[dpdk-dev] [RFC PATCH 3/5] crypto/kasumi: use IPSec MB library v0.53

[Pablo de Lara <pablo.de.lara.guarch@intel.com>]

Link against Intel IPSec Multi-buffer library, which
added support for KASUMI-F8 and KASUMI-F9 from version v0.53,
moving from libSSO KASUMI library.

Signed-off-by: Pablo de Lara <pablo.de.lara.guarch@intel.com>
---
 devtools/test-build.sh                        |  4 +-
 doc/guides/cryptodevs/kasumi.rst              | 62 ++++++++-------
 drivers/crypto/kasumi/Makefile                | 26 +++---
 drivers/crypto/kasumi/meson.build             | 11 ++-
 drivers/crypto/kasumi/rte_kasumi_pmd.c        | 79 +++++++++++--------
 drivers/crypto/kasumi/rte_kasumi_pmd_ops.c    |  8 +-
 .../crypto/kasumi/rte_kasumi_pmd_private.h    | 12 ++-
 mk/rte.app.mk                                 |  2 +-
 8 files changed, 120 insertions(+), 84 deletions(-)

diff --git a/devtools/test-build.sh b/devtools/test-build.sh
index 0c62c3950..73b4bdd1a 100755
--- a/devtools/test-build.sh
+++ b/devtools/test-build.sh
@@ -23,7 +23,6 @@ default_path=$PATH
 # - DPDK_NOTIFY (notify-send)
 # - FLEXRAN_SDK
 # - LIBMUSDK_PATH
-# - LIBSSO_KASUMI_PATH
 . $(dirname $(readlink -e $0))/load-devel-config
 
 print_usage () {
@@ -107,7 +106,6 @@ reset_env ()
 	unset ARMV8_CRYPTO_LIB_PATH
 	unset FLEXRAN_SDK
 	unset LIBMUSDK_PATH
-	unset LIBSSO_KASUMI_PATH
 	unset PQOS_INSTALL_PATH
 }
 
@@ -165,7 +163,7 @@ config () # <directory> <target> <options>
 		sed -ri            's,(PMD_ZUC=)n,\1y,' $1/.config
 		test "$DPDK_DEP_IPSEC_MB" != y || \
 		sed -ri         's,(PMD_SNOW3G=)n,\1y,' $1/.config
-		test -z "$LIBSSO_KASUMI_PATH" || \
+		test "$DPDK_DEP_IPSEC_MB" != y || \
 		sed -ri         's,(PMD_KASUMI=)n,\1y,' $1/.config
 		test "$DPDK_DEP_SSL" != y || \
 		sed -ri            's,(PMD_CCP=)n,\1y,' $1/.config
diff --git a/doc/guides/cryptodevs/kasumi.rst b/doc/guides/cryptodevs/kasumi.rst
index 2265eee4e..6c86fe264 100644
--- a/doc/guides/cryptodevs/kasumi.rst
+++ b/doc/guides/cryptodevs/kasumi.rst
@@ -1,12 +1,12 @@
 ..  SPDX-License-Identifier: BSD-3-Clause
-    Copyright(c) 2016 Intel Corporation.
+    Copyright(c) 2016-2019 Intel Corporation.
 
 KASUMI Crypto Poll Mode Driver
 ===============================
 
-The KASUMI PMD (**librte_pmd_kasumi**) provides poll mode crypto driver
-support for utilizing Intel Libsso library, which implements F8 and F9 functions
-for KASUMI UEA1 cipher and UIA1 hash algorithms.
+The KASUMI PMD (**librte_pmd_kasumi**) provides poll mode crypto driver support for
+utilizing `Intel IPSec Multi-buffer library <https://github.com/01org/intel-ipsec-mb>`_
+which implements F8 and F9 functions for KASUMI UEA1 cipher and UIA1 hash algorithms.
 
 Features
 --------
@@ -33,33 +33,33 @@ Limitations
 Installation
 ------------
 
-To build DPDK with the KASUMI_PMD the user is required to download
-the export controlled ``libsso_kasumi`` library, by registering in
-`Intel Resource & Design Center <https://www.intel.com/content/www/us/en/design/resource-design-center.html>`_.
-Once approval has been granted, the user needs to search for
-*Kasumi F8 F9 3GPP cryptographic algorithms Software Library* to download the
-library or directly through this `link <https://cdrdv2.intel.com/v1/dl/getContent/575866>`_.
+To build DPDK with the KASUMI_PMD the user is required to download the multi-buffer
+library from `here <https://github.com/01org/intel-ipsec-mb>`_
+and compile it on their user system before building DPDK.
+The latest version of the library supported by this PMD is v0.53, which
+can be downloaded from `<https://github.com/01org/intel-ipsec-mb/archive/v0.53.zip>`_.
+
 After downloading the library, the user needs to unpack and compile it
-on their system before building DPDK::
+on their system before building DPDK:
+
+.. code-block:: console
 
-   make
+    make
+    make install
 
-**Note**: When encrypting with KASUMI F8, by default the library
-encrypts full blocks of 8 bytes, regardless the number of bytes to
-be encrypted provided (which leads to a possible buffer overflow).
-To avoid this situation, it is necessary not to pass
-3GPP_SAFE_BUFFERS as a compilation flag.
-Also, this is required when using chained operations
-(cipher-then-auth/auth-then-cipher).
-For this, in the Makefile of the library, make sure that this flag
-is commented out::
+As a reference, the following table shows a mapping between the past DPDK versions
+and the external crypto libraries supported by them:
 
-  #EXTRA_CFLAGS  += -D_3GPP_SAFE_BUFFERS
+.. _table_kasumi_versions:
 
-**Note**: To build the PMD as a shared library, the libsso_kasumi
-library must be built as follows::
+.. table:: DPDK and external crypto library version compatibility
 
-  make KASUMI_CFLAGS=-DKASUMI_C
+   =============  ================================
+   DPDK version   Crypto library version
+   =============  ================================
+   16.11 - 19.11  LibSSO KASUMI
+   20.02+         Multi-buffer library 0.53
+   =============  ================================
 
 
 Initialization
@@ -67,12 +67,16 @@ Initialization
 
 In order to enable this virtual crypto PMD, user must:
 
-* Export the environmental variable LIBSSO_KASUMI_PATH with the path where
-  the library was extracted (kasumi folder).
+* Build the multi buffer library (explained in Installation section).
+
+* Build DPDK as follows:
+
+.. code-block:: console
 
-* Build the LIBSSO library (explained in Installation section).
+	make config T=x86_64-native-linux-gcc
+	sed -i 's,\(CONFIG_RTE_LIBRTE_PMD_KASUMI\)=n,\1=y,' build/.config
+	make
 
-* Set CONFIG_RTE_LIBRTE_PMD_KASUMI=y in config/common_base.
 
 To use the PMD in an application, user must:
 
diff --git a/drivers/crypto/kasumi/Makefile b/drivers/crypto/kasumi/Makefile
index cafe94986..51f31d0aa 100644
--- a/drivers/crypto/kasumi/Makefile
+++ b/drivers/crypto/kasumi/Makefile
@@ -3,12 +3,6 @@
 
 include $(RTE_SDK)/mk/rte.vars.mk
 
-ifneq ($(MAKECMDGOALS),clean)
-ifeq ($(LIBSSO_KASUMI_PATH),)
-$(error "Please define LIBSSO_KASUMI_PATH environment variable")
-endif
-endif
-
 # library name
 LIB = librte_pmd_kasumi.a
 
@@ -23,14 +17,26 @@ LIBABIVER := 1
 EXPORT_MAP := rte_pmd_kasumi_version.map
 
 # external library dependencies
-CFLAGS += -I$(LIBSSO_KASUMI_PATH)
-CFLAGS += -I$(LIBSSO_KASUMI_PATH)/include
-CFLAGS += -I$(LIBSSO_KASUMI_PATH)/build
-LDLIBS += -L$(LIBSSO_KASUMI_PATH)/build -lsso_kasumi
+LDLIBS += -lIPSec_MB
 LDLIBS += -lrte_eal -lrte_mbuf -lrte_mempool -lrte_ring
 LDLIBS += -lrte_cryptodev
 LDLIBS += -lrte_bus_vdev
 
+IMB_HDR = $(shell echo '\#include <intel-ipsec-mb.h>' | \
+	$(CC) -E $(EXTRA_CFLAGS) - | grep 'intel-ipsec-mb.h' | \
+	head -n1 | cut -d'"' -f2)
+
+# Detect library version
+IMB_VERSION = $(shell grep -e "IMB_VERSION_STR" $(IMB_HDR) | cut -d'"' -f2)
+IMB_VERSION_NUM = $(shell grep -e "IMB_VERSION_NUM" $(IMB_HDR) | cut -d' ' -f3)
+
+ifeq ($(IMB_VERSION),)
+$(error "IPSec_MB version >= 0.53 is required")
+endif
+
+ifeq ($(shell expr $(IMB_VERSION_NUM) \< 0x3400), 1)
+$(error "IPSec_MB version >= 0.53 is required")
+endif
 # library source files
 SRCS-$(CONFIG_RTE_LIBRTE_PMD_KASUMI) += rte_kasumi_pmd.c
 SRCS-$(CONFIG_RTE_LIBRTE_PMD_KASUMI) += rte_kasumi_pmd_ops.c
diff --git a/drivers/crypto/kasumi/meson.build b/drivers/crypto/kasumi/meson.build
index a09b0e251..bda9a4052 100644
--- a/drivers/crypto/kasumi/meson.build
+++ b/drivers/crypto/kasumi/meson.build
@@ -1,11 +1,20 @@
 # SPDX-License-Identifier: BSD-3-Clause
 # Copyright(c) 2018 Intel Corporation
 
-lib = cc.find_library('libsso_kasumi', required: false)
+IMB_required_ver = '0.53.0'
+lib = cc.find_library('IPSec_MB', required: false)
 if not lib.found()
 	build = false
 else
 	ext_deps += lib
+	# version comes with quotes, so we split based on " and take the middle
+	imb_ver = cc.get_define('IMB_VERSION_STR',
+		prefix : '#include<intel-ipsec-mb.h>').split('"')[1]
+
+	if (imb_ver == '') or (imb_ver.version_compare('<' + IMB_required_ver))
+		build = false
+	endif
+
 endif
 
 sources = files('rte_kasumi_pmd.c', 'rte_kasumi_pmd_ops.c')
diff --git a/drivers/crypto/kasumi/rte_kasumi_pmd.c b/drivers/crypto/kasumi/rte_kasumi_pmd.c
index 239a1cf44..037abf710 100644
--- a/drivers/crypto/kasumi/rte_kasumi_pmd.c
+++ b/drivers/crypto/kasumi/rte_kasumi_pmd.c
@@ -54,7 +54,7 @@ kasumi_get_mode(const struct rte_crypto_sym_xform *xform)
 
 /** Parse crypto xform chain and set private session parameters. */
 int
-kasumi_set_session_parameters(struct kasumi_session *sess,
+kasumi_set_session_parameters(MB_MGR *mgr, struct kasumi_session *sess,
 		const struct rte_crypto_sym_xform *xform)
 {
 	const struct rte_crypto_sym_xform *auth_xform = NULL;
@@ -97,7 +97,7 @@ kasumi_set_session_parameters(struct kasumi_session *sess,
 		}
 
 		/* Initialize key */
-		sso_kasumi_init_f8_key_sched(cipher_xform->cipher.key.data,
+		IMB_KASUMI_INIT_F8_KEY_SCHED(mgr, cipher_xform->cipher.key.data,
 				&sess->pKeySched_cipher);
 	}
 
@@ -116,7 +116,7 @@ kasumi_set_session_parameters(struct kasumi_session *sess,
 		sess->auth_op = auth_xform->auth.op;
 
 		/* Initialize key */
-		sso_kasumi_init_f9_key_sched(auth_xform->auth.key.data,
+		IMB_KASUMI_INIT_F9_KEY_SCHED(mgr, auth_xform->auth.key.data,
 				&sess->pKeySched_hash);
 	}
 
@@ -150,7 +150,7 @@ kasumi_get_session(struct kasumi_qp *qp, struct rte_crypto_op *op)
 
 		sess = (struct kasumi_session *)_sess_private_data;
 
-		if (unlikely(kasumi_set_session_parameters(sess,
+		if (unlikely(kasumi_set_session_parameters(qp->mgr, sess,
 				op->sym->xform) != 0)) {
 			rte_mempool_put(qp->sess_mp, _sess);
 			rte_mempool_put(qp->sess_mp, _sess_private_data);
@@ -169,13 +169,13 @@ kasumi_get_session(struct kasumi_qp *qp, struct rte_crypto_op *op)
 
 /** Encrypt/decrypt mbufs with same cipher key. */
 static uint8_t
-process_kasumi_cipher_op(struct rte_crypto_op **ops,
-		struct kasumi_session *session,
-		uint8_t num_ops)
+process_kasumi_cipher_op(struct kasumi_qp *qp, struct rte_crypto_op **ops,
+		struct kasumi_session *session, uint8_t num_ops)
 {
 	unsigned i;
 	uint8_t processed_ops = 0;
-	uint8_t *src[num_ops], *dst[num_ops];
+	const void *src[num_ops];
+	void *dst[num_ops];
 	uint8_t *iv_ptr;
 	uint64_t iv[num_ops];
 	uint32_t num_bytes[num_ops];
@@ -197,7 +197,7 @@ process_kasumi_cipher_op(struct rte_crypto_op **ops,
 	}
 
 	if (processed_ops != 0)
-		sso_kasumi_f8_n_buffer(&session->pKeySched_cipher, iv,
+		IMB_KASUMI_F8_N_BUFFER(qp->mgr, &session->pKeySched_cipher, iv,
 			src, dst, num_bytes, processed_ops);
 
 	return processed_ops;
@@ -205,7 +205,7 @@ process_kasumi_cipher_op(struct rte_crypto_op **ops,
 
 /** Encrypt/decrypt mbuf (bit level function). */
 static uint8_t
-process_kasumi_cipher_op_bit(struct rte_crypto_op *op,
+process_kasumi_cipher_op_bit(struct kasumi_qp *qp, struct rte_crypto_op *op,
 		struct kasumi_session *session)
 {
 	uint8_t *src, *dst;
@@ -215,18 +215,16 @@ process_kasumi_cipher_op_bit(struct rte_crypto_op *op,
 
 	offset_in_bits = op->sym->cipher.data.offset;
 	src = rte_pktmbuf_mtod(op->sym->m_src, uint8_t *);
-	if (op->sym->m_dst == NULL) {
-		op->status = RTE_CRYPTO_OP_STATUS_INVALID_ARGS;
-		KASUMI_LOG(ERR, "bit-level in-place not supported");
-		return 0;
-	}
-	dst = rte_pktmbuf_mtod(op->sym->m_dst, uint8_t *);
+	if (op->sym->m_dst == NULL)
+		dst = src;
+	else
+		dst = rte_pktmbuf_mtod(op->sym->m_dst, uint8_t *);
 	iv_ptr = rte_crypto_op_ctod_offset(op, uint8_t *,
 			session->cipher_iv_offset);
 	iv = *((uint64_t *)(iv_ptr));
 	length_in_bits = op->sym->cipher.data.length;
 
-	sso_kasumi_f8_1_buffer_bit(&session->pKeySched_cipher, iv,
+	IMB_KASUMI_F8_1_BUFFER_BIT(qp->mgr, &session->pKeySched_cipher, iv,
 			src, dst, length_in_bits, offset_in_bits);
 
 	return 1;
@@ -261,7 +259,8 @@ process_kasumi_hash_op(struct kasumi_qp *qp, struct rte_crypto_op **ops,
 
 		if (session->auth_op == RTE_CRYPTO_AUTH_OP_VERIFY) {
 			dst = qp->temp_digest;
-			sso_kasumi_f9_1_buffer(&session->pKeySched_hash, src,
+			IMB_KASUMI_F9_1_BUFFER(qp->mgr,
+					&session->pKeySched_hash, src,
 					num_bytes, dst);
 
 			/* Verify digest. */
@@ -271,7 +270,8 @@ process_kasumi_hash_op(struct kasumi_qp *qp, struct rte_crypto_op **ops,
 		} else  {
 			dst = ops[i]->sym->auth.digest.data;
 
-			sso_kasumi_f9_1_buffer(&session->pKeySched_hash, src,
+			IMB_KASUMI_F9_1_BUFFER(qp->mgr,
+					&session->pKeySched_hash, src,
 					num_bytes, dst);
 		}
 		processed_ops++;
@@ -291,7 +291,7 @@ process_ops(struct rte_crypto_op **ops, struct kasumi_session *session,
 
 	switch (session->op) {
 	case KASUMI_OP_ONLY_CIPHER:
-		processed_ops = process_kasumi_cipher_op(ops,
+		processed_ops = process_kasumi_cipher_op(qp, ops,
 				session, num_ops);
 		break;
 	case KASUMI_OP_ONLY_AUTH:
@@ -299,14 +299,14 @@ process_ops(struct rte_crypto_op **ops, struct kasumi_session *session,
 				num_ops);
 		break;
 	case KASUMI_OP_CIPHER_AUTH:
-		processed_ops = process_kasumi_cipher_op(ops, session,
+		processed_ops = process_kasumi_cipher_op(qp, ops, session,
 				num_ops);
 		process_kasumi_hash_op(qp, ops, session, processed_ops);
 		break;
 	case KASUMI_OP_AUTH_CIPHER:
 		processed_ops = process_kasumi_hash_op(qp, ops, session,
 				num_ops);
-		process_kasumi_cipher_op(ops, session, processed_ops);
+		process_kasumi_cipher_op(qp, ops, session, processed_ops);
 		break;
 	default:
 		/* Operation not supported. */
@@ -348,21 +348,21 @@ process_op_bit(struct rte_crypto_op *op, struct kasumi_session *session,
 
 	switch (session->op) {
 	case KASUMI_OP_ONLY_CIPHER:
-		processed_op = process_kasumi_cipher_op_bit(op,
+		processed_op = process_kasumi_cipher_op_bit(qp, op,
 				session);
 		break;
 	case KASUMI_OP_ONLY_AUTH:
 		processed_op = process_kasumi_hash_op(qp, &op, session, 1);
 		break;
 	case KASUMI_OP_CIPHER_AUTH:
-		processed_op = process_kasumi_cipher_op_bit(op, session);
+		processed_op = process_kasumi_cipher_op_bit(qp, op, session);
 		if (processed_op == 1)
 			process_kasumi_hash_op(qp, &op, session, 1);
 		break;
 	case KASUMI_OP_AUTH_CIPHER:
 		processed_op = process_kasumi_hash_op(qp, &op, session, 1);
 		if (processed_op == 1)
-			process_kasumi_cipher_op_bit(op, session);
+			process_kasumi_cipher_op_bit(qp, op, session);
 		break;
 	default:
 		/* Operation not supported. */
@@ -531,7 +531,7 @@ cryptodev_kasumi_create(const char *name,
 {
 	struct rte_cryptodev *dev;
 	struct kasumi_private *internals;
-	uint64_t cpu_flags = 0;
+	MB_MGR *mgr;
 
 	dev = rte_cryptodev_pmd_create(name, &vdev->device, init_params);
 	if (dev == NULL) {
@@ -539,12 +539,6 @@ cryptodev_kasumi_create(const char *name,
 		goto init_error;
 	}
 
-	/* Check CPU for supported vector instruction set */
-	if (rte_cpu_get_flag_enabled(RTE_CPUFLAG_AVX))
-		cpu_flags |= RTE_CRYPTODEV_FF_CPU_AVX;
-	else
-		cpu_flags |= RTE_CRYPTODEV_FF_CPU_SSE;
-
 	dev->driver_id = cryptodev_driver_id;
 	dev->dev_ops = rte_kasumi_pmd_ops;
 
@@ -553,12 +547,24 @@ cryptodev_kasumi_create(const char *name,
 	dev->enqueue_burst = kasumi_pmd_enqueue_burst;
 
 	dev->feature_flags = RTE_CRYPTODEV_FF_SYMMETRIC_CRYPTO |
-			RTE_CRYPTODEV_FF_SYM_OPERATION_CHAINING |
-			cpu_flags;
+			RTE_CRYPTODEV_FF_SYM_OPERATION_CHAINING;
+
+	mgr = alloc_mb_mgr(0);
+	if (mgr == NULL)
+		return -ENOMEM;
+
+	if (rte_cpu_get_flag_enabled(RTE_CPUFLAG_AVX)) {
+		dev->feature_flags |= RTE_CRYPTODEV_FF_CPU_AVX;
+		init_mb_mgr_avx(mgr);
+	} else {
+		dev->feature_flags |= RTE_CRYPTODEV_FF_CPU_SSE;
+		init_mb_mgr_sse(mgr);
+	}
 
 	internals = dev->data->dev_private;
 
 	internals->max_nb_queue_pairs = init_params->max_nb_queue_pairs;
+	internals->mgr = mgr;
 
 	return 0;
 init_error:
@@ -596,6 +602,7 @@ cryptodev_kasumi_remove(struct rte_vdev_device *vdev)
 {
 	struct rte_cryptodev *cryptodev;
 	const char *name;
+	struct kasumi_private *internals;
 
 	name = rte_vdev_device_name(vdev);
 	if (name == NULL)
@@ -605,6 +612,10 @@ cryptodev_kasumi_remove(struct rte_vdev_device *vdev)
 	if (cryptodev == NULL)
 		return -ENODEV;
 
+	internals = cryptodev->data->dev_private;
+
+	free_mb_mgr(internals->mgr);
+
 	return rte_cryptodev_pmd_destroy(cryptodev);
 }
 
diff --git a/drivers/crypto/kasumi/rte_kasumi_pmd_ops.c b/drivers/crypto/kasumi/rte_kasumi_pmd_ops.c
index 9e4bf1b52..2f30115b9 100644
--- a/drivers/crypto/kasumi/rte_kasumi_pmd_ops.c
+++ b/drivers/crypto/kasumi/rte_kasumi_pmd_ops.c
@@ -195,6 +195,7 @@ kasumi_pmd_qp_setup(struct rte_cryptodev *dev, uint16_t qp_id,
 		int socket_id, struct rte_mempool *session_pool)
 {
 	struct kasumi_qp *qp = NULL;
+	struct kasumi_private *internals = dev->data->dev_private;
 
 	/* Free memory prior to re-allocation if needed. */
 	if (dev->data->queue_pairs[qp_id] != NULL)
@@ -217,6 +218,7 @@ kasumi_pmd_qp_setup(struct rte_cryptodev *dev, uint16_t qp_id,
 	if (qp->processed_ops == NULL)
 		goto qp_setup_cleanup;
 
+	qp->mgr = internals->mgr;
 	qp->sess_mp = session_pool;
 
 	memset(&qp->qp_stats, 0, sizeof(qp->qp_stats));
@@ -245,13 +247,14 @@ kasumi_pmd_sym_session_get_size(struct rte_cryptodev *dev __rte_unused)
 
 /** Configure a KASUMI session from a crypto xform chain */
 static int
-kasumi_pmd_sym_session_configure(struct rte_cryptodev *dev __rte_unused,
+kasumi_pmd_sym_session_configure(struct rte_cryptodev *dev,
 		struct rte_crypto_sym_xform *xform,
 		struct rte_cryptodev_sym_session *sess,
 		struct rte_mempool *mempool)
 {
 	void *sess_private_data;
 	int ret;
+	struct kasumi_private *internals = dev->data->dev_private;
 
 	if (unlikely(sess == NULL)) {
 		KASUMI_LOG(ERR, "invalid session struct");
@@ -264,7 +267,8 @@ kasumi_pmd_sym_session_configure(struct rte_cryptodev *dev __rte_unused,
 		return -ENOMEM;
 	}
 
-	ret = kasumi_set_session_parameters(sess_private_data, xform);
+	ret = kasumi_set_session_parameters(internals->mgr,
+					sess_private_data, xform);
 	if (ret != 0) {
 		KASUMI_LOG(ERR, "failed configure session parameters");
 
diff --git a/drivers/crypto/kasumi/rte_kasumi_pmd_private.h b/drivers/crypto/kasumi/rte_kasumi_pmd_private.h
index 488777ca8..3db52c03a 100644
--- a/drivers/crypto/kasumi/rte_kasumi_pmd_private.h
+++ b/drivers/crypto/kasumi/rte_kasumi_pmd_private.h
@@ -5,7 +5,7 @@
 #ifndef _RTE_KASUMI_PMD_PRIVATE_H_
 #define _RTE_KASUMI_PMD_PRIVATE_H_
 
-#include <sso_kasumi.h>
+#include <intel-ipsec-mb.h>
 
 #define CRYPTODEV_NAME_KASUMI_PMD	crypto_kasumi
 /**< KASUMI PMD device name */
@@ -24,6 +24,8 @@ int kasumi_logtype_driver;
 struct kasumi_private {
 	unsigned max_nb_queue_pairs;
 	/**< Max number of queue pairs supported by device */
+	MB_MGR *mgr;
+	/**< Multi-buffer instance */
 };
 
 /** KASUMI buffer queue pair */
@@ -43,6 +45,8 @@ struct kasumi_qp {
 	 * by the driver when verifying a digest provided
 	 * by the user (using authentication verify operation)
 	 */
+	MB_MGR *mgr;
+	/**< Multi-buffer instance */
 } __rte_cache_aligned;
 
 enum kasumi_operation {
@@ -56,8 +60,8 @@ enum kasumi_operation {
 /** KASUMI private session structure */
 struct kasumi_session {
 	/* Keys have to be 16-byte aligned */
-	sso_kasumi_key_sched_t pKeySched_cipher;
-	sso_kasumi_key_sched_t pKeySched_hash;
+	kasumi_key_sched_t pKeySched_cipher;
+	kasumi_key_sched_t pKeySched_hash;
 	enum kasumi_operation op;
 	enum rte_crypto_auth_operation auth_op;
 	uint16_t cipher_iv_offset;
@@ -65,7 +69,7 @@ struct kasumi_session {
 
 
 int
-kasumi_set_session_parameters(struct kasumi_session *sess,
+kasumi_set_session_parameters(MB_MGR *mgr, struct kasumi_session *sess,
 		const struct rte_crypto_sym_xform *xform);
 
 
diff --git a/mk/rte.app.mk b/mk/rte.app.mk
index b33603ef5..0ec48482c 100644
--- a/mk/rte.app.mk
+++ b/mk/rte.app.mk
@@ -231,7 +231,7 @@ endif # CONFIG_RTE_LIBRTE_PMD_QAT
 _LDLIBS-$(CONFIG_RTE_LIBRTE_PMD_SNOW3G)      += -lrte_pmd_snow3g
 _LDLIBS-$(CONFIG_RTE_LIBRTE_PMD_SNOW3G)      += -lIPSec_MB
 _LDLIBS-$(CONFIG_RTE_LIBRTE_PMD_KASUMI)      += -lrte_pmd_kasumi
-_LDLIBS-$(CONFIG_RTE_LIBRTE_PMD_KASUMI)      += -L$(LIBSSO_KASUMI_PATH)/build -lsso_kasumi
+_LDLIBS-$(CONFIG_RTE_LIBRTE_PMD_KASUMI)      += -lIPSec_MB
 _LDLIBS-$(CONFIG_RTE_LIBRTE_PMD_ZUC)         += -lrte_pmd_zuc
 _LDLIBS-$(CONFIG_RTE_LIBRTE_PMD_ZUC)         += -lIPSec_MB
 _LDLIBS-$(CONFIG_RTE_LIBRTE_PMD_ARMV8_CRYPTO)    += -lrte_pmd_armv8
-- 
2.24.1