session *
-get_session(struct null_crypto_qp *qp, struct rte_crypto_sym_op *op)
+get_session(struct null_crypto_qp *qp, struct rte_crypto_op *op)
 {
 	struct null_crypto_session *sess;
+	struct rte_crypto_sym_op *sym_op = op->sym;
 
-	if (op->sess_type == RTE_CRYPTO_SYM_OP_WITH_SESSION) {
-		if (unlikely(op->session == NULL ||
-			     op->session->dev_type != RTE_CRYPTODEV_NULL_PMD))
+	if (op->sess_type == RTE_CRYPTO_OP_WITH_SESSION) {
+		if (unlikely(sym_op->session == NULL ||
+			     sym_op->session->dev_type != RTE_CRYPTODEV_NULL_PMD))
 			return NULL;
 
-		sess = (struct null_crypto_session *)op->session->_private;
+		sess = (struct null_crypto_session *)sym_op->session->_private;
 	} else  {
 		struct rte_cryptodev_session *c_sess = NULL;
 
@@ -108,7 +109,7 @@ get_session(struct null_crypto_qp *qp, struct rte_crypto_sym_op *op)
 
 		sess = (struct null_crypto_session *)c_sess->_private;
 
-		if (null_crypto_set_session_parameters(sess, op->xform)	!= 0)
+		if (null_crypto_set_session_parameters(sess, sym_op->xform) != 0)
 			return NULL;
 	}
 
@@ -126,7 +127,7 @@ null_crypto_pmd_enqueue_burst(void *queue_pair, struct rte_crypto_op **ops,
 	int i, retval;
 
 	for (i = 0; i < nb_ops; i++) {
-		sess = get_session(qp, ops[i]->sym);
+		sess = get_session(qp, ops[i]);
 		if (unlikely(sess == NULL))
 			goto enqueue_err;
 
diff --git a/drivers/crypto/openssl/rte_openssl_pmd.c b/drivers/crypto/openssl/rte_openssl_pmd.c
index 5d29171..9f4d9b7 100644
--- a/drivers/crypto/openssl/rte_openssl_pmd.c
+++ b/drivers/crypto/openssl/rte_openssl_pmd.c
@@ -446,7 +446,7 @@ get_session(struct openssl_qp *qp, struct rte_crypto_op *op)
 {
 	struct openssl_session *sess = NULL;
 
-	if (op->sym->sess_type == RTE_CRYPTO_SYM_OP_WITH_SESSION) {
+	if (op->sess_type == RTE_CRYPTO_OP_WITH_SESSION) {
 		/* get existing session */
 		if (likely(op->sym->session != NULL &&
 				op->sym->session->dev_type ==
@@ -1196,7 +1196,7 @@ process_op(const struct openssl_qp *qp, struct rte_crypto_op *op,
 	}
 
 	/* Free session if a session-less crypto op */
-	if (op->sym->sess_type == RTE_CRYPTO_SYM_OP_SESSIONLESS) {
+	if (op->sess_type == RTE_CRYPTO_OP_SESSIONLESS) {
 		openssl_reset_session(sess);
 		memset(sess, 0, sizeof(struct openssl_session));
 		rte_mempool_put(qp->sess_mp, op->sym->session);
diff --git a/drivers/crypto/qat/qat_crypto.c b/drivers/crypto/qat/qat_crypto.c
index 8b7b2fa..9b294e4 100644
--- a/drivers/crypto/qat/qat_crypto.c
+++ b/drivers/crypto/qat/qat_crypto.c
@@ -908,7 +908,7 @@ qat_write_hw_desc_entry(struct rte_crypto_op *op, uint8_t *out_msg,
 		return -EINVAL;
 	}
 #endif
-	if (unlikely(op->sym->sess_type == RTE_CRYPTO_SYM_OP_SESSIONLESS)) {
+	if (unlikely(op->sess_type == RTE_CRYPTO_OP_SESSIONLESS)) {
 		PMD_DRV_LOG(ERR, "QAT PMD only supports session oriented"
 				" requests, op (%p) is sessionless.", op);
 		return -EINVAL;
diff --git a/drivers/crypto/snow3g/rte_snow3g_pmd.c b/drivers/crypto/snow3g/rte_snow3g_pmd.c
index 8945f19..84757ac 100644
--- a/drivers/crypto/snow3g/rte_snow3g_pmd.c
+++ b/drivers/crypto/snow3g/rte_snow3g_pmd.c
@@ -143,7 +143,7 @@ snow3g_get_session(struct snow3g_qp *qp, struct rte_crypto_op *op)
 {
 	struct snow3g_session *sess;
 
-	if (op->sym->sess_type == RTE_CRYPTO_SYM_OP_WITH_SESSION) {
+	if (op->sess_type == RTE_CRYPTO_OP_WITH_SESSION) {
 		if (unlikely(op->sym->session->dev_type !=
 				RTE_CRYPTODEV_SNOW3G_PMD))
 			return NULL;
@@ -357,7 +357,7 @@ process_ops(struct rte_crypto_op **ops, struct snow3g_session *session,
 		if (ops[i]->status == RTE_CRYPTO_OP_STATUS_NOT_PROCESSED)
 			ops[i]->status = RTE_CRYPTO_OP_STATUS_SUCCESS;
 		/* Free session if a session-less crypto op. */
-		if (ops[i]->sym->sess_type == RTE_CRYPTO_SYM_OP_SESSIONLESS) {
+		if (ops[i]->sess_type == RTE_CRYPTO_OP_SESSIONLESS) {
 			rte_mempool_put(qp->sess_mp, ops[i]->sym->session);
 			ops[i]->sym->session = NULL;
 		}
@@ -409,7 +409,7 @@ process_op_bit(struct rte_crypto_op *op, struct snow3g_session *session,
 		op->status = RTE_CRYPTO_OP_STATUS_SUCCESS;
 
 	/* Free session if a session-less crypto op. */
-	if (op->sym->sess_type == RTE_CRYPTO_SYM_OP_SESSIONLESS) {
+	if (op->sess_type == RTE_CRYPTO_OP_SESSIONLESS) {
 		rte_mempool_put(qp->sess_mp, op->sym->session);
 		op->sym->session = NULL;
 	}
diff --git a/drivers/crypto/zuc/rte_zuc_pmd.c b/drivers/crypto/zuc/rte_zuc_pmd.c
index ec6d54f..63236ac 100644
--- a/drivers/crypto/zuc/rte_zuc_pmd.c
+++ b/drivers/crypto/zuc/rte_zuc_pmd.c
@@ -142,7 +142,7 @@ zuc_get_session(struct zuc_qp *qp, struct rte_crypto_op *op)
 {
 	struct zuc_session *sess;
 
-	if (op->sym->sess_type == RTE_CRYPTO_SYM_OP_WITH_SESSION) {
+	if (op->sess_type == RTE_CRYPTO_OP_WITH_SESSION) {
 		if (unlikely(op->sym->session->dev_type !=
 				RTE_CRYPTODEV_ZUC_PMD))
 			return NULL;
@@ -333,7 +333,7 @@ process_ops(struct rte_crypto_op **ops, struct zuc_session *session,
 		if (ops[i]->status == RTE_CRYPTO_OP_STATUS_NOT_PROCESSED)
 			ops[i]->status = RTE_CRYPTO_OP_STATUS_SUCCESS;
 		/* Free session if a session-less crypto op. */
-		if (ops[i]->sym->sess_type == RTE_CRYPTO_SYM_OP_SESSIONLESS) {
+		if (ops[i]->sess_type == RTE_CRYPTO_OP_SESSIONLESS) {
 			rte_mempool_put(qp->sess_mp, ops[i]->sym->session);
 			ops[i]->sym->session = NULL;
 		}
diff --git a/lib/librte_cryptodev/rte_crypto.h b/lib/librte_cryptodev/rte_crypto.h
index 9019518..ac5c184 100644
--- a/lib/librte_cryptodev/rte_crypto.h
+++ b/lib/librte_cryptodev/rte_crypto.h
@@ -82,6 +82,16 @@ enum rte_crypto_op_status {
 };
 
 /**
+ * Crypto operation session type. This is used to specify whether a crypto
+ * operation has session structure attached for immutable parameters or if all
+ * operation information is included in the operation data structure.
+ */
+enum rte_crypto_op_sess_type {
+	RTE_CRYPTO_OP_WITH_SESSION,	/**< Session based crypto operation */
+	RTE_CRYPTO_OP_SESSIONLESS	/**< Session-less crypto operation */
+};
+
+/**
  * Cryptographic Operation.
  *
  * This structure contains data relating to performing cryptographic
@@ -102,6 +112,8 @@ struct rte_crypto_op {
 	 * will be set to RTE_CRYPTO_OP_STATUS_SUCCESS after crypto operation
 	 * is successfully processed by a crypto PMD
 	 */
+	enum rte_crypto_op_sess_type  sess_type;
+	/**< operation session type */
 
 	struct rte_mempool *mempool;
 	/**< crypto operation mempool which operation is allocated from */
@@ -130,6 +142,7 @@ __rte_crypto_op_reset(struct rte_crypto_op *op, enum rte_crypto_op_type type)
 {
 	op->type = type;
 	op->status = RTE_CRYPTO_OP_STATUS_NOT_PROCESSED;
+	op->sess_type = RTE_CRYPTO_OP_SESSIONLESS;
 
 	switch (type) {
 	case RTE_CRYPTO_OP_TYPE_SYMMETRIC:
@@ -407,6 +420,8 @@ rte_crypto_op_attach_sym_session(struct rte_crypto_op *op,
 	if (unlikely(op->type != RTE_CRYPTO_OP_TYPE_SYMMETRIC))
 		return -1;
 
+	op->sess_type = RTE_CRYPTO_OP_WITH_SESSION;
+
 	return __rte_crypto_sym_op_attach_sym_session(op->sym, sess);
 }
 
diff --git a/lib/librte_cryptodev/rte_crypto_sym.h b/lib/librte_cryptodev/rte_crypto_sym.h
index 3a40844..386b120 100644
--- a/lib/librte_cryptodev/rte_crypto_sym.h
+++ b/lib/librte_cryptodev/rte_crypto_sym.h
@@ -376,17 +376,6 @@ struct rte_crypto_sym_xform {
 	};
 };
 
-/**
- * Crypto operation session type. This is used to specify whether a crypto
- * operation has session structure attached for immutable parameters or if all
- * operation information is included in the operation data structure.
- */
-enum rte_crypto_sym_op_sess_type {
-	RTE_CRYPTO_SYM_OP_WITH_SESSION,	/**< Session based crypto operation */
-	RTE_CRYPTO_SYM_OP_SESSIONLESS	/**< Session-less crypto operation */
-};
-
-
 struct rte_cryptodev_sym_session;
 
 /**
@@ -423,8 +412,6 @@ struct rte_crypto_sym_op {
 	struct rte_mbuf *m_src;	/**< source mbuf */
 	struct rte_mbuf *m_dst;	/**< destination mbuf */
 
-	enum rte_crypto_sym_op_sess_type sess_type;
-
 	RTE_STD_C11
 	union {
 		struct rte_cryptodev_sym_session *session;
@@ -665,8 +652,6 @@ static inline void
 __rte_crypto_sym_op_reset(struct rte_crypto_sym_op *op)
 {
 	memset(op, 0, sizeof(*op));
-
-	op->sess_type = RTE_CRYPTO_SYM_OP_SESSIONLESS;
 }
 
 
@@ -708,7 +693,6 @@ __rte_crypto_sym_op_attach_sym_session(struct rte_crypto_sym_op *sym_op,
 		struct rte_cryptodev_sym_session *sess)
 {
 	sym_op->session = sess;
-	sym_op->sess_type = RTE_CRYPTO_SYM_OP_WITH_SESSION;
 
 	return 0;
 }
diff --git a/test/test/test_cryptodev.c b/test/test/test_cryptodev.c
index f8f15c0..04620f3 100644
--- a/test/test/test_cryptodev.c
+++ b/test/test/test_cryptodev.c
@@ -5555,8 +5555,8 @@ test_AES_GCM_authenticated_encryption_sessionless(
 
 	ut_params->op->sym->m_src = ut_params->ibuf;
 
-	TEST_ASSERT_EQUAL(ut_params->op->sym->sess_type,
-			RTE_CRYPTO_SYM_OP_SESSIONLESS,
+	TEST_ASSERT_EQUAL(ut_params->op->sess_type,
+			RTE_CRYPTO_OP_SESSIONLESS,
 			"crypto op session type not sessionless");
 
 	/* Process crypto operation */
@@ -5635,8 +5635,8 @@ test_AES_GCM_authenticated_decryption_sessionless(
 
 	ut_params->op->sym->m_src = ut_params->ibuf;
 
-	TEST_ASSERT_EQUAL(ut_params->op->sym->sess_type,
-			RTE_CRYPTO_SYM_OP_SESSIONLESS,
+	TEST_ASSERT_EQUAL(ut_params->op->sess_type,
+			RTE_CRYPTO_OP_SESSIONLESS,
 			"crypto op session type not sessionless");
 
 	/* Process crypto operation */
-- 
2.9.4

^ permalink raw reply	[flat|nested] 100+ messages in thread

* [dpdk-dev] [PATCH v3 02/26] cryptodev: replace enums with 1-byte variables
  2017-06-29 11:34   ` [dpdk-dev] [PATCH v3 00/26] Crypto operation restructuring Pablo de Lara
  2017-06-29 11:34     ` [dpdk-dev] [PATCH v3 01/26] cryptodev: move session type to generic crypto op Pablo de Lara
@ 2017-06-29 11:34     ` Pablo de Lara
  2017-06-29 11:34     ` [dpdk-dev] [PATCH v3 03/26] cryptodev: remove opaque data pointer in crypto op Pablo de Lara
                       ` (25 subsequent siblings)
  27 siblings, 0 replies; 100+ messages in thread
From: Pablo de Lara @ 2017-06-29 11:34 UTC (permalink / raw)
  To: declan.doherty, zbigniew.bodek, jerin.jacob, akhil.goyal,
	hemant.agrawal, fiona.trahe, john.griffin, deepak.k.jain
  Cc: dev, Pablo de Lara

Instead of storing some crypto operation flags,
such as operation status, as enumerations,
store them as uint8_t, for memory efficiency.

Also, reserve extra 5 bytes in the crypto operation,
for future additions.

Signed-off-by: Pablo de Lara <pablo.de.lara.guarch@intel.com>
Acked-by: Akhil Goyal <akhil.goyal@nxp.com>
---
 doc/guides/rel_notes/release_17_08.rst | 3 +++
 lib/librte_cryptodev/rte_crypto.h      | 9 +++++----
 2 files changed, 8 insertions(+), 4 deletions(-)

diff --git a/doc/guides/rel_notes/release_17_08.rst b/doc/guides/rel_notes/release_17_08.rst
index 2bc405d..bbb14a9 100644
--- a/doc/guides/rel_notes/release_17_08.rst
+++ b/doc/guides/rel_notes/release_17_08.rst
@@ -151,6 +151,9 @@ API Changes
 
   * Removed the field ``rte_crypto_sym_op_sess_type`` from ``rte_crypto_sym_op``,
     and moved it to ``rte_crypto_op`` as ``rte_crypto_op_sess_type``.
+  * Enumerations ``rte_crypto_op_sess_type``, ``rte_crypto_op_status`` and
+    ``rte_crypto_op_sess_type`` in ``rte_crypto_op`` have been modified to be
+    uint8_t values.
 
 
 ABI Changes
diff --git a/lib/librte_cryptodev/rte_crypto.h b/lib/librte_cryptodev/rte_crypto.h
index ac5c184..8e2b640 100644
--- a/lib/librte_cryptodev/rte_crypto.h
+++ b/lib/librte_cryptodev/rte_crypto.h
@@ -102,19 +102,20 @@ enum rte_crypto_op_sess_type {
  * rte_cryptodev_enqueue_burst() / rte_cryptodev_dequeue_burst() .
  */
 struct rte_crypto_op {
-	enum rte_crypto_op_type type;
+	uint8_t type;
 	/**< operation type */
-
-	enum rte_crypto_op_status status;
+	uint8_t status;
 	/**<
 	 * operation status - this is reset to
 	 * RTE_CRYPTO_OP_STATUS_NOT_PROCESSED on allocation from mempool and
 	 * will be set to RTE_CRYPTO_OP_STATUS_SUCCESS after crypto operation
 	 * is successfully processed by a crypto PMD
 	 */
-	enum rte_crypto_op_sess_type  sess_type;
+	uint8_t sess_type;
 	/**< operation session type */
 
+	uint8_t reserved[5];
+	/**< Reserved bytes to fill 64 bits for future additions */
 	struct rte_mempool *mempool;
 	/**< crypto operation mempool which operation is allocated from */
 
-- 
2.9.4

^ permalink raw reply	[flat|nested] 100+ messages in thread

* [dpdk-dev] [PATCH v3 03/26] cryptodev: remove opaque data pointer in crypto op
  2017-06-29 11:34   ` [dpdk-dev] [PATCH v3 00/26] Crypto operation restructuring Pablo de Lara
  2017-06-29 11:34     ` [dpdk-dev] [PATCH v3 01/26] cryptodev: move session type to generic crypto op Pablo de Lara
  2017-06-29 11:34     ` [dpdk-dev] [PATCH v3 02/26] cryptodev: replace enums with 1-byte variables Pablo de Lara
@ 2017-06-29 11:34     ` Pablo de Lara
  2017-06-29 11:34     ` [dpdk-dev] [PATCH v3 04/26] cryptodev: do not store pointer to op specific params Pablo de Lara
                       ` (24 subsequent siblings)
  27 siblings, 0 replies; 100+ messages in thread
From: Pablo de Lara @ 2017-06-29 11:34 UTC (permalink / raw)
  To: declan.doherty, zbigniew.bodek, jerin.jacob, akhil.goyal,
	hemant.agrawal, fiona.trahe, john.griffin, deepak.k.jain
  Cc: dev, Pablo de Lara

Storing a pointer to the user data is unnecessary,
since user can store additional data, after the crypto operation.

Signed-off-by: Pablo de Lara <pablo.de.lara.guarch@intel.com>
Acked-by: Akhil Goyal <akhil.goyal@nxp.com>
---
 app/test-crypto-perf/cperf_test_latency.c | 36 +++++++++++++++++++++----------
 doc/guides/prog_guide/cryptodev_lib.rst   |  3 +--
 doc/guides/rel_notes/release_17_08.rst    |  1 +
 lib/librte_cryptodev/rte_crypto.h         |  5 -----
 4 files changed, 27 insertions(+), 18 deletions(-)

diff --git a/app/test-crypto-perf/cperf_test_latency.c b/app/test-crypto-perf/cperf_test_latency.c
index e61ac97..a7443a3 100644
--- a/app/test-crypto-perf/cperf_test_latency.c
+++ b/app/test-crypto-perf/cperf_test_latency.c
@@ -66,6 +66,10 @@ struct cperf_latency_ctx {
 	struct cperf_op_result *res;
 };
 
+struct priv_op_data {
+	struct cperf_op_result *result;
+};
+
 #define max(a, b) (a > b ? (uint64_t)a : (uint64_t)b)
 #define min(a, b) (a < b ? (uint64_t)a : (uint64_t)b)
 
@@ -276,8 +280,9 @@ cperf_latency_test_constructor(uint8_t dev_id, uint16_t qp_id,
 	snprintf(pool_name, sizeof(pool_name), "cperf_op_pool_cdev_%d",
 			dev_id);
 
+	uint16_t priv_size = sizeof(struct priv_op_data);
 	ctx->crypto_op_pool = rte_crypto_op_pool_create(pool_name,
-			RTE_CRYPTO_OP_TYPE_SYMMETRIC, options->pool_sz, 0, 0,
+			RTE_CRYPTO_OP_TYPE_SYMMETRIC, options->pool_sz, 0, priv_size,
 			rte_socket_id());
 	if (ctx->crypto_op_pool == NULL)
 		goto err;
@@ -295,11 +300,20 @@ cperf_latency_test_constructor(uint8_t dev_id, uint16_t qp_id,
 	return NULL;
 }
 
+static inline void
+store_timestamp(struct rte_crypto_op *op, uint64_t timestamp)
+{
+	struct priv_op_data *priv_data;
+
+	priv_data = (struct priv_op_data *) (op->sym + 1);
+	priv_data->result->status = op->status;
+	priv_data->result->tsc_end = timestamp;
+}
+
 int
 cperf_latency_test_runner(void *arg)
 {
 	struct cperf_latency_ctx *ctx = arg;
-	struct cperf_op_result *pres;
 	uint16_t test_burst_size;
 	uint8_t burst_size_idx = 0;
 
@@ -311,6 +325,7 @@ cperf_latency_test_runner(void *arg)
 	struct rte_crypto_op *ops[ctx->options->max_burst_size];
 	struct rte_crypto_op *ops_processed[ctx->options->max_burst_size];
 	uint64_t i;
+	struct priv_op_data *priv_data;
 
 	uint32_t lcore = rte_lcore_id();
 
@@ -398,7 +413,12 @@ cperf_latency_test_runner(void *arg)
 
 			for (i = 0; i < ops_enqd; i++) {
 				ctx->res[tsc_idx].tsc_start = tsc_start;
-				ops[i]->opaque_data = (void *)&ctx->res[tsc_idx];
+				/*
+				 * Private data structure starts after the end of the
+				 * rte_crypto_sym_op structure.
+				 */
+				priv_data = (struct priv_op_data *) (ops[i]->sym + 1);
+				priv_data->result = (void *)&ctx->res[tsc_idx];
 				tsc_idx++;
 			}
 
@@ -410,10 +430,7 @@ cperf_latency_test_runner(void *arg)
 				 * failures.
 				 */
 				for (i = 0; i < ops_deqd; i++) {
-					pres = (struct cperf_op_result *)
-							(ops_processed[i]->opaque_data);
-					pres->status = ops_processed[i]->status;
-					pres->tsc_end = tsc_end;
+					store_timestamp(ops_processed[i], tsc_end);
 
 					rte_crypto_op_free(ops_processed[i]);
 				}
@@ -446,10 +463,7 @@ cperf_latency_test_runner(void *arg)
 
 			if (ops_deqd != 0) {
 				for (i = 0; i < ops_deqd; i++) {
-					pres = (struct cperf_op_result *)
-							(ops_processed[i]->opaque_data);
-					pres->status = ops_processed[i]->status;
-					pres->tsc_end = tsc_end;
+					store_timestamp(ops_processed[i], tsc_end);
 
 					rte_crypto_op_free(ops_processed[i]);
 				}
diff --git a/doc/guides/prog_guide/cryptodev_lib.rst b/doc/guides/prog_guide/cryptodev_lib.rst
index 229cb7a..c9a29f8 100644
--- a/doc/guides/prog_guide/cryptodev_lib.rst
+++ b/doc/guides/prog_guide/cryptodev_lib.rst
@@ -363,8 +363,7 @@ The operation structure includes the operation type, the operation status
 and the session type (session-based/less), a reference to the operation
 specific data, which can vary in size and content depending on the operation
 being provisioned. It also contains the source mempool for the operation,
-if it allocate from a mempool. Finally an opaque pointer for user specific
-data is provided.
+if it allocated from a mempool.
 
 If Crypto operations are allocated from a Crypto operation mempool, see next
 section, there is also the ability to allocate private memory with the
diff --git a/doc/guides/rel_notes/release_17_08.rst b/doc/guides/rel_notes/release_17_08.rst
index bbb14a9..20f459e 100644
--- a/doc/guides/rel_notes/release_17_08.rst
+++ b/doc/guides/rel_notes/release_17_08.rst
@@ -154,6 +154,7 @@ API Changes
   * Enumerations ``rte_crypto_op_sess_type``, ``rte_crypto_op_status`` and
     ``rte_crypto_op_sess_type`` in ``rte_crypto_op`` have been modified to be
     uint8_t values.
+  * Removed the field ``opaque_data`` from ``rte_crypto_op``.
 
 
 ABI Changes
diff --git a/lib/librte_cryptodev/rte_crypto.h b/lib/librte_cryptodev/rte_crypto.h
index 8e2b640..c2677fa 100644
--- a/lib/librte_cryptodev/rte_crypto.h
+++ b/lib/librte_cryptodev/rte_crypto.h
@@ -122,9 +122,6 @@ struct rte_crypto_op {
 	phys_addr_t phys_addr;
 	/**< physical address of crypto operation */
 
-	void *opaque_data;
-	/**< Opaque pointer for user data */
-
 	RTE_STD_C11
 	union {
 		struct rte_crypto_sym_op *sym;
@@ -158,8 +155,6 @@ __rte_crypto_op_reset(struct rte_crypto_op *op, enum rte_crypto_op_type type)
 	default:
 		break;
 	}
-
-	op->opaque_data = NULL;
 }
 
 /**
-- 
2.9.4

^ permalink raw reply	[flat|nested] 100+ messages in thread

* [dpdk-dev] [PATCH v3 04/26] cryptodev: do not store pointer to op specific params
  2017-06-29 11:34   ` [dpdk-dev] [PATCH v3 00/26] Crypto operation restructuring Pablo de Lara
                       ` (2 preceding siblings ...)
  2017-06-29 11:34     ` [dpdk-dev] [PATCH v3 03/26] cryptodev: remove opaque data pointer in crypto op Pablo de Lara
@ 2017-06-29 11:34     ` Pablo de Lara
  2017-06-29 11:35     ` [dpdk-dev] [PATCH v3 05/26] cryptodev: remove useless alignment Pablo de Lara
                       ` (23 subsequent siblings)
  27 siblings, 0 replies; 100+ messages in thread
From: Pablo de Lara @ 2017-06-29 11:34 UTC (permalink / raw)
  To: declan.doherty, zbigniew.bodek, jerin.jacob, akhil.goyal,
	hemant.agrawal, fiona.trahe, john.griffin, deepak.k.jain
  Cc: dev, Pablo de Lara

Instead of storing a pointer to operation specific parameters,
such as symmetric crypto parameters, use a zero-length array,
to mark that these parameters will be stored after the
generic crypto operation structure, which was already assumed
in the code, reducing the memory footprint of the crypto operation.

Besides, it is always expected to have rte_crypto_op
and rte_crypto_sym_op (the only operation specific parameters
structure right now) to be together, as they are initialized
as a single object in the crypto operation pool.

Signed-off-by: Pablo de Lara <pablo.de.lara.guarch@intel.com>
Acked-by: Akhil Goyal <akhil.goyal@nxp.com>
---
 doc/guides/rel_notes/release_17_08.rst | 2 ++
 examples/ipsec-secgw/ipsec.c           | 1 -
 lib/librte_cryptodev/rte_crypto.h      | 8 +-------
 3 files changed, 3 insertions(+), 8 deletions(-)

diff --git a/doc/guides/rel_notes/release_17_08.rst b/doc/guides/rel_notes/release_17_08.rst
index 20f459e..6acbf35 100644
--- a/doc/guides/rel_notes/release_17_08.rst
+++ b/doc/guides/rel_notes/release_17_08.rst
@@ -155,6 +155,8 @@ API Changes
     ``rte_crypto_op_sess_type`` in ``rte_crypto_op`` have been modified to be
     uint8_t values.
   * Removed the field ``opaque_data`` from ``rte_crypto_op``.
+  * Pointer to ``rte_crypto_sym_op`` in ``rte_crypto_op`` has been replaced
+    with a zero length array.
 
 
 ABI Changes
diff --git a/examples/ipsec-secgw/ipsec.c b/examples/ipsec-secgw/ipsec.c
index edca5f0..126d79f 100644
--- a/examples/ipsec-secgw/ipsec.c
+++ b/examples/ipsec-secgw/ipsec.c
@@ -140,7 +140,6 @@ ipsec_enqueue(ipsec_xform_fn xform_func, struct ipsec_ctx *ipsec_ctx,
 		priv->cop.status = RTE_CRYPTO_OP_STATUS_NOT_PROCESSED;
 
 		rte_prefetch0(&priv->sym_cop);
-		priv->cop.sym = &priv->sym_cop;
 
 		if ((unlikely(sa->crypto_session == NULL)) &&
 				create_session(ipsec_ctx, sa)) {
diff --git a/lib/librte_cryptodev/rte_crypto.h b/lib/librte_cryptodev/rte_crypto.h
index c2677fa..85716a6 100644
--- a/lib/librte_cryptodev/rte_crypto.h
+++ b/lib/librte_cryptodev/rte_crypto.h
@@ -124,7 +124,7 @@ struct rte_crypto_op {
 
 	RTE_STD_C11
 	union {
-		struct rte_crypto_sym_op *sym;
+		struct rte_crypto_sym_op sym[0];
 		/**< Symmetric operation parameters */
 	}; /**< operation specific parameters */
 } __rte_cache_aligned;
@@ -144,12 +144,6 @@ __rte_crypto_op_reset(struct rte_crypto_op *op, enum rte_crypto_op_type type)
 
 	switch (type) {
 	case RTE_CRYPTO_OP_TYPE_SYMMETRIC:
-		/** Symmetric operation structure starts after the end of the
-		 * rte_crypto_op structure.
-		 */
-		op->sym = (struct rte_crypto_sym_op *)(op + 1);
-		op->type = type;
-
 		__rte_crypto_sym_op_reset(op->sym);
 		break;
 	default:
-- 
2.9.4

^ permalink raw reply	[flat|nested] 100+ messages in thread

* [dpdk-dev] [PATCH v3 05/26] cryptodev: remove useless alignment
  2017-06-29 11:34   ` [dpdk-dev] [PATCH v3 00/26] Crypto operation restructuring Pablo de Lara
                       ` (3 preceding siblings ...)
  2017-06-29 11:34     ` [dpdk-dev] [PATCH v3 04/26] cryptodev: do not store pointer to op specific params Pablo de Lara
@ 2017-06-29 11:35     ` Pablo de Lara
  2017-06-29 11:35     ` [dpdk-dev] [PATCH v3 06/26] cryptodev: add crypto op helper macros Pablo de Lara
                       ` (22 subsequent siblings)
  27 siblings, 0 replies; 100+ messages in thread
From: Pablo de Lara @ 2017-06-29 11:35 UTC (permalink / raw)
  To: declan.doherty, zbigniew.bodek, jerin.jacob, akhil.goyal,
	hemant.agrawal, fiona.trahe, john.griffin, deepak.k.jain
  Cc: dev, Pablo de Lara

rte_crypto_op and rte_crypto_sym_op structures
were marked as cache aligned.
However, since these structures are always initialized
in a mempool, this alignment is useless, since the mempool
forces the alignment of its objects.

Signed-off-by: Pablo de Lara <pablo.de.lara.guarch@intel.com>
Acked-by: Akhil Goyal <akhil.goyal@nxp.com>
---
 lib/librte_cryptodev/rte_crypto.h     | 2 +-
 lib/librte_cryptodev/rte_crypto_sym.h | 2 +-
 2 files changed, 2 insertions(+), 2 deletions(-)

diff --git a/lib/librte_cryptodev/rte_crypto.h b/lib/librte_cryptodev/rte_crypto.h
index 85716a6..43be7dc 100644
--- a/lib/librte_cryptodev/rte_crypto.h
+++ b/lib/librte_cryptodev/rte_crypto.h
@@ -127,7 +127,7 @@ struct rte_crypto_op {
 		struct rte_crypto_sym_op sym[0];
 		/**< Symmetric operation parameters */
 	}; /**< operation specific parameters */
-} __rte_cache_aligned;
+};
 
 /**
  * Reset the fields of a crypto operation to their default values.
diff --git a/lib/librte_cryptodev/rte_crypto_sym.h b/lib/librte_cryptodev/rte_crypto_sym.h
index 386b120..39ad1e3 100644
--- a/lib/librte_cryptodev/rte_crypto_sym.h
+++ b/lib/librte_cryptodev/rte_crypto_sym.h
@@ -640,7 +640,7 @@ struct rte_crypto_sym_op {
 		} aad;
 		/**< Additional authentication parameters */
 	} auth;
-} __rte_cache_aligned;
+};
 
 
 /**
-- 
2.9.4

^ permalink raw reply	[flat|nested] 100+ messages in thread

* [dpdk-dev] [PATCH v3 06/26] cryptodev: add crypto op helper macros
  2017-06-29 11:34   ` [dpdk-dev] [PATCH v3 00/26] Crypto operation restructuring Pablo de Lara
                       ` (4 preceding siblings ...)
  2017-06-29 11:35     ` [dpdk-dev] [PATCH v3 05/26] cryptodev: remove useless alignment Pablo de Lara
@ 2017-06-29 11:35     ` Pablo de Lara
  2017-06-29 11:35     ` [dpdk-dev] [PATCH v3 07/26] test/crypto: move IV to crypto op private data Pablo de Lara
                       ` (21 subsequent siblings)
  27 siblings, 0 replies; 100+ messages in thread
From: Pablo de Lara @ 2017-06-29 11:35 UTC (permalink / raw)
  To: declan.doherty, zbigniew.bodek, jerin.jacob, akhil.goyal,
	hemant.agrawal, fiona.trahe, john.griffin, deepak.k.jain
  Cc: dev, Pablo de Lara

In order to facilitate the access to the private data,
after the crypto operation, two new macros have been
implemented:

- rte_crypto_op_ctod_offset(c,t,o), which returns a pointer
  to "o" bytes after the start of the crypto operation
  (rte_crypto_op)
- rte_crypto_op_ctophys_offset(c, o), which returns
  the physical address of the data "o" bytes after the
  start of the crypto operation (rte_crypto_op)

Signed-off-by: Pablo de Lara <pablo.de.lara.guarch@intel.com>
Acked-by: Akhil Goyal <akhil.goyal@nxp.com>
---
 lib/librte_cryptodev/rte_cryptodev.h | 32 ++++++++++++++++++++++++++++++++
 1 file changed, 32 insertions(+)

diff --git a/lib/librte_cryptodev/rte_cryptodev.h b/lib/librte_cryptodev/rte_cryptodev.h
index 4e318f0..91f3375 100644
--- a/lib/librte_cryptodev/rte_cryptodev.h
+++ b/lib/librte_cryptodev/rte_cryptodev.h
@@ -119,6 +119,38 @@ extern const char **rte_cyptodev_names;
 #define CDEV_PMD_TRACE(...) (void)0
 #endif
 
+
+
+/**
+ * A macro that points to an offset from the start
+ * of the crypto operation structure (rte_crypto_op)
+ *
+ * The returned pointer is cast to type t.
+ *
+ * @param c
+ *   The crypto operation.
+ * @param o
+ *   The offset from the start of the crypto operation.
+ * @param t
+ *   The type to cast the result into.
+ */
+#define rte_crypto_op_ctod_offset(c, t, o)	\
+	((t)((char *)(c) + (o)))
+
+/**
+ * A macro that returns the physical address that points
+ * to an offset from the start of the crypto operation
+ * (rte_crypto_op)
+ *
+ * @param c
+ *   The crypto operation.
+ * @param o
+ *   The offset from the start of the crypto operation
+ *   to calculate address from.
+ */
+#define rte_crypto_op_ctophys_offset(c, o)	\
+	(phys_addr_t)((c)->phys_addr + (o))
+
 /**
  * Crypto parameters range description
  */
-- 
2.9.4

^ permalink raw reply	[flat|nested] 100+ messages in thread

* [dpdk-dev] [PATCH v3 07/26] test/crypto: move IV to crypto op private data
  2017-06-29 11:34   ` [dpdk-dev] [PATCH v3 00/26] Crypto operation restructuring Pablo de Lara
                       ` (5 preceding siblings ...)
  2017-06-29 11:35     ` [dpdk-dev] [PATCH v3 06/26] cryptodev: add crypto op helper macros Pablo de Lara
@ 2017-06-29 11:35     ` Pablo de Lara
  2017-06-29 11:35     ` [dpdk-dev] [PATCH v3 08/26] test/crypto-perf: " Pablo de Lara
                       ` (20 subsequent siblings)
  27 siblings, 0 replies; 100+ messages in thread
From: Pablo de Lara @ 2017-06-29 11:35 UTC (permalink / raw)
  To: declan.doherty, zbigniew.bodek, jerin.jacob, akhil.goyal,
	hemant.agrawal, fiona.trahe, john.griffin, deepak.k.jain
  Cc: dev, Pablo de Lara

Usually, IV will change for each crypto operation.
Therefore, instead of pointing at the same location,
IV is copied after each crypto operation.

This will let the IV to be passed as an offset from
the beginning of the crypto operation, instead of
a pointer.

Signed-off-by: Pablo de Lara <pablo.de.lara.guarch@intel.com>
Acked-by: Akhil Goyal <akhil.goyal@nxp.com>
---
 test/test/test_cryptodev.c             | 386 +++++++++++++--------------------
 test/test/test_cryptodev.h             |   6 +
 test/test/test_cryptodev_blockcipher.c |  36 +--
 3 files changed, 161 insertions(+), 267 deletions(-)

diff --git a/test/test/test_cryptodev.c b/test/test/test_cryptodev.c
index 04620f3..0037e88 100644
--- a/test/test/test_cryptodev.c
+++ b/test/test/test_cryptodev.c
@@ -202,7 +202,8 @@ testsuite_setup(void)
 			RTE_CRYPTO_OP_TYPE_SYMMETRIC,
 			NUM_MBUFS, MBUF_CACHE_SIZE,
 			DEFAULT_NUM_XFORMS *
-			sizeof(struct rte_crypto_sym_xform),
+			sizeof(struct rte_crypto_sym_xform) +
+			MAXIMUM_IV_LENGTH,
 			rte_socket_id());
 	if (ts_params->op_mpool == NULL) {
 		RTE_LOG(ERR, USER1, "Can't create CRYPTO_OP_POOL\n");
@@ -1306,19 +1307,19 @@ test_AES_CBC_HMAC_SHA1_encrypt_digest(void)
 			ut_params->ibuf, QUOTE_512_BYTES);
 	sym_op->auth.digest.length = DIGEST_BYTE_LENGTH_SHA1;
 
-	sym_op->auth.data.offset = CIPHER_IV_LENGTH_AES_CBC;
+	sym_op->auth.data.offset = 0;
 	sym_op->auth.data.length = QUOTE_512_BYTES;
 
 	/* Set crypto operation cipher parameters */
-	sym_op->cipher.iv.data = (uint8_t *)rte_pktmbuf_prepend(ut_params->ibuf,
-			CIPHER_IV_LENGTH_AES_CBC);
-	sym_op->cipher.iv.phys_addr = rte_pktmbuf_mtophys(ut_params->ibuf);
+	sym_op->cipher.iv.data = rte_crypto_op_ctod_offset(ut_params->op,
+						uint8_t *, IV_OFFSET);
+	sym_op->cipher.iv.phys_addr = rte_crypto_op_ctophys_offset(ut_params->op,
+						IV_OFFSET);
 	sym_op->cipher.iv.length = CIPHER_IV_LENGTH_AES_CBC;
 
-	rte_memcpy(sym_op->cipher.iv.data, aes_cbc_iv,
-			CIPHER_IV_LENGTH_AES_CBC);
+	rte_memcpy(sym_op->cipher.iv.data, aes_cbc_iv, CIPHER_IV_LENGTH_AES_CBC);
 
-	sym_op->cipher.data.offset = CIPHER_IV_LENGTH_AES_CBC;
+	sym_op->cipher.data.offset = 0;
 	sym_op->cipher.data.length = QUOTE_512_BYTES;
 
 	/* Process crypto operation */
@@ -1329,8 +1330,8 @@ test_AES_CBC_HMAC_SHA1_encrypt_digest(void)
 			"crypto op processing failed");
 
 	/* Validate obuf */
-	uint8_t *ciphertext = rte_pktmbuf_mtod_offset(ut_params->op->sym->m_src,
-			uint8_t *, CIPHER_IV_LENGTH_AES_CBC);
+	uint8_t *ciphertext = rte_pktmbuf_mtod(ut_params->op->sym->m_src,
+			uint8_t *);
 
 	TEST_ASSERT_BUFFERS_ARE_EQUAL(ciphertext,
 			catch_22_quote_2_512_bytes_AES_CBC_ciphertext,
@@ -1460,19 +1461,18 @@ test_AES_CBC_HMAC_SHA512_decrypt_perform(struct rte_cryptodev_sym_session *sess,
 			ut_params->ibuf, QUOTE_512_BYTES);
 	sym_op->auth.digest.length = DIGEST_BYTE_LENGTH_SHA512;
 
-	sym_op->auth.data.offset = CIPHER_IV_LENGTH_AES_CBC;
+	sym_op->auth.data.offset = 0;
 	sym_op->auth.data.length = QUOTE_512_BYTES;
 
-	sym_op->cipher.iv.data = (uint8_t *)rte_pktmbuf_prepend(
-			ut_params->ibuf, CIPHER_IV_LENGTH_AES_CBC);
-	sym_op->cipher.iv.phys_addr = rte_pktmbuf_mtophys_offset(
-			ut_params->ibuf, 0);
+	sym_op->cipher.iv.data = rte_crypto_op_ctod_offset(ut_params->op,
+						uint8_t *, IV_OFFSET);
+	sym_op->cipher.iv.phys_addr = rte_crypto_op_ctophys_offset(ut_params->op,
+						IV_OFFSET);
 	sym_op->cipher.iv.length = CIPHER_IV_LENGTH_AES_CBC;
 
-	rte_memcpy(sym_op->cipher.iv.data, iv,
-			CIPHER_IV_LENGTH_AES_CBC);
+	rte_memcpy(sym_op->cipher.iv.data, iv, CIPHER_IV_LENGTH_AES_CBC);
 
-	sym_op->cipher.data.offset = CIPHER_IV_LENGTH_AES_CBC;
+	sym_op->cipher.data.offset = 0;
 	sym_op->cipher.data.length = QUOTE_512_BYTES;
 
 	/* Process crypto operation */
@@ -1486,8 +1486,8 @@ test_AES_CBC_HMAC_SHA512_decrypt_perform(struct rte_cryptodev_sym_session *sess,
 
 	/* Validate obuf */
 	TEST_ASSERT_BUFFERS_ARE_EQUAL(
-			rte_pktmbuf_mtod(ut_params->obuf, uint8_t *) +
-			CIPHER_IV_LENGTH_AES_CBC, catch_22_quote,
+			rte_pktmbuf_mtod(ut_params->obuf, uint8_t *),
+			catch_22_quote,
 			QUOTE_512_BYTES,
 			"Plaintext data not as expected");
 
@@ -1838,14 +1838,12 @@ create_wireless_algo_cipher_session(uint8_t dev_id,
 }
 
 static int
-create_wireless_algo_cipher_operation(const uint8_t *iv, const unsigned iv_len,
-			const unsigned cipher_len,
-			const unsigned cipher_offset,
-			enum rte_crypto_cipher_algorithm algo)
+create_wireless_algo_cipher_operation(const uint8_t *iv, uint8_t iv_len,
+			unsigned int cipher_len,
+			unsigned int cipher_offset)
 {
 	struct crypto_testsuite_params *ts_params = &testsuite_params;
 	struct crypto_unittest_params *ut_params = &unittest_params;
-	unsigned iv_pad_len = 0;
 
 	/* Generate Crypto op data structure */
 	ut_params->op = rte_crypto_op_alloc(ts_params->op_mpool,
@@ -1862,19 +1860,11 @@ create_wireless_algo_cipher_operation(const uint8_t *iv, const unsigned iv_len,
 	sym_op->m_src = ut_params->ibuf;
 
 	/* iv */
-	if (algo == RTE_CRYPTO_CIPHER_KASUMI_F8)
-		iv_pad_len = RTE_ALIGN_CEIL(iv_len, 8);
-	else
-		iv_pad_len = RTE_ALIGN_CEIL(iv_len, 16);
-
-	sym_op->cipher.iv.data = (uint8_t *)rte_pktmbuf_prepend(ut_params->ibuf
-			, iv_pad_len);
-
-	TEST_ASSERT_NOT_NULL(sym_op->cipher.iv.data, "no room to prepend iv");
-
-	memset(sym_op->cipher.iv.data, 0, iv_pad_len);
-	sym_op->cipher.iv.phys_addr = rte_pktmbuf_mtophys(ut_params->ibuf);
-	sym_op->cipher.iv.length = iv_pad_len;
+	sym_op->cipher.iv.data = rte_crypto_op_ctod_offset(ut_params->op,
+						uint8_t *, IV_OFFSET);
+	sym_op->cipher.iv.phys_addr = rte_crypto_op_ctophys_offset(ut_params->op,
+						IV_OFFSET);
+	sym_op->cipher.iv.length = iv_len;
 
 	rte_memcpy(sym_op->cipher.iv.data, iv, iv_len);
 	sym_op->cipher.data.length = cipher_len;
@@ -1883,14 +1873,12 @@ create_wireless_algo_cipher_operation(const uint8_t *iv, const unsigned iv_len,
 }
 
 static int
-create_wireless_algo_cipher_operation_oop(const uint8_t *iv, const uint8_t iv_len,
-			const unsigned cipher_len,
-			const unsigned cipher_offset,
-			enum rte_crypto_cipher_algorithm algo)
+create_wireless_algo_cipher_operation_oop(const uint8_t *iv, uint8_t iv_len,
+			unsigned int cipher_len,
+			unsigned int cipher_offset)
 {
 	struct crypto_testsuite_params *ts_params = &testsuite_params;
 	struct crypto_unittest_params *ut_params = &unittest_params;
-	unsigned iv_pad_len = 0;
 
 	/* Generate Crypto op data structure */
 	ut_params->op = rte_crypto_op_alloc(ts_params->op_mpool,
@@ -1908,22 +1896,11 @@ create_wireless_algo_cipher_operation_oop(const uint8_t *iv, const uint8_t iv_le
 	sym_op->m_dst = ut_params->obuf;
 
 	/* iv */
-	if (algo == RTE_CRYPTO_CIPHER_KASUMI_F8)
-		iv_pad_len = RTE_ALIGN_CEIL(iv_len, 8);
-	else
-		iv_pad_len = RTE_ALIGN_CEIL(iv_len, 16);
-	sym_op->cipher.iv.data = (uint8_t *)rte_pktmbuf_prepend(ut_params->ibuf,
-					iv_pad_len);
-
-	TEST_ASSERT_NOT_NULL(sym_op->cipher.iv.data, "no room to prepend iv");
-
-	/* For OOP operation both buffers must have the same size */
-	if (ut_params->obuf)
-		rte_pktmbuf_prepend(ut_params->obuf, iv_pad_len);
-
-	memset(sym_op->cipher.iv.data, 0, iv_pad_len);
-	sym_op->cipher.iv.phys_addr = rte_pktmbuf_mtophys(ut_params->ibuf);
-	sym_op->cipher.iv.length = iv_pad_len;
+	sym_op->cipher.iv.data = rte_crypto_op_ctod_offset(ut_params->op,
+						uint8_t *, IV_OFFSET);
+	sym_op->cipher.iv.phys_addr = rte_crypto_op_ctophys_offset(ut_params->op,
+						IV_OFFSET);
+	sym_op->cipher.iv.length = iv_len;
 
 	rte_memcpy(sym_op->cipher.iv.data, iv, iv_len);
 	sym_op->cipher.data.length = cipher_len;
@@ -2164,8 +2141,7 @@ create_wireless_algo_hash_operation(const uint8_t *auth_tag,
 static int
 create_wireless_cipher_hash_operation(const struct wireless_test_data *tdata,
 	enum rte_crypto_auth_operation op,
-	enum rte_crypto_auth_algorithm auth_algo,
-	enum rte_crypto_cipher_algorithm cipher_algo)
+	enum rte_crypto_auth_algorithm auth_algo)
 {
 	struct crypto_testsuite_params *ts_params = &testsuite_params;
 	struct crypto_unittest_params *ut_params = &unittest_params;
@@ -2180,11 +2156,10 @@ create_wireless_cipher_hash_operation(const struct wireless_test_data *tdata,
 	const uint8_t *iv = tdata->iv.data;
 	const uint8_t iv_len = tdata->iv.len;
 	const unsigned int cipher_len = tdata->validCipherLenInBits.len;
-	const unsigned int cipher_offset = tdata->iv.len << 3;
+	const unsigned int cipher_offset = 0;
 	const unsigned int auth_len = tdata->validAuthLenInBits.len;
 	const unsigned int auth_offset = tdata->aad.len << 3;
 
-	unsigned int iv_pad_len = 0;
 	unsigned int aad_buffer_len;
 
 	/* Generate Crypto op data structure */
@@ -2244,17 +2219,12 @@ create_wireless_cipher_hash_operation(const struct wireless_test_data *tdata,
 	TEST_HEXDUMP(stdout, "aad:", sym_op->auth.aad.data, aad_len);
 
 	/* iv */
-	if (cipher_algo == RTE_CRYPTO_CIPHER_KASUMI_F8)
-		iv_pad_len = RTE_ALIGN_CEIL(iv_len, 8);
-	else
-		iv_pad_len = RTE_ALIGN_CEIL(iv_len, 16);
-	sym_op->cipher.iv.data = (uint8_t *)rte_pktmbuf_prepend(
-		ut_params->ibuf, iv_pad_len);
-
-	TEST_ASSERT_NOT_NULL(sym_op->cipher.iv.data, "no room to prepend iv");
-	memset(sym_op->cipher.iv.data, 0, iv_pad_len);
-	sym_op->cipher.iv.phys_addr = rte_pktmbuf_mtophys(ut_params->ibuf);
-	sym_op->cipher.iv.length = iv_pad_len;
+	sym_op->cipher.iv.data = rte_crypto_op_ctod_offset(ut_params->op,
+						uint8_t *, IV_OFFSET);
+	sym_op->cipher.iv.phys_addr = rte_crypto_op_ctophys_offset(ut_params->op,
+						IV_OFFSET);
+	sym_op->cipher.iv.length = iv_len;
+
 	rte_memcpy(sym_op->cipher.iv.data, iv, iv_len);
 	sym_op->cipher.data.length = cipher_len;
 	sym_op->cipher.data.offset = cipher_offset + auth_offset;
@@ -2270,8 +2240,7 @@ create_zuc_cipher_hash_generate_operation(
 {
 	return create_wireless_cipher_hash_operation(tdata,
 		RTE_CRYPTO_AUTH_OP_GENERATE,
-		RTE_CRYPTO_AUTH_ZUC_EIA3,
-		RTE_CRYPTO_CIPHER_ZUC_EEA3);
+		RTE_CRYPTO_AUTH_ZUC_EIA3);
 }
 
 static int
@@ -2281,7 +2250,6 @@ create_wireless_algo_cipher_hash_operation(const uint8_t *auth_tag,
 		unsigned data_pad_len,
 		enum rte_crypto_auth_operation op,
 		enum rte_crypto_auth_algorithm auth_algo,
-		enum rte_crypto_cipher_algorithm cipher_algo,
 		const uint8_t *iv, const uint8_t iv_len,
 		const unsigned cipher_len, const unsigned cipher_offset,
 		const unsigned auth_len, const unsigned auth_offset)
@@ -2289,7 +2257,6 @@ create_wireless_algo_cipher_hash_operation(const uint8_t *auth_tag,
 	struct crypto_testsuite_params *ts_params = &testsuite_params;
 	struct crypto_unittest_params *ut_params = &unittest_params;
 
-	unsigned iv_pad_len = 0;
 	unsigned aad_buffer_len;
 
 	/* Generate Crypto op data structure */
@@ -2349,17 +2316,12 @@ create_wireless_algo_cipher_hash_operation(const uint8_t *auth_tag,
 	TEST_HEXDUMP(stdout, "aad:", sym_op->auth.aad.data, aad_len);
 
 	/* iv */
-	if (cipher_algo == RTE_CRYPTO_CIPHER_KASUMI_F8)
-		iv_pad_len = RTE_ALIGN_CEIL(iv_len, 8);
-	else
-		iv_pad_len = RTE_ALIGN_CEIL(iv_len, 16);
-	sym_op->cipher.iv.data = (uint8_t *)rte_pktmbuf_prepend(
-		ut_params->ibuf, iv_pad_len);
-
-	TEST_ASSERT_NOT_NULL(sym_op->cipher.iv.data, "no room to prepend iv");
-	memset(sym_op->cipher.iv.data, 0, iv_pad_len);
-	sym_op->cipher.iv.phys_addr = rte_pktmbuf_mtophys(ut_params->ibuf);
-	sym_op->cipher.iv.length = iv_pad_len;
+	sym_op->cipher.iv.data = rte_crypto_op_ctod_offset(ut_params->op,
+						uint8_t *, IV_OFFSET);
+	sym_op->cipher.iv.phys_addr = rte_crypto_op_ctophys_offset(ut_params->op,
+						IV_OFFSET);
+	sym_op->cipher.iv.length = iv_len;
+
 	rte_memcpy(sym_op->cipher.iv.data, iv, iv_len);
 	sym_op->cipher.data.length = cipher_len;
 	sym_op->cipher.data.offset = cipher_offset + auth_offset;
@@ -2376,13 +2338,11 @@ create_wireless_algo_auth_cipher_operation(const unsigned auth_tag_len,
 		unsigned data_pad_len,
 		const unsigned cipher_len, const unsigned cipher_offset,
 		const unsigned auth_len, const unsigned auth_offset,
-		enum rte_crypto_auth_algorithm auth_algo,
-		enum rte_crypto_cipher_algorithm cipher_algo)
+		enum rte_crypto_auth_algorithm auth_algo)
 {
 	struct crypto_testsuite_params *ts_params = &testsuite_params;
 	struct crypto_unittest_params *ut_params = &unittest_params;
 
-	unsigned iv_pad_len = 0;
 	unsigned aad_buffer_len = 0;
 
 	/* Generate Crypto op data structure */
@@ -2441,18 +2401,11 @@ create_wireless_algo_auth_cipher_operation(const unsigned auth_tag_len,
 			sym_op->auth.aad.data, aad_len);
 
 	/* iv */
-	if (cipher_algo == RTE_CRYPTO_CIPHER_KASUMI_F8)
-		iv_pad_len = RTE_ALIGN_CEIL(iv_len, 8);
-	else
-		iv_pad_len = RTE_ALIGN_CEIL(iv_len, 16);
-
-	sym_op->cipher.iv.data = (uint8_t *)rte_pktmbuf_prepend(
-		ut_params->ibuf, iv_pad_len);
-	TEST_ASSERT_NOT_NULL(sym_op->cipher.iv.data, "no room to prepend iv");
-
-	memset(sym_op->cipher.iv.data, 0, iv_pad_len);
-	sym_op->cipher.iv.phys_addr = rte_pktmbuf_mtophys(ut_params->ibuf);
-	sym_op->cipher.iv.length = iv_pad_len;
+	sym_op->cipher.iv.data = rte_crypto_op_ctod_offset(ut_params->op,
+						uint8_t *, IV_OFFSET);
+	sym_op->cipher.iv.phys_addr = rte_crypto_op_ctophys_offset(ut_params->op,
+						IV_OFFSET);
+	sym_op->cipher.iv.length = iv_len;
 
 	rte_memcpy(sym_op->cipher.iv.data, iv, iv_len);
 
@@ -2886,8 +2839,7 @@ test_kasumi_encryption(const struct kasumi_test_data *tdata)
 	/* Create KASUMI operation */
 	retval = create_wireless_algo_cipher_operation(tdata->iv.data, tdata->iv.len,
 					tdata->plaintext.len,
-					(tdata->iv.len << 3),
-					RTE_CRYPTO_CIPHER_KASUMI_F8);
+					0);
 	if (retval < 0)
 		return retval;
 
@@ -2897,8 +2849,7 @@ test_kasumi_encryption(const struct kasumi_test_data *tdata)
 
 	ut_params->obuf = ut_params->op->sym->m_dst;
 	if (ut_params->obuf)
-		ciphertext = rte_pktmbuf_mtod(ut_params->obuf, uint8_t *)
-				+ tdata->iv.len;
+		ciphertext = rte_pktmbuf_mtod(ut_params->obuf, uint8_t *);
 	else
 		ciphertext = plaintext;
 
@@ -2960,8 +2911,7 @@ test_kasumi_encryption_sgl(const struct kasumi_test_data *tdata)
 	retval = create_wireless_algo_cipher_operation(tdata->iv.data,
 					tdata->iv.len,
 					tdata->plaintext.len,
-					(tdata->iv.len << 3),
-					RTE_CRYPTO_CIPHER_KASUMI_F8);
+					0);
 	if (retval < 0)
 		return retval;
 
@@ -2972,10 +2922,10 @@ test_kasumi_encryption_sgl(const struct kasumi_test_data *tdata)
 	ut_params->obuf = ut_params->op->sym->m_dst;
 
 	if (ut_params->obuf)
-		ciphertext = rte_pktmbuf_read(ut_params->obuf, tdata->iv.len,
+		ciphertext = rte_pktmbuf_read(ut_params->obuf, 0,
 				plaintext_len, buffer);
 	else
-		ciphertext = rte_pktmbuf_read(ut_params->ibuf, tdata->iv.len,
+		ciphertext = rte_pktmbuf_read(ut_params->ibuf, 0,
 				plaintext_len, buffer);
 
 	/* Validate obuf */
@@ -3031,8 +2981,7 @@ test_kasumi_encryption_oop(const struct kasumi_test_data *tdata)
 	retval = create_wireless_algo_cipher_operation_oop(tdata->iv.data,
 					tdata->iv.len,
 					tdata->plaintext.len,
-					(tdata->iv.len << 3),
-					RTE_CRYPTO_CIPHER_KASUMI_F8);
+					0);
 	if (retval < 0)
 		return retval;
 
@@ -3042,8 +2991,7 @@ test_kasumi_encryption_oop(const struct kasumi_test_data *tdata)
 
 	ut_params->obuf = ut_params->op->sym->m_dst;
 	if (ut_params->obuf)
-		ciphertext = rte_pktmbuf_mtod(ut_params->obuf, uint8_t *)
-				+ tdata->iv.len;
+		ciphertext = rte_pktmbuf_mtod(ut_params->obuf, uint8_t *);
 	else
 		ciphertext = plaintext;
 
@@ -3106,8 +3054,7 @@ test_kasumi_encryption_oop_sgl(const struct kasumi_test_data *tdata)
 	retval = create_wireless_algo_cipher_operation_oop(tdata->iv.data,
 					tdata->iv.len,
 					tdata->plaintext.len,
-					(tdata->iv.len << 3),
-					RTE_CRYPTO_CIPHER_KASUMI_F8);
+					0);
 	if (retval < 0)
 		return retval;
 
@@ -3117,10 +3064,10 @@ test_kasumi_encryption_oop_sgl(const struct kasumi_test_data *tdata)
 
 	ut_params->obuf = ut_params->op->sym->m_dst;
 	if (ut_params->obuf)
-		ciphertext = rte_pktmbuf_read(ut_params->obuf, tdata->iv.len,
+		ciphertext = rte_pktmbuf_read(ut_params->obuf, 0,
 				plaintext_pad_len, buffer);
 	else
-		ciphertext = rte_pktmbuf_read(ut_params->ibuf, tdata->iv.len,
+		ciphertext = rte_pktmbuf_read(ut_params->ibuf, 0,
 				plaintext_pad_len, buffer);
 
 	/* Validate obuf */
@@ -3174,8 +3121,7 @@ test_kasumi_decryption_oop(const struct kasumi_test_data *tdata)
 	retval = create_wireless_algo_cipher_operation_oop(tdata->iv.data,
 					tdata->iv.len,
 					tdata->ciphertext.len,
-					(tdata->iv.len << 3),
-					RTE_CRYPTO_CIPHER_KASUMI_F8);
+					0);
 	if (retval < 0)
 		return retval;
 
@@ -3185,8 +3131,7 @@ test_kasumi_decryption_oop(const struct kasumi_test_data *tdata)
 
 	ut_params->obuf = ut_params->op->sym->m_dst;
 	if (ut_params->obuf)
-		plaintext = rte_pktmbuf_mtod(ut_params->obuf, uint8_t *)
-				+ tdata->iv.len;
+		plaintext = rte_pktmbuf_mtod(ut_params->obuf, uint8_t *);
 	else
 		plaintext = ciphertext;
 
@@ -3240,8 +3185,7 @@ test_kasumi_decryption(const struct kasumi_test_data *tdata)
 	retval = create_wireless_algo_cipher_operation(tdata->iv.data,
 					tdata->iv.len,
 					tdata->ciphertext.len,
-					(tdata->iv.len << 3),
-					RTE_CRYPTO_CIPHER_KASUMI_F8);
+					0);
 	if (retval < 0)
 		return retval;
 
@@ -3251,8 +3195,7 @@ test_kasumi_decryption(const struct kasumi_test_data *tdata)
 
 	ut_params->obuf = ut_params->op->sym->m_dst;
 	if (ut_params->obuf)
-		plaintext = rte_pktmbuf_mtod(ut_params->obuf, uint8_t *)
-				+ tdata->iv.len;
+		plaintext = rte_pktmbuf_mtod(ut_params->obuf, uint8_t *);
 	else
 		plaintext = ciphertext;
 
@@ -3305,8 +3248,7 @@ test_snow3g_encryption(const struct snow3g_test_data *tdata)
 	/* Create SNOW 3G operation */
 	retval = create_wireless_algo_cipher_operation(tdata->iv.data, tdata->iv.len,
 					tdata->validCipherLenInBits.len,
-					(tdata->iv.len << 3),
-					RTE_CRYPTO_CIPHER_SNOW3G_UEA2);
+					0);
 	if (retval < 0)
 		return retval;
 
@@ -3316,8 +3258,7 @@ test_snow3g_encryption(const struct snow3g_test_data *tdata)
 
 	ut_params->obuf = ut_params->op->sym->m_dst;
 	if (ut_params->obuf)
-		ciphertext = rte_pktmbuf_mtod(ut_params->obuf, uint8_t *)
-				+ tdata->iv.len;
+		ciphertext = rte_pktmbuf_mtod(ut_params->obuf, uint8_t *);
 	else
 		ciphertext = plaintext;
 
@@ -3379,8 +3320,7 @@ test_snow3g_encryption_oop(const struct snow3g_test_data *tdata)
 	retval = create_wireless_algo_cipher_operation_oop(tdata->iv.data,
 					tdata->iv.len,
 					tdata->validCipherLenInBits.len,
-					(tdata->iv.len << 3),
-					RTE_CRYPTO_CIPHER_SNOW3G_UEA2);
+					0);
 	if (retval < 0)
 		return retval;
 
@@ -3390,8 +3330,7 @@ test_snow3g_encryption_oop(const struct snow3g_test_data *tdata)
 
 	ut_params->obuf = ut_params->op->sym->m_dst;
 	if (ut_params->obuf)
-		ciphertext = rte_pktmbuf_mtod(ut_params->obuf, uint8_t *)
-				+ tdata->iv.len;
+		ciphertext = rte_pktmbuf_mtod(ut_params->obuf, uint8_t *);
 	else
 		ciphertext = plaintext;
 
@@ -3456,8 +3395,7 @@ test_snow3g_encryption_oop_sgl(const struct snow3g_test_data *tdata)
 	retval = create_wireless_algo_cipher_operation_oop(tdata->iv.data,
 					tdata->iv.len,
 					tdata->validCipherLenInBits.len,
-					(tdata->iv.len << 3),
-					RTE_CRYPTO_CIPHER_SNOW3G_UEA2);
+					0);
 	if (retval < 0)
 		return retval;
 
@@ -3467,10 +3405,10 @@ test_snow3g_encryption_oop_sgl(const struct snow3g_test_data *tdata)
 
 	ut_params->obuf = ut_params->op->sym->m_dst;
 	if (ut_params->obuf)
-		ciphertext = rte_pktmbuf_read(ut_params->obuf, tdata->iv.len,
+		ciphertext = rte_pktmbuf_read(ut_params->obuf, 0,
 				plaintext_len, buffer);
 	else
-		ciphertext = rte_pktmbuf_read(ut_params->ibuf, tdata->iv.len,
+		ciphertext = rte_pktmbuf_read(ut_params->ibuf, 0,
 				plaintext_len, buffer);
 
 	TEST_HEXDUMP(stdout, "ciphertext:", ciphertext, plaintext_len);
@@ -3559,9 +3497,7 @@ test_snow3g_encryption_offset_oop(const struct snow3g_test_data *tdata)
 	retval = create_wireless_algo_cipher_operation_oop(tdata->iv.data,
 					tdata->iv.len,
 					tdata->validCipherLenInBits.len,
-					(tdata->iv.len << 3) +
-					extra_offset,
-					RTE_CRYPTO_CIPHER_SNOW3G_UEA2);
+					extra_offset);
 	if (retval < 0)
 		return retval;
 
@@ -3571,8 +3507,7 @@ test_snow3g_encryption_offset_oop(const struct snow3g_test_data *tdata)
 
 	ut_params->obuf = ut_params->op->sym->m_dst;
 	if (ut_params->obuf)
-		ciphertext = rte_pktmbuf_mtod(ut_params->obuf, uint8_t *)
-				+ tdata->iv.len;
+		ciphertext = rte_pktmbuf_mtod(ut_params->obuf, uint8_t *);
 	else
 		ciphertext = plaintext;
 
@@ -3637,8 +3572,7 @@ static int test_snow3g_decryption(const struct snow3g_test_data *tdata)
 	/* Create SNOW 3G operation */
 	retval = create_wireless_algo_cipher_operation(tdata->iv.data, tdata->iv.len,
 					tdata->validCipherLenInBits.len,
-					(tdata->iv.len << 3),
-					RTE_CRYPTO_CIPHER_SNOW3G_UEA2);
+					0);
 	if (retval < 0)
 		return retval;
 
@@ -3647,8 +3581,7 @@ static int test_snow3g_decryption(const struct snow3g_test_data *tdata)
 	TEST_ASSERT_NOT_NULL(ut_params->op, "failed to retrieve obuf");
 	ut_params->obuf = ut_params->op->sym->m_dst;
 	if (ut_params->obuf)
-		plaintext = rte_pktmbuf_mtod(ut_params->obuf, uint8_t *)
-				+ tdata->iv.len;
+		plaintext = rte_pktmbuf_mtod(ut_params->obuf, uint8_t *);
 	else
 		plaintext = ciphertext;
 
@@ -3711,8 +3644,7 @@ static int test_snow3g_decryption_oop(const struct snow3g_test_data *tdata)
 	retval = create_wireless_algo_cipher_operation_oop(tdata->iv.data,
 					tdata->iv.len,
 					tdata->validCipherLenInBits.len,
-					(tdata->iv.len << 3),
-					RTE_CRYPTO_CIPHER_SNOW3G_UEA2);
+					0);
 	if (retval < 0)
 		return retval;
 
@@ -3721,8 +3653,7 @@ static int test_snow3g_decryption_oop(const struct snow3g_test_data *tdata)
 	TEST_ASSERT_NOT_NULL(ut_params->op, "failed to retrieve obuf");
 	ut_params->obuf = ut_params->op->sym->m_dst;
 	if (ut_params->obuf)
-		plaintext = rte_pktmbuf_mtod(ut_params->obuf, uint8_t *)
-				+ tdata->iv.len;
+		plaintext = rte_pktmbuf_mtod(ut_params->obuf, uint8_t *);
 	else
 		plaintext = ciphertext;
 
@@ -3799,7 +3730,7 @@ test_zuc_cipher_auth(const struct wireless_test_data *tdata)
 	ut_params->obuf = ut_params->op->sym->m_src;
 	if (ut_params->obuf)
 		ciphertext = rte_pktmbuf_mtod(ut_params->obuf, uint8_t *)
-				+ tdata->iv.len + tdata->aad.len;
+				+ tdata->aad.len;
 	else
 		ciphertext = plaintext;
 
@@ -3812,7 +3743,7 @@ test_zuc_cipher_auth(const struct wireless_test_data *tdata)
 			"ZUC Ciphertext data not as expected");
 
 	ut_params->digest = rte_pktmbuf_mtod(ut_params->obuf, uint8_t *)
-	    + plaintext_pad_len + tdata->aad.len + tdata->iv.len;
+	    + plaintext_pad_len + tdata->aad.len;
 
 	/* Validate obuf */
 	TEST_ASSERT_BUFFERS_ARE_EQUAL(
@@ -3867,10 +3798,9 @@ test_snow3g_cipher_auth(const struct snow3g_test_data *tdata)
 			tdata->aad.len, /*tdata->plaintext.len,*/
 			plaintext_pad_len, RTE_CRYPTO_AUTH_OP_GENERATE,
 			RTE_CRYPTO_AUTH_SNOW3G_UIA2,
-			RTE_CRYPTO_CIPHER_SNOW3G_UEA2,
 			tdata->iv.data, tdata->iv.len,
 			tdata->validCipherLenInBits.len,
-			(tdata->iv.len << 3),
+			0,
 			tdata->validAuthLenInBits.len,
 			(tdata->aad.len << 3)
 			);
@@ -3883,7 +3813,7 @@ test_snow3g_cipher_auth(const struct snow3g_test_data *tdata)
 	ut_params->obuf = ut_params->op->sym->m_src;
 	if (ut_params->obuf)
 		ciphertext = rte_pktmbuf_mtod(ut_params->obuf, uint8_t *)
-				+ tdata->iv.len + tdata->aad.len;
+					+ tdata->aad.len;
 	else
 		ciphertext = plaintext;
 
@@ -3896,7 +3826,7 @@ test_snow3g_cipher_auth(const struct snow3g_test_data *tdata)
 			"SNOW 3G Ciphertext data not as expected");
 
 	ut_params->digest = rte_pktmbuf_mtod(ut_params->obuf, uint8_t *)
-	    + plaintext_pad_len + tdata->aad.len + tdata->iv.len;
+	    + plaintext_pad_len + tdata->aad.len;
 
 	/* Validate obuf */
 	TEST_ASSERT_BUFFERS_ARE_EQUAL(
@@ -3952,11 +3882,10 @@ test_snow3g_auth_cipher(const struct snow3g_test_data *tdata)
 		tdata->aad.data, tdata->aad.len,
 		plaintext_pad_len,
 		tdata->validCipherLenInBits.len,
-		(tdata->iv.len << 3),
+		0,
 		tdata->validAuthLenInBits.len,
 		(tdata->aad.len << 3),
-		RTE_CRYPTO_AUTH_SNOW3G_UIA2,
-		RTE_CRYPTO_CIPHER_SNOW3G_UEA2
+		RTE_CRYPTO_AUTH_SNOW3G_UIA2
 	);
 
 	if (retval < 0)
@@ -3968,12 +3897,12 @@ test_snow3g_auth_cipher(const struct snow3g_test_data *tdata)
 	ut_params->obuf = ut_params->op->sym->m_src;
 	if (ut_params->obuf)
 		ciphertext = rte_pktmbuf_mtod(ut_params->obuf, uint8_t *)
-				+ tdata->aad.len + tdata->iv.len;
+				+ tdata->aad.len;
 	else
 		ciphertext = plaintext;
 
 	ut_params->digest = rte_pktmbuf_mtod(ut_params->obuf, uint8_t *)
-			+ plaintext_pad_len + tdata->aad.len + tdata->iv.len;
+			+ plaintext_pad_len + tdata->aad.len;
 	TEST_HEXDUMP(stdout, "ciphertext:", ciphertext, plaintext_len);
 
 	/* Validate obuf */
@@ -4037,11 +3966,10 @@ test_kasumi_auth_cipher(const struct kasumi_test_data *tdata)
 				tdata->aad.data, tdata->aad.len,
 				plaintext_pad_len,
 				tdata->validCipherLenInBits.len,
-				(tdata->iv.len << 3),
+				0,
 				tdata->validAuthLenInBits.len,
 				(tdata->aad.len << 3),
-				RTE_CRYPTO_AUTH_KASUMI_F9,
-				RTE_CRYPTO_CIPHER_KASUMI_F8
+				RTE_CRYPTO_AUTH_KASUMI_F9
 				);
 
 	if (retval < 0)
@@ -4053,7 +3981,7 @@ test_kasumi_auth_cipher(const struct kasumi_test_data *tdata)
 	ut_params->obuf = ut_params->op->sym->m_src;
 	if (ut_params->obuf)
 		ciphertext = rte_pktmbuf_mtod(ut_params->obuf, uint8_t *)
-				+ tdata->iv.len + tdata->aad.len;
+				+ tdata->aad.len;
 	else
 		ciphertext = plaintext;
 
@@ -4064,7 +3992,7 @@ test_kasumi_auth_cipher(const struct kasumi_test_data *tdata)
 			tdata->validCipherLenInBits.len,
 			"KASUMI Ciphertext data not as expected");
 	ut_params->digest = rte_pktmbuf_mtod(ut_params->obuf, uint8_t *)
-	    + plaintext_pad_len + tdata->aad.len + tdata->iv.len;
+	    + plaintext_pad_len + tdata->aad.len;
 
 	/* Validate obuf */
 	TEST_ASSERT_BUFFERS_ARE_EQUAL(
@@ -4121,10 +4049,9 @@ test_kasumi_cipher_auth(const struct kasumi_test_data *tdata)
 				tdata->aad.len,
 				plaintext_pad_len, RTE_CRYPTO_AUTH_OP_GENERATE,
 				RTE_CRYPTO_AUTH_KASUMI_F9,
-				RTE_CRYPTO_CIPHER_KASUMI_F8,
 				tdata->iv.data, tdata->iv.len,
 				tdata->validCipherLenInBits.len,
-				(tdata->iv.len << 3),
+				0,
 				tdata->validAuthLenInBits.len,
 				(tdata->aad.len << 3)
 				);
@@ -4137,12 +4064,12 @@ test_kasumi_cipher_auth(const struct kasumi_test_data *tdata)
 	ut_params->obuf = ut_params->op->sym->m_src;
 	if (ut_params->obuf)
 		ciphertext = rte_pktmbuf_mtod(ut_params->obuf, uint8_t *)
-				+ tdata->aad.len + tdata->iv.len;
+				+ tdata->aad.len;
 	else
 		ciphertext = plaintext;
 
 	ut_params->digest = rte_pktmbuf_mtod(ut_params->obuf, uint8_t *)
-			+ plaintext_pad_len + tdata->aad.len + tdata->iv.len;
+			+ plaintext_pad_len + tdata->aad.len;
 
 	/* Validate obuf */
 	TEST_ASSERT_BUFFERS_ARE_EQUAL_BIT(
@@ -4208,8 +4135,7 @@ test_zuc_encryption(const struct wireless_test_data *tdata)
 	/* Create ZUC operation */
 	retval = create_wireless_algo_cipher_operation(tdata->iv.data, tdata->iv.len,
 					tdata->plaintext.len,
-					(tdata->iv.len << 3),
-					RTE_CRYPTO_CIPHER_ZUC_EEA3);
+					0);
 	if (retval < 0)
 		return retval;
 
@@ -4219,8 +4145,7 @@ test_zuc_encryption(const struct wireless_test_data *tdata)
 
 	ut_params->obuf = ut_params->op->sym->m_dst;
 	if (ut_params->obuf)
-		ciphertext = rte_pktmbuf_mtod(ut_params->obuf, uint8_t *)
-				+ tdata->iv.len;
+		ciphertext = rte_pktmbuf_mtod(ut_params->obuf, uint8_t *);
 	else
 		ciphertext = plaintext;
 
@@ -4293,8 +4218,7 @@ test_zuc_encryption_sgl(const struct wireless_test_data *tdata)
 	/* Create ZUC operation */
 	retval = create_wireless_algo_cipher_operation(tdata->iv.data,
 			tdata->iv.len, tdata->plaintext.len,
-			(tdata->iv.len << 3),
-			RTE_CRYPTO_CIPHER_ZUC_EEA3);
+			0);
 	if (retval < 0)
 		return retval;
 
@@ -4305,10 +4229,10 @@ test_zuc_encryption_sgl(const struct wireless_test_data *tdata)
 	ut_params->obuf = ut_params->op->sym->m_dst;
 	if (ut_params->obuf)
 		ciphertext = rte_pktmbuf_read(ut_params->obuf,
-			tdata->iv.len, plaintext_len, ciphertext_buffer);
+			0, plaintext_len, ciphertext_buffer);
 	else
 		ciphertext = rte_pktmbuf_read(ut_params->ibuf,
-			tdata->iv.len, plaintext_len, ciphertext_buffer);
+			0, plaintext_len, ciphertext_buffer);
 
 	/* Validate obuf */
 	TEST_HEXDUMP(stdout, "ciphertext:", ciphertext, plaintext_len);
@@ -4905,7 +4829,7 @@ create_gcm_operation(enum rte_crypto_cipher_operation op,
 	struct crypto_unittest_params *ut_params = &unittest_params;
 
 	uint8_t *plaintext, *ciphertext;
-	unsigned int iv_pad_len, aad_pad_len, plaintext_pad_len;
+	unsigned int aad_pad_len, plaintext_pad_len;
 
 	/* Generate Crypto op data structure */
 	ut_params->op = rte_crypto_op_alloc(ts_params->op_mpool,
@@ -4929,14 +4853,11 @@ create_gcm_operation(enum rte_crypto_cipher_operation op,
 	TEST_HEXDUMP(stdout, "aad:", sym_op->auth.aad.data,
 		sym_op->auth.aad.length);
 
-	/* Prepend iv */
-	iv_pad_len = RTE_ALIGN_CEIL(tdata->iv.len, 16);
-	sym_op->cipher.iv.data = (uint8_t *)rte_pktmbuf_prepend(
-			ut_params->ibuf, iv_pad_len);
-	TEST_ASSERT_NOT_NULL(sym_op->cipher.iv.data, "no room to prepend iv");
-
-	memset(sym_op->cipher.iv.data, 0, iv_pad_len);
-	sym_op->cipher.iv.phys_addr = rte_pktmbuf_mtophys(ut_params->ibuf);
+	/* Append IV at the end of the crypto operation*/
+	sym_op->cipher.iv.data = rte_crypto_op_ctod_offset(ut_params->op,
+						uint8_t *, IV_OFFSET);
+	sym_op->cipher.iv.phys_addr = rte_crypto_op_ctophys_offset(ut_params->op,
+						IV_OFFSET);
 	sym_op->cipher.iv.length = tdata->iv.len;
 
 	rte_memcpy(sym_op->cipher.iv.data, tdata->iv.data, tdata->iv.len);
@@ -4957,12 +4878,11 @@ create_gcm_operation(enum rte_crypto_cipher_operation op,
 		if (ut_params->obuf) {
 			ciphertext = (uint8_t *)rte_pktmbuf_append(
 					ut_params->obuf,
-					plaintext_pad_len + aad_pad_len +
-					iv_pad_len);
+					plaintext_pad_len + aad_pad_len);
 			TEST_ASSERT_NOT_NULL(ciphertext,
 					"no room to append ciphertext");
 
-			memset(ciphertext + aad_pad_len + iv_pad_len, 0,
+			memset(ciphertext + aad_pad_len, 0,
 					tdata->ciphertext.len);
 		}
 	} else {
@@ -4980,12 +4900,11 @@ create_gcm_operation(enum rte_crypto_cipher_operation op,
 		if (ut_params->obuf) {
 			plaintext = (uint8_t *)rte_pktmbuf_append(
 					ut_params->obuf,
-					plaintext_pad_len + aad_pad_len +
-					iv_pad_len);
+					plaintext_pad_len + aad_pad_len);
 			TEST_ASSERT_NOT_NULL(plaintext,
 					"no room to append plaintext");
 
-			memset(plaintext + aad_pad_len + iv_pad_len, 0,
+			memset(plaintext + aad_pad_len, 0,
 					tdata->plaintext.len);
 		}
 	}
@@ -5003,7 +4922,7 @@ create_gcm_operation(enum rte_crypto_cipher_operation op,
 				ut_params->obuf ? ut_params->obuf :
 						ut_params->ibuf,
 						plaintext_pad_len +
-						aad_pad_len + iv_pad_len);
+						aad_pad_len);
 		sym_op->auth.digest.length = tdata->auth_tag.len;
 	} else {
 		sym_op->auth.digest.data = (uint8_t *)rte_pktmbuf_append(
@@ -5012,7 +4931,7 @@ create_gcm_operation(enum rte_crypto_cipher_operation op,
 				"no room to append digest");
 		sym_op->auth.digest.phys_addr = rte_pktmbuf_mtophys_offset(
 				ut_params->ibuf,
-				plaintext_pad_len + aad_pad_len + iv_pad_len);
+				plaintext_pad_len + aad_pad_len);
 		sym_op->auth.digest.length = tdata->auth_tag.len;
 
 		rte_memcpy(sym_op->auth.digest.data, tdata->auth_tag.data,
@@ -5023,10 +4942,10 @@ create_gcm_operation(enum rte_crypto_cipher_operation op,
 	}
 
 	sym_op->cipher.data.length = tdata->plaintext.len;
-	sym_op->cipher.data.offset = aad_pad_len + iv_pad_len;
+	sym_op->cipher.data.offset = aad_pad_len;
 
 	sym_op->auth.data.length = tdata->plaintext.len;
-	sym_op->auth.data.offset = aad_pad_len + iv_pad_len;
+	sym_op->auth.data.offset = aad_pad_len;
 
 	return 0;
 }
@@ -6464,10 +6383,8 @@ create_gmac_operation(enum rte_crypto_auth_operation op,
 	struct crypto_unittest_params *ut_params = &unittest_params;
 	struct rte_crypto_sym_op *sym_op;
 
-	unsigned iv_pad_len;
 	unsigned aad_pad_len;
 
-	iv_pad_len = RTE_ALIGN_CEIL(tdata->iv.len, 16);
 	aad_pad_len = RTE_ALIGN_CEIL(tdata->aad.len, 16);
 
 	/*
@@ -6512,17 +6429,15 @@ create_gmac_operation(enum rte_crypto_auth_operation op,
 				sym_op->auth.digest.length);
 	}
 
-	sym_op->cipher.iv.data = (uint8_t *)rte_pktmbuf_prepend(
-			ut_params->ibuf, iv_pad_len);
-	TEST_ASSERT_NOT_NULL(sym_op->cipher.iv.data, "no room to prepend iv");
-
-	memset(sym_op->cipher.iv.data, 0, iv_pad_len);
-	sym_op->cipher.iv.phys_addr = rte_pktmbuf_mtophys(ut_params->ibuf);
+	sym_op->cipher.iv.data = rte_crypto_op_ctod_offset(ut_params->op,
+						uint8_t *, IV_OFFSET);
+	sym_op->cipher.iv.phys_addr = rte_crypto_op_ctophys_offset(ut_params->op,
+						IV_OFFSET);
 	sym_op->cipher.iv.length = tdata->iv.len;
 
 	rte_memcpy(sym_op->cipher.iv.data, tdata->iv.data, tdata->iv.len);
 
-	TEST_HEXDUMP(stdout, "iv:", sym_op->cipher.iv.data, iv_pad_len);
+	TEST_HEXDUMP(stdout, "iv:", sym_op->cipher.iv.data, tdata->iv.len);
 
 	sym_op->cipher.data.length = 0;
 	sym_op->cipher.data.offset = 0;
@@ -7060,14 +6975,13 @@ create_auth_GMAC_operation(struct crypto_testsuite_params *ts_params,
 			sym_op->auth.digest.data,
 			sym_op->auth.digest.length);
 
-	sym_op->cipher.iv.data = (uint8_t *)rte_pktmbuf_prepend(
-		ut_params->ibuf, reference->iv.len);
-	TEST_ASSERT_NOT_NULL(sym_op->cipher.iv.data, "no room to prepend iv");
-
-	sym_op->cipher.iv.phys_addr = rte_pktmbuf_mtophys(ut_params->ibuf);
+	sym_op->cipher.iv.data = rte_crypto_op_ctod_offset(ut_params->op,
+						uint8_t *, IV_OFFSET);
+	sym_op->cipher.iv.phys_addr = rte_crypto_op_ctophys_offset(ut_params->op,
+						IV_OFFSET);
 	sym_op->cipher.iv.length = reference->iv.len;
 
-	memcpy(sym_op->cipher.iv.data, reference->iv.data, reference->iv.len);
+	rte_memcpy(sym_op->cipher.iv.data, reference->iv.data, reference->iv.len);
 
 	sym_op->cipher.data.length = 0;
 	sym_op->cipher.data.offset = 0;
@@ -7120,20 +7034,19 @@ create_cipher_auth_operation(struct crypto_testsuite_params *ts_params,
 			sym_op->auth.digest.data,
 			sym_op->auth.digest.length);
 
-	sym_op->cipher.iv.data = (uint8_t *)rte_pktmbuf_prepend(
-		ut_params->ibuf, reference->iv.len);
-	TEST_ASSERT_NOT_NULL(sym_op->cipher.iv.data, "no room to prepend iv");
-
-	sym_op->cipher.iv.phys_addr = rte_pktmbuf_mtophys(ut_params->ibuf);
+	sym_op->cipher.iv.data = rte_crypto_op_ctod_offset(ut_params->op,
+						uint8_t *, IV_OFFSET);
+	sym_op->cipher.iv.phys_addr = rte_crypto_op_ctophys_offset(ut_params->op,
+						IV_OFFSET);
 	sym_op->cipher.iv.length = reference->iv.len;
 
-	memcpy(sym_op->cipher.iv.data, reference->iv.data, reference->iv.len);
+	rte_memcpy(sym_op->cipher.iv.data, reference->iv.data, reference->iv.len);
 
 	sym_op->cipher.data.length = reference->ciphertext.len;
-	sym_op->cipher.data.offset = reference->iv.len;
+	sym_op->cipher.data.offset = 0;
 
 	sym_op->auth.data.length = reference->ciphertext.len;
-	sym_op->auth.data.offset = reference->iv.len;
+	sym_op->auth.data.offset = 0;
 
 	return 0;
 }
@@ -7347,8 +7260,6 @@ create_gcm_operation_SGL(enum rte_crypto_cipher_operation op,
 	const unsigned int iv_len = tdata->iv.len;
 	const unsigned int aad_len = tdata->aad.len;
 
-	unsigned int iv_pad_len = 0;
-
 	/* Generate Crypto op data structure */
 	ut_params->op = rte_crypto_op_alloc(ts_params->op_mpool,
 			RTE_CRYPTO_OP_TYPE_SYMMETRIC);
@@ -7373,19 +7284,13 @@ create_gcm_operation_SGL(enum rte_crypto_cipher_operation op,
 				sym_op->auth.digest.length);
 	}
 
-	iv_pad_len = RTE_ALIGN_CEIL(iv_len, 16);
-
-	sym_op->cipher.iv.data = (uint8_t *)rte_pktmbuf_prepend(
-			ut_params->ibuf, iv_pad_len);
-
-	TEST_ASSERT_NOT_NULL(sym_op->cipher.iv.data,
-			"no room to prepend iv");
-
-	memset(sym_op->cipher.iv.data, 0, iv_pad_len);
-	sym_op->cipher.iv.phys_addr = rte_pktmbuf_mtophys(ut_params->ibuf);
+	sym_op->cipher.iv.data = rte_crypto_op_ctod_offset(ut_params->op,
+						uint8_t *, IV_OFFSET);
+	sym_op->cipher.iv.phys_addr = rte_crypto_op_ctophys_offset(ut_params->op,
+						IV_OFFSET);
 	sym_op->cipher.iv.length = iv_len;
 
-	rte_memcpy(sym_op->cipher.iv.data, tdata->iv.data, iv_pad_len);
+	rte_memcpy(sym_op->cipher.iv.data, tdata->iv.data, iv_len);
 
 	sym_op->auth.aad.data = (uint8_t *)rte_pktmbuf_prepend(
 			ut_params->ibuf, aad_len);
@@ -7398,14 +7303,14 @@ create_gcm_operation_SGL(enum rte_crypto_cipher_operation op,
 	memset(sym_op->auth.aad.data, 0, aad_len);
 	rte_memcpy(sym_op->auth.aad.data, tdata->aad.data, aad_len);
 
-	TEST_HEXDUMP(stdout, "iv:", sym_op->cipher.iv.data, iv_pad_len);
+	TEST_HEXDUMP(stdout, "iv:", sym_op->cipher.iv.data, iv_len);
 	TEST_HEXDUMP(stdout, "aad:",
 			sym_op->auth.aad.data, aad_len);
 
 	sym_op->cipher.data.length = tdata->plaintext.len;
-	sym_op->cipher.data.offset = aad_len + iv_pad_len;
+	sym_op->cipher.data.offset = aad_len;
 
-	sym_op->auth.data.offset = aad_len + iv_pad_len;
+	sym_op->auth.data.offset = aad_len;
 	sym_op->auth.data.length = tdata->plaintext.len;
 
 	return 0;
@@ -7439,8 +7344,7 @@ test_AES_GCM_authenticated_encryption_SGL(const struct gcm_test_data *tdata,
 	int ecx = 0;
 	void *digest_mem = NULL;
 
-	uint32_t prepend_len = ALIGN_POW2_ROUNDUP(tdata->iv.len, 16)
-			+ tdata->aad.len;
+	uint32_t prepend_len = tdata->aad.len;
 
 	if (tdata->plaintext.len % fragsz != 0) {
 		if (tdata->plaintext.len / fragsz + 1 > SGL_MAX_NO)
diff --git a/test/test/test_cryptodev.h b/test/test/test_cryptodev.h
index 67354a9..d60fa35 100644
--- a/test/test/test_cryptodev.h
+++ b/test/test/test_cryptodev.h
@@ -71,6 +71,12 @@
 #define TRUNCATED_DIGEST_BYTE_LENGTH_SHA384		(24)
 #define TRUNCATED_DIGEST_BYTE_LENGTH_SHA512		(32)
 
+#define MAXIMUM_IV_LENGTH				(16)
+
+#define IV_OFFSET			(sizeof(struct rte_crypto_op) + \
+		sizeof(struct rte_crypto_sym_op) + DEFAULT_NUM_XFORMS * \
+		sizeof(struct rte_crypto_sym_xform))
+
 /**
  * Write (spread) data from buffer to mbuf data
  *
diff --git a/test/test/test_cryptodev_blockcipher.c b/test/test/test_cryptodev_blockcipher.c
index 603c776..2a0c364 100644
--- a/test/test/test_cryptodev_blockcipher.c
+++ b/test/test/test_cryptodev_blockcipher.c
@@ -118,8 +118,6 @@ test_blockcipher_one_case(const struct blockcipher_test_case *t,
 	}
 
 	/* preparing data */
-	if (t->op_mask & BLOCKCIPHER_TEST_OP_CIPHER)
-		buf_len += tdata->iv.len;
 	if (t->op_mask & BLOCKCIPHER_TEST_OP_AUTH)
 		buf_len += digest_len;
 
@@ -145,10 +143,6 @@ test_blockcipher_one_case(const struct blockcipher_test_case *t,
 		pktmbuf_write(ibuf, 0, tdata->ciphertext.len,
 				tdata->ciphertext.data);
 
-	if (t->op_mask & BLOCKCIPHER_TEST_OP_CIPHER) {
-		rte_memcpy(rte_pktmbuf_prepend(ibuf, tdata->iv.len),
-				tdata->iv.data, tdata->iv.len);
-	}
 	buf_p = rte_pktmbuf_append(ibuf, digest_len);
 	if (t->op_mask & BLOCKCIPHER_TEST_OP_AUTH_VERIFY)
 		rte_memcpy(buf_p, tdata->digest.data, digest_len);
@@ -294,24 +288,20 @@ test_blockcipher_one_case(const struct blockcipher_test_case *t,
 		cipher_xform->cipher.key.data = cipher_key;
 		cipher_xform->cipher.key.length = tdata->cipher_key.len;
 
-		sym_op->cipher.data.offset = tdata->iv.len;
+		sym_op->cipher.data.offset = 0;
 		sym_op->cipher.data.length = tdata->ciphertext.len;
-		sym_op->cipher.iv.data = rte_pktmbuf_mtod(sym_op->m_src,
-			uint8_t *);
+		sym_op->cipher.iv.data = rte_crypto_op_ctod_offset(op,
+						uint8_t *, IV_OFFSET);
+		sym_op->cipher.iv.phys_addr = rte_crypto_op_ctophys_offset(op,
+						IV_OFFSET);
 		sym_op->cipher.iv.length = tdata->iv.len;
-		sym_op->cipher.iv.phys_addr = rte_pktmbuf_mtophys(
-			sym_op->m_src);
+		rte_memcpy(sym_op->cipher.iv.data, tdata->iv.data,
+				tdata->iv.len);
 	}
 
 	if (t->op_mask & BLOCKCIPHER_TEST_OP_AUTH) {
-		uint32_t auth_data_offset = 0;
 		uint32_t digest_offset = tdata->ciphertext.len;
 
-		if (t->op_mask & BLOCKCIPHER_TEST_OP_CIPHER) {
-			digest_offset += tdata->iv.len;
-			auth_data_offset += tdata->iv.len;
-		}
-
 		auth_xform->type = RTE_CRYPTO_SYM_XFORM_AUTH;
 		auth_xform->auth.algo = tdata->auth_algo;
 		auth_xform->auth.key.length = tdata->auth_key.len;
@@ -334,7 +324,7 @@ test_blockcipher_one_case(const struct blockcipher_test_case *t,
 					digest_offset);
 		}
 
-		sym_op->auth.data.offset = auth_data_offset;
+		sym_op->auth.data.offset = 0;
 		sym_op->auth.data.length = tdata->ciphertext.len;
 		sym_op->auth.digest.length = digest_len;
 	}
@@ -421,7 +411,7 @@ test_blockcipher_one_case(const struct blockcipher_test_case *t,
 			compare_len = tdata->plaintext.len;
 		}
 
-		if (memcmp(rte_pktmbuf_read(iobuf, tdata->iv.len, compare_len,
+		if (memcmp(rte_pktmbuf_read(iobuf, 0, compare_len,
 				buffer), compare_ref, compare_len)) {
 			snprintf(test_msg, BLOCKCIPHER_TEST_MSG_LEN, "line %u "
 				"FAILED: %s", __LINE__,
@@ -432,13 +422,7 @@ test_blockcipher_one_case(const struct blockcipher_test_case *t,
 	}
 
 	if (t->op_mask & BLOCKCIPHER_TEST_OP_AUTH_GEN) {
-		uint8_t *auth_res;
-
-		if (t->op_mask & BLOCKCIPHER_TEST_OP_CIPHER)
-			auth_res = pktmbuf_mtod_offset(iobuf,
-					tdata->iv.len + tdata->ciphertext.len);
-		else
-			auth_res = pktmbuf_mtod_offset(iobuf,
+		uint8_t *auth_res = pktmbuf_mtod_offset(iobuf,
 					tdata->ciphertext.len);
 
 		if (memcmp(auth_res, tdata->digest.data, digest_len)) {
-- 
2.9.4

^ permalink raw reply	[flat|nested] 100+ messages in thread

* [dpdk-dev] [PATCH v3 08/26] test/crypto-perf: move IV to crypto op private data
  2017-06-29 11:34   ` [dpdk-dev] [PATCH v3 00/26] Crypto operation restructuring Pablo de Lara
                       ` (6 preceding siblings ...)
  2017-06-29 11:35     ` [dpdk-dev] [PATCH v3 07/26] test/crypto: move IV to crypto op private data Pablo de Lara
@ 2017-06-29 11:35     ` Pablo de Lara
  2017-06-29 11:35     ` [dpdk-dev] [PATCH v3 09/26] app/crypto-perf: " Pablo de Lara
                       ` (19 subsequent siblings)
  27 siblings, 0 replies; 100+ messages in thread
From: Pablo de Lara @ 2017-06-29 11:35 UTC (permalink / raw)
  To: declan.doherty, zbigniew.bodek, jerin.jacob, akhil.goyal,
	hemant.agrawal, fiona.trahe, john.griffin, deepak.k.jain
  Cc: dev, Pablo de Lara

Usually, IV will change for each crypto operation.
Therefore, instead of pointing at the same location,
IV is copied after each crypto operation.

This will let the IV to be passed as an offset from
the beginning of the crypto operation, instead of
a pointer.

Signed-off-by: Pablo de Lara <pablo.de.lara.guarch@intel.com>
Acked-by: Akhil Goyal <akhil.goyal@nxp.com>
---
 test/test/test_cryptodev_perf.c | 110 ++++++++++++++++++++++------------------
 1 file changed, 60 insertions(+), 50 deletions(-)

diff --git a/test/test/test_cryptodev_perf.c b/test/test/test_cryptodev_perf.c
index 7a90667..b08451d 100644
--- a/test/test/test_cryptodev_perf.c
+++ b/test/test/test_cryptodev_perf.c
@@ -110,7 +110,6 @@ struct symmetric_session_attrs {
 
 struct crypto_params {
 	uint8_t *aad;
-	uint8_t *iv;
 	uint8_t *digest;
 };
 
@@ -265,7 +264,8 @@ testsuite_setup(void)
 			RTE_CRYPTO_OP_TYPE_SYMMETRIC,
 			NUM_MBUFS, MBUF_CACHE_SIZE,
 			DEFAULT_NUM_XFORMS *
-			sizeof(struct rte_crypto_sym_xform),
+			sizeof(struct rte_crypto_sym_xform) +
+			MAXIMUM_IV_LENGTH,
 			rte_socket_id());
 		if (ts_params->op_mpool == NULL) {
 			RTE_LOG(ERR, USER1, "Can't create CRYPTO_OP_POOL\n");
@@ -1978,19 +1978,20 @@ test_perf_crypto_qp_vary_burst_size(uint16_t dev_num)
 				data_params[0].length);
 		op->sym->auth.digest.length = DIGEST_BYTE_LENGTH_SHA256;
 
-		op->sym->auth.data.offset = CIPHER_IV_LENGTH_AES_CBC;
+		op->sym->auth.data.offset = 0;
 		op->sym->auth.data.length = data_params[0].length;
 
 
-		op->sym->cipher.iv.data = (uint8_t *)rte_pktmbuf_prepend(m,
-				CIPHER_IV_LENGTH_AES_CBC);
-		op->sym->cipher.iv.phys_addr = rte_pktmbuf_mtophys(m);
+		op->sym->cipher.iv.data = rte_crypto_op_ctod_offset(op,
+				uint8_t *, IV_OFFSET);
+		op->sym->cipher.iv.phys_addr = rte_crypto_op_ctophys_offset(op,
+				IV_OFFSET);
 		op->sym->cipher.iv.length = CIPHER_IV_LENGTH_AES_CBC;
 
 		rte_memcpy(op->sym->cipher.iv.data, aes_cbc_128_iv,
 				CIPHER_IV_LENGTH_AES_CBC);
 
-		op->sym->cipher.data.offset = CIPHER_IV_LENGTH_AES_CBC;
+		op->sym->cipher.data.offset = 0;
 		op->sym->cipher.data.length = data_params[0].length;
 
 		op->sym->m_src = m;
@@ -2887,23 +2888,25 @@ test_perf_set_crypto_op_aes(struct rte_crypto_op *op, struct rte_mbuf *m,
 		op->sym->auth.data.length = 0;
 	} else {
 		op->sym->auth.digest.data = rte_pktmbuf_mtod_offset(m,
-				 uint8_t *, AES_CIPHER_IV_LENGTH + data_len);
+				 uint8_t *, data_len);
 		op->sym->auth.digest.phys_addr = rte_pktmbuf_mtophys_offset(m,
-				AES_CIPHER_IV_LENGTH + data_len);
+				data_len);
 		op->sym->auth.digest.length = digest_len;
-		op->sym->auth.data.offset = AES_CIPHER_IV_LENGTH;
+		op->sym->auth.data.offset = 0;
 		op->sym->auth.data.length = data_len;
 	}
 
 
 	/* Cipher Parameters */
-	op->sym->cipher.iv.data = rte_pktmbuf_mtod(m, uint8_t *);
-	op->sym->cipher.iv.phys_addr = rte_pktmbuf_mtophys(m);
+	op->sym->cipher.iv.data = rte_crypto_op_ctod_offset(op,
+			uint8_t *, IV_OFFSET);
+	op->sym->cipher.iv.phys_addr = rte_crypto_op_ctophys_offset(op,
+			IV_OFFSET);
 	op->sym->cipher.iv.length = AES_CIPHER_IV_LENGTH;
 
 	rte_memcpy(op->sym->cipher.iv.data, aes_iv, AES_CIPHER_IV_LENGTH);
 
-	op->sym->cipher.data.offset = AES_CIPHER_IV_LENGTH;
+	op->sym->cipher.data.offset = 0;
 	op->sym->cipher.data.length = data_len;
 
 	op->sym->m_src = m;
@@ -2931,8 +2934,12 @@ test_perf_set_crypto_op_aes_gcm(struct rte_crypto_op *op, struct rte_mbuf *m,
 	op->sym->auth.aad.length = AES_GCM_AAD_LENGTH;
 
 	/* Cipher Parameters */
-	op->sym->cipher.iv.data = aes_iv;
+	op->sym->cipher.iv.data = rte_crypto_op_ctod_offset(op,
+			uint8_t *, IV_OFFSET);
+	op->sym->cipher.iv.phys_addr = rte_crypto_op_ctophys_offset(op,
+			IV_OFFSET);
 	op->sym->cipher.iv.length = AES_CIPHER_IV_LENGTH;
+	rte_memcpy(op->sym->cipher.iv.data, aes_iv, AES_CIPHER_IV_LENGTH);
 
 	/* Data lengths/offsets Parameters */
 	op->sym->auth.data.offset = 0;
@@ -2951,22 +2958,31 @@ test_perf_set_crypto_op_snow3g(struct rte_crypto_op *op, struct rte_mbuf *m,
 		struct rte_cryptodev_sym_session *sess, unsigned data_len,
 		unsigned digest_len)
 {
+	uint8_t *iv_ptr = rte_crypto_op_ctod_offset(op,
+			uint8_t *, IV_OFFSET);
+
 	if (rte_crypto_op_attach_sym_session(op, sess) != 0) {
 		rte_crypto_op_free(op);
 		return NULL;
 	}
 
+	rte_memcpy(iv_ptr, snow3g_iv, SNOW3G_CIPHER_IV_LENGTH);
+
 	/* Authentication Parameters */
 	op->sym->auth.digest.data = (uint8_t *)m->buf_addr +
 						(m->data_off + data_len);
 	op->sym->auth.digest.phys_addr =
 				rte_pktmbuf_mtophys_offset(m, data_len);
 	op->sym->auth.digest.length = digest_len;
-	op->sym->auth.aad.data = snow3g_iv;
+	op->sym->auth.aad.data = iv_ptr;
+	op->sym->auth.aad.phys_addr = rte_crypto_op_ctophys_offset(op,
+			IV_OFFSET);
 	op->sym->auth.aad.length = SNOW3G_CIPHER_IV_LENGTH;
 
 	/* Cipher Parameters */
-	op->sym->cipher.iv.data = snow3g_iv;
+	op->sym->cipher.iv.data = iv_ptr;
+	op->sym->cipher.iv.phys_addr = rte_crypto_op_ctophys_offset(op,
+			IV_OFFSET);
 	op->sym->cipher.iv.length = SNOW3G_CIPHER_IV_LENGTH;
 
 	/* Data lengths/offsets Parameters */
@@ -2993,12 +3009,14 @@ test_perf_set_crypto_op_snow3g_cipher(struct rte_crypto_op *op,
 	}
 
 	/* Cipher Parameters */
-	op->sym->cipher.iv.data = rte_pktmbuf_mtod(m, uint8_t *);
+	op->sym->cipher.iv.data = rte_crypto_op_ctod_offset(op,
+			uint8_t *, IV_OFFSET);
+	op->sym->cipher.iv.phys_addr = rte_crypto_op_ctophys_offset(op,
+			IV_OFFSET);
 	op->sym->cipher.iv.length = SNOW3G_CIPHER_IV_LENGTH;
 	rte_memcpy(op->sym->cipher.iv.data, snow3g_iv, SNOW3G_CIPHER_IV_LENGTH);
-	op->sym->cipher.iv.phys_addr = rte_pktmbuf_mtophys(m);
 
-	op->sym->cipher.data.offset = SNOW3G_CIPHER_IV_LENGTH;
+	op->sym->cipher.data.offset = 0;
 	op->sym->cipher.data.length = data_len << 3;
 
 	op->sym->m_src = m;
@@ -3028,14 +3046,16 @@ test_perf_set_crypto_op_snow3g_hash(struct rte_crypto_op *op,
 				rte_pktmbuf_mtophys_offset(m, data_len +
 					SNOW3G_CIPHER_IV_LENGTH);
 	op->sym->auth.digest.length = digest_len;
-	op->sym->auth.aad.data = rte_pktmbuf_mtod(m, uint8_t *);
+	op->sym->auth.aad.data = rte_crypto_op_ctod_offset(op,
+			uint8_t *, IV_OFFSET);
+	op->sym->auth.aad.phys_addr = rte_crypto_op_ctophys_offset(op,
+			IV_OFFSET);
 	op->sym->auth.aad.length = SNOW3G_CIPHER_IV_LENGTH;
 	rte_memcpy(op->sym->auth.aad.data, snow3g_iv,
 			SNOW3G_CIPHER_IV_LENGTH);
-	op->sym->auth.aad.phys_addr = rte_pktmbuf_mtophys(m);
 
 	/* Data lengths/offsets Parameters */
-	op->sym->auth.data.offset = SNOW3G_CIPHER_IV_LENGTH;
+	op->sym->auth.data.offset = 0;
 	op->sym->auth.data.length = data_len << 3;
 
 	op->sym->m_src = m;
@@ -3062,8 +3082,13 @@ test_perf_set_crypto_op_3des(struct rte_crypto_op *op, struct rte_mbuf *m,
 	op->sym->auth.digest.length = digest_len;
 
 	/* Cipher Parameters */
-	op->sym->cipher.iv.data = triple_des_iv;
+	op->sym->cipher.iv.data = rte_crypto_op_ctod_offset(op,
+			uint8_t *, IV_OFFSET);
+	op->sym->cipher.iv.phys_addr = rte_crypto_op_ctophys_offset(op,
+			IV_OFFSET);
 	op->sym->cipher.iv.length = TRIPLE_DES_CIPHER_IV_LENGTH;
+	rte_memcpy(op->sym->cipher.iv.data, triple_des_iv,
+			TRIPLE_DES_CIPHER_IV_LENGTH);
 
 	/* Data lengths/offsets Parameters */
 	op->sym->auth.data.offset = 0;
@@ -3129,10 +3154,9 @@ test_perf_aes_sha(uint8_t dev_id, uint16_t queue_id,
 			return -1;
 		}
 
-		/* Make room for Digest and IV in mbuf */
+		/* Make room for Digest in mbuf */
 		if (pparams->chain != CIPHER_ONLY)
 			rte_pktmbuf_append(mbufs[i], digest_length);
-		rte_pktmbuf_prepend(mbufs[i], AES_CIPHER_IV_LENGTH);
 	}
 
 
@@ -3253,12 +3277,12 @@ test_perf_snow3g(uint8_t dev_id, uint16_t queue_id,
 	/* Generate a burst of crypto operations */
 	for (i = 0; i < (pparams->burst_size * NUM_MBUF_SETS); i++) {
 		/*
-		 * Buffer size + iv/aad len is allocated, for perf tests they
+		 * Buffer size is allocated, for perf tests they
 		 * are equal + digest len.
 		 */
 		mbufs[i] = test_perf_create_pktmbuf(
 				ts_params->mbuf_mp,
-				pparams->buf_size + SNOW3G_CIPHER_IV_LENGTH +
+				pparams->buf_size  +
 				digest_length);
 
 		if (mbufs[i] == NULL) {
@@ -4164,28 +4188,25 @@ perf_gcm_set_crypto_op(struct rte_crypto_op *op, struct rte_mbuf *m,
 		return NULL;
 	}
 
-	uint16_t iv_pad_len = ALIGN_POW2_ROUNDUP(params->symmetric_op->iv_len,
-						 16);
-
 	op->sym->auth.digest.data = m_hlp->digest;
 	op->sym->auth.digest.phys_addr = rte_pktmbuf_mtophys_offset(
 					  m,
 					  params->symmetric_op->aad_len +
-					  iv_pad_len +
 					  params->symmetric_op->p_len);
 
 	op->sym->auth.digest.length = params->symmetric_op->t_len;
 
 	op->sym->auth.aad.data = m_hlp->aad;
 	op->sym->auth.aad.length = params->symmetric_op->aad_len;
-	op->sym->auth.aad.phys_addr = rte_pktmbuf_mtophys_offset(
-					  m,
-					  iv_pad_len);
+	op->sym->auth.aad.phys_addr = rte_pktmbuf_mtophys(m);
 
 	rte_memcpy(op->sym->auth.aad.data, params->symmetric_op->aad_data,
 		       params->symmetric_op->aad_len);
 
-	op->sym->cipher.iv.data = m_hlp->iv;
+	op->sym->cipher.iv.data = rte_crypto_op_ctod_offset(op,
+			uint8_t *, IV_OFFSET);
+	op->sym->cipher.iv.phys_addr = rte_crypto_op_ctophys_offset(op,
+			IV_OFFSET);
 	rte_memcpy(op->sym->cipher.iv.data, params->symmetric_op->iv_data,
 		       params->symmetric_op->iv_len);
 	if (params->symmetric_op->iv_len == 12)
@@ -4194,11 +4215,11 @@ perf_gcm_set_crypto_op(struct rte_crypto_op *op, struct rte_mbuf *m,
 	op->sym->cipher.iv.length = params->symmetric_op->iv_len;
 
 	op->sym->auth.data.offset =
-			iv_pad_len + params->symmetric_op->aad_len;
+			params->symmetric_op->aad_len;
 	op->sym->auth.data.length = params->symmetric_op->p_len;
 
 	op->sym->cipher.data.offset =
-			iv_pad_len + params->symmetric_op->aad_len;
+			params->symmetric_op->aad_len;
 	op->sym->cipher.data.length = params->symmetric_op->p_len;
 
 	op->sym->m_src = m;
@@ -4212,8 +4233,6 @@ test_perf_create_pktmbuf_fill(struct rte_mempool *mpool,
 		unsigned buf_sz, struct crypto_params *m_hlp)
 {
 	struct rte_mbuf *m = rte_pktmbuf_alloc(mpool);
-	uint16_t iv_pad_len =
-			ALIGN_POW2_ROUNDUP(params->symmetric_op->iv_len, 16);
 	uint16_t aad_len = params->symmetric_op->aad_len;
 	uint16_t digest_size = params->symmetric_op->t_len;
 	char *p;
@@ -4225,13 +4244,6 @@ test_perf_create_pktmbuf_fill(struct rte_mempool *mpool,
 	}
 	m_hlp->aad = (uint8_t *)p;
 
-	p = rte_pktmbuf_append(m, iv_pad_len);
-	if (p == NULL) {
-		rte_pktmbuf_free(m);
-		return NULL;
-	}
-	m_hlp->iv = (uint8_t *)p;
-
 	p = rte_pktmbuf_append(m, buf_sz);
 	if (p == NULL) {
 		rte_pktmbuf_free(m);
@@ -4350,22 +4362,20 @@ perf_AES_GCM(uint8_t dev_id, uint16_t queue_id,
 
 		for (m = 0; m < burst_dequeued; m++) {
 			if (test_ops) {
-				uint16_t iv_pad_len = ALIGN_POW2_ROUNDUP
-					(pparams->symmetric_op->iv_len, 16);
 				uint8_t *pkt = rte_pktmbuf_mtod(
 					proc_ops[m]->sym->m_src,
 					uint8_t *);
 
 				TEST_ASSERT_BUFFERS_ARE_EQUAL(
 					pparams->symmetric_op->c_data,
-					pkt + iv_pad_len +
+					pkt +
 					pparams->symmetric_op->aad_len,
 					pparams->symmetric_op->c_len,
 					"GCM Ciphertext data not as expected");
 
 				TEST_ASSERT_BUFFERS_ARE_EQUAL(
 					pparams->symmetric_op->t_data,
-					pkt + iv_pad_len +
+					pkt +
 					pparams->symmetric_op->aad_len +
 					pparams->symmetric_op->c_len,
 					pparams->symmetric_op->t_len,
-- 
2.9.4

^ permalink raw reply	[flat|nested] 100+ messages in thread

* [dpdk-dev] [PATCH v3 09/26] app/crypto-perf: move IV to crypto op private data
  2017-06-29 11:34   ` [dpdk-dev] [PATCH v3 00/26] Crypto operation restructuring Pablo de Lara
                       ` (7 preceding siblings ...)
  2017-06-29 11:35     ` [dpdk-dev] [PATCH v3 08/26] test/crypto-perf: " Pablo de Lara
@ 2017-06-29 11:35     ` Pablo de Lara
  2017-06-29 11:35     ` [dpdk-dev] [PATCH v3 10/26] examples/l2fwd-crypto: " Pablo de Lara
                       ` (18 subsequent siblings)
  27 siblings, 0 replies; 100+ messages in thread
From: Pablo de Lara @ 2017-06-29 11:35 UTC (permalink / raw)
  To: declan.doherty, zbigniew.bodek, jerin.jacob, akhil.goyal,
	hemant.agrawal, fiona.trahe, john.griffin, deepak.k.jain
  Cc: dev, Pablo de Lara

Usually, IV will change for each crypto operation.
Therefore, instead of pointing at the same location,
IV is copied after each crypto operation.

This will let the IV to be passed as an offset from
the beginning of the crypto operation, instead of
a pointer.

Signed-off-by: Pablo de Lara <pablo.de.lara.guarch@intel.com>
Acked-by: Akhil Goyal <akhil.goyal@nxp.com>
---
 app/test-crypto-perf/cperf_ops.c                 | 57 +++++++++++++++++++-----
 app/test-crypto-perf/cperf_ops.h                 |  3 +-
 app/test-crypto-perf/cperf_test_latency.c        |  8 +++-
 app/test-crypto-perf/cperf_test_throughput.c     |  9 +++-
 app/test-crypto-perf/cperf_test_vector_parsing.c |  1 -
 app/test-crypto-perf/cperf_test_vectors.c        |  1 -
 app/test-crypto-perf/cperf_test_verify.c         |  8 +++-
 7 files changed, 66 insertions(+), 21 deletions(-)

diff --git a/app/test-crypto-perf/cperf_ops.c b/app/test-crypto-perf/cperf_ops.c
index c2c3db5..7404abc 100644
--- a/app/test-crypto-perf/cperf_ops.c
+++ b/app/test-crypto-perf/cperf_ops.c
@@ -40,7 +40,8 @@ cperf_set_ops_null_cipher(struct rte_crypto_op **ops,
 		struct rte_mbuf **bufs_in, struct rte_mbuf **bufs_out,
 		uint16_t nb_ops, struct rte_cryptodev_sym_session *sess,
 		const struct cperf_options *options,
-		const struct cperf_test_vector *test_vector __rte_unused)
+		const struct cperf_test_vector *test_vector __rte_unused,
+		uint16_t iv_offset __rte_unused)
 {
 	uint16_t i;
 
@@ -65,7 +66,8 @@ cperf_set_ops_null_auth(struct rte_crypto_op **ops,
 		struct rte_mbuf **bufs_in, struct rte_mbuf **bufs_out,
 		uint16_t nb_ops, struct rte_cryptodev_sym_session *sess,
 		const struct cperf_options *options,
-		const struct cperf_test_vector *test_vector __rte_unused)
+		const struct cperf_test_vector *test_vector __rte_unused,
+		uint16_t iv_offset __rte_unused)
 {
 	uint16_t i;
 
@@ -90,7 +92,8 @@ cperf_set_ops_cipher(struct rte_crypto_op **ops,
 		struct rte_mbuf **bufs_in, struct rte_mbuf **bufs_out,
 		uint16_t nb_ops, struct rte_cryptodev_sym_session *sess,
 		const struct cperf_options *options,
-		const struct cperf_test_vector *test_vector)
+		const struct cperf_test_vector *test_vector,
+		uint16_t iv_offset)
 {
 	uint16_t i;
 
@@ -103,8 +106,10 @@ cperf_set_ops_cipher(struct rte_crypto_op **ops,
 		sym_op->m_dst = bufs_out[i];
 
 		/* cipher parameters */
-		sym_op->cipher.iv.data = test_vector->iv.data;
-		sym_op->cipher.iv.phys_addr = test_vector->iv.phys_addr;
+		sym_op->cipher.iv.data = rte_crypto_op_ctod_offset(ops[i],
+							uint8_t *, iv_offset);
+		sym_op->cipher.iv.phys_addr = rte_crypto_op_ctophys_offset(ops[i],
+							iv_offset);
 		sym_op->cipher.iv.length = test_vector->iv.length;
 
 		if (options->cipher_algo == RTE_CRYPTO_CIPHER_SNOW3G_UEA2 ||
@@ -117,6 +122,13 @@ cperf_set_ops_cipher(struct rte_crypto_op **ops,
 		sym_op->cipher.data.offset = 0;
 	}
 
+	if (options->test == CPERF_TEST_TYPE_VERIFY) {
+		for (i = 0; i < nb_ops; i++)
+			memcpy(ops[i]->sym->cipher.iv.data,
+				test_vector->iv.data,
+				test_vector->iv.length);
+	}
+
 	return 0;
 }
 
@@ -125,7 +137,8 @@ cperf_set_ops_auth(struct rte_crypto_op **ops,
 		struct rte_mbuf **bufs_in, struct rte_mbuf **bufs_out,
 		uint16_t nb_ops, struct rte_cryptodev_sym_session *sess,
 		const struct cperf_options *options,
-		const struct cperf_test_vector *test_vector)
+		const struct cperf_test_vector *test_vector,
+		uint16_t iv_offset __rte_unused)
 {
 	uint16_t i;
 
@@ -190,7 +203,8 @@ cperf_set_ops_cipher_auth(struct rte_crypto_op **ops,
 		struct rte_mbuf **bufs_in, struct rte_mbuf **bufs_out,
 		uint16_t nb_ops, struct rte_cryptodev_sym_session *sess,
 		const struct cperf_options *options,
-		const struct cperf_test_vector *test_vector)
+		const struct cperf_test_vector *test_vector,
+		uint16_t iv_offset)
 {
 	uint16_t i;
 
@@ -203,8 +217,10 @@ cperf_set_ops_cipher_auth(struct rte_crypto_op **ops,
 		sym_op->m_dst = bufs_out[i];
 
 		/* cipher parameters */
-		sym_op->cipher.iv.data = test_vector->iv.data;
-		sym_op->cipher.iv.phys_addr = test_vector->iv.phys_addr;
+		sym_op->cipher.iv.data = rte_crypto_op_ctod_offset(ops[i],
+							uint8_t *, iv_offset);
+		sym_op->cipher.iv.phys_addr = rte_crypto_op_ctophys_offset(ops[i],
+							iv_offset);
 		sym_op->cipher.iv.length = test_vector->iv.length;
 
 		if (options->cipher_algo == RTE_CRYPTO_CIPHER_SNOW3G_UEA2 ||
@@ -260,6 +276,13 @@ cperf_set_ops_cipher_auth(struct rte_crypto_op **ops,
 		sym_op->auth.data.offset = 0;
 	}
 
+	if (options->test == CPERF_TEST_TYPE_VERIFY) {
+		for (i = 0; i < nb_ops; i++)
+			memcpy(ops[i]->sym->cipher.iv.data,
+				test_vector->iv.data,
+				test_vector->iv.length);
+	}
+
 	return 0;
 }
 
@@ -268,7 +291,8 @@ cperf_set_ops_aead(struct rte_crypto_op **ops,
 		struct rte_mbuf **bufs_in, struct rte_mbuf **bufs_out,
 		uint16_t nb_ops, struct rte_cryptodev_sym_session *sess,
 		const struct cperf_options *options,
-		const struct cperf_test_vector *test_vector)
+		const struct cperf_test_vector *test_vector,
+		uint16_t iv_offset)
 {
 	uint16_t i;
 
@@ -281,8 +305,10 @@ cperf_set_ops_aead(struct rte_crypto_op **ops,
 		sym_op->m_dst = bufs_out[i];
 
 		/* cipher parameters */
-		sym_op->cipher.iv.data = test_vector->iv.data;
-		sym_op->cipher.iv.phys_addr = test_vector->iv.phys_addr;
+		sym_op->cipher.iv.data = rte_crypto_op_ctod_offset(ops[i],
+							uint8_t *, iv_offset);
+		sym_op->cipher.iv.phys_addr = rte_crypto_op_ctophys_offset(ops[i],
+							iv_offset);
 		sym_op->cipher.iv.length = test_vector->iv.length;
 
 		sym_op->cipher.data.length = options->test_buffer_size;
@@ -330,6 +356,13 @@ cperf_set_ops_aead(struct rte_crypto_op **ops,
 		sym_op->auth.data.offset = options->auth_aad_sz;
 	}
 
+	if (options->test == CPERF_TEST_TYPE_VERIFY) {
+		for (i = 0; i < nb_ops; i++)
+			memcpy(ops[i]->sym->cipher.iv.data,
+				test_vector->iv.data,
+				test_vector->iv.length);
+	}
+
 	return 0;
 }
 
diff --git a/app/test-crypto-perf/cperf_ops.h b/app/test-crypto-perf/cperf_ops.h
index 1b748da..f7b431c 100644
--- a/app/test-crypto-perf/cperf_ops.h
+++ b/app/test-crypto-perf/cperf_ops.h
@@ -48,7 +48,8 @@ typedef int (*cperf_populate_ops_t)(struct rte_crypto_op **ops,
 		struct rte_mbuf **bufs_in, struct rte_mbuf **bufs_out,
 		uint16_t nb_ops, struct rte_cryptodev_sym_session *sess,
 		const struct cperf_options *options,
-		const struct cperf_test_vector *test_vector);
+		const struct cperf_test_vector *test_vector,
+		uint16_t iv_offset);
 
 struct cperf_op_fns {
 	cperf_sessions_create_t sess_create;
diff --git a/app/test-crypto-perf/cperf_test_latency.c b/app/test-crypto-perf/cperf_test_latency.c
index a7443a3..3aca1b4 100644
--- a/app/test-crypto-perf/cperf_test_latency.c
+++ b/app/test-crypto-perf/cperf_test_latency.c
@@ -280,7 +280,7 @@ cperf_latency_test_constructor(uint8_t dev_id, uint16_t qp_id,
 	snprintf(pool_name, sizeof(pool_name), "cperf_op_pool_cdev_%d",
 			dev_id);
 
-	uint16_t priv_size = sizeof(struct priv_op_data);
+	uint16_t priv_size = sizeof(struct priv_op_data) + test_vector->iv.length;
 	ctx->crypto_op_pool = rte_crypto_op_pool_create(pool_name,
 			RTE_CRYPTO_OP_TYPE_SYMMETRIC, options->pool_sz, 0, priv_size,
 			rte_socket_id());
@@ -354,6 +354,10 @@ cperf_latency_test_runner(void *arg)
 	else
 		test_burst_size = ctx->options->burst_size_list[0];
 
+	uint16_t iv_offset = sizeof(struct rte_crypto_op) +
+		sizeof(struct rte_crypto_sym_op) +
+		sizeof(struct cperf_op_result *);
+
 	while (test_burst_size <= ctx->options->max_burst_size) {
 		uint64_t ops_enqd = 0, ops_deqd = 0;
 		uint64_t m_idx = 0, b_idx = 0;
@@ -382,7 +386,7 @@ cperf_latency_test_runner(void *arg)
 			(ctx->populate_ops)(ops, &ctx->mbufs_in[m_idx],
 					&ctx->mbufs_out[m_idx],
 					burst_size, ctx->sess, ctx->options,
-					ctx->test_vector);
+					ctx->test_vector, iv_offset);
 
 			tsc_start = rte_rdtsc_precise();
 
diff --git a/app/test-crypto-perf/cperf_test_throughput.c b/app/test-crypto-perf/cperf_test_throughput.c
index 61b27ea..ba883fd 100644
--- a/app/test-crypto-perf/cperf_test_throughput.c
+++ b/app/test-crypto-perf/cperf_test_throughput.c
@@ -262,8 +262,10 @@ cperf_throughput_test_constructor(uint8_t dev_id, uint16_t qp_id,
 	snprintf(pool_name, sizeof(pool_name), "cperf_op_pool_cdev_%d",
 			dev_id);
 
+	uint16_t priv_size = test_vector->iv.length;
+
 	ctx->crypto_op_pool = rte_crypto_op_pool_create(pool_name,
-			RTE_CRYPTO_OP_TYPE_SYMMETRIC, options->pool_sz, 0, 0,
+			RTE_CRYPTO_OP_TYPE_SYMMETRIC, options->pool_sz, 0, priv_size,
 			rte_socket_id());
 	if (ctx->crypto_op_pool == NULL)
 		goto err;
@@ -315,6 +317,9 @@ cperf_throughput_test_runner(void *test_ctx)
 	else
 		test_burst_size = ctx->options->burst_size_list[0];
 
+	uint16_t iv_offset = sizeof(struct rte_crypto_op) +
+		sizeof(struct rte_crypto_sym_op);
+
 	while (test_burst_size <= ctx->options->max_burst_size) {
 		uint64_t ops_enqd = 0, ops_enqd_total = 0, ops_enqd_failed = 0;
 		uint64_t ops_deqd = 0, ops_deqd_total = 0, ops_deqd_failed = 0;
@@ -346,7 +351,7 @@ cperf_throughput_test_runner(void *test_ctx)
 			(ctx->populate_ops)(ops, &ctx->mbufs_in[m_idx],
 					&ctx->mbufs_out[m_idx],
 					ops_needed, ctx->sess, ctx->options,
-					ctx->test_vector);
+					ctx->test_vector, iv_offset);
 
 			/**
 			 * When ops_needed is smaller than ops_enqd, the
diff --git a/app/test-crypto-perf/cperf_test_vector_parsing.c b/app/test-crypto-perf/cperf_test_vector_parsing.c
index f384e3d..62d0c91 100644
--- a/app/test-crypto-perf/cperf_test_vector_parsing.c
+++ b/app/test-crypto-perf/cperf_test_vector_parsing.c
@@ -303,7 +303,6 @@ parse_entry(char *entry, struct cperf_test_vector *vector,
 	} else if (strstr(key_token, "iv")) {
 		rte_free(vector->iv.data);
 		vector->iv.data = data;
-		vector->iv.phys_addr = rte_malloc_virt2phy(vector->iv.data);
 		if (tc_found)
 			vector->iv.length = data_length;
 		else {
diff --git a/app/test-crypto-perf/cperf_test_vectors.c b/app/test-crypto-perf/cperf_test_vectors.c
index 757957f..36b3f6f 100644
--- a/app/test-crypto-perf/cperf_test_vectors.c
+++ b/app/test-crypto-perf/cperf_test_vectors.c
@@ -423,7 +423,6 @@ cperf_test_vector_get_dummy(struct cperf_options *options)
 			memcpy(t_vec->iv.data, iv, options->cipher_iv_sz);
 		}
 		t_vec->ciphertext.length = options->max_buffer_size;
-		t_vec->iv.phys_addr = rte_malloc_virt2phy(t_vec->iv.data);
 		t_vec->iv.length = options->cipher_iv_sz;
 		t_vec->data.cipher_offset = 0;
 		t_vec->data.cipher_length = options->max_buffer_size;
diff --git a/app/test-crypto-perf/cperf_test_verify.c b/app/test-crypto-perf/cperf_test_verify.c
index 454221e..d5a2b33 100644
--- a/app/test-crypto-perf/cperf_test_verify.c
+++ b/app/test-crypto-perf/cperf_test_verify.c
@@ -266,8 +266,9 @@ cperf_verify_test_constructor(uint8_t dev_id, uint16_t qp_id,
 	snprintf(pool_name, sizeof(pool_name), "cperf_op_pool_cdev_%d",
 			dev_id);
 
+	uint16_t priv_size = test_vector->iv.length;
 	ctx->crypto_op_pool = rte_crypto_op_pool_create(pool_name,
-			RTE_CRYPTO_OP_TYPE_SYMMETRIC, options->pool_sz, 0, 0,
+			RTE_CRYPTO_OP_TYPE_SYMMETRIC, options->pool_sz, 0, priv_size,
 			rte_socket_id());
 	if (ctx->crypto_op_pool == NULL)
 		goto err;
@@ -417,6 +418,9 @@ cperf_verify_test_runner(void *test_ctx)
 		printf("\n# Running verify test on device: %u, lcore: %u\n",
 			ctx->dev_id, lcore);
 
+	uint16_t iv_offset = sizeof(struct rte_crypto_op) +
+		sizeof(struct rte_crypto_sym_op);
+
 	while (ops_enqd_total < ctx->options->total_ops) {
 
 		uint16_t burst_size = ((ops_enqd_total + ctx->options->max_burst_size)
@@ -438,7 +442,7 @@ cperf_verify_test_runner(void *test_ctx)
 		(ctx->populate_ops)(ops, &ctx->mbufs_in[m_idx],
 				&ctx->mbufs_out[m_idx],
 				ops_needed, ctx->sess, ctx->options,
-				ctx->test_vector);
+				ctx->test_vector, iv_offset);
 
 #ifdef CPERF_LINEARIZATION_ENABLE
 		if (linearize) {
-- 
2.9.4

^ permalink raw reply	[flat|nested] 100+ messages in thread

* [dpdk-dev] [PATCH v3 10/26] examples/l2fwd-crypto: move IV to crypto op private data
  2017-06-29 11:34   ` [dpdk-dev] [PATCH v3 00/26] Crypto operation restructuring Pablo de Lara
                       ` (8 preceding siblings ...)
  2017-06-29 11:35     ` [dpdk-dev] [PATCH v3 09/26] app/crypto-perf: " Pablo de Lara
@ 2017-06-29 11:35     ` Pablo de Lara
  2017-06-29 11:35     ` [dpdk-dev] [PATCH v3 11/26] examples/ipsec-secgw: " Pablo de Lara
                       ` (17 subsequent siblings)
  27 siblings, 0 replies; 100+ messages in thread
From: Pablo de Lara @ 2017-06-29 11:35 UTC (permalink / raw)
  To: declan.doherty, zbigniew.bodek, jerin.jacob, akhil.goyal,
	hemant.agrawal, fiona.trahe, john.griffin, deepak.k.jain
  Cc: dev, Pablo de Lara

Usually, IV will change for each crypto operation.
Therefore, instead of pointing at the same location,
IV is copied after each crypto operation.

This will let the IV to be passed as an offset from
the beginning of the crypto operation, instead of
a pointer.

Signed-off-by: Pablo de Lara <pablo.de.lara.guarch@intel.com>
Acked-by: Akhil Goyal <akhil.goyal@nxp.com>
---
 examples/l2fwd-crypto/main.c | 17 +++++++++++++----
 1 file changed, 13 insertions(+), 4 deletions(-)

diff --git a/examples/l2fwd-crypto/main.c b/examples/l2fwd-crypto/main.c
index 779b4fb..1380bc6 100644
--- a/examples/l2fwd-crypto/main.c
+++ b/examples/l2fwd-crypto/main.c
@@ -89,6 +89,10 @@ enum cdev_type {
 #define MAX_PKT_BURST 32
 #define BURST_TX_DRAIN_US 100 /* TX drain every ~100us */
 
+#define MAXIMUM_IV_LENGTH	16
+#define IV_OFFSET		(sizeof(struct rte_crypto_op) + \
+				sizeof(struct rte_crypto_sym_op))
+
 /*
  * Configurable number of RX/TX ring descriptors
  */
@@ -480,8 +484,14 @@ l2fwd_simple_crypto_enqueue(struct rte_mbuf *m,
 	}
 
 	if (cparams->do_cipher) {
-		op->sym->cipher.iv.data = cparams->iv.data;
-		op->sym->cipher.iv.phys_addr = cparams->iv.phys_addr;
+		uint8_t *iv_ptr = rte_crypto_op_ctod_offset(op, uint8_t *,
+							IV_OFFSET);
+		/* Copy IV at the end of the crypto operation */
+		rte_memcpy(iv_ptr, cparams->iv.data, cparams->iv.length);
+
+		op->sym->cipher.iv.data = iv_ptr;
+		op->sym->cipher.iv.phys_addr =
+				rte_crypto_op_ctophys_offset(op, IV_OFFSET);
 		op->sym->cipher.iv.length = cparams->iv.length;
 
 		/* For wireless algorithms, offset/length must be in bits */
@@ -1950,7 +1960,6 @@ reserve_key_memory(struct l2fwd_crypto_options *options)
 	options->iv.data = rte_malloc("iv", MAX_KEY_SIZE, 0);
 	if (options->iv.data == NULL)
 		rte_exit(EXIT_FAILURE, "Failed to allocate memory for IV");
-	options->iv.phys_addr = rte_malloc_virt2phy(options->iv.data);
 
 	options->aad.data = rte_malloc("aad", MAX_KEY_SIZE, 0);
 	if (options->aad.data == NULL)
@@ -1993,7 +2002,7 @@ main(int argc, char **argv)
 
 	/* create crypto op pool */
 	l2fwd_crypto_op_pool = rte_crypto_op_pool_create("crypto_op_pool",
-			RTE_CRYPTO_OP_TYPE_SYMMETRIC, NB_MBUF, 128, 0,
+			RTE_CRYPTO_OP_TYPE_SYMMETRIC, NB_MBUF, 128, MAXIMUM_IV_LENGTH,
 			rte_socket_id());
 	if (l2fwd_crypto_op_pool == NULL)
 		rte_exit(EXIT_FAILURE, "Cannot create crypto op pool\n");
-- 
2.9.4

^ permalink raw reply	[flat|nested] 100+ messages in thread

* [dpdk-dev] [PATCH v3 11/26] examples/ipsec-secgw: move IV to crypto op private data
  2017-06-29 11:34   ` [dpdk-dev] [PATCH v3 00/26] Crypto operation restructuring Pablo de Lara
                       ` (9 preceding siblings ...)
  2017-06-29 11:35     ` [dpdk-dev] [PATCH v3 10/26] examples/l2fwd-crypto: " Pablo de Lara
@ 2017-06-29 11:35     ` Pablo de Lara
  2017-06-29 11:35     ` [dpdk-dev] [PATCH v3 12/26] cryptodev: pass IV as offset Pablo de Lara
                       ` (16 subsequent siblings)
  27 siblings, 0 replies; 100+ messages in thread
From: Pablo de Lara @ 2017-06-29 11:35 UTC (permalink / raw)
  To: declan.doherty, zbigniew.bodek, jerin.jacob, akhil.goyal,
	hemant.agrawal, fiona.trahe, john.griffin, deepak.k.jain
  Cc: dev, Pablo de Lara

Usually, IV will change for each crypto operation.
Therefore, instead of pointing at the same location,
IV is copied after each crypto operation.

This will let the IV to be passed as an offset from
the beginning of the crypto operation, instead of
a pointer.

Signed-off-by: Pablo de Lara <pablo.de.lara.guarch@intel.com>
Acked-by: Akhil Goyal <akhil.goyal@nxp.com>
---
 examples/ipsec-secgw/esp.c   | 27 ++++++++++++++++++---------
 examples/ipsec-secgw/ipsec.h |  2 +-
 2 files changed, 19 insertions(+), 10 deletions(-)

diff --git a/examples/ipsec-secgw/esp.c b/examples/ipsec-secgw/esp.c
index e77afa0..5bf2d7d 100644
--- a/examples/ipsec-secgw/esp.c
+++ b/examples/ipsec-secgw/esp.c
@@ -50,6 +50,9 @@
 #include "esp.h"
 #include "ipip.h"
 
+#define IV_OFFSET		(sizeof(struct rte_crypto_op) + \
+				sizeof(struct rte_crypto_sym_op))
+
 int
 esp_inbound(struct rte_mbuf *m, struct ipsec_sa *sa,
 		struct rte_crypto_op *cop)
@@ -93,13 +96,17 @@ esp_inbound(struct rte_mbuf *m, struct ipsec_sa *sa,
 	struct cnt_blk *icb;
 	uint8_t *aad;
 	uint8_t *iv = RTE_PTR_ADD(ip4, ip_hdr_len + sizeof(struct esp_hdr));
+	uint8_t *iv_ptr = rte_crypto_op_ctod_offset(cop,
+				uint8_t *, IV_OFFSET);
 
 	switch (sa->cipher_algo) {
 	case RTE_CRYPTO_CIPHER_NULL:
 	case RTE_CRYPTO_CIPHER_AES_CBC:
-		sym_cop->cipher.iv.data = iv;
-		sym_cop->cipher.iv.phys_addr = rte_pktmbuf_mtophys_offset(m,
-				 ip_hdr_len + sizeof(struct esp_hdr));
+		/* Copy IV at the end of crypto operation */
+		rte_memcpy(iv_ptr, iv, sa->iv_len);
+		sym_cop->cipher.iv.data = iv_ptr;
+		sym_cop->cipher.iv.phys_addr =
+				rte_crypto_op_ctophys_offset(cop, IV_OFFSET);
 		sym_cop->cipher.iv.length = sa->iv_len;
 		break;
 	case RTE_CRYPTO_CIPHER_AES_CTR:
@@ -108,9 +115,9 @@ esp_inbound(struct rte_mbuf *m, struct ipsec_sa *sa,
 		icb->salt = sa->salt;
 		memcpy(&icb->iv, iv, 8);
 		icb->cnt = rte_cpu_to_be_32(1);
-		sym_cop->cipher.iv.data = (uint8_t *)icb;
-		sym_cop->cipher.iv.phys_addr = rte_pktmbuf_mtophys_offset(m,
-			 (uint8_t *)icb - rte_pktmbuf_mtod(m, uint8_t *));
+		sym_cop->cipher.iv.data = iv_ptr;
+		sym_cop->cipher.iv.phys_addr =
+				rte_crypto_op_ctophys_offset(cop, IV_OFFSET);
 		sym_cop->cipher.iv.length = 16;
 		break;
 	default:
@@ -341,13 +348,15 @@ esp_outbound(struct rte_mbuf *m, struct ipsec_sa *sa,
 	padding[pad_len - 2] = pad_len - 2;
 	padding[pad_len - 1] = nlp;
 
+	uint8_t *iv_ptr = rte_crypto_op_ctod_offset(cop,
+				uint8_t *, IV_OFFSET);
 	struct cnt_blk *icb = get_cnt_blk(m);
 	icb->salt = sa->salt;
 	icb->iv = sa->seq;
 	icb->cnt = rte_cpu_to_be_32(1);
-	sym_cop->cipher.iv.data = (uint8_t *)icb;
-	sym_cop->cipher.iv.phys_addr = rte_pktmbuf_mtophys_offset(m,
-			 (uint8_t *)icb - rte_pktmbuf_mtod(m, uint8_t *));
+	sym_cop->cipher.iv.data = iv_ptr;
+	sym_cop->cipher.iv.phys_addr =
+			rte_crypto_op_ctophys_offset(cop, IV_OFFSET);
 	sym_cop->cipher.iv.length = 16;
 
 	uint8_t *aad;
diff --git a/examples/ipsec-secgw/ipsec.h b/examples/ipsec-secgw/ipsec.h
index fe42661..de1df7b 100644
--- a/examples/ipsec-secgw/ipsec.h
+++ b/examples/ipsec-secgw/ipsec.h
@@ -118,10 +118,10 @@ struct ipsec_sa {
 } __rte_cache_aligned;
 
 struct ipsec_mbuf_metadata {
-	uint8_t buf[32];
 	struct ipsec_sa *sa;
 	struct rte_crypto_op cop;
 	struct rte_crypto_sym_op sym_cop;
+	uint8_t buf[32];
 } __rte_cache_aligned;
 
 struct cdev_qp {
-- 
2.9.4

^ permalink raw reply	[flat|nested] 100+ messages in thread

* [dpdk-dev] [PATCH v3 12/26] cryptodev: pass IV as offset
  2017-06-29 11:34   ` [dpdk-dev] [PATCH v3 00/26] Crypto operation restructuring Pablo de Lara
                       ` (10 preceding siblings ...)
  2017-06-29 11:35     ` [dpdk-dev] [PATCH v3 11/26] examples/ipsec-secgw: " Pablo de Lara
@ 2017-06-29 11:35     ` Pablo de Lara
  2017-06-29 11:35     ` [dpdk-dev] [PATCH v3 13/26] cryptodev: move IV parameters to crypto session Pablo de Lara
                       ` (15 subsequent siblings)
  27 siblings, 0 replies; 100+ messages in thread
From: Pablo de Lara @ 2017-06-29 11:35 UTC (permalink / raw)
  To: declan.doherty, zbigniew.bodek, jerin.jacob, akhil.goyal,
	hemant.agrawal, fiona.trahe, john.griffin, deepak.k.jain
  Cc: dev, Pablo de Lara

Since IV now is copied after the crypto operation, in
its private size, IV can be passed only with offset
and length.

Signed-off-by: Pablo de Lara <pablo.de.lara.guarch@intel.com>
Acked-by: Akhil Goyal <akhil.goyal@nxp.com>
---
 app/test-crypto-perf/cperf_ops.c            |  49 +++++++------
 doc/guides/prog_guide/cryptodev_lib.rst     |   3 +-
 doc/guides/rel_notes/release_17_08.rst      |   2 +
 drivers/crypto/aesni_gcm/aesni_gcm_pmd.c    |  80 +++++++++++----------
 drivers/crypto/aesni_mb/rte_aesni_mb_pmd.c  |   3 +-
 drivers/crypto/armv8/rte_armv8_pmd.c        |   3 +-
 drivers/crypto/dpaa2_sec/dpaa2_sec_dpseci.c |   8 ++-
 drivers/crypto/kasumi/rte_kasumi_pmd.c      |  26 ++++---
 drivers/crypto/openssl/rte_openssl_pmd.c    |  12 ++--
 drivers/crypto/qat/qat_crypto.c             |  30 +++++---
 drivers/crypto/snow3g/rte_snow3g_pmd.c      |  14 ++--
 drivers/crypto/zuc/rte_zuc_pmd.c            |   7 +-
 examples/ipsec-secgw/esp.c                  |  14 +---
 examples/l2fwd-crypto/main.c                |   5 +-
 lib/librte_cryptodev/rte_crypto_sym.h       |   7 +-
 test/test/test_cryptodev.c                  | 107 +++++++++++-----------------
 test/test/test_cryptodev_blockcipher.c      |   8 +--
 test/test/test_cryptodev_perf.c             |  60 ++++++----------
 18 files changed, 211 insertions(+), 227 deletions(-)

diff --git a/app/test-crypto-perf/cperf_ops.c b/app/test-crypto-perf/cperf_ops.c
index 7404abc..10002cd 100644
--- a/app/test-crypto-perf/cperf_ops.c
+++ b/app/test-crypto-perf/cperf_ops.c
@@ -106,10 +106,7 @@ cperf_set_ops_cipher(struct rte_crypto_op **ops,
 		sym_op->m_dst = bufs_out[i];
 
 		/* cipher parameters */
-		sym_op->cipher.iv.data = rte_crypto_op_ctod_offset(ops[i],
-							uint8_t *, iv_offset);
-		sym_op->cipher.iv.phys_addr = rte_crypto_op_ctophys_offset(ops[i],
-							iv_offset);
+		sym_op->cipher.iv.offset = iv_offset;
 		sym_op->cipher.iv.length = test_vector->iv.length;
 
 		if (options->cipher_algo == RTE_CRYPTO_CIPHER_SNOW3G_UEA2 ||
@@ -123,11 +120,13 @@ cperf_set_ops_cipher(struct rte_crypto_op **ops,
 	}
 
 	if (options->test == CPERF_TEST_TYPE_VERIFY) {
-		for (i = 0; i < nb_ops; i++)
-			memcpy(ops[i]->sym->cipher.iv.data,
-				test_vector->iv.data,
-				test_vector->iv.length);
-	}
+		for (i = 0; i < nb_ops; i++) {
+			uint8_t *iv_ptr = rte_crypto_op_ctod_offset(ops[i],
+					uint8_t *, iv_offset);
+
+			memcpy(iv_ptr, test_vector->iv.data,
+					test_vector->iv.length);
+	}	}
 
 	return 0;
 }
@@ -217,10 +216,7 @@ cperf_set_ops_cipher_auth(struct rte_crypto_op **ops,
 		sym_op->m_dst = bufs_out[i];
 
 		/* cipher parameters */
-		sym_op->cipher.iv.data = rte_crypto_op_ctod_offset(ops[i],
-							uint8_t *, iv_offset);
-		sym_op->cipher.iv.phys_addr = rte_crypto_op_ctophys_offset(ops[i],
-							iv_offset);
+		sym_op->cipher.iv.offset = iv_offset;
 		sym_op->cipher.iv.length = test_vector->iv.length;
 
 		if (options->cipher_algo == RTE_CRYPTO_CIPHER_SNOW3G_UEA2 ||
@@ -277,10 +273,13 @@ cperf_set_ops_cipher_auth(struct rte_crypto_op **ops,
 	}
 
 	if (options->test == CPERF_TEST_TYPE_VERIFY) {
-		for (i = 0; i < nb_ops; i++)
-			memcpy(ops[i]->sym->cipher.iv.data,
-				test_vector->iv.data,
-				test_vector->iv.length);
+		for (i = 0; i < nb_ops; i++) {
+			uint8_t *iv_ptr = rte_crypto_op_ctod_offset(ops[i],
+					uint8_t *, iv_offset);
+
+			memcpy(iv_ptr, test_vector->iv.data,
+					test_vector->iv.length);
+		}
 	}
 
 	return 0;
@@ -305,10 +304,7 @@ cperf_set_ops_aead(struct rte_crypto_op **ops,
 		sym_op->m_dst = bufs_out[i];
 
 		/* cipher parameters */
-		sym_op->cipher.iv.data = rte_crypto_op_ctod_offset(ops[i],
-							uint8_t *, iv_offset);
-		sym_op->cipher.iv.phys_addr = rte_crypto_op_ctophys_offset(ops[i],
-							iv_offset);
+		sym_op->cipher.iv.offset = iv_offset;
 		sym_op->cipher.iv.length = test_vector->iv.length;
 
 		sym_op->cipher.data.length = options->test_buffer_size;
@@ -357,10 +353,13 @@ cperf_set_ops_aead(struct rte_crypto_op **ops,
 	}
 
 	if (options->test == CPERF_TEST_TYPE_VERIFY) {
-		for (i = 0; i < nb_ops; i++)
-			memcpy(ops[i]->sym->cipher.iv.data,
-				test_vector->iv.data,
-				test_vector->iv.length);
+		for (i = 0; i < nb_ops; i++) {
+			uint8_t *iv_ptr = rte_crypto_op_ctod_offset(ops[i],
+					uint8_t *, iv_offset);
+
+			memcpy(iv_ptr, test_vector->iv.data,
+					test_vector->iv.length);
+		}
 	}
 
 	return 0;
diff --git a/doc/guides/prog_guide/cryptodev_lib.rst b/doc/guides/prog_guide/cryptodev_lib.rst
index c9a29f8..48c58a9 100644
--- a/doc/guides/prog_guide/cryptodev_lib.rst
+++ b/doc/guides/prog_guide/cryptodev_lib.rst
@@ -537,8 +537,7 @@ chain.
             } data;   /**< Data offsets and length for ciphering */
 
             struct {
-                uint8_t *data;
-                phys_addr_t phys_addr;
+                uint16_t offset;
                 uint16_t length;
             } iv;     /**< Initialisation vector parameters */
         } cipher;
diff --git a/doc/guides/rel_notes/release_17_08.rst b/doc/guides/rel_notes/release_17_08.rst
index 6acbf35..68e8022 100644
--- a/doc/guides/rel_notes/release_17_08.rst
+++ b/doc/guides/rel_notes/release_17_08.rst
@@ -157,6 +157,8 @@ API Changes
   * Removed the field ``opaque_data`` from ``rte_crypto_op``.
   * Pointer to ``rte_crypto_sym_op`` in ``rte_crypto_op`` has been replaced
     with a zero length array.
+  * Replaced pointer and physical address of IV in ``rte_crypto_sym_op`` with
+    offset from the start of the crypto operation.
 
 
 ABI Changes
diff --git a/drivers/crypto/aesni_gcm/aesni_gcm_pmd.c b/drivers/crypto/aesni_gcm/aesni_gcm_pmd.c
index a0154ff..217ea65 100644
--- a/drivers/crypto/aesni_gcm/aesni_gcm_pmd.c
+++ b/drivers/crypto/aesni_gcm/aesni_gcm_pmd.c
@@ -180,12 +180,14 @@ aesni_gcm_get_session(struct aesni_gcm_qp *qp, struct rte_crypto_op *op)
  *
  */
 static int
-process_gcm_crypto_op(struct rte_crypto_sym_op *op,
+process_gcm_crypto_op(struct rte_crypto_op *op,
 		struct aesni_gcm_session *session)
 {
 	uint8_t *src, *dst;
-	struct rte_mbuf *m_src = op->m_src;
-	uint32_t offset = op->cipher.data.offset;
+	uint8_t *iv_ptr;
+	struct rte_crypto_sym_op *sym_op = op->sym;
+	struct rte_mbuf *m_src = sym_op->m_src;
+	uint32_t offset = sym_op->cipher.data.offset;
 	uint32_t part_len, total_len, data_len;
 
 	RTE_ASSERT(m_src != NULL);
@@ -198,46 +200,48 @@ process_gcm_crypto_op(struct rte_crypto_sym_op *op,
 	}
 
 	data_len = m_src->data_len - offset;
-	part_len = (data_len < op->cipher.data.length) ? data_len :
-			op->cipher.data.length;
+	part_len = (data_len < sym_op->cipher.data.length) ? data_len :
+			sym_op->cipher.data.length;
 
 	/* Destination buffer is required when segmented source buffer */
-	RTE_ASSERT((part_len == op->cipher.data.length) ||
-			((part_len != op->cipher.data.length) &&
-					(op->m_dst != NULL)));
+	RTE_ASSERT((part_len == sym_op->cipher.data.length) ||
+			((part_len != sym_op->cipher.data.length) &&
+					(sym_op->m_dst != NULL)));
 	/* Segmented destination buffer is not supported */
-	RTE_ASSERT((op->m_dst == NULL) ||
-			((op->m_dst != NULL) &&
-					rte_pktmbuf_is_contiguous(op->m_dst)));
+	RTE_ASSERT((sym_op->m_dst == NULL) ||
+			((sym_op->m_dst != NULL) &&
+					rte_pktmbuf_is_contiguous(sym_op->m_dst)));
 
 
-	dst = op->m_dst ?
-			rte_pktmbuf_mtod_offset(op->m_dst, uint8_t *,
-					op->cipher.data.offset) :
-			rte_pktmbuf_mtod_offset(op->m_src, uint8_t *,
-					op->cipher.data.offset);
+	dst = sym_op->m_dst ?
+			rte_pktmbuf_mtod_offset(sym_op->m_dst, uint8_t *,
+					sym_op->cipher.data.offset) :
+			rte_pktmbuf_mtod_offset(sym_op->m_src, uint8_t *,
+					sym_op->cipher.data.offset);
 
 	src = rte_pktmbuf_mtod_offset(m_src, uint8_t *, offset);
 
 	/* sanity checks */
-	if (op->cipher.iv.length != 16 && op->cipher.iv.length != 12 &&
-			op->cipher.iv.length != 0) {
+	if (sym_op->cipher.iv.length != 16 && sym_op->cipher.iv.length != 12 &&
+			sym_op->cipher.iv.length != 0) {
 		GCM_LOG_ERR("iv");
 		return -1;
 	}
 
+	iv_ptr = rte_crypto_op_ctod_offset(op, uint8_t *,
+				sym_op->cipher.iv.offset);
 	/*
 	 * GCM working in 12B IV mode => 16B pre-counter block we need
 	 * to set BE LSB to 1, driver expects that 16B is allocated
 	 */
-	if (op->cipher.iv.length == 12) {
-		uint32_t *iv_padd = (uint32_t *)&op->cipher.iv.data[12];
+	if (sym_op->cipher.iv.length == 12) {
+		uint32_t *iv_padd = (uint32_t *)&(iv_ptr[12]);
 		*iv_padd = rte_bswap32(1);
 	}
 
-	if (op->auth.digest.length != 16 &&
-			op->auth.digest.length != 12 &&
-			op->auth.digest.length != 8) {
+	if (sym_op->auth.digest.length != 16 &&
+			sym_op->auth.digest.length != 12 &&
+			sym_op->auth.digest.length != 8) {
 		GCM_LOG_ERR("digest");
 		return -1;
 	}
@@ -245,13 +249,13 @@ process_gcm_crypto_op(struct rte_crypto_sym_op *op,
 	if (session->op == AESNI_GCM_OP_AUTHENTICATED_ENCRYPTION) {
 
 		aesni_gcm_enc[session->key].init(&session->gdata,
-				op->cipher.iv.data,
-				op->auth.aad.data,
-				(uint64_t)op->auth.aad.length);
+				iv_ptr,
+				sym_op->auth.aad.data,
+				(uint64_t)sym_op->auth.aad.length);
 
 		aesni_gcm_enc[session->key].update(&session->gdata, dst, src,
 				(uint64_t)part_len);
-		total_len = op->cipher.data.length - part_len;
+		total_len = sym_op->cipher.data.length - part_len;
 
 		while (total_len) {
 			dst += part_len;
@@ -270,12 +274,12 @@ process_gcm_crypto_op(struct rte_crypto_sym_op *op,
 		}
 
 		aesni_gcm_enc[session->key].finalize(&session->gdata,
-				op->auth.digest.data,
-				(uint64_t)op->auth.digest.length);
+				sym_op->auth.digest.data,
+				(uint64_t)sym_op->auth.digest.length);
 	} else { /* session->op == AESNI_GCM_OP_AUTHENTICATED_DECRYPTION */
-		uint8_t *auth_tag = (uint8_t *)rte_pktmbuf_append(op->m_dst ?
-				op->m_dst : op->m_src,
-				op->auth.digest.length);
+		uint8_t *auth_tag = (uint8_t *)rte_pktmbuf_append(sym_op->m_dst ?
+				sym_op->m_dst : sym_op->m_src,
+				sym_op->auth.digest.length);
 
 		if (!auth_tag) {
 			GCM_LOG_ERR("auth_tag");
@@ -283,13 +287,13 @@ process_gcm_crypto_op(struct rte_crypto_sym_op *op,
 		}
 
 		aesni_gcm_dec[session->key].init(&session->gdata,
-				op->cipher.iv.data,
-				op->auth.aad.data,
-				(uint64_t)op->auth.aad.length);
+				iv_ptr,
+				sym_op->auth.aad.data,
+				(uint64_t)sym_op->auth.aad.length);
 
 		aesni_gcm_dec[session->key].update(&session->gdata, dst, src,
 				(uint64_t)part_len);
-		total_len = op->cipher.data.length - part_len;
+		total_len = sym_op->cipher.data.length - part_len;
 
 		while (total_len) {
 			dst += part_len;
@@ -309,7 +313,7 @@ process_gcm_crypto_op(struct rte_crypto_sym_op *op,
 
 		aesni_gcm_dec[session->key].finalize(&session->gdata,
 				auth_tag,
-				(uint64_t)op->auth.digest.length);
+				(uint64_t)sym_op->auth.digest.length);
 	}
 
 	return 0;
@@ -401,7 +405,7 @@ aesni_gcm_pmd_dequeue_burst(void *queue_pair,
 			break;
 		}
 
-		retval = process_gcm_crypto_op(ops[i]->sym, sess);
+		retval = process_gcm_crypto_op(ops[i], sess);
 		if (retval < 0) {
 			ops[i]->status = RTE_CRYPTO_OP_STATUS_INVALID_ARGS;
 			qp->qp_stats.dequeue_err_count++;
diff --git a/drivers/crypto/aesni_mb/rte_aesni_mb_pmd.c b/drivers/crypto/aesni_mb/rte_aesni_mb_pmd.c
index ccdb3a7..1f03582 100644
--- a/drivers/crypto/aesni_mb/rte_aesni_mb_pmd.c
+++ b/drivers/crypto/aesni_mb/rte_aesni_mb_pmd.c
@@ -471,7 +471,8 @@ set_mb_job_params(JOB_AES_HMAC *job, struct aesni_mb_qp *qp,
 			get_truncated_digest_byte_length(job->hash_alg);
 
 	/* Set IV parameters */
-	job->iv = op->sym->cipher.iv.data;
+	job->iv = rte_crypto_op_ctod_offset(op, uint8_t *,
+			op->sym->cipher.iv.offset);
 	job->iv_len_in_bytes = op->sym->cipher.iv.length;
 
 	/* Data  Parameter */
diff --git a/drivers/crypto/armv8/rte_armv8_pmd.c b/drivers/crypto/armv8/rte_armv8_pmd.c
index 4a79b61..693eccd 100644
--- a/drivers/crypto/armv8/rte_armv8_pmd.c
+++ b/drivers/crypto/armv8/rte_armv8_pmd.c
@@ -654,7 +654,8 @@ process_armv8_chained_op
 		return;
 	}
 
-	arg.cipher.iv = op->sym->cipher.iv.data;
+	arg.cipher.iv = rte_crypto_op_ctod_offset(op, uint8_t *,
+					op->sym->cipher.iv.offset);
 	arg.cipher.key = sess->cipher.key.data;
 	/* Acquire combined mode function */
 	crypto_func = sess->crypto_func;
diff --git a/drivers/crypto/dpaa2_sec/dpaa2_sec_dpseci.c b/drivers/crypto/dpaa2_sec/dpaa2_sec_dpseci.c
index e154395..1605701 100644
--- a/drivers/crypto/dpaa2_sec/dpaa2_sec_dpseci.c
+++ b/drivers/crypto/dpaa2_sec/dpaa2_sec_dpseci.c
@@ -87,6 +87,8 @@ build_authenc_fd(dpaa2_sec_session *sess,
 	int icv_len = sym_op->auth.digest.length;
 	uint8_t *old_icv;
 	uint32_t mem_len = (7 * sizeof(struct qbman_fle)) + icv_len;
+	uint8_t *iv_ptr = rte_crypto_op_ctod_offset(op, uint8_t *,
+			op->sym->cipher.iv.offset);
 
 	PMD_INIT_FUNC_TRACE();
 
@@ -178,7 +180,7 @@ build_authenc_fd(dpaa2_sec_session *sess,
 			 sym_op->auth.digest.length);
 
 	/* Configure Input SGE for Encap/Decap */
-	DPAA2_SET_FLE_ADDR(sge, DPAA2_VADDR_TO_IOVA(sym_op->cipher.iv.data));
+	DPAA2_SET_FLE_ADDR(sge, DPAA2_VADDR_TO_IOVA(iv_ptr));
 	sge->length = sym_op->cipher.iv.length;
 	sge++;
 
@@ -307,6 +309,8 @@ build_cipher_fd(dpaa2_sec_session *sess, struct rte_crypto_op *op,
 	uint32_t mem_len = (5 * sizeof(struct qbman_fle));
 	struct sec_flow_context *flc;
 	struct ctxt_priv *priv = sess->ctxt;
+	uint8_t *iv_ptr = rte_crypto_op_ctod_offset(op, uint8_t *,
+			op->sym->cipher.iv.offset);
 
 	PMD_INIT_FUNC_TRACE();
 
@@ -369,7 +373,7 @@ build_cipher_fd(dpaa2_sec_session *sess, struct rte_crypto_op *op,
 
 	DPAA2_SET_FLE_SG_EXT(fle);
 
-	DPAA2_SET_FLE_ADDR(sge, DPAA2_VADDR_TO_IOVA(sym_op->cipher.iv.data));
+	DPAA2_SET_FLE_ADDR(sge, DPAA2_VADDR_TO_IOVA(iv_ptr));
 	sge->length = sym_op->cipher.iv.length;
 
 	sge++;
diff --git a/drivers/crypto/kasumi/rte_kasumi_pmd.c b/drivers/crypto/kasumi/rte_kasumi_pmd.c
index c539650..9a0b4a8 100644
--- a/drivers/crypto/kasumi/rte_kasumi_pmd.c
+++ b/drivers/crypto/kasumi/rte_kasumi_pmd.c
@@ -174,7 +174,8 @@ process_kasumi_cipher_op(struct rte_crypto_op **ops,
 	unsigned i;
 	uint8_t processed_ops = 0;
 	uint8_t *src[num_ops], *dst[num_ops];
-	uint64_t IV[num_ops];
+	uint8_t *iv_ptr;
+	uint64_t iv[num_ops];
 	uint32_t num_bytes[num_ops];
 
 	for (i = 0; i < num_ops; i++) {
@@ -192,14 +193,16 @@ process_kasumi_cipher_op(struct rte_crypto_op **ops,
 				(ops[i]->sym->cipher.data.offset >> 3) :
 			rte_pktmbuf_mtod(ops[i]->sym->m_src, uint8_t *) +
 				(ops[i]->sym->cipher.data.offset >> 3);
-		IV[i] = *((uint64_t *)(ops[i]->sym->cipher.iv.data));
+		iv_ptr = rte_crypto_op_ctod_offset(ops[i], uint8_t *,
+				ops[i]->sym->cipher.iv.offset);
+		iv[i] = *((uint64_t *)(iv_ptr));
 		num_bytes[i] = ops[i]->sym->cipher.data.length >> 3;
 
 		processed_ops++;
 	}
 
 	if (processed_ops != 0)
-		sso_kasumi_f8_n_buffer(&session->pKeySched_cipher, IV,
+		sso_kasumi_f8_n_buffer(&session->pKeySched_cipher, iv,
 			src, dst, num_bytes, processed_ops);
 
 	return processed_ops;
@@ -211,7 +214,8 @@ process_kasumi_cipher_op_bit(struct rte_crypto_op *op,
 		struct kasumi_session *session)
 {
 	uint8_t *src, *dst;
-	uint64_t IV;
+	uint8_t *iv_ptr;
+	uint64_t iv;
 	uint32_t length_in_bits, offset_in_bits;
 
 	/* Sanity checks. */
@@ -229,10 +233,12 @@ process_kasumi_cipher_op_bit(struct rte_crypto_op *op,
 		return 0;
 	}
 	dst = rte_pktmbuf_mtod(op->sym->m_dst, uint8_t *);
-	IV = *((uint64_t *)(op->sym->cipher.iv.data));
+	iv_ptr = rte_crypto_op_ctod_offset(op, uint8_t *,
+			op->sym->cipher.iv.offset);
+	iv = *((uint64_t *)(iv_ptr));
 	length_in_bits = op->sym->cipher.data.length;
 
-	sso_kasumi_f8_1_buffer_bit(&session->pKeySched_cipher, IV,
+	sso_kasumi_f8_1_buffer_bit(&session->pKeySched_cipher, iv,
 			src, dst, length_in_bits, offset_in_bits);
 
 	return 1;
@@ -250,7 +256,7 @@ process_kasumi_hash_op(struct rte_crypto_op **ops,
 	uint32_t length_in_bits;
 	uint32_t num_bytes;
 	uint32_t shift_bits;
-	uint64_t IV;
+	uint64_t iv;
 	uint8_t direction;
 
 	for (i = 0; i < num_ops; i++) {
@@ -278,7 +284,7 @@ process_kasumi_hash_op(struct rte_crypto_op **ops,
 		src = rte_pktmbuf_mtod(ops[i]->sym->m_src, uint8_t *) +
 				(ops[i]->sym->auth.data.offset >> 3);
 		/* IV from AAD */
-		IV = *((uint64_t *)(ops[i]->sym->auth.aad.data));
+		iv = *((uint64_t *)(ops[i]->sym->auth.aad.data));
 		/* Direction from next bit after end of message */
 		num_bytes = (length_in_bits >> 3) + 1;
 		shift_bits = (BYTE_LEN - 1 - length_in_bits) % BYTE_LEN;
@@ -289,7 +295,7 @@ process_kasumi_hash_op(struct rte_crypto_op **ops,
 					ops[i]->sym->auth.digest.length);
 
 			sso_kasumi_f9_1_buffer_user(&session->pKeySched_hash,
-					IV, src,
+					iv, src,
 					length_in_bits,	dst, direction);
 			/* Verify digest. */
 			if (memcmp(dst, ops[i]->sym->auth.digest.data,
@@ -303,7 +309,7 @@ process_kasumi_hash_op(struct rte_crypto_op **ops,
 			dst = ops[i]->sym->auth.digest.data;
 
 			sso_kasumi_f9_1_buffer_user(&session->pKeySched_hash,
-					IV, src,
+					iv, src,
 					length_in_bits, dst, direction);
 		}
 		processed_ops++;
diff --git a/drivers/crypto/openssl/rte_openssl_pmd.c b/drivers/crypto/openssl/rte_openssl_pmd.c
index 9f4d9b7..6bfa06f 100644
--- a/drivers/crypto/openssl/rte_openssl_pmd.c
+++ b/drivers/crypto/openssl/rte_openssl_pmd.c
@@ -923,7 +923,8 @@ process_openssl_combined_op
 		return;
 	}
 
-	iv = op->sym->cipher.iv.data;
+	iv = rte_crypto_op_ctod_offset(op, uint8_t *,
+			op->sym->cipher.iv.offset);
 	ivlen = op->sym->cipher.iv.length;
 	aad = op->sym->auth.aad.data;
 	aadlen = op->sym->auth.aad.length;
@@ -987,7 +988,8 @@ process_openssl_cipher_op
 	dst = rte_pktmbuf_mtod_offset(mbuf_dst, uint8_t *,
 			op->sym->cipher.data.offset);
 
-	iv = op->sym->cipher.iv.data;
+	iv = rte_crypto_op_ctod_offset(op, uint8_t *,
+			op->sym->cipher.iv.offset);
 
 	if (sess->cipher.mode == OPENSSL_CIPHER_LIB)
 		if (sess->cipher.direction == RTE_CRYPTO_CIPHER_OP_ENCRYPT)
@@ -1028,7 +1030,8 @@ process_openssl_docsis_bpi_op(struct rte_crypto_op *op,
 	dst = rte_pktmbuf_mtod_offset(mbuf_dst, uint8_t *,
 			op->sym->cipher.data.offset);
 
-	iv = op->sym->cipher.iv.data;
+	iv = rte_crypto_op_ctod_offset(op, uint8_t *,
+			op->sym->cipher.iv.offset);
 
 	block_size = DES_BLOCK_SIZE;
 
@@ -1086,7 +1089,8 @@ process_openssl_docsis_bpi_op(struct rte_crypto_op *op,
 						dst, iv,
 						last_block_len, sess->cipher.bpi_ctx);
 				/* Prepare parameters for CBC mode op */
-				iv = op->sym->cipher.iv.data;
+				iv = rte_crypto_op_ctod_offset(op, uint8_t *,
+						op->sym->cipher.iv.offset);
 				dst += last_block_len - srclen;
 				srclen -= last_block_len;
 			}
diff --git a/drivers/crypto/qat/qat_crypto.c b/drivers/crypto/qat/qat_crypto.c
index 9b294e4..a4f356f 100644
--- a/drivers/crypto/qat/qat_crypto.c
+++ b/drivers/crypto/qat/qat_crypto.c
@@ -642,7 +642,8 @@ qat_bpicipher_preprocess(struct qat_session *ctx,
 			iv = last_block - block_len;
 		else
 			/* runt block, i.e. less than one full block */
-			iv = sym_op->cipher.iv.data;
+			iv = rte_crypto_op_ctod_offset(op, uint8_t *,
+					sym_op->cipher.iv.offset);
 
 #ifdef RTE_LIBRTE_PMD_QAT_DEBUG_TX
 		rte_hexdump(stdout, "BPI: src before pre-process:", last_block,
@@ -697,7 +698,8 @@ qat_bpicipher_postprocess(struct qat_session *ctx,
 			iv = dst - block_len;
 		else
 			/* runt block, i.e. less than one full block */
-			iv = sym_op->cipher.iv.data;
+			iv = rte_crypto_op_ctod_offset(op, uint8_t *,
+					sym_op->cipher.iv.offset);
 
 #ifdef RTE_LIBRTE_PMD_QAT_DEBUG_RX
 		rte_hexdump(stdout, "BPI: src before post-process:", last_block,
@@ -898,6 +900,7 @@ qat_write_hw_desc_entry(struct rte_crypto_op *op, uint8_t *out_msg,
 	uint32_t min_ofs = 0;
 	uint64_t src_buf_start = 0, dst_buf_start = 0;
 	uint8_t do_sgl = 0;
+	uint8_t *iv_ptr;
 
 
 #ifdef RTE_LIBRTE_PMD_QAT_DEBUG_TX
@@ -971,6 +974,8 @@ qat_write_hw_desc_entry(struct rte_crypto_op *op, uint8_t *out_msg,
 			cipher_ofs = op->sym->cipher.data.offset;
 		}
 
+		iv_ptr = rte_crypto_op_ctod_offset(op, uint8_t *,
+					op->sym->cipher.iv.offset);
 		/* copy IV into request if it fits */
 		/*
 		 * If IV length is zero do not copy anything but still
@@ -981,14 +986,15 @@ qat_write_hw_desc_entry(struct rte_crypto_op *op, uint8_t *out_msg,
 			if (op->sym->cipher.iv.length <=
 					sizeof(cipher_param->u.cipher_IV_array)) {
 				rte_memcpy(cipher_param->u.cipher_IV_array,
-						op->sym->cipher.iv.data,
+						iv_ptr,
 						op->sym->cipher.iv.length);
 			} else {
 				ICP_QAT_FW_LA_CIPH_IV_FLD_FLAG_SET(
 						qat_req->comn_hdr.serv_specif_flags,
 						ICP_QAT_FW_CIPH_IV_64BIT_PTR);
 				cipher_param->u.s.cipher_IV_ptr =
-						op->sym->cipher.iv.phys_addr;
+						rte_crypto_op_ctophys_offset(op,
+							op->sym->cipher.iv.offset);
 			}
 		}
 		min_ofs = cipher_ofs;
@@ -1179,12 +1185,16 @@ qat_write_hw_desc_entry(struct rte_crypto_op *op, uint8_t *out_msg,
 	rte_hexdump(stdout, "src_data:",
 			rte_pktmbuf_mtod(op->sym->m_src, uint8_t*),
 			rte_pktmbuf_data_len(op->sym->m_src));
-	rte_hexdump(stdout, "iv:", op->sym->cipher.iv.data,
-			op->sym->cipher.iv.length);
-	rte_hexdump(stdout, "digest:", op->sym->auth.digest.data,
-			op->sym->auth.digest.length);
-	rte_hexdump(stdout, "aad:", op->sym->auth.aad.data,
-			op->sym->auth.aad.length);
+	if (do_cipher)
+		rte_hexdump(stdout, "iv:", iv_ptr,
+				op->sym->cipher.iv.length);
+
+	if (do_auth) {
+		rte_hexdump(stdout, "digest:", op->sym->auth.digest.data,
+				op->sym->auth.digest.length);
+		rte_hexdump(stdout, "aad:", op->sym->auth.aad.data,
+				op->sym->auth.aad.length);
+	}
 #endif
 	return 0;
 }
diff --git a/drivers/crypto/snow3g/rte_snow3g_pmd.c b/drivers/crypto/snow3g/rte_snow3g_pmd.c
index 84757ac..3157d7b 100644
--- a/drivers/crypto/snow3g/rte_snow3g_pmd.c
+++ b/drivers/crypto/snow3g/rte_snow3g_pmd.c
@@ -174,7 +174,7 @@ process_snow3g_cipher_op(struct rte_crypto_op **ops,
 	unsigned i;
 	uint8_t processed_ops = 0;
 	uint8_t *src[SNOW3G_MAX_BURST], *dst[SNOW3G_MAX_BURST];
-	uint8_t *IV[SNOW3G_MAX_BURST];
+	uint8_t *iv[SNOW3G_MAX_BURST];
 	uint32_t num_bytes[SNOW3G_MAX_BURST];
 
 	for (i = 0; i < num_ops; i++) {
@@ -192,13 +192,14 @@ process_snow3g_cipher_op(struct rte_crypto_op **ops,
 				(ops[i]->sym->cipher.data.offset >> 3) :
 			rte_pktmbuf_mtod(ops[i]->sym->m_src, uint8_t *) +
 				(ops[i]->sym->cipher.data.offset >> 3);
-		IV[i] = ops[i]->sym->cipher.iv.data;
+		iv[i] = rte_crypto_op_ctod_offset(ops[i], uint8_t *,
+				ops[i]->sym->cipher.iv.offset);
 		num_bytes[i] = ops[i]->sym->cipher.data.length >> 3;
 
 		processed_ops++;
 	}
 
-	sso_snow3g_f8_n_buffer(&session->pKeySched_cipher, IV, src, dst,
+	sso_snow3g_f8_n_buffer(&session->pKeySched_cipher, iv, src, dst,
 			num_bytes, processed_ops);
 
 	return processed_ops;
@@ -210,7 +211,7 @@ process_snow3g_cipher_op_bit(struct rte_crypto_op *op,
 		struct snow3g_session *session)
 {
 	uint8_t *src, *dst;
-	uint8_t *IV;
+	uint8_t *iv;
 	uint32_t length_in_bits, offset_in_bits;
 
 	/* Sanity checks. */
@@ -228,10 +229,11 @@ process_snow3g_cipher_op_bit(struct rte_crypto_op *op,
 		return 0;
 	}
 	dst = rte_pktmbuf_mtod(op->sym->m_dst, uint8_t *);
-	IV = op->sym->cipher.iv.data;
+	iv = rte_crypto_op_ctod_offset(op, uint8_t *,
+				op->sym->cipher.iv.offset);
 	length_in_bits = op->sym->cipher.data.length;
 
-	sso_snow3g_f8_1_buffer_bit(&session->pKeySched_cipher, IV,
+	sso_snow3g_f8_1_buffer_bit(&session->pKeySched_cipher, iv,
 			src, dst, length_in_bits, offset_in_bits);
 
 	return 1;
diff --git a/drivers/crypto/zuc/rte_zuc_pmd.c b/drivers/crypto/zuc/rte_zuc_pmd.c
index 63236ac..b91b305 100644
--- a/drivers/crypto/zuc/rte_zuc_pmd.c
+++ b/drivers/crypto/zuc/rte_zuc_pmd.c
@@ -173,7 +173,7 @@ process_zuc_cipher_op(struct rte_crypto_op **ops,
 	unsigned i;
 	uint8_t processed_ops = 0;
 	uint8_t *src[ZUC_MAX_BURST], *dst[ZUC_MAX_BURST];
-	uint8_t *IV[ZUC_MAX_BURST];
+	uint8_t *iv[ZUC_MAX_BURST];
 	uint32_t num_bytes[ZUC_MAX_BURST];
 	uint8_t *cipher_keys[ZUC_MAX_BURST];
 
@@ -213,7 +213,8 @@ process_zuc_cipher_op(struct rte_crypto_op **ops,
 				(ops[i]->sym->cipher.data.offset >> 3) :
 			rte_pktmbuf_mtod(ops[i]->sym->m_src, uint8_t *) +
 				(ops[i]->sym->cipher.data.offset >> 3);
-		IV[i] = ops[i]->sym->cipher.iv.data;
+		iv[i] = rte_crypto_op_ctod_offset(ops[i], uint8_t *,
+				ops[i]->sym->cipher.iv.offset);
 		num_bytes[i] = ops[i]->sym->cipher.data.length >> 3;
 
 		cipher_keys[i] = session->pKey_cipher;
@@ -221,7 +222,7 @@ process_zuc_cipher_op(struct rte_crypto_op **ops,
 		processed_ops++;
 	}
 
-	sso_zuc_eea3_n_buffer(cipher_keys, IV, src, dst,
+	sso_zuc_eea3_n_buffer(cipher_keys, iv, src, dst,
 			num_bytes, processed_ops);
 
 	return processed_ops;
diff --git a/examples/ipsec-secgw/esp.c b/examples/ipsec-secgw/esp.c
index 5bf2d7d..738a800 100644
--- a/examples/ipsec-secgw/esp.c
+++ b/examples/ipsec-secgw/esp.c
@@ -104,9 +104,7 @@ esp_inbound(struct rte_mbuf *m, struct ipsec_sa *sa,
 	case RTE_CRYPTO_CIPHER_AES_CBC:
 		/* Copy IV at the end of crypto operation */
 		rte_memcpy(iv_ptr, iv, sa->iv_len);
-		sym_cop->cipher.iv.data = iv_ptr;
-		sym_cop->cipher.iv.phys_addr =
-				rte_crypto_op_ctophys_offset(cop, IV_OFFSET);
+		sym_cop->cipher.iv.offset = IV_OFFSET;
 		sym_cop->cipher.iv.length = sa->iv_len;
 		break;
 	case RTE_CRYPTO_CIPHER_AES_CTR:
@@ -115,9 +113,7 @@ esp_inbound(struct rte_mbuf *m, struct ipsec_sa *sa,
 		icb->salt = sa->salt;
 		memcpy(&icb->iv, iv, 8);
 		icb->cnt = rte_cpu_to_be_32(1);
-		sym_cop->cipher.iv.data = iv_ptr;
-		sym_cop->cipher.iv.phys_addr =
-				rte_crypto_op_ctophys_offset(cop, IV_OFFSET);
+		sym_cop->cipher.iv.offset = IV_OFFSET;
 		sym_cop->cipher.iv.length = 16;
 		break;
 	default:
@@ -348,15 +344,11 @@ esp_outbound(struct rte_mbuf *m, struct ipsec_sa *sa,
 	padding[pad_len - 2] = pad_len - 2;
 	padding[pad_len - 1] = nlp;
 
-	uint8_t *iv_ptr = rte_crypto_op_ctod_offset(cop,
-				uint8_t *, IV_OFFSET);
 	struct cnt_blk *icb = get_cnt_blk(m);
 	icb->salt = sa->salt;
 	icb->iv = sa->seq;
 	icb->cnt = rte_cpu_to_be_32(1);
-	sym_cop->cipher.iv.data = iv_ptr;
-	sym_cop->cipher.iv.phys_addr =
-			rte_crypto_op_ctophys_offset(cop, IV_OFFSET);
+	sym_cop->cipher.iv.offset = IV_OFFSET;
 	sym_cop->cipher.iv.length = 16;
 
 	uint8_t *aad;
diff --git a/examples/l2fwd-crypto/main.c b/examples/l2fwd-crypto/main.c
index 1380bc6..ffd9731 100644
--- a/examples/l2fwd-crypto/main.c
+++ b/examples/l2fwd-crypto/main.c
@@ -489,9 +489,7 @@ l2fwd_simple_crypto_enqueue(struct rte_mbuf *m,
 		/* Copy IV at the end of the crypto operation */
 		rte_memcpy(iv_ptr, cparams->iv.data, cparams->iv.length);
 
-		op->sym->cipher.iv.data = iv_ptr;
-		op->sym->cipher.iv.phys_addr =
-				rte_crypto_op_ctophys_offset(op, IV_OFFSET);
+		op->sym->cipher.iv.offset = IV_OFFSET;
 		op->sym->cipher.iv.length = cparams->iv.length;
 
 		/* For wireless algorithms, offset/length must be in bits */
@@ -700,7 +698,6 @@ l2fwd_main_loop(struct l2fwd_crypto_options *options)
 		if (port_cparams[i].do_cipher) {
 			port_cparams[i].iv.data = options->iv.data;
 			port_cparams[i].iv.length = options->iv.length;
-			port_cparams[i].iv.phys_addr = options->iv.phys_addr;
 			if (!options->iv_param)
 				generate_random_key(port_cparams[i].iv.data,
 						port_cparams[i].iv.length);
diff --git a/lib/librte_cryptodev/rte_crypto_sym.h b/lib/librte_cryptodev/rte_crypto_sym.h
index 39ad1e3..b35c45a 100644
--- a/lib/librte_cryptodev/rte_crypto_sym.h
+++ b/lib/librte_cryptodev/rte_crypto_sym.h
@@ -464,8 +464,10 @@ struct rte_crypto_sym_op {
 		} data; /**< Data offsets and length for ciphering */
 
 		struct {
-			uint8_t *data;
-			/**< Initialisation Vector or Counter.
+			uint16_t offset;
+			/**< Starting point for Initialisation Vector or Counter,
+			 * specified as number of bytes from start of crypto
+			 * operation.
 			 *
 			 * - For block ciphers in CBC or F8 mode, or for KASUMI
 			 * in F8 mode, or for SNOW 3G in UEA2 mode, this is the
@@ -491,7 +493,6 @@ struct rte_crypto_sym_op {
 			 * For optimum performance, the data pointed to SHOULD
 			 * be 8-byte aligned.
 			 */
-			phys_addr_t phys_addr;
 			uint16_t length;
 			/**< Length of valid IV data.
 			 *
diff --git a/test/test/test_cryptodev.c b/test/test/test_cryptodev.c
index 0037e88..fbcaaee 100644
--- a/test/test/test_cryptodev.c
+++ b/test/test/test_cryptodev.c
@@ -1311,13 +1311,11 @@ test_AES_CBC_HMAC_SHA1_encrypt_digest(void)
 	sym_op->auth.data.length = QUOTE_512_BYTES;
 
 	/* Set crypto operation cipher parameters */
-	sym_op->cipher.iv.data = rte_crypto_op_ctod_offset(ut_params->op,
-						uint8_t *, IV_OFFSET);
-	sym_op->cipher.iv.phys_addr = rte_crypto_op_ctophys_offset(ut_params->op,
-						IV_OFFSET);
+	sym_op->cipher.iv.offset = IV_OFFSET;
 	sym_op->cipher.iv.length = CIPHER_IV_LENGTH_AES_CBC;
 
-	rte_memcpy(sym_op->cipher.iv.data, aes_cbc_iv, CIPHER_IV_LENGTH_AES_CBC);
+	rte_memcpy(rte_crypto_op_ctod_offset(ut_params->op, uint8_t *, IV_OFFSET),
+			aes_cbc_iv, CIPHER_IV_LENGTH_AES_CBC);
 
 	sym_op->cipher.data.offset = 0;
 	sym_op->cipher.data.length = QUOTE_512_BYTES;
@@ -1464,13 +1462,11 @@ test_AES_CBC_HMAC_SHA512_decrypt_perform(struct rte_cryptodev_sym_session *sess,
 	sym_op->auth.data.offset = 0;
 	sym_op->auth.data.length = QUOTE_512_BYTES;
 
-	sym_op->cipher.iv.data = rte_crypto_op_ctod_offset(ut_params->op,
-						uint8_t *, IV_OFFSET);
-	sym_op->cipher.iv.phys_addr = rte_crypto_op_ctophys_offset(ut_params->op,
-						IV_OFFSET);
+	sym_op->cipher.iv.offset = IV_OFFSET;
 	sym_op->cipher.iv.length = CIPHER_IV_LENGTH_AES_CBC;
 
-	rte_memcpy(sym_op->cipher.iv.data, iv, CIPHER_IV_LENGTH_AES_CBC);
+	rte_memcpy(rte_crypto_op_ctod_offset(ut_params->op, uint8_t *, IV_OFFSET),
+			iv, CIPHER_IV_LENGTH_AES_CBC);
 
 	sym_op->cipher.data.offset = 0;
 	sym_op->cipher.data.length = QUOTE_512_BYTES;
@@ -1860,13 +1856,11 @@ create_wireless_algo_cipher_operation(const uint8_t *iv, uint8_t iv_len,
 	sym_op->m_src = ut_params->ibuf;
 
 	/* iv */
-	sym_op->cipher.iv.data = rte_crypto_op_ctod_offset(ut_params->op,
-						uint8_t *, IV_OFFSET);
-	sym_op->cipher.iv.phys_addr = rte_crypto_op_ctophys_offset(ut_params->op,
-						IV_OFFSET);
+	sym_op->cipher.iv.offset = IV_OFFSET;
 	sym_op->cipher.iv.length = iv_len;
 
-	rte_memcpy(sym_op->cipher.iv.data, iv, iv_len);
+	rte_memcpy(rte_crypto_op_ctod_offset(ut_params->op, uint8_t *, IV_OFFSET),
+			iv, iv_len);
 	sym_op->cipher.data.length = cipher_len;
 	sym_op->cipher.data.offset = cipher_offset;
 	return 0;
@@ -1896,13 +1890,11 @@ create_wireless_algo_cipher_operation_oop(const uint8_t *iv, uint8_t iv_len,
 	sym_op->m_dst = ut_params->obuf;
 
 	/* iv */
-	sym_op->cipher.iv.data = rte_crypto_op_ctod_offset(ut_params->op,
-						uint8_t *, IV_OFFSET);
-	sym_op->cipher.iv.phys_addr = rte_crypto_op_ctophys_offset(ut_params->op,
-						IV_OFFSET);
+	sym_op->cipher.iv.offset = IV_OFFSET;
 	sym_op->cipher.iv.length = iv_len;
 
-	rte_memcpy(sym_op->cipher.iv.data, iv, iv_len);
+	rte_memcpy(rte_crypto_op_ctod_offset(ut_params->op, uint8_t *, IV_OFFSET),
+			iv, iv_len);
 	sym_op->cipher.data.length = cipher_len;
 	sym_op->cipher.data.offset = cipher_offset;
 	return 0;
@@ -2219,13 +2211,11 @@ create_wireless_cipher_hash_operation(const struct wireless_test_data *tdata,
 	TEST_HEXDUMP(stdout, "aad:", sym_op->auth.aad.data, aad_len);
 
 	/* iv */
-	sym_op->cipher.iv.data = rte_crypto_op_ctod_offset(ut_params->op,
-						uint8_t *, IV_OFFSET);
-	sym_op->cipher.iv.phys_addr = rte_crypto_op_ctophys_offset(ut_params->op,
-						IV_OFFSET);
+	sym_op->cipher.iv.offset = IV_OFFSET;
 	sym_op->cipher.iv.length = iv_len;
 
-	rte_memcpy(sym_op->cipher.iv.data, iv, iv_len);
+	rte_memcpy(rte_crypto_op_ctod_offset(ut_params->op, uint8_t *, IV_OFFSET),
+			iv, iv_len);
 	sym_op->cipher.data.length = cipher_len;
 	sym_op->cipher.data.offset = cipher_offset + auth_offset;
 	sym_op->auth.data.length = auth_len;
@@ -2316,13 +2306,11 @@ create_wireless_algo_cipher_hash_operation(const uint8_t *auth_tag,
 	TEST_HEXDUMP(stdout, "aad:", sym_op->auth.aad.data, aad_len);
 
 	/* iv */
-	sym_op->cipher.iv.data = rte_crypto_op_ctod_offset(ut_params->op,
-						uint8_t *, IV_OFFSET);
-	sym_op->cipher.iv.phys_addr = rte_crypto_op_ctophys_offset(ut_params->op,
-						IV_OFFSET);
+	sym_op->cipher.iv.offset = IV_OFFSET;
 	sym_op->cipher.iv.length = iv_len;
 
-	rte_memcpy(sym_op->cipher.iv.data, iv, iv_len);
+	rte_memcpy(rte_crypto_op_ctod_offset(ut_params->op, uint8_t *, IV_OFFSET),
+			iv, iv_len);
 	sym_op->cipher.data.length = cipher_len;
 	sym_op->cipher.data.offset = cipher_offset + auth_offset;
 	sym_op->auth.data.length = auth_len;
@@ -2401,14 +2389,11 @@ create_wireless_algo_auth_cipher_operation(const unsigned auth_tag_len,
 			sym_op->auth.aad.data, aad_len);
 
 	/* iv */
-	sym_op->cipher.iv.data = rte_crypto_op_ctod_offset(ut_params->op,
-						uint8_t *, IV_OFFSET);
-	sym_op->cipher.iv.phys_addr = rte_crypto_op_ctophys_offset(ut_params->op,
-						IV_OFFSET);
+	sym_op->cipher.iv.offset = IV_OFFSET;
 	sym_op->cipher.iv.length = iv_len;
 
-	rte_memcpy(sym_op->cipher.iv.data, iv, iv_len);
-
+	rte_memcpy(rte_crypto_op_ctod_offset(ut_params->op, uint8_t *, IV_OFFSET),
+			iv, iv_len);
 	sym_op->cipher.data.length = cipher_len;
 	sym_op->cipher.data.offset = auth_offset + cipher_offset;
 
@@ -4854,14 +4839,13 @@ create_gcm_operation(enum rte_crypto_cipher_operation op,
 		sym_op->auth.aad.length);
 
 	/* Append IV at the end of the crypto operation*/
-	sym_op->cipher.iv.data = rte_crypto_op_ctod_offset(ut_params->op,
-						uint8_t *, IV_OFFSET);
-	sym_op->cipher.iv.phys_addr = rte_crypto_op_ctophys_offset(ut_params->op,
-						IV_OFFSET);
+	uint8_t *iv_ptr = rte_crypto_op_ctod_offset(ut_params->op,
+			uint8_t *, IV_OFFSET);
+	sym_op->cipher.iv.offset = IV_OFFSET;
 	sym_op->cipher.iv.length = tdata->iv.len;
 
-	rte_memcpy(sym_op->cipher.iv.data, tdata->iv.data, tdata->iv.len);
-	TEST_HEXDUMP(stdout, "iv:", sym_op->cipher.iv.data,
+	rte_memcpy(iv_ptr, tdata->iv.data, tdata->iv.len);
+	TEST_HEXDUMP(stdout, "iv:", iv_ptr,
 		sym_op->cipher.iv.length);
 
 	/* Append plaintext/ciphertext */
@@ -6429,15 +6413,15 @@ create_gmac_operation(enum rte_crypto_auth_operation op,
 				sym_op->auth.digest.length);
 	}
 
-	sym_op->cipher.iv.data = rte_crypto_op_ctod_offset(ut_params->op,
-						uint8_t *, IV_OFFSET);
-	sym_op->cipher.iv.phys_addr = rte_crypto_op_ctophys_offset(ut_params->op,
-						IV_OFFSET);
+	uint8_t *iv_ptr = rte_crypto_op_ctod_offset(ut_params->op,
+			uint8_t *, IV_OFFSET);
+
+	sym_op->cipher.iv.offset = IV_OFFSET;
 	sym_op->cipher.iv.length = tdata->iv.len;
 
-	rte_memcpy(sym_op->cipher.iv.data, tdata->iv.data, tdata->iv.len);
+	rte_memcpy(iv_ptr, tdata->iv.data, tdata->iv.len);
 
-	TEST_HEXDUMP(stdout, "iv:", sym_op->cipher.iv.data, tdata->iv.len);
+	TEST_HEXDUMP(stdout, "iv:", iv_ptr, tdata->iv.len);
 
 	sym_op->cipher.data.length = 0;
 	sym_op->cipher.data.offset = 0;
@@ -6975,13 +6959,11 @@ create_auth_GMAC_operation(struct crypto_testsuite_params *ts_params,
 			sym_op->auth.digest.data,
 			sym_op->auth.digest.length);
 
-	sym_op->cipher.iv.data = rte_crypto_op_ctod_offset(ut_params->op,
-						uint8_t *, IV_OFFSET);
-	sym_op->cipher.iv.phys_addr = rte_crypto_op_ctophys_offset(ut_params->op,
-						IV_OFFSET);
+	sym_op->cipher.iv.offset = IV_OFFSET;
 	sym_op->cipher.iv.length = reference->iv.len;
 
-	rte_memcpy(sym_op->cipher.iv.data, reference->iv.data, reference->iv.len);
+	rte_memcpy(rte_crypto_op_ctod_offset(ut_params->op, uint8_t *, IV_OFFSET),
+			reference->iv.data, reference->iv.len);
 
 	sym_op->cipher.data.length = 0;
 	sym_op->cipher.data.offset = 0;
@@ -7034,13 +7016,11 @@ create_cipher_auth_operation(struct crypto_testsuite_params *ts_params,
 			sym_op->auth.digest.data,
 			sym_op->auth.digest.length);
 
-	sym_op->cipher.iv.data = rte_crypto_op_ctod_offset(ut_params->op,
-						uint8_t *, IV_OFFSET);
-	sym_op->cipher.iv.phys_addr = rte_crypto_op_ctophys_offset(ut_params->op,
-						IV_OFFSET);
+	sym_op->cipher.iv.offset = IV_OFFSET;
 	sym_op->cipher.iv.length = reference->iv.len;
 
-	rte_memcpy(sym_op->cipher.iv.data, reference->iv.data, reference->iv.len);
+	rte_memcpy(rte_crypto_op_ctod_offset(ut_params->op, uint8_t *, IV_OFFSET),
+			reference->iv.data, reference->iv.len);
 
 	sym_op->cipher.data.length = reference->ciphertext.len;
 	sym_op->cipher.data.offset = 0;
@@ -7284,13 +7264,12 @@ create_gcm_operation_SGL(enum rte_crypto_cipher_operation op,
 				sym_op->auth.digest.length);
 	}
 
-	sym_op->cipher.iv.data = rte_crypto_op_ctod_offset(ut_params->op,
-						uint8_t *, IV_OFFSET);
-	sym_op->cipher.iv.phys_addr = rte_crypto_op_ctophys_offset(ut_params->op,
-						IV_OFFSET);
+	uint8_t *iv_ptr = rte_crypto_op_ctod_offset(ut_params->op,
+			uint8_t *, IV_OFFSET);
+	sym_op->cipher.iv.offset = IV_OFFSET;
 	sym_op->cipher.iv.length = iv_len;
 
-	rte_memcpy(sym_op->cipher.iv.data, tdata->iv.data, iv_len);
+	rte_memcpy(iv_ptr, tdata->iv.data, iv_len);
 
 	sym_op->auth.aad.data = (uint8_t *)rte_pktmbuf_prepend(
 			ut_params->ibuf, aad_len);
@@ -7303,7 +7282,7 @@ create_gcm_operation_SGL(enum rte_crypto_cipher_operation op,
 	memset(sym_op->auth.aad.data, 0, aad_len);
 	rte_memcpy(sym_op->auth.aad.data, tdata->aad.data, aad_len);
 
-	TEST_HEXDUMP(stdout, "iv:", sym_op->cipher.iv.data, iv_len);
+	TEST_HEXDUMP(stdout, "iv:", iv_ptr, iv_len);
 	TEST_HEXDUMP(stdout, "aad:",
 			sym_op->auth.aad.data, aad_len);
 
diff --git a/test/test/test_cryptodev_blockcipher.c b/test/test/test_cryptodev_blockcipher.c
index 2a0c364..312405b 100644
--- a/test/test/test_cryptodev_blockcipher.c
+++ b/test/test/test_cryptodev_blockcipher.c
@@ -290,12 +290,10 @@ test_blockcipher_one_case(const struct blockcipher_test_case *t,
 
 		sym_op->cipher.data.offset = 0;
 		sym_op->cipher.data.length = tdata->ciphertext.len;
-		sym_op->cipher.iv.data = rte_crypto_op_ctod_offset(op,
-						uint8_t *, IV_OFFSET);
-		sym_op->cipher.iv.phys_addr = rte_crypto_op_ctophys_offset(op,
-						IV_OFFSET);
+		sym_op->cipher.iv.offset = IV_OFFSET;
 		sym_op->cipher.iv.length = tdata->iv.len;
-		rte_memcpy(sym_op->cipher.iv.data, tdata->iv.data,
+		rte_memcpy(rte_crypto_op_ctod_offset(op, uint8_t *, IV_OFFSET),
+				tdata->iv.data,
 				tdata->iv.len);
 	}
 
diff --git a/test/test/test_cryptodev_perf.c b/test/test/test_cryptodev_perf.c
index b08451d..86bdc6e 100644
--- a/test/test/test_cryptodev_perf.c
+++ b/test/test/test_cryptodev_perf.c
@@ -1981,15 +1981,11 @@ test_perf_crypto_qp_vary_burst_size(uint16_t dev_num)
 		op->sym->auth.data.offset = 0;
 		op->sym->auth.data.length = data_params[0].length;
 
-
-		op->sym->cipher.iv.data = rte_crypto_op_ctod_offset(op,
-				uint8_t *, IV_OFFSET);
-		op->sym->cipher.iv.phys_addr = rte_crypto_op_ctophys_offset(op,
-				IV_OFFSET);
+		op->sym->cipher.iv.offset = IV_OFFSET;
 		op->sym->cipher.iv.length = CIPHER_IV_LENGTH_AES_CBC;
 
-		rte_memcpy(op->sym->cipher.iv.data, aes_cbc_128_iv,
-				CIPHER_IV_LENGTH_AES_CBC);
+		rte_memcpy(rte_crypto_op_ctod_offset(op, uint8_t *, IV_OFFSET),
+				aes_cbc_128_iv, CIPHER_IV_LENGTH_AES_CBC);
 
 		op->sym->cipher.data.offset = 0;
 		op->sym->cipher.data.length = data_params[0].length;
@@ -2898,13 +2894,10 @@ test_perf_set_crypto_op_aes(struct rte_crypto_op *op, struct rte_mbuf *m,
 
 
 	/* Cipher Parameters */
-	op->sym->cipher.iv.data = rte_crypto_op_ctod_offset(op,
-			uint8_t *, IV_OFFSET);
-	op->sym->cipher.iv.phys_addr = rte_crypto_op_ctophys_offset(op,
-			IV_OFFSET);
+	op->sym->cipher.iv.offset = IV_OFFSET;
 	op->sym->cipher.iv.length = AES_CIPHER_IV_LENGTH;
-
-	rte_memcpy(op->sym->cipher.iv.data, aes_iv, AES_CIPHER_IV_LENGTH);
+	rte_memcpy(rte_crypto_op_ctod_offset(op, uint8_t *, IV_OFFSET),
+			aes_iv, AES_CIPHER_IV_LENGTH);
 
 	op->sym->cipher.data.offset = 0;
 	op->sym->cipher.data.length = data_len;
@@ -2934,12 +2927,10 @@ test_perf_set_crypto_op_aes_gcm(struct rte_crypto_op *op, struct rte_mbuf *m,
 	op->sym->auth.aad.length = AES_GCM_AAD_LENGTH;
 
 	/* Cipher Parameters */
-	op->sym->cipher.iv.data = rte_crypto_op_ctod_offset(op,
-			uint8_t *, IV_OFFSET);
-	op->sym->cipher.iv.phys_addr = rte_crypto_op_ctophys_offset(op,
-			IV_OFFSET);
+	op->sym->cipher.iv.offset = IV_OFFSET;
 	op->sym->cipher.iv.length = AES_CIPHER_IV_LENGTH;
-	rte_memcpy(op->sym->cipher.iv.data, aes_iv, AES_CIPHER_IV_LENGTH);
+	rte_memcpy(rte_crypto_op_ctod_offset(op, uint8_t *, IV_OFFSET),
+			aes_iv, AES_CIPHER_IV_LENGTH);
 
 	/* Data lengths/offsets Parameters */
 	op->sym->auth.data.offset = 0;
@@ -2980,9 +2971,7 @@ test_perf_set_crypto_op_snow3g(struct rte_crypto_op *op, struct rte_mbuf *m,
 	op->sym->auth.aad.length = SNOW3G_CIPHER_IV_LENGTH;
 
 	/* Cipher Parameters */
-	op->sym->cipher.iv.data = iv_ptr;
-	op->sym->cipher.iv.phys_addr = rte_crypto_op_ctophys_offset(op,
-			IV_OFFSET);
+	op->sym->cipher.iv.offset = IV_OFFSET;
 	op->sym->cipher.iv.length = SNOW3G_CIPHER_IV_LENGTH;
 
 	/* Data lengths/offsets Parameters */
@@ -3009,12 +2998,10 @@ test_perf_set_crypto_op_snow3g_cipher(struct rte_crypto_op *op,
 	}
 
 	/* Cipher Parameters */
-	op->sym->cipher.iv.data = rte_crypto_op_ctod_offset(op,
-			uint8_t *, IV_OFFSET);
-	op->sym->cipher.iv.phys_addr = rte_crypto_op_ctophys_offset(op,
-			IV_OFFSET);
+	op->sym->cipher.iv.offset = IV_OFFSET;
 	op->sym->cipher.iv.length = SNOW3G_CIPHER_IV_LENGTH;
-	rte_memcpy(op->sym->cipher.iv.data, snow3g_iv, SNOW3G_CIPHER_IV_LENGTH);
+	rte_memcpy(rte_crypto_op_ctod_offset(op, uint8_t *, IV_OFFSET),
+			snow3g_iv, SNOW3G_CIPHER_IV_LENGTH);
 
 	op->sym->cipher.data.offset = 0;
 	op->sym->cipher.data.length = data_len << 3;
@@ -3082,13 +3069,10 @@ test_perf_set_crypto_op_3des(struct rte_crypto_op *op, struct rte_mbuf *m,
 	op->sym->auth.digest.length = digest_len;
 
 	/* Cipher Parameters */
-	op->sym->cipher.iv.data = rte_crypto_op_ctod_offset(op,
-			uint8_t *, IV_OFFSET);
-	op->sym->cipher.iv.phys_addr = rte_crypto_op_ctophys_offset(op,
-			IV_OFFSET);
+	op->sym->cipher.iv.offset = IV_OFFSET;
 	op->sym->cipher.iv.length = TRIPLE_DES_CIPHER_IV_LENGTH;
-	rte_memcpy(op->sym->cipher.iv.data, triple_des_iv,
-			TRIPLE_DES_CIPHER_IV_LENGTH);
+	rte_memcpy(rte_crypto_op_ctod_offset(op, uint8_t *, IV_OFFSET),
+			triple_des_iv, TRIPLE_DES_CIPHER_IV_LENGTH);
 
 	/* Data lengths/offsets Parameters */
 	op->sym->auth.data.offset = 0;
@@ -4183,6 +4167,9 @@ perf_gcm_set_crypto_op(struct rte_crypto_op *op, struct rte_mbuf *m,
 		struct crypto_params *m_hlp,
 		struct perf_test_params *params)
 {
+	uint8_t *iv_ptr = rte_crypto_op_ctod_offset(op,
+			uint8_t *, IV_OFFSET);
+
 	if (rte_crypto_op_attach_sym_session(op, sess) != 0) {
 		rte_crypto_op_free(op);
 		return NULL;
@@ -4203,14 +4190,11 @@ perf_gcm_set_crypto_op(struct rte_crypto_op *op, struct rte_mbuf *m,
 	rte_memcpy(op->sym->auth.aad.data, params->symmetric_op->aad_data,
 		       params->symmetric_op->aad_len);
 
-	op->sym->cipher.iv.data = rte_crypto_op_ctod_offset(op,
-			uint8_t *, IV_OFFSET);
-	op->sym->cipher.iv.phys_addr = rte_crypto_op_ctophys_offset(op,
-			IV_OFFSET);
-	rte_memcpy(op->sym->cipher.iv.data, params->symmetric_op->iv_data,
+	op->sym->cipher.iv.offset = IV_OFFSET;
+	rte_memcpy(iv_ptr, params->symmetric_op->iv_data,
 		       params->symmetric_op->iv_len);
 	if (params->symmetric_op->iv_len == 12)
-		op->sym->cipher.iv.data[15] = 1;
+		iv_ptr[15] = 1;
 
 	op->sym->cipher.iv.length = params->symmetric_op->iv_len;
 
-- 
2.9.4

^ permalink raw reply	[flat|nested] 100+ messages in thread

* [dpdk-dev] [PATCH v3 13/26] cryptodev: move IV parameters to crypto session
  2017-06-29 11:34   ` [dpdk-dev] [PATCH v3 00/26] Crypto operation restructuring Pablo de Lara
                       ` (11 preceding siblings ...)
  2017-06-29 11:35     ` [dpdk-dev] [PATCH v3 12/26] cryptodev: pass IV as offset Pablo de Lara
@ 2017-06-29 11:35     ` Pablo de Lara
  2017-06-29 11:35     ` [dpdk-dev] [PATCH v3 14/26] cryptodev: add auth IV Pablo de Lara
                       ` (14 subsequent siblings)
  27 siblings, 0 replies; 100+ messages in thread
From: Pablo de Lara @ 2017-06-29 11:35 UTC (permalink / raw)
  To: declan.doherty, zbigniew.bodek, jerin.jacob, akhil.goyal,
	hemant.agrawal, fiona.trahe, john.griffin, deepak.k.jain
  Cc: dev, Pablo de Lara

Since IV parameters (offset and length) should not
change for operations in the same session, these parameters
are moved to the crypto transform structure, so they will
be stored in the sessions.

Signed-off-by: Pablo de Lara <pablo.de.lara.guarch@intel.com>
Acked-by: Akhil Goyal <akhil.goyal@nxp.com>
---
 app/test-crypto-perf/cperf_ops.c                   |  19 ++-
 app/test-crypto-perf/cperf_ops.h                   |   3 +-
 app/test-crypto-perf/cperf_test_latency.c          |   7 +-
 app/test-crypto-perf/cperf_test_throughput.c       |   6 +-
 app/test-crypto-perf/cperf_test_vectors.c          |   9 ++
 app/test-crypto-perf/cperf_test_verify.c           |   6 +-
 doc/guides/prog_guide/cryptodev_lib.rst            |   5 -
 doc/guides/rel_notes/release_17_08.rst             |   2 +
 drivers/crypto/aesni_gcm/aesni_gcm_pmd.c           |  22 ++--
 drivers/crypto/aesni_gcm/aesni_gcm_pmd_private.h   |   5 +
 drivers/crypto/aesni_mb/rte_aesni_mb_pmd.c         |  11 +-
 drivers/crypto/aesni_mb/rte_aesni_mb_pmd_private.h |   5 +
 drivers/crypto/armv8/rte_armv8_pmd.c               |  12 +-
 drivers/crypto/armv8/rte_armv8_pmd_private.h       |   7 +-
 drivers/crypto/dpaa2_sec/dpaa2_sec_dpseci.c        |  39 ++++--
 drivers/crypto/dpaa2_sec/dpaa2_sec_priv.h          |   8 +-
 drivers/crypto/kasumi/rte_kasumi_pmd.c             |  25 ++--
 drivers/crypto/kasumi/rte_kasumi_pmd_private.h     |   1 +
 drivers/crypto/null/null_crypto_pmd_ops.c          |   6 +-
 drivers/crypto/openssl/rte_openssl_pmd.c           |  17 ++-
 drivers/crypto/openssl/rte_openssl_pmd_private.h   |   5 +
 drivers/crypto/qat/qat_adf/qat_algs.h              |   4 +
 drivers/crypto/qat/qat_crypto.c                    |  44 +++----
 drivers/crypto/snow3g/rte_snow3g_pmd.c             |  25 ++--
 drivers/crypto/snow3g/rte_snow3g_pmd_private.h     |   1 +
 drivers/crypto/zuc/rte_zuc_pmd.c                   |  16 +--
 drivers/crypto/zuc/rte_zuc_pmd_ops.c               |   2 +-
 drivers/crypto/zuc/rte_zuc_pmd_private.h           |   1 +
 examples/ipsec-secgw/esp.c                         |   9 --
 examples/ipsec-secgw/ipsec.h                       |   3 +
 examples/ipsec-secgw/sa.c                          |  20 +++
 examples/l2fwd-crypto/main.c                       |  90 ++++++++------
 lib/librte_cryptodev/rte_crypto_sym.h              |  98 +++++++--------
 test/test/test_cryptodev.c                         | 134 ++++++++++++---------
 test/test/test_cryptodev_blockcipher.c             |   4 +-
 test/test/test_cryptodev_perf.c                    |  61 +++++-----
 36 files changed, 417 insertions(+), 315 deletions(-)

diff --git a/app/test-crypto-perf/cperf_ops.c b/app/test-crypto-perf/cperf_ops.c
index 10002cd..16476ee 100644
--- a/app/test-crypto-perf/cperf_ops.c
+++ b/app/test-crypto-perf/cperf_ops.c
@@ -106,9 +106,6 @@ cperf_set_ops_cipher(struct rte_crypto_op **ops,
 		sym_op->m_dst = bufs_out[i];
 
 		/* cipher parameters */
-		sym_op->cipher.iv.offset = iv_offset;
-		sym_op->cipher.iv.length = test_vector->iv.length;
-
 		if (options->cipher_algo == RTE_CRYPTO_CIPHER_SNOW3G_UEA2 ||
 				options->cipher_algo == RTE_CRYPTO_CIPHER_KASUMI_F8 ||
 				options->cipher_algo == RTE_CRYPTO_CIPHER_ZUC_EEA3)
@@ -216,9 +213,6 @@ cperf_set_ops_cipher_auth(struct rte_crypto_op **ops,
 		sym_op->m_dst = bufs_out[i];
 
 		/* cipher parameters */
-		sym_op->cipher.iv.offset = iv_offset;
-		sym_op->cipher.iv.length = test_vector->iv.length;
-
 		if (options->cipher_algo == RTE_CRYPTO_CIPHER_SNOW3G_UEA2 ||
 				options->cipher_algo == RTE_CRYPTO_CIPHER_KASUMI_F8 ||
 				options->cipher_algo == RTE_CRYPTO_CIPHER_ZUC_EEA3)
@@ -304,9 +298,6 @@ cperf_set_ops_aead(struct rte_crypto_op **ops,
 		sym_op->m_dst = bufs_out[i];
 
 		/* cipher parameters */
-		sym_op->cipher.iv.offset = iv_offset;
-		sym_op->cipher.iv.length = test_vector->iv.length;
-
 		sym_op->cipher.data.length = options->test_buffer_size;
 		sym_op->cipher.data.offset =
 				RTE_ALIGN_CEIL(options->auth_aad_sz, 16);
@@ -368,7 +359,8 @@ cperf_set_ops_aead(struct rte_crypto_op **ops,
 static struct rte_cryptodev_sym_session *
 cperf_create_session(uint8_t dev_id,
 	const struct cperf_options *options,
-	const struct cperf_test_vector *test_vector)
+	const struct cperf_test_vector *test_vector,
+	uint16_t iv_offset)
 {
 	struct rte_crypto_sym_xform cipher_xform;
 	struct rte_crypto_sym_xform auth_xform;
@@ -382,6 +374,7 @@ cperf_create_session(uint8_t dev_id,
 		cipher_xform.next = NULL;
 		cipher_xform.cipher.algo = options->cipher_algo;
 		cipher_xform.cipher.op = options->cipher_op;
+		cipher_xform.cipher.iv.offset = iv_offset;
 
 		/* cipher different than null */
 		if (options->cipher_algo != RTE_CRYPTO_CIPHER_NULL) {
@@ -389,9 +382,12 @@ cperf_create_session(uint8_t dev_id,
 					test_vector->cipher_key.data;
 			cipher_xform.cipher.key.length =
 					test_vector->cipher_key.length;
+			cipher_xform.cipher.iv.length = test_vector->iv.length;
+
 		} else {
 			cipher_xform.cipher.key.data = NULL;
 			cipher_xform.cipher.key.length = 0;
+			cipher_xform.cipher.iv.length = 0;
 		}
 		/* create crypto session */
 		sess = rte_cryptodev_sym_session_create(dev_id,	&cipher_xform);
@@ -435,6 +431,7 @@ cperf_create_session(uint8_t dev_id,
 		cipher_xform.next = NULL;
 		cipher_xform.cipher.algo = options->cipher_algo;
 		cipher_xform.cipher.op = options->cipher_op;
+		cipher_xform.cipher.iv.offset = iv_offset;
 
 		/* cipher different than null */
 		if (options->cipher_algo != RTE_CRYPTO_CIPHER_NULL) {
@@ -442,9 +439,11 @@ cperf_create_session(uint8_t dev_id,
 					test_vector->cipher_key.data;
 			cipher_xform.cipher.key.length =
 					test_vector->cipher_key.length;
+			cipher_xform.cipher.iv.length = test_vector->iv.length;
 		} else {
 			cipher_xform.cipher.key.data = NULL;
 			cipher_xform.cipher.key.length = 0;
+			cipher_xform.cipher.iv.length = 0;
 		}
 
 		/*
diff --git a/app/test-crypto-perf/cperf_ops.h b/app/test-crypto-perf/cperf_ops.h
index f7b431c..bb83cd5 100644
--- a/app/test-crypto-perf/cperf_ops.h
+++ b/app/test-crypto-perf/cperf_ops.h
@@ -42,7 +42,8 @@
 
 typedef struct rte_cryptodev_sym_session *(*cperf_sessions_create_t)(
 		uint8_t dev_id, const struct cperf_options *options,
-		const struct cperf_test_vector *test_vector);
+		const struct cperf_test_vector *test_vector,
+		uint16_t iv_offset);
 
 typedef int (*cperf_populate_ops_t)(struct rte_crypto_op **ops,
 		struct rte_mbuf **bufs_in, struct rte_mbuf **bufs_out,
diff --git a/app/test-crypto-perf/cperf_test_latency.c b/app/test-crypto-perf/cperf_test_latency.c
index 3aca1b4..d37083f 100644
--- a/app/test-crypto-perf/cperf_test_latency.c
+++ b/app/test-crypto-perf/cperf_test_latency.c
@@ -211,7 +211,12 @@ cperf_latency_test_constructor(uint8_t dev_id, uint16_t qp_id,
 	ctx->options = options;
 	ctx->test_vector = test_vector;
 
-	ctx->sess = op_fns->sess_create(dev_id, options, test_vector);
+	/* IV goes at the end of the crypto operation */
+	uint16_t iv_offset = sizeof(struct rte_crypto_op) +
+		sizeof(struct rte_crypto_sym_op) +
+		sizeof(struct cperf_op_result *);
+
+	ctx->sess = op_fns->sess_create(dev_id, options, test_vector, iv_offset);
 	if (ctx->sess == NULL)
 		goto err;
 
diff --git a/app/test-crypto-perf/cperf_test_throughput.c b/app/test-crypto-perf/cperf_test_throughput.c
index ba883fd..4d2b3d3 100644
--- a/app/test-crypto-perf/cperf_test_throughput.c
+++ b/app/test-crypto-perf/cperf_test_throughput.c
@@ -195,7 +195,11 @@ cperf_throughput_test_constructor(uint8_t dev_id, uint16_t qp_id,
 	ctx->options = options;
 	ctx->test_vector = test_vector;
 
-	ctx->sess = op_fns->sess_create(dev_id, options, test_vector);
+	/* IV goes at the end of the cryptop operation */
+	uint16_t iv_offset = sizeof(struct rte_crypto_op) +
+		sizeof(struct rte_crypto_sym_op);
+
+	ctx->sess = op_fns->sess_create(dev_id, options, test_vector, iv_offset);
 	if (ctx->sess == NULL)
 		goto err;
 
diff --git a/app/test-crypto-perf/cperf_test_vectors.c b/app/test-crypto-perf/cperf_test_vectors.c
index 36b3f6f..4a14fb3 100644
--- a/app/test-crypto-perf/cperf_test_vectors.c
+++ b/app/test-crypto-perf/cperf_test_vectors.c
@@ -423,7 +423,16 @@ cperf_test_vector_get_dummy(struct cperf_options *options)
 			memcpy(t_vec->iv.data, iv, options->cipher_iv_sz);
 		}
 		t_vec->ciphertext.length = options->max_buffer_size;
+		/* Set IV parameters */
+		t_vec->iv.data = rte_malloc(NULL, options->cipher_iv_sz,
+					16);
+		if (options->cipher_iv_sz && t_vec->iv.data == NULL) {
+			rte_free(t_vec);
+			return NULL;
+		}
+		memcpy(t_vec->iv.data, iv, options->cipher_iv_sz);
 		t_vec->iv.length = options->cipher_iv_sz;
+
 		t_vec->data.cipher_offset = 0;
 		t_vec->data.cipher_length = options->max_buffer_size;
 	}
diff --git a/app/test-crypto-perf/cperf_test_verify.c b/app/test-crypto-perf/cperf_test_verify.c
index d5a2b33..1b58b1d 100644
--- a/app/test-crypto-perf/cperf_test_verify.c
+++ b/app/test-crypto-perf/cperf_test_verify.c
@@ -199,7 +199,11 @@ cperf_verify_test_constructor(uint8_t dev_id, uint16_t qp_id,
 	ctx->options = options;
 	ctx->test_vector = test_vector;
 
-	ctx->sess = op_fns->sess_create(dev_id, options, test_vector);
+	/* IV goes at the end of the cryptop operation */
+	uint16_t iv_offset = sizeof(struct rte_crypto_op) +
+		sizeof(struct rte_crypto_sym_op);
+
+	ctx->sess = op_fns->sess_create(dev_id, options, test_vector, iv_offset);
 	if (ctx->sess == NULL)
 		goto err;
 
diff --git a/doc/guides/prog_guide/cryptodev_lib.rst b/doc/guides/prog_guide/cryptodev_lib.rst
index 48c58a9..4e352f4 100644
--- a/doc/guides/prog_guide/cryptodev_lib.rst
+++ b/doc/guides/prog_guide/cryptodev_lib.rst
@@ -535,11 +535,6 @@ chain.
                 uint32_t offset;
                 uint32_t length;
             } data;   /**< Data offsets and length for ciphering */
-
-            struct {
-                uint16_t offset;
-                uint16_t length;
-            } iv;     /**< Initialisation vector parameters */
         } cipher;
 
         struct {
diff --git a/doc/guides/rel_notes/release_17_08.rst b/doc/guides/rel_notes/release_17_08.rst
index 68e8022..4775bd2 100644
--- a/doc/guides/rel_notes/release_17_08.rst
+++ b/doc/guides/rel_notes/release_17_08.rst
@@ -159,6 +159,8 @@ API Changes
     with a zero length array.
   * Replaced pointer and physical address of IV in ``rte_crypto_sym_op`` with
     offset from the start of the crypto operation.
+  * Moved length and offset of cipher IV from ``rte_crypto_sym_op`` to
+    ``rte_crypto_cipher_xform``.
 
 
 ABI Changes
diff --git a/drivers/crypto/aesni_gcm/aesni_gcm_pmd.c b/drivers/crypto/aesni_gcm/aesni_gcm_pmd.c
index 217ea65..414f22b 100644
--- a/drivers/crypto/aesni_gcm/aesni_gcm_pmd.c
+++ b/drivers/crypto/aesni_gcm/aesni_gcm_pmd.c
@@ -104,6 +104,17 @@ aesni_gcm_set_session_parameters(struct aesni_gcm_session *sess,
 		return -EINVAL;
 	}
 
+	/* Set IV parameters */
+	sess->iv.offset = cipher_xform->cipher.iv.offset;
+	sess->iv.length = cipher_xform->cipher.iv.length;
+
+	/* IV check */
+	if (sess->iv.length != 16 && sess->iv.length != 12 &&
+			sess->iv.length != 0) {
+		GCM_LOG_ERR("Wrong IV length");
+		return -EINVAL;
+	}
+
 	/* Select Crypto operation */
 	if (cipher_xform->cipher.op == RTE_CRYPTO_CIPHER_OP_ENCRYPT &&
 			auth_xform->auth.op == RTE_CRYPTO_AUTH_OP_GENERATE)
@@ -221,20 +232,13 @@ process_gcm_crypto_op(struct rte_crypto_op *op,
 
 	src = rte_pktmbuf_mtod_offset(m_src, uint8_t *, offset);
 
-	/* sanity checks */
-	if (sym_op->cipher.iv.length != 16 && sym_op->cipher.iv.length != 12 &&
-			sym_op->cipher.iv.length != 0) {
-		GCM_LOG_ERR("iv");
-		return -1;
-	}
-
 	iv_ptr = rte_crypto_op_ctod_offset(op, uint8_t *,
-				sym_op->cipher.iv.offset);
+				session->iv.offset);
 	/*
 	 * GCM working in 12B IV mode => 16B pre-counter block we need
 	 * to set BE LSB to 1, driver expects that 16B is allocated
 	 */
-	if (sym_op->cipher.iv.length == 12) {
+	if (session->iv.length == 12) {
 		uint32_t *iv_padd = (uint32_t *)&(iv_ptr[12]);
 		*iv_padd = rte_bswap32(1);
 	}
diff --git a/drivers/crypto/aesni_gcm/aesni_gcm_pmd_private.h b/drivers/crypto/aesni_gcm/aesni_gcm_pmd_private.h
index 0496b44..2ed96f8 100644
--- a/drivers/crypto/aesni_gcm/aesni_gcm_pmd_private.h
+++ b/drivers/crypto/aesni_gcm/aesni_gcm_pmd_private.h
@@ -90,6 +90,11 @@ enum aesni_gcm_key {
 
 /** AESNI GCM private session structure */
 struct aesni_gcm_session {
+	struct {
+		uint16_t length;
+		uint16_t offset;
+	} iv;
+	/**< IV parameters */
 	enum aesni_gcm_operation op;
 	/**< GCM operation type */
 	enum aesni_gcm_key key;
diff --git a/drivers/crypto/aesni_mb/rte_aesni_mb_pmd.c b/drivers/crypto/aesni_mb/rte_aesni_mb_pmd.c
index 1f03582..0a20dec 100644
--- a/drivers/crypto/aesni_mb/rte_aesni_mb_pmd.c
+++ b/drivers/crypto/aesni_mb/rte_aesni_mb_pmd.c
@@ -246,6 +246,10 @@ aesni_mb_set_session_cipher_parameters(const struct aesni_mb_op_fns *mb_ops,
 		return -1;
 	}
 
+	/* Set IV parameters */
+	sess->iv.offset = xform->cipher.iv.offset;
+	sess->iv.length = xform->cipher.iv.length;
+
 	/* Expanded cipher keys */
 	(*aes_keyexp_fn)(xform->cipher.key.data,
 			sess->cipher.expanded_aes_keys.encode,
@@ -300,6 +304,9 @@ aesni_mb_set_session_parameters(const struct aesni_mb_op_fns *mb_ops,
 		return -1;
 	}
 
+	/* Default IV length = 0 */
+	sess->iv.length = 0;
+
 	if (aesni_mb_set_session_auth_parameters(mb_ops, sess, auth_xform)) {
 		MB_LOG_ERR("Invalid/unsupported authentication parameters");
 		return -1;
@@ -472,8 +479,8 @@ set_mb_job_params(JOB_AES_HMAC *job, struct aesni_mb_qp *qp,
 
 	/* Set IV parameters */
 	job->iv = rte_crypto_op_ctod_offset(op, uint8_t *,
-			op->sym->cipher.iv.offset);
-	job->iv_len_in_bytes = op->sym->cipher.iv.length;
+			session->iv.offset);
+	job->iv_len_in_bytes = session->iv.length;
 
 	/* Data  Parameter */
 	job->src = rte_pktmbuf_mtod(m_src, uint8_t *);
diff --git a/drivers/crypto/aesni_mb/rte_aesni_mb_pmd_private.h b/drivers/crypto/aesni_mb/rte_aesni_mb_pmd_private.h
index 0d82699..5c50d37 100644
--- a/drivers/crypto/aesni_mb/rte_aesni_mb_pmd_private.h
+++ b/drivers/crypto/aesni_mb/rte_aesni_mb_pmd_private.h
@@ -167,6 +167,11 @@ struct aesni_mb_qp {
 /** AES-NI multi-buffer private session structure */
 struct aesni_mb_session {
 	JOB_CHAIN_ORDER chain_order;
+	struct {
+		uint16_t length;
+		uint16_t offset;
+	} iv;
+	/**< IV parameters */
 
 	/** Cipher Parameters */
 	struct {
diff --git a/drivers/crypto/armv8/rte_armv8_pmd.c b/drivers/crypto/armv8/rte_armv8_pmd.c
index 693eccd..dac4fc3 100644
--- a/drivers/crypto/armv8/rte_armv8_pmd.c
+++ b/drivers/crypto/armv8/rte_armv8_pmd.c
@@ -432,7 +432,7 @@ armv8_crypto_set_session_chained_parameters(struct armv8_crypto_session *sess,
 	case RTE_CRYPTO_CIPHER_AES_CBC:
 		sess->cipher.algo = calg;
 		/* IV len is always 16 bytes (block size) for AES CBC */
-		sess->cipher.iv_len = 16;
+		sess->cipher.iv.length = 16;
 		break;
 	default:
 		return -EINVAL;
@@ -523,6 +523,9 @@ armv8_crypto_set_session_parameters(struct armv8_crypto_session *sess,
 		return -EINVAL;
 	}
 
+	/* Set IV offset */
+	sess->cipher.iv.offset = cipher_xform->cipher.iv.offset;
+
 	if (is_chained_op) {
 		ret = armv8_crypto_set_session_chained_parameters(sess,
 						cipher_xform, auth_xform);
@@ -649,13 +652,8 @@ process_armv8_chained_op
 				op->sym->auth.digest.length);
 	}
 
-	if (unlikely(op->sym->cipher.iv.length != sess->cipher.iv_len)) {
-		op->status = RTE_CRYPTO_OP_STATUS_INVALID_ARGS;
-		return;
-	}
-
 	arg.cipher.iv = rte_crypto_op_ctod_offset(op, uint8_t *,
-					op->sym->cipher.iv.offset);
+					sess->cipher.iv.offset);
 	arg.cipher.key = sess->cipher.key.data;
 	/* Acquire combined mode function */
 	crypto_func = sess->crypto_func;
diff --git a/drivers/crypto/armv8/rte_armv8_pmd_private.h b/drivers/crypto/armv8/rte_armv8_pmd_private.h
index b75107f..75bde9f 100644
--- a/drivers/crypto/armv8/rte_armv8_pmd_private.h
+++ b/drivers/crypto/armv8/rte_armv8_pmd_private.h
@@ -159,8 +159,11 @@ struct armv8_crypto_session {
 		/**< cipher operation direction */
 		enum rte_crypto_cipher_algorithm algo;
 		/**< cipher algorithm */
-		int iv_len;
-		/**< IV length */
+		struct {
+			uint16_t length;
+			uint16_t offset;
+		} iv;
+		/**< IV parameters */
 
 		struct {
 			uint8_t data[256];
diff --git a/drivers/crypto/dpaa2_sec/dpaa2_sec_dpseci.c b/drivers/crypto/dpaa2_sec/dpaa2_sec_dpseci.c
index 1605701..3930794 100644
--- a/drivers/crypto/dpaa2_sec/dpaa2_sec_dpseci.c
+++ b/drivers/crypto/dpaa2_sec/dpaa2_sec_dpseci.c
@@ -88,7 +88,7 @@ build_authenc_fd(dpaa2_sec_session *sess,
 	uint8_t *old_icv;
 	uint32_t mem_len = (7 * sizeof(struct qbman_fle)) + icv_len;
 	uint8_t *iv_ptr = rte_crypto_op_ctod_offset(op, uint8_t *,
-			op->sym->cipher.iv.offset);
+			sess->iv.offset);
 
 	PMD_INIT_FUNC_TRACE();
 
@@ -138,7 +138,7 @@ build_authenc_fd(dpaa2_sec_session *sess,
 		   sym_op->auth.digest.length,
 		   sym_op->cipher.data.offset,
 		   sym_op->cipher.data.length,
-		   sym_op->cipher.iv.length,
+		   sess->iv.length,
 		   sym_op->m_src->data_off);
 
 	/* Configure Output FLE with Scatter/Gather Entry */
@@ -163,7 +163,7 @@ build_authenc_fd(dpaa2_sec_session *sess,
 				DPAA2_VADDR_TO_IOVA(sym_op->auth.digest.data));
 		sge->length = sym_op->auth.digest.length;
 		DPAA2_SET_FD_LEN(fd, (sym_op->auth.data.length +
-					sym_op->cipher.iv.length));
+					sess->iv.length));
 	}
 	DPAA2_SET_FLE_FIN(sge);
 
@@ -175,13 +175,13 @@ build_authenc_fd(dpaa2_sec_session *sess,
 	DPAA2_SET_FLE_SG_EXT(fle);
 	DPAA2_SET_FLE_FIN(fle);
 	fle->length = (sess->dir == DIR_ENC) ?
-			(sym_op->auth.data.length + sym_op->cipher.iv.length) :
-			(sym_op->auth.data.length + sym_op->cipher.iv.length +
+			(sym_op->auth.data.length + sess->iv.length) :
+			(sym_op->auth.data.length + sess->iv.length +
 			 sym_op->auth.digest.length);
 
 	/* Configure Input SGE for Encap/Decap */
 	DPAA2_SET_FLE_ADDR(sge, DPAA2_VADDR_TO_IOVA(iv_ptr));
-	sge->length = sym_op->cipher.iv.length;
+	sge->length = sess->iv.length;
 	sge++;
 
 	DPAA2_SET_FLE_ADDR(sge, DPAA2_MBUF_VADDR_TO_IOVA(sym_op->m_src));
@@ -198,7 +198,7 @@ build_authenc_fd(dpaa2_sec_session *sess,
 		sge->length = sym_op->auth.digest.length;
 		DPAA2_SET_FD_LEN(fd, (sym_op->auth.data.length +
 				 sym_op->auth.digest.length +
-				 sym_op->cipher.iv.length));
+				 sess->iv.length));
 	}
 	DPAA2_SET_FLE_FIN(sge);
 	if (auth_only_len) {
@@ -310,7 +310,7 @@ build_cipher_fd(dpaa2_sec_session *sess, struct rte_crypto_op *op,
 	struct sec_flow_context *flc;
 	struct ctxt_priv *priv = sess->ctxt;
 	uint8_t *iv_ptr = rte_crypto_op_ctod_offset(op, uint8_t *,
-			op->sym->cipher.iv.offset);
+			sess->iv.offset);
 
 	PMD_INIT_FUNC_TRACE();
 
@@ -347,21 +347,21 @@ build_cipher_fd(dpaa2_sec_session *sess, struct rte_crypto_op *op,
 	flc = &priv->flc_desc[0].flc;
 	DPAA2_SET_FD_ADDR(fd, DPAA2_VADDR_TO_IOVA(fle));
 	DPAA2_SET_FD_LEN(fd, sym_op->cipher.data.length +
-			 sym_op->cipher.iv.length);
+			 sess->iv.length);
 	DPAA2_SET_FD_COMPOUND_FMT(fd);
 	DPAA2_SET_FD_FLC(fd, DPAA2_VADDR_TO_IOVA(flc));
 
 	PMD_TX_LOG(DEBUG, "cipher_off: 0x%x/length %d,ivlen=%d data_off: 0x%x",
 		   sym_op->cipher.data.offset,
 		   sym_op->cipher.data.length,
-		   sym_op->cipher.iv.length,
+		   sess->iv.length,
 		   sym_op->m_src->data_off);
 
 	DPAA2_SET_FLE_ADDR(fle, DPAA2_MBUF_VADDR_TO_IOVA(sym_op->m_src));
 	DPAA2_SET_FLE_OFFSET(fle, sym_op->cipher.data.offset +
 			     sym_op->m_src->data_off);
 
-	fle->length = sym_op->cipher.data.length + sym_op->cipher.iv.length;
+	fle->length = sym_op->cipher.data.length + sess->iv.length;
 
 	PMD_TX_LOG(DEBUG, "1 - flc = %p, fle = %p FLEaddr = %x-%x, length %d",
 		   flc, fle, fle->addr_hi, fle->addr_lo, fle->length);
@@ -369,12 +369,12 @@ build_cipher_fd(dpaa2_sec_session *sess, struct rte_crypto_op *op,
 	fle++;
 
 	DPAA2_SET_FLE_ADDR(fle, DPAA2_VADDR_TO_IOVA(sge));
-	fle->length = sym_op->cipher.data.length + sym_op->cipher.iv.length;
+	fle->length = sym_op->cipher.data.length + sess->iv.length;
 
 	DPAA2_SET_FLE_SG_EXT(fle);
 
 	DPAA2_SET_FLE_ADDR(sge, DPAA2_VADDR_TO_IOVA(iv_ptr));
-	sge->length = sym_op->cipher.iv.length;
+	sge->length = sess->iv.length;
 
 	sge++;
 	DPAA2_SET_FLE_ADDR(sge, DPAA2_MBUF_VADDR_TO_IOVA(sym_op->m_src));
@@ -798,6 +798,10 @@ dpaa2_sec_cipher_init(struct rte_cryptodev *dev,
 	cipherdata.key_enc_flags = 0;
 	cipherdata.key_type = RTA_DATA_IMM;
 
+	/* Set IV parameters */
+	session->iv.offset = xform->cipher.iv.offset;
+	session->iv.length = xform->cipher.iv.length;
+
 	switch (xform->cipher.algo) {
 	case RTE_CRYPTO_CIPHER_AES_CBC:
 		cipherdata.algtype = OP_ALG_ALGSEL_AES;
@@ -1016,6 +1020,11 @@ dpaa2_sec_aead_init(struct rte_cryptodev *dev,
 			(cipher_xform->op == RTE_CRYPTO_CIPHER_OP_ENCRYPT) ?
 			DPAA2_SEC_HASH_CIPHER : DPAA2_SEC_CIPHER_HASH;
 	}
+
+	/* Set IV parameters */
+	session->iv.offset = cipher_xform->iv.offset;
+	session->iv.length = cipher_xform->iv.length;
+
 	/* For SEC AEAD only one descriptor is required */
 	priv = (struct ctxt_priv *)rte_zmalloc(NULL,
 			sizeof(struct ctxt_priv) + sizeof(struct sec_flc_desc),
@@ -1216,6 +1225,10 @@ dpaa2_sec_session_configure(struct rte_cryptodev *dev,
 		RTE_LOG(ERR, PMD, "invalid session struct");
 		return NULL;
 	}
+
+	/* Default IV length = 0 */
+	session->iv.length = 0;
+
 	/* Cipher Only */
 	if (xform->type == RTE_CRYPTO_SYM_XFORM_CIPHER && xform->next == NULL) {
 		session->ctxt_type = DPAA2_SEC_CIPHER;
diff --git a/drivers/crypto/dpaa2_sec/dpaa2_sec_priv.h b/drivers/crypto/dpaa2_sec/dpaa2_sec_priv.h
index f5c6169..d152161 100644
--- a/drivers/crypto/dpaa2_sec/dpaa2_sec_priv.h
+++ b/drivers/crypto/dpaa2_sec/dpaa2_sec_priv.h
@@ -187,6 +187,10 @@ typedef struct dpaa2_sec_session_entry {
 		uint8_t *data;	/**< pointer to key data */
 		size_t length;	/**< key length in bytes */
 	} auth_key;
+	struct {
+		uint16_t length; /**< IV length in bytes */
+		uint16_t offset; /**< IV offset in bytes */
+	} iv;
 	uint8_t status;
 	union {
 		struct dpaa2_sec_cipher_ctxt cipher_ctxt;
@@ -275,8 +279,8 @@ static const struct rte_cryptodev_capabilities dpaa2_sec_capabilities[] = {
 						.min = 32,
 						.max = 32,
 						.increment = 0
-					},
-					.aad_size = { 0 }
+				},
+				.aad_size = { 0 }
 				}, }
 			}, }
 		},
diff --git a/drivers/crypto/kasumi/rte_kasumi_pmd.c b/drivers/crypto/kasumi/rte_kasumi_pmd.c
index 9a0b4a8..c92f5d1 100644
--- a/drivers/crypto/kasumi/rte_kasumi_pmd.c
+++ b/drivers/crypto/kasumi/rte_kasumi_pmd.c
@@ -116,6 +116,13 @@ kasumi_set_session_parameters(struct kasumi_session *sess,
 		/* Only KASUMI F8 supported */
 		if (cipher_xform->cipher.algo != RTE_CRYPTO_CIPHER_KASUMI_F8)
 			return -EINVAL;
+
+		sess->iv_offset = cipher_xform->cipher.iv.offset;
+		if (cipher_xform->cipher.iv.length != KASUMI_IV_LENGTH) {
+			KASUMI_LOG_ERR("Wrong IV length");
+			return -EINVAL;
+		}
+
 		/* Initialize key */
 		sso_kasumi_init_f8_key_sched(cipher_xform->cipher.key.data,
 				&sess->pKeySched_cipher);
@@ -179,13 +186,6 @@ process_kasumi_cipher_op(struct rte_crypto_op **ops,
 	uint32_t num_bytes[num_ops];
 
 	for (i = 0; i < num_ops; i++) {
-		/* Sanity checks. */
-		if (ops[i]->sym->cipher.iv.length != KASUMI_IV_LENGTH) {
-			ops[i]->status = RTE_CRYPTO_OP_STATUS_INVALID_ARGS;
-			KASUMI_LOG_ERR("iv");
-			break;
-		}
-
 		src[i] = rte_pktmbuf_mtod(ops[i]->sym->m_src, uint8_t *) +
 				(ops[i]->sym->cipher.data.offset >> 3);
 		dst[i] = ops[i]->sym->m_dst ?
@@ -194,7 +194,7 @@ process_kasumi_cipher_op(struct rte_crypto_op **ops,
 			rte_pktmbuf_mtod(ops[i]->sym->m_src, uint8_t *) +
 				(ops[i]->sym->cipher.data.offset >> 3);
 		iv_ptr = rte_crypto_op_ctod_offset(ops[i], uint8_t *,
-				ops[i]->sym->cipher.iv.offset);
+				session->iv_offset);
 		iv[i] = *((uint64_t *)(iv_ptr));
 		num_bytes[i] = ops[i]->sym->cipher.data.length >> 3;
 
@@ -218,13 +218,6 @@ process_kasumi_cipher_op_bit(struct rte_crypto_op *op,
 	uint64_t iv;
 	uint32_t length_in_bits, offset_in_bits;
 
-	/* Sanity checks. */
-	if (unlikely(op->sym->cipher.iv.length != KASUMI_IV_LENGTH)) {
-		op->status = RTE_CRYPTO_OP_STATUS_INVALID_ARGS;
-		KASUMI_LOG_ERR("iv");
-		return 0;
-	}
-
 	offset_in_bits = op->sym->cipher.data.offset;
 	src = rte_pktmbuf_mtod(op->sym->m_src, uint8_t *);
 	if (op->sym->m_dst == NULL) {
@@ -234,7 +227,7 @@ process_kasumi_cipher_op_bit(struct rte_crypto_op *op,
 	}
 	dst = rte_pktmbuf_mtod(op->sym->m_dst, uint8_t *);
 	iv_ptr = rte_crypto_op_ctod_offset(op, uint8_t *,
-			op->sym->cipher.iv.offset);
+			session->iv_offset);
 	iv = *((uint64_t *)(iv_ptr));
 	length_in_bits = op->sym->cipher.data.length;
 
diff --git a/drivers/crypto/kasumi/rte_kasumi_pmd_private.h b/drivers/crypto/kasumi/rte_kasumi_pmd_private.h
index fb586ca..6a0d47a 100644
--- a/drivers/crypto/kasumi/rte_kasumi_pmd_private.h
+++ b/drivers/crypto/kasumi/rte_kasumi_pmd_private.h
@@ -92,6 +92,7 @@ struct kasumi_session {
 	sso_kasumi_key_sched_t pKeySched_hash;
 	enum kasumi_operation op;
 	enum rte_crypto_auth_operation auth_op;
+	uint16_t iv_offset;
 } __rte_cache_aligned;
 
 
diff --git a/drivers/crypto/null/null_crypto_pmd_ops.c b/drivers/crypto/null/null_crypto_pmd_ops.c
index 12c946c..5f74f0c 100644
--- a/drivers/crypto/null/null_crypto_pmd_ops.c
+++ b/drivers/crypto/null/null_crypto_pmd_ops.c
@@ -72,11 +72,7 @@ static const struct rte_cryptodev_capabilities null_crypto_pmd_capabilities[] =
 					.max = 0,
 					.increment = 0
 				},
-				.iv_size = {
-					.min = 0,
-					.max = 0,
-					.increment = 0
-				}
+				.iv_size = { 0 }
 			}, },
 		}, }
 	},
diff --git a/drivers/crypto/openssl/rte_openssl_pmd.c b/drivers/crypto/openssl/rte_openssl_pmd.c
index 6bfa06f..970c735 100644
--- a/drivers/crypto/openssl/rte_openssl_pmd.c
+++ b/drivers/crypto/openssl/rte_openssl_pmd.c
@@ -264,6 +264,10 @@ openssl_set_session_cipher_parameters(struct openssl_session *sess,
 	/* Select cipher key */
 	sess->cipher.key.length = xform->cipher.key.length;
 
+	/* Set IV parameters */
+	sess->iv.offset = xform->cipher.iv.offset;
+	sess->iv.length = xform->cipher.iv.length;
+
 	/* Select cipher algo */
 	switch (xform->cipher.algo) {
 	case RTE_CRYPTO_CIPHER_3DES_CBC:
@@ -397,6 +401,9 @@ openssl_set_session_parameters(struct openssl_session *sess,
 		return -EINVAL;
 	}
 
+	/* Default IV length = 0 */
+	sess->iv.length = 0;
+
 	/* cipher_xform must be check before auth_xform */
 	if (cipher_xform) {
 		if (openssl_set_session_cipher_parameters(
@@ -924,8 +931,8 @@ process_openssl_combined_op
 	}
 
 	iv = rte_crypto_op_ctod_offset(op, uint8_t *,
-			op->sym->cipher.iv.offset);
-	ivlen = op->sym->cipher.iv.length;
+			sess->iv.offset);
+	ivlen = sess->iv.length;
 	aad = op->sym->auth.aad.data;
 	aadlen = op->sym->auth.aad.length;
 
@@ -989,7 +996,7 @@ process_openssl_cipher_op
 			op->sym->cipher.data.offset);
 
 	iv = rte_crypto_op_ctod_offset(op, uint8_t *,
-			op->sym->cipher.iv.offset);
+			sess->iv.offset);
 
 	if (sess->cipher.mode == OPENSSL_CIPHER_LIB)
 		if (sess->cipher.direction == RTE_CRYPTO_CIPHER_OP_ENCRYPT)
@@ -1031,7 +1038,7 @@ process_openssl_docsis_bpi_op(struct rte_crypto_op *op,
 			op->sym->cipher.data.offset);
 
 	iv = rte_crypto_op_ctod_offset(op, uint8_t *,
-			op->sym->cipher.iv.offset);
+			sess->iv.offset);
 
 	block_size = DES_BLOCK_SIZE;
 
@@ -1090,7 +1097,7 @@ process_openssl_docsis_bpi_op(struct rte_crypto_op *op,
 						last_block_len, sess->cipher.bpi_ctx);
 				/* Prepare parameters for CBC mode op */
 				iv = rte_crypto_op_ctod_offset(op, uint8_t *,
-						op->sym->cipher.iv.offset);
+						sess->iv.offset);
 				dst += last_block_len - srclen;
 				srclen -= last_block_len;
 			}
diff --git a/drivers/crypto/openssl/rte_openssl_pmd_private.h b/drivers/crypto/openssl/rte_openssl_pmd_private.h
index 4d820c5..3a64853 100644
--- a/drivers/crypto/openssl/rte_openssl_pmd_private.h
+++ b/drivers/crypto/openssl/rte_openssl_pmd_private.h
@@ -108,6 +108,11 @@ struct openssl_session {
 	enum openssl_chain_order chain_order;
 	/**< chain order mode */
 
+	struct {
+		uint16_t length;
+		uint16_t offset;
+	} iv;
+	/**< IV parameters */
 	/** Cipher Parameters */
 	struct {
 		enum rte_crypto_cipher_operation direction;
diff --git a/drivers/crypto/qat/qat_adf/qat_algs.h b/drivers/crypto/qat/qat_adf/qat_algs.h
index 5c63406..e8fa3d3 100644
--- a/drivers/crypto/qat/qat_adf/qat_algs.h
+++ b/drivers/crypto/qat/qat_adf/qat_algs.h
@@ -127,6 +127,10 @@ struct qat_session {
 	struct icp_qat_fw_la_bulk_req fw_req;
 	uint8_t aad_len;
 	struct qat_crypto_instance *inst;
+	struct {
+		uint16_t offset;
+		uint16_t length;
+	} iv;
 	rte_spinlock_t lock;	/* protects this struct */
 };
 
diff --git a/drivers/crypto/qat/qat_crypto.c b/drivers/crypto/qat/qat_crypto.c
index a4f356f..5d7b68e 100644
--- a/drivers/crypto/qat/qat_crypto.c
+++ b/drivers/crypto/qat/qat_crypto.c
@@ -298,6 +298,9 @@ qat_crypto_sym_configure_session_cipher(struct rte_cryptodev *dev,
 	/* Get cipher xform from crypto xform chain */
 	cipher_xform = qat_get_cipher_xform(xform);
 
+	session->iv.offset = cipher_xform->iv.offset;
+	session->iv.length = cipher_xform->iv.length;
+
 	switch (cipher_xform->algo) {
 	case RTE_CRYPTO_CIPHER_AES_CBC:
 		if (qat_alg_validate_aes_key(cipher_xform->key.length,
@@ -643,7 +646,7 @@ qat_bpicipher_preprocess(struct qat_session *ctx,
 		else
 			/* runt block, i.e. less than one full block */
 			iv = rte_crypto_op_ctod_offset(op, uint8_t *,
-					sym_op->cipher.iv.offset);
+					ctx->iv.offset);
 
 #ifdef RTE_LIBRTE_PMD_QAT_DEBUG_TX
 		rte_hexdump(stdout, "BPI: src before pre-process:", last_block,
@@ -699,7 +702,7 @@ qat_bpicipher_postprocess(struct qat_session *ctx,
 		else
 			/* runt block, i.e. less than one full block */
 			iv = rte_crypto_op_ctod_offset(op, uint8_t *,
-					sym_op->cipher.iv.offset);
+					ctx->iv.offset);
 
 #ifdef RTE_LIBRTE_PMD_QAT_DEBUG_RX
 		rte_hexdump(stdout, "BPI: src before post-process:", last_block,
@@ -975,27 +978,20 @@ qat_write_hw_desc_entry(struct rte_crypto_op *op, uint8_t *out_msg,
 		}
 
 		iv_ptr = rte_crypto_op_ctod_offset(op, uint8_t *,
-					op->sym->cipher.iv.offset);
+					ctx->iv.offset);
 		/* copy IV into request if it fits */
-		/*
-		 * If IV length is zero do not copy anything but still
-		 * use request descriptor embedded IV
-		 *
-		 */
-		if (op->sym->cipher.iv.length) {
-			if (op->sym->cipher.iv.length <=
-					sizeof(cipher_param->u.cipher_IV_array)) {
-				rte_memcpy(cipher_param->u.cipher_IV_array,
-						iv_ptr,
-						op->sym->cipher.iv.length);
-			} else {
-				ICP_QAT_FW_LA_CIPH_IV_FLD_FLAG_SET(
-						qat_req->comn_hdr.serv_specif_flags,
-						ICP_QAT_FW_CIPH_IV_64BIT_PTR);
-				cipher_param->u.s.cipher_IV_ptr =
-						rte_crypto_op_ctophys_offset(op,
-							op->sym->cipher.iv.offset);
-			}
+		if (ctx->iv.length <=
+				sizeof(cipher_param->u.cipher_IV_array)) {
+			rte_memcpy(cipher_param->u.cipher_IV_array,
+					iv_ptr,
+					ctx->iv.length);
+		} else {
+			ICP_QAT_FW_LA_CIPH_IV_FLD_FLAG_SET(
+					qat_req->comn_hdr.serv_specif_flags,
+					ICP_QAT_FW_CIPH_IV_64BIT_PTR);
+			cipher_param->u.s.cipher_IV_ptr =
+					rte_crypto_op_ctophys_offset(op,
+						ctx->iv.offset);
 		}
 		min_ofs = cipher_ofs;
 	}
@@ -1151,7 +1147,7 @@ qat_write_hw_desc_entry(struct rte_crypto_op *op, uint8_t *out_msg,
 
 	if (ctx->qat_hash_alg == ICP_QAT_HW_AUTH_ALGO_GALOIS_128 ||
 			ctx->qat_hash_alg == ICP_QAT_HW_AUTH_ALGO_GALOIS_64) {
-		if (op->sym->cipher.iv.length == 12) {
+		if (ctx->iv.length == 12) {
 			/*
 			 * For GCM a 12 bit IV is allowed,
 			 * but we need to inform the f/w
@@ -1187,7 +1183,7 @@ qat_write_hw_desc_entry(struct rte_crypto_op *op, uint8_t *out_msg,
 			rte_pktmbuf_data_len(op->sym->m_src));
 	if (do_cipher)
 		rte_hexdump(stdout, "iv:", iv_ptr,
-				op->sym->cipher.iv.length);
+				ctx->iv.length);
 
 	if (do_auth) {
 		rte_hexdump(stdout, "digest:", op->sym->auth.digest.data,
diff --git a/drivers/crypto/snow3g/rte_snow3g_pmd.c b/drivers/crypto/snow3g/rte_snow3g_pmd.c
index 3157d7b..4e93f64 100644
--- a/drivers/crypto/snow3g/rte_snow3g_pmd.c
+++ b/drivers/crypto/snow3g/rte_snow3g_pmd.c
@@ -116,6 +116,13 @@ snow3g_set_session_parameters(struct snow3g_session *sess,
 		/* Only SNOW 3G UEA2 supported */
 		if (cipher_xform->cipher.algo != RTE_CRYPTO_CIPHER_SNOW3G_UEA2)
 			return -EINVAL;
+
+		if (cipher_xform->cipher.iv.length != SNOW3G_IV_LENGTH) {
+			SNOW3G_LOG_ERR("Wrong IV length");
+			return -EINVAL;
+		}
+		sess->iv_offset = cipher_xform->cipher.iv.offset;
+
 		/* Initialize key */
 		sso_snow3g_init_key_sched(cipher_xform->cipher.key.data,
 				&sess->pKeySched_cipher);
@@ -178,13 +185,6 @@ process_snow3g_cipher_op(struct rte_crypto_op **ops,
 	uint32_t num_bytes[SNOW3G_MAX_BURST];
 
 	for (i = 0; i < num_ops; i++) {
-		/* Sanity checks. */
-		if (unlikely(ops[i]->sym->cipher.iv.length != SNOW3G_IV_LENGTH)) {
-			ops[i]->status = RTE_CRYPTO_OP_STATUS_INVALID_ARGS;
-			SNOW3G_LOG_ERR("iv");
-			break;
-		}
-
 		src[i] = rte_pktmbuf_mtod(ops[i]->sym->m_src, uint8_t *) +
 				(ops[i]->sym->cipher.data.offset >> 3);
 		dst[i] = ops[i]->sym->m_dst ?
@@ -193,7 +193,7 @@ process_snow3g_cipher_op(struct rte_crypto_op **ops,
 			rte_pktmbuf_mtod(ops[i]->sym->m_src, uint8_t *) +
 				(ops[i]->sym->cipher.data.offset >> 3);
 		iv[i] = rte_crypto_op_ctod_offset(ops[i], uint8_t *,
-				ops[i]->sym->cipher.iv.offset);
+				session->iv_offset);
 		num_bytes[i] = ops[i]->sym->cipher.data.length >> 3;
 
 		processed_ops++;
@@ -214,13 +214,6 @@ process_snow3g_cipher_op_bit(struct rte_crypto_op *op,
 	uint8_t *iv;
 	uint32_t length_in_bits, offset_in_bits;
 
-	/* Sanity checks. */
-	if (unlikely(op->sym->cipher.iv.length != SNOW3G_IV_LENGTH)) {
-		op->status = RTE_CRYPTO_OP_STATUS_INVALID_ARGS;
-		SNOW3G_LOG_ERR("iv");
-		return 0;
-	}
-
 	offset_in_bits = op->sym->cipher.data.offset;
 	src = rte_pktmbuf_mtod(op->sym->m_src, uint8_t *);
 	if (op->sym->m_dst == NULL) {
@@ -230,7 +223,7 @@ process_snow3g_cipher_op_bit(struct rte_crypto_op *op,
 	}
 	dst = rte_pktmbuf_mtod(op->sym->m_dst, uint8_t *);
 	iv = rte_crypto_op_ctod_offset(op, uint8_t *,
-				op->sym->cipher.iv.offset);
+				session->iv_offset);
 	length_in_bits = op->sym->cipher.data.length;
 
 	sso_snow3g_f8_1_buffer_bit(&session->pKeySched_cipher, iv,
diff --git a/drivers/crypto/snow3g/rte_snow3g_pmd_private.h b/drivers/crypto/snow3g/rte_snow3g_pmd_private.h
index 03973b9..e8943a7 100644
--- a/drivers/crypto/snow3g/rte_snow3g_pmd_private.h
+++ b/drivers/crypto/snow3g/rte_snow3g_pmd_private.h
@@ -91,6 +91,7 @@ struct snow3g_session {
 	enum rte_crypto_auth_operation auth_op;
 	sso_snow3g_key_schedule_t pKeySched_cipher;
 	sso_snow3g_key_schedule_t pKeySched_hash;
+	uint16_t iv_offset;
 } __rte_cache_aligned;
 
 
diff --git a/drivers/crypto/zuc/rte_zuc_pmd.c b/drivers/crypto/zuc/rte_zuc_pmd.c
index b91b305..f3cb5f0 100644
--- a/drivers/crypto/zuc/rte_zuc_pmd.c
+++ b/drivers/crypto/zuc/rte_zuc_pmd.c
@@ -115,6 +115,13 @@ zuc_set_session_parameters(struct zuc_session *sess,
 		/* Only ZUC EEA3 supported */
 		if (cipher_xform->cipher.algo != RTE_CRYPTO_CIPHER_ZUC_EEA3)
 			return -EINVAL;
+
+		if (cipher_xform->cipher.iv.length != ZUC_IV_KEY_LENGTH) {
+			ZUC_LOG_ERR("Wrong IV length");
+			return -EINVAL;
+		}
+		sess->iv_offset = cipher_xform->cipher.iv.offset;
+
 		/* Copy the key */
 		memcpy(sess->pKey_cipher, cipher_xform->cipher.key.data,
 				ZUC_IV_KEY_LENGTH);
@@ -178,13 +185,6 @@ process_zuc_cipher_op(struct rte_crypto_op **ops,
 	uint8_t *cipher_keys[ZUC_MAX_BURST];
 
 	for (i = 0; i < num_ops; i++) {
-		/* Sanity checks. */
-		if (unlikely(ops[i]->sym->cipher.iv.length != ZUC_IV_KEY_LENGTH)) {
-			ops[i]->status = RTE_CRYPTO_OP_STATUS_INVALID_ARGS;
-			ZUC_LOG_ERR("iv");
-			break;
-		}
-
 		if (((ops[i]->sym->cipher.data.length % BYTE_LEN) != 0)
 				|| ((ops[i]->sym->cipher.data.offset
 					% BYTE_LEN) != 0)) {
@@ -214,7 +214,7 @@ process_zuc_cipher_op(struct rte_crypto_op **ops,
 			rte_pktmbuf_mtod(ops[i]->sym->m_src, uint8_t *) +
 				(ops[i]->sym->cipher.data.offset >> 3);
 		iv[i] = rte_crypto_op_ctod_offset(ops[i], uint8_t *,
-				ops[i]->sym->cipher.iv.offset);
+				session->iv_offset);
 		num_bytes[i] = ops[i]->sym->cipher.data.length >> 3;
 
 		cipher_keys[i] = session->pKey_cipher;
diff --git a/drivers/crypto/zuc/rte_zuc_pmd_ops.c b/drivers/crypto/zuc/rte_zuc_pmd_ops.c
index e793459..c24b9bd 100644
--- a/drivers/crypto/zuc/rte_zuc_pmd_ops.c
+++ b/drivers/crypto/zuc/rte_zuc_pmd_ops.c
@@ -80,7 +80,7 @@ static const struct rte_cryptodev_capabilities zuc_pmd_capabilities[] = {
 					.min = 16,
 					.max = 16,
 					.increment = 0
-				}
+				},
 			}, }
 		}, }
 	},
diff --git a/drivers/crypto/zuc/rte_zuc_pmd_private.h b/drivers/crypto/zuc/rte_zuc_pmd_private.h
index 030f120..cee1b5d 100644
--- a/drivers/crypto/zuc/rte_zuc_pmd_private.h
+++ b/drivers/crypto/zuc/rte_zuc_pmd_private.h
@@ -92,6 +92,7 @@ struct zuc_session {
 	enum rte_crypto_auth_operation auth_op;
 	uint8_t pKey_cipher[ZUC_IV_KEY_LENGTH];
 	uint8_t pKey_hash[ZUC_IV_KEY_LENGTH];
+	uint16_t iv_offset;
 } __rte_cache_aligned;
 
 
diff --git a/examples/ipsec-secgw/esp.c b/examples/ipsec-secgw/esp.c
index 738a800..9e12782 100644
--- a/examples/ipsec-secgw/esp.c
+++ b/examples/ipsec-secgw/esp.c
@@ -50,9 +50,6 @@
 #include "esp.h"
 #include "ipip.h"
 
-#define IV_OFFSET		(sizeof(struct rte_crypto_op) + \
-				sizeof(struct rte_crypto_sym_op))
-
 int
 esp_inbound(struct rte_mbuf *m, struct ipsec_sa *sa,
 		struct rte_crypto_op *cop)
@@ -104,8 +101,6 @@ esp_inbound(struct rte_mbuf *m, struct ipsec_sa *sa,
 	case RTE_CRYPTO_CIPHER_AES_CBC:
 		/* Copy IV at the end of crypto operation */
 		rte_memcpy(iv_ptr, iv, sa->iv_len);
-		sym_cop->cipher.iv.offset = IV_OFFSET;
-		sym_cop->cipher.iv.length = sa->iv_len;
 		break;
 	case RTE_CRYPTO_CIPHER_AES_CTR:
 	case RTE_CRYPTO_CIPHER_AES_GCM:
@@ -113,8 +108,6 @@ esp_inbound(struct rte_mbuf *m, struct ipsec_sa *sa,
 		icb->salt = sa->salt;
 		memcpy(&icb->iv, iv, 8);
 		icb->cnt = rte_cpu_to_be_32(1);
-		sym_cop->cipher.iv.offset = IV_OFFSET;
-		sym_cop->cipher.iv.length = 16;
 		break;
 	default:
 		RTE_LOG(ERR, IPSEC_ESP, "unsupported cipher algorithm %u\n",
@@ -348,8 +341,6 @@ esp_outbound(struct rte_mbuf *m, struct ipsec_sa *sa,
 	icb->salt = sa->salt;
 	icb->iv = sa->seq;
 	icb->cnt = rte_cpu_to_be_32(1);
-	sym_cop->cipher.iv.offset = IV_OFFSET;
-	sym_cop->cipher.iv.length = 16;
 
 	uint8_t *aad;
 
diff --git a/examples/ipsec-secgw/ipsec.h b/examples/ipsec-secgw/ipsec.h
index de1df7b..405cf3d 100644
--- a/examples/ipsec-secgw/ipsec.h
+++ b/examples/ipsec-secgw/ipsec.h
@@ -48,6 +48,9 @@
 
 #define MAX_DIGEST_SIZE 32 /* Bytes -- 256 bits */
 
+#define IV_OFFSET		(sizeof(struct rte_crypto_op) + \
+				sizeof(struct rte_crypto_sym_op))
+
 #define uint32_t_to_char(ip, a, b, c, d) do {\
 		*a = (uint8_t)(ip >> 24 & 0xff);\
 		*b = (uint8_t)(ip >> 16 & 0xff);\
diff --git a/examples/ipsec-secgw/sa.c b/examples/ipsec-secgw/sa.c
index 39624c4..85e4d4e 100644
--- a/examples/ipsec-secgw/sa.c
+++ b/examples/ipsec-secgw/sa.c
@@ -589,6 +589,7 @@ sa_add_rules(struct sa_ctx *sa_ctx, const struct ipsec_sa entries[],
 {
 	struct ipsec_sa *sa;
 	uint32_t i, idx;
+	uint16_t iv_length;
 
 	for (i = 0; i < nb_entries; i++) {
 		idx = SPI2IDX(entries[i].spi);
@@ -607,6 +608,21 @@ sa_add_rules(struct sa_ctx *sa_ctx, const struct ipsec_sa entries[],
 			sa->dst.ip.ip4 = rte_cpu_to_be_32(sa->dst.ip.ip4);
 		}
 
+		switch (sa->cipher_algo) {
+		case RTE_CRYPTO_CIPHER_NULL:
+		case RTE_CRYPTO_CIPHER_AES_CBC:
+			iv_length = sa->iv_len;
+			break;
+		case RTE_CRYPTO_CIPHER_AES_CTR:
+		case RTE_CRYPTO_CIPHER_AES_GCM:
+			iv_length = 16;
+			break;
+		default:
+			RTE_LOG(ERR, IPSEC_ESP, "unsupported cipher algorithm %u\n",
+					sa->cipher_algo);
+			return -EINVAL;
+		}
+
 		if (inbound) {
 			sa_ctx->xf[idx].b.type = RTE_CRYPTO_SYM_XFORM_CIPHER;
 			sa_ctx->xf[idx].b.cipher.algo = sa->cipher_algo;
@@ -615,6 +631,8 @@ sa_add_rules(struct sa_ctx *sa_ctx, const struct ipsec_sa entries[],
 				sa->cipher_key_len;
 			sa_ctx->xf[idx].b.cipher.op =
 				RTE_CRYPTO_CIPHER_OP_DECRYPT;
+			sa_ctx->xf[idx].b.cipher.iv.offset = IV_OFFSET;
+			sa_ctx->xf[idx].b.cipher.iv.length = iv_length;
 			sa_ctx->xf[idx].b.next = NULL;
 
 			sa_ctx->xf[idx].a.type = RTE_CRYPTO_SYM_XFORM_AUTH;
@@ -637,6 +655,8 @@ sa_add_rules(struct sa_ctx *sa_ctx, const struct ipsec_sa entries[],
 				sa->cipher_key_len;
 			sa_ctx->xf[idx].a.cipher.op =
 				RTE_CRYPTO_CIPHER_OP_ENCRYPT;
+			sa_ctx->xf[idx].a.cipher.iv.offset = IV_OFFSET;
+			sa_ctx->xf[idx].a.cipher.iv.length = iv_length;
 			sa_ctx->xf[idx].a.next = NULL;
 
 			sa_ctx->xf[idx].b.type = RTE_CRYPTO_SYM_XFORM_AUTH;
diff --git a/examples/l2fwd-crypto/main.c b/examples/l2fwd-crypto/main.c
index ffd9731..9f16806 100644
--- a/examples/l2fwd-crypto/main.c
+++ b/examples/l2fwd-crypto/main.c
@@ -139,6 +139,11 @@ struct l2fwd_key {
 	phys_addr_t phys_addr;
 };
 
+struct l2fwd_iv {
+	uint8_t *data;
+	uint16_t length;
+};
+
 /** l2fwd crypto application command line options */
 struct l2fwd_crypto_options {
 	unsigned portmask;
@@ -155,8 +160,8 @@ struct l2fwd_crypto_options {
 	unsigned ckey_param;
 	int ckey_random_size;
 
-	struct l2fwd_key iv;
-	unsigned iv_param;
+	struct l2fwd_iv iv;
+	unsigned int iv_param;
 	int iv_random_size;
 
 	struct rte_crypto_sym_xform auth_xform;
@@ -183,7 +188,7 @@ struct l2fwd_crypto_params {
 	unsigned digest_length;
 	unsigned block_size;
 
-	struct l2fwd_key iv;
+	struct l2fwd_iv iv;
 	struct l2fwd_key aad;
 	struct rte_cryptodev_sym_session *session;
 
@@ -489,9 +494,6 @@ l2fwd_simple_crypto_enqueue(struct rte_mbuf *m,
 		/* Copy IV at the end of the crypto operation */
 		rte_memcpy(iv_ptr, cparams->iv.data, cparams->iv.length);
 
-		op->sym->cipher.iv.offset = IV_OFFSET;
-		op->sym->cipher.iv.length = cparams->iv.length;
-
 		/* For wireless algorithms, offset/length must be in bits */
 		if (cparams->cipher_algo == RTE_CRYPTO_CIPHER_SNOW3G_UEA2 ||
 				cparams->cipher_algo == RTE_CRYPTO_CIPHER_KASUMI_F8 ||
@@ -703,6 +705,9 @@ l2fwd_main_loop(struct l2fwd_crypto_options *options)
 						port_cparams[i].iv.length);
 
 			port_cparams[i].cipher_algo = options->cipher_xform.cipher.algo;
+			/* Set IV parameters */
+			options->cipher_xform.cipher.iv.offset = IV_OFFSET;
+			options->cipher_xform.cipher.iv.length = options->iv.length;
 		}
 
 		port_cparams[i].session = initialize_crypto_session(options,
@@ -1547,6 +1552,46 @@ check_supported_size(uint16_t length, uint16_t min, uint16_t max,
 
 	return -1;
 }
+
+static int
+check_iv_param(const struct rte_crypto_param_range *iv_range_size,
+		unsigned int iv_param, int iv_random_size,
+		uint16_t *iv_length)
+{
+	/*
+	 * Check if length of provided IV is supported
+	 * by the algorithm chosen.
+	 */
+	if (iv_param) {
+		if (check_supported_size(*iv_length,
+				iv_range_size->min,
+				iv_range_size->max,
+				iv_range_size->increment)
+					!= 0) {
+			printf("Unsupported IV length\n");
+			return -1;
+		}
+	/*
+	 * Check if length of IV to be randomly generated
+	 * is supported by the algorithm chosen.
+	 */
+	} else if (iv_random_size != -1) {
+		if (check_supported_size(iv_random_size,
+				iv_range_size->min,
+				iv_range_size->max,
+				iv_range_size->increment)
+					!= 0) {
+			printf("Unsupported IV length\n");
+			return -1;
+		}
+		*iv_length = iv_random_size;
+	/* No size provided, use minimum size. */
+	} else
+		*iv_length = iv_range_size->min;
+
+	return 0;
+}
+
 static int
 initialize_cryptodevs(struct l2fwd_crypto_options *options, unsigned nb_ports,
 		uint8_t *enabled_cdevs)
@@ -1614,36 +1659,9 @@ initialize_cryptodevs(struct l2fwd_crypto_options *options, unsigned nb_ports,
 			}
 
 			options->block_size = cap->sym.cipher.block_size;
-			/*
-			 * Check if length of provided IV is supported
-			 * by the algorithm chosen.
-			 */
-			if (options->iv_param) {
-				if (check_supported_size(options->iv.length,
-						cap->sym.cipher.iv_size.min,
-						cap->sym.cipher.iv_size.max,
-						cap->sym.cipher.iv_size.increment)
-							!= 0) {
-					printf("Unsupported IV length\n");
-					return -1;
-				}
-			/*
-			 * Check if length of IV to be randomly generated
-			 * is supported by the algorithm chosen.
-			 */
-			} else if (options->iv_random_size != -1) {
-				if (check_supported_size(options->iv_random_size,
-						cap->sym.cipher.iv_size.min,
-						cap->sym.cipher.iv_size.max,
-						cap->sym.cipher.iv_size.increment)
-							!= 0) {
-					printf("Unsupported IV length\n");
-					return -1;
-				}
-				options->iv.length = options->iv_random_size;
-			/* No size provided, use minimum size. */
-			} else
-				options->iv.length = cap->sym.cipher.iv_size.min;
+
+			check_iv_param(&cap->sym.cipher.iv_size, options->iv_param,
+					options->iv_random_size, &options->iv.length);
 
 			/*
 			 * Check if length of provided cipher key is supported
diff --git a/lib/librte_cryptodev/rte_crypto_sym.h b/lib/librte_cryptodev/rte_crypto_sym.h
index b35c45a..c1a1e27 100644
--- a/lib/librte_cryptodev/rte_crypto_sym.h
+++ b/lib/librte_cryptodev/rte_crypto_sym.h
@@ -190,6 +190,55 @@ struct rte_crypto_cipher_xform {
 	 *  - Each key can be either 128 bits (16 bytes) or 256 bits (32 bytes).
 	 *  - Both keys must have the same size.
 	 **/
+	struct {
+		uint16_t offset;
+		/**< Starting point for Initialisation Vector or Counter,
+		 * specified as number of bytes from start of crypto
+		 * operation (rte_crypto_op).
+		 *
+		 * - For block ciphers in CBC or F8 mode, or for KASUMI
+		 * in F8 mode, or for SNOW 3G in UEA2 mode, this is the
+		 * Initialisation Vector (IV) value.
+		 *
+		 * - For block ciphers in CTR mode, this is the counter.
+		 *
+		 * - For GCM mode, this is either the IV (if the length
+		 * is 96 bits) or J0 (for other sizes), where J0 is as
+		 * defined by NIST SP800-38D. Regardless of the IV
+		 * length, a full 16 bytes needs to be allocated.
+		 *
+		 * - For CCM mode, the first byte is reserved, and the
+		 * nonce should be written starting at &iv[1] (to allow
+		 * space for the implementation to write in the flags
+		 * in the first byte). Note that a full 16 bytes should
+		 * be allocated, even though the length field will
+		 * have a value less than this.
+		 *
+		 * - For AES-XTS, this is the 128bit tweak, i, from
+		 * IEEE Std 1619-2007.
+		 *
+		 * For optimum performance, the data pointed to SHOULD
+		 * be 8-byte aligned.
+		 */
+		uint16_t length;
+		/**< Length of valid IV data.
+		 *
+		 * - For block ciphers in CBC or F8 mode, or for KASUMI
+		 * in F8 mode, or for SNOW 3G in UEA2 mode, this is the
+		 * length of the IV (which must be the same as the
+		 * block length of the cipher).
+		 *
+		 * - For block ciphers in CTR mode, this is the length
+		 * of the counter (which must be the same as the block
+		 * length of the cipher).
+		 *
+		 * - For GCM mode, this is either 12 (for 96-bit IVs)
+		 * or 16, in which case data points to J0.
+		 *
+		 * - For CCM mode, this is the length of the nonce,
+		 * which can be in the range 7 to 13 inclusive.
+		 */
+	} iv;	/**< Initialisation vector parameters */
 };
 
 /** Symmetric Authentication / Hash Algorithms */
@@ -463,55 +512,6 @@ struct rte_crypto_sym_op {
 			  */
 		} data; /**< Data offsets and length for ciphering */
 
-		struct {
-			uint16_t offset;
-			/**< Starting point for Initialisation Vector or Counter,
-			 * specified as number of bytes from start of crypto
-			 * operation.
-			 *
-			 * - For block ciphers in CBC or F8 mode, or for KASUMI
-			 * in F8 mode, or for SNOW 3G in UEA2 mode, this is the
-			 * Initialisation Vector (IV) value.
-			 *
-			 * - For block ciphers in CTR mode, this is the counter.
-			 *
-			 * - For GCM mode, this is either the IV (if the length
-			 * is 96 bits) or J0 (for other sizes), where J0 is as
-			 * defined by NIST SP800-38D. Regardless of the IV
-			 * length, a full 16 bytes needs to be allocated.
-			 *
-			 * - For CCM mode, the first byte is reserved, and the
-			 * nonce should be written starting at &iv[1] (to allow
-			 * space for the implementation to write in the flags
-			 * in the first byte). Note that a full 16 bytes should
-			 * be allocated, even though the length field will
-			 * have a value less than this.
-			 *
-			 * - For AES-XTS, this is the 128bit tweak, i, from
-			 * IEEE Std 1619-2007.
-			 *
-			 * For optimum performance, the data pointed to SHOULD
-			 * be 8-byte aligned.
-			 */
-			uint16_t length;
-			/**< Length of valid IV data.
-			 *
-			 * - For block ciphers in CBC or F8 mode, or for KASUMI
-			 * in F8 mode, or for SNOW 3G in UEA2 mode, this is the
-			 * length of the IV (which must be the same as the
-			 * block length of the cipher).
-			 *
-			 * - For block ciphers in CTR mode, this is the length
-			 * of the counter (which must be the same as the block
-			 * length of the cipher).
-			 *
-			 * - For GCM mode, this is either 12 (for 96-bit IVs)
-			 * or 16, in which case data points to J0.
-			 *
-			 * - For CCM mode, this is the length of the nonce,
-			 * which can be in the range 7 to 13 inclusive.
-			 */
-		} iv;	/**< Initialisation vector parameters */
 	} cipher;
 
 	struct {
diff --git a/test/test/test_cryptodev.c b/test/test/test_cryptodev.c
index fbcaaee..828a91b 100644
--- a/test/test/test_cryptodev.c
+++ b/test/test/test_cryptodev.c
@@ -1270,6 +1270,8 @@ test_AES_CBC_HMAC_SHA1_encrypt_digest(void)
 	ut_params->cipher_xform.cipher.op = RTE_CRYPTO_CIPHER_OP_ENCRYPT;
 	ut_params->cipher_xform.cipher.key.data = aes_cbc_key;
 	ut_params->cipher_xform.cipher.key.length = CIPHER_KEY_LENGTH_AES_CBC;
+	ut_params->cipher_xform.cipher.iv.offset = IV_OFFSET;
+	ut_params->cipher_xform.cipher.iv.length = CIPHER_IV_LENGTH_AES_CBC;
 
 	/* Setup HMAC Parameters */
 	ut_params->auth_xform.type = RTE_CRYPTO_SYM_XFORM_AUTH;
@@ -1310,13 +1312,11 @@ test_AES_CBC_HMAC_SHA1_encrypt_digest(void)
 	sym_op->auth.data.offset = 0;
 	sym_op->auth.data.length = QUOTE_512_BYTES;
 
-	/* Set crypto operation cipher parameters */
-	sym_op->cipher.iv.offset = IV_OFFSET;
-	sym_op->cipher.iv.length = CIPHER_IV_LENGTH_AES_CBC;
-
+	/* Copy IV at the end of the crypto operation */
 	rte_memcpy(rte_crypto_op_ctod_offset(ut_params->op, uint8_t *, IV_OFFSET),
 			aes_cbc_iv, CIPHER_IV_LENGTH_AES_CBC);
 
+	/* Set crypto operation cipher parameters */
 	sym_op->cipher.data.offset = 0;
 	sym_op->cipher.data.length = QUOTE_512_BYTES;
 
@@ -1404,6 +1404,8 @@ test_AES_CBC_HMAC_SHA512_decrypt_create_session_params(
 	ut_params->cipher_xform.cipher.op = RTE_CRYPTO_CIPHER_OP_DECRYPT;
 	ut_params->cipher_xform.cipher.key.data = cipher_key;
 	ut_params->cipher_xform.cipher.key.length = CIPHER_KEY_LENGTH_AES_CBC;
+	ut_params->cipher_xform.cipher.iv.offset = IV_OFFSET;
+	ut_params->cipher_xform.cipher.iv.length = CIPHER_IV_LENGTH_AES_CBC;
 
 	/* Setup HMAC Parameters */
 	ut_params->auth_xform.type = RTE_CRYPTO_SYM_XFORM_AUTH;
@@ -1462,9 +1464,7 @@ test_AES_CBC_HMAC_SHA512_decrypt_perform(struct rte_cryptodev_sym_session *sess,
 	sym_op->auth.data.offset = 0;
 	sym_op->auth.data.length = QUOTE_512_BYTES;
 
-	sym_op->cipher.iv.offset = IV_OFFSET;
-	sym_op->cipher.iv.length = CIPHER_IV_LENGTH_AES_CBC;
-
+	/* Copy IV at the end of the crypto operation */
 	rte_memcpy(rte_crypto_op_ctod_offset(ut_params->op, uint8_t *, IV_OFFSET),
 			iv, CIPHER_IV_LENGTH_AES_CBC);
 
@@ -1806,7 +1806,8 @@ static int
 create_wireless_algo_cipher_session(uint8_t dev_id,
 			enum rte_crypto_cipher_operation op,
 			enum rte_crypto_cipher_algorithm algo,
-			const uint8_t *key, const uint8_t key_len)
+			const uint8_t *key, const uint8_t key_len,
+			uint8_t iv_len)
 {
 	uint8_t cipher_key[key_len];
 
@@ -1822,6 +1823,8 @@ create_wireless_algo_cipher_session(uint8_t dev_id,
 	ut_params->cipher_xform.cipher.op = op;
 	ut_params->cipher_xform.cipher.key.data = cipher_key;
 	ut_params->cipher_xform.cipher.key.length = key_len;
+	ut_params->cipher_xform.cipher.iv.offset = IV_OFFSET;
+	ut_params->cipher_xform.cipher.iv.length = iv_len;
 
 	TEST_HEXDUMP(stdout, "key:", key, key_len);
 
@@ -1856,9 +1859,6 @@ create_wireless_algo_cipher_operation(const uint8_t *iv, uint8_t iv_len,
 	sym_op->m_src = ut_params->ibuf;
 
 	/* iv */
-	sym_op->cipher.iv.offset = IV_OFFSET;
-	sym_op->cipher.iv.length = iv_len;
-
 	rte_memcpy(rte_crypto_op_ctod_offset(ut_params->op, uint8_t *, IV_OFFSET),
 			iv, iv_len);
 	sym_op->cipher.data.length = cipher_len;
@@ -1890,9 +1890,6 @@ create_wireless_algo_cipher_operation_oop(const uint8_t *iv, uint8_t iv_len,
 	sym_op->m_dst = ut_params->obuf;
 
 	/* iv */
-	sym_op->cipher.iv.offset = IV_OFFSET;
-	sym_op->cipher.iv.length = iv_len;
-
 	rte_memcpy(rte_crypto_op_ctod_offset(ut_params->op, uint8_t *, IV_OFFSET),
 			iv, iv_len);
 	sym_op->cipher.data.length = cipher_len;
@@ -1907,7 +1904,8 @@ create_wireless_algo_cipher_auth_session(uint8_t dev_id,
 		enum rte_crypto_auth_algorithm auth_algo,
 		enum rte_crypto_cipher_algorithm cipher_algo,
 		const uint8_t *key, const uint8_t key_len,
-		const uint8_t aad_len, const uint8_t auth_len)
+		const uint8_t aad_len, const uint8_t auth_len,
+		uint8_t iv_len)
 
 {
 	uint8_t cipher_auth_key[key_len];
@@ -1936,6 +1934,8 @@ create_wireless_algo_cipher_auth_session(uint8_t dev_id,
 	ut_params->cipher_xform.cipher.op = cipher_op;
 	ut_params->cipher_xform.cipher.key.data = cipher_auth_key;
 	ut_params->cipher_xform.cipher.key.length = key_len;
+	ut_params->cipher_xform.cipher.iv.offset = IV_OFFSET;
+	ut_params->cipher_xform.cipher.iv.length = iv_len;
 
 	TEST_HEXDUMP(stdout, "key:", key, key_len);
 
@@ -1962,6 +1962,7 @@ create_wireless_cipher_auth_session(uint8_t dev_id,
 	const uint8_t *key = tdata->key.data;
 	const uint8_t aad_len = tdata->aad.len;
 	const uint8_t auth_len = tdata->digest.len;
+	uint8_t iv_len = tdata->iv.len;
 
 	memcpy(cipher_auth_key, key, key_len);
 
@@ -1985,6 +1986,9 @@ create_wireless_cipher_auth_session(uint8_t dev_id,
 	ut_params->cipher_xform.cipher.op = cipher_op;
 	ut_params->cipher_xform.cipher.key.data = cipher_auth_key;
 	ut_params->cipher_xform.cipher.key.length = key_len;
+	ut_params->cipher_xform.cipher.iv.offset = IV_OFFSET;
+	ut_params->cipher_xform.cipher.iv.length = iv_len;
+
 
 	TEST_HEXDUMP(stdout, "key:", key, key_len);
 
@@ -2013,7 +2017,8 @@ create_wireless_algo_auth_cipher_session(uint8_t dev_id,
 		enum rte_crypto_auth_algorithm auth_algo,
 		enum rte_crypto_cipher_algorithm cipher_algo,
 		const uint8_t *key, const uint8_t key_len,
-		const uint8_t aad_len, const uint8_t auth_len)
+		const uint8_t aad_len, const uint8_t auth_len,
+		uint8_t iv_len)
 {
 	uint8_t auth_cipher_key[key_len];
 
@@ -2038,6 +2043,8 @@ create_wireless_algo_auth_cipher_session(uint8_t dev_id,
 	ut_params->cipher_xform.cipher.op = cipher_op;
 	ut_params->cipher_xform.cipher.key.data = auth_cipher_key;
 	ut_params->cipher_xform.cipher.key.length = key_len;
+	ut_params->cipher_xform.cipher.iv.offset = IV_OFFSET;
+	ut_params->cipher_xform.cipher.iv.length = iv_len;
 
 	TEST_HEXDUMP(stdout, "key:", key, key_len);
 
@@ -2211,9 +2218,6 @@ create_wireless_cipher_hash_operation(const struct wireless_test_data *tdata,
 	TEST_HEXDUMP(stdout, "aad:", sym_op->auth.aad.data, aad_len);
 
 	/* iv */
-	sym_op->cipher.iv.offset = IV_OFFSET;
-	sym_op->cipher.iv.length = iv_len;
-
 	rte_memcpy(rte_crypto_op_ctod_offset(ut_params->op, uint8_t *, IV_OFFSET),
 			iv, iv_len);
 	sym_op->cipher.data.length = cipher_len;
@@ -2306,9 +2310,6 @@ create_wireless_algo_cipher_hash_operation(const uint8_t *auth_tag,
 	TEST_HEXDUMP(stdout, "aad:", sym_op->auth.aad.data, aad_len);
 
 	/* iv */
-	sym_op->cipher.iv.offset = IV_OFFSET;
-	sym_op->cipher.iv.length = iv_len;
-
 	rte_memcpy(rte_crypto_op_ctod_offset(ut_params->op, uint8_t *, IV_OFFSET),
 			iv, iv_len);
 	sym_op->cipher.data.length = cipher_len;
@@ -2389,9 +2390,6 @@ create_wireless_algo_auth_cipher_operation(const unsigned auth_tag_len,
 			sym_op->auth.aad.data, aad_len);
 
 	/* iv */
-	sym_op->cipher.iv.offset = IV_OFFSET;
-	sym_op->cipher.iv.length = iv_len;
-
 	rte_memcpy(rte_crypto_op_ctod_offset(ut_params->op, uint8_t *, IV_OFFSET),
 			iv, iv_len);
 	sym_op->cipher.data.length = cipher_len;
@@ -2801,7 +2799,8 @@ test_kasumi_encryption(const struct kasumi_test_data *tdata)
 	retval = create_wireless_algo_cipher_session(ts_params->valid_devs[0],
 					RTE_CRYPTO_CIPHER_OP_ENCRYPT,
 					RTE_CRYPTO_CIPHER_KASUMI_F8,
-					tdata->key.data, tdata->key.len);
+					tdata->key.data, tdata->key.len,
+					tdata->iv.len);
 	if (retval < 0)
 		return retval;
 
@@ -2876,7 +2875,8 @@ test_kasumi_encryption_sgl(const struct kasumi_test_data *tdata)
 	retval = create_wireless_algo_cipher_session(ts_params->valid_devs[0],
 					RTE_CRYPTO_CIPHER_OP_ENCRYPT,
 					RTE_CRYPTO_CIPHER_KASUMI_F8,
-					tdata->key.data, tdata->key.len);
+					tdata->key.data, tdata->key.len,
+					tdata->iv.len);
 	if (retval < 0)
 		return retval;
 
@@ -2940,7 +2940,8 @@ test_kasumi_encryption_oop(const struct kasumi_test_data *tdata)
 	retval = create_wireless_algo_cipher_session(ts_params->valid_devs[0],
 					RTE_CRYPTO_CIPHER_OP_ENCRYPT,
 					RTE_CRYPTO_CIPHER_KASUMI_F8,
-					tdata->key.data, tdata->key.len);
+					tdata->key.data, tdata->key.len,
+					tdata->iv.len);
 	if (retval < 0)
 		return retval;
 
@@ -3017,7 +3018,8 @@ test_kasumi_encryption_oop_sgl(const struct kasumi_test_data *tdata)
 	retval = create_wireless_algo_cipher_session(ts_params->valid_devs[0],
 					RTE_CRYPTO_CIPHER_OP_ENCRYPT,
 					RTE_CRYPTO_CIPHER_KASUMI_F8,
-					tdata->key.data, tdata->key.len);
+					tdata->key.data, tdata->key.len,
+					tdata->iv.len);
 	if (retval < 0)
 		return retval;
 
@@ -3080,7 +3082,8 @@ test_kasumi_decryption_oop(const struct kasumi_test_data *tdata)
 	retval = create_wireless_algo_cipher_session(ts_params->valid_devs[0],
 					RTE_CRYPTO_CIPHER_OP_DECRYPT,
 					RTE_CRYPTO_CIPHER_KASUMI_F8,
-					tdata->key.data, tdata->key.len);
+					tdata->key.data, tdata->key.len,
+					tdata->iv.len);
 	if (retval < 0)
 		return retval;
 
@@ -3146,7 +3149,8 @@ test_kasumi_decryption(const struct kasumi_test_data *tdata)
 	retval = create_wireless_algo_cipher_session(ts_params->valid_devs[0],
 					RTE_CRYPTO_CIPHER_OP_DECRYPT,
 					RTE_CRYPTO_CIPHER_KASUMI_F8,
-					tdata->key.data, tdata->key.len);
+					tdata->key.data, tdata->key.len,
+					tdata->iv.len);
 	if (retval < 0)
 		return retval;
 
@@ -3210,7 +3214,8 @@ test_snow3g_encryption(const struct snow3g_test_data *tdata)
 	retval = create_wireless_algo_cipher_session(ts_params->valid_devs[0],
 					RTE_CRYPTO_CIPHER_OP_ENCRYPT,
 					RTE_CRYPTO_CIPHER_SNOW3G_UEA2,
-					tdata->key.data, tdata->key.len);
+					tdata->key.data, tdata->key.len,
+					tdata->iv.len);
 	if (retval < 0)
 		return retval;
 
@@ -3274,7 +3279,8 @@ test_snow3g_encryption_oop(const struct snow3g_test_data *tdata)
 	retval = create_wireless_algo_cipher_session(ts_params->valid_devs[0],
 					RTE_CRYPTO_CIPHER_OP_ENCRYPT,
 					RTE_CRYPTO_CIPHER_SNOW3G_UEA2,
-					tdata->key.data, tdata->key.len);
+					tdata->key.data, tdata->key.len,
+					tdata->iv.len);
 	if (retval < 0)
 		return retval;
 
@@ -3355,7 +3361,8 @@ test_snow3g_encryption_oop_sgl(const struct snow3g_test_data *tdata)
 	retval = create_wireless_algo_cipher_session(ts_params->valid_devs[0],
 					RTE_CRYPTO_CIPHER_OP_ENCRYPT,
 					RTE_CRYPTO_CIPHER_SNOW3G_UEA2,
-					tdata->key.data, tdata->key.len);
+					tdata->key.data, tdata->key.len,
+					tdata->iv.len);
 	if (retval < 0)
 		return retval;
 
@@ -3444,7 +3451,8 @@ test_snow3g_encryption_offset_oop(const struct snow3g_test_data *tdata)
 	retval = create_wireless_algo_cipher_session(ts_params->valid_devs[0],
 					RTE_CRYPTO_CIPHER_OP_ENCRYPT,
 					RTE_CRYPTO_CIPHER_SNOW3G_UEA2,
-					tdata->key.data, tdata->key.len);
+					tdata->key.data, tdata->key.len,
+					tdata->iv.len);
 	if (retval < 0)
 		return retval;
 
@@ -3534,7 +3542,8 @@ static int test_snow3g_decryption(const struct snow3g_test_data *tdata)
 	retval = create_wireless_algo_cipher_session(ts_params->valid_devs[0],
 					RTE_CRYPTO_CIPHER_OP_DECRYPT,
 					RTE_CRYPTO_CIPHER_SNOW3G_UEA2,
-					tdata->key.data, tdata->key.len);
+					tdata->key.data, tdata->key.len,
+					tdata->iv.len);
 	if (retval < 0)
 		return retval;
 
@@ -3595,7 +3604,8 @@ static int test_snow3g_decryption_oop(const struct snow3g_test_data *tdata)
 	retval = create_wireless_algo_cipher_session(ts_params->valid_devs[0],
 					RTE_CRYPTO_CIPHER_OP_DECRYPT,
 					RTE_CRYPTO_CIPHER_SNOW3G_UEA2,
-					tdata->key.data, tdata->key.len);
+					tdata->key.data, tdata->key.len,
+					tdata->iv.len);
 	if (retval < 0)
 		return retval;
 
@@ -3758,7 +3768,8 @@ test_snow3g_cipher_auth(const struct snow3g_test_data *tdata)
 			RTE_CRYPTO_AUTH_SNOW3G_UIA2,
 			RTE_CRYPTO_CIPHER_SNOW3G_UEA2,
 			tdata->key.data, tdata->key.len,
-			tdata->aad.len, tdata->digest.len);
+			tdata->aad.len, tdata->digest.len,
+			tdata->iv.len);
 	if (retval < 0)
 		return retval;
 	ut_params->ibuf = rte_pktmbuf_alloc(ts_params->mbuf_pool);
@@ -3840,7 +3851,8 @@ test_snow3g_auth_cipher(const struct snow3g_test_data *tdata)
 			RTE_CRYPTO_AUTH_SNOW3G_UIA2,
 			RTE_CRYPTO_CIPHER_SNOW3G_UEA2,
 			tdata->key.data, tdata->key.len,
-			tdata->aad.len, tdata->digest.len);
+			tdata->aad.len, tdata->digest.len,
+			tdata->iv.len);
 	if (retval < 0)
 		return retval;
 
@@ -3926,7 +3938,8 @@ test_kasumi_auth_cipher(const struct kasumi_test_data *tdata)
 			RTE_CRYPTO_AUTH_KASUMI_F9,
 			RTE_CRYPTO_CIPHER_KASUMI_F8,
 			tdata->key.data, tdata->key.len,
-			tdata->aad.len, tdata->digest.len);
+			tdata->aad.len, tdata->digest.len,
+			tdata->iv.len);
 	if (retval < 0)
 		return retval;
 	ut_params->ibuf = rte_pktmbuf_alloc(ts_params->mbuf_pool);
@@ -4008,7 +4021,8 @@ test_kasumi_cipher_auth(const struct kasumi_test_data *tdata)
 			RTE_CRYPTO_AUTH_KASUMI_F9,
 			RTE_CRYPTO_CIPHER_KASUMI_F8,
 			tdata->key.data, tdata->key.len,
-			tdata->aad.len, tdata->digest.len);
+			tdata->aad.len, tdata->digest.len,
+			tdata->iv.len);
 	if (retval < 0)
 		return retval;
 
@@ -4097,7 +4111,8 @@ test_zuc_encryption(const struct wireless_test_data *tdata)
 	retval = create_wireless_algo_cipher_session(ts_params->valid_devs[0],
 					RTE_CRYPTO_CIPHER_OP_ENCRYPT,
 					RTE_CRYPTO_CIPHER_ZUC_EEA3,
-					tdata->key.data, tdata->key.len);
+					tdata->key.data, tdata->key.len,
+					tdata->iv.len);
 	if (retval < 0)
 		return retval;
 
@@ -4192,7 +4207,8 @@ test_zuc_encryption_sgl(const struct wireless_test_data *tdata)
 	retval = create_wireless_algo_cipher_session(ts_params->valid_devs[0],
 			RTE_CRYPTO_CIPHER_OP_ENCRYPT,
 			RTE_CRYPTO_CIPHER_ZUC_EEA3,
-			tdata->key.data, tdata->key.len);
+			tdata->key.data, tdata->key.len,
+			tdata->iv.len);
 	if (retval < 0)
 		return retval;
 
@@ -4724,6 +4740,7 @@ static int
 create_gcm_session(uint8_t dev_id, enum rte_crypto_cipher_operation op,
 		const uint8_t *key, const uint8_t key_len,
 		const uint8_t aad_len, const uint8_t auth_len,
+		uint8_t iv_len,
 		enum rte_crypto_auth_operation auth_op)
 {
 	uint8_t cipher_key[key_len];
@@ -4741,6 +4758,8 @@ create_gcm_session(uint8_t dev_id, enum rte_crypto_cipher_operation op,
 	ut_params->cipher_xform.cipher.op = op;
 	ut_params->cipher_xform.cipher.key.data = cipher_key;
 	ut_params->cipher_xform.cipher.key.length = key_len;
+	ut_params->cipher_xform.cipher.iv.offset = IV_OFFSET;
+	ut_params->cipher_xform.cipher.iv.length = iv_len;
 
 	TEST_HEXDUMP(stdout, "key:", key, key_len);
 
@@ -4777,6 +4796,7 @@ create_gcm_xforms(struct rte_crypto_op *op,
 		enum rte_crypto_cipher_operation cipher_op,
 		uint8_t *key, const uint8_t key_len,
 		const uint8_t aad_len, const uint8_t auth_len,
+		uint8_t iv_len,
 		enum rte_crypto_auth_operation auth_op)
 {
 	TEST_ASSERT_NOT_NULL(rte_crypto_op_sym_xforms_alloc(op, 2),
@@ -4790,6 +4810,8 @@ create_gcm_xforms(struct rte_crypto_op *op,
 	sym_op->xform->cipher.op = cipher_op;
 	sym_op->xform->cipher.key.data = key;
 	sym_op->xform->cipher.key.length = key_len;
+	sym_op->xform->cipher.iv.offset = IV_OFFSET;
+	sym_op->xform->cipher.iv.length = iv_len;
 
 	TEST_HEXDUMP(stdout, "key:", key, key_len);
 
@@ -4841,12 +4863,10 @@ create_gcm_operation(enum rte_crypto_cipher_operation op,
 	/* Append IV at the end of the crypto operation*/
 	uint8_t *iv_ptr = rte_crypto_op_ctod_offset(ut_params->op,
 			uint8_t *, IV_OFFSET);
-	sym_op->cipher.iv.offset = IV_OFFSET;
-	sym_op->cipher.iv.length = tdata->iv.len;
 
 	rte_memcpy(iv_ptr, tdata->iv.data, tdata->iv.len);
 	TEST_HEXDUMP(stdout, "iv:", iv_ptr,
-		sym_op->cipher.iv.length);
+		tdata->iv.len);
 
 	/* Append plaintext/ciphertext */
 	if (op == RTE_CRYPTO_CIPHER_OP_ENCRYPT) {
@@ -4950,6 +4970,7 @@ test_mb_AES_GCM_authenticated_encryption(const struct gcm_test_data *tdata)
 			RTE_CRYPTO_CIPHER_OP_ENCRYPT,
 			tdata->key.data, tdata->key.len,
 			tdata->aad.len, tdata->auth_tag.len,
+			tdata->iv.len,
 			RTE_CRYPTO_AUTH_OP_GENERATE);
 	if (retval < 0)
 		return retval;
@@ -5127,6 +5148,7 @@ test_mb_AES_GCM_authenticated_decryption(const struct gcm_test_data *tdata)
 			RTE_CRYPTO_CIPHER_OP_DECRYPT,
 			tdata->key.data, tdata->key.len,
 			tdata->aad.len, tdata->auth_tag.len,
+			tdata->iv.len,
 			RTE_CRYPTO_AUTH_OP_VERIFY);
 	if (retval < 0)
 		return retval;
@@ -5293,6 +5315,7 @@ test_AES_GCM_authenticated_encryption_oop(const struct gcm_test_data *tdata)
 			RTE_CRYPTO_CIPHER_OP_ENCRYPT,
 			tdata->key.data, tdata->key.len,
 			tdata->aad.len, tdata->auth_tag.len,
+			tdata->iv.len,
 			RTE_CRYPTO_AUTH_OP_GENERATE);
 	if (retval < 0)
 		return retval;
@@ -5369,6 +5392,7 @@ test_AES_GCM_authenticated_decryption_oop(const struct gcm_test_data *tdata)
 			RTE_CRYPTO_CIPHER_OP_DECRYPT,
 			tdata->key.data, tdata->key.len,
 			tdata->aad.len, tdata->auth_tag.len,
+			tdata->iv.len,
 			RTE_CRYPTO_AUTH_OP_VERIFY);
 	if (retval < 0)
 		return retval;
@@ -5452,6 +5476,7 @@ test_AES_GCM_authenticated_encryption_sessionless(
 			RTE_CRYPTO_CIPHER_OP_ENCRYPT,
 			key, tdata->key.len,
 			tdata->aad.len, tdata->auth_tag.len,
+			tdata->iv.len,
 			RTE_CRYPTO_AUTH_OP_GENERATE);
 	if (retval < 0)
 		return retval;
@@ -5532,6 +5557,7 @@ test_AES_GCM_authenticated_decryption_sessionless(
 			RTE_CRYPTO_CIPHER_OP_DECRYPT,
 			key, tdata->key.len,
 			tdata->aad.len, tdata->auth_tag.len,
+			tdata->iv.len,
 			RTE_CRYPTO_AUTH_OP_VERIFY);
 	if (retval < 0)
 		return retval;
@@ -6416,9 +6442,6 @@ create_gmac_operation(enum rte_crypto_auth_operation op,
 	uint8_t *iv_ptr = rte_crypto_op_ctod_offset(ut_params->op,
 			uint8_t *, IV_OFFSET);
 
-	sym_op->cipher.iv.offset = IV_OFFSET;
-	sym_op->cipher.iv.length = tdata->iv.len;
-
 	rte_memcpy(iv_ptr, tdata->iv.data, tdata->iv.len);
 
 	TEST_HEXDUMP(stdout, "iv:", iv_ptr, tdata->iv.len);
@@ -6450,6 +6473,8 @@ static int create_gmac_session(uint8_t dev_id,
 	ut_params->cipher_xform.cipher.op = op;
 	ut_params->cipher_xform.cipher.key.data = cipher_key;
 	ut_params->cipher_xform.cipher.key.length = tdata->key.len;
+	ut_params->cipher_xform.cipher.iv.offset = IV_OFFSET;
+	ut_params->cipher_xform.cipher.iv.length = tdata->iv.len;
 
 	ut_params->auth_xform.type = RTE_CRYPTO_SYM_XFORM_AUTH;
 	ut_params->auth_xform.next = NULL;
@@ -6848,6 +6873,8 @@ create_auth_cipher_session(struct crypto_unittest_params *ut_params,
 	ut_params->cipher_xform.cipher.op = cipher_op;
 	ut_params->cipher_xform.cipher.key.data = cipher_key;
 	ut_params->cipher_xform.cipher.key.length = reference->cipher_key.len;
+	ut_params->cipher_xform.cipher.iv.offset = IV_OFFSET;
+	ut_params->cipher_xform.cipher.iv.length = reference->iv.len;
 
 	/* Create Crypto session*/
 	ut_params->sess = rte_cryptodev_sym_session_create(dev_id,
@@ -6959,9 +6986,6 @@ create_auth_GMAC_operation(struct crypto_testsuite_params *ts_params,
 			sym_op->auth.digest.data,
 			sym_op->auth.digest.length);
 
-	sym_op->cipher.iv.offset = IV_OFFSET;
-	sym_op->cipher.iv.length = reference->iv.len;
-
 	rte_memcpy(rte_crypto_op_ctod_offset(ut_params->op, uint8_t *, IV_OFFSET),
 			reference->iv.data, reference->iv.len);
 
@@ -7016,9 +7040,6 @@ create_cipher_auth_operation(struct crypto_testsuite_params *ts_params,
 			sym_op->auth.digest.data,
 			sym_op->auth.digest.length);
 
-	sym_op->cipher.iv.offset = IV_OFFSET;
-	sym_op->cipher.iv.length = reference->iv.len;
-
 	rte_memcpy(rte_crypto_op_ctod_offset(ut_params->op, uint8_t *, IV_OFFSET),
 			reference->iv.data, reference->iv.len);
 
@@ -7266,8 +7287,6 @@ create_gcm_operation_SGL(enum rte_crypto_cipher_operation op,
 
 	uint8_t *iv_ptr = rte_crypto_op_ctod_offset(ut_params->op,
 			uint8_t *, IV_OFFSET);
-	sym_op->cipher.iv.offset = IV_OFFSET;
-	sym_op->cipher.iv.length = iv_len;
 
 	rte_memcpy(iv_ptr, tdata->iv.data, iv_len);
 
@@ -7348,6 +7367,7 @@ test_AES_GCM_authenticated_encryption_SGL(const struct gcm_test_data *tdata,
 			RTE_CRYPTO_CIPHER_OP_ENCRYPT,
 			tdata->key.data, tdata->key.len,
 			tdata->aad.len, tdata->auth_tag.len,
+			tdata->iv.len,
 			RTE_CRYPTO_AUTH_OP_GENERATE);
 	if (retval < 0)
 		return retval;
diff --git a/test/test/test_cryptodev_blockcipher.c b/test/test/test_cryptodev_blockcipher.c
index 312405b..9faf088 100644
--- a/test/test/test_cryptodev_blockcipher.c
+++ b/test/test/test_cryptodev_blockcipher.c
@@ -287,11 +287,11 @@ test_blockcipher_one_case(const struct blockcipher_test_case *t,
 				RTE_CRYPTO_CIPHER_OP_DECRYPT;
 		cipher_xform->cipher.key.data = cipher_key;
 		cipher_xform->cipher.key.length = tdata->cipher_key.len;
+		cipher_xform->cipher.iv.offset = IV_OFFSET;
+		cipher_xform->cipher.iv.length = tdata->iv.len;
 
 		sym_op->cipher.data.offset = 0;
 		sym_op->cipher.data.length = tdata->ciphertext.len;
-		sym_op->cipher.iv.offset = IV_OFFSET;
-		sym_op->cipher.iv.length = tdata->iv.len;
 		rte_memcpy(rte_crypto_op_ctod_offset(op, uint8_t *, IV_OFFSET),
 				tdata->iv.data,
 				tdata->iv.len);
diff --git a/test/test/test_cryptodev_perf.c b/test/test/test_cryptodev_perf.c
index 86bdc6e..7238bfa 100644
--- a/test/test/test_cryptodev_perf.c
+++ b/test/test/test_cryptodev_perf.c
@@ -43,6 +43,8 @@
 #include "test_cryptodev.h"
 #include "test_cryptodev_gcm_test_vectors.h"
 
+#define AES_CIPHER_IV_LENGTH 16
+#define TRIPLE_DES_CIPHER_IV_LENGTH 8
 
 #define PERF_NUM_OPS_INFLIGHT		(128)
 #define DEFAULT_NUM_REQS_TO_SUBMIT	(10000000)
@@ -67,9 +69,6 @@ enum chain_mode {
 
 
 struct symmetric_op {
-	const uint8_t *iv_data;
-	uint32_t iv_len;
-
 	const uint8_t *aad_data;
 	uint32_t aad_len;
 
@@ -96,6 +95,8 @@ struct symmetric_session_attrs {
 	const uint8_t *key_auth_data;
 	uint32_t key_auth_len;
 
+	const uint8_t *iv_data;
+	uint16_t iv_len;
 	uint32_t digest_len;
 };
 
@@ -1933,7 +1934,8 @@ test_perf_crypto_qp_vary_burst_size(uint16_t dev_num)
 	ut_params->cipher_xform.cipher.op = RTE_CRYPTO_CIPHER_OP_DECRYPT;
 	ut_params->cipher_xform.cipher.key.data = aes_cbc_128_key;
 	ut_params->cipher_xform.cipher.key.length = CIPHER_IV_LENGTH_AES_CBC;
-
+	ut_params->cipher_xform.cipher.iv.offset = IV_OFFSET;
+	ut_params->cipher_xform.cipher.iv.length = CIPHER_IV_LENGTH_AES_CBC;
 
 	/* Setup HMAC Parameters */
 	ut_params->auth_xform.type = RTE_CRYPTO_SYM_XFORM_AUTH;
@@ -1981,9 +1983,6 @@ test_perf_crypto_qp_vary_burst_size(uint16_t dev_num)
 		op->sym->auth.data.offset = 0;
 		op->sym->auth.data.length = data_params[0].length;
 
-		op->sym->cipher.iv.offset = IV_OFFSET;
-		op->sym->cipher.iv.length = CIPHER_IV_LENGTH_AES_CBC;
-
 		rte_memcpy(rte_crypto_op_ctod_offset(op, uint8_t *, IV_OFFSET),
 				aes_cbc_128_iv, CIPHER_IV_LENGTH_AES_CBC);
 
@@ -2646,6 +2645,8 @@ test_perf_create_aes_sha_session(uint8_t dev_id, enum chain_mode chain,
 
 	cipher_xform.cipher.key.data = aes_key;
 	cipher_xform.cipher.key.length = cipher_key_len;
+	cipher_xform.cipher.iv.offset = IV_OFFSET;
+	cipher_xform.cipher.iv.length = AES_CIPHER_IV_LENGTH;
 	if (chain != CIPHER_ONLY) {
 		/* Setup HMAC Parameters */
 		auth_xform.type = RTE_CRYPTO_SYM_XFORM_AUTH;
@@ -2694,6 +2695,9 @@ test_perf_create_snow3g_session(uint8_t dev_id, enum chain_mode chain,
 
 	cipher_xform.cipher.key.data = snow3g_cipher_key;
 	cipher_xform.cipher.key.length = cipher_key_len;
+	cipher_xform.cipher.iv.offset = IV_OFFSET;
+	cipher_xform.cipher.iv.length = SNOW3G_CIPHER_IV_LENGTH;
+
 
 	/* Setup HMAC Parameters */
 	auth_xform.type = RTE_CRYPTO_SYM_XFORM_AUTH;
@@ -2741,17 +2745,20 @@ test_perf_create_openssl_session(uint8_t dev_id, enum chain_mode chain,
 	/* Setup Cipher Parameters */
 	cipher_xform.type = RTE_CRYPTO_SYM_XFORM_CIPHER;
 	cipher_xform.cipher.algo = cipher_algo;
+	cipher_xform.cipher.iv.offset = IV_OFFSET;
 	cipher_xform.cipher.op = RTE_CRYPTO_CIPHER_OP_ENCRYPT;
 
 	switch (cipher_algo) {
 	case RTE_CRYPTO_CIPHER_3DES_CBC:
 	case RTE_CRYPTO_CIPHER_3DES_CTR:
 		cipher_xform.cipher.key.data = triple_des_key;
+		cipher_xform.cipher.iv.length = TRIPLE_DES_CIPHER_IV_LENGTH;
 		break;
 	case RTE_CRYPTO_CIPHER_AES_CBC:
 	case RTE_CRYPTO_CIPHER_AES_CTR:
 	case RTE_CRYPTO_CIPHER_AES_GCM:
 		cipher_xform.cipher.key.data = aes_key;
+		cipher_xform.cipher.iv.length = AES_CIPHER_IV_LENGTH;
 		break;
 	default:
 		return NULL;
@@ -2816,6 +2823,8 @@ test_perf_create_armv8_session(uint8_t dev_id, enum chain_mode chain,
 	}
 
 	cipher_xform.cipher.key.length = cipher_key_len;
+	cipher_xform.cipher.iv.offset = IV_OFFSET;
+	cipher_xform.cipher.iv.length = AES_CIPHER_IV_LENGTH;
 
 	/* Setup Auth Parameters */
 	auth_xform.type = RTE_CRYPTO_SYM_XFORM_AUTH;
@@ -2844,9 +2853,7 @@ test_perf_create_armv8_session(uint8_t dev_id, enum chain_mode chain,
 	}
 }
 
-#define AES_CIPHER_IV_LENGTH 16
 #define AES_GCM_AAD_LENGTH 16
-#define TRIPLE_DES_CIPHER_IV_LENGTH 8
 
 static struct rte_mbuf *
 test_perf_create_pktmbuf(struct rte_mempool *mpool, unsigned buf_sz)
@@ -2893,12 +2900,11 @@ test_perf_set_crypto_op_aes(struct rte_crypto_op *op, struct rte_mbuf *m,
 	}
 
 
-	/* Cipher Parameters */
-	op->sym->cipher.iv.offset = IV_OFFSET;
-	op->sym->cipher.iv.length = AES_CIPHER_IV_LENGTH;
+	/* Copy the IV at the end of the crypto operation */
 	rte_memcpy(rte_crypto_op_ctod_offset(op, uint8_t *, IV_OFFSET),
 			aes_iv, AES_CIPHER_IV_LENGTH);
 
+	/* Cipher Parameters */
 	op->sym->cipher.data.offset = 0;
 	op->sym->cipher.data.length = data_len;
 
@@ -2926,9 +2932,7 @@ test_perf_set_crypto_op_aes_gcm(struct rte_crypto_op *op, struct rte_mbuf *m,
 	op->sym->auth.aad.data = aes_gcm_aad;
 	op->sym->auth.aad.length = AES_GCM_AAD_LENGTH;
 
-	/* Cipher Parameters */
-	op->sym->cipher.iv.offset = IV_OFFSET;
-	op->sym->cipher.iv.length = AES_CIPHER_IV_LENGTH;
+	/* Copy IV at the end of the crypto operation */
 	rte_memcpy(rte_crypto_op_ctod_offset(op, uint8_t *, IV_OFFSET),
 			aes_iv, AES_CIPHER_IV_LENGTH);
 
@@ -2970,10 +2974,6 @@ test_perf_set_crypto_op_snow3g(struct rte_crypto_op *op, struct rte_mbuf *m,
 			IV_OFFSET);
 	op->sym->auth.aad.length = SNOW3G_CIPHER_IV_LENGTH;
 
-	/* Cipher Parameters */
-	op->sym->cipher.iv.offset = IV_OFFSET;
-	op->sym->cipher.iv.length = SNOW3G_CIPHER_IV_LENGTH;
-
 	/* Data lengths/offsets Parameters */
 	op->sym->auth.data.offset = 0;
 	op->sym->auth.data.length = data_len << 3;
@@ -2997,9 +2997,7 @@ test_perf_set_crypto_op_snow3g_cipher(struct rte_crypto_op *op,
 		return NULL;
 	}
 
-	/* Cipher Parameters */
-	op->sym->cipher.iv.offset = IV_OFFSET;
-	op->sym->cipher.iv.length = SNOW3G_CIPHER_IV_LENGTH;
+	/* Copy IV at the end of the crypto operation */
 	rte_memcpy(rte_crypto_op_ctod_offset(op, uint8_t *, IV_OFFSET),
 			snow3g_iv, SNOW3G_CIPHER_IV_LENGTH);
 
@@ -3068,9 +3066,7 @@ test_perf_set_crypto_op_3des(struct rte_crypto_op *op, struct rte_mbuf *m,
 				rte_pktmbuf_mtophys_offset(m, data_len);
 	op->sym->auth.digest.length = digest_len;
 
-	/* Cipher Parameters */
-	op->sym->cipher.iv.offset = IV_OFFSET;
-	op->sym->cipher.iv.length = TRIPLE_DES_CIPHER_IV_LENGTH;
+	/* Copy IV at the end of the crypto operation */
 	rte_memcpy(rte_crypto_op_ctod_offset(op, uint8_t *, IV_OFFSET),
 			triple_des_iv, TRIPLE_DES_CIPHER_IV_LENGTH);
 
@@ -4136,6 +4132,8 @@ test_perf_create_session(uint8_t dev_id, struct perf_test_params *pparams)
 	cipher_xform.cipher.op = pparams->session_attrs->cipher;
 	cipher_xform.cipher.key.data = cipher_key;
 	cipher_xform.cipher.key.length = pparams->session_attrs->key_cipher_len;
+	cipher_xform.cipher.iv.length = pparams->session_attrs->iv_len;
+	cipher_xform.cipher.iv.offset = IV_OFFSET;
 
 	auth_xform.type = RTE_CRYPTO_SYM_XFORM_AUTH;
 	auth_xform.next = NULL;
@@ -4190,14 +4188,11 @@ perf_gcm_set_crypto_op(struct rte_crypto_op *op, struct rte_mbuf *m,
 	rte_memcpy(op->sym->auth.aad.data, params->symmetric_op->aad_data,
 		       params->symmetric_op->aad_len);
 
-	op->sym->cipher.iv.offset = IV_OFFSET;
-	rte_memcpy(iv_ptr, params->symmetric_op->iv_data,
-		       params->symmetric_op->iv_len);
-	if (params->symmetric_op->iv_len == 12)
+	rte_memcpy(iv_ptr, params->session_attrs->iv_data,
+		       params->session_attrs->iv_len);
+	if (params->session_attrs->iv_len == 12)
 		iv_ptr[15] = 1;
 
-	op->sym->cipher.iv.length = params->symmetric_op->iv_len;
-
 	op->sym->auth.data.offset =
 			params->symmetric_op->aad_len;
 	op->sym->auth.data.length = params->symmetric_op->p_len;
@@ -4434,11 +4429,11 @@ test_perf_AES_GCM(int continual_buf_len, int continual_size)
 		session_attrs[i].key_auth_len = 0;
 		session_attrs[i].digest_len =
 				gcm_test->auth_tag.len;
+		session_attrs[i].iv_len = gcm_test->iv.len;
+		session_attrs[i].iv_data = gcm_test->iv.data;
 
 		ops_set[i].aad_data = gcm_test->aad.data;
 		ops_set[i].aad_len = gcm_test->aad.len;
-		ops_set[i].iv_data = gcm_test->iv.data;
-		ops_set[i].iv_len = gcm_test->iv.len;
 		ops_set[i].p_data = gcm_test->plaintext.data;
 		ops_set[i].p_len = buf_lengths[i];
 		ops_set[i].c_data = gcm_test->ciphertext.data;
-- 
2.9.4

^ permalink raw reply	[flat|nested] 100+ messages in thread

* [dpdk-dev] [PATCH v3 14/26] cryptodev: add auth IV
  2017-06-29 11:34   ` [dpdk-dev] [PATCH v3 00/26] Crypto operation restructuring Pablo de Lara
                       ` (12 preceding siblings ...)
  2017-06-29 11:35     ` [dpdk-dev] [PATCH v3 13/26] cryptodev: move IV parameters to crypto session Pablo de Lara
@ 2017-06-29 11:35     ` Pablo de Lara
  2017-06-29 11:35     ` [dpdk-dev] [PATCH v3 15/26] cryptodev: do not use AAD in wireless algorithms Pablo de Lara
                       ` (13 subsequent siblings)
  27 siblings, 0 replies; 100+ messages in thread
From: Pablo de Lara @ 2017-06-29 11:35 UTC (permalink / raw)
  To: declan.doherty, zbigniew.bodek, jerin.jacob, akhil.goyal,
	hemant.agrawal, fiona.trahe, john.griffin, deepak.k.jain
  Cc: dev, Pablo de Lara

Authentication algorithms, such as AES-GMAC or the wireless
algorithms (like SNOW3G) use IV, like cipher algorithms.
So far, AES-GMAC has used the IV from the cipher structure,
and the wireless algorithms have used the AAD field,
which is not technically correct.

Therefore, authentication IV parameters have been added,
so API is more correct. Like cipher IV, auth IV is expected
to be copied after the crypto operation.

Signed-off-by: Pablo de Lara <pablo.de.lara.guarch@intel.com>
Acked-by: Akhil Goyal <akhil.goyal@nxp.com>
---
 app/test-crypto-perf/cperf_ops.c                 |  61 +++++++++--
 app/test-crypto-perf/cperf_options.h             |   2 +
 app/test-crypto-perf/cperf_options_parsing.c     |   9 ++
 app/test-crypto-perf/cperf_test_latency.c        |   4 +-
 app/test-crypto-perf/cperf_test_throughput.c     |   3 +-
 app/test-crypto-perf/cperf_test_vector_parsing.c |  54 +++++++---
 app/test-crypto-perf/cperf_test_vectors.c        |  37 +++++--
 app/test-crypto-perf/cperf_test_vectors.h        |   8 +-
 app/test-crypto-perf/cperf_test_verify.c         |   3 +-
 app/test-crypto-perf/data/aes_cbc_128_sha.data   |   2 +-
 app/test-crypto-perf/data/aes_cbc_192_sha.data   |   2 +-
 app/test-crypto-perf/data/aes_cbc_256_sha.data   |   2 +-
 app/test-crypto-perf/main.c                      |  25 ++++-
 doc/guides/prog_guide/cryptodev_lib.rst          |   3 +-
 doc/guides/rel_notes/release_17_08.rst           |   2 +
 doc/guides/sample_app_ug/l2_forward_crypto.rst   |  17 ++-
 doc/guides/tools/cryptoperf.rst                  |  14 ++-
 drivers/crypto/aesni_gcm/aesni_gcm_pmd_ops.c     |   6 +-
 drivers/crypto/aesni_mb/rte_aesni_mb_pmd_ops.c   |  21 ++--
 drivers/crypto/armv8/rte_armv8_pmd_ops.c         |   6 +-
 drivers/crypto/dpaa2_sec/dpaa2_sec_priv.h        |  18 ++--
 drivers/crypto/kasumi/rte_kasumi_pmd_ops.c       |   3 +-
 drivers/crypto/null/null_crypto_pmd_ops.c        |   3 +-
 drivers/crypto/openssl/rte_openssl_pmd_ops.c     |  78 ++++++++------
 drivers/crypto/qat/qat_crypto_capabilities.h     |  41 ++++---
 drivers/crypto/snow3g/rte_snow3g_pmd_ops.c       |   3 +-
 drivers/crypto/zuc/rte_zuc_pmd_ops.c             |   3 +-
 examples/l2fwd-crypto/main.c                     | 132 +++++++++++++++++------
 lib/librte_cryptodev/rte_crypto_sym.h            |  24 +++++
 lib/librte_cryptodev/rte_cryptodev.c             |   6 +-
 lib/librte_cryptodev/rte_cryptodev.h             |   6 +-
 31 files changed, 439 insertions(+), 159 deletions(-)

diff --git a/app/test-crypto-perf/cperf_ops.c b/app/test-crypto-perf/cperf_ops.c
index 16476ee..7d5d3f0 100644
--- a/app/test-crypto-perf/cperf_ops.c
+++ b/app/test-crypto-perf/cperf_ops.c
@@ -121,9 +121,11 @@ cperf_set_ops_cipher(struct rte_crypto_op **ops,
 			uint8_t *iv_ptr = rte_crypto_op_ctod_offset(ops[i],
 					uint8_t *, iv_offset);
 
-			memcpy(iv_ptr, test_vector->iv.data,
-					test_vector->iv.length);
-	}	}
+			memcpy(iv_ptr, test_vector->cipher_iv.data,
+					test_vector->cipher_iv.length);
+
+		}
+	}
 
 	return 0;
 }
@@ -134,7 +136,7 @@ cperf_set_ops_auth(struct rte_crypto_op **ops,
 		uint16_t nb_ops, struct rte_cryptodev_sym_session *sess,
 		const struct cperf_options *options,
 		const struct cperf_test_vector *test_vector,
-		uint16_t iv_offset __rte_unused)
+		uint16_t iv_offset)
 {
 	uint16_t i;
 
@@ -146,6 +148,14 @@ cperf_set_ops_auth(struct rte_crypto_op **ops,
 		sym_op->m_src = bufs_in[i];
 		sym_op->m_dst = bufs_out[i];
 
+		if (test_vector->auth_iv.length) {
+			uint8_t *iv_ptr = rte_crypto_op_ctod_offset(ops[i],
+								uint8_t *,
+								iv_offset);
+			memcpy(iv_ptr, test_vector->auth_iv.data,
+					test_vector->auth_iv.length);
+		}
+
 		/* authentication parameters */
 		if (options->auth_op == RTE_CRYPTO_AUTH_OP_VERIFY) {
 			sym_op->auth.digest.data = test_vector->digest.data;
@@ -191,6 +201,17 @@ cperf_set_ops_auth(struct rte_crypto_op **ops,
 		sym_op->auth.data.offset = 0;
 	}
 
+	if (options->test == CPERF_TEST_TYPE_VERIFY) {
+		if (test_vector->auth_iv.length) {
+			for (i = 0; i < nb_ops; i++) {
+				uint8_t *iv_ptr = rte_crypto_op_ctod_offset(ops[i],
+						uint8_t *, iv_offset);
+
+				memcpy(iv_ptr, test_vector->auth_iv.data,
+						test_vector->auth_iv.length);
+			}
+		}
+	}
 	return 0;
 }
 
@@ -271,9 +292,19 @@ cperf_set_ops_cipher_auth(struct rte_crypto_op **ops,
 			uint8_t *iv_ptr = rte_crypto_op_ctod_offset(ops[i],
 					uint8_t *, iv_offset);
 
-			memcpy(iv_ptr, test_vector->iv.data,
-					test_vector->iv.length);
+			memcpy(iv_ptr, test_vector->cipher_iv.data,
+					test_vector->cipher_iv.length);
+			if (test_vector->auth_iv.length) {
+				/*
+				 * Copy IV after the crypto operation and
+				 * the cipher IV
+				 */
+				iv_ptr += test_vector->cipher_iv.length;
+				memcpy(iv_ptr, test_vector->auth_iv.data,
+						test_vector->auth_iv.length);
+			}
 		}
+
 	}
 
 	return 0;
@@ -348,8 +379,8 @@ cperf_set_ops_aead(struct rte_crypto_op **ops,
 			uint8_t *iv_ptr = rte_crypto_op_ctod_offset(ops[i],
 					uint8_t *, iv_offset);
 
-			memcpy(iv_ptr, test_vector->iv.data,
-					test_vector->iv.length);
+			memcpy(iv_ptr, test_vector->cipher_iv.data,
+					test_vector->cipher_iv.length);
 		}
 	}
 
@@ -382,8 +413,8 @@ cperf_create_session(uint8_t dev_id,
 					test_vector->cipher_key.data;
 			cipher_xform.cipher.key.length =
 					test_vector->cipher_key.length;
-			cipher_xform.cipher.iv.length = test_vector->iv.length;
-
+			cipher_xform.cipher.iv.length =
+					test_vector->cipher_iv.length;
 		} else {
 			cipher_xform.cipher.key.data = NULL;
 			cipher_xform.cipher.key.length = 0;
@@ -409,11 +440,14 @@ cperf_create_session(uint8_t dev_id,
 			auth_xform.auth.key.length =
 					test_vector->auth_key.length;
 			auth_xform.auth.key.data = test_vector->auth_key.data;
+			auth_xform.auth.iv.length =
+					test_vector->auth_iv.length;
 		} else {
 			auth_xform.auth.digest_length = 0;
 			auth_xform.auth.add_auth_data_length = 0;
 			auth_xform.auth.key.length = 0;
 			auth_xform.auth.key.data = NULL;
+			auth_xform.auth.iv.length = 0;
 		}
 		/* create crypto session */
 		sess =  rte_cryptodev_sym_session_create(dev_id, &auth_xform);
@@ -439,7 +473,8 @@ cperf_create_session(uint8_t dev_id,
 					test_vector->cipher_key.data;
 			cipher_xform.cipher.key.length =
 					test_vector->cipher_key.length;
-			cipher_xform.cipher.iv.length = test_vector->iv.length;
+			cipher_xform.cipher.iv.length =
+					test_vector->cipher_iv.length;
 		} else {
 			cipher_xform.cipher.key.data = NULL;
 			cipher_xform.cipher.key.length = 0;
@@ -464,17 +499,21 @@ cperf_create_session(uint8_t dev_id,
 				options->auth_algo == RTE_CRYPTO_AUTH_AES_GCM) {
 				auth_xform.auth.key.length = 0;
 				auth_xform.auth.key.data = NULL;
+				auth_xform.auth.iv.length = 0;
 			} else { /* auth options for others */
 				auth_xform.auth.key.length =
 					test_vector->auth_key.length;
 				auth_xform.auth.key.data =
 						test_vector->auth_key.data;
+				auth_xform.auth.iv.length =
+						test_vector->auth_iv.length;
 			}
 		} else {
 			auth_xform.auth.digest_length = 0;
 			auth_xform.auth.add_auth_data_length = 0;
 			auth_xform.auth.key.length = 0;
 			auth_xform.auth.key.data = NULL;
+			auth_xform.auth.iv.length = 0;
 		}
 
 		/* create crypto session for aes gcm */
diff --git a/app/test-crypto-perf/cperf_options.h b/app/test-crypto-perf/cperf_options.h
index b928c58..0e53c03 100644
--- a/app/test-crypto-perf/cperf_options.h
+++ b/app/test-crypto-perf/cperf_options.h
@@ -28,6 +28,7 @@
 #define CPERF_AUTH_ALGO		("auth-algo")
 #define CPERF_AUTH_OP		("auth-op")
 #define CPERF_AUTH_KEY_SZ	("auth-key-sz")
+#define CPERF_AUTH_IV_SZ	("auth-iv-sz")
 #define CPERF_AUTH_DIGEST_SZ	("auth-digest-sz")
 #define CPERF_AUTH_AAD_SZ	("auth-aad-sz")
 #define CPERF_CSV		("csv-friendly")
@@ -76,6 +77,7 @@ struct cperf_options {
 	enum rte_crypto_auth_operation auth_op;
 
 	uint16_t auth_key_sz;
+	uint16_t auth_iv_sz;
 	uint16_t auth_digest_sz;
 	uint16_t auth_aad_sz;
 
diff --git a/app/test-crypto-perf/cperf_options_parsing.c b/app/test-crypto-perf/cperf_options_parsing.c
index 63ba37c..70b6a60 100644
--- a/app/test-crypto-perf/cperf_options_parsing.c
+++ b/app/test-crypto-perf/cperf_options_parsing.c
@@ -549,6 +549,12 @@ parse_auth_digest_sz(struct cperf_options *opts, const char *arg)
 }
 
 static int
+parse_auth_iv_sz(struct cperf_options *opts, const char *arg)
+{
+	return parse_uint16_t(&opts->auth_iv_sz, arg);
+}
+
+static int
 parse_auth_aad_sz(struct cperf_options *opts, const char *arg)
 {
 	return parse_uint16_t(&opts->auth_aad_sz, arg);
@@ -651,6 +657,7 @@ cperf_options_default(struct cperf_options *opts)
 
 	opts->auth_key_sz = 64;
 	opts->auth_digest_sz = 12;
+	opts->auth_iv_sz = 0;
 	opts->auth_aad_sz = 0;
 }
 
@@ -678,6 +685,7 @@ cperf_opts_parse_long(int opt_idx, struct cperf_options *opts)
 		{ CPERF_AUTH_ALGO,	parse_auth_algo },
 		{ CPERF_AUTH_OP,	parse_auth_op },
 		{ CPERF_AUTH_KEY_SZ,	parse_auth_key_sz },
+		{ CPERF_AUTH_IV_SZ,	parse_auth_iv_sz },
 		{ CPERF_AUTH_DIGEST_SZ,	parse_auth_digest_sz },
 		{ CPERF_AUTH_AAD_SZ,	parse_auth_aad_sz },
 		{ CPERF_CSV,	parse_csv_friendly},
@@ -914,6 +922,7 @@ cperf_options_dump(struct cperf_options *opts)
 		printf("# auth operation: %s\n",
 			rte_crypto_auth_operation_strings[opts->auth_op]);
 		printf("# auth key size: %u\n", opts->auth_key_sz);
+		printf("# auth iv size: %u\n", opts->auth_iv_sz);
 		printf("# auth digest size: %u\n", opts->auth_digest_sz);
 		printf("# auth aad size: %u\n", opts->auth_aad_sz);
 		printf("#\n");
diff --git a/app/test-crypto-perf/cperf_test_latency.c b/app/test-crypto-perf/cperf_test_latency.c
index d37083f..f828366 100644
--- a/app/test-crypto-perf/cperf_test_latency.c
+++ b/app/test-crypto-perf/cperf_test_latency.c
@@ -285,7 +285,9 @@ cperf_latency_test_constructor(uint8_t dev_id, uint16_t qp_id,
 	snprintf(pool_name, sizeof(pool_name), "cperf_op_pool_cdev_%d",
 			dev_id);
 
-	uint16_t priv_size = sizeof(struct priv_op_data) + test_vector->iv.length;
+	uint16_t priv_size = sizeof(struct priv_op_data) +
+			test_vector->cipher_iv.length +
+			test_vector->auth_iv.length;
 	ctx->crypto_op_pool = rte_crypto_op_pool_create(pool_name,
 			RTE_CRYPTO_OP_TYPE_SYMMETRIC, options->pool_sz, 0, priv_size,
 			rte_socket_id());
diff --git a/app/test-crypto-perf/cperf_test_throughput.c b/app/test-crypto-perf/cperf_test_throughput.c
index 4d2b3d3..1e3f3b3 100644
--- a/app/test-crypto-perf/cperf_test_throughput.c
+++ b/app/test-crypto-perf/cperf_test_throughput.c
@@ -266,7 +266,8 @@ cperf_throughput_test_constructor(uint8_t dev_id, uint16_t qp_id,
 	snprintf(pool_name, sizeof(pool_name), "cperf_op_pool_cdev_%d",
 			dev_id);
 
-	uint16_t priv_size = test_vector->iv.length;
+	uint16_t priv_size = test_vector->cipher_iv.length +
+		test_vector->auth_iv.length;
 
 	ctx->crypto_op_pool = rte_crypto_op_pool_create(pool_name,
 			RTE_CRYPTO_OP_TYPE_SYMMETRIC, options->pool_sz, 0, priv_size,
diff --git a/app/test-crypto-perf/cperf_test_vector_parsing.c b/app/test-crypto-perf/cperf_test_vector_parsing.c
index 62d0c91..277ff1e 100644
--- a/app/test-crypto-perf/cperf_test_vector_parsing.c
+++ b/app/test-crypto-perf/cperf_test_vector_parsing.c
@@ -15,7 +15,8 @@ free_test_vector(struct cperf_test_vector *vector, struct cperf_options *opts)
 	if (vector == NULL || opts == NULL)
 		return -1;
 
-	rte_free(vector->iv.data);
+	rte_free(vector->cipher_iv.data);
+	rte_free(vector->auth_iv.data);
 	rte_free(vector->aad.data);
 	rte_free(vector->digest.data);
 
@@ -84,15 +85,28 @@ show_test_vector(struct cperf_test_vector *test_vector)
 		printf("\n");
 	}
 
-	if (test_vector->iv.data) {
-		printf("\niv =\n");
-		for (i = 0; i < test_vector->iv.length; ++i) {
+	if (test_vector->cipher_iv.data) {
+		printf("\ncipher_iv =\n");
+		for (i = 0; i < test_vector->cipher_iv.length; ++i) {
 			if ((i % wrap == 0) && (i != 0))
 				printf("\n");
-			if (i == (uint32_t)(test_vector->iv.length - 1))
-				printf("0x%02x", test_vector->iv.data[i]);
+			if (i == (uint32_t)(test_vector->cipher_iv.length - 1))
+				printf("0x%02x", test_vector->cipher_iv.data[i]);
 			else
-				printf("0x%02x, ", test_vector->iv.data[i]);
+				printf("0x%02x, ", test_vector->cipher_iv.data[i]);
+		}
+		printf("\n");
+	}
+
+	if (test_vector->auth_iv.data) {
+		printf("\nauth_iv =\n");
+		for (i = 0; i < test_vector->auth_iv.length; ++i) {
+			if ((i % wrap == 0) && (i != 0))
+				printf("\n");
+			if (i == (uint32_t)(test_vector->auth_iv.length - 1))
+				printf("0x%02x", test_vector->auth_iv.data[i]);
+			else
+				printf("0x%02x, ", test_vector->auth_iv.data[i]);
 		}
 		printf("\n");
 	}
@@ -300,18 +314,32 @@ parse_entry(char *entry, struct cperf_test_vector *vector,
 			vector->auth_key.length = opts->auth_key_sz;
 		}
 
-	} else if (strstr(key_token, "iv")) {
-		rte_free(vector->iv.data);
-		vector->iv.data = data;
+	} else if (strstr(key_token, "cipher_iv")) {
+		rte_free(vector->cipher_iv.data);
+		vector->cipher_iv.data = data;
 		if (tc_found)
-			vector->iv.length = data_length;
+			vector->cipher_iv.length = data_length;
 		else {
 			if (opts->cipher_iv_sz > data_length) {
-				printf("Global iv shorter than "
+				printf("Global cipher iv shorter than "
 					"cipher_iv_sz\n");
 				return -1;
 			}
-			vector->iv.length = opts->cipher_iv_sz;
+			vector->cipher_iv.length = opts->cipher_iv_sz;
+		}
+
+	} else if (strstr(key_token, "auth_iv")) {
+		rte_free(vector->auth_iv.data);
+		vector->auth_iv.data = data;
+		if (tc_found)
+			vector->auth_iv.length = data_length;
+		else {
+			if (opts->auth_iv_sz > data_length) {
+				printf("Global auth iv shorter than "
+					"auth_iv_sz\n");
+				return -1;
+			}
+			vector->auth_iv.length = opts->auth_iv_sz;
 		}
 
 	} else if (strstr(key_token, "ciphertext")) {
diff --git a/app/test-crypto-perf/cperf_test_vectors.c b/app/test-crypto-perf/cperf_test_vectors.c
index 4a14fb3..6829b86 100644
--- a/app/test-crypto-perf/cperf_test_vectors.c
+++ b/app/test-crypto-perf/cperf_test_vectors.c
@@ -409,32 +409,34 @@ cperf_test_vector_get_dummy(struct cperf_options *options)
 			t_vec->cipher_key.length = 0;
 			t_vec->ciphertext.data = plaintext;
 			t_vec->cipher_key.data = NULL;
-			t_vec->iv.data = NULL;
+			t_vec->cipher_iv.data = NULL;
 		} else {
 			t_vec->cipher_key.length = options->cipher_key_sz;
 			t_vec->ciphertext.data = ciphertext;
 			t_vec->cipher_key.data = cipher_key;
-			t_vec->iv.data = rte_malloc(NULL, options->cipher_iv_sz,
+			t_vec->cipher_iv.data = rte_malloc(NULL, options->cipher_iv_sz,
 					16);
-			if (t_vec->iv.data == NULL) {
+			if (t_vec->cipher_iv.data == NULL) {
 				rte_free(t_vec);
 				return NULL;
 			}
-			memcpy(t_vec->iv.data, iv, options->cipher_iv_sz);
+			memcpy(t_vec->cipher_iv.data, iv, options->cipher_iv_sz);
 		}
 		t_vec->ciphertext.length = options->max_buffer_size;
+
 		/* Set IV parameters */
-		t_vec->iv.data = rte_malloc(NULL, options->cipher_iv_sz,
-					16);
-		if (options->cipher_iv_sz && t_vec->iv.data == NULL) {
+		t_vec->cipher_iv.data = rte_malloc(NULL, options->cipher_iv_sz,
+				16);
+		if (options->cipher_iv_sz && t_vec->cipher_iv.data == NULL) {
 			rte_free(t_vec);
 			return NULL;
 		}
-		memcpy(t_vec->iv.data, iv, options->cipher_iv_sz);
-		t_vec->iv.length = options->cipher_iv_sz;
+		memcpy(t_vec->cipher_iv.data, iv, options->cipher_iv_sz);
+		t_vec->cipher_iv.length = options->cipher_iv_sz;
 
 		t_vec->data.cipher_offset = 0;
 		t_vec->data.cipher_length = options->max_buffer_size;
+
 	}
 
 	if (options->op_type ==	CPERF_AUTH_ONLY ||
@@ -476,7 +478,7 @@ cperf_test_vector_get_dummy(struct cperf_options *options)
 					options->auth_aad_sz, 16);
 			if (t_vec->aad.data == NULL) {
 				if (options->op_type !=	CPERF_AUTH_ONLY)
-					rte_free(t_vec->iv.data);
+					rte_free(t_vec->cipher_iv.data);
 				rte_free(t_vec);
 				return NULL;
 			}
@@ -485,13 +487,26 @@ cperf_test_vector_get_dummy(struct cperf_options *options)
 			t_vec->aad.data = NULL;
 		}
 
+		/* Set IV parameters */
+		t_vec->auth_iv.data = rte_malloc(NULL, options->auth_iv_sz,
+				16);
+		if (options->auth_iv_sz && t_vec->auth_iv.data == NULL) {
+			if (options->op_type != CPERF_AUTH_ONLY)
+				rte_free(t_vec->cipher_iv.data);
+			rte_free(t_vec);
+			return NULL;
+		}
+		memcpy(t_vec->auth_iv.data, iv, options->auth_iv_sz);
+		t_vec->auth_iv.length = options->auth_iv_sz;
+
 		t_vec->aad.phys_addr = rte_malloc_virt2phy(t_vec->aad.data);
 		t_vec->aad.length = options->auth_aad_sz;
 		t_vec->digest.data = rte_malloc(NULL, options->auth_digest_sz,
 				16);
 		if (t_vec->digest.data == NULL) {
 			if (options->op_type !=	CPERF_AUTH_ONLY)
-				rte_free(t_vec->iv.data);
+				rte_free(t_vec->cipher_iv.data);
+			rte_free(t_vec->auth_iv.data);
 			rte_free(t_vec->aad.data);
 			rte_free(t_vec);
 			return NULL;
diff --git a/app/test-crypto-perf/cperf_test_vectors.h b/app/test-crypto-perf/cperf_test_vectors.h
index e64f116..7f9c4fa 100644
--- a/app/test-crypto-perf/cperf_test_vectors.h
+++ b/app/test-crypto-perf/cperf_test_vectors.h
@@ -53,9 +53,13 @@ struct cperf_test_vector {
 
 	struct {
 		uint8_t *data;
-		phys_addr_t phys_addr;
 		uint16_t length;
-	} iv;
+	} cipher_iv;
+
+	struct {
+		uint8_t *data;
+		uint16_t length;
+	} auth_iv;
 
 	struct {
 		uint8_t *data;
diff --git a/app/test-crypto-perf/cperf_test_verify.c b/app/test-crypto-perf/cperf_test_verify.c
index 1b58b1d..81057ff 100644
--- a/app/test-crypto-perf/cperf_test_verify.c
+++ b/app/test-crypto-perf/cperf_test_verify.c
@@ -270,7 +270,8 @@ cperf_verify_test_constructor(uint8_t dev_id, uint16_t qp_id,
 	snprintf(pool_name, sizeof(pool_name), "cperf_op_pool_cdev_%d",
 			dev_id);
 
-	uint16_t priv_size = test_vector->iv.length;
+	uint16_t priv_size = test_vector->cipher_iv.length +
+		test_vector->auth_iv.length;
 	ctx->crypto_op_pool = rte_crypto_op_pool_create(pool_name,
 			RTE_CRYPTO_OP_TYPE_SYMMETRIC, options->pool_sz, 0, priv_size,
 			rte_socket_id());
diff --git a/app/test-crypto-perf/data/aes_cbc_128_sha.data b/app/test-crypto-perf/data/aes_cbc_128_sha.data
index 0b054f5..ff55590 100644
--- a/app/test-crypto-perf/data/aes_cbc_128_sha.data
+++ b/app/test-crypto-perf/data/aes_cbc_128_sha.data
@@ -282,7 +282,7 @@ auth_key =
 0xe8, 0x38, 0x36, 0x58, 0x39, 0xd9, 0x9a, 0xc5, 0xe7, 0x3b, 0xc4, 0x47, 0xe2, 0xbd, 0x80, 0x73,
 0xf8, 0xd1, 0x9a, 0x5e, 0x4b, 0xfb, 0x52, 0x6b, 0x50, 0xaf, 0x8b, 0xb7, 0xb5, 0x2c, 0x52, 0x84
 
-iv =
+cipher_iv =
 0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07, 0x08, 0x09, 0x0A, 0x0B, 0x0C, 0x0D, 0x0E, 0x0F
 
 ####################
diff --git a/app/test-crypto-perf/data/aes_cbc_192_sha.data b/app/test-crypto-perf/data/aes_cbc_192_sha.data
index 7bfe3da..3f85a00 100644
--- a/app/test-crypto-perf/data/aes_cbc_192_sha.data
+++ b/app/test-crypto-perf/data/aes_cbc_192_sha.data
@@ -283,7 +283,7 @@ auth_key =
 0xe8, 0x38, 0x36, 0x58, 0x39, 0xd9, 0x9a, 0xc5, 0xe7, 0x3b, 0xc4, 0x47, 0xe2, 0xbd, 0x80, 0x73,
 0xf8, 0xd1, 0x9a, 0x5e, 0x4b, 0xfb, 0x52, 0x6b, 0x50, 0xaf, 0x8b, 0xb7, 0xb5, 0x2c, 0x52, 0x84
 
-iv =
+cipher_iv =
 0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07, 0x08, 0x09, 0x0A, 0x0B, 0x0C, 0x0D, 0x0E, 0x0F
 
 ####################
diff --git a/app/test-crypto-perf/data/aes_cbc_256_sha.data b/app/test-crypto-perf/data/aes_cbc_256_sha.data
index 52dafb9..8da8161 100644
--- a/app/test-crypto-perf/data/aes_cbc_256_sha.data
+++ b/app/test-crypto-perf/data/aes_cbc_256_sha.data
@@ -283,7 +283,7 @@ auth_key =
 0xe8, 0x38, 0x36, 0x58, 0x39, 0xd9, 0x9a, 0xc5, 0xe7, 0x3b, 0xc4, 0x47, 0xe2, 0xbd, 0x80, 0x73,
 0xf8, 0xd1, 0x9a, 0x5e, 0x4b, 0xfb, 0x52, 0x6b, 0x50, 0xaf, 0x8b, 0xb7, 0xb5, 0x2c, 0x52, 0x84
 
-iv =
+cipher_iv =
 0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07, 0x08, 0x09, 0x0A, 0x0B, 0x0C, 0x0D, 0x0E, 0x0F
 
 ####################
diff --git a/app/test-crypto-perf/main.c b/app/test-crypto-perf/main.c
index 9ec2a4b..cf4fa4f 100644
--- a/app/test-crypto-perf/main.c
+++ b/app/test-crypto-perf/main.c
@@ -138,7 +138,8 @@ cperf_verify_devices_capabilities(struct cperf_options *opts,
 					capability,
 					opts->auth_key_sz,
 					opts->auth_digest_sz,
-					opts->auth_aad_sz);
+					opts->auth_aad_sz,
+					opts->auth_iv_sz);
 			if (ret != 0)
 				return ret;
 		}
@@ -185,9 +186,9 @@ cperf_check_test_vector(struct cperf_options *opts,
 				return -1;
 			if (test_vec->ciphertext.length < opts->max_buffer_size)
 				return -1;
-			if (test_vec->iv.data == NULL)
+			if (test_vec->cipher_iv.data == NULL)
 				return -1;
-			if (test_vec->iv.length != opts->cipher_iv_sz)
+			if (test_vec->cipher_iv.length != opts->cipher_iv_sz)
 				return -1;
 			if (test_vec->cipher_key.data == NULL)
 				return -1;
@@ -204,6 +205,11 @@ cperf_check_test_vector(struct cperf_options *opts,
 				return -1;
 			if (test_vec->auth_key.length != opts->auth_key_sz)
 				return -1;
+			if (test_vec->auth_iv.length != opts->auth_iv_sz)
+				return -1;
+			/* Auth IV is only required for some algorithms */
+			if (opts->auth_iv_sz && test_vec->auth_iv.data == NULL)
+				return -1;
 			if (test_vec->digest.data == NULL)
 				return -1;
 			if (test_vec->digest.length < opts->auth_digest_sz)
@@ -226,9 +232,9 @@ cperf_check_test_vector(struct cperf_options *opts,
 				return -1;
 			if (test_vec->ciphertext.length < opts->max_buffer_size)
 				return -1;
-			if (test_vec->iv.data == NULL)
+			if (test_vec->cipher_iv.data == NULL)
 				return -1;
-			if (test_vec->iv.length != opts->cipher_iv_sz)
+			if (test_vec->cipher_iv.length != opts->cipher_iv_sz)
 				return -1;
 			if (test_vec->cipher_key.data == NULL)
 				return -1;
@@ -240,6 +246,11 @@ cperf_check_test_vector(struct cperf_options *opts,
 				return -1;
 			if (test_vec->auth_key.length != opts->auth_key_sz)
 				return -1;
+			if (test_vec->auth_iv.length != opts->auth_iv_sz)
+				return -1;
+			/* Auth IV is only required for some algorithms */
+			if (opts->auth_iv_sz && test_vec->auth_iv.data == NULL)
+				return -1;
 			if (test_vec->digest.data == NULL)
 				return -1;
 			if (test_vec->digest.length < opts->auth_digest_sz)
@@ -254,6 +265,10 @@ cperf_check_test_vector(struct cperf_options *opts,
 			return -1;
 		if (test_vec->ciphertext.length < opts->max_buffer_size)
 			return -1;
+		if (test_vec->cipher_iv.data == NULL)
+			return -1;
+		if (test_vec->cipher_iv.length != opts->cipher_iv_sz)
+			return -1;
 		if (test_vec->aad.data == NULL)
 			return -1;
 		if (test_vec->aad.length != opts->auth_aad_sz)
diff --git a/doc/guides/prog_guide/cryptodev_lib.rst b/doc/guides/prog_guide/cryptodev_lib.rst
index 4e352f4..68890ff 100644
--- a/doc/guides/prog_guide/cryptodev_lib.rst
+++ b/doc/guides/prog_guide/cryptodev_lib.rst
@@ -245,7 +245,8 @@ algorithm AES_CBC.
                         .max = 12,
                         .increment = 0
                     },
-                    .aad_size = { 0 }
+                    .aad_size = { 0 },
+                    .iv_size = { 0 }
                 }
             }
         },
diff --git a/doc/guides/rel_notes/release_17_08.rst b/doc/guides/rel_notes/release_17_08.rst
index 4775bd2..eabf3dd 100644
--- a/doc/guides/rel_notes/release_17_08.rst
+++ b/doc/guides/rel_notes/release_17_08.rst
@@ -161,6 +161,8 @@ API Changes
     offset from the start of the crypto operation.
   * Moved length and offset of cipher IV from ``rte_crypto_sym_op`` to
     ``rte_crypto_cipher_xform``.
+  * Added authentication IV parameters (offset and length) in
+    ``rte_crypto_auth_xform``.
 
 
 ABI Changes
diff --git a/doc/guides/sample_app_ug/l2_forward_crypto.rst b/doc/guides/sample_app_ug/l2_forward_crypto.rst
index 45d8a12..b9aa573 100644
--- a/doc/guides/sample_app_ug/l2_forward_crypto.rst
+++ b/doc/guides/sample_app_ug/l2_forward_crypto.rst
@@ -86,9 +86,10 @@ The application requires a number of command line options:
     ./build/l2fwd-crypto [EAL options] -- [-p PORTMASK] [-q NQ] [-s] [-T PERIOD] /
     [--cdev_type HW/SW/ANY] [--chain HASH_CIPHER/CIPHER_HASH/CIPHER_ONLY/HASH_ONLY] /
     [--cipher_algo ALGO] [--cipher_op ENCRYPT/DECRYPT] [--cipher_key KEY] /
-    [--cipher_key_random_size SIZE] [--iv IV] [--iv_random_size SIZE] /
+    [--cipher_key_random_size SIZE] [--cipher_iv IV] [--cipher_iv_random_size SIZE] /
     [--auth_algo ALGO] [--auth_op GENERATE/VERIFY] [--auth_key KEY] /
-    [--auth_key_random_size SIZE] [--aad AAD] [--aad_random_size SIZE] /
+    [--auth_key_random_size SIZE] [--auth_iv IV] [--auth_iv_random_size SIZE] /
+    [--aad AAD] [--aad_random_size SIZE] /
     [--digest size SIZE] [--sessionless] [--cryptodev_mask MASK]
 
 where,
@@ -127,11 +128,11 @@ where,
 
     Note that if --cipher_key is used, this will be ignored.
 
-*   iv: set the IV to be used. Bytes has to be separated with ":"
+*   cipher_iv: set the cipher IV to be used. Bytes has to be separated with ":"
 
-*   iv_random_size: set the size of the IV, which will be generated randomly.
+*   cipher_iv_random_size: set the size of the cipher IV, which will be generated randomly.
 
-    Note that if --iv is used, this will be ignored.
+    Note that if --cipher_iv is used, this will be ignored.
 
 *   auth_algo: select the authentication algorithm (default is sha1-hmac)
 
@@ -147,6 +148,12 @@ where,
 
     Note that if --auth_key is used, this will be ignored.
 
+*   auth_iv: set the auth IV to be used. Bytes has to be separated with ":"
+
+*   auth_iv_random_size: set the size of the auth IV, which will be generated randomly.
+
+    Note that if --auth_iv is used, this will be ignored.
+
 *   aad: set the AAD to be used. Bytes has to be separated with ":"
 
 *   aad_random_size: set the size of the AAD, which will be generated randomly.
diff --git a/doc/guides/tools/cryptoperf.rst b/doc/guides/tools/cryptoperf.rst
index 1acde76..c0accfc 100644
--- a/doc/guides/tools/cryptoperf.rst
+++ b/doc/guides/tools/cryptoperf.rst
@@ -290,6 +290,10 @@ The following are the appication command-line options:
 
         Set the size of authentication key.
 
+* ``--auth-iv-sz <n>``
+
+        Set the size of auth iv.
+
 * ``--auth-digest-sz <n>``
 
         Set the size of authentication digest.
@@ -345,9 +349,13 @@ a string of bytes in C byte array format::
 
         Key used in auth operation.
 
-* ``iv``
+* ``cipher_iv``
+
+        Cipher Initial Vector.
+
+* ``auth_iv``
 
-        Initial vector.
+        Auth Initial Vector.
 
 * ``aad``
 
@@ -412,7 +420,7 @@ Test vector file for cipher algorithm aes cbc 256 with authorization sha::
    0xf5, 0x0c, 0xe7, 0xa2, 0xa6, 0x23, 0xd5, 0x3d, 0x95, 0xd8, 0xcd, 0x86, 0x79, 0xf5, 0x01, 0x47,
    0x4f, 0xf9, 0x1d, 0x9d, 0x36, 0xf7, 0x68, 0x1a, 0x64, 0x44, 0x58, 0x5d, 0xe5, 0x81, 0x15, 0x2a,
    0x41, 0xe4, 0x0e, 0xaa, 0x1f, 0x04, 0x21, 0xff, 0x2c, 0xf3, 0x73, 0x2b, 0x48, 0x1e, 0xd2, 0xf7
-   iv =
+   cipher_iv =
    0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07, 0x08, 0x09, 0x0A, 0x0B, 0x0C, 0x0D, 0x0E, 0x0F
    # Section sha 1 hmac buff 32
    [sha1_hmac_buff_32]
diff --git a/drivers/crypto/aesni_gcm/aesni_gcm_pmd_ops.c b/drivers/crypto/aesni_gcm/aesni_gcm_pmd_ops.c
index 7b68a20..542e6c4 100644
--- a/drivers/crypto/aesni_gcm/aesni_gcm_pmd_ops.c
+++ b/drivers/crypto/aesni_gcm/aesni_gcm_pmd_ops.c
@@ -60,7 +60,8 @@ static const struct rte_cryptodev_capabilities aesni_gcm_pmd_capabilities[] = {
 					.min = 0,
 					.max = 65535,
 					.increment = 1
-				}
+				},
+				.iv_size = { 0 }
 			}, }
 		}, }
 	},
@@ -85,7 +86,8 @@ static const struct rte_cryptodev_capabilities aesni_gcm_pmd_capabilities[] = {
 					.min = 0,
 					.max = 65535,
 					.increment = 1
-				}
+				},
+				.iv_size = { 0 }
 			}, }
 		}, }
 	},
diff --git a/drivers/crypto/aesni_mb/rte_aesni_mb_pmd_ops.c b/drivers/crypto/aesni_mb/rte_aesni_mb_pmd_ops.c
index d1bc28e..780b88b 100644
--- a/drivers/crypto/aesni_mb/rte_aesni_mb_pmd_ops.c
+++ b/drivers/crypto/aesni_mb/rte_aesni_mb_pmd_ops.c
@@ -57,7 +57,8 @@ static const struct rte_cryptodev_capabilities aesni_mb_pmd_capabilities[] = {
 					.max = 12,
 					.increment = 0
 				},
-				.aad_size = { 0 }
+				.aad_size = { 0 },
+				.iv_size = { 0 }
 			}, }
 		}, }
 	},
@@ -78,7 +79,8 @@ static const struct rte_cryptodev_capabilities aesni_mb_pmd_capabilities[] = {
 					.max = 12,
 					.increment = 0
 				},
-				.aad_size = { 0 }
+				.aad_size = { 0 },
+				.iv_size = { 0 }
 			}, }
 		}, }
 	},
@@ -99,7 +101,8 @@ static const struct rte_cryptodev_capabilities aesni_mb_pmd_capabilities[] = {
 					.max = 14,
 					.increment = 0
 				},
-				.aad_size = { 0 }
+				.aad_size = { 0 },
+				.iv_size = { 0 }
 			}, }
 		}, }
 	},
@@ -120,7 +123,8 @@ static const struct rte_cryptodev_capabilities aesni_mb_pmd_capabilities[] = {
 					.max = 16,
 					.increment = 0
 				},
-				.aad_size = { 0 }
+				.aad_size = { 0 },
+				.iv_size = { 0 }
 			}, }
 		}, }
 	},
@@ -141,7 +145,8 @@ static const struct rte_cryptodev_capabilities aesni_mb_pmd_capabilities[] = {
 					.max = 24,
 					.increment = 0
 				},
-				.aad_size = { 0 }
+				.aad_size = { 0 },
+				.iv_size = { 0 }
 			}, }
 		}, }
 	},
@@ -162,7 +167,8 @@ static const struct rte_cryptodev_capabilities aesni_mb_pmd_capabilities[] = {
 					.max = 32,
 					.increment = 0
 				},
-				.aad_size = { 0 }
+				.aad_size = { 0 },
+				.iv_size = { 0 }
 			}, }
 		}, }
 	},
@@ -183,7 +189,8 @@ static const struct rte_cryptodev_capabilities aesni_mb_pmd_capabilities[] = {
 					.max = 12,
 					.increment = 0
 				},
-				.aad_size = { 0 }
+				.aad_size = { 0 },
+				.iv_size = { 0 }
 			}, }
 		}, }
 	},
diff --git a/drivers/crypto/armv8/rte_armv8_pmd_ops.c b/drivers/crypto/armv8/rte_armv8_pmd_ops.c
index 4d9ccbf..78ed770 100644
--- a/drivers/crypto/armv8/rte_armv8_pmd_ops.c
+++ b/drivers/crypto/armv8/rte_armv8_pmd_ops.c
@@ -59,7 +59,8 @@ static const struct rte_cryptodev_capabilities
 						.max = 20,
 						.increment = 0
 					},
-					.aad_size = { 0 }
+					.aad_size = { 0 },
+					.iv_size = { 0 }
 				}, }
 			}, }
 	},
@@ -80,7 +81,8 @@ static const struct rte_cryptodev_capabilities
 						.max = 32,
 						.increment = 0
 					},
-					.aad_size = { 0 }
+					.aad_size = { 0 },
+					.iv_size = { 0 }
 				}, }
 			}, }
 	},
diff --git a/drivers/crypto/dpaa2_sec/dpaa2_sec_priv.h b/drivers/crypto/dpaa2_sec/dpaa2_sec_priv.h
index d152161..ff3be70 100644
--- a/drivers/crypto/dpaa2_sec/dpaa2_sec_priv.h
+++ b/drivers/crypto/dpaa2_sec/dpaa2_sec_priv.h
@@ -217,7 +217,8 @@ static const struct rte_cryptodev_capabilities dpaa2_sec_capabilities[] = {
 					.max = 16,
 					.increment = 0
 				},
-				.aad_size = { 0 }
+				.aad_size = { 0 },
+				.iv_size = { 0 }
 			}, }
 		}, }
 	},
@@ -238,7 +239,8 @@ static const struct rte_cryptodev_capabilities dpaa2_sec_capabilities[] = {
 					.max = 20,
 					.increment = 0
 				},
-				.aad_size = { 0 }
+				.aad_size = { 0 },
+				.iv_size = { 0 }
 			}, }
 		}, }
 	},
@@ -259,7 +261,8 @@ static const struct rte_cryptodev_capabilities dpaa2_sec_capabilities[] = {
 					.max = 28,
 					.increment = 0
 				},
-				.aad_size = { 0 }
+				.aad_size = { 0 },
+				.iv_size = { 0 }
 			}, }
 		}, }
 	},
@@ -280,7 +283,8 @@ static const struct rte_cryptodev_capabilities dpaa2_sec_capabilities[] = {
 						.max = 32,
 						.increment = 0
 				},
-				.aad_size = { 0 }
+				.aad_size = { 0 },
+				.iv_size = { 0 }
 				}, }
 			}, }
 		},
@@ -301,7 +305,8 @@ static const struct rte_cryptodev_capabilities dpaa2_sec_capabilities[] = {
 					.max = 48,
 					.increment = 0
 				},
-				.aad_size = { 0 }
+				.aad_size = { 0 },
+				.iv_size = { 0 }
 			}, }
 		}, }
 	},
@@ -322,7 +327,8 @@ static const struct rte_cryptodev_capabilities dpaa2_sec_capabilities[] = {
 					.max = 64,
 					.increment = 0
 				},
-				.aad_size = { 0 }
+				.aad_size = { 0 },
+				.iv_size = { 0 }
 			}, }
 		}, }
 	},
diff --git a/drivers/crypto/kasumi/rte_kasumi_pmd_ops.c b/drivers/crypto/kasumi/rte_kasumi_pmd_ops.c
index 62ebdbd..8f1a116 100644
--- a/drivers/crypto/kasumi/rte_kasumi_pmd_ops.c
+++ b/drivers/crypto/kasumi/rte_kasumi_pmd_ops.c
@@ -60,7 +60,8 @@ static const struct rte_cryptodev_capabilities kasumi_pmd_capabilities[] = {
 					.min = 8,
 					.max = 8,
 					.increment = 0
-				}
+				},
+				.iv_size = { 0 }
 			}, }
 		}, }
 	},
diff --git a/drivers/crypto/null/null_crypto_pmd_ops.c b/drivers/crypto/null/null_crypto_pmd_ops.c
index 5f74f0c..f8ad8e4 100644
--- a/drivers/crypto/null/null_crypto_pmd_ops.c
+++ b/drivers/crypto/null/null_crypto_pmd_ops.c
@@ -56,7 +56,8 @@ static const struct rte_cryptodev_capabilities null_crypto_pmd_capabilities[] =
 					.max = 0,
 					.increment = 0
 				},
-				.aad_size = { 0 }
+				.aad_size = { 0 },
+				.iv_size = { 0 }
 			}, },
 		}, },
 	},
diff --git a/drivers/crypto/openssl/rte_openssl_pmd_ops.c b/drivers/crypto/openssl/rte_openssl_pmd_ops.c
index 22a6873..3026dbd 100644
--- a/drivers/crypto/openssl/rte_openssl_pmd_ops.c
+++ b/drivers/crypto/openssl/rte_openssl_pmd_ops.c
@@ -57,7 +57,8 @@ static const struct rte_cryptodev_capabilities openssl_pmd_capabilities[] = {
 					.max = 16,
 					.increment = 0
 				},
-				.aad_size = { 0 }
+				.aad_size = { 0 },
+				.iv_size = { 0 }
 			}, }
 		}, }
 	},
@@ -78,7 +79,8 @@ static const struct rte_cryptodev_capabilities openssl_pmd_capabilities[] = {
 					.max = 16,
 					.increment = 0
 				},
-				.aad_size = { 0 }
+				.aad_size = { 0 },
+				.iv_size = { 0 }
 			}, }
 		}, }
 	},
@@ -99,7 +101,8 @@ static const struct rte_cryptodev_capabilities openssl_pmd_capabilities[] = {
 					.max = 20,
 					.increment = 0
 				},
-				.aad_size = { 0 }
+				.aad_size = { 0 },
+				.iv_size = { 0 }
 			}, }
 		}, }
 	},
@@ -120,7 +123,8 @@ static const struct rte_cryptodev_capabilities openssl_pmd_capabilities[] = {
 					.max = 20,
 					.increment = 0
 				},
-				.aad_size = { 0 }
+				.aad_size = { 0 },
+				.iv_size = { 0 }
 			}, }
 		}, }
 	},
@@ -141,7 +145,8 @@ static const struct rte_cryptodev_capabilities openssl_pmd_capabilities[] = {
 					.max = 28,
 					.increment = 0
 				},
-				.aad_size = { 0 }
+				.aad_size = { 0 },
+				.iv_size = { 0 }
 			}, }
 		}, }
 	},
@@ -162,7 +167,8 @@ static const struct rte_cryptodev_capabilities openssl_pmd_capabilities[] = {
 					.max = 28,
 					.increment = 0
 				},
-				.aad_size = { 0 }
+				.aad_size = { 0 },
+				.iv_size = { 0 }
 			}, }
 		}, }
 	},
@@ -183,31 +189,33 @@ static const struct rte_cryptodev_capabilities openssl_pmd_capabilities[] = {
 					.max = 32,
 					.increment = 0
 				},
-				.aad_size = { 0 }
+				.aad_size = { 0 },
+				.iv_size = { 0 }
 			}, }
 		}, }
 	},
 	{	/* SHA256 */
-			.op = RTE_CRYPTO_OP_TYPE_SYMMETRIC,
-			{.sym = {
-				.xform_type = RTE_CRYPTO_SYM_XFORM_AUTH,
-				{.auth = {
-					.algo = RTE_CRYPTO_AUTH_SHA256,
-					.block_size = 64,
-					.key_size = {
-						.min = 0,
-						.max = 0,
-						.increment = 0
-					},
-					.digest_size = {
-						.min = 32,
-						.max = 32,
-						.increment = 0
-					},
-					.aad_size = { 0 }
-				}, }
+		.op = RTE_CRYPTO_OP_TYPE_SYMMETRIC,
+		{.sym = {
+			.xform_type = RTE_CRYPTO_SYM_XFORM_AUTH,
+			{.auth = {
+				.algo = RTE_CRYPTO_AUTH_SHA256,
+				.block_size = 64,
+				.key_size = {
+					.min = 0,
+					.max = 0,
+					.increment = 0
+				},
+				.digest_size = {
+					.min = 32,
+					.max = 32,
+					.increment = 0
+				},
+				.aad_size = { 0 },
+				.iv_size = { 0 }
 			}, }
-		},
+		}, }
+	},
 	{	/* SHA384 HMAC */
 		.op = RTE_CRYPTO_OP_TYPE_SYMMETRIC,
 		{.sym = {
@@ -225,7 +233,8 @@ static const struct rte_cryptodev_capabilities openssl_pmd_capabilities[] = {
 					.max = 48,
 					.increment = 0
 				},
-				.aad_size = { 0 }
+				.aad_size = { 0 },
+				.iv_size = { 0 }
 			}, }
 		}, }
 	},
@@ -246,7 +255,8 @@ static const struct rte_cryptodev_capabilities openssl_pmd_capabilities[] = {
 					.max = 48,
 					.increment = 0
 				},
-				.aad_size = { 0 }
+				.aad_size = { 0 },
+				.iv_size = { 0 }
 			}, }
 		}, }
 	},
@@ -267,7 +277,8 @@ static const struct rte_cryptodev_capabilities openssl_pmd_capabilities[] = {
 					.max = 64,
 					.increment = 0
 				},
-				.aad_size = { 0 }
+				.aad_size = { 0 },
+				.iv_size = { 0 }
 			}, }
 		}, }
 	},
@@ -288,7 +299,8 @@ static const struct rte_cryptodev_capabilities openssl_pmd_capabilities[] = {
 					.max = 64,
 					.increment = 0
 				},
-				.aad_size = { 0 }
+				.aad_size = { 0 },
+				.iv_size = { 0 }
 			}, }
 		}, }
 	},
@@ -353,7 +365,8 @@ static const struct rte_cryptodev_capabilities openssl_pmd_capabilities[] = {
 					.min = 0,
 					.max = 65535,
 					.increment = 1
-				}
+				},
+				.iv_size = { 0 }
 			}, }
 		}, }
 	},
@@ -398,7 +411,8 @@ static const struct rte_cryptodev_capabilities openssl_pmd_capabilities[] = {
 					.min = 8,
 					.max = 65532,
 					.increment = 4
-				}
+				},
+				.iv_size = { 0 }
 			}, }
 		}, }
 	},
diff --git a/drivers/crypto/qat/qat_crypto_capabilities.h b/drivers/crypto/qat/qat_crypto_capabilities.h
index 1294f24..4bc2c97 100644
--- a/drivers/crypto/qat/qat_crypto_capabilities.h
+++ b/drivers/crypto/qat/qat_crypto_capabilities.h
@@ -52,7 +52,8 @@
 					.max = 20,			\
 					.increment = 0			\
 				},					\
-				.aad_size = { 0 }			\
+				.aad_size = { 0 },			\
+				.iv_size = { 0 }			\
 			}, }						\
 		}, }							\
 	},								\
@@ -73,7 +74,8 @@
 					.max = 28,			\
 					.increment = 0			\
 				},					\
-				.aad_size = { 0 }			\
+				.aad_size = { 0 },			\
+				.iv_size = { 0 }			\
 			}, }						\
 		}, }							\
 	},								\
@@ -94,7 +96,8 @@
 					.max = 32,			\
 					.increment = 0			\
 				},					\
-				.aad_size = { 0 }			\
+				.aad_size = { 0 },			\
+				.iv_size = { 0 }			\
 			}, }						\
 		}, }							\
 	},								\
@@ -114,8 +117,9 @@
 					.min = 48,			\
 					.max = 48,			\
 					.increment = 0			\
-					},				\
-				.aad_size = { 0 }			\
+				},					\
+				.aad_size = { 0 },			\
+				.iv_size = { 0 }			\
 			}, }						\
 		}, }							\
 	},								\
@@ -136,7 +140,8 @@
 					.max = 64,			\
 					.increment = 0			\
 				},					\
-				.aad_size = { 0 }			\
+				.aad_size = { 0 },			\
+				.iv_size = { 0 }			\
 			}, }						\
 		}, }							\
 	},								\
@@ -157,7 +162,8 @@
 					.max = 16,			\
 					.increment = 0			\
 				},					\
-				.aad_size = { 0 }			\
+				.aad_size = { 0 },			\
+				.iv_size = { 0 }			\
 			}, }						\
 		}, }							\
 	},								\
@@ -178,7 +184,8 @@
 					.max = 16,			\
 					.increment = 0			\
 				},					\
-				.aad_size = { 0 }			\
+				.aad_size = { 0 },			\
+				.iv_size = { 0 }			\
 			}, }						\
 		}, }							\
 	},								\
@@ -203,7 +210,8 @@
 					.min = 0,			\
 					.max = 240,			\
 					.increment = 1			\
-				}					\
+				},					\
+				.iv_size = { 0 }			\
 			}, }						\
 		}, }							\
 	},								\
@@ -228,7 +236,8 @@
 					.min = 1,			\
 					.max = 65535,			\
 					.increment = 1			\
-				}					\
+				},					\
+				.iv_size = { 0 }			\
 			}, }						\
 		}, }							\
 	},								\
@@ -253,7 +262,8 @@
 					.min = 16,			\
 					.max = 16,			\
 					.increment = 0			\
-				}					\
+				},					\
+				.iv_size = { 0 }			\
 			}, }						\
 		}, }							\
 	},								\
@@ -374,7 +384,8 @@
 					.max = 0,			\
 					.increment = 0			\
 				},					\
-				.aad_size = { 0 }			\
+				.aad_size = { 0 },			\
+				.iv_size = { 0 }			\
 			}, },						\
 		}, },							\
 	},								\
@@ -439,7 +450,8 @@
 					.min = 8,			\
 					.max = 8,			\
 					.increment = 0			\
-				}					\
+				},					\
+				.iv_size = { 0 }			\
 			}, }						\
 		}, }							\
 	},								\
@@ -566,7 +578,8 @@
 					.min = 16,			\
 					.max = 16,			\
 					.increment = 0			\
-				}					\
+				},					\
+				.iv_size = { 0 }			\
 			}, }						\
 		}, }							\
 	}
diff --git a/drivers/crypto/snow3g/rte_snow3g_pmd_ops.c b/drivers/crypto/snow3g/rte_snow3g_pmd_ops.c
index 7ce96be..68ede97 100644
--- a/drivers/crypto/snow3g/rte_snow3g_pmd_ops.c
+++ b/drivers/crypto/snow3g/rte_snow3g_pmd_ops.c
@@ -60,7 +60,8 @@ static const struct rte_cryptodev_capabilities snow3g_pmd_capabilities[] = {
 					.min = 16,
 					.max = 16,
 					.increment = 0
-				}
+				},
+				.iv_size = { 0 },
 			}, }
 		}, }
 	},
diff --git a/drivers/crypto/zuc/rte_zuc_pmd_ops.c b/drivers/crypto/zuc/rte_zuc_pmd_ops.c
index c24b9bd..02c3c4a 100644
--- a/drivers/crypto/zuc/rte_zuc_pmd_ops.c
+++ b/drivers/crypto/zuc/rte_zuc_pmd_ops.c
@@ -60,7 +60,8 @@ static const struct rte_cryptodev_capabilities zuc_pmd_capabilities[] = {
 					.min = 16,
 					.max = 16,
 					.increment = 0
-				}
+				},
+				.iv_size = { 0 }
 			}, }
 		}, }
 	},
diff --git a/examples/l2fwd-crypto/main.c b/examples/l2fwd-crypto/main.c
index 9f16806..ba5aef7 100644
--- a/examples/l2fwd-crypto/main.c
+++ b/examples/l2fwd-crypto/main.c
@@ -160,14 +160,18 @@ struct l2fwd_crypto_options {
 	unsigned ckey_param;
 	int ckey_random_size;
 
-	struct l2fwd_iv iv;
-	unsigned int iv_param;
-	int iv_random_size;
+	struct l2fwd_iv cipher_iv;
+	unsigned int cipher_iv_param;
+	int cipher_iv_random_size;
 
 	struct rte_crypto_sym_xform auth_xform;
 	uint8_t akey_param;
 	int akey_random_size;
 
+	struct l2fwd_iv auth_iv;
+	unsigned int auth_iv_param;
+	int auth_iv_random_size;
+
 	struct l2fwd_key aad;
 	unsigned aad_param;
 	int aad_random_size;
@@ -188,7 +192,8 @@ struct l2fwd_crypto_params {
 	unsigned digest_length;
 	unsigned block_size;
 
-	struct l2fwd_iv iv;
+	struct l2fwd_iv cipher_iv;
+	struct l2fwd_iv auth_iv;
 	struct l2fwd_key aad;
 	struct rte_cryptodev_sym_session *session;
 
@@ -453,6 +458,18 @@ l2fwd_simple_crypto_enqueue(struct rte_mbuf *m,
 	rte_crypto_op_attach_sym_session(op, cparams->session);
 
 	if (cparams->do_hash) {
+		if (cparams->auth_iv.length) {
+			uint8_t *iv_ptr = rte_crypto_op_ctod_offset(op,
+						uint8_t *,
+						IV_OFFSET +
+						cparams->cipher_iv.length);
+			/*
+			 * Copy IV at the end of the crypto operation,
+			 * after the cipher IV, if added
+			 */
+			rte_memcpy(iv_ptr, cparams->auth_iv.data,
+					cparams->auth_iv.length);
+		}
 		if (!cparams->hash_verify) {
 			/* Append space for digest to end of packet */
 			op->sym->auth.digest.data = (uint8_t *)rte_pktmbuf_append(m,
@@ -492,7 +509,8 @@ l2fwd_simple_crypto_enqueue(struct rte_mbuf *m,
 		uint8_t *iv_ptr = rte_crypto_op_ctod_offset(op, uint8_t *,
 							IV_OFFSET);
 		/* Copy IV at the end of the crypto operation */
-		rte_memcpy(iv_ptr, cparams->iv.data, cparams->iv.length);
+		rte_memcpy(iv_ptr, cparams->cipher_iv.data,
+				cparams->cipher_iv.length);
 
 		/* For wireless algorithms, offset/length must be in bits */
 		if (cparams->cipher_algo == RTE_CRYPTO_CIPHER_SNOW3G_UEA2 ||
@@ -675,6 +693,18 @@ l2fwd_main_loop(struct l2fwd_crypto_options *options)
 		port_cparams[i].block_size = options->block_size;
 
 		if (port_cparams[i].do_hash) {
+			port_cparams[i].auth_iv.data = options->auth_iv.data;
+			port_cparams[i].auth_iv.length = options->auth_iv.length;
+			if (!options->auth_iv_param)
+				generate_random_key(port_cparams[i].auth_iv.data,
+						port_cparams[i].auth_iv.length);
+			/* Set IV parameters */
+			if (options->auth_iv.length) {
+				options->auth_xform.auth.iv.offset =
+					IV_OFFSET + options->cipher_iv.length;
+				options->auth_xform.auth.iv.length =
+					options->auth_iv.length;
+			}
 			port_cparams[i].digest_length =
 					options->auth_xform.auth.digest_length;
 			if (options->auth_xform.auth.add_auth_data_length) {
@@ -698,16 +728,17 @@ l2fwd_main_loop(struct l2fwd_crypto_options *options)
 		}
 
 		if (port_cparams[i].do_cipher) {
-			port_cparams[i].iv.data = options->iv.data;
-			port_cparams[i].iv.length = options->iv.length;
-			if (!options->iv_param)
-				generate_random_key(port_cparams[i].iv.data,
-						port_cparams[i].iv.length);
+			port_cparams[i].cipher_iv.data = options->cipher_iv.data;
+			port_cparams[i].cipher_iv.length = options->cipher_iv.length;
+			if (!options->cipher_iv_param)
+				generate_random_key(port_cparams[i].cipher_iv.data,
+						port_cparams[i].cipher_iv.length);
 
 			port_cparams[i].cipher_algo = options->cipher_xform.cipher.algo;
 			/* Set IV parameters */
 			options->cipher_xform.cipher.iv.offset = IV_OFFSET;
-			options->cipher_xform.cipher.iv.length = options->iv.length;
+			options->cipher_xform.cipher.iv.length =
+						options->cipher_iv.length;
 		}
 
 		port_cparams[i].session = initialize_crypto_session(options,
@@ -861,13 +892,15 @@ l2fwd_crypto_usage(const char *prgname)
 		"  --cipher_op ENCRYPT / DECRYPT\n"
 		"  --cipher_key KEY (bytes separated with \":\")\n"
 		"  --cipher_key_random_size SIZE: size of cipher key when generated randomly\n"
-		"  --iv IV (bytes separated with \":\")\n"
-		"  --iv_random_size SIZE: size of IV when generated randomly\n"
+		"  --cipher_iv IV (bytes separated with \":\")\n"
+		"  --cipher_iv_random_size SIZE: size of cipher IV when generated randomly\n"
 
 		"  --auth_algo ALGO\n"
 		"  --auth_op GENERATE / VERIFY\n"
 		"  --auth_key KEY (bytes separated with \":\")\n"
 		"  --auth_key_random_size SIZE: size of auth key when generated randomly\n"
+		"  --auth_iv IV (bytes separated with \":\")\n"
+		"  --auth_iv_random_size SIZE: size of auth IV when generated randomly\n"
 		"  --aad AAD (bytes separated with \":\")\n"
 		"  --aad_random_size SIZE: size of AAD when generated randomly\n"
 		"  --digest_size SIZE: size of digest to be generated/verified\n"
@@ -1078,18 +1111,18 @@ l2fwd_crypto_parse_args_long_options(struct l2fwd_crypto_options *options,
 	else if (strcmp(lgopts[option_index].name, "cipher_key_random_size") == 0)
 		return parse_size(&options->ckey_random_size, optarg);
 
-	else if (strcmp(lgopts[option_index].name, "iv") == 0) {
-		options->iv_param = 1;
-		options->iv.length =
-			parse_key(options->iv.data, optarg);
-		if (options->iv.length > 0)
+	else if (strcmp(lgopts[option_index].name, "cipher_iv") == 0) {
+		options->cipher_iv_param = 1;
+		options->cipher_iv.length =
+			parse_key(options->cipher_iv.data, optarg);
+		if (options->cipher_iv.length > 0)
 			return 0;
 		else
 			return -1;
 	}
 
-	else if (strcmp(lgopts[option_index].name, "iv_random_size") == 0)
-		return parse_size(&options->iv_random_size, optarg);
+	else if (strcmp(lgopts[option_index].name, "cipher_iv_random_size") == 0)
+		return parse_size(&options->cipher_iv_random_size, optarg);
 
 	/* Authentication options */
 	else if (strcmp(lgopts[option_index].name, "auth_algo") == 0) {
@@ -1115,6 +1148,20 @@ l2fwd_crypto_parse_args_long_options(struct l2fwd_crypto_options *options,
 		return parse_size(&options->akey_random_size, optarg);
 	}
 
+
+	else if (strcmp(lgopts[option_index].name, "auth_iv") == 0) {
+		options->auth_iv_param = 1;
+		options->auth_iv.length =
+			parse_key(options->auth_iv.data, optarg);
+		if (options->auth_iv.length > 0)
+			return 0;
+		else
+			return -1;
+	}
+
+	else if (strcmp(lgopts[option_index].name, "auth_iv_random_size") == 0)
+		return parse_size(&options->auth_iv_random_size, optarg);
+
 	else if (strcmp(lgopts[option_index].name, "aad") == 0) {
 		options->aad_param = 1;
 		options->aad.length =
@@ -1233,9 +1280,9 @@ l2fwd_crypto_default_options(struct l2fwd_crypto_options *options)
 	options->ckey_param = 0;
 	options->ckey_random_size = -1;
 	options->cipher_xform.cipher.key.length = 0;
-	options->iv_param = 0;
-	options->iv_random_size = -1;
-	options->iv.length = 0;
+	options->cipher_iv_param = 0;
+	options->cipher_iv_random_size = -1;
+	options->cipher_iv.length = 0;
 
 	options->cipher_xform.cipher.algo = RTE_CRYPTO_CIPHER_AES_CBC;
 	options->cipher_xform.cipher.op = RTE_CRYPTO_CIPHER_OP_ENCRYPT;
@@ -1246,6 +1293,9 @@ l2fwd_crypto_default_options(struct l2fwd_crypto_options *options)
 	options->akey_param = 0;
 	options->akey_random_size = -1;
 	options->auth_xform.auth.key.length = 0;
+	options->auth_iv_param = 0;
+	options->auth_iv_random_size = -1;
+	options->auth_iv.length = 0;
 	options->aad_param = 0;
 	options->aad_random_size = -1;
 	options->aad.length = 0;
@@ -1267,7 +1317,7 @@ display_cipher_info(struct l2fwd_crypto_options *options)
 	rte_hexdump(stdout, "Cipher key:",
 			options->cipher_xform.cipher.key.data,
 			options->cipher_xform.cipher.key.length);
-	rte_hexdump(stdout, "IV:", options->iv.data, options->iv.length);
+	rte_hexdump(stdout, "IV:", options->cipher_iv.data, options->cipher_iv.length);
 }
 
 static void
@@ -1279,6 +1329,7 @@ display_auth_info(struct l2fwd_crypto_options *options)
 	rte_hexdump(stdout, "Auth key:",
 			options->auth_xform.auth.key.data,
 			options->auth_xform.auth.key.length);
+	rte_hexdump(stdout, "IV:", options->auth_iv.data, options->auth_iv.length);
 	rte_hexdump(stdout, "AAD:", options->aad.data, options->aad.length);
 }
 
@@ -1316,8 +1367,11 @@ l2fwd_crypto_options_print(struct l2fwd_crypto_options *options)
 	if (options->akey_param && (options->akey_random_size != -1))
 		printf("Auth key already parsed, ignoring size of random key\n");
 
-	if (options->iv_param && (options->iv_random_size != -1))
-		printf("IV already parsed, ignoring size of random IV\n");
+	if (options->cipher_iv_param && (options->cipher_iv_random_size != -1))
+		printf("Cipher IV already parsed, ignoring size of random IV\n");
+
+	if (options->auth_iv_param && (options->auth_iv_random_size != -1))
+		printf("Auth IV already parsed, ignoring size of random IV\n");
 
 	if (options->aad_param && (options->aad_random_size != -1))
 		printf("AAD already parsed, ignoring size of random AAD\n");
@@ -1365,14 +1419,16 @@ l2fwd_crypto_parse_args(struct l2fwd_crypto_options *options,
 			{ "cipher_op", required_argument, 0, 0 },
 			{ "cipher_key", required_argument, 0, 0 },
 			{ "cipher_key_random_size", required_argument, 0, 0 },
+			{ "cipher_iv", required_argument, 0, 0 },
+			{ "cipher_iv_random_size", required_argument, 0, 0 },
 
 			{ "auth_algo", required_argument, 0, 0 },
 			{ "auth_op", required_argument, 0, 0 },
 			{ "auth_key", required_argument, 0, 0 },
 			{ "auth_key_random_size", required_argument, 0, 0 },
+			{ "auth_iv", required_argument, 0, 0 },
+			{ "auth_iv_random_size", required_argument, 0, 0 },
 
-			{ "iv", required_argument, 0, 0 },
-			{ "iv_random_size", required_argument, 0, 0 },
 			{ "aad", required_argument, 0, 0 },
 			{ "aad_random_size", required_argument, 0, 0 },
 			{ "digest_size", required_argument, 0, 0 },
@@ -1660,8 +1716,10 @@ initialize_cryptodevs(struct l2fwd_crypto_options *options, unsigned nb_ports,
 
 			options->block_size = cap->sym.cipher.block_size;
 
-			check_iv_param(&cap->sym.cipher.iv_size, options->iv_param,
-					options->iv_random_size, &options->iv.length);
+			check_iv_param(&cap->sym.cipher.iv_size,
+					options->cipher_iv_param,
+					options->cipher_iv_random_size,
+					&options->cipher_iv.length);
 
 			/*
 			 * Check if length of provided cipher key is supported
@@ -1731,6 +1789,10 @@ initialize_cryptodevs(struct l2fwd_crypto_options *options, unsigned nb_ports,
 				continue;
 			}
 
+			check_iv_param(&cap->sym.auth.iv_size,
+					options->auth_iv_param,
+					options->auth_iv_random_size,
+					&options->auth_iv.length);
 			/*
 			 * Check if length of provided AAD is supported
 			 * by the algorithm chosen.
@@ -1972,9 +2034,13 @@ reserve_key_memory(struct l2fwd_crypto_options *options)
 	if (options->auth_xform.auth.key.data == NULL)
 		rte_exit(EXIT_FAILURE, "Failed to allocate memory for auth key");
 
-	options->iv.data = rte_malloc("iv", MAX_KEY_SIZE, 0);
-	if (options->iv.data == NULL)
-		rte_exit(EXIT_FAILURE, "Failed to allocate memory for IV");
+	options->cipher_iv.data = rte_malloc("cipher iv", MAX_KEY_SIZE, 0);
+	if (options->cipher_iv.data == NULL)
+		rte_exit(EXIT_FAILURE, "Failed to allocate memory for cipher IV");
+
+	options->auth_iv.data = rte_malloc("auth iv", MAX_KEY_SIZE, 0);
+	if (options->auth_iv.data == NULL)
+		rte_exit(EXIT_FAILURE, "Failed to allocate memory for auth IV");
 
 	options->aad.data = rte_malloc("aad", MAX_KEY_SIZE, 0);
 	if (options->aad.data == NULL)
diff --git a/lib/librte_cryptodev/rte_crypto_sym.h b/lib/librte_cryptodev/rte_crypto_sym.h
index c1a1e27..0e84bad 100644
--- a/lib/librte_cryptodev/rte_crypto_sym.h
+++ b/lib/librte_cryptodev/rte_crypto_sym.h
@@ -393,6 +393,30 @@ struct rte_crypto_auth_xform {
 	 *  of the AAD data is specified in additional authentication data
 	 *  length field of the rte_crypto_sym_op_data structure
 	 */
+
+	struct {
+		uint16_t offset;
+		/**< Starting point for Initialisation Vector or Counter,
+		 * specified as number of bytes from start of crypto
+		 * operation (rte_crypto_op).
+		 *
+		 * - For KASUMI in F9 mode, SNOW 3G in UIA2 mode,
+		 *   for ZUC in EIA3 mode and for AES-GMAC, this is the
+		 *   authentication Initialisation Vector (IV) value.
+		 *
+		 *
+		 * For optimum performance, the data pointed to SHOULD
+		 * be 8-byte aligned.
+		 */
+		uint16_t length;
+		/**< Length of valid IV data.
+		 *
+		 * - For KASUMI in F9 mode, SNOW3G in UIA2 mode, for
+		 *   ZUC in EIA3 mode and for AES-GMAC, this is the length
+		 *   of the IV.
+		 *
+		 */
+	} iv;	/**< Initialisation vector parameters */
 };
 
 /** Crypto transformation types */
diff --git a/lib/librte_cryptodev/rte_cryptodev.c b/lib/librte_cryptodev/rte_cryptodev.c
index a466ed7..5aa177f 100644
--- a/lib/librte_cryptodev/rte_cryptodev.c
+++ b/lib/librte_cryptodev/rte_cryptodev.c
@@ -272,7 +272,8 @@ rte_cryptodev_sym_capability_check_cipher(
 int
 rte_cryptodev_sym_capability_check_auth(
 		const struct rte_cryptodev_symmetric_capability *capability,
-		uint16_t key_size, uint16_t digest_size, uint16_t aad_size)
+		uint16_t key_size, uint16_t digest_size, uint16_t aad_size,
+		uint16_t iv_size)
 {
 	if (param_range_check(key_size, capability->auth.key_size))
 		return -1;
@@ -283,6 +284,9 @@ rte_cryptodev_sym_capability_check_auth(
 	if (param_range_check(aad_size, capability->auth.aad_size))
 		return -1;
 
+	if (param_range_check(iv_size, capability->auth.iv_size))
+		return -1;
+
 	return 0;
 }
 
diff --git a/lib/librte_cryptodev/rte_cryptodev.h b/lib/librte_cryptodev/rte_cryptodev.h
index 91f3375..75b423a 100644
--- a/lib/librte_cryptodev/rte_cryptodev.h
+++ b/lib/librte_cryptodev/rte_cryptodev.h
@@ -184,6 +184,8 @@ struct rte_cryptodev_symmetric_capability {
 			/**< digest size range */
 			struct rte_crypto_param_range aad_size;
 			/**< Additional authentication data size range */
+			struct rte_crypto_param_range iv_size;
+			/**< Initialisation vector data size range */
 		} auth;
 		/**< Symmetric Authentication transform capabilities */
 		struct {
@@ -260,6 +262,7 @@ rte_cryptodev_sym_capability_check_cipher(
  * @param	key_size	Auth key size.
  * @param	digest_size	Auth digest size.
  * @param	aad_size	Auth aad size.
+ * @param	iv_size		Auth initial vector size.
  *
  * @return
  *   - Return 0 if the parameters are in range of the capability.
@@ -268,7 +271,8 @@ rte_cryptodev_sym_capability_check_cipher(
 int
 rte_cryptodev_sym_capability_check_auth(
 		const struct rte_cryptodev_symmetric_capability *capability,
-		uint16_t key_size, uint16_t digest_size, uint16_t aad_size);
+		uint16_t key_size, uint16_t digest_size, uint16_t aad_size,
+		uint16_t iv_size);
 
 /**
  * Provide the cipher algorithm enum, given an algorithm string
-- 
2.9.4

^ permalink raw reply	[flat|nested] 100+ messages in thread

* [dpdk-dev] [PATCH v3 15/26] cryptodev: do not use AAD in wireless algorithms
  2017-06-29 11:34   ` [dpdk-dev] [PATCH v3 00/26] Crypto operation restructuring Pablo de Lara
                       ` (13 preceding siblings ...)
  2017-06-29 11:35     ` [dpdk-dev] [PATCH v3 14/26] cryptodev: add auth IV Pablo de Lara
@ 2017-06-29 11:35     ` Pablo de Lara
  2017-06-29 11:35     ` [dpdk-dev] [PATCH v3 16/26] cryptodev: remove AAD length from crypto op Pablo de Lara
                       ` (12 subsequent siblings)
  27 siblings, 0 replies; 100+ messages in thread
From: Pablo de Lara @ 2017-06-29 11:35 UTC (permalink / raw)
  To: declan.doherty, zbigniew.bodek, jerin.jacob, akhil.goyal,
	hemant.agrawal, fiona.trahe, john.griffin, deepak.k.jain
  Cc: dev, Pablo de Lara

For wireless algorithms (SNOW3G, KASUMI, ZUC),
the IV for the authentication algorithms (F9, UIA2 and EIA3)
was taken from the AAD parameter, as there was no IV parameter
in the authentication structure.

Now that IV is available for all algorithms, there is need
to keep doing this, so AAD is not used for these algorithms
anymore.

Signed-off-by: Pablo de Lara <pablo.de.lara.guarch@intel.com>
Acked-by: Akhil Goyal <akhil.goyal@nxp.com>
---
 app/test-crypto-perf/cperf_test_vectors.c          |   6 -
 drivers/crypto/kasumi/rte_kasumi_pmd.c             |  25 +-
 drivers/crypto/kasumi/rte_kasumi_pmd_ops.c         |   4 +-
 drivers/crypto/kasumi/rte_kasumi_pmd_private.h     |   3 +-
 drivers/crypto/qat/qat_adf/qat_algs.h              |   6 +-
 drivers/crypto/qat/qat_adf/qat_algs_build_desc.c   |   6 +-
 drivers/crypto/qat/qat_crypto.c                    |  49 ++-
 drivers/crypto/qat/qat_crypto_capabilities.h       |  12 +-
 drivers/crypto/snow3g/rte_snow3g_pmd.c             |  26 +-
 drivers/crypto/snow3g/rte_snow3g_pmd_ops.c         |   4 +-
 drivers/crypto/snow3g/rte_snow3g_pmd_private.h     |   3 +-
 drivers/crypto/zuc/rte_zuc_pmd.c                   |  24 +-
 drivers/crypto/zuc/rte_zuc_pmd_ops.c               |   4 +-
 drivers/crypto/zuc/rte_zuc_pmd_private.h           |   3 +-
 lib/librte_cryptodev/rte_crypto_sym.h              |   7 +-
 test/test/test_cryptodev.c                         | 418 ++++++++-------------
 .../test/test_cryptodev_kasumi_hash_test_vectors.h |  16 +-
 test/test/test_cryptodev_kasumi_test_vectors.h     |  20 +-
 test/test/test_cryptodev_perf.c                    |  20 +-
 .../test/test_cryptodev_snow3g_hash_test_vectors.h |  14 +-
 test/test/test_cryptodev_snow3g_test_vectors.h     |  24 +-
 test/test/test_cryptodev_zuc_test_vectors.h        |  38 +-
 22 files changed, 322 insertions(+), 410 deletions(-)

diff --git a/app/test-crypto-perf/cperf_test_vectors.c b/app/test-crypto-perf/cperf_test_vectors.c
index 6829b86..b67d0f4 100644
--- a/app/test-crypto-perf/cperf_test_vectors.c
+++ b/app/test-crypto-perf/cperf_test_vectors.c
@@ -456,12 +456,6 @@ cperf_test_vector_get_dummy(struct cperf_options *options)
 			t_vec->auth_key.data = NULL;
 			aad_alloc = 1;
 			break;
-		case RTE_CRYPTO_AUTH_SNOW3G_UIA2:
-		case RTE_CRYPTO_AUTH_KASUMI_F9:
-		case RTE_CRYPTO_AUTH_ZUC_EIA3:
-			t_vec->auth_key.data = auth_key;
-			aad_alloc = 1;
-			break;
 		case RTE_CRYPTO_AUTH_AES_GMAC:
 			/* auth key should be the same as cipher key */
 			t_vec->auth_key.data = cipher_key;
diff --git a/drivers/crypto/kasumi/rte_kasumi_pmd.c b/drivers/crypto/kasumi/rte_kasumi_pmd.c
index c92f5d1..3a3ffa4 100644
--- a/drivers/crypto/kasumi/rte_kasumi_pmd.c
+++ b/drivers/crypto/kasumi/rte_kasumi_pmd.c
@@ -117,7 +117,7 @@ kasumi_set_session_parameters(struct kasumi_session *sess,
 		if (cipher_xform->cipher.algo != RTE_CRYPTO_CIPHER_KASUMI_F8)
 			return -EINVAL;
 
-		sess->iv_offset = cipher_xform->cipher.iv.offset;
+		sess->cipher_iv_offset = cipher_xform->cipher.iv.offset;
 		if (cipher_xform->cipher.iv.length != KASUMI_IV_LENGTH) {
 			KASUMI_LOG_ERR("Wrong IV length");
 			return -EINVAL;
@@ -133,6 +133,13 @@ kasumi_set_session_parameters(struct kasumi_session *sess,
 		if (auth_xform->auth.algo != RTE_CRYPTO_AUTH_KASUMI_F9)
 			return -EINVAL;
 		sess->auth_op = auth_xform->auth.op;
+
+		sess->auth_iv_offset = auth_xform->auth.iv.offset;
+		if (auth_xform->auth.iv.length != KASUMI_IV_LENGTH) {
+			KASUMI_LOG_ERR("Wrong IV length");
+			return -EINVAL;
+		}
+
 		/* Initialize key */
 		sso_kasumi_init_f9_key_sched(auth_xform->auth.key.data,
 				&sess->pKeySched_hash);
@@ -194,7 +201,7 @@ process_kasumi_cipher_op(struct rte_crypto_op **ops,
 			rte_pktmbuf_mtod(ops[i]->sym->m_src, uint8_t *) +
 				(ops[i]->sym->cipher.data.offset >> 3);
 		iv_ptr = rte_crypto_op_ctod_offset(ops[i], uint8_t *,
-				session->iv_offset);
+				session->cipher_iv_offset);
 		iv[i] = *((uint64_t *)(iv_ptr));
 		num_bytes[i] = ops[i]->sym->cipher.data.length >> 3;
 
@@ -227,7 +234,7 @@ process_kasumi_cipher_op_bit(struct rte_crypto_op *op,
 	}
 	dst = rte_pktmbuf_mtod(op->sym->m_dst, uint8_t *);
 	iv_ptr = rte_crypto_op_ctod_offset(op, uint8_t *,
-			session->iv_offset);
+			session->cipher_iv_offset);
 	iv = *((uint64_t *)(iv_ptr));
 	length_in_bits = op->sym->cipher.data.length;
 
@@ -246,6 +253,7 @@ process_kasumi_hash_op(struct rte_crypto_op **ops,
 	unsigned i;
 	uint8_t processed_ops = 0;
 	uint8_t *src, *dst;
+	uint8_t *iv_ptr;
 	uint32_t length_in_bits;
 	uint32_t num_bytes;
 	uint32_t shift_bits;
@@ -253,12 +261,6 @@ process_kasumi_hash_op(struct rte_crypto_op **ops,
 	uint8_t direction;
 
 	for (i = 0; i < num_ops; i++) {
-		if (unlikely(ops[i]->sym->auth.aad.length != KASUMI_IV_LENGTH)) {
-			ops[i]->status = RTE_CRYPTO_OP_STATUS_INVALID_ARGS;
-			KASUMI_LOG_ERR("aad");
-			break;
-		}
-
 		if (unlikely(ops[i]->sym->auth.digest.length != KASUMI_DIGEST_LENGTH)) {
 			ops[i]->status = RTE_CRYPTO_OP_STATUS_INVALID_ARGS;
 			KASUMI_LOG_ERR("digest");
@@ -276,8 +278,9 @@ process_kasumi_hash_op(struct rte_crypto_op **ops,
 
 		src = rte_pktmbuf_mtod(ops[i]->sym->m_src, uint8_t *) +
 				(ops[i]->sym->auth.data.offset >> 3);
-		/* IV from AAD */
-		iv = *((uint64_t *)(ops[i]->sym->auth.aad.data));
+		iv_ptr = rte_crypto_op_ctod_offset(ops[i], uint8_t *,
+				session->auth_iv_offset);
+		iv = *((uint64_t *)(iv_ptr));
 		/* Direction from next bit after end of message */
 		num_bytes = (length_in_bits >> 3) + 1;
 		shift_bits = (BYTE_LEN - 1 - length_in_bits) % BYTE_LEN;
diff --git a/drivers/crypto/kasumi/rte_kasumi_pmd_ops.c b/drivers/crypto/kasumi/rte_kasumi_pmd_ops.c
index 8f1a116..e6f4d31 100644
--- a/drivers/crypto/kasumi/rte_kasumi_pmd_ops.c
+++ b/drivers/crypto/kasumi/rte_kasumi_pmd_ops.c
@@ -56,12 +56,12 @@ static const struct rte_cryptodev_capabilities kasumi_pmd_capabilities[] = {
 					.max = 4,
 					.increment = 0
 				},
-				.aad_size = {
+				.iv_size = {
 					.min = 8,
 					.max = 8,
 					.increment = 0
 				},
-				.iv_size = { 0 }
+				.aad_size = { 0 }
 			}, }
 		}, }
 	},
diff --git a/drivers/crypto/kasumi/rte_kasumi_pmd_private.h b/drivers/crypto/kasumi/rte_kasumi_pmd_private.h
index 6a0d47a..727cfe4 100644
--- a/drivers/crypto/kasumi/rte_kasumi_pmd_private.h
+++ b/drivers/crypto/kasumi/rte_kasumi_pmd_private.h
@@ -92,7 +92,8 @@ struct kasumi_session {
 	sso_kasumi_key_sched_t pKeySched_hash;
 	enum kasumi_operation op;
 	enum rte_crypto_auth_operation auth_op;
-	uint16_t iv_offset;
+	uint16_t cipher_iv_offset;
+	uint16_t auth_iv_offset;
 } __rte_cache_aligned;
 
 
diff --git a/drivers/crypto/qat/qat_adf/qat_algs.h b/drivers/crypto/qat/qat_adf/qat_algs.h
index e8fa3d3..f70c6cb 100644
--- a/drivers/crypto/qat/qat_adf/qat_algs.h
+++ b/drivers/crypto/qat/qat_adf/qat_algs.h
@@ -130,7 +130,11 @@ struct qat_session {
 	struct {
 		uint16_t offset;
 		uint16_t length;
-	} iv;
+	} cipher_iv;
+	struct {
+		uint16_t offset;
+		uint16_t length;
+	} auth_iv;
 	rte_spinlock_t lock;	/* protects this struct */
 };
 
diff --git a/drivers/crypto/qat/qat_adf/qat_algs_build_desc.c b/drivers/crypto/qat/qat_adf/qat_algs_build_desc.c
index 154e1dd..5bf9c86 100644
--- a/drivers/crypto/qat/qat_adf/qat_algs_build_desc.c
+++ b/drivers/crypto/qat/qat_adf/qat_algs_build_desc.c
@@ -837,8 +837,7 @@ int qat_alg_aead_session_create_content_desc_auth(struct qat_session *cdesc,
 				0, ICP_QAT_HW_SNOW_3G_UEA2_IV_SZ);
 		cdesc->cd_cur_ptr += sizeof(struct icp_qat_hw_cipher_config) +
 				authkeylen + ICP_QAT_HW_SNOW_3G_UEA2_IV_SZ;
-		auth_param->hash_state_sz =
-				RTE_ALIGN_CEIL(add_auth_data_length, 16) >> 3;
+		auth_param->hash_state_sz = ICP_QAT_HW_SNOW_3G_UEA2_IV_SZ >> 3;
 		break;
 	case ICP_QAT_HW_AUTH_ALGO_ZUC_3G_128_EIA3:
 		hash->auth_config.config =
@@ -854,8 +853,7 @@ int qat_alg_aead_session_create_content_desc_auth(struct qat_session *cdesc,
 		memcpy(cdesc->cd_cur_ptr + state1_size, authkey, authkeylen);
 		cdesc->cd_cur_ptr += state1_size + state2_size
 			+ ICP_QAT_HW_ZUC_3G_EEA3_IV_SZ;
-		auth_param->hash_state_sz =
-				RTE_ALIGN_CEIL(add_auth_data_length, 16) >> 3;
+		auth_param->hash_state_sz = ICP_QAT_HW_ZUC_3G_EEA3_IV_SZ >> 3;
 
 		break;
 	case ICP_QAT_HW_AUTH_ALGO_MD5:
diff --git a/drivers/crypto/qat/qat_crypto.c b/drivers/crypto/qat/qat_crypto.c
index 5d7b68e..8f5532e 100644
--- a/drivers/crypto/qat/qat_crypto.c
+++ b/drivers/crypto/qat/qat_crypto.c
@@ -298,8 +298,8 @@ qat_crypto_sym_configure_session_cipher(struct rte_cryptodev *dev,
 	/* Get cipher xform from crypto xform chain */
 	cipher_xform = qat_get_cipher_xform(xform);
 
-	session->iv.offset = cipher_xform->iv.offset;
-	session->iv.length = cipher_xform->iv.length;
+	session->cipher_iv.offset = cipher_xform->iv.offset;
+	session->cipher_iv.length = cipher_xform->iv.length;
 
 	switch (cipher_xform->algo) {
 	case RTE_CRYPTO_CIPHER_AES_CBC:
@@ -584,6 +584,9 @@ qat_crypto_sym_configure_session_auth(struct rte_cryptodev *dev,
 	}
 	cipher_xform = qat_get_cipher_xform(xform);
 
+	session->auth_iv.offset = auth_xform->iv.offset;
+	session->auth_iv.length = auth_xform->iv.length;
+
 	if ((session->qat_hash_alg == ICP_QAT_HW_AUTH_ALGO_GALOIS_128) ||
 			(session->qat_hash_alg ==
 				ICP_QAT_HW_AUTH_ALGO_GALOIS_64))  {
@@ -646,7 +649,7 @@ qat_bpicipher_preprocess(struct qat_session *ctx,
 		else
 			/* runt block, i.e. less than one full block */
 			iv = rte_crypto_op_ctod_offset(op, uint8_t *,
-					ctx->iv.offset);
+					ctx->cipher_iv.offset);
 
 #ifdef RTE_LIBRTE_PMD_QAT_DEBUG_TX
 		rte_hexdump(stdout, "BPI: src before pre-process:", last_block,
@@ -702,7 +705,7 @@ qat_bpicipher_postprocess(struct qat_session *ctx,
 		else
 			/* runt block, i.e. less than one full block */
 			iv = rte_crypto_op_ctod_offset(op, uint8_t *,
-					ctx->iv.offset);
+					ctx->cipher_iv.offset);
 
 #ifdef RTE_LIBRTE_PMD_QAT_DEBUG_RX
 		rte_hexdump(stdout, "BPI: src before post-process:", last_block,
@@ -903,8 +906,7 @@ qat_write_hw_desc_entry(struct rte_crypto_op *op, uint8_t *out_msg,
 	uint32_t min_ofs = 0;
 	uint64_t src_buf_start = 0, dst_buf_start = 0;
 	uint8_t do_sgl = 0;
-	uint8_t *iv_ptr;
-
+	uint8_t *cipher_iv_ptr = NULL;
 
 #ifdef RTE_LIBRTE_PMD_QAT_DEBUG_TX
 	if (unlikely(op->type != RTE_CRYPTO_OP_TYPE_SYMMETRIC)) {
@@ -977,21 +979,21 @@ qat_write_hw_desc_entry(struct rte_crypto_op *op, uint8_t *out_msg,
 			cipher_ofs = op->sym->cipher.data.offset;
 		}
 
-		iv_ptr = rte_crypto_op_ctod_offset(op, uint8_t *,
-					ctx->iv.offset);
+		cipher_iv_ptr = rte_crypto_op_ctod_offset(op, uint8_t *,
+					ctx->cipher_iv.offset);
 		/* copy IV into request if it fits */
-		if (ctx->iv.length <=
+		if (ctx->cipher_iv.length <=
 				sizeof(cipher_param->u.cipher_IV_array)) {
 			rte_memcpy(cipher_param->u.cipher_IV_array,
-					iv_ptr,
-					ctx->iv.length);
+					cipher_iv_ptr,
+					ctx->cipher_iv.length);
 		} else {
 			ICP_QAT_FW_LA_CIPH_IV_FLD_FLAG_SET(
 					qat_req->comn_hdr.serv_specif_flags,
 					ICP_QAT_FW_CIPH_IV_64BIT_PTR);
 			cipher_param->u.s.cipher_IV_ptr =
 					rte_crypto_op_ctophys_offset(op,
-						ctx->iv.offset);
+						ctx->cipher_iv.offset);
 		}
 		min_ofs = cipher_ofs;
 	}
@@ -1022,7 +1024,10 @@ qat_write_hw_desc_entry(struct rte_crypto_op *op, uint8_t *out_msg,
 					auth_len = auth_len + auth_ofs + 1;
 					auth_ofs = 0;
 				}
-			}
+			} else
+				auth_param->u1.aad_adr =
+					rte_crypto_op_ctophys_offset(op,
+							ctx->auth_iv.offset);
 
 		} else if (ctx->qat_hash_alg ==
 					ICP_QAT_HW_AUTH_ALGO_GALOIS_128 ||
@@ -1030,16 +1035,17 @@ qat_write_hw_desc_entry(struct rte_crypto_op *op, uint8_t *out_msg,
 					ICP_QAT_HW_AUTH_ALGO_GALOIS_64) {
 			auth_ofs = op->sym->cipher.data.offset;
 			auth_len = op->sym->cipher.data.length;
+
+			auth_param->u1.aad_adr = op->sym->auth.aad.phys_addr;
 		} else {
 			auth_ofs = op->sym->auth.data.offset;
 			auth_len = op->sym->auth.data.length;
+
 		}
 		min_ofs = auth_ofs;
 
 		auth_param->auth_res_addr = op->sym->auth.digest.phys_addr;
 
-		auth_param->u1.aad_adr = op->sym->auth.aad.phys_addr;
-
 	}
 
 	if (op->sym->m_src->next || (op->sym->m_dst && op->sym->m_dst->next))
@@ -1147,7 +1153,7 @@ qat_write_hw_desc_entry(struct rte_crypto_op *op, uint8_t *out_msg,
 
 	if (ctx->qat_hash_alg == ICP_QAT_HW_AUTH_ALGO_GALOIS_128 ||
 			ctx->qat_hash_alg == ICP_QAT_HW_AUTH_ALGO_GALOIS_64) {
-		if (ctx->iv.length == 12) {
+		if (ctx->cipher_iv.length == 12) {
 			/*
 			 * For GCM a 12 bit IV is allowed,
 			 * but we need to inform the f/w
@@ -1182,10 +1188,17 @@ qat_write_hw_desc_entry(struct rte_crypto_op *op, uint8_t *out_msg,
 			rte_pktmbuf_mtod(op->sym->m_src, uint8_t*),
 			rte_pktmbuf_data_len(op->sym->m_src));
 	if (do_cipher)
-		rte_hexdump(stdout, "iv:", iv_ptr,
-				ctx->iv.length);
+		rte_hexdump(stdout, "cipher iv:", cipher_iv_ptr,
+				ctx->cipher_iv.length);
 
 	if (do_auth) {
+		if (ctx->auth_iv.length) {
+			uint8_t *auth_iv_ptr = rte_crypto_op_ctod_offset(op,
+							uint8_t *,
+							ctx->auth_iv.offset);
+			rte_hexdump(stdout, "auth iv:", auth_iv_ptr,
+						ctx->auth_iv.length);
+		}
 		rte_hexdump(stdout, "digest:", op->sym->auth.digest.data,
 				op->sym->auth.digest.length);
 		rte_hexdump(stdout, "aad:", op->sym->auth.aad.data,
diff --git a/drivers/crypto/qat/qat_crypto_capabilities.h b/drivers/crypto/qat/qat_crypto_capabilities.h
index 4bc2c97..fbff148 100644
--- a/drivers/crypto/qat/qat_crypto_capabilities.h
+++ b/drivers/crypto/qat/qat_crypto_capabilities.h
@@ -258,12 +258,12 @@
 					.max = 4,			\
 					.increment = 0			\
 				},					\
-				.aad_size = {				\
+				.iv_size = {				\
 					.min = 16,			\
 					.max = 16,			\
 					.increment = 0			\
 				},					\
-				.iv_size = { 0 }			\
+				.aad_size = { 0 }			\
 			}, }						\
 		}, }							\
 	},								\
@@ -446,12 +446,12 @@
 					.max = 4,			\
 					.increment = 0			\
 				},					\
-				.aad_size = {				\
+				.iv_size = {				\
 					.min = 8,			\
 					.max = 8,			\
 					.increment = 0			\
 				},					\
-				.iv_size = { 0 }			\
+				.aad_size = { 0 }			\
 			}, }						\
 		}, }							\
 	},								\
@@ -574,12 +574,12 @@
 					.max = 4,			\
 					.increment = 0			\
 				},					\
-				.aad_size = {				\
+				.iv_size = {				\
 					.min = 16,			\
 					.max = 16,			\
 					.increment = 0			\
 				},					\
-				.iv_size = { 0 }			\
+				.aad_size = { 0 }			\
 			}, }						\
 		}, }							\
 	}
diff --git a/drivers/crypto/snow3g/rte_snow3g_pmd.c b/drivers/crypto/snow3g/rte_snow3g_pmd.c
index 4e93f64..afb5e92 100644
--- a/drivers/crypto/snow3g/rte_snow3g_pmd.c
+++ b/drivers/crypto/snow3g/rte_snow3g_pmd.c
@@ -121,7 +121,7 @@ snow3g_set_session_parameters(struct snow3g_session *sess,
 			SNOW3G_LOG_ERR("Wrong IV length");
 			return -EINVAL;
 		}
-		sess->iv_offset = cipher_xform->cipher.iv.offset;
+		sess->cipher_iv_offset = cipher_xform->cipher.iv.offset;
 
 		/* Initialize key */
 		sso_snow3g_init_key_sched(cipher_xform->cipher.key.data,
@@ -133,6 +133,13 @@ snow3g_set_session_parameters(struct snow3g_session *sess,
 		if (auth_xform->auth.algo != RTE_CRYPTO_AUTH_SNOW3G_UIA2)
 			return -EINVAL;
 		sess->auth_op = auth_xform->auth.op;
+
+		if (auth_xform->auth.iv.length != SNOW3G_IV_LENGTH) {
+			SNOW3G_LOG_ERR("Wrong IV length");
+			return -EINVAL;
+		}
+		sess->auth_iv_offset = auth_xform->auth.iv.offset;
+
 		/* Initialize key */
 		sso_snow3g_init_key_sched(auth_xform->auth.key.data,
 				&sess->pKeySched_hash);
@@ -193,7 +200,7 @@ process_snow3g_cipher_op(struct rte_crypto_op **ops,
 			rte_pktmbuf_mtod(ops[i]->sym->m_src, uint8_t *) +
 				(ops[i]->sym->cipher.data.offset >> 3);
 		iv[i] = rte_crypto_op_ctod_offset(ops[i], uint8_t *,
-				session->iv_offset);
+				session->cipher_iv_offset);
 		num_bytes[i] = ops[i]->sym->cipher.data.length >> 3;
 
 		processed_ops++;
@@ -223,7 +230,7 @@ process_snow3g_cipher_op_bit(struct rte_crypto_op *op,
 	}
 	dst = rte_pktmbuf_mtod(op->sym->m_dst, uint8_t *);
 	iv = rte_crypto_op_ctod_offset(op, uint8_t *,
-				session->iv_offset);
+				session->cipher_iv_offset);
 	length_in_bits = op->sym->cipher.data.length;
 
 	sso_snow3g_f8_1_buffer_bit(&session->pKeySched_cipher, iv,
@@ -242,14 +249,9 @@ process_snow3g_hash_op(struct rte_crypto_op **ops,
 	uint8_t processed_ops = 0;
 	uint8_t *src, *dst;
 	uint32_t length_in_bits;
+	uint8_t *iv;
 
 	for (i = 0; i < num_ops; i++) {
-		if (unlikely(ops[i]->sym->auth.aad.length != SNOW3G_IV_LENGTH)) {
-			ops[i]->status = RTE_CRYPTO_OP_STATUS_INVALID_ARGS;
-			SNOW3G_LOG_ERR("aad");
-			break;
-		}
-
 		if (unlikely(ops[i]->sym->auth.digest.length != SNOW3G_DIGEST_LENGTH)) {
 			ops[i]->status = RTE_CRYPTO_OP_STATUS_INVALID_ARGS;
 			SNOW3G_LOG_ERR("digest");
@@ -267,13 +269,15 @@ process_snow3g_hash_op(struct rte_crypto_op **ops,
 
 		src = rte_pktmbuf_mtod(ops[i]->sym->m_src, uint8_t *) +
 				(ops[i]->sym->auth.data.offset >> 3);
+		iv = rte_crypto_op_ctod_offset(ops[i], uint8_t *,
+				session->auth_iv_offset);
 
 		if (session->auth_op == RTE_CRYPTO_AUTH_OP_VERIFY) {
 			dst = (uint8_t *)rte_pktmbuf_append(ops[i]->sym->m_src,
 					ops[i]->sym->auth.digest.length);
 
 			sso_snow3g_f9_1_buffer(&session->pKeySched_hash,
-					ops[i]->sym->auth.aad.data, src,
+					iv, src,
 					length_in_bits,	dst);
 			/* Verify digest. */
 			if (memcmp(dst, ops[i]->sym->auth.digest.data,
@@ -287,7 +291,7 @@ process_snow3g_hash_op(struct rte_crypto_op **ops,
 			dst = ops[i]->sym->auth.digest.data;
 
 			sso_snow3g_f9_1_buffer(&session->pKeySched_hash,
-					ops[i]->sym->auth.aad.data, src,
+					iv, src,
 					length_in_bits, dst);
 		}
 		processed_ops++;
diff --git a/drivers/crypto/snow3g/rte_snow3g_pmd_ops.c b/drivers/crypto/snow3g/rte_snow3g_pmd_ops.c
index 68ede97..0a56b5d 100644
--- a/drivers/crypto/snow3g/rte_snow3g_pmd_ops.c
+++ b/drivers/crypto/snow3g/rte_snow3g_pmd_ops.c
@@ -56,12 +56,12 @@ static const struct rte_cryptodev_capabilities snow3g_pmd_capabilities[] = {
 					.max = 4,
 					.increment = 0
 				},
-				.aad_size = {
+				.iv_size = {
 					.min = 16,
 					.max = 16,
 					.increment = 0
 				},
-				.iv_size = { 0 },
+				.aad_size = { 0 }
 			}, }
 		}, }
 	},
diff --git a/drivers/crypto/snow3g/rte_snow3g_pmd_private.h b/drivers/crypto/snow3g/rte_snow3g_pmd_private.h
index e8943a7..c5733fb 100644
--- a/drivers/crypto/snow3g/rte_snow3g_pmd_private.h
+++ b/drivers/crypto/snow3g/rte_snow3g_pmd_private.h
@@ -91,7 +91,8 @@ struct snow3g_session {
 	enum rte_crypto_auth_operation auth_op;
 	sso_snow3g_key_schedule_t pKeySched_cipher;
 	sso_snow3g_key_schedule_t pKeySched_hash;
-	uint16_t iv_offset;
+	uint16_t cipher_iv_offset;
+	uint16_t auth_iv_offset;
 } __rte_cache_aligned;
 
 
diff --git a/drivers/crypto/zuc/rte_zuc_pmd.c b/drivers/crypto/zuc/rte_zuc_pmd.c
index f3cb5f0..c79ea6e 100644
--- a/drivers/crypto/zuc/rte_zuc_pmd.c
+++ b/drivers/crypto/zuc/rte_zuc_pmd.c
@@ -120,7 +120,7 @@ zuc_set_session_parameters(struct zuc_session *sess,
 			ZUC_LOG_ERR("Wrong IV length");
 			return -EINVAL;
 		}
-		sess->iv_offset = cipher_xform->cipher.iv.offset;
+		sess->cipher_iv_offset = cipher_xform->cipher.iv.offset;
 
 		/* Copy the key */
 		memcpy(sess->pKey_cipher, cipher_xform->cipher.key.data,
@@ -132,6 +132,13 @@ zuc_set_session_parameters(struct zuc_session *sess,
 		if (auth_xform->auth.algo != RTE_CRYPTO_AUTH_ZUC_EIA3)
 			return -EINVAL;
 		sess->auth_op = auth_xform->auth.op;
+
+		if (auth_xform->auth.iv.length != ZUC_IV_KEY_LENGTH) {
+			ZUC_LOG_ERR("Wrong IV length");
+			return -EINVAL;
+		}
+		sess->auth_iv_offset = auth_xform->auth.iv.offset;
+
 		/* Copy the key */
 		memcpy(sess->pKey_hash, auth_xform->auth.key.data,
 				ZUC_IV_KEY_LENGTH);
@@ -214,7 +221,7 @@ process_zuc_cipher_op(struct rte_crypto_op **ops,
 			rte_pktmbuf_mtod(ops[i]->sym->m_src, uint8_t *) +
 				(ops[i]->sym->cipher.data.offset >> 3);
 		iv[i] = rte_crypto_op_ctod_offset(ops[i], uint8_t *,
-				session->iv_offset);
+				session->cipher_iv_offset);
 		num_bytes[i] = ops[i]->sym->cipher.data.length >> 3;
 
 		cipher_keys[i] = session->pKey_cipher;
@@ -239,14 +246,9 @@ process_zuc_hash_op(struct rte_crypto_op **ops,
 	uint8_t *src;
 	uint32_t *dst;
 	uint32_t length_in_bits;
+	uint8_t *iv;
 
 	for (i = 0; i < num_ops; i++) {
-		if (unlikely(ops[i]->sym->auth.aad.length != ZUC_IV_KEY_LENGTH)) {
-			ops[i]->status = RTE_CRYPTO_OP_STATUS_INVALID_ARGS;
-			ZUC_LOG_ERR("aad");
-			break;
-		}
-
 		if (unlikely(ops[i]->sym->auth.digest.length != ZUC_DIGEST_LENGTH)) {
 			ops[i]->status = RTE_CRYPTO_OP_STATUS_INVALID_ARGS;
 			ZUC_LOG_ERR("digest");
@@ -264,13 +266,15 @@ process_zuc_hash_op(struct rte_crypto_op **ops,
 
 		src = rte_pktmbuf_mtod(ops[i]->sym->m_src, uint8_t *) +
 				(ops[i]->sym->auth.data.offset >> 3);
+		iv = rte_crypto_op_ctod_offset(ops[i], uint8_t *,
+				session->auth_iv_offset);
 
 		if (session->auth_op == RTE_CRYPTO_AUTH_OP_VERIFY) {
 			dst = (uint32_t *)rte_pktmbuf_append(ops[i]->sym->m_src,
 					ops[i]->sym->auth.digest.length);
 
 			sso_zuc_eia3_1_buffer(session->pKey_hash,
-					ops[i]->sym->auth.aad.data, src,
+					iv, src,
 					length_in_bits,	dst);
 			/* Verify digest. */
 			if (memcmp(dst, ops[i]->sym->auth.digest.data,
@@ -284,7 +288,7 @@ process_zuc_hash_op(struct rte_crypto_op **ops,
 			dst = (uint32_t *)ops[i]->sym->auth.digest.data;
 
 			sso_zuc_eia3_1_buffer(session->pKey_hash,
-					ops[i]->sym->auth.aad.data, src,
+					iv, src,
 					length_in_bits, dst);
 		}
 		processed_ops++;
diff --git a/drivers/crypto/zuc/rte_zuc_pmd_ops.c b/drivers/crypto/zuc/rte_zuc_pmd_ops.c
index 02c3c4a..e97b8d2 100644
--- a/drivers/crypto/zuc/rte_zuc_pmd_ops.c
+++ b/drivers/crypto/zuc/rte_zuc_pmd_ops.c
@@ -56,12 +56,12 @@ static const struct rte_cryptodev_capabilities zuc_pmd_capabilities[] = {
 					.max = 4,
 					.increment = 0
 				},
-				.aad_size = {
+				.iv_size = {
 					.min = 16,
 					.max = 16,
 					.increment = 0
 				},
-				.iv_size = { 0 }
+				.aad_size = { 0 }
 			}, }
 		}, }
 	},
diff --git a/drivers/crypto/zuc/rte_zuc_pmd_private.h b/drivers/crypto/zuc/rte_zuc_pmd_private.h
index cee1b5d..173fe47 100644
--- a/drivers/crypto/zuc/rte_zuc_pmd_private.h
+++ b/drivers/crypto/zuc/rte_zuc_pmd_private.h
@@ -92,7 +92,8 @@ struct zuc_session {
 	enum rte_crypto_auth_operation auth_op;
 	uint8_t pKey_cipher[ZUC_IV_KEY_LENGTH];
 	uint8_t pKey_hash[ZUC_IV_KEY_LENGTH];
-	uint16_t iv_offset;
+	uint16_t cipher_iv_offset;
+	uint16_t auth_iv_offset;
 } __rte_cache_aligned;
 
 
diff --git a/lib/librte_cryptodev/rte_crypto_sym.h b/lib/librte_cryptodev/rte_crypto_sym.h
index 0e84bad..3ccb6fd 100644
--- a/lib/librte_cryptodev/rte_crypto_sym.h
+++ b/lib/librte_cryptodev/rte_crypto_sym.h
@@ -373,9 +373,6 @@ struct rte_crypto_auth_xform {
 	 * This field must be specified when the hash algorithm is one of the
 	 * following:
 	 *
-	 * - For SNOW 3G (@ref RTE_CRYPTO_AUTH_SNOW3G_UIA2), this is the
-	 *   length of the IV (which should be 16).
-	 *
 	 * - For GCM (@ref RTE_CRYPTO_AUTH_AES_GCM).  In this case, this is
 	 *   the length of the Additional Authenticated Data (called A, in NIST
 	 *   SP800-38D).
@@ -617,9 +614,7 @@ struct rte_crypto_sym_op {
 			uint8_t *data;
 			/**< Pointer to Additional Authenticated Data (AAD)
 			 * needed for authenticated cipher mechanisms (CCM and
-			 * GCM), and to the IV for SNOW 3G authentication
-			 * (@ref RTE_CRYPTO_AUTH_SNOW3G_UIA2). For other
-			 * authentication mechanisms this pointer is ignored.
+			 * GCM).
 			 *
 			 * The length of the data pointed to by this field is
 			 * set up for the session in the @ref
diff --git a/test/test/test_cryptodev.c b/test/test/test_cryptodev.c
index 828a91b..853e3bd 100644
--- a/test/test/test_cryptodev.c
+++ b/test/test/test_cryptodev.c
@@ -1774,7 +1774,7 @@ test_AES_chain_armv8_all(void)
 static int
 create_wireless_algo_hash_session(uint8_t dev_id,
 	const uint8_t *key, const uint8_t key_len,
-	const uint8_t aad_len, const uint8_t auth_len,
+	const uint8_t iv_len, const uint8_t auth_len,
 	enum rte_crypto_auth_operation op,
 	enum rte_crypto_auth_algorithm algo)
 {
@@ -1795,7 +1795,8 @@ create_wireless_algo_hash_session(uint8_t dev_id,
 	ut_params->auth_xform.auth.key.length = key_len;
 	ut_params->auth_xform.auth.key.data = hash_key;
 	ut_params->auth_xform.auth.digest_length = auth_len;
-	ut_params->auth_xform.auth.add_auth_data_length = aad_len;
+	ut_params->auth_xform.auth.iv.offset = IV_OFFSET;
+	ut_params->auth_xform.auth.iv.length = iv_len;
 	ut_params->sess = rte_cryptodev_sym_session_create(dev_id,
 				&ut_params->auth_xform);
 	TEST_ASSERT_NOT_NULL(ut_params->sess, "Session creation failed");
@@ -1903,9 +1904,9 @@ create_wireless_algo_cipher_auth_session(uint8_t dev_id,
 		enum rte_crypto_auth_operation auth_op,
 		enum rte_crypto_auth_algorithm auth_algo,
 		enum rte_crypto_cipher_algorithm cipher_algo,
-		const uint8_t *key, const uint8_t key_len,
-		const uint8_t aad_len, const uint8_t auth_len,
-		uint8_t iv_len)
+		const uint8_t *key, uint8_t key_len,
+		uint8_t auth_iv_len, uint8_t auth_len,
+		uint8_t cipher_iv_len)
 
 {
 	uint8_t cipher_auth_key[key_len];
@@ -1924,7 +1925,9 @@ create_wireless_algo_cipher_auth_session(uint8_t dev_id,
 	/* Hash key = cipher key */
 	ut_params->auth_xform.auth.key.data = cipher_auth_key;
 	ut_params->auth_xform.auth.digest_length = auth_len;
-	ut_params->auth_xform.auth.add_auth_data_length = aad_len;
+	/* Auth IV will be after cipher IV */
+	ut_params->auth_xform.auth.iv.offset = IV_OFFSET + cipher_iv_len;
+	ut_params->auth_xform.auth.iv.length = auth_iv_len;
 
 	/* Setup Cipher Parameters */
 	ut_params->cipher_xform.type = RTE_CRYPTO_SYM_XFORM_CIPHER;
@@ -1935,7 +1938,7 @@ create_wireless_algo_cipher_auth_session(uint8_t dev_id,
 	ut_params->cipher_xform.cipher.key.data = cipher_auth_key;
 	ut_params->cipher_xform.cipher.key.length = key_len;
 	ut_params->cipher_xform.cipher.iv.offset = IV_OFFSET;
-	ut_params->cipher_xform.cipher.iv.length = iv_len;
+	ut_params->cipher_xform.cipher.iv.length = cipher_iv_len;
 
 	TEST_HEXDUMP(stdout, "key:", key, key_len);
 
@@ -1960,9 +1963,9 @@ create_wireless_cipher_auth_session(uint8_t dev_id,
 
 	struct crypto_unittest_params *ut_params = &unittest_params;
 	const uint8_t *key = tdata->key.data;
-	const uint8_t aad_len = tdata->aad.len;
 	const uint8_t auth_len = tdata->digest.len;
-	uint8_t iv_len = tdata->iv.len;
+	uint8_t cipher_iv_len = tdata->cipher_iv.len;
+	uint8_t auth_iv_len = tdata->auth_iv.len;
 
 	memcpy(cipher_auth_key, key, key_len);
 
@@ -1976,7 +1979,9 @@ create_wireless_cipher_auth_session(uint8_t dev_id,
 	/* Hash key = cipher key */
 	ut_params->auth_xform.auth.key.data = cipher_auth_key;
 	ut_params->auth_xform.auth.digest_length = auth_len;
-	ut_params->auth_xform.auth.add_auth_data_length = aad_len;
+	/* Auth IV will be after cipher IV */
+	ut_params->auth_xform.auth.iv.offset = IV_OFFSET + cipher_iv_len;
+	ut_params->auth_xform.auth.iv.length = auth_iv_len;
 
 	/* Setup Cipher Parameters */
 	ut_params->cipher_xform.type = RTE_CRYPTO_SYM_XFORM_CIPHER;
@@ -1987,7 +1992,7 @@ create_wireless_cipher_auth_session(uint8_t dev_id,
 	ut_params->cipher_xform.cipher.key.data = cipher_auth_key;
 	ut_params->cipher_xform.cipher.key.length = key_len;
 	ut_params->cipher_xform.cipher.iv.offset = IV_OFFSET;
-	ut_params->cipher_xform.cipher.iv.length = iv_len;
+	ut_params->cipher_xform.cipher.iv.length = cipher_iv_len;
 
 
 	TEST_HEXDUMP(stdout, "key:", key, key_len);
@@ -2017,8 +2022,8 @@ create_wireless_algo_auth_cipher_session(uint8_t dev_id,
 		enum rte_crypto_auth_algorithm auth_algo,
 		enum rte_crypto_cipher_algorithm cipher_algo,
 		const uint8_t *key, const uint8_t key_len,
-		const uint8_t aad_len, const uint8_t auth_len,
-		uint8_t iv_len)
+		uint8_t auth_iv_len, uint8_t auth_len,
+		uint8_t cipher_iv_len)
 {
 	uint8_t auth_cipher_key[key_len];
 
@@ -2034,7 +2039,9 @@ create_wireless_algo_auth_cipher_session(uint8_t dev_id,
 	ut_params->auth_xform.auth.key.length = key_len;
 	ut_params->auth_xform.auth.key.data = auth_cipher_key;
 	ut_params->auth_xform.auth.digest_length = auth_len;
-	ut_params->auth_xform.auth.add_auth_data_length = aad_len;
+	/* Auth IV will be after cipher IV */
+	ut_params->auth_xform.auth.iv.offset = IV_OFFSET + cipher_iv_len;
+	ut_params->auth_xform.auth.iv.length = auth_iv_len;
 
 	/* Setup Cipher Parameters */
 	ut_params->cipher_xform.type = RTE_CRYPTO_SYM_XFORM_CIPHER;
@@ -2044,7 +2051,7 @@ create_wireless_algo_auth_cipher_session(uint8_t dev_id,
 	ut_params->cipher_xform.cipher.key.data = auth_cipher_key;
 	ut_params->cipher_xform.cipher.key.length = key_len;
 	ut_params->cipher_xform.cipher.iv.offset = IV_OFFSET;
-	ut_params->cipher_xform.cipher.iv.length = iv_len;
+	ut_params->cipher_xform.cipher.iv.length = cipher_iv_len;
 
 	TEST_HEXDUMP(stdout, "key:", key, key_len);
 
@@ -2059,19 +2066,16 @@ create_wireless_algo_auth_cipher_session(uint8_t dev_id,
 
 static int
 create_wireless_algo_hash_operation(const uint8_t *auth_tag,
-		const unsigned auth_tag_len,
-		const uint8_t *aad, const unsigned aad_len,
-		unsigned data_pad_len,
+		unsigned int auth_tag_len,
+		const uint8_t *iv, unsigned int iv_len,
+		unsigned int data_pad_len,
 		enum rte_crypto_auth_operation op,
-		enum rte_crypto_auth_algorithm algo,
-		const unsigned auth_len, const unsigned auth_offset)
+		unsigned int auth_len, unsigned int auth_offset)
 {
 	struct crypto_testsuite_params *ts_params = &testsuite_params;
 
 	struct crypto_unittest_params *ut_params = &unittest_params;
 
-	unsigned aad_buffer_len;
-
 	/* Generate Crypto op data structure */
 	ut_params->op = rte_crypto_op_alloc(ts_params->op_mpool,
 			RTE_CRYPTO_OP_TYPE_SYMMETRIC);
@@ -2086,32 +2090,9 @@ create_wireless_algo_hash_operation(const uint8_t *auth_tag,
 	/* set crypto operation source mbuf */
 	sym_op->m_src = ut_params->ibuf;
 
-	/* aad */
-	/*
-	* Always allocate the aad up to the block size.
-	* The cryptodev API calls out -
-	*  - the array must be big enough to hold the AAD, plus any
-	*   space to round this up to the nearest multiple of the
-	*   block size (8 bytes for KASUMI and 16 bytes for SNOW 3G).
-	*/
-	if (algo == RTE_CRYPTO_AUTH_KASUMI_F9)
-		aad_buffer_len = ALIGN_POW2_ROUNDUP(aad_len, 8);
-	else
-		aad_buffer_len = ALIGN_POW2_ROUNDUP(aad_len, 16);
-	sym_op->auth.aad.data = (uint8_t *)rte_pktmbuf_prepend(
-			ut_params->ibuf, aad_buffer_len);
-	TEST_ASSERT_NOT_NULL(sym_op->auth.aad.data,
-					"no room to prepend aad");
-	sym_op->auth.aad.phys_addr = rte_pktmbuf_mtophys(
-			ut_params->ibuf);
-	sym_op->auth.aad.length = aad_len;
-
-	memset(sym_op->auth.aad.data, 0, aad_buffer_len);
-	rte_memcpy(sym_op->auth.aad.data, aad, aad_len);
-
-	TEST_HEXDUMP(stdout, "aad:",
-			sym_op->auth.aad.data, aad_len);
-
+	/* iv */
+	rte_memcpy(rte_crypto_op_ctod_offset(ut_params->op, uint8_t *, IV_OFFSET),
+			iv, iv_len);
 	/* digest */
 	sym_op->auth.digest.data = (uint8_t *)rte_pktmbuf_append(
 					ut_params->ibuf, auth_tag_len);
@@ -2120,7 +2101,7 @@ create_wireless_algo_hash_operation(const uint8_t *auth_tag,
 				"no room to append auth tag");
 	ut_params->digest = sym_op->auth.digest.data;
 	sym_op->auth.digest.phys_addr = rte_pktmbuf_mtophys_offset(
-			ut_params->ibuf, data_pad_len + aad_len);
+			ut_params->ibuf, data_pad_len);
 	sym_op->auth.digest.length = auth_tag_len;
 	if (op == RTE_CRYPTO_AUTH_OP_GENERATE)
 		memset(sym_op->auth.digest.data, 0, auth_tag_len);
@@ -2139,27 +2120,22 @@ create_wireless_algo_hash_operation(const uint8_t *auth_tag,
 
 static int
 create_wireless_cipher_hash_operation(const struct wireless_test_data *tdata,
-	enum rte_crypto_auth_operation op,
-	enum rte_crypto_auth_algorithm auth_algo)
+	enum rte_crypto_auth_operation op)
 {
 	struct crypto_testsuite_params *ts_params = &testsuite_params;
 	struct crypto_unittest_params *ut_params = &unittest_params;
 
 	const uint8_t *auth_tag = tdata->digest.data;
 	const unsigned int auth_tag_len = tdata->digest.len;
-	const uint8_t *aad = tdata->aad.data;
-	const uint8_t aad_len = tdata->aad.len;
 	unsigned int plaintext_len = ceil_byte_length(tdata->plaintext.len);
 	unsigned int data_pad_len = RTE_ALIGN_CEIL(plaintext_len, 16);
 
-	const uint8_t *iv = tdata->iv.data;
-	const uint8_t iv_len = tdata->iv.len;
+	const uint8_t *cipher_iv = tdata->cipher_iv.data;
+	const uint8_t cipher_iv_len = tdata->cipher_iv.len;
+	const uint8_t *auth_iv = tdata->auth_iv.data;
+	const uint8_t auth_iv_len = tdata->auth_iv.len;
 	const unsigned int cipher_len = tdata->validCipherLenInBits.len;
-	const unsigned int cipher_offset = 0;
 	const unsigned int auth_len = tdata->validAuthLenInBits.len;
-	const unsigned int auth_offset = tdata->aad.len << 3;
-
-	unsigned int aad_buffer_len;
 
 	/* Generate Crypto op data structure */
 	ut_params->op = rte_crypto_op_alloc(ts_params->op_mpool,
@@ -2193,37 +2169,17 @@ create_wireless_cipher_hash_operation(const struct wireless_test_data *tdata,
 		sym_op->auth.digest.data,
 		sym_op->auth.digest.length);
 
-	/* aad */
-	/*
-	* Always allocate the aad up to the block size.
-	* The cryptodev API calls out -
-	*  - the array must be big enough to hold the AAD, plus any
-	*   space to round this up to the nearest multiple of the
-	*   block size (8 bytes for KASUMI and 16 bytes for SNOW 3G).
-	*/
-	if (auth_algo == RTE_CRYPTO_AUTH_KASUMI_F9)
-		aad_buffer_len = ALIGN_POW2_ROUNDUP(aad_len, 8);
-	else
-		aad_buffer_len = ALIGN_POW2_ROUNDUP(aad_len, 16);
-	sym_op->auth.aad.data =
-		(uint8_t *)rte_pktmbuf_prepend(
-			ut_params->ibuf, aad_buffer_len);
-	TEST_ASSERT_NOT_NULL(sym_op->auth.aad.data,
-			"no room to prepend aad");
-	sym_op->auth.aad.phys_addr = rte_pktmbuf_mtophys(
-			ut_params->ibuf);
-	sym_op->auth.aad.length = aad_len;
-	memset(sym_op->auth.aad.data, 0, aad_buffer_len);
-	rte_memcpy(sym_op->auth.aad.data, aad, aad_len);
-	TEST_HEXDUMP(stdout, "aad:", sym_op->auth.aad.data, aad_len);
+	/* Copy cipher and auth IVs at the end of the crypto operation */
+	uint8_t *iv_ptr = rte_crypto_op_ctod_offset(ut_params->op, uint8_t *,
+						IV_OFFSET);
+	rte_memcpy(iv_ptr, cipher_iv, cipher_iv_len);
+	iv_ptr += cipher_iv_len;
+	rte_memcpy(iv_ptr, auth_iv, auth_iv_len);
 
-	/* iv */
-	rte_memcpy(rte_crypto_op_ctod_offset(ut_params->op, uint8_t *, IV_OFFSET),
-			iv, iv_len);
 	sym_op->cipher.data.length = cipher_len;
-	sym_op->cipher.data.offset = cipher_offset + auth_offset;
+	sym_op->cipher.data.offset = 0;
 	sym_op->auth.data.length = auth_len;
-	sym_op->auth.data.offset = auth_offset + cipher_offset;
+	sym_op->auth.data.offset = 0;
 
 	return 0;
 }
@@ -2233,26 +2189,22 @@ create_zuc_cipher_hash_generate_operation(
 		const struct wireless_test_data *tdata)
 {
 	return create_wireless_cipher_hash_operation(tdata,
-		RTE_CRYPTO_AUTH_OP_GENERATE,
-		RTE_CRYPTO_AUTH_ZUC_EIA3);
+		RTE_CRYPTO_AUTH_OP_GENERATE);
 }
 
 static int
 create_wireless_algo_cipher_hash_operation(const uint8_t *auth_tag,
 		const unsigned auth_tag_len,
-		const uint8_t *aad, const uint8_t aad_len,
+		const uint8_t *auth_iv, uint8_t auth_iv_len,
 		unsigned data_pad_len,
 		enum rte_crypto_auth_operation op,
-		enum rte_crypto_auth_algorithm auth_algo,
-		const uint8_t *iv, const uint8_t iv_len,
+		const uint8_t *cipher_iv, uint8_t cipher_iv_len,
 		const unsigned cipher_len, const unsigned cipher_offset,
 		const unsigned auth_len, const unsigned auth_offset)
 {
 	struct crypto_testsuite_params *ts_params = &testsuite_params;
 	struct crypto_unittest_params *ut_params = &unittest_params;
 
-	unsigned aad_buffer_len;
-
 	/* Generate Crypto op data structure */
 	ut_params->op = rte_crypto_op_alloc(ts_params->op_mpool,
 			RTE_CRYPTO_OP_TYPE_SYMMETRIC);
@@ -2285,33 +2237,13 @@ create_wireless_algo_cipher_hash_operation(const uint8_t *auth_tag,
 		sym_op->auth.digest.data,
 		sym_op->auth.digest.length);
 
-	/* aad */
-	/*
-	* Always allocate the aad up to the block size.
-	* The cryptodev API calls out -
-	*  - the array must be big enough to hold the AAD, plus any
-	*   space to round this up to the nearest multiple of the
-	*   block size (8 bytes for KASUMI and 16 bytes for SNOW 3G).
-	*/
-	if (auth_algo == RTE_CRYPTO_AUTH_KASUMI_F9)
-		aad_buffer_len = ALIGN_POW2_ROUNDUP(aad_len, 8);
-	else
-		aad_buffer_len = ALIGN_POW2_ROUNDUP(aad_len, 16);
-	sym_op->auth.aad.data =
-		(uint8_t *)rte_pktmbuf_prepend(
-			ut_params->ibuf, aad_buffer_len);
-	TEST_ASSERT_NOT_NULL(sym_op->auth.aad.data,
-			"no room to prepend aad");
-	sym_op->auth.aad.phys_addr = rte_pktmbuf_mtophys(
-			ut_params->ibuf);
-	sym_op->auth.aad.length = aad_len;
-	memset(sym_op->auth.aad.data, 0, aad_buffer_len);
-	rte_memcpy(sym_op->auth.aad.data, aad, aad_len);
-	TEST_HEXDUMP(stdout, "aad:", sym_op->auth.aad.data, aad_len);
+	/* Copy cipher and auth IVs at the end of the crypto operation */
+	uint8_t *iv_ptr = rte_crypto_op_ctod_offset(ut_params->op, uint8_t *,
+						IV_OFFSET);
+	rte_memcpy(iv_ptr, cipher_iv, cipher_iv_len);
+	iv_ptr += cipher_iv_len;
+	rte_memcpy(iv_ptr, auth_iv, auth_iv_len);
 
-	/* iv */
-	rte_memcpy(rte_crypto_op_ctod_offset(ut_params->op, uint8_t *, IV_OFFSET),
-			iv, iv_len);
 	sym_op->cipher.data.length = cipher_len;
 	sym_op->cipher.data.offset = cipher_offset + auth_offset;
 	sym_op->auth.data.length = auth_len;
@@ -2321,19 +2253,16 @@ create_wireless_algo_cipher_hash_operation(const uint8_t *auth_tag,
 }
 
 static int
-create_wireless_algo_auth_cipher_operation(const unsigned auth_tag_len,
-		const uint8_t *iv, const uint8_t iv_len,
-		const uint8_t *aad, const uint8_t aad_len,
-		unsigned data_pad_len,
-		const unsigned cipher_len, const unsigned cipher_offset,
-		const unsigned auth_len, const unsigned auth_offset,
-		enum rte_crypto_auth_algorithm auth_algo)
+create_wireless_algo_auth_cipher_operation(unsigned int auth_tag_len,
+		const uint8_t *cipher_iv, uint8_t cipher_iv_len,
+		const uint8_t *auth_iv, uint8_t auth_iv_len,
+		unsigned int data_pad_len,
+		unsigned int cipher_len, unsigned int cipher_offset,
+		unsigned int auth_len, unsigned int auth_offset)
 {
 	struct crypto_testsuite_params *ts_params = &testsuite_params;
 	struct crypto_unittest_params *ut_params = &unittest_params;
 
-	unsigned aad_buffer_len = 0;
-
 	/* Generate Crypto op data structure */
 	ut_params->op = rte_crypto_op_alloc(ts_params->op_mpool,
 			RTE_CRYPTO_OP_TYPE_SYMMETRIC);
@@ -2365,33 +2294,13 @@ create_wireless_algo_auth_cipher_operation(const unsigned auth_tag_len,
 			sym_op->auth.digest.data,
 			sym_op->auth.digest.length);
 
-	/* aad */
-	/*
-	* Always allocate the aad up to the block size.
-	* The cryptodev API calls out -
-	*  - the array must be big enough to hold the AAD, plus any
-	*   space to round this up to the nearest multiple of the
-	*   block size (8 bytes for KASUMI 16 bytes).
-	*/
-	if (auth_algo == RTE_CRYPTO_AUTH_KASUMI_F9)
-		aad_buffer_len = ALIGN_POW2_ROUNDUP(aad_len, 8);
-	else
-		aad_buffer_len = ALIGN_POW2_ROUNDUP(aad_len, 16);
-	sym_op->auth.aad.data = (uint8_t *)rte_pktmbuf_prepend(
-	ut_params->ibuf, aad_buffer_len);
-	TEST_ASSERT_NOT_NULL(sym_op->auth.aad.data,
-				"no room to prepend aad");
-	sym_op->auth.aad.phys_addr = rte_pktmbuf_mtophys(
-				ut_params->ibuf);
-	sym_op->auth.aad.length = aad_len;
-	memset(sym_op->auth.aad.data, 0, aad_buffer_len);
-	rte_memcpy(sym_op->auth.aad.data, aad, aad_len);
-	TEST_HEXDUMP(stdout, "aad:",
-			sym_op->auth.aad.data, aad_len);
+	/* Copy cipher and auth IVs at the end of the crypto operation */
+	uint8_t *iv_ptr = rte_crypto_op_ctod_offset(ut_params->op, uint8_t *,
+						IV_OFFSET);
+	rte_memcpy(iv_ptr, cipher_iv, cipher_iv_len);
+	iv_ptr += cipher_iv_len;
+	rte_memcpy(iv_ptr, auth_iv, auth_iv_len);
 
-	/* iv */
-	rte_memcpy(rte_crypto_op_ctod_offset(ut_params->op, uint8_t *, IV_OFFSET),
-			iv, iv_len);
 	sym_op->cipher.data.length = cipher_len;
 	sym_op->cipher.data.offset = auth_offset + cipher_offset;
 
@@ -2415,7 +2324,7 @@ test_snow3g_authentication(const struct snow3g_hash_test_data *tdata)
 	/* Create SNOW 3G session */
 	retval = create_wireless_algo_hash_session(ts_params->valid_devs[0],
 			tdata->key.data, tdata->key.len,
-			tdata->aad.len, tdata->digest.len,
+			tdata->auth_iv.len, tdata->digest.len,
 			RTE_CRYPTO_AUTH_OP_GENERATE,
 			RTE_CRYPTO_AUTH_SNOW3G_UIA2);
 	if (retval < 0)
@@ -2437,11 +2346,10 @@ test_snow3g_authentication(const struct snow3g_hash_test_data *tdata)
 
 	/* Create SNOW 3G operation */
 	retval = create_wireless_algo_hash_operation(NULL, tdata->digest.len,
-			tdata->aad.data, tdata->aad.len,
+			tdata->auth_iv.data, tdata->auth_iv.len,
 			plaintext_pad_len, RTE_CRYPTO_AUTH_OP_GENERATE,
-			RTE_CRYPTO_AUTH_SNOW3G_UIA2,
 			tdata->validAuthLenInBits.len,
-			(tdata->aad.len << 3));
+			0);
 	if (retval < 0)
 		return retval;
 
@@ -2450,7 +2358,7 @@ test_snow3g_authentication(const struct snow3g_hash_test_data *tdata)
 	ut_params->obuf = ut_params->op->sym->m_src;
 	TEST_ASSERT_NOT_NULL(ut_params->op, "failed to retrieve obuf");
 	ut_params->digest = rte_pktmbuf_mtod(ut_params->obuf, uint8_t *)
-			+ plaintext_pad_len + tdata->aad.len;
+			+ plaintext_pad_len;
 
 	/* Validate obuf */
 	TEST_ASSERT_BUFFERS_ARE_EQUAL(
@@ -2476,7 +2384,7 @@ test_snow3g_authentication_verify(const struct snow3g_hash_test_data *tdata)
 	/* Create SNOW 3G session */
 	retval = create_wireless_algo_hash_session(ts_params->valid_devs[0],
 				tdata->key.data, tdata->key.len,
-				tdata->aad.len, tdata->digest.len,
+				tdata->auth_iv.len, tdata->digest.len,
 				RTE_CRYPTO_AUTH_OP_VERIFY,
 				RTE_CRYPTO_AUTH_SNOW3G_UIA2);
 	if (retval < 0)
@@ -2498,12 +2406,11 @@ test_snow3g_authentication_verify(const struct snow3g_hash_test_data *tdata)
 	/* Create SNOW 3G operation */
 	retval = create_wireless_algo_hash_operation(tdata->digest.data,
 			tdata->digest.len,
-			tdata->aad.data, tdata->aad.len,
+			tdata->auth_iv.data, tdata->auth_iv.len,
 			plaintext_pad_len,
 			RTE_CRYPTO_AUTH_OP_VERIFY,
-			RTE_CRYPTO_AUTH_SNOW3G_UIA2,
 			tdata->validAuthLenInBits.len,
-			(tdata->aad.len << 3));
+			0);
 	if (retval < 0)
 		return retval;
 
@@ -2512,7 +2419,7 @@ test_snow3g_authentication_verify(const struct snow3g_hash_test_data *tdata)
 	TEST_ASSERT_NOT_NULL(ut_params->op, "failed to retrieve obuf");
 	ut_params->obuf = ut_params->op->sym->m_src;
 	ut_params->digest = rte_pktmbuf_mtod(ut_params->obuf, uint8_t *)
-				+ plaintext_pad_len + tdata->aad.len;
+				+ plaintext_pad_len;
 
 	/* Validate obuf */
 	if (ut_params->op->status == RTE_CRYPTO_OP_STATUS_SUCCESS)
@@ -2537,7 +2444,7 @@ test_kasumi_authentication(const struct kasumi_hash_test_data *tdata)
 	/* Create KASUMI session */
 	retval = create_wireless_algo_hash_session(ts_params->valid_devs[0],
 			tdata->key.data, tdata->key.len,
-			tdata->aad.len, tdata->digest.len,
+			tdata->auth_iv.len, tdata->digest.len,
 			RTE_CRYPTO_AUTH_OP_GENERATE,
 			RTE_CRYPTO_AUTH_KASUMI_F9);
 	if (retval < 0)
@@ -2559,11 +2466,10 @@ test_kasumi_authentication(const struct kasumi_hash_test_data *tdata)
 
 	/* Create KASUMI operation */
 	retval = create_wireless_algo_hash_operation(NULL, tdata->digest.len,
-			tdata->aad.data, tdata->aad.len,
+			tdata->auth_iv.data, tdata->auth_iv.len,
 			plaintext_pad_len, RTE_CRYPTO_AUTH_OP_GENERATE,
-			RTE_CRYPTO_AUTH_KASUMI_F9,
 			tdata->validAuthLenInBits.len,
-			(tdata->aad.len << 3));
+			0);
 	if (retval < 0)
 		return retval;
 
@@ -2572,7 +2478,7 @@ test_kasumi_authentication(const struct kasumi_hash_test_data *tdata)
 	ut_params->obuf = ut_params->op->sym->m_src;
 	TEST_ASSERT_NOT_NULL(ut_params->op, "failed to retrieve obuf");
 	ut_params->digest = rte_pktmbuf_mtod(ut_params->obuf, uint8_t *)
-			+ plaintext_pad_len + ALIGN_POW2_ROUNDUP(tdata->aad.len, 8);
+			+ plaintext_pad_len;
 
 	/* Validate obuf */
 	TEST_ASSERT_BUFFERS_ARE_EQUAL(
@@ -2598,7 +2504,7 @@ test_kasumi_authentication_verify(const struct kasumi_hash_test_data *tdata)
 	/* Create KASUMI session */
 	retval = create_wireless_algo_hash_session(ts_params->valid_devs[0],
 				tdata->key.data, tdata->key.len,
-				tdata->aad.len, tdata->digest.len,
+				tdata->auth_iv.len, tdata->digest.len,
 				RTE_CRYPTO_AUTH_OP_VERIFY,
 				RTE_CRYPTO_AUTH_KASUMI_F9);
 	if (retval < 0)
@@ -2620,12 +2526,11 @@ test_kasumi_authentication_verify(const struct kasumi_hash_test_data *tdata)
 	/* Create KASUMI operation */
 	retval = create_wireless_algo_hash_operation(tdata->digest.data,
 			tdata->digest.len,
-			tdata->aad.data, tdata->aad.len,
+			tdata->auth_iv.data, tdata->auth_iv.len,
 			plaintext_pad_len,
 			RTE_CRYPTO_AUTH_OP_VERIFY,
-			RTE_CRYPTO_AUTH_KASUMI_F9,
 			tdata->validAuthLenInBits.len,
-			(tdata->aad.len << 3));
+			0);
 	if (retval < 0)
 		return retval;
 
@@ -2634,7 +2539,7 @@ test_kasumi_authentication_verify(const struct kasumi_hash_test_data *tdata)
 	TEST_ASSERT_NOT_NULL(ut_params->op, "failed to retrieve obuf");
 	ut_params->obuf = ut_params->op->sym->m_src;
 	ut_params->digest = rte_pktmbuf_mtod(ut_params->obuf, uint8_t *)
-				+ plaintext_pad_len + tdata->aad.len;
+				+ plaintext_pad_len;
 
 	/* Validate obuf */
 	if (ut_params->op->status == RTE_CRYPTO_OP_STATUS_SUCCESS)
@@ -2800,7 +2705,7 @@ test_kasumi_encryption(const struct kasumi_test_data *tdata)
 					RTE_CRYPTO_CIPHER_OP_ENCRYPT,
 					RTE_CRYPTO_CIPHER_KASUMI_F8,
 					tdata->key.data, tdata->key.len,
-					tdata->iv.len);
+					tdata->cipher_iv.len);
 	if (retval < 0)
 		return retval;
 
@@ -2821,7 +2726,8 @@ test_kasumi_encryption(const struct kasumi_test_data *tdata)
 	TEST_HEXDUMP(stdout, "plaintext:", plaintext, plaintext_len);
 
 	/* Create KASUMI operation */
-	retval = create_wireless_algo_cipher_operation(tdata->iv.data, tdata->iv.len,
+	retval = create_wireless_algo_cipher_operation(tdata->cipher_iv.data,
+					tdata->cipher_iv.len,
 					tdata->plaintext.len,
 					0);
 	if (retval < 0)
@@ -2876,7 +2782,7 @@ test_kasumi_encryption_sgl(const struct kasumi_test_data *tdata)
 					RTE_CRYPTO_CIPHER_OP_ENCRYPT,
 					RTE_CRYPTO_CIPHER_KASUMI_F8,
 					tdata->key.data, tdata->key.len,
-					tdata->iv.len);
+					tdata->cipher_iv.len);
 	if (retval < 0)
 		return retval;
 
@@ -2893,8 +2799,8 @@ test_kasumi_encryption_sgl(const struct kasumi_test_data *tdata)
 	pktmbuf_write(ut_params->ibuf, 0, plaintext_len, tdata->plaintext.data);
 
 	/* Create KASUMI operation */
-	retval = create_wireless_algo_cipher_operation(tdata->iv.data,
-					tdata->iv.len,
+	retval = create_wireless_algo_cipher_operation(tdata->cipher_iv.data,
+					tdata->cipher_iv.len,
 					tdata->plaintext.len,
 					0);
 	if (retval < 0)
@@ -2941,7 +2847,7 @@ test_kasumi_encryption_oop(const struct kasumi_test_data *tdata)
 					RTE_CRYPTO_CIPHER_OP_ENCRYPT,
 					RTE_CRYPTO_CIPHER_KASUMI_F8,
 					tdata->key.data, tdata->key.len,
-					tdata->iv.len);
+					tdata->cipher_iv.len);
 	if (retval < 0)
 		return retval;
 
@@ -2964,8 +2870,8 @@ test_kasumi_encryption_oop(const struct kasumi_test_data *tdata)
 	TEST_HEXDUMP(stdout, "plaintext:", plaintext, plaintext_len);
 
 	/* Create KASUMI operation */
-	retval = create_wireless_algo_cipher_operation_oop(tdata->iv.data,
-					tdata->iv.len,
+	retval = create_wireless_algo_cipher_operation_oop(tdata->cipher_iv.data,
+					tdata->cipher_iv.len,
 					tdata->plaintext.len,
 					0);
 	if (retval < 0)
@@ -3019,7 +2925,7 @@ test_kasumi_encryption_oop_sgl(const struct kasumi_test_data *tdata)
 					RTE_CRYPTO_CIPHER_OP_ENCRYPT,
 					RTE_CRYPTO_CIPHER_KASUMI_F8,
 					tdata->key.data, tdata->key.len,
-					tdata->iv.len);
+					tdata->cipher_iv.len);
 	if (retval < 0)
 		return retval;
 
@@ -3038,8 +2944,8 @@ test_kasumi_encryption_oop_sgl(const struct kasumi_test_data *tdata)
 	pktmbuf_write(ut_params->ibuf, 0, plaintext_len, tdata->plaintext.data);
 
 	/* Create KASUMI operation */
-	retval = create_wireless_algo_cipher_operation_oop(tdata->iv.data,
-					tdata->iv.len,
+	retval = create_wireless_algo_cipher_operation_oop(tdata->cipher_iv.data,
+					tdata->cipher_iv.len,
 					tdata->plaintext.len,
 					0);
 	if (retval < 0)
@@ -3083,7 +2989,7 @@ test_kasumi_decryption_oop(const struct kasumi_test_data *tdata)
 					RTE_CRYPTO_CIPHER_OP_DECRYPT,
 					RTE_CRYPTO_CIPHER_KASUMI_F8,
 					tdata->key.data, tdata->key.len,
-					tdata->iv.len);
+					tdata->cipher_iv.len);
 	if (retval < 0)
 		return retval;
 
@@ -3106,8 +3012,8 @@ test_kasumi_decryption_oop(const struct kasumi_test_data *tdata)
 	TEST_HEXDUMP(stdout, "ciphertext:", ciphertext, ciphertext_len);
 
 	/* Create KASUMI operation */
-	retval = create_wireless_algo_cipher_operation_oop(tdata->iv.data,
-					tdata->iv.len,
+	retval = create_wireless_algo_cipher_operation_oop(tdata->cipher_iv.data,
+					tdata->cipher_iv.len,
 					tdata->ciphertext.len,
 					0);
 	if (retval < 0)
@@ -3150,7 +3056,7 @@ test_kasumi_decryption(const struct kasumi_test_data *tdata)
 					RTE_CRYPTO_CIPHER_OP_DECRYPT,
 					RTE_CRYPTO_CIPHER_KASUMI_F8,
 					tdata->key.data, tdata->key.len,
-					tdata->iv.len);
+					tdata->cipher_iv.len);
 	if (retval < 0)
 		return retval;
 
@@ -3171,8 +3077,8 @@ test_kasumi_decryption(const struct kasumi_test_data *tdata)
 	TEST_HEXDUMP(stdout, "ciphertext:", ciphertext, ciphertext_len);
 
 	/* Create KASUMI operation */
-	retval = create_wireless_algo_cipher_operation(tdata->iv.data,
-					tdata->iv.len,
+	retval = create_wireless_algo_cipher_operation(tdata->cipher_iv.data,
+					tdata->cipher_iv.len,
 					tdata->ciphertext.len,
 					0);
 	if (retval < 0)
@@ -3215,7 +3121,7 @@ test_snow3g_encryption(const struct snow3g_test_data *tdata)
 					RTE_CRYPTO_CIPHER_OP_ENCRYPT,
 					RTE_CRYPTO_CIPHER_SNOW3G_UEA2,
 					tdata->key.data, tdata->key.len,
-					tdata->iv.len);
+					tdata->cipher_iv.len);
 	if (retval < 0)
 		return retval;
 
@@ -3236,7 +3142,8 @@ test_snow3g_encryption(const struct snow3g_test_data *tdata)
 	TEST_HEXDUMP(stdout, "plaintext:", plaintext, plaintext_len);
 
 	/* Create SNOW 3G operation */
-	retval = create_wireless_algo_cipher_operation(tdata->iv.data, tdata->iv.len,
+	retval = create_wireless_algo_cipher_operation(tdata->cipher_iv.data,
+					tdata->cipher_iv.len,
 					tdata->validCipherLenInBits.len,
 					0);
 	if (retval < 0)
@@ -3280,7 +3187,7 @@ test_snow3g_encryption_oop(const struct snow3g_test_data *tdata)
 					RTE_CRYPTO_CIPHER_OP_ENCRYPT,
 					RTE_CRYPTO_CIPHER_SNOW3G_UEA2,
 					tdata->key.data, tdata->key.len,
-					tdata->iv.len);
+					tdata->cipher_iv.len);
 	if (retval < 0)
 		return retval;
 
@@ -3308,8 +3215,8 @@ test_snow3g_encryption_oop(const struct snow3g_test_data *tdata)
 	TEST_HEXDUMP(stdout, "plaintext:", plaintext, plaintext_len);
 
 	/* Create SNOW 3G operation */
-	retval = create_wireless_algo_cipher_operation_oop(tdata->iv.data,
-					tdata->iv.len,
+	retval = create_wireless_algo_cipher_operation_oop(tdata->cipher_iv.data,
+					tdata->cipher_iv.len,
 					tdata->validCipherLenInBits.len,
 					0);
 	if (retval < 0)
@@ -3362,7 +3269,7 @@ test_snow3g_encryption_oop_sgl(const struct snow3g_test_data *tdata)
 					RTE_CRYPTO_CIPHER_OP_ENCRYPT,
 					RTE_CRYPTO_CIPHER_SNOW3G_UEA2,
 					tdata->key.data, tdata->key.len,
-					tdata->iv.len);
+					tdata->cipher_iv.len);
 	if (retval < 0)
 		return retval;
 
@@ -3384,8 +3291,8 @@ test_snow3g_encryption_oop_sgl(const struct snow3g_test_data *tdata)
 	pktmbuf_write(ut_params->ibuf, 0, plaintext_len, tdata->plaintext.data);
 
 	/* Create SNOW 3G operation */
-	retval = create_wireless_algo_cipher_operation_oop(tdata->iv.data,
-					tdata->iv.len,
+	retval = create_wireless_algo_cipher_operation_oop(tdata->cipher_iv.data,
+					tdata->cipher_iv.len,
 					tdata->validCipherLenInBits.len,
 					0);
 	if (retval < 0)
@@ -3452,7 +3359,7 @@ test_snow3g_encryption_offset_oop(const struct snow3g_test_data *tdata)
 					RTE_CRYPTO_CIPHER_OP_ENCRYPT,
 					RTE_CRYPTO_CIPHER_SNOW3G_UEA2,
 					tdata->key.data, tdata->key.len,
-					tdata->iv.len);
+					tdata->cipher_iv.len);
 	if (retval < 0)
 		return retval;
 
@@ -3487,8 +3394,8 @@ test_snow3g_encryption_offset_oop(const struct snow3g_test_data *tdata)
 	rte_hexdump(stdout, "plaintext:", plaintext, tdata->plaintext.len);
 #endif
 	/* Create SNOW 3G operation */
-	retval = create_wireless_algo_cipher_operation_oop(tdata->iv.data,
-					tdata->iv.len,
+	retval = create_wireless_algo_cipher_operation_oop(tdata->cipher_iv.data,
+					tdata->cipher_iv.len,
 					tdata->validCipherLenInBits.len,
 					extra_offset);
 	if (retval < 0)
@@ -3543,7 +3450,7 @@ static int test_snow3g_decryption(const struct snow3g_test_data *tdata)
 					RTE_CRYPTO_CIPHER_OP_DECRYPT,
 					RTE_CRYPTO_CIPHER_SNOW3G_UEA2,
 					tdata->key.data, tdata->key.len,
-					tdata->iv.len);
+					tdata->cipher_iv.len);
 	if (retval < 0)
 		return retval;
 
@@ -3564,7 +3471,8 @@ static int test_snow3g_decryption(const struct snow3g_test_data *tdata)
 	TEST_HEXDUMP(stdout, "ciphertext:", ciphertext, ciphertext_len);
 
 	/* Create SNOW 3G operation */
-	retval = create_wireless_algo_cipher_operation(tdata->iv.data, tdata->iv.len,
+	retval = create_wireless_algo_cipher_operation(tdata->cipher_iv.data,
+					tdata->cipher_iv.len,
 					tdata->validCipherLenInBits.len,
 					0);
 	if (retval < 0)
@@ -3605,7 +3513,7 @@ static int test_snow3g_decryption_oop(const struct snow3g_test_data *tdata)
 					RTE_CRYPTO_CIPHER_OP_DECRYPT,
 					RTE_CRYPTO_CIPHER_SNOW3G_UEA2,
 					tdata->key.data, tdata->key.len,
-					tdata->iv.len);
+					tdata->cipher_iv.len);
 	if (retval < 0)
 		return retval;
 
@@ -3636,8 +3544,8 @@ static int test_snow3g_decryption_oop(const struct snow3g_test_data *tdata)
 	TEST_HEXDUMP(stdout, "ciphertext:", ciphertext, ciphertext_len);
 
 	/* Create SNOW 3G operation */
-	retval = create_wireless_algo_cipher_operation_oop(tdata->iv.data,
-					tdata->iv.len,
+	retval = create_wireless_algo_cipher_operation_oop(tdata->cipher_iv.data,
+					tdata->cipher_iv.len,
 					tdata->validCipherLenInBits.len,
 					0);
 	if (retval < 0)
@@ -3724,8 +3632,7 @@ test_zuc_cipher_auth(const struct wireless_test_data *tdata)
 	TEST_ASSERT_NOT_NULL(ut_params->op, "failed to retrieve obuf");
 	ut_params->obuf = ut_params->op->sym->m_src;
 	if (ut_params->obuf)
-		ciphertext = rte_pktmbuf_mtod(ut_params->obuf, uint8_t *)
-				+ tdata->aad.len;
+		ciphertext = rte_pktmbuf_mtod(ut_params->obuf, uint8_t *);
 	else
 		ciphertext = plaintext;
 
@@ -3738,7 +3645,7 @@ test_zuc_cipher_auth(const struct wireless_test_data *tdata)
 			"ZUC Ciphertext data not as expected");
 
 	ut_params->digest = rte_pktmbuf_mtod(ut_params->obuf, uint8_t *)
-	    + plaintext_pad_len + tdata->aad.len;
+	    + plaintext_pad_len;
 
 	/* Validate obuf */
 	TEST_ASSERT_BUFFERS_ARE_EQUAL(
@@ -3768,8 +3675,8 @@ test_snow3g_cipher_auth(const struct snow3g_test_data *tdata)
 			RTE_CRYPTO_AUTH_SNOW3G_UIA2,
 			RTE_CRYPTO_CIPHER_SNOW3G_UEA2,
 			tdata->key.data, tdata->key.len,
-			tdata->aad.len, tdata->digest.len,
-			tdata->iv.len);
+			tdata->auth_iv.len, tdata->digest.len,
+			tdata->cipher_iv.len);
 	if (retval < 0)
 		return retval;
 	ut_params->ibuf = rte_pktmbuf_alloc(ts_params->mbuf_pool);
@@ -3790,15 +3697,14 @@ test_snow3g_cipher_auth(const struct snow3g_test_data *tdata)
 
 	/* Create SNOW 3G operation */
 	retval = create_wireless_algo_cipher_hash_operation(tdata->digest.data,
-			tdata->digest.len, tdata->aad.data,
-			tdata->aad.len, /*tdata->plaintext.len,*/
+			tdata->digest.len, tdata->auth_iv.data,
+			tdata->auth_iv.len,
 			plaintext_pad_len, RTE_CRYPTO_AUTH_OP_GENERATE,
-			RTE_CRYPTO_AUTH_SNOW3G_UIA2,
-			tdata->iv.data, tdata->iv.len,
+			tdata->cipher_iv.data, tdata->cipher_iv.len,
 			tdata->validCipherLenInBits.len,
 			0,
 			tdata->validAuthLenInBits.len,
-			(tdata->aad.len << 3)
+			0
 			);
 	if (retval < 0)
 		return retval;
@@ -3808,8 +3714,7 @@ test_snow3g_cipher_auth(const struct snow3g_test_data *tdata)
 	TEST_ASSERT_NOT_NULL(ut_params->op, "failed to retrieve obuf");
 	ut_params->obuf = ut_params->op->sym->m_src;
 	if (ut_params->obuf)
-		ciphertext = rte_pktmbuf_mtod(ut_params->obuf, uint8_t *)
-					+ tdata->aad.len;
+		ciphertext = rte_pktmbuf_mtod(ut_params->obuf, uint8_t *);
 	else
 		ciphertext = plaintext;
 
@@ -3822,7 +3727,7 @@ test_snow3g_cipher_auth(const struct snow3g_test_data *tdata)
 			"SNOW 3G Ciphertext data not as expected");
 
 	ut_params->digest = rte_pktmbuf_mtod(ut_params->obuf, uint8_t *)
-	    + plaintext_pad_len + tdata->aad.len;
+	    + plaintext_pad_len;
 
 	/* Validate obuf */
 	TEST_ASSERT_BUFFERS_ARE_EQUAL(
@@ -3851,8 +3756,8 @@ test_snow3g_auth_cipher(const struct snow3g_test_data *tdata)
 			RTE_CRYPTO_AUTH_SNOW3G_UIA2,
 			RTE_CRYPTO_CIPHER_SNOW3G_UEA2,
 			tdata->key.data, tdata->key.len,
-			tdata->aad.len, tdata->digest.len,
-			tdata->iv.len);
+			tdata->auth_iv.len, tdata->digest.len,
+			tdata->cipher_iv.len);
 	if (retval < 0)
 		return retval;
 
@@ -3875,15 +3780,13 @@ test_snow3g_auth_cipher(const struct snow3g_test_data *tdata)
 	/* Create SNOW 3G operation */
 	retval = create_wireless_algo_auth_cipher_operation(
 		tdata->digest.len,
-		tdata->iv.data, tdata->iv.len,
-		tdata->aad.data, tdata->aad.len,
+		tdata->cipher_iv.data, tdata->cipher_iv.len,
+		tdata->auth_iv.data, tdata->auth_iv.len,
 		plaintext_pad_len,
 		tdata->validCipherLenInBits.len,
 		0,
 		tdata->validAuthLenInBits.len,
-		(tdata->aad.len << 3),
-		RTE_CRYPTO_AUTH_SNOW3G_UIA2
-	);
+		0);
 
 	if (retval < 0)
 		return retval;
@@ -3893,13 +3796,12 @@ test_snow3g_auth_cipher(const struct snow3g_test_data *tdata)
 	TEST_ASSERT_NOT_NULL(ut_params->op, "failed to retrieve obuf");
 	ut_params->obuf = ut_params->op->sym->m_src;
 	if (ut_params->obuf)
-		ciphertext = rte_pktmbuf_mtod(ut_params->obuf, uint8_t *)
-				+ tdata->aad.len;
+		ciphertext = rte_pktmbuf_mtod(ut_params->obuf, uint8_t *);
 	else
 		ciphertext = plaintext;
 
 	ut_params->digest = rte_pktmbuf_mtod(ut_params->obuf, uint8_t *)
-			+ plaintext_pad_len + tdata->aad.len;
+			+ plaintext_pad_len;
 	TEST_HEXDUMP(stdout, "ciphertext:", ciphertext, plaintext_len);
 
 	/* Validate obuf */
@@ -3938,8 +3840,8 @@ test_kasumi_auth_cipher(const struct kasumi_test_data *tdata)
 			RTE_CRYPTO_AUTH_KASUMI_F9,
 			RTE_CRYPTO_CIPHER_KASUMI_F8,
 			tdata->key.data, tdata->key.len,
-			tdata->aad.len, tdata->digest.len,
-			tdata->iv.len);
+			tdata->auth_iv.len, tdata->digest.len,
+			tdata->cipher_iv.len);
 	if (retval < 0)
 		return retval;
 	ut_params->ibuf = rte_pktmbuf_alloc(ts_params->mbuf_pool);
@@ -3960,14 +3862,13 @@ test_kasumi_auth_cipher(const struct kasumi_test_data *tdata)
 
 	/* Create KASUMI operation */
 	retval = create_wireless_algo_auth_cipher_operation(tdata->digest.len,
-				tdata->iv.data, tdata->iv.len,
-				tdata->aad.data, tdata->aad.len,
+				tdata->cipher_iv.data, tdata->cipher_iv.len,
+				tdata->auth_iv.data, tdata->auth_iv.len,
 				plaintext_pad_len,
 				tdata->validCipherLenInBits.len,
 				0,
 				tdata->validAuthLenInBits.len,
-				(tdata->aad.len << 3),
-				RTE_CRYPTO_AUTH_KASUMI_F9
+				0
 				);
 
 	if (retval < 0)
@@ -3978,8 +3879,7 @@ test_kasumi_auth_cipher(const struct kasumi_test_data *tdata)
 	TEST_ASSERT_NOT_NULL(ut_params->op, "failed to retrieve obuf");
 	ut_params->obuf = ut_params->op->sym->m_src;
 	if (ut_params->obuf)
-		ciphertext = rte_pktmbuf_mtod(ut_params->obuf, uint8_t *)
-				+ tdata->aad.len;
+		ciphertext = rte_pktmbuf_mtod(ut_params->obuf, uint8_t *);
 	else
 		ciphertext = plaintext;
 
@@ -3990,7 +3890,7 @@ test_kasumi_auth_cipher(const struct kasumi_test_data *tdata)
 			tdata->validCipherLenInBits.len,
 			"KASUMI Ciphertext data not as expected");
 	ut_params->digest = rte_pktmbuf_mtod(ut_params->obuf, uint8_t *)
-	    + plaintext_pad_len + tdata->aad.len;
+	    + plaintext_pad_len;
 
 	/* Validate obuf */
 	TEST_ASSERT_BUFFERS_ARE_EQUAL(
@@ -4021,8 +3921,8 @@ test_kasumi_cipher_auth(const struct kasumi_test_data *tdata)
 			RTE_CRYPTO_AUTH_KASUMI_F9,
 			RTE_CRYPTO_CIPHER_KASUMI_F8,
 			tdata->key.data, tdata->key.len,
-			tdata->aad.len, tdata->digest.len,
-			tdata->iv.len);
+			tdata->auth_iv.len, tdata->digest.len,
+			tdata->cipher_iv.len);
 	if (retval < 0)
 		return retval;
 
@@ -4044,15 +3944,14 @@ test_kasumi_cipher_auth(const struct kasumi_test_data *tdata)
 
 	/* Create KASUMI operation */
 	retval = create_wireless_algo_cipher_hash_operation(tdata->digest.data,
-				tdata->digest.len, tdata->aad.data,
-				tdata->aad.len,
+				tdata->digest.len, tdata->auth_iv.data,
+				tdata->auth_iv.len,
 				plaintext_pad_len, RTE_CRYPTO_AUTH_OP_GENERATE,
-				RTE_CRYPTO_AUTH_KASUMI_F9,
-				tdata->iv.data, tdata->iv.len,
+				tdata->cipher_iv.data, tdata->cipher_iv.len,
 				tdata->validCipherLenInBits.len,
 				0,
 				tdata->validAuthLenInBits.len,
-				(tdata->aad.len << 3)
+				0
 				);
 	if (retval < 0)
 		return retval;
@@ -4062,13 +3961,12 @@ test_kasumi_cipher_auth(const struct kasumi_test_data *tdata)
 	TEST_ASSERT_NOT_NULL(ut_params->op, "failed to retrieve obuf");
 	ut_params->obuf = ut_params->op->sym->m_src;
 	if (ut_params->obuf)
-		ciphertext = rte_pktmbuf_mtod(ut_params->obuf, uint8_t *)
-				+ tdata->aad.len;
+		ciphertext = rte_pktmbuf_mtod(ut_params->obuf, uint8_t *);
 	else
 		ciphertext = plaintext;
 
 	ut_params->digest = rte_pktmbuf_mtod(ut_params->obuf, uint8_t *)
-			+ plaintext_pad_len + tdata->aad.len;
+			+ plaintext_pad_len;
 
 	/* Validate obuf */
 	TEST_ASSERT_BUFFERS_ARE_EQUAL_BIT(
@@ -4112,7 +4010,7 @@ test_zuc_encryption(const struct wireless_test_data *tdata)
 					RTE_CRYPTO_CIPHER_OP_ENCRYPT,
 					RTE_CRYPTO_CIPHER_ZUC_EEA3,
 					tdata->key.data, tdata->key.len,
-					tdata->iv.len);
+					tdata->cipher_iv.len);
 	if (retval < 0)
 		return retval;
 
@@ -4133,7 +4031,8 @@ test_zuc_encryption(const struct wireless_test_data *tdata)
 	TEST_HEXDUMP(stdout, "plaintext:", plaintext, plaintext_len);
 
 	/* Create ZUC operation */
-	retval = create_wireless_algo_cipher_operation(tdata->iv.data, tdata->iv.len,
+	retval = create_wireless_algo_cipher_operation(tdata->cipher_iv.data,
+					tdata->cipher_iv.len,
 					tdata->plaintext.len,
 					0);
 	if (retval < 0)
@@ -4208,7 +4107,7 @@ test_zuc_encryption_sgl(const struct wireless_test_data *tdata)
 			RTE_CRYPTO_CIPHER_OP_ENCRYPT,
 			RTE_CRYPTO_CIPHER_ZUC_EEA3,
 			tdata->key.data, tdata->key.len,
-			tdata->iv.len);
+			tdata->cipher_iv.len);
 	if (retval < 0)
 		return retval;
 
@@ -4217,8 +4116,8 @@ test_zuc_encryption_sgl(const struct wireless_test_data *tdata)
 	pktmbuf_write(ut_params->ibuf, 0, plaintext_len, tdata->plaintext.data);
 
 	/* Create ZUC operation */
-	retval = create_wireless_algo_cipher_operation(tdata->iv.data,
-			tdata->iv.len, tdata->plaintext.len,
+	retval = create_wireless_algo_cipher_operation(tdata->cipher_iv.data,
+			tdata->cipher_iv.len, tdata->plaintext.len,
 			0);
 	if (retval < 0)
 		return retval;
@@ -4272,7 +4171,7 @@ test_zuc_authentication(const struct wireless_test_data *tdata)
 	/* Create ZUC session */
 	retval = create_wireless_algo_hash_session(ts_params->valid_devs[0],
 			tdata->key.data, tdata->key.len,
-			tdata->aad.len, tdata->digest.len,
+			tdata->auth_iv.len, tdata->digest.len,
 			RTE_CRYPTO_AUTH_OP_GENERATE,
 			RTE_CRYPTO_AUTH_ZUC_EIA3);
 	if (retval < 0)
@@ -4294,11 +4193,10 @@ test_zuc_authentication(const struct wireless_test_data *tdata)
 
 	/* Create ZUC operation */
 	retval = create_wireless_algo_hash_operation(NULL, tdata->digest.len,
-			tdata->aad.data, tdata->aad.len,
+			tdata->auth_iv.data, tdata->auth_iv.len,
 			plaintext_pad_len, RTE_CRYPTO_AUTH_OP_GENERATE,
-			RTE_CRYPTO_AUTH_ZUC_EIA3,
 			tdata->validAuthLenInBits.len,
-			(tdata->aad.len << 3));
+			0);
 	if (retval < 0)
 		return retval;
 
@@ -4307,7 +4205,7 @@ test_zuc_authentication(const struct wireless_test_data *tdata)
 	ut_params->obuf = ut_params->op->sym->m_src;
 	TEST_ASSERT_NOT_NULL(ut_params->op, "failed to retrieve obuf");
 	ut_params->digest = rte_pktmbuf_mtod(ut_params->obuf, uint8_t *)
-			+ plaintext_pad_len + ALIGN_POW2_ROUNDUP(tdata->aad.len, 8);
+			+ plaintext_pad_len;
 
 	/* Validate obuf */
 	TEST_ASSERT_BUFFERS_ARE_EQUAL(
diff --git a/test/test/test_cryptodev_kasumi_hash_test_vectors.h b/test/test/test_cryptodev_kasumi_hash_test_vectors.h
index 63db9c4..3ab1d27 100644
--- a/test/test/test_cryptodev_kasumi_hash_test_vectors.h
+++ b/test/test/test_cryptodev_kasumi_hash_test_vectors.h
@@ -43,7 +43,7 @@ struct kasumi_hash_test_data {
 	struct {
 		uint8_t data[8];
 		unsigned len;
-	} aad;
+	} auth_iv;
 
 	/* Includes message and DIRECTION (1 bit), plus 1 0*,
 	 * with enough 0s, so total length is multiple of 64 bits */
@@ -71,7 +71,7 @@ struct kasumi_hash_test_data kasumi_hash_test_case_1 = {
 		},
 		.len = 16
 	},
-	.aad = {
+	.auth_iv = {
 		.data = {
 			0x38, 0xA6, 0xF0, 0x56, 0x05, 0xD2, 0xEC, 0x49,
 		},
@@ -102,7 +102,7 @@ struct kasumi_hash_test_data kasumi_hash_test_case_2 = {
 		},
 		.len = 16
 	},
-	.aad = {
+	.auth_iv = {
 		.data = {
 			0x3E, 0xDC, 0x87, 0xE2, 0xA4, 0xF2, 0xD8, 0xE2,
 		},
@@ -134,7 +134,7 @@ struct kasumi_hash_test_data kasumi_hash_test_case_3 = {
 		},
 		.len = 16
 	},
-	.aad = {
+	.auth_iv = {
 		.data = {
 			0x36, 0xAF, 0x61, 0x44, 0x98, 0x38, 0xF0, 0x3A,
 		},
@@ -168,7 +168,7 @@ struct kasumi_hash_test_data kasumi_hash_test_case_4 = {
 		},
 	.len = 16
 	},
-	.aad = {
+	.auth_iv = {
 		.data = {
 			0x14, 0x79, 0x3E, 0x41, 0x03, 0x97, 0xE8, 0xFD
 		},
@@ -203,7 +203,7 @@ struct kasumi_hash_test_data kasumi_hash_test_case_5 = {
 		},
 		.len = 16
 	},
-	.aad = {
+	.auth_iv = {
 		.data = {
 			0x29, 0x6F, 0x39, 0x3C, 0x6B, 0x22, 0x77, 0x37,
 		},
@@ -247,7 +247,7 @@ struct kasumi_hash_test_data kasumi_hash_test_case_6 = {
 		},
 		.len = 16
 	},
-	.aad = {
+	.auth_iv = {
 		.data = {
 			0x36, 0xAF, 0x61, 0x44, 0x4F, 0x30, 0x2A, 0xD2
 		},
@@ -288,7 +288,7 @@ struct kasumi_hash_test_data kasumi_hash_test_case_7 = {
 		},
 		.len = 16
 	},
-	.aad = {
+	.auth_iv = {
 		.data = {
 			0x38, 0xA6, 0xF0, 0x56, 0x05, 0xD2, 0xEC, 0x49,
 		},
diff --git a/test/test/test_cryptodev_kasumi_test_vectors.h b/test/test/test_cryptodev_kasumi_test_vectors.h
index 6a7efb8..d0b83b1 100644
--- a/test/test/test_cryptodev_kasumi_test_vectors.h
+++ b/test/test/test_cryptodev_kasumi_test_vectors.h
@@ -42,13 +42,13 @@ struct kasumi_test_data {
 	struct {
 		uint8_t data[64] __rte_aligned(16);
 		unsigned len;
-	} iv;
+	} cipher_iv;
 
 	/* Includes: COUNT (4 bytes) and FRESH (4 bytes) */
 	struct {
 		uint8_t data[8];
 		unsigned len;
-	} aad;
+	} auth_iv;
 
 	struct {
 		uint8_t data[1024]; /* Data may include direction bit */
@@ -88,7 +88,7 @@ struct kasumi_test_data kasumi_test_case_1 = {
 		},
 		.len = 16
 	},
-	.iv = {
+	.cipher_iv = {
 		.data = {
 			0x72, 0xA4, 0xF2, 0x0F, 0x64, 0x00, 0x00, 0x00
 		},
@@ -143,7 +143,7 @@ struct kasumi_test_data kasumi_test_case_2 = {
 		},
 		.len = 16
 	},
-	.iv = {
+	.cipher_iv = {
 		.data = {
 			0xE2, 0x8B, 0xCF, 0x7B, 0xC0, 0x00, 0x00, 0x00
 		},
@@ -188,13 +188,13 @@ struct kasumi_test_data kasumi_test_case_3 = {
 		},
 		.len = 16
 	},
-	.iv = {
+	.cipher_iv = {
 		.data = {
 			0xFA, 0x55, 0x6B, 0x26, 0x1C, 0x00, 0x00, 0x00
 		},
 		.len = 8
 	},
-	.aad = {
+	.auth_iv = {
 		.data = {
 			0x38, 0xA6, 0xF0, 0x56, 0x05, 0xD2, 0xEC, 0x49
 		},
@@ -237,7 +237,7 @@ struct kasumi_test_data kasumi_test_case_4 = {
 		},
 		.len = 16
 	},
-	.iv = {
+	.cipher_iv = {
 		.data = {
 			0x39, 0x8A, 0x59, 0xB4, 0x2C, 0x00, 0x00, 0x00,
 		},
@@ -274,7 +274,7 @@ struct kasumi_test_data kasumi_test_case_5 = {
 		},
 		.len = 16
 	},
-	.iv = {
+	.cipher_iv = {
 		.data = {
 			0x72, 0xA4, 0xF2, 0x0F, 0x48, 0x00, 0x00, 0x00
 		},
@@ -331,13 +331,13 @@ struct kasumi_test_data kasumi_test_case_6 = {
 		},
 		.len = 16
 	},
-	.iv = {
+	.cipher_iv = {
 		.data = {
 			0xFA, 0x55, 0x6B, 0x26, 0x1C, 0x00, 0x00, 0x00
 		},
 		.len = 8
 	},
-	.aad = {
+	.auth_iv = {
 		.data = {
 			0x38, 0xA6, 0xF0, 0x56, 0x05, 0xD2, 0xEC, 0x49
 		},
diff --git a/test/test/test_cryptodev_perf.c b/test/test/test_cryptodev_perf.c
index 7238bfa..1d204fd 100644
--- a/test/test/test_cryptodev_perf.c
+++ b/test/test/test_cryptodev_perf.c
@@ -2704,10 +2704,12 @@ test_perf_create_snow3g_session(uint8_t dev_id, enum chain_mode chain,
 	auth_xform.auth.op = RTE_CRYPTO_AUTH_OP_GENERATE;
 	auth_xform.auth.algo = auth_algo;
 
-	auth_xform.auth.add_auth_data_length = SNOW3G_CIPHER_IV_LENGTH;
 	auth_xform.auth.key.data = snow3g_hash_key;
 	auth_xform.auth.key.length =  get_auth_key_max_length(auth_algo);
 	auth_xform.auth.digest_length = get_auth_digest_length(auth_algo);
+	/* Auth IV will be after cipher IV */
+	auth_xform.auth.iv.offset = IV_OFFSET + SNOW3G_CIPHER_IV_LENGTH;
+	auth_xform.auth.iv.length = SNOW3G_CIPHER_IV_LENGTH;
 
 	switch (chain) {
 	case CIPHER_HASH:
@@ -2969,10 +2971,6 @@ test_perf_set_crypto_op_snow3g(struct rte_crypto_op *op, struct rte_mbuf *m,
 	op->sym->auth.digest.phys_addr =
 				rte_pktmbuf_mtophys_offset(m, data_len);
 	op->sym->auth.digest.length = digest_len;
-	op->sym->auth.aad.data = iv_ptr;
-	op->sym->auth.aad.phys_addr = rte_crypto_op_ctophys_offset(op,
-			IV_OFFSET);
-	op->sym->auth.aad.length = SNOW3G_CIPHER_IV_LENGTH;
 
 	/* Data lengths/offsets Parameters */
 	op->sym->auth.data.offset = 0;
@@ -3017,11 +3015,16 @@ test_perf_set_crypto_op_snow3g_hash(struct rte_crypto_op *op,
 		unsigned data_len,
 		unsigned digest_len)
 {
+	uint8_t *iv_ptr = rte_crypto_op_ctod_offset(op,
+			uint8_t *, IV_OFFSET);
+
 	if (rte_crypto_op_attach_sym_session(op, sess) != 0) {
 		rte_crypto_op_free(op);
 		return NULL;
 	}
 
+	rte_memcpy(iv_ptr, snow3g_iv, SNOW3G_CIPHER_IV_LENGTH);
+
 	/* Authentication Parameters */
 
 	op->sym->auth.digest.data =
@@ -3031,13 +3034,6 @@ test_perf_set_crypto_op_snow3g_hash(struct rte_crypto_op *op,
 				rte_pktmbuf_mtophys_offset(m, data_len +
 					SNOW3G_CIPHER_IV_LENGTH);
 	op->sym->auth.digest.length = digest_len;
-	op->sym->auth.aad.data = rte_crypto_op_ctod_offset(op,
-			uint8_t *, IV_OFFSET);
-	op->sym->auth.aad.phys_addr = rte_crypto_op_ctophys_offset(op,
-			IV_OFFSET);
-	op->sym->auth.aad.length = SNOW3G_CIPHER_IV_LENGTH;
-	rte_memcpy(op->sym->auth.aad.data, snow3g_iv,
-			SNOW3G_CIPHER_IV_LENGTH);
 
 	/* Data lengths/offsets Parameters */
 	op->sym->auth.data.offset = 0;
diff --git a/test/test/test_cryptodev_snow3g_hash_test_vectors.h b/test/test/test_cryptodev_snow3g_hash_test_vectors.h
index e88e7ab..d51cdfa 100644
--- a/test/test/test_cryptodev_snow3g_hash_test_vectors.h
+++ b/test/test/test_cryptodev_snow3g_hash_test_vectors.h
@@ -42,7 +42,7 @@ struct snow3g_hash_test_data {
 	struct {
 		uint8_t data[64];
 		unsigned len;
-	} aad;
+	} auth_iv;
 
 	struct {
 		uint8_t data[2056];
@@ -67,7 +67,7 @@ struct snow3g_hash_test_data snow3g_hash_test_case_1 = {
 		},
 	.len = 16
 	},
-	.aad = {
+	.auth_iv = {
 		.data = {
 			0x14, 0x79, 0x3E, 0x41, 0x03, 0x97, 0xE8, 0xFD,
 			0x94, 0x79, 0x3E, 0x41, 0x03, 0x97, 0x68, 0xFD
@@ -102,7 +102,7 @@ struct snow3g_hash_test_data snow3g_hash_test_case_2 = {
 		},
 	.len = 16
 	},
-	.aad = {
+	.auth_iv = {
 		.data = {
 			0x29, 0x6F, 0x39, 0x3C, 0x6B, 0x22, 0x77, 0x37,
 			0xA9, 0x6F, 0x39, 0x3C, 0x6B, 0x22, 0xF7, 0x37
@@ -147,7 +147,7 @@ struct snow3g_hash_test_data snow3g_hash_test_case_3 = {
 		},
 	.len = 16
 	},
-	.aad = {
+	.auth_iv = {
 		.data = {
 			0x29, 0x6F, 0x39, 0x3C, 0x6B, 0x22, 0x77, 0x37,
 			0xA9, 0x6F, 0x39, 0x3C, 0x6B, 0x22, 0xF7, 0x37
@@ -433,7 +433,7 @@ struct snow3g_hash_test_data snow3g_hash_test_case_4 = {
 		},
 	.len = 16
 	},
-	.aad = {
+	.auth_iv = {
 		.data = {
 			0x38, 0xA6, 0xF0, 0x56, 0x05, 0xD2, 0xEC, 0x49,
 			0x38, 0xA6, 0xF0, 0x56, 0x05, 0xD2, 0xEC, 0x49,
@@ -465,7 +465,7 @@ struct snow3g_hash_test_data snow3g_hash_test_case_5 = {
 		},
 		.len = 16
 	},
-	.aad = {
+	.auth_iv = {
 		.data = {
 			0x3E, 0xDC, 0x87, 0xE2, 0xA4, 0xF2, 0xD8, 0xE2,
 			0xBE, 0xDC, 0x87, 0xE2, 0xA4, 0xF2, 0x58, 0xE2
@@ -498,7 +498,7 @@ struct snow3g_hash_test_data snow3g_hash_test_case_6 = {
 		},
 		.len = 16
 	},
-	.aad = {
+	.auth_iv = {
 		.data = {
 			0x36, 0xAF, 0x61, 0x44, 0x98, 0x38, 0xF0, 0x3A,
 			0xB6, 0xAF, 0x61, 0x44, 0x98, 0x38, 0x70, 0x3A
diff --git a/test/test/test_cryptodev_snow3g_test_vectors.h b/test/test/test_cryptodev_snow3g_test_vectors.h
index 0c8ad1c..6b99f6c 100644
--- a/test/test/test_cryptodev_snow3g_test_vectors.h
+++ b/test/test/test_cryptodev_snow3g_test_vectors.h
@@ -42,7 +42,7 @@ struct snow3g_test_data {
 	struct {
 		uint8_t data[64] __rte_aligned(16);
 		unsigned len;
-	} iv;
+	} cipher_iv;
 
 	struct {
 		uint8_t data[1024];
@@ -69,7 +69,7 @@ struct snow3g_test_data {
 	struct {
 		uint8_t data[64];
 		unsigned len;
-	} aad;
+	} auth_iv;
 
 	struct {
 		uint8_t data[64];
@@ -84,7 +84,7 @@ struct snow3g_test_data snow3g_test_case_1 = {
 		},
 		.len = 16
 	},
-	.iv = {
+	.cipher_iv = {
 		.data = {
 			0x72, 0xA4, 0xF2, 0x0F, 0x64, 0x00, 0x00, 0x00,
 			0x72, 0xA4, 0xF2, 0x0F, 0x64, 0x00, 0x00, 0x00
@@ -133,7 +133,7 @@ struct snow3g_test_data snow3g_test_case_1 = {
 	.validCipherLenInBits = {
 		.len = 800
 	},
-	.aad = {
+	.auth_iv = {
 		.data = {
 			 0x72, 0xA4, 0xF2, 0x0F, 0x64, 0x00, 0x00, 0x00,
 			 0x72, 0xA4, 0xF2, 0x0F, 0x64, 0x00, 0x00, 0x00
@@ -150,7 +150,7 @@ struct snow3g_test_data snow3g_test_case_2 = {
 		},
 		.len = 16
 	},
-	.iv = {
+	.cipher_iv = {
 	       .data = {
 			0xE2, 0x8B, 0xCF, 0x7B, 0xC0, 0x00, 0x00, 0x00,
 			0xE2, 0x8B, 0xCF, 0x7B, 0xC0, 0x00, 0x00, 0x00
@@ -189,7 +189,7 @@ struct snow3g_test_data snow3g_test_case_2 = {
 	.validCipherLenInBits = {
 		.len = 512
 	},
-	.aad = {
+	.auth_iv = {
 		.data = {
 			 0xE2, 0x8B, 0xCF, 0x7B, 0xC0, 0x00, 0x00, 0x00,
 			 0xE2, 0x8B, 0xCF, 0x7B, 0xC0, 0x00, 0x00, 0x00
@@ -206,7 +206,7 @@ struct snow3g_test_data snow3g_test_case_3 = {
 		},
 		.len = 16
 	},
-	.iv = {
+	.cipher_iv = {
 		.data = {
 			0xFA, 0x55, 0x6B, 0x26, 0x1C, 0x00, 0x00, 0x00,
 			0xFA, 0x55, 0x6B, 0x26, 0x1C, 0x00, 0x00, 0x00
@@ -233,7 +233,7 @@ struct snow3g_test_data snow3g_test_case_3 = {
 	.validCipherLenInBits = {
 		.len = 120
 	},
-	.aad = {
+	.auth_iv = {
 		.data = {
 			0xFA, 0x55, 0x6B, 0x26, 0x1C, 0x00, 0x00, 0x00,
 			0xFA, 0x55, 0x6B, 0x26, 0x1C, 0x00, 0x00, 0x00
@@ -257,7 +257,7 @@ struct snow3g_test_data snow3g_test_case_4 = {
 		},
 		.len = 16
 	},
-	.iv = {
+	.cipher_iv = {
 		.data = {
 			0x39, 0x8A, 0x59, 0xB4, 0x2C, 0x00, 0x00, 0x00,
 			0x39, 0x8A, 0x59, 0xB4, 0x2C, 0x00, 0x00, 0x00
@@ -298,7 +298,7 @@ struct snow3g_test_data snow3g_test_case_5 = {
 		},
 		.len = 16
 	},
-	.iv = {
+	.cipher_iv = {
 		.data = {
 			0x72, 0xA4, 0xF2, 0x0F, 0x48, 0x00, 0x00, 0x00,
 			0x72, 0xA4, 0xF2, 0x0F, 0x48, 0x00, 0x00, 0x00
@@ -357,14 +357,14 @@ struct snow3g_test_data snow3g_test_case_6 = {
 		},
 		.len = 16
 	},
-	.iv = {
+	.cipher_iv = {
 		.data = {
 			0x14, 0x79, 0x3E, 0x41, 0x03, 0x97, 0xE8, 0xFD,
 			0x94, 0x79, 0x3E, 0x41, 0x03, 0x97, 0x68, 0xFD
 		},
 		.len = 16
 	},
-	.aad = {
+	.auth_iv = {
 		.data = {
 			0x14, 0x79, 0x3E, 0x41, 0x03, 0x97, 0xE8, 0xFD,
 			0x94, 0x79, 0x3E, 0x41, 0x03, 0x97, 0x68, 0xFD
diff --git a/test/test/test_cryptodev_zuc_test_vectors.h b/test/test/test_cryptodev_zuc_test_vectors.h
index 50fb538..959a024 100644
--- a/test/test/test_cryptodev_zuc_test_vectors.h
+++ b/test/test/test_cryptodev_zuc_test_vectors.h
@@ -42,7 +42,7 @@ struct wireless_test_data {
 	struct {
 		uint8_t data[64] __rte_aligned(16);
 		unsigned len;
-	} iv;
+	} cipher_iv;
 
 	struct {
 		uint8_t data[2048];
@@ -69,7 +69,7 @@ struct wireless_test_data {
 	struct {
 		uint8_t data[64];
 		unsigned len;
-	} aad;
+	} auth_iv;
 
 	struct {
 		uint8_t data[64];
@@ -84,7 +84,7 @@ static struct wireless_test_data zuc_test_case_cipher_193b = {
 		},
 		.len = 16
 	},
-	.iv = {
+	.cipher_iv = {
 		.data = {
 			0x66, 0x03, 0x54, 0x92, 0x78, 0x00, 0x00, 0x00,
 			0x66, 0x03, 0x54, 0x92, 0x78, 0x00, 0x00, 0x00
@@ -125,7 +125,7 @@ static struct wireless_test_data zuc_test_case_cipher_800b = {
 		},
 		.len = 16
 	},
-	.iv = {
+	.cipher_iv = {
 		.data = {
 			0x00, 0x05, 0x68, 0x23, 0xC4, 0x00, 0x00, 0x00,
 			0x00, 0x05, 0x68, 0x23, 0xC4, 0x00, 0x00, 0x00
@@ -184,7 +184,7 @@ static struct wireless_test_data zuc_test_case_cipher_1570b = {
 		},
 		.len = 16
 	},
-	.iv = {
+	.cipher_iv = {
 		.data = {
 			0x76, 0x45, 0x2E, 0xC1, 0x14, 0x00, 0x00, 0x00,
 			0x76, 0x45, 0x2E, 0xC1, 0x14, 0x00, 0x00, 0x00
@@ -267,7 +267,7 @@ static struct wireless_test_data zuc_test_case_cipher_2798b = {
 		},
 		.len = 16
 	},
-	.iv = {
+	.cipher_iv = {
 		.data = {
 			0xE4, 0x85, 0x0F, 0xE1, 0x84, 0x00, 0x00, 0x00,
 			0xE4, 0x85, 0x0F, 0xE1, 0x84, 0x00, 0x00, 0x00
@@ -388,7 +388,7 @@ static struct wireless_test_data zuc_test_case_cipher_4019b = {
 		},
 		.len = 16
 	},
-	.iv = {
+	.cipher_iv = {
 		.data = {
 			0x27, 0x38, 0xCD, 0xAA, 0xD0, 0x00, 0x00, 0x00,
 			0x27, 0x38, 0xCD, 0xAA, 0xD0, 0x00, 0x00, 0x00
@@ -547,7 +547,7 @@ static struct wireless_test_data zuc_test_case_cipher_200b_auth_200b = {
 		},
 		.len = 16
 	},
-	.iv = {
+	.cipher_iv = {
 		.data = {
 			0x66, 0x03, 0x54, 0x92, 0x78, 0x00, 0x00, 0x00,
 			0x66, 0x03, 0x54, 0x92, 0x78, 0x00, 0x00, 0x00
@@ -578,7 +578,7 @@ static struct wireless_test_data zuc_test_case_cipher_200b_auth_200b = {
 	.validCipherLenInBits = {
 		.len = 200
 	},
-	.aad = {
+	.auth_iv = {
 		.data = {
 			0xFA, 0x55, 0x6B, 0x26, 0x1C, 0x00, 0x00, 0x00,
 			0xFA, 0x55, 0x6B, 0x26, 0x1C, 0x00, 0x00, 0x00
@@ -602,7 +602,7 @@ static struct wireless_test_data zuc_test_case_cipher_800b_auth_120b = {
 		},
 		.len = 16
 	},
-	.iv = {
+	.cipher_iv = {
 		.data = {
 			0x00, 0x05, 0x68, 0x23, 0xC4, 0x00, 0x00, 0x00,
 			0x00, 0x05, 0x68, 0x23, 0xC4, 0x00, 0x00, 0x00
@@ -651,7 +651,7 @@ static struct wireless_test_data zuc_test_case_cipher_800b_auth_120b = {
 	.validCipherLenInBits = {
 		.len = 800
 	},
-	.aad = {
+	.auth_iv = {
 		.data = {
 			0xFA, 0x55, 0x6B, 0x26, 0x1C, 0x00, 0x00, 0x00,
 			0xFA, 0x55, 0x6B, 0x26, 0x1C, 0x00, 0x00, 0x00
@@ -675,7 +675,7 @@ struct wireless_test_data zuc_test_case_auth_1b = {
 		},
 		.len = 16
 	},
-	.aad = {
+	.auth_iv = {
 		.data = {
 			0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
 			0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00
@@ -703,7 +703,7 @@ struct wireless_test_data zuc_test_case_auth_90b = {
 		},
 		.len = 16
 	},
-	.aad = {
+	.auth_iv = {
 		.data = {
 			0x56, 0x1E, 0xB2, 0xDD, 0xA0, 0x00, 0x00, 0x00,
 			0x56, 0x1E, 0xB2, 0xDD, 0xA0, 0x00, 0x00, 0x00
@@ -734,7 +734,7 @@ struct wireless_test_data zuc_test_case_auth_577b = {
 		},
 		.len = 16
 	},
-	.aad = {
+	.auth_iv = {
 		.data = {
 			0xA9, 0x40, 0x59, 0xDA, 0x50, 0x00, 0x00, 0x00,
 			0x29, 0x40, 0x59, 0xDA, 0x50, 0x00, 0x80, 0x00
@@ -773,7 +773,7 @@ struct wireless_test_data zuc_test_case_auth_2079b = {
 		},
 		.len = 16
 	},
-	.aad = {
+	.auth_iv = {
 		.data = {
 			0x05, 0x09, 0x78, 0x50, 0x80, 0x00, 0x00, 0x00,
 			0x85, 0x09, 0x78, 0x50, 0x80, 0x00, 0x80, 0x00
@@ -835,7 +835,7 @@ struct wireless_test_data zuc_test_auth_5670b = {
 		},
 		.len = 16
 	},
-	.aad = {
+	.auth_iv = {
 		.data = {
 			0x56, 0x1E, 0xB2, 0xDD, 0xE0, 0x00, 0x00, 0x00,
 			0x56, 0x1E, 0xB2, 0xDD, 0xE0, 0x00, 0x00, 0x00
@@ -950,7 +950,7 @@ static struct wireless_test_data zuc_test_case_auth_128b = {
 		.data = { 0x0 },
 		.len = 16
 	},
-	.aad = {
+	.auth_iv = {
 		.data = { 0x0 },
 		.len = 16
 	},
@@ -975,7 +975,7 @@ static struct wireless_test_data zuc_test_case_auth_2080b = {
 		},
 		.len = 16
 	},
-	.aad = {
+	.auth_iv = {
 		.data = {
 			0x05, 0x09, 0x78, 0x50, 0x80, 0x00, 0x00, 0x00,
 			0x85, 0x09, 0x78, 0x50, 0x80, 0x00, 0x80, 0x00
@@ -1037,7 +1037,7 @@ static struct wireless_test_data zuc_test_case_auth_584b = {
 		},
 		.len = 16
 	},
-	.aad = {
+	.auth_iv = {
 		.data = {
 			0xa9, 0x40, 0x59, 0xda, 0x50, 0x0, 0x0, 0x0,
 			0x29, 0x40, 0x59, 0xda, 0x50, 0x0, 0x80, 0x0
-- 
2.9.4

^ permalink raw reply	[flat|nested] 100+ messages in thread

* [dpdk-dev] [PATCH v3 16/26] cryptodev: remove AAD length from crypto op
  2017-06-29 11:34   ` [dpdk-dev] [PATCH v3 00/26] Crypto operation restructuring Pablo de Lara
                       ` (14 preceding siblings ...)
  2017-06-29 11:35     ` [dpdk-dev] [PATCH v3 15/26] cryptodev: do not use AAD in wireless algorithms Pablo de Lara
@ 2017-06-29 11:35     ` Pablo de Lara
  2017-06-29 11:35     ` [dpdk-dev] [PATCH v3 17/26] cryptodev: remove digest " Pablo de Lara
                       ` (11 subsequent siblings)
  27 siblings, 0 replies; 100+ messages in thread
From: Pablo de Lara @ 2017-06-29 11:35 UTC (permalink / raw)
  To: declan.doherty, zbigniew.bodek, jerin.jacob, akhil.goyal,
	hemant.agrawal, fiona.trahe, john.griffin, deepak.k.jain
  Cc: dev, Pablo de Lara

Additional authenticated data (AAD) information was duplicated
in the authentication transform and in the crypto
operation structures.

Since AAD length is not meant to be changed in a same session,
it is removed from the crypto operation structure.

Signed-off-by: Pablo de Lara <pablo.de.lara.guarch@intel.com>
Acked-by: Akhil Goyal <akhil.goyal@nxp.com>
---
 app/test-crypto-perf/cperf_ops.c                 |  3 ---
 doc/guides/prog_guide/cryptodev_lib.rst          |  1 -
 doc/guides/rel_notes/release_17_08.rst           |  3 +++
 drivers/crypto/aesni_gcm/aesni_gcm_pmd.c         |  6 +++--
 drivers/crypto/aesni_gcm/aesni_gcm_pmd_private.h |  2 ++
 drivers/crypto/openssl/rte_openssl_pmd.c         |  4 ++-
 drivers/crypto/openssl/rte_openssl_pmd_private.h |  3 +++
 drivers/crypto/qat/qat_adf/qat_algs_build_desc.c |  1 +
 drivers/crypto/qat/qat_crypto.c                  |  4 +--
 examples/ipsec-secgw/esp.c                       |  2 --
 examples/l2fwd-crypto/main.c                     |  4 ---
 lib/librte_cryptodev/rte_crypto_sym.h            |  6 +----
 test/test/test_cryptodev.c                       | 10 +++-----
 test/test/test_cryptodev_perf.c                  | 31 +++++++++++++-----------
 14 files changed, 39 insertions(+), 41 deletions(-)

diff --git a/app/test-crypto-perf/cperf_ops.c b/app/test-crypto-perf/cperf_ops.c
index 7d5d3f0..15a4b58 100644
--- a/app/test-crypto-perf/cperf_ops.c
+++ b/app/test-crypto-perf/cperf_ops.c
@@ -187,7 +187,6 @@ cperf_set_ops_auth(struct rte_crypto_op **ops,
 			sym_op->auth.digest.length = options->auth_digest_sz;
 			sym_op->auth.aad.phys_addr = test_vector->aad.phys_addr;
 			sym_op->auth.aad.data = test_vector->aad.data;
-			sym_op->auth.aad.length = options->auth_aad_sz;
 
 		}
 
@@ -274,7 +273,6 @@ cperf_set_ops_cipher_auth(struct rte_crypto_op **ops,
 			sym_op->auth.digest.length = options->auth_digest_sz;
 			sym_op->auth.aad.phys_addr = test_vector->aad.phys_addr;
 			sym_op->auth.aad.data = test_vector->aad.data;
-			sym_op->auth.aad.length = options->auth_aad_sz;
 		}
 
 		if (options->auth_algo == RTE_CRYPTO_AUTH_SNOW3G_UIA2 ||
@@ -335,7 +333,6 @@ cperf_set_ops_aead(struct rte_crypto_op **ops,
 
 		sym_op->auth.aad.data = rte_pktmbuf_mtod(bufs_in[i], uint8_t *);
 		sym_op->auth.aad.phys_addr = rte_pktmbuf_mtophys(bufs_in[i]);
-		sym_op->auth.aad.length = options->auth_aad_sz;
 
 		/* authentication parameters */
 		if (options->auth_op == RTE_CRYPTO_AUTH_OP_VERIFY) {
diff --git a/doc/guides/prog_guide/cryptodev_lib.rst b/doc/guides/prog_guide/cryptodev_lib.rst
index 68890ff..ea8fc00 100644
--- a/doc/guides/prog_guide/cryptodev_lib.rst
+++ b/doc/guides/prog_guide/cryptodev_lib.rst
@@ -553,7 +553,6 @@ chain.
             struct {
                 uint8_t *data;
                 phys_addr_t phys_addr;
-                uint16_t length;
             } aad;    /**< Additional authentication parameters */
         } auth;
     }
diff --git a/doc/guides/rel_notes/release_17_08.rst b/doc/guides/rel_notes/release_17_08.rst
index eabf3dd..e633d73 100644
--- a/doc/guides/rel_notes/release_17_08.rst
+++ b/doc/guides/rel_notes/release_17_08.rst
@@ -163,6 +163,9 @@ API Changes
     ``rte_crypto_cipher_xform``.
   * Added authentication IV parameters (offset and length) in
     ``rte_crypto_auth_xform``.
+  * Removed Additional Authentication Data (AAD) length from ``rte_crypto_sym_op``.
+  * Changed field size of AAD length in ``rte_crypto_auth_xform``,
+    from uint32_t to uint16_t.
 
 
 ABI Changes
diff --git a/drivers/crypto/aesni_gcm/aesni_gcm_pmd.c b/drivers/crypto/aesni_gcm/aesni_gcm_pmd.c
index 414f22b..f6136ba 100644
--- a/drivers/crypto/aesni_gcm/aesni_gcm_pmd.c
+++ b/drivers/crypto/aesni_gcm/aesni_gcm_pmd.c
@@ -145,6 +145,8 @@ aesni_gcm_set_session_parameters(struct aesni_gcm_session *sess,
 		return -EINVAL;
 	}
 
+	sess->aad_length = auth_xform->auth.add_auth_data_length;
+
 	return 0;
 }
 
@@ -255,7 +257,7 @@ process_gcm_crypto_op(struct rte_crypto_op *op,
 		aesni_gcm_enc[session->key].init(&session->gdata,
 				iv_ptr,
 				sym_op->auth.aad.data,
-				(uint64_t)sym_op->auth.aad.length);
+				(uint64_t)session->aad_length);
 
 		aesni_gcm_enc[session->key].update(&session->gdata, dst, src,
 				(uint64_t)part_len);
@@ -293,7 +295,7 @@ process_gcm_crypto_op(struct rte_crypto_op *op,
 		aesni_gcm_dec[session->key].init(&session->gdata,
 				iv_ptr,
 				sym_op->auth.aad.data,
-				(uint64_t)sym_op->auth.aad.length);
+				(uint64_t)session->aad_length);
 
 		aesni_gcm_dec[session->key].update(&session->gdata, dst, src,
 				(uint64_t)part_len);
diff --git a/drivers/crypto/aesni_gcm/aesni_gcm_pmd_private.h b/drivers/crypto/aesni_gcm/aesni_gcm_pmd_private.h
index 2ed96f8..bfd4d1c 100644
--- a/drivers/crypto/aesni_gcm/aesni_gcm_pmd_private.h
+++ b/drivers/crypto/aesni_gcm/aesni_gcm_pmd_private.h
@@ -99,6 +99,8 @@ struct aesni_gcm_session {
 	/**< GCM operation type */
 	enum aesni_gcm_key key;
 	/**< GCM key type */
+	uint16_t aad_length;
+	/**< AAD length */
 	struct gcm_data gdata __rte_cache_aligned;
 	/**< GCM parameters */
 };
diff --git a/drivers/crypto/openssl/rte_openssl_pmd.c b/drivers/crypto/openssl/rte_openssl_pmd.c
index 970c735..9de4c68 100644
--- a/drivers/crypto/openssl/rte_openssl_pmd.c
+++ b/drivers/crypto/openssl/rte_openssl_pmd.c
@@ -370,6 +370,8 @@ openssl_set_session_auth_parameters(struct openssl_session *sess,
 		return -EINVAL;
 	}
 
+	sess->auth.aad_length = xform->auth.add_auth_data_length;
+
 	return 0;
 }
 
@@ -934,7 +936,7 @@ process_openssl_combined_op
 			sess->iv.offset);
 	ivlen = sess->iv.length;
 	aad = op->sym->auth.aad.data;
-	aadlen = op->sym->auth.aad.length;
+	aadlen = sess->auth.aad_length;
 
 	tag = op->sym->auth.digest.data;
 	if (tag == NULL)
diff --git a/drivers/crypto/openssl/rte_openssl_pmd_private.h b/drivers/crypto/openssl/rte_openssl_pmd_private.h
index 3a64853..045e532 100644
--- a/drivers/crypto/openssl/rte_openssl_pmd_private.h
+++ b/drivers/crypto/openssl/rte_openssl_pmd_private.h
@@ -162,6 +162,9 @@ struct openssl_session {
 				/**< pointer to EVP context structure */
 			} hmac;
 		};
+
+		uint16_t aad_length;
+		/**< AAD length */
 	} auth;
 
 } __rte_cache_aligned;
diff --git a/drivers/crypto/qat/qat_adf/qat_algs_build_desc.c b/drivers/crypto/qat/qat_adf/qat_algs_build_desc.c
index 5bf9c86..4df57aa 100644
--- a/drivers/crypto/qat/qat_adf/qat_algs_build_desc.c
+++ b/drivers/crypto/qat/qat_adf/qat_algs_build_desc.c
@@ -817,6 +817,7 @@ int qat_alg_aead_session_create_content_desc_auth(struct qat_session *cdesc,
 					ICP_QAT_HW_GALOIS_128_STATE1_SZ +
 					ICP_QAT_HW_GALOIS_H_SZ);
 		*aad_len = rte_bswap32(add_auth_data_length);
+		cdesc->aad_len = add_auth_data_length;
 		break;
 	case ICP_QAT_HW_AUTH_ALGO_SNOW_3G_UIA2:
 		qat_proto_flag = QAT_CRYPTO_PROTO_FLAG_SNOW3G;
diff --git a/drivers/crypto/qat/qat_crypto.c b/drivers/crypto/qat/qat_crypto.c
index 8f5532e..aada9dd 100644
--- a/drivers/crypto/qat/qat_crypto.c
+++ b/drivers/crypto/qat/qat_crypto.c
@@ -1175,7 +1175,7 @@ qat_write_hw_desc_entry(struct rte_crypto_op *op, uint8_t *out_msg,
 			cipher_param->cipher_length = 0;
 			cipher_param->cipher_offset = 0;
 			auth_param->u1.aad_adr = 0;
-			auth_param->auth_len = op->sym->auth.aad.length;
+			auth_param->auth_len = ctx->aad_len;
 			auth_param->auth_off = op->sym->auth.data.offset;
 			auth_param->u2.aad_sz = 0;
 		}
@@ -1202,7 +1202,7 @@ qat_write_hw_desc_entry(struct rte_crypto_op *op, uint8_t *out_msg,
 		rte_hexdump(stdout, "digest:", op->sym->auth.digest.data,
 				op->sym->auth.digest.length);
 		rte_hexdump(stdout, "aad:", op->sym->auth.aad.data,
-				op->sym->auth.aad.length);
+				ctx->aad_len);
 	}
 #endif
 	return 0;
diff --git a/examples/ipsec-secgw/esp.c b/examples/ipsec-secgw/esp.c
index 9e12782..571c2c6 100644
--- a/examples/ipsec-secgw/esp.c
+++ b/examples/ipsec-secgw/esp.c
@@ -129,7 +129,6 @@ esp_inbound(struct rte_mbuf *m, struct ipsec_sa *sa,
 		sym_cop->auth.aad.data = aad;
 		sym_cop->auth.aad.phys_addr = rte_pktmbuf_mtophys_offset(m,
 				aad - rte_pktmbuf_mtod(m, uint8_t *));
-		sym_cop->auth.aad.length = 8;
 		break;
 	default:
 		RTE_LOG(ERR, IPSEC_ESP, "unsupported auth algorithm %u\n",
@@ -358,7 +357,6 @@ esp_outbound(struct rte_mbuf *m, struct ipsec_sa *sa,
 		sym_cop->auth.aad.data = aad;
 		sym_cop->auth.aad.phys_addr = rte_pktmbuf_mtophys_offset(m,
 				aad - rte_pktmbuf_mtod(m, uint8_t *));
-		sym_cop->auth.aad.length = 8;
 		break;
 	default:
 		RTE_LOG(ERR, IPSEC_ESP, "unsupported auth algorithm %u\n",
diff --git a/examples/l2fwd-crypto/main.c b/examples/l2fwd-crypto/main.c
index ba5aef7..6fe829e 100644
--- a/examples/l2fwd-crypto/main.c
+++ b/examples/l2fwd-crypto/main.c
@@ -497,11 +497,9 @@ l2fwd_simple_crypto_enqueue(struct rte_mbuf *m,
 		if (cparams->aad.length) {
 			op->sym->auth.aad.data = cparams->aad.data;
 			op->sym->auth.aad.phys_addr = cparams->aad.phys_addr;
-			op->sym->auth.aad.length = cparams->aad.length;
 		} else {
 			op->sym->auth.aad.data = NULL;
 			op->sym->auth.aad.phys_addr = 0;
-			op->sym->auth.aad.length = 0;
 		}
 	}
 
@@ -709,8 +707,6 @@ l2fwd_main_loop(struct l2fwd_crypto_options *options)
 					options->auth_xform.auth.digest_length;
 			if (options->auth_xform.auth.add_auth_data_length) {
 				port_cparams[i].aad.data = options->aad.data;
-				port_cparams[i].aad.length =
-					options->auth_xform.auth.add_auth_data_length;
 				port_cparams[i].aad.phys_addr = options->aad.phys_addr;
 				if (!options->aad_param)
 					generate_random_key(port_cparams[i].aad.data,
diff --git a/lib/librte_cryptodev/rte_crypto_sym.h b/lib/librte_cryptodev/rte_crypto_sym.h
index 3ccb6fd..b964a56 100644
--- a/lib/librte_cryptodev/rte_crypto_sym.h
+++ b/lib/librte_cryptodev/rte_crypto_sym.h
@@ -365,7 +365,7 @@ struct rte_crypto_auth_xform {
 	 * the result shall be truncated.
 	 */
 
-	uint32_t add_auth_data_length;
+	uint16_t add_auth_data_length;
 	/**< The length of the additional authenticated data (AAD) in bytes.
 	 * The maximum permitted value is 65535 (2^16 - 1) bytes, unless
 	 * otherwise specified below.
@@ -653,10 +653,6 @@ struct rte_crypto_sym_op {
 			 * operation, this field is used to pass plaintext.
 			 */
 			phys_addr_t phys_addr;	/**< physical address */
-			uint16_t length;
-			/**< Length of additional authenticated data (AAD)
-			 * in bytes
-			 */
 		} aad;
 		/**< Additional authentication parameters */
 	} auth;
diff --git a/test/test/test_cryptodev.c b/test/test/test_cryptodev.c
index 853e3bd..7acfa24 100644
--- a/test/test/test_cryptodev.c
+++ b/test/test/test_cryptodev.c
@@ -4637,7 +4637,7 @@ test_3DES_cipheronly_openssl_all(void)
 static int
 create_gcm_session(uint8_t dev_id, enum rte_crypto_cipher_operation op,
 		const uint8_t *key, const uint8_t key_len,
-		const uint8_t aad_len, const uint8_t auth_len,
+		const uint16_t aad_len, const uint8_t auth_len,
 		uint8_t iv_len,
 		enum rte_crypto_auth_operation auth_op)
 {
@@ -4751,12 +4751,11 @@ create_gcm_operation(enum rte_crypto_cipher_operation op,
 	TEST_ASSERT_NOT_NULL(sym_op->auth.aad.data,
 			"no room to append aad");
 
-	sym_op->auth.aad.length = tdata->aad.len;
 	sym_op->auth.aad.phys_addr =
 			rte_pktmbuf_mtophys(ut_params->ibuf);
 	memcpy(sym_op->auth.aad.data, tdata->aad.data, tdata->aad.len);
 	TEST_HEXDUMP(stdout, "aad:", sym_op->auth.aad.data,
-		sym_op->auth.aad.length);
+		tdata->aad.len);
 
 	/* Append IV at the end of the crypto operation*/
 	uint8_t *iv_ptr = rte_crypto_op_ctod_offset(ut_params->op,
@@ -6315,7 +6314,6 @@ create_gmac_operation(enum rte_crypto_auth_operation op,
 	TEST_ASSERT_NOT_NULL(sym_op->auth.aad.data,
 			"no room to append aad");
 
-	sym_op->auth.aad.length = tdata->aad.len;
 	sym_op->auth.aad.phys_addr =
 			rte_pktmbuf_mtophys(ut_params->ibuf);
 	memcpy(sym_op->auth.aad.data, tdata->aad.data, tdata->aad.len);
@@ -6380,7 +6378,7 @@ static int create_gmac_session(uint8_t dev_id,
 	ut_params->auth_xform.auth.algo = RTE_CRYPTO_AUTH_AES_GMAC;
 	ut_params->auth_xform.auth.op = auth_op;
 	ut_params->auth_xform.auth.digest_length = tdata->gmac_tag.len;
-	ut_params->auth_xform.auth.add_auth_data_length = 0;
+	ut_params->auth_xform.auth.add_auth_data_length = tdata->aad.len;
 	ut_params->auth_xform.auth.key.length = 0;
 	ut_params->auth_xform.auth.key.data = NULL;
 
@@ -6860,7 +6858,6 @@ create_auth_GMAC_operation(struct crypto_testsuite_params *ts_params,
 	TEST_HEXDUMP(stdout, "AAD:", sym_op->auth.aad.data, reference->aad.len);
 
 	sym_op->auth.aad.phys_addr = rte_pktmbuf_mtophys(ut_params->ibuf);
-	sym_op->auth.aad.length = reference->aad.len;
 
 	/* digest */
 	sym_op->auth.digest.data = (uint8_t *)rte_pktmbuf_append(
@@ -7194,7 +7191,6 @@ create_gcm_operation_SGL(enum rte_crypto_cipher_operation op,
 			"no room to prepend aad");
 	sym_op->auth.aad.phys_addr = rte_pktmbuf_mtophys(
 			ut_params->ibuf);
-	sym_op->auth.aad.length = aad_len;
 
 	memset(sym_op->auth.aad.data, 0, aad_len);
 	rte_memcpy(sym_op->auth.aad.data, tdata->aad.data, aad_len);
diff --git a/test/test/test_cryptodev_perf.c b/test/test/test_cryptodev_perf.c
index 1d204fd..7239976 100644
--- a/test/test/test_cryptodev_perf.c
+++ b/test/test/test_cryptodev_perf.c
@@ -45,6 +45,7 @@
 
 #define AES_CIPHER_IV_LENGTH 16
 #define TRIPLE_DES_CIPHER_IV_LENGTH 8
+#define AES_GCM_AAD_LENGTH 16
 
 #define PERF_NUM_OPS_INFLIGHT		(128)
 #define DEFAULT_NUM_REQS_TO_SUBMIT	(10000000)
@@ -70,7 +71,6 @@ enum chain_mode {
 
 struct symmetric_op {
 	const uint8_t *aad_data;
-	uint32_t aad_len;
 
 	const uint8_t *p_data;
 	uint32_t p_len;
@@ -97,6 +97,7 @@ struct symmetric_session_attrs {
 
 	const uint8_t *iv_data;
 	uint16_t iv_len;
+	uint16_t aad_len;
 	uint32_t digest_len;
 };
 
@@ -2779,6 +2780,7 @@ test_perf_create_openssl_session(uint8_t dev_id, enum chain_mode chain,
 		break;
 	case RTE_CRYPTO_AUTH_AES_GCM:
 		auth_xform.auth.key.data = NULL;
+		auth_xform.auth.add_auth_data_length = AES_GCM_AAD_LENGTH;
 		break;
 	default:
 		return NULL;
@@ -2855,8 +2857,6 @@ test_perf_create_armv8_session(uint8_t dev_id, enum chain_mode chain,
 	}
 }
 
-#define AES_GCM_AAD_LENGTH 16
-
 static struct rte_mbuf *
 test_perf_create_pktmbuf(struct rte_mempool *mpool, unsigned buf_sz)
 {
@@ -2888,7 +2888,6 @@ test_perf_set_crypto_op_aes(struct rte_crypto_op *op, struct rte_mbuf *m,
 		op->sym->auth.digest.phys_addr = 0;
 		op->sym->auth.digest.length = 0;
 		op->sym->auth.aad.data = NULL;
-		op->sym->auth.aad.length = 0;
 		op->sym->auth.data.offset = 0;
 		op->sym->auth.data.length = 0;
 	} else {
@@ -2932,7 +2931,6 @@ test_perf_set_crypto_op_aes_gcm(struct rte_crypto_op *op, struct rte_mbuf *m,
 				rte_pktmbuf_mtophys_offset(m, data_len);
 	op->sym->auth.digest.length = digest_len;
 	op->sym->auth.aad.data = aes_gcm_aad;
-	op->sym->auth.aad.length = AES_GCM_AAD_LENGTH;
 
 	/* Copy IV at the end of the crypto operation */
 	rte_memcpy(rte_crypto_op_ctod_offset(op, uint8_t *, IV_OFFSET),
@@ -2999,9 +2997,14 @@ test_perf_set_crypto_op_snow3g_cipher(struct rte_crypto_op *op,
 	rte_memcpy(rte_crypto_op_ctod_offset(op, uint8_t *, IV_OFFSET),
 			snow3g_iv, SNOW3G_CIPHER_IV_LENGTH);
 
+	/* Cipher Parameters */
 	op->sym->cipher.data.offset = 0;
 	op->sym->cipher.data.length = data_len << 3;
 
+	rte_memcpy(rte_crypto_op_ctod_offset(op, uint8_t *, IV_OFFSET),
+			snow3g_iv,
+			SNOW3G_CIPHER_IV_LENGTH);
+
 	op->sym->m_src = m;
 
 	return op;
@@ -4137,6 +4140,7 @@ test_perf_create_session(uint8_t dev_id, struct perf_test_params *pparams)
 	auth_xform.auth.op = pparams->session_attrs->auth;
 	auth_xform.auth.algo = pparams->session_attrs->auth_algorithm;
 
+	auth_xform.auth.add_auth_data_length = pparams->session_attrs->aad_len;
 	auth_xform.auth.digest_length = pparams->session_attrs->digest_len;
 	auth_xform.auth.key.length = pparams->session_attrs->key_auth_len;
 
@@ -4172,17 +4176,16 @@ perf_gcm_set_crypto_op(struct rte_crypto_op *op, struct rte_mbuf *m,
 	op->sym->auth.digest.data = m_hlp->digest;
 	op->sym->auth.digest.phys_addr = rte_pktmbuf_mtophys_offset(
 					  m,
-					  params->symmetric_op->aad_len +
+					  params->session_attrs->aad_len +
 					  params->symmetric_op->p_len);
 
 	op->sym->auth.digest.length = params->symmetric_op->t_len;
 
 	op->sym->auth.aad.data = m_hlp->aad;
-	op->sym->auth.aad.length = params->symmetric_op->aad_len;
 	op->sym->auth.aad.phys_addr = rte_pktmbuf_mtophys(m);
 
 	rte_memcpy(op->sym->auth.aad.data, params->symmetric_op->aad_data,
-		       params->symmetric_op->aad_len);
+		       params->session_attrs->aad_len);
 
 	rte_memcpy(iv_ptr, params->session_attrs->iv_data,
 		       params->session_attrs->iv_len);
@@ -4190,11 +4193,11 @@ perf_gcm_set_crypto_op(struct rte_crypto_op *op, struct rte_mbuf *m,
 		iv_ptr[15] = 1;
 
 	op->sym->auth.data.offset =
-			params->symmetric_op->aad_len;
+			params->session_attrs->aad_len;
 	op->sym->auth.data.length = params->symmetric_op->p_len;
 
 	op->sym->cipher.data.offset =
-			params->symmetric_op->aad_len;
+			params->session_attrs->aad_len;
 	op->sym->cipher.data.length = params->symmetric_op->p_len;
 
 	op->sym->m_src = m;
@@ -4208,7 +4211,7 @@ test_perf_create_pktmbuf_fill(struct rte_mempool *mpool,
 		unsigned buf_sz, struct crypto_params *m_hlp)
 {
 	struct rte_mbuf *m = rte_pktmbuf_alloc(mpool);
-	uint16_t aad_len = params->symmetric_op->aad_len;
+	uint16_t aad_len = params->session_attrs->aad_len;
 	uint16_t digest_size = params->symmetric_op->t_len;
 	char *p;
 
@@ -4344,14 +4347,14 @@ perf_AES_GCM(uint8_t dev_id, uint16_t queue_id,
 				TEST_ASSERT_BUFFERS_ARE_EQUAL(
 					pparams->symmetric_op->c_data,
 					pkt +
-					pparams->symmetric_op->aad_len,
+					pparams->session_attrs->aad_len,
 					pparams->symmetric_op->c_len,
 					"GCM Ciphertext data not as expected");
 
 				TEST_ASSERT_BUFFERS_ARE_EQUAL(
 					pparams->symmetric_op->t_data,
 					pkt +
-					pparams->symmetric_op->aad_len +
+					pparams->session_attrs->aad_len +
 					pparams->symmetric_op->c_len,
 					pparams->symmetric_op->t_len,
 					"GCM MAC data not as expected");
@@ -4423,13 +4426,13 @@ test_perf_AES_GCM(int continual_buf_len, int continual_size)
 			RTE_CRYPTO_AUTH_OP_GENERATE;
 		session_attrs[i].key_auth_data = NULL;
 		session_attrs[i].key_auth_len = 0;
+		session_attrs[i].aad_len = gcm_test->aad.len;
 		session_attrs[i].digest_len =
 				gcm_test->auth_tag.len;
 		session_attrs[i].iv_len = gcm_test->iv.len;
 		session_attrs[i].iv_data = gcm_test->iv.data;
 
 		ops_set[i].aad_data = gcm_test->aad.data;
-		ops_set[i].aad_len = gcm_test->aad.len;
 		ops_set[i].p_data = gcm_test->plaintext.data;
 		ops_set[i].p_len = buf_lengths[i];
 		ops_set[i].c_data = gcm_test->ciphertext.data;
-- 
2.9.4

^ permalink raw reply	[flat|nested] 100+ messages in thread

* [dpdk-dev] [PATCH v3 17/26] cryptodev: remove digest length from crypto op
  2017-06-29 11:34   ` [dpdk-dev] [PATCH v3 00/26] Crypto operation restructuring Pablo de Lara
                       ` (15 preceding siblings ...)
  2017-06-29 11:35     ` [dpdk-dev] [PATCH v3 16/26] cryptodev: remove AAD length from crypto op Pablo de Lara
@ 2017-06-29 11:35     ` Pablo de Lara
  2017-06-29 11:35     ` [dpdk-dev] [PATCH v3 18/26] cryptodev: set AES-GMAC as auth-only algo Pablo de Lara
                       ` (10 subsequent siblings)
  27 siblings, 0 replies; 100+ messages in thread
From: Pablo de Lara @ 2017-06-29 11:35 UTC (permalink / raw)
  To: declan.doherty, zbigniew.bodek, jerin.jacob, akhil.goyal,
	hemant.agrawal, fiona.trahe, john.griffin, deepak.k.jain
  Cc: dev, Pablo de Lara

Digest length was duplicated in the authentication transform
and the crypto operation structures.

Since digest length is not expected to change in a same
session, it is removed from the crypto operation.

Also, the length has been shrunk to 16 bits,
which should be sufficient for any digest.

Signed-off-by: Pablo de Lara <pablo.de.lara.guarch@intel.com>
Acked-by: Akhil Goyal <akhil.goyal@nxp.com>
---
 app/test-crypto-perf/cperf_ops.c                 |  7 ---
 doc/guides/prog_guide/cryptodev_lib.rst          |  1 -
 doc/guides/rel_notes/release_17_08.rst           |  3 ++
 drivers/crypto/aesni_gcm/aesni_gcm_pmd.c         | 34 +++++++-------
 drivers/crypto/aesni_gcm/aesni_gcm_pmd_private.h |  2 +
 drivers/crypto/armv8/rte_armv8_pmd.c             |  9 ++--
 drivers/crypto/armv8/rte_armv8_pmd_private.h     |  2 +
 drivers/crypto/dpaa2_sec/dpaa2_sec_dpseci.c      | 34 +++++++-------
 drivers/crypto/dpaa2_sec/dpaa2_sec_priv.h        |  1 +
 drivers/crypto/kasumi/rte_kasumi_pmd.c           | 18 ++++----
 drivers/crypto/openssl/rte_openssl_pmd.c         |  7 +--
 drivers/crypto/openssl/rte_openssl_pmd_private.h |  2 +
 drivers/crypto/qat/qat_adf/qat_algs.h            |  1 +
 drivers/crypto/qat/qat_crypto.c                  |  3 +-
 drivers/crypto/snow3g/rte_snow3g_pmd.c           | 18 ++++----
 drivers/crypto/zuc/rte_zuc_pmd.c                 | 18 ++++----
 examples/ipsec-secgw/esp.c                       |  2 -
 examples/l2fwd-crypto/main.c                     |  1 -
 lib/librte_cryptodev/rte_crypto_sym.h            |  6 +--
 test/test/test_cryptodev.c                       | 34 +++++---------
 test/test/test_cryptodev_blockcipher.c           |  5 +--
 test/test/test_cryptodev_perf.c                  | 56 ++++++++----------------
 22 files changed, 119 insertions(+), 145 deletions(-)

diff --git a/app/test-crypto-perf/cperf_ops.c b/app/test-crypto-perf/cperf_ops.c
index 15a4b58..bc74371 100644
--- a/app/test-crypto-perf/cperf_ops.c
+++ b/app/test-crypto-perf/cperf_ops.c
@@ -161,7 +161,6 @@ cperf_set_ops_auth(struct rte_crypto_op **ops,
 			sym_op->auth.digest.data = test_vector->digest.data;
 			sym_op->auth.digest.phys_addr =
 					test_vector->digest.phys_addr;
-			sym_op->auth.digest.length = options->auth_digest_sz;
 		} else {
 
 			uint32_t offset = options->test_buffer_size;
@@ -184,7 +183,6 @@ cperf_set_ops_auth(struct rte_crypto_op **ops,
 					uint8_t *, offset);
 			sym_op->auth.digest.phys_addr =
 					rte_pktmbuf_mtophys_offset(buf,	offset);
-			sym_op->auth.digest.length = options->auth_digest_sz;
 			sym_op->auth.aad.phys_addr = test_vector->aad.phys_addr;
 			sym_op->auth.aad.data = test_vector->aad.data;
 
@@ -247,7 +245,6 @@ cperf_set_ops_cipher_auth(struct rte_crypto_op **ops,
 			sym_op->auth.digest.data = test_vector->digest.data;
 			sym_op->auth.digest.phys_addr =
 					test_vector->digest.phys_addr;
-			sym_op->auth.digest.length = options->auth_digest_sz;
 		} else {
 
 			uint32_t offset = options->test_buffer_size;
@@ -270,7 +267,6 @@ cperf_set_ops_cipher_auth(struct rte_crypto_op **ops,
 					uint8_t *, offset);
 			sym_op->auth.digest.phys_addr =
 					rte_pktmbuf_mtophys_offset(buf,	offset);
-			sym_op->auth.digest.length = options->auth_digest_sz;
 			sym_op->auth.aad.phys_addr = test_vector->aad.phys_addr;
 			sym_op->auth.aad.data = test_vector->aad.data;
 		}
@@ -339,7 +335,6 @@ cperf_set_ops_aead(struct rte_crypto_op **ops,
 			sym_op->auth.digest.data = test_vector->digest.data;
 			sym_op->auth.digest.phys_addr =
 					test_vector->digest.phys_addr;
-			sym_op->auth.digest.length = options->auth_digest_sz;
 		} else {
 
 			uint32_t offset = sym_op->cipher.data.length +
@@ -363,8 +358,6 @@ cperf_set_ops_aead(struct rte_crypto_op **ops,
 					uint8_t *, offset);
 			sym_op->auth.digest.phys_addr =
 					rte_pktmbuf_mtophys_offset(buf,	offset);
-
-			sym_op->auth.digest.length = options->auth_digest_sz;
 		}
 
 		sym_op->auth.data.length = options->test_buffer_size;
diff --git a/doc/guides/prog_guide/cryptodev_lib.rst b/doc/guides/prog_guide/cryptodev_lib.rst
index ea8fc00..e036611 100644
--- a/doc/guides/prog_guide/cryptodev_lib.rst
+++ b/doc/guides/prog_guide/cryptodev_lib.rst
@@ -547,7 +547,6 @@ chain.
             struct {
                 uint8_t *data;
                 phys_addr_t phys_addr;
-                uint16_t length;
             } digest; /**< Digest parameters */
 
             struct {
diff --git a/doc/guides/rel_notes/release_17_08.rst b/doc/guides/rel_notes/release_17_08.rst
index e633d73..a544639 100644
--- a/doc/guides/rel_notes/release_17_08.rst
+++ b/doc/guides/rel_notes/release_17_08.rst
@@ -166,6 +166,9 @@ API Changes
   * Removed Additional Authentication Data (AAD) length from ``rte_crypto_sym_op``.
   * Changed field size of AAD length in ``rte_crypto_auth_xform``,
     from uint32_t to uint16_t.
+  * Removed digest length from ``rte_crypto_sym_op``.
+  * Changed field size of digest length in ``rte_crypto_auth_xform``,
+    from uint32_t to uint16_t.
 
 
 ABI Changes
diff --git a/drivers/crypto/aesni_gcm/aesni_gcm_pmd.c b/drivers/crypto/aesni_gcm/aesni_gcm_pmd.c
index f6136ba..fcf0f8b 100644
--- a/drivers/crypto/aesni_gcm/aesni_gcm_pmd.c
+++ b/drivers/crypto/aesni_gcm/aesni_gcm_pmd.c
@@ -78,6 +78,7 @@ aesni_gcm_set_session_parameters(struct aesni_gcm_session *sess,
 {
 	const struct rte_crypto_sym_xform *auth_xform;
 	const struct rte_crypto_sym_xform *cipher_xform;
+	uint16_t digest_length;
 
 	if (xform->next == NULL || xform->next->next != NULL) {
 		GCM_LOG_ERR("Two and only two chained xform required");
@@ -128,6 +129,8 @@ aesni_gcm_set_session_parameters(struct aesni_gcm_session *sess,
 		return -EINVAL;
 	}
 
+	digest_length = auth_xform->auth.digest_length;
+
 	/* Check key length and calculate GCM pre-compute. */
 	switch (cipher_xform->cipher.key.length) {
 	case 16:
@@ -146,6 +149,14 @@ aesni_gcm_set_session_parameters(struct aesni_gcm_session *sess,
 	}
 
 	sess->aad_length = auth_xform->auth.add_auth_data_length;
+	/* Digest check */
+	if (digest_length != 16 &&
+			digest_length != 12 &&
+			digest_length != 8) {
+		GCM_LOG_ERR("digest");
+		return -EINVAL;
+	}
+	sess->digest_length = digest_length;
 
 	return 0;
 }
@@ -245,13 +256,6 @@ process_gcm_crypto_op(struct rte_crypto_op *op,
 		*iv_padd = rte_bswap32(1);
 	}
 
-	if (sym_op->auth.digest.length != 16 &&
-			sym_op->auth.digest.length != 12 &&
-			sym_op->auth.digest.length != 8) {
-		GCM_LOG_ERR("digest");
-		return -1;
-	}
-
 	if (session->op == AESNI_GCM_OP_AUTHENTICATED_ENCRYPTION) {
 
 		aesni_gcm_enc[session->key].init(&session->gdata,
@@ -281,11 +285,11 @@ process_gcm_crypto_op(struct rte_crypto_op *op,
 
 		aesni_gcm_enc[session->key].finalize(&session->gdata,
 				sym_op->auth.digest.data,
-				(uint64_t)sym_op->auth.digest.length);
+				(uint64_t)session->digest_length);
 	} else { /* session->op == AESNI_GCM_OP_AUTHENTICATED_DECRYPTION */
 		uint8_t *auth_tag = (uint8_t *)rte_pktmbuf_append(sym_op->m_dst ?
 				sym_op->m_dst : sym_op->m_src,
-				sym_op->auth.digest.length);
+				session->digest_length);
 
 		if (!auth_tag) {
 			GCM_LOG_ERR("auth_tag");
@@ -319,7 +323,7 @@ process_gcm_crypto_op(struct rte_crypto_op *op,
 
 		aesni_gcm_dec[session->key].finalize(&session->gdata,
 				auth_tag,
-				(uint64_t)sym_op->auth.digest.length);
+				(uint64_t)session->digest_length);
 	}
 
 	return 0;
@@ -349,21 +353,21 @@ post_process_gcm_crypto_op(struct rte_crypto_op *op)
 	if (session->op == AESNI_GCM_OP_AUTHENTICATED_DECRYPTION) {
 
 		uint8_t *tag = rte_pktmbuf_mtod_offset(m, uint8_t *,
-				m->data_len - op->sym->auth.digest.length);
+				m->data_len - session->digest_length);
 
 #ifdef RTE_LIBRTE_PMD_AESNI_GCM_DEBUG
 		rte_hexdump(stdout, "auth tag (orig):",
-				op->sym->auth.digest.data, op->sym->auth.digest.length);
+				op->sym->auth.digest.data, session->digest_length);
 		rte_hexdump(stdout, "auth tag (calc):",
-				tag, op->sym->auth.digest.length);
+				tag, session->digest_length);
 #endif
 
 		if (memcmp(tag, op->sym->auth.digest.data,
-				op->sym->auth.digest.length) != 0)
+				session->digest_length) != 0)
 			op->status = RTE_CRYPTO_OP_STATUS_AUTH_FAILED;
 
 		/* trim area used for digest from mbuf */
-		rte_pktmbuf_trim(m, op->sym->auth.digest.length);
+		rte_pktmbuf_trim(m, session->digest_length);
 	}
 }
 
diff --git a/drivers/crypto/aesni_gcm/aesni_gcm_pmd_private.h b/drivers/crypto/aesni_gcm/aesni_gcm_pmd_private.h
index bfd4d1c..05fabe6 100644
--- a/drivers/crypto/aesni_gcm/aesni_gcm_pmd_private.h
+++ b/drivers/crypto/aesni_gcm/aesni_gcm_pmd_private.h
@@ -95,6 +95,8 @@ struct aesni_gcm_session {
 		uint16_t offset;
 	} iv;
 	/**< IV parameters */
+	uint16_t digest_length;
+	/**< Digest length */
 	enum aesni_gcm_operation op;
 	/**< GCM operation type */
 	enum aesni_gcm_key key;
diff --git a/drivers/crypto/armv8/rte_armv8_pmd.c b/drivers/crypto/armv8/rte_armv8_pmd.c
index dac4fc3..4a23ff1 100644
--- a/drivers/crypto/armv8/rte_armv8_pmd.c
+++ b/drivers/crypto/armv8/rte_armv8_pmd.c
@@ -452,6 +452,9 @@ armv8_crypto_set_session_chained_parameters(struct armv8_crypto_session *sess,
 		return -EINVAL;
 	}
 
+	/* Set the digest length */
+	sess->auth.digest_length = auth_xform->auth.digest_length;
+
 	/* Verify supported key lengths and extract proper algorithm */
 	switch (cipher_xform->cipher.key.length << 3) {
 	case 128:
@@ -649,7 +652,7 @@ process_armv8_chained_op
 		}
 	} else {
 		adst = (uint8_t *)rte_pktmbuf_append(m_asrc,
-				op->sym->auth.digest.length);
+				sess->auth.digest_length);
 	}
 
 	arg.cipher.iv = rte_crypto_op_ctod_offset(op, uint8_t *,
@@ -667,12 +670,12 @@ process_armv8_chained_op
 	op->status = RTE_CRYPTO_OP_STATUS_SUCCESS;
 	if (sess->auth.operation == RTE_CRYPTO_AUTH_OP_VERIFY) {
 		if (memcmp(adst, op->sym->auth.digest.data,
-				op->sym->auth.digest.length) != 0) {
+				sess->auth.digest_length) != 0) {
 			op->status = RTE_CRYPTO_OP_STATUS_AUTH_FAILED;
 		}
 		/* Trim area used for digest from mbuf. */
 		rte_pktmbuf_trim(m_asrc,
-				op->sym->auth.digest.length);
+				sess->auth.digest_length);
 	}
 }
 
diff --git a/drivers/crypto/armv8/rte_armv8_pmd_private.h b/drivers/crypto/armv8/rte_armv8_pmd_private.h
index 75bde9f..09d32f2 100644
--- a/drivers/crypto/armv8/rte_armv8_pmd_private.h
+++ b/drivers/crypto/armv8/rte_armv8_pmd_private.h
@@ -199,6 +199,8 @@ struct armv8_crypto_session {
 				/**< HMAC key (max supported length)*/
 			} hmac;
 		};
+		uint16_t digest_length;
+		/* Digest length */
 	} auth;
 
 } __rte_cache_aligned;
diff --git a/drivers/crypto/dpaa2_sec/dpaa2_sec_dpseci.c b/drivers/crypto/dpaa2_sec/dpaa2_sec_dpseci.c
index 3930794..8ee6ece 100644
--- a/drivers/crypto/dpaa2_sec/dpaa2_sec_dpseci.c
+++ b/drivers/crypto/dpaa2_sec/dpaa2_sec_dpseci.c
@@ -84,7 +84,7 @@ build_authenc_fd(dpaa2_sec_session *sess,
 	struct sec_flow_context *flc;
 	uint32_t auth_only_len = sym_op->auth.data.length -
 				sym_op->cipher.data.length;
-	int icv_len = sym_op->auth.digest.length;
+	int icv_len = sess->digest_length;
 	uint8_t *old_icv;
 	uint32_t mem_len = (7 * sizeof(struct qbman_fle)) + icv_len;
 	uint8_t *iv_ptr = rte_crypto_op_ctod_offset(op, uint8_t *,
@@ -135,7 +135,7 @@ build_authenc_fd(dpaa2_sec_session *sess,
 		   "cipher_off: 0x%x/length %d, iv-len=%d data_off: 0x%x\n",
 		   sym_op->auth.data.offset,
 		   sym_op->auth.data.length,
-		   sym_op->auth.digest.length,
+		   sess->digest_length,
 		   sym_op->cipher.data.offset,
 		   sym_op->cipher.data.length,
 		   sess->iv.length,
@@ -161,7 +161,7 @@ build_authenc_fd(dpaa2_sec_session *sess,
 		sge++;
 		DPAA2_SET_FLE_ADDR(sge,
 				DPAA2_VADDR_TO_IOVA(sym_op->auth.digest.data));
-		sge->length = sym_op->auth.digest.length;
+		sge->length = sess->digest_length;
 		DPAA2_SET_FD_LEN(fd, (sym_op->auth.data.length +
 					sess->iv.length));
 	}
@@ -177,7 +177,7 @@ build_authenc_fd(dpaa2_sec_session *sess,
 	fle->length = (sess->dir == DIR_ENC) ?
 			(sym_op->auth.data.length + sess->iv.length) :
 			(sym_op->auth.data.length + sess->iv.length +
-			 sym_op->auth.digest.length);
+			 sess->digest_length);
 
 	/* Configure Input SGE for Encap/Decap */
 	DPAA2_SET_FLE_ADDR(sge, DPAA2_VADDR_TO_IOVA(iv_ptr));
@@ -192,12 +192,12 @@ build_authenc_fd(dpaa2_sec_session *sess,
 		sge++;
 		old_icv = (uint8_t *)(sge + 1);
 		memcpy(old_icv,	sym_op->auth.digest.data,
-		       sym_op->auth.digest.length);
-		memset(sym_op->auth.digest.data, 0, sym_op->auth.digest.length);
+		       sess->digest_length);
+		memset(sym_op->auth.digest.data, 0, sess->digest_length);
 		DPAA2_SET_FLE_ADDR(sge, DPAA2_VADDR_TO_IOVA(old_icv));
-		sge->length = sym_op->auth.digest.length;
+		sge->length = sess->digest_length;
 		DPAA2_SET_FD_LEN(fd, (sym_op->auth.data.length +
-				 sym_op->auth.digest.length +
+				 sess->digest_length +
 				 sess->iv.length));
 	}
 	DPAA2_SET_FLE_FIN(sge);
@@ -217,7 +217,7 @@ build_auth_fd(dpaa2_sec_session *sess, struct rte_crypto_op *op,
 	uint32_t mem_len = (sess->dir == DIR_ENC) ?
 			   (3 * sizeof(struct qbman_fle)) :
 			   (5 * sizeof(struct qbman_fle) +
-			    sym_op->auth.digest.length);
+			    sess->digest_length);
 	struct sec_flow_context *flc;
 	struct ctxt_priv *priv = sess->ctxt;
 	uint8_t *old_digest;
@@ -251,7 +251,7 @@ build_auth_fd(dpaa2_sec_session *sess, struct rte_crypto_op *op,
 	DPAA2_SET_FD_FLC(fd, DPAA2_VADDR_TO_IOVA(flc));
 
 	DPAA2_SET_FLE_ADDR(fle, DPAA2_VADDR_TO_IOVA(sym_op->auth.digest.data));
-	fle->length = sym_op->auth.digest.length;
+	fle->length = sess->digest_length;
 
 	DPAA2_SET_FD_ADDR(fd, DPAA2_VADDR_TO_IOVA(fle));
 	DPAA2_SET_FD_COMPOUND_FMT(fd);
@@ -282,17 +282,17 @@ build_auth_fd(dpaa2_sec_session *sess, struct rte_crypto_op *op,
 				     sym_op->m_src->data_off);
 
 		DPAA2_SET_FD_LEN(fd, sym_op->auth.data.length +
-				 sym_op->auth.digest.length);
+				 sess->digest_length);
 		sge->length = sym_op->auth.data.length;
 		sge++;
 		old_digest = (uint8_t *)(sge + 1);
 		rte_memcpy(old_digest, sym_op->auth.digest.data,
-			   sym_op->auth.digest.length);
-		memset(sym_op->auth.digest.data, 0, sym_op->auth.digest.length);
+			   sess->digest_length);
+		memset(sym_op->auth.digest.data, 0, sess->digest_length);
 		DPAA2_SET_FLE_ADDR(sge, DPAA2_VADDR_TO_IOVA(old_digest));
-		sge->length = sym_op->auth.digest.length;
+		sge->length = sess->digest_length;
 		fle->length = sym_op->auth.data.length +
-				sym_op->auth.digest.length;
+				sess->digest_length;
 		DPAA2_SET_FLE_FIN(sge);
 	}
 	DPAA2_SET_FLE_FIN(fle);
@@ -912,6 +912,8 @@ dpaa2_sec_auth_init(struct rte_cryptodev *dev,
 	authdata.key_enc_flags = 0;
 	authdata.key_type = RTA_DATA_IMM;
 
+	session->digest_length = xform->auth.digest_length;
+
 	switch (xform->auth.algo) {
 	case RTE_CRYPTO_AUTH_SHA1_HMAC:
 		authdata.algtype = OP_ALG_ALGSEL_SHA1;
@@ -1064,6 +1066,8 @@ dpaa2_sec_aead_init(struct rte_cryptodev *dev,
 	authdata.key_enc_flags = 0;
 	authdata.key_type = RTA_DATA_IMM;
 
+	session->digest_length = auth_xform->digest_length;
+
 	switch (auth_xform->algo) {
 	case RTE_CRYPTO_AUTH_SHA1_HMAC:
 		authdata.algtype = OP_ALG_ALGSEL_SHA1;
diff --git a/drivers/crypto/dpaa2_sec/dpaa2_sec_priv.h b/drivers/crypto/dpaa2_sec/dpaa2_sec_priv.h
index ff3be70..eda2eec 100644
--- a/drivers/crypto/dpaa2_sec/dpaa2_sec_priv.h
+++ b/drivers/crypto/dpaa2_sec/dpaa2_sec_priv.h
@@ -191,6 +191,7 @@ typedef struct dpaa2_sec_session_entry {
 		uint16_t length; /**< IV length in bytes */
 		uint16_t offset; /**< IV offset in bytes */
 	} iv;
+	uint16_t digest_length;
 	uint8_t status;
 	union {
 		struct dpaa2_sec_cipher_ctxt cipher_ctxt;
diff --git a/drivers/crypto/kasumi/rte_kasumi_pmd.c b/drivers/crypto/kasumi/rte_kasumi_pmd.c
index 3a3ffa4..6ece58c 100644
--- a/drivers/crypto/kasumi/rte_kasumi_pmd.c
+++ b/drivers/crypto/kasumi/rte_kasumi_pmd.c
@@ -132,6 +132,12 @@ kasumi_set_session_parameters(struct kasumi_session *sess,
 		/* Only KASUMI F9 supported */
 		if (auth_xform->auth.algo != RTE_CRYPTO_AUTH_KASUMI_F9)
 			return -EINVAL;
+
+		if (auth_xform->auth.digest_length != KASUMI_DIGEST_LENGTH) {
+			KASUMI_LOG_ERR("Wrong digest length");
+			return -EINVAL;
+		}
+
 		sess->auth_op = auth_xform->auth.op;
 
 		sess->auth_iv_offset = auth_xform->auth.iv.offset;
@@ -261,12 +267,6 @@ process_kasumi_hash_op(struct rte_crypto_op **ops,
 	uint8_t direction;
 
 	for (i = 0; i < num_ops; i++) {
-		if (unlikely(ops[i]->sym->auth.digest.length != KASUMI_DIGEST_LENGTH)) {
-			ops[i]->status = RTE_CRYPTO_OP_STATUS_INVALID_ARGS;
-			KASUMI_LOG_ERR("digest");
-			break;
-		}
-
 		/* Data must be byte aligned */
 		if ((ops[i]->sym->auth.data.offset % BYTE_LEN) != 0) {
 			ops[i]->status = RTE_CRYPTO_OP_STATUS_INVALID_ARGS;
@@ -288,19 +288,19 @@ process_kasumi_hash_op(struct rte_crypto_op **ops,
 
 		if (session->auth_op == RTE_CRYPTO_AUTH_OP_VERIFY) {
 			dst = (uint8_t *)rte_pktmbuf_append(ops[i]->sym->m_src,
-					ops[i]->sym->auth.digest.length);
+					KASUMI_DIGEST_LENGTH);
 
 			sso_kasumi_f9_1_buffer_user(&session->pKeySched_hash,
 					iv, src,
 					length_in_bits,	dst, direction);
 			/* Verify digest. */
 			if (memcmp(dst, ops[i]->sym->auth.digest.data,
-					ops[i]->sym->auth.digest.length) != 0)
+					KASUMI_DIGEST_LENGTH) != 0)
 				ops[i]->status = RTE_CRYPTO_OP_STATUS_AUTH_FAILED;
 
 			/* Trim area used for digest from mbuf. */
 			rte_pktmbuf_trim(ops[i]->sym->m_src,
-					ops[i]->sym->auth.digest.length);
+					KASUMI_DIGEST_LENGTH);
 		} else  {
 			dst = ops[i]->sym->auth.digest.data;
 
diff --git a/drivers/crypto/openssl/rte_openssl_pmd.c b/drivers/crypto/openssl/rte_openssl_pmd.c
index 9de4c68..46b1dd8 100644
--- a/drivers/crypto/openssl/rte_openssl_pmd.c
+++ b/drivers/crypto/openssl/rte_openssl_pmd.c
@@ -371,6 +371,7 @@ openssl_set_session_auth_parameters(struct openssl_session *sess,
 	}
 
 	sess->auth.aad_length = xform->auth.add_auth_data_length;
+	sess->auth.digest_length = xform->auth.digest_length;
 
 	return 0;
 }
@@ -1130,7 +1131,7 @@ process_openssl_auth_op
 
 	if (sess->auth.operation == RTE_CRYPTO_AUTH_OP_VERIFY)
 		dst = (uint8_t *)rte_pktmbuf_append(mbuf_src,
-				op->sym->auth.digest.length);
+				sess->auth.digest_length);
 	else {
 		dst = op->sym->auth.digest.data;
 		if (dst == NULL)
@@ -1158,11 +1159,11 @@ process_openssl_auth_op
 
 	if (sess->auth.operation == RTE_CRYPTO_AUTH_OP_VERIFY) {
 		if (memcmp(dst, op->sym->auth.digest.data,
-				op->sym->auth.digest.length) != 0) {
+				sess->auth.digest_length) != 0) {
 			op->status = RTE_CRYPTO_OP_STATUS_AUTH_FAILED;
 		}
 		/* Trim area used for digest from mbuf. */
-		rte_pktmbuf_trim(mbuf_src, op->sym->auth.digest.length);
+		rte_pktmbuf_trim(mbuf_src, sess->auth.digest_length);
 	}
 
 	if (status != 0)
diff --git a/drivers/crypto/openssl/rte_openssl_pmd_private.h b/drivers/crypto/openssl/rte_openssl_pmd_private.h
index 045e532..4c9be05 100644
--- a/drivers/crypto/openssl/rte_openssl_pmd_private.h
+++ b/drivers/crypto/openssl/rte_openssl_pmd_private.h
@@ -165,6 +165,8 @@ struct openssl_session {
 
 		uint16_t aad_length;
 		/**< AAD length */
+		uint16_t digest_length;
+		/**< digest length */
 	} auth;
 
 } __rte_cache_aligned;
diff --git a/drivers/crypto/qat/qat_adf/qat_algs.h b/drivers/crypto/qat/qat_adf/qat_algs.h
index f70c6cb..b13d90b 100644
--- a/drivers/crypto/qat/qat_adf/qat_algs.h
+++ b/drivers/crypto/qat/qat_adf/qat_algs.h
@@ -135,6 +135,7 @@ struct qat_session {
 		uint16_t offset;
 		uint16_t length;
 	} auth_iv;
+	uint16_t digest_length;
 	rte_spinlock_t lock;	/* protects this struct */
 };
 
diff --git a/drivers/crypto/qat/qat_crypto.c b/drivers/crypto/qat/qat_crypto.c
index aada9dd..b365c8d 100644
--- a/drivers/crypto/qat/qat_crypto.c
+++ b/drivers/crypto/qat/qat_crypto.c
@@ -606,6 +606,7 @@ qat_crypto_sym_configure_session_auth(struct rte_cryptodev *dev,
 				auth_xform->op))
 			goto error_out;
 	}
+	session->digest_length = auth_xform->digest_length;
 	return session;
 
 error_out:
@@ -1200,7 +1201,7 @@ qat_write_hw_desc_entry(struct rte_crypto_op *op, uint8_t *out_msg,
 						ctx->auth_iv.length);
 		}
 		rte_hexdump(stdout, "digest:", op->sym->auth.digest.data,
-				op->sym->auth.digest.length);
+				ctx->digest_length);
 		rte_hexdump(stdout, "aad:", op->sym->auth.aad.data,
 				ctx->aad_len);
 	}
diff --git a/drivers/crypto/snow3g/rte_snow3g_pmd.c b/drivers/crypto/snow3g/rte_snow3g_pmd.c
index afb5e92..fbdccd1 100644
--- a/drivers/crypto/snow3g/rte_snow3g_pmd.c
+++ b/drivers/crypto/snow3g/rte_snow3g_pmd.c
@@ -132,6 +132,12 @@ snow3g_set_session_parameters(struct snow3g_session *sess,
 		/* Only SNOW 3G UIA2 supported */
 		if (auth_xform->auth.algo != RTE_CRYPTO_AUTH_SNOW3G_UIA2)
 			return -EINVAL;
+
+		if (auth_xform->auth.digest_length != SNOW3G_DIGEST_LENGTH) {
+			SNOW3G_LOG_ERR("Wrong digest length");
+			return -EINVAL;
+		}
+
 		sess->auth_op = auth_xform->auth.op;
 
 		if (auth_xform->auth.iv.length != SNOW3G_IV_LENGTH) {
@@ -252,12 +258,6 @@ process_snow3g_hash_op(struct rte_crypto_op **ops,
 	uint8_t *iv;
 
 	for (i = 0; i < num_ops; i++) {
-		if (unlikely(ops[i]->sym->auth.digest.length != SNOW3G_DIGEST_LENGTH)) {
-			ops[i]->status = RTE_CRYPTO_OP_STATUS_INVALID_ARGS;
-			SNOW3G_LOG_ERR("digest");
-			break;
-		}
-
 		/* Data must be byte aligned */
 		if ((ops[i]->sym->auth.data.offset % BYTE_LEN) != 0) {
 			ops[i]->status = RTE_CRYPTO_OP_STATUS_INVALID_ARGS;
@@ -274,19 +274,19 @@ process_snow3g_hash_op(struct rte_crypto_op **ops,
 
 		if (session->auth_op == RTE_CRYPTO_AUTH_OP_VERIFY) {
 			dst = (uint8_t *)rte_pktmbuf_append(ops[i]->sym->m_src,
-					ops[i]->sym->auth.digest.length);
+					SNOW3G_DIGEST_LENGTH);
 
 			sso_snow3g_f9_1_buffer(&session->pKeySched_hash,
 					iv, src,
 					length_in_bits,	dst);
 			/* Verify digest. */
 			if (memcmp(dst, ops[i]->sym->auth.digest.data,
-					ops[i]->sym->auth.digest.length) != 0)
+					SNOW3G_DIGEST_LENGTH) != 0)
 				ops[i]->status = RTE_CRYPTO_OP_STATUS_AUTH_FAILED;
 
 			/* Trim area used for digest from mbuf. */
 			rte_pktmbuf_trim(ops[i]->sym->m_src,
-					ops[i]->sym->auth.digest.length);
+					SNOW3G_DIGEST_LENGTH);
 		} else  {
 			dst = ops[i]->sym->auth.digest.data;
 
diff --git a/drivers/crypto/zuc/rte_zuc_pmd.c b/drivers/crypto/zuc/rte_zuc_pmd.c
index c79ea6e..80ddd5a 100644
--- a/drivers/crypto/zuc/rte_zuc_pmd.c
+++ b/drivers/crypto/zuc/rte_zuc_pmd.c
@@ -131,6 +131,12 @@ zuc_set_session_parameters(struct zuc_session *sess,
 		/* Only ZUC EIA3 supported */
 		if (auth_xform->auth.algo != RTE_CRYPTO_AUTH_ZUC_EIA3)
 			return -EINVAL;
+
+		if (auth_xform->auth.digest_length != ZUC_DIGEST_LENGTH) {
+			ZUC_LOG_ERR("Wrong digest length");
+			return -EINVAL;
+		}
+
 		sess->auth_op = auth_xform->auth.op;
 
 		if (auth_xform->auth.iv.length != ZUC_IV_KEY_LENGTH) {
@@ -249,12 +255,6 @@ process_zuc_hash_op(struct rte_crypto_op **ops,
 	uint8_t *iv;
 
 	for (i = 0; i < num_ops; i++) {
-		if (unlikely(ops[i]->sym->auth.digest.length != ZUC_DIGEST_LENGTH)) {
-			ops[i]->status = RTE_CRYPTO_OP_STATUS_INVALID_ARGS;
-			ZUC_LOG_ERR("digest");
-			break;
-		}
-
 		/* Data must be byte aligned */
 		if ((ops[i]->sym->auth.data.offset % BYTE_LEN) != 0) {
 			ops[i]->status = RTE_CRYPTO_OP_STATUS_INVALID_ARGS;
@@ -271,19 +271,19 @@ process_zuc_hash_op(struct rte_crypto_op **ops,
 
 		if (session->auth_op == RTE_CRYPTO_AUTH_OP_VERIFY) {
 			dst = (uint32_t *)rte_pktmbuf_append(ops[i]->sym->m_src,
-					ops[i]->sym->auth.digest.length);
+					ZUC_DIGEST_LENGTH);
 
 			sso_zuc_eia3_1_buffer(session->pKey_hash,
 					iv, src,
 					length_in_bits,	dst);
 			/* Verify digest. */
 			if (memcmp(dst, ops[i]->sym->auth.digest.data,
-					ops[i]->sym->auth.digest.length) != 0)
+					ZUC_DIGEST_LENGTH) != 0)
 				ops[i]->status = RTE_CRYPTO_OP_STATUS_AUTH_FAILED;
 
 			/* Trim area used for digest from mbuf. */
 			rte_pktmbuf_trim(ops[i]->sym->m_src,
-					ops[i]->sym->auth.digest.length);
+					ZUC_DIGEST_LENGTH);
 		} else  {
 			dst = (uint32_t *)ops[i]->sym->auth.digest.data;
 
diff --git a/examples/ipsec-secgw/esp.c b/examples/ipsec-secgw/esp.c
index 571c2c6..d544a3c 100644
--- a/examples/ipsec-secgw/esp.c
+++ b/examples/ipsec-secgw/esp.c
@@ -140,7 +140,6 @@ esp_inbound(struct rte_mbuf *m, struct ipsec_sa *sa,
 			rte_pktmbuf_pkt_len(m) - sa->digest_len);
 	sym_cop->auth.digest.phys_addr = rte_pktmbuf_mtophys_offset(m,
 			rte_pktmbuf_pkt_len(m) - sa->digest_len);
-	sym_cop->auth.digest.length = sa->digest_len;
 
 	return 0;
 }
@@ -368,7 +367,6 @@ esp_outbound(struct rte_mbuf *m, struct ipsec_sa *sa,
 			rte_pktmbuf_pkt_len(m) - sa->digest_len);
 	sym_cop->auth.digest.phys_addr = rte_pktmbuf_mtophys_offset(m,
 			rte_pktmbuf_pkt_len(m) - sa->digest_len);
-	sym_cop->auth.digest.length = sa->digest_len;
 
 	return 0;
 }
diff --git a/examples/l2fwd-crypto/main.c b/examples/l2fwd-crypto/main.c
index 6fe829e..6d88937 100644
--- a/examples/l2fwd-crypto/main.c
+++ b/examples/l2fwd-crypto/main.c
@@ -481,7 +481,6 @@ l2fwd_simple_crypto_enqueue(struct rte_mbuf *m,
 
 		op->sym->auth.digest.phys_addr = rte_pktmbuf_mtophys_offset(m,
 				rte_pktmbuf_pkt_len(m) - cparams->digest_length);
-		op->sym->auth.digest.length = cparams->digest_length;
 
 		/* For wireless algorithms, offset/length must be in bits */
 		if (cparams->auth_algo == RTE_CRYPTO_AUTH_SNOW3G_UIA2 ||
diff --git a/lib/librte_cryptodev/rte_crypto_sym.h b/lib/librte_cryptodev/rte_crypto_sym.h
index b964a56..de4031a 100644
--- a/lib/librte_cryptodev/rte_crypto_sym.h
+++ b/lib/librte_cryptodev/rte_crypto_sym.h
@@ -354,7 +354,7 @@ struct rte_crypto_auth_xform {
 	 * (for example RFC 2104, FIPS 198a).
 	 */
 
-	uint32_t digest_length;
+	uint16_t digest_length;
 	/**< Length of the digest to be returned. If the verify option is set,
 	 * this specifies the length of the digest to be compared for the
 	 * session.
@@ -604,10 +604,6 @@ struct rte_crypto_sym_op {
 			 */
 			phys_addr_t phys_addr;
 			/**< Physical address of digest */
-			uint16_t length;
-			/**< Length of digest. This must be the same value as
-			 * @ref rte_crypto_auth_xform.digest_length.
-			 */
 		} digest; /**< Digest parameters */
 
 		struct {
diff --git a/test/test/test_cryptodev.c b/test/test/test_cryptodev.c
index 7acfa24..4698f26 100644
--- a/test/test/test_cryptodev.c
+++ b/test/test/test_cryptodev.c
@@ -1307,7 +1307,6 @@ test_AES_CBC_HMAC_SHA1_encrypt_digest(void)
 	sym_op->auth.digest.data = ut_params->digest;
 	sym_op->auth.digest.phys_addr = rte_pktmbuf_mtophys_offset(
 			ut_params->ibuf, QUOTE_512_BYTES);
-	sym_op->auth.digest.length = DIGEST_BYTE_LENGTH_SHA1;
 
 	sym_op->auth.data.offset = 0;
 	sym_op->auth.data.length = QUOTE_512_BYTES;
@@ -1459,7 +1458,6 @@ test_AES_CBC_HMAC_SHA512_decrypt_perform(struct rte_cryptodev_sym_session *sess,
 	sym_op->auth.digest.data = ut_params->digest;
 	sym_op->auth.digest.phys_addr = rte_pktmbuf_mtophys_offset(
 			ut_params->ibuf, QUOTE_512_BYTES);
-	sym_op->auth.digest.length = DIGEST_BYTE_LENGTH_SHA512;
 
 	sym_op->auth.data.offset = 0;
 	sym_op->auth.data.length = QUOTE_512_BYTES;
@@ -2102,7 +2100,6 @@ create_wireless_algo_hash_operation(const uint8_t *auth_tag,
 	ut_params->digest = sym_op->auth.digest.data;
 	sym_op->auth.digest.phys_addr = rte_pktmbuf_mtophys_offset(
 			ut_params->ibuf, data_pad_len);
-	sym_op->auth.digest.length = auth_tag_len;
 	if (op == RTE_CRYPTO_AUTH_OP_GENERATE)
 		memset(sym_op->auth.digest.data, 0, auth_tag_len);
 	else
@@ -2110,7 +2107,7 @@ create_wireless_algo_hash_operation(const uint8_t *auth_tag,
 
 	TEST_HEXDUMP(stdout, "digest:",
 		sym_op->auth.digest.data,
-		sym_op->auth.digest.length);
+		auth_tag_len);
 
 	sym_op->auth.data.length = auth_len;
 	sym_op->auth.data.offset = auth_offset;
@@ -2159,7 +2156,6 @@ create_wireless_cipher_hash_operation(const struct wireless_test_data *tdata,
 	ut_params->digest = sym_op->auth.digest.data;
 	sym_op->auth.digest.phys_addr = rte_pktmbuf_mtophys_offset(
 			ut_params->ibuf, data_pad_len);
-	sym_op->auth.digest.length = auth_tag_len;
 	if (op == RTE_CRYPTO_AUTH_OP_GENERATE)
 		memset(sym_op->auth.digest.data, 0, auth_tag_len);
 	else
@@ -2167,7 +2163,7 @@ create_wireless_cipher_hash_operation(const struct wireless_test_data *tdata,
 
 	TEST_HEXDUMP(stdout, "digest:",
 		sym_op->auth.digest.data,
-		sym_op->auth.digest.length);
+		auth_tag_len);
 
 	/* Copy cipher and auth IVs at the end of the crypto operation */
 	uint8_t *iv_ptr = rte_crypto_op_ctod_offset(ut_params->op, uint8_t *,
@@ -2227,7 +2223,6 @@ create_wireless_algo_cipher_hash_operation(const uint8_t *auth_tag,
 	ut_params->digest = sym_op->auth.digest.data;
 	sym_op->auth.digest.phys_addr = rte_pktmbuf_mtophys_offset(
 			ut_params->ibuf, data_pad_len);
-	sym_op->auth.digest.length = auth_tag_len;
 	if (op == RTE_CRYPTO_AUTH_OP_GENERATE)
 		memset(sym_op->auth.digest.data, 0, auth_tag_len);
 	else
@@ -2235,7 +2230,7 @@ create_wireless_algo_cipher_hash_operation(const uint8_t *auth_tag,
 
 	TEST_HEXDUMP(stdout, "digest:",
 		sym_op->auth.digest.data,
-		sym_op->auth.digest.length);
+		auth_tag_len);
 
 	/* Copy cipher and auth IVs at the end of the crypto operation */
 	uint8_t *iv_ptr = rte_crypto_op_ctod_offset(ut_params->op, uint8_t *,
@@ -2286,13 +2281,12 @@ create_wireless_algo_auth_cipher_operation(unsigned int auth_tag_len,
 
 	sym_op->auth.digest.phys_addr = rte_pktmbuf_mtophys_offset(
 			ut_params->ibuf, data_pad_len);
-	sym_op->auth.digest.length = auth_tag_len;
 
 	memset(sym_op->auth.digest.data, 0, auth_tag_len);
 
 	TEST_HEXDUMP(stdout, "digest:",
 			sym_op->auth.digest.data,
-			sym_op->auth.digest.length);
+			auth_tag_len);
 
 	/* Copy cipher and auth IVs at the end of the crypto operation */
 	uint8_t *iv_ptr = rte_crypto_op_ctod_offset(ut_params->op, uint8_t *,
@@ -4824,7 +4818,6 @@ create_gcm_operation(enum rte_crypto_cipher_operation op,
 						ut_params->ibuf,
 						plaintext_pad_len +
 						aad_pad_len);
-		sym_op->auth.digest.length = tdata->auth_tag.len;
 	} else {
 		sym_op->auth.digest.data = (uint8_t *)rte_pktmbuf_append(
 				ut_params->ibuf, tdata->auth_tag.len);
@@ -4833,13 +4826,12 @@ create_gcm_operation(enum rte_crypto_cipher_operation op,
 		sym_op->auth.digest.phys_addr = rte_pktmbuf_mtophys_offset(
 				ut_params->ibuf,
 				plaintext_pad_len + aad_pad_len);
-		sym_op->auth.digest.length = tdata->auth_tag.len;
 
 		rte_memcpy(sym_op->auth.digest.data, tdata->auth_tag.data,
 			tdata->auth_tag.len);
 		TEST_HEXDUMP(stdout, "digest:",
 			sym_op->auth.digest.data,
-			sym_op->auth.digest.length);
+			tdata->auth_tag.len);
 	}
 
 	sym_op->cipher.data.length = tdata->plaintext.len;
@@ -5614,7 +5606,6 @@ static int MD5_HMAC_create_op(struct crypto_unittest_params *ut_params,
 			"no room to append digest");
 	sym_op->auth.digest.phys_addr = rte_pktmbuf_mtophys_offset(
 			ut_params->ibuf, plaintext_pad_len);
-	sym_op->auth.digest.length = MD5_DIGEST_LEN;
 
 	if (ut_params->auth_xform.auth.op == RTE_CRYPTO_AUTH_OP_VERIFY) {
 		rte_memcpy(sym_op->auth.digest.data, test_case->auth_tag.data,
@@ -6325,14 +6316,13 @@ create_gmac_operation(enum rte_crypto_auth_operation op,
 
 	sym_op->auth.digest.phys_addr = rte_pktmbuf_mtophys_offset(
 			ut_params->ibuf, aad_pad_len);
-	sym_op->auth.digest.length = tdata->gmac_tag.len;
 
 	if (op == RTE_CRYPTO_AUTH_OP_VERIFY) {
 		rte_memcpy(sym_op->auth.digest.data, tdata->gmac_tag.data,
 				tdata->gmac_tag.len);
 		TEST_HEXDUMP(stdout, "digest:",
 				sym_op->auth.digest.data,
-				sym_op->auth.digest.length);
+				tdata->gmac_tag.len);
 	}
 
 	uint8_t *iv_ptr = rte_crypto_op_ctod_offset(ut_params->op,
@@ -6810,7 +6800,6 @@ create_auth_operation(struct crypto_testsuite_params *ts_params,
 
 	sym_op->auth.digest.phys_addr = rte_pktmbuf_mtophys_offset(
 			ut_params->ibuf, reference->plaintext.len);
-	sym_op->auth.digest.length = reference->digest.len;
 
 	if (auth_generate)
 		memset(sym_op->auth.digest.data, 0, reference->digest.len);
@@ -6821,7 +6810,7 @@ create_auth_operation(struct crypto_testsuite_params *ts_params,
 
 	TEST_HEXDUMP(stdout, "digest:",
 			sym_op->auth.digest.data,
-			sym_op->auth.digest.length);
+			reference->digest.len);
 
 	sym_op->auth.data.length = reference->plaintext.len;
 	sym_op->auth.data.offset = 0;
@@ -6868,7 +6857,6 @@ create_auth_GMAC_operation(struct crypto_testsuite_params *ts_params,
 
 	sym_op->auth.digest.phys_addr = rte_pktmbuf_mtophys_offset(
 			ut_params->ibuf, reference->ciphertext.len);
-	sym_op->auth.digest.length = reference->digest.len;
 
 	if (auth_generate)
 		memset(sym_op->auth.digest.data, 0, reference->digest.len);
@@ -6879,7 +6867,7 @@ create_auth_GMAC_operation(struct crypto_testsuite_params *ts_params,
 
 	TEST_HEXDUMP(stdout, "digest:",
 			sym_op->auth.digest.data,
-			sym_op->auth.digest.length);
+			reference->digest.len);
 
 	rte_memcpy(rte_crypto_op_ctod_offset(ut_params->op, uint8_t *, IV_OFFSET),
 			reference->iv.data, reference->iv.len);
@@ -6922,7 +6910,6 @@ create_cipher_auth_operation(struct crypto_testsuite_params *ts_params,
 
 	sym_op->auth.digest.phys_addr = rte_pktmbuf_mtophys_offset(
 			ut_params->ibuf, reference->ciphertext.len);
-	sym_op->auth.digest.length = reference->digest.len;
 
 	if (auth_generate)
 		memset(sym_op->auth.digest.data, 0, reference->digest.len);
@@ -6933,7 +6920,7 @@ create_cipher_auth_operation(struct crypto_testsuite_params *ts_params,
 
 	TEST_HEXDUMP(stdout, "digest:",
 			sym_op->auth.digest.data,
-			sym_op->auth.digest.length);
+			reference->digest.len);
 
 	rte_memcpy(rte_crypto_op_ctod_offset(ut_params->op, uint8_t *, IV_OFFSET),
 			reference->iv.data, reference->iv.len);
@@ -7170,14 +7157,13 @@ create_gcm_operation_SGL(enum rte_crypto_cipher_operation op,
 			"no room to append digest");
 
 	sym_op->auth.digest.phys_addr = digest_phys;
-	sym_op->auth.digest.length = auth_tag_len;
 
 	if (op == RTE_CRYPTO_CIPHER_OP_DECRYPT) {
 		rte_memcpy(sym_op->auth.digest.data, tdata->auth_tag.data,
 				auth_tag_len);
 		TEST_HEXDUMP(stdout, "digest:",
 				sym_op->auth.digest.data,
-				sym_op->auth.digest.length);
+				auth_tag_len);
 	}
 
 	uint8_t *iv_ptr = rte_crypto_op_ctod_offset(ut_params->op,
diff --git a/test/test/test_cryptodev_blockcipher.c b/test/test/test_cryptodev_blockcipher.c
index 9faf088..446ab4f 100644
--- a/test/test/test_cryptodev_blockcipher.c
+++ b/test/test/test_cryptodev_blockcipher.c
@@ -324,7 +324,6 @@ test_blockcipher_one_case(const struct blockcipher_test_case *t,
 
 		sym_op->auth.data.offset = 0;
 		sym_op->auth.data.length = tdata->ciphertext.len;
-		sym_op->auth.digest.length = digest_len;
 	}
 
 	/* create session for sessioned op */
@@ -474,7 +473,7 @@ test_blockcipher_one_case(const struct blockcipher_test_case *t,
 						sym_op->auth.data.offset;
 			changed_len = sym_op->auth.data.length;
 			if (t->op_mask & BLOCKCIPHER_TEST_OP_AUTH_GEN)
-				changed_len += sym_op->auth.digest.length;
+				changed_len += digest_len;
 		} else {
 			/* cipher-only */
 			head_unchanged_len = rte_pktmbuf_headroom(mbuf) +
@@ -516,7 +515,7 @@ test_blockcipher_one_case(const struct blockcipher_test_case *t,
 		}
 
 		if (t->op_mask & BLOCKCIPHER_TEST_OP_AUTH_GEN)
-			changed_len += sym_op->auth.digest.length;
+			changed_len += digest_len;
 
 		if (t->op_mask & BLOCKCIPHER_TEST_OP_AUTH_VERIFY) {
 			/* white-box test: PMDs use some of the
diff --git a/test/test/test_cryptodev_perf.c b/test/test/test_cryptodev_perf.c
index 7239976..3bd9351 100644
--- a/test/test/test_cryptodev_perf.c
+++ b/test/test/test_cryptodev_perf.c
@@ -168,20 +168,19 @@ static struct rte_mbuf *
 test_perf_create_pktmbuf(struct rte_mempool *mpool, unsigned buf_sz);
 static inline struct rte_crypto_op *
 test_perf_set_crypto_op_snow3g(struct rte_crypto_op *op, struct rte_mbuf *m,
-		struct rte_cryptodev_sym_session *sess, unsigned data_len,
-		unsigned digest_len);
+		struct rte_cryptodev_sym_session *sess, unsigned int data_len);
 static inline struct rte_crypto_op *
 test_perf_set_crypto_op_aes(struct rte_crypto_op *op, struct rte_mbuf *m,
 		struct rte_cryptodev_sym_session *sess, unsigned int data_len,
-		unsigned int digest_len, enum chain_mode chain);
+		enum chain_mode chain);
 static inline struct rte_crypto_op *
 test_perf_set_crypto_op_aes_gcm(struct rte_crypto_op *op, struct rte_mbuf *m,
 		struct rte_cryptodev_sym_session *sess, unsigned int data_len,
-		unsigned int digest_len, enum chain_mode chain __rte_unused);
+		enum chain_mode chain __rte_unused);
 static inline struct rte_crypto_op *
 test_perf_set_crypto_op_3des(struct rte_crypto_op *op, struct rte_mbuf *m,
 		struct rte_cryptodev_sym_session *sess, unsigned int data_len,
-		unsigned int digest_len, enum chain_mode chain __rte_unused);
+		enum chain_mode chain __rte_unused);
 static uint32_t get_auth_digest_length(enum rte_crypto_auth_algorithm algo);
 
 
@@ -1979,7 +1978,6 @@ test_perf_crypto_qp_vary_burst_size(uint16_t dev_num)
 		op->sym->auth.digest.data = ut_params->digest;
 		op->sym->auth.digest.phys_addr = rte_pktmbuf_mtophys_offset(m,
 				data_params[0].length);
-		op->sym->auth.digest.length = DIGEST_BYTE_LENGTH_SHA256;
 
 		op->sym->auth.data.offset = 0;
 		op->sym->auth.data.length = data_params[0].length;
@@ -2102,8 +2100,7 @@ test_perf_snow3G_optimise_cyclecount(struct perf_test_params *pparams)
 						RTE_CRYPTO_OP_TYPE_SYMMETRIC);
 		TEST_ASSERT_NOT_NULL(op, "Failed to allocate op");
 
-		op = test_perf_set_crypto_op_snow3g(op, m, sess, pparams->buf_size,
-					get_auth_digest_length(pparams->auth_algo));
+		op = test_perf_set_crypto_op_snow3g(op, m, sess, pparams->buf_size);
 		TEST_ASSERT_NOT_NULL(op, "Failed to attach op to session");
 
 		c_ops[i] = op;
@@ -2252,11 +2249,9 @@ test_perf_openssl_optimise_cyclecount(struct perf_test_params *pparams)
 	static struct rte_crypto_op *(*test_perf_set_crypto_op)
 			(struct rte_crypto_op *, struct rte_mbuf *,
 					struct rte_cryptodev_sym_session *,
-					unsigned int, unsigned int,
+					unsigned int,
 					enum chain_mode);
 
-	unsigned int digest_length = get_auth_digest_length(pparams->auth_algo);
-
 	if (rte_cryptodev_count() == 0) {
 		printf("\nNo crypto devices found. Is PMD build configured?\n");
 		return TEST_FAILED;
@@ -2298,7 +2293,7 @@ test_perf_openssl_optimise_cyclecount(struct perf_test_params *pparams)
 		}
 
 		op = test_perf_set_crypto_op(op, m, sess, pparams->buf_size,
-				digest_length, pparams->chain);
+				pparams->chain);
 		TEST_ASSERT_NOT_NULL(op, "Failed to attach op to session");
 
 		c_ops[i] = op;
@@ -2407,8 +2402,6 @@ test_perf_armv8_optimise_cyclecount(struct perf_test_params *pparams)
 
 	static struct rte_cryptodev_sym_session *sess;
 
-	unsigned int digest_length = get_auth_digest_length(pparams->auth_algo);
-
 	if (rte_cryptodev_count() == 0) {
 		printf("\nNo crypto devices found. Is PMD build configured?\n");
 		return TEST_FAILED;
@@ -2433,7 +2426,7 @@ test_perf_armv8_optimise_cyclecount(struct perf_test_params *pparams)
 		TEST_ASSERT_NOT_NULL(op, "Failed to allocate op");
 
 		op = test_perf_set_crypto_op_aes(op, m, sess, pparams->buf_size,
-				digest_length, pparams->chain);
+				pparams->chain);
 		TEST_ASSERT_NOT_NULL(op, "Failed to attach op to session");
 
 		c_ops[i] = op;
@@ -2875,7 +2868,7 @@ test_perf_create_pktmbuf(struct rte_mempool *mpool, unsigned buf_sz)
 static inline struct rte_crypto_op *
 test_perf_set_crypto_op_aes(struct rte_crypto_op *op, struct rte_mbuf *m,
 		struct rte_cryptodev_sym_session *sess, unsigned int data_len,
-		unsigned int digest_len, enum chain_mode chain)
+		enum chain_mode chain)
 {
 	if (rte_crypto_op_attach_sym_session(op, sess) != 0) {
 		rte_crypto_op_free(op);
@@ -2886,7 +2879,6 @@ test_perf_set_crypto_op_aes(struct rte_crypto_op *op, struct rte_mbuf *m,
 	if (chain == CIPHER_ONLY) {
 		op->sym->auth.digest.data = NULL;
 		op->sym->auth.digest.phys_addr = 0;
-		op->sym->auth.digest.length = 0;
 		op->sym->auth.aad.data = NULL;
 		op->sym->auth.data.offset = 0;
 		op->sym->auth.data.length = 0;
@@ -2895,7 +2887,6 @@ test_perf_set_crypto_op_aes(struct rte_crypto_op *op, struct rte_mbuf *m,
 				 uint8_t *, data_len);
 		op->sym->auth.digest.phys_addr = rte_pktmbuf_mtophys_offset(m,
 				data_len);
-		op->sym->auth.digest.length = digest_len;
 		op->sym->auth.data.offset = 0;
 		op->sym->auth.data.length = data_len;
 	}
@@ -2917,7 +2908,7 @@ test_perf_set_crypto_op_aes(struct rte_crypto_op *op, struct rte_mbuf *m,
 static inline struct rte_crypto_op *
 test_perf_set_crypto_op_aes_gcm(struct rte_crypto_op *op, struct rte_mbuf *m,
 		struct rte_cryptodev_sym_session *sess, unsigned int data_len,
-		unsigned int digest_len, enum chain_mode chain __rte_unused)
+		enum chain_mode chain __rte_unused)
 {
 	if (rte_crypto_op_attach_sym_session(op, sess) != 0) {
 		rte_crypto_op_free(op);
@@ -2929,7 +2920,6 @@ test_perf_set_crypto_op_aes_gcm(struct rte_crypto_op *op, struct rte_mbuf *m,
 					(m->data_off + data_len);
 	op->sym->auth.digest.phys_addr =
 				rte_pktmbuf_mtophys_offset(m, data_len);
-	op->sym->auth.digest.length = digest_len;
 	op->sym->auth.aad.data = aes_gcm_aad;
 
 	/* Copy IV at the end of the crypto operation */
@@ -2950,8 +2940,7 @@ test_perf_set_crypto_op_aes_gcm(struct rte_crypto_op *op, struct rte_mbuf *m,
 
 static inline struct rte_crypto_op *
 test_perf_set_crypto_op_snow3g(struct rte_crypto_op *op, struct rte_mbuf *m,
-		struct rte_cryptodev_sym_session *sess, unsigned data_len,
-		unsigned digest_len)
+		struct rte_cryptodev_sym_session *sess, unsigned int data_len)
 {
 	uint8_t *iv_ptr = rte_crypto_op_ctod_offset(op,
 			uint8_t *, IV_OFFSET);
@@ -2968,7 +2957,6 @@ test_perf_set_crypto_op_snow3g(struct rte_crypto_op *op, struct rte_mbuf *m,
 						(m->data_off + data_len);
 	op->sym->auth.digest.phys_addr =
 				rte_pktmbuf_mtophys_offset(m, data_len);
-	op->sym->auth.digest.length = digest_len;
 
 	/* Data lengths/offsets Parameters */
 	op->sym->auth.data.offset = 0;
@@ -3015,8 +3003,7 @@ static inline struct rte_crypto_op *
 test_perf_set_crypto_op_snow3g_hash(struct rte_crypto_op *op,
 		struct rte_mbuf *m,
 		struct rte_cryptodev_sym_session *sess,
-		unsigned data_len,
-		unsigned digest_len)
+		unsigned int data_len)
 {
 	uint8_t *iv_ptr = rte_crypto_op_ctod_offset(op,
 			uint8_t *, IV_OFFSET);
@@ -3036,7 +3023,6 @@ test_perf_set_crypto_op_snow3g_hash(struct rte_crypto_op *op,
 	op->sym->auth.digest.phys_addr =
 				rte_pktmbuf_mtophys_offset(m, data_len +
 					SNOW3G_CIPHER_IV_LENGTH);
-	op->sym->auth.digest.length = digest_len;
 
 	/* Data lengths/offsets Parameters */
 	op->sym->auth.data.offset = 0;
@@ -3051,7 +3037,7 @@ test_perf_set_crypto_op_snow3g_hash(struct rte_crypto_op *op,
 static inline struct rte_crypto_op *
 test_perf_set_crypto_op_3des(struct rte_crypto_op *op, struct rte_mbuf *m,
 		struct rte_cryptodev_sym_session *sess, unsigned int data_len,
-		unsigned int digest_len, enum chain_mode chain __rte_unused)
+		enum chain_mode chain __rte_unused)
 {
 	if (rte_crypto_op_attach_sym_session(op, sess) != 0) {
 		rte_crypto_op_free(op);
@@ -3063,7 +3049,6 @@ test_perf_set_crypto_op_3des(struct rte_crypto_op *op, struct rte_mbuf *m,
 					(m->data_off + data_len);
 	op->sym->auth.digest.phys_addr =
 				rte_pktmbuf_mtophys_offset(m, data_len);
-	op->sym->auth.digest.length = digest_len;
 
 	/* Copy IV at the end of the crypto operation */
 	rte_memcpy(rte_crypto_op_ctod_offset(op, uint8_t *, IV_OFFSET),
@@ -3156,7 +3141,7 @@ test_perf_aes_sha(uint8_t dev_id, uint16_t queue_id,
 				ops[i] = test_perf_set_crypto_op_aes(ops[i],
 					mbufs[i + (pparams->burst_size *
 						(j % NUM_MBUF_SETS))],
-					sess, pparams->buf_size, digest_length,
+					sess, pparams->buf_size,
 					pparams->chain);
 
 			/* enqueue burst */
@@ -3298,7 +3283,7 @@ test_perf_snow3g(uint8_t dev_id, uint16_t queue_id,
 					mbufs[i +
 					  (pparams->burst_size * (j % NUM_MBUF_SETS))],
 					sess,
-					pparams->buf_size, digest_length);
+					pparams->buf_size);
 				else if (pparams->chain == CIPHER_ONLY)
 					ops[i+op_offset] =
 					test_perf_set_crypto_op_snow3g_cipher(ops[i+op_offset],
@@ -3394,8 +3379,6 @@ test_perf_openssl(uint8_t dev_id, uint16_t queue_id,
 	uint64_t processed = 0, failed_polls = 0, retries = 0;
 	uint64_t tsc_start = 0, tsc_end = 0;
 
-	unsigned int digest_length = get_auth_digest_length(pparams->auth_algo);
-
 	struct rte_crypto_op *ops[pparams->burst_size];
 	struct rte_crypto_op *proc_ops[pparams->burst_size];
 
@@ -3408,7 +3391,7 @@ test_perf_openssl(uint8_t dev_id, uint16_t queue_id,
 	static struct rte_crypto_op *(*test_perf_set_crypto_op)
 			(struct rte_crypto_op *, struct rte_mbuf *,
 					struct rte_cryptodev_sym_session *,
-					unsigned int, unsigned int,
+					unsigned int,
 					enum chain_mode);
 
 	switch (pparams->cipher_algo) {
@@ -3470,7 +3453,7 @@ test_perf_openssl(uint8_t dev_id, uint16_t queue_id,
 				ops[i] = test_perf_set_crypto_op(ops[i],
 					mbufs[i + (pparams->burst_size *
 						(j % NUM_MBUF_SETS))],
-					sess, pparams->buf_size, digest_length,
+					sess, pparams->buf_size,
 					pparams->chain);
 
 			/* enqueue burst */
@@ -3548,8 +3531,6 @@ test_perf_armv8(uint8_t dev_id, uint16_t queue_id,
 	uint64_t processed = 0, failed_polls = 0, retries = 0;
 	uint64_t tsc_start = 0, tsc_end = 0;
 
-	unsigned int digest_length = get_auth_digest_length(pparams->auth_algo);
-
 	struct rte_crypto_op *ops[pparams->burst_size];
 	struct rte_crypto_op *proc_ops[pparams->burst_size];
 
@@ -3604,7 +3585,7 @@ test_perf_armv8(uint8_t dev_id, uint16_t queue_id,
 				ops[i] = test_perf_set_crypto_op_aes(ops[i],
 					mbufs[i + (pparams->burst_size *
 						(j % NUM_MBUF_SETS))], sess,
-					pparams->buf_size, digest_length,
+					pparams->buf_size,
 					pparams->chain);
 
 			/* enqueue burst */
@@ -4179,7 +4160,6 @@ perf_gcm_set_crypto_op(struct rte_crypto_op *op, struct rte_mbuf *m,
 					  params->session_attrs->aad_len +
 					  params->symmetric_op->p_len);
 
-	op->sym->auth.digest.length = params->symmetric_op->t_len;
 
 	op->sym->auth.aad.data = m_hlp->aad;
 	op->sym->auth.aad.phys_addr = rte_pktmbuf_mtophys(m);
-- 
2.9.4

^ permalink raw reply	[flat|nested] 100+ messages in thread

* [dpdk-dev] [PATCH v3 18/26] cryptodev: set AES-GMAC as auth-only algo
  2017-06-29 11:34   ` [dpdk-dev] [PATCH v3 00/26] Crypto operation restructuring Pablo de Lara
                       ` (16 preceding siblings ...)
  2017-06-29 11:35     ` [dpdk-dev] [PATCH v3 17/26] cryptodev: remove digest " Pablo de Lara
@ 2017-06-29 11:35     ` Pablo de Lara
  2017-06-29 11:35     ` [dpdk-dev] [PATCH v3 19/26] cryptodev: add AEAD specific data Pablo de Lara
                       ` (9 subsequent siblings)
  27 siblings, 0 replies; 100+ messages in thread
From: Pablo de Lara @ 2017-06-29 11:35 UTC (permalink / raw)
  To: declan.doherty, zbigniew.bodek, jerin.jacob, akhil.goyal,
	hemant.agrawal, fiona.trahe, john.griffin, deepak.k.jain
  Cc: dev, Pablo de Lara

AES-GMAC is an authentication algorithm, based on AES-GCM
without encryption. To simplify its usage, now it can be used
setting the authentication parameters, without requiring
to concatenate a ciphering transform.

Therefore, it is not required to set AAD, but authentication
data length and offset, giving the user the option
to have Scatter-Gather List in the input buffer,
as long as the driver supports it.

Signed-off-by: Pablo de Lara <pablo.de.lara.guarch@intel.com>
Acked-by: Akhil Goyal <akhil.goyal@nxp.com>
---
 app/test-crypto-perf/cperf_options_parsing.c     |   3 +-
 app/test-crypto-perf/cperf_test_vectors.c        |   5 -
 drivers/crypto/aesni_gcm/aesni_gcm_pmd.c         | 169 ++++++++++++++++-------
 drivers/crypto/aesni_gcm/aesni_gcm_pmd_ops.c     |  12 +-
 drivers/crypto/aesni_gcm/aesni_gcm_pmd_private.h |   4 +-
 drivers/crypto/openssl/rte_openssl_pmd.c         |  52 +++++--
 drivers/crypto/openssl/rte_openssl_pmd_ops.c     |   9 +-
 drivers/crypto/qat/qat_crypto.c                  | 151 ++++++++++++++------
 drivers/crypto/qat/qat_crypto_capabilities.h     |  11 +-
 lib/librte_cryptodev/rte_crypto_sym.h            |  39 +-----
 test/test/test_cryptodev.c                       | 159 ++++++++++-----------
 test/test/test_cryptodev_gcm_test_vectors.h      |  29 +---
 12 files changed, 374 insertions(+), 269 deletions(-)

diff --git a/app/test-crypto-perf/cperf_options_parsing.c b/app/test-crypto-perf/cperf_options_parsing.c
index 70b6a60..5c2dcff 100644
--- a/app/test-crypto-perf/cperf_options_parsing.c
+++ b/app/test-crypto-perf/cperf_options_parsing.c
@@ -820,8 +820,7 @@ cperf_options_check(struct cperf_options *options)
 	if (options->cipher_algo == RTE_CRYPTO_CIPHER_AES_GCM ||
 			options->cipher_algo == RTE_CRYPTO_CIPHER_AES_CCM ||
 			options->auth_algo == RTE_CRYPTO_AUTH_AES_GCM ||
-			options->auth_algo == RTE_CRYPTO_AUTH_AES_CCM ||
-			options->auth_algo == RTE_CRYPTO_AUTH_AES_GMAC) {
+			options->auth_algo == RTE_CRYPTO_AUTH_AES_CCM) {
 		if (options->op_type != CPERF_AEAD) {
 			RTE_LOG(ERR, USER1, "Use --optype aead\n");
 			return -EINVAL;
diff --git a/app/test-crypto-perf/cperf_test_vectors.c b/app/test-crypto-perf/cperf_test_vectors.c
index b67d0f4..2e5339c 100644
--- a/app/test-crypto-perf/cperf_test_vectors.c
+++ b/app/test-crypto-perf/cperf_test_vectors.c
@@ -456,11 +456,6 @@ cperf_test_vector_get_dummy(struct cperf_options *options)
 			t_vec->auth_key.data = NULL;
 			aad_alloc = 1;
 			break;
-		case RTE_CRYPTO_AUTH_AES_GMAC:
-			/* auth key should be the same as cipher key */
-			t_vec->auth_key.data = cipher_key;
-			aad_alloc = 1;
-			break;
 		default:
 			t_vec->auth_key.data = auth_key;
 			aad_alloc = 0;
diff --git a/drivers/crypto/aesni_gcm/aesni_gcm_pmd.c b/drivers/crypto/aesni_gcm/aesni_gcm_pmd.c
index fcf0f8b..36372a6 100644
--- a/drivers/crypto/aesni_gcm/aesni_gcm_pmd.c
+++ b/drivers/crypto/aesni_gcm/aesni_gcm_pmd.c
@@ -79,35 +79,74 @@ aesni_gcm_set_session_parameters(struct aesni_gcm_session *sess,
 	const struct rte_crypto_sym_xform *auth_xform;
 	const struct rte_crypto_sym_xform *cipher_xform;
 	uint16_t digest_length;
+	uint8_t key_length;
+	uint8_t *key;
 
-	if (xform->next == NULL || xform->next->next != NULL) {
-		GCM_LOG_ERR("Two and only two chained xform required");
-		return -EINVAL;
-	}
-
-	if (xform->type == RTE_CRYPTO_SYM_XFORM_CIPHER &&
-			xform->next->type == RTE_CRYPTO_SYM_XFORM_AUTH) {
-		auth_xform = xform->next;
-		cipher_xform = xform;
-	} else if (xform->type == RTE_CRYPTO_SYM_XFORM_AUTH &&
-			xform->next->type == RTE_CRYPTO_SYM_XFORM_CIPHER) {
+	/* AES-GMAC */
+	if (xform->next == NULL) {
 		auth_xform = xform;
-		cipher_xform = xform->next;
+		if (auth_xform->auth.algo != RTE_CRYPTO_AUTH_AES_GMAC) {
+			GCM_LOG_ERR("Only AES GMAC is supported as an "
+					"authentication only algorithm");
+			return -EINVAL;
+		}
+		/* Set IV parameters */
+		sess->iv.offset = auth_xform->auth.iv.offset;
+		sess->iv.length = auth_xform->auth.iv.length;
+
+		/* Select Crypto operation */
+		if (auth_xform->auth.op == RTE_CRYPTO_AUTH_OP_GENERATE)
+			sess->op = AESNI_GMAC_OP_GENERATE;
+		else
+			sess->op = AESNI_GMAC_OP_VERIFY;
+
+		key_length = auth_xform->auth.key.length;
+		key = auth_xform->auth.key.data;
+	/* AES-GCM */
 	} else {
-		GCM_LOG_ERR("Cipher and auth xform required");
-		return -EINVAL;
-	}
+		if (xform->type == RTE_CRYPTO_SYM_XFORM_CIPHER &&
+				xform->next->type == RTE_CRYPTO_SYM_XFORM_AUTH) {
+			auth_xform = xform->next;
+			cipher_xform = xform;
+		} else if (xform->type == RTE_CRYPTO_SYM_XFORM_AUTH &&
+				xform->next->type == RTE_CRYPTO_SYM_XFORM_CIPHER) {
+			auth_xform = xform;
+			cipher_xform = xform->next;
+		} else {
+			GCM_LOG_ERR("Cipher and auth xform required "
+					"when using AES GCM");
+			return -EINVAL;
+		}
 
-	if (!(cipher_xform->cipher.algo == RTE_CRYPTO_CIPHER_AES_GCM &&
-		(auth_xform->auth.algo == RTE_CRYPTO_AUTH_AES_GCM ||
-			auth_xform->auth.algo == RTE_CRYPTO_AUTH_AES_GMAC))) {
-		GCM_LOG_ERR("We only support AES GCM and AES GMAC");
-		return -EINVAL;
-	}
+		if (!(cipher_xform->cipher.algo == RTE_CRYPTO_CIPHER_AES_GCM &&
+				(auth_xform->auth.algo == RTE_CRYPTO_AUTH_AES_GCM))) {
+			GCM_LOG_ERR("The only combined operation "
+						"supported is AES GCM");
+			return -EINVAL;
+		}
 
-	/* Set IV parameters */
-	sess->iv.offset = cipher_xform->cipher.iv.offset;
-	sess->iv.length = cipher_xform->cipher.iv.length;
+		/* Set IV parameters */
+		sess->iv.offset = cipher_xform->cipher.iv.offset;
+		sess->iv.length = cipher_xform->cipher.iv.length;
+
+		/* Select Crypto operation */
+		if (cipher_xform->cipher.op == RTE_CRYPTO_CIPHER_OP_ENCRYPT &&
+				auth_xform->auth.op == RTE_CRYPTO_AUTH_OP_GENERATE)
+			sess->op = AESNI_GCM_OP_AUTHENTICATED_ENCRYPTION;
+		else if (cipher_xform->cipher.op == RTE_CRYPTO_CIPHER_OP_DECRYPT &&
+				auth_xform->auth.op == RTE_CRYPTO_AUTH_OP_VERIFY)
+			sess->op = AESNI_GCM_OP_AUTHENTICATED_DECRYPTION;
+		else {
+			GCM_LOG_ERR("Cipher/Auth operations: Encrypt/Generate or"
+					" Decrypt/Verify are valid only");
+			return -EINVAL;
+		}
+
+		key_length = cipher_xform->auth.key.length;
+		key = cipher_xform->auth.key.data;
+
+		sess->aad_length = auth_xform->auth.add_auth_data_length;
+	}
 
 	/* IV check */
 	if (sess->iv.length != 16 && sess->iv.length != 12 &&
@@ -116,39 +155,25 @@ aesni_gcm_set_session_parameters(struct aesni_gcm_session *sess,
 		return -EINVAL;
 	}
 
-	/* Select Crypto operation */
-	if (cipher_xform->cipher.op == RTE_CRYPTO_CIPHER_OP_ENCRYPT &&
-			auth_xform->auth.op == RTE_CRYPTO_AUTH_OP_GENERATE)
-		sess->op = AESNI_GCM_OP_AUTHENTICATED_ENCRYPTION;
-	else if (cipher_xform->cipher.op == RTE_CRYPTO_CIPHER_OP_DECRYPT &&
-			auth_xform->auth.op == RTE_CRYPTO_AUTH_OP_VERIFY)
-		sess->op = AESNI_GCM_OP_AUTHENTICATED_DECRYPTION;
-	else {
-		GCM_LOG_ERR("Cipher/Auth operations: Encrypt/Generate or"
-				" Decrypt/Verify are valid only");
-		return -EINVAL;
-	}
-
 	digest_length = auth_xform->auth.digest_length;
 
 	/* Check key length and calculate GCM pre-compute. */
-	switch (cipher_xform->cipher.key.length) {
+	switch (key_length) {
 	case 16:
-		aesni_gcm128_pre(cipher_xform->cipher.key.data, &sess->gdata);
+		aesni_gcm128_pre(key, &sess->gdata);
 		sess->key = AESNI_GCM_KEY_128;
 
 		break;
 	case 32:
-		aesni_gcm256_pre(cipher_xform->cipher.key.data, &sess->gdata);
+		aesni_gcm256_pre(key, &sess->gdata);
 		sess->key = AESNI_GCM_KEY_256;
 
 		break;
 	default:
-		GCM_LOG_ERR("Unsupported cipher key length");
+		GCM_LOG_ERR("Unsupported cipher/auth key length");
 		return -EINVAL;
 	}
 
-	sess->aad_length = auth_xform->auth.add_auth_data_length;
 	/* Digest check */
 	if (digest_length != 16 &&
 			digest_length != 12 &&
@@ -211,9 +236,20 @@ process_gcm_crypto_op(struct rte_crypto_op *op,
 	uint8_t *iv_ptr;
 	struct rte_crypto_sym_op *sym_op = op->sym;
 	struct rte_mbuf *m_src = sym_op->m_src;
-	uint32_t offset = sym_op->cipher.data.offset;
+	uint32_t offset, data_offset, data_length;
 	uint32_t part_len, total_len, data_len;
 
+	if (session->op == AESNI_GCM_OP_AUTHENTICATED_ENCRYPTION ||
+			session->op == AESNI_GCM_OP_AUTHENTICATED_DECRYPTION) {
+		offset = sym_op->cipher.data.offset;
+		data_offset = offset;
+		data_length = sym_op->cipher.data.length;
+	} else {
+		offset = sym_op->auth.data.offset;
+		data_offset = offset;
+		data_length = sym_op->auth.data.length;
+	}
+
 	RTE_ASSERT(m_src != NULL);
 
 	while (offset >= m_src->data_len) {
@@ -224,12 +260,12 @@ process_gcm_crypto_op(struct rte_crypto_op *op,
 	}
 
 	data_len = m_src->data_len - offset;
-	part_len = (data_len < sym_op->cipher.data.length) ? data_len :
-			sym_op->cipher.data.length;
+	part_len = (data_len < data_length) ? data_len :
+			data_length;
 
 	/* Destination buffer is required when segmented source buffer */
-	RTE_ASSERT((part_len == sym_op->cipher.data.length) ||
-			((part_len != sym_op->cipher.data.length) &&
+	RTE_ASSERT((part_len == data_length) ||
+			((part_len != data_length) &&
 					(sym_op->m_dst != NULL)));
 	/* Segmented destination buffer is not supported */
 	RTE_ASSERT((sym_op->m_dst == NULL) ||
@@ -239,9 +275,9 @@ process_gcm_crypto_op(struct rte_crypto_op *op,
 
 	dst = sym_op->m_dst ?
 			rte_pktmbuf_mtod_offset(sym_op->m_dst, uint8_t *,
-					sym_op->cipher.data.offset) :
+					data_offset) :
 			rte_pktmbuf_mtod_offset(sym_op->m_src, uint8_t *,
-					sym_op->cipher.data.offset);
+					data_offset);
 
 	src = rte_pktmbuf_mtod_offset(m_src, uint8_t *, offset);
 
@@ -265,7 +301,7 @@ process_gcm_crypto_op(struct rte_crypto_op *op,
 
 		aesni_gcm_enc[session->key].update(&session->gdata, dst, src,
 				(uint64_t)part_len);
-		total_len = sym_op->cipher.data.length - part_len;
+		total_len = data_length - part_len;
 
 		while (total_len) {
 			dst += part_len;
@@ -286,7 +322,7 @@ process_gcm_crypto_op(struct rte_crypto_op *op,
 		aesni_gcm_enc[session->key].finalize(&session->gdata,
 				sym_op->auth.digest.data,
 				(uint64_t)session->digest_length);
-	} else { /* session->op == AESNI_GCM_OP_AUTHENTICATED_DECRYPTION */
+	} else if (session->op == AESNI_GCM_OP_AUTHENTICATED_DECRYPTION) {
 		uint8_t *auth_tag = (uint8_t *)rte_pktmbuf_append(sym_op->m_dst ?
 				sym_op->m_dst : sym_op->m_src,
 				session->digest_length);
@@ -303,7 +339,7 @@ process_gcm_crypto_op(struct rte_crypto_op *op,
 
 		aesni_gcm_dec[session->key].update(&session->gdata, dst, src,
 				(uint64_t)part_len);
-		total_len = sym_op->cipher.data.length - part_len;
+		total_len = data_length - part_len;
 
 		while (total_len) {
 			dst += part_len;
@@ -324,6 +360,32 @@ process_gcm_crypto_op(struct rte_crypto_op *op,
 		aesni_gcm_dec[session->key].finalize(&session->gdata,
 				auth_tag,
 				(uint64_t)session->digest_length);
+	} else if (session->op == AESNI_GMAC_OP_GENERATE) {
+		aesni_gcm_enc[session->key].init(&session->gdata,
+				iv_ptr,
+				src,
+				(uint64_t)data_length);
+		aesni_gcm_enc[session->key].finalize(&session->gdata,
+				sym_op->auth.digest.data,
+				(uint64_t)session->digest_length);
+	} else { /* AESNI_GMAC_OP_VERIFY */
+		uint8_t *auth_tag = (uint8_t *)rte_pktmbuf_append(sym_op->m_dst ?
+				sym_op->m_dst : sym_op->m_src,
+				session->digest_length);
+
+		if (!auth_tag) {
+			GCM_LOG_ERR("auth_tag");
+			return -1;
+		}
+
+		aesni_gcm_dec[session->key].init(&session->gdata,
+				iv_ptr,
+				src,
+				(uint64_t)data_length);
+
+		aesni_gcm_dec[session->key].finalize(&session->gdata,
+				auth_tag,
+				(uint64_t)session->digest_length);
 	}
 
 	return 0;
@@ -350,7 +412,8 @@ post_process_gcm_crypto_op(struct rte_crypto_op *op)
 	op->status = RTE_CRYPTO_OP_STATUS_SUCCESS;
 
 	/* Verify digest if required */
-	if (session->op == AESNI_GCM_OP_AUTHENTICATED_DECRYPTION) {
+	if (session->op == AESNI_GCM_OP_AUTHENTICATED_DECRYPTION ||
+			session->op == AESNI_GMAC_OP_VERIFY) {
 
 		uint8_t *tag = rte_pktmbuf_mtod_offset(m, uint8_t *,
 				m->data_len - session->digest_length);
diff --git a/drivers/crypto/aesni_gcm/aesni_gcm_pmd_ops.c b/drivers/crypto/aesni_gcm/aesni_gcm_pmd_ops.c
index 542e6c4..39285d0 100644
--- a/drivers/crypto/aesni_gcm/aesni_gcm_pmd_ops.c
+++ b/drivers/crypto/aesni_gcm/aesni_gcm_pmd_ops.c
@@ -56,12 +56,12 @@ static const struct rte_cryptodev_capabilities aesni_gcm_pmd_capabilities[] = {
 					.max = 16,
 					.increment = 4
 				},
-				.aad_size = {
-					.min = 0,
-					.max = 65535,
-					.increment = 1
-				},
-				.iv_size = { 0 }
+				.aad_size = { 0 },
+				.iv_size = {
+					.min = 12,
+					.max = 12,
+					.increment = 0
+				}
 			}, }
 		}, }
 	},
diff --git a/drivers/crypto/aesni_gcm/aesni_gcm_pmd_private.h b/drivers/crypto/aesni_gcm/aesni_gcm_pmd_private.h
index 05fabe6..9dea80d 100644
--- a/drivers/crypto/aesni_gcm/aesni_gcm_pmd_private.h
+++ b/drivers/crypto/aesni_gcm/aesni_gcm_pmd_private.h
@@ -80,7 +80,9 @@ struct aesni_gcm_qp {
 
 enum aesni_gcm_operation {
 	AESNI_GCM_OP_AUTHENTICATED_ENCRYPTION,
-	AESNI_GCM_OP_AUTHENTICATED_DECRYPTION
+	AESNI_GCM_OP_AUTHENTICATED_DECRYPTION,
+	AESNI_GMAC_OP_GENERATE,
+	AESNI_GMAC_OP_VERIFY
 };
 
 enum aesni_gcm_key {
diff --git a/drivers/crypto/openssl/rte_openssl_pmd.c b/drivers/crypto/openssl/rte_openssl_pmd.c
index 46b1dd8..11260d8 100644
--- a/drivers/crypto/openssl/rte_openssl_pmd.c
+++ b/drivers/crypto/openssl/rte_openssl_pmd.c
@@ -330,13 +330,41 @@ openssl_set_session_auth_parameters(struct openssl_session *sess,
 
 	/* Select auth algo */
 	switch (xform->auth.algo) {
-	case RTE_CRYPTO_AUTH_AES_GMAC:
 	case RTE_CRYPTO_AUTH_AES_GCM:
-		/* Check additional condition for AES_GMAC/GCM */
+		/* Check additional condition for AES_GCM */
 		if (sess->cipher.algo != RTE_CRYPTO_CIPHER_AES_GCM)
 			return -EINVAL;
 		sess->chain_order = OPENSSL_CHAIN_COMBINED;
 		break;
+	case RTE_CRYPTO_AUTH_AES_GMAC:
+		sess->chain_order = OPENSSL_CHAIN_COMBINED;
+
+		/* Set IV parameters */
+		sess->iv.offset = xform->auth.iv.offset;
+		sess->iv.length = xform->auth.iv.length;
+
+		/*
+		 * OpenSSL requires GMAC to be a GCM operation
+		 * with no cipher data length
+		 */
+		sess->cipher.mode = OPENSSL_CIPHER_LIB;
+		if (sess->auth.operation == RTE_CRYPTO_AUTH_OP_GENERATE)
+			sess->cipher.direction = RTE_CRYPTO_CIPHER_OP_ENCRYPT;
+		else
+			sess->cipher.direction = RTE_CRYPTO_CIPHER_OP_DECRYPT;
+
+		sess->cipher.key.length = xform->auth.key.length;
+		sess->cipher.ctx = EVP_CIPHER_CTX_new();
+
+		if (get_cipher_algo(RTE_CRYPTO_CIPHER_AES_GCM,
+				sess->cipher.key.length,
+				&sess->cipher.evp_algo) != 0)
+			return -EINVAL;
+
+		get_cipher_key(xform->auth.key.data, xform->auth.key.length,
+			sess->cipher.key.data);
+
+		break;
 
 	case RTE_CRYPTO_AUTH_MD5:
 	case RTE_CRYPTO_AUTH_SHA1:
@@ -923,6 +951,7 @@ process_openssl_combined_op
 	/* cipher */
 	uint8_t *dst = NULL, *iv, *tag, *aad;
 	int srclen, ivlen, aadlen, status = -1;
+	uint32_t offset;
 
 	/*
 	 * Segmented destination buffer is not supported for
@@ -936,32 +965,37 @@ process_openssl_combined_op
 	iv = rte_crypto_op_ctod_offset(op, uint8_t *,
 			sess->iv.offset);
 	ivlen = sess->iv.length;
-	aad = op->sym->auth.aad.data;
-	aadlen = sess->auth.aad_length;
-
 	tag = op->sym->auth.digest.data;
 	if (tag == NULL)
 		tag = rte_pktmbuf_mtod_offset(mbuf_dst, uint8_t *,
 				op->sym->cipher.data.offset +
 				op->sym->cipher.data.length);
 
-	if (sess->auth.algo == RTE_CRYPTO_AUTH_AES_GMAC)
+	if (sess->auth.algo == RTE_CRYPTO_AUTH_AES_GMAC) {
 		srclen = 0;
-	else {
+		offset = op->sym->auth.data.offset;
+		aadlen = op->sym->auth.data.length;
+		aad = rte_pktmbuf_mtod_offset(mbuf_src, uint8_t *,
+				op->sym->auth.data.offset);
+
+	} else {
 		srclen = op->sym->cipher.data.length;
 		dst = rte_pktmbuf_mtod_offset(mbuf_dst, uint8_t *,
 				op->sym->cipher.data.offset);
+		offset = op->sym->cipher.data.offset;
+		aad = op->sym->auth.aad.data;
+		aadlen = sess->auth.aad_length;
 	}
 
 	if (sess->cipher.direction == RTE_CRYPTO_CIPHER_OP_ENCRYPT)
 		status = process_openssl_auth_encryption_gcm(
-				mbuf_src, op->sym->cipher.data.offset, srclen,
+				mbuf_src, offset, srclen,
 				aad, aadlen, iv, ivlen, sess->cipher.key.data,
 				dst, tag, sess->cipher.ctx,
 				sess->cipher.evp_algo);
 	else
 		status = process_openssl_auth_decryption_gcm(
-				mbuf_src, op->sym->cipher.data.offset, srclen,
+				mbuf_src, offset, srclen,
 				aad, aadlen, iv, ivlen, sess->cipher.key.data,
 				dst, tag, sess->cipher.ctx,
 				sess->cipher.evp_algo);
diff --git a/drivers/crypto/openssl/rte_openssl_pmd_ops.c b/drivers/crypto/openssl/rte_openssl_pmd_ops.c
index 3026dbd..fc525d9 100644
--- a/drivers/crypto/openssl/rte_openssl_pmd_ops.c
+++ b/drivers/crypto/openssl/rte_openssl_pmd_ops.c
@@ -407,12 +407,11 @@ static const struct rte_cryptodev_capabilities openssl_pmd_capabilities[] = {
 					.max = 16,
 					.increment = 0
 				},
-				.aad_size = {
-					.min = 8,
-					.max = 65532,
+				.iv_size = {
+					.min = 12,
+					.max = 16,
 					.increment = 4
-				},
-				.iv_size = { 0 }
+				}
 			}, }
 		}, }
 	},
diff --git a/drivers/crypto/qat/qat_crypto.c b/drivers/crypto/qat/qat_crypto.c
index b365c8d..81f7a1f 100644
--- a/drivers/crypto/qat/qat_crypto.c
+++ b/drivers/crypto/qat/qat_crypto.c
@@ -518,6 +518,8 @@ qat_crypto_sym_configure_session_auth(struct rte_cryptodev *dev,
 	struct rte_crypto_cipher_xform *cipher_xform = NULL;
 	struct qat_pmd_private *internals = dev->data->dev_private;
 	auth_xform = qat_get_auth_xform(xform);
+	uint8_t *key_data = auth_xform->key.data;
+	uint8_t key_length = auth_xform->key.length;
 
 	switch (auth_xform->algo) {
 	case RTE_CRYPTO_AUTH_SHA1_HMAC:
@@ -539,10 +541,22 @@ qat_crypto_sym_configure_session_auth(struct rte_cryptodev *dev,
 		session->qat_hash_alg = ICP_QAT_HW_AUTH_ALGO_AES_XCBC_MAC;
 		break;
 	case RTE_CRYPTO_AUTH_AES_GCM:
+		cipher_xform = qat_get_cipher_xform(xform);
+
 		session->qat_hash_alg = ICP_QAT_HW_AUTH_ALGO_GALOIS_128;
+
+		key_data = cipher_xform->key.data;
+		key_length = cipher_xform->key.length;
 		break;
 	case RTE_CRYPTO_AUTH_AES_GMAC:
+		if (qat_alg_validate_aes_key(auth_xform->key.length,
+				&session->qat_cipher_alg) != 0) {
+			PMD_DRV_LOG(ERR, "Invalid AES key size");
+			goto error_out;
+		}
+		session->qat_mode = ICP_QAT_HW_CIPHER_CTR_MODE;
 		session->qat_hash_alg = ICP_QAT_HW_AUTH_ALGO_GALOIS_128;
+
 		break;
 	case RTE_CRYPTO_AUTH_SNOW3G_UIA2:
 		session->qat_hash_alg = ICP_QAT_HW_AUTH_ALGO_SNOW_3G_UIA2;
@@ -582,30 +596,62 @@ qat_crypto_sym_configure_session_auth(struct rte_cryptodev *dev,
 				auth_xform->algo);
 		goto error_out;
 	}
-	cipher_xform = qat_get_cipher_xform(xform);
 
 	session->auth_iv.offset = auth_xform->iv.offset;
 	session->auth_iv.length = auth_xform->iv.length;
 
-	if ((session->qat_hash_alg == ICP_QAT_HW_AUTH_ALGO_GALOIS_128) ||
-			(session->qat_hash_alg ==
-				ICP_QAT_HW_AUTH_ALGO_GALOIS_64))  {
-		if (qat_alg_aead_session_create_content_desc_auth(session,
-				cipher_xform->key.data,
-				cipher_xform->key.length,
-				auth_xform->add_auth_data_length,
-				auth_xform->digest_length,
-				auth_xform->op))
-			goto error_out;
+	if (auth_xform->algo == RTE_CRYPTO_AUTH_AES_GMAC) {
+		if (auth_xform->op == RTE_CRYPTO_AUTH_OP_GENERATE) {
+			session->qat_cmd = ICP_QAT_FW_LA_CMD_CIPHER_HASH;
+			session->qat_dir = ICP_QAT_HW_CIPHER_ENCRYPT;
+			/*
+			 * It needs to create cipher desc content first,
+			 * then authentication
+			 */
+			if (qat_alg_aead_session_create_content_desc_cipher(session,
+						auth_xform->key.data,
+						auth_xform->key.length))
+				goto error_out;
+
+			if (qat_alg_aead_session_create_content_desc_auth(session,
+						key_data,
+						key_length,
+						0,
+						auth_xform->digest_length,
+						auth_xform->op))
+				goto error_out;
+		} else {
+			session->qat_cmd = ICP_QAT_FW_LA_CMD_HASH_CIPHER;
+			session->qat_dir = ICP_QAT_HW_CIPHER_DECRYPT;
+			/*
+			 * It needs to create authentication desc content first,
+			 * then cipher
+			 */
+			if (qat_alg_aead_session_create_content_desc_auth(session,
+					key_data,
+					key_length,
+					0,
+					auth_xform->digest_length,
+					auth_xform->op))
+				goto error_out;
+
+			if (qat_alg_aead_session_create_content_desc_cipher(session,
+						auth_xform->key.data,
+						auth_xform->key.length))
+				goto error_out;
+		}
+		/* Restore to authentication only only */
+		session->qat_cmd = ICP_QAT_FW_LA_CMD_AUTH;
 	} else {
 		if (qat_alg_aead_session_create_content_desc_auth(session,
-				auth_xform->key.data,
-				auth_xform->key.length,
+				key_data,
+				key_length,
 				auth_xform->add_auth_data_length,
 				auth_xform->digest_length,
 				auth_xform->op))
 			goto error_out;
 	}
+
 	session->digest_length = auth_xform->digest_length;
 	return session;
 
@@ -892,6 +938,28 @@ qat_sgl_fill_array(struct rte_mbuf *buf, uint64_t buff_start,
 	return 0;
 }
 
+static inline void
+set_cipher_iv(uint16_t iv_length, uint16_t iv_offset,
+		struct icp_qat_fw_la_cipher_req_params *cipher_param,
+		struct rte_crypto_op *op,
+		struct icp_qat_fw_la_bulk_req *qat_req)
+{
+	/* copy IV into request if it fits */
+	if (iv_length <= sizeof(cipher_param->u.cipher_IV_array)) {
+		rte_memcpy(cipher_param->u.cipher_IV_array,
+				rte_crypto_op_ctod_offset(op, uint8_t *,
+					iv_offset),
+				iv_length);
+	} else {
+		ICP_QAT_FW_LA_CIPH_IV_FLD_FLAG_SET(
+				qat_req->comn_hdr.serv_specif_flags,
+				ICP_QAT_FW_CIPH_IV_64BIT_PTR);
+		cipher_param->u.s.cipher_IV_ptr =
+				rte_crypto_op_ctophys_offset(op,
+					iv_offset);
+	}
+}
+
 static inline int
 qat_write_hw_desc_entry(struct rte_crypto_op *op, uint8_t *out_msg,
 		struct qat_crypto_op_cookie *qat_op_cookie)
@@ -907,7 +975,6 @@ qat_write_hw_desc_entry(struct rte_crypto_op *op, uint8_t *out_msg,
 	uint32_t min_ofs = 0;
 	uint64_t src_buf_start = 0, dst_buf_start = 0;
 	uint8_t do_sgl = 0;
-	uint8_t *cipher_iv_ptr = NULL;
 
 #ifdef RTE_LIBRTE_PMD_QAT_DEBUG_TX
 	if (unlikely(op->type != RTE_CRYPTO_OP_TYPE_SYMMETRIC)) {
@@ -980,22 +1047,8 @@ qat_write_hw_desc_entry(struct rte_crypto_op *op, uint8_t *out_msg,
 			cipher_ofs = op->sym->cipher.data.offset;
 		}
 
-		cipher_iv_ptr = rte_crypto_op_ctod_offset(op, uint8_t *,
-					ctx->cipher_iv.offset);
-		/* copy IV into request if it fits */
-		if (ctx->cipher_iv.length <=
-				sizeof(cipher_param->u.cipher_IV_array)) {
-			rte_memcpy(cipher_param->u.cipher_IV_array,
-					cipher_iv_ptr,
-					ctx->cipher_iv.length);
-		} else {
-			ICP_QAT_FW_LA_CIPH_IV_FLD_FLAG_SET(
-					qat_req->comn_hdr.serv_specif_flags,
-					ICP_QAT_FW_CIPH_IV_64BIT_PTR);
-			cipher_param->u.s.cipher_IV_ptr =
-					rte_crypto_op_ctophys_offset(op,
-						ctx->cipher_iv.offset);
-		}
+		set_cipher_iv(ctx->cipher_iv.length, ctx->cipher_iv.offset,
+				cipher_param, op, qat_req);
 		min_ofs = cipher_ofs;
 	}
 
@@ -1034,10 +1087,18 @@ qat_write_hw_desc_entry(struct rte_crypto_op *op, uint8_t *out_msg,
 					ICP_QAT_HW_AUTH_ALGO_GALOIS_128 ||
 				ctx->qat_hash_alg ==
 					ICP_QAT_HW_AUTH_ALGO_GALOIS_64) {
-			auth_ofs = op->sym->cipher.data.offset;
-			auth_len = op->sym->cipher.data.length;
-
-			auth_param->u1.aad_adr = op->sym->auth.aad.phys_addr;
+			/* AES-GCM */
+			if (do_cipher) {
+				auth_ofs = op->sym->cipher.data.offset;
+				auth_len = op->sym->cipher.data.length;
+
+				auth_param->u1.aad_adr = op->sym->auth.aad.phys_addr;
+			/* AES-GMAC */
+			} else {
+				set_cipher_iv(ctx->auth_iv.length,
+					ctx->auth_iv.offset,
+					cipher_param, op, qat_req);
+			}
 		} else {
 			auth_ofs = op->sym->auth.data.offset;
 			auth_len = op->sym->auth.data.length;
@@ -1154,7 +1215,8 @@ qat_write_hw_desc_entry(struct rte_crypto_op *op, uint8_t *out_msg,
 
 	if (ctx->qat_hash_alg == ICP_QAT_HW_AUTH_ALGO_GALOIS_128 ||
 			ctx->qat_hash_alg == ICP_QAT_HW_AUTH_ALGO_GALOIS_64) {
-		if (ctx->cipher_iv.length == 12) {
+		if (ctx->cipher_iv.length == 12 ||
+				ctx->auth_iv.length == 12) {
 			/*
 			 * For GCM a 12 bit IV is allowed,
 			 * but we need to inform the f/w
@@ -1163,20 +1225,13 @@ qat_write_hw_desc_entry(struct rte_crypto_op *op, uint8_t *out_msg,
 				qat_req->comn_hdr.serv_specif_flags,
 				ICP_QAT_FW_LA_GCM_IV_LEN_12_OCTETS);
 		}
-		if (op->sym->cipher.data.length == 0) {
-			/*
-			 * GMAC
-			 */
-			qat_req->comn_mid.dest_data_addr =
-				qat_req->comn_mid.src_data_addr =
-						op->sym->auth.aad.phys_addr;
+		/* GMAC */
+		if (!do_cipher) {
 			qat_req->comn_mid.dst_length =
 				qat_req->comn_mid.src_length =
 					rte_pktmbuf_data_len(op->sym->m_src);
-			cipher_param->cipher_length = 0;
-			cipher_param->cipher_offset = 0;
 			auth_param->u1.aad_adr = 0;
-			auth_param->auth_len = ctx->aad_len;
+			auth_param->auth_len = op->sym->auth.data.length;
 			auth_param->auth_off = op->sym->auth.data.offset;
 			auth_param->u2.aad_sz = 0;
 		}
@@ -1188,9 +1243,13 @@ qat_write_hw_desc_entry(struct rte_crypto_op *op, uint8_t *out_msg,
 	rte_hexdump(stdout, "src_data:",
 			rte_pktmbuf_mtod(op->sym->m_src, uint8_t*),
 			rte_pktmbuf_data_len(op->sym->m_src));
-	if (do_cipher)
+	if (do_cipher) {
+		uint8_t *cipher_iv_ptr = rte_crypto_op_ctod_offset(op,
+						uint8_t *,
+						ctx->cipher_iv.offset);
 		rte_hexdump(stdout, "cipher iv:", cipher_iv_ptr,
 				ctx->cipher_iv.length);
+	}
 
 	if (do_auth) {
 		if (ctx->auth_iv.length) {
diff --git a/drivers/crypto/qat/qat_crypto_capabilities.h b/drivers/crypto/qat/qat_crypto_capabilities.h
index fbff148..d863ccd 100644
--- a/drivers/crypto/qat/qat_crypto_capabilities.h
+++ b/drivers/crypto/qat/qat_crypto_capabilities.h
@@ -232,12 +232,11 @@
 					.max = 16,			\
 					.increment = 4			\
 				},					\
-				.aad_size = {				\
-					.min = 1,			\
-					.max = 65535,			\
-					.increment = 1			\
-				},					\
-				.iv_size = { 0 }			\
+				.iv_size = {				\
+					.min = 12,			\
+					.max = 12,			\
+					.increment = 0			\
+				}					\
 			}, }						\
 		}, }							\
 	},								\
diff --git a/lib/librte_cryptodev/rte_crypto_sym.h b/lib/librte_cryptodev/rte_crypto_sym.h
index de4031a..f174e12 100644
--- a/lib/librte_cryptodev/rte_crypto_sym.h
+++ b/lib/librte_cryptodev/rte_crypto_sym.h
@@ -84,11 +84,10 @@ enum rte_crypto_cipher_algorithm {
 	/**< AES algorithm in F8 mode */
 	RTE_CRYPTO_CIPHER_AES_GCM,
 	/**< AES algorithm in GCM mode. When this cipher algorithm is used the
-	 * *RTE_CRYPTO_AUTH_AES_GCM* or *RTE_CRYPTO_AUTH_AES_GMAC* element
-	 * of the *rte_crypto_auth_algorithm* enum MUST be used to set up
-	 * the related *rte_crypto_auth_setup_data* structure in the session
-	 * context or in the op_params of the crypto operation structure
-	 * in the case of a session-less crypto operation.
+	 * *RTE_CRYPTO_AUTH_AES_GCM* element of the *rte_crypto_auth_algorithm*
+	 * enum MUST be used to set up the related *rte_crypto_auth_setup_data*
+	 * structure in the session context or in the op_params of the crypto
+	 * operation structure in the case of a session-less crypto operation.
 	 */
 	RTE_CRYPTO_CIPHER_AES_XTS,
 	/**< AES algorithm in XTS mode */
@@ -268,13 +267,7 @@ enum rte_crypto_auth_algorithm {
 	 * op_params parameter MUST be set for a session-less crypto operation.
 	 */
 	RTE_CRYPTO_AUTH_AES_GMAC,
-	/**< AES GMAC algorithm. When this hash algorithm
-	* is used, the RTE_CRYPTO_CIPHER_AES_GCM element of the
-	* rte_crypto_cipher_algorithm enum MUST be used to set up the related
-	* rte_crypto_cipher_setup_data structure in the session context,  or
-	* the corresponding parameter in the crypto operation data structures
-	* op_params parameter MUST be set for a session-less crypto operation.
-	*/
+	/**< AES GMAC algorithm. */
 	RTE_CRYPTO_AUTH_AES_XCBC_MAC,
 	/**< AES XCBC algorithm. */
 
@@ -384,11 +377,6 @@ struct rte_crypto_auth_xform {
 	 *   block B0 and the encoded length.  The maximum permitted value in
 	 *   this case is 222 bytes.
 	 *
-	 * @note
-	 *  For AES-GMAC (@ref RTE_CRYPTO_AUTH_AES_GMAC) mode of operation
-	 *  this field is not used and should be set to 0. Instead the length
-	 *  of the AAD data is specified in additional authentication data
-	 *  length field of the rte_crypto_sym_op_data structure
 	 */
 
 	struct {
@@ -522,10 +510,6 @@ struct rte_crypto_sym_op {
 			  * values.
 			  *
 			  * @note
-			  * For AES-GMAC @ref RTE_CRYPTO_AUTH_AES_GMAC, this
-			  * field should be set to 0.
-			  *
-			  * @note
 			  * For SNOW 3G @ RTE_CRYPTO_AUTH_SNOW3G_UEA2,
 			  * KASUMI @ RTE_CRYPTO_CIPHER_KASUMI_F8
 			  * and ZUC @ RTE_CRYPTO_CIPHER_ZUC_EEA3,
@@ -547,11 +531,6 @@ struct rte_crypto_sym_op {
 			  * ignored. The field @ref aad field
 			  * should be set instead.
 			  *
-			  * @note For AES-GMAC (@ref RTE_CRYPTO_AUTH_AES_GMAC)
-			  * mode of operation, this field is set to 0. aad data
-			  * pointer of rte_crypto_sym_op_data structure is
-			  * used instead
-			  *
 			  * @note
 			  * For SNOW 3G @ RTE_CRYPTO_AUTH_SNOW3G_UIA2,
 			  * KASUMI @ RTE_CRYPTO_AUTH_KASUMI_F9
@@ -569,11 +548,6 @@ struct rte_crypto_sym_op {
 			  * instead.
 			  *
 			  * @note
-			  * For AES-GMAC @ref RTE_CRYPTO_AUTH_AES_GMAC mode
-			  * of operation, this field is set to 0.
-			  * Auth.aad.length is used instead.
-			  *
-			  * @note
 			  * For SNOW 3G @ RTE_CRYPTO_AUTH_SNOW3G_UIA2,
 			  * KASUMI @ RTE_CRYPTO_AUTH_KASUMI_F9
 			  * and ZUC @ RTE_CRYPTO_AUTH_ZUC_EIA3,
@@ -644,9 +618,6 @@ struct rte_crypto_sym_op {
 			 * any space to round this up to the nearest multiple
 			 * of the block size (16 bytes).
 			 *
-			 * @note
-			 * For AES-GMAC (@ref RTE_CRYPTO_AUTH_AES_GMAC) mode of
-			 * operation, this field is used to pass plaintext.
 			 */
 			phys_addr_t phys_addr;	/**< physical address */
 		} aad;
diff --git a/test/test/test_cryptodev.c b/test/test/test_cryptodev.c
index 4698f26..00c32a4 100644
--- a/test/test/test_cryptodev.c
+++ b/test/test/test_cryptodev.c
@@ -6281,17 +6281,7 @@ create_gmac_operation(enum rte_crypto_auth_operation op,
 	struct crypto_unittest_params *ut_params = &unittest_params;
 	struct rte_crypto_sym_op *sym_op;
 
-	unsigned aad_pad_len;
-
-	aad_pad_len = RTE_ALIGN_CEIL(tdata->aad.len, 16);
-
-	/*
-	 * Runtime generate the large plain text instead of use hard code
-	 * plain text vector. It is done to avoid create huge source file
-	 * with the test vector.
-	 */
-	if (tdata->aad.len == GMAC_LARGE_PLAINTEXT_LENGTH)
-		generate_gmac_large_plaintext(tdata->aad.data);
+	uint32_t plaintext_pad_len = RTE_ALIGN_CEIL(tdata->plaintext.len, 16);
 
 	/* Generate Crypto op data structure */
 	ut_params->op = rte_crypto_op_alloc(ts_params->op_mpool,
@@ -6300,14 +6290,6 @@ create_gmac_operation(enum rte_crypto_auth_operation op,
 			"Failed to allocate symmetric crypto operation struct");
 
 	sym_op = ut_params->op->sym;
-	sym_op->auth.aad.data = (uint8_t *)rte_pktmbuf_append(ut_params->ibuf,
-			aad_pad_len);
-	TEST_ASSERT_NOT_NULL(sym_op->auth.aad.data,
-			"no room to append aad");
-
-	sym_op->auth.aad.phys_addr =
-			rte_pktmbuf_mtophys(ut_params->ibuf);
-	memcpy(sym_op->auth.aad.data, tdata->aad.data, tdata->aad.len);
 
 	sym_op->auth.digest.data = (uint8_t *)rte_pktmbuf_append(
 			ut_params->ibuf, tdata->gmac_tag.len);
@@ -6315,7 +6297,7 @@ create_gmac_operation(enum rte_crypto_auth_operation op,
 			"no room to append digest");
 
 	sym_op->auth.digest.phys_addr = rte_pktmbuf_mtophys_offset(
-			ut_params->ibuf, aad_pad_len);
+			ut_params->ibuf, plaintext_pad_len);
 
 	if (op == RTE_CRYPTO_AUTH_OP_VERIFY) {
 		rte_memcpy(sym_op->auth.digest.data, tdata->gmac_tag.data,
@@ -6336,31 +6318,20 @@ create_gmac_operation(enum rte_crypto_auth_operation op,
 	sym_op->cipher.data.offset = 0;
 
 	sym_op->auth.data.offset = 0;
-	sym_op->auth.data.length = 0;
+	sym_op->auth.data.length = tdata->plaintext.len;
 
 	return 0;
 }
 
 static int create_gmac_session(uint8_t dev_id,
-		enum rte_crypto_cipher_operation op,
 		const struct gmac_test_data *tdata,
 		enum rte_crypto_auth_operation auth_op)
 {
-	uint8_t cipher_key[tdata->key.len];
+	uint8_t auth_key[tdata->key.len];
 
 	struct crypto_unittest_params *ut_params = &unittest_params;
 
-	memcpy(cipher_key, tdata->key.data, tdata->key.len);
-
-	/* For GMAC we setup cipher parameters */
-	ut_params->cipher_xform.type = RTE_CRYPTO_SYM_XFORM_CIPHER;
-	ut_params->cipher_xform.next = NULL;
-	ut_params->cipher_xform.cipher.algo = RTE_CRYPTO_CIPHER_AES_GCM;
-	ut_params->cipher_xform.cipher.op = op;
-	ut_params->cipher_xform.cipher.key.data = cipher_key;
-	ut_params->cipher_xform.cipher.key.length = tdata->key.len;
-	ut_params->cipher_xform.cipher.iv.offset = IV_OFFSET;
-	ut_params->cipher_xform.cipher.iv.length = tdata->iv.len;
+	memcpy(auth_key, tdata->key.data, tdata->key.len);
 
 	ut_params->auth_xform.type = RTE_CRYPTO_SYM_XFORM_AUTH;
 	ut_params->auth_xform.next = NULL;
@@ -6368,14 +6339,15 @@ static int create_gmac_session(uint8_t dev_id,
 	ut_params->auth_xform.auth.algo = RTE_CRYPTO_AUTH_AES_GMAC;
 	ut_params->auth_xform.auth.op = auth_op;
 	ut_params->auth_xform.auth.digest_length = tdata->gmac_tag.len;
-	ut_params->auth_xform.auth.add_auth_data_length = tdata->aad.len;
-	ut_params->auth_xform.auth.key.length = 0;
-	ut_params->auth_xform.auth.key.data = NULL;
+	ut_params->auth_xform.auth.add_auth_data_length = 0;
+	ut_params->auth_xform.auth.key.length = tdata->key.len;
+	ut_params->auth_xform.auth.key.data = auth_key;
+	ut_params->auth_xform.auth.iv.offset = IV_OFFSET;
+	ut_params->auth_xform.auth.iv.length = tdata->iv.len;
 
-	ut_params->cipher_xform.next = &ut_params->auth_xform;
 
 	ut_params->sess = rte_cryptodev_sym_session_create(dev_id,
-			&ut_params->cipher_xform);
+			&ut_params->auth_xform);
 
 	TEST_ASSERT_NOT_NULL(ut_params->sess, "Session creation failed");
 
@@ -6390,20 +6362,19 @@ test_AES_GMAC_authentication(const struct gmac_test_data *tdata)
 
 	int retval;
 
-	uint8_t *auth_tag, *p;
-	uint16_t aad_pad_len;
+	uint8_t *auth_tag, *plaintext;
+	uint16_t plaintext_pad_len;
 
 	TEST_ASSERT_NOT_EQUAL(tdata->gmac_tag.len, 0,
 			      "No GMAC length in the source data");
 
 	retval = create_gmac_session(ts_params->valid_devs[0],
-			RTE_CRYPTO_CIPHER_OP_ENCRYPT,
 			tdata, RTE_CRYPTO_AUTH_OP_GENERATE);
 
 	if (retval < 0)
 		return retval;
 
-	if (tdata->aad.len > MBUF_SIZE)
+	if (tdata->plaintext.len > MBUF_SIZE)
 		ut_params->ibuf = rte_pktmbuf_alloc(ts_params->large_mbuf_pool);
 	else
 		ut_params->ibuf = rte_pktmbuf_alloc(ts_params->mbuf_pool);
@@ -6413,9 +6384,22 @@ test_AES_GMAC_authentication(const struct gmac_test_data *tdata)
 	memset(rte_pktmbuf_mtod(ut_params->ibuf, uint8_t *), 0,
 			rte_pktmbuf_tailroom(ut_params->ibuf));
 
-	aad_pad_len = RTE_ALIGN_CEIL(tdata->aad.len, 16);
+	plaintext_pad_len = RTE_ALIGN_CEIL(tdata->plaintext.len, 16);
+	/*
+	 * Runtime generate the large plain text instead of use hard code
+	 * plain text vector. It is done to avoid create huge source file
+	 * with the test vector.
+	 */
+	if (tdata->plaintext.len == GMAC_LARGE_PLAINTEXT_LENGTH)
+		generate_gmac_large_plaintext(tdata->plaintext.data);
+
+	plaintext = (uint8_t *)rte_pktmbuf_append(ut_params->ibuf,
+				plaintext_pad_len);
+	TEST_ASSERT_NOT_NULL(plaintext, "no room to append plaintext");
 
-	p = rte_pktmbuf_mtod(ut_params->ibuf, uint8_t *);
+	memcpy(plaintext, tdata->plaintext.data, tdata->plaintext.len);
+	TEST_HEXDUMP(stdout, "plaintext:", plaintext,
+			tdata->plaintext.len);
 
 	retval = create_gmac_operation(RTE_CRYPTO_AUTH_OP_GENERATE,
 			tdata);
@@ -6435,9 +6419,9 @@ test_AES_GMAC_authentication(const struct gmac_test_data *tdata)
 
 	if (ut_params->op->sym->m_dst) {
 		auth_tag = rte_pktmbuf_mtod_offset(ut_params->op->sym->m_dst,
-				uint8_t *, aad_pad_len);
+				uint8_t *, plaintext_pad_len);
 	} else {
-		auth_tag = p + aad_pad_len;
+		auth_tag = plaintext + plaintext_pad_len;
 	}
 
 	TEST_HEXDUMP(stdout, "auth tag:", auth_tag, tdata->gmac_tag.len);
@@ -6481,18 +6465,19 @@ test_AES_GMAC_authentication_verify(const struct gmac_test_data *tdata)
 	struct crypto_testsuite_params *ts_params = &testsuite_params;
 	struct crypto_unittest_params *ut_params = &unittest_params;
 	int retval;
+	uint32_t plaintext_pad_len;
+	uint8_t *plaintext;
 
 	TEST_ASSERT_NOT_EQUAL(tdata->gmac_tag.len, 0,
 			      "No GMAC length in the source data");
 
 	retval = create_gmac_session(ts_params->valid_devs[0],
-			RTE_CRYPTO_CIPHER_OP_DECRYPT,
 			tdata, RTE_CRYPTO_AUTH_OP_VERIFY);
 
 	if (retval < 0)
 		return retval;
 
-	if (tdata->aad.len > MBUF_SIZE)
+	if (tdata->plaintext.len > MBUF_SIZE)
 		ut_params->ibuf = rte_pktmbuf_alloc(ts_params->large_mbuf_pool);
 	else
 		ut_params->ibuf = rte_pktmbuf_alloc(ts_params->mbuf_pool);
@@ -6502,6 +6487,24 @@ test_AES_GMAC_authentication_verify(const struct gmac_test_data *tdata)
 	memset(rte_pktmbuf_mtod(ut_params->ibuf, uint8_t *), 0,
 			rte_pktmbuf_tailroom(ut_params->ibuf));
 
+	plaintext_pad_len = RTE_ALIGN_CEIL(tdata->plaintext.len, 16);
+
+	/*
+	 * Runtime generate the large plain text instead of use hard code
+	 * plain text vector. It is done to avoid create huge source file
+	 * with the test vector.
+	 */
+	if (tdata->plaintext.len == GMAC_LARGE_PLAINTEXT_LENGTH)
+		generate_gmac_large_plaintext(tdata->plaintext.data);
+
+	plaintext = (uint8_t *)rte_pktmbuf_append(ut_params->ibuf,
+				plaintext_pad_len);
+	TEST_ASSERT_NOT_NULL(plaintext, "no room to append plaintext");
+
+	memcpy(plaintext, tdata->plaintext.data, tdata->plaintext.len);
+	TEST_HEXDUMP(stdout, "plaintext:", plaintext,
+			tdata->plaintext.len);
+
 	retval = create_gmac_operation(RTE_CRYPTO_AUTH_OP_VERIFY,
 			tdata);
 
@@ -6615,8 +6618,7 @@ hmac_sha1_test_crypto_vector = {
 static const struct test_crypto_vector
 aes128_gmac_test_vector = {
 	.auth_algo = RTE_CRYPTO_AUTH_AES_GMAC,
-	.crypto_algo = RTE_CRYPTO_CIPHER_AES_GCM,
-	.aad = {
+	.plaintext = {
 		.data = plaintext_hash,
 		.len = 512
 	},
@@ -6627,7 +6629,7 @@ aes128_gmac_test_vector = {
 		},
 		.len = 12
 	},
-	.cipher_key = {
+	.auth_key = {
 		.data = {
 			0x42, 0x1A, 0x7D, 0x3D, 0xF5, 0x82, 0x80, 0xF1,
 			0xF1, 0x35, 0x5C, 0x3B, 0xDD, 0x9A, 0x65, 0xBA
@@ -6745,22 +6747,28 @@ create_auth_cipher_session(struct crypto_unittest_params *ut_params,
 	/* Setup Authentication Parameters */
 	ut_params->auth_xform.type = RTE_CRYPTO_SYM_XFORM_AUTH;
 	ut_params->auth_xform.auth.op = auth_op;
-	ut_params->auth_xform.next = &ut_params->cipher_xform;
 	ut_params->auth_xform.auth.algo = reference->auth_algo;
 	ut_params->auth_xform.auth.key.length = reference->auth_key.len;
 	ut_params->auth_xform.auth.key.data = auth_key;
 	ut_params->auth_xform.auth.digest_length = reference->digest.len;
-	ut_params->auth_xform.auth.add_auth_data_length = reference->aad.len;
 
-	/* Setup Cipher Parameters */
-	ut_params->cipher_xform.type = RTE_CRYPTO_SYM_XFORM_CIPHER;
-	ut_params->cipher_xform.next = NULL;
-	ut_params->cipher_xform.cipher.algo = reference->crypto_algo;
-	ut_params->cipher_xform.cipher.op = cipher_op;
-	ut_params->cipher_xform.cipher.key.data = cipher_key;
-	ut_params->cipher_xform.cipher.key.length = reference->cipher_key.len;
-	ut_params->cipher_xform.cipher.iv.offset = IV_OFFSET;
-	ut_params->cipher_xform.cipher.iv.length = reference->iv.len;
+	if (reference->auth_algo == RTE_CRYPTO_AUTH_AES_GMAC) {
+		ut_params->auth_xform.auth.iv.offset = IV_OFFSET;
+		ut_params->auth_xform.auth.iv.length = reference->iv.len;
+	} else {
+		ut_params->auth_xform.next = &ut_params->cipher_xform;
+		ut_params->auth_xform.auth.add_auth_data_length = reference->aad.len;
+
+		/* Setup Cipher Parameters */
+		ut_params->cipher_xform.type = RTE_CRYPTO_SYM_XFORM_CIPHER;
+		ut_params->cipher_xform.next = NULL;
+		ut_params->cipher_xform.cipher.algo = reference->crypto_algo;
+		ut_params->cipher_xform.cipher.op = cipher_op;
+		ut_params->cipher_xform.cipher.key.data = cipher_key;
+		ut_params->cipher_xform.cipher.key.length = reference->cipher_key.len;
+		ut_params->cipher_xform.cipher.iv.offset = IV_OFFSET;
+		ut_params->cipher_xform.cipher.iv.length = reference->iv.len;
+	}
 
 	/* Create Crypto session*/
 	ut_params->sess = rte_cryptodev_sym_session_create(dev_id,
@@ -6838,16 +6846,6 @@ create_auth_GMAC_operation(struct crypto_testsuite_params *ts_params,
 	/* set crypto operation source mbuf */
 	sym_op->m_src = ut_params->ibuf;
 
-	/* aad */
-	sym_op->auth.aad.data = (uint8_t *)rte_pktmbuf_append(ut_params->ibuf,
-			reference->aad.len);
-	TEST_ASSERT_NOT_NULL(sym_op->auth.aad.data, "no room to append AAD");
-	memcpy(sym_op->auth.aad.data, reference->aad.data, reference->aad.len);
-
-	TEST_HEXDUMP(stdout, "AAD:", sym_op->auth.aad.data, reference->aad.len);
-
-	sym_op->auth.aad.phys_addr = rte_pktmbuf_mtophys(ut_params->ibuf);
-
 	/* digest */
 	sym_op->auth.digest.data = (uint8_t *)rte_pktmbuf_append(
 			ut_params->ibuf, reference->digest.len);
@@ -6875,7 +6873,7 @@ create_auth_GMAC_operation(struct crypto_testsuite_params *ts_params,
 	sym_op->cipher.data.length = 0;
 	sym_op->cipher.data.offset = 0;
 
-	sym_op->auth.data.length = 0;
+	sym_op->auth.data.length = reference->plaintext.len;
 	sym_op->auth.data.offset = 0;
 
 	return 0;
@@ -7025,6 +7023,7 @@ test_authentication_verify_GMAC_fail_when_corruption(
 		unsigned int data_corrupted)
 {
 	int retval;
+	uint8_t *plaintext;
 
 	/* Create session */
 	retval = create_auth_cipher_session(ut_params,
@@ -7043,6 +7042,13 @@ test_authentication_verify_GMAC_fail_when_corruption(
 	memset(rte_pktmbuf_mtod(ut_params->ibuf, uint8_t *), 0,
 			rte_pktmbuf_tailroom(ut_params->ibuf));
 
+	plaintext = (uint8_t *)rte_pktmbuf_append(ut_params->ibuf,
+			reference->plaintext.len);
+	TEST_ASSERT_NOT_NULL(plaintext, "no room to append plaintext");
+	memcpy(plaintext, reference->plaintext.data, reference->plaintext.len);
+
+	TEST_HEXDUMP(stdout, "plaintext:", plaintext, reference->plaintext.len);
+
 	/* Create operation */
 	retval = create_auth_verify_GMAC_operation(ts_params,
 			ut_params,
@@ -7052,10 +7058,9 @@ test_authentication_verify_GMAC_fail_when_corruption(
 		return retval;
 
 	if (data_corrupted)
-		data_corruption(ut_params->op->sym->auth.aad.data);
+		data_corruption(plaintext);
 	else
-		tag_corruption(ut_params->op->sym->auth.aad.data,
-				reference->aad.len);
+		tag_corruption(plaintext, reference->aad.len);
 
 	ut_params->op = process_crypto_request(ts_params->valid_devs[0],
 			ut_params->op);
diff --git a/test/test/test_cryptodev_gcm_test_vectors.h b/test/test/test_cryptodev_gcm_test_vectors.h
index 5764edb..ac4b0d4 100644
--- a/test/test/test_cryptodev_gcm_test_vectors.h
+++ b/test/test/test_cryptodev_gcm_test_vectors.h
@@ -92,11 +92,6 @@ struct gmac_test_data {
 	struct {
 		uint8_t *data;
 		unsigned len;
-	} aad;
-
-	struct {
-		uint8_t *data;
-		unsigned len;
 	} plaintext;
 
 	struct {
@@ -1484,14 +1479,10 @@ static const struct gmac_test_data gmac_test_case_1 = {
 			0xde, 0xca, 0xf8, 0x88 },
 		.len = 12
 	},
-	.aad = {
+	.plaintext = {
 		.data = gmac_plaintext,
 		.len = 160
 	},
-	.plaintext = {
-		.data = NULL,
-		.len = 0
-	},
 	.gmac_tag = {
 		.data = {
 			0x4C, 0x0C, 0x4F, 0x47, 0x2D, 0x78, 0xF6, 0xD8,
@@ -1516,14 +1507,10 @@ static const struct gmac_test_data gmac_test_case_2 = {
 		    0x55, 0x61, 0xf0, 0x43, 0x15, },
 		.len = 12
 	},
-	.aad = {
+	.plaintext = {
 		.data = gmac_plaintext,
 		.len = 80
 	},
-	.plaintext = {
-		.data = NULL,
-		.len = 0
-	},
 	.gmac_tag = {
 		.data = {
 		    0xCF, 0x82, 0x80, 0x64, 0x02, 0x46, 0xF4, 0xFB,
@@ -1550,14 +1537,10 @@ static const struct gmac_test_data gmac_test_case_3 = {
 		},
 		.len = 12
 	},
-	.aad = {
+	.plaintext = {
 		.data = gmac_plaintext,
 		.len = 65
 	},
-	.plaintext = {
-		.data = NULL,
-		.len = 0
-	},
 	.gmac_tag = {
 		.data = {
 			0x77, 0x46, 0x0D, 0x6F, 0xB1, 0x87, 0xDB, 0xA9,
@@ -2214,14 +2197,10 @@ static const struct gmac_test_data gmac_test_case_4 = {
 		},
 		.len = 12
 	},
-	.aad = {
+	.plaintext = {
 		.data = gmac_plaintext,
 		.len = GMAC_LARGE_PLAINTEXT_LENGTH
 	},
-	.plaintext = {
-		.data = NULL,
-		.len = 0
-	},
 	.gmac_tag = {
 		.data = {
 			0x3f, 0x07, 0xcb, 0xb9, 0x86, 0x3a, 0xea, 0xc2,
-- 
2.9.4

^ permalink raw reply	[flat|nested] 100+ messages in thread

* [dpdk-dev] [PATCH v3 19/26] cryptodev: add AEAD specific data
  2017-06-29 11:34   ` [dpdk-dev] [PATCH v3 00/26] Crypto operation restructuring Pablo de Lara
                       ` (17 preceding siblings ...)
  2017-06-29 11:35     ` [dpdk-dev] [PATCH v3 18/26] cryptodev: set AES-GMAC as auth-only algo Pablo de Lara
@ 2017-06-29 11:35     ` Pablo de Lara
  2017-06-29 11:35     ` [dpdk-dev] [PATCH v3 20/26] cryptodev: add AEAD parameters in crypto operation Pablo de Lara
                       ` (8 subsequent siblings)
  27 siblings, 0 replies; 100+ messages in thread
From: Pablo de Lara @ 2017-06-29 11:35 UTC (permalink / raw)
  To: declan.doherty, zbigniew.bodek, jerin.jacob, akhil.goyal,
	hemant.agrawal, fiona.trahe, john.griffin, deepak.k.jain
  Cc: dev, Pablo de Lara

AEAD algorithms such as AES-GCM needed to be
used as a concatenation of a cipher transform and
an authentication transform.

Instead, a new transform and functions to handle it
are created to support these kind of algorithms,
making their use easier.

Signed-off-by: Pablo de Lara <pablo.de.lara.guarch@intel.com>
Acked-by: Akhil Goyal <akhil.goyal@nxp.com>
---
 doc/guides/prog_guide/cryptodev_lib.rst          | 14 +++--
 doc/guides/prog_guide/img/crypto_xform_chain.svg |  8 ++-
 doc/guides/rel_notes/release_17_08.rst           |  6 ++
 lib/librte_cryptodev/rte_crypto_sym.h            | 80 +++++++++++++++++++++++-
 lib/librte_cryptodev/rte_cryptodev.c             | 61 ++++++++++++++++++
 lib/librte_cryptodev/rte_cryptodev.h             | 52 ++++++++++++++-
 lib/librte_cryptodev/rte_cryptodev_version.map   |  4 ++
 7 files changed, 215 insertions(+), 10 deletions(-)

diff --git a/doc/guides/prog_guide/cryptodev_lib.rst b/doc/guides/prog_guide/cryptodev_lib.rst
index e036611..b888554 100644
--- a/doc/guides/prog_guide/cryptodev_lib.rst
+++ b/doc/guides/prog_guide/cryptodev_lib.rst
@@ -188,8 +188,9 @@ the device having hardware acceleration or supporting symmetric Crypto
 operations,
 
 The capabilities mechanism defines the individual algorithms/functions which
-the device supports, such as a specific symmetric Crypto cipher or
-authentication operation.
+the device supports, such as a specific symmetric Crypto cipher,
+authentication operation or Authenticated Encryption with Associated Data
+(AEAD) operation.
 
 
 Device Features
@@ -477,9 +478,8 @@ operations such as cipher encrypt and authentication generate, the next pointer
 allows transform to be chained together. Crypto devices which support chaining
 must publish the chaining of symmetric Crypto operations feature flag.
 
-Currently there are two transforms types cipher and authentication, to specify
-an AEAD operation it is required to chain a cipher and an authentication
-transform together. Also it is important to note that the order in which the
+Currently there are three transforms types cipher, authentication and AEAD.
+Also it is important to note that the order in which the
 transforms are passed indicates the order of the chaining.
 
 .. code-block:: c
@@ -494,6 +494,8 @@ transforms are passed indicates the order of the chaining.
             /**< Authentication / hash xform */
             struct rte_crypto_cipher_xform cipher;
             /**< Cipher xform */
+            struct rte_crypto_aead_xform aead;
+            /**< AEAD xform */
         };
     };
 
@@ -514,7 +516,7 @@ operations.
 
 As a minimum the symmetric operation must have a source data buffer (``m_src``),
 a valid session (or transform chain if in session-less mode) and the minimum
-authentication/ cipher parameters required depending on the type of operation
+authentication/ cipher/ AEAD parameters required depending on the type of operation
 specified in the session or the transform
 chain.
 
diff --git a/doc/guides/prog_guide/img/crypto_xform_chain.svg b/doc/guides/prog_guide/img/crypto_xform_chain.svg
index 4670a07..1368163 100644
--- a/doc/guides/prog_guide/img/crypto_xform_chain.svg
+++ b/doc/guides/prog_guide/img/crypto_xform_chain.svg
@@ -69,7 +69,9 @@
 						class="st3">auth</tspan><tspan class="st3">_</tspan><tspan class="st3">xform  </tspan><tspan x="16.02"
 						dy="1.425em" class="st4">struct </tspan><tspan class="st3">rte</tspan><tspan class="st3">_</tspan><tspan
 						class="st3">crypto</tspan><tspan class="st3">_</tspan><tspan class="st3">cipher</tspan><tspan class="st3">_</tspan><tspan
-						class="st3">xform</tspan></text>		</g>
+						class="st3">xform</tspan><tspan x="18.76" dy="1.425em" class="st4">struct </tspan><tspan
+                                                class="st3">rte</tspan><tspan class="st3">_</tspan><tspan class="st3">crypto</tspan><tspan class="st3">_</tspan><tspan
+                                                class="st3">aead</tspan><tspan class="st3">_</tspan><tspan class="st3">xform</tspan></text>		</g>
 		<g id="shape11-38" transform="translate(10.6711,-238.133)">
 			<title>Rounded Rectangle.26</title>
 			<desc>next transform (struct rte_crypto_sym_xform *)</desc>
@@ -116,7 +118,9 @@
 						class="st3">auth</tspan><tspan class="st3">_</tspan><tspan class="st3">xform  </tspan><tspan x="16.02"
 						dy="1.425em" class="st4">struct </tspan><tspan class="st3">rte</tspan><tspan class="st3">_</tspan><tspan
 						class="st3">crypto</tspan><tspan class="st3">_</tspan><tspan class="st3">cipher</tspan><tspan class="st3">_</tspan><tspan
-						class="st3">xform</tspan></text>		</g>
+						class="st3">xform</tspan><tspan x="18.76" dy="1.425em" class="st4">struct </tspan><tspan
+                                                class="st3">rte</tspan><tspan class="st3">_</tspan><tspan class="st3">crypto</tspan><tspan class="st3">_</tspan><tspan
+                                                class="st3">aead</tspan><tspan class="st3">_</tspan><tspan class="st3">xform</tspan></text>		</g>
 		<g id="shape15-102" transform="translate(209.592,-163.865)">
 			<title>Rounded Rectangle.32</title>
 			<desc>next transform (struct rte_crypto_sym_xform *)</desc>
diff --git a/doc/guides/rel_notes/release_17_08.rst b/doc/guides/rel_notes/release_17_08.rst
index a544639..b920142 100644
--- a/doc/guides/rel_notes/release_17_08.rst
+++ b/doc/guides/rel_notes/release_17_08.rst
@@ -75,6 +75,12 @@ New Features
 
   Added support for firmwares with multiple Ethernet ports per physical port.
 
+* **Updated cryptodev library.**
+
+  Added AEAD algorithm specific functions and structures, so it is not
+  necessary to use a combination of cipher and authentication
+  structures anymore.
+
 
 Resolved Issues
 ---------------
diff --git a/lib/librte_cryptodev/rte_crypto_sym.h b/lib/librte_cryptodev/rte_crypto_sym.h
index f174e12..db3957e 100644
--- a/lib/librte_cryptodev/rte_crypto_sym.h
+++ b/lib/librte_cryptodev/rte_crypto_sym.h
@@ -404,11 +404,87 @@ struct rte_crypto_auth_xform {
 	} iv;	/**< Initialisation vector parameters */
 };
 
+
+/** Symmetric AEAD Algorithms */
+enum rte_crypto_aead_algorithm {
+	RTE_CRYPTO_AEAD_AES_CCM = 1,
+	/**< AES algorithm in CCM mode. */
+	RTE_CRYPTO_AEAD_AES_GCM,
+	/**< AES algorithm in GCM mode. */
+	RTE_CRYPTO_AEAD_LIST_END
+};
+
+/** AEAD algorithm name strings */
+extern const char *
+rte_crypto_aead_algorithm_strings[];
+
+/** Symmetric AEAD Operations */
+enum rte_crypto_aead_operation {
+	RTE_CRYPTO_AEAD_OP_ENCRYPT,
+	/**< Encrypt and generate digest */
+	RTE_CRYPTO_AEAD_OP_DECRYPT
+	/**< Verify digest and decrypt */
+};
+
+/** Authentication operation name strings */
+extern const char *
+rte_crypto_aead_operation_strings[];
+
+struct rte_crypto_aead_xform {
+	enum rte_crypto_aead_operation op;
+	/**< AEAD operation type */
+	enum rte_crypto_aead_algorithm algo;
+	/**< AEAD algorithm selection */
+
+	struct {
+		uint8_t *data;  /**< pointer to key data */
+		size_t length;   /**< key length in bytes */
+	} key;
+
+	struct {
+		uint16_t offset;
+		/**< Starting point for Initialisation Vector or Counter,
+		 * specified as number of bytes from start of crypto
+		 * operation (rte_crypto_op).
+		 *
+		 * - For GCM mode, this is either the IV (if the length
+		 * is 96 bits) or J0 (for other sizes), where J0 is as
+		 * defined by NIST SP800-38D. Regardless of the IV
+		 * length, a full 16 bytes needs to be allocated.
+		 *
+		 * - For CCM mode, the first byte is reserved, and the
+		 * nonce should be written starting at &iv[1] (to allow
+		 * space for the implementation to write in the flags
+		 * in the first byte). Note that a full 16 bytes should
+		 * be allocated, even though the length field will
+		 * have a value less than this.
+		 *
+		 * For optimum performance, the data pointed to SHOULD
+		 * be 8-byte aligned.
+		 */
+		uint16_t length;
+		/**< Length of valid IV data.
+		 *
+		 * - For GCM mode, this is either 12 (for 96-bit IVs)
+		 * or 16, in which case data points to J0.
+		 *
+		 * - For CCM mode, this is the length of the nonce,
+		 * which can be in the range 7 to 13 inclusive.
+		 */
+	} iv;	/**< Initialisation vector parameters */
+
+	uint32_t digest_length;
+
+	uint16_t add_auth_data_length;
+	/**< The length of the additional authenticated data (AAD) in bytes. */
+};
+
 /** Crypto transformation types */
 enum rte_crypto_sym_xform_type {
 	RTE_CRYPTO_SYM_XFORM_NOT_SPECIFIED = 0,	/**< No xform specified */
 	RTE_CRYPTO_SYM_XFORM_AUTH,		/**< Authentication xform */
-	RTE_CRYPTO_SYM_XFORM_CIPHER		/**< Cipher xform  */
+	RTE_CRYPTO_SYM_XFORM_CIPHER,		/**< Cipher xform  */
+	RTE_CRYPTO_SYM_XFORM_AEAD		/**< AEAD xform  */
 };
 
 /**
@@ -431,6 +507,8 @@ struct rte_crypto_sym_xform {
 		/**< Authentication / hash xform */
 		struct rte_crypto_cipher_xform cipher;
 		/**< Cipher xform */
+		struct rte_crypto_aead_xform aead;
+		/**< AEAD xform */
 	};
 };
 
diff --git a/lib/librte_cryptodev/rte_cryptodev.c b/lib/librte_cryptodev/rte_cryptodev.c
index 5aa177f..60dc5e5 100644
--- a/lib/librte_cryptodev/rte_cryptodev.c
+++ b/lib/librte_cryptodev/rte_cryptodev.c
@@ -176,6 +176,26 @@ rte_crypto_auth_algorithm_strings[] = {
 	[RTE_CRYPTO_AUTH_ZUC_EIA3]	= "zuc-eia3"
 };
 
+/**
+ * The crypto AEAD algorithm strings identifiers.
+ * It could be used in application command line.
+ */
+const char *
+rte_crypto_aead_algorithm_strings[] = {
+	[RTE_CRYPTO_AEAD_AES_CCM]	= "aes-ccm",
+	[RTE_CRYPTO_AEAD_AES_GCM]	= "aes-gcm",
+};
+
+/**
+ * The crypto AEAD operation strings identifiers.
+ * It could be used in application command line.
+ */
+const char *
+rte_crypto_aead_operation_strings[] = {
+	[RTE_CRYPTO_AEAD_OP_ENCRYPT]	= "encrypt",
+	[RTE_CRYPTO_AEAD_OP_DECRYPT]	= "decrypt"
+};
+
 int
 rte_cryptodev_get_cipher_algo_enum(enum rte_crypto_cipher_algorithm *algo_enum,
 		const char *algo_string)
@@ -210,6 +230,23 @@ rte_cryptodev_get_auth_algo_enum(enum rte_crypto_auth_algorithm *algo_enum,
 	return -1;
 }
 
+int
+rte_cryptodev_get_aead_algo_enum(enum rte_crypto_aead_algorithm *algo_enum,
+		const char *algo_string)
+{
+	unsigned int i;
+
+	for (i = 1; i < RTE_DIM(rte_crypto_aead_algorithm_strings); i++) {
+		if (strcmp(algo_string, rte_crypto_aead_algorithm_strings[i]) == 0) {
+			*algo_enum = (enum rte_crypto_aead_algorithm) i;
+			return 0;
+		}
+	}
+
+	/* Invalid string */
+	return -1;
+}
+
 /**
  * The crypto auth operation strings identifiers.
  * It could be used in application command line.
@@ -245,6 +282,10 @@ rte_cryptodev_sym_capability_get(uint8_t dev_id,
 		if (idx->type == RTE_CRYPTO_SYM_XFORM_CIPHER &&
 			capability->sym.cipher.algo == idx->algo.cipher)
 			return &capability->sym;
+
+		if (idx->type == RTE_CRYPTO_SYM_XFORM_AEAD &&
+				capability->sym.aead.algo == idx->algo.aead)
+			return &capability->sym;
 	}
 
 	return NULL;
@@ -290,6 +331,26 @@ rte_cryptodev_sym_capability_check_auth(
 	return 0;
 }
 
+int
+rte_cryptodev_sym_capability_check_aead(
+		const struct rte_cryptodev_symmetric_capability *capability,
+		uint16_t key_size, uint16_t digest_size, uint16_t aad_size,
+		uint16_t iv_size)
+{
+	if (param_range_check(key_size, capability->aead.key_size))
+		return -1;
+
+	if (param_range_check(digest_size, capability->aead.digest_size))
+		return -1;
+
+	if (param_range_check(aad_size, capability->aead.aad_size))
+		return -1;
+
+	if (param_range_check(iv_size, capability->aead.iv_size))
+		return -1;
+
+	return 0;
+}
 
 const char *
 rte_cryptodev_get_feature_name(uint64_t flag)
diff --git a/lib/librte_cryptodev/rte_cryptodev.h b/lib/librte_cryptodev/rte_cryptodev.h
index 75b423a..c47a3f6 100644
--- a/lib/librte_cryptodev/rte_cryptodev.h
+++ b/lib/librte_cryptodev/rte_cryptodev.h
@@ -170,7 +170,7 @@ struct rte_crypto_param_range {
  */
 struct rte_cryptodev_symmetric_capability {
 	enum rte_crypto_sym_xform_type xform_type;
-	/**< Transform type : Authentication / Cipher */
+	/**< Transform type : Authentication / Cipher / AEAD */
 	RTE_STD_C11
 	union {
 		struct {
@@ -199,6 +199,20 @@ struct rte_cryptodev_symmetric_capability {
 			/**< Initialisation vector data size range */
 		} cipher;
 		/**< Symmetric Cipher transform capabilities */
+		struct {
+			enum rte_crypto_aead_algorithm algo;
+			/**< AEAD algorithm */
+			uint16_t block_size;
+			/**< algorithm block size */
+			struct rte_crypto_param_range key_size;
+			/**< AEAD key size range */
+			struct rte_crypto_param_range digest_size;
+			/**< digest size range */
+			struct rte_crypto_param_range aad_size;
+			/**< Additional authentication data size range */
+			struct rte_crypto_param_range iv_size;
+			/**< Initialisation vector data size range */
+		} aead;
 	};
 };
 
@@ -220,6 +234,7 @@ struct rte_cryptodev_sym_capability_idx {
 	union {
 		enum rte_crypto_cipher_algorithm cipher;
 		enum rte_crypto_auth_algorithm auth;
+		enum rte_crypto_aead_algorithm aead;
 	} algo;
 };
 
@@ -275,6 +290,26 @@ rte_cryptodev_sym_capability_check_auth(
 		uint16_t iv_size);
 
 /**
+ * Check if key, digest, AAD and initial vector sizes are supported
+ * in crypto AEAD capability
+ *
+ * @param	capability	Description of the symmetric crypto capability.
+ * @param	key_size	AEAD key size.
+ * @param	digest_size	AEAD digest size.
+ * @param	aad_size	AEAD AAD size.
+ * @param	iv_size		AEAD IV size.
+ *
+ * @return
+ *   - Return 0 if the parameters are in range of the capability.
+ *   - Return -1 if the parameters are out of range of the capability.
+ */
+int
+rte_cryptodev_sym_capability_check_aead(
+		const struct rte_cryptodev_symmetric_capability *capability,
+		uint16_t key_size, uint16_t digest_size, uint16_t aad_size,
+		uint16_t iv_size);
+
+/**
  * Provide the cipher algorithm enum, given an algorithm string
  *
  * @param	algo_enum	A pointer to the cipher algorithm
@@ -304,6 +339,21 @@ int
 rte_cryptodev_get_auth_algo_enum(enum rte_crypto_auth_algorithm *algo_enum,
 		const char *algo_string);
 
+/**
+ * Provide the AEAD algorithm enum, given an algorithm string
+ *
+ * @param	algo_enum	A pointer to the AEAD algorithm
+ *				enum to be filled
+ * @param	algo_string	AEAD algorithm string
+ *
+ * @return
+ * - Return -1 if string is not valid
+ * - Return 0 is the string is valid
+ */
+int
+rte_cryptodev_get_aead_algo_enum(enum rte_crypto_aead_algorithm *algo_enum,
+		const char *algo_string);
+
 /** Macro used at end of crypto PMD list */
 #define RTE_CRYPTODEV_END_OF_CAPABILITIES_LIST() \
 	{ RTE_CRYPTO_OP_TYPE_UNDEFINED }
diff --git a/lib/librte_cryptodev/rte_cryptodev_version.map b/lib/librte_cryptodev/rte_cryptodev_version.map
index 7191607..ea0b561 100644
--- a/lib/librte_cryptodev/rte_cryptodev_version.map
+++ b/lib/librte_cryptodev/rte_cryptodev_version.map
@@ -62,9 +62,13 @@ DPDK_17.05 {
 DPDK_17.08 {
 	global:
 
+	rte_cryptodev_get_aead_algo_enum;
 	rte_cryptodev_pci_generic_probe;
 	rte_cryptodev_pci_generic_remove;
+	rte_cryptodev_sym_capability_check_aead;
 	rte_cryptodev_vdev_parse_init_params;
 	rte_cryptodev_vdev_pmd_init;
+	rte_crypto_aead_algorithm_strings;
+	rte_crypto_aead_operation_strings;
 
 } DPDK_17.05;
-- 
2.9.4

^ permalink raw reply	[flat|nested] 100+ messages in thread

* [dpdk-dev] [PATCH v3 20/26] cryptodev: add AEAD parameters in crypto operation
  2017-06-29 11:34   ` [dpdk-dev] [PATCH v3 00/26] Crypto operation restructuring Pablo de Lara
                       ` (18 preceding siblings ...)
  2017-06-29 11:35     ` [dpdk-dev] [PATCH v3 19/26] cryptodev: add AEAD specific data Pablo de Lara
@ 2017-06-29 11:35     ` Pablo de Lara
  2017-06-29 11:35     ` [dpdk-dev] [PATCH v3 21/26] examples/l2fwd-crypto: avoid too many tabs Pablo de Lara
                       ` (7 subsequent siblings)
  27 siblings, 0 replies; 100+ messages in thread
From: Pablo de Lara @ 2017-06-29 11:35 UTC (permalink / raw)
  To: declan.doherty, zbigniew.bodek, jerin.jacob, akhil.goyal,
	hemant.agrawal, fiona.trahe, john.griffin, deepak.k.jain
  Cc: dev, Pablo de Lara

AEAD operation parameters can be set in the new
aead structure, in the crypto operation.
This structure is within a union with the cipher
and authentication parameters, since operations can be:
- AEAD: using the aead structure

- Cipher only: using only the cipher structure

- Auth only: using only the authentication structure

- Cipher-then-auth/Auth-then-cipher: using both cipher
  and authentication structures

Therefore, all three cannot be used at the same time.

Signed-off-by: Pablo de Lara <pablo.de.lara.guarch@intel.com>
Acked-by: Akhil Goyal <akhil.goyal@nxp.com>
---
 doc/guides/prog_guide/cryptodev_lib.rst |  70 +++---
 doc/guides/rel_notes/release_17_08.rst  |   1 +
 lib/librte_cryptodev/rte_crypto_sym.h   | 375 ++++++++++++++++++++------------
 3 files changed, 279 insertions(+), 167 deletions(-)

diff --git a/doc/guides/prog_guide/cryptodev_lib.rst b/doc/guides/prog_guide/cryptodev_lib.rst
index b888554..5048839 100644
--- a/doc/guides/prog_guide/cryptodev_lib.rst
+++ b/doc/guides/prog_guide/cryptodev_lib.rst
@@ -431,7 +431,6 @@ operations, as well as also supporting AEAD operations.
 
 
 Session and Session Management
-~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
 
 Session are used in symmetric cryptographic processing to store the immutable
 data defined in a cryptographic transform which is used in the operation
@@ -465,9 +464,6 @@ operation and its parameters. See the section below for details on transforms.
    struct rte_cryptodev_sym_session * rte_cryptodev_sym_session_create(
           uint8_t dev_id, struct rte_crypto_sym_xform *xform);
 
-**Note**: For AEAD operations the algorithm selected for authentication and
-ciphering must aligned, eg AES_GCM.
-
 
 Transforms and Transform Chaining
 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
@@ -533,30 +529,54 @@ chain.
             /**< Session-less API Crypto operation parameters */
         };
 
-        struct {
-            struct {
-                uint32_t offset;
-                uint32_t length;
-            } data;   /**< Data offsets and length for ciphering */
-        } cipher;
-
-        struct {
-            struct {
-                uint32_t offset;
-                uint32_t length;
-            } data;   /**< Data offsets and length for authentication */
-
+        union {
             struct {
-                uint8_t *data;
-                phys_addr_t phys_addr;
-            } digest; /**< Digest parameters */
+                struct {
+                    uint32_t offset;
+                    uint32_t length;
+                } data; /**< Data offsets and length for AEAD */
+
+                struct {
+                    uint8_t *data;
+                    phys_addr_t phys_addr;
+                } digest; /**< Digest parameters */
+
+                struct {
+                    uint8_t *data;
+                    phys_addr_t phys_addr;
+                } aad;
+                /**< Additional authentication parameters */
+            } aead;
 
             struct {
-                uint8_t *data;
-                phys_addr_t phys_addr;
-            } aad;    /**< Additional authentication parameters */
-        } auth;
-    }
+                struct {
+                    struct {
+                        uint32_t offset;
+                        uint32_t length;
+                    } data; /**< Data offsets and length for ciphering */
+                } cipher;
+
+                struct {
+                    struct {
+                        uint32_t offset;
+                        uint32_t length;
+                    } data;
+                    /**< Data offsets and length for authentication */
+
+                    struct {
+                        uint8_t *data;
+                        phys_addr_t phys_addr;
+                    } digest; /**< Digest parameters */
+
+                    struct {
+                        uint8_t *data;
+                        phys_addr_t phys_addr;
+                    } aad;
+                    /**< Additional authentication parameters */
+                } auth;
+            };
+        };
+    };
 
 
 Asymmetric Cryptography
diff --git a/doc/guides/rel_notes/release_17_08.rst b/doc/guides/rel_notes/release_17_08.rst
index b920142..2c6bef5 100644
--- a/doc/guides/rel_notes/release_17_08.rst
+++ b/doc/guides/rel_notes/release_17_08.rst
@@ -175,6 +175,7 @@ API Changes
   * Removed digest length from ``rte_crypto_sym_op``.
   * Changed field size of digest length in ``rte_crypto_auth_xform``,
     from uint32_t to uint16_t.
+  * Added AEAD structure in ``rte_crypto_sym_op``.
 
 
 ABI Changes
diff --git a/lib/librte_cryptodev/rte_crypto_sym.h b/lib/librte_cryptodev/rte_crypto_sym.h
index db3957e..f03d2fd 100644
--- a/lib/librte_cryptodev/rte_crypto_sym.h
+++ b/lib/librte_cryptodev/rte_crypto_sym.h
@@ -556,151 +556,242 @@ struct rte_crypto_sym_op {
 		/**< Session-less API crypto operation parameters */
 	};
 
-	struct {
-		struct {
-			uint32_t offset;
-			 /**< Starting point for cipher processing, specified
-			  * as number of bytes from start of data in the source
-			  * buffer. The result of the cipher operation will be
-			  * written back into the output buffer starting at
-			  * this location.
-			  *
-			  * @note
-			  * For SNOW 3G @ RTE_CRYPTO_CIPHER_SNOW3G_UEA2,
-			  * KASUMI @ RTE_CRYPTO_CIPHER_KASUMI_F8
-			  * and ZUC @ RTE_CRYPTO_CIPHER_ZUC_EEA3,
-			  * this field should be in bits.
-			  */
-
-			uint32_t length;
-			 /**< The message length, in bytes, of the source buffer
-			  * on which the cryptographic operation will be
-			  * computed. This must be a multiple of the block size
-			  * if a block cipher is being used. This is also the
-			  * same as the result length.
-			  *
-			  * @note
-			  * In the case of CCM @ref RTE_CRYPTO_AUTH_AES_CCM,
-			  * this value should not include the length of the
-			  * padding or the length of the MAC; the driver will
-			  * compute the actual number of bytes over which the
-			  * encryption will occur, which will include these
-			  * values.
-			  *
-			  * @note
-			  * For SNOW 3G @ RTE_CRYPTO_AUTH_SNOW3G_UEA2,
-			  * KASUMI @ RTE_CRYPTO_CIPHER_KASUMI_F8
-			  * and ZUC @ RTE_CRYPTO_CIPHER_ZUC_EEA3,
-			  * this field should be in bits.
-			  */
-		} data; /**< Data offsets and length for ciphering */
-
-	} cipher;
-
-	struct {
-		struct {
-			uint32_t offset;
-			 /**< Starting point for hash processing, specified as
-			  * number of bytes from start of packet in source
-			  * buffer.
-			  *
-			  * @note
-			  * For CCM and GCM modes of operation, this field is
-			  * ignored. The field @ref aad field
-			  * should be set instead.
-			  *
-			  * @note
-			  * For SNOW 3G @ RTE_CRYPTO_AUTH_SNOW3G_UIA2,
-			  * KASUMI @ RTE_CRYPTO_AUTH_KASUMI_F9
-			  * and ZUC @ RTE_CRYPTO_AUTH_ZUC_EIA3,
-			  * this field should be in bits.
-			  */
-
-			uint32_t length;
-			 /**< The message length, in bytes, of the source
-			  * buffer that the hash will be computed on.
-			  *
-			  * @note
-			  * For CCM and GCM modes of operation, this field is
-			  * ignored. The field @ref aad field should be set
-			  * instead.
-			  *
-			  * @note
-			  * For SNOW 3G @ RTE_CRYPTO_AUTH_SNOW3G_UIA2,
-			  * KASUMI @ RTE_CRYPTO_AUTH_KASUMI_F9
-			  * and ZUC @ RTE_CRYPTO_AUTH_ZUC_EIA3,
-			  * this field should be in bits.
-			  */
-		} data; /**< Data offsets and length for authentication */
-
+	union {
 		struct {
-			uint8_t *data;
-			/**< This points to the location where the digest result
-			 * should be inserted (in the case of digest generation)
-			 * or where the purported digest exists (in the case of
-			 * digest verification).
-			 *
-			 * At session creation time, the client specified the
-			 * digest result length with the digest_length member
-			 * of the @ref rte_crypto_auth_xform structure. For
-			 * physical crypto devices the caller must allocate at
-			 * least digest_length of physically contiguous memory
-			 * at this location.
-			 *
-			 * For digest generation, the digest result will
-			 * overwrite any data at this location.
-			 *
-			 * @note
-			 * For GCM (@ref RTE_CRYPTO_AUTH_AES_GCM), for
-			 * "digest result" read "authentication tag T".
-			 */
-			phys_addr_t phys_addr;
-			/**< Physical address of digest */
-		} digest; /**< Digest parameters */
+			struct {
+				uint32_t offset;
+				 /**< Starting point for AEAD processing, specified as
+				  * number of bytes from start of packet in source
+				  * buffer.
+				  */
+				uint32_t length;
+				 /**< The message length, in bytes, of the source buffer
+				  * on which the cryptographic operation will be
+				  * computed. This must be a multiple of the block size
+				  */
+			} data; /**< Data offsets and length for AEAD */
+			struct {
+				uint8_t *data;
+				/**< This points to the location where the digest result
+				 * should be inserted (in the case of digest generation)
+				 * or where the purported digest exists (in the case of
+				 * digest verification).
+				 *
+				 * At session creation time, the client specified the
+				 * digest result length with the digest_length member
+				 * of the @ref rte_crypto_auth_xform structure. For
+				 * physical crypto devices the caller must allocate at
+				 * least digest_length of physically contiguous memory
+				 * at this location.
+				 *
+				 * For digest generation, the digest result will
+				 * overwrite any data at this location.
+				 *
+				 * @note
+				 * For GCM (@ref RTE_CRYPTO_AEAD_AES_GCM), for
+				 * "digest result" read "authentication tag T".
+				 */
+				phys_addr_t phys_addr;
+				/**< Physical address of digest */
+			} digest; /**< Digest parameters */
+			struct {
+				uint8_t *data;
+				/**< Pointer to Additional Authenticated Data (AAD)
+				 * needed for authenticated cipher mechanisms (CCM and
+				 * GCM)
+				 *
+				 * Specifically for CCM (@ref RTE_CRYPTO_AEAD_AES_CCM),
+				 * the caller should setup this field as follows:
+				 *
+				 * - the nonce should be written starting at an offset
+				 * of one byte into the array, leaving room for the
+				 * implementation to write in the flags to the first
+				 * byte.
+				 *
+				 * - the additional  authentication data itself should
+				 * be written starting at an offset of 18 bytes into
+				 * the array, leaving room for the length encoding in
+				 * the first two bytes of the second block.
+				 *
+				 * - the array should be big enough to hold the above
+				 *  fields, plus any padding to round this up to the
+				 *  nearest multiple of the block size (16 bytes).
+				 *  Padding will be added by the implementation.
+				 *
+				 * Finally, for GCM (@ref RTE_CRYPTO_AEAD_AES_GCM), the
+				 * caller should setup this field as follows:
+				 *
+				 * - the AAD is written in starting at byte 0
+				 * - the array must be big enough to hold the AAD, plus
+				 * any space to round this up to the nearest multiple
+				 * of the block size (16 bytes).
+				 *
+				 */
+				phys_addr_t phys_addr;	/**< physical address */
+			} aad;
+			/**< Additional authentication parameters */
+		} aead;
 
 		struct {
-			uint8_t *data;
-			/**< Pointer to Additional Authenticated Data (AAD)
-			 * needed for authenticated cipher mechanisms (CCM and
-			 * GCM).
-			 *
-			 * The length of the data pointed to by this field is
-			 * set up for the session in the @ref
-			 * rte_crypto_auth_xform structure as part of the @ref
-			 * rte_cryptodev_sym_session_create function call.
-			 * This length must not exceed 65535 (2^16-1) bytes.
-			 *
-			 * Specifically for CCM (@ref RTE_CRYPTO_AUTH_AES_CCM),
-			 * the caller should setup this field as follows:
-			 *
-			 * - the nonce should be written starting at an offset
-			 * of one byte into the array, leaving room for the
-			 * implementation to write in the flags to the first
-			 *  byte.
-			 *
-			 * - the additional  authentication data itself should
-			 * be written starting at an offset of 18 bytes into
-			 * the array, leaving room for the length encoding in
-			 * the first two bytes of the second block.
-			 *
-			 * - the array should be big enough to hold the above
-			 *  fields, plus any padding to round this up to the
-			 *  nearest multiple of the block size (16 bytes).
-			 *  Padding will be added by the implementation.
-			 *
-			 * Finally, for GCM (@ref RTE_CRYPTO_AUTH_AES_GCM), the
-			 * caller should setup this field as follows:
-			 *
-			 * - the AAD is written in starting at byte 0
-			 * - the array must be big enough to hold the AAD, plus
-			 * any space to round this up to the nearest multiple
-			 * of the block size (16 bytes).
-			 *
-			 */
-			phys_addr_t phys_addr;	/**< physical address */
-		} aad;
-		/**< Additional authentication parameters */
-	} auth;
+			struct {
+				struct {
+					uint32_t offset;
+					 /**< Starting point for cipher processing,
+					  * specified as number of bytes from start
+					  * of data in the source buffer.
+					  * The result of the cipher operation will be
+					  * written back into the output buffer
+					  * starting at this location.
+					  *
+					  * @note
+					  * For SNOW 3G @ RTE_CRYPTO_CIPHER_SNOW3G_UEA2,
+					  * KASUMI @ RTE_CRYPTO_CIPHER_KASUMI_F8
+					  * and ZUC @ RTE_CRYPTO_CIPHER_ZUC_EEA3,
+					  * this field should be in bits.
+					  */
+					uint32_t length;
+					 /**< The message length, in bytes, of the
+					  * source buffer on which the cryptographic
+					  * operation will be computed.
+					  * This must be a multiple of the block size
+					  * if a block cipher is being used. This is
+					  * also the same as the result length.
+					  *
+					  * @note
+					  * In the case of CCM
+					  * @ref RTE_CRYPTO_AUTH_AES_CCM, this value
+					  * should not include the length of the padding
+					  * or the length of the MAC; the driver will
+					  * compute the actual number of bytes over
+					  * which the encryption will occur, which will
+					  * include these values.
+					  *
+					  * @note
+					  * For SNOW 3G @ RTE_CRYPTO_AUTH_SNOW3G_UEA2,
+					  * KASUMI @ RTE_CRYPTO_CIPHER_KASUMI_F8
+					  * and ZUC @ RTE_CRYPTO_CIPHER_ZUC_EEA3,
+					  * this field should be in bits.
+					  */
+				} data; /**< Data offsets and length for ciphering */
+			} cipher;
+
+			struct {
+				struct {
+					uint32_t offset;
+					 /**< Starting point for hash processing,
+					  * specified as number of bytes from start of
+					  * packet in source buffer.
+					  *
+					  * @note
+					  * For CCM and GCM modes of operation,
+					  * this field is ignored.
+					  * The field @ref aad field should be set
+					  * instead.
+					  *
+					  * @note
+					  * For SNOW 3G @ RTE_CRYPTO_AUTH_SNOW3G_UIA2,
+					  * KASUMI @ RTE_CRYPTO_AUTH_KASUMI_F9
+					  * and ZUC @ RTE_CRYPTO_AUTH_ZUC_EIA3,
+					  * this field should be in bits.
+					  */
+					uint32_t length;
+					 /**< The message length, in bytes, of the source
+					  * buffer that the hash will be computed on.
+					  *
+					  * @note
+					  * For CCM and GCM modes of operation,
+					  * this field is ignored. The field @ref aad
+					  * field should be set instead.
+					  *
+					  * @note
+					  * For SNOW 3G @ RTE_CRYPTO_AUTH_SNOW3G_UIA2,
+					  * KASUMI @ RTE_CRYPTO_AUTH_KASUMI_F9
+					  * and ZUC @ RTE_CRYPTO_AUTH_ZUC_EIA3,
+					  * this field should be in bits.
+					  */
+				} data;
+				/**< Data offsets and length for authentication */
+
+				struct {
+					uint8_t *data;
+					/**< This points to the location where
+					 * the digest result should be inserted
+					 * (in the case of digest generation)
+					 * or where the purported digest exists
+					 * (in the case of digest verification).
+					 *
+					 * At session creation time, the client
+					 * specified the digest result length with
+					 * the digest_length member of the
+					 * @ref rte_crypto_auth_xform structure.
+					 * For physical crypto devices the caller
+					 * must allocate at least digest_length of
+					 * physically contiguous memory at this
+					 * location.
+					 *
+					 * For digest generation, the digest result
+					 * will overwrite any data at this location.
+					 *
+					 * @note
+					 * For GCM (@ref RTE_CRYPTO_AUTH_AES_GCM), for
+					 * "digest result" read "authentication tag T".
+					 */
+					phys_addr_t phys_addr;
+					/**< Physical address of digest */
+				} digest; /**< Digest parameters */
+
+				struct {
+					uint8_t *data;
+					/**< Pointer to Additional Authenticated
+					 * Data (AAD) needed for authenticated cipher
+					 * mechanisms (CCM and GCM).
+					 *
+					 * The length of the data pointed to by this
+					 * field is set up for the session in the @ref
+					 * rte_crypto_auth_xform structure as part of
+					 * the @ref rte_cryptodev_sym_session_create
+					 * function call.
+					 * This length must not exceed 65535 (2^16-1)
+					 * bytes.
+					 *
+					 * Specifically for CCM
+					 * (@ref RTE_CRYPTO_AUTH_AES_CCM),
+					 * the caller should setup this field as follows:
+					 *
+					 * - the nonce should be written starting at
+					 * an offset of one byte into the array,
+					 * leaving room for the implementation to
+					 * write in the flags to the first byte.
+					 *
+					 * - the additional authentication data
+					 * itself should be written starting at
+					 * an offset of 18 bytes into the array,
+					 * leaving room for the length encoding in
+					 * the first two bytes of the second block.
+					 *
+					 * - the array should be big enough to hold
+					 * the above fields, plus any padding to
+					 * round this up to the nearest multiple of
+					 * the block size (16 bytes).
+					 * Padding will be added by the implementation.
+					 *
+					 * Finally, for GCM
+					 * (@ref RTE_CRYPTO_AUTH_AES_GCM), the
+					 * caller should setup this field as follows:
+					 *
+					 * - the AAD is written in starting at byte 0
+					 * - the array must be big enough to hold
+					 * the AAD, plus any space to round this up to
+					 * the nearest multiple of the block size
+					 * (16 bytes).
+					 *
+					 */
+					phys_addr_t phys_addr;	/**< physical address */
+				} aad;
+				/**< Additional authentication parameters */
+			} auth;
+		};
+	};
 };
 
 
-- 
2.9.4

^ permalink raw reply	[flat|nested] 100+ messages in thread

* [dpdk-dev] [PATCH v3 21/26] examples/l2fwd-crypto: avoid too many tabs
  2017-06-29 11:34   ` [dpdk-dev] [PATCH v3 00/26] Crypto operation restructuring Pablo de Lara
                       ` (19 preceding siblings ...)
  2017-06-29 11:35     ` [dpdk-dev] [PATCH v3 20/26] cryptodev: add AEAD parameters in crypto operation Pablo de Lara
@ 2017-06-29 11:35     ` Pablo de Lara
  2017-06-29 11:35     ` [dpdk-dev] [PATCH v3 22/26] app/test-crypto-perf: add AEAD parameters Pablo de Lara
                       ` (6 subsequent siblings)
  27 siblings, 0 replies; 100+ messages in thread
From: Pablo de Lara @ 2017-06-29 11:35 UTC (permalink / raw)
  To: declan.doherty, zbigniew.bodek, jerin.jacob, akhil.goyal,
	hemant.agrawal, fiona.trahe, john.griffin, deepak.k.jain
  Cc: dev, Pablo de Lara

Some extra functions have been created to avoid
too many nested conditionals.

Signed-off-by: Pablo de Lara <pablo.de.lara.guarch@intel.com>
Acked-by: Akhil Goyal <akhil.goyal@nxp.com>
---
 examples/l2fwd-crypto/main.c | 125 ++++++++++++++++++++++++++-----------------
 1 file changed, 77 insertions(+), 48 deletions(-)

diff --git a/examples/l2fwd-crypto/main.c b/examples/l2fwd-crypto/main.c
index 6d88937..fb829e3 100644
--- a/examples/l2fwd-crypto/main.c
+++ b/examples/l2fwd-crypto/main.c
@@ -1556,7 +1556,8 @@ check_all_ports_link_status(uint8_t port_num, uint32_t port_mask)
 
 /* Check if device has to be HW/SW or any */
 static int
-check_type(struct l2fwd_crypto_options *options, struct rte_cryptodev_info *dev_info)
+check_type(const struct l2fwd_crypto_options *options,
+		const struct rte_cryptodev_info *dev_info)
 {
 	if (options->type == CDEV_TYPE_HW &&
 			(dev_info->feature_flags & RTE_CRYPTODEV_FF_HW_ACCELERATED))
@@ -1570,6 +1571,74 @@ check_type(struct l2fwd_crypto_options *options, struct rte_cryptodev_info *dev_
 	return -1;
 }
 
+static const struct rte_cryptodev_capabilities *
+check_device_support_cipher_algo(const struct l2fwd_crypto_options *options,
+		const struct rte_cryptodev_info *dev_info,
+		uint8_t cdev_id)
+{
+	unsigned int i = 0;
+	const struct rte_cryptodev_capabilities *cap = &dev_info->capabilities[0];
+	enum rte_crypto_cipher_algorithm cap_cipher_algo;
+	enum rte_crypto_cipher_algorithm opt_cipher_algo =
+					options->cipher_xform.cipher.algo;
+
+	while (cap->op != RTE_CRYPTO_OP_TYPE_UNDEFINED) {
+		cap_cipher_algo = cap->sym.cipher.algo;
+		if (cap->sym.xform_type == RTE_CRYPTO_SYM_XFORM_CIPHER) {
+			if (cap_cipher_algo == opt_cipher_algo) {
+				if (check_type(options, dev_info) == 0)
+					break;
+			}
+		}
+		cap = &dev_info->capabilities[++i];
+	}
+
+	if (cap->op == RTE_CRYPTO_OP_TYPE_UNDEFINED) {
+		printf("Algorithm %s not supported by cryptodev %u"
+			" or device not of preferred type (%s)\n",
+			rte_crypto_cipher_algorithm_strings[opt_cipher_algo],
+			cdev_id,
+			options->string_type);
+		return NULL;
+	}
+
+	return cap;
+}
+
+static const struct rte_cryptodev_capabilities *
+check_device_support_auth_algo(const struct l2fwd_crypto_options *options,
+		const struct rte_cryptodev_info *dev_info,
+		uint8_t cdev_id)
+{
+	unsigned int i = 0;
+	const struct rte_cryptodev_capabilities *cap = &dev_info->capabilities[0];
+	enum rte_crypto_auth_algorithm cap_auth_algo;
+	enum rte_crypto_auth_algorithm opt_auth_algo =
+					options->auth_xform.auth.algo;
+
+	while (cap->op != RTE_CRYPTO_OP_TYPE_UNDEFINED) {
+		cap_auth_algo = cap->sym.auth.algo;
+		if (cap->sym.xform_type == RTE_CRYPTO_SYM_XFORM_AUTH) {
+			if (cap_auth_algo == opt_auth_algo) {
+				if (check_type(options, dev_info) == 0)
+					break;
+			}
+		}
+		cap = &dev_info->capabilities[++i];
+	}
+
+	if (cap->op == RTE_CRYPTO_OP_TYPE_UNDEFINED) {
+		printf("Algorithm %s not supported by cryptodev %u"
+			" or device not of preferred type (%s)\n",
+			rte_crypto_auth_algorithm_strings[opt_auth_algo],
+			cdev_id,
+			options->string_type);
+		return NULL;
+	}
+
+	return cap;
+}
+
 /* Check if the device is enabled by cryptodev_mask */
 static int
 check_cryptodev_mask(struct l2fwd_crypto_options *options,
@@ -1647,12 +1716,8 @@ static int
 initialize_cryptodevs(struct l2fwd_crypto_options *options, unsigned nb_ports,
 		uint8_t *enabled_cdevs)
 {
-	unsigned i, cdev_id, cdev_count, enabled_cdev_count = 0;
+	unsigned int cdev_id, cdev_count, enabled_cdev_count = 0;
 	const struct rte_cryptodev_capabilities *cap;
-	enum rte_crypto_auth_algorithm cap_auth_algo;
-	enum rte_crypto_auth_algorithm opt_auth_algo;
-	enum rte_crypto_cipher_algorithm cap_cipher_algo;
-	enum rte_crypto_cipher_algorithm opt_cipher_algo;
 	int retval;
 
 	cdev_count = rte_cryptodev_count();
@@ -1685,29 +1750,10 @@ initialize_cryptodevs(struct l2fwd_crypto_options *options, unsigned nb_ports,
 				options->xform_chain == L2FWD_CRYPTO_HASH_CIPHER ||
 				options->xform_chain == L2FWD_CRYPTO_CIPHER_ONLY) {
 			/* Check if device supports cipher algo */
-			i = 0;
-			opt_cipher_algo = options->cipher_xform.cipher.algo;
-			cap = &dev_info.capabilities[i];
-			while (cap->op != RTE_CRYPTO_OP_TYPE_UNDEFINED) {
-				cap_cipher_algo = cap->sym.cipher.algo;
-				if (cap->sym.xform_type ==
-						RTE_CRYPTO_SYM_XFORM_CIPHER) {
-					if (cap_cipher_algo == opt_cipher_algo) {
-						if (check_type(options, &dev_info) == 0)
-							break;
-					}
-				}
-				cap = &dev_info.capabilities[++i];
-			}
-
-			if (cap->op == RTE_CRYPTO_OP_TYPE_UNDEFINED) {
-				printf("Algorithm %s not supported by cryptodev %u"
-					" or device not of preferred type (%s)\n",
-					rte_crypto_cipher_algorithm_strings[opt_cipher_algo],
-					cdev_id,
-					options->string_type);
+			cap = check_device_support_cipher_algo(options, &dev_info,
+							cdev_id);
+			if (cap == NULL)
 				continue;
-			}
 
 			options->block_size = cap->sym.cipher.block_size;
 
@@ -1762,27 +1808,10 @@ initialize_cryptodevs(struct l2fwd_crypto_options *options, unsigned nb_ports,
 				options->xform_chain == L2FWD_CRYPTO_HASH_CIPHER ||
 				options->xform_chain == L2FWD_CRYPTO_HASH_ONLY) {
 			/* Check if device supports auth algo */
-			i = 0;
-			opt_auth_algo = options->auth_xform.auth.algo;
-			cap = &dev_info.capabilities[i];
-			while (cap->op != RTE_CRYPTO_OP_TYPE_UNDEFINED) {
-				cap_auth_algo = cap->sym.auth.algo;
-				if ((cap->sym.xform_type == RTE_CRYPTO_SYM_XFORM_AUTH) &&
-						(cap_auth_algo == opt_auth_algo) &&
-						(check_type(options, &dev_info) == 0)) {
-					break;
-				}
-				cap = &dev_info.capabilities[++i];
-			}
-
-			if (cap->op == RTE_CRYPTO_OP_TYPE_UNDEFINED) {
-				printf("Algorithm %s not supported by cryptodev %u"
-					" or device not of preferred type (%s)\n",
-					rte_crypto_auth_algorithm_strings[opt_auth_algo],
-					cdev_id,
-					options->string_type);
+			cap = check_device_support_auth_algo(options, &dev_info,
+							cdev_id);
+			if (cap == NULL)
 				continue;
-			}
 
 			check_iv_param(&cap->sym.auth.iv_size,
 					options->auth_iv_param,
-- 
2.9.4

^ permalink raw reply	[flat|nested] 100+ messages in thread

* [dpdk-dev] [PATCH v3 22/26] app/test-crypto-perf: add AEAD parameters
  2017-06-29 11:34   ` [dpdk-dev] [PATCH v3 00/26] Crypto operation restructuring Pablo de Lara
                       ` (20 preceding siblings ...)
  2017-06-29 11:35     ` [dpdk-dev] [PATCH v3 21/26] examples/l2fwd-crypto: avoid too many tabs Pablo de Lara
@ 2017-06-29 11:35     ` Pablo de Lara
  2017-06-29 11:35     ` [dpdk-dev] [PATCH v3 23/26] examples/ipsec-secgw: " Pablo de Lara
                       ` (5 subsequent siblings)
  27 siblings, 0 replies; 100+ messages in thread
From: Pablo de Lara @ 2017-06-29 11:35 UTC (permalink / raw)
  To: declan.doherty, zbigniew.bodek, jerin.jacob, akhil.goyal,
	hemant.agrawal, fiona.trahe, john.griffin, deepak.k.jain
  Cc: dev, Pablo de Lara

Since there is a new operation type (AEAD), add parameters
for this in the application.

Signed-off-by: Pablo de Lara <pablo.de.lara.guarch@intel.com>
Acked-by: Akhil Goyal <akhil.goyal@nxp.com>
---
 app/test-crypto-perf/cperf_ops.c                 | 138 ++++++++++-------------
 app/test-crypto-perf/cperf_options.h             |  22 +++-
 app/test-crypto-perf/cperf_options_parsing.c     | 138 ++++++++++++++++-------
 app/test-crypto-perf/cperf_test_latency.c        |   8 +-
 app/test-crypto-perf/cperf_test_throughput.c     |   8 +-
 app/test-crypto-perf/cperf_test_vector_parsing.c |  12 +-
 app/test-crypto-perf/cperf_test_vectors.c        | 106 ++++++++++-------
 app/test-crypto-perf/cperf_test_vectors.h        |  12 ++
 app/test-crypto-perf/cperf_test_verify.c         |  10 +-
 app/test-crypto-perf/main.c                      |  42 +++++--
 doc/guides/tools/cryptoperf.rst                  |  32 +++++-
 11 files changed, 330 insertions(+), 198 deletions(-)

diff --git a/app/test-crypto-perf/cperf_ops.c b/app/test-crypto-perf/cperf_ops.c
index bc74371..a63fd83 100644
--- a/app/test-crypto-perf/cperf_ops.c
+++ b/app/test-crypto-perf/cperf_ops.c
@@ -183,8 +183,6 @@ cperf_set_ops_auth(struct rte_crypto_op **ops,
 					uint8_t *, offset);
 			sym_op->auth.digest.phys_addr =
 					rte_pktmbuf_mtophys_offset(buf,	offset);
-			sym_op->auth.aad.phys_addr = test_vector->aad.phys_addr;
-			sym_op->auth.aad.data = test_vector->aad.data;
 
 		}
 
@@ -267,8 +265,6 @@ cperf_set_ops_cipher_auth(struct rte_crypto_op **ops,
 					uint8_t *, offset);
 			sym_op->auth.digest.phys_addr =
 					rte_pktmbuf_mtophys_offset(buf,	offset);
-			sym_op->auth.aad.phys_addr = test_vector->aad.phys_addr;
-			sym_op->auth.aad.data = test_vector->aad.data;
 		}
 
 		if (options->auth_algo == RTE_CRYPTO_AUTH_SNOW3G_UIA2 ||
@@ -322,23 +318,22 @@ cperf_set_ops_aead(struct rte_crypto_op **ops,
 		sym_op->m_src = bufs_in[i];
 		sym_op->m_dst = bufs_out[i];
 
-		/* cipher parameters */
-		sym_op->cipher.data.length = options->test_buffer_size;
-		sym_op->cipher.data.offset =
-				RTE_ALIGN_CEIL(options->auth_aad_sz, 16);
+		/* AEAD parameters */
+		sym_op->aead.data.length = options->test_buffer_size;
+		sym_op->aead.data.offset =
+				RTE_ALIGN_CEIL(options->aead_aad_sz, 16);
 
-		sym_op->auth.aad.data = rte_pktmbuf_mtod(bufs_in[i], uint8_t *);
-		sym_op->auth.aad.phys_addr = rte_pktmbuf_mtophys(bufs_in[i]);
+		sym_op->aead.aad.data = rte_pktmbuf_mtod(bufs_in[i], uint8_t *);
+		sym_op->aead.aad.phys_addr = rte_pktmbuf_mtophys(bufs_in[i]);
 
-		/* authentication parameters */
-		if (options->auth_op == RTE_CRYPTO_AUTH_OP_VERIFY) {
-			sym_op->auth.digest.data = test_vector->digest.data;
-			sym_op->auth.digest.phys_addr =
+		if (options->aead_op == RTE_CRYPTO_AEAD_OP_DECRYPT) {
+			sym_op->aead.digest.data = test_vector->digest.data;
+			sym_op->aead.digest.phys_addr =
 					test_vector->digest.phys_addr;
 		} else {
 
-			uint32_t offset = sym_op->cipher.data.length +
-						sym_op->cipher.data.offset;
+			uint32_t offset = sym_op->aead.data.length +
+						sym_op->aead.data.offset;
 			struct rte_mbuf *buf, *tbuf;
 
 			if (options->out_of_place) {
@@ -354,14 +349,11 @@ cperf_set_ops_aead(struct rte_crypto_op **ops,
 				}
 			}
 
-			sym_op->auth.digest.data = rte_pktmbuf_mtod_offset(buf,
+			sym_op->aead.digest.data = rte_pktmbuf_mtod_offset(buf,
 					uint8_t *, offset);
-			sym_op->auth.digest.phys_addr =
+			sym_op->aead.digest.phys_addr =
 					rte_pktmbuf_mtophys_offset(buf,	offset);
 		}
-
-		sym_op->auth.data.length = options->test_buffer_size;
-		sym_op->auth.data.offset = options->auth_aad_sz;
 	}
 
 	if (options->test == CPERF_TEST_TYPE_VERIFY) {
@@ -369,8 +361,8 @@ cperf_set_ops_aead(struct rte_crypto_op **ops,
 			uint8_t *iv_ptr = rte_crypto_op_ctod_offset(ops[i],
 					uint8_t *, iv_offset);
 
-			memcpy(iv_ptr, test_vector->cipher_iv.data,
-					test_vector->cipher_iv.length);
+			memcpy(iv_ptr, test_vector->aead_iv.data,
+					test_vector->aead_iv.length);
 		}
 	}
 
@@ -385,6 +377,7 @@ cperf_create_session(uint8_t dev_id,
 {
 	struct rte_crypto_sym_xform cipher_xform;
 	struct rte_crypto_sym_xform auth_xform;
+	struct rte_crypto_sym_xform aead_xform;
 	struct rte_cryptodev_sym_session *sess = NULL;
 
 	/*
@@ -424,9 +417,7 @@ cperf_create_session(uint8_t dev_id,
 		/* auth different than null */
 		if (options->auth_algo != RTE_CRYPTO_AUTH_NULL) {
 			auth_xform.auth.digest_length =
-					options->auth_digest_sz;
-			auth_xform.auth.add_auth_data_length =
-					options->auth_aad_sz;
+					options->digest_sz;
 			auth_xform.auth.key.length =
 					test_vector->auth_key.length;
 			auth_xform.auth.key.data = test_vector->auth_key.data;
@@ -445,9 +436,7 @@ cperf_create_session(uint8_t dev_id,
 	 * cipher and auth
 	 */
 	} else if (options->op_type == CPERF_CIPHER_THEN_AUTH
-			|| options->op_type == CPERF_AUTH_THEN_CIPHER
-			|| options->op_type == CPERF_AEAD) {
-
+			|| options->op_type == CPERF_AUTH_THEN_CIPHER) {
 		/*
 		 * cipher
 		 */
@@ -481,23 +470,12 @@ cperf_create_session(uint8_t dev_id,
 
 		/* auth different than null */
 		if (options->auth_algo != RTE_CRYPTO_AUTH_NULL) {
-			auth_xform.auth.digest_length = options->auth_digest_sz;
-			auth_xform.auth.add_auth_data_length =
-					options->auth_aad_sz;
-			/* auth options for aes gcm */
-			if (options->cipher_algo == RTE_CRYPTO_CIPHER_AES_GCM &&
-				options->auth_algo == RTE_CRYPTO_AUTH_AES_GCM) {
-				auth_xform.auth.key.length = 0;
-				auth_xform.auth.key.data = NULL;
-				auth_xform.auth.iv.length = 0;
-			} else { /* auth options for others */
-				auth_xform.auth.key.length =
+			auth_xform.auth.digest_length = options->digest_sz;
+			auth_xform.auth.iv.length = test_vector->auth_iv.length;
+			auth_xform.auth.key.length =
 					test_vector->auth_key.length;
-				auth_xform.auth.key.data =
-						test_vector->auth_key.data;
-				auth_xform.auth.iv.length =
-						test_vector->auth_iv.length;
-			}
+			auth_xform.auth.key.data =
+					test_vector->auth_key.data;
 		} else {
 			auth_xform.auth.digest_length = 0;
 			auth_xform.auth.add_auth_data_length = 0;
@@ -506,35 +484,39 @@ cperf_create_session(uint8_t dev_id,
 			auth_xform.auth.iv.length = 0;
 		}
 
-		/* create crypto session for aes gcm */
-		if (options->cipher_algo == RTE_CRYPTO_CIPHER_AES_GCM) {
-			if (options->cipher_op ==
-					RTE_CRYPTO_CIPHER_OP_ENCRYPT) {
-				cipher_xform.next = &auth_xform;
-				/* create crypto session */
-				sess = rte_cryptodev_sym_session_create(dev_id,
-					&cipher_xform);
-			} else { /* decrypt */
-				auth_xform.next = &cipher_xform;
-				/* create crypto session */
-				sess = rte_cryptodev_sym_session_create(dev_id,
-					&auth_xform);
-			}
-		} else { /* create crypto session for other */
-			/* cipher then auth */
-			if (options->op_type == CPERF_CIPHER_THEN_AUTH) {
-				cipher_xform.next = &auth_xform;
-				/* create crypto session */
-				sess = rte_cryptodev_sym_session_create(dev_id,
+		/* cipher then auth */
+		if (options->op_type == CPERF_CIPHER_THEN_AUTH) {
+			cipher_xform.next = &auth_xform;
+			/* create crypto session */
+			sess = rte_cryptodev_sym_session_create(dev_id,
 						&cipher_xform);
-			} else { /* auth then cipher */
-				auth_xform.next = &cipher_xform;
-				/* create crypto session */
-				sess = rte_cryptodev_sym_session_create(dev_id,
-						&auth_xform);
-			}
+		} else { /* auth then cipher */
+			auth_xform.next = &cipher_xform;
+			/* create crypto session */
+			sess = rte_cryptodev_sym_session_create(dev_id,
+					&auth_xform);
 		}
+	} else { /* options->op_type == CPERF_AEAD */
+		aead_xform.type = RTE_CRYPTO_SYM_XFORM_AEAD;
+		aead_xform.next = NULL;
+		aead_xform.aead.algo = options->aead_algo;
+		aead_xform.aead.op = options->aead_op;
+		aead_xform.aead.iv.offset = iv_offset;
+
+		aead_xform.aead.key.data =
+					test_vector->aead_key.data;
+		aead_xform.aead.key.length =
+					test_vector->aead_key.length;
+		aead_xform.aead.iv.length = test_vector->aead_iv.length;
+
+		aead_xform.aead.digest_length = options->digest_sz;
+		aead_xform.aead.add_auth_data_length =
+					options->aead_aad_sz;
+
+		/* Create crypto session */
+		sess = rte_cryptodev_sym_session_create(dev_id, &aead_xform);
 	}
+
 	return sess;
 }
 
@@ -546,14 +528,14 @@ cperf_get_op_functions(const struct cperf_options *options,
 
 	op_fns->sess_create = cperf_create_session;
 
-	if (options->op_type == CPERF_AEAD
-			|| options->op_type == CPERF_AUTH_THEN_CIPHER
+	if (options->op_type == CPERF_AEAD) {
+		op_fns->populate_ops = cperf_set_ops_aead;
+		return 0;
+	}
+
+	if (options->op_type == CPERF_AUTH_THEN_CIPHER
 			|| options->op_type == CPERF_CIPHER_THEN_AUTH) {
-		if (options->cipher_algo == RTE_CRYPTO_CIPHER_AES_GCM &&
-				options->auth_algo == RTE_CRYPTO_AUTH_AES_GCM)
-			op_fns->populate_ops = cperf_set_ops_aead;
-		else
-			op_fns->populate_ops = cperf_set_ops_cipher_auth;
+		op_fns->populate_ops = cperf_set_ops_cipher_auth;
 		return 0;
 	}
 	if (options->op_type == CPERF_AUTH_ONLY) {
diff --git a/app/test-crypto-perf/cperf_options.h b/app/test-crypto-perf/cperf_options.h
index 0e53c03..10cd2d8 100644
--- a/app/test-crypto-perf/cperf_options.h
+++ b/app/test-crypto-perf/cperf_options.h
@@ -29,8 +29,15 @@
 #define CPERF_AUTH_OP		("auth-op")
 #define CPERF_AUTH_KEY_SZ	("auth-key-sz")
 #define CPERF_AUTH_IV_SZ	("auth-iv-sz")
-#define CPERF_AUTH_DIGEST_SZ	("auth-digest-sz")
-#define CPERF_AUTH_AAD_SZ	("auth-aad-sz")
+
+#define CPERF_AEAD_ALGO		("aead-algo")
+#define CPERF_AEAD_OP		("aead-op")
+#define CPERF_AEAD_KEY_SZ	("aead-key-sz")
+#define CPERF_AEAD_IV_SZ	("aead-iv-sz")
+#define CPERF_AEAD_AAD_SZ	("aead-aad-sz")
+
+#define CPERF_DIGEST_SZ		("digest-sz")
+
 #define CPERF_CSV		("csv-friendly")
 
 #define MAX_LIST 32
@@ -78,8 +85,15 @@ struct cperf_options {
 
 	uint16_t auth_key_sz;
 	uint16_t auth_iv_sz;
-	uint16_t auth_digest_sz;
-	uint16_t auth_aad_sz;
+
+	enum rte_crypto_aead_algorithm aead_algo;
+	enum rte_crypto_aead_operation aead_op;
+
+	uint16_t aead_key_sz;
+	uint16_t aead_iv_sz;
+	uint16_t aead_aad_sz;
+
+	uint16_t digest_sz;
 
 	char device_type[RTE_CRYPTODEV_NAME_LEN];
 	enum cperf_op_type op_type;
diff --git a/app/test-crypto-perf/cperf_options_parsing.c b/app/test-crypto-perf/cperf_options_parsing.c
index 5c2dcff..d5bddb2 100644
--- a/app/test-crypto-perf/cperf_options_parsing.c
+++ b/app/test-crypto-perf/cperf_options_parsing.c
@@ -543,9 +543,9 @@ parse_auth_key_sz(struct cperf_options *opts, const char *arg)
 }
 
 static int
-parse_auth_digest_sz(struct cperf_options *opts, const char *arg)
+parse_digest_sz(struct cperf_options *opts, const char *arg)
 {
-	return parse_uint16_t(&opts->auth_digest_sz, arg);
+	return parse_uint16_t(&opts->digest_sz, arg);
 }
 
 static int
@@ -555,9 +555,64 @@ parse_auth_iv_sz(struct cperf_options *opts, const char *arg)
 }
 
 static int
-parse_auth_aad_sz(struct cperf_options *opts, const char *arg)
+parse_aead_algo(struct cperf_options *opts, const char *arg)
 {
-	return parse_uint16_t(&opts->auth_aad_sz, arg);
+	enum rte_crypto_aead_algorithm aead_algo;
+
+	if (rte_cryptodev_get_aead_algo_enum(&aead_algo, arg) < 0) {
+		RTE_LOG(ERR, USER1, "Invalid AEAD algorithm specified\n");
+		return -1;
+	}
+
+	opts->aead_algo = aead_algo;
+
+	return 0;
+}
+
+static int
+parse_aead_op(struct cperf_options *opts, const char *arg)
+{
+	struct name_id_map aead_op_namemap[] = {
+		{
+			rte_crypto_aead_operation_strings
+			[RTE_CRYPTO_AEAD_OP_ENCRYPT],
+			RTE_CRYPTO_AEAD_OP_ENCRYPT },
+		{
+			rte_crypto_aead_operation_strings
+			[RTE_CRYPTO_AEAD_OP_DECRYPT],
+			RTE_CRYPTO_AEAD_OP_DECRYPT
+		}
+	};
+
+	int id = get_str_key_id_mapping(aead_op_namemap,
+			RTE_DIM(aead_op_namemap), arg);
+	if (id < 0) {
+		RTE_LOG(ERR, USER1, "invalid AEAD operation specified"
+				"\n");
+		return -1;
+	}
+
+	opts->aead_op = (enum rte_crypto_aead_operation)id;
+
+	return 0;
+}
+
+static int
+parse_aead_key_sz(struct cperf_options *opts, const char *arg)
+{
+	return parse_uint16_t(&opts->aead_key_sz, arg);
+}
+
+static int
+parse_aead_iv_sz(struct cperf_options *opts, const char *arg)
+{
+	return parse_uint16_t(&opts->aead_iv_sz, arg);
+}
+
+static int
+parse_aead_aad_sz(struct cperf_options *opts, const char *arg)
+{
+	return parse_uint16_t(&opts->aead_aad_sz, arg);
 }
 
 static int
@@ -606,8 +661,17 @@ static struct option lgopts[] = {
 	{ CPERF_AUTH_OP, required_argument, 0, 0 },
 
 	{ CPERF_AUTH_KEY_SZ, required_argument, 0, 0 },
-	{ CPERF_AUTH_DIGEST_SZ, required_argument, 0, 0 },
-	{ CPERF_AUTH_AAD_SZ, required_argument, 0, 0 },
+	{ CPERF_AUTH_IV_SZ, required_argument, 0, 0 },
+
+	{ CPERF_AEAD_ALGO, required_argument, 0, 0 },
+	{ CPERF_AEAD_OP, required_argument, 0, 0 },
+
+	{ CPERF_AEAD_KEY_SZ, required_argument, 0, 0 },
+	{ CPERF_AEAD_AAD_SZ, required_argument, 0, 0 },
+	{ CPERF_AEAD_IV_SZ, required_argument, 0, 0 },
+
+	{ CPERF_DIGEST_SZ, required_argument, 0, 0 },
+
 	{ CPERF_CSV, no_argument, 0, 0},
 
 	{ NULL, 0, 0, 0 }
@@ -656,9 +720,13 @@ cperf_options_default(struct cperf_options *opts)
 	opts->auth_op = RTE_CRYPTO_AUTH_OP_GENERATE;
 
 	opts->auth_key_sz = 64;
-	opts->auth_digest_sz = 12;
 	opts->auth_iv_sz = 0;
-	opts->auth_aad_sz = 0;
+
+	opts->aead_key_sz = 0;
+	opts->aead_iv_sz = 0;
+	opts->aead_aad_sz = 0;
+
+	opts->digest_sz = 12;
 }
 
 static int
@@ -686,9 +754,13 @@ cperf_opts_parse_long(int opt_idx, struct cperf_options *opts)
 		{ CPERF_AUTH_OP,	parse_auth_op },
 		{ CPERF_AUTH_KEY_SZ,	parse_auth_key_sz },
 		{ CPERF_AUTH_IV_SZ,	parse_auth_iv_sz },
-		{ CPERF_AUTH_DIGEST_SZ,	parse_auth_digest_sz },
-		{ CPERF_AUTH_AAD_SZ,	parse_auth_aad_sz },
-		{ CPERF_CSV,	parse_csv_friendly},
+		{ CPERF_AEAD_ALGO,	parse_aead_algo },
+		{ CPERF_AEAD_OP,	parse_aead_op },
+		{ CPERF_AEAD_KEY_SZ,	parse_aead_key_sz },
+		{ CPERF_AEAD_IV_SZ,	parse_aead_iv_sz },
+		{ CPERF_AEAD_AAD_SZ,	parse_aead_aad_sz },
+		{ CPERF_DIGEST_SZ,	parse_digest_sz },
+		{ CPERF_CSV,		parse_csv_friendly},
 	};
 	unsigned int i;
 
@@ -803,30 +875,7 @@ cperf_options_check(struct cperf_options *options)
 					" options: decrypt and verify.\n");
 			return -EINVAL;
 		}
-	} else if (options->op_type == CPERF_AEAD) {
-		if (!(options->cipher_op == RTE_CRYPTO_CIPHER_OP_ENCRYPT &&
-				options->auth_op ==
-				RTE_CRYPTO_AUTH_OP_GENERATE) &&
-				!(options->cipher_op ==
-				RTE_CRYPTO_CIPHER_OP_DECRYPT &&
-				options->auth_op ==
-				RTE_CRYPTO_AUTH_OP_VERIFY)) {
-			RTE_LOG(ERR, USER1, "Use together options: encrypt and"
-					" generate or decrypt and verify.\n");
-			return -EINVAL;
-		}
-	}
-
-	if (options->cipher_algo == RTE_CRYPTO_CIPHER_AES_GCM ||
-			options->cipher_algo == RTE_CRYPTO_CIPHER_AES_CCM ||
-			options->auth_algo == RTE_CRYPTO_AUTH_AES_GCM ||
-			options->auth_algo == RTE_CRYPTO_AUTH_AES_CCM) {
-		if (options->op_type != CPERF_AEAD) {
-			RTE_LOG(ERR, USER1, "Use --optype aead\n");
-			return -EINVAL;
-		}
 	}
-
 	if (options->cipher_algo == RTE_CRYPTO_CIPHER_AES_CBC ||
 			options->cipher_algo == RTE_CRYPTO_CIPHER_AES_ECB) {
 		if (options->inc_buffer_size != 0)
@@ -914,23 +963,20 @@ cperf_options_dump(struct cperf_options *opts)
 
 	if (opts->op_type == CPERF_AUTH_ONLY ||
 			opts->op_type == CPERF_CIPHER_THEN_AUTH ||
-			opts->op_type == CPERF_AUTH_THEN_CIPHER ||
-			opts->op_type == CPERF_AEAD) {
+			opts->op_type == CPERF_AUTH_THEN_CIPHER) {
 		printf("# auth algorithm: %s\n",
 			rte_crypto_auth_algorithm_strings[opts->auth_algo]);
 		printf("# auth operation: %s\n",
 			rte_crypto_auth_operation_strings[opts->auth_op]);
 		printf("# auth key size: %u\n", opts->auth_key_sz);
 		printf("# auth iv size: %u\n", opts->auth_iv_sz);
-		printf("# auth digest size: %u\n", opts->auth_digest_sz);
-		printf("# auth aad size: %u\n", opts->auth_aad_sz);
+		printf("# auth digest size: %u\n", opts->digest_sz);
 		printf("#\n");
 	}
 
 	if (opts->op_type == CPERF_CIPHER_ONLY ||
 			opts->op_type == CPERF_CIPHER_THEN_AUTH ||
-			opts->op_type == CPERF_AUTH_THEN_CIPHER ||
-			opts->op_type == CPERF_AEAD) {
+			opts->op_type == CPERF_AUTH_THEN_CIPHER) {
 		printf("# cipher algorithm: %s\n",
 			rte_crypto_cipher_algorithm_strings[opts->cipher_algo]);
 		printf("# cipher operation: %s\n",
@@ -939,4 +985,16 @@ cperf_options_dump(struct cperf_options *opts)
 		printf("# cipher iv size: %u\n", opts->cipher_iv_sz);
 		printf("#\n");
 	}
+
+	if (opts->op_type == CPERF_AEAD) {
+		printf("# aead algorithm: %s\n",
+			rte_crypto_aead_algorithm_strings[opts->aead_algo]);
+		printf("# aead operation: %s\n",
+			rte_crypto_aead_operation_strings[opts->aead_op]);
+		printf("# aead key size: %u\n", opts->aead_key_sz);
+		printf("# aead iv size: %u\n", opts->aead_iv_sz);
+		printf("# aead digest size: %u\n", opts->digest_sz);
+		printf("# aead aad size: %u\n", opts->aead_aad_sz);
+		printf("#\n");
+	}
 }
diff --git a/app/test-crypto-perf/cperf_test_latency.c b/app/test-crypto-perf/cperf_test_latency.c
index f828366..16c114b 100644
--- a/app/test-crypto-perf/cperf_test_latency.c
+++ b/app/test-crypto-perf/cperf_test_latency.c
@@ -167,14 +167,14 @@ cperf_mbuf_create(struct rte_mempool *mempool,
 
 	if (options->op_type != CPERF_CIPHER_ONLY) {
 		mbuf_data = (uint8_t *)rte_pktmbuf_append(mbuf,
-			options->auth_digest_sz);
+			options->digest_sz);
 		if (mbuf_data == NULL)
 			goto error;
 	}
 
 	if (options->op_type == CPERF_AEAD) {
 		uint8_t *aead = (uint8_t *)rte_pktmbuf_prepend(mbuf,
-			RTE_ALIGN_CEIL(options->auth_aad_sz, 16));
+			RTE_ALIGN_CEIL(options->aead_aad_sz, 16));
 
 		if (aead == NULL)
 			goto error;
@@ -229,7 +229,7 @@ cperf_latency_test_constructor(uint8_t dev_id, uint16_t qp_id,
 			RTE_CACHE_LINE_ROUNDUP(
 				(options->max_buffer_size / options->segments_nb) +
 				(options->max_buffer_size % options->segments_nb) +
-					options->auth_digest_sz),
+					options->digest_sz),
 			rte_socket_id());
 
 	if (ctx->pkt_mbuf_pool_in == NULL)
@@ -259,7 +259,7 @@ cperf_latency_test_constructor(uint8_t dev_id, uint16_t qp_id,
 				RTE_PKTMBUF_HEADROOM +
 				RTE_CACHE_LINE_ROUNDUP(
 					options->max_buffer_size +
-					options->auth_digest_sz),
+					options->digest_sz),
 				rte_socket_id());
 
 		if (ctx->pkt_mbuf_pool_out == NULL)
diff --git a/app/test-crypto-perf/cperf_test_throughput.c b/app/test-crypto-perf/cperf_test_throughput.c
index 1e3f3b3..1ff1560 100644
--- a/app/test-crypto-perf/cperf_test_throughput.c
+++ b/app/test-crypto-perf/cperf_test_throughput.c
@@ -151,14 +151,14 @@ cperf_mbuf_create(struct rte_mempool *mempool,
 
 	if (options->op_type != CPERF_CIPHER_ONLY) {
 		mbuf_data = (uint8_t *)rte_pktmbuf_append(mbuf,
-				options->auth_digest_sz);
+				options->digest_sz);
 		if (mbuf_data == NULL)
 			goto error;
 	}
 
 	if (options->op_type == CPERF_AEAD) {
 		uint8_t *aead = (uint8_t *)rte_pktmbuf_prepend(mbuf,
-			RTE_ALIGN_CEIL(options->auth_aad_sz, 16));
+			RTE_ALIGN_CEIL(options->aead_aad_sz, 16));
 
 		if (aead == NULL)
 			goto error;
@@ -212,7 +212,7 @@ cperf_throughput_test_constructor(uint8_t dev_id, uint16_t qp_id,
 			RTE_CACHE_LINE_ROUNDUP(
 				(options->max_buffer_size / options->segments_nb) +
 				(options->max_buffer_size % options->segments_nb) +
-					options->auth_digest_sz),
+					options->digest_sz),
 			rte_socket_id());
 
 	if (ctx->pkt_mbuf_pool_in == NULL)
@@ -240,7 +240,7 @@ cperf_throughput_test_constructor(uint8_t dev_id, uint16_t qp_id,
 				RTE_PKTMBUF_HEADROOM +
 				RTE_CACHE_LINE_ROUNDUP(
 					options->max_buffer_size +
-					options->auth_digest_sz),
+					options->digest_sz),
 				rte_socket_id());
 
 		if (ctx->pkt_mbuf_pool_out == NULL)
diff --git a/app/test-crypto-perf/cperf_test_vector_parsing.c b/app/test-crypto-perf/cperf_test_vector_parsing.c
index 277ff1e..e462d2c 100644
--- a/app/test-crypto-perf/cperf_test_vector_parsing.c
+++ b/app/test-crypto-perf/cperf_test_vector_parsing.c
@@ -363,12 +363,12 @@ parse_entry(char *entry, struct cperf_test_vector *vector,
 		if (tc_found)
 			vector->aad.length = data_length;
 		else {
-			if (opts->auth_aad_sz > data_length) {
+			if (opts->aead_aad_sz > data_length) {
 				printf("Global aad shorter than "
-					"auth_aad_sz\n");
+					"aead_aad_sz\n");
 				return -1;
 			}
-			vector->aad.length = opts->auth_aad_sz;
+			vector->aad.length = opts->aead_aad_sz;
 		}
 
 	} else if (strstr(key_token, "digest")) {
@@ -379,12 +379,12 @@ parse_entry(char *entry, struct cperf_test_vector *vector,
 		if (tc_found)
 			vector->digest.length = data_length;
 		else {
-			if (opts->auth_digest_sz > data_length) {
+			if (opts->digest_sz > data_length) {
 				printf("Global digest shorter than "
-					"auth_digest_sz\n");
+					"digest_sz\n");
 				return -1;
 			}
-			vector->digest.length = opts->auth_digest_sz;
+			vector->digest.length = opts->digest_sz;
 		}
 	} else {
 		printf("Not valid key: '%s'\n", trim_space(key_token));
diff --git a/app/test-crypto-perf/cperf_test_vectors.c b/app/test-crypto-perf/cperf_test_vectors.c
index 2e5339c..03bc995 100644
--- a/app/test-crypto-perf/cperf_test_vectors.c
+++ b/app/test-crypto-perf/cperf_test_vectors.c
@@ -385,6 +385,13 @@ uint8_t auth_key[] = {
 	0x78, 0x79, 0x7A, 0x7B, 0x7C, 0x7D, 0x7E, 0x7F
 };
 
+/* AEAD key */
+uint8_t aead_key[] = {
+	0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07, 0x08, 0x09, 0x0A, 0x0B,
+	0x0C, 0x0D, 0x0E, 0x0F, 0x10, 0x11, 0x12, 0x13, 0x14, 0x15, 0x16, 0x17,
+	0x18, 0x19, 0x1A, 0x1B, 0x1C, 0x1D, 0x1E, 0x1F
+};
+
 /* Digests */
 uint8_t digest[2048] = { 0x00 };
 
@@ -403,8 +410,7 @@ cperf_test_vector_get_dummy(struct cperf_options *options)
 
 	if (options->op_type ==	CPERF_CIPHER_ONLY ||
 			options->op_type == CPERF_CIPHER_THEN_AUTH ||
-			options->op_type == CPERF_AUTH_THEN_CIPHER ||
-			options->op_type == CPERF_AEAD) {
+			options->op_type == CPERF_AUTH_THEN_CIPHER) {
 		if (options->cipher_algo == RTE_CRYPTO_CIPHER_NULL) {
 			t_vec->cipher_key.length = 0;
 			t_vec->ciphertext.data = plaintext;
@@ -441,40 +447,32 @@ cperf_test_vector_get_dummy(struct cperf_options *options)
 
 	if (options->op_type ==	CPERF_AUTH_ONLY ||
 			options->op_type == CPERF_CIPHER_THEN_AUTH ||
-			options->op_type == CPERF_AUTH_THEN_CIPHER ||
-			options->op_type == CPERF_AEAD) {
-		uint8_t aad_alloc = 0;
-
-		t_vec->auth_key.length = options->auth_key_sz;
-
-		switch (options->auth_algo) {
-		case RTE_CRYPTO_AUTH_NULL:
-			t_vec->auth_key.data = NULL;
-			aad_alloc = 0;
-			break;
-		case RTE_CRYPTO_AUTH_AES_GCM:
+			options->op_type == CPERF_AUTH_THEN_CIPHER) {
+		if (options->auth_algo == RTE_CRYPTO_AUTH_NULL) {
+			t_vec->auth_key.length = 0;
 			t_vec->auth_key.data = NULL;
-			aad_alloc = 1;
-			break;
-		default:
+			t_vec->digest.data = NULL;
+			t_vec->digest.length = 0;
+		} else {
+			t_vec->auth_key.length = options->auth_key_sz;
 			t_vec->auth_key.data = auth_key;
-			aad_alloc = 0;
-			break;
-		}
 
-		if (aad_alloc && options->auth_aad_sz) {
-			t_vec->aad.data = rte_malloc(NULL,
-					options->auth_aad_sz, 16);
-			if (t_vec->aad.data == NULL) {
-				if (options->op_type !=	CPERF_AUTH_ONLY)
-					rte_free(t_vec->cipher_iv.data);
+			t_vec->digest.data = rte_malloc(NULL,
+					options->digest_sz,
+					16);
+			if (t_vec->digest.data == NULL) {
+				rte_free(t_vec->cipher_iv.data);
 				rte_free(t_vec);
 				return NULL;
 			}
-			memcpy(t_vec->aad.data, aad, options->auth_aad_sz);
-		} else {
-			t_vec->aad.data = NULL;
+			t_vec->digest.phys_addr =
+				rte_malloc_virt2phy(t_vec->digest.data);
+			t_vec->digest.length = options->digest_sz;
+			memcpy(t_vec->digest.data, digest,
+					options->digest_sz);
 		}
+		t_vec->data.auth_offset = 0;
+		t_vec->data.auth_length = options->max_buffer_size;
 
 		/* Set IV parameters */
 		t_vec->auth_iv.data = rte_malloc(NULL, options->auth_iv_sz,
@@ -487,26 +485,52 @@ cperf_test_vector_get_dummy(struct cperf_options *options)
 		}
 		memcpy(t_vec->auth_iv.data, iv, options->auth_iv_sz);
 		t_vec->auth_iv.length = options->auth_iv_sz;
+	}
 
-		t_vec->aad.phys_addr = rte_malloc_virt2phy(t_vec->aad.data);
-		t_vec->aad.length = options->auth_aad_sz;
-		t_vec->digest.data = rte_malloc(NULL, options->auth_digest_sz,
-				16);
+	if (options->op_type == CPERF_AEAD) {
+		t_vec->aead_key.length = options->aead_key_sz;
+		t_vec->aead_key.data = aead_key;
+
+		if (options->aead_aad_sz) {
+			t_vec->aad.data = rte_malloc(NULL,
+					options->aead_aad_sz, 16);
+			if (t_vec->aad.data == NULL) {
+				rte_free(t_vec);
+				return NULL;
+			}
+			memcpy(t_vec->aad.data, aad, options->aead_aad_sz);
+			t_vec->aad.phys_addr = rte_malloc_virt2phy(t_vec->aad.data);
+			t_vec->aad.length = options->aead_aad_sz;
+		} else {
+			t_vec->aad.data = NULL;
+			t_vec->aad.length = 0;
+		}
+
+		t_vec->digest.data = rte_malloc(NULL, options->digest_sz,
+						16);
 		if (t_vec->digest.data == NULL) {
-			if (options->op_type !=	CPERF_AUTH_ONLY)
-				rte_free(t_vec->cipher_iv.data);
-			rte_free(t_vec->auth_iv.data);
 			rte_free(t_vec->aad.data);
 			rte_free(t_vec);
 			return NULL;
 		}
 		t_vec->digest.phys_addr =
 				rte_malloc_virt2phy(t_vec->digest.data);
-		t_vec->digest.length = options->auth_digest_sz;
-		memcpy(t_vec->digest.data, digest, options->auth_digest_sz);
-		t_vec->data.auth_offset = 0;
-		t_vec->data.auth_length = options->max_buffer_size;
-	}
+		t_vec->digest.length = options->digest_sz;
+		memcpy(t_vec->digest.data, digest, options->digest_sz);
+		t_vec->data.aead_offset = 0;
+		t_vec->data.aead_length = options->max_buffer_size;
 
+		/* Set IV parameters */
+		t_vec->aead_iv.data = rte_malloc(NULL, options->aead_iv_sz,
+				16);
+		if (options->aead_iv_sz && t_vec->aead_iv.data == NULL) {
+			rte_free(t_vec->aad.data);
+			rte_free(t_vec->digest.data);
+			rte_free(t_vec);
+			return NULL;
+		}
+		memcpy(t_vec->aead_iv.data, iv, options->aead_iv_sz);
+		t_vec->aead_iv.length = options->aead_iv_sz;
+	}
 	return t_vec;
 }
diff --git a/app/test-crypto-perf/cperf_test_vectors.h b/app/test-crypto-perf/cperf_test_vectors.h
index 7f9c4fa..8595570 100644
--- a/app/test-crypto-perf/cperf_test_vectors.h
+++ b/app/test-crypto-perf/cperf_test_vectors.h
@@ -54,6 +54,11 @@ struct cperf_test_vector {
 	struct {
 		uint8_t *data;
 		uint16_t length;
+	} aead_key;
+
+	struct {
+		uint8_t *data;
+		uint16_t length;
 	} cipher_iv;
 
 	struct {
@@ -63,6 +68,11 @@ struct cperf_test_vector {
 
 	struct {
 		uint8_t *data;
+		uint16_t length;
+	} aead_iv;
+
+	struct {
+		uint8_t *data;
 		uint32_t length;
 	} ciphertext;
 
@@ -83,6 +93,8 @@ struct cperf_test_vector {
 		uint32_t auth_length;
 		uint32_t cipher_offset;
 		uint32_t cipher_length;
+		uint32_t aead_offset;
+		uint32_t aead_length;
 	} data;
 };
 
diff --git a/app/test-crypto-perf/cperf_test_verify.c b/app/test-crypto-perf/cperf_test_verify.c
index 81057ff..bba8019 100644
--- a/app/test-crypto-perf/cperf_test_verify.c
+++ b/app/test-crypto-perf/cperf_test_verify.c
@@ -155,14 +155,14 @@ cperf_mbuf_create(struct rte_mempool *mempool,
 
 	if (options->op_type != CPERF_CIPHER_ONLY) {
 		mbuf_data = (uint8_t *)rte_pktmbuf_append(mbuf,
-				options->auth_digest_sz);
+				options->digest_sz);
 		if (mbuf_data == NULL)
 			goto error;
 	}
 
 	if (options->op_type == CPERF_AEAD) {
 		uint8_t *aead = (uint8_t *)rte_pktmbuf_prepend(mbuf,
-			RTE_ALIGN_CEIL(options->auth_aad_sz, 16));
+			RTE_ALIGN_CEIL(options->aead_aad_sz, 16));
 
 		if (aead == NULL)
 			goto error;
@@ -216,7 +216,7 @@ cperf_verify_test_constructor(uint8_t dev_id, uint16_t qp_id,
 			RTE_CACHE_LINE_ROUNDUP(
 				(options->max_buffer_size / options->segments_nb) +
 				(options->max_buffer_size % options->segments_nb) +
-					options->auth_digest_sz),
+					options->digest_sz),
 			rte_socket_id());
 
 	if (ctx->pkt_mbuf_pool_in == NULL)
@@ -244,7 +244,7 @@ cperf_verify_test_constructor(uint8_t dev_id, uint16_t qp_id,
 				RTE_PKTMBUF_HEADROOM +
 				RTE_CACHE_LINE_ROUNDUP(
 					options->max_buffer_size +
-					options->auth_digest_sz),
+					options->digest_sz),
 				rte_socket_id());
 
 		if (ctx->pkt_mbuf_pool_out == NULL)
@@ -379,7 +379,7 @@ cperf_verify_op(struct rte_crypto_op *op,
 		if (options->auth_op == RTE_CRYPTO_AUTH_OP_GENERATE)
 			res += memcmp(data + auth_offset,
 					vector->digest.data,
-					options->auth_digest_sz);
+					options->digest_sz);
 	}
 
 	return !!res;
diff --git a/app/test-crypto-perf/main.c b/app/test-crypto-perf/main.c
index cf4fa4f..f78c653 100644
--- a/app/test-crypto-perf/main.c
+++ b/app/test-crypto-perf/main.c
@@ -123,8 +123,7 @@ cperf_verify_devices_capabilities(struct cperf_options *opts,
 
 		if (opts->op_type == CPERF_AUTH_ONLY ||
 				opts->op_type == CPERF_CIPHER_THEN_AUTH ||
-				opts->op_type == CPERF_AUTH_THEN_CIPHER ||
-				opts->op_type == CPERF_AEAD)  {
+				opts->op_type == CPERF_AUTH_THEN_CIPHER) {
 
 			cap_idx.type = RTE_CRYPTO_SYM_XFORM_AUTH;
 			cap_idx.algo.auth = opts->auth_algo;
@@ -137,8 +136,8 @@ cperf_verify_devices_capabilities(struct cperf_options *opts,
 			ret = rte_cryptodev_sym_capability_check_auth(
 					capability,
 					opts->auth_key_sz,
-					opts->auth_digest_sz,
-					opts->auth_aad_sz,
+					opts->digest_sz,
+					0,
 					opts->auth_iv_sz);
 			if (ret != 0)
 				return ret;
@@ -146,8 +145,7 @@ cperf_verify_devices_capabilities(struct cperf_options *opts,
 
 		if (opts->op_type == CPERF_CIPHER_ONLY ||
 				opts->op_type == CPERF_CIPHER_THEN_AUTH ||
-				opts->op_type == CPERF_AUTH_THEN_CIPHER ||
-				opts->op_type == CPERF_AEAD) {
+				opts->op_type == CPERF_AUTH_THEN_CIPHER) {
 
 			cap_idx.type = RTE_CRYPTO_SYM_XFORM_CIPHER;
 			cap_idx.algo.cipher = opts->cipher_algo;
@@ -164,6 +162,26 @@ cperf_verify_devices_capabilities(struct cperf_options *opts,
 			if (ret != 0)
 				return ret;
 		}
+
+		if (opts->op_type == CPERF_AEAD) {
+
+			cap_idx.type = RTE_CRYPTO_SYM_XFORM_AEAD;
+			cap_idx.algo.aead = opts->aead_algo;
+
+			capability = rte_cryptodev_sym_capability_get(cdev_id,
+					&cap_idx);
+			if (capability == NULL)
+				return -1;
+
+			ret = rte_cryptodev_sym_capability_check_aead(
+					capability,
+					opts->aead_key_sz,
+					opts->digest_sz,
+					opts->aead_aad_sz,
+					opts->aead_iv_sz);
+			if (ret != 0)
+				return ret;
+		}
 	}
 
 	return 0;
@@ -212,7 +230,7 @@ cperf_check_test_vector(struct cperf_options *opts,
 				return -1;
 			if (test_vec->digest.data == NULL)
 				return -1;
-			if (test_vec->digest.length < opts->auth_digest_sz)
+			if (test_vec->digest.length < opts->digest_sz)
 				return -1;
 		}
 
@@ -253,7 +271,7 @@ cperf_check_test_vector(struct cperf_options *opts,
 				return -1;
 			if (test_vec->digest.data == NULL)
 				return -1;
-			if (test_vec->digest.length < opts->auth_digest_sz)
+			if (test_vec->digest.length < opts->digest_sz)
 				return -1;
 		}
 	} else if (opts->op_type == CPERF_AEAD) {
@@ -265,17 +283,17 @@ cperf_check_test_vector(struct cperf_options *opts,
 			return -1;
 		if (test_vec->ciphertext.length < opts->max_buffer_size)
 			return -1;
-		if (test_vec->cipher_iv.data == NULL)
+		if (test_vec->aead_iv.data == NULL)
 			return -1;
-		if (test_vec->cipher_iv.length != opts->cipher_iv_sz)
+		if (test_vec->aead_iv.length != opts->aead_iv_sz)
 			return -1;
 		if (test_vec->aad.data == NULL)
 			return -1;
-		if (test_vec->aad.length != opts->auth_aad_sz)
+		if (test_vec->aad.length != opts->aead_aad_sz)
 			return -1;
 		if (test_vec->digest.data == NULL)
 			return -1;
-		if (test_vec->digest.length < opts->auth_digest_sz)
+		if (test_vec->digest.length < opts->digest_sz)
 			return -1;
 	}
 	return 0;
diff --git a/doc/guides/tools/cryptoperf.rst b/doc/guides/tools/cryptoperf.rst
index c0accfc..6b797a7 100644
--- a/doc/guides/tools/cryptoperf.rst
+++ b/doc/guides/tools/cryptoperf.rst
@@ -294,13 +294,37 @@ The following are the appication command-line options:
 
         Set the size of auth iv.
 
-* ``--auth-digest-sz <n>``
+* ``--aead-algo <name>``
 
-        Set the size of authentication digest.
+        Set AEAD algorithm name, where ``name`` is one
+        of the following::
+
+           aes-ccm
+           aes-gcm
+
+* ``--aead-op <mode>``
+
+        Set AEAD operation mode, where ``mode`` is one of
+        the following::
+
+           encrypt
+           decrypt
+
+* ``--aead-key-sz <n>``
+
+        Set the size of AEAD key.
+
+* ``--aead-iv-sz <n>``
+
+        Set the size of AEAD iv.
+
+* ``--aead-aad-sz <n>``
+
+        Set the size of AEAD aad.
 
-* ``--auth-aad-sz <n>``
+* ``--digest-sz <n>``
 
-        Set the size of authentication aad.
+        Set the size of digest.
 
 * ``--csv-friendly``
 
-- 
2.9.4

^ permalink raw reply	[flat|nested] 100+ messages in thread

* [dpdk-dev] [PATCH v3 23/26] examples/ipsec-secgw: add AEAD parameters
  2017-06-29 11:34   ` [dpdk-dev] [PATCH v3 00/26] Crypto operation restructuring Pablo de Lara
                       ` (21 preceding siblings ...)
  2017-06-29 11:35     ` [dpdk-dev] [PATCH v3 22/26] app/test-crypto-perf: add AEAD parameters Pablo de Lara
@ 2017-06-29 11:35     ` Pablo de Lara
  2017-06-29 11:35     ` [dpdk-dev] [PATCH v3 24/26] examples/l2fwd-crypto: " Pablo de Lara
                       ` (4 subsequent siblings)
  27 siblings, 0 replies; 100+ messages in thread
From: Pablo de Lara @ 2017-06-29 11:35 UTC (permalink / raw)
  To: declan.doherty, zbigniew.bodek, jerin.jacob, akhil.goyal,
	hemant.agrawal, fiona.trahe, john.griffin, deepak.k.jain
  Cc: dev, Pablo de Lara

Since there is a new operation type (AEAD), add parameters
for this in the application.

Signed-off-by: Pablo de Lara <pablo.de.lara.guarch@intel.com>
Acked-by: Akhil Goyal <akhil.goyal@nxp.com>
---
 doc/guides/sample_app_ug/ipsec_secgw.rst |  32 +++++++--
 examples/ipsec-secgw/ipsec.h             |   1 +
 examples/ipsec-secgw/sa.c                | 116 +++++++++++++++++++++++++++++--
 3 files changed, 139 insertions(+), 10 deletions(-)

diff --git a/doc/guides/sample_app_ug/ipsec_secgw.rst b/doc/guides/sample_app_ug/ipsec_secgw.rst
index 885c77e..ca2a34d 100644
--- a/doc/guides/sample_app_ug/ipsec_secgw.rst
+++ b/doc/guides/sample_app_ug/ipsec_secgw.rst
@@ -412,7 +412,7 @@ where each options means:
 
  * Cipher algorithm
 
- * Optional: No
+ * Optional: Yes, unless <aead_algo> is not used
 
  * Available options:
 
@@ -427,7 +427,8 @@ where each options means:
 
  * Cipher key, NOT available when 'null' algorithm is used
 
- * Optional: No, must followed by <cipher_algo> option
+ * Optional: Yes, unless <aead_algo> is not used.
+   Must be followed by <cipher_algo> option
 
  * Syntax: Hexadecimal bytes (0x0-0xFF) concatenate by colon symbol ':'.
    The number of bytes should be as same as the specified cipher algorithm
@@ -440,7 +441,7 @@ where each options means:
 
  * Authentication algorithm
 
- * Optional: No
+ * Optional: Yes, unless <aead_algo> is not used
 
  * Available options:
 
@@ -453,7 +454,8 @@ where each options means:
  * Authentication key, NOT available when 'null' or 'aes-128-gcm' algorithm
    is used.
 
- * Optional: No, must followed by <auth_algo> option
+ * Optional: Yes, unless <aead_algo> is not used.
+   Must be followed by <auth_algo> option
 
  * Syntax: Hexadecimal bytes (0x0-0xFF) concatenate by colon symbol ':'.
    The number of bytes should be as same as the specified authentication
@@ -462,6 +464,28 @@ where each options means:
    For example: *auth_key A1:B2:C3:D4:A1:B2:C3:D4:A1:B2:C3:D4:A1:B2:C3:D4:
    A1:B2:C3:D4*
 
+``<aead_algo>``
+
+ * AEAD algorithm
+
+ * Optional: Yes, unless <cipher_algo> and <auth_algo> are not used
+
+ * Syntax: *cipher_algo <your algorithm>*
+
+``<aead_key>``
+
+ * Cipher key, NOT available when 'null' algorithm is used
+
+ * Optional: Yes, unless <cipher_algo> and <auth_algo> are not used.
+   Must be followed by <aead_algo> option
+
+ * Syntax: Hexadecimal bytes (0x0-0xFF) concatenate by colon symbol ':'.
+   The number of bytes should be as same as the specified AEAD algorithm
+   key size.
+
+   For example: *aead_key A1:B2:C3:D4:A1:B2:C3:D4:A1:B2:C3:D4:
+   A1:B2:C3:D4*
+
 ``<mode>``
 
  * The operation mode
diff --git a/examples/ipsec-secgw/ipsec.h b/examples/ipsec-secgw/ipsec.h
index 405cf3d..f8569ca 100644
--- a/examples/ipsec-secgw/ipsec.h
+++ b/examples/ipsec-secgw/ipsec.h
@@ -103,6 +103,7 @@ struct ipsec_sa {
 	struct rte_cryptodev_sym_session *crypto_session;
 	enum rte_crypto_cipher_algorithm cipher_algo;
 	enum rte_crypto_auth_algorithm auth_algo;
+	enum rte_crypto_aead_algorithm aead_algo;
 	uint16_t digest_len;
 	uint16_t iv_len;
 	uint16_t block_size;
diff --git a/examples/ipsec-secgw/sa.c b/examples/ipsec-secgw/sa.c
index 85e4d4e..9d80bd3 100644
--- a/examples/ipsec-secgw/sa.c
+++ b/examples/ipsec-secgw/sa.c
@@ -68,6 +68,17 @@ struct supported_auth_algo {
 	uint8_t key_not_req;
 };
 
+struct supported_aead_algo {
+	const char *keyword;
+	enum rte_crypto_aead_algorithm algo;
+	uint16_t iv_len;
+	uint16_t block_size;
+	uint16_t digest_len;
+	uint16_t key_len;
+	uint8_t aad_len;
+};
+
+
 const struct supported_cipher_algo cipher_algos[] = {
 	{
 		.keyword = "null",
@@ -128,6 +139,8 @@ const struct supported_auth_algo auth_algos[] = {
 	}
 };
 
+const struct supported_aead_algo aead_algos[] = { { } };
+
 struct ipsec_sa sa_out[IPSEC_SA_MAX_ENTRIES];
 uint32_t nb_sa_out;
 
@@ -166,6 +179,22 @@ find_match_auth_algo(const char *auth_keyword)
 	return NULL;
 }
 
+static const struct supported_aead_algo *
+find_match_aead_algo(const char *aead_keyword)
+{
+	size_t i;
+
+	for (i = 0; i < RTE_DIM(aead_algos); i++) {
+		const struct supported_aead_algo *algo =
+			&aead_algos[i];
+
+		if (strcmp(aead_keyword, algo->keyword) == 0)
+			return algo;
+	}
+
+	return NULL;
+}
+
 /** parse_key_string
  *  parse x:x:x:x.... hex number key string into uint8_t *key
  *  return:
@@ -210,6 +239,7 @@ parse_sa_tokens(char **tokens, uint32_t n_tokens,
 	uint32_t *ri /*rule index*/;
 	uint32_t cipher_algo_p = 0;
 	uint32_t auth_algo_p = 0;
+	uint32_t aead_algo_p = 0;
 	uint32_t src_p = 0;
 	uint32_t dst_p = 0;
 	uint32_t mode_p = 0;
@@ -386,6 +416,61 @@ parse_sa_tokens(char **tokens, uint32_t n_tokens,
 			continue;
 		}
 
+		if (strcmp(tokens[ti], "aead_algo") == 0) {
+			const struct supported_aead_algo *algo;
+			uint32_t key_len;
+
+			APP_CHECK_PRESENCE(aead_algo_p, tokens[ti],
+				status);
+			if (status->status < 0)
+				return;
+
+			INCREMENT_TOKEN_INDEX(ti, n_tokens, status);
+			if (status->status < 0)
+				return;
+
+			algo = find_match_aead_algo(tokens[ti]);
+
+			APP_CHECK(algo != NULL, status, "unrecognized "
+				"input \"%s\"", tokens[ti]);
+
+			rule->aead_algo = algo->algo;
+			rule->cipher_key_len = algo->key_len;
+			rule->digest_len = algo->digest_len;
+			rule->aad_len = algo->key_len;
+			rule->block_size = algo->block_size;
+			rule->iv_len = algo->iv_len;
+
+			INCREMENT_TOKEN_INDEX(ti, n_tokens, status);
+			if (status->status < 0)
+				return;
+
+			APP_CHECK(strcmp(tokens[ti], "aead_key") == 0,
+				status, "unrecognized input \"%s\", "
+				"expect \"aead_key\"", tokens[ti]);
+			if (status->status < 0)
+				return;
+
+			INCREMENT_TOKEN_INDEX(ti, n_tokens, status);
+			if (status->status < 0)
+				return;
+
+			key_len = parse_key_string(tokens[ti],
+				rule->cipher_key);
+			APP_CHECK(key_len == rule->cipher_key_len, status,
+				"unrecognized input \"%s\"", tokens[ti]);
+			if (status->status < 0)
+				return;
+
+			key_len -= 4;
+			rule->cipher_key_len = key_len;
+			memcpy(&rule->salt,
+				&rule->cipher_key[key_len], 4);
+
+			aead_algo_p = 1;
+			continue;
+		}
+
 		if (strcmp(tokens[ti], "src") == 0) {
 			APP_CHECK_PRESENCE(src_p, tokens[ti], status);
 			if (status->status < 0)
@@ -477,13 +562,25 @@ parse_sa_tokens(char **tokens, uint32_t n_tokens,
 		return;
 	}
 
-	APP_CHECK(cipher_algo_p == 1, status, "missing cipher options");
-	if (status->status < 0)
-		return;
+	if (aead_algo_p) {
+		APP_CHECK(cipher_algo_p == 0, status,
+				"AEAD used, no need for cipher options");
+		if (status->status < 0)
+			return;
 
-	APP_CHECK(auth_algo_p == 1, status, "missing auth options");
-	if (status->status < 0)
-		return;
+		APP_CHECK(auth_algo_p == 0, status,
+				"AEAD used, no need for auth options");
+		if (status->status < 0)
+			return;
+	} else {
+		APP_CHECK(cipher_algo_p == 1, status, "missing cipher or AEAD options");
+		if (status->status < 0)
+			return;
+
+		APP_CHECK(auth_algo_p == 1, status, "missing auth or AEAD options");
+		if (status->status < 0)
+			return;
+	}
 
 	APP_CHECK(mode_p == 1, status, "missing mode option");
 	if (status->status < 0)
@@ -514,6 +611,13 @@ print_one_sa_rule(const struct ipsec_sa *sa, int inbound)
 		}
 	}
 
+	for (i = 0; i < RTE_DIM(aead_algos); i++) {
+		if (aead_algos[i].algo == sa->aead_algo) {
+			printf("%s ", aead_algos[i].keyword);
+			break;
+		}
+	}
+
 	printf("mode:");
 
 	switch (sa->flags) {
-- 
2.9.4

^ permalink raw reply	[flat|nested] 100+ messages in thread

* [dpdk-dev] [PATCH v3 24/26] examples/l2fwd-crypto: add AEAD parameters
  2017-06-29 11:34   ` [dpdk-dev] [PATCH v3 00/26] Crypto operation restructuring Pablo de Lara
                       ` (22 preceding siblings ...)
  2017-06-29 11:35     ` [dpdk-dev] [PATCH v3 23/26] examples/ipsec-secgw: " Pablo de Lara
@ 2017-06-29 11:35     ` Pablo de Lara
  2017-06-29 11:35     ` [dpdk-dev] [PATCH v3 25/26] cryptodev: use AES-GCM/CCM as AEAD algorithms Pablo de Lara
                       ` (3 subsequent siblings)
  27 siblings, 0 replies; 100+ messages in thread
From: Pablo de Lara @ 2017-06-29 11:35 UTC (permalink / raw)
  To: declan.doherty, zbigniew.bodek, jerin.jacob, akhil.goyal,
	hemant.agrawal, fiona.trahe, john.griffin, deepak.k.jain
  Cc: dev, Pablo de Lara

Since there is a new operation type (AEAD), add parameters
for this in the application.

Signed-off-by: Pablo de Lara <pablo.de.lara.guarch@intel.com>
Acked-by: Akhil Goyal <akhil.goyal@nxp.com>
---
 doc/guides/sample_app_ug/l2_forward_crypto.rst |  24 +-
 examples/l2fwd-crypto/main.c                   | 388 +++++++++++++++++++++----
 2 files changed, 357 insertions(+), 55 deletions(-)

diff --git a/doc/guides/sample_app_ug/l2_forward_crypto.rst b/doc/guides/sample_app_ug/l2_forward_crypto.rst
index b9aa573..2880c43 100644
--- a/doc/guides/sample_app_ug/l2_forward_crypto.rst
+++ b/doc/guides/sample_app_ug/l2_forward_crypto.rst
@@ -110,7 +110,9 @@ where,
 
 *   chain: select the operation chaining to perform: Cipher->Hash (CIPHER_HASH),
 
-    Hash->Cipher (HASH_CIPHER), Cipher (CIPHER_ONLY), Hash(HASH_ONLY)
+    Hash->Cipher (HASH_CIPHER), Cipher (CIPHER_ONLY), Hash (HASH_ONLY)
+
+    or AEAD (AEAD)
 
     (default is Cipher->Hash)
 
@@ -154,6 +156,26 @@ where,
 
     Note that if --auth_iv is used, this will be ignored.
 
+*   aead_algo: select the AEAD algorithm
+
+*   aead_op: select the AEAD operation to perform: ENCRYPT or DECRYPT
+
+    (default is ENCRYPT)
+
+*   aead_key: set the AEAD key to be used. Bytes has to be separated with ":"
+
+*   aead_key_random_size: set the size of the AEAD key,
+
+    which will be generated randomly.
+
+    Note that if --aead_key is used, this will be ignored.
+
+*   aead_iv: set the AEAD IV to be used. Bytes has to be separated with ":"
+
+*   aead_iv_random_size: set the size of the AEAD IV, which will be generated randomly.
+
+    Note that if --aead_iv is used, this will be ignored.
+
 *   aad: set the AAD to be used. Bytes has to be separated with ":"
 
 *   aad_random_size: set the size of the AAD, which will be generated randomly.
diff --git a/examples/l2fwd-crypto/main.c b/examples/l2fwd-crypto/main.c
index fb829e3..914f8ed 100644
--- a/examples/l2fwd-crypto/main.c
+++ b/examples/l2fwd-crypto/main.c
@@ -130,7 +130,8 @@ enum l2fwd_crypto_xform_chain {
 	L2FWD_CRYPTO_CIPHER_HASH,
 	L2FWD_CRYPTO_HASH_CIPHER,
 	L2FWD_CRYPTO_CIPHER_ONLY,
-	L2FWD_CRYPTO_HASH_ONLY
+	L2FWD_CRYPTO_HASH_ONLY,
+	L2FWD_CRYPTO_AEAD
 };
 
 struct l2fwd_key {
@@ -172,6 +173,14 @@ struct l2fwd_crypto_options {
 	unsigned int auth_iv_param;
 	int auth_iv_random_size;
 
+	struct rte_crypto_sym_xform aead_xform;
+	unsigned int aead_key_param;
+	int aead_key_random_size;
+
+	struct l2fwd_iv aead_iv;
+	unsigned int aead_iv_param;
+	int aead_iv_random_size;
+
 	struct l2fwd_key aad;
 	unsigned aad_param;
 	int aad_random_size;
@@ -194,15 +203,18 @@ struct l2fwd_crypto_params {
 
 	struct l2fwd_iv cipher_iv;
 	struct l2fwd_iv auth_iv;
+	struct l2fwd_iv aead_iv;
 	struct l2fwd_key aad;
 	struct rte_cryptodev_sym_session *session;
 
 	uint8_t do_cipher;
 	uint8_t do_hash;
+	uint8_t do_aead;
 	uint8_t hash_verify;
 
 	enum rte_crypto_cipher_algorithm cipher_algo;
 	enum rte_crypto_auth_algorithm auth_algo;
+	enum rte_crypto_aead_algorithm aead_algo;
 };
 
 /** lcore configuration */
@@ -492,14 +504,6 @@ l2fwd_simple_crypto_enqueue(struct rte_mbuf *m,
 			op->sym->auth.data.offset = ipdata_offset;
 			op->sym->auth.data.length = data_len;
 		}
-
-		if (cparams->aad.length) {
-			op->sym->auth.aad.data = cparams->aad.data;
-			op->sym->auth.aad.phys_addr = cparams->aad.phys_addr;
-		} else {
-			op->sym->auth.aad.data = NULL;
-			op->sym->auth.aad.phys_addr = 0;
-		}
 	}
 
 	if (cparams->do_cipher) {
@@ -521,6 +525,33 @@ l2fwd_simple_crypto_enqueue(struct rte_mbuf *m,
 		}
 	}
 
+	if (cparams->do_aead) {
+		uint8_t *iv_ptr = rte_crypto_op_ctod_offset(op, uint8_t *,
+							IV_OFFSET);
+		/* Copy IV at the end of the crypto operation */
+		rte_memcpy(iv_ptr, cparams->aead_iv.data, cparams->aead_iv.length);
+
+		op->sym->aead.data.offset = ipdata_offset;
+		op->sym->aead.data.length = data_len;
+
+		if (!cparams->hash_verify) {
+			/* Append space for digest to end of packet */
+			op->sym->aead.digest.data = (uint8_t *)rte_pktmbuf_append(m,
+				cparams->digest_length);
+		} else {
+			op->sym->aead.digest.data = rte_pktmbuf_mtod(m,
+				uint8_t *) + ipdata_offset + data_len;
+		}
+
+		op->sym->auth.digest.phys_addr = rte_pktmbuf_mtophys_offset(m,
+				rte_pktmbuf_pkt_len(m) - cparams->digest_length);
+
+		if (cparams->aad.length) {
+			op->sym->aead.aad.data = cparams->aad.data;
+			op->sym->aead.aad.phys_addr = cparams->aad.phys_addr;
+		}
+	}
+
 	op->sym->m_src = m;
 
 	return l2fwd_crypto_enqueue(op, cparams);
@@ -617,7 +648,9 @@ initialize_crypto_session(struct l2fwd_crypto_options *options,
 {
 	struct rte_crypto_sym_xform *first_xform;
 
-	if (options->xform_chain == L2FWD_CRYPTO_CIPHER_HASH) {
+	if (options->xform_chain == L2FWD_CRYPTO_AEAD) {
+		first_xform = &options->aead_xform;
+	} else if (options->xform_chain == L2FWD_CRYPTO_CIPHER_HASH) {
 		first_xform = &options->cipher_xform;
 		first_xform->next = &options->auth_xform;
 	} else if (options->xform_chain == L2FWD_CRYPTO_HASH_CIPHER) {
@@ -669,8 +702,12 @@ l2fwd_main_loop(struct l2fwd_crypto_options *options)
 	for (i = 0; i < qconf->nb_crypto_devs; i++) {
 		port_cparams[i].do_cipher = 0;
 		port_cparams[i].do_hash = 0;
+		port_cparams[i].do_aead = 0;
 
 		switch (options->xform_chain) {
+		case L2FWD_CRYPTO_AEAD:
+			port_cparams[i].do_aead = 1;
+			break;
 		case L2FWD_CRYPTO_CIPHER_HASH:
 		case L2FWD_CRYPTO_HASH_CIPHER:
 			port_cparams[i].do_cipher = 1;
@@ -695,6 +732,12 @@ l2fwd_main_loop(struct l2fwd_crypto_options *options)
 			if (!options->auth_iv_param)
 				generate_random_key(port_cparams[i].auth_iv.data,
 						port_cparams[i].auth_iv.length);
+			if (options->auth_xform.auth.op == RTE_CRYPTO_AUTH_OP_VERIFY)
+				port_cparams[i].hash_verify = 1;
+			else
+				port_cparams[i].hash_verify = 0;
+
+			port_cparams[i].auth_algo = options->auth_xform.auth.algo;
 			/* Set IV parameters */
 			if (options->auth_iv.length) {
 				options->auth_xform.auth.iv.offset =
@@ -702,11 +745,16 @@ l2fwd_main_loop(struct l2fwd_crypto_options *options)
 				options->auth_xform.auth.iv.length =
 					options->auth_iv.length;
 			}
+		}
+
+		if (port_cparams[i].do_aead) {
+			port_cparams[i].aead_algo = options->aead_xform.aead.algo;
 			port_cparams[i].digest_length =
-					options->auth_xform.auth.digest_length;
-			if (options->auth_xform.auth.add_auth_data_length) {
+					options->aead_xform.aead.digest_length;
+			if (options->aead_xform.aead.add_auth_data_length) {
 				port_cparams[i].aad.data = options->aad.data;
 				port_cparams[i].aad.phys_addr = options->aad.phys_addr;
+				port_cparams[i].aad.length = options->aad.length;
 				if (!options->aad_param)
 					generate_random_key(port_cparams[i].aad.data,
 						port_cparams[i].aad.length);
@@ -714,12 +762,14 @@ l2fwd_main_loop(struct l2fwd_crypto_options *options)
 			} else
 				port_cparams[i].aad.length = 0;
 
-			if (options->auth_xform.auth.op == RTE_CRYPTO_AUTH_OP_VERIFY)
+			if (options->aead_xform.aead.op == RTE_CRYPTO_AEAD_OP_DECRYPT)
 				port_cparams[i].hash_verify = 1;
 			else
 				port_cparams[i].hash_verify = 0;
 
-			port_cparams[i].auth_algo = options->auth_xform.auth.algo;
+			/* Set IV parameters */
+			options->aead_xform.aead.iv.offset = IV_OFFSET;
+			options->aead_xform.aead.iv.length = options->aead_iv.length;
 		}
 
 		if (port_cparams[i].do_cipher) {
@@ -881,7 +931,7 @@ l2fwd_crypto_usage(const char *prgname)
 
 		"  --cdev_type HW / SW / ANY\n"
 		"  --chain HASH_CIPHER / CIPHER_HASH / CIPHER_ONLY /"
-		" HASH_ONLY\n"
+		" HASH_ONLY / AEAD\n"
 
 		"  --cipher_algo ALGO\n"
 		"  --cipher_op ENCRYPT / DECRYPT\n"
@@ -896,8 +946,16 @@ l2fwd_crypto_usage(const char *prgname)
 		"  --auth_key_random_size SIZE: size of auth key when generated randomly\n"
 		"  --auth_iv IV (bytes separated with \":\")\n"
 		"  --auth_iv_random_size SIZE: size of auth IV when generated randomly\n"
+
+		"  --aead_algo ALGO\n"
+		"  --aead_op ENCRYPT / DECRYPT\n"
+		"  --aead_key KEY (bytes separated with \":\")\n"
+		"  --aead_key_random_size SIZE: size of AEAD key when generated randomly\n"
+		"  --aead_iv IV (bytes separated with \":\")\n"
+		"  --aead_iv_random_size SIZE: size of AEAD IV when generated randomly\n"
 		"  --aad AAD (bytes separated with \":\")\n"
 		"  --aad_random_size SIZE: size of AAD when generated randomly\n"
+
 		"  --digest_size SIZE: size of digest to be generated/verified\n"
 
 		"  --sessionless\n"
@@ -939,6 +997,9 @@ parse_crypto_opt_chain(struct l2fwd_crypto_options *options, char *optarg)
 	} else if (strcmp("HASH_ONLY", optarg) == 0) {
 		options->xform_chain = L2FWD_CRYPTO_HASH_ONLY;
 		return 0;
+	} else if (strcmp("AEAD", optarg) == 0) {
+		options->xform_chain = L2FWD_CRYPTO_AEAD;
+		return 0;
 	}
 
 	return -1;
@@ -1046,6 +1107,32 @@ parse_auth_op(enum rte_crypto_auth_operation *op, char *optarg)
 }
 
 static int
+parse_aead_algo(enum rte_crypto_aead_algorithm *algo, char *optarg)
+{
+	if (rte_cryptodev_get_aead_algo_enum(algo, optarg) < 0) {
+		RTE_LOG(ERR, USER1, "AEAD algorithm specified "
+				"not supported!\n");
+		return -1;
+	}
+
+	return 0;
+}
+
+static int
+parse_aead_op(enum rte_crypto_aead_operation *op, char *optarg)
+{
+	if (strcmp("ENCRYPT", optarg) == 0) {
+		*op = RTE_CRYPTO_AEAD_OP_ENCRYPT;
+		return 0;
+	} else if (strcmp("DECRYPT", optarg) == 0) {
+		*op = RTE_CRYPTO_AEAD_OP_DECRYPT;
+		return 0;
+	}
+
+	printf("AEAD operation specified not supported!\n");
+	return -1;
+}
+static int
 parse_cryptodev_mask(struct l2fwd_crypto_options *options,
 		const char *q_arg)
 {
@@ -1143,7 +1230,6 @@ l2fwd_crypto_parse_args_long_options(struct l2fwd_crypto_options *options,
 		return parse_size(&options->akey_random_size, optarg);
 	}
 
-
 	else if (strcmp(lgopts[option_index].name, "auth_iv") == 0) {
 		options->auth_iv_param = 1;
 		options->auth_iv.length =
@@ -1157,6 +1243,43 @@ l2fwd_crypto_parse_args_long_options(struct l2fwd_crypto_options *options,
 	else if (strcmp(lgopts[option_index].name, "auth_iv_random_size") == 0)
 		return parse_size(&options->auth_iv_random_size, optarg);
 
+	/* AEAD options */
+	else if (strcmp(lgopts[option_index].name, "aead_algo") == 0) {
+		return parse_aead_algo(&options->aead_xform.aead.algo,
+				optarg);
+	}
+
+	else if (strcmp(lgopts[option_index].name, "aead_op") == 0)
+		return parse_aead_op(&options->aead_xform.aead.op,
+				optarg);
+
+	else if (strcmp(lgopts[option_index].name, "aead_key") == 0) {
+		options->aead_key_param = 1;
+		options->aead_xform.aead.key.length =
+			parse_key(options->aead_xform.aead.key.data, optarg);
+		if (options->aead_xform.aead.key.length > 0)
+			return 0;
+		else
+			return -1;
+	}
+
+	else if (strcmp(lgopts[option_index].name, "aead_key_random_size") == 0)
+		return parse_size(&options->aead_key_random_size, optarg);
+
+
+	else if (strcmp(lgopts[option_index].name, "aead_iv") == 0) {
+		options->aead_iv_param = 1;
+		options->aead_iv.length =
+			parse_key(options->aead_iv.data, optarg);
+		if (options->aead_iv.length > 0)
+			return 0;
+		else
+			return -1;
+	}
+
+	else if (strcmp(lgopts[option_index].name, "aead_iv_random_size") == 0)
+		return parse_size(&options->aead_iv_random_size, optarg);
+
 	else if (strcmp(lgopts[option_index].name, "aad") == 0) {
 		options->aad_param = 1;
 		options->aad.length =
@@ -1291,13 +1414,25 @@ l2fwd_crypto_default_options(struct l2fwd_crypto_options *options)
 	options->auth_iv_param = 0;
 	options->auth_iv_random_size = -1;
 	options->auth_iv.length = 0;
+
+	options->auth_xform.auth.algo = RTE_CRYPTO_AUTH_SHA1_HMAC;
+	options->auth_xform.auth.op = RTE_CRYPTO_AUTH_OP_GENERATE;
+
+	/* AEAD Data */
+	options->aead_xform.type = RTE_CRYPTO_SYM_XFORM_AEAD;
+	options->aead_xform.next = NULL;
+	options->aead_key_param = 0;
+	options->aead_key_random_size = -1;
+	options->aead_xform.aead.key.length = 0;
+	options->aead_iv_param = 0;
+	options->aead_iv_random_size = -1;
+	options->aead_iv.length = 0;
+
 	options->aad_param = 0;
 	options->aad_random_size = -1;
 	options->aad.length = 0;
-	options->digest_size = -1;
 
-	options->auth_xform.auth.algo = RTE_CRYPTO_AUTH_SHA1_HMAC;
-	options->auth_xform.auth.op = RTE_CRYPTO_AUTH_OP_GENERATE;
+	options->digest_size = -1;
 
 	options->type = CDEV_TYPE_ANY;
 	options->cryptodev_mask = UINT64_MAX;
@@ -1325,6 +1460,18 @@ display_auth_info(struct l2fwd_crypto_options *options)
 			options->auth_xform.auth.key.data,
 			options->auth_xform.auth.key.length);
 	rte_hexdump(stdout, "IV:", options->auth_iv.data, options->auth_iv.length);
+}
+
+static void
+display_aead_info(struct l2fwd_crypto_options *options)
+{
+	printf("\n---- AEAD information ---\n");
+	printf("Algorithm: %s\n",
+		rte_crypto_aead_algorithm_strings[options->aead_xform.aead.algo]);
+	rte_hexdump(stdout, "AEAD key:",
+			options->aead_xform.aead.key.data,
+			options->aead_xform.aead.key.length);
+	rte_hexdump(stdout, "IV:", options->aead_iv.data, options->aead_iv.length);
 	rte_hexdump(stdout, "AAD:", options->aad.data, options->aad.length);
 }
 
@@ -1333,6 +1480,7 @@ l2fwd_crypto_options_print(struct l2fwd_crypto_options *options)
 {
 	char string_cipher_op[MAX_STR_LEN];
 	char string_auth_op[MAX_STR_LEN];
+	char string_aead_op[MAX_STR_LEN];
 
 	if (options->cipher_xform.cipher.op == RTE_CRYPTO_CIPHER_OP_ENCRYPT)
 		strcpy(string_cipher_op, "Encrypt");
@@ -1344,6 +1492,12 @@ l2fwd_crypto_options_print(struct l2fwd_crypto_options *options)
 	else
 		strcpy(string_auth_op, "Auth verify");
 
+	if (options->aead_xform.aead.op == RTE_CRYPTO_AEAD_OP_ENCRYPT)
+		strcpy(string_aead_op, "Authenticated encryption");
+	else
+		strcpy(string_aead_op, "Authenticated decryption");
+
+
 	printf("Options:-\nn");
 	printf("portmask: %x\n", options->portmask);
 	printf("ports per lcore: %u\n", options->nb_ports_per_lcore);
@@ -1373,6 +1527,10 @@ l2fwd_crypto_options_print(struct l2fwd_crypto_options *options)
 
 	printf("\nCrypto chain: ");
 	switch (options->xform_chain) {
+	case L2FWD_CRYPTO_AEAD:
+		printf("Input --> %s --> Output\n", string_aead_op);
+		display_aead_info(options);
+		break;
 	case L2FWD_CRYPTO_CIPHER_HASH:
 		printf("Input --> %s --> %s --> Output\n",
 			string_cipher_op, string_auth_op);
@@ -1424,8 +1582,16 @@ l2fwd_crypto_parse_args(struct l2fwd_crypto_options *options,
 			{ "auth_iv", required_argument, 0, 0 },
 			{ "auth_iv_random_size", required_argument, 0, 0 },
 
+			{ "aead_algo", required_argument, 0, 0 },
+			{ "aead_op", required_argument, 0, 0 },
+			{ "aead_key", required_argument, 0, 0 },
+			{ "aead_key_random_size", required_argument, 0, 0 },
+			{ "aead_iv", required_argument, 0, 0 },
+			{ "aead_iv_random_size", required_argument, 0, 0 },
+
 			{ "aad", required_argument, 0, 0 },
 			{ "aad_random_size", required_argument, 0, 0 },
+
 			{ "digest_size", required_argument, 0, 0 },
 
 			{ "sessionless", no_argument, 0, 0 },
@@ -1639,6 +1805,40 @@ check_device_support_auth_algo(const struct l2fwd_crypto_options *options,
 	return cap;
 }
 
+static const struct rte_cryptodev_capabilities *
+check_device_support_aead_algo(const struct l2fwd_crypto_options *options,
+		const struct rte_cryptodev_info *dev_info,
+		uint8_t cdev_id)
+{
+	unsigned int i = 0;
+	const struct rte_cryptodev_capabilities *cap = &dev_info->capabilities[0];
+	enum rte_crypto_aead_algorithm cap_aead_algo;
+	enum rte_crypto_aead_algorithm opt_aead_algo =
+					options->aead_xform.aead.algo;
+
+	while (cap->op != RTE_CRYPTO_OP_TYPE_UNDEFINED) {
+		cap_aead_algo = cap->sym.aead.algo;
+		if (cap->sym.xform_type == RTE_CRYPTO_SYM_XFORM_AEAD) {
+			if (cap_aead_algo == opt_aead_algo) {
+				if (check_type(options, dev_info) == 0)
+					break;
+			}
+		}
+		cap = &dev_info->capabilities[++i];
+	}
+
+	if (cap->op == RTE_CRYPTO_OP_TYPE_UNDEFINED) {
+		printf("Algorithm %s not supported by cryptodev %u"
+			" or device not of preferred type (%s)\n",
+			rte_crypto_aead_algorithm_strings[opt_aead_algo],
+			cdev_id,
+			options->string_type);
+		return NULL;
+	}
+
+	return cap;
+}
+
 /* Check if the device is enabled by cryptodev_mask */
 static int
 check_cryptodev_mask(struct l2fwd_crypto_options *options,
@@ -1745,6 +1945,112 @@ initialize_cryptodevs(struct l2fwd_crypto_options *options, unsigned nb_ports,
 
 		rte_cryptodev_info_get(cdev_id, &dev_info);
 
+		/* Set AEAD parameters */
+		if (options->xform_chain == L2FWD_CRYPTO_AEAD) {
+			/* Check if device supports AEAD algo */
+			cap = check_device_support_aead_algo(options, &dev_info,
+							cdev_id);
+			if (cap == NULL)
+				continue;
+
+			options->block_size = cap->sym.aead.block_size;
+
+			check_iv_param(&cap->sym.aead.iv_size,
+					options->aead_iv_param,
+					options->aead_iv_random_size,
+					&options->aead_iv.length);
+
+			/*
+			 * Check if length of provided AEAD key is supported
+			 * by the algorithm chosen.
+			 */
+			if (options->aead_key_param) {
+				if (check_supported_size(
+						options->aead_xform.aead.key.length,
+						cap->sym.aead.key_size.min,
+						cap->sym.aead.key_size.max,
+						cap->sym.aead.key_size.increment)
+							!= 0) {
+					printf("Unsupported aead key length\n");
+					return -1;
+				}
+			/*
+			 * Check if length of the aead key to be randomly generated
+			 * is supported by the algorithm chosen.
+			 */
+			} else if (options->aead_key_random_size != -1) {
+				if (check_supported_size(options->ckey_random_size,
+						cap->sym.aead.key_size.min,
+						cap->sym.aead.key_size.max,
+						cap->sym.aead.key_size.increment)
+							!= 0) {
+					printf("Unsupported aead key length\n");
+					return -1;
+				}
+				options->aead_xform.aead.key.length =
+							options->ckey_random_size;
+			/* No size provided, use minimum size. */
+			} else
+				options->aead_xform.aead.key.length =
+						cap->sym.aead.key_size.min;
+
+			if (!options->aead_key_param)
+				generate_random_key(
+					options->aead_xform.aead.key.data,
+					options->aead_xform.aead.key.length);
+
+			/*
+			 * Check if length of provided AAD is supported
+			 * by the algorithm chosen.
+			 */
+			if (options->aad_param) {
+				if (check_supported_size(options->aad.length,
+						cap->sym.aead.aad_size.min,
+						cap->sym.aead.aad_size.max,
+						cap->sym.aead.aad_size.increment)
+							!= 0) {
+					printf("Unsupported AAD length\n");
+					return -1;
+				}
+			/*
+			 * Check if length of AAD to be randomly generated
+			 * is supported by the algorithm chosen.
+			 */
+			} else if (options->aad_random_size != -1) {
+				if (check_supported_size(options->aad_random_size,
+						cap->sym.aead.aad_size.min,
+						cap->sym.aead.aad_size.max,
+						cap->sym.aead.aad_size.increment)
+							!= 0) {
+					printf("Unsupported AAD length\n");
+					return -1;
+				}
+				options->aad.length = options->aad_random_size;
+			/* No size provided, use minimum size. */
+			} else
+				options->aad.length = cap->sym.auth.aad_size.min;
+
+			options->aead_xform.aead.add_auth_data_length =
+						options->aad.length;
+
+			/* Check if digest size is supported by the algorithm. */
+			if (options->digest_size != -1) {
+				if (check_supported_size(options->digest_size,
+						cap->sym.aead.digest_size.min,
+						cap->sym.aead.digest_size.max,
+						cap->sym.aead.digest_size.increment)
+							!= 0) {
+					printf("Unsupported digest length\n");
+					return -1;
+				}
+				options->aead_xform.aead.digest_length =
+							options->digest_size;
+			/* No size provided, use minimum size. */
+			} else
+				options->aead_xform.aead.digest_length =
+						cap->sym.aead.digest_size.min;
+		}
+
 		/* Set cipher parameters */
 		if (options->xform_chain == L2FWD_CRYPTO_CIPHER_HASH ||
 				options->xform_chain == L2FWD_CRYPTO_HASH_CIPHER ||
@@ -1818,40 +2124,6 @@ initialize_cryptodevs(struct l2fwd_crypto_options *options, unsigned nb_ports,
 					options->auth_iv_random_size,
 					&options->auth_iv.length);
 			/*
-			 * Check if length of provided AAD is supported
-			 * by the algorithm chosen.
-			 */
-			if (options->aad_param) {
-				if (check_supported_size(options->aad.length,
-						cap->sym.auth.aad_size.min,
-						cap->sym.auth.aad_size.max,
-						cap->sym.auth.aad_size.increment)
-							!= 0) {
-					printf("Unsupported AAD length\n");
-					return -1;
-				}
-			/*
-			 * Check if length of AAD to be randomly generated
-			 * is supported by the algorithm chosen.
-			 */
-			} else if (options->aad_random_size != -1) {
-				if (check_supported_size(options->aad_random_size,
-						cap->sym.auth.aad_size.min,
-						cap->sym.auth.aad_size.max,
-						cap->sym.auth.aad_size.increment)
-							!= 0) {
-					printf("Unsupported AAD length\n");
-					return -1;
-				}
-				options->aad.length = options->aad_random_size;
-			/* No size provided, use minimum size. */
-			} else
-				options->aad.length = cap->sym.auth.aad_size.min;
-
-			options->auth_xform.auth.add_auth_data_length =
-						options->aad.length;
-
-			/*
 			 * Check if length of provided auth key is supported
 			 * by the algorithm chosen.
 			 */
@@ -2052,12 +2324,16 @@ reserve_key_memory(struct l2fwd_crypto_options *options)
 	if (options->cipher_xform.cipher.key.data == NULL)
 		rte_exit(EXIT_FAILURE, "Failed to allocate memory for cipher key");
 
-
 	options->auth_xform.auth.key.data = rte_malloc("auth key",
 						MAX_KEY_SIZE, 0);
 	if (options->auth_xform.auth.key.data == NULL)
 		rte_exit(EXIT_FAILURE, "Failed to allocate memory for auth key");
 
+	options->aead_xform.aead.key.data = rte_malloc("aead key",
+						MAX_KEY_SIZE, 0);
+	if (options->aead_xform.aead.key.data == NULL)
+		rte_exit(EXIT_FAILURE, "Failed to allocate memory for AEAD key");
+
 	options->cipher_iv.data = rte_malloc("cipher iv", MAX_KEY_SIZE, 0);
 	if (options->cipher_iv.data == NULL)
 		rte_exit(EXIT_FAILURE, "Failed to allocate memory for cipher IV");
@@ -2066,6 +2342,10 @@ reserve_key_memory(struct l2fwd_crypto_options *options)
 	if (options->auth_iv.data == NULL)
 		rte_exit(EXIT_FAILURE, "Failed to allocate memory for auth IV");
 
+	options->aead_iv.data = rte_malloc("aead_iv", MAX_KEY_SIZE, 0);
+	if (options->aead_iv.data == NULL)
+		rte_exit(EXIT_FAILURE, "Failed to allocate memory for AEAD iv");
+
 	options->aad.data = rte_malloc("aad", MAX_KEY_SIZE, 0);
 	if (options->aad.data == NULL)
 		rte_exit(EXIT_FAILURE, "Failed to allocate memory for AAD");
-- 
2.9.4

^ permalink raw reply	[flat|nested] 100+ messages in thread

* [dpdk-dev] [PATCH v3 25/26] cryptodev: use AES-GCM/CCM as AEAD algorithms
  2017-06-29 11:34   ` [dpdk-dev] [PATCH v3 00/26] Crypto operation restructuring Pablo de Lara
                       ` (23 preceding siblings ...)
  2017-06-29 11:35     ` [dpdk-dev] [PATCH v3 24/26] examples/l2fwd-crypto: " Pablo de Lara
@ 2017-06-29 11:35     ` Pablo de Lara
  2017-06-29 11:35     ` [dpdk-dev] [PATCH v3 26/26] cryptodev: remove AAD from authentication structure Pablo de Lara
                       ` (2 subsequent siblings)
  27 siblings, 0 replies; 100+ messages in thread
From: Pablo de Lara @ 2017-06-29 11:35 UTC (permalink / raw)
  To: declan.doherty, zbigniew.bodek, jerin.jacob, akhil.goyal,
	hemant.agrawal, fiona.trahe, john.griffin, deepak.k.jain
  Cc: dev, Pablo de Lara

Now that all the structures/functions for AEAD algorithms
are in place, migrate the two supported algorithms
AES-GCM and AES-CCM to these, instead of using
cipher and authentication parameters.

Signed-off-by: Pablo de Lara <pablo.de.lara.guarch@intel.com>
Acked-by: Akhil Goyal <akhil.goyal@nxp.com>
---
 doc/guides/sample_app_ug/ipsec_secgw.rst         |  11 +-
 doc/guides/sample_app_ug/l2_forward_crypto.rst   |   2 +-
 doc/guides/tools/cryptoperf.rst                  |   4 -
 drivers/crypto/aesni_gcm/aesni_gcm_pmd.c         |  76 ++--
 drivers/crypto/aesni_gcm/aesni_gcm_pmd_ops.c     |  24 +-
 drivers/crypto/dpaa2_sec/dpaa2_sec_dpseci.c      |   8 -
 drivers/crypto/openssl/rte_openssl_pmd.c         | 140 +++++--
 drivers/crypto/openssl/rte_openssl_pmd_ops.c     |  26 +-
 drivers/crypto/openssl/rte_openssl_pmd_private.h |   4 +
 drivers/crypto/qat/qat_crypto.c                  | 186 +++++++---
 drivers/crypto/qat/qat_crypto.h                  |   4 +
 drivers/crypto/qat/qat_crypto_capabilities.h     |  34 +-
 examples/ipsec-secgw/esp.c                       | 231 +++++++-----
 examples/ipsec-secgw/sa.c                        | 187 ++++++----
 examples/l2fwd-crypto/main.c                     |   3 +
 lib/librte_cryptodev/rte_crypto_sym.h            | 100 -----
 lib/librte_cryptodev/rte_cryptodev.c             |   4 -
 test/test/test_cryptodev.c                       | 218 +++++------
 test/test/test_cryptodev_perf.c                  | 446 ++++++++++++-----------
 19 files changed, 892 insertions(+), 816 deletions(-)

diff --git a/doc/guides/sample_app_ug/ipsec_secgw.rst b/doc/guides/sample_app_ug/ipsec_secgw.rst
index ca2a34d..75b960f 100644
--- a/doc/guides/sample_app_ug/ipsec_secgw.rst
+++ b/doc/guides/sample_app_ug/ipsec_secgw.rst
@@ -419,7 +419,6 @@ where each options means:
    * *null*: NULL algorithm
    * *aes-128-cbc*: AES-CBC 128-bit algorithm
    * *aes-128-ctr*: AES-CTR 128-bit algorithm
-   * *aes-128-gcm*: AES-GCM 128-bit algorithm
 
  * Syntax: *cipher_algo <your algorithm>*
 
@@ -447,7 +446,6 @@ where each options means:
 
     * *null*: NULL algorithm
     * *sha1-hmac*: HMAC SHA1 algorithm
-    * *aes-128-gcm*: AES-GCM 128-bit algorithm
 
 ``<auth_key>``
 
@@ -470,6 +468,10 @@ where each options means:
 
  * Optional: Yes, unless <cipher_algo> and <auth_algo> are not used
 
+ * Available options:
+
+   * *aes-128-gcm*: AES-GCM 128-bit algorithm
+
  * Syntax: *cipher_algo <your algorithm>*
 
 ``<aead_key>``
@@ -539,9 +541,8 @@ Example SA rules:
     src 1111:1111:1111:1111:1111:1111:1111:5555 \
     dst 2222:2222:2222:2222:2222:2222:2222:5555
 
-    sa in 105 cipher_algo aes-128-gcm \
-    cipher_key de:ad:be:ef:de:ad:be:ef:de:ad:be:ef:de:ad:be:ef:de:ad:be:ef \
-    auth_algo aes-128-gcm \
+    sa in 105 aead_algo aes-128-gcm \
+    aead_key de:ad:be:ef:de:ad:be:ef:de:ad:be:ef:de:ad:be:ef:de:ad:be:ef \
     mode ipv4-tunnel src 172.16.2.5 dst 172.16.1.5
 
 Routing rule syntax
diff --git a/doc/guides/sample_app_ug/l2_forward_crypto.rst b/doc/guides/sample_app_ug/l2_forward_crypto.rst
index 2880c43..2a61af7 100644
--- a/doc/guides/sample_app_ug/l2_forward_crypto.rst
+++ b/doc/guides/sample_app_ug/l2_forward_crypto.rst
@@ -156,7 +156,7 @@ where,
 
     Note that if --auth_iv is used, this will be ignored.
 
-*   aead_algo: select the AEAD algorithm
+*   aead_algo: select the AEAD algorithm (default is aes-gcm)
 
 *   aead_op: select the AEAD operation to perform: ENCRYPT or DECRYPT
 
diff --git a/doc/guides/tools/cryptoperf.rst b/doc/guides/tools/cryptoperf.rst
index 6b797a7..a077e7d 100644
--- a/doc/guides/tools/cryptoperf.rst
+++ b/doc/guides/tools/cryptoperf.rst
@@ -223,10 +223,8 @@ The following are the appication command-line options:
            3des-ecb
            3des-ctr
            aes-cbc
-           aes-ccm
            aes-ctr
            aes-ecb
-           aes-gcm
            aes-f8
            aes-xts
            arc4
@@ -257,9 +255,7 @@ The following are the appication command-line options:
 
            3des-cbc
            aes-cbc-mac
-           aes-ccm
            aes-cmac
-           aes-gcm
            aes-gmac
            aes-xcbc-mac
            md5
diff --git a/drivers/crypto/aesni_gcm/aesni_gcm_pmd.c b/drivers/crypto/aesni_gcm/aesni_gcm_pmd.c
index 36372a6..567c2ec 100644
--- a/drivers/crypto/aesni_gcm/aesni_gcm_pmd.c
+++ b/drivers/crypto/aesni_gcm/aesni_gcm_pmd.c
@@ -77,13 +77,13 @@ aesni_gcm_set_session_parameters(struct aesni_gcm_session *sess,
 		const struct rte_crypto_sym_xform *xform)
 {
 	const struct rte_crypto_sym_xform *auth_xform;
-	const struct rte_crypto_sym_xform *cipher_xform;
+	const struct rte_crypto_sym_xform *aead_xform;
 	uint16_t digest_length;
 	uint8_t key_length;
 	uint8_t *key;
 
 	/* AES-GMAC */
-	if (xform->next == NULL) {
+	if (xform->type == RTE_CRYPTO_SYM_XFORM_AUTH) {
 		auth_xform = xform;
 		if (auth_xform->auth.algo != RTE_CRYPTO_AUTH_AES_GMAC) {
 			GCM_LOG_ERR("Only AES GMAC is supported as an "
@@ -102,52 +102,39 @@ aesni_gcm_set_session_parameters(struct aesni_gcm_session *sess,
 
 		key_length = auth_xform->auth.key.length;
 		key = auth_xform->auth.key.data;
+		digest_length = auth_xform->auth.digest_length;
+
 	/* AES-GCM */
-	} else {
-		if (xform->type == RTE_CRYPTO_SYM_XFORM_CIPHER &&
-				xform->next->type == RTE_CRYPTO_SYM_XFORM_AUTH) {
-			auth_xform = xform->next;
-			cipher_xform = xform;
-		} else if (xform->type == RTE_CRYPTO_SYM_XFORM_AUTH &&
-				xform->next->type == RTE_CRYPTO_SYM_XFORM_CIPHER) {
-			auth_xform = xform;
-			cipher_xform = xform->next;
-		} else {
-			GCM_LOG_ERR("Cipher and auth xform required "
-					"when using AES GCM");
-			return -EINVAL;
-		}
+	} else if (xform->type == RTE_CRYPTO_SYM_XFORM_AEAD) {
+		aead_xform = xform;
 
-		if (!(cipher_xform->cipher.algo == RTE_CRYPTO_CIPHER_AES_GCM &&
-				(auth_xform->auth.algo == RTE_CRYPTO_AUTH_AES_GCM))) {
+		if (aead_xform->aead.algo != RTE_CRYPTO_AEAD_AES_GCM) {
 			GCM_LOG_ERR("The only combined operation "
 						"supported is AES GCM");
 			return -EINVAL;
 		}
 
 		/* Set IV parameters */
-		sess->iv.offset = cipher_xform->cipher.iv.offset;
-		sess->iv.length = cipher_xform->cipher.iv.length;
+		sess->iv.offset = aead_xform->aead.iv.offset;
+		sess->iv.length = aead_xform->aead.iv.length;
 
 		/* Select Crypto operation */
-		if (cipher_xform->cipher.op == RTE_CRYPTO_CIPHER_OP_ENCRYPT &&
-				auth_xform->auth.op == RTE_CRYPTO_AUTH_OP_GENERATE)
+		if (aead_xform->aead.op == RTE_CRYPTO_AEAD_OP_ENCRYPT)
 			sess->op = AESNI_GCM_OP_AUTHENTICATED_ENCRYPTION;
-		else if (cipher_xform->cipher.op == RTE_CRYPTO_CIPHER_OP_DECRYPT &&
-				auth_xform->auth.op == RTE_CRYPTO_AUTH_OP_VERIFY)
+		else
 			sess->op = AESNI_GCM_OP_AUTHENTICATED_DECRYPTION;
-		else {
-			GCM_LOG_ERR("Cipher/Auth operations: Encrypt/Generate or"
-					" Decrypt/Verify are valid only");
-			return -EINVAL;
-		}
 
-		key_length = cipher_xform->auth.key.length;
-		key = cipher_xform->auth.key.data;
+		key_length = aead_xform->aead.key.length;
+		key = aead_xform->aead.key.data;
 
-		sess->aad_length = auth_xform->auth.add_auth_data_length;
+		sess->aad_length = aead_xform->aead.add_auth_data_length;
+		digest_length = aead_xform->aead.digest_length;
+	} else {
+		GCM_LOG_ERR("Wrong xform type, has to be AEAD or authentication");
+		return -EINVAL;
 	}
 
+
 	/* IV check */
 	if (sess->iv.length != 16 && sess->iv.length != 12 &&
 			sess->iv.length != 0) {
@@ -155,8 +142,6 @@ aesni_gcm_set_session_parameters(struct aesni_gcm_session *sess,
 		return -EINVAL;
 	}
 
-	digest_length = auth_xform->auth.digest_length;
-
 	/* Check key length and calculate GCM pre-compute. */
 	switch (key_length) {
 	case 16:
@@ -170,7 +155,7 @@ aesni_gcm_set_session_parameters(struct aesni_gcm_session *sess,
 
 		break;
 	default:
-		GCM_LOG_ERR("Unsupported cipher/auth key length");
+		GCM_LOG_ERR("Unsupported key length");
 		return -EINVAL;
 	}
 
@@ -241,9 +226,9 @@ process_gcm_crypto_op(struct rte_crypto_op *op,
 
 	if (session->op == AESNI_GCM_OP_AUTHENTICATED_ENCRYPTION ||
 			session->op == AESNI_GCM_OP_AUTHENTICATED_DECRYPTION) {
-		offset = sym_op->cipher.data.offset;
+		offset = sym_op->aead.data.offset;
 		data_offset = offset;
-		data_length = sym_op->cipher.data.length;
+		data_length = sym_op->aead.data.length;
 	} else {
 		offset = sym_op->auth.data.offset;
 		data_offset = offset;
@@ -296,7 +281,7 @@ process_gcm_crypto_op(struct rte_crypto_op *op,
 
 		aesni_gcm_enc[session->key].init(&session->gdata,
 				iv_ptr,
-				sym_op->auth.aad.data,
+				sym_op->aead.aad.data,
 				(uint64_t)session->aad_length);
 
 		aesni_gcm_enc[session->key].update(&session->gdata, dst, src,
@@ -320,7 +305,7 @@ process_gcm_crypto_op(struct rte_crypto_op *op,
 		}
 
 		aesni_gcm_enc[session->key].finalize(&session->gdata,
-				sym_op->auth.digest.data,
+				sym_op->aead.digest.data,
 				(uint64_t)session->digest_length);
 	} else if (session->op == AESNI_GCM_OP_AUTHENTICATED_DECRYPTION) {
 		uint8_t *auth_tag = (uint8_t *)rte_pktmbuf_append(sym_op->m_dst ?
@@ -334,7 +319,7 @@ process_gcm_crypto_op(struct rte_crypto_op *op,
 
 		aesni_gcm_dec[session->key].init(&session->gdata,
 				iv_ptr,
-				sym_op->auth.aad.data,
+				sym_op->aead.aad.data,
 				(uint64_t)session->aad_length);
 
 		aesni_gcm_dec[session->key].update(&session->gdata, dst, src,
@@ -414,19 +399,24 @@ post_process_gcm_crypto_op(struct rte_crypto_op *op)
 	/* Verify digest if required */
 	if (session->op == AESNI_GCM_OP_AUTHENTICATED_DECRYPTION ||
 			session->op == AESNI_GMAC_OP_VERIFY) {
+		uint8_t *digest;
 
 		uint8_t *tag = rte_pktmbuf_mtod_offset(m, uint8_t *,
 				m->data_len - session->digest_length);
 
+		if (session->op == AESNI_GMAC_OP_VERIFY)
+			digest = op->sym->auth.digest.data;
+		else
+			digest = op->sym->aead.digest.data;
+
 #ifdef RTE_LIBRTE_PMD_AESNI_GCM_DEBUG
 		rte_hexdump(stdout, "auth tag (orig):",
-				op->sym->auth.digest.data, session->digest_length);
+				digest, session->digest_length);
 		rte_hexdump(stdout, "auth tag (calc):",
 				tag, session->digest_length);
 #endif
 
-		if (memcmp(tag, op->sym->auth.digest.data,
-				session->digest_length) != 0)
+		if (memcmp(tag, digest,	session->digest_length) != 0)
 			op->status = RTE_CRYPTO_OP_STATUS_AUTH_FAILED;
 
 		/* trim area used for digest from mbuf */
diff --git a/drivers/crypto/aesni_gcm/aesni_gcm_pmd_ops.c b/drivers/crypto/aesni_gcm/aesni_gcm_pmd_ops.c
index 39285d0..5317657 100644
--- a/drivers/crypto/aesni_gcm/aesni_gcm_pmd_ops.c
+++ b/drivers/crypto/aesni_gcm/aesni_gcm_pmd_ops.c
@@ -65,12 +65,12 @@ static const struct rte_cryptodev_capabilities aesni_gcm_pmd_capabilities[] = {
 			}, }
 		}, }
 	},
-	{	/* AES GCM (AUTH) */
+	{	/* AES GCM */
 		.op = RTE_CRYPTO_OP_TYPE_SYMMETRIC,
 		{.sym = {
-			.xform_type = RTE_CRYPTO_SYM_XFORM_AUTH,
-			{.auth = {
-				.algo = RTE_CRYPTO_AUTH_AES_GCM,
+			.xform_type = RTE_CRYPTO_SYM_XFORM_AEAD,
+			{.aead = {
+				.algo = RTE_CRYPTO_AEAD_AES_GCM,
 				.block_size = 16,
 				.key_size = {
 					.min = 16,
@@ -87,22 +87,6 @@ static const struct rte_cryptodev_capabilities aesni_gcm_pmd_capabilities[] = {
 					.max = 65535,
 					.increment = 1
 				},
-				.iv_size = { 0 }
-			}, }
-		}, }
-	},
-	{	/* AES GCM (CIPHER) */
-		.op = RTE_CRYPTO_OP_TYPE_SYMMETRIC,
-		{.sym = {
-			.xform_type = RTE_CRYPTO_SYM_XFORM_CIPHER,
-			{.cipher = {
-				.algo = RTE_CRYPTO_CIPHER_AES_GCM,
-				.block_size = 16,
-				.key_size = {
-					.min = 16,
-					.max = 32,
-					.increment = 16
-				},
 				.iv_size = {
 					.min = 12,
 					.max = 12,
diff --git a/drivers/crypto/dpaa2_sec/dpaa2_sec_dpseci.c b/drivers/crypto/dpaa2_sec/dpaa2_sec_dpseci.c
index 8ee6ece..3620751 100644
--- a/drivers/crypto/dpaa2_sec/dpaa2_sec_dpseci.c
+++ b/drivers/crypto/dpaa2_sec/dpaa2_sec_dpseci.c
@@ -817,8 +817,6 @@ dpaa2_sec_cipher_init(struct rte_cryptodev *dev,
 		break;
 	case RTE_CRYPTO_CIPHER_AES_CTR:
 	case RTE_CRYPTO_CIPHER_3DES_CTR:
-	case RTE_CRYPTO_CIPHER_AES_GCM:
-	case RTE_CRYPTO_CIPHER_AES_CCM:
 	case RTE_CRYPTO_CIPHER_AES_ECB:
 	case RTE_CRYPTO_CIPHER_3DES_ECB:
 	case RTE_CRYPTO_CIPHER_AES_XTS:
@@ -946,7 +944,6 @@ dpaa2_sec_auth_init(struct rte_cryptodev *dev,
 		session->auth_alg = RTE_CRYPTO_AUTH_SHA224_HMAC;
 		break;
 	case RTE_CRYPTO_AUTH_AES_XCBC_MAC:
-	case RTE_CRYPTO_AUTH_AES_GCM:
 	case RTE_CRYPTO_AUTH_SNOW3G_UIA2:
 	case RTE_CRYPTO_AUTH_NULL:
 	case RTE_CRYPTO_AUTH_SHA1:
@@ -955,7 +952,6 @@ dpaa2_sec_auth_init(struct rte_cryptodev *dev,
 	case RTE_CRYPTO_AUTH_SHA224:
 	case RTE_CRYPTO_AUTH_SHA384:
 	case RTE_CRYPTO_AUTH_MD5:
-	case RTE_CRYPTO_AUTH_AES_CCM:
 	case RTE_CRYPTO_AUTH_AES_GMAC:
 	case RTE_CRYPTO_AUTH_KASUMI_F9:
 	case RTE_CRYPTO_AUTH_AES_CMAC:
@@ -1100,7 +1096,6 @@ dpaa2_sec_aead_init(struct rte_cryptodev *dev,
 		session->auth_alg = RTE_CRYPTO_AUTH_SHA512_HMAC;
 		break;
 	case RTE_CRYPTO_AUTH_AES_XCBC_MAC:
-	case RTE_CRYPTO_AUTH_AES_GCM:
 	case RTE_CRYPTO_AUTH_SNOW3G_UIA2:
 	case RTE_CRYPTO_AUTH_NULL:
 	case RTE_CRYPTO_AUTH_SHA1:
@@ -1109,7 +1104,6 @@ dpaa2_sec_aead_init(struct rte_cryptodev *dev,
 	case RTE_CRYPTO_AUTH_SHA224:
 	case RTE_CRYPTO_AUTH_SHA384:
 	case RTE_CRYPTO_AUTH_MD5:
-	case RTE_CRYPTO_AUTH_AES_CCM:
 	case RTE_CRYPTO_AUTH_AES_GMAC:
 	case RTE_CRYPTO_AUTH_KASUMI_F9:
 	case RTE_CRYPTO_AUTH_AES_CMAC:
@@ -1141,13 +1135,11 @@ dpaa2_sec_aead_init(struct rte_cryptodev *dev,
 		session->cipher_alg = RTE_CRYPTO_CIPHER_3DES_CBC;
 		ctxt->iv.length = TDES_CBC_IV_LEN;
 		break;
-	case RTE_CRYPTO_CIPHER_AES_GCM:
 	case RTE_CRYPTO_CIPHER_SNOW3G_UEA2:
 	case RTE_CRYPTO_CIPHER_NULL:
 	case RTE_CRYPTO_CIPHER_3DES_ECB:
 	case RTE_CRYPTO_CIPHER_AES_ECB:
 	case RTE_CRYPTO_CIPHER_AES_CTR:
-	case RTE_CRYPTO_CIPHER_AES_CCM:
 	case RTE_CRYPTO_CIPHER_KASUMI_F8:
 		RTE_LOG(ERR, PMD, "Crypto: Unsupported Cipher alg %u",
 			cipher_xform->algo);
diff --git a/drivers/crypto/openssl/rte_openssl_pmd.c b/drivers/crypto/openssl/rte_openssl_pmd.c
index 11260d8..7f5c6aa 100644
--- a/drivers/crypto/openssl/rte_openssl_pmd.c
+++ b/drivers/crypto/openssl/rte_openssl_pmd.c
@@ -89,6 +89,8 @@ openssl_get_chain_order(const struct rte_crypto_sym_xform *xform)
 			else if (xform->next->type == RTE_CRYPTO_SYM_XFORM_AUTH)
 				res =  OPENSSL_CHAIN_CIPHER_AUTH;
 		}
+		if (xform->type == RTE_CRYPTO_SYM_XFORM_AEAD)
+			res = OPENSSL_CHAIN_COMBINED;
 	}
 
 	return res;
@@ -184,21 +186,6 @@ get_cipher_algo(enum rte_crypto_cipher_algorithm sess_algo, size_t keylen,
 				res = -EINVAL;
 			}
 			break;
-		case RTE_CRYPTO_CIPHER_AES_GCM:
-			switch (keylen) {
-			case 16:
-				*algo = EVP_aes_128_gcm();
-				break;
-			case 24:
-				*algo = EVP_aes_192_gcm();
-				break;
-			case 32:
-				*algo = EVP_aes_256_gcm();
-				break;
-			default:
-				res = -EINVAL;
-			}
-			break;
 		default:
 			res = -EINVAL;
 			break;
@@ -254,6 +241,41 @@ get_auth_algo(enum rte_crypto_auth_algorithm sessalgo,
 	return res;
 }
 
+/** Get adequate openssl function for input cipher algorithm */
+static uint8_t
+get_aead_algo(enum rte_crypto_aead_algorithm sess_algo, size_t keylen,
+		const EVP_CIPHER **algo)
+{
+	int res = 0;
+
+	if (algo != NULL) {
+		switch (sess_algo) {
+		case RTE_CRYPTO_AEAD_AES_GCM:
+			switch (keylen) {
+			case 16:
+				*algo = EVP_aes_128_gcm();
+				break;
+			case 24:
+				*algo = EVP_aes_192_gcm();
+				break;
+			case 32:
+				*algo = EVP_aes_256_gcm();
+				break;
+			default:
+				res = -EINVAL;
+			}
+			break;
+		default:
+			res = -EINVAL;
+			break;
+		}
+	} else {
+		res = -EINVAL;
+	}
+
+	return res;
+}
+
 /** Set session cipher parameters */
 static int
 openssl_set_session_cipher_parameters(struct openssl_session *sess,
@@ -273,7 +295,6 @@ openssl_set_session_cipher_parameters(struct openssl_session *sess,
 	case RTE_CRYPTO_CIPHER_3DES_CBC:
 	case RTE_CRYPTO_CIPHER_AES_CBC:
 	case RTE_CRYPTO_CIPHER_AES_CTR:
-	case RTE_CRYPTO_CIPHER_AES_GCM:
 		sess->cipher.mode = OPENSSL_CIPHER_LIB;
 		sess->cipher.algo = xform->cipher.algo;
 		sess->cipher.ctx = EVP_CIPHER_CTX_new();
@@ -330,12 +351,6 @@ openssl_set_session_auth_parameters(struct openssl_session *sess,
 
 	/* Select auth algo */
 	switch (xform->auth.algo) {
-	case RTE_CRYPTO_AUTH_AES_GCM:
-		/* Check additional condition for AES_GCM */
-		if (sess->cipher.algo != RTE_CRYPTO_CIPHER_AES_GCM)
-			return -EINVAL;
-		sess->chain_order = OPENSSL_CHAIN_COMBINED;
-		break;
 	case RTE_CRYPTO_AUTH_AES_GMAC:
 		sess->chain_order = OPENSSL_CHAIN_COMBINED;
 
@@ -356,7 +371,7 @@ openssl_set_session_auth_parameters(struct openssl_session *sess,
 		sess->cipher.key.length = xform->auth.key.length;
 		sess->cipher.ctx = EVP_CIPHER_CTX_new();
 
-		if (get_cipher_algo(RTE_CRYPTO_CIPHER_AES_GCM,
+		if (get_aead_algo(RTE_CRYPTO_AEAD_AES_GCM,
 				sess->cipher.key.length,
 				&sess->cipher.evp_algo) != 0)
 			return -EINVAL;
@@ -404,6 +419,50 @@ openssl_set_session_auth_parameters(struct openssl_session *sess,
 	return 0;
 }
 
+/* Set session AEAD parameters */
+static int
+openssl_set_session_aead_parameters(struct openssl_session *sess,
+		const struct rte_crypto_sym_xform *xform)
+{
+	/* Select cipher direction */
+	sess->cipher.direction = xform->cipher.op;
+	/* Select cipher key */
+	sess->cipher.key.length = xform->aead.key.length;
+
+	/* Set IV parameters */
+	sess->iv.offset = xform->aead.iv.offset;
+	sess->iv.length = xform->aead.iv.length;
+
+	/* Select auth generate/verify */
+	sess->auth.operation = xform->auth.op;
+	sess->auth.algo = xform->auth.algo;
+
+	/* Select auth algo */
+	switch (xform->aead.algo) {
+	case RTE_CRYPTO_AEAD_AES_GCM:
+		sess->cipher.mode = OPENSSL_CIPHER_LIB;
+		sess->aead_algo = xform->aead.algo;
+		sess->cipher.ctx = EVP_CIPHER_CTX_new();
+
+		if (get_aead_algo(sess->aead_algo, sess->cipher.key.length,
+				&sess->cipher.evp_algo) != 0)
+			return -EINVAL;
+
+		get_cipher_key(xform->cipher.key.data, sess->cipher.key.length,
+			sess->cipher.key.data);
+
+		sess->chain_order = OPENSSL_CHAIN_COMBINED;
+		break;
+	default:
+		return -EINVAL;
+	}
+
+	sess->auth.aad_length = xform->aead.add_auth_data_length;
+	sess->auth.digest_length = xform->aead.digest_length;
+
+	return 0;
+}
+
 /** Parse crypto xform chain and set private session parameters */
 int
 openssl_set_session_parameters(struct openssl_session *sess,
@@ -411,6 +470,7 @@ openssl_set_session_parameters(struct openssl_session *sess,
 {
 	const struct rte_crypto_sym_xform *cipher_xform = NULL;
 	const struct rte_crypto_sym_xform *auth_xform = NULL;
+	const struct rte_crypto_sym_xform *aead_xform = NULL;
 
 	sess->chain_order = openssl_get_chain_order(xform);
 	switch (sess->chain_order) {
@@ -428,6 +488,9 @@ openssl_set_session_parameters(struct openssl_session *sess,
 		auth_xform = xform;
 		cipher_xform = xform->next;
 		break;
+	case OPENSSL_CHAIN_COMBINED:
+		aead_xform = xform;
+		break;
 	default:
 		return -EINVAL;
 	}
@@ -453,6 +516,14 @@ openssl_set_session_parameters(struct openssl_session *sess,
 		}
 	}
 
+	if (aead_xform) {
+		if (openssl_set_session_aead_parameters(sess, aead_xform)) {
+			OPENSSL_LOG_ERR(
+				"Invalid/unsupported auth parameters");
+			return -EINVAL;
+		}
+	}
+
 	return 0;
 }
 
@@ -965,26 +1036,27 @@ process_openssl_combined_op
 	iv = rte_crypto_op_ctod_offset(op, uint8_t *,
 			sess->iv.offset);
 	ivlen = sess->iv.length;
-	tag = op->sym->auth.digest.data;
-	if (tag == NULL)
-		tag = rte_pktmbuf_mtod_offset(mbuf_dst, uint8_t *,
-				op->sym->cipher.data.offset +
-				op->sym->cipher.data.length);
-
 	if (sess->auth.algo == RTE_CRYPTO_AUTH_AES_GMAC) {
 		srclen = 0;
 		offset = op->sym->auth.data.offset;
 		aadlen = op->sym->auth.data.length;
 		aad = rte_pktmbuf_mtod_offset(mbuf_src, uint8_t *,
 				op->sym->auth.data.offset);
-
+		tag = op->sym->auth.digest.data;
+		if (tag == NULL)
+			tag = rte_pktmbuf_mtod_offset(mbuf_dst, uint8_t *,
+				offset + aadlen);
 	} else {
-		srclen = op->sym->cipher.data.length;
+		srclen = op->sym->aead.data.length;
 		dst = rte_pktmbuf_mtod_offset(mbuf_dst, uint8_t *,
-				op->sym->cipher.data.offset);
-		offset = op->sym->cipher.data.offset;
-		aad = op->sym->auth.aad.data;
+				op->sym->aead.data.offset);
+		offset = op->sym->aead.data.offset;
+		aad = op->sym->aead.aad.data;
 		aadlen = sess->auth.aad_length;
+		tag = op->sym->aead.digest.data;
+		if (tag == NULL)
+			tag = rte_pktmbuf_mtod_offset(mbuf_dst, uint8_t *,
+				offset + srclen);
 	}
 
 	if (sess->cipher.direction == RTE_CRYPTO_CIPHER_OP_ENCRYPT)
diff --git a/drivers/crypto/openssl/rte_openssl_pmd_ops.c b/drivers/crypto/openssl/rte_openssl_pmd_ops.c
index fc525d9..26265b8 100644
--- a/drivers/crypto/openssl/rte_openssl_pmd_ops.c
+++ b/drivers/crypto/openssl/rte_openssl_pmd_ops.c
@@ -344,12 +344,12 @@ static const struct rte_cryptodev_capabilities openssl_pmd_capabilities[] = {
 			}, }
 		}, }
 	},
-	{	/* AES GCM (AUTH) */
+	{	/* AES GCM */
 		.op = RTE_CRYPTO_OP_TYPE_SYMMETRIC,
 		{.sym = {
-			.xform_type = RTE_CRYPTO_SYM_XFORM_AUTH,
-			{.auth = {
-				.algo = RTE_CRYPTO_AUTH_AES_GCM,
+			.xform_type = RTE_CRYPTO_SYM_XFORM_AEAD,
+			{.aead = {
+				.algo = RTE_CRYPTO_AEAD_AES_GCM,
 				.block_size = 16,
 				.key_size = {
 					.min = 16,
@@ -366,27 +366,11 @@ static const struct rte_cryptodev_capabilities openssl_pmd_capabilities[] = {
 					.max = 65535,
 					.increment = 1
 				},
-				.iv_size = { 0 }
-			}, }
-		}, }
-	},
-	{	/* AES GCM (CIPHER) */
-		.op = RTE_CRYPTO_OP_TYPE_SYMMETRIC,
-		{.sym = {
-			.xform_type = RTE_CRYPTO_SYM_XFORM_CIPHER,
-			{.cipher = {
-				.algo = RTE_CRYPTO_CIPHER_AES_GCM,
-				.block_size = 16,
-				.key_size = {
-					.min = 16,
-					.max = 32,
-					.increment = 8
-				},
 				.iv_size = {
 					.min = 12,
 					.max = 16,
 					.increment = 4
-				}
+				},
 			}, }
 		}, }
 	},
diff --git a/drivers/crypto/openssl/rte_openssl_pmd_private.h b/drivers/crypto/openssl/rte_openssl_pmd_private.h
index 4c9be05..7799407 100644
--- a/drivers/crypto/openssl/rte_openssl_pmd_private.h
+++ b/drivers/crypto/openssl/rte_openssl_pmd_private.h
@@ -113,6 +113,10 @@ struct openssl_session {
 		uint16_t offset;
 	} iv;
 	/**< IV parameters */
+
+	enum rte_crypto_aead_algorithm aead_algo;
+	/**< AEAD algorithm */
+
 	/** Cipher Parameters */
 	struct {
 		enum rte_crypto_cipher_operation direction;
diff --git a/drivers/crypto/qat/qat_crypto.c b/drivers/crypto/qat/qat_crypto.c
index 81f7a1f..c3e7662 100644
--- a/drivers/crypto/qat/qat_crypto.c
+++ b/drivers/crypto/qat/qat_crypto.c
@@ -246,6 +246,14 @@ qat_get_cmd_id(const struct rte_crypto_sym_xform *xform)
 	if (xform->type == RTE_CRYPTO_SYM_XFORM_AUTH && xform->next == NULL)
 		return ICP_QAT_FW_LA_CMD_AUTH;
 
+	/* AEAD */
+	if (xform->type == RTE_CRYPTO_SYM_XFORM_AEAD) {
+		if (xform->aead.op == RTE_CRYPTO_AEAD_OP_ENCRYPT)
+			return ICP_QAT_FW_LA_CMD_CIPHER_HASH;
+		else
+			return ICP_QAT_FW_LA_CMD_HASH_CIPHER;
+	}
+
 	if (xform->next == NULL)
 		return -1;
 
@@ -310,14 +318,6 @@ qat_crypto_sym_configure_session_cipher(struct rte_cryptodev *dev,
 		}
 		session->qat_mode = ICP_QAT_HW_CIPHER_CBC_MODE;
 		break;
-	case RTE_CRYPTO_CIPHER_AES_GCM:
-		if (qat_alg_validate_aes_key(cipher_xform->key.length,
-				&session->qat_cipher_alg) != 0) {
-			PMD_DRV_LOG(ERR, "Invalid AES cipher key size");
-			goto error_out;
-		}
-		session->qat_mode = ICP_QAT_HW_CIPHER_CTR_MODE;
-		break;
 	case RTE_CRYPTO_CIPHER_AES_CTR:
 		if (qat_alg_validate_aes_key(cipher_xform->key.length,
 				&session->qat_cipher_alg) != 0) {
@@ -418,7 +418,6 @@ qat_crypto_sym_configure_session_cipher(struct rte_cryptodev *dev,
 		break;
 	case RTE_CRYPTO_CIPHER_3DES_ECB:
 	case RTE_CRYPTO_CIPHER_AES_ECB:
-	case RTE_CRYPTO_CIPHER_AES_CCM:
 	case RTE_CRYPTO_CIPHER_AES_F8:
 	case RTE_CRYPTO_CIPHER_AES_XTS:
 	case RTE_CRYPTO_CIPHER_ARC4:
@@ -476,12 +475,26 @@ qat_crypto_sym_configure_session(struct rte_cryptodev *dev,
 	session = qat_crypto_sym_configure_session_auth(dev, xform, session);
 		break;
 	case ICP_QAT_FW_LA_CMD_CIPHER_HASH:
-	session = qat_crypto_sym_configure_session_cipher(dev, xform, session);
-	session = qat_crypto_sym_configure_session_auth(dev, xform, session);
+		if (xform->type == RTE_CRYPTO_SYM_XFORM_AEAD)
+			session = qat_crypto_sym_configure_session_aead(xform,
+					session);
+		else {
+			session = qat_crypto_sym_configure_session_cipher(dev,
+					xform, session);
+			session = qat_crypto_sym_configure_session_auth(dev,
+					xform, session);
+		}
 		break;
 	case ICP_QAT_FW_LA_CMD_HASH_CIPHER:
-	session = qat_crypto_sym_configure_session_auth(dev, xform, session);
-	session = qat_crypto_sym_configure_session_cipher(dev, xform, session);
+		if (xform->type == RTE_CRYPTO_SYM_XFORM_AEAD)
+			session = qat_crypto_sym_configure_session_aead(xform,
+					session);
+		else {
+			session = qat_crypto_sym_configure_session_auth(dev,
+					xform, session);
+			session = qat_crypto_sym_configure_session_cipher(dev,
+					xform, session);
+		}
 		break;
 	case ICP_QAT_FW_LA_CMD_TRNG_GET_RANDOM:
 	case ICP_QAT_FW_LA_CMD_TRNG_TEST:
@@ -515,7 +528,6 @@ qat_crypto_sym_configure_session_auth(struct rte_cryptodev *dev,
 
 	struct qat_session *session = session_private;
 	struct rte_crypto_auth_xform *auth_xform = NULL;
-	struct rte_crypto_cipher_xform *cipher_xform = NULL;
 	struct qat_pmd_private *internals = dev->data->dev_private;
 	auth_xform = qat_get_auth_xform(xform);
 	uint8_t *key_data = auth_xform->key.data;
@@ -540,14 +552,6 @@ qat_crypto_sym_configure_session_auth(struct rte_cryptodev *dev,
 	case RTE_CRYPTO_AUTH_AES_XCBC_MAC:
 		session->qat_hash_alg = ICP_QAT_HW_AUTH_ALGO_AES_XCBC_MAC;
 		break;
-	case RTE_CRYPTO_AUTH_AES_GCM:
-		cipher_xform = qat_get_cipher_xform(xform);
-
-		session->qat_hash_alg = ICP_QAT_HW_AUTH_ALGO_GALOIS_128;
-
-		key_data = cipher_xform->key.data;
-		key_length = cipher_xform->key.length;
-		break;
 	case RTE_CRYPTO_AUTH_AES_GMAC:
 		if (qat_alg_validate_aes_key(auth_xform->key.length,
 				&session->qat_cipher_alg) != 0) {
@@ -585,7 +589,6 @@ qat_crypto_sym_configure_session_auth(struct rte_cryptodev *dev,
 	case RTE_CRYPTO_AUTH_SHA224:
 	case RTE_CRYPTO_AUTH_SHA384:
 	case RTE_CRYPTO_AUTH_MD5:
-	case RTE_CRYPTO_AUTH_AES_CCM:
 	case RTE_CRYPTO_AUTH_AES_CMAC:
 	case RTE_CRYPTO_AUTH_AES_CBC_MAC:
 		PMD_DRV_LOG(ERR, "Crypto: Unsupported hash alg %u",
@@ -646,7 +649,7 @@ qat_crypto_sym_configure_session_auth(struct rte_cryptodev *dev,
 		if (qat_alg_aead_session_create_content_desc_auth(session,
 				key_data,
 				key_length,
-				auth_xform->add_auth_data_length,
+				0,
 				auth_xform->digest_length,
 				auth_xform->op))
 			goto error_out;
@@ -659,6 +662,85 @@ qat_crypto_sym_configure_session_auth(struct rte_cryptodev *dev,
 	return NULL;
 }
 
+struct qat_session *
+qat_crypto_sym_configure_session_aead(struct rte_crypto_sym_xform *xform,
+				struct qat_session *session_private)
+{
+	struct qat_session *session = session_private;
+	struct rte_crypto_aead_xform *aead_xform = &xform->aead;
+
+	/*
+	 * Store AEAD IV parameters as cipher IV,
+	 * to avoid unnecessary memory usage
+	 */
+	session->cipher_iv.offset = xform->aead.iv.offset;
+	session->cipher_iv.length = xform->aead.iv.length;
+
+	switch (aead_xform->algo) {
+	case RTE_CRYPTO_AEAD_AES_GCM:
+		if (qat_alg_validate_aes_key(aead_xform->key.length,
+				&session->qat_cipher_alg) != 0) {
+			PMD_DRV_LOG(ERR, "Invalid AES key size");
+			goto error_out;
+		}
+		session->qat_mode = ICP_QAT_HW_CIPHER_CTR_MODE;
+		session->qat_hash_alg = ICP_QAT_HW_AUTH_ALGO_GALOIS_128;
+		break;
+	case RTE_CRYPTO_AEAD_AES_CCM:
+		PMD_DRV_LOG(ERR, "Crypto QAT PMD: Unsupported AEAD alg %u",
+				aead_xform->algo);
+		goto error_out;
+	default:
+		PMD_DRV_LOG(ERR, "Crypto: Undefined AEAD specified %u\n",
+				aead_xform->algo);
+		goto error_out;
+	}
+
+	if (aead_xform->op == RTE_CRYPTO_AEAD_OP_ENCRYPT) {
+		session->qat_dir = ICP_QAT_HW_CIPHER_ENCRYPT;
+		/*
+		 * It needs to create cipher desc content first,
+		 * then authentication
+		 */
+		if (qat_alg_aead_session_create_content_desc_cipher(session,
+					aead_xform->key.data,
+					aead_xform->key.length))
+			goto error_out;
+
+		if (qat_alg_aead_session_create_content_desc_auth(session,
+					aead_xform->key.data,
+					aead_xform->key.length,
+					aead_xform->add_auth_data_length,
+					aead_xform->digest_length,
+					RTE_CRYPTO_AUTH_OP_GENERATE))
+			goto error_out;
+	} else {
+		session->qat_dir = ICP_QAT_HW_CIPHER_DECRYPT;
+		/*
+		 * It needs to create authentication desc content first,
+		 * then cipher
+		 */
+		if (qat_alg_aead_session_create_content_desc_auth(session,
+					aead_xform->key.data,
+					aead_xform->key.length,
+					aead_xform->add_auth_data_length,
+					aead_xform->digest_length,
+					RTE_CRYPTO_AUTH_OP_VERIFY))
+			goto error_out;
+
+		if (qat_alg_aead_session_create_content_desc_cipher(session,
+					aead_xform->key.data,
+					aead_xform->key.length))
+			goto error_out;
+	}
+
+	session->digest_length = aead_xform->digest_length;
+	return session;
+
+error_out:
+	return NULL;
+}
+
 unsigned qat_crypto_sym_get_session_private_size(
 		struct rte_cryptodev *dev __rte_unused)
 {
@@ -969,7 +1051,7 @@ qat_write_hw_desc_entry(struct rte_crypto_op *op, uint8_t *out_msg,
 	struct icp_qat_fw_la_cipher_req_params *cipher_param;
 	struct icp_qat_fw_la_auth_req_params *auth_param;
 	register struct icp_qat_fw_la_bulk_req *qat_req;
-	uint8_t do_auth = 0, do_cipher = 0;
+	uint8_t do_auth = 0, do_cipher = 0, do_aead = 0;
 	uint32_t cipher_len = 0, cipher_ofs = 0;
 	uint32_t auth_len = 0, auth_ofs = 0;
 	uint32_t min_ofs = 0;
@@ -1003,9 +1085,15 @@ qat_write_hw_desc_entry(struct rte_crypto_op *op, uint8_t *out_msg,
 	auth_param = (void *)((uint8_t *)cipher_param + sizeof(*cipher_param));
 
 	if (ctx->qat_cmd == ICP_QAT_FW_LA_CMD_HASH_CIPHER ||
-		ctx->qat_cmd == ICP_QAT_FW_LA_CMD_CIPHER_HASH) {
-		do_auth = 1;
-		do_cipher = 1;
+			ctx->qat_cmd == ICP_QAT_FW_LA_CMD_CIPHER_HASH) {
+		/* AES-GCM */
+		if (ctx->qat_hash_alg == ICP_QAT_HW_AUTH_ALGO_GALOIS_128 ||
+				ctx->qat_hash_alg == ICP_QAT_HW_AUTH_ALGO_GALOIS_64) {
+			do_aead = 1;
+		} else {
+			do_auth = 1;
+			do_cipher = 1;
+		}
 	} else if (ctx->qat_cmd == ICP_QAT_FW_LA_CMD_AUTH) {
 		do_auth = 1;
 		do_cipher = 0;
@@ -1087,18 +1175,10 @@ qat_write_hw_desc_entry(struct rte_crypto_op *op, uint8_t *out_msg,
 					ICP_QAT_HW_AUTH_ALGO_GALOIS_128 ||
 				ctx->qat_hash_alg ==
 					ICP_QAT_HW_AUTH_ALGO_GALOIS_64) {
-			/* AES-GCM */
-			if (do_cipher) {
-				auth_ofs = op->sym->cipher.data.offset;
-				auth_len = op->sym->cipher.data.length;
-
-				auth_param->u1.aad_adr = op->sym->auth.aad.phys_addr;
 			/* AES-GMAC */
-			} else {
-				set_cipher_iv(ctx->auth_iv.length,
-					ctx->auth_iv.offset,
-					cipher_param, op, qat_req);
-			}
+			set_cipher_iv(ctx->auth_iv.length,
+				ctx->auth_iv.offset,
+				cipher_param, op, qat_req);
 		} else {
 			auth_ofs = op->sym->auth.data.offset;
 			auth_len = op->sym->auth.data.length;
@@ -1110,6 +1190,19 @@ qat_write_hw_desc_entry(struct rte_crypto_op *op, uint8_t *out_msg,
 
 	}
 
+	if (do_aead) {
+		cipher_len = op->sym->aead.data.length;
+		cipher_ofs = op->sym->aead.data.offset;
+		auth_len = op->sym->aead.data.length;
+		auth_ofs = op->sym->aead.data.offset;
+
+		auth_param->u1.aad_adr = op->sym->aead.aad.phys_addr;
+		auth_param->auth_res_addr = op->sym->aead.digest.phys_addr;
+		set_cipher_iv(ctx->cipher_iv.length, ctx->cipher_iv.offset,
+				cipher_param, op, qat_req);
+		min_ofs = op->sym->aead.data.offset;
+	}
+
 	if (op->sym->m_src->next || (op->sym->m_dst && op->sym->m_dst->next))
 		do_sgl = 1;
 
@@ -1151,7 +1244,7 @@ qat_write_hw_desc_entry(struct rte_crypto_op *op, uint8_t *out_msg,
 		dst_buf_start = src_buf_start;
 	}
 
-	if (do_cipher) {
+	if (do_cipher || do_aead) {
 		cipher_param->cipher_offset =
 				(uint32_t)rte_pktmbuf_mtophys_offset(
 				op->sym->m_src, cipher_ofs) - src_buf_start;
@@ -1160,7 +1253,8 @@ qat_write_hw_desc_entry(struct rte_crypto_op *op, uint8_t *out_msg,
 		cipher_param->cipher_offset = 0;
 		cipher_param->cipher_length = 0;
 	}
-	if (do_auth) {
+
+	if (do_auth || do_aead) {
 		auth_param->auth_off = (uint32_t)rte_pktmbuf_mtophys_offset(
 				op->sym->m_src, auth_ofs) - src_buf_start;
 		auth_param->auth_len = auth_len;
@@ -1168,6 +1262,7 @@ qat_write_hw_desc_entry(struct rte_crypto_op *op, uint8_t *out_msg,
 		auth_param->auth_off = 0;
 		auth_param->auth_len = 0;
 	}
+
 	qat_req->comn_mid.dst_length =
 		qat_req->comn_mid.src_length =
 		(cipher_param->cipher_offset + cipher_param->cipher_length)
@@ -1226,7 +1321,7 @@ qat_write_hw_desc_entry(struct rte_crypto_op *op, uint8_t *out_msg,
 				ICP_QAT_FW_LA_GCM_IV_LEN_12_OCTETS);
 		}
 		/* GMAC */
-		if (!do_cipher) {
+		if (!do_aead) {
 			qat_req->comn_mid.dst_length =
 				qat_req->comn_mid.src_length =
 					rte_pktmbuf_data_len(op->sym->m_src);
@@ -1261,7 +1356,12 @@ qat_write_hw_desc_entry(struct rte_crypto_op *op, uint8_t *out_msg,
 		}
 		rte_hexdump(stdout, "digest:", op->sym->auth.digest.data,
 				ctx->digest_length);
-		rte_hexdump(stdout, "aad:", op->sym->auth.aad.data,
+	}
+
+	if (do_aead) {
+		rte_hexdump(stdout, "digest:", op->sym->aead.digest.data,
+				ctx->digest_length);
+		rte_hexdump(stdout, "aad:", op->sym->aead.aad.data,
 				ctx->aad_len);
 	}
 #endif
diff --git a/drivers/crypto/qat/qat_crypto.h b/drivers/crypto/qat/qat_crypto.h
index b740d6b..f76f3ca 100644
--- a/drivers/crypto/qat/qat_crypto.h
+++ b/drivers/crypto/qat/qat_crypto.h
@@ -117,6 +117,10 @@ qat_crypto_sym_configure_session(struct rte_cryptodev *dev,
 		struct rte_crypto_sym_xform *xform, void *session_private);
 
 struct qat_session *
+qat_crypto_sym_configure_session_aead(struct rte_crypto_sym_xform *xform,
+				struct qat_session *session_private);
+
+struct qat_session *
 qat_crypto_sym_configure_session_auth(struct rte_cryptodev *dev,
 				struct rte_crypto_sym_xform *xform,
 				struct qat_session *session_private);
diff --git a/drivers/crypto/qat/qat_crypto_capabilities.h b/drivers/crypto/qat/qat_crypto_capabilities.h
index d863ccd..fee8ee1 100644
--- a/drivers/crypto/qat/qat_crypto_capabilities.h
+++ b/drivers/crypto/qat/qat_crypto_capabilities.h
@@ -189,12 +189,12 @@
 			}, }						\
 		}, }							\
 	},								\
-	{	/* AES GCM (AUTH) */					\
+	{	/* AES GCM */						\
 		.op = RTE_CRYPTO_OP_TYPE_SYMMETRIC,			\
 		{.sym = {						\
-			.xform_type = RTE_CRYPTO_SYM_XFORM_AUTH,	\
-			{.auth = {					\
-				.algo = RTE_CRYPTO_AUTH_AES_GCM,	\
+			.xform_type = RTE_CRYPTO_SYM_XFORM_AEAD,	\
+			{.aead = {					\
+				.algo = RTE_CRYPTO_AEAD_AES_GCM,	\
 				.block_size = 16,			\
 				.key_size = {				\
 					.min = 16,			\
@@ -211,7 +211,11 @@
 					.max = 240,			\
 					.increment = 1			\
 				},					\
-				.iv_size = { 0 }			\
+				.iv_size = {				\
+					.min = 12,			\
+					.max = 12,			\
+					.increment = 0			\
+				},					\
 			}, }						\
 		}, }							\
 	},								\
@@ -266,26 +270,6 @@
 			}, }						\
 		}, }							\
 	},								\
-	{	/* AES GCM (CIPHER) */					\
-		.op = RTE_CRYPTO_OP_TYPE_SYMMETRIC,			\
-		{.sym = {						\
-			.xform_type = RTE_CRYPTO_SYM_XFORM_CIPHER,	\
-			{.cipher = {					\
-				.algo = RTE_CRYPTO_CIPHER_AES_GCM,	\
-				.block_size = 16,			\
-				.key_size = {				\
-					.min = 16,			\
-					.max = 32,			\
-					.increment = 8			\
-				},					\
-				.iv_size = {				\
-					.min = 12,			\
-					.max = 12,			\
-					.increment = 0			\
-				}					\
-			}, }						\
-		}, }							\
-	},								\
 	{	/* AES CBC */						\
 		.op = RTE_CRYPTO_OP_TYPE_SYMMETRIC,			\
 		{.sym = {						\
diff --git a/examples/ipsec-secgw/esp.c b/examples/ipsec-secgw/esp.c
index d544a3c..c1dbd15 100644
--- a/examples/ipsec-secgw/esp.c
+++ b/examples/ipsec-secgw/esp.c
@@ -84,62 +84,79 @@ esp_inbound(struct rte_mbuf *m, struct ipsec_sa *sa,
 	}
 
 	sym_cop = get_sym_cop(cop);
-
 	sym_cop->m_src = m;
-	sym_cop->cipher.data.offset =  ip_hdr_len + sizeof(struct esp_hdr) +
-		sa->iv_len;
-	sym_cop->cipher.data.length = payload_len;
-
-	struct cnt_blk *icb;
-	uint8_t *aad;
-	uint8_t *iv = RTE_PTR_ADD(ip4, ip_hdr_len + sizeof(struct esp_hdr));
-	uint8_t *iv_ptr = rte_crypto_op_ctod_offset(cop,
-				uint8_t *, IV_OFFSET);
-
-	switch (sa->cipher_algo) {
-	case RTE_CRYPTO_CIPHER_NULL:
-	case RTE_CRYPTO_CIPHER_AES_CBC:
-		/* Copy IV at the end of crypto operation */
-		rte_memcpy(iv_ptr, iv, sa->iv_len);
-		break;
-	case RTE_CRYPTO_CIPHER_AES_CTR:
-	case RTE_CRYPTO_CIPHER_AES_GCM:
+
+	if (sa->aead_algo == RTE_CRYPTO_AEAD_AES_GCM) {
+		sym_cop->aead.data.offset =  ip_hdr_len + sizeof(struct esp_hdr) +
+			sa->iv_len;
+		sym_cop->aead.data.length = payload_len;
+
+		struct cnt_blk *icb;
+		uint8_t *aad;
+		uint8_t *iv = RTE_PTR_ADD(ip4, ip_hdr_len + sizeof(struct esp_hdr));
+
 		icb = get_cnt_blk(m);
 		icb->salt = sa->salt;
 		memcpy(&icb->iv, iv, 8);
 		icb->cnt = rte_cpu_to_be_32(1);
-		break;
-	default:
-		RTE_LOG(ERR, IPSEC_ESP, "unsupported cipher algorithm %u\n",
-				sa->cipher_algo);
-		return -EINVAL;
-	}
 
-	switch (sa->auth_algo) {
-	case RTE_CRYPTO_AUTH_NULL:
-	case RTE_CRYPTO_AUTH_SHA1_HMAC:
-	case RTE_CRYPTO_AUTH_SHA256_HMAC:
-		sym_cop->auth.data.offset = ip_hdr_len;
-		sym_cop->auth.data.length = sizeof(struct esp_hdr) +
-			sa->iv_len + payload_len;
-		break;
-	case RTE_CRYPTO_AUTH_AES_GCM:
 		aad = get_aad(m);
 		memcpy(aad, iv - sizeof(struct esp_hdr), 8);
-		sym_cop->auth.aad.data = aad;
-		sym_cop->auth.aad.phys_addr = rte_pktmbuf_mtophys_offset(m,
+		sym_cop->aead.aad.data = aad;
+		sym_cop->aead.aad.phys_addr = rte_pktmbuf_mtophys_offset(m,
 				aad - rte_pktmbuf_mtod(m, uint8_t *));
-		break;
-	default:
-		RTE_LOG(ERR, IPSEC_ESP, "unsupported auth algorithm %u\n",
-				sa->auth_algo);
-		return -EINVAL;
-	}
 
-	sym_cop->auth.digest.data = rte_pktmbuf_mtod_offset(m, void*,
-			rte_pktmbuf_pkt_len(m) - sa->digest_len);
-	sym_cop->auth.digest.phys_addr = rte_pktmbuf_mtophys_offset(m,
-			rte_pktmbuf_pkt_len(m) - sa->digest_len);
+		sym_cop->aead.digest.data = rte_pktmbuf_mtod_offset(m, void*,
+				rte_pktmbuf_pkt_len(m) - sa->digest_len);
+		sym_cop->aead.digest.phys_addr = rte_pktmbuf_mtophys_offset(m,
+				rte_pktmbuf_pkt_len(m) - sa->digest_len);
+	} else {
+		sym_cop->cipher.data.offset =  ip_hdr_len + sizeof(struct esp_hdr) +
+			sa->iv_len;
+		sym_cop->cipher.data.length = payload_len;
+
+		struct cnt_blk *icb;
+		uint8_t *iv = RTE_PTR_ADD(ip4, ip_hdr_len + sizeof(struct esp_hdr));
+		uint8_t *iv_ptr = rte_crypto_op_ctod_offset(cop,
+					uint8_t *, IV_OFFSET);
+
+		switch (sa->cipher_algo) {
+		case RTE_CRYPTO_CIPHER_NULL:
+		case RTE_CRYPTO_CIPHER_AES_CBC:
+			/* Copy IV at the end of crypto operation */
+			rte_memcpy(iv_ptr, iv, sa->iv_len);
+			break;
+		case RTE_CRYPTO_CIPHER_AES_CTR:
+			icb = get_cnt_blk(m);
+			icb->salt = sa->salt;
+			memcpy(&icb->iv, iv, 8);
+			icb->cnt = rte_cpu_to_be_32(1);
+			break;
+		default:
+			RTE_LOG(ERR, IPSEC_ESP, "unsupported cipher algorithm %u\n",
+					sa->cipher_algo);
+			return -EINVAL;
+		}
+
+		switch (sa->auth_algo) {
+		case RTE_CRYPTO_AUTH_NULL:
+		case RTE_CRYPTO_AUTH_SHA1_HMAC:
+		case RTE_CRYPTO_AUTH_SHA256_HMAC:
+			sym_cop->auth.data.offset = ip_hdr_len;
+			sym_cop->auth.data.length = sizeof(struct esp_hdr) +
+				sa->iv_len + payload_len;
+			break;
+		default:
+			RTE_LOG(ERR, IPSEC_ESP, "unsupported auth algorithm %u\n",
+					sa->auth_algo);
+			return -EINVAL;
+		}
+
+		sym_cop->auth.digest.data = rte_pktmbuf_mtod_offset(m, void*,
+				rte_pktmbuf_pkt_len(m) - sa->digest_len);
+		sym_cop->auth.digest.phys_addr = rte_pktmbuf_mtophys_offset(m,
+				rte_pktmbuf_pkt_len(m) - sa->digest_len);
+	}
 
 	return 0;
 }
@@ -308,65 +325,87 @@ esp_outbound(struct rte_mbuf *m, struct ipsec_sa *sa,
 
 	sym_cop = get_sym_cop(cop);
 	sym_cop->m_src = m;
-	switch (sa->cipher_algo) {
-	case RTE_CRYPTO_CIPHER_NULL:
-	case RTE_CRYPTO_CIPHER_AES_CBC:
-		memset(iv, 0, sa->iv_len);
-		sym_cop->cipher.data.offset = ip_hdr_len +
-			sizeof(struct esp_hdr);
-		sym_cop->cipher.data.length = pad_payload_len + sa->iv_len;
-		break;
-	case RTE_CRYPTO_CIPHER_AES_CTR:
-	case RTE_CRYPTO_CIPHER_AES_GCM:
+
+	if (sa->aead_algo == RTE_CRYPTO_AEAD_AES_GCM) {
+		uint8_t *aad;
+
 		*iv = sa->seq;
-		sym_cop->cipher.data.offset = ip_hdr_len +
+		sym_cop->aead.data.offset = ip_hdr_len +
 			sizeof(struct esp_hdr) + sa->iv_len;
-		sym_cop->cipher.data.length = pad_payload_len;
-		break;
-	default:
-		RTE_LOG(ERR, IPSEC_ESP, "unsupported cipher algorithm %u\n",
-				sa->cipher_algo);
-		return -EINVAL;
-	}
+		sym_cop->aead.data.length = pad_payload_len;
+
+		/* Fill pad_len using default sequential scheme */
+		for (i = 0; i < pad_len - 2; i++)
+			padding[i] = i + 1;
+		padding[pad_len - 2] = pad_len - 2;
+		padding[pad_len - 1] = nlp;
+
+		struct cnt_blk *icb = get_cnt_blk(m);
+		icb->salt = sa->salt;
+		icb->iv = sa->seq;
+		icb->cnt = rte_cpu_to_be_32(1);
 
-	/* Fill pad_len using default sequential scheme */
-	for (i = 0; i < pad_len - 2; i++)
-		padding[i] = i + 1;
-	padding[pad_len - 2] = pad_len - 2;
-	padding[pad_len - 1] = nlp;
-
-	struct cnt_blk *icb = get_cnt_blk(m);
-	icb->salt = sa->salt;
-	icb->iv = sa->seq;
-	icb->cnt = rte_cpu_to_be_32(1);
-
-	uint8_t *aad;
-
-	switch (sa->auth_algo) {
-	case RTE_CRYPTO_AUTH_NULL:
-	case RTE_CRYPTO_AUTH_SHA1_HMAC:
-	case RTE_CRYPTO_AUTH_SHA256_HMAC:
-		sym_cop->auth.data.offset = ip_hdr_len;
-		sym_cop->auth.data.length = sizeof(struct esp_hdr) +
-			sa->iv_len + pad_payload_len;
-		break;
-	case RTE_CRYPTO_AUTH_AES_GCM:
 		aad = get_aad(m);
 		memcpy(aad, esp, 8);
-		sym_cop->auth.aad.data = aad;
-		sym_cop->auth.aad.phys_addr = rte_pktmbuf_mtophys_offset(m,
+		sym_cop->aead.aad.data = aad;
+		sym_cop->aead.aad.phys_addr = rte_pktmbuf_mtophys_offset(m,
 				aad - rte_pktmbuf_mtod(m, uint8_t *));
-		break;
-	default:
-		RTE_LOG(ERR, IPSEC_ESP, "unsupported auth algorithm %u\n",
-				sa->auth_algo);
-		return -EINVAL;
-	}
 
-	sym_cop->auth.digest.data = rte_pktmbuf_mtod_offset(m, uint8_t *,
+		sym_cop->aead.digest.data = rte_pktmbuf_mtod_offset(m, uint8_t *,
 			rte_pktmbuf_pkt_len(m) - sa->digest_len);
-	sym_cop->auth.digest.phys_addr = rte_pktmbuf_mtophys_offset(m,
+		sym_cop->aead.digest.phys_addr = rte_pktmbuf_mtophys_offset(m,
 			rte_pktmbuf_pkt_len(m) - sa->digest_len);
+	} else {
+		switch (sa->cipher_algo) {
+		case RTE_CRYPTO_CIPHER_NULL:
+		case RTE_CRYPTO_CIPHER_AES_CBC:
+			memset(iv, 0, sa->iv_len);
+			sym_cop->cipher.data.offset = ip_hdr_len +
+				sizeof(struct esp_hdr);
+			sym_cop->cipher.data.length = pad_payload_len + sa->iv_len;
+			break;
+		case RTE_CRYPTO_CIPHER_AES_CTR:
+			*iv = sa->seq;
+			sym_cop->cipher.data.offset = ip_hdr_len +
+				sizeof(struct esp_hdr) + sa->iv_len;
+			sym_cop->cipher.data.length = pad_payload_len;
+			break;
+		default:
+			RTE_LOG(ERR, IPSEC_ESP, "unsupported cipher algorithm %u\n",
+					sa->cipher_algo);
+			return -EINVAL;
+		}
+
+		/* Fill pad_len using default sequential scheme */
+		for (i = 0; i < pad_len - 2; i++)
+			padding[i] = i + 1;
+		padding[pad_len - 2] = pad_len - 2;
+		padding[pad_len - 1] = nlp;
+
+		struct cnt_blk *icb = get_cnt_blk(m);
+		icb->salt = sa->salt;
+		icb->iv = sa->seq;
+		icb->cnt = rte_cpu_to_be_32(1);
+
+		switch (sa->auth_algo) {
+		case RTE_CRYPTO_AUTH_NULL:
+		case RTE_CRYPTO_AUTH_SHA1_HMAC:
+		case RTE_CRYPTO_AUTH_SHA256_HMAC:
+			sym_cop->auth.data.offset = ip_hdr_len;
+			sym_cop->auth.data.length = sizeof(struct esp_hdr) +
+				sa->iv_len + pad_payload_len;
+			break;
+		default:
+			RTE_LOG(ERR, IPSEC_ESP, "unsupported auth algorithm %u\n",
+					sa->auth_algo);
+			return -EINVAL;
+		}
+
+		sym_cop->auth.digest.data = rte_pktmbuf_mtod_offset(m, uint8_t *,
+				rte_pktmbuf_pkt_len(m) - sa->digest_len);
+		sym_cop->auth.digest.phys_addr = rte_pktmbuf_mtophys_offset(m,
+				rte_pktmbuf_pkt_len(m) - sa->digest_len);
+	}
 
 	return 0;
 }
diff --git a/examples/ipsec-secgw/sa.c b/examples/ipsec-secgw/sa.c
index 9d80bd3..7971f72 100644
--- a/examples/ipsec-secgw/sa.c
+++ b/examples/ipsec-secgw/sa.c
@@ -64,7 +64,6 @@ struct supported_auth_algo {
 	enum rte_crypto_auth_algorithm algo;
 	uint16_t digest_len;
 	uint16_t key_len;
-	uint8_t aad_len;
 	uint8_t key_not_req;
 };
 
@@ -95,13 +94,6 @@ const struct supported_cipher_algo cipher_algos[] = {
 		.key_len = 16
 	},
 	{
-		.keyword = "aes-128-gcm",
-		.algo = RTE_CRYPTO_CIPHER_AES_GCM,
-		.iv_len = 8,
-		.block_size = 4,
-		.key_len = 20
-	},
-	{
 		.keyword = "aes-128-ctr",
 		.algo = RTE_CRYPTO_CIPHER_AES_CTR,
 		.iv_len = 8,
@@ -129,18 +121,21 @@ const struct supported_auth_algo auth_algos[] = {
 		.algo = RTE_CRYPTO_AUTH_SHA256_HMAC,
 		.digest_len = 12,
 		.key_len = 32
-	},
+	}
+};
+
+const struct supported_aead_algo aead_algos[] = {
 	{
 		.keyword = "aes-128-gcm",
-		.algo = RTE_CRYPTO_AUTH_AES_GCM,
+		.algo = RTE_CRYPTO_AEAD_AES_GCM,
+		.iv_len = 8,
+		.block_size = 4,
+		.key_len = 20,
 		.digest_len = 16,
 		.aad_len = 8,
-		.key_not_req = 1
 	}
 };
 
-const struct supported_aead_algo aead_algos[] = { { } };
-
 struct ipsec_sa sa_out[IPSEC_SA_MAX_ENTRIES];
 uint32_t nb_sa_out;
 
@@ -349,8 +344,7 @@ parse_sa_tokens(char **tokens, uint32_t n_tokens,
 			if (algo->algo == RTE_CRYPTO_CIPHER_AES_CBC)
 				rule->salt = (uint32_t)rte_rand();
 
-			if ((algo->algo == RTE_CRYPTO_CIPHER_AES_CTR) ||
-				(algo->algo == RTE_CRYPTO_CIPHER_AES_GCM)) {
+			if (algo->algo == RTE_CRYPTO_CIPHER_AES_CTR) {
 				key_len -= 4;
 				rule->cipher_key_len = key_len;
 				memcpy(&rule->salt,
@@ -712,75 +706,110 @@ sa_add_rules(struct sa_ctx *sa_ctx, const struct ipsec_sa entries[],
 			sa->dst.ip.ip4 = rte_cpu_to_be_32(sa->dst.ip.ip4);
 		}
 
-		switch (sa->cipher_algo) {
-		case RTE_CRYPTO_CIPHER_NULL:
-		case RTE_CRYPTO_CIPHER_AES_CBC:
-			iv_length = sa->iv_len;
-			break;
-		case RTE_CRYPTO_CIPHER_AES_CTR:
-		case RTE_CRYPTO_CIPHER_AES_GCM:
+		if (sa->aead_algo == RTE_CRYPTO_AEAD_AES_GCM) {
 			iv_length = 16;
-			break;
-		default:
-			RTE_LOG(ERR, IPSEC_ESP, "unsupported cipher algorithm %u\n",
-					sa->cipher_algo);
-			return -EINVAL;
-		}
 
-		if (inbound) {
-			sa_ctx->xf[idx].b.type = RTE_CRYPTO_SYM_XFORM_CIPHER;
-			sa_ctx->xf[idx].b.cipher.algo = sa->cipher_algo;
-			sa_ctx->xf[idx].b.cipher.key.data = sa->cipher_key;
-			sa_ctx->xf[idx].b.cipher.key.length =
-				sa->cipher_key_len;
-			sa_ctx->xf[idx].b.cipher.op =
-				RTE_CRYPTO_CIPHER_OP_DECRYPT;
-			sa_ctx->xf[idx].b.cipher.iv.offset = IV_OFFSET;
-			sa_ctx->xf[idx].b.cipher.iv.length = iv_length;
-			sa_ctx->xf[idx].b.next = NULL;
+			if (inbound) {
+				sa_ctx->xf[idx].a.type = RTE_CRYPTO_SYM_XFORM_AEAD;
+				sa_ctx->xf[idx].a.aead.algo = sa->aead_algo;
+				sa_ctx->xf[idx].a.aead.key.data = sa->cipher_key;
+				sa_ctx->xf[idx].a.aead.key.length =
+					sa->cipher_key_len;
+				sa_ctx->xf[idx].a.aead.op =
+					RTE_CRYPTO_AEAD_OP_DECRYPT;
+				sa_ctx->xf[idx].a.next = NULL;
+				sa_ctx->xf[idx].a.aead.iv.offset = IV_OFFSET;
+				sa_ctx->xf[idx].a.aead.iv.length = iv_length;
+				sa_ctx->xf[idx].a.aead.add_auth_data_length =
+					sa->aad_len;
+				sa_ctx->xf[idx].a.aead.digest_length =
+					sa->digest_len;
+			} else { /* outbound */
+				sa_ctx->xf[idx].a.type = RTE_CRYPTO_SYM_XFORM_AEAD;
+				sa_ctx->xf[idx].a.aead.algo = sa->aead_algo;
+				sa_ctx->xf[idx].a.aead.key.data = sa->cipher_key;
+				sa_ctx->xf[idx].a.aead.key.length =
+					sa->cipher_key_len;
+				sa_ctx->xf[idx].a.aead.op =
+					RTE_CRYPTO_AEAD_OP_ENCRYPT;
+				sa_ctx->xf[idx].a.next = NULL;
+				sa_ctx->xf[idx].a.aead.iv.offset = IV_OFFSET;
+				sa_ctx->xf[idx].a.aead.iv.length = iv_length;
+				sa_ctx->xf[idx].a.aead.add_auth_data_length =
+					sa->aad_len;
+				sa_ctx->xf[idx].a.aead.digest_length =
+					sa->digest_len;
+			}
 
-			sa_ctx->xf[idx].a.type = RTE_CRYPTO_SYM_XFORM_AUTH;
-			sa_ctx->xf[idx].a.auth.algo = sa->auth_algo;
-			sa_ctx->xf[idx].a.auth.add_auth_data_length =
-				sa->aad_len;
-			sa_ctx->xf[idx].a.auth.key.data = sa->auth_key;
-			sa_ctx->xf[idx].a.auth.key.length =
-				sa->auth_key_len;
-			sa_ctx->xf[idx].a.auth.digest_length =
-				sa->digest_len;
-			sa_ctx->xf[idx].a.auth.op =
-				RTE_CRYPTO_AUTH_OP_VERIFY;
-
-		} else { /* outbound */
-			sa_ctx->xf[idx].a.type = RTE_CRYPTO_SYM_XFORM_CIPHER;
-			sa_ctx->xf[idx].a.cipher.algo = sa->cipher_algo;
-			sa_ctx->xf[idx].a.cipher.key.data = sa->cipher_key;
-			sa_ctx->xf[idx].a.cipher.key.length =
-				sa->cipher_key_len;
-			sa_ctx->xf[idx].a.cipher.op =
-				RTE_CRYPTO_CIPHER_OP_ENCRYPT;
-			sa_ctx->xf[idx].a.cipher.iv.offset = IV_OFFSET;
-			sa_ctx->xf[idx].a.cipher.iv.length = iv_length;
-			sa_ctx->xf[idx].a.next = NULL;
-
-			sa_ctx->xf[idx].b.type = RTE_CRYPTO_SYM_XFORM_AUTH;
-			sa_ctx->xf[idx].b.auth.algo = sa->auth_algo;
-			sa_ctx->xf[idx].b.auth.add_auth_data_length =
-				sa->aad_len;
-			sa_ctx->xf[idx].b.auth.key.data = sa->auth_key;
-			sa_ctx->xf[idx].b.auth.key.length =
-				sa->auth_key_len;
-			sa_ctx->xf[idx].b.auth.digest_length =
-				sa->digest_len;
-			sa_ctx->xf[idx].b.auth.op =
-				RTE_CRYPTO_AUTH_OP_GENERATE;
-		}
+			sa->xforms = &sa_ctx->xf[idx].a;
 
-		sa_ctx->xf[idx].a.next = &sa_ctx->xf[idx].b;
-		sa_ctx->xf[idx].b.next = NULL;
-		sa->xforms = &sa_ctx->xf[idx].a;
+			print_one_sa_rule(sa, inbound);
+		} else {
+			switch (sa->cipher_algo) {
+			case RTE_CRYPTO_CIPHER_NULL:
+			case RTE_CRYPTO_CIPHER_AES_CBC:
+				iv_length = sa->iv_len;
+				break;
+			case RTE_CRYPTO_CIPHER_AES_CTR:
+				iv_length = 16;
+				break;
+			default:
+				RTE_LOG(ERR, IPSEC_ESP,
+						"unsupported cipher algorithm %u\n",
+						sa->cipher_algo);
+				return -EINVAL;
+			}
+
+			if (inbound) {
+				sa_ctx->xf[idx].b.type = RTE_CRYPTO_SYM_XFORM_CIPHER;
+				sa_ctx->xf[idx].b.cipher.algo = sa->cipher_algo;
+				sa_ctx->xf[idx].b.cipher.key.data = sa->cipher_key;
+				sa_ctx->xf[idx].b.cipher.key.length =
+					sa->cipher_key_len;
+				sa_ctx->xf[idx].b.cipher.op =
+					RTE_CRYPTO_CIPHER_OP_DECRYPT;
+				sa_ctx->xf[idx].b.next = NULL;
+				sa_ctx->xf[idx].b.cipher.iv.offset = IV_OFFSET;
+				sa_ctx->xf[idx].b.cipher.iv.length = iv_length;
+
+				sa_ctx->xf[idx].a.type = RTE_CRYPTO_SYM_XFORM_AUTH;
+				sa_ctx->xf[idx].a.auth.algo = sa->auth_algo;
+				sa_ctx->xf[idx].a.auth.key.data = sa->auth_key;
+				sa_ctx->xf[idx].a.auth.key.length =
+					sa->auth_key_len;
+				sa_ctx->xf[idx].a.auth.digest_length =
+					sa->digest_len;
+				sa_ctx->xf[idx].a.auth.op =
+					RTE_CRYPTO_AUTH_OP_VERIFY;
+			} else { /* outbound */
+				sa_ctx->xf[idx].a.type = RTE_CRYPTO_SYM_XFORM_CIPHER;
+				sa_ctx->xf[idx].a.cipher.algo = sa->cipher_algo;
+				sa_ctx->xf[idx].a.cipher.key.data = sa->cipher_key;
+				sa_ctx->xf[idx].a.cipher.key.length =
+					sa->cipher_key_len;
+				sa_ctx->xf[idx].a.cipher.op =
+					RTE_CRYPTO_CIPHER_OP_ENCRYPT;
+				sa_ctx->xf[idx].a.next = NULL;
+				sa_ctx->xf[idx].a.cipher.iv.offset = IV_OFFSET;
+				sa_ctx->xf[idx].a.cipher.iv.length = iv_length;
+
+				sa_ctx->xf[idx].b.type = RTE_CRYPTO_SYM_XFORM_AUTH;
+				sa_ctx->xf[idx].b.auth.algo = sa->auth_algo;
+				sa_ctx->xf[idx].b.auth.key.data = sa->auth_key;
+				sa_ctx->xf[idx].b.auth.key.length =
+					sa->auth_key_len;
+				sa_ctx->xf[idx].b.auth.digest_length =
+					sa->digest_len;
+				sa_ctx->xf[idx].b.auth.op =
+					RTE_CRYPTO_AUTH_OP_GENERATE;
+			}
 
-		print_one_sa_rule(sa, inbound);
+			sa_ctx->xf[idx].a.next = &sa_ctx->xf[idx].b;
+			sa_ctx->xf[idx].b.next = NULL;
+			sa->xforms = &sa_ctx->xf[idx].a;
+
+			print_one_sa_rule(sa, inbound);
+		}
 	}
 
 	return 0;
diff --git a/examples/l2fwd-crypto/main.c b/examples/l2fwd-crypto/main.c
index 914f8ed..f28e62a 100644
--- a/examples/l2fwd-crypto/main.c
+++ b/examples/l2fwd-crypto/main.c
@@ -1428,6 +1428,9 @@ l2fwd_crypto_default_options(struct l2fwd_crypto_options *options)
 	options->aead_iv_random_size = -1;
 	options->aead_iv.length = 0;
 
+	options->auth_xform.aead.algo = RTE_CRYPTO_AEAD_AES_GCM;
+	options->auth_xform.aead.op = RTE_CRYPTO_AEAD_OP_ENCRYPT;
+
 	options->aad_param = 0;
 	options->aad_random_size = -1;
 	options->aad.length = 0;
diff --git a/lib/librte_cryptodev/rte_crypto_sym.h b/lib/librte_cryptodev/rte_crypto_sym.h
index f03d2fd..dab042b 100644
--- a/lib/librte_cryptodev/rte_crypto_sym.h
+++ b/lib/librte_cryptodev/rte_crypto_sym.h
@@ -68,27 +68,12 @@ enum rte_crypto_cipher_algorithm {
 
 	RTE_CRYPTO_CIPHER_AES_CBC,
 	/**< AES algorithm in CBC mode */
-	RTE_CRYPTO_CIPHER_AES_CCM,
-	/**< AES algorithm in CCM mode. When this cipher algorithm is used the
-	 * *RTE_CRYPTO_AUTH_AES_CCM* element of the
-	 * *rte_crypto_hash_algorithm* enum MUST be used to set up the related
-	 * *rte_crypto_auth_xform* structure in the session context or in
-	 * the op_params of the crypto operation structure in the case of a
-	 * session-less crypto operation
-	 */
 	RTE_CRYPTO_CIPHER_AES_CTR,
 	/**< AES algorithm in Counter mode */
 	RTE_CRYPTO_CIPHER_AES_ECB,
 	/**< AES algorithm in ECB mode */
 	RTE_CRYPTO_CIPHER_AES_F8,
 	/**< AES algorithm in F8 mode */
-	RTE_CRYPTO_CIPHER_AES_GCM,
-	/**< AES algorithm in GCM mode. When this cipher algorithm is used the
-	 * *RTE_CRYPTO_AUTH_AES_GCM* element of the *rte_crypto_auth_algorithm*
-	 * enum MUST be used to set up the related *rte_crypto_auth_setup_data*
-	 * structure in the session context or in the op_params of the crypto
-	 * operation structure in the case of a session-less crypto operation.
-	 */
 	RTE_CRYPTO_CIPHER_AES_XTS,
 	/**< AES algorithm in XTS mode */
 
@@ -247,25 +232,8 @@ enum rte_crypto_auth_algorithm {
 
 	RTE_CRYPTO_AUTH_AES_CBC_MAC,
 	/**< AES-CBC-MAC algorithm. Only 128-bit keys are supported. */
-	RTE_CRYPTO_AUTH_AES_CCM,
-	/**< AES algorithm in CCM mode. This is an authenticated cipher. When
-	 * this hash algorithm is used, the *RTE_CRYPTO_CIPHER_AES_CCM*
-	 * element of the *rte_crypto_cipher_algorithm* enum MUST be used to
-	 * set up the related rte_crypto_cipher_setup_data structure in the
-	 * session context or the corresponding parameter in the crypto
-	 * operation data structures op_params parameter MUST be set for a
-	 * session-less crypto operation.
-	 */
 	RTE_CRYPTO_AUTH_AES_CMAC,
 	/**< AES CMAC algorithm. */
-	RTE_CRYPTO_AUTH_AES_GCM,
-	/**< AES algorithm in GCM mode. When this hash algorithm
-	 * is used, the RTE_CRYPTO_CIPHER_AES_GCM element of the
-	 * rte_crypto_cipher_algorithm enum MUST be used to set up the related
-	 * rte_crypto_cipher_setup_data structure in the session context, or
-	 * the corresponding parameter in the crypto operation data structures
-	 * op_params parameter MUST be set for a session-less crypto operation.
-	 */
 	RTE_CRYPTO_AUTH_AES_GMAC,
 	/**< AES GMAC algorithm. */
 	RTE_CRYPTO_AUTH_AES_XCBC_MAC,
@@ -363,20 +331,6 @@ struct rte_crypto_auth_xform {
 	 * The maximum permitted value is 65535 (2^16 - 1) bytes, unless
 	 * otherwise specified below.
 	 *
-	 * This field must be specified when the hash algorithm is one of the
-	 * following:
-	 *
-	 * - For GCM (@ref RTE_CRYPTO_AUTH_AES_GCM).  In this case, this is
-	 *   the length of the Additional Authenticated Data (called A, in NIST
-	 *   SP800-38D).
-	 *
-	 * - For CCM (@ref RTE_CRYPTO_AUTH_AES_CCM).  In this case, this is
-	 *   the length of the associated data (called A, in NIST SP800-38C).
-	 *   Note that this does NOT include the length of any padding, or the
-	 *   18 bytes reserved at the start of the above field to store the
-	 *   block B0 and the encoded length.  The maximum permitted value in
-	 *   this case is 222 bytes.
-	 *
 	 */
 
 	struct {
@@ -658,15 +612,6 @@ struct rte_crypto_sym_op {
 					  * also the same as the result length.
 					  *
 					  * @note
-					  * In the case of CCM
-					  * @ref RTE_CRYPTO_AUTH_AES_CCM, this value
-					  * should not include the length of the padding
-					  * or the length of the MAC; the driver will
-					  * compute the actual number of bytes over
-					  * which the encryption will occur, which will
-					  * include these values.
-					  *
-					  * @note
 					  * For SNOW 3G @ RTE_CRYPTO_AUTH_SNOW3G_UEA2,
 					  * KASUMI @ RTE_CRYPTO_CIPHER_KASUMI_F8
 					  * and ZUC @ RTE_CRYPTO_CIPHER_ZUC_EEA3,
@@ -683,12 +628,6 @@ struct rte_crypto_sym_op {
 					  * packet in source buffer.
 					  *
 					  * @note
-					  * For CCM and GCM modes of operation,
-					  * this field is ignored.
-					  * The field @ref aad field should be set
-					  * instead.
-					  *
-					  * @note
 					  * For SNOW 3G @ RTE_CRYPTO_AUTH_SNOW3G_UIA2,
 					  * KASUMI @ RTE_CRYPTO_AUTH_KASUMI_F9
 					  * and ZUC @ RTE_CRYPTO_AUTH_ZUC_EIA3,
@@ -699,11 +638,6 @@ struct rte_crypto_sym_op {
 					  * buffer that the hash will be computed on.
 					  *
 					  * @note
-					  * For CCM and GCM modes of operation,
-					  * this field is ignored. The field @ref aad
-					  * field should be set instead.
-					  *
-					  * @note
 					  * For SNOW 3G @ RTE_CRYPTO_AUTH_SNOW3G_UIA2,
 					  * KASUMI @ RTE_CRYPTO_AUTH_KASUMI_F9
 					  * and ZUC @ RTE_CRYPTO_AUTH_ZUC_EIA3,
@@ -732,9 +666,6 @@ struct rte_crypto_sym_op {
 					 * For digest generation, the digest result
 					 * will overwrite any data at this location.
 					 *
-					 * @note
-					 * For GCM (@ref RTE_CRYPTO_AUTH_AES_GCM), for
-					 * "digest result" read "authentication tag T".
 					 */
 					phys_addr_t phys_addr;
 					/**< Physical address of digest */
@@ -754,37 +685,6 @@ struct rte_crypto_sym_op {
 					 * This length must not exceed 65535 (2^16-1)
 					 * bytes.
 					 *
-					 * Specifically for CCM
-					 * (@ref RTE_CRYPTO_AUTH_AES_CCM),
-					 * the caller should setup this field as follows:
-					 *
-					 * - the nonce should be written starting at
-					 * an offset of one byte into the array,
-					 * leaving room for the implementation to
-					 * write in the flags to the first byte.
-					 *
-					 * - the additional authentication data
-					 * itself should be written starting at
-					 * an offset of 18 bytes into the array,
-					 * leaving room for the length encoding in
-					 * the first two bytes of the second block.
-					 *
-					 * - the array should be big enough to hold
-					 * the above fields, plus any padding to
-					 * round this up to the nearest multiple of
-					 * the block size (16 bytes).
-					 * Padding will be added by the implementation.
-					 *
-					 * Finally, for GCM
-					 * (@ref RTE_CRYPTO_AUTH_AES_GCM), the
-					 * caller should setup this field as follows:
-					 *
-					 * - the AAD is written in starting at byte 0
-					 * - the array must be big enough to hold
-					 * the AAD, plus any space to round this up to
-					 * the nearest multiple of the block size
-					 * (16 bytes).
-					 *
 					 */
 					phys_addr_t phys_addr;	/**< physical address */
 				} aad;
diff --git a/lib/librte_cryptodev/rte_cryptodev.c b/lib/librte_cryptodev/rte_cryptodev.c
index 60dc5e5..497f9ce 100644
--- a/lib/librte_cryptodev/rte_cryptodev.c
+++ b/lib/librte_cryptodev/rte_cryptodev.c
@@ -111,11 +111,9 @@ rte_crypto_cipher_algorithm_strings[] = {
 	[RTE_CRYPTO_CIPHER_3DES_CTR]	= "3des-ctr",
 
 	[RTE_CRYPTO_CIPHER_AES_CBC]	= "aes-cbc",
-	[RTE_CRYPTO_CIPHER_AES_CCM]	= "aes-ccm",
 	[RTE_CRYPTO_CIPHER_AES_CTR]	= "aes-ctr",
 	[RTE_CRYPTO_CIPHER_AES_DOCSISBPI]	= "aes-docsisbpi",
 	[RTE_CRYPTO_CIPHER_AES_ECB]	= "aes-ecb",
-	[RTE_CRYPTO_CIPHER_AES_GCM]	= "aes-gcm",
 	[RTE_CRYPTO_CIPHER_AES_F8]	= "aes-f8",
 	[RTE_CRYPTO_CIPHER_AES_XTS]	= "aes-xts",
 
@@ -148,9 +146,7 @@ rte_crypto_cipher_operation_strings[] = {
 const char *
 rte_crypto_auth_algorithm_strings[] = {
 	[RTE_CRYPTO_AUTH_AES_CBC_MAC]	= "aes-cbc-mac",
-	[RTE_CRYPTO_AUTH_AES_CCM]	= "aes-ccm",
 	[RTE_CRYPTO_AUTH_AES_CMAC]	= "aes-cmac",
-	[RTE_CRYPTO_AUTH_AES_GCM]	= "aes-gcm",
 	[RTE_CRYPTO_AUTH_AES_GMAC]	= "aes-gmac",
 	[RTE_CRYPTO_AUTH_AES_XCBC_MAC]	= "aes-xcbc-mac",
 
diff --git a/test/test/test_cryptodev.c b/test/test/test_cryptodev.c
index 00c32a4..21c6270 100644
--- a/test/test/test_cryptodev.c
+++ b/test/test/test_cryptodev.c
@@ -76,6 +76,7 @@ struct crypto_testsuite_params {
 struct crypto_unittest_params {
 	struct rte_crypto_sym_xform cipher_xform;
 	struct rte_crypto_sym_xform auth_xform;
+	struct rte_crypto_sym_xform aead_xform;
 
 	struct rte_cryptodev_sym_session *sess;
 
@@ -4629,54 +4630,34 @@ test_3DES_cipheronly_openssl_all(void)
 /* ***** AES-GCM Tests ***** */
 
 static int
-create_gcm_session(uint8_t dev_id, enum rte_crypto_cipher_operation op,
+create_gcm_session(uint8_t dev_id, enum rte_crypto_aead_operation op,
 		const uint8_t *key, const uint8_t key_len,
 		const uint16_t aad_len, const uint8_t auth_len,
-		uint8_t iv_len,
-		enum rte_crypto_auth_operation auth_op)
+		uint8_t iv_len)
 {
-	uint8_t cipher_key[key_len];
+	uint8_t aead_key[key_len];
 
 	struct crypto_unittest_params *ut_params = &unittest_params;
 
-	memcpy(cipher_key, key, key_len);
+	memcpy(aead_key, key, key_len);
 
-	/* Setup Cipher Parameters */
-	ut_params->cipher_xform.type = RTE_CRYPTO_SYM_XFORM_CIPHER;
-	ut_params->cipher_xform.next = NULL;
-
-	ut_params->cipher_xform.cipher.algo = RTE_CRYPTO_CIPHER_AES_GCM;
-	ut_params->auth_xform.auth.op = auth_op;
-	ut_params->cipher_xform.cipher.op = op;
-	ut_params->cipher_xform.cipher.key.data = cipher_key;
-	ut_params->cipher_xform.cipher.key.length = key_len;
-	ut_params->cipher_xform.cipher.iv.offset = IV_OFFSET;
-	ut_params->cipher_xform.cipher.iv.length = iv_len;
+	/* Setup AEAD Parameters */
+	ut_params->aead_xform.type = RTE_CRYPTO_SYM_XFORM_AEAD;
+	ut_params->aead_xform.next = NULL;
+	ut_params->aead_xform.aead.algo = RTE_CRYPTO_AEAD_AES_GCM;
+	ut_params->aead_xform.aead.op = op;
+	ut_params->aead_xform.aead.key.data = aead_key;
+	ut_params->aead_xform.aead.key.length = key_len;
+	ut_params->aead_xform.aead.iv.offset = IV_OFFSET;
+	ut_params->aead_xform.aead.iv.length = iv_len;
+	ut_params->aead_xform.aead.digest_length = auth_len;
+	ut_params->aead_xform.aead.add_auth_data_length = aad_len;
 
 	TEST_HEXDUMP(stdout, "key:", key, key_len);
 
-	/* Setup Authentication Parameters */
-	ut_params->auth_xform.type = RTE_CRYPTO_SYM_XFORM_AUTH;
-	ut_params->auth_xform.next = NULL;
-
-	ut_params->auth_xform.auth.algo = RTE_CRYPTO_AUTH_AES_GCM;
-
-	ut_params->auth_xform.auth.digest_length = auth_len;
-	ut_params->auth_xform.auth.add_auth_data_length = aad_len;
-	ut_params->auth_xform.auth.key.length = 0;
-	ut_params->auth_xform.auth.key.data = NULL;
-
-	if (op == RTE_CRYPTO_CIPHER_OP_ENCRYPT) {
-		ut_params->cipher_xform.next = &ut_params->auth_xform;
-
-		/* Create Crypto session*/
-		ut_params->sess = rte_cryptodev_sym_session_create(dev_id,
-				&ut_params->cipher_xform);
-	} else {/* Create Crypto session*/
-		ut_params->auth_xform.next = &ut_params->cipher_xform;
-		ut_params->sess = rte_cryptodev_sym_session_create(dev_id,
-				&ut_params->auth_xform);
-	}
+	/* Create Crypto session*/
+	ut_params->sess = rte_cryptodev_sym_session_create(dev_id,
+			&ut_params->aead_xform);
 
 	TEST_ASSERT_NOT_NULL(ut_params->sess, "Session creation failed");
 
@@ -4685,43 +4666,35 @@ create_gcm_session(uint8_t dev_id, enum rte_crypto_cipher_operation op,
 
 static int
 create_gcm_xforms(struct rte_crypto_op *op,
-		enum rte_crypto_cipher_operation cipher_op,
+		enum rte_crypto_aead_operation aead_op,
 		uint8_t *key, const uint8_t key_len,
 		const uint8_t aad_len, const uint8_t auth_len,
-		uint8_t iv_len,
-		enum rte_crypto_auth_operation auth_op)
+		uint8_t iv_len)
 {
-	TEST_ASSERT_NOT_NULL(rte_crypto_op_sym_xforms_alloc(op, 2),
-			"failed to allocate space for crypto transforms");
+	TEST_ASSERT_NOT_NULL(rte_crypto_op_sym_xforms_alloc(op, 1),
+			"failed to allocate space for crypto transform");
 
 	struct rte_crypto_sym_op *sym_op = op->sym;
 
-	/* Setup Cipher Parameters */
-	sym_op->xform->type = RTE_CRYPTO_SYM_XFORM_CIPHER;
-	sym_op->xform->cipher.algo = RTE_CRYPTO_CIPHER_AES_GCM;
-	sym_op->xform->cipher.op = cipher_op;
-	sym_op->xform->cipher.key.data = key;
-	sym_op->xform->cipher.key.length = key_len;
-	sym_op->xform->cipher.iv.offset = IV_OFFSET;
-	sym_op->xform->cipher.iv.length = iv_len;
+	/* Setup AEAD Parameters */
+	sym_op->xform->type = RTE_CRYPTO_SYM_XFORM_AEAD;
+	sym_op->xform->next = NULL;
+	sym_op->xform->aead.algo = RTE_CRYPTO_AEAD_AES_GCM;
+	sym_op->xform->aead.op = aead_op;
+	sym_op->xform->aead.key.data = key;
+	sym_op->xform->aead.key.length = key_len;
+	sym_op->xform->aead.iv.offset = IV_OFFSET;
+	sym_op->xform->aead.iv.length = iv_len;
+	sym_op->xform->aead.digest_length = auth_len;
+	sym_op->xform->aead.add_auth_data_length = aad_len;
 
 	TEST_HEXDUMP(stdout, "key:", key, key_len);
 
-	/* Setup Authentication Parameters */
-	sym_op->xform->next->type = RTE_CRYPTO_SYM_XFORM_AUTH;
-	sym_op->xform->next->auth.algo = RTE_CRYPTO_AUTH_AES_GCM;
-	sym_op->xform->next->auth.op = auth_op;
-	sym_op->xform->next->auth.digest_length = auth_len;
-	sym_op->xform->next->auth.add_auth_data_length = aad_len;
-	sym_op->xform->next->auth.key.length = 0;
-	sym_op->xform->next->auth.key.data = NULL;
-	sym_op->xform->next->next = NULL;
-
 	return 0;
 }
 
 static int
-create_gcm_operation(enum rte_crypto_cipher_operation op,
+create_gcm_operation(enum rte_crypto_aead_operation op,
 		const struct gcm_test_data *tdata)
 {
 	struct crypto_testsuite_params *ts_params = &testsuite_params;
@@ -4740,15 +4713,15 @@ create_gcm_operation(enum rte_crypto_cipher_operation op,
 
 	/* Append aad data */
 	aad_pad_len = RTE_ALIGN_CEIL(tdata->aad.len, 16);
-	sym_op->auth.aad.data = (uint8_t *)rte_pktmbuf_append(ut_params->ibuf,
+	sym_op->aead.aad.data = (uint8_t *)rte_pktmbuf_append(ut_params->ibuf,
 			aad_pad_len);
-	TEST_ASSERT_NOT_NULL(sym_op->auth.aad.data,
+	TEST_ASSERT_NOT_NULL(sym_op->aead.aad.data,
 			"no room to append aad");
 
-	sym_op->auth.aad.phys_addr =
+	sym_op->aead.aad.phys_addr =
 			rte_pktmbuf_mtophys(ut_params->ibuf);
-	memcpy(sym_op->auth.aad.data, tdata->aad.data, tdata->aad.len);
-	TEST_HEXDUMP(stdout, "aad:", sym_op->auth.aad.data,
+	memcpy(sym_op->aead.aad.data, tdata->aad.data, tdata->aad.len);
+	TEST_HEXDUMP(stdout, "aad:", sym_op->aead.aad.data,
 		tdata->aad.len);
 
 	/* Append IV at the end of the crypto operation*/
@@ -4760,7 +4733,7 @@ create_gcm_operation(enum rte_crypto_cipher_operation op,
 		tdata->iv.len);
 
 	/* Append plaintext/ciphertext */
-	if (op == RTE_CRYPTO_CIPHER_OP_ENCRYPT) {
+	if (op == RTE_CRYPTO_AEAD_OP_ENCRYPT) {
 		plaintext_pad_len = RTE_ALIGN_CEIL(tdata->plaintext.len, 16);
 		plaintext = (uint8_t *)rte_pktmbuf_append(ut_params->ibuf,
 				plaintext_pad_len);
@@ -4805,40 +4778,37 @@ create_gcm_operation(enum rte_crypto_cipher_operation op,
 	}
 
 	/* Append digest data */
-	if (op == RTE_CRYPTO_CIPHER_OP_ENCRYPT) {
-		sym_op->auth.digest.data = (uint8_t *)rte_pktmbuf_append(
+	if (op == RTE_CRYPTO_AEAD_OP_ENCRYPT) {
+		sym_op->aead.digest.data = (uint8_t *)rte_pktmbuf_append(
 				ut_params->obuf ? ut_params->obuf :
 						ut_params->ibuf,
 						tdata->auth_tag.len);
-		TEST_ASSERT_NOT_NULL(sym_op->auth.digest.data,
+		TEST_ASSERT_NOT_NULL(sym_op->aead.digest.data,
 				"no room to append digest");
-		memset(sym_op->auth.digest.data, 0, tdata->auth_tag.len);
-		sym_op->auth.digest.phys_addr = rte_pktmbuf_mtophys_offset(
+		memset(sym_op->aead.digest.data, 0, tdata->auth_tag.len);
+		sym_op->aead.digest.phys_addr = rte_pktmbuf_mtophys_offset(
 				ut_params->obuf ? ut_params->obuf :
 						ut_params->ibuf,
 						plaintext_pad_len +
 						aad_pad_len);
 	} else {
-		sym_op->auth.digest.data = (uint8_t *)rte_pktmbuf_append(
+		sym_op->aead.digest.data = (uint8_t *)rte_pktmbuf_append(
 				ut_params->ibuf, tdata->auth_tag.len);
-		TEST_ASSERT_NOT_NULL(sym_op->auth.digest.data,
+		TEST_ASSERT_NOT_NULL(sym_op->aead.digest.data,
 				"no room to append digest");
-		sym_op->auth.digest.phys_addr = rte_pktmbuf_mtophys_offset(
+		sym_op->aead.digest.phys_addr = rte_pktmbuf_mtophys_offset(
 				ut_params->ibuf,
 				plaintext_pad_len + aad_pad_len);
 
-		rte_memcpy(sym_op->auth.digest.data, tdata->auth_tag.data,
+		rte_memcpy(sym_op->aead.digest.data, tdata->auth_tag.data,
 			tdata->auth_tag.len);
 		TEST_HEXDUMP(stdout, "digest:",
-			sym_op->auth.digest.data,
+			sym_op->aead.digest.data,
 			tdata->auth_tag.len);
 	}
 
-	sym_op->cipher.data.length = tdata->plaintext.len;
-	sym_op->cipher.data.offset = aad_pad_len;
-
-	sym_op->auth.data.length = tdata->plaintext.len;
-	sym_op->auth.data.offset = aad_pad_len;
+	sym_op->aead.data.length = tdata->plaintext.len;
+	sym_op->aead.data.offset = aad_pad_len;
 
 	return 0;
 }
@@ -4856,11 +4826,10 @@ test_mb_AES_GCM_authenticated_encryption(const struct gcm_test_data *tdata)
 
 	/* Create GCM session */
 	retval = create_gcm_session(ts_params->valid_devs[0],
-			RTE_CRYPTO_CIPHER_OP_ENCRYPT,
+			RTE_CRYPTO_AEAD_OP_ENCRYPT,
 			tdata->key.data, tdata->key.len,
 			tdata->aad.len, tdata->auth_tag.len,
-			tdata->iv.len,
-			RTE_CRYPTO_AUTH_OP_GENERATE);
+			tdata->iv.len);
 	if (retval < 0)
 		return retval;
 
@@ -4877,7 +4846,7 @@ test_mb_AES_GCM_authenticated_encryption(const struct gcm_test_data *tdata)
 			rte_pktmbuf_tailroom(ut_params->ibuf));
 
 	/* Create GCM operation */
-	retval = create_gcm_operation(RTE_CRYPTO_CIPHER_OP_ENCRYPT, tdata);
+	retval = create_gcm_operation(RTE_CRYPTO_AEAD_OP_ENCRYPT, tdata);
 	if (retval < 0)
 		return retval;
 
@@ -5034,11 +5003,10 @@ test_mb_AES_GCM_authenticated_decryption(const struct gcm_test_data *tdata)
 
 	/* Create GCM session */
 	retval = create_gcm_session(ts_params->valid_devs[0],
-			RTE_CRYPTO_CIPHER_OP_DECRYPT,
+			RTE_CRYPTO_AEAD_OP_DECRYPT,
 			tdata->key.data, tdata->key.len,
 			tdata->aad.len, tdata->auth_tag.len,
-			tdata->iv.len,
-			RTE_CRYPTO_AUTH_OP_VERIFY);
+			tdata->iv.len);
 	if (retval < 0)
 		return retval;
 
@@ -5055,7 +5023,7 @@ test_mb_AES_GCM_authenticated_decryption(const struct gcm_test_data *tdata)
 			rte_pktmbuf_tailroom(ut_params->ibuf));
 
 	/* Create GCM operation */
-	retval = create_gcm_operation(RTE_CRYPTO_CIPHER_OP_DECRYPT, tdata);
+	retval = create_gcm_operation(RTE_CRYPTO_AEAD_OP_DECRYPT, tdata);
 	if (retval < 0)
 		return retval;
 
@@ -5201,11 +5169,10 @@ test_AES_GCM_authenticated_encryption_oop(const struct gcm_test_data *tdata)
 
 	/* Create GCM session */
 	retval = create_gcm_session(ts_params->valid_devs[0],
-			RTE_CRYPTO_CIPHER_OP_ENCRYPT,
+			RTE_CRYPTO_AEAD_OP_ENCRYPT,
 			tdata->key.data, tdata->key.len,
 			tdata->aad.len, tdata->auth_tag.len,
-			tdata->iv.len,
-			RTE_CRYPTO_AUTH_OP_GENERATE);
+			tdata->iv.len);
 	if (retval < 0)
 		return retval;
 
@@ -5219,7 +5186,7 @@ test_AES_GCM_authenticated_encryption_oop(const struct gcm_test_data *tdata)
 			rte_pktmbuf_tailroom(ut_params->obuf));
 
 	/* Create GCM operation */
-	retval = create_gcm_operation(RTE_CRYPTO_CIPHER_OP_ENCRYPT, tdata);
+	retval = create_gcm_operation(RTE_CRYPTO_AEAD_OP_ENCRYPT, tdata);
 	if (retval < 0)
 		return retval;
 
@@ -5278,11 +5245,10 @@ test_AES_GCM_authenticated_decryption_oop(const struct gcm_test_data *tdata)
 
 	/* Create GCM session */
 	retval = create_gcm_session(ts_params->valid_devs[0],
-			RTE_CRYPTO_CIPHER_OP_DECRYPT,
+			RTE_CRYPTO_AEAD_OP_DECRYPT,
 			tdata->key.data, tdata->key.len,
 			tdata->aad.len, tdata->auth_tag.len,
-			tdata->iv.len,
-			RTE_CRYPTO_AUTH_OP_VERIFY);
+			tdata->iv.len);
 	if (retval < 0)
 		return retval;
 
@@ -5296,7 +5262,7 @@ test_AES_GCM_authenticated_decryption_oop(const struct gcm_test_data *tdata)
 			rte_pktmbuf_tailroom(ut_params->obuf));
 
 	/* Create GCM operation */
-	retval = create_gcm_operation(RTE_CRYPTO_CIPHER_OP_DECRYPT, tdata);
+	retval = create_gcm_operation(RTE_CRYPTO_AEAD_OP_DECRYPT, tdata);
 	if (retval < 0)
 		return retval;
 
@@ -5355,18 +5321,17 @@ test_AES_GCM_authenticated_encryption_sessionless(
 			rte_pktmbuf_tailroom(ut_params->ibuf));
 
 	/* Create GCM operation */
-	retval = create_gcm_operation(RTE_CRYPTO_CIPHER_OP_ENCRYPT, tdata);
+	retval = create_gcm_operation(RTE_CRYPTO_AEAD_OP_ENCRYPT, tdata);
 	if (retval < 0)
 		return retval;
 
 	/* Create GCM xforms */
 	memcpy(key, tdata->key.data, tdata->key.len);
 	retval = create_gcm_xforms(ut_params->op,
-			RTE_CRYPTO_CIPHER_OP_ENCRYPT,
+			RTE_CRYPTO_AEAD_OP_ENCRYPT,
 			key, tdata->key.len,
 			tdata->aad.len, tdata->auth_tag.len,
-			tdata->iv.len,
-			RTE_CRYPTO_AUTH_OP_GENERATE);
+			tdata->iv.len);
 	if (retval < 0)
 		return retval;
 
@@ -5436,18 +5401,17 @@ test_AES_GCM_authenticated_decryption_sessionless(
 			rte_pktmbuf_tailroom(ut_params->ibuf));
 
 	/* Create GCM operation */
-	retval = create_gcm_operation(RTE_CRYPTO_CIPHER_OP_DECRYPT, tdata);
+	retval = create_gcm_operation(RTE_CRYPTO_AEAD_OP_DECRYPT, tdata);
 	if (retval < 0)
 		return retval;
 
 	/* Create GCM xforms */
 	memcpy(key, tdata->key.data, tdata->key.len);
 	retval = create_gcm_xforms(ut_params->op,
-			RTE_CRYPTO_CIPHER_OP_DECRYPT,
+			RTE_CRYPTO_AEAD_OP_DECRYPT,
 			key, tdata->key.len,
 			tdata->aad.len, tdata->auth_tag.len,
-			tdata->iv.len,
-			RTE_CRYPTO_AUTH_OP_VERIFY);
+			tdata->iv.len);
 	if (retval < 0)
 		return retval;
 
@@ -7137,7 +7101,7 @@ test_authenticated_decryption_fail_when_corruption(
 }
 
 static int
-create_gcm_operation_SGL(enum rte_crypto_cipher_operation op,
+create_gcm_operation_SGL(enum rte_crypto_aead_operation op,
 		const struct gcm_test_data *tdata,
 		void *digest_mem, uint64_t digest_phys)
 {
@@ -7156,18 +7120,18 @@ create_gcm_operation_SGL(enum rte_crypto_cipher_operation op,
 
 	struct rte_crypto_sym_op *sym_op = ut_params->op->sym;
 
-	sym_op->auth.digest.data = digest_mem;
+	sym_op->aead.digest.data = digest_mem;
 
-	TEST_ASSERT_NOT_NULL(sym_op->auth.digest.data,
+	TEST_ASSERT_NOT_NULL(sym_op->aead.digest.data,
 			"no room to append digest");
 
-	sym_op->auth.digest.phys_addr = digest_phys;
+	sym_op->aead.digest.phys_addr = digest_phys;
 
-	if (op == RTE_CRYPTO_CIPHER_OP_DECRYPT) {
-		rte_memcpy(sym_op->auth.digest.data, tdata->auth_tag.data,
+	if (op == RTE_CRYPTO_AEAD_OP_DECRYPT) {
+		rte_memcpy(sym_op->aead.digest.data, tdata->auth_tag.data,
 				auth_tag_len);
 		TEST_HEXDUMP(stdout, "digest:",
-				sym_op->auth.digest.data,
+				sym_op->aead.digest.data,
 				auth_tag_len);
 	}
 
@@ -7176,25 +7140,22 @@ create_gcm_operation_SGL(enum rte_crypto_cipher_operation op,
 
 	rte_memcpy(iv_ptr, tdata->iv.data, iv_len);
 
-	sym_op->auth.aad.data = (uint8_t *)rte_pktmbuf_prepend(
+	sym_op->aead.aad.data = (uint8_t *)rte_pktmbuf_prepend(
 			ut_params->ibuf, aad_len);
-	TEST_ASSERT_NOT_NULL(sym_op->auth.aad.data,
+	TEST_ASSERT_NOT_NULL(sym_op->aead.aad.data,
 			"no room to prepend aad");
-	sym_op->auth.aad.phys_addr = rte_pktmbuf_mtophys(
+	sym_op->aead.aad.phys_addr = rte_pktmbuf_mtophys(
 			ut_params->ibuf);
 
-	memset(sym_op->auth.aad.data, 0, aad_len);
-	rte_memcpy(sym_op->auth.aad.data, tdata->aad.data, aad_len);
+	memset(sym_op->aead.aad.data, 0, aad_len);
+	rte_memcpy(sym_op->aead.aad.data, tdata->aad.data, aad_len);
 
 	TEST_HEXDUMP(stdout, "iv:", iv_ptr, iv_len);
 	TEST_HEXDUMP(stdout, "aad:",
-			sym_op->auth.aad.data, aad_len);
+			sym_op->aead.aad.data, aad_len);
 
-	sym_op->cipher.data.length = tdata->plaintext.len;
-	sym_op->cipher.data.offset = aad_len;
-
-	sym_op->auth.data.offset = aad_len;
-	sym_op->auth.data.length = tdata->plaintext.len;
+	sym_op->aead.data.length = tdata->plaintext.len;
+	sym_op->aead.data.offset = aad_len;
 
 	return 0;
 }
@@ -7249,11 +7210,10 @@ test_AES_GCM_authenticated_encryption_SGL(const struct gcm_test_data *tdata,
 
 	/* Create GCM session */
 	retval = create_gcm_session(ts_params->valid_devs[0],
-			RTE_CRYPTO_CIPHER_OP_ENCRYPT,
+			RTE_CRYPTO_AEAD_OP_ENCRYPT,
 			tdata->key.data, tdata->key.len,
 			tdata->aad.len, tdata->auth_tag.len,
-			tdata->iv.len,
-			RTE_CRYPTO_AUTH_OP_GENERATE);
+			tdata->iv.len);
 	if (retval < 0)
 		return retval;
 
@@ -7379,7 +7339,7 @@ test_AES_GCM_authenticated_encryption_SGL(const struct gcm_test_data *tdata,
 	}
 
 	/* Create GCM opertaion */
-	retval = create_gcm_operation_SGL(RTE_CRYPTO_CIPHER_OP_ENCRYPT,
+	retval = create_gcm_operation_SGL(RTE_CRYPTO_AEAD_OP_ENCRYPT,
 			tdata, digest_mem, digest_phys);
 
 	if (retval < 0)
diff --git a/test/test/test_cryptodev_perf.c b/test/test/test_cryptodev_perf.c
index 3bd9351..5b2468d 100644
--- a/test/test/test_cryptodev_perf.c
+++ b/test/test/test_cryptodev_perf.c
@@ -65,7 +65,8 @@ enum chain_mode {
 	CIPHER_HASH,
 	HASH_CIPHER,
 	CIPHER_ONLY,
-	HASH_ONLY
+	HASH_ONLY,
+	AEAD
 };
 
 
@@ -86,6 +87,7 @@ struct symmetric_op {
 struct symmetric_session_attrs {
 	enum rte_crypto_cipher_operation cipher;
 	enum rte_crypto_auth_operation auth;
+	enum rte_crypto_aead_operation aead;
 
 	enum rte_crypto_cipher_algorithm cipher_algorithm;
 	const uint8_t *key_cipher_data;
@@ -95,6 +97,10 @@ struct symmetric_session_attrs {
 	const uint8_t *key_auth_data;
 	uint32_t key_auth_len;
 
+	enum rte_crypto_aead_algorithm aead_algorithm;
+	const uint8_t *key_aead_data;
+	uint32_t key_aead_len;
+
 	const uint8_t *iv_data;
 	uint16_t iv_len;
 	uint16_t aad_len;
@@ -124,8 +130,9 @@ struct perf_test_params {
 	enum chain_mode chain;
 
 	enum rte_crypto_cipher_algorithm cipher_algo;
-	unsigned cipher_key_length;
+	unsigned int key_length;
 	enum rte_crypto_auth_algorithm auth_algo;
+	enum rte_crypto_aead_algorithm aead_algo;
 
 	struct symmetric_session_attrs *session_attrs;
 
@@ -157,7 +164,8 @@ static struct rte_cryptodev_sym_session *
 test_perf_create_openssl_session(uint8_t dev_id, enum chain_mode chain,
 		enum rte_crypto_cipher_algorithm cipher_algo,
 		unsigned int cipher_key_len,
-		enum rte_crypto_auth_algorithm auth_algo);
+		enum rte_crypto_auth_algorithm auth_algo,
+		enum rte_crypto_aead_algorithm aead_algo);
 static struct rte_cryptodev_sym_session *
 test_perf_create_armv8_session(uint8_t dev_id, enum chain_mode chain,
 		enum rte_crypto_cipher_algorithm cipher_algo,
@@ -191,6 +199,7 @@ static const char *chain_mode_name(enum chain_mode mode)
 	case HASH_CIPHER: return "hash_cipher"; break;
 	case CIPHER_ONLY: return "cipher_only"; break;
 	case HASH_ONLY: return "hash_only"; break;
+	case AEAD: return "aead"; break;
 	default: return ""; break;
 	}
 }
@@ -2085,7 +2094,7 @@ test_perf_snow3G_optimise_cyclecount(struct perf_test_params *pparams)
 	/* Create Crypto session*/
 	sess = test_perf_create_snow3g_session(ts_params->dev_id,
 			pparams->chain, pparams->cipher_algo,
-			pparams->cipher_key_length, pparams->auth_algo);
+			pparams->key_length, pparams->auth_algo);
 	TEST_ASSERT_NOT_NULL(sess, "Session creation failed");
 
 	/* Generate Crypto op data structure(s)*/
@@ -2106,7 +2115,16 @@ test_perf_snow3G_optimise_cyclecount(struct perf_test_params *pparams)
 		c_ops[i] = op;
 	}
 
-	printf("\nOn %s dev%u qp%u, %s, cipher algo:%s, auth_algo:%s, "
+	if (pparams->chain == AEAD)
+		printf("\nOn %s dev%u qp%u, %s, aead algo:%s, "
+			"Packet Size %u bytes",
+			pmd_name(gbl_cryptodev_perftest_devtype),
+			ts_params->dev_id, 0,
+			chain_mode_name(pparams->chain),
+			rte_crypto_aead_algorithm_strings[pparams->aead_algo],
+			pparams->buf_size);
+	else
+		printf("\nOn %s dev%u qp%u, %s, cipher algo:%s, auth_algo:%s, "
 			"Packet Size %u bytes",
 			pmd_name(gbl_cryptodev_perftest_devtype),
 			ts_params->dev_id, 0,
@@ -2196,14 +2214,14 @@ test_perf_snow3G_vary_burst_size(void)
 			{
 					.chain = CIPHER_ONLY,
 					.cipher_algo  = RTE_CRYPTO_CIPHER_SNOW3G_UEA2,
-					.cipher_key_length = 16,
+					.key_length = 16,
 					.auth_algo  = RTE_CRYPTO_AUTH_NULL,
 			},
 			{
 					.chain = HASH_ONLY,
 					.cipher_algo = RTE_CRYPTO_CIPHER_NULL,
 					.auth_algo  = RTE_CRYPTO_AUTH_SNOW3G_UIA2,
-					.cipher_key_length = 16
+					.key_length = 16
 			},
 	};
 
@@ -2260,7 +2278,8 @@ test_perf_openssl_optimise_cyclecount(struct perf_test_params *pparams)
 	/* Create Crypto session*/
 	sess = test_perf_create_openssl_session(ts_params->dev_id,
 			pparams->chain, pparams->cipher_algo,
-			pparams->cipher_key_length, pparams->auth_algo);
+			pparams->key_length, pparams->auth_algo,
+			pparams->aead_algo);
 	TEST_ASSERT_NOT_NULL(sess, "Session creation failed");
 
 	/* Generate Crypto op data structure(s)*/
@@ -2275,21 +2294,22 @@ test_perf_openssl_optimise_cyclecount(struct perf_test_params *pparams)
 						RTE_CRYPTO_OP_TYPE_SYMMETRIC);
 		TEST_ASSERT_NOT_NULL(op, "Failed to allocate op");
 
-		switch (pparams->cipher_algo) {
-		case RTE_CRYPTO_CIPHER_3DES_CBC:
-		case RTE_CRYPTO_CIPHER_3DES_CTR:
-			test_perf_set_crypto_op = test_perf_set_crypto_op_3des;
-			break;
-		case RTE_CRYPTO_CIPHER_AES_CBC:
-		case RTE_CRYPTO_CIPHER_AES_CTR:
-			test_perf_set_crypto_op = test_perf_set_crypto_op_aes;
-			break;
-		case RTE_CRYPTO_CIPHER_AES_GCM:
+		if (pparams->chain == AEAD)
 			test_perf_set_crypto_op =
 						test_perf_set_crypto_op_aes_gcm;
-			break;
-		default:
-			return TEST_FAILED;
+		else {
+			switch (pparams->cipher_algo) {
+			case RTE_CRYPTO_CIPHER_3DES_CBC:
+			case RTE_CRYPTO_CIPHER_3DES_CTR:
+				test_perf_set_crypto_op = test_perf_set_crypto_op_3des;
+				break;
+			case RTE_CRYPTO_CIPHER_AES_CBC:
+			case RTE_CRYPTO_CIPHER_AES_CTR:
+				test_perf_set_crypto_op = test_perf_set_crypto_op_aes;
+				break;
+			default:
+				return TEST_FAILED;
+			}
 		}
 
 		op = test_perf_set_crypto_op(op, m, sess, pparams->buf_size,
@@ -2299,14 +2319,24 @@ test_perf_openssl_optimise_cyclecount(struct perf_test_params *pparams)
 		c_ops[i] = op;
 	}
 
-	printf("\nOn %s dev%u qp%u, %s, cipher algo:%s, cipher key length:%u, "
-			"auth_algo:%s, Packet Size %u bytes",
+	if (pparams->chain == AEAD)
+		printf("\nOn %s dev%u qp%u, %s, aead_algo:%s, "
+			"key length:%u, Packet Size %u bytes",
+			pmd_name(gbl_cryptodev_perftest_devtype),
+			ts_params->dev_id, 0,
+			chain_mode_name(pparams->chain),
+			rte_crypto_aead_algorithm_strings[pparams->aead_algo],
+			pparams->key_length,
+			pparams->buf_size);
+	else
+		printf("\nOn %s dev%u qp%u, %s, cipher algo:%s, auth_algo:%s, "
+			"key length:%u, Packet Size %u bytes",
 			pmd_name(gbl_cryptodev_perftest_devtype),
 			ts_params->dev_id, 0,
 			chain_mode_name(pparams->chain),
 			rte_crypto_cipher_algorithm_strings[pparams->cipher_algo],
-			pparams->cipher_key_length,
 			rte_crypto_auth_algorithm_strings[pparams->auth_algo],
+			pparams->key_length,
 			pparams->buf_size);
 	printf("\nOps Tx\tOps Rx\tOps/burst  ");
 	printf("Retries  EmptyPolls\tIACycles/CyOp\tIACycles/Burst\t"
@@ -2410,7 +2440,7 @@ test_perf_armv8_optimise_cyclecount(struct perf_test_params *pparams)
 	/* Create Crypto session*/
 	sess = test_perf_create_armv8_session(ts_params->dev_id,
 			pparams->chain, pparams->cipher_algo,
-			pparams->cipher_key_length, pparams->auth_algo);
+			pparams->key_length, pparams->auth_algo);
 	TEST_ASSERT_NOT_NULL(sess, "Session creation failed");
 
 	/* Generate Crypto op data structure(s)*/
@@ -2438,7 +2468,7 @@ test_perf_armv8_optimise_cyclecount(struct perf_test_params *pparams)
 			ts_params->dev_id, 0,
 			chain_mode_name(pparams->chain),
 			rte_crypto_cipher_algorithm_strings[pparams->cipher_algo],
-			pparams->cipher_key_length,
+			pparams->key_length,
 			rte_crypto_auth_algorithm_strings[pparams->auth_algo],
 			pparams->buf_size);
 	printf("\nOps Tx\tOps Rx\tOps/burst  ");
@@ -2532,8 +2562,6 @@ static uint32_t get_auth_key_max_length(enum rte_crypto_auth_algorithm algo)
 		return 128;
 	case RTE_CRYPTO_AUTH_SHA512_HMAC:
 		return 128;
-	case RTE_CRYPTO_AUTH_AES_GCM:
-		return 0;
 	default:
 		return 0;
 	}
@@ -2554,7 +2582,15 @@ static uint32_t get_auth_digest_length(enum rte_crypto_auth_algorithm algo)
 		return TRUNCATED_DIGEST_BYTE_LENGTH_SHA384;
 	case RTE_CRYPTO_AUTH_SHA512_HMAC:
 		return TRUNCATED_DIGEST_BYTE_LENGTH_SHA512;
-	case RTE_CRYPTO_AUTH_AES_GCM:
+	default:
+		return 0;
+	}
+}
+
+static uint32_t get_aead_digest_length(enum rte_crypto_aead_algorithm algo)
+{
+	switch (algo) {
+	case RTE_CRYPTO_AEAD_AES_GCM:
 		return DIGEST_BYTE_LENGTH_AES_GCM;
 	default:
 		return 0;
@@ -2732,55 +2768,73 @@ test_perf_create_snow3g_session(uint8_t dev_id, enum chain_mode chain,
 static struct rte_cryptodev_sym_session *
 test_perf_create_openssl_session(uint8_t dev_id, enum chain_mode chain,
 		enum rte_crypto_cipher_algorithm cipher_algo,
-		unsigned int cipher_key_len,
-		enum rte_crypto_auth_algorithm auth_algo)
+		unsigned int key_len,
+		enum rte_crypto_auth_algorithm auth_algo,
+		enum rte_crypto_aead_algorithm aead_algo)
 {
 	struct rte_crypto_sym_xform cipher_xform = { 0 };
 	struct rte_crypto_sym_xform auth_xform = { 0 };
+	struct rte_crypto_sym_xform aead_xform = { 0 };
 
-	/* Setup Cipher Parameters */
-	cipher_xform.type = RTE_CRYPTO_SYM_XFORM_CIPHER;
-	cipher_xform.cipher.algo = cipher_algo;
-	cipher_xform.cipher.iv.offset = IV_OFFSET;
-	cipher_xform.cipher.op = RTE_CRYPTO_CIPHER_OP_ENCRYPT;
+	if (chain == CIPHER_HASH || chain == HASH_CIPHER) {
+		/* Setup Cipher Parameters */
+		cipher_xform.type = RTE_CRYPTO_SYM_XFORM_CIPHER;
+		cipher_xform.cipher.algo = cipher_algo;
+		cipher_xform.cipher.iv.offset = IV_OFFSET;
+		cipher_xform.cipher.op = RTE_CRYPTO_CIPHER_OP_ENCRYPT;
 
-	switch (cipher_algo) {
-	case RTE_CRYPTO_CIPHER_3DES_CBC:
-	case RTE_CRYPTO_CIPHER_3DES_CTR:
-		cipher_xform.cipher.key.data = triple_des_key;
-		cipher_xform.cipher.iv.length = TRIPLE_DES_CIPHER_IV_LENGTH;
-		break;
-	case RTE_CRYPTO_CIPHER_AES_CBC:
-	case RTE_CRYPTO_CIPHER_AES_CTR:
-	case RTE_CRYPTO_CIPHER_AES_GCM:
-		cipher_xform.cipher.key.data = aes_key;
-		cipher_xform.cipher.iv.length = AES_CIPHER_IV_LENGTH;
-		break;
-	default:
-		return NULL;
-	}
+		switch (cipher_algo) {
+		case RTE_CRYPTO_CIPHER_3DES_CBC:
+		case RTE_CRYPTO_CIPHER_3DES_CTR:
+			cipher_xform.cipher.key.data = triple_des_key;
+			cipher_xform.cipher.iv.length = TRIPLE_DES_CIPHER_IV_LENGTH;
+			break;
+		case RTE_CRYPTO_CIPHER_AES_CBC:
+		case RTE_CRYPTO_CIPHER_AES_CTR:
+			cipher_xform.cipher.key.data = aes_key;
+			cipher_xform.cipher.iv.length = AES_CIPHER_IV_LENGTH;
+			break;
+		default:
+			return NULL;
+		}
 
-	cipher_xform.cipher.key.length = cipher_key_len;
+		cipher_xform.cipher.key.length = key_len;
 
-	/* Setup Auth Parameters */
-	auth_xform.type = RTE_CRYPTO_SYM_XFORM_AUTH;
-	auth_xform.auth.op = RTE_CRYPTO_AUTH_OP_GENERATE;
-	auth_xform.auth.algo = auth_algo;
+		/* Setup Auth Parameters */
+		auth_xform.type = RTE_CRYPTO_SYM_XFORM_AUTH;
+		auth_xform.auth.op = RTE_CRYPTO_AUTH_OP_GENERATE;
+		auth_xform.auth.algo = auth_algo;
 
-	switch (auth_algo) {
-	case RTE_CRYPTO_AUTH_SHA1_HMAC:
-		auth_xform.auth.key.data = hmac_sha_key;
-		break;
-	case RTE_CRYPTO_AUTH_AES_GCM:
-		auth_xform.auth.key.data = NULL;
-		auth_xform.auth.add_auth_data_length = AES_GCM_AAD_LENGTH;
-		break;
-	default:
-		return NULL;
-	}
+		switch (auth_algo) {
+		case RTE_CRYPTO_AUTH_SHA1_HMAC:
+			auth_xform.auth.key.data = hmac_sha_key;
+			break;
+		default:
+			return NULL;
+		}
 
-	auth_xform.auth.key.length =  get_auth_key_max_length(auth_algo);
-	auth_xform.auth.digest_length = get_auth_digest_length(auth_algo);
+		auth_xform.auth.key.length =  get_auth_key_max_length(auth_algo);
+		auth_xform.auth.digest_length = get_auth_digest_length(auth_algo);
+	} else if (chain == AEAD) {
+		/* Setup AEAD Parameters */
+		aead_xform.type = RTE_CRYPTO_SYM_XFORM_AEAD;
+		aead_xform.aead.op = RTE_CRYPTO_AEAD_OP_ENCRYPT;
+		aead_xform.aead.algo = aead_algo;
+		aead_xform.aead.iv.offset = IV_OFFSET;
+
+		switch (aead_algo) {
+		case RTE_CRYPTO_AEAD_AES_GCM:
+			aead_xform.aead.key.data = aes_key;
+			aead_xform.aead.iv.length = AES_CIPHER_IV_LENGTH;
+			aead_xform.aead.add_auth_data_length = AES_GCM_AAD_LENGTH;
+			aead_xform.aead.digest_length = get_aead_digest_length(auth_algo);
+			break;
+		default:
+			return NULL;
+		}
+
+		aead_xform.aead.key.length = key_len;
+	}
 
 	switch (chain) {
 	case CIPHER_HASH:
@@ -2793,6 +2847,9 @@ test_perf_create_openssl_session(uint8_t dev_id, enum chain_mode chain,
 		cipher_xform.next = NULL;
 		/* Create Crypto session*/
 		return rte_cryptodev_sym_session_create(dev_id,	&auth_xform);
+	case AEAD:
+		/* Create Crypto session*/
+		return rte_cryptodev_sym_session_create(dev_id,	&aead_xform);
 	default:
 		return NULL;
 	}
@@ -2916,22 +2973,19 @@ test_perf_set_crypto_op_aes_gcm(struct rte_crypto_op *op, struct rte_mbuf *m,
 	}
 
 	/* Authentication Parameters */
-	op->sym->auth.digest.data = (uint8_t *)m->buf_addr +
+	op->sym->aead.digest.data = (uint8_t *)m->buf_addr +
 					(m->data_off + data_len);
-	op->sym->auth.digest.phys_addr =
+	op->sym->aead.digest.phys_addr =
 				rte_pktmbuf_mtophys_offset(m, data_len);
-	op->sym->auth.aad.data = aes_gcm_aad;
+	op->sym->aead.aad.data = aes_gcm_aad;
 
 	/* Copy IV at the end of the crypto operation */
 	rte_memcpy(rte_crypto_op_ctod_offset(op, uint8_t *, IV_OFFSET),
 			aes_iv, AES_CIPHER_IV_LENGTH);
 
 	/* Data lengths/offsets Parameters */
-	op->sym->auth.data.offset = 0;
-	op->sym->auth.data.length = data_len;
-
-	op->sym->cipher.data.offset = 0;
-	op->sym->cipher.data.length = data_len;
+	op->sym->aead.data.offset = 0;
+	op->sym->aead.data.length = data_len;
 
 	op->sym->m_src = m;
 
@@ -3102,7 +3156,7 @@ test_perf_aes_sha(uint8_t dev_id, uint16_t queue_id,
 	/* Create Crypto session*/
 	sess = test_perf_create_aes_sha_session(ts_params->dev_id,
 			pparams->chain, pparams->cipher_algo,
-			pparams->cipher_key_length, pparams->auth_algo);
+			pparams->key_length, pparams->auth_algo);
 	TEST_ASSERT_NOT_NULL(sess, "Session creation failed");
 
 	/* Generate a burst of crypto operations */
@@ -3235,7 +3289,7 @@ test_perf_snow3g(uint8_t dev_id, uint16_t queue_id,
 	/* Create Crypto session*/
 	sess = test_perf_create_snow3g_session(ts_params->dev_id,
 			pparams->chain, pparams->cipher_algo,
-			pparams->cipher_key_length, pparams->auth_algo);
+			pparams->key_length, pparams->auth_algo);
 	TEST_ASSERT_NOT_NULL(sess, "Session creation failed");
 
 	/* Generate a burst of crypto operations */
@@ -3394,20 +3448,22 @@ test_perf_openssl(uint8_t dev_id, uint16_t queue_id,
 					unsigned int,
 					enum chain_mode);
 
-	switch (pparams->cipher_algo) {
-	case RTE_CRYPTO_CIPHER_3DES_CBC:
-	case RTE_CRYPTO_CIPHER_3DES_CTR:
-		test_perf_set_crypto_op = test_perf_set_crypto_op_3des;
-		break;
-	case RTE_CRYPTO_CIPHER_AES_CBC:
-	case RTE_CRYPTO_CIPHER_AES_CTR:
-		test_perf_set_crypto_op = test_perf_set_crypto_op_aes;
-		break;
-	case RTE_CRYPTO_CIPHER_AES_GCM:
-		test_perf_set_crypto_op = test_perf_set_crypto_op_aes_gcm;
-		break;
-	default:
-		return TEST_FAILED;
+	if (pparams->chain == AEAD)
+		test_perf_set_crypto_op =
+					test_perf_set_crypto_op_aes_gcm;
+	else {
+		switch (pparams->cipher_algo) {
+		case RTE_CRYPTO_CIPHER_3DES_CBC:
+		case RTE_CRYPTO_CIPHER_3DES_CTR:
+			test_perf_set_crypto_op = test_perf_set_crypto_op_3des;
+			break;
+		case RTE_CRYPTO_CIPHER_AES_CBC:
+		case RTE_CRYPTO_CIPHER_AES_CTR:
+			test_perf_set_crypto_op = test_perf_set_crypto_op_aes;
+			break;
+		default:
+			return TEST_FAILED;
+		}
 	}
 
 	if (rte_cryptodev_count() == 0) {
@@ -3418,7 +3474,8 @@ test_perf_openssl(uint8_t dev_id, uint16_t queue_id,
 	/* Create Crypto session*/
 	sess = test_perf_create_openssl_session(ts_params->dev_id,
 			pparams->chain, pparams->cipher_algo,
-			pparams->cipher_key_length, pparams->auth_algo);
+			pparams->key_length, pparams->auth_algo,
+			pparams->aead_algo);
 	TEST_ASSERT_NOT_NULL(sess, "Session creation failed");
 
 	/* Generate a burst of crypto operations */
@@ -3548,7 +3605,7 @@ test_perf_armv8(uint8_t dev_id, uint16_t queue_id,
 	/* Create Crypto session*/
 	sess = test_perf_create_armv8_session(ts_params->dev_id,
 			pparams->chain, pparams->cipher_algo,
-			pparams->cipher_key_length, pparams->auth_algo);
+			pparams->key_length, pparams->auth_algo);
 	TEST_ASSERT_NOT_NULL(sess, "Session creation failed");
 
 	/* Generate a burst of crypto operations */
@@ -3674,48 +3731,48 @@ test_perf_aes_cbc_encrypt_digest_vary_pkt_size(void)
 		{
 			.chain = CIPHER_ONLY,
 			.cipher_algo  = RTE_CRYPTO_CIPHER_AES_CBC,
-			.cipher_key_length = 16,
+			.key_length = 16,
 			.auth_algo = RTE_CRYPTO_AUTH_NULL
 		},
 		{
 			.chain = CIPHER_HASH,
 			.cipher_algo  = RTE_CRYPTO_CIPHER_AES_CBC,
-			.cipher_key_length = 16,
+			.key_length = 16,
 			.auth_algo = RTE_CRYPTO_AUTH_SHA1_HMAC
 		},
 		{
 			.chain = CIPHER_HASH,
 
 			.cipher_algo  = RTE_CRYPTO_CIPHER_AES_CBC,
-			.cipher_key_length = 16,
+			.key_length = 16,
 			.auth_algo = RTE_CRYPTO_AUTH_SHA256_HMAC
 		},
 		{
 			.chain = CIPHER_HASH,
 
 			.cipher_algo  = RTE_CRYPTO_CIPHER_AES_CBC,
-			.cipher_key_length = 16,
+			.key_length = 16,
 			.auth_algo = RTE_CRYPTO_AUTH_SHA512_HMAC
 		},
 		{
 			.chain = CIPHER_HASH,
 
 			.cipher_algo  = RTE_CRYPTO_CIPHER_AES_CBC,
-			.cipher_key_length = 32,
+			.key_length = 32,
 			.auth_algo = RTE_CRYPTO_AUTH_SHA1_HMAC
 		},
 		{
 			.chain = CIPHER_HASH,
 
 			.cipher_algo  = RTE_CRYPTO_CIPHER_AES_CBC,
-			.cipher_key_length = 32,
+			.key_length = 32,
 			.auth_algo = RTE_CRYPTO_AUTH_SHA256_HMAC
 		},
 		{
 			.chain = CIPHER_HASH,
 
 			.cipher_algo  = RTE_CRYPTO_CIPHER_AES_CBC,
-			.cipher_key_length = 32,
+			.key_length = 32,
 			.auth_algo = RTE_CRYPTO_AUTH_SHA512_HMAC
 		},
 	};
@@ -3729,7 +3786,7 @@ test_perf_aes_cbc_encrypt_digest_vary_pkt_size(void)
 			chain_mode_name(params_set[i].chain),
 			rte_crypto_cipher_algorithm_strings[params_set[i].cipher_algo],
 			rte_crypto_auth_algorithm_strings[params_set[i].auth_algo],
-			params_set[i].cipher_key_length,
+			params_set[i].key_length,
 			burst_size);
 		printf("\nBuffer Size(B)\tOPS(M)\tThroughput(Gbps)\t"
 			"Retries\tEmptyPolls\n");
@@ -3755,14 +3812,14 @@ test_perf_snow3G_vary_pkt_size(void)
 		{
 			.chain = CIPHER_ONLY,
 			.cipher_algo  = RTE_CRYPTO_CIPHER_SNOW3G_UEA2,
-			.cipher_key_length = 16,
+			.key_length = 16,
 			.auth_algo  = RTE_CRYPTO_AUTH_NULL,
 		},
 		{
 			.chain = HASH_ONLY,
 			.cipher_algo = RTE_CRYPTO_CIPHER_NULL,
 			.auth_algo  = RTE_CRYPTO_AUTH_SNOW3G_UIA2,
-			.cipher_key_length = 16
+			.key_length = 16
 		},
 	};
 
@@ -3817,63 +3874,77 @@ test_perf_openssl_vary_pkt_size(void)
 			.chain = CIPHER_HASH,
 
 			.cipher_algo  = RTE_CRYPTO_CIPHER_3DES_CBC,
-			.cipher_key_length = 16,
+			.key_length = 16,
 			.auth_algo = RTE_CRYPTO_AUTH_SHA1_HMAC
 		},
 		{
 			.chain = CIPHER_HASH,
 
 			.cipher_algo  = RTE_CRYPTO_CIPHER_3DES_CBC,
-			.cipher_key_length = 24,
+			.key_length = 24,
 			.auth_algo = RTE_CRYPTO_AUTH_SHA1_HMAC
 		},
 		{
 			.chain = CIPHER_HASH,
 
 			.cipher_algo  = RTE_CRYPTO_CIPHER_AES_CTR,
-			.cipher_key_length = 16,
+			.key_length = 16,
 			.auth_algo = RTE_CRYPTO_AUTH_SHA1_HMAC
 		},
 		{
 			.chain = CIPHER_HASH,
 
 			.cipher_algo  = RTE_CRYPTO_CIPHER_AES_CTR,
-			.cipher_key_length = 32,
+			.key_length = 32,
 			.auth_algo = RTE_CRYPTO_AUTH_SHA1_HMAC
 		},
 		{
 			.chain = CIPHER_HASH,
 
 			.cipher_algo  = RTE_CRYPTO_CIPHER_3DES_CTR,
-			.cipher_key_length = 16,
+			.key_length = 16,
 			.auth_algo = RTE_CRYPTO_AUTH_SHA1_HMAC
 		},
 		{
 			.chain = CIPHER_HASH,
 
 			.cipher_algo  = RTE_CRYPTO_CIPHER_3DES_CTR,
-			.cipher_key_length = 24,
+			.key_length = 24,
 			.auth_algo = RTE_CRYPTO_AUTH_SHA1_HMAC
 		},
 		{
-			.chain = CIPHER_HASH,
+			.chain = AEAD,
 
-			.cipher_algo  = RTE_CRYPTO_CIPHER_AES_GCM,
-			.cipher_key_length = 16,
-			.auth_algo = RTE_CRYPTO_AUTH_AES_GCM
+			.aead_algo  = RTE_CRYPTO_AEAD_AES_GCM,
+			.key_length = 16,
 		},
 	};
 
 	for (i = 0; i < RTE_DIM(params_set); i++) {
 		params_set[i].total_operations = total_operations;
 		params_set[i].burst_size = burst_size;
-		printf("\n%s. cipher algo: %s auth algo: %s cipher key size=%u."
-			" burst_size: %d ops\n",
-			chain_mode_name(params_set[i].chain),
-			rte_crypto_cipher_algorithm_strings[params_set[i].cipher_algo],
-			rte_crypto_auth_algorithm_strings[params_set[i].auth_algo],
-			params_set[i].cipher_key_length,
-			burst_size);
+		if (params_set[i].chain == AEAD) {
+			enum rte_crypto_aead_algorithm aead_algo =
+				params_set[i].aead_algo;
+			printf("\n%s. aead algo: %s  key size=%u."
+				" burst_size: %d ops\n",
+				chain_mode_name(params_set[i].chain),
+				rte_crypto_aead_algorithm_strings[aead_algo],
+				params_set[i].key_length,
+				burst_size);
+		} else {
+			enum rte_crypto_cipher_algorithm cipher_algo =
+				params_set[i].cipher_algo;
+			enum rte_crypto_auth_algorithm auth_algo =
+				params_set[i].auth_algo;
+			printf("\n%s. cipher algo: %s auth algo: %s key size=%u."
+				" burst_size: %d ops\n",
+				chain_mode_name(params_set[i].chain),
+				rte_crypto_cipher_algorithm_strings[cipher_algo],
+				rte_crypto_auth_algorithm_strings[auth_algo],
+				params_set[i].key_length,
+				burst_size);
+		}
 		printf("\nBuffer Size(B)\tOPS(M)\tThroughput(Gbps)\tRetries\t"
 				"EmptyPolls\n");
 		for (j = 0; j < RTE_DIM(buf_lengths); j++) {
@@ -3898,50 +3969,49 @@ test_perf_openssl_vary_burst_size(void)
 			.chain = CIPHER_HASH,
 
 			.cipher_algo  = RTE_CRYPTO_CIPHER_3DES_CBC,
-			.cipher_key_length = 16,
+			.key_length = 16,
 			.auth_algo = RTE_CRYPTO_AUTH_SHA1_HMAC
 		},
 		{
 			.chain = CIPHER_HASH,
 
 			.cipher_algo  = RTE_CRYPTO_CIPHER_3DES_CBC,
-			.cipher_key_length = 24,
+			.key_length = 24,
 			.auth_algo = RTE_CRYPTO_AUTH_SHA1_HMAC
 		},
 		{
 			.chain = CIPHER_HASH,
 
 			.cipher_algo  = RTE_CRYPTO_CIPHER_AES_CTR,
-			.cipher_key_length = 16,
+			.key_length = 16,
 			.auth_algo = RTE_CRYPTO_AUTH_SHA1_HMAC
 		},
 		{
 			.chain = CIPHER_HASH,
 
 			.cipher_algo  = RTE_CRYPTO_CIPHER_AES_CTR,
-			.cipher_key_length = 32,
+			.key_length = 32,
 			.auth_algo = RTE_CRYPTO_AUTH_SHA1_HMAC
 		},
 		{
 			.chain = CIPHER_HASH,
 
 			.cipher_algo  = RTE_CRYPTO_CIPHER_3DES_CTR,
-			.cipher_key_length = 16,
+			.key_length = 16,
 			.auth_algo = RTE_CRYPTO_AUTH_SHA1_HMAC
 		},
 		{
 			.chain = CIPHER_HASH,
 
 			.cipher_algo  = RTE_CRYPTO_CIPHER_3DES_CTR,
-			.cipher_key_length = 24,
+			.key_length = 24,
 			.auth_algo = RTE_CRYPTO_AUTH_SHA1_HMAC
 		},
 		{
-			.chain = CIPHER_HASH,
+			.chain = AEAD,
 
-			.cipher_algo  = RTE_CRYPTO_CIPHER_AES_GCM,
-			.cipher_key_length = 16,
-			.auth_algo = RTE_CRYPTO_AUTH_AES_GCM
+			.aead_algo  = RTE_CRYPTO_AEAD_AES_GCM,
+			.key_length = 16,
 		},
 	};
 
@@ -3978,28 +4048,28 @@ test_perf_armv8_vary_pkt_size(void)
 			.chain = CIPHER_HASH,
 
 			.cipher_algo  = RTE_CRYPTO_CIPHER_AES_CBC,
-			.cipher_key_length = 16,
+			.key_length = 16,
 			.auth_algo = RTE_CRYPTO_AUTH_SHA1_HMAC
 		},
 		{
 			.chain = HASH_CIPHER,
 
 			.cipher_algo  = RTE_CRYPTO_CIPHER_AES_CBC,
-			.cipher_key_length = 16,
+			.key_length = 16,
 			.auth_algo = RTE_CRYPTO_AUTH_SHA1_HMAC
 		},
 		{
 			.chain = CIPHER_HASH,
 
 			.cipher_algo  = RTE_CRYPTO_CIPHER_AES_CBC,
-			.cipher_key_length = 16,
+			.key_length = 16,
 			.auth_algo = RTE_CRYPTO_AUTH_SHA256_HMAC
 		},
 		{
 			.chain = HASH_CIPHER,
 
 			.cipher_algo  = RTE_CRYPTO_CIPHER_AES_CBC,
-			.cipher_key_length = 16,
+			.key_length = 16,
 			.auth_algo = RTE_CRYPTO_AUTH_SHA256_HMAC
 		},
 	};
@@ -4012,7 +4082,7 @@ test_perf_armv8_vary_pkt_size(void)
 			chain_mode_name(params_set[i].chain),
 			rte_crypto_cipher_algorithm_strings[params_set[i].cipher_algo],
 			rte_crypto_auth_algorithm_strings[params_set[i].auth_algo],
-			params_set[i].cipher_key_length,
+			params_set[i].key_length,
 			burst_size);
 		printf("\nBuffer Size(B)\tOPS(M)\tThroughput(Gbps)\tRetries\t"
 				"EmptyPolls\n");
@@ -4038,28 +4108,28 @@ test_perf_armv8_vary_burst_size(void)
 			.chain = CIPHER_HASH,
 
 			.cipher_algo  = RTE_CRYPTO_CIPHER_AES_CBC,
-			.cipher_key_length = 16,
+			.key_length = 16,
 			.auth_algo = RTE_CRYPTO_AUTH_SHA1_HMAC
 		},
 		{
 			.chain = HASH_CIPHER,
 
 			.cipher_algo  = RTE_CRYPTO_CIPHER_AES_CBC,
-			.cipher_key_length = 16,
+			.key_length = 16,
 			.auth_algo = RTE_CRYPTO_AUTH_SHA1_HMAC
 		},
 		{
 			.chain = CIPHER_HASH,
 
 			.cipher_algo  = RTE_CRYPTO_CIPHER_AES_CBC,
-			.cipher_key_length = 16,
+			.key_length = 16,
 			.auth_algo = RTE_CRYPTO_AUTH_SHA256_HMAC
 		},
 		{
 			.chain = HASH_CIPHER,
 
 			.cipher_algo  = RTE_CRYPTO_CIPHER_AES_CBC,
-			.cipher_key_length = 16,
+			.key_length = 16,
 			.auth_algo = RTE_CRYPTO_AUTH_SHA256_HMAC
 		},
 	};
@@ -4094,48 +4164,26 @@ static struct rte_cryptodev_sym_session *
 test_perf_create_session(uint8_t dev_id, struct perf_test_params *pparams)
 {
 	static struct rte_cryptodev_sym_session *sess;
-	struct rte_crypto_sym_xform cipher_xform = { 0 };
-	struct rte_crypto_sym_xform auth_xform = { 0 };
-
-	uint8_t cipher_key[pparams->session_attrs->key_cipher_len];
-	uint8_t auth_key[pparams->session_attrs->key_auth_len];
-
-	memcpy(cipher_key, pparams->session_attrs->key_cipher_data,
-		 pparams->session_attrs->key_cipher_len);
-	memcpy(auth_key, pparams->session_attrs->key_auth_data,
-		 pparams->session_attrs->key_auth_len);
-
-	cipher_xform.type = RTE_CRYPTO_SYM_XFORM_CIPHER;
-	cipher_xform.next = NULL;
-
-	cipher_xform.cipher.algo = pparams->session_attrs->cipher_algorithm;
-	cipher_xform.cipher.op = pparams->session_attrs->cipher;
-	cipher_xform.cipher.key.data = cipher_key;
-	cipher_xform.cipher.key.length = pparams->session_attrs->key_cipher_len;
-	cipher_xform.cipher.iv.length = pparams->session_attrs->iv_len;
-	cipher_xform.cipher.iv.offset = IV_OFFSET;
+	struct rte_crypto_sym_xform aead_xform = { 0 };
 
-	auth_xform.type = RTE_CRYPTO_SYM_XFORM_AUTH;
-	auth_xform.next = NULL;
+	uint8_t aead_key[pparams->session_attrs->key_aead_len];
 
-	auth_xform.auth.op = pparams->session_attrs->auth;
-	auth_xform.auth.algo = pparams->session_attrs->auth_algorithm;
+	memcpy(aead_key, pparams->session_attrs->key_aead_data,
+		 pparams->session_attrs->key_aead_len);
 
-	auth_xform.auth.add_auth_data_length = pparams->session_attrs->aad_len;
-	auth_xform.auth.digest_length = pparams->session_attrs->digest_len;
-	auth_xform.auth.key.length = pparams->session_attrs->key_auth_len;
+	aead_xform.type = RTE_CRYPTO_SYM_XFORM_AEAD;
+	aead_xform.next = NULL;
 
+	aead_xform.aead.algo = pparams->session_attrs->aead_algorithm;
+	aead_xform.aead.op = pparams->session_attrs->aead;
+	aead_xform.aead.key.data = aead_key;
+	aead_xform.aead.key.length = pparams->session_attrs->key_aead_len;
+	aead_xform.aead.iv.length = pparams->session_attrs->iv_len;
+	aead_xform.aead.iv.offset = IV_OFFSET;
+	aead_xform.aead.add_auth_data_length = pparams->session_attrs->aad_len;
+	aead_xform.aead.digest_length = pparams->session_attrs->digest_len;
 
-	cipher_xform.cipher.op = RTE_CRYPTO_CIPHER_OP_ENCRYPT;
-	if (cipher_xform.cipher.op == RTE_CRYPTO_CIPHER_OP_ENCRYPT) {
-		cipher_xform.next = &auth_xform;
-		sess = rte_cryptodev_sym_session_create(dev_id,
-				&cipher_xform);
-	} else {
-		auth_xform.next = &cipher_xform;
-		sess = rte_cryptodev_sym_session_create(dev_id,
-				&auth_xform);
-	}
+	sess = rte_cryptodev_sym_session_create(dev_id,	&aead_xform);
 
 	return sess;
 }
@@ -4154,17 +4202,17 @@ perf_gcm_set_crypto_op(struct rte_crypto_op *op, struct rte_mbuf *m,
 		return NULL;
 	}
 
-	op->sym->auth.digest.data = m_hlp->digest;
-	op->sym->auth.digest.phys_addr = rte_pktmbuf_mtophys_offset(
+	op->sym->aead.digest.data = m_hlp->digest;
+	op->sym->aead.digest.phys_addr = rte_pktmbuf_mtophys_offset(
 					  m,
 					  params->session_attrs->aad_len +
 					  params->symmetric_op->p_len);
 
 
-	op->sym->auth.aad.data = m_hlp->aad;
-	op->sym->auth.aad.phys_addr = rte_pktmbuf_mtophys(m);
+	op->sym->aead.aad.data = m_hlp->aad;
+	op->sym->aead.aad.phys_addr = rte_pktmbuf_mtophys(m);
 
-	rte_memcpy(op->sym->auth.aad.data, params->symmetric_op->aad_data,
+	rte_memcpy(op->sym->aead.aad.data, params->symmetric_op->aad_data,
 		       params->session_attrs->aad_len);
 
 	rte_memcpy(iv_ptr, params->session_attrs->iv_data,
@@ -4172,13 +4220,9 @@ perf_gcm_set_crypto_op(struct rte_crypto_op *op, struct rte_mbuf *m,
 	if (params->session_attrs->iv_len == 12)
 		iv_ptr[15] = 1;
 
-	op->sym->auth.data.offset =
-			params->session_attrs->aad_len;
-	op->sym->auth.data.length = params->symmetric_op->p_len;
-
-	op->sym->cipher.data.offset =
+	op->sym->aead.data.offset =
 			params->session_attrs->aad_len;
-	op->sym->cipher.data.length = params->symmetric_op->p_len;
+	op->sym->aead.data.length = params->symmetric_op->p_len;
 
 	op->sym->m_src = m;
 
@@ -4392,20 +4436,14 @@ test_perf_AES_GCM(int continual_buf_len, int continual_size)
 
 		gcm_test = gcm_tests[i];
 
-		session_attrs[i].cipher =
-				RTE_CRYPTO_CIPHER_OP_ENCRYPT;
-		session_attrs[i].cipher_algorithm =
-				RTE_CRYPTO_CIPHER_AES_GCM;
-		session_attrs[i].key_cipher_data =
+		session_attrs[i].aead =
+				RTE_CRYPTO_AEAD_OP_ENCRYPT;
+		session_attrs[i].aead_algorithm =
+				RTE_CRYPTO_AEAD_AES_GCM;
+		session_attrs[i].key_aead_data =
 				gcm_test->key.data;
-		session_attrs[i].key_cipher_len =
+		session_attrs[i].key_aead_len =
 				gcm_test->key.len;
-		session_attrs[i].auth_algorithm =
-				RTE_CRYPTO_AUTH_AES_GCM;
-		session_attrs[i].auth =
-			RTE_CRYPTO_AUTH_OP_GENERATE;
-		session_attrs[i].key_auth_data = NULL;
-		session_attrs[i].key_auth_len = 0;
 		session_attrs[i].aad_len = gcm_test->aad.len;
 		session_attrs[i].digest_len =
 				gcm_test->auth_tag.len;
@@ -4420,7 +4458,7 @@ test_perf_AES_GCM(int continual_buf_len, int continual_size)
 		ops_set[i].t_data = gcm_test->auth_tags[i].data;
 		ops_set[i].t_len = gcm_test->auth_tags[i].len;
 
-		params_set[i].chain = CIPHER_HASH;
+		params_set[i].chain = AEAD;
 		params_set[i].session_attrs = &session_attrs[i];
 		params_set[i].symmetric_op = &ops_set[i];
 		if (continual_buf_len)
@@ -4522,7 +4560,7 @@ test_perf_continual_performance_test(void)
 		.chain = CIPHER_HASH,
 
 		.cipher_algo  = RTE_CRYPTO_CIPHER_AES_CBC,
-		.cipher_key_length = 16,
+		.key_length = 16,
 		.auth_algo = RTE_CRYPTO_AUTH_SHA1_HMAC
 	};
 
@@ -4532,7 +4570,7 @@ test_perf_continual_performance_test(void)
 			chain_mode_name(params_set.chain),
 			rte_crypto_cipher_algorithm_strings[params_set.cipher_algo],
 			rte_crypto_auth_algorithm_strings[params_set.auth_algo],
-			params_set.cipher_key_length,
+			params_set.key_length,
 			burst_size);
 		printf("\nBuffer Size(B)\tOPS(M)\tThroughput(Gbps)\t"
 				"Retries\tEmptyPolls\n");
-- 
2.9.4

^ permalink raw reply	[flat|nested] 100+ messages in thread

* [dpdk-dev] [PATCH v3 26/26] cryptodev: remove AAD from authentication structure
  2017-06-29 11:34   ` [dpdk-dev] [PATCH v3 00/26] Crypto operation restructuring Pablo de Lara
                       ` (24 preceding siblings ...)
  2017-06-29 11:35     ` [dpdk-dev] [PATCH v3 25/26] cryptodev: use AES-GCM/CCM as AEAD algorithms Pablo de Lara
@ 2017-06-29 11:35     ` Pablo de Lara
  2017-06-30 13:23     ` [dpdk-dev] [PATCH v3 00/26] Crypto operation restructuring Trahe, Fiona
  2017-07-02  5:41     ` [dpdk-dev] [PATCH v4 " Pablo de Lara
  27 siblings, 0 replies; 100+ messages in thread
From: Pablo de Lara @ 2017-06-29 11:35 UTC (permalink / raw)
  To: declan.doherty, zbigniew.bodek, jerin.jacob, akhil.goyal,
	hemant.agrawal, fiona.trahe, john.griffin, deepak.k.jain
  Cc: dev, Pablo de Lara

Now that AAD is only used in AEAD algorithms,
there is no need to keep AAD in the authentication
structure.

Signed-off-by: Pablo de Lara <pablo.de.lara.guarch@intel.com>
Acked-by: Akhil Goyal <akhil.goyal@nxp.com>
---
 app/test-crypto-perf/cperf_ops.c         |  2 --
 doc/guides/prog_guide/cryptodev_lib.rst  |  6 ------
 doc/guides/rel_notes/release_17_08.rst   |  3 +++
 drivers/crypto/openssl/rte_openssl_pmd.c |  1 -
 lib/librte_cryptodev/rte_crypto_sym.h    | 26 --------------------------
 test/test/test_cryptodev.c               |  4 ----
 test/test/test_cryptodev_perf.c          |  1 -
 7 files changed, 3 insertions(+), 40 deletions(-)

diff --git a/app/test-crypto-perf/cperf_ops.c b/app/test-crypto-perf/cperf_ops.c
index a63fd83..8407503 100644
--- a/app/test-crypto-perf/cperf_ops.c
+++ b/app/test-crypto-perf/cperf_ops.c
@@ -425,7 +425,6 @@ cperf_create_session(uint8_t dev_id,
 					test_vector->auth_iv.length;
 		} else {
 			auth_xform.auth.digest_length = 0;
-			auth_xform.auth.add_auth_data_length = 0;
 			auth_xform.auth.key.length = 0;
 			auth_xform.auth.key.data = NULL;
 			auth_xform.auth.iv.length = 0;
@@ -478,7 +477,6 @@ cperf_create_session(uint8_t dev_id,
 					test_vector->auth_key.data;
 		} else {
 			auth_xform.auth.digest_length = 0;
-			auth_xform.auth.add_auth_data_length = 0;
 			auth_xform.auth.key.length = 0;
 			auth_xform.auth.key.data = NULL;
 			auth_xform.auth.iv.length = 0;
diff --git a/doc/guides/prog_guide/cryptodev_lib.rst b/doc/guides/prog_guide/cryptodev_lib.rst
index 5048839..f250c00 100644
--- a/doc/guides/prog_guide/cryptodev_lib.rst
+++ b/doc/guides/prog_guide/cryptodev_lib.rst
@@ -567,12 +567,6 @@ chain.
                         uint8_t *data;
                         phys_addr_t phys_addr;
                     } digest; /**< Digest parameters */
-
-                    struct {
-                        uint8_t *data;
-                        phys_addr_t phys_addr;
-                    } aad;
-                    /**< Additional authentication parameters */
                 } auth;
             };
         };
diff --git a/doc/guides/rel_notes/release_17_08.rst b/doc/guides/rel_notes/release_17_08.rst
index 2c6bef5..d29b203 100644
--- a/doc/guides/rel_notes/release_17_08.rst
+++ b/doc/guides/rel_notes/release_17_08.rst
@@ -176,6 +176,9 @@ API Changes
   * Changed field size of digest length in ``rte_crypto_auth_xform``,
     from uint32_t to uint16_t.
   * Added AEAD structure in ``rte_crypto_sym_op``.
+  * Removed AAD length from ``rte_crypto_auth_xform``.
+  * Removed AAD pointer and physical address from auth structure
+    in ``rte_crypto_sym_op``.
 
 
 ABI Changes
diff --git a/drivers/crypto/openssl/rte_openssl_pmd.c b/drivers/crypto/openssl/rte_openssl_pmd.c
index 7f5c6aa..73e7ff1 100644
--- a/drivers/crypto/openssl/rte_openssl_pmd.c
+++ b/drivers/crypto/openssl/rte_openssl_pmd.c
@@ -413,7 +413,6 @@ openssl_set_session_auth_parameters(struct openssl_session *sess,
 		return -EINVAL;
 	}
 
-	sess->auth.aad_length = xform->auth.add_auth_data_length;
 	sess->auth.digest_length = xform->auth.digest_length;
 
 	return 0;
diff --git a/lib/librte_cryptodev/rte_crypto_sym.h b/lib/librte_cryptodev/rte_crypto_sym.h
index dab042b..742dc34 100644
--- a/lib/librte_cryptodev/rte_crypto_sym.h
+++ b/lib/librte_cryptodev/rte_crypto_sym.h
@@ -326,13 +326,6 @@ struct rte_crypto_auth_xform {
 	 * the result shall be truncated.
 	 */
 
-	uint16_t add_auth_data_length;
-	/**< The length of the additional authenticated data (AAD) in bytes.
-	 * The maximum permitted value is 65535 (2^16 - 1) bytes, unless
-	 * otherwise specified below.
-	 *
-	 */
-
 	struct {
 		uint16_t offset;
 		/**< Starting point for Initialisation Vector or Counter,
@@ -670,25 +663,6 @@ struct rte_crypto_sym_op {
 					phys_addr_t phys_addr;
 					/**< Physical address of digest */
 				} digest; /**< Digest parameters */
-
-				struct {
-					uint8_t *data;
-					/**< Pointer to Additional Authenticated
-					 * Data (AAD) needed for authenticated cipher
-					 * mechanisms (CCM and GCM).
-					 *
-					 * The length of the data pointed to by this
-					 * field is set up for the session in the @ref
-					 * rte_crypto_auth_xform structure as part of
-					 * the @ref rte_cryptodev_sym_session_create
-					 * function call.
-					 * This length must not exceed 65535 (2^16-1)
-					 * bytes.
-					 *
-					 */
-					phys_addr_t phys_addr;	/**< physical address */
-				} aad;
-				/**< Additional authentication parameters */
 			} auth;
 		};
 	};
diff --git a/test/test/test_cryptodev.c b/test/test/test_cryptodev.c
index 21c6270..db0999e 100644
--- a/test/test/test_cryptodev.c
+++ b/test/test/test_cryptodev.c
@@ -5530,7 +5530,6 @@ static int MD5_HMAC_create_session(struct crypto_testsuite_params *ts_params,
 	ut_params->auth_xform.auth.algo = RTE_CRYPTO_AUTH_MD5_HMAC;
 
 	ut_params->auth_xform.auth.digest_length = MD5_DIGEST_LEN;
-	ut_params->auth_xform.auth.add_auth_data_length = 0;
 	ut_params->auth_xform.auth.key.length = test_case->key.len;
 	ut_params->auth_xform.auth.key.data = key;
 
@@ -6303,7 +6302,6 @@ static int create_gmac_session(uint8_t dev_id,
 	ut_params->auth_xform.auth.algo = RTE_CRYPTO_AUTH_AES_GMAC;
 	ut_params->auth_xform.auth.op = auth_op;
 	ut_params->auth_xform.auth.digest_length = tdata->gmac_tag.len;
-	ut_params->auth_xform.auth.add_auth_data_length = 0;
 	ut_params->auth_xform.auth.key.length = tdata->key.len;
 	ut_params->auth_xform.auth.key.data = auth_key;
 	ut_params->auth_xform.auth.iv.offset = IV_OFFSET;
@@ -6683,7 +6681,6 @@ create_auth_session(struct crypto_unittest_params *ut_params,
 	ut_params->auth_xform.auth.key.length = reference->auth_key.len;
 	ut_params->auth_xform.auth.key.data = auth_key;
 	ut_params->auth_xform.auth.digest_length = reference->digest.len;
-	ut_params->auth_xform.auth.add_auth_data_length = reference->aad.len;
 
 	/* Create Crypto session*/
 	ut_params->sess = rte_cryptodev_sym_session_create(dev_id,
@@ -6721,7 +6718,6 @@ create_auth_cipher_session(struct crypto_unittest_params *ut_params,
 		ut_params->auth_xform.auth.iv.length = reference->iv.len;
 	} else {
 		ut_params->auth_xform.next = &ut_params->cipher_xform;
-		ut_params->auth_xform.auth.add_auth_data_length = reference->aad.len;
 
 		/* Setup Cipher Parameters */
 		ut_params->cipher_xform.type = RTE_CRYPTO_SYM_XFORM_CIPHER;
diff --git a/test/test/test_cryptodev_perf.c b/test/test/test_cryptodev_perf.c
index 5b2468d..7ae1ae9 100644
--- a/test/test/test_cryptodev_perf.c
+++ b/test/test/test_cryptodev_perf.c
@@ -2936,7 +2936,6 @@ test_perf_set_crypto_op_aes(struct rte_crypto_op *op, struct rte_mbuf *m,
 	if (chain == CIPHER_ONLY) {
 		op->sym->auth.digest.data = NULL;
 		op->sym->auth.digest.phys_addr = 0;
-		op->sym->auth.aad.data = NULL;
 		op->sym->auth.data.offset = 0;
 		op->sym->auth.data.length = 0;
 	} else {
-- 
2.9.4

^ permalink raw reply	[flat|nested] 100+ messages in thread

* Re: [dpdk-dev] [PATCH v2 00/27] Crypto operation restructuring
  2017-06-26 10:22 ` [dpdk-dev] [PATCH v2 00/27] Crypto operation restructuring Pablo de Lara
                     ` (27 preceding siblings ...)
  2017-06-29 11:34   ` [dpdk-dev] [PATCH v3 00/26] Crypto operation restructuring Pablo de Lara
@ 2017-06-29 16:39   ` Akhil Goyal
  28 siblings, 0 replies; 100+ messages in thread
From: Akhil Goyal @ 2017-06-29 16:39 UTC (permalink / raw)
  To: Pablo de Lara, declan.doherty, zbigniew.bodek, jerin.jacob,
	hemant.agrawal
  Cc: dev

On 6/26/2017 3:52 PM, Pablo de Lara wrote:
> This patchset attempts to correct and improve the current crypto operation
> (rte_crypto_op) and symmetric crypto operation (rte_crypto_sym_op) structures,
> shrinking their sizes to fit both structures into two 64-byte cache lines
> (with extra space for the IV and other user data) as one of the goals.
>
> It also introduces new AEAD algorithm specific parameters, to simplify
> its setup with a single transform, instead of a concatenation of a cipher
> and an authentication transform.
>
> The following changes are made:
>
> In rte_crypto_op:
>
> - Moved session type (with session/sessionless) from symmetric op to crypto op,
>   as this could be used for other types
>
> - Combined operation type, operation status and session type into a 64-bit flag (each one taking 1 byte),
>   instead of having enums taking 4 bytes each
>
> - Removed opaque data from crypto operation, as private data can be allocated
>   just after the symmetric (or other type) crypto operation
>
> - Modified symmetric operation pointer to zero-array, as the symmetric op should be always after the crypto operation
>
> - Removed unnecessary cache alignment
>
> In rte_crypto_sym_xform:
>
> - Added IV length and offset in sym_xform, so these will be fixed for all the operations in a session
>
> - Added a new AEAD transform
>
> - Added IV for authentication and AEAD transforms
>
> - Removed AAD length from authentication transform, as it is only used for AEAD algorithms
>
> In rte_crypto_sym_op:
>
> - Removed IV parameters, which will be only in the session.
>
> - Added AEAD specific parameters.
>
> - Create union with the new AEAD parameters and the cipher/authentication parameters,
>   as the three cannot be used at the same time
>
> - Removed digest length from sym crypto op, so this length will be fixed for all the operations in a session
>
> - Removed AAD length from sym crypto op, so this length will be fixed for all operations in a session
>
> - Removed AAD from authentication structure, as it is only used for AEAD algorithms
>
> - Added zero-array at the end of sym crypto op to be used to get extra allocated memory (IV + other user data)
>
>
> In terms of algorithm usage:
>
> - AEAD algorithms (like AES-GCM) are set up only using the AEAD structure
>
> - AES GMAC will be an authentication only algorithm, using the source buffer directly, instead of AAD field
>
> - Wireless algorithms (like SNOW3G) do not use AAD field for authentication IV anymore, as this is available now.
>
>
> Finally, a comparison between the previous operation and the new operation:
>
> Previous rte_crypto_op (40 bytes) and rte_crypto_sym_op (114 bytes) structures:
>
> struct rte_crypto_op {
>     enum rte_crypto_op_type type;
>     enum rte_crypto_op_status status;
>     struct rte_mempool *mempool;
>     phys_addr_t phys_addr;
>     void *opaque_data;
>     union {
>        struct rte_crypto_sym_op *sym;
>     };
> } __rte_cache_aligned;
>
> struct rte_crypto_sym_op {
>     struct rte_mbuf *m_src;
>     struct rte_mbuf *m_dst;
>
>     enum rte_crypto_sym_op_sess_type sess_type;
>
>     RTE_STD_C11
>     union {
>        struct rte_cryptodev_sym_session *session;
>        struct rte_crypto_sym_xform *xform;
>     };
>
>     struct {
>         struct {
>             uint32_t offset;
>             uint32_t length;
>         } data;
>
>         struct {
>             uint8_t *data;
>             phys_addr_t phys_addr;
>             uint16_t length;
>         } iv;
>     } cipher;
>
>     struct {
>         struct {
>             uint32_t offset;
>             uint32_t length;
>         } data;
>         struct {
>             uint8_t *data;
>             phys_addr_t phys_addr;
>             uint16_t length;
>         } digest; /**< Digest parameters */
>
>         struct {
>             uint8_t *data;
>             phys_addr_t phys_addr;
>             uint16_t length;
>         } aad;
>
>     } auth;
> } __rte_cache_aligned;
>
>
> New rte_crypto_op (24 bytes) and rte_crypto_sym_op (72 bytes) structures:
>
> struct rte_crypto_op {
>     uint64_t type: 8;
>     uint64_t status: 8;
>     uint64_t sess_type: 8;
>
>     struct rte_mempool *mempool;
>
>     phys_addr_t phys_addr;
>
>     RTE_STD_C11
>     union {
>        struct rte_crypto_sym_op sym[0];
>     };
> } __rte_cache_aligned;
>
>
> struct rte_crypto_sym_op {
>     struct rte_mbuf *m_src;
>     struct rte_mbuf *m_dst;
>
>     union {
>         struct rte_cryptodev_sym_session *session;
>         /**< Handle for the initialised session context */
>         struct rte_crypto_sym_xform *xform;
>         /**< Session-less API Crypto operation parameters */
>     };
>
>     union {
>         struct {
>             struct {
>                 uint32_t offset;
>                 uint32_t length;
>             } data; /**< Data offsets and length for AEAD */
>
>             struct {
>                 uint8_t *data;
>                 phys_addr_t phys_addr;
>             } digest; /**< Digest parameters */
>
>             struct {
>                 uint8_t *data;
>                 phys_addr_t phys_addr;
>             } aad;
>             /**< Additional authentication parameters */
>         } aead;
>
>         struct {
>             struct {
>                 struct {
>                     uint32_t offset;
>                     uint32_t length;
>                 } data; /**< Data offsets and length for ciphering */
>             } cipher;
>
>             struct {
>                 struct {
>                     uint32_t offset;
>                     uint32_t length;
>                 } data;
>                 /**< Data offsets and length for authentication */
>
>                 struct {
>                     uint8_t *data;
>                     phys_addr_t phys_addr;
>                 } digest; /**< Digest parameters */
>             } auth;
>         };
>     };
> };
>
> Changes in v2:
>
> - Added AEAD structures
>
> - Added authentication IV (used for AES-GMAC and wireless algorithms)
>
> - Modified all applications with the changes
>
> - Modified all drivers with the changes
>
> - Moved AAD length to the crypto session
>
> - Rebased against latest dpdk-next-crypto
>
> - Added documentation changes
>
> Pablo de Lara (27):
>   cryptodev: move session type to generic crypto op
>   cryptodev: replace enums with 1-byte variables
>   cryptodev: remove opaque data pointer in crypto op
>   cryptodev: do not store pointer to op specific params
>   cryptodev: remove useless alignment
>   cryptodev: add crypto op helper macros
>   crypto/qat: fix KASUMI authentication
>   test/crypto: move IV to crypto op private data
>   test/crypto-perf: move IV to crypto op private data
>   app/crypto-perf: move IV to crypto op private data
>   examples/l2fwd-crypto: move IV to crypto op private data
>   examples/ipsec-secgw: move IV to crypto op private data
>   cryptodev: pass IV as offset
>   cryptodev: move IV parameters to crypto session
>   cryptodev: add auth IV
>   cryptodev: do not use AAD in wireless algorithms
>   cryptodev: remove AAD length from crypto op
>   cryptodev: remove digest length from crypto op
>   cryptodev: set AES-GMAC as auth-only algo
>   cryptodev: add AEAD specific data
>   cryptodev: add AEAD parameters in crypto operation
>   examples/l2fwd-crypto: avoid too many tabs
>   app/test-crypto-perf: add AEAD parameters
>   examples/ipsec-secgw: add AEAD parameters
>   examples/l2fwd-crypto: add AEAD parameters
>   cryptodev: use AES-GCM/CCM as AEAD algorithms
>   cryptodev: remove AAD from authentication structure
>
>  app/test-crypto-perf/cperf_ops.c                   |  215 ++--
>  app/test-crypto-perf/cperf_ops.h                   |    6 +-
>  app/test-crypto-perf/cperf_options.h               |   24 +-
>  app/test-crypto-perf/cperf_options_parsing.c       |  148 ++-
>  app/test-crypto-perf/cperf_test_latency.c          |   59 +-
>  app/test-crypto-perf/cperf_test_throughput.c       |   24 +-
>  app/test-crypto-perf/cperf_test_vector_parsing.c   |   67 +-
>  app/test-crypto-perf/cperf_test_vectors.c          |  140 ++-
>  app/test-crypto-perf/cperf_test_vectors.h          |   20 +-
>  app/test-crypto-perf/cperf_test_verify.c           |   25 +-
>  app/test-crypto-perf/data/aes_cbc_128_sha.data     |    2 +-
>  app/test-crypto-perf/data/aes_cbc_192_sha.data     |    2 +-
>  app/test-crypto-perf/data/aes_cbc_256_sha.data     |    2 +-
>  app/test-crypto-perf/main.c                        |   61 +-
>  doc/guides/prog_guide/cryptodev_lib.rst            |  107 +-
>  doc/guides/prog_guide/img/crypto_xform_chain.svg   |    8 +-
>  doc/guides/rel_notes/release_17_08.rst             |   36 +
>  doc/guides/sample_app_ug/ipsec_secgw.rst           |   43 +-
>  doc/guides/sample_app_ug/l2_forward_crypto.rst     |   41 +-
>  doc/guides/tools/cryptoperf.rst                    |   50 +-
>  drivers/crypto/aesni_gcm/aesni_gcm_pmd.c           |  260 +++--
>  drivers/crypto/aesni_gcm/aesni_gcm_pmd_ops.c       |   32 +-
>  drivers/crypto/aesni_gcm/aesni_gcm_pmd_private.h   |   13 +-
>  drivers/crypto/aesni_mb/rte_aesni_mb_pmd.c         |   16 +-
>  drivers/crypto/aesni_mb/rte_aesni_mb_pmd_ops.c     |   21 +-
>  drivers/crypto/aesni_mb/rte_aesni_mb_pmd_private.h |    5 +
>  drivers/crypto/armv8/rte_armv8_pmd.c               |   26 +-
>  drivers/crypto/armv8/rte_armv8_pmd_ops.c           |    6 +-
>  drivers/crypto/armv8/rte_armv8_pmd_private.h       |    9 +-
>  drivers/crypto/dpaa2_sec/dpaa2_sec_dpseci.c        |   87 +-
>  drivers/crypto/dpaa2_sec/dpaa2_sec_priv.h          |   25 +-
>  drivers/crypto/kasumi/rte_kasumi_pmd.c             |   88 +-
>  drivers/crypto/kasumi/rte_kasumi_pmd_ops.c         |    5 +-
>  drivers/crypto/kasumi/rte_kasumi_pmd_private.h     |    2 +
>  drivers/crypto/null/null_crypto_pmd.c              |   15 +-
>  drivers/crypto/null/null_crypto_pmd_ops.c          |    9 +-
>  drivers/crypto/openssl/rte_openssl_pmd.c           |  209 +++-
>  drivers/crypto/openssl/rte_openssl_pmd_ops.c       |  103 +-
>  drivers/crypto/openssl/rte_openssl_pmd_private.h   |   14 +
>  drivers/crypto/qat/qat_adf/qat_algs.h              |    9 +
>  drivers/crypto/qat/qat_adf/qat_algs_build_desc.c   |    7 +-
>  drivers/crypto/qat/qat_crypto.c                    |  372 +++++--
>  drivers/crypto/qat/qat_crypto.h                    |    4 +
>  drivers/crypto/qat/qat_crypto_capabilities.h       |   82 +-
>  drivers/crypto/snow3g/rte_snow3g_pmd.c             |   79 +-
>  drivers/crypto/snow3g/rte_snow3g_pmd_ops.c         |    5 +-
>  drivers/crypto/snow3g/rte_snow3g_pmd_private.h     |    2 +
>  drivers/crypto/zuc/rte_zuc_pmd.c                   |   63 +-
>  drivers/crypto/zuc/rte_zuc_pmd_ops.c               |    7 +-
>  drivers/crypto/zuc/rte_zuc_pmd_private.h           |    2 +
>  examples/ipsec-secgw/esp.c                         |  243 ++--
>  examples/ipsec-secgw/ipsec.c                       |    1 -
>  examples/ipsec-secgw/ipsec.h                       |    6 +-
>  examples/ipsec-secgw/sa.c                          |  285 +++--
>  examples/l2fwd-crypto/main.c                       |  721 +++++++++---
>  lib/librte_cryptodev/rte_crypto.h                  |   37 +-
>  lib/librte_cryptodev/rte_crypto_sym.h              |  618 +++++-----
>  lib/librte_cryptodev/rte_cryptodev.c               |   71 +-
>  lib/librte_cryptodev/rte_cryptodev.h               |   90 +-
>  lib/librte_cryptodev/rte_cryptodev_version.map     |   10 +
>  test/test/test_cryptodev.c                         | 1176 ++++++++------------
>  test/test/test_cryptodev.h                         |    6 +
>  test/test/test_cryptodev_blockcipher.c             |   35 +-
>  test/test/test_cryptodev_gcm_test_vectors.h        |   29 +-
>  .../test/test_cryptodev_kasumi_hash_test_vectors.h |   16 +-
>  test/test/test_cryptodev_kasumi_test_vectors.h     |   20 +-
>  test/test/test_cryptodev_perf.c                    |  673 +++++------
>  .../test/test_cryptodev_snow3g_hash_test_vectors.h |   14 +-
>  test/test/test_cryptodev_snow3g_test_vectors.h     |   24 +-
>  test/test/test_cryptodev_zuc_test_vectors.h        |   38 +-
>  70 files changed, 4042 insertions(+), 2728 deletions(-)
>

Acked-by: Akhil Goyal <akhil.goyal@nxp.com>

^ permalink raw reply	[flat|nested] 100+ messages in thread

* Re: [dpdk-dev] [PATCH v3 00/26] Crypto operation restructuring
  2017-06-29 11:34   ` [dpdk-dev] [PATCH v3 00/26] Crypto operation restructuring Pablo de Lara
                       ` (25 preceding siblings ...)
  2017-06-29 11:35     ` [dpdk-dev] [PATCH v3 26/26] cryptodev: remove AAD from authentication structure Pablo de Lara
@ 2017-06-30 13:23     ` Trahe, Fiona
  2017-07-02  5:41     ` [dpdk-dev] [PATCH v4 " Pablo de Lara
  27 siblings, 0 replies; 100+ messages in thread
From: Trahe, Fiona @ 2017-06-30 13:23 UTC (permalink / raw)
  To: De Lara Guarch, Pablo, Doherty, Declan, zbigniew.bodek,
	jerin.jacob, akhil.goyal, hemant.agrawal, Griffin, John, Jain,
	Deepak K
  Cc: dev



> -----Original Message-----
> From: De Lara Guarch, Pablo
> Sent: Thursday, June 29, 2017 12:35 PM
> To: Doherty, Declan <declan.doherty@intel.com>; zbigniew.bodek@caviumnetworks.com;
> jerin.jacob@caviumnetworks.com; akhil.goyal@nxp.com; hemant.agrawal@nxp.com; Trahe, Fiona
> <fiona.trahe@intel.com>; Griffin, John <john.griffin@intel.com>; Jain, Deepak K
> <deepak.k.jain@intel.com>
> Cc: dev@dpdk.org; De Lara Guarch, Pablo <pablo.de.lara.guarch@intel.com>
> Subject: [PATCH v3 00/26] Crypto operation restructuring
> 
> This patchset attempts to correct and improve the current crypto operation
> (rte_crypto_op) and symmetric crypto operation (rte_crypto_sym_op) structures,
> shrinking their sizes to fit both structures into two 64-byte cache lines
> (with extra space for the IV and other user data) as one of the goals.
> 
> It also introduces new AEAD algorithm specific parameters,
> to simplify its setup with a single transform, instead of a concatenation
> of a cipher and an authentication transform.
> 
> The following changes are made:
> 
> In rte_crypto_op:
> 
> - Moved session type (with session/sessionless) from symmetric op to crypto op,
>   as this could be used for other types
> 
> - Combined operation type, operation status and session type into a 64-bit flag (each one taking 1 byte),
>   instead of having enums taking 4 bytes each
> 
> - Removed opaque data from crypto operation, as private data can be allocated
>   just after the symmetric (or other type) crypto operation
> 
> - Modified symmetric operation pointer to zero-array, as the symmetric op should be always after the
> crypto operation
> 
> - Removed unnecessary cache alignment
> 
> In rte_crypto_sym_xform:
> 
> - Added IV length and offset in sym_xform, so these will be fixed for all the operations in a session
> 
> - Added a new AEAD transform
> 
> - Added IV for authentication and AEAD transforms
> 
> - Removed AAD length from authentication transform, as it is only used for AEAD algorithms
> 
> In rte_crypto_sym_op:
> 
> - Removed IV parameters, which will be only in the session.
> 
> - Added AEAD specific parameters.
> 
> - Create union with the new AEAD parameters and the cipher/authentication parameters,
>   as the three cannot be used at the same time
> 
> - Removed digest length from sym crypto op, so this length will be fixed for all the operations in a
> session
> 
> - Removed AAD length from sym crypto op, so this length will be fixed for all operations in a session
> 
> - Removed AAD from authentication structure, as it is only used for AEAD algorithms
> 
> - Added zero-array at the end of sym crypto op to be used to get extra allocated memory (IV + other
> user data)
> 
> 
> In terms of algorithm usage:
> 
> - AEAD algorithms (like AES-GCM) are set up only using the AEAD structure
> 
> - AES GMAC will be an authentication only algorithm, using the source buffer directly, instead of AAD
> field
> 
> - Wireless algorithms (like SNOW3G) do not use AAD field for authentication IV anymore, as this is
> available now.
> 
> 
> Finally, a comparison between the previous operation and the new operation:
> 
> Previous rte_crypto_op (40 bytes) and rte_crypto_sym_op (114 bytes) structures:
> 
> struct rte_crypto_op {
>     enum rte_crypto_op_type type;
>     enum rte_crypto_op_status status;
>     struct rte_mempool *mempool;
>     phys_addr_t phys_addr;
>     void *opaque_data;
>     union {
>        struct rte_crypto_sym_op *sym;
>     };
> } __rte_cache_aligned;
> 
> struct rte_crypto_sym_op {
>     struct rte_mbuf *m_src;
>     struct rte_mbuf *m_dst;
> 
>     enum rte_crypto_sym_op_sess_type sess_type;
> 
>     RTE_STD_C11
>     union {
>        struct rte_cryptodev_sym_session *session;
>        struct rte_crypto_sym_xform *xform;
>     };
> 
>     struct {
>         struct {
>             uint32_t offset;
>             uint32_t length;
>         } data;
> 
>         struct {
>             uint8_t *data;
>             phys_addr_t phys_addr;
>             uint16_t length;
>         } iv;
>     } cipher;
> 
>     struct {
>         struct {
>             uint32_t offset;
>             uint32_t length;
>         } data;
>         struct {
>             uint8_t *data;
>             phys_addr_t phys_addr;
>             uint16_t length;
>         } digest; /**< Digest parameters */
> 
>         struct {
>             uint8_t *data;
>             phys_addr_t phys_addr;
>             uint16_t length;
>         } aad;
> 
>     } auth;
> } __rte_cache_aligned;
> 
> 
> New rte_crypto_op (24 bytes) and rte_crypto_sym_op (72 bytes) structures:
> 
> struct rte_crypto_op {
>     uint64_t type: 8;
>     uint64_t status: 8;
>     uint64_t sess_type: 8;
> 
>     struct rte_mempool *mempool;
> 
>     phys_addr_t phys_addr;
> 
>     RTE_STD_C11
>     union {
>        struct rte_crypto_sym_op sym[0];
>     };
> } __rte_cache_aligned;
> 
> 
> struct rte_crypto_sym_op {
>     struct rte_mbuf *m_src;
>     struct rte_mbuf *m_dst;
> 
>     union {
>         struct rte_cryptodev_sym_session *session;
>         /**< Handle for the initialised session context */
>         struct rte_crypto_sym_xform *xform;
>         /**< Session-less API Crypto operation parameters */
>     };
> 
>     union {
>         struct {
>             struct {
>                 uint32_t offset;
>                 uint32_t length;
>             } data; /**< Data offsets and length for AEAD */
> 
>             struct {
>                 uint8_t *data;
>                 phys_addr_t phys_addr;
>             } digest; /**< Digest parameters */
> 
>             struct {
>                 uint8_t *data;
>                 phys_addr_t phys_addr;
>             } aad;
>             /**< Additional authentication parameters */
>         } aead;
> 
>         struct {
>             struct {
>                 struct {
>                     uint32_t offset;
>                     uint32_t length;
>                 } data; /**< Data offsets and length for ciphering */
>             } cipher;
> 
>             struct {
>                 struct {
>                     uint32_t offset;
>                     uint32_t length;
>                 } data;
>                 /**< Data offsets and length for authentication */
> 
>                 struct {
>                     uint8_t *data;
>                     phys_addr_t phys_addr;
>                 } digest; /**< Digest parameters */
>             } auth;
>         };
>     };
> };
> 
> Changes in v3:
> 
> - Removed unnecessary branch in test code
> 
> - Removed unnecessary memcpy in perf application
> 
> - Removed fix for QAT, which will be sent separated
> 
> - Rebased against dpdk-next-crypto subtree
> 
> Changes in v2:
> 
> - Added AEAD structures
> 
> - Added authentication IV (used for AES-GMAC and wireless algorithms)
> 
> - Modified all applications with the changes
> 
> - Modified all drivers with the changes
> 
> - Moved AAD length to the crypto session
> 
> - Rebased against latest dpdk-next-crypto
> 
> - Added documentation changes
> 
> Pablo de Lara (26):
>   cryptodev: move session type to generic crypto op
>   cryptodev: replace enums with 1-byte variables
>   cryptodev: remove opaque data pointer in crypto op
>   cryptodev: do not store pointer to op specific params
>   cryptodev: remove useless alignment
>   cryptodev: add crypto op helper macros
>   test/crypto: move IV to crypto op private data
>   test/crypto-perf: move IV to crypto op private data
>   app/crypto-perf: move IV to crypto op private data
>   examples/l2fwd-crypto: move IV to crypto op private data
>   examples/ipsec-secgw: move IV to crypto op private data
>   cryptodev: pass IV as offset
>   cryptodev: move IV parameters to crypto session
>   cryptodev: add auth IV
>   cryptodev: do not use AAD in wireless algorithms
>   cryptodev: remove AAD length from crypto op
>   cryptodev: remove digest length from crypto op
>   cryptodev: set AES-GMAC as auth-only algo
>   cryptodev: add AEAD specific data
>   cryptodev: add AEAD parameters in crypto operation
>   examples/l2fwd-crypto: avoid too many tabs
>   app/test-crypto-perf: add AEAD parameters
>   examples/ipsec-secgw: add AEAD parameters
>   examples/l2fwd-crypto: add AEAD parameters
>   cryptodev: use AES-GCM/CCM as AEAD algorithms
>   cryptodev: remove AAD from authentication structure
> 
>  app/test-crypto-perf/cperf_ops.c                   |  246 ++--
>  app/test-crypto-perf/cperf_ops.h                   |    6 +-
>  app/test-crypto-perf/cperf_options.h               |   24 +-
>  app/test-crypto-perf/cperf_options_parsing.c       |  148 ++-
>  app/test-crypto-perf/cperf_test_latency.c          |   59 +-
>  app/test-crypto-perf/cperf_test_throughput.c       |   24 +-
>  app/test-crypto-perf/cperf_test_vector_parsing.c   |   67 +-
>  app/test-crypto-perf/cperf_test_vectors.c          |  140 ++-
>  app/test-crypto-perf/cperf_test_vectors.h          |   20 +-
>  app/test-crypto-perf/cperf_test_verify.c           |   25 +-
>  app/test-crypto-perf/data/aes_cbc_128_sha.data     |    2 +-
>  app/test-crypto-perf/data/aes_cbc_192_sha.data     |    2 +-
>  app/test-crypto-perf/data/aes_cbc_256_sha.data     |    2 +-
>  app/test-crypto-perf/main.c                        |   61 +-
>  doc/guides/prog_guide/cryptodev_lib.rst            |  107 +-
>  doc/guides/prog_guide/img/crypto_xform_chain.svg   |    8 +-
>  doc/guides/rel_notes/release_17_08.rst             |   36 +
>  doc/guides/sample_app_ug/ipsec_secgw.rst           |   43 +-
>  doc/guides/sample_app_ug/l2_forward_crypto.rst     |   41 +-
>  doc/guides/tools/cryptoperf.rst                    |   50 +-
>  drivers/crypto/aesni_gcm/aesni_gcm_pmd.c           |  260 +++--
>  drivers/crypto/aesni_gcm/aesni_gcm_pmd_ops.c       |   32 +-
>  drivers/crypto/aesni_gcm/aesni_gcm_pmd_private.h   |   13 +-
>  drivers/crypto/aesni_mb/rte_aesni_mb_pmd.c         |   16 +-
>  drivers/crypto/aesni_mb/rte_aesni_mb_pmd_ops.c     |   21 +-
>  drivers/crypto/aesni_mb/rte_aesni_mb_pmd_private.h |    5 +
>  drivers/crypto/armv8/rte_armv8_pmd.c               |   26 +-
>  drivers/crypto/armv8/rte_armv8_pmd_ops.c           |    6 +-
>  drivers/crypto/armv8/rte_armv8_pmd_private.h       |    9 +-
>  drivers/crypto/dpaa2_sec/dpaa2_sec_dpseci.c        |   87 +-
>  drivers/crypto/dpaa2_sec/dpaa2_sec_priv.h          |   25 +-
>  drivers/crypto/kasumi/rte_kasumi_pmd.c             |   88 +-
>  drivers/crypto/kasumi/rte_kasumi_pmd_ops.c         |    5 +-
>  drivers/crypto/kasumi/rte_kasumi_pmd_private.h     |    2 +
>  drivers/crypto/null/null_crypto_pmd.c              |   15 +-
>  drivers/crypto/null/null_crypto_pmd_ops.c          |    9 +-
>  drivers/crypto/openssl/rte_openssl_pmd.c           |  209 +++-
>  drivers/crypto/openssl/rte_openssl_pmd_ops.c       |  103 +-
>  drivers/crypto/openssl/rte_openssl_pmd_private.h   |   14 +
>  drivers/crypto/qat/qat_adf/qat_algs.h              |    9 +
>  drivers/crypto/qat/qat_adf/qat_algs_build_desc.c   |    7 +-
>  drivers/crypto/qat/qat_crypto.c                    |  341 ++++--
>  drivers/crypto/qat/qat_crypto.h                    |    4 +
>  drivers/crypto/qat/qat_crypto_capabilities.h       |   82 +-
>  drivers/crypto/snow3g/rte_snow3g_pmd.c             |   79 +-
>  drivers/crypto/snow3g/rte_snow3g_pmd_ops.c         |    5 +-
>  drivers/crypto/snow3g/rte_snow3g_pmd_private.h     |    2 +
>  drivers/crypto/zuc/rte_zuc_pmd.c                   |   63 +-
>  drivers/crypto/zuc/rte_zuc_pmd_ops.c               |    7 +-
>  drivers/crypto/zuc/rte_zuc_pmd_private.h           |    2 +
>  examples/ipsec-secgw/esp.c                         |  243 ++--
>  examples/ipsec-secgw/ipsec.c                       |    1 -
>  examples/ipsec-secgw/ipsec.h                       |    6 +-
>  examples/ipsec-secgw/sa.c                          |  285 +++--
>  examples/l2fwd-crypto/main.c                       |  721 +++++++++---
>  lib/librte_cryptodev/rte_crypto.h                  |   37 +-
>  lib/librte_cryptodev/rte_crypto_sym.h              |  618 +++++-----
>  lib/librte_cryptodev/rte_cryptodev.c               |   71 +-
>  lib/librte_cryptodev/rte_cryptodev.h               |   90 +-
>  lib/librte_cryptodev/rte_cryptodev_version.map     |    4 +
>  test/test/test_cryptodev.c                         | 1176 ++++++++------------
>  test/test/test_cryptodev.h                         |    6 +
>  test/test/test_cryptodev_blockcipher.c             |   41 +-
>  test/test/test_cryptodev_gcm_test_vectors.h        |   29 +-
>  .../test/test_cryptodev_kasumi_hash_test_vectors.h |   16 +-
>  test/test/test_cryptodev_kasumi_test_vectors.h     |   20 +-
>  test/test/test_cryptodev_perf.c                    |  673 +++++------
>  .../test/test_cryptodev_snow3g_hash_test_vectors.h |   14 +-
>  test/test/test_cryptodev_snow3g_test_vectors.h     |   24 +-
>  test/test/test_cryptodev_zuc_test_vectors.h        |   38 +-
>  70 files changed, 4044 insertions(+), 2726 deletions(-)
> 
> --
> 2.9.4

Acked-by: Fiona Trahe <fiona.trahe@intel.com>

^ permalink raw reply	[flat|nested] 100+ messages in thread

* [dpdk-dev] [PATCH v4 00/26] Crypto operation restructuring
  2017-06-29 11:34   ` [dpdk-dev] [PATCH v3 00/26] Crypto operation restructuring Pablo de Lara
                       ` (26 preceding siblings ...)
  2017-06-30 13:23     ` [dpdk-dev] [PATCH v3 00/26] Crypto operation restructuring Trahe, Fiona
@ 2017-07-02  5:41     ` Pablo de Lara
  2017-07-02  5:41       ` [dpdk-dev] [PATCH v4 01/26] cryptodev: move session type to generic crypto op Pablo de Lara
                         ` (26 more replies)
  27 siblings, 27 replies; 100+ messages in thread
From: Pablo de Lara @ 2017-07-02  5:41 UTC (permalink / raw)
  To: declan.doherty, zbigniew.bodek, jerin.jacob, akhil.goyal,
	hemant.agrawal, fiona.trahe, john.griffin, deepak.k.jain
  Cc: dev, Pablo de Lara

This patchset attempts to correct and improve the current crypto operation
(rte_crypto_op) and symmetric crypto operation (rte_crypto_sym_op) structures,
shrinking their sizes to fit both structures into two 64-byte cache lines
(with extra space for the IV and other user data) as one of the goals.

It also introduces new AEAD algorithm specific parameters, to simplify its setup
with a single transform, instead of a concatenation of a cipher and an authentication transform.

The following changes are made:

In rte_crypto_op:

- Moved session type (with session/sessionless) from symmetric op to crypto op,
  as this could be used for other types

- Combined operation type, operation status and session type into a 64-bit flag
  (each one taking 1 byte), instead of having enums taking 4 bytes each

- Removed opaque data from crypto operation, as private data can be allocated
  just after the symmetric (or other type) crypto operation

- Modified symmetric operation pointer to zero-array, as the symmetric op
  should be always after the crypto operation

- Removed unnecessary cache alignment

In rte_crypto_sym_xform:

- Added IV length and offset in sym_xform, so these will be fixed for all the operations in a session

- Added a new AEAD transform

- Added IV for authentication and AEAD transforms

- Removed AAD length from authentication transform, as it is only used for AEAD algorithms

In rte_crypto_sym_op:

- Removed IV parameters, which will be only in the session.

- Added AEAD specific parameters.

- Create union with the new AEAD parameters and the cipher/authentication parameters,
  as the three cannot be used at the same time

- Removed digest length from sym crypto op, so this length will be fixed for all the operations in a session

- Removed AAD length from sym crypto op, so this length will be fixed for all operations in a session

- Removed AAD from authentication structure, as it is only used for AEAD algorithms

- Added zero-array at the end of sym crypto op to be used to get extra allocated memory (IV + other user data)


In terms of algorithm usage:

- AEAD algorithms (like AES-GCM) are set up only using the AEAD structure

- AES GMAC will be an authentication only algorithm, using the source buffer directly, instead of AAD field

- Wireless algorithms (like SNOW3G) do not use AAD field for authentication IV anymore, as this is available now.


Finally, a comparison between the previous operation and the new operation:

Previous rte_crypto_op (40 bytes) and rte_crypto_sym_op (114 bytes) structures:

struct rte_crypto_op {
    enum rte_crypto_op_type type;
    enum rte_crypto_op_status status;
    struct rte_mempool *mempool;
    phys_addr_t phys_addr;
    void *opaque_data;
    union {
       struct rte_crypto_sym_op *sym;
    };
} __rte_cache_aligned;

struct rte_crypto_sym_op {
    struct rte_mbuf *m_src;
    struct rte_mbuf *m_dst;

    enum rte_crypto_sym_op_sess_type sess_type;

    RTE_STD_C11
    union {
       struct rte_cryptodev_sym_session *session;
       struct rte_crypto_sym_xform *xform;
    };

    struct {
        struct {
            uint32_t offset;
            uint32_t length;
        } data;

        struct {
            uint8_t *data;
            phys_addr_t phys_addr;
            uint16_t length;
        } iv;
    } cipher;

    struct {
        struct {
            uint32_t offset;
            uint32_t length;
        } data;
        struct {
            uint8_t *data;
            phys_addr_t phys_addr;
            uint16_t length;
        } digest; /**< Digest parameters */

        struct {
            uint8_t *data;
            phys_addr_t phys_addr;
            uint16_t length;
        } aad;

    } auth;
} __rte_cache_aligned;


New rte_crypto_op (24 bytes) and rte_crypto_sym_op (72 bytes) structures:

struct rte_crypto_op {
    uint64_t type: 8;
    uint64_t status: 8;
    uint64_t sess_type: 8;

    struct rte_mempool *mempool;

    phys_addr_t phys_addr;

    RTE_STD_C11
    union {
       struct rte_crypto_sym_op sym[0];
    };
} __rte_cache_aligned;


struct rte_crypto_sym_op {
    struct rte_mbuf *m_src;
    struct rte_mbuf *m_dst;

    union {
        struct rte_cryptodev_sym_session *session;
        /**< Handle for the initialised session context */
        struct rte_crypto_sym_xform *xform;
        /**< Session-less API Crypto operation parameters */
    };

    union {
        struct {
            struct {
                uint32_t offset;
                uint32_t length;
            } data; /**< Data offsets and length for AEAD */

            struct {
                uint8_t *data;
                phys_addr_t phys_addr;
            } digest; /**< Digest parameters */

            struct {
                uint8_t *data;
                phys_addr_t phys_addr;
            } aad;
            /**< Additional authentication parameters */
        } aead;

        struct {
            struct {
                struct {
                    uint32_t offset;
                    uint32_t length;
                } data; /**< Data offsets and length for ciphering */
            } cipher;

            struct {
                struct {
                    uint32_t offset;
                    uint32_t length;
                } data;
                /**< Data offsets and length for authentication */

                struct {
                    uint8_t *data;
                    phys_addr_t phys_addr;
                } digest; /**< Digest parameters */
            } auth;
        };
    };
};

Changes in v4:

- Fixed clang issue

- Rebased against dpdk-next-crypto

Changes in v3:

- Removed unnecessary branch in test code

- Removed unnecessary memcpy in perf application

- Removed fix for QAT, which will be sent separated

- Rebased against dpdk-next-crypto subtree

Changes in v2:

- Added AEAD structures

- Added authentication IV (used for AES-GMAC and wireless algorithms)

- Modified all applications with the changes

- Modified all drivers with the changes

- Moved AAD length to the crypto session

- Rebased against latest dpdk-next-crypto

- Added documentation changes

Pablo de Lara (26):
  cryptodev: move session type to generic crypto op
  cryptodev: replace enums with 1-byte variables
  cryptodev: remove opaque data pointer in crypto op
  cryptodev: do not store pointer to op specific params
  cryptodev: remove useless alignment
  cryptodev: add crypto op helper macros
  test/crypto: move IV to crypto op private data
  test/crypto-perf: move IV to crypto op private data
  app/crypto-perf: move IV to crypto op private data
  examples/l2fwd-crypto: move IV to crypto op private data
  examples/ipsec-secgw: move IV to crypto op private data
  cryptodev: pass IV as offset
  cryptodev: move IV parameters to crypto session
  cryptodev: add auth IV
  cryptodev: do not use AAD in wireless algorithms
  cryptodev: remove AAD length from crypto op
  cryptodev: remove digest length from crypto op
  cryptodev: set AES-GMAC as auth-only algo
  cryptodev: add AEAD specific data
  cryptodev: add AEAD parameters in crypto operation
  examples/l2fwd-crypto: avoid too many tabs
  app/test-crypto-perf: add AEAD parameters
  examples/ipsec-secgw: add AEAD parameters
  examples/l2fwd-crypto: add AEAD parameters
  cryptodev: use AES-GCM/CCM as AEAD algorithms
  cryptodev: remove AAD from authentication structure

 app/test-crypto-perf/cperf_ops.c                   |  246 ++--
 app/test-crypto-perf/cperf_ops.h                   |    6 +-
 app/test-crypto-perf/cperf_options.h               |   24 +-
 app/test-crypto-perf/cperf_options_parsing.c       |  148 ++-
 app/test-crypto-perf/cperf_test_latency.c          |   70 +-
 app/test-crypto-perf/cperf_test_throughput.c       |   26 +-
 app/test-crypto-perf/cperf_test_vector_parsing.c   |   67 +-
 app/test-crypto-perf/cperf_test_vectors.c          |  140 ++-
 app/test-crypto-perf/cperf_test_vectors.h          |   20 +-
 app/test-crypto-perf/cperf_test_verify.c           |   27 +-
 app/test-crypto-perf/data/aes_cbc_128_sha.data     |    2 +-
 app/test-crypto-perf/data/aes_cbc_192_sha.data     |    2 +-
 app/test-crypto-perf/data/aes_cbc_256_sha.data     |    2 +-
 app/test-crypto-perf/main.c                        |   61 +-
 doc/guides/prog_guide/cryptodev_lib.rst            |  107 +-
 doc/guides/prog_guide/img/crypto_xform_chain.svg   |    8 +-
 doc/guides/rel_notes/release_17_08.rst             |   36 +
 doc/guides/sample_app_ug/ipsec_secgw.rst           |   43 +-
 doc/guides/sample_app_ug/l2_forward_crypto.rst     |   41 +-
 doc/guides/tools/cryptoperf.rst                    |   50 +-
 drivers/crypto/aesni_gcm/aesni_gcm_pmd.c           |  260 +++--
 drivers/crypto/aesni_gcm/aesni_gcm_pmd_ops.c       |   32 +-
 drivers/crypto/aesni_gcm/aesni_gcm_pmd_private.h   |   13 +-
 drivers/crypto/aesni_mb/rte_aesni_mb_pmd.c         |   16 +-
 drivers/crypto/aesni_mb/rte_aesni_mb_pmd_ops.c     |   21 +-
 drivers/crypto/aesni_mb/rte_aesni_mb_pmd_private.h |    5 +
 drivers/crypto/armv8/rte_armv8_pmd.c               |   26 +-
 drivers/crypto/armv8/rte_armv8_pmd_ops.c           |    6 +-
 drivers/crypto/armv8/rte_armv8_pmd_private.h       |    9 +-
 drivers/crypto/dpaa2_sec/dpaa2_sec_dpseci.c        |   87 +-
 drivers/crypto/dpaa2_sec/dpaa2_sec_priv.h          |   25 +-
 drivers/crypto/kasumi/rte_kasumi_pmd.c             |   88 +-
 drivers/crypto/kasumi/rte_kasumi_pmd_ops.c         |    5 +-
 drivers/crypto/kasumi/rte_kasumi_pmd_private.h     |    2 +
 drivers/crypto/null/null_crypto_pmd.c              |   15 +-
 drivers/crypto/null/null_crypto_pmd_ops.c          |    9 +-
 drivers/crypto/openssl/rte_openssl_pmd.c           |  209 +++-
 drivers/crypto/openssl/rte_openssl_pmd_ops.c       |  103 +-
 drivers/crypto/openssl/rte_openssl_pmd_private.h   |   14 +
 drivers/crypto/qat/qat_adf/qat_algs.h              |    9 +
 drivers/crypto/qat/qat_adf/qat_algs_build_desc.c   |    7 +-
 drivers/crypto/qat/qat_crypto.c                    |  341 ++++--
 drivers/crypto/qat/qat_crypto.h                    |    4 +
 drivers/crypto/qat/qat_crypto_capabilities.h       |   82 +-
 drivers/crypto/snow3g/rte_snow3g_pmd.c             |   79 +-
 drivers/crypto/snow3g/rte_snow3g_pmd_ops.c         |    5 +-
 drivers/crypto/snow3g/rte_snow3g_pmd_private.h     |    2 +
 drivers/crypto/zuc/rte_zuc_pmd.c                   |   63 +-
 drivers/crypto/zuc/rte_zuc_pmd_ops.c               |    7 +-
 drivers/crypto/zuc/rte_zuc_pmd_private.h           |    2 +
 examples/ipsec-secgw/esp.c                         |  243 ++--
 examples/ipsec-secgw/ipsec.c                       |    1 -
 examples/ipsec-secgw/ipsec.h                       |    6 +-
 examples/ipsec-secgw/sa.c                          |  285 +++--
 examples/l2fwd-crypto/main.c                       |  721 +++++++++---
 lib/librte_cryptodev/rte_crypto.h                  |   37 +-
 lib/librte_cryptodev/rte_crypto_sym.h              |  618 +++++-----
 lib/librte_cryptodev/rte_cryptodev.c               |   71 +-
 lib/librte_cryptodev/rte_cryptodev.h               |   90 +-
 lib/librte_cryptodev/rte_cryptodev_version.map     |    4 +
 test/test/test_cryptodev.c                         | 1176 ++++++++------------
 test/test/test_cryptodev.h                         |    6 +
 test/test/test_cryptodev_blockcipher.c             |   41 +-
 test/test/test_cryptodev_gcm_test_vectors.h        |   29 +-
 .../test/test_cryptodev_kasumi_hash_test_vectors.h |   16 +-
 test/test/test_cryptodev_kasumi_test_vectors.h     |   20 +-
 test/test/test_cryptodev_perf.c                    |  673 +++++------
 .../test/test_cryptodev_snow3g_hash_test_vectors.h |   14 +-
 test/test/test_cryptodev_snow3g_test_vectors.h     |   24 +-
 test/test/test_cryptodev_zuc_test_vectors.h        |   38 +-
 70 files changed, 4052 insertions(+), 2733 deletions(-)

-- 
2.9.4

^ permalink raw reply	[flat|nested] 100+ messages in thread

* [dpdk-dev] [PATCH v4 01/26] cryptodev: move session type to generic crypto op
  2017-07-02  5:41     ` [dpdk-dev] [PATCH v4 " Pablo de Lara
@ 2017-07-02  5:41       ` Pablo de Lara
  2017-07-02  5:41       ` [dpdk-dev] [PATCH v4 02/26] cryptodev: replace enums with 1-byte variables Pablo de Lara
                         ` (25 subsequent siblings)
  26 siblings, 0 replies; 100+ messages in thread
From: Pablo de Lara @ 2017-07-02  5:41 UTC (permalink / raw)
  To: declan.doherty, zbigniew.bodek, jerin.jacob, akhil.goyal,
	hemant.agrawal, fiona.trahe, john.griffin, deepak.k.jain
  Cc: dev, Pablo de Lara

Session type (operation with or without session) is not
something specific to symmetric operations.
Therefore, the variable is moved to the generic crypto operation
structure.

Signed-off-by: Pablo de Lara <pablo.de.lara.guarch@intel.com>
Acked-by: Akhil Goyal <akhil.goyal@nxp.com>
Acked-by: Fiona Trahe <fiona.trahe@intel.com>
---
 doc/guides/prog_guide/cryptodev_lib.rst     | 21 ++++++++++-----------
 doc/guides/rel_notes/release_17_08.rst      |  8 ++++++++
 drivers/crypto/aesni_gcm/aesni_gcm_pmd.c    | 15 ++++++++-------
 drivers/crypto/aesni_mb/rte_aesni_mb_pmd.c  |  4 ++--
 drivers/crypto/armv8/rte_armv8_pmd.c        |  4 ++--
 drivers/crypto/dpaa2_sec/dpaa2_sec_dpseci.c |  2 +-
 drivers/crypto/kasumi/rte_kasumi_pmd.c      |  6 +++---
 drivers/crypto/null/null_crypto_pmd.c       | 15 ++++++++-------
 drivers/crypto/openssl/rte_openssl_pmd.c    |  4 ++--
 drivers/crypto/qat/qat_crypto.c             |  2 +-
 drivers/crypto/snow3g/rte_snow3g_pmd.c      |  6 +++---
 drivers/crypto/zuc/rte_zuc_pmd.c            |  4 ++--
 lib/librte_cryptodev/rte_crypto.h           | 15 +++++++++++++++
 lib/librte_cryptodev/rte_crypto_sym.h       | 16 ----------------
 test/test/test_cryptodev.c                  |  8 ++++----
 15 files changed, 69 insertions(+), 61 deletions(-)

diff --git a/doc/guides/prog_guide/cryptodev_lib.rst b/doc/guides/prog_guide/cryptodev_lib.rst
index 4f98f28..229cb7a 100644
--- a/doc/guides/prog_guide/cryptodev_lib.rst
+++ b/doc/guides/prog_guide/cryptodev_lib.rst
@@ -1,5 +1,5 @@
 ..  BSD LICENSE
-    Copyright(c) 2016 Intel Corporation. All rights reserved.
+    Copyright(c) 2016-2017 Intel Corporation. All rights reserved.
 
     Redistribution and use in source and binary forms, with or without
     modification, are permitted provided that the following conditions
@@ -359,11 +359,12 @@ Crypto operation to be processed on a particular Crypto device poll mode driver.
 
 .. figure:: img/crypto_op.*
 
-The operation structure includes the operation type and the operation status,
-a reference to the operation specific data, which can vary in size and content
-depending on the operation being provisioned. It also contains the source
-mempool for the operation, if it allocate from a mempool. Finally an
-opaque pointer for user specific data is provided.
+The operation structure includes the operation type, the operation status
+and the session type (session-based/less), a reference to the operation
+specific data, which can vary in size and content depending on the operation
+being provisioned. It also contains the source mempool for the operation,
+if it allocate from a mempool. Finally an opaque pointer for user specific
+data is provided.
 
 If Crypto operations are allocated from a Crypto operation mempool, see next
 section, there is also the ability to allocate private memory with the
@@ -512,9 +513,9 @@ buffer. It is used for either cipher, authentication, AEAD and chained
 operations.
 
 As a minimum the symmetric operation must have a source data buffer (``m_src``),
-the session type (session-based/less), a valid session (or transform chain if in
-session-less mode) and the minimum authentication/ cipher parameters required
-depending on the type of operation specified in the session or the transform
+a valid session (or transform chain if in session-less mode) and the minimum
+authentication/ cipher parameters required depending on the type of operation
+specified in the session or the transform
 chain.
 
 .. code-block:: c
@@ -523,8 +524,6 @@ chain.
         struct rte_mbuf *m_src;
         struct rte_mbuf *m_dst;
 
-        enum rte_crypto_sym_op_sess_type type;
-
         union {
             struct rte_cryptodev_sym_session *session;
             /**< Handle for the initialised session context */
diff --git a/doc/guides/rel_notes/release_17_08.rst b/doc/guides/rel_notes/release_17_08.rst
index 842f46f..2bc405d 100644
--- a/doc/guides/rel_notes/release_17_08.rst
+++ b/doc/guides/rel_notes/release_17_08.rst
@@ -144,6 +144,14 @@ API Changes
    Also, make sure to start the actual text at the margin.
    =========================================================
 
+* **Reworked rte_cryptodev library.**
+
+  The rte_cryptodev library has been reworked and updated. The following changes
+  have been made to it:
+
+  * Removed the field ``rte_crypto_sym_op_sess_type`` from ``rte_crypto_sym_op``,
+    and moved it to ``rte_crypto_op`` as ``rte_crypto_op_sess_type``.
+
 
 ABI Changes
 -----------
diff --git a/drivers/crypto/aesni_gcm/aesni_gcm_pmd.c b/drivers/crypto/aesni_gcm/aesni_gcm_pmd.c
index 1b95c23..a0154ff 100644
--- a/drivers/crypto/aesni_gcm/aesni_gcm_pmd.c
+++ b/drivers/crypto/aesni_gcm/aesni_gcm_pmd.c
@@ -139,16 +139,17 @@ aesni_gcm_set_session_parameters(struct aesni_gcm_session *sess,
 
 /** Get gcm session */
 static struct aesni_gcm_session *
-aesni_gcm_get_session(struct aesni_gcm_qp *qp, struct rte_crypto_sym_op *op)
+aesni_gcm_get_session(struct aesni_gcm_qp *qp, struct rte_crypto_op *op)
 {
 	struct aesni_gcm_session *sess = NULL;
+	struct rte_crypto_sym_op *sym_op = op->sym;
 
-	if (op->sess_type == RTE_CRYPTO_SYM_OP_WITH_SESSION) {
-		if (unlikely(op->session->dev_type
+	if (op->sess_type == RTE_CRYPTO_OP_WITH_SESSION) {
+		if (unlikely(sym_op->session->dev_type
 					!= RTE_CRYPTODEV_AESNI_GCM_PMD))
 			return sess;
 
-		sess = (struct aesni_gcm_session *)op->session->_private;
+		sess = (struct aesni_gcm_session *)sym_op->session->_private;
 	} else  {
 		void *_sess;
 
@@ -159,7 +160,7 @@ aesni_gcm_get_session(struct aesni_gcm_qp *qp, struct rte_crypto_sym_op *op)
 			((struct rte_cryptodev_sym_session *)_sess)->_private;
 
 		if (unlikely(aesni_gcm_set_session_parameters(sess,
-				op->xform) != 0)) {
+				sym_op->xform) != 0)) {
 			rte_mempool_put(qp->sess_mp, _sess);
 			sess = NULL;
 		}
@@ -372,7 +373,7 @@ handle_completed_gcm_crypto_op(struct aesni_gcm_qp *qp,
 	post_process_gcm_crypto_op(op);
 
 	/* Free session if a session-less crypto op */
-	if (op->sym->sess_type == RTE_CRYPTO_SYM_OP_SESSIONLESS) {
+	if (op->sess_type == RTE_CRYPTO_OP_SESSIONLESS) {
 		rte_mempool_put(qp->sess_mp, op->sym->session);
 		op->sym->session = NULL;
 	}
@@ -393,7 +394,7 @@ aesni_gcm_pmd_dequeue_burst(void *queue_pair,
 
 	for (i = 0; i < nb_dequeued; i++) {
 
-		sess = aesni_gcm_get_session(qp, ops[i]->sym);
+		sess = aesni_gcm_get_session(qp, ops[i]);
 		if (unlikely(sess == NULL)) {
 			ops[i]->status = RTE_CRYPTO_OP_STATUS_INVALID_ARGS;
 			qp->qp_stats.dequeue_err_count++;
diff --git a/drivers/crypto/aesni_mb/rte_aesni_mb_pmd.c b/drivers/crypto/aesni_mb/rte_aesni_mb_pmd.c
index f9a7d5b..ccdb3a7 100644
--- a/drivers/crypto/aesni_mb/rte_aesni_mb_pmd.c
+++ b/drivers/crypto/aesni_mb/rte_aesni_mb_pmd.c
@@ -345,7 +345,7 @@ get_session(struct aesni_mb_qp *qp, struct rte_crypto_op *op)
 {
 	struct aesni_mb_session *sess = NULL;
 
-	if (op->sym->sess_type == RTE_CRYPTO_SYM_OP_WITH_SESSION) {
+	if (op->sess_type == RTE_CRYPTO_OP_WITH_SESSION) {
 		if (unlikely(op->sym->session->dev_type !=
 				RTE_CRYPTODEV_AESNI_MB_PMD)) {
 			return NULL;
@@ -541,7 +541,7 @@ post_process_mb_job(struct aesni_mb_qp *qp, JOB_AES_HMAC *job)
 	}
 
 	/* Free session if a session-less crypto op */
-	if (op->sym->sess_type == RTE_CRYPTO_SYM_OP_SESSIONLESS) {
+	if (op->sess_type == RTE_CRYPTO_OP_SESSIONLESS) {
 		rte_mempool_put(qp->sess_mp, op->sym->session);
 		op->sym->session = NULL;
 	}
diff --git a/drivers/crypto/armv8/rte_armv8_pmd.c b/drivers/crypto/armv8/rte_armv8_pmd.c
index 83dae87..4a79b61 100644
--- a/drivers/crypto/armv8/rte_armv8_pmd.c
+++ b/drivers/crypto/armv8/rte_armv8_pmd.c
@@ -545,7 +545,7 @@ get_session(struct armv8_crypto_qp *qp, struct rte_crypto_op *op)
 {
 	struct armv8_crypto_session *sess = NULL;
 
-	if (op->sym->sess_type == RTE_CRYPTO_SYM_OP_WITH_SESSION) {
+	if (op->sess_type == RTE_CRYPTO_OP_WITH_SESSION) {
 		/* get existing session */
 		if (likely(op->sym->session != NULL &&
 				op->sym->session->dev_type ==
@@ -700,7 +700,7 @@ process_op(const struct armv8_crypto_qp *qp, struct rte_crypto_op *op,
 	}
 
 	/* Free session if a session-less crypto op */
-	if (op->sym->sess_type == RTE_CRYPTO_SYM_OP_SESSIONLESS) {
+	if (op->sess_type == RTE_CRYPTO_OP_SESSIONLESS) {
 		memset(sess, 0, sizeof(struct armv8_crypto_session));
 		rte_mempool_put(qp->sess_mp, op->sym->session);
 		op->sym->session = NULL;
diff --git a/drivers/crypto/dpaa2_sec/dpaa2_sec_dpseci.c b/drivers/crypto/dpaa2_sec/dpaa2_sec_dpseci.c
index e32b27e..e154395 100644
--- a/drivers/crypto/dpaa2_sec/dpaa2_sec_dpseci.c
+++ b/drivers/crypto/dpaa2_sec/dpaa2_sec_dpseci.c
@@ -437,7 +437,7 @@ dpaa2_sec_enqueue_burst(void *qp, struct rte_crypto_op **ops,
 	if (unlikely(nb_ops == 0))
 		return 0;
 
-	if (ops[0]->sym->sess_type != RTE_CRYPTO_SYM_OP_WITH_SESSION) {
+	if (ops[0]->sess_type != RTE_CRYPTO_OP_WITH_SESSION) {
 		RTE_LOG(ERR, PMD, "sessionless crypto op not supported\n");
 		return 0;
 	}
diff --git a/drivers/crypto/kasumi/rte_kasumi_pmd.c b/drivers/crypto/kasumi/rte_kasumi_pmd.c
index 70bf228..c539650 100644
--- a/drivers/crypto/kasumi/rte_kasumi_pmd.c
+++ b/drivers/crypto/kasumi/rte_kasumi_pmd.c
@@ -143,7 +143,7 @@ kasumi_get_session(struct kasumi_qp *qp, struct rte_crypto_op *op)
 {
 	struct kasumi_session *sess;
 
-	if (op->sym->sess_type == RTE_CRYPTO_SYM_OP_WITH_SESSION) {
+	if (op->sess_type == RTE_CRYPTO_OP_WITH_SESSION) {
 		if (unlikely(op->sym->session->dev_type !=
 				RTE_CRYPTODEV_KASUMI_PMD))
 			return NULL;
@@ -353,7 +353,7 @@ process_ops(struct rte_crypto_op **ops, struct kasumi_session *session,
 		if (ops[i]->status == RTE_CRYPTO_OP_STATUS_NOT_PROCESSED)
 			ops[i]->status = RTE_CRYPTO_OP_STATUS_SUCCESS;
 		/* Free session if a session-less crypto op. */
-		if (ops[i]->sym->sess_type == RTE_CRYPTO_SYM_OP_SESSIONLESS) {
+		if (ops[i]->sess_type == RTE_CRYPTO_OP_SESSIONLESS) {
 			rte_mempool_put(qp->sess_mp, ops[i]->sym->session);
 			ops[i]->sym->session = NULL;
 		}
@@ -405,7 +405,7 @@ process_op_bit(struct rte_crypto_op *op, struct kasumi_session *session,
 		op->status = RTE_CRYPTO_OP_STATUS_SUCCESS;
 
 	/* Free session if a session-less crypto op. */
-	if (op->sym->sess_type == RTE_CRYPTO_SYM_OP_SESSIONLESS) {
+	if (op->sess_type == RTE_CRYPTO_OP_SESSIONLESS) {
 		rte_mempool_put(qp->sess_mp, op->sym->session);
 		op->sym->session = NULL;
 	}
diff --git a/drivers/crypto/null/null_crypto_pmd.c b/drivers/crypto/null/null_crypto_pmd.c
index 53bdc3e..b1e465a 100644
--- a/drivers/crypto/null/null_crypto_pmd.c
+++ b/drivers/crypto/null/null_crypto_pmd.c
@@ -90,16 +90,17 @@ process_op(const struct null_crypto_qp *qp, struct rte_crypto_op *op,
 }
 
 static struct null_crypto_session *
-get_session(struct null_crypto_qp *qp, struct rte_crypto_sym_op *op)
+get_session(struct null_crypto_qp *qp, struct rte_crypto_op *op)
 {
 	struct null_crypto_session *sess;
+	struct rte_crypto_sym_op *sym_op = op->sym;
 
-	if (op->sess_type == RTE_CRYPTO_SYM_OP_WITH_SESSION) {
-		if (unlikely(op->session == NULL ||
-			     op->session->dev_type != RTE_CRYPTODEV_NULL_PMD))
+	if (op->sess_type == RTE_CRYPTO_OP_WITH_SESSION) {
+		if (unlikely(sym_op->session == NULL ||
+			     sym_op->session->dev_type != RTE_CRYPTODEV_NULL_PMD))
 			return NULL;
 
-		sess = (struct null_crypto_session *)op->session->_private;
+		sess = (struct null_crypto_session *)sym_op->session->_private;
 	} else  {
 		struct rte_cryptodev_session *c_sess = NULL;
 
@@ -108,7 +109,7 @@ get_session(struct null_crypto_qp *qp, struct rte_crypto_sym_op *op)
 
 		sess = (struct null_crypto_session *)c_sess->_private;
 
-		if (null_crypto_set_session_parameters(sess, op->xform)	!= 0)
+		if (null_crypto_set_session_parameters(sess, sym_op->xform) != 0)
 			return NULL;
 	}
 
@@ -126,7 +127,7 @@ null_crypto_pmd_enqueue_burst(void *queue_pair, struct rte_crypto_op **ops,
 	int i, retval;
 
 	for (i = 0; i < nb_ops; i++) {
-		sess = get_session(qp, ops[i]->sym);
+		sess = get_session(qp, ops[i]);
 		if (unlikely(sess == NULL))
 			goto enqueue_err;
 
diff --git a/drivers/crypto/openssl/rte_openssl_pmd.c b/drivers/crypto/openssl/rte_openssl_pmd.c
index 5d29171..9f4d9b7 100644
--- a/drivers/crypto/openssl/rte_openssl_pmd.c
+++ b/drivers/crypto/openssl/rte_openssl_pmd.c
@@ -446,7 +446,7 @@ get_session(struct openssl_qp *qp, struct rte_crypto_op *op)
 {
 	struct openssl_session *sess = NULL;
 
-	if (op->sym->sess_type == RTE_CRYPTO_SYM_OP_WITH_SESSION) {
+	if (op->sess_type == RTE_CRYPTO_OP_WITH_SESSION) {
 		/* get existing session */
 		if (likely(op->sym->session != NULL &&
 				op->sym->session->dev_type ==
@@ -1196,7 +1196,7 @@ process_op(const struct openssl_qp *qp, struct rte_crypto_op *op,
 	}
 
 	/* Free session if a session-less crypto op */
-	if (op->sym->sess_type == RTE_CRYPTO_SYM_OP_SESSIONLESS) {
+	if (op->sess_type == RTE_CRYPTO_OP_SESSIONLESS) {
 		openssl_reset_session(sess);
 		memset(sess, 0, sizeof(struct openssl_session));
 		rte_mempool_put(qp->sess_mp, op->sym->session);
diff --git a/drivers/crypto/qat/qat_crypto.c b/drivers/crypto/qat/qat_crypto.c
index f8e1d01..998fe99 100644
--- a/drivers/crypto/qat/qat_crypto.c
+++ b/drivers/crypto/qat/qat_crypto.c
@@ -908,7 +908,7 @@ qat_write_hw_desc_entry(struct rte_crypto_op *op, uint8_t *out_msg,
 		return -EINVAL;
 	}
 #endif
-	if (unlikely(op->sym->sess_type == RTE_CRYPTO_SYM_OP_SESSIONLESS)) {
+	if (unlikely(op->sess_type == RTE_CRYPTO_OP_SESSIONLESS)) {
 		PMD_DRV_LOG(ERR, "QAT PMD only supports session oriented"
 				" requests, op (%p) is sessionless.", op);
 		return -EINVAL;
diff --git a/drivers/crypto/snow3g/rte_snow3g_pmd.c b/drivers/crypto/snow3g/rte_snow3g_pmd.c
index 8945f19..84757ac 100644
--- a/drivers/crypto/snow3g/rte_snow3g_pmd.c
+++ b/drivers/crypto/snow3g/rte_snow3g_pmd.c
@@ -143,7 +143,7 @@ snow3g_get_session(struct snow3g_qp *qp, struct rte_crypto_op *op)
 {
 	struct snow3g_session *sess;
 
-	if (op->sym->sess_type == RTE_CRYPTO_SYM_OP_WITH_SESSION) {
+	if (op->sess_type == RTE_CRYPTO_OP_WITH_SESSION) {
 		if (unlikely(op->sym->session->dev_type !=
 				RTE_CRYPTODEV_SNOW3G_PMD))
 			return NULL;
@@ -357,7 +357,7 @@ process_ops(struct rte_crypto_op **ops, struct snow3g_session *session,
 		if (ops[i]->status == RTE_CRYPTO_OP_STATUS_NOT_PROCESSED)
 			ops[i]->status = RTE_CRYPTO_OP_STATUS_SUCCESS;
 		/* Free session if a session-less crypto op. */
-		if (ops[i]->sym->sess_type == RTE_CRYPTO_SYM_OP_SESSIONLESS) {
+		if (ops[i]->sess_type == RTE_CRYPTO_OP_SESSIONLESS) {
 			rte_mempool_put(qp->sess_mp, ops[i]->sym->session);
 			ops[i]->sym->session = NULL;
 		}
@@ -409,7 +409,7 @@ process_op_bit(struct rte_crypto_op *op, struct snow3g_session *session,
 		op->status = RTE_CRYPTO_OP_STATUS_SUCCESS;
 
 	/* Free session if a session-less crypto op. */
-	if (op->sym->sess_type == RTE_CRYPTO_SYM_OP_SESSIONLESS) {
+	if (op->sess_type == RTE_CRYPTO_OP_SESSIONLESS) {
 		rte_mempool_put(qp->sess_mp, op->sym->session);
 		op->sym->session = NULL;
 	}
diff --git a/drivers/crypto/zuc/rte_zuc_pmd.c b/drivers/crypto/zuc/rte_zuc_pmd.c
index ec6d54f..63236ac 100644
--- a/drivers/crypto/zuc/rte_zuc_pmd.c
+++ b/drivers/crypto/zuc/rte_zuc_pmd.c
@@ -142,7 +142,7 @@ zuc_get_session(struct zuc_qp *qp, struct rte_crypto_op *op)
 {
 	struct zuc_session *sess;
 
-	if (op->sym->sess_type == RTE_CRYPTO_SYM_OP_WITH_SESSION) {
+	if (op->sess_type == RTE_CRYPTO_OP_WITH_SESSION) {
 		if (unlikely(op->sym->session->dev_type !=
 				RTE_CRYPTODEV_ZUC_PMD))
 			return NULL;
@@ -333,7 +333,7 @@ process_ops(struct rte_crypto_op **ops, struct zuc_session *session,
 		if (ops[i]->status == RTE_CRYPTO_OP_STATUS_NOT_PROCESSED)
 			ops[i]->status = RTE_CRYPTO_OP_STATUS_SUCCESS;
 		/* Free session if a session-less crypto op. */
-		if (ops[i]->sym->sess_type == RTE_CRYPTO_SYM_OP_SESSIONLESS) {
+		if (ops[i]->sess_type == RTE_CRYPTO_OP_SESSIONLESS) {
 			rte_mempool_put(qp->sess_mp, ops[i]->sym->session);
 			ops[i]->sym->session = NULL;
 		}
diff --git a/lib/librte_cryptodev/rte_crypto.h b/lib/librte_cryptodev/rte_crypto.h
index 9019518..ac5c184 100644
--- a/lib/librte_cryptodev/rte_crypto.h
+++ b/lib/librte_cryptodev/rte_crypto.h
@@ -82,6 +82,16 @@ enum rte_crypto_op_status {
 };
 
 /**
+ * Crypto operation session type. This is used to specify whether a crypto
+ * operation has session structure attached for immutable parameters or if all
+ * operation information is included in the operation data structure.
+ */
+enum rte_crypto_op_sess_type {
+	RTE_CRYPTO_OP_WITH_SESSION,	/**< Session based crypto operation */
+	RTE_CRYPTO_OP_SESSIONLESS	/**< Session-less crypto operation */
+};
+
+/**
  * Cryptographic Operation.
  *
  * This structure contains data relating to performing cryptographic
@@ -102,6 +112,8 @@ struct rte_crypto_op {
 	 * will be set to RTE_CRYPTO_OP_STATUS_SUCCESS after crypto operation
 	 * is successfully processed by a crypto PMD
 	 */
+	enum rte_crypto_op_sess_type  sess_type;
+	/**< operation session type */
 
 	struct rte_mempool *mempool;
 	/**< crypto operation mempool which operation is allocated from */
@@ -130,6 +142,7 @@ __rte_crypto_op_reset(struct rte_crypto_op *op, enum rte_crypto_op_type type)
 {
 	op->type = type;
 	op->status = RTE_CRYPTO_OP_STATUS_NOT_PROCESSED;
+	op->sess_type = RTE_CRYPTO_OP_SESSIONLESS;
 
 	switch (type) {
 	case RTE_CRYPTO_OP_TYPE_SYMMETRIC:
@@ -407,6 +420,8 @@ rte_crypto_op_attach_sym_session(struct rte_crypto_op *op,
 	if (unlikely(op->type != RTE_CRYPTO_OP_TYPE_SYMMETRIC))
 		return -1;
 
+	op->sess_type = RTE_CRYPTO_OP_WITH_SESSION;
+
 	return __rte_crypto_sym_op_attach_sym_session(op->sym, sess);
 }
 
diff --git a/lib/librte_cryptodev/rte_crypto_sym.h b/lib/librte_cryptodev/rte_crypto_sym.h
index 3a40844..386b120 100644
--- a/lib/librte_cryptodev/rte_crypto_sym.h
+++ b/lib/librte_cryptodev/rte_crypto_sym.h
@@ -376,17 +376,6 @@ struct rte_crypto_sym_xform {
 	};
 };
 
-/**
- * Crypto operation session type. This is used to specify whether a crypto
- * operation has session structure attached for immutable parameters or if all
- * operation information is included in the operation data structure.
- */
-enum rte_crypto_sym_op_sess_type {
-	RTE_CRYPTO_SYM_OP_WITH_SESSION,	/**< Session based crypto operation */
-	RTE_CRYPTO_SYM_OP_SESSIONLESS	/**< Session-less crypto operation */
-};
-
-
 struct rte_cryptodev_sym_session;
 
 /**
@@ -423,8 +412,6 @@ struct rte_crypto_sym_op {
 	struct rte_mbuf *m_src;	/**< source mbuf */
 	struct rte_mbuf *m_dst;	/**< destination mbuf */
 
-	enum rte_crypto_sym_op_sess_type sess_type;
-
 	RTE_STD_C11
 	union {
 		struct rte_cryptodev_sym_session *session;
@@ -665,8 +652,6 @@ static inline void
 __rte_crypto_sym_op_reset(struct rte_crypto_sym_op *op)
 {
 	memset(op, 0, sizeof(*op));
-
-	op->sess_type = RTE_CRYPTO_SYM_OP_SESSIONLESS;
 }
 
 
@@ -708,7 +693,6 @@ __rte_crypto_sym_op_attach_sym_session(struct rte_crypto_sym_op *sym_op,
 		struct rte_cryptodev_sym_session *sess)
 {
 	sym_op->session = sess;
-	sym_op->sess_type = RTE_CRYPTO_SYM_OP_WITH_SESSION;
 
 	return 0;
 }
diff --git a/test/test/test_cryptodev.c b/test/test/test_cryptodev.c
index f8f15c0..04620f3 100644
--- a/test/test/test_cryptodev.c
+++ b/test/test/test_cryptodev.c
@@ -5555,8 +5555,8 @@ test_AES_GCM_authenticated_encryption_sessionless(
 
 	ut_params->op->sym->m_src = ut_params->ibuf;
 
-	TEST_ASSERT_EQUAL(ut_params->op->sym->sess_type,
-			RTE_CRYPTO_SYM_OP_SESSIONLESS,
+	TEST_ASSERT_EQUAL(ut_params->op->sess_type,
+			RTE_CRYPTO_OP_SESSIONLESS,
 			"crypto op session type not sessionless");
 
 	/* Process crypto operation */
@@ -5635,8 +5635,8 @@ test_AES_GCM_authenticated_decryption_sessionless(
 
 	ut_params->op->sym->m_src = ut_params->ibuf;
 
-	TEST_ASSERT_EQUAL(ut_params->op->sym->sess_type,
-			RTE_CRYPTO_SYM_OP_SESSIONLESS,
+	TEST_ASSERT_EQUAL(ut_params->op->sess_type,
+			RTE_CRYPTO_OP_SESSIONLESS,
 			"crypto op session type not sessionless");
 
 	/* Process crypto operation */
-- 
2.9.4

^ permalink raw reply	[flat|nested] 100+ messages in thread

* [dpdk-dev] [PATCH v4 02/26] cryptodev: replace enums with 1-byte variables
  2017-07-02  5:41     ` [dpdk-dev] [PATCH v4 " Pablo de Lara
  2017-07-02  5:41       ` [dpdk-dev] [PATCH v4 01/26] cryptodev: move session type to generic crypto op Pablo de Lara
@ 2017-07-02  5:41       ` Pablo de Lara
  2017-07-02  5:41       ` [dpdk-dev] [PATCH v4 03/26] cryptodev: remove opaque data pointer in crypto op Pablo de Lara
                         ` (24 subsequent siblings)
  26 siblings, 0 replies; 100+ messages in thread
From: Pablo de Lara @ 2017-07-02  5:41 UTC (permalink / raw)
  To: declan.doherty, zbigniew.bodek, jerin.jacob, akhil.goyal,
	hemant.agrawal, fiona.trahe, john.griffin, deepak.k.jain
  Cc: dev, Pablo de Lara

Instead of storing some crypto operation flags,
such as operation status, as enumerations,
store them as uint8_t, for memory efficiency.

Also, reserve extra 5 bytes in the crypto operation,
for future additions.

Signed-off-by: Pablo de Lara <pablo.de.lara.guarch@intel.com>
Acked-by: Akhil Goyal <akhil.goyal@nxp.com>
Acked-by: Fiona Trahe <fiona.trahe@intel.com>
---
 doc/guides/rel_notes/release_17_08.rst | 3 +++
 lib/librte_cryptodev/rte_crypto.h      | 9 +++++----
 2 files changed, 8 insertions(+), 4 deletions(-)

diff --git a/doc/guides/rel_notes/release_17_08.rst b/doc/guides/rel_notes/release_17_08.rst
index 2bc405d..bbb14a9 100644
--- a/doc/guides/rel_notes/release_17_08.rst
+++ b/doc/guides/rel_notes/release_17_08.rst
@@ -151,6 +151,9 @@ API Changes
 
   * Removed the field ``rte_crypto_sym_op_sess_type`` from ``rte_crypto_sym_op``,
     and moved it to ``rte_crypto_op`` as ``rte_crypto_op_sess_type``.
+  * Enumerations ``rte_crypto_op_sess_type``, ``rte_crypto_op_status`` and
+    ``rte_crypto_op_sess_type`` in ``rte_crypto_op`` have been modified to be
+    uint8_t values.
 
 
 ABI Changes
diff --git a/lib/librte_cryptodev/rte_crypto.h b/lib/librte_cryptodev/rte_crypto.h
index ac5c184..8e2b640 100644
--- a/lib/librte_cryptodev/rte_crypto.h
+++ b/lib/librte_cryptodev/rte_crypto.h
@@ -102,19 +102,20 @@ enum rte_crypto_op_sess_type {
  * rte_cryptodev_enqueue_burst() / rte_cryptodev_dequeue_burst() .
  */
 struct rte_crypto_op {
-	enum rte_crypto_op_type type;
+	uint8_t type;
 	/**< operation type */
-
-	enum rte_crypto_op_status status;
+	uint8_t status;
 	/**<
 	 * operation status - this is reset to
 	 * RTE_CRYPTO_OP_STATUS_NOT_PROCESSED on allocation from mempool and
 	 * will be set to RTE_CRYPTO_OP_STATUS_SUCCESS after crypto operation
 	 * is successfully processed by a crypto PMD
 	 */
-	enum rte_crypto_op_sess_type  sess_type;
+	uint8_t sess_type;
 	/**< operation session type */
 
+	uint8_t reserved[5];
+	/**< Reserved bytes to fill 64 bits for future additions */
 	struct rte_mempool *mempool;
 	/**< crypto operation mempool which operation is allocated from */
 
-- 
2.9.4

^ permalink raw reply	[flat|nested] 100+ messages in thread

* [dpdk-dev] [PATCH v4 03/26] cryptodev: remove opaque data pointer in crypto op
  2017-07-02  5:41     ` [dpdk-dev] [PATCH v4 " Pablo de Lara
  2017-07-02  5:41       ` [dpdk-dev] [PATCH v4 01/26] cryptodev: move session type to generic crypto op Pablo de Lara
  2017-07-02  5:41       ` [dpdk-dev] [PATCH v4 02/26] cryptodev: replace enums with 1-byte variables Pablo de Lara
@ 2017-07-02  5:41       ` Pablo de Lara
  2017-07-02  5:41       ` [dpdk-dev] [PATCH v4 04/26] cryptodev: do not store pointer to op specific params Pablo de Lara
                         ` (23 subsequent siblings)
  26 siblings, 0 replies; 100+ messages in thread
From: Pablo de Lara @ 2017-07-02  5:41 UTC (permalink / raw)
  To: declan.doherty, zbigniew.bodek, jerin.jacob, akhil.goyal,
	hemant.agrawal, fiona.trahe, john.griffin, deepak.k.jain
  Cc: dev, Pablo de Lara

Storing a pointer to the user data is unnecessary,
since user can store additional data, after the crypto operation.

Signed-off-by: Pablo de Lara <pablo.de.lara.guarch@intel.com>
Acked-by: Akhil Goyal <akhil.goyal@nxp.com>
Acked-by: Fiona Trahe <fiona.trahe@intel.com>
---
 app/test-crypto-perf/cperf_test_latency.c | 47 ++++++++++++++++++++-----------
 doc/guides/prog_guide/cryptodev_lib.rst   |  3 +-
 doc/guides/rel_notes/release_17_08.rst    |  1 +
 lib/librte_cryptodev/rte_crypto.h         |  5 ----
 4 files changed, 33 insertions(+), 23 deletions(-)

diff --git a/app/test-crypto-perf/cperf_test_latency.c b/app/test-crypto-perf/cperf_test_latency.c
index 4fb7a9a..32cf5fd 100644
--- a/app/test-crypto-perf/cperf_test_latency.c
+++ b/app/test-crypto-perf/cperf_test_latency.c
@@ -66,6 +66,10 @@ struct cperf_latency_ctx {
 	struct cperf_op_result *res;
 };
 
+struct priv_op_data {
+	struct cperf_op_result *result;
+};
+
 #define max(a, b) (a > b ? (uint64_t)a : (uint64_t)b)
 #define min(a, b) (a < b ? (uint64_t)a : (uint64_t)b)
 
@@ -276,9 +280,11 @@ cperf_latency_test_constructor(uint8_t dev_id, uint16_t qp_id,
 	snprintf(pool_name, sizeof(pool_name), "cperf_op_pool_cdev_%d",
 			dev_id);
 
+	uint16_t priv_size = sizeof(struct priv_op_data);
 	ctx->crypto_op_pool = rte_crypto_op_pool_create(pool_name,
-			RTE_CRYPTO_OP_TYPE_SYMMETRIC, options->pool_sz, 512, 0,
-			rte_socket_id());
+			RTE_CRYPTO_OP_TYPE_SYMMETRIC, options->pool_sz,
+			512, priv_size, rte_socket_id());
+
 	if (ctx->crypto_op_pool == NULL)
 		goto err;
 
@@ -295,11 +301,20 @@ cperf_latency_test_constructor(uint8_t dev_id, uint16_t qp_id,
 	return NULL;
 }
 
+static inline void
+store_timestamp(struct rte_crypto_op *op, uint64_t timestamp)
+{
+	struct priv_op_data *priv_data;
+
+	priv_data = (struct priv_op_data *) (op->sym + 1);
+	priv_data->result->status = op->status;
+	priv_data->result->tsc_end = timestamp;
+}
+
 int
 cperf_latency_test_runner(void *arg)
 {
 	struct cperf_latency_ctx *ctx = arg;
-	struct cperf_op_result *pres;
 	uint16_t test_burst_size;
 	uint8_t burst_size_idx = 0;
 
@@ -311,6 +326,7 @@ cperf_latency_test_runner(void *arg)
 	struct rte_crypto_op *ops[ctx->options->max_burst_size];
 	struct rte_crypto_op *ops_processed[ctx->options->max_burst_size];
 	uint64_t i;
+	struct priv_op_data *priv_data;
 
 	uint32_t lcore = rte_lcore_id();
 
@@ -400,7 +416,12 @@ cperf_latency_test_runner(void *arg)
 
 			for (i = 0; i < ops_enqd; i++) {
 				ctx->res[tsc_idx].tsc_start = tsc_start;
-				ops[i]->opaque_data = (void *)&ctx->res[tsc_idx];
+				/*
+				 * Private data structure starts after the end of the
+				 * rte_crypto_sym_op structure.
+				 */
+				priv_data = (struct priv_op_data *) (ops[i]->sym + 1);
+				priv_data->result = (void *)&ctx->res[tsc_idx];
 				tsc_idx++;
 			}
 
@@ -411,12 +432,9 @@ cperf_latency_test_runner(void *arg)
 				 * the crypto operation will change the data and cause
 				 * failures.
 				 */
-				for (i = 0; i < ops_deqd; i++) {
-					pres = (struct cperf_op_result *)
-							(ops_processed[i]->opaque_data);
-					pres->status = ops_processed[i]->status;
-					pres->tsc_end = tsc_end;
-				}
+				for (i = 0; i < ops_deqd; i++)
+					store_timestamp(ops_processed[i], tsc_end);
+
 				rte_mempool_put_bulk(ctx->crypto_op_pool,
 						(void **)ops_processed, ops_deqd);
 
@@ -447,12 +465,9 @@ cperf_latency_test_runner(void *arg)
 			tsc_end = rte_rdtsc_precise();
 
 			if (ops_deqd != 0) {
-				for (i = 0; i < ops_deqd; i++) {
-					pres = (struct cperf_op_result *)
-							(ops_processed[i]->opaque_data);
-					pres->status = ops_processed[i]->status;
-					pres->tsc_end = tsc_end;
-				}
+				for (i = 0; i < ops_deqd; i++)
+					store_timestamp(ops_processed[i], tsc_end);
+
 				rte_mempool_put_bulk(ctx->crypto_op_pool,
 						(void **)ops_processed, ops_deqd);
 
diff --git a/doc/guides/prog_guide/cryptodev_lib.rst b/doc/guides/prog_guide/cryptodev_lib.rst
index 229cb7a..c9a29f8 100644
--- a/doc/guides/prog_guide/cryptodev_lib.rst
+++ b/doc/guides/prog_guide/cryptodev_lib.rst
@@ -363,8 +363,7 @@ The operation structure includes the operation type, the operation status
 and the session type (session-based/less), a reference to the operation
 specific data, which can vary in size and content depending on the operation
 being provisioned. It also contains the source mempool for the operation,
-if it allocate from a mempool. Finally an opaque pointer for user specific
-data is provided.
+if it allocated from a mempool.
 
 If Crypto operations are allocated from a Crypto operation mempool, see next
 section, there is also the ability to allocate private memory with the
diff --git a/doc/guides/rel_notes/release_17_08.rst b/doc/guides/rel_notes/release_17_08.rst
index bbb14a9..20f459e 100644
--- a/doc/guides/rel_notes/release_17_08.rst
+++ b/doc/guides/rel_notes/release_17_08.rst
@@ -154,6 +154,7 @@ API Changes
   * Enumerations ``rte_crypto_op_sess_type``, ``rte_crypto_op_status`` and
     ``rte_crypto_op_sess_type`` in ``rte_crypto_op`` have been modified to be
     uint8_t values.
+  * Removed the field ``opaque_data`` from ``rte_crypto_op``.
 
 
 ABI Changes
diff --git a/lib/librte_cryptodev/rte_crypto.h b/lib/librte_cryptodev/rte_crypto.h
index 8e2b640..c2677fa 100644
--- a/lib/librte_cryptodev/rte_crypto.h
+++ b/lib/librte_cryptodev/rte_crypto.h
@@ -122,9 +122,6 @@ struct rte_crypto_op {
 	phys_addr_t phys_addr;
 	/**< physical address of crypto operation */
 
-	void *opaque_data;
-	/**< Opaque pointer for user data */
-
 	RTE_STD_C11
 	union {
 		struct rte_crypto_sym_op *sym;
@@ -158,8 +155,6 @@ __rte_crypto_op_reset(struct rte_crypto_op *op, enum rte_crypto_op_type type)
 	default:
 		break;
 	}
-
-	op->opaque_data = NULL;
 }
 
 /**
-- 
2.9.4

^ permalink raw reply	[flat|nested] 100+ messages in thread

* [dpdk-dev] [PATCH v4 04/26] cryptodev: do not store pointer to op specific params
  2017-07-02  5:41     ` [dpdk-dev] [PATCH v4 " Pablo de Lara
                         ` (2 preceding siblings ...)
  2017-07-02  5:41       ` [dpdk-dev] [PATCH v4 03/26] cryptodev: remove opaque data pointer in crypto op Pablo de Lara
@ 2017-07-02  5:41       ` Pablo de Lara
  2017-07-02  5:41       ` [dpdk-dev] [PATCH v4 05/26] cryptodev: remove useless alignment Pablo de Lara
                         ` (22 subsequent siblings)
  26 siblings, 0 replies; 100+ messages in thread
From: Pablo de Lara @ 2017-07-02  5:41 UTC (permalink / raw)
  To: declan.doherty, zbigniew.bodek, jerin.jacob, akhil.goyal,
	hemant.agrawal, fiona.trahe, john.griffin, deepak.k.jain
  Cc: dev, Pablo de Lara

Instead of storing a pointer to operation specific parameters,
such as symmetric crypto parameters, use a zero-length array,
to mark that these parameters will be stored after the
generic crypto operation structure, which was already assumed
in the code, reducing the memory footprint of the crypto operation.

Besides, it is always expected to have rte_crypto_op
and rte_crypto_sym_op (the only operation specific parameters
structure right now) to be together, as they are initialized
as a single object in the crypto operation pool.

Signed-off-by: Pablo de Lara <pablo.de.lara.guarch@intel.com>
Acked-by: Akhil Goyal <akhil.goyal@nxp.com>
Acked-by: Fiona Trahe <fiona.trahe@intel.com>
---
 doc/guides/rel_notes/release_17_08.rst | 2 ++
 examples/ipsec-secgw/ipsec.c           | 1 -
 lib/librte_cryptodev/rte_crypto.h      | 8 +-------
 3 files changed, 3 insertions(+), 8 deletions(-)

diff --git a/doc/guides/rel_notes/release_17_08.rst b/doc/guides/rel_notes/release_17_08.rst
index 20f459e..6acbf35 100644
--- a/doc/guides/rel_notes/release_17_08.rst
+++ b/doc/guides/rel_notes/release_17_08.rst
@@ -155,6 +155,8 @@ API Changes
     ``rte_crypto_op_sess_type`` in ``rte_crypto_op`` have been modified to be
     uint8_t values.
   * Removed the field ``opaque_data`` from ``rte_crypto_op``.
+  * Pointer to ``rte_crypto_sym_op`` in ``rte_crypto_op`` has been replaced
+    with a zero length array.
 
 
 ABI Changes
diff --git a/examples/ipsec-secgw/ipsec.c b/examples/ipsec-secgw/ipsec.c
index edca5f0..126d79f 100644
--- a/examples/ipsec-secgw/ipsec.c
+++ b/examples/ipsec-secgw/ipsec.c
@@ -140,7 +140,6 @@ ipsec_enqueue(ipsec_xform_fn xform_func, struct ipsec_ctx *ipsec_ctx,
 		priv->cop.status = RTE_CRYPTO_OP_STATUS_NOT_PROCESSED;
 
 		rte_prefetch0(&priv->sym_cop);
-		priv->cop.sym = &priv->sym_cop;
 
 		if ((unlikely(sa->crypto_session == NULL)) &&
 				create_session(ipsec_ctx, sa)) {
diff --git a/lib/librte_cryptodev/rte_crypto.h b/lib/librte_cryptodev/rte_crypto.h
index c2677fa..85716a6 100644
--- a/lib/librte_cryptodev/rte_crypto.h
+++ b/lib/librte_cryptodev/rte_crypto.h
@@ -124,7 +124,7 @@ struct rte_crypto_op {
 
 	RTE_STD_C11
 	union {
-		struct rte_crypto_sym_op *sym;
+		struct rte_crypto_sym_op sym[0];
 		/**< Symmetric operation parameters */
 	}; /**< operation specific parameters */
 } __rte_cache_aligned;
@@ -144,12 +144,6 @@ __rte_crypto_op_reset(struct rte_crypto_op *op, enum rte_crypto_op_type type)
 
 	switch (type) {
 	case RTE_CRYPTO_OP_TYPE_SYMMETRIC:
-		/** Symmetric operation structure starts after the end of the
-		 * rte_crypto_op structure.
-		 */
-		op->sym = (struct rte_crypto_sym_op *)(op + 1);
-		op->type = type;
-
 		__rte_crypto_sym_op_reset(op->sym);
 		break;
 	default:
-- 
2.9.4

^ permalink raw reply	[flat|nested] 100+ messages in thread

* [dpdk-dev] [PATCH v4 05/26] cryptodev: remove useless alignment
  2017-07-02  5:41     ` [dpdk-dev] [PATCH v4 " Pablo de Lara
                         ` (3 preceding siblings ...)
  2017-07-02  5:41       ` [dpdk-dev] [PATCH v4 04/26] cryptodev: do not store pointer to op specific params Pablo de Lara
@ 2017-07-02  5:41       ` Pablo de Lara
  2017-07-02  5:41       ` [dpdk-dev] [PATCH v4 06/26] cryptodev: add crypto op helper macros Pablo de Lara
                         ` (21 subsequent siblings)
  26 siblings, 0 replies; 100+ messages in thread
From: Pablo de Lara @ 2017-07-02  5:41 UTC (permalink / raw)
  To: declan.doherty, zbigniew.bodek, jerin.jacob, akhil.goyal,
	hemant.agrawal, fiona.trahe, john.griffin, deepak.k.jain
  Cc: dev, Pablo de Lara

rte_crypto_op and rte_crypto_sym_op structures
were marked as cache aligned.
However, since these structures are always initialized
in a mempool, this alignment is useless, since the mempool
forces the alignment of its objects.

Signed-off-by: Pablo de Lara <pablo.de.lara.guarch@intel.com>
Acked-by: Akhil Goyal <akhil.goyal@nxp.com>
Acked-by: Fiona Trahe <fiona.trahe@intel.com>
---
 lib/librte_cryptodev/rte_crypto.h     | 2 +-
 lib/librte_cryptodev/rte_crypto_sym.h | 2 +-
 2 files changed, 2 insertions(+), 2 deletions(-)

diff --git a/lib/librte_cryptodev/rte_crypto.h b/lib/librte_cryptodev/rte_crypto.h
index 85716a6..43be7dc 100644
--- a/lib/librte_cryptodev/rte_crypto.h
+++ b/lib/librte_cryptodev/rte_crypto.h
@@ -127,7 +127,7 @@ struct rte_crypto_op {
 		struct rte_crypto_sym_op sym[0];
 		/**< Symmetric operation parameters */
 	}; /**< operation specific parameters */
-} __rte_cache_aligned;
+};
 
 /**
  * Reset the fields of a crypto operation to their default values.
diff --git a/lib/librte_cryptodev/rte_crypto_sym.h b/lib/librte_cryptodev/rte_crypto_sym.h
index 386b120..39ad1e3 100644
--- a/lib/librte_cryptodev/rte_crypto_sym.h
+++ b/lib/librte_cryptodev/rte_crypto_sym.h
@@ -640,7 +640,7 @@ struct rte_crypto_sym_op {
 		} aad;
 		/**< Additional authentication parameters */
 	} auth;
-} __rte_cache_aligned;
+};
 
 
 /**
-- 
2.9.4

^ permalink raw reply	[flat|nested] 100+ messages in thread

* [dpdk-dev] [PATCH v4 06/26] cryptodev: add crypto op helper macros
  2017-07-02  5:41     ` [dpdk-dev] [PATCH v4 " Pablo de Lara
                         ` (4 preceding siblings ...)
  2017-07-02  5:41       ` [dpdk-dev] [PATCH v4 05/26] cryptodev: remove useless alignment Pablo de Lara
@ 2017-07-02  5:41       ` Pablo de Lara
  2017-07-02  5:41       ` [dpdk-dev] [PATCH v4 07/26] test/crypto: move IV to crypto op private data Pablo de Lara
                         ` (20 subsequent siblings)
  26 siblings, 0 replies; 100+ messages in thread
From: Pablo de Lara @ 2017-07-02  5:41 UTC (permalink / raw)
  To: declan.doherty, zbigniew.bodek, jerin.jacob, akhil.goyal,
	hemant.agrawal, fiona.trahe, john.griffin, deepak.k.jain
  Cc: dev, Pablo de Lara

In order to facilitate the access to the private data,
after the crypto operation, two new macros have been
implemented:

- rte_crypto_op_ctod_offset(c,t,o), which returns a pointer
  to "o" bytes after the start of the crypto operation
  (rte_crypto_op)
- rte_crypto_op_ctophys_offset(c, o), which returns
  the physical address of the data "o" bytes after the
  start of the crypto operation (rte_crypto_op)

Signed-off-by: Pablo de Lara <pablo.de.lara.guarch@intel.com>
Acked-by: Akhil Goyal <akhil.goyal@nxp.com>
Acked-by: Fiona Trahe <fiona.trahe@intel.com>
---
 lib/librte_cryptodev/rte_cryptodev.h | 32 ++++++++++++++++++++++++++++++++
 1 file changed, 32 insertions(+)

diff --git a/lib/librte_cryptodev/rte_cryptodev.h b/lib/librte_cryptodev/rte_cryptodev.h
index 4e318f0..91f3375 100644
--- a/lib/librte_cryptodev/rte_cryptodev.h
+++ b/lib/librte_cryptodev/rte_cryptodev.h
@@ -119,6 +119,38 @@ extern const char **rte_cyptodev_names;
 #define CDEV_PMD_TRACE(...) (void)0
 #endif
 
+
+
+/**
+ * A macro that points to an offset from the start
+ * of the crypto operation structure (rte_crypto_op)
+ *
+ * The returned pointer is cast to type t.
+ *
+ * @param c
+ *   The crypto operation.
+ * @param o
+ *   The offset from the start of the crypto operation.
+ * @param t
+ *   The type to cast the result into.
+ */
+#define rte_crypto_op_ctod_offset(c, t, o)	\
+	((t)((char *)(c) + (o)))
+
+/**
+ * A macro that returns the physical address that points
+ * to an offset from the start of the crypto operation
+ * (rte_crypto_op)
+ *
+ * @param c
+ *   The crypto operation.
+ * @param o
+ *   The offset from the start of the crypto operation
+ *   to calculate address from.
+ */
+#define rte_crypto_op_ctophys_offset(c, o)	\
+	(phys_addr_t)((c)->phys_addr + (o))
+
 /**
  * Crypto parameters range description
  */
-- 
2.9.4

^ permalink raw reply	[flat|nested] 100+ messages in thread

* [dpdk-dev] [PATCH v4 07/26] test/crypto: move IV to crypto op private data
  2017-07-02  5:41     ` [dpdk-dev] [PATCH v4 " Pablo de Lara
                         ` (5 preceding siblings ...)
  2017-07-02  5:41       ` [dpdk-dev] [PATCH v4 06/26] cryptodev: add crypto op helper macros Pablo de Lara
@ 2017-07-02  5:41       ` Pablo de Lara
  2017-07-02  5:41       ` [dpdk-dev] [PATCH v4 08/26] test/crypto-perf: " Pablo de Lara
                         ` (19 subsequent siblings)
  26 siblings, 0 replies; 100+ messages in thread
From: Pablo de Lara @ 2017-07-02  5:41 UTC (permalink / raw)
  To: declan.doherty, zbigniew.bodek, jerin.jacob, akhil.goyal,
	hemant.agrawal, fiona.trahe, john.griffin, deepak.k.jain
  Cc: dev, Pablo de Lara

Usually, IV will change for each crypto operation.
Therefore, instead of pointing at the same location,
IV is copied after each crypto operation.

This will let the IV to be passed as an offset from
the beginning of the crypto operation, instead of
a pointer.

Signed-off-by: Pablo de Lara <pablo.de.lara.guarch@intel.com>
Acked-by: Akhil Goyal <akhil.goyal@nxp.com>
Acked-by: Fiona Trahe <fiona.trahe@intel.com>
---
 test/test/test_cryptodev.c             | 386 +++++++++++++--------------------
 test/test/test_cryptodev.h             |   6 +
 test/test/test_cryptodev_blockcipher.c |  36 +--
 3 files changed, 161 insertions(+), 267 deletions(-)

diff --git a/test/test/test_cryptodev.c b/test/test/test_cryptodev.c
index 04620f3..0037e88 100644
--- a/test/test/test_cryptodev.c
+++ b/test/test/test_cryptodev.c
@@ -202,7 +202,8 @@ testsuite_setup(void)
 			RTE_CRYPTO_OP_TYPE_SYMMETRIC,
 			NUM_MBUFS, MBUF_CACHE_SIZE,
 			DEFAULT_NUM_XFORMS *
-			sizeof(struct rte_crypto_sym_xform),
+			sizeof(struct rte_crypto_sym_xform) +
+			MAXIMUM_IV_LENGTH,
 			rte_socket_id());
 	if (ts_params->op_mpool == NULL) {
 		RTE_LOG(ERR, USER1, "Can't create CRYPTO_OP_POOL\n");
@@ -1306,19 +1307,19 @@ test_AES_CBC_HMAC_SHA1_encrypt_digest(void)
 			ut_params->ibuf, QUOTE_512_BYTES);
 	sym_op->auth.digest.length = DIGEST_BYTE_LENGTH_SHA1;
 
-	sym_op->auth.data.offset = CIPHER_IV_LENGTH_AES_CBC;
+	sym_op->auth.data.offset = 0;
 	sym_op->auth.data.length = QUOTE_512_BYTES;
 
 	/* Set crypto operation cipher parameters */
-	sym_op->cipher.iv.data = (uint8_t *)rte_pktmbuf_prepend(ut_params->ibuf,
-			CIPHER_IV_LENGTH_AES_CBC);
-	sym_op->cipher.iv.phys_addr = rte_pktmbuf_mtophys(ut_params->ibuf);
+	sym_op->cipher.iv.data = rte_crypto_op_ctod_offset(ut_params->op,
+						uint8_t *, IV_OFFSET);
+	sym_op->cipher.iv.phys_addr = rte_crypto_op_ctophys_offset(ut_params->op,
+						IV_OFFSET);
 	sym_op->cipher.iv.length = CIPHER_IV_LENGTH_AES_CBC;
 
-	rte_memcpy(sym_op->cipher.iv.data, aes_cbc_iv,
-			CIPHER_IV_LENGTH_AES_CBC);
+	rte_memcpy(sym_op->cipher.iv.data, aes_cbc_iv, CIPHER_IV_LENGTH_AES_CBC);
 
-	sym_op->cipher.data.offset = CIPHER_IV_LENGTH_AES_CBC;
+	sym_op->cipher.data.offset = 0;
 	sym_op->cipher.data.length = QUOTE_512_BYTES;
 
 	/* Process crypto operation */
@@ -1329,8 +1330,8 @@ test_AES_CBC_HMAC_SHA1_encrypt_digest(void)
 			"crypto op processing failed");
 
 	/* Validate obuf */
-	uint8_t *ciphertext = rte_pktmbuf_mtod_offset(ut_params->op->sym->m_src,
-			uint8_t *, CIPHER_IV_LENGTH_AES_CBC);
+	uint8_t *ciphertext = rte_pktmbuf_mtod(ut_params->op->sym->m_src,
+			uint8_t *);
 
 	TEST_ASSERT_BUFFERS_ARE_EQUAL(ciphertext,
 			catch_22_quote_2_512_bytes_AES_CBC_ciphertext,
@@ -1460,19 +1461,18 @@ test_AES_CBC_HMAC_SHA512_decrypt_perform(struct rte_cryptodev_sym_session *sess,
 			ut_params->ibuf, QUOTE_512_BYTES);
 	sym_op->auth.digest.length = DIGEST_BYTE_LENGTH_SHA512;
 
-	sym_op->auth.data.offset = CIPHER_IV_LENGTH_AES_CBC;
+	sym_op->auth.data.offset = 0;
 	sym_op->auth.data.length = QUOTE_512_BYTES;
 
-	sym_op->cipher.iv.data = (uint8_t *)rte_pktmbuf_prepend(
-			ut_params->ibuf, CIPHER_IV_LENGTH_AES_CBC);
-	sym_op->cipher.iv.phys_addr = rte_pktmbuf_mtophys_offset(
-			ut_params->ibuf, 0);
+	sym_op->cipher.iv.data = rte_crypto_op_ctod_offset(ut_params->op,
+						uint8_t *, IV_OFFSET);
+	sym_op->cipher.iv.phys_addr = rte_crypto_op_ctophys_offset(ut_params->op,
+						IV_OFFSET);
 	sym_op->cipher.iv.length = CIPHER_IV_LENGTH_AES_CBC;
 
-	rte_memcpy(sym_op->cipher.iv.data, iv,
-			CIPHER_IV_LENGTH_AES_CBC);
+	rte_memcpy(sym_op->cipher.iv.data, iv, CIPHER_IV_LENGTH_AES_CBC);
 
-	sym_op->cipher.data.offset = CIPHER_IV_LENGTH_AES_CBC;
+	sym_op->cipher.data.offset = 0;
 	sym_op->cipher.data.length = QUOTE_512_BYTES;
 
 	/* Process crypto operation */
@@ -1486,8 +1486,8 @@ test_AES_CBC_HMAC_SHA512_decrypt_perform(struct rte_cryptodev_sym_session *sess,
 
 	/* Validate obuf */
 	TEST_ASSERT_BUFFERS_ARE_EQUAL(
-			rte_pktmbuf_mtod(ut_params->obuf, uint8_t *) +
-			CIPHER_IV_LENGTH_AES_CBC, catch_22_quote,
+			rte_pktmbuf_mtod(ut_params->obuf, uint8_t *),
+			catch_22_quote,
 			QUOTE_512_BYTES,
 			"Plaintext data not as expected");
 
@@ -1838,14 +1838,12 @@ create_wireless_algo_cipher_session(uint8_t dev_id,
 }
 
 static int
-create_wireless_algo_cipher_operation(const uint8_t *iv, const unsigned iv_len,
-			const unsigned cipher_len,
-			const unsigned cipher_offset,
-			enum rte_crypto_cipher_algorithm algo)
+create_wireless_algo_cipher_operation(const uint8_t *iv, uint8_t iv_len,
+			unsigned int cipher_len,
+			unsigned int cipher_offset)
 {
 	struct crypto_testsuite_params *ts_params = &testsuite_params;
 	struct crypto_unittest_params *ut_params = &unittest_params;
-	unsigned iv_pad_len = 0;
 
 	/* Generate Crypto op data structure */
 	ut_params->op = rte_crypto_op_alloc(ts_params->op_mpool,
@@ -1862,19 +1860,11 @@ create_wireless_algo_cipher_operation(const uint8_t *iv, const unsigned iv_len,
 	sym_op->m_src = ut_params->ibuf;
 
 	/* iv */
-	if (algo == RTE_CRYPTO_CIPHER_KASUMI_F8)
-		iv_pad_len = RTE_ALIGN_CEIL(iv_len, 8);
-	else
-		iv_pad_len = RTE_ALIGN_CEIL(iv_len, 16);
-
-	sym_op->cipher.iv.data = (uint8_t *)rte_pktmbuf_prepend(ut_params->ibuf
-			, iv_pad_len);
-
-	TEST_ASSERT_NOT_NULL(sym_op->cipher.iv.data, "no room to prepend iv");
-
-	memset(sym_op->cipher.iv.data, 0, iv_pad_len);
-	sym_op->cipher.iv.phys_addr = rte_pktmbuf_mtophys(ut_params->ibuf);
-	sym_op->cipher.iv.length = iv_pad_len;
+	sym_op->cipher.iv.data = rte_crypto_op_ctod_offset(ut_params->op,
+						uint8_t *, IV_OFFSET);
+	sym_op->cipher.iv.phys_addr = rte_crypto_op_ctophys_offset(ut_params->op,
+						IV_OFFSET);
+	sym_op->cipher.iv.length = iv_len;
 
 	rte_memcpy(sym_op->cipher.iv.data, iv, iv_len);
 	sym_op->cipher.data.length = cipher_len;
@@ -1883,14 +1873,12 @@ create_wireless_algo_cipher_operation(const uint8_t *iv, const unsigned iv_len,
 }
 
 static int
-create_wireless_algo_cipher_operation_oop(const uint8_t *iv, const uint8_t iv_len,
-			const unsigned cipher_len,
-			const unsigned cipher_offset,
-			enum rte_crypto_cipher_algorithm algo)
+create_wireless_algo_cipher_operation_oop(const uint8_t *iv, uint8_t iv_len,
+			unsigned int cipher_len,
+			unsigned int cipher_offset)
 {
 	struct crypto_testsuite_params *ts_params = &testsuite_params;
 	struct crypto_unittest_params *ut_params = &unittest_params;
-	unsigned iv_pad_len = 0;
 
 	/* Generate Crypto op data structure */
 	ut_params->op = rte_crypto_op_alloc(ts_params->op_mpool,
@@ -1908,22 +1896,11 @@ create_wireless_algo_cipher_operation_oop(const uint8_t *iv, const uint8_t iv_le
 	sym_op->m_dst = ut_params->obuf;
 
 	/* iv */
-	if (algo == RTE_CRYPTO_CIPHER_KASUMI_F8)
-		iv_pad_len = RTE_ALIGN_CEIL(iv_len, 8);
-	else
-		iv_pad_len = RTE_ALIGN_CEIL(iv_len, 16);
-	sym_op->cipher.iv.data = (uint8_t *)rte_pktmbuf_prepend(ut_params->ibuf,
-					iv_pad_len);
-
-	TEST_ASSERT_NOT_NULL(sym_op->cipher.iv.data, "no room to prepend iv");
-
-	/* For OOP operation both buffers must have the same size */
-	if (ut_params->obuf)
-		rte_pktmbuf_prepend(ut_params->obuf, iv_pad_len);
-
-	memset(sym_op->cipher.iv.data, 0, iv_pad_len);
-	sym_op->cipher.iv.phys_addr = rte_pktmbuf_mtophys(ut_params->ibuf);
-	sym_op->cipher.iv.length = iv_pad_len;
+	sym_op->cipher.iv.data = rte_crypto_op_ctod_offset(ut_params->op,
+						uint8_t *, IV_OFFSET);
+	sym_op->cipher.iv.phys_addr = rte_crypto_op_ctophys_offset(ut_params->op,
+						IV_OFFSET);
+	sym_op->cipher.iv.length = iv_len;
 
 	rte_memcpy(sym_op->cipher.iv.data, iv, iv_len);
 	sym_op->cipher.data.length = cipher_len;
@@ -2164,8 +2141,7 @@ create_wireless_algo_hash_operation(const uint8_t *auth_tag,
 static int
 create_wireless_cipher_hash_operation(const struct wireless_test_data *tdata,
 	enum rte_crypto_auth_operation op,
-	enum rte_crypto_auth_algorithm auth_algo,
-	enum rte_crypto_cipher_algorithm cipher_algo)
+	enum rte_crypto_auth_algorithm auth_algo)
 {
 	struct crypto_testsuite_params *ts_params = &testsuite_params;
 	struct crypto_unittest_params *ut_params = &unittest_params;
@@ -2180,11 +2156,10 @@ create_wireless_cipher_hash_operation(const struct wireless_test_data *tdata,
 	const uint8_t *iv = tdata->iv.data;
 	const uint8_t iv_len = tdata->iv.len;
 	const unsigned int cipher_len = tdata->validCipherLenInBits.len;
-	const unsigned int cipher_offset = tdata->iv.len << 3;
+	const unsigned int cipher_offset = 0;
 	const unsigned int auth_len = tdata->validAuthLenInBits.len;
 	const unsigned int auth_offset = tdata->aad.len << 3;
 
-	unsigned int iv_pad_len = 0;
 	unsigned int aad_buffer_len;
 
 	/* Generate Crypto op data structure */
@@ -2244,17 +2219,12 @@ create_wireless_cipher_hash_operation(const struct wireless_test_data *tdata,
 	TEST_HEXDUMP(stdout, "aad:", sym_op->auth.aad.data, aad_len);
 
 	/* iv */
-	if (cipher_algo == RTE_CRYPTO_CIPHER_KASUMI_F8)
-		iv_pad_len = RTE_ALIGN_CEIL(iv_len, 8);
-	else
-		iv_pad_len = RTE_ALIGN_CEIL(iv_len, 16);
-	sym_op->cipher.iv.data = (uint8_t *)rte_pktmbuf_prepend(
-		ut_params->ibuf, iv_pad_len);
-
-	TEST_ASSERT_NOT_NULL(sym_op->cipher.iv.data, "no room to prepend iv");
-	memset(sym_op->cipher.iv.data, 0, iv_pad_len);
-	sym_op->cipher.iv.phys_addr = rte_pktmbuf_mtophys(ut_params->ibuf);
-	sym_op->cipher.iv.length = iv_pad_len;
+	sym_op->cipher.iv.data = rte_crypto_op_ctod_offset(ut_params->op,
+						uint8_t *, IV_OFFSET);
+	sym_op->cipher.iv.phys_addr = rte_crypto_op_ctophys_offset(ut_params->op,
+						IV_OFFSET);
+	sym_op->cipher.iv.length = iv_len;
+
 	rte_memcpy(sym_op->cipher.iv.data, iv, iv_len);
 	sym_op->cipher.data.length = cipher_len;
 	sym_op->cipher.data.offset = cipher_offset + auth_offset;
@@ -2270,8 +2240,7 @@ create_zuc_cipher_hash_generate_operation(
 {
 	return create_wireless_cipher_hash_operation(tdata,
 		RTE_CRYPTO_AUTH_OP_GENERATE,
-		RTE_CRYPTO_AUTH_ZUC_EIA3,
-		RTE_CRYPTO_CIPHER_ZUC_EEA3);
+		RTE_CRYPTO_AUTH_ZUC_EIA3);
 }
 
 static int
@@ -2281,7 +2250,6 @@ create_wireless_algo_cipher_hash_operation(const uint8_t *auth_tag,
 		unsigned data_pad_len,
 		enum rte_crypto_auth_operation op,
 		enum rte_crypto_auth_algorithm auth_algo,
-		enum rte_crypto_cipher_algorithm cipher_algo,
 		const uint8_t *iv, const uint8_t iv_len,
 		const unsigned cipher_len, const unsigned cipher_offset,
 		const unsigned auth_len, const unsigned auth_offset)
@@ -2289,7 +2257,6 @@ create_wireless_algo_cipher_hash_operation(const uint8_t *auth_tag,
 	struct crypto_testsuite_params *ts_params = &testsuite_params;
 	struct crypto_unittest_params *ut_params = &unittest_params;
 
-	unsigned iv_pad_len = 0;
 	unsigned aad_buffer_len;
 
 	/* Generate Crypto op data structure */
@@ -2349,17 +2316,12 @@ create_wireless_algo_cipher_hash_operation(const uint8_t *auth_tag,
 	TEST_HEXDUMP(stdout, "aad:", sym_op->auth.aad.data, aad_len);
 
 	/* iv */
-	if (cipher_algo == RTE_CRYPTO_CIPHER_KASUMI_F8)
-		iv_pad_len = RTE_ALIGN_CEIL(iv_len, 8);
-	else
-		iv_pad_len = RTE_ALIGN_CEIL(iv_len, 16);
-	sym_op->cipher.iv.data = (uint8_t *)rte_pktmbuf_prepend(
-		ut_params->ibuf, iv_pad_len);
-
-	TEST_ASSERT_NOT_NULL(sym_op->cipher.iv.data, "no room to prepend iv");
-	memset(sym_op->cipher.iv.data, 0, iv_pad_len);
-	sym_op->cipher.iv.phys_addr = rte_pktmbuf_mtophys(ut_params->ibuf);
-	sym_op->cipher.iv.length = iv_pad_len;
+	sym_op->cipher.iv.data = rte_crypto_op_ctod_offset(ut_params->op,
+						uint8_t *, IV_OFFSET);
+	sym_op->cipher.iv.phys_addr = rte_crypto_op_ctophys_offset(ut_params->op,
+						IV_OFFSET);
+	sym_op->cipher.iv.length = iv_len;
+
 	rte_memcpy(sym_op->cipher.iv.data, iv, iv_len);
 	sym_op->cipher.data.length = cipher_len;
 	sym_op->cipher.data.offset = cipher_offset + auth_offset;
@@ -2376,13 +2338,11 @@ create_wireless_algo_auth_cipher_operation(const unsigned auth_tag_len,
 		unsigned data_pad_len,
 		const unsigned cipher_len, const unsigned cipher_offset,
 		const unsigned auth_len, const unsigned auth_offset,
-		enum rte_crypto_auth_algorithm auth_algo,
-		enum rte_crypto_cipher_algorithm cipher_algo)
+		enum rte_crypto_auth_algorithm auth_algo)
 {
 	struct crypto_testsuite_params *ts_params = &testsuite_params;
 	struct crypto_unittest_params *ut_params = &unittest_params;
 
-	unsigned iv_pad_len = 0;
 	unsigned aad_buffer_len = 0;
 
 	/* Generate Crypto op data structure */
@@ -2441,18 +2401,11 @@ create_wireless_algo_auth_cipher_operation(const unsigned auth_tag_len,
 			sym_op->auth.aad.data, aad_len);
 
 	/* iv */
-	if (cipher_algo == RTE_CRYPTO_CIPHER_KASUMI_F8)
-		iv_pad_len = RTE_ALIGN_CEIL(iv_len, 8);
-	else
-		iv_pad_len = RTE_ALIGN_CEIL(iv_len, 16);
-
-	sym_op->cipher.iv.data = (uint8_t *)rte_pktmbuf_prepend(
-		ut_params->ibuf, iv_pad_len);
-	TEST_ASSERT_NOT_NULL(sym_op->cipher.iv.data, "no room to prepend iv");
-
-	memset(sym_op->cipher.iv.data, 0, iv_pad_len);
-	sym_op->cipher.iv.phys_addr = rte_pktmbuf_mtophys(ut_params->ibuf);
-	sym_op->cipher.iv.length = iv_pad_len;
+	sym_op->cipher.iv.data = rte_crypto_op_ctod_offset(ut_params->op,
+						uint8_t *, IV_OFFSET);
+	sym_op->cipher.iv.phys_addr = rte_crypto_op_ctophys_offset(ut_params->op,
+						IV_OFFSET);
+	sym_op->cipher.iv.length = iv_len;
 
 	rte_memcpy(sym_op->cipher.iv.data, iv, iv_len);
 
@@ -2886,8 +2839,7 @@ test_kasumi_encryption(const struct kasumi_test_data *tdata)
 	/* Create KASUMI operation */
 	retval = create_wireless_algo_cipher_operation(tdata->iv.data, tdata->iv.len,
 					tdata->plaintext.len,
-					(tdata->iv.len << 3),
-					RTE_CRYPTO_CIPHER_KASUMI_F8);
+					0);
 	if (retval < 0)
 		return retval;
 
@@ -2897,8 +2849,7 @@ test_kasumi_encryption(const struct kasumi_test_data *tdata)
 
 	ut_params->obuf = ut_params->op->sym->m_dst;
 	if (ut_params->obuf)
-		ciphertext = rte_pktmbuf_mtod(ut_params->obuf, uint8_t *)
-				+ tdata->iv.len;
+		ciphertext = rte_pktmbuf_mtod(ut_params->obuf, uint8_t *);
 	else
 		ciphertext = plaintext;
 
@@ -2960,8 +2911,7 @@ test_kasumi_encryption_sgl(const struct kasumi_test_data *tdata)
 	retval = create_wireless_algo_cipher_operation(tdata->iv.data,
 					tdata->iv.len,
 					tdata->plaintext.len,
-					(tdata->iv.len << 3),
-					RTE_CRYPTO_CIPHER_KASUMI_F8);
+					0);
 	if (retval < 0)
 		return retval;
 
@@ -2972,10 +2922,10 @@ test_kasumi_encryption_sgl(const struct kasumi_test_data *tdata)
 	ut_params->obuf = ut_params->op->sym->m_dst;
 
 	if (ut_params->obuf)
-		ciphertext = rte_pktmbuf_read(ut_params->obuf, tdata->iv.len,
+		ciphertext = rte_pktmbuf_read(ut_params->obuf, 0,
 				plaintext_len, buffer);
 	else
-		ciphertext = rte_pktmbuf_read(ut_params->ibuf, tdata->iv.len,
+		ciphertext = rte_pktmbuf_read(ut_params->ibuf, 0,
 				plaintext_len, buffer);
 
 	/* Validate obuf */
@@ -3031,8 +2981,7 @@ test_kasumi_encryption_oop(const struct kasumi_test_data *tdata)
 	retval = create_wireless_algo_cipher_operation_oop(tdata->iv.data,
 					tdata->iv.len,
 					tdata->plaintext.len,
-					(tdata->iv.len << 3),
-					RTE_CRYPTO_CIPHER_KASUMI_F8);
+					0);
 	if (retval < 0)
 		return retval;
 
@@ -3042,8 +2991,7 @@ test_kasumi_encryption_oop(const struct kasumi_test_data *tdata)
 
 	ut_params->obuf = ut_params->op->sym->m_dst;
 	if (ut_params->obuf)
-		ciphertext = rte_pktmbuf_mtod(ut_params->obuf, uint8_t *)
-				+ tdata->iv.len;
+		ciphertext = rte_pktmbuf_mtod(ut_params->obuf, uint8_t *);
 	else
 		ciphertext = plaintext;
 
@@ -3106,8 +3054,7 @@ test_kasumi_encryption_oop_sgl(const struct kasumi_test_data *tdata)
 	retval = create_wireless_algo_cipher_operation_oop(tdata->iv.data,
 					tdata->iv.len,
 					tdata->plaintext.len,
-					(tdata->iv.len << 3),
-					RTE_CRYPTO_CIPHER_KASUMI_F8);
+					0);
 	if (retval < 0)
 		return retval;
 
@@ -3117,10 +3064,10 @@ test_kasumi_encryption_oop_sgl(const struct kasumi_test_data *tdata)
 
 	ut_params->obuf = ut_params->op->sym->m_dst;
 	if (ut_params->obuf)
-		ciphertext = rte_pktmbuf_read(ut_params->obuf, tdata->iv.len,
+		ciphertext = rte_pktmbuf_read(ut_params->obuf, 0,
 				plaintext_pad_len, buffer);
 	else
-		ciphertext = rte_pktmbuf_read(ut_params->ibuf, tdata->iv.len,
+		ciphertext = rte_pktmbuf_read(ut_params->ibuf, 0,
 				plaintext_pad_len, buffer);
 
 	/* Validate obuf */
@@ -3174,8 +3121,7 @@ test_kasumi_decryption_oop(const struct kasumi_test_data *tdata)
 	retval = create_wireless_algo_cipher_operation_oop(tdata->iv.data,
 					tdata->iv.len,
 					tdata->ciphertext.len,
-					(tdata->iv.len << 3),
-					RTE_CRYPTO_CIPHER_KASUMI_F8);
+					0);
 	if (retval < 0)
 		return retval;
 
@@ -3185,8 +3131,7 @@ test_kasumi_decryption_oop(const struct kasumi_test_data *tdata)
 
 	ut_params->obuf = ut_params->op->sym->m_dst;
 	if (ut_params->obuf)
-		plaintext = rte_pktmbuf_mtod(ut_params->obuf, uint8_t *)
-				+ tdata->iv.len;
+		plaintext = rte_pktmbuf_mtod(ut_params->obuf, uint8_t *);
 	else
 		plaintext = ciphertext;
 
@@ -3240,8 +3185,7 @@ test_kasumi_decryption(const struct kasumi_test_data *tdata)
 	retval = create_wireless_algo_cipher_operation(tdata->iv.data,
 					tdata->iv.len,
 					tdata->ciphertext.len,
-					(tdata->iv.len << 3),
-					RTE_CRYPTO_CIPHER_KASUMI_F8);
+					0);
 	if (retval < 0)
 		return retval;
 
@@ -3251,8 +3195,7 @@ test_kasumi_decryption(const struct kasumi_test_data *tdata)
 
 	ut_params->obuf = ut_params->op->sym->m_dst;
 	if (ut_params->obuf)
-		plaintext = rte_pktmbuf_mtod(ut_params->obuf, uint8_t *)
-				+ tdata->iv.len;
+		plaintext = rte_pktmbuf_mtod(ut_params->obuf, uint8_t *);
 	else
 		plaintext = ciphertext;
 
@@ -3305,8 +3248,7 @@ test_snow3g_encryption(const struct snow3g_test_data *tdata)
 	/* Create SNOW 3G operation */
 	retval = create_wireless_algo_cipher_operation(tdata->iv.data, tdata->iv.len,
 					tdata->validCipherLenInBits.len,
-					(tdata->iv.len << 3),
-					RTE_CRYPTO_CIPHER_SNOW3G_UEA2);
+					0);
 	if (retval < 0)
 		return retval;
 
@@ -3316,8 +3258,7 @@ test_snow3g_encryption(const struct snow3g_test_data *tdata)
 
 	ut_params->obuf = ut_params->op->sym->m_dst;
 	if (ut_params->obuf)
-		ciphertext = rte_pktmbuf_mtod(ut_params->obuf, uint8_t *)
-				+ tdata->iv.len;
+		ciphertext = rte_pktmbuf_mtod(ut_params->obuf, uint8_t *);
 	else
 		ciphertext = plaintext;
 
@@ -3379,8 +3320,7 @@ test_snow3g_encryption_oop(const struct snow3g_test_data *tdata)
 	retval = create_wireless_algo_cipher_operation_oop(tdata->iv.data,
 					tdata->iv.len,
 					tdata->validCipherLenInBits.len,
-					(tdata->iv.len << 3),
-					RTE_CRYPTO_CIPHER_SNOW3G_UEA2);
+					0);
 	if (retval < 0)
 		return retval;
 
@@ -3390,8 +3330,7 @@ test_snow3g_encryption_oop(const struct snow3g_test_data *tdata)
 
 	ut_params->obuf = ut_params->op->sym->m_dst;
 	if (ut_params->obuf)
-		ciphertext = rte_pktmbuf_mtod(ut_params->obuf, uint8_t *)
-				+ tdata->iv.len;
+		ciphertext = rte_pktmbuf_mtod(ut_params->obuf, uint8_t *);
 	else
 		ciphertext = plaintext;
 
@@ -3456,8 +3395,7 @@ test_snow3g_encryption_oop_sgl(const struct snow3g_test_data *tdata)
 	retval = create_wireless_algo_cipher_operation_oop(tdata->iv.data,
 					tdata->iv.len,
 					tdata->validCipherLenInBits.len,
-					(tdata->iv.len << 3),
-					RTE_CRYPTO_CIPHER_SNOW3G_UEA2);
+					0);
 	if (retval < 0)
 		return retval;
 
@@ -3467,10 +3405,10 @@ test_snow3g_encryption_oop_sgl(const struct snow3g_test_data *tdata)
 
 	ut_params->obuf = ut_params->op->sym->m_dst;
 	if (ut_params->obuf)
-		ciphertext = rte_pktmbuf_read(ut_params->obuf, tdata->iv.len,
+		ciphertext = rte_pktmbuf_read(ut_params->obuf, 0,
 				plaintext_len, buffer);
 	else
-		ciphertext = rte_pktmbuf_read(ut_params->ibuf, tdata->iv.len,
+		ciphertext = rte_pktmbuf_read(ut_params->ibuf, 0,
 				plaintext_len, buffer);
 
 	TEST_HEXDUMP(stdout, "ciphertext:", ciphertext, plaintext_len);
@@ -3559,9 +3497,7 @@ test_snow3g_encryption_offset_oop(const struct snow3g_test_data *tdata)
 	retval = create_wireless_algo_cipher_operation_oop(tdata->iv.data,
 					tdata->iv.len,
 					tdata->validCipherLenInBits.len,
-					(tdata->iv.len << 3) +
-					extra_offset,
-					RTE_CRYPTO_CIPHER_SNOW3G_UEA2);
+					extra_offset);
 	if (retval < 0)
 		return retval;
 
@@ -3571,8 +3507,7 @@ test_snow3g_encryption_offset_oop(const struct snow3g_test_data *tdata)
 
 	ut_params->obuf = ut_params->op->sym->m_dst;
 	if (ut_params->obuf)
-		ciphertext = rte_pktmbuf_mtod(ut_params->obuf, uint8_t *)
-				+ tdata->iv.len;
+		ciphertext = rte_pktmbuf_mtod(ut_params->obuf, uint8_t *);
 	else
 		ciphertext = plaintext;
 
@@ -3637,8 +3572,7 @@ static int test_snow3g_decryption(const struct snow3g_test_data *tdata)
 	/* Create SNOW 3G operation */
 	retval = create_wireless_algo_cipher_operation(tdata->iv.data, tdata->iv.len,
 					tdata->validCipherLenInBits.len,
-					(tdata->iv.len << 3),
-					RTE_CRYPTO_CIPHER_SNOW3G_UEA2);
+					0);
 	if (retval < 0)
 		return retval;
 
@@ -3647,8 +3581,7 @@ static int test_snow3g_decryption(const struct snow3g_test_data *tdata)
 	TEST_ASSERT_NOT_NULL(ut_params->op, "failed to retrieve obuf");
 	ut_params->obuf = ut_params->op->sym->m_dst;
 	if (ut_params->obuf)
-		plaintext = rte_pktmbuf_mtod(ut_params->obuf, uint8_t *)
-				+ tdata->iv.len;
+		plaintext = rte_pktmbuf_mtod(ut_params->obuf, uint8_t *);
 	else
 		plaintext = ciphertext;
 
@@ -3711,8 +3644,7 @@ static int test_snow3g_decryption_oop(const struct snow3g_test_data *tdata)
 	retval = create_wireless_algo_cipher_operation_oop(tdata->iv.data,
 					tdata->iv.len,
 					tdata->validCipherLenInBits.len,
-					(tdata->iv.len << 3),
-					RTE_CRYPTO_CIPHER_SNOW3G_UEA2);
+					0);
 	if (retval < 0)
 		return retval;
 
@@ -3721,8 +3653,7 @@ static int test_snow3g_decryption_oop(const struct snow3g_test_data *tdata)
 	TEST_ASSERT_NOT_NULL(ut_params->op, "failed to retrieve obuf");
 	ut_params->obuf = ut_params->op->sym->m_dst;
 	if (ut_params->obuf)
-		plaintext = rte_pktmbuf_mtod(ut_params->obuf, uint8_t *)
-				+ tdata->iv.len;
+		plaintext = rte_pktmbuf_mtod(ut_params->obuf, uint8_t *);
 	else
 		plaintext = ciphertext;
 
@@ -3799,7 +3730,7 @@ test_zuc_cipher_auth(const struct wireless_test_data *tdata)
 	ut_params->obuf = ut_params->op->sym->m_src;
 	if (ut_params->obuf)
 		ciphertext = rte_pktmbuf_mtod(ut_params->obuf, uint8_t *)
-				+ tdata->iv.len + tdata->aad.len;
+				+ tdata->aad.len;
 	else
 		ciphertext = plaintext;
 
@@ -3812,7 +3743,7 @@ test_zuc_cipher_auth(const struct wireless_test_data *tdata)
 			"ZUC Ciphertext data not as expected");
 
 	ut_params->digest = rte_pktmbuf_mtod(ut_params->obuf, uint8_t *)
-	    + plaintext_pad_len + tdata->aad.len + tdata->iv.len;
+	    + plaintext_pad_len + tdata->aad.len;
 
 	/* Validate obuf */
 	TEST_ASSERT_BUFFERS_ARE_EQUAL(
@@ -3867,10 +3798,9 @@ test_snow3g_cipher_auth(const struct snow3g_test_data *tdata)
 			tdata->aad.len, /*tdata->plaintext.len,*/
 			plaintext_pad_len, RTE_CRYPTO_AUTH_OP_GENERATE,
 			RTE_CRYPTO_AUTH_SNOW3G_UIA2,
-			RTE_CRYPTO_CIPHER_SNOW3G_UEA2,
 			tdata->iv.data, tdata->iv.len,
 			tdata->validCipherLenInBits.len,
-			(tdata->iv.len << 3),
+			0,
 			tdata->validAuthLenInBits.len,
 			(tdata->aad.len << 3)
 			);
@@ -3883,7 +3813,7 @@ test_snow3g_cipher_auth(const struct snow3g_test_data *tdata)
 	ut_params->obuf = ut_params->op->sym->m_src;
 	if (ut_params->obuf)
 		ciphertext = rte_pktmbuf_mtod(ut_params->obuf, uint8_t *)
-				+ tdata->iv.len + tdata->aad.len;
+					+ tdata->aad.len;
 	else
 		ciphertext = plaintext;
 
@@ -3896,7 +3826,7 @@ test_snow3g_cipher_auth(const struct snow3g_test_data *tdata)
 			"SNOW 3G Ciphertext data not as expected");
 
 	ut_params->digest = rte_pktmbuf_mtod(ut_params->obuf, uint8_t *)
-	    + plaintext_pad_len + tdata->aad.len + tdata->iv.len;
+	    + plaintext_pad_len + tdata->aad.len;
 
 	/* Validate obuf */
 	TEST_ASSERT_BUFFERS_ARE_EQUAL(
@@ -3952,11 +3882,10 @@ test_snow3g_auth_cipher(const struct snow3g_test_data *tdata)
 		tdata->aad.data, tdata->aad.len,
 		plaintext_pad_len,
 		tdata->validCipherLenInBits.len,
-		(tdata->iv.len << 3),
+		0,
 		tdata->validAuthLenInBits.len,
 		(tdata->aad.len << 3),
-		RTE_CRYPTO_AUTH_SNOW3G_UIA2,
-		RTE_CRYPTO_CIPHER_SNOW3G_UEA2
+		RTE_CRYPTO_AUTH_SNOW3G_UIA2
 	);
 
 	if (retval < 0)
@@ -3968,12 +3897,12 @@ test_snow3g_auth_cipher(const struct snow3g_test_data *tdata)
 	ut_params->obuf = ut_params->op->sym->m_src;
 	if (ut_params->obuf)
 		ciphertext = rte_pktmbuf_mtod(ut_params->obuf, uint8_t *)
-				+ tdata->aad.len + tdata->iv.len;
+				+ tdata->aad.len;
 	else
 		ciphertext = plaintext;
 
 	ut_params->digest = rte_pktmbuf_mtod(ut_params->obuf, uint8_t *)
-			+ plaintext_pad_len + tdata->aad.len + tdata->iv.len;
+			+ plaintext_pad_len + tdata->aad.len;
 	TEST_HEXDUMP(stdout, "ciphertext:", ciphertext, plaintext_len);
 
 	/* Validate obuf */
@@ -4037,11 +3966,10 @@ test_kasumi_auth_cipher(const struct kasumi_test_data *tdata)
 				tdata->aad.data, tdata->aad.len,
 				plaintext_pad_len,
 				tdata->validCipherLenInBits.len,
-				(tdata->iv.len << 3),
+				0,
 				tdata->validAuthLenInBits.len,
 				(tdata->aad.len << 3),
-				RTE_CRYPTO_AUTH_KASUMI_F9,
-				RTE_CRYPTO_CIPHER_KASUMI_F8
+				RTE_CRYPTO_AUTH_KASUMI_F9
 				);
 
 	if (retval < 0)
@@ -4053,7 +3981,7 @@ test_kasumi_auth_cipher(const struct kasumi_test_data *tdata)
 	ut_params->obuf = ut_params->op->sym->m_src;
 	if (ut_params->obuf)
 		ciphertext = rte_pktmbuf_mtod(ut_params->obuf, uint8_t *)
-				+ tdata->iv.len + tdata->aad.len;
+				+ tdata->aad.len;
 	else
 		ciphertext = plaintext;
 
@@ -4064,7 +3992,7 @@ test_kasumi_auth_cipher(const struct kasumi_test_data *tdata)
 			tdata->validCipherLenInBits.len,
 			"KASUMI Ciphertext data not as expected");
 	ut_params->digest = rte_pktmbuf_mtod(ut_params->obuf, uint8_t *)
-	    + plaintext_pad_len + tdata->aad.len + tdata->iv.len;
+	    + plaintext_pad_len + tdata->aad.len;
 
 	/* Validate obuf */
 	TEST_ASSERT_BUFFERS_ARE_EQUAL(
@@ -4121,10 +4049,9 @@ test_kasumi_cipher_auth(const struct kasumi_test_data *tdata)
 				tdata->aad.len,
 				plaintext_pad_len, RTE_CRYPTO_AUTH_OP_GENERATE,
 				RTE_CRYPTO_AUTH_KASUMI_F9,
-				RTE_CRYPTO_CIPHER_KASUMI_F8,
 				tdata->iv.data, tdata->iv.len,
 				tdata->validCipherLenInBits.len,
-				(tdata->iv.len << 3),
+				0,
 				tdata->validAuthLenInBits.len,
 				(tdata->aad.len << 3)
 				);
@@ -4137,12 +4064,12 @@ test_kasumi_cipher_auth(const struct kasumi_test_data *tdata)
 	ut_params->obuf = ut_params->op->sym->m_src;
 	if (ut_params->obuf)
 		ciphertext = rte_pktmbuf_mtod(ut_params->obuf, uint8_t *)
-				+ tdata->aad.len + tdata->iv.len;
+				+ tdata->aad.len;
 	else
 		ciphertext = plaintext;
 
 	ut_params->digest = rte_pktmbuf_mtod(ut_params->obuf, uint8_t *)
-			+ plaintext_pad_len + tdata->aad.len + tdata->iv.len;
+			+ plaintext_pad_len + tdata->aad.len;
 
 	/* Validate obuf */
 	TEST_ASSERT_BUFFERS_ARE_EQUAL_BIT(
@@ -4208,8 +4135,7 @@ test_zuc_encryption(const struct wireless_test_data *tdata)
 	/* Create ZUC operation */
 	retval = create_wireless_algo_cipher_operation(tdata->iv.data, tdata->iv.len,
 					tdata->plaintext.len,
-					(tdata->iv.len << 3),
-					RTE_CRYPTO_CIPHER_ZUC_EEA3);
+					0);
 	if (retval < 0)
 		return retval;
 
@@ -4219,8 +4145,7 @@ test_zuc_encryption(const struct wireless_test_data *tdata)
 
 	ut_params->obuf = ut_params->op->sym->m_dst;
 	if (ut_params->obuf)
-		ciphertext = rte_pktmbuf_mtod(ut_params->obuf, uint8_t *)
-				+ tdata->iv.len;
+		ciphertext = rte_pktmbuf_mtod(ut_params->obuf, uint8_t *);
 	else
 		ciphertext = plaintext;
 
@@ -4293,8 +4218,7 @@ test_zuc_encryption_sgl(const struct wireless_test_data *tdata)
 	/* Create ZUC operation */
 	retval = create_wireless_algo_cipher_operation(tdata->iv.data,
 			tdata->iv.len, tdata->plaintext.len,
-			(tdata->iv.len << 3),
-			RTE_CRYPTO_CIPHER_ZUC_EEA3);
+			0);
 	if (retval < 0)
 		return retval;
 
@@ -4305,10 +4229,10 @@ test_zuc_encryption_sgl(const struct wireless_test_data *tdata)
 	ut_params->obuf = ut_params->op->sym->m_dst;
 	if (ut_params->obuf)
 		ciphertext = rte_pktmbuf_read(ut_params->obuf,
-			tdata->iv.len, plaintext_len, ciphertext_buffer);
+			0, plaintext_len, ciphertext_buffer);
 	else
 		ciphertext = rte_pktmbuf_read(ut_params->ibuf,
-			tdata->iv.len, plaintext_len, ciphertext_buffer);
+			0, plaintext_len, ciphertext_buffer);
 
 	/* Validate obuf */
 	TEST_HEXDUMP(stdout, "ciphertext:", ciphertext, plaintext_len);
@@ -4905,7 +4829,7 @@ create_gcm_operation(enum rte_crypto_cipher_operation op,
 	struct crypto_unittest_params *ut_params = &unittest_params;
 
 	uint8_t *plaintext, *ciphertext;
-	unsigned int iv_pad_len, aad_pad_len, plaintext_pad_len;
+	unsigned int aad_pad_len, plaintext_pad_len;
 
 	/* Generate Crypto op data structure */
 	ut_params->op = rte_crypto_op_alloc(ts_params->op_mpool,
@@ -4929,14 +4853,11 @@ create_gcm_operation(enum rte_crypto_cipher_operation op,
 	TEST_HEXDUMP(stdout, "aad:", sym_op->auth.aad.data,
 		sym_op->auth.aad.length);
 
-	/* Prepend iv */
-	iv_pad_len = RTE_ALIGN_CEIL(tdata->iv.len, 16);
-	sym_op->cipher.iv.data = (uint8_t *)rte_pktmbuf_prepend(
-			ut_params->ibuf, iv_pad_len);
-	TEST_ASSERT_NOT_NULL(sym_op->cipher.iv.data, "no room to prepend iv");
-
-	memset(sym_op->cipher.iv.data, 0, iv_pad_len);
-	sym_op->cipher.iv.phys_addr = rte_pktmbuf_mtophys(ut_params->ibuf);
+	/* Append IV at the end of the crypto operation*/
+	sym_op->cipher.iv.data = rte_crypto_op_ctod_offset(ut_params->op,
+						uint8_t *, IV_OFFSET);
+	sym_op->cipher.iv.phys_addr = rte_crypto_op_ctophys_offset(ut_params->op,
+						IV_OFFSET);
 	sym_op->cipher.iv.length = tdata->iv.len;
 
 	rte_memcpy(sym_op->cipher.iv.data, tdata->iv.data, tdata->iv.len);
@@ -4957,12 +4878,11 @@ create_gcm_operation(enum rte_crypto_cipher_operation op,
 		if (ut_params->obuf) {
 			ciphertext = (uint8_t *)rte_pktmbuf_append(
 					ut_params->obuf,
-					plaintext_pad_len + aad_pad_len +
-					iv_pad_len);
+					plaintext_pad_len + aad_pad_len);
 			TEST_ASSERT_NOT_NULL(ciphertext,
 					"no room to append ciphertext");
 
-			memset(ciphertext + aad_pad_len + iv_pad_len, 0,
+			memset(ciphertext + aad_pad_len, 0,
 					tdata->ciphertext.len);
 		}
 	} else {
@@ -4980,12 +4900,11 @@ create_gcm_operation(enum rte_crypto_cipher_operation op,
 		if (ut_params->obuf) {
 			plaintext = (uint8_t *)rte_pktmbuf_append(
 					ut_params->obuf,
-					plaintext_pad_len + aad_pad_len +
-					iv_pad_len);
+					plaintext_pad_len + aad_pad_len);
 			TEST_ASSERT_NOT_NULL(plaintext,
 					"no room to append plaintext");
 
-			memset(plaintext + aad_pad_len + iv_pad_len, 0,
+			memset(plaintext + aad_pad_len, 0,
 					tdata->plaintext.len);
 		}
 	}
@@ -5003,7 +4922,7 @@ create_gcm_operation(enum rte_crypto_cipher_operation op,
 				ut_params->obuf ? ut_params->obuf :
 						ut_params->ibuf,
 						plaintext_pad_len +
-						aad_pad_len + iv_pad_len);
+						aad_pad_len);
 		sym_op->auth.digest.length = tdata->auth_tag.len;
 	} else {
 		sym_op->auth.digest.data = (uint8_t *)rte_pktmbuf_append(
@@ -5012,7 +4931,7 @@ create_gcm_operation(enum rte_crypto_cipher_operation op,
 				"no room to append digest");
 		sym_op->auth.digest.phys_addr = rte_pktmbuf_mtophys_offset(
 				ut_params->ibuf,
-				plaintext_pad_len + aad_pad_len + iv_pad_len);
+				plaintext_pad_len + aad_pad_len);
 		sym_op->auth.digest.length = tdata->auth_tag.len;
 
 		rte_memcpy(sym_op->auth.digest.data, tdata->auth_tag.data,
@@ -5023,10 +4942,10 @@ create_gcm_operation(enum rte_crypto_cipher_operation op,
 	}
 
 	sym_op->cipher.data.length = tdata->plaintext.len;
-	sym_op->cipher.data.offset = aad_pad_len + iv_pad_len;
+	sym_op->cipher.data.offset = aad_pad_len;
 
 	sym_op->auth.data.length = tdata->plaintext.len;
-	sym_op->auth.data.offset = aad_pad_len + iv_pad_len;
+	sym_op->auth.data.offset = aad_pad_len;
 
 	return 0;
 }
@@ -6464,10 +6383,8 @@ create_gmac_operation(enum rte_crypto_auth_operation op,
 	struct crypto_unittest_params *ut_params = &unittest_params;
 	struct rte_crypto_sym_op *sym_op;
 
-	unsigned iv_pad_len;
 	unsigned aad_pad_len;
 
-	iv_pad_len = RTE_ALIGN_CEIL(tdata->iv.len, 16);
 	aad_pad_len = RTE_ALIGN_CEIL(tdata->aad.len, 16);
 
 	/*
@@ -6512,17 +6429,15 @@ create_gmac_operation(enum rte_crypto_auth_operation op,
 				sym_op->auth.digest.length);
 	}
 
-	sym_op->cipher.iv.data = (uint8_t *)rte_pktmbuf_prepend(
-			ut_params->ibuf, iv_pad_len);
-	TEST_ASSERT_NOT_NULL(sym_op->cipher.iv.data, "no room to prepend iv");
-
-	memset(sym_op->cipher.iv.data, 0, iv_pad_len);
-	sym_op->cipher.iv.phys_addr = rte_pktmbuf_mtophys(ut_params->ibuf);
+	sym_op->cipher.iv.data = rte_crypto_op_ctod_offset(ut_params->op,
+						uint8_t *, IV_OFFSET);
+	sym_op->cipher.iv.phys_addr = rte_crypto_op_ctophys_offset(ut_params->op,
+						IV_OFFSET);
 	sym_op->cipher.iv.length = tdata->iv.len;
 
 	rte_memcpy(sym_op->cipher.iv.data, tdata->iv.data, tdata->iv.len);
 
-	TEST_HEXDUMP(stdout, "iv:", sym_op->cipher.iv.data, iv_pad_len);
+	TEST_HEXDUMP(stdout, "iv:", sym_op->cipher.iv.data, tdata->iv.len);
 
 	sym_op->cipher.data.length = 0;
 	sym_op->cipher.data.offset = 0;
@@ -7060,14 +6975,13 @@ create_auth_GMAC_operation(struct crypto_testsuite_params *ts_params,
 			sym_op->auth.digest.data,
 			sym_op->auth.digest.length);
 
-	sym_op->cipher.iv.data = (uint8_t *)rte_pktmbuf_prepend(
-		ut_params->ibuf, reference->iv.len);
-	TEST_ASSERT_NOT_NULL(sym_op->cipher.iv.data, "no room to prepend iv");
-
-	sym_op->cipher.iv.phys_addr = rte_pktmbuf_mtophys(ut_params->ibuf);
+	sym_op->cipher.iv.data = rte_crypto_op_ctod_offset(ut_params->op,
+						uint8_t *, IV_OFFSET);
+	sym_op->cipher.iv.phys_addr = rte_crypto_op_ctophys_offset(ut_params->op,
+						IV_OFFSET);
 	sym_op->cipher.iv.length = reference->iv.len;
 
-	memcpy(sym_op->cipher.iv.data, reference->iv.data, reference->iv.len);
+	rte_memcpy(sym_op->cipher.iv.data, reference->iv.data, reference->iv.len);
 
 	sym_op->cipher.data.length = 0;
 	sym_op->cipher.data.offset = 0;
@@ -7120,20 +7034,19 @@ create_cipher_auth_operation(struct crypto_testsuite_params *ts_params,
 			sym_op->auth.digest.data,
 			sym_op->auth.digest.length);
 
-	sym_op->cipher.iv.data = (uint8_t *)rte_pktmbuf_prepend(
-		ut_params->ibuf, reference->iv.len);
-	TEST_ASSERT_NOT_NULL(sym_op->cipher.iv.data, "no room to prepend iv");
-
-	sym_op->cipher.iv.phys_addr = rte_pktmbuf_mtophys(ut_params->ibuf);
+	sym_op->cipher.iv.data = rte_crypto_op_ctod_offset(ut_params->op,
+						uint8_t *, IV_OFFSET);
+	sym_op->cipher.iv.phys_addr = rte_crypto_op_ctophys_offset(ut_params->op,
+						IV_OFFSET);
 	sym_op->cipher.iv.length = reference->iv.len;
 
-	memcpy(sym_op->cipher.iv.data, reference->iv.data, reference->iv.len);
+	rte_memcpy(sym_op->cipher.iv.data, reference->iv.data, reference->iv.len);
 
 	sym_op->cipher.data.length = reference->ciphertext.len;
-	sym_op->cipher.data.offset = reference->iv.len;
+	sym_op->cipher.data.offset = 0;
 
 	sym_op->auth.data.length = reference->ciphertext.len;
-	sym_op->auth.data.offset = reference->iv.len;
+	sym_op->auth.data.offset = 0;
 
 	return 0;
 }
@@ -7347,8 +7260,6 @@ create_gcm_operation_SGL(enum rte_crypto_cipher_operation op,
 	const unsigned int iv_len = tdata->iv.len;
 	const unsigned int aad_len = tdata->aad.len;
 
-	unsigned int iv_pad_len = 0;
-
 	/* Generate Crypto op data structure */
 	ut_params->op = rte_crypto_op_alloc(ts_params->op_mpool,
 			RTE_CRYPTO_OP_TYPE_SYMMETRIC);
@@ -7373,19 +7284,13 @@ create_gcm_operation_SGL(enum rte_crypto_cipher_operation op,
 				sym_op->auth.digest.length);
 	}
 
-	iv_pad_len = RTE_ALIGN_CEIL(iv_len, 16);
-
-	sym_op->cipher.iv.data = (uint8_t *)rte_pktmbuf_prepend(
-			ut_params->ibuf, iv_pad_len);
-
-	TEST_ASSERT_NOT_NULL(sym_op->cipher.iv.data,
-			"no room to prepend iv");
-
-	memset(sym_op->cipher.iv.data, 0, iv_pad_len);
-	sym_op->cipher.iv.phys_addr = rte_pktmbuf_mtophys(ut_params->ibuf);
+	sym_op->cipher.iv.data = rte_crypto_op_ctod_offset(ut_params->op,
+						uint8_t *, IV_OFFSET);
+	sym_op->cipher.iv.phys_addr = rte_crypto_op_ctophys_offset(ut_params->op,
+						IV_OFFSET);
 	sym_op->cipher.iv.length = iv_len;
 
-	rte_memcpy(sym_op->cipher.iv.data, tdata->iv.data, iv_pad_len);
+	rte_memcpy(sym_op->cipher.iv.data, tdata->iv.data, iv_len);
 
 	sym_op->auth.aad.data = (uint8_t *)rte_pktmbuf_prepend(
 			ut_params->ibuf, aad_len);
@@ -7398,14 +7303,14 @@ create_gcm_operation_SGL(enum rte_crypto_cipher_operation op,
 	memset(sym_op->auth.aad.data, 0, aad_len);
 	rte_memcpy(sym_op->auth.aad.data, tdata->aad.data, aad_len);
 
-	TEST_HEXDUMP(stdout, "iv:", sym_op->cipher.iv.data, iv_pad_len);
+	TEST_HEXDUMP(stdout, "iv:", sym_op->cipher.iv.data, iv_len);
 	TEST_HEXDUMP(stdout, "aad:",
 			sym_op->auth.aad.data, aad_len);
 
 	sym_op->cipher.data.length = tdata->plaintext.len;
-	sym_op->cipher.data.offset = aad_len + iv_pad_len;
+	sym_op->cipher.data.offset = aad_len;
 
-	sym_op->auth.data.offset = aad_len + iv_pad_len;
+	sym_op->auth.data.offset = aad_len;
 	sym_op->auth.data.length = tdata->plaintext.len;
 
 	return 0;
@@ -7439,8 +7344,7 @@ test_AES_GCM_authenticated_encryption_SGL(const struct gcm_test_data *tdata,
 	int ecx = 0;
 	void *digest_mem = NULL;
 
-	uint32_t prepend_len = ALIGN_POW2_ROUNDUP(tdata->iv.len, 16)
-			+ tdata->aad.len;
+	uint32_t prepend_len = tdata->aad.len;
 
 	if (tdata->plaintext.len % fragsz != 0) {
 		if (tdata->plaintext.len / fragsz + 1 > SGL_MAX_NO)
diff --git a/test/test/test_cryptodev.h b/test/test/test_cryptodev.h
index 67354a9..d60fa35 100644
--- a/test/test/test_cryptodev.h
+++ b/test/test/test_cryptodev.h
@@ -71,6 +71,12 @@
 #define TRUNCATED_DIGEST_BYTE_LENGTH_SHA384		(24)
 #define TRUNCATED_DIGEST_BYTE_LENGTH_SHA512		(32)
 
+#define MAXIMUM_IV_LENGTH				(16)
+
+#define IV_OFFSET			(sizeof(struct rte_crypto_op) + \
+		sizeof(struct rte_crypto_sym_op) + DEFAULT_NUM_XFORMS * \
+		sizeof(struct rte_crypto_sym_xform))
+
 /**
  * Write (spread) data from buffer to mbuf data
  *
diff --git a/test/test/test_cryptodev_blockcipher.c b/test/test/test_cryptodev_blockcipher.c
index 603c776..2a0c364 100644
--- a/test/test/test_cryptodev_blockcipher.c
+++ b/test/test/test_cryptodev_blockcipher.c
@@ -118,8 +118,6 @@ test_blockcipher_one_case(const struct blockcipher_test_case *t,
 	}
 
 	/* preparing data */
-	if (t->op_mask & BLOCKCIPHER_TEST_OP_CIPHER)
-		buf_len += tdata->iv.len;
 	if (t->op_mask & BLOCKCIPHER_TEST_OP_AUTH)
 		buf_len += digest_len;
 
@@ -145,10 +143,6 @@ test_blockcipher_one_case(const struct blockcipher_test_case *t,
 		pktmbuf_write(ibuf, 0, tdata->ciphertext.len,
 				tdata->ciphertext.data);
 
-	if (t->op_mask & BLOCKCIPHER_TEST_OP_CIPHER) {
-		rte_memcpy(rte_pktmbuf_prepend(ibuf, tdata->iv.len),
-				tdata->iv.data, tdata->iv.len);
-	}
 	buf_p = rte_pktmbuf_append(ibuf, digest_len);
 	if (t->op_mask & BLOCKCIPHER_TEST_OP_AUTH_VERIFY)
 		rte_memcpy(buf_p, tdata->digest.data, digest_len);
@@ -294,24 +288,20 @@ test_blockcipher_one_case(const struct blockcipher_test_case *t,
 		cipher_xform->cipher.key.data = cipher_key;
 		cipher_xform->cipher.key.length = tdata->cipher_key.len;
 
-		sym_op->cipher.data.offset = tdata->iv.len;
+		sym_op->cipher.data.offset = 0;
 		sym_op->cipher.data.length = tdata->ciphertext.len;
-		sym_op->cipher.iv.data = rte_pktmbuf_mtod(sym_op->m_src,
-			uint8_t *);
+		sym_op->cipher.iv.data = rte_crypto_op_ctod_offset(op,
+						uint8_t *, IV_OFFSET);
+		sym_op->cipher.iv.phys_addr = rte_crypto_op_ctophys_offset(op,
+						IV_OFFSET);
 		sym_op->cipher.iv.length = tdata->iv.len;
-		sym_op->cipher.iv.phys_addr = rte_pktmbuf_mtophys(
-			sym_op->m_src);
+		rte_memcpy(sym_op->cipher.iv.data, tdata->iv.data,
+				tdata->iv.len);
 	}
 
 	if (t->op_mask & BLOCKCIPHER_TEST_OP_AUTH) {
-		uint32_t auth_data_offset = 0;
 		uint32_t digest_offset = tdata->ciphertext.len;
 
-		if (t->op_mask & BLOCKCIPHER_TEST_OP_CIPHER) {
-			digest_offset += tdata->iv.len;
-			auth_data_offset += tdata->iv.len;
-		}
-
 		auth_xform->type = RTE_CRYPTO_SYM_XFORM_AUTH;
 		auth_xform->auth.algo = tdata->auth_algo;
 		auth_xform->auth.key.length = tdata->auth_key.len;
@@ -334,7 +324,7 @@ test_blockcipher_one_case(const struct blockcipher_test_case *t,
 					digest_offset);
 		}
 
-		sym_op->auth.data.offset = auth_data_offset;
+		sym_op->auth.data.offset = 0;
 		sym_op->auth.data.length = tdata->ciphertext.len;
 		sym_op->auth.digest.length = digest_len;
 	}
@@ -421,7 +411,7 @@ test_blockcipher_one_case(const struct blockcipher_test_case *t,
 			compare_len = tdata->plaintext.len;
 		}
 
-		if (memcmp(rte_pktmbuf_read(iobuf, tdata->iv.len, compare_len,
+		if (memcmp(rte_pktmbuf_read(iobuf, 0, compare_len,
 				buffer), compare_ref, compare_len)) {
 			snprintf(test_msg, BLOCKCIPHER_TEST_MSG_LEN, "line %u "
 				"FAILED: %s", __LINE__,
@@ -432,13 +422,7 @@ test_blockcipher_one_case(const struct blockcipher_test_case *t,
 	}
 
 	if (t->op_mask & BLOCKCIPHER_TEST_OP_AUTH_GEN) {
-		uint8_t *auth_res;
-
-		if (t->op_mask & BLOCKCIPHER_TEST_OP_CIPHER)
-			auth_res = pktmbuf_mtod_offset(iobuf,
-					tdata->iv.len + tdata->ciphertext.len);
-		else
-			auth_res = pktmbuf_mtod_offset(iobuf,
+		uint8_t *auth_res = pktmbuf_mtod_offset(iobuf,
 					tdata->ciphertext.len);
 
 		if (memcmp(auth_res, tdata->digest.data, digest_len)) {
-- 
2.9.4

^ permalink raw reply	[flat|nested] 100+ messages in thread

* [dpdk-dev] [PATCH v4 08/26] test/crypto-perf: move IV to crypto op private data
  2017-07-02  5:41     ` [dpdk-dev] [PATCH v4 " Pablo de Lara
                         ` (6 preceding siblings ...)
  2017-07-02  5:41       ` [dpdk-dev] [PATCH v4 07/26] test/crypto: move IV to crypto op private data Pablo de Lara
@ 2017-07-02  5:41       ` Pablo de Lara
  2017-07-02  5:41       ` [dpdk-dev] [PATCH v4 09/26] app/crypto-perf: " Pablo de Lara
                         ` (18 subsequent siblings)
  26 siblings, 0 replies; 100+ messages in thread
From: Pablo de Lara @ 2017-07-02  5:41 UTC (permalink / raw)
  To: declan.doherty, zbigniew.bodek, jerin.jacob, akhil.goyal,
	hemant.agrawal, fiona.trahe, john.griffin, deepak.k.jain
  Cc: dev, Pablo de Lara

Usually, IV will change for each crypto operation.
Therefore, instead of pointing at the same location,
IV is copied after each crypto operation.

This will let the IV to be passed as an offset from
the beginning of the crypto operation, instead of
a pointer.

Signed-off-by: Pablo de Lara <pablo.de.lara.guarch@intel.com>
Acked-by: Akhil Goyal <akhil.goyal@nxp.com>
Acked-by: Fiona Trahe <fiona.trahe@intel.com>
---
 test/test/test_cryptodev_perf.c | 110 ++++++++++++++++++++++------------------
 1 file changed, 60 insertions(+), 50 deletions(-)

diff --git a/test/test/test_cryptodev_perf.c b/test/test/test_cryptodev_perf.c
index 7a90667..b08451d 100644
--- a/test/test/test_cryptodev_perf.c
+++ b/test/test/test_cryptodev_perf.c
@@ -110,7 +110,6 @@ struct symmetric_session_attrs {
 
 struct crypto_params {
 	uint8_t *aad;
-	uint8_t *iv;
 	uint8_t *digest;
 };
 
@@ -265,7 +264,8 @@ testsuite_setup(void)
 			RTE_CRYPTO_OP_TYPE_SYMMETRIC,
 			NUM_MBUFS, MBUF_CACHE_SIZE,
 			DEFAULT_NUM_XFORMS *
-			sizeof(struct rte_crypto_sym_xform),
+			sizeof(struct rte_crypto_sym_xform) +
+			MAXIMUM_IV_LENGTH,
 			rte_socket_id());
 		if (ts_params->op_mpool == NULL) {
 			RTE_LOG(ERR, USER1, "Can't create CRYPTO_OP_POOL\n");
@@ -1978,19 +1978,20 @@ test_perf_crypto_qp_vary_burst_size(uint16_t dev_num)
 				data_params[0].length);
 		op->sym->auth.digest.length = DIGEST_BYTE_LENGTH_SHA256;
 
-		op->sym->auth.data.offset = CIPHER_IV_LENGTH_AES_CBC;
+		op->sym->auth.data.offset = 0;
 		op->sym->auth.data.length = data_params[0].length;
 
 
-		op->sym->cipher.iv.data = (uint8_t *)rte_pktmbuf_prepend(m,
-				CIPHER_IV_LENGTH_AES_CBC);
-		op->sym->cipher.iv.phys_addr = rte_pktmbuf_mtophys(m);
+		op->sym->cipher.iv.data = rte_crypto_op_ctod_offset(op,
+				uint8_t *, IV_OFFSET);
+		op->sym->cipher.iv.phys_addr = rte_crypto_op_ctophys_offset(op,
+				IV_OFFSET);
 		op->sym->cipher.iv.length = CIPHER_IV_LENGTH_AES_CBC;
 
 		rte_memcpy(op->sym->cipher.iv.data, aes_cbc_128_iv,
 				CIPHER_IV_LENGTH_AES_CBC);
 
-		op->sym->cipher.data.offset = CIPHER_IV_LENGTH_AES_CBC;
+		op->sym->cipher.data.offset = 0;
 		op->sym->cipher.data.length = data_params[0].length;
 
 		op->sym->m_src = m;
@@ -2887,23 +2888,25 @@ test_perf_set_crypto_op_aes(struct rte_crypto_op *op, struct rte_mbuf *m,
 		op->sym->auth.data.length = 0;
 	} else {
 		op->sym->auth.digest.data = rte_pktmbuf_mtod_offset(m,
-				 uint8_t *, AES_CIPHER_IV_LENGTH + data_len);
+				 uint8_t *, data_len);
 		op->sym->auth.digest.phys_addr = rte_pktmbuf_mtophys_offset(m,
-				AES_CIPHER_IV_LENGTH + data_len);
+				data_len);
 		op->sym->auth.digest.length = digest_len;
-		op->sym->auth.data.offset = AES_CIPHER_IV_LENGTH;
+		op->sym->auth.data.offset = 0;
 		op->sym->auth.data.length = data_len;
 	}
 
 
 	/* Cipher Parameters */
-	op->sym->cipher.iv.data = rte_pktmbuf_mtod(m, uint8_t *);
-	op->sym->cipher.iv.phys_addr = rte_pktmbuf_mtophys(m);
+	op->sym->cipher.iv.data = rte_crypto_op_ctod_offset(op,
+			uint8_t *, IV_OFFSET);
+	op->sym->cipher.iv.phys_addr = rte_crypto_op_ctophys_offset(op,
+			IV_OFFSET);
 	op->sym->cipher.iv.length = AES_CIPHER_IV_LENGTH;
 
 	rte_memcpy(op->sym->cipher.iv.data, aes_iv, AES_CIPHER_IV_LENGTH);
 
-	op->sym->cipher.data.offset = AES_CIPHER_IV_LENGTH;
+	op->sym->cipher.data.offset = 0;
 	op->sym->cipher.data.length = data_len;
 
 	op->sym->m_src = m;
@@ -2931,8 +2934,12 @@ test_perf_set_crypto_op_aes_gcm(struct rte_crypto_op *op, struct rte_mbuf *m,
 	op->sym->auth.aad.length = AES_GCM_AAD_LENGTH;
 
 	/* Cipher Parameters */
-	op->sym->cipher.iv.data = aes_iv;
+	op->sym->cipher.iv.data = rte_crypto_op_ctod_offset(op,
+			uint8_t *, IV_OFFSET);
+	op->sym->cipher.iv.phys_addr = rte_crypto_op_ctophys_offset(op,
+			IV_OFFSET);
 	op->sym->cipher.iv.length = AES_CIPHER_IV_LENGTH;
+	rte_memcpy(op->sym->cipher.iv.data, aes_iv, AES_CIPHER_IV_LENGTH);
 
 	/* Data lengths/offsets Parameters */
 	op->sym->auth.data.offset = 0;
@@ -2951,22 +2958,31 @@ test_perf_set_crypto_op_snow3g(struct rte_crypto_op *op, struct rte_mbuf *m,
 		struct rte_cryptodev_sym_session *sess, unsigned data_len,
 		unsigned digest_len)
 {
+	uint8_t *iv_ptr = rte_crypto_op_ctod_offset(op,
+			uint8_t *, IV_OFFSET);
+
 	if (rte_crypto_op_attach_sym_session(op, sess) != 0) {
 		rte_crypto_op_free(op);
 		return NULL;
 	}
 
+	rte_memcpy(iv_ptr, snow3g_iv, SNOW3G_CIPHER_IV_LENGTH);
+
 	/* Authentication Parameters */
 	op->sym->auth.digest.data = (uint8_t *)m->buf_addr +
 						(m->data_off + data_len);
 	op->sym->auth.digest.phys_addr =
 				rte_pktmbuf_mtophys_offset(m, data_len);
 	op->sym->auth.digest.length = digest_len;
-	op->sym->auth.aad.data = snow3g_iv;
+	op->sym->auth.aad.data = iv_ptr;
+	op->sym->auth.aad.phys_addr = rte_crypto_op_ctophys_offset(op,
+			IV_OFFSET);
 	op->sym->auth.aad.length = SNOW3G_CIPHER_IV_LENGTH;
 
 	/* Cipher Parameters */
-	op->sym->cipher.iv.data = snow3g_iv;
+	op->sym->cipher.iv.data = iv_ptr;
+	op->sym->cipher.iv.phys_addr = rte_crypto_op_ctophys_offset(op,
+			IV_OFFSET);
 	op->sym->cipher.iv.length = SNOW3G_CIPHER_IV_LENGTH;
 
 	/* Data lengths/offsets Parameters */
@@ -2993,12 +3009,14 @@ test_perf_set_crypto_op_snow3g_cipher(struct rte_crypto_op *op,
 	}
 
 	/* Cipher Parameters */
-	op->sym->cipher.iv.data = rte_pktmbuf_mtod(m, uint8_t *);
+	op->sym->cipher.iv.data = rte_crypto_op_ctod_offset(op,
+			uint8_t *, IV_OFFSET);
+	op->sym->cipher.iv.phys_addr = rte_crypto_op_ctophys_offset(op,
+			IV_OFFSET);
 	op->sym->cipher.iv.length = SNOW3G_CIPHER_IV_LENGTH;
 	rte_memcpy(op->sym->cipher.iv.data, snow3g_iv, SNOW3G_CIPHER_IV_LENGTH);
-	op->sym->cipher.iv.phys_addr = rte_pktmbuf_mtophys(m);
 
-	op->sym->cipher.data.offset = SNOW3G_CIPHER_IV_LENGTH;
+	op->sym->cipher.data.offset = 0;
 	op->sym->cipher.data.length = data_len << 3;
 
 	op->sym->m_src = m;
@@ -3028,14 +3046,16 @@ test_perf_set_crypto_op_snow3g_hash(struct rte_crypto_op *op,
 				rte_pktmbuf_mtophys_offset(m, data_len +
 					SNOW3G_CIPHER_IV_LENGTH);
 	op->sym->auth.digest.length = digest_len;
-	op->sym->auth.aad.data = rte_pktmbuf_mtod(m, uint8_t *);
+	op->sym->auth.aad.data = rte_crypto_op_ctod_offset(op,
+			uint8_t *, IV_OFFSET);
+	op->sym->auth.aad.phys_addr = rte_crypto_op_ctophys_offset(op,
+			IV_OFFSET);
 	op->sym->auth.aad.length = SNOW3G_CIPHER_IV_LENGTH;
 	rte_memcpy(op->sym->auth.aad.data, snow3g_iv,
 			SNOW3G_CIPHER_IV_LENGTH);
-	op->sym->auth.aad.phys_addr = rte_pktmbuf_mtophys(m);
 
 	/* Data lengths/offsets Parameters */
-	op->sym->auth.data.offset = SNOW3G_CIPHER_IV_LENGTH;
+	op->sym->auth.data.offset = 0;
 	op->sym->auth.data.length = data_len << 3;
 
 	op->sym->m_src = m;
@@ -3062,8 +3082,13 @@ test_perf_set_crypto_op_3des(struct rte_crypto_op *op, struct rte_mbuf *m,
 	op->sym->auth.digest.length = digest_len;
 
 	/* Cipher Parameters */
-	op->sym->cipher.iv.data = triple_des_iv;
+	op->sym->cipher.iv.data = rte_crypto_op_ctod_offset(op,
+			uint8_t *, IV_OFFSET);
+	op->sym->cipher.iv.phys_addr = rte_crypto_op_ctophys_offset(op,
+			IV_OFFSET);
 	op->sym->cipher.iv.length = TRIPLE_DES_CIPHER_IV_LENGTH;
+	rte_memcpy(op->sym->cipher.iv.data, triple_des_iv,
+			TRIPLE_DES_CIPHER_IV_LENGTH);
 
 	/* Data lengths/offsets Parameters */
 	op->sym->auth.data.offset = 0;
@@ -3129,10 +3154,9 @@ test_perf_aes_sha(uint8_t dev_id, uint16_t queue_id,
 			return -1;
 		}
 
-		/* Make room for Digest and IV in mbuf */
+		/* Make room for Digest in mbuf */
 		if (pparams->chain != CIPHER_ONLY)
 			rte_pktmbuf_append(mbufs[i], digest_length);
-		rte_pktmbuf_prepend(mbufs[i], AES_CIPHER_IV_LENGTH);
 	}
 
 
@@ -3253,12 +3277,12 @@ test_perf_snow3g(uint8_t dev_id, uint16_t queue_id,
 	/* Generate a burst of crypto operations */
 	for (i = 0; i < (pparams->burst_size * NUM_MBUF_SETS); i++) {
 		/*
-		 * Buffer size + iv/aad len is allocated, for perf tests they
+		 * Buffer size is allocated, for perf tests they
 		 * are equal + digest len.
 		 */
 		mbufs[i] = test_perf_create_pktmbuf(
 				ts_params->mbuf_mp,
-				pparams->buf_size + SNOW3G_CIPHER_IV_LENGTH +
+				pparams->buf_size  +
 				digest_length);
 
 		if (mbufs[i] == NULL) {
@@ -4164,28 +4188,25 @@ perf_gcm_set_crypto_op(struct rte_crypto_op *op, struct rte_mbuf *m,
 		return NULL;
 	}
 
-	uint16_t iv_pad_len = ALIGN_POW2_ROUNDUP(params->symmetric_op->iv_len,
-						 16);
-
 	op->sym->auth.digest.data = m_hlp->digest;
 	op->sym->auth.digest.phys_addr = rte_pktmbuf_mtophys_offset(
 					  m,
 					  params->symmetric_op->aad_len +
-					  iv_pad_len +
 					  params->symmetric_op->p_len);
 
 	op->sym->auth.digest.length = params->symmetric_op->t_len;
 
 	op->sym->auth.aad.data = m_hlp->aad;
 	op->sym->auth.aad.length = params->symmetric_op->aad_len;
-	op->sym->auth.aad.phys_addr = rte_pktmbuf_mtophys_offset(
-					  m,
-					  iv_pad_len);
+	op->sym->auth.aad.phys_addr = rte_pktmbuf_mtophys(m);
 
 	rte_memcpy(op->sym->auth.aad.data, params->symmetric_op->aad_data,
 		       params->symmetric_op->aad_len);
 
-	op->sym->cipher.iv.data = m_hlp->iv;
+	op->sym->cipher.iv.data = rte_crypto_op_ctod_offset(op,
+			uint8_t *, IV_OFFSET);
+	op->sym->cipher.iv.phys_addr = rte_crypto_op_ctophys_offset(op,
+			IV_OFFSET);
 	rte_memcpy(op->sym->cipher.iv.data, params->symmetric_op->iv_data,
 		       params->symmetric_op->iv_len);
 	if (params->symmetric_op->iv_len == 12)
@@ -4194,11 +4215,11 @@ perf_gcm_set_crypto_op(struct rte_crypto_op *op, struct rte_mbuf *m,
 	op->sym->cipher.iv.length = params->symmetric_op->iv_len;
 
 	op->sym->auth.data.offset =
-			iv_pad_len + params->symmetric_op->aad_len;
+			params->symmetric_op->aad_len;
 	op->sym->auth.data.length = params->symmetric_op->p_len;
 
 	op->sym->cipher.data.offset =
-			iv_pad_len + params->symmetric_op->aad_len;
+			params->symmetric_op->aad_len;
 	op->sym->cipher.data.length = params->symmetric_op->p_len;
 
 	op->sym->m_src = m;
@@ -4212,8 +4233,6 @@ test_perf_create_pktmbuf_fill(struct rte_mempool *mpool,
 		unsigned buf_sz, struct crypto_params *m_hlp)
 {
 	struct rte_mbuf *m = rte_pktmbuf_alloc(mpool);
-	uint16_t iv_pad_len =
-			ALIGN_POW2_ROUNDUP(params->symmetric_op->iv_len, 16);
 	uint16_t aad_len = params->symmetric_op->aad_len;
 	uint16_t digest_size = params->symmetric_op->t_len;
 	char *p;
@@ -4225,13 +4244,6 @@ test_perf_create_pktmbuf_fill(struct rte_mempool *mpool,
 	}
 	m_hlp->aad = (uint8_t *)p;
 
-	p = rte_pktmbuf_append(m, iv_pad_len);
-	if (p == NULL) {
-		rte_pktmbuf_free(m);
-		return NULL;
-	}
-	m_hlp->iv = (uint8_t *)p;
-
 	p = rte_pktmbuf_append(m, buf_sz);
 	if (p == NULL) {
 		rte_pktmbuf_free(m);
@@ -4350,22 +4362,20 @@ perf_AES_GCM(uint8_t dev_id, uint16_t queue_id,
 
 		for (m = 0; m < burst_dequeued; m++) {
 			if (test_ops) {
-				uint16_t iv_pad_len = ALIGN_POW2_ROUNDUP
-					(pparams->symmetric_op->iv_len, 16);
 				uint8_t *pkt = rte_pktmbuf_mtod(
 					proc_ops[m]->sym->m_src,
 					uint8_t *);
 
 				TEST_ASSERT_BUFFERS_ARE_EQUAL(
 					pparams->symmetric_op->c_data,
-					pkt + iv_pad_len +
+					pkt +
 					pparams->symmetric_op->aad_len,
 					pparams->symmetric_op->c_len,
 					"GCM Ciphertext data not as expected");
 
 				TEST_ASSERT_BUFFERS_ARE_EQUAL(
 					pparams->symmetric_op->t_data,
-					pkt + iv_pad_len +
+					pkt +
 					pparams->symmetric_op->aad_len +
 					pparams->symmetric_op->c_len,
 					pparams->symmetric_op->t_len,
-- 
2.9.4

^ permalink raw reply	[flat|nested] 100+ messages in thread

* [dpdk-dev] [PATCH v4 09/26] app/crypto-perf: move IV to crypto op private data
  2017-07-02  5:41     ` [dpdk-dev] [PATCH v4 " Pablo de Lara
                         ` (7 preceding siblings ...)
  2017-07-02  5:41       ` [dpdk-dev] [PATCH v4 08/26] test/crypto-perf: " Pablo de Lara
@ 2017-07-02  5:41       ` Pablo de Lara
  2017-07-02  5:41       ` [dpdk-dev] [PATCH v4 10/26] examples/l2fwd-crypto: " Pablo de Lara
                         ` (17 subsequent siblings)
  26 siblings, 0 replies; 100+ messages in thread
From: Pablo de Lara @ 2017-07-02  5:41 UTC (permalink / raw)
  To: declan.doherty, zbigniew.bodek, jerin.jacob, akhil.goyal,
	hemant.agrawal, fiona.trahe, john.griffin, deepak.k.jain
  Cc: dev, Pablo de Lara

Usually, IV will change for each crypto operation.
Therefore, instead of pointing at the same location,
IV is copied after each crypto operation.

This will let the IV to be passed as an offset from
the beginning of the crypto operation, instead of
a pointer.

Signed-off-by: Pablo de Lara <pablo.de.lara.guarch@intel.com>
Acked-by: Akhil Goyal <akhil.goyal@nxp.com>
Acked-by: Fiona Trahe <fiona.trahe@intel.com>
---
 app/test-crypto-perf/cperf_ops.c                 | 57 +++++++++++++++++++-----
 app/test-crypto-perf/cperf_ops.h                 |  3 +-
 app/test-crypto-perf/cperf_test_latency.c        |  8 +++-
 app/test-crypto-perf/cperf_test_throughput.c     | 11 +++--
 app/test-crypto-perf/cperf_test_vector_parsing.c |  1 -
 app/test-crypto-perf/cperf_test_vectors.c        |  1 -
 app/test-crypto-perf/cperf_test_verify.c         | 10 +++--
 7 files changed, 68 insertions(+), 23 deletions(-)

diff --git a/app/test-crypto-perf/cperf_ops.c b/app/test-crypto-perf/cperf_ops.c
index 17df2eb..0f45a3c 100644
--- a/app/test-crypto-perf/cperf_ops.c
+++ b/app/test-crypto-perf/cperf_ops.c
@@ -40,7 +40,8 @@ cperf_set_ops_null_cipher(struct rte_crypto_op **ops,
 		struct rte_mbuf **bufs_in, struct rte_mbuf **bufs_out,
 		uint16_t nb_ops, struct rte_cryptodev_sym_session *sess,
 		const struct cperf_options *options,
-		const struct cperf_test_vector *test_vector __rte_unused)
+		const struct cperf_test_vector *test_vector __rte_unused,
+		uint16_t iv_offset __rte_unused)
 {
 	uint16_t i;
 
@@ -65,7 +66,8 @@ cperf_set_ops_null_auth(struct rte_crypto_op **ops,
 		struct rte_mbuf **bufs_in, struct rte_mbuf **bufs_out,
 		uint16_t nb_ops, struct rte_cryptodev_sym_session *sess,
 		const struct cperf_options *options,
-		const struct cperf_test_vector *test_vector __rte_unused)
+		const struct cperf_test_vector *test_vector __rte_unused,
+		uint16_t iv_offset __rte_unused)
 {
 	uint16_t i;
 
@@ -90,7 +92,8 @@ cperf_set_ops_cipher(struct rte_crypto_op **ops,
 		struct rte_mbuf **bufs_in, struct rte_mbuf **bufs_out,
 		uint16_t nb_ops, struct rte_cryptodev_sym_session *sess,
 		const struct cperf_options *options,
-		const struct cperf_test_vector *test_vector)
+		const struct cperf_test_vector *test_vector,
+		uint16_t iv_offset)
 {
 	uint16_t i;
 
@@ -103,8 +106,10 @@ cperf_set_ops_cipher(struct rte_crypto_op **ops,
 		sym_op->m_dst = bufs_out[i];
 
 		/* cipher parameters */
-		sym_op->cipher.iv.data = test_vector->iv.data;
-		sym_op->cipher.iv.phys_addr = test_vector->iv.phys_addr;
+		sym_op->cipher.iv.data = rte_crypto_op_ctod_offset(ops[i],
+							uint8_t *, iv_offset);
+		sym_op->cipher.iv.phys_addr = rte_crypto_op_ctophys_offset(ops[i],
+							iv_offset);
 		sym_op->cipher.iv.length = test_vector->iv.length;
 
 		if (options->cipher_algo == RTE_CRYPTO_CIPHER_SNOW3G_UEA2 ||
@@ -117,6 +122,13 @@ cperf_set_ops_cipher(struct rte_crypto_op **ops,
 		sym_op->cipher.data.offset = 0;
 	}
 
+	if (options->test == CPERF_TEST_TYPE_VERIFY) {
+		for (i = 0; i < nb_ops; i++)
+			memcpy(ops[i]->sym->cipher.iv.data,
+				test_vector->iv.data,
+				test_vector->iv.length);
+	}
+
 	return 0;
 }
 
@@ -125,7 +137,8 @@ cperf_set_ops_auth(struct rte_crypto_op **ops,
 		struct rte_mbuf **bufs_in, struct rte_mbuf **bufs_out,
 		uint16_t nb_ops, struct rte_cryptodev_sym_session *sess,
 		const struct cperf_options *options,
-		const struct cperf_test_vector *test_vector)
+		const struct cperf_test_vector *test_vector,
+		uint16_t iv_offset __rte_unused)
 {
 	uint16_t i;
 
@@ -189,7 +202,8 @@ cperf_set_ops_cipher_auth(struct rte_crypto_op **ops,
 		struct rte_mbuf **bufs_in, struct rte_mbuf **bufs_out,
 		uint16_t nb_ops, struct rte_cryptodev_sym_session *sess,
 		const struct cperf_options *options,
-		const struct cperf_test_vector *test_vector)
+		const struct cperf_test_vector *test_vector,
+		uint16_t iv_offset)
 {
 	uint16_t i;
 
@@ -202,8 +216,10 @@ cperf_set_ops_cipher_auth(struct rte_crypto_op **ops,
 		sym_op->m_dst = bufs_out[i];
 
 		/* cipher parameters */
-		sym_op->cipher.iv.data = test_vector->iv.data;
-		sym_op->cipher.iv.phys_addr = test_vector->iv.phys_addr;
+		sym_op->cipher.iv.data = rte_crypto_op_ctod_offset(ops[i],
+							uint8_t *, iv_offset);
+		sym_op->cipher.iv.phys_addr = rte_crypto_op_ctophys_offset(ops[i],
+							iv_offset);
 		sym_op->cipher.iv.length = test_vector->iv.length;
 
 		if (options->cipher_algo == RTE_CRYPTO_CIPHER_SNOW3G_UEA2 ||
@@ -258,6 +274,13 @@ cperf_set_ops_cipher_auth(struct rte_crypto_op **ops,
 		sym_op->auth.data.offset = 0;
 	}
 
+	if (options->test == CPERF_TEST_TYPE_VERIFY) {
+		for (i = 0; i < nb_ops; i++)
+			memcpy(ops[i]->sym->cipher.iv.data,
+				test_vector->iv.data,
+				test_vector->iv.length);
+	}
+
 	return 0;
 }
 
@@ -266,7 +289,8 @@ cperf_set_ops_aead(struct rte_crypto_op **ops,
 		struct rte_mbuf **bufs_in, struct rte_mbuf **bufs_out,
 		uint16_t nb_ops, struct rte_cryptodev_sym_session *sess,
 		const struct cperf_options *options,
-		const struct cperf_test_vector *test_vector)
+		const struct cperf_test_vector *test_vector,
+		uint16_t iv_offset)
 {
 	uint16_t i;
 
@@ -279,8 +303,10 @@ cperf_set_ops_aead(struct rte_crypto_op **ops,
 		sym_op->m_dst = bufs_out[i];
 
 		/* cipher parameters */
-		sym_op->cipher.iv.data = test_vector->iv.data;
-		sym_op->cipher.iv.phys_addr = test_vector->iv.phys_addr;
+		sym_op->cipher.iv.data = rte_crypto_op_ctod_offset(ops[i],
+							uint8_t *, iv_offset);
+		sym_op->cipher.iv.phys_addr = rte_crypto_op_ctophys_offset(ops[i],
+							iv_offset);
 		sym_op->cipher.iv.length = test_vector->iv.length;
 
 		sym_op->cipher.data.length = options->test_buffer_size;
@@ -327,6 +353,13 @@ cperf_set_ops_aead(struct rte_crypto_op **ops,
 		sym_op->auth.data.offset = options->auth_aad_sz;
 	}
 
+	if (options->test == CPERF_TEST_TYPE_VERIFY) {
+		for (i = 0; i < nb_ops; i++)
+			memcpy(ops[i]->sym->cipher.iv.data,
+				test_vector->iv.data,
+				test_vector->iv.length);
+	}
+
 	return 0;
 }
 
diff --git a/app/test-crypto-perf/cperf_ops.h b/app/test-crypto-perf/cperf_ops.h
index 1b748da..f7b431c 100644
--- a/app/test-crypto-perf/cperf_ops.h
+++ b/app/test-crypto-perf/cperf_ops.h
@@ -48,7 +48,8 @@ typedef int (*cperf_populate_ops_t)(struct rte_crypto_op **ops,
 		struct rte_mbuf **bufs_in, struct rte_mbuf **bufs_out,
 		uint16_t nb_ops, struct rte_cryptodev_sym_session *sess,
 		const struct cperf_options *options,
-		const struct cperf_test_vector *test_vector);
+		const struct cperf_test_vector *test_vector,
+		uint16_t iv_offset);
 
 struct cperf_op_fns {
 	cperf_sessions_create_t sess_create;
diff --git a/app/test-crypto-perf/cperf_test_latency.c b/app/test-crypto-perf/cperf_test_latency.c
index 32cf5fd..c33129b 100644
--- a/app/test-crypto-perf/cperf_test_latency.c
+++ b/app/test-crypto-perf/cperf_test_latency.c
@@ -280,7 +280,7 @@ cperf_latency_test_constructor(uint8_t dev_id, uint16_t qp_id,
 	snprintf(pool_name, sizeof(pool_name), "cperf_op_pool_cdev_%d",
 			dev_id);
 
-	uint16_t priv_size = sizeof(struct priv_op_data);
+	uint16_t priv_size = sizeof(struct priv_op_data) + test_vector->iv.length;
 	ctx->crypto_op_pool = rte_crypto_op_pool_create(pool_name,
 			RTE_CRYPTO_OP_TYPE_SYMMETRIC, options->pool_sz,
 			512, priv_size, rte_socket_id());
@@ -355,6 +355,10 @@ cperf_latency_test_runner(void *arg)
 	else
 		test_burst_size = ctx->options->burst_size_list[0];
 
+	uint16_t iv_offset = sizeof(struct rte_crypto_op) +
+		sizeof(struct rte_crypto_sym_op) +
+		sizeof(struct cperf_op_result *);
+
 	while (test_burst_size <= ctx->options->max_burst_size) {
 		uint64_t ops_enqd = 0, ops_deqd = 0;
 		uint64_t m_idx = 0, b_idx = 0;
@@ -383,7 +387,7 @@ cperf_latency_test_runner(void *arg)
 			(ctx->populate_ops)(ops, &ctx->mbufs_in[m_idx],
 					&ctx->mbufs_out[m_idx],
 					burst_size, ctx->sess, ctx->options,
-					ctx->test_vector);
+					ctx->test_vector, iv_offset);
 
 			tsc_start = rte_rdtsc_precise();
 
diff --git a/app/test-crypto-perf/cperf_test_throughput.c b/app/test-crypto-perf/cperf_test_throughput.c
index 85947a5..5a90eb0 100644
--- a/app/test-crypto-perf/cperf_test_throughput.c
+++ b/app/test-crypto-perf/cperf_test_throughput.c
@@ -262,9 +262,11 @@ cperf_throughput_test_constructor(uint8_t dev_id, uint16_t qp_id,
 	snprintf(pool_name, sizeof(pool_name), "cperf_op_pool_cdev_%d",
 			dev_id);
 
+	uint16_t priv_size = test_vector->iv.length;
+
 	ctx->crypto_op_pool = rte_crypto_op_pool_create(pool_name,
-			RTE_CRYPTO_OP_TYPE_SYMMETRIC, options->pool_sz, 512, 0,
-			rte_socket_id());
+			RTE_CRYPTO_OP_TYPE_SYMMETRIC, options->pool_sz,
+			512, priv_size, rte_socket_id());
 	if (ctx->crypto_op_pool == NULL)
 		goto err;
 
@@ -315,6 +317,9 @@ cperf_throughput_test_runner(void *test_ctx)
 	else
 		test_burst_size = ctx->options->burst_size_list[0];
 
+	uint16_t iv_offset = sizeof(struct rte_crypto_op) +
+		sizeof(struct rte_crypto_sym_op);
+
 	while (test_burst_size <= ctx->options->max_burst_size) {
 		uint64_t ops_enqd = 0, ops_enqd_total = 0, ops_enqd_failed = 0;
 		uint64_t ops_deqd = 0, ops_deqd_total = 0, ops_deqd_failed = 0;
@@ -346,7 +351,7 @@ cperf_throughput_test_runner(void *test_ctx)
 			(ctx->populate_ops)(ops, &ctx->mbufs_in[m_idx],
 					&ctx->mbufs_out[m_idx],
 					ops_needed, ctx->sess, ctx->options,
-					ctx->test_vector);
+					ctx->test_vector, iv_offset);
 
 			/**
 			 * When ops_needed is smaller than ops_enqd, the
diff --git a/app/test-crypto-perf/cperf_test_vector_parsing.c b/app/test-crypto-perf/cperf_test_vector_parsing.c
index f384e3d..62d0c91 100644
--- a/app/test-crypto-perf/cperf_test_vector_parsing.c
+++ b/app/test-crypto-perf/cperf_test_vector_parsing.c
@@ -303,7 +303,6 @@ parse_entry(char *entry, struct cperf_test_vector *vector,
 	} else if (strstr(key_token, "iv")) {
 		rte_free(vector->iv.data);
 		vector->iv.data = data;
-		vector->iv.phys_addr = rte_malloc_virt2phy(vector->iv.data);
 		if (tc_found)
 			vector->iv.length = data_length;
 		else {
diff --git a/app/test-crypto-perf/cperf_test_vectors.c b/app/test-crypto-perf/cperf_test_vectors.c
index 757957f..36b3f6f 100644
--- a/app/test-crypto-perf/cperf_test_vectors.c
+++ b/app/test-crypto-perf/cperf_test_vectors.c
@@ -423,7 +423,6 @@ cperf_test_vector_get_dummy(struct cperf_options *options)
 			memcpy(t_vec->iv.data, iv, options->cipher_iv_sz);
 		}
 		t_vec->ciphertext.length = options->max_buffer_size;
-		t_vec->iv.phys_addr = rte_malloc_virt2phy(t_vec->iv.data);
 		t_vec->iv.length = options->cipher_iv_sz;
 		t_vec->data.cipher_offset = 0;
 		t_vec->data.cipher_length = options->max_buffer_size;
diff --git a/app/test-crypto-perf/cperf_test_verify.c b/app/test-crypto-perf/cperf_test_verify.c
index b19f5e1..be684a6 100644
--- a/app/test-crypto-perf/cperf_test_verify.c
+++ b/app/test-crypto-perf/cperf_test_verify.c
@@ -266,9 +266,10 @@ cperf_verify_test_constructor(uint8_t dev_id, uint16_t qp_id,
 	snprintf(pool_name, sizeof(pool_name), "cperf_op_pool_cdev_%d",
 			dev_id);
 
+	uint16_t priv_size = test_vector->iv.length;
 	ctx->crypto_op_pool = rte_crypto_op_pool_create(pool_name,
-			RTE_CRYPTO_OP_TYPE_SYMMETRIC, options->pool_sz, 512, 0,
-			rte_socket_id());
+			RTE_CRYPTO_OP_TYPE_SYMMETRIC, options->pool_sz,
+			512, priv_size, rte_socket_id());
 	if (ctx->crypto_op_pool == NULL)
 		goto err;
 
@@ -417,6 +418,9 @@ cperf_verify_test_runner(void *test_ctx)
 		printf("\n# Running verify test on device: %u, lcore: %u\n",
 			ctx->dev_id, lcore);
 
+	uint16_t iv_offset = sizeof(struct rte_crypto_op) +
+		sizeof(struct rte_crypto_sym_op);
+
 	while (ops_enqd_total < ctx->options->total_ops) {
 
 		uint16_t burst_size = ((ops_enqd_total + ctx->options->max_burst_size)
@@ -438,7 +442,7 @@ cperf_verify_test_runner(void *test_ctx)
 		(ctx->populate_ops)(ops, &ctx->mbufs_in[m_idx],
 				&ctx->mbufs_out[m_idx],
 				ops_needed, ctx->sess, ctx->options,
-				ctx->test_vector);
+				ctx->test_vector, iv_offset);
 
 #ifdef CPERF_LINEARIZATION_ENABLE
 		if (linearize) {
-- 
2.9.4

^ permalink raw reply	[flat|nested] 100+ messages in thread

* [dpdk-dev] [PATCH v4 10/26] examples/l2fwd-crypto: move IV to crypto op private data
  2017-07-02  5:41     ` [dpdk-dev] [PATCH v4 " Pablo de Lara
                         ` (8 preceding siblings ...)
  2017-07-02  5:41       ` [dpdk-dev] [PATCH v4 09/26] app/crypto-perf: " Pablo de Lara
@ 2017-07-02  5:41       ` Pablo de Lara
  2017-07-02  5:41       ` [dpdk-dev] [PATCH v4 11/26] examples/ipsec-secgw: " Pablo de Lara
                         ` (16 subsequent siblings)
  26 siblings, 0 replies; 100+ messages in thread
From: Pablo de Lara @ 2017-07-02  5:41 UTC (permalink / raw)
  To: declan.doherty, zbigniew.bodek, jerin.jacob, akhil.goyal,
	hemant.agrawal, fiona.trahe, john.griffin, deepak.k.jain
  Cc: dev, Pablo de Lara

Usually, IV will change for each crypto operation.
Therefore, instead of pointing at the same location,
IV is copied after each crypto operation.

This will let the IV to be passed as an offset from
the beginning of the crypto operation, instead of
a pointer.

Signed-off-by: Pablo de Lara <pablo.de.lara.guarch@intel.com>
Acked-by: Akhil Goyal <akhil.goyal@nxp.com>
Acked-by: Fiona Trahe <fiona.trahe@intel.com>
---
 examples/l2fwd-crypto/main.c | 17 +++++++++++++----
 1 file changed, 13 insertions(+), 4 deletions(-)

diff --git a/examples/l2fwd-crypto/main.c b/examples/l2fwd-crypto/main.c
index 779b4fb..1380bc6 100644
--- a/examples/l2fwd-crypto/main.c
+++ b/examples/l2fwd-crypto/main.c
@@ -89,6 +89,10 @@ enum cdev_type {
 #define MAX_PKT_BURST 32
 #define BURST_TX_DRAIN_US 100 /* TX drain every ~100us */
 
+#define MAXIMUM_IV_LENGTH	16
+#define IV_OFFSET		(sizeof(struct rte_crypto_op) + \
+				sizeof(struct rte_crypto_sym_op))
+
 /*
  * Configurable number of RX/TX ring descriptors
  */
@@ -480,8 +484,14 @@ l2fwd_simple_crypto_enqueue(struct rte_mbuf *m,
 	}
 
 	if (cparams->do_cipher) {
-		op->sym->cipher.iv.data = cparams->iv.data;
-		op->sym->cipher.iv.phys_addr = cparams->iv.phys_addr;
+		uint8_t *iv_ptr = rte_crypto_op_ctod_offset(op, uint8_t *,
+							IV_OFFSET);
+		/* Copy IV at the end of the crypto operation */
+		rte_memcpy(iv_ptr, cparams->iv.data, cparams->iv.length);
+
+		op->sym->cipher.iv.data = iv_ptr;
+		op->sym->cipher.iv.phys_addr =
+				rte_crypto_op_ctophys_offset(op, IV_OFFSET);
 		op->sym->cipher.iv.length = cparams->iv.length;
 
 		/* For wireless algorithms, offset/length must be in bits */
@@ -1950,7 +1960,6 @@ reserve_key_memory(struct l2fwd_crypto_options *options)
 	options->iv.data = rte_malloc("iv", MAX_KEY_SIZE, 0);
 	if (options->iv.data == NULL)
 		rte_exit(EXIT_FAILURE, "Failed to allocate memory for IV");
-	options->iv.phys_addr = rte_malloc_virt2phy(options->iv.data);
 
 	options->aad.data = rte_malloc("aad", MAX_KEY_SIZE, 0);
 	if (options->aad.data == NULL)
@@ -1993,7 +2002,7 @@ main(int argc, char **argv)
 
 	/* create crypto op pool */
 	l2fwd_crypto_op_pool = rte_crypto_op_pool_create("crypto_op_pool",
-			RTE_CRYPTO_OP_TYPE_SYMMETRIC, NB_MBUF, 128, 0,
+			RTE_CRYPTO_OP_TYPE_SYMMETRIC, NB_MBUF, 128, MAXIMUM_IV_LENGTH,
 			rte_socket_id());
 	if (l2fwd_crypto_op_pool == NULL)
 		rte_exit(EXIT_FAILURE, "Cannot create crypto op pool\n");
-- 
2.9.4

^ permalink raw reply	[flat|nested] 100+ messages in thread

* [dpdk-dev] [PATCH v4 11/26] examples/ipsec-secgw: move IV to crypto op private data
  2017-07-02  5:41     ` [dpdk-dev] [PATCH v4 " Pablo de Lara
                         ` (9 preceding siblings ...)
  2017-07-02  5:41       ` [dpdk-dev] [PATCH v4 10/26] examples/l2fwd-crypto: " Pablo de Lara
@ 2017-07-02  5:41       ` Pablo de Lara
  2017-07-02  5:41       ` [dpdk-dev] [PATCH v4 12/26] cryptodev: pass IV as offset Pablo de Lara
                         ` (15 subsequent siblings)
  26 siblings, 0 replies; 100+ messages in thread
From: Pablo de Lara @ 2017-07-02  5:41 UTC (permalink / raw)
  To: declan.doherty, zbigniew.bodek, jerin.jacob, akhil.goyal,
	hemant.agrawal, fiona.trahe, john.griffin, deepak.k.jain
  Cc: dev, Pablo de Lara

Usually, IV will change for each crypto operation.
Therefore, instead of pointing at the same location,
IV is copied after each crypto operation.

This will let the IV to be passed as an offset from
the beginning of the crypto operation, instead of
a pointer.

Signed-off-by: Pablo de Lara <pablo.de.lara.guarch@intel.com>
Acked-by: Akhil Goyal <akhil.goyal@nxp.com>
Acked-by: Fiona Trahe <fiona.trahe@intel.com>
---
 examples/ipsec-secgw/esp.c   | 27 ++++++++++++++++++---------
 examples/ipsec-secgw/ipsec.h |  2 +-
 2 files changed, 19 insertions(+), 10 deletions(-)

diff --git a/examples/ipsec-secgw/esp.c b/examples/ipsec-secgw/esp.c
index e77afa0..5bf2d7d 100644
--- a/examples/ipsec-secgw/esp.c
+++ b/examples/ipsec-secgw/esp.c
@@ -50,6 +50,9 @@
 #include "esp.h"
 #include "ipip.h"
 
+#define IV_OFFSET		(sizeof(struct rte_crypto_op) + \
+				sizeof(struct rte_crypto_sym_op))
+
 int
 esp_inbound(struct rte_mbuf *m, struct ipsec_sa *sa,
 		struct rte_crypto_op *cop)
@@ -93,13 +96,17 @@ esp_inbound(struct rte_mbuf *m, struct ipsec_sa *sa,
 	struct cnt_blk *icb;
 	uint8_t *aad;
 	uint8_t *iv = RTE_PTR_ADD(ip4, ip_hdr_len + sizeof(struct esp_hdr));
+	uint8_t *iv_ptr = rte_crypto_op_ctod_offset(cop,
+				uint8_t *, IV_OFFSET);
 
 	switch (sa->cipher_algo) {
 	case RTE_CRYPTO_CIPHER_NULL:
 	case RTE_CRYPTO_CIPHER_AES_CBC:
-		sym_cop->cipher.iv.data = iv;
-		sym_cop->cipher.iv.phys_addr = rte_pktmbuf_mtophys_offset(m,
-				 ip_hdr_len + sizeof(struct esp_hdr));
+		/* Copy IV at the end of crypto operation */
+		rte_memcpy(iv_ptr, iv, sa->iv_len);
+		sym_cop->cipher.iv.data = iv_ptr;
+		sym_cop->cipher.iv.phys_addr =
+				rte_crypto_op_ctophys_offset(cop, IV_OFFSET);
 		sym_cop->cipher.iv.length = sa->iv_len;
 		break;
 	case RTE_CRYPTO_CIPHER_AES_CTR:
@@ -108,9 +115,9 @@ esp_inbound(struct rte_mbuf *m, struct ipsec_sa *sa,
 		icb->salt = sa->salt;
 		memcpy(&icb->iv, iv, 8);
 		icb->cnt = rte_cpu_to_be_32(1);
-		sym_cop->cipher.iv.data = (uint8_t *)icb;
-		sym_cop->cipher.iv.phys_addr = rte_pktmbuf_mtophys_offset(m,
-			 (uint8_t *)icb - rte_pktmbuf_mtod(m, uint8_t *));
+		sym_cop->cipher.iv.data = iv_ptr;
+		sym_cop->cipher.iv.phys_addr =
+				rte_crypto_op_ctophys_offset(cop, IV_OFFSET);
 		sym_cop->cipher.iv.length = 16;
 		break;
 	default:
@@ -341,13 +348,15 @@ esp_outbound(struct rte_mbuf *m, struct ipsec_sa *sa,
 	padding[pad_len - 2] = pad_len - 2;
 	padding[pad_len - 1] = nlp;
 
+	uint8_t *iv_ptr = rte_crypto_op_ctod_offset(cop,
+				uint8_t *, IV_OFFSET);
 	struct cnt_blk *icb = get_cnt_blk(m);
 	icb->salt = sa->salt;
 	icb->iv = sa->seq;
 	icb->cnt = rte_cpu_to_be_32(1);
-	sym_cop->cipher.iv.data = (uint8_t *)icb;
-	sym_cop->cipher.iv.phys_addr = rte_pktmbuf_mtophys_offset(m,
-			 (uint8_t *)icb - rte_pktmbuf_mtod(m, uint8_t *));
+	sym_cop->cipher.iv.data = iv_ptr;
+	sym_cop->cipher.iv.phys_addr =
+			rte_crypto_op_ctophys_offset(cop, IV_OFFSET);
 	sym_cop->cipher.iv.length = 16;
 
 	uint8_t *aad;
diff --git a/examples/ipsec-secgw/ipsec.h b/examples/ipsec-secgw/ipsec.h
index fe42661..de1df7b 100644
--- a/examples/ipsec-secgw/ipsec.h
+++ b/examples/ipsec-secgw/ipsec.h
@@ -118,10 +118,10 @@ struct ipsec_sa {
 } __rte_cache_aligned;
 
 struct ipsec_mbuf_metadata {
-	uint8_t buf[32];
 	struct ipsec_sa *sa;
 	struct rte_crypto_op cop;
 	struct rte_crypto_sym_op sym_cop;
+	uint8_t buf[32];
 } __rte_cache_aligned;
 
 struct cdev_qp {
-- 
2.9.4

^ permalink raw reply	[flat|nested] 100+ messages in thread

* [dpdk-dev] [PATCH v4 12/26] cryptodev: pass IV as offset
  2017-07-02  5:41     ` [dpdk-dev] [PATCH v4 " Pablo de Lara
                         ` (10 preceding siblings ...)
  2017-07-02  5:41       ` [dpdk-dev] [PATCH v4 11/26] examples/ipsec-secgw: " Pablo de Lara
@ 2017-07-02  5:41       ` Pablo de Lara
  2017-07-02  5:41       ` [dpdk-dev] [PATCH v4 13/26] cryptodev: move IV parameters to crypto session Pablo de Lara
                         ` (14 subsequent siblings)
  26 siblings, 0 replies; 100+ messages in thread
From: Pablo de Lara @ 2017-07-02  5:41 UTC (permalink / raw)
  To: declan.doherty, zbigniew.bodek, jerin.jacob, akhil.goyal,
	hemant.agrawal, fiona.trahe, john.griffin, deepak.k.jain
  Cc: dev, Pablo de Lara

Since IV now is copied after the crypto operation, in
its private size, IV can be passed only with offset
and length.

Signed-off-by: Pablo de Lara <pablo.de.lara.guarch@intel.com>
Acked-by: Akhil Goyal <akhil.goyal@nxp.com>
Acked-by: Fiona Trahe <fiona.trahe@intel.com>
---
 app/test-crypto-perf/cperf_ops.c            |  49 +++++++------
 doc/guides/prog_guide/cryptodev_lib.rst     |   3 +-
 doc/guides/rel_notes/release_17_08.rst      |   2 +
 drivers/crypto/aesni_gcm/aesni_gcm_pmd.c    |  80 +++++++++++----------
 drivers/crypto/aesni_mb/rte_aesni_mb_pmd.c  |   3 +-
 drivers/crypto/armv8/rte_armv8_pmd.c        |   3 +-
 drivers/crypto/dpaa2_sec/dpaa2_sec_dpseci.c |   8 ++-
 drivers/crypto/kasumi/rte_kasumi_pmd.c      |  26 ++++---
 drivers/crypto/openssl/rte_openssl_pmd.c    |  12 ++--
 drivers/crypto/qat/qat_crypto.c             |  30 +++++---
 drivers/crypto/snow3g/rte_snow3g_pmd.c      |  14 ++--
 drivers/crypto/zuc/rte_zuc_pmd.c            |   7 +-
 examples/ipsec-secgw/esp.c                  |  14 +---
 examples/l2fwd-crypto/main.c                |   5 +-
 lib/librte_cryptodev/rte_crypto_sym.h       |   7 +-
 test/test/test_cryptodev.c                  | 107 +++++++++++-----------------
 test/test/test_cryptodev_blockcipher.c      |   8 +--
 test/test/test_cryptodev_perf.c             |  60 ++++++----------
 18 files changed, 211 insertions(+), 227 deletions(-)

diff --git a/app/test-crypto-perf/cperf_ops.c b/app/test-crypto-perf/cperf_ops.c
index 0f45a3c..018ce0e 100644
--- a/app/test-crypto-perf/cperf_ops.c
+++ b/app/test-crypto-perf/cperf_ops.c
@@ -106,10 +106,7 @@ cperf_set_ops_cipher(struct rte_crypto_op **ops,
 		sym_op->m_dst = bufs_out[i];
 
 		/* cipher parameters */
-		sym_op->cipher.iv.data = rte_crypto_op_ctod_offset(ops[i],
-							uint8_t *, iv_offset);
-		sym_op->cipher.iv.phys_addr = rte_crypto_op_ctophys_offset(ops[i],
-							iv_offset);
+		sym_op->cipher.iv.offset = iv_offset;
 		sym_op->cipher.iv.length = test_vector->iv.length;
 
 		if (options->cipher_algo == RTE_CRYPTO_CIPHER_SNOW3G_UEA2 ||
@@ -123,11 +120,13 @@ cperf_set_ops_cipher(struct rte_crypto_op **ops,
 	}
 
 	if (options->test == CPERF_TEST_TYPE_VERIFY) {
-		for (i = 0; i < nb_ops; i++)
-			memcpy(ops[i]->sym->cipher.iv.data,
-				test_vector->iv.data,
-				test_vector->iv.length);
-	}
+		for (i = 0; i < nb_ops; i++) {
+			uint8_t *iv_ptr = rte_crypto_op_ctod_offset(ops[i],
+					uint8_t *, iv_offset);
+
+			memcpy(iv_ptr, test_vector->iv.data,
+					test_vector->iv.length);
+	}	}
 
 	return 0;
 }
@@ -216,10 +215,7 @@ cperf_set_ops_cipher_auth(struct rte_crypto_op **ops,
 		sym_op->m_dst = bufs_out[i];
 
 		/* cipher parameters */
-		sym_op->cipher.iv.data = rte_crypto_op_ctod_offset(ops[i],
-							uint8_t *, iv_offset);
-		sym_op->cipher.iv.phys_addr = rte_crypto_op_ctophys_offset(ops[i],
-							iv_offset);
+		sym_op->cipher.iv.offset = iv_offset;
 		sym_op->cipher.iv.length = test_vector->iv.length;
 
 		if (options->cipher_algo == RTE_CRYPTO_CIPHER_SNOW3G_UEA2 ||
@@ -275,10 +271,13 @@ cperf_set_ops_cipher_auth(struct rte_crypto_op **ops,
 	}
 
 	if (options->test == CPERF_TEST_TYPE_VERIFY) {
-		for (i = 0; i < nb_ops; i++)
-			memcpy(ops[i]->sym->cipher.iv.data,
-				test_vector->iv.data,
-				test_vector->iv.length);
+		for (i = 0; i < nb_ops; i++) {
+			uint8_t *iv_ptr = rte_crypto_op_ctod_offset(ops[i],
+					uint8_t *, iv_offset);
+
+			memcpy(iv_ptr, test_vector->iv.data,
+					test_vector->iv.length);
+		}
 	}
 
 	return 0;
@@ -303,10 +302,7 @@ cperf_set_ops_aead(struct rte_crypto_op **ops,
 		sym_op->m_dst = bufs_out[i];
 
 		/* cipher parameters */
-		sym_op->cipher.iv.data = rte_crypto_op_ctod_offset(ops[i],
-							uint8_t *, iv_offset);
-		sym_op->cipher.iv.phys_addr = rte_crypto_op_ctophys_offset(ops[i],
-							iv_offset);
+		sym_op->cipher.iv.offset = iv_offset;
 		sym_op->cipher.iv.length = test_vector->iv.length;
 
 		sym_op->cipher.data.length = options->test_buffer_size;
@@ -354,10 +350,13 @@ cperf_set_ops_aead(struct rte_crypto_op **ops,
 	}
 
 	if (options->test == CPERF_TEST_TYPE_VERIFY) {
-		for (i = 0; i < nb_ops; i++)
-			memcpy(ops[i]->sym->cipher.iv.data,
-				test_vector->iv.data,
-				test_vector->iv.length);
+		for (i = 0; i < nb_ops; i++) {
+			uint8_t *iv_ptr = rte_crypto_op_ctod_offset(ops[i],
+					uint8_t *, iv_offset);
+
+			memcpy(iv_ptr, test_vector->iv.data,
+					test_vector->iv.length);
+		}
 	}
 
 	return 0;
diff --git a/doc/guides/prog_guide/cryptodev_lib.rst b/doc/guides/prog_guide/cryptodev_lib.rst
index c9a29f8..48c58a9 100644
--- a/doc/guides/prog_guide/cryptodev_lib.rst
+++ b/doc/guides/prog_guide/cryptodev_lib.rst
@@ -537,8 +537,7 @@ chain.
             } data;   /**< Data offsets and length for ciphering */
 
             struct {
-                uint8_t *data;
-                phys_addr_t phys_addr;
+                uint16_t offset;
                 uint16_t length;
             } iv;     /**< Initialisation vector parameters */
         } cipher;
diff --git a/doc/guides/rel_notes/release_17_08.rst b/doc/guides/rel_notes/release_17_08.rst
index 6acbf35..68e8022 100644
--- a/doc/guides/rel_notes/release_17_08.rst
+++ b/doc/guides/rel_notes/release_17_08.rst
@@ -157,6 +157,8 @@ API Changes
   * Removed the field ``opaque_data`` from ``rte_crypto_op``.
   * Pointer to ``rte_crypto_sym_op`` in ``rte_crypto_op`` has been replaced
     with a zero length array.
+  * Replaced pointer and physical address of IV in ``rte_crypto_sym_op`` with
+    offset from the start of the crypto operation.
 
 
 ABI Changes
diff --git a/drivers/crypto/aesni_gcm/aesni_gcm_pmd.c b/drivers/crypto/aesni_gcm/aesni_gcm_pmd.c
index a0154ff..217ea65 100644
--- a/drivers/crypto/aesni_gcm/aesni_gcm_pmd.c
+++ b/drivers/crypto/aesni_gcm/aesni_gcm_pmd.c
@@ -180,12 +180,14 @@ aesni_gcm_get_session(struct aesni_gcm_qp *qp, struct rte_crypto_op *op)
  *
  */
 static int
-process_gcm_crypto_op(struct rte_crypto_sym_op *op,
+process_gcm_crypto_op(struct rte_crypto_op *op,
 		struct aesni_gcm_session *session)
 {
 	uint8_t *src, *dst;
-	struct rte_mbuf *m_src = op->m_src;
-	uint32_t offset = op->cipher.data.offset;
+	uint8_t *iv_ptr;
+	struct rte_crypto_sym_op *sym_op = op->sym;
+	struct rte_mbuf *m_src = sym_op->m_src;
+	uint32_t offset = sym_op->cipher.data.offset;
 	uint32_t part_len, total_len, data_len;
 
 	RTE_ASSERT(m_src != NULL);
@@ -198,46 +200,48 @@ process_gcm_crypto_op(struct rte_crypto_sym_op *op,
 	}
 
 	data_len = m_src->data_len - offset;
-	part_len = (data_len < op->cipher.data.length) ? data_len :
-			op->cipher.data.length;
+	part_len = (data_len < sym_op->cipher.data.length) ? data_len :
+			sym_op->cipher.data.length;
 
 	/* Destination buffer is required when segmented source buffer */
-	RTE_ASSERT((part_len == op->cipher.data.length) ||
-			((part_len != op->cipher.data.length) &&
-					(op->m_dst != NULL)));
+	RTE_ASSERT((part_len == sym_op->cipher.data.length) ||
+			((part_len != sym_op->cipher.data.length) &&
+					(sym_op->m_dst != NULL)));
 	/* Segmented destination buffer is not supported */
-	RTE_ASSERT((op->m_dst == NULL) ||
-			((op->m_dst != NULL) &&
-					rte_pktmbuf_is_contiguous(op->m_dst)));
+	RTE_ASSERT((sym_op->m_dst == NULL) ||
+			((sym_op->m_dst != NULL) &&
+					rte_pktmbuf_is_contiguous(sym_op->m_dst)));
 
 
-	dst = op->m_dst ?
-			rte_pktmbuf_mtod_offset(op->m_dst, uint8_t *,
-					op->cipher.data.offset) :
-			rte_pktmbuf_mtod_offset(op->m_src, uint8_t *,
-					op->cipher.data.offset);
+	dst = sym_op->m_dst ?
+			rte_pktmbuf_mtod_offset(sym_op->m_dst, uint8_t *,
+					sym_op->cipher.data.offset) :
+			rte_pktmbuf_mtod_offset(sym_op->m_src, uint8_t *,
+					sym_op->cipher.data.offset);
 
 	src = rte_pktmbuf_mtod_offset(m_src, uint8_t *, offset);
 
 	/* sanity checks */
-	if (op->cipher.iv.length != 16 && op->cipher.iv.length != 12 &&
-			op->cipher.iv.length != 0) {
+	if (sym_op->cipher.iv.length != 16 && sym_op->cipher.iv.length != 12 &&
+			sym_op->cipher.iv.length != 0) {
 		GCM_LOG_ERR("iv");
 		return -1;
 	}
 
+	iv_ptr = rte_crypto_op_ctod_offset(op, uint8_t *,
+				sym_op->cipher.iv.offset);
 	/*
 	 * GCM working in 12B IV mode => 16B pre-counter block we need
 	 * to set BE LSB to 1, driver expects that 16B is allocated
 	 */
-	if (op->cipher.iv.length == 12) {
-		uint32_t *iv_padd = (uint32_t *)&op->cipher.iv.data[12];
+	if (sym_op->cipher.iv.length == 12) {
+		uint32_t *iv_padd = (uint32_t *)&(iv_ptr[12]);
 		*iv_padd = rte_bswap32(1);
 	}
 
-	if (op->auth.digest.length != 16 &&
-			op->auth.digest.length != 12 &&
-			op->auth.digest.length != 8) {
+	if (sym_op->auth.digest.length != 16 &&
+			sym_op->auth.digest.length != 12 &&
+			sym_op->auth.digest.length != 8) {
 		GCM_LOG_ERR("digest");
 		return -1;
 	}
@@ -245,13 +249,13 @@ process_gcm_crypto_op(struct rte_crypto_sym_op *op,
 	if (session->op == AESNI_GCM_OP_AUTHENTICATED_ENCRYPTION) {
 
 		aesni_gcm_enc[session->key].init(&session->gdata,
-				op->cipher.iv.data,
-				op->auth.aad.data,
-				(uint64_t)op->auth.aad.length);
+				iv_ptr,
+				sym_op->auth.aad.data,
+				(uint64_t)sym_op->auth.aad.length);
 
 		aesni_gcm_enc[session->key].update(&session->gdata, dst, src,
 				(uint64_t)part_len);
-		total_len = op->cipher.data.length - part_len;
+		total_len = sym_op->cipher.data.length - part_len;
 
 		while (total_len) {
 			dst += part_len;
@@ -270,12 +274,12 @@ process_gcm_crypto_op(struct rte_crypto_sym_op *op,
 		}
 
 		aesni_gcm_enc[session->key].finalize(&session->gdata,
-				op->auth.digest.data,
-				(uint64_t)op->auth.digest.length);
+				sym_op->auth.digest.data,
+				(uint64_t)sym_op->auth.digest.length);
 	} else { /* session->op == AESNI_GCM_OP_AUTHENTICATED_DECRYPTION */
-		uint8_t *auth_tag = (uint8_t *)rte_pktmbuf_append(op->m_dst ?
-				op->m_dst : op->m_src,
-				op->auth.digest.length);
+		uint8_t *auth_tag = (uint8_t *)rte_pktmbuf_append(sym_op->m_dst ?
+				sym_op->m_dst : sym_op->m_src,
+				sym_op->auth.digest.length);
 
 		if (!auth_tag) {
 			GCM_LOG_ERR("auth_tag");
@@ -283,13 +287,13 @@ process_gcm_crypto_op(struct rte_crypto_sym_op *op,
 		}
 
 		aesni_gcm_dec[session->key].init(&session->gdata,
-				op->cipher.iv.data,
-				op->auth.aad.data,
-				(uint64_t)op->auth.aad.length);
+				iv_ptr,
+				sym_op->auth.aad.data,
+				(uint64_t)sym_op->auth.aad.length);
 
 		aesni_gcm_dec[session->key].update(&session->gdata, dst, src,
 				(uint64_t)part_len);
-		total_len = op->cipher.data.length - part_len;
+		total_len = sym_op->cipher.data.length - part_len;
 
 		while (total_len) {
 			dst += part_len;
@@ -309,7 +313,7 @@ process_gcm_crypto_op(struct rte_crypto_sym_op *op,
 
 		aesni_gcm_dec[session->key].finalize(&session->gdata,
 				auth_tag,
-				(uint64_t)op->auth.digest.length);
+				(uint64_t)sym_op->auth.digest.length);
 	}
 
 	return 0;
@@ -401,7 +405,7 @@ aesni_gcm_pmd_dequeue_burst(void *queue_pair,
 			break;
 		}
 
-		retval = process_gcm_crypto_op(ops[i]->sym, sess);
+		retval = process_gcm_crypto_op(ops[i], sess);
 		if (retval < 0) {
 			ops[i]->status = RTE_CRYPTO_OP_STATUS_INVALID_ARGS;
 			qp->qp_stats.dequeue_err_count++;
diff --git a/drivers/crypto/aesni_mb/rte_aesni_mb_pmd.c b/drivers/crypto/aesni_mb/rte_aesni_mb_pmd.c
index ccdb3a7..1f03582 100644
--- a/drivers/crypto/aesni_mb/rte_aesni_mb_pmd.c
+++ b/drivers/crypto/aesni_mb/rte_aesni_mb_pmd.c
@@ -471,7 +471,8 @@ set_mb_job_params(JOB_AES_HMAC *job, struct aesni_mb_qp *qp,
 			get_truncated_digest_byte_length(job->hash_alg);
 
 	/* Set IV parameters */
-	job->iv = op->sym->cipher.iv.data;
+	job->iv = rte_crypto_op_ctod_offset(op, uint8_t *,
+			op->sym->cipher.iv.offset);
 	job->iv_len_in_bytes = op->sym->cipher.iv.length;
 
 	/* Data  Parameter */
diff --git a/drivers/crypto/armv8/rte_armv8_pmd.c b/drivers/crypto/armv8/rte_armv8_pmd.c
index 4a79b61..693eccd 100644
--- a/drivers/crypto/armv8/rte_armv8_pmd.c
+++ b/drivers/crypto/armv8/rte_armv8_pmd.c
@@ -654,7 +654,8 @@ process_armv8_chained_op
 		return;
 	}
 
-	arg.cipher.iv = op->sym->cipher.iv.data;
+	arg.cipher.iv = rte_crypto_op_ctod_offset(op, uint8_t *,
+					op->sym->cipher.iv.offset);
 	arg.cipher.key = sess->cipher.key.data;
 	/* Acquire combined mode function */
 	crypto_func = sess->crypto_func;
diff --git a/drivers/crypto/dpaa2_sec/dpaa2_sec_dpseci.c b/drivers/crypto/dpaa2_sec/dpaa2_sec_dpseci.c
index e154395..1605701 100644
--- a/drivers/crypto/dpaa2_sec/dpaa2_sec_dpseci.c
+++ b/drivers/crypto/dpaa2_sec/dpaa2_sec_dpseci.c
@@ -87,6 +87,8 @@ build_authenc_fd(dpaa2_sec_session *sess,
 	int icv_len = sym_op->auth.digest.length;
 	uint8_t *old_icv;
 	uint32_t mem_len = (7 * sizeof(struct qbman_fle)) + icv_len;
+	uint8_t *iv_ptr = rte_crypto_op_ctod_offset(op, uint8_t *,
+			op->sym->cipher.iv.offset);
 
 	PMD_INIT_FUNC_TRACE();
 
@@ -178,7 +180,7 @@ build_authenc_fd(dpaa2_sec_session *sess,
 			 sym_op->auth.digest.length);
 
 	/* Configure Input SGE for Encap/Decap */
-	DPAA2_SET_FLE_ADDR(sge, DPAA2_VADDR_TO_IOVA(sym_op->cipher.iv.data));
+	DPAA2_SET_FLE_ADDR(sge, DPAA2_VADDR_TO_IOVA(iv_ptr));
 	sge->length = sym_op->cipher.iv.length;
 	sge++;
 
@@ -307,6 +309,8 @@ build_cipher_fd(dpaa2_sec_session *sess, struct rte_crypto_op *op,
 	uint32_t mem_len = (5 * sizeof(struct qbman_fle));
 	struct sec_flow_context *flc;
 	struct ctxt_priv *priv = sess->ctxt;
+	uint8_t *iv_ptr = rte_crypto_op_ctod_offset(op, uint8_t *,
+			op->sym->cipher.iv.offset);
 
 	PMD_INIT_FUNC_TRACE();
 
@@ -369,7 +373,7 @@ build_cipher_fd(dpaa2_sec_session *sess, struct rte_crypto_op *op,
 
 	DPAA2_SET_FLE_SG_EXT(fle);
 
-	DPAA2_SET_FLE_ADDR(sge, DPAA2_VADDR_TO_IOVA(sym_op->cipher.iv.data));
+	DPAA2_SET_FLE_ADDR(sge, DPAA2_VADDR_TO_IOVA(iv_ptr));
 	sge->length = sym_op->cipher.iv.length;
 
 	sge++;
diff --git a/drivers/crypto/kasumi/rte_kasumi_pmd.c b/drivers/crypto/kasumi/rte_kasumi_pmd.c
index c539650..9a0b4a8 100644
--- a/drivers/crypto/kasumi/rte_kasumi_pmd.c
+++ b/drivers/crypto/kasumi/rte_kasumi_pmd.c
@@ -174,7 +174,8 @@ process_kasumi_cipher_op(struct rte_crypto_op **ops,
 	unsigned i;
 	uint8_t processed_ops = 0;
 	uint8_t *src[num_ops], *dst[num_ops];
-	uint64_t IV[num_ops];
+	uint8_t *iv_ptr;
+	uint64_t iv[num_ops];
 	uint32_t num_bytes[num_ops];
 
 	for (i = 0; i < num_ops; i++) {
@@ -192,14 +193,16 @@ process_kasumi_cipher_op(struct rte_crypto_op **ops,
 				(ops[i]->sym->cipher.data.offset >> 3) :
 			rte_pktmbuf_mtod(ops[i]->sym->m_src, uint8_t *) +
 				(ops[i]->sym->cipher.data.offset >> 3);
-		IV[i] = *((uint64_t *)(ops[i]->sym->cipher.iv.data));
+		iv_ptr = rte_crypto_op_ctod_offset(ops[i], uint8_t *,
+				ops[i]->sym->cipher.iv.offset);
+		iv[i] = *((uint64_t *)(iv_ptr));
 		num_bytes[i] = ops[i]->sym->cipher.data.length >> 3;
 
 		processed_ops++;
 	}
 
 	if (processed_ops != 0)
-		sso_kasumi_f8_n_buffer(&session->pKeySched_cipher, IV,
+		sso_kasumi_f8_n_buffer(&session->pKeySched_cipher, iv,
 			src, dst, num_bytes, processed_ops);
 
 	return processed_ops;
@@ -211,7 +214,8 @@ process_kasumi_cipher_op_bit(struct rte_crypto_op *op,
 		struct kasumi_session *session)
 {
 	uint8_t *src, *dst;
-	uint64_t IV;
+	uint8_t *iv_ptr;
+	uint64_t iv;
 	uint32_t length_in_bits, offset_in_bits;
 
 	/* Sanity checks. */
@@ -229,10 +233,12 @@ process_kasumi_cipher_op_bit(struct rte_crypto_op *op,
 		return 0;
 	}
 	dst = rte_pktmbuf_mtod(op->sym->m_dst, uint8_t *);
-	IV = *((uint64_t *)(op->sym->cipher.iv.data));
+	iv_ptr = rte_crypto_op_ctod_offset(op, uint8_t *,
+			op->sym->cipher.iv.offset);
+	iv = *((uint64_t *)(iv_ptr));
 	length_in_bits = op->sym->cipher.data.length;
 
-	sso_kasumi_f8_1_buffer_bit(&session->pKeySched_cipher, IV,
+	sso_kasumi_f8_1_buffer_bit(&session->pKeySched_cipher, iv,
 			src, dst, length_in_bits, offset_in_bits);
 
 	return 1;
@@ -250,7 +256,7 @@ process_kasumi_hash_op(struct rte_crypto_op **ops,
 	uint32_t length_in_bits;
 	uint32_t num_bytes;
 	uint32_t shift_bits;
-	uint64_t IV;
+	uint64_t iv;
 	uint8_t direction;
 
 	for (i = 0; i < num_ops; i++) {
@@ -278,7 +284,7 @@ process_kasumi_hash_op(struct rte_crypto_op **ops,
 		src = rte_pktmbuf_mtod(ops[i]->sym->m_src, uint8_t *) +
 				(ops[i]->sym->auth.data.offset >> 3);
 		/* IV from AAD */
-		IV = *((uint64_t *)(ops[i]->sym->auth.aad.data));
+		iv = *((uint64_t *)(ops[i]->sym->auth.aad.data));
 		/* Direction from next bit after end of message */
 		num_bytes = (length_in_bits >> 3) + 1;
 		shift_bits = (BYTE_LEN - 1 - length_in_bits) % BYTE_LEN;
@@ -289,7 +295,7 @@ process_kasumi_hash_op(struct rte_crypto_op **ops,
 					ops[i]->sym->auth.digest.length);
 
 			sso_kasumi_f9_1_buffer_user(&session->pKeySched_hash,
-					IV, src,
+					iv, src,
 					length_in_bits,	dst, direction);
 			/* Verify digest. */
 			if (memcmp(dst, ops[i]->sym->auth.digest.data,
@@ -303,7 +309,7 @@ process_kasumi_hash_op(struct rte_crypto_op **ops,
 			dst = ops[i]->sym->auth.digest.data;
 
 			sso_kasumi_f9_1_buffer_user(&session->pKeySched_hash,
-					IV, src,
+					iv, src,
 					length_in_bits, dst, direction);
 		}
 		processed_ops++;
diff --git a/drivers/crypto/openssl/rte_openssl_pmd.c b/drivers/crypto/openssl/rte_openssl_pmd.c
index 9f4d9b7..6bfa06f 100644
--- a/drivers/crypto/openssl/rte_openssl_pmd.c
+++ b/drivers/crypto/openssl/rte_openssl_pmd.c
@@ -923,7 +923,8 @@ process_openssl_combined_op
 		return;
 	}
 
-	iv = op->sym->cipher.iv.data;
+	iv = rte_crypto_op_ctod_offset(op, uint8_t *,
+			op->sym->cipher.iv.offset);
 	ivlen = op->sym->cipher.iv.length;
 	aad = op->sym->auth.aad.data;
 	aadlen = op->sym->auth.aad.length;
@@ -987,7 +988,8 @@ process_openssl_cipher_op
 	dst = rte_pktmbuf_mtod_offset(mbuf_dst, uint8_t *,
 			op->sym->cipher.data.offset);
 
-	iv = op->sym->cipher.iv.data;
+	iv = rte_crypto_op_ctod_offset(op, uint8_t *,
+			op->sym->cipher.iv.offset);
 
 	if (sess->cipher.mode == OPENSSL_CIPHER_LIB)
 		if (sess->cipher.direction == RTE_CRYPTO_CIPHER_OP_ENCRYPT)
@@ -1028,7 +1030,8 @@ process_openssl_docsis_bpi_op(struct rte_crypto_op *op,
 	dst = rte_pktmbuf_mtod_offset(mbuf_dst, uint8_t *,
 			op->sym->cipher.data.offset);
 
-	iv = op->sym->cipher.iv.data;
+	iv = rte_crypto_op_ctod_offset(op, uint8_t *,
+			op->sym->cipher.iv.offset);
 
 	block_size = DES_BLOCK_SIZE;
 
@@ -1086,7 +1089,8 @@ process_openssl_docsis_bpi_op(struct rte_crypto_op *op,
 						dst, iv,
 						last_block_len, sess->cipher.bpi_ctx);
 				/* Prepare parameters for CBC mode op */
-				iv = op->sym->cipher.iv.data;
+				iv = rte_crypto_op_ctod_offset(op, uint8_t *,
+						op->sym->cipher.iv.offset);
 				dst += last_block_len - srclen;
 				srclen -= last_block_len;
 			}
diff --git a/drivers/crypto/qat/qat_crypto.c b/drivers/crypto/qat/qat_crypto.c
index 998fe99..09933fb 100644
--- a/drivers/crypto/qat/qat_crypto.c
+++ b/drivers/crypto/qat/qat_crypto.c
@@ -642,7 +642,8 @@ qat_bpicipher_preprocess(struct qat_session *ctx,
 			iv = last_block - block_len;
 		else
 			/* runt block, i.e. less than one full block */
-			iv = sym_op->cipher.iv.data;
+			iv = rte_crypto_op_ctod_offset(op, uint8_t *,
+					sym_op->cipher.iv.offset);
 
 #ifdef RTE_LIBRTE_PMD_QAT_DEBUG_TX
 		rte_hexdump(stdout, "BPI: src before pre-process:", last_block,
@@ -697,7 +698,8 @@ qat_bpicipher_postprocess(struct qat_session *ctx,
 			iv = dst - block_len;
 		else
 			/* runt block, i.e. less than one full block */
-			iv = sym_op->cipher.iv.data;
+			iv = rte_crypto_op_ctod_offset(op, uint8_t *,
+					sym_op->cipher.iv.offset);
 
 #ifdef RTE_LIBRTE_PMD_QAT_DEBUG_RX
 		rte_hexdump(stdout, "BPI: src before post-process:", last_block,
@@ -898,6 +900,7 @@ qat_write_hw_desc_entry(struct rte_crypto_op *op, uint8_t *out_msg,
 	uint32_t min_ofs = 0;
 	uint64_t src_buf_start = 0, dst_buf_start = 0;
 	uint8_t do_sgl = 0;
+	uint8_t *iv_ptr;
 
 
 #ifdef RTE_LIBRTE_PMD_QAT_DEBUG_TX
@@ -971,6 +974,8 @@ qat_write_hw_desc_entry(struct rte_crypto_op *op, uint8_t *out_msg,
 			cipher_ofs = op->sym->cipher.data.offset;
 		}
 
+		iv_ptr = rte_crypto_op_ctod_offset(op, uint8_t *,
+					op->sym->cipher.iv.offset);
 		/* copy IV into request if it fits */
 		/*
 		 * If IV length is zero do not copy anything but still
@@ -981,14 +986,15 @@ qat_write_hw_desc_entry(struct rte_crypto_op *op, uint8_t *out_msg,
 			if (op->sym->cipher.iv.length <=
 					sizeof(cipher_param->u.cipher_IV_array)) {
 				rte_memcpy(cipher_param->u.cipher_IV_array,
-						op->sym->cipher.iv.data,
+						iv_ptr,
 						op->sym->cipher.iv.length);
 			} else {
 				ICP_QAT_FW_LA_CIPH_IV_FLD_FLAG_SET(
 						qat_req->comn_hdr.serv_specif_flags,
 						ICP_QAT_FW_CIPH_IV_64BIT_PTR);
 				cipher_param->u.s.cipher_IV_ptr =
-						op->sym->cipher.iv.phys_addr;
+						rte_crypto_op_ctophys_offset(op,
+							op->sym->cipher.iv.offset);
 			}
 		}
 		min_ofs = cipher_ofs;
@@ -1179,12 +1185,16 @@ qat_write_hw_desc_entry(struct rte_crypto_op *op, uint8_t *out_msg,
 	rte_hexdump(stdout, "src_data:",
 			rte_pktmbuf_mtod(op->sym->m_src, uint8_t*),
 			rte_pktmbuf_data_len(op->sym->m_src));
-	rte_hexdump(stdout, "iv:", op->sym->cipher.iv.data,
-			op->sym->cipher.iv.length);
-	rte_hexdump(stdout, "digest:", op->sym->auth.digest.data,
-			op->sym->auth.digest.length);
-	rte_hexdump(stdout, "aad:", op->sym->auth.aad.data,
-			op->sym->auth.aad.length);
+	if (do_cipher)
+		rte_hexdump(stdout, "iv:", iv_ptr,
+				op->sym->cipher.iv.length);
+
+	if (do_auth) {
+		rte_hexdump(stdout, "digest:", op->sym->auth.digest.data,
+				op->sym->auth.digest.length);
+		rte_hexdump(stdout, "aad:", op->sym->auth.aad.data,
+				op->sym->auth.aad.length);
+	}
 #endif
 	return 0;
 }
diff --git a/drivers/crypto/snow3g/rte_snow3g_pmd.c b/drivers/crypto/snow3g/rte_snow3g_pmd.c
index 84757ac..3157d7b 100644
--- a/drivers/crypto/snow3g/rte_snow3g_pmd.c
+++ b/drivers/crypto/snow3g/rte_snow3g_pmd.c
@@ -174,7 +174,7 @@ process_snow3g_cipher_op(struct rte_crypto_op **ops,
 	unsigned i;
 	uint8_t processed_ops = 0;
 	uint8_t *src[SNOW3G_MAX_BURST], *dst[SNOW3G_MAX_BURST];
-	uint8_t *IV[SNOW3G_MAX_BURST];
+	uint8_t *iv[SNOW3G_MAX_BURST];
 	uint32_t num_bytes[SNOW3G_MAX_BURST];
 
 	for (i = 0; i < num_ops; i++) {
@@ -192,13 +192,14 @@ process_snow3g_cipher_op(struct rte_crypto_op **ops,
 				(ops[i]->sym->cipher.data.offset >> 3) :
 			rte_pktmbuf_mtod(ops[i]->sym->m_src, uint8_t *) +
 				(ops[i]->sym->cipher.data.offset >> 3);
-		IV[i] = ops[i]->sym->cipher.iv.data;
+		iv[i] = rte_crypto_op_ctod_offset(ops[i], uint8_t *,
+				ops[i]->sym->cipher.iv.offset);
 		num_bytes[i] = ops[i]->sym->cipher.data.length >> 3;
 
 		processed_ops++;
 	}
 
-	sso_snow3g_f8_n_buffer(&session->pKeySched_cipher, IV, src, dst,
+	sso_snow3g_f8_n_buffer(&session->pKeySched_cipher, iv, src, dst,
 			num_bytes, processed_ops);
 
 	return processed_ops;
@@ -210,7 +211,7 @@ process_snow3g_cipher_op_bit(struct rte_crypto_op *op,
 		struct snow3g_session *session)
 {
 	uint8_t *src, *dst;
-	uint8_t *IV;
+	uint8_t *iv;
 	uint32_t length_in_bits, offset_in_bits;
 
 	/* Sanity checks. */
@@ -228,10 +229,11 @@ process_snow3g_cipher_op_bit(struct rte_crypto_op *op,
 		return 0;
 	}
 	dst = rte_pktmbuf_mtod(op->sym->m_dst, uint8_t *);
-	IV = op->sym->cipher.iv.data;
+	iv = rte_crypto_op_ctod_offset(op, uint8_t *,
+				op->sym->cipher.iv.offset);
 	length_in_bits = op->sym->cipher.data.length;
 
-	sso_snow3g_f8_1_buffer_bit(&session->pKeySched_cipher, IV,
+	sso_snow3g_f8_1_buffer_bit(&session->pKeySched_cipher, iv,
 			src, dst, length_in_bits, offset_in_bits);
 
 	return 1;
diff --git a/drivers/crypto/zuc/rte_zuc_pmd.c b/drivers/crypto/zuc/rte_zuc_pmd.c
index 63236ac..b91b305 100644
--- a/drivers/crypto/zuc/rte_zuc_pmd.c
+++ b/drivers/crypto/zuc/rte_zuc_pmd.c
@@ -173,7 +173,7 @@ process_zuc_cipher_op(struct rte_crypto_op **ops,
 	unsigned i;
 	uint8_t processed_ops = 0;
 	uint8_t *src[ZUC_MAX_BURST], *dst[ZUC_MAX_BURST];
-	uint8_t *IV[ZUC_MAX_BURST];
+	uint8_t *iv[ZUC_MAX_BURST];
 	uint32_t num_bytes[ZUC_MAX_BURST];
 	uint8_t *cipher_keys[ZUC_MAX_BURST];
 
@@ -213,7 +213,8 @@ process_zuc_cipher_op(struct rte_crypto_op **ops,
 				(ops[i]->sym->cipher.data.offset >> 3) :
 			rte_pktmbuf_mtod(ops[i]->sym->m_src, uint8_t *) +
 				(ops[i]->sym->cipher.data.offset >> 3);
-		IV[i] = ops[i]->sym->cipher.iv.data;
+		iv[i] = rte_crypto_op_ctod_offset(ops[i], uint8_t *,
+				ops[i]->sym->cipher.iv.offset);
 		num_bytes[i] = ops[i]->sym->cipher.data.length >> 3;
 
 		cipher_keys[i] = session->pKey_cipher;
@@ -221,7 +222,7 @@ process_zuc_cipher_op(struct rte_crypto_op **ops,
 		processed_ops++;
 	}
 
-	sso_zuc_eea3_n_buffer(cipher_keys, IV, src, dst,
+	sso_zuc_eea3_n_buffer(cipher_keys, iv, src, dst,
 			num_bytes, processed_ops);
 
 	return processed_ops;
diff --git a/examples/ipsec-secgw/esp.c b/examples/ipsec-secgw/esp.c
index 5bf2d7d..738a800 100644
--- a/examples/ipsec-secgw/esp.c
+++ b/examples/ipsec-secgw/esp.c
@@ -104,9 +104,7 @@ esp_inbound(struct rte_mbuf *m, struct ipsec_sa *sa,
 	case RTE_CRYPTO_CIPHER_AES_CBC:
 		/* Copy IV at the end of crypto operation */
 		rte_memcpy(iv_ptr, iv, sa->iv_len);
-		sym_cop->cipher.iv.data = iv_ptr;
-		sym_cop->cipher.iv.phys_addr =
-				rte_crypto_op_ctophys_offset(cop, IV_OFFSET);
+		sym_cop->cipher.iv.offset = IV_OFFSET;
 		sym_cop->cipher.iv.length = sa->iv_len;
 		break;
 	case RTE_CRYPTO_CIPHER_AES_CTR:
@@ -115,9 +113,7 @@ esp_inbound(struct rte_mbuf *m, struct ipsec_sa *sa,
 		icb->salt = sa->salt;
 		memcpy(&icb->iv, iv, 8);
 		icb->cnt = rte_cpu_to_be_32(1);
-		sym_cop->cipher.iv.data = iv_ptr;
-		sym_cop->cipher.iv.phys_addr =
-				rte_crypto_op_ctophys_offset(cop, IV_OFFSET);
+		sym_cop->cipher.iv.offset = IV_OFFSET;
 		sym_cop->cipher.iv.length = 16;
 		break;
 	default:
@@ -348,15 +344,11 @@ esp_outbound(struct rte_mbuf *m, struct ipsec_sa *sa,
 	padding[pad_len - 2] = pad_len - 2;
 	padding[pad_len - 1] = nlp;
 
-	uint8_t *iv_ptr = rte_crypto_op_ctod_offset(cop,
-				uint8_t *, IV_OFFSET);
 	struct cnt_blk *icb = get_cnt_blk(m);
 	icb->salt = sa->salt;
 	icb->iv = sa->seq;
 	icb->cnt = rte_cpu_to_be_32(1);
-	sym_cop->cipher.iv.data = iv_ptr;
-	sym_cop->cipher.iv.phys_addr =
-			rte_crypto_op_ctophys_offset(cop, IV_OFFSET);
+	sym_cop->cipher.iv.offset = IV_OFFSET;
 	sym_cop->cipher.iv.length = 16;
 
 	uint8_t *aad;
diff --git a/examples/l2fwd-crypto/main.c b/examples/l2fwd-crypto/main.c
index 1380bc6..ffd9731 100644
--- a/examples/l2fwd-crypto/main.c
+++ b/examples/l2fwd-crypto/main.c
@@ -489,9 +489,7 @@ l2fwd_simple_crypto_enqueue(struct rte_mbuf *m,
 		/* Copy IV at the end of the crypto operation */
 		rte_memcpy(iv_ptr, cparams->iv.data, cparams->iv.length);
 
-		op->sym->cipher.iv.data = iv_ptr;
-		op->sym->cipher.iv.phys_addr =
-				rte_crypto_op_ctophys_offset(op, IV_OFFSET);
+		op->sym->cipher.iv.offset = IV_OFFSET;
 		op->sym->cipher.iv.length = cparams->iv.length;
 
 		/* For wireless algorithms, offset/length must be in bits */
@@ -700,7 +698,6 @@ l2fwd_main_loop(struct l2fwd_crypto_options *options)
 		if (port_cparams[i].do_cipher) {
 			port_cparams[i].iv.data = options->iv.data;
 			port_cparams[i].iv.length = options->iv.length;
-			port_cparams[i].iv.phys_addr = options->iv.phys_addr;
 			if (!options->iv_param)
 				generate_random_key(port_cparams[i].iv.data,
 						port_cparams[i].iv.length);
diff --git a/lib/librte_cryptodev/rte_crypto_sym.h b/lib/librte_cryptodev/rte_crypto_sym.h
index 39ad1e3..b35c45a 100644
--- a/lib/librte_cryptodev/rte_crypto_sym.h
+++ b/lib/librte_cryptodev/rte_crypto_sym.h
@@ -464,8 +464,10 @@ struct rte_crypto_sym_op {
 		} data; /**< Data offsets and length for ciphering */
 
 		struct {
-			uint8_t *data;
-			/**< Initialisation Vector or Counter.
+			uint16_t offset;
+			/**< Starting point for Initialisation Vector or Counter,
+			 * specified as number of bytes from start of crypto
+			 * operation.
 			 *
 			 * - For block ciphers in CBC or F8 mode, or for KASUMI
 			 * in F8 mode, or for SNOW 3G in UEA2 mode, this is the
@@ -491,7 +493,6 @@ struct rte_crypto_sym_op {
 			 * For optimum performance, the data pointed to SHOULD
 			 * be 8-byte aligned.
 			 */
-			phys_addr_t phys_addr;
 			uint16_t length;
 			/**< Length of valid IV data.
 			 *
diff --git a/test/test/test_cryptodev.c b/test/test/test_cryptodev.c
index 0037e88..fbcaaee 100644
--- a/test/test/test_cryptodev.c
+++ b/test/test/test_cryptodev.c
@@ -1311,13 +1311,11 @@ test_AES_CBC_HMAC_SHA1_encrypt_digest(void)
 	sym_op->auth.data.length = QUOTE_512_BYTES;
 
 	/* Set crypto operation cipher parameters */
-	sym_op->cipher.iv.data = rte_crypto_op_ctod_offset(ut_params->op,
-						uint8_t *, IV_OFFSET);
-	sym_op->cipher.iv.phys_addr = rte_crypto_op_ctophys_offset(ut_params->op,
-						IV_OFFSET);
+	sym_op->cipher.iv.offset = IV_OFFSET;
 	sym_op->cipher.iv.length = CIPHER_IV_LENGTH_AES_CBC;
 
-	rte_memcpy(sym_op->cipher.iv.data, aes_cbc_iv, CIPHER_IV_LENGTH_AES_CBC);
+	rte_memcpy(rte_crypto_op_ctod_offset(ut_params->op, uint8_t *, IV_OFFSET),
+			aes_cbc_iv, CIPHER_IV_LENGTH_AES_CBC);
 
 	sym_op->cipher.data.offset = 0;
 	sym_op->cipher.data.length = QUOTE_512_BYTES;
@@ -1464,13 +1462,11 @@ test_AES_CBC_HMAC_SHA512_decrypt_perform(struct rte_cryptodev_sym_session *sess,
 	sym_op->auth.data.offset = 0;
 	sym_op->auth.data.length = QUOTE_512_BYTES;
 
-	sym_op->cipher.iv.data = rte_crypto_op_ctod_offset(ut_params->op,
-						uint8_t *, IV_OFFSET);
-	sym_op->cipher.iv.phys_addr = rte_crypto_op_ctophys_offset(ut_params->op,
-						IV_OFFSET);
+	sym_op->cipher.iv.offset = IV_OFFSET;
 	sym_op->cipher.iv.length = CIPHER_IV_LENGTH_AES_CBC;
 
-	rte_memcpy(sym_op->cipher.iv.data, iv, CIPHER_IV_LENGTH_AES_CBC);
+	rte_memcpy(rte_crypto_op_ctod_offset(ut_params->op, uint8_t *, IV_OFFSET),
+			iv, CIPHER_IV_LENGTH_AES_CBC);
 
 	sym_op->cipher.data.offset = 0;
 	sym_op->cipher.data.length = QUOTE_512_BYTES;
@@ -1860,13 +1856,11 @@ create_wireless_algo_cipher_operation(const uint8_t *iv, uint8_t iv_len,
 	sym_op->m_src = ut_params->ibuf;
 
 	/* iv */
-	sym_op->cipher.iv.data = rte_crypto_op_ctod_offset(ut_params->op,
-						uint8_t *, IV_OFFSET);
-	sym_op->cipher.iv.phys_addr = rte_crypto_op_ctophys_offset(ut_params->op,
-						IV_OFFSET);
+	sym_op->cipher.iv.offset = IV_OFFSET;
 	sym_op->cipher.iv.length = iv_len;
 
-	rte_memcpy(sym_op->cipher.iv.data, iv, iv_len);
+	rte_memcpy(rte_crypto_op_ctod_offset(ut_params->op, uint8_t *, IV_OFFSET),
+			iv, iv_len);
 	sym_op->cipher.data.length = cipher_len;
 	sym_op->cipher.data.offset = cipher_offset;
 	return 0;
@@ -1896,13 +1890,11 @@ create_wireless_algo_cipher_operation_oop(const uint8_t *iv, uint8_t iv_len,
 	sym_op->m_dst = ut_params->obuf;
 
 	/* iv */
-	sym_op->cipher.iv.data = rte_crypto_op_ctod_offset(ut_params->op,
-						uint8_t *, IV_OFFSET);
-	sym_op->cipher.iv.phys_addr = rte_crypto_op_ctophys_offset(ut_params->op,
-						IV_OFFSET);
+	sym_op->cipher.iv.offset = IV_OFFSET;
 	sym_op->cipher.iv.length = iv_len;
 
-	rte_memcpy(sym_op->cipher.iv.data, iv, iv_len);
+	rte_memcpy(rte_crypto_op_ctod_offset(ut_params->op, uint8_t *, IV_OFFSET),
+			iv, iv_len);
 	sym_op->cipher.data.length = cipher_len;
 	sym_op->cipher.data.offset = cipher_offset;
 	return 0;
@@ -2219,13 +2211,11 @@ create_wireless_cipher_hash_operation(const struct wireless_test_data *tdata,
 	TEST_HEXDUMP(stdout, "aad:", sym_op->auth.aad.data, aad_len);
 
 	/* iv */
-	sym_op->cipher.iv.data = rte_crypto_op_ctod_offset(ut_params->op,
-						uint8_t *, IV_OFFSET);
-	sym_op->cipher.iv.phys_addr = rte_crypto_op_ctophys_offset(ut_params->op,
-						IV_OFFSET);
+	sym_op->cipher.iv.offset = IV_OFFSET;
 	sym_op->cipher.iv.length = iv_len;
 
-	rte_memcpy(sym_op->cipher.iv.data, iv, iv_len);
+	rte_memcpy(rte_crypto_op_ctod_offset(ut_params->op, uint8_t *, IV_OFFSET),
+			iv, iv_len);
 	sym_op->cipher.data.length = cipher_len;
 	sym_op->cipher.data.offset = cipher_offset + auth_offset;
 	sym_op->auth.data.length = auth_len;
@@ -2316,13 +2306,11 @@ create_wireless_algo_cipher_hash_operation(const uint8_t *auth_tag,
 	TEST_HEXDUMP(stdout, "aad:", sym_op->auth.aad.data, aad_len);
 
 	/* iv */
-	sym_op->cipher.iv.data = rte_crypto_op_ctod_offset(ut_params->op,
-						uint8_t *, IV_OFFSET);
-	sym_op->cipher.iv.phys_addr = rte_crypto_op_ctophys_offset(ut_params->op,
-						IV_OFFSET);
+	sym_op->cipher.iv.offset = IV_OFFSET;
 	sym_op->cipher.iv.length = iv_len;
 
-	rte_memcpy(sym_op->cipher.iv.data, iv, iv_len);
+	rte_memcpy(rte_crypto_op_ctod_offset(ut_params->op, uint8_t *, IV_OFFSET),
+			iv, iv_len);
 	sym_op->cipher.data.length = cipher_len;
 	sym_op->cipher.data.offset = cipher_offset + auth_offset;
 	sym_op->auth.data.length = auth_len;
@@ -2401,14 +2389,11 @@ create_wireless_algo_auth_cipher_operation(const unsigned auth_tag_len,
 			sym_op->auth.aad.data, aad_len);
 
 	/* iv */
-	sym_op->cipher.iv.data = rte_crypto_op_ctod_offset(ut_params->op,
-						uint8_t *, IV_OFFSET);
-	sym_op->cipher.iv.phys_addr = rte_crypto_op_ctophys_offset(ut_params->op,
-						IV_OFFSET);
+	sym_op->cipher.iv.offset = IV_OFFSET;
 	sym_op->cipher.iv.length = iv_len;
 
-	rte_memcpy(sym_op->cipher.iv.data, iv, iv_len);
-
+	rte_memcpy(rte_crypto_op_ctod_offset(ut_params->op, uint8_t *, IV_OFFSET),
+			iv, iv_len);
 	sym_op->cipher.data.length = cipher_len;
 	sym_op->cipher.data.offset = auth_offset + cipher_offset;
 
@@ -4854,14 +4839,13 @@ create_gcm_operation(enum rte_crypto_cipher_operation op,
 		sym_op->auth.aad.length);
 
 	/* Append IV at the end of the crypto operation*/
-	sym_op->cipher.iv.data = rte_crypto_op_ctod_offset(ut_params->op,
-						uint8_t *, IV_OFFSET);
-	sym_op->cipher.iv.phys_addr = rte_crypto_op_ctophys_offset(ut_params->op,
-						IV_OFFSET);
+	uint8_t *iv_ptr = rte_crypto_op_ctod_offset(ut_params->op,
+			uint8_t *, IV_OFFSET);
+	sym_op->cipher.iv.offset = IV_OFFSET;
 	sym_op->cipher.iv.length = tdata->iv.len;
 
-	rte_memcpy(sym_op->cipher.iv.data, tdata->iv.data, tdata->iv.len);
-	TEST_HEXDUMP(stdout, "iv:", sym_op->cipher.iv.data,
+	rte_memcpy(iv_ptr, tdata->iv.data, tdata->iv.len);
+	TEST_HEXDUMP(stdout, "iv:", iv_ptr,
 		sym_op->cipher.iv.length);
 
 	/* Append plaintext/ciphertext */
@@ -6429,15 +6413,15 @@ create_gmac_operation(enum rte_crypto_auth_operation op,
 				sym_op->auth.digest.length);
 	}
 
-	sym_op->cipher.iv.data = rte_crypto_op_ctod_offset(ut_params->op,
-						uint8_t *, IV_OFFSET);
-	sym_op->cipher.iv.phys_addr = rte_crypto_op_ctophys_offset(ut_params->op,
-						IV_OFFSET);
+	uint8_t *iv_ptr = rte_crypto_op_ctod_offset(ut_params->op,
+			uint8_t *, IV_OFFSET);
+
+	sym_op->cipher.iv.offset = IV_OFFSET;
 	sym_op->cipher.iv.length = tdata->iv.len;
 
-	rte_memcpy(sym_op->cipher.iv.data, tdata->iv.data, tdata->iv.len);
+	rte_memcpy(iv_ptr, tdata->iv.data, tdata->iv.len);
 
-	TEST_HEXDUMP(stdout, "iv:", sym_op->cipher.iv.data, tdata->iv.len);
+	TEST_HEXDUMP(stdout, "iv:", iv_ptr, tdata->iv.len);
 
 	sym_op->cipher.data.length = 0;
 	sym_op->cipher.data.offset = 0;
@@ -6975,13 +6959,11 @@ create_auth_GMAC_operation(struct crypto_testsuite_params *ts_params,
 			sym_op->auth.digest.data,
 			sym_op->auth.digest.length);
 
-	sym_op->cipher.iv.data = rte_crypto_op_ctod_offset(ut_params->op,
-						uint8_t *, IV_OFFSET);
-	sym_op->cipher.iv.phys_addr = rte_crypto_op_ctophys_offset(ut_params->op,
-						IV_OFFSET);
+	sym_op->cipher.iv.offset = IV_OFFSET;
 	sym_op->cipher.iv.length = reference->iv.len;
 
-	rte_memcpy(sym_op->cipher.iv.data, reference->iv.data, reference->iv.len);
+	rte_memcpy(rte_crypto_op_ctod_offset(ut_params->op, uint8_t *, IV_OFFSET),
+			reference->iv.data, reference->iv.len);
 
 	sym_op->cipher.data.length = 0;
 	sym_op->cipher.data.offset = 0;
@@ -7034,13 +7016,11 @@ create_cipher_auth_operation(struct crypto_testsuite_params *ts_params,
 			sym_op->auth.digest.data,
 			sym_op->auth.digest.length);
 
-	sym_op->cipher.iv.data = rte_crypto_op_ctod_offset(ut_params->op,
-						uint8_t *, IV_OFFSET);
-	sym_op->cipher.iv.phys_addr = rte_crypto_op_ctophys_offset(ut_params->op,
-						IV_OFFSET);
+	sym_op->cipher.iv.offset = IV_OFFSET;
 	sym_op->cipher.iv.length = reference->iv.len;
 
-	rte_memcpy(sym_op->cipher.iv.data, reference->iv.data, reference->iv.len);
+	rte_memcpy(rte_crypto_op_ctod_offset(ut_params->op, uint8_t *, IV_OFFSET),
+			reference->iv.data, reference->iv.len);
 
 	sym_op->cipher.data.length = reference->ciphertext.len;
 	sym_op->cipher.data.offset = 0;
@@ -7284,13 +7264,12 @@ create_gcm_operation_SGL(enum rte_crypto_cipher_operation op,
 				sym_op->auth.digest.length);
 	}
 
-	sym_op->cipher.iv.data = rte_crypto_op_ctod_offset(ut_params->op,
-						uint8_t *, IV_OFFSET);
-	sym_op->cipher.iv.phys_addr = rte_crypto_op_ctophys_offset(ut_params->op,
-						IV_OFFSET);
+	uint8_t *iv_ptr = rte_crypto_op_ctod_offset(ut_params->op,
+			uint8_t *, IV_OFFSET);
+	sym_op->cipher.iv.offset = IV_OFFSET;
 	sym_op->cipher.iv.length = iv_len;
 
-	rte_memcpy(sym_op->cipher.iv.data, tdata->iv.data, iv_len);
+	rte_memcpy(iv_ptr, tdata->iv.data, iv_len);
 
 	sym_op->auth.aad.data = (uint8_t *)rte_pktmbuf_prepend(
 			ut_params->ibuf, aad_len);
@@ -7303,7 +7282,7 @@ create_gcm_operation_SGL(enum rte_crypto_cipher_operation op,
 	memset(sym_op->auth.aad.data, 0, aad_len);
 	rte_memcpy(sym_op->auth.aad.data, tdata->aad.data, aad_len);
 
-	TEST_HEXDUMP(stdout, "iv:", sym_op->cipher.iv.data, iv_len);
+	TEST_HEXDUMP(stdout, "iv:", iv_ptr, iv_len);
 	TEST_HEXDUMP(stdout, "aad:",
 			sym_op->auth.aad.data, aad_len);
 
diff --git a/test/test/test_cryptodev_blockcipher.c b/test/test/test_cryptodev_blockcipher.c
index 2a0c364..312405b 100644
--- a/test/test/test_cryptodev_blockcipher.c
+++ b/test/test/test_cryptodev_blockcipher.c
@@ -290,12 +290,10 @@ test_blockcipher_one_case(const struct blockcipher_test_case *t,
 
 		sym_op->cipher.data.offset = 0;
 		sym_op->cipher.data.length = tdata->ciphertext.len;
-		sym_op->cipher.iv.data = rte_crypto_op_ctod_offset(op,
-						uint8_t *, IV_OFFSET);
-		sym_op->cipher.iv.phys_addr = rte_crypto_op_ctophys_offset(op,
-						IV_OFFSET);
+		sym_op->cipher.iv.offset = IV_OFFSET;
 		sym_op->cipher.iv.length = tdata->iv.len;
-		rte_memcpy(sym_op->cipher.iv.data, tdata->iv.data,
+		rte_memcpy(rte_crypto_op_ctod_offset(op, uint8_t *, IV_OFFSET),
+				tdata->iv.data,
 				tdata->iv.len);
 	}
 
diff --git a/test/test/test_cryptodev_perf.c b/test/test/test_cryptodev_perf.c
index b08451d..86bdc6e 100644
--- a/test/test/test_cryptodev_perf.c
+++ b/test/test/test_cryptodev_perf.c
@@ -1981,15 +1981,11 @@ test_perf_crypto_qp_vary_burst_size(uint16_t dev_num)
 		op->sym->auth.data.offset = 0;
 		op->sym->auth.data.length = data_params[0].length;
 
-
-		op->sym->cipher.iv.data = rte_crypto_op_ctod_offset(op,
-				uint8_t *, IV_OFFSET);
-		op->sym->cipher.iv.phys_addr = rte_crypto_op_ctophys_offset(op,
-				IV_OFFSET);
+		op->sym->cipher.iv.offset = IV_OFFSET;
 		op->sym->cipher.iv.length = CIPHER_IV_LENGTH_AES_CBC;
 
-		rte_memcpy(op->sym->cipher.iv.data, aes_cbc_128_iv,
-				CIPHER_IV_LENGTH_AES_CBC);
+		rte_memcpy(rte_crypto_op_ctod_offset(op, uint8_t *, IV_OFFSET),
+				aes_cbc_128_iv, CIPHER_IV_LENGTH_AES_CBC);
 
 		op->sym->cipher.data.offset = 0;
 		op->sym->cipher.data.length = data_params[0].length;
@@ -2898,13 +2894,10 @@ test_perf_set_crypto_op_aes(struct rte_crypto_op *op, struct rte_mbuf *m,
 
 
 	/* Cipher Parameters */
-	op->sym->cipher.iv.data = rte_crypto_op_ctod_offset(op,
-			uint8_t *, IV_OFFSET);
-	op->sym->cipher.iv.phys_addr = rte_crypto_op_ctophys_offset(op,
-			IV_OFFSET);
+	op->sym->cipher.iv.offset = IV_OFFSET;
 	op->sym->cipher.iv.length = AES_CIPHER_IV_LENGTH;
-
-	rte_memcpy(op->sym->cipher.iv.data, aes_iv, AES_CIPHER_IV_LENGTH);
+	rte_memcpy(rte_crypto_op_ctod_offset(op, uint8_t *, IV_OFFSET),
+			aes_iv, AES_CIPHER_IV_LENGTH);
 
 	op->sym->cipher.data.offset = 0;
 	op->sym->cipher.data.length = data_len;
@@ -2934,12 +2927,10 @@ test_perf_set_crypto_op_aes_gcm(struct rte_crypto_op *op, struct rte_mbuf *m,
 	op->sym->auth.aad.length = AES_GCM_AAD_LENGTH;
 
 	/* Cipher Parameters */
-	op->sym->cipher.iv.data = rte_crypto_op_ctod_offset(op,
-			uint8_t *, IV_OFFSET);
-	op->sym->cipher.iv.phys_addr = rte_crypto_op_ctophys_offset(op,
-			IV_OFFSET);
+	op->sym->cipher.iv.offset = IV_OFFSET;
 	op->sym->cipher.iv.length = AES_CIPHER_IV_LENGTH;
-	rte_memcpy(op->sym->cipher.iv.data, aes_iv, AES_CIPHER_IV_LENGTH);
+	rte_memcpy(rte_crypto_op_ctod_offset(op, uint8_t *, IV_OFFSET),
+			aes_iv, AES_CIPHER_IV_LENGTH);
 
 	/* Data lengths/offsets Parameters */
 	op->sym->auth.data.offset = 0;
@@ -2980,9 +2971,7 @@ test_perf_set_crypto_op_snow3g(struct rte_crypto_op *op, struct rte_mbuf *m,
 	op->sym->auth.aad.length = SNOW3G_CIPHER_IV_LENGTH;
 
 	/* Cipher Parameters */
-	op->sym->cipher.iv.data = iv_ptr;
-	op->sym->cipher.iv.phys_addr = rte_crypto_op_ctophys_offset(op,
-			IV_OFFSET);
+	op->sym->cipher.iv.offset = IV_OFFSET;
 	op->sym->cipher.iv.length = SNOW3G_CIPHER_IV_LENGTH;
 
 	/* Data lengths/offsets Parameters */
@@ -3009,12 +2998,10 @@ test_perf_set_crypto_op_snow3g_cipher(struct rte_crypto_op *op,
 	}
 
 	/* Cipher Parameters */
-	op->sym->cipher.iv.data = rte_crypto_op_ctod_offset(op,
-			uint8_t *, IV_OFFSET);
-	op->sym->cipher.iv.phys_addr = rte_crypto_op_ctophys_offset(op,
-			IV_OFFSET);
+	op->sym->cipher.iv.offset = IV_OFFSET;
 	op->sym->cipher.iv.length = SNOW3G_CIPHER_IV_LENGTH;
-	rte_memcpy(op->sym->cipher.iv.data, snow3g_iv, SNOW3G_CIPHER_IV_LENGTH);
+	rte_memcpy(rte_crypto_op_ctod_offset(op, uint8_t *, IV_OFFSET),
+			snow3g_iv, SNOW3G_CIPHER_IV_LENGTH);
 
 	op->sym->cipher.data.offset = 0;
 	op->sym->cipher.data.length = data_len << 3;
@@ -3082,13 +3069,10 @@ test_perf_set_crypto_op_3des(struct rte_crypto_op *op, struct rte_mbuf *m,
 	op->sym->auth.digest.length = digest_len;
 
 	/* Cipher Parameters */
-	op->sym->cipher.iv.data = rte_crypto_op_ctod_offset(op,
-			uint8_t *, IV_OFFSET);
-	op->sym->cipher.iv.phys_addr = rte_crypto_op_ctophys_offset(op,
-			IV_OFFSET);
+	op->sym->cipher.iv.offset = IV_OFFSET;
 	op->sym->cipher.iv.length = TRIPLE_DES_CIPHER_IV_LENGTH;
-	rte_memcpy(op->sym->cipher.iv.data, triple_des_iv,
-			TRIPLE_DES_CIPHER_IV_LENGTH);
+	rte_memcpy(rte_crypto_op_ctod_offset(op, uint8_t *, IV_OFFSET),
+			triple_des_iv, TRIPLE_DES_CIPHER_IV_LENGTH);
 
 	/* Data lengths/offsets Parameters */
 	op->sym->auth.data.offset = 0;
@@ -4183,6 +4167,9 @@ perf_gcm_set_crypto_op(struct rte_crypto_op *op, struct rte_mbuf *m,
 		struct crypto_params *m_hlp,
 		struct perf_test_params *params)
 {
+	uint8_t *iv_ptr = rte_crypto_op_ctod_offset(op,
+			uint8_t *, IV_OFFSET);
+
 	if (rte_crypto_op_attach_sym_session(op, sess) != 0) {
 		rte_crypto_op_free(op);
 		return NULL;
@@ -4203,14 +4190,11 @@ perf_gcm_set_crypto_op(struct rte_crypto_op *op, struct rte_mbuf *m,
 	rte_memcpy(op->sym->auth.aad.data, params->symmetric_op->aad_data,
 		       params->symmetric_op->aad_len);
 
-	op->sym->cipher.iv.data = rte_crypto_op_ctod_offset(op,
-			uint8_t *, IV_OFFSET);
-	op->sym->cipher.iv.phys_addr = rte_crypto_op_ctophys_offset(op,
-			IV_OFFSET);
-	rte_memcpy(op->sym->cipher.iv.data, params->symmetric_op->iv_data,
+	op->sym->cipher.iv.offset = IV_OFFSET;
+	rte_memcpy(iv_ptr, params->symmetric_op->iv_data,
 		       params->symmetric_op->iv_len);
 	if (params->symmetric_op->iv_len == 12)
-		op->sym->cipher.iv.data[15] = 1;
+		iv_ptr[15] = 1;
 
 	op->sym->cipher.iv.length = params->symmetric_op->iv_len;
 
-- 
2.9.4

^ permalink raw reply	[flat|nested] 100+ messages in thread

* [dpdk-dev] [PATCH v4 13/26] cryptodev: move IV parameters to crypto session
  2017-07-02  5:41     ` [dpdk-dev] [PATCH v4 " Pablo de Lara
                         ` (11 preceding siblings ...)
  2017-07-02  5:41       ` [dpdk-dev] [PATCH v4 12/26] cryptodev: pass IV as offset Pablo de Lara
@ 2017-07-02  5:41       ` Pablo de Lara
  2017-07-02  5:41       ` [dpdk-dev] [PATCH v4 14/26] cryptodev: add auth IV Pablo de Lara
                         ` (13 subsequent siblings)
  26 siblings, 0 replies; 100+ messages in thread
From: Pablo de Lara @ 2017-07-02  5:41 UTC (permalink / raw)
  To: declan.doherty, zbigniew.bodek, jerin.jacob, akhil.goyal,
	hemant.agrawal, fiona.trahe, john.griffin, deepak.k.jain
  Cc: dev, Pablo de Lara

Since IV parameters (offset and length) should not
change for operations in the same session, these parameters
are moved to the crypto transform structure, so they will
be stored in the sessions.

Signed-off-by: Pablo de Lara <pablo.de.lara.guarch@intel.com>
Acked-by: Akhil Goyal <akhil.goyal@nxp.com>
Acked-by: Fiona Trahe <fiona.trahe@intel.com>
---
 app/test-crypto-perf/cperf_ops.c                   |  19 ++-
 app/test-crypto-perf/cperf_ops.h                   |   3 +-
 app/test-crypto-perf/cperf_test_latency.c          |   7 +-
 app/test-crypto-perf/cperf_test_throughput.c       |   6 +-
 app/test-crypto-perf/cperf_test_vectors.c          |   9 ++
 app/test-crypto-perf/cperf_test_verify.c           |   6 +-
 doc/guides/prog_guide/cryptodev_lib.rst            |   5 -
 doc/guides/rel_notes/release_17_08.rst             |   2 +
 drivers/crypto/aesni_gcm/aesni_gcm_pmd.c           |  22 ++--
 drivers/crypto/aesni_gcm/aesni_gcm_pmd_private.h   |   5 +
 drivers/crypto/aesni_mb/rte_aesni_mb_pmd.c         |  11 +-
 drivers/crypto/aesni_mb/rte_aesni_mb_pmd_private.h |   5 +
 drivers/crypto/armv8/rte_armv8_pmd.c               |  12 +-
 drivers/crypto/armv8/rte_armv8_pmd_private.h       |   7 +-
 drivers/crypto/dpaa2_sec/dpaa2_sec_dpseci.c        |  39 ++++--
 drivers/crypto/dpaa2_sec/dpaa2_sec_priv.h          |   8 +-
 drivers/crypto/kasumi/rte_kasumi_pmd.c             |  25 ++--
 drivers/crypto/kasumi/rte_kasumi_pmd_private.h     |   1 +
 drivers/crypto/null/null_crypto_pmd_ops.c          |   6 +-
 drivers/crypto/openssl/rte_openssl_pmd.c           |  17 ++-
 drivers/crypto/openssl/rte_openssl_pmd_private.h   |   5 +
 drivers/crypto/qat/qat_adf/qat_algs.h              |   4 +
 drivers/crypto/qat/qat_crypto.c                    |  44 +++----
 drivers/crypto/snow3g/rte_snow3g_pmd.c             |  25 ++--
 drivers/crypto/snow3g/rte_snow3g_pmd_private.h     |   1 +
 drivers/crypto/zuc/rte_zuc_pmd.c                   |  16 +--
 drivers/crypto/zuc/rte_zuc_pmd_ops.c               |   2 +-
 drivers/crypto/zuc/rte_zuc_pmd_private.h           |   1 +
 examples/ipsec-secgw/esp.c                         |   9 --
 examples/ipsec-secgw/ipsec.h                       |   3 +
 examples/ipsec-secgw/sa.c                          |  20 +++
 examples/l2fwd-crypto/main.c                       |  90 ++++++++------
 lib/librte_cryptodev/rte_crypto_sym.h              |  98 +++++++--------
 test/test/test_cryptodev.c                         | 134 ++++++++++++---------
 test/test/test_cryptodev_blockcipher.c             |   4 +-
 test/test/test_cryptodev_perf.c                    |  61 +++++-----
 36 files changed, 417 insertions(+), 315 deletions(-)

diff --git a/app/test-crypto-perf/cperf_ops.c b/app/test-crypto-perf/cperf_ops.c
index 018ce0e..f215445 100644
--- a/app/test-crypto-perf/cperf_ops.c
+++ b/app/test-crypto-perf/cperf_ops.c
@@ -106,9 +106,6 @@ cperf_set_ops_cipher(struct rte_crypto_op **ops,
 		sym_op->m_dst = bufs_out[i];
 
 		/* cipher parameters */
-		sym_op->cipher.iv.offset = iv_offset;
-		sym_op->cipher.iv.length = test_vector->iv.length;
-
 		if (options->cipher_algo == RTE_CRYPTO_CIPHER_SNOW3G_UEA2 ||
 				options->cipher_algo == RTE_CRYPTO_CIPHER_KASUMI_F8 ||
 				options->cipher_algo == RTE_CRYPTO_CIPHER_ZUC_EEA3)
@@ -215,9 +212,6 @@ cperf_set_ops_cipher_auth(struct rte_crypto_op **ops,
 		sym_op->m_dst = bufs_out[i];
 
 		/* cipher parameters */
-		sym_op->cipher.iv.offset = iv_offset;
-		sym_op->cipher.iv.length = test_vector->iv.length;
-
 		if (options->cipher_algo == RTE_CRYPTO_CIPHER_SNOW3G_UEA2 ||
 				options->cipher_algo == RTE_CRYPTO_CIPHER_KASUMI_F8 ||
 				options->cipher_algo == RTE_CRYPTO_CIPHER_ZUC_EEA3)
@@ -302,9 +296,6 @@ cperf_set_ops_aead(struct rte_crypto_op **ops,
 		sym_op->m_dst = bufs_out[i];
 
 		/* cipher parameters */
-		sym_op->cipher.iv.offset = iv_offset;
-		sym_op->cipher.iv.length = test_vector->iv.length;
-
 		sym_op->cipher.data.length = options->test_buffer_size;
 		sym_op->cipher.data.offset =
 				RTE_ALIGN_CEIL(options->auth_aad_sz, 16);
@@ -365,7 +356,8 @@ cperf_set_ops_aead(struct rte_crypto_op **ops,
 static struct rte_cryptodev_sym_session *
 cperf_create_session(uint8_t dev_id,
 	const struct cperf_options *options,
-	const struct cperf_test_vector *test_vector)
+	const struct cperf_test_vector *test_vector,
+	uint16_t iv_offset)
 {
 	struct rte_crypto_sym_xform cipher_xform;
 	struct rte_crypto_sym_xform auth_xform;
@@ -379,6 +371,7 @@ cperf_create_session(uint8_t dev_id,
 		cipher_xform.next = NULL;
 		cipher_xform.cipher.algo = options->cipher_algo;
 		cipher_xform.cipher.op = options->cipher_op;
+		cipher_xform.cipher.iv.offset = iv_offset;
 
 		/* cipher different than null */
 		if (options->cipher_algo != RTE_CRYPTO_CIPHER_NULL) {
@@ -386,9 +379,12 @@ cperf_create_session(uint8_t dev_id,
 					test_vector->cipher_key.data;
 			cipher_xform.cipher.key.length =
 					test_vector->cipher_key.length;
+			cipher_xform.cipher.iv.length = test_vector->iv.length;
+
 		} else {
 			cipher_xform.cipher.key.data = NULL;
 			cipher_xform.cipher.key.length = 0;
+			cipher_xform.cipher.iv.length = 0;
 		}
 		/* create crypto session */
 		sess = rte_cryptodev_sym_session_create(dev_id,	&cipher_xform);
@@ -432,6 +428,7 @@ cperf_create_session(uint8_t dev_id,
 		cipher_xform.next = NULL;
 		cipher_xform.cipher.algo = options->cipher_algo;
 		cipher_xform.cipher.op = options->cipher_op;
+		cipher_xform.cipher.iv.offset = iv_offset;
 
 		/* cipher different than null */
 		if (options->cipher_algo != RTE_CRYPTO_CIPHER_NULL) {
@@ -439,9 +436,11 @@ cperf_create_session(uint8_t dev_id,
 					test_vector->cipher_key.data;
 			cipher_xform.cipher.key.length =
 					test_vector->cipher_key.length;
+			cipher_xform.cipher.iv.length = test_vector->iv.length;
 		} else {
 			cipher_xform.cipher.key.data = NULL;
 			cipher_xform.cipher.key.length = 0;
+			cipher_xform.cipher.iv.length = 0;
 		}
 
 		/*
diff --git a/app/test-crypto-perf/cperf_ops.h b/app/test-crypto-perf/cperf_ops.h
index f7b431c..bb83cd5 100644
--- a/app/test-crypto-perf/cperf_ops.h
+++ b/app/test-crypto-perf/cperf_ops.h
@@ -42,7 +42,8 @@
 
 typedef struct rte_cryptodev_sym_session *(*cperf_sessions_create_t)(
 		uint8_t dev_id, const struct cperf_options *options,
-		const struct cperf_test_vector *test_vector);
+		const struct cperf_test_vector *test_vector,
+		uint16_t iv_offset);
 
 typedef int (*cperf_populate_ops_t)(struct rte_crypto_op **ops,
 		struct rte_mbuf **bufs_in, struct rte_mbuf **bufs_out,
diff --git a/app/test-crypto-perf/cperf_test_latency.c b/app/test-crypto-perf/cperf_test_latency.c
index c33129b..bc22a89 100644
--- a/app/test-crypto-perf/cperf_test_latency.c
+++ b/app/test-crypto-perf/cperf_test_latency.c
@@ -211,7 +211,12 @@ cperf_latency_test_constructor(uint8_t dev_id, uint16_t qp_id,
 	ctx->options = options;
 	ctx->test_vector = test_vector;
 
-	ctx->sess = op_fns->sess_create(dev_id, options, test_vector);
+	/* IV goes at the end of the crypto operation */
+	uint16_t iv_offset = sizeof(struct rte_crypto_op) +
+		sizeof(struct rte_crypto_sym_op) +
+		sizeof(struct cperf_op_result *);
+
+	ctx->sess = op_fns->sess_create(dev_id, options, test_vector, iv_offset);
 	if (ctx->sess == NULL)
 		goto err;
 
diff --git a/app/test-crypto-perf/cperf_test_throughput.c b/app/test-crypto-perf/cperf_test_throughput.c
index 5a90eb0..d043f60 100644
--- a/app/test-crypto-perf/cperf_test_throughput.c
+++ b/app/test-crypto-perf/cperf_test_throughput.c
@@ -195,7 +195,11 @@ cperf_throughput_test_constructor(uint8_t dev_id, uint16_t qp_id,
 	ctx->options = options;
 	ctx->test_vector = test_vector;
 
-	ctx->sess = op_fns->sess_create(dev_id, options, test_vector);
+	/* IV goes at the end of the cryptop operation */
+	uint16_t iv_offset = sizeof(struct rte_crypto_op) +
+		sizeof(struct rte_crypto_sym_op);
+
+	ctx->sess = op_fns->sess_create(dev_id, options, test_vector, iv_offset);
 	if (ctx->sess == NULL)
 		goto err;
 
diff --git a/app/test-crypto-perf/cperf_test_vectors.c b/app/test-crypto-perf/cperf_test_vectors.c
index 36b3f6f..4a14fb3 100644
--- a/app/test-crypto-perf/cperf_test_vectors.c
+++ b/app/test-crypto-perf/cperf_test_vectors.c
@@ -423,7 +423,16 @@ cperf_test_vector_get_dummy(struct cperf_options *options)
 			memcpy(t_vec->iv.data, iv, options->cipher_iv_sz);
 		}
 		t_vec->ciphertext.length = options->max_buffer_size;
+		/* Set IV parameters */
+		t_vec->iv.data = rte_malloc(NULL, options->cipher_iv_sz,
+					16);
+		if (options->cipher_iv_sz && t_vec->iv.data == NULL) {
+			rte_free(t_vec);
+			return NULL;
+		}
+		memcpy(t_vec->iv.data, iv, options->cipher_iv_sz);
 		t_vec->iv.length = options->cipher_iv_sz;
+
 		t_vec->data.cipher_offset = 0;
 		t_vec->data.cipher_length = options->max_buffer_size;
 	}
diff --git a/app/test-crypto-perf/cperf_test_verify.c b/app/test-crypto-perf/cperf_test_verify.c
index be684a6..e6f20c6 100644
--- a/app/test-crypto-perf/cperf_test_verify.c
+++ b/app/test-crypto-perf/cperf_test_verify.c
@@ -199,7 +199,11 @@ cperf_verify_test_constructor(uint8_t dev_id, uint16_t qp_id,
 	ctx->options = options;
 	ctx->test_vector = test_vector;
 
-	ctx->sess = op_fns->sess_create(dev_id, options, test_vector);
+	/* IV goes at the end of the cryptop operation */
+	uint16_t iv_offset = sizeof(struct rte_crypto_op) +
+		sizeof(struct rte_crypto_sym_op);
+
+	ctx->sess = op_fns->sess_create(dev_id, options, test_vector, iv_offset);
 	if (ctx->sess == NULL)
 		goto err;
 
diff --git a/doc/guides/prog_guide/cryptodev_lib.rst b/doc/guides/prog_guide/cryptodev_lib.rst
index 48c58a9..4e352f4 100644
--- a/doc/guides/prog_guide/cryptodev_lib.rst
+++ b/doc/guides/prog_guide/cryptodev_lib.rst
@@ -535,11 +535,6 @@ chain.
                 uint32_t offset;
                 uint32_t length;
             } data;   /**< Data offsets and length for ciphering */
-
-            struct {
-                uint16_t offset;
-                uint16_t length;
-            } iv;     /**< Initialisation vector parameters */
         } cipher;
 
         struct {
diff --git a/doc/guides/rel_notes/release_17_08.rst b/doc/guides/rel_notes/release_17_08.rst
index 68e8022..4775bd2 100644
--- a/doc/guides/rel_notes/release_17_08.rst
+++ b/doc/guides/rel_notes/release_17_08.rst
@@ -159,6 +159,8 @@ API Changes
     with a zero length array.
   * Replaced pointer and physical address of IV in ``rte_crypto_sym_op`` with
     offset from the start of the crypto operation.
+  * Moved length and offset of cipher IV from ``rte_crypto_sym_op`` to
+    ``rte_crypto_cipher_xform``.
 
 
 ABI Changes
diff --git a/drivers/crypto/aesni_gcm/aesni_gcm_pmd.c b/drivers/crypto/aesni_gcm/aesni_gcm_pmd.c
index 217ea65..414f22b 100644
--- a/drivers/crypto/aesni_gcm/aesni_gcm_pmd.c
+++ b/drivers/crypto/aesni_gcm/aesni_gcm_pmd.c
@@ -104,6 +104,17 @@ aesni_gcm_set_session_parameters(struct aesni_gcm_session *sess,
 		return -EINVAL;
 	}
 
+	/* Set IV parameters */
+	sess->iv.offset = cipher_xform->cipher.iv.offset;
+	sess->iv.length = cipher_xform->cipher.iv.length;
+
+	/* IV check */
+	if (sess->iv.length != 16 && sess->iv.length != 12 &&
+			sess->iv.length != 0) {
+		GCM_LOG_ERR("Wrong IV length");
+		return -EINVAL;
+	}
+
 	/* Select Crypto operation */
 	if (cipher_xform->cipher.op == RTE_CRYPTO_CIPHER_OP_ENCRYPT &&
 			auth_xform->auth.op == RTE_CRYPTO_AUTH_OP_GENERATE)
@@ -221,20 +232,13 @@ process_gcm_crypto_op(struct rte_crypto_op *op,
 
 	src = rte_pktmbuf_mtod_offset(m_src, uint8_t *, offset);
 
-	/* sanity checks */
-	if (sym_op->cipher.iv.length != 16 && sym_op->cipher.iv.length != 12 &&
-			sym_op->cipher.iv.length != 0) {
-		GCM_LOG_ERR("iv");
-		return -1;
-	}
-
 	iv_ptr = rte_crypto_op_ctod_offset(op, uint8_t *,
-				sym_op->cipher.iv.offset);
+				session->iv.offset);
 	/*
 	 * GCM working in 12B IV mode => 16B pre-counter block we need
 	 * to set BE LSB to 1, driver expects that 16B is allocated
 	 */
-	if (sym_op->cipher.iv.length == 12) {
+	if (session->iv.length == 12) {
 		uint32_t *iv_padd = (uint32_t *)&(iv_ptr[12]);
 		*iv_padd = rte_bswap32(1);
 	}
diff --git a/drivers/crypto/aesni_gcm/aesni_gcm_pmd_private.h b/drivers/crypto/aesni_gcm/aesni_gcm_pmd_private.h
index 0496b44..2ed96f8 100644
--- a/drivers/crypto/aesni_gcm/aesni_gcm_pmd_private.h
+++ b/drivers/crypto/aesni_gcm/aesni_gcm_pmd_private.h
@@ -90,6 +90,11 @@ enum aesni_gcm_key {
 
 /** AESNI GCM private session structure */
 struct aesni_gcm_session {
+	struct {
+		uint16_t length;
+		uint16_t offset;
+	} iv;
+	/**< IV parameters */
 	enum aesni_gcm_operation op;
 	/**< GCM operation type */
 	enum aesni_gcm_key key;
diff --git a/drivers/crypto/aesni_mb/rte_aesni_mb_pmd.c b/drivers/crypto/aesni_mb/rte_aesni_mb_pmd.c
index 1f03582..0a20dec 100644
--- a/drivers/crypto/aesni_mb/rte_aesni_mb_pmd.c
+++ b/drivers/crypto/aesni_mb/rte_aesni_mb_pmd.c
@@ -246,6 +246,10 @@ aesni_mb_set_session_cipher_parameters(const struct aesni_mb_op_fns *mb_ops,
 		return -1;
 	}
 
+	/* Set IV parameters */
+	sess->iv.offset = xform->cipher.iv.offset;
+	sess->iv.length = xform->cipher.iv.length;
+
 	/* Expanded cipher keys */
 	(*aes_keyexp_fn)(xform->cipher.key.data,
 			sess->cipher.expanded_aes_keys.encode,
@@ -300,6 +304,9 @@ aesni_mb_set_session_parameters(const struct aesni_mb_op_fns *mb_ops,
 		return -1;
 	}
 
+	/* Default IV length = 0 */
+	sess->iv.length = 0;
+
 	if (aesni_mb_set_session_auth_parameters(mb_ops, sess, auth_xform)) {
 		MB_LOG_ERR("Invalid/unsupported authentication parameters");
 		return -1;
@@ -472,8 +479,8 @@ set_mb_job_params(JOB_AES_HMAC *job, struct aesni_mb_qp *qp,
 
 	/* Set IV parameters */
 	job->iv = rte_crypto_op_ctod_offset(op, uint8_t *,
-			op->sym->cipher.iv.offset);
-	job->iv_len_in_bytes = op->sym->cipher.iv.length;
+			session->iv.offset);
+	job->iv_len_in_bytes = session->iv.length;
 
 	/* Data  Parameter */
 	job->src = rte_pktmbuf_mtod(m_src, uint8_t *);
diff --git a/drivers/crypto/aesni_mb/rte_aesni_mb_pmd_private.h b/drivers/crypto/aesni_mb/rte_aesni_mb_pmd_private.h
index 0d82699..5c50d37 100644
--- a/drivers/crypto/aesni_mb/rte_aesni_mb_pmd_private.h
+++ b/drivers/crypto/aesni_mb/rte_aesni_mb_pmd_private.h
@@ -167,6 +167,11 @@ struct aesni_mb_qp {
 /** AES-NI multi-buffer private session structure */
 struct aesni_mb_session {
 	JOB_CHAIN_ORDER chain_order;
+	struct {
+		uint16_t length;
+		uint16_t offset;
+	} iv;
+	/**< IV parameters */
 
 	/** Cipher Parameters */
 	struct {
diff --git a/drivers/crypto/armv8/rte_armv8_pmd.c b/drivers/crypto/armv8/rte_armv8_pmd.c
index 693eccd..dac4fc3 100644
--- a/drivers/crypto/armv8/rte_armv8_pmd.c
+++ b/drivers/crypto/armv8/rte_armv8_pmd.c
@@ -432,7 +432,7 @@ armv8_crypto_set_session_chained_parameters(struct armv8_crypto_session *sess,
 	case RTE_CRYPTO_CIPHER_AES_CBC:
 		sess->cipher.algo = calg;
 		/* IV len is always 16 bytes (block size) for AES CBC */
-		sess->cipher.iv_len = 16;
+		sess->cipher.iv.length = 16;
 		break;
 	default:
 		return -EINVAL;
@@ -523,6 +523,9 @@ armv8_crypto_set_session_parameters(struct armv8_crypto_session *sess,
 		return -EINVAL;
 	}
 
+	/* Set IV offset */
+	sess->cipher.iv.offset = cipher_xform->cipher.iv.offset;
+
 	if (is_chained_op) {
 		ret = armv8_crypto_set_session_chained_parameters(sess,
 						cipher_xform, auth_xform);
@@ -649,13 +652,8 @@ process_armv8_chained_op
 				op->sym->auth.digest.length);
 	}
 
-	if (unlikely(op->sym->cipher.iv.length != sess->cipher.iv_len)) {
-		op->status = RTE_CRYPTO_OP_STATUS_INVALID_ARGS;
-		return;
-	}
-
 	arg.cipher.iv = rte_crypto_op_ctod_offset(op, uint8_t *,
-					op->sym->cipher.iv.offset);
+					sess->cipher.iv.offset);
 	arg.cipher.key = sess->cipher.key.data;
 	/* Acquire combined mode function */
 	crypto_func = sess->crypto_func;
diff --git a/drivers/crypto/armv8/rte_armv8_pmd_private.h b/drivers/crypto/armv8/rte_armv8_pmd_private.h
index b75107f..75bde9f 100644
--- a/drivers/crypto/armv8/rte_armv8_pmd_private.h
+++ b/drivers/crypto/armv8/rte_armv8_pmd_private.h
@@ -159,8 +159,11 @@ struct armv8_crypto_session {
 		/**< cipher operation direction */
 		enum rte_crypto_cipher_algorithm algo;
 		/**< cipher algorithm */
-		int iv_len;
-		/**< IV length */
+		struct {
+			uint16_t length;
+			uint16_t offset;
+		} iv;
+		/**< IV parameters */
 
 		struct {
 			uint8_t data[256];
diff --git a/drivers/crypto/dpaa2_sec/dpaa2_sec_dpseci.c b/drivers/crypto/dpaa2_sec/dpaa2_sec_dpseci.c
index 1605701..3930794 100644
--- a/drivers/crypto/dpaa2_sec/dpaa2_sec_dpseci.c
+++ b/drivers/crypto/dpaa2_sec/dpaa2_sec_dpseci.c
@@ -88,7 +88,7 @@ build_authenc_fd(dpaa2_sec_session *sess,
 	uint8_t *old_icv;
 	uint32_t mem_len = (7 * sizeof(struct qbman_fle)) + icv_len;
 	uint8_t *iv_ptr = rte_crypto_op_ctod_offset(op, uint8_t *,
-			op->sym->cipher.iv.offset);
+			sess->iv.offset);
 
 	PMD_INIT_FUNC_TRACE();
 
@@ -138,7 +138,7 @@ build_authenc_fd(dpaa2_sec_session *sess,
 		   sym_op->auth.digest.length,
 		   sym_op->cipher.data.offset,
 		   sym_op->cipher.data.length,
-		   sym_op->cipher.iv.length,
+		   sess->iv.length,
 		   sym_op->m_src->data_off);
 
 	/* Configure Output FLE with Scatter/Gather Entry */
@@ -163,7 +163,7 @@ build_authenc_fd(dpaa2_sec_session *sess,
 				DPAA2_VADDR_TO_IOVA(sym_op->auth.digest.data));
 		sge->length = sym_op->auth.digest.length;
 		DPAA2_SET_FD_LEN(fd, (sym_op->auth.data.length +
-					sym_op->cipher.iv.length));
+					sess->iv.length));
 	}
 	DPAA2_SET_FLE_FIN(sge);
 
@@ -175,13 +175,13 @@ build_authenc_fd(dpaa2_sec_session *sess,
 	DPAA2_SET_FLE_SG_EXT(fle);
 	DPAA2_SET_FLE_FIN(fle);
 	fle->length = (sess->dir == DIR_ENC) ?
-			(sym_op->auth.data.length + sym_op->cipher.iv.length) :
-			(sym_op->auth.data.length + sym_op->cipher.iv.length +
+			(sym_op->auth.data.length + sess->iv.length) :
+			(sym_op->auth.data.length + sess->iv.length +
 			 sym_op->auth.digest.length);
 
 	/* Configure Input SGE for Encap/Decap */
 	DPAA2_SET_FLE_ADDR(sge, DPAA2_VADDR_TO_IOVA(iv_ptr));
-	sge->length = sym_op->cipher.iv.length;
+	sge->length = sess->iv.length;
 	sge++;
 
 	DPAA2_SET_FLE_ADDR(sge, DPAA2_MBUF_VADDR_TO_IOVA(sym_op->m_src));
@@ -198,7 +198,7 @@ build_authenc_fd(dpaa2_sec_session *sess,
 		sge->length = sym_op->auth.digest.length;
 		DPAA2_SET_FD_LEN(fd, (sym_op->auth.data.length +
 				 sym_op->auth.digest.length +
-				 sym_op->cipher.iv.length));
+				 sess->iv.length));
 	}
 	DPAA2_SET_FLE_FIN(sge);
 	if (auth_only_len) {
@@ -310,7 +310,7 @@ build_cipher_fd(dpaa2_sec_session *sess, struct rte_crypto_op *op,
 	struct sec_flow_context *flc;
 	struct ctxt_priv *priv = sess->ctxt;
 	uint8_t *iv_ptr = rte_crypto_op_ctod_offset(op, uint8_t *,
-			op->sym->cipher.iv.offset);
+			sess->iv.offset);
 
 	PMD_INIT_FUNC_TRACE();
 
@@ -347,21 +347,21 @@ build_cipher_fd(dpaa2_sec_session *sess, struct rte_crypto_op *op,
 	flc = &priv->flc_desc[0].flc;
 	DPAA2_SET_FD_ADDR(fd, DPAA2_VADDR_TO_IOVA(fle));
 	DPAA2_SET_FD_LEN(fd, sym_op->cipher.data.length +
-			 sym_op->cipher.iv.length);
+			 sess->iv.length);
 	DPAA2_SET_FD_COMPOUND_FMT(fd);
 	DPAA2_SET_FD_FLC(fd, DPAA2_VADDR_TO_IOVA(flc));
 
 	PMD_TX_LOG(DEBUG, "cipher_off: 0x%x/length %d,ivlen=%d data_off: 0x%x",
 		   sym_op->cipher.data.offset,
 		   sym_op->cipher.data.length,
-		   sym_op->cipher.iv.length,
+		   sess->iv.length,
 		   sym_op->m_src->data_off);
 
 	DPAA2_SET_FLE_ADDR(fle, DPAA2_MBUF_VADDR_TO_IOVA(sym_op->m_src));
 	DPAA2_SET_FLE_OFFSET(fle, sym_op->cipher.data.offset +
 			     sym_op->m_src->data_off);
 
-	fle->length = sym_op->cipher.data.length + sym_op->cipher.iv.length;
+	fle->length = sym_op->cipher.data.length + sess->iv.length;
 
 	PMD_TX_LOG(DEBUG, "1 - flc = %p, fle = %p FLEaddr = %x-%x, length %d",
 		   flc, fle, fle->addr_hi, fle->addr_lo, fle->length);
@@ -369,12 +369,12 @@ build_cipher_fd(dpaa2_sec_session *sess, struct rte_crypto_op *op,
 	fle++;
 
 	DPAA2_SET_FLE_ADDR(fle, DPAA2_VADDR_TO_IOVA(sge));
-	fle->length = sym_op->cipher.data.length + sym_op->cipher.iv.length;
+	fle->length = sym_op->cipher.data.length + sess->iv.length;
 
 	DPAA2_SET_FLE_SG_EXT(fle);
 
 	DPAA2_SET_FLE_ADDR(sge, DPAA2_VADDR_TO_IOVA(iv_ptr));
-	sge->length = sym_op->cipher.iv.length;
+	sge->length = sess->iv.length;
 
 	sge++;
 	DPAA2_SET_FLE_ADDR(sge, DPAA2_MBUF_VADDR_TO_IOVA(sym_op->m_src));
@@ -798,6 +798,10 @@ dpaa2_sec_cipher_init(struct rte_cryptodev *dev,
 	cipherdata.key_enc_flags = 0;
 	cipherdata.key_type = RTA_DATA_IMM;
 
+	/* Set IV parameters */
+	session->iv.offset = xform->cipher.iv.offset;
+	session->iv.length = xform->cipher.iv.length;
+
 	switch (xform->cipher.algo) {
 	case RTE_CRYPTO_CIPHER_AES_CBC:
 		cipherdata.algtype = OP_ALG_ALGSEL_AES;
@@ -1016,6 +1020,11 @@ dpaa2_sec_aead_init(struct rte_cryptodev *dev,
 			(cipher_xform->op == RTE_CRYPTO_CIPHER_OP_ENCRYPT) ?
 			DPAA2_SEC_HASH_CIPHER : DPAA2_SEC_CIPHER_HASH;
 	}
+
+	/* Set IV parameters */
+	session->iv.offset = cipher_xform->iv.offset;
+	session->iv.length = cipher_xform->iv.length;
+
 	/* For SEC AEAD only one descriptor is required */
 	priv = (struct ctxt_priv *)rte_zmalloc(NULL,
 			sizeof(struct ctxt_priv) + sizeof(struct sec_flc_desc),
@@ -1216,6 +1225,10 @@ dpaa2_sec_session_configure(struct rte_cryptodev *dev,
 		RTE_LOG(ERR, PMD, "invalid session struct");
 		return NULL;
 	}
+
+	/* Default IV length = 0 */
+	session->iv.length = 0;
+
 	/* Cipher Only */
 	if (xform->type == RTE_CRYPTO_SYM_XFORM_CIPHER && xform->next == NULL) {
 		session->ctxt_type = DPAA2_SEC_CIPHER;
diff --git a/drivers/crypto/dpaa2_sec/dpaa2_sec_priv.h b/drivers/crypto/dpaa2_sec/dpaa2_sec_priv.h
index f5c6169..d152161 100644
--- a/drivers/crypto/dpaa2_sec/dpaa2_sec_priv.h
+++ b/drivers/crypto/dpaa2_sec/dpaa2_sec_priv.h
@@ -187,6 +187,10 @@ typedef struct dpaa2_sec_session_entry {
 		uint8_t *data;	/**< pointer to key data */
 		size_t length;	/**< key length in bytes */
 	} auth_key;
+	struct {
+		uint16_t length; /**< IV length in bytes */
+		uint16_t offset; /**< IV offset in bytes */
+	} iv;
 	uint8_t status;
 	union {
 		struct dpaa2_sec_cipher_ctxt cipher_ctxt;
@@ -275,8 +279,8 @@ static const struct rte_cryptodev_capabilities dpaa2_sec_capabilities[] = {
 						.min = 32,
 						.max = 32,
 						.increment = 0
-					},
-					.aad_size = { 0 }
+				},
+				.aad_size = { 0 }
 				}, }
 			}, }
 		},
diff --git a/drivers/crypto/kasumi/rte_kasumi_pmd.c b/drivers/crypto/kasumi/rte_kasumi_pmd.c
index 9a0b4a8..c92f5d1 100644
--- a/drivers/crypto/kasumi/rte_kasumi_pmd.c
+++ b/drivers/crypto/kasumi/rte_kasumi_pmd.c
@@ -116,6 +116,13 @@ kasumi_set_session_parameters(struct kasumi_session *sess,
 		/* Only KASUMI F8 supported */
 		if (cipher_xform->cipher.algo != RTE_CRYPTO_CIPHER_KASUMI_F8)
 			return -EINVAL;
+
+		sess->iv_offset = cipher_xform->cipher.iv.offset;
+		if (cipher_xform->cipher.iv.length != KASUMI_IV_LENGTH) {
+			KASUMI_LOG_ERR("Wrong IV length");
+			return -EINVAL;
+		}
+
 		/* Initialize key */
 		sso_kasumi_init_f8_key_sched(cipher_xform->cipher.key.data,
 				&sess->pKeySched_cipher);
@@ -179,13 +186,6 @@ process_kasumi_cipher_op(struct rte_crypto_op **ops,
 	uint32_t num_bytes[num_ops];
 
 	for (i = 0; i < num_ops; i++) {
-		/* Sanity checks. */
-		if (ops[i]->sym->cipher.iv.length != KASUMI_IV_LENGTH) {
-			ops[i]->status = RTE_CRYPTO_OP_STATUS_INVALID_ARGS;
-			KASUMI_LOG_ERR("iv");
-			break;
-		}
-
 		src[i] = rte_pktmbuf_mtod(ops[i]->sym->m_src, uint8_t *) +
 				(ops[i]->sym->cipher.data.offset >> 3);
 		dst[i] = ops[i]->sym->m_dst ?
@@ -194,7 +194,7 @@ process_kasumi_cipher_op(struct rte_crypto_op **ops,
 			rte_pktmbuf_mtod(ops[i]->sym->m_src, uint8_t *) +
 				(ops[i]->sym->cipher.data.offset >> 3);
 		iv_ptr = rte_crypto_op_ctod_offset(ops[i], uint8_t *,
-				ops[i]->sym->cipher.iv.offset);
+				session->iv_offset);
 		iv[i] = *((uint64_t *)(iv_ptr));
 		num_bytes[i] = ops[i]->sym->cipher.data.length >> 3;
 
@@ -218,13 +218,6 @@ process_kasumi_cipher_op_bit(struct rte_crypto_op *op,
 	uint64_t iv;
 	uint32_t length_in_bits, offset_in_bits;
 
-	/* Sanity checks. */
-	if (unlikely(op->sym->cipher.iv.length != KASUMI_IV_LENGTH)) {
-		op->status = RTE_CRYPTO_OP_STATUS_INVALID_ARGS;
-		KASUMI_LOG_ERR("iv");
-		return 0;
-	}
-
 	offset_in_bits = op->sym->cipher.data.offset;
 	src = rte_pktmbuf_mtod(op->sym->m_src, uint8_t *);
 	if (op->sym->m_dst == NULL) {
@@ -234,7 +227,7 @@ process_kasumi_cipher_op_bit(struct rte_crypto_op *op,
 	}
 	dst = rte_pktmbuf_mtod(op->sym->m_dst, uint8_t *);
 	iv_ptr = rte_crypto_op_ctod_offset(op, uint8_t *,
-			op->sym->cipher.iv.offset);
+			session->iv_offset);
 	iv = *((uint64_t *)(iv_ptr));
 	length_in_bits = op->sym->cipher.data.length;
 
diff --git a/drivers/crypto/kasumi/rte_kasumi_pmd_private.h b/drivers/crypto/kasumi/rte_kasumi_pmd_private.h
index fb586ca..6a0d47a 100644
--- a/drivers/crypto/kasumi/rte_kasumi_pmd_private.h
+++ b/drivers/crypto/kasumi/rte_kasumi_pmd_private.h
@@ -92,6 +92,7 @@ struct kasumi_session {
 	sso_kasumi_key_sched_t pKeySched_hash;
 	enum kasumi_operation op;
 	enum rte_crypto_auth_operation auth_op;
+	uint16_t iv_offset;
 } __rte_cache_aligned;
 
 
diff --git a/drivers/crypto/null/null_crypto_pmd_ops.c b/drivers/crypto/null/null_crypto_pmd_ops.c
index 12c946c..5f74f0c 100644
--- a/drivers/crypto/null/null_crypto_pmd_ops.c
+++ b/drivers/crypto/null/null_crypto_pmd_ops.c
@@ -72,11 +72,7 @@ static const struct rte_cryptodev_capabilities null_crypto_pmd_capabilities[] =
 					.max = 0,
 					.increment = 0
 				},
-				.iv_size = {
-					.min = 0,
-					.max = 0,
-					.increment = 0
-				}
+				.iv_size = { 0 }
 			}, },
 		}, }
 	},
diff --git a/drivers/crypto/openssl/rte_openssl_pmd.c b/drivers/crypto/openssl/rte_openssl_pmd.c
index 6bfa06f..970c735 100644
--- a/drivers/crypto/openssl/rte_openssl_pmd.c
+++ b/drivers/crypto/openssl/rte_openssl_pmd.c
@@ -264,6 +264,10 @@ openssl_set_session_cipher_parameters(struct openssl_session *sess,
 	/* Select cipher key */
 	sess->cipher.key.length = xform->cipher.key.length;
 
+	/* Set IV parameters */
+	sess->iv.offset = xform->cipher.iv.offset;
+	sess->iv.length = xform->cipher.iv.length;
+
 	/* Select cipher algo */
 	switch (xform->cipher.algo) {
 	case RTE_CRYPTO_CIPHER_3DES_CBC:
@@ -397,6 +401,9 @@ openssl_set_session_parameters(struct openssl_session *sess,
 		return -EINVAL;
 	}
 
+	/* Default IV length = 0 */
+	sess->iv.length = 0;
+
 	/* cipher_xform must be check before auth_xform */
 	if (cipher_xform) {
 		if (openssl_set_session_cipher_parameters(
@@ -924,8 +931,8 @@ process_openssl_combined_op
 	}
 
 	iv = rte_crypto_op_ctod_offset(op, uint8_t *,
-			op->sym->cipher.iv.offset);
-	ivlen = op->sym->cipher.iv.length;
+			sess->iv.offset);
+	ivlen = sess->iv.length;
 	aad = op->sym->auth.aad.data;
 	aadlen = op->sym->auth.aad.length;
 
@@ -989,7 +996,7 @@ process_openssl_cipher_op
 			op->sym->cipher.data.offset);
 
 	iv = rte_crypto_op_ctod_offset(op, uint8_t *,
-			op->sym->cipher.iv.offset);
+			sess->iv.offset);
 
 	if (sess->cipher.mode == OPENSSL_CIPHER_LIB)
 		if (sess->cipher.direction == RTE_CRYPTO_CIPHER_OP_ENCRYPT)
@@ -1031,7 +1038,7 @@ process_openssl_docsis_bpi_op(struct rte_crypto_op *op,
 			op->sym->cipher.data.offset);
 
 	iv = rte_crypto_op_ctod_offset(op, uint8_t *,
-			op->sym->cipher.iv.offset);
+			sess->iv.offset);
 
 	block_size = DES_BLOCK_SIZE;
 
@@ -1090,7 +1097,7 @@ process_openssl_docsis_bpi_op(struct rte_crypto_op *op,
 						last_block_len, sess->cipher.bpi_ctx);
 				/* Prepare parameters for CBC mode op */
 				iv = rte_crypto_op_ctod_offset(op, uint8_t *,
-						op->sym->cipher.iv.offset);
+						sess->iv.offset);
 				dst += last_block_len - srclen;
 				srclen -= last_block_len;
 			}
diff --git a/drivers/crypto/openssl/rte_openssl_pmd_private.h b/drivers/crypto/openssl/rte_openssl_pmd_private.h
index 4d820c5..3a64853 100644
--- a/drivers/crypto/openssl/rte_openssl_pmd_private.h
+++ b/drivers/crypto/openssl/rte_openssl_pmd_private.h
@@ -108,6 +108,11 @@ struct openssl_session {
 	enum openssl_chain_order chain_order;
 	/**< chain order mode */
 
+	struct {
+		uint16_t length;
+		uint16_t offset;
+	} iv;
+	/**< IV parameters */
 	/** Cipher Parameters */
 	struct {
 		enum rte_crypto_cipher_operation direction;
diff --git a/drivers/crypto/qat/qat_adf/qat_algs.h b/drivers/crypto/qat/qat_adf/qat_algs.h
index 5c63406..e8fa3d3 100644
--- a/drivers/crypto/qat/qat_adf/qat_algs.h
+++ b/drivers/crypto/qat/qat_adf/qat_algs.h
@@ -127,6 +127,10 @@ struct qat_session {
 	struct icp_qat_fw_la_bulk_req fw_req;
 	uint8_t aad_len;
 	struct qat_crypto_instance *inst;
+	struct {
+		uint16_t offset;
+		uint16_t length;
+	} iv;
 	rte_spinlock_t lock;	/* protects this struct */
 };
 
diff --git a/drivers/crypto/qat/qat_crypto.c b/drivers/crypto/qat/qat_crypto.c
index 09933fb..0dca4c2 100644
--- a/drivers/crypto/qat/qat_crypto.c
+++ b/drivers/crypto/qat/qat_crypto.c
@@ -298,6 +298,9 @@ qat_crypto_sym_configure_session_cipher(struct rte_cryptodev *dev,
 	/* Get cipher xform from crypto xform chain */
 	cipher_xform = qat_get_cipher_xform(xform);
 
+	session->iv.offset = cipher_xform->iv.offset;
+	session->iv.length = cipher_xform->iv.length;
+
 	switch (cipher_xform->algo) {
 	case RTE_CRYPTO_CIPHER_AES_CBC:
 		if (qat_alg_validate_aes_key(cipher_xform->key.length,
@@ -643,7 +646,7 @@ qat_bpicipher_preprocess(struct qat_session *ctx,
 		else
 			/* runt block, i.e. less than one full block */
 			iv = rte_crypto_op_ctod_offset(op, uint8_t *,
-					sym_op->cipher.iv.offset);
+					ctx->iv.offset);
 
 #ifdef RTE_LIBRTE_PMD_QAT_DEBUG_TX
 		rte_hexdump(stdout, "BPI: src before pre-process:", last_block,
@@ -699,7 +702,7 @@ qat_bpicipher_postprocess(struct qat_session *ctx,
 		else
 			/* runt block, i.e. less than one full block */
 			iv = rte_crypto_op_ctod_offset(op, uint8_t *,
-					sym_op->cipher.iv.offset);
+					ctx->iv.offset);
 
 #ifdef RTE_LIBRTE_PMD_QAT_DEBUG_RX
 		rte_hexdump(stdout, "BPI: src before post-process:", last_block,
@@ -975,27 +978,20 @@ qat_write_hw_desc_entry(struct rte_crypto_op *op, uint8_t *out_msg,
 		}
 
 		iv_ptr = rte_crypto_op_ctod_offset(op, uint8_t *,
-					op->sym->cipher.iv.offset);
+					ctx->iv.offset);
 		/* copy IV into request if it fits */
-		/*
-		 * If IV length is zero do not copy anything but still
-		 * use request descriptor embedded IV
-		 *
-		 */
-		if (op->sym->cipher.iv.length) {
-			if (op->sym->cipher.iv.length <=
-					sizeof(cipher_param->u.cipher_IV_array)) {
-				rte_memcpy(cipher_param->u.cipher_IV_array,
-						iv_ptr,
-						op->sym->cipher.iv.length);
-			} else {
-				ICP_QAT_FW_LA_CIPH_IV_FLD_FLAG_SET(
-						qat_req->comn_hdr.serv_specif_flags,
-						ICP_QAT_FW_CIPH_IV_64BIT_PTR);
-				cipher_param->u.s.cipher_IV_ptr =
-						rte_crypto_op_ctophys_offset(op,
-							op->sym->cipher.iv.offset);
-			}
+		if (ctx->iv.length <=
+				sizeof(cipher_param->u.cipher_IV_array)) {
+			rte_memcpy(cipher_param->u.cipher_IV_array,
+					iv_ptr,
+					ctx->iv.length);
+		} else {
+			ICP_QAT_FW_LA_CIPH_IV_FLD_FLAG_SET(
+					qat_req->comn_hdr.serv_specif_flags,
+					ICP_QAT_FW_CIPH_IV_64BIT_PTR);
+			cipher_param->u.s.cipher_IV_ptr =
+					rte_crypto_op_ctophys_offset(op,
+						ctx->iv.offset);
 		}
 		min_ofs = cipher_ofs;
 	}
@@ -1151,7 +1147,7 @@ qat_write_hw_desc_entry(struct rte_crypto_op *op, uint8_t *out_msg,
 
 	if (ctx->qat_hash_alg == ICP_QAT_HW_AUTH_ALGO_GALOIS_128 ||
 			ctx->qat_hash_alg == ICP_QAT_HW_AUTH_ALGO_GALOIS_64) {
-		if (op->sym->cipher.iv.length == 12) {
+		if (ctx->iv.length == 12) {
 			/*
 			 * For GCM a 12 byte IV is allowed,
 			 * but we need to inform the f/w
@@ -1187,7 +1183,7 @@ qat_write_hw_desc_entry(struct rte_crypto_op *op, uint8_t *out_msg,
 			rte_pktmbuf_data_len(op->sym->m_src));
 	if (do_cipher)
 		rte_hexdump(stdout, "iv:", iv_ptr,
-				op->sym->cipher.iv.length);
+				ctx->iv.length);
 
 	if (do_auth) {
 		rte_hexdump(stdout, "digest:", op->sym->auth.digest.data,
diff --git a/drivers/crypto/snow3g/rte_snow3g_pmd.c b/drivers/crypto/snow3g/rte_snow3g_pmd.c
index 3157d7b..4e93f64 100644
--- a/drivers/crypto/snow3g/rte_snow3g_pmd.c
+++ b/drivers/crypto/snow3g/rte_snow3g_pmd.c
@@ -116,6 +116,13 @@ snow3g_set_session_parameters(struct snow3g_session *sess,
 		/* Only SNOW 3G UEA2 supported */
 		if (cipher_xform->cipher.algo != RTE_CRYPTO_CIPHER_SNOW3G_UEA2)
 			return -EINVAL;
+
+		if (cipher_xform->cipher.iv.length != SNOW3G_IV_LENGTH) {
+			SNOW3G_LOG_ERR("Wrong IV length");
+			return -EINVAL;
+		}
+		sess->iv_offset = cipher_xform->cipher.iv.offset;
+
 		/* Initialize key */
 		sso_snow3g_init_key_sched(cipher_xform->cipher.key.data,
 				&sess->pKeySched_cipher);
@@ -178,13 +185,6 @@ process_snow3g_cipher_op(struct rte_crypto_op **ops,
 	uint32_t num_bytes[SNOW3G_MAX_BURST];
 
 	for (i = 0; i < num_ops; i++) {
-		/* Sanity checks. */
-		if (unlikely(ops[i]->sym->cipher.iv.length != SNOW3G_IV_LENGTH)) {
-			ops[i]->status = RTE_CRYPTO_OP_STATUS_INVALID_ARGS;
-			SNOW3G_LOG_ERR("iv");
-			break;
-		}
-
 		src[i] = rte_pktmbuf_mtod(ops[i]->sym->m_src, uint8_t *) +
 				(ops[i]->sym->cipher.data.offset >> 3);
 		dst[i] = ops[i]->sym->m_dst ?
@@ -193,7 +193,7 @@ process_snow3g_cipher_op(struct rte_crypto_op **ops,
 			rte_pktmbuf_mtod(ops[i]->sym->m_src, uint8_t *) +
 				(ops[i]->sym->cipher.data.offset >> 3);
 		iv[i] = rte_crypto_op_ctod_offset(ops[i], uint8_t *,
-				ops[i]->sym->cipher.iv.offset);
+				session->iv_offset);
 		num_bytes[i] = ops[i]->sym->cipher.data.length >> 3;
 
 		processed_ops++;
@@ -214,13 +214,6 @@ process_snow3g_cipher_op_bit(struct rte_crypto_op *op,
 	uint8_t *iv;
 	uint32_t length_in_bits, offset_in_bits;
 
-	/* Sanity checks. */
-	if (unlikely(op->sym->cipher.iv.length != SNOW3G_IV_LENGTH)) {
-		op->status = RTE_CRYPTO_OP_STATUS_INVALID_ARGS;
-		SNOW3G_LOG_ERR("iv");
-		return 0;
-	}
-
 	offset_in_bits = op->sym->cipher.data.offset;
 	src = rte_pktmbuf_mtod(op->sym->m_src, uint8_t *);
 	if (op->sym->m_dst == NULL) {
@@ -230,7 +223,7 @@ process_snow3g_cipher_op_bit(struct rte_crypto_op *op,
 	}
 	dst = rte_pktmbuf_mtod(op->sym->m_dst, uint8_t *);
 	iv = rte_crypto_op_ctod_offset(op, uint8_t *,
-				op->sym->cipher.iv.offset);
+				session->iv_offset);
 	length_in_bits = op->sym->cipher.data.length;
 
 	sso_snow3g_f8_1_buffer_bit(&session->pKeySched_cipher, iv,
diff --git a/drivers/crypto/snow3g/rte_snow3g_pmd_private.h b/drivers/crypto/snow3g/rte_snow3g_pmd_private.h
index 03973b9..e8943a7 100644
--- a/drivers/crypto/snow3g/rte_snow3g_pmd_private.h
+++ b/drivers/crypto/snow3g/rte_snow3g_pmd_private.h
@@ -91,6 +91,7 @@ struct snow3g_session {
 	enum rte_crypto_auth_operation auth_op;
 	sso_snow3g_key_schedule_t pKeySched_cipher;
 	sso_snow3g_key_schedule_t pKeySched_hash;
+	uint16_t iv_offset;
 } __rte_cache_aligned;
 
 
diff --git a/drivers/crypto/zuc/rte_zuc_pmd.c b/drivers/crypto/zuc/rte_zuc_pmd.c
index b91b305..f3cb5f0 100644
--- a/drivers/crypto/zuc/rte_zuc_pmd.c
+++ b/drivers/crypto/zuc/rte_zuc_pmd.c
@@ -115,6 +115,13 @@ zuc_set_session_parameters(struct zuc_session *sess,
 		/* Only ZUC EEA3 supported */
 		if (cipher_xform->cipher.algo != RTE_CRYPTO_CIPHER_ZUC_EEA3)
 			return -EINVAL;
+
+		if (cipher_xform->cipher.iv.length != ZUC_IV_KEY_LENGTH) {
+			ZUC_LOG_ERR("Wrong IV length");
+			return -EINVAL;
+		}
+		sess->iv_offset = cipher_xform->cipher.iv.offset;
+
 		/* Copy the key */
 		memcpy(sess->pKey_cipher, cipher_xform->cipher.key.data,
 				ZUC_IV_KEY_LENGTH);
@@ -178,13 +185,6 @@ process_zuc_cipher_op(struct rte_crypto_op **ops,
 	uint8_t *cipher_keys[ZUC_MAX_BURST];
 
 	for (i = 0; i < num_ops; i++) {
-		/* Sanity checks. */
-		if (unlikely(ops[i]->sym->cipher.iv.length != ZUC_IV_KEY_LENGTH)) {
-			ops[i]->status = RTE_CRYPTO_OP_STATUS_INVALID_ARGS;
-			ZUC_LOG_ERR("iv");
-			break;
-		}
-
 		if (((ops[i]->sym->cipher.data.length % BYTE_LEN) != 0)
 				|| ((ops[i]->sym->cipher.data.offset
 					% BYTE_LEN) != 0)) {
@@ -214,7 +214,7 @@ process_zuc_cipher_op(struct rte_crypto_op **ops,
 			rte_pktmbuf_mtod(ops[i]->sym->m_src, uint8_t *) +
 				(ops[i]->sym->cipher.data.offset >> 3);
 		iv[i] = rte_crypto_op_ctod_offset(ops[i], uint8_t *,
-				ops[i]->sym->cipher.iv.offset);
+				session->iv_offset);
 		num_bytes[i] = ops[i]->sym->cipher.data.length >> 3;
 
 		cipher_keys[i] = session->pKey_cipher;
diff --git a/drivers/crypto/zuc/rte_zuc_pmd_ops.c b/drivers/crypto/zuc/rte_zuc_pmd_ops.c
index e793459..c24b9bd 100644
--- a/drivers/crypto/zuc/rte_zuc_pmd_ops.c
+++ b/drivers/crypto/zuc/rte_zuc_pmd_ops.c
@@ -80,7 +80,7 @@ static const struct rte_cryptodev_capabilities zuc_pmd_capabilities[] = {
 					.min = 16,
 					.max = 16,
 					.increment = 0
-				}
+				},
 			}, }
 		}, }
 	},
diff --git a/drivers/crypto/zuc/rte_zuc_pmd_private.h b/drivers/crypto/zuc/rte_zuc_pmd_private.h
index 030f120..cee1b5d 100644
--- a/drivers/crypto/zuc/rte_zuc_pmd_private.h
+++ b/drivers/crypto/zuc/rte_zuc_pmd_private.h
@@ -92,6 +92,7 @@ struct zuc_session {
 	enum rte_crypto_auth_operation auth_op;
 	uint8_t pKey_cipher[ZUC_IV_KEY_LENGTH];
 	uint8_t pKey_hash[ZUC_IV_KEY_LENGTH];
+	uint16_t iv_offset;
 } __rte_cache_aligned;
 
 
diff --git a/examples/ipsec-secgw/esp.c b/examples/ipsec-secgw/esp.c
index 738a800..9e12782 100644
--- a/examples/ipsec-secgw/esp.c
+++ b/examples/ipsec-secgw/esp.c
@@ -50,9 +50,6 @@
 #include "esp.h"
 #include "ipip.h"
 
-#define IV_OFFSET		(sizeof(struct rte_crypto_op) + \
-				sizeof(struct rte_crypto_sym_op))
-
 int
 esp_inbound(struct rte_mbuf *m, struct ipsec_sa *sa,
 		struct rte_crypto_op *cop)
@@ -104,8 +101,6 @@ esp_inbound(struct rte_mbuf *m, struct ipsec_sa *sa,
 	case RTE_CRYPTO_CIPHER_AES_CBC:
 		/* Copy IV at the end of crypto operation */
 		rte_memcpy(iv_ptr, iv, sa->iv_len);
-		sym_cop->cipher.iv.offset = IV_OFFSET;
-		sym_cop->cipher.iv.length = sa->iv_len;
 		break;
 	case RTE_CRYPTO_CIPHER_AES_CTR:
 	case RTE_CRYPTO_CIPHER_AES_GCM:
@@ -113,8 +108,6 @@ esp_inbound(struct rte_mbuf *m, struct ipsec_sa *sa,
 		icb->salt = sa->salt;
 		memcpy(&icb->iv, iv, 8);
 		icb->cnt = rte_cpu_to_be_32(1);
-		sym_cop->cipher.iv.offset = IV_OFFSET;
-		sym_cop->cipher.iv.length = 16;
 		break;
 	default:
 		RTE_LOG(ERR, IPSEC_ESP, "unsupported cipher algorithm %u\n",
@@ -348,8 +341,6 @@ esp_outbound(struct rte_mbuf *m, struct ipsec_sa *sa,
 	icb->salt = sa->salt;
 	icb->iv = sa->seq;
 	icb->cnt = rte_cpu_to_be_32(1);
-	sym_cop->cipher.iv.offset = IV_OFFSET;
-	sym_cop->cipher.iv.length = 16;
 
 	uint8_t *aad;
 
diff --git a/examples/ipsec-secgw/ipsec.h b/examples/ipsec-secgw/ipsec.h
index de1df7b..405cf3d 100644
--- a/examples/ipsec-secgw/ipsec.h
+++ b/examples/ipsec-secgw/ipsec.h
@@ -48,6 +48,9 @@
 
 #define MAX_DIGEST_SIZE 32 /* Bytes -- 256 bits */
 
+#define IV_OFFSET		(sizeof(struct rte_crypto_op) + \
+				sizeof(struct rte_crypto_sym_op))
+
 #define uint32_t_to_char(ip, a, b, c, d) do {\
 		*a = (uint8_t)(ip >> 24 & 0xff);\
 		*b = (uint8_t)(ip >> 16 & 0xff);\
diff --git a/examples/ipsec-secgw/sa.c b/examples/ipsec-secgw/sa.c
index 39624c4..85e4d4e 100644
--- a/examples/ipsec-secgw/sa.c
+++ b/examples/ipsec-secgw/sa.c
@@ -589,6 +589,7 @@ sa_add_rules(struct sa_ctx *sa_ctx, const struct ipsec_sa entries[],
 {
 	struct ipsec_sa *sa;
 	uint32_t i, idx;
+	uint16_t iv_length;
 
 	for (i = 0; i < nb_entries; i++) {
 		idx = SPI2IDX(entries[i].spi);
@@ -607,6 +608,21 @@ sa_add_rules(struct sa_ctx *sa_ctx, const struct ipsec_sa entries[],
 			sa->dst.ip.ip4 = rte_cpu_to_be_32(sa->dst.ip.ip4);
 		}
 
+		switch (sa->cipher_algo) {
+		case RTE_CRYPTO_CIPHER_NULL:
+		case RTE_CRYPTO_CIPHER_AES_CBC:
+			iv_length = sa->iv_len;
+			break;
+		case RTE_CRYPTO_CIPHER_AES_CTR:
+		case RTE_CRYPTO_CIPHER_AES_GCM:
+			iv_length = 16;
+			break;
+		default:
+			RTE_LOG(ERR, IPSEC_ESP, "unsupported cipher algorithm %u\n",
+					sa->cipher_algo);
+			return -EINVAL;
+		}
+
 		if (inbound) {
 			sa_ctx->xf[idx].b.type = RTE_CRYPTO_SYM_XFORM_CIPHER;
 			sa_ctx->xf[idx].b.cipher.algo = sa->cipher_algo;
@@ -615,6 +631,8 @@ sa_add_rules(struct sa_ctx *sa_ctx, const struct ipsec_sa entries[],
 				sa->cipher_key_len;
 			sa_ctx->xf[idx].b.cipher.op =
 				RTE_CRYPTO_CIPHER_OP_DECRYPT;
+			sa_ctx->xf[idx].b.cipher.iv.offset = IV_OFFSET;
+			sa_ctx->xf[idx].b.cipher.iv.length = iv_length;
 			sa_ctx->xf[idx].b.next = NULL;
 
 			sa_ctx->xf[idx].a.type = RTE_CRYPTO_SYM_XFORM_AUTH;
@@ -637,6 +655,8 @@ sa_add_rules(struct sa_ctx *sa_ctx, const struct ipsec_sa entries[],
 				sa->cipher_key_len;
 			sa_ctx->xf[idx].a.cipher.op =
 				RTE_CRYPTO_CIPHER_OP_ENCRYPT;
+			sa_ctx->xf[idx].a.cipher.iv.offset = IV_OFFSET;
+			sa_ctx->xf[idx].a.cipher.iv.length = iv_length;
 			sa_ctx->xf[idx].a.next = NULL;
 
 			sa_ctx->xf[idx].b.type = RTE_CRYPTO_SYM_XFORM_AUTH;
diff --git a/examples/l2fwd-crypto/main.c b/examples/l2fwd-crypto/main.c
index ffd9731..9f16806 100644
--- a/examples/l2fwd-crypto/main.c
+++ b/examples/l2fwd-crypto/main.c
@@ -139,6 +139,11 @@ struct l2fwd_key {
 	phys_addr_t phys_addr;
 };
 
+struct l2fwd_iv {
+	uint8_t *data;
+	uint16_t length;
+};
+
 /** l2fwd crypto application command line options */
 struct l2fwd_crypto_options {
 	unsigned portmask;
@@ -155,8 +160,8 @@ struct l2fwd_crypto_options {
 	unsigned ckey_param;
 	int ckey_random_size;
 
-	struct l2fwd_key iv;
-	unsigned iv_param;
+	struct l2fwd_iv iv;
+	unsigned int iv_param;
 	int iv_random_size;
 
 	struct rte_crypto_sym_xform auth_xform;
@@ -183,7 +188,7 @@ struct l2fwd_crypto_params {
 	unsigned digest_length;
 	unsigned block_size;
 
-	struct l2fwd_key iv;
+	struct l2fwd_iv iv;
 	struct l2fwd_key aad;
 	struct rte_cryptodev_sym_session *session;
 
@@ -489,9 +494,6 @@ l2fwd_simple_crypto_enqueue(struct rte_mbuf *m,
 		/* Copy IV at the end of the crypto operation */
 		rte_memcpy(iv_ptr, cparams->iv.data, cparams->iv.length);
 
-		op->sym->cipher.iv.offset = IV_OFFSET;
-		op->sym->cipher.iv.length = cparams->iv.length;
-
 		/* For wireless algorithms, offset/length must be in bits */
 		if (cparams->cipher_algo == RTE_CRYPTO_CIPHER_SNOW3G_UEA2 ||
 				cparams->cipher_algo == RTE_CRYPTO_CIPHER_KASUMI_F8 ||
@@ -703,6 +705,9 @@ l2fwd_main_loop(struct l2fwd_crypto_options *options)
 						port_cparams[i].iv.length);
 
 			port_cparams[i].cipher_algo = options->cipher_xform.cipher.algo;
+			/* Set IV parameters */
+			options->cipher_xform.cipher.iv.offset = IV_OFFSET;
+			options->cipher_xform.cipher.iv.length = options->iv.length;
 		}
 
 		port_cparams[i].session = initialize_crypto_session(options,
@@ -1547,6 +1552,46 @@ check_supported_size(uint16_t length, uint16_t min, uint16_t max,
 
 	return -1;
 }
+
+static int
+check_iv_param(const struct rte_crypto_param_range *iv_range_size,
+		unsigned int iv_param, int iv_random_size,
+		uint16_t *iv_length)
+{
+	/*
+	 * Check if length of provided IV is supported
+	 * by the algorithm chosen.
+	 */
+	if (iv_param) {
+		if (check_supported_size(*iv_length,
+				iv_range_size->min,
+				iv_range_size->max,
+				iv_range_size->increment)
+					!= 0) {
+			printf("Unsupported IV length\n");
+			return -1;
+		}
+	/*
+	 * Check if length of IV to be randomly generated
+	 * is supported by the algorithm chosen.
+	 */
+	} else if (iv_random_size != -1) {
+		if (check_supported_size(iv_random_size,
+				iv_range_size->min,
+				iv_range_size->max,
+				iv_range_size->increment)
+					!= 0) {
+			printf("Unsupported IV length\n");
+			return -1;
+		}
+		*iv_length = iv_random_size;
+	/* No size provided, use minimum size. */
+	} else
+		*iv_length = iv_range_size->min;
+
+	return 0;
+}
+
 static int
 initialize_cryptodevs(struct l2fwd_crypto_options *options, unsigned nb_ports,
 		uint8_t *enabled_cdevs)
@@ -1614,36 +1659,9 @@ initialize_cryptodevs(struct l2fwd_crypto_options *options, unsigned nb_ports,
 			}
 
 			options->block_size = cap->sym.cipher.block_size;
-			/*
-			 * Check if length of provided IV is supported
-			 * by the algorithm chosen.
-			 */
-			if (options->iv_param) {
-				if (check_supported_size(options->iv.length,
-						cap->sym.cipher.iv_size.min,
-						cap->sym.cipher.iv_size.max,
-						cap->sym.cipher.iv_size.increment)
-							!= 0) {
-					printf("Unsupported IV length\n");
-					return -1;
-				}
-			/*
-			 * Check if length of IV to be randomly generated
-			 * is supported by the algorithm chosen.
-			 */
-			} else if (options->iv_random_size != -1) {
-				if (check_supported_size(options->iv_random_size,
-						cap->sym.cipher.iv_size.min,
-						cap->sym.cipher.iv_size.max,
-						cap->sym.cipher.iv_size.increment)
-							!= 0) {
-					printf("Unsupported IV length\n");
-					return -1;
-				}
-				options->iv.length = options->iv_random_size;
-			/* No size provided, use minimum size. */
-			} else
-				options->iv.length = cap->sym.cipher.iv_size.min;
+
+			check_iv_param(&cap->sym.cipher.iv_size, options->iv_param,
+					options->iv_random_size, &options->iv.length);
 
 			/*
 			 * Check if length of provided cipher key is supported
diff --git a/lib/librte_cryptodev/rte_crypto_sym.h b/lib/librte_cryptodev/rte_crypto_sym.h
index b35c45a..c1a1e27 100644
--- a/lib/librte_cryptodev/rte_crypto_sym.h
+++ b/lib/librte_cryptodev/rte_crypto_sym.h
@@ -190,6 +190,55 @@ struct rte_crypto_cipher_xform {
 	 *  - Each key can be either 128 bits (16 bytes) or 256 bits (32 bytes).
 	 *  - Both keys must have the same size.
 	 **/
+	struct {
+		uint16_t offset;
+		/**< Starting point for Initialisation Vector or Counter,
+		 * specified as number of bytes from start of crypto
+		 * operation (rte_crypto_op).
+		 *
+		 * - For block ciphers in CBC or F8 mode, or for KASUMI
+		 * in F8 mode, or for SNOW 3G in UEA2 mode, this is the
+		 * Initialisation Vector (IV) value.
+		 *
+		 * - For block ciphers in CTR mode, this is the counter.
+		 *
+		 * - For GCM mode, this is either the IV (if the length
+		 * is 96 bits) or J0 (for other sizes), where J0 is as
+		 * defined by NIST SP800-38D. Regardless of the IV
+		 * length, a full 16 bytes needs to be allocated.
+		 *
+		 * - For CCM mode, the first byte is reserved, and the
+		 * nonce should be written starting at &iv[1] (to allow
+		 * space for the implementation to write in the flags
+		 * in the first byte). Note that a full 16 bytes should
+		 * be allocated, even though the length field will
+		 * have a value less than this.
+		 *
+		 * - For AES-XTS, this is the 128bit tweak, i, from
+		 * IEEE Std 1619-2007.
+		 *
+		 * For optimum performance, the data pointed to SHOULD
+		 * be 8-byte aligned.
+		 */
+		uint16_t length;
+		/**< Length of valid IV data.
+		 *
+		 * - For block ciphers in CBC or F8 mode, or for KASUMI
+		 * in F8 mode, or for SNOW 3G in UEA2 mode, this is the
+		 * length of the IV (which must be the same as the
+		 * block length of the cipher).
+		 *
+		 * - For block ciphers in CTR mode, this is the length
+		 * of the counter (which must be the same as the block
+		 * length of the cipher).
+		 *
+		 * - For GCM mode, this is either 12 (for 96-bit IVs)
+		 * or 16, in which case data points to J0.
+		 *
+		 * - For CCM mode, this is the length of the nonce,
+		 * which can be in the range 7 to 13 inclusive.
+		 */
+	} iv;	/**< Initialisation vector parameters */
 };
 
 /** Symmetric Authentication / Hash Algorithms */
@@ -463,55 +512,6 @@ struct rte_crypto_sym_op {
 			  */
 		} data; /**< Data offsets and length for ciphering */
 
-		struct {
-			uint16_t offset;
-			/**< Starting point for Initialisation Vector or Counter,
-			 * specified as number of bytes from start of crypto
-			 * operation.
-			 *
-			 * - For block ciphers in CBC or F8 mode, or for KASUMI
-			 * in F8 mode, or for SNOW 3G in UEA2 mode, this is the
-			 * Initialisation Vector (IV) value.
-			 *
-			 * - For block ciphers in CTR mode, this is the counter.
-			 *
-			 * - For GCM mode, this is either the IV (if the length
-			 * is 96 bits) or J0 (for other sizes), where J0 is as
-			 * defined by NIST SP800-38D. Regardless of the IV
-			 * length, a full 16 bytes needs to be allocated.
-			 *
-			 * - For CCM mode, the first byte is reserved, and the
-			 * nonce should be written starting at &iv[1] (to allow
-			 * space for the implementation to write in the flags
-			 * in the first byte). Note that a full 16 bytes should
-			 * be allocated, even though the length field will
-			 * have a value less than this.
-			 *
-			 * - For AES-XTS, this is the 128bit tweak, i, from
-			 * IEEE Std 1619-2007.
-			 *
-			 * For optimum performance, the data pointed to SHOULD
-			 * be 8-byte aligned.
-			 */
-			uint16_t length;
-			/**< Length of valid IV data.
-			 *
-			 * - For block ciphers in CBC or F8 mode, or for KASUMI
-			 * in F8 mode, or for SNOW 3G in UEA2 mode, this is the
-			 * length of the IV (which must be the same as the
-			 * block length of the cipher).
-			 *
-			 * - For block ciphers in CTR mode, this is the length
-			 * of the counter (which must be the same as the block
-			 * length of the cipher).
-			 *
-			 * - For GCM mode, this is either 12 (for 96-bit IVs)
-			 * or 16, in which case data points to J0.
-			 *
-			 * - For CCM mode, this is the length of the nonce,
-			 * which can be in the range 7 to 13 inclusive.
-			 */
-		} iv;	/**< Initialisation vector parameters */
 	} cipher;
 
 	struct {
diff --git a/test/test/test_cryptodev.c b/test/test/test_cryptodev.c
index fbcaaee..828a91b 100644
--- a/test/test/test_cryptodev.c
+++ b/test/test/test_cryptodev.c
@@ -1270,6 +1270,8 @@ test_AES_CBC_HMAC_SHA1_encrypt_digest(void)
 	ut_params->cipher_xform.cipher.op = RTE_CRYPTO_CIPHER_OP_ENCRYPT;
 	ut_params->cipher_xform.cipher.key.data = aes_cbc_key;
 	ut_params->cipher_xform.cipher.key.length = CIPHER_KEY_LENGTH_AES_CBC;
+	ut_params->cipher_xform.cipher.iv.offset = IV_OFFSET;
+	ut_params->cipher_xform.cipher.iv.length = CIPHER_IV_LENGTH_AES_CBC;
 
 	/* Setup HMAC Parameters */
 	ut_params->auth_xform.type = RTE_CRYPTO_SYM_XFORM_AUTH;
@@ -1310,13 +1312,11 @@ test_AES_CBC_HMAC_SHA1_encrypt_digest(void)
 	sym_op->auth.data.offset = 0;
 	sym_op->auth.data.length = QUOTE_512_BYTES;
 
-	/* Set crypto operation cipher parameters */
-	sym_op->cipher.iv.offset = IV_OFFSET;
-	sym_op->cipher.iv.length = CIPHER_IV_LENGTH_AES_CBC;
-
+	/* Copy IV at the end of the crypto operation */
 	rte_memcpy(rte_crypto_op_ctod_offset(ut_params->op, uint8_t *, IV_OFFSET),
 			aes_cbc_iv, CIPHER_IV_LENGTH_AES_CBC);
 
+	/* Set crypto operation cipher parameters */
 	sym_op->cipher.data.offset = 0;
 	sym_op->cipher.data.length = QUOTE_512_BYTES;
 
@@ -1404,6 +1404,8 @@ test_AES_CBC_HMAC_SHA512_decrypt_create_session_params(
 	ut_params->cipher_xform.cipher.op = RTE_CRYPTO_CIPHER_OP_DECRYPT;
 	ut_params->cipher_xform.cipher.key.data = cipher_key;
 	ut_params->cipher_xform.cipher.key.length = CIPHER_KEY_LENGTH_AES_CBC;
+	ut_params->cipher_xform.cipher.iv.offset = IV_OFFSET;
+	ut_params->cipher_xform.cipher.iv.length = CIPHER_IV_LENGTH_AES_CBC;
 
 	/* Setup HMAC Parameters */
 	ut_params->auth_xform.type = RTE_CRYPTO_SYM_XFORM_AUTH;
@@ -1462,9 +1464,7 @@ test_AES_CBC_HMAC_SHA512_decrypt_perform(struct rte_cryptodev_sym_session *sess,
 	sym_op->auth.data.offset = 0;
 	sym_op->auth.data.length = QUOTE_512_BYTES;
 
-	sym_op->cipher.iv.offset = IV_OFFSET;
-	sym_op->cipher.iv.length = CIPHER_IV_LENGTH_AES_CBC;
-
+	/* Copy IV at the end of the crypto operation */
 	rte_memcpy(rte_crypto_op_ctod_offset(ut_params->op, uint8_t *, IV_OFFSET),
 			iv, CIPHER_IV_LENGTH_AES_CBC);
 
@@ -1806,7 +1806,8 @@ static int
 create_wireless_algo_cipher_session(uint8_t dev_id,
 			enum rte_crypto_cipher_operation op,
 			enum rte_crypto_cipher_algorithm algo,
-			const uint8_t *key, const uint8_t key_len)
+			const uint8_t *key, const uint8_t key_len,
+			uint8_t iv_len)
 {
 	uint8_t cipher_key[key_len];
 
@@ -1822,6 +1823,8 @@ create_wireless_algo_cipher_session(uint8_t dev_id,
 	ut_params->cipher_xform.cipher.op = op;
 	ut_params->cipher_xform.cipher.key.data = cipher_key;
 	ut_params->cipher_xform.cipher.key.length = key_len;
+	ut_params->cipher_xform.cipher.iv.offset = IV_OFFSET;
+	ut_params->cipher_xform.cipher.iv.length = iv_len;
 
 	TEST_HEXDUMP(stdout, "key:", key, key_len);
 
@@ -1856,9 +1859,6 @@ create_wireless_algo_cipher_operation(const uint8_t *iv, uint8_t iv_len,
 	sym_op->m_src = ut_params->ibuf;
 
 	/* iv */
-	sym_op->cipher.iv.offset = IV_OFFSET;
-	sym_op->cipher.iv.length = iv_len;
-
 	rte_memcpy(rte_crypto_op_ctod_offset(ut_params->op, uint8_t *, IV_OFFSET),
 			iv, iv_len);
 	sym_op->cipher.data.length = cipher_len;
@@ -1890,9 +1890,6 @@ create_wireless_algo_cipher_operation_oop(const uint8_t *iv, uint8_t iv_len,
 	sym_op->m_dst = ut_params->obuf;
 
 	/* iv */
-	sym_op->cipher.iv.offset = IV_OFFSET;
-	sym_op->cipher.iv.length = iv_len;
-
 	rte_memcpy(rte_crypto_op_ctod_offset(ut_params->op, uint8_t *, IV_OFFSET),
 			iv, iv_len);
 	sym_op->cipher.data.length = cipher_len;
@@ -1907,7 +1904,8 @@ create_wireless_algo_cipher_auth_session(uint8_t dev_id,
 		enum rte_crypto_auth_algorithm auth_algo,
 		enum rte_crypto_cipher_algorithm cipher_algo,
 		const uint8_t *key, const uint8_t key_len,
-		const uint8_t aad_len, const uint8_t auth_len)
+		const uint8_t aad_len, const uint8_t auth_len,
+		uint8_t iv_len)
 
 {
 	uint8_t cipher_auth_key[key_len];
@@ -1936,6 +1934,8 @@ create_wireless_algo_cipher_auth_session(uint8_t dev_id,
 	ut_params->cipher_xform.cipher.op = cipher_op;
 	ut_params->cipher_xform.cipher.key.data = cipher_auth_key;
 	ut_params->cipher_xform.cipher.key.length = key_len;
+	ut_params->cipher_xform.cipher.iv.offset = IV_OFFSET;
+	ut_params->cipher_xform.cipher.iv.length = iv_len;
 
 	TEST_HEXDUMP(stdout, "key:", key, key_len);
 
@@ -1962,6 +1962,7 @@ create_wireless_cipher_auth_session(uint8_t dev_id,
 	const uint8_t *key = tdata->key.data;
 	const uint8_t aad_len = tdata->aad.len;
 	const uint8_t auth_len = tdata->digest.len;
+	uint8_t iv_len = tdata->iv.len;
 
 	memcpy(cipher_auth_key, key, key_len);
 
@@ -1985,6 +1986,9 @@ create_wireless_cipher_auth_session(uint8_t dev_id,
 	ut_params->cipher_xform.cipher.op = cipher_op;
 	ut_params->cipher_xform.cipher.key.data = cipher_auth_key;
 	ut_params->cipher_xform.cipher.key.length = key_len;
+	ut_params->cipher_xform.cipher.iv.offset = IV_OFFSET;
+	ut_params->cipher_xform.cipher.iv.length = iv_len;
+
 
 	TEST_HEXDUMP(stdout, "key:", key, key_len);
 
@@ -2013,7 +2017,8 @@ create_wireless_algo_auth_cipher_session(uint8_t dev_id,
 		enum rte_crypto_auth_algorithm auth_algo,
 		enum rte_crypto_cipher_algorithm cipher_algo,
 		const uint8_t *key, const uint8_t key_len,
-		const uint8_t aad_len, const uint8_t auth_len)
+		const uint8_t aad_len, const uint8_t auth_len,
+		uint8_t iv_len)
 {
 	uint8_t auth_cipher_key[key_len];
 
@@ -2038,6 +2043,8 @@ create_wireless_algo_auth_cipher_session(uint8_t dev_id,
 	ut_params->cipher_xform.cipher.op = cipher_op;
 	ut_params->cipher_xform.cipher.key.data = auth_cipher_key;
 	ut_params->cipher_xform.cipher.key.length = key_len;
+	ut_params->cipher_xform.cipher.iv.offset = IV_OFFSET;
+	ut_params->cipher_xform.cipher.iv.length = iv_len;
 
 	TEST_HEXDUMP(stdout, "key:", key, key_len);
 
@@ -2211,9 +2218,6 @@ create_wireless_cipher_hash_operation(const struct wireless_test_data *tdata,
 	TEST_HEXDUMP(stdout, "aad:", sym_op->auth.aad.data, aad_len);
 
 	/* iv */
-	sym_op->cipher.iv.offset = IV_OFFSET;
-	sym_op->cipher.iv.length = iv_len;
-
 	rte_memcpy(rte_crypto_op_ctod_offset(ut_params->op, uint8_t *, IV_OFFSET),
 			iv, iv_len);
 	sym_op->cipher.data.length = cipher_len;
@@ -2306,9 +2310,6 @@ create_wireless_algo_cipher_hash_operation(const uint8_t *auth_tag,
 	TEST_HEXDUMP(stdout, "aad:", sym_op->auth.aad.data, aad_len);
 
 	/* iv */
-	sym_op->cipher.iv.offset = IV_OFFSET;
-	sym_op->cipher.iv.length = iv_len;
-
 	rte_memcpy(rte_crypto_op_ctod_offset(ut_params->op, uint8_t *, IV_OFFSET),
 			iv, iv_len);
 	sym_op->cipher.data.length = cipher_len;
@@ -2389,9 +2390,6 @@ create_wireless_algo_auth_cipher_operation(const unsigned auth_tag_len,
 			sym_op->auth.aad.data, aad_len);
 
 	/* iv */
-	sym_op->cipher.iv.offset = IV_OFFSET;
-	sym_op->cipher.iv.length = iv_len;
-
 	rte_memcpy(rte_crypto_op_ctod_offset(ut_params->op, uint8_t *, IV_OFFSET),
 			iv, iv_len);
 	sym_op->cipher.data.length = cipher_len;
@@ -2801,7 +2799,8 @@ test_kasumi_encryption(const struct kasumi_test_data *tdata)
 	retval = create_wireless_algo_cipher_session(ts_params->valid_devs[0],
 					RTE_CRYPTO_CIPHER_OP_ENCRYPT,
 					RTE_CRYPTO_CIPHER_KASUMI_F8,
-					tdata->key.data, tdata->key.len);
+					tdata->key.data, tdata->key.len,
+					tdata->iv.len);
 	if (retval < 0)
 		return retval;
 
@@ -2876,7 +2875,8 @@ test_kasumi_encryption_sgl(const struct kasumi_test_data *tdata)
 	retval = create_wireless_algo_cipher_session(ts_params->valid_devs[0],
 					RTE_CRYPTO_CIPHER_OP_ENCRYPT,
 					RTE_CRYPTO_CIPHER_KASUMI_F8,
-					tdata->key.data, tdata->key.len);
+					tdata->key.data, tdata->key.len,
+					tdata->iv.len);
 	if (retval < 0)
 		return retval;
 
@@ -2940,7 +2940,8 @@ test_kasumi_encryption_oop(const struct kasumi_test_data *tdata)
 	retval = create_wireless_algo_cipher_session(ts_params->valid_devs[0],
 					RTE_CRYPTO_CIPHER_OP_ENCRYPT,
 					RTE_CRYPTO_CIPHER_KASUMI_F8,
-					tdata->key.data, tdata->key.len);
+					tdata->key.data, tdata->key.len,
+					tdata->iv.len);
 	if (retval < 0)
 		return retval;
 
@@ -3017,7 +3018,8 @@ test_kasumi_encryption_oop_sgl(const struct kasumi_test_data *tdata)
 	retval = create_wireless_algo_cipher_session(ts_params->valid_devs[0],
 					RTE_CRYPTO_CIPHER_OP_ENCRYPT,
 					RTE_CRYPTO_CIPHER_KASUMI_F8,
-					tdata->key.data, tdata->key.len);
+					tdata->key.data, tdata->key.len,
+					tdata->iv.len);
 	if (retval < 0)
 		return retval;
 
@@ -3080,7 +3082,8 @@ test_kasumi_decryption_oop(const struct kasumi_test_data *tdata)
 	retval = create_wireless_algo_cipher_session(ts_params->valid_devs[0],
 					RTE_CRYPTO_CIPHER_OP_DECRYPT,
 					RTE_CRYPTO_CIPHER_KASUMI_F8,
-					tdata->key.data, tdata->key.len);
+					tdata->key.data, tdata->key.len,
+					tdata->iv.len);
 	if (retval < 0)
 		return retval;
 
@@ -3146,7 +3149,8 @@ test_kasumi_decryption(const struct kasumi_test_data *tdata)
 	retval = create_wireless_algo_cipher_session(ts_params->valid_devs[0],
 					RTE_CRYPTO_CIPHER_OP_DECRYPT,
 					RTE_CRYPTO_CIPHER_KASUMI_F8,
-					tdata->key.data, tdata->key.len);
+					tdata->key.data, tdata->key.len,
+					tdata->iv.len);
 	if (retval < 0)
 		return retval;
 
@@ -3210,7 +3214,8 @@ test_snow3g_encryption(const struct snow3g_test_data *tdata)
 	retval = create_wireless_algo_cipher_session(ts_params->valid_devs[0],
 					RTE_CRYPTO_CIPHER_OP_ENCRYPT,
 					RTE_CRYPTO_CIPHER_SNOW3G_UEA2,
-					tdata->key.data, tdata->key.len);
+					tdata->key.data, tdata->key.len,
+					tdata->iv.len);
 	if (retval < 0)
 		return retval;
 
@@ -3274,7 +3279,8 @@ test_snow3g_encryption_oop(const struct snow3g_test_data *tdata)
 	retval = create_wireless_algo_cipher_session(ts_params->valid_devs[0],
 					RTE_CRYPTO_CIPHER_OP_ENCRYPT,
 					RTE_CRYPTO_CIPHER_SNOW3G_UEA2,
-					tdata->key.data, tdata->key.len);
+					tdata->key.data, tdata->key.len,
+					tdata->iv.len);
 	if (retval < 0)
 		return retval;
 
@@ -3355,7 +3361,8 @@ test_snow3g_encryption_oop_sgl(const struct snow3g_test_data *tdata)
 	retval = create_wireless_algo_cipher_session(ts_params->valid_devs[0],
 					RTE_CRYPTO_CIPHER_OP_ENCRYPT,
 					RTE_CRYPTO_CIPHER_SNOW3G_UEA2,
-					tdata->key.data, tdata->key.len);
+					tdata->key.data, tdata->key.len,
+					tdata->iv.len);
 	if (retval < 0)
 		return retval;
 
@@ -3444,7 +3451,8 @@ test_snow3g_encryption_offset_oop(const struct snow3g_test_data *tdata)
 	retval = create_wireless_algo_cipher_session(ts_params->valid_devs[0],
 					RTE_CRYPTO_CIPHER_OP_ENCRYPT,
 					RTE_CRYPTO_CIPHER_SNOW3G_UEA2,
-					tdata->key.data, tdata->key.len);
+					tdata->key.data, tdata->key.len,
+					tdata->iv.len);
 	if (retval < 0)
 		return retval;
 
@@ -3534,7 +3542,8 @@ static int test_snow3g_decryption(const struct snow3g_test_data *tdata)
 	retval = create_wireless_algo_cipher_session(ts_params->valid_devs[0],
 					RTE_CRYPTO_CIPHER_OP_DECRYPT,
 					RTE_CRYPTO_CIPHER_SNOW3G_UEA2,
-					tdata->key.data, tdata->key.len);
+					tdata->key.data, tdata->key.len,
+					tdata->iv.len);
 	if (retval < 0)
 		return retval;
 
@@ -3595,7 +3604,8 @@ static int test_snow3g_decryption_oop(const struct snow3g_test_data *tdata)
 	retval = create_wireless_algo_cipher_session(ts_params->valid_devs[0],
 					RTE_CRYPTO_CIPHER_OP_DECRYPT,
 					RTE_CRYPTO_CIPHER_SNOW3G_UEA2,
-					tdata->key.data, tdata->key.len);
+					tdata->key.data, tdata->key.len,
+					tdata->iv.len);
 	if (retval < 0)
 		return retval;
 
@@ -3758,7 +3768,8 @@ test_snow3g_cipher_auth(const struct snow3g_test_data *tdata)
 			RTE_CRYPTO_AUTH_SNOW3G_UIA2,
 			RTE_CRYPTO_CIPHER_SNOW3G_UEA2,
 			tdata->key.data, tdata->key.len,
-			tdata->aad.len, tdata->digest.len);
+			tdata->aad.len, tdata->digest.len,
+			tdata->iv.len);
 	if (retval < 0)
 		return retval;
 	ut_params->ibuf = rte_pktmbuf_alloc(ts_params->mbuf_pool);
@@ -3840,7 +3851,8 @@ test_snow3g_auth_cipher(const struct snow3g_test_data *tdata)
 			RTE_CRYPTO_AUTH_SNOW3G_UIA2,
 			RTE_CRYPTO_CIPHER_SNOW3G_UEA2,
 			tdata->key.data, tdata->key.len,
-			tdata->aad.len, tdata->digest.len);
+			tdata->aad.len, tdata->digest.len,
+			tdata->iv.len);
 	if (retval < 0)
 		return retval;
 
@@ -3926,7 +3938,8 @@ test_kasumi_auth_cipher(const struct kasumi_test_data *tdata)
 			RTE_CRYPTO_AUTH_KASUMI_F9,
 			RTE_CRYPTO_CIPHER_KASUMI_F8,
 			tdata->key.data, tdata->key.len,
-			tdata->aad.len, tdata->digest.len);
+			tdata->aad.len, tdata->digest.len,
+			tdata->iv.len);
 	if (retval < 0)
 		return retval;
 	ut_params->ibuf = rte_pktmbuf_alloc(ts_params->mbuf_pool);
@@ -4008,7 +4021,8 @@ test_kasumi_cipher_auth(const struct kasumi_test_data *tdata)
 			RTE_CRYPTO_AUTH_KASUMI_F9,
 			RTE_CRYPTO_CIPHER_KASUMI_F8,
 			tdata->key.data, tdata->key.len,
-			tdata->aad.len, tdata->digest.len);
+			tdata->aad.len, tdata->digest.len,
+			tdata->iv.len);
 	if (retval < 0)
 		return retval;
 
@@ -4097,7 +4111,8 @@ test_zuc_encryption(const struct wireless_test_data *tdata)
 	retval = create_wireless_algo_cipher_session(ts_params->valid_devs[0],
 					RTE_CRYPTO_CIPHER_OP_ENCRYPT,
 					RTE_CRYPTO_CIPHER_ZUC_EEA3,
-					tdata->key.data, tdata->key.len);
+					tdata->key.data, tdata->key.len,
+					tdata->iv.len);
 	if (retval < 0)
 		return retval;
 
@@ -4192,7 +4207,8 @@ test_zuc_encryption_sgl(const struct wireless_test_data *tdata)
 	retval = create_wireless_algo_cipher_session(ts_params->valid_devs[0],
 			RTE_CRYPTO_CIPHER_OP_ENCRYPT,
 			RTE_CRYPTO_CIPHER_ZUC_EEA3,
-			tdata->key.data, tdata->key.len);
+			tdata->key.data, tdata->key.len,
+			tdata->iv.len);
 	if (retval < 0)
 		return retval;
 
@@ -4724,6 +4740,7 @@ static int
 create_gcm_session(uint8_t dev_id, enum rte_crypto_cipher_operation op,
 		const uint8_t *key, const uint8_t key_len,
 		const uint8_t aad_len, const uint8_t auth_len,
+		uint8_t iv_len,
 		enum rte_crypto_auth_operation auth_op)
 {
 	uint8_t cipher_key[key_len];
@@ -4741,6 +4758,8 @@ create_gcm_session(uint8_t dev_id, enum rte_crypto_cipher_operation op,
 	ut_params->cipher_xform.cipher.op = op;
 	ut_params->cipher_xform.cipher.key.data = cipher_key;
 	ut_params->cipher_xform.cipher.key.length = key_len;
+	ut_params->cipher_xform.cipher.iv.offset = IV_OFFSET;
+	ut_params->cipher_xform.cipher.iv.length = iv_len;
 
 	TEST_HEXDUMP(stdout, "key:", key, key_len);
 
@@ -4777,6 +4796,7 @@ create_gcm_xforms(struct rte_crypto_op *op,
 		enum rte_crypto_cipher_operation cipher_op,
 		uint8_t *key, const uint8_t key_len,
 		const uint8_t aad_len, const uint8_t auth_len,
+		uint8_t iv_len,
 		enum rte_crypto_auth_operation auth_op)
 {
 	TEST_ASSERT_NOT_NULL(rte_crypto_op_sym_xforms_alloc(op, 2),
@@ -4790,6 +4810,8 @@ create_gcm_xforms(struct rte_crypto_op *op,
 	sym_op->xform->cipher.op = cipher_op;
 	sym_op->xform->cipher.key.data = key;
 	sym_op->xform->cipher.key.length = key_len;
+	sym_op->xform->cipher.iv.offset = IV_OFFSET;
+	sym_op->xform->cipher.iv.length = iv_len;
 
 	TEST_HEXDUMP(stdout, "key:", key, key_len);
 
@@ -4841,12 +4863,10 @@ create_gcm_operation(enum rte_crypto_cipher_operation op,
 	/* Append IV at the end of the crypto operation*/
 	uint8_t *iv_ptr = rte_crypto_op_ctod_offset(ut_params->op,
 			uint8_t *, IV_OFFSET);
-	sym_op->cipher.iv.offset = IV_OFFSET;
-	sym_op->cipher.iv.length = tdata->iv.len;
 
 	rte_memcpy(iv_ptr, tdata->iv.data, tdata->iv.len);
 	TEST_HEXDUMP(stdout, "iv:", iv_ptr,
-		sym_op->cipher.iv.length);
+		tdata->iv.len);
 
 	/* Append plaintext/ciphertext */
 	if (op == RTE_CRYPTO_CIPHER_OP_ENCRYPT) {
@@ -4950,6 +4970,7 @@ test_mb_AES_GCM_authenticated_encryption(const struct gcm_test_data *tdata)
 			RTE_CRYPTO_CIPHER_OP_ENCRYPT,
 			tdata->key.data, tdata->key.len,
 			tdata->aad.len, tdata->auth_tag.len,
+			tdata->iv.len,
 			RTE_CRYPTO_AUTH_OP_GENERATE);
 	if (retval < 0)
 		return retval;
@@ -5127,6 +5148,7 @@ test_mb_AES_GCM_authenticated_decryption(const struct gcm_test_data *tdata)
 			RTE_CRYPTO_CIPHER_OP_DECRYPT,
 			tdata->key.data, tdata->key.len,
 			tdata->aad.len, tdata->auth_tag.len,
+			tdata->iv.len,
 			RTE_CRYPTO_AUTH_OP_VERIFY);
 	if (retval < 0)
 		return retval;
@@ -5293,6 +5315,7 @@ test_AES_GCM_authenticated_encryption_oop(const struct gcm_test_data *tdata)
 			RTE_CRYPTO_CIPHER_OP_ENCRYPT,
 			tdata->key.data, tdata->key.len,
 			tdata->aad.len, tdata->auth_tag.len,
+			tdata->iv.len,
 			RTE_CRYPTO_AUTH_OP_GENERATE);
 	if (retval < 0)
 		return retval;
@@ -5369,6 +5392,7 @@ test_AES_GCM_authenticated_decryption_oop(const struct gcm_test_data *tdata)
 			RTE_CRYPTO_CIPHER_OP_DECRYPT,
 			tdata->key.data, tdata->key.len,
 			tdata->aad.len, tdata->auth_tag.len,
+			tdata->iv.len,
 			RTE_CRYPTO_AUTH_OP_VERIFY);
 	if (retval < 0)
 		return retval;
@@ -5452,6 +5476,7 @@ test_AES_GCM_authenticated_encryption_sessionless(
 			RTE_CRYPTO_CIPHER_OP_ENCRYPT,
 			key, tdata->key.len,
 			tdata->aad.len, tdata->auth_tag.len,
+			tdata->iv.len,
 			RTE_CRYPTO_AUTH_OP_GENERATE);
 	if (retval < 0)
 		return retval;
@@ -5532,6 +5557,7 @@ test_AES_GCM_authenticated_decryption_sessionless(
 			RTE_CRYPTO_CIPHER_OP_DECRYPT,
 			key, tdata->key.len,
 			tdata->aad.len, tdata->auth_tag.len,
+			tdata->iv.len,
 			RTE_CRYPTO_AUTH_OP_VERIFY);
 	if (retval < 0)
 		return retval;
@@ -6416,9 +6442,6 @@ create_gmac_operation(enum rte_crypto_auth_operation op,
 	uint8_t *iv_ptr = rte_crypto_op_ctod_offset(ut_params->op,
 			uint8_t *, IV_OFFSET);
 
-	sym_op->cipher.iv.offset = IV_OFFSET;
-	sym_op->cipher.iv.length = tdata->iv.len;
-
 	rte_memcpy(iv_ptr, tdata->iv.data, tdata->iv.len);
 
 	TEST_HEXDUMP(stdout, "iv:", iv_ptr, tdata->iv.len);
@@ -6450,6 +6473,8 @@ static int create_gmac_session(uint8_t dev_id,
 	ut_params->cipher_xform.cipher.op = op;
 	ut_params->cipher_xform.cipher.key.data = cipher_key;
 	ut_params->cipher_xform.cipher.key.length = tdata->key.len;
+	ut_params->cipher_xform.cipher.iv.offset = IV_OFFSET;
+	ut_params->cipher_xform.cipher.iv.length = tdata->iv.len;
 
 	ut_params->auth_xform.type = RTE_CRYPTO_SYM_XFORM_AUTH;
 	ut_params->auth_xform.next = NULL;
@@ -6848,6 +6873,8 @@ create_auth_cipher_session(struct crypto_unittest_params *ut_params,
 	ut_params->cipher_xform.cipher.op = cipher_op;
 	ut_params->cipher_xform.cipher.key.data = cipher_key;
 	ut_params->cipher_xform.cipher.key.length = reference->cipher_key.len;
+	ut_params->cipher_xform.cipher.iv.offset = IV_OFFSET;
+	ut_params->cipher_xform.cipher.iv.length = reference->iv.len;
 
 	/* Create Crypto session*/
 	ut_params->sess = rte_cryptodev_sym_session_create(dev_id,
@@ -6959,9 +6986,6 @@ create_auth_GMAC_operation(struct crypto_testsuite_params *ts_params,
 			sym_op->auth.digest.data,
 			sym_op->auth.digest.length);
 
-	sym_op->cipher.iv.offset = IV_OFFSET;
-	sym_op->cipher.iv.length = reference->iv.len;
-
 	rte_memcpy(rte_crypto_op_ctod_offset(ut_params->op, uint8_t *, IV_OFFSET),
 			reference->iv.data, reference->iv.len);
 
@@ -7016,9 +7040,6 @@ create_cipher_auth_operation(struct crypto_testsuite_params *ts_params,
 			sym_op->auth.digest.data,
 			sym_op->auth.digest.length);
 
-	sym_op->cipher.iv.offset = IV_OFFSET;
-	sym_op->cipher.iv.length = reference->iv.len;
-
 	rte_memcpy(rte_crypto_op_ctod_offset(ut_params->op, uint8_t *, IV_OFFSET),
 			reference->iv.data, reference->iv.len);
 
@@ -7266,8 +7287,6 @@ create_gcm_operation_SGL(enum rte_crypto_cipher_operation op,
 
 	uint8_t *iv_ptr = rte_crypto_op_ctod_offset(ut_params->op,
 			uint8_t *, IV_OFFSET);
-	sym_op->cipher.iv.offset = IV_OFFSET;
-	sym_op->cipher.iv.length = iv_len;
 
 	rte_memcpy(iv_ptr, tdata->iv.data, iv_len);
 
@@ -7348,6 +7367,7 @@ test_AES_GCM_authenticated_encryption_SGL(const struct gcm_test_data *tdata,
 			RTE_CRYPTO_CIPHER_OP_ENCRYPT,
 			tdata->key.data, tdata->key.len,
 			tdata->aad.len, tdata->auth_tag.len,
+			tdata->iv.len,
 			RTE_CRYPTO_AUTH_OP_GENERATE);
 	if (retval < 0)
 		return retval;
diff --git a/test/test/test_cryptodev_blockcipher.c b/test/test/test_cryptodev_blockcipher.c
index 312405b..9faf088 100644
--- a/test/test/test_cryptodev_blockcipher.c
+++ b/test/test/test_cryptodev_blockcipher.c
@@ -287,11 +287,11 @@ test_blockcipher_one_case(const struct blockcipher_test_case *t,
 				RTE_CRYPTO_CIPHER_OP_DECRYPT;
 		cipher_xform->cipher.key.data = cipher_key;
 		cipher_xform->cipher.key.length = tdata->cipher_key.len;
+		cipher_xform->cipher.iv.offset = IV_OFFSET;
+		cipher_xform->cipher.iv.length = tdata->iv.len;
 
 		sym_op->cipher.data.offset = 0;
 		sym_op->cipher.data.length = tdata->ciphertext.len;
-		sym_op->cipher.iv.offset = IV_OFFSET;
-		sym_op->cipher.iv.length = tdata->iv.len;
 		rte_memcpy(rte_crypto_op_ctod_offset(op, uint8_t *, IV_OFFSET),
 				tdata->iv.data,
 				tdata->iv.len);
diff --git a/test/test/test_cryptodev_perf.c b/test/test/test_cryptodev_perf.c
index 86bdc6e..7238bfa 100644
--- a/test/test/test_cryptodev_perf.c
+++ b/test/test/test_cryptodev_perf.c
@@ -43,6 +43,8 @@
 #include "test_cryptodev.h"
 #include "test_cryptodev_gcm_test_vectors.h"
 
+#define AES_CIPHER_IV_LENGTH 16
+#define TRIPLE_DES_CIPHER_IV_LENGTH 8
 
 #define PERF_NUM_OPS_INFLIGHT		(128)
 #define DEFAULT_NUM_REQS_TO_SUBMIT	(10000000)
@@ -67,9 +69,6 @@ enum chain_mode {
 
 
 struct symmetric_op {
-	const uint8_t *iv_data;
-	uint32_t iv_len;
-
 	const uint8_t *aad_data;
 	uint32_t aad_len;
 
@@ -96,6 +95,8 @@ struct symmetric_session_attrs {
 	const uint8_t *key_auth_data;
 	uint32_t key_auth_len;
 
+	const uint8_t *iv_data;
+	uint16_t iv_len;
 	uint32_t digest_len;
 };
 
@@ -1933,7 +1934,8 @@ test_perf_crypto_qp_vary_burst_size(uint16_t dev_num)
 	ut_params->cipher_xform.cipher.op = RTE_CRYPTO_CIPHER_OP_DECRYPT;
 	ut_params->cipher_xform.cipher.key.data = aes_cbc_128_key;
 	ut_params->cipher_xform.cipher.key.length = CIPHER_IV_LENGTH_AES_CBC;
-
+	ut_params->cipher_xform.cipher.iv.offset = IV_OFFSET;
+	ut_params->cipher_xform.cipher.iv.length = CIPHER_IV_LENGTH_AES_CBC;
 
 	/* Setup HMAC Parameters */
 	ut_params->auth_xform.type = RTE_CRYPTO_SYM_XFORM_AUTH;
@@ -1981,9 +1983,6 @@ test_perf_crypto_qp_vary_burst_size(uint16_t dev_num)
 		op->sym->auth.data.offset = 0;
 		op->sym->auth.data.length = data_params[0].length;
 
-		op->sym->cipher.iv.offset = IV_OFFSET;
-		op->sym->cipher.iv.length = CIPHER_IV_LENGTH_AES_CBC;
-
 		rte_memcpy(rte_crypto_op_ctod_offset(op, uint8_t *, IV_OFFSET),
 				aes_cbc_128_iv, CIPHER_IV_LENGTH_AES_CBC);
 
@@ -2646,6 +2645,8 @@ test_perf_create_aes_sha_session(uint8_t dev_id, enum chain_mode chain,
 
 	cipher_xform.cipher.key.data = aes_key;
 	cipher_xform.cipher.key.length = cipher_key_len;
+	cipher_xform.cipher.iv.offset = IV_OFFSET;
+	cipher_xform.cipher.iv.length = AES_CIPHER_IV_LENGTH;
 	if (chain != CIPHER_ONLY) {
 		/* Setup HMAC Parameters */
 		auth_xform.type = RTE_CRYPTO_SYM_XFORM_AUTH;
@@ -2694,6 +2695,9 @@ test_perf_create_snow3g_session(uint8_t dev_id, enum chain_mode chain,
 
 	cipher_xform.cipher.key.data = snow3g_cipher_key;
 	cipher_xform.cipher.key.length = cipher_key_len;
+	cipher_xform.cipher.iv.offset = IV_OFFSET;
+	cipher_xform.cipher.iv.length = SNOW3G_CIPHER_IV_LENGTH;
+
 
 	/* Setup HMAC Parameters */
 	auth_xform.type = RTE_CRYPTO_SYM_XFORM_AUTH;
@@ -2741,17 +2745,20 @@ test_perf_create_openssl_session(uint8_t dev_id, enum chain_mode chain,
 	/* Setup Cipher Parameters */
 	cipher_xform.type = RTE_CRYPTO_SYM_XFORM_CIPHER;
 	cipher_xform.cipher.algo = cipher_algo;
+	cipher_xform.cipher.iv.offset = IV_OFFSET;
 	cipher_xform.cipher.op = RTE_CRYPTO_CIPHER_OP_ENCRYPT;
 
 	switch (cipher_algo) {
 	case RTE_CRYPTO_CIPHER_3DES_CBC:
 	case RTE_CRYPTO_CIPHER_3DES_CTR:
 		cipher_xform.cipher.key.data = triple_des_key;
+		cipher_xform.cipher.iv.length = TRIPLE_DES_CIPHER_IV_LENGTH;
 		break;
 	case RTE_CRYPTO_CIPHER_AES_CBC:
 	case RTE_CRYPTO_CIPHER_AES_CTR:
 	case RTE_CRYPTO_CIPHER_AES_GCM:
 		cipher_xform.cipher.key.data = aes_key;
+		cipher_xform.cipher.iv.length = AES_CIPHER_IV_LENGTH;
 		break;
 	default:
 		return NULL;
@@ -2816,6 +2823,8 @@ test_perf_create_armv8_session(uint8_t dev_id, enum chain_mode chain,
 	}
 
 	cipher_xform.cipher.key.length = cipher_key_len;
+	cipher_xform.cipher.iv.offset = IV_OFFSET;
+	cipher_xform.cipher.iv.length = AES_CIPHER_IV_LENGTH;
 
 	/* Setup Auth Parameters */
 	auth_xform.type = RTE_CRYPTO_SYM_XFORM_AUTH;
@@ -2844,9 +2853,7 @@ test_perf_create_armv8_session(uint8_t dev_id, enum chain_mode chain,
 	}
 }
 
-#define AES_CIPHER_IV_LENGTH 16
 #define AES_GCM_AAD_LENGTH 16
-#define TRIPLE_DES_CIPHER_IV_LENGTH 8
 
 static struct rte_mbuf *
 test_perf_create_pktmbuf(struct rte_mempool *mpool, unsigned buf_sz)
@@ -2893,12 +2900,11 @@ test_perf_set_crypto_op_aes(struct rte_crypto_op *op, struct rte_mbuf *m,
 	}
 
 
-	/* Cipher Parameters */
-	op->sym->cipher.iv.offset = IV_OFFSET;
-	op->sym->cipher.iv.length = AES_CIPHER_IV_LENGTH;
+	/* Copy the IV at the end of the crypto operation */
 	rte_memcpy(rte_crypto_op_ctod_offset(op, uint8_t *, IV_OFFSET),
 			aes_iv, AES_CIPHER_IV_LENGTH);
 
+	/* Cipher Parameters */
 	op->sym->cipher.data.offset = 0;
 	op->sym->cipher.data.length = data_len;
 
@@ -2926,9 +2932,7 @@ test_perf_set_crypto_op_aes_gcm(struct rte_crypto_op *op, struct rte_mbuf *m,
 	op->sym->auth.aad.data = aes_gcm_aad;
 	op->sym->auth.aad.length = AES_GCM_AAD_LENGTH;
 
-	/* Cipher Parameters */
-	op->sym->cipher.iv.offset = IV_OFFSET;
-	op->sym->cipher.iv.length = AES_CIPHER_IV_LENGTH;
+	/* Copy IV at the end of the crypto operation */
 	rte_memcpy(rte_crypto_op_ctod_offset(op, uint8_t *, IV_OFFSET),
 			aes_iv, AES_CIPHER_IV_LENGTH);
 
@@ -2970,10 +2974,6 @@ test_perf_set_crypto_op_snow3g(struct rte_crypto_op *op, struct rte_mbuf *m,
 			IV_OFFSET);
 	op->sym->auth.aad.length = SNOW3G_CIPHER_IV_LENGTH;
 
-	/* Cipher Parameters */
-	op->sym->cipher.iv.offset = IV_OFFSET;
-	op->sym->cipher.iv.length = SNOW3G_CIPHER_IV_LENGTH;
-
 	/* Data lengths/offsets Parameters */
 	op->sym->auth.data.offset = 0;
 	op->sym->auth.data.length = data_len << 3;
@@ -2997,9 +2997,7 @@ test_perf_set_crypto_op_snow3g_cipher(struct rte_crypto_op *op,
 		return NULL;
 	}
 
-	/* Cipher Parameters */
-	op->sym->cipher.iv.offset = IV_OFFSET;
-	op->sym->cipher.iv.length = SNOW3G_CIPHER_IV_LENGTH;
+	/* Copy IV at the end of the crypto operation */
 	rte_memcpy(rte_crypto_op_ctod_offset(op, uint8_t *, IV_OFFSET),
 			snow3g_iv, SNOW3G_CIPHER_IV_LENGTH);
 
@@ -3068,9 +3066,7 @@ test_perf_set_crypto_op_3des(struct rte_crypto_op *op, struct rte_mbuf *m,
 				rte_pktmbuf_mtophys_offset(m, data_len);
 	op->sym->auth.digest.length = digest_len;
 
-	/* Cipher Parameters */
-	op->sym->cipher.iv.offset = IV_OFFSET;
-	op->sym->cipher.iv.length = TRIPLE_DES_CIPHER_IV_LENGTH;
+	/* Copy IV at the end of the crypto operation */
 	rte_memcpy(rte_crypto_op_ctod_offset(op, uint8_t *, IV_OFFSET),
 			triple_des_iv, TRIPLE_DES_CIPHER_IV_LENGTH);
 
@@ -4136,6 +4132,8 @@ test_perf_create_session(uint8_t dev_id, struct perf_test_params *pparams)
 	cipher_xform.cipher.op = pparams->session_attrs->cipher;
 	cipher_xform.cipher.key.data = cipher_key;
 	cipher_xform.cipher.key.length = pparams->session_attrs->key_cipher_len;
+	cipher_xform.cipher.iv.length = pparams->session_attrs->iv_len;
+	cipher_xform.cipher.iv.offset = IV_OFFSET;
 
 	auth_xform.type = RTE_CRYPTO_SYM_XFORM_AUTH;
 	auth_xform.next = NULL;
@@ -4190,14 +4188,11 @@ perf_gcm_set_crypto_op(struct rte_crypto_op *op, struct rte_mbuf *m,
 	rte_memcpy(op->sym->auth.aad.data, params->symmetric_op->aad_data,
 		       params->symmetric_op->aad_len);
 
-	op->sym->cipher.iv.offset = IV_OFFSET;
-	rte_memcpy(iv_ptr, params->symmetric_op->iv_data,
-		       params->symmetric_op->iv_len);
-	if (params->symmetric_op->iv_len == 12)
+	rte_memcpy(iv_ptr, params->session_attrs->iv_data,
+		       params->session_attrs->iv_len);
+	if (params->session_attrs->iv_len == 12)
 		iv_ptr[15] = 1;
 
-	op->sym->cipher.iv.length = params->symmetric_op->iv_len;
-
 	op->sym->auth.data.offset =
 			params->symmetric_op->aad_len;
 	op->sym->auth.data.length = params->symmetric_op->p_len;
@@ -4434,11 +4429,11 @@ test_perf_AES_GCM(int continual_buf_len, int continual_size)
 		session_attrs[i].key_auth_len = 0;
 		session_attrs[i].digest_len =
 				gcm_test->auth_tag.len;
+		session_attrs[i].iv_len = gcm_test->iv.len;
+		session_attrs[i].iv_data = gcm_test->iv.data;
 
 		ops_set[i].aad_data = gcm_test->aad.data;
 		ops_set[i].aad_len = gcm_test->aad.len;
-		ops_set[i].iv_data = gcm_test->iv.data;
-		ops_set[i].iv_len = gcm_test->iv.len;
 		ops_set[i].p_data = gcm_test->plaintext.data;
 		ops_set[i].p_len = buf_lengths[i];
 		ops_set[i].c_data = gcm_test->ciphertext.data;
-- 
2.9.4

^ permalink raw reply	[flat|nested] 100+ messages in thread

* [dpdk-dev] [PATCH v4 14/26] cryptodev: add auth IV
  2017-07-02  5:41     ` [dpdk-dev] [PATCH v4 " Pablo de Lara
                         ` (12 preceding siblings ...)
  2017-07-02  5:41       ` [dpdk-dev] [PATCH v4 13/26] cryptodev: move IV parameters to crypto session Pablo de Lara
@ 2017-07-02  5:41       ` Pablo de Lara
  2017-07-02  5:41       ` [dpdk-dev] [PATCH v4 15/26] cryptodev: do not use AAD in wireless algorithms Pablo de Lara
                         ` (12 subsequent siblings)
  26 siblings, 0 replies; 100+ messages in thread
From: Pablo de Lara @ 2017-07-02  5:41 UTC (permalink / raw)
  To: declan.doherty, zbigniew.bodek, jerin.jacob, akhil.goyal,
	hemant.agrawal, fiona.trahe, john.griffin, deepak.k.jain
  Cc: dev, Pablo de Lara

Authentication algorithms, such as AES-GMAC or the wireless
algorithms (like SNOW3G) use IV, like cipher algorithms.
So far, AES-GMAC has used the IV from the cipher structure,
and the wireless algorithms have used the AAD field,
which is not technically correct.

Therefore, authentication IV parameters have been added,
so API is more correct. Like cipher IV, auth IV is expected
to be copied after the crypto operation.

Signed-off-by: Pablo de Lara <pablo.de.lara.guarch@intel.com>
Acked-by: Akhil Goyal <akhil.goyal@nxp.com>
Acked-by: Fiona Trahe <fiona.trahe@intel.com>
---
 app/test-crypto-perf/cperf_ops.c                 |  61 +++++++++--
 app/test-crypto-perf/cperf_options.h             |   2 +
 app/test-crypto-perf/cperf_options_parsing.c     |   9 ++
 app/test-crypto-perf/cperf_test_latency.c        |   4 +-
 app/test-crypto-perf/cperf_test_throughput.c     |   3 +-
 app/test-crypto-perf/cperf_test_vector_parsing.c |  54 +++++++---
 app/test-crypto-perf/cperf_test_vectors.c        |  37 +++++--
 app/test-crypto-perf/cperf_test_vectors.h        |   8 +-
 app/test-crypto-perf/cperf_test_verify.c         |   3 +-
 app/test-crypto-perf/data/aes_cbc_128_sha.data   |   2 +-
 app/test-crypto-perf/data/aes_cbc_192_sha.data   |   2 +-
 app/test-crypto-perf/data/aes_cbc_256_sha.data   |   2 +-
 app/test-crypto-perf/main.c                      |  25 ++++-
 doc/guides/prog_guide/cryptodev_lib.rst          |   3 +-
 doc/guides/rel_notes/release_17_08.rst           |   2 +
 doc/guides/sample_app_ug/l2_forward_crypto.rst   |  17 ++-
 doc/guides/tools/cryptoperf.rst                  |  14 ++-
 drivers/crypto/aesni_gcm/aesni_gcm_pmd_ops.c     |   6 +-
 drivers/crypto/aesni_mb/rte_aesni_mb_pmd_ops.c   |  21 ++--
 drivers/crypto/armv8/rte_armv8_pmd_ops.c         |   6 +-
 drivers/crypto/dpaa2_sec/dpaa2_sec_priv.h        |  18 ++--
 drivers/crypto/kasumi/rte_kasumi_pmd_ops.c       |   3 +-
 drivers/crypto/null/null_crypto_pmd_ops.c        |   3 +-
 drivers/crypto/openssl/rte_openssl_pmd_ops.c     |  78 ++++++++------
 drivers/crypto/qat/qat_crypto_capabilities.h     |  41 ++++---
 drivers/crypto/snow3g/rte_snow3g_pmd_ops.c       |   3 +-
 drivers/crypto/zuc/rte_zuc_pmd_ops.c             |   3 +-
 examples/l2fwd-crypto/main.c                     | 132 +++++++++++++++++------
 lib/librte_cryptodev/rte_crypto_sym.h            |  24 +++++
 lib/librte_cryptodev/rte_cryptodev.c             |   6 +-
 lib/librte_cryptodev/rte_cryptodev.h             |   6 +-
 31 files changed, 439 insertions(+), 159 deletions(-)

diff --git a/app/test-crypto-perf/cperf_ops.c b/app/test-crypto-perf/cperf_ops.c
index f215445..60d55a0 100644
--- a/app/test-crypto-perf/cperf_ops.c
+++ b/app/test-crypto-perf/cperf_ops.c
@@ -121,9 +121,11 @@ cperf_set_ops_cipher(struct rte_crypto_op **ops,
 			uint8_t *iv_ptr = rte_crypto_op_ctod_offset(ops[i],
 					uint8_t *, iv_offset);
 
-			memcpy(iv_ptr, test_vector->iv.data,
-					test_vector->iv.length);
-	}	}
+			memcpy(iv_ptr, test_vector->cipher_iv.data,
+					test_vector->cipher_iv.length);
+
+		}
+	}
 
 	return 0;
 }
@@ -134,7 +136,7 @@ cperf_set_ops_auth(struct rte_crypto_op **ops,
 		uint16_t nb_ops, struct rte_cryptodev_sym_session *sess,
 		const struct cperf_options *options,
 		const struct cperf_test_vector *test_vector,
-		uint16_t iv_offset __rte_unused)
+		uint16_t iv_offset)
 {
 	uint16_t i;
 
@@ -146,6 +148,14 @@ cperf_set_ops_auth(struct rte_crypto_op **ops,
 		sym_op->m_src = bufs_in[i];
 		sym_op->m_dst = bufs_out[i];
 
+		if (test_vector->auth_iv.length) {
+			uint8_t *iv_ptr = rte_crypto_op_ctod_offset(ops[i],
+								uint8_t *,
+								iv_offset);
+			memcpy(iv_ptr, test_vector->auth_iv.data,
+					test_vector->auth_iv.length);
+		}
+
 		/* authentication parameters */
 		if (options->auth_op == RTE_CRYPTO_AUTH_OP_VERIFY) {
 			sym_op->auth.digest.data = test_vector->digest.data;
@@ -190,6 +200,17 @@ cperf_set_ops_auth(struct rte_crypto_op **ops,
 		sym_op->auth.data.offset = 0;
 	}
 
+	if (options->test == CPERF_TEST_TYPE_VERIFY) {
+		if (test_vector->auth_iv.length) {
+			for (i = 0; i < nb_ops; i++) {
+				uint8_t *iv_ptr = rte_crypto_op_ctod_offset(ops[i],
+						uint8_t *, iv_offset);
+
+				memcpy(iv_ptr, test_vector->auth_iv.data,
+						test_vector->auth_iv.length);
+			}
+		}
+	}
 	return 0;
 }
 
@@ -269,9 +290,19 @@ cperf_set_ops_cipher_auth(struct rte_crypto_op **ops,
 			uint8_t *iv_ptr = rte_crypto_op_ctod_offset(ops[i],
 					uint8_t *, iv_offset);
 
-			memcpy(iv_ptr, test_vector->iv.data,
-					test_vector->iv.length);
+			memcpy(iv_ptr, test_vector->cipher_iv.data,
+					test_vector->cipher_iv.length);
+			if (test_vector->auth_iv.length) {
+				/*
+				 * Copy IV after the crypto operation and
+				 * the cipher IV
+				 */
+				iv_ptr += test_vector->cipher_iv.length;
+				memcpy(iv_ptr, test_vector->auth_iv.data,
+						test_vector->auth_iv.length);
+			}
 		}
+
 	}
 
 	return 0;
@@ -345,8 +376,8 @@ cperf_set_ops_aead(struct rte_crypto_op **ops,
 			uint8_t *iv_ptr = rte_crypto_op_ctod_offset(ops[i],
 					uint8_t *, iv_offset);
 
-			memcpy(iv_ptr, test_vector->iv.data,
-					test_vector->iv.length);
+			memcpy(iv_ptr, test_vector->cipher_iv.data,
+					test_vector->cipher_iv.length);
 		}
 	}
 
@@ -379,8 +410,8 @@ cperf_create_session(uint8_t dev_id,
 					test_vector->cipher_key.data;
 			cipher_xform.cipher.key.length =
 					test_vector->cipher_key.length;
-			cipher_xform.cipher.iv.length = test_vector->iv.length;
-
+			cipher_xform.cipher.iv.length =
+					test_vector->cipher_iv.length;
 		} else {
 			cipher_xform.cipher.key.data = NULL;
 			cipher_xform.cipher.key.length = 0;
@@ -406,11 +437,14 @@ cperf_create_session(uint8_t dev_id,
 			auth_xform.auth.key.length =
 					test_vector->auth_key.length;
 			auth_xform.auth.key.data = test_vector->auth_key.data;
+			auth_xform.auth.iv.length =
+					test_vector->auth_iv.length;
 		} else {
 			auth_xform.auth.digest_length = 0;
 			auth_xform.auth.add_auth_data_length = 0;
 			auth_xform.auth.key.length = 0;
 			auth_xform.auth.key.data = NULL;
+			auth_xform.auth.iv.length = 0;
 		}
 		/* create crypto session */
 		sess =  rte_cryptodev_sym_session_create(dev_id, &auth_xform);
@@ -436,7 +470,8 @@ cperf_create_session(uint8_t dev_id,
 					test_vector->cipher_key.data;
 			cipher_xform.cipher.key.length =
 					test_vector->cipher_key.length;
-			cipher_xform.cipher.iv.length = test_vector->iv.length;
+			cipher_xform.cipher.iv.length =
+					test_vector->cipher_iv.length;
 		} else {
 			cipher_xform.cipher.key.data = NULL;
 			cipher_xform.cipher.key.length = 0;
@@ -461,17 +496,21 @@ cperf_create_session(uint8_t dev_id,
 				options->auth_algo == RTE_CRYPTO_AUTH_AES_GCM) {
 				auth_xform.auth.key.length = 0;
 				auth_xform.auth.key.data = NULL;
+				auth_xform.auth.iv.length = 0;
 			} else { /* auth options for others */
 				auth_xform.auth.key.length =
 					test_vector->auth_key.length;
 				auth_xform.auth.key.data =
 						test_vector->auth_key.data;
+				auth_xform.auth.iv.length =
+						test_vector->auth_iv.length;
 			}
 		} else {
 			auth_xform.auth.digest_length = 0;
 			auth_xform.auth.add_auth_data_length = 0;
 			auth_xform.auth.key.length = 0;
 			auth_xform.auth.key.data = NULL;
+			auth_xform.auth.iv.length = 0;
 		}
 
 		/* create crypto session for aes gcm */
diff --git a/app/test-crypto-perf/cperf_options.h b/app/test-crypto-perf/cperf_options.h
index b928c58..0e53c03 100644
--- a/app/test-crypto-perf/cperf_options.h
+++ b/app/test-crypto-perf/cperf_options.h
@@ -28,6 +28,7 @@
 #define CPERF_AUTH_ALGO		("auth-algo")
 #define CPERF_AUTH_OP		("auth-op")
 #define CPERF_AUTH_KEY_SZ	("auth-key-sz")
+#define CPERF_AUTH_IV_SZ	("auth-iv-sz")
 #define CPERF_AUTH_DIGEST_SZ	("auth-digest-sz")
 #define CPERF_AUTH_AAD_SZ	("auth-aad-sz")
 #define CPERF_CSV		("csv-friendly")
@@ -76,6 +77,7 @@ struct cperf_options {
 	enum rte_crypto_auth_operation auth_op;
 
 	uint16_t auth_key_sz;
+	uint16_t auth_iv_sz;
 	uint16_t auth_digest_sz;
 	uint16_t auth_aad_sz;
 
diff --git a/app/test-crypto-perf/cperf_options_parsing.c b/app/test-crypto-perf/cperf_options_parsing.c
index 63ba37c..70b6a60 100644
--- a/app/test-crypto-perf/cperf_options_parsing.c
+++ b/app/test-crypto-perf/cperf_options_parsing.c
@@ -549,6 +549,12 @@ parse_auth_digest_sz(struct cperf_options *opts, const char *arg)
 }
 
 static int
+parse_auth_iv_sz(struct cperf_options *opts, const char *arg)
+{
+	return parse_uint16_t(&opts->auth_iv_sz, arg);
+}
+
+static int
 parse_auth_aad_sz(struct cperf_options *opts, const char *arg)
 {
 	return parse_uint16_t(&opts->auth_aad_sz, arg);
@@ -651,6 +657,7 @@ cperf_options_default(struct cperf_options *opts)
 
 	opts->auth_key_sz = 64;
 	opts->auth_digest_sz = 12;
+	opts->auth_iv_sz = 0;
 	opts->auth_aad_sz = 0;
 }
 
@@ -678,6 +685,7 @@ cperf_opts_parse_long(int opt_idx, struct cperf_options *opts)
 		{ CPERF_AUTH_ALGO,	parse_auth_algo },
 		{ CPERF_AUTH_OP,	parse_auth_op },
 		{ CPERF_AUTH_KEY_SZ,	parse_auth_key_sz },
+		{ CPERF_AUTH_IV_SZ,	parse_auth_iv_sz },
 		{ CPERF_AUTH_DIGEST_SZ,	parse_auth_digest_sz },
 		{ CPERF_AUTH_AAD_SZ,	parse_auth_aad_sz },
 		{ CPERF_CSV,	parse_csv_friendly},
@@ -914,6 +922,7 @@ cperf_options_dump(struct cperf_options *opts)
 		printf("# auth operation: %s\n",
 			rte_crypto_auth_operation_strings[opts->auth_op]);
 		printf("# auth key size: %u\n", opts->auth_key_sz);
+		printf("# auth iv size: %u\n", opts->auth_iv_sz);
 		printf("# auth digest size: %u\n", opts->auth_digest_sz);
 		printf("# auth aad size: %u\n", opts->auth_aad_sz);
 		printf("#\n");
diff --git a/app/test-crypto-perf/cperf_test_latency.c b/app/test-crypto-perf/cperf_test_latency.c
index bc22a89..9ac932a 100644
--- a/app/test-crypto-perf/cperf_test_latency.c
+++ b/app/test-crypto-perf/cperf_test_latency.c
@@ -285,7 +285,9 @@ cperf_latency_test_constructor(uint8_t dev_id, uint16_t qp_id,
 	snprintf(pool_name, sizeof(pool_name), "cperf_op_pool_cdev_%d",
 			dev_id);
 
-	uint16_t priv_size = sizeof(struct priv_op_data) + test_vector->iv.length;
+	uint16_t priv_size = sizeof(struct priv_op_data) +
+			test_vector->cipher_iv.length +
+			test_vector->auth_iv.length;
 	ctx->crypto_op_pool = rte_crypto_op_pool_create(pool_name,
 			RTE_CRYPTO_OP_TYPE_SYMMETRIC, options->pool_sz,
 			512, priv_size, rte_socket_id());
diff --git a/app/test-crypto-perf/cperf_test_throughput.c b/app/test-crypto-perf/cperf_test_throughput.c
index d043f60..f279bb1 100644
--- a/app/test-crypto-perf/cperf_test_throughput.c
+++ b/app/test-crypto-perf/cperf_test_throughput.c
@@ -266,7 +266,8 @@ cperf_throughput_test_constructor(uint8_t dev_id, uint16_t qp_id,
 	snprintf(pool_name, sizeof(pool_name), "cperf_op_pool_cdev_%d",
 			dev_id);
 
-	uint16_t priv_size = test_vector->iv.length;
+	uint16_t priv_size = test_vector->cipher_iv.length +
+		test_vector->auth_iv.length;
 
 	ctx->crypto_op_pool = rte_crypto_op_pool_create(pool_name,
 			RTE_CRYPTO_OP_TYPE_SYMMETRIC, options->pool_sz,
diff --git a/app/test-crypto-perf/cperf_test_vector_parsing.c b/app/test-crypto-perf/cperf_test_vector_parsing.c
index 62d0c91..277ff1e 100644
--- a/app/test-crypto-perf/cperf_test_vector_parsing.c
+++ b/app/test-crypto-perf/cperf_test_vector_parsing.c
@@ -15,7 +15,8 @@ free_test_vector(struct cperf_test_vector *vector, struct cperf_options *opts)
 	if (vector == NULL || opts == NULL)
 		return -1;
 
-	rte_free(vector->iv.data);
+	rte_free(vector->cipher_iv.data);
+	rte_free(vector->auth_iv.data);
 	rte_free(vector->aad.data);
 	rte_free(vector->digest.data);
 
@@ -84,15 +85,28 @@ show_test_vector(struct cperf_test_vector *test_vector)
 		printf("\n");
 	}
 
-	if (test_vector->iv.data) {
-		printf("\niv =\n");
-		for (i = 0; i < test_vector->iv.length; ++i) {
+	if (test_vector->cipher_iv.data) {
+		printf("\ncipher_iv =\n");
+		for (i = 0; i < test_vector->cipher_iv.length; ++i) {
 			if ((i % wrap == 0) && (i != 0))
 				printf("\n");
-			if (i == (uint32_t)(test_vector->iv.length - 1))
-				printf("0x%02x", test_vector->iv.data[i]);
+			if (i == (uint32_t)(test_vector->cipher_iv.length - 1))
+				printf("0x%02x", test_vector->cipher_iv.data[i]);
 			else
-				printf("0x%02x, ", test_vector->iv.data[i]);
+				printf("0x%02x, ", test_vector->cipher_iv.data[i]);
+		}
+		printf("\n");
+	}
+
+	if (test_vector->auth_iv.data) {
+		printf("\nauth_iv =\n");
+		for (i = 0; i < test_vector->auth_iv.length; ++i) {
+			if ((i % wrap == 0) && (i != 0))
+				printf("\n");
+			if (i == (uint32_t)(test_vector->auth_iv.length - 1))
+				printf("0x%02x", test_vector->auth_iv.data[i]);
+			else
+				printf("0x%02x, ", test_vector->auth_iv.data[i]);
 		}
 		printf("\n");
 	}
@@ -300,18 +314,32 @@ parse_entry(char *entry, struct cperf_test_vector *vector,
 			vector->auth_key.length = opts->auth_key_sz;
 		}
 
-	} else if (strstr(key_token, "iv")) {
-		rte_free(vector->iv.data);
-		vector->iv.data = data;
+	} else if (strstr(key_token, "cipher_iv")) {
+		rte_free(vector->cipher_iv.data);
+		vector->cipher_iv.data = data;
 		if (tc_found)
-			vector->iv.length = data_length;
+			vector->cipher_iv.length = data_length;
 		else {
 			if (opts->cipher_iv_sz > data_length) {
-				printf("Global iv shorter than "
+				printf("Global cipher iv shorter than "
 					"cipher_iv_sz\n");
 				return -1;
 			}
-			vector->iv.length = opts->cipher_iv_sz;
+			vector->cipher_iv.length = opts->cipher_iv_sz;
+		}
+
+	} else if (strstr(key_token, "auth_iv")) {
+		rte_free(vector->auth_iv.data);
+		vector->auth_iv.data = data;
+		if (tc_found)
+			vector->auth_iv.length = data_length;
+		else {
+			if (opts->auth_iv_sz > data_length) {
+				printf("Global auth iv shorter than "
+					"auth_iv_sz\n");
+				return -1;
+			}
+			vector->auth_iv.length = opts->auth_iv_sz;
 		}
 
 	} else if (strstr(key_token, "ciphertext")) {
diff --git a/app/test-crypto-perf/cperf_test_vectors.c b/app/test-crypto-perf/cperf_test_vectors.c
index 4a14fb3..6829b86 100644
--- a/app/test-crypto-perf/cperf_test_vectors.c
+++ b/app/test-crypto-perf/cperf_test_vectors.c
@@ -409,32 +409,34 @@ cperf_test_vector_get_dummy(struct cperf_options *options)
 			t_vec->cipher_key.length = 0;
 			t_vec->ciphertext.data = plaintext;
 			t_vec->cipher_key.data = NULL;
-			t_vec->iv.data = NULL;
+			t_vec->cipher_iv.data = NULL;
 		} else {
 			t_vec->cipher_key.length = options->cipher_key_sz;
 			t_vec->ciphertext.data = ciphertext;
 			t_vec->cipher_key.data = cipher_key;
-			t_vec->iv.data = rte_malloc(NULL, options->cipher_iv_sz,
+			t_vec->cipher_iv.data = rte_malloc(NULL, options->cipher_iv_sz,
 					16);
-			if (t_vec->iv.data == NULL) {
+			if (t_vec->cipher_iv.data == NULL) {
 				rte_free(t_vec);
 				return NULL;
 			}
-			memcpy(t_vec->iv.data, iv, options->cipher_iv_sz);
+			memcpy(t_vec->cipher_iv.data, iv, options->cipher_iv_sz);
 		}
 		t_vec->ciphertext.length = options->max_buffer_size;
+
 		/* Set IV parameters */
-		t_vec->iv.data = rte_malloc(NULL, options->cipher_iv_sz,
-					16);
-		if (options->cipher_iv_sz && t_vec->iv.data == NULL) {
+		t_vec->cipher_iv.data = rte_malloc(NULL, options->cipher_iv_sz,
+				16);
+		if (options->cipher_iv_sz && t_vec->cipher_iv.data == NULL) {
 			rte_free(t_vec);
 			return NULL;
 		}
-		memcpy(t_vec->iv.data, iv, options->cipher_iv_sz);
-		t_vec->iv.length = options->cipher_iv_sz;
+		memcpy(t_vec->cipher_iv.data, iv, options->cipher_iv_sz);
+		t_vec->cipher_iv.length = options->cipher_iv_sz;
 
 		t_vec->data.cipher_offset = 0;
 		t_vec->data.cipher_length = options->max_buffer_size;
+
 	}
 
 	if (options->op_type ==	CPERF_AUTH_ONLY ||
@@ -476,7 +478,7 @@ cperf_test_vector_get_dummy(struct cperf_options *options)
 					options->auth_aad_sz, 16);
 			if (t_vec->aad.data == NULL) {
 				if (options->op_type !=	CPERF_AUTH_ONLY)
-					rte_free(t_vec->iv.data);
+					rte_free(t_vec->cipher_iv.data);
 				rte_free(t_vec);
 				return NULL;
 			}
@@ -485,13 +487,26 @@ cperf_test_vector_get_dummy(struct cperf_options *options)
 			t_vec->aad.data = NULL;
 		}
 
+		/* Set IV parameters */
+		t_vec->auth_iv.data = rte_malloc(NULL, options->auth_iv_sz,
+				16);
+		if (options->auth_iv_sz && t_vec->auth_iv.data == NULL) {
+			if (options->op_type != CPERF_AUTH_ONLY)
+				rte_free(t_vec->cipher_iv.data);
+			rte_free(t_vec);
+			return NULL;
+		}
+		memcpy(t_vec->auth_iv.data, iv, options->auth_iv_sz);
+		t_vec->auth_iv.length = options->auth_iv_sz;
+
 		t_vec->aad.phys_addr = rte_malloc_virt2phy(t_vec->aad.data);
 		t_vec->aad.length = options->auth_aad_sz;
 		t_vec->digest.data = rte_malloc(NULL, options->auth_digest_sz,
 				16);
 		if (t_vec->digest.data == NULL) {
 			if (options->op_type !=	CPERF_AUTH_ONLY)
-				rte_free(t_vec->iv.data);
+				rte_free(t_vec->cipher_iv.data);
+			rte_free(t_vec->auth_iv.data);
 			rte_free(t_vec->aad.data);
 			rte_free(t_vec);
 			return NULL;
diff --git a/app/test-crypto-perf/cperf_test_vectors.h b/app/test-crypto-perf/cperf_test_vectors.h
index e64f116..7f9c4fa 100644
--- a/app/test-crypto-perf/cperf_test_vectors.h
+++ b/app/test-crypto-perf/cperf_test_vectors.h
@@ -53,9 +53,13 @@ struct cperf_test_vector {
 
 	struct {
 		uint8_t *data;
-		phys_addr_t phys_addr;
 		uint16_t length;
-	} iv;
+	} cipher_iv;
+
+	struct {
+		uint8_t *data;
+		uint16_t length;
+	} auth_iv;
 
 	struct {
 		uint8_t *data;
diff --git a/app/test-crypto-perf/cperf_test_verify.c b/app/test-crypto-perf/cperf_test_verify.c
index e6f20c6..9b83d7a 100644
--- a/app/test-crypto-perf/cperf_test_verify.c
+++ b/app/test-crypto-perf/cperf_test_verify.c
@@ -270,7 +270,8 @@ cperf_verify_test_constructor(uint8_t dev_id, uint16_t qp_id,
 	snprintf(pool_name, sizeof(pool_name), "cperf_op_pool_cdev_%d",
 			dev_id);
 
-	uint16_t priv_size = test_vector->iv.length;
+	uint16_t priv_size = test_vector->cipher_iv.length +
+		test_vector->auth_iv.length;
 	ctx->crypto_op_pool = rte_crypto_op_pool_create(pool_name,
 			RTE_CRYPTO_OP_TYPE_SYMMETRIC, options->pool_sz,
 			512, priv_size, rte_socket_id());
diff --git a/app/test-crypto-perf/data/aes_cbc_128_sha.data b/app/test-crypto-perf/data/aes_cbc_128_sha.data
index 0b054f5..ff55590 100644
--- a/app/test-crypto-perf/data/aes_cbc_128_sha.data
+++ b/app/test-crypto-perf/data/aes_cbc_128_sha.data
@@ -282,7 +282,7 @@ auth_key =
 0xe8, 0x38, 0x36, 0x58, 0x39, 0xd9, 0x9a, 0xc5, 0xe7, 0x3b, 0xc4, 0x47, 0xe2, 0xbd, 0x80, 0x73,
 0xf8, 0xd1, 0x9a, 0x5e, 0x4b, 0xfb, 0x52, 0x6b, 0x50, 0xaf, 0x8b, 0xb7, 0xb5, 0x2c, 0x52, 0x84
 
-iv =
+cipher_iv =
 0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07, 0x08, 0x09, 0x0A, 0x0B, 0x0C, 0x0D, 0x0E, 0x0F
 
 ####################
diff --git a/app/test-crypto-perf/data/aes_cbc_192_sha.data b/app/test-crypto-perf/data/aes_cbc_192_sha.data
index 7bfe3da..3f85a00 100644
--- a/app/test-crypto-perf/data/aes_cbc_192_sha.data
+++ b/app/test-crypto-perf/data/aes_cbc_192_sha.data
@@ -283,7 +283,7 @@ auth_key =
 0xe8, 0x38, 0x36, 0x58, 0x39, 0xd9, 0x9a, 0xc5, 0xe7, 0x3b, 0xc4, 0x47, 0xe2, 0xbd, 0x80, 0x73,
 0xf8, 0xd1, 0x9a, 0x5e, 0x4b, 0xfb, 0x52, 0x6b, 0x50, 0xaf, 0x8b, 0xb7, 0xb5, 0x2c, 0x52, 0x84
 
-iv =
+cipher_iv =
 0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07, 0x08, 0x09, 0x0A, 0x0B, 0x0C, 0x0D, 0x0E, 0x0F
 
 ####################
diff --git a/app/test-crypto-perf/data/aes_cbc_256_sha.data b/app/test-crypto-perf/data/aes_cbc_256_sha.data
index 52dafb9..8da8161 100644
--- a/app/test-crypto-perf/data/aes_cbc_256_sha.data
+++ b/app/test-crypto-perf/data/aes_cbc_256_sha.data
@@ -283,7 +283,7 @@ auth_key =
 0xe8, 0x38, 0x36, 0x58, 0x39, 0xd9, 0x9a, 0xc5, 0xe7, 0x3b, 0xc4, 0x47, 0xe2, 0xbd, 0x80, 0x73,
 0xf8, 0xd1, 0x9a, 0x5e, 0x4b, 0xfb, 0x52, 0x6b, 0x50, 0xaf, 0x8b, 0xb7, 0xb5, 0x2c, 0x52, 0x84
 
-iv =
+cipher_iv =
 0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07, 0x08, 0x09, 0x0A, 0x0B, 0x0C, 0x0D, 0x0E, 0x0F
 
 ####################
diff --git a/app/test-crypto-perf/main.c b/app/test-crypto-perf/main.c
index 9ec2a4b..cf4fa4f 100644
--- a/app/test-crypto-perf/main.c
+++ b/app/test-crypto-perf/main.c
@@ -138,7 +138,8 @@ cperf_verify_devices_capabilities(struct cperf_options *opts,
 					capability,
 					opts->auth_key_sz,
 					opts->auth_digest_sz,
-					opts->auth_aad_sz);
+					opts->auth_aad_sz,
+					opts->auth_iv_sz);
 			if (ret != 0)
 				return ret;
 		}
@@ -185,9 +186,9 @@ cperf_check_test_vector(struct cperf_options *opts,
 				return -1;
 			if (test_vec->ciphertext.length < opts->max_buffer_size)
 				return -1;
-			if (test_vec->iv.data == NULL)
+			if (test_vec->cipher_iv.data == NULL)
 				return -1;
-			if (test_vec->iv.length != opts->cipher_iv_sz)
+			if (test_vec->cipher_iv.length != opts->cipher_iv_sz)
 				return -1;
 			if (test_vec->cipher_key.data == NULL)
 				return -1;
@@ -204,6 +205,11 @@ cperf_check_test_vector(struct cperf_options *opts,
 				return -1;
 			if (test_vec->auth_key.length != opts->auth_key_sz)
 				return -1;
+			if (test_vec->auth_iv.length != opts->auth_iv_sz)
+				return -1;
+			/* Auth IV is only required for some algorithms */
+			if (opts->auth_iv_sz && test_vec->auth_iv.data == NULL)
+				return -1;
 			if (test_vec->digest.data == NULL)
 				return -1;
 			if (test_vec->digest.length < opts->auth_digest_sz)
@@ -226,9 +232,9 @@ cperf_check_test_vector(struct cperf_options *opts,
 				return -1;
 			if (test_vec->ciphertext.length < opts->max_buffer_size)
 				return -1;
-			if (test_vec->iv.data == NULL)
+			if (test_vec->cipher_iv.data == NULL)
 				return -1;
-			if (test_vec->iv.length != opts->cipher_iv_sz)
+			if (test_vec->cipher_iv.length != opts->cipher_iv_sz)
 				return -1;
 			if (test_vec->cipher_key.data == NULL)
 				return -1;
@@ -240,6 +246,11 @@ cperf_check_test_vector(struct cperf_options *opts,
 				return -1;
 			if (test_vec->auth_key.length != opts->auth_key_sz)
 				return -1;
+			if (test_vec->auth_iv.length != opts->auth_iv_sz)
+				return -1;
+			/* Auth IV is only required for some algorithms */
+			if (opts->auth_iv_sz && test_vec->auth_iv.data == NULL)
+				return -1;
 			if (test_vec->digest.data == NULL)
 				return -1;
 			if (test_vec->digest.length < opts->auth_digest_sz)
@@ -254,6 +265,10 @@ cperf_check_test_vector(struct cperf_options *opts,
 			return -1;
 		if (test_vec->ciphertext.length < opts->max_buffer_size)
 			return -1;
+		if (test_vec->cipher_iv.data == NULL)
+			return -1;
+		if (test_vec->cipher_iv.length != opts->cipher_iv_sz)
+			return -1;
 		if (test_vec->aad.data == NULL)
 			return -1;
 		if (test_vec->aad.length != opts->auth_aad_sz)
diff --git a/doc/guides/prog_guide/cryptodev_lib.rst b/doc/guides/prog_guide/cryptodev_lib.rst
index 4e352f4..68890ff 100644
--- a/doc/guides/prog_guide/cryptodev_lib.rst
+++ b/doc/guides/prog_guide/cryptodev_lib.rst
@@ -245,7 +245,8 @@ algorithm AES_CBC.
                         .max = 12,
                         .increment = 0
                     },
-                    .aad_size = { 0 }
+                    .aad_size = { 0 },
+                    .iv_size = { 0 }
                 }
             }
         },
diff --git a/doc/guides/rel_notes/release_17_08.rst b/doc/guides/rel_notes/release_17_08.rst
index 4775bd2..eabf3dd 100644
--- a/doc/guides/rel_notes/release_17_08.rst
+++ b/doc/guides/rel_notes/release_17_08.rst
@@ -161,6 +161,8 @@ API Changes
     offset from the start of the crypto operation.
   * Moved length and offset of cipher IV from ``rte_crypto_sym_op`` to
     ``rte_crypto_cipher_xform``.
+  * Added authentication IV parameters (offset and length) in
+    ``rte_crypto_auth_xform``.
 
 
 ABI Changes
diff --git a/doc/guides/sample_app_ug/l2_forward_crypto.rst b/doc/guides/sample_app_ug/l2_forward_crypto.rst
index 45d8a12..b9aa573 100644
--- a/doc/guides/sample_app_ug/l2_forward_crypto.rst
+++ b/doc/guides/sample_app_ug/l2_forward_crypto.rst
@@ -86,9 +86,10 @@ The application requires a number of command line options:
     ./build/l2fwd-crypto [EAL options] -- [-p PORTMASK] [-q NQ] [-s] [-T PERIOD] /
     [--cdev_type HW/SW/ANY] [--chain HASH_CIPHER/CIPHER_HASH/CIPHER_ONLY/HASH_ONLY] /
     [--cipher_algo ALGO] [--cipher_op ENCRYPT/DECRYPT] [--cipher_key KEY] /
-    [--cipher_key_random_size SIZE] [--iv IV] [--iv_random_size SIZE] /
+    [--cipher_key_random_size SIZE] [--cipher_iv IV] [--cipher_iv_random_size SIZE] /
     [--auth_algo ALGO] [--auth_op GENERATE/VERIFY] [--auth_key KEY] /
-    [--auth_key_random_size SIZE] [--aad AAD] [--aad_random_size SIZE] /
+    [--auth_key_random_size SIZE] [--auth_iv IV] [--auth_iv_random_size SIZE] /
+    [--aad AAD] [--aad_random_size SIZE] /
     [--digest size SIZE] [--sessionless] [--cryptodev_mask MASK]
 
 where,
@@ -127,11 +128,11 @@ where,
 
     Note that if --cipher_key is used, this will be ignored.
 
-*   iv: set the IV to be used. Bytes has to be separated with ":"
+*   cipher_iv: set the cipher IV to be used. Bytes has to be separated with ":"
 
-*   iv_random_size: set the size of the IV, which will be generated randomly.
+*   cipher_iv_random_size: set the size of the cipher IV, which will be generated randomly.
 
-    Note that if --iv is used, this will be ignored.
+    Note that if --cipher_iv is used, this will be ignored.
 
 *   auth_algo: select the authentication algorithm (default is sha1-hmac)
 
@@ -147,6 +148,12 @@ where,
 
     Note that if --auth_key is used, this will be ignored.
 
+*   auth_iv: set the auth IV to be used. Bytes has to be separated with ":"
+
+*   auth_iv_random_size: set the size of the auth IV, which will be generated randomly.
+
+    Note that if --auth_iv is used, this will be ignored.
+
 *   aad: set the AAD to be used. Bytes has to be separated with ":"
 
 *   aad_random_size: set the size of the AAD, which will be generated randomly.
diff --git a/doc/guides/tools/cryptoperf.rst b/doc/guides/tools/cryptoperf.rst
index 1acde76..c0accfc 100644
--- a/doc/guides/tools/cryptoperf.rst
+++ b/doc/guides/tools/cryptoperf.rst
@@ -290,6 +290,10 @@ The following are the appication command-line options:
 
         Set the size of authentication key.
 
+* ``--auth-iv-sz <n>``
+
+        Set the size of auth iv.
+
 * ``--auth-digest-sz <n>``
 
         Set the size of authentication digest.
@@ -345,9 +349,13 @@ a string of bytes in C byte array format::
 
         Key used in auth operation.
 
-* ``iv``
+* ``cipher_iv``
+
+        Cipher Initial Vector.
+
+* ``auth_iv``
 
-        Initial vector.
+        Auth Initial Vector.
 
 * ``aad``
 
@@ -412,7 +420,7 @@ Test vector file for cipher algorithm aes cbc 256 with authorization sha::
    0xf5, 0x0c, 0xe7, 0xa2, 0xa6, 0x23, 0xd5, 0x3d, 0x95, 0xd8, 0xcd, 0x86, 0x79, 0xf5, 0x01, 0x47,
    0x4f, 0xf9, 0x1d, 0x9d, 0x36, 0xf7, 0x68, 0x1a, 0x64, 0x44, 0x58, 0x5d, 0xe5, 0x81, 0x15, 0x2a,
    0x41, 0xe4, 0x0e, 0xaa, 0x1f, 0x04, 0x21, 0xff, 0x2c, 0xf3, 0x73, 0x2b, 0x48, 0x1e, 0xd2, 0xf7
-   iv =
+   cipher_iv =
    0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07, 0x08, 0x09, 0x0A, 0x0B, 0x0C, 0x0D, 0x0E, 0x0F
    # Section sha 1 hmac buff 32
    [sha1_hmac_buff_32]
diff --git a/drivers/crypto/aesni_gcm/aesni_gcm_pmd_ops.c b/drivers/crypto/aesni_gcm/aesni_gcm_pmd_ops.c
index 7b68a20..542e6c4 100644
--- a/drivers/crypto/aesni_gcm/aesni_gcm_pmd_ops.c
+++ b/drivers/crypto/aesni_gcm/aesni_gcm_pmd_ops.c
@@ -60,7 +60,8 @@ static const struct rte_cryptodev_capabilities aesni_gcm_pmd_capabilities[] = {
 					.min = 0,
 					.max = 65535,
 					.increment = 1
-				}
+				},
+				.iv_size = { 0 }
 			}, }
 		}, }
 	},
@@ -85,7 +86,8 @@ static const struct rte_cryptodev_capabilities aesni_gcm_pmd_capabilities[] = {
 					.min = 0,
 					.max = 65535,
 					.increment = 1
-				}
+				},
+				.iv_size = { 0 }
 			}, }
 		}, }
 	},
diff --git a/drivers/crypto/aesni_mb/rte_aesni_mb_pmd_ops.c b/drivers/crypto/aesni_mb/rte_aesni_mb_pmd_ops.c
index d1bc28e..780b88b 100644
--- a/drivers/crypto/aesni_mb/rte_aesni_mb_pmd_ops.c
+++ b/drivers/crypto/aesni_mb/rte_aesni_mb_pmd_ops.c
@@ -57,7 +57,8 @@ static const struct rte_cryptodev_capabilities aesni_mb_pmd_capabilities[] = {
 					.max = 12,
 					.increment = 0
 				},
-				.aad_size = { 0 }
+				.aad_size = { 0 },
+				.iv_size = { 0 }
 			}, }
 		}, }
 	},
@@ -78,7 +79,8 @@ static const struct rte_cryptodev_capabilities aesni_mb_pmd_capabilities[] = {
 					.max = 12,
 					.increment = 0
 				},
-				.aad_size = { 0 }
+				.aad_size = { 0 },
+				.iv_size = { 0 }
 			}, }
 		}, }
 	},
@@ -99,7 +101,8 @@ static const struct rte_cryptodev_capabilities aesni_mb_pmd_capabilities[] = {
 					.max = 14,
 					.increment = 0
 				},
-				.aad_size = { 0 }
+				.aad_size = { 0 },
+				.iv_size = { 0 }
 			}, }
 		}, }
 	},
@@ -120,7 +123,8 @@ static const struct rte_cryptodev_capabilities aesni_mb_pmd_capabilities[] = {
 					.max = 16,
 					.increment = 0
 				},
-				.aad_size = { 0 }
+				.aad_size = { 0 },
+				.iv_size = { 0 }
 			}, }
 		}, }
 	},
@@ -141,7 +145,8 @@ static const struct rte_cryptodev_capabilities aesni_mb_pmd_capabilities[] = {
 					.max = 24,
 					.increment = 0
 				},
-				.aad_size = { 0 }
+				.aad_size = { 0 },
+				.iv_size = { 0 }
 			}, }
 		}, }
 	},
@@ -162,7 +167,8 @@ static const struct rte_cryptodev_capabilities aesni_mb_pmd_capabilities[] = {
 					.max = 32,
 					.increment = 0
 				},
-				.aad_size = { 0 }
+				.aad_size = { 0 },
+				.iv_size = { 0 }
 			}, }
 		}, }
 	},
@@ -183,7 +189,8 @@ static const struct rte_cryptodev_capabilities aesni_mb_pmd_capabilities[] = {
 					.max = 12,
 					.increment = 0
 				},
-				.aad_size = { 0 }
+				.aad_size = { 0 },
+				.iv_size = { 0 }
 			}, }
 		}, }
 	},
diff --git a/drivers/crypto/armv8/rte_armv8_pmd_ops.c b/drivers/crypto/armv8/rte_armv8_pmd_ops.c
index 4d9ccbf..78ed770 100644
--- a/drivers/crypto/armv8/rte_armv8_pmd_ops.c
+++ b/drivers/crypto/armv8/rte_armv8_pmd_ops.c
@@ -59,7 +59,8 @@ static const struct rte_cryptodev_capabilities
 						.max = 20,
 						.increment = 0
 					},
-					.aad_size = { 0 }
+					.aad_size = { 0 },
+					.iv_size = { 0 }
 				}, }
 			}, }
 	},
@@ -80,7 +81,8 @@ static const struct rte_cryptodev_capabilities
 						.max = 32,
 						.increment = 0
 					},
-					.aad_size = { 0 }
+					.aad_size = { 0 },
+					.iv_size = { 0 }
 				}, }
 			}, }
 	},
diff --git a/drivers/crypto/dpaa2_sec/dpaa2_sec_priv.h b/drivers/crypto/dpaa2_sec/dpaa2_sec_priv.h
index d152161..ff3be70 100644
--- a/drivers/crypto/dpaa2_sec/dpaa2_sec_priv.h
+++ b/drivers/crypto/dpaa2_sec/dpaa2_sec_priv.h
@@ -217,7 +217,8 @@ static const struct rte_cryptodev_capabilities dpaa2_sec_capabilities[] = {
 					.max = 16,
 					.increment = 0
 				},
-				.aad_size = { 0 }
+				.aad_size = { 0 },
+				.iv_size = { 0 }
 			}, }
 		}, }
 	},
@@ -238,7 +239,8 @@ static const struct rte_cryptodev_capabilities dpaa2_sec_capabilities[] = {
 					.max = 20,
 					.increment = 0
 				},
-				.aad_size = { 0 }
+				.aad_size = { 0 },
+				.iv_size = { 0 }
 			}, }
 		}, }
 	},
@@ -259,7 +261,8 @@ static const struct rte_cryptodev_capabilities dpaa2_sec_capabilities[] = {
 					.max = 28,
 					.increment = 0
 				},
-				.aad_size = { 0 }
+				.aad_size = { 0 },
+				.iv_size = { 0 }
 			}, }
 		}, }
 	},
@@ -280,7 +283,8 @@ static const struct rte_cryptodev_capabilities dpaa2_sec_capabilities[] = {
 						.max = 32,
 						.increment = 0
 				},
-				.aad_size = { 0 }
+				.aad_size = { 0 },
+				.iv_size = { 0 }
 				}, }
 			}, }
 		},
@@ -301,7 +305,8 @@ static const struct rte_cryptodev_capabilities dpaa2_sec_capabilities[] = {
 					.max = 48,
 					.increment = 0
 				},
-				.aad_size = { 0 }
+				.aad_size = { 0 },
+				.iv_size = { 0 }
 			}, }
 		}, }
 	},
@@ -322,7 +327,8 @@ static const struct rte_cryptodev_capabilities dpaa2_sec_capabilities[] = {
 					.max = 64,
 					.increment = 0
 				},
-				.aad_size = { 0 }
+				.aad_size = { 0 },
+				.iv_size = { 0 }
 			}, }
 		}, }
 	},
diff --git a/drivers/crypto/kasumi/rte_kasumi_pmd_ops.c b/drivers/crypto/kasumi/rte_kasumi_pmd_ops.c
index 62ebdbd..8f1a116 100644
--- a/drivers/crypto/kasumi/rte_kasumi_pmd_ops.c
+++ b/drivers/crypto/kasumi/rte_kasumi_pmd_ops.c
@@ -60,7 +60,8 @@ static const struct rte_cryptodev_capabilities kasumi_pmd_capabilities[] = {
 					.min = 8,
 					.max = 8,
 					.increment = 0
-				}
+				},
+				.iv_size = { 0 }
 			}, }
 		}, }
 	},
diff --git a/drivers/crypto/null/null_crypto_pmd_ops.c b/drivers/crypto/null/null_crypto_pmd_ops.c
index 5f74f0c..f8ad8e4 100644
--- a/drivers/crypto/null/null_crypto_pmd_ops.c
+++ b/drivers/crypto/null/null_crypto_pmd_ops.c
@@ -56,7 +56,8 @@ static const struct rte_cryptodev_capabilities null_crypto_pmd_capabilities[] =
 					.max = 0,
 					.increment = 0
 				},
-				.aad_size = { 0 }
+				.aad_size = { 0 },
+				.iv_size = { 0 }
 			}, },
 		}, },
 	},
diff --git a/drivers/crypto/openssl/rte_openssl_pmd_ops.c b/drivers/crypto/openssl/rte_openssl_pmd_ops.c
index 22a6873..3026dbd 100644
--- a/drivers/crypto/openssl/rte_openssl_pmd_ops.c
+++ b/drivers/crypto/openssl/rte_openssl_pmd_ops.c
@@ -57,7 +57,8 @@ static const struct rte_cryptodev_capabilities openssl_pmd_capabilities[] = {
 					.max = 16,
 					.increment = 0
 				},
-				.aad_size = { 0 }
+				.aad_size = { 0 },
+				.iv_size = { 0 }
 			}, }
 		}, }
 	},
@@ -78,7 +79,8 @@ static const struct rte_cryptodev_capabilities openssl_pmd_capabilities[] = {
 					.max = 16,
 					.increment = 0
 				},
-				.aad_size = { 0 }
+				.aad_size = { 0 },
+				.iv_size = { 0 }
 			}, }
 		}, }
 	},
@@ -99,7 +101,8 @@ static const struct rte_cryptodev_capabilities openssl_pmd_capabilities[] = {
 					.max = 20,
 					.increment = 0
 				},
-				.aad_size = { 0 }
+				.aad_size = { 0 },
+				.iv_size = { 0 }
 			}, }
 		}, }
 	},
@@ -120,7 +123,8 @@ static const struct rte_cryptodev_capabilities openssl_pmd_capabilities[] = {
 					.max = 20,
 					.increment = 0
 				},
-				.aad_size = { 0 }
+				.aad_size = { 0 },
+				.iv_size = { 0 }
 			}, }
 		}, }
 	},
@@ -141,7 +145,8 @@ static const struct rte_cryptodev_capabilities openssl_pmd_capabilities[] = {
 					.max = 28,
 					.increment = 0
 				},
-				.aad_size = { 0 }
+				.aad_size = { 0 },
+				.iv_size = { 0 }
 			}, }
 		}, }
 	},
@@ -162,7 +167,8 @@ static const struct rte_cryptodev_capabilities openssl_pmd_capabilities[] = {
 					.max = 28,
 					.increment = 0
 				},
-				.aad_size = { 0 }
+				.aad_size = { 0 },
+				.iv_size = { 0 }
 			}, }
 		}, }
 	},
@@ -183,31 +189,33 @@ static const struct rte_cryptodev_capabilities openssl_pmd_capabilities[] = {
 					.max = 32,
 					.increment = 0
 				},
-				.aad_size = { 0 }
+				.aad_size = { 0 },
+				.iv_size = { 0 }
 			}, }
 		}, }
 	},
 	{	/* SHA256 */
-			.op = RTE_CRYPTO_OP_TYPE_SYMMETRIC,
-			{.sym = {
-				.xform_type = RTE_CRYPTO_SYM_XFORM_AUTH,
-				{.auth = {
-					.algo = RTE_CRYPTO_AUTH_SHA256,
-					.block_size = 64,
-					.key_size = {
-						.min = 0,
-						.max = 0,
-						.increment = 0
-					},
-					.digest_size = {
-						.min = 32,
-						.max = 32,
-						.increment = 0
-					},
-					.aad_size = { 0 }
-				}, }
+		.op = RTE_CRYPTO_OP_TYPE_SYMMETRIC,
+		{.sym = {
+			.xform_type = RTE_CRYPTO_SYM_XFORM_AUTH,
+			{.auth = {
+				.algo = RTE_CRYPTO_AUTH_SHA256,
+				.block_size = 64,
+				.key_size = {
+					.min = 0,
+					.max = 0,
+					.increment = 0
+				},
+				.digest_size = {
+					.min = 32,
+					.max = 32,
+					.increment = 0
+				},
+				.aad_size = { 0 },
+				.iv_size = { 0 }
 			}, }
-		},
+		}, }
+	},
 	{	/* SHA384 HMAC */
 		.op = RTE_CRYPTO_OP_TYPE_SYMMETRIC,
 		{.sym = {
@@ -225,7 +233,8 @@ static const struct rte_cryptodev_capabilities openssl_pmd_capabilities[] = {
 					.max = 48,
 					.increment = 0
 				},
-				.aad_size = { 0 }
+				.aad_size = { 0 },
+				.iv_size = { 0 }
 			}, }
 		}, }
 	},
@@ -246,7 +255,8 @@ static const struct rte_cryptodev_capabilities openssl_pmd_capabilities[] = {
 					.max = 48,
 					.increment = 0
 				},
-				.aad_size = { 0 }
+				.aad_size = { 0 },
+				.iv_size = { 0 }
 			}, }
 		}, }
 	},
@@ -267,7 +277,8 @@ static const struct rte_cryptodev_capabilities openssl_pmd_capabilities[] = {
 					.max = 64,
 					.increment = 0
 				},
-				.aad_size = { 0 }
+				.aad_size = { 0 },
+				.iv_size = { 0 }
 			}, }
 		}, }
 	},
@@ -288,7 +299,8 @@ static const struct rte_cryptodev_capabilities openssl_pmd_capabilities[] = {
 					.max = 64,
 					.increment = 0
 				},
-				.aad_size = { 0 }
+				.aad_size = { 0 },
+				.iv_size = { 0 }
 			}, }
 		}, }
 	},
@@ -353,7 +365,8 @@ static const struct rte_cryptodev_capabilities openssl_pmd_capabilities[] = {
 					.min = 0,
 					.max = 65535,
 					.increment = 1
-				}
+				},
+				.iv_size = { 0 }
 			}, }
 		}, }
 	},
@@ -398,7 +411,8 @@ static const struct rte_cryptodev_capabilities openssl_pmd_capabilities[] = {
 					.min = 8,
 					.max = 65532,
 					.increment = 4
-				}
+				},
+				.iv_size = { 0 }
 			}, }
 		}, }
 	},
diff --git a/drivers/crypto/qat/qat_crypto_capabilities.h b/drivers/crypto/qat/qat_crypto_capabilities.h
index 1294f24..4bc2c97 100644
--- a/drivers/crypto/qat/qat_crypto_capabilities.h
+++ b/drivers/crypto/qat/qat_crypto_capabilities.h
@@ -52,7 +52,8 @@
 					.max = 20,			\
 					.increment = 0			\
 				},					\
-				.aad_size = { 0 }			\
+				.aad_size = { 0 },			\
+				.iv_size = { 0 }			\
 			}, }						\
 		}, }							\
 	},								\
@@ -73,7 +74,8 @@
 					.max = 28,			\
 					.increment = 0			\
 				},					\
-				.aad_size = { 0 }			\
+				.aad_size = { 0 },			\
+				.iv_size = { 0 }			\
 			}, }						\
 		}, }							\
 	},								\
@@ -94,7 +96,8 @@
 					.max = 32,			\
 					.increment = 0			\
 				},					\
-				.aad_size = { 0 }			\
+				.aad_size = { 0 },			\
+				.iv_size = { 0 }			\
 			}, }						\
 		}, }							\
 	},								\
@@ -114,8 +117,9 @@
 					.min = 48,			\
 					.max = 48,			\
 					.increment = 0			\
-					},				\
-				.aad_size = { 0 }			\
+				},					\
+				.aad_size = { 0 },			\
+				.iv_size = { 0 }			\
 			}, }						\
 		}, }							\
 	},								\
@@ -136,7 +140,8 @@
 					.max = 64,			\
 					.increment = 0			\
 				},					\
-				.aad_size = { 0 }			\
+				.aad_size = { 0 },			\
+				.iv_size = { 0 }			\
 			}, }						\
 		}, }							\
 	},								\
@@ -157,7 +162,8 @@
 					.max = 16,			\
 					.increment = 0			\
 				},					\
-				.aad_size = { 0 }			\
+				.aad_size = { 0 },			\
+				.iv_size = { 0 }			\
 			}, }						\
 		}, }							\
 	},								\
@@ -178,7 +184,8 @@
 					.max = 16,			\
 					.increment = 0			\
 				},					\
-				.aad_size = { 0 }			\
+				.aad_size = { 0 },			\
+				.iv_size = { 0 }			\
 			}, }						\
 		}, }							\
 	},								\
@@ -203,7 +210,8 @@
 					.min = 0,			\
 					.max = 240,			\
 					.increment = 1			\
-				}					\
+				},					\
+				.iv_size = { 0 }			\
 			}, }						\
 		}, }							\
 	},								\
@@ -228,7 +236,8 @@
 					.min = 1,			\
 					.max = 65535,			\
 					.increment = 1			\
-				}					\
+				},					\
+				.iv_size = { 0 }			\
 			}, }						\
 		}, }							\
 	},								\
@@ -253,7 +262,8 @@
 					.min = 16,			\
 					.max = 16,			\
 					.increment = 0			\
-				}					\
+				},					\
+				.iv_size = { 0 }			\
 			}, }						\
 		}, }							\
 	},								\
@@ -374,7 +384,8 @@
 					.max = 0,			\
 					.increment = 0			\
 				},					\
-				.aad_size = { 0 }			\
+				.aad_size = { 0 },			\
+				.iv_size = { 0 }			\
 			}, },						\
 		}, },							\
 	},								\
@@ -439,7 +450,8 @@
 					.min = 8,			\
 					.max = 8,			\
 					.increment = 0			\
-				}					\
+				},					\
+				.iv_size = { 0 }			\
 			}, }						\
 		}, }							\
 	},								\
@@ -566,7 +578,8 @@
 					.min = 16,			\
 					.max = 16,			\
 					.increment = 0			\
-				}					\
+				},					\
+				.iv_size = { 0 }			\
 			}, }						\
 		}, }							\
 	}
diff --git a/drivers/crypto/snow3g/rte_snow3g_pmd_ops.c b/drivers/crypto/snow3g/rte_snow3g_pmd_ops.c
index 7ce96be..68ede97 100644
--- a/drivers/crypto/snow3g/rte_snow3g_pmd_ops.c
+++ b/drivers/crypto/snow3g/rte_snow3g_pmd_ops.c
@@ -60,7 +60,8 @@ static const struct rte_cryptodev_capabilities snow3g_pmd_capabilities[] = {
 					.min = 16,
 					.max = 16,
 					.increment = 0
-				}
+				},
+				.iv_size = { 0 },
 			}, }
 		}, }
 	},
diff --git a/drivers/crypto/zuc/rte_zuc_pmd_ops.c b/drivers/crypto/zuc/rte_zuc_pmd_ops.c
index c24b9bd..02c3c4a 100644
--- a/drivers/crypto/zuc/rte_zuc_pmd_ops.c
+++ b/drivers/crypto/zuc/rte_zuc_pmd_ops.c
@@ -60,7 +60,8 @@ static const struct rte_cryptodev_capabilities zuc_pmd_capabilities[] = {
 					.min = 16,
 					.max = 16,
 					.increment = 0
-				}
+				},
+				.iv_size = { 0 }
 			}, }
 		}, }
 	},
diff --git a/examples/l2fwd-crypto/main.c b/examples/l2fwd-crypto/main.c
index 9f16806..ba5aef7 100644
--- a/examples/l2fwd-crypto/main.c
+++ b/examples/l2fwd-crypto/main.c
@@ -160,14 +160,18 @@ struct l2fwd_crypto_options {
 	unsigned ckey_param;
 	int ckey_random_size;
 
-	struct l2fwd_iv iv;
-	unsigned int iv_param;
-	int iv_random_size;
+	struct l2fwd_iv cipher_iv;
+	unsigned int cipher_iv_param;
+	int cipher_iv_random_size;
 
 	struct rte_crypto_sym_xform auth_xform;
 	uint8_t akey_param;
 	int akey_random_size;
 
+	struct l2fwd_iv auth_iv;
+	unsigned int auth_iv_param;
+	int auth_iv_random_size;
+
 	struct l2fwd_key aad;
 	unsigned aad_param;
 	int aad_random_size;
@@ -188,7 +192,8 @@ struct l2fwd_crypto_params {
 	unsigned digest_length;
 	unsigned block_size;
 
-	struct l2fwd_iv iv;
+	struct l2fwd_iv cipher_iv;
+	struct l2fwd_iv auth_iv;
 	struct l2fwd_key aad;
 	struct rte_cryptodev_sym_session *session;
 
@@ -453,6 +458,18 @@ l2fwd_simple_crypto_enqueue(struct rte_mbuf *m,
 	rte_crypto_op_attach_sym_session(op, cparams->session);
 
 	if (cparams->do_hash) {
+		if (cparams->auth_iv.length) {
+			uint8_t *iv_ptr = rte_crypto_op_ctod_offset(op,
+						uint8_t *,
+						IV_OFFSET +
+						cparams->cipher_iv.length);
+			/*
+			 * Copy IV at the end of the crypto operation,
+			 * after the cipher IV, if added
+			 */
+			rte_memcpy(iv_ptr, cparams->auth_iv.data,
+					cparams->auth_iv.length);
+		}
 		if (!cparams->hash_verify) {
 			/* Append space for digest to end of packet */
 			op->sym->auth.digest.data = (uint8_t *)rte_pktmbuf_append(m,
@@ -492,7 +509,8 @@ l2fwd_simple_crypto_enqueue(struct rte_mbuf *m,
 		uint8_t *iv_ptr = rte_crypto_op_ctod_offset(op, uint8_t *,
 							IV_OFFSET);
 		/* Copy IV at the end of the crypto operation */
-		rte_memcpy(iv_ptr, cparams->iv.data, cparams->iv.length);
+		rte_memcpy(iv_ptr, cparams->cipher_iv.data,
+				cparams->cipher_iv.length);
 
 		/* For wireless algorithms, offset/length must be in bits */
 		if (cparams->cipher_algo == RTE_CRYPTO_CIPHER_SNOW3G_UEA2 ||
@@ -675,6 +693,18 @@ l2fwd_main_loop(struct l2fwd_crypto_options *options)
 		port_cparams[i].block_size = options->block_size;
 
 		if (port_cparams[i].do_hash) {
+			port_cparams[i].auth_iv.data = options->auth_iv.data;
+			port_cparams[i].auth_iv.length = options->auth_iv.length;
+			if (!options->auth_iv_param)
+				generate_random_key(port_cparams[i].auth_iv.data,
+						port_cparams[i].auth_iv.length);
+			/* Set IV parameters */
+			if (options->auth_iv.length) {
+				options->auth_xform.auth.iv.offset =
+					IV_OFFSET + options->cipher_iv.length;
+				options->auth_xform.auth.iv.length =
+					options->auth_iv.length;
+			}
 			port_cparams[i].digest_length =
 					options->auth_xform.auth.digest_length;
 			if (options->auth_xform.auth.add_auth_data_length) {
@@ -698,16 +728,17 @@ l2fwd_main_loop(struct l2fwd_crypto_options *options)
 		}
 
 		if (port_cparams[i].do_cipher) {
-			port_cparams[i].iv.data = options->iv.data;
-			port_cparams[i].iv.length = options->iv.length;
-			if (!options->iv_param)
-				generate_random_key(port_cparams[i].iv.data,
-						port_cparams[i].iv.length);
+			port_cparams[i].cipher_iv.data = options->cipher_iv.data;
+			port_cparams[i].cipher_iv.length = options->cipher_iv.length;
+			if (!options->cipher_iv_param)
+				generate_random_key(port_cparams[i].cipher_iv.data,
+						port_cparams[i].cipher_iv.length);
 
 			port_cparams[i].cipher_algo = options->cipher_xform.cipher.algo;
 			/* Set IV parameters */
 			options->cipher_xform.cipher.iv.offset = IV_OFFSET;
-			options->cipher_xform.cipher.iv.length = options->iv.length;
+			options->cipher_xform.cipher.iv.length =
+						options->cipher_iv.length;
 		}
 
 		port_cparams[i].session = initialize_crypto_session(options,
@@ -861,13 +892,15 @@ l2fwd_crypto_usage(const char *prgname)
 		"  --cipher_op ENCRYPT / DECRYPT\n"
 		"  --cipher_key KEY (bytes separated with \":\")\n"
 		"  --cipher_key_random_size SIZE: size of cipher key when generated randomly\n"
-		"  --iv IV (bytes separated with \":\")\n"
-		"  --iv_random_size SIZE: size of IV when generated randomly\n"
+		"  --cipher_iv IV (bytes separated with \":\")\n"
+		"  --cipher_iv_random_size SIZE: size of cipher IV when generated randomly\n"
 
 		"  --auth_algo ALGO\n"
 		"  --auth_op GENERATE / VERIFY\n"
 		"  --auth_key KEY (bytes separated with \":\")\n"
 		"  --auth_key_random_size SIZE: size of auth key when generated randomly\n"
+		"  --auth_iv IV (bytes separated with \":\")\n"
+		"  --auth_iv_random_size SIZE: size of auth IV when generated randomly\n"
 		"  --aad AAD (bytes separated with \":\")\n"
 		"  --aad_random_size SIZE: size of AAD when generated randomly\n"
 		"  --digest_size SIZE: size of digest to be generated/verified\n"
@@ -1078,18 +1111,18 @@ l2fwd_crypto_parse_args_long_options(struct l2fwd_crypto_options *options,
 	else if (strcmp(lgopts[option_index].name, "cipher_key_random_size") == 0)
 		return parse_size(&options->ckey_random_size, optarg);
 
-	else if (strcmp(lgopts[option_index].name, "iv") == 0) {
-		options->iv_param = 1;
-		options->iv.length =
-			parse_key(options->iv.data, optarg);
-		if (options->iv.length > 0)
+	else if (strcmp(lgopts[option_index].name, "cipher_iv") == 0) {
+		options->cipher_iv_param = 1;
+		options->cipher_iv.length =
+			parse_key(options->cipher_iv.data, optarg);
+		if (options->cipher_iv.length > 0)
 			return 0;
 		else
 			return -1;
 	}
 
-	else if (strcmp(lgopts[option_index].name, "iv_random_size") == 0)
-		return parse_size(&options->iv_random_size, optarg);
+	else if (strcmp(lgopts[option_index].name, "cipher_iv_random_size") == 0)
+		return parse_size(&options->cipher_iv_random_size, optarg);
 
 	/* Authentication options */
 	else if (strcmp(lgopts[option_index].name, "auth_algo") == 0) {
@@ -1115,6 +1148,20 @@ l2fwd_crypto_parse_args_long_options(struct l2fwd_crypto_options *options,
 		return parse_size(&options->akey_random_size, optarg);
 	}
 
+
+	else if (strcmp(lgopts[option_index].name, "auth_iv") == 0) {
+		options->auth_iv_param = 1;
+		options->auth_iv.length =
+			parse_key(options->auth_iv.data, optarg);
+		if (options->auth_iv.length > 0)
+			return 0;
+		else
+			return -1;
+	}
+
+	else if (strcmp(lgopts[option_index].name, "auth_iv_random_size") == 0)
+		return parse_size(&options->auth_iv_random_size, optarg);
+
 	else if (strcmp(lgopts[option_index].name, "aad") == 0) {
 		options->aad_param = 1;
 		options->aad.length =
@@ -1233,9 +1280,9 @@ l2fwd_crypto_default_options(struct l2fwd_crypto_options *options)
 	options->ckey_param = 0;
 	options->ckey_random_size = -1;
 	options->cipher_xform.cipher.key.length = 0;
-	options->iv_param = 0;
-	options->iv_random_size = -1;
-	options->iv.length = 0;
+	options->cipher_iv_param = 0;
+	options->cipher_iv_random_size = -1;
+	options->cipher_iv.length = 0;
 
 	options->cipher_xform.cipher.algo = RTE_CRYPTO_CIPHER_AES_CBC;
 	options->cipher_xform.cipher.op = RTE_CRYPTO_CIPHER_OP_ENCRYPT;
@@ -1246,6 +1293,9 @@ l2fwd_crypto_default_options(struct l2fwd_crypto_options *options)
 	options->akey_param = 0;
 	options->akey_random_size = -1;
 	options->auth_xform.auth.key.length = 0;
+	options->auth_iv_param = 0;
+	options->auth_iv_random_size = -1;
+	options->auth_iv.length = 0;
 	options->aad_param = 0;
 	options->aad_random_size = -1;
 	options->aad.length = 0;
@@ -1267,7 +1317,7 @@ display_cipher_info(struct l2fwd_crypto_options *options)
 	rte_hexdump(stdout, "Cipher key:",
 			options->cipher_xform.cipher.key.data,
 			options->cipher_xform.cipher.key.length);
-	rte_hexdump(stdout, "IV:", options->iv.data, options->iv.length);
+	rte_hexdump(stdout, "IV:", options->cipher_iv.data, options->cipher_iv.length);
 }
 
 static void
@@ -1279,6 +1329,7 @@ display_auth_info(struct l2fwd_crypto_options *options)
 	rte_hexdump(stdout, "Auth key:",
 			options->auth_xform.auth.key.data,
 			options->auth_xform.auth.key.length);
+	rte_hexdump(stdout, "IV:", options->auth_iv.data, options->auth_iv.length);
 	rte_hexdump(stdout, "AAD:", options->aad.data, options->aad.length);
 }
 
@@ -1316,8 +1367,11 @@ l2fwd_crypto_options_print(struct l2fwd_crypto_options *options)
 	if (options->akey_param && (options->akey_random_size != -1))
 		printf("Auth key already parsed, ignoring size of random key\n");
 
-	if (options->iv_param && (options->iv_random_size != -1))
-		printf("IV already parsed, ignoring size of random IV\n");
+	if (options->cipher_iv_param && (options->cipher_iv_random_size != -1))
+		printf("Cipher IV already parsed, ignoring size of random IV\n");
+
+	if (options->auth_iv_param && (options->auth_iv_random_size != -1))
+		printf("Auth IV already parsed, ignoring size of random IV\n");
 
 	if (options->aad_param && (options->aad_random_size != -1))
 		printf("AAD already parsed, ignoring size of random AAD\n");
@@ -1365,14 +1419,16 @@ l2fwd_crypto_parse_args(struct l2fwd_crypto_options *options,
 			{ "cipher_op", required_argument, 0, 0 },
 			{ "cipher_key", required_argument, 0, 0 },
 			{ "cipher_key_random_size", required_argument, 0, 0 },
+			{ "cipher_iv", required_argument, 0, 0 },
+			{ "cipher_iv_random_size", required_argument, 0, 0 },
 
 			{ "auth_algo", required_argument, 0, 0 },
 			{ "auth_op", required_argument, 0, 0 },
 			{ "auth_key", required_argument, 0, 0 },
 			{ "auth_key_random_size", required_argument, 0, 0 },
+			{ "auth_iv", required_argument, 0, 0 },
+			{ "auth_iv_random_size", required_argument, 0, 0 },
 
-			{ "iv", required_argument, 0, 0 },
-			{ "iv_random_size", required_argument, 0, 0 },
 			{ "aad", required_argument, 0, 0 },
 			{ "aad_random_size", required_argument, 0, 0 },
 			{ "digest_size", required_argument, 0, 0 },
@@ -1660,8 +1716,10 @@ initialize_cryptodevs(struct l2fwd_crypto_options *options, unsigned nb_ports,
 
 			options->block_size = cap->sym.cipher.block_size;
 
-			check_iv_param(&cap->sym.cipher.iv_size, options->iv_param,
-					options->iv_random_size, &options->iv.length);
+			check_iv_param(&cap->sym.cipher.iv_size,
+					options->cipher_iv_param,
+					options->cipher_iv_random_size,
+					&options->cipher_iv.length);
 
 			/*
 			 * Check if length of provided cipher key is supported
@@ -1731,6 +1789,10 @@ initialize_cryptodevs(struct l2fwd_crypto_options *options, unsigned nb_ports,
 				continue;
 			}
 
+			check_iv_param(&cap->sym.auth.iv_size,
+					options->auth_iv_param,
+					options->auth_iv_random_size,
+					&options->auth_iv.length);
 			/*
 			 * Check if length of provided AAD is supported
 			 * by the algorithm chosen.
@@ -1972,9 +2034,13 @@ reserve_key_memory(struct l2fwd_crypto_options *options)
 	if (options->auth_xform.auth.key.data == NULL)
 		rte_exit(EXIT_FAILURE, "Failed to allocate memory for auth key");
 
-	options->iv.data = rte_malloc("iv", MAX_KEY_SIZE, 0);
-	if (options->iv.data == NULL)
-		rte_exit(EXIT_FAILURE, "Failed to allocate memory for IV");
+	options->cipher_iv.data = rte_malloc("cipher iv", MAX_KEY_SIZE, 0);
+	if (options->cipher_iv.data == NULL)
+		rte_exit(EXIT_FAILURE, "Failed to allocate memory for cipher IV");
+
+	options->auth_iv.data = rte_malloc("auth iv", MAX_KEY_SIZE, 0);
+	if (options->auth_iv.data == NULL)
+		rte_exit(EXIT_FAILURE, "Failed to allocate memory for auth IV");
 
 	options->aad.data = rte_malloc("aad", MAX_KEY_SIZE, 0);
 	if (options->aad.data == NULL)
diff --git a/lib/librte_cryptodev/rte_crypto_sym.h b/lib/librte_cryptodev/rte_crypto_sym.h
index c1a1e27..0e84bad 100644
--- a/lib/librte_cryptodev/rte_crypto_sym.h
+++ b/lib/librte_cryptodev/rte_crypto_sym.h
@@ -393,6 +393,30 @@ struct rte_crypto_auth_xform {
 	 *  of the AAD data is specified in additional authentication data
 	 *  length field of the rte_crypto_sym_op_data structure
 	 */
+
+	struct {
+		uint16_t offset;
+		/**< Starting point for Initialisation Vector or Counter,
+		 * specified as number of bytes from start of crypto
+		 * operation (rte_crypto_op).
+		 *
+		 * - For KASUMI in F9 mode, SNOW 3G in UIA2 mode,
+		 *   for ZUC in EIA3 mode and for AES-GMAC, this is the
+		 *   authentication Initialisation Vector (IV) value.
+		 *
+		 *
+		 * For optimum performance, the data pointed to SHOULD
+		 * be 8-byte aligned.
+		 */
+		uint16_t length;
+		/**< Length of valid IV data.
+		 *
+		 * - For KASUMI in F9 mode, SNOW3G in UIA2 mode, for
+		 *   ZUC in EIA3 mode and for AES-GMAC, this is the length
+		 *   of the IV.
+		 *
+		 */
+	} iv;	/**< Initialisation vector parameters */
 };
 
 /** Crypto transformation types */
diff --git a/lib/librte_cryptodev/rte_cryptodev.c b/lib/librte_cryptodev/rte_cryptodev.c
index a466ed7..5aa177f 100644
--- a/lib/librte_cryptodev/rte_cryptodev.c
+++ b/lib/librte_cryptodev/rte_cryptodev.c
@@ -272,7 +272,8 @@ rte_cryptodev_sym_capability_check_cipher(
 int
 rte_cryptodev_sym_capability_check_auth(
 		const struct rte_cryptodev_symmetric_capability *capability,
-		uint16_t key_size, uint16_t digest_size, uint16_t aad_size)
+		uint16_t key_size, uint16_t digest_size, uint16_t aad_size,
+		uint16_t iv_size)
 {
 	if (param_range_check(key_size, capability->auth.key_size))
 		return -1;
@@ -283,6 +284,9 @@ rte_cryptodev_sym_capability_check_auth(
 	if (param_range_check(aad_size, capability->auth.aad_size))
 		return -1;
 
+	if (param_range_check(iv_size, capability->auth.iv_size))
+		return -1;
+
 	return 0;
 }
 
diff --git a/lib/librte_cryptodev/rte_cryptodev.h b/lib/librte_cryptodev/rte_cryptodev.h
index 91f3375..75b423a 100644
--- a/lib/librte_cryptodev/rte_cryptodev.h
+++ b/lib/librte_cryptodev/rte_cryptodev.h
@@ -184,6 +184,8 @@ struct rte_cryptodev_symmetric_capability {
 			/**< digest size range */
 			struct rte_crypto_param_range aad_size;
 			/**< Additional authentication data size range */
+			struct rte_crypto_param_range iv_size;
+			/**< Initialisation vector data size range */
 		} auth;
 		/**< Symmetric Authentication transform capabilities */
 		struct {
@@ -260,6 +262,7 @@ rte_cryptodev_sym_capability_check_cipher(
  * @param	key_size	Auth key size.
  * @param	digest_size	Auth digest size.
  * @param	aad_size	Auth aad size.
+ * @param	iv_size		Auth initial vector size.
  *
  * @return
  *   - Return 0 if the parameters are in range of the capability.
@@ -268,7 +271,8 @@ rte_cryptodev_sym_capability_check_cipher(
 int
 rte_cryptodev_sym_capability_check_auth(
 		const struct rte_cryptodev_symmetric_capability *capability,
-		uint16_t key_size, uint16_t digest_size, uint16_t aad_size);
+		uint16_t key_size, uint16_t digest_size, uint16_t aad_size,
+		uint16_t iv_size);
 
 /**
  * Provide the cipher algorithm enum, given an algorithm string
-- 
2.9.4

^ permalink raw reply	[flat|nested] 100+ messages in thread

* [dpdk-dev] [PATCH v4 15/26] cryptodev: do not use AAD in wireless algorithms
  2017-07-02  5:41     ` [dpdk-dev] [PATCH v4 " Pablo de Lara
                         ` (13 preceding siblings ...)
  2017-07-02  5:41       ` [dpdk-dev] [PATCH v4 14/26] cryptodev: add auth IV Pablo de Lara
@ 2017-07-02  5:41       ` Pablo de Lara
  2017-07-02  5:41       ` [dpdk-dev] [PATCH v4 16/26] cryptodev: remove AAD length from crypto op Pablo de Lara
                         ` (11 subsequent siblings)
  26 siblings, 0 replies; 100+ messages in thread
From: Pablo de Lara @ 2017-07-02  5:41 UTC (permalink / raw)
  To: declan.doherty, zbigniew.bodek, jerin.jacob, akhil.goyal,
	hemant.agrawal, fiona.trahe, john.griffin, deepak.k.jain
  Cc: dev, Pablo de Lara

For wireless algorithms (SNOW3G, KASUMI, ZUC),
the IV for the authentication algorithms (F9, UIA2 and EIA3)
was taken from the AAD parameter, as there was no IV parameter
in the authentication structure.

Now that IV is available for all algorithms, there is need
to keep doing this, so AAD is not used for these algorithms
anymore.

Signed-off-by: Pablo de Lara <pablo.de.lara.guarch@intel.com>
Acked-by: Akhil Goyal <akhil.goyal@nxp.com>
Acked-by: Fiona Trahe <fiona.trahe@intel.com>
---
 app/test-crypto-perf/cperf_test_vectors.c          |   6 -
 drivers/crypto/kasumi/rte_kasumi_pmd.c             |  25 +-
 drivers/crypto/kasumi/rte_kasumi_pmd_ops.c         |   4 +-
 drivers/crypto/kasumi/rte_kasumi_pmd_private.h     |   3 +-
 drivers/crypto/qat/qat_adf/qat_algs.h              |   6 +-
 drivers/crypto/qat/qat_adf/qat_algs_build_desc.c   |   6 +-
 drivers/crypto/qat/qat_crypto.c                    |  49 ++-
 drivers/crypto/qat/qat_crypto_capabilities.h       |  12 +-
 drivers/crypto/snow3g/rte_snow3g_pmd.c             |  26 +-
 drivers/crypto/snow3g/rte_snow3g_pmd_ops.c         |   4 +-
 drivers/crypto/snow3g/rte_snow3g_pmd_private.h     |   3 +-
 drivers/crypto/zuc/rte_zuc_pmd.c                   |  24 +-
 drivers/crypto/zuc/rte_zuc_pmd_ops.c               |   4 +-
 drivers/crypto/zuc/rte_zuc_pmd_private.h           |   3 +-
 lib/librte_cryptodev/rte_crypto_sym.h              |   7 +-
 test/test/test_cryptodev.c                         | 418 ++++++++-------------
 .../test/test_cryptodev_kasumi_hash_test_vectors.h |  16 +-
 test/test/test_cryptodev_kasumi_test_vectors.h     |  20 +-
 test/test/test_cryptodev_perf.c                    |  20 +-
 .../test/test_cryptodev_snow3g_hash_test_vectors.h |  14 +-
 test/test/test_cryptodev_snow3g_test_vectors.h     |  24 +-
 test/test/test_cryptodev_zuc_test_vectors.h        |  38 +-
 22 files changed, 322 insertions(+), 410 deletions(-)

diff --git a/app/test-crypto-perf/cperf_test_vectors.c b/app/test-crypto-perf/cperf_test_vectors.c
index 6829b86..b67d0f4 100644
--- a/app/test-crypto-perf/cperf_test_vectors.c
+++ b/app/test-crypto-perf/cperf_test_vectors.c
@@ -456,12 +456,6 @@ cperf_test_vector_get_dummy(struct cperf_options *options)
 			t_vec->auth_key.data = NULL;
 			aad_alloc = 1;
 			break;
-		case RTE_CRYPTO_AUTH_SNOW3G_UIA2:
-		case RTE_CRYPTO_AUTH_KASUMI_F9:
-		case RTE_CRYPTO_AUTH_ZUC_EIA3:
-			t_vec->auth_key.data = auth_key;
-			aad_alloc = 1;
-			break;
 		case RTE_CRYPTO_AUTH_AES_GMAC:
 			/* auth key should be the same as cipher key */
 			t_vec->auth_key.data = cipher_key;
diff --git a/drivers/crypto/kasumi/rte_kasumi_pmd.c b/drivers/crypto/kasumi/rte_kasumi_pmd.c
index c92f5d1..3a3ffa4 100644
--- a/drivers/crypto/kasumi/rte_kasumi_pmd.c
+++ b/drivers/crypto/kasumi/rte_kasumi_pmd.c
@@ -117,7 +117,7 @@ kasumi_set_session_parameters(struct kasumi_session *sess,
 		if (cipher_xform->cipher.algo != RTE_CRYPTO_CIPHER_KASUMI_F8)
 			return -EINVAL;
 
-		sess->iv_offset = cipher_xform->cipher.iv.offset;
+		sess->cipher_iv_offset = cipher_xform->cipher.iv.offset;
 		if (cipher_xform->cipher.iv.length != KASUMI_IV_LENGTH) {
 			KASUMI_LOG_ERR("Wrong IV length");
 			return -EINVAL;
@@ -133,6 +133,13 @@ kasumi_set_session_parameters(struct kasumi_session *sess,
 		if (auth_xform->auth.algo != RTE_CRYPTO_AUTH_KASUMI_F9)
 			return -EINVAL;
 		sess->auth_op = auth_xform->auth.op;
+
+		sess->auth_iv_offset = auth_xform->auth.iv.offset;
+		if (auth_xform->auth.iv.length != KASUMI_IV_LENGTH) {
+			KASUMI_LOG_ERR("Wrong IV length");
+			return -EINVAL;
+		}
+
 		/* Initialize key */
 		sso_kasumi_init_f9_key_sched(auth_xform->auth.key.data,
 				&sess->pKeySched_hash);
@@ -194,7 +201,7 @@ process_kasumi_cipher_op(struct rte_crypto_op **ops,
 			rte_pktmbuf_mtod(ops[i]->sym->m_src, uint8_t *) +
 				(ops[i]->sym->cipher.data.offset >> 3);
 		iv_ptr = rte_crypto_op_ctod_offset(ops[i], uint8_t *,
-				session->iv_offset);
+				session->cipher_iv_offset);
 		iv[i] = *((uint64_t *)(iv_ptr));
 		num_bytes[i] = ops[i]->sym->cipher.data.length >> 3;
 
@@ -227,7 +234,7 @@ process_kasumi_cipher_op_bit(struct rte_crypto_op *op,
 	}
 	dst = rte_pktmbuf_mtod(op->sym->m_dst, uint8_t *);
 	iv_ptr = rte_crypto_op_ctod_offset(op, uint8_t *,
-			session->iv_offset);
+			session->cipher_iv_offset);
 	iv = *((uint64_t *)(iv_ptr));
 	length_in_bits = op->sym->cipher.data.length;
 
@@ -246,6 +253,7 @@ process_kasumi_hash_op(struct rte_crypto_op **ops,
 	unsigned i;
 	uint8_t processed_ops = 0;
 	uint8_t *src, *dst;
+	uint8_t *iv_ptr;
 	uint32_t length_in_bits;
 	uint32_t num_bytes;
 	uint32_t shift_bits;
@@ -253,12 +261,6 @@ process_kasumi_hash_op(struct rte_crypto_op **ops,
 	uint8_t direction;
 
 	for (i = 0; i < num_ops; i++) {
-		if (unlikely(ops[i]->sym->auth.aad.length != KASUMI_IV_LENGTH)) {
-			ops[i]->status = RTE_CRYPTO_OP_STATUS_INVALID_ARGS;
-			KASUMI_LOG_ERR("aad");
-			break;
-		}
-
 		if (unlikely(ops[i]->sym->auth.digest.length != KASUMI_DIGEST_LENGTH)) {
 			ops[i]->status = RTE_CRYPTO_OP_STATUS_INVALID_ARGS;
 			KASUMI_LOG_ERR("digest");
@@ -276,8 +278,9 @@ process_kasumi_hash_op(struct rte_crypto_op **ops,
 
 		src = rte_pktmbuf_mtod(ops[i]->sym->m_src, uint8_t *) +
 				(ops[i]->sym->auth.data.offset >> 3);
-		/* IV from AAD */
-		iv = *((uint64_t *)(ops[i]->sym->auth.aad.data));
+		iv_ptr = rte_crypto_op_ctod_offset(ops[i], uint8_t *,
+				session->auth_iv_offset);
+		iv = *((uint64_t *)(iv_ptr));
 		/* Direction from next bit after end of message */
 		num_bytes = (length_in_bits >> 3) + 1;
 		shift_bits = (BYTE_LEN - 1 - length_in_bits) % BYTE_LEN;
diff --git a/drivers/crypto/kasumi/rte_kasumi_pmd_ops.c b/drivers/crypto/kasumi/rte_kasumi_pmd_ops.c
index 8f1a116..e6f4d31 100644
--- a/drivers/crypto/kasumi/rte_kasumi_pmd_ops.c
+++ b/drivers/crypto/kasumi/rte_kasumi_pmd_ops.c
@@ -56,12 +56,12 @@ static const struct rte_cryptodev_capabilities kasumi_pmd_capabilities[] = {
 					.max = 4,
 					.increment = 0
 				},
-				.aad_size = {
+				.iv_size = {
 					.min = 8,
 					.max = 8,
 					.increment = 0
 				},
-				.iv_size = { 0 }
+				.aad_size = { 0 }
 			}, }
 		}, }
 	},
diff --git a/drivers/crypto/kasumi/rte_kasumi_pmd_private.h b/drivers/crypto/kasumi/rte_kasumi_pmd_private.h
index 6a0d47a..727cfe4 100644
--- a/drivers/crypto/kasumi/rte_kasumi_pmd_private.h
+++ b/drivers/crypto/kasumi/rte_kasumi_pmd_private.h
@@ -92,7 +92,8 @@ struct kasumi_session {
 	sso_kasumi_key_sched_t pKeySched_hash;
 	enum kasumi_operation op;
 	enum rte_crypto_auth_operation auth_op;
-	uint16_t iv_offset;
+	uint16_t cipher_iv_offset;
+	uint16_t auth_iv_offset;
 } __rte_cache_aligned;
 
 
diff --git a/drivers/crypto/qat/qat_adf/qat_algs.h b/drivers/crypto/qat/qat_adf/qat_algs.h
index e8fa3d3..f70c6cb 100644
--- a/drivers/crypto/qat/qat_adf/qat_algs.h
+++ b/drivers/crypto/qat/qat_adf/qat_algs.h
@@ -130,7 +130,11 @@ struct qat_session {
 	struct {
 		uint16_t offset;
 		uint16_t length;
-	} iv;
+	} cipher_iv;
+	struct {
+		uint16_t offset;
+		uint16_t length;
+	} auth_iv;
 	rte_spinlock_t lock;	/* protects this struct */
 };
 
diff --git a/drivers/crypto/qat/qat_adf/qat_algs_build_desc.c b/drivers/crypto/qat/qat_adf/qat_algs_build_desc.c
index 154e1dd..5bf9c86 100644
--- a/drivers/crypto/qat/qat_adf/qat_algs_build_desc.c
+++ b/drivers/crypto/qat/qat_adf/qat_algs_build_desc.c
@@ -837,8 +837,7 @@ int qat_alg_aead_session_create_content_desc_auth(struct qat_session *cdesc,
 				0, ICP_QAT_HW_SNOW_3G_UEA2_IV_SZ);
 		cdesc->cd_cur_ptr += sizeof(struct icp_qat_hw_cipher_config) +
 				authkeylen + ICP_QAT_HW_SNOW_3G_UEA2_IV_SZ;
-		auth_param->hash_state_sz =
-				RTE_ALIGN_CEIL(add_auth_data_length, 16) >> 3;
+		auth_param->hash_state_sz = ICP_QAT_HW_SNOW_3G_UEA2_IV_SZ >> 3;
 		break;
 	case ICP_QAT_HW_AUTH_ALGO_ZUC_3G_128_EIA3:
 		hash->auth_config.config =
@@ -854,8 +853,7 @@ int qat_alg_aead_session_create_content_desc_auth(struct qat_session *cdesc,
 		memcpy(cdesc->cd_cur_ptr + state1_size, authkey, authkeylen);
 		cdesc->cd_cur_ptr += state1_size + state2_size
 			+ ICP_QAT_HW_ZUC_3G_EEA3_IV_SZ;
-		auth_param->hash_state_sz =
-				RTE_ALIGN_CEIL(add_auth_data_length, 16) >> 3;
+		auth_param->hash_state_sz = ICP_QAT_HW_ZUC_3G_EEA3_IV_SZ >> 3;
 
 		break;
 	case ICP_QAT_HW_AUTH_ALGO_MD5:
diff --git a/drivers/crypto/qat/qat_crypto.c b/drivers/crypto/qat/qat_crypto.c
index 0dca4c2..7fc8239 100644
--- a/drivers/crypto/qat/qat_crypto.c
+++ b/drivers/crypto/qat/qat_crypto.c
@@ -298,8 +298,8 @@ qat_crypto_sym_configure_session_cipher(struct rte_cryptodev *dev,
 	/* Get cipher xform from crypto xform chain */
 	cipher_xform = qat_get_cipher_xform(xform);
 
-	session->iv.offset = cipher_xform->iv.offset;
-	session->iv.length = cipher_xform->iv.length;
+	session->cipher_iv.offset = cipher_xform->iv.offset;
+	session->cipher_iv.length = cipher_xform->iv.length;
 
 	switch (cipher_xform->algo) {
 	case RTE_CRYPTO_CIPHER_AES_CBC:
@@ -584,6 +584,9 @@ qat_crypto_sym_configure_session_auth(struct rte_cryptodev *dev,
 	}
 	cipher_xform = qat_get_cipher_xform(xform);
 
+	session->auth_iv.offset = auth_xform->iv.offset;
+	session->auth_iv.length = auth_xform->iv.length;
+
 	if ((session->qat_hash_alg == ICP_QAT_HW_AUTH_ALGO_GALOIS_128) ||
 			(session->qat_hash_alg ==
 				ICP_QAT_HW_AUTH_ALGO_GALOIS_64))  {
@@ -646,7 +649,7 @@ qat_bpicipher_preprocess(struct qat_session *ctx,
 		else
 			/* runt block, i.e. less than one full block */
 			iv = rte_crypto_op_ctod_offset(op, uint8_t *,
-					ctx->iv.offset);
+					ctx->cipher_iv.offset);
 
 #ifdef RTE_LIBRTE_PMD_QAT_DEBUG_TX
 		rte_hexdump(stdout, "BPI: src before pre-process:", last_block,
@@ -702,7 +705,7 @@ qat_bpicipher_postprocess(struct qat_session *ctx,
 		else
 			/* runt block, i.e. less than one full block */
 			iv = rte_crypto_op_ctod_offset(op, uint8_t *,
-					ctx->iv.offset);
+					ctx->cipher_iv.offset);
 
 #ifdef RTE_LIBRTE_PMD_QAT_DEBUG_RX
 		rte_hexdump(stdout, "BPI: src before post-process:", last_block,
@@ -903,8 +906,7 @@ qat_write_hw_desc_entry(struct rte_crypto_op *op, uint8_t *out_msg,
 	uint32_t min_ofs = 0;
 	uint64_t src_buf_start = 0, dst_buf_start = 0;
 	uint8_t do_sgl = 0;
-	uint8_t *iv_ptr;
-
+	uint8_t *cipher_iv_ptr = NULL;
 
 #ifdef RTE_LIBRTE_PMD_QAT_DEBUG_TX
 	if (unlikely(op->type != RTE_CRYPTO_OP_TYPE_SYMMETRIC)) {
@@ -977,21 +979,21 @@ qat_write_hw_desc_entry(struct rte_crypto_op *op, uint8_t *out_msg,
 			cipher_ofs = op->sym->cipher.data.offset;
 		}
 
-		iv_ptr = rte_crypto_op_ctod_offset(op, uint8_t *,
-					ctx->iv.offset);
+		cipher_iv_ptr = rte_crypto_op_ctod_offset(op, uint8_t *,
+					ctx->cipher_iv.offset);
 		/* copy IV into request if it fits */
-		if (ctx->iv.length <=
+		if (ctx->cipher_iv.length <=
 				sizeof(cipher_param->u.cipher_IV_array)) {
 			rte_memcpy(cipher_param->u.cipher_IV_array,
-					iv_ptr,
-					ctx->iv.length);
+					cipher_iv_ptr,
+					ctx->cipher_iv.length);
 		} else {
 			ICP_QAT_FW_LA_CIPH_IV_FLD_FLAG_SET(
 					qat_req->comn_hdr.serv_specif_flags,
 					ICP_QAT_FW_CIPH_IV_64BIT_PTR);
 			cipher_param->u.s.cipher_IV_ptr =
 					rte_crypto_op_ctophys_offset(op,
-						ctx->iv.offset);
+						ctx->cipher_iv.offset);
 		}
 		min_ofs = cipher_ofs;
 	}
@@ -1022,7 +1024,10 @@ qat_write_hw_desc_entry(struct rte_crypto_op *op, uint8_t *out_msg,
 					auth_len = auth_len + auth_ofs + 1;
 					auth_ofs = 0;
 				}
-			}
+			} else
+				auth_param->u1.aad_adr =
+					rte_crypto_op_ctophys_offset(op,
+							ctx->auth_iv.offset);
 
 		} else if (ctx->qat_hash_alg ==
 					ICP_QAT_HW_AUTH_ALGO_GALOIS_128 ||
@@ -1030,16 +1035,17 @@ qat_write_hw_desc_entry(struct rte_crypto_op *op, uint8_t *out_msg,
 					ICP_QAT_HW_AUTH_ALGO_GALOIS_64) {
 			auth_ofs = op->sym->cipher.data.offset;
 			auth_len = op->sym->cipher.data.length;
+
+			auth_param->u1.aad_adr = op->sym->auth.aad.phys_addr;
 		} else {
 			auth_ofs = op->sym->auth.data.offset;
 			auth_len = op->sym->auth.data.length;
+
 		}
 		min_ofs = auth_ofs;
 
 		auth_param->auth_res_addr = op->sym->auth.digest.phys_addr;
 
-		auth_param->u1.aad_adr = op->sym->auth.aad.phys_addr;
-
 	}
 
 	if (op->sym->m_src->next || (op->sym->m_dst && op->sym->m_dst->next))
@@ -1147,7 +1153,7 @@ qat_write_hw_desc_entry(struct rte_crypto_op *op, uint8_t *out_msg,
 
 	if (ctx->qat_hash_alg == ICP_QAT_HW_AUTH_ALGO_GALOIS_128 ||
 			ctx->qat_hash_alg == ICP_QAT_HW_AUTH_ALGO_GALOIS_64) {
-		if (ctx->iv.length == 12) {
+		if (ctx->cipher_iv.length == 12) {
 			/*
 			 * For GCM a 12 byte IV is allowed,
 			 * but we need to inform the f/w
@@ -1182,10 +1188,17 @@ qat_write_hw_desc_entry(struct rte_crypto_op *op, uint8_t *out_msg,
 			rte_pktmbuf_mtod(op->sym->m_src, uint8_t*),
 			rte_pktmbuf_data_len(op->sym->m_src));
 	if (do_cipher)
-		rte_hexdump(stdout, "iv:", iv_ptr,
-				ctx->iv.length);
+		rte_hexdump(stdout, "cipher iv:", cipher_iv_ptr,
+				ctx->cipher_iv.length);
 
 	if (do_auth) {
+		if (ctx->auth_iv.length) {
+			uint8_t *auth_iv_ptr = rte_crypto_op_ctod_offset(op,
+							uint8_t *,
+							ctx->auth_iv.offset);
+			rte_hexdump(stdout, "auth iv:", auth_iv_ptr,
+						ctx->auth_iv.length);
+		}
 		rte_hexdump(stdout, "digest:", op->sym->auth.digest.data,
 				op->sym->auth.digest.length);
 		rte_hexdump(stdout, "aad:", op->sym->auth.aad.data,
diff --git a/drivers/crypto/qat/qat_crypto_capabilities.h b/drivers/crypto/qat/qat_crypto_capabilities.h
index 4bc2c97..fbff148 100644
--- a/drivers/crypto/qat/qat_crypto_capabilities.h
+++ b/drivers/crypto/qat/qat_crypto_capabilities.h
@@ -258,12 +258,12 @@
 					.max = 4,			\
 					.increment = 0			\
 				},					\
-				.aad_size = {				\
+				.iv_size = {				\
 					.min = 16,			\
 					.max = 16,			\
 					.increment = 0			\
 				},					\
-				.iv_size = { 0 }			\
+				.aad_size = { 0 }			\
 			}, }						\
 		}, }							\
 	},								\
@@ -446,12 +446,12 @@
 					.max = 4,			\
 					.increment = 0			\
 				},					\
-				.aad_size = {				\
+				.iv_size = {				\
 					.min = 8,			\
 					.max = 8,			\
 					.increment = 0			\
 				},					\
-				.iv_size = { 0 }			\
+				.aad_size = { 0 }			\
 			}, }						\
 		}, }							\
 	},								\
@@ -574,12 +574,12 @@
 					.max = 4,			\
 					.increment = 0			\
 				},					\
-				.aad_size = {				\
+				.iv_size = {				\
 					.min = 16,			\
 					.max = 16,			\
 					.increment = 0			\
 				},					\
-				.iv_size = { 0 }			\
+				.aad_size = { 0 }			\
 			}, }						\
 		}, }							\
 	}
diff --git a/drivers/crypto/snow3g/rte_snow3g_pmd.c b/drivers/crypto/snow3g/rte_snow3g_pmd.c
index 4e93f64..afb5e92 100644
--- a/drivers/crypto/snow3g/rte_snow3g_pmd.c
+++ b/drivers/crypto/snow3g/rte_snow3g_pmd.c
@@ -121,7 +121,7 @@ snow3g_set_session_parameters(struct snow3g_session *sess,
 			SNOW3G_LOG_ERR("Wrong IV length");
 			return -EINVAL;
 		}
-		sess->iv_offset = cipher_xform->cipher.iv.offset;
+		sess->cipher_iv_offset = cipher_xform->cipher.iv.offset;
 
 		/* Initialize key */
 		sso_snow3g_init_key_sched(cipher_xform->cipher.key.data,
@@ -133,6 +133,13 @@ snow3g_set_session_parameters(struct snow3g_session *sess,
 		if (auth_xform->auth.algo != RTE_CRYPTO_AUTH_SNOW3G_UIA2)
 			return -EINVAL;
 		sess->auth_op = auth_xform->auth.op;
+
+		if (auth_xform->auth.iv.length != SNOW3G_IV_LENGTH) {
+			SNOW3G_LOG_ERR("Wrong IV length");
+			return -EINVAL;
+		}
+		sess->auth_iv_offset = auth_xform->auth.iv.offset;
+
 		/* Initialize key */
 		sso_snow3g_init_key_sched(auth_xform->auth.key.data,
 				&sess->pKeySched_hash);
@@ -193,7 +200,7 @@ process_snow3g_cipher_op(struct rte_crypto_op **ops,
 			rte_pktmbuf_mtod(ops[i]->sym->m_src, uint8_t *) +
 				(ops[i]->sym->cipher.data.offset >> 3);
 		iv[i] = rte_crypto_op_ctod_offset(ops[i], uint8_t *,
-				session->iv_offset);
+				session->cipher_iv_offset);
 		num_bytes[i] = ops[i]->sym->cipher.data.length >> 3;
 
 		processed_ops++;
@@ -223,7 +230,7 @@ process_snow3g_cipher_op_bit(struct rte_crypto_op *op,
 	}
 	dst = rte_pktmbuf_mtod(op->sym->m_dst, uint8_t *);
 	iv = rte_crypto_op_ctod_offset(op, uint8_t *,
-				session->iv_offset);
+				session->cipher_iv_offset);
 	length_in_bits = op->sym->cipher.data.length;
 
 	sso_snow3g_f8_1_buffer_bit(&session->pKeySched_cipher, iv,
@@ -242,14 +249,9 @@ process_snow3g_hash_op(struct rte_crypto_op **ops,
 	uint8_t processed_ops = 0;
 	uint8_t *src, *dst;
 	uint32_t length_in_bits;
+	uint8_t *iv;
 
 	for (i = 0; i < num_ops; i++) {
-		if (unlikely(ops[i]->sym->auth.aad.length != SNOW3G_IV_LENGTH)) {
-			ops[i]->status = RTE_CRYPTO_OP_STATUS_INVALID_ARGS;
-			SNOW3G_LOG_ERR("aad");
-			break;
-		}
-
 		if (unlikely(ops[i]->sym->auth.digest.length != SNOW3G_DIGEST_LENGTH)) {
 			ops[i]->status = RTE_CRYPTO_OP_STATUS_INVALID_ARGS;
 			SNOW3G_LOG_ERR("digest");
@@ -267,13 +269,15 @@ process_snow3g_hash_op(struct rte_crypto_op **ops,
 
 		src = rte_pktmbuf_mtod(ops[i]->sym->m_src, uint8_t *) +
 				(ops[i]->sym->auth.data.offset >> 3);
+		iv = rte_crypto_op_ctod_offset(ops[i], uint8_t *,
+				session->auth_iv_offset);
 
 		if (session->auth_op == RTE_CRYPTO_AUTH_OP_VERIFY) {
 			dst = (uint8_t *)rte_pktmbuf_append(ops[i]->sym->m_src,
 					ops[i]->sym->auth.digest.length);
 
 			sso_snow3g_f9_1_buffer(&session->pKeySched_hash,
-					ops[i]->sym->auth.aad.data, src,
+					iv, src,
 					length_in_bits,	dst);
 			/* Verify digest. */
 			if (memcmp(dst, ops[i]->sym->auth.digest.data,
@@ -287,7 +291,7 @@ process_snow3g_hash_op(struct rte_crypto_op **ops,
 			dst = ops[i]->sym->auth.digest.data;
 
 			sso_snow3g_f9_1_buffer(&session->pKeySched_hash,
-					ops[i]->sym->auth.aad.data, src,
+					iv, src,
 					length_in_bits, dst);
 		}
 		processed_ops++;
diff --git a/drivers/crypto/snow3g/rte_snow3g_pmd_ops.c b/drivers/crypto/snow3g/rte_snow3g_pmd_ops.c
index 68ede97..0a56b5d 100644
--- a/drivers/crypto/snow3g/rte_snow3g_pmd_ops.c
+++ b/drivers/crypto/snow3g/rte_snow3g_pmd_ops.c
@@ -56,12 +56,12 @@ static const struct rte_cryptodev_capabilities snow3g_pmd_capabilities[] = {
 					.max = 4,
 					.increment = 0
 				},
-				.aad_size = {
+				.iv_size = {
 					.min = 16,
 					.max = 16,
 					.increment = 0
 				},
-				.iv_size = { 0 },
+				.aad_size = { 0 }
 			}, }
 		}, }
 	},
diff --git a/drivers/crypto/snow3g/rte_snow3g_pmd_private.h b/drivers/crypto/snow3g/rte_snow3g_pmd_private.h
index e8943a7..c5733fb 100644
--- a/drivers/crypto/snow3g/rte_snow3g_pmd_private.h
+++ b/drivers/crypto/snow3g/rte_snow3g_pmd_private.h
@@ -91,7 +91,8 @@ struct snow3g_session {
 	enum rte_crypto_auth_operation auth_op;
 	sso_snow3g_key_schedule_t pKeySched_cipher;
 	sso_snow3g_key_schedule_t pKeySched_hash;
-	uint16_t iv_offset;
+	uint16_t cipher_iv_offset;
+	uint16_t auth_iv_offset;
 } __rte_cache_aligned;
 
 
diff --git a/drivers/crypto/zuc/rte_zuc_pmd.c b/drivers/crypto/zuc/rte_zuc_pmd.c
index f3cb5f0..c79ea6e 100644
--- a/drivers/crypto/zuc/rte_zuc_pmd.c
+++ b/drivers/crypto/zuc/rte_zuc_pmd.c
@@ -120,7 +120,7 @@ zuc_set_session_parameters(struct zuc_session *sess,
 			ZUC_LOG_ERR("Wrong IV length");
 			return -EINVAL;
 		}
-		sess->iv_offset = cipher_xform->cipher.iv.offset;
+		sess->cipher_iv_offset = cipher_xform->cipher.iv.offset;
 
 		/* Copy the key */
 		memcpy(sess->pKey_cipher, cipher_xform->cipher.key.data,
@@ -132,6 +132,13 @@ zuc_set_session_parameters(struct zuc_session *sess,
 		if (auth_xform->auth.algo != RTE_CRYPTO_AUTH_ZUC_EIA3)
 			return -EINVAL;
 		sess->auth_op = auth_xform->auth.op;
+
+		if (auth_xform->auth.iv.length != ZUC_IV_KEY_LENGTH) {
+			ZUC_LOG_ERR("Wrong IV length");
+			return -EINVAL;
+		}
+		sess->auth_iv_offset = auth_xform->auth.iv.offset;
+
 		/* Copy the key */
 		memcpy(sess->pKey_hash, auth_xform->auth.key.data,
 				ZUC_IV_KEY_LENGTH);
@@ -214,7 +221,7 @@ process_zuc_cipher_op(struct rte_crypto_op **ops,
 			rte_pktmbuf_mtod(ops[i]->sym->m_src, uint8_t *) +
 				(ops[i]->sym->cipher.data.offset >> 3);
 		iv[i] = rte_crypto_op_ctod_offset(ops[i], uint8_t *,
-				session->iv_offset);
+				session->cipher_iv_offset);
 		num_bytes[i] = ops[i]->sym->cipher.data.length >> 3;
 
 		cipher_keys[i] = session->pKey_cipher;
@@ -239,14 +246,9 @@ process_zuc_hash_op(struct rte_crypto_op **ops,
 	uint8_t *src;
 	uint32_t *dst;
 	uint32_t length_in_bits;
+	uint8_t *iv;
 
 	for (i = 0; i < num_ops; i++) {
-		if (unlikely(ops[i]->sym->auth.aad.length != ZUC_IV_KEY_LENGTH)) {
-			ops[i]->status = RTE_CRYPTO_OP_STATUS_INVALID_ARGS;
-			ZUC_LOG_ERR("aad");
-			break;
-		}
-
 		if (unlikely(ops[i]->sym->auth.digest.length != ZUC_DIGEST_LENGTH)) {
 			ops[i]->status = RTE_CRYPTO_OP_STATUS_INVALID_ARGS;
 			ZUC_LOG_ERR("digest");
@@ -264,13 +266,15 @@ process_zuc_hash_op(struct rte_crypto_op **ops,
 
 		src = rte_pktmbuf_mtod(ops[i]->sym->m_src, uint8_t *) +
 				(ops[i]->sym->auth.data.offset >> 3);
+		iv = rte_crypto_op_ctod_offset(ops[i], uint8_t *,
+				session->auth_iv_offset);
 
 		if (session->auth_op == RTE_CRYPTO_AUTH_OP_VERIFY) {
 			dst = (uint32_t *)rte_pktmbuf_append(ops[i]->sym->m_src,
 					ops[i]->sym->auth.digest.length);
 
 			sso_zuc_eia3_1_buffer(session->pKey_hash,
-					ops[i]->sym->auth.aad.data, src,
+					iv, src,
 					length_in_bits,	dst);
 			/* Verify digest. */
 			if (memcmp(dst, ops[i]->sym->auth.digest.data,
@@ -284,7 +288,7 @@ process_zuc_hash_op(struct rte_crypto_op **ops,
 			dst = (uint32_t *)ops[i]->sym->auth.digest.data;
 
 			sso_zuc_eia3_1_buffer(session->pKey_hash,
-					ops[i]->sym->auth.aad.data, src,
+					iv, src,
 					length_in_bits, dst);
 		}
 		processed_ops++;
diff --git a/drivers/crypto/zuc/rte_zuc_pmd_ops.c b/drivers/crypto/zuc/rte_zuc_pmd_ops.c
index 02c3c4a..e97b8d2 100644
--- a/drivers/crypto/zuc/rte_zuc_pmd_ops.c
+++ b/drivers/crypto/zuc/rte_zuc_pmd_ops.c
@@ -56,12 +56,12 @@ static const struct rte_cryptodev_capabilities zuc_pmd_capabilities[] = {
 					.max = 4,
 					.increment = 0
 				},
-				.aad_size = {
+				.iv_size = {
 					.min = 16,
 					.max = 16,
 					.increment = 0
 				},
-				.iv_size = { 0 }
+				.aad_size = { 0 }
 			}, }
 		}, }
 	},
diff --git a/drivers/crypto/zuc/rte_zuc_pmd_private.h b/drivers/crypto/zuc/rte_zuc_pmd_private.h
index cee1b5d..173fe47 100644
--- a/drivers/crypto/zuc/rte_zuc_pmd_private.h
+++ b/drivers/crypto/zuc/rte_zuc_pmd_private.h
@@ -92,7 +92,8 @@ struct zuc_session {
 	enum rte_crypto_auth_operation auth_op;
 	uint8_t pKey_cipher[ZUC_IV_KEY_LENGTH];
 	uint8_t pKey_hash[ZUC_IV_KEY_LENGTH];
-	uint16_t iv_offset;
+	uint16_t cipher_iv_offset;
+	uint16_t auth_iv_offset;
 } __rte_cache_aligned;
 
 
diff --git a/lib/librte_cryptodev/rte_crypto_sym.h b/lib/librte_cryptodev/rte_crypto_sym.h
index 0e84bad..3ccb6fd 100644
--- a/lib/librte_cryptodev/rte_crypto_sym.h
+++ b/lib/librte_cryptodev/rte_crypto_sym.h
@@ -373,9 +373,6 @@ struct rte_crypto_auth_xform {
 	 * This field must be specified when the hash algorithm is one of the
 	 * following:
 	 *
-	 * - For SNOW 3G (@ref RTE_CRYPTO_AUTH_SNOW3G_UIA2), this is the
-	 *   length of the IV (which should be 16).
-	 *
 	 * - For GCM (@ref RTE_CRYPTO_AUTH_AES_GCM).  In this case, this is
 	 *   the length of the Additional Authenticated Data (called A, in NIST
 	 *   SP800-38D).
@@ -617,9 +614,7 @@ struct rte_crypto_sym_op {
 			uint8_t *data;
 			/**< Pointer to Additional Authenticated Data (AAD)
 			 * needed for authenticated cipher mechanisms (CCM and
-			 * GCM), and to the IV for SNOW 3G authentication
-			 * (@ref RTE_CRYPTO_AUTH_SNOW3G_UIA2). For other
-			 * authentication mechanisms this pointer is ignored.
+			 * GCM).
 			 *
 			 * The length of the data pointed to by this field is
 			 * set up for the session in the @ref
diff --git a/test/test/test_cryptodev.c b/test/test/test_cryptodev.c
index 828a91b..853e3bd 100644
--- a/test/test/test_cryptodev.c
+++ b/test/test/test_cryptodev.c
@@ -1774,7 +1774,7 @@ test_AES_chain_armv8_all(void)
 static int
 create_wireless_algo_hash_session(uint8_t dev_id,
 	const uint8_t *key, const uint8_t key_len,
-	const uint8_t aad_len, const uint8_t auth_len,
+	const uint8_t iv_len, const uint8_t auth_len,
 	enum rte_crypto_auth_operation op,
 	enum rte_crypto_auth_algorithm algo)
 {
@@ -1795,7 +1795,8 @@ create_wireless_algo_hash_session(uint8_t dev_id,
 	ut_params->auth_xform.auth.key.length = key_len;
 	ut_params->auth_xform.auth.key.data = hash_key;
 	ut_params->auth_xform.auth.digest_length = auth_len;
-	ut_params->auth_xform.auth.add_auth_data_length = aad_len;
+	ut_params->auth_xform.auth.iv.offset = IV_OFFSET;
+	ut_params->auth_xform.auth.iv.length = iv_len;
 	ut_params->sess = rte_cryptodev_sym_session_create(dev_id,
 				&ut_params->auth_xform);
 	TEST_ASSERT_NOT_NULL(ut_params->sess, "Session creation failed");
@@ -1903,9 +1904,9 @@ create_wireless_algo_cipher_auth_session(uint8_t dev_id,
 		enum rte_crypto_auth_operation auth_op,
 		enum rte_crypto_auth_algorithm auth_algo,
 		enum rte_crypto_cipher_algorithm cipher_algo,
-		const uint8_t *key, const uint8_t key_len,
-		const uint8_t aad_len, const uint8_t auth_len,
-		uint8_t iv_len)
+		const uint8_t *key, uint8_t key_len,
+		uint8_t auth_iv_len, uint8_t auth_len,
+		uint8_t cipher_iv_len)
 
 {
 	uint8_t cipher_auth_key[key_len];
@@ -1924,7 +1925,9 @@ create_wireless_algo_cipher_auth_session(uint8_t dev_id,
 	/* Hash key = cipher key */
 	ut_params->auth_xform.auth.key.data = cipher_auth_key;
 	ut_params->auth_xform.auth.digest_length = auth_len;
-	ut_params->auth_xform.auth.add_auth_data_length = aad_len;
+	/* Auth IV will be after cipher IV */
+	ut_params->auth_xform.auth.iv.offset = IV_OFFSET + cipher_iv_len;
+	ut_params->auth_xform.auth.iv.length = auth_iv_len;
 
 	/* Setup Cipher Parameters */
 	ut_params->cipher_xform.type = RTE_CRYPTO_SYM_XFORM_CIPHER;
@@ -1935,7 +1938,7 @@ create_wireless_algo_cipher_auth_session(uint8_t dev_id,
 	ut_params->cipher_xform.cipher.key.data = cipher_auth_key;
 	ut_params->cipher_xform.cipher.key.length = key_len;
 	ut_params->cipher_xform.cipher.iv.offset = IV_OFFSET;
-	ut_params->cipher_xform.cipher.iv.length = iv_len;
+	ut_params->cipher_xform.cipher.iv.length = cipher_iv_len;
 
 	TEST_HEXDUMP(stdout, "key:", key, key_len);
 
@@ -1960,9 +1963,9 @@ create_wireless_cipher_auth_session(uint8_t dev_id,
 
 	struct crypto_unittest_params *ut_params = &unittest_params;
 	const uint8_t *key = tdata->key.data;
-	const uint8_t aad_len = tdata->aad.len;
 	const uint8_t auth_len = tdata->digest.len;
-	uint8_t iv_len = tdata->iv.len;
+	uint8_t cipher_iv_len = tdata->cipher_iv.len;
+	uint8_t auth_iv_len = tdata->auth_iv.len;
 
 	memcpy(cipher_auth_key, key, key_len);
 
@@ -1976,7 +1979,9 @@ create_wireless_cipher_auth_session(uint8_t dev_id,
 	/* Hash key = cipher key */
 	ut_params->auth_xform.auth.key.data = cipher_auth_key;
 	ut_params->auth_xform.auth.digest_length = auth_len;
-	ut_params->auth_xform.auth.add_auth_data_length = aad_len;
+	/* Auth IV will be after cipher IV */
+	ut_params->auth_xform.auth.iv.offset = IV_OFFSET + cipher_iv_len;
+	ut_params->auth_xform.auth.iv.length = auth_iv_len;
 
 	/* Setup Cipher Parameters */
 	ut_params->cipher_xform.type = RTE_CRYPTO_SYM_XFORM_CIPHER;
@@ -1987,7 +1992,7 @@ create_wireless_cipher_auth_session(uint8_t dev_id,
 	ut_params->cipher_xform.cipher.key.data = cipher_auth_key;
 	ut_params->cipher_xform.cipher.key.length = key_len;
 	ut_params->cipher_xform.cipher.iv.offset = IV_OFFSET;
-	ut_params->cipher_xform.cipher.iv.length = iv_len;
+	ut_params->cipher_xform.cipher.iv.length = cipher_iv_len;
 
 
 	TEST_HEXDUMP(stdout, "key:", key, key_len);
@@ -2017,8 +2022,8 @@ create_wireless_algo_auth_cipher_session(uint8_t dev_id,
 		enum rte_crypto_auth_algorithm auth_algo,
 		enum rte_crypto_cipher_algorithm cipher_algo,
 		const uint8_t *key, const uint8_t key_len,
-		const uint8_t aad_len, const uint8_t auth_len,
-		uint8_t iv_len)
+		uint8_t auth_iv_len, uint8_t auth_len,
+		uint8_t cipher_iv_len)
 {
 	uint8_t auth_cipher_key[key_len];
 
@@ -2034,7 +2039,9 @@ create_wireless_algo_auth_cipher_session(uint8_t dev_id,
 	ut_params->auth_xform.auth.key.length = key_len;
 	ut_params->auth_xform.auth.key.data = auth_cipher_key;
 	ut_params->auth_xform.auth.digest_length = auth_len;
-	ut_params->auth_xform.auth.add_auth_data_length = aad_len;
+	/* Auth IV will be after cipher IV */
+	ut_params->auth_xform.auth.iv.offset = IV_OFFSET + cipher_iv_len;
+	ut_params->auth_xform.auth.iv.length = auth_iv_len;
 
 	/* Setup Cipher Parameters */
 	ut_params->cipher_xform.type = RTE_CRYPTO_SYM_XFORM_CIPHER;
@@ -2044,7 +2051,7 @@ create_wireless_algo_auth_cipher_session(uint8_t dev_id,
 	ut_params->cipher_xform.cipher.key.data = auth_cipher_key;
 	ut_params->cipher_xform.cipher.key.length = key_len;
 	ut_params->cipher_xform.cipher.iv.offset = IV_OFFSET;
-	ut_params->cipher_xform.cipher.iv.length = iv_len;
+	ut_params->cipher_xform.cipher.iv.length = cipher_iv_len;
 
 	TEST_HEXDUMP(stdout, "key:", key, key_len);
 
@@ -2059,19 +2066,16 @@ create_wireless_algo_auth_cipher_session(uint8_t dev_id,
 
 static int
 create_wireless_algo_hash_operation(const uint8_t *auth_tag,
-		const unsigned auth_tag_len,
-		const uint8_t *aad, const unsigned aad_len,
-		unsigned data_pad_len,
+		unsigned int auth_tag_len,
+		const uint8_t *iv, unsigned int iv_len,
+		unsigned int data_pad_len,
 		enum rte_crypto_auth_operation op,
-		enum rte_crypto_auth_algorithm algo,
-		const unsigned auth_len, const unsigned auth_offset)
+		unsigned int auth_len, unsigned int auth_offset)
 {
 	struct crypto_testsuite_params *ts_params = &testsuite_params;
 
 	struct crypto_unittest_params *ut_params = &unittest_params;
 
-	unsigned aad_buffer_len;
-
 	/* Generate Crypto op data structure */
 	ut_params->op = rte_crypto_op_alloc(ts_params->op_mpool,
 			RTE_CRYPTO_OP_TYPE_SYMMETRIC);
@@ -2086,32 +2090,9 @@ create_wireless_algo_hash_operation(const uint8_t *auth_tag,
 	/* set crypto operation source mbuf */
 	sym_op->m_src = ut_params->ibuf;
 
-	/* aad */
-	/*
-	* Always allocate the aad up to the block size.
-	* The cryptodev API calls out -
-	*  - the array must be big enough to hold the AAD, plus any
-	*   space to round this up to the nearest multiple of the
-	*   block size (8 bytes for KASUMI and 16 bytes for SNOW 3G).
-	*/
-	if (algo == RTE_CRYPTO_AUTH_KASUMI_F9)
-		aad_buffer_len = ALIGN_POW2_ROUNDUP(aad_len, 8);
-	else
-		aad_buffer_len = ALIGN_POW2_ROUNDUP(aad_len, 16);
-	sym_op->auth.aad.data = (uint8_t *)rte_pktmbuf_prepend(
-			ut_params->ibuf, aad_buffer_len);
-	TEST_ASSERT_NOT_NULL(sym_op->auth.aad.data,
-					"no room to prepend aad");
-	sym_op->auth.aad.phys_addr = rte_pktmbuf_mtophys(
-			ut_params->ibuf);
-	sym_op->auth.aad.length = aad_len;
-
-	memset(sym_op->auth.aad.data, 0, aad_buffer_len);
-	rte_memcpy(sym_op->auth.aad.data, aad, aad_len);
-
-	TEST_HEXDUMP(stdout, "aad:",
-			sym_op->auth.aad.data, aad_len);
-
+	/* iv */
+	rte_memcpy(rte_crypto_op_ctod_offset(ut_params->op, uint8_t *, IV_OFFSET),
+			iv, iv_len);
 	/* digest */
 	sym_op->auth.digest.data = (uint8_t *)rte_pktmbuf_append(
 					ut_params->ibuf, auth_tag_len);
@@ -2120,7 +2101,7 @@ create_wireless_algo_hash_operation(const uint8_t *auth_tag,
 				"no room to append auth tag");
 	ut_params->digest = sym_op->auth.digest.data;
 	sym_op->auth.digest.phys_addr = rte_pktmbuf_mtophys_offset(
-			ut_params->ibuf, data_pad_len + aad_len);
+			ut_params->ibuf, data_pad_len);
 	sym_op->auth.digest.length = auth_tag_len;
 	if (op == RTE_CRYPTO_AUTH_OP_GENERATE)
 		memset(sym_op->auth.digest.data, 0, auth_tag_len);
@@ -2139,27 +2120,22 @@ create_wireless_algo_hash_operation(const uint8_t *auth_tag,
 
 static int
 create_wireless_cipher_hash_operation(const struct wireless_test_data *tdata,
-	enum rte_crypto_auth_operation op,
-	enum rte_crypto_auth_algorithm auth_algo)
+	enum rte_crypto_auth_operation op)
 {
 	struct crypto_testsuite_params *ts_params = &testsuite_params;
 	struct crypto_unittest_params *ut_params = &unittest_params;
 
 	const uint8_t *auth_tag = tdata->digest.data;
 	const unsigned int auth_tag_len = tdata->digest.len;
-	const uint8_t *aad = tdata->aad.data;
-	const uint8_t aad_len = tdata->aad.len;
 	unsigned int plaintext_len = ceil_byte_length(tdata->plaintext.len);
 	unsigned int data_pad_len = RTE_ALIGN_CEIL(plaintext_len, 16);
 
-	const uint8_t *iv = tdata->iv.data;
-	const uint8_t iv_len = tdata->iv.len;
+	const uint8_t *cipher_iv = tdata->cipher_iv.data;
+	const uint8_t cipher_iv_len = tdata->cipher_iv.len;
+	const uint8_t *auth_iv = tdata->auth_iv.data;
+	const uint8_t auth_iv_len = tdata->auth_iv.len;
 	const unsigned int cipher_len = tdata->validCipherLenInBits.len;
-	const unsigned int cipher_offset = 0;
 	const unsigned int auth_len = tdata->validAuthLenInBits.len;
-	const unsigned int auth_offset = tdata->aad.len << 3;
-
-	unsigned int aad_buffer_len;
 
 	/* Generate Crypto op data structure */
 	ut_params->op = rte_crypto_op_alloc(ts_params->op_mpool,
@@ -2193,37 +2169,17 @@ create_wireless_cipher_hash_operation(const struct wireless_test_data *tdata,
 		sym_op->auth.digest.data,
 		sym_op->auth.digest.length);
 
-	/* aad */
-	/*
-	* Always allocate the aad up to the block size.
-	* The cryptodev API calls out -
-	*  - the array must be big enough to hold the AAD, plus any
-	*   space to round this up to the nearest multiple of the
-	*   block size (8 bytes for KASUMI and 16 bytes for SNOW 3G).
-	*/
-	if (auth_algo == RTE_CRYPTO_AUTH_KASUMI_F9)
-		aad_buffer_len = ALIGN_POW2_ROUNDUP(aad_len, 8);
-	else
-		aad_buffer_len = ALIGN_POW2_ROUNDUP(aad_len, 16);
-	sym_op->auth.aad.data =
-		(uint8_t *)rte_pktmbuf_prepend(
-			ut_params->ibuf, aad_buffer_len);
-	TEST_ASSERT_NOT_NULL(sym_op->auth.aad.data,
-			"no room to prepend aad");
-	sym_op->auth.aad.phys_addr = rte_pktmbuf_mtophys(
-			ut_params->ibuf);
-	sym_op->auth.aad.length = aad_len;
-	memset(sym_op->auth.aad.data, 0, aad_buffer_len);
-	rte_memcpy(sym_op->auth.aad.data, aad, aad_len);
-	TEST_HEXDUMP(stdout, "aad:", sym_op->auth.aad.data, aad_len);
+	/* Copy cipher and auth IVs at the end of the crypto operation */
+	uint8_t *iv_ptr = rte_crypto_op_ctod_offset(ut_params->op, uint8_t *,
+						IV_OFFSET);
+	rte_memcpy(iv_ptr, cipher_iv, cipher_iv_len);
+	iv_ptr += cipher_iv_len;
+	rte_memcpy(iv_ptr, auth_iv, auth_iv_len);
 
-	/* iv */
-	rte_memcpy(rte_crypto_op_ctod_offset(ut_params->op, uint8_t *, IV_OFFSET),
-			iv, iv_len);
 	sym_op->cipher.data.length = cipher_len;
-	sym_op->cipher.data.offset = cipher_offset + auth_offset;
+	sym_op->cipher.data.offset = 0;
 	sym_op->auth.data.length = auth_len;
-	sym_op->auth.data.offset = auth_offset + cipher_offset;
+	sym_op->auth.data.offset = 0;
 
 	return 0;
 }
@@ -2233,26 +2189,22 @@ create_zuc_cipher_hash_generate_operation(
 		const struct wireless_test_data *tdata)
 {
 	return create_wireless_cipher_hash_operation(tdata,
-		RTE_CRYPTO_AUTH_OP_GENERATE,
-		RTE_CRYPTO_AUTH_ZUC_EIA3);
+		RTE_CRYPTO_AUTH_OP_GENERATE);
 }
 
 static int
 create_wireless_algo_cipher_hash_operation(const uint8_t *auth_tag,
 		const unsigned auth_tag_len,
-		const uint8_t *aad, const uint8_t aad_len,
+		const uint8_t *auth_iv, uint8_t auth_iv_len,
 		unsigned data_pad_len,
 		enum rte_crypto_auth_operation op,
-		enum rte_crypto_auth_algorithm auth_algo,
-		const uint8_t *iv, const uint8_t iv_len,
+		const uint8_t *cipher_iv, uint8_t cipher_iv_len,
 		const unsigned cipher_len, const unsigned cipher_offset,
 		const unsigned auth_len, const unsigned auth_offset)
 {
 	struct crypto_testsuite_params *ts_params = &testsuite_params;
 	struct crypto_unittest_params *ut_params = &unittest_params;
 
-	unsigned aad_buffer_len;
-
 	/* Generate Crypto op data structure */
 	ut_params->op = rte_crypto_op_alloc(ts_params->op_mpool,
 			RTE_CRYPTO_OP_TYPE_SYMMETRIC);
@@ -2285,33 +2237,13 @@ create_wireless_algo_cipher_hash_operation(const uint8_t *auth_tag,
 		sym_op->auth.digest.data,
 		sym_op->auth.digest.length);
 
-	/* aad */
-	/*
-	* Always allocate the aad up to the block size.
-	* The cryptodev API calls out -
-	*  - the array must be big enough to hold the AAD, plus any
-	*   space to round this up to the nearest multiple of the
-	*   block size (8 bytes for KASUMI and 16 bytes for SNOW 3G).
-	*/
-	if (auth_algo == RTE_CRYPTO_AUTH_KASUMI_F9)
-		aad_buffer_len = ALIGN_POW2_ROUNDUP(aad_len, 8);
-	else
-		aad_buffer_len = ALIGN_POW2_ROUNDUP(aad_len, 16);
-	sym_op->auth.aad.data =
-		(uint8_t *)rte_pktmbuf_prepend(
-			ut_params->ibuf, aad_buffer_len);
-	TEST_ASSERT_NOT_NULL(sym_op->auth.aad.data,
-			"no room to prepend aad");
-	sym_op->auth.aad.phys_addr = rte_pktmbuf_mtophys(
-			ut_params->ibuf);
-	sym_op->auth.aad.length = aad_len;
-	memset(sym_op->auth.aad.data, 0, aad_buffer_len);
-	rte_memcpy(sym_op->auth.aad.data, aad, aad_len);
-	TEST_HEXDUMP(stdout, "aad:", sym_op->auth.aad.data, aad_len);
+	/* Copy cipher and auth IVs at the end of the crypto operation */
+	uint8_t *iv_ptr = rte_crypto_op_ctod_offset(ut_params->op, uint8_t *,
+						IV_OFFSET);
+	rte_memcpy(iv_ptr, cipher_iv, cipher_iv_len);
+	iv_ptr += cipher_iv_len;
+	rte_memcpy(iv_ptr, auth_iv, auth_iv_len);
 
-	/* iv */
-	rte_memcpy(rte_crypto_op_ctod_offset(ut_params->op, uint8_t *, IV_OFFSET),
-			iv, iv_len);
 	sym_op->cipher.data.length = cipher_len;
 	sym_op->cipher.data.offset = cipher_offset + auth_offset;
 	sym_op->auth.data.length = auth_len;
@@ -2321,19 +2253,16 @@ create_wireless_algo_cipher_hash_operation(const uint8_t *auth_tag,
 }
 
 static int
-create_wireless_algo_auth_cipher_operation(const unsigned auth_tag_len,
-		const uint8_t *iv, const uint8_t iv_len,
-		const uint8_t *aad, const uint8_t aad_len,
-		unsigned data_pad_len,
-		const unsigned cipher_len, const unsigned cipher_offset,
-		const unsigned auth_len, const unsigned auth_offset,
-		enum rte_crypto_auth_algorithm auth_algo)
+create_wireless_algo_auth_cipher_operation(unsigned int auth_tag_len,
+		const uint8_t *cipher_iv, uint8_t cipher_iv_len,
+		const uint8_t *auth_iv, uint8_t auth_iv_len,
+		unsigned int data_pad_len,
+		unsigned int cipher_len, unsigned int cipher_offset,
+		unsigned int auth_len, unsigned int auth_offset)
 {
 	struct crypto_testsuite_params *ts_params = &testsuite_params;
 	struct crypto_unittest_params *ut_params = &unittest_params;
 
-	unsigned aad_buffer_len = 0;
-
 	/* Generate Crypto op data structure */
 	ut_params->op = rte_crypto_op_alloc(ts_params->op_mpool,
 			RTE_CRYPTO_OP_TYPE_SYMMETRIC);
@@ -2365,33 +2294,13 @@ create_wireless_algo_auth_cipher_operation(const unsigned auth_tag_len,
 			sym_op->auth.digest.data,
 			sym_op->auth.digest.length);
 
-	/* aad */
-	/*
-	* Always allocate the aad up to the block size.
-	* The cryptodev API calls out -
-	*  - the array must be big enough to hold the AAD, plus any
-	*   space to round this up to the nearest multiple of the
-	*   block size (8 bytes for KASUMI 16 bytes).
-	*/
-	if (auth_algo == RTE_CRYPTO_AUTH_KASUMI_F9)
-		aad_buffer_len = ALIGN_POW2_ROUNDUP(aad_len, 8);
-	else
-		aad_buffer_len = ALIGN_POW2_ROUNDUP(aad_len, 16);
-	sym_op->auth.aad.data = (uint8_t *)rte_pktmbuf_prepend(
-	ut_params->ibuf, aad_buffer_len);
-	TEST_ASSERT_NOT_NULL(sym_op->auth.aad.data,
-				"no room to prepend aad");
-	sym_op->auth.aad.phys_addr = rte_pktmbuf_mtophys(
-				ut_params->ibuf);
-	sym_op->auth.aad.length = aad_len;
-	memset(sym_op->auth.aad.data, 0, aad_buffer_len);
-	rte_memcpy(sym_op->auth.aad.data, aad, aad_len);
-	TEST_HEXDUMP(stdout, "aad:",
-			sym_op->auth.aad.data, aad_len);
+	/* Copy cipher and auth IVs at the end of the crypto operation */
+	uint8_t *iv_ptr = rte_crypto_op_ctod_offset(ut_params->op, uint8_t *,
+						IV_OFFSET);
+	rte_memcpy(iv_ptr, cipher_iv, cipher_iv_len);
+	iv_ptr += cipher_iv_len;
+	rte_memcpy(iv_ptr, auth_iv, auth_iv_len);
 
-	/* iv */
-	rte_memcpy(rte_crypto_op_ctod_offset(ut_params->op, uint8_t *, IV_OFFSET),
-			iv, iv_len);
 	sym_op->cipher.data.length = cipher_len;
 	sym_op->cipher.data.offset = auth_offset + cipher_offset;
 
@@ -2415,7 +2324,7 @@ test_snow3g_authentication(const struct snow3g_hash_test_data *tdata)
 	/* Create SNOW 3G session */
 	retval = create_wireless_algo_hash_session(ts_params->valid_devs[0],
 			tdata->key.data, tdata->key.len,
-			tdata->aad.len, tdata->digest.len,
+			tdata->auth_iv.len, tdata->digest.len,
 			RTE_CRYPTO_AUTH_OP_GENERATE,
 			RTE_CRYPTO_AUTH_SNOW3G_UIA2);
 	if (retval < 0)
@@ -2437,11 +2346,10 @@ test_snow3g_authentication(const struct snow3g_hash_test_data *tdata)
 
 	/* Create SNOW 3G operation */
 	retval = create_wireless_algo_hash_operation(NULL, tdata->digest.len,
-			tdata->aad.data, tdata->aad.len,
+			tdata->auth_iv.data, tdata->auth_iv.len,
 			plaintext_pad_len, RTE_CRYPTO_AUTH_OP_GENERATE,
-			RTE_CRYPTO_AUTH_SNOW3G_UIA2,
 			tdata->validAuthLenInBits.len,
-			(tdata->aad.len << 3));
+			0);
 	if (retval < 0)
 		return retval;
 
@@ -2450,7 +2358,7 @@ test_snow3g_authentication(const struct snow3g_hash_test_data *tdata)
 	ut_params->obuf = ut_params->op->sym->m_src;
 	TEST_ASSERT_NOT_NULL(ut_params->op, "failed to retrieve obuf");
 	ut_params->digest = rte_pktmbuf_mtod(ut_params->obuf, uint8_t *)
-			+ plaintext_pad_len + tdata->aad.len;
+			+ plaintext_pad_len;
 
 	/* Validate obuf */
 	TEST_ASSERT_BUFFERS_ARE_EQUAL(
@@ -2476,7 +2384,7 @@ test_snow3g_authentication_verify(const struct snow3g_hash_test_data *tdata)
 	/* Create SNOW 3G session */
 	retval = create_wireless_algo_hash_session(ts_params->valid_devs[0],
 				tdata->key.data, tdata->key.len,
-				tdata->aad.len, tdata->digest.len,
+				tdata->auth_iv.len, tdata->digest.len,
 				RTE_CRYPTO_AUTH_OP_VERIFY,
 				RTE_CRYPTO_AUTH_SNOW3G_UIA2);
 	if (retval < 0)
@@ -2498,12 +2406,11 @@ test_snow3g_authentication_verify(const struct snow3g_hash_test_data *tdata)
 	/* Create SNOW 3G operation */
 	retval = create_wireless_algo_hash_operation(tdata->digest.data,
 			tdata->digest.len,
-			tdata->aad.data, tdata->aad.len,
+			tdata->auth_iv.data, tdata->auth_iv.len,
 			plaintext_pad_len,
 			RTE_CRYPTO_AUTH_OP_VERIFY,
-			RTE_CRYPTO_AUTH_SNOW3G_UIA2,
 			tdata->validAuthLenInBits.len,
-			(tdata->aad.len << 3));
+			0);
 	if (retval < 0)
 		return retval;
 
@@ -2512,7 +2419,7 @@ test_snow3g_authentication_verify(const struct snow3g_hash_test_data *tdata)
 	TEST_ASSERT_NOT_NULL(ut_params->op, "failed to retrieve obuf");
 	ut_params->obuf = ut_params->op->sym->m_src;
 	ut_params->digest = rte_pktmbuf_mtod(ut_params->obuf, uint8_t *)
-				+ plaintext_pad_len + tdata->aad.len;
+				+ plaintext_pad_len;
 
 	/* Validate obuf */
 	if (ut_params->op->status == RTE_CRYPTO_OP_STATUS_SUCCESS)
@@ -2537,7 +2444,7 @@ test_kasumi_authentication(const struct kasumi_hash_test_data *tdata)
 	/* Create KASUMI session */
 	retval = create_wireless_algo_hash_session(ts_params->valid_devs[0],
 			tdata->key.data, tdata->key.len,
-			tdata->aad.len, tdata->digest.len,
+			tdata->auth_iv.len, tdata->digest.len,
 			RTE_CRYPTO_AUTH_OP_GENERATE,
 			RTE_CRYPTO_AUTH_KASUMI_F9);
 	if (retval < 0)
@@ -2559,11 +2466,10 @@ test_kasumi_authentication(const struct kasumi_hash_test_data *tdata)
 
 	/* Create KASUMI operation */
 	retval = create_wireless_algo_hash_operation(NULL, tdata->digest.len,
-			tdata->aad.data, tdata->aad.len,
+			tdata->auth_iv.data, tdata->auth_iv.len,
 			plaintext_pad_len, RTE_CRYPTO_AUTH_OP_GENERATE,
-			RTE_CRYPTO_AUTH_KASUMI_F9,
 			tdata->validAuthLenInBits.len,
-			(tdata->aad.len << 3));
+			0);
 	if (retval < 0)
 		return retval;
 
@@ -2572,7 +2478,7 @@ test_kasumi_authentication(const struct kasumi_hash_test_data *tdata)
 	ut_params->obuf = ut_params->op->sym->m_src;
 	TEST_ASSERT_NOT_NULL(ut_params->op, "failed to retrieve obuf");
 	ut_params->digest = rte_pktmbuf_mtod(ut_params->obuf, uint8_t *)
-			+ plaintext_pad_len + ALIGN_POW2_ROUNDUP(tdata->aad.len, 8);
+			+ plaintext_pad_len;
 
 	/* Validate obuf */
 	TEST_ASSERT_BUFFERS_ARE_EQUAL(
@@ -2598,7 +2504,7 @@ test_kasumi_authentication_verify(const struct kasumi_hash_test_data *tdata)
 	/* Create KASUMI session */
 	retval = create_wireless_algo_hash_session(ts_params->valid_devs[0],
 				tdata->key.data, tdata->key.len,
-				tdata->aad.len, tdata->digest.len,
+				tdata->auth_iv.len, tdata->digest.len,
 				RTE_CRYPTO_AUTH_OP_VERIFY,
 				RTE_CRYPTO_AUTH_KASUMI_F9);
 	if (retval < 0)
@@ -2620,12 +2526,11 @@ test_kasumi_authentication_verify(const struct kasumi_hash_test_data *tdata)
 	/* Create KASUMI operation */
 	retval = create_wireless_algo_hash_operation(tdata->digest.data,
 			tdata->digest.len,
-			tdata->aad.data, tdata->aad.len,
+			tdata->auth_iv.data, tdata->auth_iv.len,
 			plaintext_pad_len,
 			RTE_CRYPTO_AUTH_OP_VERIFY,
-			RTE_CRYPTO_AUTH_KASUMI_F9,
 			tdata->validAuthLenInBits.len,
-			(tdata->aad.len << 3));
+			0);
 	if (retval < 0)
 		return retval;
 
@@ -2634,7 +2539,7 @@ test_kasumi_authentication_verify(const struct kasumi_hash_test_data *tdata)
 	TEST_ASSERT_NOT_NULL(ut_params->op, "failed to retrieve obuf");
 	ut_params->obuf = ut_params->op->sym->m_src;
 	ut_params->digest = rte_pktmbuf_mtod(ut_params->obuf, uint8_t *)
-				+ plaintext_pad_len + tdata->aad.len;
+				+ plaintext_pad_len;
 
 	/* Validate obuf */
 	if (ut_params->op->status == RTE_CRYPTO_OP_STATUS_SUCCESS)
@@ -2800,7 +2705,7 @@ test_kasumi_encryption(const struct kasumi_test_data *tdata)
 					RTE_CRYPTO_CIPHER_OP_ENCRYPT,
 					RTE_CRYPTO_CIPHER_KASUMI_F8,
 					tdata->key.data, tdata->key.len,
-					tdata->iv.len);
+					tdata->cipher_iv.len);
 	if (retval < 0)
 		return retval;
 
@@ -2821,7 +2726,8 @@ test_kasumi_encryption(const struct kasumi_test_data *tdata)
 	TEST_HEXDUMP(stdout, "plaintext:", plaintext, plaintext_len);
 
 	/* Create KASUMI operation */
-	retval = create_wireless_algo_cipher_operation(tdata->iv.data, tdata->iv.len,
+	retval = create_wireless_algo_cipher_operation(tdata->cipher_iv.data,
+					tdata->cipher_iv.len,
 					tdata->plaintext.len,
 					0);
 	if (retval < 0)
@@ -2876,7 +2782,7 @@ test_kasumi_encryption_sgl(const struct kasumi_test_data *tdata)
 					RTE_CRYPTO_CIPHER_OP_ENCRYPT,
 					RTE_CRYPTO_CIPHER_KASUMI_F8,
 					tdata->key.data, tdata->key.len,
-					tdata->iv.len);
+					tdata->cipher_iv.len);
 	if (retval < 0)
 		return retval;
 
@@ -2893,8 +2799,8 @@ test_kasumi_encryption_sgl(const struct kasumi_test_data *tdata)
 	pktmbuf_write(ut_params->ibuf, 0, plaintext_len, tdata->plaintext.data);
 
 	/* Create KASUMI operation */
-	retval = create_wireless_algo_cipher_operation(tdata->iv.data,
-					tdata->iv.len,
+	retval = create_wireless_algo_cipher_operation(tdata->cipher_iv.data,
+					tdata->cipher_iv.len,
 					tdata->plaintext.len,
 					0);
 	if (retval < 0)
@@ -2941,7 +2847,7 @@ test_kasumi_encryption_oop(const struct kasumi_test_data *tdata)
 					RTE_CRYPTO_CIPHER_OP_ENCRYPT,
 					RTE_CRYPTO_CIPHER_KASUMI_F8,
 					tdata->key.data, tdata->key.len,
-					tdata->iv.len);
+					tdata->cipher_iv.len);
 	if (retval < 0)
 		return retval;
 
@@ -2964,8 +2870,8 @@ test_kasumi_encryption_oop(const struct kasumi_test_data *tdata)
 	TEST_HEXDUMP(stdout, "plaintext:", plaintext, plaintext_len);
 
 	/* Create KASUMI operation */
-	retval = create_wireless_algo_cipher_operation_oop(tdata->iv.data,
-					tdata->iv.len,
+	retval = create_wireless_algo_cipher_operation_oop(tdata->cipher_iv.data,
+					tdata->cipher_iv.len,
 					tdata->plaintext.len,
 					0);
 	if (retval < 0)
@@ -3019,7 +2925,7 @@ test_kasumi_encryption_oop_sgl(const struct kasumi_test_data *tdata)
 					RTE_CRYPTO_CIPHER_OP_ENCRYPT,
 					RTE_CRYPTO_CIPHER_KASUMI_F8,
 					tdata->key.data, tdata->key.len,
-					tdata->iv.len);
+					tdata->cipher_iv.len);
 	if (retval < 0)
 		return retval;
 
@@ -3038,8 +2944,8 @@ test_kasumi_encryption_oop_sgl(const struct kasumi_test_data *tdata)
 	pktmbuf_write(ut_params->ibuf, 0, plaintext_len, tdata->plaintext.data);
 
 	/* Create KASUMI operation */
-	retval = create_wireless_algo_cipher_operation_oop(tdata->iv.data,
-					tdata->iv.len,
+	retval = create_wireless_algo_cipher_operation_oop(tdata->cipher_iv.data,
+					tdata->cipher_iv.len,
 					tdata->plaintext.len,
 					0);
 	if (retval < 0)
@@ -3083,7 +2989,7 @@ test_kasumi_decryption_oop(const struct kasumi_test_data *tdata)
 					RTE_CRYPTO_CIPHER_OP_DECRYPT,
 					RTE_CRYPTO_CIPHER_KASUMI_F8,
 					tdata->key.data, tdata->key.len,
-					tdata->iv.len);
+					tdata->cipher_iv.len);
 	if (retval < 0)
 		return retval;
 
@@ -3106,8 +3012,8 @@ test_kasumi_decryption_oop(const struct kasumi_test_data *tdata)
 	TEST_HEXDUMP(stdout, "ciphertext:", ciphertext, ciphertext_len);
 
 	/* Create KASUMI operation */
-	retval = create_wireless_algo_cipher_operation_oop(tdata->iv.data,
-					tdata->iv.len,
+	retval = create_wireless_algo_cipher_operation_oop(tdata->cipher_iv.data,
+					tdata->cipher_iv.len,
 					tdata->ciphertext.len,
 					0);
 	if (retval < 0)
@@ -3150,7 +3056,7 @@ test_kasumi_decryption(const struct kasumi_test_data *tdata)
 					RTE_CRYPTO_CIPHER_OP_DECRYPT,
 					RTE_CRYPTO_CIPHER_KASUMI_F8,
 					tdata->key.data, tdata->key.len,
-					tdata->iv.len);
+					tdata->cipher_iv.len);
 	if (retval < 0)
 		return retval;
 
@@ -3171,8 +3077,8 @@ test_kasumi_decryption(const struct kasumi_test_data *tdata)
 	TEST_HEXDUMP(stdout, "ciphertext:", ciphertext, ciphertext_len);
 
 	/* Create KASUMI operation */
-	retval = create_wireless_algo_cipher_operation(tdata->iv.data,
-					tdata->iv.len,
+	retval = create_wireless_algo_cipher_operation(tdata->cipher_iv.data,
+					tdata->cipher_iv.len,
 					tdata->ciphertext.len,
 					0);
 	if (retval < 0)
@@ -3215,7 +3121,7 @@ test_snow3g_encryption(const struct snow3g_test_data *tdata)
 					RTE_CRYPTO_CIPHER_OP_ENCRYPT,
 					RTE_CRYPTO_CIPHER_SNOW3G_UEA2,
 					tdata->key.data, tdata->key.len,
-					tdata->iv.len);
+					tdata->cipher_iv.len);
 	if (retval < 0)
 		return retval;
 
@@ -3236,7 +3142,8 @@ test_snow3g_encryption(const struct snow3g_test_data *tdata)
 	TEST_HEXDUMP(stdout, "plaintext:", plaintext, plaintext_len);
 
 	/* Create SNOW 3G operation */
-	retval = create_wireless_algo_cipher_operation(tdata->iv.data, tdata->iv.len,
+	retval = create_wireless_algo_cipher_operation(tdata->cipher_iv.data,
+					tdata->cipher_iv.len,
 					tdata->validCipherLenInBits.len,
 					0);
 	if (retval < 0)
@@ -3280,7 +3187,7 @@ test_snow3g_encryption_oop(const struct snow3g_test_data *tdata)
 					RTE_CRYPTO_CIPHER_OP_ENCRYPT,
 					RTE_CRYPTO_CIPHER_SNOW3G_UEA2,
 					tdata->key.data, tdata->key.len,
-					tdata->iv.len);
+					tdata->cipher_iv.len);
 	if (retval < 0)
 		return retval;
 
@@ -3308,8 +3215,8 @@ test_snow3g_encryption_oop(const struct snow3g_test_data *tdata)
 	TEST_HEXDUMP(stdout, "plaintext:", plaintext, plaintext_len);
 
 	/* Create SNOW 3G operation */
-	retval = create_wireless_algo_cipher_operation_oop(tdata->iv.data,
-					tdata->iv.len,
+	retval = create_wireless_algo_cipher_operation_oop(tdata->cipher_iv.data,
+					tdata->cipher_iv.len,
 					tdata->validCipherLenInBits.len,
 					0);
 	if (retval < 0)
@@ -3362,7 +3269,7 @@ test_snow3g_encryption_oop_sgl(const struct snow3g_test_data *tdata)
 					RTE_CRYPTO_CIPHER_OP_ENCRYPT,
 					RTE_CRYPTO_CIPHER_SNOW3G_UEA2,
 					tdata->key.data, tdata->key.len,
-					tdata->iv.len);
+					tdata->cipher_iv.len);
 	if (retval < 0)
 		return retval;
 
@@ -3384,8 +3291,8 @@ test_snow3g_encryption_oop_sgl(const struct snow3g_test_data *tdata)
 	pktmbuf_write(ut_params->ibuf, 0, plaintext_len, tdata->plaintext.data);
 
 	/* Create SNOW 3G operation */
-	retval = create_wireless_algo_cipher_operation_oop(tdata->iv.data,
-					tdata->iv.len,
+	retval = create_wireless_algo_cipher_operation_oop(tdata->cipher_iv.data,
+					tdata->cipher_iv.len,
 					tdata->validCipherLenInBits.len,
 					0);
 	if (retval < 0)
@@ -3452,7 +3359,7 @@ test_snow3g_encryption_offset_oop(const struct snow3g_test_data *tdata)
 					RTE_CRYPTO_CIPHER_OP_ENCRYPT,
 					RTE_CRYPTO_CIPHER_SNOW3G_UEA2,
 					tdata->key.data, tdata->key.len,
-					tdata->iv.len);
+					tdata->cipher_iv.len);
 	if (retval < 0)
 		return retval;
 
@@ -3487,8 +3394,8 @@ test_snow3g_encryption_offset_oop(const struct snow3g_test_data *tdata)
 	rte_hexdump(stdout, "plaintext:", plaintext, tdata->plaintext.len);
 #endif
 	/* Create SNOW 3G operation */
-	retval = create_wireless_algo_cipher_operation_oop(tdata->iv.data,
-					tdata->iv.len,
+	retval = create_wireless_algo_cipher_operation_oop(tdata->cipher_iv.data,
+					tdata->cipher_iv.len,
 					tdata->validCipherLenInBits.len,
 					extra_offset);
 	if (retval < 0)
@@ -3543,7 +3450,7 @@ static int test_snow3g_decryption(const struct snow3g_test_data *tdata)
 					RTE_CRYPTO_CIPHER_OP_DECRYPT,
 					RTE_CRYPTO_CIPHER_SNOW3G_UEA2,
 					tdata->key.data, tdata->key.len,
-					tdata->iv.len);
+					tdata->cipher_iv.len);
 	if (retval < 0)
 		return retval;
 
@@ -3564,7 +3471,8 @@ static int test_snow3g_decryption(const struct snow3g_test_data *tdata)
 	TEST_HEXDUMP(stdout, "ciphertext:", ciphertext, ciphertext_len);
 
 	/* Create SNOW 3G operation */
-	retval = create_wireless_algo_cipher_operation(tdata->iv.data, tdata->iv.len,
+	retval = create_wireless_algo_cipher_operation(tdata->cipher_iv.data,
+					tdata->cipher_iv.len,
 					tdata->validCipherLenInBits.len,
 					0);
 	if (retval < 0)
@@ -3605,7 +3513,7 @@ static int test_snow3g_decryption_oop(const struct snow3g_test_data *tdata)
 					RTE_CRYPTO_CIPHER_OP_DECRYPT,
 					RTE_CRYPTO_CIPHER_SNOW3G_UEA2,
 					tdata->key.data, tdata->key.len,
-					tdata->iv.len);
+					tdata->cipher_iv.len);
 	if (retval < 0)
 		return retval;
 
@@ -3636,8 +3544,8 @@ static int test_snow3g_decryption_oop(const struct snow3g_test_data *tdata)
 	TEST_HEXDUMP(stdout, "ciphertext:", ciphertext, ciphertext_len);
 
 	/* Create SNOW 3G operation */
-	retval = create_wireless_algo_cipher_operation_oop(tdata->iv.data,
-					tdata->iv.len,
+	retval = create_wireless_algo_cipher_operation_oop(tdata->cipher_iv.data,
+					tdata->cipher_iv.len,
 					tdata->validCipherLenInBits.len,
 					0);
 	if (retval < 0)
@@ -3724,8 +3632,7 @@ test_zuc_cipher_auth(const struct wireless_test_data *tdata)
 	TEST_ASSERT_NOT_NULL(ut_params->op, "failed to retrieve obuf");
 	ut_params->obuf = ut_params->op->sym->m_src;
 	if (ut_params->obuf)
-		ciphertext = rte_pktmbuf_mtod(ut_params->obuf, uint8_t *)
-				+ tdata->aad.len;
+		ciphertext = rte_pktmbuf_mtod(ut_params->obuf, uint8_t *);
 	else
 		ciphertext = plaintext;
 
@@ -3738,7 +3645,7 @@ test_zuc_cipher_auth(const struct wireless_test_data *tdata)
 			"ZUC Ciphertext data not as expected");
 
 	ut_params->digest = rte_pktmbuf_mtod(ut_params->obuf, uint8_t *)
-	    + plaintext_pad_len + tdata->aad.len;
+	    + plaintext_pad_len;
 
 	/* Validate obuf */
 	TEST_ASSERT_BUFFERS_ARE_EQUAL(
@@ -3768,8 +3675,8 @@ test_snow3g_cipher_auth(const struct snow3g_test_data *tdata)
 			RTE_CRYPTO_AUTH_SNOW3G_UIA2,
 			RTE_CRYPTO_CIPHER_SNOW3G_UEA2,
 			tdata->key.data, tdata->key.len,
-			tdata->aad.len, tdata->digest.len,
-			tdata->iv.len);
+			tdata->auth_iv.len, tdata->digest.len,
+			tdata->cipher_iv.len);
 	if (retval < 0)
 		return retval;
 	ut_params->ibuf = rte_pktmbuf_alloc(ts_params->mbuf_pool);
@@ -3790,15 +3697,14 @@ test_snow3g_cipher_auth(const struct snow3g_test_data *tdata)
 
 	/* Create SNOW 3G operation */
 	retval = create_wireless_algo_cipher_hash_operation(tdata->digest.data,
-			tdata->digest.len, tdata->aad.data,
-			tdata->aad.len, /*tdata->plaintext.len,*/
+			tdata->digest.len, tdata->auth_iv.data,
+			tdata->auth_iv.len,
 			plaintext_pad_len, RTE_CRYPTO_AUTH_OP_GENERATE,
-			RTE_CRYPTO_AUTH_SNOW3G_UIA2,
-			tdata->iv.data, tdata->iv.len,
+			tdata->cipher_iv.data, tdata->cipher_iv.len,
 			tdata->validCipherLenInBits.len,
 			0,
 			tdata->validAuthLenInBits.len,
-			(tdata->aad.len << 3)
+			0
 			);
 	if (retval < 0)
 		return retval;
@@ -3808,8 +3714,7 @@ test_snow3g_cipher_auth(const struct snow3g_test_data *tdata)
 	TEST_ASSERT_NOT_NULL(ut_params->op, "failed to retrieve obuf");
 	ut_params->obuf = ut_params->op->sym->m_src;
 	if (ut_params->obuf)
-		ciphertext = rte_pktmbuf_mtod(ut_params->obuf, uint8_t *)
-					+ tdata->aad.len;
+		ciphertext = rte_pktmbuf_mtod(ut_params->obuf, uint8_t *);
 	else
 		ciphertext = plaintext;
 
@@ -3822,7 +3727,7 @@ test_snow3g_cipher_auth(const struct snow3g_test_data *tdata)
 			"SNOW 3G Ciphertext data not as expected");
 
 	ut_params->digest = rte_pktmbuf_mtod(ut_params->obuf, uint8_t *)
-	    + plaintext_pad_len + tdata->aad.len;
+	    + plaintext_pad_len;
 
 	/* Validate obuf */
 	TEST_ASSERT_BUFFERS_ARE_EQUAL(
@@ -3851,8 +3756,8 @@ test_snow3g_auth_cipher(const struct snow3g_test_data *tdata)
 			RTE_CRYPTO_AUTH_SNOW3G_UIA2,
 			RTE_CRYPTO_CIPHER_SNOW3G_UEA2,
 			tdata->key.data, tdata->key.len,
-			tdata->aad.len, tdata->digest.len,
-			tdata->iv.len);
+			tdata->auth_iv.len, tdata->digest.len,
+			tdata->cipher_iv.len);
 	if (retval < 0)
 		return retval;
 
@@ -3875,15 +3780,13 @@ test_snow3g_auth_cipher(const struct snow3g_test_data *tdata)
 	/* Create SNOW 3G operation */
 	retval = create_wireless_algo_auth_cipher_operation(
 		tdata->digest.len,
-		tdata->iv.data, tdata->iv.len,
-		tdata->aad.data, tdata->aad.len,
+		tdata->cipher_iv.data, tdata->cipher_iv.len,
+		tdata->auth_iv.data, tdata->auth_iv.len,
 		plaintext_pad_len,
 		tdata->validCipherLenInBits.len,
 		0,
 		tdata->validAuthLenInBits.len,
-		(tdata->aad.len << 3),
-		RTE_CRYPTO_AUTH_SNOW3G_UIA2
-	);
+		0);
 
 	if (retval < 0)
 		return retval;
@@ -3893,13 +3796,12 @@ test_snow3g_auth_cipher(const struct snow3g_test_data *tdata)
 	TEST_ASSERT_NOT_NULL(ut_params->op, "failed to retrieve obuf");
 	ut_params->obuf = ut_params->op->sym->m_src;
 	if (ut_params->obuf)
-		ciphertext = rte_pktmbuf_mtod(ut_params->obuf, uint8_t *)
-				+ tdata->aad.len;
+		ciphertext = rte_pktmbuf_mtod(ut_params->obuf, uint8_t *);
 	else
 		ciphertext = plaintext;
 
 	ut_params->digest = rte_pktmbuf_mtod(ut_params->obuf, uint8_t *)
-			+ plaintext_pad_len + tdata->aad.len;
+			+ plaintext_pad_len;
 	TEST_HEXDUMP(stdout, "ciphertext:", ciphertext, plaintext_len);
 
 	/* Validate obuf */
@@ -3938,8 +3840,8 @@ test_kasumi_auth_cipher(const struct kasumi_test_data *tdata)
 			RTE_CRYPTO_AUTH_KASUMI_F9,
 			RTE_CRYPTO_CIPHER_KASUMI_F8,
 			tdata->key.data, tdata->key.len,
-			tdata->aad.len, tdata->digest.len,
-			tdata->iv.len);
+			tdata->auth_iv.len, tdata->digest.len,
+			tdata->cipher_iv.len);
 	if (retval < 0)
 		return retval;
 	ut_params->ibuf = rte_pktmbuf_alloc(ts_params->mbuf_pool);
@@ -3960,14 +3862,13 @@ test_kasumi_auth_cipher(const struct kasumi_test_data *tdata)
 
 	/* Create KASUMI operation */
 	retval = create_wireless_algo_auth_cipher_operation(tdata->digest.len,
-				tdata->iv.data, tdata->iv.len,
-				tdata->aad.data, tdata->aad.len,
+				tdata->cipher_iv.data, tdata->cipher_iv.len,
+				tdata->auth_iv.data, tdata->auth_iv.len,
 				plaintext_pad_len,
 				tdata->validCipherLenInBits.len,
 				0,
 				tdata->validAuthLenInBits.len,
-				(tdata->aad.len << 3),
-				RTE_CRYPTO_AUTH_KASUMI_F9
+				0
 				);
 
 	if (retval < 0)
@@ -3978,8 +3879,7 @@ test_kasumi_auth_cipher(const struct kasumi_test_data *tdata)
 	TEST_ASSERT_NOT_NULL(ut_params->op, "failed to retrieve obuf");
 	ut_params->obuf = ut_params->op->sym->m_src;
 	if (ut_params->obuf)
-		ciphertext = rte_pktmbuf_mtod(ut_params->obuf, uint8_t *)
-				+ tdata->aad.len;
+		ciphertext = rte_pktmbuf_mtod(ut_params->obuf, uint8_t *);
 	else
 		ciphertext = plaintext;
 
@@ -3990,7 +3890,7 @@ test_kasumi_auth_cipher(const struct kasumi_test_data *tdata)
 			tdata->validCipherLenInBits.len,
 			"KASUMI Ciphertext data not as expected");
 	ut_params->digest = rte_pktmbuf_mtod(ut_params->obuf, uint8_t *)
-	    + plaintext_pad_len + tdata->aad.len;
+	    + plaintext_pad_len;
 
 	/* Validate obuf */
 	TEST_ASSERT_BUFFERS_ARE_EQUAL(
@@ -4021,8 +3921,8 @@ test_kasumi_cipher_auth(const struct kasumi_test_data *tdata)
 			RTE_CRYPTO_AUTH_KASUMI_F9,
 			RTE_CRYPTO_CIPHER_KASUMI_F8,
 			tdata->key.data, tdata->key.len,
-			tdata->aad.len, tdata->digest.len,
-			tdata->iv.len);
+			tdata->auth_iv.len, tdata->digest.len,
+			tdata->cipher_iv.len);
 	if (retval < 0)
 		return retval;
 
@@ -4044,15 +3944,14 @@ test_kasumi_cipher_auth(const struct kasumi_test_data *tdata)
 
 	/* Create KASUMI operation */
 	retval = create_wireless_algo_cipher_hash_operation(tdata->digest.data,
-				tdata->digest.len, tdata->aad.data,
-				tdata->aad.len,
+				tdata->digest.len, tdata->auth_iv.data,
+				tdata->auth_iv.len,
 				plaintext_pad_len, RTE_CRYPTO_AUTH_OP_GENERATE,
-				RTE_CRYPTO_AUTH_KASUMI_F9,
-				tdata->iv.data, tdata->iv.len,
+				tdata->cipher_iv.data, tdata->cipher_iv.len,
 				tdata->validCipherLenInBits.len,
 				0,
 				tdata->validAuthLenInBits.len,
-				(tdata->aad.len << 3)
+				0
 				);
 	if (retval < 0)
 		return retval;
@@ -4062,13 +3961,12 @@ test_kasumi_cipher_auth(const struct kasumi_test_data *tdata)
 	TEST_ASSERT_NOT_NULL(ut_params->op, "failed to retrieve obuf");
 	ut_params->obuf = ut_params->op->sym->m_src;
 	if (ut_params->obuf)
-		ciphertext = rte_pktmbuf_mtod(ut_params->obuf, uint8_t *)
-				+ tdata->aad.len;
+		ciphertext = rte_pktmbuf_mtod(ut_params->obuf, uint8_t *);
 	else
 		ciphertext = plaintext;
 
 	ut_params->digest = rte_pktmbuf_mtod(ut_params->obuf, uint8_t *)
-			+ plaintext_pad_len + tdata->aad.len;
+			+ plaintext_pad_len;
 
 	/* Validate obuf */
 	TEST_ASSERT_BUFFERS_ARE_EQUAL_BIT(
@@ -4112,7 +4010,7 @@ test_zuc_encryption(const struct wireless_test_data *tdata)
 					RTE_CRYPTO_CIPHER_OP_ENCRYPT,
 					RTE_CRYPTO_CIPHER_ZUC_EEA3,
 					tdata->key.data, tdata->key.len,
-					tdata->iv.len);
+					tdata->cipher_iv.len);
 	if (retval < 0)
 		return retval;
 
@@ -4133,7 +4031,8 @@ test_zuc_encryption(const struct wireless_test_data *tdata)
 	TEST_HEXDUMP(stdout, "plaintext:", plaintext, plaintext_len);
 
 	/* Create ZUC operation */
-	retval = create_wireless_algo_cipher_operation(tdata->iv.data, tdata->iv.len,
+	retval = create_wireless_algo_cipher_operation(tdata->cipher_iv.data,
+					tdata->cipher_iv.len,
 					tdata->plaintext.len,
 					0);
 	if (retval < 0)
@@ -4208,7 +4107,7 @@ test_zuc_encryption_sgl(const struct wireless_test_data *tdata)
 			RTE_CRYPTO_CIPHER_OP_ENCRYPT,
 			RTE_CRYPTO_CIPHER_ZUC_EEA3,
 			tdata->key.data, tdata->key.len,
-			tdata->iv.len);
+			tdata->cipher_iv.len);
 	if (retval < 0)
 		return retval;
 
@@ -4217,8 +4116,8 @@ test_zuc_encryption_sgl(const struct wireless_test_data *tdata)
 	pktmbuf_write(ut_params->ibuf, 0, plaintext_len, tdata->plaintext.data);
 
 	/* Create ZUC operation */
-	retval = create_wireless_algo_cipher_operation(tdata->iv.data,
-			tdata->iv.len, tdata->plaintext.len,
+	retval = create_wireless_algo_cipher_operation(tdata->cipher_iv.data,
+			tdata->cipher_iv.len, tdata->plaintext.len,
 			0);
 	if (retval < 0)
 		return retval;
@@ -4272,7 +4171,7 @@ test_zuc_authentication(const struct wireless_test_data *tdata)
 	/* Create ZUC session */
 	retval = create_wireless_algo_hash_session(ts_params->valid_devs[0],
 			tdata->key.data, tdata->key.len,
-			tdata->aad.len, tdata->digest.len,
+			tdata->auth_iv.len, tdata->digest.len,
 			RTE_CRYPTO_AUTH_OP_GENERATE,
 			RTE_CRYPTO_AUTH_ZUC_EIA3);
 	if (retval < 0)
@@ -4294,11 +4193,10 @@ test_zuc_authentication(const struct wireless_test_data *tdata)
 
 	/* Create ZUC operation */
 	retval = create_wireless_algo_hash_operation(NULL, tdata->digest.len,
-			tdata->aad.data, tdata->aad.len,
+			tdata->auth_iv.data, tdata->auth_iv.len,
 			plaintext_pad_len, RTE_CRYPTO_AUTH_OP_GENERATE,
-			RTE_CRYPTO_AUTH_ZUC_EIA3,
 			tdata->validAuthLenInBits.len,
-			(tdata->aad.len << 3));
+			0);
 	if (retval < 0)
 		return retval;
 
@@ -4307,7 +4205,7 @@ test_zuc_authentication(const struct wireless_test_data *tdata)
 	ut_params->obuf = ut_params->op->sym->m_src;
 	TEST_ASSERT_NOT_NULL(ut_params->op, "failed to retrieve obuf");
 	ut_params->digest = rte_pktmbuf_mtod(ut_params->obuf, uint8_t *)
-			+ plaintext_pad_len + ALIGN_POW2_ROUNDUP(tdata->aad.len, 8);
+			+ plaintext_pad_len;
 
 	/* Validate obuf */
 	TEST_ASSERT_BUFFERS_ARE_EQUAL(
diff --git a/test/test/test_cryptodev_kasumi_hash_test_vectors.h b/test/test/test_cryptodev_kasumi_hash_test_vectors.h
index 63db9c4..3ab1d27 100644
--- a/test/test/test_cryptodev_kasumi_hash_test_vectors.h
+++ b/test/test/test_cryptodev_kasumi_hash_test_vectors.h
@@ -43,7 +43,7 @@ struct kasumi_hash_test_data {
 	struct {
 		uint8_t data[8];
 		unsigned len;
-	} aad;
+	} auth_iv;
 
 	/* Includes message and DIRECTION (1 bit), plus 1 0*,
 	 * with enough 0s, so total length is multiple of 64 bits */
@@ -71,7 +71,7 @@ struct kasumi_hash_test_data kasumi_hash_test_case_1 = {
 		},
 		.len = 16
 	},
-	.aad = {
+	.auth_iv = {
 		.data = {
 			0x38, 0xA6, 0xF0, 0x56, 0x05, 0xD2, 0xEC, 0x49,
 		},
@@ -102,7 +102,7 @@ struct kasumi_hash_test_data kasumi_hash_test_case_2 = {
 		},
 		.len = 16
 	},
-	.aad = {
+	.auth_iv = {
 		.data = {
 			0x3E, 0xDC, 0x87, 0xE2, 0xA4, 0xF2, 0xD8, 0xE2,
 		},
@@ -134,7 +134,7 @@ struct kasumi_hash_test_data kasumi_hash_test_case_3 = {
 		},
 		.len = 16
 	},
-	.aad = {
+	.auth_iv = {
 		.data = {
 			0x36, 0xAF, 0x61, 0x44, 0x98, 0x38, 0xF0, 0x3A,
 		},
@@ -168,7 +168,7 @@ struct kasumi_hash_test_data kasumi_hash_test_case_4 = {
 		},
 	.len = 16
 	},
-	.aad = {
+	.auth_iv = {
 		.data = {
 			0x14, 0x79, 0x3E, 0x41, 0x03, 0x97, 0xE8, 0xFD
 		},
@@ -203,7 +203,7 @@ struct kasumi_hash_test_data kasumi_hash_test_case_5 = {
 		},
 		.len = 16
 	},
-	.aad = {
+	.auth_iv = {
 		.data = {
 			0x29, 0x6F, 0x39, 0x3C, 0x6B, 0x22, 0x77, 0x37,
 		},
@@ -247,7 +247,7 @@ struct kasumi_hash_test_data kasumi_hash_test_case_6 = {
 		},
 		.len = 16
 	},
-	.aad = {
+	.auth_iv = {
 		.data = {
 			0x36, 0xAF, 0x61, 0x44, 0x4F, 0x30, 0x2A, 0xD2
 		},
@@ -288,7 +288,7 @@ struct kasumi_hash_test_data kasumi_hash_test_case_7 = {
 		},
 		.len = 16
 	},
-	.aad = {
+	.auth_iv = {
 		.data = {
 			0x38, 0xA6, 0xF0, 0x56, 0x05, 0xD2, 0xEC, 0x49,
 		},
diff --git a/test/test/test_cryptodev_kasumi_test_vectors.h b/test/test/test_cryptodev_kasumi_test_vectors.h
index 6a7efb8..d0b83b1 100644
--- a/test/test/test_cryptodev_kasumi_test_vectors.h
+++ b/test/test/test_cryptodev_kasumi_test_vectors.h
@@ -42,13 +42,13 @@ struct kasumi_test_data {
 	struct {
 		uint8_t data[64] __rte_aligned(16);
 		unsigned len;
-	} iv;
+	} cipher_iv;
 
 	/* Includes: COUNT (4 bytes) and FRESH (4 bytes) */
 	struct {
 		uint8_t data[8];
 		unsigned len;
-	} aad;
+	} auth_iv;
 
 	struct {
 		uint8_t data[1024]; /* Data may include direction bit */
@@ -88,7 +88,7 @@ struct kasumi_test_data kasumi_test_case_1 = {
 		},
 		.len = 16
 	},
-	.iv = {
+	.cipher_iv = {
 		.data = {
 			0x72, 0xA4, 0xF2, 0x0F, 0x64, 0x00, 0x00, 0x00
 		},
@@ -143,7 +143,7 @@ struct kasumi_test_data kasumi_test_case_2 = {
 		},
 		.len = 16
 	},
-	.iv = {
+	.cipher_iv = {
 		.data = {
 			0xE2, 0x8B, 0xCF, 0x7B, 0xC0, 0x00, 0x00, 0x00
 		},
@@ -188,13 +188,13 @@ struct kasumi_test_data kasumi_test_case_3 = {
 		},
 		.len = 16
 	},
-	.iv = {
+	.cipher_iv = {
 		.data = {
 			0xFA, 0x55, 0x6B, 0x26, 0x1C, 0x00, 0x00, 0x00
 		},
 		.len = 8
 	},
-	.aad = {
+	.auth_iv = {
 		.data = {
 			0x38, 0xA6, 0xF0, 0x56, 0x05, 0xD2, 0xEC, 0x49
 		},
@@ -237,7 +237,7 @@ struct kasumi_test_data kasumi_test_case_4 = {
 		},
 		.len = 16
 	},
-	.iv = {
+	.cipher_iv = {
 		.data = {
 			0x39, 0x8A, 0x59, 0xB4, 0x2C, 0x00, 0x00, 0x00,
 		},
@@ -274,7 +274,7 @@ struct kasumi_test_data kasumi_test_case_5 = {
 		},
 		.len = 16
 	},
-	.iv = {
+	.cipher_iv = {
 		.data = {
 			0x72, 0xA4, 0xF2, 0x0F, 0x48, 0x00, 0x00, 0x00
 		},
@@ -331,13 +331,13 @@ struct kasumi_test_data kasumi_test_case_6 = {
 		},
 		.len = 16
 	},
-	.iv = {
+	.cipher_iv = {
 		.data = {
 			0xFA, 0x55, 0x6B, 0x26, 0x1C, 0x00, 0x00, 0x00
 		},
 		.len = 8
 	},
-	.aad = {
+	.auth_iv = {
 		.data = {
 			0x38, 0xA6, 0xF0, 0x56, 0x05, 0xD2, 0xEC, 0x49
 		},
diff --git a/test/test/test_cryptodev_perf.c b/test/test/test_cryptodev_perf.c
index 7238bfa..1d204fd 100644
--- a/test/test/test_cryptodev_perf.c
+++ b/test/test/test_cryptodev_perf.c
@@ -2704,10 +2704,12 @@ test_perf_create_snow3g_session(uint8_t dev_id, enum chain_mode chain,
 	auth_xform.auth.op = RTE_CRYPTO_AUTH_OP_GENERATE;
 	auth_xform.auth.algo = auth_algo;
 
-	auth_xform.auth.add_auth_data_length = SNOW3G_CIPHER_IV_LENGTH;
 	auth_xform.auth.key.data = snow3g_hash_key;
 	auth_xform.auth.key.length =  get_auth_key_max_length(auth_algo);
 	auth_xform.auth.digest_length = get_auth_digest_length(auth_algo);
+	/* Auth IV will be after cipher IV */
+	auth_xform.auth.iv.offset = IV_OFFSET + SNOW3G_CIPHER_IV_LENGTH;
+	auth_xform.auth.iv.length = SNOW3G_CIPHER_IV_LENGTH;
 
 	switch (chain) {
 	case CIPHER_HASH:
@@ -2969,10 +2971,6 @@ test_perf_set_crypto_op_snow3g(struct rte_crypto_op *op, struct rte_mbuf *m,
 	op->sym->auth.digest.phys_addr =
 				rte_pktmbuf_mtophys_offset(m, data_len);
 	op->sym->auth.digest.length = digest_len;
-	op->sym->auth.aad.data = iv_ptr;
-	op->sym->auth.aad.phys_addr = rte_crypto_op_ctophys_offset(op,
-			IV_OFFSET);
-	op->sym->auth.aad.length = SNOW3G_CIPHER_IV_LENGTH;
 
 	/* Data lengths/offsets Parameters */
 	op->sym->auth.data.offset = 0;
@@ -3017,11 +3015,16 @@ test_perf_set_crypto_op_snow3g_hash(struct rte_crypto_op *op,
 		unsigned data_len,
 		unsigned digest_len)
 {
+	uint8_t *iv_ptr = rte_crypto_op_ctod_offset(op,
+			uint8_t *, IV_OFFSET);
+
 	if (rte_crypto_op_attach_sym_session(op, sess) != 0) {
 		rte_crypto_op_free(op);
 		return NULL;
 	}
 
+	rte_memcpy(iv_ptr, snow3g_iv, SNOW3G_CIPHER_IV_LENGTH);
+
 	/* Authentication Parameters */
 
 	op->sym->auth.digest.data =
@@ -3031,13 +3034,6 @@ test_perf_set_crypto_op_snow3g_hash(struct rte_crypto_op *op,
 				rte_pktmbuf_mtophys_offset(m, data_len +
 					SNOW3G_CIPHER_IV_LENGTH);
 	op->sym->auth.digest.length = digest_len;
-	op->sym->auth.aad.data = rte_crypto_op_ctod_offset(op,
-			uint8_t *, IV_OFFSET);
-	op->sym->auth.aad.phys_addr = rte_crypto_op_ctophys_offset(op,
-			IV_OFFSET);
-	op->sym->auth.aad.length = SNOW3G_CIPHER_IV_LENGTH;
-	rte_memcpy(op->sym->auth.aad.data, snow3g_iv,
-			SNOW3G_CIPHER_IV_LENGTH);
 
 	/* Data lengths/offsets Parameters */
 	op->sym->auth.data.offset = 0;
diff --git a/test/test/test_cryptodev_snow3g_hash_test_vectors.h b/test/test/test_cryptodev_snow3g_hash_test_vectors.h
index e88e7ab..d51cdfa 100644
--- a/test/test/test_cryptodev_snow3g_hash_test_vectors.h
+++ b/test/test/test_cryptodev_snow3g_hash_test_vectors.h
@@ -42,7 +42,7 @@ struct snow3g_hash_test_data {
 	struct {
 		uint8_t data[64];
 		unsigned len;
-	} aad;
+	} auth_iv;
 
 	struct {
 		uint8_t data[2056];
@@ -67,7 +67,7 @@ struct snow3g_hash_test_data snow3g_hash_test_case_1 = {
 		},
 	.len = 16
 	},
-	.aad = {
+	.auth_iv = {
 		.data = {
 			0x14, 0x79, 0x3E, 0x41, 0x03, 0x97, 0xE8, 0xFD,
 			0x94, 0x79, 0x3E, 0x41, 0x03, 0x97, 0x68, 0xFD
@@ -102,7 +102,7 @@ struct snow3g_hash_test_data snow3g_hash_test_case_2 = {
 		},
 	.len = 16
 	},
-	.aad = {
+	.auth_iv = {
 		.data = {
 			0x29, 0x6F, 0x39, 0x3C, 0x6B, 0x22, 0x77, 0x37,
 			0xA9, 0x6F, 0x39, 0x3C, 0x6B, 0x22, 0xF7, 0x37
@@ -147,7 +147,7 @@ struct snow3g_hash_test_data snow3g_hash_test_case_3 = {
 		},
 	.len = 16
 	},
-	.aad = {
+	.auth_iv = {
 		.data = {
 			0x29, 0x6F, 0x39, 0x3C, 0x6B, 0x22, 0x77, 0x37,
 			0xA9, 0x6F, 0x39, 0x3C, 0x6B, 0x22, 0xF7, 0x37
@@ -433,7 +433,7 @@ struct snow3g_hash_test_data snow3g_hash_test_case_4 = {
 		},
 	.len = 16
 	},
-	.aad = {
+	.auth_iv = {
 		.data = {
 			0x38, 0xA6, 0xF0, 0x56, 0x05, 0xD2, 0xEC, 0x49,
 			0x38, 0xA6, 0xF0, 0x56, 0x05, 0xD2, 0xEC, 0x49,
@@ -465,7 +465,7 @@ struct snow3g_hash_test_data snow3g_hash_test_case_5 = {
 		},
 		.len = 16
 	},
-	.aad = {
+	.auth_iv = {
 		.data = {
 			0x3E, 0xDC, 0x87, 0xE2, 0xA4, 0xF2, 0xD8, 0xE2,
 			0xBE, 0xDC, 0x87, 0xE2, 0xA4, 0xF2, 0x58, 0xE2
@@ -498,7 +498,7 @@ struct snow3g_hash_test_data snow3g_hash_test_case_6 = {
 		},
 		.len = 16
 	},
-	.aad = {
+	.auth_iv = {
 		.data = {
 			0x36, 0xAF, 0x61, 0x44, 0x98, 0x38, 0xF0, 0x3A,
 			0xB6, 0xAF, 0x61, 0x44, 0x98, 0x38, 0x70, 0x3A
diff --git a/test/test/test_cryptodev_snow3g_test_vectors.h b/test/test/test_cryptodev_snow3g_test_vectors.h
index 0c8ad1c..6b99f6c 100644
--- a/test/test/test_cryptodev_snow3g_test_vectors.h
+++ b/test/test/test_cryptodev_snow3g_test_vectors.h
@@ -42,7 +42,7 @@ struct snow3g_test_data {
 	struct {
 		uint8_t data[64] __rte_aligned(16);
 		unsigned len;
-	} iv;
+	} cipher_iv;
 
 	struct {
 		uint8_t data[1024];
@@ -69,7 +69,7 @@ struct snow3g_test_data {
 	struct {
 		uint8_t data[64];
 		unsigned len;
-	} aad;
+	} auth_iv;
 
 	struct {
 		uint8_t data[64];
@@ -84,7 +84,7 @@ struct snow3g_test_data snow3g_test_case_1 = {
 		},
 		.len = 16
 	},
-	.iv = {
+	.cipher_iv = {
 		.data = {
 			0x72, 0xA4, 0xF2, 0x0F, 0x64, 0x00, 0x00, 0x00,
 			0x72, 0xA4, 0xF2, 0x0F, 0x64, 0x00, 0x00, 0x00
@@ -133,7 +133,7 @@ struct snow3g_test_data snow3g_test_case_1 = {
 	.validCipherLenInBits = {
 		.len = 800
 	},
-	.aad = {
+	.auth_iv = {
 		.data = {
 			 0x72, 0xA4, 0xF2, 0x0F, 0x64, 0x00, 0x00, 0x00,
 			 0x72, 0xA4, 0xF2, 0x0F, 0x64, 0x00, 0x00, 0x00
@@ -150,7 +150,7 @@ struct snow3g_test_data snow3g_test_case_2 = {
 		},
 		.len = 16
 	},
-	.iv = {
+	.cipher_iv = {
 	       .data = {
 			0xE2, 0x8B, 0xCF, 0x7B, 0xC0, 0x00, 0x00, 0x00,
 			0xE2, 0x8B, 0xCF, 0x7B, 0xC0, 0x00, 0x00, 0x00
@@ -189,7 +189,7 @@ struct snow3g_test_data snow3g_test_case_2 = {
 	.validCipherLenInBits = {
 		.len = 512
 	},
-	.aad = {
+	.auth_iv = {
 		.data = {
 			 0xE2, 0x8B, 0xCF, 0x7B, 0xC0, 0x00, 0x00, 0x00,
 			 0xE2, 0x8B, 0xCF, 0x7B, 0xC0, 0x00, 0x00, 0x00
@@ -206,7 +206,7 @@ struct snow3g_test_data snow3g_test_case_3 = {
 		},
 		.len = 16
 	},
-	.iv = {
+	.cipher_iv = {
 		.data = {
 			0xFA, 0x55, 0x6B, 0x26, 0x1C, 0x00, 0x00, 0x00,
 			0xFA, 0x55, 0x6B, 0x26, 0x1C, 0x00, 0x00, 0x00
@@ -233,7 +233,7 @@ struct snow3g_test_data snow3g_test_case_3 = {
 	.validCipherLenInBits = {
 		.len = 120
 	},
-	.aad = {
+	.auth_iv = {
 		.data = {
 			0xFA, 0x55, 0x6B, 0x26, 0x1C, 0x00, 0x00, 0x00,
 			0xFA, 0x55, 0x6B, 0x26, 0x1C, 0x00, 0x00, 0x00
@@ -257,7 +257,7 @@ struct snow3g_test_data snow3g_test_case_4 = {
 		},
 		.len = 16
 	},
-	.iv = {
+	.cipher_iv = {
 		.data = {
 			0x39, 0x8A, 0x59, 0xB4, 0x2C, 0x00, 0x00, 0x00,
 			0x39, 0x8A, 0x59, 0xB4, 0x2C, 0x00, 0x00, 0x00
@@ -298,7 +298,7 @@ struct snow3g_test_data snow3g_test_case_5 = {
 		},
 		.len = 16
 	},
-	.iv = {
+	.cipher_iv = {
 		.data = {
 			0x72, 0xA4, 0xF2, 0x0F, 0x48, 0x00, 0x00, 0x00,
 			0x72, 0xA4, 0xF2, 0x0F, 0x48, 0x00, 0x00, 0x00
@@ -357,14 +357,14 @@ struct snow3g_test_data snow3g_test_case_6 = {
 		},
 		.len = 16
 	},
-	.iv = {
+	.cipher_iv = {
 		.data = {
 			0x14, 0x79, 0x3E, 0x41, 0x03, 0x97, 0xE8, 0xFD,
 			0x94, 0x79, 0x3E, 0x41, 0x03, 0x97, 0x68, 0xFD
 		},
 		.len = 16
 	},
-	.aad = {
+	.auth_iv = {
 		.data = {
 			0x14, 0x79, 0x3E, 0x41, 0x03, 0x97, 0xE8, 0xFD,
 			0x94, 0x79, 0x3E, 0x41, 0x03, 0x97, 0x68, 0xFD
diff --git a/test/test/test_cryptodev_zuc_test_vectors.h b/test/test/test_cryptodev_zuc_test_vectors.h
index 50fb538..959a024 100644
--- a/test/test/test_cryptodev_zuc_test_vectors.h
+++ b/test/test/test_cryptodev_zuc_test_vectors.h
@@ -42,7 +42,7 @@ struct wireless_test_data {
 	struct {
 		uint8_t data[64] __rte_aligned(16);
 		unsigned len;
-	} iv;
+	} cipher_iv;
 
 	struct {
 		uint8_t data[2048];
@@ -69,7 +69,7 @@ struct wireless_test_data {
 	struct {
 		uint8_t data[64];
 		unsigned len;
-	} aad;
+	} auth_iv;
 
 	struct {
 		uint8_t data[64];
@@ -84,7 +84,7 @@ static struct wireless_test_data zuc_test_case_cipher_193b = {
 		},
 		.len = 16
 	},
-	.iv = {
+	.cipher_iv = {
 		.data = {
 			0x66, 0x03, 0x54, 0x92, 0x78, 0x00, 0x00, 0x00,
 			0x66, 0x03, 0x54, 0x92, 0x78, 0x00, 0x00, 0x00
@@ -125,7 +125,7 @@ static struct wireless_test_data zuc_test_case_cipher_800b = {
 		},
 		.len = 16
 	},
-	.iv = {
+	.cipher_iv = {
 		.data = {
 			0x00, 0x05, 0x68, 0x23, 0xC4, 0x00, 0x00, 0x00,
 			0x00, 0x05, 0x68, 0x23, 0xC4, 0x00, 0x00, 0x00
@@ -184,7 +184,7 @@ static struct wireless_test_data zuc_test_case_cipher_1570b = {
 		},
 		.len = 16
 	},
-	.iv = {
+	.cipher_iv = {
 		.data = {
 			0x76, 0x45, 0x2E, 0xC1, 0x14, 0x00, 0x00, 0x00,
 			0x76, 0x45, 0x2E, 0xC1, 0x14, 0x00, 0x00, 0x00
@@ -267,7 +267,7 @@ static struct wireless_test_data zuc_test_case_cipher_2798b = {
 		},
 		.len = 16
 	},
-	.iv = {
+	.cipher_iv = {
 		.data = {
 			0xE4, 0x85, 0x0F, 0xE1, 0x84, 0x00, 0x00, 0x00,
 			0xE4, 0x85, 0x0F, 0xE1, 0x84, 0x00, 0x00, 0x00
@@ -388,7 +388,7 @@ static struct wireless_test_data zuc_test_case_cipher_4019b = {
 		},
 		.len = 16
 	},
-	.iv = {
+	.cipher_iv = {
 		.data = {
 			0x27, 0x38, 0xCD, 0xAA, 0xD0, 0x00, 0x00, 0x00,
 			0x27, 0x38, 0xCD, 0xAA, 0xD0, 0x00, 0x00, 0x00
@@ -547,7 +547,7 @@ static struct wireless_test_data zuc_test_case_cipher_200b_auth_200b = {
 		},
 		.len = 16
 	},
-	.iv = {
+	.cipher_iv = {
 		.data = {
 			0x66, 0x03, 0x54, 0x92, 0x78, 0x00, 0x00, 0x00,
 			0x66, 0x03, 0x54, 0x92, 0x78, 0x00, 0x00, 0x00
@@ -578,7 +578,7 @@ static struct wireless_test_data zuc_test_case_cipher_200b_auth_200b = {
 	.validCipherLenInBits = {
 		.len = 200
 	},
-	.aad = {
+	.auth_iv = {
 		.data = {
 			0xFA, 0x55, 0x6B, 0x26, 0x1C, 0x00, 0x00, 0x00,
 			0xFA, 0x55, 0x6B, 0x26, 0x1C, 0x00, 0x00, 0x00
@@ -602,7 +602,7 @@ static struct wireless_test_data zuc_test_case_cipher_800b_auth_120b = {
 		},
 		.len = 16
 	},
-	.iv = {
+	.cipher_iv = {
 		.data = {
 			0x00, 0x05, 0x68, 0x23, 0xC4, 0x00, 0x00, 0x00,
 			0x00, 0x05, 0x68, 0x23, 0xC4, 0x00, 0x00, 0x00
@@ -651,7 +651,7 @@ static struct wireless_test_data zuc_test_case_cipher_800b_auth_120b = {
 	.validCipherLenInBits = {
 		.len = 800
 	},
-	.aad = {
+	.auth_iv = {
 		.data = {
 			0xFA, 0x55, 0x6B, 0x26, 0x1C, 0x00, 0x00, 0x00,
 			0xFA, 0x55, 0x6B, 0x26, 0x1C, 0x00, 0x00, 0x00
@@ -675,7 +675,7 @@ struct wireless_test_data zuc_test_case_auth_1b = {
 		},
 		.len = 16
 	},
-	.aad = {
+	.auth_iv = {
 		.data = {
 			0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
 			0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00
@@ -703,7 +703,7 @@ struct wireless_test_data zuc_test_case_auth_90b = {
 		},
 		.len = 16
 	},
-	.aad = {
+	.auth_iv = {
 		.data = {
 			0x56, 0x1E, 0xB2, 0xDD, 0xA0, 0x00, 0x00, 0x00,
 			0x56, 0x1E, 0xB2, 0xDD, 0xA0, 0x00, 0x00, 0x00
@@ -734,7 +734,7 @@ struct wireless_test_data zuc_test_case_auth_577b = {
 		},
 		.len = 16
 	},
-	.aad = {
+	.auth_iv = {
 		.data = {
 			0xA9, 0x40, 0x59, 0xDA, 0x50, 0x00, 0x00, 0x00,
 			0x29, 0x40, 0x59, 0xDA, 0x50, 0x00, 0x80, 0x00
@@ -773,7 +773,7 @@ struct wireless_test_data zuc_test_case_auth_2079b = {
 		},
 		.len = 16
 	},
-	.aad = {
+	.auth_iv = {
 		.data = {
 			0x05, 0x09, 0x78, 0x50, 0x80, 0x00, 0x00, 0x00,
 			0x85, 0x09, 0x78, 0x50, 0x80, 0x00, 0x80, 0x00
@@ -835,7 +835,7 @@ struct wireless_test_data zuc_test_auth_5670b = {
 		},
 		.len = 16
 	},
-	.aad = {
+	.auth_iv = {
 		.data = {
 			0x56, 0x1E, 0xB2, 0xDD, 0xE0, 0x00, 0x00, 0x00,
 			0x56, 0x1E, 0xB2, 0xDD, 0xE0, 0x00, 0x00, 0x00
@@ -950,7 +950,7 @@ static struct wireless_test_data zuc_test_case_auth_128b = {
 		.data = { 0x0 },
 		.len = 16
 	},
-	.aad = {
+	.auth_iv = {
 		.data = { 0x0 },
 		.len = 16
 	},
@@ -975,7 +975,7 @@ static struct wireless_test_data zuc_test_case_auth_2080b = {
 		},
 		.len = 16
 	},
-	.aad = {
+	.auth_iv = {
 		.data = {
 			0x05, 0x09, 0x78, 0x50, 0x80, 0x00, 0x00, 0x00,
 			0x85, 0x09, 0x78, 0x50, 0x80, 0x00, 0x80, 0x00
@@ -1037,7 +1037,7 @@ static struct wireless_test_data zuc_test_case_auth_584b = {
 		},
 		.len = 16
 	},
-	.aad = {
+	.auth_iv = {
 		.data = {
 			0xa9, 0x40, 0x59, 0xda, 0x50, 0x0, 0x0, 0x0,
 			0x29, 0x40, 0x59, 0xda, 0x50, 0x0, 0x80, 0x0
-- 
2.9.4

^ permalink raw reply	[flat|nested] 100+ messages in thread

* [dpdk-dev] [PATCH v4 16/26] cryptodev: remove AAD length from crypto op
  2017-07-02  5:41     ` [dpdk-dev] [PATCH v4 " Pablo de Lara
                         ` (14 preceding siblings ...)
  2017-07-02  5:41       ` [dpdk-dev] [PATCH v4 15/26] cryptodev: do not use AAD in wireless algorithms Pablo de Lara
@ 2017-07-02  5:41       ` Pablo de Lara
  2017-07-02  5:41       ` [dpdk-dev] [PATCH v4 17/26] cryptodev: remove digest " Pablo de Lara
                         ` (10 subsequent siblings)
  26 siblings, 0 replies; 100+ messages in thread
From: Pablo de Lara @ 2017-07-02  5:41 UTC (permalink / raw)
  To: declan.doherty, zbigniew.bodek, jerin.jacob, akhil.goyal,
	hemant.agrawal, fiona.trahe, john.griffin, deepak.k.jain
  Cc: dev, Pablo de Lara

Additional authenticated data (AAD) information was duplicated
in the authentication transform and in the crypto
operation structures.

Since AAD length is not meant to be changed in a same session,
it is removed from the crypto operation structure.

Signed-off-by: Pablo de Lara <pablo.de.lara.guarch@intel.com>
Acked-by: Akhil Goyal <akhil.goyal@nxp.com>
Acked-by: Fiona Trahe <fiona.trahe@intel.com>
---
 app/test-crypto-perf/cperf_ops.c                 |  3 ---
 doc/guides/prog_guide/cryptodev_lib.rst          |  1 -
 doc/guides/rel_notes/release_17_08.rst           |  3 +++
 drivers/crypto/aesni_gcm/aesni_gcm_pmd.c         |  6 +++--
 drivers/crypto/aesni_gcm/aesni_gcm_pmd_private.h |  2 ++
 drivers/crypto/openssl/rte_openssl_pmd.c         |  4 ++-
 drivers/crypto/openssl/rte_openssl_pmd_private.h |  3 +++
 drivers/crypto/qat/qat_adf/qat_algs_build_desc.c |  1 +
 drivers/crypto/qat/qat_crypto.c                  |  4 +--
 examples/ipsec-secgw/esp.c                       |  2 --
 examples/l2fwd-crypto/main.c                     |  4 ---
 lib/librte_cryptodev/rte_crypto_sym.h            |  6 +----
 test/test/test_cryptodev.c                       | 10 +++-----
 test/test/test_cryptodev_perf.c                  | 31 +++++++++++++-----------
 14 files changed, 39 insertions(+), 41 deletions(-)

diff --git a/app/test-crypto-perf/cperf_ops.c b/app/test-crypto-perf/cperf_ops.c
index 60d55a0..9405cef 100644
--- a/app/test-crypto-perf/cperf_ops.c
+++ b/app/test-crypto-perf/cperf_ops.c
@@ -186,7 +186,6 @@ cperf_set_ops_auth(struct rte_crypto_op **ops,
 			sym_op->auth.digest.length = options->auth_digest_sz;
 			sym_op->auth.aad.phys_addr = test_vector->aad.phys_addr;
 			sym_op->auth.aad.data = test_vector->aad.data;
-			sym_op->auth.aad.length = options->auth_aad_sz;
 
 		}
 
@@ -272,7 +271,6 @@ cperf_set_ops_cipher_auth(struct rte_crypto_op **ops,
 			sym_op->auth.digest.length = options->auth_digest_sz;
 			sym_op->auth.aad.phys_addr = test_vector->aad.phys_addr;
 			sym_op->auth.aad.data = test_vector->aad.data;
-			sym_op->auth.aad.length = options->auth_aad_sz;
 		}
 
 		if (options->auth_algo == RTE_CRYPTO_AUTH_SNOW3G_UIA2 ||
@@ -333,7 +331,6 @@ cperf_set_ops_aead(struct rte_crypto_op **ops,
 
 		sym_op->auth.aad.data = rte_pktmbuf_mtod(bufs_in[i], uint8_t *);
 		sym_op->auth.aad.phys_addr = rte_pktmbuf_mtophys(bufs_in[i]);
-		sym_op->auth.aad.length = options->auth_aad_sz;
 
 		/* authentication parameters */
 		if (options->auth_op == RTE_CRYPTO_AUTH_OP_VERIFY) {
diff --git a/doc/guides/prog_guide/cryptodev_lib.rst b/doc/guides/prog_guide/cryptodev_lib.rst
index 68890ff..ea8fc00 100644
--- a/doc/guides/prog_guide/cryptodev_lib.rst
+++ b/doc/guides/prog_guide/cryptodev_lib.rst
@@ -553,7 +553,6 @@ chain.
             struct {
                 uint8_t *data;
                 phys_addr_t phys_addr;
-                uint16_t length;
             } aad;    /**< Additional authentication parameters */
         } auth;
     }
diff --git a/doc/guides/rel_notes/release_17_08.rst b/doc/guides/rel_notes/release_17_08.rst
index eabf3dd..e633d73 100644
--- a/doc/guides/rel_notes/release_17_08.rst
+++ b/doc/guides/rel_notes/release_17_08.rst
@@ -163,6 +163,9 @@ API Changes
     ``rte_crypto_cipher_xform``.
   * Added authentication IV parameters (offset and length) in
     ``rte_crypto_auth_xform``.
+  * Removed Additional Authentication Data (AAD) length from ``rte_crypto_sym_op``.
+  * Changed field size of AAD length in ``rte_crypto_auth_xform``,
+    from uint32_t to uint16_t.
 
 
 ABI Changes
diff --git a/drivers/crypto/aesni_gcm/aesni_gcm_pmd.c b/drivers/crypto/aesni_gcm/aesni_gcm_pmd.c
index 414f22b..f6136ba 100644
--- a/drivers/crypto/aesni_gcm/aesni_gcm_pmd.c
+++ b/drivers/crypto/aesni_gcm/aesni_gcm_pmd.c
@@ -145,6 +145,8 @@ aesni_gcm_set_session_parameters(struct aesni_gcm_session *sess,
 		return -EINVAL;
 	}
 
+	sess->aad_length = auth_xform->auth.add_auth_data_length;
+
 	return 0;
 }
 
@@ -255,7 +257,7 @@ process_gcm_crypto_op(struct rte_crypto_op *op,
 		aesni_gcm_enc[session->key].init(&session->gdata,
 				iv_ptr,
 				sym_op->auth.aad.data,
-				(uint64_t)sym_op->auth.aad.length);
+				(uint64_t)session->aad_length);
 
 		aesni_gcm_enc[session->key].update(&session->gdata, dst, src,
 				(uint64_t)part_len);
@@ -293,7 +295,7 @@ process_gcm_crypto_op(struct rte_crypto_op *op,
 		aesni_gcm_dec[session->key].init(&session->gdata,
 				iv_ptr,
 				sym_op->auth.aad.data,
-				(uint64_t)sym_op->auth.aad.length);
+				(uint64_t)session->aad_length);
 
 		aesni_gcm_dec[session->key].update(&session->gdata, dst, src,
 				(uint64_t)part_len);
diff --git a/drivers/crypto/aesni_gcm/aesni_gcm_pmd_private.h b/drivers/crypto/aesni_gcm/aesni_gcm_pmd_private.h
index 2ed96f8..bfd4d1c 100644
--- a/drivers/crypto/aesni_gcm/aesni_gcm_pmd_private.h
+++ b/drivers/crypto/aesni_gcm/aesni_gcm_pmd_private.h
@@ -99,6 +99,8 @@ struct aesni_gcm_session {
 	/**< GCM operation type */
 	enum aesni_gcm_key key;
 	/**< GCM key type */
+	uint16_t aad_length;
+	/**< AAD length */
 	struct gcm_data gdata __rte_cache_aligned;
 	/**< GCM parameters */
 };
diff --git a/drivers/crypto/openssl/rte_openssl_pmd.c b/drivers/crypto/openssl/rte_openssl_pmd.c
index 970c735..9de4c68 100644
--- a/drivers/crypto/openssl/rte_openssl_pmd.c
+++ b/drivers/crypto/openssl/rte_openssl_pmd.c
@@ -370,6 +370,8 @@ openssl_set_session_auth_parameters(struct openssl_session *sess,
 		return -EINVAL;
 	}
 
+	sess->auth.aad_length = xform->auth.add_auth_data_length;
+
 	return 0;
 }
 
@@ -934,7 +936,7 @@ process_openssl_combined_op
 			sess->iv.offset);
 	ivlen = sess->iv.length;
 	aad = op->sym->auth.aad.data;
-	aadlen = op->sym->auth.aad.length;
+	aadlen = sess->auth.aad_length;
 
 	tag = op->sym->auth.digest.data;
 	if (tag == NULL)
diff --git a/drivers/crypto/openssl/rte_openssl_pmd_private.h b/drivers/crypto/openssl/rte_openssl_pmd_private.h
index 3a64853..045e532 100644
--- a/drivers/crypto/openssl/rte_openssl_pmd_private.h
+++ b/drivers/crypto/openssl/rte_openssl_pmd_private.h
@@ -162,6 +162,9 @@ struct openssl_session {
 				/**< pointer to EVP context structure */
 			} hmac;
 		};
+
+		uint16_t aad_length;
+		/**< AAD length */
 	} auth;
 
 } __rte_cache_aligned;
diff --git a/drivers/crypto/qat/qat_adf/qat_algs_build_desc.c b/drivers/crypto/qat/qat_adf/qat_algs_build_desc.c
index 5bf9c86..4df57aa 100644
--- a/drivers/crypto/qat/qat_adf/qat_algs_build_desc.c
+++ b/drivers/crypto/qat/qat_adf/qat_algs_build_desc.c
@@ -817,6 +817,7 @@ int qat_alg_aead_session_create_content_desc_auth(struct qat_session *cdesc,
 					ICP_QAT_HW_GALOIS_128_STATE1_SZ +
 					ICP_QAT_HW_GALOIS_H_SZ);
 		*aad_len = rte_bswap32(add_auth_data_length);
+		cdesc->aad_len = add_auth_data_length;
 		break;
 	case ICP_QAT_HW_AUTH_ALGO_SNOW_3G_UIA2:
 		qat_proto_flag = QAT_CRYPTO_PROTO_FLAG_SNOW3G;
diff --git a/drivers/crypto/qat/qat_crypto.c b/drivers/crypto/qat/qat_crypto.c
index 7fc8239..5969688 100644
--- a/drivers/crypto/qat/qat_crypto.c
+++ b/drivers/crypto/qat/qat_crypto.c
@@ -1175,7 +1175,7 @@ qat_write_hw_desc_entry(struct rte_crypto_op *op, uint8_t *out_msg,
 			cipher_param->cipher_length = 0;
 			cipher_param->cipher_offset = 0;
 			auth_param->u1.aad_adr = 0;
-			auth_param->auth_len = op->sym->auth.aad.length;
+			auth_param->auth_len = ctx->aad_len;
 			auth_param->auth_off = op->sym->auth.data.offset;
 			auth_param->u2.aad_sz = 0;
 		}
@@ -1202,7 +1202,7 @@ qat_write_hw_desc_entry(struct rte_crypto_op *op, uint8_t *out_msg,
 		rte_hexdump(stdout, "digest:", op->sym->auth.digest.data,
 				op->sym->auth.digest.length);
 		rte_hexdump(stdout, "aad:", op->sym->auth.aad.data,
-				op->sym->auth.aad.length);
+				ctx->aad_len);
 	}
 #endif
 	return 0;
diff --git a/examples/ipsec-secgw/esp.c b/examples/ipsec-secgw/esp.c
index 9e12782..571c2c6 100644
--- a/examples/ipsec-secgw/esp.c
+++ b/examples/ipsec-secgw/esp.c
@@ -129,7 +129,6 @@ esp_inbound(struct rte_mbuf *m, struct ipsec_sa *sa,
 		sym_cop->auth.aad.data = aad;
 		sym_cop->auth.aad.phys_addr = rte_pktmbuf_mtophys_offset(m,
 				aad - rte_pktmbuf_mtod(m, uint8_t *));
-		sym_cop->auth.aad.length = 8;
 		break;
 	default:
 		RTE_LOG(ERR, IPSEC_ESP, "unsupported auth algorithm %u\n",
@@ -358,7 +357,6 @@ esp_outbound(struct rte_mbuf *m, struct ipsec_sa *sa,
 		sym_cop->auth.aad.data = aad;
 		sym_cop->auth.aad.phys_addr = rte_pktmbuf_mtophys_offset(m,
 				aad - rte_pktmbuf_mtod(m, uint8_t *));
-		sym_cop->auth.aad.length = 8;
 		break;
 	default:
 		RTE_LOG(ERR, IPSEC_ESP, "unsupported auth algorithm %u\n",
diff --git a/examples/l2fwd-crypto/main.c b/examples/l2fwd-crypto/main.c
index ba5aef7..6fe829e 100644
--- a/examples/l2fwd-crypto/main.c
+++ b/examples/l2fwd-crypto/main.c
@@ -497,11 +497,9 @@ l2fwd_simple_crypto_enqueue(struct rte_mbuf *m,
 		if (cparams->aad.length) {
 			op->sym->auth.aad.data = cparams->aad.data;
 			op->sym->auth.aad.phys_addr = cparams->aad.phys_addr;
-			op->sym->auth.aad.length = cparams->aad.length;
 		} else {
 			op->sym->auth.aad.data = NULL;
 			op->sym->auth.aad.phys_addr = 0;
-			op->sym->auth.aad.length = 0;
 		}
 	}
 
@@ -709,8 +707,6 @@ l2fwd_main_loop(struct l2fwd_crypto_options *options)
 					options->auth_xform.auth.digest_length;
 			if (options->auth_xform.auth.add_auth_data_length) {
 				port_cparams[i].aad.data = options->aad.data;
-				port_cparams[i].aad.length =
-					options->auth_xform.auth.add_auth_data_length;
 				port_cparams[i].aad.phys_addr = options->aad.phys_addr;
 				if (!options->aad_param)
 					generate_random_key(port_cparams[i].aad.data,
diff --git a/lib/librte_cryptodev/rte_crypto_sym.h b/lib/librte_cryptodev/rte_crypto_sym.h
index 3ccb6fd..b964a56 100644
--- a/lib/librte_cryptodev/rte_crypto_sym.h
+++ b/lib/librte_cryptodev/rte_crypto_sym.h
@@ -365,7 +365,7 @@ struct rte_crypto_auth_xform {
 	 * the result shall be truncated.
 	 */
 
-	uint32_t add_auth_data_length;
+	uint16_t add_auth_data_length;
 	/**< The length of the additional authenticated data (AAD) in bytes.
 	 * The maximum permitted value is 65535 (2^16 - 1) bytes, unless
 	 * otherwise specified below.
@@ -653,10 +653,6 @@ struct rte_crypto_sym_op {
 			 * operation, this field is used to pass plaintext.
 			 */
 			phys_addr_t phys_addr;	/**< physical address */
-			uint16_t length;
-			/**< Length of additional authenticated data (AAD)
-			 * in bytes
-			 */
 		} aad;
 		/**< Additional authentication parameters */
 	} auth;
diff --git a/test/test/test_cryptodev.c b/test/test/test_cryptodev.c
index 853e3bd..7acfa24 100644
--- a/test/test/test_cryptodev.c
+++ b/test/test/test_cryptodev.c
@@ -4637,7 +4637,7 @@ test_3DES_cipheronly_openssl_all(void)
 static int
 create_gcm_session(uint8_t dev_id, enum rte_crypto_cipher_operation op,
 		const uint8_t *key, const uint8_t key_len,
-		const uint8_t aad_len, const uint8_t auth_len,
+		const uint16_t aad_len, const uint8_t auth_len,
 		uint8_t iv_len,
 		enum rte_crypto_auth_operation auth_op)
 {
@@ -4751,12 +4751,11 @@ create_gcm_operation(enum rte_crypto_cipher_operation op,
 	TEST_ASSERT_NOT_NULL(sym_op->auth.aad.data,
 			"no room to append aad");
 
-	sym_op->auth.aad.length = tdata->aad.len;
 	sym_op->auth.aad.phys_addr =
 			rte_pktmbuf_mtophys(ut_params->ibuf);
 	memcpy(sym_op->auth.aad.data, tdata->aad.data, tdata->aad.len);
 	TEST_HEXDUMP(stdout, "aad:", sym_op->auth.aad.data,
-		sym_op->auth.aad.length);
+		tdata->aad.len);
 
 	/* Append IV at the end of the crypto operation*/
 	uint8_t *iv_ptr = rte_crypto_op_ctod_offset(ut_params->op,
@@ -6315,7 +6314,6 @@ create_gmac_operation(enum rte_crypto_auth_operation op,
 	TEST_ASSERT_NOT_NULL(sym_op->auth.aad.data,
 			"no room to append aad");
 
-	sym_op->auth.aad.length = tdata->aad.len;
 	sym_op->auth.aad.phys_addr =
 			rte_pktmbuf_mtophys(ut_params->ibuf);
 	memcpy(sym_op->auth.aad.data, tdata->aad.data, tdata->aad.len);
@@ -6380,7 +6378,7 @@ static int create_gmac_session(uint8_t dev_id,
 	ut_params->auth_xform.auth.algo = RTE_CRYPTO_AUTH_AES_GMAC;
 	ut_params->auth_xform.auth.op = auth_op;
 	ut_params->auth_xform.auth.digest_length = tdata->gmac_tag.len;
-	ut_params->auth_xform.auth.add_auth_data_length = 0;
+	ut_params->auth_xform.auth.add_auth_data_length = tdata->aad.len;
 	ut_params->auth_xform.auth.key.length = 0;
 	ut_params->auth_xform.auth.key.data = NULL;
 
@@ -6860,7 +6858,6 @@ create_auth_GMAC_operation(struct crypto_testsuite_params *ts_params,
 	TEST_HEXDUMP(stdout, "AAD:", sym_op->auth.aad.data, reference->aad.len);
 
 	sym_op->auth.aad.phys_addr = rte_pktmbuf_mtophys(ut_params->ibuf);
-	sym_op->auth.aad.length = reference->aad.len;
 
 	/* digest */
 	sym_op->auth.digest.data = (uint8_t *)rte_pktmbuf_append(
@@ -7194,7 +7191,6 @@ create_gcm_operation_SGL(enum rte_crypto_cipher_operation op,
 			"no room to prepend aad");
 	sym_op->auth.aad.phys_addr = rte_pktmbuf_mtophys(
 			ut_params->ibuf);
-	sym_op->auth.aad.length = aad_len;
 
 	memset(sym_op->auth.aad.data, 0, aad_len);
 	rte_memcpy(sym_op->auth.aad.data, tdata->aad.data, aad_len);
diff --git a/test/test/test_cryptodev_perf.c b/test/test/test_cryptodev_perf.c
index 1d204fd..7239976 100644
--- a/test/test/test_cryptodev_perf.c
+++ b/test/test/test_cryptodev_perf.c
@@ -45,6 +45,7 @@
 
 #define AES_CIPHER_IV_LENGTH 16
 #define TRIPLE_DES_CIPHER_IV_LENGTH 8
+#define AES_GCM_AAD_LENGTH 16
 
 #define PERF_NUM_OPS_INFLIGHT		(128)
 #define DEFAULT_NUM_REQS_TO_SUBMIT	(10000000)
@@ -70,7 +71,6 @@ enum chain_mode {
 
 struct symmetric_op {
 	const uint8_t *aad_data;
-	uint32_t aad_len;
 
 	const uint8_t *p_data;
 	uint32_t p_len;
@@ -97,6 +97,7 @@ struct symmetric_session_attrs {
 
 	const uint8_t *iv_data;
 	uint16_t iv_len;
+	uint16_t aad_len;
 	uint32_t digest_len;
 };
 
@@ -2779,6 +2780,7 @@ test_perf_create_openssl_session(uint8_t dev_id, enum chain_mode chain,
 		break;
 	case RTE_CRYPTO_AUTH_AES_GCM:
 		auth_xform.auth.key.data = NULL;
+		auth_xform.auth.add_auth_data_length = AES_GCM_AAD_LENGTH;
 		break;
 	default:
 		return NULL;
@@ -2855,8 +2857,6 @@ test_perf_create_armv8_session(uint8_t dev_id, enum chain_mode chain,
 	}
 }
 
-#define AES_GCM_AAD_LENGTH 16
-
 static struct rte_mbuf *
 test_perf_create_pktmbuf(struct rte_mempool *mpool, unsigned buf_sz)
 {
@@ -2888,7 +2888,6 @@ test_perf_set_crypto_op_aes(struct rte_crypto_op *op, struct rte_mbuf *m,
 		op->sym->auth.digest.phys_addr = 0;
 		op->sym->auth.digest.length = 0;
 		op->sym->auth.aad.data = NULL;
-		op->sym->auth.aad.length = 0;
 		op->sym->auth.data.offset = 0;
 		op->sym->auth.data.length = 0;
 	} else {
@@ -2932,7 +2931,6 @@ test_perf_set_crypto_op_aes_gcm(struct rte_crypto_op *op, struct rte_mbuf *m,
 				rte_pktmbuf_mtophys_offset(m, data_len);
 	op->sym->auth.digest.length = digest_len;
 	op->sym->auth.aad.data = aes_gcm_aad;
-	op->sym->auth.aad.length = AES_GCM_AAD_LENGTH;
 
 	/* Copy IV at the end of the crypto operation */
 	rte_memcpy(rte_crypto_op_ctod_offset(op, uint8_t *, IV_OFFSET),
@@ -2999,9 +2997,14 @@ test_perf_set_crypto_op_snow3g_cipher(struct rte_crypto_op *op,
 	rte_memcpy(rte_crypto_op_ctod_offset(op, uint8_t *, IV_OFFSET),
 			snow3g_iv, SNOW3G_CIPHER_IV_LENGTH);
 
+	/* Cipher Parameters */
 	op->sym->cipher.data.offset = 0;
 	op->sym->cipher.data.length = data_len << 3;
 
+	rte_memcpy(rte_crypto_op_ctod_offset(op, uint8_t *, IV_OFFSET),
+			snow3g_iv,
+			SNOW3G_CIPHER_IV_LENGTH);
+
 	op->sym->m_src = m;
 
 	return op;
@@ -4137,6 +4140,7 @@ test_perf_create_session(uint8_t dev_id, struct perf_test_params *pparams)
 	auth_xform.auth.op = pparams->session_attrs->auth;
 	auth_xform.auth.algo = pparams->session_attrs->auth_algorithm;
 
+	auth_xform.auth.add_auth_data_length = pparams->session_attrs->aad_len;
 	auth_xform.auth.digest_length = pparams->session_attrs->digest_len;
 	auth_xform.auth.key.length = pparams->session_attrs->key_auth_len;
 
@@ -4172,17 +4176,16 @@ perf_gcm_set_crypto_op(struct rte_crypto_op *op, struct rte_mbuf *m,
 	op->sym->auth.digest.data = m_hlp->digest;
 	op->sym->auth.digest.phys_addr = rte_pktmbuf_mtophys_offset(
 					  m,
-					  params->symmetric_op->aad_len +
+					  params->session_attrs->aad_len +
 					  params->symmetric_op->p_len);
 
 	op->sym->auth.digest.length = params->symmetric_op->t_len;
 
 	op->sym->auth.aad.data = m_hlp->aad;
-	op->sym->auth.aad.length = params->symmetric_op->aad_len;
 	op->sym->auth.aad.phys_addr = rte_pktmbuf_mtophys(m);
 
 	rte_memcpy(op->sym->auth.aad.data, params->symmetric_op->aad_data,
-		       params->symmetric_op->aad_len);
+		       params->session_attrs->aad_len);
 
 	rte_memcpy(iv_ptr, params->session_attrs->iv_data,
 		       params->session_attrs->iv_len);
@@ -4190,11 +4193,11 @@ perf_gcm_set_crypto_op(struct rte_crypto_op *op, struct rte_mbuf *m,
 		iv_ptr[15] = 1;
 
 	op->sym->auth.data.offset =
-			params->symmetric_op->aad_len;
+			params->session_attrs->aad_len;
 	op->sym->auth.data.length = params->symmetric_op->p_len;
 
 	op->sym->cipher.data.offset =
-			params->symmetric_op->aad_len;
+			params->session_attrs->aad_len;
 	op->sym->cipher.data.length = params->symmetric_op->p_len;
 
 	op->sym->m_src = m;
@@ -4208,7 +4211,7 @@ test_perf_create_pktmbuf_fill(struct rte_mempool *mpool,
 		unsigned buf_sz, struct crypto_params *m_hlp)
 {
 	struct rte_mbuf *m = rte_pktmbuf_alloc(mpool);
-	uint16_t aad_len = params->symmetric_op->aad_len;
+	uint16_t aad_len = params->session_attrs->aad_len;
 	uint16_t digest_size = params->symmetric_op->t_len;
 	char *p;
 
@@ -4344,14 +4347,14 @@ perf_AES_GCM(uint8_t dev_id, uint16_t queue_id,
 				TEST_ASSERT_BUFFERS_ARE_EQUAL(
 					pparams->symmetric_op->c_data,
 					pkt +
-					pparams->symmetric_op->aad_len,
+					pparams->session_attrs->aad_len,
 					pparams->symmetric_op->c_len,
 					"GCM Ciphertext data not as expected");
 
 				TEST_ASSERT_BUFFERS_ARE_EQUAL(
 					pparams->symmetric_op->t_data,
 					pkt +
-					pparams->symmetric_op->aad_len +
+					pparams->session_attrs->aad_len +
 					pparams->symmetric_op->c_len,
 					pparams->symmetric_op->t_len,
 					"GCM MAC data not as expected");
@@ -4423,13 +4426,13 @@ test_perf_AES_GCM(int continual_buf_len, int continual_size)
 			RTE_CRYPTO_AUTH_OP_GENERATE;
 		session_attrs[i].key_auth_data = NULL;
 		session_attrs[i].key_auth_len = 0;
+		session_attrs[i].aad_len = gcm_test->aad.len;
 		session_attrs[i].digest_len =
 				gcm_test->auth_tag.len;
 		session_attrs[i].iv_len = gcm_test->iv.len;
 		session_attrs[i].iv_data = gcm_test->iv.data;
 
 		ops_set[i].aad_data = gcm_test->aad.data;
-		ops_set[i].aad_len = gcm_test->aad.len;
 		ops_set[i].p_data = gcm_test->plaintext.data;
 		ops_set[i].p_len = buf_lengths[i];
 		ops_set[i].c_data = gcm_test->ciphertext.data;
-- 
2.9.4

^ permalink raw reply	[flat|nested] 100+ messages in thread

* [dpdk-dev] [PATCH v4 17/26] cryptodev: remove digest length from crypto op
  2017-07-02  5:41     ` [dpdk-dev] [PATCH v4 " Pablo de Lara
                         ` (15 preceding siblings ...)
  2017-07-02  5:41       ` [dpdk-dev] [PATCH v4 16/26] cryptodev: remove AAD length from crypto op Pablo de Lara
@ 2017-07-02  5:41       ` Pablo de Lara
  2017-07-02  5:41       ` [dpdk-dev] [PATCH v4 18/26] cryptodev: set AES-GMAC as auth-only algo Pablo de Lara
                         ` (9 subsequent siblings)
  26 siblings, 0 replies; 100+ messages in thread
From: Pablo de Lara @ 2017-07-02  5:41 UTC (permalink / raw)
  To: declan.doherty, zbigniew.bodek, jerin.jacob, akhil.goyal,
	hemant.agrawal, fiona.trahe, john.griffin, deepak.k.jain
  Cc: dev, Pablo de Lara

Digest length was duplicated in the authentication transform
and the crypto operation structures.

Since digest length is not expected to change in a same
session, it is removed from the crypto operation.

Also, the length has been shrunk to 16 bits,
which should be sufficient for any digest.

Signed-off-by: Pablo de Lara <pablo.de.lara.guarch@intel.com>
Acked-by: Akhil Goyal <akhil.goyal@nxp.com>
Acked-by: Fiona Trahe <fiona.trahe@intel.com>
---
 app/test-crypto-perf/cperf_ops.c                 |  7 ---
 doc/guides/prog_guide/cryptodev_lib.rst          |  1 -
 doc/guides/rel_notes/release_17_08.rst           |  3 ++
 drivers/crypto/aesni_gcm/aesni_gcm_pmd.c         | 34 +++++++-------
 drivers/crypto/aesni_gcm/aesni_gcm_pmd_private.h |  2 +
 drivers/crypto/armv8/rte_armv8_pmd.c             |  9 ++--
 drivers/crypto/armv8/rte_armv8_pmd_private.h     |  2 +
 drivers/crypto/dpaa2_sec/dpaa2_sec_dpseci.c      | 34 +++++++-------
 drivers/crypto/dpaa2_sec/dpaa2_sec_priv.h        |  1 +
 drivers/crypto/kasumi/rte_kasumi_pmd.c           | 18 ++++----
 drivers/crypto/openssl/rte_openssl_pmd.c         |  7 +--
 drivers/crypto/openssl/rte_openssl_pmd_private.h |  2 +
 drivers/crypto/qat/qat_adf/qat_algs.h            |  1 +
 drivers/crypto/qat/qat_crypto.c                  |  3 +-
 drivers/crypto/snow3g/rte_snow3g_pmd.c           | 18 ++++----
 drivers/crypto/zuc/rte_zuc_pmd.c                 | 18 ++++----
 examples/ipsec-secgw/esp.c                       |  2 -
 examples/l2fwd-crypto/main.c                     |  1 -
 lib/librte_cryptodev/rte_crypto_sym.h            |  6 +--
 test/test/test_cryptodev.c                       | 34 +++++---------
 test/test/test_cryptodev_blockcipher.c           |  5 +--
 test/test/test_cryptodev_perf.c                  | 56 ++++++++----------------
 22 files changed, 119 insertions(+), 145 deletions(-)

diff --git a/app/test-crypto-perf/cperf_ops.c b/app/test-crypto-perf/cperf_ops.c
index 9405cef..401f85e 100644
--- a/app/test-crypto-perf/cperf_ops.c
+++ b/app/test-crypto-perf/cperf_ops.c
@@ -161,7 +161,6 @@ cperf_set_ops_auth(struct rte_crypto_op **ops,
 			sym_op->auth.digest.data = test_vector->digest.data;
 			sym_op->auth.digest.phys_addr =
 					test_vector->digest.phys_addr;
-			sym_op->auth.digest.length = options->auth_digest_sz;
 		} else {
 
 			uint32_t offset = options->test_buffer_size;
@@ -183,7 +182,6 @@ cperf_set_ops_auth(struct rte_crypto_op **ops,
 					uint8_t *, offset);
 			sym_op->auth.digest.phys_addr =
 					rte_pktmbuf_mtophys_offset(buf,	offset);
-			sym_op->auth.digest.length = options->auth_digest_sz;
 			sym_op->auth.aad.phys_addr = test_vector->aad.phys_addr;
 			sym_op->auth.aad.data = test_vector->aad.data;
 
@@ -246,7 +244,6 @@ cperf_set_ops_cipher_auth(struct rte_crypto_op **ops,
 			sym_op->auth.digest.data = test_vector->digest.data;
 			sym_op->auth.digest.phys_addr =
 					test_vector->digest.phys_addr;
-			sym_op->auth.digest.length = options->auth_digest_sz;
 		} else {
 
 			uint32_t offset = options->test_buffer_size;
@@ -268,7 +265,6 @@ cperf_set_ops_cipher_auth(struct rte_crypto_op **ops,
 					uint8_t *, offset);
 			sym_op->auth.digest.phys_addr =
 					rte_pktmbuf_mtophys_offset(buf,	offset);
-			sym_op->auth.digest.length = options->auth_digest_sz;
 			sym_op->auth.aad.phys_addr = test_vector->aad.phys_addr;
 			sym_op->auth.aad.data = test_vector->aad.data;
 		}
@@ -337,7 +333,6 @@ cperf_set_ops_aead(struct rte_crypto_op **ops,
 			sym_op->auth.digest.data = test_vector->digest.data;
 			sym_op->auth.digest.phys_addr =
 					test_vector->digest.phys_addr;
-			sym_op->auth.digest.length = options->auth_digest_sz;
 		} else {
 
 			uint32_t offset = sym_op->cipher.data.length +
@@ -360,8 +355,6 @@ cperf_set_ops_aead(struct rte_crypto_op **ops,
 					uint8_t *, offset);
 			sym_op->auth.digest.phys_addr =
 					rte_pktmbuf_mtophys_offset(buf,	offset);
-
-			sym_op->auth.digest.length = options->auth_digest_sz;
 		}
 
 		sym_op->auth.data.length = options->test_buffer_size;
diff --git a/doc/guides/prog_guide/cryptodev_lib.rst b/doc/guides/prog_guide/cryptodev_lib.rst
index ea8fc00..e036611 100644
--- a/doc/guides/prog_guide/cryptodev_lib.rst
+++ b/doc/guides/prog_guide/cryptodev_lib.rst
@@ -547,7 +547,6 @@ chain.
             struct {
                 uint8_t *data;
                 phys_addr_t phys_addr;
-                uint16_t length;
             } digest; /**< Digest parameters */
 
             struct {
diff --git a/doc/guides/rel_notes/release_17_08.rst b/doc/guides/rel_notes/release_17_08.rst
index e633d73..a544639 100644
--- a/doc/guides/rel_notes/release_17_08.rst
+++ b/doc/guides/rel_notes/release_17_08.rst
@@ -166,6 +166,9 @@ API Changes
   * Removed Additional Authentication Data (AAD) length from ``rte_crypto_sym_op``.
   * Changed field size of AAD length in ``rte_crypto_auth_xform``,
     from uint32_t to uint16_t.
+  * Removed digest length from ``rte_crypto_sym_op``.
+  * Changed field size of digest length in ``rte_crypto_auth_xform``,
+    from uint32_t to uint16_t.
 
 
 ABI Changes
diff --git a/drivers/crypto/aesni_gcm/aesni_gcm_pmd.c b/drivers/crypto/aesni_gcm/aesni_gcm_pmd.c
index f6136ba..fcf0f8b 100644
--- a/drivers/crypto/aesni_gcm/aesni_gcm_pmd.c
+++ b/drivers/crypto/aesni_gcm/aesni_gcm_pmd.c
@@ -78,6 +78,7 @@ aesni_gcm_set_session_parameters(struct aesni_gcm_session *sess,
 {
 	const struct rte_crypto_sym_xform *auth_xform;
 	const struct rte_crypto_sym_xform *cipher_xform;
+	uint16_t digest_length;
 
 	if (xform->next == NULL || xform->next->next != NULL) {
 		GCM_LOG_ERR("Two and only two chained xform required");
@@ -128,6 +129,8 @@ aesni_gcm_set_session_parameters(struct aesni_gcm_session *sess,
 		return -EINVAL;
 	}
 
+	digest_length = auth_xform->auth.digest_length;
+
 	/* Check key length and calculate GCM pre-compute. */
 	switch (cipher_xform->cipher.key.length) {
 	case 16:
@@ -146,6 +149,14 @@ aesni_gcm_set_session_parameters(struct aesni_gcm_session *sess,
 	}
 
 	sess->aad_length = auth_xform->auth.add_auth_data_length;
+	/* Digest check */
+	if (digest_length != 16 &&
+			digest_length != 12 &&
+			digest_length != 8) {
+		GCM_LOG_ERR("digest");
+		return -EINVAL;
+	}
+	sess->digest_length = digest_length;
 
 	return 0;
 }
@@ -245,13 +256,6 @@ process_gcm_crypto_op(struct rte_crypto_op *op,
 		*iv_padd = rte_bswap32(1);
 	}
 
-	if (sym_op->auth.digest.length != 16 &&
-			sym_op->auth.digest.length != 12 &&
-			sym_op->auth.digest.length != 8) {
-		GCM_LOG_ERR("digest");
-		return -1;
-	}
-
 	if (session->op == AESNI_GCM_OP_AUTHENTICATED_ENCRYPTION) {
 
 		aesni_gcm_enc[session->key].init(&session->gdata,
@@ -281,11 +285,11 @@ process_gcm_crypto_op(struct rte_crypto_op *op,
 
 		aesni_gcm_enc[session->key].finalize(&session->gdata,
 				sym_op->auth.digest.data,
-				(uint64_t)sym_op->auth.digest.length);
+				(uint64_t)session->digest_length);
 	} else { /* session->op == AESNI_GCM_OP_AUTHENTICATED_DECRYPTION */
 		uint8_t *auth_tag = (uint8_t *)rte_pktmbuf_append(sym_op->m_dst ?
 				sym_op->m_dst : sym_op->m_src,
-				sym_op->auth.digest.length);
+				session->digest_length);
 
 		if (!auth_tag) {
 			GCM_LOG_ERR("auth_tag");
@@ -319,7 +323,7 @@ process_gcm_crypto_op(struct rte_crypto_op *op,
 
 		aesni_gcm_dec[session->key].finalize(&session->gdata,
 				auth_tag,
-				(uint64_t)sym_op->auth.digest.length);
+				(uint64_t)session->digest_length);
 	}
 
 	return 0;
@@ -349,21 +353,21 @@ post_process_gcm_crypto_op(struct rte_crypto_op *op)
 	if (session->op == AESNI_GCM_OP_AUTHENTICATED_DECRYPTION) {
 
 		uint8_t *tag = rte_pktmbuf_mtod_offset(m, uint8_t *,
-				m->data_len - op->sym->auth.digest.length);
+				m->data_len - session->digest_length);
 
 #ifdef RTE_LIBRTE_PMD_AESNI_GCM_DEBUG
 		rte_hexdump(stdout, "auth tag (orig):",
-				op->sym->auth.digest.data, op->sym->auth.digest.length);
+				op->sym->auth.digest.data, session->digest_length);
 		rte_hexdump(stdout, "auth tag (calc):",
-				tag, op->sym->auth.digest.length);
+				tag, session->digest_length);
 #endif
 
 		if (memcmp(tag, op->sym->auth.digest.data,
-				op->sym->auth.digest.length) != 0)
+				session->digest_length) != 0)
 			op->status = RTE_CRYPTO_OP_STATUS_AUTH_FAILED;
 
 		/* trim area used for digest from mbuf */
-		rte_pktmbuf_trim(m, op->sym->auth.digest.length);
+		rte_pktmbuf_trim(m, session->digest_length);
 	}
 }
 
diff --git a/drivers/crypto/aesni_gcm/aesni_gcm_pmd_private.h b/drivers/crypto/aesni_gcm/aesni_gcm_pmd_private.h
index bfd4d1c..05fabe6 100644
--- a/drivers/crypto/aesni_gcm/aesni_gcm_pmd_private.h
+++ b/drivers/crypto/aesni_gcm/aesni_gcm_pmd_private.h
@@ -95,6 +95,8 @@ struct aesni_gcm_session {
 		uint16_t offset;
 	} iv;
 	/**< IV parameters */
+	uint16_t digest_length;
+	/**< Digest length */
 	enum aesni_gcm_operation op;
 	/**< GCM operation type */
 	enum aesni_gcm_key key;
diff --git a/drivers/crypto/armv8/rte_armv8_pmd.c b/drivers/crypto/armv8/rte_armv8_pmd.c
index dac4fc3..4a23ff1 100644
--- a/drivers/crypto/armv8/rte_armv8_pmd.c
+++ b/drivers/crypto/armv8/rte_armv8_pmd.c
@@ -452,6 +452,9 @@ armv8_crypto_set_session_chained_parameters(struct armv8_crypto_session *sess,
 		return -EINVAL;
 	}
 
+	/* Set the digest length */
+	sess->auth.digest_length = auth_xform->auth.digest_length;
+
 	/* Verify supported key lengths and extract proper algorithm */
 	switch (cipher_xform->cipher.key.length << 3) {
 	case 128:
@@ -649,7 +652,7 @@ process_armv8_chained_op
 		}
 	} else {
 		adst = (uint8_t *)rte_pktmbuf_append(m_asrc,
-				op->sym->auth.digest.length);
+				sess->auth.digest_length);
 	}
 
 	arg.cipher.iv = rte_crypto_op_ctod_offset(op, uint8_t *,
@@ -667,12 +670,12 @@ process_armv8_chained_op
 	op->status = RTE_CRYPTO_OP_STATUS_SUCCESS;
 	if (sess->auth.operation == RTE_CRYPTO_AUTH_OP_VERIFY) {
 		if (memcmp(adst, op->sym->auth.digest.data,
-				op->sym->auth.digest.length) != 0) {
+				sess->auth.digest_length) != 0) {
 			op->status = RTE_CRYPTO_OP_STATUS_AUTH_FAILED;
 		}
 		/* Trim area used for digest from mbuf. */
 		rte_pktmbuf_trim(m_asrc,
-				op->sym->auth.digest.length);
+				sess->auth.digest_length);
 	}
 }
 
diff --git a/drivers/crypto/armv8/rte_armv8_pmd_private.h b/drivers/crypto/armv8/rte_armv8_pmd_private.h
index 75bde9f..09d32f2 100644
--- a/drivers/crypto/armv8/rte_armv8_pmd_private.h
+++ b/drivers/crypto/armv8/rte_armv8_pmd_private.h
@@ -199,6 +199,8 @@ struct armv8_crypto_session {
 				/**< HMAC key (max supported length)*/
 			} hmac;
 		};
+		uint16_t digest_length;
+		/* Digest length */
 	} auth;
 
 } __rte_cache_aligned;
diff --git a/drivers/crypto/dpaa2_sec/dpaa2_sec_dpseci.c b/drivers/crypto/dpaa2_sec/dpaa2_sec_dpseci.c
index 3930794..8ee6ece 100644
--- a/drivers/crypto/dpaa2_sec/dpaa2_sec_dpseci.c
+++ b/drivers/crypto/dpaa2_sec/dpaa2_sec_dpseci.c
@@ -84,7 +84,7 @@ build_authenc_fd(dpaa2_sec_session *sess,
 	struct sec_flow_context *flc;
 	uint32_t auth_only_len = sym_op->auth.data.length -
 				sym_op->cipher.data.length;
-	int icv_len = sym_op->auth.digest.length;
+	int icv_len = sess->digest_length;
 	uint8_t *old_icv;
 	uint32_t mem_len = (7 * sizeof(struct qbman_fle)) + icv_len;
 	uint8_t *iv_ptr = rte_crypto_op_ctod_offset(op, uint8_t *,
@@ -135,7 +135,7 @@ build_authenc_fd(dpaa2_sec_session *sess,
 		   "cipher_off: 0x%x/length %d, iv-len=%d data_off: 0x%x\n",
 		   sym_op->auth.data.offset,
 		   sym_op->auth.data.length,
-		   sym_op->auth.digest.length,
+		   sess->digest_length,
 		   sym_op->cipher.data.offset,
 		   sym_op->cipher.data.length,
 		   sess->iv.length,
@@ -161,7 +161,7 @@ build_authenc_fd(dpaa2_sec_session *sess,
 		sge++;
 		DPAA2_SET_FLE_ADDR(sge,
 				DPAA2_VADDR_TO_IOVA(sym_op->auth.digest.data));
-		sge->length = sym_op->auth.digest.length;
+		sge->length = sess->digest_length;
 		DPAA2_SET_FD_LEN(fd, (sym_op->auth.data.length +
 					sess->iv.length));
 	}
@@ -177,7 +177,7 @@ build_authenc_fd(dpaa2_sec_session *sess,
 	fle->length = (sess->dir == DIR_ENC) ?
 			(sym_op->auth.data.length + sess->iv.length) :
 			(sym_op->auth.data.length + sess->iv.length +
-			 sym_op->auth.digest.length);
+			 sess->digest_length);
 
 	/* Configure Input SGE for Encap/Decap */
 	DPAA2_SET_FLE_ADDR(sge, DPAA2_VADDR_TO_IOVA(iv_ptr));
@@ -192,12 +192,12 @@ build_authenc_fd(dpaa2_sec_session *sess,
 		sge++;
 		old_icv = (uint8_t *)(sge + 1);
 		memcpy(old_icv,	sym_op->auth.digest.data,
-		       sym_op->auth.digest.length);
-		memset(sym_op->auth.digest.data, 0, sym_op->auth.digest.length);
+		       sess->digest_length);
+		memset(sym_op->auth.digest.data, 0, sess->digest_length);
 		DPAA2_SET_FLE_ADDR(sge, DPAA2_VADDR_TO_IOVA(old_icv));
-		sge->length = sym_op->auth.digest.length;
+		sge->length = sess->digest_length;
 		DPAA2_SET_FD_LEN(fd, (sym_op->auth.data.length +
-				 sym_op->auth.digest.length +
+				 sess->digest_length +
 				 sess->iv.length));
 	}
 	DPAA2_SET_FLE_FIN(sge);
@@ -217,7 +217,7 @@ build_auth_fd(dpaa2_sec_session *sess, struct rte_crypto_op *op,
 	uint32_t mem_len = (sess->dir == DIR_ENC) ?
 			   (3 * sizeof(struct qbman_fle)) :
 			   (5 * sizeof(struct qbman_fle) +
-			    sym_op->auth.digest.length);
+			    sess->digest_length);
 	struct sec_flow_context *flc;
 	struct ctxt_priv *priv = sess->ctxt;
 	uint8_t *old_digest;
@@ -251,7 +251,7 @@ build_auth_fd(dpaa2_sec_session *sess, struct rte_crypto_op *op,
 	DPAA2_SET_FD_FLC(fd, DPAA2_VADDR_TO_IOVA(flc));
 
 	DPAA2_SET_FLE_ADDR(fle, DPAA2_VADDR_TO_IOVA(sym_op->auth.digest.data));
-	fle->length = sym_op->auth.digest.length;
+	fle->length = sess->digest_length;
 
 	DPAA2_SET_FD_ADDR(fd, DPAA2_VADDR_TO_IOVA(fle));
 	DPAA2_SET_FD_COMPOUND_FMT(fd);
@@ -282,17 +282,17 @@ build_auth_fd(dpaa2_sec_session *sess, struct rte_crypto_op *op,
 				     sym_op->m_src->data_off);
 
 		DPAA2_SET_FD_LEN(fd, sym_op->auth.data.length +
-				 sym_op->auth.digest.length);
+				 sess->digest_length);
 		sge->length = sym_op->auth.data.length;
 		sge++;
 		old_digest = (uint8_t *)(sge + 1);
 		rte_memcpy(old_digest, sym_op->auth.digest.data,
-			   sym_op->auth.digest.length);
-		memset(sym_op->auth.digest.data, 0, sym_op->auth.digest.length);
+			   sess->digest_length);
+		memset(sym_op->auth.digest.data, 0, sess->digest_length);
 		DPAA2_SET_FLE_ADDR(sge, DPAA2_VADDR_TO_IOVA(old_digest));
-		sge->length = sym_op->auth.digest.length;
+		sge->length = sess->digest_length;
 		fle->length = sym_op->auth.data.length +
-				sym_op->auth.digest.length;
+				sess->digest_length;
 		DPAA2_SET_FLE_FIN(sge);
 	}
 	DPAA2_SET_FLE_FIN(fle);
@@ -912,6 +912,8 @@ dpaa2_sec_auth_init(struct rte_cryptodev *dev,
 	authdata.key_enc_flags = 0;
 	authdata.key_type = RTA_DATA_IMM;
 
+	session->digest_length = xform->auth.digest_length;
+
 	switch (xform->auth.algo) {
 	case RTE_CRYPTO_AUTH_SHA1_HMAC:
 		authdata.algtype = OP_ALG_ALGSEL_SHA1;
@@ -1064,6 +1066,8 @@ dpaa2_sec_aead_init(struct rte_cryptodev *dev,
 	authdata.key_enc_flags = 0;
 	authdata.key_type = RTA_DATA_IMM;
 
+	session->digest_length = auth_xform->digest_length;
+
 	switch (auth_xform->algo) {
 	case RTE_CRYPTO_AUTH_SHA1_HMAC:
 		authdata.algtype = OP_ALG_ALGSEL_SHA1;
diff --git a/drivers/crypto/dpaa2_sec/dpaa2_sec_priv.h b/drivers/crypto/dpaa2_sec/dpaa2_sec_priv.h
index ff3be70..eda2eec 100644
--- a/drivers/crypto/dpaa2_sec/dpaa2_sec_priv.h
+++ b/drivers/crypto/dpaa2_sec/dpaa2_sec_priv.h
@@ -191,6 +191,7 @@ typedef struct dpaa2_sec_session_entry {
 		uint16_t length; /**< IV length in bytes */
 		uint16_t offset; /**< IV offset in bytes */
 	} iv;
+	uint16_t digest_length;
 	uint8_t status;
 	union {
 		struct dpaa2_sec_cipher_ctxt cipher_ctxt;
diff --git a/drivers/crypto/kasumi/rte_kasumi_pmd.c b/drivers/crypto/kasumi/rte_kasumi_pmd.c
index 3a3ffa4..6ece58c 100644
--- a/drivers/crypto/kasumi/rte_kasumi_pmd.c
+++ b/drivers/crypto/kasumi/rte_kasumi_pmd.c
@@ -132,6 +132,12 @@ kasumi_set_session_parameters(struct kasumi_session *sess,
 		/* Only KASUMI F9 supported */
 		if (auth_xform->auth.algo != RTE_CRYPTO_AUTH_KASUMI_F9)
 			return -EINVAL;
+
+		if (auth_xform->auth.digest_length != KASUMI_DIGEST_LENGTH) {
+			KASUMI_LOG_ERR("Wrong digest length");
+			return -EINVAL;
+		}
+
 		sess->auth_op = auth_xform->auth.op;
 
 		sess->auth_iv_offset = auth_xform->auth.iv.offset;
@@ -261,12 +267,6 @@ process_kasumi_hash_op(struct rte_crypto_op **ops,
 	uint8_t direction;
 
 	for (i = 0; i < num_ops; i++) {
-		if (unlikely(ops[i]->sym->auth.digest.length != KASUMI_DIGEST_LENGTH)) {
-			ops[i]->status = RTE_CRYPTO_OP_STATUS_INVALID_ARGS;
-			KASUMI_LOG_ERR("digest");
-			break;
-		}
-
 		/* Data must be byte aligned */
 		if ((ops[i]->sym->auth.data.offset % BYTE_LEN) != 0) {
 			ops[i]->status = RTE_CRYPTO_OP_STATUS_INVALID_ARGS;
@@ -288,19 +288,19 @@ process_kasumi_hash_op(struct rte_crypto_op **ops,
 
 		if (session->auth_op == RTE_CRYPTO_AUTH_OP_VERIFY) {
 			dst = (uint8_t *)rte_pktmbuf_append(ops[i]->sym->m_src,
-					ops[i]->sym->auth.digest.length);
+					KASUMI_DIGEST_LENGTH);
 
 			sso_kasumi_f9_1_buffer_user(&session->pKeySched_hash,
 					iv, src,
 					length_in_bits,	dst, direction);
 			/* Verify digest. */
 			if (memcmp(dst, ops[i]->sym->auth.digest.data,
-					ops[i]->sym->auth.digest.length) != 0)
+					KASUMI_DIGEST_LENGTH) != 0)
 				ops[i]->status = RTE_CRYPTO_OP_STATUS_AUTH_FAILED;
 
 			/* Trim area used for digest from mbuf. */
 			rte_pktmbuf_trim(ops[i]->sym->m_src,
-					ops[i]->sym->auth.digest.length);
+					KASUMI_DIGEST_LENGTH);
 		} else  {
 			dst = ops[i]->sym->auth.digest.data;
 
diff --git a/drivers/crypto/openssl/rte_openssl_pmd.c b/drivers/crypto/openssl/rte_openssl_pmd.c
index 9de4c68..46b1dd8 100644
--- a/drivers/crypto/openssl/rte_openssl_pmd.c
+++ b/drivers/crypto/openssl/rte_openssl_pmd.c
@@ -371,6 +371,7 @@ openssl_set_session_auth_parameters(struct openssl_session *sess,
 	}
 
 	sess->auth.aad_length = xform->auth.add_auth_data_length;
+	sess->auth.digest_length = xform->auth.digest_length;
 
 	return 0;
 }
@@ -1130,7 +1131,7 @@ process_openssl_auth_op
 
 	if (sess->auth.operation == RTE_CRYPTO_AUTH_OP_VERIFY)
 		dst = (uint8_t *)rte_pktmbuf_append(mbuf_src,
-				op->sym->auth.digest.length);
+				sess->auth.digest_length);
 	else {
 		dst = op->sym->auth.digest.data;
 		if (dst == NULL)
@@ -1158,11 +1159,11 @@ process_openssl_auth_op
 
 	if (sess->auth.operation == RTE_CRYPTO_AUTH_OP_VERIFY) {
 		if (memcmp(dst, op->sym->auth.digest.data,
-				op->sym->auth.digest.length) != 0) {
+				sess->auth.digest_length) != 0) {
 			op->status = RTE_CRYPTO_OP_STATUS_AUTH_FAILED;
 		}
 		/* Trim area used for digest from mbuf. */
-		rte_pktmbuf_trim(mbuf_src, op->sym->auth.digest.length);
+		rte_pktmbuf_trim(mbuf_src, sess->auth.digest_length);
 	}
 
 	if (status != 0)
diff --git a/drivers/crypto/openssl/rte_openssl_pmd_private.h b/drivers/crypto/openssl/rte_openssl_pmd_private.h
index 045e532..4c9be05 100644
--- a/drivers/crypto/openssl/rte_openssl_pmd_private.h
+++ b/drivers/crypto/openssl/rte_openssl_pmd_private.h
@@ -165,6 +165,8 @@ struct openssl_session {
 
 		uint16_t aad_length;
 		/**< AAD length */
+		uint16_t digest_length;
+		/**< digest length */
 	} auth;
 
 } __rte_cache_aligned;
diff --git a/drivers/crypto/qat/qat_adf/qat_algs.h b/drivers/crypto/qat/qat_adf/qat_algs.h
index f70c6cb..b13d90b 100644
--- a/drivers/crypto/qat/qat_adf/qat_algs.h
+++ b/drivers/crypto/qat/qat_adf/qat_algs.h
@@ -135,6 +135,7 @@ struct qat_session {
 		uint16_t offset;
 		uint16_t length;
 	} auth_iv;
+	uint16_t digest_length;
 	rte_spinlock_t lock;	/* protects this struct */
 };
 
diff --git a/drivers/crypto/qat/qat_crypto.c b/drivers/crypto/qat/qat_crypto.c
index 5969688..3a43faa 100644
--- a/drivers/crypto/qat/qat_crypto.c
+++ b/drivers/crypto/qat/qat_crypto.c
@@ -606,6 +606,7 @@ qat_crypto_sym_configure_session_auth(struct rte_cryptodev *dev,
 				auth_xform->op))
 			goto error_out;
 	}
+	session->digest_length = auth_xform->digest_length;
 	return session;
 
 error_out:
@@ -1200,7 +1201,7 @@ qat_write_hw_desc_entry(struct rte_crypto_op *op, uint8_t *out_msg,
 						ctx->auth_iv.length);
 		}
 		rte_hexdump(stdout, "digest:", op->sym->auth.digest.data,
-				op->sym->auth.digest.length);
+				ctx->digest_length);
 		rte_hexdump(stdout, "aad:", op->sym->auth.aad.data,
 				ctx->aad_len);
 	}
diff --git a/drivers/crypto/snow3g/rte_snow3g_pmd.c b/drivers/crypto/snow3g/rte_snow3g_pmd.c
index afb5e92..fbdccd1 100644
--- a/drivers/crypto/snow3g/rte_snow3g_pmd.c
+++ b/drivers/crypto/snow3g/rte_snow3g_pmd.c
@@ -132,6 +132,12 @@ snow3g_set_session_parameters(struct snow3g_session *sess,
 		/* Only SNOW 3G UIA2 supported */
 		if (auth_xform->auth.algo != RTE_CRYPTO_AUTH_SNOW3G_UIA2)
 			return -EINVAL;
+
+		if (auth_xform->auth.digest_length != SNOW3G_DIGEST_LENGTH) {
+			SNOW3G_LOG_ERR("Wrong digest length");
+			return -EINVAL;
+		}
+
 		sess->auth_op = auth_xform->auth.op;
 
 		if (auth_xform->auth.iv.length != SNOW3G_IV_LENGTH) {
@@ -252,12 +258,6 @@ process_snow3g_hash_op(struct rte_crypto_op **ops,
 	uint8_t *iv;
 
 	for (i = 0; i < num_ops; i++) {
-		if (unlikely(ops[i]->sym->auth.digest.length != SNOW3G_DIGEST_LENGTH)) {
-			ops[i]->status = RTE_CRYPTO_OP_STATUS_INVALID_ARGS;
-			SNOW3G_LOG_ERR("digest");
-			break;
-		}
-
 		/* Data must be byte aligned */
 		if ((ops[i]->sym->auth.data.offset % BYTE_LEN) != 0) {
 			ops[i]->status = RTE_CRYPTO_OP_STATUS_INVALID_ARGS;
@@ -274,19 +274,19 @@ process_snow3g_hash_op(struct rte_crypto_op **ops,
 
 		if (session->auth_op == RTE_CRYPTO_AUTH_OP_VERIFY) {
 			dst = (uint8_t *)rte_pktmbuf_append(ops[i]->sym->m_src,
-					ops[i]->sym->auth.digest.length);
+					SNOW3G_DIGEST_LENGTH);
 
 			sso_snow3g_f9_1_buffer(&session->pKeySched_hash,
 					iv, src,
 					length_in_bits,	dst);
 			/* Verify digest. */
 			if (memcmp(dst, ops[i]->sym->auth.digest.data,
-					ops[i]->sym->auth.digest.length) != 0)
+					SNOW3G_DIGEST_LENGTH) != 0)
 				ops[i]->status = RTE_CRYPTO_OP_STATUS_AUTH_FAILED;
 
 			/* Trim area used for digest from mbuf. */
 			rte_pktmbuf_trim(ops[i]->sym->m_src,
-					ops[i]->sym->auth.digest.length);
+					SNOW3G_DIGEST_LENGTH);
 		} else  {
 			dst = ops[i]->sym->auth.digest.data;
 
diff --git a/drivers/crypto/zuc/rte_zuc_pmd.c b/drivers/crypto/zuc/rte_zuc_pmd.c
index c79ea6e..80ddd5a 100644
--- a/drivers/crypto/zuc/rte_zuc_pmd.c
+++ b/drivers/crypto/zuc/rte_zuc_pmd.c
@@ -131,6 +131,12 @@ zuc_set_session_parameters(struct zuc_session *sess,
 		/* Only ZUC EIA3 supported */
 		if (auth_xform->auth.algo != RTE_CRYPTO_AUTH_ZUC_EIA3)
 			return -EINVAL;
+
+		if (auth_xform->auth.digest_length != ZUC_DIGEST_LENGTH) {
+			ZUC_LOG_ERR("Wrong digest length");
+			return -EINVAL;
+		}
+
 		sess->auth_op = auth_xform->auth.op;
 
 		if (auth_xform->auth.iv.length != ZUC_IV_KEY_LENGTH) {
@@ -249,12 +255,6 @@ process_zuc_hash_op(struct rte_crypto_op **ops,
 	uint8_t *iv;
 
 	for (i = 0; i < num_ops; i++) {
-		if (unlikely(ops[i]->sym->auth.digest.length != ZUC_DIGEST_LENGTH)) {
-			ops[i]->status = RTE_CRYPTO_OP_STATUS_INVALID_ARGS;
-			ZUC_LOG_ERR("digest");
-			break;
-		}
-
 		/* Data must be byte aligned */
 		if ((ops[i]->sym->auth.data.offset % BYTE_LEN) != 0) {
 			ops[i]->status = RTE_CRYPTO_OP_STATUS_INVALID_ARGS;
@@ -271,19 +271,19 @@ process_zuc_hash_op(struct rte_crypto_op **ops,
 
 		if (session->auth_op == RTE_CRYPTO_AUTH_OP_VERIFY) {
 			dst = (uint32_t *)rte_pktmbuf_append(ops[i]->sym->m_src,
-					ops[i]->sym->auth.digest.length);
+					ZUC_DIGEST_LENGTH);
 
 			sso_zuc_eia3_1_buffer(session->pKey_hash,
 					iv, src,
 					length_in_bits,	dst);
 			/* Verify digest. */
 			if (memcmp(dst, ops[i]->sym->auth.digest.data,
-					ops[i]->sym->auth.digest.length) != 0)
+					ZUC_DIGEST_LENGTH) != 0)
 				ops[i]->status = RTE_CRYPTO_OP_STATUS_AUTH_FAILED;
 
 			/* Trim area used for digest from mbuf. */
 			rte_pktmbuf_trim(ops[i]->sym->m_src,
-					ops[i]->sym->auth.digest.length);
+					ZUC_DIGEST_LENGTH);
 		} else  {
 			dst = (uint32_t *)ops[i]->sym->auth.digest.data;
 
diff --git a/examples/ipsec-secgw/esp.c b/examples/ipsec-secgw/esp.c
index 571c2c6..d544a3c 100644
--- a/examples/ipsec-secgw/esp.c
+++ b/examples/ipsec-secgw/esp.c
@@ -140,7 +140,6 @@ esp_inbound(struct rte_mbuf *m, struct ipsec_sa *sa,
 			rte_pktmbuf_pkt_len(m) - sa->digest_len);
 	sym_cop->auth.digest.phys_addr = rte_pktmbuf_mtophys_offset(m,
 			rte_pktmbuf_pkt_len(m) - sa->digest_len);
-	sym_cop->auth.digest.length = sa->digest_len;
 
 	return 0;
 }
@@ -368,7 +367,6 @@ esp_outbound(struct rte_mbuf *m, struct ipsec_sa *sa,
 			rte_pktmbuf_pkt_len(m) - sa->digest_len);
 	sym_cop->auth.digest.phys_addr = rte_pktmbuf_mtophys_offset(m,
 			rte_pktmbuf_pkt_len(m) - sa->digest_len);
-	sym_cop->auth.digest.length = sa->digest_len;
 
 	return 0;
 }
diff --git a/examples/l2fwd-crypto/main.c b/examples/l2fwd-crypto/main.c
index 6fe829e..6d88937 100644
--- a/examples/l2fwd-crypto/main.c
+++ b/examples/l2fwd-crypto/main.c
@@ -481,7 +481,6 @@ l2fwd_simple_crypto_enqueue(struct rte_mbuf *m,
 
 		op->sym->auth.digest.phys_addr = rte_pktmbuf_mtophys_offset(m,
 				rte_pktmbuf_pkt_len(m) - cparams->digest_length);
-		op->sym->auth.digest.length = cparams->digest_length;
 
 		/* For wireless algorithms, offset/length must be in bits */
 		if (cparams->auth_algo == RTE_CRYPTO_AUTH_SNOW3G_UIA2 ||
diff --git a/lib/librte_cryptodev/rte_crypto_sym.h b/lib/librte_cryptodev/rte_crypto_sym.h
index b964a56..de4031a 100644
--- a/lib/librte_cryptodev/rte_crypto_sym.h
+++ b/lib/librte_cryptodev/rte_crypto_sym.h
@@ -354,7 +354,7 @@ struct rte_crypto_auth_xform {
 	 * (for example RFC 2104, FIPS 198a).
 	 */
 
-	uint32_t digest_length;
+	uint16_t digest_length;
 	/**< Length of the digest to be returned. If the verify option is set,
 	 * this specifies the length of the digest to be compared for the
 	 * session.
@@ -604,10 +604,6 @@ struct rte_crypto_sym_op {
 			 */
 			phys_addr_t phys_addr;
 			/**< Physical address of digest */
-			uint16_t length;
-			/**< Length of digest. This must be the same value as
-			 * @ref rte_crypto_auth_xform.digest_length.
-			 */
 		} digest; /**< Digest parameters */
 
 		struct {
diff --git a/test/test/test_cryptodev.c b/test/test/test_cryptodev.c
index 7acfa24..4698f26 100644
--- a/test/test/test_cryptodev.c
+++ b/test/test/test_cryptodev.c
@@ -1307,7 +1307,6 @@ test_AES_CBC_HMAC_SHA1_encrypt_digest(void)
 	sym_op->auth.digest.data = ut_params->digest;
 	sym_op->auth.digest.phys_addr = rte_pktmbuf_mtophys_offset(
 			ut_params->ibuf, QUOTE_512_BYTES);
-	sym_op->auth.digest.length = DIGEST_BYTE_LENGTH_SHA1;
 
 	sym_op->auth.data.offset = 0;
 	sym_op->auth.data.length = QUOTE_512_BYTES;
@@ -1459,7 +1458,6 @@ test_AES_CBC_HMAC_SHA512_decrypt_perform(struct rte_cryptodev_sym_session *sess,
 	sym_op->auth.digest.data = ut_params->digest;
 	sym_op->auth.digest.phys_addr = rte_pktmbuf_mtophys_offset(
 			ut_params->ibuf, QUOTE_512_BYTES);
-	sym_op->auth.digest.length = DIGEST_BYTE_LENGTH_SHA512;
 
 	sym_op->auth.data.offset = 0;
 	sym_op->auth.data.length = QUOTE_512_BYTES;
@@ -2102,7 +2100,6 @@ create_wireless_algo_hash_operation(const uint8_t *auth_tag,
 	ut_params->digest = sym_op->auth.digest.data;
 	sym_op->auth.digest.phys_addr = rte_pktmbuf_mtophys_offset(
 			ut_params->ibuf, data_pad_len);
-	sym_op->auth.digest.length = auth_tag_len;
 	if (op == RTE_CRYPTO_AUTH_OP_GENERATE)
 		memset(sym_op->auth.digest.data, 0, auth_tag_len);
 	else
@@ -2110,7 +2107,7 @@ create_wireless_algo_hash_operation(const uint8_t *auth_tag,
 
 	TEST_HEXDUMP(stdout, "digest:",
 		sym_op->auth.digest.data,
-		sym_op->auth.digest.length);
+		auth_tag_len);
 
 	sym_op->auth.data.length = auth_len;
 	sym_op->auth.data.offset = auth_offset;
@@ -2159,7 +2156,6 @@ create_wireless_cipher_hash_operation(const struct wireless_test_data *tdata,
 	ut_params->digest = sym_op->auth.digest.data;
 	sym_op->auth.digest.phys_addr = rte_pktmbuf_mtophys_offset(
 			ut_params->ibuf, data_pad_len);
-	sym_op->auth.digest.length = auth_tag_len;
 	if (op == RTE_CRYPTO_AUTH_OP_GENERATE)
 		memset(sym_op->auth.digest.data, 0, auth_tag_len);
 	else
@@ -2167,7 +2163,7 @@ create_wireless_cipher_hash_operation(const struct wireless_test_data *tdata,
 
 	TEST_HEXDUMP(stdout, "digest:",
 		sym_op->auth.digest.data,
-		sym_op->auth.digest.length);
+		auth_tag_len);
 
 	/* Copy cipher and auth IVs at the end of the crypto operation */
 	uint8_t *iv_ptr = rte_crypto_op_ctod_offset(ut_params->op, uint8_t *,
@@ -2227,7 +2223,6 @@ create_wireless_algo_cipher_hash_operation(const uint8_t *auth_tag,
 	ut_params->digest = sym_op->auth.digest.data;
 	sym_op->auth.digest.phys_addr = rte_pktmbuf_mtophys_offset(
 			ut_params->ibuf, data_pad_len);
-	sym_op->auth.digest.length = auth_tag_len;
 	if (op == RTE_CRYPTO_AUTH_OP_GENERATE)
 		memset(sym_op->auth.digest.data, 0, auth_tag_len);
 	else
@@ -2235,7 +2230,7 @@ create_wireless_algo_cipher_hash_operation(const uint8_t *auth_tag,
 
 	TEST_HEXDUMP(stdout, "digest:",
 		sym_op->auth.digest.data,
-		sym_op->auth.digest.length);
+		auth_tag_len);
 
 	/* Copy cipher and auth IVs at the end of the crypto operation */
 	uint8_t *iv_ptr = rte_crypto_op_ctod_offset(ut_params->op, uint8_t *,
@@ -2286,13 +2281,12 @@ create_wireless_algo_auth_cipher_operation(unsigned int auth_tag_len,
 
 	sym_op->auth.digest.phys_addr = rte_pktmbuf_mtophys_offset(
 			ut_params->ibuf, data_pad_len);
-	sym_op->auth.digest.length = auth_tag_len;
 
 	memset(sym_op->auth.digest.data, 0, auth_tag_len);
 
 	TEST_HEXDUMP(stdout, "digest:",
 			sym_op->auth.digest.data,
-			sym_op->auth.digest.length);
+			auth_tag_len);
 
 	/* Copy cipher and auth IVs at the end of the crypto operation */
 	uint8_t *iv_ptr = rte_crypto_op_ctod_offset(ut_params->op, uint8_t *,
@@ -4824,7 +4818,6 @@ create_gcm_operation(enum rte_crypto_cipher_operation op,
 						ut_params->ibuf,
 						plaintext_pad_len +
 						aad_pad_len);
-		sym_op->auth.digest.length = tdata->auth_tag.len;
 	} else {
 		sym_op->auth.digest.data = (uint8_t *)rte_pktmbuf_append(
 				ut_params->ibuf, tdata->auth_tag.len);
@@ -4833,13 +4826,12 @@ create_gcm_operation(enum rte_crypto_cipher_operation op,
 		sym_op->auth.digest.phys_addr = rte_pktmbuf_mtophys_offset(
 				ut_params->ibuf,
 				plaintext_pad_len + aad_pad_len);
-		sym_op->auth.digest.length = tdata->auth_tag.len;
 
 		rte_memcpy(sym_op->auth.digest.data, tdata->auth_tag.data,
 			tdata->auth_tag.len);
 		TEST_HEXDUMP(stdout, "digest:",
 			sym_op->auth.digest.data,
-			sym_op->auth.digest.length);
+			tdata->auth_tag.len);
 	}
 
 	sym_op->cipher.data.length = tdata->plaintext.len;
@@ -5614,7 +5606,6 @@ static int MD5_HMAC_create_op(struct crypto_unittest_params *ut_params,
 			"no room to append digest");
 	sym_op->auth.digest.phys_addr = rte_pktmbuf_mtophys_offset(
 			ut_params->ibuf, plaintext_pad_len);
-	sym_op->auth.digest.length = MD5_DIGEST_LEN;
 
 	if (ut_params->auth_xform.auth.op == RTE_CRYPTO_AUTH_OP_VERIFY) {
 		rte_memcpy(sym_op->auth.digest.data, test_case->auth_tag.data,
@@ -6325,14 +6316,13 @@ create_gmac_operation(enum rte_crypto_auth_operation op,
 
 	sym_op->auth.digest.phys_addr = rte_pktmbuf_mtophys_offset(
 			ut_params->ibuf, aad_pad_len);
-	sym_op->auth.digest.length = tdata->gmac_tag.len;
 
 	if (op == RTE_CRYPTO_AUTH_OP_VERIFY) {
 		rte_memcpy(sym_op->auth.digest.data, tdata->gmac_tag.data,
 				tdata->gmac_tag.len);
 		TEST_HEXDUMP(stdout, "digest:",
 				sym_op->auth.digest.data,
-				sym_op->auth.digest.length);
+				tdata->gmac_tag.len);
 	}
 
 	uint8_t *iv_ptr = rte_crypto_op_ctod_offset(ut_params->op,
@@ -6810,7 +6800,6 @@ create_auth_operation(struct crypto_testsuite_params *ts_params,
 
 	sym_op->auth.digest.phys_addr = rte_pktmbuf_mtophys_offset(
 			ut_params->ibuf, reference->plaintext.len);
-	sym_op->auth.digest.length = reference->digest.len;
 
 	if (auth_generate)
 		memset(sym_op->auth.digest.data, 0, reference->digest.len);
@@ -6821,7 +6810,7 @@ create_auth_operation(struct crypto_testsuite_params *ts_params,
 
 	TEST_HEXDUMP(stdout, "digest:",
 			sym_op->auth.digest.data,
-			sym_op->auth.digest.length);
+			reference->digest.len);
 
 	sym_op->auth.data.length = reference->plaintext.len;
 	sym_op->auth.data.offset = 0;
@@ -6868,7 +6857,6 @@ create_auth_GMAC_operation(struct crypto_testsuite_params *ts_params,
 
 	sym_op->auth.digest.phys_addr = rte_pktmbuf_mtophys_offset(
 			ut_params->ibuf, reference->ciphertext.len);
-	sym_op->auth.digest.length = reference->digest.len;
 
 	if (auth_generate)
 		memset(sym_op->auth.digest.data, 0, reference->digest.len);
@@ -6879,7 +6867,7 @@ create_auth_GMAC_operation(struct crypto_testsuite_params *ts_params,
 
 	TEST_HEXDUMP(stdout, "digest:",
 			sym_op->auth.digest.data,
-			sym_op->auth.digest.length);
+			reference->digest.len);
 
 	rte_memcpy(rte_crypto_op_ctod_offset(ut_params->op, uint8_t *, IV_OFFSET),
 			reference->iv.data, reference->iv.len);
@@ -6922,7 +6910,6 @@ create_cipher_auth_operation(struct crypto_testsuite_params *ts_params,
 
 	sym_op->auth.digest.phys_addr = rte_pktmbuf_mtophys_offset(
 			ut_params->ibuf, reference->ciphertext.len);
-	sym_op->auth.digest.length = reference->digest.len;
 
 	if (auth_generate)
 		memset(sym_op->auth.digest.data, 0, reference->digest.len);
@@ -6933,7 +6920,7 @@ create_cipher_auth_operation(struct crypto_testsuite_params *ts_params,
 
 	TEST_HEXDUMP(stdout, "digest:",
 			sym_op->auth.digest.data,
-			sym_op->auth.digest.length);
+			reference->digest.len);
 
 	rte_memcpy(rte_crypto_op_ctod_offset(ut_params->op, uint8_t *, IV_OFFSET),
 			reference->iv.data, reference->iv.len);
@@ -7170,14 +7157,13 @@ create_gcm_operation_SGL(enum rte_crypto_cipher_operation op,
 			"no room to append digest");
 
 	sym_op->auth.digest.phys_addr = digest_phys;
-	sym_op->auth.digest.length = auth_tag_len;
 
 	if (op == RTE_CRYPTO_CIPHER_OP_DECRYPT) {
 		rte_memcpy(sym_op->auth.digest.data, tdata->auth_tag.data,
 				auth_tag_len);
 		TEST_HEXDUMP(stdout, "digest:",
 				sym_op->auth.digest.data,
-				sym_op->auth.digest.length);
+				auth_tag_len);
 	}
 
 	uint8_t *iv_ptr = rte_crypto_op_ctod_offset(ut_params->op,
diff --git a/test/test/test_cryptodev_blockcipher.c b/test/test/test_cryptodev_blockcipher.c
index 9faf088..446ab4f 100644
--- a/test/test/test_cryptodev_blockcipher.c
+++ b/test/test/test_cryptodev_blockcipher.c
@@ -324,7 +324,6 @@ test_blockcipher_one_case(const struct blockcipher_test_case *t,
 
 		sym_op->auth.data.offset = 0;
 		sym_op->auth.data.length = tdata->ciphertext.len;
-		sym_op->auth.digest.length = digest_len;
 	}
 
 	/* create session for sessioned op */
@@ -474,7 +473,7 @@ test_blockcipher_one_case(const struct blockcipher_test_case *t,
 						sym_op->auth.data.offset;
 			changed_len = sym_op->auth.data.length;
 			if (t->op_mask & BLOCKCIPHER_TEST_OP_AUTH_GEN)
-				changed_len += sym_op->auth.digest.length;
+				changed_len += digest_len;
 		} else {
 			/* cipher-only */
 			head_unchanged_len = rte_pktmbuf_headroom(mbuf) +
@@ -516,7 +515,7 @@ test_blockcipher_one_case(const struct blockcipher_test_case *t,
 		}
 
 		if (t->op_mask & BLOCKCIPHER_TEST_OP_AUTH_GEN)
-			changed_len += sym_op->auth.digest.length;
+			changed_len += digest_len;
 
 		if (t->op_mask & BLOCKCIPHER_TEST_OP_AUTH_VERIFY) {
 			/* white-box test: PMDs use some of the
diff --git a/test/test/test_cryptodev_perf.c b/test/test/test_cryptodev_perf.c
index 7239976..3bd9351 100644
--- a/test/test/test_cryptodev_perf.c
+++ b/test/test/test_cryptodev_perf.c
@@ -168,20 +168,19 @@ static struct rte_mbuf *
 test_perf_create_pktmbuf(struct rte_mempool *mpool, unsigned buf_sz);
 static inline struct rte_crypto_op *
 test_perf_set_crypto_op_snow3g(struct rte_crypto_op *op, struct rte_mbuf *m,
-		struct rte_cryptodev_sym_session *sess, unsigned data_len,
-		unsigned digest_len);
+		struct rte_cryptodev_sym_session *sess, unsigned int data_len);
 static inline struct rte_crypto_op *
 test_perf_set_crypto_op_aes(struct rte_crypto_op *op, struct rte_mbuf *m,
 		struct rte_cryptodev_sym_session *sess, unsigned int data_len,
-		unsigned int digest_len, enum chain_mode chain);
+		enum chain_mode chain);
 static inline struct rte_crypto_op *
 test_perf_set_crypto_op_aes_gcm(struct rte_crypto_op *op, struct rte_mbuf *m,
 		struct rte_cryptodev_sym_session *sess, unsigned int data_len,
-		unsigned int digest_len, enum chain_mode chain __rte_unused);
+		enum chain_mode chain __rte_unused);
 static inline struct rte_crypto_op *
 test_perf_set_crypto_op_3des(struct rte_crypto_op *op, struct rte_mbuf *m,
 		struct rte_cryptodev_sym_session *sess, unsigned int data_len,
-		unsigned int digest_len, enum chain_mode chain __rte_unused);
+		enum chain_mode chain __rte_unused);
 static uint32_t get_auth_digest_length(enum rte_crypto_auth_algorithm algo);
 
 
@@ -1979,7 +1978,6 @@ test_perf_crypto_qp_vary_burst_size(uint16_t dev_num)
 		op->sym->auth.digest.data = ut_params->digest;
 		op->sym->auth.digest.phys_addr = rte_pktmbuf_mtophys_offset(m,
 				data_params[0].length);
-		op->sym->auth.digest.length = DIGEST_BYTE_LENGTH_SHA256;
 
 		op->sym->auth.data.offset = 0;
 		op->sym->auth.data.length = data_params[0].length;
@@ -2102,8 +2100,7 @@ test_perf_snow3G_optimise_cyclecount(struct perf_test_params *pparams)
 						RTE_CRYPTO_OP_TYPE_SYMMETRIC);
 		TEST_ASSERT_NOT_NULL(op, "Failed to allocate op");
 
-		op = test_perf_set_crypto_op_snow3g(op, m, sess, pparams->buf_size,
-					get_auth_digest_length(pparams->auth_algo));
+		op = test_perf_set_crypto_op_snow3g(op, m, sess, pparams->buf_size);
 		TEST_ASSERT_NOT_NULL(op, "Failed to attach op to session");
 
 		c_ops[i] = op;
@@ -2252,11 +2249,9 @@ test_perf_openssl_optimise_cyclecount(struct perf_test_params *pparams)
 	static struct rte_crypto_op *(*test_perf_set_crypto_op)
 			(struct rte_crypto_op *, struct rte_mbuf *,
 					struct rte_cryptodev_sym_session *,
-					unsigned int, unsigned int,
+					unsigned int,
 					enum chain_mode);
 
-	unsigned int digest_length = get_auth_digest_length(pparams->auth_algo);
-
 	if (rte_cryptodev_count() == 0) {
 		printf("\nNo crypto devices found. Is PMD build configured?\n");
 		return TEST_FAILED;
@@ -2298,7 +2293,7 @@ test_perf_openssl_optimise_cyclecount(struct perf_test_params *pparams)
 		}
 
 		op = test_perf_set_crypto_op(op, m, sess, pparams->buf_size,
-				digest_length, pparams->chain);
+				pparams->chain);
 		TEST_ASSERT_NOT_NULL(op, "Failed to attach op to session");
 
 		c_ops[i] = op;
@@ -2407,8 +2402,6 @@ test_perf_armv8_optimise_cyclecount(struct perf_test_params *pparams)
 
 	static struct rte_cryptodev_sym_session *sess;
 
-	unsigned int digest_length = get_auth_digest_length(pparams->auth_algo);
-
 	if (rte_cryptodev_count() == 0) {
 		printf("\nNo crypto devices found. Is PMD build configured?\n");
 		return TEST_FAILED;
@@ -2433,7 +2426,7 @@ test_perf_armv8_optimise_cyclecount(struct perf_test_params *pparams)
 		TEST_ASSERT_NOT_NULL(op, "Failed to allocate op");
 
 		op = test_perf_set_crypto_op_aes(op, m, sess, pparams->buf_size,
-				digest_length, pparams->chain);
+				pparams->chain);
 		TEST_ASSERT_NOT_NULL(op, "Failed to attach op to session");
 
 		c_ops[i] = op;
@@ -2875,7 +2868,7 @@ test_perf_create_pktmbuf(struct rte_mempool *mpool, unsigned buf_sz)
 static inline struct rte_crypto_op *
 test_perf_set_crypto_op_aes(struct rte_crypto_op *op, struct rte_mbuf *m,
 		struct rte_cryptodev_sym_session *sess, unsigned int data_len,
-		unsigned int digest_len, enum chain_mode chain)
+		enum chain_mode chain)
 {
 	if (rte_crypto_op_attach_sym_session(op, sess) != 0) {
 		rte_crypto_op_free(op);
@@ -2886,7 +2879,6 @@ test_perf_set_crypto_op_aes(struct rte_crypto_op *op, struct rte_mbuf *m,
 	if (chain == CIPHER_ONLY) {
 		op->sym->auth.digest.data = NULL;
 		op->sym->auth.digest.phys_addr = 0;
-		op->sym->auth.digest.length = 0;
 		op->sym->auth.aad.data = NULL;
 		op->sym->auth.data.offset = 0;
 		op->sym->auth.data.length = 0;
@@ -2895,7 +2887,6 @@ test_perf_set_crypto_op_aes(struct rte_crypto_op *op, struct rte_mbuf *m,
 				 uint8_t *, data_len);
 		op->sym->auth.digest.phys_addr = rte_pktmbuf_mtophys_offset(m,
 				data_len);
-		op->sym->auth.digest.length = digest_len;
 		op->sym->auth.data.offset = 0;
 		op->sym->auth.data.length = data_len;
 	}
@@ -2917,7 +2908,7 @@ test_perf_set_crypto_op_aes(struct rte_crypto_op *op, struct rte_mbuf *m,
 static inline struct rte_crypto_op *
 test_perf_set_crypto_op_aes_gcm(struct rte_crypto_op *op, struct rte_mbuf *m,
 		struct rte_cryptodev_sym_session *sess, unsigned int data_len,
-		unsigned int digest_len, enum chain_mode chain __rte_unused)
+		enum chain_mode chain __rte_unused)
 {
 	if (rte_crypto_op_attach_sym_session(op, sess) != 0) {
 		rte_crypto_op_free(op);
@@ -2929,7 +2920,6 @@ test_perf_set_crypto_op_aes_gcm(struct rte_crypto_op *op, struct rte_mbuf *m,
 					(m->data_off + data_len);
 	op->sym->auth.digest.phys_addr =
 				rte_pktmbuf_mtophys_offset(m, data_len);
-	op->sym->auth.digest.length = digest_len;
 	op->sym->auth.aad.data = aes_gcm_aad;
 
 	/* Copy IV at the end of the crypto operation */
@@ -2950,8 +2940,7 @@ test_perf_set_crypto_op_aes_gcm(struct rte_crypto_op *op, struct rte_mbuf *m,
 
 static inline struct rte_crypto_op *
 test_perf_set_crypto_op_snow3g(struct rte_crypto_op *op, struct rte_mbuf *m,
-		struct rte_cryptodev_sym_session *sess, unsigned data_len,
-		unsigned digest_len)
+		struct rte_cryptodev_sym_session *sess, unsigned int data_len)
 {
 	uint8_t *iv_ptr = rte_crypto_op_ctod_offset(op,
 			uint8_t *, IV_OFFSET);
@@ -2968,7 +2957,6 @@ test_perf_set_crypto_op_snow3g(struct rte_crypto_op *op, struct rte_mbuf *m,
 						(m->data_off + data_len);
 	op->sym->auth.digest.phys_addr =
 				rte_pktmbuf_mtophys_offset(m, data_len);
-	op->sym->auth.digest.length = digest_len;
 
 	/* Data lengths/offsets Parameters */
 	op->sym->auth.data.offset = 0;
@@ -3015,8 +3003,7 @@ static inline struct rte_crypto_op *
 test_perf_set_crypto_op_snow3g_hash(struct rte_crypto_op *op,
 		struct rte_mbuf *m,
 		struct rte_cryptodev_sym_session *sess,
-		unsigned data_len,
-		unsigned digest_len)
+		unsigned int data_len)
 {
 	uint8_t *iv_ptr = rte_crypto_op_ctod_offset(op,
 			uint8_t *, IV_OFFSET);
@@ -3036,7 +3023,6 @@ test_perf_set_crypto_op_snow3g_hash(struct rte_crypto_op *op,
 	op->sym->auth.digest.phys_addr =
 				rte_pktmbuf_mtophys_offset(m, data_len +
 					SNOW3G_CIPHER_IV_LENGTH);
-	op->sym->auth.digest.length = digest_len;
 
 	/* Data lengths/offsets Parameters */
 	op->sym->auth.data.offset = 0;
@@ -3051,7 +3037,7 @@ test_perf_set_crypto_op_snow3g_hash(struct rte_crypto_op *op,
 static inline struct rte_crypto_op *
 test_perf_set_crypto_op_3des(struct rte_crypto_op *op, struct rte_mbuf *m,
 		struct rte_cryptodev_sym_session *sess, unsigned int data_len,
-		unsigned int digest_len, enum chain_mode chain __rte_unused)
+		enum chain_mode chain __rte_unused)
 {
 	if (rte_crypto_op_attach_sym_session(op, sess) != 0) {
 		rte_crypto_op_free(op);
@@ -3063,7 +3049,6 @@ test_perf_set_crypto_op_3des(struct rte_crypto_op *op, struct rte_mbuf *m,
 					(m->data_off + data_len);
 	op->sym->auth.digest.phys_addr =
 				rte_pktmbuf_mtophys_offset(m, data_len);
-	op->sym->auth.digest.length = digest_len;
 
 	/* Copy IV at the end of the crypto operation */
 	rte_memcpy(rte_crypto_op_ctod_offset(op, uint8_t *, IV_OFFSET),
@@ -3156,7 +3141,7 @@ test_perf_aes_sha(uint8_t dev_id, uint16_t queue_id,
 				ops[i] = test_perf_set_crypto_op_aes(ops[i],
 					mbufs[i + (pparams->burst_size *
 						(j % NUM_MBUF_SETS))],
-					sess, pparams->buf_size, digest_length,
+					sess, pparams->buf_size,
 					pparams->chain);
 
 			/* enqueue burst */
@@ -3298,7 +3283,7 @@ test_perf_snow3g(uint8_t dev_id, uint16_t queue_id,
 					mbufs[i +
 					  (pparams->burst_size * (j % NUM_MBUF_SETS))],
 					sess,
-					pparams->buf_size, digest_length);
+					pparams->buf_size);
 				else if (pparams->chain == CIPHER_ONLY)
 					ops[i+op_offset] =
 					test_perf_set_crypto_op_snow3g_cipher(ops[i+op_offset],
@@ -3394,8 +3379,6 @@ test_perf_openssl(uint8_t dev_id, uint16_t queue_id,
 	uint64_t processed = 0, failed_polls = 0, retries = 0;
 	uint64_t tsc_start = 0, tsc_end = 0;
 
-	unsigned int digest_length = get_auth_digest_length(pparams->auth_algo);
-
 	struct rte_crypto_op *ops[pparams->burst_size];
 	struct rte_crypto_op *proc_ops[pparams->burst_size];
 
@@ -3408,7 +3391,7 @@ test_perf_openssl(uint8_t dev_id, uint16_t queue_id,
 	static struct rte_crypto_op *(*test_perf_set_crypto_op)
 			(struct rte_crypto_op *, struct rte_mbuf *,
 					struct rte_cryptodev_sym_session *,
-					unsigned int, unsigned int,
+					unsigned int,
 					enum chain_mode);
 
 	switch (pparams->cipher_algo) {
@@ -3470,7 +3453,7 @@ test_perf_openssl(uint8_t dev_id, uint16_t queue_id,
 				ops[i] = test_perf_set_crypto_op(ops[i],
 					mbufs[i + (pparams->burst_size *
 						(j % NUM_MBUF_SETS))],
-					sess, pparams->buf_size, digest_length,
+					sess, pparams->buf_size,
 					pparams->chain);
 
 			/* enqueue burst */
@@ -3548,8 +3531,6 @@ test_perf_armv8(uint8_t dev_id, uint16_t queue_id,
 	uint64_t processed = 0, failed_polls = 0, retries = 0;
 	uint64_t tsc_start = 0, tsc_end = 0;
 
-	unsigned int digest_length = get_auth_digest_length(pparams->auth_algo);
-
 	struct rte_crypto_op *ops[pparams->burst_size];
 	struct rte_crypto_op *proc_ops[pparams->burst_size];
 
@@ -3604,7 +3585,7 @@ test_perf_armv8(uint8_t dev_id, uint16_t queue_id,
 				ops[i] = test_perf_set_crypto_op_aes(ops[i],
 					mbufs[i + (pparams->burst_size *
 						(j % NUM_MBUF_SETS))], sess,
-					pparams->buf_size, digest_length,
+					pparams->buf_size,
 					pparams->chain);
 
 			/* enqueue burst */
@@ -4179,7 +4160,6 @@ perf_gcm_set_crypto_op(struct rte_crypto_op *op, struct rte_mbuf *m,
 					  params->session_attrs->aad_len +
 					  params->symmetric_op->p_len);
 
-	op->sym->auth.digest.length = params->symmetric_op->t_len;
 
 	op->sym->auth.aad.data = m_hlp->aad;
 	op->sym->auth.aad.phys_addr = rte_pktmbuf_mtophys(m);
-- 
2.9.4

^ permalink raw reply	[flat|nested] 100+ messages in thread

* [dpdk-dev] [PATCH v4 18/26] cryptodev: set AES-GMAC as auth-only algo
  2017-07-02  5:41     ` [dpdk-dev] [PATCH v4 " Pablo de Lara
                         ` (16 preceding siblings ...)
  2017-07-02  5:41       ` [dpdk-dev] [PATCH v4 17/26] cryptodev: remove digest " Pablo de Lara
@ 2017-07-02  5:41       ` Pablo de Lara
  2017-07-02  5:41       ` [dpdk-dev] [PATCH v4 19/26] cryptodev: add AEAD specific data Pablo de Lara
                         ` (8 subsequent siblings)
  26 siblings, 0 replies; 100+ messages in thread
From: Pablo de Lara @ 2017-07-02  5:41 UTC (permalink / raw)
  To: declan.doherty, zbigniew.bodek, jerin.jacob, akhil.goyal,
	hemant.agrawal, fiona.trahe, john.griffin, deepak.k.jain
  Cc: dev, Pablo de Lara

AES-GMAC is an authentication algorithm, based on AES-GCM
without encryption. To simplify its usage, now it can be used
setting the authentication parameters, without requiring
to concatenate a ciphering transform.

Therefore, it is not required to set AAD, but authentication
data length and offset, giving the user the option
to have Scatter-Gather List in the input buffer,
as long as the driver supports it.

Signed-off-by: Pablo de Lara <pablo.de.lara.guarch@intel.com>
Acked-by: Akhil Goyal <akhil.goyal@nxp.com>
Acked-by: Fiona Trahe <fiona.trahe@intel.com>
---
 app/test-crypto-perf/cperf_options_parsing.c     |   3 +-
 app/test-crypto-perf/cperf_test_vectors.c        |   5 -
 drivers/crypto/aesni_gcm/aesni_gcm_pmd.c         | 169 ++++++++++++++++-------
 drivers/crypto/aesni_gcm/aesni_gcm_pmd_ops.c     |  12 +-
 drivers/crypto/aesni_gcm/aesni_gcm_pmd_private.h |   4 +-
 drivers/crypto/openssl/rte_openssl_pmd.c         |  52 +++++--
 drivers/crypto/openssl/rte_openssl_pmd_ops.c     |   9 +-
 drivers/crypto/qat/qat_crypto.c                  | 151 ++++++++++++++------
 drivers/crypto/qat/qat_crypto_capabilities.h     |  11 +-
 lib/librte_cryptodev/rte_crypto_sym.h            |  39 +-----
 test/test/test_cryptodev.c                       | 159 ++++++++++-----------
 test/test/test_cryptodev_gcm_test_vectors.h      |  29 +---
 12 files changed, 374 insertions(+), 269 deletions(-)

diff --git a/app/test-crypto-perf/cperf_options_parsing.c b/app/test-crypto-perf/cperf_options_parsing.c
index 70b6a60..5c2dcff 100644
--- a/app/test-crypto-perf/cperf_options_parsing.c
+++ b/app/test-crypto-perf/cperf_options_parsing.c
@@ -820,8 +820,7 @@ cperf_options_check(struct cperf_options *options)
 	if (options->cipher_algo == RTE_CRYPTO_CIPHER_AES_GCM ||
 			options->cipher_algo == RTE_CRYPTO_CIPHER_AES_CCM ||
 			options->auth_algo == RTE_CRYPTO_AUTH_AES_GCM ||
-			options->auth_algo == RTE_CRYPTO_AUTH_AES_CCM ||
-			options->auth_algo == RTE_CRYPTO_AUTH_AES_GMAC) {
+			options->auth_algo == RTE_CRYPTO_AUTH_AES_CCM) {
 		if (options->op_type != CPERF_AEAD) {
 			RTE_LOG(ERR, USER1, "Use --optype aead\n");
 			return -EINVAL;
diff --git a/app/test-crypto-perf/cperf_test_vectors.c b/app/test-crypto-perf/cperf_test_vectors.c
index b67d0f4..2e5339c 100644
--- a/app/test-crypto-perf/cperf_test_vectors.c
+++ b/app/test-crypto-perf/cperf_test_vectors.c
@@ -456,11 +456,6 @@ cperf_test_vector_get_dummy(struct cperf_options *options)
 			t_vec->auth_key.data = NULL;
 			aad_alloc = 1;
 			break;
-		case RTE_CRYPTO_AUTH_AES_GMAC:
-			/* auth key should be the same as cipher key */
-			t_vec->auth_key.data = cipher_key;
-			aad_alloc = 1;
-			break;
 		default:
 			t_vec->auth_key.data = auth_key;
 			aad_alloc = 0;
diff --git a/drivers/crypto/aesni_gcm/aesni_gcm_pmd.c b/drivers/crypto/aesni_gcm/aesni_gcm_pmd.c
index fcf0f8b..36372a6 100644
--- a/drivers/crypto/aesni_gcm/aesni_gcm_pmd.c
+++ b/drivers/crypto/aesni_gcm/aesni_gcm_pmd.c
@@ -79,35 +79,74 @@ aesni_gcm_set_session_parameters(struct aesni_gcm_session *sess,
 	const struct rte_crypto_sym_xform *auth_xform;
 	const struct rte_crypto_sym_xform *cipher_xform;
 	uint16_t digest_length;
+	uint8_t key_length;
+	uint8_t *key;
 
-	if (xform->next == NULL || xform->next->next != NULL) {
-		GCM_LOG_ERR("Two and only two chained xform required");
-		return -EINVAL;
-	}
-
-	if (xform->type == RTE_CRYPTO_SYM_XFORM_CIPHER &&
-			xform->next->type == RTE_CRYPTO_SYM_XFORM_AUTH) {
-		auth_xform = xform->next;
-		cipher_xform = xform;
-	} else if (xform->type == RTE_CRYPTO_SYM_XFORM_AUTH &&
-			xform->next->type == RTE_CRYPTO_SYM_XFORM_CIPHER) {
+	/* AES-GMAC */
+	if (xform->next == NULL) {
 		auth_xform = xform;
-		cipher_xform = xform->next;
+		if (auth_xform->auth.algo != RTE_CRYPTO_AUTH_AES_GMAC) {
+			GCM_LOG_ERR("Only AES GMAC is supported as an "
+					"authentication only algorithm");
+			return -EINVAL;
+		}
+		/* Set IV parameters */
+		sess->iv.offset = auth_xform->auth.iv.offset;
+		sess->iv.length = auth_xform->auth.iv.length;
+
+		/* Select Crypto operation */
+		if (auth_xform->auth.op == RTE_CRYPTO_AUTH_OP_GENERATE)
+			sess->op = AESNI_GMAC_OP_GENERATE;
+		else
+			sess->op = AESNI_GMAC_OP_VERIFY;
+
+		key_length = auth_xform->auth.key.length;
+		key = auth_xform->auth.key.data;
+	/* AES-GCM */
 	} else {
-		GCM_LOG_ERR("Cipher and auth xform required");
-		return -EINVAL;
-	}
+		if (xform->type == RTE_CRYPTO_SYM_XFORM_CIPHER &&
+				xform->next->type == RTE_CRYPTO_SYM_XFORM_AUTH) {
+			auth_xform = xform->next;
+			cipher_xform = xform;
+		} else if (xform->type == RTE_CRYPTO_SYM_XFORM_AUTH &&
+				xform->next->type == RTE_CRYPTO_SYM_XFORM_CIPHER) {
+			auth_xform = xform;
+			cipher_xform = xform->next;
+		} else {
+			GCM_LOG_ERR("Cipher and auth xform required "
+					"when using AES GCM");
+			return -EINVAL;
+		}
 
-	if (!(cipher_xform->cipher.algo == RTE_CRYPTO_CIPHER_AES_GCM &&
-		(auth_xform->auth.algo == RTE_CRYPTO_AUTH_AES_GCM ||
-			auth_xform->auth.algo == RTE_CRYPTO_AUTH_AES_GMAC))) {
-		GCM_LOG_ERR("We only support AES GCM and AES GMAC");
-		return -EINVAL;
-	}
+		if (!(cipher_xform->cipher.algo == RTE_CRYPTO_CIPHER_AES_GCM &&
+				(auth_xform->auth.algo == RTE_CRYPTO_AUTH_AES_GCM))) {
+			GCM_LOG_ERR("The only combined operation "
+						"supported is AES GCM");
+			return -EINVAL;
+		}
 
-	/* Set IV parameters */
-	sess->iv.offset = cipher_xform->cipher.iv.offset;
-	sess->iv.length = cipher_xform->cipher.iv.length;
+		/* Set IV parameters */
+		sess->iv.offset = cipher_xform->cipher.iv.offset;
+		sess->iv.length = cipher_xform->cipher.iv.length;
+
+		/* Select Crypto operation */
+		if (cipher_xform->cipher.op == RTE_CRYPTO_CIPHER_OP_ENCRYPT &&
+				auth_xform->auth.op == RTE_CRYPTO_AUTH_OP_GENERATE)
+			sess->op = AESNI_GCM_OP_AUTHENTICATED_ENCRYPTION;
+		else if (cipher_xform->cipher.op == RTE_CRYPTO_CIPHER_OP_DECRYPT &&
+				auth_xform->auth.op == RTE_CRYPTO_AUTH_OP_VERIFY)
+			sess->op = AESNI_GCM_OP_AUTHENTICATED_DECRYPTION;
+		else {
+			GCM_LOG_ERR("Cipher/Auth operations: Encrypt/Generate or"
+					" Decrypt/Verify are valid only");
+			return -EINVAL;
+		}
+
+		key_length = cipher_xform->auth.key.length;
+		key = cipher_xform->auth.key.data;
+
+		sess->aad_length = auth_xform->auth.add_auth_data_length;
+	}
 
 	/* IV check */
 	if (sess->iv.length != 16 && sess->iv.length != 12 &&
@@ -116,39 +155,25 @@ aesni_gcm_set_session_parameters(struct aesni_gcm_session *sess,
 		return -EINVAL;
 	}
 
-	/* Select Crypto operation */
-	if (cipher_xform->cipher.op == RTE_CRYPTO_CIPHER_OP_ENCRYPT &&
-			auth_xform->auth.op == RTE_CRYPTO_AUTH_OP_GENERATE)
-		sess->op = AESNI_GCM_OP_AUTHENTICATED_ENCRYPTION;
-	else if (cipher_xform->cipher.op == RTE_CRYPTO_CIPHER_OP_DECRYPT &&
-			auth_xform->auth.op == RTE_CRYPTO_AUTH_OP_VERIFY)
-		sess->op = AESNI_GCM_OP_AUTHENTICATED_DECRYPTION;
-	else {
-		GCM_LOG_ERR("Cipher/Auth operations: Encrypt/Generate or"
-				" Decrypt/Verify are valid only");
-		return -EINVAL;
-	}
-
 	digest_length = auth_xform->auth.digest_length;
 
 	/* Check key length and calculate GCM pre-compute. */
-	switch (cipher_xform->cipher.key.length) {
+	switch (key_length) {
 	case 16:
-		aesni_gcm128_pre(cipher_xform->cipher.key.data, &sess->gdata);
+		aesni_gcm128_pre(key, &sess->gdata);
 		sess->key = AESNI_GCM_KEY_128;
 
 		break;
 	case 32:
-		aesni_gcm256_pre(cipher_xform->cipher.key.data, &sess->gdata);
+		aesni_gcm256_pre(key, &sess->gdata);
 		sess->key = AESNI_GCM_KEY_256;
 
 		break;
 	default:
-		GCM_LOG_ERR("Unsupported cipher key length");
+		GCM_LOG_ERR("Unsupported cipher/auth key length");
 		return -EINVAL;
 	}
 
-	sess->aad_length = auth_xform->auth.add_auth_data_length;
 	/* Digest check */
 	if (digest_length != 16 &&
 			digest_length != 12 &&
@@ -211,9 +236,20 @@ process_gcm_crypto_op(struct rte_crypto_op *op,
 	uint8_t *iv_ptr;
 	struct rte_crypto_sym_op *sym_op = op->sym;
 	struct rte_mbuf *m_src = sym_op->m_src;
-	uint32_t offset = sym_op->cipher.data.offset;
+	uint32_t offset, data_offset, data_length;
 	uint32_t part_len, total_len, data_len;
 
+	if (session->op == AESNI_GCM_OP_AUTHENTICATED_ENCRYPTION ||
+			session->op == AESNI_GCM_OP_AUTHENTICATED_DECRYPTION) {
+		offset = sym_op->cipher.data.offset;
+		data_offset = offset;
+		data_length = sym_op->cipher.data.length;
+	} else {
+		offset = sym_op->auth.data.offset;
+		data_offset = offset;
+		data_length = sym_op->auth.data.length;
+	}
+
 	RTE_ASSERT(m_src != NULL);
 
 	while (offset >= m_src->data_len) {
@@ -224,12 +260,12 @@ process_gcm_crypto_op(struct rte_crypto_op *op,
 	}
 
 	data_len = m_src->data_len - offset;
-	part_len = (data_len < sym_op->cipher.data.length) ? data_len :
-			sym_op->cipher.data.length;
+	part_len = (data_len < data_length) ? data_len :
+			data_length;
 
 	/* Destination buffer is required when segmented source buffer */
-	RTE_ASSERT((part_len == sym_op->cipher.data.length) ||
-			((part_len != sym_op->cipher.data.length) &&
+	RTE_ASSERT((part_len == data_length) ||
+			((part_len != data_length) &&
 					(sym_op->m_dst != NULL)));
 	/* Segmented destination buffer is not supported */
 	RTE_ASSERT((sym_op->m_dst == NULL) ||
@@ -239,9 +275,9 @@ process_gcm_crypto_op(struct rte_crypto_op *op,
 
 	dst = sym_op->m_dst ?
 			rte_pktmbuf_mtod_offset(sym_op->m_dst, uint8_t *,
-					sym_op->cipher.data.offset) :
+					data_offset) :
 			rte_pktmbuf_mtod_offset(sym_op->m_src, uint8_t *,
-					sym_op->cipher.data.offset);
+					data_offset);
 
 	src = rte_pktmbuf_mtod_offset(m_src, uint8_t *, offset);
 
@@ -265,7 +301,7 @@ process_gcm_crypto_op(struct rte_crypto_op *op,
 
 		aesni_gcm_enc[session->key].update(&session->gdata, dst, src,
 				(uint64_t)part_len);
-		total_len = sym_op->cipher.data.length - part_len;
+		total_len = data_length - part_len;
 
 		while (total_len) {
 			dst += part_len;
@@ -286,7 +322,7 @@ process_gcm_crypto_op(struct rte_crypto_op *op,
 		aesni_gcm_enc[session->key].finalize(&session->gdata,
 				sym_op->auth.digest.data,
 				(uint64_t)session->digest_length);
-	} else { /* session->op == AESNI_GCM_OP_AUTHENTICATED_DECRYPTION */
+	} else if (session->op == AESNI_GCM_OP_AUTHENTICATED_DECRYPTION) {
 		uint8_t *auth_tag = (uint8_t *)rte_pktmbuf_append(sym_op->m_dst ?
 				sym_op->m_dst : sym_op->m_src,
 				session->digest_length);
@@ -303,7 +339,7 @@ process_gcm_crypto_op(struct rte_crypto_op *op,
 
 		aesni_gcm_dec[session->key].update(&session->gdata, dst, src,
 				(uint64_t)part_len);
-		total_len = sym_op->cipher.data.length - part_len;
+		total_len = data_length - part_len;
 
 		while (total_len) {
 			dst += part_len;
@@ -324,6 +360,32 @@ process_gcm_crypto_op(struct rte_crypto_op *op,
 		aesni_gcm_dec[session->key].finalize(&session->gdata,
 				auth_tag,
 				(uint64_t)session->digest_length);
+	} else if (session->op == AESNI_GMAC_OP_GENERATE) {
+		aesni_gcm_enc[session->key].init(&session->gdata,
+				iv_ptr,
+				src,
+				(uint64_t)data_length);
+		aesni_gcm_enc[session->key].finalize(&session->gdata,
+				sym_op->auth.digest.data,
+				(uint64_t)session->digest_length);
+	} else { /* AESNI_GMAC_OP_VERIFY */
+		uint8_t *auth_tag = (uint8_t *)rte_pktmbuf_append(sym_op->m_dst ?
+				sym_op->m_dst : sym_op->m_src,
+				session->digest_length);
+
+		if (!auth_tag) {
+			GCM_LOG_ERR("auth_tag");
+			return -1;
+		}
+
+		aesni_gcm_dec[session->key].init(&session->gdata,
+				iv_ptr,
+				src,
+				(uint64_t)data_length);
+
+		aesni_gcm_dec[session->key].finalize(&session->gdata,
+				auth_tag,
+				(uint64_t)session->digest_length);
 	}
 
 	return 0;
@@ -350,7 +412,8 @@ post_process_gcm_crypto_op(struct rte_crypto_op *op)
 	op->status = RTE_CRYPTO_OP_STATUS_SUCCESS;
 
 	/* Verify digest if required */
-	if (session->op == AESNI_GCM_OP_AUTHENTICATED_DECRYPTION) {
+	if (session->op == AESNI_GCM_OP_AUTHENTICATED_DECRYPTION ||
+			session->op == AESNI_GMAC_OP_VERIFY) {
 
 		uint8_t *tag = rte_pktmbuf_mtod_offset(m, uint8_t *,
 				m->data_len - session->digest_length);
diff --git a/drivers/crypto/aesni_gcm/aesni_gcm_pmd_ops.c b/drivers/crypto/aesni_gcm/aesni_gcm_pmd_ops.c
index 542e6c4..39285d0 100644
--- a/drivers/crypto/aesni_gcm/aesni_gcm_pmd_ops.c
+++ b/drivers/crypto/aesni_gcm/aesni_gcm_pmd_ops.c
@@ -56,12 +56,12 @@ static const struct rte_cryptodev_capabilities aesni_gcm_pmd_capabilities[] = {
 					.max = 16,
 					.increment = 4
 				},
-				.aad_size = {
-					.min = 0,
-					.max = 65535,
-					.increment = 1
-				},
-				.iv_size = { 0 }
+				.aad_size = { 0 },
+				.iv_size = {
+					.min = 12,
+					.max = 12,
+					.increment = 0
+				}
 			}, }
 		}, }
 	},
diff --git a/drivers/crypto/aesni_gcm/aesni_gcm_pmd_private.h b/drivers/crypto/aesni_gcm/aesni_gcm_pmd_private.h
index 05fabe6..9dea80d 100644
--- a/drivers/crypto/aesni_gcm/aesni_gcm_pmd_private.h
+++ b/drivers/crypto/aesni_gcm/aesni_gcm_pmd_private.h
@@ -80,7 +80,9 @@ struct aesni_gcm_qp {
 
 enum aesni_gcm_operation {
 	AESNI_GCM_OP_AUTHENTICATED_ENCRYPTION,
-	AESNI_GCM_OP_AUTHENTICATED_DECRYPTION
+	AESNI_GCM_OP_AUTHENTICATED_DECRYPTION,
+	AESNI_GMAC_OP_GENERATE,
+	AESNI_GMAC_OP_VERIFY
 };
 
 enum aesni_gcm_key {
diff --git a/drivers/crypto/openssl/rte_openssl_pmd.c b/drivers/crypto/openssl/rte_openssl_pmd.c
index 46b1dd8..11260d8 100644
--- a/drivers/crypto/openssl/rte_openssl_pmd.c
+++ b/drivers/crypto/openssl/rte_openssl_pmd.c
@@ -330,13 +330,41 @@ openssl_set_session_auth_parameters(struct openssl_session *sess,
 
 	/* Select auth algo */
 	switch (xform->auth.algo) {
-	case RTE_CRYPTO_AUTH_AES_GMAC:
 	case RTE_CRYPTO_AUTH_AES_GCM:
-		/* Check additional condition for AES_GMAC/GCM */
+		/* Check additional condition for AES_GCM */
 		if (sess->cipher.algo != RTE_CRYPTO_CIPHER_AES_GCM)
 			return -EINVAL;
 		sess->chain_order = OPENSSL_CHAIN_COMBINED;
 		break;
+	case RTE_CRYPTO_AUTH_AES_GMAC:
+		sess->chain_order = OPENSSL_CHAIN_COMBINED;
+
+		/* Set IV parameters */
+		sess->iv.offset = xform->auth.iv.offset;
+		sess->iv.length = xform->auth.iv.length;
+
+		/*
+		 * OpenSSL requires GMAC to be a GCM operation
+		 * with no cipher data length
+		 */
+		sess->cipher.mode = OPENSSL_CIPHER_LIB;
+		if (sess->auth.operation == RTE_CRYPTO_AUTH_OP_GENERATE)
+			sess->cipher.direction = RTE_CRYPTO_CIPHER_OP_ENCRYPT;
+		else
+			sess->cipher.direction = RTE_CRYPTO_CIPHER_OP_DECRYPT;
+
+		sess->cipher.key.length = xform->auth.key.length;
+		sess->cipher.ctx = EVP_CIPHER_CTX_new();
+
+		if (get_cipher_algo(RTE_CRYPTO_CIPHER_AES_GCM,
+				sess->cipher.key.length,
+				&sess->cipher.evp_algo) != 0)
+			return -EINVAL;
+
+		get_cipher_key(xform->auth.key.data, xform->auth.key.length,
+			sess->cipher.key.data);
+
+		break;
 
 	case RTE_CRYPTO_AUTH_MD5:
 	case RTE_CRYPTO_AUTH_SHA1:
@@ -923,6 +951,7 @@ process_openssl_combined_op
 	/* cipher */
 	uint8_t *dst = NULL, *iv, *tag, *aad;
 	int srclen, ivlen, aadlen, status = -1;
+	uint32_t offset;
 
 	/*
 	 * Segmented destination buffer is not supported for
@@ -936,32 +965,37 @@ process_openssl_combined_op
 	iv = rte_crypto_op_ctod_offset(op, uint8_t *,
 			sess->iv.offset);
 	ivlen = sess->iv.length;
-	aad = op->sym->auth.aad.data;
-	aadlen = sess->auth.aad_length;
-
 	tag = op->sym->auth.digest.data;
 	if (tag == NULL)
 		tag = rte_pktmbuf_mtod_offset(mbuf_dst, uint8_t *,
 				op->sym->cipher.data.offset +
 				op->sym->cipher.data.length);
 
-	if (sess->auth.algo == RTE_CRYPTO_AUTH_AES_GMAC)
+	if (sess->auth.algo == RTE_CRYPTO_AUTH_AES_GMAC) {
 		srclen = 0;
-	else {
+		offset = op->sym->auth.data.offset;
+		aadlen = op->sym->auth.data.length;
+		aad = rte_pktmbuf_mtod_offset(mbuf_src, uint8_t *,
+				op->sym->auth.data.offset);
+
+	} else {
 		srclen = op->sym->cipher.data.length;
 		dst = rte_pktmbuf_mtod_offset(mbuf_dst, uint8_t *,
 				op->sym->cipher.data.offset);
+		offset = op->sym->cipher.data.offset;
+		aad = op->sym->auth.aad.data;
+		aadlen = sess->auth.aad_length;
 	}
 
 	if (sess->cipher.direction == RTE_CRYPTO_CIPHER_OP_ENCRYPT)
 		status = process_openssl_auth_encryption_gcm(
-				mbuf_src, op->sym->cipher.data.offset, srclen,
+				mbuf_src, offset, srclen,
 				aad, aadlen, iv, ivlen, sess->cipher.key.data,
 				dst, tag, sess->cipher.ctx,
 				sess->cipher.evp_algo);
 	else
 		status = process_openssl_auth_decryption_gcm(
-				mbuf_src, op->sym->cipher.data.offset, srclen,
+				mbuf_src, offset, srclen,
 				aad, aadlen, iv, ivlen, sess->cipher.key.data,
 				dst, tag, sess->cipher.ctx,
 				sess->cipher.evp_algo);
diff --git a/drivers/crypto/openssl/rte_openssl_pmd_ops.c b/drivers/crypto/openssl/rte_openssl_pmd_ops.c
index 3026dbd..fc525d9 100644
--- a/drivers/crypto/openssl/rte_openssl_pmd_ops.c
+++ b/drivers/crypto/openssl/rte_openssl_pmd_ops.c
@@ -407,12 +407,11 @@ static const struct rte_cryptodev_capabilities openssl_pmd_capabilities[] = {
 					.max = 16,
 					.increment = 0
 				},
-				.aad_size = {
-					.min = 8,
-					.max = 65532,
+				.iv_size = {
+					.min = 12,
+					.max = 16,
 					.increment = 4
-				},
-				.iv_size = { 0 }
+				}
 			}, }
 		}, }
 	},
diff --git a/drivers/crypto/qat/qat_crypto.c b/drivers/crypto/qat/qat_crypto.c
index 3a43faa..ad23672 100644
--- a/drivers/crypto/qat/qat_crypto.c
+++ b/drivers/crypto/qat/qat_crypto.c
@@ -518,6 +518,8 @@ qat_crypto_sym_configure_session_auth(struct rte_cryptodev *dev,
 	struct rte_crypto_cipher_xform *cipher_xform = NULL;
 	struct qat_pmd_private *internals = dev->data->dev_private;
 	auth_xform = qat_get_auth_xform(xform);
+	uint8_t *key_data = auth_xform->key.data;
+	uint8_t key_length = auth_xform->key.length;
 
 	switch (auth_xform->algo) {
 	case RTE_CRYPTO_AUTH_SHA1_HMAC:
@@ -539,10 +541,22 @@ qat_crypto_sym_configure_session_auth(struct rte_cryptodev *dev,
 		session->qat_hash_alg = ICP_QAT_HW_AUTH_ALGO_AES_XCBC_MAC;
 		break;
 	case RTE_CRYPTO_AUTH_AES_GCM:
+		cipher_xform = qat_get_cipher_xform(xform);
+
 		session->qat_hash_alg = ICP_QAT_HW_AUTH_ALGO_GALOIS_128;
+
+		key_data = cipher_xform->key.data;
+		key_length = cipher_xform->key.length;
 		break;
 	case RTE_CRYPTO_AUTH_AES_GMAC:
+		if (qat_alg_validate_aes_key(auth_xform->key.length,
+				&session->qat_cipher_alg) != 0) {
+			PMD_DRV_LOG(ERR, "Invalid AES key size");
+			goto error_out;
+		}
+		session->qat_mode = ICP_QAT_HW_CIPHER_CTR_MODE;
 		session->qat_hash_alg = ICP_QAT_HW_AUTH_ALGO_GALOIS_128;
+
 		break;
 	case RTE_CRYPTO_AUTH_SNOW3G_UIA2:
 		session->qat_hash_alg = ICP_QAT_HW_AUTH_ALGO_SNOW_3G_UIA2;
@@ -582,30 +596,62 @@ qat_crypto_sym_configure_session_auth(struct rte_cryptodev *dev,
 				auth_xform->algo);
 		goto error_out;
 	}
-	cipher_xform = qat_get_cipher_xform(xform);
 
 	session->auth_iv.offset = auth_xform->iv.offset;
 	session->auth_iv.length = auth_xform->iv.length;
 
-	if ((session->qat_hash_alg == ICP_QAT_HW_AUTH_ALGO_GALOIS_128) ||
-			(session->qat_hash_alg ==
-				ICP_QAT_HW_AUTH_ALGO_GALOIS_64))  {
-		if (qat_alg_aead_session_create_content_desc_auth(session,
-				cipher_xform->key.data,
-				cipher_xform->key.length,
-				auth_xform->add_auth_data_length,
-				auth_xform->digest_length,
-				auth_xform->op))
-			goto error_out;
+	if (auth_xform->algo == RTE_CRYPTO_AUTH_AES_GMAC) {
+		if (auth_xform->op == RTE_CRYPTO_AUTH_OP_GENERATE) {
+			session->qat_cmd = ICP_QAT_FW_LA_CMD_CIPHER_HASH;
+			session->qat_dir = ICP_QAT_HW_CIPHER_ENCRYPT;
+			/*
+			 * It needs to create cipher desc content first,
+			 * then authentication
+			 */
+			if (qat_alg_aead_session_create_content_desc_cipher(session,
+						auth_xform->key.data,
+						auth_xform->key.length))
+				goto error_out;
+
+			if (qat_alg_aead_session_create_content_desc_auth(session,
+						key_data,
+						key_length,
+						0,
+						auth_xform->digest_length,
+						auth_xform->op))
+				goto error_out;
+		} else {
+			session->qat_cmd = ICP_QAT_FW_LA_CMD_HASH_CIPHER;
+			session->qat_dir = ICP_QAT_HW_CIPHER_DECRYPT;
+			/*
+			 * It needs to create authentication desc content first,
+			 * then cipher
+			 */
+			if (qat_alg_aead_session_create_content_desc_auth(session,
+					key_data,
+					key_length,
+					0,
+					auth_xform->digest_length,
+					auth_xform->op))
+				goto error_out;
+
+			if (qat_alg_aead_session_create_content_desc_cipher(session,
+						auth_xform->key.data,
+						auth_xform->key.length))
+				goto error_out;
+		}
+		/* Restore to authentication only only */
+		session->qat_cmd = ICP_QAT_FW_LA_CMD_AUTH;
 	} else {
 		if (qat_alg_aead_session_create_content_desc_auth(session,
-				auth_xform->key.data,
-				auth_xform->key.length,
+				key_data,
+				key_length,
 				auth_xform->add_auth_data_length,
 				auth_xform->digest_length,
 				auth_xform->op))
 			goto error_out;
 	}
+
 	session->digest_length = auth_xform->digest_length;
 	return session;
 
@@ -892,6 +938,28 @@ qat_sgl_fill_array(struct rte_mbuf *buf, uint64_t buff_start,
 	return 0;
 }
 
+static inline void
+set_cipher_iv(uint16_t iv_length, uint16_t iv_offset,
+		struct icp_qat_fw_la_cipher_req_params *cipher_param,
+		struct rte_crypto_op *op,
+		struct icp_qat_fw_la_bulk_req *qat_req)
+{
+	/* copy IV into request if it fits */
+	if (iv_length <= sizeof(cipher_param->u.cipher_IV_array)) {
+		rte_memcpy(cipher_param->u.cipher_IV_array,
+				rte_crypto_op_ctod_offset(op, uint8_t *,
+					iv_offset),
+				iv_length);
+	} else {
+		ICP_QAT_FW_LA_CIPH_IV_FLD_FLAG_SET(
+				qat_req->comn_hdr.serv_specif_flags,
+				ICP_QAT_FW_CIPH_IV_64BIT_PTR);
+		cipher_param->u.s.cipher_IV_ptr =
+				rte_crypto_op_ctophys_offset(op,
+					iv_offset);
+	}
+}
+
 static inline int
 qat_write_hw_desc_entry(struct rte_crypto_op *op, uint8_t *out_msg,
 		struct qat_crypto_op_cookie *qat_op_cookie)
@@ -907,7 +975,6 @@ qat_write_hw_desc_entry(struct rte_crypto_op *op, uint8_t *out_msg,
 	uint32_t min_ofs = 0;
 	uint64_t src_buf_start = 0, dst_buf_start = 0;
 	uint8_t do_sgl = 0;
-	uint8_t *cipher_iv_ptr = NULL;
 
 #ifdef RTE_LIBRTE_PMD_QAT_DEBUG_TX
 	if (unlikely(op->type != RTE_CRYPTO_OP_TYPE_SYMMETRIC)) {
@@ -980,22 +1047,8 @@ qat_write_hw_desc_entry(struct rte_crypto_op *op, uint8_t *out_msg,
 			cipher_ofs = op->sym->cipher.data.offset;
 		}
 
-		cipher_iv_ptr = rte_crypto_op_ctod_offset(op, uint8_t *,
-					ctx->cipher_iv.offset);
-		/* copy IV into request if it fits */
-		if (ctx->cipher_iv.length <=
-				sizeof(cipher_param->u.cipher_IV_array)) {
-			rte_memcpy(cipher_param->u.cipher_IV_array,
-					cipher_iv_ptr,
-					ctx->cipher_iv.length);
-		} else {
-			ICP_QAT_FW_LA_CIPH_IV_FLD_FLAG_SET(
-					qat_req->comn_hdr.serv_specif_flags,
-					ICP_QAT_FW_CIPH_IV_64BIT_PTR);
-			cipher_param->u.s.cipher_IV_ptr =
-					rte_crypto_op_ctophys_offset(op,
-						ctx->cipher_iv.offset);
-		}
+		set_cipher_iv(ctx->cipher_iv.length, ctx->cipher_iv.offset,
+				cipher_param, op, qat_req);
 		min_ofs = cipher_ofs;
 	}
 
@@ -1034,10 +1087,18 @@ qat_write_hw_desc_entry(struct rte_crypto_op *op, uint8_t *out_msg,
 					ICP_QAT_HW_AUTH_ALGO_GALOIS_128 ||
 				ctx->qat_hash_alg ==
 					ICP_QAT_HW_AUTH_ALGO_GALOIS_64) {
-			auth_ofs = op->sym->cipher.data.offset;
-			auth_len = op->sym->cipher.data.length;
-
-			auth_param->u1.aad_adr = op->sym->auth.aad.phys_addr;
+			/* AES-GCM */
+			if (do_cipher) {
+				auth_ofs = op->sym->cipher.data.offset;
+				auth_len = op->sym->cipher.data.length;
+
+				auth_param->u1.aad_adr = op->sym->auth.aad.phys_addr;
+			/* AES-GMAC */
+			} else {
+				set_cipher_iv(ctx->auth_iv.length,
+					ctx->auth_iv.offset,
+					cipher_param, op, qat_req);
+			}
 		} else {
 			auth_ofs = op->sym->auth.data.offset;
 			auth_len = op->sym->auth.data.length;
@@ -1154,7 +1215,8 @@ qat_write_hw_desc_entry(struct rte_crypto_op *op, uint8_t *out_msg,
 
 	if (ctx->qat_hash_alg == ICP_QAT_HW_AUTH_ALGO_GALOIS_128 ||
 			ctx->qat_hash_alg == ICP_QAT_HW_AUTH_ALGO_GALOIS_64) {
-		if (ctx->cipher_iv.length == 12) {
+		if (ctx->cipher_iv.length == 12 ||
+				ctx->auth_iv.length == 12) {
 			/*
 			 * For GCM a 12 byte IV is allowed,
 			 * but we need to inform the f/w
@@ -1163,20 +1225,13 @@ qat_write_hw_desc_entry(struct rte_crypto_op *op, uint8_t *out_msg,
 				qat_req->comn_hdr.serv_specif_flags,
 				ICP_QAT_FW_LA_GCM_IV_LEN_12_OCTETS);
 		}
-		if (op->sym->cipher.data.length == 0) {
-			/*
-			 * GMAC
-			 */
-			qat_req->comn_mid.dest_data_addr =
-				qat_req->comn_mid.src_data_addr =
-						op->sym->auth.aad.phys_addr;
+		/* GMAC */
+		if (!do_cipher) {
 			qat_req->comn_mid.dst_length =
 				qat_req->comn_mid.src_length =
 					rte_pktmbuf_data_len(op->sym->m_src);
-			cipher_param->cipher_length = 0;
-			cipher_param->cipher_offset = 0;
 			auth_param->u1.aad_adr = 0;
-			auth_param->auth_len = ctx->aad_len;
+			auth_param->auth_len = op->sym->auth.data.length;
 			auth_param->auth_off = op->sym->auth.data.offset;
 			auth_param->u2.aad_sz = 0;
 		}
@@ -1188,9 +1243,13 @@ qat_write_hw_desc_entry(struct rte_crypto_op *op, uint8_t *out_msg,
 	rte_hexdump(stdout, "src_data:",
 			rte_pktmbuf_mtod(op->sym->m_src, uint8_t*),
 			rte_pktmbuf_data_len(op->sym->m_src));
-	if (do_cipher)
+	if (do_cipher) {
+		uint8_t *cipher_iv_ptr = rte_crypto_op_ctod_offset(op,
+						uint8_t *,
+						ctx->cipher_iv.offset);
 		rte_hexdump(stdout, "cipher iv:", cipher_iv_ptr,
 				ctx->cipher_iv.length);
+	}
 
 	if (do_auth) {
 		if (ctx->auth_iv.length) {
diff --git a/drivers/crypto/qat/qat_crypto_capabilities.h b/drivers/crypto/qat/qat_crypto_capabilities.h
index fbff148..d863ccd 100644
--- a/drivers/crypto/qat/qat_crypto_capabilities.h
+++ b/drivers/crypto/qat/qat_crypto_capabilities.h
@@ -232,12 +232,11 @@
 					.max = 16,			\
 					.increment = 4			\
 				},					\
-				.aad_size = {				\
-					.min = 1,			\
-					.max = 65535,			\
-					.increment = 1			\
-				},					\
-				.iv_size = { 0 }			\
+				.iv_size = {				\
+					.min = 12,			\
+					.max = 12,			\
+					.increment = 0			\
+				}					\
 			}, }						\
 		}, }							\
 	},								\
diff --git a/lib/librte_cryptodev/rte_crypto_sym.h b/lib/librte_cryptodev/rte_crypto_sym.h
index de4031a..f174e12 100644
--- a/lib/librte_cryptodev/rte_crypto_sym.h
+++ b/lib/librte_cryptodev/rte_crypto_sym.h
@@ -84,11 +84,10 @@ enum rte_crypto_cipher_algorithm {
 	/**< AES algorithm in F8 mode */
 	RTE_CRYPTO_CIPHER_AES_GCM,
 	/**< AES algorithm in GCM mode. When this cipher algorithm is used the
-	 * *RTE_CRYPTO_AUTH_AES_GCM* or *RTE_CRYPTO_AUTH_AES_GMAC* element
-	 * of the *rte_crypto_auth_algorithm* enum MUST be used to set up
-	 * the related *rte_crypto_auth_setup_data* structure in the session
-	 * context or in the op_params of the crypto operation structure
-	 * in the case of a session-less crypto operation.
+	 * *RTE_CRYPTO_AUTH_AES_GCM* element of the *rte_crypto_auth_algorithm*
+	 * enum MUST be used to set up the related *rte_crypto_auth_setup_data*
+	 * structure in the session context or in the op_params of the crypto
+	 * operation structure in the case of a session-less crypto operation.
 	 */
 	RTE_CRYPTO_CIPHER_AES_XTS,
 	/**< AES algorithm in XTS mode */
@@ -268,13 +267,7 @@ enum rte_crypto_auth_algorithm {
 	 * op_params parameter MUST be set for a session-less crypto operation.
 	 */
 	RTE_CRYPTO_AUTH_AES_GMAC,
-	/**< AES GMAC algorithm. When this hash algorithm
-	* is used, the RTE_CRYPTO_CIPHER_AES_GCM element of the
-	* rte_crypto_cipher_algorithm enum MUST be used to set up the related
-	* rte_crypto_cipher_setup_data structure in the session context,  or
-	* the corresponding parameter in the crypto operation data structures
-	* op_params parameter MUST be set for a session-less crypto operation.
-	*/
+	/**< AES GMAC algorithm. */
 	RTE_CRYPTO_AUTH_AES_XCBC_MAC,
 	/**< AES XCBC algorithm. */
 
@@ -384,11 +377,6 @@ struct rte_crypto_auth_xform {
 	 *   block B0 and the encoded length.  The maximum permitted value in
 	 *   this case is 222 bytes.
 	 *
-	 * @note
-	 *  For AES-GMAC (@ref RTE_CRYPTO_AUTH_AES_GMAC) mode of operation
-	 *  this field is not used and should be set to 0. Instead the length
-	 *  of the AAD data is specified in additional authentication data
-	 *  length field of the rte_crypto_sym_op_data structure
 	 */
 
 	struct {
@@ -522,10 +510,6 @@ struct rte_crypto_sym_op {
 			  * values.
 			  *
 			  * @note
-			  * For AES-GMAC @ref RTE_CRYPTO_AUTH_AES_GMAC, this
-			  * field should be set to 0.
-			  *
-			  * @note
 			  * For SNOW 3G @ RTE_CRYPTO_AUTH_SNOW3G_UEA2,
 			  * KASUMI @ RTE_CRYPTO_CIPHER_KASUMI_F8
 			  * and ZUC @ RTE_CRYPTO_CIPHER_ZUC_EEA3,
@@ -547,11 +531,6 @@ struct rte_crypto_sym_op {
 			  * ignored. The field @ref aad field
 			  * should be set instead.
 			  *
-			  * @note For AES-GMAC (@ref RTE_CRYPTO_AUTH_AES_GMAC)
-			  * mode of operation, this field is set to 0. aad data
-			  * pointer of rte_crypto_sym_op_data structure is
-			  * used instead
-			  *
 			  * @note
 			  * For SNOW 3G @ RTE_CRYPTO_AUTH_SNOW3G_UIA2,
 			  * KASUMI @ RTE_CRYPTO_AUTH_KASUMI_F9
@@ -569,11 +548,6 @@ struct rte_crypto_sym_op {
 			  * instead.
 			  *
 			  * @note
-			  * For AES-GMAC @ref RTE_CRYPTO_AUTH_AES_GMAC mode
-			  * of operation, this field is set to 0.
-			  * Auth.aad.length is used instead.
-			  *
-			  * @note
 			  * For SNOW 3G @ RTE_CRYPTO_AUTH_SNOW3G_UIA2,
 			  * KASUMI @ RTE_CRYPTO_AUTH_KASUMI_F9
 			  * and ZUC @ RTE_CRYPTO_AUTH_ZUC_EIA3,
@@ -644,9 +618,6 @@ struct rte_crypto_sym_op {
 			 * any space to round this up to the nearest multiple
 			 * of the block size (16 bytes).
 			 *
-			 * @note
-			 * For AES-GMAC (@ref RTE_CRYPTO_AUTH_AES_GMAC) mode of
-			 * operation, this field is used to pass plaintext.
 			 */
 			phys_addr_t phys_addr;	/**< physical address */
 		} aad;
diff --git a/test/test/test_cryptodev.c b/test/test/test_cryptodev.c
index 4698f26..00c32a4 100644
--- a/test/test/test_cryptodev.c
+++ b/test/test/test_cryptodev.c
@@ -6281,17 +6281,7 @@ create_gmac_operation(enum rte_crypto_auth_operation op,
 	struct crypto_unittest_params *ut_params = &unittest_params;
 	struct rte_crypto_sym_op *sym_op;
 
-	unsigned aad_pad_len;
-
-	aad_pad_len = RTE_ALIGN_CEIL(tdata->aad.len, 16);
-
-	/*
-	 * Runtime generate the large plain text instead of use hard code
-	 * plain text vector. It is done to avoid create huge source file
-	 * with the test vector.
-	 */
-	if (tdata->aad.len == GMAC_LARGE_PLAINTEXT_LENGTH)
-		generate_gmac_large_plaintext(tdata->aad.data);
+	uint32_t plaintext_pad_len = RTE_ALIGN_CEIL(tdata->plaintext.len, 16);
 
 	/* Generate Crypto op data structure */
 	ut_params->op = rte_crypto_op_alloc(ts_params->op_mpool,
@@ -6300,14 +6290,6 @@ create_gmac_operation(enum rte_crypto_auth_operation op,
 			"Failed to allocate symmetric crypto operation struct");
 
 	sym_op = ut_params->op->sym;
-	sym_op->auth.aad.data = (uint8_t *)rte_pktmbuf_append(ut_params->ibuf,
-			aad_pad_len);
-	TEST_ASSERT_NOT_NULL(sym_op->auth.aad.data,
-			"no room to append aad");
-
-	sym_op->auth.aad.phys_addr =
-			rte_pktmbuf_mtophys(ut_params->ibuf);
-	memcpy(sym_op->auth.aad.data, tdata->aad.data, tdata->aad.len);
 
 	sym_op->auth.digest.data = (uint8_t *)rte_pktmbuf_append(
 			ut_params->ibuf, tdata->gmac_tag.len);
@@ -6315,7 +6297,7 @@ create_gmac_operation(enum rte_crypto_auth_operation op,
 			"no room to append digest");
 
 	sym_op->auth.digest.phys_addr = rte_pktmbuf_mtophys_offset(
-			ut_params->ibuf, aad_pad_len);
+			ut_params->ibuf, plaintext_pad_len);
 
 	if (op == RTE_CRYPTO_AUTH_OP_VERIFY) {
 		rte_memcpy(sym_op->auth.digest.data, tdata->gmac_tag.data,
@@ -6336,31 +6318,20 @@ create_gmac_operation(enum rte_crypto_auth_operation op,
 	sym_op->cipher.data.offset = 0;
 
 	sym_op->auth.data.offset = 0;
-	sym_op->auth.data.length = 0;
+	sym_op->auth.data.length = tdata->plaintext.len;
 
 	return 0;
 }
 
 static int create_gmac_session(uint8_t dev_id,
-		enum rte_crypto_cipher_operation op,
 		const struct gmac_test_data *tdata,
 		enum rte_crypto_auth_operation auth_op)
 {
-	uint8_t cipher_key[tdata->key.len];
+	uint8_t auth_key[tdata->key.len];
 
 	struct crypto_unittest_params *ut_params = &unittest_params;
 
-	memcpy(cipher_key, tdata->key.data, tdata->key.len);
-
-	/* For GMAC we setup cipher parameters */
-	ut_params->cipher_xform.type = RTE_CRYPTO_SYM_XFORM_CIPHER;
-	ut_params->cipher_xform.next = NULL;
-	ut_params->cipher_xform.cipher.algo = RTE_CRYPTO_CIPHER_AES_GCM;
-	ut_params->cipher_xform.cipher.op = op;
-	ut_params->cipher_xform.cipher.key.data = cipher_key;
-	ut_params->cipher_xform.cipher.key.length = tdata->key.len;
-	ut_params->cipher_xform.cipher.iv.offset = IV_OFFSET;
-	ut_params->cipher_xform.cipher.iv.length = tdata->iv.len;
+	memcpy(auth_key, tdata->key.data, tdata->key.len);
 
 	ut_params->auth_xform.type = RTE_CRYPTO_SYM_XFORM_AUTH;
 	ut_params->auth_xform.next = NULL;
@@ -6368,14 +6339,15 @@ static int create_gmac_session(uint8_t dev_id,
 	ut_params->auth_xform.auth.algo = RTE_CRYPTO_AUTH_AES_GMAC;
 	ut_params->auth_xform.auth.op = auth_op;
 	ut_params->auth_xform.auth.digest_length = tdata->gmac_tag.len;
-	ut_params->auth_xform.auth.add_auth_data_length = tdata->aad.len;
-	ut_params->auth_xform.auth.key.length = 0;
-	ut_params->auth_xform.auth.key.data = NULL;
+	ut_params->auth_xform.auth.add_auth_data_length = 0;
+	ut_params->auth_xform.auth.key.length = tdata->key.len;
+	ut_params->auth_xform.auth.key.data = auth_key;
+	ut_params->auth_xform.auth.iv.offset = IV_OFFSET;
+	ut_params->auth_xform.auth.iv.length = tdata->iv.len;
 
-	ut_params->cipher_xform.next = &ut_params->auth_xform;
 
 	ut_params->sess = rte_cryptodev_sym_session_create(dev_id,
-			&ut_params->cipher_xform);
+			&ut_params->auth_xform);
 
 	TEST_ASSERT_NOT_NULL(ut_params->sess, "Session creation failed");
 
@@ -6390,20 +6362,19 @@ test_AES_GMAC_authentication(const struct gmac_test_data *tdata)
 
 	int retval;
 
-	uint8_t *auth_tag, *p;
-	uint16_t aad_pad_len;
+	uint8_t *auth_tag, *plaintext;
+	uint16_t plaintext_pad_len;
 
 	TEST_ASSERT_NOT_EQUAL(tdata->gmac_tag.len, 0,
 			      "No GMAC length in the source data");
 
 	retval = create_gmac_session(ts_params->valid_devs[0],
-			RTE_CRYPTO_CIPHER_OP_ENCRYPT,
 			tdata, RTE_CRYPTO_AUTH_OP_GENERATE);
 
 	if (retval < 0)
 		return retval;
 
-	if (tdata->aad.len > MBUF_SIZE)
+	if (tdata->plaintext.len > MBUF_SIZE)
 		ut_params->ibuf = rte_pktmbuf_alloc(ts_params->large_mbuf_pool);
 	else
 		ut_params->ibuf = rte_pktmbuf_alloc(ts_params->mbuf_pool);
@@ -6413,9 +6384,22 @@ test_AES_GMAC_authentication(const struct gmac_test_data *tdata)
 	memset(rte_pktmbuf_mtod(ut_params->ibuf, uint8_t *), 0,
 			rte_pktmbuf_tailroom(ut_params->ibuf));
 
-	aad_pad_len = RTE_ALIGN_CEIL(tdata->aad.len, 16);
+	plaintext_pad_len = RTE_ALIGN_CEIL(tdata->plaintext.len, 16);
+	/*
+	 * Runtime generate the large plain text instead of use hard code
+	 * plain text vector. It is done to avoid create huge source file
+	 * with the test vector.
+	 */
+	if (tdata->plaintext.len == GMAC_LARGE_PLAINTEXT_LENGTH)
+		generate_gmac_large_plaintext(tdata->plaintext.data);
+
+	plaintext = (uint8_t *)rte_pktmbuf_append(ut_params->ibuf,
+				plaintext_pad_len);
+	TEST_ASSERT_NOT_NULL(plaintext, "no room to append plaintext");
 
-	p = rte_pktmbuf_mtod(ut_params->ibuf, uint8_t *);
+	memcpy(plaintext, tdata->plaintext.data, tdata->plaintext.len);
+	TEST_HEXDUMP(stdout, "plaintext:", plaintext,
+			tdata->plaintext.len);
 
 	retval = create_gmac_operation(RTE_CRYPTO_AUTH_OP_GENERATE,
 			tdata);
@@ -6435,9 +6419,9 @@ test_AES_GMAC_authentication(const struct gmac_test_data *tdata)
 
 	if (ut_params->op->sym->m_dst) {
 		auth_tag = rte_pktmbuf_mtod_offset(ut_params->op->sym->m_dst,
-				uint8_t *, aad_pad_len);
+				uint8_t *, plaintext_pad_len);
 	} else {
-		auth_tag = p + aad_pad_len;
+		auth_tag = plaintext + plaintext_pad_len;
 	}
 
 	TEST_HEXDUMP(stdout, "auth tag:", auth_tag, tdata->gmac_tag.len);
@@ -6481,18 +6465,19 @@ test_AES_GMAC_authentication_verify(const struct gmac_test_data *tdata)
 	struct crypto_testsuite_params *ts_params = &testsuite_params;
 	struct crypto_unittest_params *ut_params = &unittest_params;
 	int retval;
+	uint32_t plaintext_pad_len;
+	uint8_t *plaintext;
 
 	TEST_ASSERT_NOT_EQUAL(tdata->gmac_tag.len, 0,
 			      "No GMAC length in the source data");
 
 	retval = create_gmac_session(ts_params->valid_devs[0],
-			RTE_CRYPTO_CIPHER_OP_DECRYPT,
 			tdata, RTE_CRYPTO_AUTH_OP_VERIFY);
 
 	if (retval < 0)
 		return retval;
 
-	if (tdata->aad.len > MBUF_SIZE)
+	if (tdata->plaintext.len > MBUF_SIZE)
 		ut_params->ibuf = rte_pktmbuf_alloc(ts_params->large_mbuf_pool);
 	else
 		ut_params->ibuf = rte_pktmbuf_alloc(ts_params->mbuf_pool);
@@ -6502,6 +6487,24 @@ test_AES_GMAC_authentication_verify(const struct gmac_test_data *tdata)
 	memset(rte_pktmbuf_mtod(ut_params->ibuf, uint8_t *), 0,
 			rte_pktmbuf_tailroom(ut_params->ibuf));
 
+	plaintext_pad_len = RTE_ALIGN_CEIL(tdata->plaintext.len, 16);
+
+	/*
+	 * Runtime generate the large plain text instead of use hard code
+	 * plain text vector. It is done to avoid create huge source file
+	 * with the test vector.
+	 */
+	if (tdata->plaintext.len == GMAC_LARGE_PLAINTEXT_LENGTH)
+		generate_gmac_large_plaintext(tdata->plaintext.data);
+
+	plaintext = (uint8_t *)rte_pktmbuf_append(ut_params->ibuf,
+				plaintext_pad_len);
+	TEST_ASSERT_NOT_NULL(plaintext, "no room to append plaintext");
+
+	memcpy(plaintext, tdata->plaintext.data, tdata->plaintext.len);
+	TEST_HEXDUMP(stdout, "plaintext:", plaintext,
+			tdata->plaintext.len);
+
 	retval = create_gmac_operation(RTE_CRYPTO_AUTH_OP_VERIFY,
 			tdata);
 
@@ -6615,8 +6618,7 @@ hmac_sha1_test_crypto_vector = {
 static const struct test_crypto_vector
 aes128_gmac_test_vector = {
 	.auth_algo = RTE_CRYPTO_AUTH_AES_GMAC,
-	.crypto_algo = RTE_CRYPTO_CIPHER_AES_GCM,
-	.aad = {
+	.plaintext = {
 		.data = plaintext_hash,
 		.len = 512
 	},
@@ -6627,7 +6629,7 @@ aes128_gmac_test_vector = {
 		},
 		.len = 12
 	},
-	.cipher_key = {
+	.auth_key = {
 		.data = {
 			0x42, 0x1A, 0x7D, 0x3D, 0xF5, 0x82, 0x80, 0xF1,
 			0xF1, 0x35, 0x5C, 0x3B, 0xDD, 0x9A, 0x65, 0xBA
@@ -6745,22 +6747,28 @@ create_auth_cipher_session(struct crypto_unittest_params *ut_params,
 	/* Setup Authentication Parameters */
 	ut_params->auth_xform.type = RTE_CRYPTO_SYM_XFORM_AUTH;
 	ut_params->auth_xform.auth.op = auth_op;
-	ut_params->auth_xform.next = &ut_params->cipher_xform;
 	ut_params->auth_xform.auth.algo = reference->auth_algo;
 	ut_params->auth_xform.auth.key.length = reference->auth_key.len;
 	ut_params->auth_xform.auth.key.data = auth_key;
 	ut_params->auth_xform.auth.digest_length = reference->digest.len;
-	ut_params->auth_xform.auth.add_auth_data_length = reference->aad.len;
 
-	/* Setup Cipher Parameters */
-	ut_params->cipher_xform.type = RTE_CRYPTO_SYM_XFORM_CIPHER;
-	ut_params->cipher_xform.next = NULL;
-	ut_params->cipher_xform.cipher.algo = reference->crypto_algo;
-	ut_params->cipher_xform.cipher.op = cipher_op;
-	ut_params->cipher_xform.cipher.key.data = cipher_key;
-	ut_params->cipher_xform.cipher.key.length = reference->cipher_key.len;
-	ut_params->cipher_xform.cipher.iv.offset = IV_OFFSET;
-	ut_params->cipher_xform.cipher.iv.length = reference->iv.len;
+	if (reference->auth_algo == RTE_CRYPTO_AUTH_AES_GMAC) {
+		ut_params->auth_xform.auth.iv.offset = IV_OFFSET;
+		ut_params->auth_xform.auth.iv.length = reference->iv.len;
+	} else {
+		ut_params->auth_xform.next = &ut_params->cipher_xform;
+		ut_params->auth_xform.auth.add_auth_data_length = reference->aad.len;
+
+		/* Setup Cipher Parameters */
+		ut_params->cipher_xform.type = RTE_CRYPTO_SYM_XFORM_CIPHER;
+		ut_params->cipher_xform.next = NULL;
+		ut_params->cipher_xform.cipher.algo = reference->crypto_algo;
+		ut_params->cipher_xform.cipher.op = cipher_op;
+		ut_params->cipher_xform.cipher.key.data = cipher_key;
+		ut_params->cipher_xform.cipher.key.length = reference->cipher_key.len;
+		ut_params->cipher_xform.cipher.iv.offset = IV_OFFSET;
+		ut_params->cipher_xform.cipher.iv.length = reference->iv.len;
+	}
 
 	/* Create Crypto session*/
 	ut_params->sess = rte_cryptodev_sym_session_create(dev_id,
@@ -6838,16 +6846,6 @@ create_auth_GMAC_operation(struct crypto_testsuite_params *ts_params,
 	/* set crypto operation source mbuf */
 	sym_op->m_src = ut_params->ibuf;
 
-	/* aad */
-	sym_op->auth.aad.data = (uint8_t *)rte_pktmbuf_append(ut_params->ibuf,
-			reference->aad.len);
-	TEST_ASSERT_NOT_NULL(sym_op->auth.aad.data, "no room to append AAD");
-	memcpy(sym_op->auth.aad.data, reference->aad.data, reference->aad.len);
-
-	TEST_HEXDUMP(stdout, "AAD:", sym_op->auth.aad.data, reference->aad.len);
-
-	sym_op->auth.aad.phys_addr = rte_pktmbuf_mtophys(ut_params->ibuf);
-
 	/* digest */
 	sym_op->auth.digest.data = (uint8_t *)rte_pktmbuf_append(
 			ut_params->ibuf, reference->digest.len);
@@ -6875,7 +6873,7 @@ create_auth_GMAC_operation(struct crypto_testsuite_params *ts_params,
 	sym_op->cipher.data.length = 0;
 	sym_op->cipher.data.offset = 0;
 
-	sym_op->auth.data.length = 0;
+	sym_op->auth.data.length = reference->plaintext.len;
 	sym_op->auth.data.offset = 0;
 
 	return 0;
@@ -7025,6 +7023,7 @@ test_authentication_verify_GMAC_fail_when_corruption(
 		unsigned int data_corrupted)
 {
 	int retval;
+	uint8_t *plaintext;
 
 	/* Create session */
 	retval = create_auth_cipher_session(ut_params,
@@ -7043,6 +7042,13 @@ test_authentication_verify_GMAC_fail_when_corruption(
 	memset(rte_pktmbuf_mtod(ut_params->ibuf, uint8_t *), 0,
 			rte_pktmbuf_tailroom(ut_params->ibuf));
 
+	plaintext = (uint8_t *)rte_pktmbuf_append(ut_params->ibuf,
+			reference->plaintext.len);
+	TEST_ASSERT_NOT_NULL(plaintext, "no room to append plaintext");
+	memcpy(plaintext, reference->plaintext.data, reference->plaintext.len);
+
+	TEST_HEXDUMP(stdout, "plaintext:", plaintext, reference->plaintext.len);
+
 	/* Create operation */
 	retval = create_auth_verify_GMAC_operation(ts_params,
 			ut_params,
@@ -7052,10 +7058,9 @@ test_authentication_verify_GMAC_fail_when_corruption(
 		return retval;
 
 	if (data_corrupted)
-		data_corruption(ut_params->op->sym->auth.aad.data);
+		data_corruption(plaintext);
 	else
-		tag_corruption(ut_params->op->sym->auth.aad.data,
-				reference->aad.len);
+		tag_corruption(plaintext, reference->aad.len);
 
 	ut_params->op = process_crypto_request(ts_params->valid_devs[0],
 			ut_params->op);
diff --git a/test/test/test_cryptodev_gcm_test_vectors.h b/test/test/test_cryptodev_gcm_test_vectors.h
index 5764edb..ac4b0d4 100644
--- a/test/test/test_cryptodev_gcm_test_vectors.h
+++ b/test/test/test_cryptodev_gcm_test_vectors.h
@@ -92,11 +92,6 @@ struct gmac_test_data {
 	struct {
 		uint8_t *data;
 		unsigned len;
-	} aad;
-
-	struct {
-		uint8_t *data;
-		unsigned len;
 	} plaintext;
 
 	struct {
@@ -1484,14 +1479,10 @@ static const struct gmac_test_data gmac_test_case_1 = {
 			0xde, 0xca, 0xf8, 0x88 },
 		.len = 12
 	},
-	.aad = {
+	.plaintext = {
 		.data = gmac_plaintext,
 		.len = 160
 	},
-	.plaintext = {
-		.data = NULL,
-		.len = 0
-	},
 	.gmac_tag = {
 		.data = {
 			0x4C, 0x0C, 0x4F, 0x47, 0x2D, 0x78, 0xF6, 0xD8,
@@ -1516,14 +1507,10 @@ static const struct gmac_test_data gmac_test_case_2 = {
 		    0x55, 0x61, 0xf0, 0x43, 0x15, },
 		.len = 12
 	},
-	.aad = {
+	.plaintext = {
 		.data = gmac_plaintext,
 		.len = 80
 	},
-	.plaintext = {
-		.data = NULL,
-		.len = 0
-	},
 	.gmac_tag = {
 		.data = {
 		    0xCF, 0x82, 0x80, 0x64, 0x02, 0x46, 0xF4, 0xFB,
@@ -1550,14 +1537,10 @@ static const struct gmac_test_data gmac_test_case_3 = {
 		},
 		.len = 12
 	},
-	.aad = {
+	.plaintext = {
 		.data = gmac_plaintext,
 		.len = 65
 	},
-	.plaintext = {
-		.data = NULL,
-		.len = 0
-	},
 	.gmac_tag = {
 		.data = {
 			0x77, 0x46, 0x0D, 0x6F, 0xB1, 0x87, 0xDB, 0xA9,
@@ -2214,14 +2197,10 @@ static const struct gmac_test_data gmac_test_case_4 = {
 		},
 		.len = 12
 	},
-	.aad = {
+	.plaintext = {
 		.data = gmac_plaintext,
 		.len = GMAC_LARGE_PLAINTEXT_LENGTH
 	},
-	.plaintext = {
-		.data = NULL,
-		.len = 0
-	},
 	.gmac_tag = {
 		.data = {
 			0x3f, 0x07, 0xcb, 0xb9, 0x86, 0x3a, 0xea, 0xc2,
-- 
2.9.4

^ permalink raw reply	[flat|nested] 100+ messages in thread

* [dpdk-dev] [PATCH v4 19/26] cryptodev: add AEAD specific data
  2017-07-02  5:41     ` [dpdk-dev] [PATCH v4 " Pablo de Lara
                         ` (17 preceding siblings ...)
  2017-07-02  5:41       ` [dpdk-dev] [PATCH v4 18/26] cryptodev: set AES-GMAC as auth-only algo Pablo de Lara
@ 2017-07-02  5:41       ` Pablo de Lara
  2017-07-02  5:41       ` [dpdk-dev] [PATCH v4 20/26] cryptodev: add AEAD parameters in crypto operation Pablo de Lara
                         ` (7 subsequent siblings)
  26 siblings, 0 replies; 100+ messages in thread
From: Pablo de Lara @ 2017-07-02  5:41 UTC (permalink / raw)
  To: declan.doherty, zbigniew.bodek, jerin.jacob, akhil.goyal,
	hemant.agrawal, fiona.trahe, john.griffin, deepak.k.jain
  Cc: dev, Pablo de Lara

AEAD algorithms such as AES-GCM needed to be
used as a concatenation of a cipher transform and
an authentication transform.

Instead, a new transform and functions to handle it
are created to support these kind of algorithms,
making their use easier.

Signed-off-by: Pablo de Lara <pablo.de.lara.guarch@intel.com>
Acked-by: Akhil Goyal <akhil.goyal@nxp.com>
Acked-by: Fiona Trahe <fiona.trahe@intel.com>
---
 doc/guides/prog_guide/cryptodev_lib.rst          | 14 +++--
 doc/guides/prog_guide/img/crypto_xform_chain.svg |  8 ++-
 doc/guides/rel_notes/release_17_08.rst           |  6 ++
 lib/librte_cryptodev/rte_crypto_sym.h            | 80 +++++++++++++++++++++++-
 lib/librte_cryptodev/rte_cryptodev.c             | 61 ++++++++++++++++++
 lib/librte_cryptodev/rte_cryptodev.h             | 52 ++++++++++++++-
 lib/librte_cryptodev/rte_cryptodev_version.map   |  4 ++
 7 files changed, 215 insertions(+), 10 deletions(-)

diff --git a/doc/guides/prog_guide/cryptodev_lib.rst b/doc/guides/prog_guide/cryptodev_lib.rst
index e036611..b888554 100644
--- a/doc/guides/prog_guide/cryptodev_lib.rst
+++ b/doc/guides/prog_guide/cryptodev_lib.rst
@@ -188,8 +188,9 @@ the device having hardware acceleration or supporting symmetric Crypto
 operations,
 
 The capabilities mechanism defines the individual algorithms/functions which
-the device supports, such as a specific symmetric Crypto cipher or
-authentication operation.
+the device supports, such as a specific symmetric Crypto cipher,
+authentication operation or Authenticated Encryption with Associated Data
+(AEAD) operation.
 
 
 Device Features
@@ -477,9 +478,8 @@ operations such as cipher encrypt and authentication generate, the next pointer
 allows transform to be chained together. Crypto devices which support chaining
 must publish the chaining of symmetric Crypto operations feature flag.
 
-Currently there are two transforms types cipher and authentication, to specify
-an AEAD operation it is required to chain a cipher and an authentication
-transform together. Also it is important to note that the order in which the
+Currently there are three transforms types cipher, authentication and AEAD.
+Also it is important to note that the order in which the
 transforms are passed indicates the order of the chaining.
 
 .. code-block:: c
@@ -494,6 +494,8 @@ transforms are passed indicates the order of the chaining.
             /**< Authentication / hash xform */
             struct rte_crypto_cipher_xform cipher;
             /**< Cipher xform */
+            struct rte_crypto_aead_xform aead;
+            /**< AEAD xform */
         };
     };
 
@@ -514,7 +516,7 @@ operations.
 
 As a minimum the symmetric operation must have a source data buffer (``m_src``),
 a valid session (or transform chain if in session-less mode) and the minimum
-authentication/ cipher parameters required depending on the type of operation
+authentication/ cipher/ AEAD parameters required depending on the type of operation
 specified in the session or the transform
 chain.
 
diff --git a/doc/guides/prog_guide/img/crypto_xform_chain.svg b/doc/guides/prog_guide/img/crypto_xform_chain.svg
index 4670a07..1368163 100644
--- a/doc/guides/prog_guide/img/crypto_xform_chain.svg
+++ b/doc/guides/prog_guide/img/crypto_xform_chain.svg
@@ -69,7 +69,9 @@
 						class="st3">auth</tspan><tspan class="st3">_</tspan><tspan class="st3">xform  </tspan><tspan x="16.02"
 						dy="1.425em" class="st4">struct </tspan><tspan class="st3">rte</tspan><tspan class="st3">_</tspan><tspan
 						class="st3">crypto</tspan><tspan class="st3">_</tspan><tspan class="st3">cipher</tspan><tspan class="st3">_</tspan><tspan
-						class="st3">xform</tspan></text>		</g>
+						class="st3">xform</tspan><tspan x="18.76" dy="1.425em" class="st4">struct </tspan><tspan
+                                                class="st3">rte</tspan><tspan class="st3">_</tspan><tspan class="st3">crypto</tspan><tspan class="st3">_</tspan><tspan
+                                                class="st3">aead</tspan><tspan class="st3">_</tspan><tspan class="st3">xform</tspan></text>		</g>
 		<g id="shape11-38" transform="translate(10.6711,-238.133)">
 			<title>Rounded Rectangle.26</title>
 			<desc>next transform (struct rte_crypto_sym_xform *)</desc>
@@ -116,7 +118,9 @@
 						class="st3">auth</tspan><tspan class="st3">_</tspan><tspan class="st3">xform  </tspan><tspan x="16.02"
 						dy="1.425em" class="st4">struct </tspan><tspan class="st3">rte</tspan><tspan class="st3">_</tspan><tspan
 						class="st3">crypto</tspan><tspan class="st3">_</tspan><tspan class="st3">cipher</tspan><tspan class="st3">_</tspan><tspan
-						class="st3">xform</tspan></text>		</g>
+						class="st3">xform</tspan><tspan x="18.76" dy="1.425em" class="st4">struct </tspan><tspan
+                                                class="st3">rte</tspan><tspan class="st3">_</tspan><tspan class="st3">crypto</tspan><tspan class="st3">_</tspan><tspan
+                                                class="st3">aead</tspan><tspan class="st3">_</tspan><tspan class="st3">xform</tspan></text>		</g>
 		<g id="shape15-102" transform="translate(209.592,-163.865)">
 			<title>Rounded Rectangle.32</title>
 			<desc>next transform (struct rte_crypto_sym_xform *)</desc>
diff --git a/doc/guides/rel_notes/release_17_08.rst b/doc/guides/rel_notes/release_17_08.rst
index a544639..b920142 100644
--- a/doc/guides/rel_notes/release_17_08.rst
+++ b/doc/guides/rel_notes/release_17_08.rst
@@ -75,6 +75,12 @@ New Features
 
   Added support for firmwares with multiple Ethernet ports per physical port.
 
+* **Updated cryptodev library.**
+
+  Added AEAD algorithm specific functions and structures, so it is not
+  necessary to use a combination of cipher and authentication
+  structures anymore.
+
 
 Resolved Issues
 ---------------
diff --git a/lib/librte_cryptodev/rte_crypto_sym.h b/lib/librte_cryptodev/rte_crypto_sym.h
index f174e12..db3957e 100644
--- a/lib/librte_cryptodev/rte_crypto_sym.h
+++ b/lib/librte_cryptodev/rte_crypto_sym.h
@@ -404,11 +404,87 @@ struct rte_crypto_auth_xform {
 	} iv;	/**< Initialisation vector parameters */
 };
 
+
+/** Symmetric AEAD Algorithms */
+enum rte_crypto_aead_algorithm {
+	RTE_CRYPTO_AEAD_AES_CCM = 1,
+	/**< AES algorithm in CCM mode. */
+	RTE_CRYPTO_AEAD_AES_GCM,
+	/**< AES algorithm in GCM mode. */
+	RTE_CRYPTO_AEAD_LIST_END
+};
+
+/** AEAD algorithm name strings */
+extern const char *
+rte_crypto_aead_algorithm_strings[];
+
+/** Symmetric AEAD Operations */
+enum rte_crypto_aead_operation {
+	RTE_CRYPTO_AEAD_OP_ENCRYPT,
+	/**< Encrypt and generate digest */
+	RTE_CRYPTO_AEAD_OP_DECRYPT
+	/**< Verify digest and decrypt */
+};
+
+/** Authentication operation name strings */
+extern const char *
+rte_crypto_aead_operation_strings[];
+
+struct rte_crypto_aead_xform {
+	enum rte_crypto_aead_operation op;
+	/**< AEAD operation type */
+	enum rte_crypto_aead_algorithm algo;
+	/**< AEAD algorithm selection */
+
+	struct {
+		uint8_t *data;  /**< pointer to key data */
+		size_t length;   /**< key length in bytes */
+	} key;
+
+	struct {
+		uint16_t offset;
+		/**< Starting point for Initialisation Vector or Counter,
+		 * specified as number of bytes from start of crypto
+		 * operation (rte_crypto_op).
+		 *
+		 * - For GCM mode, this is either the IV (if the length
+		 * is 96 bits) or J0 (for other sizes), where J0 is as
+		 * defined by NIST SP800-38D. Regardless of the IV
+		 * length, a full 16 bytes needs to be allocated.
+		 *
+		 * - For CCM mode, the first byte is reserved, and the
+		 * nonce should be written starting at &iv[1] (to allow
+		 * space for the implementation to write in the flags
+		 * in the first byte). Note that a full 16 bytes should
+		 * be allocated, even though the length field will
+		 * have a value less than this.
+		 *
+		 * For optimum performance, the data pointed to SHOULD
+		 * be 8-byte aligned.
+		 */
+		uint16_t length;
+		/**< Length of valid IV data.
+		 *
+		 * - For GCM mode, this is either 12 (for 96-bit IVs)
+		 * or 16, in which case data points to J0.
+		 *
+		 * - For CCM mode, this is the length of the nonce,
+		 * which can be in the range 7 to 13 inclusive.
+		 */
+	} iv;	/**< Initialisation vector parameters */
+
+	uint32_t digest_length;
+
+	uint16_t add_auth_data_length;
+	/**< The length of the additional authenticated data (AAD) in bytes. */
+};
+
 /** Crypto transformation types */
 enum rte_crypto_sym_xform_type {
 	RTE_CRYPTO_SYM_XFORM_NOT_SPECIFIED = 0,	/**< No xform specified */
 	RTE_CRYPTO_SYM_XFORM_AUTH,		/**< Authentication xform */
-	RTE_CRYPTO_SYM_XFORM_CIPHER		/**< Cipher xform  */
+	RTE_CRYPTO_SYM_XFORM_CIPHER,		/**< Cipher xform  */
+	RTE_CRYPTO_SYM_XFORM_AEAD		/**< AEAD xform  */
 };
 
 /**
@@ -431,6 +507,8 @@ struct rte_crypto_sym_xform {
 		/**< Authentication / hash xform */
 		struct rte_crypto_cipher_xform cipher;
 		/**< Cipher xform */
+		struct rte_crypto_aead_xform aead;
+		/**< AEAD xform */
 	};
 };
 
diff --git a/lib/librte_cryptodev/rte_cryptodev.c b/lib/librte_cryptodev/rte_cryptodev.c
index 5aa177f..60dc5e5 100644
--- a/lib/librte_cryptodev/rte_cryptodev.c
+++ b/lib/librte_cryptodev/rte_cryptodev.c
@@ -176,6 +176,26 @@ rte_crypto_auth_algorithm_strings[] = {
 	[RTE_CRYPTO_AUTH_ZUC_EIA3]	= "zuc-eia3"
 };
 
+/**
+ * The crypto AEAD algorithm strings identifiers.
+ * It could be used in application command line.
+ */
+const char *
+rte_crypto_aead_algorithm_strings[] = {
+	[RTE_CRYPTO_AEAD_AES_CCM]	= "aes-ccm",
+	[RTE_CRYPTO_AEAD_AES_GCM]	= "aes-gcm",
+};
+
+/**
+ * The crypto AEAD operation strings identifiers.
+ * It could be used in application command line.
+ */
+const char *
+rte_crypto_aead_operation_strings[] = {
+	[RTE_CRYPTO_AEAD_OP_ENCRYPT]	= "encrypt",
+	[RTE_CRYPTO_AEAD_OP_DECRYPT]	= "decrypt"
+};
+
 int
 rte_cryptodev_get_cipher_algo_enum(enum rte_crypto_cipher_algorithm *algo_enum,
 		const char *algo_string)
@@ -210,6 +230,23 @@ rte_cryptodev_get_auth_algo_enum(enum rte_crypto_auth_algorithm *algo_enum,
 	return -1;
 }
 
+int
+rte_cryptodev_get_aead_algo_enum(enum rte_crypto_aead_algorithm *algo_enum,
+		const char *algo_string)
+{
+	unsigned int i;
+
+	for (i = 1; i < RTE_DIM(rte_crypto_aead_algorithm_strings); i++) {
+		if (strcmp(algo_string, rte_crypto_aead_algorithm_strings[i]) == 0) {
+			*algo_enum = (enum rte_crypto_aead_algorithm) i;
+			return 0;
+		}
+	}
+
+	/* Invalid string */
+	return -1;
+}
+
 /**
  * The crypto auth operation strings identifiers.
  * It could be used in application command line.
@@ -245,6 +282,10 @@ rte_cryptodev_sym_capability_get(uint8_t dev_id,
 		if (idx->type == RTE_CRYPTO_SYM_XFORM_CIPHER &&
 			capability->sym.cipher.algo == idx->algo.cipher)
 			return &capability->sym;
+
+		if (idx->type == RTE_CRYPTO_SYM_XFORM_AEAD &&
+				capability->sym.aead.algo == idx->algo.aead)
+			return &capability->sym;
 	}
 
 	return NULL;
@@ -290,6 +331,26 @@ rte_cryptodev_sym_capability_check_auth(
 	return 0;
 }
 
+int
+rte_cryptodev_sym_capability_check_aead(
+		const struct rte_cryptodev_symmetric_capability *capability,
+		uint16_t key_size, uint16_t digest_size, uint16_t aad_size,
+		uint16_t iv_size)
+{
+	if (param_range_check(key_size, capability->aead.key_size))
+		return -1;
+
+	if (param_range_check(digest_size, capability->aead.digest_size))
+		return -1;
+
+	if (param_range_check(aad_size, capability->aead.aad_size))
+		return -1;
+
+	if (param_range_check(iv_size, capability->aead.iv_size))
+		return -1;
+
+	return 0;
+}
 
 const char *
 rte_cryptodev_get_feature_name(uint64_t flag)
diff --git a/lib/librte_cryptodev/rte_cryptodev.h b/lib/librte_cryptodev/rte_cryptodev.h
index 75b423a..c47a3f6 100644
--- a/lib/librte_cryptodev/rte_cryptodev.h
+++ b/lib/librte_cryptodev/rte_cryptodev.h
@@ -170,7 +170,7 @@ struct rte_crypto_param_range {
  */
 struct rte_cryptodev_symmetric_capability {
 	enum rte_crypto_sym_xform_type xform_type;
-	/**< Transform type : Authentication / Cipher */
+	/**< Transform type : Authentication / Cipher / AEAD */
 	RTE_STD_C11
 	union {
 		struct {
@@ -199,6 +199,20 @@ struct rte_cryptodev_symmetric_capability {
 			/**< Initialisation vector data size range */
 		} cipher;
 		/**< Symmetric Cipher transform capabilities */
+		struct {
+			enum rte_crypto_aead_algorithm algo;
+			/**< AEAD algorithm */
+			uint16_t block_size;
+			/**< algorithm block size */
+			struct rte_crypto_param_range key_size;
+			/**< AEAD key size range */
+			struct rte_crypto_param_range digest_size;
+			/**< digest size range */
+			struct rte_crypto_param_range aad_size;
+			/**< Additional authentication data size range */
+			struct rte_crypto_param_range iv_size;
+			/**< Initialisation vector data size range */
+		} aead;
 	};
 };
 
@@ -220,6 +234,7 @@ struct rte_cryptodev_sym_capability_idx {
 	union {
 		enum rte_crypto_cipher_algorithm cipher;
 		enum rte_crypto_auth_algorithm auth;
+		enum rte_crypto_aead_algorithm aead;
 	} algo;
 };
 
@@ -275,6 +290,26 @@ rte_cryptodev_sym_capability_check_auth(
 		uint16_t iv_size);
 
 /**
+ * Check if key, digest, AAD and initial vector sizes are supported
+ * in crypto AEAD capability
+ *
+ * @param	capability	Description of the symmetric crypto capability.
+ * @param	key_size	AEAD key size.
+ * @param	digest_size	AEAD digest size.
+ * @param	aad_size	AEAD AAD size.
+ * @param	iv_size		AEAD IV size.
+ *
+ * @return
+ *   - Return 0 if the parameters are in range of the capability.
+ *   - Return -1 if the parameters are out of range of the capability.
+ */
+int
+rte_cryptodev_sym_capability_check_aead(
+		const struct rte_cryptodev_symmetric_capability *capability,
+		uint16_t key_size, uint16_t digest_size, uint16_t aad_size,
+		uint16_t iv_size);
+
+/**
  * Provide the cipher algorithm enum, given an algorithm string
  *
  * @param	algo_enum	A pointer to the cipher algorithm
@@ -304,6 +339,21 @@ int
 rte_cryptodev_get_auth_algo_enum(enum rte_crypto_auth_algorithm *algo_enum,
 		const char *algo_string);
 
+/**
+ * Provide the AEAD algorithm enum, given an algorithm string
+ *
+ * @param	algo_enum	A pointer to the AEAD algorithm
+ *				enum to be filled
+ * @param	algo_string	AEAD algorithm string
+ *
+ * @return
+ * - Return -1 if string is not valid
+ * - Return 0 is the string is valid
+ */
+int
+rte_cryptodev_get_aead_algo_enum(enum rte_crypto_aead_algorithm *algo_enum,
+		const char *algo_string);
+
 /** Macro used at end of crypto PMD list */
 #define RTE_CRYPTODEV_END_OF_CAPABILITIES_LIST() \
 	{ RTE_CRYPTO_OP_TYPE_UNDEFINED }
diff --git a/lib/librte_cryptodev/rte_cryptodev_version.map b/lib/librte_cryptodev/rte_cryptodev_version.map
index 7191607..ea0b561 100644
--- a/lib/librte_cryptodev/rte_cryptodev_version.map
+++ b/lib/librte_cryptodev/rte_cryptodev_version.map
@@ -62,9 +62,13 @@ DPDK_17.05 {
 DPDK_17.08 {
 	global:
 
+	rte_cryptodev_get_aead_algo_enum;
 	rte_cryptodev_pci_generic_probe;
 	rte_cryptodev_pci_generic_remove;
+	rte_cryptodev_sym_capability_check_aead;
 	rte_cryptodev_vdev_parse_init_params;
 	rte_cryptodev_vdev_pmd_init;
+	rte_crypto_aead_algorithm_strings;
+	rte_crypto_aead_operation_strings;
 
 } DPDK_17.05;
-- 
2.9.4

^ permalink raw reply	[flat|nested] 100+ messages in thread

* [dpdk-dev] [PATCH v4 20/26] cryptodev: add AEAD parameters in crypto operation
  2017-07-02  5:41     ` [dpdk-dev] [PATCH v4 " Pablo de Lara
                         ` (18 preceding siblings ...)
  2017-07-02  5:41       ` [dpdk-dev] [PATCH v4 19/26] cryptodev: add AEAD specific data Pablo de Lara
@ 2017-07-02  5:41       ` Pablo de Lara
  2017-07-02  5:41       ` [dpdk-dev] [PATCH v4 21/26] examples/l2fwd-crypto: avoid too many tabs Pablo de Lara
                         ` (6 subsequent siblings)
  26 siblings, 0 replies; 100+ messages in thread
From: Pablo de Lara @ 2017-07-02  5:41 UTC (permalink / raw)
  To: declan.doherty, zbigniew.bodek, jerin.jacob, akhil.goyal,
	hemant.agrawal, fiona.trahe, john.griffin, deepak.k.jain
  Cc: dev, Pablo de Lara

AEAD operation parameters can be set in the new
aead structure, in the crypto operation.
This structure is within a union with the cipher
and authentication parameters, since operations can be:
- AEAD: using the aead structure

- Cipher only: using only the cipher structure

- Auth only: using only the authentication structure

- Cipher-then-auth/Auth-then-cipher: using both cipher
  and authentication structures

Therefore, all three cannot be used at the same time.

Signed-off-by: Pablo de Lara <pablo.de.lara.guarch@intel.com>
Acked-by: Akhil Goyal <akhil.goyal@nxp.com>
Acked-by: Fiona Trahe <fiona.trahe@intel.com>
---
 doc/guides/prog_guide/cryptodev_lib.rst |  70 +++---
 doc/guides/rel_notes/release_17_08.rst  |   1 +
 lib/librte_cryptodev/rte_crypto_sym.h   | 375 ++++++++++++++++++++------------
 3 files changed, 279 insertions(+), 167 deletions(-)

diff --git a/doc/guides/prog_guide/cryptodev_lib.rst b/doc/guides/prog_guide/cryptodev_lib.rst
index b888554..5048839 100644
--- a/doc/guides/prog_guide/cryptodev_lib.rst
+++ b/doc/guides/prog_guide/cryptodev_lib.rst
@@ -431,7 +431,6 @@ operations, as well as also supporting AEAD operations.
 
 
 Session and Session Management
-~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
 
 Session are used in symmetric cryptographic processing to store the immutable
 data defined in a cryptographic transform which is used in the operation
@@ -465,9 +464,6 @@ operation and its parameters. See the section below for details on transforms.
    struct rte_cryptodev_sym_session * rte_cryptodev_sym_session_create(
           uint8_t dev_id, struct rte_crypto_sym_xform *xform);
 
-**Note**: For AEAD operations the algorithm selected for authentication and
-ciphering must aligned, eg AES_GCM.
-
 
 Transforms and Transform Chaining
 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
@@ -533,30 +529,54 @@ chain.
             /**< Session-less API Crypto operation parameters */
         };
 
-        struct {
-            struct {
-                uint32_t offset;
-                uint32_t length;
-            } data;   /**< Data offsets and length for ciphering */
-        } cipher;
-
-        struct {
-            struct {
-                uint32_t offset;
-                uint32_t length;
-            } data;   /**< Data offsets and length for authentication */
-
+        union {
             struct {
-                uint8_t *data;
-                phys_addr_t phys_addr;
-            } digest; /**< Digest parameters */
+                struct {
+                    uint32_t offset;
+                    uint32_t length;
+                } data; /**< Data offsets and length for AEAD */
+
+                struct {
+                    uint8_t *data;
+                    phys_addr_t phys_addr;
+                } digest; /**< Digest parameters */
+
+                struct {
+                    uint8_t *data;
+                    phys_addr_t phys_addr;
+                } aad;
+                /**< Additional authentication parameters */
+            } aead;
 
             struct {
-                uint8_t *data;
-                phys_addr_t phys_addr;
-            } aad;    /**< Additional authentication parameters */
-        } auth;
-    }
+                struct {
+                    struct {
+                        uint32_t offset;
+                        uint32_t length;
+                    } data; /**< Data offsets and length for ciphering */
+                } cipher;
+
+                struct {
+                    struct {
+                        uint32_t offset;
+                        uint32_t length;
+                    } data;
+                    /**< Data offsets and length for authentication */
+
+                    struct {
+                        uint8_t *data;
+                        phys_addr_t phys_addr;
+                    } digest; /**< Digest parameters */
+
+                    struct {
+                        uint8_t *data;
+                        phys_addr_t phys_addr;
+                    } aad;
+                    /**< Additional authentication parameters */
+                } auth;
+            };
+        };
+    };
 
 
 Asymmetric Cryptography
diff --git a/doc/guides/rel_notes/release_17_08.rst b/doc/guides/rel_notes/release_17_08.rst
index b920142..2c6bef5 100644
--- a/doc/guides/rel_notes/release_17_08.rst
+++ b/doc/guides/rel_notes/release_17_08.rst
@@ -175,6 +175,7 @@ API Changes
   * Removed digest length from ``rte_crypto_sym_op``.
   * Changed field size of digest length in ``rte_crypto_auth_xform``,
     from uint32_t to uint16_t.
+  * Added AEAD structure in ``rte_crypto_sym_op``.
 
 
 ABI Changes
diff --git a/lib/librte_cryptodev/rte_crypto_sym.h b/lib/librte_cryptodev/rte_crypto_sym.h
index db3957e..f03d2fd 100644
--- a/lib/librte_cryptodev/rte_crypto_sym.h
+++ b/lib/librte_cryptodev/rte_crypto_sym.h
@@ -556,151 +556,242 @@ struct rte_crypto_sym_op {
 		/**< Session-less API crypto operation parameters */
 	};
 
-	struct {
-		struct {
-			uint32_t offset;
-			 /**< Starting point for cipher processing, specified
-			  * as number of bytes from start of data in the source
-			  * buffer. The result of the cipher operation will be
-			  * written back into the output buffer starting at
-			  * this location.
-			  *
-			  * @note
-			  * For SNOW 3G @ RTE_CRYPTO_CIPHER_SNOW3G_UEA2,
-			  * KASUMI @ RTE_CRYPTO_CIPHER_KASUMI_F8
-			  * and ZUC @ RTE_CRYPTO_CIPHER_ZUC_EEA3,
-			  * this field should be in bits.
-			  */
-
-			uint32_t length;
-			 /**< The message length, in bytes, of the source buffer
-			  * on which the cryptographic operation will be
-			  * computed. This must be a multiple of the block size
-			  * if a block cipher is being used. This is also the
-			  * same as the result length.
-			  *
-			  * @note
-			  * In the case of CCM @ref RTE_CRYPTO_AUTH_AES_CCM,
-			  * this value should not include the length of the
-			  * padding or the length of the MAC; the driver will
-			  * compute the actual number of bytes over which the
-			  * encryption will occur, which will include these
-			  * values.
-			  *
-			  * @note
-			  * For SNOW 3G @ RTE_CRYPTO_AUTH_SNOW3G_UEA2,
-			  * KASUMI @ RTE_CRYPTO_CIPHER_KASUMI_F8
-			  * and ZUC @ RTE_CRYPTO_CIPHER_ZUC_EEA3,
-			  * this field should be in bits.
-			  */
-		} data; /**< Data offsets and length for ciphering */
-
-	} cipher;
-
-	struct {
-		struct {
-			uint32_t offset;
-			 /**< Starting point for hash processing, specified as
-			  * number of bytes from start of packet in source
-			  * buffer.
-			  *
-			  * @note
-			  * For CCM and GCM modes of operation, this field is
-			  * ignored. The field @ref aad field
-			  * should be set instead.
-			  *
-			  * @note
-			  * For SNOW 3G @ RTE_CRYPTO_AUTH_SNOW3G_UIA2,
-			  * KASUMI @ RTE_CRYPTO_AUTH_KASUMI_F9
-			  * and ZUC @ RTE_CRYPTO_AUTH_ZUC_EIA3,
-			  * this field should be in bits.
-			  */
-
-			uint32_t length;
-			 /**< The message length, in bytes, of the source
-			  * buffer that the hash will be computed on.
-			  *
-			  * @note
-			  * For CCM and GCM modes of operation, this field is
-			  * ignored. The field @ref aad field should be set
-			  * instead.
-			  *
-			  * @note
-			  * For SNOW 3G @ RTE_CRYPTO_AUTH_SNOW3G_UIA2,
-			  * KASUMI @ RTE_CRYPTO_AUTH_KASUMI_F9
-			  * and ZUC @ RTE_CRYPTO_AUTH_ZUC_EIA3,
-			  * this field should be in bits.
-			  */
-		} data; /**< Data offsets and length for authentication */
-
+	union {
 		struct {
-			uint8_t *data;
-			/**< This points to the location where the digest result
-			 * should be inserted (in the case of digest generation)
-			 * or where the purported digest exists (in the case of
-			 * digest verification).
-			 *
-			 * At session creation time, the client specified the
-			 * digest result length with the digest_length member
-			 * of the @ref rte_crypto_auth_xform structure. For
-			 * physical crypto devices the caller must allocate at
-			 * least digest_length of physically contiguous memory
-			 * at this location.
-			 *
-			 * For digest generation, the digest result will
-			 * overwrite any data at this location.
-			 *
-			 * @note
-			 * For GCM (@ref RTE_CRYPTO_AUTH_AES_GCM), for
-			 * "digest result" read "authentication tag T".
-			 */
-			phys_addr_t phys_addr;
-			/**< Physical address of digest */
-		} digest; /**< Digest parameters */
+			struct {
+				uint32_t offset;
+				 /**< Starting point for AEAD processing, specified as
+				  * number of bytes from start of packet in source
+				  * buffer.
+				  */
+				uint32_t length;
+				 /**< The message length, in bytes, of the source buffer
+				  * on which the cryptographic operation will be
+				  * computed. This must be a multiple of the block size
+				  */
+			} data; /**< Data offsets and length for AEAD */
+			struct {
+				uint8_t *data;
+				/**< This points to the location where the digest result
+				 * should be inserted (in the case of digest generation)
+				 * or where the purported digest exists (in the case of
+				 * digest verification).
+				 *
+				 * At session creation time, the client specified the
+				 * digest result length with the digest_length member
+				 * of the @ref rte_crypto_auth_xform structure. For
+				 * physical crypto devices the caller must allocate at
+				 * least digest_length of physically contiguous memory
+				 * at this location.
+				 *
+				 * For digest generation, the digest result will
+				 * overwrite any data at this location.
+				 *
+				 * @note
+				 * For GCM (@ref RTE_CRYPTO_AEAD_AES_GCM), for
+				 * "digest result" read "authentication tag T".
+				 */
+				phys_addr_t phys_addr;
+				/**< Physical address of digest */
+			} digest; /**< Digest parameters */
+			struct {
+				uint8_t *data;
+				/**< Pointer to Additional Authenticated Data (AAD)
+				 * needed for authenticated cipher mechanisms (CCM and
+				 * GCM)
+				 *
+				 * Specifically for CCM (@ref RTE_CRYPTO_AEAD_AES_CCM),
+				 * the caller should setup this field as follows:
+				 *
+				 * - the nonce should be written starting at an offset
+				 * of one byte into the array, leaving room for the
+				 * implementation to write in the flags to the first
+				 * byte.
+				 *
+				 * - the additional  authentication data itself should
+				 * be written starting at an offset of 18 bytes into
+				 * the array, leaving room for the length encoding in
+				 * the first two bytes of the second block.
+				 *
+				 * - the array should be big enough to hold the above
+				 *  fields, plus any padding to round this up to the
+				 *  nearest multiple of the block size (16 bytes).
+				 *  Padding will be added by the implementation.
+				 *
+				 * Finally, for GCM (@ref RTE_CRYPTO_AEAD_AES_GCM), the
+				 * caller should setup this field as follows:
+				 *
+				 * - the AAD is written in starting at byte 0
+				 * - the array must be big enough to hold the AAD, plus
+				 * any space to round this up to the nearest multiple
+				 * of the block size (16 bytes).
+				 *
+				 */
+				phys_addr_t phys_addr;	/**< physical address */
+			} aad;
+			/**< Additional authentication parameters */
+		} aead;
 
 		struct {
-			uint8_t *data;
-			/**< Pointer to Additional Authenticated Data (AAD)
-			 * needed for authenticated cipher mechanisms (CCM and
-			 * GCM).
-			 *
-			 * The length of the data pointed to by this field is
-			 * set up for the session in the @ref
-			 * rte_crypto_auth_xform structure as part of the @ref
-			 * rte_cryptodev_sym_session_create function call.
-			 * This length must not exceed 65535 (2^16-1) bytes.
-			 *
-			 * Specifically for CCM (@ref RTE_CRYPTO_AUTH_AES_CCM),
-			 * the caller should setup this field as follows:
-			 *
-			 * - the nonce should be written starting at an offset
-			 * of one byte into the array, leaving room for the
-			 * implementation to write in the flags to the first
-			 *  byte.
-			 *
-			 * - the additional  authentication data itself should
-			 * be written starting at an offset of 18 bytes into
-			 * the array, leaving room for the length encoding in
-			 * the first two bytes of the second block.
-			 *
-			 * - the array should be big enough to hold the above
-			 *  fields, plus any padding to round this up to the
-			 *  nearest multiple of the block size (16 bytes).
-			 *  Padding will be added by the implementation.
-			 *
-			 * Finally, for GCM (@ref RTE_CRYPTO_AUTH_AES_GCM), the
-			 * caller should setup this field as follows:
-			 *
-			 * - the AAD is written in starting at byte 0
-			 * - the array must be big enough to hold the AAD, plus
-			 * any space to round this up to the nearest multiple
-			 * of the block size (16 bytes).
-			 *
-			 */
-			phys_addr_t phys_addr;	/**< physical address */
-		} aad;
-		/**< Additional authentication parameters */
-	} auth;
+			struct {
+				struct {
+					uint32_t offset;
+					 /**< Starting point for cipher processing,
+					  * specified as number of bytes from start
+					  * of data in the source buffer.
+					  * The result of the cipher operation will be
+					  * written back into the output buffer
+					  * starting at this location.
+					  *
+					  * @note
+					  * For SNOW 3G @ RTE_CRYPTO_CIPHER_SNOW3G_UEA2,
+					  * KASUMI @ RTE_CRYPTO_CIPHER_KASUMI_F8
+					  * and ZUC @ RTE_CRYPTO_CIPHER_ZUC_EEA3,
+					  * this field should be in bits.
+					  */
+					uint32_t length;
+					 /**< The message length, in bytes, of the
+					  * source buffer on which the cryptographic
+					  * operation will be computed.
+					  * This must be a multiple of the block size
+					  * if a block cipher is being used. This is
+					  * also the same as the result length.
+					  *
+					  * @note
+					  * In the case of CCM
+					  * @ref RTE_CRYPTO_AUTH_AES_CCM, this value
+					  * should not include the length of the padding
+					  * or the length of the MAC; the driver will
+					  * compute the actual number of bytes over
+					  * which the encryption will occur, which will
+					  * include these values.
+					  *
+					  * @note
+					  * For SNOW 3G @ RTE_CRYPTO_AUTH_SNOW3G_UEA2,
+					  * KASUMI @ RTE_CRYPTO_CIPHER_KASUMI_F8
+					  * and ZUC @ RTE_CRYPTO_CIPHER_ZUC_EEA3,
+					  * this field should be in bits.
+					  */
+				} data; /**< Data offsets and length for ciphering */
+			} cipher;
+
+			struct {
+				struct {
+					uint32_t offset;
+					 /**< Starting point for hash processing,
+					  * specified as number of bytes from start of
+					  * packet in source buffer.
+					  *
+					  * @note
+					  * For CCM and GCM modes of operation,
+					  * this field is ignored.
+					  * The field @ref aad field should be set
+					  * instead.
+					  *
+					  * @note
+					  * For SNOW 3G @ RTE_CRYPTO_AUTH_SNOW3G_UIA2,
+					  * KASUMI @ RTE_CRYPTO_AUTH_KASUMI_F9
+					  * and ZUC @ RTE_CRYPTO_AUTH_ZUC_EIA3,
+					  * this field should be in bits.
+					  */
+					uint32_t length;
+					 /**< The message length, in bytes, of the source
+					  * buffer that the hash will be computed on.
+					  *
+					  * @note
+					  * For CCM and GCM modes of operation,
+					  * this field is ignored. The field @ref aad
+					  * field should be set instead.
+					  *
+					  * @note
+					  * For SNOW 3G @ RTE_CRYPTO_AUTH_SNOW3G_UIA2,
+					  * KASUMI @ RTE_CRYPTO_AUTH_KASUMI_F9
+					  * and ZUC @ RTE_CRYPTO_AUTH_ZUC_EIA3,
+					  * this field should be in bits.
+					  */
+				} data;
+				/**< Data offsets and length for authentication */
+
+				struct {
+					uint8_t *data;
+					/**< This points to the location where
+					 * the digest result should be inserted
+					 * (in the case of digest generation)
+					 * or where the purported digest exists
+					 * (in the case of digest verification).
+					 *
+					 * At session creation time, the client
+					 * specified the digest result length with
+					 * the digest_length member of the
+					 * @ref rte_crypto_auth_xform structure.
+					 * For physical crypto devices the caller
+					 * must allocate at least digest_length of
+					 * physically contiguous memory at this
+					 * location.
+					 *
+					 * For digest generation, the digest result
+					 * will overwrite any data at this location.
+					 *
+					 * @note
+					 * For GCM (@ref RTE_CRYPTO_AUTH_AES_GCM), for
+					 * "digest result" read "authentication tag T".
+					 */
+					phys_addr_t phys_addr;
+					/**< Physical address of digest */
+				} digest; /**< Digest parameters */
+
+				struct {
+					uint8_t *data;
+					/**< Pointer to Additional Authenticated
+					 * Data (AAD) needed for authenticated cipher
+					 * mechanisms (CCM and GCM).
+					 *
+					 * The length of the data pointed to by this
+					 * field is set up for the session in the @ref
+					 * rte_crypto_auth_xform structure as part of
+					 * the @ref rte_cryptodev_sym_session_create
+					 * function call.
+					 * This length must not exceed 65535 (2^16-1)
+					 * bytes.
+					 *
+					 * Specifically for CCM
+					 * (@ref RTE_CRYPTO_AUTH_AES_CCM),
+					 * the caller should setup this field as follows:
+					 *
+					 * - the nonce should be written starting at
+					 * an offset of one byte into the array,
+					 * leaving room for the implementation to
+					 * write in the flags to the first byte.
+					 *
+					 * - the additional authentication data
+					 * itself should be written starting at
+					 * an offset of 18 bytes into the array,
+					 * leaving room for the length encoding in
+					 * the first two bytes of the second block.
+					 *
+					 * - the array should be big enough to hold
+					 * the above fields, plus any padding to
+					 * round this up to the nearest multiple of
+					 * the block size (16 bytes).
+					 * Padding will be added by the implementation.
+					 *
+					 * Finally, for GCM
+					 * (@ref RTE_CRYPTO_AUTH_AES_GCM), the
+					 * caller should setup this field as follows:
+					 *
+					 * - the AAD is written in starting at byte 0
+					 * - the array must be big enough to hold
+					 * the AAD, plus any space to round this up to
+					 * the nearest multiple of the block size
+					 * (16 bytes).
+					 *
+					 */
+					phys_addr_t phys_addr;	/**< physical address */
+				} aad;
+				/**< Additional authentication parameters */
+			} auth;
+		};
+	};
 };
 
 
-- 
2.9.4

^ permalink raw reply	[flat|nested] 100+ messages in thread

* [dpdk-dev] [PATCH v4 21/26] examples/l2fwd-crypto: avoid too many tabs
  2017-07-02  5:41     ` [dpdk-dev] [PATCH v4 " Pablo de Lara
                         ` (19 preceding siblings ...)
  2017-07-02  5:41       ` [dpdk-dev] [PATCH v4 20/26] cryptodev: add AEAD parameters in crypto operation Pablo de Lara
@ 2017-07-02  5:41       ` Pablo de Lara
  2017-07-02  5:41       ` [dpdk-dev] [PATCH v4 22/26] app/test-crypto-perf: add AEAD parameters Pablo de Lara
                         ` (5 subsequent siblings)
  26 siblings, 0 replies; 100+ messages in thread
From: Pablo de Lara @ 2017-07-02  5:41 UTC (permalink / raw)
  To: declan.doherty, zbigniew.bodek, jerin.jacob, akhil.goyal,
	hemant.agrawal, fiona.trahe, john.griffin, deepak.k.jain
  Cc: dev, Pablo de Lara

Some extra functions have been created to avoid
too many nested conditionals.

Signed-off-by: Pablo de Lara <pablo.de.lara.guarch@intel.com>
Acked-by: Akhil Goyal <akhil.goyal@nxp.com>
Acked-by: Fiona Trahe <fiona.trahe@intel.com>
---
 examples/l2fwd-crypto/main.c | 125 ++++++++++++++++++++++++++-----------------
 1 file changed, 77 insertions(+), 48 deletions(-)

diff --git a/examples/l2fwd-crypto/main.c b/examples/l2fwd-crypto/main.c
index 6d88937..fb829e3 100644
--- a/examples/l2fwd-crypto/main.c
+++ b/examples/l2fwd-crypto/main.c
@@ -1556,7 +1556,8 @@ check_all_ports_link_status(uint8_t port_num, uint32_t port_mask)
 
 /* Check if device has to be HW/SW or any */
 static int
-check_type(struct l2fwd_crypto_options *options, struct rte_cryptodev_info *dev_info)
+check_type(const struct l2fwd_crypto_options *options,
+		const struct rte_cryptodev_info *dev_info)
 {
 	if (options->type == CDEV_TYPE_HW &&
 			(dev_info->feature_flags & RTE_CRYPTODEV_FF_HW_ACCELERATED))
@@ -1570,6 +1571,74 @@ check_type(struct l2fwd_crypto_options *options, struct rte_cryptodev_info *dev_
 	return -1;
 }
 
+static const struct rte_cryptodev_capabilities *
+check_device_support_cipher_algo(const struct l2fwd_crypto_options *options,
+		const struct rte_cryptodev_info *dev_info,
+		uint8_t cdev_id)
+{
+	unsigned int i = 0;
+	const struct rte_cryptodev_capabilities *cap = &dev_info->capabilities[0];
+	enum rte_crypto_cipher_algorithm cap_cipher_algo;
+	enum rte_crypto_cipher_algorithm opt_cipher_algo =
+					options->cipher_xform.cipher.algo;
+
+	while (cap->op != RTE_CRYPTO_OP_TYPE_UNDEFINED) {
+		cap_cipher_algo = cap->sym.cipher.algo;
+		if (cap->sym.xform_type == RTE_CRYPTO_SYM_XFORM_CIPHER) {
+			if (cap_cipher_algo == opt_cipher_algo) {
+				if (check_type(options, dev_info) == 0)
+					break;
+			}
+		}
+		cap = &dev_info->capabilities[++i];
+	}
+
+	if (cap->op == RTE_CRYPTO_OP_TYPE_UNDEFINED) {
+		printf("Algorithm %s not supported by cryptodev %u"
+			" or device not of preferred type (%s)\n",
+			rte_crypto_cipher_algorithm_strings[opt_cipher_algo],
+			cdev_id,
+			options->string_type);
+		return NULL;
+	}
+
+	return cap;
+}
+
+static const struct rte_cryptodev_capabilities *
+check_device_support_auth_algo(const struct l2fwd_crypto_options *options,
+		const struct rte_cryptodev_info *dev_info,
+		uint8_t cdev_id)
+{
+	unsigned int i = 0;
+	const struct rte_cryptodev_capabilities *cap = &dev_info->capabilities[0];
+	enum rte_crypto_auth_algorithm cap_auth_algo;
+	enum rte_crypto_auth_algorithm opt_auth_algo =
+					options->auth_xform.auth.algo;
+
+	while (cap->op != RTE_CRYPTO_OP_TYPE_UNDEFINED) {
+		cap_auth_algo = cap->sym.auth.algo;
+		if (cap->sym.xform_type == RTE_CRYPTO_SYM_XFORM_AUTH) {
+			if (cap_auth_algo == opt_auth_algo) {
+				if (check_type(options, dev_info) == 0)
+					break;
+			}
+		}
+		cap = &dev_info->capabilities[++i];
+	}
+
+	if (cap->op == RTE_CRYPTO_OP_TYPE_UNDEFINED) {
+		printf("Algorithm %s not supported by cryptodev %u"
+			" or device not of preferred type (%s)\n",
+			rte_crypto_auth_algorithm_strings[opt_auth_algo],
+			cdev_id,
+			options->string_type);
+		return NULL;
+	}
+
+	return cap;
+}
+
 /* Check if the device is enabled by cryptodev_mask */
 static int
 check_cryptodev_mask(struct l2fwd_crypto_options *options,
@@ -1647,12 +1716,8 @@ static int
 initialize_cryptodevs(struct l2fwd_crypto_options *options, unsigned nb_ports,
 		uint8_t *enabled_cdevs)
 {
-	unsigned i, cdev_id, cdev_count, enabled_cdev_count = 0;
+	unsigned int cdev_id, cdev_count, enabled_cdev_count = 0;
 	const struct rte_cryptodev_capabilities *cap;
-	enum rte_crypto_auth_algorithm cap_auth_algo;
-	enum rte_crypto_auth_algorithm opt_auth_algo;
-	enum rte_crypto_cipher_algorithm cap_cipher_algo;
-	enum rte_crypto_cipher_algorithm opt_cipher_algo;
 	int retval;
 
 	cdev_count = rte_cryptodev_count();
@@ -1685,29 +1750,10 @@ initialize_cryptodevs(struct l2fwd_crypto_options *options, unsigned nb_ports,
 				options->xform_chain == L2FWD_CRYPTO_HASH_CIPHER ||
 				options->xform_chain == L2FWD_CRYPTO_CIPHER_ONLY) {
 			/* Check if device supports cipher algo */
-			i = 0;
-			opt_cipher_algo = options->cipher_xform.cipher.algo;
-			cap = &dev_info.capabilities[i];
-			while (cap->op != RTE_CRYPTO_OP_TYPE_UNDEFINED) {
-				cap_cipher_algo = cap->sym.cipher.algo;
-				if (cap->sym.xform_type ==
-						RTE_CRYPTO_SYM_XFORM_CIPHER) {
-					if (cap_cipher_algo == opt_cipher_algo) {
-						if (check_type(options, &dev_info) == 0)
-							break;
-					}
-				}
-				cap = &dev_info.capabilities[++i];
-			}
-
-			if (cap->op == RTE_CRYPTO_OP_TYPE_UNDEFINED) {
-				printf("Algorithm %s not supported by cryptodev %u"
-					" or device not of preferred type (%s)\n",
-					rte_crypto_cipher_algorithm_strings[opt_cipher_algo],
-					cdev_id,
-					options->string_type);
+			cap = check_device_support_cipher_algo(options, &dev_info,
+							cdev_id);
+			if (cap == NULL)
 				continue;
-			}
 
 			options->block_size = cap->sym.cipher.block_size;
 
@@ -1762,27 +1808,10 @@ initialize_cryptodevs(struct l2fwd_crypto_options *options, unsigned nb_ports,
 				options->xform_chain == L2FWD_CRYPTO_HASH_CIPHER ||
 				options->xform_chain == L2FWD_CRYPTO_HASH_ONLY) {
 			/* Check if device supports auth algo */
-			i = 0;
-			opt_auth_algo = options->auth_xform.auth.algo;
-			cap = &dev_info.capabilities[i];
-			while (cap->op != RTE_CRYPTO_OP_TYPE_UNDEFINED) {
-				cap_auth_algo = cap->sym.auth.algo;
-				if ((cap->sym.xform_type == RTE_CRYPTO_SYM_XFORM_AUTH) &&
-						(cap_auth_algo == opt_auth_algo) &&
-						(check_type(options, &dev_info) == 0)) {
-					break;
-				}
-				cap = &dev_info.capabilities[++i];
-			}
-
-			if (cap->op == RTE_CRYPTO_OP_TYPE_UNDEFINED) {
-				printf("Algorithm %s not supported by cryptodev %u"
-					" or device not of preferred type (%s)\n",
-					rte_crypto_auth_algorithm_strings[opt_auth_algo],
-					cdev_id,
-					options->string_type);
+			cap = check_device_support_auth_algo(options, &dev_info,
+							cdev_id);
+			if (cap == NULL)
 				continue;
-			}
 
 			check_iv_param(&cap->sym.auth.iv_size,
 					options->auth_iv_param,
-- 
2.9.4

^ permalink raw reply	[flat|nested] 100+ messages in thread

* [dpdk-dev] [PATCH v4 22/26] app/test-crypto-perf: add AEAD parameters
  2017-07-02  5:41     ` [dpdk-dev] [PATCH v4 " Pablo de Lara
                         ` (20 preceding siblings ...)
  2017-07-02  5:41       ` [dpdk-dev] [PATCH v4 21/26] examples/l2fwd-crypto: avoid too many tabs Pablo de Lara
@ 2017-07-02  5:41       ` Pablo de Lara
  2017-07-02  5:41       ` [dpdk-dev] [PATCH v4 23/26] examples/ipsec-secgw: " Pablo de Lara
                         ` (4 subsequent siblings)
  26 siblings, 0 replies; 100+ messages in thread
From: Pablo de Lara @ 2017-07-02  5:41 UTC (permalink / raw)
  To: declan.doherty, zbigniew.bodek, jerin.jacob, akhil.goyal,
	hemant.agrawal, fiona.trahe, john.griffin, deepak.k.jain
  Cc: dev, Pablo de Lara

Since there is a new operation type (AEAD), add parameters
for this in the application.

Signed-off-by: Pablo de Lara <pablo.de.lara.guarch@intel.com>
Acked-by: Akhil Goyal <akhil.goyal@nxp.com>
Acked-by: Fiona Trahe <fiona.trahe@intel.com>
---
 app/test-crypto-perf/cperf_ops.c                 | 138 ++++++++++-------------
 app/test-crypto-perf/cperf_options.h             |  22 +++-
 app/test-crypto-perf/cperf_options_parsing.c     | 138 ++++++++++++++++-------
 app/test-crypto-perf/cperf_test_latency.c        |   8 +-
 app/test-crypto-perf/cperf_test_throughput.c     |   8 +-
 app/test-crypto-perf/cperf_test_vector_parsing.c |  12 +-
 app/test-crypto-perf/cperf_test_vectors.c        | 106 ++++++++++-------
 app/test-crypto-perf/cperf_test_vectors.h        |  12 ++
 app/test-crypto-perf/cperf_test_verify.c         |  10 +-
 app/test-crypto-perf/main.c                      |  42 +++++--
 doc/guides/tools/cryptoperf.rst                  |  32 +++++-
 11 files changed, 330 insertions(+), 198 deletions(-)

diff --git a/app/test-crypto-perf/cperf_ops.c b/app/test-crypto-perf/cperf_ops.c
index 401f85e..107abb0 100644
--- a/app/test-crypto-perf/cperf_ops.c
+++ b/app/test-crypto-perf/cperf_ops.c
@@ -182,8 +182,6 @@ cperf_set_ops_auth(struct rte_crypto_op **ops,
 					uint8_t *, offset);
 			sym_op->auth.digest.phys_addr =
 					rte_pktmbuf_mtophys_offset(buf,	offset);
-			sym_op->auth.aad.phys_addr = test_vector->aad.phys_addr;
-			sym_op->auth.aad.data = test_vector->aad.data;
 
 		}
 
@@ -265,8 +263,6 @@ cperf_set_ops_cipher_auth(struct rte_crypto_op **ops,
 					uint8_t *, offset);
 			sym_op->auth.digest.phys_addr =
 					rte_pktmbuf_mtophys_offset(buf,	offset);
-			sym_op->auth.aad.phys_addr = test_vector->aad.phys_addr;
-			sym_op->auth.aad.data = test_vector->aad.data;
 		}
 
 		if (options->auth_algo == RTE_CRYPTO_AUTH_SNOW3G_UIA2 ||
@@ -320,23 +316,22 @@ cperf_set_ops_aead(struct rte_crypto_op **ops,
 		sym_op->m_src = bufs_in[i];
 		sym_op->m_dst = bufs_out[i];
 
-		/* cipher parameters */
-		sym_op->cipher.data.length = options->test_buffer_size;
-		sym_op->cipher.data.offset =
-				RTE_ALIGN_CEIL(options->auth_aad_sz, 16);
+		/* AEAD parameters */
+		sym_op->aead.data.length = options->test_buffer_size;
+		sym_op->aead.data.offset =
+				RTE_ALIGN_CEIL(options->aead_aad_sz, 16);
 
-		sym_op->auth.aad.data = rte_pktmbuf_mtod(bufs_in[i], uint8_t *);
-		sym_op->auth.aad.phys_addr = rte_pktmbuf_mtophys(bufs_in[i]);
+		sym_op->aead.aad.data = rte_pktmbuf_mtod(bufs_in[i], uint8_t *);
+		sym_op->aead.aad.phys_addr = rte_pktmbuf_mtophys(bufs_in[i]);
 
-		/* authentication parameters */
-		if (options->auth_op == RTE_CRYPTO_AUTH_OP_VERIFY) {
-			sym_op->auth.digest.data = test_vector->digest.data;
-			sym_op->auth.digest.phys_addr =
+		if (options->aead_op == RTE_CRYPTO_AEAD_OP_DECRYPT) {
+			sym_op->aead.digest.data = test_vector->digest.data;
+			sym_op->aead.digest.phys_addr =
 					test_vector->digest.phys_addr;
 		} else {
 
-			uint32_t offset = sym_op->cipher.data.length +
-						sym_op->cipher.data.offset;
+			uint32_t offset = sym_op->aead.data.length +
+						sym_op->aead.data.offset;
 			struct rte_mbuf *buf, *tbuf;
 
 			if (options->out_of_place) {
@@ -351,14 +346,11 @@ cperf_set_ops_aead(struct rte_crypto_op **ops,
 				buf = tbuf;
 			}
 
-			sym_op->auth.digest.data = rte_pktmbuf_mtod_offset(buf,
+			sym_op->aead.digest.data = rte_pktmbuf_mtod_offset(buf,
 					uint8_t *, offset);
-			sym_op->auth.digest.phys_addr =
+			sym_op->aead.digest.phys_addr =
 					rte_pktmbuf_mtophys_offset(buf,	offset);
 		}
-
-		sym_op->auth.data.length = options->test_buffer_size;
-		sym_op->auth.data.offset = options->auth_aad_sz;
 	}
 
 	if (options->test == CPERF_TEST_TYPE_VERIFY) {
@@ -366,8 +358,8 @@ cperf_set_ops_aead(struct rte_crypto_op **ops,
 			uint8_t *iv_ptr = rte_crypto_op_ctod_offset(ops[i],
 					uint8_t *, iv_offset);
 
-			memcpy(iv_ptr, test_vector->cipher_iv.data,
-					test_vector->cipher_iv.length);
+			memcpy(iv_ptr, test_vector->aead_iv.data,
+					test_vector->aead_iv.length);
 		}
 	}
 
@@ -382,6 +374,7 @@ cperf_create_session(uint8_t dev_id,
 {
 	struct rte_crypto_sym_xform cipher_xform;
 	struct rte_crypto_sym_xform auth_xform;
+	struct rte_crypto_sym_xform aead_xform;
 	struct rte_cryptodev_sym_session *sess = NULL;
 
 	/*
@@ -421,9 +414,7 @@ cperf_create_session(uint8_t dev_id,
 		/* auth different than null */
 		if (options->auth_algo != RTE_CRYPTO_AUTH_NULL) {
 			auth_xform.auth.digest_length =
-					options->auth_digest_sz;
-			auth_xform.auth.add_auth_data_length =
-					options->auth_aad_sz;
+					options->digest_sz;
 			auth_xform.auth.key.length =
 					test_vector->auth_key.length;
 			auth_xform.auth.key.data = test_vector->auth_key.data;
@@ -442,9 +433,7 @@ cperf_create_session(uint8_t dev_id,
 	 * cipher and auth
 	 */
 	} else if (options->op_type == CPERF_CIPHER_THEN_AUTH
-			|| options->op_type == CPERF_AUTH_THEN_CIPHER
-			|| options->op_type == CPERF_AEAD) {
-
+			|| options->op_type == CPERF_AUTH_THEN_CIPHER) {
 		/*
 		 * cipher
 		 */
@@ -478,23 +467,12 @@ cperf_create_session(uint8_t dev_id,
 
 		/* auth different than null */
 		if (options->auth_algo != RTE_CRYPTO_AUTH_NULL) {
-			auth_xform.auth.digest_length = options->auth_digest_sz;
-			auth_xform.auth.add_auth_data_length =
-					options->auth_aad_sz;
-			/* auth options for aes gcm */
-			if (options->cipher_algo == RTE_CRYPTO_CIPHER_AES_GCM &&
-				options->auth_algo == RTE_CRYPTO_AUTH_AES_GCM) {
-				auth_xform.auth.key.length = 0;
-				auth_xform.auth.key.data = NULL;
-				auth_xform.auth.iv.length = 0;
-			} else { /* auth options for others */
-				auth_xform.auth.key.length =
+			auth_xform.auth.digest_length = options->digest_sz;
+			auth_xform.auth.iv.length = test_vector->auth_iv.length;
+			auth_xform.auth.key.length =
 					test_vector->auth_key.length;
-				auth_xform.auth.key.data =
-						test_vector->auth_key.data;
-				auth_xform.auth.iv.length =
-						test_vector->auth_iv.length;
-			}
+			auth_xform.auth.key.data =
+					test_vector->auth_key.data;
 		} else {
 			auth_xform.auth.digest_length = 0;
 			auth_xform.auth.add_auth_data_length = 0;
@@ -503,35 +481,39 @@ cperf_create_session(uint8_t dev_id,
 			auth_xform.auth.iv.length = 0;
 		}
 
-		/* create crypto session for aes gcm */
-		if (options->cipher_algo == RTE_CRYPTO_CIPHER_AES_GCM) {
-			if (options->cipher_op ==
-					RTE_CRYPTO_CIPHER_OP_ENCRYPT) {
-				cipher_xform.next = &auth_xform;
-				/* create crypto session */
-				sess = rte_cryptodev_sym_session_create(dev_id,
-					&cipher_xform);
-			} else { /* decrypt */
-				auth_xform.next = &cipher_xform;
-				/* create crypto session */
-				sess = rte_cryptodev_sym_session_create(dev_id,
-					&auth_xform);
-			}
-		} else { /* create crypto session for other */
-			/* cipher then auth */
-			if (options->op_type == CPERF_CIPHER_THEN_AUTH) {
-				cipher_xform.next = &auth_xform;
-				/* create crypto session */
-				sess = rte_cryptodev_sym_session_create(dev_id,
+		/* cipher then auth */
+		if (options->op_type == CPERF_CIPHER_THEN_AUTH) {
+			cipher_xform.next = &auth_xform;
+			/* create crypto session */
+			sess = rte_cryptodev_sym_session_create(dev_id,
 						&cipher_xform);
-			} else { /* auth then cipher */
-				auth_xform.next = &cipher_xform;
-				/* create crypto session */
-				sess = rte_cryptodev_sym_session_create(dev_id,
-						&auth_xform);
-			}
+		} else { /* auth then cipher */
+			auth_xform.next = &cipher_xform;
+			/* create crypto session */
+			sess = rte_cryptodev_sym_session_create(dev_id,
+					&auth_xform);
 		}
+	} else { /* options->op_type == CPERF_AEAD */
+		aead_xform.type = RTE_CRYPTO_SYM_XFORM_AEAD;
+		aead_xform.next = NULL;
+		aead_xform.aead.algo = options->aead_algo;
+		aead_xform.aead.op = options->aead_op;
+		aead_xform.aead.iv.offset = iv_offset;
+
+		aead_xform.aead.key.data =
+					test_vector->aead_key.data;
+		aead_xform.aead.key.length =
+					test_vector->aead_key.length;
+		aead_xform.aead.iv.length = test_vector->aead_iv.length;
+
+		aead_xform.aead.digest_length = options->digest_sz;
+		aead_xform.aead.add_auth_data_length =
+					options->aead_aad_sz;
+
+		/* Create crypto session */
+		sess = rte_cryptodev_sym_session_create(dev_id, &aead_xform);
 	}
+
 	return sess;
 }
 
@@ -543,14 +525,14 @@ cperf_get_op_functions(const struct cperf_options *options,
 
 	op_fns->sess_create = cperf_create_session;
 
-	if (options->op_type == CPERF_AEAD
-			|| options->op_type == CPERF_AUTH_THEN_CIPHER
+	if (options->op_type == CPERF_AEAD) {
+		op_fns->populate_ops = cperf_set_ops_aead;
+		return 0;
+	}
+
+	if (options->op_type == CPERF_AUTH_THEN_CIPHER
 			|| options->op_type == CPERF_CIPHER_THEN_AUTH) {
-		if (options->cipher_algo == RTE_CRYPTO_CIPHER_AES_GCM &&
-				options->auth_algo == RTE_CRYPTO_AUTH_AES_GCM)
-			op_fns->populate_ops = cperf_set_ops_aead;
-		else
-			op_fns->populate_ops = cperf_set_ops_cipher_auth;
+		op_fns->populate_ops = cperf_set_ops_cipher_auth;
 		return 0;
 	}
 	if (options->op_type == CPERF_AUTH_ONLY) {
diff --git a/app/test-crypto-perf/cperf_options.h b/app/test-crypto-perf/cperf_options.h
index 0e53c03..10cd2d8 100644
--- a/app/test-crypto-perf/cperf_options.h
+++ b/app/test-crypto-perf/cperf_options.h
@@ -29,8 +29,15 @@
 #define CPERF_AUTH_OP		("auth-op")
 #define CPERF_AUTH_KEY_SZ	("auth-key-sz")
 #define CPERF_AUTH_IV_SZ	("auth-iv-sz")
-#define CPERF_AUTH_DIGEST_SZ	("auth-digest-sz")
-#define CPERF_AUTH_AAD_SZ	("auth-aad-sz")
+
+#define CPERF_AEAD_ALGO		("aead-algo")
+#define CPERF_AEAD_OP		("aead-op")
+#define CPERF_AEAD_KEY_SZ	("aead-key-sz")
+#define CPERF_AEAD_IV_SZ	("aead-iv-sz")
+#define CPERF_AEAD_AAD_SZ	("aead-aad-sz")
+
+#define CPERF_DIGEST_SZ		("digest-sz")
+
 #define CPERF_CSV		("csv-friendly")
 
 #define MAX_LIST 32
@@ -78,8 +85,15 @@ struct cperf_options {
 
 	uint16_t auth_key_sz;
 	uint16_t auth_iv_sz;
-	uint16_t auth_digest_sz;
-	uint16_t auth_aad_sz;
+
+	enum rte_crypto_aead_algorithm aead_algo;
+	enum rte_crypto_aead_operation aead_op;
+
+	uint16_t aead_key_sz;
+	uint16_t aead_iv_sz;
+	uint16_t aead_aad_sz;
+
+	uint16_t digest_sz;
 
 	char device_type[RTE_CRYPTODEV_NAME_LEN];
 	enum cperf_op_type op_type;
diff --git a/app/test-crypto-perf/cperf_options_parsing.c b/app/test-crypto-perf/cperf_options_parsing.c
index 5c2dcff..d5bddb2 100644
--- a/app/test-crypto-perf/cperf_options_parsing.c
+++ b/app/test-crypto-perf/cperf_options_parsing.c
@@ -543,9 +543,9 @@ parse_auth_key_sz(struct cperf_options *opts, const char *arg)
 }
 
 static int
-parse_auth_digest_sz(struct cperf_options *opts, const char *arg)
+parse_digest_sz(struct cperf_options *opts, const char *arg)
 {
-	return parse_uint16_t(&opts->auth_digest_sz, arg);
+	return parse_uint16_t(&opts->digest_sz, arg);
 }
 
 static int
@@ -555,9 +555,64 @@ parse_auth_iv_sz(struct cperf_options *opts, const char *arg)
 }
 
 static int
-parse_auth_aad_sz(struct cperf_options *opts, const char *arg)
+parse_aead_algo(struct cperf_options *opts, const char *arg)
 {
-	return parse_uint16_t(&opts->auth_aad_sz, arg);
+	enum rte_crypto_aead_algorithm aead_algo;
+
+	if (rte_cryptodev_get_aead_algo_enum(&aead_algo, arg) < 0) {
+		RTE_LOG(ERR, USER1, "Invalid AEAD algorithm specified\n");
+		return -1;
+	}
+
+	opts->aead_algo = aead_algo;
+
+	return 0;
+}
+
+static int
+parse_aead_op(struct cperf_options *opts, const char *arg)
+{
+	struct name_id_map aead_op_namemap[] = {
+		{
+			rte_crypto_aead_operation_strings
+			[RTE_CRYPTO_AEAD_OP_ENCRYPT],
+			RTE_CRYPTO_AEAD_OP_ENCRYPT },
+		{
+			rte_crypto_aead_operation_strings
+			[RTE_CRYPTO_AEAD_OP_DECRYPT],
+			RTE_CRYPTO_AEAD_OP_DECRYPT
+		}
+	};
+
+	int id = get_str_key_id_mapping(aead_op_namemap,
+			RTE_DIM(aead_op_namemap), arg);
+	if (id < 0) {
+		RTE_LOG(ERR, USER1, "invalid AEAD operation specified"
+				"\n");
+		return -1;
+	}
+
+	opts->aead_op = (enum rte_crypto_aead_operation)id;
+
+	return 0;
+}
+
+static int
+parse_aead_key_sz(struct cperf_options *opts, const char *arg)
+{
+	return parse_uint16_t(&opts->aead_key_sz, arg);
+}
+
+static int
+parse_aead_iv_sz(struct cperf_options *opts, const char *arg)
+{
+	return parse_uint16_t(&opts->aead_iv_sz, arg);
+}
+
+static int
+parse_aead_aad_sz(struct cperf_options *opts, const char *arg)
+{
+	return parse_uint16_t(&opts->aead_aad_sz, arg);
 }
 
 static int
@@ -606,8 +661,17 @@ static struct option lgopts[] = {
 	{ CPERF_AUTH_OP, required_argument, 0, 0 },
 
 	{ CPERF_AUTH_KEY_SZ, required_argument, 0, 0 },
-	{ CPERF_AUTH_DIGEST_SZ, required_argument, 0, 0 },
-	{ CPERF_AUTH_AAD_SZ, required_argument, 0, 0 },
+	{ CPERF_AUTH_IV_SZ, required_argument, 0, 0 },
+
+	{ CPERF_AEAD_ALGO, required_argument, 0, 0 },
+	{ CPERF_AEAD_OP, required_argument, 0, 0 },
+
+	{ CPERF_AEAD_KEY_SZ, required_argument, 0, 0 },
+	{ CPERF_AEAD_AAD_SZ, required_argument, 0, 0 },
+	{ CPERF_AEAD_IV_SZ, required_argument, 0, 0 },
+
+	{ CPERF_DIGEST_SZ, required_argument, 0, 0 },
+
 	{ CPERF_CSV, no_argument, 0, 0},
 
 	{ NULL, 0, 0, 0 }
@@ -656,9 +720,13 @@ cperf_options_default(struct cperf_options *opts)
 	opts->auth_op = RTE_CRYPTO_AUTH_OP_GENERATE;
 
 	opts->auth_key_sz = 64;
-	opts->auth_digest_sz = 12;
 	opts->auth_iv_sz = 0;
-	opts->auth_aad_sz = 0;
+
+	opts->aead_key_sz = 0;
+	opts->aead_iv_sz = 0;
+	opts->aead_aad_sz = 0;
+
+	opts->digest_sz = 12;
 }
 
 static int
@@ -686,9 +754,13 @@ cperf_opts_parse_long(int opt_idx, struct cperf_options *opts)
 		{ CPERF_AUTH_OP,	parse_auth_op },
 		{ CPERF_AUTH_KEY_SZ,	parse_auth_key_sz },
 		{ CPERF_AUTH_IV_SZ,	parse_auth_iv_sz },
-		{ CPERF_AUTH_DIGEST_SZ,	parse_auth_digest_sz },
-		{ CPERF_AUTH_AAD_SZ,	parse_auth_aad_sz },
-		{ CPERF_CSV,	parse_csv_friendly},
+		{ CPERF_AEAD_ALGO,	parse_aead_algo },
+		{ CPERF_AEAD_OP,	parse_aead_op },
+		{ CPERF_AEAD_KEY_SZ,	parse_aead_key_sz },
+		{ CPERF_AEAD_IV_SZ,	parse_aead_iv_sz },
+		{ CPERF_AEAD_AAD_SZ,	parse_aead_aad_sz },
+		{ CPERF_DIGEST_SZ,	parse_digest_sz },
+		{ CPERF_CSV,		parse_csv_friendly},
 	};
 	unsigned int i;
 
@@ -803,30 +875,7 @@ cperf_options_check(struct cperf_options *options)
 					" options: decrypt and verify.\n");
 			return -EINVAL;
 		}
-	} else if (options->op_type == CPERF_AEAD) {
-		if (!(options->cipher_op == RTE_CRYPTO_CIPHER_OP_ENCRYPT &&
-				options->auth_op ==
-				RTE_CRYPTO_AUTH_OP_GENERATE) &&
-				!(options->cipher_op ==
-				RTE_CRYPTO_CIPHER_OP_DECRYPT &&
-				options->auth_op ==
-				RTE_CRYPTO_AUTH_OP_VERIFY)) {
-			RTE_LOG(ERR, USER1, "Use together options: encrypt and"
-					" generate or decrypt and verify.\n");
-			return -EINVAL;
-		}
-	}
-
-	if (options->cipher_algo == RTE_CRYPTO_CIPHER_AES_GCM ||
-			options->cipher_algo == RTE_CRYPTO_CIPHER_AES_CCM ||
-			options->auth_algo == RTE_CRYPTO_AUTH_AES_GCM ||
-			options->auth_algo == RTE_CRYPTO_AUTH_AES_CCM) {
-		if (options->op_type != CPERF_AEAD) {
-			RTE_LOG(ERR, USER1, "Use --optype aead\n");
-			return -EINVAL;
-		}
 	}
-
 	if (options->cipher_algo == RTE_CRYPTO_CIPHER_AES_CBC ||
 			options->cipher_algo == RTE_CRYPTO_CIPHER_AES_ECB) {
 		if (options->inc_buffer_size != 0)
@@ -914,23 +963,20 @@ cperf_options_dump(struct cperf_options *opts)
 
 	if (opts->op_type == CPERF_AUTH_ONLY ||
 			opts->op_type == CPERF_CIPHER_THEN_AUTH ||
-			opts->op_type == CPERF_AUTH_THEN_CIPHER ||
-			opts->op_type == CPERF_AEAD) {
+			opts->op_type == CPERF_AUTH_THEN_CIPHER) {
 		printf("# auth algorithm: %s\n",
 			rte_crypto_auth_algorithm_strings[opts->auth_algo]);
 		printf("# auth operation: %s\n",
 			rte_crypto_auth_operation_strings[opts->auth_op]);
 		printf("# auth key size: %u\n", opts->auth_key_sz);
 		printf("# auth iv size: %u\n", opts->auth_iv_sz);
-		printf("# auth digest size: %u\n", opts->auth_digest_sz);
-		printf("# auth aad size: %u\n", opts->auth_aad_sz);
+		printf("# auth digest size: %u\n", opts->digest_sz);
 		printf("#\n");
 	}
 
 	if (opts->op_type == CPERF_CIPHER_ONLY ||
 			opts->op_type == CPERF_CIPHER_THEN_AUTH ||
-			opts->op_type == CPERF_AUTH_THEN_CIPHER ||
-			opts->op_type == CPERF_AEAD) {
+			opts->op_type == CPERF_AUTH_THEN_CIPHER) {
 		printf("# cipher algorithm: %s\n",
 			rte_crypto_cipher_algorithm_strings[opts->cipher_algo]);
 		printf("# cipher operation: %s\n",
@@ -939,4 +985,16 @@ cperf_options_dump(struct cperf_options *opts)
 		printf("# cipher iv size: %u\n", opts->cipher_iv_sz);
 		printf("#\n");
 	}
+
+	if (opts->op_type == CPERF_AEAD) {
+		printf("# aead algorithm: %s\n",
+			rte_crypto_aead_algorithm_strings[opts->aead_algo]);
+		printf("# aead operation: %s\n",
+			rte_crypto_aead_operation_strings[opts->aead_op]);
+		printf("# aead key size: %u\n", opts->aead_key_sz);
+		printf("# aead iv size: %u\n", opts->aead_iv_sz);
+		printf("# aead digest size: %u\n", opts->digest_sz);
+		printf("# aead aad size: %u\n", opts->aead_aad_sz);
+		printf("#\n");
+	}
 }
diff --git a/app/test-crypto-perf/cperf_test_latency.c b/app/test-crypto-perf/cperf_test_latency.c
index 9ac932a..8841d39 100644
--- a/app/test-crypto-perf/cperf_test_latency.c
+++ b/app/test-crypto-perf/cperf_test_latency.c
@@ -167,14 +167,14 @@ cperf_mbuf_create(struct rte_mempool *mempool,
 
 	if (options->op_type != CPERF_CIPHER_ONLY) {
 		mbuf_data = (uint8_t *)rte_pktmbuf_append(mbuf,
-			options->auth_digest_sz);
+			options->digest_sz);
 		if (mbuf_data == NULL)
 			goto error;
 	}
 
 	if (options->op_type == CPERF_AEAD) {
 		uint8_t *aead = (uint8_t *)rte_pktmbuf_prepend(mbuf,
-			RTE_ALIGN_CEIL(options->auth_aad_sz, 16));
+			RTE_ALIGN_CEIL(options->aead_aad_sz, 16));
 
 		if (aead == NULL)
 			goto error;
@@ -229,7 +229,7 @@ cperf_latency_test_constructor(uint8_t dev_id, uint16_t qp_id,
 			RTE_CACHE_LINE_ROUNDUP(
 				(options->max_buffer_size / options->segments_nb) +
 				(options->max_buffer_size % options->segments_nb) +
-					options->auth_digest_sz),
+					options->digest_sz),
 			rte_socket_id());
 
 	if (ctx->pkt_mbuf_pool_in == NULL)
@@ -259,7 +259,7 @@ cperf_latency_test_constructor(uint8_t dev_id, uint16_t qp_id,
 				RTE_PKTMBUF_HEADROOM +
 				RTE_CACHE_LINE_ROUNDUP(
 					options->max_buffer_size +
-					options->auth_digest_sz),
+					options->digest_sz),
 				rte_socket_id());
 
 		if (ctx->pkt_mbuf_pool_out == NULL)
diff --git a/app/test-crypto-perf/cperf_test_throughput.c b/app/test-crypto-perf/cperf_test_throughput.c
index f279bb1..87fac0f 100644
--- a/app/test-crypto-perf/cperf_test_throughput.c
+++ b/app/test-crypto-perf/cperf_test_throughput.c
@@ -151,14 +151,14 @@ cperf_mbuf_create(struct rte_mempool *mempool,
 
 	if (options->op_type != CPERF_CIPHER_ONLY) {
 		mbuf_data = (uint8_t *)rte_pktmbuf_append(mbuf,
-				options->auth_digest_sz);
+				options->digest_sz);
 		if (mbuf_data == NULL)
 			goto error;
 	}
 
 	if (options->op_type == CPERF_AEAD) {
 		uint8_t *aead = (uint8_t *)rte_pktmbuf_prepend(mbuf,
-			RTE_ALIGN_CEIL(options->auth_aad_sz, 16));
+			RTE_ALIGN_CEIL(options->aead_aad_sz, 16));
 
 		if (aead == NULL)
 			goto error;
@@ -212,7 +212,7 @@ cperf_throughput_test_constructor(uint8_t dev_id, uint16_t qp_id,
 			RTE_CACHE_LINE_ROUNDUP(
 				(options->max_buffer_size / options->segments_nb) +
 				(options->max_buffer_size % options->segments_nb) +
-					options->auth_digest_sz),
+					options->digest_sz),
 			rte_socket_id());
 
 	if (ctx->pkt_mbuf_pool_in == NULL)
@@ -240,7 +240,7 @@ cperf_throughput_test_constructor(uint8_t dev_id, uint16_t qp_id,
 				RTE_PKTMBUF_HEADROOM +
 				RTE_CACHE_LINE_ROUNDUP(
 					options->max_buffer_size +
-					options->auth_digest_sz),
+					options->digest_sz),
 				rte_socket_id());
 
 		if (ctx->pkt_mbuf_pool_out == NULL)
diff --git a/app/test-crypto-perf/cperf_test_vector_parsing.c b/app/test-crypto-perf/cperf_test_vector_parsing.c
index 277ff1e..e462d2c 100644
--- a/app/test-crypto-perf/cperf_test_vector_parsing.c
+++ b/app/test-crypto-perf/cperf_test_vector_parsing.c
@@ -363,12 +363,12 @@ parse_entry(char *entry, struct cperf_test_vector *vector,
 		if (tc_found)
 			vector->aad.length = data_length;
 		else {
-			if (opts->auth_aad_sz > data_length) {
+			if (opts->aead_aad_sz > data_length) {
 				printf("Global aad shorter than "
-					"auth_aad_sz\n");
+					"aead_aad_sz\n");
 				return -1;
 			}
-			vector->aad.length = opts->auth_aad_sz;
+			vector->aad.length = opts->aead_aad_sz;
 		}
 
 	} else if (strstr(key_token, "digest")) {
@@ -379,12 +379,12 @@ parse_entry(char *entry, struct cperf_test_vector *vector,
 		if (tc_found)
 			vector->digest.length = data_length;
 		else {
-			if (opts->auth_digest_sz > data_length) {
+			if (opts->digest_sz > data_length) {
 				printf("Global digest shorter than "
-					"auth_digest_sz\n");
+					"digest_sz\n");
 				return -1;
 			}
-			vector->digest.length = opts->auth_digest_sz;
+			vector->digest.length = opts->digest_sz;
 		}
 	} else {
 		printf("Not valid key: '%s'\n", trim_space(key_token));
diff --git a/app/test-crypto-perf/cperf_test_vectors.c b/app/test-crypto-perf/cperf_test_vectors.c
index 2e5339c..03bc995 100644
--- a/app/test-crypto-perf/cperf_test_vectors.c
+++ b/app/test-crypto-perf/cperf_test_vectors.c
@@ -385,6 +385,13 @@ uint8_t auth_key[] = {
 	0x78, 0x79, 0x7A, 0x7B, 0x7C, 0x7D, 0x7E, 0x7F
 };
 
+/* AEAD key */
+uint8_t aead_key[] = {
+	0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07, 0x08, 0x09, 0x0A, 0x0B,
+	0x0C, 0x0D, 0x0E, 0x0F, 0x10, 0x11, 0x12, 0x13, 0x14, 0x15, 0x16, 0x17,
+	0x18, 0x19, 0x1A, 0x1B, 0x1C, 0x1D, 0x1E, 0x1F
+};
+
 /* Digests */
 uint8_t digest[2048] = { 0x00 };
 
@@ -403,8 +410,7 @@ cperf_test_vector_get_dummy(struct cperf_options *options)
 
 	if (options->op_type ==	CPERF_CIPHER_ONLY ||
 			options->op_type == CPERF_CIPHER_THEN_AUTH ||
-			options->op_type == CPERF_AUTH_THEN_CIPHER ||
-			options->op_type == CPERF_AEAD) {
+			options->op_type == CPERF_AUTH_THEN_CIPHER) {
 		if (options->cipher_algo == RTE_CRYPTO_CIPHER_NULL) {
 			t_vec->cipher_key.length = 0;
 			t_vec->ciphertext.data = plaintext;
@@ -441,40 +447,32 @@ cperf_test_vector_get_dummy(struct cperf_options *options)
 
 	if (options->op_type ==	CPERF_AUTH_ONLY ||
 			options->op_type == CPERF_CIPHER_THEN_AUTH ||
-			options->op_type == CPERF_AUTH_THEN_CIPHER ||
-			options->op_type == CPERF_AEAD) {
-		uint8_t aad_alloc = 0;
-
-		t_vec->auth_key.length = options->auth_key_sz;
-
-		switch (options->auth_algo) {
-		case RTE_CRYPTO_AUTH_NULL:
-			t_vec->auth_key.data = NULL;
-			aad_alloc = 0;
-			break;
-		case RTE_CRYPTO_AUTH_AES_GCM:
+			options->op_type == CPERF_AUTH_THEN_CIPHER) {
+		if (options->auth_algo == RTE_CRYPTO_AUTH_NULL) {
+			t_vec->auth_key.length = 0;
 			t_vec->auth_key.data = NULL;
-			aad_alloc = 1;
-			break;
-		default:
+			t_vec->digest.data = NULL;
+			t_vec->digest.length = 0;
+		} else {
+			t_vec->auth_key.length = options->auth_key_sz;
 			t_vec->auth_key.data = auth_key;
-			aad_alloc = 0;
-			break;
-		}
 
-		if (aad_alloc && options->auth_aad_sz) {
-			t_vec->aad.data = rte_malloc(NULL,
-					options->auth_aad_sz, 16);
-			if (t_vec->aad.data == NULL) {
-				if (options->op_type !=	CPERF_AUTH_ONLY)
-					rte_free(t_vec->cipher_iv.data);
+			t_vec->digest.data = rte_malloc(NULL,
+					options->digest_sz,
+					16);
+			if (t_vec->digest.data == NULL) {
+				rte_free(t_vec->cipher_iv.data);
 				rte_free(t_vec);
 				return NULL;
 			}
-			memcpy(t_vec->aad.data, aad, options->auth_aad_sz);
-		} else {
-			t_vec->aad.data = NULL;
+			t_vec->digest.phys_addr =
+				rte_malloc_virt2phy(t_vec->digest.data);
+			t_vec->digest.length = options->digest_sz;
+			memcpy(t_vec->digest.data, digest,
+					options->digest_sz);
 		}
+		t_vec->data.auth_offset = 0;
+		t_vec->data.auth_length = options->max_buffer_size;
 
 		/* Set IV parameters */
 		t_vec->auth_iv.data = rte_malloc(NULL, options->auth_iv_sz,
@@ -487,26 +485,52 @@ cperf_test_vector_get_dummy(struct cperf_options *options)
 		}
 		memcpy(t_vec->auth_iv.data, iv, options->auth_iv_sz);
 		t_vec->auth_iv.length = options->auth_iv_sz;
+	}
 
-		t_vec->aad.phys_addr = rte_malloc_virt2phy(t_vec->aad.data);
-		t_vec->aad.length = options->auth_aad_sz;
-		t_vec->digest.data = rte_malloc(NULL, options->auth_digest_sz,
-				16);
+	if (options->op_type == CPERF_AEAD) {
+		t_vec->aead_key.length = options->aead_key_sz;
+		t_vec->aead_key.data = aead_key;
+
+		if (options->aead_aad_sz) {
+			t_vec->aad.data = rte_malloc(NULL,
+					options->aead_aad_sz, 16);
+			if (t_vec->aad.data == NULL) {
+				rte_free(t_vec);
+				return NULL;
+			}
+			memcpy(t_vec->aad.data, aad, options->aead_aad_sz);
+			t_vec->aad.phys_addr = rte_malloc_virt2phy(t_vec->aad.data);
+			t_vec->aad.length = options->aead_aad_sz;
+		} else {
+			t_vec->aad.data = NULL;
+			t_vec->aad.length = 0;
+		}
+
+		t_vec->digest.data = rte_malloc(NULL, options->digest_sz,
+						16);
 		if (t_vec->digest.data == NULL) {
-			if (options->op_type !=	CPERF_AUTH_ONLY)
-				rte_free(t_vec->cipher_iv.data);
-			rte_free(t_vec->auth_iv.data);
 			rte_free(t_vec->aad.data);
 			rte_free(t_vec);
 			return NULL;
 		}
 		t_vec->digest.phys_addr =
 				rte_malloc_virt2phy(t_vec->digest.data);
-		t_vec->digest.length = options->auth_digest_sz;
-		memcpy(t_vec->digest.data, digest, options->auth_digest_sz);
-		t_vec->data.auth_offset = 0;
-		t_vec->data.auth_length = options->max_buffer_size;
-	}
+		t_vec->digest.length = options->digest_sz;
+		memcpy(t_vec->digest.data, digest, options->digest_sz);
+		t_vec->data.aead_offset = 0;
+		t_vec->data.aead_length = options->max_buffer_size;
 
+		/* Set IV parameters */
+		t_vec->aead_iv.data = rte_malloc(NULL, options->aead_iv_sz,
+				16);
+		if (options->aead_iv_sz && t_vec->aead_iv.data == NULL) {
+			rte_free(t_vec->aad.data);
+			rte_free(t_vec->digest.data);
+			rte_free(t_vec);
+			return NULL;
+		}
+		memcpy(t_vec->aead_iv.data, iv, options->aead_iv_sz);
+		t_vec->aead_iv.length = options->aead_iv_sz;
+	}
 	return t_vec;
 }
diff --git a/app/test-crypto-perf/cperf_test_vectors.h b/app/test-crypto-perf/cperf_test_vectors.h
index 7f9c4fa..8595570 100644
--- a/app/test-crypto-perf/cperf_test_vectors.h
+++ b/app/test-crypto-perf/cperf_test_vectors.h
@@ -54,6 +54,11 @@ struct cperf_test_vector {
 	struct {
 		uint8_t *data;
 		uint16_t length;
+	} aead_key;
+
+	struct {
+		uint8_t *data;
+		uint16_t length;
 	} cipher_iv;
 
 	struct {
@@ -63,6 +68,11 @@ struct cperf_test_vector {
 
 	struct {
 		uint8_t *data;
+		uint16_t length;
+	} aead_iv;
+
+	struct {
+		uint8_t *data;
 		uint32_t length;
 	} ciphertext;
 
@@ -83,6 +93,8 @@ struct cperf_test_vector {
 		uint32_t auth_length;
 		uint32_t cipher_offset;
 		uint32_t cipher_length;
+		uint32_t aead_offset;
+		uint32_t aead_length;
 	} data;
 };
 
diff --git a/app/test-crypto-perf/cperf_test_verify.c b/app/test-crypto-perf/cperf_test_verify.c
index 9b83d7a..3ee0560 100644
--- a/app/test-crypto-perf/cperf_test_verify.c
+++ b/app/test-crypto-perf/cperf_test_verify.c
@@ -155,14 +155,14 @@ cperf_mbuf_create(struct rte_mempool *mempool,
 
 	if (options->op_type != CPERF_CIPHER_ONLY) {
 		mbuf_data = (uint8_t *)rte_pktmbuf_append(mbuf,
-				options->auth_digest_sz);
+				options->digest_sz);
 		if (mbuf_data == NULL)
 			goto error;
 	}
 
 	if (options->op_type == CPERF_AEAD) {
 		uint8_t *aead = (uint8_t *)rte_pktmbuf_prepend(mbuf,
-			RTE_ALIGN_CEIL(options->auth_aad_sz, 16));
+			RTE_ALIGN_CEIL(options->aead_aad_sz, 16));
 
 		if (aead == NULL)
 			goto error;
@@ -216,7 +216,7 @@ cperf_verify_test_constructor(uint8_t dev_id, uint16_t qp_id,
 			RTE_CACHE_LINE_ROUNDUP(
 				(options->max_buffer_size / options->segments_nb) +
 				(options->max_buffer_size % options->segments_nb) +
-					options->auth_digest_sz),
+					options->digest_sz),
 			rte_socket_id());
 
 	if (ctx->pkt_mbuf_pool_in == NULL)
@@ -244,7 +244,7 @@ cperf_verify_test_constructor(uint8_t dev_id, uint16_t qp_id,
 				RTE_PKTMBUF_HEADROOM +
 				RTE_CACHE_LINE_ROUNDUP(
 					options->max_buffer_size +
-					options->auth_digest_sz),
+					options->digest_sz),
 				rte_socket_id());
 
 		if (ctx->pkt_mbuf_pool_out == NULL)
@@ -379,7 +379,7 @@ cperf_verify_op(struct rte_crypto_op *op,
 		if (options->auth_op == RTE_CRYPTO_AUTH_OP_GENERATE)
 			res += memcmp(data + auth_offset,
 					vector->digest.data,
-					options->auth_digest_sz);
+					options->digest_sz);
 	}
 
 	return !!res;
diff --git a/app/test-crypto-perf/main.c b/app/test-crypto-perf/main.c
index cf4fa4f..f78c653 100644
--- a/app/test-crypto-perf/main.c
+++ b/app/test-crypto-perf/main.c
@@ -123,8 +123,7 @@ cperf_verify_devices_capabilities(struct cperf_options *opts,
 
 		if (opts->op_type == CPERF_AUTH_ONLY ||
 				opts->op_type == CPERF_CIPHER_THEN_AUTH ||
-				opts->op_type == CPERF_AUTH_THEN_CIPHER ||
-				opts->op_type == CPERF_AEAD)  {
+				opts->op_type == CPERF_AUTH_THEN_CIPHER) {
 
 			cap_idx.type = RTE_CRYPTO_SYM_XFORM_AUTH;
 			cap_idx.algo.auth = opts->auth_algo;
@@ -137,8 +136,8 @@ cperf_verify_devices_capabilities(struct cperf_options *opts,
 			ret = rte_cryptodev_sym_capability_check_auth(
 					capability,
 					opts->auth_key_sz,
-					opts->auth_digest_sz,
-					opts->auth_aad_sz,
+					opts->digest_sz,
+					0,
 					opts->auth_iv_sz);
 			if (ret != 0)
 				return ret;
@@ -146,8 +145,7 @@ cperf_verify_devices_capabilities(struct cperf_options *opts,
 
 		if (opts->op_type == CPERF_CIPHER_ONLY ||
 				opts->op_type == CPERF_CIPHER_THEN_AUTH ||
-				opts->op_type == CPERF_AUTH_THEN_CIPHER ||
-				opts->op_type == CPERF_AEAD) {
+				opts->op_type == CPERF_AUTH_THEN_CIPHER) {
 
 			cap_idx.type = RTE_CRYPTO_SYM_XFORM_CIPHER;
 			cap_idx.algo.cipher = opts->cipher_algo;
@@ -164,6 +162,26 @@ cperf_verify_devices_capabilities(struct cperf_options *opts,
 			if (ret != 0)
 				return ret;
 		}
+
+		if (opts->op_type == CPERF_AEAD) {
+
+			cap_idx.type = RTE_CRYPTO_SYM_XFORM_AEAD;
+			cap_idx.algo.aead = opts->aead_algo;
+
+			capability = rte_cryptodev_sym_capability_get(cdev_id,
+					&cap_idx);
+			if (capability == NULL)
+				return -1;
+
+			ret = rte_cryptodev_sym_capability_check_aead(
+					capability,
+					opts->aead_key_sz,
+					opts->digest_sz,
+					opts->aead_aad_sz,
+					opts->aead_iv_sz);
+			if (ret != 0)
+				return ret;
+		}
 	}
 
 	return 0;
@@ -212,7 +230,7 @@ cperf_check_test_vector(struct cperf_options *opts,
 				return -1;
 			if (test_vec->digest.data == NULL)
 				return -1;
-			if (test_vec->digest.length < opts->auth_digest_sz)
+			if (test_vec->digest.length < opts->digest_sz)
 				return -1;
 		}
 
@@ -253,7 +271,7 @@ cperf_check_test_vector(struct cperf_options *opts,
 				return -1;
 			if (test_vec->digest.data == NULL)
 				return -1;
-			if (test_vec->digest.length < opts->auth_digest_sz)
+			if (test_vec->digest.length < opts->digest_sz)
 				return -1;
 		}
 	} else if (opts->op_type == CPERF_AEAD) {
@@ -265,17 +283,17 @@ cperf_check_test_vector(struct cperf_options *opts,
 			return -1;
 		if (test_vec->ciphertext.length < opts->max_buffer_size)
 			return -1;
-		if (test_vec->cipher_iv.data == NULL)
+		if (test_vec->aead_iv.data == NULL)
 			return -1;
-		if (test_vec->cipher_iv.length != opts->cipher_iv_sz)
+		if (test_vec->aead_iv.length != opts->aead_iv_sz)
 			return -1;
 		if (test_vec->aad.data == NULL)
 			return -1;
-		if (test_vec->aad.length != opts->auth_aad_sz)
+		if (test_vec->aad.length != opts->aead_aad_sz)
 			return -1;
 		if (test_vec->digest.data == NULL)
 			return -1;
-		if (test_vec->digest.length < opts->auth_digest_sz)
+		if (test_vec->digest.length < opts->digest_sz)
 			return -1;
 	}
 	return 0;
diff --git a/doc/guides/tools/cryptoperf.rst b/doc/guides/tools/cryptoperf.rst
index c0accfc..6b797a7 100644
--- a/doc/guides/tools/cryptoperf.rst
+++ b/doc/guides/tools/cryptoperf.rst
@@ -294,13 +294,37 @@ The following are the appication command-line options:
 
         Set the size of auth iv.
 
-* ``--auth-digest-sz <n>``
+* ``--aead-algo <name>``
 
-        Set the size of authentication digest.
+        Set AEAD algorithm name, where ``name`` is one
+        of the following::
+
+           aes-ccm
+           aes-gcm
+
+* ``--aead-op <mode>``
+
+        Set AEAD operation mode, where ``mode`` is one of
+        the following::
+
+           encrypt
+           decrypt
+
+* ``--aead-key-sz <n>``
+
+        Set the size of AEAD key.
+
+* ``--aead-iv-sz <n>``
+
+        Set the size of AEAD iv.
+
+* ``--aead-aad-sz <n>``
+
+        Set the size of AEAD aad.
 
-* ``--auth-aad-sz <n>``
+* ``--digest-sz <n>``
 
-        Set the size of authentication aad.
+        Set the size of digest.
 
 * ``--csv-friendly``
 
-- 
2.9.4

^ permalink raw reply	[flat|nested] 100+ messages in thread

* [dpdk-dev] [PATCH v4 23/26] examples/ipsec-secgw: add AEAD parameters
  2017-07-02  5:41     ` [dpdk-dev] [PATCH v4 " Pablo de Lara
                         ` (21 preceding siblings ...)
  2017-07-02  5:41       ` [dpdk-dev] [PATCH v4 22/26] app/test-crypto-perf: add AEAD parameters Pablo de Lara
@ 2017-07-02  5:41       ` Pablo de Lara
  2017-07-02  5:41       ` [dpdk-dev] [PATCH v4 24/26] examples/l2fwd-crypto: " Pablo de Lara
                         ` (3 subsequent siblings)
  26 siblings, 0 replies; 100+ messages in thread
From: Pablo de Lara @ 2017-07-02  5:41 UTC (permalink / raw)
  To: declan.doherty, zbigniew.bodek, jerin.jacob, akhil.goyal,
	hemant.agrawal, fiona.trahe, john.griffin, deepak.k.jain
  Cc: dev, Pablo de Lara

Since there is a new operation type (AEAD), add parameters
for this in the application.

Signed-off-by: Pablo de Lara <pablo.de.lara.guarch@intel.com>
Acked-by: Akhil Goyal <akhil.goyal@nxp.com>
Acked-by: Fiona Trahe <fiona.trahe@intel.com>
---
 doc/guides/sample_app_ug/ipsec_secgw.rst |  32 +++++++--
 examples/ipsec-secgw/ipsec.h             |   1 +
 examples/ipsec-secgw/sa.c                | 116 +++++++++++++++++++++++++++++--
 3 files changed, 139 insertions(+), 10 deletions(-)

diff --git a/doc/guides/sample_app_ug/ipsec_secgw.rst b/doc/guides/sample_app_ug/ipsec_secgw.rst
index 885c77e..ca2a34d 100644
--- a/doc/guides/sample_app_ug/ipsec_secgw.rst
+++ b/doc/guides/sample_app_ug/ipsec_secgw.rst
@@ -412,7 +412,7 @@ where each options means:
 
  * Cipher algorithm
 
- * Optional: No
+ * Optional: Yes, unless <aead_algo> is not used
 
  * Available options:
 
@@ -427,7 +427,8 @@ where each options means:
 
  * Cipher key, NOT available when 'null' algorithm is used
 
- * Optional: No, must followed by <cipher_algo> option
+ * Optional: Yes, unless <aead_algo> is not used.
+   Must be followed by <cipher_algo> option
 
  * Syntax: Hexadecimal bytes (0x0-0xFF) concatenate by colon symbol ':'.
    The number of bytes should be as same as the specified cipher algorithm
@@ -440,7 +441,7 @@ where each options means:
 
  * Authentication algorithm
 
- * Optional: No
+ * Optional: Yes, unless <aead_algo> is not used
 
  * Available options:
 
@@ -453,7 +454,8 @@ where each options means:
  * Authentication key, NOT available when 'null' or 'aes-128-gcm' algorithm
    is used.
 
- * Optional: No, must followed by <auth_algo> option
+ * Optional: Yes, unless <aead_algo> is not used.
+   Must be followed by <auth_algo> option
 
  * Syntax: Hexadecimal bytes (0x0-0xFF) concatenate by colon symbol ':'.
    The number of bytes should be as same as the specified authentication
@@ -462,6 +464,28 @@ where each options means:
    For example: *auth_key A1:B2:C3:D4:A1:B2:C3:D4:A1:B2:C3:D4:A1:B2:C3:D4:
    A1:B2:C3:D4*
 
+``<aead_algo>``
+
+ * AEAD algorithm
+
+ * Optional: Yes, unless <cipher_algo> and <auth_algo> are not used
+
+ * Syntax: *cipher_algo <your algorithm>*
+
+``<aead_key>``
+
+ * Cipher key, NOT available when 'null' algorithm is used
+
+ * Optional: Yes, unless <cipher_algo> and <auth_algo> are not used.
+   Must be followed by <aead_algo> option
+
+ * Syntax: Hexadecimal bytes (0x0-0xFF) concatenate by colon symbol ':'.
+   The number of bytes should be as same as the specified AEAD algorithm
+   key size.
+
+   For example: *aead_key A1:B2:C3:D4:A1:B2:C3:D4:A1:B2:C3:D4:
+   A1:B2:C3:D4*
+
 ``<mode>``
 
  * The operation mode
diff --git a/examples/ipsec-secgw/ipsec.h b/examples/ipsec-secgw/ipsec.h
index 405cf3d..f8569ca 100644
--- a/examples/ipsec-secgw/ipsec.h
+++ b/examples/ipsec-secgw/ipsec.h
@@ -103,6 +103,7 @@ struct ipsec_sa {
 	struct rte_cryptodev_sym_session *crypto_session;
 	enum rte_crypto_cipher_algorithm cipher_algo;
 	enum rte_crypto_auth_algorithm auth_algo;
+	enum rte_crypto_aead_algorithm aead_algo;
 	uint16_t digest_len;
 	uint16_t iv_len;
 	uint16_t block_size;
diff --git a/examples/ipsec-secgw/sa.c b/examples/ipsec-secgw/sa.c
index 85e4d4e..9d80bd3 100644
--- a/examples/ipsec-secgw/sa.c
+++ b/examples/ipsec-secgw/sa.c
@@ -68,6 +68,17 @@ struct supported_auth_algo {
 	uint8_t key_not_req;
 };
 
+struct supported_aead_algo {
+	const char *keyword;
+	enum rte_crypto_aead_algorithm algo;
+	uint16_t iv_len;
+	uint16_t block_size;
+	uint16_t digest_len;
+	uint16_t key_len;
+	uint8_t aad_len;
+};
+
+
 const struct supported_cipher_algo cipher_algos[] = {
 	{
 		.keyword = "null",
@@ -128,6 +139,8 @@ const struct supported_auth_algo auth_algos[] = {
 	}
 };
 
+const struct supported_aead_algo aead_algos[] = { { } };
+
 struct ipsec_sa sa_out[IPSEC_SA_MAX_ENTRIES];
 uint32_t nb_sa_out;
 
@@ -166,6 +179,22 @@ find_match_auth_algo(const char *auth_keyword)
 	return NULL;
 }
 
+static const struct supported_aead_algo *
+find_match_aead_algo(const char *aead_keyword)
+{
+	size_t i;
+
+	for (i = 0; i < RTE_DIM(aead_algos); i++) {
+		const struct supported_aead_algo *algo =
+			&aead_algos[i];
+
+		if (strcmp(aead_keyword, algo->keyword) == 0)
+			return algo;
+	}
+
+	return NULL;
+}
+
 /** parse_key_string
  *  parse x:x:x:x.... hex number key string into uint8_t *key
  *  return:
@@ -210,6 +239,7 @@ parse_sa_tokens(char **tokens, uint32_t n_tokens,
 	uint32_t *ri /*rule index*/;
 	uint32_t cipher_algo_p = 0;
 	uint32_t auth_algo_p = 0;
+	uint32_t aead_algo_p = 0;
 	uint32_t src_p = 0;
 	uint32_t dst_p = 0;
 	uint32_t mode_p = 0;
@@ -386,6 +416,61 @@ parse_sa_tokens(char **tokens, uint32_t n_tokens,
 			continue;
 		}
 
+		if (strcmp(tokens[ti], "aead_algo") == 0) {
+			const struct supported_aead_algo *algo;
+			uint32_t key_len;
+
+			APP_CHECK_PRESENCE(aead_algo_p, tokens[ti],
+				status);
+			if (status->status < 0)
+				return;
+
+			INCREMENT_TOKEN_INDEX(ti, n_tokens, status);
+			if (status->status < 0)
+				return;
+
+			algo = find_match_aead_algo(tokens[ti]);
+
+			APP_CHECK(algo != NULL, status, "unrecognized "
+				"input \"%s\"", tokens[ti]);
+
+			rule->aead_algo = algo->algo;
+			rule->cipher_key_len = algo->key_len;
+			rule->digest_len = algo->digest_len;
+			rule->aad_len = algo->key_len;
+			rule->block_size = algo->block_size;
+			rule->iv_len = algo->iv_len;
+
+			INCREMENT_TOKEN_INDEX(ti, n_tokens, status);
+			if (status->status < 0)
+				return;
+
+			APP_CHECK(strcmp(tokens[ti], "aead_key") == 0,
+				status, "unrecognized input \"%s\", "
+				"expect \"aead_key\"", tokens[ti]);
+			if (status->status < 0)
+				return;
+
+			INCREMENT_TOKEN_INDEX(ti, n_tokens, status);
+			if (status->status < 0)
+				return;
+
+			key_len = parse_key_string(tokens[ti],
+				rule->cipher_key);
+			APP_CHECK(key_len == rule->cipher_key_len, status,
+				"unrecognized input \"%s\"", tokens[ti]);
+			if (status->status < 0)
+				return;
+
+			key_len -= 4;
+			rule->cipher_key_len = key_len;
+			memcpy(&rule->salt,
+				&rule->cipher_key[key_len], 4);
+
+			aead_algo_p = 1;
+			continue;
+		}
+
 		if (strcmp(tokens[ti], "src") == 0) {
 			APP_CHECK_PRESENCE(src_p, tokens[ti], status);
 			if (status->status < 0)
@@ -477,13 +562,25 @@ parse_sa_tokens(char **tokens, uint32_t n_tokens,
 		return;
 	}
 
-	APP_CHECK(cipher_algo_p == 1, status, "missing cipher options");
-	if (status->status < 0)
-		return;
+	if (aead_algo_p) {
+		APP_CHECK(cipher_algo_p == 0, status,
+				"AEAD used, no need for cipher options");
+		if (status->status < 0)
+			return;
 
-	APP_CHECK(auth_algo_p == 1, status, "missing auth options");
-	if (status->status < 0)
-		return;
+		APP_CHECK(auth_algo_p == 0, status,
+				"AEAD used, no need for auth options");
+		if (status->status < 0)
+			return;
+	} else {
+		APP_CHECK(cipher_algo_p == 1, status, "missing cipher or AEAD options");
+		if (status->status < 0)
+			return;
+
+		APP_CHECK(auth_algo_p == 1, status, "missing auth or AEAD options");
+		if (status->status < 0)
+			return;
+	}
 
 	APP_CHECK(mode_p == 1, status, "missing mode option");
 	if (status->status < 0)
@@ -514,6 +611,13 @@ print_one_sa_rule(const struct ipsec_sa *sa, int inbound)
 		}
 	}
 
+	for (i = 0; i < RTE_DIM(aead_algos); i++) {
+		if (aead_algos[i].algo == sa->aead_algo) {
+			printf("%s ", aead_algos[i].keyword);
+			break;
+		}
+	}
+
 	printf("mode:");
 
 	switch (sa->flags) {
-- 
2.9.4

^ permalink raw reply	[flat|nested] 100+ messages in thread

* [dpdk-dev] [PATCH v4 24/26] examples/l2fwd-crypto: add AEAD parameters
  2017-07-02  5:41     ` [dpdk-dev] [PATCH v4 " Pablo de Lara
                         ` (22 preceding siblings ...)
  2017-07-02  5:41       ` [dpdk-dev] [PATCH v4 23/26] examples/ipsec-secgw: " Pablo de Lara
@ 2017-07-02  5:41       ` Pablo de Lara
  2017-07-02  5:41       ` [dpdk-dev] [PATCH v4 25/26] cryptodev: use AES-GCM/CCM as AEAD algorithms Pablo de Lara
                         ` (2 subsequent siblings)
  26 siblings, 0 replies; 100+ messages in thread
From: Pablo de Lara @ 2017-07-02  5:41 UTC (permalink / raw)
  To: declan.doherty, zbigniew.bodek, jerin.jacob, akhil.goyal,
	hemant.agrawal, fiona.trahe, john.griffin, deepak.k.jain
  Cc: dev, Pablo de Lara

Since there is a new operation type (AEAD), add parameters
for this in the application.

Signed-off-by: Pablo de Lara <pablo.de.lara.guarch@intel.com>
Acked-by: Akhil Goyal <akhil.goyal@nxp.com>
Acked-by: Fiona Trahe <fiona.trahe@intel.com>
---
 doc/guides/sample_app_ug/l2_forward_crypto.rst |  24 +-
 examples/l2fwd-crypto/main.c                   | 388 +++++++++++++++++++++----
 2 files changed, 357 insertions(+), 55 deletions(-)

diff --git a/doc/guides/sample_app_ug/l2_forward_crypto.rst b/doc/guides/sample_app_ug/l2_forward_crypto.rst
index b9aa573..2880c43 100644
--- a/doc/guides/sample_app_ug/l2_forward_crypto.rst
+++ b/doc/guides/sample_app_ug/l2_forward_crypto.rst
@@ -110,7 +110,9 @@ where,
 
 *   chain: select the operation chaining to perform: Cipher->Hash (CIPHER_HASH),
 
-    Hash->Cipher (HASH_CIPHER), Cipher (CIPHER_ONLY), Hash(HASH_ONLY)
+    Hash->Cipher (HASH_CIPHER), Cipher (CIPHER_ONLY), Hash (HASH_ONLY)
+
+    or AEAD (AEAD)
 
     (default is Cipher->Hash)
 
@@ -154,6 +156,26 @@ where,
 
     Note that if --auth_iv is used, this will be ignored.
 
+*   aead_algo: select the AEAD algorithm
+
+*   aead_op: select the AEAD operation to perform: ENCRYPT or DECRYPT
+
+    (default is ENCRYPT)
+
+*   aead_key: set the AEAD key to be used. Bytes has to be separated with ":"
+
+*   aead_key_random_size: set the size of the AEAD key,
+
+    which will be generated randomly.
+
+    Note that if --aead_key is used, this will be ignored.
+
+*   aead_iv: set the AEAD IV to be used. Bytes has to be separated with ":"
+
+*   aead_iv_random_size: set the size of the AEAD IV, which will be generated randomly.
+
+    Note that if --aead_iv is used, this will be ignored.
+
 *   aad: set the AAD to be used. Bytes has to be separated with ":"
 
 *   aad_random_size: set the size of the AAD, which will be generated randomly.
diff --git a/examples/l2fwd-crypto/main.c b/examples/l2fwd-crypto/main.c
index fb829e3..914f8ed 100644
--- a/examples/l2fwd-crypto/main.c
+++ b/examples/l2fwd-crypto/main.c
@@ -130,7 +130,8 @@ enum l2fwd_crypto_xform_chain {
 	L2FWD_CRYPTO_CIPHER_HASH,
 	L2FWD_CRYPTO_HASH_CIPHER,
 	L2FWD_CRYPTO_CIPHER_ONLY,
-	L2FWD_CRYPTO_HASH_ONLY
+	L2FWD_CRYPTO_HASH_ONLY,
+	L2FWD_CRYPTO_AEAD
 };
 
 struct l2fwd_key {
@@ -172,6 +173,14 @@ struct l2fwd_crypto_options {
 	unsigned int auth_iv_param;
 	int auth_iv_random_size;
 
+	struct rte_crypto_sym_xform aead_xform;
+	unsigned int aead_key_param;
+	int aead_key_random_size;
+
+	struct l2fwd_iv aead_iv;
+	unsigned int aead_iv_param;
+	int aead_iv_random_size;
+
 	struct l2fwd_key aad;
 	unsigned aad_param;
 	int aad_random_size;
@@ -194,15 +203,18 @@ struct l2fwd_crypto_params {
 
 	struct l2fwd_iv cipher_iv;
 	struct l2fwd_iv auth_iv;
+	struct l2fwd_iv aead_iv;
 	struct l2fwd_key aad;
 	struct rte_cryptodev_sym_session *session;
 
 	uint8_t do_cipher;
 	uint8_t do_hash;
+	uint8_t do_aead;
 	uint8_t hash_verify;
 
 	enum rte_crypto_cipher_algorithm cipher_algo;
 	enum rte_crypto_auth_algorithm auth_algo;
+	enum rte_crypto_aead_algorithm aead_algo;
 };
 
 /** lcore configuration */
@@ -492,14 +504,6 @@ l2fwd_simple_crypto_enqueue(struct rte_mbuf *m,
 			op->sym->auth.data.offset = ipdata_offset;
 			op->sym->auth.data.length = data_len;
 		}
-
-		if (cparams->aad.length) {
-			op->sym->auth.aad.data = cparams->aad.data;
-			op->sym->auth.aad.phys_addr = cparams->aad.phys_addr;
-		} else {
-			op->sym->auth.aad.data = NULL;
-			op->sym->auth.aad.phys_addr = 0;
-		}
 	}
 
 	if (cparams->do_cipher) {
@@ -521,6 +525,33 @@ l2fwd_simple_crypto_enqueue(struct rte_mbuf *m,
 		}
 	}
 
+	if (cparams->do_aead) {
+		uint8_t *iv_ptr = rte_crypto_op_ctod_offset(op, uint8_t *,
+							IV_OFFSET);
+		/* Copy IV at the end of the crypto operation */
+		rte_memcpy(iv_ptr, cparams->aead_iv.data, cparams->aead_iv.length);
+
+		op->sym->aead.data.offset = ipdata_offset;
+		op->sym->aead.data.length = data_len;
+
+		if (!cparams->hash_verify) {
+			/* Append space for digest to end of packet */
+			op->sym->aead.digest.data = (uint8_t *)rte_pktmbuf_append(m,
+				cparams->digest_length);
+		} else {
+			op->sym->aead.digest.data = rte_pktmbuf_mtod(m,
+				uint8_t *) + ipdata_offset + data_len;
+		}
+
+		op->sym->auth.digest.phys_addr = rte_pktmbuf_mtophys_offset(m,
+				rte_pktmbuf_pkt_len(m) - cparams->digest_length);
+
+		if (cparams->aad.length) {
+			op->sym->aead.aad.data = cparams->aad.data;
+			op->sym->aead.aad.phys_addr = cparams->aad.phys_addr;
+		}
+	}
+
 	op->sym->m_src = m;
 
 	return l2fwd_crypto_enqueue(op, cparams);
@@ -617,7 +648,9 @@ initialize_crypto_session(struct l2fwd_crypto_options *options,
 {
 	struct rte_crypto_sym_xform *first_xform;
 
-	if (options->xform_chain == L2FWD_CRYPTO_CIPHER_HASH) {
+	if (options->xform_chain == L2FWD_CRYPTO_AEAD) {
+		first_xform = &options->aead_xform;
+	} else if (options->xform_chain == L2FWD_CRYPTO_CIPHER_HASH) {
 		first_xform = &options->cipher_xform;
 		first_xform->next = &options->auth_xform;
 	} else if (options->xform_chain == L2FWD_CRYPTO_HASH_CIPHER) {
@@ -669,8 +702,12 @@ l2fwd_main_loop(struct l2fwd_crypto_options *options)
 	for (i = 0; i < qconf->nb_crypto_devs; i++) {
 		port_cparams[i].do_cipher = 0;
 		port_cparams[i].do_hash = 0;
+		port_cparams[i].do_aead = 0;
 
 		switch (options->xform_chain) {
+		case L2FWD_CRYPTO_AEAD:
+			port_cparams[i].do_aead = 1;
+			break;
 		case L2FWD_CRYPTO_CIPHER_HASH:
 		case L2FWD_CRYPTO_HASH_CIPHER:
 			port_cparams[i].do_cipher = 1;
@@ -695,6 +732,12 @@ l2fwd_main_loop(struct l2fwd_crypto_options *options)
 			if (!options->auth_iv_param)
 				generate_random_key(port_cparams[i].auth_iv.data,
 						port_cparams[i].auth_iv.length);
+			if (options->auth_xform.auth.op == RTE_CRYPTO_AUTH_OP_VERIFY)
+				port_cparams[i].hash_verify = 1;
+			else
+				port_cparams[i].hash_verify = 0;
+
+			port_cparams[i].auth_algo = options->auth_xform.auth.algo;
 			/* Set IV parameters */
 			if (options->auth_iv.length) {
 				options->auth_xform.auth.iv.offset =
@@ -702,11 +745,16 @@ l2fwd_main_loop(struct l2fwd_crypto_options *options)
 				options->auth_xform.auth.iv.length =
 					options->auth_iv.length;
 			}
+		}
+
+		if (port_cparams[i].do_aead) {
+			port_cparams[i].aead_algo = options->aead_xform.aead.algo;
 			port_cparams[i].digest_length =
-					options->auth_xform.auth.digest_length;
-			if (options->auth_xform.auth.add_auth_data_length) {
+					options->aead_xform.aead.digest_length;
+			if (options->aead_xform.aead.add_auth_data_length) {
 				port_cparams[i].aad.data = options->aad.data;
 				port_cparams[i].aad.phys_addr = options->aad.phys_addr;
+				port_cparams[i].aad.length = options->aad.length;
 				if (!options->aad_param)
 					generate_random_key(port_cparams[i].aad.data,
 						port_cparams[i].aad.length);
@@ -714,12 +762,14 @@ l2fwd_main_loop(struct l2fwd_crypto_options *options)
 			} else
 				port_cparams[i].aad.length = 0;
 
-			if (options->auth_xform.auth.op == RTE_CRYPTO_AUTH_OP_VERIFY)
+			if (options->aead_xform.aead.op == RTE_CRYPTO_AEAD_OP_DECRYPT)
 				port_cparams[i].hash_verify = 1;
 			else
 				port_cparams[i].hash_verify = 0;
 
-			port_cparams[i].auth_algo = options->auth_xform.auth.algo;
+			/* Set IV parameters */
+			options->aead_xform.aead.iv.offset = IV_OFFSET;
+			options->aead_xform.aead.iv.length = options->aead_iv.length;
 		}
 
 		if (port_cparams[i].do_cipher) {
@@ -881,7 +931,7 @@ l2fwd_crypto_usage(const char *prgname)
 
 		"  --cdev_type HW / SW / ANY\n"
 		"  --chain HASH_CIPHER / CIPHER_HASH / CIPHER_ONLY /"
-		" HASH_ONLY\n"
+		" HASH_ONLY / AEAD\n"
 
 		"  --cipher_algo ALGO\n"
 		"  --cipher_op ENCRYPT / DECRYPT\n"
@@ -896,8 +946,16 @@ l2fwd_crypto_usage(const char *prgname)
 		"  --auth_key_random_size SIZE: size of auth key when generated randomly\n"
 		"  --auth_iv IV (bytes separated with \":\")\n"
 		"  --auth_iv_random_size SIZE: size of auth IV when generated randomly\n"
+
+		"  --aead_algo ALGO\n"
+		"  --aead_op ENCRYPT / DECRYPT\n"
+		"  --aead_key KEY (bytes separated with \":\")\n"
+		"  --aead_key_random_size SIZE: size of AEAD key when generated randomly\n"
+		"  --aead_iv IV (bytes separated with \":\")\n"
+		"  --aead_iv_random_size SIZE: size of AEAD IV when generated randomly\n"
 		"  --aad AAD (bytes separated with \":\")\n"
 		"  --aad_random_size SIZE: size of AAD when generated randomly\n"
+
 		"  --digest_size SIZE: size of digest to be generated/verified\n"
 
 		"  --sessionless\n"
@@ -939,6 +997,9 @@ parse_crypto_opt_chain(struct l2fwd_crypto_options *options, char *optarg)
 	} else if (strcmp("HASH_ONLY", optarg) == 0) {
 		options->xform_chain = L2FWD_CRYPTO_HASH_ONLY;
 		return 0;
+	} else if (strcmp("AEAD", optarg) == 0) {
+		options->xform_chain = L2FWD_CRYPTO_AEAD;
+		return 0;
 	}
 
 	return -1;
@@ -1046,6 +1107,32 @@ parse_auth_op(enum rte_crypto_auth_operation *op, char *optarg)
 }
 
 static int
+parse_aead_algo(enum rte_crypto_aead_algorithm *algo, char *optarg)
+{
+	if (rte_cryptodev_get_aead_algo_enum(algo, optarg) < 0) {
+		RTE_LOG(ERR, USER1, "AEAD algorithm specified "
+				"not supported!\n");
+		return -1;
+	}
+
+	return 0;
+}
+
+static int
+parse_aead_op(enum rte_crypto_aead_operation *op, char *optarg)
+{
+	if (strcmp("ENCRYPT", optarg) == 0) {
+		*op = RTE_CRYPTO_AEAD_OP_ENCRYPT;
+		return 0;
+	} else if (strcmp("DECRYPT", optarg) == 0) {
+		*op = RTE_CRYPTO_AEAD_OP_DECRYPT;
+		return 0;
+	}
+
+	printf("AEAD operation specified not supported!\n");
+	return -1;
+}
+static int
 parse_cryptodev_mask(struct l2fwd_crypto_options *options,
 		const char *q_arg)
 {
@@ -1143,7 +1230,6 @@ l2fwd_crypto_parse_args_long_options(struct l2fwd_crypto_options *options,
 		return parse_size(&options->akey_random_size, optarg);
 	}
 
-
 	else if (strcmp(lgopts[option_index].name, "auth_iv") == 0) {
 		options->auth_iv_param = 1;
 		options->auth_iv.length =
@@ -1157,6 +1243,43 @@ l2fwd_crypto_parse_args_long_options(struct l2fwd_crypto_options *options,
 	else if (strcmp(lgopts[option_index].name, "auth_iv_random_size") == 0)
 		return parse_size(&options->auth_iv_random_size, optarg);
 
+	/* AEAD options */
+	else if (strcmp(lgopts[option_index].name, "aead_algo") == 0) {
+		return parse_aead_algo(&options->aead_xform.aead.algo,
+				optarg);
+	}
+
+	else if (strcmp(lgopts[option_index].name, "aead_op") == 0)
+		return parse_aead_op(&options->aead_xform.aead.op,
+				optarg);
+
+	else if (strcmp(lgopts[option_index].name, "aead_key") == 0) {
+		options->aead_key_param = 1;
+		options->aead_xform.aead.key.length =
+			parse_key(options->aead_xform.aead.key.data, optarg);
+		if (options->aead_xform.aead.key.length > 0)
+			return 0;
+		else
+			return -1;
+	}
+
+	else if (strcmp(lgopts[option_index].name, "aead_key_random_size") == 0)
+		return parse_size(&options->aead_key_random_size, optarg);
+
+
+	else if (strcmp(lgopts[option_index].name, "aead_iv") == 0) {
+		options->aead_iv_param = 1;
+		options->aead_iv.length =
+			parse_key(options->aead_iv.data, optarg);
+		if (options->aead_iv.length > 0)
+			return 0;
+		else
+			return -1;
+	}
+
+	else if (strcmp(lgopts[option_index].name, "aead_iv_random_size") == 0)
+		return parse_size(&options->aead_iv_random_size, optarg);
+
 	else if (strcmp(lgopts[option_index].name, "aad") == 0) {
 		options->aad_param = 1;
 		options->aad.length =
@@ -1291,13 +1414,25 @@ l2fwd_crypto_default_options(struct l2fwd_crypto_options *options)
 	options->auth_iv_param = 0;
 	options->auth_iv_random_size = -1;
 	options->auth_iv.length = 0;
+
+	options->auth_xform.auth.algo = RTE_CRYPTO_AUTH_SHA1_HMAC;
+	options->auth_xform.auth.op = RTE_CRYPTO_AUTH_OP_GENERATE;
+
+	/* AEAD Data */
+	options->aead_xform.type = RTE_CRYPTO_SYM_XFORM_AEAD;
+	options->aead_xform.next = NULL;
+	options->aead_key_param = 0;
+	options->aead_key_random_size = -1;
+	options->aead_xform.aead.key.length = 0;
+	options->aead_iv_param = 0;
+	options->aead_iv_random_size = -1;
+	options->aead_iv.length = 0;
+
 	options->aad_param = 0;
 	options->aad_random_size = -1;
 	options->aad.length = 0;
-	options->digest_size = -1;
 
-	options->auth_xform.auth.algo = RTE_CRYPTO_AUTH_SHA1_HMAC;
-	options->auth_xform.auth.op = RTE_CRYPTO_AUTH_OP_GENERATE;
+	options->digest_size = -1;
 
 	options->type = CDEV_TYPE_ANY;
 	options->cryptodev_mask = UINT64_MAX;
@@ -1325,6 +1460,18 @@ display_auth_info(struct l2fwd_crypto_options *options)
 			options->auth_xform.auth.key.data,
 			options->auth_xform.auth.key.length);
 	rte_hexdump(stdout, "IV:", options->auth_iv.data, options->auth_iv.length);
+}
+
+static void
+display_aead_info(struct l2fwd_crypto_options *options)
+{
+	printf("\n---- AEAD information ---\n");
+	printf("Algorithm: %s\n",
+		rte_crypto_aead_algorithm_strings[options->aead_xform.aead.algo]);
+	rte_hexdump(stdout, "AEAD key:",
+			options->aead_xform.aead.key.data,
+			options->aead_xform.aead.key.length);
+	rte_hexdump(stdout, "IV:", options->aead_iv.data, options->aead_iv.length);
 	rte_hexdump(stdout, "AAD:", options->aad.data, options->aad.length);
 }
 
@@ -1333,6 +1480,7 @@ l2fwd_crypto_options_print(struct l2fwd_crypto_options *options)
 {
 	char string_cipher_op[MAX_STR_LEN];
 	char string_auth_op[MAX_STR_LEN];
+	char string_aead_op[MAX_STR_LEN];
 
 	if (options->cipher_xform.cipher.op == RTE_CRYPTO_CIPHER_OP_ENCRYPT)
 		strcpy(string_cipher_op, "Encrypt");
@@ -1344,6 +1492,12 @@ l2fwd_crypto_options_print(struct l2fwd_crypto_options *options)
 	else
 		strcpy(string_auth_op, "Auth verify");
 
+	if (options->aead_xform.aead.op == RTE_CRYPTO_AEAD_OP_ENCRYPT)
+		strcpy(string_aead_op, "Authenticated encryption");
+	else
+		strcpy(string_aead_op, "Authenticated decryption");
+
+
 	printf("Options:-\nn");
 	printf("portmask: %x\n", options->portmask);
 	printf("ports per lcore: %u\n", options->nb_ports_per_lcore);
@@ -1373,6 +1527,10 @@ l2fwd_crypto_options_print(struct l2fwd_crypto_options *options)
 
 	printf("\nCrypto chain: ");
 	switch (options->xform_chain) {
+	case L2FWD_CRYPTO_AEAD:
+		printf("Input --> %s --> Output\n", string_aead_op);
+		display_aead_info(options);
+		break;
 	case L2FWD_CRYPTO_CIPHER_HASH:
 		printf("Input --> %s --> %s --> Output\n",
 			string_cipher_op, string_auth_op);
@@ -1424,8 +1582,16 @@ l2fwd_crypto_parse_args(struct l2fwd_crypto_options *options,
 			{ "auth_iv", required_argument, 0, 0 },
 			{ "auth_iv_random_size", required_argument, 0, 0 },
 
+			{ "aead_algo", required_argument, 0, 0 },
+			{ "aead_op", required_argument, 0, 0 },
+			{ "aead_key", required_argument, 0, 0 },
+			{ "aead_key_random_size", required_argument, 0, 0 },
+			{ "aead_iv", required_argument, 0, 0 },
+			{ "aead_iv_random_size", required_argument, 0, 0 },
+
 			{ "aad", required_argument, 0, 0 },
 			{ "aad_random_size", required_argument, 0, 0 },
+
 			{ "digest_size", required_argument, 0, 0 },
 
 			{ "sessionless", no_argument, 0, 0 },
@@ -1639,6 +1805,40 @@ check_device_support_auth_algo(const struct l2fwd_crypto_options *options,
 	return cap;
 }
 
+static const struct rte_cryptodev_capabilities *
+check_device_support_aead_algo(const struct l2fwd_crypto_options *options,
+		const struct rte_cryptodev_info *dev_info,
+		uint8_t cdev_id)
+{
+	unsigned int i = 0;
+	const struct rte_cryptodev_capabilities *cap = &dev_info->capabilities[0];
+	enum rte_crypto_aead_algorithm cap_aead_algo;
+	enum rte_crypto_aead_algorithm opt_aead_algo =
+					options->aead_xform.aead.algo;
+
+	while (cap->op != RTE_CRYPTO_OP_TYPE_UNDEFINED) {
+		cap_aead_algo = cap->sym.aead.algo;
+		if (cap->sym.xform_type == RTE_CRYPTO_SYM_XFORM_AEAD) {
+			if (cap_aead_algo == opt_aead_algo) {
+				if (check_type(options, dev_info) == 0)
+					break;
+			}
+		}
+		cap = &dev_info->capabilities[++i];
+	}
+
+	if (cap->op == RTE_CRYPTO_OP_TYPE_UNDEFINED) {
+		printf("Algorithm %s not supported by cryptodev %u"
+			" or device not of preferred type (%s)\n",
+			rte_crypto_aead_algorithm_strings[opt_aead_algo],
+			cdev_id,
+			options->string_type);
+		return NULL;
+	}
+
+	return cap;
+}
+
 /* Check if the device is enabled by cryptodev_mask */
 static int
 check_cryptodev_mask(struct l2fwd_crypto_options *options,
@@ -1745,6 +1945,112 @@ initialize_cryptodevs(struct l2fwd_crypto_options *options, unsigned nb_ports,
 
 		rte_cryptodev_info_get(cdev_id, &dev_info);
 
+		/* Set AEAD parameters */
+		if (options->xform_chain == L2FWD_CRYPTO_AEAD) {
+			/* Check if device supports AEAD algo */
+			cap = check_device_support_aead_algo(options, &dev_info,
+							cdev_id);
+			if (cap == NULL)
+				continue;
+
+			options->block_size = cap->sym.aead.block_size;
+
+			check_iv_param(&cap->sym.aead.iv_size,
+					options->aead_iv_param,
+					options->aead_iv_random_size,
+					&options->aead_iv.length);
+
+			/*
+			 * Check if length of provided AEAD key is supported
+			 * by the algorithm chosen.
+			 */
+			if (options->aead_key_param) {
+				if (check_supported_size(
+						options->aead_xform.aead.key.length,
+						cap->sym.aead.key_size.min,
+						cap->sym.aead.key_size.max,
+						cap->sym.aead.key_size.increment)
+							!= 0) {
+					printf("Unsupported aead key length\n");
+					return -1;
+				}
+			/*
+			 * Check if length of the aead key to be randomly generated
+			 * is supported by the algorithm chosen.
+			 */
+			} else if (options->aead_key_random_size != -1) {
+				if (check_supported_size(options->ckey_random_size,
+						cap->sym.aead.key_size.min,
+						cap->sym.aead.key_size.max,
+						cap->sym.aead.key_size.increment)
+							!= 0) {
+					printf("Unsupported aead key length\n");
+					return -1;
+				}
+				options->aead_xform.aead.key.length =
+							options->ckey_random_size;
+			/* No size provided, use minimum size. */
+			} else
+				options->aead_xform.aead.key.length =
+						cap->sym.aead.key_size.min;
+
+			if (!options->aead_key_param)
+				generate_random_key(
+					options->aead_xform.aead.key.data,
+					options->aead_xform.aead.key.length);
+
+			/*
+			 * Check if length of provided AAD is supported
+			 * by the algorithm chosen.
+			 */
+			if (options->aad_param) {
+				if (check_supported_size(options->aad.length,
+						cap->sym.aead.aad_size.min,
+						cap->sym.aead.aad_size.max,
+						cap->sym.aead.aad_size.increment)
+							!= 0) {
+					printf("Unsupported AAD length\n");
+					return -1;
+				}
+			/*
+			 * Check if length of AAD to be randomly generated
+			 * is supported by the algorithm chosen.
+			 */
+			} else if (options->aad_random_size != -1) {
+				if (check_supported_size(options->aad_random_size,
+						cap->sym.aead.aad_size.min,
+						cap->sym.aead.aad_size.max,
+						cap->sym.aead.aad_size.increment)
+							!= 0) {
+					printf("Unsupported AAD length\n");
+					return -1;
+				}
+				options->aad.length = options->aad_random_size;
+			/* No size provided, use minimum size. */
+			} else
+				options->aad.length = cap->sym.auth.aad_size.min;
+
+			options->aead_xform.aead.add_auth_data_length =
+						options->aad.length;
+
+			/* Check if digest size is supported by the algorithm. */
+			if (options->digest_size != -1) {
+				if (check_supported_size(options->digest_size,
+						cap->sym.aead.digest_size.min,
+						cap->sym.aead.digest_size.max,
+						cap->sym.aead.digest_size.increment)
+							!= 0) {
+					printf("Unsupported digest length\n");
+					return -1;
+				}
+				options->aead_xform.aead.digest_length =
+							options->digest_size;
+			/* No size provided, use minimum size. */
+			} else
+				options->aead_xform.aead.digest_length =
+						cap->sym.aead.digest_size.min;
+		}
+
 		/* Set cipher parameters */
 		if (options->xform_chain == L2FWD_CRYPTO_CIPHER_HASH ||
 				options->xform_chain == L2FWD_CRYPTO_HASH_CIPHER ||
@@ -1818,40 +2124,6 @@ initialize_cryptodevs(struct l2fwd_crypto_options *options, unsigned nb_ports,
 					options->auth_iv_random_size,
 					&options->auth_iv.length);
 			/*
-			 * Check if length of provided AAD is supported
-			 * by the algorithm chosen.
-			 */
-			if (options->aad_param) {
-				if (check_supported_size(options->aad.length,
-						cap->sym.auth.aad_size.min,
-						cap->sym.auth.aad_size.max,
-						cap->sym.auth.aad_size.increment)
-							!= 0) {
-					printf("Unsupported AAD length\n");
-					return -1;
-				}
-			/*
-			 * Check if length of AAD to be randomly generated
-			 * is supported by the algorithm chosen.
-			 */
-			} else if (options->aad_random_size != -1) {
-				if (check_supported_size(options->aad_random_size,
-						cap->sym.auth.aad_size.min,
-						cap->sym.auth.aad_size.max,
-						cap->sym.auth.aad_size.increment)
-							!= 0) {
-					printf("Unsupported AAD length\n");
-					return -1;
-				}
-				options->aad.length = options->aad_random_size;
-			/* No size provided, use minimum size. */
-			} else
-				options->aad.length = cap->sym.auth.aad_size.min;
-
-			options->auth_xform.auth.add_auth_data_length =
-						options->aad.length;
-
-			/*
 			 * Check if length of provided auth key is supported
 			 * by the algorithm chosen.
 			 */
@@ -2052,12 +2324,16 @@ reserve_key_memory(struct l2fwd_crypto_options *options)
 	if (options->cipher_xform.cipher.key.data == NULL)
 		rte_exit(EXIT_FAILURE, "Failed to allocate memory for cipher key");
 
-
 	options->auth_xform.auth.key.data = rte_malloc("auth key",
 						MAX_KEY_SIZE, 0);
 	if (options->auth_xform.auth.key.data == NULL)
 		rte_exit(EXIT_FAILURE, "Failed to allocate memory for auth key");
 
+	options->aead_xform.aead.key.data = rte_malloc("aead key",
+						MAX_KEY_SIZE, 0);
+	if (options->aead_xform.aead.key.data == NULL)
+		rte_exit(EXIT_FAILURE, "Failed to allocate memory for AEAD key");
+
 	options->cipher_iv.data = rte_malloc("cipher iv", MAX_KEY_SIZE, 0);
 	if (options->cipher_iv.data == NULL)
 		rte_exit(EXIT_FAILURE, "Failed to allocate memory for cipher IV");
@@ -2066,6 +2342,10 @@ reserve_key_memory(struct l2fwd_crypto_options *options)
 	if (options->auth_iv.data == NULL)
 		rte_exit(EXIT_FAILURE, "Failed to allocate memory for auth IV");
 
+	options->aead_iv.data = rte_malloc("aead_iv", MAX_KEY_SIZE, 0);
+	if (options->aead_iv.data == NULL)
+		rte_exit(EXIT_FAILURE, "Failed to allocate memory for AEAD iv");
+
 	options->aad.data = rte_malloc("aad", MAX_KEY_SIZE, 0);
 	if (options->aad.data == NULL)
 		rte_exit(EXIT_FAILURE, "Failed to allocate memory for AAD");
-- 
2.9.4

^ permalink raw reply	[flat|nested] 100+ messages in thread

* [dpdk-dev] [PATCH v4 25/26] cryptodev: use AES-GCM/CCM as AEAD algorithms
  2017-07-02  5:41     ` [dpdk-dev] [PATCH v4 " Pablo de Lara
                         ` (23 preceding siblings ...)
  2017-07-02  5:41       ` [dpdk-dev] [PATCH v4 24/26] examples/l2fwd-crypto: " Pablo de Lara
@ 2017-07-02  5:41       ` Pablo de Lara
  2017-07-02  5:41       ` [dpdk-dev] [PATCH v4 26/26] cryptodev: remove AAD from authentication structure Pablo de Lara
  2017-07-03 15:44       ` [dpdk-dev] [PATCH v4 00/26] Crypto operation restructuring Declan Doherty
  26 siblings, 0 replies; 100+ messages in thread
From: Pablo de Lara @ 2017-07-02  5:41 UTC (permalink / raw)
  To: declan.doherty, zbigniew.bodek, jerin.jacob, akhil.goyal,
	hemant.agrawal, fiona.trahe, john.griffin, deepak.k.jain
  Cc: dev, Pablo de Lara

Now that all the structures/functions for AEAD algorithms
are in place, migrate the two supported algorithms
AES-GCM and AES-CCM to these, instead of using
cipher and authentication parameters.

Signed-off-by: Pablo de Lara <pablo.de.lara.guarch@intel.com>
Acked-by: Akhil Goyal <akhil.goyal@nxp.com>
Acked-by: Fiona Trahe <fiona.trahe@intel.com>
---
 doc/guides/sample_app_ug/ipsec_secgw.rst         |  11 +-
 doc/guides/sample_app_ug/l2_forward_crypto.rst   |   2 +-
 doc/guides/tools/cryptoperf.rst                  |   4 -
 drivers/crypto/aesni_gcm/aesni_gcm_pmd.c         |  76 ++--
 drivers/crypto/aesni_gcm/aesni_gcm_pmd_ops.c     |  24 +-
 drivers/crypto/dpaa2_sec/dpaa2_sec_dpseci.c      |   8 -
 drivers/crypto/openssl/rte_openssl_pmd.c         | 140 +++++--
 drivers/crypto/openssl/rte_openssl_pmd_ops.c     |  26 +-
 drivers/crypto/openssl/rte_openssl_pmd_private.h |   4 +
 drivers/crypto/qat/qat_crypto.c                  | 186 +++++++---
 drivers/crypto/qat/qat_crypto.h                  |   4 +
 drivers/crypto/qat/qat_crypto_capabilities.h     |  34 +-
 examples/ipsec-secgw/esp.c                       | 231 +++++++-----
 examples/ipsec-secgw/sa.c                        | 187 ++++++----
 examples/l2fwd-crypto/main.c                     |   3 +
 lib/librte_cryptodev/rte_crypto_sym.h            | 100 -----
 lib/librte_cryptodev/rte_cryptodev.c             |   4 -
 test/test/test_cryptodev.c                       | 218 +++++------
 test/test/test_cryptodev_perf.c                  | 446 ++++++++++++-----------
 19 files changed, 892 insertions(+), 816 deletions(-)

diff --git a/doc/guides/sample_app_ug/ipsec_secgw.rst b/doc/guides/sample_app_ug/ipsec_secgw.rst
index ca2a34d..75b960f 100644
--- a/doc/guides/sample_app_ug/ipsec_secgw.rst
+++ b/doc/guides/sample_app_ug/ipsec_secgw.rst
@@ -419,7 +419,6 @@ where each options means:
    * *null*: NULL algorithm
    * *aes-128-cbc*: AES-CBC 128-bit algorithm
    * *aes-128-ctr*: AES-CTR 128-bit algorithm
-   * *aes-128-gcm*: AES-GCM 128-bit algorithm
 
  * Syntax: *cipher_algo <your algorithm>*
 
@@ -447,7 +446,6 @@ where each options means:
 
     * *null*: NULL algorithm
     * *sha1-hmac*: HMAC SHA1 algorithm
-    * *aes-128-gcm*: AES-GCM 128-bit algorithm
 
 ``<auth_key>``
 
@@ -470,6 +468,10 @@ where each options means:
 
  * Optional: Yes, unless <cipher_algo> and <auth_algo> are not used
 
+ * Available options:
+
+   * *aes-128-gcm*: AES-GCM 128-bit algorithm
+
  * Syntax: *cipher_algo <your algorithm>*
 
 ``<aead_key>``
@@ -539,9 +541,8 @@ Example SA rules:
     src 1111:1111:1111:1111:1111:1111:1111:5555 \
     dst 2222:2222:2222:2222:2222:2222:2222:5555
 
-    sa in 105 cipher_algo aes-128-gcm \
-    cipher_key de:ad:be:ef:de:ad:be:ef:de:ad:be:ef:de:ad:be:ef:de:ad:be:ef \
-    auth_algo aes-128-gcm \
+    sa in 105 aead_algo aes-128-gcm \
+    aead_key de:ad:be:ef:de:ad:be:ef:de:ad:be:ef:de:ad:be:ef:de:ad:be:ef \
     mode ipv4-tunnel src 172.16.2.5 dst 172.16.1.5
 
 Routing rule syntax
diff --git a/doc/guides/sample_app_ug/l2_forward_crypto.rst b/doc/guides/sample_app_ug/l2_forward_crypto.rst
index 2880c43..2a61af7 100644
--- a/doc/guides/sample_app_ug/l2_forward_crypto.rst
+++ b/doc/guides/sample_app_ug/l2_forward_crypto.rst
@@ -156,7 +156,7 @@ where,
 
     Note that if --auth_iv is used, this will be ignored.
 
-*   aead_algo: select the AEAD algorithm
+*   aead_algo: select the AEAD algorithm (default is aes-gcm)
 
 *   aead_op: select the AEAD operation to perform: ENCRYPT or DECRYPT
 
diff --git a/doc/guides/tools/cryptoperf.rst b/doc/guides/tools/cryptoperf.rst
index 6b797a7..a077e7d 100644
--- a/doc/guides/tools/cryptoperf.rst
+++ b/doc/guides/tools/cryptoperf.rst
@@ -223,10 +223,8 @@ The following are the appication command-line options:
            3des-ecb
            3des-ctr
            aes-cbc
-           aes-ccm
            aes-ctr
            aes-ecb
-           aes-gcm
            aes-f8
            aes-xts
            arc4
@@ -257,9 +255,7 @@ The following are the appication command-line options:
 
            3des-cbc
            aes-cbc-mac
-           aes-ccm
            aes-cmac
-           aes-gcm
            aes-gmac
            aes-xcbc-mac
            md5
diff --git a/drivers/crypto/aesni_gcm/aesni_gcm_pmd.c b/drivers/crypto/aesni_gcm/aesni_gcm_pmd.c
index 36372a6..567c2ec 100644
--- a/drivers/crypto/aesni_gcm/aesni_gcm_pmd.c
+++ b/drivers/crypto/aesni_gcm/aesni_gcm_pmd.c
@@ -77,13 +77,13 @@ aesni_gcm_set_session_parameters(struct aesni_gcm_session *sess,
 		const struct rte_crypto_sym_xform *xform)
 {
 	const struct rte_crypto_sym_xform *auth_xform;
-	const struct rte_crypto_sym_xform *cipher_xform;
+	const struct rte_crypto_sym_xform *aead_xform;
 	uint16_t digest_length;
 	uint8_t key_length;
 	uint8_t *key;
 
 	/* AES-GMAC */
-	if (xform->next == NULL) {
+	if (xform->type == RTE_CRYPTO_SYM_XFORM_AUTH) {
 		auth_xform = xform;
 		if (auth_xform->auth.algo != RTE_CRYPTO_AUTH_AES_GMAC) {
 			GCM_LOG_ERR("Only AES GMAC is supported as an "
@@ -102,52 +102,39 @@ aesni_gcm_set_session_parameters(struct aesni_gcm_session *sess,
 
 		key_length = auth_xform->auth.key.length;
 		key = auth_xform->auth.key.data;
+		digest_length = auth_xform->auth.digest_length;
+
 	/* AES-GCM */
-	} else {
-		if (xform->type == RTE_CRYPTO_SYM_XFORM_CIPHER &&
-				xform->next->type == RTE_CRYPTO_SYM_XFORM_AUTH) {
-			auth_xform = xform->next;
-			cipher_xform = xform;
-		} else if (xform->type == RTE_CRYPTO_SYM_XFORM_AUTH &&
-				xform->next->type == RTE_CRYPTO_SYM_XFORM_CIPHER) {
-			auth_xform = xform;
-			cipher_xform = xform->next;
-		} else {
-			GCM_LOG_ERR("Cipher and auth xform required "
-					"when using AES GCM");
-			return -EINVAL;
-		}
+	} else if (xform->type == RTE_CRYPTO_SYM_XFORM_AEAD) {
+		aead_xform = xform;
 
-		if (!(cipher_xform->cipher.algo == RTE_CRYPTO_CIPHER_AES_GCM &&
-				(auth_xform->auth.algo == RTE_CRYPTO_AUTH_AES_GCM))) {
+		if (aead_xform->aead.algo != RTE_CRYPTO_AEAD_AES_GCM) {
 			GCM_LOG_ERR("The only combined operation "
 						"supported is AES GCM");
 			return -EINVAL;
 		}
 
 		/* Set IV parameters */
-		sess->iv.offset = cipher_xform->cipher.iv.offset;
-		sess->iv.length = cipher_xform->cipher.iv.length;
+		sess->iv.offset = aead_xform->aead.iv.offset;
+		sess->iv.length = aead_xform->aead.iv.length;
 
 		/* Select Crypto operation */
-		if (cipher_xform->cipher.op == RTE_CRYPTO_CIPHER_OP_ENCRYPT &&
-				auth_xform->auth.op == RTE_CRYPTO_AUTH_OP_GENERATE)
+		if (aead_xform->aead.op == RTE_CRYPTO_AEAD_OP_ENCRYPT)
 			sess->op = AESNI_GCM_OP_AUTHENTICATED_ENCRYPTION;
-		else if (cipher_xform->cipher.op == RTE_CRYPTO_CIPHER_OP_DECRYPT &&
-				auth_xform->auth.op == RTE_CRYPTO_AUTH_OP_VERIFY)
+		else
 			sess->op = AESNI_GCM_OP_AUTHENTICATED_DECRYPTION;
-		else {
-			GCM_LOG_ERR("Cipher/Auth operations: Encrypt/Generate or"
-					" Decrypt/Verify are valid only");
-			return -EINVAL;
-		}
 
-		key_length = cipher_xform->auth.key.length;
-		key = cipher_xform->auth.key.data;
+		key_length = aead_xform->aead.key.length;
+		key = aead_xform->aead.key.data;
 
-		sess->aad_length = auth_xform->auth.add_auth_data_length;
+		sess->aad_length = aead_xform->aead.add_auth_data_length;
+		digest_length = aead_xform->aead.digest_length;
+	} else {
+		GCM_LOG_ERR("Wrong xform type, has to be AEAD or authentication");
+		return -EINVAL;
 	}
 
+
 	/* IV check */
 	if (sess->iv.length != 16 && sess->iv.length != 12 &&
 			sess->iv.length != 0) {
@@ -155,8 +142,6 @@ aesni_gcm_set_session_parameters(struct aesni_gcm_session *sess,
 		return -EINVAL;
 	}
 
-	digest_length = auth_xform->auth.digest_length;
-
 	/* Check key length and calculate GCM pre-compute. */
 	switch (key_length) {
 	case 16:
@@ -170,7 +155,7 @@ aesni_gcm_set_session_parameters(struct aesni_gcm_session *sess,
 
 		break;
 	default:
-		GCM_LOG_ERR("Unsupported cipher/auth key length");
+		GCM_LOG_ERR("Unsupported key length");
 		return -EINVAL;
 	}
 
@@ -241,9 +226,9 @@ process_gcm_crypto_op(struct rte_crypto_op *op,
 
 	if (session->op == AESNI_GCM_OP_AUTHENTICATED_ENCRYPTION ||
 			session->op == AESNI_GCM_OP_AUTHENTICATED_DECRYPTION) {
-		offset = sym_op->cipher.data.offset;
+		offset = sym_op->aead.data.offset;
 		data_offset = offset;
-		data_length = sym_op->cipher.data.length;
+		data_length = sym_op->aead.data.length;
 	} else {
 		offset = sym_op->auth.data.offset;
 		data_offset = offset;
@@ -296,7 +281,7 @@ process_gcm_crypto_op(struct rte_crypto_op *op,
 
 		aesni_gcm_enc[session->key].init(&session->gdata,
 				iv_ptr,
-				sym_op->auth.aad.data,
+				sym_op->aead.aad.data,
 				(uint64_t)session->aad_length);
 
 		aesni_gcm_enc[session->key].update(&session->gdata, dst, src,
@@ -320,7 +305,7 @@ process_gcm_crypto_op(struct rte_crypto_op *op,
 		}
 
 		aesni_gcm_enc[session->key].finalize(&session->gdata,
-				sym_op->auth.digest.data,
+				sym_op->aead.digest.data,
 				(uint64_t)session->digest_length);
 	} else if (session->op == AESNI_GCM_OP_AUTHENTICATED_DECRYPTION) {
 		uint8_t *auth_tag = (uint8_t *)rte_pktmbuf_append(sym_op->m_dst ?
@@ -334,7 +319,7 @@ process_gcm_crypto_op(struct rte_crypto_op *op,
 
 		aesni_gcm_dec[session->key].init(&session->gdata,
 				iv_ptr,
-				sym_op->auth.aad.data,
+				sym_op->aead.aad.data,
 				(uint64_t)session->aad_length);
 
 		aesni_gcm_dec[session->key].update(&session->gdata, dst, src,
@@ -414,19 +399,24 @@ post_process_gcm_crypto_op(struct rte_crypto_op *op)
 	/* Verify digest if required */
 	if (session->op == AESNI_GCM_OP_AUTHENTICATED_DECRYPTION ||
 			session->op == AESNI_GMAC_OP_VERIFY) {
+		uint8_t *digest;
 
 		uint8_t *tag = rte_pktmbuf_mtod_offset(m, uint8_t *,
 				m->data_len - session->digest_length);
 
+		if (session->op == AESNI_GMAC_OP_VERIFY)
+			digest = op->sym->auth.digest.data;
+		else
+			digest = op->sym->aead.digest.data;
+
 #ifdef RTE_LIBRTE_PMD_AESNI_GCM_DEBUG
 		rte_hexdump(stdout, "auth tag (orig):",
-				op->sym->auth.digest.data, session->digest_length);
+				digest, session->digest_length);
 		rte_hexdump(stdout, "auth tag (calc):",
 				tag, session->digest_length);
 #endif
 
-		if (memcmp(tag, op->sym->auth.digest.data,
-				session->digest_length) != 0)
+		if (memcmp(tag, digest,	session->digest_length) != 0)
 			op->status = RTE_CRYPTO_OP_STATUS_AUTH_FAILED;
 
 		/* trim area used for digest from mbuf */
diff --git a/drivers/crypto/aesni_gcm/aesni_gcm_pmd_ops.c b/drivers/crypto/aesni_gcm/aesni_gcm_pmd_ops.c
index 39285d0..5317657 100644
--- a/drivers/crypto/aesni_gcm/aesni_gcm_pmd_ops.c
+++ b/drivers/crypto/aesni_gcm/aesni_gcm_pmd_ops.c
@@ -65,12 +65,12 @@ static const struct rte_cryptodev_capabilities aesni_gcm_pmd_capabilities[] = {
 			}, }
 		}, }
 	},
-	{	/* AES GCM (AUTH) */
+	{	/* AES GCM */
 		.op = RTE_CRYPTO_OP_TYPE_SYMMETRIC,
 		{.sym = {
-			.xform_type = RTE_CRYPTO_SYM_XFORM_AUTH,
-			{.auth = {
-				.algo = RTE_CRYPTO_AUTH_AES_GCM,
+			.xform_type = RTE_CRYPTO_SYM_XFORM_AEAD,
+			{.aead = {
+				.algo = RTE_CRYPTO_AEAD_AES_GCM,
 				.block_size = 16,
 				.key_size = {
 					.min = 16,
@@ -87,22 +87,6 @@ static const struct rte_cryptodev_capabilities aesni_gcm_pmd_capabilities[] = {
 					.max = 65535,
 					.increment = 1
 				},
-				.iv_size = { 0 }
-			}, }
-		}, }
-	},
-	{	/* AES GCM (CIPHER) */
-		.op = RTE_CRYPTO_OP_TYPE_SYMMETRIC,
-		{.sym = {
-			.xform_type = RTE_CRYPTO_SYM_XFORM_CIPHER,
-			{.cipher = {
-				.algo = RTE_CRYPTO_CIPHER_AES_GCM,
-				.block_size = 16,
-				.key_size = {
-					.min = 16,
-					.max = 32,
-					.increment = 16
-				},
 				.iv_size = {
 					.min = 12,
 					.max = 12,
diff --git a/drivers/crypto/dpaa2_sec/dpaa2_sec_dpseci.c b/drivers/crypto/dpaa2_sec/dpaa2_sec_dpseci.c
index 8ee6ece..3620751 100644
--- a/drivers/crypto/dpaa2_sec/dpaa2_sec_dpseci.c
+++ b/drivers/crypto/dpaa2_sec/dpaa2_sec_dpseci.c
@@ -817,8 +817,6 @@ dpaa2_sec_cipher_init(struct rte_cryptodev *dev,
 		break;
 	case RTE_CRYPTO_CIPHER_AES_CTR:
 	case RTE_CRYPTO_CIPHER_3DES_CTR:
-	case RTE_CRYPTO_CIPHER_AES_GCM:
-	case RTE_CRYPTO_CIPHER_AES_CCM:
 	case RTE_CRYPTO_CIPHER_AES_ECB:
 	case RTE_CRYPTO_CIPHER_3DES_ECB:
 	case RTE_CRYPTO_CIPHER_AES_XTS:
@@ -946,7 +944,6 @@ dpaa2_sec_auth_init(struct rte_cryptodev *dev,
 		session->auth_alg = RTE_CRYPTO_AUTH_SHA224_HMAC;
 		break;
 	case RTE_CRYPTO_AUTH_AES_XCBC_MAC:
-	case RTE_CRYPTO_AUTH_AES_GCM:
 	case RTE_CRYPTO_AUTH_SNOW3G_UIA2:
 	case RTE_CRYPTO_AUTH_NULL:
 	case RTE_CRYPTO_AUTH_SHA1:
@@ -955,7 +952,6 @@ dpaa2_sec_auth_init(struct rte_cryptodev *dev,
 	case RTE_CRYPTO_AUTH_SHA224:
 	case RTE_CRYPTO_AUTH_SHA384:
 	case RTE_CRYPTO_AUTH_MD5:
-	case RTE_CRYPTO_AUTH_AES_CCM:
 	case RTE_CRYPTO_AUTH_AES_GMAC:
 	case RTE_CRYPTO_AUTH_KASUMI_F9:
 	case RTE_CRYPTO_AUTH_AES_CMAC:
@@ -1100,7 +1096,6 @@ dpaa2_sec_aead_init(struct rte_cryptodev *dev,
 		session->auth_alg = RTE_CRYPTO_AUTH_SHA512_HMAC;
 		break;
 	case RTE_CRYPTO_AUTH_AES_XCBC_MAC:
-	case RTE_CRYPTO_AUTH_AES_GCM:
 	case RTE_CRYPTO_AUTH_SNOW3G_UIA2:
 	case RTE_CRYPTO_AUTH_NULL:
 	case RTE_CRYPTO_AUTH_SHA1:
@@ -1109,7 +1104,6 @@ dpaa2_sec_aead_init(struct rte_cryptodev *dev,
 	case RTE_CRYPTO_AUTH_SHA224:
 	case RTE_CRYPTO_AUTH_SHA384:
 	case RTE_CRYPTO_AUTH_MD5:
-	case RTE_CRYPTO_AUTH_AES_CCM:
 	case RTE_CRYPTO_AUTH_AES_GMAC:
 	case RTE_CRYPTO_AUTH_KASUMI_F9:
 	case RTE_CRYPTO_AUTH_AES_CMAC:
@@ -1141,13 +1135,11 @@ dpaa2_sec_aead_init(struct rte_cryptodev *dev,
 		session->cipher_alg = RTE_CRYPTO_CIPHER_3DES_CBC;
 		ctxt->iv.length = TDES_CBC_IV_LEN;
 		break;
-	case RTE_CRYPTO_CIPHER_AES_GCM:
 	case RTE_CRYPTO_CIPHER_SNOW3G_UEA2:
 	case RTE_CRYPTO_CIPHER_NULL:
 	case RTE_CRYPTO_CIPHER_3DES_ECB:
 	case RTE_CRYPTO_CIPHER_AES_ECB:
 	case RTE_CRYPTO_CIPHER_AES_CTR:
-	case RTE_CRYPTO_CIPHER_AES_CCM:
 	case RTE_CRYPTO_CIPHER_KASUMI_F8:
 		RTE_LOG(ERR, PMD, "Crypto: Unsupported Cipher alg %u",
 			cipher_xform->algo);
diff --git a/drivers/crypto/openssl/rte_openssl_pmd.c b/drivers/crypto/openssl/rte_openssl_pmd.c
index 11260d8..7f5c6aa 100644
--- a/drivers/crypto/openssl/rte_openssl_pmd.c
+++ b/drivers/crypto/openssl/rte_openssl_pmd.c
@@ -89,6 +89,8 @@ openssl_get_chain_order(const struct rte_crypto_sym_xform *xform)
 			else if (xform->next->type == RTE_CRYPTO_SYM_XFORM_AUTH)
 				res =  OPENSSL_CHAIN_CIPHER_AUTH;
 		}
+		if (xform->type == RTE_CRYPTO_SYM_XFORM_AEAD)
+			res = OPENSSL_CHAIN_COMBINED;
 	}
 
 	return res;
@@ -184,21 +186,6 @@ get_cipher_algo(enum rte_crypto_cipher_algorithm sess_algo, size_t keylen,
 				res = -EINVAL;
 			}
 			break;
-		case RTE_CRYPTO_CIPHER_AES_GCM:
-			switch (keylen) {
-			case 16:
-				*algo = EVP_aes_128_gcm();
-				break;
-			case 24:
-				*algo = EVP_aes_192_gcm();
-				break;
-			case 32:
-				*algo = EVP_aes_256_gcm();
-				break;
-			default:
-				res = -EINVAL;
-			}
-			break;
 		default:
 			res = -EINVAL;
 			break;
@@ -254,6 +241,41 @@ get_auth_algo(enum rte_crypto_auth_algorithm sessalgo,
 	return res;
 }
 
+/** Get adequate openssl function for input cipher algorithm */
+static uint8_t
+get_aead_algo(enum rte_crypto_aead_algorithm sess_algo, size_t keylen,
+		const EVP_CIPHER **algo)
+{
+	int res = 0;
+
+	if (algo != NULL) {
+		switch (sess_algo) {
+		case RTE_CRYPTO_AEAD_AES_GCM:
+			switch (keylen) {
+			case 16:
+				*algo = EVP_aes_128_gcm();
+				break;
+			case 24:
+				*algo = EVP_aes_192_gcm();
+				break;
+			case 32:
+				*algo = EVP_aes_256_gcm();
+				break;
+			default:
+				res = -EINVAL;
+			}
+			break;
+		default:
+			res = -EINVAL;
+			break;
+		}
+	} else {
+		res = -EINVAL;
+	}
+
+	return res;
+}
+
 /** Set session cipher parameters */
 static int
 openssl_set_session_cipher_parameters(struct openssl_session *sess,
@@ -273,7 +295,6 @@ openssl_set_session_cipher_parameters(struct openssl_session *sess,
 	case RTE_CRYPTO_CIPHER_3DES_CBC:
 	case RTE_CRYPTO_CIPHER_AES_CBC:
 	case RTE_CRYPTO_CIPHER_AES_CTR:
-	case RTE_CRYPTO_CIPHER_AES_GCM:
 		sess->cipher.mode = OPENSSL_CIPHER_LIB;
 		sess->cipher.algo = xform->cipher.algo;
 		sess->cipher.ctx = EVP_CIPHER_CTX_new();
@@ -330,12 +351,6 @@ openssl_set_session_auth_parameters(struct openssl_session *sess,
 
 	/* Select auth algo */
 	switch (xform->auth.algo) {
-	case RTE_CRYPTO_AUTH_AES_GCM:
-		/* Check additional condition for AES_GCM */
-		if (sess->cipher.algo != RTE_CRYPTO_CIPHER_AES_GCM)
-			return -EINVAL;
-		sess->chain_order = OPENSSL_CHAIN_COMBINED;
-		break;
 	case RTE_CRYPTO_AUTH_AES_GMAC:
 		sess->chain_order = OPENSSL_CHAIN_COMBINED;
 
@@ -356,7 +371,7 @@ openssl_set_session_auth_parameters(struct openssl_session *sess,
 		sess->cipher.key.length = xform->auth.key.length;
 		sess->cipher.ctx = EVP_CIPHER_CTX_new();
 
-		if (get_cipher_algo(RTE_CRYPTO_CIPHER_AES_GCM,
+		if (get_aead_algo(RTE_CRYPTO_AEAD_AES_GCM,
 				sess->cipher.key.length,
 				&sess->cipher.evp_algo) != 0)
 			return -EINVAL;
@@ -404,6 +419,50 @@ openssl_set_session_auth_parameters(struct openssl_session *sess,
 	return 0;
 }
 
+/* Set session AEAD parameters */
+static int
+openssl_set_session_aead_parameters(struct openssl_session *sess,
+		const struct rte_crypto_sym_xform *xform)
+{
+	/* Select cipher direction */
+	sess->cipher.direction = xform->cipher.op;
+	/* Select cipher key */
+	sess->cipher.key.length = xform->aead.key.length;
+
+	/* Set IV parameters */
+	sess->iv.offset = xform->aead.iv.offset;
+	sess->iv.length = xform->aead.iv.length;
+
+	/* Select auth generate/verify */
+	sess->auth.operation = xform->auth.op;
+	sess->auth.algo = xform->auth.algo;
+
+	/* Select auth algo */
+	switch (xform->aead.algo) {
+	case RTE_CRYPTO_AEAD_AES_GCM:
+		sess->cipher.mode = OPENSSL_CIPHER_LIB;
+		sess->aead_algo = xform->aead.algo;
+		sess->cipher.ctx = EVP_CIPHER_CTX_new();
+
+		if (get_aead_algo(sess->aead_algo, sess->cipher.key.length,
+				&sess->cipher.evp_algo) != 0)
+			return -EINVAL;
+
+		get_cipher_key(xform->cipher.key.data, sess->cipher.key.length,
+			sess->cipher.key.data);
+
+		sess->chain_order = OPENSSL_CHAIN_COMBINED;
+		break;
+	default:
+		return -EINVAL;
+	}
+
+	sess->auth.aad_length = xform->aead.add_auth_data_length;
+	sess->auth.digest_length = xform->aead.digest_length;
+
+	return 0;
+}
+
 /** Parse crypto xform chain and set private session parameters */
 int
 openssl_set_session_parameters(struct openssl_session *sess,
@@ -411,6 +470,7 @@ openssl_set_session_parameters(struct openssl_session *sess,
 {
 	const struct rte_crypto_sym_xform *cipher_xform = NULL;
 	const struct rte_crypto_sym_xform *auth_xform = NULL;
+	const struct rte_crypto_sym_xform *aead_xform = NULL;
 
 	sess->chain_order = openssl_get_chain_order(xform);
 	switch (sess->chain_order) {
@@ -428,6 +488,9 @@ openssl_set_session_parameters(struct openssl_session *sess,
 		auth_xform = xform;
 		cipher_xform = xform->next;
 		break;
+	case OPENSSL_CHAIN_COMBINED:
+		aead_xform = xform;
+		break;
 	default:
 		return -EINVAL;
 	}
@@ -453,6 +516,14 @@ openssl_set_session_parameters(struct openssl_session *sess,
 		}
 	}
 
+	if (aead_xform) {
+		if (openssl_set_session_aead_parameters(sess, aead_xform)) {
+			OPENSSL_LOG_ERR(
+				"Invalid/unsupported auth parameters");
+			return -EINVAL;
+		}
+	}
+
 	return 0;
 }
 
@@ -965,26 +1036,27 @@ process_openssl_combined_op
 	iv = rte_crypto_op_ctod_offset(op, uint8_t *,
 			sess->iv.offset);
 	ivlen = sess->iv.length;
-	tag = op->sym->auth.digest.data;
-	if (tag == NULL)
-		tag = rte_pktmbuf_mtod_offset(mbuf_dst, uint8_t *,
-				op->sym->cipher.data.offset +
-				op->sym->cipher.data.length);
-
 	if (sess->auth.algo == RTE_CRYPTO_AUTH_AES_GMAC) {
 		srclen = 0;
 		offset = op->sym->auth.data.offset;
 		aadlen = op->sym->auth.data.length;
 		aad = rte_pktmbuf_mtod_offset(mbuf_src, uint8_t *,
 				op->sym->auth.data.offset);
-
+		tag = op->sym->auth.digest.data;
+		if (tag == NULL)
+			tag = rte_pktmbuf_mtod_offset(mbuf_dst, uint8_t *,
+				offset + aadlen);
 	} else {
-		srclen = op->sym->cipher.data.length;
+		srclen = op->sym->aead.data.length;
 		dst = rte_pktmbuf_mtod_offset(mbuf_dst, uint8_t *,
-				op->sym->cipher.data.offset);
-		offset = op->sym->cipher.data.offset;
-		aad = op->sym->auth.aad.data;
+				op->sym->aead.data.offset);
+		offset = op->sym->aead.data.offset;
+		aad = op->sym->aead.aad.data;
 		aadlen = sess->auth.aad_length;
+		tag = op->sym->aead.digest.data;
+		if (tag == NULL)
+			tag = rte_pktmbuf_mtod_offset(mbuf_dst, uint8_t *,
+				offset + srclen);
 	}
 
 	if (sess->cipher.direction == RTE_CRYPTO_CIPHER_OP_ENCRYPT)
diff --git a/drivers/crypto/openssl/rte_openssl_pmd_ops.c b/drivers/crypto/openssl/rte_openssl_pmd_ops.c
index fc525d9..26265b8 100644
--- a/drivers/crypto/openssl/rte_openssl_pmd_ops.c
+++ b/drivers/crypto/openssl/rte_openssl_pmd_ops.c
@@ -344,12 +344,12 @@ static const struct rte_cryptodev_capabilities openssl_pmd_capabilities[] = {
 			}, }
 		}, }
 	},
-	{	/* AES GCM (AUTH) */
+	{	/* AES GCM */
 		.op = RTE_CRYPTO_OP_TYPE_SYMMETRIC,
 		{.sym = {
-			.xform_type = RTE_CRYPTO_SYM_XFORM_AUTH,
-			{.auth = {
-				.algo = RTE_CRYPTO_AUTH_AES_GCM,
+			.xform_type = RTE_CRYPTO_SYM_XFORM_AEAD,
+			{.aead = {
+				.algo = RTE_CRYPTO_AEAD_AES_GCM,
 				.block_size = 16,
 				.key_size = {
 					.min = 16,
@@ -366,27 +366,11 @@ static const struct rte_cryptodev_capabilities openssl_pmd_capabilities[] = {
 					.max = 65535,
 					.increment = 1
 				},
-				.iv_size = { 0 }
-			}, }
-		}, }
-	},
-	{	/* AES GCM (CIPHER) */
-		.op = RTE_CRYPTO_OP_TYPE_SYMMETRIC,
-		{.sym = {
-			.xform_type = RTE_CRYPTO_SYM_XFORM_CIPHER,
-			{.cipher = {
-				.algo = RTE_CRYPTO_CIPHER_AES_GCM,
-				.block_size = 16,
-				.key_size = {
-					.min = 16,
-					.max = 32,
-					.increment = 8
-				},
 				.iv_size = {
 					.min = 12,
 					.max = 16,
 					.increment = 4
-				}
+				},
 			}, }
 		}, }
 	},
diff --git a/drivers/crypto/openssl/rte_openssl_pmd_private.h b/drivers/crypto/openssl/rte_openssl_pmd_private.h
index 4c9be05..7799407 100644
--- a/drivers/crypto/openssl/rte_openssl_pmd_private.h
+++ b/drivers/crypto/openssl/rte_openssl_pmd_private.h
@@ -113,6 +113,10 @@ struct openssl_session {
 		uint16_t offset;
 	} iv;
 	/**< IV parameters */
+
+	enum rte_crypto_aead_algorithm aead_algo;
+	/**< AEAD algorithm */
+
 	/** Cipher Parameters */
 	struct {
 		enum rte_crypto_cipher_operation direction;
diff --git a/drivers/crypto/qat/qat_crypto.c b/drivers/crypto/qat/qat_crypto.c
index ad23672..2308209 100644
--- a/drivers/crypto/qat/qat_crypto.c
+++ b/drivers/crypto/qat/qat_crypto.c
@@ -246,6 +246,14 @@ qat_get_cmd_id(const struct rte_crypto_sym_xform *xform)
 	if (xform->type == RTE_CRYPTO_SYM_XFORM_AUTH && xform->next == NULL)
 		return ICP_QAT_FW_LA_CMD_AUTH;
 
+	/* AEAD */
+	if (xform->type == RTE_CRYPTO_SYM_XFORM_AEAD) {
+		if (xform->aead.op == RTE_CRYPTO_AEAD_OP_ENCRYPT)
+			return ICP_QAT_FW_LA_CMD_CIPHER_HASH;
+		else
+			return ICP_QAT_FW_LA_CMD_HASH_CIPHER;
+	}
+
 	if (xform->next == NULL)
 		return -1;
 
@@ -310,14 +318,6 @@ qat_crypto_sym_configure_session_cipher(struct rte_cryptodev *dev,
 		}
 		session->qat_mode = ICP_QAT_HW_CIPHER_CBC_MODE;
 		break;
-	case RTE_CRYPTO_CIPHER_AES_GCM:
-		if (qat_alg_validate_aes_key(cipher_xform->key.length,
-				&session->qat_cipher_alg) != 0) {
-			PMD_DRV_LOG(ERR, "Invalid AES cipher key size");
-			goto error_out;
-		}
-		session->qat_mode = ICP_QAT_HW_CIPHER_CTR_MODE;
-		break;
 	case RTE_CRYPTO_CIPHER_AES_CTR:
 		if (qat_alg_validate_aes_key(cipher_xform->key.length,
 				&session->qat_cipher_alg) != 0) {
@@ -418,7 +418,6 @@ qat_crypto_sym_configure_session_cipher(struct rte_cryptodev *dev,
 		break;
 	case RTE_CRYPTO_CIPHER_3DES_ECB:
 	case RTE_CRYPTO_CIPHER_AES_ECB:
-	case RTE_CRYPTO_CIPHER_AES_CCM:
 	case RTE_CRYPTO_CIPHER_AES_F8:
 	case RTE_CRYPTO_CIPHER_AES_XTS:
 	case RTE_CRYPTO_CIPHER_ARC4:
@@ -476,12 +475,26 @@ qat_crypto_sym_configure_session(struct rte_cryptodev *dev,
 	session = qat_crypto_sym_configure_session_auth(dev, xform, session);
 		break;
 	case ICP_QAT_FW_LA_CMD_CIPHER_HASH:
-	session = qat_crypto_sym_configure_session_cipher(dev, xform, session);
-	session = qat_crypto_sym_configure_session_auth(dev, xform, session);
+		if (xform->type == RTE_CRYPTO_SYM_XFORM_AEAD)
+			session = qat_crypto_sym_configure_session_aead(xform,
+					session);
+		else {
+			session = qat_crypto_sym_configure_session_cipher(dev,
+					xform, session);
+			session = qat_crypto_sym_configure_session_auth(dev,
+					xform, session);
+		}
 		break;
 	case ICP_QAT_FW_LA_CMD_HASH_CIPHER:
-	session = qat_crypto_sym_configure_session_auth(dev, xform, session);
-	session = qat_crypto_sym_configure_session_cipher(dev, xform, session);
+		if (xform->type == RTE_CRYPTO_SYM_XFORM_AEAD)
+			session = qat_crypto_sym_configure_session_aead(xform,
+					session);
+		else {
+			session = qat_crypto_sym_configure_session_auth(dev,
+					xform, session);
+			session = qat_crypto_sym_configure_session_cipher(dev,
+					xform, session);
+		}
 		break;
 	case ICP_QAT_FW_LA_CMD_TRNG_GET_RANDOM:
 	case ICP_QAT_FW_LA_CMD_TRNG_TEST:
@@ -515,7 +528,6 @@ qat_crypto_sym_configure_session_auth(struct rte_cryptodev *dev,
 
 	struct qat_session *session = session_private;
 	struct rte_crypto_auth_xform *auth_xform = NULL;
-	struct rte_crypto_cipher_xform *cipher_xform = NULL;
 	struct qat_pmd_private *internals = dev->data->dev_private;
 	auth_xform = qat_get_auth_xform(xform);
 	uint8_t *key_data = auth_xform->key.data;
@@ -540,14 +552,6 @@ qat_crypto_sym_configure_session_auth(struct rte_cryptodev *dev,
 	case RTE_CRYPTO_AUTH_AES_XCBC_MAC:
 		session->qat_hash_alg = ICP_QAT_HW_AUTH_ALGO_AES_XCBC_MAC;
 		break;
-	case RTE_CRYPTO_AUTH_AES_GCM:
-		cipher_xform = qat_get_cipher_xform(xform);
-
-		session->qat_hash_alg = ICP_QAT_HW_AUTH_ALGO_GALOIS_128;
-
-		key_data = cipher_xform->key.data;
-		key_length = cipher_xform->key.length;
-		break;
 	case RTE_CRYPTO_AUTH_AES_GMAC:
 		if (qat_alg_validate_aes_key(auth_xform->key.length,
 				&session->qat_cipher_alg) != 0) {
@@ -585,7 +589,6 @@ qat_crypto_sym_configure_session_auth(struct rte_cryptodev *dev,
 	case RTE_CRYPTO_AUTH_SHA224:
 	case RTE_CRYPTO_AUTH_SHA384:
 	case RTE_CRYPTO_AUTH_MD5:
-	case RTE_CRYPTO_AUTH_AES_CCM:
 	case RTE_CRYPTO_AUTH_AES_CMAC:
 	case RTE_CRYPTO_AUTH_AES_CBC_MAC:
 		PMD_DRV_LOG(ERR, "Crypto: Unsupported hash alg %u",
@@ -646,7 +649,7 @@ qat_crypto_sym_configure_session_auth(struct rte_cryptodev *dev,
 		if (qat_alg_aead_session_create_content_desc_auth(session,
 				key_data,
 				key_length,
-				auth_xform->add_auth_data_length,
+				0,
 				auth_xform->digest_length,
 				auth_xform->op))
 			goto error_out;
@@ -659,6 +662,85 @@ qat_crypto_sym_configure_session_auth(struct rte_cryptodev *dev,
 	return NULL;
 }
 
+struct qat_session *
+qat_crypto_sym_configure_session_aead(struct rte_crypto_sym_xform *xform,
+				struct qat_session *session_private)
+{
+	struct qat_session *session = session_private;
+	struct rte_crypto_aead_xform *aead_xform = &xform->aead;
+
+	/*
+	 * Store AEAD IV parameters as cipher IV,
+	 * to avoid unnecessary memory usage
+	 */
+	session->cipher_iv.offset = xform->aead.iv.offset;
+	session->cipher_iv.length = xform->aead.iv.length;
+
+	switch (aead_xform->algo) {
+	case RTE_CRYPTO_AEAD_AES_GCM:
+		if (qat_alg_validate_aes_key(aead_xform->key.length,
+				&session->qat_cipher_alg) != 0) {
+			PMD_DRV_LOG(ERR, "Invalid AES key size");
+			goto error_out;
+		}
+		session->qat_mode = ICP_QAT_HW_CIPHER_CTR_MODE;
+		session->qat_hash_alg = ICP_QAT_HW_AUTH_ALGO_GALOIS_128;
+		break;
+	case RTE_CRYPTO_AEAD_AES_CCM:
+		PMD_DRV_LOG(ERR, "Crypto QAT PMD: Unsupported AEAD alg %u",
+				aead_xform->algo);
+		goto error_out;
+	default:
+		PMD_DRV_LOG(ERR, "Crypto: Undefined AEAD specified %u\n",
+				aead_xform->algo);
+		goto error_out;
+	}
+
+	if (aead_xform->op == RTE_CRYPTO_AEAD_OP_ENCRYPT) {
+		session->qat_dir = ICP_QAT_HW_CIPHER_ENCRYPT;
+		/*
+		 * It needs to create cipher desc content first,
+		 * then authentication
+		 */
+		if (qat_alg_aead_session_create_content_desc_cipher(session,
+					aead_xform->key.data,
+					aead_xform->key.length))
+			goto error_out;
+
+		if (qat_alg_aead_session_create_content_desc_auth(session,
+					aead_xform->key.data,
+					aead_xform->key.length,
+					aead_xform->add_auth_data_length,
+					aead_xform->digest_length,
+					RTE_CRYPTO_AUTH_OP_GENERATE))
+			goto error_out;
+	} else {
+		session->qat_dir = ICP_QAT_HW_CIPHER_DECRYPT;
+		/*
+		 * It needs to create authentication desc content first,
+		 * then cipher
+		 */
+		if (qat_alg_aead_session_create_content_desc_auth(session,
+					aead_xform->key.data,
+					aead_xform->key.length,
+					aead_xform->add_auth_data_length,
+					aead_xform->digest_length,
+					RTE_CRYPTO_AUTH_OP_VERIFY))
+			goto error_out;
+
+		if (qat_alg_aead_session_create_content_desc_cipher(session,
+					aead_xform->key.data,
+					aead_xform->key.length))
+			goto error_out;
+	}
+
+	session->digest_length = aead_xform->digest_length;
+	return session;
+
+error_out:
+	return NULL;
+}
+
 unsigned qat_crypto_sym_get_session_private_size(
 		struct rte_cryptodev *dev __rte_unused)
 {
@@ -969,7 +1051,7 @@ qat_write_hw_desc_entry(struct rte_crypto_op *op, uint8_t *out_msg,
 	struct icp_qat_fw_la_cipher_req_params *cipher_param;
 	struct icp_qat_fw_la_auth_req_params *auth_param;
 	register struct icp_qat_fw_la_bulk_req *qat_req;
-	uint8_t do_auth = 0, do_cipher = 0;
+	uint8_t do_auth = 0, do_cipher = 0, do_aead = 0;
 	uint32_t cipher_len = 0, cipher_ofs = 0;
 	uint32_t auth_len = 0, auth_ofs = 0;
 	uint32_t min_ofs = 0;
@@ -1003,9 +1085,15 @@ qat_write_hw_desc_entry(struct rte_crypto_op *op, uint8_t *out_msg,
 	auth_param = (void *)((uint8_t *)cipher_param + sizeof(*cipher_param));
 
 	if (ctx->qat_cmd == ICP_QAT_FW_LA_CMD_HASH_CIPHER ||
-		ctx->qat_cmd == ICP_QAT_FW_LA_CMD_CIPHER_HASH) {
-		do_auth = 1;
-		do_cipher = 1;
+			ctx->qat_cmd == ICP_QAT_FW_LA_CMD_CIPHER_HASH) {
+		/* AES-GCM */
+		if (ctx->qat_hash_alg == ICP_QAT_HW_AUTH_ALGO_GALOIS_128 ||
+				ctx->qat_hash_alg == ICP_QAT_HW_AUTH_ALGO_GALOIS_64) {
+			do_aead = 1;
+		} else {
+			do_auth = 1;
+			do_cipher = 1;
+		}
 	} else if (ctx->qat_cmd == ICP_QAT_FW_LA_CMD_AUTH) {
 		do_auth = 1;
 		do_cipher = 0;
@@ -1087,18 +1175,10 @@ qat_write_hw_desc_entry(struct rte_crypto_op *op, uint8_t *out_msg,
 					ICP_QAT_HW_AUTH_ALGO_GALOIS_128 ||
 				ctx->qat_hash_alg ==
 					ICP_QAT_HW_AUTH_ALGO_GALOIS_64) {
-			/* AES-GCM */
-			if (do_cipher) {
-				auth_ofs = op->sym->cipher.data.offset;
-				auth_len = op->sym->cipher.data.length;
-
-				auth_param->u1.aad_adr = op->sym->auth.aad.phys_addr;
 			/* AES-GMAC */
-			} else {
-				set_cipher_iv(ctx->auth_iv.length,
-					ctx->auth_iv.offset,
-					cipher_param, op, qat_req);
-			}
+			set_cipher_iv(ctx->auth_iv.length,
+				ctx->auth_iv.offset,
+				cipher_param, op, qat_req);
 		} else {
 			auth_ofs = op->sym->auth.data.offset;
 			auth_len = op->sym->auth.data.length;
@@ -1110,6 +1190,19 @@ qat_write_hw_desc_entry(struct rte_crypto_op *op, uint8_t *out_msg,
 
 	}
 
+	if (do_aead) {
+		cipher_len = op->sym->aead.data.length;
+		cipher_ofs = op->sym->aead.data.offset;
+		auth_len = op->sym->aead.data.length;
+		auth_ofs = op->sym->aead.data.offset;
+
+		auth_param->u1.aad_adr = op->sym->aead.aad.phys_addr;
+		auth_param->auth_res_addr = op->sym->aead.digest.phys_addr;
+		set_cipher_iv(ctx->cipher_iv.length, ctx->cipher_iv.offset,
+				cipher_param, op, qat_req);
+		min_ofs = op->sym->aead.data.offset;
+	}
+
 	if (op->sym->m_src->next || (op->sym->m_dst && op->sym->m_dst->next))
 		do_sgl = 1;
 
@@ -1151,7 +1244,7 @@ qat_write_hw_desc_entry(struct rte_crypto_op *op, uint8_t *out_msg,
 		dst_buf_start = src_buf_start;
 	}
 
-	if (do_cipher) {
+	if (do_cipher || do_aead) {
 		cipher_param->cipher_offset =
 				(uint32_t)rte_pktmbuf_mtophys_offset(
 				op->sym->m_src, cipher_ofs) - src_buf_start;
@@ -1160,7 +1253,8 @@ qat_write_hw_desc_entry(struct rte_crypto_op *op, uint8_t *out_msg,
 		cipher_param->cipher_offset = 0;
 		cipher_param->cipher_length = 0;
 	}
-	if (do_auth) {
+
+	if (do_auth || do_aead) {
 		auth_param->auth_off = (uint32_t)rte_pktmbuf_mtophys_offset(
 				op->sym->m_src, auth_ofs) - src_buf_start;
 		auth_param->auth_len = auth_len;
@@ -1168,6 +1262,7 @@ qat_write_hw_desc_entry(struct rte_crypto_op *op, uint8_t *out_msg,
 		auth_param->auth_off = 0;
 		auth_param->auth_len = 0;
 	}
+
 	qat_req->comn_mid.dst_length =
 		qat_req->comn_mid.src_length =
 		(cipher_param->cipher_offset + cipher_param->cipher_length)
@@ -1226,7 +1321,7 @@ qat_write_hw_desc_entry(struct rte_crypto_op *op, uint8_t *out_msg,
 				ICP_QAT_FW_LA_GCM_IV_LEN_12_OCTETS);
 		}
 		/* GMAC */
-		if (!do_cipher) {
+		if (!do_aead) {
 			qat_req->comn_mid.dst_length =
 				qat_req->comn_mid.src_length =
 					rte_pktmbuf_data_len(op->sym->m_src);
@@ -1261,7 +1356,12 @@ qat_write_hw_desc_entry(struct rte_crypto_op *op, uint8_t *out_msg,
 		}
 		rte_hexdump(stdout, "digest:", op->sym->auth.digest.data,
 				ctx->digest_length);
-		rte_hexdump(stdout, "aad:", op->sym->auth.aad.data,
+	}
+
+	if (do_aead) {
+		rte_hexdump(stdout, "digest:", op->sym->aead.digest.data,
+				ctx->digest_length);
+		rte_hexdump(stdout, "aad:", op->sym->aead.aad.data,
 				ctx->aad_len);
 	}
 #endif
diff --git a/drivers/crypto/qat/qat_crypto.h b/drivers/crypto/qat/qat_crypto.h
index b740d6b..f76f3ca 100644
--- a/drivers/crypto/qat/qat_crypto.h
+++ b/drivers/crypto/qat/qat_crypto.h
@@ -117,6 +117,10 @@ qat_crypto_sym_configure_session(struct rte_cryptodev *dev,
 		struct rte_crypto_sym_xform *xform, void *session_private);
 
 struct qat_session *
+qat_crypto_sym_configure_session_aead(struct rte_crypto_sym_xform *xform,
+				struct qat_session *session_private);
+
+struct qat_session *
 qat_crypto_sym_configure_session_auth(struct rte_cryptodev *dev,
 				struct rte_crypto_sym_xform *xform,
 				struct qat_session *session_private);
diff --git a/drivers/crypto/qat/qat_crypto_capabilities.h b/drivers/crypto/qat/qat_crypto_capabilities.h
index d863ccd..fee8ee1 100644
--- a/drivers/crypto/qat/qat_crypto_capabilities.h
+++ b/drivers/crypto/qat/qat_crypto_capabilities.h
@@ -189,12 +189,12 @@
 			}, }						\
 		}, }							\
 	},								\
-	{	/* AES GCM (AUTH) */					\
+	{	/* AES GCM */						\
 		.op = RTE_CRYPTO_OP_TYPE_SYMMETRIC,			\
 		{.sym = {						\
-			.xform_type = RTE_CRYPTO_SYM_XFORM_AUTH,	\
-			{.auth = {					\
-				.algo = RTE_CRYPTO_AUTH_AES_GCM,	\
+			.xform_type = RTE_CRYPTO_SYM_XFORM_AEAD,	\
+			{.aead = {					\
+				.algo = RTE_CRYPTO_AEAD_AES_GCM,	\
 				.block_size = 16,			\
 				.key_size = {				\
 					.min = 16,			\
@@ -211,7 +211,11 @@
 					.max = 240,			\
 					.increment = 1			\
 				},					\
-				.iv_size = { 0 }			\
+				.iv_size = {				\
+					.min = 12,			\
+					.max = 12,			\
+					.increment = 0			\
+				},					\
 			}, }						\
 		}, }							\
 	},								\
@@ -266,26 +270,6 @@
 			}, }						\
 		}, }							\
 	},								\
-	{	/* AES GCM (CIPHER) */					\
-		.op = RTE_CRYPTO_OP_TYPE_SYMMETRIC,			\
-		{.sym = {						\
-			.xform_type = RTE_CRYPTO_SYM_XFORM_CIPHER,	\
-			{.cipher = {					\
-				.algo = RTE_CRYPTO_CIPHER_AES_GCM,	\
-				.block_size = 16,			\
-				.key_size = {				\
-					.min = 16,			\
-					.max = 32,			\
-					.increment = 8			\
-				},					\
-				.iv_size = {				\
-					.min = 12,			\
-					.max = 12,			\
-					.increment = 0			\
-				}					\
-			}, }						\
-		}, }							\
-	},								\
 	{	/* AES CBC */						\
 		.op = RTE_CRYPTO_OP_TYPE_SYMMETRIC,			\
 		{.sym = {						\
diff --git a/examples/ipsec-secgw/esp.c b/examples/ipsec-secgw/esp.c
index d544a3c..c1dbd15 100644
--- a/examples/ipsec-secgw/esp.c
+++ b/examples/ipsec-secgw/esp.c
@@ -84,62 +84,79 @@ esp_inbound(struct rte_mbuf *m, struct ipsec_sa *sa,
 	}
 
 	sym_cop = get_sym_cop(cop);
-
 	sym_cop->m_src = m;
-	sym_cop->cipher.data.offset =  ip_hdr_len + sizeof(struct esp_hdr) +
-		sa->iv_len;
-	sym_cop->cipher.data.length = payload_len;
-
-	struct cnt_blk *icb;
-	uint8_t *aad;
-	uint8_t *iv = RTE_PTR_ADD(ip4, ip_hdr_len + sizeof(struct esp_hdr));
-	uint8_t *iv_ptr = rte_crypto_op_ctod_offset(cop,
-				uint8_t *, IV_OFFSET);
-
-	switch (sa->cipher_algo) {
-	case RTE_CRYPTO_CIPHER_NULL:
-	case RTE_CRYPTO_CIPHER_AES_CBC:
-		/* Copy IV at the end of crypto operation */
-		rte_memcpy(iv_ptr, iv, sa->iv_len);
-		break;
-	case RTE_CRYPTO_CIPHER_AES_CTR:
-	case RTE_CRYPTO_CIPHER_AES_GCM:
+
+	if (sa->aead_algo == RTE_CRYPTO_AEAD_AES_GCM) {
+		sym_cop->aead.data.offset =  ip_hdr_len + sizeof(struct esp_hdr) +
+			sa->iv_len;
+		sym_cop->aead.data.length = payload_len;
+
+		struct cnt_blk *icb;
+		uint8_t *aad;
+		uint8_t *iv = RTE_PTR_ADD(ip4, ip_hdr_len + sizeof(struct esp_hdr));
+
 		icb = get_cnt_blk(m);
 		icb->salt = sa->salt;
 		memcpy(&icb->iv, iv, 8);
 		icb->cnt = rte_cpu_to_be_32(1);
-		break;
-	default:
-		RTE_LOG(ERR, IPSEC_ESP, "unsupported cipher algorithm %u\n",
-				sa->cipher_algo);
-		return -EINVAL;
-	}
 
-	switch (sa->auth_algo) {
-	case RTE_CRYPTO_AUTH_NULL:
-	case RTE_CRYPTO_AUTH_SHA1_HMAC:
-	case RTE_CRYPTO_AUTH_SHA256_HMAC:
-		sym_cop->auth.data.offset = ip_hdr_len;
-		sym_cop->auth.data.length = sizeof(struct esp_hdr) +
-			sa->iv_len + payload_len;
-		break;
-	case RTE_CRYPTO_AUTH_AES_GCM:
 		aad = get_aad(m);
 		memcpy(aad, iv - sizeof(struct esp_hdr), 8);
-		sym_cop->auth.aad.data = aad;
-		sym_cop->auth.aad.phys_addr = rte_pktmbuf_mtophys_offset(m,
+		sym_cop->aead.aad.data = aad;
+		sym_cop->aead.aad.phys_addr = rte_pktmbuf_mtophys_offset(m,
 				aad - rte_pktmbuf_mtod(m, uint8_t *));
-		break;
-	default:
-		RTE_LOG(ERR, IPSEC_ESP, "unsupported auth algorithm %u\n",
-				sa->auth_algo);
-		return -EINVAL;
-	}
 
-	sym_cop->auth.digest.data = rte_pktmbuf_mtod_offset(m, void*,
-			rte_pktmbuf_pkt_len(m) - sa->digest_len);
-	sym_cop->auth.digest.phys_addr = rte_pktmbuf_mtophys_offset(m,
-			rte_pktmbuf_pkt_len(m) - sa->digest_len);
+		sym_cop->aead.digest.data = rte_pktmbuf_mtod_offset(m, void*,
+				rte_pktmbuf_pkt_len(m) - sa->digest_len);
+		sym_cop->aead.digest.phys_addr = rte_pktmbuf_mtophys_offset(m,
+				rte_pktmbuf_pkt_len(m) - sa->digest_len);
+	} else {
+		sym_cop->cipher.data.offset =  ip_hdr_len + sizeof(struct esp_hdr) +
+			sa->iv_len;
+		sym_cop->cipher.data.length = payload_len;
+
+		struct cnt_blk *icb;
+		uint8_t *iv = RTE_PTR_ADD(ip4, ip_hdr_len + sizeof(struct esp_hdr));
+		uint8_t *iv_ptr = rte_crypto_op_ctod_offset(cop,
+					uint8_t *, IV_OFFSET);
+
+		switch (sa->cipher_algo) {
+		case RTE_CRYPTO_CIPHER_NULL:
+		case RTE_CRYPTO_CIPHER_AES_CBC:
+			/* Copy IV at the end of crypto operation */
+			rte_memcpy(iv_ptr, iv, sa->iv_len);
+			break;
+		case RTE_CRYPTO_CIPHER_AES_CTR:
+			icb = get_cnt_blk(m);
+			icb->salt = sa->salt;
+			memcpy(&icb->iv, iv, 8);
+			icb->cnt = rte_cpu_to_be_32(1);
+			break;
+		default:
+			RTE_LOG(ERR, IPSEC_ESP, "unsupported cipher algorithm %u\n",
+					sa->cipher_algo);
+			return -EINVAL;
+		}
+
+		switch (sa->auth_algo) {
+		case RTE_CRYPTO_AUTH_NULL:
+		case RTE_CRYPTO_AUTH_SHA1_HMAC:
+		case RTE_CRYPTO_AUTH_SHA256_HMAC:
+			sym_cop->auth.data.offset = ip_hdr_len;
+			sym_cop->auth.data.length = sizeof(struct esp_hdr) +
+				sa->iv_len + payload_len;
+			break;
+		default:
+			RTE_LOG(ERR, IPSEC_ESP, "unsupported auth algorithm %u\n",
+					sa->auth_algo);
+			return -EINVAL;
+		}
+
+		sym_cop->auth.digest.data = rte_pktmbuf_mtod_offset(m, void*,
+				rte_pktmbuf_pkt_len(m) - sa->digest_len);
+		sym_cop->auth.digest.phys_addr = rte_pktmbuf_mtophys_offset(m,
+				rte_pktmbuf_pkt_len(m) - sa->digest_len);
+	}
 
 	return 0;
 }
@@ -308,65 +325,87 @@ esp_outbound(struct rte_mbuf *m, struct ipsec_sa *sa,
 
 	sym_cop = get_sym_cop(cop);
 	sym_cop->m_src = m;
-	switch (sa->cipher_algo) {
-	case RTE_CRYPTO_CIPHER_NULL:
-	case RTE_CRYPTO_CIPHER_AES_CBC:
-		memset(iv, 0, sa->iv_len);
-		sym_cop->cipher.data.offset = ip_hdr_len +
-			sizeof(struct esp_hdr);
-		sym_cop->cipher.data.length = pad_payload_len + sa->iv_len;
-		break;
-	case RTE_CRYPTO_CIPHER_AES_CTR:
-	case RTE_CRYPTO_CIPHER_AES_GCM:
+
+	if (sa->aead_algo == RTE_CRYPTO_AEAD_AES_GCM) {
+		uint8_t *aad;
+
 		*iv = sa->seq;
-		sym_cop->cipher.data.offset = ip_hdr_len +
+		sym_cop->aead.data.offset = ip_hdr_len +
 			sizeof(struct esp_hdr) + sa->iv_len;
-		sym_cop->cipher.data.length = pad_payload_len;
-		break;
-	default:
-		RTE_LOG(ERR, IPSEC_ESP, "unsupported cipher algorithm %u\n",
-				sa->cipher_algo);
-		return -EINVAL;
-	}
+		sym_cop->aead.data.length = pad_payload_len;
+
+		/* Fill pad_len using default sequential scheme */
+		for (i = 0; i < pad_len - 2; i++)
+			padding[i] = i + 1;
+		padding[pad_len - 2] = pad_len - 2;
+		padding[pad_len - 1] = nlp;
+
+		struct cnt_blk *icb = get_cnt_blk(m);
+		icb->salt = sa->salt;
+		icb->iv = sa->seq;
+		icb->cnt = rte_cpu_to_be_32(1);
 
-	/* Fill pad_len using default sequential scheme */
-	for (i = 0; i < pad_len - 2; i++)
-		padding[i] = i + 1;
-	padding[pad_len - 2] = pad_len - 2;
-	padding[pad_len - 1] = nlp;
-
-	struct cnt_blk *icb = get_cnt_blk(m);
-	icb->salt = sa->salt;
-	icb->iv = sa->seq;
-	icb->cnt = rte_cpu_to_be_32(1);
-
-	uint8_t *aad;
-
-	switch (sa->auth_algo) {
-	case RTE_CRYPTO_AUTH_NULL:
-	case RTE_CRYPTO_AUTH_SHA1_HMAC:
-	case RTE_CRYPTO_AUTH_SHA256_HMAC:
-		sym_cop->auth.data.offset = ip_hdr_len;
-		sym_cop->auth.data.length = sizeof(struct esp_hdr) +
-			sa->iv_len + pad_payload_len;
-		break;
-	case RTE_CRYPTO_AUTH_AES_GCM:
 		aad = get_aad(m);
 		memcpy(aad, esp, 8);
-		sym_cop->auth.aad.data = aad;
-		sym_cop->auth.aad.phys_addr = rte_pktmbuf_mtophys_offset(m,
+		sym_cop->aead.aad.data = aad;
+		sym_cop->aead.aad.phys_addr = rte_pktmbuf_mtophys_offset(m,
 				aad - rte_pktmbuf_mtod(m, uint8_t *));
-		break;
-	default:
-		RTE_LOG(ERR, IPSEC_ESP, "unsupported auth algorithm %u\n",
-				sa->auth_algo);
-		return -EINVAL;
-	}
 
-	sym_cop->auth.digest.data = rte_pktmbuf_mtod_offset(m, uint8_t *,
+		sym_cop->aead.digest.data = rte_pktmbuf_mtod_offset(m, uint8_t *,
 			rte_pktmbuf_pkt_len(m) - sa->digest_len);
-	sym_cop->auth.digest.phys_addr = rte_pktmbuf_mtophys_offset(m,
+		sym_cop->aead.digest.phys_addr = rte_pktmbuf_mtophys_offset(m,
 			rte_pktmbuf_pkt_len(m) - sa->digest_len);
+	} else {
+		switch (sa->cipher_algo) {
+		case RTE_CRYPTO_CIPHER_NULL:
+		case RTE_CRYPTO_CIPHER_AES_CBC:
+			memset(iv, 0, sa->iv_len);
+			sym_cop->cipher.data.offset = ip_hdr_len +
+				sizeof(struct esp_hdr);
+			sym_cop->cipher.data.length = pad_payload_len + sa->iv_len;
+			break;
+		case RTE_CRYPTO_CIPHER_AES_CTR:
+			*iv = sa->seq;
+			sym_cop->cipher.data.offset = ip_hdr_len +
+				sizeof(struct esp_hdr) + sa->iv_len;
+			sym_cop->cipher.data.length = pad_payload_len;
+			break;
+		default:
+			RTE_LOG(ERR, IPSEC_ESP, "unsupported cipher algorithm %u\n",
+					sa->cipher_algo);
+			return -EINVAL;
+		}
+
+		/* Fill pad_len using default sequential scheme */
+		for (i = 0; i < pad_len - 2; i++)
+			padding[i] = i + 1;
+		padding[pad_len - 2] = pad_len - 2;
+		padding[pad_len - 1] = nlp;
+
+		struct cnt_blk *icb = get_cnt_blk(m);
+		icb->salt = sa->salt;
+		icb->iv = sa->seq;
+		icb->cnt = rte_cpu_to_be_32(1);
+
+		switch (sa->auth_algo) {
+		case RTE_CRYPTO_AUTH_NULL:
+		case RTE_CRYPTO_AUTH_SHA1_HMAC:
+		case RTE_CRYPTO_AUTH_SHA256_HMAC:
+			sym_cop->auth.data.offset = ip_hdr_len;
+			sym_cop->auth.data.length = sizeof(struct esp_hdr) +
+				sa->iv_len + pad_payload_len;
+			break;
+		default:
+			RTE_LOG(ERR, IPSEC_ESP, "unsupported auth algorithm %u\n",
+					sa->auth_algo);
+			return -EINVAL;
+		}
+
+		sym_cop->auth.digest.data = rte_pktmbuf_mtod_offset(m, uint8_t *,
+				rte_pktmbuf_pkt_len(m) - sa->digest_len);
+		sym_cop->auth.digest.phys_addr = rte_pktmbuf_mtophys_offset(m,
+				rte_pktmbuf_pkt_len(m) - sa->digest_len);
+	}
 
 	return 0;
 }
diff --git a/examples/ipsec-secgw/sa.c b/examples/ipsec-secgw/sa.c
index 9d80bd3..7971f72 100644
--- a/examples/ipsec-secgw/sa.c
+++ b/examples/ipsec-secgw/sa.c
@@ -64,7 +64,6 @@ struct supported_auth_algo {
 	enum rte_crypto_auth_algorithm algo;
 	uint16_t digest_len;
 	uint16_t key_len;
-	uint8_t aad_len;
 	uint8_t key_not_req;
 };
 
@@ -95,13 +94,6 @@ const struct supported_cipher_algo cipher_algos[] = {
 		.key_len = 16
 	},
 	{
-		.keyword = "aes-128-gcm",
-		.algo = RTE_CRYPTO_CIPHER_AES_GCM,
-		.iv_len = 8,
-		.block_size = 4,
-		.key_len = 20
-	},
-	{
 		.keyword = "aes-128-ctr",
 		.algo = RTE_CRYPTO_CIPHER_AES_CTR,
 		.iv_len = 8,
@@ -129,18 +121,21 @@ const struct supported_auth_algo auth_algos[] = {
 		.algo = RTE_CRYPTO_AUTH_SHA256_HMAC,
 		.digest_len = 12,
 		.key_len = 32
-	},
+	}
+};
+
+const struct supported_aead_algo aead_algos[] = {
 	{
 		.keyword = "aes-128-gcm",
-		.algo = RTE_CRYPTO_AUTH_AES_GCM,
+		.algo = RTE_CRYPTO_AEAD_AES_GCM,
+		.iv_len = 8,
+		.block_size = 4,
+		.key_len = 20,
 		.digest_len = 16,
 		.aad_len = 8,
-		.key_not_req = 1
 	}
 };
 
-const struct supported_aead_algo aead_algos[] = { { } };
-
 struct ipsec_sa sa_out[IPSEC_SA_MAX_ENTRIES];
 uint32_t nb_sa_out;
 
@@ -349,8 +344,7 @@ parse_sa_tokens(char **tokens, uint32_t n_tokens,
 			if (algo->algo == RTE_CRYPTO_CIPHER_AES_CBC)
 				rule->salt = (uint32_t)rte_rand();
 
-			if ((algo->algo == RTE_CRYPTO_CIPHER_AES_CTR) ||
-				(algo->algo == RTE_CRYPTO_CIPHER_AES_GCM)) {
+			if (algo->algo == RTE_CRYPTO_CIPHER_AES_CTR) {
 				key_len -= 4;
 				rule->cipher_key_len = key_len;
 				memcpy(&rule->salt,
@@ -712,75 +706,110 @@ sa_add_rules(struct sa_ctx *sa_ctx, const struct ipsec_sa entries[],
 			sa->dst.ip.ip4 = rte_cpu_to_be_32(sa->dst.ip.ip4);
 		}
 
-		switch (sa->cipher_algo) {
-		case RTE_CRYPTO_CIPHER_NULL:
-		case RTE_CRYPTO_CIPHER_AES_CBC:
-			iv_length = sa->iv_len;
-			break;
-		case RTE_CRYPTO_CIPHER_AES_CTR:
-		case RTE_CRYPTO_CIPHER_AES_GCM:
+		if (sa->aead_algo == RTE_CRYPTO_AEAD_AES_GCM) {
 			iv_length = 16;
-			break;
-		default:
-			RTE_LOG(ERR, IPSEC_ESP, "unsupported cipher algorithm %u\n",
-					sa->cipher_algo);
-			return -EINVAL;
-		}
 
-		if (inbound) {
-			sa_ctx->xf[idx].b.type = RTE_CRYPTO_SYM_XFORM_CIPHER;
-			sa_ctx->xf[idx].b.cipher.algo = sa->cipher_algo;
-			sa_ctx->xf[idx].b.cipher.key.data = sa->cipher_key;
-			sa_ctx->xf[idx].b.cipher.key.length =
-				sa->cipher_key_len;
-			sa_ctx->xf[idx].b.cipher.op =
-				RTE_CRYPTO_CIPHER_OP_DECRYPT;
-			sa_ctx->xf[idx].b.cipher.iv.offset = IV_OFFSET;
-			sa_ctx->xf[idx].b.cipher.iv.length = iv_length;
-			sa_ctx->xf[idx].b.next = NULL;
+			if (inbound) {
+				sa_ctx->xf[idx].a.type = RTE_CRYPTO_SYM_XFORM_AEAD;
+				sa_ctx->xf[idx].a.aead.algo = sa->aead_algo;
+				sa_ctx->xf[idx].a.aead.key.data = sa->cipher_key;
+				sa_ctx->xf[idx].a.aead.key.length =
+					sa->cipher_key_len;
+				sa_ctx->xf[idx].a.aead.op =
+					RTE_CRYPTO_AEAD_OP_DECRYPT;
+				sa_ctx->xf[idx].a.next = NULL;
+				sa_ctx->xf[idx].a.aead.iv.offset = IV_OFFSET;
+				sa_ctx->xf[idx].a.aead.iv.length = iv_length;
+				sa_ctx->xf[idx].a.aead.add_auth_data_length =
+					sa->aad_len;
+				sa_ctx->xf[idx].a.aead.digest_length =
+					sa->digest_len;
+			} else { /* outbound */
+				sa_ctx->xf[idx].a.type = RTE_CRYPTO_SYM_XFORM_AEAD;
+				sa_ctx->xf[idx].a.aead.algo = sa->aead_algo;
+				sa_ctx->xf[idx].a.aead.key.data = sa->cipher_key;
+				sa_ctx->xf[idx].a.aead.key.length =
+					sa->cipher_key_len;
+				sa_ctx->xf[idx].a.aead.op =
+					RTE_CRYPTO_AEAD_OP_ENCRYPT;
+				sa_ctx->xf[idx].a.next = NULL;
+				sa_ctx->xf[idx].a.aead.iv.offset = IV_OFFSET;
+				sa_ctx->xf[idx].a.aead.iv.length = iv_length;
+				sa_ctx->xf[idx].a.aead.add_auth_data_length =
+					sa->aad_len;
+				sa_ctx->xf[idx].a.aead.digest_length =
+					sa->digest_len;
+			}
 
-			sa_ctx->xf[idx].a.type = RTE_CRYPTO_SYM_XFORM_AUTH;
-			sa_ctx->xf[idx].a.auth.algo = sa->auth_algo;
-			sa_ctx->xf[idx].a.auth.add_auth_data_length =
-				sa->aad_len;
-			sa_ctx->xf[idx].a.auth.key.data = sa->auth_key;
-			sa_ctx->xf[idx].a.auth.key.length =
-				sa->auth_key_len;
-			sa_ctx->xf[idx].a.auth.digest_length =
-				sa->digest_len;
-			sa_ctx->xf[idx].a.auth.op =
-				RTE_CRYPTO_AUTH_OP_VERIFY;
-
-		} else { /* outbound */
-			sa_ctx->xf[idx].a.type = RTE_CRYPTO_SYM_XFORM_CIPHER;
-			sa_ctx->xf[idx].a.cipher.algo = sa->cipher_algo;
-			sa_ctx->xf[idx].a.cipher.key.data = sa->cipher_key;
-			sa_ctx->xf[idx].a.cipher.key.length =
-				sa->cipher_key_len;
-			sa_ctx->xf[idx].a.cipher.op =
-				RTE_CRYPTO_CIPHER_OP_ENCRYPT;
-			sa_ctx->xf[idx].a.cipher.iv.offset = IV_OFFSET;
-			sa_ctx->xf[idx].a.cipher.iv.length = iv_length;
-			sa_ctx->xf[idx].a.next = NULL;
-
-			sa_ctx->xf[idx].b.type = RTE_CRYPTO_SYM_XFORM_AUTH;
-			sa_ctx->xf[idx].b.auth.algo = sa->auth_algo;
-			sa_ctx->xf[idx].b.auth.add_auth_data_length =
-				sa->aad_len;
-			sa_ctx->xf[idx].b.auth.key.data = sa->auth_key;
-			sa_ctx->xf[idx].b.auth.key.length =
-				sa->auth_key_len;
-			sa_ctx->xf[idx].b.auth.digest_length =
-				sa->digest_len;
-			sa_ctx->xf[idx].b.auth.op =
-				RTE_CRYPTO_AUTH_OP_GENERATE;
-		}
+			sa->xforms = &sa_ctx->xf[idx].a;
 
-		sa_ctx->xf[idx].a.next = &sa_ctx->xf[idx].b;
-		sa_ctx->xf[idx].b.next = NULL;
-		sa->xforms = &sa_ctx->xf[idx].a;
+			print_one_sa_rule(sa, inbound);
+		} else {
+			switch (sa->cipher_algo) {
+			case RTE_CRYPTO_CIPHER_NULL:
+			case RTE_CRYPTO_CIPHER_AES_CBC:
+				iv_length = sa->iv_len;
+				break;
+			case RTE_CRYPTO_CIPHER_AES_CTR:
+				iv_length = 16;
+				break;
+			default:
+				RTE_LOG(ERR, IPSEC_ESP,
+						"unsupported cipher algorithm %u\n",
+						sa->cipher_algo);
+				return -EINVAL;
+			}
+
+			if (inbound) {
+				sa_ctx->xf[idx].b.type = RTE_CRYPTO_SYM_XFORM_CIPHER;
+				sa_ctx->xf[idx].b.cipher.algo = sa->cipher_algo;
+				sa_ctx->xf[idx].b.cipher.key.data = sa->cipher_key;
+				sa_ctx->xf[idx].b.cipher.key.length =
+					sa->cipher_key_len;
+				sa_ctx->xf[idx].b.cipher.op =
+					RTE_CRYPTO_CIPHER_OP_DECRYPT;
+				sa_ctx->xf[idx].b.next = NULL;
+				sa_ctx->xf[idx].b.cipher.iv.offset = IV_OFFSET;
+				sa_ctx->xf[idx].b.cipher.iv.length = iv_length;
+
+				sa_ctx->xf[idx].a.type = RTE_CRYPTO_SYM_XFORM_AUTH;
+				sa_ctx->xf[idx].a.auth.algo = sa->auth_algo;
+				sa_ctx->xf[idx].a.auth.key.data = sa->auth_key;
+				sa_ctx->xf[idx].a.auth.key.length =
+					sa->auth_key_len;
+				sa_ctx->xf[idx].a.auth.digest_length =
+					sa->digest_len;
+				sa_ctx->xf[idx].a.auth.op =
+					RTE_CRYPTO_AUTH_OP_VERIFY;
+			} else { /* outbound */
+				sa_ctx->xf[idx].a.type = RTE_CRYPTO_SYM_XFORM_CIPHER;
+				sa_ctx->xf[idx].a.cipher.algo = sa->cipher_algo;
+				sa_ctx->xf[idx].a.cipher.key.data = sa->cipher_key;
+				sa_ctx->xf[idx].a.cipher.key.length =
+					sa->cipher_key_len;
+				sa_ctx->xf[idx].a.cipher.op =
+					RTE_CRYPTO_CIPHER_OP_ENCRYPT;
+				sa_ctx->xf[idx].a.next = NULL;
+				sa_ctx->xf[idx].a.cipher.iv.offset = IV_OFFSET;
+				sa_ctx->xf[idx].a.cipher.iv.length = iv_length;
+
+				sa_ctx->xf[idx].b.type = RTE_CRYPTO_SYM_XFORM_AUTH;
+				sa_ctx->xf[idx].b.auth.algo = sa->auth_algo;
+				sa_ctx->xf[idx].b.auth.key.data = sa->auth_key;
+				sa_ctx->xf[idx].b.auth.key.length =
+					sa->auth_key_len;
+				sa_ctx->xf[idx].b.auth.digest_length =
+					sa->digest_len;
+				sa_ctx->xf[idx].b.auth.op =
+					RTE_CRYPTO_AUTH_OP_GENERATE;
+			}
 
-		print_one_sa_rule(sa, inbound);
+			sa_ctx->xf[idx].a.next = &sa_ctx->xf[idx].b;
+			sa_ctx->xf[idx].b.next = NULL;
+			sa->xforms = &sa_ctx->xf[idx].a;
+
+			print_one_sa_rule(sa, inbound);
+		}
 	}
 
 	return 0;
diff --git a/examples/l2fwd-crypto/main.c b/examples/l2fwd-crypto/main.c
index 914f8ed..f28e62a 100644
--- a/examples/l2fwd-crypto/main.c
+++ b/examples/l2fwd-crypto/main.c
@@ -1428,6 +1428,9 @@ l2fwd_crypto_default_options(struct l2fwd_crypto_options *options)
 	options->aead_iv_random_size = -1;
 	options->aead_iv.length = 0;
 
+	options->auth_xform.aead.algo = RTE_CRYPTO_AEAD_AES_GCM;
+	options->auth_xform.aead.op = RTE_CRYPTO_AEAD_OP_ENCRYPT;
+
 	options->aad_param = 0;
 	options->aad_random_size = -1;
 	options->aad.length = 0;
diff --git a/lib/librte_cryptodev/rte_crypto_sym.h b/lib/librte_cryptodev/rte_crypto_sym.h
index f03d2fd..dab042b 100644
--- a/lib/librte_cryptodev/rte_crypto_sym.h
+++ b/lib/librte_cryptodev/rte_crypto_sym.h
@@ -68,27 +68,12 @@ enum rte_crypto_cipher_algorithm {
 
 	RTE_CRYPTO_CIPHER_AES_CBC,
 	/**< AES algorithm in CBC mode */
-	RTE_CRYPTO_CIPHER_AES_CCM,
-	/**< AES algorithm in CCM mode. When this cipher algorithm is used the
-	 * *RTE_CRYPTO_AUTH_AES_CCM* element of the
-	 * *rte_crypto_hash_algorithm* enum MUST be used to set up the related
-	 * *rte_crypto_auth_xform* structure in the session context or in
-	 * the op_params of the crypto operation structure in the case of a
-	 * session-less crypto operation
-	 */
 	RTE_CRYPTO_CIPHER_AES_CTR,
 	/**< AES algorithm in Counter mode */
 	RTE_CRYPTO_CIPHER_AES_ECB,
 	/**< AES algorithm in ECB mode */
 	RTE_CRYPTO_CIPHER_AES_F8,
 	/**< AES algorithm in F8 mode */
-	RTE_CRYPTO_CIPHER_AES_GCM,
-	/**< AES algorithm in GCM mode. When this cipher algorithm is used the
-	 * *RTE_CRYPTO_AUTH_AES_GCM* element of the *rte_crypto_auth_algorithm*
-	 * enum MUST be used to set up the related *rte_crypto_auth_setup_data*
-	 * structure in the session context or in the op_params of the crypto
-	 * operation structure in the case of a session-less crypto operation.
-	 */
 	RTE_CRYPTO_CIPHER_AES_XTS,
 	/**< AES algorithm in XTS mode */
 
@@ -247,25 +232,8 @@ enum rte_crypto_auth_algorithm {
 
 	RTE_CRYPTO_AUTH_AES_CBC_MAC,
 	/**< AES-CBC-MAC algorithm. Only 128-bit keys are supported. */
-	RTE_CRYPTO_AUTH_AES_CCM,
-	/**< AES algorithm in CCM mode. This is an authenticated cipher. When
-	 * this hash algorithm is used, the *RTE_CRYPTO_CIPHER_AES_CCM*
-	 * element of the *rte_crypto_cipher_algorithm* enum MUST be used to
-	 * set up the related rte_crypto_cipher_setup_data structure in the
-	 * session context or the corresponding parameter in the crypto
-	 * operation data structures op_params parameter MUST be set for a
-	 * session-less crypto operation.
-	 */
 	RTE_CRYPTO_AUTH_AES_CMAC,
 	/**< AES CMAC algorithm. */
-	RTE_CRYPTO_AUTH_AES_GCM,
-	/**< AES algorithm in GCM mode. When this hash algorithm
-	 * is used, the RTE_CRYPTO_CIPHER_AES_GCM element of the
-	 * rte_crypto_cipher_algorithm enum MUST be used to set up the related
-	 * rte_crypto_cipher_setup_data structure in the session context, or
-	 * the corresponding parameter in the crypto operation data structures
-	 * op_params parameter MUST be set for a session-less crypto operation.
-	 */
 	RTE_CRYPTO_AUTH_AES_GMAC,
 	/**< AES GMAC algorithm. */
 	RTE_CRYPTO_AUTH_AES_XCBC_MAC,
@@ -363,20 +331,6 @@ struct rte_crypto_auth_xform {
 	 * The maximum permitted value is 65535 (2^16 - 1) bytes, unless
 	 * otherwise specified below.
 	 *
-	 * This field must be specified when the hash algorithm is one of the
-	 * following:
-	 *
-	 * - For GCM (@ref RTE_CRYPTO_AUTH_AES_GCM).  In this case, this is
-	 *   the length of the Additional Authenticated Data (called A, in NIST
-	 *   SP800-38D).
-	 *
-	 * - For CCM (@ref RTE_CRYPTO_AUTH_AES_CCM).  In this case, this is
-	 *   the length of the associated data (called A, in NIST SP800-38C).
-	 *   Note that this does NOT include the length of any padding, or the
-	 *   18 bytes reserved at the start of the above field to store the
-	 *   block B0 and the encoded length.  The maximum permitted value in
-	 *   this case is 222 bytes.
-	 *
 	 */
 
 	struct {
@@ -658,15 +612,6 @@ struct rte_crypto_sym_op {
 					  * also the same as the result length.
 					  *
 					  * @note
-					  * In the case of CCM
-					  * @ref RTE_CRYPTO_AUTH_AES_CCM, this value
-					  * should not include the length of the padding
-					  * or the length of the MAC; the driver will
-					  * compute the actual number of bytes over
-					  * which the encryption will occur, which will
-					  * include these values.
-					  *
-					  * @note
 					  * For SNOW 3G @ RTE_CRYPTO_AUTH_SNOW3G_UEA2,
 					  * KASUMI @ RTE_CRYPTO_CIPHER_KASUMI_F8
 					  * and ZUC @ RTE_CRYPTO_CIPHER_ZUC_EEA3,
@@ -683,12 +628,6 @@ struct rte_crypto_sym_op {
 					  * packet in source buffer.
 					  *
 					  * @note
-					  * For CCM and GCM modes of operation,
-					  * this field is ignored.
-					  * The field @ref aad field should be set
-					  * instead.
-					  *
-					  * @note
 					  * For SNOW 3G @ RTE_CRYPTO_AUTH_SNOW3G_UIA2,
 					  * KASUMI @ RTE_CRYPTO_AUTH_KASUMI_F9
 					  * and ZUC @ RTE_CRYPTO_AUTH_ZUC_EIA3,
@@ -699,11 +638,6 @@ struct rte_crypto_sym_op {
 					  * buffer that the hash will be computed on.
 					  *
 					  * @note
-					  * For CCM and GCM modes of operation,
-					  * this field is ignored. The field @ref aad
-					  * field should be set instead.
-					  *
-					  * @note
 					  * For SNOW 3G @ RTE_CRYPTO_AUTH_SNOW3G_UIA2,
 					  * KASUMI @ RTE_CRYPTO_AUTH_KASUMI_F9
 					  * and ZUC @ RTE_CRYPTO_AUTH_ZUC_EIA3,
@@ -732,9 +666,6 @@ struct rte_crypto_sym_op {
 					 * For digest generation, the digest result
 					 * will overwrite any data at this location.
 					 *
-					 * @note
-					 * For GCM (@ref RTE_CRYPTO_AUTH_AES_GCM), for
-					 * "digest result" read "authentication tag T".
 					 */
 					phys_addr_t phys_addr;
 					/**< Physical address of digest */
@@ -754,37 +685,6 @@ struct rte_crypto_sym_op {
 					 * This length must not exceed 65535 (2^16-1)
 					 * bytes.
 					 *
-					 * Specifically for CCM
-					 * (@ref RTE_CRYPTO_AUTH_AES_CCM),
-					 * the caller should setup this field as follows:
-					 *
-					 * - the nonce should be written starting at
-					 * an offset of one byte into the array,
-					 * leaving room for the implementation to
-					 * write in the flags to the first byte.
-					 *
-					 * - the additional authentication data
-					 * itself should be written starting at
-					 * an offset of 18 bytes into the array,
-					 * leaving room for the length encoding in
-					 * the first two bytes of the second block.
-					 *
-					 * - the array should be big enough to hold
-					 * the above fields, plus any padding to
-					 * round this up to the nearest multiple of
-					 * the block size (16 bytes).
-					 * Padding will be added by the implementation.
-					 *
-					 * Finally, for GCM
-					 * (@ref RTE_CRYPTO_AUTH_AES_GCM), the
-					 * caller should setup this field as follows:
-					 *
-					 * - the AAD is written in starting at byte 0
-					 * - the array must be big enough to hold
-					 * the AAD, plus any space to round this up to
-					 * the nearest multiple of the block size
-					 * (16 bytes).
-					 *
 					 */
 					phys_addr_t phys_addr;	/**< physical address */
 				} aad;
diff --git a/lib/librte_cryptodev/rte_cryptodev.c b/lib/librte_cryptodev/rte_cryptodev.c
index 60dc5e5..497f9ce 100644
--- a/lib/librte_cryptodev/rte_cryptodev.c
+++ b/lib/librte_cryptodev/rte_cryptodev.c
@@ -111,11 +111,9 @@ rte_crypto_cipher_algorithm_strings[] = {
 	[RTE_CRYPTO_CIPHER_3DES_CTR]	= "3des-ctr",
 
 	[RTE_CRYPTO_CIPHER_AES_CBC]	= "aes-cbc",
-	[RTE_CRYPTO_CIPHER_AES_CCM]	= "aes-ccm",
 	[RTE_CRYPTO_CIPHER_AES_CTR]	= "aes-ctr",
 	[RTE_CRYPTO_CIPHER_AES_DOCSISBPI]	= "aes-docsisbpi",
 	[RTE_CRYPTO_CIPHER_AES_ECB]	= "aes-ecb",
-	[RTE_CRYPTO_CIPHER_AES_GCM]	= "aes-gcm",
 	[RTE_CRYPTO_CIPHER_AES_F8]	= "aes-f8",
 	[RTE_CRYPTO_CIPHER_AES_XTS]	= "aes-xts",
 
@@ -148,9 +146,7 @@ rte_crypto_cipher_operation_strings[] = {
 const char *
 rte_crypto_auth_algorithm_strings[] = {
 	[RTE_CRYPTO_AUTH_AES_CBC_MAC]	= "aes-cbc-mac",
-	[RTE_CRYPTO_AUTH_AES_CCM]	= "aes-ccm",
 	[RTE_CRYPTO_AUTH_AES_CMAC]	= "aes-cmac",
-	[RTE_CRYPTO_AUTH_AES_GCM]	= "aes-gcm",
 	[RTE_CRYPTO_AUTH_AES_GMAC]	= "aes-gmac",
 	[RTE_CRYPTO_AUTH_AES_XCBC_MAC]	= "aes-xcbc-mac",
 
diff --git a/test/test/test_cryptodev.c b/test/test/test_cryptodev.c
index 00c32a4..21c6270 100644
--- a/test/test/test_cryptodev.c
+++ b/test/test/test_cryptodev.c
@@ -76,6 +76,7 @@ struct crypto_testsuite_params {
 struct crypto_unittest_params {
 	struct rte_crypto_sym_xform cipher_xform;
 	struct rte_crypto_sym_xform auth_xform;
+	struct rte_crypto_sym_xform aead_xform;
 
 	struct rte_cryptodev_sym_session *sess;
 
@@ -4629,54 +4630,34 @@ test_3DES_cipheronly_openssl_all(void)
 /* ***** AES-GCM Tests ***** */
 
 static int
-create_gcm_session(uint8_t dev_id, enum rte_crypto_cipher_operation op,
+create_gcm_session(uint8_t dev_id, enum rte_crypto_aead_operation op,
 		const uint8_t *key, const uint8_t key_len,
 		const uint16_t aad_len, const uint8_t auth_len,
-		uint8_t iv_len,
-		enum rte_crypto_auth_operation auth_op)
+		uint8_t iv_len)
 {
-	uint8_t cipher_key[key_len];
+	uint8_t aead_key[key_len];
 
 	struct crypto_unittest_params *ut_params = &unittest_params;
 
-	memcpy(cipher_key, key, key_len);
+	memcpy(aead_key, key, key_len);
 
-	/* Setup Cipher Parameters */
-	ut_params->cipher_xform.type = RTE_CRYPTO_SYM_XFORM_CIPHER;
-	ut_params->cipher_xform.next = NULL;
-
-	ut_params->cipher_xform.cipher.algo = RTE_CRYPTO_CIPHER_AES_GCM;
-	ut_params->auth_xform.auth.op = auth_op;
-	ut_params->cipher_xform.cipher.op = op;
-	ut_params->cipher_xform.cipher.key.data = cipher_key;
-	ut_params->cipher_xform.cipher.key.length = key_len;
-	ut_params->cipher_xform.cipher.iv.offset = IV_OFFSET;
-	ut_params->cipher_xform.cipher.iv.length = iv_len;
+	/* Setup AEAD Parameters */
+	ut_params->aead_xform.type = RTE_CRYPTO_SYM_XFORM_AEAD;
+	ut_params->aead_xform.next = NULL;
+	ut_params->aead_xform.aead.algo = RTE_CRYPTO_AEAD_AES_GCM;
+	ut_params->aead_xform.aead.op = op;
+	ut_params->aead_xform.aead.key.data = aead_key;
+	ut_params->aead_xform.aead.key.length = key_len;
+	ut_params->aead_xform.aead.iv.offset = IV_OFFSET;
+	ut_params->aead_xform.aead.iv.length = iv_len;
+	ut_params->aead_xform.aead.digest_length = auth_len;
+	ut_params->aead_xform.aead.add_auth_data_length = aad_len;
 
 	TEST_HEXDUMP(stdout, "key:", key, key_len);
 
-	/* Setup Authentication Parameters */
-	ut_params->auth_xform.type = RTE_CRYPTO_SYM_XFORM_AUTH;
-	ut_params->auth_xform.next = NULL;
-
-	ut_params->auth_xform.auth.algo = RTE_CRYPTO_AUTH_AES_GCM;
-
-	ut_params->auth_xform.auth.digest_length = auth_len;
-	ut_params->auth_xform.auth.add_auth_data_length = aad_len;
-	ut_params->auth_xform.auth.key.length = 0;
-	ut_params->auth_xform.auth.key.data = NULL;
-
-	if (op == RTE_CRYPTO_CIPHER_OP_ENCRYPT) {
-		ut_params->cipher_xform.next = &ut_params->auth_xform;
-
-		/* Create Crypto session*/
-		ut_params->sess = rte_cryptodev_sym_session_create(dev_id,
-				&ut_params->cipher_xform);
-	} else {/* Create Crypto session*/
-		ut_params->auth_xform.next = &ut_params->cipher_xform;
-		ut_params->sess = rte_cryptodev_sym_session_create(dev_id,
-				&ut_params->auth_xform);
-	}
+	/* Create Crypto session*/
+	ut_params->sess = rte_cryptodev_sym_session_create(dev_id,
+			&ut_params->aead_xform);
 
 	TEST_ASSERT_NOT_NULL(ut_params->sess, "Session creation failed");
 
@@ -4685,43 +4666,35 @@ create_gcm_session(uint8_t dev_id, enum rte_crypto_cipher_operation op,
 
 static int
 create_gcm_xforms(struct rte_crypto_op *op,
-		enum rte_crypto_cipher_operation cipher_op,
+		enum rte_crypto_aead_operation aead_op,
 		uint8_t *key, const uint8_t key_len,
 		const uint8_t aad_len, const uint8_t auth_len,
-		uint8_t iv_len,
-		enum rte_crypto_auth_operation auth_op)
+		uint8_t iv_len)
 {
-	TEST_ASSERT_NOT_NULL(rte_crypto_op_sym_xforms_alloc(op, 2),
-			"failed to allocate space for crypto transforms");
+	TEST_ASSERT_NOT_NULL(rte_crypto_op_sym_xforms_alloc(op, 1),
+			"failed to allocate space for crypto transform");
 
 	struct rte_crypto_sym_op *sym_op = op->sym;
 
-	/* Setup Cipher Parameters */
-	sym_op->xform->type = RTE_CRYPTO_SYM_XFORM_CIPHER;
-	sym_op->xform->cipher.algo = RTE_CRYPTO_CIPHER_AES_GCM;
-	sym_op->xform->cipher.op = cipher_op;
-	sym_op->xform->cipher.key.data = key;
-	sym_op->xform->cipher.key.length = key_len;
-	sym_op->xform->cipher.iv.offset = IV_OFFSET;
-	sym_op->xform->cipher.iv.length = iv_len;
+	/* Setup AEAD Parameters */
+	sym_op->xform->type = RTE_CRYPTO_SYM_XFORM_AEAD;
+	sym_op->xform->next = NULL;
+	sym_op->xform->aead.algo = RTE_CRYPTO_AEAD_AES_GCM;
+	sym_op->xform->aead.op = aead_op;
+	sym_op->xform->aead.key.data = key;
+	sym_op->xform->aead.key.length = key_len;
+	sym_op->xform->aead.iv.offset = IV_OFFSET;
+	sym_op->xform->aead.iv.length = iv_len;
+	sym_op->xform->aead.digest_length = auth_len;
+	sym_op->xform->aead.add_auth_data_length = aad_len;
 
 	TEST_HEXDUMP(stdout, "key:", key, key_len);
 
-	/* Setup Authentication Parameters */
-	sym_op->xform->next->type = RTE_CRYPTO_SYM_XFORM_AUTH;
-	sym_op->xform->next->auth.algo = RTE_CRYPTO_AUTH_AES_GCM;
-	sym_op->xform->next->auth.op = auth_op;
-	sym_op->xform->next->auth.digest_length = auth_len;
-	sym_op->xform->next->auth.add_auth_data_length = aad_len;
-	sym_op->xform->next->auth.key.length = 0;
-	sym_op->xform->next->auth.key.data = NULL;
-	sym_op->xform->next->next = NULL;
-
 	return 0;
 }
 
 static int
-create_gcm_operation(enum rte_crypto_cipher_operation op,
+create_gcm_operation(enum rte_crypto_aead_operation op,
 		const struct gcm_test_data *tdata)
 {
 	struct crypto_testsuite_params *ts_params = &testsuite_params;
@@ -4740,15 +4713,15 @@ create_gcm_operation(enum rte_crypto_cipher_operation op,
 
 	/* Append aad data */
 	aad_pad_len = RTE_ALIGN_CEIL(tdata->aad.len, 16);
-	sym_op->auth.aad.data = (uint8_t *)rte_pktmbuf_append(ut_params->ibuf,
+	sym_op->aead.aad.data = (uint8_t *)rte_pktmbuf_append(ut_params->ibuf,
 			aad_pad_len);
-	TEST_ASSERT_NOT_NULL(sym_op->auth.aad.data,
+	TEST_ASSERT_NOT_NULL(sym_op->aead.aad.data,
 			"no room to append aad");
 
-	sym_op->auth.aad.phys_addr =
+	sym_op->aead.aad.phys_addr =
 			rte_pktmbuf_mtophys(ut_params->ibuf);
-	memcpy(sym_op->auth.aad.data, tdata->aad.data, tdata->aad.len);
-	TEST_HEXDUMP(stdout, "aad:", sym_op->auth.aad.data,
+	memcpy(sym_op->aead.aad.data, tdata->aad.data, tdata->aad.len);
+	TEST_HEXDUMP(stdout, "aad:", sym_op->aead.aad.data,
 		tdata->aad.len);
 
 	/* Append IV at the end of the crypto operation*/
@@ -4760,7 +4733,7 @@ create_gcm_operation(enum rte_crypto_cipher_operation op,
 		tdata->iv.len);
 
 	/* Append plaintext/ciphertext */
-	if (op == RTE_CRYPTO_CIPHER_OP_ENCRYPT) {
+	if (op == RTE_CRYPTO_AEAD_OP_ENCRYPT) {
 		plaintext_pad_len = RTE_ALIGN_CEIL(tdata->plaintext.len, 16);
 		plaintext = (uint8_t *)rte_pktmbuf_append(ut_params->ibuf,
 				plaintext_pad_len);
@@ -4805,40 +4778,37 @@ create_gcm_operation(enum rte_crypto_cipher_operation op,
 	}
 
 	/* Append digest data */
-	if (op == RTE_CRYPTO_CIPHER_OP_ENCRYPT) {
-		sym_op->auth.digest.data = (uint8_t *)rte_pktmbuf_append(
+	if (op == RTE_CRYPTO_AEAD_OP_ENCRYPT) {
+		sym_op->aead.digest.data = (uint8_t *)rte_pktmbuf_append(
 				ut_params->obuf ? ut_params->obuf :
 						ut_params->ibuf,
 						tdata->auth_tag.len);
-		TEST_ASSERT_NOT_NULL(sym_op->auth.digest.data,
+		TEST_ASSERT_NOT_NULL(sym_op->aead.digest.data,
 				"no room to append digest");
-		memset(sym_op->auth.digest.data, 0, tdata->auth_tag.len);
-		sym_op->auth.digest.phys_addr = rte_pktmbuf_mtophys_offset(
+		memset(sym_op->aead.digest.data, 0, tdata->auth_tag.len);
+		sym_op->aead.digest.phys_addr = rte_pktmbuf_mtophys_offset(
 				ut_params->obuf ? ut_params->obuf :
 						ut_params->ibuf,
 						plaintext_pad_len +
 						aad_pad_len);
 	} else {
-		sym_op->auth.digest.data = (uint8_t *)rte_pktmbuf_append(
+		sym_op->aead.digest.data = (uint8_t *)rte_pktmbuf_append(
 				ut_params->ibuf, tdata->auth_tag.len);
-		TEST_ASSERT_NOT_NULL(sym_op->auth.digest.data,
+		TEST_ASSERT_NOT_NULL(sym_op->aead.digest.data,
 				"no room to append digest");
-		sym_op->auth.digest.phys_addr = rte_pktmbuf_mtophys_offset(
+		sym_op->aead.digest.phys_addr = rte_pktmbuf_mtophys_offset(
 				ut_params->ibuf,
 				plaintext_pad_len + aad_pad_len);
 
-		rte_memcpy(sym_op->auth.digest.data, tdata->auth_tag.data,
+		rte_memcpy(sym_op->aead.digest.data, tdata->auth_tag.data,
 			tdata->auth_tag.len);
 		TEST_HEXDUMP(stdout, "digest:",
-			sym_op->auth.digest.data,
+			sym_op->aead.digest.data,
 			tdata->auth_tag.len);
 	}
 
-	sym_op->cipher.data.length = tdata->plaintext.len;
-	sym_op->cipher.data.offset = aad_pad_len;
-
-	sym_op->auth.data.length = tdata->plaintext.len;
-	sym_op->auth.data.offset = aad_pad_len;
+	sym_op->aead.data.length = tdata->plaintext.len;
+	sym_op->aead.data.offset = aad_pad_len;
 
 	return 0;
 }
@@ -4856,11 +4826,10 @@ test_mb_AES_GCM_authenticated_encryption(const struct gcm_test_data *tdata)
 
 	/* Create GCM session */
 	retval = create_gcm_session(ts_params->valid_devs[0],
-			RTE_CRYPTO_CIPHER_OP_ENCRYPT,
+			RTE_CRYPTO_AEAD_OP_ENCRYPT,
 			tdata->key.data, tdata->key.len,
 			tdata->aad.len, tdata->auth_tag.len,
-			tdata->iv.len,
-			RTE_CRYPTO_AUTH_OP_GENERATE);
+			tdata->iv.len);
 	if (retval < 0)
 		return retval;
 
@@ -4877,7 +4846,7 @@ test_mb_AES_GCM_authenticated_encryption(const struct gcm_test_data *tdata)
 			rte_pktmbuf_tailroom(ut_params->ibuf));
 
 	/* Create GCM operation */
-	retval = create_gcm_operation(RTE_CRYPTO_CIPHER_OP_ENCRYPT, tdata);
+	retval = create_gcm_operation(RTE_CRYPTO_AEAD_OP_ENCRYPT, tdata);
 	if (retval < 0)
 		return retval;
 
@@ -5034,11 +5003,10 @@ test_mb_AES_GCM_authenticated_decryption(const struct gcm_test_data *tdata)
 
 	/* Create GCM session */
 	retval = create_gcm_session(ts_params->valid_devs[0],
-			RTE_CRYPTO_CIPHER_OP_DECRYPT,
+			RTE_CRYPTO_AEAD_OP_DECRYPT,
 			tdata->key.data, tdata->key.len,
 			tdata->aad.len, tdata->auth_tag.len,
-			tdata->iv.len,
-			RTE_CRYPTO_AUTH_OP_VERIFY);
+			tdata->iv.len);
 	if (retval < 0)
 		return retval;
 
@@ -5055,7 +5023,7 @@ test_mb_AES_GCM_authenticated_decryption(const struct gcm_test_data *tdata)
 			rte_pktmbuf_tailroom(ut_params->ibuf));
 
 	/* Create GCM operation */
-	retval = create_gcm_operation(RTE_CRYPTO_CIPHER_OP_DECRYPT, tdata);
+	retval = create_gcm_operation(RTE_CRYPTO_AEAD_OP_DECRYPT, tdata);
 	if (retval < 0)
 		return retval;
 
@@ -5201,11 +5169,10 @@ test_AES_GCM_authenticated_encryption_oop(const struct gcm_test_data *tdata)
 
 	/* Create GCM session */
 	retval = create_gcm_session(ts_params->valid_devs[0],
-			RTE_CRYPTO_CIPHER_OP_ENCRYPT,
+			RTE_CRYPTO_AEAD_OP_ENCRYPT,
 			tdata->key.data, tdata->key.len,
 			tdata->aad.len, tdata->auth_tag.len,
-			tdata->iv.len,
-			RTE_CRYPTO_AUTH_OP_GENERATE);
+			tdata->iv.len);
 	if (retval < 0)
 		return retval;
 
@@ -5219,7 +5186,7 @@ test_AES_GCM_authenticated_encryption_oop(const struct gcm_test_data *tdata)
 			rte_pktmbuf_tailroom(ut_params->obuf));
 
 	/* Create GCM operation */
-	retval = create_gcm_operation(RTE_CRYPTO_CIPHER_OP_ENCRYPT, tdata);
+	retval = create_gcm_operation(RTE_CRYPTO_AEAD_OP_ENCRYPT, tdata);
 	if (retval < 0)
 		return retval;
 
@@ -5278,11 +5245,10 @@ test_AES_GCM_authenticated_decryption_oop(const struct gcm_test_data *tdata)
 
 	/* Create GCM session */
 	retval = create_gcm_session(ts_params->valid_devs[0],
-			RTE_CRYPTO_CIPHER_OP_DECRYPT,
+			RTE_CRYPTO_AEAD_OP_DECRYPT,
 			tdata->key.data, tdata->key.len,
 			tdata->aad.len, tdata->auth_tag.len,
-			tdata->iv.len,
-			RTE_CRYPTO_AUTH_OP_VERIFY);
+			tdata->iv.len);
 	if (retval < 0)
 		return retval;
 
@@ -5296,7 +5262,7 @@ test_AES_GCM_authenticated_decryption_oop(const struct gcm_test_data *tdata)
 			rte_pktmbuf_tailroom(ut_params->obuf));
 
 	/* Create GCM operation */
-	retval = create_gcm_operation(RTE_CRYPTO_CIPHER_OP_DECRYPT, tdata);
+	retval = create_gcm_operation(RTE_CRYPTO_AEAD_OP_DECRYPT, tdata);
 	if (retval < 0)
 		return retval;
 
@@ -5355,18 +5321,17 @@ test_AES_GCM_authenticated_encryption_sessionless(
 			rte_pktmbuf_tailroom(ut_params->ibuf));
 
 	/* Create GCM operation */
-	retval = create_gcm_operation(RTE_CRYPTO_CIPHER_OP_ENCRYPT, tdata);
+	retval = create_gcm_operation(RTE_CRYPTO_AEAD_OP_ENCRYPT, tdata);
 	if (retval < 0)
 		return retval;
 
 	/* Create GCM xforms */
 	memcpy(key, tdata->key.data, tdata->key.len);
 	retval = create_gcm_xforms(ut_params->op,
-			RTE_CRYPTO_CIPHER_OP_ENCRYPT,
+			RTE_CRYPTO_AEAD_OP_ENCRYPT,
 			key, tdata->key.len,
 			tdata->aad.len, tdata->auth_tag.len,
-			tdata->iv.len,
-			RTE_CRYPTO_AUTH_OP_GENERATE);
+			tdata->iv.len);
 	if (retval < 0)
 		return retval;
 
@@ -5436,18 +5401,17 @@ test_AES_GCM_authenticated_decryption_sessionless(
 			rte_pktmbuf_tailroom(ut_params->ibuf));
 
 	/* Create GCM operation */
-	retval = create_gcm_operation(RTE_CRYPTO_CIPHER_OP_DECRYPT, tdata);
+	retval = create_gcm_operation(RTE_CRYPTO_AEAD_OP_DECRYPT, tdata);
 	if (retval < 0)
 		return retval;
 
 	/* Create GCM xforms */
 	memcpy(key, tdata->key.data, tdata->key.len);
 	retval = create_gcm_xforms(ut_params->op,
-			RTE_CRYPTO_CIPHER_OP_DECRYPT,
+			RTE_CRYPTO_AEAD_OP_DECRYPT,
 			key, tdata->key.len,
 			tdata->aad.len, tdata->auth_tag.len,
-			tdata->iv.len,
-			RTE_CRYPTO_AUTH_OP_VERIFY);
+			tdata->iv.len);
 	if (retval < 0)
 		return retval;
 
@@ -7137,7 +7101,7 @@ test_authenticated_decryption_fail_when_corruption(
 }
 
 static int
-create_gcm_operation_SGL(enum rte_crypto_cipher_operation op,
+create_gcm_operation_SGL(enum rte_crypto_aead_operation op,
 		const struct gcm_test_data *tdata,
 		void *digest_mem, uint64_t digest_phys)
 {
@@ -7156,18 +7120,18 @@ create_gcm_operation_SGL(enum rte_crypto_cipher_operation op,
 
 	struct rte_crypto_sym_op *sym_op = ut_params->op->sym;
 
-	sym_op->auth.digest.data = digest_mem;
+	sym_op->aead.digest.data = digest_mem;
 
-	TEST_ASSERT_NOT_NULL(sym_op->auth.digest.data,
+	TEST_ASSERT_NOT_NULL(sym_op->aead.digest.data,
 			"no room to append digest");
 
-	sym_op->auth.digest.phys_addr = digest_phys;
+	sym_op->aead.digest.phys_addr = digest_phys;
 
-	if (op == RTE_CRYPTO_CIPHER_OP_DECRYPT) {
-		rte_memcpy(sym_op->auth.digest.data, tdata->auth_tag.data,
+	if (op == RTE_CRYPTO_AEAD_OP_DECRYPT) {
+		rte_memcpy(sym_op->aead.digest.data, tdata->auth_tag.data,
 				auth_tag_len);
 		TEST_HEXDUMP(stdout, "digest:",
-				sym_op->auth.digest.data,
+				sym_op->aead.digest.data,
 				auth_tag_len);
 	}
 
@@ -7176,25 +7140,22 @@ create_gcm_operation_SGL(enum rte_crypto_cipher_operation op,
 
 	rte_memcpy(iv_ptr, tdata->iv.data, iv_len);
 
-	sym_op->auth.aad.data = (uint8_t *)rte_pktmbuf_prepend(
+	sym_op->aead.aad.data = (uint8_t *)rte_pktmbuf_prepend(
 			ut_params->ibuf, aad_len);
-	TEST_ASSERT_NOT_NULL(sym_op->auth.aad.data,
+	TEST_ASSERT_NOT_NULL(sym_op->aead.aad.data,
 			"no room to prepend aad");
-	sym_op->auth.aad.phys_addr = rte_pktmbuf_mtophys(
+	sym_op->aead.aad.phys_addr = rte_pktmbuf_mtophys(
 			ut_params->ibuf);
 
-	memset(sym_op->auth.aad.data, 0, aad_len);
-	rte_memcpy(sym_op->auth.aad.data, tdata->aad.data, aad_len);
+	memset(sym_op->aead.aad.data, 0, aad_len);
+	rte_memcpy(sym_op->aead.aad.data, tdata->aad.data, aad_len);
 
 	TEST_HEXDUMP(stdout, "iv:", iv_ptr, iv_len);
 	TEST_HEXDUMP(stdout, "aad:",
-			sym_op->auth.aad.data, aad_len);
+			sym_op->aead.aad.data, aad_len);
 
-	sym_op->cipher.data.length = tdata->plaintext.len;
-	sym_op->cipher.data.offset = aad_len;
-
-	sym_op->auth.data.offset = aad_len;
-	sym_op->auth.data.length = tdata->plaintext.len;
+	sym_op->aead.data.length = tdata->plaintext.len;
+	sym_op->aead.data.offset = aad_len;
 
 	return 0;
 }
@@ -7249,11 +7210,10 @@ test_AES_GCM_authenticated_encryption_SGL(const struct gcm_test_data *tdata,
 
 	/* Create GCM session */
 	retval = create_gcm_session(ts_params->valid_devs[0],
-			RTE_CRYPTO_CIPHER_OP_ENCRYPT,
+			RTE_CRYPTO_AEAD_OP_ENCRYPT,
 			tdata->key.data, tdata->key.len,
 			tdata->aad.len, tdata->auth_tag.len,
-			tdata->iv.len,
-			RTE_CRYPTO_AUTH_OP_GENERATE);
+			tdata->iv.len);
 	if (retval < 0)
 		return retval;
 
@@ -7379,7 +7339,7 @@ test_AES_GCM_authenticated_encryption_SGL(const struct gcm_test_data *tdata,
 	}
 
 	/* Create GCM opertaion */
-	retval = create_gcm_operation_SGL(RTE_CRYPTO_CIPHER_OP_ENCRYPT,
+	retval = create_gcm_operation_SGL(RTE_CRYPTO_AEAD_OP_ENCRYPT,
 			tdata, digest_mem, digest_phys);
 
 	if (retval < 0)
diff --git a/test/test/test_cryptodev_perf.c b/test/test/test_cryptodev_perf.c
index 3bd9351..557aba9 100644
--- a/test/test/test_cryptodev_perf.c
+++ b/test/test/test_cryptodev_perf.c
@@ -65,7 +65,8 @@ enum chain_mode {
 	CIPHER_HASH,
 	HASH_CIPHER,
 	CIPHER_ONLY,
-	HASH_ONLY
+	HASH_ONLY,
+	AEAD
 };
 
 
@@ -86,6 +87,7 @@ struct symmetric_op {
 struct symmetric_session_attrs {
 	enum rte_crypto_cipher_operation cipher;
 	enum rte_crypto_auth_operation auth;
+	enum rte_crypto_aead_operation aead;
 
 	enum rte_crypto_cipher_algorithm cipher_algorithm;
 	const uint8_t *key_cipher_data;
@@ -95,6 +97,10 @@ struct symmetric_session_attrs {
 	const uint8_t *key_auth_data;
 	uint32_t key_auth_len;
 
+	enum rte_crypto_aead_algorithm aead_algorithm;
+	const uint8_t *key_aead_data;
+	uint32_t key_aead_len;
+
 	const uint8_t *iv_data;
 	uint16_t iv_len;
 	uint16_t aad_len;
@@ -124,8 +130,9 @@ struct perf_test_params {
 	enum chain_mode chain;
 
 	enum rte_crypto_cipher_algorithm cipher_algo;
-	unsigned cipher_key_length;
+	unsigned int key_length;
 	enum rte_crypto_auth_algorithm auth_algo;
+	enum rte_crypto_aead_algorithm aead_algo;
 
 	struct symmetric_session_attrs *session_attrs;
 
@@ -157,7 +164,8 @@ static struct rte_cryptodev_sym_session *
 test_perf_create_openssl_session(uint8_t dev_id, enum chain_mode chain,
 		enum rte_crypto_cipher_algorithm cipher_algo,
 		unsigned int cipher_key_len,
-		enum rte_crypto_auth_algorithm auth_algo);
+		enum rte_crypto_auth_algorithm auth_algo,
+		enum rte_crypto_aead_algorithm aead_algo);
 static struct rte_cryptodev_sym_session *
 test_perf_create_armv8_session(uint8_t dev_id, enum chain_mode chain,
 		enum rte_crypto_cipher_algorithm cipher_algo,
@@ -191,6 +199,7 @@ static const char *chain_mode_name(enum chain_mode mode)
 	case HASH_CIPHER: return "hash_cipher"; break;
 	case CIPHER_ONLY: return "cipher_only"; break;
 	case HASH_ONLY: return "hash_only"; break;
+	case AEAD: return "aead"; break;
 	default: return ""; break;
 	}
 }
@@ -2085,7 +2094,7 @@ test_perf_snow3G_optimise_cyclecount(struct perf_test_params *pparams)
 	/* Create Crypto session*/
 	sess = test_perf_create_snow3g_session(ts_params->dev_id,
 			pparams->chain, pparams->cipher_algo,
-			pparams->cipher_key_length, pparams->auth_algo);
+			pparams->key_length, pparams->auth_algo);
 	TEST_ASSERT_NOT_NULL(sess, "Session creation failed");
 
 	/* Generate Crypto op data structure(s)*/
@@ -2106,7 +2115,16 @@ test_perf_snow3G_optimise_cyclecount(struct perf_test_params *pparams)
 		c_ops[i] = op;
 	}
 
-	printf("\nOn %s dev%u qp%u, %s, cipher algo:%s, auth_algo:%s, "
+	if (pparams->chain == AEAD)
+		printf("\nOn %s dev%u qp%u, %s, aead algo:%s, "
+			"Packet Size %u bytes",
+			pmd_name(gbl_cryptodev_perftest_devtype),
+			ts_params->dev_id, 0,
+			chain_mode_name(pparams->chain),
+			rte_crypto_aead_algorithm_strings[pparams->aead_algo],
+			pparams->buf_size);
+	else
+		printf("\nOn %s dev%u qp%u, %s, cipher algo:%s, auth_algo:%s, "
 			"Packet Size %u bytes",
 			pmd_name(gbl_cryptodev_perftest_devtype),
 			ts_params->dev_id, 0,
@@ -2196,14 +2214,14 @@ test_perf_snow3G_vary_burst_size(void)
 			{
 					.chain = CIPHER_ONLY,
 					.cipher_algo  = RTE_CRYPTO_CIPHER_SNOW3G_UEA2,
-					.cipher_key_length = 16,
+					.key_length = 16,
 					.auth_algo  = RTE_CRYPTO_AUTH_NULL,
 			},
 			{
 					.chain = HASH_ONLY,
 					.cipher_algo = RTE_CRYPTO_CIPHER_NULL,
 					.auth_algo  = RTE_CRYPTO_AUTH_SNOW3G_UIA2,
-					.cipher_key_length = 16
+					.key_length = 16
 			},
 	};
 
@@ -2260,7 +2278,8 @@ test_perf_openssl_optimise_cyclecount(struct perf_test_params *pparams)
 	/* Create Crypto session*/
 	sess = test_perf_create_openssl_session(ts_params->dev_id,
 			pparams->chain, pparams->cipher_algo,
-			pparams->cipher_key_length, pparams->auth_algo);
+			pparams->key_length, pparams->auth_algo,
+			pparams->aead_algo);
 	TEST_ASSERT_NOT_NULL(sess, "Session creation failed");
 
 	/* Generate Crypto op data structure(s)*/
@@ -2275,21 +2294,22 @@ test_perf_openssl_optimise_cyclecount(struct perf_test_params *pparams)
 						RTE_CRYPTO_OP_TYPE_SYMMETRIC);
 		TEST_ASSERT_NOT_NULL(op, "Failed to allocate op");
 
-		switch (pparams->cipher_algo) {
-		case RTE_CRYPTO_CIPHER_3DES_CBC:
-		case RTE_CRYPTO_CIPHER_3DES_CTR:
-			test_perf_set_crypto_op = test_perf_set_crypto_op_3des;
-			break;
-		case RTE_CRYPTO_CIPHER_AES_CBC:
-		case RTE_CRYPTO_CIPHER_AES_CTR:
-			test_perf_set_crypto_op = test_perf_set_crypto_op_aes;
-			break;
-		case RTE_CRYPTO_CIPHER_AES_GCM:
+		if (pparams->chain == AEAD)
 			test_perf_set_crypto_op =
 						test_perf_set_crypto_op_aes_gcm;
-			break;
-		default:
-			return TEST_FAILED;
+		else {
+			switch (pparams->cipher_algo) {
+			case RTE_CRYPTO_CIPHER_3DES_CBC:
+			case RTE_CRYPTO_CIPHER_3DES_CTR:
+				test_perf_set_crypto_op = test_perf_set_crypto_op_3des;
+				break;
+			case RTE_CRYPTO_CIPHER_AES_CBC:
+			case RTE_CRYPTO_CIPHER_AES_CTR:
+				test_perf_set_crypto_op = test_perf_set_crypto_op_aes;
+				break;
+			default:
+				return TEST_FAILED;
+			}
 		}
 
 		op = test_perf_set_crypto_op(op, m, sess, pparams->buf_size,
@@ -2299,14 +2319,24 @@ test_perf_openssl_optimise_cyclecount(struct perf_test_params *pparams)
 		c_ops[i] = op;
 	}
 
-	printf("\nOn %s dev%u qp%u, %s, cipher algo:%s, cipher key length:%u, "
-			"auth_algo:%s, Packet Size %u bytes",
+	if (pparams->chain == AEAD)
+		printf("\nOn %s dev%u qp%u, %s, aead_algo:%s, "
+			"key length:%u, Packet Size %u bytes",
+			pmd_name(gbl_cryptodev_perftest_devtype),
+			ts_params->dev_id, 0,
+			chain_mode_name(pparams->chain),
+			rte_crypto_aead_algorithm_strings[pparams->aead_algo],
+			pparams->key_length,
+			pparams->buf_size);
+	else
+		printf("\nOn %s dev%u qp%u, %s, cipher algo:%s, auth_algo:%s, "
+			"key length:%u, Packet Size %u bytes",
 			pmd_name(gbl_cryptodev_perftest_devtype),
 			ts_params->dev_id, 0,
 			chain_mode_name(pparams->chain),
 			rte_crypto_cipher_algorithm_strings[pparams->cipher_algo],
-			pparams->cipher_key_length,
 			rte_crypto_auth_algorithm_strings[pparams->auth_algo],
+			pparams->key_length,
 			pparams->buf_size);
 	printf("\nOps Tx\tOps Rx\tOps/burst  ");
 	printf("Retries  EmptyPolls\tIACycles/CyOp\tIACycles/Burst\t"
@@ -2410,7 +2440,7 @@ test_perf_armv8_optimise_cyclecount(struct perf_test_params *pparams)
 	/* Create Crypto session*/
 	sess = test_perf_create_armv8_session(ts_params->dev_id,
 			pparams->chain, pparams->cipher_algo,
-			pparams->cipher_key_length, pparams->auth_algo);
+			pparams->key_length, pparams->auth_algo);
 	TEST_ASSERT_NOT_NULL(sess, "Session creation failed");
 
 	/* Generate Crypto op data structure(s)*/
@@ -2438,7 +2468,7 @@ test_perf_armv8_optimise_cyclecount(struct perf_test_params *pparams)
 			ts_params->dev_id, 0,
 			chain_mode_name(pparams->chain),
 			rte_crypto_cipher_algorithm_strings[pparams->cipher_algo],
-			pparams->cipher_key_length,
+			pparams->key_length,
 			rte_crypto_auth_algorithm_strings[pparams->auth_algo],
 			pparams->buf_size);
 	printf("\nOps Tx\tOps Rx\tOps/burst  ");
@@ -2532,8 +2562,6 @@ static uint32_t get_auth_key_max_length(enum rte_crypto_auth_algorithm algo)
 		return 128;
 	case RTE_CRYPTO_AUTH_SHA512_HMAC:
 		return 128;
-	case RTE_CRYPTO_AUTH_AES_GCM:
-		return 0;
 	default:
 		return 0;
 	}
@@ -2554,7 +2582,15 @@ static uint32_t get_auth_digest_length(enum rte_crypto_auth_algorithm algo)
 		return TRUNCATED_DIGEST_BYTE_LENGTH_SHA384;
 	case RTE_CRYPTO_AUTH_SHA512_HMAC:
 		return TRUNCATED_DIGEST_BYTE_LENGTH_SHA512;
-	case RTE_CRYPTO_AUTH_AES_GCM:
+	default:
+		return 0;
+	}
+}
+
+static uint32_t get_aead_digest_length(enum rte_crypto_aead_algorithm algo)
+{
+	switch (algo) {
+	case RTE_CRYPTO_AEAD_AES_GCM:
 		return DIGEST_BYTE_LENGTH_AES_GCM;
 	default:
 		return 0;
@@ -2732,55 +2768,73 @@ test_perf_create_snow3g_session(uint8_t dev_id, enum chain_mode chain,
 static struct rte_cryptodev_sym_session *
 test_perf_create_openssl_session(uint8_t dev_id, enum chain_mode chain,
 		enum rte_crypto_cipher_algorithm cipher_algo,
-		unsigned int cipher_key_len,
-		enum rte_crypto_auth_algorithm auth_algo)
+		unsigned int key_len,
+		enum rte_crypto_auth_algorithm auth_algo,
+		enum rte_crypto_aead_algorithm aead_algo)
 {
 	struct rte_crypto_sym_xform cipher_xform = { 0 };
 	struct rte_crypto_sym_xform auth_xform = { 0 };
+	struct rte_crypto_sym_xform aead_xform = { 0 };
 
-	/* Setup Cipher Parameters */
-	cipher_xform.type = RTE_CRYPTO_SYM_XFORM_CIPHER;
-	cipher_xform.cipher.algo = cipher_algo;
-	cipher_xform.cipher.iv.offset = IV_OFFSET;
-	cipher_xform.cipher.op = RTE_CRYPTO_CIPHER_OP_ENCRYPT;
+	if (chain == CIPHER_HASH || chain == HASH_CIPHER) {
+		/* Setup Cipher Parameters */
+		cipher_xform.type = RTE_CRYPTO_SYM_XFORM_CIPHER;
+		cipher_xform.cipher.algo = cipher_algo;
+		cipher_xform.cipher.iv.offset = IV_OFFSET;
+		cipher_xform.cipher.op = RTE_CRYPTO_CIPHER_OP_ENCRYPT;
 
-	switch (cipher_algo) {
-	case RTE_CRYPTO_CIPHER_3DES_CBC:
-	case RTE_CRYPTO_CIPHER_3DES_CTR:
-		cipher_xform.cipher.key.data = triple_des_key;
-		cipher_xform.cipher.iv.length = TRIPLE_DES_CIPHER_IV_LENGTH;
-		break;
-	case RTE_CRYPTO_CIPHER_AES_CBC:
-	case RTE_CRYPTO_CIPHER_AES_CTR:
-	case RTE_CRYPTO_CIPHER_AES_GCM:
-		cipher_xform.cipher.key.data = aes_key;
-		cipher_xform.cipher.iv.length = AES_CIPHER_IV_LENGTH;
-		break;
-	default:
-		return NULL;
-	}
+		switch (cipher_algo) {
+		case RTE_CRYPTO_CIPHER_3DES_CBC:
+		case RTE_CRYPTO_CIPHER_3DES_CTR:
+			cipher_xform.cipher.key.data = triple_des_key;
+			cipher_xform.cipher.iv.length = TRIPLE_DES_CIPHER_IV_LENGTH;
+			break;
+		case RTE_CRYPTO_CIPHER_AES_CBC:
+		case RTE_CRYPTO_CIPHER_AES_CTR:
+			cipher_xform.cipher.key.data = aes_key;
+			cipher_xform.cipher.iv.length = AES_CIPHER_IV_LENGTH;
+			break;
+		default:
+			return NULL;
+		}
 
-	cipher_xform.cipher.key.length = cipher_key_len;
+		cipher_xform.cipher.key.length = key_len;
 
-	/* Setup Auth Parameters */
-	auth_xform.type = RTE_CRYPTO_SYM_XFORM_AUTH;
-	auth_xform.auth.op = RTE_CRYPTO_AUTH_OP_GENERATE;
-	auth_xform.auth.algo = auth_algo;
+		/* Setup Auth Parameters */
+		auth_xform.type = RTE_CRYPTO_SYM_XFORM_AUTH;
+		auth_xform.auth.op = RTE_CRYPTO_AUTH_OP_GENERATE;
+		auth_xform.auth.algo = auth_algo;
 
-	switch (auth_algo) {
-	case RTE_CRYPTO_AUTH_SHA1_HMAC:
-		auth_xform.auth.key.data = hmac_sha_key;
-		break;
-	case RTE_CRYPTO_AUTH_AES_GCM:
-		auth_xform.auth.key.data = NULL;
-		auth_xform.auth.add_auth_data_length = AES_GCM_AAD_LENGTH;
-		break;
-	default:
-		return NULL;
-	}
+		switch (auth_algo) {
+		case RTE_CRYPTO_AUTH_SHA1_HMAC:
+			auth_xform.auth.key.data = hmac_sha_key;
+			break;
+		default:
+			return NULL;
+		}
 
-	auth_xform.auth.key.length =  get_auth_key_max_length(auth_algo);
-	auth_xform.auth.digest_length = get_auth_digest_length(auth_algo);
+		auth_xform.auth.key.length =  get_auth_key_max_length(auth_algo);
+		auth_xform.auth.digest_length = get_auth_digest_length(auth_algo);
+	} else if (chain == AEAD) {
+		/* Setup AEAD Parameters */
+		aead_xform.type = RTE_CRYPTO_SYM_XFORM_AEAD;
+		aead_xform.aead.op = RTE_CRYPTO_AEAD_OP_ENCRYPT;
+		aead_xform.aead.algo = aead_algo;
+		aead_xform.aead.iv.offset = IV_OFFSET;
+
+		switch (aead_algo) {
+		case RTE_CRYPTO_AEAD_AES_GCM:
+			aead_xform.aead.key.data = aes_key;
+			aead_xform.aead.iv.length = AES_CIPHER_IV_LENGTH;
+			aead_xform.aead.add_auth_data_length = AES_GCM_AAD_LENGTH;
+			aead_xform.aead.digest_length = get_aead_digest_length(aead_algo);
+			break;
+		default:
+			return NULL;
+		}
+
+		aead_xform.aead.key.length = key_len;
+	}
 
 	switch (chain) {
 	case CIPHER_HASH:
@@ -2793,6 +2847,9 @@ test_perf_create_openssl_session(uint8_t dev_id, enum chain_mode chain,
 		cipher_xform.next = NULL;
 		/* Create Crypto session*/
 		return rte_cryptodev_sym_session_create(dev_id,	&auth_xform);
+	case AEAD:
+		/* Create Crypto session*/
+		return rte_cryptodev_sym_session_create(dev_id,	&aead_xform);
 	default:
 		return NULL;
 	}
@@ -2916,22 +2973,19 @@ test_perf_set_crypto_op_aes_gcm(struct rte_crypto_op *op, struct rte_mbuf *m,
 	}
 
 	/* Authentication Parameters */
-	op->sym->auth.digest.data = (uint8_t *)m->buf_addr +
+	op->sym->aead.digest.data = (uint8_t *)m->buf_addr +
 					(m->data_off + data_len);
-	op->sym->auth.digest.phys_addr =
+	op->sym->aead.digest.phys_addr =
 				rte_pktmbuf_mtophys_offset(m, data_len);
-	op->sym->auth.aad.data = aes_gcm_aad;
+	op->sym->aead.aad.data = aes_gcm_aad;
 
 	/* Copy IV at the end of the crypto operation */
 	rte_memcpy(rte_crypto_op_ctod_offset(op, uint8_t *, IV_OFFSET),
 			aes_iv, AES_CIPHER_IV_LENGTH);
 
 	/* Data lengths/offsets Parameters */
-	op->sym->auth.data.offset = 0;
-	op->sym->auth.data.length = data_len;
-
-	op->sym->cipher.data.offset = 0;
-	op->sym->cipher.data.length = data_len;
+	op->sym->aead.data.offset = 0;
+	op->sym->aead.data.length = data_len;
 
 	op->sym->m_src = m;
 
@@ -3102,7 +3156,7 @@ test_perf_aes_sha(uint8_t dev_id, uint16_t queue_id,
 	/* Create Crypto session*/
 	sess = test_perf_create_aes_sha_session(ts_params->dev_id,
 			pparams->chain, pparams->cipher_algo,
-			pparams->cipher_key_length, pparams->auth_algo);
+			pparams->key_length, pparams->auth_algo);
 	TEST_ASSERT_NOT_NULL(sess, "Session creation failed");
 
 	/* Generate a burst of crypto operations */
@@ -3235,7 +3289,7 @@ test_perf_snow3g(uint8_t dev_id, uint16_t queue_id,
 	/* Create Crypto session*/
 	sess = test_perf_create_snow3g_session(ts_params->dev_id,
 			pparams->chain, pparams->cipher_algo,
-			pparams->cipher_key_length, pparams->auth_algo);
+			pparams->key_length, pparams->auth_algo);
 	TEST_ASSERT_NOT_NULL(sess, "Session creation failed");
 
 	/* Generate a burst of crypto operations */
@@ -3394,20 +3448,22 @@ test_perf_openssl(uint8_t dev_id, uint16_t queue_id,
 					unsigned int,
 					enum chain_mode);
 
-	switch (pparams->cipher_algo) {
-	case RTE_CRYPTO_CIPHER_3DES_CBC:
-	case RTE_CRYPTO_CIPHER_3DES_CTR:
-		test_perf_set_crypto_op = test_perf_set_crypto_op_3des;
-		break;
-	case RTE_CRYPTO_CIPHER_AES_CBC:
-	case RTE_CRYPTO_CIPHER_AES_CTR:
-		test_perf_set_crypto_op = test_perf_set_crypto_op_aes;
-		break;
-	case RTE_CRYPTO_CIPHER_AES_GCM:
-		test_perf_set_crypto_op = test_perf_set_crypto_op_aes_gcm;
-		break;
-	default:
-		return TEST_FAILED;
+	if (pparams->chain == AEAD)
+		test_perf_set_crypto_op =
+					test_perf_set_crypto_op_aes_gcm;
+	else {
+		switch (pparams->cipher_algo) {
+		case RTE_CRYPTO_CIPHER_3DES_CBC:
+		case RTE_CRYPTO_CIPHER_3DES_CTR:
+			test_perf_set_crypto_op = test_perf_set_crypto_op_3des;
+			break;
+		case RTE_CRYPTO_CIPHER_AES_CBC:
+		case RTE_CRYPTO_CIPHER_AES_CTR:
+			test_perf_set_crypto_op = test_perf_set_crypto_op_aes;
+			break;
+		default:
+			return TEST_FAILED;
+		}
 	}
 
 	if (rte_cryptodev_count() == 0) {
@@ -3418,7 +3474,8 @@ test_perf_openssl(uint8_t dev_id, uint16_t queue_id,
 	/* Create Crypto session*/
 	sess = test_perf_create_openssl_session(ts_params->dev_id,
 			pparams->chain, pparams->cipher_algo,
-			pparams->cipher_key_length, pparams->auth_algo);
+			pparams->key_length, pparams->auth_algo,
+			pparams->aead_algo);
 	TEST_ASSERT_NOT_NULL(sess, "Session creation failed");
 
 	/* Generate a burst of crypto operations */
@@ -3548,7 +3605,7 @@ test_perf_armv8(uint8_t dev_id, uint16_t queue_id,
 	/* Create Crypto session*/
 	sess = test_perf_create_armv8_session(ts_params->dev_id,
 			pparams->chain, pparams->cipher_algo,
-			pparams->cipher_key_length, pparams->auth_algo);
+			pparams->key_length, pparams->auth_algo);
 	TEST_ASSERT_NOT_NULL(sess, "Session creation failed");
 
 	/* Generate a burst of crypto operations */
@@ -3674,48 +3731,48 @@ test_perf_aes_cbc_encrypt_digest_vary_pkt_size(void)
 		{
 			.chain = CIPHER_ONLY,
 			.cipher_algo  = RTE_CRYPTO_CIPHER_AES_CBC,
-			.cipher_key_length = 16,
+			.key_length = 16,
 			.auth_algo = RTE_CRYPTO_AUTH_NULL
 		},
 		{
 			.chain = CIPHER_HASH,
 			.cipher_algo  = RTE_CRYPTO_CIPHER_AES_CBC,
-			.cipher_key_length = 16,
+			.key_length = 16,
 			.auth_algo = RTE_CRYPTO_AUTH_SHA1_HMAC
 		},
 		{
 			.chain = CIPHER_HASH,
 
 			.cipher_algo  = RTE_CRYPTO_CIPHER_AES_CBC,
-			.cipher_key_length = 16,
+			.key_length = 16,
 			.auth_algo = RTE_CRYPTO_AUTH_SHA256_HMAC
 		},
 		{
 			.chain = CIPHER_HASH,
 
 			.cipher_algo  = RTE_CRYPTO_CIPHER_AES_CBC,
-			.cipher_key_length = 16,
+			.key_length = 16,
 			.auth_algo = RTE_CRYPTO_AUTH_SHA512_HMAC
 		},
 		{
 			.chain = CIPHER_HASH,
 
 			.cipher_algo  = RTE_CRYPTO_CIPHER_AES_CBC,
-			.cipher_key_length = 32,
+			.key_length = 32,
 			.auth_algo = RTE_CRYPTO_AUTH_SHA1_HMAC
 		},
 		{
 			.chain = CIPHER_HASH,
 
 			.cipher_algo  = RTE_CRYPTO_CIPHER_AES_CBC,
-			.cipher_key_length = 32,
+			.key_length = 32,
 			.auth_algo = RTE_CRYPTO_AUTH_SHA256_HMAC
 		},
 		{
 			.chain = CIPHER_HASH,
 
 			.cipher_algo  = RTE_CRYPTO_CIPHER_AES_CBC,
-			.cipher_key_length = 32,
+			.key_length = 32,
 			.auth_algo = RTE_CRYPTO_AUTH_SHA512_HMAC
 		},
 	};
@@ -3729,7 +3786,7 @@ test_perf_aes_cbc_encrypt_digest_vary_pkt_size(void)
 			chain_mode_name(params_set[i].chain),
 			rte_crypto_cipher_algorithm_strings[params_set[i].cipher_algo],
 			rte_crypto_auth_algorithm_strings[params_set[i].auth_algo],
-			params_set[i].cipher_key_length,
+			params_set[i].key_length,
 			burst_size);
 		printf("\nBuffer Size(B)\tOPS(M)\tThroughput(Gbps)\t"
 			"Retries\tEmptyPolls\n");
@@ -3755,14 +3812,14 @@ test_perf_snow3G_vary_pkt_size(void)
 		{
 			.chain = CIPHER_ONLY,
 			.cipher_algo  = RTE_CRYPTO_CIPHER_SNOW3G_UEA2,
-			.cipher_key_length = 16,
+			.key_length = 16,
 			.auth_algo  = RTE_CRYPTO_AUTH_NULL,
 		},
 		{
 			.chain = HASH_ONLY,
 			.cipher_algo = RTE_CRYPTO_CIPHER_NULL,
 			.auth_algo  = RTE_CRYPTO_AUTH_SNOW3G_UIA2,
-			.cipher_key_length = 16
+			.key_length = 16
 		},
 	};
 
@@ -3817,63 +3874,77 @@ test_perf_openssl_vary_pkt_size(void)
 			.chain = CIPHER_HASH,
 
 			.cipher_algo  = RTE_CRYPTO_CIPHER_3DES_CBC,
-			.cipher_key_length = 16,
+			.key_length = 16,
 			.auth_algo = RTE_CRYPTO_AUTH_SHA1_HMAC
 		},
 		{
 			.chain = CIPHER_HASH,
 
 			.cipher_algo  = RTE_CRYPTO_CIPHER_3DES_CBC,
-			.cipher_key_length = 24,
+			.key_length = 24,
 			.auth_algo = RTE_CRYPTO_AUTH_SHA1_HMAC
 		},
 		{
 			.chain = CIPHER_HASH,
 
 			.cipher_algo  = RTE_CRYPTO_CIPHER_AES_CTR,
-			.cipher_key_length = 16,
+			.key_length = 16,
 			.auth_algo = RTE_CRYPTO_AUTH_SHA1_HMAC
 		},
 		{
 			.chain = CIPHER_HASH,
 
 			.cipher_algo  = RTE_CRYPTO_CIPHER_AES_CTR,
-			.cipher_key_length = 32,
+			.key_length = 32,
 			.auth_algo = RTE_CRYPTO_AUTH_SHA1_HMAC
 		},
 		{
 			.chain = CIPHER_HASH,
 
 			.cipher_algo  = RTE_CRYPTO_CIPHER_3DES_CTR,
-			.cipher_key_length = 16,
+			.key_length = 16,
 			.auth_algo = RTE_CRYPTO_AUTH_SHA1_HMAC
 		},
 		{
 			.chain = CIPHER_HASH,
 
 			.cipher_algo  = RTE_CRYPTO_CIPHER_3DES_CTR,
-			.cipher_key_length = 24,
+			.key_length = 24,
 			.auth_algo = RTE_CRYPTO_AUTH_SHA1_HMAC
 		},
 		{
-			.chain = CIPHER_HASH,
+			.chain = AEAD,
 
-			.cipher_algo  = RTE_CRYPTO_CIPHER_AES_GCM,
-			.cipher_key_length = 16,
-			.auth_algo = RTE_CRYPTO_AUTH_AES_GCM
+			.aead_algo  = RTE_CRYPTO_AEAD_AES_GCM,
+			.key_length = 16,
 		},
 	};
 
 	for (i = 0; i < RTE_DIM(params_set); i++) {
 		params_set[i].total_operations = total_operations;
 		params_set[i].burst_size = burst_size;
-		printf("\n%s. cipher algo: %s auth algo: %s cipher key size=%u."
-			" burst_size: %d ops\n",
-			chain_mode_name(params_set[i].chain),
-			rte_crypto_cipher_algorithm_strings[params_set[i].cipher_algo],
-			rte_crypto_auth_algorithm_strings[params_set[i].auth_algo],
-			params_set[i].cipher_key_length,
-			burst_size);
+		if (params_set[i].chain == AEAD) {
+			enum rte_crypto_aead_algorithm aead_algo =
+				params_set[i].aead_algo;
+			printf("\n%s. aead algo: %s  key size=%u."
+				" burst_size: %d ops\n",
+				chain_mode_name(params_set[i].chain),
+				rte_crypto_aead_algorithm_strings[aead_algo],
+				params_set[i].key_length,
+				burst_size);
+		} else {
+			enum rte_crypto_cipher_algorithm cipher_algo =
+				params_set[i].cipher_algo;
+			enum rte_crypto_auth_algorithm auth_algo =
+				params_set[i].auth_algo;
+			printf("\n%s. cipher algo: %s auth algo: %s key size=%u."
+				" burst_size: %d ops\n",
+				chain_mode_name(params_set[i].chain),
+				rte_crypto_cipher_algorithm_strings[cipher_algo],
+				rte_crypto_auth_algorithm_strings[auth_algo],
+				params_set[i].key_length,
+				burst_size);
+		}
 		printf("\nBuffer Size(B)\tOPS(M)\tThroughput(Gbps)\tRetries\t"
 				"EmptyPolls\n");
 		for (j = 0; j < RTE_DIM(buf_lengths); j++) {
@@ -3898,50 +3969,49 @@ test_perf_openssl_vary_burst_size(void)
 			.chain = CIPHER_HASH,
 
 			.cipher_algo  = RTE_CRYPTO_CIPHER_3DES_CBC,
-			.cipher_key_length = 16,
+			.key_length = 16,
 			.auth_algo = RTE_CRYPTO_AUTH_SHA1_HMAC
 		},
 		{
 			.chain = CIPHER_HASH,
 
 			.cipher_algo  = RTE_CRYPTO_CIPHER_3DES_CBC,
-			.cipher_key_length = 24,
+			.key_length = 24,
 			.auth_algo = RTE_CRYPTO_AUTH_SHA1_HMAC
 		},
 		{
 			.chain = CIPHER_HASH,
 
 			.cipher_algo  = RTE_CRYPTO_CIPHER_AES_CTR,
-			.cipher_key_length = 16,
+			.key_length = 16,
 			.auth_algo = RTE_CRYPTO_AUTH_SHA1_HMAC
 		},
 		{
 			.chain = CIPHER_HASH,
 
 			.cipher_algo  = RTE_CRYPTO_CIPHER_AES_CTR,
-			.cipher_key_length = 32,
+			.key_length = 32,
 			.auth_algo = RTE_CRYPTO_AUTH_SHA1_HMAC
 		},
 		{
 			.chain = CIPHER_HASH,
 
 			.cipher_algo  = RTE_CRYPTO_CIPHER_3DES_CTR,
-			.cipher_key_length = 16,
+			.key_length = 16,
 			.auth_algo = RTE_CRYPTO_AUTH_SHA1_HMAC
 		},
 		{
 			.chain = CIPHER_HASH,
 
 			.cipher_algo  = RTE_CRYPTO_CIPHER_3DES_CTR,
-			.cipher_key_length = 24,
+			.key_length = 24,
 			.auth_algo = RTE_CRYPTO_AUTH_SHA1_HMAC
 		},
 		{
-			.chain = CIPHER_HASH,
+			.chain = AEAD,
 
-			.cipher_algo  = RTE_CRYPTO_CIPHER_AES_GCM,
-			.cipher_key_length = 16,
-			.auth_algo = RTE_CRYPTO_AUTH_AES_GCM
+			.aead_algo  = RTE_CRYPTO_AEAD_AES_GCM,
+			.key_length = 16,
 		},
 	};
 
@@ -3978,28 +4048,28 @@ test_perf_armv8_vary_pkt_size(void)
 			.chain = CIPHER_HASH,
 
 			.cipher_algo  = RTE_CRYPTO_CIPHER_AES_CBC,
-			.cipher_key_length = 16,
+			.key_length = 16,
 			.auth_algo = RTE_CRYPTO_AUTH_SHA1_HMAC
 		},
 		{
 			.chain = HASH_CIPHER,
 
 			.cipher_algo  = RTE_CRYPTO_CIPHER_AES_CBC,
-			.cipher_key_length = 16,
+			.key_length = 16,
 			.auth_algo = RTE_CRYPTO_AUTH_SHA1_HMAC
 		},
 		{
 			.chain = CIPHER_HASH,
 
 			.cipher_algo  = RTE_CRYPTO_CIPHER_AES_CBC,
-			.cipher_key_length = 16,
+			.key_length = 16,
 			.auth_algo = RTE_CRYPTO_AUTH_SHA256_HMAC
 		},
 		{
 			.chain = HASH_CIPHER,
 
 			.cipher_algo  = RTE_CRYPTO_CIPHER_AES_CBC,
-			.cipher_key_length = 16,
+			.key_length = 16,
 			.auth_algo = RTE_CRYPTO_AUTH_SHA256_HMAC
 		},
 	};
@@ -4012,7 +4082,7 @@ test_perf_armv8_vary_pkt_size(void)
 			chain_mode_name(params_set[i].chain),
 			rte_crypto_cipher_algorithm_strings[params_set[i].cipher_algo],
 			rte_crypto_auth_algorithm_strings[params_set[i].auth_algo],
-			params_set[i].cipher_key_length,
+			params_set[i].key_length,
 			burst_size);
 		printf("\nBuffer Size(B)\tOPS(M)\tThroughput(Gbps)\tRetries\t"
 				"EmptyPolls\n");
@@ -4038,28 +4108,28 @@ test_perf_armv8_vary_burst_size(void)
 			.chain = CIPHER_HASH,
 
 			.cipher_algo  = RTE_CRYPTO_CIPHER_AES_CBC,
-			.cipher_key_length = 16,
+			.key_length = 16,
 			.auth_algo = RTE_CRYPTO_AUTH_SHA1_HMAC
 		},
 		{
 			.chain = HASH_CIPHER,
 
 			.cipher_algo  = RTE_CRYPTO_CIPHER_AES_CBC,
-			.cipher_key_length = 16,
+			.key_length = 16,
 			.auth_algo = RTE_CRYPTO_AUTH_SHA1_HMAC
 		},
 		{
 			.chain = CIPHER_HASH,
 
 			.cipher_algo  = RTE_CRYPTO_CIPHER_AES_CBC,
-			.cipher_key_length = 16,
+			.key_length = 16,
 			.auth_algo = RTE_CRYPTO_AUTH_SHA256_HMAC
 		},
 		{
 			.chain = HASH_CIPHER,
 
 			.cipher_algo  = RTE_CRYPTO_CIPHER_AES_CBC,
-			.cipher_key_length = 16,
+			.key_length = 16,
 			.auth_algo = RTE_CRYPTO_AUTH_SHA256_HMAC
 		},
 	};
@@ -4094,48 +4164,26 @@ static struct rte_cryptodev_sym_session *
 test_perf_create_session(uint8_t dev_id, struct perf_test_params *pparams)
 {
 	static struct rte_cryptodev_sym_session *sess;
-	struct rte_crypto_sym_xform cipher_xform = { 0 };
-	struct rte_crypto_sym_xform auth_xform = { 0 };
-
-	uint8_t cipher_key[pparams->session_attrs->key_cipher_len];
-	uint8_t auth_key[pparams->session_attrs->key_auth_len];
-
-	memcpy(cipher_key, pparams->session_attrs->key_cipher_data,
-		 pparams->session_attrs->key_cipher_len);
-	memcpy(auth_key, pparams->session_attrs->key_auth_data,
-		 pparams->session_attrs->key_auth_len);
-
-	cipher_xform.type = RTE_CRYPTO_SYM_XFORM_CIPHER;
-	cipher_xform.next = NULL;
-
-	cipher_xform.cipher.algo = pparams->session_attrs->cipher_algorithm;
-	cipher_xform.cipher.op = pparams->session_attrs->cipher;
-	cipher_xform.cipher.key.data = cipher_key;
-	cipher_xform.cipher.key.length = pparams->session_attrs->key_cipher_len;
-	cipher_xform.cipher.iv.length = pparams->session_attrs->iv_len;
-	cipher_xform.cipher.iv.offset = IV_OFFSET;
+	struct rte_crypto_sym_xform aead_xform = { 0 };
 
-	auth_xform.type = RTE_CRYPTO_SYM_XFORM_AUTH;
-	auth_xform.next = NULL;
+	uint8_t aead_key[pparams->session_attrs->key_aead_len];
 
-	auth_xform.auth.op = pparams->session_attrs->auth;
-	auth_xform.auth.algo = pparams->session_attrs->auth_algorithm;
+	memcpy(aead_key, pparams->session_attrs->key_aead_data,
+		 pparams->session_attrs->key_aead_len);
 
-	auth_xform.auth.add_auth_data_length = pparams->session_attrs->aad_len;
-	auth_xform.auth.digest_length = pparams->session_attrs->digest_len;
-	auth_xform.auth.key.length = pparams->session_attrs->key_auth_len;
+	aead_xform.type = RTE_CRYPTO_SYM_XFORM_AEAD;
+	aead_xform.next = NULL;
 
+	aead_xform.aead.algo = pparams->session_attrs->aead_algorithm;
+	aead_xform.aead.op = pparams->session_attrs->aead;
+	aead_xform.aead.key.data = aead_key;
+	aead_xform.aead.key.length = pparams->session_attrs->key_aead_len;
+	aead_xform.aead.iv.length = pparams->session_attrs->iv_len;
+	aead_xform.aead.iv.offset = IV_OFFSET;
+	aead_xform.aead.add_auth_data_length = pparams->session_attrs->aad_len;
+	aead_xform.aead.digest_length = pparams->session_attrs->digest_len;
 
-	cipher_xform.cipher.op = RTE_CRYPTO_CIPHER_OP_ENCRYPT;
-	if (cipher_xform.cipher.op == RTE_CRYPTO_CIPHER_OP_ENCRYPT) {
-		cipher_xform.next = &auth_xform;
-		sess = rte_cryptodev_sym_session_create(dev_id,
-				&cipher_xform);
-	} else {
-		auth_xform.next = &cipher_xform;
-		sess = rte_cryptodev_sym_session_create(dev_id,
-				&auth_xform);
-	}
+	sess = rte_cryptodev_sym_session_create(dev_id,	&aead_xform);
 
 	return sess;
 }
@@ -4154,17 +4202,17 @@ perf_gcm_set_crypto_op(struct rte_crypto_op *op, struct rte_mbuf *m,
 		return NULL;
 	}
 
-	op->sym->auth.digest.data = m_hlp->digest;
-	op->sym->auth.digest.phys_addr = rte_pktmbuf_mtophys_offset(
+	op->sym->aead.digest.data = m_hlp->digest;
+	op->sym->aead.digest.phys_addr = rte_pktmbuf_mtophys_offset(
 					  m,
 					  params->session_attrs->aad_len +
 					  params->symmetric_op->p_len);
 
 
-	op->sym->auth.aad.data = m_hlp->aad;
-	op->sym->auth.aad.phys_addr = rte_pktmbuf_mtophys(m);
+	op->sym->aead.aad.data = m_hlp->aad;
+	op->sym->aead.aad.phys_addr = rte_pktmbuf_mtophys(m);
 
-	rte_memcpy(op->sym->auth.aad.data, params->symmetric_op->aad_data,
+	rte_memcpy(op->sym->aead.aad.data, params->symmetric_op->aad_data,
 		       params->session_attrs->aad_len);
 
 	rte_memcpy(iv_ptr, params->session_attrs->iv_data,
@@ -4172,13 +4220,9 @@ perf_gcm_set_crypto_op(struct rte_crypto_op *op, struct rte_mbuf *m,
 	if (params->session_attrs->iv_len == 12)
 		iv_ptr[15] = 1;
 
-	op->sym->auth.data.offset =
-			params->session_attrs->aad_len;
-	op->sym->auth.data.length = params->symmetric_op->p_len;
-
-	op->sym->cipher.data.offset =
+	op->sym->aead.data.offset =
 			params->session_attrs->aad_len;
-	op->sym->cipher.data.length = params->symmetric_op->p_len;
+	op->sym->aead.data.length = params->symmetric_op->p_len;
 
 	op->sym->m_src = m;
 
@@ -4392,20 +4436,14 @@ test_perf_AES_GCM(int continual_buf_len, int continual_size)
 
 		gcm_test = gcm_tests[i];
 
-		session_attrs[i].cipher =
-				RTE_CRYPTO_CIPHER_OP_ENCRYPT;
-		session_attrs[i].cipher_algorithm =
-				RTE_CRYPTO_CIPHER_AES_GCM;
-		session_attrs[i].key_cipher_data =
+		session_attrs[i].aead =
+				RTE_CRYPTO_AEAD_OP_ENCRYPT;
+		session_attrs[i].aead_algorithm =
+				RTE_CRYPTO_AEAD_AES_GCM;
+		session_attrs[i].key_aead_data =
 				gcm_test->key.data;
-		session_attrs[i].key_cipher_len =
+		session_attrs[i].key_aead_len =
 				gcm_test->key.len;
-		session_attrs[i].auth_algorithm =
-				RTE_CRYPTO_AUTH_AES_GCM;
-		session_attrs[i].auth =
-			RTE_CRYPTO_AUTH_OP_GENERATE;
-		session_attrs[i].key_auth_data = NULL;
-		session_attrs[i].key_auth_len = 0;
 		session_attrs[i].aad_len = gcm_test->aad.len;
 		session_attrs[i].digest_len =
 				gcm_test->auth_tag.len;
@@ -4420,7 +4458,7 @@ test_perf_AES_GCM(int continual_buf_len, int continual_size)
 		ops_set[i].t_data = gcm_test->auth_tags[i].data;
 		ops_set[i].t_len = gcm_test->auth_tags[i].len;
 
-		params_set[i].chain = CIPHER_HASH;
+		params_set[i].chain = AEAD;
 		params_set[i].session_attrs = &session_attrs[i];
 		params_set[i].symmetric_op = &ops_set[i];
 		if (continual_buf_len)
@@ -4522,7 +4560,7 @@ test_perf_continual_performance_test(void)
 		.chain = CIPHER_HASH,
 
 		.cipher_algo  = RTE_CRYPTO_CIPHER_AES_CBC,
-		.cipher_key_length = 16,
+		.key_length = 16,
 		.auth_algo = RTE_CRYPTO_AUTH_SHA1_HMAC
 	};
 
@@ -4532,7 +4570,7 @@ test_perf_continual_performance_test(void)
 			chain_mode_name(params_set.chain),
 			rte_crypto_cipher_algorithm_strings[params_set.cipher_algo],
 			rte_crypto_auth_algorithm_strings[params_set.auth_algo],
-			params_set.cipher_key_length,
+			params_set.key_length,
 			burst_size);
 		printf("\nBuffer Size(B)\tOPS(M)\tThroughput(Gbps)\t"
 				"Retries\tEmptyPolls\n");
-- 
2.9.4

^ permalink raw reply	[flat|nested] 100+ messages in thread

* [dpdk-dev] [PATCH v4 26/26] cryptodev: remove AAD from authentication structure
  2017-07-02  5:41     ` [dpdk-dev] [PATCH v4 " Pablo de Lara
                         ` (24 preceding siblings ...)
  2017-07-02  5:41       ` [dpdk-dev] [PATCH v4 25/26] cryptodev: use AES-GCM/CCM as AEAD algorithms Pablo de Lara
@ 2017-07-02  5:41       ` Pablo de Lara
  2017-07-03 15:44       ` [dpdk-dev] [PATCH v4 00/26] Crypto operation restructuring Declan Doherty
  26 siblings, 0 replies; 100+ messages in thread
From: Pablo de Lara @ 2017-07-02  5:41 UTC (permalink / raw)
  To: declan.doherty, zbigniew.bodek, jerin.jacob, akhil.goyal,
	hemant.agrawal, fiona.trahe, john.griffin, deepak.k.jain
  Cc: dev, Pablo de Lara

Now that AAD is only used in AEAD algorithms,
there is no need to keep AAD in the authentication
structure.

Signed-off-by: Pablo de Lara <pablo.de.lara.guarch@intel.com>
Acked-by: Akhil Goyal <akhil.goyal@nxp.com>
Acked-by: Fiona Trahe <fiona.trahe@intel.com>
---
 app/test-crypto-perf/cperf_ops.c         |  2 --
 doc/guides/prog_guide/cryptodev_lib.rst  |  6 ------
 doc/guides/rel_notes/release_17_08.rst   |  3 +++
 drivers/crypto/openssl/rte_openssl_pmd.c |  1 -
 lib/librte_cryptodev/rte_crypto_sym.h    | 26 --------------------------
 test/test/test_cryptodev.c               |  4 ----
 test/test/test_cryptodev_perf.c          |  1 -
 7 files changed, 3 insertions(+), 40 deletions(-)

diff --git a/app/test-crypto-perf/cperf_ops.c b/app/test-crypto-perf/cperf_ops.c
index 107abb0..d718278 100644
--- a/app/test-crypto-perf/cperf_ops.c
+++ b/app/test-crypto-perf/cperf_ops.c
@@ -422,7 +422,6 @@ cperf_create_session(uint8_t dev_id,
 					test_vector->auth_iv.length;
 		} else {
 			auth_xform.auth.digest_length = 0;
-			auth_xform.auth.add_auth_data_length = 0;
 			auth_xform.auth.key.length = 0;
 			auth_xform.auth.key.data = NULL;
 			auth_xform.auth.iv.length = 0;
@@ -475,7 +474,6 @@ cperf_create_session(uint8_t dev_id,
 					test_vector->auth_key.data;
 		} else {
 			auth_xform.auth.digest_length = 0;
-			auth_xform.auth.add_auth_data_length = 0;
 			auth_xform.auth.key.length = 0;
 			auth_xform.auth.key.data = NULL;
 			auth_xform.auth.iv.length = 0;
diff --git a/doc/guides/prog_guide/cryptodev_lib.rst b/doc/guides/prog_guide/cryptodev_lib.rst
index 5048839..f250c00 100644
--- a/doc/guides/prog_guide/cryptodev_lib.rst
+++ b/doc/guides/prog_guide/cryptodev_lib.rst
@@ -567,12 +567,6 @@ chain.
                         uint8_t *data;
                         phys_addr_t phys_addr;
                     } digest; /**< Digest parameters */
-
-                    struct {
-                        uint8_t *data;
-                        phys_addr_t phys_addr;
-                    } aad;
-                    /**< Additional authentication parameters */
                 } auth;
             };
         };
diff --git a/doc/guides/rel_notes/release_17_08.rst b/doc/guides/rel_notes/release_17_08.rst
index 2c6bef5..d29b203 100644
--- a/doc/guides/rel_notes/release_17_08.rst
+++ b/doc/guides/rel_notes/release_17_08.rst
@@ -176,6 +176,9 @@ API Changes
   * Changed field size of digest length in ``rte_crypto_auth_xform``,
     from uint32_t to uint16_t.
   * Added AEAD structure in ``rte_crypto_sym_op``.
+  * Removed AAD length from ``rte_crypto_auth_xform``.
+  * Removed AAD pointer and physical address from auth structure
+    in ``rte_crypto_sym_op``.
 
 
 ABI Changes
diff --git a/drivers/crypto/openssl/rte_openssl_pmd.c b/drivers/crypto/openssl/rte_openssl_pmd.c
index 7f5c6aa..73e7ff1 100644
--- a/drivers/crypto/openssl/rte_openssl_pmd.c
+++ b/drivers/crypto/openssl/rte_openssl_pmd.c
@@ -413,7 +413,6 @@ openssl_set_session_auth_parameters(struct openssl_session *sess,
 		return -EINVAL;
 	}
 
-	sess->auth.aad_length = xform->auth.add_auth_data_length;
 	sess->auth.digest_length = xform->auth.digest_length;
 
 	return 0;
diff --git a/lib/librte_cryptodev/rte_crypto_sym.h b/lib/librte_cryptodev/rte_crypto_sym.h
index dab042b..742dc34 100644
--- a/lib/librte_cryptodev/rte_crypto_sym.h
+++ b/lib/librte_cryptodev/rte_crypto_sym.h
@@ -326,13 +326,6 @@ struct rte_crypto_auth_xform {
 	 * the result shall be truncated.
 	 */
 
-	uint16_t add_auth_data_length;
-	/**< The length of the additional authenticated data (AAD) in bytes.
-	 * The maximum permitted value is 65535 (2^16 - 1) bytes, unless
-	 * otherwise specified below.
-	 *
-	 */
-
 	struct {
 		uint16_t offset;
 		/**< Starting point for Initialisation Vector or Counter,
@@ -670,25 +663,6 @@ struct rte_crypto_sym_op {
 					phys_addr_t phys_addr;
 					/**< Physical address of digest */
 				} digest; /**< Digest parameters */
-
-				struct {
-					uint8_t *data;
-					/**< Pointer to Additional Authenticated
-					 * Data (AAD) needed for authenticated cipher
-					 * mechanisms (CCM and GCM).
-					 *
-					 * The length of the data pointed to by this
-					 * field is set up for the session in the @ref
-					 * rte_crypto_auth_xform structure as part of
-					 * the @ref rte_cryptodev_sym_session_create
-					 * function call.
-					 * This length must not exceed 65535 (2^16-1)
-					 * bytes.
-					 *
-					 */
-					phys_addr_t phys_addr;	/**< physical address */
-				} aad;
-				/**< Additional authentication parameters */
 			} auth;
 		};
 	};
diff --git a/test/test/test_cryptodev.c b/test/test/test_cryptodev.c
index 21c6270..db0999e 100644
--- a/test/test/test_cryptodev.c
+++ b/test/test/test_cryptodev.c
@@ -5530,7 +5530,6 @@ static int MD5_HMAC_create_session(struct crypto_testsuite_params *ts_params,
 	ut_params->auth_xform.auth.algo = RTE_CRYPTO_AUTH_MD5_HMAC;
 
 	ut_params->auth_xform.auth.digest_length = MD5_DIGEST_LEN;
-	ut_params->auth_xform.auth.add_auth_data_length = 0;
 	ut_params->auth_xform.auth.key.length = test_case->key.len;
 	ut_params->auth_xform.auth.key.data = key;
 
@@ -6303,7 +6302,6 @@ static int create_gmac_session(uint8_t dev_id,
 	ut_params->auth_xform.auth.algo = RTE_CRYPTO_AUTH_AES_GMAC;
 	ut_params->auth_xform.auth.op = auth_op;
 	ut_params->auth_xform.auth.digest_length = tdata->gmac_tag.len;
-	ut_params->auth_xform.auth.add_auth_data_length = 0;
 	ut_params->auth_xform.auth.key.length = tdata->key.len;
 	ut_params->auth_xform.auth.key.data = auth_key;
 	ut_params->auth_xform.auth.iv.offset = IV_OFFSET;
@@ -6683,7 +6681,6 @@ create_auth_session(struct crypto_unittest_params *ut_params,
 	ut_params->auth_xform.auth.key.length = reference->auth_key.len;
 	ut_params->auth_xform.auth.key.data = auth_key;
 	ut_params->auth_xform.auth.digest_length = reference->digest.len;
-	ut_params->auth_xform.auth.add_auth_data_length = reference->aad.len;
 
 	/* Create Crypto session*/
 	ut_params->sess = rte_cryptodev_sym_session_create(dev_id,
@@ -6721,7 +6718,6 @@ create_auth_cipher_session(struct crypto_unittest_params *ut_params,
 		ut_params->auth_xform.auth.iv.length = reference->iv.len;
 	} else {
 		ut_params->auth_xform.next = &ut_params->cipher_xform;
-		ut_params->auth_xform.auth.add_auth_data_length = reference->aad.len;
 
 		/* Setup Cipher Parameters */
 		ut_params->cipher_xform.type = RTE_CRYPTO_SYM_XFORM_CIPHER;
diff --git a/test/test/test_cryptodev_perf.c b/test/test/test_cryptodev_perf.c
index 557aba9..d4ab1a4 100644
--- a/test/test/test_cryptodev_perf.c
+++ b/test/test/test_cryptodev_perf.c
@@ -2936,7 +2936,6 @@ test_perf_set_crypto_op_aes(struct rte_crypto_op *op, struct rte_mbuf *m,
 	if (chain == CIPHER_ONLY) {
 		op->sym->auth.digest.data = NULL;
 		op->sym->auth.digest.phys_addr = 0;
-		op->sym->auth.aad.data = NULL;
 		op->sym->auth.data.offset = 0;
 		op->sym->auth.data.length = 0;
 	} else {
-- 
2.9.4

^ permalink raw reply	[flat|nested] 100+ messages in thread

* Re: [dpdk-dev] [PATCH v4 00/26] Crypto operation restructuring
  2017-07-02  5:41     ` [dpdk-dev] [PATCH v4 " Pablo de Lara
                         ` (25 preceding siblings ...)
  2017-07-02  5:41       ` [dpdk-dev] [PATCH v4 26/26] cryptodev: remove AAD from authentication structure Pablo de Lara
@ 2017-07-03 15:44       ` Declan Doherty
  2017-07-03 16:27         ` De Lara Guarch, Pablo
  26 siblings, 1 reply; 100+ messages in thread
From: Declan Doherty @ 2017-07-03 15:44 UTC (permalink / raw)
  To: Pablo de Lara, zbigniew.bodek, jerin.jacob, akhil.goyal,
	hemant.agrawal, fiona.trahe, john.griffin, deepak.k.jain
  Cc: dev

On 02/07/17 06:41, Pablo de Lara wrote:
> This patchset attempts to correct and improve the current crypto operation
> (rte_crypto_op) and symmetric crypto operation (rte_crypto_sym_op) structures,
> shrinking their sizes to fit both structures into two 64-byte cache lines
> (with extra space for the IV and other user data) as one of the goals.
> 
> It also introduces new AEAD algorithm specific parameters, to simplify its setup
> with a single transform, instead of a concatenation of a cipher and an authentication transform.
> 
...
> 

Create patch set Pablo, very tidy and easy to follow considering the 
amount of code churn!

Series Acked-by: Declan Doherty <declan.doherty@intel.com>

^ permalink raw reply	[flat|nested] 100+ messages in thread

* Re: [dpdk-dev] [PATCH v4 00/26] Crypto operation restructuring
  2017-07-03 15:44       ` [dpdk-dev] [PATCH v4 00/26] Crypto operation restructuring Declan Doherty
@ 2017-07-03 16:27         ` De Lara Guarch, Pablo
  0 siblings, 0 replies; 100+ messages in thread
From: De Lara Guarch, Pablo @ 2017-07-03 16:27 UTC (permalink / raw)
  To: Doherty, Declan, zbigniew.bodek, jerin.jacob, akhil.goyal,
	hemant.agrawal, Trahe, Fiona, Griffin, John, Jain, Deepak K
  Cc: dev



> -----Original Message-----
> From: Doherty, Declan
> Sent: Monday, July 3, 2017 4:44 PM
> To: De Lara Guarch, Pablo <pablo.de.lara.guarch@intel.com>;
> zbigniew.bodek@caviumnetworks.com; jerin.jacob@caviumnetworks.com;
> akhil.goyal@nxp.com; hemant.agrawal@nxp.com; Trahe, Fiona
> <fiona.trahe@intel.com>; Griffin, John <john.griffin@intel.com>; Jain,
> Deepak K <deepak.k.jain@intel.com>
> Cc: dev@dpdk.org
> Subject: Re: [PATCH v4 00/26] Crypto operation restructuring
> 
> On 02/07/17 06:41, Pablo de Lara wrote:
> > This patchset attempts to correct and improve the current crypto
> > operation
> > (rte_crypto_op) and symmetric crypto operation (rte_crypto_sym_op)
> > structures, shrinking their sizes to fit both structures into two
> > 64-byte cache lines (with extra space for the IV and other user data) as
> one of the goals.
> >
> > It also introduces new AEAD algorithm specific parameters, to simplify
> > its setup with a single transform, instead of a concatenation of a cipher
> and an authentication transform.
> >
> ...
> >
> 
> Create patch set Pablo, very tidy and easy to follow considering the amount
> of code churn!
> 
> Series Acked-by: Declan Doherty <declan.doherty@intel.com>
Thanks!

Applied to dpdk-next-crypto.

Pablo

^ permalink raw reply	[flat|nested] 100+ messages in thread

end of thread, other threads:[~2017-07-03 16:27 UTC | newest]

Thread overview: 100+ messages (download: mbox.gz / follow: Atom feed)
-- links below jump to the message on this page --
2017-05-28 21:05 [dpdk-dev] [PATCH 00/13] Crypto operation restructuring Pablo de Lara
2017-05-28 21:05 ` [dpdk-dev] [PATCH 01/13] cryptodev: move session type to generic crypto op Pablo de Lara
2017-05-28 21:05 ` [dpdk-dev] [PATCH 02/13] cryptodev: replace enums with 1-byte variables Pablo de Lara
2017-05-28 21:05 ` [dpdk-dev] [PATCH 03/13] cryptodev: remove opaque data pointer in crypto op Pablo de Lara
2017-05-28 21:05 ` [dpdk-dev] [PATCH 04/13] cryptodev: do not store pointer to op specific params Pablo de Lara
2017-05-28 21:05 ` [dpdk-dev] [PATCH 05/13] cryptodev: add crypto op helper macros Pablo de Lara
2017-05-28 21:05 ` [dpdk-dev] [PATCH 06/13] cryptodev: remove additional auth data from xform Pablo de Lara
2017-05-28 21:05 ` [dpdk-dev] [PATCH 07/13] cryptodev: remove digest length from crypto op Pablo de Lara
2017-05-28 21:05 ` [dpdk-dev] [PATCH 08/13] app/crypto-perf: move IV to crypto op private data Pablo de Lara
2017-05-28 21:05 ` [dpdk-dev] [PATCH 09/13] cryptodev: pass IV as offset Pablo de Lara
2017-05-28 21:05 ` [dpdk-dev] [PATCH 10/13] cryptodev: move IV parameters to crypto session Pablo de Lara
2017-05-28 21:05 ` [dpdk-dev] [PATCH 11/13] drivers/crypto: do not use AAD in wireless algorithms Pablo de Lara
2017-05-28 21:05 ` [dpdk-dev] [PATCH 12/13] cryptodev: aad AEAD specific data Pablo de Lara
2017-05-28 21:05 ` [dpdk-dev] [PATCH 13/13] cryptodev: add AEAD parameters in crypto operation Pablo de Lara
2017-06-26 10:22 ` [dpdk-dev] [PATCH v2 00/27] Crypto operation restructuring Pablo de Lara
2017-06-26 10:22   ` [dpdk-dev] [PATCH v2 01/27] cryptodev: move session type to generic crypto op Pablo de Lara
2017-06-26 10:22   ` [dpdk-dev] [PATCH v2 02/27] cryptodev: replace enums with 1-byte variables Pablo de Lara
2017-06-26 10:22   ` [dpdk-dev] [PATCH v2 03/27] cryptodev: remove opaque data pointer in crypto op Pablo de Lara
2017-06-26 10:22   ` [dpdk-dev] [PATCH v2 04/27] cryptodev: do not store pointer to op specific params Pablo de Lara
2017-06-26 10:22   ` [dpdk-dev] [PATCH v2 05/27] cryptodev: remove useless alignment Pablo de Lara
2017-06-26 10:22   ` [dpdk-dev] [PATCH v2 06/27] cryptodev: add crypto op helper macros Pablo de Lara
2017-06-26 10:22   ` [dpdk-dev] [PATCH v2 07/27] crypto/qat: fix KASUMI authentication Pablo de Lara
2017-06-26 10:22   ` [dpdk-dev] [PATCH v2 08/27] test/crypto: move IV to crypto op private data Pablo de Lara
2017-06-26 10:22   ` [dpdk-dev] [PATCH v2 09/27] test/crypto-perf: " Pablo de Lara
2017-06-26 10:22   ` [dpdk-dev] [PATCH v2 10/27] app/crypto-perf: " Pablo de Lara
2017-06-26 10:22   ` [dpdk-dev] [PATCH v2 11/27] examples/l2fwd-crypto: " Pablo de Lara
2017-06-26 10:22   ` [dpdk-dev] [PATCH v2 12/27] examples/ipsec-secgw: " Pablo de Lara
2017-06-26 10:22   ` [dpdk-dev] [PATCH v2 13/27] cryptodev: pass IV as offset Pablo de Lara
2017-06-26 10:22   ` [dpdk-dev] [PATCH v2 14/27] cryptodev: move IV parameters to crypto session Pablo de Lara
2017-06-26 10:22   ` [dpdk-dev] [PATCH v2 15/27] cryptodev: add auth IV Pablo de Lara
2017-06-26 10:22   ` [dpdk-dev] [PATCH v2 16/27] cryptodev: do not use AAD in wireless algorithms Pablo de Lara
2017-06-26 10:22   ` [dpdk-dev] [PATCH v2 17/27] cryptodev: remove AAD length from crypto op Pablo de Lara
2017-06-26 10:22   ` [dpdk-dev] [PATCH v2 18/27] cryptodev: remove digest " Pablo de Lara
2017-06-26 10:22   ` [dpdk-dev] [PATCH v2 19/27] cryptodev: set AES-GMAC as auth-only algo Pablo de Lara
2017-06-26 10:22   ` [dpdk-dev] [PATCH v2 20/27] cryptodev: add AEAD specific data Pablo de Lara
2017-06-26 10:22   ` [dpdk-dev] [PATCH v2 21/27] cryptodev: add AEAD parameters in crypto operation Pablo de Lara
2017-06-26 10:22   ` [dpdk-dev] [PATCH v2 22/27] examples/l2fwd-crypto: avoid too many tabs Pablo de Lara
2017-06-26 10:22   ` [dpdk-dev] [PATCH v2 23/27] app/test-crypto-perf: add AEAD parameters Pablo de Lara
2017-06-26 10:22   ` [dpdk-dev] [PATCH v2 24/27] examples/ipsec-secgw: " Pablo de Lara
2017-06-26 10:22   ` [dpdk-dev] [PATCH v2 25/27] examples/l2fwd-crypto: " Pablo de Lara
2017-06-26 10:22   ` [dpdk-dev] [PATCH v2 26/27] cryptodev: use AES-GCM/CCM as AEAD algorithms Pablo de Lara
2017-06-26 10:23   ` [dpdk-dev] [PATCH v2 27/27] cryptodev: remove AAD from authentication structure Pablo de Lara
2017-06-29 11:34   ` [dpdk-dev] [PATCH v3 00/26] Crypto operation restructuring Pablo de Lara
2017-06-29 11:34     ` [dpdk-dev] [PATCH v3 01/26] cryptodev: move session type to generic crypto op Pablo de Lara
2017-06-29 11:34     ` [dpdk-dev] [PATCH v3 02/26] cryptodev: replace enums with 1-byte variables Pablo de Lara
2017-06-29 11:34     ` [dpdk-dev] [PATCH v3 03/26] cryptodev: remove opaque data pointer in crypto op Pablo de Lara
2017-06-29 11:34     ` [dpdk-dev] [PATCH v3 04/26] cryptodev: do not store pointer to op specific params Pablo de Lara
2017-06-29 11:35     ` [dpdk-dev] [PATCH v3 05/26] cryptodev: remove useless alignment Pablo de Lara
2017-06-29 11:35     ` [dpdk-dev] [PATCH v3 06/26] cryptodev: add crypto op helper macros Pablo de Lara
2017-06-29 11:35     ` [dpdk-dev] [PATCH v3 07/26] test/crypto: move IV to crypto op private data Pablo de Lara
2017-06-29 11:35     ` [dpdk-dev] [PATCH v3 08/26] test/crypto-perf: " Pablo de Lara
2017-06-29 11:35     ` [dpdk-dev] [PATCH v3 09/26] app/crypto-perf: " Pablo de Lara
2017-06-29 11:35     ` [dpdk-dev] [PATCH v3 10/26] examples/l2fwd-crypto: " Pablo de Lara
2017-06-29 11:35     ` [dpdk-dev] [PATCH v3 11/26] examples/ipsec-secgw: " Pablo de Lara
2017-06-29 11:35     ` [dpdk-dev] [PATCH v3 12/26] cryptodev: pass IV as offset Pablo de Lara
2017-06-29 11:35     ` [dpdk-dev] [PATCH v3 13/26] cryptodev: move IV parameters to crypto session Pablo de Lara
2017-06-29 11:35     ` [dpdk-dev] [PATCH v3 14/26] cryptodev: add auth IV Pablo de Lara
2017-06-29 11:35     ` [dpdk-dev] [PATCH v3 15/26] cryptodev: do not use AAD in wireless algorithms Pablo de Lara
2017-06-29 11:35     ` [dpdk-dev] [PATCH v3 16/26] cryptodev: remove AAD length from crypto op Pablo de Lara
2017-06-29 11:35     ` [dpdk-dev] [PATCH v3 17/26] cryptodev: remove digest " Pablo de Lara
2017-06-29 11:35     ` [dpdk-dev] [PATCH v3 18/26] cryptodev: set AES-GMAC as auth-only algo Pablo de Lara
2017-06-29 11:35     ` [dpdk-dev] [PATCH v3 19/26] cryptodev: add AEAD specific data Pablo de Lara
2017-06-29 11:35     ` [dpdk-dev] [PATCH v3 20/26] cryptodev: add AEAD parameters in crypto operation Pablo de Lara
2017-06-29 11:35     ` [dpdk-dev] [PATCH v3 21/26] examples/l2fwd-crypto: avoid too many tabs Pablo de Lara
2017-06-29 11:35     ` [dpdk-dev] [PATCH v3 22/26] app/test-crypto-perf: add AEAD parameters Pablo de Lara
2017-06-29 11:35     ` [dpdk-dev] [PATCH v3 23/26] examples/ipsec-secgw: " Pablo de Lara
2017-06-29 11:35     ` [dpdk-dev] [PATCH v3 24/26] examples/l2fwd-crypto: " Pablo de Lara
2017-06-29 11:35     ` [dpdk-dev] [PATCH v3 25/26] cryptodev: use AES-GCM/CCM as AEAD algorithms Pablo de Lara
2017-06-29 11:35     ` [dpdk-dev] [PATCH v3 26/26] cryptodev: remove AAD from authentication structure Pablo de Lara
2017-06-30 13:23     ` [dpdk-dev] [PATCH v3 00/26] Crypto operation restructuring Trahe, Fiona
2017-07-02  5:41     ` [dpdk-dev] [PATCH v4 " Pablo de Lara
2017-07-02  5:41       ` [dpdk-dev] [PATCH v4 01/26] cryptodev: move session type to generic crypto op Pablo de Lara
2017-07-02  5:41       ` [dpdk-dev] [PATCH v4 02/26] cryptodev: replace enums with 1-byte variables Pablo de Lara
2017-07-02  5:41       ` [dpdk-dev] [PATCH v4 03/26] cryptodev: remove opaque data pointer in crypto op Pablo de Lara
2017-07-02  5:41       ` [dpdk-dev] [PATCH v4 04/26] cryptodev: do not store pointer to op specific params Pablo de Lara
2017-07-02  5:41       ` [dpdk-dev] [PATCH v4 05/26] cryptodev: remove useless alignment Pablo de Lara
2017-07-02  5:41       ` [dpdk-dev] [PATCH v4 06/26] cryptodev: add crypto op helper macros Pablo de Lara
2017-07-02  5:41       ` [dpdk-dev] [PATCH v4 07/26] test/crypto: move IV to crypto op private data Pablo de Lara
2017-07-02  5:41       ` [dpdk-dev] [PATCH v4 08/26] test/crypto-perf: " Pablo de Lara
2017-07-02  5:41       ` [dpdk-dev] [PATCH v4 09/26] app/crypto-perf: " Pablo de Lara
2017-07-02  5:41       ` [dpdk-dev] [PATCH v4 10/26] examples/l2fwd-crypto: " Pablo de Lara
2017-07-02  5:41       ` [dpdk-dev] [PATCH v4 11/26] examples/ipsec-secgw: " Pablo de Lara
2017-07-02  5:41       ` [dpdk-dev] [PATCH v4 12/26] cryptodev: pass IV as offset Pablo de Lara
2017-07-02  5:41       ` [dpdk-dev] [PATCH v4 13/26] cryptodev: move IV parameters to crypto session Pablo de Lara
2017-07-02  5:41       ` [dpdk-dev] [PATCH v4 14/26] cryptodev: add auth IV Pablo de Lara
2017-07-02  5:41       ` [dpdk-dev] [PATCH v4 15/26] cryptodev: do not use AAD in wireless algorithms Pablo de Lara
2017-07-02  5:41       ` [dpdk-dev] [PATCH v4 16/26] cryptodev: remove AAD length from crypto op Pablo de Lara
2017-07-02  5:41       ` [dpdk-dev] [PATCH v4 17/26] cryptodev: remove digest " Pablo de Lara
2017-07-02  5:41       ` [dpdk-dev] [PATCH v4 18/26] cryptodev: set AES-GMAC as auth-only algo Pablo de Lara
2017-07-02  5:41       ` [dpdk-dev] [PATCH v4 19/26] cryptodev: add AEAD specific data Pablo de Lara
2017-07-02  5:41       ` [dpdk-dev] [PATCH v4 20/26] cryptodev: add AEAD parameters in crypto operation Pablo de Lara
2017-07-02  5:41       ` [dpdk-dev] [PATCH v4 21/26] examples/l2fwd-crypto: avoid too many tabs Pablo de Lara
2017-07-02  5:41       ` [dpdk-dev] [PATCH v4 22/26] app/test-crypto-perf: add AEAD parameters Pablo de Lara
2017-07-02  5:41       ` [dpdk-dev] [PATCH v4 23/26] examples/ipsec-secgw: " Pablo de Lara
2017-07-02  5:41       ` [dpdk-dev] [PATCH v4 24/26] examples/l2fwd-crypto: " Pablo de Lara
2017-07-02  5:41       ` [dpdk-dev] [PATCH v4 25/26] cryptodev: use AES-GCM/CCM as AEAD algorithms Pablo de Lara
2017-07-02  5:41       ` [dpdk-dev] [PATCH v4 26/26] cryptodev: remove AAD from authentication structure Pablo de Lara
2017-07-03 15:44       ` [dpdk-dev] [PATCH v4 00/26] Crypto operation restructuring Declan Doherty
2017-07-03 16:27         ` De Lara Guarch, Pablo
2017-06-29 16:39   ` [dpdk-dev] [PATCH v2 00/27] " Akhil Goyal

This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).